0a32d60e91123722d22f58ce25f71e5e5da459a376dbdd2f12322b330f77238dfb169ec7cc13f12904d5036528c3f7e08456ccfca6d03e7b7b4add4cf27bf015e7c1032b0597a612a8a1ef710489b020f33d685cb97e0fd57019db8e6431d5744ead47b76ec0d0e3766fe9f8cd635acc4456b499b6c612d501870bbb4a6fcbe4cd6b2d3491f9a2172d2911163943fdacc6a5a2dbb1b346e6ba28e73eca992ba8a08f49a2c3bcaff26b5d2f3682b6303391cf65c8bbb9bf4a307d1d5077df75784aab17d91aa0dd698c2470f144"], 0x20) r1 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000040)='/dev/video2\x00', 0x2, 0x0) ioctl$VIDIOC_QBUF(r1, 0xc058560f, &(0x7f0000000100)={0x34, 0x1, 0x4, 0x110e000, {}, {0x4, 0x8, 0x9, 0x12, 0x93, 0xf3}, 0x4, 0x3, @planes=&(0x7f00000000c0)={0x1, 0x6, @userptr=0x80000000, 0x4}, 0x4}) [ 1330.274108][T11845] usb 2-1: Using ep0 maxpacket: 16 15:24:22 executing program 5: syz_open_dev$swradio(0x0, 0xffffffffffffffff, 0x2) set_mempolicy(0x4003, &(0x7f0000000080)=0x100, 0x3) r0 = socket$inet_udplite(0x2, 0x2, 0x88) syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x2, 0x292142) prctl$PR_SVE_GET_VL(0x33, 0xe359) r1 = socket$alg(0x26, 0x5, 0x0) r2 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1005, 0x0) ioctl$int_in(r2, 0x800000c004500a, &(0x7f0000000100)) ioctl$int_in(r2, 0x800060c0045005, &(0x7f0000000000)=0x40000) read$hiddev(r2, &(0x7f0000000240)=""/74, 0x27e) r3 = syz_open_dev$vcsn(&(0x7f0000000140)='/dev/vcs#\x00', 0x3, 0xc0) ioctl$KVM_HAS_DEVICE_ATTR(r3, 0x4018aee3, &(0x7f00000001c0)={0x0, 0xe, 0x4, &(0x7f0000000180)=0xa697}) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(r2, 0x80045301, &(0x7f0000000040)) shutdown(r1, 0x1) fsetxattr$security_evm(r0, &(0x7f0000000000)='security.evm\x00', &(0x7f0000000400)=ANY=[@ANYBLOB="040961244a2c2abba692c614a10200e3c824cf3db7ea373dd1e32088ebb3af00057167b30cc0b7028b905bc05b3af8ea223c8d18867e866ba759b7cb5601df00dfe4bc7e9f78d223e5cf0a4ca2f708a63e5e3db673c80e903f325ebc7e737b3db78f0a3ef7be07c96aafb2c9494e6114e845e74b0ae5ecfba6facfa5866c017ae79630e79aafc23cf97a955de95b29cfc452a8e7a9c0a27930a5b5a345a21700b0655b1907617fdffbc50c4a71cc32fcd38194b40ef2bfb713f749e4a5e1c49ad51bfbecde3d583244d6e5cae4da3d77a846d5ca2169056f071a4a49ab9b5bfa8d88a806bed021331723a9001e846fcfc755466ebb085f77cc004960134cc04fdcbd3108b09f2ea74cd0cf437e4875f13383bb7e0102c6c4b67d1cf905a659d96e6a4553c721432ffd91e0f661"], 0x7, 0x2) clone(0x42108000, 0x0, 0x0, 0x0, 0x0) [ 1330.322751][T11846] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 1330.412488][T11845] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1330.423812][T11845] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1330.437372][T11845] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1330.446737][T11845] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1330.459387][T11845] usb 2-1: config 0 descriptor?? [ 1330.483162][T27450] IPVS: ftp: loaded support on port[0] = 21 [ 1330.582133][T11846] usb 4-1: Using ep0 maxpacket: 8 [ 1330.623144][T27450] IPVS: ftp: loaded support on port[0] = 21 [ 1330.742739][T11846] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 1330.753229][T11846] usb 4-1: New USB device found, idVendor=08ca, idProduct=0109, bcdDevice= 6.5d [ 1330.762910][T11846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1330.773459][T11846] usb 4-1: config 0 descriptor?? [ 1330.816741][T11846] zr364xx 4-1:0.0: Zoran 364xx compatible webcam plugged [ 1330.824494][T11846] zr364xx 4-1:0.0: model 08ca:0109 detected [ 1330.830611][T11846] usb 4-1: 320x240 mode selected [ 1330.841168][T11846] zr364xx: start read pipe failed [ 1331.065675][T11846] usb 4-1: Zoran 364xx controlling device video40 [ 1331.075581][T11846] usb 4-1: USB disconnect, device number 20 [ 1331.082843][T11846] zr364xx 4-1:0.0: Zoran 364xx webcam unplugged [ 1331.182535][T11845] usbhid 2-1:0.0: can't add hid device: -71 [ 1331.188750][T11845] usbhid: probe of 2-1:0.0 failed with error -71 [ 1331.215467][T11845] usb 2-1: USB disconnect, device number 74 [ 1331.792106][T12113] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 1331.862734][T19765] Bluetooth: hci0: command 0x1003 tx timeout [ 1331.869046][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1332.032074][T12113] usb 4-1: Using ep0 maxpacket: 8 [ 1332.152331][T12113] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 1332.162353][T12113] usb 4-1: New USB device found, idVendor=08ca, idProduct=0109, bcdDevice= 6.5d [ 1332.171447][T12113] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1332.181143][T12113] usb 4-1: config 0 descriptor?? [ 1332.226328][T12113] zr364xx 4-1:0.0: Zoran 364xx compatible webcam plugged [ 1332.233811][T12113] zr364xx 4-1:0.0: model 08ca:0109 detected [ 1332.239906][T12113] usb 4-1: 320x240 mode selected [ 1332.248398][T12113] zr364xx: start read pipe failed [ 1332.454310][T12113] usb 4-1: Zoran 364xx controlling device video40 [ 1332.465814][T12113] usb 4-1: USB disconnect, device number 21 [ 1332.473087][T12113] zr364xx 4-1:0.0: Zoran 364xx webcam unplugged [ 1333.222273][ C0] net_ratelimit: 20 callbacks suppressed [ 1333.228023][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1333.234198][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1333.240577][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1333.246669][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1333.252961][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1333.259055][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1333.782252][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1333.788239][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1333.942003][T11845] Bluetooth: hci0: command 0x1001 tx timeout [ 1333.942289][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1333.954262][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1333.960310][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1336.022839][T12113] Bluetooth: hci0: command 0x1009 tx timeout [ 1339.462323][ C0] net_ratelimit: 20 callbacks suppressed [ 1339.468131][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1339.474477][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1339.480710][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1339.486710][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1339.492791][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1339.498751][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:24:32 executing program 4: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:24:32 executing program 5: r0 = creat(&(0x7f0000000100)='./file0\x00', 0x0) mkdir(&(0x7f0000000080)='./file1\x00', 0x0) write$binfmt_elf64(r0, &(0x7f0000000080)=ANY=[], 0xffdbc494) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000040)=@int=0x8001, 0x4) link(&(0x7f0000000240)='./file0\x00', &(0x7f00000000c0)='./file1/file0\x00') clone(0x8000000000300, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) rename(&(0x7f0000000000)='./file1/file0\x00', &(0x7f0000000180)='./file2\x00') 15:24:32 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_SET_TSC_KHZ(r8, 0xaea2, 0x8) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) r9 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) getsockname$unix(r9, &(0x7f0000000100), &(0x7f0000000080)=0x6e) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:24:32 executing program 0: stat(&(0x7f0000000000)='./file0\x00', &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getegid() lstat(&(0x7f0000000040)='./file0\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) fstat(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) readlinkat(0xffffffffffffff9c, &(0x7f00000004c0)='./file0\x00', 0x0, 0x0) keyctl$chown(0x4, 0x0, 0x0, r1) getgroups(0x4, &(0x7f0000000140)=[0x0, r0, r1, 0x0]) getgid() r2 = socket$inet_tcp(0x2, 0x1, 0x0) setgroups(0x31dbe445, &(0x7f00000002c0)) syz_open_dev$midi(&(0x7f00000002c0)='/dev/midi#\x00', 0x3e3, 0x3bc177af4b1a627b) getsockopt$inet_sctp_SCTP_GET_ASSOC_NUMBER(0xffffffffffffffff, 0x84, 0x1c, &(0x7f0000000380), &(0x7f00000003c0)=0x4) r3 = syz_open_dev$radio(&(0x7f0000000600)='/da\x00\x00\x00\x00\xff\x03\x00\x00;', 0x2, 0x2) ioctl$VIDIOC_S_HW_FREQ_SEEK(r3, 0x40305652, &(0x7f0000000000)={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x7}) clock_gettime(0x0, &(0x7f0000000440)={0x0, 0x0}) futimesat(r3, &(0x7f0000000400)='./file0\x00', &(0x7f0000000480)={{r4, r5/1000+10000}, {0x77359400}}) fsync(r2) prctl$PR_GET_CHILD_SUBREAPER(0x25) r6 = syz_open_dev$mice(&(0x7f0000000180)='/dev/input/mice\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r6, 0x4008700c, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) lsetxattr$security_evm(&(0x7f0000000080)='./file0\x00', &(0x7f00000000c0)='security.evm\x00', &(0x7f0000000100)=@md5={0x1, "e5bb395f55c063cd645af21b63c76d9d"}, 0x11, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000300)={r8, &(0x7f0000000500)="d611044611ecd9eb55f5a7934b0c4c82f5a02eab53dd4b299014285c59661ae0be419164bd5b8f6e78374e487030b4a88f374316573131eb424d8ece8800c57fb3fbfc2c5c400497c4b0af7b15a799477797e849053d0280ab089a0e6559f3be5100315da2311fb97f296ba1a08ec0cfcb97f83f83ff4caf200587e6dd8116836fe63a6861233f8c912702c3a0e468916428768fad4546497e26fc1cbfafe08868860d6929ba55148c470dbfc12ff172a6012c83a9fcb46adb81ff2d5d33a08bccfad4b5b40fd7a10945c5a7909e980719fa09", &(0x7f0000000240)=""/114}, 0x20) unshare(0x60020000) 15:24:32 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000ab000000ab005c0152e8c9e8c7b044c4e798289b83cf9949d5c4a117467819c77852ff774be029a1c3db10ab65459c30e2486325b447457f6808e151dfcb38649424afb5ec60cea0ce3d314bb90a0ba32496a5255ab5378cf313d635a4ab9b0588f2183982669f61ee22cc5c629a039c54a0a92d21d92784f57f281a41f683908361f02b4526e4f06bbba5ebe894cf9ab62ff806b9"], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:24:32 executing program 3: r0 = socket$packet(0x11, 0x2, 0x300) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000100)='\a\x00ev/nul\t\x000\x00', 0x200, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, r1, 0xda67d000) r2 = syz_open_dev$vcsn(&(0x7f0000000040)='/dev/vcs#\x00', 0xa4c, 0x404400) getsockopt$inet_sctp6_SCTP_ASSOCINFO(r2, 0x84, 0x1, &(0x7f0000000080)={0x0, 0x5, 0x400, 0x431, 0x6, 0x1}, &(0x7f00000000c0)=0x14) modify_ldt$read_default(0x2, &(0x7f0000000140)=""/101, 0x65) r3 = openat$proc_capi20ncci(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/capi/capi20ncci\x00', 0x0, 0x0) write$P9_RWALK(r3, &(0x7f0000000200)=ANY=[@ANYBLOB="4a0000006f020005000803000000070000000000000004000000e60500000000000000200300000005000020000000000601000000070000000000000008010000000400040000000000"], 0x4a) getsockopt$packet_int(r0, 0x107, 0xf, 0x0, &(0x7f0000000000)=0xffffff96) [ 1340.022518][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1340.029057][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1340.101169][T27482] sctp: [Deprecated]: syz-executor.5 (pid 27482) Use of int in max_burst socket option deprecated. [ 1340.101169][T27482] Use struct sctp_assoc_value instead [ 1340.142159][T27475] IPVS: ftp: loaded support on port[0] = 21 [ 1340.182345][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1340.188567][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1340.282421][T12113] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 1340.522280][T12113] usb 2-1: Using ep0 maxpacket: 16 15:24:32 executing program 3: syz_emit_ethernet(0x4a, &(0x7f0000000100)={@dev={[], 0xf}, @random="8a37962a294f", [{[], {0x8100, 0x3, 0x0, 0x4}}], {@generic={0x2307, "6908f2eb66649f2557eb4c95112dcc0ffb8a15b01ef2735932da09ea714972e3cf5858476b2f3f930e9655ee0075c796df4a51c2b5397e39"}}}, 0x0) ioctl$VHOST_SET_VRING_ENDIAN(0xffffffffffffffff, 0x4008af13, &(0x7f0000000080)={0x1, 0x5}) r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_ADDRFORM(r0, 0x29, 0x1, &(0x7f00000000c0), 0x4) [ 1340.642806][T12113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1340.654095][T12113] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1340.667206][T12113] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1340.676478][T12113] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1340.857962][T12113] usb 2-1: config 0 descriptor?? 15:24:32 executing program 3: r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000700)={{0x12, 0x1, 0x0, 0xad, 0x78, 0xaa, 0x8, 0xafa, 0x3e8, 0xc42d, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1a, 0x0, 0x1, 0xec, 0x94, 0xe1, 0x0, [], [{{0x7, 0x5, 0x85}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000740)={0xac, &(0x7f0000000380)={0x0, 0x0, 0x1, "06"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f00000029c0)={0xac, &(0x7f0000000240), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$IMDELTIMER(r2, 0x80044941, &(0x7f0000000000)=0x1) 15:24:33 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b4050000000000e9c310180000000000be500000000000009500000000000000"], &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r0 = syz_open_dev$swradio(&(0x7f0000000080)='/dev/swradio#\x00', 0x1, 0x2) ioctl$KVM_IRQ_LINE_STATUS(r0, 0xc008ae67, &(0x7f00000000c0)={0x2, 0x3ff}) 15:24:33 executing program 0: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) syz_usb_connect$cdc_ncm(0x1, 0x74, &(0x7f0000000080)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x8, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x62, 0x2, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0xb, 0x24, 0x6, 0x0, 0x1, "d7ec9fe825eb"}, {0x5}, {0xd}, {0x6}}}}}}]}}, &(0x7f00000003c0)={0x0, 0x0, 0x5, &(0x7f0000000100)={0x5, 0xf, 0x5}, 0x1, [{0x0, 0x0}]}) 15:24:33 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_SET_TSC_KHZ(r8, 0xaea2, 0x8) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) r9 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) getsockname$unix(r9, &(0x7f0000000100), &(0x7f0000000080)=0x6e) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:24:33 executing program 5: unshare(0x400) r0 = syz_open_dev$vcsa(&(0x7f0000000080)='/dev/vcsa#\x00', 0x5, 0x401000000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_SUBSCRIBE_EVENT(r2, 0x4020565a, &(0x7f0000000000)={0x8001002, 0x40, 0x3}) pwritev(r0, &(0x7f00000000c0)=[{&(0x7f0000000180), 0x50}], 0x100000000000002f, 0x0) ioctl$GIO_FONT(r0, 0x4b60, &(0x7f0000000100)=""/89) [ 1341.272338][T19765] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1341.334385][T12113] ortek 0003:05A4:8003.0045: unknown global tag 0xc [ 1341.341148][T12113] ortek 0003:05A4:8003.0045: item 0 4 1 12 parsing failed [ 1341.349116][T12113] ortek: probe of 0003:05A4:8003.0045 failed with error -22 [ 1341.359807][T19754] usb 1-1: new low-speed USB device number 30 using dummy_hcd [ 1341.512128][T19765] usb 4-1: Using ep0 maxpacket: 8 [ 1341.535575][T11845] usb 2-1: USB disconnect, device number 75 [ 1341.632391][T19765] usb 4-1: config 0 has an invalid interface number: 26 but max is 0 [ 1341.641091][T19765] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1341.651762][T19765] usb 4-1: config 0 has no interface number 0 [ 1341.658138][T19765] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=c4.2d [ 1341.667538][T19765] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1341.683011][T19765] usb 4-1: config 0 descriptor?? [ 1341.752372][T19754] usb 1-1: No LPM exit latency info found, disabling LPM. [ 1341.852368][T19754] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1341.863545][T19754] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x82 is Bulk; changing to Interrupt [ 1341.873948][T19754] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x3 is Bulk; changing to Interrupt [ 1342.102074][T11846] Bluetooth: hci0: command 0x1003 tx timeout [ 1342.108363][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1342.132199][T19754] usb 1-1: string descriptor 0 read error: -22 [ 1342.138595][T19754] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1342.147889][T19754] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1342.375725][T19755] usb 4-1: USB disconnect, device number 22 [ 1342.432789][T19754] cdc_ncm 1-1:1.0: bind() failure [ 1342.442704][T19754] cdc_ncm 1-1:1.1: bind() failure [ 1342.455860][T19754] usb 1-1: USB disconnect, device number 30 [ 1343.162311][T11846] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1343.171031][T11845] usb 1-1: new low-speed USB device number 31 using dummy_hcd [ 1343.404566][T11846] usb 4-1: Using ep0 maxpacket: 8 [ 1343.532302][T11846] usb 4-1: config 0 has an invalid interface number: 26 but max is 0 [ 1343.540669][T11846] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1343.551231][T11846] usb 4-1: config 0 has no interface number 0 [ 1343.557768][T11846] usb 4-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=c4.2d [ 1343.566989][T11846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1343.576374][T11846] usb 4-1: config 0 descriptor?? [ 1343.862145][T11845] usb 1-1: device not accepting address 31, error -71 [ 1344.032913][T11846] usbtouchscreen: probe of 4-1:0.26 failed with error -71 [ 1344.050923][T11846] usb 4-1: USB disconnect, device number 23 [ 1344.183214][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1344.189491][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1345.702382][ C0] net_ratelimit: 20 callbacks suppressed [ 1345.708232][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1345.714992][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1345.721463][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1345.727755][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1345.734455][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1345.740714][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1346.262103][T11845] Bluetooth: hci0: command 0x1009 tx timeout [ 1346.262404][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1346.274420][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1346.422395][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1346.428719][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:24:42 executing program 4: socketpair$unix(0x1, 0x0, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:24:42 executing program 5: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) ioctl(r0, 0x1000008912, &(0x7f0000000040)="0800b5055e0bcfe87b0071") socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$NBD_DISCONNECT(r2, 0xab08) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)={0x18, 0x35, 0x7, 0x0, 0x0, {0x3801, 0x3}, [@nested={0x4}]}, 0x18}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) accept4$vsock_stream(r4, &(0x7f0000000000)={0x28, 0x0, 0x0, @my=0x0}, 0x10, 0x0) r5 = socket(0x10, 0x80002, 0x8000000010) sendmmsg$alg(r5, &(0x7f0000003900)=[{0x0, 0x0, &(0x7f0000000200)=[{}, {&(0x7f0000003c00)="f376c691070000000000000005745261f600ef9a921dbe3dbebb237614fa75b4f3b241df74fe3c1e5c9fe49f9a6f35cc9aa94b7fee8ac4556f0c58cd09d806aa307104653975cdd1a9e671a716ec401f977eacab7c0826fcd519f96add977fc21a604621cf0106d2fdd4abcc7440df7a8c2430befe19664e1767c124a32eb00653e9f0a49fc3ee07f3f9c222dab8978acb4fe90094c7c158710a384f989aea93fc79097ba339c3369422", 0xaa}, {&(0x7f0000000080)="96d9436245bcd0e7226332d27c1a6c2f2da9048f009f6e3c261c69e64a951c26335d6d79d24d6425450e56", 0x2b}, {&(0x7f00000039c0)="d066e4b9028af1ddc6e80f61e90c8beabd52a7e972fefafd33b467b33b793199ac4e5fee95eddc31281508df090edb2dd33548d4e0ef06e20f758a599dc662ddac3ae8c7da066365e059c06db80595c5f4a1a8b936689afe88ebc260ccd4a4c0701730ceb1618d51b6d88ea15913187a45e8b0264669b06b6cf54bee462084b8698031a7729a4666145f81fb1ec4f093f5cf4c355ff72733b14a2f9888ee2e1018035e4d504dbf84301d34fec8ee2be24172cd5f7a844a38337bb341fa9a8eeb80992c6f29a4914882185195e57d978f79456d5a1d9f9541f39cb3505c38cb8b83bb20cc903ddd6cb95d0f08e5fac4e434e14640d3589f3f0e68a0823d5c057ca44c53fa08ce09303efa8c7485594a3fd02b3ef0f6aac539583d3eeda2e7adae376c731560fd7b204053c850a2cd088ca911aac9d53f9e04e886a92528b28391fac301", 0x143}, {&(0x7f0000000380)="577c69d25184dd816cde0421c930a4a8164b479859cd7895395642db1379c10b3b164db1efe47b4d74df287b88c94ce9ee3069c3111e5fa02ac9f203a3f8d92c46b56a7e74254dd5373ef63164c1b4607151d79752a97da358be73dfefdd1cb79533e98a7d9131bd7a910c456bc32cb6298b080f2948580516d55ec0ef9318ac2515e3cd9dabc0f9c8ad5018633e87afb81c32f24f5273f0a4f2e191644d3a2e7c3289474d4a61c3282e61b7f893d6ec7b73aa3eddb5de4d0a58fc514804d22e7d30878e1bc416f1b12f2ff43485d6c364d37ef4c6ba84607fcb4b97042f5464cce43c4e268353bce0dc62311d9c0a01b409d7b195844c0dca3f6ca8170810beac44bd936306be573eec7a99886a609d78338c7315ed440e30e4a5626ca2a10564ff5fdbef6f84417902ab66adde02f97e64c4d0126aa26dd23acb3bb3a0147a86d5e4a335ba5cd8c59cfed6f6b32ccd78cd4f645a0cdbcb46c0278bb0dd6683e3979ee5b97efc15cda32384ccbff14105dd3b75c935b54ea7123136c9c0420f40a738ddcdd2d0cf80bfe4322fe309de3e90b6e3eb88b0cee01a22a37a593f774a4b39f12f0e0d9666b879df833fff7c0ef031c566aaea4562c29d9784923d216c69fe6e944cc2361a133103fb7876d793b7a5555fc4ab8899c81c7014cc04826fe0dba5f09bd37ecb5d63cb591e909a859ce643202358ff88551cf8784933e444164e93817ca7b03f9dbc86154635b9c23b445d019f2cdac124360fb6ae9ebe0af206d9d73a3352645fdfd533d3865a07eff13da1d87ee52b858e9523ff86eb6b7c5ec104c7d155a84b6b64e80200030f74b116cb4ac33ce1d3772cd3e92d8449e29fa1e8388d47aa4ae1f0bb55857cce2a30f8b33214356b0f7e37fe8dca2c57528e2b5944832a2dd08ebaff16a93040aa6b4afc2d73fa9872c2882b080f5094a80e2a08395ee70cd74c87652ebab0c922e28c9badb16655da9868bc9ff794aff77bae57986765d76f07085bb04966ad747927b7ec52d90c79d4209613259bed7785430020be7336e9e17faf9b7cbc9fa1d22bf7648c7870aceec718944d0ccc0fe4348d81e7802dea0d158c4f36ae57ef552b4960cab2083cee058be874b3ea4aca60211891de0af0186b948c72029189e6cc935c9bb31db0f6e4058738533f443d17c0f5945fc28db6ab322e003af4422ef34651d49c9415f4826cf8c0ac47cd07141c89a201285b6dff973487a6b7d556b48f2c47be2b4fad4e925c5aea7c2e05206737738d3816762b16008648901c23a095fbb25564f90b425b14903006254da004580538969748b83c57d6881de40d6837e304a4a73462fc64cbb29d4867089c0b97c27e09795f6427aee0fc71eb6c44e40ce60f7708a5d0c99dc0890ee55147f988bbd398f1ac0304a0f2632ca35a70cbb1ef9f8e588d5bd9ee12c607d993023905fbf330e98b720718105bfcfed54bde78c74943ca8192a8c970a218565ee9780c96e5c6393fea7e01bf076b909f2a25cda02aa626612d38990fe1e36d2ed76867da6610817b50029521bdef25875e3b18f41db5df852ff56512455143d6af70ee01143a519b09c8a2b283e88c2a09b4486463255f6b23ae35f39298bdaf2defc37eac1d0b25e02218b762d96d6ba7f8e51d9e13c7ac992a9cecf1c5efde286767505ba1cf5ef4445b18a0a4b73b18ebc794e70c0dc41ca269dc1f6bbc86f5a1c52baeef89241d52ea4881c8795fbbce1fcd2e8e87b05df1f2db384e0016c689683614df06c3a5e772ce0133792f4d746c8254455a79d70c14f0860c3ace62aa2a98fc76dbdff289939fdbe9e9652eafeb6b50cdc8514812feacc05377ac2ce345dd9eb84ad3dd42f1301e16917d15d6cbe5a35f9a5ad6fda39dad7ef0d3a04ae441d61388a510c8b455af82b598263bf5df4a12ff4993e550a1eeccd45a15e022992108c3f4117e2b136a34a66f200f3aa00951295626f23d559cceb3ed4c2145276e543ecb00b02038851b7f8a428a8a769c5c14ef2b675a6cf6a716842c9c8c45df2bc972dfc82bd6e034f3e224793c04e5709552caed04085f6daccc57a28ec8bd43790d5b51291093f5c1701521e88356fe9cd8b77aacd4c4afcd99c6f242ad054504b3c65e783b6b5472a1acc13bbd9b0deb481eba77a3d426811a34a67aa418ec8e13b62fe29c0d6b19a30646afcf4030d9d844be3c31e843f18571c6726a74c92d2d79f6f3fa1eacbfbc9139c95555a75e1b9c7a037b3e0368d8779e929e7d940b9e5e76ef07c950d8619f513a83cf2ea0e37fffdb7b5c8816b8d22b37e810339e7250acf6ab9eeca11f388da76cddec8a559ddbefcd2cc09290e82ca62067439013d428b245c02d6edd1219c16fce94b56b0499c0011bf24a56f2aa64f0861dd765f2c189185b1c2e75bf4491aafbbfb1f86845db7028240ba352137b513f360b9f1b6ca088f1ec98b680a007f2ee1dae9dbb9044bba951a4ef60d89f94a162247dfad0310fae311a7591ac10e0c0ccf29ede624a6a015b339a091412965f6a6be08c7ad218478b619a06fb3a61b126b0abb5200b0208caf10e45cb725ebec954f72a2e06bdf962a2ac549193a1f8fc7a8b1f6cd12b491fc28645f970de355b6b04030f4805afb833b64de320e6e4d80ee3aa72677614031f3b0bc9ea36faaa0e936d129fb66546ee4568bd9688b6d985e6844f58b6ff1699ce037e6b462527bf67988f0b0de3bd3ea866b3114a7f019d661177c55fc4b1000f28f65a9883563ac534b9ee6f84d18b7092e78aae0286666b4a426277e530774455e1deb3b3beb4c377935945a5ce942bb38db384a2688c329158c23c56a5d9e4d8c5c875462ce9af4ddbc8cad728dbe779ea4e3cf1b55150e5553c28b6c5b546111ef2f00c8a3fd1660a392b9ff53d57144518f706f4bc36cd91833286f457b93c94c4f8a52a330bfddf309ff7c93b06302d4ec85d5ba10c71d703cb6cc6fc699f963e99e6fdb040e997a73d80bcc06f4880b70beb21a48abf7ab21c2b30d2675cc78839d272ebc4128c0f75e12da72582ba992a66d3835251a94387f956cc5f0bda270b51e306fedc774a7762bed22b07cdd4c0ed84435ce19c0a4a114b96b546f8518fde8ba0fbdd007f8eaf9d129f61637a2ac62339bac50f354bf79b895d9bc9cf9ae2a0f8b71740ee01648750b0d2fc4ebb9f3d14519e66608506385e7c585aad1ac8337c605a439d836ac482ecfd9a34960afb98ed480ddde4bc217ece91dedad559c81a44116e6d9845e53a758ba3c9edafbd83a716427a6150aa98906a8f97572e1294d7a36d1a751f1eaad85a4486b31554c7ef9c429ad9f09cb99bdfd0c2f02b81d89cdca2e6b2fc873b8d15af76ff65d89c8ea33401a898b356c9835a171675570131049293faa88dcad96397293a60831ea1e41e8e173fd23cecf0f41957f4bbcaad8158663cea9c0220f19e7c2007cb6e256aaea394962544172478ab091c5988466b2aa1b9034401e39967df3568ed6e4a6e45779392ced91d694b9974d5d5b7a6cc64c69a92e6e0f11b3251857367877c0670f7ed17fd55532e3e4373e35fa4ade1aa73444244e1c52f6aa42d1c659a8dd81fa262346ad3abe35832b7ec45c1cca6377d62b5479111b51b8cdc5cc033658774e652c8bc2a90576a567cab6381fa3a6f882030e4d64c1e1e1439c0ba44253065aa701af803829d22b9cde0fe0315cb650c7102cc8432852e0cb3a57cd2bdf118cb9d77b2ce4dac07a0838aa5aa0398dc60a19dd60b6a0f9b521d0b328dcfc388c519ee0046076d288fce64938e1b8015be86e17ad96d1a3fbd76b396c73c848523d303e605a2b72f37621eb70c57bd12eb235057948c98dc83972ac1e347c11e46ccead6ac5eaa22a0b1a853b281d77dba58c03af35bd8027600485827085010ecbff05e46ebcc423da3697a6563f451e759ace9285d2103fe31f727bb8649ebf5848fd8f928bd81fa83b8bc61778e57ae52ff460a340e5d82f9db26ff87dbdb8375fd3ea52ddb85b66e7d54774aa575754ada186cfc8ca526f6bac0b51f609bf48e598e602fa7cc39dc6c3c1b9e69cde814349ce5001cd2b8c4c978eb4c23a949c993809a16105f04657cc0c0e32c5fb01082b22759f176f450410d4dc145133eb04b366776f9a6f3812f9f09303cddfde43899d8a14bf4dca4232c832b5d1aeeae239a16b83ddd2fe8f88c33a4de6b371f5b3f741b522e2f9d3bba46af8cbfbb84d7a72018e7aff2f8ee2cf2e8da5518ef5ab4af0ff5d45c0034c7f596a06695f92bfd26e450f15a6bbb1305a961b74dd65cf37f378a4863446fd7a0d01297e57e7ff1004dd5cc0c1b8a806d27b0eaa5f8c991bc928f9cb662702607cfbd05ea4121d864737fa8d257ce93cdcceba175165bdd30c05f2c0b2ad604d17eba9c638c482f6c9b3bd01809555f6d96cad4df37d33a538f994bf9564106c9f3be0c301c7f0848c8584f8aa50a8b459284a00bff11259250329d3c6025af26475712b279cdac427ec447f3a0b3c2088830cd346e94228385950edfb43b73c53996e74d17dd3b1c76c305c1bca327414e91698cf07aa7cc9be74990d565ca4a24bda908afd1298c2122f2b1b943e6bddf8cec60595ae3112fb33accfe2b7bfbb5709f6f07f0a1bc1d3884a2c094c3e275ab5eec7674056a40230e680d01834f8a2e848a51bd61953767c2ab81fc7c2f5de3febb35d5147e9929586337dc6dc82f45f7b78fce75f066b5304e5fb622a8de4d775eab7b15343c76f6a81baff69c1eddd7616674a2c9fc039cd075a43b68c5cfa2f61076718d8d9e3901103010e5b682bf596f10cd62111194cfb113a37e574a6c5f2f63893c5726db4866cc0a12216e0816083db6526dd5e80cb9b59df9cbbdcd5c8c9139a9cf24ea3dae6069e26923255c8dfdf5512a51cfea4cf057122e077efb82b4c23c39497cca8b358f7365f7da32207115beddfbebaf0d9626ad76836eba8b61f9837e971742f3c791a703f3ca9cac90c15a0bd5a7bbfc9d34ac38936e83a7a1c84207111429c6ed18ef40909a0d10108abea71e52f7609a34282ef566a4e690317ce7659660e73c432bbb1c9e8292dcf62c66481c515264cf56a2845ee612447d84e53b11318326abb94844e3718aa9a2f9842ed061642fb59ffdd52baebd59f4d9544566e1404c440c7a5db421750176bf625aab558b909e3896a128b72201cc60f2aec8f63fd71a723b5d35ae8007c7fdbcfff93216f99ad7fdc3e31e72e66d76b29ae112e2bd861bb4682159a5bbfed5e49f3cf4930dce00ac3e035d2fc75085eb764a252b53ba4ad03b379b7b8afd8b9588d422d5167a21f80602d943450365f07a374cd4bcbc6e058836e78738a37847c58bb8f6b5d019d8d0273831ce1347ef19b55bf770636e421fe08660e3bd3f060dd3d0cded2f6680a91d8b88b8dd26a5f1ae275d2ae459e5d8fe15760f1d529fd91750a3cdf922b8a87cf8dd76ee25e0a0151b7ccd5f85c641f366d6b3009bbc6aded2c646092065a63159e68f13e31c9396de63e87e3fce81607c6b1fee2b4116f1e8debc7ca1f07818eaf78a8010e8bbbde232f958ce7e8d59b78597f1331523fc27ac6280f8c0b3bce12a953b0473b2a814e20c95b8b5d524499314b06a794f6a56b71e254cea575f31cf16488b731ea04d25a4f384836b97736efc2a62967f45fb38ced212953d9a66fe04c754b170d03befdf289c90001c0b17fa98713bd886f00172b6882cd3e5c279c1e2729c320339196098393dfd2cb53526", 0x1000}, {&(0x7f0000001380)="be03024c4e829176c11b633b231ff68982d85e065c61945e5bdc3dfd9d76bb2190a0bbbd84d85bdd539289766f929beab71c0a173474fd15824428889fd0fafb875c11b8b17a981835c59b079ff508acd193a4bfde3549b1ffb4416a714dbb016e8bf7789810ad343425460d9d9cd591d777d82521e837bd8efbabc7edb6e658050c0f47014ffa52dc746bfb031cd76e26557f4e581bc83ca324468acc8ec03243140c4397ac938de084e2a387ee04b0e031aba3fb2aa0a99f78d53346d5abe51e742cddc4dc8926ab22b9743a5c1d105e7685d352410d6fcbec1a6ec6018454aba3e73589b7265f731e8ef285704b0b1ceb69ae888d6bf04d2d8b7e7796c612d9269746e7604477415b5c7c86ab0bb4e3e42f55069953cdad5d96ee38afb57f5da5ad75817e599a613520830102663658dc757879f2dde4133b1ac11ae7da61756f13bfe74e4ccd3dbb76f69ce6c013b1e353821b1fbdb7f8bb257ec5dffc167fa26091ee45b6f3ce8b3cf94897f2acb095e8215df1f68532499b552aef3cafa8271ba61f43a0df3a87d821b51396876d2089dda786163c46434b1ffc9ed8414cf81bc65879816f6dfd0ad59eafaa54c92277f4c2d67a14ee5def0291b32f1ba1c90f671f9d1b19c2896f5fb457be66a301a62636925a168062a850666e72410d8522e7544b02c12cac16b0a9ca7537fcbf85f3cb416cfc84bdb1a3a2f0ea9a7673a287d4d578c24f7ffda2c7020ae5b3264c3b396ce4af0fb4c959a7e9418bf9df1cfe28192e9167145c9bb58d60264f99948c9d1d0e5ab76c4c1a1c723d3fbc49dee72e011eb1cad5b4dba38d840c65af897357218b4afaf2f19d17da7f7f17b32fa205ad957ed35cf6499ebb687feedea8bdf383a311d00c88da7003b8834d6c536cf9b8cf4a18bcbf0be8c6daf3ccb23f501b1c592324620f78f2b00e1ee37fd93b583f9e4c01e14aea15054baad4f1b7f9fca12a8023af687b225ab119dfc09a10056f0bae3a346a8d9f6745079279ee304f575ba9146d515d159aafc473b348a87530e5378bec5eac6c3ddd98968dd47b031c87a5e57237e33f6afdb84b09031c9f5ecf4d8067603991a7a0cbcb21179eb1747e173a24b3437872e8285adf041017c2938fd2c82804b6c5fa9f017eb36f403688fa7d8282229d39e10bc936ce1e44c47d8279465fd28b677e5a2a25f7667499f26cde55532b726a9f5d33fcf570d49c99cda6576f7848228e63634709363b597b43db6a4a2ff8543ac6249b53293b4d1e0446f18f89dcd6391160c2e4cd5fd79ce285327dd9f3c3275063df72279e67e997df9b59ab5fb2c4bf023602f55a15f79707275f0fca111bcb4c3583a63eb295f80c60a9b013150761afc8e2f802fcf53ef7d58a957ddb16ed2fae1f0d74f0379631ed8f0670ab211de5fd91ef2f8c6c2b7ad60b5b4b457e2a91b2532cf4848cf5a3f048d592eabec7dac3fec5f31973bdaa706af2edc1c34195db89363ccc8e41a1a983679b36d98c2a00063aa272d913f27b188e7328060725246607ba42f7b5a694332cec1271decb4f2a9a5fb0c001402ae901c27601f4cdcdaccb3bed5b42ebdbf71b2e7c5052847f372fdcb84ca8816fb017628aae88438046314f6aeae358370500bc597a8a60b928f1474aa7d571930cabfb1a16f65a3ea913cf7e8866b8390e216677cf8cffec53ca492ab2e489d0387185de31db7331d807a3f093caf4fe70fecb339009aaf4f27629e2c36604943a19b4cc9954cd0234dbb0d1460dfab7e1735c57cee39f6efe3a2ace135cf8406682b67fca059dbf38e92eced86d0cc4c1206097ef531b48ac4fce1e05b0a50b6c6a2f44039d8875d30435fec8adf215fd095932c856bb840cd88e9876a3aff20699024afb4c3f73a97c6a88a964ff502785cc50c19d94fa9f692442e8dc27de777296eacbbce7ce6bcaf82ffe4168a1647ba96342cd16e46c5e40ba0596679f1f6f8d17a5aa32888f4ff26f471e71aa7367dc5c2aaf06f6ef8767d8646865da59a23a9e6543c12ed76cb5c4cc201bd06598127974411c52a51eadc1ea66bc0c65818b06d40389f55c2866e3f7583bf9498194144295237c6814601e346e343e2d695206f9b5a5fd1e2ec347e60957941d17f0eeddf917b2d094b34db4cc407790d43684a732c312969ca21466f2f752ecc5347a3ecc3b9fb492fe2666e0956cd48b327c623b889eefeb02641711104ebc7f8037a5b2656a6dd5002a3cbf837cab7ae47020f704db9281c8c52ea7913ef977452468e149d062d808d7b3243a0bac73ca4a7b524fe72693eeb0388bcd6fb30a5c54b1a680e6945ee46beca8b1d293523c6ca4d7a89f1ba82bcffba740eb06baa667a3cfab38c232c2cb8339998939e690e36350d46dfeaac95e8d0bfc990746b5ab7c3192ecc8371d76c50c4b05d1280e146e420ec91ee00c0904d642b32793fddb585882c02439e0b28c78c8ec10ab0b429c85156aadb87e4b018ca63a3ee9c3cc91596fcdef65786b1c579c633f193207e43838c0c69f123cb36c054f98f74b0611a71e16dcdfc755f8f0c32fc372a46656b1fe14a7578392f05ade056b9fbec2860c307b1518cdc5ca1ba64b68704b198b73b59a461ea74638367664ef07d2b353c0660216bc4fdc2127e8f7c1b0f60f2905a082ba91a6e145c0e9fb2b0d0ab99d969bfb37f5b2f460de9739dae34e60f23a1b54eac95dac19dfbeafdcec8505c2605bb577a940a272ab9947840804a1b4e24254b52dba6c30828ac10e05375181f84a73d722edb23bb5e9740b9d3180676400feb6c1671bb72eaeaf807b8b51e284277a285f9b119f6b756123b5aaa3858be1121016a928d1fd223c54ed0835f2a37c05f11590e2b4676700dd788729105288473aa429458b382702fb5293a748018bdedf7361fca370796bd024fd20099a9c7b3e42c2bfae34e90db05786e6fc7a2e66280776b70125980c6fbda6b8782c0a4ea9d85fb4cf21afc463595e2913a226852efa6b5b1378ae0739268b7ae516d2fc9fb9d0b6ce1979d4bcf62b35dc65a55415b8b70cc1da2dbd875d896df526358ae73959c905712c53b85b1af41258a4892aeaf49a6c9c5b692ac05da5fcc63bee36406f6f4a03e993bec92c6d82fdb3a52cbd056d906b8d3735d94fb2a3d1e07107c5d3263d08249d7e68f2e326e84a945d9b2d54c469014102bde730288b234323542e97b8e0567c1bc91c4e7231c4a344d2e22c626a875b23e4d16b85c6107aafba741eeeb0006e469223045aa33f517f581bef52d73ef92a0a6702e956caa9beeb7d65d2e523a1feceff56798c5ac1b41ff54f377621f9b9bc9a226b11e4dc1fa7537744a75fd7f6328a3712e7f9f9b322437c0b6c85efde956043624c63ec2440361fc818c847ff842c9c21042dafdc660ec8a692483d46615c82e6da7a4cac984ba867a0e0985d4520107925a14aa3b4ff23e5acbd95c30475a667c8f2eba7d1312cd0e3014b71fc73b06563c951aa861c909633fbaa44b4d9557223806d37d39e4a2e7967b9443f92ed493ecd1766bab93304d441ff81cdc9e51d423c345eba4846338218dd2e87c2a99184409bec64f7a0425227db84206bd030b58579d1ff3e12aeed2c95615a355263d03ae79c9d6cafd3d8250c0c78138b685aa1f612e673d31e0087bf74b65b498611d1f2085afd1dd148464656a97185e25a9e6ad75d47c64c5ab375e7c1f28cc6e716d5f1af8a07dfaba73c507e5b9b8a9a2f349edd68cfb5336e8042713da844ed2a4360863dd98f4284986bfca43536be7f6bf19e25bdfd8f9ff995cd4758fc1541a35423504ccd00ac4f5604fe983c84734b230268cf44957021ee222d88498d4d21e5132d44a57fea3a71fc7759c7385f680a7a3ceba91008b7a06fe9b5bb18779526efe060255b37ee17ceac88147fc9b451bf83bfa53028fa5a9cc1dc3dc1cb661e5255b4e28eec439e8b2cbf70cc7376dc5bd341a42ce5e5a5b18deecee45bb237d66dce7e3c24616fb10dd923444142ad6fc3aab8f875a475ff5b3973b2eeff913f3a373c2042897c5ce784d4aa54f54736f1b5fd27c4610f73f7e3b6a7fee33cba89aa31d3b6d659b82c7852d762c59065ce78b8df19eece7482b63ec9ebae8cb9cdbaa6f42d998ba97426ff0e96e92eddeb10bfb3e383666b531ec1917f348ae7ee5d331e8958b62ff0b36ae1f1604aa79a94f42cd7a382e13b1080367d276e677f743bca854eb74e658fd5ac7a72621c33f65d6dc6e9bf9d99995df4e73bcf1943e27df24d4e19fdf1d0903564242d7197470006f4953437df26aeb6c96c6851e3686b62c6ecfecf4229a430ad7337507e2597e4da5d3f123c9222391e1dfdf8ec69759fd7299a7e0700114e529385d6219b48e5f669a1029e5618f05ba7fc67a3c77ffaf7f6713ee4787bb0e74dbada856dba55fe70103f057809154641593ed73307240349827b4428993c20cfe27acd38975e6917318f0a90488dbfff62fd15a250ddec2567e2ffeb10e0bffe94008decbb2db3a250e6f3fa38d0019f432bfabd5805f93a2dd7f1367860fc5791d2ad3ab8e7947019a8bbb69b80b6e310d4ae7a409c682721de7cc6aaaf6a1c05d63735a8aa4ac7c0f4f7aa7c00f0daf89ff6c238e10632e664d3d057dc5fd9daf5d641721cece31c6056eee6d1d8b9477ebe6447ad564b9a32d01baa2202ed6fd12028fedb83b40e2b588cb7f2519287659423a5821e4c5ab76b03ca82a1289839e4967a7d5778998434c21888e37882663646f780d30d384e8ab3d6e1a5ad677f2748f8a7f45293321a213a4716059f0f8e68fca6989cfc3dfe75457c8c229d2d807c60ed0aa8fa0f69120df5ee58a550494b75bcc0d8c83e682ed489cf6c6f26a7cd9ac6816124c21b739effdf513ecf37c90dfdb72ffe386bc8a58dc549d635e1f7e51d6709ad24bba8dd764339111b7cdf0e6fbded2946200e8dfd464749df4d675a598b379ba494ba8f965df7d6d391dd29d544d671341bf6b813e91eb7e4b0b5751b646c9e3a829562d711eac0c8520a5ffb75a2120c14c0cfd7322260e213b2911f50d82cd5425152284a7055ef455bf2832a3a0374bb2e393164b4aeba5bf1916c6cdee9f450c8f7b1bd7141dc1c6188c7cc70768b55c4f77dad11ea1aad374cec150744177538699f4d0efe4ae892abbe93f321d65bbe51e7bb4e551e35264dd704d8ae38cf20af639a891b8a97f51b3717a427020f7a615f88742ec7eb91306b2661da6795801f3031cbd412ed27c892bdf2a0093a9724854c9a2bc33df21e0b6ec76e04b175ddeccf1f87ae69e91ce866e984f14d55e4fe4526b4df54143d7786ee7c33d7699b4cfca9455e819e44467ff2199b8fa49b4f95f2f763c04d0bdc7794bd652f53c6bab22d4ab2a208bb6f5591448f70faf55e2ea3bd6e030bf1f46c8e4bcec3af4186bb43f70f5c534efa4772b7a89bed00bd444f478c24ed063d4aea2ffa1e372e290b5d53a47c93d3979f5342bdc4a7a5578a9866181d8e7e75abe8d1cc7a3b96d036f490a87ef5e5a237af3a1533205a6c8dbddf1f72e76e2f73a21f7a6213b0a37942b4ea42daa96c235e8f1a3c99a2518c32c3ff20117273afb1295bc4280345d80ada650de31104785eb0651b6b61c4de984bfb5be5cebce45025ba2a74df3a8aeba9ba2c3a98b6a86a046d79f6f1690f6c4d072ac9d6269060f9ee045b4ad256eb76fd2acad1fd504f2de562abf36ab96ccfec2c1b64c6a8a4b4350f2da47aa0d3c12f2ccd4ac20c76cd282dd4e18c", 0x1000}], 0x6, &(0x7f0000003b40)=[@assoc={0x18, 0x117, 0x4, 0x1632}, @iv={0x88, 0x117, 0x2, 0x71, "389840bf3a4d117aaee195d56cdd51ad88ce04224476b6add932e2164b632b845eb41b23d96a4ec34a13bc1e4af0d74b1748c342045af2af38043d8dc452277fb6424b61b8227d89f317bdf5e58d4a12c9f296d6a35a1014357b63857c668648a4dde2ac257a646a986a7617daa89b4415"}], 0xa0, 0x8054}, {0x0, 0x0, &(0x7f0000000280)=[{&(0x7f0000002440)="3ee3263c7e20bca5b057c225889c5acf270bbd76259e850bafd2dce2348d07a362af052681797c5b9a89e009dee17a119d8e56a3d38e295a8bf32bf7e4fc4501eecbb763096965bad34784b2628f5b35f75f2bb7c26581dc24368d7ebd14f4ad21b948adefcd33b2f015cc97ff214bd8b98a7b7a7e9d0bc1b0ac8a36cb15c66f8c0cfdf404551b4cb65e4c1f134e8a89019d5ec9acd5799daa311363a3e2bbfd2dcb4c7ea6f0fe7a1951ac7ee326762b3bdfd0214d9db792fd459375e40c156105c948cdfebe4786ad5affb964c41471f682638cb895cfd0cd", 0xd9}], 0x1, &(0x7f0000002540), 0x0, 0x40010}, {0x0, 0x0, &(0x7f0000003840)=[{&(0x7f0000002680)="b0713837b1acf94f227e439586a7bf1f6c3237da088048044c2f801eee193907763ec3538b57cf690942579fd22f2e1ce9a5823d3ebe7e6f4ceec6f7a817fed91ed7cbb571a2e3610d5dee0d13b6af276b53e76e23f6501d3e063fcd215be109a9f7d336421b9a8001cc807f727c8bc6b493b8796a5dc239308e9dce7c18d776b98695a08d1ca92824d84078feda4da61f009f30424efd5313b8913cb4cd958cc1cfad9cd7dc7334e4d71d025603ab861b15c86a6ccc352e573a7618979eb616e14646619798607c55bf47f81de59d683e4a5791d7c662761dcf1b68fc14de8fa696dab8b7500f555f1a7436265437d9a51316e704088da9ad34ec1ae595be14846d683aee806f4fc186848ee88312fcf6892ac3b32b2a975ae42ff020bd73d5e5dbbe44d8fd859e2098e6df6b0d2c8892ff4060b15404a4e3a7ed89b235d210d8e7d34e89bd646e6ec70717a327fb244f4912aa8593f081199f5b33a1889bbc3ccd58b1b7f0f50f64c4b499cddbbfa51d1bee5699cfd42f50d1998d6818af836fbfef60ab777e2ca1731c92f2ebe9ebf75a3b1839fe52bbfeea29b423cc53f1568ae608bc0c6585dc9e8e8b649af9036ce054d451c9932ceb70b3c2eac1a72909181ca0b03f777b2749d3e3ca92f3d213175d4b301720f4a776952536e83157f2247f52af48a6d0a897b5d91f272cd4fe5f477aadcb7741c10aae525811157c7a04c26cf695dbbc70f3eea99c6e6f60f835ffd919f159d3fc30c3614d6f474bb7f8094d529c1fa026cfb54ce9b31e08c2d1dbab4ac4f7e53f0f3a88b4b5570aa71ad9912bf5805c6dc7fe038ab3c59257598ca5ce0b4b3803e8e3f32a7fd2ab958881c3567fe213005d35e1da61a707ef74a8613200f5413ee4e2a2b306e236e3e06e79ae6839dd72a7716cbc97359928f2fc2e1f2ae7cb1b676bc4aaf1c508c2c30fadbb1c606019ecf83c6ad3f3bf443df909ff0d29a38b1c6cafe645a3a3fb401696f0eb4a94f86cef253f75885cbdc19186fd7379a709c5174ffba209ac58a8b8eb68da3f45cde7ee93ff838f51579254c1a1ad9cb9883ad369a7b5b4eea4abfc1e5620ff5c18df0d045603983091436f2e392cc333f6e60c8548538450a73e9797717a6eae924328e146ebd785960e89e114b5133c6f4138b160c842c59f9d8a93fc591a56ffb34561ddeb8ffc1ebe02de9ab99e2e905ae1e49948c749ffc0947b263d5b0dbf8877cb763d7cc835bf4b35ee81163cf72f4d569f4e368ce3adb9815fb79f15d925c44eafdf8e7535244120ceb20d1c855f3023a18fa80d80fc4086eb84995592227e0feba5151451d46d9540ab9e7900741f99c50690308d9defb0f9f41c8e683fb6398ba6eac1bee996b065c41a9a6692fa583eeef8f81bac213dfd7ca01a1a25570a3be58d010793c1f1e9ba963d30f69b125f5374e5db3d9a11ce0632785717c53803a0b820cef87f4de8ea4cebcccba2f7c6fd2da149aee4206eb0a7eb7dcacad7183c2598680589c7ae926e152528695eca7842c9a916613929ba85bbd4241b57d88d9c4025e617375e739bdc61ae069e72f3680a01e12bf97376750f217f037e5208a9bf7ffe99ae6c7f11573d82e9c53bbe8933c13e0d9ed10e213d0cac7b370abe57f85ebf590346579cde2514ae780307ea36900eb56c154e0e7be38463bbd7662100670da10f9237bc9c3e7615a98ebd51ab9dd397c41422be9ed63656fafa6c0d7fa536ff21b1ef355b734be2693f6edccea12d6344199ea28c42d7feb7ef738821ea18da4067e447bb8186ea01fb00ed50c417407c0e4a1baf2a283306e65312b923d447991ff8aabd95c3c7ac7ea744b460e58e6f38337e4457bcf1e16d4e59eb62da34e193e757b0b0941ac67a22e87d4120f0f1a1eed83cfd13bc68e259c99a5bfed802e6c5730ef5a88ec20c8c7b40eb21056e575ecfb3bb6eb25ca20a23fa4e7010642537aa6cf62e044cd1d75950fe16960b28db2ea49b666430b012431f414b1f2153e44a917f455edcff4c83f695e852555d60ad9c926a768c64920409f492ed4f25b47c9fd5c568fc039eb021c0fc88c74ded447b25b5418ce70a86866ae90886462b5eb6cd248df64830f9f02d5eb75fd850040f8137999249cee312f2e34d31f727ba28ec73fba0469881081d2b9fc6c5013adadd0095d5a710153f2432ad8028acc31b2449c1f80c7684a0561385418d3c8712fd4bfd52536868039ef695f43452cee4d752142fd0664775978418325d340172d6079e55ab0723f0110212daac372c083399261cbb573fa5d8f610a609183ecb25bbe09263c5ad4a396b6eed58a3499c7f5d66795ad0ab6ca832907e15cc222736c0061d88f76fc25687de449e97f153cc04c42ea9f3dced35a38449dcd9a01fb69a9d376a9c8ca9ddad1fb1c9f83c0e4a9809e87fcc9d05ea1f8b60c69bc39e1ed943ba05ad5e2f205aaaf5475e4481fe0e7a7c4a703d48c57787da9468686b62495b97b49f2958b08662fdb6752f2a232faf9c9934047421a84f637f05a29eac4f2ed2066898e816bf3a31fd829d7950f3aa2393f9bbb213bcf7c1a2e64b9a527b43bb6519f52ad655343630c397fa5de0b43cc030370a30023baf93d6df10bcd50904a35887318d72c58017a4f083f9c00999559957e807527f2124c8e75630679f0c70ce1063791f902f9fb3d6d38fec675e39a87a0d2fc7dba620d7e8a158713fd3c8b3bb0e47dd1324666d7dd3bb5086803f7175b0e34679803377d4ee67886ca788738d38eb0da66a0e4fe795c7445daac4e5dc78cae21b771099acf77dfdf5abf3a3c7eb75fa84b1987007bacd232515925ffe5c46b665d3d17502e0e7633f2b8f8d8f7f93e599dbbedff9e7b0c1255be33895be4102dcbf5e6312c19499bb142f9d3df8070ef87517fca57763154c3271b68958e49e87871e41fec32e9280912e1a7f269b1b423eed019d18bfdf718cec5f0a22888db40d8635d21831f672fd0ba4422aed7d3332d64dfecb84b7754f9d2561a55c2c388a81527fcd838e96b0aa6bd87c1bb4d3a8cee8e40ca0f25fac82f46f6776fe611e6b26c5d41e8c3fbac7a2ab1904c4bc0ff9efbcbff36da00f390f295392600f715868df53db5aa63288636186b3f62026b85f7f07888da528fec718652ffcb4af834d1b0d50a8d7c170712f15e338d0741a59362b55e4774f7b9f106f1d0679997dbb973e7ad340ad0d012254e424fb046ac2c9cee4ac91e81e6c7bc523172e75b45fffb0824df88ff770e1726c61b4a6b89a725c5a9d823ae0cda32818936fbe11db9ac351a7d052dfd0e6a9b28f94cee563c3fcd2a90eca016c62459e23f5d7a6556c00621a76262b15b8baa9eb8b6a83b55ff648e1930b320f1864d23de0b33878ecab1bb28a7cb8350d7765965e360c1fcbcfc12db22aa9661deb381276768f19833687e4aec5c6771e45bdaa3492e1032123b4d3c9ffebffaddb1b3f734fe6d9ff7895fc724468c141b6c557e0271649ebd914e4f4fccbe04b69d9331744ee9fb6b06e289915f70f2a9285bf2c54625920aafab8061069ea7f5eddbedff14c03fa8f9c95b73f0336ad584d312adf06fa8e528f0053801e82b2059a5da52e7b3eb1305751531a5caba466d3c9823dc59cf4c6f5dff7bc75d3e8ac5587d8c4406492f05a4f4976dea8b818229d44072e189567e676bd62b1de2d2c6018626544e744ab6011d59e5891ebf62a38feb4b7a03d1dc18775595fc1d4f9bd86abe9ce9577f49004f5c3a96f082072cbb3f8afddf04fc068e5fb33418ef216ec1e7d780ae2f96141bfe145298db9077b5064772c324215f9709a24d19aa7d371b8bbc7b41c521926d1d4a42d299b584f724a9de5a484300b4b0f69c9679de3fee2627995176f67aa959e67a35c661eacdbe62dd2ab57a3ced41b0a6676a091e6dd987a282d3f373973ceb3140483239aced9e008c3edfc3da5f14f2c8940b85ca28347e64e69ad3533dbe3800965fbba845d8efb4639befc7a52e27410d4638778058be1aa456ecca0682ea5e9cce525fcf31e7690e8d4d19ec415ee17d61e9c36c1c2c557103a2724ca63d43211515b1ccc280eb62858f2faf30bd3560e0e59aeb313b650bf6bb9176cc94134405b722c638441f1d192133fd6904c9721b3e289c4d34aa041f690bac5cb1aeb4081aabb03e03b07b4a3700cc04da76f2bdcfc53f7bae42c945c8c1f9cb0dc8c43935edc3b7027ab6534ad3203e4bd92fcd83802aac28990c037ba8703457740cc344135ee814465d89d1ad53f05858f957995226affb008333b51939a9328ac334bc678bf9c9b4be11300395ecd61ef20c397e9b4b2e08058ea6f820db390e34f989984b9cc33bf624ea131febc2fe9e29813ff72fd45acb461571271610d0796938fdbdb5fab8ba4fe75dd0a52ad04c78bc51648f719052c7d8c11a1fac3466407497b3dbc5118e6108ea8434c16d9cd6ff78a980bd93e0e7aab0c569fb03a29d890977350087d469f63768d40b2ed89c833376dc716314c20db891d7e4865babef7e9b8dc69b187b8b3f26ca3f9474c58e310ffeb24e767c6780f6451389e9a64dbb10b97f702ed1cd2e57f5d85d64ac93e48abd0e81b3b692a70dc73ecdd05c88b31b287b2d851281cb5bb45d36957b852beadf9633ec61a5cfb1a69933e9611caf99a9632f21e2cacecb86b2ed07fa504814073b8ee6508e4d4dd8cf7fc476f36e187995764b163367fecd71a2dc64d7afbfd4fe3a2270de34099a11895078f73f92d44a99c4f8236731cd8d8ae987c712856048cebc2dd7144901e57312861599ef650ba06026a237e60ce8403fec1aaccc3240bbbc51c446a8bc3557bd588f35419935113fc0bf4feeecbb0849db151962254fa4eec1240cba4322a7ed3afc42756e357fe061ebf9f9f0b961e8456f4b9ac7d3479ecafdd7d5640d60a98a875b0380da24d3f59c06c1a38a847acf3128fc5c1e8b76da7333fafc092c631bcf6a1ccecc2b9ae4ea80100280a0d90e7514f05fc28f4cfe1e3e281d53113eb0274569fe90017e237261d48c2d8bf1b9364c2b37fc2c74faa4c499d95f77164de823ff2671f1d23123ae8b89b1ef4d58072e0a4102a189b6beb39c46318e7620882687c42b4bc3f41e223451e31ae0f9db2ddf9dd4ddcd8a116d00745840bf95ef531c4f24f6efec316d012f10d77f5bf4b0d51d6d112f072ed3031f1b1d39b97456499f7e46d09674d4226baad3814e88866515f400575541d655ffbd246182d8d2cf6cee09f4c62ef4a1e5236f10998c50d1e6fe9847c922f619a6351fb26cdd23276fd961b8a7a5720ca6c1aa37a8f320dbb124cb0c7eb66160bca72d2203d8b85dfcd3f2e56d01dc17f62ae1b8f65f46368e31e0fda89d8c57f498ec5cc88d0092c6eadb0ac83d450857a1c7d6ccf127341c4d068de5b468a6f81607223f7446f5aab81b0e32190cba7226b413ba2272d10da835a864e82165ba57823bc61b1246857e97b40b721a67f97cd6fa0b4c73061df807bd69c3dfc8cd95dc7bfda964d742bd06c08858ece3c351603b1fddf36a57ce1b576e297f45d09ee55e72ba1d2a7a83b827626f1d9084c1f7821159243b37c990b7aeda7e6e43f50b5c787e1b5abfbfb9088abc83a3d37aa6ac28955e43182b9a37dbea6806975835e536336bc5dd876ecef9f10902f1e6650bcd09a965681b85c37cee5e3e31fe8ef2c6ee44ca10c2549bcbce955e2bb4e108371d4addada1c2b41979cc2f3aae081cb538d4a47c0e2242d992978d01668121b", 0x1000}, {&(0x7f0000003680)="8761e89a5f89012b905c85b525e2804a81e41210c29ec760c217c90c6635860a314262ef571761408c39e99dfe3243f31ad29331a92e4f833f65b3090a0eb0b720904bb95d249aa37bb0abb871140a671962f763b2fcb986be6598785b239c4acc36f21f1755ce2b6333a77ae2333dd29dc49a05c7b1cb508f7bfec3", 0x7c}, {&(0x7f00000002c0)="46e3d1c0d6ed6160b63d20", 0xb}, {&(0x7f0000003700)="a47e0f856738d94d5d11ed0515ed60527a65da92f9d7d4319e7ccf7fc243a3c8b8bb19d781f1b766938eb87277ed781e9e7087932feb675fdcd04282e1f202e70234338d3aeec2c385100b9e9058fcd7b4d536abe1129b9eda224951b402663d119eca7bbb7a688d30e1ba14299bea199061abba31445eb75dfbc4db21118ee0ee", 0x81}, {&(0x7f00000037c0)="1e7c7315b6aacb97aa00004458f03b5dce95d9fb28b5d32a35e9e949f1ba66d77071b9c075d8e0a23a557803f296acd738e16ebb82f4ceccce2a7f91db17dd26ce40f83c31741f1e972e188884874c2beacad5bef88728071ed8bb6fa093f6f54ee7d641a721754ecf75e31c09604dac211e21534ac826f6089f", 0x7a}], 0x5, &(0x7f00000038c0)=[@op={0x18}], 0x18, 0x4000000}], 0x3, 0x8800) 15:24:42 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_SET_TSC_KHZ(r8, 0xaea2, 0x8) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) r9 = syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) getsockname$unix(r9, &(0x7f0000000100), &(0x7f0000000080)=0x6e) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:24:42 executing program 0: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x1, 0x31, 0xffffffffffffffff, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r0, 0x6, 0x4, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = syz_open_dev$audion(&(0x7f00000000c0)='/dev/audio#\x00', 0x10000, 0x208400) r6 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r6, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x5}, 0x1c) r7 = dup2(r6, r6) sendmsg$unix(r7, &(0x7f0000001bc0)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001cc0)=[@cred={{0x1c}}], 0x20}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000200)={0xffffffffffffffff}, 0x13f, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_JOIN_IP_MCAST(r7, &(0x7f0000000280)={0x10, 0x30, 0xfa00, {&(0x7f0000000100), 0x3, {0xa, 0x4e23, 0xfffffffb, @rand_addr="2f16a1cd43acc2cac850b6b9bfe8542b", 0x8}, r8}}, 0x38) write$RDMA_USER_CM_CMD_ACCEPT(r5, &(0x7f00000001c0)={0x8, 0x120, 0xfa00, {0x4, {0x10001, 0x80000000, "3a6cb1dce60df3618c5ea9426e239f049f72ca41ff88b9129799dce3eed9ad2960961228c3b31bbdaf11e280dc552a8585ead26459047a83093b193a5e1cd3c4fa7365c4c6a5d2155ba89b76648f3118ac1d0ce8c09e5367a1de826163e8832eb2beeb09bcce6970e8a09e84dc4791d9a3bf84ebbe6eb58b32c1a36dbadd10088a261f688e2da2552e0a33cedb77762c296afac5b7cff42418ac8e5d11d8ab5dead5b178295d7114931711fd61bd87f1011d08552790af66655933442d71d202811dd9bf4ba83d33d1871dabea674521211ba743229a04035aea31a673f80ef220f9763b7190caebe5c7e6585aba528f32be225e4c7762962b537a26e7e84f76", 0x0, 0xac, 0x3, 0x1, 0x5, 0x0, 0xda}, r8}}, 0x128) ioctl$FUSE_DEV_IOC_CLONE(r4, 0x8004e500, &(0x7f0000000080)) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f000078f000/0x3000)=nil, 0x3000}, 0x3}) 15:24:42 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:24:42 executing program 3: r0 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000400)='/dev/dlm_plock\x00', 0x75acaff80387539b, 0x0) sendmsg$IPVS_CMD_SET_DEST(r0, &(0x7f0000000540)={&(0x7f0000000440)={0x10, 0x0, 0x0, 0x8000040}, 0xc, &(0x7f0000000500)={&(0x7f0000000480)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00022cbd7000ffdbdf25060000000800040029cb00003000030008000100200000001400020065716c000000000000000000000000000800040008000000080003000000000008000400ff7f00000800050001000080"], 0x5c}, 0x1, 0x0, 0x0, 0x4008810}, 0x20000059) mkdir(&(0x7f0000000080)='./file0\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) pread64(r2, &(0x7f00000000c0)=""/150, 0x96, 0x0) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) mount(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000040)='ramfs\x00', 0x0, 0x0) chdir(&(0x7f0000000200)='./file0\x00') setxattr$trusted_overlay_upper(&(0x7f0000000000)='./file0\x00', &(0x7f0000000240)='trusted.overlay.upper\x00', &(0x7f0000000280)=ANY=[@ANYBLOB="00fbc900008dbf2d7c1c920fc04d753c36b7900bc6c952d8cc352c633cbf53cdc10c8e02636ae0fce21738e375e3ac6078cdb85011ab4f003779e2b4f5aa74422b7ffe3f3465bb715dc72140af8789dd72e7dba437ec14ec79d79f318f47b316334c4caa1527c1dfb1427044374bf6e7c97ea21570e7bc365638cc9d41455b90fda56e6c27be3244c2949ab578689ffb7deb7dc685e094e2617fb76f5349e5a1e4054790ecab6d99c9714fb04f2a6deb6c916eb56712f2f2c36bbee48c22acd5d790c015f55491c50b"], 0xc9, 0x3) open(&(0x7f00000008c0)='./file0\x00', 0x3fff, 0x0) 15:24:42 executing program 3: r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000300)='/dev/video1\x00', 0x2, 0x0) write$binfmt_misc(r0, &(0x7f0000000340)={'syz1', "b424637a5bc9bce176b0397d547b4c7a72b74c68d199daa299590ecf7c4bce6c9ae79666a10da36f299e2bd3a47bd256abb7b4eaa78e0f792e6b27ebefc6618c2d2457bc967f4943d9a88f1a29bafee17e7203bee0ed63eb53148f181f4d0e50501a038dda0383e60f86ad659c00782933e5062d4cc1dd4b71310758930002b9d8d568334f26996c3b5aaab234fbe72a842d9518f4997e03df5b477942b9b17d6c736e06ad4d1067803c76b347196b1efa8313ad06c0fef76946391cec2f88601ac6b80126b623f41c776b66737f42f27126a5e34c903c77a330f1e540bca156d7d3ab8d6aff51e2381de4f0d4f539ea938f01c1544fdf226b24ab38388670d26dde0e0fef7d2044f30b4241e9d7c176eafadcbebd751beaf066195822f7d268a1c3af2ee73ffb575970a328dafa073513883203816160b4f6422766c7fa8f0d0bada755c8ae44df604419534348c108ad79360b0664b87f71fbcfa3c18347290ae5ca7d0fb1a6ea4377a14f469b6aa060116779ca11bb14f1d5b4622eeed8455e5f4842eca08e9f58ff336bc373fde5d111b8de17fb871139f3abbb5d83fc1ea367e28ac269dca982de9b7bdefd2a0f448db41e8d372b834e5ce1aea05c05e5f69ab5a3f4bad63143b5f04e43ad0e39a38b0af04d1c9eec73bf8ddc4d30b6992a3dc4e628a821391c129d18a3730164ea718924f50afbcecdb5e469d168d89a694afe540a39f0c428b3b598e4a51f3a43bd8f5e395c688cd562c0aa54dbc985e145ffc8ff6a4bf37ab07b0eacb4bdddb6e4ae28c46638fb1d06995283e61d57c77dea49296944a1a67fd1d54187b4c036c422718185266614bc5e392d9b95752d11f492d5c2462e30ab78241e0dfebae0574d9c17ea53404452461e9a15080487f67809876d80e5b21da958dd014583fc134aefd1fc19bc0b7feb223124002a0928ce4f5e603e60bac90dd4765c657a90a625c37826542fbd12f7bac9ec4e7b29481b8e21101d3a0afcc17dae188538cafdc80264d20547634b0e834f4667e70f0bbe5917e688da471d71c2d8345a3ac7c056b880a6ab0195648bdfd155f16dd75878367206717c0b44692b833c87d31e7df7051408305a0a61cfa1c76d063a00fcbeb5145d51850441c8332996ce3bac87284b593be1ee236c96bccb4e0b94b1627219281548701902f66d47bcd1b0e6c83f3f99098bafc552b70a5bb159219f45d311eea1ca1a7257fd4710ee127f6f0acfb208f1ac369449049b1cf1769f7d908534db1341adb0e77a2018a24b1b8dbaf9f96ae7217628da8371536d0e5131a369129e15db7a0024d32f6bf22daea44034d4b316e0b05c8a6ccf58be856f5f5b2434741f1097a65e613d56338cae8d91c2e59fdd240e10be5ef06c875de4981240b5a2f3715d4797b7d1f74c2c38f8c7ead5559ef8c2cdf3d9cf45d453fea2aa4b18215c502edf31e06addfc6436fa8c77056d9e8abfd8ecf2098788217e6dd321ecbfea3a740ffbb0134ed6a7a9c60aec0bd1b349c444921e1664e030f979706d50f37a75fe01c0843930cdb2f5063a87682324e41626fd6cc7d61f573bfbe41d497889cdb3637bea9caf7beb9cde2ea30d6e572ea07c33015223da74f3c56ed3ce1c53e427e71058b150d9ce2d842bb8499a130e5fb34939fe0736f9129977032363ae88c8f6faafc4f8072e44155315ea98c47cf0365e5d00cb00675abf98d20996fa45105cd4ae8bdd567966c7adf83b1fc85f55eaec7dfc525f3814a5059a49521fc3d72bba173bf1b10a59f8e30211b1bcaf7cdd32bae8f6f7763560c716483693ffb28bdbc7502bab4fe4a5c76dc33f758b0d41d6eca9562b788e7f161a98168bd994bb9969a0210dc1eb7b36d586bec5329dc01e7eff5ab5beb6b5846403f25a8d91e2b654f74abe1bf7b9cf29eef79f7c0b628ca0568e213b8a4e7e70f96e94a0ef5a8f29ef045df275b9f2e93252a8e3d815321cb209b6b6ec999de4b86abfdd33e244672be8f115217aedba2c0afd4208947dcc24ff5b6e7f90f644e15fe3842861aab780bbd8e6dfdbd8b69c2cee5e4e1aad040b765229cd89e865048c62deee4734a66defdd80d7658f4adbfa4330d95a6070ca7c54f5f6f64de2d34e6075103d650d959e9d7bc5ce9fff05317496ebb1af2b6aa9ff023cfd61f5a0268c36b0a0b06125db24a61a76949bca5f17445b3df7ab1f0fb01aaf3fc9fce2e34f0d326ca21443dde3da051f41fbba763b99e952198ad6287ef259febbeb78793023793577ef754c86eeb77d9f5ab9a1ea1c5b84bb859acb9ebdbda104e84a4a47ce5b3c43f67d52f3583616c584de97f95478dc4c98b17826dc6049dbdfa91c8c1df3d3c5466b88b15f7cf785a8b66bb38422c5005acb0c19ea8e92e83eaea780fc43c918b7fdf1b25174b9175f680543f9aa26ce728da01214e1c3f8222f26faa2c1c9044ab48762ef07fc2df5d45bbb035a214886c94764d14546385e662fdf6b18e9b212c1a34a817921af967ce75dbf295a766314cb97af153dd2c262b4b93d8ce561732472d7441890124c8e64a37c6c0ffeb02d26437f65b3499d31c4a427a030eb8389758816e25c38051baa43a5f71ee99f66a216f87f0bba8b4ed93912c5a469557b8732d8ea3d00cc9c3429ac01acef5fe66dc3bc4e7e94e8914ca19da8374c0cb0451b8262850fc827c0d6550f3228ed4da9cb81d74c315e9b69718d101245edbabf391257961e619d6f4f2add1152c5a021466714015b889b10f94566d81af7a58a2710a45ebcd6354d238b5ed0696e461e2d3ca0f32a11cefda533533a50bd76eb9288cdd4ad2a74d80ad2b7f4e5b6546a3e4e88a5e0e5609439eee59f88746fbb5d854b320064686471e7ff95b6d7121d11ca11706690f6606c8621d311f71eedb2778beef46eee511308573aea6dea769ba4ce00f616d8f14391c4a1b56ba00aa61ae4f5fd249875f57e8101a1b5ffdd6b7e0c2f3e0b537c1f53e25c2c7f3d031edbc61e0ac0bcc37024c374d0d4fe7b8a6ed54c33a0f3296ada4db10d143b0b14de32e2195f47a891fcdaa0e26b1b6160cac22c82f1ac77cd08c1b1476bcb3184d0a11947ebd5d6035bdf2a9c1b1539b19310138196dbcd92c85f5401c811260ffee5b45c152a852c54c9215eb4c34347e4b2a94606217d1b7fc8a2c7e7c139776353667808a9c7511e0fa0d301359dc7f2d1a9b3574701f5fda67d3a513f05caba460d4e965113185bb4e5fa548088a6ec183471ae0ce960b5b0174db3c9c46f868428cfce963a5917acef459f973102943b84102395e8f3d5d15c849ef44d65a3a1fbf6ca7293f49db30d277eb304dbeb601c53645378e00d67331362594a5ee5a0bbc6bbf3b03b48ae59c0404bd5b3331899e16d747600fc0a25e8f446d5c0a2ffe799c10596a5d7e94b623b3a7e8a79917b804b23eccf312dc6236be1a4774227fa319d9bef1cc527ab50ad0ee12903dc5ca596c40ee8c9ff498017a348119cd011e01dca057a93744eb4e836d5e35d7c799dee61cc23d48b162e0ffadec5a96ac2726ec7f7d32ab2f18f15918dbb4eaf84c513721a546230558e8dc06faf1f88f00a51c6972cd20ff842db72866cdebca196e9a64a597f34cedda0dea7994a4ad40aa7fc3075bf851a8693d2f6000f7aae3a9ecb3b6dac52fcacbc8b2ab9d068e9ae85fb9fbbabc9b713d909339ced4881e1565fab82d93d3c81963a1189271e6181bcc8c55fdfa31e0b257f6b147056074cbc1b60375d1cbf51df2efd4d3f220c08cfbe887e5737f592d36ae17a8ea3f5fe72b249286a789eb70245e1996f6f8fa019c0196a5132ce7c22494d2384726605841abb43ff22532a8eb12cbcf022e61c62593433ac3dcf1e7e932db7e7e903b2d44635dfc7458263eff34ab3154095d8e596f3c9fe756e814a705ba988d6ecb31ee5950094dcf95d5a46155d5c68f76f9ae97575348dcc71a4c77202c0330a87e61e59608b2611c154018184519318b6c06fd39f23a09283a1e3258c4bf491db2b2418af3d614d0248cc49595476f2b7e3651d5a7c4d25fee259531c8b791c40f686f09d6128040853ded3eee2fb9618336a780736bf3790021fe0fda25b8f0f8ea5287a10f7f0d2d4e9eef2999826d6e2f67577e34c615fe911309188c332309db8b25d50b4bc938720d0851b8a9abf7006a6e7dc77a01d6a0621cdf98cc2f3f391a026d2854530d56ca733c4403821f9355604f159e29475646560d489035491d959313ed226c4655453cfb6cf82c4b86bec0cc812a7bd9e6e7ec44591c0e1fcd16624f6c498da63eee89ed082078a4f0e025a27402da76b3b701839b90d8d34a9d23e747e0de414ecd80ed3d1132752eb98ecd4dadbf9f829e5de01cb3006188d92a82b39cfa17d7fa9cff70e66ffa223f742612ff16293d6889808d83b0529fdb9808ad2dbb3bf510872a57b836d078eb2c3ad5a6adf7bd94bb2aa84917fbf7ec4f73b059dd76faab82b477666360cbe1ae7002a7e84a4caeafe6c47d3c4a21e6421c9e0f91dea13cb00fa7172b72b3d735e2608c7959dbabcbdcd9d6bf11e1b88802419f937577b9048eb5a0e7ebbb8f080caf0906bb041811789cb8df53d596cb320b1aac2c273b1a482e191d3131958b1683364f92e46cfe273abcdf5770193568566c9aa037f07ed33d431d9a1153bb756c441ba23b1126d1036888ba40a51027c7a6bbc5898f8613b20d670e669dd7e7c449c8c7842a4c0f8d684e86e87ca6031573ecaec42ddfa1e97a4159d0b56911d99ba1912d92931a5e3c184e537238c1f5b8c4ba9a833e4010047d5ef9f72ee0e57437f7a3154c8a6af03698b60ee3ee9be1cbfe1fc5e9d46c33a52ee931de798ce883ebb9436041fd851915b246d58494e2cc750ee243e745effb629c078e06feededb763d30567916b2683e1cdbd5862b111a7370a89eb963b69e5b9623bf3f5caafb56387932a47b6a9c23e3330178bbc264559e331ab0afa26fecb2d150ff821193d3f3053a67b5112f8bc677a86524c7ec1affccea6c0d6b3dfb1ee870ce258434b1254c0179f5c7246a423c0d3d9cf51727cbe4d6ad495881c1fa0e435b5f0ee120bdf9ccea3e756749409a1b50a30801e1cb125b8f7b9b3c535a949372d915dd396b07228bdf78a1e704304c56b5741e08fa77f9b4ac6d1092e8924acd4d02f78719c16d9e0f8d7c7fc1dee76c1b3b576c5340279abad75555244cc319c4b814e8c6db5f6976ca53df813b4820677006be65642e1285d8f4b55367cf873ab0c09dd8872d17af6429b3e34003b24aa29d2d7fb0d6d2fd83b9f6f1df8930f10a8cf4bf2353224ae3751c208e5ec4dd3419a50e63c0a80ab2775a3ecb342bf63f672f3f9d9f628373448e50d49a30f8a0fba69ef4ffacd96d3d6dff249eb02dba64a7d6bd9988d8fe8a59849e0c8ac75cdbb0416d385c887482dd5bc307fecd08a558a9e36da23a3e96db2eae2ff40522d154d2627bae7c128881a1f1034fb59c3748b0ad85075c70133de7b119f93b84195c41583bf6bdb81ab722bc8711977098d01a6787303c38121be3ea0fc538095a907f7afd8e747f73e55c405a2c09a8b49a101338fe1ea245dd20857e1b588fa456c5c0faf60d8c685f351359e2db8082dfe7970911d309bd2bd8e0872a14855a68d1bd882d5f8553c926d24e5af6c91ccf81485785d5670f19e530c9474cb0eb89535c69165d9cd2083a07262d4c1befaedc128299fa9c0e9bc897158258be9056537e11fe623a9d04073143890fd41739d7f46d155e"}, 0x1004) r1 = socket$inet6_udp(0xa, 0x2, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x25f2b20c17af0166, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$SNDRV_SEQ_IOCTL_CLIENT_ID(0xffffffffffffffff, 0x80045301, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r1, 0x89a1, &(0x7f00000000c0)={@local={0xfe, 0x80, [0x600, 0x3ef, 0x0, 0x3f00000000000000, 0x100000000000000, 0x0, 0x1103, 0x0, 0x0, 0x0, 0x0, 0x6]}}) ioctl$sock_inet6_SIOCADDRT(r1, 0x89a0, &(0x7f0000000100)={@local={0xfe, 0x80, [0x0, 0xfeff0000]}, @empty, @loopback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x42}) fcntl$setpipe(0xffffffffffffffff, 0x407, 0x5) setsockopt$inet6_MRT6_ADD_MIF(0xffffffffffffffff, 0x29, 0xca, 0x0, 0x0) r2 = creat(&(0x7f0000002440)='./file0\x00', 0x0) write$cgroup_type(r2, &(0x7f0000000240)='e\xf61r\x05\xd7\xa1&\x00', 0x9) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f00000002c0)) r3 = creat(&(0x7f0000002440)='./file0\x00', 0x0) fallocate(r3, 0x0, 0x0, 0x10001) setsockopt$IP_VS_SO_SET_STOPDAEMON(r3, 0x0, 0x48c, &(0x7f0000000180)={0x2, 'syz_tun\x00'}, 0x18) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) connect$inet6(r4, &(0x7f0000d83fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) r5 = openat$audio(0xffffffffffffff9c, &(0x7f00000001c0)='/dev/audio\x00', 0x200, 0x0) getsockopt$inet_sctp6_SCTP_DISABLE_FRAGMENTS(r5, 0x84, 0x8, &(0x7f0000000200), &(0x7f0000000280)=0x4) r6 = syz_open_dev$dspn(&(0x7f0000000080)='/dev/dsp#\x00', 0x1, 0x0) ioctl$int_in(r6, 0x80000000004d00, 0x0) r7 = socket$inet6(0xa, 0x5, 0x0) r8 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r8, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_MAXSEG(r7, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={r9}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000001380)={r9, 0x1e75}, &(0x7f00000013c0)=0x8) getsockopt$inet_sctp_SCTP_DEFAULT_SNDINFO(r6, 0x84, 0x22, &(0x7f0000000000)={0x1, 0x8200, 0x200008, 0xce7, r10}, &(0x7f0000000040)=0x10) 15:24:42 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x81) ioctl$KVM_SET_LAPIC(r2, 0x4400ae8f, &(0x7f0000000580)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e3d63a98fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b5365c5dc26ca097ddda7c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df10000174a3ac8694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde318ead4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d41f6b21224b57f530d0000c1ff53bf79a1f5c5dc34b2262d66ae793b6304a30b97077f1c131045cbc11c4562d22db88d0edc5daee171cc04d96d9ec2db07478f347edbd6404923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f58e068af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b00000000364673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff000000000000003d4e185afe28b774b99d3890bd37428617de4cdd6f53c419ce31054182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f66df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a800655d127de6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132145fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb56d9b962d2fc43fa01a047526865c84f7cff36056cc4ac258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe07a69c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d8191643"}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = dup3(r0, r1, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000140)=0x4) dup2(r3, r2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) write$P9_RLINK(r6, &(0x7f0000000080)={0x7, 0x47, 0x2}, 0x7) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ip_tables_targets\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$MON_IOCX_MFETCH(r9, 0xc0109207, &(0x7f0000000040)={&(0x7f0000000000)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, 0xea90}) r10 = fcntl$dupfd(r4, 0x0, r7) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) 15:24:42 executing program 5: syz_usb_connect(0x1b0e29df37d77ccc, 0xfe3e, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x74, 0xe1, 0xc5, 0x20, 0x1608, 0x20c, 0x94fc, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xc4, 0x0, 0x0, 0x9a, 0x59, 0x30}}]}}]}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$KVM_SET_LAPIC(r1, 0x4400ae8f, &(0x7f00000017c0)={"cda92bba30b7b94dee9b39ac1a0cd0ac3bb86193791b02ebb35644bdf4d0a87cb641dda10edff0381c3cd4ef7b383a97f17d46db7b9cce3472644b97c0edda8d18829155851f7fbaadb8a6062e2592a524d4108284ff6fc5423acd8a958261f5319ed896b89a1c841b9eecd23808b542cf051361fd2e1875a27f3355a551c644dfda4dd89dd30a569b11ae69ad8bf2b2f46ed17632099d42832d09432360abe4495424aa0e3f2f6ef8e029a60560fd33449282b5aef28533e92b798be169fa96b10c5d9737ed54ba4da49946d6b2dcff2653178a893c8db940c73c49da9a4b73e218f26f35537530a768e2030d1d593214c0b4f48b9a10cbf99d85d155532e3dde02fbf8abfbae67e8267a70a602a7ae64914d0dc93439423e51d607dc16560d3998a6e91db90346025a7509bdc3e2c9df772eb652820044fd1645ee83b4a6418a09bbbb5c46303a0dbbdc6d401a0327e0a5c51ae88b3918d87a68b21411e5d4ca7f71606e3f775feba3d88c212013fa358ee08ee15ad3270d867782e010bd8cd383834d308f915176dc3403659135abbc5c0950cbb92dbe3a281b4245323fab98e43eeb19c6aac1120a54616c446908c01d0c67f65fd5b6b93d56b945d7c27501eeb382d42f5e5a2f65ac93128544853b8945f28ce877768779950b4c63d7f216f48a25e5fb736bd9f6f9f75c56e4d6ce2c0b70fc06ad5dfb6ace096e5ab5607d0772c721a130710b1bf5bc7705f21ed0b0599d573b243a0cb7091f2992aebe30ea2043cdf08e803a466d4742b96895e0e2223e0cb228f1d604cbfe4637b4238e53d1eac34cf23e52619e2a485b8a9acd59bb72577bbf3e42d17a45bedd9ed0d10b5ff5d1a2d927b3112783bfe4bd218d2b13eb7b702a2ab62f61cd5cca9cca3b1230ee6dd192ef64e276f3bb1ba7af0a1a5fffe9fec403b6c174f4f03f1f4e2d4eb18f704a73db76e12f4a67d8d8647fa866c2ea888cedfce095eae3ce399aa799b4c50112e3f054a60f8ec1fb19917b1450b1b1eda501da62bb51e4d9c9235f8861e3c6963f138735e243973f16cc60e86abd2e833ef798e2391c58083b2e2af3d619b02b74a63d2510d3696b8ef9f300bd20b9a7d4199d84a7d625719ba42a2d47918aabf571dfa5fddfd10691d5114775a97f5aa9cf48779047e28d2d4aadd352579282e3d059b907d91ca069c9e442485c84d417ebdcd733f37d7799689cc952666e06e2a865bc422047658c02611e18292a0be417788a19049a15f1f7b9331431a47eb72d852b381f913f937b416ac983716d169006a9d0faa7625c31b8c5d5bb451a39d1bf922fb50ff366fff4f3689a1aa9624b56df94435b4daca2e4f108d50262e77791d56cb60af7c86f288727951fd53af177cc29f09e7f87ec14fe628041423e1bde0f6520e31a84867f69d92c9cf455793ca2782875d6eaae"}) syz_usb_control_io(0xffffffffffffffff, &(0x7f0000001280)={0x2c, &(0x7f0000000080)={0x40, 0x1, 0x1002, {0x1002, 0x0, "8dde862972f295cdb80e2411f9c3d03abc7a781ac2501dd18964742170907a9d481e1e2db3b388c3a9297d9110349c4b0120619b7274ac1cab48bf0b5278f3720db631d9dac71819f4bd4cfc16d81143b798815a4173d67c87247635719b9713bbc8085d9a855baec79258d5298e2067bd9a0fe9a44883be65acd53309258fb4ad711d1cd17ea5f4c429ca03526ea874e3adcebaf743060fb11ffb59a63259e2a817ffe04146b29dcf69e240fc673487501bce83456fe86831cfdd84390cc06e4c038ce6a5d969802c10b4fbea6ede586ccc96100fbdaac75a9a6c5acb56fad9ff5d1b3cd1a8e999e1804fba59681ca767089e27f88dd4b89d51088bbd39e5e8e35c77e77b1a7a6805fec7432dc583a22d40514518cb96b876e007d7c09bbba8ee9b8b2dc5c248efb3d5a5f4a7650e0a09c1eead807170db44157cb874974c21f1ae21457cc4a266deecf05ed7d5ed38abe397f8060b1fffb7bacde72c3e99937aa3a4ac9acfc71f9e9952016e14d96f4ca3fe3d49211d4f25a6b8ee67954936c0cda4882998977dbd4a10a8663e8ae3df33978ebd6c4f2710f47e6ac34a4a63cacded7c27d27f81376c7d079430088ca2f10c5e6b2d1bfb34b18c1bc72483ac316aaa1fb9a76b6b3bad46f385cc1b8c4b0ff9222e4c2b318727dbd3e737544e4888d89d0f534ee480c7a2c5c436f630ff7553d2af76c26356288eda673c783fd1beea83ff4e68e2fcf568005fb54def80573e3c82d54b3e6435ea7471fd0f059e29ca6b548a9eb52f87bfd180a3638a70fed5deb6b9aaf68744f5fa9bc321a527e14ba34c8871abe2ed3a7f71f9366d36283031e2b375c081642a1782a5ac7b16320d09eb9bd9d80ddcccc6aafc78550df3be66fdb7a1518413bac391e8b2218e6ad1b1f0d1e5c678a338c92303e04b57216816fdd5b542c57d5663205ab19899100d7155d68544e45df09543d58e02fb4c282ef0fd4e06a6aea2eea32b43c454ab4ea7e4c6dce38e8d87b5aae88b404640544e683c65d01710e14f191581c8fd692ccaa0d341ef5b512b2d4190ac37fc1642cfe11562ff047b2049f81e199f47fe569518621391cd39698a419cc3c95ba04130f3e8b79ab1da79a20c1f2499f30d3ee315ec55784f1831d5e34f567bd23439d929fe52f84f9ce18b277b7c63e78b3aa687a0538c77d6ff4e62b86a88adc508433121410ffdea78f8b956e21acaae10ac4c5d1b7abe48a858dd0647dabb687826d581544fb815b38c6265a566f19820842946a754262a076228a0f2bbe37c18512361ad29dcf55cad606f25d1fa7867e5db9f3c932fb5db2d380d925c7c3108137d75d53dffb2441cd3dc6809a59ff9c3feb81ded9ff9af10027d9b906752e897c80116028a477bee4af31e4c0deac97de7ffb9221b28b9478ea4f860fc94f7e937f0fb51e3dabcee778cf37705ea9369a260979a6b8183b47a00aabb90535dc1c2345e4843595530afc448f43405bffad75e53f247f8ceff6e28ab70a8ed2f6c30401edda02aec190c379e9e03abd2492d77e2d2bff161a6c21dab7bd83b5dea1d4a03aab405b0668bdbf73c47984808929a043e0466ead7ae0646627108ea9281989c80b0a9bd1955ec0ce60385d4ccb0733683d777e63430c6ef1564c677d73dd33d2e991c25a3254a45199c2f2065da950c90161675cea697dd5cfa2aa94999505fbdf859cd5ed3e588a98f893bf3af564de319cb79ee194b3275fc6306f77aa00aa2005abc40f9b59f29fb3904d869adc88ea5c3109ff22b3f756e7601c6539c427f9f718bd9a13f3c927009064dbfbd35e0aed46f00c4068eeec42d198467f1673e480d6f27e0bec4fe66defb41889e17ecd5ca0fff193b058f35895328373c2f6b032947e814f0f0a9d9d5b7cf407130792fcb572da9b86f9ab5467bb45f9076e64ee03b59c4dbbdf37a2ed0764c31dcd1e31e90f2024ea552dc89c83bf04934b6197e08f7f7d29f3a6fafecff7ed710eb99e17ea069ac68df1a3c5ffdca026c851fb9020dafac2ad7a09f6dfe77915fb405986b885b90d3f3dfa57251871ba40a7a8f0f2e2489b1a70a0ad7f6a6b4cb1e06a0b2ab651abf441107b0117403a605f8cc58dc54beb2230e1de72f3d22f431cc08bde5e0eb7082a5148a283a17d7a5840270710e17fd39edd55bdc66903071357a9fc4e7339cb9c3791d84c395fa3493f2f142dc2c0f338ebdf0183d84de0737f81e72a57b4e2c514e76c3429ea0a23351b95af337871379fe063a27f15e4a93bc70d68c0d50ec3ed1beefc03bc31453ebb9cfb99c2f758549af1e14f62be267d295b55a6f974d47d7f093aaaa7a1f2a384f40b74a43da579c839f9a433c7caee77d761fa34348279e1c1c409db4b01685fb8ad8074a6c8bed858c74add52c77815fc52b5a280212fe898b487b3b14bab6fff66453cc1a8b27ad05ec8b59a8706567bd346beb23b0f49d598e42357bc7c4ba07977200c2c9e6d36185ab877d7dde0188a244d317ea85f525037a508e4df2abe22f26050cb1c57964bd47a7eebcf9d01708eb73f764971ef42cc54e28cb02d972a970dd2b43ff6dcdda107814ff0ce10b8e0ea20c9794b56bb84727de62f438172744a54a655627df710b2d466544f0ab8532adf6897bc55ad76970febc1e951215c89fc1f6451f7eacf51c72e9c3eb7ed6488bf3a39ece160f7c3574f0d7f975731e6efe2b42187931c2964fea3a38687bbcd97863abc4bbdcc9ae3fa5f6cf9266104d1c1ddf6e5c8e7016e37b6eb3a44348a200b206a1e41ceb94230cb3db24a0e84ea231e375d6bd254c1e324aa8014509a5a9a354639e4e21427326785d5e90d3a55bd39cf41c309f2ecf5d456423b300511bff28e39e63f130a73680ecb034cd1b74b658846cb6622e5626b87a07730319e4b1241701806151227dcb27f5a0ba937e023b8dc5a9f8e455c97dad3e8d69b4ee32f310e2d1811671e157e835ca4031b12a7fc4f28ead79f4e61fd9190397c74a5ef07f62f748b0b148d6b5ffc2836b9acbe5572beb07daa6795ce37c46b281633b14c9e213a72aaf65da05c8abe67c19b194b60b9bed836c6c0e4a9ff1c24abf4da1055b18d264caa1a3942b9f03cf53776ae6ecac3a1442fb16cc5b9fb7fd8beedcce2f9752846acf353e6d4173bd27496124b6db48cdfcf6a1683593383696792276208037447757818a5f4c88e4fc4527f3fde18a9ef05aa4ee7d02d31bccf9efb934b9e54f445558d03c2afe6cdc0885b5584c391da8299645180b5cd02e7340e3cde7f176e80c25afde5a3f1da40c5f29048dda0ac188e4885b608cdd44729f941c07df74ab19838445b08d2c7dd50654958d59fe9350e2e08b799d581b361fa4c76dde3bc6e69202093f08a47910d8543ca99f366cab19edbeeb367bcf32e9d984f13a30a5a952cf8ded23ddc562a8e2a4f38cbb2abb47e694d74df213ae66006f53c2cbe660a42571e3960cb016758176664619ca0e924e1a5d4cf959ce3cc5bd551d39d1609128e2243f78f3d00e5a7b24b4c56e2dbbb314b6cc6761c61878343311bcbdd3f017dc53013661d8929ca8e217872eb18fe9061c260147a70ae3d0c790ca43e62a36558d4ff039ab684b48a4cfc9cbb209fd1484cdff1ee3aa6ad244e05d2a5b04bbe60159ff0111e916a0f23410a933b527f4e8ffe9c1f86ffd7825cf4d3139e543192f05e7b0e166bbc4bb35afd1f17da7384602a82ba6b8a5b886be0035133d92145995120f74ba8b5b2a9b35627f6099750c58ed569d28d9d59efac1b338d20e8e787fb47e0ac0ae837cd58ff92257915cf6a11210b8728bb3250afd9d81a47cb0d508fe1c9273598e1cccb7b2053abe2809abe16ba096d779bf17f862a0c491109dc9e7c43e2667b0c530c4b22e440e6e94a6a2b4089af16e224f632b4833845efa32e619f57c231421b77d28cc1d8f089f9ec18303deedb47a47e228d145bb8909ec7978b28df68f0bdbd2c55ab386d60c8adbdf157997e39b293a9901f0773e8842f449800861461a11dc53cbc4394e1e37ef7924870997d836ab682bbd15747cccfc2ee8ec6ddf03c3bfa8d5286345ec4ad1e1a09b9b75aa0b7a042ac2bad137b2dfb1b15c11f1f2a46729cb59559d7129c3864f5787734da18441882e3ff4b52afdfab6c72c67afa9bb4998c12e6e1b56c3271d9fdcb663f080a87da79d42ea221fe7170d08180c249d4e7f6230f64e2d24353b373ac66d57939d440744fd31ae24f143f4d38018f584a37b8e827c4719981aae18aa58eaf5d56d05fdd1fb92726b045cea3ee5fbde791f722ec85bacec459480f6eb77d7ed9ddecdf28f729fac4ed8f8855554fa9411f0bb205f18d6034548b4774b4bad44ac33578296ab15857eaced70f4bc9761976854b4042d0aefa3ba61f93c9557d6cfb043e2a18d505499c80bc02fecaf5f655df815c4319a7d14a439cbbc3470cd07a6d20c7df095dd847d49ebe3404473d62c0e28d73f9f36d1c25c1b2e55d24fcec22e873f57f7712bd56f66f87aa85e4ab8f6af2227f49eebf569b3405236fddaf42fdbda5d740206a48ed96497ec12c2722524e0e344924ec5a0bcc58fd70c59b18b1177898b603c98f0c7926562a2b912fdde7d51561f04c2191dca717ad9a9bd75891cfbfcfc97a3da5d9c262d79eff8c4965ac89ca4822477e79d64eff87bfbc4efde9d64ab09d807d98408448e9fa3188b1a981e8017ef6ecffe146cf2f6b1b44c31fde1bec8836e1b28107b71f6da7865f12a52b7398746dede170bfa8ce09cd813ff5ff0089937850d5d4cd4ff9bced2eb402c12d89ca6f975aa33918837a2b39ecd1d14f6c6322f5bc70f4393615a59e38a7b71bc99f6e1cf7f697f0cd71d85665f82937f52cbbe614867afa29a8768d55d8ee7ea4f5c78fdd0b153c675760c239ff4f0cdd4e2d7934315f6a5b01d9221c7a846e3a73f294e0ea36617ec35e0f618952344ff22b1aeb7333e36250ae1afe8b34fe78cf0773be006e7e441413cd2327c531aba8a4684791a3623417ea3f83751bf23b442b613ff16ae226da062d844ebbb8b9a317f00aa888c47fa5df5e52cca88e0440f42a0f25fd72be3ab5d894c4642725ae34150160af095723f37c978167ad8769b1874130651dffcd84960839dbdbc967185c3d9f6851aff0f6433c0eca585898f23fce54beab2cc8e5e458aec7bead021fc4d6f3f4581435702cb75d1625daa3e7d7b090bbc77eae4f004f810fa1da90aeb9e66e001e7608c22b3714e254ee04b0753b81f3760e67c28f626b228aff5108c65ac2f16b0be8a3a3dbe1d0895069f9e0b04111d9d78bc9a83b6a42cc32d9323699381799325140c1f954e67e6a11a50078007020165ad4a38a75ade2457f2e9f2e33e509fdbf16464c6d06748846eca98ba77f42b531d58016c3a5864b18ea74e0011d821479281451dd739812b57f70fd8b7e23ed20cd47f708d0721d00ca2a7029519ea29c228aedf6c4b058c77aeb3cbefb3ad0bfc5c32c574ad1db2d3373fa28df64aa4923211fd2720e2347e0feab2d27180deeeee01976bf57e8d62142b4173ea8dcb58a9f6630b046a59a02010b96235f736908800ad3399e6cbc6668ef77a0297ef50d51b56b04a816488e803aa616de28339a021136257bf86655965a08d1ed32eb9676822388ac456ef8537983db84d537129075bd213cfc735fb661a47a57ef7d1a025fe2760c6b90f62a2d3138d51b0ab7b6ba129ceb9b15f7c986f30a99c88cd82a8c78e442d81cfefb9a33704c615e7150358b79d3b2b"}}, &(0x7f0000000000)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x1404}}, &(0x7f00000010c0)={0x0, 0xf, 0x111, {0x5, 0xf, 0x111, 0x2, [@generic={0x102, 0x10, 0x2, "a3dbddb5f16628c556288899db401c39a3dd05ae4317ed0849b4bcbd32bf759312484782ade9795b2c66945a2a3286068fd2fc28ce0113f52caff494838598626069e7375650af63ea066b77fcb8b2ba13b47fb9723f1a6cddd3d31bcc204c3a8dcf02078b189fce3829e1f53da67d5e4e9bf0361baaf8a8376d590017270b1082e43a7995485afe6f39b058b8146de1f2ea4cc2f92f7b6cf2e86d600eb9e7e04eaa623eb08a3feb618cfef1559e235be6523cf576debffba5563d9ed9be2fbe0d45b00472d7be8f62e7d69936f9450ad0a5adc983d5fbeeddd35eecbac778af05b8b334b8a6909019b1c3a95aef3e3a3e0d349ce9b9e7c3504f24d421614d"}, @ss_cap={0xa, 0x10, 0x3, 0x0, 0xd, 0x5, 0x9e, 0xb1b1}]}}, &(0x7f0000001200)={0x20, 0x29, 0xf, {0xf, 0x29, 0x6, 0x1e8, 0x8f, 0x91, "f66b4b88", "de110bc3"}}, &(0x7f0000001240)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xff, 0x0, 0x6, 0xc0, 0xaa, 0xd9ea, 0x3}}}, &(0x7f0000001700)={0x84, &(0x7f00000012c0)={0x90, 0x5f9fae6b5feae692, 0x5a, "e0e905cc0337754363d6a3b29b170b430a8362fc59087dfb0663f657acd5f58b2d56ebd272a4fb8474d4a77f756eaee038032d49807aa992b8a8572bf0b77e287ef5714e1186ff155f1e53c1d779bf49801ae5e2e5b49429c345"}, &(0x7f0000001340)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000001380)={0x0, 0x8, 0x1, 0x80}, &(0x7f00000013c0)={0x20, 0x0, 0x4, {0x1, 0x1}}, &(0x7f0000001400)={0x20, 0x0, 0x8, {0x0, 0x1, [0xf00]}}, &(0x7f0000001440)={0x40, 0x7, 0x2, 0x2}, &(0x7f0000001480)={0x40, 0x9, 0x1, 0x3}, &(0x7f00000014c0)={0x40, 0xb, 0x2, '=e'}, &(0x7f0000001500)={0x40, 0xf, 0x2, 0x200}, &(0x7f0000001540)={0x40, 0x13, 0x6}, &(0x7f0000001580)={0x40, 0x17, 0x6, @broadcast}, &(0x7f00000015c0)={0x40, 0x19, 0x2, 'wg'}, &(0x7f0000001600)={0x40, 0x1a, 0x2, 0xffff}, &(0x7f0000001640)={0x40, 0x1c, 0x1, 0x6}, &(0x7f0000001680)={0x40, 0x1e, 0x1, 0x1}, &(0x7f00000016c0)={0x40, 0x21, 0x1, 0x2}}) [ 1350.512036][T11845] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 1350.752182][T11845] usb 2-1: Using ep0 maxpacket: 16 15:24:42 executing program 3: r0 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0x7, &(0x7f0000000080), 0x10) [ 1350.862359][T19754] usb 6-1: new high-speed USB device number 80 using dummy_hcd [ 1350.872286][T11845] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1350.883689][T11845] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1350.896774][T11845] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1350.905973][T11845] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1350.951464][T11845] usb 2-1: config 0 descriptor?? 15:24:43 executing program 0: request_key(&(0x7f0000000800)='encrypted\x00', &(0x7f0000000840)={'syz', 0x3}, &(0x7f0000000880)='./cgroup.net/syz1\x00', 0xfffffffffffffff8) r0 = add_key$keyring(&(0x7f0000000100)='keyring\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000000)='keyring\x00', &(0x7f00000000c0)={'syz', 0x0}, 0x0, 0x0, r0) add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, r1) r2 = add_key$keyring(&(0x7f00000003c0)='keyring\x00', &(0x7f0000000440)={'syz', 0x2}, 0x0, 0x0, 0x0) r3 = add_key$keyring(&(0x7f0000000300)='keyring\x00', 0x0, 0x0, 0x0, r2) add_key$keyring(&(0x7f0000000180)='keyring\x00', &(0x7f0000000280)={'syz', 0x0}, 0x0, 0x0, r3) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0x0) r4 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x100082) r5 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) ioctl$VIDIOC_SUBDEV_S_SELECTION(0xffffffffffffffff, 0xc040563e, &(0x7f0000000180)={0x3, 0x0, 0x101, 0x1, {0x4, 0x0, 0x80000000, 0x3}}) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x20000, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, &(0x7f00000004c0)=ANY=[@ANYBLOB="0700140001008e0000c08100e946ffef72ab107b0d522f1f3f58e4eb7d14a3000800"], 0x12) fsmount(0xffffffffffffffff, 0x0, 0x0) pwritev(r5, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) ioctl$sock_inet_SIOCGIFBRDADDR(0xffffffffffffffff, 0x8919, 0x0) socket(0x10, 0x3, 0x0) r6 = socket$inet6(0xa, 0x40000080806, 0x0) setsockopt$inet6_int(r6, 0x29, 0x33, &(0x7f0000000040)=0x7fb, 0x4) bind$inet6(r6, &(0x7f0000000200)={0xa, 0x404e20}, 0x1c) listen(r6, 0x400000001ffffffd) sendmmsg(0xffffffffffffffff, &(0x7f0000003d40)=[{{0x0, 0xffffffbf, 0x0, 0x0, 0x0, 0x0, 0x3}}], 0x4000000000000d0, 0x0) pipe2(&(0x7f00000006c0), 0x4000) write(0xffffffffffffffff, 0x0, 0xfffffeb0) sendto$packet(0xffffffffffffffff, &(0x7f0000000240)="8c6afbc18295209d3afd2fdfa79f0b5dff7fa7f9745afe84b0e3064767e50f60a2d6b11d85967d31afaed05441e3605647bc0e7e209596824ddcf166c92999088280229a0ff4f172a00ccb4ac0965ad1e16ce1b3731291c1342e6b7a84285c2ce01ff376432225b320daa46f2fe7785c581f1abfb49337c33a5e9835de9d19f3af72c04f7b9a559807aa4bad25ba1522a02aca6fbd2a57da241f8b948953d367f8268f1bf76792dcbb2b5f3444bdb18a68a68b05b47dc0b04488d35a9e0a6febd6a9c5e16a7c5ac8f2eafa95b9f7ab4e778ae3d2872200ed1b135ee5fa8c9122b8cd981b47d2f283573805", 0xeb, 0x4000, &(0x7f0000000400)={0x11, 0x8, 0x0, 0x1, 0x0, 0x6, @random="2e17d5349ce9"}, 0x14) ioctl$LOOP_CHANGE_FD(r4, 0x4c00, r5) write$binfmt_elf64(0xffffffffffffffff, &(0x7f00000008c0)=ANY=[@ANYBLOB="72e4bbe9a0683f6304543c65ab8f2aa8921e56925c2d5f0c616072716f4e23abeb2fcf4dc800876d352cb65370550cd39c85fa36c4fc636d6712f89c8d8c1ba2138537e62c9590eb6a322502a400e03041b1d1bca62ff4fbcb6a56a43b95d83fa6cc955a5465482df8553ee5d4e86f23c102ff41b7e8db2748c4e53fd12a3eb374799e60406e4fdd345428c52fd5d197e56334cb3e"], 0x40) sendfile(r4, r4, 0x0, 0x40fdf) madvise(&(0x7f00000d9000/0x600000)=nil, 0x600000, 0x14) 15:24:43 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) r2 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/net/ipv4/vs/expire_quiescent_template\x00', 0x2, 0x0) read$rfkill(r3, &(0x7f0000000040), 0x8) [ 1351.112638][T19754] usb 6-1: Using ep0 maxpacket: 32 [ 1351.273356][T19754] usb 6-1: config index 0 descriptor too short (expected 9, got 0) [ 1351.281643][T19754] usb 6-1: can't read configurations, error -22 [ 1351.492310][T19754] usb 6-1: new high-speed USB device number 81 using dummy_hcd [ 1351.692508][T11845] usbhid 2-1:0.0: can't add hid device: -71 [ 1351.698774][T11845] usbhid: probe of 2-1:0.0 failed with error -71 [ 1351.707959][T11845] usb 2-1: USB disconnect, device number 76 [ 1351.762824][T19754] usb 6-1: Using ep0 maxpacket: 32 [ 1351.932417][T19754] usb 6-1: config index 0 descriptor too short (expected 9, got 0) [ 1351.940497][T19754] usb 6-1: can't read configurations, error -22 [ 1351.947479][T19754] usb usb6-port1: attempt power cycle [ 1351.952419][ C0] net_ratelimit: 20 callbacks suppressed [ 1351.952484][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1351.959050][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1351.970839][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1351.977405][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1351.983609][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1351.989767][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1352.341985][T11845] Bluetooth: hci0: command 0x1003 tx timeout [ 1352.348233][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1352.502226][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1352.508235][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1352.662408][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1352.668527][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1352.675090][T19754] usb 6-1: new high-speed USB device number 82 using dummy_hcd [ 1352.921900][T19754] usb 6-1: Using ep0 maxpacket: 32 [ 1353.082215][T19754] usb 6-1: config index 0 descriptor too short (expected 9, got 0) [ 1353.090760][T19754] usb 6-1: can't read configurations, error -22 [ 1353.242019][T19754] usb 6-1: new high-speed USB device number 83 using dummy_hcd [ 1353.482079][T19754] usb 6-1: Using ep0 maxpacket: 32 [ 1353.662171][T19754] usb 6-1: unable to read config index 0 descriptor/start: -71 [ 1353.669869][T19754] usb 6-1: can't read configurations, error -71 [ 1353.677591][T19754] usb usb6-port1: unable to enumerate USB device [ 1354.421933][T11845] Bluetooth: hci0: command 0x1001 tx timeout [ 1354.428185][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1356.502006][T19754] Bluetooth: hci0: command 0x1009 tx timeout [ 1358.182465][ C0] net_ratelimit: 20 callbacks suppressed [ 1358.188269][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1358.194339][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1358.200483][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1358.206462][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1358.212577][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1358.218541][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1358.742341][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1358.748454][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1358.902410][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1358.908564][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:24:52 executing program 4: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x1) 15:24:52 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_SET_TSC_KHZ(r8, 0xaea2, 0x8) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:24:52 executing program 3: r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = socket$can_bcm(0x1d, 0x2, 0x2) dup2(r0, r1) 15:24:52 executing program 0: openat$qat_adf_ctl(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(0xffffffffffffffff, 0x40096101, 0x0) ioctl$DRM_IOCTL_RES_CTX(0xffffffffffffffff, 0xc0106426, 0x0) ioctl$DRM_IOCTL_GET_CTX(0xffffffffffffffff, 0xc0086423, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(0xffffffffffffffff, 0x40096101, 0x0) ptrace(0xffffffffffffffff, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000240)='/dev/qat_adf_ctl\x00', 0x0, 0x0) openat$rfkill(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r2, 0x40096101, &(0x7f0000000040)) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(0xffffffffffffffff, 0x40096101, 0x0) socket$kcm(0xa, 0x0, 0x88) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet_sctp_SCTP_EVENTS(0xffffffffffffffff, 0x84, 0xb, 0x0, 0x0) 15:24:52 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:24:52 executing program 5: r0 = socket(0x2000000000000021, 0x2, 0x10000000000002) sendmmsg(r0, &(0x7f0000005c00)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000100100000100386fddb38abf1838e7fa"], 0x18}}], 0x1, 0x0) [ 1360.493735][T27593] QAT: Device 0 not found 15:24:52 executing program 5: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rename(&(0x7f0000fdbff8)='./file0\x00', &(0x7f0000000000)='./file1\x00') rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) rt_sigtimedwait(&(0x7f00009ac000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) truncate(&(0x7f00000001c0)='./file1\x00', 0x0) 15:24:52 executing program 3: [ 1360.632227][T27593] QAT: Device 0 not found 15:24:52 executing program 0: [ 1360.760937][T19754] usb 2-1: new high-speed USB device number 77 using dummy_hcd 15:24:52 executing program 3: 15:24:52 executing program 0: 15:24:53 executing program 0: [ 1361.022170][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1361.142670][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1361.153782][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1361.166852][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1361.176106][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1361.186050][T19754] usb 2-1: config 0 descriptor?? [ 1361.912332][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1361.918413][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1361.927438][T19754] usb 2-1: USB disconnect, device number 77 [ 1362.582014][T11845] Bluetooth: hci0: command 0x1003 tx timeout [ 1362.588307][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1364.422303][ C0] net_ratelimit: 20 callbacks suppressed [ 1364.422318][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1364.434360][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1364.440519][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1364.446644][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1364.452828][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1364.458839][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1364.662109][T11845] Bluetooth: hci0: command 0x1001 tx timeout [ 1364.668354][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1364.982384][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1364.988381][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1365.142408][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1365.148453][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1366.742100][T19754] Bluetooth: hci0: command 0x1009 tx timeout 15:25:02 executing program 4: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x1) 15:25:02 executing program 3: 15:25:02 executing program 0: munmap(&(0x7f0000000000/0x4000)=nil, 0x4000) 15:25:02 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_SET_TSC_KHZ(r8, 0xaea2, 0x8) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:25:02 executing program 5: r0 = socket$unix(0x1, 0x104000000000001, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000040)='security.selinux\x00', &(0x7f00000000c0)='system_u:object_r:getty_log_t:s0\x00', 0x21, 0x0) 15:25:02 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0) [ 1370.662234][ C0] net_ratelimit: 20 callbacks suppressed [ 1370.668015][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1370.674147][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1370.680395][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1370.686513][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1370.692741][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1370.698886][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:25:02 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xee6a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$inet6_int(r0, 0x29, 0x10, 0x0, &(0x7f0000000200)) 15:25:02 executing program 0: mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0xb9, 0x2, 0x0, 0x0, 0x0, 0x1ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x100}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000200)=ANY=[@ANYBLOB="448a84011be2ff00c43119312172705e4e555c400d7b08e5cf2996bb12f7"], 0x1}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000740)={0x3, 0x2, 0xf000, 0x1000, &(0x7f0000015000/0x1000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff], 0x1f004}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x9) 15:25:02 executing program 5: r0 = open(&(0x7f00003b6ff8)='./file0\x00', 0x10000000080040, 0x0) fcntl$setlease(r0, 0x400, 0x0) rename(&(0x7f0000fdbff8)='./file0\x00', &(0x7f0000000000)='./file1\x00') rt_sigprocmask(0x0, &(0x7f0000032ff8)={0xfffffffffffffffe}, 0x0, 0x8) rt_sigtimedwait(&(0x7f00009ac000)={0xfffffffffffffffd}, 0x0, 0x0, 0x8) creat(&(0x7f0000000080)='./file1\x00', 0x0) r1 = socket$inet6(0xa, 0x400000000001, 0x0) r2 = dup(r1) write$P9_RWSTAT(r2, 0x0, 0x0) 15:25:03 executing program 3: perf_event_open(&(0x7f0000940000)={0x2, 0x70, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0, 0x3}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0xffffffffffffff26, &(0x7f0000000140)) r0 = openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket$inet6(0xa, 0x82006, 0x800000000000004) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r3, 0x29, 0x13, 0x0, &(0x7f00000000c0)) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e23, 0x1, @mcast2}, 0x1c) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000300)='/dev/ppp\x00', 0x0, 0x0) r5 = dup(r0) r6 = socket$inet6(0xa, 0x3, 0x4) setsockopt$inet6_int(r6, 0x29, 0x48, &(0x7f0000000080)=0x3f, 0x4) ioctl$FS_IOC_RESVSP(r6, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000780)='./cgroup\x00', 0x200002, 0x0) r8 = socket$inet6(0xa, 0x3, 0x4) setsockopt$inet6_int(r8, 0x29, 0x48, &(0x7f0000000080)=0x3f, 0x4) ioctl$FS_IOC_RESVSP(r8, 0x40305828, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x3}) ioctl$FICLONERANGE(r8, 0x4020940d, &(0x7f00000001c0)={r7, 0x0, 0x100, 0x6, 0xda}) openat$null(0xffffffffffffff9c, &(0x7f0000000100)='/dev/null\x00', 0x80401, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(r8, 0x29, 0x23, &(0x7f0000000940)={{{@in=@multicast1, @in6=@local}}, {{@in=@empty}, 0x0, @in6=@loopback}}, &(0x7f0000000840)=0x1a5) perf_event_open(&(0x7f0000000580)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7c, 0x0, 0x0, 0x1000000, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xa, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x81, 0x5, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) sync_file_range(r4, 0x7, 0x1, 0x7) ioctl$sock_SIOCGPGRP(r5, 0x8904, &(0x7f0000000240)=0x0) fcntl$getown(r1, 0x9) getpgrp(r9) fcntl$getown(0xffffffffffffffff, 0x9) ioctl$VT_ACTIVATE(r5, 0x5606, 0x6) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, &(0x7f0000000180), &(0x7f0000000280)=0x4) r10 = syz_open_dev$loop(&(0x7f00000001c0)='/dev/loop#\x00', 0x0, 0x4) r11 = getegid() getresgid(0x0, 0x0, 0x0) ioctl$BLKTRACESETUP(r10, 0xc0481273, &(0x7f0000000040)={[], 0x2, 0x9, 0x200, 0x2, 0x9}) ioctl$BLKTRACESTART(r10, 0x1274, 0x0) r12 = socket$inet(0x10, 0x3, 0x0) setsockopt$SO_ATTACH_FILTER(r12, 0x1, 0x1a, 0x0, 0x0) socketpair$unix(0x1, 0x8000000000001, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200) sendmsg(r2, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x0, 0x6a}, 0x0) r14 = dup(r12) r15 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r15, 0x1000008912, &(0x7f0000000000)="0adc1f123c123f319bd070") getsockopt$inet_IP_IPSEC_POLICY(r15, 0x0, 0x10, &(0x7f0000000480)={{{@in6=@empty, @in=@local, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@remote}, 0x0, @in6=@mcast2}}, &(0x7f0000000200)=0xffffff34) r17 = geteuid() setsockopt$inet_IP_XFRM_POLICY(r15, 0x0, 0x11, &(0x7f00000060c0)={{{@in=@remote, @in6=@rand_addr="20bbcbd1865253e3e58aa219d6ca6440", 0x4e24, 0x2400000000000000, 0x4e22, 0x0, 0x2, 0xa0, 0x0, 0x67, r16, r17}, {0x6, 0x183, 0x3, 0x7f, 0x61553a0b, 0x9, 0x1, 0x4}, {0x20, 0x80000001, 0x2000000000000, 0x9}, 0x9, 0x6e6bba, 0x0, 0x1, 0x1, 0x3}, {{@in=@empty, 0x4d3, 0xff}, 0xa, @in=@loopback, 0x3504, 0x0, 0x3, 0xfffffffffffffffc, 0x1ff, 0x5, 0x6}}, 0xe8) write$P9_RGETATTR(r14, &(0x7f00000003c0)={0xa0, 0x19, 0x2, {0x1b04, {0x20, 0x3, 0x8}, 0xb84fabd9a27fbe54, r17, r11, 0x9309, 0x9d4, 0x9, 0x20, 0x5, 0x6f, 0x3ff, 0xf97d, 0x5, 0x1, 0xc474, 0xfffffffffffffffc, 0x1f, 0x8, 0x7}}, 0xa0) ioctl$BLKTRACESTOP(r10, 0x1275, 0x0) ioctl$BLKTRACETEARDOWN(r10, 0x1276, 0x0) [ 1371.084749][T19754] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 1371.141413][T27665] debugfs: File 'dropped' in directory 'loop0' already present! [ 1371.149397][T27665] debugfs: File 'msg' in directory 'loop0' already present! [ 1371.157353][T27665] debugfs: File 'trace0' in directory 'loop0' already present! [ 1371.222610][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1371.228964][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:25:03 executing program 3: syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0xaa, 0xdb, 0x13, 0x40, 0xaf0, 0x7401, 0x48a5, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x23, 0xae, 0x86}}]}}]}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r3, 0x114, 0xa, &(0x7f0000000300)={0x3, "02d5dd"}, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$BLKALIGNOFF(r5, 0x127a, &(0x7f00000002c0)) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120110011688ac10f907b6ffe66e0102030109021b0001013f4002090410630009ac0c0109210200800122e504"], &(0x7f0000000280)=ANY=[@ANYBLOB='\n\x00\x00\x00', @ANYPTR=&(0x7f0000000080)=ANY=[@ANYBLOB="0a40c6bb"], @ANYBLOB='=\x00\x00\x00', @ANYPTR=&(0x7f00000000c0)=ANY=[@ANYBLOB="050f3d00040b100108200000200200800a100302080003020500071002021901091c100a0924800000000f03000f3f0000f0ffff0000c000000000ff00"], @ANYBLOB="03000000c5000000", @ANYPTR=&(0x7f0000000100)=ANY=[@ANYBLOB="c503131f044ad9f298f29386ab0dfa02c5596cef3615abf7bc14ffa8aea13a4505a7f9d79eca5904a0ec519da5ba093408b11d60e56c83cf9a68ad000637fe26d6790ef586bd3a71b5b7c169dce245ae9e181c7627504a5d70f78e3719fb1ce95afbe9792211ef4facdb3f0c047c6871e2a6a9d9d284aaf74245523363b6ea91cd20e025bc5fab14106ca9c15a0f77fcea29c8ecf4b6fae582b2919841c75e2920f6e28bfa9f1e5f61e8a43a3d6f8ea1a07a4f0be45a062d8237bdaf68ec5f4aede012c3c7"], @ANYBLOB="04000000", @ANYPTR=&(0x7f0000000200)=ANY=[@ANYBLOB="04030140"], @ANYBLOB="04000000", @ANYPTR=&(0x7f0000000240)=ANY=[@ANYBLOB="0403bc73"]]) ioctl$ASHMEM_SET_SIZE(0xffffffffffffffff, 0x40087703, 0x7fff) [ 1371.332043][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1371.382612][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1371.388948][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1371.452347][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1371.464866][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1371.477974][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1371.487178][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1371.497565][T19754] usb 2-1: config 0 descriptor?? [ 1371.642021][T11845] usb 4-1: new high-speed USB device number 24 using dummy_hcd 15:25:03 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_SET_TSC_KHZ(r8, 0xaea2, 0x8) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1372.015113][T11845] usb 4-1: New USB device found, idVendor=0af0, idProduct=7401, bcdDevice=48.a5 [ 1372.024525][T11845] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1372.040165][T11845] usb 4-1: config 0 descriptor?? [ 1372.087029][T11845] hso 4-1:0.0: Not our interface [ 1372.222700][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1372.228983][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1372.242889][T19754] usb 2-1: USB disconnect, device number 78 [ 1372.289775][T11845] usb 4-1: USB disconnect, device number 24 [ 1372.901980][T11845] Bluetooth: hci0: command 0x1003 tx timeout [ 1372.908231][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1373.082115][T19754] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1373.442343][T19754] usb 4-1: New USB device found, idVendor=0af0, idProduct=7401, bcdDevice=48.a5 [ 1373.452389][T19754] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1373.463603][T19754] usb 4-1: config 0 descriptor?? [ 1373.503930][T19754] hso 4-1:0.0: Not our interface [ 1373.707085][T19754] usb 4-1: USB disconnect, device number 25 [ 1374.982087][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1374.988303][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1376.902291][ C0] net_ratelimit: 20 callbacks suppressed [ 1376.908083][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1376.914221][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1376.920541][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1376.926694][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1376.932945][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1376.939037][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1377.062200][T11845] Bluetooth: hci0: command 0x1009 tx timeout [ 1377.462285][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1377.468286][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1377.622444][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1377.628450][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:25:12 executing program 4: socketpair$unix(0x1, 0x5, 0x0, 0x0) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x1) 15:25:12 executing program 5: ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000180)={'bond_slave_1\x00', &(0x7f00000000c0)=@ethtool_gstrings={0x1b, 0x5}}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000040)='IPVS\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_bt_bnep_BNEPGETSUPPFEAT(r4, 0x800442d4, &(0x7f00000002c0)=0x7fffffff) sendmsg$IPVS_CMD_NEW_DAEMON(r1, &(0x7f0000000140)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x18, r2, 0x10, 0x70bd28, 0x25dfdbff, {}, [@IPVS_CMD_ATTR_DAEMON={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x40000}, 0xcc01) mprotect(&(0x7f00002c6000/0x4000)=nil, 0x4000, 0x2) write$char_usb(0xffffffffffffffff, &(0x7f00000001c0)="97794d88c38df485bf961022a42a7c61a2951218565599d494400dbc3f8d22a1f6f4110acdfc03d3c19e694d4fa1baf29d3c1a27a05ac4dade8fd6c7424f6b33eac7459cd5cbbbfe9bbc100c3030e2ce4b4456f8c49f896ea03bfa42bb2bc368b2418e90d4b80a8639b1deab8270c7f779f24c7e6975649f94115b2e58da95e81b68316f7a6e2b76b7ec52e7d12b5067e61ce84e053ad75e9118cac67ef77089d334e1c2dcdcfd4448a68ac65b7010ffd5856b8c82da3982aa10b5d65afb87111b762bc1e54411b9c60e563d643b4ef6f5b741c4a039a45893cd43e8291cee7a5cb76899be16", 0xe6) r5 = socket$inet(0x2, 0x2800080001, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000180)={'bond_slave_1\x00', 0x0}) 15:25:12 executing program 0: r0 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000680)='/proc/sys/net/ipv4/vs/ehpire_quitscent_template\x00', 0x2, 0x0) ioctl$VIDIOC_EXPBUF(0xffffffffffffffff, 0xc0405610, &(0x7f00000000c0)={0x8, 0xfffff800, 0x5, 0x800, r0}) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r1, 0x29, 0x4, &(0x7f0000000040)=0x3ff, 0x4) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000640)={0xffffffffffffffff}) r3 = dup(r2) r4 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000100)='/dev/qat_adf_ctl\x00', 0x80, 0x0) getsockopt$sock_linger(r4, 0x1, 0xd, &(0x7f0000000200), &(0x7f0000000600)=0x8) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) recvmmsg(r1, &(0x7f0000000580)=[{{&(0x7f0000000180)=@rc, 0x80, &(0x7f0000000200), 0x0, &(0x7f0000000240)=""/45, 0x2d}, 0x3f}, {{&(0x7f0000000280)=@hci, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000300)=""/161, 0x3dd}, {&(0x7f00000003c0)=""/3, 0x3}, {&(0x7f0000000400)=""/187, 0xffffffffffffff9c}], 0x3, &(0x7f0000000500)=""/95, 0x5f}, 0x2}], 0x2, 0x44002002, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 15:25:12 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_SET_TSC_KHZ(r8, 0xaea2, 0x8) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:25:12 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000ab000000ab005c0152e8c9e8c7b044c4e798289b83cf9949d5c4a117467819c77852ff774be029a1c3db10ab65459c30e2486325b447457f6808e151dfcb38649424afb5ec60cea0ce3d"], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:25:12 executing program 3: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x88, &(0x7f0000000600)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c0000001400090500000000000000000a008000", @ANYRES32, @ANYBLOB="40000a00e6c5e0876916bc4af1ed2f60da8db64bdd30bbd3a4e3f5a8f3e87001aa6113816cc8d2b2867d0bbbfa55"], 0x2c}}, 0x0) r0 = socket(0x10, 0x800000000080002, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_G_INPUT(r3, 0x80045626, &(0x7f00000000c0)) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = fcntl$dupfd(r1, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) getsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(0xffffffffffffffff, 0x84, 0x22, &(0x7f0000000000), &(0x7f0000000040)=0x10) sendmmsg$alg(r0, &(0x7f0000000140)=[{0x2c, 0x0, &(0x7f0000000580), 0x17, &(0x7f0000000100)=[@op]}], 0x492499d, 0x0) [ 1380.973703][T11845] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! 15:25:13 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x0, &(0x7f0000000080)=0x70f8, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$l2tp_PPPOL2TP_SO_REORDERTO(r2, 0x111, 0x5, 0x5, 0x4) syz_emit_ethernet(0x4a, &(0x7f0000000000)={@broadcast, @broadcast, [], {@ipv4={0x800, {{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x29, 0x0, @remote={0xac, 0x70}, @dev}, @tipc=@name_distributor={{0x28, 0x0, 0x0, 0x0, 0x0, 0xa}}}}}}, 0x0) 15:25:13 executing program 0: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800010010d80a0e000000000000b20000000000d9f853c2a0a57ecf", @ANYRES32=0x0, @ANYBLOB="430200000000000008000a00", @ANYRES32=0x6, @ANYBLOB="200012000c000100697036746e6c000010000200080009000400000004001300"], 0x48}, 0x1, 0x0, 0x0, 0x4000000}, 0x800) 15:25:13 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open(&(0x7f0000000140)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7ff, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0x541d, 0x0, 0x0, 0xfffffffffffffd9c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_bt_hidp_HIDPGETCONNLIST(0xffffffffffffffff, 0x800448d2, &(0x7f0000000000)={0x7, &(0x7f0000000440)=[{}, {}, {}, {}, {}, {}, {}]}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_PIT2(0xffffffffffffffff, 0x4070aea0, &(0x7f0000000040)={[{0xffff7fff, 0x51}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 15:25:13 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x4}, 0xffffffffffffffb2) r1 = syz_open_procfs(0x0, &(0x7f0000000440)='pagemap\x00') fsconfig$FSCONFIG_SET_PATH(r1, 0x3, &(0x7f0000000040)='pagemap\x00', &(0x7f0000000080)='./file0\x00', 0xffffffffffffffff) sendfile(r0, r1, 0x0, 0xa808) 15:25:13 executing program 0: r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f00000000c0)='cpuacct.usage_percpu_user\x00', 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_INFO(r0, 0xc10c5541, &(0x7f0000000100)={0x9, 0x7, 0x9, 0x0, 0x0, [], [], [], 0x9, 0x5}) r1 = socket$inet(0x10, 0x3, 0xc) sendmsg(r1, &(0x7f000001d000)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="24000000100007031dff22946fa2830020200a0009000300001d85687f0000000400ff7e28000000030a43ba5d806055b6fdd80bac40000000140001000029ec2400020cd37e99d69cda45a9", 0x4c}], 0x1}, 0x0) [ 1381.282244][T19754] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 1381.388362][T27721] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.0'. 15:25:13 executing program 0: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080)='/dev/kvm\x00', 0x0, 0x0) move_pages(0x0, 0x5, &(0x7f0000000000)=[&(0x7f0000001000/0x4000)=nil, &(0x7f000000d000/0x2000)=nil, &(0x7f000000d000/0x4000)=nil, &(0x7f0000006000/0x2000)=nil, &(0x7f0000ffe000/0x1000)=nil], 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) perf_event_open$cgroup(&(0x7f0000000140)={0x0, 0x70, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) r2 = socket(0x10, 0x3, 0x0) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) lsetxattr$security_smack_transmute(0x0, &(0x7f00000000c0)='security.SMACK64TRANSMUTE\x00', 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_NMI(r4, 0xae9a) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$EXT4_IOC_SETFLAGS(r4, 0x40086602, &(0x7f0000000100)=0x40809c) [ 1381.532160][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1381.652428][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1381.663804][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1381.676790][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1381.685947][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1381.696426][T19754] usb 2-1: config 0 descriptor?? [ 1382.167589][T19754] ortek 0003:05A4:8003.0046: unknown global tag 0xc [ 1382.174427][T19754] ortek 0003:05A4:8003.0046: item 0 4 1 12 parsing failed [ 1382.182363][T19754] ortek: probe of 0003:05A4:8003.0046 failed with error -22 [ 1382.369704][T19754] usb 2-1: USB disconnect, device number 79 [ 1383.141981][T19754] Bluetooth: hci0: command 0x1003 tx timeout [ 1383.142345][ C0] net_ratelimit: 20 callbacks suppressed [ 1383.142365][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1383.148184][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1383.154187][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1383.172276][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1383.178380][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1383.184602][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1383.190577][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1383.702284][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1383.711155][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1383.862401][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1383.868550][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1385.222119][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1385.228381][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1387.303711][T11845] Bluetooth: hci0: command 0x1009 tx timeout [ 1389.382298][ C0] net_ratelimit: 20 callbacks suppressed [ 1389.382312][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1389.394348][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1389.400473][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1389.406610][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1389.412803][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1389.418778][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1389.942309][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1389.948487][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1390.102483][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1390.108513][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:25:23 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x1) 15:25:23 executing program 3: r0 = socket$inet(0x2, 0x2000080001, 0x84) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000380)={0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = socket$bt_rfcomm(0x1f, 0x3, 0x3) setsockopt$SO_ATTACH_FILTER(r3, 0x1, 0x1a, &(0x7f0000000180)={0x3, &(0x7f0000000140)=[{0x0, 0xd8, 0xef, 0x6}, {0x2983, 0xf3, 0x80, 0x6}, {0x1, 0x3, 0xd3, 0x406}]}, 0x10) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r0, 0x84, 0x7b, &(0x7f0000000200)={0x0, 0x2}, 0x8) setsockopt$inet_sctp_SCTP_INITMSG(r0, 0x84, 0x2, &(0x7f00000000c0)={0x0, 0x5}, 0x8) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000000000)=@in={0x2, 0x4e20, @multicast1}, 0xfffffffffffffee8, &(0x7f0000007f80)=[{&(0x7f0000000100)='*'}], 0x1}, 0x4000000) 15:25:23 executing program 5: bpf$OBJ_GET_PROG(0x7, &(0x7f0000000080)={&(0x7f0000000000)='./file0\x00', 0x0, 0x10}, 0x10) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="13020000fb165964f274f7c5918431d86398087a1415e040690000000109021200010000"], 0x0) 15:25:23 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_SET_TSC_KHZ(r8, 0xaea2, 0x8) ioctl$KVM_RUN(r8, 0xae80, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:25:23 executing program 0: r0 = socket$netlink(0x10, 0x3, 0x4000000000000004) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r1, 0x6, 0xd, &(0x7f0000000240)='dctcp\x00', 0x6) setsockopt$inet_tcp_int(r1, 0x6, 0x10000000013, &(0x7f0000d06000)=0x5, 0x4) ioctl$sock_inet_SIOCADDRT(r1, 0x890b, &(0x7f0000000540)={0x0, {0x2, 0x4e20, @local}, {0x2, 0x4e20, @dev={0xac, 0x14, 0x14, 0xb}}, {0x2, 0x4e23, @remote}, 0x4, 0x0, 0x0, 0x0, 0x5, &(0x7f0000000500)='ipddp0\x00', 0x3, 0x12, 0x5}) connect$inet(r1, &(0x7f00000000c0)={0x2, 0x0, @loopback}, 0x10) writev(r0, &(0x7f00000001c0)=[{&(0x7f0000000000)="1a382eca683435e100e0438395c95131cea8f008093d5746dc089a65e4c686db4ef2a5b73324d6b4e9a1c3b81a910219d87b4202febdd064e41bc67bb6bccd0c9aa114ed77270a308866e3ed44d5db9c00627eba52866d5b98e70e2dab32ccc23e17c76a48a712d339a96d6eb5a6c8e3775bf083d8b933", 0x77}, {&(0x7f0000000100)="4a12f26b02a88a7af28d6a17e7a4b66e0078046a444be004c1435b077af41a5d7cfea372dc3daba2d8aaa7985f0aced1e3290a1ef7218154559af2fdc218035b9927eb8c9b1d98df55664d", 0x4b}, {&(0x7f0000000280)="a603229d9a2249739e6ad0de7398c6a36b63c22ef3cd9afa98b6897f514bb8ac2570a738a6138c42fb2d457453989d8ec320dc55328d4ae3a8f0f1495b55a862eafd9c53e4993232205fe31cbf02b50a50fa0d1eeed1834b575dfc304bf73ec13f0aab10fa7207f4ed80b59d14a651fbf0024bf158ed4742f78c227bd8bce90e1067dbeec19aeaca346b5ab0d9364337438b99cd7c760365b990f19bd2f33dc95fa318c9613f1b2ca714499f2af0f5e0e15e747772a298a26610a35a25d066ffe75a58019f6b92aaed7c32716b62df9da82d03361f", 0xd5}, {&(0x7f0000000080)}, {&(0x7f0000000380)="360a5bde52a95613b52639b1995bd1614927a24e97d555d4ca3eb5229e48a2d5fd77c9f99e2777d7fc75525d3b768c5d5f1f948d510106a5b29581fa064c96bd927f1917956b45f8887d52d7f305eed8d74e4e9291d95828c567af43f4e82eac98b131b648ad774d9e0578a7f341b7763e20516866f467e11c17bf4a9faf1a618c29dd9ce0c84b461a8e06a0ec311826148abbed0802fc4783e5e4fbccc4f3c66bc628c9e0beef3c5770d7f6688c7cca7026947069b9909ea9b30f1204036336c3e40f184318870e2e96cda8d10ea999fb", 0xd1}, {&(0x7f0000000180)="1ad2f908fc90e81b691f4dcb7cc301a4df82a5168f0975bb701ea813a218f6354a1baed50ebd6c782c4c026aaa99759267038c1b480bfaafee63", 0x3a}], 0x6) pipe(&(0x7f0000000080)={0xffffffffffffffff}) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r2, 0x4040534e, &(0x7f0000000480)={0x2cc, @tick=0x1, 0x20, {0xfa, 0x4}, 0x1f, 0x6, 0x7f}) 15:25:23 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:25:23 executing program 3: r0 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) ioctl$void(r0, 0x5451) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) setsockopt$inet6_udp_int(r0, 0x11, 0x66, &(0x7f0000000000), 0x4) r1 = socket$inet6(0xa, 0x1, 0x8010000400000084) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_tcp_TCP_QUEUE_SEQ(r3, 0x6, 0x15, &(0x7f0000000040)=0x1, 0x4) bind$inet6(r1, &(0x7f0000000100)={0xa, 0x4e23}, 0x1c) listen(r1, 0xffffffff80000001) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f000055bfe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp_SCTP_PEER_ADDR_PARAMS(r4, 0x84, 0x9, &(0x7f0000000440)={0x0, @in={{0xa, 0x0, @local}}, 0x0, 0x0, 0x0, 0x0, 0x2e}, 0x98) 15:25:23 executing program 0: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$VIDIOC_G_STD(r1, 0x80085617, &(0x7f0000000080)) r2 = syz_usb_connect$hid(0x6, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x26c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x22}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="1201000000000020341a020840000000000109022400010000000009040000020301000009210000000122010009058103000000000075d3649ccf2c7772e6583cd966eceac73f346606b42ca5d06f69d43750c27ef891c7b464a360b6b645de20f0d8ff26e0d0d0a7131da20bc4cbbe23e4771557a36a9698d10513d3b8f7ea2193631adeac81a0c7c2466cf305d2456e9ad9abba8ba542ee93a9717327ee5dcb962153735dd9133541f0cf012c015a559de8f6c2031b0e"], 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io(r3, &(0x7f00000002c0)={0x2c, &(0x7f00000000c0)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r3, &(0x7f0000000180)={0x2c, &(0x7f0000000040)=ANY=[@ANYRES16=r2], 0x0, 0x0, 0x0, 0x0}, 0x0) [ 1391.468220][T11845] usb 6-1: new high-speed USB device number 84 using dummy_hcd [ 1391.542166][T11846] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 1391.794611][T11846] usb 2-1: Using ep0 maxpacket: 16 15:25:23 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180)='/dev/kvm\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_PRIMARY_ADDR(0xffffffffffffffff, 0x84, 0x6, &(0x7f00000000c0)={0x0, @in={{0x2, 0x4e20, @multicast2}}}, &(0x7f0000000040)=0x84) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x3, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x119000}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, 0x0, 0xfefd, 0x0, 0x0, 0xfffffffffffffd9c) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_RUN(r2, 0xae80, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) getsockopt$SO_TIMESTAMPING(r3, 0x1, 0x25, &(0x7f0000000000), &(0x7f0000000080)=0x4) [ 1391.817086][T11845] usb 6-1: device descriptor read/64, error 18 [ 1391.883597][T19754] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 1391.942426][T11846] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1391.953689][T11846] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1391.967088][T11846] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1391.976282][T11846] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1391.989011][T11846] usb 2-1: config 0 descriptor?? 15:25:24 executing program 3: ioctl$RTC_VL_CLR(0xffffffffffffffff, 0x7014) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x20000004, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000002c0)='lp\x00', 0x2ca) recvfrom$inet6(r1, &(0x7f0000001840)=""/31, 0x5b405ce3, 0x100, &(0x7f0000001880)={0xa, 0x0, 0x0, @rand_addr="00000000000100"}, 0xffffff97) socket$inet_udp(0x2, 0x2, 0x0) close(0xffffffffffffffff) ioctl$PPPIOCGFLAGS1(0xffffffffffffffff, 0x8004745a, &(0x7f00000000c0)) getsockopt$IP6T_SO_GET_REVISION_MATCH(0xffffffffffffffff, 0x29, 0x44, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) sendmsg$kcm(r3, &(0x7f00000017c0)={&(0x7f0000000140)=@pptp={0x18, 0x2, {0x0, @broadcast}}, 0x80, &(0x7f0000001700)=[{&(0x7f00000001c0)="5cc3e21b3256401aca94cbb843883819fc24f912514f7c8f7feede177fbc20be86f5058f4319649c898f6d9384f55ec5d89a9b45cbdcd358c659d5d85ee3ab5a376371ee1714746b6baf74ee93657ef883a1020c72cb13a7e42d384aa72e3d11e42d12e665fed981b4bf9e1a464fcd7f8a8195746f57148e56cb406c90f551d241682e7240963c0d9ce2ecc2de1625c584869349fc48d62f5e18d1ba4a8256fe151aa0d4aa1795af2319e2", 0xab}, {&(0x7f0000000300)="f19914b4e82df4a79f3f7622f9ed86f7392af449f38bcd600661e31c2100d97d21a6fd083e7431a1d001db087b654865137cf450d529770191a8d1787e389694724e01cb66766ad0b56216821335be4659b5900cb4df3b8c1886839759aa18c4487927099df56fa60a68de107a897ec7cb213e8d7f198ae09418bc6aef7c92c58a76b4e7e6f3e66b7874a04ae6951c76c93ddd86c953b012ff41797763dd37d3e7fbad0f", 0xa4}, {&(0x7f00000003c0)="1c6cfc635cc9ca1f2c0f34fbd58121536720c78c55700e8c611315d13391329d5e1b370c1e5e4a62d0262529b371a1187f41f250c9e9ff5947f38f90cae2d914ae247839ccf9b962c89f38ebc3b4ed4791b30a6509f3f6ec754739295661a4687e85bdd70734a9a021d2cbba720cd3d90621e0ee419f8f94dc042eea13f2f027b7467db4caa8b1b17d3ca063e93beeaff29d8639dca8d31ae1bb45d3673fc50f38ca238527a7beae03bfe240594a51dff7033bbd984af950db18ed0c71e899994e26bdf3aad3de0297e9edb61f60716fed4cbee845", 0xd5}, {&(0x7f0000000280)="91664e1f15e2ad5db2beed8b6c55a216dba4cc8e4df8ffbdd6b9fa5a2cefdd8242b873441d7c4bd87957f3fb30c900223d7f43", 0x33}, {&(0x7f00000004c0)="6b8a153636902e150d5358460c58f4e7d271d0f79fb56a6cf0cbac1f990ad6c2d54b02fba5c77ab1e33fc095ffc0c4f93d7debd7084b25a248e305a22af202b8f9ed891a8f28adba8c1fe0c122d9edcf27b85b3997389d549b252a862b663c3dc6a242003a7d76217bf86da05c4c4fe77c2aed9478ac2ead3085e5af45961886338663c5e260a08c87c8d643c126f73338368622fb9f0b96f35670e0d05f743be9dca4e7ee3c687101639f9dd39729873ef97f367a5db786d0f189050c3600fcb6f99faf09d914aaac5c233ee7f5f59391123fee28c664aaefb4470d5a9ff43e5aaeef5a906609a5eb37892aa598f5c463cf7339d07c6e62ae23dcf8487ff9fcb8d8f100da8b54dbe1c56bb6a74d5c849a12957e15460bb893d51e7a8599d70e72b305e8b40aa4e7ffb55623d481f1caa940c4769befad0fce5909fe73868918a94f7d2c5180af02d91bcb014f3a2c358d1659857decf277dab92e14bcf85b0f238ed922c6eca8ace1fc3840585ff86edb25be790d58dcc0834b1f93c910bdf0fffb6ce0e442952e077778743f0f79f29ae2aadcffaf595aef50670f2e84dae47ac9e9918805930283699da90a27c018a3686162bef571121123356a5745a3fd60441a6025bbfc471aadf5b7ef2029f0246e3f1c64d482c65c2999c4a1d031e34384b0c528046f38c4d06f8ce1c2dfba4d937912e0b80ec854eff66c6bffe246a45ad3aef669c767b2893bc904b968929506ffaff4855e33dd78ae586dc6adcdf3885e54675aed5aeb253b6d999a7c856b2472f373205f47fedb5a22b22179f08780fabed1c8df8a9211117c429002d5f123a771288149af25169b0ebfdf6597c0a34d9016ac01ffcb33003b6db1e02e80f38678d8315999788e1cd24b2f22cdbadd206440880abfff44e11e548e09fb6eead3752b09e4dd120d1aa36742c873e023fc3905ac69e679cf118ae91c53029dd50380c9265a2f27adf0c810466587bbe6699cdf3417ec0b7fc392b7a72c1f284ed8930d53682ccc005c3b4e08a65d768833227d04610a8e336c5aea9804691ac9a6ac65349a638e34b140eb55fec996f27a684f4829102cf38cc9039486203f23904d0baeef97593b8e48ff05b61e8b35b6098808300a8f01b7954e635a3fe03377871bcb04dc0f3233960c8dd9d7335b7f025a7dc64b7f8805ffbaa7e6ddc0fab9cb3b3f2a8dae6e0a5afc3b8dbbade22481fc7c5d2b7490cd425c1c6300a9552162d7226495d4e9ad85d545bf52e185dc3a827d19584eceb1f0543df9cb0e7f54bc53ed98d919084254a5dda7b34bec1724f5db0bbdf9dd0e69de937856893aa87a26f82444a0a8e4ce82442b779176f8ca6d72d23b2b60ee482808b540ad795f77f5bbf49b382a138ca275982b1b942ebcd5a28270a445749c4ac7fb403f216532d1d75f505af6429bdec57d7e33035a2eb2f8371dcc2bdebc68ac6ea231f854395ec15a3b33615ee40ea792e7645a84b60808f60a454ff37e6829f5da8dcb521add0bce8c3429c558667f469dc391f89f8b8a03c9ad7fbe1458eb48276aad6e5fbb68461a3a75f470ff9ded8a3793a9b03502a6dc16ea370e1464ce23c1ac9118065aaf3aa423e83a090ae9578908a988bdc47c4fbb1057462051ca2b775379505be2c41733a9f16312ce2e814b093e258533782aeb2a8485e5a7b398d6f25d3fa63e8b31d395ecce48432b38f9d7cabf2627f8ef77a0e3527f6273ab6a17efd0fbc60b4ac9483339784ad6701ecedda0ffff7bf3df1949671bac700616ee0a5ac5b980957dbee8dcde133bdb643c5b6adf3bbdd8206b802cb732c71a54368424540c275fcbbcf4ef03ce3329889b94346d75ad65bbf6f4168c3bc7ba353ded910a7135c20aa28a42860e866c62c0edcf1f3f155dbfa183b0f16be861676a3d5ed426ed92fe5fbfaa6a56b4de19e516bda8e478720ec73ef80585bd2daec8e0b55f259a0018a5333713ca835a5877b61a2137653f3c5bb9379d6449ca8b008fc454c1a18b82eea663d4f929fe86f656d3cd212d439f39a8ac0bf8abee7c05d47964afc02798f58580c17363607bfb7359bb036a00c1a1d848eaac44d48e1a3aa1e18abccdd92426b8973fb555314651724d141f5a197b3887777116e4ef738a318d97d994fc226eee45c25fbbf22d13ff35d1777a728b28c66f5769c5150db78163047f5e8005390370e3aa58914c01f297274853bfba051cf7b80ee0a2e7128af06210e690ce83978b2466e34f64f9c3338ce1d9077f3fd50a814fc68dc7f3bea67e8f6f53023d62766fe91b64c299ef560b43babddc1b2856d8f8e6d66e1e747e0220abd46dac4d9f986d2288327ee9bd552fe04f0c239c6009a41025ab919326f0c39a6802b420b6e4010d5b83a01a4f588a4e0b4003ff4f1c2194acf456113b143c68b994aaa849f982e28125b5097c0b8cd712d0049ae58f96240d0d137ab46b3e0e23aadbe153d304cddd37a3f7665dda78dd306b460a626b2ca9ab96ad54122c53030adf4b55a5f261ee2d98106406c2c4bf80a75396f85a36ad4f6dba3ec1024b0f5f59710a9a8f629ce0ccdda85bf3f6ff6457b966e48f1570801cfcb9a272119cf2f47d66ce282daf808712896b55f0ffd9369e43fb2a7dd259bebf7db4215e98f05b1ee8455db303e832d2f96456b0dbd42ef4953e8a3d52e8e6eefc7e6a0f76b1cb1ef68a0180826ba28bea2c68dba2c88338896752a25f76c3885bf2183a82da4eaaaae77507d1127ab1d33b4d833cecb2a68b9e45697798e274403dea89aecaeb6e5504fb3a79c2b2fef6b4864a30f88cb02e072631aa62db142e170ba57c4507186469e9ef9bc42834b11aaa7b69dce279459c9d8fce6cfcf7b907e95c6684943f403360f123ff7e64ce8255cb8dacb7ea4300936e67c2a7fdc0252e5ab9450168c6f959d63121a929bda8c1c4ece7a8431e4f6f1e7dd681ad686528cd1b251deff81b39c05cc2f36911d8fd8c8dd4796bee7cb218a03ab215aa620052126ec87b60a2b61daae558f490f42f94eac0b6cb75520a72c1ba6a95d679c2d7b515d89fd840971b8a53da7d1544d22ac97bcec3d7056ba46895f593edfb12f8aa255f0e5cf04aa2075939f7153dcc1fbac1af582cfaae02cec4d1212f62aba186794f291574baaa2b1188387f84f7a865caf341464eebd1a89736310116605ab7dc452c489b29af63294c99695ef75bb1a0e16821097a0e9a2d584e2475b5137d1efd985e47aaf9136e874b504456f49d6a83e45c61c70ce67a11ba780beb0f60375400e4c6e215941ccc24094cfc402abddfe7f85d1e67e3449c5e94fcb7e56fc8c9fb17231d4c5520cde80b42de06fe866c27516348e26cf36f477b3d2c01976d20cf10e1dea046394a171c6c26bfd3b9c15e74bad9646c189f97b5933f3ef34332c16605b4a7528d9813f1ca6fc13c0dce3e846755079ca650932088556e1cbef8349100321a25efa77ffe43eb12d2e0c3a30a876d1cfbc518b6ab379b641015df989e8aaeb2eb0197ca8685128776b56ee5679fb20c9312ff84b7ea946d5a31e9eacc48ce6e3d4b23205d6af202233b15cf939a3e892526b1a78b81997a35004b8c5096114b2115df2b8a72f9f10030c48837a4b12191f5e2c8883acd05bf88d8d9e8579c41ce9979076fff551b07ece782070af78d776f30fb3b15f1798632d54450e14db92b0b794e783f7720c251420f98b5b3ebb9521886f0f59f448a92c5ad5bb2556ce2eb573ecad109b9ae4e5863cfa4504563ee370a3c4ac7e004d4228858ce910a8516415d3f77582c269b875110d523327dd43b01791a988ae759fcc75abd28b1c98f10616c1e14e3439629e7b14419d354d70552e2fe96fd819a5c2345c0a4170254baa9aadacb8625c6e154eaa8fc6f6c56976e44495dc89c4e554625febb3c606e9014c889145ee928f5c0ef37ed370333de111c70639c27824971bfde3d45e35e1dc6e458a1533be4587886fe99e010f2370e8d35137f6b5059d9fcf24edc321a2e624d80e333cfb3c91f27d42945d905ca7a1ecf590df84d182f1e31b95ab6c3089a5a3370a31a679af74dcaf0e8e7835a9ec32d53f53fbfe9a15742aec659409e68cb47ea3caf0e76220f23be3ce6f3a5d049b5e069f0034e3c2ab2b9e46230124056398bf29de3bc1ae57635744f2174d559f65cc7f4f0979e742d2278524bbd46445720961053804d2ba39f94a439d78c9f9820ab5063663ac890e55f0c9eee21be09be69b742f9d0de1e25112fa2eb703dea19bfc9578847599f4f4ffc05698839b30b99d56b8dd9ad7a0557e3b002b09c1ef8311ce15d87c122511226abb3dd550783357ceb2553f92cfa380afb14c9fd80bcb1681b7df70235b085e1a8bdbd94a0bc8934d935c179affee2ee319ee54de1ed3d64b89d9567f6426791fd2628e510d17c480d1cacca5cbbdf81686b941bf3ada5a366f4ea8d5f1611fdc6aee410bc1f542503472145086440bc3c0927a3984ca9c488e75f79ab648dd65ffb15cf9fd0e756d8865647213f3154932b4e5548b3112473270cfc32306180c86fed15d1171e1837ff2f532718dbcb6bd2ad3be39cab29d600dbff810f817ffc77a15da951cef9a8c735de18d6494d43a92b6c85e9c33edacb529f6f29aa2871ff2be79516405b50a8981d7cd1cd243706e3a2d23ef2f2d132e896d52bcfe7f3126ecfb1013bc846c80fcbdaf5a6ea2cfd95dceb0504d0d80f6b149d44fd8dc5a5bfa4c906e2784a7067a0ffa41ddc78160107f16859d889205bbf34ec5e507e46666f623fd6665a798dcd552d459a6f0f429948acf9ff917fdb8a07a19e3d9e2f4fecbd46e98afcde7be9273f260335d53c1a243c8aa47fdc441394e5965aeb9f56a787cb1b5d8ea70f33a3f13d92a0da1ae429acc8356e07a488017cf6f55c2d8581c5eccd79be6a75d7ec1a18e5db67331b69c656dd02d8577102ee721c69d39df4251f4bb9a0f910febebef67525ccc1563e1342d148e5f1e798fc397960840064f77786a6faf5b1c9d5e478cc9c475822435c0b30f2ef1dc63ff52418e17e4a3ac3684f46731f5e8b366ad008be7fb207ef5c529e2e80919fb13a0245d94dbc9e9a55bd47caa9ed8a39af749f7935e2aabe89d03a0091ca06ef4fa122450150b5128b3ec46662ced6c58ccf0f522fe38567935bb8c3e13aaf1f6754f14e4d64491c7d29e425e578078540ab9a52682ccfa96eaf0407f3e0b09aad20cec1f369ddd7ae7164da4055f31276d4c8f8d0ed3794c42fd4fa230f05750a823bb9c9bf2ab5a6f4d6511bd20044e0fe5e60f149792e6b8f336da9f8d4edfe18df94bf77f03abdeb5a24231e5fd542aaaf2690773540cfe4d4a1ff73bc634c9456713a9c602726691a589e2c1327c951cca5aed94817089cf9ce07f1e3f93665413c8a5c2a3a61744230224344de1bc18feb8fb92ed66e9226474f1fdf9ab8e9cc8060dd5b59be55fb66645ea976fa8746ee04b942875d9397121d485db4e4d7e59ea51d77c1fee420e299af47d8bd73d82928a422f3047e0ff74ef9a4029573c321c0ff9487a35ca181d2ac15a5c55280eee329504f214e02f391fa164c82ce713f110cf6d68ce7f9746f93e054b78999e5c2fa5b463086fa8536008ae071c7530f5f404f776b2a894d87f16433bba5f24afb6207d7afa686552ca5daa1e21d9c8db0de06bf18f58b12e9931f1313024eb4d1da9b2cc5626b376837b3456c9c954f7c38fe005c2d727cb03316ada1df35318b1ec50cf05bd822fc272d901ebf", 0x1000}, {&(0x7f00000014c0)="309f35e5825b6344dedefe121c40a870a5c5f0913f761b8793453251382a628883df4d2228321f574dde9e", 0x2b}, {&(0x7f0000001500)="9941b61c6e9b8f9ee0574cf7a6af", 0xe}, {&(0x7f0000001540)="ee69b0b90e048d8cc3e61d422cb1742cf7c860d3cc2fd710005fee3dfcd655567463678b424af12f55d92f0ed29e3243d3c8eef1d9418a2212725d4fa70a2bceab82c4a60c6818ace11c33c5c02147a621bbca7fa6c6e78b3f76832ff5dacf9a35770ce684f4ec5d530cc516b0801983f3e4a8e3d324ee6b873710cc87acf33faf447e850093cb6ccd342b1b4d7d7005ba7f88756f1cfc7ff3992dcd34e2c3411daeb1499d2a3cab8d5c4929193594663cb4cdc3303028968bb6a92030dc98fef0b5d46b01c6acf3f4fd", 0xca}, {&(0x7f0000001640)="7c1f9f42a45f0ac419ef045c19cbdc17f1b0ff1f60e083dbeb639a39e76987dd015ebbdabec4af31f7ca329213b02a32e79e4935a1de43d7b6e83d0c6b73c0f77b1897a43781b95608d3957ea7df54a76eeefe892102c2480f60f953443e0afe8bc1e510a23ad51d6991404f3574e7f79f1e92202f21ac47d5a8ef81bbe958d7eef93087ed092139a47b36f43ed0", 0x8e}], 0x9}, 0x48407) arch_prctl$ARCH_MAP_VDSO_X32(0x2001, 0x0) ioctl$FIDEDUPERANGE(0xffffffffffffffff, 0xc0189436, 0x0) socket(0x0, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_tcp_TLS_RX(0xffffffffffffffff, 0x6, 0x2, 0x0, 0x0) sendto$inet6(r1, &(0x7f0000000000)="872af9893200004dbc00"/20, 0x14, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = fcntl$dupfd(r5, 0x0, r4) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r7 = accept4(r0, 0x0, 0x0, 0x0) sendto$inet6(r7, &(0x7f00000000c0), 0xfffffdda, 0x0, 0x0, 0x0) 15:25:24 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_SET_TSC_KHZ(r8, 0xaea2, 0x8) ioctl$KVM_RUN(r8, 0xae80, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1392.122209][T19754] usb 1-1: Using ep0 maxpacket: 8 15:25:24 executing program 3: r0 = syz_open_dev$loop(&(0x7f0000000500)='/dev/loop#\x00', 0x0, 0x100082) r1 = memfd_create(&(0x7f0000000540)='\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x00\x01\x00\x00\x00v\x8e\x05\xf7\xc1U\xad}\xc6\x94|W>Zi$Nv8,\n\xa6=W^\xa3Y\x7f\x8b\x17(\'~\xf7k0TM{\xa9-\xcf\x97\x8f\x1f\x81\xdc\x1b\x7f\x8f{4Q\xda\xda\x02\xec\xb4\xf1\xdd\xcc\x8bRA\xda\x89Efn\x00s\xc2Zb\x01\x00M\xbe\xa3z\xab\xd3\xeb\x98\x88\xc4\xc6)A\x9fP\x93zhH\xe0\xd2\x81\xdb\xeeV\x8cM\xe9\xa06\xc2o\x19\"\xf6Iq\xd4\xdf\x97\xfb\xab\x04\xe8\xceI8\xb3\x1d\xcf%\x9bK\xc6\t\x01\xe1\x86a\xfa\xb8\xfb)\x88\xcd+\xc2`\xc2\xf5r5>k\xb0\xa0\x02\xfc\x16MO\x18\x9b\x06\x80b\xd1\x01\x00\x00\x00\x00\x00\x00\x00@\f\fL\xa5{Tk\x940\x17.\xa56.\xe0\x14\x1b=\xf0j\xd25\xe8\x15\xd8\x9e\xea\xd3\xd9G4\t\xc0\x9c.\'\xa9R3z$\xf2\x01\x88\xc0\x13\x12<\xc01j3\xd8\xb4CE7s\xe4\xa0\x9e\xdd\x801\x12M\xee\x13\xce\x9cu(\x8f.\xc83\xc7\xe6j\xf5\xb1\x9a\x00\x00\x00\x00\x00\x00\x00', 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00') preadv(r2, &(0x7f0000000200)=[{&(0x7f0000000000)=""/165, 0x200000a5}], 0x1, 0x0) r3 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$cgroup_procs(r3, &(0x7f00000001c0)='cgroup.procs\x00', 0x2, 0x0) ioctl$LOOP_SET_FD(r3, 0x4c00, 0xffffffffffffffff) ioctl$MON_IOCQ_URB_LEN(0xffffffffffffffff, 0x9201) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x100000001, 0x4) r4 = syz_open_dev$dspn(&(0x7f0000001f80)='/dev/dsp#\x00', 0x10000000, 0x20800) lsetxattr$security_selinux(&(0x7f00000004c0)='./file0\x00', &(0x7f0000000680)='security.selinux\x00', &(0x7f00000006c0)='system_u:object_r:mail_spool_t:s0\x00', 0x22, 0x2) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000140)='TIPCv2\x00') sendmsg$TIPC_NL_PEER_REMOVE(r4, &(0x7f0000000300)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x1000}, 0xc, &(0x7f0000000180)={&(0x7f0000000880)=ANY=[@ANYRES32=r5, @ANYRES64=0x0, @ANYBLOB="cf7d496377ff502bd8977b2d200026bd7000fcdbdf2514000000180007000c00040008000000000000197a623199dc3a51ac240007000c000400200000000000000008000100070000000c0005000800000000000000440004000c00010073797a3e000000001400010062726f6164636173742d6c696e6b00001400010062726f6164636173742d6c696e6b00000c00010073797a30269360f88d830000e9ff100006000400020004000200040002002895819b0002000800010002000000040004000400040008000200080000000800020007000000040004000c0002000800010007949fd3038111b156145c68916c12d3eee457cdc7853c78f4e1d098af73ab173c000000"], 0x3}, 0x1, 0x0, 0x0, 0x4000000}, 0xb00a7c2ca1f410f7) prctl$PR_SET_FPEMU(0xa, 0x3) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x20000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r6 = syz_open_procfs(0x0, &(0x7f0000000380)='net/route\x00') preadv(r6, &(0x7f0000000200)=[{&(0x7f0000000000)=""/165, 0x200000a5}], 0x1, 0x0) ioctl$DRM_IOCTL_SET_UNIQUE(r6, 0x40106410, &(0x7f00000007c0)={0x99, &(0x7f0000000700)="3927f9de606cd273411924b269ef09a820f1174c203460844ccbdd30ae36bd52c7c7308790c9b215781727d46c9abc47553f41f9e9d12ee3f09f24d76c6bc6e5e0b547c748ad0f62c474c7b8fbb7d9f7873923a11548599bafb935b4e77a452f949c61162e8b8fe923c6c0f12fdb3ae55aee393545da7a502a033a86f17598f649efc28ec7ed38d8fc151bf390fb8d98b60047533613403f4b"}) pwritev(r1, &(0x7f0000000340)=[{&(0x7f00000001c0)='\'', 0x1}], 0x1, 0x81806) r7 = syz_open_dev$sndpcmc(&(0x7f0000000100)='/dev/snd/pcmC#D#c\x00', 0x0, 0x0) ioctl(r7, 0x40044102, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000840)='./cgroup/syz0\x00', 0x1ff) ioctl$FS_IOC_SET_ENCRYPTION_POLICY(r7, 0x800c6613, &(0x7f0000000800)=@v1={0x0, @aes128, 0x4, "067b2055450fcc79"}) ioctl$LOOP_GET_STATUS64(r0, 0x4c05, &(0x7f0000000200)) ioctl$LOOP_CHANGE_FD(r0, 0x4c00, r1) sendfile(r0, r0, 0x0, 0x40fdf) [ 1392.242690][T19754] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1392.253909][T19754] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1392.267016][T19754] usb 1-1: New USB device found, idVendor=05ac, idProduct=026c, bcdDevice= 0.00 [ 1392.272306][T11845] usb 6-1: device descriptor read/64, error 18 [ 1392.276293][T19754] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1392.293987][T19754] usb 1-1: config 0 descriptor?? [ 1392.562000][T11845] usb 6-1: new high-speed USB device number 85 using dummy_hcd [ 1392.792624][T11846] usbhid 2-1:0.0: can't add hid device: -71 [ 1392.798706][T11846] usbhid: probe of 2-1:0.0 failed with error -71 [ 1392.807648][T11846] usb 2-1: USB disconnect, device number 80 [ 1392.832098][T11845] usb 6-1: device descriptor read/64, error 18 [ 1392.832589][T19754] usbhid 1-1:0.0: can't add hid device: -71 [ 1392.844739][T19754] usbhid: probe of 1-1:0.0 failed with error -71 [ 1392.854144][T19754] usb 1-1: USB disconnect, device number 33 [ 1393.222516][T11845] usb 6-1: device descriptor read/64, error 18 [ 1393.312213][T19754] Bluetooth: hci0: command 0x1003 tx timeout [ 1393.318518][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1393.342324][T11845] usb usb6-port1: attempt power cycle [ 1393.532134][T11846] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 1393.772005][T11846] usb 1-1: Using ep0 maxpacket: 8 [ 1393.892379][T11846] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1393.903681][T11846] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1393.916656][T11846] usb 1-1: New USB device found, idVendor=05ac, idProduct=026c, bcdDevice= 0.00 [ 1393.925811][T11846] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1393.935431][T11846] usb 1-1: config 0 descriptor?? [ 1394.052128][T11845] usb 6-1: new high-speed USB device number 86 using dummy_hcd [ 1394.272496][T11846] usbhid 1-1:0.0: can't add hid device: -71 [ 1394.278678][T11846] usbhid: probe of 1-1:0.0 failed with error -71 [ 1394.292828][T11846] usb 1-1: USB disconnect, device number 34 [ 1395.382160][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1395.388431][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1395.622429][ C0] net_ratelimit: 20 callbacks suppressed [ 1395.622452][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1395.634396][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1395.641023][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1395.647392][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1395.653859][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1395.659845][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1396.182260][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1396.188338][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1396.342448][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1396.348438][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1397.462054][T11845] Bluetooth: hci0: command 0x1009 tx timeout 15:25:33 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x1) 15:25:33 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}, 0x0, 0x0, 0x0, 0x8, 0x0, 0x10000000}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000000)='oom_score_adj\x00') preadv(r0, &(0x7f00000017c0), 0x3a8, 0x0) ioctl$UI_BEGIN_FF_ERASE(r0, 0xc00c55ca, &(0x7f0000000180)={0xa, 0x100, 0x3}) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080)='/dev/nullb0\x00', 0x4000000004002, 0x0) io_setup(0x4, &(0x7f00000004c0)=0x0) io_submit(r2, 0x8, &(0x7f00000000c0)=[&(0x7f0000000140)={0x3a000000, 0x2759, 0xd, 0x1, 0x0, r1, &(0x7f0000000000)="98", 0x3e80000000}]) socket$caif_stream(0x25, 0x1, 0x2) 15:25:33 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_SET_TSC_KHZ(r8, 0xaea2, 0x8) ioctl$KVM_RUN(r8, 0xae80, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:25:33 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:25:33 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup\x00', 0x200002, 0x0) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x61d7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) ioctl$sock_bt_cmtp_CMTPCONNADD(0xffffffffffffffff, 0x400443c8, &(0x7f0000000040)={r2, 0x7}) epoll_create1(0x80000) dup2(r0, r1) 15:25:33 executing program 0: r0 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/btrfs-control\x00', 0x80000, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_CLIENT_POOL(r0, 0xc058534b, &(0x7f00000004c0)={0x1ff, 0x7, 0x8, 0x7, 0x2c0, 0x3}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) fsetxattr$trusted_overlay_nlink(r3, &(0x7f0000000200)='trusted.overlay.nlink\x00', &(0x7f0000000280)={'L-', 0xfe7}, 0x28, 0x2) syz_usb_connect$cdc_ecm(0x0, 0x55, &(0x7f0000000540)=ANY=[@ANYBLOB="12010204020000082505a1a4400001020301090243000101006000090400000002060000082406000016733f052400d70a0d240f01000000002d6308000905241500000905820200000000000905037f002600000000"], &(0x7f0000000400)={0xa, &(0x7f00000000c0)={0xfffffd1f}, 0xe3, &(0x7f0000000100)={0x5, 0xf, 0xe3, 0x5, [@ss_cap={0x1d7}, @generic={0x9e, 0x10, 0x0, "b380f3fc8779b6dd640a40ab6c246f9a567d8ff2224a10eb927b120194fdea76980cceb7785a4fdff369e9ee0284464799310f8380ec8d3775237f4274bc2a124c4a08335a842e790c0de8a5d84d0e198654e8682a2ba5678d9e683b5d33db3eeafade2debf389a5dd0f6ca9bb5e3e867a951ec26793b0977e804a68b698c635794fd8576117a5dd9260973fc71384d548327cc9a4a2fbba531dff"}, @wireless={0xb}, @wireless={0x185}, @ssp_cap={0x20, 0x10, 0xa, 0x0, 0x5, 0x0, 0x0, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0]}]}, 0x5, [{0x2, &(0x7f0000000480)=@string={0x2}}, {0xf9, &(0x7f00000002c0)=@string={0xf9, 0x3, "356285172d7f0dd890041124d61276c627a065bef46e55764cec9eb5e7b9532f29dfc25420d4ec238f7cf3f034701e2f8f49ed4690cef11a596f5f875236dca04c477551f867d30b5621662d94fa97305d92b829c459da09d42333dd87e3e9f1e7a6f9cdd4b05e26c202e5984269998e508e444ef42e09eaf8d8e445ecd1423baef29ac761d9d6d8d8132099824267dee32ffcad65e82cbf19e315f58c072930ac86ec02c42fe1632cd8c58680d2f074914003d4013c3f2359dc472a0349ed1abc8d959f41070f92475eb0f72c1fa0ac317f6bc3db9287b56e5a506af3dedb821cd89fd2ae98d483347ea98011b1e009154f56f33efa9e"}}, {0x4, &(0x7f0000000240)=@lang_id={0xfffffffffffffd2c}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4}}, {0x1002, &(0x7f0000001940)=@string={0x1002, 0x3, "a0935e4648752e6795f4bddb3cf4918a4d84fd2881bf2c8f06b949eb76aa87e96878e1e9882c7fc621e6a2391133143ed61192003a37cea22eb30f357b7e05f1715cce2b899a9f80e4d4a7cca4ca0574bcb02f6f75461a4f809887be5d9052f8434532570f1b72ddc71fd39a8273b2c0cad07e60231fbdfeb851b822f5e673af5353af70aa7b65211b92100a40a4f43a6e18a027a46fcb74e3a788d1f867b8052bc5a1d1a5104c7b8c6f0b8bc68fea7b1e0f4e03bbe00f2d6ab3a0a392d7d5979f851d99c40baa29f18b1199e9af5d60cf76f608936e7140656695ecfa755deebb31d02f67c1063836f6ace5e3e60dc0f0a9f24b0ff189fa39bfae08104f38e71116c594b288757739a180c97c706208d1ddd5f22c1666f3839a73efc5d4d8e7b84e8e7cea480b154a442f8aee0ab7730627e76409e9e4f07fa1f9d3d1987b8df506c10bad6577aa959d2e4ebb237c47eafd4ea8a6713c96b6475abef923d7dd04c0c2534587bde07620fe46b2cce6c8452fe3e83ec86fa107a7e127ba5760d54f46c46e95943eed8e013efeb2c3d88d08c3b237c3e157066d63086102a778ff90907fcdbb9f07fbd17660b2955241c2da4ff97e5889fa3e633268d95f76ed103e20f5e646247a9e7ef8f8ef98c1e1c090786a6285964ee5d8e426d8fbc2863639e397908ad5d64f2494624251e3a11d089f46c6bb6fea36e5bce2afaa12c870edc86e79cce1e2fe8c7ac2830a4d8e5b41ed5def98fb769033c6361f0a837ff54f2f8ecd1e4cb61224030637ca585b8d56129ef870c8248e3222e4013987df3ba884d06875bbc9ee06cff7ec12cc369779d505d5b96e5a30d58fc3716079401cda4843971ed4d9d18b742396b28bad256201e943137117c39ac00c74f039b54e4126196b14bd8f9088a9e1f35bce9536e7e247fea663376ca19e37ba7db7b449ead7ef3bd262623cdb142fac2c071c34b0bffff413d5ee88945935be42e74a84080da6089aca67c25d37cceb4c1236b8e0bd811806032333ef361bedd50b7035133fe815deebb76978e8ee667deffcf54ed90a3c00554abaf7ad665ba90ae8cde2a970ecd708eb76a5f047a93e948ee6803bcc295adb0f4db22c1d555bdfe42ee15e8722fb4225671b456020cf68e34f6c4637213c8f8d1b78b9ef01ac284717be274206b976015a84df08c7e84647cfe59acfdf5affb602aeb4d7073b4ab347ad3e69b75e2fe694d155583fe1c38111fab03b70ae85c85c6cfe63e96b8b736673f07ed48c1e876108c94afa7fa7adbc75298a2355f9ae0f31817db28bd65c8b3da8eef4641d0ecc09cfecf2ddf9ff9f46397f95ad0ef8188435d329d003e521f57213457bd0b664a9929fe78a29b090b4ebf5e4d1096c6f693f5f8742ace886fea42b16ad44f1b1342e35cdb1ad9979f9c677abf635f224cd8149f00df6ef8d85cda6c6dc08511b31575ffcadeacdc31ddc28c975d1474ea90ec9a71f2ca5cd077522134ed57a8e46ab1cb6163ca074a64cc10db84928fe4b411e5ce2559e1c3304d7c2f712dfb1b0dbfc41e44e454fb705edfe75a4ade617678eb2dab0b7349853149bc13dfd427c7038e155c9a6f5350b2e02b3d4bf1a5b087563c361b8d141887e59bc6497ed6073352d41c718c97912e8ee9db1acb984eccb83815ee35540459100df1ee7b4de296d8f7fc26ed560427ea763bf4ee35ccd414c6b1d16d9e88ad09e6a86e0838da8cc86b47e294723deb626b792945024b50790204077f1b6ce5709a2619af4184a32ba56d8e3cf6846a3d27ae4b0924f6ce8b28565f78350e802490d5872ce39fc2e75f7292a9f4c85c1ba9bca90e5756615a2e3f86fd5d0c3e5c294dd93a48676f916ba56e5868a888e2917710869c46198f1c18672b3b48e619ff96fb3a1e639a79c4bdf4aecf53d41d81841cdd65f1637a54bcd1c28f828f1c407601b52d65f10cd4768973770657d6e77d18ab06f9ac693c139f78853bc2d2a44d93cda5fbb2844cba7b1251878aabae9498010a74f74e25588dfd7f0bb18a2649e0c31988cb4b3cac92ec8f01025ecff95219669b531a9d932091c13cafadcd649532038b50d230fed2f108923fa7f2332e24c82f091381128e49c38a1b343453ef49c1a6fb08738cdfced1a41f2ac035170cb7595fdbe91b2642077563a07f088b1ba623c5fc6ab84043dbcd07daf570671f7030c25fe79dd4b1f125fca3d8a522f3977144d9fcc948823c0c5a8b7cb004cfde3e5fd3bc3a2dde42bb69f3c6d08223d98f92e499f5a006b7a2b3a57d5eb948122302ab5923b6cd0ba9c031de0695dfe2dbf12e4901890390421f167964eafc461a00630f9ec369fad9378cc44f25fd05b8c50ddd061ae9ed415c9e5746dd7871b7d170b9a6ac4e429f03ba1cdc8fb30eca39159319bd796dddeba8d4611842399273f8e6481fec61c04ace729fdd89e07a19786737f283f2742ccaeb09563ae28ae18d084c8bf7099087db7e3bb1f43bfb81ed3ff2af15dae208f50f4f2f87989e5f232e51b233c32ac41d1cbeb064ef5e3257c800087c563f5fe9dc73e6c0e88a389cbe3c15eecc88d6ee835388afe9fd092da7da2246efec88681d01fa354ee7fa56edf43863ff218cf4b1865f4644816a05314a671452ace881a211e9a72a980abb4af96dd50547c7448af48b9cd7d50a622dfbcdab9557c569fe8714ed2644361f6dcffed61fde9e385442af3353a5ab7c187df72c0283cbc8f3d4c5b2331f47d12634215622c35b5c354270ebdc1c31963eae456ba226bc853e39a9e5a472348dc274ec3d0becea3c1ee61645b82aaf486f7fcb96e2c9a7323b8b3ae4838cd3559c06a077cfb546c1187ec6fc36a51f3e47836edd7e943c2660064ccc693349b735cde02e219c6c2f4ee002491063d99bcfb13e4134c58984167ec816f04268cfeaf8a1c9b8f5ed2d4e61a5ea4c395c699b813d1e810c20c921a18840dee3109a402613f5c0fb10ccbbfc5bcbec39f06dd3bdc31a180e4c5d39c88316afa46d5310678c7e99c64d678a2d2d9fcae09475738b4d39a21d22bcc4e203fbddaa34f1fff2adced181fb9e1f217aac6e7b1e22e8b6523ae27a5a0af859027d71a38967a6364c39e76c7782998608af41d603e1c6c64ae8f8d678c8baee8a830eeec78ab9e57b511562588a9bd4099cc1a5a08d8f5b887c7f1af3639109d26c5fc89dbee722d9b6702a466b715178309d489aa05bb6e09dc91c539e07e5f748b40815c8d4e3c1a17c725e5902ffb95b86a248ecc0f3475dfc0d35408067224bdb845cbfe3ef9da0017f83fc13f408a88119bacff7ed8c943de5c0c82694ac98753db664b6177846bf08d79f04d3a5b44c50c0408cef4bfed7d9e0101bdb83e45a4b6d1ecf85e18644dc2b690bea2d6264d1fc355318d3d2adf9a019db60ee061a038d42a1896a19b2790ba6004d91fde8e6c7dccc22498dbb69fa18900966c99458c20c27111a415c6f7f1b8147af56fedbb8caa21d5aaed6cfee1994832d33475c914eeb24ab4020c02af3cd368b62681940e576879110a8dacc5701b0c13fd0f7c50e5d8e31984b1d5357b6303d36120b34a62cde5edc3a3be34a404713bb5fd529b0e47d0d0351146898e088d1d364e5ae54772a5f63c829079c82bce56dcdcb200b51ad20533ae6495426a6acda667accbc2faf868079b8b1cf875ed88c35546f56c6a8654c5974b6e946fd90d33d846c0de814f4f6eaeb3f37a541901ee79618061e7d1d6d8b43f93f001e14944823d73cc00dc7265bce6041d7c3f12db4dda1e73e04e29cd88b16fe8b815b3a4f766d18c3eea7fb15e3322d47889e60d1097117f2e0181a78cc26a614ebc542f384c695c9ea3b225fa8bca8d4046e4f0b5c2ec9222e8bf47524377846c212f823dbc204da286e4d6d537cffd5d132690c9d0b40e824566292a468eb788c6d2faaff2aadb4afc91402a5184ba0c8bdaee99b62eaec79084638b1be8cc058e6659163c6e0872f6605e9c9ed23876b1bd0b22c606839f27b64c620b3a3609c49a7037e58bf66da29af7e3e49ea5e09030c930429a3eef955f6aab02423210f9f65d4c004bb0db7362e58bd12cedf3e4644eb534d40e1b9c67179394432375ead26b12072d8f955db097ac08489962269f018a4e3cb1c6dadd895efca8435d06c72476f9da9c4ba991072a9534d833829c07805db23304c2556f3fd823700fd4ceac1a14a0e074edeffe468ec328198d02f8e6093862bbb70700e7b01c8830176d321078181e2060139fe154e12d934d83cfba11e739e444220c668f97d4d77cf1b5fd479c77321a201cc8cbd08e4df45f1887cfb51bedee1258381c0a993501fac8a926604f84717ef0626cb430ffd8c2db222b2a215327f96c614bdaa5a02cd73ea0311e6ffdb03243f9277c55421cc2aaec88ca63d986274bcc185f02a8b3f1507d7ba56824dd590229e0a647a44baff4afe80e9380aba9732c145f347a111ab3a99a7c46b411d9eaa80c5c6ff1ccc7af1e13bc48619b905ffc414bb20430cd07ae561137a92fe278147bf41e31e6ca1d6a6c6645239f6f29529929a4b240b5754d403c3482543104223352788a10c2470d9b7688b14ac6a33ed97fc50a63d2853659d6383f2d1dc3e7ecce98c842f2ba0d2eebf86d492e9c51503d994346f17a368b9e252363f6803f8964105ebe8a014c0ec7ca78b3c2addf332c1f4ba2249864f02b54bea0130ce402a94bdf19f2b08a96b8833844b8d134d9f121522e5aff974278cda738fdcea3304938b8c7bda10f5440a1b463da5c8987df041b1517719d966414606bc7529d51d36b8d83a28b06ab2a6cf8a840e41d11adabd50aa4c5311ef1808ae10a4612fe4cd6e6381c3d79af1e1b6d6a5e3bf5e24366348c3cfe94a90a29ebfc9274439ae62c4335fafd4a499500cc099a8d7a57ae04172744161db61c41b88585fbfa7e861d88178f6baa214f57d0ea6cc4986656c8625c7cd54e3b2a0ce561e272ac8773e1eba9655cd3720b9d131cb67cc08f302c9f8f6769b3e7cb37a2fe5058328529701bdf4d71d8e8bea3e879d2355963fa73e52c6aa416edee3bb868b2093ba25b46ac4d9a0aa29d52e60cc6a0fbbd008bda634c4c0229a3b5d8e44be39a251507846ed5fd14107e7c5c11ca44645d3b0521b4aa7cbae8abcb72bbd480a3285a162df97b2d9e4152b2510372c4ff6ea8eb086d874b4bb167faaedd7799a351d242ac8398e5c7f05b4044a8834e6c92eca4ed03bd77bc6f981f1bcb9fad576371388582f63629865e0de3b012475f8ca39c8fdf35857879efb1b9dd260bc36e219f5250c61cf4ff2b4a9ced62f9b2105ab3012fa3ca380626680368a9d414d1f5d54795290c9ae90a848ca776c1deb3f83a7712b8b113b3e4a9b5ccf595cbf7b4ad611269acd2d51a2ceed61228a2f15c29dcb1d1549bb2141d41f7197df568acdc8484a77378408d76a0867e0cf0e3ba6766a97fd2d06379d59213298988e88b99531d55075931159b222112e834ea62af4acb6050349fafa49fc0084b84eec14c63df3facc9c8af7644267e815fd6547961cf1d14928e6da671f1177ea90218f3cb226038d6e16aea33f39648ce7c42f494dbde987d0a6928e87da652f19ddb245cb4c05f8611af39d37fa5fc37df4276549a9968d3c0ea736d4f7765e4b0600f291381c18c23a35baa621e0a29d41bcc745df58c4d13f0acd47ef8a80bb05d3099394ce144e82442d66dc7e5caf7145b0ad3d228a043f3346f8839ea04799a247dac0db6fb5c48e576be678310"}}]}) r4 = dup(r1) ioctl$EVIOCGVERSION(r4, 0x80044501, &(0x7f00000005c0)=""/232) 15:25:33 executing program 5: r0 = gettid() process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r1 = gettid() process_vm_writev(r1, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r2 = gettid() process_vm_writev(r2, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r3 = gettid() process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r4 = gettid() process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r5 = gettid() process_vm_writev(r5, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r6 = syz_usb_connect(0x3, 0x5, &(0x7f0000000340)=ANY=[@ANYRES16=r0, @ANYRESHEX=r1, @ANYRES64=r2, @ANYPTR=&(0x7f0000000300)=ANY=[@ANYRESHEX=r3, @ANYRES16=r4, @ANYPTR64=&(0x7f0000000280)=ANY=[@ANYPTR64, @ANYRESDEC=r1, @ANYRESHEX=r5, @ANYPTR, @ANYRESHEX=r2, @ANYPTR, @ANYPTR, @ANYPTR64], @ANYRES32=r0], @ANYRESHEX], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) r9 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r9, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r9, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) ioctl$sock_inet6_tcp_SIOCATMARK(r9, 0x8905, &(0x7f0000000240)) r10 = openat$cgroup_ro(r8, &(0x7f0000000140)='cpuacct.stat\x00', 0x0, 0x0) accept4$unix(r10, &(0x7f0000000180), &(0x7f0000000200)=0x6e, 0x100c00) syz_usb_control_io$hid(r6, 0x0, &(0x7f0000000100)={0x2c, &(0x7f0000000000), 0x0, 0x0, 0x0, 0x0}) 15:25:33 executing program 3: r0 = openat$mixer(0xffffffffffffff9c, &(0x7f0000000180)='/dev/mixer\x00', 0x40000, 0x0) r1 = socket$inet6(0xa, 0x5, 0x0) r2 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r2, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) lsetxattr$trusted_overlay_upper(&(0x7f0000000340)='./file0\x00', &(0x7f0000000380)='trusted.overlay.upper\x00', &(0x7f00000003c0)={0x0, 0xfb, 0x34, 0xa, 0x3b, "a26769b3d42756dee2634724680a20df", "36dc5411d9174636b130a16f7c283d15af03d2ebc45b9061729c9d4408362b"}, 0x34, 0x0) getsockopt$inet_sctp_SCTP_CONTEXT(r6, 0x84, 0x11, &(0x7f0000000040)={r3, 0x1}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp6_SCTP_GET_ASSOC_STATS(r4, 0x84, 0x70, &(0x7f0000000200)={r7, @in6={{0xa, 0x4e24, 0x8, @loopback, 0x80000000}}, [0x3, 0xffffffffffffffa9, 0x20, 0x6, 0x9, 0x5e72, 0x7, 0x9, 0x1000100000000000, 0x100000000, 0x0, 0x7, 0x2, 0xb8, 0x800000]}, &(0x7f0000000100)=0x100) setsockopt$inet_sctp6_SCTP_MAXSEG(r1, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={r3}, 0x8) setsockopt$inet_sctp_SCTP_ADD_STREAMS(r0, 0x84, 0x79, &(0x7f00000001c0)={r3, 0x5, 0x7}, 0x8) r8 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x4, 0x80001) sendmsg$nl_route_sched(r8, 0x0, 0x3518e675229dd2c3) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = dup(r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$SIOCGIFHWADDR(r10, 0x8927, &(0x7f0000000300)) r11 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r11, 0x1000008912, &(0x7f0000000140)="0800b5055e0bcfe87b0071") syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="130100001fa34f20cd063101ed820102030109021296d6f700"], 0x0) [ 1401.724401][T19754] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 1401.752091][T11845] usb 1-1: new high-speed USB device number 35 using dummy_hcd 15:25:33 executing program 3: r0 = openat$dsp(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dsp\x00', 0x101000, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$sock_inet_udp_SIOCOUTQ(r2, 0x5411, &(0x7f0000000080)) ioctl$KVM_GET_MSRS(r0, 0xc008ae88, &(0x7f0000000100)={0x5, 0x0, [{}, {}, {}, {}, {}]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) openat$random(0xffffffffffffff9c, &(0x7f0000000380)='/dev/urandom\x00', 0x404841, 0x0) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bpf$BPF_MAP_GET_NEXT_ID(0xc, &(0x7f00000002c0)={0x36}, 0xc) read$rfkill(r4, &(0x7f0000000000), 0x8) ioctl$int_in(r0, 0x80000000005000, 0x0) socketpair$unix(0x1, 0xe697705cf97899b2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x900, 0x0) pipe2(&(0x7f0000000300), 0x0) socketpair(0x3, 0x5, 0x0, &(0x7f0000000340)) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000001c0)={{{@in6=@mcast2, @in=@remote}}, {{@in6=@loopback}, 0x0, @in=@initdev}}, &(0x7f00000003c0)=0xe8) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) setsockopt$IP_VS_SO_SET_FLUSH(r6, 0x0, 0x485, 0x0, 0x0) [ 1401.862188][ C0] net_ratelimit: 20 callbacks suppressed [ 1401.862224][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1401.874618][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1401.880948][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1401.887151][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1401.893292][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1401.899229][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1401.971981][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1402.032314][T11845] usb 1-1: Using ep0 maxpacket: 8 [ 1402.092227][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1402.103702][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1402.116803][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1402.126045][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1402.135977][T19754] usb 2-1: config 0 descriptor?? [ 1402.172446][T11845] usb 1-1: descriptor type invalid, skip [ 1402.178189][T11845] usb 1-1: descriptor type invalid, skip [ 1402.184098][T11845] usb 1-1: descriptor type invalid, skip [ 1402.189839][T11845] usb 1-1: descriptor type invalid, skip 15:25:34 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_SET_TSC_KHZ(r8, 0xaea2, 0x8) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1402.272844][T11845] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1402.322686][T11845] usb 1-1: language id specifier not provided by device, defaulting to English [ 1402.422379][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1402.428540][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1402.464046][T11845] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1402.473176][T11845] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1402.481198][T11845] usb 1-1: Manufacturer: 戵ច缭Ґ␑ዖ왶ꀧ빥滴癕떞맧⽓哂퐠⏬粏瀴⼞䦏䛭캐᫱潙蝟㙒ꃜ䝌兵柸௓⅖ⵦ杖゗鉝⦸姄৚⏔ꛧ췹냔♞˂飥楂躙蹐乄⻴䗤퇬㭂잚Ꮨ餠䊂⿣근뼬ތ〩蚬ˬ⿄握蛅튀瓰䂑퐃㰁⌿⩇䤃᫭趼龕݁鈏幇Ἤ겠缱썫鋛떇婮橐苛튟颮菔縴肩넑ৠ伕慨 [ 1402.564225][T11845] cdc_ether: probe of 1-1:1.0 failed with error -22 [ 1402.582555][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1402.588966][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:25:34 executing program 3: r0 = syz_open_dev$amidi(&(0x7f00000000c0)='/dev/amidi#\x00', 0x4, 0x482020) ioctl$EVIOCRMFF(r0, 0x40044581, &(0x7f0000000100)=0xfffffeff) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040)='/dev/uinput\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$PERF_EVENT_IOC_REFRESH(0xffffffffffffffff, 0x2402, 0x7) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x200042, 0x0) ioctl$VFIO_CHECK_EXTENSION(r2, 0x3b65, 0x8) openat$null(0xffffffffffffff9c, &(0x7f0000000080)='/dev/null\x00', 0x10000, 0x0) r3 = socket$tipc(0x1e, 0x1, 0x0) io_setup(0x1, &(0x7f00000001c0)=0x0) io_submit(r4, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, r3, 0x0, 0x7ffffffff000}]) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000180)={@broadcast, @loopback, 0xfa351729b7ae0f19, 0x3, [@dev={0xac, 0x14, 0x14, 0xb}, @local, @initdev={0xac, 0x1e, 0x0, 0x0}]}, 0x1c) 15:25:34 executing program 3: unshare(0x10000000) unshare(0x68060400) r0 = openat$null(0xffffffffffffff9c, &(0x7f0000000000)='/dev/null\x00', 0x1, 0x0) write$selinux_attr(r0, &(0x7f0000000040)='system_u:object_r:udev_tbl_t:s0\x00', 0x20) [ 1402.766063][T11845] usb 1-1: USB disconnect, device number 35 [ 1402.859867][T27847] IPVS: ftp: loaded support on port[0] = 21 [ 1402.914552][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1402.920964][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1402.946169][T19754] usb 2-1: USB disconnect, device number 81 [ 1403.542076][T19754] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 1403.549866][T19755] Bluetooth: hci0: command 0x1003 tx timeout [ 1403.556195][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1403.782162][T19754] usb 1-1: Using ep0 maxpacket: 8 [ 1403.902334][T19754] usb 1-1: descriptor type invalid, skip [ 1403.908426][T19754] usb 1-1: descriptor type invalid, skip [ 1403.914400][T19754] usb 1-1: descriptor type invalid, skip [ 1403.920109][T19754] usb 1-1: descriptor type invalid, skip [ 1404.002169][T19754] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1404.052126][T19754] usb 1-1: language id specifier not provided by device, defaulting to English [ 1404.172550][T19754] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1404.181993][T19754] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1404.190164][T19754] usb 1-1: Manufacturer: 戵ច缭Ґ␑ዖ왶ꀧ빥滴癕떞맧⽓哂퐠⏬粏瀴⼞䦏䛭캐᫱潙蝟㙒ꃜ䝌兵柸௓⅖ⵦ杖゗鉝⦸姄৚⏔ꛧ췹냔♞˂飥楂躙蹐乄⻴䗤퇬㭂잚Ꮨ餠䊂⿣근뼬ތ〩蚬ˬ⿄握蛅튀瓰䂑퐃㰁⌿⩇䤃᫭趼龕݁鈏幇Ἤ겠缱썫鋛떇婮橐苛튟颮菔縴肩넑ৠ伕慨 [ 1404.263882][T19754] cdc_ether: probe of 1-1:1.0 failed with error -22 [ 1404.464010][T19754] usb 1-1: USB disconnect, device number 36 [ 1405.622101][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1405.628483][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1407.701948][T11845] Bluetooth: hci0: command 0x1009 tx timeout [ 1408.102205][ C0] net_ratelimit: 20 callbacks suppressed [ 1408.102218][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1408.114332][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1408.120443][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1408.126573][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1408.132816][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1408.138829][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1408.662294][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1408.668474][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1408.822394][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1408.828390][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:25:43 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) r0 = dup(0xffffffffffffffff) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x1) 15:25:43 executing program 5: r0 = socket$inet(0x10, 0x400000000000003, 0x0) sendmsg(r0, &(0x7f0000004fc8)={0x0, 0x0, &(0x7f0000004000)=[{&(0x7f0000000000)="1b0000001200030207fffd946fa283080700190000000000000085", 0x1b}], 0x1}, 0x0) recvfrom$inet(r0, 0x0, 0x117, 0x0, 0x0, 0x0) 15:25:43 executing program 3: r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000100)={'bridge_slave_0\x00\x04'}) close(0xffffffffffffffff) socket$inet6_sctp(0xa, 0x5, 0x84) r1 = socket$inet(0xa, 0x801, 0x84) connect$inet(r1, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r1, 0xfffffffffffffffe) r2 = accept4(r1, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r2, 0x84, 0x22, &(0x7f0000000140)={0x4}, 0x10) sendto$unix(0xffffffffffffffff, &(0x7f0000000040)='$', 0x1, 0x0, 0x0, 0x0) r3 = socket$inet(0xa, 0x801, 0x84) connect$inet(r3, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r3, 0xfffffffffffffffe) r4 = accept4(r3, 0x0, 0x0, 0x0) write$nbd(r4, &(0x7f0000000580), 0x10) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r4, 0x84, 0x22, &(0x7f0000000140)={0x4}, 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f00000000c0), 0x8) sendto$unix(r4, &(0x7f0000000040)='$', 0x1, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$SNDRV_CTL_IOCTL_CARD_INFO(r6, 0x81785501, &(0x7f0000000300)=""/240) r7 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r7, 0x84, 0x1d, 0x0, &(0x7f000095dffc)) getsockopt$inet_sctp6_SCTP_GET_PEER_ADDRS(r4, 0x84, 0x6c, &(0x7f0000000240)=ANY=[@ANYRES32=0x0, @ANYBLOB="1b00000074c1affab7ea81a2ed4f077a248e022e588b30ca2ad3f573e7f0d6c716c48750f6750439d1fe109329c21da52be8df62a98f16a25e983af986e68faf8363dfec03f32c69d01296c1e692c3a2d9e7949cb40a1333901bd274f1802fe776aec7faf06c3b100153eba203f92a85d1cba30a"], &(0x7f0000000000)=0x23) getsockopt$inet_sctp6_SCTP_DELAYED_SACK(r2, 0x84, 0x10, &(0x7f0000000040)=@sack_info={r8, 0x6, 0xff}, &(0x7f0000000200)=0xc) setsockopt$inet_sctp6_SCTP_RTOINFO(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) connect$rds(r2, &(0x7f0000000180)={0x2, 0x4e20, @remote}, 0x10) r9 = socket$inet6(0xa, 0x803, 0x20) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000000c0)={'bridge_slave_0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(0xffffffffffffffff, 0x8916, &(0x7f00000002c0)={@rand_addr="a6ac30405bd92f9bea3c5597afc948ee", 0x0, r10}) ioctl$sock_inet6_SIOCSIFADDR(r9, 0x8916, &(0x7f00000005c0)={@initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x0, r10}) ioctl$sock_inet_SIOCSIFFLAGS(r0, 0x8914, &(0x7f0000000080)={'bridge_slave_0\x00?', 0x22000000c0ffffff}) 15:25:43 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_SET_TSC_KHZ(r8, 0xaea2, 0x8) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:25:43 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:25:43 executing program 0: openat$snapshot(0xffffffffffffff9c, &(0x7f0000000280)='/dev/snapshot\x00', 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) ioctl$LOOP_SET_FD(r1, 0x4c00, r2) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)={0x1, 0x7e, 0x1, 0x3}, 0x3c) bpf$MAP_CREATE(0x0, &(0x7f0000214fd4)={0xc, 0x4, 0x4, 0x234, 0x0, r3, 0x0, [0x305f, 0x5f, 0x32e, 0x5f, 0x5f, 0x80ffff, 0x80ffff], 0x0, 0xffffffffffffffff, 0x20000004}, 0x3c) [ 1411.717347][T27867] netlink: 7 bytes leftover after parsing attributes in process `syz-executor.5'. 15:25:43 executing program 0: r0 = socket$kcm(0x2b, 0x1, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000500)=[{&(0x7f0000000000)="2e00000018008105e00f80ecdb4cb92e0a60022c000cd306e8bd6efb120009000e0004a00200000006000500fec0", 0x2e}], 0x1, 0x0, 0x0, 0xa00}, 0x0) [ 1411.883136][T27867] netlink: 7 bytes leftover after parsing attributes in process `syz-executor.5'. [ 1411.884570][T27870] device bridge_slave_0 entered promiscuous mode [ 1411.903353][T11846] IPv6: ADDRCONF(NETDEV_CHANGE): bridge_slave_0: link becomes ready [ 1411.921041][T27863] device bridge_slave_0 left promiscuous mode 15:25:44 executing program 5: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @mcast2, 0x8}, 0x1c) [ 1411.982314][T11845] usb 2-1: new high-speed USB device number 82 using dummy_hcd 15:25:44 executing program 5: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000440)={0x2, 0x70, 0x80000000b9, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) clone(0x2102001ffc, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) getpid() tkill(0x0, 0x2a) bpf$MAP_CREATE(0x0, &(0x7f0000000500)={0x7, 0x4, 0x8, 0xf1a, 0x0, 0xffffffffffffffff, 0x0, [], 0x0, 0xffffffffffffffff, 0x1, 0x5}, 0x3c) [ 1412.156861][T27879] device bridge_slave_0 entered promiscuous mode 15:25:44 executing program 0: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0) r0 = socket(0x10, 0x0, 0x0) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000003c0)={0x0, 0x0, 0x0}, 0x0) add_key$keyring(&(0x7f0000000580)='keyrinf\x00', &(0x7f0000000180)={'yz\x04', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$KVM_PPC_GET_PVINFO(0xffffffffffffffff, 0x4080aea1, 0x0) keyctl$chown(0x4, 0x0, 0x0, r1) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x5) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000300)='/dev/udmabuf\x00', 0x2) syz_open_procfs(0x0, 0x0) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, 0x0) renameat(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) recvfrom$inet(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0x0, &(0x7f0000000380)={0x2, 0x4e23, @empty}, 0x10) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff824f400005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcffffff770000000000200000f07000000000000000a4000000000000000000", 0xffffffe5}], 0x2) [ 1412.224021][T11845] usb 2-1: Using ep0 maxpacket: 16 15:25:44 executing program 3: setrlimit(0x9, &(0x7f0000000000)) r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b505b90bcbe87b0071") io_setup(0x200, &(0x7f0000000040)) 15:25:44 executing program 5: mkdir(&(0x7f0000000040)='./file0\x00', 0x0) mount(0x0, &(0x7f0000027000)='./file0\x00', &(0x7f00000000c0)='sysfs\x00', 0x0, 0x0) rmdir(&(0x7f0000000240)='./file0\x00') [ 1412.342562][T11845] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1412.353987][T11845] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1412.367013][T11845] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1412.377357][T11845] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1412.527240][T11845] usb 2-1: config 0 descriptor?? [ 1413.272236][T11845] usbhid 2-1:0.0: can't add hid device: -71 [ 1413.278342][T11845] usbhid: probe of 2-1:0.0 failed with error -71 [ 1413.287626][T11845] usb 2-1: USB disconnect, device number 82 [ 1413.782120][T19754] Bluetooth: hci0: command 0x1003 tx timeout [ 1413.788387][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1414.342268][ C0] net_ratelimit: 20 callbacks suppressed [ 1414.342280][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1414.354201][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1414.360348][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1414.366551][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1414.372703][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1414.378791][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1414.912251][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1414.918248][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1415.062466][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1415.068688][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1415.862044][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1415.868352][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1417.952054][T11845] Bluetooth: hci0: command 0x1009 tx timeout [ 1420.582299][ C0] net_ratelimit: 20 callbacks suppressed [ 1420.582316][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1420.594169][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1420.600288][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1420.606403][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1420.612551][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1420.618523][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1421.142312][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1421.148434][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1421.302417][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1421.308420][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:25:53 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x1) 15:25:53 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000c00)=ANY=[@ANYRESOCT, @ANYRES64]) openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) syz_open_dev$loop(&(0x7f00000005c0)='/dev/loop#\x00', 0x0, 0x0) gettid() kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x4000000000015, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) 15:25:53 executing program 3: perf_event_open(&(0x7f000025c000)={0x2, 0x70, 0x5aeb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)="2e0000002c008151e00f80ecdb4cb904014865160b0001410c410000000a00140e0006001500cd5edc2976d153b4", 0x2e}], 0x1}, 0x0) 15:25:53 executing program 5: r0 = syz_open_dev$sndseq(&(0x7f0000000080)='/dev/snd/seq\x00', 0x0, 0x0) ioctl$SNDRV_SEQ_IOCTL_UNSUBSCRIBE_PORT(r0, 0x40505331, &(0x7f00000000c0)) 15:25:53 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_SET_TSC_KHZ(r8, 0xaea2, 0x8) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:25:53 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000ab000000ab005c0152e8c9e8c7b044c4e798289b83cf9949d5c4a117467819c77852ff774b"], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:25:54 executing program 5: r0 = socket$unix(0x1, 0x104000000000001, 0x0) fsetxattr$security_selinux(r0, &(0x7f0000000040)='security.selinux\x00', &(0x7f00000000c0)='system_u:object_r:getty_log_t:s0\xea', 0x21, 0x0) 15:25:54 executing program 3: r0 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x1) r1 = socket$inet6(0xa, 0x3, 0x6) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$unix(0x1, 0x5, 0x0) r4 = fcntl$dupfd(r3, 0x0, r2) write$P9_RXATTRCREATE(0xffffffffffffffff, &(0x7f00000000c0)={0x7}, 0x7) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = dup2(r0, r1) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r5, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00'}) write$sndseq(r5, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0x72c6831c) 15:25:54 executing program 5: r0 = socket(0x11, 0x800000003, 0x8) setsockopt$packet_buf(r0, 0x107, 0xf, &(0x7f00000001c0)="a2e6999b", 0x4) bind(r0, &(0x7f0000000080)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) write$binfmt_aout(r0, &(0x7f0000000000)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}}, 0x20) 15:25:54 executing program 3: r0 = socket$inet(0x10, 0x3, 0x0) sendmsg(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000040)="2f0000001c0005c5ffa2ff080d000000020005000e000000190102c9130001000180ae2d0000000f000000a28663b3", 0x2f}], 0x1}, 0x0) kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 15:25:54 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000c00)=ANY=[@ANYRESOCT, @ANYRES64]) openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) syz_open_dev$loop(&(0x7f00000005c0)='/dev/loop#\x00', 0x0, 0x0) gettid() kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x4000000000015, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) [ 1422.184030][T11845] usb 2-1: new high-speed USB device number 83 using dummy_hcd 15:25:54 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r1 = dup2(r0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000240)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$VHOST_SET_VRING_BUSYLOOP_TIMEOUT(r2, 0x40096101, 0x0) [ 1422.422232][T11845] usb 2-1: Using ep0 maxpacket: 16 [ 1422.439757][T27945] QAT: failed to copy from user cfg_data. [ 1422.467368][T27946] QAT: failed to copy from user cfg_data. [ 1422.547063][T11845] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1422.558165][T11845] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1422.571193][T11845] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1422.580401][T11845] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1422.604327][T11845] usb 2-1: config 0 descriptor?? [ 1423.085308][T11845] ortek 0003:05A4:8003.0047: unknown global tag 0xc [ 1423.092232][T11845] ortek 0003:05A4:8003.0047: item 0 4 1 12 parsing failed [ 1423.099904][T11845] ortek: probe of 0003:05A4:8003.0047 failed with error -22 [ 1423.284709][T11845] usb 2-1: USB disconnect, device number 83 [ 1424.022108][T19754] Bluetooth: hci0: command 0x1003 tx timeout [ 1424.028306][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1426.102108][T11845] Bluetooth: hci0: command 0x1001 tx timeout [ 1426.108359][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1426.822192][ C0] net_ratelimit: 20 callbacks suppressed [ 1426.827954][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1426.833997][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1426.840150][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1426.846141][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1426.852262][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1426.858429][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1427.382255][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1427.388249][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1427.552525][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1427.558581][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1428.192088][T19754] Bluetooth: hci0: command 0x1009 tx timeout 15:26:04 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x1) 15:26:04 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000c00)=ANY=[@ANYRESOCT, @ANYRES64]) openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) syz_open_dev$loop(&(0x7f00000005c0)='/dev/loop#\x00', 0x0, 0x0) gettid() kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x4000000000015, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) 15:26:04 executing program 5: getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000caaffb), 0x0) socket(0x10, 0x0, 0x0) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, 0x0, 0x0) add_key$keyring(&(0x7f0000000580)='keyrinf\x00', &(0x7f0000000180)={'yz\x04', 0x3}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$KVM_PPC_GET_PVINFO(0xffffffffffffffff, 0x4080aea1, 0x0) keyctl$chown(0x4, 0x0, 0x0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x5) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000300)='/dev/udmabuf\x00', 0x2) r1 = syz_open_procfs(0x0, 0x0) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000000280)=""/46) renameat(r1, 0x0, 0xffffffffffffffff, 0x0) recvfrom$inet(0xffffffffffffffff, &(0x7f0000000300), 0x0, 0x0, 0x0, 0x0) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff824f400005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcffffff770000000000200000f07000000000000000a4000000000000000000", 0xffffffe5}], 0x2) 15:26:04 executing program 3: r0 = socket$inet6_sctp(0xa, 0x80000000000001, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000444ff8)={0x0, 0x7}, 0x8) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000cf6fe4)=[@in6={0xa, 0x4e23, 0x0, @loopback}], 0x1c) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000107ff8)={0x0, 0x10040000}, 0x8) connect$inet6(r0, &(0x7f00008c0000)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendmmsg(r0, &(0x7f000060d000)=[{{0x0, 0x0, &(0x7f0000c38ff0)=[{&(0x7f0000000080)='\x00', 0x1}], 0x1}}], 0x1, 0x8050) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff}) r2 = socket$inet6(0xa, 0x1000000000002, 0x0) r3 = dup2(r1, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000480)=ANY=[@ANYRES32=0x0, @ANYBLOB="0b0401000100f90c4325e39eae756d5dbdd3d6789d35b1e60550194c58e47e4901e11ce99223886d086a50d5b857b9822fb43b741d36258e6c78e49521d5f183eeeaca03119bf28b18a5454aa8e8eb9819848145071475b55e89899c80706213c817ad9bb8ea2c744c897e0ef20f823ffe120670b350b5000000006ec112fcb845d7f6e5acad59d4682ddf0447ae237c076d7c7a9f95f384912d03b95173c1a98cc6913370f56db56aae46aead77cc53ebf67cf7a5486d0a00766d90c004f3836134fa1a8a1e747d4f3af61be99c807b6952ffb6c0683831db1bd3d05bf7a99f1202e0421ec324a60af7af6c2621872b87f99ee0b2d0158b44730cabe965f708ecc60aff2d38ae456c747594f757442cd3d43138be6efb1d5914d60bcff41cb1f11bcb2af4ffcbcd61ef4eb329fc832b457e6af5f72c3d265a5377928409cdb154585c7ce1e9d9380a98094520c2ad4a8f1e9d01b90be03852364564797f4f9ee34bd55999d3e1fbfdbe914fb897f11062101ec8b466d08b9bd4c164f5773a7037f4ea5742fe8e1daa6b28998066dd0000000000000000000000d7b4977075c2bcbede12f966ed9d5d3cf092b7dca9b9bcff0a1a93579e30b999c345b093e514bec7b22f021b9b9f85c86d3c17e1a7b0f8494145572ed90cb364807b45b4d1ef5fe02278eb977103a6d495a38250e0a9eb5f3257ca86fce34bef661544545a640ea5800083828fa2521ed7b4fcf343758b80b043a9609072d96361525c3da39e0234ced03ea26d67999d63114094272a50f81f5d5251c3dd958cb021c8f20a1c1ffcfb7eca0b01bbde257ed95a0799156e5c6c0c2ab4be1470cb8ce32f4dd7068a296a669659925c98638483e8ab4eed750642e30d090de3215d3b9e501a17420172d89117b5a0e1f6fc646047cf85f9da3b53313addd13689d36646ccbb4abd725930cb7bae947ec492b65a285035bbdaa6935a78a657f0bb59a51ef46a000d2efc9ff6d9bd118926"], 0xa) 15:26:04 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:26:04 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:26:04 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000080)) r1 = syz_open_pts(r0, 0x0) ioctl$TCSETSF(r1, 0x5412, &(0x7f0000000100)={0x3}) 15:26:04 executing program 3: r0 = memfd_create(&(0x7f00000000c0)='queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00', 0x0) r1 = syz_open_dev$sndseq(&(0x7f0000000700)='/dev/snd/seq\x00', 0x0, 0x1) r2 = dup2(r1, r0) ioctl$EXT4_IOC_GROUP_ADD(0xffffffffffffffff, 0x40286608, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x5}) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r2, 0xc08c5332, &(0x7f0000000140)={0x0, 0x0, 0x0, 'queue1\x00\x00\x00\x00\x00\x00\x00\x001;\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x00\x06\x00\x00\x00\x00\x00\xcc\xbf}\xdd\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xb2\x1e\x00'}) write$sndseq(r2, &(0x7f0000000000)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @connect}], 0x72c6831c) 15:26:04 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000c00)=ANY=[@ANYRESOCT, @ANYRES64]) openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) syz_open_dev$loop(&(0x7f00000005c0)='/dev/loop#\x00', 0x0, 0x0) gettid() kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x4000000000015, &(0x7f0000000100)) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) [ 1432.462305][T19754] usb 2-1: new high-speed USB device number 84 using dummy_hcd 15:26:04 executing program 5: r0 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz', 0x2}, &(0x7f0000000080)="b6f607b307739a4b38", 0x9, 0xfffffffffffffff8) keyctl$negate(0xd, r0, 0x2, 0xfffffffffffffff8) r1 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz', 0x0}, &(0x7f0000000140)="8db0e908", 0x4, 0xfffffffffffffffd) r2 = add_key(&(0x7f0000000200)='.request_key_auth\x00', &(0x7f0000000240)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffa) keyctl$search(0xa, r1, &(0x7f0000000180)='asymmetric\x00', &(0x7f00000001c0)={'syz', 0x3}, r2) r3 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000280)='cgroup.controllers\x00', 0x0, 0x0) ioctl$VIDIOC_S_DV_TIMINGS(r3, 0xc0845657, &(0x7f00000002c0)={0x0, @reserved}) r4 = add_key$keyring(&(0x7f0000000480)='keyring\x00', &(0x7f00000004c0)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffc) add_key$user(&(0x7f0000000380)='user\x00', &(0x7f00000003c0)={'syz', 0x3}, &(0x7f0000000400)="0cae56d9f73ea108121b6e88a9c32b25326add5aa522567ba64b149a03d522c169d91f3cbe008cf3d71625cfa30e5cbb5284ccd7ec509dba73d296d343f6be89e3accb8d4eb8b20686aca44bdb1852dc78978495c617e9c9ca957781c8", 0x5d, r4) r5 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000500)='/dev/dlm-monitor\x00', 0x27269502bd810666, 0x0) ioctl$VIDIOC_S_CTRL(r5, 0xc008561c, &(0x7f0000000540)={0x2}) read$hiddev(r3, &(0x7f0000000580)=""/212, 0xd4) r6 = socket$isdn(0x22, 0x3, 0x12) fcntl$setstatus(r6, 0x4, 0x41600) init_module(&(0x7f0000000680)='wlan1securityppp1@lo*md5sumproc\x00', 0x20, &(0x7f00000006c0)='\x00') ioctl$TUNSETTXFILTER(r3, 0x400454d1, &(0x7f0000000700)={0x3, 0x3, [@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @remote, @local]}) r7 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000740)='/dev/vcs\x00', 0x60800, 0x0) setsockopt$l2tp_PPPOL2TP_SO_LNSMODE(r7, 0x111, 0x4, 0x0, 0x4) fcntl$getownex(0xffffffffffffffff, 0x10, &(0x7f0000000780)={0x0, 0x0}) ptrace$getenv(0x4201, r8, 0xad, &(0x7f00000007c0)) r9 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000800)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) ioctl$EXT4_IOC_GROUP_EXTEND(r9, 0x40086607, &(0x7f0000000840)=0x9) sendmsg$SEG6_CMD_GET_TUNSRC(0xffffffffffffffff, &(0x7f0000000940)={&(0x7f0000000880)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000000900)={&(0x7f00000008c0)={0x20, 0x0, 0x2, 0x70bd2a, 0x25dfdbfd, {}, [@SEG6_ATTR_SECRET={0xc, 0x4, [0x5, 0x2]}]}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x1cff136a6a698128) setxattr$trusted_overlay_redirect(&(0x7f0000000980)='./file0\x00', &(0x7f00000009c0)='trusted.overlay.redirect\x00', &(0x7f0000000a00)='./file0\x00', 0x8, 0x1) r10 = gettid() getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000a40)={0x0}, &(0x7f0000000a80)=0xc) rt_tgsigqueueinfo(r10, r11, 0x2c, &(0x7f0000000ac0)={0x23, 0xfb6, 0x3}) r12 = socket$inet(0x2, 0x1, 0x3) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r7, 0x84, 0x6d, &(0x7f0000000b40)={0x0, 0x1000, "7ef4bc1d93238afd409abdeef96ed08fd575f57d80ce551e1bb158881fecf22c96ce1026341330c13bdb791c85044b7bceadc30a3dc6e301b018f0350cf62c9989858e244b3413b80cf66bc6ce470b2c068c1b3b16780223a28a9f0d4af015f14770d9a97b7bbb8c1b3a4ab528392d07edde2239643777be3cd04d1698d606464b8b63521bb645e3fc42d4c8cf0b99ca15311dc87f1cd25aa5282e10c3fffd0f00d5fc45ffc495a08954df64dd8f4ab6a107475eec5671faf8372cd77fa5b7c179e442eb5b1ead42b00132163ee38babf945a6bde7fc61cf380ff0ea42949ccbd07ad07754d7175ffaf6780ea094bbb3f76f07ce8b99257408648b029a6cfb766d67c35e01f4d6d3521760be024e4c6fd8b6c80dbca28d933476455e3d4138057178fe62e6a70e759c8f0a03375d672e0c2cf4c0d476cc319cd258a6201232d589c376dcc3f20330ca24c090d5585f6485e8c0e4bda483557b363949cabdfc96b58277b1f87b98eb9db21d3f33279669e7f743e22346afe3ffc42403c7e3b648c9f4efbc420bd244c2264121e525bb043cb5af96ed47bead9fd90890495878da85060feae45724a601fa281cb6d253963e06a8eb3c2b53aa9fe5007989ab5703e0912bbdb3d593f847f1fc6648290733a56e4d9b2490c3161f3a2f359ded8b331fff989c5dd8c42f57257c75410680d7c44057d3a31b412f805d4714804010f3574600a2ec01c585b48e47764688500b756104572897d94bb7b0a43ec301a346397d4ce9f6f35607bd06cf1130729a320db6f529fe1094c15360424df60073f44a0a47d3aaa39e2b02586a74a36a9b218afc394e717a5cc634802eaa5b54cfde584106530847a1c4ef382532b79b4dd10babfff8804e99b49cf63b3c2c25532d37f71e77f65407eabf78e0a907125f85f68cff2d83260c825cb25b4e1812bf458acadafbcb0000caa30b9fd6d754847f67a0422663e77bc730a007720cccc39a0617b02467f8b86fe4ea9b28b3b7b245e202cb8ff52a94cfc89408943d4e7052be08c069526973c059f403ff4136b7a1643dc817b930336957853540753f1681adc085569838bccb8460c125a3caf7b1fb9fa5edf85dfcbdbce166c61cfd49c9f0b84c6075d5da8a4ce9c6e2214eac9d8bdf3a34e558c28e16aef111a5cd3e6baddd2d4900166f8eb8cb6fe2e1b1b36a6451d8d26dcf18a6908e5a04e19ee008894d5a3b43484dafdd953f30f8a8c4a795214fc2f695dad53a35976373f0a1be490a0de69f8fc33643a6f972999354605a2bb8f2eec286a4bd181e00bc3ae8e8486d68c31f8657d7a61d4331a77776452d4aaf979f4e567c01dd546a93d4ea3a01df523aa1fbd219794edf3b99a335aa914af9d46a16dcb73408ed620c6a007b3ad2bf0e9bc76f56f50ab6eebaf853ad076e9faeb01017129961854d57b9103ca77428ac6fddd6346380a2ec12c8d5548756acc282ece25cb184da4bd0fbced743265d58c38c5643afb948aef02331ee373d5471f139ecfac57c1f63d0ad82cc9c247c980ca9881ab49323331826a402ab04b1d0654245f0ecffe0ef23f1a50ab164f4c5d33254cd35d704a18d31aa566a8ea583d31d93056081d302329ceefd24e10a46b54c9c98dc0946c7d60e23ae753f330cf63451169686f3ef730c889f6aa1ff62958dee89fc278cc16b585c72e482bbda3d7c4c8c58d5c89f867656ce87339db7de411246b5270f0b05e0a5f6e601d7d2883baf6f0fb48a0b60edd16ca2afc2ef2971009b3015b2f5756beff6073aff4234a74acc085159ce007a3ddd78e1696aaeb1dbbb1d39375da1dc3878dde99b8b93eba507d46bf2afb8d662dc6b387a13ba3a5cc6474cad8d028241b1d90eb65282575b1fd8b74e85fd6176f0f6f8a6a6da64f946eec87b609a874ee60a643c35c83f12e0a0ead398722fa752c3315a4909220dca51ae2483ba1aa3a0aa5651ed23cff011ae9c9e219fd6fb9a0eb7ee1a59ada7e0ef2664f550df397add5f16f09f78dbb346cd1bec941479d08ca288342266c309e20569d4a12677ecf043746c32ae347f17562c6d604b60e5bf3fbeff228b2b2a219706c0474a1eebf0d6f5934db9164d7b4c8b83fca79fef00f4e777624c71f3160827249fb54e2b985ba1b1b2af15bdb34e156e2f5d54386370fe1ec88c7ff1ea4b83004676bf6b28277809b9052ddd9872a3cb318c173a572f243d8765041e55b4a68c53ed81f327650ce42996f290cf35aeb9f802fe7c83991c511af2ad50298ea5097e510e7e5f96a757b7f17793a77415d31aabc4f65b3211ab139e74766042d6e66048832fa86ff3dd36ec7fbe4e2bf9f57f89f1e6c607ae14797913a0cbf74a8f45d0c533d86228e05345a86d5c0e8a34a2d2abd69e5af7229927938f4669003313391625d43d73ee766857b009c3f58cc646312850e408479f877b6a571cf8ba9f0aa1cb7364c2911cb5918babf599385d364842cdfa1dabe0ea52f256c21361911f55142e3400deacb363077909f89b312754b9cd97bd373ea03811e53f1081c78bcf39ba1f4a3c9a1518d7c6b2ea09769c45469ec6de574acc4be205a77da9acd782fd3b2f02ad7837d513d3e0c0077a245a23a3e95535562a3222a5822a2325e8f806b782dc51f964beb6a2825da683bc2f8660c800550892ad95ccdfd2b7b05323a1e0f6bda497b8a648e153f28ebdc324ef682382ae1792b3c60afbb9fc77c03acbf57d59316cd498eb58197d48f0bbc1bc2b7e0902444d8b9735d86f24bcf0b9b63bda8fc062ac0733791a027263bb8cd9572f877d108332a95f2d46b0a669e6db7ea2d22b1790982906f53e97909aa4b082627f1b3fc49580b210eae91796b025a2e3eabd24bb9d98c072afa8750befe2b7b76822446fbd460de2de99c1a81344fd4104f0e6731f506812ad70cd27718e78781e6cc7c63f3a6ecc7332539488351d945a2b116119c72e902b7a504cc783f123a665fae92aeb1cfb0460bcc950f27f459b07e56be8e571bbf1598079205c76b5a0a4de7855a8022583a41d422757add9d2ba5b3570450770ab0443c78d7bd10434440a9bd7fcfd88e0457c3eb74c547407ac440a2283fbb8b4b2fe763dbd6512ce73231a25c27afe22fb99fe392052d2d6c0f4bce0330b4bac89cf81e615e84c86a35fd6236776500063bbe6eb34494a0cbd69904180d55822c63a9850ade22cb64ba52b3063215185836856cd7d12aa42d361e731f28e3c458dbcc36d4e7f9a0684e4b74ae302c0a5c3e28c31c4202ba5de8a9c20c609026ea5e0f2d064290589a37761dd766d60cc4c7b6ef2e4f33b0a3b225952eb300804d0689cd755303b3f3a156354708a42f1bd9aa661f5b7f20153185df1a4f51496358710821d8a3c7dd9a81e7dcd25823cb8e54fb2db7bc0f13bbaf6501b5bed2ef9416288c61e8c301d86a61775ed851958dbc5c5c9aad3b2ac7cdfafabdcbd8f5a69d6625a35a9aa5ed6772dc80525dcd99af77cf43f4163c8d7e2d0c745d7a4a5b8c98599e95328de53a152ad13de025cdcf322c60ba6f11d5b051f04bb68debe26e0d55358ccf824501c564c7b8e559a877464452b3c5d231f3e16887d9e99753e2912f9fb1cad8720ed7e67cbfd61027d7579a9290f5a6831ebeac4fd0433097e6e6688f4a7a8b662bc457ff450b3150ec7ce4e06fb31a1340f8be36cabf85de6201f7547725649ffb8d904fb1af11b6719c17a391af863f6b3fc14e239ea67c98a8818ad1f1446c3d6a3fe86d3ae58dd9b557f5f8e2d634dc76ee6e0d2f209e056de2a54992db901f931bfe8ce1f828ec998a65a78b8427ea06d460618006aa4a248b7ec5138ad96a6cacba6e01d4b24bac9e1a0d1b18fcabf5c9e83f67f5d53bb54f2a9e0e641412d8bd3ecc87cc1e8df213272bb0d8414c3e75a1dbfe246246a6ef3cb40ebfbb833011c8c9bae5bfcdd2c2ac85f783d2e729f520430415410c432c958faaf803d440090879f9a3374784965ccd2dca14401208ab377873083648a61f6afb3ba3f54536114fe67eeef6aa2afd300651146a33d1ad81716edae5f74b17abd47d6cc6473ac35f22f60b3b49d321f8945b73131ab684141a8aeded46741153f9fdc1a4196fed588fdccf3fb4ea94452fe9fe2e39cac01f5788e4bad007f85e932a4c42a3edc47ac1f6e78d23bd1665ed4501253e461c7ec9f881e661fc8e199b3cea6d310f788f7d59a11069800a9eda4510a874abfdf3d15a55ba7d8531e1daa59ad478c8120c0ae65ac0597cfb39b1ba0389149e6c01ac2bd2470a53fbea3d9942a2c39d4e03717bd0cea3319c77eec67da68deddda1cf617315f3862d472be4fb45c3aa577e10adc4b8db8720abbc287630d0b45682b4552fcf91232b9f5b0304397af3468b6d46323a62b9607e7cc0ebf5f590ec9f3bc8dcec5bdfa7bcc25b52e9df0b8a92db19e6212a5a0edd8e06614e2edf04acf676d89c6ad994ecd1166a4b0997666a3432523577e905170a8d0c80505940208917c3a5a834350ec09605c276291fdb40b875519fb067bb68a66b44f0eab883f09068e97488244bca8d408ec58e07cb90806a1e0e058e3d9fda981a2e7f231725f9e249a1f451fbe336828ae86d1938d95f340b02737e24b80f7201c2e6c5413c98ebc8b30eb68e0551d996a5031b5e09d5087bc1600b877e6583498723fece0a2bc6055a11f6a002b820da53485bef7671ad1fa41d8338501880e11fabe9bf73e5d989f7f6253f1fd03b5eee0f80ee4ed2d321d2c85eec779c4f42af1ccf34afcf8ce929af7d6f2e28542c17be5aa774eb96bfbef865af4095428ceeff5e9ea81c26294dbfd9a9d591dab15737490e502dce6d22c7a6b2b6f5568c53a4cededd3c78aaeb97440042ae7241b661a936af780e6dd095744b6fd500499423aa813a2b9e7caca76c4c28d56cb27fb439db79fbdba2cca670c8a74da05b4559a212467e7db0922f59782b618eb18a0bc7a2e3f5399734363981d5e164bc55b87c60c1ce0a0402fac2014ef45225ff8751974814261f75d964a3d3168717ecc171e5469bbb7a685f89a6b458c2b448ffa37c27bb3c2f8554b0d0f52360a586413c3d49cc3c1a94e5ff5dedeafd09b931b7e4a5ceb622f6f32fe6f913695fed4a113d0a2119ed85deb28c75ba3f02efed2040b0808e301ab6175c35abced219f5501a08f8018a35dc4f81944beb0627366d6f3c7cd4f1b07e6b95c24bc2bb75bdca0d538ffd5f805e56f1c5bb2ed17faa302c151f76db544c15b0c13e9467d2a300e50f7c546a4d88523696b2cedf452eb685ab104cb8c6ab74ea428a239b91846120525288368c518351df1198a9f2abb3d654a8a3f599a74653f537e1df0aca3c40bab79ad1db6934fa17dba3eae56583cd19471fa9c47ab63ab7ba494300a81b4227a10daa97aa253f3113a54c95e48d0265b0b9c97fe69d19715c62f1237c16d9660a04de13d740a41777be49029f8a159c7dd74e8e130ab76d6ffcbfe08e72f48d91977931bd813538c2ba1e6308981b02129ceb4d915620f1f903c636debb3a6c8685d85211662a146676121a65d4d69bb617b597c9049faa153cfab210e5e15505f6dcf7e5ad7b760daaa0caf69c08d026b1d017ef3ace9e04fdddfe4eeeeffba1f8a07ad1bb33d9156abc263d4a85c0963c0352a337a2dbe94fadce93cd6e91c1498a78a0454a7c2d3b7ad2ea82b15e10bfbb0e23143a47359dfc5eb17a9112cd539f8cdda789027789a840b400dbc8c9157b775fa4a4df1825480e9fe6bde8b7b3cc5130b"}, &(0x7f0000001b80)=0x1008) getsockopt$inet_sctp_SCTP_PEER_AUTH_CHUNKS(r12, 0x84, 0x1a, &(0x7f0000001bc0)={r13, 0x46, "cb9074a73853df353ca411862cc7cd17eea963806d380e3614be8d96ec87b000ded0cfb1f0ace9fa139044d6926857c3404018f005be3a681ea39502459bbbf85fc473225cb1"}, &(0x7f0000001c40)=0x4e) 15:26:04 executing program 3: r0 = socket$kcm(0xa, 0x2, 0x73) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @loopback}, 0x69) connect(r0, &(0x7f0000000180)=@in6={0xa, 0x0, 0x0, @dev, 0x6}, 0x80) write$binfmt_elf32(r0, 0x0, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) connect$bt_rfcomm(r1, &(0x7f0000000080)={0x1f, {0x1, 0x6, 0x9b, 0x0, 0xf8, 0x81}, 0x5c}, 0xa) 15:26:04 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000c00)=ANY=[@ANYRESOCT, @ANYRES64]) openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) syz_open_dev$loop(&(0x7f00000005c0)='/dev/loop#\x00', 0x0, 0x0) gettid() kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) r2 = getpid() rt_tgsigqueueinfo(r2, r2, 0x4000000000015, &(0x7f0000000100)) [ 1432.702034][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1432.826152][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1432.837871][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1432.837977][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1432.860265][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1432.878185][T19754] usb 2-1: config 0 descriptor?? [ 1433.062350][ C0] net_ratelimit: 20 callbacks suppressed [ 1433.062368][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1433.074391][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1433.080725][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1433.086991][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1433.093457][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1433.099703][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1433.612133][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1433.618341][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1433.625575][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1433.626056][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1433.640490][T19754] usb 2-1: USB disconnect, device number 84 [ 1433.782387][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1433.788872][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1434.262032][T11845] Bluetooth: hci0: command 0x1003 tx timeout [ 1434.268265][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1436.342095][T11845] Bluetooth: hci0: command 0x1001 tx timeout [ 1436.348302][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1438.422064][T19754] Bluetooth: hci0: command 0x1009 tx timeout [ 1439.302514][ C0] net_ratelimit: 20 callbacks suppressed [ 1439.308331][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1439.314343][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1439.320467][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1439.326453][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1439.332602][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1439.338565][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1439.862279][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1439.868281][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1440.022507][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1440.028631][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:26:14 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r1, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r1, 0x400455c8, 0x1) 15:26:14 executing program 3: socket$inet6(0x10, 0x2, 0x0) socketpair$unix(0x1, 0xf4112d62528153ae, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r1, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) sendmsg(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000580)}, 0x0) 15:26:14 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000c00)=ANY=[@ANYRESOCT, @ANYRES64]) openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) syz_open_dev$loop(&(0x7f00000005c0)='/dev/loop#\x00', 0x0, 0x0) gettid() kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) getpid() 15:26:14 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) getsockopt$IP_VS_SO_GET_DAEMON(r2, 0x0, 0x487, &(0x7f0000000000), &(0x7f0000000140)=0x30) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$USBDEVFS_GET_CAPABILITIES(r5, 0x8004551a, &(0x7f00000001c0)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) getsockopt$inet_sctp_SCTP_DELAYED_SACK(r9, 0x84, 0x10, &(0x7f0000000200)=@sack_info={0x0, 0x6, 0x6}, &(0x7f0000000240)=0xc) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(r7, 0x84, 0x70, &(0x7f0000000300)={r10, @in6={{0xa, 0x4e23, 0x9, @rand_addr="e62ee9d7187fdcb36d37ceb13d28e8d0", 0x7ff}}, [0x7ff, 0x3, 0x8, 0x3f, 0xe2, 0xffffffff, 0x0, 0x2, 0x9, 0x1, 0xd652, 0x12fb, 0x5, 0x5, 0x7]}, &(0x7f0000000280)=0x100) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000040)={0x2, 0x0, @ioapic={0x0, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1ff}]}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 15:26:14 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:26:14 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:26:14 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000c00)=ANY=[@ANYRESOCT, @ANYRES64]) openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) syz_open_dev$loop(&(0x7f00000005c0)='/dev/loop#\x00', 0x0, 0x0) gettid() kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) 15:26:14 executing program 3: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b7050000000000006110860000000000450000000080847eae99bf805720db83"], &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x3}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = msgget(0x2, 0x20) msgctl$IPC_RMID(r1, 0x0) r2 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) write$P9_RSTAT(r2, &(0x7f0000000080)={0x7e, 0x7d, 0x2, {0x0, 0x77, 0x93, 0x5, {0x0, 0x3, 0x2}, 0xba800000, 0x8, 0x9, 0x5, 0x0, '', 0x1a, 'nodeveth0md5sumppp1-vmnet1', 0x11, ',:]selinux@[GPL!+', 0x19, '^-.^]userproc,(pvboxnet0#'}}, 0x7e) 15:26:14 executing program 3: r0 = bpf$MAP_CREATE(0x0, &(0x7f00000001c0)={0x15, 0x1000000010, 0x3}, 0x3c) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff}) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = syz_open_dev$amidi(&(0x7f0000000000)='/dev/amidi#\x00', 0x0, 0x212000) ioctl$KVM_PPC_GET_PVINFO(r3, 0x4080aea1, &(0x7f0000000040)=""/115) r4 = dup2(r2, r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x1, 0x5, &(0x7f0000000600)=ANY=[@ANYBLOB="188b8e4eaa7b98ed8e000000007d3fa82a4a3e94901fa52573a97a000000189101c265419875d4587eece24b3bd298f0a3dc581d947305", @ANYRES32=r0, @ANYBLOB="000000000000000095000000000000009de7a2f9b8159319ee8f083a098b7f5ced998db3fa42fdfebb92e090001c706196fa63fe6414e7be9c07425fb44740297fa2c40cea843557cd9ec83e84063ba310b12f03bef0aaaba000848ec4c29a0b765e21887f33f80f79aeff18fd3b844c1553135cf10dcf2c2f790c8646d5961ca86d8d61c2f5cb04a2b2dbc9cfdf12f52bb54978c5c58133f1c0fc96116243cb7b2be266dbaeca25181cb1a88b5bc33c656b1f823e01c471c4a2e21e8b45d0321b8514afced8ed0d2e1fe8"], &(0x7f00000003c0)='\x00\x00\x00\x00\x00\x00\x00\xeb\xff\xff(1\x18\xc7\xc1\xde\xdc(,J\\\xc4hM=\xf4\x04\xd0\xe9\'rT\x8dm\x1a?\x1a\b\x93\x82\xbf\xfe\x83\xcb4tX{$\x9f\xbfHY\x1e;\xd0\xcf\xdb&\x12G\xfd\xd7\xe71\xd8K\x9b\xc9\x14C\xf5$\xd0\x93k\x12u\x9eMM\x03\x00\x00\x00\xc8\x83\x16\x9c2)\xaa\x9fh\xa4\xd2\x0f\x98.\x06t^\xc0\xcd\x95\x81*\xece1\x9e*3\xfa\xb5=\xd2\x1e-\xd3]}\xa7\xbfDZn\xd4\x82\x19\xfb\x1bjE\xc3D\xd8\xd56G\xd9\xc3\x90\xf5\xb9\xdc\x98\xb8\x8f=\xdf\xf0,e\x1dl\xe0\xc5\x80\a\xb1\xad\xbf\xc5\x88!j\xce\x00\x00\x00\x00\x00\x00\xc8\ri\x1fq\x03\x9f\xdc\x9c2\n\x81\x1c\x1fR\xd48\n\xc0\x1apC\'\xd8G\xaa\x02\x90\xa4;\xf6\x91Ev\xe9\xd3\xd4', 0x4, 0x90, &(0x7f0000000200)=""/144, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0}, 0x70) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r5) socket$inet6_sctp(0xa, 0x5, 0x84) fallocate(r5, 0x40, 0xffffffffffffffff, 0x4) 15:26:14 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000c00)=ANY=[@ANYRESOCT, @ANYRES64]) openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) syz_open_dev$loop(&(0x7f00000005c0)='/dev/loop#\x00', 0x0, 0x0) gettid() kcmp(0x0, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff) 15:26:14 executing program 5: r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @remote, 0x4}, 0x1c) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_UPDATE_ELEM(0x2, 0x0, 0x0) faccessat(0xffffffffffffffff, 0x0, 0x0, 0x0) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffff9c, 0x0, 0x0) r1 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x2, 0x10000) ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f0000000180)={0x2, 0x3, 0x600000}) setsockopt$SO_BINDTODEVICE(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(0xffffffffffffffff, 0x107, 0x12, 0x0, 0x0) connect$inet6(0xffffffffffffffff, &(0x7f0000000300)={0xa, 0x0, 0x0, @ipv4={[], [], @multicast1}}, 0x1c) syz_open_procfs(0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000480)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(r3, 0x0, 0x0, 0x800, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) splice(r3, 0x0, r2, 0x0, 0x7fffffff, 0x0) sendto$packet(r3, &(0x7f0000000340), 0xfffffffffffffd4d, 0x0, 0x0, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r3, 0x29, 0x41, &(0x7f0000000100)={'nat\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x78) [ 1442.719119][T11845] usb 2-1: new high-speed USB device number 85 using dummy_hcd 15:26:14 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000c00)=ANY=[@ANYRESOCT, @ANYRES64]) openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) syz_open_dev$loop(&(0x7f00000005c0)='/dev/loop#\x00', 0x0, 0x0) gettid() [ 1443.013989][T11845] usb 2-1: Using ep0 maxpacket: 16 [ 1443.142402][T11845] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1443.153644][T11845] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1443.166799][T11845] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1443.175969][T11845] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1443.185831][T11845] usb 2-1: config 0 descriptor?? [ 1443.912407][T11845] usbhid 2-1:0.0: can't add hid device: -71 [ 1443.918584][T11845] usbhid: probe of 2-1:0.0 failed with error -71 [ 1443.927565][T11845] usb 2-1: USB disconnect, device number 85 [ 1444.501990][T11845] Bluetooth: hci0: command 0x1003 tx timeout [ 1444.508194][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1445.542368][ C0] net_ratelimit: 20 callbacks suppressed [ 1445.542391][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1445.554433][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1445.560603][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1445.566757][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1445.573098][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1445.579110][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1446.102247][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1446.108237][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1446.262281][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1446.268483][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1446.592063][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1446.598438][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1448.662059][T11845] Bluetooth: hci0: command 0x1009 tx timeout [ 1451.782294][ C0] net_ratelimit: 20 callbacks suppressed [ 1451.782307][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1451.794313][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1451.800417][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1451.806549][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1451.812693][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1451.818664][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1452.342207][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1452.348288][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1452.502211][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1452.508199][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:26:24 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:26:24 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000500)='/dev/nullb0\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x200000d, 0x12, r0, 0x0) r1 = socket$can_raw(0x1d, 0x3, 0x1) openat$vimc0(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video0\x00', 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_TRY_FMT(r3, 0xc0d05640, &(0x7f0000000140)={0xa, @sliced={0x40, [0x2, 0x6, 0xfff8, 0x6, 0x8, 0x4, 0x3, 0xeb68, 0x4, 0x9, 0x3, 0x7, 0xe143, 0xff, 0x7fff, 0x7f, 0x2, 0xfffe, 0x6, 0x1f, 0x2, 0x1, 0xffff, 0xfff, 0x9, 0x50b, 0xff53, 0x100, 0x800, 0x7, 0x9bf, 0x8000, 0x3, 0x9, 0xfc00, 0x401, 0xfffd, 0xa5a2, 0x2, 0x5, 0x6, 0x80, 0x81, 0x8, 0x9, 0xfff, 0x1ff, 0x9], 0xe74}}) getsockopt$bt_hci(r1, 0x65, 0x6, 0x0, &(0x7f0000000100)) 15:26:24 executing program 5: bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x2000000000000048, &(0x7f0000000040)=ANY=[@ANYBLOB="b40500000000000071101800000000002f050000001000009500000000000000"], &(0x7f0000003ff6)='G\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, [], 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$VHOST_SET_VRING_BASE(r1, 0x4008af12, &(0x7f0000000080)={0x1, 0x6}) 15:26:24 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000c00)=ANY=[@ANYRESOCT, @ANYRES64]) openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) syz_open_dev$loop(&(0x7f00000005c0)='/dev/loop#\x00', 0x0, 0x0) 15:26:24 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:26:24 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:26:24 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000c00)=ANY=[@ANYRESOCT, @ANYRES64]) openat$null(0xffffffffffffff9c, &(0x7f0000000240)='/dev/null\x00', 0x0, 0x0) 15:26:24 executing program 5: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000016000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000080)="baa100b000eef36cba2100ec66b9800000c00f326635001000000f30bad104ecc80080d267d9f8f30f1bb429000f20c06635200000000f22c067f3af", 0x3c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) syz_open_dev$dmmidi(&(0x7f0000000040)='/dev/dmmidi#\x00', 0x1, 0x100) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f000002a000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) [ 1452.922230][T11845] usb 2-1: new high-speed USB device number 86 using dummy_hcd 15:26:25 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) ioctl$sock_bt_bnep_BNEPCONNADD(0xffffffffffffffff, 0x400442c8, &(0x7f0000000c00)=ANY=[@ANYRESOCT, @ANYRES64]) 15:26:25 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1453.168675][T11845] usb 2-1: Using ep0 maxpacket: 16 15:26:25 executing program 5: r0 = syz_open_procfs(0x0, &(0x7f0000000080)='net/dev_snmp6\x00') r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040)='/dev/ptmx\x00', 0x0, 0x0) r2 = openat$smack_task_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self/attr/current\x00', 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000001040)=@nat={'nat\x00', 0x19, 0x4, 0xd70, [0x200002c0, 0x0, 0x0, 0x200002f0, 0x20000524], 0x0, &(0x7f0000000280), &(0x7f00000010c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff020000000300000020000000441f73797a6b616c6c65723100000000000067726574617030000000000000000000767863616e31000000000000000000006272696467655f736c6176655f3100000180c200000e00ff00fe0000ffffffffffff73ffff0000006e000000d6000000260100006172707265706c7900000000000000000000000000000000000000000000000010000000000000000180c20000030000fcffffff000000004155444954000000000000000000000000000000000000000000000000000000080000000000000003000000000000004c45440000000000000000000000000000000000000000000000000000000000280000000000000073797a31000000000000000000000000000000000000000000000000ff0f0000080000000000000005000000a0e66997001c76657468305f746f5f68737200000000626f6e643000000000000000000000007665746830000000000000000000000000000000000000000000000000000000aaaaaaaaaa2b6d0000ffff00aaaaaaaaaaaaff00fffeffff6e000000a6000000de000000736e61740000000000000000000000000000000000000000000000000000000010000000000000000000000000000000fcffffff00000000736e6174000000000000000000000000000000000000000000000000000000001000000000000000ffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000020000000500000008000000001065727370616e3000000000000000000065727370616e30000000000000000000626f6e64300000000000000000000000626f6e64300000000000000000000000000000000000ffff7fffff000180c200000e000000ff00004e09000086090000be0900006e66616363740000000000000000000000000000000000000000000000000000280000000000000073797a31000000000000000000000000000000000000000000000000000000000300000000000000616d6f6e67000000000000000000000000000000000000000000000000000000680800000000000000000000000000000100000000000080ff7f00000200000006000000070000000100000004000000f9ffffff090000000500000016000000030000000100000005000000040000001f00000008000000ff030000010001000200000002000000000001000200000040000000020000000000000004000000ff000000f9ffffffbba30000030000000900000035fb000020000000050000000800000001000000f7ffffff0200000008000000d19e0000000100000600000004000000de0000000080fffff00e000000020000ffffff7f18000000000000caf9ffffff020000000004000000000000370f000002000000ff070000ffff00008e0000000100000001000000050000000600000001000000ff0000000200000007000000c0000000749d000008000000020000000002000000100000050000000d0000000080000000000000a35c000005000000000000000c4bea024006000009000000ff0100005c00000006000000e5a8000006000000ff000000ff00000001000000050000000002000020e50000350300000200000004000000080000000500000000000000470000008000000003000000010100000400000006000000ffffff7f0200000001010000ff0f000009000000832c000000c0819e0400000043020000ff030000010400000500000006000000c602000002000000001000000101000004000000ff07000014770e7e980000000000000000800000800000000900000009000000090000002b1d0000060000006b0000000000000002000000ff03000004000000ff7f000007000000040000000600000001000000ff0f000049080000040000000200000009000000f003000034cb0a030400000008000000030000000900000081000000fc0f0000ffffff7f07000000018000000080000005000000030000004000000044440000000000000500000007000000090000000900000000000080010001000100000004000000080000008d000000080000000108ffffff01000001800000d3030000ff00000005000000470000000600000000000100ff0000000600000009000000ffffff7f2000000013000000fdffffff05000000b6ce0000000000000700000008000000ff0700001b0300000000010006000000060000004a07000001000000560500000800000006000000010000001f000000070000006daa0000f47f0000feffffff008000000700000005000000b80e000009000000114b000004000000ffffffff00000000ec23737c0180000000020000ff0f0000020000000800000006000000ff0f00000108000003000000ad0000000200000009000000040000000101000006000000ffffff7fffffffff0700000000800000070000000200001f00000040000000ff7f00002600000001000000220c0000010000000600000080000000020000000000000002000000ac1414bb810000005cfe0000ac14142309000000c6b000000000000036fdffffc00000000300000000010000080000000000008001000000060000000100000003000000ffffffff3dd800000700000002000000040000007600000001000000cb72000004000000f400000002000000dd0d000006000000030000006f180000ff070000020000000800000005000000090000008f0000000e0000000000000000000000ffffffff0300000900000006000000350e0000010000800002000000000000580c0000000000000400000003000000e1ffffff0600000001800000040000000600000009000000ff070000ff030000000000005e000000ff030000fffffffff7ffffff000001000200000003000000e30500000200000000000100ec0b0000000000800400000000800000fc010000ff7f000003000000ff0000007f00000080000000010000000700000004000000128a00000200000000000000fffffffffb00000003000000090000000600000007000000a407000000010000010000000600000005000000050000009900000000000000040000000600000056110000080000002000000002000000ffffffff070000000900000000000000010100000000000006000000ff7f000000800100020000001d0000000000000004000000000200000300000001000080060000000800000004000000ff070000c40200003f00000004000000d8060000cd000000ad0f000097b8000048ffffff0800000000800000000400000600000020000000030000001a000000010000804f0a00000300000002000000265f00003f0000000e87000005000000ff7f0000010100000008000081000000faffffffd5fe0000000000000700000000020000030000000100000003000000ff7f0000ffffff7f00000a0000fcffff05000000000001000ff5000000000000040000000100000008000000c603000009000000000000000000000000000000d80000000300000005000000070000000900000000000000070000000500000000800000070000000500000009000000e10b0000b6030000ffff0000ff0300000200000004000000810f00000104000064a90000800000000200000009000000fffbffff06000000070000000001000003000000df0a000006000000ffffff7f020000000900000007000000050000000100000008000000410e000001000080f8ffffff0400000002000000f99e000000040000060000009800000008000000e93b47340000010003000000de2600008100000003000000030000000600000081000000e206000000080000ffffff7f03000000ff0000000000010009000000070000000002000000000000ffffffff0300000000040000c90d0000ff7f0000ffff0000ffff000003000000040000008745791dfaffffff200000000008000004000000040000000000000000000080000000001f00000033000000ac1414aa010000807f000000e00000010500000009000000e0000002000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaa210000fdffffff000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000aaaaaaaaaabb0000feffffff00000000090000004500000060076272696467655f736c6176655f310000677265300000000000000000000000006970366772653000000000000000000076657468315f746f5f7465616d000000ffffffffffff00ff00fe017f0180c2000003ffff00007f016e000000e60000001e0100006e666c6f6700000000000000000000000000000000000000000000000000000050000000000000000000000004000900000000000de72eb20809a5c4bb359f5231ca5368afb9ace70bdd9ffaece3dfd25a654b2f85f94ea206835fa16498a4bc7f49ed4eff2261e97fa5559e50a3d0cfd07176b5000000006172707265706c790000000000000000000000000000000000000000000000001000000000000000ffffffffffff0000e31f470e00000000bde5d46f9f77bf0d50f7ce93005afc53fe91e4083e431c993cdafebedfe59392e8c51f1632799a548eff7e8eb0ee080000000000e668da2b3e5dceadaf010b7f013a2cb86e2a2336f2136d2fde6068e478fe6d24b6aa7c2b2f3ce89e4611e5f221219807c102904b"]}, 0xe46) r7 = signalfd4(r4, &(0x7f0000000140)={0xf81}, 0x0, 0x80000) ioctl$FICLONE(r2, 0x40049409, r7) ioctl$TCSETS(r1, 0x40045431, &(0x7f00003b9fdc)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = fcntl$dupfd(r8, 0x0, r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) r11 = syz_open_dev$sndpcmp(&(0x7f00000001c0)='/dev/snd/pcmC#D#p\x00', 0x0, 0x9dac0) ioctl$HIDIOCGRAWNAME(r11, 0x80404804, &(0x7f0000000200)) r12 = gettid() ioctl$sock_SIOCSPGRP(r9, 0x8902, &(0x7f0000000240)=r12) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0x400454d0, 0xb) r13 = syz_open_pts(r1, 0x0) dup3(r13, r0, 0x0) r14 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r16 = dup(r15) ioctl$PERF_EVENT_IOC_ENABLE(r16, 0x8912, 0x400200) ioctl$TCSETXF(r16, 0x5434, 0x0) r17 = syz_open_procfs(0x0, &(0x7f0000000100)='fdinfo/3\x00') sendfile(r14, r17, 0x0, 0x80000001) 15:26:25 executing program 3: r0 = getuid() socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$NS_GET_OWNER_UID(r2, 0xb704, &(0x7f00000000c0)=0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) r5 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000300)='keyring\x00', &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r5) r6 = add_key(0x0, &(0x7f0000000700)={'syz', 0x1}, &(0x7f0000000740), 0x0, r5) keyctl$chown(0x4, r6, r4, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) r8 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000300)='keyring\x00', &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r8) r9 = add_key(0x0, &(0x7f0000000700)={'syz', 0x1}, &(0x7f0000000740), 0x0, r8) keyctl$chown(0x4, r9, r7, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) r11 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000300)='keyring\x00', &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r11) r12 = add_key(0x0, &(0x7f0000000700)={'syz', 0x1}, &(0x7f0000000740), 0x0, r11) keyctl$chown(0x4, r12, r10, 0x0) r13 = request_key(0x0, &(0x7f0000001300)={'syz', 0x2}, &(0x7f0000000500)='em0cpus1\x95\xeb\xe6\xa2\xa5\x12\xb7V\xda\x8eo\x9ce\x0e\x8a\x9e\xc6!\xae\xe8\xf9I\xe4e\xb2q\xb9\xd9c\xc1n\xddg\xf17\xbf\xac\x19\xf8\xb0\x84\xad4\xc4\xa27\xe0\xdf\xfd\xf1\x98\xdb\x19\x97\x89\x9f\xf6Rr\xde7\xcb\xed&0\xa4\xb4):\x15\x8a\x91@<\x00\xbb\xbfm\xc8H\x95\xbb\xdea\x96Q\xef\x8a\x01\xf0<_\xfb\xb0\x98\xbc\x81#.\xc9\x93\xf1m\x91\xc5P\xe834\xcd\x14\x01\xe9K\x16\xde\x87I\xbf\x0f\xeb\xbe\xb4\x914\xa7>\xac\x16\x01\x9a\xe98]\xb1\xd4 \xcb\\\x1e1\xc3\xc91[,2w\xa2\xfa\x04<\xd0\xea\xe4\xb4', 0xfffffffffffffff8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) keyctl$chown(0x4, r13, 0x0, r14) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r15) fstat(r15, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) getresgid(&(0x7f0000000180)=0x0, &(0x7f00000001c0), &(0x7f0000000200)) r18 = request_key(0x0, &(0x7f0000001300)={'syz', 0x2}, &(0x7f0000000500)='em0cpus1\x95\xeb\xe6\xa2\xa5\x12\xb7V\xda\x8eo\x9ce\x0e\x8a\x9e\xc6!\xae\xe8\xf9I\xe4e\xb2q\xb9\xd9c\xc1n\xddg\xf17\xbf\xac\x19\xf8\xb0\x84\xad4\xc4\xa27\xe0\xdf\xfd\xf1\x98\xdb\x19\x97\x89\x9f\xf6Rr\xde7\xcb\xed&0\xa4\xb4):\x15\x8a\x91@<\x00\xbb\xbfm\xc8H\x95\xbb\xdea\x96Q\xef\x8a\x01\xf0<_\xfb\xb0\x98\xbc\x81#.\xc9\x93\xf1m\x91\xc5P\xe834\xcd\x14\x01\xe9K\x16\xde\x87I\xbf\x0f\xeb\xbe\xb4\x914\xa7>\xac\x16\x01\x9a\xe98]\xb1\xd4 \xcb\\\x1e1\xc3\xc91[,2w\xa2\xfa\x04<\xd0\xea\xe4\xb4', 0xfffffffffffffff8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) keyctl$chown(0x4, r18, 0x0, r19) r20 = request_key(0x0, &(0x7f0000001300)={'syz', 0x2}, &(0x7f0000000500)='em0cpus1\x95\xeb\xe6\xa2\xa5\x12\xb7V\xda\x8eo\x9ce\x0e\x8a\x9e\xc6!\xae\xe8\xf9I\xe4e\xb2q\xb9\xd9c\xc1n\xddg\xf17\xbf\xac\x19\xf8\xb0\x84\xad4\xc4\xa27\xe0\xdf\xfd\xf1\x98\xdb\x19\x97\x89\x9f\xf6Rr\xde7\xcb\xed&0\xa4\xb4):\x15\x8a\x91@<\x00\xbb\xbfm\xc8H\x95\xbb\xdea\x96Q\xef\x8a\x01\xf0<_\xfb\xb0\x98\xbc\x81#.\xc9\x93\xf1m\x91\xc5P\xe834\xcd\x14\x01\xe9K\x16\xde\x87I\xbf\x0f\xeb\xbe\xb4\x914\xa7>\xac\x16\x01\x9a\xe98]\xb1\xd4 \xcb\\\x1e1\xc3\xc91[,2w\xa2\xfa\x04<\xd0\xea\xe4\xb4', 0xfffffffffffffff8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) keyctl$chown(0x4, r20, 0x0, r21) getgroups(0x5, &(0x7f0000000240)=[r19, r21, 0xee01, 0xee00, 0xee01]) r23 = request_key(0x0, &(0x7f0000001300)={'syz', 0x2}, &(0x7f0000000500)='em0cpus1\x95\xeb\xe6\xa2\xa5\x12\xb7V\xda\x8eo\x9ce\x0e\x8a\x9e\xc6!\xae\xe8\xf9I\xe4e\xb2q\xb9\xd9c\xc1n\xddg\xf17\xbf\xac\x19\xf8\xb0\x84\xad4\xc4\xa27\xe0\xdf\xfd\xf1\x98\xdb\x19\x97\x89\x9f\xf6Rr\xde7\xcb\xed&0\xa4\xb4):\x15\x8a\x91@<\x00\xbb\xbfm\xc8H\x95\xbb\xdea\x96Q\xef\x8a\x01\xf0<_\xfb\xb0\x98\xbc\x81#.\xc9\x93\xf1m\x91\xc5P\xe834\xcd\x14\x01\xe9K\x16\xde\x87I\xbf\x0f\xeb\xbe\xb4\x914\xa7>\xac\x16\x01\x9a\xe98]\xb1\xd4 \xcb\\\x1e1\xc3\xc91[,2w\xa2\xfa\x04<\xd0\xea\xe4\xb4', 0xfffffffffffffff8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) keyctl$chown(0x4, r23, 0x0, r24) setxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f0000000080)='system.posix_acl_access\x00', &(0x7f0000000280)={{}, {0x1, 0x1}, [{0x2, 0x2, r0}, {0x2, 0x0, r3}, {0x2, 0x4}, {0x2, 0x1aa4e0913e4ae04c, r4}, {0x2, 0x5, r7}, {0x2, 0x1, r10}], {}, [{0x8, 0x2, r14}, {0x8, 0x1, r16}, {0x8, 0x79b91fd56814fd63, r17}, {0x8, 0x4, r22}, {0x8, 0x7, r24}], {0x10, 0x4}, {0x20, 0x2}}, 0x7c, 0x1) r25 = socket$inet6_tcp(0xa, 0x1, 0x0) r26 = socket$inet(0x2, 0x840000000003, 0x2) r27 = fcntl$dupfd(r26, 0x0, r25) ioctl$PERF_EVENT_IOC_ENABLE(r27, 0x8912, 0x400200) socket$packet(0x11, 0x80a, 0x300) r28 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_mtu(r28, 0x0, 0xa, &(0x7f0000ff0ffc)=0x8000000000004, 0x9c) sendto$inet(r28, &(0x7f0000865000), 0xfffffffffffffecb, 0x80, &(0x7f0000fd9ff0)={0x2, 0x4e20, @multicast1}, 0xffffffdb) syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @dev, [], {@ipv4={0x800, {{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x0, 0x0, @dev, @local={0xac, 0x14, 0xffffffffffffffff}, {[@timestamp={0x44, 0x4}]}}, @igmp={0x0, 0x0, 0x0, @local={0xac, 0x14, 0xffffffffffffffff}}}}}}, 0x0) [ 1453.292440][T11845] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1453.303860][T11845] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1453.316981][T11845] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1453.326224][T11845] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1453.377353][T11845] usb 2-1: config 0 descriptor?? [ 1454.122290][T11845] usbhid 2-1:0.0: can't add hid device: -71 [ 1454.128603][T11845] usbhid: probe of 2-1:0.0 failed with error -71 [ 1454.137499][T11845] usb 2-1: USB disconnect, device number 86 [ 1454.741974][T19754] Bluetooth: hci0: command 0x1003 tx timeout [ 1454.748233][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1456.822005][T11845] Bluetooth: hci0: command 0x1001 tx timeout [ 1456.828256][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1458.022414][ C0] net_ratelimit: 20 callbacks suppressed [ 1458.022427][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1458.034217][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1458.040361][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1458.046387][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1458.052528][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1458.058528][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1458.582253][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1458.588245][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1458.742317][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1458.748350][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1458.912109][T19754] Bluetooth: hci0: command 0x1009 tx timeout 15:26:34 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:26:34 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') 15:26:34 executing program 5: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:26:34 executing program 3: r0 = syz_open_dev$vbi(&(0x7f00000001c0)='/dev/vbi#\x00', 0x1, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KDGETMODE(r2, 0x4b3b, &(0x7f0000000100)) r3 = memfd_create(&(0x7f0000000040)='\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) write$cgroup_type(r5, &(0x7f0000000000)='threaded\x00', 0x9) ftruncate(r3, 0x1000000) sendfile(r0, r3, 0x0, 0xeefffdef) mmap$binder(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x1, 0x11, r0, 0x0) r6 = openat$pfkey(0xffffffffffffff9c, &(0x7f0000000080)='/proc/self/net/pfkey\x00', 0x400000, 0x0) connect$rxrpc(r6, &(0x7f00000000c0)=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e22, 0xffff, @mcast2}}, 0x24) 15:26:34 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:26:34 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000ab000000ab005c0152e8c9e8c7b044c4e79828"], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:26:35 executing program 5: perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x9fc, 0x0) r0 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x0, 0x0) ioctl$RTC_IRQP_SET(r0, 0xc0984124, 0x100000000000000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f00000006c0)={0x7, @pix_mp={0x5, 0xffff, 0x0, 0x0, 0xa8766ac2d93df2a9, [{0x1, 0xff}, {0x8, 0x7ff}, {0xe00, 0xff}, {0xfff, 0x3}, {0x7, 0x40}, {0x400, 0x800}, {0x800, 0x1}, {0x7ff, 0x80000000}], 0xf9, 0x0, 0x0, 0x1, 0x2}}) open_by_handle_at(r0, &(0x7f0000000480)=ANY=[@ANYBLOB="ad00000180000000416dede3d07293ffb029b3e4a2d1275c7d5ab92d07051affa5c91f7eec7481f2dca460a9c6ab66df1893ba59f013b0e92e4546c88208f7995584005979fe9eb94947d2fe9dca76c7dcea501c81094e56bb77959a8d450518347970ea1395966e180f23c4a85de82c50bc1a4d2a9ac296fa831e6a8b60fe458a0c8e6767ef45f5238ce6439282c55ff52f1743a9ffcc4c92c6e6b0e1ca4535538628a00bb7cac34defcfe07f1e16030d3b4261962ce33420607e8c5d560d45fec0c5b80fcda56dc1fd99d238afea892144af4549ea2fc7a227e0fbd5fc8882d7e17db756a8eeb5f33ed5c33ea7a00507cec86508ed44b20ee187b6531a5ab95c02aabb8861a553fc925fe2bdb44c6e923a4b77e72cad3ae33587c26c3a205a8ccb2f75f30992790b9444838901d1870234ee6607408a69cfb4673407e7de0ba5e6"], 0x200000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) write$RDMA_USER_CM_CMD_REJECT(0xffffffffffffffff, &(0x7f0000000140)={0x9, 0x108, 0xfa00, {0xffffffffffffffff, 0xeb, '\x00r%', "0144cd0250f34ca7b07915472cd0719e13da163aaf4d978c8c8df1f45a29570e701824fbbd9e1ca4f565138b96f339a5f67c36d6d24b0bf255a5caaf6e5521072ff76b84fa3f0865bf669c750e19842e0f8ea8d15cf45827268b2d2a46b7dcb62f1324ff936f9ef9fd172f610b69d8ff0f8cfb906e6ded837e0f5975172bf2fe880c5b30a6affbb7acfb123974fb65ac6f2e86a6ef52fb99dafd3bb78b75e3fb04768ab142593285c9b774d73aa1bd208eb596eadac041aa80714bce08b5b8af68d9465d32d05809eff8a6cc23d94208a002462d733e623640a0ba4a083ce1ae9d5b36c946d727b792807b123e4e1380ec24576947cbe60f6fb5fe9576730ecb"}}, 0x110) r3 = openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm-control\x00', 0x4000, 0x0) bind$alg(r3, &(0x7f0000000280)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha384\x00'}, 0x58) socket$netlink(0x10, 0x3, 0x14) write$UHID_DESTROY(0xffffffffffffffff, &(0x7f0000000d80), 0x4) ioctl$UI_DEV_DESTROY(0xffffffffffffffff, 0x5502) socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$TIOCSSOFTCAR(0xffffffffffffffff, 0x541a, &(0x7f0000000040)=0x7fff) socketpair(0x1, 0x1, 0x2e, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) accept4(r0, &(0x7f00000003c0)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @empty}}, &(0x7f0000000440)=0x80, 0x80000) setsockopt$RXRPC_SECURITY_KEYRING(r4, 0x110, 0x2, &(0x7f0000000600)=')security\x00\x112\x80G\xcd\xef^\xb5R~\xa7\xf5\x97\"\xd0E\xbbH\x93H\x8e\xf1\x86e\xc9U{\xb2=\x05U\x97\x95\x01\x87\a\x95\x8c\xf2\xfb\xb2\x03\x80\x86\x91\xa53\x86\x16)\xb5\xe2,\xdaN\xb3\x9e\xab\xe35UL\xdf^U\x83\xca\x0f\rI\x14\xd8>\xbd\xb7\x82U\xd0\x99\xc6\xdei\x97Z\xfb\xc2\x1b\xd9\xfcq,b.\x01x\xba\xa2\xde\xed\xf4\x1f\xa6\x9a\x95\xb3Q\xdc\xfc\xe4\xd1\xe1\xda+\x90\xe1.\x8b\xf5k3R\tH \xdb\v\xba7<\x86\xe0\xbd\xee\xf4\x83 q\x93A\xd7\b\xc4\xb5\xbb\xc0\xcb\xf4\v\x15\xbb', 0xffffffffffffff2e) unshare(0x40000000) r5 = socket$inet_udplite(0x2, 0x2, 0x88) r6 = perf_event_open(&(0x7f00000001c0)={0x100000001, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r7 = dup2(r6, r5) read$alg(r7, &(0x7f00000000c0)=""/91, 0x5b) ioctl$VIDIOC_SUBDEV_QUERY_DV_TIMINGS(r7, 0x80845663, &(0x7f0000000300)={0x0, @reserved}) 15:26:35 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') [ 1463.211923][T28120] IPVS: ftp: loaded support on port[0] = 21 [ 1463.281805][T11845] usb 2-1: new high-speed USB device number 87 using dummy_hcd 15:26:35 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') [ 1463.522512][T11845] usb 2-1: Using ep0 maxpacket: 16 [ 1463.642663][T11845] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1463.653951][T11845] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1463.667038][T11845] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1463.676234][T11845] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1463.745267][T11845] usb 2-1: config 0 descriptor?? 15:26:35 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:26:35 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:26:36 executing program 3: syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000397c7508030420e54403000000010902120001000000000904000000525b0100591f6912332603cfefd3831aee4f3dba0affa70f457b482298f6a6128a36ab0cbdb8cb63924c66c5b9004aa766b644935ad219e2a3e5dd28c4e4b5bb4bd3920bd35053c47fde4e5c97dc238e33f67a3c7ea2bf2cabe09a553deafbda8bda0db78b7fa35d37a2ebc3"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) getsockopt$inet_IP_IPSEC_POLICY(r1, 0x0, 0x10, &(0x7f0000000080)={{{@in=@dev, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@initdev}, 0x0, @in6=@ipv4={[], [], @empty}}}, &(0x7f0000000180)=0xe8) r3 = request_key(0x0, &(0x7f0000001300)={'syz', 0x2}, &(0x7f0000000500)='em0cpus1\x95\xeb\xe6\xa2\xa5\x12\xb7V\xda\x8eo\x9ce\x0e\x8a\x9e\xc6!\xae\xe8\xf9I\xe4e\xb2q\xb9\xd9c\xc1n\xddg\xf17\xbf\xac\x19\xf8\xb0\x84\xad4\xc4\xa27\xe0\xdf\xfd\xf1\x98\xdb\x19\x97\x89\x9f\xf6Rr\xde7\xcb\xed&0\xa4\xb4):\x15\x8a\x91@<\x00\xbb\xbfm\xc8H\x95\xbb\xdea\x96Q\xef\x8a\x01\xf0<_\xfb\xb0\x98\xbc\x81#.\xc9\x93\xf1m\x91\xc5P\xe834\xcd\x14\x01\xe9K\x16\xde\x87I\xbf\x0f\xeb\xbe\xb4\x914\xa7>\xac\x16\x01\x9a\xe98]\xb1\xd4 \xcb\\\x1e1\xc3\xc91[,2w\xa2\xfa\x04<\xd0\xea\xe4\xb4', 0xfffffffffffffff8) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000001380)={0x0, 0x0, 0x0}, 0x0) keyctl$chown(0x4, r3, 0x0, r4) lchown(&(0x7f0000000040)='./file0\x00', r2, r4) [ 1464.225019][T11845] ortek 0003:05A4:8003.0048: unknown global tag 0xc [ 1464.231854][T11845] ortek 0003:05A4:8003.0048: item 0 4 1 12 parsing failed [ 1464.240308][T11845] ortek: probe of 0003:05A4:8003.0048 failed with error -22 [ 1464.262364][ C0] net_ratelimit: 20 callbacks suppressed [ 1464.262392][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1464.274785][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1464.281430][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1464.287773][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1464.294354][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1464.300609][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1464.312047][T27852] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1464.425314][T11845] usb 2-1: USB disconnect, device number 87 [ 1464.552030][T27852] usb 4-1: Using ep0 maxpacket: 8 [ 1464.672333][T27852] usb 4-1: New USB device found, idVendor=0403, idProduct=e520, bcdDevice= 3.44 [ 1464.681735][T27852] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1464.695951][T27852] usb 4-1: config 0 descriptor?? [ 1464.738103][T27852] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1464.822615][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1464.829000][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1464.942655][T27852] usb 4-1: Detected FT8U232AM [ 1464.949259][T27852] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1464.963061][T27852] usb 4-1: USB disconnect, device number 26 [ 1464.974892][T27852] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1464.985691][T27852] ftdi_sio 4-1:0.0: device disconnected [ 1464.992663][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1464.998961][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1464.999168][T28149] Bluetooth: hci0: command 0x1003 tx timeout [ 1465.012290][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1465.732159][T19754] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1465.972197][T19754] usb 4-1: Using ep0 maxpacket: 8 [ 1466.132389][T19754] usb 4-1: New USB device found, idVendor=0403, idProduct=e520, bcdDevice= 3.44 [ 1466.141623][T19754] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1466.151346][T19754] usb 4-1: config 0 descriptor?? [ 1466.195287][T19754] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 1466.402369][T19754] usb 4-1: Detected FT8U232AM [ 1466.408132][T19754] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1466.419337][T19754] usb 4-1: USB disconnect, device number 27 [ 1466.428933][T19754] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1466.440715][T19754] ftdi_sio 4-1:0.0: device disconnected [ 1467.062161][T27852] Bluetooth: hci0: command 0x1001 tx timeout [ 1467.068397][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1469.142780][T19754] Bluetooth: hci0: command 0x1009 tx timeout [ 1470.502232][ C0] net_ratelimit: 20 callbacks suppressed [ 1470.502245][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1470.514144][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1470.520224][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1470.526247][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1470.532364][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1470.538329][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1471.062337][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1471.068335][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1471.222284][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1471.228266][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:26:45 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:26:45 executing program 5: r0 = syz_usb_connect$uac1(0x0, 0xb0, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9e, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0x11, 0x24, 0x6, 0x5, 0x3, 0x5, [0x8, 0x5, 0x1, 0x5, 0x9], 0x50}, @selector_unit={0xa, 0x24, 0x5, 0x2, 0x0, "92264e5709"}, @feature_unit={0xf, 0x24, 0x6, 0x5, 0x3, 0x4, [0x9, 0x2, 0xa, 0x7], 0x6b}, @output_terminal={0x9, 0x24, 0x3, 0x3, 0x301, 0x1, 0x5, 0x51}, @extension_unit={0xc, 0x24, 0x8, 0x5, 0x8, 0x90, "aec7d1e1ab"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000000100)={0x14, 0x0, &(0x7f0000000240)={0x0, 0x3, 0x4, @string={0x4, 0x3, "d905"}}}, 0x0) 15:26:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:26:45 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:26:45 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000ab"], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:26:45 executing program 3: r0 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000000000)='/proc/capi/capi20\x00', 0x480000, 0x0) ioctl$sock_inet_SIOCSIFDSTADDR(r0, 0x8918, &(0x7f0000000080)={'lapb0\x00', {0x2, 0x4e21, @broadcast}}) syz_usb_connect(0x2, 0x3e6, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x20, 0xd5, 0xf9, 0x10, 0x5c2b, 0x4a14, 0x86a4, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x33, 0x0, 0x1, 0xe0, 0x1, 0x2, 0x0, [], [{{0x9, 0x5, 0x85, 0xb}}]}}]}}]}}, 0x0) 15:26:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) preadv(0xffffffffffffffff, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:26:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:26:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1473.412416][T12113] usb 6-1: new high-speed USB device number 87 using dummy_hcd [ 1473.421536][T19754] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 1473.431619][T19765] usb 4-1: new full-speed USB device number 28 using dummy_hcd 15:26:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:26:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1473.662530][T12113] usb 6-1: Using ep0 maxpacket: 8 [ 1473.668177][T19754] usb 2-1: Using ep0 maxpacket: 16 15:26:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1473.784421][T12113] usb 6-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1473.793376][T12113] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1473.803448][T19765] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 1473.811709][T19765] usb 4-1: config 0 has no interface number 0 [ 1473.818075][T19765] usb 4-1: config 0 interface 51 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10 [ 1473.829614][T19765] usb 4-1: New USB device found, idVendor=5c2b, idProduct=4a14, bcdDevice=86.a4 [ 1473.838817][T19765] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1473.848315][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1473.859490][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1473.872843][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1473.882127][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1473.894202][T19754] usb 2-1: config 0 descriptor?? [ 1473.907954][T19765] usb 4-1: config 0 descriptor?? [ 1473.971405][T19765] hwa-rc 4-1:0.51: Cannot submit notification URB: -90 [ 1474.003310][T19765] hwa-rc: probe of 4-1:0.51 failed with error -12 [ 1474.014391][T12113] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1474.024289][T12113] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1474.032690][T12113] usb 6-1: Product: syz [ 1474.036959][T12113] usb 6-1: Manufacturer: syz [ 1474.041659][T12113] usb 6-1: SerialNumber: syz [ 1474.154822][T27852] usb 4-1: USB disconnect, device number 28 [ 1474.365513][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.372728][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.379808][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.387188][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.394339][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.401438][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.408821][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.415940][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.423371][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.430596][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.437763][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.444934][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.452373][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.459499][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.466786][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.474105][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.481582][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.488802][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.495901][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.503235][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.510293][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.517468][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.526206][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.533338][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.540338][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.547527][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.554635][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.562879][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.569879][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.577005][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.584078][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.591093][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.598305][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.605857][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.613062][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.620165][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.627271][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.634397][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.641441][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.648542][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.655741][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.662968][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.670439][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.677681][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.684899][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.692139][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.699152][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.706249][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.713481][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.720540][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.727634][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.734829][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.741928][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.749346][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.756608][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.763893][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.771419][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.778969][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.786122][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.793301][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.800288][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.807455][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.814573][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.821623][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.828742][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.835890][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.843031][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.850007][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.857157][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.864308][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.871406][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.878648][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.885927][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.893141][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.900125][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.907240][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.914319][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.921358][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.928472][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.935638][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.942740][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.949731][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.952102][T27852] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 1474.956938][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.972083][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.980066][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.987354][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1474.994517][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.001515][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.008639][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.015919][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.023090][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.030167][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.037508][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.044634][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.051697][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.058940][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.066369][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.073782][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.080817][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.087949][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.095117][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.102681][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.109749][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.116990][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.124125][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.131196][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.138433][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.145610][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.152852][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.159955][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.167132][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.174333][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.181438][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.188542][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.196089][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.203243][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.210380][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.217606][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.221993][T28149] Bluetooth: hci0: command 0x1003 tx timeout [ 1475.226643][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.232458][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1475.237692][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.250831][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.257985][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.265692][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.272986][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.280081][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.287204][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.294269][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.301320][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.308457][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.315529][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.322654][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.329686][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.332138][T27852] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 1475.336813][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.344956][T27852] usb 4-1: config 0 has no interface number 0 [ 1475.351808][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.358737][T27852] usb 4-1: config 0 interface 51 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 10 [ 1475.365629][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.377312][T27852] usb 4-1: New USB device found, idVendor=5c2b, idProduct=4a14, bcdDevice=86.a4 [ 1475.384355][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.393475][T27852] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1475.400424][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.415581][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.418017][T27852] usb 4-1: config 0 descriptor?? [ 1475.422813][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.422963][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.441723][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.448857][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.456101][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.463250][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.470309][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.477488][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.484615][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.491679][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.498841][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.505991][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.508736][T27852] hwa-rc 4-1:0.51: Cannot submit notification URB: -90 [ 1475.513126][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.513273][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.524320][T27852] hwa-rc: probe of 4-1:0.51 failed with error -12 [ 1475.527213][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.547470][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.554650][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.561640][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.568725][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.575839][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.582947][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.589993][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.597110][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.605797][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.612916][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.619935][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.627063][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.634179][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.641237][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.648379][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.656567][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.663716][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.671324][T19754] ortek 0003:05A4:8003.0049: unknown main item tag 0x0 [ 1475.679820][ C1] net_ratelimit: 18 callbacks suppressed [ 1475.679838][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1475.686077][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1475.695052][T27852] usb 4-1: USB disconnect, device number 29 [ 1475.703908][T12113] usb 6-1: 0:2 : does not exist [ 1475.721691][T19754] ortek 0003:05A4:8003.0049: hidraw0: USB HID v0.00 Device [HID 05a4:8003] on usb-dummy_hcd.1-1/input0 [ 1475.736249][T12113] usb 6-1: USB disconnect, device number 87 [ 1475.745205][T19754] usb 2-1: USB disconnect, device number 88 [ 1476.122141][T12113] usb 6-1: new high-speed USB device number 88 using dummy_hcd [ 1476.742423][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1476.748449][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1476.754623][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1476.760616][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1476.766762][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1476.772759][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1477.302057][T27852] Bluetooth: hci0: command 0x1001 tx timeout [ 1477.302321][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1477.314243][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1477.320270][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1479.382692][T12113] Bluetooth: hci0: command 0x1009 tx timeout [ 1480.902480][ C0] net_ratelimit: 12 callbacks suppressed [ 1480.908261][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1480.914693][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1480.921189][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1480.927425][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1480.933875][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1480.940127][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1481.462285][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1481.468299][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1481.862200][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1481.868190][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:26:55 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:26:55 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:26:55 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:26:55 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000ab"], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:26:55 executing program 5: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f0000000080)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e20, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmmsg(r0, &(0x7f00000092c0), 0x800010b, 0x18) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) socket$inet6(0xa, 0x0, 0x0) open(0x0, 0x0, 0x0) mmap$perf(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 15:26:55 executing program 3: 15:26:55 executing program 3: 15:26:55 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:26:55 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:26:55 executing program 3: [ 1483.642353][T12113] usb 2-1: new high-speed USB device number 89 using dummy_hcd 15:26:55 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:26:55 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1483.886550][T12113] usb 2-1: Using ep0 maxpacket: 16 15:26:55 executing program 3: 15:26:56 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1484.012838][T12113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1484.023972][T12113] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1484.037106][T12113] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1484.046327][T12113] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1484.171688][T12113] usb 2-1: config 0 descriptor?? 15:26:56 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1484.650111][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.657505][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.664734][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.671852][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.679103][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.686284][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.693456][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.700550][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.707702][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.714885][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.722048][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.729291][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.736542][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.743634][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.750712][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.757935][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.765098][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.772351][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.779621][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.786840][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.793979][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.800969][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.808097][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.815222][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.822381][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.829463][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.836694][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.843946][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.850981][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.858292][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.865388][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.872652][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.879688][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.886853][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.893976][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.900998][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.908232][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.915336][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.922512][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.929552][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.936777][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.943915][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.951150][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.958391][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.965495][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.972782][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.979903][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.987232][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1484.994366][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.001509][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.008668][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.015884][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.023072][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.030097][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.037357][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.044460][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.051456][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.058722][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.065848][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.073101][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.080191][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.087409][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.094616][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.101594][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.108752][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.115938][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.123105][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.130126][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.137364][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.144455][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.151529][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.158818][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.166014][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.173273][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.180387][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.187601][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.194912][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.202100][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.209180][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.216436][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.223596][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.230680][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.238000][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.245188][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.252461][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.259593][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.266770][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.274026][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.281137][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.288358][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.295651][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.302814][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.309911][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.317134][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.324265][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.331297][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.338483][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.346310][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 15:26:57 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="0000ab"], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:26:57 executing program 3: 15:26:57 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:26:57 executing program 5: 15:26:57 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:26:57 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x81) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1485.353515][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.360695][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.367858][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.375077][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.382257][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.389363][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.396624][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.403759][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.410824][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.418095][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.425213][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.432474][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.439561][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.446794][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.454012][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.461338][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.468528][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.475797][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.483054][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.490178][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.497788][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.504960][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.512144][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.519270][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.526617][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.533796][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.541031][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.548243][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.555492][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.562665][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.569740][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.576920][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.584087][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.591158][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.599744][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.606872][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.607022][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.620901][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.628056][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.635179][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.642332][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 15:26:57 executing program 3: perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={0x0}}, 0x0, 0x0, 0xffffffffffffffff, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f00000000c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000fefff67a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001000000b7050000220000006a0a00fe00000000850000000b000000b7000000000000009500000000000000"], &(0x7f0000000340)='GPL\x00'}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000400)={r0, 0x0, 0x10, 0x0, &(0x7f0000000140)="a673f3ce05f1a282eeab0500000800f0810ae63238f9cf8c0ccade00556e97d003cc298613f230d6841f3099e19fd903b2ffa5106c71ac91c7457b2d7f4157f069737d63ab32be2a651d7cee2970a9df488cae6702031c92a8b4b6376f9972f3848c104d413745d4c57253b2d61d64787c4de49fc5", 0x0, 0x3ff, 0x0, 0x0, 0xffffffffffffffbc, &(0x7f0000000040)="15396af9a72e96da8129ed1653da4c7f58430968e943c7415c1135cc832d158cfe31f78128c0f6ced392de7b250aa16a0837c05297e7c9d3db2466761815aeb216c263f7010b0d4de72c5f199f0be260a48e8c37d2ea3a52026012d3"}, 0x28) [ 1485.649445][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.656656][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.663817][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.673256][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.680331][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.687865][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.695001][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.702195][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.709392][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.716657][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.723787][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.730861][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.738044][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.745281][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.752564][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.759723][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.766904][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.774070][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.781202][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.788491][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.795658][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 15:26:57 executing program 5: pipe(&(0x7f0000000540)={0xffffffffffffffff}) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000080)={0x0, 0x2}, &(0x7f00000000c0)=0x8) getsockopt$inet_sctp_SCTP_ASSOCINFO(r0, 0x84, 0x1, &(0x7f0000000140)={r1, 0x9, 0xfff9, 0x93, 0x0, 0x800}, &(0x7f00000002c0)=0x14) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f00000003c0), 0x0) ioctl$KVM_PPC_GET_PVINFO(0xffffffffffffffff, 0x4080aea1, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = syz_open_dev$sg(&(0x7f0000000340)='/dev/sg#\x00', 0x0, 0x5) openat$udambuf(0xffffffffffffff9c, 0x0, 0x2) r3 = syz_open_procfs(0x0, 0x0) ioctl$TUNGETFILTER(0xffffffffffffffff, 0x801054db, &(0x7f0000000280)=""/46) renameat(r3, 0x0, 0xffffffffffffffff, 0x0) writev(r2, &(0x7f0000000000)=[{&(0x7f0000000100)="ae88bff824f400005a90f57f07703aeff0f64ebbee07962c22772e11b44e69d90cf41bdd2ac8bb8c43b460e46292", 0x2e}, {&(0x7f0000000040)="53000000fcffffff770000000000200000f07000000000000000a40000000000", 0x20}], 0x2) [ 1485.802825][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.809953][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.817122][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.824314][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.831419][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.838626][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.845896][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.853064][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.860251][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.867442][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.874569][T12113] ortek 0003:05A4:8003.004A: unknown main item tag 0x0 [ 1485.927734][T12113] ortek 0003:05A4:8003.004A: hidraw0: USB HID v0.00 Device [HID 05a4:8003] on usb-dummy_hcd.1-1/input0 15:26:58 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:26:58 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1486.004636][T12113] usb 2-1: USB disconnect, device number 89 [ 1486.022561][ C1] net_ratelimit: 18 callbacks suppressed [ 1486.022583][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1486.034823][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:26:58 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup3(r1, r0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) rt_sigaction(0x0, 0x0, 0x0, 0x8, 0x0) 15:26:58 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x81) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1486.442335][T12113] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 1486.682088][T12113] usb 2-1: Using ep0 maxpacket: 16 [ 1486.802375][T12113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1486.813563][T12113] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1486.826591][T12113] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1486.835783][T12113] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1486.845471][T12113] usb 2-1: config 0 descriptor?? [ 1487.152493][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1487.158692][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1487.165052][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1487.171237][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1487.177543][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1487.183622][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1487.324755][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.332152][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.339318][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.346503][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.353725][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.360740][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.367858][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.374979][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.382146][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.389163][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.396373][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.403414][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.410473][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.417715][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.424912][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.432158][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.439477][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.446691][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.453821][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.460807][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.468020][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.475171][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.482846][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.490010][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.497394][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.504904][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.512146][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.519255][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.526577][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.533781][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.541246][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.550298][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.557437][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.564545][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.571558][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.578862][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.585995][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.593254][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.600263][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.607394][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.614508][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.621533][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.628818][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.635975][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.643115][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.650117][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.657315][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.664418][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.671418][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.678695][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.685881][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.693233][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.700311][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.707476][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.714593][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.721809][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.729054][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.736281][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.743717][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.750937][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.758218][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.765276][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.772522][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.779549][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.791695][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.799214][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.806368][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.813485][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.820606][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.828591][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.835717][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.842842][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.849907][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.857014][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.864056][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.871193][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.878317][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.885425][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.892978][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.899989][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.907203][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.914247][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.921206][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.928846][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.935894][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.943001][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.950119][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.957222][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.964286][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.971229][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.978338][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.985375][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1487.993249][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.000253][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.007378][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.014482][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.021437][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.028534][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.035594][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.042693][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.049755][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.056903][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.064041][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.071138][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 15:27:00 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:27:00 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) seccomp(0x1, 0x0, &(0x7f0000000080)={0x3, &(0x7f0000000040)=[{0x25, 0x0, 0x100000000000001}, {0x0, 0x0, 0x0, 0x3}, {0x16, 0x0, 0x0, 0x7fffffff}]}) 15:27:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, 0x0) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:27:00 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:00 executing program 3: io_setup(0x7, &(0x7f0000000300)=0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000480)='/dev/net/tun\x00', 0x2, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000000)={'\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02\x00\x00\r', 0x20000005002}) poll(&(0x7f0000000080)=[{r1}], 0x1, 0xbab) io_submit(r0, 0x1, &(0x7f0000000600)=[&(0x7f0000000180)={0x0, 0x0, 0x0, 0x800000000001, 0x0, r1, &(0x7f0000000040), 0xff66}]) 15:27:00 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x81) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1488.078333][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.086094][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.093271][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.100428][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.107596][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.114751][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.121928][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.129002][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.136222][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.143360][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.150467][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.157657][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.164859][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.172144][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.179302][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.186464][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.193626][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.200710][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.207870][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.215030][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.222356][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.229428][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.236558][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.243682][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.251472][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.258618][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.265797][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.272960][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.280046][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.287224][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.294385][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.301614][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.308780][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.315959][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.323090][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.330171][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.337331][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.344486][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.352287][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.359373][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.366548][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.373683][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.381307][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.391268][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.398434][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.405664][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.412805][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.420082][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.427247][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.434404][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.441489][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.448745][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.455928][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.463073][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.470170][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.477340][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.484499][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.492085][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.499173][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.506350][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.513835][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.520910][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.528178][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.535315][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.542472][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.549544][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.556701][T12113] ortek 0003:05A4:8003.004B: unknown main item tag 0x0 [ 1488.565554][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1488.571693][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:27:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, 0x0) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1488.590628][T12113] ortek 0003:05A4:8003.004B: hidraw0: USB HID v0.00 Device [HID 05a4:8003] on usb-dummy_hcd.1-1/input0 [ 1488.629041][T12113] usb 2-1: USB disconnect, device number 90 15:27:00 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:00 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:27:00 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, 0x0) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1488.851426][ T30] audit: type=1326 audit(1572276420.893:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=28309 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45cd7a code=0x0 15:27:01 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:27:01 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1489.022293][T12113] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 1489.134814][ T30] audit: type=1326 audit(1572276421.183:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj==unconfined pid=28309 comm="syz-executor.5" exe="/root/syz-executor.5" sig=31 arch=c000003e syscall=228 compat=0 ip=0x45cd7a code=0x0 [ 1489.273831][T12113] usb 2-1: Using ep0 maxpacket: 16 [ 1489.392277][T12113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1489.403581][T12113] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1489.416625][T12113] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1489.425933][T12113] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1489.435598][T12113] usb 2-1: config 0 descriptor?? [ 1490.172398][T12113] usbhid 2-1:0.0: can't add hid device: -71 [ 1490.178603][T12113] usbhid: probe of 2-1:0.0 failed with error -71 [ 1490.187673][T12113] usb 2-1: USB disconnect, device number 91 15:27:02 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:27:02 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:02 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:27:02 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:02 executing program 5: r0 = socket$packet(0x11, 0x3, 0x300) r1 = syz_open_dev$sg(&(0x7f0000000000)='/dev/sg#\x00', 0x8000, 0x195082) r2 = dup2(r1, r0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000540)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) unshare(0x2a000400) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$SG_GET_REQUEST_TABLE(r6, 0x2286, &(0x7f0000000040)) prctl$PR_MPX_ENABLE_MANAGEMENT(0x2b) r7 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, r7, &(0x7f0000fe6000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) 15:27:02 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:27:02 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:27:02 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:02 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = socket(0x20000000000000a, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$char_usb(r3, &(0x7f0000000240)="3ee72f56a1f38dfa016b9ecab17a499005a8211e93147a58f61ac7945de991f7f8f55065da643ee27efd3081bea72f3b9092cd60898ccd7e05ac415ae7338264d2e30c48f60121dea1c8ccd7393c7b2237e3af5e09e9cfadaa1028b2aa76ca6b08ac8aad59c3e00cc862cacbb1fb0c0e00850d7bdb4cb1ca9c0ff73f91025528b9dfd005105fba3c4ff19e71438f5b81e28b955c36baf95386b954169d8ad93e8b0b2d20c73273ddded1a8622265748763a28a9444893f48e6e20b4db5ec4a1dc169ba5818f7d92e1e856eb7d4bc94a7794a315e3eff48f8d67182deae796209da956e8000b3ed3c17f0f1243fa7df9424a3e6e33fe87271f06f88adf6d4cc4f36be546cf1ad6326e13cf07c509dd7ccab354484b4f3318c02536ac5fdbd7ee013950e5aed841cc0d0ab81903e386e938bae792065d709c4ff03e3d9475cc918ecbfca029d3837001986d239fbc565dbae56aeb8f2e04fd60111bdd1ffcc710dcba57424cc6dcabf591a706576305a502186f258c762f62b258748ca206e14fb55d90dec1831ce13a7b7ece7feda46a3e4f0ca7f835088cff039a7ab97608f70bfe2ae1b9a70fb94000e16eabd25894e883fa11f4c34fbdf76c136e970ec74185ffb6ea8b2f1297bca90aee2240d172394b5c17a27b8c04f5f138f253b2530bfc6cff0b0cd7f82f11bf409aa88c2775eb9fac76ac1def347c419503957ae6edfdd021158a915d89d037b3281d9e94e0e10ef3d19719717b3d081337079c6b4773930a6efd21c6bdc32e8f49fc2e6045e7c9f9958211911a218f4baa140c91935955499874ebc596e0c356ac669c8681e9e54248597dd8ebfa18697dd36e639a3c2ddac50ac7fda5141a0dc6f4c485d77b6ecc4073946c5c1d921aecd4f0828534672ebccbc06457529550806714faaa48e22399779e5afd4bfe812d31b813e1987f038c080a52e2998bd10e1e81283c6546f40b805691ea6a428c0c060879091fa13ecfae22c41c441418de8e47cfb759d6d764af563bbc58bc1d03fe47a35d10264bbd1dae2f50f40fd84d3b596a6124a5b2b266ac6d208aa700ba73562000269e61b8e9d34bbd1186c7c739ecc36d181689655e2e85ebf800ec9e86d23071077ca4855114bc635383e39082c0d6d2dc26a8ee4ee1b14424eb4c6a21825f0dff4eb1f990b0e5629920a18f9491f5e3dd97b38d870c02e4add94e3609a36179fdcf3c11632fa0370fc9203e87a0eb3e4d906626144de0cdda4ab65d92cca29700cc547b28b5506956d5ab1ec05bd9bb401c09350a3c6ca45780c2e4f633b6896645925d7cfb0e5c95a92220d98805dec7036a92aa0d07c303b558f10ad59204e6cc8930c25d02878c0158e37f1bbd8b217ec6bb45dd958664c8a0bad56f978504eab598e7cc476627d77a8ce192b1d1ac2cde43f2162b2e548e7a81c33440766f4f976c697665bd317c15ac8ccbeb089410a0567c3991432934f56ec6013e495cdf01148470b6328502ef1edf685479bc538456f0ed29a2549c863742d5ccd33fcb21a5b64700c3037585f4e658f83a9d9bb56e178ff561a42e34470a8b7fe3b3febd3e1ee485e31c61015bd49e944288e190d32ad49aed4f22f027cae2f85ec147ff6347db0ba3ec5994b27c03029a50fa51d68cb9df71f8927fbf2b61ff330089a48e20cfd35d67be2d39818cc5906eb88debdb45e708750f26f58f4d1241fca1c8655aa7b21bdd017c4db580ad0d63a30d0cd53ea9202996ee2de3f1a0e1f2503b828baa34e81bb54907dfc019e06738842d3732b98364b904bc4505844a50bfa8e64e5508b4aa359c9912fb60b5bd635b17c2fb50c00fcd882ba505d50aa9c2e05e893045d567320383b695c888203433b06ab02d1efe9206ed5672b574a0081091f5204e1db23ce9b190ad46f178e28d985223779b7a042ff94b16692ed8ff44af31533d16f86bf57e33cdf897fa3d641b6c94c07df408ff983e050fabbf3d66f1f7e747fe6122b372e8a1c5c4857a264e55092f309f38b3b644cb0101d912f3f297722c68a2aa2214411145ccdab4072b8a23a48126b5e426ece306b35faac9e10b7b8ce6c1953daea67a7b6fd262c7ecb33b658c66935f1f0a5827add9c82e25b23597fff5d4b5be89bdbce10dfb8545cee84e8c68ee9a4f4b86597025f985f118459f5f3c86d9ee445ad45b4dbb4252e356180c6a0326a76ea500477246a41d64c582dcd158b0f7476290f689707e263c1ec6ba9e07fce8f34e1acd62d5dd2b7ca22654f6792ee880185461917e4c02b8104ea2ac3cbeace5d123b631105ee71eb7e0b9078fb0bcc5361efd4f8955b0d8c296665beddabb8f620755670b41e88c22d75570d317def0828ecbff339467ef11899c8ae769f658b574f59fa72fdc9565cc22a6153daa1f4d05ae9d8e710b729cd3c096e6e12cafc0f509cb87f226100016c0e23801b8c571358f94f07df4c5a658cc09c1cd08919ed94ca7d1c61fb7beef51d5fb55db121ce278a83b9eaaef91b790927593d12078f0bd7aa279a615a245b63a86182bcc0116b828b3e551370f5e045e538c693b66acd0fd1620ad0aa561e51de640dc380bb273fa8f43794c1de5bc73cf86a4f8e8449346b50309c060f6d26fe70fccb90d3e8205e6f3046e36358b1dfb2573fe1462a5114a549a57b0d4f8d848c5c1a85686d1198c2821e27f87e0868fab65c2aa30c8b03fd7def12ea7fd986f71814147ea2789aabbbca8b931d5e777c07e41b6072ec41fd589982d3f3bc964a8faa39fa6fde82d4f72000cf14636d61e88b0886bdeade23da26eafa3cc3c8c6524ea9868ff472fa36ecae08e0ad9d1c04fcdd52ce4cd0bf275dc0d94c9eebd44b5aa57635ec6ce102b18d6ef8e9a99b19aa6131ecb9bac2e361d1bfa5a4ab499e4e26645db7181de03d9ca237c6c2ebd050ed2c47662f2a4e0dcb3e62fa99c0222d3a6c67f43c502d3e87021d8886cf55b345fb99c3c18b505aee40deb81298e1062a5d9528edbfac1f21eed6fc10a265b43028d648b9be81b59fd956211e7e969ced26fb06063ad47e06fcd4efc0ef02476b89e0927bda99ce7655c59494786e2c85390ba393e5603fdb7d945f5854864df6c155d0d56c6385edf0e284f16605096a61798ad10128da9d6dfeb6888118edbc745e80e47046e39e0c608c5e782e3bedf75bb57f39306750515ffba0737e486e1fdd00a99182f8192360eede1a0c0c24c912c285173e18755aa1fb158b39d6b2f5d0305f6aaa580e5099593d833d0d7abc1bc4a0cb790c2f0dc81413bd139b5e770116373a7ee13e08b15a47dd7728634626976e0e77a87357fffe166a4a3c1acf36e5119d4ba92d7d207c3de48077826d851c7dac3a4975684a05124faae89536353f50872107437c527e5e925f26c69cab61860fd1f1aa801f3c59e5114c06bb36cd68100a7ed5254eb254cdb2820392c98887b26f5aadd21c018cfec7fdb1ce6e77f4c482674e49a492d0551f1620dfe1b44006b246e846a2c23648a6e64f95b38e301aa7a4e8edfa8343e59c9d552985f743668e6ddb1d15c88714d558dffa835eb3fd294351d02ae6f2b88893c6119777ac645b0d8c3682d76ae6ff276c97b653bfdeb0c0eb69173845a43572d021d35204578aab2722b306bb250f459438a6f9e77bf164076cd191da650bbd21ee6b73106e272ce91eb54e774bda547a3292f656956b3882c0f6ead261c5efb250bca2c6134ed9182566ca17568ee2a96e2640de600e0b091b0cf54eb09dd14df2ee4d5d31c4bdaa7a4214692ee24c520d02da8cd51c9d300c7ab8fd7b134cb86eaf721d964e9281f2add581aa81f87e9c558a14d70d5e9b8b8b2e996d04f25b46f75b37a0e3a3552446b43536094f3ef7279b72c2bb521f3f67c041cde5930d4a9bb9c80499ada1bcddba72452d072735bc00d1dd3505c3a1b1a941f6405a91eb9e1743143c05c1e530833a78057e541ce26ce30fea49fe6fba733e6fef6a88e6218754e8b94e2dea20a0b95e92f1e72fa2b8c34b3a29b787af127fe960fd3cefee253318e241b56767720459ad7adcfeee140592664050490c94698358ff1d8cf4180e94ade19224bb0c750c3777e482801b0d706b5d2ab27fa34e5463099ec432c60b586d3d19d2301fb3624bfc484e082688dc1203c65bd58af2e156469378a470e8037e90f52f0b912347b72e1cee53c00f68407c0fa26feab90221036504b9d2364e2183c6e6919d7d44569a29908548e358a8261fa8a3a446945ccfebe959aeaa44b365d23e7bc0a65219eb4e431804c9d3836ed3ef6e318825c83099f0be43b34138e3d7dfa33ea808f4f129006292dbc57b8b4e657700d8598f265d36d022729656d28fa031f1bce4553fff3c7451a2fc8ca13c286d638656fce71b6d26e61e52b81647cd503626544140f7c04da2235d5c3312e04d5a2a8dec748c73769a7861a0f277d221777b69abc596d4dfb4f6bf55994aaa5c00b0ab7e0898b8d58572981c937fddb83ac95d9af84144be1a41fcbd75a9ea630a85bf1f6deab4c21994af09fc217caa4cd5cd35d179256ffb06543b0050ec1adef2e8376a7ed89119d35e4258a1766c874148e4ca718c44983345592b9ed3dce04d1b15a38c17dee379a81652a162bc0dd329e1afdceec4e584c7e1e4724df7793cb99fd25afeb6359a1865046180c5f0db091d46cdef7bd21bc09fd46e620e3cacacfb4f38215c9a33be69d1b09519ad37e2a9cd1d85d142e42ee87612f66173bea27863899af53d563ca92e5d19e3dfa9b35d231dd76ef7c354577bb7f976922d66afd32b95d791b760621d18426488d3300c41906ee059aa62aa9f61324660e66ad334acb85c349caf0d83836b4b165f439c66373b7098d0adc1d41b2eef38232a5bd6e7306af233233e73dd115c6864323afb6cd8c8c7abfaf059462e1013d02ecc535d6d3d7e90b435ce240bf890ea2a5f1cedfef49f8a3fbb6c0a201abadba551838fa4534ff0a18273fecff38f4299185ef2953d67bf8babdcae76ecafee2a707428815face90257d7137ede1ac0f4e7bbc1adbec69eda9474a6d06b7ef2fd0c834a86c2b2203d4465ba00008c81034624dfbe6940f3dbe58879543a604194b195b777347c869894bab48eb608c5d88dc7a6a19ebe10d9ab7c1ecc4a6b0471e4f614db1b2139fc372f5b5b371e9b2158d9d38e27b35632ebb18290433de162576a78609153f000353940932403453ca9d270200afe30295149acf1cfd16c5b2ab8d35d218feb89c409a16c65168d646a529734d28d4f8f5750542a6c87f650a7c76fe27341284ced682b67a58b7c7bf363273c21343de54e8079810ca93b6933f8d5c3846737a6d23b4ac35be318769d93c84ebf954cae162c5d61d9784e61060212b4aed117c887cd5858c2c27c24fbe99a977d65002403a7c32d5cd002f85e659453c79225e03336ea1357acc6d7c87e0f8e1ef5f77a68e23996e04ea797a7d33bbda1e3e8092e86eb36620d8a23438e837c5cb843687d0607ac07f3c164abe7c55cd739d775de0cfde3bc267422b7b2e590ae36e2d8d0a6926998e4cb967090fa30285b71c0049c469c3d7a1f8b3075ef4aa37681d876482fa206e3a5bd9f336c655e603ada57ae638fd07885c97f488f4255e5e342057c0218fe927d3c3795e86fc58aedb2ad6f92b8b23fb8029237354f3c1da4d3ec4f9b72c88bf64fafa01c8371bee44b69d1ebc4986becd7cf6b33455c5415f97bee6a3afc7e0d734d84c33241f3b88b22f33ebaca3eab895d73dbdb7c5a", 0x1000) getsockopt$inet6_int(r1, 0x29, 0x3, &(0x7f00000000c0), &(0x7f0000000040)=0x4) r4 = syz_open_dev$adsp(&(0x7f0000000080)='/dev/adsp#\x00', 0x9, 0x20000) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX_OLD(r4, 0x84, 0x6b, &(0x7f0000000180)=[@in6={0xa, 0x4e22, 0x3, @remote, 0x37}, @in6={0xa, 0x4e21, 0x4, @mcast1, 0x6}, @in6={0xa, 0x4e22, 0x4, @empty, 0xfa32}, @in6={0xa, 0x4e22, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0xae3}, @in6={0xa, 0x4e23, 0x4, @loopback}, @in={0x2, 0x4e21, @broadcast}, @in6={0xa, 0x4e22, 0x5, @local, 0xfff}], 0xb8) 15:27:02 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'team_slave_1\x00', 0x0}) r2 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x777118cb11320bef, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=@newlink={0x34, 0x10, 0x501, 0x0, 0x0, {0x0, 0x0, 0x0, r1, 0x3200}, [@IFLA_LINKINFO={0x14, 0x12, @ip6gre={{0xc, 0x1, 'ip6gre\x00'}, {0x4}}}]}, 0x34}}, 0x0) mknodat(r2, &(0x7f0000000100)='./file0\x00', 0x1, 0x6) r3 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000140)='/dev/qat_adf_ctl\x00', 0x8040, 0x0) ioctl$UI_SET_PROPBIT(r3, 0x4004556e, 0xe) [ 1490.972540][T12113] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 1491.001232][T28375] QAT: Invalid ioctl [ 1491.018948][T28376] QAT: Invalid ioctl 15:27:03 executing program 5: syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xad, 0xa5, 0xbc, 0x8, 0x12d1, 0x142c, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x8, 0x0, 0x2, 0x2f, 0x4, 0x1, 0x0, [], [{{0x9, 0x5, 0x8f, 0x2}}, {{0x9, 0x5, 0x2, 0x12}}]}}]}}]}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/dlm_plock\x00', 0x50000, 0x0) renameat(r1, &(0x7f0000000000)='./file0\x00', r2, &(0x7f0000000100)='./file0\x00') socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x3c) setsockopt$inet6_IPV6_PKTINFO(0xffffffffffffffff, 0x29, 0x32, 0x0, 0x0) 15:27:03 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x1) [ 1491.212342][T12113] usb 2-1: Using ep0 maxpacket: 16 [ 1491.302390][ C0] net_ratelimit: 12 callbacks suppressed [ 1491.302412][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1491.314471][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1491.320944][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1491.327234][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1491.333478][T12113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1491.333701][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1491.344564][T12113] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1491.350588][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1491.363249][T12113] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1491.378318][T12113] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1491.389395][T12113] usb 2-1: config 0 descriptor?? [ 1491.444259][T27852] usb 6-1: new high-speed USB device number 89 using dummy_hcd [ 1491.692140][T27852] usb 6-1: Using ep0 maxpacket: 8 [ 1491.812227][T27852] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 1491.820522][T27852] usb 6-1: config 0 has no interface number 0 [ 1491.827103][T27852] usb 6-1: config 0 interface 8 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 1491.837106][T27852] usb 6-1: config 0 interface 8 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1491.850954][T27852] usb 6-1: New USB device found, idVendor=12d1, idProduct=142c, bcdDevice= 0.00 [ 1491.861179][T27852] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1491.871154][T27852] usb 6-1: config 0 descriptor?? [ 1491.924146][T27852] usb-storage 6-1:0.8: USB Mass Storage device detected [ 1491.953910][T27852] scsi host1: usb-storage 6-1:0.8 [ 1492.128362][T19754] usb 6-1: USB disconnect, device number 89 [ 1492.134959][T12113] usbhid 2-1:0.0: can't add hid device: -71 [ 1492.141074][T12113] usbhid: probe of 2-1:0.0 failed with error -71 [ 1492.155638][T12113] usb 2-1: USB disconnect, device number 92 15:27:04 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:27:04 executing program 3: r0 = syz_usb_connect$hid(0x0, 0x3fe, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000000000406a05d20040000000000162c71b210100000000090400000903010000092100000001220100090581030000000000"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000500)='TIPCv2\x00') sendmsg$TIPC_NL_UDP_GET_REMOTEIP(r3, &(0x7f00000006c0)={&(0x7f00000004c0)={0x10, 0x0, 0x0, 0x80000001}, 0xc, &(0x7f0000000680)={&(0x7f0000000540)={0x108, r4, 0x1, 0x70bd26, 0x25dfdbfb, {}, [@TIPC_NLA_NET={0x40, 0x7, [@TIPC_NLA_NET_ADDR={0x8}, @TIPC_NLA_NET_NODEID={0xc, 0x3, 0x1}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x99}, @TIPC_NLA_NET_ID={0x8, 0x1, 0x4}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x49d}, @TIPC_NLA_NET_NODEID_W1={0xc, 0x4, 0x80}]}, @TIPC_NLA_SOCK={0x34, 0x2, [@TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x7f}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x7}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2}, @TIPC_NLA_SOCK_ADDR={0x8, 0x1, 0x2702}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}, @TIPC_NLA_SOCK_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_LINK={0x74, 0x4, [@TIPC_NLA_LINK_NAME={0x14, 0x1, 'broadcast-link\x00'}, @TIPC_NLA_LINK_PROP={0x4}, @TIPC_NLA_LINK_PROP={0x1c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xc}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x400}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0xfffffc00}]}, @TIPC_NLA_LINK_PROP={0x3c, 0x7, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x8000}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x18}, @TIPC_NLA_PROP_TOL={0x8}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x80}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x4}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x3}]}]}, @TIPC_NLA_MON={0xc, 0x9, [@TIPC_NLA_MON_REF={0x8, 0x2, 0x1}]}]}, 0x108}}, 0x60040800) r5 = syz_open_dev$dspn(&(0x7f0000000040)='/dev/dsp#\x00', 0x9, 0x400000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r6) r7 = fcntl$getown(r6, 0x9) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000440)={r5, 0xc0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, ""/16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=0x6, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x0, 0x1}, 0x0, 0x0, &(0x7f00000002c0)={0x5, 0x7, 0x3, 0x9}, &(0x7f0000000300)=0xffffffff, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=0x80000001}}, 0x10) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000480)={r7, r9, 0x0, 0xa, &(0x7f0000000140)='/dev/dsp#\x00', r10}, 0x30) r11 = syz_open_dev$audion(&(0x7f0000000700)='/dev/audio#\x00', 0x8, 0xa000) getresgid(&(0x7f0000000740), &(0x7f0000000780), &(0x7f00000007c0)=0x0) ioctl$TUNSETGROUP(r11, 0x400454ce, r12) getsockopt$inet_sctp_SCTP_GET_ASSOC_ID_LIST(r5, 0x84, 0x1d, &(0x7f0000000080)={0x2, [0x0, 0x0]}, &(0x7f0000000100)=0xc) dup(r1) setsockopt$sock_int(r1, 0x1, 0x27, &(0x7f0000000000)=0x8, 0x4) syz_usb_control_io(r0, &(0x7f00000001c0)={0x2c, &(0x7f0000000200)={0x0, 0x0, 0xd, {0xd, 0x0, "341e0390831aeee08a7513"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 15:27:04 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x1) 15:27:04 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:04 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1492.662481][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1492.668843][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1492.675410][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1492.681678][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:27:04 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(0xffffffffffffffff, 0x400455c8, 0x1) 15:27:04 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:04 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x0) 15:27:04 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1492.906101][T27852] usb 6-1: new high-speed USB device number 90 using dummy_hcd [ 1492.914991][T12113] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1492.963332][T19754] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 1492.997274][T14648] Bluetooth: hci0: Frame reassembly failed (-84) 15:27:05 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1493.152240][T27852] usb 6-1: Using ep0 maxpacket: 8 [ 1493.202867][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1493.282469][T27852] usb 6-1: config 0 has an invalid interface number: 8 but max is 0 [ 1493.290724][T27852] usb 6-1: config 0 has no interface number 0 [ 1493.297145][T27852] usb 6-1: config 0 interface 8 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 0 [ 1493.307125][T27852] usb 6-1: config 0 interface 8 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 1493.316932][T27852] usb 6-1: New USB device found, idVendor=12d1, idProduct=142c, bcdDevice= 0.00 [ 1493.326120][T27852] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1493.332540][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1493.344286][T27852] usb 6-1: config 0 descriptor?? [ 1493.345497][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1493.363271][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1493.372488][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1493.381254][T12113] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1493.389138][T12113] usb 4-1: can't read configurations, error -61 [ 1493.390506][T27852] usb-storage 6-1:0.8: USB Mass Storage device detected [ 1493.396980][T19754] usb 2-1: config 0 descriptor?? [ 1493.445967][T27852] scsi host1: usb-storage 6-1:0.8 [ 1493.562213][T12113] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1493.593344][T27852] usb 6-1: USB disconnect, device number 90 [ 1493.982344][T12113] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1493.990178][T12113] usb 4-1: can't read configurations, error -61 [ 1493.997592][T12113] usb usb4-port1: attempt power cycle 15:27:06 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:06 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1494.159777][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1494.166601][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1494.195574][T19754] usb 2-1: USB disconnect, device number 93 15:27:06 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:27:06 executing program 3: r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$HIDIOCGUSAGES(0xffffffffffffffff, 0xd01c4813, &(0x7f00000002c0)={{0x3, 0x2, 0x97, 0x5, 0xa36, 0x3}, 0x3e5, [0x1, 0x4, 0x1, 0x6, 0x4, 0x2, 0x9, 0xc73, 0xfffffc01, 0x3, 0x6, 0x80000001, 0x1, 0x9, 0x9, 0x7, 0x1, 0x7fff, 0x150, 0x4, 0x100, 0x8001, 0x6, 0x3, 0x2, 0x5, 0x0, 0x7fff, 0xffffffff, 0x3f7c, 0x8000, 0xad185c9, 0x8, 0x2a1, 0xfffff471, 0x6, 0x20, 0x0, 0x7, 0x80000000, 0x5, 0x3, 0x80, 0x1000, 0x1000, 0x10001, 0xed8, 0x7f, 0x800, 0x800, 0x1e0e, 0x5, 0x0, 0x6, 0x99c, 0x5, 0x7, 0xffffffe0, 0x5, 0x7fffffff, 0x37, 0x0, 0x0, 0xffffffff, 0x7, 0x2, 0x7, 0x1, 0x0, 0x1, 0x2, 0x30, 0x41, 0x7f, 0x0, 0x5fff, 0xfffff000, 0x7fff, 0x1ff, 0x3, 0x0, 0xfffffffd, 0x6, 0x9, 0x4, 0x3, 0xfff, 0x65ce3e1f, 0xea40, 0x5, 0x200, 0x7, 0x6, 0x81, 0x7f, 0x6, 0xd331, 0xec, 0x100000, 0x7f, 0x0, 0x8, 0x3, 0x5, 0xad, 0xff, 0x16, 0x9, 0x1af4, 0x0, 0x0, 0x0, 0x38f, 0x2, 0x8, 0x41, 0x3, 0x2, 0x3ff, 0x3, 0x0, 0xa8, 0x9, 0x2, 0x8e80, 0x5, 0x3ff, 0x8, 0x73, 0x2, 0x7f, 0x1, 0x3ff, 0x7, 0x7, 0xffff, 0x6, 0xfffffffa, 0x25e, 0x8000, 0x9, 0x400, 0x6, 0x7, 0x8, 0x6, 0xffff, 0x1, 0x80, 0x2, 0x4, 0x4, 0x8001, 0x7fff, 0x1f, 0x2, 0x401, 0x8, 0x6, 0x7, 0x10001, 0x0, 0x80000000, 0x0, 0x4, 0x8, 0x401, 0x5, 0x27, 0x0, 0x2, 0x80000000, 0x1, 0x2, 0xd7c4, 0x9, 0x0, 0x5250, 0xa66c, 0x5, 0x8, 0x8, 0x4, 0x2, 0xfff, 0x5fe, 0x401, 0xc000000, 0x800, 0xc62f, 0x7, 0x7ff, 0x7fffffff, 0x5, 0x5, 0x2, 0x101, 0x0, 0x7, 0x100, 0x7d, 0x7, 0x20, 0x7, 0x3a4, 0x6, 0x3, 0x0, 0x7, 0x7f, 0x4, 0x7, 0xbc7, 0x10001, 0x20, 0x1, 0x7, 0x2, 0x1, 0x3, 0x7f, 0x3, 0x4, 0x5, 0xfffffffa, 0x8, 0x101, 0x6, 0x9, 0x7, 0x10000, 0x4, 0x82da, 0x61c, 0xbab0, 0x8000, 0x8, 0x18000, 0x5, 0x5967, 0x1, 0xfffffffc, 0x8, 0x1, 0x100, 0x5, 0xc3, 0xa1, 0x800, 0x4, 0xf0000000, 0x8000, 0xfff, 0x3f, 0x7, 0x36, 0xdf, 0x401, 0x7, 0x8, 0x2, 0xffff5313, 0x2, 0x10000, 0x6, 0x10001, 0x4, 0x80000001, 0x8, 0x1ff, 0x0, 0x6, 0x2e, 0xa83, 0xc76, 0xce, 0x2, 0x6, 0x9, 0x0, 0x9, 0x7, 0x1, 0x6, 0x3, 0x3ff, 0x10000, 0x10000, 0x9, 0x7fffffff, 0x2, 0x1, 0x4, 0x3, 0x7f, 0x200, 0x0, 0x3, 0x800, 0x3, 0x80000000, 0x7fff, 0xb0d5, 0x4, 0x5, 0x8, 0x5, 0x0, 0xfffffffe, 0x5, 0x5, 0x80000000, 0x5, 0x0, 0x5, 0xff, 0xfff, 0x101, 0x0, 0xaf61, 0xff, 0x8, 0x2, 0x2, 0x800, 0x7, 0xfff2, 0x4, 0x3, 0xfb, 0x84, 0x2, 0x5, 0x3f, 0x20d4, 0x0, 0x20d3, 0xffff, 0x2, 0x1000, 0x0, 0x5e13, 0x80000001, 0x7, 0x4, 0x7, 0xf729, 0x24c5, 0x8, 0x400000, 0x7, 0x1ff, 0xf6cf, 0x5f, 0x5, 0x4, 0x9, 0xc76d, 0x72c0, 0x8, 0x10000, 0x1, 0xffffffff, 0x7fffffff, 0x7aa, 0x9, 0x0, 0xffffffff, 0x1, 0x8, 0xdc5c00, 0x8001, 0x4, 0x3, 0x7ff, 0x80, 0x1, 0x8, 0x2, 0xd9, 0x16b, 0x2, 0x4, 0x6, 0x40, 0x1f, 0x3ff, 0x1ff, 0x5, 0x5, 0xfffffffa, 0x7, 0x8, 0x6, 0x401, 0x5, 0x3ff, 0x7fffffff, 0x10001, 0x8, 0xc6, 0x1, 0x4, 0x7, 0x10001, 0x3, 0x1, 0xe5, 0x8001, 0x3, 0x20, 0x8, 0x3, 0x0, 0x3f, 0xff, 0x9, 0x5, 0x7, 0x2, 0x80000000, 0x6, 0x1, 0x81, 0x6b00, 0xff, 0x6, 0x8642, 0xd06, 0xfffffff9, 0x8001, 0xe2e, 0x6, 0x6, 0x4, 0x9, 0x80, 0xe4c, 0xdbd1, 0x1e23, 0x3ff, 0x40, 0x2, 0x4, 0x2, 0x80000000, 0x5, 0x1, 0x6, 0x16db, 0x80000000, 0x200, 0x5, 0x1, 0x2, 0x80, 0x4, 0x285, 0x4, 0x2, 0x1, 0x0, 0xea, 0x6, 0x3, 0x9, 0x20, 0x200, 0x20, 0xffffffff, 0x0, 0x1, 0x2, 0xd6da, 0x6, 0x9, 0x4, 0x7, 0x6, 0x5, 0x2, 0x0, 0x0, 0x7, 0x9, 0x1, 0x5, 0xfff, 0x7fff, 0x80000000, 0xda7, 0x1, 0x4, 0x2, 0x9, 0xfffffffe, 0x6, 0x1, 0x1ff, 0x1f, 0x8c9c, 0xe58, 0x0, 0x8, 0x3, 0x0, 0x1000, 0x5, 0x40000000, 0x2, 0x3, 0x2, 0x200, 0x7262, 0x3bc, 0x3, 0x10001, 0x7, 0x3, 0x9, 0x5, 0x0, 0x1, 0xa0d, 0xae6, 0x3, 0x2a33, 0x5, 0x10000, 0x593, 0x100, 0x5, 0x5, 0x87ac, 0x1, 0x6, 0x0, 0x6, 0x2, 0x1, 0x5d4d, 0x5, 0x9c, 0x4, 0x58e1, 0x1, 0x1, 0x7f, 0x3, 0x10000, 0xd8c, 0xffffffff, 0x4, 0x4, 0x8, 0x6, 0x86, 0x7, 0x5, 0x5, 0x1ff, 0x7, 0x9, 0xffffff4c, 0x3, 0x1, 0x3, 0x8001, 0xb8502d17, 0x5, 0x6, 0x9, 0x9c6f353, 0x5, 0x0, 0x292, 0x5, 0x3, 0x7ff, 0xd9, 0xfffffff7, 0x80000000, 0x2, 0x0, 0x1, 0x5, 0xf0, 0x2, 0xffffffff, 0xfffffffc, 0x7fffffff, 0x7fffffff, 0x101, 0x2444, 0x5, 0x3, 0x4, 0x9, 0x81, 0x129f, 0x76ea, 0x5, 0x40, 0x8, 0x80000001, 0x9, 0x5, 0x8, 0x4, 0x8001, 0x81, 0x3500, 0x9, 0x6, 0x2, 0x3, 0x1000, 0x7fffffff, 0x5, 0xfb, 0x1, 0xffffff80, 0x200, 0x4, 0x0, 0x401, 0xffffffff, 0x401, 0x1, 0x2, 0x7f, 0x10001, 0x8000, 0xffff, 0x2247, 0x50, 0xfffffe01, 0x5, 0x2, 0x6, 0xd3, 0x4, 0xfff, 0x80000000, 0x40, 0x1d5, 0x1, 0x400, 0x7, 0x10aaed9f, 0x1, 0x0, 0x5, 0x8000, 0x800, 0x3, 0x8b7c, 0x3c94, 0x1ff, 0x9, 0x67, 0x5, 0x7, 0xf75, 0x0, 0x80000000, 0x5, 0x80, 0x1, 0x7ff, 0x9, 0x1, 0x365, 0x6, 0x8, 0x370354a4, 0x6f91, 0x81, 0x5, 0x361, 0x7fffffff, 0x5, 0x5, 0x1, 0x4, 0x5, 0x2, 0x6, 0x1, 0x2, 0x5, 0x6, 0x7, 0x1, 0x6e9d, 0x5, 0x400, 0xf5, 0x3, 0x6b0, 0x7ff, 0x3, 0x7, 0x7, 0x9, 0x10000000, 0x5, 0x8, 0x1000, 0x5, 0x2, 0x8, 0x4, 0x2, 0x3, 0x2, 0xeec, 0x7, 0x9, 0x9, 0xffffffe0, 0x9, 0x5, 0x3, 0x0, 0x2, 0x3ff, 0x6, 0x3ff, 0xd88, 0xffff7fff, 0x0, 0x8, 0x4, 0x0, 0x10000, 0x5a4, 0x0, 0x12db, 0x1, 0x9, 0x80, 0x9, 0xd10, 0x8000, 0x3, 0x1, 0x6, 0xffffffff, 0x8, 0x0, 0x2, 0xef1, 0x9, 0xffffffff, 0x38, 0x100, 0x1, 0x1f, 0xfffffffe, 0x100, 0xf040, 0xff, 0x1, 0xff, 0x4, 0x9, 0x9, 0x1, 0x2, 0x7, 0x8, 0x200, 0xe4, 0x7, 0x6, 0x441, 0x80000000, 0x401, 0x5, 0x1, 0x81, 0x0, 0x5, 0xbd2, 0x3, 0x7, 0x5, 0x8001, 0x1000, 0x10000, 0x8000, 0x19, 0x0, 0xffff, 0xff, 0xfff, 0x5, 0x4800, 0x5, 0x5, 0x2, 0x6, 0x100, 0x747, 0xfffff801, 0x7, 0x80000000, 0x4, 0xff, 0xfffffffa, 0x8f, 0x400, 0x61, 0x2e58, 0x4, 0x0, 0x100, 0x8, 0x401, 0x7, 0x9, 0x7, 0x5, 0x7, 0xd16, 0x1f675764, 0x10000, 0x1ff, 0xffffffff, 0x7, 0x3, 0x7f, 0x4, 0x5, 0x101, 0xff, 0x101, 0x7, 0xd0e, 0x7ff, 0x0, 0x40, 0x61, 0x7, 0x8000, 0xcd5e, 0x8, 0x1, 0x1, 0xffffffff, 0x100, 0x7f, 0x7fff, 0x101, 0x8, 0xffffff4b, 0x963, 0x1ff, 0x5595, 0x1, 0x3, 0x800, 0xcb, 0x401, 0x5, 0x5, 0x2, 0x52, 0x0, 0x77b6, 0x1f, 0x5, 0x0, 0x796, 0x3098, 0xfffffffa, 0x80000001, 0x6640, 0x8, 0x1, 0x40, 0x3, 0x2, 0x437, 0x8, 0x4, 0x7, 0x5, 0x7f, 0x4, 0x179, 0x9, 0x0, 0x4, 0x80, 0x20, 0x6, 0x7ff, 0x3f, 0xc6f6, 0xffffffb3, 0xec2f, 0x5, 0xcab, 0x5, 0x1, 0x3a4, 0x0, 0x7, 0x0, 0x4, 0x80, 0x3, 0x1d589008, 0x9, 0x6, 0x3ff, 0x101, 0x0, 0x0, 0x8001, 0x9, 0x7fff, 0x0, 0x80000001, 0x0, 0x7fff, 0x2, 0x5cb, 0xfffffffe, 0x7, 0x400, 0x7, 0x800, 0x3, 0x40000, 0x3, 0x77, 0x7, 0x0, 0x0, 0x7, 0x8, 0x80000001, 0x2, 0x6a5, 0xa3b, 0x1, 0x1, 0x8, 0x4cfc, 0xca, 0x5, 0x10000, 0x7, 0x0, 0x1, 0x73a, 0x401, 0x4, 0x7, 0x10000, 0x17cd849, 0x800, 0x7, 0x81d, 0x4, 0x7f, 0x3ff, 0x80000001, 0x1, 0x5, 0x1, 0x81, 0x30a000, 0x0, 0x0, 0x1, 0x7fffffff, 0x47c, 0x101, 0xffffffff, 0x75e, 0x1, 0x7, 0xcb, 0xffffffff, 0x400, 0x5, 0x100, 0x8, 0x4, 0x2, 0x9, 0x6, 0x800, 0x8, 0x0, 0x7, 0x1f, 0x3f, 0x4, 0x1f, 0x81, 0x8, 0x8001, 0x8, 0x800, 0x7, 0xffff, 0x2, 0x8000, 0x101, 0xf9, 0xed78, 0x4, 0x7, 0x4ac8, 0x2, 0x1, 0xffffffff, 0x1bc, 0x1]}) r2 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$sock_bt_hidp_HIDPCONNADD(r4, 0x400448c8, &(0x7f0000001400)={r0, r2, 0x4, 0xd7, &(0x7f0000001300)="bbe4216433d01906b24c7e85ff7c205e0124e3e6d728c42de36acf02b1e2f515e19be5b1f9e61b42975abb9a395622db330c55731e5dd3dd592b6ec15de2bc791c1e0ee2f3b01985c0148ddbc71d04e9671218a42918c9e2e3c0287c66995349db09998170a84d88e34c98b23e171726f56daac66f3fd1c2324371d11e7af94a85de79c290a002b2d59e3f73cb17a13915b1b216bf615640edb04abffd838504ca5d30245e529bcdb6aa6b2ca920d76f20740067a4f3b788bce34c94490e6eb92cdafc58bb9c6cc07ae7029470de3d97fef43bf2b96aa8", 0x1f, 0x6, 0x1f, 0x8, 0xffc1, 0x1, 0x5, 'syz1\x00'}) getsockopt$inet_opts(r0, 0x0, 0x9, &(0x7f00000001c0)=""/251, &(0x7f0000000000)=0xfb) sendmsg$nl_route(r2, &(0x7f0000000180)={0x0, 0x3b1, &(0x7f0000000140)={&(0x7f0000000080)=@setlink={0x30, 0x13, 0x780192b5fdf635ff, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x20000}}, 0x30}}, 0x0) [ 1494.714405][T12113] usb 4-1: new high-speed USB device number 32 using dummy_hcd 15:27:06 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1494.818491][T28442] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1494.848208][T28445] netlink: 16 bytes leftover after parsing attributes in process `syz-executor.3'. 15:27:07 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1494.924166][T27852] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 1495.062184][T28149] Bluetooth: hci0: command 0x1003 tx timeout [ 1495.068430][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1495.172149][T27852] usb 2-1: Using ep0 maxpacket: 16 15:27:07 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:27:07 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1495.292334][T27852] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1495.303470][T27852] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1495.316585][T27852] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1495.325876][T27852] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1495.408308][T27852] usb 2-1: config 0 descriptor?? 15:27:07 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1496.153376][T27852] usbhid 2-1:0.0: can't add hid device: -71 [ 1496.159640][T27852] usbhid: probe of 2-1:0.0 failed with error -71 [ 1496.174768][T27852] usb 2-1: USB disconnect, device number 94 [ 1496.822272][ C1] net_ratelimit: 16 callbacks suppressed [ 1496.822291][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1496.834240][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1496.840535][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1496.846834][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1497.142045][T27852] Bluetooth: hci0: command 0x1001 tx timeout [ 1497.148269][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1497.542281][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1497.548394][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1497.554563][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1497.560552][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1497.566676][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1497.572667][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1499.222042][T12113] Bluetooth: hci0: command 0x1009 tx timeout [ 1503.062329][ C1] net_ratelimit: 20 callbacks suppressed [ 1503.062343][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1503.074297][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1503.080419][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1503.086519][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:27:15 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:15 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x0) 15:27:15 executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000000000040ac050e02f646aef800010902240001010000000904000009030102000921000000012200000905810307000000004ebb92afc89f2d1efa16463fd1a96a98d0a787fd5292a1734fb74fb4b0afb57c450d9f816e52d78e2159f697fc0688411b30"], 0x0) r1 = syz_open_dev$evdev(&(0x7f0000001b80)='/dev/input/event#\x00', 0xea, 0x0) r2 = syz_open_dev$hidraw(0x0, 0x0, 0x201) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) getsockopt$TIPC_IMPORTANCE(r4, 0x10f, 0x7f, &(0x7f0000000040), &(0x7f0000000080)=0x4) write$hidraw(r2, &(0x7f0000001200)='\x00', 0xffffff45) r5 = syz_open_dev$media(&(0x7f0000000000)='/dev/media#\x00', 0x9, 0x50040) ioctl$SG_GET_REQUEST_TABLE(r5, 0x2286, &(0x7f0000000200)) ioctl$EVIOCGABS0(r5, 0x80184540, &(0x7f0000000380)=""/215) ioctl$EVIOCGRAB(r1, 0x40044590, &(0x7f00000001c0)) syz_usb_disconnect(r0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r8) dup2(r7, r8) 15:27:15 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:27:15 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = gettid() process_vm_writev(r1, &(0x7f0000000000), 0x1000000000000044, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xe7}], 0x1, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f0000000140)=ANY=[@ANYRES16=r1], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:27:15 executing program 5: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_AGP_ALLOC(r3, 0xc0206434, &(0x7f0000000180)={0x0, 0x0, 0x30001, 0x6}) ioctl$DRM_IOCTL_SG_ALLOC(r1, 0xc0106438, &(0x7f00000001c0)={0x2, r4}) r5 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dsp\x00', 0xc0082, 0x0) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r5, 0xc01064b5, &(0x7f0000000080)={&(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5}) socket$inet(0x2, 0x3, 0x7f) syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000be235808fd0b110904d300016296bd000905070200000000000cc12566d1d600bd5356aada982dfc28508c9a9e65c036c16fd9b25153564c8f880e44a0c621587902b01884479e58def41c60952c080046b83059ac892a058f54ed1247419cdbc56b658c52df2026b94df382b264171f1840030a1ab25327b4a2751e588404b59c47c6c14ee39146000000000000"], 0x0) [ 1503.256690][T14644] Bluetooth: hci0: Frame reassembly failed (-84) 15:27:15 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:15 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1503.464512][T12113] usb 2-1: new high-speed USB device number 95 using dummy_hcd 15:27:15 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1503.522626][T27852] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1503.530506][T28149] usb 6-1: new high-speed USB device number 91 using dummy_hcd 15:27:15 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:15 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1503.712219][T12113] usb 2-1: Using ep0 maxpacket: 16 [ 1503.773332][T28149] usb 6-1: Using ep0 maxpacket: 8 [ 1503.784226][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1503.790824][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1503.798557][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1503.807111][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1503.814651][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1503.821172][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1503.832431][T12113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1503.843694][T12113] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1503.853093][T28149] usb 6-1: too many configurations: 150, using maximum allowed: 8 [ 1503.856759][T12113] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 15:27:15 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1503.873918][T12113] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1503.884145][T12113] usb 2-1: config 0 descriptor?? [ 1503.956905][T27852] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1503.968043][T27852] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1504.022906][T28149] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1504.030701][T28149] usb 6-1: can't read configurations, error -61 15:27:16 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1504.155498][T27852] usb 4-1: New USB device found, idVendor=05ac, idProduct=020e, bcdDevice=46.f6 [ 1504.164714][T27852] usb 4-1: New USB device strings: Mfr=174, Product=248, SerialNumber=0 [ 1504.173593][T27852] usb 4-1: Product: syz [ 1504.177908][T27852] usb 4-1: Manufacturer: syz [ 1504.236449][T27852] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input81 [ 1504.262275][T28149] usb 6-1: new high-speed USB device number 92 using dummy_hcd [ 1504.512148][T28149] usb 6-1: Using ep0 maxpacket: 8 [ 1504.552293][T28149] usb 6-1: too many configurations: 150, using maximum allowed: 8 [ 1504.622318][T12113] usbhid 2-1:0.0: can't add hid device: -71 [ 1504.628647][T12113] usbhid: probe of 2-1:0.0 failed with error -71 [ 1504.649406][T12113] usb 2-1: USB disconnect, device number 95 [ 1504.682295][T28149] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1504.690306][T28149] usb 6-1: can't read configurations, error -61 [ 1504.712016][T28149] usb usb6-port1: attempt power cycle [ 1505.301925][T19754] Bluetooth: hci0: command 0x1003 tx timeout [ 1505.308574][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1505.352222][T12113] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 1505.431968][T28149] usb 6-1: new high-speed USB device number 93 using dummy_hcd [ 1505.601999][T12113] usb 2-1: Using ep0 maxpacket: 16 [ 1505.672082][T28149] usb 6-1: Using ep0 maxpacket: 8 [ 1505.713873][T28149] usb 6-1: too many configurations: 150, using maximum allowed: 8 [ 1505.733203][T12113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1505.744483][T12113] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 15:27:17 executing program 3: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000001900)={{0x12, 0x1, 0x0, 0x8e, 0x32, 0xf7, 0x20, 0xaf0, 0xd257, 0x4e87, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xf, 0x0, 0x0, 0xff, 0xa5, 0x2c}}]}}]}}, 0x0) keyctl$session_to_parent(0x12) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000540)={0x34, &(0x7f0000000180)=ANY=[@ANYBLOB="000011000000851049e21f09001367f2e157ed8c3a09"], 0x0, 0x0, 0x0, 0x0, 0x0}) [ 1505.757909][T12113] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1505.767124][T12113] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1505.776769][T12113] usb 2-1: config 0 descriptor?? [ 1505.803655][T27852] usb 4-1: USB disconnect, device number 33 [ 1505.865666][T28149] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1505.873621][T28149] usb 6-1: can't read configurations, error -61 [ 1505.903865][T27852] appletouch 4-1:1.0: input: appletouch disconnected [ 1506.042271][T28149] usb 6-1: new high-speed USB device number 94 using dummy_hcd [ 1506.263722][T12113] usbhid 2-1:0.0: can't add hid device: -71 [ 1506.270046][T12113] usbhid: probe of 2-1:0.0 failed with error -71 [ 1506.282473][T27852] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1506.292620][T12113] usb 2-1: USB disconnect, device number 96 [ 1506.552048][T27852] usb 4-1: Using ep0 maxpacket: 32 [ 1506.682318][T27852] usb 4-1: config 0 has an invalid interface number: 15 but max is 0 [ 1506.690520][T27852] usb 4-1: config 0 has no interface number 0 [ 1506.696941][T27852] usb 4-1: New USB device found, idVendor=0af0, idProduct=d257, bcdDevice=4e.87 [ 1506.706148][T27852] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1506.715344][T28149] usb 6-1: device not accepting address 94, error -71 [ 1506.723378][T27852] usb 4-1: config 0 descriptor?? [ 1506.728751][T28149] usb usb6-port1: unable to enumerate USB device [ 1506.974120][T27852] hso 4-1:0.15: Failed to find BULK IN ep [ 1507.174921][T27852] usb 4-1: USB disconnect, device number 34 [ 1507.382033][T12113] Bluetooth: hci0: command 0x1001 tx timeout [ 1507.388226][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1507.942154][T12113] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 1508.182122][T12113] usb 4-1: Using ep0 maxpacket: 32 [ 1508.302365][T12113] usb 4-1: config 0 has an invalid interface number: 15 but max is 0 [ 1508.310640][T12113] usb 4-1: config 0 has no interface number 0 [ 1508.316977][T12113] usb 4-1: New USB device found, idVendor=0af0, idProduct=d257, bcdDevice=4e.87 [ 1508.326452][T12113] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1508.336232][T12113] usb 4-1: config 0 descriptor?? [ 1508.593429][T12113] hso 4-1:0.15: Failed to find BULK IN ep [ 1508.795108][T12113] usb 4-1: USB disconnect, device number 35 [ 1509.302464][ C1] net_ratelimit: 20 callbacks suppressed [ 1509.302485][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1509.314413][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1509.320499][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1509.326728][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1509.462071][T27852] Bluetooth: hci0: command 0x1009 tx timeout [ 1510.022369][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1510.028614][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1510.034887][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1510.041994][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1510.048170][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1510.054200][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:27:25 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:25 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:27:25 executing program 4: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x0) 15:27:25 executing program 5: r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r1 = openat$cgroup_int(r0, &(0x7f0000000040)='memory.high\x00', 0x2, 0x0) writev(r1, &(0x7f0000000700)=[{&(0x7f0000000000)='g', 0x1}], 0x1) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ptmx\x00', 0x2, 0x0) ioctl$KDSIGACCEPT(r2, 0x4b4e, 0x27) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$P9_RFLUSH(r4, &(0x7f00000000c0)={0x7, 0x6d, 0x1}, 0x7) 15:27:25 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) r3 = semget$private(0x0, 0x207, 0x0) semop(r3, &(0x7f0000000100)=[{0x0, 0x6}], 0x1) semop(r3, &(0x7f0000000080)=[{}], 0x2) semctl$GETNCNT(r3, 0x0, 0xe, 0x0) semctl$IPC_RMID(r3, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$TIOCGRS485(r2, 0x542e, &(0x7f0000000040)) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:27:25 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r3) r4 = openat$ion(0xffffffffffffff9c, &(0x7f0000000080)='/dev/ion\x00', 0x40, 0x0) fcntl$dupfd(r3, 0x0, r4) r5 = syz_open_dev$evdev(&(0x7f0000000000)='/dev/input/event#\x00', 0x0, 0x0) ioctl$EVIOCREVOKE(r5, 0x40044591, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r6, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r6, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) write(r6, &(0x7f00000001c0)="ff2b853790a305bc527e76c94557ecba1580ee2fe8ebb77218c390ee3c923e453ca65979598512ea11e1cf09f12d5a2a12fcf4bbddb21c3720a70f36ca328cf64341878df87c4bc72fb41a52fda57609896806d2aa4717822a8c2004188fe175f42f55056ed6dc8f82c1d608fb03b9cd0cefe6ab39ddd00dd1abad69715982045d4f41c713e697a29af3d080188f24380693103771a84d147d1398c916252a4ef0009fc392304c2dde26c560cca09c41ff7651bb0e39e1d2454afb9f8425c5c0967508a8e13ab5a543a57b175ab1f3a4984cb9b4642788a1b1c1c3b8ba8428ece24a14475a420494bf87bc55137c39eee1449bf52fc2154e221eca", 0xfb) r7 = dup2(r5, r5) r8 = epoll_create1(0x0) personality(0x2000000) r9 = dup2(r2, r8) syz_kvm_setup_cpu$x86(r7, r9, &(0x7f0000001000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0xfffffedd) 15:27:25 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1513.560260][T14650] Bluetooth: hci0: Frame reassembly failed (-84) 15:27:25 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1513.704570][T12113] usb 2-1: new high-speed USB device number 97 using dummy_hcd 15:27:25 executing program 3: r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f0000000040)=0x2000000000000074, 0x4) bind$inet(r0, &(0x7f0000000280)={0x2, 0x4e21, @broadcast}, 0xfffffd29) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000480)={0x1, &(0x7f0000000400)=[{0x6, 0x0, 0x0, 0xe8}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='bbr\x00', 0x3) sendto$inet(r0, &(0x7f0000000bc0)="3232ce2774e7a3797748648df71c7b4542839e347be35844e42ad67454cd5e140e0ab73493d6b6921681e5536dbc0f309747cc199a7f9a20d01e04d55fb1c26504e3e4738aac76780b5c2363a6dc4d10fe9adc2b363abf6981a31f6a58ef2103e7a145b11649eac6d4cc29a315faf899c2e35d08b1974199c08bf4798207b78d8dd89e727382318265acc85a4444869dfc22ba7fd79b455635a715fa1e705070e2857ef21a3076cdfc2c29b26547360add94ef9c349ae62f54e7a90e1aae762a11b2cc6bd720034fac41f1de628e2a3166ec21e03c68a60708328e1606a83211bc78be79097861ce52747ac474593d76f9ec5cdd91725cb16e62b4bb027fbb96eab344de0401076c6345a7d32e9fe9ba1e68ac07081a7d1e0ed1eb9e96b41214af554f1831dfd8bd2b466789f4295317d17c138abe5fa9044a44792e9aecfb3f9130ff673786a8ef2b14c4999c29a5713c2fb5e35f2fae0d58b64355a697efd45e36528e57c68a62c6edc7879962e05419c7c5fa64ec92e670821df50d0f3a7312d2120f363954e72ba0322fc4318f819b1e2b1a17fb939a5db9c1a0a83b44abcffc3dd555d4dd30c0a4bd524c29d4d57bc906c012446c99a882162f3f72cce0702d7394288807fe2a308e01adc9bbf2a9cd78fabaa3c10640777e0813726a70df3323924035b235fd39ae4ab08d3f09bd231b38dca4389b098b0d3538dd3ef5bf068c1df8fbe00b0b2aa9ec3de5d3fba56594328a643c2799b8371adc6ecdfd9b9c4e52102eaa83b57da14645e442b4b7ad5f555d872dc50c330d145ca853b768b990dbaa18ab7f7e2e2d695e980f96d646e8c893ad912bc71237e9aa3ef2d8a40b5629ca02a82556bd433a7222dc3257fd6ace72b00b6f8c9d621c54f777ee5fd1fc59d11a7ea96855d58bb21d40d1bbdfecad8ed15a25062f7692e1879793657f91b6c78d739ef6811d677cf64b4346ac28740f143d5fd3e00e15416e2dbc76c17b1c09fd0b4065d2252b29370c8ec3", 0x2d1, 0x0, 0x0, 0x0) read(r0, &(0x7f0000000ac0)=""/245, 0x100000394) sendto$inet(r0, &(0x7f0000000180)="20268a927f1f6588b967481241ba7860f46ef65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95c25a3a07e758044ab4ea6f7ae55d88fecf9221a7511bf746bec66ba5c0fe3ac47b61db6b4c41bd1a5259e62506cda287b857aac", 0x8293, 0x4000002, 0x0, 0x27) 15:27:25 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:25 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:26 executing program 3: r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c000100766574680000000018000200fd00010000000000", @ANYRES32=0x0, @ANYBLOB="e6d2759622f87074763ef8c3c6b0915ec1d32cd4fd6367e4d59c98610ebbf4ba2eb2a35b08ff338832ca84b13a719c053724c5666747ea7723ef96ff4508ed4fcff49b3ce469c2a538e65fc994c45b"], 0x48}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x28, 0x10, 0x801, 0x0, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_PROTO_DOWN={0x8, 0xa, 0x10}]}, 0x28}}, 0x0) r4 = socket$inet6(0xa, 0x2, 0x0) dup3(r4, r2, 0x0) r5 = socket$netlink(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) sendmsg$nl_route(r8, &(0x7f0000000380)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0xa101d08feef829f2}, 0xc, &(0x7f0000000340)={&(0x7f0000000300)=@ipv4_getrule={0x20, 0x22, 0x400, 0x70bd29, 0x25dfdbfe, {0x2, 0x20, 0x0, 0x1, 0x3, 0x0, 0x0, 0x4}, [""]}, 0x20}, 0x1, 0x0, 0x0, 0x2004c040}, 0x80) sendmsg$NBD_CMD_DISCONNECT(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r6, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="280000001000010800"/20, @ANYRES32=r9, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\b\b\x00\n\x00\x00\x00Be'], 0x28}}, 0x0) [ 1513.962152][T12113] usb 2-1: Using ep0 maxpacket: 16 15:27:26 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1514.028067][T28557] netlink: 20 bytes leftover after parsing attributes in process `syz-executor.3'. [ 1514.058279][T28557] team0: Port device veth3 added [ 1514.104391][T12113] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1514.115508][T12113] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1514.129053][T12113] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1514.138269][T12113] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1514.154811][T12113] usb 2-1: config 0 descriptor?? [ 1514.196237][T28557] team0: Port device veth3 removed 15:27:26 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1514.962311][T12113] usbhid 2-1:0.0: can't add hid device: -71 [ 1514.968545][T12113] usbhid: probe of 2-1:0.0 failed with error -71 [ 1514.983186][T12113] usb 2-1: USB disconnect, device number 97 [ 1515.552473][ C1] net_ratelimit: 20 callbacks suppressed [ 1515.552493][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1515.564556][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1515.571960][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1515.578099][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1515.622496][T12113] Bluetooth: hci0: command 0x1003 tx timeout [ 1515.628765][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1515.672107][T27852] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 1515.912039][T27852] usb 2-1: Using ep0 maxpacket: 16 [ 1516.032150][T27852] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1516.043350][T27852] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1516.056385][T27852] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1516.065567][T27852] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1516.075437][T27852] usb 2-1: config 0 descriptor?? [ 1516.272302][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1516.278458][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1516.285003][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1516.291153][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1516.297611][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1516.303935][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1516.522312][T27852] usbhid 2-1:0.0: can't add hid device: -71 [ 1516.528553][T27852] usbhid: probe of 2-1:0.0 failed with error -71 [ 1516.538430][T27852] usb 2-1: USB disconnect, device number 98 [ 1517.702019][T27852] Bluetooth: hci0: command 0x1001 tx timeout [ 1517.708239][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1519.782441][T12113] Bluetooth: hci0: command 0x1009 tx timeout [ 1521.782218][ C1] net_ratelimit: 20 callbacks suppressed [ 1521.788018][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1521.794098][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1521.800188][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1521.806146][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1522.502298][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1522.508340][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1522.514772][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1522.520754][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1522.527232][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1522.534208][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:27:35 executing program 3: syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000380)=ANY=[@ANYBLOB="12010000000000206b1d010140000102030109029a000301330000000904000000010100000a24010000000201020924030000000000000924030000000000000d240700000000188628ae4b1d0b38070000000540e513e1092403000000000600082405060200001003020100000102000009040101010200000905010000020007250100000000090402000001020000090402010101020000090582090000000000072501000000008e658d422bf9bf16c24e6eccac510e529232f9aa45ad0f384529f9e5dc8d765a83b914f258b8fa350ad34be533f9e14f225f6da67b1918fcaf11d377a4db3821f997520f4fc73eb4358dfcc0b7abd4bf758fb6ed893baf0a0b67d690845b6eb1e254d46a18d335f5f990b9503298b52d3069dcc20af5154d31eacf86e6da213517696601bda4a7c6d4a9b729aa4cf987e1ba00000000000000000000000000d72edd7aa264176fa0861f44fc8b643720abf57999d939f16960cc1cabe250ad379762f75cae3c25c2b5f7e3fc56bb3004cafda631bf2355d7479f97e82cabf2f2e12d8e5e118b6f7e0455db367ac092cfe52f52de57a4db0398fba992a5eafc03302551664fed965608b4ed4d1efb1417aa6c0d0bb4db41995cddd3533dc1"], 0x0) r0 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x2000, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x100000000011, 0x2, 0x0) bind(r2, &(0x7f0000000140)=@generic={0x11, "0000010000000000080044944eeba71a4976e252922cb18f6e2e2aba000000012e0b3836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e15775027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r2, &(0x7f0000000040)={0x11, 0x0, 0x0}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0xe3b, 0x0, 0x0, {}, [@IFLA_MASTER={0x8, 0xa, 0x6}, @IFLA_LINKINFO={0x1c, 0x12, @gretap={{0xc, 0x1, 'gretap\x00'}, {0xc, 0x2, [@gre_common_policy=[@IFLA_GRE_LINK={0x8, 0x1, r3}]]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4004008}, 0x28804) bind$packet(r0, &(0x7f0000000040)={0x11, 0xf8, r3, 0x1, 0x3, 0x6, @dev={[], 0x20}}, 0x14) 15:27:35 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:35 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:27:35 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010a40503804000000000010902240001000000000904cfebba4601000009210000000122ab00090581030000000000"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:27:35 executing program 5: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:27:35 executing program 0: openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r0, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:35 executing program 4 (fault-call:5 fault-nth:0): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1523.833544][T28589] FAULT_INJECTION: forcing a failure. [ 1523.833544][T28589] name failslab, interval 1, probability 0, space 0, times 0 [ 1523.846831][T28589] CPU: 0 PID: 28589 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1523.854769][T28589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1523.864972][T28589] Call Trace: [ 1523.868340][T28589] dump_stack+0x191/0x1f0 [ 1523.872749][T28589] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1523.878726][T28589] should_fail+0xa3f/0xa50 [ 1523.883234][T28589] __should_failslab+0x264/0x280 [ 1523.888685][T28589] should_failslab+0x29/0x70 [ 1523.894299][T28589] kmem_cache_alloc_trace+0xf7/0xd20 [ 1523.899656][T28589] ? hci_alloc_dev+0x6d/0x23b0 [ 1523.904611][T28589] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1523.910581][T28589] hci_alloc_dev+0x6d/0x23b0 [ 1523.915237][T28589] hci_uart_tty_ioctl+0x5b6/0x1140 [ 1523.920434][T28589] ? hci_uart_tty_write+0x30/0x30 [ 1523.925526][T28589] tty_ioctl+0x23e2/0x3100 [ 1523.930070][T28589] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1523.936041][T28589] ? tty_do_resize+0x230/0x230 [ 1523.941439][T28589] do_vfs_ioctl+0xea8/0x2c50 [ 1523.946457][T28589] ? security_file_ioctl+0x1bd/0x200 [ 1523.951804][T28589] __se_sys_ioctl+0x1da/0x270 [ 1523.956533][T28589] __x64_sys_ioctl+0x4a/0x70 [ 1523.961158][T28589] do_syscall_64+0xb6/0x160 [ 1523.965691][T28589] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1523.972033][T28589] RIP: 0033:0x459f39 [ 1523.975954][T28589] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1523.995580][T28589] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1524.004123][T28589] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1524.012111][T28589] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1524.020107][T28589] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 15:27:35 executing program 0: openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r0, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1524.028108][T28589] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1524.036102][T28589] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1524.044778][T28589] Bluetooth: Can't allocate HCI device 15:27:36 executing program 4 (fault-call:5 fault-nth:1): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:27:36 executing program 0: openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r0, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1524.124068][T12113] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 1524.202108][T19754] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 1524.226587][T28600] FAULT_INJECTION: forcing a failure. [ 1524.226587][T28600] name failslab, interval 1, probability 0, space 0, times 0 [ 1524.239596][T28600] CPU: 0 PID: 28600 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1524.247544][T28600] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1524.259318][T28600] Call Trace: [ 1524.262685][T28600] dump_stack+0x191/0x1f0 [ 1524.267104][T28600] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1524.273079][T28600] should_fail+0xa3f/0xa50 [ 1524.277582][T28600] __should_failslab+0x264/0x280 [ 1524.282593][T28600] should_failslab+0x29/0x70 [ 1524.287244][T28600] kmem_cache_alloc_trace+0xf7/0xd20 [ 1524.292599][T28600] ? bcsp_open+0x81/0x5d0 [ 1524.297108][T28600] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 1524.303346][T28600] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1524.309309][T28600] bcsp_open+0x81/0x5d0 [ 1524.313535][T28600] ? h4_dequeue+0x80/0x80 [ 1524.317928][T28600] hci_uart_tty_ioctl+0xd59/0x1140 [ 1524.323118][T28600] ? hci_uart_tty_write+0x30/0x30 [ 1524.328735][T28600] tty_ioctl+0x23e2/0x3100 [ 1524.333253][T28600] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1524.339214][T28600] ? tty_do_resize+0x230/0x230 [ 1524.344050][T28600] do_vfs_ioctl+0xea8/0x2c50 [ 1524.348720][T28600] ? security_file_ioctl+0x1bd/0x200 [ 1524.354085][T28600] __se_sys_ioctl+0x1da/0x270 [ 1524.358853][T28600] __x64_sys_ioctl+0x4a/0x70 [ 1524.363488][T28600] do_syscall_64+0xb6/0x160 [ 1524.368024][T28600] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1524.373933][T28600] RIP: 0033:0x459f39 [ 1524.377866][T28600] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 15:27:36 executing program 0: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r0, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1524.397582][T28600] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1524.406029][T28600] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1524.414018][T28600] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1524.422016][T28600] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1524.430005][T28600] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1524.437995][T28600] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 15:27:36 executing program 4 (fault-call:5 fault-nth:2): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1524.572228][T12113] usb 4-1: Using ep0 maxpacket: 32 [ 1524.612488][T28608] FAULT_INJECTION: forcing a failure. [ 1524.612488][T28608] name failslab, interval 1, probability 0, space 0, times 0 [ 1524.625424][T28608] CPU: 0 PID: 28608 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1524.633351][T28608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1524.643427][T28608] Call Trace: [ 1524.646752][T28608] dump_stack+0x191/0x1f0 [ 1524.651118][T28608] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1524.657065][T28608] should_fail+0xa3f/0xa50 [ 1524.661596][T28608] __should_failslab+0x264/0x280 [ 1524.666589][T28608] should_failslab+0x29/0x70 [ 1524.671210][T28608] __kmalloc+0xae/0x430 [ 1524.675402][T28608] ? __msan_poison_alloca+0x158/0x1a0 [ 1524.680807][T28608] ? kzalloc+0x53/0xb0 [ 1524.684907][T28608] kzalloc+0x53/0xb0 [ 1524.688831][T28608] alloc_workqueue+0x2bf/0x2340 [ 1524.693778][T28608] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1524.699811][T28608] hci_register_dev+0x34a/0xfd0 [ 1524.705070][T28608] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1524.711008][T28608] hci_uart_tty_ioctl+0xe61/0x1140 [ 1524.716158][T28608] ? hci_uart_tty_write+0x30/0x30 [ 1524.721208][T28608] tty_ioctl+0x23e2/0x3100 [ 1524.725674][T28608] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1524.731604][T28608] ? tty_do_resize+0x230/0x230 [ 1524.736396][T28608] do_vfs_ioctl+0xea8/0x2c50 [ 1524.741036][T28608] ? security_file_ioctl+0x1bd/0x200 [ 1524.746367][T28608] __se_sys_ioctl+0x1da/0x270 [ 1524.751089][T28608] __x64_sys_ioctl+0x4a/0x70 [ 1524.756049][T28608] do_syscall_64+0xb6/0x160 [ 1524.760580][T28608] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1524.766486][T28608] RIP: 0033:0x459f39 [ 1524.770408][T28608] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1524.790030][T28608] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1524.798471][T28608] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1524.806455][T28608] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1524.814439][T28608] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1524.822455][T28608] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1524.830441][T28608] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1524.839941][T28608] Bluetooth: Can't register HCI device [ 1524.862189][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1524.902840][T12113] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1524.913175][T12113] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 3 [ 1524.982638][T19754] usb 2-1: config 0 has an invalid interface number: 207 but max is 0 [ 1524.991008][T19754] usb 2-1: config 0 has no interface number 0 [ 1524.997324][T19754] usb 2-1: too many endpoints for config 0 interface 207 altsetting 235: 186, using maximum allowed: 30 [ 1525.009405][T19754] usb 2-1: config 0 interface 207 altsetting 235 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1525.021107][T19754] usb 2-1: config 0 interface 207 altsetting 235 has 1 endpoint descriptor, different from the interface descriptor's value: 186 [ 1525.034787][T19754] usb 2-1: config 0 interface 207 has no altsetting 0 [ 1525.042118][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1525.051406][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1525.061102][T19754] usb 2-1: config 0 descriptor?? [ 1525.132355][T12113] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1525.142230][T12113] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1525.150669][T12113] usb 4-1: Product: syz [ 1525.155388][T12113] usb 4-1: Manufacturer: syz [ 1525.160040][T12113] usb 4-1: SerialNumber: syz [ 1525.487656][T12113] usb 4-1: USB disconnect, device number 36 [ 1526.262025][T12113] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 1526.521993][T12113] usb 4-1: Using ep0 maxpacket: 32 [ 1526.662305][T12113] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1526.672714][T12113] usb 4-1: config 1 has 0 interfaces, different from the descriptor's value: 3 [ 1526.728146][T27852] usb 2-1: USB disconnect, device number 99 [ 1526.842639][T12113] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1526.851801][T12113] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1526.860433][T12113] usb 4-1: Product: syz [ 1526.864849][T12113] usb 4-1: Manufacturer: syz [ 1526.869602][T12113] usb 4-1: SerialNumber: syz 15:27:39 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:27:39 executing program 0: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r0, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:39 executing program 4 (fault-call:5 fault-nth:3): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:27:39 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000040)='/dev/qat_adf_ctl\x00', 0x0, 0x0) ioctl$sock_bt_hidp_HIDPGETCONNLIST(r1, 0x800448d2, &(0x7f0000000240)={0x3, &(0x7f0000000080)=[{}, {}, {}]}) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) [ 1527.082512][T12113] usb 4-1: USB disconnect, device number 37 [ 1527.135771][T28620] FAULT_INJECTION: forcing a failure. [ 1527.135771][T28620] name failslab, interval 1, probability 0, space 0, times 0 [ 1527.150294][T28620] CPU: 1 PID: 28620 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1527.158239][T28620] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1527.168341][T28620] Call Trace: [ 1527.171704][T28620] dump_stack+0x191/0x1f0 [ 1527.176114][T28620] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1527.182091][T28620] should_fail+0xa3f/0xa50 [ 1527.186604][T28620] __should_failslab+0x264/0x280 [ 1527.191617][T28620] should_failslab+0x29/0x70 [ 1527.196263][T28620] kmem_cache_alloc_trace+0xf7/0xd20 [ 1527.201579][T28620] ? kasan_kmalloc+0xd/0x30 [ 1527.206115][T28620] ? alloc_workqueue+0x35d/0x2340 [ 1527.211158][T28620] ? __kmalloc+0x115/0x430 [ 1527.215735][T28620] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1527.221679][T28620] alloc_workqueue+0x35d/0x2340 [ 1527.226614][T28620] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1527.232582][T28620] hci_register_dev+0x34a/0xfd0 [ 1527.237655][T28620] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1527.243585][T28620] hci_uart_tty_ioctl+0xe61/0x1140 [ 1527.248731][T28620] ? hci_uart_tty_write+0x30/0x30 [ 1527.253795][T28620] tty_ioctl+0x23e2/0x3100 [ 1527.258874][T28620] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1527.264795][T28620] ? tty_do_resize+0x230/0x230 [ 1527.269587][T28620] do_vfs_ioctl+0xea8/0x2c50 [ 1527.274216][T28620] ? security_file_ioctl+0x1bd/0x200 [ 1527.279541][T28620] __se_sys_ioctl+0x1da/0x270 [ 1527.284257][T28620] __x64_sys_ioctl+0x4a/0x70 [ 1527.288870][T28620] do_syscall_64+0xb6/0x160 [ 1527.293438][T28620] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1527.299377][T28620] RIP: 0033:0x459f39 [ 1527.303318][T28620] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1527.322948][T28620] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1527.331390][T28620] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1527.339395][T28620] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1527.347382][T28620] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1527.355375][T28620] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1527.363544][T28620] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1527.372556][T28620] Bluetooth: Can't register HCI device [ 1527.532198][T19754] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 1527.772438][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1527.902466][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1527.913615][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1527.927305][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1527.936590][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1527.946787][T19754] usb 2-1: config 0 descriptor?? [ 1528.182261][ C1] net_ratelimit: 20 callbacks suppressed [ 1528.182275][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1528.194189][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1528.200386][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1528.206542][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1528.413405][T28622] QAT: Invalid ioctl [ 1528.672437][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1528.678552][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1528.687569][T19754] usb 2-1: USB disconnect, device number 100 [ 1528.743279][ C1] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1528.744799][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1528.757475][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1528.763773][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1528.769943][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1528.776327][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1528.782599][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1529.402068][T27852] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 1529.652062][T27852] usb 2-1: Using ep0 maxpacket: 16 [ 1529.792244][T27852] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1529.803353][T27852] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1529.816438][T27852] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1529.825572][T27852] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1529.835116][T27852] usb 2-1: config 0 descriptor?? [ 1530.077039][T28631] QAT: Invalid ioctl [ 1530.202294][T27852] usbhid 2-1:0.0: can't add hid device: -71 [ 1530.208738][T27852] usbhid: probe of 2-1:0.0 failed with error -71 [ 1530.217947][T27852] usb 2-1: USB disconnect, device number 101 15:27:44 executing program 5: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:27:44 executing program 3: r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000080)='/dev/snapshot\x00', 0x0, 0x0) pipe(&(0x7f00000000c0)={0xffffffffffffffff}) perf_event_open(0x0, 0x0, 0x0, r0, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xfffffdffffffffff, 0xffffffffffffffff, 0x0) openat$ptmx(0xffffffffffffff9c, 0x0, 0x9fc, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x2400, 0x1) r2 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r2, 0x10d, 0x8d, 0x0, &(0x7f0000000000)) ioctl$sock_inet_SIOCRTMSG(r2, 0x890d, &(0x7f00000004c0)={0x0, {0x2, 0x4e27, @broadcast}, {0x2, 0x4e23, @multicast2}, {0x2, 0x4e22, @local}, 0x100, 0x0, 0x0, 0x0, 0x7, &(0x7f0000000480)='veth0_to_bond\x00', 0x10000, 0x6, 0x4}) write$UHID_DESTROY(0xffffffffffffffff, &(0x7f0000000d80), 0x4) unshare(0x40000000) r3 = add_key$user(&(0x7f0000000180)='user\x00', &(0x7f0000000000)={'syz'}, &(0x7f0000000240)='X', 0x1, 0xfffffffffffffffe) r4 = add_key$user(&(0x7f0000000200)='user\x00', &(0x7f00000005c0)={'syz'}, &(0x7f00000000c0), 0x390, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000140)={r3, r4, r4}, 0x0, 0x95, &(0x7f00000001c0)={&(0x7f0000000100)={'xcbc(anubis-generic)\x00'}, 0x0, 0x70}) keyctl$setperm(0x5, r3, 0x20004200) r5 = syz_open_procfs(0x0, &(0x7f0000000340)='task\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r6) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f00000002c0)={0x0}, &(0x7f0000000540)=0xc) r8 = syz_open_procfs(0x0, 0x0) exit_group(0x3) mkdirat$cgroup(r8, &(0x7f0000000040)='0-\x00', 0x1ff) sendto$inet(r1, &(0x7f0000000380)="b4bbf8acf9b11c70140a6c2e98fa2dfdf476c40ed6ad4f9112cca9e080915a6c509656a1dfe57face2e8836d5a23cb5c358e18e28fdb4a60fc31cb3653f463d614d69d7834f2df9c4452cb8f7ea5032952b1c72a096594762966b9058f8aac88bae722f324db9c62e428b74ca1dd4ccc1980cee3fccc0ba1d51ce8625455a1a90683832bf1369ba22f71e116297176bd9fee56bd98fdc82edb42672a286ccd9ceb2c1d1c14ef1553b0f34cb965c501e9f87680c1e99db7d4d350aa86", 0xbc, 0x40000, &(0x7f0000000580)={0x2, 0x4e20, @broadcast}, 0x10) perf_event_open(&(0x7f0000000240)={0x2, 0x70, 0x6, 0xfb, 0x20, 0xe, 0x0, 0x0, 0x2000, 0x7, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x1, 0x0, 0x1, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x4, @perf_config_ext={0x3e0000000000000, 0xffff}, 0x100, 0x1, 0x7, 0x9, 0xfffffffffffffe00, 0xfffff001, 0x7}, r7, 0x9, r8, 0x0) mkdirat$cgroup(r5, &(0x7f0000000040)='0-\x00', 0x1ff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = dup(r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) fcntl$getownex(r10, 0x10, &(0x7f0000000300)={0x0, 0x0}) r12 = syz_open_procfs(r11, &(0x7f0000000140)='aptr/prev\x00') write$RDMA_USER_CM_CMD_DESTROY_ID(r12, &(0x7f00000001c0)={0x1, 0x10, 0xfa00, {&(0x7f0000000180)}}, 0x18) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r14 = dup(r13) ioctl$PERF_EVENT_IOC_ENABLE(r14, 0x8912, 0x400200) ioctl$KVM_PPC_GET_SMMU_INFO(r14, 0x8250aea6, &(0x7f0000000600)=""/141) ioctl$PIO_CMAP(r5, 0x4b71, &(0x7f0000000000)={0x8, 0x10000, 0x1, 0x885, 0xfdc, 0x3f}) 15:27:44 executing program 0: mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r0, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:44 executing program 4 (fault-call:5 fault-nth:4): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:27:44 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:27:44 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000c0c000010a4050380400000e0e2cc42022400040000000009040000090301000009210000000122ab000905810300000000006adde68e0f5720d483db640d32acc9bcac1fbcd50580498cf091f957b9db0e13ed1850dc71c519a8cd7ae279db2d4a14da653e42330c01ab3b9f55c9a68d822e55dc912debd904c9ee5c43f4f151f55b1752b712c80d6090043ac3bf10c7a762308bb780999892a69cca8f1144b7eea09b0c74d52d01c519ced3a82fd6eb6e0b7f9517b1f8758b6abd885183b31a4207202de6fbe13ca9050045ad33a6f33825b11ddee374e77f07f57b0bb1abaf2e5197740e05363ea7589034b53e5c633069b85e49d89b7b43f9"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) [ 1532.984677][T28643] FAULT_INJECTION: forcing a failure. [ 1532.984677][T28643] name failslab, interval 1, probability 0, space 0, times 0 [ 1532.997528][T28643] CPU: 0 PID: 28643 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1533.005473][T28643] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1533.015918][T28643] Call Trace: [ 1533.019272][T28643] dump_stack+0x191/0x1f0 [ 1533.023672][T28643] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1533.029656][T28643] should_fail+0xa3f/0xa50 [ 1533.034170][T28643] __should_failslab+0x264/0x280 [ 1533.034511][T28639] IPVS: ftp: loaded support on port[0] = 21 [ 1533.039167][T28643] should_failslab+0x29/0x70 [ 1533.039222][T28643] __kmalloc+0xae/0x430 [ 1533.054262][T28643] ? kzalloc+0x53/0xb0 [ 1533.058400][T28643] kzalloc+0x53/0xb0 [ 1533.062378][T28643] apply_wqattrs_prepare+0x97/0x1440 [ 1533.067858][T28643] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1533.073846][T28643] apply_workqueue_attrs_locked+0x1c0/0xba0 [ 1533.079907][T28643] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 1533.086180][T28643] alloc_workqueue+0x1afa/0x2340 [ 1533.091250][T28643] hci_register_dev+0x34a/0xfd0 [ 1533.096226][T28643] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1533.102211][T28643] hci_uart_tty_ioctl+0xe61/0x1140 [ 1533.107514][T28643] ? hci_uart_tty_write+0x30/0x30 [ 1533.112757][T28643] tty_ioctl+0x23e2/0x3100 [ 1533.117380][T28643] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1533.123446][T28643] ? tty_do_resize+0x230/0x230 [ 1533.128310][T28643] do_vfs_ioctl+0xea8/0x2c50 [ 1533.133085][T28643] ? security_file_ioctl+0x1bd/0x200 [ 1533.138469][T28643] __se_sys_ioctl+0x1da/0x270 [ 1533.143221][T28643] __x64_sys_ioctl+0x4a/0x70 [ 1533.147878][T28643] do_syscall_64+0xb6/0x160 [ 1533.152451][T28643] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1533.158384][T28643] RIP: 0033:0x459f39 [ 1533.162326][T28643] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1533.182525][T28643] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1533.191213][T28643] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1533.199413][T28643] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1533.207627][T28643] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1533.215677][T28643] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1533.223715][T28643] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1533.232793][T28643] Bluetooth: Can't register HCI device 15:27:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1533.303435][T19754] usb 2-1: new high-speed USB device number 102 using dummy_hcd 15:27:45 executing program 4 (fault-call:5 fault-nth:5): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:27:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1533.810004][T28655] FAULT_INJECTION: forcing a failure. [ 1533.810004][T28655] name failslab, interval 1, probability 0, space 0, times 0 [ 1533.823546][T28655] CPU: 0 PID: 28655 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1533.831484][T28655] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1533.841582][T28655] Call Trace: [ 1533.844941][T28655] dump_stack+0x191/0x1f0 [ 1533.849337][T28655] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1533.855572][T28655] should_fail+0xa3f/0xa50 [ 1533.860108][T28655] __should_failslab+0x264/0x280 [ 1533.865116][T28655] should_failslab+0x29/0x70 [ 1533.869771][T28655] kmem_cache_alloc_trace+0xf7/0xd20 [ 1533.875204][T28655] ? kasan_kmalloc+0xd/0x30 [ 1533.879775][T28655] ? apply_wqattrs_prepare+0xfb/0x1440 [ 1533.885286][T28655] ? __kmalloc+0x115/0x430 [ 1533.889782][T28655] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1533.895757][T28655] apply_wqattrs_prepare+0xfb/0x1440 [ 1533.901156][T28655] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1533.907137][T28655] apply_workqueue_attrs_locked+0x1c0/0xba0 [ 1533.913089][T28655] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 1533.919200][T28655] alloc_workqueue+0x1afa/0x2340 [ 1533.924213][T28655] hci_register_dev+0x34a/0xfd0 [ 1533.929100][T28655] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1533.935028][T28655] hci_uart_tty_ioctl+0xe61/0x1140 [ 1533.940433][T28655] ? hci_uart_tty_write+0x30/0x30 [ 1533.945498][T28655] tty_ioctl+0x23e2/0x3100 [ 1533.949972][T28655] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1533.955892][T28655] ? tty_do_resize+0x230/0x230 [ 1533.960686][T28655] do_vfs_ioctl+0xea8/0x2c50 [ 1533.965314][T28655] ? security_file_ioctl+0x1bd/0x200 [ 1533.970633][T28655] __se_sys_ioctl+0x1da/0x270 [ 1533.975348][T28655] __x64_sys_ioctl+0x4a/0x70 [ 1533.979964][T28655] do_syscall_64+0xb6/0x160 [ 1533.984499][T28655] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1533.991151][T28655] RIP: 0033:0x459f39 [ 1533.995085][T28655] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1534.014719][T28655] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1534.023163][T28655] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1534.031152][T28655] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1534.039225][T28655] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1534.047250][T28655] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 15:27:46 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1534.055240][T28655] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1534.063649][T28655] Bluetooth: Can't register HCI device 15:27:46 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:46 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1534.262108][T19754] usb 2-1: device descriptor read/64, error 18 [ 1534.423759][ C1] net_ratelimit: 20 callbacks suppressed [ 1534.423923][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1534.437856][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1534.448871][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1534.456298][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1534.702239][T19754] usb 2-1: device descriptor read/64, error 18 [ 1534.972115][T19754] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 1534.982489][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1534.988599][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1534.994789][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1535.000905][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1535.007178][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1535.013293][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1535.242117][T19754] usb 2-1: device descriptor read/64, error 18 [ 1535.632030][T19754] usb 2-1: device descriptor read/64, error 18 [ 1535.752275][T19754] usb usb2-port1: attempt power cycle 15:27:52 executing program 5: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:27:52 executing program 3: 15:27:52 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:27:52 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:27:52 executing program 4 (fault-call:5 fault-nth:6): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:27:52 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1a34, 0x802, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f00000002c0)={0x2f9, &(0x7f00000000c0)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r1, &(0x7f0000000280)={0x2c, &(0x7f0000000200)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) truncate(&(0x7f0000000040)='./file0\x00', 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$UHID_CREATE(r3, &(0x7f00000000c0)={0x0, 'syz1\x00', 'syz1\x00', 'syz0\x00', &(0x7f0000000080)=""/55, 0x37, 0x70f8, 0x400, 0x2, 0x0, 0x20}, 0x120) [ 1540.478093][T28679] FAULT_INJECTION: forcing a failure. [ 1540.478093][T28679] name failslab, interval 1, probability 0, space 0, times 0 [ 1540.491397][T28679] CPU: 1 PID: 28679 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1540.499350][T28679] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1540.511184][T28679] Call Trace: [ 1540.514553][T28679] dump_stack+0x191/0x1f0 [ 1540.518963][T28679] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1540.524920][T28679] should_fail+0xa3f/0xa50 [ 1540.529411][T28679] __should_failslab+0x264/0x280 [ 1540.534393][T28679] should_failslab+0x29/0x70 [ 1540.539026][T28679] kmem_cache_alloc_trace+0xf7/0xd20 [ 1540.544361][T28679] ? apply_wqattrs_prepare+0x22c/0x1440 [ 1540.549965][T28679] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1540.555905][T28679] apply_wqattrs_prepare+0x22c/0x1440 [ 1540.561341][T28679] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1540.567281][T28679] apply_workqueue_attrs_locked+0x1c0/0xba0 [ 1540.573214][T28679] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 1540.579326][T28679] alloc_workqueue+0x1afa/0x2340 [ 1540.584427][T28679] hci_register_dev+0x34a/0xfd0 [ 1540.589752][T28679] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1540.595686][T28679] hci_uart_tty_ioctl+0xe61/0x1140 [ 1540.601709][T28679] ? hci_uart_tty_write+0x30/0x30 [ 1540.606774][T28679] tty_ioctl+0x23e2/0x3100 [ 1540.611256][T28679] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1540.617177][T28679] ? tty_do_resize+0x230/0x230 [ 1540.621983][T28679] do_vfs_ioctl+0xea8/0x2c50 [ 1540.626616][T28679] ? security_file_ioctl+0x1bd/0x200 [ 1540.631943][T28679] __se_sys_ioctl+0x1da/0x270 [ 1540.636660][T28679] __x64_sys_ioctl+0x4a/0x70 [ 1540.641279][T28679] do_syscall_64+0xb6/0x160 [ 1540.645840][T28679] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1540.651776][T28679] RIP: 0033:0x459f39 [ 1540.655706][T28679] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1540.675334][T28679] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1540.683794][T28679] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1540.691812][T28679] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1540.699813][T28679] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1540.707819][T28679] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1540.715811][T28679] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 15:27:52 executing program 3: [ 1540.724888][ C1] net_ratelimit: 20 callbacks suppressed [ 1540.724909][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1540.737069][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1540.743739][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1540.750069][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1540.756437][T28679] Bluetooth: Can't register HCI device 15:27:52 executing program 4 (fault-call:5 fault-nth:7): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:27:52 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1540.908596][T28692] FAULT_INJECTION: forcing a failure. [ 1540.908596][T28692] name failslab, interval 1, probability 0, space 0, times 0 [ 1540.921390][T28692] CPU: 0 PID: 28692 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1540.922054][T19754] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 1540.929340][T28692] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1540.929359][T28692] Call Trace: [ 1540.929415][T28692] dump_stack+0x191/0x1f0 [ 1540.929494][T28692] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1540.961353][T28692] should_fail+0xa3f/0xa50 [ 1540.965879][T28692] __should_failslab+0x264/0x280 [ 1540.970911][T28692] should_failslab+0x29/0x70 [ 1540.975764][T28692] kmem_cache_alloc_node+0x103/0xe70 [ 1540.981152][T28692] ? kmsan_get_metadata+0x39/0x350 [ 1540.986348][T28692] ? alloc_unbound_pwq+0xf22/0x1730 [ 1540.991656][T28692] alloc_unbound_pwq+0xf22/0x1730 [ 1540.996803][T28692] apply_wqattrs_prepare+0x60d/0x1440 [ 1541.002297][T28692] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1541.008292][T28692] apply_workqueue_attrs_locked+0x1c0/0xba0 [ 1541.014279][T28692] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 1541.020465][T28692] alloc_workqueue+0x1afa/0x2340 [ 1541.025551][T28692] hci_register_dev+0x34a/0xfd0 [ 1541.030503][T28692] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1541.036498][T28692] hci_uart_tty_ioctl+0xe61/0x1140 [ 1541.041699][T28692] ? hci_uart_tty_write+0x30/0x30 [ 1541.046804][T28692] tty_ioctl+0x23e2/0x3100 [ 1541.051335][T28692] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1541.057318][T28692] ? tty_do_resize+0x230/0x230 [ 1541.062287][T28692] do_vfs_ioctl+0xea8/0x2c50 [ 1541.066988][T28692] ? security_file_ioctl+0x1bd/0x200 [ 1541.072371][T28692] __se_sys_ioctl+0x1da/0x270 [ 1541.077144][T28692] __x64_sys_ioctl+0x4a/0x70 [ 1541.081811][T28692] do_syscall_64+0xb6/0x160 [ 1541.086394][T28692] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1541.092347][T28692] RIP: 0033:0x459f39 [ 1541.096313][T28692] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1541.116057][T28692] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1541.124528][T28692] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1541.132523][T28692] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1541.140523][T28692] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1541.148515][T28692] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 15:27:53 executing program 0: openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r0, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1541.156507][T28692] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1541.165209][T28692] Bluetooth: Can't register HCI device 15:27:53 executing program 3: [ 1541.212308][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1541.222256][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1541.229433][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1541.235831][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1541.242083][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1541.248446][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1541.255147][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:27:53 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1541.332659][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1541.343808][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1541.356833][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1541.366040][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1541.414113][T19754] usb 2-1: config 0 descriptor?? [ 1541.942201][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1541.948500][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1541.957861][T19754] usb 2-1: USB disconnect, device number 105 [ 1542.642185][T19754] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 1542.882103][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1543.012471][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1543.023596][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1543.036735][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1543.045905][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1543.056454][T19754] usb 2-1: config 0 descriptor?? [ 1543.412499][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1543.418651][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1543.427760][T19754] usb 2-1: USB disconnect, device number 106 [ 1546.992535][ C1] net_ratelimit: 20 callbacks suppressed [ 1546.992558][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1547.004430][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1547.010571][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1547.018710][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1547.462272][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1547.468321][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1547.474724][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1547.480729][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1547.487143][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1547.493161][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:28:02 executing program 5: 15:28:02 executing program 3: 15:28:02 executing program 0: openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r0, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:02 executing program 4 (fault-call:5 fault-nth:8): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:28:02 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) getsockopt(r4, 0x44c, 0x3ff, &(0x7f0000000180)=""/179, &(0x7f0000000240)=0xb3) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:28:02 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="865e3ceaa41e10dd4c99fd84dd36c3097d6ef5566a8d7792"], 0x0, 0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$IMCTRLREQ(r2, 0x80044945, &(0x7f0000000040)={0x2001, 0x80000000, 0x8, 0x800}) [ 1550.194636][T28724] FAULT_INJECTION: forcing a failure. [ 1550.194636][T28724] name failslab, interval 1, probability 0, space 0, times 0 [ 1550.207455][T28724] CPU: 0 PID: 28724 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1550.215532][T28724] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1550.225635][T28724] Call Trace: [ 1550.228997][T28724] dump_stack+0x191/0x1f0 [ 1550.233400][T28724] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1550.239366][T28724] should_fail+0xa3f/0xa50 [ 1550.243863][T28724] __should_failslab+0x264/0x280 [ 1550.248875][T28724] should_failslab+0x29/0x70 [ 1550.253516][T28724] __kmalloc+0xae/0x430 [ 1550.257729][T28724] ? __msan_poison_alloca+0x158/0x1a0 [ 1550.263129][T28724] ? kzalloc+0x53/0xb0 [ 1550.267226][T28724] kzalloc+0x53/0xb0 [ 1550.271150][T28724] alloc_workqueue+0x2bf/0x2340 [ 1550.276074][T28724] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1550.282007][T28724] hci_register_dev+0x415/0xfd0 [ 1550.286900][T28724] hci_uart_tty_ioctl+0xe61/0x1140 [ 1550.292046][T28724] ? hci_uart_tty_write+0x30/0x30 [ 1550.297181][T28724] tty_ioctl+0x23e2/0x3100 [ 1550.301647][T28724] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1550.307607][T28724] ? tty_do_resize+0x230/0x230 [ 1550.313093][T28724] do_vfs_ioctl+0xea8/0x2c50 [ 1550.317722][T28724] ? security_file_ioctl+0x1bd/0x200 [ 1550.323053][T28724] __se_sys_ioctl+0x1da/0x270 [ 1550.327767][T28724] __x64_sys_ioctl+0x4a/0x70 [ 1550.332383][T28724] do_syscall_64+0xb6/0x160 [ 1550.336912][T28724] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1550.342820][T28724] RIP: 0033:0x459f39 [ 1550.346739][T28724] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1550.366362][T28724] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1550.374801][T28724] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1550.382789][T28724] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 15:28:02 executing program 0: openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, 0xffffffffffffffff, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r0, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:02 executing program 3: [ 1550.390789][T28724] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1550.398793][T28724] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1550.406811][T28724] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1550.415316][T28724] Bluetooth: Can't register HCI device 15:28:02 executing program 4 (fault-call:5 fault-nth:9): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:28:02 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:02 executing program 3: [ 1550.582338][T19754] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 1550.666370][T28737] FAULT_INJECTION: forcing a failure. [ 1550.666370][T28737] name failslab, interval 1, probability 0, space 0, times 0 [ 1550.679317][T28737] CPU: 1 PID: 28737 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1550.687265][T28737] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1550.697377][T28737] Call Trace: [ 1550.700755][T28737] dump_stack+0x191/0x1f0 [ 1550.705183][T28737] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1550.711166][T28737] should_fail+0xa3f/0xa50 [ 1550.715682][T28737] __should_failslab+0x264/0x280 [ 1550.720705][T28737] should_failslab+0x29/0x70 [ 1550.725635][T28737] kmem_cache_alloc_trace+0xf7/0xd20 [ 1550.730983][T28737] ? kasan_kmalloc+0xd/0x30 [ 1550.735568][T28737] ? alloc_workqueue+0x35d/0x2340 [ 1550.740652][T28737] ? __kmalloc+0x115/0x430 [ 1550.745154][T28737] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1550.751137][T28737] alloc_workqueue+0x35d/0x2340 [ 1550.756114][T28737] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1550.762092][T28737] hci_register_dev+0x415/0xfd0 [ 1550.767044][T28737] hci_uart_tty_ioctl+0xe61/0x1140 [ 1550.772250][T28737] ? hci_uart_tty_write+0x30/0x30 [ 1550.777345][T28737] tty_ioctl+0x23e2/0x3100 [ 1550.781865][T28737] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1550.787845][T28737] ? tty_do_resize+0x230/0x230 [ 1550.792696][T28737] do_vfs_ioctl+0xea8/0x2c50 [ 1550.797376][T28737] ? security_file_ioctl+0x1bd/0x200 [ 1550.802757][T28737] __se_sys_ioctl+0x1da/0x270 [ 1550.807539][T28737] __x64_sys_ioctl+0x4a/0x70 [ 1550.812208][T28737] do_syscall_64+0xb6/0x160 [ 1550.816800][T28737] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1550.822755][T28737] RIP: 0033:0x459f39 [ 1550.826796][T28737] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1550.846443][T28737] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1550.854888][T28737] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 15:28:02 executing program 3: [ 1550.862882][T28737] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1550.870872][T28737] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1550.879057][T28737] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1550.887063][T28737] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1550.895713][T28737] Bluetooth: Can't register HCI device [ 1551.031953][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1551.152241][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1551.163690][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1551.176672][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1551.186189][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1551.195945][T19754] usb 2-1: config 0 descriptor?? [ 1551.922130][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1551.928248][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1551.936975][T19754] usb 2-1: USB disconnect, device number 107 [ 1552.632000][T28149] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 1552.872005][T28149] usb 2-1: Using ep0 maxpacket: 16 [ 1552.992338][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1553.003492][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1553.016581][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1553.026173][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1553.035557][T28149] usb 2-1: config 0 descriptor?? [ 1553.222352][ C1] net_ratelimit: 20 callbacks suppressed [ 1553.222374][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1553.234375][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1553.240529][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1553.246804][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1553.432512][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1553.438675][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1553.447459][T28149] usb 2-1: USB disconnect, device number 108 [ 1553.702317][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1553.708339][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1553.714647][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1553.720640][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1553.726938][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1553.732974][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:28:08 executing program 5: 15:28:08 executing program 4 (fault-call:5 fault-nth:10): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:28:08 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:08 executing program 3: 15:28:08 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r7, 0xae60) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x81) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r8, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:28:08 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_STREAMON(r2, 0x40045612, &(0x7f0000000040)=0x94) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) [ 1556.525751][T28757] FAULT_INJECTION: forcing a failure. [ 1556.525751][T28757] name failslab, interval 1, probability 0, space 0, times 0 [ 1556.538876][T28757] CPU: 1 PID: 28757 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1556.546824][T28757] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1556.556930][T28757] Call Trace: [ 1556.560294][T28757] dump_stack+0x191/0x1f0 [ 1556.564719][T28757] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1556.570698][T28757] should_fail+0xa3f/0xa50 [ 1556.575232][T28757] __should_failslab+0x264/0x280 [ 1556.580258][T28757] should_failslab+0x29/0x70 [ 1556.584908][T28757] __kmalloc+0xae/0x430 [ 1556.589097][T28757] ? kzalloc+0x53/0xb0 [ 1556.593194][T28757] kzalloc+0x53/0xb0 [ 1556.597121][T28757] apply_wqattrs_prepare+0x97/0x1440 [ 1556.602481][T28757] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1556.608416][T28757] apply_workqueue_attrs_locked+0x1c0/0xba0 [ 1556.614692][T28757] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 1556.620799][T28757] alloc_workqueue+0x1afa/0x2340 [ 1556.625824][T28757] hci_register_dev+0x415/0xfd0 [ 1556.630716][T28757] hci_uart_tty_ioctl+0xe61/0x1140 [ 1556.635874][T28757] ? hci_uart_tty_write+0x30/0x30 [ 1556.641095][T28757] tty_ioctl+0x23e2/0x3100 [ 1556.645577][T28757] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1556.651495][T28757] ? tty_do_resize+0x230/0x230 [ 1556.656304][T28757] do_vfs_ioctl+0xea8/0x2c50 [ 1556.660932][T28757] ? security_file_ioctl+0x1bd/0x200 [ 1556.666252][T28757] __se_sys_ioctl+0x1da/0x270 [ 1556.671421][T28757] __x64_sys_ioctl+0x4a/0x70 [ 1556.676036][T28757] do_syscall_64+0xb6/0x160 [ 1556.680580][T28757] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1556.686488][T28757] RIP: 0033:0x459f39 [ 1556.690418][T28757] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1556.710394][T28757] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1556.718833][T28757] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 15:28:08 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x0, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:08 executing program 3: [ 1556.726823][T28757] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1556.734812][T28757] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1556.742809][T28757] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1556.750813][T28757] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1556.759556][T28757] Bluetooth: Can't register HCI device 15:28:08 executing program 4 (fault-call:5 fault-nth:11): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1556.922093][T28149] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 1556.957258][T28773] FAULT_INJECTION: forcing a failure. [ 1556.957258][T28773] name failslab, interval 1, probability 0, space 0, times 0 [ 1556.970202][T28773] CPU: 1 PID: 28773 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1556.978129][T28773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1556.988287][T28773] Call Trace: [ 1556.991610][T28773] dump_stack+0x191/0x1f0 [ 1556.995977][T28773] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1557.002339][T28773] should_fail+0xa3f/0xa50 [ 1557.006793][T28773] __should_failslab+0x264/0x280 [ 1557.011766][T28773] should_failslab+0x29/0x70 [ 1557.016382][T28773] kmem_cache_alloc_trace+0xf7/0xd20 [ 1557.021860][T28773] ? kasan_kmalloc+0xd/0x30 [ 1557.026388][T28773] ? apply_wqattrs_prepare+0xfb/0x1440 [ 1557.032296][T28773] ? __kmalloc+0x115/0x430 [ 1557.036748][T28773] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1557.042671][T28773] apply_wqattrs_prepare+0xfb/0x1440 [ 1557.048012][T28773] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1557.053936][T28773] apply_workqueue_attrs_locked+0x1c0/0xba0 [ 1557.059870][T28773] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 1557.065973][T28773] alloc_workqueue+0x1afa/0x2340 [ 1557.070981][T28773] hci_register_dev+0x415/0xfd0 [ 1557.075871][T28773] hci_uart_tty_ioctl+0xe61/0x1140 [ 1557.081016][T28773] ? hci_uart_tty_write+0x30/0x30 [ 1557.086063][T28773] tty_ioctl+0x23e2/0x3100 [ 1557.090531][T28773] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1557.096460][T28773] ? tty_do_resize+0x230/0x230 [ 1557.101254][T28773] do_vfs_ioctl+0xea8/0x2c50 [ 1557.105880][T28773] ? security_file_ioctl+0x1bd/0x200 [ 1557.111201][T28773] __se_sys_ioctl+0x1da/0x270 [ 1557.115915][T28773] __x64_sys_ioctl+0x4a/0x70 [ 1557.120529][T28773] do_syscall_64+0xb6/0x160 [ 1557.125063][T28773] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1557.130969][T28773] RIP: 0033:0x459f39 [ 1557.134889][T28773] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1557.154511][T28773] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1557.162945][T28773] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 15:28:09 executing program 3: 15:28:09 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1557.170947][T28773] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1557.178936][T28773] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1557.186923][T28773] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1557.194907][T28773] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1557.203622][T28773] Bluetooth: Can't register HCI device 15:28:09 executing program 3: r0 = openat$zero(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/zero\x00', 0x0, 0x0) mmap(&(0x7f0000000000/0xd000)=nil, 0xd000, 0x1000005, 0x20011, r0, 0x0) mremap(&(0x7f000000c000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000003000/0x1000)=nil) ioctl$DRM_IOCTL_ADD_BUFS(0xffffffffffffffff, 0xc0206416, &(0x7f0000000100)={0x2, 0x2, 0x80000000, 0x13, 0x14}) getsockopt$EBT_SO_GET_INIT_INFO(0xffffffffffffffff, 0x0, 0x82, &(0x7f0000000000)={'filtevj\xd5\xd2\xca\xf7\x9f\xf8\x00'}, &(0x7f0000000140)=0x78) [ 1557.402354][T28149] usb 2-1: Using ep0 maxpacket: 16 [ 1557.534244][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1557.545838][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1557.560032][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1557.569215][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1557.593798][T28149] usb 2-1: config 0 descriptor?? [ 1558.322229][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1558.328452][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1558.338228][T28149] usb 2-1: USB disconnect, device number 109 [ 1559.022058][T19754] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 1559.262022][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1559.382180][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1559.393321][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1559.406404][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1559.415679][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1559.425346][T19754] usb 2-1: config 0 descriptor?? [ 1559.462474][ C1] net_ratelimit: 20 callbacks suppressed [ 1559.462497][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1559.474499][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1559.480764][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1559.486936][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1559.812984][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1559.819114][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1559.828294][T19754] usb 2-1: USB disconnect, device number 110 [ 1559.942205][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1559.948262][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1559.954382][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1559.960360][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1559.966453][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1559.972420][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:28:12 executing program 4 (fault-call:5 fault-nth:12): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:28:12 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:12 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:28:12 executing program 3: r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = gettid() process_vm_writev(r4, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r5 = gettid() process_vm_writev(r5, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r6 = gettid() process_vm_writev(r6, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r7 = gettid() process_vm_writev(r7, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r8 = gettid() process_vm_writev(r8, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r9 = gettid() process_vm_writev(r9, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r10 = gettid() process_vm_writev(r10, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r11 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r11, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @local, 0x2}, 0x1c) connect$inet6(r11, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r11, 0x84, 0x72, &(0x7f0000000100)={0x0, 0x80000000, 0x30}, 0xc) r12 = gettid() process_vm_writev(r12, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r13 = gettid() process_vm_writev(r13, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) syz_emit_ethernet(0x7, &(0x7f00000008c0)=ANY=[@ANYRES32=r5, @ANYPTR=&(0x7f0000000280)=ANY=[@ANYBLOB="d92124cd11a8c2bed9d13ad7014c3b00d37b4ac6ab4d28fa7f05afe101672ed7257dfe04d9c15ec8ba1bcbd5d0c0c42b39c267c372506f01d0d26962490a327508cf3f2c21efc2b2f490b0ceb4c0597ed8399c4f66a9b3660089eb3adcf42d6552b7cbb2f8cd8d614ded1e70940b5973f84f2773464f755254a899971039844924938391a486e249cb747697bc4cde9bf87a2a93e28459b19625b1431ec619e84003d5e0632c827451ca5412582427cea22a5b", @ANYBLOB="ae3a0e58913fa1b64073ef194561c39418a8c62c8cb92156c3d6481b7c7778ce1d46c0606edb193b85a206451922faf8cee9eb24b831ba6a1d625b19fe9034c9dd7884cd4b0f6fd57652829969ff06a4ed9af71e8f69899ec33850d06a5f3eb3b12cf827e54cdcb0c7193fe2c46949c67917f678f4ff330f61d29c8bdf3119735343e7333fb475a8c7b55d8ee831c279f0f1dfe2e1f56cc69bb17cb6d92e29118ed82f6701be8f659846422429aea3bfee81", @ANYRESHEX, @ANYRES16, @ANYRES16=0x0, @ANYRESHEX=r1, @ANYPTR=&(0x7f0000000040)=ANY=[@ANYRES16, @ANYRES32=0x0, @ANYRES64=r2, @ANYPTR64], @ANYRES32, @ANYBLOB="b267ea1e071ff385ed0e38d2967cbe867a42bcdcaaf3fca47506b0eb4f6a6ba42f0cec8c59b1acb9035d35f92d51f484cba55d74fccba59061fc4994293020057697d395aab73e25d8e0a3f0c4922eb9ddb1100ca7702566d192de69f055a0073ee1bfd07fb738924fec16b7575e0a5d1562dc2889ba8da0612f176d8103afc3b13661c50c2efb1fdd83e26c4fcbc960065bb57adc55e63608efe76a5d78aec263327376be18a773124f52a16a8eaf23da9476f2dadd90e3de2f214a1bfeb6247282a15f0f7a74d2a084ead7eccf68a96a3e030bca656bc28debd5fbccb96d86e871cce27aee73a7f96f839caed2fda9"], @ANYBLOB="c3e52890e6121b84ceba8dcc9f6c370e4ad629a8f769ce8dd13390d5a5a1811cab7886f72d223c74e186fd7d4771b51eb00a1045b36f27ff7d78b0b758c2a0a1f7e6ccaafce176a3856e7fa69d1e62b596f846ef3814f2a1d07673fc947b0e54207345afb8506cc227497629536b21d0d6268fb0283bb2f60aec65a66b5b5039e3f84e5a62eea6e3c866926c63ee55039368fcaaa6e6c2f3ac8629c9db506a57b788e377169b54fbb08a958c29cfe174f0ff7f5b2b502be9df384663d27b95eddd942174c072a3841b7ee3137c6fea044c692d602a4cdd35c637b6f5d5b3db0b402347cb443d00c29e8918c8908fb71bb4d2e3a54e87f6349b74e4afe5", @ANYRESDEC=r3, @ANYPTR=&(0x7f00000006c0)=ANY=[@ANYRESOCT=r6, @ANYRES32, @ANYRESOCT=r3, @ANYPTR64=&(0x7f0000000080)=ANY=[@ANYPTR, @ANYPTR64], @ANYPTR64=&(0x7f00000000c0)=ANY=[@ANYRES16=0x0, @ANYPTR64, @ANYPTR64, @ANYRESDEC, @ANYPTR64, @ANYRES32=r7, @ANYRES32=0x0], @ANYPTR=&(0x7f0000000540)=ANY=[@ANYBLOB="c4e1d05287ff2268d879e9c6f5c2f594a305e33cb3e9e96544edff20dc64e45af63cf28def537916e6e668daae5ce6e84611825f1d4fcbe2b0abc4", @ANYRESHEX=0x0, @ANYRES16, @ANYRESHEX, @ANYPTR, @ANYPTR64, @ANYRESDEC=r0, @ANYRESOCT, @ANYRES64=0x0], @ANYRES16, @ANYRESHEX=0x0, @ANYPTR=&(0x7f0000000600)=ANY=[@ANYRES16], @ANYPTR=&(0x7f0000000640)=ANY=[@ANYRES64=r3, @ANYRES32=r8, @ANYRESDEC=r9, @ANYRESDEC, @ANYBLOB="6e1dfb53180ace586e3774742a25", @ANYPTR]], @ANYPTR, @ANYPTR=&(0x7f0000000840)=ANY=[@ANYPTR=&(0x7f0000000740)=ANY=[@ANYRES16, @ANYRES32=r13, @ANYBLOB="27a64f7aab8247e72878994025a70d98505976dfdc969ea5375271acf689e0b0ea27c2ff360276effd0b475a5f7e5c3836caf19c53eb4d71bb128c7f006decc06b3cc392c5a11757e7c6fa9dd625c549cb4389a370d6f32ca6378b655603fc4cecc1e2715199e6067ddeed587e18367f6ebc8ed537365a17cb436e2b487659aa0cad42e114ec4d1d81954253aa40362dcf7824f7bf9b4249ad9c8936cd63c5d27b5176d2b229213a4fe007c20b79f32670898f1febc2460c325d3e08460db9d96873f14787e9f0c4a528c40853adefc07f340d60133914da9565f4b8ee7fa4a8af3b"], @ANYRESOCT=r10, @ANYPTR64, @ANYRESDEC, @ANYRESDEC=r12, @ANYPTR64]], 0x0) 15:28:12 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r3, 0xc0305615, &(0x7f00000000c0)={0x0, {0x1, 0x565}}) r4 = dup(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$KDSKBLED(r6, 0x4b65, 0x4) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r4, 0x40045532, &(0x7f0000000100)=0xfada) msync(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$SG_GET_LOW_DMA(r8, 0x227a, &(0x7f0000000080)) ioctl$sock_inet_SIOCSIFPFLAGS(r4, 0x8934, &(0x7f0000000040)={'hsr0\x00', 0x23}) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB], 0x0, 0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = dup(r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) r11 = dup(r10) ioctl$VIDIOC_ENUM_DV_TIMINGS(r11, 0xc0945662, &(0x7f00000001c0)={0x1f8, 0x0, [], {0x0, @reserved}}) 15:28:12 executing program 5: prctl$PR_SET_TIMERSLACK(0x1d, 0x100000001) clone(0x100, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffffffffffff) stat(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)) sync() r0 = socket$netlink(0x10, 0x3, 0x4) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = syz_genetlink_get_family_id$fou(&(0x7f0000000080)='fou\x00') r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NBD_CMD_DISCONNECT(r5, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="48000000100005070000ffff0000000000000000", @ANYRES32=r6, @ANYBLOB="0000000000000000280012000c0001007665746800000000180002001400010000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00'], 0x48}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="64000000280021042000"/20, @ANYRES32=r6, @ANYBLOB="07000000fffffffffffff000080001006270660034000200300001002c00000016000c000100766c616e0000000004000200140006004ebadaf223ff566545a1652c830000000000"], 0x60}}, 0x0) sendmsg$FOU_CMD_DEL(r1, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x80400001}, 0xc, &(0x7f0000000180)={&(0x7f0000000100)={0x60, r2, 0x200, 0x70bd29, 0x25dfdbfb, {}, [@FOU_ATTR_IPPROTO={0x8, 0x3, 0x91}, @FOU_ATTR_AF={0x8, 0x2, 0x2}, @FOU_ATTR_REMCSUM_NOPARTIAL={0x4}, @FOU_ATTR_IFINDEX={0x8, 0xb, r6}, @FOU_ATTR_PORT={0x8, 0x1, 0x4e20}, @FOU_ATTR_PEER_PORT={0x8, 0xa, 0x4e24}, @FOU_ATTR_LOCAL_V4={0x8, 0x6, @broadcast}, @FOU_ATTR_IFINDEX={0x8}, @FOU_ATTR_AF={0x8}, @FOU_ATTR_PEER_V4={0x8, 0x8, @remote}]}, 0x60}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) sendmsg$FOU_CMD_DEL(r0, &(0x7f0000000180)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000100)={0x30, r2, 0x800, 0x70bd29, 0x25dfdbfe, {}, [@FOU_ATTR_TYPE={0x8, 0x4, 0x2}, @FOU_ATTR_LOCAL_V6={0x14, 0x7, @mcast2}]}, 0x30}}, 0x8001) r7 = gettid() r8 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r8, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) r9 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f0000000580)='/dev/dlm-monitor\x00', 0x10000, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r9, 0x4038ae7a, &(0x7f0000001a40)={0x7, 0xbb4, &(0x7f0000001840)="a1d990ce56cf7353a88c99ddf5e913fe8de37fc9b226ce5cd2a832447db63d640dc5a25a553027ba1d1ae43e599c98b6fde752e41b04202409700f367e2391e9a1bacacfbd5bc5fe085cfe039da281b8e6f330e4b1519dae6453ab9afebf2de3f10ae0fedb00170447c6ed04a35059e8ad85c4042837df65cfdb073bc5f1a77730130b96408ee93fdb1e2630733dcf4495999fe29c630bc2487943ee70ca16a5c68c6fb6ba1d4506a2bf607335df20f1f447f151f37ece67ece17b1f51162f9a169a7a00955a67e1c08daed8664ff50f9daa1f6a434c85642ee276435d39402f06370301e931ab7098a2135fdc", &(0x7f0000001940)="cbdc7539b98d352b40a8cccbf884c259ded2ebaf5ed1801ac13174eb61e042d60886cac754b85c111d063941f9607b387342c53d8ae10ca47589fa1c7616e5ec8d46c76764fa21514cc57174e9df336a139e3f243a98385e22f75f8d4df1b05ea7954d7c2fd5b7ce12e6f5e10824ececdc964b13cdb83808d19b11a1cd21840f3e3034419dc009fda8d590c8e5ea52bee19d70e8c01ca4d6a6aeff3e8eea01f3eb3bb53ae7a9210bb5b39b09670cbcb66fcb9ad2f7a856cd59291ab42648ffbc19eec1cf3619ae3655a02e71d14438caface244428502ee338651fc49b7a44bec996d2b7d18ecfd629718dffb3db9f03d4691f", 0xed, 0xf3}) connect$inet6(r8, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) sendmsg(r8, &(0x7f0000001800)={&(0x7f0000000240)=@pptp={0x18, 0x2, {0x1, @local}}, 0x80, &(0x7f0000001740)=[{&(0x7f0000000340)="2f1bb016c462db60f65767b0bfc77da5e81d34400af6acf85cb3ea3ac3565a44f69d15dec5666e7b2931f8fa09e5f54a26b627ae2090dac4d1b1d1beafdf69842afd1757c56914752d4a7f15e20dd571d8919988d639155a44f740f97e663f4e002e1be60d3d5e2112b8bdec65a67e1b62a1293c369a1f60a4296c8a486b3dd40222490e49affb15af42ea5f3c6e8109549217b0efadf35862f06b767d1fadaac075be16ff4b2e10a9", 0xa9}, {&(0x7f0000000400)="71c7b917c50c9f7909a1509757fe1af2123238ec4660157d752cb204b68c385592a3df5998142fa7884ec56c65c73193b44a4306ed65abe25045a7123ffb6ebe775f42cc0577ea0fe91b588813250e6263da71c00caa85f117645deca836559a82fceb21bbb07cfb23b3397d6429f0b8338c88c1eab086f0", 0x78}, {&(0x7f0000000640)="16278cb6cb6c6ec3120c26e52d223c2b42705cb8b2e568f1c5b27c9f91f1ff03c4a587d7aeffb0ea4f417ec1f1dddf12fdc97420145fc0f4aa79a9d21f77470cc35033c5205e80508ed871abbc5820e56d6f49db4203eaf3fd5e6dab01d0958815144f2e54a2fb47d80f05a73873efdbf923de5e2e7b02d9e9f12cd045501263622fda43ed0ec8e6b9843de1e0e52f21be98ae1baebb2661d1741b6abda45b934f434479a339657b2f6cfce407ed7ad3f985c823c21bf84ae06201aa154b9dc3a9e74daf1bab87d8540568e432163c919b64cae654abb84a1644bb25e7db63afa768dafcd2ee5ad6dec94ba3e97f33d5176500c93a1654c1547a806c4a8d70f7adff08193d7e7b1e8a0526fc803348de5af36e427f71091f57e81273c403f5785399bfe352e178620286cd99c03810e0f9887caa0840f859196af2958553b83f08553124e0dbdc66ddc8aeeadc15233f69773a6d8977b8c4472bed4f7122c79b0e9f6744e528f8351ab3861ccb91ab595ac7e60dde340b7f72d6265c6ca188640943a2f3413b5173b27b8ab4a67e656da75a6fd4c1534e16e6e79f24ee1d44513476569a80553a41c4739d58a158c3bc3778b0cfc20e773a7d51b50b2eb7e890833b6f285f319c019e7379b199c23ef5269a53c42d3a583298cac47ee37d454c3bf70642571c65d01022e3352e892cfb07a582cd0f0526471c3fdec9181631388ca39e565cddf6ad5968a928f49852dd5d75319ccd88c1820befb1084cc6db5b1e56622dbadfb4d624cfd3225ddf5c7d8c78a821462d53386fad0cbfb02595fd882fde172d042b1a15cae6edb9398d36a43246e9586d649d518e4e9e3fb9153a67f52d05d9f73acbd16e111a71ae4d0a0c6a58192a4e19bee79652170ecb946fffe19f940c8e1f5bc1f09717394cb3862e7d64b7520230fced5b4daa2cee8b29bddb1f903242a4dcef58935b7d0f03b2c07e51989d6b49379f321f9f2836e0d9d087a70472bd56504983f9ee7f1d93e2b3619a9ea3620b86f2ca43be02ab26a12501dd40d2f52112b7d6aba464139f03e5e912b5fd7d7e36442b8da0da891c7b3e4c1f2607748056b41823e6b793ea2bbd54c661715427d60f5a13be73925cfcc5aa254c475560168774d3e31e895876bfe83cb7d87329cb1ae0f4bafec08f04e567747b10a1033101ba50f53ee4fbac6288f9192d82c680949636317b2a313b35ac4b8467d48ceea3778acfd187986f2ed537ad77e31692b3e3e2d61e6727a0a3cb4eabfba2b01c44b530134f1eab8ef87b8ca7d405e838c6b4861d6bf28bbcdb5fa245932f680dc49b452ac0502ef4a0f748a907ea06ec07dca7047e44ab125127c337c196a063ea254eeb31d3903ba1b69485397e3dc8266fe0659007829c255654dcd9f4d5bd017d7fea3d6818cdfb95d59f94200b08fa57fb99c2a864d3793b84920a37be42aae2832ef99d4554f4ee1ce2347eaffea86924519e9f236d672d7c26920e55c64a890cac81b2878396186e5387a088f8e04cf3b76064d5936dc62b94d43e4339edfd1522432abb96aa6835848037e81f70e083690c701c875001df55f6232f1fe93ebe2acace078eb16648190c295698de5480d796ace3b7c59102f28c2cb93a6186063fb67be4b4194cec95d84edb1fc95074e038e51b34bdd792baac001ffd02ada14057f8282fef2249fab2f7cdba9b133984e4d58a95e9cefd22a042b6d75b19f719b2cc4eb77da941ed85da5488fa3d3d5db6c6438f1d404ba11458d9feb9be871ab1448db01a8a0da7de09f0c2194f27abd8c892d6a81b2607e138fcfa608db378a9c55b2452cbd422fe536e5e74c982ac65da7715db9bf38ea08bcef882a158a36e3282d7ce02cb20889e9448918d480e58a753ad8474594048a9b340cf8bf057cb0067bb7d7f7b2812527488657b9eefab60a6fae3c98e3cf8018d9c3894c73bfdf79cdadc166251aa1efa3f79fcfc32bc26cacc38d7b3906f6c3fde0cb2379f60ef22a29f0249db65b6f7d41b55410400457fca1b8ec7fd36db7fddda1946b3c533927ebdb7f0c03c7280b49339de1c6a89345edc3ba6b1ce3fe6703125e30b0c7d45b96a217b7505b6d46abb3def1680d96df282cb543c9035f6993e2a508d7c62543c0aa9e81fa7fc91a0b240dcf20c3d01690fbccfa0d74717b55e5e7ae8fc07bd33cef1c42df2e82404d7089231bd54d7ac4c150395b89fb65984c3b4b380f51518cc70212c0ddd54f5686207e9abf0cea72d23dea5155e5b96c51077857771754f425a14ed6154b1ad97ca25b2002fd4e0f601128560d1941f6be8a9978df1b59ae8ffacc3bba70036065de566db21640308593df55f00e444c985a87ee444aa61e5a72a3b30f865202a006a980336829068ca961d19a9f0e5d23077852fbcdc2933511248341ffbf0be5e835323e2bae2809c0de7e36c916af25263a8ea7117e5c42554b2da24d7c5c4b2fd79b7ef340b4b6d1308a1bff135f1c17ca591658d863f6f602d8a6b55bfeab30b8873989611149d649420c6f9944d548034eb356df08c59b78297a401b3c997e35ebe869ca601cb136470a9c07f1dcf2245fe0c0c54568d0388700d28b096c2216b79c485325917123585e7dc0eb4f07cb82e39a1e9323acbbdaf062174e5edbc504e09471e6a6862f5255d4f123b4a43cf785b5426acca2311d8cf3009e8ed950f7105079136dc8e4c4e8aa082d75f0054985df83305d379c693f44875d21194012637f12fd53ee873e4e43834ab1a5835986af1ff10e3f3a96f8e315560702023e5d5b6bff3c18d0b4ac2bb33848599804ac0bc96f9e2edb705deac0b66ef8420cfb53e50bd78b5c41f1a03e477fb515d69da92d30d944879bf99930c8b32c57dea1130a915066c96080a482fd93166d0bb051653c9045da107a17b8dcd2b71eabd20944a2b320a85c27e1433d8aca2f0db034007c87d41191b44137cbd0ce5a31e6bfe8f1fabc993be67a766dbe64f9dcecd0090dc4137b93216878f4e91e289f62fa3b0a602daa205c6bc7fd360d6b8580b3c150f2f9655de4a62261acd7c00244f08a13caf60dcb08e28b4cc9da11504871dd30257099b2aa37f09e4df48ac4567042557e4798f25ee8b0e864a970b729b863389e92c49c79691d0ffd1cd58656d4be7012268547a04ad9d3e0a08ae159b709fbf9f8448b34bf8c29069eb74a1afc3c4ef37d84db8e92375900f6d6965791623f8e7b3e6bc853a2de4e1945593eb6bfb9ea4b16122af7e663d03b7f439c73a64fa274fa0b503fa068d5d848ab276e896f0d6ec410d980b6ddf31d45c5cd505586f80e5e5aa9943d9e5d6265ae0100e8b74db85e3d80d7a043d3ab27709acf23dfe80d854ff13279119e66ec23565df152d40d657802caad4e4cfc6cebf64202f0a5d85724607798517b7be943ff4b23ee1239406fe9eca80f63d127a0c30a45e2e3f38d0e9d83fbf77ee091bd989b977eb148d8e8207b134f9619876e5e650375f22a12895476371fc439be514b9baf19cecdf52a717a9cc1a42a045b4ba93f8b224334123aa0d958bd31979b31c2ca67b4decd3d253cdd02191be83d19ae2c99869fe6b41005ff586241093a056a9ec62e05b98caf5bae6483c172cbf85eb7bdf924d21ef5405dfd75d269dcaef872d2588339a6271377f8c26dece4a6f0ce179dd8ef11fbaa3715c6451a4119a26c3d1254405ffad7ebbd537338f3572e31c20bc55447c6c19063703b79d883a5607446a16e05e484200c280b62ac84cb9a81a8be1ddf8fbb9780056ba83ee53ae4b6114e247f15b3a5232b9a79a9880fc7abb223cb04b121a888ddce031e60bbfc409f8d3f637903f1aa5c68bd7e8d91a96b823cec0a50a9700c6dceb8ea68997f6393ac4a7ef51c637d1d2fcf3f151cfc9213241bd9c093ec4999743c494bc5bd0a81300e4d04c5fda332ce81e00d1f02efe85e81777525db2af6a3e03ead6bf39ad11f8235acd0fe6401e2f822f278a32d68e29222f5cc5b9b715957d9a0b6dec9e48e6c7259cf143eadf0b3c383b8e46cdaad1e6e55b34c8e8779a807e0e34fc18512b46db422f3481c9cdb71e28be1eab850b018a3adb629d698cc77ba06e82c0d21e77f4fbd25609eff8f064c39e512f940bcce4594ed05e460b69a0b0e3a97f06ccef76046999a9d5b21659f4ac1dcc47f98de134342028591487aaa60c7056410615bdc61758c23f53e9ded849be44e24dd3095e2259001489c03dc8ee47d68f7a4eec50de7bd08caaaaf2c6b8a153bead0aae69d7deee8f663be8a48fb0edb538405c678a3401ac124ff5391b8a10e0e3eabc0f0bd6c83c47c1a8ba48db438c146b1f2987561447e124ea3b0d1f5c4f3a8e6abe3e0b29db04443ce919261fb5e0d039d828e0fc575a49372e032011d289097232327c170359bf5865e20a93b97ea43ab22b5559a7fb6c1a60d7cc6616bc6d473b38b659915d6e0dc71420fe061dd6f64520239fb4964c4c671b4d140ef30eccf9daaab4308dc2e0ebf0c4da622e6e3d1bd8daf73c1555d8ad925c870ef8eca91a75c5fdfb79c4b180b77d42114cf83b5ff009575ce949fa8ec32c2dac858281d7cc4e5b79dcdc2334e08e285ac2ab1b4c5fe4d9b73e520df67108d2b86c734aa6c8dfd18a1099fea01219b536059e66e9bb0997962afebce41e4ad32a65845277ef1710e2ddf95bb4fd2583e3d61b7bfb29b19c5413309bc25001ff114cb975b6294d33ffd587ad8132465a20f62adf31f50fdd25cef5950bb23a5860737dda779cc2773f1cef0693feab3312b65956d10d65a900225a904894e0907cd1f5f69765dac098aae642da9a85de5f3a173a572178d488148c9597faebae27284d32bbffd83934323057ba54b995fad519abbe3dc589c06cc6fe6f31bd6eab4913c971e3c15291bc93640caaaaadb254d32fd94ef68fcab297ec6f9e62024e12d73316c18d73e42464e9681083ff4c247a7e542ed53e546a409fc28610223427a705691dbd2be421de02f09ff00f9fa8e277b33f71b484a1698daabede61afc4e7d39a09e462ab1dd4a5c855758bd93f234a69cfb25664cbbcd1a4724107d0b6e07a9d552ac5261451f88a0a27907a6039095432f9d9ddaac84d65228505072ba493b70fe39f4461b79925bba0f091a0d0e564ac9e6e8a8f1128221e0e8b17fc736862a7d5a2f1c2cb14d924d86da4e7f01e7eee7921a2bc94214ff9f6d419eda5d578624b54d8cd5075afbe19a08ef862255b9bfb30947e6a5e5ada658b1f04484cdd3b55c8e27fc42be079c477ed4f83c6f4c73d694efdd6f43cd910c16a1f9c0f6890a788ed38bf5f018f9c682024081c533a6042093071cc05b52591f25af07359fee205cb174a2c9086607250a364c2de4414fa413afa8b954c27fe078c51fded793d6c2d4852e9442800efada8ff46c3a461414bf4186268f58321115cc1fa16b82b2b3341eff0b2329b9cca7cd12dd9822ee2037922476993dddffcedaadfd2330484e977a869607fd8bc0ba6918d4fc0a77ac9421e9bb8708fca5615f247d47bbc804c83eac62548a1f26232776f92134429b5225e8d65da23e9ba5e5da648cb2178f729691653965316cb43cdd6ca873f7122ce635c28ea177a140cd2dac21d133b4c8385fe5c060d7842785b195943e455eb3d100dc0c10a4148e3461b2bcf88d5133440b18fc1b86ffc8259f331e064309c79ce5759ec3ec4916d56c41c2c7495743a872b20be4b1f670c05aeb11e88a3729115b95d4df40bbb646cd6a6a097a6b6d59f07353ffa", 0x1000}, {&(0x7f0000000480)="bb2b4be409081fc535c288a72b4e0284db160751184666b0de8073ecf4cf458cda1628ecf67f9674e0b277c255d0c371813b4a97ae1303e27c12e75aa37c87df655d1f43e88925530453273ee08780f2792c97342253979de8e6f12efc680a79605c1786d2214c08558e39674f71a842ac15c4bdd96b3e071ae9978c6a9d49f368b2d942a5ff22c077cf39d99c5b4270d684e6ae2684d3d9688918c8daa91ae4f13786618c9dca5eaca81c6b922474b5e1bdc02fe5d618b652e931982eae293802c509a4f02a92a85690aa8596d15da157d1567c343dfeedef7e16", 0xdb}, {&(0x7f0000001640)="bdf493b260175c0813de98e205864a6a24af58e3e907e76b2236bdf53322c5e25b3f2a619ee409e5a48dcadbe0460165f9f0ea23bbf36df641de24365225104c730ba12f5168932176d77ce336987ee72a350033150bf2c296e0a07138d735a673283460805e91f04efd6e115e0e59aa09d9dc53d65db015d1783d497c282d8e2f7f383dd1f9756e48b00050db744f0dc4cb74771442b205623cf907c1d5031aed7a708597f39fdde4604e847c746c678bf3d33ae6dec68e76cb29d74f1296a701d3fe26448d28efc6f17521f9", 0xcd}, {&(0x7f0000000580)}], 0x6, &(0x7f00000017c0)=[{0x10, 0x29, 0x101}], 0x10}, 0x20000020) tkill(r7, 0xe) [ 1560.725374][T28799] FAULT_INJECTION: forcing a failure. [ 1560.725374][T28799] name failslab, interval 1, probability 0, space 0, times 0 [ 1560.738216][T28799] CPU: 0 PID: 28799 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1560.746160][T28799] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1560.756278][T28799] Call Trace: [ 1560.759689][T28799] dump_stack+0x191/0x1f0 [ 1560.764107][T28799] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1560.770087][T28799] should_fail+0xa3f/0xa50 15:28:12 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1560.774605][T28799] __should_failslab+0x264/0x280 [ 1560.779630][T28799] should_failslab+0x29/0x70 [ 1560.784295][T28799] kmem_cache_alloc_trace+0xf7/0xd20 [ 1560.789683][T28799] ? apply_wqattrs_prepare+0x22c/0x1440 [ 1560.795315][T28799] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1560.801297][T28799] apply_wqattrs_prepare+0x22c/0x1440 [ 1560.806784][T28799] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1560.812945][T28799] apply_workqueue_attrs_locked+0x1c0/0xba0 [ 1560.818925][T28799] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 1560.825089][T28799] alloc_workqueue+0x1afa/0x2340 [ 1560.830135][T28799] hci_register_dev+0x415/0xfd0 [ 1560.835040][T28799] hci_uart_tty_ioctl+0xe61/0x1140 [ 1560.840706][T28799] ? hci_uart_tty_write+0x30/0x30 [ 1560.845755][T28799] tty_ioctl+0x23e2/0x3100 [ 1560.850245][T28799] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1560.856188][T28799] ? tty_do_resize+0x230/0x230 [ 1560.860994][T28799] do_vfs_ioctl+0xea8/0x2c50 [ 1560.867541][T28799] ? security_file_ioctl+0x1bd/0x200 [ 1560.872866][T28799] __se_sys_ioctl+0x1da/0x270 [ 1560.877581][T28799] __x64_sys_ioctl+0x4a/0x70 [ 1560.882196][T28799] do_syscall_64+0xb6/0x160 [ 1560.886727][T28799] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1560.892894][T28799] RIP: 0033:0x459f39 [ 1560.896815][T28799] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1560.916455][T28799] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1560.925111][T28799] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1560.933103][T28799] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1560.941092][T28799] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1560.949097][T28799] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1560.957111][T28799] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1560.965772][T28799] Bluetooth: Can't register HCI device 15:28:13 executing program 4 (fault-call:5 fault-nth:13): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1561.122183][T28149] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 1561.147744][T28810] FAULT_INJECTION: forcing a failure. [ 1561.147744][T28810] name failslab, interval 1, probability 0, space 0, times 0 [ 1561.161027][T28810] CPU: 0 PID: 28810 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1561.168977][T28810] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1561.179087][T28810] Call Trace: [ 1561.182451][T28810] dump_stack+0x191/0x1f0 [ 1561.186864][T28810] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1561.192845][T28810] should_fail+0xa3f/0xa50 [ 1561.197349][T28810] __should_failslab+0x264/0x280 [ 1561.202365][T28810] should_failslab+0x29/0x70 [ 1561.207019][T28810] kmem_cache_alloc_node+0x103/0xe70 [ 1561.212374][T28810] ? kmsan_get_metadata+0x39/0x350 [ 1561.217567][T28810] ? alloc_unbound_pwq+0xf22/0x1730 [ 1561.222870][T28810] alloc_unbound_pwq+0xf22/0x1730 [ 1561.228006][T28810] apply_wqattrs_prepare+0x60d/0x1440 [ 1561.233489][T28810] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1561.239477][T28810] apply_workqueue_attrs_locked+0x1c0/0xba0 [ 1561.245504][T28810] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 1561.251683][T28810] alloc_workqueue+0x1afa/0x2340 [ 1561.256750][T28810] hci_register_dev+0x415/0xfd0 [ 1561.261651][T28810] hci_uart_tty_ioctl+0xe61/0x1140 [ 1561.266805][T28810] ? hci_uart_tty_write+0x30/0x30 [ 1561.271871][T28810] tty_ioctl+0x23e2/0x3100 [ 1561.276354][T28810] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1561.282277][T28810] ? tty_do_resize+0x230/0x230 [ 1561.287070][T28810] do_vfs_ioctl+0xea8/0x2c50 [ 1561.291699][T28810] ? security_file_ioctl+0x1bd/0x200 [ 1561.297029][T28810] __se_sys_ioctl+0x1da/0x270 [ 1561.301752][T28810] __x64_sys_ioctl+0x4a/0x70 [ 1561.306377][T28810] do_syscall_64+0xb6/0x160 [ 1561.310910][T28810] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1561.316828][T28810] RIP: 0033:0x459f39 [ 1561.320750][T28810] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1561.340473][T28810] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1561.348912][T28810] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1561.356900][T28810] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1561.364889][T28810] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 15:28:13 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1561.372877][T28810] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1561.380862][T28810] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1561.389787][T28810] Bluetooth: Can't register HCI device 15:28:13 executing program 3: sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000003740)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=@newlink={0x44, 0x10, 0x705, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, @bond={{0xc, 0x1, 'bond\x00'}, {0x14, 0x2, [@IFLA_BOND_ARP_VALIDATE={0x8}, @IFLA_BOND_MIIMON={0x8, 0x8}]}}}]}, 0x44}}, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000000c0)={{{@in=@multicast1, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in=@loopback}, 0x0, @in6=@mcast1}}, &(0x7f00000001c0)=0xe8) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000200)={'veth1_to_bond\x00', r3}) 15:28:13 executing program 4 (fault-call:5 fault-nth:14): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:28:13 executing program 3: syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000023b7712080044704e3690007009ec3678c45e2364d13770109021b00000927ce00011db30c00090587020000000000c469c0ec6ea4e04a0abda5b8ef9b77e6010eebea909b7d7efc6f95913ca8ba1e1cad6dbf10fa1a53df98ea1e2191b35737793ec368cfc3c09f82609d52442bbd621e780cb30eb9b1bac5302d537de4d8b873c11d2b965e13a130ceb694a0a75bf031780652aac3bb722fd9f0"], 0x0) openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000)='/dev/udmabuf\x00', 0x2) [ 1561.602085][T28827] FAULT_INJECTION: forcing a failure. [ 1561.602085][T28827] name failslab, interval 1, probability 0, space 0, times 0 [ 1561.615019][T28827] CPU: 0 PID: 28827 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1561.615042][T28827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1561.615079][T28827] Call Trace: [ 1561.633098][T28827] dump_stack+0x191/0x1f0 [ 1561.640715][T28827] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1561.640769][T28827] should_fail+0xa3f/0xa50 [ 1561.640835][T28827] __should_failslab+0x264/0x280 [ 1561.651175][T28827] should_failslab+0x29/0x70 [ 1561.660694][T28827] kmem_cache_alloc+0xd6/0xd10 [ 1561.665524][T28827] ? __d_alloc+0x8e/0xc40 [ 1561.669919][T28827] ? try_to_wake_up+0x2fa/0x26a0 [ 1561.674932][T28827] __d_alloc+0x8e/0xc40 [ 1561.679174][T28827] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1561.685447][T28827] d_alloc_parallel+0x135/0x2220 [ 1561.690489][T28827] ? kmsan_get_metadata+0x39/0x350 [ 1561.695721][T28827] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1561.701773][T28827] __lookup_slow+0x18f/0x760 [ 1561.706449][T28827] lookup_one_len+0x278/0x400 [ 1561.711231][T28827] start_creating+0x21d/0x5c0 [ 1561.715968][T28827] debugfs_create_dir+0x7d/0x800 [ 1561.720953][T28827] hci_register_dev+0x54f/0xfd0 [ 1561.725852][T28827] hci_uart_tty_ioctl+0xe61/0x1140 [ 1561.731006][T28827] ? hci_uart_tty_write+0x30/0x30 [ 1561.736062][T28827] tty_ioctl+0x23e2/0x3100 [ 1561.740535][T28827] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1561.746452][T28827] ? tty_do_resize+0x230/0x230 [ 1561.751772][T28827] do_vfs_ioctl+0xea8/0x2c50 [ 1561.756421][T28827] ? security_file_ioctl+0x1bd/0x200 [ 1561.761765][T28827] __se_sys_ioctl+0x1da/0x270 [ 1561.766489][T28827] __x64_sys_ioctl+0x4a/0x70 [ 1561.771117][T28827] do_syscall_64+0xb6/0x160 [ 1561.775668][T28827] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1561.781579][T28827] RIP: 0033:0x459f39 [ 1561.785676][T28827] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1561.805562][T28827] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1561.814005][T28827] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1561.822612][T28827] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1561.830601][T28827] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1561.838599][T28827] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 15:28:13 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1561.846585][T28827] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1561.857039][T28149] usb 2-1: Using ep0 maxpacket: 16 15:28:14 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x0, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1562.002018][T19754] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1562.004865][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1562.020746][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1562.037375][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 15:28:14 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1562.046592][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1562.076023][T28149] usb 2-1: config 0 descriptor?? 15:28:14 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1562.244973][T19754] usb 4-1: Using ep0 maxpacket: 32 [ 1562.282398][T19754] usb 4-1: too many configurations: 158, using maximum allowed: 8 [ 1562.402160][T19754] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1562.409895][T19754] usb 4-1: can't read configurations, error -61 [ 1562.592145][T19754] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 1562.812299][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1562.818619][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1562.827716][T28149] usb 2-1: USB disconnect, device number 111 [ 1562.842639][T19754] usb 4-1: Using ep0 maxpacket: 32 [ 1562.882592][T19754] usb 4-1: too many configurations: 158, using maximum allowed: 8 [ 1563.002264][T19754] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1563.009994][T19754] usb 4-1: can't read configurations, error -61 [ 1563.016774][T19754] usb usb4-port1: attempt power cycle [ 1563.512040][T28149] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 1563.731962][T19754] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 1563.772059][T28149] usb 2-1: Using ep0 maxpacket: 16 [ 1563.862121][T19765] Bluetooth: hci0: command 0x1003 tx timeout [ 1563.868388][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1563.902443][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1563.913712][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1563.926754][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1563.935960][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1563.945795][T28149] usb 2-1: config 0 descriptor?? [ 1563.972124][T19754] usb 4-1: Using ep0 maxpacket: 32 [ 1564.012701][T19754] usb 4-1: too many configurations: 158, using maximum allowed: 8 [ 1564.132269][T19754] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1564.140135][T19754] usb 4-1: can't read configurations, error -61 15:28:16 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1564.293036][T19754] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 1564.342302][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1564.348538][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1564.365404][T28149] usb 2-1: USB disconnect, device number 112 [ 1564.531980][T19754] usb 4-1: Using ep0 maxpacket: 32 [ 1564.572237][T19754] usb 4-1: too many configurations: 158, using maximum allowed: 8 [ 1564.692324][T19754] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1564.699933][T19754] usb 4-1: can't read configurations, error -71 [ 1564.717956][T19754] usb usb4-port1: unable to enumerate USB device [ 1565.702464][ C1] net_ratelimit: 20 callbacks suppressed [ 1565.702488][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1565.714453][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1565.720589][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1565.726766][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1565.941942][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1565.948852][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1566.182452][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1566.188544][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1566.195722][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1566.202207][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1566.208359][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1566.214574][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1568.022064][T28149] Bluetooth: hci0: command 0x1009 tx timeout 15:28:23 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010a40503804000000000010902240d7a1209446509210000090301000009210000000122ab00090581030000000000"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) io_uring_register$IORING_UNREGISTER_EVENTFD(r2, 0x5, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:28:23 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:28:23 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:23 executing program 3: syz_usb_connect(0x0, 0x24, &(0x7f0000000180)=ANY=[@ANYBLOB="1201000002edd740f905ffffcbdd0000000109020000ff020200a095384959bda56eafe5e37b64044cb36d4495ee5711bd842f36e5a8f4c0c2d945a4890a744f554acc7d42082693a86d7508280760a3db3627a833ee397bf9d9ff649ad2c94de25bc383d4341a8638513508177d8738394e412747abeaf389c64fc25e16693ea94e619b759a1ff0bce03b2d00f8a59e6c1c0504f866f4ec6a3092644be30000"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) setsockopt$inet_mtu(r1, 0x0, 0xa, &(0x7f0000000040)=0x2, 0x4) openat$apparmor_thread_current(0xffffffffffffff9c, &(0x7f0000000000)='/proc/thread-self/attr/current\x00', 0x2, 0x0) 15:28:23 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1571.882094][T19754] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 1571.902739][T19765] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 1571.942416][ C1] net_ratelimit: 20 callbacks suppressed [ 1571.942439][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1571.954551][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1571.961711][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1571.967947][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1572.131956][T19754] usb 2-1: Using ep0 maxpacket: 16 15:28:24 executing program 4 (fault-call:5 fault-nth:15): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:28:24 executing program 5: r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) accept4$alg(r0, 0x0, 0x0, 0x0) io_setup(0x3, &(0x7f0000000140)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) syz_open_dev$swradio(&(0x7f0000000480)='/dev/swradio#\x00', 0x0, 0x2) r7 = socket$inet6(0xa, 0xa, 0xff) bind$inet6(r7, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r7, &(0x7f0000000180)={0xa, 0xfffe, 0x0, @ipv4={[], [], @loopback}}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r11 = dup(r10) ioctl$PERF_EVENT_IOC_ENABLE(r11, 0x8912, 0x400200) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r13 = dup(r12) ioctl$PERF_EVENT_IOC_ENABLE(r13, 0x8912, 0x400200) r14 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r14, 0x400454ca, &(0x7f0000000000)={'eql\x00\x00\x00\x00\x00\x00\x03\x00\x00\x00\xf2\a\x00', 0x15901}) io_setup(0x4, &(0x7f0000000380)=0x0) io_submit(r15, 0x2d2, &(0x7f0000000bc0)=[&(0x7f00000001c0)={0x0, 0x5, 0x0, 0x0, 0x0, r14, 0x0, 0x4}]) io_setup(0x2, &(0x7f00000009c0)=0x0) io_submit(r16, 0x9, &(0x7f0000000940)) [ 1572.252145][T19754] usb 2-1: config index 0 descriptor too short (expected 3364, got 36) [ 1572.261448][T19754] usb 2-1: config 18 has too many interfaces: 122, using maximum allowed: 32 [ 1572.270950][T19754] usb 2-1: config 18 has 0 interfaces, different from the descriptor's value: 122 [ 1572.280392][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1572.289854][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 15:28:24 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1572.332359][T19765] usb 4-1: config 2 has too many interfaces: 255, using maximum allowed: 32 [ 1572.341291][T19765] usb 4-1: config 2 has 0 interfaces, different from the descriptor's value: 255 [ 1572.350857][T19765] usb 4-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=dd.cb [ 1572.360236][T19765] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1572.422378][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1572.428661][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1572.435093][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1572.441297][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1572.447723][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1572.454090][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1572.493538][T28885] FAULT_INJECTION: forcing a failure. [ 1572.493538][T28885] name failslab, interval 1, probability 0, space 0, times 0 [ 1572.506534][T28885] CPU: 0 PID: 28885 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1572.514481][T28885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1572.524590][T28885] Call Trace: [ 1572.527958][T28885] dump_stack+0x191/0x1f0 [ 1572.532373][T28885] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1572.538343][T28885] should_fail+0xa3f/0xa50 15:28:24 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1572.543804][T28885] __should_failslab+0x264/0x280 [ 1572.548813][T28885] should_failslab+0x29/0x70 [ 1572.553469][T28885] kmem_cache_alloc+0xd6/0xd10 [ 1572.558736][T28885] ? new_inode_pseudo+0x11d/0x590 [ 1572.564902][T28885] new_inode_pseudo+0x11d/0x590 [ 1572.569863][T28885] new_inode+0x5a/0x3d0 [ 1572.574106][T28885] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1572.580079][T28885] debugfs_create_dir+0x11f/0x800 [ 1572.585188][T28885] hci_register_dev+0x54f/0xfd0 [ 1572.590125][T28885] hci_uart_tty_ioctl+0xe61/0x1140 [ 1572.595346][T28885] ? hci_uart_tty_write+0x30/0x30 [ 1572.600619][T28885] tty_ioctl+0x23e2/0x3100 [ 1572.605147][T28885] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1572.611108][T28885] ? tty_do_resize+0x230/0x230 [ 1572.615913][T28885] do_vfs_ioctl+0xea8/0x2c50 [ 1572.620556][T28885] ? security_file_ioctl+0x1bd/0x200 [ 1572.625886][T28885] __se_sys_ioctl+0x1da/0x270 [ 1572.630604][T28885] __x64_sys_ioctl+0x4a/0x70 [ 1572.635221][T28885] do_syscall_64+0xb6/0x160 [ 1572.639848][T28885] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1572.645759][T28885] RIP: 0033:0x459f39 [ 1572.649683][T28885] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1572.669416][T28885] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1572.677949][T28885] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1572.686038][T28885] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 15:28:24 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x81) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1572.694032][T28885] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1572.702022][T28885] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1572.710143][T28885] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1572.718924][T28885] debugfs: out of free dentries, can not create directory 'hci0' [ 1572.772319][T19765] usb 4-1: string descriptor 0 read error: -71 [ 1572.787526][T19765] usb 4-1: USB disconnect, device number 42 15:28:24 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:24 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1573.532068][T28149] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 1573.902281][T28149] usb 4-1: config 2 has too many interfaces: 255, using maximum allowed: 32 [ 1573.911230][T28149] usb 4-1: config 2 has 0 interfaces, different from the descriptor's value: 255 [ 1573.920677][T28149] usb 4-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=dd.cb [ 1573.929860][T28149] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1574.212250][T28149] usb 4-1: string descriptor 0 read error: -71 [ 1574.225721][T28149] usb 4-1: USB disconnect, device number 43 15:28:26 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGUNIQ(r1, 0x80404508, &(0x7f0000000080)=""/214) 15:28:26 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0x0, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:26 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x81) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1574.632422][T19754] usb 2-1: string descriptor 0 read error: -71 [ 1574.647595][T19754] usb 2-1: USB disconnect, device number 113 15:28:26 executing program 3: r0 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000)='/dev/video1\x00', 0x2, 0x0) ioctl$VIDIOC_G_MODULATOR(r0, 0xc0445636, &(0x7f0000000040)={0x1000, "41e60e432e37fa1d733af9d43fc6c4fe957e84c78a32598e9c9577c980bd32d7", 0x1000, 0xfff, 0xbe, 0x0, 0x2}) recvmmsg(0xffffffffffffffff, &(0x7f0000004940)=[{{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev}, 0x80, &(0x7f0000000340)=[{&(0x7f0000000140)=""/29, 0x1d}, {&(0x7f0000000180)=""/113, 0x71}, {&(0x7f0000000200)=""/232, 0xe8}, {&(0x7f0000000300)=""/28, 0x1c}], 0x4, &(0x7f0000000380)=""/69, 0x45}, 0x1}, {{&(0x7f0000000400)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @remote}}, 0x80, &(0x7f00000005c0)=[{&(0x7f0000000480)=""/3, 0x3}, {&(0x7f00000004c0)=""/30, 0x1e}, {&(0x7f0000000500)=""/148, 0x94}], 0x3}, 0x3ff}, {{&(0x7f0000000600)=@isdn, 0x80, &(0x7f0000000740)=[{&(0x7f0000000680)=""/75, 0x4b}, {&(0x7f0000000700)=""/14, 0xe}], 0x2, &(0x7f0000000780)=""/102, 0x66}, 0xfffffff7}, {{&(0x7f0000000800)=@sco, 0x80, &(0x7f0000002b80)=[{&(0x7f0000000880)=""/76, 0x4c}, {&(0x7f0000000900)=""/216, 0xd8}, {&(0x7f0000000a00)=""/164, 0xa4}, {&(0x7f0000000ac0)=""/172, 0xac}, {&(0x7f0000000b80)=""/4096, 0x1000}, {&(0x7f0000001b80)=""/4096, 0x1000}], 0x6, &(0x7f0000002c00)=""/161, 0xa1}, 0x266}, {{&(0x7f0000002cc0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev}}}, 0x80, &(0x7f0000003140)=[{&(0x7f0000002d40)=""/216, 0xd8}, {&(0x7f0000002e40)=""/100, 0x64}, {&(0x7f0000002ec0)=""/192, 0xc0}, {&(0x7f0000002f80)=""/160, 0xa0}, {&(0x7f0000003040)=""/204, 0xcc}], 0x5}}, {{&(0x7f00000031c0)=@in6={0xa, 0x0, 0x0, @remote}, 0x80, &(0x7f0000003740)=[{&(0x7f0000003240)=""/27, 0x1b}, {&(0x7f0000003280)=""/6, 0x6}, {&(0x7f00000032c0)=""/201, 0xc9}, {&(0x7f00000033c0)=""/250, 0xfa}, {&(0x7f00000034c0)=""/150, 0x96}, {&(0x7f0000003580)=""/214, 0xd6}, {&(0x7f0000003680)=""/31, 0x1f}, {&(0x7f00000036c0)=""/52, 0x34}, {&(0x7f0000003700)=""/34, 0x22}], 0x9, &(0x7f0000003800)=""/183, 0xb7}, 0x8000}, {{0x0, 0x0, &(0x7f0000003900)=[{&(0x7f00000038c0)=""/53, 0x35}], 0x1, &(0x7f0000003940)=""/4096, 0x1000}, 0x7}], 0x7, 0x20, &(0x7f0000004b00)={0x0, 0x989680}) ioctl$SIOCGETLINKNAME(r1, 0x89e0, &(0x7f0000004b40)) fcntl$notify(r1, 0x402, 0x10) ioctl$FS_IOC_GET_ENCRYPTION_PWSALT(r0, 0x40106614, &(0x7f0000004bc0)) getsockopt$ARPT_SO_GET_INFO(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000004c00)={'filter\x00'}, &(0x7f0000004c80)=0x44) setsockopt$IP_VS_SO_SET_STARTDAEMON(r1, 0x0, 0x48b, &(0x7f0000004cc0)={0x3, 'erspan0\x00', 0x2}, 0x18) r2 = openat$autofs(0xffffffffffffff9c, &(0x7f0000004d00)='/dev/autofs\x00', 0x60d3c8f36834136b, 0x0) ioctl$SG_EMULATED_HOST(r2, 0x2203, &(0x7f0000004d40)) ioctl$sock_SIOCGIFCONF(r2, 0x8912, &(0x7f0000004dc0)=@req={0x28, &(0x7f0000004d80)={'eql\x00', @ifru_hwaddr=@remote}}) fsetxattr(r1, &(0x7f0000004e00)=@known='trusted.overlay.nlink\x00', &(0x7f0000004e40)='eql\x00', 0x4, 0x4) getsockopt$inet_mreqn(r2, 0x0, 0x40, &(0x7f0000006040)={@dev, @loopback, 0x0}, &(0x7f0000006080)=0xc) bpf$PROG_LOAD(0x5, &(0x7f0000006140)={0xd, 0x6, &(0x7f0000004e80)=@raw=[@initr0={0x18, 0x0, 0x0, 0x0, 0x5b0050bb, 0x0, 0x0, 0x0, 0xb56}, @call, @jmp={0x5, 0x1, 0x13, 0x6, 0xb, 0x365316c03dd3ec8a}, @func={0x85, 0x0, 0x1, 0x0, 0xfffffffffffffffe}, @jmp={0x5, 0x1, 0xa, 0x3, 0x6, 0x9be722e2f874fb02, 0xfffffffffffffffc}], &(0x7f0000004ec0)='GPL\x00', 0x1000, 0x1000, &(0x7f0000004f00)=""/4096, 0x41100, 0x0, [], r3, 0x309b69c2a86312d, 0xffffffffffffffff, 0x8, &(0x7f00000060c0)={0x2, 0x5}, 0x8, 0x10, &(0x7f0000006100)={0x4, 0x2, 0x0, 0x80000001}, 0x10}, 0x70) bind$inet6(0xffffffffffffffff, &(0x7f00000061c0)={0xa, 0x4e24, 0x2, @initdev={0xfe, 0x88, [], 0x1, 0x0}, 0x81}, 0x1c) r4 = syz_open_dev$media(&(0x7f0000006200)='/dev/media#\x00', 0x200, 0x4000) ioctl$UI_SET_SWBIT(r4, 0x4004556d, 0x6) r5 = syz_open_dev$adsp(&(0x7f0000006240)='/dev/adsp#\x00', 0x4873, 0x44c0) ioctl$RTC_PIE_OFF(r5, 0x7006) r6 = creat(&(0x7f0000006280)='./file0\x00', 0x80) ioctl$KVM_GET_REGS(r6, 0x8090ae81, &(0x7f00000062c0)) r7 = socket$inet6_sctp(0xa, 0x7, 0x84) fsetxattr$trusted_overlay_redirect(r7, &(0x7f0000006380)='trusted.overlay.redirect\x00', &(0x7f00000063c0)='./file0\x00', 0x8, 0x2) ioctl$LOOP_SET_STATUS(r6, 0x4c02, &(0x7f0000006400)={0x0, 0x0, 0x0, 0x0, 0xfff, 0x0, 0x18, 0x8, "ceb9cd127fb4e90c63dde27fb3f0c4f143aaca69ff2a001eb73451c4efbb67966e057ef126ebc4da57a93503371a700129f31b8ae561ae34082adb42b7bdd6db", "7bd0b06c7ba56b7ca686be3ec135e5e7a634d01b3ca6dce86fd2162ad63e626f", [0x0, 0x9]}) r8 = open(&(0x7f00000064c0)='./file0/file0\x00', 0x20000, 0x190) setsockopt$inet_sctp6_SCTP_RECVNXTINFO(r8, 0x84, 0x21, &(0x7f0000006500)=0x1, 0x4) r9 = openat$proc_capi20(0xffffffffffffff9c, &(0x7f0000006540)='/proc/capi/capi20\x00', 0x8402, 0x0) ioctl$USBDEVFS_DROP_PRIVILEGES(r9, 0x4004551e, &(0x7f0000006580)=0x4) r10 = openat$null(0xffffffffffffff9c, &(0x7f00000065c0)='/dev/null\x00', 0x2000, 0x0) setsockopt$inet_sctp_SCTP_ADAPTATION_LAYER(r10, 0x84, 0x7, &(0x7f0000006600), 0x4) 15:28:26 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1574.902192][T19765] Bluetooth: hci0: command 0x1003 tx timeout [ 1574.908722][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1575.052179][T19754] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 1575.302084][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1575.422424][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1575.433704][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1575.446936][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1575.456157][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1575.470503][T19754] usb 2-1: config 0 descriptor?? [ 1576.212221][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1576.218446][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1576.227269][T19754] usb 2-1: USB disconnect, device number 114 [ 1576.922156][T28149] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 1576.982161][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1576.988619][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1577.181999][T28149] usb 2-1: Using ep0 maxpacket: 16 [ 1577.302329][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1577.313471][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1577.326589][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1577.336136][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1577.345736][T28149] usb 2-1: config 0 descriptor?? [ 1577.722312][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1577.728522][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1577.737321][T28149] usb 2-1: USB disconnect, device number 115 [ 1578.182334][ C1] net_ratelimit: 20 callbacks suppressed [ 1578.182357][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1578.194294][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1578.200415][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1578.206549][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1578.662549][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1578.668779][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1578.675274][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1578.681354][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1578.687784][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1578.693938][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1579.062068][T19754] Bluetooth: hci0: command 0x1009 tx timeout 15:28:35 executing program 4 (fault-call:5 fault-nth:16): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:28:35 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:35 executing program 3: socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) close(r0) r2 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x10000000013, &(0x7f0000d06000)=0x1, 0x4) setsockopt$inet_opts(r2, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000200)='syz_tun\x00', 0x10) connect$inet(r2, &(0x7f00000005c0)={0x2, 0x0, @local}, 0x10) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) setsockopt$inet_mtu(r4, 0x0, 0xa, &(0x7f0000000080), 0x4) setsockopt$inet_tcp_TCP_REPAIR(r2, 0x6, 0x13, &(0x7f0000000040), 0x4) io_setup(0x6, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = openat$null(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/null\x00', 0x141400, 0x0) ioctl$EXT4_IOC_SETFLAGS(r1, 0x40086602, &(0x7f0000000400)=0x10000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000100)={0xffffffffffffffff}, 0x13f, 0x9}}, 0x20) write$RDMA_USER_CM_CMD_ACCEPT(r7, &(0x7f00000002c0)={0x8, 0x120, 0xfa00, {0x3, {0x3583, 0x80000000, "935598e686aa651855ca22aff4367c6dca7b17e2e6680872758efc40651f44a218828804a85848c7ba629048ffddad8b91e6c4e26f9722035317d5ce4a8c6ad67bb181856ca5b49cf5e5f0b6fad73a662476b7086173c7c02c619942058738a441d4099ef56690430cbae170a7fda4d8eee06379544e20d42a092ea5bb19d2e7abb8d1020b848720a1b74822a6ba7137da9b4a036ee7483aeb45edf634d9b09bbd321b6de25b4b11eaad48ee8cdec4cf1c3ba34bc88eb0bae4feb5b90470354d494ce5537e1f783434bc39fb8a55f975d83d0d802e9857d4607d3e38e978b910a3fce42acebbea35ddcfa3a683f373fb3bae5595132c58a1abb3f3caf5726613", 0x1f, 0x5, 0x8, 0x2, 0x1, 0x2, 0x20, 0x1}, r8}}, 0x128) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) r9 = syz_open_dev$audion(&(0x7f0000000240)='/dev/audio#\x00', 0x800, 0x8000) setsockopt$TIPC_IMPORTANCE(r9, 0x10f, 0x7f, &(0x7f0000000880)=0x5, 0x4) bpf$MAP_CREATE(0x2, &(0x7f0000000040)={0x0, 0x0, 0x77fffb, 0x0, 0x0, 0x0}, 0x3c) io_submit(r5, 0x1e09328e, &(0x7f0000000040)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x1000800000000001, 0x0, r0, 0x0, 0x12f}]) 15:28:35 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = openat$ipvs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/vs/secure_tcp\x00', 0x2, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r1, 0x84, 0x64, &(0x7f0000000080)=[@in6={0xa, 0x4e21, 0x200, @rand_addr="9b9e6085cc18271f4cf3191634e2772f", 0xe1}, @in6={0xa, 0x4e23, 0x9, @mcast1, 0xffffff81}, @in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x23}}, @in6={0xa, 0x4e20, 0xac5e, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x7fffffff}, @in6={0xa, 0x4e23, 0x4, @initdev={0xfe, 0x88, [], 0x0, 0x0}, 0x5}, @in6={0xa, 0x4e24, 0x401, @remote, 0x8}, @in6={0xa, 0x4e21, 0xffffffc1, @remote}], 0xb8) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB="dd"], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:28:35 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x81) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:28:35 executing program 5: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000000)="0800b5055e0bcfe87b0071") r1 = socket$inet6(0xa, 0x2, 0x0) connect$inet6(r1, &(0x7f0000000080)={0xa, 0x0, 0x0, @empty}, 0x1c) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0)='IPVS\x00') sendmsg$IPVS_CMD_GET_SERVICE(r3, &(0x7f0000000200)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0xbc, r4, 0x200, 0x70bd26, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x29e4}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, [@IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e20}, @IPVS_DEST_ATTR_FWD_METHOD={0x8, 0x3, 0x2}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e20}, @IPVS_DEST_ATTR_PORT={0x8, 0x2, 0x4e22}, @IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0x80000000}, @IPVS_DEST_ATTR_TUN_PORT={0x8, 0xe, 0x4e24}]}, @IPVS_CMD_ATTR_SERVICE={0x54, 0x1, [@IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x4}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x1d}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x544f1fd8}, @IPVS_SVC_ATTR_FWMARK={0x8}, @IPVS_SVC_ATTR_PE_NAME={0x8, 0xb, 'sip\x00'}, @IPVS_SVC_ATTR_SCHED_NAME={0x8, 0x6, 'fo\x00'}, @IPVS_SVC_ATTR_TIMEOUT={0x8, 0x8, 0x37f}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x4}, @IPVS_SVC_ATTR_PROTOCOL={0x8, 0x2, 0x16}, @IPVS_SVC_ATTR_FWMARK={0x8, 0x5, 0x2}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x40}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x9}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8}]}, 0xbc}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f000014f000)={0x0, 0x0, &(0x7f00000bfff0)={&(0x7f0000000440)=ANY=[@ANYBLOB="b8000000190001ffff04000000000000ff010000000000a85400000000000001e000000100000000000000000000000000000000000000000a0000000000000029430f7a21dda26d37ff6842a842fdfe0632078a", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ec0000000000000000000000000000e33eb88500a22580106acb896827348a8f4df0744c73a5fd4bb1bff83e874c60070d634a3c9097ad93ec3d5d4488fa286145aaa8bf5bf03374a977b588c801e1f42c54460d9ea61c9749ae06a2289c3395839605854e8c617261f43bad0fd3ba5ade9fbb68c08e83"], 0xb8}}, 0x0) [ 1583.279812][T28941] FAULT_INJECTION: forcing a failure. [ 1583.279812][T28941] name failslab, interval 1, probability 0, space 0, times 0 [ 1583.292936][T28941] CPU: 0 PID: 28941 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1583.301243][T28941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1583.311791][T28941] Call Trace: [ 1583.315282][T28941] dump_stack+0x191/0x1f0 [ 1583.320144][T28941] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1583.326158][T28941] should_fail+0xa3f/0xa50 [ 1583.330763][T28941] __should_failslab+0x264/0x280 [ 1583.335792][T28941] should_failslab+0x29/0x70 [ 1583.340457][T28941] __kmalloc_track_caller+0x1ad/0xea0 [ 1583.345888][T28941] ? __msan_metadata_ptr_for_store_4+0x13/0x20 [ 1583.352109][T28941] ? kvasprintf_const+0x304/0x390 [ 1583.357175][T28941] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1583.363119][T28941] ? strlen+0x51/0x90 [ 1583.367144][T28941] kstrdup_const+0x157/0x260 [ 1583.371787][T28941] kvasprintf_const+0x304/0x390 [ 1583.376696][T28941] kobject_set_name_vargs+0x11f/0x380 [ 1583.382112][T28941] dev_set_name+0x202/0x250 [ 1583.386666][T28941] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1583.392653][T28941] hci_register_dev+0x5f8/0xfd0 [ 1583.397637][T28941] hci_uart_tty_ioctl+0xe61/0x1140 [ 1583.402792][T28941] ? hci_uart_tty_write+0x30/0x30 [ 1583.407845][T28941] tty_ioctl+0x23e2/0x3100 [ 1583.412338][T28941] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1583.418418][T28941] ? tty_do_resize+0x230/0x230 [ 1583.423265][T28941] do_vfs_ioctl+0xea8/0x2c50 [ 1583.427910][T28941] ? security_file_ioctl+0x1bd/0x200 [ 1583.433269][T28941] __se_sys_ioctl+0x1da/0x270 [ 1583.438273][T28941] __x64_sys_ioctl+0x4a/0x70 [ 1583.442909][T28941] do_syscall_64+0xb6/0x160 [ 1583.447454][T28941] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1583.453469][T28941] RIP: 0033:0x459f39 [ 1583.457422][T28941] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1583.477078][T28941] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1583.485559][T28941] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1583.493752][T28941] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1583.501770][T28941] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1583.509772][T28941] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1583.517776][T28941] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 15:28:35 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1583.526645][T28941] Bluetooth: Can't register HCI device 15:28:35 executing program 3: r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x7a, 0x7, 0x15, 0x20, 0x46d, 0x892, 0xc04c, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x1a, 0x0, 0x0, 0xaf, 0xd, 0xb2}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000940)={0xac, &(0x7f00000003c0), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) dup(r2) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000000000)={0x0}) ioctl$DRM_IOCTL_SWITCH_CTX(r3, 0x40086424, &(0x7f0000000080)={r4}) [ 1583.602235][T19754] usb 2-1: new high-speed USB device number 116 using dummy_hcd 15:28:35 executing program 4 (fault-call:5 fault-nth:17): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:28:35 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x81) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x81) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1583.810885][T28952] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1583.819334][T28952] FAULT_INJECTION: forcing a failure. [ 1583.819334][T28952] name failslab, interval 1, probability 0, space 0, times 0 [ 1583.833920][T28952] CPU: 0 PID: 28952 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1583.841864][T28952] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1583.842196][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1583.851962][T28952] Call Trace: [ 1583.852024][T28952] dump_stack+0x191/0x1f0 [ 1583.852079][T28952] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1583.852131][T28952] should_fail+0xa3f/0xa50 [ 1583.852192][T28952] __should_failslab+0x264/0x280 [ 1583.852240][T28952] should_failslab+0x29/0x70 [ 1583.852280][T28952] kmem_cache_alloc+0xd6/0xd10 [ 1583.852325][T28952] ? __kernfs_new_node+0x1a2/0xb70 [ 1583.852387][T28952] __kernfs_new_node+0x1a2/0xb70 [ 1583.900207][T28952] ? kmsan_internal_poison_shadow+0xbd/0x120 [ 1583.906838][T28952] ? kvasprintf_const+0x304/0x390 [ 1583.911899][T28952] ? tty_ioctl+0x23e2/0x3100 [ 1583.916691][T28952] ? do_syscall_64+0xb6/0x160 [ 1583.921407][T28952] ? entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1583.927517][T28952] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1583.933452][T28952] kernfs_create_dir_ns+0x1f2/0x5b0 [ 1583.938696][T28952] sysfs_create_dir_ns+0x259/0x600 [ 1583.943869][T28952] kobject_add_internal+0xd2e/0x18d0 [ 1583.949215][T28952] kobject_add+0x311/0x4e0 [ 1583.953707][T28952] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1583.959627][T28952] get_device_parent+0x8bd/0xaa0 [ 1583.964609][T28952] device_add+0x84b/0x2df0 [ 1583.969083][T28952] hci_register_dev+0x61a/0xfd0 [ 1583.973976][T28952] hci_uart_tty_ioctl+0xe61/0x1140 [ 1583.979383][T28952] ? hci_uart_tty_write+0x30/0x30 [ 1583.984609][T28952] tty_ioctl+0x23e2/0x3100 [ 1583.989162][T28952] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1583.995087][T28952] ? tty_do_resize+0x230/0x230 [ 1583.999881][T28952] do_vfs_ioctl+0xea8/0x2c50 [ 1584.004515][T28952] ? security_file_ioctl+0x1bd/0x200 [ 1584.009934][T28952] __se_sys_ioctl+0x1da/0x270 [ 1584.014650][T28952] __x64_sys_ioctl+0x4a/0x70 [ 1584.019268][T28952] do_syscall_64+0xb6/0x160 [ 1584.023826][T28952] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1584.029734][T28952] RIP: 0033:0x459f39 [ 1584.033661][T28952] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1584.053309][T28952] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1584.061838][T28952] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1584.069826][T28952] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1584.078083][T28952] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1584.086081][T28952] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1584.094072][T28952] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1584.102460][T28952] kobject_add_internal failed for bluetooth (error: -12 parent: virtual) 15:28:36 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1584.111007][T28952] Bluetooth: Can't register HCI device 15:28:36 executing program 4 (fault-call:5 fault-nth:18): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1584.192574][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1584.204136][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1584.217156][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1584.226360][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 15:28:36 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1584.271570][T28961] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1584.280209][T28961] FAULT_INJECTION: forcing a failure. [ 1584.280209][T28961] name failslab, interval 1, probability 0, space 0, times 0 [ 1584.293195][T28961] CPU: 0 PID: 28961 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1584.301193][T28961] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1584.311305][T28961] Call Trace: [ 1584.314671][T28961] dump_stack+0x191/0x1f0 [ 1584.319090][T28961] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1584.325081][T28961] should_fail+0xa3f/0xa50 [ 1584.329564][T28961] __should_failslab+0x264/0x280 [ 1584.334540][T28961] should_failslab+0x29/0x70 [ 1584.339250][T28961] __kmalloc_track_caller+0x1ad/0xea0 [ 1584.345175][T28961] ? kmsan_internal_set_origin+0x6a/0xb0 [ 1584.350833][T28961] ? __kernfs_new_node+0x125/0xb70 [ 1584.355988][T28961] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1584.361918][T28961] ? strlen+0x51/0x90 [ 1584.365943][T28961] kstrdup_const+0x157/0x260 [ 1584.370581][T28961] __kernfs_new_node+0x125/0xb70 [ 1584.375551][T28961] ? kernfs_add_one+0x9ea/0xa60 [ 1584.380459][T28961] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1584.386396][T28961] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1584.392332][T28961] kernfs_create_dir_ns+0x1f2/0x5b0 [ 1584.397580][T28961] sysfs_create_dir_ns+0x259/0x600 [ 1584.403263][T28961] kobject_add_internal+0xd2e/0x18d0 [ 1584.408595][T28961] kobject_add+0x311/0x4e0 [ 1584.413070][T28961] ? get_device_parent+0xa4c/0xaa0 [ 1584.418211][T28961] device_add+0xb1c/0x2df0 [ 1584.422548][ C1] net_ratelimit: 20 callbacks suppressed [ 1584.422566][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1584.423277][T28961] hci_register_dev+0x61a/0xfd0 [ 1584.429364][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1584.434711][T28961] hci_uart_tty_ioctl+0xe61/0x1140 [ 1584.434761][T28961] ? hci_uart_tty_write+0x30/0x30 [ 1584.434798][T28961] tty_ioctl+0x23e2/0x3100 [ 1584.434875][T28961] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1584.440449][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1584.445493][T28961] ? tty_do_resize+0x230/0x230 [ 1584.445540][T28961] do_vfs_ioctl+0xea8/0x2c50 [ 1584.445601][T28961] ? security_file_ioctl+0x1bd/0x200 [ 1584.451182][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1584.455777][T28961] __se_sys_ioctl+0x1da/0x270 [ 1584.455831][T28961] __x64_sys_ioctl+0x4a/0x70 [ 1584.455889][T28961] do_syscall_64+0xb6/0x160 [ 1584.506074][T28961] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1584.511983][T28961] RIP: 0033:0x459f39 [ 1584.515916][T28961] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1584.535801][T28961] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1584.544414][T28961] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1584.552415][T28961] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1584.560400][T28961] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1584.568652][T28961] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1584.576728][T28961] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1584.585082][T28961] kobject_add_internal failed for hci0 (error: -12 parent: bluetooth) [ 1584.593442][T28961] Bluetooth: Can't register HCI device [ 1584.596845][T19754] usb 2-1: config 0 descriptor?? [ 1584.603241][T28149] usb 4-1: new high-speed USB device number 44 using dummy_hcd 15:28:36 executing program 4 (fault-call:5 fault-nth:19): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:28:36 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x81) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x81) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1584.800851][T28969] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1584.809662][T28969] FAULT_INJECTION: forcing a failure. [ 1584.809662][T28969] name failslab, interval 1, probability 0, space 0, times 0 [ 1584.822428][T28969] CPU: 0 PID: 28969 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1584.830363][T28969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1584.840445][T28969] Call Trace: [ 1584.843881][T28969] dump_stack+0x191/0x1f0 [ 1584.848251][T28969] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1584.854182][T28969] should_fail+0xa3f/0xa50 [ 1584.858819][T28969] __should_failslab+0x264/0x280 [ 1584.863798][T28969] should_failslab+0x29/0x70 [ 1584.868409][T28969] kmem_cache_alloc+0xd6/0xd10 [ 1584.873200][T28969] ? mutex_unlock+0x38/0x90 [ 1584.877733][T28969] ? __kernfs_new_node+0x1a2/0xb70 [ 1584.882886][T28969] __kernfs_new_node+0x1a2/0xb70 [ 1584.887887][T28969] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1584.893924][T28969] kernfs_new_node+0x18e/0x350 [ 1584.898728][T28969] kernfs_create_link+0x163/0x3f0 [ 1584.903792][T28969] sysfs_do_create_link_sd+0x19c/0x370 [ 1584.909644][T28969] sysfs_create_link+0x125/0x190 [ 1584.914611][T28969] device_add+0xffb/0x2df0 [ 1584.919685][T28969] hci_register_dev+0x61a/0xfd0 [ 1584.924575][T28969] hci_uart_tty_ioctl+0xe61/0x1140 [ 1584.929724][T28969] ? hci_uart_tty_write+0x30/0x30 [ 1584.934768][T28969] tty_ioctl+0x23e2/0x3100 [ 1584.939237][T28969] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1584.945255][T28969] ? tty_do_resize+0x230/0x230 [ 1584.950063][T28969] do_vfs_ioctl+0xea8/0x2c50 [ 1584.954698][T28969] ? security_file_ioctl+0x1bd/0x200 [ 1584.960045][T28969] __se_sys_ioctl+0x1da/0x270 [ 1584.964765][T28969] __x64_sys_ioctl+0x4a/0x70 [ 1584.969389][T28969] do_syscall_64+0xb6/0x160 [ 1584.973931][T28969] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1584.979838][T28969] RIP: 0033:0x459f39 [ 1584.983762][T28969] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1585.003388][T28969] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1585.011829][T28969] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1585.019907][T28969] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1585.028071][T28969] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1585.036154][T28969] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1585.044145][T28969] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1585.052812][T28969] Bluetooth: Can't register HCI device [ 1585.059133][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1585.065439][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1585.071655][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1585.077792][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1585.084095][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1585.090192][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1585.154003][T28149] usb 4-1: Using ep0 maxpacket: 32 [ 1585.319294][T28149] usb 4-1: config 0 has an invalid interface number: 26 but max is 0 [ 1585.327645][T28149] usb 4-1: config 0 has no interface number 0 [ 1585.334014][T28149] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=c0.4c [ 1585.343210][T28149] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1585.362742][T28149] usb 4-1: config 0 descriptor?? [ 1585.426734][T28149] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 1585.542226][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1585.548422][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1585.559829][T19754] usb 2-1: USB disconnect, device number 116 [ 1585.852347][T28149] gspca_vc032x: reg_w err -71 [ 1585.857209][T28149] vc032x: probe of 4-1:0.26 failed with error -71 [ 1585.866582][T28149] usb 4-1: USB disconnect, device number 44 [ 1586.251990][T27852] usb 2-1: new high-speed USB device number 117 using dummy_hcd [ 1586.502157][T27852] usb 2-1: Using ep0 maxpacket: 16 [ 1586.611996][T28149] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 1586.622981][T27852] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1586.634178][T27852] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1586.647277][T27852] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1586.656566][T27852] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1586.667553][T27852] usb 2-1: config 0 descriptor?? [ 1586.892066][T28149] usb 4-1: Using ep0 maxpacket: 32 15:28:39 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) r1 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'sy{'}, &(0x7f0000000180)="d38100ffe6002b452b7b4f0a7ff32588e4b3a5e608000000", 0x18, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r1, r2, r1}, &(0x7f0000000500)=""/83, 0x53, 0x0) keyctl$set_timeout(0xf, r1, 0xe9d) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) [ 1587.032753][T28149] usb 4-1: config 0 has an invalid interface number: 26 but max is 0 [ 1587.040910][T28149] usb 4-1: config 0 has no interface number 0 [ 1587.047653][T28149] usb 4-1: New USB device found, idVendor=046d, idProduct=0892, bcdDevice=c0.4c [ 1587.056871][T28149] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1587.066573][T27852] usbhid 2-1:0.0: can't add hid device: -71 [ 1587.072927][T27852] usbhid: probe of 2-1:0.0 failed with error -71 [ 1587.081501][T27852] usb 2-1: USB disconnect, device number 117 [ 1587.090052][T28149] usb 4-1: config 0 descriptor?? [ 1587.136783][T28149] gspca_main: vc032x-2.14.0 probing 046d:0892 [ 1587.362274][T28149] gspca_vc032x: reg_r err -71 [ 1587.367282][T28149] vc032x: probe of 4-1:0.26 failed with error -71 [ 1587.388746][T28149] usb 4-1: USB disconnect, device number 45 [ 1587.462140][T27852] usb 2-1: new high-speed USB device number 118 using dummy_hcd [ 1587.722251][T27852] usb 2-1: Using ep0 maxpacket: 16 [ 1587.862381][T27852] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1587.873556][T27852] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1587.886722][T27852] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1587.895918][T27852] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1587.905513][T27852] usb 2-1: config 0 descriptor?? [ 1588.622354][T27852] usbhid 2-1:0.0: can't add hid device: -71 [ 1588.628631][T27852] usbhid: probe of 2-1:0.0 failed with error -71 [ 1588.637717][T27852] usb 2-1: USB disconnect, device number 118 [ 1589.342201][T19754] usb 2-1: new high-speed USB device number 119 using dummy_hcd [ 1589.582047][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1589.702217][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1589.713444][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1589.726913][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1589.736505][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1589.746196][T19754] usb 2-1: config 0 descriptor?? [ 1590.142371][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1590.148640][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1590.157917][T19754] usb 2-1: USB disconnect, device number 119 [ 1590.662341][ C1] net_ratelimit: 20 callbacks suppressed [ 1590.662363][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1590.674341][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1590.680478][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1590.686792][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1591.302396][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1591.308519][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1591.314763][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1591.321196][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1591.327335][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1591.333351][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:28:44 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat(r4, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) ioctl$HIDIOCGCOLLECTIONINDEX(r5, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) r6 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@newlink={0x5c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_PORT_SELF={0x34, 0x19, [@IFLA_PORT_PROFILE={0x30, 0x2, 'md5sum/(loposix_acl_access/@)vmnet1{self\x00'}]}, @IFLA_GROUP={0x8}]}, 0x5c}}, 0x0) 15:28:44 executing program 4 (fault-call:5 fault-nth:20): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:28:44 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x0) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:44 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x81) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x81) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:28:44 executing program 3: r0 = syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000240)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x1, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7, 0x1, 0x0, 0x2}}]}}]}}, 0x0) syz_usb_control_io(r0, &(0x7f0000000640)={0x2c, &(0x7f0000000440)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$sndpcmp(&(0x7f0000000000)='/dev/snd/pcmC#D#p\x00', 0x800, 0x20000) ioctl$ASHMEM_GET_PROT_MASK(r1, 0x7706, &(0x7f0000000040)) r2 = syz_usb_connect$printer(0x1, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x140, 0x0, 0x0, 0x0, 0x20, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x2, 0x20, 0x70, [{{0x9, 0x4, 0x0, 0x2, 0x2, 0x7, 0x1, 0x2, 0x40, "", {{{0x9, 0x5, 0x1, 0x2, 0x2f8, 0x6, 0x3, 0xd2}}, [{{0x9, 0x5, 0x82, 0x2, 0xcf, 0x9, 0x6b, 0x27}}]}}}]}}]}}, &(0x7f0000000200)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0x80, 0xe6, 0x7f, 0xff, 0x6}, 0x20, &(0x7f0000000140)={0x5, 0xf, 0x20, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0x37, 0x8, 0xd, 0x4}, @ss_cap={0xa, 0x10, 0x3, 0x2, 0x3, 0x9, 0x0, 0x7fff}, @ss_cap={0xa, 0x10, 0x3, 0x4, 0xc, 0xd8, 0xff, 0x8000}]}, 0x3, [{0x4, &(0x7f0000000180)=@lang_id={0x4, 0x3, 0x411}}, {0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x413}}, {0xdd, &(0x7f0000000280)=@string={0xdd, 0x3, "e81118ef49fad3203da310f4d6428d211334971800501d51a58ec3f6eb9275eeb103837e3d6b1e10a8fb5ceff2f88f5ab564528da99f1f2d43d1576ce99875972811e198ca29661ade7efebb92993fc0a0eb5186a98d7d97062e56fce3c1c43f669b93b9ac1ea255886a004cf0cde76430878a661e6a4dfeb71d65ae17481f1aeca4b9212cea788c2e966ebd52b7890133924de3bbec62e74c61fe8ddf951b41e6ae4c7b3907ad04adec87195eee477a1a60bf2dbb73cd10afb7a2a9198c047b4ef9d2a79c750c274a096efc7664cb9114798eaa3af65a6a14e635"}}]}) syz_usb_control_io$printer(r2, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000680)={0x0, 0x3, 0x401, @string={0xfffffffffffffde3, 0x3, "802d9a3deff75ee63da853ad8ac929dd42d464b25e4b603abf4a4516be997da8ddbae390ff3a7887d91e669c1af372fea056da86a66281e8bbe5324881523017f9714e5fc76c6a19e40e1d307f1912531918cb77753f82c4b2986b841ef52ad82431cf6f7e5984dc9185bbec8830ba42e1a3134d6990ba5ee300c9be8a6941454ae0bbc1bf472f0e5fcb65c7cbb768e0d76bab54f6391a4b820abc37c77b874d5731a33b987bd1d2435d40b0c34f29328de9a9bb22cea38722feb6cb33a3aa701ca5e76c3d418afaea139b1874a63a5c31cec6a7eac5b68d12cdcb2c18e4636b0eec7c9adfe6ef731f1b26fe6d2b20d3796d4b75b48d33f10410c708e18c8dea8f378d180e9bd280aa52042a10a21b66f06ce9a3e06f5968a2c93e48230868812e131a5b2cdfea1441af727ce82702e601e4cb6b40c2b861aa7217264285ff2f151d7e2b5de8cb67012d15f97b7c021779e72dc6b3f933ee0a03ae79ec6ca0125ce497bcf2b0b6ce2bb9d8b1118288358ee06da479347ea917704b8d5edbf2bb9400228ddcef245f855ba15e462579630301e5a678ea4450d51994956fb523311d6de016b2f467f2c2290f681051b04dedf7900896553717f27ba6269c81388620104402f69e49488ba7c767e2e7e5386ffd2c46124fbdfff8886af410a5c5672a1cf9299282d3778e8432fbe61a92ac1af40e2a974cec3fe95452c5ed1e91a7ebad94b2578f2e098fd99d16ce2831be87732c0ec0664e0a5315ad32eb9223f422f5a42e8c5ae35fb3a8e230178194a07fb8fadb35cca6c4b5c08aceb79f5bca2701598750f10db023d643a3dda83ddfe034776c8c1b4ed0b2a1a89cdbb80c834414241dbe12e070965db038431649e2e7c096f50853ea761871d0964b8e2b65f071706cdef2bc57c77d0c6580d0da93126f86c8ef5dd7e044b8a322b1763d73d45260ad13e303295ff24914ae81093c4ae9e5565535b9198b2dae2d5e3a2ad47fbd670e611b31c89cad682f5657c41a2a335dad93b0fc2c49556552d1242d30182bbfec8d415d1cca5e4f36ab79859dd3d670f062acce56814abbfa776d67eadebe2fa7a5691f309c2a04151516511f919469b681fb16500845a4d1ba78984d646ee06a504b60381eee2d22d926ef55c3e89c8ef443e8f62d7fd4fb157aeda38cfc53dac1243fc5e0dcbff8f9d873d43772760e1484e211c1eadf242f6b93cd176d4d86085e9bf823b7ccb83ff71ffdf02eb7058d177a8339d4a6d341ab9878f6011cc3d4f2672c258beeb8be4d742d4abcddb02f975366cadea34eea80ffefb0909ae3b0bac4d80d59b21f9fb48db65b021814a647d10e2c0d6c36804f946521e1a6d7060c03e5d364debfb0e670b8b5ec61e143e0c44939e83bc60a4913581a4cc0399cb7108288ebb4ac774b873031fed237d6d19232355ff3bfecceaa"}}}, 0x0) 15:28:44 executing program 1: r0 = open(&(0x7f0000000040)='./file0\x00', 0x2, 0x5) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) pipe2(&(0x7f00000000c0), 0x800) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r10 = dup(r9) ioctl$PERF_EVENT_IOC_ENABLE(r10, 0x8912, 0x400200) ioctl$SNDRV_TIMER_IOCTL_STOP(r10, 0x54a1) r11 = syz_usb_connect$hid(0x2, 0x1dab8c04, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000ffc211082240000000000109027aff010001000a09040080080301017e091a0000030122ab0009058103000082fff8e018aa72c1c3574d363a4fd5"], 0x0) ioctl$RTC_ALM_SET(r0, 0x40247007, &(0x7f0000000000)={0x20, 0x11, 0x9, 0x13, 0x3, 0xffffffff, 0x1, 0x10b}) syz_usb_control_io$hid(r11, 0x0, 0x0) syz_usb_control_io(r11, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) [ 1592.587200][T28995] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1592.595888][T28995] FAULT_INJECTION: forcing a failure. [ 1592.595888][T28995] name failslab, interval 1, probability 0, space 0, times 0 [ 1592.609271][T28995] CPU: 1 PID: 28995 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1592.617246][T28995] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1592.627446][T28995] Call Trace: [ 1592.630809][T28995] dump_stack+0x191/0x1f0 15:28:44 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1592.635228][T28995] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1592.641817][T28995] should_fail+0xa3f/0xa50 [ 1592.646342][T28995] __should_failslab+0x264/0x280 [ 1592.651365][T28995] should_failslab+0x29/0x70 [ 1592.656028][T28995] kmem_cache_alloc+0xd6/0xd10 [ 1592.661383][T28995] ? mutex_unlock+0x38/0x90 [ 1592.665965][T28995] ? __kernfs_new_node+0x1a2/0xb70 [ 1592.671260][T28995] __kernfs_new_node+0x1a2/0xb70 [ 1592.676335][T28995] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1592.682407][T28995] kernfs_new_node+0x18e/0x350 [ 1592.687281][T28995] kernfs_create_link+0x163/0x3f0 [ 1592.692402][T28995] sysfs_do_create_link_sd+0x19c/0x370 [ 1592.697950][T28995] sysfs_create_link+0x125/0x190 [ 1592.702928][T28995] device_add+0xffb/0x2df0 [ 1592.707401][T28995] hci_register_dev+0x61a/0xfd0 [ 1592.712728][T28995] hci_uart_tty_ioctl+0xe61/0x1140 [ 1592.717873][T28995] ? hci_uart_tty_write+0x30/0x30 [ 1592.722919][T28995] tty_ioctl+0x23e2/0x3100 [ 1592.727390][T28995] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1592.733324][T28995] ? tty_do_resize+0x230/0x230 [ 1592.738117][T28995] do_vfs_ioctl+0xea8/0x2c50 [ 1592.742747][T28995] ? security_file_ioctl+0x1bd/0x200 [ 1592.748069][T28995] __se_sys_ioctl+0x1da/0x270 [ 1592.752784][T28995] __x64_sys_ioctl+0x4a/0x70 [ 1592.757415][T28995] do_syscall_64+0xb6/0x160 [ 1592.761954][T28995] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1592.767863][T28995] RIP: 0033:0x459f39 [ 1592.771796][T28995] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1592.791513][T28995] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1592.799970][T28995] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1592.807967][T28995] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1592.816218][T28995] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1592.824214][T28995] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1592.832203][T28995] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1592.840938][T28995] Bluetooth: Can't register HCI device 15:28:44 executing program 4 (fault-call:5 fault-nth:21): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1592.982455][T28149] usb 2-1: new full-speed USB device number 120 using dummy_hcd [ 1592.990422][T27852] usb 4-1: new high-speed USB device number 46 using dummy_hcd 15:28:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1593.039274][T29011] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1593.048350][T29011] FAULT_INJECTION: forcing a failure. [ 1593.048350][T29011] name failslab, interval 1, probability 0, space 0, times 0 [ 1593.061307][T29011] CPU: 1 PID: 29011 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1593.069270][T29011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1593.079464][T29011] Call Trace: [ 1593.082829][T29011] dump_stack+0x191/0x1f0 [ 1593.087248][T29011] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1593.093217][T29011] should_fail+0xa3f/0xa50 [ 1593.097691][T29011] __should_failslab+0x264/0x280 [ 1593.102666][T29011] should_failslab+0x29/0x70 [ 1593.107282][T29011] __kmalloc_track_caller+0x1ad/0xea0 [ 1593.112684][T29011] ? __kernfs_new_node+0x125/0xb70 [ 1593.117829][T29011] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1593.123758][T29011] ? strlen+0x51/0x90 [ 1593.127769][T29011] kstrdup_const+0x157/0x260 [ 1593.132392][T29011] __kernfs_new_node+0x125/0xb70 [ 1593.137356][T29011] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 1593.143458][T29011] ? mutex_unlock+0x38/0x90 [ 1593.148004][T29011] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1593.153927][T29011] kernfs_new_node+0x18e/0x350 [ 1593.158819][T29011] kernfs_create_link+0x163/0x3f0 [ 1593.163906][T29011] sysfs_do_create_link_sd+0x19c/0x370 [ 1593.169425][T29011] sysfs_create_link+0x125/0x190 [ 1593.174571][T29011] device_add+0x18c7/0x2df0 [ 1593.179127][T29011] hci_register_dev+0x61a/0xfd0 [ 1593.184028][T29011] hci_uart_tty_ioctl+0xe61/0x1140 [ 1593.189192][T29011] ? hci_uart_tty_write+0x30/0x30 [ 1593.194242][T29011] tty_ioctl+0x23e2/0x3100 [ 1593.198728][T29011] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1593.204649][T29011] ? tty_do_resize+0x230/0x230 [ 1593.209437][T29011] do_vfs_ioctl+0xea8/0x2c50 [ 1593.214072][T29011] ? security_file_ioctl+0x1bd/0x200 [ 1593.219397][T29011] __se_sys_ioctl+0x1da/0x270 [ 1593.224118][T29011] __x64_sys_ioctl+0x4a/0x70 [ 1593.228743][T29011] do_syscall_64+0xb6/0x160 [ 1593.233275][T29011] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1593.239193][T29011] RIP: 0033:0x459f39 [ 1593.243115][T29011] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1593.262785][T29011] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1593.271233][T29011] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1593.279225][T29011] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1593.287341][T29011] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1593.295373][T29011] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1593.303807][T29011] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1593.312505][T29011] Bluetooth: Can't register HCI device 15:28:45 executing program 4 (fault-call:5 fault-nth:22): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:28:45 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:28:45 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, 0x0, 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1593.462210][T28149] usb 2-1: Invalid ep0 maxpacket: 512 [ 1593.468046][T27852] usb 4-1: Using ep0 maxpacket: 16 [ 1593.544813][T29019] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1593.553492][T29019] FAULT_INJECTION: forcing a failure. [ 1593.553492][T29019] name failslab, interval 1, probability 0, space 0, times 0 [ 1593.567135][T29019] CPU: 0 PID: 29019 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1593.575079][T29019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1593.585189][T29019] Call Trace: [ 1593.588568][T29019] dump_stack+0x191/0x1f0 [ 1593.593081][T29019] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1593.599069][T29019] should_fail+0xa3f/0xa50 [ 1593.603588][T29019] __should_failslab+0x264/0x280 [ 1593.608608][T29019] should_failslab+0x29/0x70 [ 1593.613268][T29019] kmem_cache_alloc+0xd6/0xd10 [ 1593.618109][T29019] ? __kernfs_new_node+0x1a2/0xb70 [ 1593.623300][T29019] ? __msan_memcpy+0x56/0x70 [ 1593.627973][T29019] __kernfs_new_node+0x1a2/0xb70 [ 1593.633007][T29019] ? mutex_unlock+0x38/0x90 [ 1593.637616][T29019] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1593.643598][T29019] kernfs_new_node+0x18e/0x350 [ 1593.648459][T29019] kernfs_create_link+0x163/0x3f0 [ 1593.653798][T29019] sysfs_do_create_link_sd+0x19c/0x370 [ 1593.659353][T29019] sysfs_create_link+0x125/0x190 [ 1593.664364][T29019] device_add+0x18c7/0x2df0 [ 1593.668972][T29019] hci_register_dev+0x61a/0xfd0 [ 1593.673916][T29019] hci_uart_tty_ioctl+0xe61/0x1140 [ 1593.679106][T29019] ? hci_uart_tty_write+0x30/0x30 [ 1593.684191][T29019] tty_ioctl+0x23e2/0x3100 [ 1593.688710][T29019] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1593.694669][T29019] ? tty_do_resize+0x230/0x230 [ 1593.699492][T29019] do_vfs_ioctl+0xea8/0x2c50 [ 1593.704135][T29019] ? security_file_ioctl+0x1bd/0x200 [ 1593.709462][T29019] __se_sys_ioctl+0x1da/0x270 [ 1593.714184][T29019] __x64_sys_ioctl+0x4a/0x70 [ 1593.718802][T29019] do_syscall_64+0xb6/0x160 [ 1593.723335][T29019] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1593.729244][T29019] RIP: 0033:0x459f39 [ 1593.733166][T29019] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1593.752794][T29019] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1593.761232][T29019] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1593.769223][T29019] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1593.777218][T29019] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1593.785212][T29019] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1593.794157][T29019] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1593.802844][T29019] Bluetooth: Can't register HCI device [ 1593.856000][T27852] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1593.882266][T28149] usb 2-1: new full-speed USB device number 121 using dummy_hcd [ 1594.042330][T27852] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1594.051630][T27852] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1594.059838][T27852] usb 4-1: Product: syz [ 1594.064192][T27852] usb 4-1: Manufacturer: syz [ 1594.068841][T27852] usb 4-1: SerialNumber: syz [ 1594.132026][T28149] usb 2-1: Invalid ep0 maxpacket: 512 [ 1594.138007][T28149] usb usb2-port1: attempt power cycle [ 1594.595868][T27852] usb 4-1: USB disconnect, device number 46 [ 1594.882056][T28149] usb 2-1: new full-speed USB device number 122 using dummy_hcd [ 1594.982424][T28149] usb 2-1: Invalid ep0 maxpacket: 512 [ 1595.142212][T28149] usb 2-1: new full-speed USB device number 123 using dummy_hcd [ 1595.242354][T28149] usb 2-1: Invalid ep0 maxpacket: 512 [ 1595.248012][T28149] usb usb2-port1: unable to enumerate USB device [ 1595.311975][T19754] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 1595.552113][T19754] usb 4-1: Using ep0 maxpacket: 16 [ 1595.672666][T19754] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1595.842215][T19754] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1595.852240][T19754] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1595.860303][T19754] usb 4-1: Product: syz [ 1595.864635][T19754] usb 4-1: Manufacturer: syz [ 1595.869300][T19754] usb 4-1: SerialNumber: syz [ 1596.096643][T19754] usb 4-1: USB disconnect, device number 47 [ 1596.714053][T29033] net_ratelimit: 20 callbacks suppressed [ 1596.714070][T29033] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1596.982322][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1596.988592][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1596.994997][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1597.001011][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1597.542325][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1597.548368][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1597.554811][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1597.560863][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1597.567281][ C0] protocol 88fb is buggy, dev hsr_slave_0 15:28:51 executing program 4 (fault-call:5 fault-nth:23): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:28:51 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x0, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:51 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000180)={0x5, @vbi}) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}, 0xc446d000a917e37d) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000280)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}}) ioctl$EVIOCGBITSND(r1, 0x80404532, &(0x7f0000000340)=""/255) r4 = gettid() syz_open_procfs(r4, &(0x7f0000000040)='loginuid\x00') ptrace$cont(0x3, r4, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000000), &(0x7f00000000c0)=0x4) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$sock_ifreq(r3, 0x8932, &(0x7f0000000100)={'eql\x00', @ifru_ivalue=0x3}) unshare(0x40000000) 15:28:51 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat(r4, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) ioctl$HIDIOCGCOLLECTIONINDEX(r5, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) r6 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@newlink={0x5c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_PORT_SELF={0x34, 0x19, [@IFLA_PORT_PROFILE={0x30, 0x2, 'md5sum/(loposix_acl_access/@)vmnet1{self\x00'}]}, @IFLA_GROUP={0x8}]}, 0x5c}}, 0x0) 15:28:51 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:28:51 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_open_dev$adsp(&(0x7f0000000040)='/dev/adsp#\x00', 0xe1, 0x400000) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$KDGKBSENT(r4, 0x4b48, &(0x7f0000000080)={0x8, 0x1, 0x5}) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) ioctl$DRM_IOCTL_SET_MASTER(r6, 0x641e) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) [ 1599.779168][T29045] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1599.787605][T29045] FAULT_INJECTION: forcing a failure. [ 1599.787605][T29045] name failslab, interval 1, probability 0, space 0, times 0 [ 1599.800890][T29045] CPU: 1 PID: 29045 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1599.808822][T29045] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1599.818913][T29045] Call Trace: [ 1599.822265][T29045] dump_stack+0x191/0x1f0 [ 1599.826668][T29045] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1599.832628][T29045] should_fail+0xa3f/0xa50 [ 1599.836172][T29040] IPVS: ftp: loaded support on port[0] = 21 [ 1599.837117][T29045] __should_failslab+0x264/0x280 [ 1599.837179][T29045] should_failslab+0x29/0x70 [ 1599.852620][T29045] kmem_cache_alloc+0xd6/0xd10 [ 1599.857457][T29045] ? __kernfs_new_node+0x1a2/0xb70 [ 1599.862640][T29045] ? __msan_memcpy+0x56/0x70 [ 1599.867830][T29045] __kernfs_new_node+0x1a2/0xb70 [ 1599.872846][T29045] ? mutex_unlock+0x38/0x90 [ 1599.877427][T29045] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1599.883392][T29045] kernfs_new_node+0x18e/0x350 [ 1599.888239][T29045] kernfs_create_link+0x163/0x3f0 [ 1599.893342][T29045] sysfs_do_create_link_sd+0x19c/0x370 [ 1599.899065][T29045] sysfs_create_link+0x125/0x190 [ 1599.904075][T29045] device_add+0x18c7/0x2df0 [ 1599.908684][T29045] hci_register_dev+0x61a/0xfd0 [ 1599.913630][T29045] hci_uart_tty_ioctl+0xe61/0x1140 [ 1599.918821][T29045] ? hci_uart_tty_write+0x30/0x30 [ 1599.923914][T29045] tty_ioctl+0x23e2/0x3100 [ 1599.928445][T29045] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1599.934404][T29045] ? tty_do_resize+0x230/0x230 [ 1599.939238][T29045] do_vfs_ioctl+0xea8/0x2c50 [ 1599.943907][T29045] ? security_file_ioctl+0x1bd/0x200 [ 1599.949270][T29045] __se_sys_ioctl+0x1da/0x270 [ 1599.955343][T29045] __x64_sys_ioctl+0x4a/0x70 [ 1599.960010][T29045] do_syscall_64+0xb6/0x160 [ 1599.964582][T29045] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1599.970518][T29045] RIP: 0033:0x459f39 [ 1599.974478][T29045] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1599.994214][T29045] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1600.003400][T29045] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1600.011440][T29045] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1600.019469][T29045] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 15:28:52 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x0, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1600.027475][T29045] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1600.036607][T29045] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1600.045801][T29045] Bluetooth: Can't register HCI device [ 1600.112145][T28149] usb 2-1: new high-speed USB device number 124 using dummy_hcd 15:28:52 executing program 4 (fault-call:5 fault-nth:24): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1600.354315][T28149] usb 2-1: Using ep0 maxpacket: 16 [ 1600.415148][T29062] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1600.423969][T29062] FAULT_INJECTION: forcing a failure. [ 1600.423969][T29062] name failslab, interval 1, probability 0, space 0, times 0 [ 1600.436956][T29062] CPU: 0 PID: 29062 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1600.444886][T29062] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1600.454990][T29062] Call Trace: [ 1600.458348][T29062] dump_stack+0x191/0x1f0 [ 1600.462864][T29062] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1600.468824][T29062] should_fail+0xa3f/0xa50 [ 1600.473318][T29062] __should_failslab+0x264/0x280 [ 1600.479013][T29062] should_failslab+0x29/0x70 [ 1600.483654][T29062] kmem_cache_alloc+0xd6/0xd10 [ 1600.488484][T29062] ? __kernfs_new_node+0x1a2/0xb70 [ 1600.493675][T29062] __kernfs_new_node+0x1a2/0xb70 [ 1600.498682][T29062] ? mutex_unlock+0x38/0x90 [ 1600.503255][T29062] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1600.509833][T29062] kernfs_new_node+0x18e/0x350 [ 1600.514756][T29062] __kernfs_create_file+0x16c/0x690 [ 1600.520034][T29062] sysfs_add_file_mode_ns+0x624/0x890 [ 1600.525493][T29062] sysfs_merge_group+0x2f3/0x5b0 [ 1600.530538][T29062] dpm_sysfs_add+0x187/0x4e0 [ 1600.535192][T29062] device_add+0x1e83/0x2df0 [ 1600.539760][T29062] ? device_add+0x1aa1/0x2df0 [ 1600.544641][T29062] hci_register_dev+0x61a/0xfd0 [ 1600.553784][T29062] hci_uart_tty_ioctl+0xe61/0x1140 [ 1600.559877][T29062] ? hci_uart_tty_write+0x30/0x30 [ 1600.565007][T29062] tty_ioctl+0x23e2/0x3100 [ 1600.569535][T29062] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1600.575510][T29062] ? tty_do_resize+0x230/0x230 [ 1600.580347][T29062] do_vfs_ioctl+0xea8/0x2c50 [ 1600.585020][T29062] ? security_file_ioctl+0x1bd/0x200 [ 1600.590397][T29062] __se_sys_ioctl+0x1da/0x270 [ 1600.595172][T29062] __x64_sys_ioctl+0x4a/0x70 [ 1600.599827][T29062] do_syscall_64+0xb6/0x160 [ 1600.604506][T29062] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1600.610433][T29062] RIP: 0033:0x459f39 [ 1600.614366][T29062] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1600.634437][T29062] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1600.643406][T29062] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1600.651401][T29062] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 15:28:52 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x0, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1600.659403][T29062] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1600.667393][T29062] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1600.675391][T29062] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1600.700430][T29062] Bluetooth: Can't register HCI device 15:28:52 executing program 3: 15:28:52 executing program 4 (fault-call:5 fault-nth:25): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1600.722690][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1600.734068][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1600.747329][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1600.756714][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1600.883491][T28149] usb 2-1: config 0 descriptor?? [ 1600.899781][T29071] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1600.908296][T29071] FAULT_INJECTION: forcing a failure. [ 1600.908296][T29071] name failslab, interval 1, probability 0, space 0, times 0 [ 1600.921278][T29071] CPU: 1 PID: 29071 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1600.929216][T29071] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1600.939757][T29071] Call Trace: [ 1600.943558][T29071] dump_stack+0x191/0x1f0 [ 1600.947966][T29071] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1600.953935][T29071] should_fail+0xa3f/0xa50 [ 1600.958552][T29071] __should_failslab+0x264/0x280 [ 1600.963842][T29071] should_failslab+0x29/0x70 [ 1600.968492][T29071] kmem_cache_alloc+0xd6/0xd10 [ 1600.973318][T29071] ? __kernfs_new_node+0x1a2/0xb70 [ 1600.978943][T29071] __kernfs_new_node+0x1a2/0xb70 [ 1600.983970][T29071] ? mutex_unlock+0x38/0x90 [ 1600.988542][T29071] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1600.994498][T29071] kernfs_new_node+0x18e/0x350 [ 1600.999417][T29071] __kernfs_create_file+0x16c/0x690 [ 1601.005112][T29071] sysfs_add_file_mode_ns+0x624/0x890 [ 1601.010623][T29071] sysfs_merge_group+0x2f3/0x5b0 [ 1601.015688][T29071] dpm_sysfs_add+0x187/0x4e0 [ 1601.020311][T29071] device_add+0x1e83/0x2df0 [ 1601.024840][T29071] ? device_add+0x1aa1/0x2df0 [ 1601.029649][T29071] hci_register_dev+0x61a/0xfd0 [ 1601.034539][T29071] hci_uart_tty_ioctl+0xe61/0x1140 [ 1601.042757][T29071] ? hci_uart_tty_write+0x30/0x30 [ 1601.047820][T29071] tty_ioctl+0x23e2/0x3100 [ 1601.052293][T29071] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1601.058234][T29071] ? tty_do_resize+0x230/0x230 [ 1601.063039][T29071] do_vfs_ioctl+0xea8/0x2c50 [ 1601.067709][T29071] ? security_file_ioctl+0x1bd/0x200 [ 1601.076199][T29071] __se_sys_ioctl+0x1da/0x270 [ 1601.080933][T29071] __x64_sys_ioctl+0x4a/0x70 [ 1601.085678][T29071] do_syscall_64+0xb6/0x160 [ 1601.090493][T29071] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1601.096443][T29071] RIP: 0033:0x459f39 [ 1601.100372][T29071] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1601.120007][T29071] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 15:28:53 executing program 3: 15:28:53 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x0, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:53 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1601.128456][T29071] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1601.136983][T29071] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1601.144977][T29071] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1601.153599][T29071] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1601.161589][T29071] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1601.173625][T29071] Bluetooth: Can't register HCI device [ 1601.852295][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1601.858524][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1601.875611][T28149] usb 2-1: USB disconnect, device number 124 [ 1602.562092][T28149] usb 2-1: new high-speed USB device number 125 using dummy_hcd [ 1602.802007][T28149] usb 2-1: Using ep0 maxpacket: 16 [ 1602.922266][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1602.933396][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1602.946403][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1602.955655][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1602.965176][T28149] usb 2-1: config 0 descriptor?? [ 1603.222306][ C1] net_ratelimit: 21 callbacks suppressed [ 1603.222326][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1603.234354][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1603.240827][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1603.249473][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1603.302278][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1603.308370][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1603.317901][T28149] usb 2-1: USB disconnect, device number 125 [ 1603.782370][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1603.788434][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1603.794786][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1603.800796][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1603.807191][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1603.813205][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:28:58 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x0, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:58 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat(r4, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) ioctl$HIDIOCGCOLLECTIONINDEX(r5, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) r6 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@newlink={0x5c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_PORT_SELF={0x34, 0x19, [@IFLA_PORT_PROFILE={0x30, 0x2, 'md5sum/(loposix_acl_access/@)vmnet1{self\x00'}]}, @IFLA_GROUP={0x8}]}, 0x5c}}, 0x0) 15:28:58 executing program 4 (fault-call:5 fault-nth:26): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:28:58 executing program 3: 15:28:58 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:28:58 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f0000000400)=ANY=[@ANYBLOB="482d0d8a49b46c10f337a7f58a3c9570fcd781159a995dbdf821602235bc25ab9b0f7c1b990facca1d402a7684bf3262e370f1fde4ff401180785d7bd174fd59c3ca20abc237e19467a824f6e8c60737d1113153197bda3474eb390b924b2ca49b193ef21ff761fda90d6551b2165c02e630fb8e13aeb196063b9b74b5388925efe1dacc0de9f2bf2fcabf596d251f396a1d6484b7b335f31e2caa1cb8aff8602fa52eca419f1e1f92210e24a65014e00397424e4b3565a28c57f65e713da612b1f6bc28832ec1f330bd303368257e5a6e9c02ad53aa408f5312a3237530ce8c93d0a4fcceea98be220f5efd531a9860d931086f6b1cdf4a0329402572efeacf4da1abd5c7e269e0f2bae2ff0582bf9b9689f8dbfccf62dd2592"], 0x0, 0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = fcntl$dupfd(r2, 0x406, 0xffffffffffffffff) accept$inet6(r3, 0x0, &(0x7f0000000040)) [ 1606.345923][T29103] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1606.354495][T29103] FAULT_INJECTION: forcing a failure. [ 1606.354495][T29103] name failslab, interval 1, probability 0, space 0, times 0 [ 1606.367547][T29103] CPU: 0 PID: 29103 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1606.375516][T29103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1606.385626][T29103] Call Trace: [ 1606.388960][T29103] dump_stack+0x191/0x1f0 [ 1606.393346][T29103] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1606.399271][T29103] should_fail+0xa3f/0xa50 [ 1606.403739][T29103] __should_failslab+0x264/0x280 [ 1606.408716][T29103] should_failslab+0x29/0x70 [ 1606.413371][T29103] kmem_cache_alloc+0xd6/0xd10 [ 1606.418195][T29103] ? __kernfs_new_node+0x1a2/0xb70 [ 1606.423369][T29103] __kernfs_new_node+0x1a2/0xb70 [ 1606.428368][T29103] ? mutex_unlock+0x38/0x90 [ 1606.432913][T29103] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1606.438836][T29103] kernfs_new_node+0x18e/0x350 [ 1606.443659][T29103] __kernfs_create_file+0x16c/0x690 [ 1606.448902][T29103] sysfs_add_file_mode_ns+0x624/0x890 [ 1606.454324][T29103] sysfs_merge_group+0x2f3/0x5b0 [ 1606.459314][T29103] dpm_sysfs_add+0x187/0x4e0 [ 1606.463949][T29103] device_add+0x1e83/0x2df0 [ 1606.468478][T29103] ? device_add+0x1aa1/0x2df0 [ 1606.473209][T29103] hci_register_dev+0x61a/0xfd0 [ 1606.478106][T29103] hci_uart_tty_ioctl+0xe61/0x1140 [ 1606.483268][T29103] ? hci_uart_tty_write+0x30/0x30 [ 1606.488328][T29103] tty_ioctl+0x23e2/0x3100 [ 1606.492809][T29103] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1606.498739][T29103] ? tty_do_resize+0x230/0x230 [ 1606.503549][T29103] do_vfs_ioctl+0xea8/0x2c50 [ 1606.508180][T29103] ? security_file_ioctl+0x1bd/0x200 [ 1606.513500][T29103] __se_sys_ioctl+0x1da/0x270 [ 1606.518215][T29103] __x64_sys_ioctl+0x4a/0x70 [ 1606.522833][T29103] do_syscall_64+0xb6/0x160 [ 1606.527385][T29103] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1606.533388][T29103] RIP: 0033:0x459f39 [ 1606.537335][T29103] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1606.556970][T29103] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1606.565424][T29103] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1606.573674][T29103] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1606.582684][T29103] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 15:28:58 executing program 3: [ 1606.590687][T29103] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1606.598690][T29103] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1606.608346][T29103] Bluetooth: Can't register HCI device 15:28:58 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x0, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:28:58 executing program 4 (fault-call:5 fault-nth:27): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1606.782223][T28149] usb 2-1: new high-speed USB device number 126 using dummy_hcd [ 1606.800401][T29117] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1606.809497][T29117] FAULT_INJECTION: forcing a failure. [ 1606.809497][T29117] name failslab, interval 1, probability 0, space 0, times 0 [ 1606.822283][T29117] CPU: 1 PID: 29117 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1606.830240][T29117] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1606.840339][T29117] Call Trace: [ 1606.843708][T29117] dump_stack+0x191/0x1f0 [ 1606.848111][T29117] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1606.854047][T29117] should_fail+0xa3f/0xa50 [ 1606.858517][T29117] __should_failslab+0x264/0x280 [ 1606.863487][T29117] should_failslab+0x29/0x70 [ 1606.868718][T29117] kmem_cache_alloc+0xd6/0xd10 [ 1606.873516][T29117] ? __kernfs_new_node+0x1a2/0xb70 [ 1606.878664][T29117] __kernfs_new_node+0x1a2/0xb70 [ 1606.883646][T29117] ? mutex_unlock+0x38/0x90 [ 1606.888186][T29117] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1606.894104][T29117] kernfs_new_node+0x18e/0x350 [ 1606.898902][T29117] __kernfs_create_file+0x16c/0x690 [ 1606.904140][T29117] sysfs_add_file_mode_ns+0x624/0x890 [ 1606.909577][T29117] sysfs_merge_group+0x2f3/0x5b0 [ 1606.914560][T29117] dpm_sysfs_add+0x187/0x4e0 [ 1606.919188][T29117] device_add+0x1e83/0x2df0 [ 1606.923712][T29117] ? device_add+0x1aa1/0x2df0 [ 1606.928432][T29117] hci_register_dev+0x61a/0xfd0 [ 1606.933319][T29117] hci_uart_tty_ioctl+0xe61/0x1140 [ 1606.938487][T29117] ? hci_uart_tty_write+0x30/0x30 [ 1606.943533][T29117] tty_ioctl+0x23e2/0x3100 [ 1606.948011][T29117] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1606.953929][T29117] ? tty_do_resize+0x230/0x230 [ 1606.958734][T29117] do_vfs_ioctl+0xea8/0x2c50 [ 1606.963363][T29117] ? security_file_ioctl+0x1bd/0x200 [ 1606.968680][T29117] __se_sys_ioctl+0x1da/0x270 [ 1606.973395][T29117] __x64_sys_ioctl+0x4a/0x70 [ 1606.978011][T29117] do_syscall_64+0xb6/0x160 [ 1606.982629][T29117] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1606.988539][T29117] RIP: 0033:0x459f39 [ 1606.992466][T29117] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1607.012091][T29117] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1607.020538][T29117] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 15:28:59 executing program 3: [ 1607.028540][T29117] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1607.036622][T29117] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1607.044608][T29117] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1607.054002][T29117] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1607.062810][T29117] Bluetooth: Can't register HCI device 15:28:59 executing program 3: 15:28:59 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x0) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1607.201994][T28149] usb 2-1: Using ep0 maxpacket: 16 15:28:59 executing program 4 (fault-call:5 fault-nth:28): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) [ 1607.322513][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1607.334374][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1607.347643][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1607.356852][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1607.375961][T28149] usb 2-1: config 0 descriptor?? [ 1607.415180][T29132] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1607.424025][T29132] FAULT_INJECTION: forcing a failure. [ 1607.424025][T29132] name failslab, interval 1, probability 0, space 0, times 0 [ 1607.437034][T29132] CPU: 0 PID: 29132 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1607.444983][T29132] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1607.455181][T29132] Call Trace: [ 1607.458533][T29132] dump_stack+0x191/0x1f0 [ 1607.463043][T29132] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1607.469434][T29132] should_fail+0xa3f/0xa50 [ 1607.473918][T29132] __should_failslab+0x264/0x280 [ 1607.478893][T29132] should_failslab+0x29/0x70 [ 1607.483509][T29132] kmem_cache_alloc+0xd6/0xd10 [ 1607.488307][T29132] ? __kernfs_new_node+0x1a2/0xb70 [ 1607.493462][T29132] __kernfs_new_node+0x1a2/0xb70 [ 1607.498443][T29132] ? mutex_unlock+0x38/0x90 [ 1607.503016][T29132] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1607.509330][T29132] kernfs_new_node+0x18e/0x350 [ 1607.514135][T29132] __kernfs_create_file+0x16c/0x690 [ 1607.519376][T29132] sysfs_add_file_mode_ns+0x624/0x890 [ 1607.524795][T29132] sysfs_merge_group+0x2f3/0x5b0 [ 1607.529777][T29132] dpm_sysfs_add+0x187/0x4e0 [ 1607.534407][T29132] device_add+0x1e83/0x2df0 [ 1607.538930][T29132] ? device_add+0x1aa1/0x2df0 [ 1607.543656][T29132] hci_register_dev+0x61a/0xfd0 [ 1607.548546][T29132] hci_uart_tty_ioctl+0xe61/0x1140 [ 1607.553711][T29132] ? hci_uart_tty_write+0x30/0x30 [ 1607.558757][T29132] tty_ioctl+0x23e2/0x3100 [ 1607.563224][T29132] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1607.569167][T29132] ? tty_do_resize+0x230/0x230 [ 1607.573957][T29132] do_vfs_ioctl+0xea8/0x2c50 [ 1607.578596][T29132] ? security_file_ioctl+0x1bd/0x200 [ 1607.583920][T29132] __se_sys_ioctl+0x1da/0x270 [ 1607.588639][T29132] __x64_sys_ioctl+0x4a/0x70 [ 1607.593270][T29132] do_syscall_64+0xb6/0x160 [ 1607.597803][T29132] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1607.603735][T29132] RIP: 0033:0x459f39 [ 1607.608094][T29132] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1607.627739][T29132] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1607.636443][T29132] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1607.644518][T29132] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1607.652507][T29132] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1607.660494][T29132] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1607.668484][T29132] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1607.677398][T29132] Bluetooth: Can't register HCI device [ 1608.372307][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1608.378529][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1608.387755][T28149] usb 2-1: USB disconnect, device number 126 [ 1609.092138][T19754] usb 2-1: new high-speed USB device number 127 using dummy_hcd [ 1609.352234][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1609.462227][ C1] net_ratelimit: 21 callbacks suppressed [ 1609.462241][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1609.474062][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1609.480200][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1609.486284][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1609.512338][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1609.523373][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1609.536451][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1609.545613][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1609.555294][T19754] usb 2-1: config 0 descriptor?? [ 1609.912356][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1609.918438][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1609.927543][T19754] usb 2-1: USB disconnect, device number 127 [ 1610.022586][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1610.028678][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1610.035115][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1610.041132][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1610.047503][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1610.053694][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:29:05 executing program 5: r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) r5 = openat(r4, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) ioctl$HIDIOCGCOLLECTIONINDEX(r5, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) r6 = fcntl$dupfd(r2, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000240)=@newlink={0x5c, 0x10, 0x801, 0x0, 0x0, {}, [@IFLA_PORT_SELF={0x34, 0x19, [@IFLA_PORT_PROFILE={0x30, 0x2, 'md5sum/(loposix_acl_access/@)vmnet1{self\x00'}]}, @IFLA_GROUP={0x8}]}, 0x5c}}, 0x0) 15:29:05 executing program 3: 15:29:05 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:29:05 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x0) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:29:05 executing program 4 (fault-call:5 fault-nth:29): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:29:05 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f0000001300)=ANY=[@ANYBLOB="00abe9c78ac3c4ed1b5377598d56069cc0941f6ef0186cccc7d285fe6e65251eecd6000000004000000075d26959c15b8eef87fe4662bed5fca255e11561a8b1b27655a66a0678dacb32c21f1bbf62c1afef39a1bc41af5bf6c98408177f8a02cc4d502f2876b76abe92fcdcc3a640e4e245"], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = add_key(&(0x7f0000000040)='user\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000300)="134c87aed0f9d19abb35c46343b8a52576559c533445e6b9f3dbe0d7990514585661dd3c3e5a8df9b57ee30cda7f270dad3c4da005d6d9b10fdde4ed5ff5ec3430f4c67cf3f773670a27973a452118354641b4eb28ce4b68d46b3adf8e45b041a04526cd0005b97f83f5edef76e9a1b2b450b7c2056839ac89e0402844755e2205ab78265ce2020f5af39de5f6af1951986e33452c6a773c5e20b60474b27c2122e4dc8b301c2425cb22e6aa76eaf219f2d4828845859974e8e7e884342dfa0ed3f168e3c317139fb6fd160c658e0a77bcef40107c2b9049aede14a0c97c2f6509b13cf44ffeb8861540f6e74ffa71680427b24459d0d478685cc02aca1d88c7e3f9433fc80320c9d5448b9b62a94344f8045692d5e41338c169bad3590bba9b7bf45b511743ad9a103bdcb104a68f5d0dc371d074e54f18354beee0e45b95c2a70bf945c266f90e6d35897ffcdb108644ddbee3bd1d6ef7273d8a7bab371efd3487523464854a1cddd2c5feaaaff0737982d98d7524fba2458a2cbe00a83cbb2e8e852cad3f73cbf8b584db4182687d1a66a82233c134b426b7f58315f23e2d0049043981c8df2d74e746a6e64e7e8a0a14a49b97754befe425900cc9b0550f7e768c36bd39a4c51e049f977d955d9f3d9d320801e2aa35aedaa366204591a2b90a3b75751eb8e83f0c4f5246dc2e252231346bb5432e75b648a81c65a9680e6bb17b5c84e923e61b8bd1f0f956b1596ce0c72dd887263028d398a534c383744c686f727220e73c78e7dba9bd29595c4650bb3dbbf736687c0f405f71a03c1956e8bf4032520be20d46fbe82547491a47c53a2b4e4ae3bd750b6a1a9e248c23d3cc8b8edc8fb82a2deba1ce34505d9552d0da877a4a3f3df8bda95e03be0847d456bf18e8031db1202997063d28b5eaf77b2f8b0386f082a9dca3e4d12eb79871e0e39c1aa7293edcbdf13ba42d27856eb4342d08cc31b399afc6d5eb96901fcf31e1a4a051f4cfe4d11506f56a6209603639919ef6e62da55f2de40ddbb8624ab5c48eea04f204284bc09a163a972910ed5067e0ed5a1608f611c404c3fd500afebc6487da68fa989df31f0658c35be2ee3ac0e21d5e0bce0410061ef364844ad4c38b44eb26dc2d3edffe333f3a3f648d78eb9d036a961a8c88a426ed8e630d83450b3c737e4ba873f69059e3084141082d191106ca733ece71c505ad0e2c138a05032f6e13b90200a7cdc4e2688427295e6172f0c77993e7befadaeeebd889ae22f2cb27e55078d56fae04931c150a452733fd381b53fd0f097c62d2eb5df6f0c0f1f2fd955eb7325c9fbfe2b5fb762fc3a0ba889e507c66399c73c22b5c0cc1e999b352e90f855ead7184dc0909a1a9be56c99cf33a5a109016af32259098e563e6d111c2dee32a3b6e677658d2c8f3d8f8501eb918bb1dced58c556797731426d130bf1acffd4f9cf712834e0864ae9a54d9d3c94d2028a9bccf5c6742d26e24f7f986e37d106e9c8d9c7b93a2227cddc46eee20d4b7d1a5ff44c5e1f4499f02ed0956ebaaa36adfcf815413b19441eefb4e6ae93494518f5c3ac2f174f3bc65b10334ede6fe0fbf6b1cb6067a0cdbb7dd8a559f3b8c9aa6db904756b5ed979cd1825a2c40616e917c23334a322945ecdde90190625fb934e14e41ac72feca865a85081a2999f8f82ec3abec3223301c0e3bd5ba0a69224cfac34b0688c701bea02f72b2cc3c1d356dedd0577e2de64964e3f28fe1cc2fbcb12f8c23dd6060c1a75ae64e1463f217cd3f641d1d0bc771676dc2946bbb860e0d9d1e0fcab2ab8ff29f7a5d96d6ad597303b4dad64ca7422e9e6273b37ec424888da2a31e3a46533ba5cea2ae1f352f9f263165c8790b00c3eee0b389dc3d52a96854dddd57e60bc7c960f34820776bbb3adbeff1e19a07e3da646cf4a0b42ee3937fa41daf51a675d6b66581d2877096b4fe1dd4622d7d47cf6240bceb0e15dd5f813b514fd067fcc9b032cc7a6b98da1aca87ba4265823ad4ecf147cde913b869b29658b56e502850684d38d556498dc45782ed7b2be49760507b58f70bbefedcd1d800bd28334c7d4e8fbd0b10ef10dc2cd02eb126633190f7ec45b3fb170f5cd9a8e12c4fd8148cc84208b73cddc1454ca22e238794bfdf753a4c236c6e79a02ac2130dccb8636402204c9d1725cef0521a85f9764c497a3ecbd9fd0f4acc352e10e6973641f5818871f9112c35a86497ac44c7f99c1cd89908fdbeaf4cded14cc2feadddf1d1d4b1be96b418acb91fc127a6d02fde5ce58279ae66ee4df711a1736206086b37a2f53369433dac4167e18809cc4aa68048a00385aa7c4340f31c40f042862577cdb3df512a879cb159f2235dce2c95d5ebe985e99e1f6bdc9ffcbfd15a45538c90bf9694b2acb9940c7c632b99a4699e93399ce28965b38450b5cb76aae0dde7cc4e377a67b676dab4e34ce5dc7506bea11c8a1b57b1ec7f5833e1bdc54ef7e58bbd374db445773a42a60bd126182dc2161c2aa2c1eb1d2c02f1bea0f8a9e11ac7f99ed4451c9a31258d5ce5432adbf4391f0d896eea12e919f6dbe286b8167cbb2d0a07f6327d379c8dac3ecde09a24e8106a3e28cedd643588750ca589a0f60327ad6cefd57d8b43ee69cec51f445e94691c7a1cc3264ad82f8bd9525f217dd643184f5bbf6250aceb77c00a48370a9a16a9b22d67c53ae30affc24f1f854b4feb4e22bbd91b6a7259e4bafb42491457813cbc8f7d31050637cf7b43d9f45e35de32a56109dba5b88eeda16b61282ef0fcb33749e1904c13b09a127c40193f55f9bb6f6afafc67826e892da32828ad490c0a22897d94d55cf0349bb54371d06ed3e90487f08b074adfee24234788ccd27d050437c7fde1ecd9fec14077417e2a645400f90b79e18385df3accdc40426a435295df031a7603fd8e1a0e77765942c8dc189a5efbef15ea258d08eae9a773a772be020e41d910456fd88da6f527ed2b19217a068f22b0d7b6989339487f6c3d73d0d85e4f1db50502779b7e82a861b4b5ba924291169df3b485509fa99cbca11c155fa58c987ebcd20ff74b3eb8920b0fbbde620f2ad1904fc6bbec3c5de557e80cd207b8edb734579297ec141ec51617f1d53b3651c62ddea0ab2236d9e0ae8c9894ae01ec472cf1f4a9d699cb242465f674f622f72d9cba665d22c062df597f65ebae3aef84c35eccb4c99ff660285d35a9262feec77f4d02c84a185cbaf4bd8724f2cd2a030ab1486a77d3188b6912b7b0f05c095e4f049865a915d4b8c746de66ac8fc9974efb8a1aaac40c90a2beba4b56decf5a4fe26b8f15351876cde434c986dd5422f7a7eadb00d07564aaf527037a4883801c1695f1bb690b4318cedb0c973391146f78af41745410790a12b8ed738f74ab12eb46a17772bbc76e3e24a4a52bab0c78d53b3d661b64c9c6a91347dcdd28252bfaa0f0927026c9fc493889bbc744b3469cf4505be2408592c3d8e24f92fbdc20031db1dc4ba888e29134b4fb860f8052063000cd9f0d1cf9fee858f6feadd8bfecfb3de0e133e1cdd6925e3a3006012c5e0986e36e0f4e2e7b3a3f0619ac48697d590ffddef6779de5ecb2db2b352597fb91dcbca84e3bec991e91009885b9f1ab1caa92a5c4143fa05c99403c70baf96281d87fe96bce7336b1d862141137217b9fb243570e199bc44837e02b3bbf8eeb97ae01e5a4eb60d26b24558e2833111bcb3263cca3f269af2cef005c355c7ede560c3339946f9819c7e78579b617f4a9458c82b6be54cba0f1bc07ea9371392cf9bd18d0b584a487d882a09440953205de25270e8e0c3c84ac2189b5ee6e95048847e5b95d51e21dc43f18de781c69df2f2e99db4f7ef8639c36316c4801de989e9b3484ad5d3d9c23764511230334d757d0a9695bae390f5d8ee48e7d6aaacee3467b99733ff088b4f56d65019651f319f5c3415367363a4e42f7f3d0e0a0fc1546241ca30d8f8eba28e92cf1620438a6b3129689fdc8852ecc92eddfb1abe654f3435ec9e87a361552bc386a0c745fc0a399e2c9c44dd9225f125299d596ee2f695239b83677d06e6e66cef3ba0d91b3e2c75e9f98a9e7f75ef2809132e5598542067b580c0521601d4b0abb85611743002208f15cb6767f74764f1104137ec4ef508f47611285ec489bd644e254a4bc0ef330478268d8515f5ff4b7373d1ce0dff69c7239016387276a0c350a842af643b0f1fc761fbe295c72aaf2e7941920a482a9555a90b1500fc6a6175aec2439150df04c1c9b6141c8a1f01e9cd86f15beeb0e3322584c57396c0db4a8644bbf75b6a2636f88291270bcb2184832454375d803c6e52b0e1d9dd5f2d0f1e3bdaef192cca4869ec342b5aef8ac4469353873531fb383fbb0dd24cb3fc59e9ea62335d4763f97bf0c945082c239966a7de6a312a830f74087182878be9b0252effd2d4748b0561c63824a999bf48bb69e6d708b16998c31c778f7f6783983dd010318e7ca9097ac61baa05abcc5b4e8e2f0c3ea8ed66493674ee28988873380b33107475ea8e2265bbdcc74d695d2ceec53bdf4971ca755d3fda6ed8828c852084f44ab998fdbe92e5388839f69b4e9db37297c4561948fe7a5afd628c2e791d9a5a35a41fd20fa826d57f959185187e5e152e6c374f1a373e3e15de18650a1b7953ccc7a1a6fa6056ee0ef5a7b49aded92a42e14f3458d4d682b4f34ce82276274dd502781be48c7454e0a1df4ae898258e2763f2ae222c13988c7d2fbe11bc005e2ddafceec92583fc2b348a9706d81ed9ece47b53020740102b584598b8a8473a9e4661066328eca0f1c489f3bfe6736214aea563fe5d68c6b768bfef8c35d5280061413611160930be4d62ae46932f44776b1b30acec2b376d9c4c93914a88689a5b352233eb5c76134225e1d21b01c834000951fb394c9239a6791a36382ce1a1c932fc58f4c32ef267fba0d22d84a55c004a594fd494c9f923e25cbcc2cdc5a316ea1180b0e5c1cfee72dd56656c9f632a2a210a6e6ca082d3d3c6cf543f4d4822d46ddcaf4d243d51419c36d82968bd93eb41cd32e2cd8ed24650074a33042962b8a1304b7a9dad5421c639b4806f786a581126f98d60bf52177e0d2c39866d2c35bc544638adb79e56ed451317ef0f011d12739ea92abd068f10ebb2cf7a44031b73e5932e5beb5cdcd8cd1cef94badaa4c3b754f2b9f02ec3a83f8ad59c8eeef70f403288c3b6423cf672dfcd1a5a0ba980e12ef845e4ba974c88b8c67c8bdb649731762123639135b34b7fa4b9932d5ab93ab56de3f20cf25b00d1fde63ccf056b28336df62bf8ff34742d1f25930b51f618d084428686002980e26f03220509c52f6b7eaa75b57f30dadbcf0c6e908d335805af1e5a5851bae88975d1055db85c86b63b33edfc30f0a594901e86c9fd59bb1c79ac0ccfddd6ccbbcc74224691a9d4b26b6b07857d94edcacccad88f7c01afba9667f039829ae3d41ec613884c67b94ddf0cf640d73fec6b4157e2947b4fe382845e8bdff36108be66e4a6b0b81782ca7cb81054cb29efc4dd126b83477448bc25d34f3844ff5ee45ab4a722f689502ba9e35bdf69bc306508fcf0818d193b63db0530d6005eb2832deae556fa72a6651b238a7f41ae24a782b361073e669e71965c7bb929ee6b82aa42fff423cde217665fb88c00b24184341284e22303c8810a155eebe87b6a49452f96e441631c1201328fe92456cca036d67e4d45a6a14aa2ec36b249107b53446957a3c2c11ea47bb250803a33d5ea51b", 0x1000, 0xfffffffffffffffd) r2 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000180)="d38100ffe6002b452b7b4f0a7ff32588e4b3a5e608000000", 0x18, 0xfffffffffffffffe) r3 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000400)={r2, r3, r2}, &(0x7f0000000500)=""/83, 0xfffffef6, 0x0) r4 = add_key$keyring(&(0x7f0000000300)='ng\x00', &(0x7f00000002c0)={'M&z', 0x1}, 0x0, 0x0, 0x0) add_key(&(0x7f0000000100)='dns_resolver\x00', &(0x7f0000000080)={'syz', 0x1}, &(0x7f0000000140)="dee7030022cf9e5e1dbac27b0426fc0299c41fb9b9761a1b44dac894f365ae68edf335abf35ec53d6751467ebd", 0x2d, r4) r5 = add_key$user(&(0x7f00000000c0)='user\x00', &(0x7f0000000100)={'syz', 0x2}, &(0x7f0000000140)="e2d5630544df5425201d4951af2c6f8ca997e98206f05ed4f5ebb39b5e0844916bfb15c1a10d16cc2bbac085a0f52a23da14e85329a638ad74b7bf1f0ef1f0e626248fd649cd3b84fd068dc6c627c204c9", 0x51, r4) keyctl$dh_compute(0x17, &(0x7f00000001c0)={r1, r3, r5}, &(0x7f0000001480)=""/207, 0xd5, &(0x7f0000001400)={&(0x7f0000001440)={'crct10dif\x00'}, &(0x7f0000000240)="141f69c1cc319c6e3886814080d8a20ed6c3dcc19f002eef3496283741d344b3c5d1ff3adf07", 0x12}) [ 1613.084544][T29145] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1613.093342][T29145] FAULT_INJECTION: forcing a failure. [ 1613.093342][T29145] name failslab, interval 1, probability 0, space 0, times 0 [ 1613.106225][T29145] CPU: 0 PID: 29145 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1613.114167][T29145] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1613.124444][T29145] Call Trace: [ 1613.127778][T29145] dump_stack+0x191/0x1f0 [ 1613.132232][T29145] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1613.138245][T29145] should_fail+0xa3f/0xa50 [ 1613.142710][T29145] __should_failslab+0x264/0x280 [ 1613.147679][T29145] should_failslab+0x29/0x70 [ 1613.152295][T29145] kmem_cache_alloc_trace+0xf7/0xd20 [ 1613.157617][T29145] ? kobject_uevent_env+0x5a0/0x27c0 [ 1613.162936][T29145] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1613.168863][T29145] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1613.174793][T29145] kobject_uevent_env+0x5a0/0x27c0 [ 1613.179952][T29145] ? mutex_unlock+0x38/0x90 [ 1613.184486][T29145] kobject_uevent+0x6f/0x80 [ 1613.189014][T29145] device_add+0x25a3/0x2df0 [ 1613.193544][T29145] ? device_add+0x1aa1/0x2df0 [ 1613.198269][T29145] hci_register_dev+0x61a/0xfd0 [ 1613.203162][T29145] hci_uart_tty_ioctl+0xe61/0x1140 [ 1613.208306][T29145] ? hci_uart_tty_write+0x30/0x30 [ 1613.213354][T29145] tty_ioctl+0x23e2/0x3100 [ 1613.217837][T29145] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1613.223856][T29145] ? tty_do_resize+0x230/0x230 [ 1613.228646][T29145] do_vfs_ioctl+0xea8/0x2c50 [ 1613.233363][T29145] ? security_file_ioctl+0x1bd/0x200 [ 1613.238698][T29145] __se_sys_ioctl+0x1da/0x270 [ 1613.243416][T29145] __x64_sys_ioctl+0x4a/0x70 [ 1613.248170][T29145] do_syscall_64+0xb6/0x160 [ 1613.252732][T29145] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1613.258647][T29145] RIP: 0033:0x459f39 [ 1613.262586][T29145] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1613.282231][T29145] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1613.290683][T29145] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1613.298676][T29145] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1613.306676][T29145] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1613.314666][T29145] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1613.322655][T29145] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 15:29:05 executing program 3: 15:29:05 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x0) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:29:05 executing program 3: [ 1613.482336][T28149] usb 2-1: new high-speed USB device number 2 using dummy_hcd 15:29:05 executing program 3: 15:29:05 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:29:05 executing program 3: [ 1613.732602][T28149] usb 2-1: Using ep0 maxpacket: 16 [ 1613.852249][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1613.863546][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1613.876762][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1613.886324][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1613.896740][T28149] usb 2-1: config 0 descriptor?? [ 1614.642171][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1614.648396][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1614.657466][T28149] usb 2-1: USB disconnect, device number 2 [ 1615.352112][T28149] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 1615.382531][T19754] Bluetooth: hci0: command 0x1003 tx timeout [ 1615.388855][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1615.592029][T28149] usb 2-1: Using ep0 maxpacket: 16 [ 1615.702240][ C1] net_ratelimit: 21 callbacks suppressed [ 1615.702255][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1615.712337][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1615.714241][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1615.724893][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1615.731012][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1615.743473][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1615.749503][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1615.758352][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1615.773350][T28149] usb 2-1: config 0 descriptor?? [ 1616.152410][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1616.158541][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1616.167585][T28149] usb 2-1: USB disconnect, device number 3 [ 1616.262338][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1616.268411][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1616.274708][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1616.280692][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1616.286892][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1616.292907][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1617.467542][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1617.473778][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1619.542493][T19754] Bluetooth: hci0: command 0x1009 tx timeout 15:29:12 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:29:12 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000001c0)=ANY=[@ANYBLOB="1749bd6e8f4983b6fede79f513cf854b26227a83c00dd76f21238765b23bcb66c0883c193a10668d29e1fe64fdcfb0784f817f95bd15996889af073a802576dafcec0c05d2f2ad7a243fba64e3ec07392872a655a470ed6de3e5208b64a386ea63ee48afa4bffe960182c36bc4ca4c8027ad274361c9d9119ac8da8ba62db60fffa3fddcda4bbb7771412e3aaaf1b291b37088d7ee3464e4"], 0x0, 0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) getpeername(r2, &(0x7f0000000040)=@ipx, &(0x7f00000000c0)=0x80) 15:29:12 executing program 5: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat(r3, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) ioctl$HIDIOCGCOLLECTIONINDEX(r4, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) r5 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 15:29:12 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1620.802125][T19754] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 1621.042023][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1621.162288][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1621.173462][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1621.186417][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1621.195638][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1621.205327][T19754] usb 2-1: config 0 descriptor?? [ 1621.942391][ C1] net_ratelimit: 20 callbacks suppressed [ 1621.942413][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1621.954462][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1621.960607][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1621.966707][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1621.973328][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1621.979503][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1621.988483][T19754] usb 2-1: USB disconnect, device number 4 [ 1622.502457][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1622.508651][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1622.515040][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1622.521107][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1622.527426][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1622.533685][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1622.652046][T19754] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 1622.892215][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1623.012363][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1623.023717][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1623.036801][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1623.046418][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1623.056024][T19754] usb 2-1: config 0 descriptor?? 15:29:15 executing program 4 (fault-call:5 fault-nth:30): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:29:15 executing program 3: 15:29:15 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:29:15 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x81) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:29:15 executing program 1: r0 = open(&(0x7f0000000000)='./file0\x00', 0x20000, 0x1e2) ioctl$EVIOCSABS20(r0, 0x401845e0, &(0x7f0000000080)={0x100, 0x0, 0x6, 0x4, 0x3, 0xac0}) r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) [ 1623.592946][T29197] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1623.601556][T29197] FAULT_INJECTION: forcing a failure. [ 1623.601556][T29197] name failslab, interval 1, probability 0, space 0, times 0 [ 1623.614567][T29197] CPU: 0 PID: 29197 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1623.622519][T29197] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1623.632611][T29197] Call Trace: [ 1623.635945][T29197] dump_stack+0x191/0x1f0 [ 1623.640314][T29197] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1623.646261][T29197] should_fail+0xa3f/0xa50 [ 1623.650732][T29197] __should_failslab+0x264/0x280 [ 1623.655713][T29197] should_failslab+0x29/0x70 [ 1623.660328][T29197] kmem_cache_alloc_node+0x103/0xe70 [ 1623.665647][T29197] ? __alloc_skb+0x215/0xa10 [ 1623.671133][T29197] __alloc_skb+0x215/0xa10 [ 1623.675604][T29197] alloc_uevent_skb+0x14c/0x470 [ 1623.680507][T29197] kobject_uevent_env+0x1b8d/0x27c0 [ 1623.685845][T29197] kobject_uevent+0x6f/0x80 [ 1623.690377][T29197] device_add+0x25a3/0x2df0 [ 1623.694905][T29197] ? device_add+0x1aa1/0x2df0 [ 1623.699638][T29197] hci_register_dev+0x61a/0xfd0 [ 1623.704530][T29197] hci_uart_tty_ioctl+0xe61/0x1140 [ 1623.709678][T29197] ? hci_uart_tty_write+0x30/0x30 [ 1623.714728][T29197] tty_ioctl+0x23e2/0x3100 [ 1623.719198][T29197] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1623.725130][T29197] ? tty_do_resize+0x230/0x230 [ 1623.729923][T29197] do_vfs_ioctl+0xea8/0x2c50 [ 1623.734570][T29197] ? security_file_ioctl+0x1bd/0x200 [ 1623.739897][T29197] __se_sys_ioctl+0x1da/0x270 [ 1623.744622][T29197] __x64_sys_ioctl+0x4a/0x70 [ 1623.749241][T29197] do_syscall_64+0xb6/0x160 [ 1623.753779][T29197] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1623.759684][T29197] RIP: 0033:0x459f39 [ 1623.763611][T29197] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1623.783261][T29197] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1623.791714][T29197] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1623.799712][T29197] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1623.807700][T29197] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1623.815701][T29197] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1623.823709][T29197] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1623.834661][T19754] usbhid 2-1:0.0: can't add hid device: -71 15:29:15 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, 0x0) preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:29:15 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1623.840884][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1623.909711][T19754] usb 2-1: USB disconnect, device number 5 15:29:16 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x0) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:29:16 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, 0x0) preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1624.302298][T19754] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 1624.541980][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1624.666534][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1624.677917][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1624.691154][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1624.700358][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1624.712052][T19754] usb 2-1: config 0 descriptor?? [ 1625.452293][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1625.459140][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1625.468082][T19754] usb 2-1: USB disconnect, device number 6 [ 1625.862007][T19754] Bluetooth: hci0: command 0x1003 tx timeout [ 1625.868378][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1626.171989][T28149] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 1626.411950][T28149] usb 2-1: Using ep0 maxpacket: 16 [ 1626.532021][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1626.543146][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1626.556232][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1626.565396][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1626.574980][T28149] usb 2-1: config 0 descriptor?? [ 1626.972309][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1626.978511][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1626.987716][T28149] usb 2-1: USB disconnect, device number 7 [ 1627.941924][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1627.948117][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1628.182188][ C1] net_ratelimit: 20 callbacks suppressed [ 1628.182201][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1628.194208][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1628.200341][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1628.206498][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1628.742150][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1628.748242][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1628.754506][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1628.760492][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1628.766820][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1628.772855][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:29:21 executing program 5: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat(r3, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) ioctl$HIDIOCGCOLLECTIONINDEX(r4, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) r5 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) 15:29:21 executing program 3: r0 = gettid() process_vm_writev(r0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) syz_usb_connect(0x4, 0x1, &(0x7f0000000200)=ANY=[@ANYPTR64=&(0x7f00000001c0)=ANY=[@ANYRES64=r0, @ANYRESOCT]], 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VFIO_GET_API_VERSION(r4, 0x3b64) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) 15:29:21 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, 0x0) preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1630.032060][T28149] Bluetooth: hci0: command 0x1009 tx timeout 15:29:26 executing program 4 (fault-call:5 fault-nth:31): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:29:26 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x81) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:29:26 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_usb_connect$cdc_ncm(0x5, 0x91, &(0x7f00000000c0)={{0x12, 0x1, 0x110, 0x2, 0x0, 0x0, 0x40, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x7f, 0x2, 0x1, 0x4, 0x20, 0x6, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x80, {{0xb, 0x24, 0x6, 0x0, 0x1, "857351ed9a31"}, {0x5, 0x24, 0x0, 0x100}, {0xd, 0x24, 0xf, 0x1, 0x6, 0xb41, 0x6da, 0x20}, {0x6, 0x24, 0x1a, 0x2, 0x7}, [@mbim_extended={0x8, 0x24, 0x1c, 0xc86f, 0x9, 0x1}, @mdlm={0x15, 0x24, 0x12, 0x2}]}, {{0x9, 0x5, 0x81, 0x3, 0x14b, 0xff, 0x9, 0x7}}}, {0x9, 0x4, 0x1, 0x0, 0x0, 0x2, 0xd, 0x0, 0x1}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0xc9, "", {{{0x9, 0x5, 0x82, 0x2, 0x3e, 0x1, 0xfe}}, {{0x9, 0x5, 0x3, 0x2, 0x2a8, 0x2, 0x7, 0x9}}}}}}}]}}, &(0x7f0000000600)={0xa, &(0x7f0000000180)={0xa, 0x6, 0x200, 0x4, 0x20, 0x6, 0x20, 0x9}, 0x5, &(0x7f00000001c0)={0x5, 0xf, 0x5}, 0x8, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x40c}}, {0xaa, &(0x7f0000000300)=@string={0xaa, 0x3, "c7fb304d2bd35272c7b82ec76a0a3ab64971d9c6337c2f958d438ced910767d5cd87f7bdd9b6b5b1bbeacd1de99be2d6d9f8250225a68a23cc9b7133ea3144ca5cfb6bbbbd6831fba484672ab8119d662b7c81f69ccc6bae9c1f7053f798ca8148ae3b3ff4111cb572fe35a89dd095cc6f8f2a79d2c9001c1540bdd757725b6fe0549a3d0922e059bea5ca71f697566d6c5654027d787ad9bce370f9631b30ce98911cbf2fe4eb53"}}, {0x66, &(0x7f00000003c0)=@string={0x66, 0x3, "4d3069944d184e8b36f9f9ace7d624511622c569651c31f7deee8004072e45b82254e97af7de48fb1c81b6fd3f19a9da92cec03208bacd028d7825e05360339797eac101d4465fa0e33d4ea1c722a6060b80135639e47c063918c7501690003031729110"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xea5fc1f3ca8c371e}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x426}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x40e}}, {0xc5, &(0x7f00000004c0)=@string={0xc5, 0x3, "5bbaf5fbd742ea92564f075e6d31b619dfeae0c392f5023de158c9643ba991494ec69ff244eacce0ffadd799198564f70440fdceb9f26b49ed78aab01f4940b94b54d524f582c61d06da3dc3f35650d9da4295865d487bd0a803777f18aac82842a9acd691b15d8141408922d171a854abab3ffb2b0106d067c0c1fffd0e027e3d936016ab9ba770cdf7bb66ed550d66d32add8a0305d17373a0c89e08920162fa9e0a0f47d4c74e9de29d17bdfd9cbe414f42deaa92f08e56aada40e039280005afcc"}}, {0x4, &(0x7f00000005c0)=@lang_id={0x4, 0x3, 0x2c09}}]}) syz_usb_control_io$cdc_ncm(r2, &(0x7f0000000700)={0x14, &(0x7f0000000680)={0x0, 0x2, 0x38, {0x38, 0x22, "09b243ebb437593553a7401042a99dccd423d79960f600ce3092aee7a023d9d1c72ae2ec5733f4a2fa1c30cac69c04510bacb8f74545"}}, &(0x7f00000006c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000980)={0x44, &(0x7f0000000740)={0x0, 0x3, 0x63, "2b949293dc30fa026c6bf72caf320767d8f4a8b4bbc63edd2d4fdecefcd841662b5c5793a5fd971779a8080bc3a75f7e22401e54c8cd059d26a2ce95c3b4dd9708d57cba7dadfc478a026d4cd812d6f70dc968324ce9b65dcc68bd9f9dade757ae761d"}, &(0x7f00000007c0)={0x0, 0xa, 0x1, 0x80}, &(0x7f0000000800)={0x0, 0x8, 0x1, 0x20}, &(0x7f0000000840)={0x20, 0x80, 0x1c, {0x1, 0x5, 0x6, 0x8, 0x0, 0x800, 0x2, 0x4, 0x4, 0x1, 0x3, 0x7}}, &(0x7f0000000880)={0x20, 0x85, 0x4, 0xdb}, &(0x7f00000008c0)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000900)={0x20, 0x87, 0x2, 0xffff}, &(0x7f0000000940)={0x20, 0x89, 0x2}}) getsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000040), &(0x7f0000000080)=0x4) 15:29:26 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(0xffffffffffffffff, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:29:26 executing program 3: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000000)='/dev/dlm-control\x00', 0x8000, 0x0) ioctl$KVM_S390_UCAS_UNMAP(r0, 0x4018ae51, &(0x7f0000000040)={0xfffffffffffff258, 0x0, 0x80000000}) syz_emit_ethernet(0x72, &(0x7f0000000440)={@link_local={0x1, 0x80, 0xc2, 0x4888, 0x5800f000}, @local, [], {@ipv6={0x86dd, {0x0, 0x6, "8368ad", 0x3c, 0x3a, 0x0, @remote, @local, {[], @icmpv6=@pkt_toobig={0x3, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x4788, 0x0, @initdev={0xfe, 0x88, [], 0x0, 0x0}, @ipv4={[], [], @dev}, [@srh], "fcfd1eef"}}}}}}}, 0x0) [ 1634.422537][ C1] net_ratelimit: 20 callbacks suppressed [ 1634.422560][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1634.435378][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1634.442108][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1634.448442][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1634.474152][T29246] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1634.483087][T29246] FAULT_INJECTION: forcing a failure. [ 1634.483087][T29246] name failslab, interval 1, probability 0, space 0, times 0 [ 1634.495919][T29246] CPU: 1 PID: 29246 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1634.504038][T29246] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1634.514151][T29246] Call Trace: [ 1634.517792][T29246] dump_stack+0x191/0x1f0 [ 1634.522296][T29246] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1634.528275][T29246] should_fail+0xa3f/0xa50 [ 1634.532796][T29246] __should_failslab+0x264/0x280 [ 1634.537828][T29246] should_failslab+0x29/0x70 [ 1634.542505][T29246] __kmalloc+0xae/0x430 [ 1634.546725][T29246] ? kzalloc+0x7c/0xe0 [ 1634.551040][T29246] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1634.556981][T29246] kzalloc+0x7c/0xe0 [ 1634.565427][T29246] kobject_get_path+0x1f7/0x450 [ 1634.570565][T29246] kobject_uevent_env+0x625/0x27c0 [ 1634.575745][T29246] ? mutex_unlock+0x38/0x90 [ 1634.580340][T29246] kobject_uevent+0x6f/0x80 [ 1634.584893][T29246] device_add+0x25a3/0x2df0 [ 1634.589431][T29246] ? device_add+0x1aa1/0x2df0 [ 1634.594221][T29246] hci_register_dev+0x61a/0xfd0 [ 1634.599127][T29246] hci_uart_tty_ioctl+0xe61/0x1140 [ 1634.604295][T29246] ? hci_uart_tty_write+0x30/0x30 [ 1634.609441][T29246] tty_ioctl+0x23e2/0x3100 [ 1634.613949][T29246] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1634.620123][T29246] ? tty_do_resize+0x230/0x230 [ 1634.624945][T29246] do_vfs_ioctl+0xea8/0x2c50 [ 1634.629599][T29246] ? security_file_ioctl+0x1bd/0x200 [ 1634.635044][T29246] __se_sys_ioctl+0x1da/0x270 [ 1634.640213][T29246] __x64_sys_ioctl+0x4a/0x70 [ 1634.644854][T29246] do_syscall_64+0xb6/0x160 [ 1634.649399][T29246] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1634.655412][T29246] RIP: 0033:0x459f39 [ 1634.659345][T29246] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1634.678985][T29246] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1634.687593][T29246] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1634.695814][T29246] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1634.703817][T29246] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1634.711823][T29246] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 15:29:26 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(0xffffffffffffffff, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1634.719942][T29246] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 15:29:26 executing program 3: syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x36, 0x6, 0x3, 0x40, 0xc72, 0xd, 0x5506, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x7e, 0xe0, 0x9f, 0x0, [], [{{0x9, 0x5, 0x81}}, {{0x9, 0x5, 0x3}}]}}]}}]}}, 0x0) 15:29:26 executing program 5: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat(r3, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) ioctl$HIDIOCGCOLLECTIONINDEX(r4, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) fcntl$dupfd(r1, 0x0, r0) [ 1634.802065][T28149] usb 2-1: new high-speed USB device number 8 using dummy_hcd 15:29:27 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(0xffffffffffffffff, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1634.982531][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1634.989187][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1634.995892][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1635.002284][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1635.008626][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1635.015228][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:29:27 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, 0x0, 0x0, 0x0) [ 1635.072131][T28149] usb 2-1: Using ep0 maxpacket: 16 15:29:27 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, 0x0, 0x0, 0x0) [ 1635.172635][T27852] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 1635.192667][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1635.204127][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1635.218442][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1635.227766][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1635.249827][T28149] usb 2-1: config 0 descriptor?? 15:29:27 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, 0x0, 0x0, 0x0) [ 1635.562341][T27852] usb 4-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=55.06 [ 1635.572210][T27852] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1635.582154][T27852] usb 4-1: config 0 descriptor?? [ 1635.843172][T27852] peak_usb 4-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 1635.851822][T27852] peak_usb 4-1:0.0: unable to read PCAN-USB Pro firmware info (err -71) [ 1635.904671][T27852] peak_usb: probe of 4-1:0.0 failed with error -71 [ 1635.941143][T27852] usb 4-1: USB disconnect, device number 48 [ 1635.994635][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1636.001039][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1636.010225][T28149] usb 2-1: USB disconnect, device number 8 [ 1636.612532][T19754] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 1636.702091][T28149] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 1636.742242][T27852] Bluetooth: hci0: command 0x1003 tx timeout [ 1636.748814][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1636.952168][T28149] usb 2-1: Using ep0 maxpacket: 16 [ 1637.012338][T19754] usb 4-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=55.06 [ 1637.022203][T19754] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1637.032081][T19754] usb 4-1: config 0 descriptor?? [ 1637.082414][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1637.094181][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1637.107883][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1637.117331][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1637.135748][T28149] usb 2-1: config 0 descriptor?? [ 1637.292641][T19754] peak_usb 4-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 1637.301075][T19754] peak_usb 4-1:0.0: unable to read PCAN-USB Pro firmware info (err -71) [ 1637.357617][T19754] peak_usb: probe of 4-1:0.0 failed with error -71 [ 1637.387200][T19754] usb 4-1: USB disconnect, device number 49 [ 1637.562769][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1637.569079][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1637.588326][T28149] usb 2-1: USB disconnect, device number 9 [ 1638.832066][T28149] Bluetooth: hci0: command 0x1001 tx timeout [ 1638.838544][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1640.662398][ C1] net_ratelimit: 20 callbacks suppressed [ 1640.662421][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1640.674797][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1640.681271][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1640.689178][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1640.902184][T28149] Bluetooth: hci0: command 0x1009 tx timeout [ 1641.222184][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1641.228737][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1641.235003][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1641.241548][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1641.247823][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1641.254007][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:29:37 executing program 4 (fault-call:5 fault-nth:32): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:29:37 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x81) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x81) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r5, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:29:37 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880), 0x0, 0x0) 15:29:37 executing program 1: r0 = openat$dlm_control(0xffffffffffffff9c, &(0x7f0000000140)='/dev/dlm-control\x00', 0x400000, 0x0) r1 = syz_open_dev$admmidi(&(0x7f0000000200)='/dev/admmidi#\x00', 0xfffffffffffffc01, 0x80000) move_mount(r0, &(0x7f00000001c0)='./file0\x00', r1, &(0x7f0000000240)='./file0\x00', 0x68) r2 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000000000010fe1e5a2ca771cd23000109022400010000000009040000090301010009210000000122ab00090581030000000000"], 0x0) r3 = socket$caif_seqpacket(0x25, 0x5, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KDGKBENT(r5, 0x4b46, &(0x7f0000000040)={0x7, 0xcf, 0x6}) setsockopt$inet_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000100)='westwood\x00', 0x9) flock(r3, 0x5) syz_usb_control_io$hid(r2, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r7) ioctl$sock_SIOCDELDLCI(r7, 0x8981, &(0x7f0000000080)={'erspan0\x00', 0xff26}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r9 = dup(r8) ioctl$PERF_EVENT_IOC_ENABLE(r9, 0x8912, 0x400200) ioctl$PPPIOCCONNECT(r9, 0x4004743a, &(0x7f00000002c0)=0x1) syz_usb_control_io(r2, &(0x7f0000000280)={0x2c, &(0x7f00000000c0)=ANY=[@ANYRES32=r6], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:29:37 executing program 3: socketpair$unix(0x1, 0xe, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000011c0)={'vet\x00\x00\x00\x00\x00\x00\x00\x00\x00\xbdh\x00', 0x43732e5398416f1b}) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000)='/dev/net/tun\x00', 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000180)={'vd\x7f\x00\x16\x00\xf9=\xdbZ\xdd\x91\x80\xd2{\x00', 0x43732e5398417f1e}) r3 = socket(0x5, 0x4, 0x0) setsockopt$inet_pktinfo(r3, 0x0, 0x8, &(0x7f0000000140)={0x0, @broadcast, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) ioctl$SNDRV_RAWMIDI_IOCTL_DROP(r7, 0x40045730, &(0x7f0000000080)=0x7) unlinkat(r5, &(0x7f0000000040)='./file0\x00', 0x7b4f9523559c432) 15:29:37 executing program 5: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat(r3, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) ioctl$HIDIOCGCOLLECTIONINDEX(r4, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) fcntl$dupfd(r1, 0x0, r0) 15:29:37 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880), 0x0, 0x0) [ 1645.364507][T29318] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1645.373407][T29318] FAULT_INJECTION: forcing a failure. [ 1645.373407][T29318] name failslab, interval 1, probability 0, space 0, times 0 [ 1645.389987][T29318] CPU: 0 PID: 29318 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1645.397945][T29318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1645.408224][T29318] Call Trace: [ 1645.411574][T29318] dump_stack+0x191/0x1f0 [ 1645.415952][T29318] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1645.421886][T29318] should_fail+0xa3f/0xa50 [ 1645.426344][T29318] __should_failslab+0x264/0x280 [ 1645.431342][T29318] should_failslab+0x29/0x70 [ 1645.436005][T29318] kmem_cache_alloc+0xd6/0xd10 [ 1645.440984][T29318] ? skb_clone+0x326/0x5d0 [ 1645.445454][T29318] ? kmsan_get_metadata+0x39/0x350 [ 1645.450608][T29318] skb_clone+0x326/0x5d0 [ 1645.454901][T29318] netlink_broadcast_filtered+0xbec/0x1c10 [ 1645.460767][T29318] netlink_broadcast+0xf6/0x110 [ 1645.465777][T29318] kobject_uevent_env+0x1c4e/0x27c0 [ 1645.471128][T29318] kobject_uevent+0x6f/0x80 [ 1645.475677][T29318] device_add+0x25a3/0x2df0 [ 1645.480211][T29318] ? device_add+0x1aa1/0x2df0 [ 1645.484968][T29318] hci_register_dev+0x61a/0xfd0 [ 1645.489872][T29318] hci_uart_tty_ioctl+0xe61/0x1140 [ 1645.495038][T29318] ? hci_uart_tty_write+0x30/0x30 [ 1645.500178][T29318] tty_ioctl+0x23e2/0x3100 [ 1645.504659][T29318] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1645.510755][T29318] ? tty_do_resize+0x230/0x230 [ 1645.515565][T29318] do_vfs_ioctl+0xea8/0x2c50 [ 1645.520197][T29318] ? security_file_ioctl+0x1bd/0x200 [ 1645.525532][T29318] __se_sys_ioctl+0x1da/0x270 [ 1645.530256][T29318] __x64_sys_ioctl+0x4a/0x70 [ 1645.534973][T29318] do_syscall_64+0xb6/0x160 [ 1645.539516][T29318] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1645.545428][T29318] RIP: 0033:0x459f39 [ 1645.549896][T29318] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1645.570063][T29318] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1645.578527][T29318] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1645.586529][T29318] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1645.594532][T29318] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1645.602615][T29318] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1645.610620][T29318] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 15:29:37 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880), 0x0, 0x0) [ 1645.772325][T19754] usb 2-1: new high-speed USB device number 10 using dummy_hcd 15:29:38 executing program 3: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880), 0x0, 0x0) 15:29:38 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{0x0}], 0x1, 0x0) [ 1646.022870][T19754] usb 2-1: Using ep0 maxpacket: 16 15:29:38 executing program 3: r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120100004d10c310ba45dc92ce050000000109026ae6c9a10000000904080002fe03000009050502090000000009058f1e1800000000"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000100)={0xac, &(0x7f0000000040)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x101, 0x100) ioctl$USBDEVFS_IOCTL(r2, 0xc0105512, &(0x7f00000002c0)=@usbdevfs_driver={0x2, 0xfffffffd, &(0x7f0000000200)="9ba817a972a616d7fbd0be8d02265f6bcb786a9ce7a18e076e5779035376540232d6f00d1c59b3e4ad7396ca6e0ee53e5f522534f0b5ff2a5e7a03381c5ea7bd5c5042cf44a446dbc69614348853dd790838f7b503a5bf5711af6b4ce60bbccc7c4e891e218b82cd336b25576293da5c6a5a8ca2670f84c8c2c5bb7360a776ee8aa55c8ad934b4d339154626a3ba16ecc955281ecca74f9f3e"}) r3 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='fd/4\x00') write$RDMA_USER_CM_CMD_LISTEN(r4, &(0x7f00000001c0)={0x7, 0x8}, 0x10) set_tid_address(&(0x7f0000000080)) [ 1646.162623][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1646.173846][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 15:29:38 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{0x0}], 0x1, 0x0) [ 1646.312705][T19754] usb 2-1: New USB device found, idVendor=1efe, idProduct=2c5a, bcdDevice=71.a7 [ 1646.322062][T19754] usb 2-1: New USB device strings: Mfr=205, Product=35, SerialNumber=0 [ 1646.330408][T19754] usb 2-1: Product: syz [ 1646.335288][T19754] usb 2-1: Manufacturer: syz [ 1646.356569][T19754] usb 2-1: config 0 descriptor?? [ 1646.532132][T28149] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 1646.781969][T28149] usb 4-1: Using ep0 maxpacket: 16 [ 1646.902248][T28149] usb 4-1: config index 0 descriptor too short (expected 58986, got 36) [ 1646.911050][T28149] usb 4-1: config 161 has too many interfaces: 201, using maximum allowed: 32 [ 1646.912264][ C1] net_ratelimit: 20 callbacks suppressed [ 1646.912283][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1646.920177][T28149] usb 4-1: config 161 has 1 interface, different from the descriptor's value: 201 [ 1646.925979][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1646.931514][T28149] usb 4-1: config 161 has no interface number 0 [ 1646.941265][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1646.946757][T28149] usb 4-1: config 161 interface 8 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 9 [ 1646.953236][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1646.958844][T28149] usb 4-1: config 161 interface 8 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 24 [ 1646.986441][T28149] usb 4-1: New USB device found, idVendor=45ba, idProduct=92dc, bcdDevice= 5.ce [ 1646.995922][T28149] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1647.102703][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1647.108937][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1647.122702][T19754] usb 2-1: USB disconnect, device number 10 [ 1647.262217][T28149] usb 4-1: GET_CAPABILITIES returned ffffffa0 [ 1647.268432][T28149] usbtmc 4-1:161.8: can't read capabilities [ 1647.462288][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1647.465120][T29336] imon:display_open: could not find interface for minor 0 [ 1647.468551][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1647.481838][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1647.488040][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1647.488676][T19754] usb 4-1: USB disconnect, device number 50 [ 1647.494468][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1647.506284][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1647.632014][T19765] Bluetooth: hci0: command 0x1003 tx timeout [ 1647.638880][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1648.281974][T19754] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 1648.521962][T19754] usb 4-1: Using ep0 maxpacket: 16 [ 1648.642093][T19754] usb 4-1: config index 0 descriptor too short (expected 58986, got 36) [ 1648.650612][T19754] usb 4-1: config 161 has too many interfaces: 201, using maximum allowed: 32 [ 1648.659831][T19754] usb 4-1: config 161 has 1 interface, different from the descriptor's value: 201 [ 1648.669186][T19754] usb 4-1: config 161 has no interface number 0 [ 1648.675676][T19754] usb 4-1: config 161 interface 8 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 9 [ 1648.685626][T19754] usb 4-1: config 161 interface 8 altsetting 0 bulk endpoint 0x8F has invalid maxpacket 24 [ 1648.695953][T19754] usb 4-1: New USB device found, idVendor=45ba, idProduct=92dc, bcdDevice= 5.ce [ 1648.705207][T19754] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1648.953993][T29340] imon:display_open: could not find interface for minor 0 [ 1649.015020][T19754] usb 4-1: usb_control_msg returned -71 [ 1649.020939][T19754] usbtmc 4-1:161.8: can't read capabilities [ 1649.039101][T19754] usb 4-1: USB disconnect, device number 51 [ 1649.701949][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1649.708272][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1651.782109][T19754] Bluetooth: hci0: command 0x1009 tx timeout [ 1653.142224][ C1] net_ratelimit: 20 callbacks suppressed [ 1653.142246][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1653.154718][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1653.161224][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1653.167599][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1653.702353][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1653.708924][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1653.715534][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1653.722324][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1653.729199][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1653.735551][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:29:48 executing program 4 (fault-call:5 fault-nth:33): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:29:48 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{0x0}], 0x1, 0x0) 15:29:48 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) r3 = dup3(r1, r2, 0xc0000) write$FUSE_BMAP(r3, &(0x7f0000000040)={0x18, 0x0, 0x6, {0x7}}, 0x18) 15:29:48 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x81) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x81) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:29:48 executing program 3: socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff}) fcntl$dupfd(r0, 0x0, r0) r1 = perf_event_open$cgroup(&(0x7f0000000000)={0x3, 0x70, 0x0, 0x8, 0x1, 0x3, 0x0, 0x726, 0x1, 0x2, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x1, 0x1, 0x1, 0x0, 0x1, 0x5, @perf_config_ext={0x4, 0x7fffffff}, 0x8000, 0x6, 0x4a25, 0xc5e7f5b41400410a, 0x1, 0x6, 0xc000}, 0xffffffffffffffff, 0xb, 0xffffffffffffffff, 0x2) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x80000400200) unshare(0x800) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r3, 0xc1105511, &(0x7f0000000100)={{0x1, 0x5, 0x3ff, 0x6, 'syz1\x00', 0x7fff}, 0x2, 0x10000000, 0x3f, 0x0, 0x5, 0x6, 'syz1\x00', &(0x7f0000000080)=[')\x00', 'ns/mnt\x00', 'ns/mnt\x00', 'proc\x00', 'ns/mnt\x00'], 0x1c, [], [0x6, 0x7fff, 0x0, 0xfd2f]}) fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000240)='security.ima\x00', &(0x7f0000000280)=@md5={0x1, "c7b1dac681dbfda5bf68e7cb11ffebca"}, 0x11, 0x7d5c51d2064f6c83) r4 = syz_open_procfs$namespace(0x0, &(0x7f00000000c0)='ns/mnt\x00') setns(r4, 0x20000) 15:29:48 executing program 5: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = openat(r3, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) ioctl$HIDIOCGCOLLECTIONINDEX(r4, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) fcntl$dupfd(r1, 0x0, r0) [ 1656.246891][T29354] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1656.255734][T29354] FAULT_INJECTION: forcing a failure. [ 1656.255734][T29354] name failslab, interval 1, probability 0, space 0, times 0 [ 1656.268565][T29354] CPU: 0 PID: 29354 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1656.276498][T29354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1656.286722][T29354] Call Trace: [ 1656.290099][T29354] dump_stack+0x191/0x1f0 [ 1656.294606][T29354] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1656.300923][T29354] should_fail+0xa3f/0xa50 [ 1656.305422][T29354] __should_failslab+0x264/0x280 [ 1656.310425][T29354] should_failslab+0x29/0x70 [ 1656.315068][T29354] kmem_cache_alloc+0xd6/0xd10 [ 1656.319889][T29354] ? skb_clone+0x326/0x5d0 [ 1656.324365][T29354] ? kmsan_get_metadata+0x39/0x350 [ 1656.329547][T29354] skb_clone+0x326/0x5d0 [ 1656.333862][T29354] netlink_broadcast_filtered+0xbec/0x1c10 [ 1656.339768][T29354] netlink_broadcast+0xf6/0x110 [ 1656.344702][T29354] kobject_uevent_env+0x1c4e/0x27c0 [ 1656.349999][T29354] kobject_uevent+0x6f/0x80 [ 1656.354820][T29354] device_add+0x25a3/0x2df0 [ 1656.359375][T29354] ? device_add+0x1aa1/0x2df0 [ 1656.364136][T29354] hci_register_dev+0x61a/0xfd0 [ 1656.369062][T29354] hci_uart_tty_ioctl+0xe61/0x1140 [ 1656.374239][T29354] ? hci_uart_tty_write+0x30/0x30 [ 1656.379318][T29354] tty_ioctl+0x23e2/0x3100 [ 1656.383839][T29354] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1656.389822][T29354] ? tty_do_resize+0x230/0x230 [ 1656.394651][T29354] do_vfs_ioctl+0xea8/0x2c50 [ 1656.399318][T29354] ? security_file_ioctl+0x1bd/0x200 [ 1656.404680][T29354] __se_sys_ioctl+0x1da/0x270 [ 1656.409429][T29354] __x64_sys_ioctl+0x4a/0x70 [ 1656.414077][T29354] do_syscall_64+0xb6/0x160 [ 1656.418642][T29354] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1656.424573][T29354] RIP: 0033:0x459f39 [ 1656.428703][T29354] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1656.448357][T29354] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1656.456847][T29354] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1656.464871][T29354] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1656.472887][T29354] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1656.480901][T29354] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1656.488918][T29354] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 15:29:48 executing program 3: r0 = socket$inet(0x2, 0x2000080001, 0x84) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$btrfs_control(0xffffffffffffff9c, &(0x7f0000000400)='/dev/btrfs-control\x00', 0x321000, 0x0) ioctl$EVIOCGVERSION(r3, 0x80044501, &(0x7f0000000440)=""/176) ioctl$PERF_EVENT_IOC_SET_FILTER(0xffffffffffffffff, 0x40082406, &(0x7f0000000180)='\\\x00') pipe(&(0x7f0000000000)={0xffffffffffffffff}) ioctl$FIGETBSZ(r4, 0x2, &(0x7f0000000040)) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet_sctp_SCTP_MAXSEG(r0, 0x84, 0xd, &(0x7f00000000c0)=@assoc_value={0x0, 0x1ff}, 0x8) sendmsg(r0, &(0x7f000001afc8)={&(0x7f0000006000)=@in={0x2, 0x4e20, @loopback}, 0x80, &(0x7f0000007f80)=[{&(0x7f00000001c0)='*', 0x1a000}], 0x1}, 0x0) readv(r0, &(0x7f0000000140)=[{&(0x7f0000000200)=""/195, 0x120f0}, {&(0x7f0000000300)=""/204, 0xcc}], 0x2) ioctl$FS_IOC_GET_ENCRYPTION_POLICY(0xffffffffffffffff, 0x400c6615, &(0x7f0000000100)) 15:29:48 executing program 0 (fault-call:7 fault-nth:0): r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1656.646317][T28149] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 1656.700645][T29364] FAULT_INJECTION: forcing a failure. [ 1656.700645][T29364] name failslab, interval 1, probability 0, space 0, times 0 [ 1656.714674][T29364] CPU: 0 PID: 29364 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0 [ 1656.722625][T29364] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1656.734588][T29364] Call Trace: [ 1656.737953][T29364] dump_stack+0x191/0x1f0 [ 1656.742353][T29364] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1656.748318][T29364] should_fail+0xa3f/0xa50 [ 1656.752821][T29364] __should_failslab+0x264/0x280 [ 1656.757834][T29364] should_failslab+0x29/0x70 [ 1656.762567][T29364] kmem_cache_alloc+0xd6/0xd10 [ 1656.767421][T29364] ? ext4_init_io_end+0x8f/0x260 [ 1656.772425][T29364] ? apic_timer_interrupt+0xa/0x40 [ 1656.777712][T29364] ext4_init_io_end+0x8f/0x260 [ 1656.782544][T29364] ext4_writepages+0x18d2/0x6690 [ 1656.787724][T29364] ? tick_program_event+0x105/0x1c0 [ 1656.793050][T29364] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1656.799034][T29364] ? alloc_pages_vma+0x7a0/0x18c0 [ 1656.804145][T29364] ? ext4_getfsmap_compare+0x100/0x100 [ 1656.809755][T29364] ? ext4_readpage+0x440/0x440 [ 1656.814583][T29364] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1656.820536][T29364] ? ext4_readpage+0x440/0x440 [ 1656.825374][T29364] do_writepages+0x189/0x400 [ 1656.830082][T29364] __filemap_fdatawrite_range+0x53b/0x5b0 [ 1656.835914][T29364] file_write_and_wait_range+0x1b6/0x3d0 [ 1656.841626][T29364] __generic_file_fsync+0xfe/0x3e0 [ 1656.846859][T29364] ext4_sync_file+0x592/0x14f0 [ 1656.851719][T29364] ? ext4_getfsmap_compare+0x100/0x100 [ 1656.857250][T29364] vfs_fsync_range+0x2af/0x310 [ 1656.862180][T29364] __se_sys_msync+0x88b/0xb30 [ 1656.866972][T29364] __x64_sys_msync+0x4a/0x70 [ 1656.871630][T29364] do_syscall_64+0xb6/0x160 [ 1656.877003][T29364] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1656.882943][T29364] RIP: 0033:0x459f39 [ 1656.886895][T29364] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1656.906662][T29364] RSP: 002b:00007fe91d8fec78 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 1656.915140][T29364] RAX: ffffffffffffffda RBX: 00007fe91d8fec90 RCX: 0000000000459f39 [ 1656.923171][T29364] RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 [ 1656.932594][T29364] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1656.940620][T29364] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe91d8ff6d4 [ 1656.948650][T29364] R13: 00000000004c6a74 R14: 00000000004dbf78 R15: 0000000000000004 15:29:49 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x81) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x81) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:29:49 executing program 0 (fault-call:7 fault-nth:1): r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:29:49 executing program 3: [ 1657.086380][T28149] usb 2-1: Using ep0 maxpacket: 16 [ 1657.188631][T29369] FAULT_INJECTION: forcing a failure. [ 1657.188631][T29369] name failslab, interval 1, probability 0, space 0, times 0 [ 1657.202961][T29369] CPU: 0 PID: 29369 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0 [ 1657.210944][T29369] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1657.222091][T29369] Call Trace: [ 1657.225457][T29369] dump_stack+0x191/0x1f0 [ 1657.229869][T29369] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1657.235838][T29369] should_fail+0xa3f/0xa50 [ 1657.240339][T29369] __should_failslab+0x264/0x280 [ 1657.245448][T29369] should_failslab+0x29/0x70 [ 1657.250105][T29369] kmem_cache_alloc+0xd6/0xd10 [ 1657.254936][T29369] ? mempool_alloc_slab+0x66/0xc0 [ 1657.260034][T29369] ? apic_timer_interrupt+0xa/0x40 [ 1657.265209][T29369] mempool_alloc_slab+0x66/0xc0 [ 1657.270116][T29369] ? mempool_free+0x430/0x430 [ 1657.274843][T29369] mempool_alloc+0x116/0x810 [ 1657.279498][T29369] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1657.285672][T29369] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1657.291669][T29369] bio_alloc_bioset+0x34f/0xc10 [ 1657.296712][T29369] ext4_bio_write_page+0x1aa5/0x2990 [ 1657.302117][T29369] mpage_process_page_bufs+0xb9e/0xeb0 [ 1657.307677][T29369] mpage_prepare_extent_to_map+0xe2f/0x1210 [ 1657.313677][T29369] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1657.319726][T29369] ext4_writepages+0x1943/0x6690 [ 1657.324725][T29369] ? tick_program_event+0x105/0x1c0 [ 1657.330086][T29369] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1657.336059][T29369] ? alloc_pages_vma+0x7a0/0x18c0 [ 1657.341154][T29369] ? apic_timer_interrupt+0xa/0x40 [ 1657.346336][T29369] ? ext4_getfsmap_compare+0x100/0x100 [ 1657.351862][T29369] ? ext4_readpage+0x440/0x440 [ 1657.356702][T29369] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1657.362649][T29369] ? ext4_readpage+0x440/0x440 [ 1657.367476][T29369] do_writepages+0x189/0x400 [ 1657.372165][T29369] __filemap_fdatawrite_range+0x53b/0x5b0 [ 1657.377984][T29369] file_write_and_wait_range+0x1b6/0x3d0 [ 1657.384130][T29369] __generic_file_fsync+0xfe/0x3e0 [ 1657.389324][T29369] ext4_sync_file+0x592/0x14f0 [ 1657.394177][T29369] ? ext4_getfsmap_compare+0x100/0x100 [ 1657.399703][T29369] vfs_fsync_range+0x2af/0x310 [ 1657.404549][T29369] __se_sys_msync+0x88b/0xb30 [ 1657.409328][T29369] __x64_sys_msync+0x4a/0x70 [ 1657.414154][T29369] do_syscall_64+0xb6/0x160 [ 1657.419526][T29369] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1657.425479][T29369] RIP: 0033:0x459f39 [ 1657.429439][T29369] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1657.449099][T29369] RSP: 002b:00007fe91d8fec78 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 1657.457893][T29369] RAX: ffffffffffffffda RBX: 00007fe91d8fec90 RCX: 0000000000459f39 [ 1657.465921][T29369] RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 [ 1657.473941][T29369] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1657.481965][T29369] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe91d8ff6d4 [ 1657.490332][T29369] R13: 00000000004c6a74 R14: 00000000004dbf78 R15: 0000000000000004 [ 1657.500710][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1657.511796][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1657.524817][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 15:29:49 executing program 3: [ 1657.534058][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1657.548777][T28149] usb 2-1: config 0 descriptor?? [ 1658.302557][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1658.308792][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1658.329319][T28149] usb 2-1: USB disconnect, device number 11 [ 1658.501995][T19754] Bluetooth: hci0: command 0x1003 tx timeout [ 1658.508260][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1659.001986][T19754] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 1659.261982][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1659.382121][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1659.393470][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1659.406476][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1659.415738][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1659.429069][T19754] usb 2-1: config 0 descriptor?? [ 1659.542439][ C1] net_ratelimit: 20 callbacks suppressed [ 1659.542462][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1659.554487][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1659.560892][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1659.567162][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1659.812541][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1659.818950][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1659.831550][T19754] usb 2-1: USB disconnect, device number 12 [ 1659.942212][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1659.948463][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1659.955274][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1659.961301][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1659.967601][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1659.973748][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1660.581991][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1660.588297][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1662.661994][T19754] Bluetooth: hci0: command 0x1009 tx timeout [ 1665.782352][ C1] net_ratelimit: 20 callbacks suppressed [ 1665.782375][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1665.794412][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1665.800798][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1665.807010][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1666.182117][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1666.188174][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1666.194579][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1666.200573][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1666.206998][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1666.213015][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:29:59 executing program 4 (fault-call:5 fault-nth:34): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:29:59 executing program 3: 15:29:59 executing program 0 (fault-call:7 fault-nth:2): r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:29:59 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8003, &(0x7f0000000000)=0x3, 0x8, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x81) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x81) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:29:59 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$rtc(&(0x7f0000000040)='/dev/rtc#\x00', 0x3b4, 0x80) fremovexattr(r1, &(0x7f0000000080)=@known='system.sockprotoname\x00') 15:29:59 executing program 5: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat(r1, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) ioctl$HIDIOCGCOLLECTIONINDEX(r2, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 1667.060438][T29384] FAULT_INJECTION: forcing a failure. [ 1667.060438][T29384] name failslab, interval 1, probability 0, space 0, times 0 [ 1667.074319][T29384] CPU: 0 PID: 29384 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0 [ 1667.082281][T29384] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1667.082297][T29384] Call Trace: [ 1667.082353][T29384] dump_stack+0x191/0x1f0 [ 1667.082408][T29384] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1667.082462][T29384] should_fail+0xa3f/0xa50 [ 1667.082524][T29384] __should_failslab+0x264/0x280 [ 1667.082601][T29384] should_failslab+0x29/0x70 [ 1667.096317][T29384] kmem_cache_alloc+0xd6/0xd10 [ 1667.107393][T29384] ? mempool_alloc_slab+0x66/0xc0 [ 1667.107439][T29384] ? kmsan_get_metadata+0x39/0x350 [ 1667.107490][T29384] ? __msan_poison_alloca+0x158/0x1a0 [ 1667.107531][T29384] mempool_alloc_slab+0x66/0xc0 [ 1667.107570][T29384] ? mempool_free+0x430/0x430 [ 1667.107625][T29384] mempool_alloc+0x116/0x810 [ 1667.117041][T29384] ? apic_timer_interrupt+0xa/0x40 [ 1667.161233][T29384] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1667.167277][T29384] bvec_alloc+0x2e8/0x440 [ 1667.171674][T29384] bio_alloc_bioset+0x72a/0xc10 [ 1667.176588][T29384] ext4_bio_write_page+0x1aa5/0x2990 [ 1667.182020][T29384] mpage_process_page_bufs+0xb9e/0xeb0 [ 1667.187545][T29384] mpage_prepare_extent_to_map+0xe2f/0x1210 [ 1667.193494][T29384] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1667.199422][T29384] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1667.205352][T29384] ext4_writepages+0x1943/0x6690 [ 1667.210323][T29384] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 1667.216413][T29384] ? is_bpf_text_address+0x47d/0x4b0 [ 1667.221773][T29384] ? arch_stack_walk+0x29a/0x3e0 [ 1667.226940][T29384] ? __msan_metadata_ptr_for_load_4+0x10/0x20 [ 1667.233126][T29384] ? kmsan_internal_set_origin+0x6a/0xb0 [ 1667.238784][T29384] ? kmsan_get_metadata+0x39/0x350 [ 1667.243923][T29384] ? ext4_readpage+0x440/0x440 [ 1667.248719][T29384] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1667.254639][T29384] ? ext4_readpage+0x440/0x440 [ 1667.259442][T29384] do_writepages+0x189/0x400 [ 1667.264086][T29384] __filemap_fdatawrite_range+0x53b/0x5b0 [ 1667.269858][T29384] file_write_and_wait_range+0x1b6/0x3d0 [ 1667.276508][T29384] __generic_file_fsync+0xfe/0x3e0 [ 1667.281661][T29384] ext4_sync_file+0x592/0x14f0 [ 1667.286501][T29384] ? ext4_getfsmap_compare+0x100/0x100 [ 1667.292011][T29384] vfs_fsync_range+0x2af/0x310 [ 1667.296832][T29384] __se_sys_msync+0x88b/0xb30 [ 1667.301568][T29384] __x64_sys_msync+0x4a/0x70 [ 1667.306191][T29384] do_syscall_64+0xb6/0x160 [ 1667.310739][T29384] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1667.316650][T29384] RIP: 0033:0x459f39 [ 1667.320572][T29384] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1667.340197][T29384] RSP: 002b:00007fe91d8fec78 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 1667.349073][T29384] RAX: ffffffffffffffda RBX: 00007fe91d8fec90 RCX: 0000000000459f39 [ 1667.357064][T29384] RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 [ 1667.365053][T29384] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1667.373042][T29384] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe91d8ff6d4 [ 1667.381028][T29384] R13: 00000000004c6a74 R14: 00000000004dbf78 R15: 0000000000000004 [ 1667.436041][T29390] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1667.445171][T29390] FAULT_INJECTION: forcing a failure. [ 1667.445171][T29390] name failslab, interval 1, probability 0, space 0, times 0 [ 1667.458047][T29390] CPU: 0 PID: 29390 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1667.465995][T29390] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1667.476109][T29390] Call Trace: [ 1667.479470][T29390] dump_stack+0x191/0x1f0 [ 1667.483853][T29390] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1667.489798][T29390] should_fail+0xa3f/0xa50 [ 1667.494266][T29390] __should_failslab+0x264/0x280 [ 1667.499245][T29390] should_failslab+0x29/0x70 [ 1667.503867][T29390] __kmalloc_node_track_caller+0x1c9/0x13d0 [ 1667.509799][T29390] ? hci_leds_init+0x6f/0x420 [ 1667.514513][T29390] ? refcount_dec_and_test_checked+0x14c/0x210 [ 1667.520711][T29390] devm_kmalloc+0xd9/0x5b0 [ 1667.525165][T29390] ? device_add+0x1aa1/0x2df0 [ 1667.529889][T29390] hci_leds_init+0x6f/0x420 [ 1667.534455][T29390] hci_register_dev+0x652/0xfd0 [ 1667.540224][T29390] hci_uart_tty_ioctl+0xe61/0x1140 [ 1667.545375][T29390] ? hci_uart_tty_write+0x30/0x30 [ 1667.551046][T29390] tty_ioctl+0x23e2/0x3100 [ 1667.555691][T29390] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1667.561616][T29390] ? tty_do_resize+0x230/0x230 [ 1667.566418][T29390] do_vfs_ioctl+0xea8/0x2c50 [ 1667.571067][T29390] ? security_file_ioctl+0x1bd/0x200 [ 1667.576401][T29390] __se_sys_ioctl+0x1da/0x270 [ 1667.581123][T29390] __x64_sys_ioctl+0x4a/0x70 [ 1667.585745][T29390] do_syscall_64+0xb6/0x160 [ 1667.590280][T29390] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1667.596192][T29390] RIP: 0033:0x459f39 [ 1667.600120][T29390] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1667.621677][T29390] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 15:29:59 executing program 3: [ 1667.630136][T29390] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1667.638139][T29390] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1667.646160][T29390] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1667.654850][T29390] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1667.662931][T29390] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 15:29:59 executing program 3: 15:29:59 executing program 0 (fault-call:7 fault-nth:3): r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:29:59 executing program 3: [ 1667.832024][T19754] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 1667.860213][T29396] FAULT_INJECTION: forcing a failure. [ 1667.860213][T29396] name failslab, interval 1, probability 0, space 0, times 0 [ 1667.873472][T29396] CPU: 0 PID: 29396 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0 [ 1667.881589][T29396] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1667.891691][T29396] Call Trace: [ 1667.895462][T29396] dump_stack+0x191/0x1f0 [ 1667.899837][T29396] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1667.906033][T29396] should_fail+0xa3f/0xa50 [ 1667.910492][T29396] __should_failslab+0x264/0x280 [ 1667.915467][T29396] should_failslab+0x29/0x70 [ 1667.920713][T29396] kmem_cache_alloc_node+0x103/0xe70 [ 1667.926037][T29396] ? kmsan_get_metadata+0x39/0x350 [ 1667.932131][T29396] ? create_task_io_context+0xc5/0x660 [ 1667.937619][T29396] ? kmsan_get_metadata+0x39/0x350 [ 1667.942863][T29396] create_task_io_context+0xc5/0x660 [ 1667.948194][T29396] generic_make_request_checks+0x1c43/0x2bb0 [ 1667.954235][T29396] ? generic_make_request+0x5c/0x1280 [ 1667.959632][T29396] ? generic_make_request+0x5c/0x1280 [ 1667.965032][T29396] ? apic_timer_interrupt+0xa/0x40 [ 1667.970261][T29396] generic_make_request+0x7a/0x1280 [ 1667.975511][T29396] ? kmsan_internal_set_origin+0x6a/0xb0 [ 1667.981173][T29396] ? apic_timer_interrupt+0xa/0x40 [ 1667.986338][T29396] submit_bio+0x480/0x970 [ 1667.990719][T29396] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1667.996652][T29396] ext4_io_submit+0x1fd/0x300 [ 1668.001372][T29396] ext4_writepages+0x1981/0x6690 [ 1668.006365][T29396] ? tick_program_event+0x105/0x1c0 [ 1668.011628][T29396] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1668.017566][T29396] ? alloc_pages_vma+0x7a0/0x18c0 [ 1668.022645][T29396] ? apic_timer_interrupt+0xa/0x40 [ 1668.027867][T29396] ? ext4_readpage+0x440/0x440 [ 1668.032664][T29396] ? ext4_getfsmap_compare+0x100/0x100 [ 1668.038156][T29396] ? ext4_readpage+0x440/0x440 [ 1668.042947][T29396] do_writepages+0x189/0x400 [ 1668.047594][T29396] __filemap_fdatawrite_range+0x53b/0x5b0 [ 1668.053624][T29396] file_write_and_wait_range+0x1b6/0x3d0 [ 1668.059474][T29396] __generic_file_fsync+0xfe/0x3e0 [ 1668.064634][T29396] ext4_sync_file+0x592/0x14f0 [ 1668.069460][T29396] ? ext4_getfsmap_compare+0x100/0x100 [ 1668.075122][T29396] vfs_fsync_range+0x2af/0x310 [ 1668.080045][T29396] __se_sys_msync+0x88b/0xb30 [ 1668.085038][T29396] __x64_sys_msync+0x4a/0x70 [ 1668.089672][T29396] do_syscall_64+0xb6/0x160 [ 1668.094232][T29396] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1668.100147][T29396] RIP: 0033:0x459f39 [ 1668.104075][T29396] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1668.124246][T29396] RSP: 002b:00007fe91d8fec78 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 1668.132693][T29396] RAX: ffffffffffffffda RBX: 00007fe91d8fec90 RCX: 0000000000459f39 [ 1668.140689][T29396] RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 [ 1668.148695][T29396] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1668.156693][T29396] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe91d8ff6d4 [ 1668.164950][T29396] R13: 00000000004c6a74 R14: 00000000004dbf78 R15: 0000000000000004 15:30:00 executing program 3: 15:30:00 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1668.302122][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1668.424504][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1668.435696][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1668.449449][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1668.458669][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1668.474150][T19754] usb 2-1: config 0 descriptor?? [ 1669.212889][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1669.219105][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1669.245244][T19754] usb 2-1: USB disconnect, device number 13 [ 1669.701970][T19765] Bluetooth: hci0: command 0x1003 tx timeout [ 1669.708291][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1669.931978][T19754] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 1670.172185][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1670.292350][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1670.303442][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1670.316525][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1670.325783][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1670.339530][T19754] usb 2-1: config 0 descriptor?? [ 1670.742482][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1670.748721][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1670.760474][T19754] usb 2-1: USB disconnect, device number 14 [ 1671.782042][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1671.788998][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1672.022530][ C1] net_ratelimit: 20 callbacks suppressed [ 1672.022553][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1672.034653][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1672.041048][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1672.047250][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1672.422637][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1672.428988][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1672.435725][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1672.442007][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1672.448520][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1672.454796][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1673.861890][T19754] Bluetooth: hci0: command 0x1009 tx timeout 15:30:09 executing program 4 (fault-call:5 fault-nth:35): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:30:09 executing program 3: 15:30:09 executing program 0 (fault-call:7 fault-nth:4): r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:30:09 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:30:09 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$HIDIOCGSTRING(r2, 0x81044804, &(0x7f0000000040)={0xec, "e4eac7a1678ea1730c54c380f322a5c50b70309e59b974ade5fabf4718e57504f6e38a3705c6a30f42d26bbb553f7ed8e444b69ed8e59772a5d778c63d594e2d6e1c07d315e7e3ac016b747bcbfbcdabb505c6c9952477d65f041aa03dafb09da2a0156fdfde5302cdf3545828058e4684589aa5468df6747f2f17fd8dc84c7666d39b88479655bd01e6821047a008e314281203757c8134d6ae99fb4384308d6abbb2ab6f0a0814384b2130de6e6cb1c3ea6212f4576d2ed3573d2bf717d8cee25a43bf7e2acf5c478231801892e58ec60b4eca381b3e99f38c8c789b899ff11a23a4187d4d4c3b1e3ee552"}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:30:09 executing program 5: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat(r1, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) ioctl$HIDIOCGCOLLECTIONINDEX(r2, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) 15:30:10 executing program 3: [ 1677.996099][T29411] FAULT_INJECTION: forcing a failure. [ 1677.996099][T29411] name failslab, interval 1, probability 0, space 0, times 0 [ 1678.009085][T29411] CPU: 0 PID: 29411 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0 [ 1678.017047][T29411] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1678.027127][T29411] Call Trace: [ 1678.030454][T29411] dump_stack+0x191/0x1f0 [ 1678.034824][T29411] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1678.041492][T29411] should_fail+0xa3f/0xa50 [ 1678.045978][T29411] __should_failslab+0x264/0x280 [ 1678.051049][T29411] should_failslab+0x29/0x70 [ 1678.055666][T29411] kmem_cache_alloc+0xd6/0xd10 [ 1678.060486][T29411] ? ext4_init_io_end+0x8f/0x260 [ 1678.065502][T29411] ? kmsan_internal_unpoison_shadow+0x42/0x80 [ 1678.071983][T29411] ext4_init_io_end+0x8f/0x260 [ 1678.076789][T29411] ext4_writepages+0x1c68/0x6690 [ 1678.082021][T29411] ? tick_program_event+0x105/0x1c0 [ 1678.087289][T29411] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1678.093224][T29411] ? alloc_pages_vma+0x7a1/0x18c0 [ 1678.098375][T29411] ? ext4_getfsmap_compare+0x100/0x100 [ 1678.103864][T29411] ? kmsan_get_metadata+0x39/0x350 [ 1678.109087][T29411] ? ext4_readpage+0x440/0x440 [ 1678.113885][T29411] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1678.119817][T29411] ? ext4_readpage+0x440/0x440 [ 1678.124965][T29411] do_writepages+0x189/0x400 [ 1678.129631][T29411] __filemap_fdatawrite_range+0x53b/0x5b0 [ 1678.135417][T29411] file_write_and_wait_range+0x1b6/0x3d0 [ 1678.141100][T29411] __generic_file_fsync+0xfe/0x3e0 [ 1678.146522][T29411] ext4_sync_file+0x592/0x14f0 [ 1678.151592][T29411] ? ext4_getfsmap_compare+0x100/0x100 [ 1678.157174][T29411] vfs_fsync_range+0x2af/0x310 [ 1678.161986][T29411] __se_sys_msync+0x88b/0xb30 [ 1678.166718][T29411] __x64_sys_msync+0x4a/0x70 [ 1678.171337][T29411] do_syscall_64+0xb6/0x160 [ 1678.175875][T29411] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1678.181794][T29411] RIP: 0033:0x459f39 [ 1678.185719][T29411] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1678.207170][T29411] RSP: 002b:00007fe91d8fec78 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 1678.215970][T29411] RAX: ffffffffffffffda RBX: 00007fe91d8fec90 RCX: 0000000000459f39 [ 1678.223962][T29411] RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 [ 1678.232132][T29411] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1678.240300][T29411] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe91d8ff6d4 [ 1678.249525][T29411] R13: 00000000004c6a74 R14: 00000000004dbf78 R15: 0000000000000004 [ 1678.262810][ C1] net_ratelimit: 20 callbacks suppressed [ 1678.262832][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1678.274935][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1678.281348][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1678.287727][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1678.296251][T29417] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1678.305145][T29417] FAULT_INJECTION: forcing a failure. [ 1678.305145][T29417] name failslab, interval 1, probability 0, space 0, times 0 [ 1678.317997][T29417] CPU: 0 PID: 29417 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1678.325935][T29417] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1678.336041][T29417] Call Trace: [ 1678.339421][T29417] dump_stack+0x191/0x1f0 [ 1678.343847][T29417] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1678.350028][T29417] should_fail+0xa3f/0xa50 [ 1678.355586][T29417] __should_failslab+0x264/0x280 [ 1678.361205][T29417] should_failslab+0x29/0x70 [ 1678.372034][T29417] __kmalloc_node_track_caller+0x1c9/0x13d0 [ 1678.377997][T29417] ? devm_kasprintf+0x2d7/0x3d0 [ 1678.382930][T29417] devm_kmalloc+0xd9/0x5b0 [ 1678.387415][T29417] devm_kasprintf+0x2d7/0x3d0 [ 1678.392199][T29417] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1678.398169][T29417] hci_leds_init+0x194/0x420 [ 1678.402815][T29417] hci_register_dev+0x652/0xfd0 [ 1678.407716][T29417] hci_uart_tty_ioctl+0xe61/0x1140 [ 1678.412878][T29417] ? hci_uart_tty_write+0x30/0x30 [ 1678.417948][T29417] tty_ioctl+0x23e2/0x3100 [ 1678.422433][T29417] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1678.428356][T29417] ? tty_do_resize+0x230/0x230 [ 1678.433149][T29417] do_vfs_ioctl+0xea8/0x2c50 [ 1678.437924][T29417] ? security_file_ioctl+0x1bd/0x200 [ 1678.443709][T29417] __se_sys_ioctl+0x1da/0x270 [ 1678.448441][T29417] __x64_sys_ioctl+0x4a/0x70 [ 1678.453071][T29417] do_syscall_64+0xb6/0x160 [ 1678.457612][T29417] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1678.463700][T29417] RIP: 0033:0x459f39 [ 1678.467827][T29417] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1678.487454][T29417] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1678.495898][T29417] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1678.504160][T29417] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1678.512164][T29417] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1678.520592][T29417] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1678.528584][T29417] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 15:30:10 executing program 3: [ 1678.621951][T19754] usb 2-1: new high-speed USB device number 15 using dummy_hcd 15:30:10 executing program 0 (fault-call:7 fault-nth:5): r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:30:10 executing program 3: [ 1678.662596][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1678.669336][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1678.676099][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1678.683469][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1678.698285][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1678.704741][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1678.795377][T29427] FAULT_INJECTION: forcing a failure. [ 1678.795377][T29427] name failslab, interval 1, probability 0, space 0, times 0 [ 1678.808702][T29427] CPU: 0 PID: 29427 Comm: syz-executor.0 Not tainted 5.4.0-rc3+ #0 [ 1678.816984][T29427] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1678.827084][T29427] Call Trace: [ 1678.830444][T29427] dump_stack+0x191/0x1f0 [ 1678.834843][T29427] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1678.840805][T29427] should_fail+0xa3f/0xa50 [ 1678.845318][T29427] __should_failslab+0x264/0x280 [ 1678.850329][T29427] should_failslab+0x29/0x70 [ 1678.854977][T29427] kmem_cache_alloc+0xd6/0xd10 [ 1678.859808][T29427] ? mempool_alloc_slab+0x66/0xc0 [ 1678.864909][T29427] ? __msan_poison_alloca+0x158/0x1a0 [ 1678.870333][T29427] ? lapic_next_event+0x6e/0xa0 [ 1678.875245][T29427] mempool_alloc_slab+0x66/0xc0 [ 1678.880410][T29427] ? mempool_free+0x430/0x430 [ 1678.885137][T29427] mempool_alloc+0x116/0x810 [ 1678.889812][T29427] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1678.896202][T29427] sg_pool_alloc+0x168/0x190 [ 1678.900863][T29427] __sg_alloc_table+0x2b5/0x890 [ 1678.905808][T29427] sg_alloc_table_chained+0x1fd/0x4a0 [ 1678.911320][T29427] ? sg_alloc_table_chained+0x4a0/0x4a0 [ 1678.916932][T29427] scsi_init_io+0x17b/0xac0 [ 1678.921502][T29427] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1678.927465][T29427] sd_init_command+0x3cf/0x4ae0 [ 1678.932474][T29427] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1678.939858][T29427] ? sd_rescan+0x90/0x90 [ 1678.944420][T29427] scsi_queue_rq+0x34eb/0x4c70 [ 1678.949270][T29427] ? scsi_vpd_tpg_id+0x3e0/0x3e0 [ 1678.955230][T29427] blk_mq_dispatch_rq_list+0xec5/0x2850 [ 1678.961135][T29427] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1678.967108][T29427] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1678.973100][T29427] blk_mq_sched_dispatch_requests+0xc00/0x1850 [ 1678.979411][T29427] ? rb_insert_color+0xbc3/0x1170 [ 1678.984534][T29427] __blk_mq_run_hw_queue+0x170/0x3a0 [ 1678.989894][T29427] __blk_mq_delay_run_hw_queue+0x14c/0x6b0 [ 1678.995961][T29427] blk_mq_run_hw_queue+0x4ac/0x690 [ 1679.001148][T29427] blk_mq_sched_insert_requests+0x4a5/0x650 [ 1679.007131][T29427] blk_mq_flush_plug_list+0x1142/0x1170 [ 1679.012745][T29427] ? kmsan_internal_set_origin+0x79/0xb0 [ 1679.018473][T29427] blk_flush_plug_list+0x708/0x790 [ 1679.023676][T29427] blk_finish_plug+0xa0/0xd0 [ 1679.028336][T29427] ext4_writepages+0x1a99/0x6690 [ 1679.033331][T29427] ? tick_program_event+0x105/0x1c0 [ 1679.038999][T29427] ? alloc_pages_vma+0x7a0/0x18c0 [ 1679.044090][T29427] ? apic_timer_interrupt+0xa/0x40 [ 1679.049270][T29427] ? ext4_getfsmap_compare+0x100/0x100 [ 1679.054802][T29427] ? kmsan_get_shadow_origin_ptr+0x44a/0x4b0 [ 1679.060846][T29427] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1679.066814][T29427] ? ext4_readpage+0x440/0x440 [ 1679.071641][T29427] do_writepages+0x189/0x400 [ 1679.076322][T29427] __filemap_fdatawrite_range+0x53b/0x5b0 [ 1679.082137][T29427] file_write_and_wait_range+0x1b6/0x3d0 [ 1679.087848][T29427] __generic_file_fsync+0xfe/0x3e0 [ 1679.093039][T29427] ext4_sync_file+0x592/0x14f0 [ 1679.097887][T29427] ? ext4_getfsmap_compare+0x100/0x100 [ 1679.104114][T29427] vfs_fsync_range+0x2af/0x310 [ 1679.109767][T29427] __se_sys_msync+0x88b/0xb30 [ 1679.114538][T29427] __x64_sys_msync+0x4a/0x70 [ 1679.119189][T29427] do_syscall_64+0xb6/0x160 [ 1679.124544][T29427] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1679.130488][T29427] RIP: 0033:0x459f39 [ 1679.134443][T29427] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1679.154271][T29427] RSP: 002b:00007fe91d8fec78 EFLAGS: 00000246 ORIG_RAX: 000000000000001a [ 1679.162822][T29427] RAX: ffffffffffffffda RBX: 00007fe91d8fec90 RCX: 0000000000459f39 [ 1679.170842][T29427] RDX: 0000000000000004 RSI: 087abbe8d1cc6ad9 RDI: 0000000020952000 [ 1679.178951][T29427] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1679.187055][T29427] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe91d8ff6d4 15:30:11 executing program 3: [ 1679.195077][T29427] R13: 00000000004c6a74 R14: 00000000004dbf78 R15: 0000000000000004 15:30:11 executing program 3: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000001c0)=[@textreal={0x8, &(0x7f0000000080)="f2a6bad004b00fee0f090f3036f30f1a9700000f08bad004b0beeef30f2af8baa100b000ee", 0x25}], 0x1, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000040)=0x96d1, 0x4) fsetxattr$security_ima(0xffffffffffffffff, &(0x7f0000000100)='security.ima\x00', 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) accept4(0xffffffffffffffff, &(0x7f0000000500)=@rxrpc=@in6={0x21, 0x0, 0x2, 0x1c, {0xa, 0x0, 0x0, @dev}}, &(0x7f0000000000)=0x80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f0000000140)=[@textreal={0x8, 0x0}], 0xaaaabd4, 0x0, 0x0, 0x152) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000400)={[0x0, 0x0, 0x800, 0x0, 0x0, 0x0, 0x4ce]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) write$P9_RVERSION(r4, &(0x7f00000000c0)={0x15, 0x65, 0xffff, 0x10000, 0x8, '9P2000.L'}, 0x15) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003140)=[{{0x0, 0x0, &(0x7f0000001b00)=[{&(0x7f0000000580)="9e1e88e43e4244e4e64f10ebec34f1b1ca8e9250b348d94969b0db7ac8cdd1d3fc1141b3cf2ba88ec3c63bb965efb97c5cc94930a6cca929c983ed39610ddab7310c85a821a10fef33074f6af0141464ea3e4a5b395ca5d87aceb31227b12009609098078229a4e4d8ee9eb35ed76d205d0d18b5567e7b9755b907c402652dbd11a9706598fc56cde4cadcbecb60363bba20cafd9675b0099d074b92e067800069924c527597654c5916237b10ab544948ed74c69b2bb4df1ab1243158a1cf8c215174cb0b7f3a97ab857447afc4e5f94e9952bd3a4214da5b3e9f8c3f949df0cf37757b9a44376618b1e3676e0a77045a8f9dc50561a41f64057544d7b6c1de973ee2b6d58fec2733ee3ab63dbc90006be6e5341f2a6b8aaef27a383a0626f2281210031e498d06152dbcf6d7e1a9e954a21ae92957e13c08fc41c50d844fee3f8ad2285cabd5db5f6c1d3845f33fa9ba2d4d28d92e2572c5363a1949782ded0b35105f002867b09bf5964b76f8695c3998828244711a30af8fa731e83795244fca855fa71147102df3ff93948269e815c82707572983291341a7a2ab4eac7f1dd0dbf5ea85977b9c7e5d593520a2452e04ddc18efbf70d584af148346908f8718eb7537763f8d2a68172c51c7a0e04255d4df6f1586a28fc7e821c7c29758d845563fd0c6a0d4b5a7cbd1610903149df33c1e24cf8651748c15eb3e2deb548145496d71a22d3d854b1faefe68039e678d1b517497da25a10070f0bf799525c378c1c5c69b37513be44245cb341ae25792c8fb0e45578f16aeb13070275c23d6b04712cd0e965cf251789e9a777b279e171e66ed9872d23b42d2c1ee7f2a7ddc842128b6a1d120cc1d521274e3b29f77c9d85c4a8d971d16177705f1947cc656d7b4c52adedffddf6ea480c20a2b3f2ee98fa2b2b503b11931a2c61a16e399af59a7148a86718b73062ab98b7c0b396bd672c1451905e12495091850a562902d5c60b5feb33e0cffbf6fe4f1fa289650589430ed1f3fa4d8bae45752b4a371fae95c2e5f247254ef3d83d4e7db3652fad4e52fa73bc74ab52a50e9d7d91919bdb2c863779b145bf2d6b3d6e5f3727fe36891b3202ce02ee8a79e35390b50c5b37ed9dc09684144edf854fbecfdc93a1f5", 0x331}], 0x1}}], 0x1, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) [ 1679.265372][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1679.395649][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1679.399067][T29432] kvm [29431]: vcpu0, guest rIP: 0x8a disabled perfctr wrmsr: 0x186 data 0x4d00000000f [ 1679.406795][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1679.406907][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1679.406984][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1679.424383][T19754] usb 2-1: config 0 descriptor?? [ 1680.192674][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1680.198910][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1680.211172][T19754] usb 2-1: USB disconnect, device number 15 [ 1680.582083][T19754] Bluetooth: hci0: command 0x1003 tx timeout [ 1680.588579][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1680.892227][T19754] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 1681.132298][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1681.252401][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1681.263578][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1681.276653][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1681.285848][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1681.299781][T19754] usb 2-1: config 0 descriptor?? [ 1681.702466][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1681.709204][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1681.725597][T19754] usb 2-1: USB disconnect, device number 16 [ 1682.661930][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1682.668246][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1684.502506][ C1] net_ratelimit: 20 callbacks suppressed [ 1684.502530][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1684.514735][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1684.521091][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1684.527299][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1684.742042][T19754] Bluetooth: hci0: command 0x1009 tx timeout [ 1684.902338][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1684.908489][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1684.914930][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1684.920949][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1684.927328][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1684.933682][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:30:20 executing program 4 (fault-call:5 fault-nth:36): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:30:20 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:30:20 executing program 0 (fault-call:7 fault-nth:6): r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:30:20 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000180)='./cgroup\x00', 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x13\xb46\x01\xf7\x9f\xa5\xed\xd84\xd0\f\xe21z\xf9\xdc\x0e%\xa7\x01\xee\x03\x81mn\xc8\xda\xf0(\xbdH;$\x05\x1fl\x89\xa1\x8c\xb8\xf4\x86\xbf_\xf8n*6~\xc6\xa9\x04\x10\xf3\xfa\xcb\xd1\n\xba\x8a\xd7#\x12\xe2\xd0\xa9(\x84\xa3\x81\x9d\xa6:\a\xf9\xf8\"\xf6\xfe\xf3\xb6\x9fS\xe7\xe6\xf6\xbba\xd8\xb6\xe7\xcf\x80\x80\xcb6\xb8\x15Pz\x03!\xdfu\x91\xa7H\x14\xf7]\xa7\xc6\x14\xec\x1c\x01\x8c', 0x2, 0x0) writev(r2, &(0x7f0000000700)=[{&(0x7f0000000380)='G', 0x9a}], 0x10b0) 15:30:20 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) unlinkat(r2, &(0x7f0000000040)='./file0\x00', 0x200) 15:30:20 executing program 5: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat(r1, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) ioctl$HIDIOCGCOLLECTIONINDEX(r2, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) ioctl$PERF_EVENT_IOC_ENABLE(0xffffffffffffffff, 0x8912, 0x400200) [ 1688.889545][T29447] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1688.898958][T29447] FAULT_INJECTION: forcing a failure. [ 1688.898958][T29447] name failslab, interval 1, probability 0, space 0, times 0 [ 1688.911905][T29447] CPU: 1 PID: 29447 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1688.919860][T29447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1688.930091][T29447] Call Trace: [ 1688.933463][T29447] dump_stack+0x191/0x1f0 [ 1688.937877][T29447] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1688.943861][T29447] should_fail+0xa3f/0xa50 [ 1688.948377][T29447] __should_failslab+0x264/0x280 [ 1688.953406][T29447] should_failslab+0x29/0x70 [ 1688.958031][T29447] __kmalloc_node_track_caller+0x1c9/0x13d0 [ 1688.963957][T29447] ? devm_kasprintf+0x2d7/0x3d0 [ 1688.968877][T29447] devm_kmalloc+0xd9/0x5b0 [ 1688.973355][T29447] devm_kasprintf+0x2d7/0x3d0 [ 1688.978110][T29447] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1688.984049][T29447] hci_leds_init+0x194/0x420 [ 1688.988770][T29447] hci_register_dev+0x652/0xfd0 [ 1688.993674][T29447] hci_uart_tty_ioctl+0xe61/0x1140 [ 1688.999252][T29447] ? hci_uart_tty_write+0x30/0x30 [ 1689.004301][T29447] tty_ioctl+0x23e2/0x3100 [ 1689.009203][T29447] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1689.015122][T29447] ? tty_do_resize+0x230/0x230 [ 1689.019921][T29447] do_vfs_ioctl+0xea8/0x2c50 [ 1689.024563][T29447] ? security_file_ioctl+0x1bd/0x200 [ 1689.029888][T29447] __se_sys_ioctl+0x1da/0x270 [ 1689.034605][T29447] __x64_sys_ioctl+0x4a/0x70 [ 1689.039223][T29447] do_syscall_64+0xb6/0x160 [ 1689.043762][T29447] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1689.049677][T29447] RIP: 0033:0x459f39 [ 1689.053604][T29447] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1689.073459][T29447] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1689.081989][T29447] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 15:30:21 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) r1 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r2) r3 = dup2(r2, r1) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) ioctl$KVM_SIGNAL_MSI(r3, 0x4020aea5, &(0x7f0000000000)={0x5000, 0x2000, 0x9, 0x0, 0x9}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) preadv(r5, &(0x7f0000002880)=[{&(0x7f0000000040)=""/124, 0x7c}], 0x1, 0x0) 15:30:21 executing program 3: r0 = perf_event_open(&(0x7f0000000040)={0x1, 0x70, 0x5, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff7fffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_bp={&(0x7f00000002c0)}, 0x208ca}, 0x0, 0xfffffeffffffffff, 0xffffffffffffffff, 0x5) r1 = perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x2, 0xb95a}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) r4 = socket$inet6(0xa, 0x5, 0x4) bind$inet6(r4, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r4, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) fcntl$F_SET_RW_HINT(r4, 0x40c, &(0x7f00000001c0)=0x4) r5 = gettid() process_vm_writev(r5, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r6, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r6, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) getsockopt$IP6T_SO_GET_ENTRIES(r6, 0x29, 0x41, &(0x7f0000000200)={'raw\x00', 0x3e, "230a43bffb30bea8b633b4be87cf364a823eae0e4c538543b69fba937c9312d1f93fb222becae53625f53f70e0bfa16cd06c17a342a7d6a4263836819062"}, &(0x7f0000000280)=0x62) open$dir(&(0x7f00000000c0)='./file0\x00', 0xe0041, 0x20) write$FUSE_LK(r3, &(0x7f0000000000)={0x28, 0xffffffffffffffda, 0x4, {{0x7, 0x40, 0x5, r5}}}, 0x28) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x11, r1, 0x0) ioctl$PERF_EVENT_IOC_SET_OUTPUT(r0, 0x2405, r1) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='net/wireless\x00') ioctl$sock_inet_udp_SIOCINQ(r7, 0x541b, &(0x7f0000000140)) ioctl$PERF_EVENT_IOC_PAUSE_OUTPUT(r1, 0x40042409, 0x1) syz_open_procfs(0x0, &(0x7f0000272000)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r8) ioctl$sock_inet_SIOCGIFPFLAGS(r8, 0x8935, &(0x7f0000000300)={'eql\x00', 0x1}) [ 1689.089978][T29447] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1689.098593][T29447] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1689.106583][T29447] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1689.114570][T29447] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1689.195060][T28149] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 1689.442257][T28149] usb 2-1: Using ep0 maxpacket: 16 [ 1689.562571][T28149] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1689.573752][T28149] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1689.586810][T28149] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1689.596025][T28149] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 15:30:21 executing program 3: syz_usb_connect(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000c9cfcf104c05e1021dfd0000000109022400010000000009046b0002b36de400090505e9fe85bad5395bdea902000000000009058f00000000000bf8000168d602eae032ff6837707087070df367b1b75b9b008ea49336ddacc641c236390c01cb90f68de6288c926df2c987d7b64765acfbfa38052f4bf0daee9060002eb5d5990142085dd45b7b9e48c87567e1fed88571ea65545af01645dc0d3247b41893335291b00b3592fc32c84d94f96b082b21f87ca2965c6d1a4c2699f6dfff695aa0ff11f239dd29981d9277f29feb27da54c47c20"], 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r0) ioctl$SIOCGSTAMP(r0, 0x8906, &(0x7f0000000000)) 15:30:21 executing program 2: r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1689.762743][T28149] usb 2-1: config 0 descriptor?? [ 1690.022317][T19754] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 1690.272959][T19754] usb 4-1: Using ep0 maxpacket: 16 15:30:22 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) r1 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer\x00', 0x230000, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000)='/dev/sequencer2\x00', 0x0, 0x0) ioctl$TCSETS(r2, 0x5402, 0x0) ioctl$KDGKBLED(r2, 0xc0045405, &(0x7f0000a07fff)) r3 = syz_open_dev$vcsa(&(0x7f00000013c0)='/dev/vcsa#\x00', 0x0, 0x0) ioctl$DRM_IOCTL_ADD_CTX(0xffffffffffffffff, 0xc0086420, &(0x7f0000001400)={0x0}) ioctl$DRM_IOCTL_NEW_CTX(r3, 0x40086425, &(0x7f0000001440)={r4, 0x7}) ioctl$DRM_IOCTL_GET_CTX(r2, 0xc0086423, &(0x7f0000000140)={r4, 0x1}) ioctl$DRM_IOCTL_UNLOCK(r1, 0x4008642b, &(0x7f0000000040)={r4, 0x42}) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r5, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1690.402229][T19754] usb 4-1: config 0 has an invalid interface number: 107 but max is 0 [ 1690.410545][T19754] usb 4-1: config 0 has an invalid descriptor of length 91, skipping remainder of the config [ 1690.420968][T19754] usb 4-1: config 0 has no interface number 0 [ 1690.427448][T19754] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x5 has an invalid bInterval 186, changing to 7 [ 1690.438779][T19754] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x5 has invalid maxpacket 1534, setting to 1024 [ 1690.450036][T19754] usb 4-1: config 0 interface 107 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1690.463495][T19754] usb 4-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=fd.1d [ 1690.463568][T19754] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1690.476028][T19754] usb 4-1: config 0 descriptor?? 15:30:22 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x3f}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_dev$swradio(&(0x7f0000000000)='/dev/swradio#\x00', 0x0, 0x2) r2 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r2, &(0x7f00000001c0)={0xa, 0x0, 0x0, @local, 0x2}, 0x1c) connect$inet6(r2, &(0x7f0000000180)={0xa, 0x0, 0x0, @ipv4={[], [], @loopback}}, 0x1c) r3 = socket$inet6(0xa, 0x5, 0x0) r4 = socket$inet6_sctp(0xa, 0x10000000005, 0x84) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f000095dff8)={0x1, [0x0]}, &(0x7f000095dffc)=0x8) setsockopt$inet_sctp6_SCTP_MAXSEG(r3, 0x84, 0xd, &(0x7f0000000180)=@assoc_value={r5}, 0x8) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r2, 0x84, 0x66, &(0x7f0000000040)={r5, 0x70}, &(0x7f0000000080)=0x8) setsockopt$inet_sctp_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f00000000c0)={r6, 0x4, 0x20}, 0xc) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r7, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1690.512857][T28149] usbhid 2-1:0.0: can't add hid device: -71 [ 1690.519194][T28149] usbhid: probe of 2-1:0.0 failed with error -71 [ 1690.533972][T19754] pn533_usb 4-1:0.107: NFC: Could not find bulk-in or bulk-out endpoint [ 1690.549836][T28149] usb 2-1: USB disconnect, device number 17 [ 1690.737140][T27852] usb 4-1: USB disconnect, device number 52 [ 1690.752316][ C1] net_ratelimit: 20 callbacks suppressed [ 1690.752330][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1690.764399][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1690.770628][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1690.776861][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1691.141984][T19765] Bluetooth: hci0: command 0x1003 tx timeout [ 1691.142332][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1691.148280][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1691.154260][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1691.166385][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1691.172609][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1691.178841][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1691.185037][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1691.262064][T19754] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 1691.501900][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1691.512341][T27852] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 1691.622393][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1691.633832][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1691.646898][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1691.656272][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1691.670489][T19754] usb 2-1: config 0 descriptor?? [ 1691.792351][T27852] usb 4-1: Using ep0 maxpacket: 16 [ 1691.942172][T27852] usb 4-1: config 0 has an invalid interface number: 107 but max is 0 [ 1691.950446][T27852] usb 4-1: config 0 has an invalid descriptor of length 91, skipping remainder of the config [ 1691.960851][T27852] usb 4-1: config 0 has no interface number 0 [ 1691.967166][T27852] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x5 has an invalid bInterval 186, changing to 7 [ 1691.978466][T27852] usb 4-1: config 0 interface 107 altsetting 0 endpoint 0x5 has invalid maxpacket 1534, setting to 1024 [ 1691.989810][T27852] usb 4-1: config 0 interface 107 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1692.003924][T27852] usb 4-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=fd.1d [ 1692.013144][T27852] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1692.092600][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1692.092694][T27852] usb 4-1: config 0 descriptor?? [ 1692.098780][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1692.115857][T19754] usb 2-1: USB disconnect, device number 18 [ 1692.153319][T27852] pn533_usb 4-1:0.107: NFC: Could not find bulk-in or bulk-out endpoint [ 1692.355234][T27852] usb 4-1: USB disconnect, device number 53 [ 1693.222104][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1693.228345][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1695.302032][T19754] Bluetooth: hci0: command 0x1009 tx timeout [ 1696.982557][ C1] net_ratelimit: 20 callbacks suppressed [ 1696.988382][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1696.994582][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1697.001058][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1697.007224][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1697.382164][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1697.388161][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1697.394830][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1697.400808][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1697.407247][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1697.413329][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:30:31 executing program 4 (fault-call:5 fault-nth:37): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:30:31 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) r1 = syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x3, 0x2) syz_extract_tcp_res(&(0x7f0000000040)={0x41424344}, 0x7, 0xcd19) write$tun(r1, &(0x7f00000002c0)=ANY=[@ANYBLOB="6f58fba501543b0400000000000000000000000000000001fe8000000000000000000000000000bb01040000000000000401dac910fe8000000000000000000000000000aa000100c20400000007c20400000005000000003a007f4167000000520207040000000000000000000000000000ffff00000000320800ff00bd7d59000000ff02000000000000000000000000000100000000000000000000ffffac1e000100000000000000000000000000000001fe8000000000000000000005020800000000004e00"/212, @ANYRES32=0x41424344, @ANYRES32=r2, @ANYBLOB="81c2007f907801fffe06e2d4c3d9fe06e2d4c3d901fe06e2d4c3d9fe06e2d4c3d91312f4b4e08530fb96ec00c5a1954bdf1d98051e000000070000e8f7000000050000ffff80000001000000050000001f030319221e9af634c2632bd11efb882ad7f04061fbc14d75b446e5d72a33837e9e64c0290db3667660386a1ed34211d41f3ca62ae45c213fb2e84f30b9301f512496a6e8189994301e4dc9a8333825"], 0x17c) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r3, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:30:31 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:30:31 executing program 1: r0 = syz_usb_connect$hid(0xb, 0x2f, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0xb9c0f8a0ae79920c, 0x46d, 0xc294, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x80, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x4, 0x81, 0x1, {0x22, 0xab}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x57}}, [{{0x9, 0x5, 0x2, 0x3, 0x23b, 0x2, 0x1, 0x7}}]}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) r1 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc218, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x9, 0x0, 0x20, [{{0x9, 0x4, 0x0, 0x5, 0x2, 0x3, 0x1, 0x0, 0x2, {0x9, 0x21, 0x7f, 0x7, 0x1, {0x22, 0xd94}}, {{{0x9, 0x5, 0x81, 0x3, 0xd7, 0x2, 0x7f, 0x1}}}}}]}}]}}, &(0x7f0000000480)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x250, 0x9, 0x2, 0x4, 0x20, 0xe}, 0x23, &(0x7f00000000c0)={0x5, 0xf, 0x23, 0x3, [@ext_cap={0x7, 0x10, 0x2, 0xe, 0x4, 0x4, 0x8}, @ptm_cap={0x3}, @ss_container_id={0x14, 0x10, 0x4, 0x0, "5b5eb07474fe404d1568cc511dc0e7f9"}]}, 0x7, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x42c}}, {0xd9, &(0x7f0000000140)=@string={0xd9, 0x3, "83668fa7c8a424e10025d09e750b76fb63954007e407dc97ec31e414288cd8cfd21e80bd50bf70922ddf81b61ab3f3af5ec9baf6060330e01cb17dc464e3c21060cb0b7ebba6a028073a9f0dee07070337c55559f3363236f857e9ae5e8f1a6143be418a5b1cd4ac5469ec91506f48b44032867fd49c6871256f505ddc29d711691c555c1dac55f65eefa23701d08eb4dfad20fe4c9e68d5bb53c4f89940967a8114921dca5b994f0ae126b1024ba0c011bd3a8d67ec28a0031d2a04ecb5664ed2952d141d690d184d16b968098b86539889e83f5e117e"}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0xc04}}, {0x80, &(0x7f0000000300)=@string={0x80, 0x3, "2aedb7710612a875f5de482ea017927797eef404f0406662a3020dde39b657f713324361dd6173afc61dfbd3a0d0275cfcc9126290d3fb9e95df5f90862296ec16a2873b314efb7a4606af7c233e790b6a57a6ee840e5a24099435e5e6a833cfc4d172c54e3ea6a8ae5bd05a75a6fea0576cb499738dd5ad237ebbd8566c"}}, {0x5f, &(0x7f0000000380)=@string={0x5f, 0x3, "e770dc10bb15493b04d3a43e2f4be77a73c4f49d41207c7ee932fc521b757863856ab7f70a2274c4b6fe23d63fa1409704269cb86903d2eb786e4919a52fe7c945f595623e0a9993c4bd99e1fd030332be3b490e8a113ecc555c956976"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x429}}, {0x4, &(0x7f0000000440)=@lang_id={0x4, 0x3, 0x1806}}]}) syz_usb_control_io$hid(r1, &(0x7f00000006c0)={0x24, &(0x7f0000000500)={0x20, 0x11, 0xd0, {0xd0, 0x19, "f45967d918b866b64e4efe720f55d52975f91458953a0e79b0cb6893d66c7edffa9b4d14aaf46ad7e23c2d331a785b805be1c44d4d501255a21ae24f34d883cb191aa2d9717a1af26dc63eaf024d3482ce2249e24b4db3f95090accb8c3f1bee2a9b3f1971314c2a6530fe3458bd548efa7ec1f3c64e52d010488841ee4d73fcedf95d6490ab74104ecca4cb323586cb20a132999c26abb0e52f6e69889a9714bca0392999c133360badbe53aac7c5bfa4a2dfda80754d516b8440bc7b28cb5a96f348f154d8fb25bc458e8eda10"}}, &(0x7f0000000600)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x7813}}, &(0x7f0000000640)={0x0, 0x22, 0x5, {[@global=@item_4={0x3, 0x1, 0x4, "f3eb5381"}]}}, &(0x7f0000000680)={0x0, 0x21, 0x9, {0x9, 0x21, 0x6, 0x6, 0x1, {0x22, 0x79b}}}}, &(0x7f0000000900)={0x2c, &(0x7f0000000700)={0x40, 0x15, 0xdc, "655f37f6d947a0fd010efc88e00edde085fce384cbf5b403579f31470260cb7b8c4598491d542029cb10a819917f90d154564681f8c0f863d17a890c92895bba42a043b39726d12f281b01a5ab0d83d30ea8edb2cbb4489713b94258a8262f4261c52cb8f223dade527ae9e53fe6b3cfc3733c48ee43f3a9da87cf257f7ba672924f418faad4b5d7177f45597b75b7a234b8c74140c21870939e40c0d38d776158c6389c73e2225db830edef54d2c96bb1988ce3e1a4d1f71b969207460c37b85382785115de72e7021916c0c0220cb973e6d169e5da63fdd817dceb"}, &(0x7f0000000800)={0x0, 0xa, 0x1, 0x7f}, &(0x7f0000000840)={0x0, 0x8, 0x1}, &(0x7f0000000880)={0x20, 0x1, 0x2e, "bcbc3148166f6e856c151d84dc809d55f244e93f81cdc8feda7c6f68ff8e302701cfc7d1b79f66ed555e7dd1bf62"}, &(0x7f00000008c0)={0x20, 0x3, 0x1}}) 15:30:31 executing program 3: perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) r0 = syz_open_dev$vbi(&(0x7f0000000080)='/dev/vbi#\x00', 0x1, 0x2) ioctl$VIDIOC_S_INPUT(r0, 0xc0045627, &(0x7f0000000140)=0x1) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000180)={0x5, @vbi={0x0, 0x0, 0x0, 0x3136564e}}) r1 = dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) pipe2(&(0x7f0000000100)={0xffffffffffffffff}, 0x80000) ioctl$UFFDIO_ZEROPAGE(r2, 0xc020aa04, &(0x7f0000000280)={{&(0x7f0000ff2000/0xe000)=nil, 0xe000}}) ioctl$EVIOCGBITSND(r1, 0x80404532, &(0x7f0000000340)=""/255) r3 = gettid() r4 = openat$null(0xffffffffffffff9c, &(0x7f00000002c0)='/dev/null\x00', 0x800, 0x0) write$P9_RSYMLINK(r4, &(0x7f0000000300)={0x14, 0x11, 0x2, {0xb5, 0x0, 0x8}}, 0x14) syz_open_procfs(r3, &(0x7f0000000040)='loginuid\x00') ptrace$cont(0x3, r3, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_GET_ASSOC_NUMBER(r0, 0x84, 0x1c, &(0x7f0000000000), &(0x7f00000000c0)=0x4) preadv(0xffffffffffffffff, 0x0, 0x0, 0x0) unshare(0x40000000) 15:30:31 executing program 5: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) openat(r3, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) r4 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) [ 1699.757693][T29495] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1699.766800][T29495] FAULT_INJECTION: forcing a failure. [ 1699.766800][T29495] name failslab, interval 1, probability 0, space 0, times 0 [ 1699.779579][T29495] CPU: 1 PID: 29495 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1699.787508][T29495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1699.796798][T29487] IPVS: ftp: loaded support on port[0] = 21 [ 1699.797595][T29495] Call Trace: [ 1699.797649][T29495] dump_stack+0x191/0x1f0 [ 1699.797721][T29495] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1699.817177][T29495] should_fail+0xa3f/0xa50 [ 1699.821675][T29495] __should_failslab+0x264/0x280 [ 1699.826678][T29495] should_failslab+0x29/0x70 [ 1699.831326][T29495] __kmalloc_node_track_caller+0x1c9/0x13d0 [ 1699.837295][T29495] ? devm_led_trigger_register+0x84/0x220 [ 1699.843365][T29495] devres_alloc_node+0xcd/0x2d0 [ 1699.848303][T29495] ? devm_led_trigger_register+0x220/0x220 15:30:31 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1699.855045][T29495] devm_led_trigger_register+0x84/0x220 [ 1699.860670][T29495] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1699.866646][T29495] hci_leds_init+0x21e/0x420 [ 1699.871312][T29495] hci_register_dev+0x652/0xfd0 [ 1699.876595][T29495] hci_uart_tty_ioctl+0xe61/0x1140 [ 1699.884745][T29495] ? hci_uart_tty_write+0x30/0x30 [ 1699.889852][T29495] tty_ioctl+0x23e2/0x3100 [ 1699.894366][T29495] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1699.900319][T29495] ? tty_do_resize+0x230/0x230 [ 1699.905121][T29495] do_vfs_ioctl+0xea8/0x2c50 [ 1699.909754][T29495] ? security_file_ioctl+0x1bd/0x200 [ 1699.915077][T29495] __se_sys_ioctl+0x1da/0x270 [ 1699.919798][T29495] __x64_sys_ioctl+0x4a/0x70 [ 1699.924413][T29495] do_syscall_64+0xb6/0x160 [ 1699.928943][T29495] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1699.934861][T29495] RIP: 0033:0x459f39 [ 1699.938783][T29495] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1699.958418][T29495] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1699.966867][T29495] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1699.974855][T29495] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1699.982844][T29495] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1699.990842][T29495] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1699.998835][T29495] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1700.084158][T27852] usb 2-1: new high-speed USB device number 19 using dummy_hcd 15:30:32 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f0000000000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x22000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext={0x82a}}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) ioctl$SCSI_IOCTL_START_UNIT(0xffffffffffffffff, 0x5) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:30:32 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x0, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:30:32 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x10, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1700.364126][T27852] usb 2-1: device descriptor read/64, error 18 15:30:32 executing program 3: sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000289000)={&(0x7f0000000040), 0xc, &(0x7f0000058000)={&(0x7f000023f000)=ANY=[@ANYBLOB="840008000000000000bd7000ffffffff0000dffc0c00000000000000000000005b659a62290ffc380c2dbfdc5e9f13e1a04810d464fbc3f4c1b4e2bf501fb1bb949869c2984d914d9f04005e4fcd4dd3050bc1700612dbc3080c91745fa158cf0d70309f7f1969136edfd73294c0356675ffff00000300a492bb5bb20ecc841f8f4c"], 0x82}}, 0x0) sendmsg$nl_netfilter(0xffffffffffffffff, &(0x7f0000289000)={&(0x7f0000000000), 0xc, &(0x7f0000000040)={&(0x7f000023f000)=ANY=[@ANYBLOB="840000000000000000000000000000000000ffff"], 0x14}}, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000020, &(0x7f000023f000)=0xa, 0x20b) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$inet6_MRT6_ADD_MFC(r0, 0x29, 0xcc, &(0x7f00000000c0)={{0xa, 0x4e20, 0x1, @remote, 0x2}, {0xa, 0x4e21, 0x79, @mcast2, 0x7fff}, 0x1, [0x0, 0x1, 0x200, 0x8000, 0x1ff, 0x2, 0x4cb5, 0x2]}, 0x5c) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$PPPIOCGIDLE(r2, 0x8010743f, &(0x7f0000000080)) 15:30:32 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) r1 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/vga_arbiter\x00', 0x103800, 0x0) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x2, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000001, 0x0, @perf_config_ext, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, 0x0, 0xffffffffffffffff, r1, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) r2 = openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) r3 = socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) ioctl$sock_inet_tcp_SIOCOUTQ(r3, 0x5411, &(0x7f0000000080)) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r4, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) ioctl$VIDIOC_QUERYCAP(r2, 0x80685600, &(0x7f0000000000)) [ 1700.754191][T27852] usb 2-1: device descriptor read/64, error 18 [ 1701.022048][T27852] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 1701.292067][T27852] usb 2-1: device descriptor read/64, error 18 [ 1701.681964][T27852] usb 2-1: device descriptor read/64, error 18 [ 1701.802239][T27852] usb usb2-port1: attempt power cycle [ 1702.022305][T19754] Bluetooth: hci0: command 0x1003 tx timeout [ 1702.028663][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1702.512104][T27852] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 1702.781941][T27852] usb 2-1: device descriptor read/64, error 18 [ 1703.222302][ C1] net_ratelimit: 20 callbacks suppressed [ 1703.222325][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1703.234338][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1703.240737][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1703.247037][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1703.622137][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1703.628240][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1703.634793][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1703.640790][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1703.647233][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1703.653270][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1704.102097][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1704.108344][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1706.181890][T19754] Bluetooth: hci0: command 0x1009 tx timeout [ 1709.462399][ C1] net_ratelimit: 20 callbacks suppressed [ 1709.462423][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1709.474449][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1709.480846][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1709.487055][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1709.862335][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1709.868397][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1709.874802][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1709.880799][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1709.887177][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1709.893356][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:30:42 executing program 4 (fault-call:5 fault-nth:38): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:30:42 executing program 3: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46d, 0xc626, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x6}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x6}, 0x0}, 0x0) r1 = msgget$private(0x0, 0x0) msgsnd(r1, &(0x7f0000000a00)=ANY=[@ANYRESHEX], 0x1, 0x0) msgrcv(r1, &(0x7f0000001a80)={0x0, ""/4096}, 0x1008, 0x0, 0x0) msgsnd(r1, &(0x7f0000000200)=ANY=[@ANYBLOB="02"], 0x1, 0x0) msgrcv(r1, &(0x7f0000000800)=ANY=[@ANYRES64], 0x1, 0x2, 0x2000) msgsnd(r1, &(0x7f00000006c0)=ANY=[@ANYRESOCT=0x0], 0x1, 0x0) msgsnd(r1, &(0x7f00000000c0)={0x0, "2a7c37d37942766467306e3c4d325e1520e8c99ec4d7c9bf0dbcaac60b821d25eafe64bca9219b14ae86c309d466b8b770576f44601773f19968b45030c882fb73f49901b69a332a7d4557275d742e013237acbf5e791072ddb035d25bc5592ba0ce61c54817a760bf2cb10054819cde50f1e6029737"}, 0x7e, 0x800) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = fcntl$dupfd(r3, 0x0, r2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r6 = dup(r5) ioctl$PERF_EVENT_IOC_ENABLE(r6, 0x8912, 0x400200) getsockopt$inet_tcp_TCP_REPAIR_WINDOW(r6, 0x6, 0x1d, &(0x7f0000000000), &(0x7f0000000140)=0x14) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 15:30:42 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') syz_open_dev$radio(&(0x7f0000000000)='/dev/radio#\x00', 0x2, 0x2) preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:30:42 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x10, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:30:42 executing program 1: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) r2 = openat$urandom(0xffffffffffffff9c, &(0x7f0000000080)='/dev/urandom\x00', 0x82, 0x0) r3 = gettid() process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) fcntl$setownex(r2, 0xf, &(0x7f00000000c0)={0x0, r3}) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$KVM_X86_SET_MCE(r1, 0x4040ae9e, &(0x7f0000000040)={0x8080000000000000, 0x4, 0x200, 0x3, 0x20}) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:30:42 executing program 5: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) openat(r3, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) r4 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) [ 1710.652716][T29533] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1710.661977][T29533] FAULT_INJECTION: forcing a failure. [ 1710.661977][T29533] name failslab, interval 1, probability 0, space 0, times 0 [ 1710.674821][T29533] CPU: 0 PID: 29533 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1710.683635][T29533] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1710.693731][T29533] Call Trace: [ 1710.697084][T29533] dump_stack+0x191/0x1f0 [ 1710.701492][T29533] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1710.707460][T29533] should_fail+0xa3f/0xa50 [ 1710.711976][T29533] __should_failslab+0x264/0x280 [ 1710.716988][T29533] should_failslab+0x29/0x70 [ 1710.721633][T29533] __kmalloc+0xae/0x430 [ 1710.725857][T29533] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1710.731805][T29533] ? kzalloc+0x53/0xb0 [ 1710.735943][T29533] kzalloc+0x53/0xb0 [ 1710.739900][T29533] rfkill_alloc+0x194/0x590 [ 1710.744486][T29533] hci_register_dev+0x6aa/0xfd0 [ 1710.749404][T29533] hci_uart_tty_ioctl+0xe61/0x1140 [ 1710.754555][T29533] ? hci_uart_tty_write+0x30/0x30 [ 1710.759613][T29533] tty_ioctl+0x23e2/0x3100 [ 1710.764891][T29533] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1710.770814][T29533] ? tty_do_resize+0x230/0x230 [ 1710.775615][T29533] do_vfs_ioctl+0xea8/0x2c50 [ 1710.780274][T29533] ? security_file_ioctl+0x1bd/0x200 [ 1710.785596][T29533] __se_sys_ioctl+0x1da/0x270 [ 1710.790310][T29533] __x64_sys_ioctl+0x4a/0x70 [ 1710.797103][T29533] do_syscall_64+0xb6/0x160 [ 1710.801641][T29533] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1710.807545][T29533] RIP: 0033:0x459f39 [ 1710.811473][T29533] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1710.831095][T29533] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1710.839535][T29533] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 15:30:42 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x200000) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1710.847534][T29533] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1710.855522][T29533] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1710.863507][T29533] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1710.871502][T29533] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 15:30:43 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) r1 = epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) ioctl$sock_inet6_udp_SIOCINQ(r1, 0x541b, &(0x7f0000000000)) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r2, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1711.031939][T19754] usb 4-1: new high-speed USB device number 54 using dummy_hcd 15:30:43 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) geteuid() socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) dup(r4) ioctl$EXT4_IOC_ALLOC_DA_BLKS(r4, 0x660c) preadv(r3, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1711.182261][T27852] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 1711.288450][T19754] usb 4-1: Using ep0 maxpacket: 8 [ 1711.422513][T27852] usb 2-1: Using ep0 maxpacket: 16 [ 1711.434558][T19754] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1711.445967][T19754] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1711.458978][T19754] usb 4-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.40 [ 1711.468474][T19754] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1711.545264][T19754] usb 4-1: config 0 descriptor?? [ 1711.562511][T27852] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1711.573709][T27852] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 15:30:43 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x10, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1711.586778][T27852] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1711.596445][T27852] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1711.609414][T27852] usb 2-1: config 0 descriptor?? 15:30:43 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$EVIOCSABS2F(r3, 0x401845ef, &(0x7f00000000c0)={0x15, 0x80, 0x983e, 0x5, 0x92b, 0x4}) r4 = dup(r1) ioctl$KVM_GET_REG_LIST(0xffffffffffffffff, 0xc008aeb0, &(0x7f0000000040)=ANY=[@ANYBLOB="0a00000000000000ff160000000000003f000000040000000000000300000000000000000000000000000000000000000000000300000059b0000005000000000000000300"/88]) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$SIOCGETNODEID(r4, 0x89e1, &(0x7f0000000000)) r5 = epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r7 = dup(r6) ioctl$PERF_EVENT_IOC_ENABLE(r7, 0x8912, 0x400200) epoll_ctl$EPOLL_CTL_ADD(r7, 0x1, r5, &(0x7f00000001c0)={0x11}) r8 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r8, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:30:44 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) syz_open_dev$mouse(&(0x7f0000000000)='/dev/input/mouse#\x00', 0x3, 0x85302eb6f861ad00) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) openat$pidfd(0xffffffffffffff9c, &(0x7f00000001c0)='/proc/self\x00', 0xa4100, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) setsockopt$inet_sctp_SCTP_SET_PEER_PRIMARY_ADDR(r2, 0x84, 0x5, &(0x7f0000000040)={0x0, @in={{0x2, 0x4e21, @empty}}}, 0x84) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r3, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1712.025690][T19754] logitech 0003:046D:C626.004C: unknown main item tag 0x0 [ 1712.033119][T19754] logitech 0003:046D:C626.004C: unknown main item tag 0x0 [ 1712.040440][T19754] logitech 0003:046D:C626.004C: unknown main item tag 0x0 [ 1712.047943][T19754] logitech 0003:046D:C626.004C: unknown main item tag 0x0 [ 1712.055354][T19754] logitech 0003:046D:C626.004C: unknown main item tag 0x0 [ 1712.062845][T19754] logitech 0003:046D:C626.004C: unknown main item tag 0x0 [ 1712.073986][T19754] logitech 0003:046D:C626.004C: hidraw0: USB HID v0.00 Device [HID 046d:c626] on usb-dummy_hcd.3-1/input0 [ 1712.331203][T28149] usb 4-1: USB disconnect, device number 54 [ 1712.354309][T27852] usbhid 2-1:0.0: can't add hid device: -71 [ 1712.361298][T27852] usbhid: probe of 2-1:0.0 failed with error -71 [ 1712.388746][T27852] usb 2-1: USB disconnect, device number 22 [ 1712.901903][T28149] Bluetooth: hci0: command 0x1003 tx timeout [ 1712.908155][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1713.082034][T19754] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 1713.111965][T27852] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 1713.342021][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1713.351944][T27852] usb 4-1: Using ep0 maxpacket: 8 [ 1713.473417][T27852] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1713.482246][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1713.484505][T27852] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1713.495639][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1713.508854][T27852] usb 4-1: New USB device found, idVendor=046d, idProduct=c626, bcdDevice= 0.40 [ 1713.521425][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1713.530498][T27852] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1713.539640][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1713.558372][T19754] usb 2-1: config 0 descriptor?? [ 1713.582736][T27852] usb 4-1: config 0 descriptor?? [ 1713.972301][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1713.978525][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1713.987577][T27852] usbhid 4-1:0.0: can't add hid device: -71 [ 1713.987691][T19754] usb 2-1: USB disconnect, device number 23 [ 1713.993889][T27852] usbhid: probe of 4-1:0.0 failed with error -71 [ 1714.012600][T27852] usb 4-1: USB disconnect, device number 55 [ 1714.982115][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1714.991858][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1715.702556][ C1] net_ratelimit: 20 callbacks suppressed [ 1715.702578][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1715.714609][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1715.721117][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1715.727397][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1716.102461][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1716.109225][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1716.115872][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1716.122440][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1716.129488][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1716.135779][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1717.061981][T19754] Bluetooth: hci0: command 0x1009 tx timeout 15:30:53 executing program 4 (fault-call:5 fault-nth:39): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:30:53 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) lsetxattr(&(0x7f00000000c0)='./file0\x00', &(0x7f00000001c0)=@random={'user.', '/dev/qat_adf_ctl\x00'}, &(0x7f0000000200)='cgroup\x00', 0x7, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) r1 = openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000)='/dev/qat_adf_ctl\x00', 0x16f80, 0x0) ioctl$KDGKBMODE(r1, 0x4b44, &(0x7f0000000040)) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000080)='/dev/dlm_plock\x00', 0x101800, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r3, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:30:53 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:30:53 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000040)='/dev/audio#\x00', 0x0, 0x101000) getsockopt$bt_BT_DEFER_SETUP(r1, 0x112, 0x7, &(0x7f0000000080)=0x1, &(0x7f00000000c0)=0x4) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:30:53 executing program 3: r0 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$PERF_EVENT_IOC_ENABLE(r0, 0x8912, 0x400200) r1 = syz_open_dev$video(&(0x7f0000000100)='/dev/video#\x00', 0x100000000, 0x200000) ioctl$VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f0000000140)={0x101, 0x0, 0x2}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newlink={0x48, 0x10, 0x705, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14408}, [@IFLA_LINKINFO={0x28, 0x12, @veth={{0xc, 0x1, 'veth\x00'}, {0x18, 0x2, @VETH_INFO_PEER={0x14, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x200}}}}}]}, 0x48}}, 0x0) 15:30:53 executing program 5: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) openat(r3, &(0x7f0000000040)='./file0\x00', 0xc02, 0x40) r4 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) [ 1721.525570][T29575] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1721.534845][T29575] FAULT_INJECTION: forcing a failure. [ 1721.534845][T29575] name failslab, interval 1, probability 0, space 0, times 0 [ 1721.547953][T29575] CPU: 0 PID: 29575 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1721.555912][T29575] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1721.566007][T29575] Call Trace: [ 1721.569360][T29575] dump_stack+0x191/0x1f0 [ 1721.573785][T29575] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1721.579749][T29575] should_fail+0xa3f/0xa50 [ 1721.584246][T29575] __should_failslab+0x264/0x280 [ 1721.589768][T29575] should_failslab+0x29/0x70 [ 1721.594416][T29575] __kmalloc_track_caller+0x1ad/0xea0 [ 1721.599849][T29575] ? kvasprintf_const+0x134/0x390 [ 1721.604967][T29575] kvasprintf+0x169/0x350 [ 1721.609380][T29575] kvasprintf_const+0x134/0x390 [ 1721.614653][T29575] kobject_set_name_vargs+0x11f/0x380 [ 1721.620088][T29575] dev_set_name+0x202/0x250 [ 1721.624667][T29575] ? kmsan_internal_set_origin+0x6a/0xb0 [ 1721.630389][T29575] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1721.636345][T29575] rfkill_register+0x182/0x1410 [ 1721.641265][T29575] hci_register_dev+0x727/0xfd0 [ 1721.646198][T29575] hci_uart_tty_ioctl+0xe61/0x1140 [ 1721.651378][T29575] ? hci_uart_tty_write+0x30/0x30 [ 1721.656460][T29575] tty_ioctl+0x23e2/0x3100 [ 1721.660965][T29575] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1721.666918][T29575] ? tty_do_resize+0x230/0x230 [ 1721.671843][T29575] do_vfs_ioctl+0xea8/0x2c50 [ 1721.676601][T29575] ? security_file_ioctl+0x1bd/0x200 [ 1721.681955][T29575] __se_sys_ioctl+0x1da/0x270 [ 1721.686705][T29575] __x64_sys_ioctl+0x4a/0x70 [ 1721.691379][T29575] do_syscall_64+0xb6/0x160 [ 1721.695949][T29575] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1721.702837][T29575] RIP: 0033:0x459f39 [ 1721.706787][T29575] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 15:30:53 executing program 3: r0 = syz_open_dev$binderN(&(0x7f0000000000)='/dev/binder#\x00', 0x0, 0x0) ioctl$BINDER_THREAD_EXIT(r0, 0xc0046209, 0x7ffffffff000) [ 1721.726435][T29575] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1721.734908][T29575] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1721.743445][T29575] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1721.752420][T29575] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1721.760438][T29575] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1721.768451][T29575] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 15:30:53 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) write$P9_RCREATE(0xffffffffffffffff, &(0x7f0000000000)={0x18, 0x73, 0x1, {{0x4, 0x3, 0x3}, 0x9}}, 0x18) [ 1721.840498][T29581] binder: 29580:29581 ioctl c0046209 7ffffffff000 returned -22 15:30:54 executing program 3: socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) ioctl$TIOCSIG(r1, 0x40045436, 0x2f) syz_emit_ethernet(0x4e, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c2000000aaaaaaaaaaaa86dd6076605100183afffe880000000000100000000012000001ff020000e700000000000000000000018800907800000000ff020000000000000000000000000001"], 0x0) [ 1721.933654][T19754] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 1721.942479][ C1] net_ratelimit: 20 callbacks suppressed [ 1721.942499][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1721.954560][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1721.961048][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1721.967334][ C1] protocol 88fb is buggy, dev hsr_slave_1 15:30:54 executing program 3: r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000040)="11dca50d5e0bcfe47bf070") r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000001c0)={0x24, 0x27, 0x847, 0x200, 0x0, {0x2804}, [@typed={0xffffffffffffff92, 0x18, @str='\x01\xac\x0f\x00\x06\xac\x0f\x00\r\xac\x0f\x00'}]}, 0x24}, 0x1, 0x0, 0x0, 0x80c0}, 0x0) 15:30:54 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) bind$vsock_stream(r2, &(0x7f0000000000)={0x28, 0x0, 0x2711, @my=0x1}, 0x10) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) r3 = syz_open_dev$swradio(&(0x7f0000000040)='/dev/swradio#\x00', 0x1, 0x2) ioctl$SCSI_IOCTL_PROBE_HOST(r3, 0x5385, &(0x7f0000000080)={0x35, ""/53}) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r4, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:30:54 executing program 3: syz_usb_connect(0x5, 0x0, &(0x7f0000000280)=ANY=[], 0x0) fsopen(&(0x7f0000000000)='cramfs\x00', 0x1) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) [ 1722.220978][T19754] usb 2-1: Using ep0 maxpacket: 16 [ 1722.342438][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1722.348820][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1722.352696][T19754] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1722.355326][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1722.365762][T19754] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1722.371985][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1722.385115][T19754] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1722.391294][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1722.399916][T19754] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1722.406012][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1722.482615][T19754] usb 2-1: config 0 descriptor?? [ 1723.232517][T19754] usbhid 2-1:0.0: can't add hid device: -71 [ 1723.238901][T19754] usbhid: probe of 2-1:0.0 failed with error -71 [ 1723.248038][T19754] usb 2-1: USB disconnect, device number 24 [ 1723.782049][T19765] Bluetooth: hci0: command 0x1003 tx timeout [ 1723.788417][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1723.942283][T19765] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 1724.192100][T19765] usb 2-1: Using ep0 maxpacket: 16 [ 1724.312399][T19765] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1724.323628][T19765] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1724.336857][T19765] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1724.346435][T19765] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1724.361562][T19765] usb 2-1: config 0 descriptor?? [ 1724.772480][T19765] usbhid 2-1:0.0: can't add hid device: -71 [ 1724.779137][T19765] usbhid: probe of 2-1:0.0 failed with error -71 [ 1724.791282][T19765] usb 2-1: USB disconnect, device number 25 [ 1725.861923][T19765] Bluetooth: hci0: command 0x1001 tx timeout [ 1725.868202][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1727.941972][T19765] Bluetooth: hci0: command 0x1009 tx timeout [ 1728.182298][ C1] net_ratelimit: 20 callbacks suppressed [ 1728.182322][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1728.194574][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1728.200961][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1728.207268][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1728.582375][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1728.588424][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1728.594813][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1728.600953][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1728.607652][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1728.613963][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:31:04 executing program 4 (fault-call:5 fault-nth:40): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:31:04 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x2000, 0x1c, &(0x7f00008d6000/0x2000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext, 0x4}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:31:04 executing program 3: r0 = socket(0xa, 0x1, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) r3 = gettid() process_vm_writev(r3, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000), 0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYRESDEC=r3, @ANYRES32=r2, @ANYBLOB="0800080000f200001400020000000000000000000000796eb54e71452b248ca206ba00ff7f0000011400010000f70000000000000000ffffac1e00011400060000001000090000000000000000008500908fca2f6bbad955dddf31f5acf44cf9ddd8e0197b709b1f183fdf1a08000000b72c0000000000000100ea594cd7701c792df2e0390bd0d9003c4cc4525891906525c49f59b189e39c0cb908aa8ead8bfe85ba8c714a9ce791f37e9712ab8c00dd594b9ff24505c26282705b4a04e8e1d3272681d7cb4141cbf2f823b6eb299d53e312390dedcbf8f2c964048b11e4b95b8d498e45791e49592bca3ff7e506f043910368e2b60b052b6bf94605f527024b1de51d2edd53fa1b17443a2ccb9b3f2a7e89f87acd1485716276019d12b6ffe32c213aebf98032659e0bb60425dd03b81a93eb827fdf13e5209831ab2049385c1a8c65a017a4e9e044889a3d97722524bfd953ad8099c8d58d1d03636ec4d18707d208e0f58f4ae69035c22047f1716c1b312625943805bae22e8c3eda0684ffb2"], 0x3}, 0x1, 0x0, 0x0, 0x40040}, 0x0) 15:31:04 executing program 5: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$HIDIOCGCOLLECTIONINDEX(0xffffffffffffffff, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) r4 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 15:31:04 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:31:04 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = syz_open_dev$media(&(0x7f00000000c0)='/dev/media#\x00', 0x800, 0x40000) ioctl$CAPI_REGISTER(r3, 0x400c4301, &(0x7f0000000100)={0x9, 0x100, 0x2}) ioctl$KVM_ARM_SET_DEVICE_ADDR(r2, 0x4010aeab, &(0x7f0000000040)={0x200, 0x6000}) write$cgroup_int(r2, &(0x7f0000000080)=0x9, 0x12) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f00000002c0)=ANY=[@ANYBLOB='\x00'], 0x0, 0x0, 0x0, 0x0}, 0x0) [ 1732.430820][T29619] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1732.440207][T29619] FAULT_INJECTION: forcing a failure. [ 1732.440207][T29619] name failslab, interval 1, probability 0, space 0, times 0 [ 1732.453162][T29619] CPU: 1 PID: 29619 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1732.461115][T29619] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1732.471307][T29619] Call Trace: [ 1732.474724][T29619] dump_stack+0x191/0x1f0 [ 1732.479128][T29619] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1732.485095][T29619] should_fail+0xa3f/0xa50 [ 1732.489601][T29619] __should_failslab+0x264/0x280 [ 1732.494593][T29619] should_failslab+0x29/0x70 [ 1732.499218][T29619] __kmalloc_track_caller+0x1ad/0xea0 [ 1732.504628][T29619] ? kmsan_get_metadata+0x39/0x350 [ 1732.509788][T29619] ? __kernfs_new_node+0x125/0xb70 [ 1732.514934][T29619] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1732.520863][T29619] ? strlen+0x51/0x90 [ 1732.524880][T29619] kstrdup_const+0x157/0x260 [ 1732.529509][T29619] __kernfs_new_node+0x125/0xb70 [ 1732.534483][T29619] ? number+0x1b37/0x1e40 [ 1732.538871][T29619] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1732.544809][T29619] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1732.550731][T29619] kernfs_create_dir_ns+0x1f2/0x5b0 [ 1732.555977][T29619] sysfs_create_dir_ns+0x259/0x600 [ 1732.561141][T29619] kobject_add_internal+0xd2e/0x18d0 [ 1732.566467][T29619] kobject_add+0x311/0x4e0 [ 1732.570930][T29619] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1732.577029][T29619] ? get_device_parent+0x2de/0xaa0 [ 1732.582172][T29619] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1732.588087][T29619] device_add+0xb1c/0x2df0 [ 1732.592555][T29619] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1732.598495][T29619] rfkill_register+0x37b/0x1410 [ 1732.603385][T29619] hci_register_dev+0x727/0xfd0 [ 1732.608281][T29619] hci_uart_tty_ioctl+0xe61/0x1140 [ 1732.613428][T29619] ? hci_uart_tty_write+0x30/0x30 [ 1732.618478][T29619] tty_ioctl+0x23e2/0x3100 [ 1732.622960][T29619] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1732.628897][T29619] ? tty_do_resize+0x230/0x230 [ 1732.633706][T29619] do_vfs_ioctl+0xea8/0x2c50 [ 1732.638337][T29619] ? security_file_ioctl+0x1bd/0x200 [ 1732.644095][T29619] __se_sys_ioctl+0x1da/0x270 [ 1732.648811][T29619] __x64_sys_ioctl+0x4a/0x70 [ 1732.653430][T29619] do_syscall_64+0xb6/0x160 [ 1732.658664][T29619] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1732.664574][T29619] RIP: 0033:0x459f39 [ 1732.668502][T29619] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1732.688134][T29619] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1732.696585][T29619] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1732.704596][T29619] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1732.712584][T29619] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1732.720570][T29619] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 15:31:04 executing program 3: r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = getpgrp(0x0) ptrace$getenv(0x4201, r2, 0x0, &(0x7f0000000000)) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000840)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000000c0)=@newsa={0x184, 0x10, 0x40d, 0x0, 0x0, {{@in=@multicast1, @in6=@mcast2}, {@in6=@loopback, 0x0, 0x6c}, @in6=@ipv4={[], [], @multicast2}, {}, {}, {}, 0x0, 0x0, 0xa}, [@algo_aead={0x4c, 0x12, {{'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}}}, @algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x184}}, 0x0) 15:31:04 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) r1 = add_key$user(&(0x7f0000000000)='user\x00', &(0x7f0000000040)={'syz'}, &(0x7f0000000180)="d38100ffe6002b452b7b4f0a7ff32588e4b3a5e608000000", 0x18, 0xfffffffffffffffe) r2 = add_key$user(&(0x7f00000003c0)='user\x00', &(0x7f0000000440)={'syz'}, &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000400)={r1, r2, r1}, &(0x7f0000000500)=""/83, 0xfffffef6, 0x0) lstat(&(0x7f0000000040)='./file0\x00', &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0}) r4 = add_key$keyring(&(0x7f0000000200)='keyring\x00', &(0x7f0000000280)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) add_key$keyring(&(0x7f0000000300)='keyring\x00', &(0x7f00000002c0)={'syz', 0x1}, 0x0, 0x0, r4) r5 = add_key(0x0, &(0x7f0000000700)={'syz', 0x1}, &(0x7f0000000740), 0x0, r4) keyctl$chown(0x4, r5, r3, 0x0) r6 = add_key(&(0x7f0000000000)='cifs.spnego\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f00000001c0)="0ef746bb774627a277d33fd2d13c3de4da4042fe39e77671edb2ec098ddf60d8e5f3b030b7137db6147a6c0a092e60c339d3699a376369832534b4fd8defd02eecff62884b7a51cdcf1b18357cfb0ce54ff4494eb24dde24fb1f2a1bab97e4c14d196fe55504d060cf850cb0a7e0a3282636ae7f5e07dd684d7a9fed11b64ed45e3d209ab14a7fcceedab7a98764575419f162186d3f0d1ddeb4b772082a5722846288bba807f241a12d35204e57594513db91ad6a52bf9313bcbd1f", 0xbc, r5) keyctl$link(0x8, r2, r6) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x104) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r7, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1732.730751][T29619] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1732.740552][T29619] kobject_add_internal failed for rfkill105 (error: -12 parent: hci0) 15:31:04 executing program 3: clone(0x8000, &(0x7f0000000040)="91dae519496ddc4b7258d9c15ee0a26bb92af3867f69d58b63502e8c9e", &(0x7f0000000080), &(0x7f00000000c0), &(0x7f0000000140)="e4e7e25af6f266f0e04a36477f") r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl(r0, 0x1000008912, &(0x7f0000000100)="11dca50d5e0bcfe47bf070") r1 = socket$netlink(0x10, 0x3, 0x0) setrlimit(0xf, &(0x7f0000000000)={0x4, 0x8}) sendmsg$nl_route(r1, &(0x7f00000087c0)={0x0, 0x0, &(0x7f0000008780)={&(0x7f00000086c0)=@newlink={0x40, 0x10, 0x505, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x20, 0x12, @erspan={{0xc, 0x1, 'erspan\x00'}, {0x10, 0x2, [@gre_common_policy=[@IFLA_GRE_COLLECT_METADATA={0x4}, @IFLA_GRE_IFLAGS={0x8, 0x5}]]}}}]}, 0x40}}, 0x0) [ 1732.822250][T27852] usb 2-1: new high-speed USB device number 26 using dummy_hcd 15:31:05 executing program 0: r0 = open(&(0x7f0000000000)='./file0\x00', 0x0, 0x4) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040)='/dev/null\x00', 0x2, 0x0) ioctl$sock_kcm_SIOCKCMATTACH(0xffffffffffffffff, 0x89e0, &(0x7f0000000080)={r0, r1}) r2 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r2, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) sendmsg$kcm(r1, &(0x7f0000000a40)={&(0x7f00000001c0)=@rc={0x1f, {0x9, 0x3f, 0xff, 0x4, 0x6, 0x2}, 0x4}, 0x80, &(0x7f00000006c0), 0x0, &(0x7f0000000240), 0x2f8}, 0xc009) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = dup(r3) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VFIO_IOMMU_UNMAP_DMA(r4, 0x3b72, &(0x7f00000000c0)={0x20, 0x2, 0x9, 0x0, 0x5}) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r5, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1733.062255][T27852] usb 2-1: Using ep0 maxpacket: 16 15:31:05 executing program 3: r0 = syz_usb_connect(0x0, 0x24f, &(0x7f0000001740)={{0x12, 0x1, 0x0, 0xfb, 0xb9, 0x30, 0x10, 0x424, 0x9d00, 0xb49, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x7b, 0x68, 0xd8}}]}}]}}, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000380)={0x34, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000007c0)={0x44, &(0x7f0000000940), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000440)={0x34, &(0x7f00000001c0)=ANY=[@ANYBLOB="01002f"], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) write$P9_RCLUNK(r3, &(0x7f0000000040)={0x7, 0x79, 0x1}, 0x7) r4 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) ioctl$VIDIOC_TRY_DECODER_CMD(r4, 0xc0485661, &(0x7f00000000c0)={0x2, 0x1, @stop_pts=0x8}) syz_usb_control_io$printer(r0, 0x0, 0x0) r5 = gettid() process_vm_writev(r5, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) r6 = gettid() process_vm_writev(r6, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/231, 0xffffff4e}], 0x23a, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000080)=ANY=[@ANYRES64=r6], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000005c0)={0xfffffffffffffd42, &(0x7f00000002c0)={0x0, 0x0, 0xd0}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = dup(r7) ioctl$PERF_EVENT_IOC_ENABLE(r8, 0x8912, 0x400200) ioctl$KVM_ENABLE_CAP_CPU(r8, 0x4068aea3, &(0x7f0000000200)={0x7b, 0x0, [0x7, 0x12000000, 0x10001, 0x3]}) [ 1733.182675][T27852] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1733.193769][T27852] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1733.206812][T27852] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1733.216021][T27852] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 15:31:05 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x81) ioctl$KVM_RUN(r4, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r4, 0x4040aea0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x81) ioctl$KVM_RUN(r7, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1733.408230][T27852] usb 2-1: config 0 descriptor?? [ 1733.584344][T19765] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 1733.833315][T19765] usb 4-1: Using ep0 maxpacket: 16 [ 1733.954084][T19765] usb 4-1: New USB device found, idVendor=0424, idProduct=9d00, bcdDevice= b.49 [ 1733.963530][T19765] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1733.976212][T19765] usb 4-1: config 0 descriptor?? [ 1734.002409][T27852] usbhid 2-1:0.0: can't add hid device: -71 [ 1734.008703][T27852] usbhid: probe of 2-1:0.0 failed with error -71 [ 1734.018586][T27852] usb 2-1: USB disconnect, device number 26 [ 1734.422451][ C1] net_ratelimit: 20 callbacks suppressed [ 1734.422472][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1734.434714][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1734.441057][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1734.447427][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1734.822169][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1734.828216][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1734.832333][T19754] Bluetooth: hci0: command 0x1003 tx timeout [ 1734.834623][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1734.840115][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1734.846560][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1734.858959][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1734.865374][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1736.902340][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1736.908661][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1737.254861][T19765] smscufx: Failed to read register index 0x0000700c [ 1737.261509][T19765] smscufx: ufx_reg_clear_and_set_bits error reading 0x700c [ 1737.261523][T19765] smscufx: error clearing output gate in 0x700C [ 1737.268827][T19765] smscufx: error -71 configuring system clock [ 1737.276451][T19765] smscufx: probe of 4-1:0.0 failed with error -71 [ 1737.306199][T19765] usb 4-1: USB disconnect, device number 56 [ 1738.982629][T19765] Bluetooth: hci0: command 0x1009 tx timeout [ 1740.662316][ C1] net_ratelimit: 20 callbacks suppressed [ 1740.662330][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1740.674187][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1740.680629][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1740.686881][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1741.062408][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1741.068468][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1741.074947][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1741.080970][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1741.087317][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1741.093483][ C0] protocol 88fb is buggy, dev hsr_slave_1 15:31:15 executing program 4 (fault-call:5 fault-nth:41): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = dup(r0) ioctl$PERF_EVENT_IOC_ENABLE(r1, 0x8912, 0x400200) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000280)='/dev/ptmx\x00', 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0xf) ioctl$KDADDIO(r2, 0x400455c8, 0x1) 15:31:15 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) ioctl$VIDIOC_QUERYSTD(r2, 0x8008563f, &(0x7f0000000000)) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r3, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) 15:31:15 executing program 1: r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x5a4, 0x8003, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x9, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0xab}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x1a34, 0x802, 0x40, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x1, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x1}}}}]}}]}}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$SG_GET_VERSION_NUM(r3, 0x2282, &(0x7f0000000100)) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, &(0x7f00000002c0)={0x2c, &(0x7f00000000c0)={0x0, 0x0, 0x2, {0x2}}, 0x0, 0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = dup(r4) ioctl$PERF_EVENT_IOC_ENABLE(r5, 0x8912, 0x400200) ioctl$KVM_ASSIGN_PCI_DEVICE(r5, 0x8040ae69, &(0x7f0000000300)={0x7ae, 0x80000001, 0x2, 0x2, 0x1}) syz_usb_connect$cdc_ncm(0x1, 0x70, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5e, 0x2, 0x1, 0x80, 0x10, 0x4, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x20, {{0x7, 0x24, 0x6, 0x0, 0x1, "af10"}, {0x5, 0x24, 0x0, 0xeea}, {0xd, 0x24, 0xf, 0x1, 0x1, 0xe6, 0x5, 0x1f}, {0x6, 0x24, 0x1a, 0x3f, 0x1}}, {{0x9, 0x5, 0x81, 0x3, 0x1dc, 0x3f, 0x80, 0x81}}}, {0x9, 0x4, 0x1, 0x0, 0x0, 0x2, 0xd, 0x0, 0xb6}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x5, "", {{{0x9, 0x5, 0x82, 0x2, 0x330, 0x9, 0x4, 0x7}}, {{0x9, 0x5, 0x3, 0x2, 0x3c8, 0x0, 0x8, 0xff}}}}}}}]}}, &(0x7f0000000200)=ANY=[@ANYBLOB='\n\x00\x00\x00', @ANYPTR=&(0x7f0000000500)=ANY=[@ANYBLOB="084d429693e8f2b30af807570ae950b797f290e83d0a300d81f293"], @ANYBLOB='D\x00\x00\x00', @ANYPTR=&(0x7f0000000140)=ANY=[@ANYBLOB="050f4400060b1001048000000cffff000c100a09a000000008f006000a100302020020000800071002080c040014100401d4473a11e17b8d2346be21acd09be4d203100b"], @ANYBLOB="0100000004000000", @ANYPTR=&(0x7f00000001c0)=ANY=[@ANYBLOB="04030120"]]) r6 = syz_usb_connect$uac1(0x0, 0x11c, &(0x7f0000000540)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0xff, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x10a, 0x3, 0x1, 0x4, 0x30, 0x5, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0xcc, {{0xa, 0x24, 0x1, 0x6, 0x2}, [@input_terminal={0xc, 0x24, 0x2, 0x2, 0x100, 0x2, 0x5, 0x1, 0x51, 0x81}, @extension_unit={0xd, 0x24, 0x8, 0x3, 0x3f, 0xff, "a076c01fac42"}, @feature_unit={0xf, 0x24, 0x6, 0x4, 0x4, 0x4, [0x9, 0xa, 0x7, 0x4], 0x9}, @processing_unit={0xa, 0x24, 0x7, 0x2, 0x6, 0x5, 'uD*'}, @feature_unit={0x11, 0x24, 0x6, 0x6, 0x1, 0x5, [0x9, 0x8, 0x9, 0x2, 0xa], 0x8}, @input_terminal={0x0, 0x24, 0x2, 0x6, 0x202, 0x2, 0x3, 0x81, 0x20, 0x6}]}}, {0x9, 0x4, 0x1, 0x0, 0x0, 0x1, 0x2, 0x0, 0x4}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x5, {[@format_type_i_discrete={0x11, 0x24, 0x2, 0x1, 0x5, 0x2, 0x5, 0xe2, "b3b20d81e1f262aeb7"}, @as_header={0x7, 0x24, 0x1, 0x5, 0x1f}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0xc1, 0x2, 0x8, 0x8, "", "dd42ee"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x40, 0x4, 0xff, 0x46, "", "c6b8b3"}, @format_type_ii_discrete={0x10, 0x24, 0x2, 0x2, 0x7, 0x2e5, 0x0, "121ff5d40f6ab6"}]}, {{0x9, 0x5, 0x1, 0x9, 0x395, 0x3, 0x6, 0xb1, {0x7, 0x25, 0x1, 0x3, 0xff, 0x101}}}}, {0x9, 0x4, 0x2, 0x0, 0x0, 0x1, 0x2, 0x0, 0xfd}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x9e, {[@format_type_i_continuous={0x8, 0x24, 0x2, 0x1, 0xea, 0x4, 0x3, 0x8}, @format_type_ii_discrete={0x11, 0x24, 0x2, 0x2, 0x8, 0x72, 0x8, "cb905fbaa5028807"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x81, 0x3, 0x20, 0x3, 'I', "d3b4"}]}, {{0x9, 0x5, 0x82, 0x9, 0x49, 0x82, 0x1, 0x1, {0x7, 0x25, 0x1, 0x2, 0xf5, 0x38}}}}}}}]}}, &(0x7f00000004c0)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x200, 0x3, 0x5b, 0x7f, 0x0, 0x7}, 0x3b, &(0x7f0000000440)={0x5, 0xf, 0x3b, 0x5, [@ext_cap={0x7, 0x10, 0x2, 0x4, 0x9, 0x7, 0x9}, @ss_container_id={0x14, 0x10, 0x4, 0xa3, "a48f25faf9f68523af29ca3536248556"}, @ss_cap={0xfffffffffffffcba, 0x10, 0x3, 0x2, 0x2, 0x3, 0x9, 0x1ff}, @ext_cap={0x7, 0x10, 0x2, 0x8, 0x6, 0x7, 0x1}, @ss_cap={0xa, 0x10, 0x3, 0xbf6e3a027b58f37, 0x9, 0x7, 0x40, 0x3}]}, 0x1, [{0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x1009}}]}) syz_usb_control_io(r6, &(0x7f0000000280)={0xffffffffffffffa7, &(0x7f0000000500)=ANY=[], 0x0, 0x0, 0x0, 0x0}, 0x0) 15:31:15 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x81) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x81) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) 15:31:15 executing program 3: r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000240)=ANY=[@ANYBLOB="1201fe00f6ff3b0800240042ef420000000109021b000176000000090400000102099d00070581070001000000bf52cf6794a9d3"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000006a05ed004000010203010902240001010000000904000000138038fd558b14e703010010092100000001220000090581030000000000c7cb3822964aa7a9c99ba16ef6aa93f61378a89f2ff3102d2161d9b04f24e6136bf6e48c04fc15ae011d435052a8b5e1e6b1da9f317070430f283f4adb771119e5be0fb0a4693f4b"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_disconnect(r1) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_disconnect(r0) 15:31:15 executing program 5: socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = dup(r2) ioctl$PERF_EVENT_IOC_ENABLE(r3, 0x8912, 0x400200) ioctl$HIDIOCGCOLLECTIONINDEX(0xffffffffffffffff, 0x40184810, &(0x7f0000000080)={0x3, 0x0, 0x5, 0x10001, 0x1, 0x100}) r4 = fcntl$dupfd(r1, 0x0, r0) ioctl$PERF_EVENT_IOC_ENABLE(r4, 0x8912, 0x400200) 15:31:15 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = syz_open_procfs(0x0, &(0x7f0000000380)='net/raw6\x00HT\xf4\xfa\x92\xcaH\x1ci\xccui\x13W}9\x00ah\xde\x84\xf0\xbdU\x96\xbd1\x00=*w\x81\x93:jO\xfc\xb4lLD\xe6{\t\x04\xaf\x92W\x00\xe4wt&\xff-\xae\x19\x9b\x97\nS\xe5\xafu_s\xf6\xf7\x14P\a\xe3\xc0\xed\xe28F/S\xcc\xcc\xeae\r\x97Z\xd1Q0\xa8Aj\x15\xaf\xf0\xc96bJ\xeeH%\x0f=\x01\x82\xf00\x9bE!\x9e\xbf\x12w\xcb\xc1\xd0\xf1*\xf9\xe7\xc7\xd3uI\x1c#\xfa\x92\x95\xca\xd6\xa39\xd1\xf0g\xe2!\f\\;qO\x97\xce\xcc\xbcU\xadLR\xf5 \xb0\xe8\x00'/177) preadv(r1, &(0x7f0000000280)=[{&(0x7f00000000c0)=""/221, 0xdd}], 0x1, 0x14b) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r2, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1743.334285][T29661] debugfs: Directory 'hci0' with parent 'bluetooth' already present! [ 1743.354340][T29661] FAULT_INJECTION: forcing a failure. [ 1743.354340][T29661] name failslab, interval 1, probability 0, space 0, times 0 [ 1743.367219][T29661] CPU: 0 PID: 29661 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1743.375155][T29661] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1743.385261][T29661] Call Trace: [ 1743.388622][T29661] dump_stack+0x191/0x1f0 [ 1743.393028][T29661] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1743.399002][T29661] should_fail+0xa3f/0xa50 [ 1743.403512][T29661] __should_failslab+0x264/0x280 [ 1743.408504][T29661] should_failslab+0x29/0x70 [ 1743.413142][T29661] kmem_cache_alloc+0xd6/0xd10 [ 1743.417980][T29661] ? __kernfs_new_node+0x1a2/0xb70 [ 1743.423131][T29661] ? __msan_memcpy+0x56/0x70 [ 1743.427758][T29661] __kernfs_new_node+0x1a2/0xb70 [ 1743.432751][T29661] ? number+0x1b37/0x1e40 [ 1743.437156][T29661] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1743.443229][T29661] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1743.449181][T29661] kernfs_create_dir_ns+0x1f2/0x5b0 [ 1743.454443][T29661] sysfs_create_dir_ns+0x259/0x600 [ 1743.459790][T29661] kobject_add_internal+0xd2e/0x18d0 [ 1743.465114][T29661] kobject_add+0x311/0x4e0 [ 1743.469591][T29661] ? __msan_metadata_ptr_for_load_8+0x10/0x20 [ 1743.475680][T29661] ? get_device_parent+0x2de/0xaa0 [ 1743.480837][T29661] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1743.486758][T29661] device_add+0xb1c/0x2df0 [ 1743.491223][T29661] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1743.497162][T29661] rfkill_register+0x37b/0x1410 [ 1743.502060][T29661] hci_register_dev+0x727/0xfd0 [ 1743.506954][T29661] hci_uart_tty_ioctl+0xe61/0x1140 [ 1743.512107][T29661] ? hci_uart_tty_write+0x30/0x30 [ 1743.517154][T29661] tty_ioctl+0x23e2/0x3100 [ 1743.521621][T29661] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1743.527545][T29661] ? tty_do_resize+0x230/0x230 [ 1743.532341][T29661] do_vfs_ioctl+0xea8/0x2c50 [ 1743.536974][T29661] ? security_file_ioctl+0x1bd/0x200 [ 1743.542655][T29661] __se_sys_ioctl+0x1da/0x270 [ 1743.547369][T29661] __x64_sys_ioctl+0x4a/0x70 [ 1743.551983][T29661] do_syscall_64+0xb6/0x160 [ 1743.556513][T29661] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1743.562423][T29661] RIP: 0033:0x459f39 [ 1743.566354][T29661] Code: ad b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 00 66 90 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 0f 83 7b b6 fb ff c3 66 2e 0f 1f 84 00 00 00 00 [ 1743.585972][T29661] RSP: 002b:00007f85fb83cc78 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1743.594408][T29661] RAX: ffffffffffffffda RBX: 00007f85fb83cc90 RCX: 0000000000459f39 [ 1743.602397][T29661] RDX: 0000000000000001 RSI: 00000000400455c8 RDI: 0000000000000006 [ 1743.610580][T29661] RBP: 000000000075bf20 R08: 0000000000000000 R09: 0000000000000000 [ 1743.618567][T29661] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f85fb83d6d4 [ 1743.626557][T29661] R13: 00000000004c2e06 R14: 00000000004d6b78 R15: 0000000000000007 [ 1743.635151][T29661] kobject_add_internal failed for rfkill106 (error: -12 parent: hci0) [ 1743.715991][T19754] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 1743.724145][T19765] usb 2-1: new high-speed USB device number 27 using dummy_hcd 15:31:15 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r1, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1743.912966][T29093] Bluetooth: Error in BCSP hdr checksum 15:31:16 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) epoll_create(0x4) r1 = creat(&(0x7f0000000000)='./file0\x00', 0x100) ioctl$DRM_IOCTL_WAIT_VBLANK(r1, 0xc018643a, &(0x7f0000000040)={0xc00003f, 0x400, 0x37}) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r2, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1743.982437][T19765] usb 2-1: Using ep0 maxpacket: 16 [ 1743.988094][T19754] usb 4-1: Using ep0 maxpacket: 8 [ 1744.124375][T19765] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1744.135598][T19765] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1744.148780][T19765] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1744.157968][T19765] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 15:31:16 executing program 2: mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x7, 0x31, 0xffffffffffffffff, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r0 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r0, 0xae60) ioctl$KVM_CREATE_VCPU(r0, 0xae41, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x81) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4040aea0, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0)='/dev/kvm\x00', 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r5, 0xae60) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x81) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r6, 0x4040aea0, 0x0) syz_open_dev$mice(&(0x7f0000000040)='/dev/input/mice\x00', 0x0, 0x5002) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) [ 1744.172193][T19754] usb 4-1: config 118 has an invalid descriptor of length 0, skipping remainder of the config [ 1744.182915][T19754] usb 4-1: config 118 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1744.194156][T19754] usb 4-1: New USB device found, idVendor=2400, idProduct=4200, bcdDevice=42.ef [ 1744.203438][T19754] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1744.214731][T19765] usb 2-1: config 0 descriptor?? 15:31:16 executing program 0: r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x1000, 0x1c, &(0x7f000096d000/0x1000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = dup(r1) ioctl$PERF_EVENT_IOC_ENABLE(r2, 0x8912, 0x400200) r3 = openat$zero(0xffffffffffffff9c, &(0x7f0000000000)='/dev/zero\x00', 0x1000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(r3, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0x10, 0x2, 0x0) epoll_create(0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/udp6\x00') ioctl$VHOST_SET_VRING_ENDIAN(0xffffffffffffffff, 0x4008af13, &(0x7f00000000c0)={0x2, 0x6}) write$apparmor_exec(r4, &(0x7f0000000080)=ANY=[@ANYBLOB="c57f7901ee25ed2f3846a1b8537461"], 0xf) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r5, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1744.275426][T19754] cdc_wdm 4-1:118.0: cdc-wdm2: USB WDM device 15:31:16 executing program 0: openat$pidfd(0xffffffffffffff9c, &(0x7f0000000000)='/proc/self\x00', 0x81000, 0x0) r0 = openat$nullb(0xffffffffffffff9c, 0x0, 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0x0, 0x10, r0, 0x0) shmget(0x2, 0x3000, 0x49c, &(0x7f00007df000/0x3000)=nil) perf_event_open(&(0x7f000001d000)={0x1, 0x70, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41c1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @perf_config_ext}, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0) ioctl$KVM_ASSIGN_DEV_IRQ(0xffffffffffffffff, 0x4040ae70, 0x0) openat$dlm_control(0xffffffffffffff9c, 0x0, 0x400000, 0x0) setsockopt$inet_sctp_SCTP_RESET_STREAMS(0xffffffffffffffff, 0x84, 0x77, 0x0, 0x0) msync(&(0x7f0000952000/0x2000)=nil, 0x87abbe8d1cc6ad9, 0x4) setsockopt$inet_dccp_buf(0xffffffffffffffff, 0x21, 0x0, &(0x7f00000004c0), 0x0) socket(0xeb6b7fc3ce8d638f, 0x4, 0x7d) r1 = socket$isdn_base(0x22, 0x3, 0x0) readahead(r1, 0xfffffffffffffff7, 0x1f) epoll_create(0x3) epoll_create(0x4) epoll_create(0x0) syz_open_dev$usbfs(&(0x7f0000000280)='/dev/bus/usb/00#/00#\x00', 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000100)='net/tcp6\x00') preadv(r2, &(0x7f0000002880)=[{&(0x7f0000000140)=""/110, 0x6e}], 0x1, 0x0) [ 1744.467919][T19754] usb 4-1: USB disconnect, device number 57 [ 1744.762304][T19765] usbhid 2-1:0.0: can't add hid device: -71 [ 1744.768460][T19765] usbhid: probe of 2-1:0.0 failed with error -71 [ 1744.792746][T19765] usb 2-1: USB disconnect, device number 27 [ 1745.051926][T19754] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 1745.312042][T19754] usb 4-1: Using ep0 maxpacket: 8 [ 1745.462180][T27852] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 1745.462241][T19754] usb 4-1: config 118 has an invalid descriptor of length 0, skipping remainder of the config [ 1745.462335][T19754] usb 4-1: config 118 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1745.492002][T19754] usb 4-1: New USB device found, idVendor=2400, idProduct=4200, bcdDevice=42.ef [ 1745.501169][T19754] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1745.557907][T19754] cdc_wdm 4-1:118.0: cdc-wdm2: USB WDM device [ 1745.701988][T19754] Bluetooth: hci0: command 0x1003 tx timeout [ 1745.702044][T27852] usb 2-1: Using ep0 maxpacket: 16 [ 1745.714289][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1745.822183][T27852] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1745.833312][T27852] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1745.846371][T27852] usb 2-1: New USB device found, idVendor=05a4, idProduct=8003, bcdDevice= 0.40 [ 1745.855648][T27852] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1745.866427][T27852] usb 2-1: config 0 descriptor?? [ 1746.202338][T27852] usbhid 2-1:0.0: can't add hid device: -71 [ 1746.208673][T27852] usbhid: probe of 2-1:0.0 failed with error -71 [ 1746.230755][T27852] usb 2-1: USB disconnect, device number 28 [ 1746.301542][T29692] imon:display_open: could not find interface for minor 0 [ 1746.902283][ C1] net_ratelimit: 20 callbacks suppressed [ 1746.902306][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1746.914138][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1746.920233][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1746.926747][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1747.302306][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1747.308424][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1747.314852][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1747.321095][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1747.327496][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1747.333894][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1747.522722][T19754] usb 4-1: USB disconnect, device number 58 [ 1747.782065][T19754] Bluetooth: hci0: command 0x1001 tx timeout [ 1747.788370][T25677] Bluetooth: hci0: sending frame failed (-49) [ 1749.862046][T19754] Bluetooth: hci0: command 0x1009 tx timeout [ 1753.142289][ C1] net_ratelimit: 20 callbacks suppressed [ 1753.142312][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1753.155015][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1753.161438][ C1] protocol 88fb is buggy, dev hsr_slave_0 [ 1753.167627][ C1] protocol 88fb is buggy, dev hsr_slave_1 [ 1753.542354][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1753.548375][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1753.554750][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1753.560723][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1753.567116][ C0] protocol 88fb is buggy, dev hsr_slave_0 [ 1753.573114][ C0] protocol 88fb is buggy, dev hsr_slave_1 [ 1754.023378][T29660] ===================================================== [ 1754.030349][T29660] BUG: KMSAN: use-after-free in kfree_skb+0x23c/0x4c0 [ 1754.037115][T29660] CPU: 1 PID: 29660 Comm: syz-executor.4 Not tainted 5.4.0-rc3+ #0 [ 1754.045001][T29660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1754.055050][T29660] Call Trace: [ 1754.058346][T29660] dump_stack+0x191/0x1f0 [ 1754.062692][T29660] kmsan_report+0x128/0x220 [ 1754.067206][T29660] __msan_warning+0x73/0xe0 [ 1754.071732][T29660] kfree_skb+0x23c/0x4c0 [ 1754.075983][T29660] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1754.081917][T29660] bcsp_close+0x127/0x1e0 [ 1754.086246][T29660] ? bcsp_open+0x5d0/0x5d0 [ 1754.090661][T29660] hci_uart_tty_close+0x385/0x410 [ 1754.095694][T29660] ? hci_uart_tty_open+0x5a0/0x5a0 [ 1754.100832][T29660] tty_ldisc_release+0x5dd/0xd50 [ 1754.105787][T29660] tty_release_struct+0x4f/0x1d0 [ 1754.110725][T29660] ? tty_unlock+0x82/0x100 [ 1754.115155][T29660] tty_release+0x1be2/0x1e80 [ 1754.119772][T29660] ? tty_release_struct+0x1d0/0x1d0 [ 1754.124967][T29660] __fput+0x4c9/0xba0 [ 1754.128962][T29660] ____fput+0x37/0x40 [ 1754.132971][T29660] ? fput_many+0x2a0/0x2a0 [ 1754.137387][T29660] task_work_run+0x22e/0x2a0 [ 1754.141992][T29660] prepare_exit_to_usermode+0x39d/0x4d0 [ 1754.147545][T29660] syscall_return_slowpath+0x90/0x610 [ 1754.152927][T29660] do_syscall_64+0xdc/0x160 [ 1754.157435][T29660] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1754.163325][T29660] RIP: 0033:0x413ad1 [ 1754.167220][T29660] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1754.186821][T29660] RSP: 002b:0000000000a6fbf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1754.195240][T29660] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000413ad1 [ 1754.203210][T29660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1754.211179][T29660] RBP: 0000000000000001 R08: 0000000060e00691 R09: ffffffffffffffff [ 1754.219149][T29660] R10: 0000000000a6fcd0 R11: 0000000000000293 R12: 000000000075c9a0 [ 1754.227119][T29660] R13: 000000000075c9a0 R14: 0000000000760320 R15: 000000000075bf2c [ 1754.235100][T29660] [ 1754.237419][T29660] Uninit was created at: [ 1754.241661][T29660] kmsan_internal_poison_shadow+0x60/0x120 [ 1754.247591][T29660] kmsan_slab_free+0x8d/0xf0 [ 1754.252203][T29660] kmem_cache_free+0x2d1/0x2b70 [ 1754.257065][T29660] kfree_skb+0x473/0x4c0 [ 1754.261313][T29660] hsr_forward_skb+0x2d7c/0x3070 [ 1754.266256][T29660] send_hsr_supervision_frame+0x10a6/0x14f0 [ 1754.272151][T29660] hsr_announce+0x1eb/0x370 [ 1754.276695][T29660] call_timer_fn+0x232/0x530 [ 1754.281292][T29660] __run_timers+0xd60/0x1270 [ 1754.285888][T29660] run_timer_softirq+0x2d/0x50 [ 1754.290673][T29660] __do_softirq+0x4a1/0x83a [ 1754.295188][T29660] irq_exit+0x230/0x280 [ 1754.299351][T29660] exiting_irq+0xe/0x10 [ 1754.303512][T29660] smp_apic_timer_interrupt+0x48/0x70 [ 1754.308887][T29660] apic_timer_interrupt+0x2e/0x40 [ 1754.313914][T29660] kmsan_get_shadow_origin_ptr+0x33b/0x4b0 [ 1754.319721][T29660] __msan_metadata_ptr_for_store_4+0x13/0x20 [ 1754.325699][T29660] ep_send_events_proc+0xa25/0x1630 [ 1754.330925][T29660] ep_scan_ready_list+0x364/0xe80 [ 1754.335952][T29660] do_epoll_wait+0xced/0x1990 [ 1754.340627][T29660] __se_sys_epoll_wait+0xb3/0xe0 [ 1754.345566][T29660] __x64_sys_epoll_wait+0x56/0x70 [ 1754.350591][T29660] do_syscall_64+0xb6/0x160 [ 1754.355098][T29660] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1754.360982][T29660] ===================================================== [ 1754.367911][T29660] Disabling lock debugging due to kernel taint [ 1754.374064][T29660] Kernel panic - not syncing: panic_on_warn set ... [ 1754.380662][T29660] CPU: 1 PID: 29660 Comm: syz-executor.4 Tainted: G B 5.4.0-rc3+ #0 [ 1754.390020][T29660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 01/01/2011 [ 1754.400073][T29660] Call Trace: [ 1754.403374][T29660] dump_stack+0x191/0x1f0 [ 1754.407714][T29660] panic+0x3c9/0xc1e [ 1754.411644][T29660] kmsan_report+0x215/0x220 [ 1754.416250][T29660] __msan_warning+0x73/0xe0 [ 1754.420785][T29660] kfree_skb+0x23c/0x4c0 [ 1754.425036][T29660] ? kmsan_get_shadow_origin_ptr+0x91/0x4b0 [ 1754.430955][T29660] bcsp_close+0x127/0x1e0 [ 1754.435467][T29660] ? bcsp_open+0x5d0/0x5d0 [ 1754.440321][T29660] hci_uart_tty_close+0x385/0x410 [ 1754.445793][T29660] ? hci_uart_tty_open+0x5a0/0x5a0 [ 1754.450907][T29660] tty_ldisc_release+0x5dd/0xd50 [ 1754.455891][T29660] tty_release_struct+0x4f/0x1d0 [ 1754.460845][T29660] ? tty_unlock+0x82/0x100 [ 1754.465273][T29660] tty_release+0x1be2/0x1e80 [ 1754.469896][T29660] ? tty_release_struct+0x1d0/0x1d0 [ 1754.475109][T29660] __fput+0x4c9/0xba0 [ 1754.479110][T29660] ____fput+0x37/0x40 [ 1754.483093][T29660] ? fput_many+0x2a0/0x2a0 [ 1754.487973][T29660] task_work_run+0x22e/0x2a0 [ 1754.492587][T29660] prepare_exit_to_usermode+0x39d/0x4d0 [ 1754.498152][T29660] syscall_return_slowpath+0x90/0x610 [ 1754.503545][T29660] do_syscall_64+0xdc/0x160 [ 1754.508060][T29660] entry_SYSCALL_64_after_hwframe+0x63/0xe7 [ 1754.513952][T29660] RIP: 0033:0x413ad1 [ 1754.517848][T29660] Code: 75 14 b8 03 00 00 00 0f 05 48 3d 01 f0 ff ff 0f 83 04 1b 00 00 c3 48 83 ec 08 e8 0a fc ff ff 48 89 04 24 b8 03 00 00 00 0f 05 <48> 8b 3c 24 48 89 c2 e8 53 fc ff ff 48 89 d0 48 83 c4 08 48 3d 01 [ 1754.545379][T29660] RSP: 002b:0000000000a6fbf0 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 1754.553799][T29660] RAX: 0000000000000000 RBX: 0000000000000007 RCX: 0000000000413ad1 [ 1754.561769][T29660] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1754.569764][T29660] RBP: 0000000000000001 R08: 0000000060e00691 R09: ffffffffffffffff [ 1754.577742][T29660] R10: 0000000000a6fcd0 R11: 0000000000000293 R12: 000000000075c9a0 [ 1754.585714][T29660] R13: 000000000075c9a0 R14: 0000000000760320 R15: 000000000075bf2c [ 1754.595701][T29660] Kernel Offset: disabled [ 1754.600074][T29660] Rebooting in 86400 seconds..