last executing test programs: 19.373231864s ago: executing program 1 (id=388): socket$inet_udp(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x8000}}) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) name_to_handle_at(r4, &(0x7f0000000040)='./file0\x00', &(0x7f0000001300)=ANY=[], 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/wakeup_count', 0x302, 0x0) 14.424837479s ago: executing program 1 (id=391): r0 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r0, 0x10f, 0x87, 0x0, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() r2 = socket(0x2a, 0x2, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000140)=@newqdisc={0x24, 0x24, 0x0, 0x0, 0x25dfdbfe, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x6}}}, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=@newqdisc={0x24, 0x24, 0xf0b, 0x0, 0x3, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}, {0x0, 0x7}}}, 0x24}}, 0x4004) sendmsg$nl_route_sched(r2, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f000000e240)=@newtfilter={0x58, 0x2c, 0xd27, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, r3, {}, {}, {0xfff1}}, [@filter_kind_options=@f_basic={{0x34}, {0x28, 0x2, [@TCA_BASIC_EMATCHES={0x24, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0x9}}, @TCA_EMATCH_TREE_LIST={0x18, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x0, 0x7, 0x3}, {{0x3, 0x1, 0x1, 0x1}, {0x2}}}}]}]}]}}]}, 0x58}}, 0x44010) r4 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r4, &(0x7f00000002c0), 0x40000000000009f, 0x0) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6f344000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$TIPC_DEST_DROPPABLE(r7, 0x10f, 0x81, &(0x7f0000001500), &(0x7f0000000440)=0x4) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mkdir(&(0x7f00000002c0)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000000)='cgroup2\x00', 0x0, 0x0) r8 = open(&(0x7f0000000280)='./file0\x00', 0x0, 0x80) r9 = openat$cgroup_subtree(r8, &(0x7f00000001c0), 0x2, 0x0) write$cgroup_subtree(r9, &(0x7f0000000100)={[{0x2d, 'pids'}]}, 0x6) 13.1156755s ago: executing program 4 (id=396): socket$netlink(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) mount$bind(&(0x7f0000000080)='./file0/../file0\x00', &(0x7f0000000200)='./file0/../file0\x00', 0x0, 0x101091, 0x0) r3 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) fsmount(r3, 0x0, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') ppoll(&(0x7f0000000280)=[{r4}], 0x1, 0x0, 0x0, 0x0) umount2(&(0x7f0000000800)='./file0\x00', 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r5, 0x89f1, &(0x7f0000001040)={'gre0\x00', &(0x7f0000001000)={'syztnl2\x00', 0x0, 0x0, 0xa000, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x2f, 0x0, @empty, @rand_addr=0x3}}}}) r6 = syz_open_dev$vim2m(&(0x7f0000000080), 0x3fe, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r6, 0xc0d05605, &(0x7f00000000c0)={0x1, @pix_mp={0x0, 0x0, 0x34325842, 0x0, 0x0, [{}, {}, {}, {}, {}, {0x0, 0x1}]}}) ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f0000000040)={0x80000001, 0x1, 0x4}) 11.142052004s ago: executing program 2 (id=397): r0 = socket(0x840000000002, 0x3, 0x100) r1 = socket$l2tp6(0xa, 0x2, 0x73) setsockopt$inet6_IPV6_RTHDR(r1, 0x29, 0x39, &(0x7f0000000400)={0x29, 0x4, 0x2, 0xcd, 0x0, [@remote, @private1]}, 0x28) connect$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @remote}, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f0000000c40)=[{{&(0x7f0000000180)=@in={0x2, 0x0, @broadcast}, 0x80, &(0x7f0000000280)=[{&(0x7f0000000a00)=""/103, 0x5d}], 0x394, &(0x7f0000000500)=""/244, 0xf4}, 0x1}, {{&(0x7f0000000600)=@in6={0xa, 0x0, 0x0, @private1}, 0x80, &(0x7f00000020c0)=[{&(0x7f0000000680)=""/92, 0x5c}, {&(0x7f0000000700)=""/3, 0x3}, {&(0x7f0000000740)=""/160, 0xa0}, {&(0x7f0000000800)=""/245, 0xf5}, {&(0x7f0000000940)=""/112, 0x70}, {&(0x7f0000002180)=""/237, 0xed}, {&(0x7f0000000ac0)=""/155, 0x9b}, {&(0x7f00000010c0)=""/4096, 0x1000}, {&(0x7f0000000b80)=""/141, 0xd7}], 0x9}, 0x8}], 0x2, 0x10102, 0x0) syz_open_dev$sndpcmp(&(0x7f0000000100), 0x40, 0x202) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r4 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) signalfd(r4, &(0x7f0000002340), 0x8) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r4, 0x84, 0x72, &(0x7f0000000040)={0x0, 0x2, 0x30}, &(0x7f0000000080)=0xc) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r0, 0x84, 0x6, &(0x7f0000000180)={r5, @in6={{0xa, 0x4e20, 0x4ce5, @mcast2, 0xd}}}, &(0x7f00000000c0)=0x84) sendmmsg$inet(r0, &(0x7f0000000900)=[{{&(0x7f0000000240)={0x2, 0x4e20, @broadcast}, 0x10, &(0x7f00000009c0)=[{&(0x7f00000002c0)="611c15959f19a3dcdcb9cd4896837f3f40341b4c4eb8c06be2052170a33f8f6892dfb31c8893095631143b81bee949aef0dafe86b34af49e17a17a9cfce322b06999da439fcaa52d2beab6b1c4102fa811f272e9de80c0eb635f31f422f559a783d248841c83fcd0c58748b26e8afc", 0x6f}, {&(0x7f0000000340)="a79a3fe40f381311d01cb2af80b856ec4e11d9246e62af02851af6077b750ffe931fb0dcfde705901a8a4671c5d071173ded4e8ec9a4508274d131e19bbe754913902528b71c015ae1c51b27c2a2abc027840e35883e713deb35962d59fddd9c9d91a90af84e3705cc96c4ebd29b69c9cd419d12f61c86d10d4cf3b9c88ed2dbfa3fc2bac345ceb7fd2a390b841dda45e4a338c70ea71000577b58eb00e64184348bb7845ce0ef35c70edf7ecb8d4209cfdac2fdffce4362c480e6ab5fa84c5c46ccb98ca53a86adcbbfc1357e614482ec2e2942e8001b52f5ad7b2754dd826c1b31b6e5682ee11bab423c4cc3194f1be332b29881c7753633b72044", 0xfc}, {&(0x7f0000000440)="42664516c0110e5e83ded6f153512bb5a87fc468c362", 0x16}, {&(0x7f0000000480)="f03c069e3544d020921ece962f6b05e5bcfad16345bf36985eee797ee0b0e9f26af7a5764ed623276965b474dab1f4adfefcbf59b0bf", 0x1c}], 0x4}}], 0x1, 0x0) setsockopt$inet_opts(r0, 0x0, 0x4, 0x0, 0xa4) 11.092659405s ago: executing program 4 (id=398): openat$adsp1(0xffffffffffffff9c, &(0x7f0000000080), 0x240, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x161281, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, "a05c7b5d00008023e9c5bcf5ff7700"}) r1 = syz_open_pts(r0, 0x0) r2 = dup3(r1, r0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') mount$9p_fd(0x0, &(0x7f0000000300)='.\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)={'trans=fd,', {'rfdno', 0x3d, r2}, 0x2c, {'wfdno', 0x3d, r3}}) 10.859337001s ago: executing program 3 (id=400): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)=ANY=[@ANYBLOB="fc0000001900674c0000000000000000e0000001000000000000000000000000e000000200000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000400000000000000000000000000000000000000000000000000001000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000044000500000000000000000000000000000000000000000033"], 0xfc}}, 0x0) setsockopt$inet6_int(r0, 0x29, 0x10, &(0x7f0000000000), 0x4) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='personality\x00') connect$phonet_pipe(r2, &(0x7f00000000c0)={0x23, 0x8, 0xff, 0x5}, 0x10) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @empty}, 0x1c) sendto$inet6(r0, 0x0, 0x3, 0x810, 0x0, 0x0) 10.67251557s ago: executing program 2 (id=401): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x8000}}) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) name_to_handle_at(r4, &(0x7f0000000040)='./file0\x00', &(0x7f0000001300)=ANY=[], 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/wakeup_count', 0x302, 0x0) 10.672169425s ago: executing program 3 (id=402): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xd0b, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0xffff, 0xffff}}}, 0x24}}, 0x0) r0 = openat$autofs(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000000)=ANY=[@ANYRES16, @ANYRES32=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioctl$AUTOFS_DEV_IOCTL_VERSION(r0, 0xc0189371, &(0x7f0000000100)={{0x1, 0x1, 0x18}, './file0\x00'}) 9.308541826s ago: executing program 4 (id=403): dup(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x12) epoll_create1(0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet_sctp(0x2, 0x5, 0x84) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = dup(r3) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4000000020042, 0x0) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000240)={0x5}) ioctl$IOMMU_DESTROY$ioas(0xffffffffffffffff, 0x3b80, &(0x7f00000000c0)={0x8}) r6 = dup(r5) sendfile(r6, r4, 0x0, 0x89ffc) add_key$user(&(0x7f0000000040), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000700), 0x0, 0xfffffffffffffffe) add_key$user(&(0x7f00000004c0), &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000200)="cc", 0x1, 0xffffffffffffffff) 8.877795951s ago: executing program 0 (id=404): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={0x0, 0x30}}, 0x0) socket$packet(0x11, 0x3, 0x300) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000003c0)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3ff, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet(0xa, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, 0x0, 0x0) bind$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @broadcast}, 0x10) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000140)={0x1, @pix={0x0, 0x0, 0x47425247, 0x0, 0x0, 0x0, 0x1, 0x4}}) syz_open_dev$video(&(0x7f0000000040), 0x7, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) inotify_init() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x100008b}, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000240), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x4, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="18020900000000000000000000000000850000004f000000850000007dffffffffffffffff000000"], 0x0, 0x3, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) quotactl$Q_SYNC(0xffffffff80000102, 0x0, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000780)={0x5, 0xb, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_ext={0x1c, 0x1e, &(0x7f0000000840)=@raw=[@btf_id={0x18, 0x8, 0x3, 0x0, 0x5}, @ringbuf_query, @btf_id={0x18, 0x4, 0x3, 0x0, 0x4}, @map_idx_val={0x18, 0x2, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}, @call={0x85, 0x0, 0x0, 0x70}, @initr0={0x18, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x8}, @map_idx={0x18, 0x0, 0x5, 0x0, 0x4}, @initr0={0x18, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x86dd}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}}], &(0x7f0000000540)='syzkaller\x00', 0x9, 0x7e, &(0x7f0000000580)=""/126, 0x41100, 0x52, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000940)={0x2, 0x4}, 0x8, 0x10, &(0x7f0000000980)={0x5, 0x4, 0xc, 0x7}, 0x10, 0xa6, r2, 0x1, &(0x7f0000000a40)=[0xffffffffffffffff, 0xffffffffffffffff], &(0x7f0000000a80)=[{0x4, 0x1, 0xa, 0xc}], 0x10, 0x10000, @void, @value}, 0x94) r3 = syz_open_dev$loop(&(0x7f0000000080), 0x0, 0x0) ioctl$BLKPG(r3, 0x1269, 0x0) 8.877501488s ago: executing program 3 (id=405): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) futex(&(0x7f000000cffc)=0x1, 0x800000000006, 0x0, 0x0, 0x0, 0x4) (fail_nth: 2) futex(&(0x7f000000cffc)=0x40000000, 0x800000000006, 0x0, 0x0, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000000)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) poll(0x0, 0x0, 0x7c) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) 8.837090249s ago: executing program 2 (id=406): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r3}, 0x10) r4 = openat$tcp_congestion(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) write$tcp_congestion(r4, 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000000)=@nat={'nat\x00', 0x19, 0x1, 0x178, [0x200003c0, 0x0, 0x0, 0x200003f0, 0x20000420], 0x0, 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="000000000000f8ffffff000000000000000000000000000000000000000000000000000000000000feffffff00000000000000000000000000000000000000f00c0000000000000000000000000000000000000000000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff01000000030000000d00000008000000000000008000000000000000000064756d6d79300000000000000000000069705f76746930000000000000000000697036746e6c30000000000000000000aaaaaaaaaabb0000000000000180961b884dd8659bf600000000b8000000b8000000e80000006970000000000000000000000000000000000000000000a823c565625b8d720020000000000000007f000001ac140000000000cca5f488b68659fff07fca000000466ef58f5dc8438b000000000000000800"/376]}, 0x1f0) 7.484726878s ago: executing program 4 (id=407): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3d045ebc45a15f6313f5290c39f7d907d5d09f96466c2a5ba06ba7eda14de9be8a655c5a3a27691bb0432739e8166d098696c3b5fe37170377e8c80d10c7a4f4eba98e10ec15adc925545b7a06158e007c75358ce01ba7fffc66db87227d1e24e2f2930d61e6ed0f", @ANYRES16=r2, @ANYBLOB="000429bd7000fddbdf256600000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x40040) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) 6.856917469s ago: executing program 2 (id=408): r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) read(r1, &(0x7f0000000200)=""/201, 0xc9) ioctl$SNDRV_SEQ_IOCTL_REMOVE_EVENTS(r1, 0x4040534e, &(0x7f0000000040)={0x37}) ioctl$SNDRV_SEQ_IOCTL_QUERY_NEXT_PORT(r1, 0xc0a85352, &(0x7f00000000c0)={{0x72, 0x7}, 'port1\x00', 0x8, 0x40000, 0x6, 0x6, 0x1, 0x7fff, 0x9, 0x0, 0x9c5124f7afbe52db}) tkill(r0, 0x7) 6.760592335s ago: executing program 3 (id=409): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) (async) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1f, 0x0, 0x0, 0x1000, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async) openat$binderfs_ctrl(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder-control\x00', 0x0, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) (async) socket$rds(0x15, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) (async) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) (async, rerun: 32) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) (rerun: 32) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) (async) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) (async) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x0, 0x0, @mcast1}, {0x2, 0x0, 0x4, @loopback}}}, 0x48) mmap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x0, 0x28011, r1, 0xffffffffffffc000) (async) setsockopt$bt_BT_DEFER_SETUP(r0, 0x12, 0x3, 0x0, 0x300) 6.712182413s ago: executing program 0 (id=410): mount$bind(&(0x7f0000000300)='./file0/file0\x00', 0x0, 0x0, 0x20400, 0x0) r0 = userfaultfd(0x1000) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='cgroup.kill\x00', 0x275a, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$packet(0x11, 0x3, 0x300) socket$inet_udp(0x2, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0, r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x1, &(0x7f00000003c0)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x0, 0x0) finit_module(r6, 0x0, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_MCAST_JOIN_GROUP(r7, 0x0, 0x2a, &(0x7f0000000180)={0x2, {{0x2, 0x0, @multicast2}}}, 0x88) setsockopt$inet_MCAST_MSFILTER(r7, 0x0, 0x30, &(0x7f0000000dc0)=ANY=[], 0x110) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xf4}}, 0x0) 6.638417097s ago: executing program 2 (id=411): r0 = syz_usb_connect(0x0, 0x1cb, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000122f0d4071040403dfe4000000010902b901010000003f0904"], 0x0) syz_usb_disconnect(r0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[], 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) r2 = getpid() sched_setscheduler(r2, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x0, 0x0) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x800005d, 0x4810) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x40008) setresuid(0x0, 0xee00, 0x0) r5 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) landlock_create_ruleset(0x0, 0x0, 0x0) move_pages(r5, 0x0, 0x0, 0x0, 0x0, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000000240)={0x2, 0x0, @local}, 0x3) 6.553417455s ago: executing program 3 (id=412): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000280)={'veth0_to_hsr\x00'}) r2 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000000), 0xffffffffffffffff) r3 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000340), r1) sendmsg$IPVS_CMD_SET_CONFIG(r1, &(0x7f0000000740)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0xc0040001}, 0xc, &(0x7f0000000700)={&(0x7f0000000380)={0x2c, r3, 0x100, 0x70bd25, 0x25dfdbfb, {}, [@IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0xfffffff7}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8, 0x5, 0x5}, @IPVS_CMD_ATTR_TIMEOUT_TCP_FIN={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8800}, 0x4000004) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000040)={'veth1_to_team\x00'}) sendmsg$WG_CMD_GET_DEVICE(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000001200)={&(0x7f0000000080)={0x1c, r2, 0x705, 0x0, 0x0, {}, [@WGDEVICE_A_FWMARK={0x8, 0x7, 0x401}]}, 0x1c}}, 0x0) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f00000005c0)={&(0x7f0000000500)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f0000000580)={&(0x7f0000000540)={0x14, r2, 0x10, 0x70bd2c, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x10}, 0x4000) setsockopt$inet6_int(r0, 0x29, 0x19, 0x0, 0x0) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(0xffffffffffffffff, 0xc00c642d, &(0x7f0000000180)={0x0, 0x80000, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r5, &(0x7f00000002c0)=@abs, 0x6e) setsockopt(r5, 0x8, 0x4, &(0x7f0000000600)="3017da3e20c018efd6bd34f18c5cbd828be7f66757748e52c3b56d96a74de5108b4c56cc5501d8cfeef81533668e4ad479ed43f44ab230e2f37ecc6d74471909cb29444b6a51980e73d78d605e5c17fa1b4e2b2237cd104b1940fc0f24d93ffc74a0854baa3b6067fa3f609faca36c1b1db64ff478b3307264e51228e8249da983ac5b49a1499f6456ec41dfdb35a3fd749c33fa25e58e011506c33875e05ad7e4f7da7ef630df7e81b03f84996c8a33dafb2860b9cb2807", 0xb8) r6 = syz_usb_connect(0x0, 0x202, &(0x7f0000000780)=ANY=[@ANYBLOB="1201100152018b401e040740185d000000010902f00101040000030904"], 0x0) syz_usb_control_io$printer(r6, 0x0, &(0x7f00000006c0)={0x34, &(0x7f00000003c0)=ANY=[@ANYRESOCT=0x0, @ANYRESHEX=r3, @ANYRES64=r4, @ANYBLOB="f62f86b9117fd76da4c516b48d5d585c9ac824a9bcbe81fcef5055e477c427db7b31c6927282b27fb76396de4df1c3d5cb7b0dd7b321df289dc3a82368e169d0c0e3d0e96c26155d1b0537fe35aecb27e9f0631ee6c77a1b343fe65a11ff24a286dd425ea095500d6fc3d83f1273adbb7779df09f5765b69ddb3e48279ddbb9cffec17842bbc8e3723a69efc0859d486d8b2cbbb5bfd262da87fce6d2728f670ecb0be745a7790d2e5957a6442a91065ed708513bbd8414e1ffa3421f48a6111ee2e", @ANYRES64=r0, @ANYRESHEX=0x0, @ANYRES32=r6], 0x0, 0x0, 0x0, 0x0, 0x0}) r7 = creat(&(0x7f0000000040)='./file0\x00', 0x0) ioctl$DRM_IOCTL_MODE_GETENCODER(r7, 0xc01464a6, &(0x7f0000000000)={0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(0xffffffffffffffff, 0xc06864a2, &(0x7f0000000900)={&(0x7f00000008c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x5, r8, 0x0, 0x40, 0x2, 0x7, 0xff57, {0x400, 0x6, 0x0, 0x59, 0x6, 0x1, 0x0, 0x3, 0x6, 0x0, 0x0, 0x0, 0x6, 0x70, "220d5b81c6f7b1c3455db2cb90070d8f3e4c4a17bf1b02b53651a02c3989c886"}}) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, &(0x7f0000000080)={&(0x7f0000000240)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x9, r8}) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ioperm(0x0, 0x9, 0x5) r9 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) getdents(r9, &(0x7f0000001fc0)=""/184, 0xb8) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000200), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r10 = getpid() sched_setscheduler(r10, 0x2, &(0x7f0000000200)=0x4) 6.552661504s ago: executing program 4 (id=413): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000100)=0x0) getpgid(r3) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000180)={0x1b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r4 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r4, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000080)={&(0x7f0000000440)=ANY=[@ANYBLOB="020300090c0000000000000000000000030006000000000002000000e00000010000000000000000020001000000000000000802000000000300050000000000020000007f0003010000000000000000020013"], 0x60}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r5 = socket$inet(0x2, 0x3, 0x4) r6 = socket(0x10, 0x3, 0x0) fsetxattr$smack_xattr_label(r1, &(0x7f00000002c0)='security.SMACK64\x00', &(0x7f0000000300)={'nfs\x00'}, 0x5, 0x1) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000080)={'team_slave_0\x00', 0x0}) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="9feb0100180000000000000024000000240000000a000000080000000200000fffffffff0e000000000000000300000007000000030000ca75ffffff00000000000000002e"], 0x0, 0x46, 0x0, 0x0, 0xa, 0x0, @void, @value}, 0x28) sendmsg$nl_route_sched(r6, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000340)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r7, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x14, 0x2, [@TCA_PIE_TARGET={0x8, 0x1, 0xfffffff9}, @TCA_PIE_TUPDATE={0x8, 0x3, 0x6}]}}]}, 0x40}}, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000000)={0x7, &(0x7f00000000c0)=[{0x79, 0xd, 0x0, 0x7}, {0xf1be, 0x0, 0x0, 0x7fff}, {0x9, 0xa, 0x2}, {0xf6ec, 0x5, 0x0, 0x69}, {0x7f9a, 0x64, 0x9, 0x2}, {0x0, 0x5, 0x2, 0x49}, {0xc67f, 0xd, 0x9, 0x7}]}, 0x10) mount$nfs(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="61632c0c107dc565b4030298a5903985780b8d5990409135034757006496e507848024c03c016db7e66830c0fae6455cca1da88557d9ca5f189b460d1cd0758cb4cb52e5e5a5407180ff5c02b19f425758be2b3dee0a31299dfc74f7e988d029af288bbea604d86c0776afd49d94222d1d51e394a51d98b93b6a9f7f"]) 5.491237298s ago: executing program 0 (id=414): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000000000)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000d, 0x4008031, 0xffffffffffffffff, 0x20000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000280)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7f}}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='kfree\x00', r0}, 0x10) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f0000000200)=ANY=[], 0x0) close_range(r1, 0xffffffffffffffff, 0x0) fallocate(0xffffffffffffffff, 0x2, 0x7ff, 0xdeb) 5.466953581s ago: executing program 1 (id=415): bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000001c0)={'pim6reg0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000300)={'gre0\x00', &(0x7f0000000400)={'syztnl1\x00', 0x0, 0x7, 0x8, 0x7fffffff, 0x40, {{0x50, 0x4, 0x1, 0x2, 0x140, 0x66, 0x0, 0x6, 0x2f, 0x0, @empty, @loopback, {[@timestamp_addr={0x44, 0x3c, 0xd, 0x1, 0xb, [{@dev={0xac, 0x14, 0x14, 0xb}, 0x6}, {@empty, 0x4}, {@multicast2, 0x401}, {@broadcast, 0x30138453}, {@loopback, 0x1}, {@multicast2, 0x6}, {@empty}]}, @timestamp_prespec={0x44, 0x4c, 0x81, 0x3, 0xc, [{@dev={0xac, 0x14, 0x14, 0x3d}, 0x2a8}, {@private=0xa010100, 0xa671}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0xc}, {@dev={0xac, 0x14, 0x14, 0x3a}, 0x6}, {@remote, 0x9}, {@multicast1, 0x3}, {@initdev={0xac, 0x1e, 0x1, 0x0}, 0x9}, {@private=0xa010100, 0xe5}, {@remote, 0x3}]}, @noop, @timestamp_addr={0x44, 0x24, 0x2f, 0x1, 0x2, [{@multicast2, 0x6115}, {@multicast1, 0x4}, {@rand_addr=0x64010101, 0xfff}, {@dev={0xac, 0x14, 0x14, 0x31}, 0x1}]}, @ssrr={0x89, 0xb, 0x1d, [@rand_addr=0x64010101, @multicast2]}, @generic={0x88, 0x9, "fc5653a5118ef2"}, @rr={0x7, 0x17, 0xe9, [@multicast2, @dev={0xac, 0x14, 0x14, 0x28}, @local, @initdev={0xac, 0x1e, 0x0, 0x0}, @local]}, @rr={0x7, 0xf, 0x36, [@loopback, @multicast2, @loopback]}, @lsrr={0x83, 0x7, 0xa0, [@multicast1]}, @timestamp_addr={0x44, 0x3c, 0xad, 0x1, 0x4, [{@multicast2, 0x5}, {@broadcast}, {@empty, 0x7}, {@remote, 0xf}, {@loopback, 0x7}, {@initdev={0xac, 0x1e, 0x0, 0x0}, 0xd0}, {@multicast2, 0xfffff966}]}]}}}}}) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x8, &(0x7f0000000340)={0x0, @multicast1, @multicast1}, &(0x7f0000000580)=0xc) getsockopt$inet6_mreq(0xffffffffffffffff, 0x29, 0x14, &(0x7f00000005c0)={@mcast2, 0x0}, &(0x7f0000000600)=0x14) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000700)={'sit0\x00', &(0x7f0000000640)={'syztnl2\x00', 0x0, 0x700, 0x40, 0x335d, 0x0, {{0x22, 0x4, 0x3, 0x1b, 0x88, 0x65, 0x0, 0x1, 0x4, 0x0, @empty, @private=0xa010101, {[@timestamp={0x44, 0x1c, 0x83, 0x0, 0xc, [0x7, 0x0, 0x5, 0x6, 0xffffffff, 0x1]}, @ssrr={0x89, 0x13, 0x67, [@multicast1, @rand_addr=0x64010101, @private=0xa010100, @rand_addr=0x64010100]}, @cipso={0x86, 0x2a, 0x3, [{0x7, 0xe, "580288e9cfb82f5951f8a94e"}, {0x6, 0x6, "fb1485bb"}, {0x7, 0x10, "73d9cea2ffd07b585c9121096248"}]}, @rr={0x7, 0xf, 0x94, [@loopback, @rand_addr=0x64010100, @local]}, @lsrr={0x83, 0xb, 0xb6, [@local, @broadcast]}]}}}}}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000300)={'bridge_slave_0\x00', 0x0}) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newlink={0x30, 0x10, 0xa9, 0x0, 0x0, {0x0, 0x0, 0x0, r9}, [@IFLA_MASTER={0x8, 0xa, r9}, @IFLA_MTU={0x8, 0x4, 0x7f}]}, 0x30}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000840)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x400}, 0xc, &(0x7f0000000800)={&(0x7f0000000740)=@RTM_DELMDB={0xb8, 0x55, 0x1, 0x70bd2a, 0x25dfdbfd, {0x7, r3}, [@MDBA_SET_ENTRY={0x20, 0x1, {r4, 0x1, 0x1, 0x4, {@ip4=@rand_addr=0x64010101, 0x800}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r5, 0x0, 0x7, 0x2, {@in6_addr=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x86dd}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r6, 0x1, 0x3, 0x0, {@ip4=@dev={0xac, 0x14, 0x14, 0x44}, 0x800}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r7, 0x1, 0x0, 0x3, {@ip4=@dev={0xac, 0x14, 0x14, 0x19}}}}, @MDBA_SET_ENTRY={0x20, 0x1, {r9, 0x0, 0x3, 0x4, {@ip4=@loopback, 0x86dd}}}]}, 0xb8}, 0x1, 0x0, 0x0, 0x20000004}, 0x88c5) r11 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) pselect6(0x2000, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x300}, 0x0, &(0x7f0000000100)={0x8}, 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r11, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r11, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r12, 0x0, 0x0, 0x0, 0x0}) clock_nanosleep(0x0, 0x1, &(0x7f00000000c0)={0x0, 0x989680}, 0x0) ioctl$IOMMU_IOAS_ALLOC(r11, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_HWPT_ALLOC$TEST(r11, 0x3b89, &(0x7f00000002c0)={0x18, 0x0, r13, r14, 0x0, 0x0, 0xdead, 0x4, &(0x7f0000000280)}) ioctl$IOMMU_IOAS_MAP$PAGES(r11, 0x3b85, &(0x7f0000000080)={0x28, 0x2, r14, 0x0, &(0x7f0000236000/0x800000)=nil, 0x800000, 0x400000000000000}) 4.024385118s ago: executing program 1 (id=416): bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x6) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mknod(&(0x7f0000000040)='./file0\x00', 0x0, 0x0) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000002380)={{'fd', 0x3d, r3}, 0x2c, {'rootmode', 0x3d, 0x8000}}) r4 = open(&(0x7f0000000100)='.\x00', 0x0, 0x0) name_to_handle_at(r4, &(0x7f0000000040)='./file0\x00', &(0x7f0000001300)=ANY=[], 0x0, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000240)='/sys/power/wakeup_count', 0x302, 0x0) 2.91495866s ago: executing program 1 (id=417): dup(0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) accept4$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x12) epoll_create1(0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) socket$inet_sctp(0x2, 0x5, 0x84) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000580), 0x0, 0x0) r4 = dup(r3) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x4000000020042, 0x0) ioctl$IOMMU_VFIO_IOAS$GET(0xffffffffffffffff, 0x3b88, &(0x7f0000000240)={0x5}) ioctl$IOMMU_DESTROY$ioas(0xffffffffffffffff, 0x3b80, &(0x7f00000000c0)={0x8}) r6 = dup(r5) sendfile(r6, r4, 0x0, 0x89ffc) add_key$user(&(0x7f0000000040), &(0x7f0000000000)={'syz', 0x0}, &(0x7f0000000700)="df24ead320b4dae0859dec60eb0dcc2dc884fd6c88cfeb62ae4c2f2c8581d69df21eb01bc69da23bd57868b2a256c16da38c11e08c3c29dda7a9a5a5d8a838d233b2b0456e3f234c4631071ea196a961cbd82f7162017b5c3e0f63d49402245fc809837fef7fcd4e0851cbfb4290a0be7c129e787de71ab075f86581f2ed4b795935cd7b8f55f97707b07a902f1739a9d197fbedd3aefd0fbcfce7a2a6a7c93cdeecc7e484b2ee736a9cb30ab98920bede4f7a77cc6e9f6e929f0ef50fcd36a8816d54413b", 0xc5, 0xfffffffffffffffe) add_key$user(&(0x7f00000004c0), &(0x7f0000000080)={'syz', 0x0}, &(0x7f0000000200)="cc", 0x1, 0xffffffffffffffff) 2.839219347s ago: executing program 0 (id=418): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, 0x0, &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{}, &(0x7f0000000000), &(0x7f0000000040)=r1}, 0x20) bpf$PROG_BIND_MAP(0xa, &(0x7f0000000240)={r1}, 0x57) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r2 = getpid() ioctl$sock_TIOCOUTQ(0xffffffffffffffff, 0x5411, &(0x7f00000001c0)) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) fcntl$setown(0xffffffffffffffff, 0x8, r2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x0) getsockopt$rose(0xffffffffffffffff, 0x104, 0x0, 0x0, &(0x7f0000001340)) r5 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$EBT_SO_SET_ENTRIES(r5, 0x0, 0x80, &(0x7f0000000200)=@filter={'filter\x00', 0xe, 0x4, 0x420, [0x0, 0x200002c0, 0x200004d0, 0x20000610], 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000000000000000000000000000004000000000000000000000000000000000000000000000000ffffffff0200000009000000000000000000697036746e6c30000f7a8af54819ef9173797a6b616c6c6572300000000000006970646470300000000000000000000076657468315f746f5f7465616d0000000000000000000060000000000180c2000000000000000000000070000000a8000000d80000006d61726b0000000000000000000000000000000000000000000000000000000010000000000000000000000000000000dfffffff0000000041554449540000000000000000000000000000000000000000000000000000000800000000000043000000000000008105000000000000000000626f6e645f733421b1221907000000000000006b616c6c6572300000000000007465617d5f736c6176655f310000000065727370616e01790000000000004000aaaaaaaaaabb000000000000aaaaaaaaaabb0000000000000000c0000000c00000000801000068656c7065727c112381000000000004ef000000000000001000009b0c36690e9f922a000000000000000002524153000000000000000000000000000000000000000000000000000000000000000000524154454553540000000000000000000000000000b200000000000000000000200000000000000073797a310000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ff0300000000000000000000000002000000ffffffff01000000093d848e49b022ea090064756d6d793000000000000000000000697036677265746170300000000000006272786467653000000000000000000076657468500000000000000000000000ffffffffffff000000000000aae794049dd0f63a12000000000070000000c00000001001000049444c4554494d4552ebff0000000000000000000000e662f20000000000000028000000000000000000000073797a31001b00000000000000000000000000000000000000000000000000000000000049444c4554494d4552000000000000000000000000000000008a00000000000028000000000033790000000073797a30000000000000000000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000003000000ffffffff01000000110000000000000000006966627de6000000000000000000000076657468305f746f5f626f6e64000000766c616e300000000000eaffffff0000627269646765300000000000000000000180c2000000f40000000000aaaaaaaaaabb00000000000001007000000070000000a0000000434f4e4e5345434d41524b00000000001108000000000000000000000000000008000100000000000000000000000018"]}, 0x498) setsockopt$IP_VS_SO_SET_STOPDAEMON(0xffffffffffffffff, 0x0, 0x48c, &(0x7f0000000080)={0x0, 'pimreg\x00'}, 0x18) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r7 = dup(r6) ioctl$KVM_SET_VAPIC_ADDR(r7, 0xc008aec1, &(0x7f00000000c0)) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x12, &(0x7f0000000280)=0x5ad, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) clock_gettime(0x3, &(0x7f0000000040)) 1.356303187s ago: executing program 0 (id=419): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x420000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000029c0)) r3 = socket$nl_audit(0x10, 0x3, 0x9) r4 = socket$nl_generic(0x10, 0x3, 0x10) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffa}]}) msgget$private(0x0, 0x0) msgsnd(0x0, &(0x7f0000000100)=ANY=[@ANYRESOCT], 0x1f, 0x0) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000540)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_MGMT(r4, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000380)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r5, @ANYRES32=r6], 0x2c}}, 0x0) r7 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt(r7, 0x10d, 0xe, &(0x7f0000000080)="02", 0x1) listen(r7, 0x0) r8 = socket$inet6_sctp(0xa, 0x1, 0x84) r9 = socket$inet(0x2, 0x80005, 0x0) socket$xdp(0x2c, 0x3, 0x0) r10 = dup3(r8, r9, 0x0) listen(r10, 0x8) bpf$OBJ_GET_MAP(0x7, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 1.279487115s ago: executing program 2 (id=420): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @any, 0x4, 0x1}, 0xe) socket$alg(0x26, 0x5, 0x0) pselect6(0x40, &(0x7f0000000000)={0x10, 0x0, 0x300}, 0x0, 0x0, 0x0, 0x0) listen(r0, 0x3) syz_emit_vhci(&(0x7f0000000100)=ANY=[@ANYBLOB="043e130100c90001"], 0x16) remap_file_pages(&(0x7f00002ec000/0x200000)=nil, 0x200000, 0x0, 0x0, 0x0) remap_file_pages(&(0x7f000075d000/0x3000)=nil, 0x3000, 0x0, 0x7, 0x0) 282.517731ms ago: executing program 0 (id=421): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000800)={0xe, 0x18, 0xfa00, @id_tos={0x0, r1}}, 0x20) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xf4, 0x78, 0x68, 0x8, 0xab4, 0x14, 0xc418, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2d, 0x8a, 0x54}}]}}]}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={0x0, 0x13c}}, 0x0) ioctl$EVIOCGKEY(r2, 0x80084503, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a00) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000240)={&(0x7f0000000040)="53049b0e2f51791b2e3ab0b08c20b42b8061cfd778e09168b2b81445b72a025dc779c7", 0x0, 0x0, 0x0, 0xfffffffd}, 0x38) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_aout(r7, &(0x7f00000010c0)=ANY=[], 0x1a3) write$binfmt_misc(r7, &(0x7f0000000000), 0xe09) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6]}}) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB, @ANYRES32=r9, @ANYBLOB="c8603be20405000000000000000a0723862f760434fb83a1cef48726af2ab6136c8adcbc786e2f7860dbb6ef41a4ba9da1c961e63cc22ca0ad6a539cbe4bc6da50b747cc8008aa18d314caec916a43de9c3532d3342815a454a06ba1124df198a6beaa79bc13fca471481521b67088dd4f5cb507f083f4ba84100d40c7919f39ae9d76da0d9f8e04b64e2cdc4b215fd8caf673e4c6f77974481bb4b5bd477cbd9a3630822a7a06ae152812ec17b503ef7f18ab004845e258b9012a5d582aba667a1a1adc43b546880cb5"], 0x24}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, 0x0) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f00000001c0)={0x0, 0x0, 0x0, [0xfff], [0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3296, 0x200000000000000, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2]}) bpf$ENABLE_STATS(0x20, &(0x7f0000000740), 0x4) sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r11, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'syztnl1\x00', &(0x7f0000000000)={'ip6_vti0\x00', 0x0, 0x29, 0x1, 0x5, 0xfffffff8, 0x22, @dev={0xfe, 0x80, '\x00', 0x20}, @mcast2, 0x40, 0x40, 0x3, 0x8c8}}) mkdir(&(0x7f00000001c0)='./file0\x00', 0x82) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@mpol={'mpol', 0x3d, {'bind', '', @void}}}]}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r4, 0x89f8, &(0x7f00000001c0)={'gre0\x00', &(0x7f0000000140)={'syztnl1\x00', r12, 0x0, 0x7, 0x34df, 0x2, {{0x15, 0x4, 0x0, 0x7, 0x54, 0x67, 0x0, 0x7f, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, {[@timestamp_addr={0x44, 0x34, 0x33, 0x1, 0x0, [{@remote, 0x9}, {@multicast1, 0x4}, {@loopback, 0xff}, {@local, 0x4}, {@dev={0xac, 0x14, 0x14, 0x3a}, 0x1}, {@private=0xa010101, 0x4}]}, @rr={0x7, 0xb, 0x7a, [@local, @remote]}]}}}}}) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{}, &(0x7f0000000600), &(0x7f0000000640)='%pS \x00'}, 0x20) 281.652113ms ago: executing program 1 (id=422): r0 = openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) write$binfmt_aout(r0, &(0x7f0000000000)=ANY=[@ANYBLOB="070181e76f030000ba020000080000007f02000008000000000000000000000028da93c39d5bac47a96e28fcfa7f97bc76ace195ca344fcf51fb2dca31ed34606266a44530e20105e148c69ac3ff7b2f64233fc9f964aecf42ad4234dbe482fba4c7deacfac345c55ea8666601eb55aa83f767bb39f8c635a722fa911c60c2424a37da5e"], 0x84) socket$kcm(0x10, 0x2, 0x0) rmdir(&(0x7f00000001c0)='./cgroup/../file0\x00') r1 = syz_open_procfs(0x0, &(0x7f0000000540)='net/ip_mr_vif\x00') preadv(r1, &(0x7f0000000900)=[{&(0x7f0000000680)=""/241, 0xf0}], 0x0, 0x47, 0xfffffffd) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = fsopen(&(0x7f0000000000)='gfs2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r3, 0x6, 0x0, 0x0, 0x0) r4 = fsmount(r3, 0x0, 0x0) r5 = socket$inet6(0x10, 0x2, 0x0) write$binfmt_script(r1, &(0x7f0000000780)={'#! ', './cgroup/../file0', [{}, {0x20, '\t'}, {0x20, '/dev/kvm\x00'}, {0x20, 'syzkaller\x00\x8b\xdcK\x80\xa8\x1e4\x1d{\xe7\b\xb3~y\t[&\xcf/\xc0\xd8\xd3\xcb\x01m\xf2\xcc\xbfM\xc3\xe57[\xaa\x10\xe2p\xd6w:[y\xb8\xb0\xb7\x10}j\xe0\xfe_X\xf3\xc7y\xfc\x90U8\x86R\xf3H\xe2\xdeWh\xe3\x82\xf1\xa2W~\xf8\xa2km\xa2rN\xe8\xdc\xa8\xcd\x80\x7f\xb7\x8b\xde\xec\va:]8T0\xc9~\f\x94\xba#5\xcb\xcd\xd4\xa0\x9a\x1a,\x95\x0e\xd5r\x89P\x84cI'}, {0x20, '/#&#:@:(^*,){!@.):'}, {0x20, '[//'}, {0x20, '/dev/kvm\x00'}, {0x20, 'net/ip_mr_vif\x00i\xb3\xfeqi\x04\xce\xb4\x05'}, {0x20, '/dev/kvm\x00'}], 0xa, "0eaebd01cd2ea397f100ccd60290808a0fe711"}, 0xfb) bpf$MAP_CREATE(0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="050000000400000000000000000000000000000065b580ed735acb22d3f17f2a38fb5a430f66eaf5ed8582b4751f41993dae6b77", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) write(r5, &(0x7f0000000040)="1c00000021002551071c0165ff00fc020200000003100f000ee100", 0x1b) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r4, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x7}, {0x0, 0xeeee0000, 0x0, 0x2}, {0x0, 0xeeee0000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, {0x0, 0x0, 0xb, 0x0, 0x10, 0x8, 0x0, 0x0, 0xff, 0xfc}, {}, {0x1000, 0x8080000}, {0x0, 0x0, 0x10, 0x7}, {0x0, 0x0, 0x0, 0x3b, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x1}, {}, {}, 0xddfdffdb, 0x0, 0x1, 0x100130, 0x0, 0x0, 0xf000, [0x20000]}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_TRANSLATE(r8, 0xc018ae85, &(0x7f00000002c0)={0x0, 0x4, 0x0, 0x0, 0x5}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4d004}, 0x0) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="04230500c9"], 0x10) ioctl$KVM_TRANSLATE(r1, 0xc018ae85, &(0x7f00000000c0)={0x5000, 0x6000, 0xfe}) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r2, r4}, 0x10) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000002640)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001800010000000000000000000a800000000000070000000014000100fe"], 0x30}}, 0x800) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="040e0c00262040ad8a02000000844d908ac28506dd7ff86b4e75c64a6f73a7113c2cd2af1e0a28f6"], 0xf) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) 66.552929ms ago: executing program 4 (id=423): r0 = socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, 0x0, 0x0) sendmsg$NL80211_CMD_CHANNEL_SWITCH(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3d045ebc45a15f6313f5290c39f7d907d5d09f96466c2a5ba06ba7eda14de9be8a655c5a3a27691bb0432739e8166d098696c3b5fe37170377e8c80d10c7a4f4eba98e10ec15adc925545b7a06158e007c75358ce01ba7fffc66db87227d1e24e2f2930d61e6ed0f", @ANYRES16=r2, @ANYBLOB="000429bd7000fddbdf256600000008000300", @ANYRES32=0x0, @ANYBLOB], 0x1c}, 0x1, 0x0, 0x0, 0x80}, 0x40040) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="98030000", @ANYRES16=r2, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r3, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) 0s ago: executing program 3 (id=424): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000700), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r0, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000080)={0xffffffffffffffff}, 0x106}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r0, &(0x7f0000000800)={0xe, 0x18, 0xfa00, @id_tos={0x0, r1}}, 0x20) r2 = syz_open_dev$evdev(0x0, 0x2, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xf4, 0x78, 0x68, 0x8, 0xab4, 0x14, 0xc418, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x2d, 0x8a, 0x54}}]}}]}}, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[], 0x13c}}, 0x0) ioctl$EVIOCGKEY(r2, 0x80084503, 0x0) r4 = socket$inet_udplite(0x2, 0x2, 0x88) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a00) bpf$MAP_DELETE_BATCH(0x1b, &(0x7f0000000240)={&(0x7f0000000040)="53049b0e2f51791b2e3ab0b08c20b42b8061cfd778e09168b2b81445b72a025dc779c7", 0x0, 0x0, 0x0, 0xfffffffd}, 0x38) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_aout(r7, &(0x7f00000010c0)=ANY=[], 0x1a3) write$binfmt_misc(r7, &(0x7f0000000000), 0xe09) ioctl$LOOP_CONFIGURE(r6, 0x4c0a, &(0x7f00000002c0)={r7, 0x0, {0x2a00, 0x80010000, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00", [0x6]}}) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_WIPHY_NETNS(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000840)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="cd7d2abd7000fbdbdf2531000000080001002900000008000300", @ANYRES32=r9, @ANYBLOB="c8603be20405000000000000000a0723862f760434fb83a1cef48726af2ab6136c8adcbc786e2f7860dbb6ef41a4ba9da1c961e63cc22ca0ad6a539cbe4bc6da50b747cc8008aa18d314caec916a43de9c3532d3342815a454a06ba1124df198a6beaa79bc13fca471481521b67088dd4f5cb507f083f4ba84100d40c7919f39ae9d76da0d9f8e04b64e2cdc4b215fd8caf673e4c6f77974481bb4b5bd477cbd9a3630822a7a06ae152812ec17b503ef7f18ab004845e258b9012a5d582aba667a1a1adc43b546880cb5"], 0x24}, 0x1, 0x0, 0x0, 0x20040000}, 0x4000) r10 = socket$nl_generic(0x10, 0x3, 0x10) r11 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r10, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, &(0x7f00000001c0)={0x0, 0x0, 0x0, [0xfff], [0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000000000001, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x401, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3ff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x9, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3296, 0x200000000000000, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5, 0x0, 0x2]}) bpf$ENABLE_STATS(0x20, &(0x7f0000000740), 0x4) sendmsg$NL80211_CMD_FRAME(r10, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r11, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r12, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000100)={'syztnl1\x00', &(0x7f0000000000)={'ip6_vti0\x00', 0x0, 0x29, 0x1, 0x5, 0xfffffff8, 0x22, @dev={0xfe, 0x80, '\x00', 0x20}, @mcast2, 0x40, 0x40, 0x3, 0x8c8}}) mkdir(&(0x7f00000001c0)='./file0\x00', 0x82) mount$tmpfs(0x0, &(0x7f0000000080)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f00000001c0)={[{@mpol={'mpol', 0x3d, {'bind', '', @void}}}]}) ioctl$sock_ipv6_tunnel_SIOCGET6RD(r4, 0x89f8, &(0x7f00000001c0)={'gre0\x00', &(0x7f0000000140)={'syztnl1\x00', r13, 0x0, 0x7, 0x34df, 0x2, {{0x15, 0x4, 0x0, 0x7, 0x54, 0x67, 0x0, 0x7f, 0x29, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @empty, {[@timestamp_addr={0x44, 0x34, 0x33, 0x1, 0x0, [{@remote, 0x9}, {@multicast1, 0x4}, {@loopback, 0xff}, {@local, 0x4}, {@dev={0xac, 0x14, 0x14, 0x3a}, 0x1}, {@private=0xa010101, 0x4}]}, @rr={0x7, 0xb, 0x7a, [@local, @remote]}]}}}}}) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000680)={{}, &(0x7f0000000600), &(0x7f0000000640)='%pS \x00'}, 0x20) kernel console output (not intermixed with test programs): 86.068885][ T5831] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.078089][ T5831] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.087671][ T5831] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.200184][ T68] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.209163][ T68] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.254658][ T5832] veth0_macvtap: entered promiscuous mode [ 86.284309][ T5833] veth0_vlan: entered promiscuous mode [ 86.294860][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.299372][ T5833] veth1_vlan: entered promiscuous mode [ 86.310376][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.334100][ T5832] veth1_macvtap: entered promiscuous mode [ 86.369105][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.383436][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.410140][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.411158][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.428676][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.435608][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.441875][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.457434][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.468625][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.479762][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.491643][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 86.502427][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.518517][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.528686][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.539255][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.549518][ T5832] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 86.560480][ T5832] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 86.574077][ T5832] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 86.616910][ T5832] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.626278][ T5832] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.635105][ T5832] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.637389][ T5830] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 86.643867][ T5832] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 86.690815][ T3442] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.704030][ T3442] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.730602][ T5833] veth0_macvtap: entered promiscuous mode [ 86.769427][ T5833] veth1_macvtap: entered promiscuous mode [ 86.792819][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 86.838007][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 86.952969][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 86.970636][ T971] cfg80211: failed to load regulatory.db [ 87.012485][ T5921] netlink: 24 bytes leftover after parsing attributes in process `syz.3.4'. [ 87.022599][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.036857][ T5844] Bluetooth: hci0: command tx timeout [ 87.050026][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.062302][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.076005][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.088227][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.102699][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 87.113923][ T5844] Bluetooth: hci1: command tx timeout [ 87.119017][ T5848] Bluetooth: hci3: command tx timeout [ 87.119404][ T5844] Bluetooth: hci4: command tx timeout [ 87.125797][ T5845] Bluetooth: hci2: command tx timeout [ 87.130760][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.147607][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 87.164760][ T3442] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 87.192682][ T3442] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 87.246276][ T5889] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 87.364088][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.384968][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.412857][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.458888][ T5889] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 87.477075][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.497038][ T5889] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 87.512984][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 87.537003][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 87.559620][ T5889] usb 3-1: New USB device found, idVendor=fff0, idProduct=fff0, bcdDevice=39.78 [ 87.569001][ T971] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 88.290573][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.299021][ T5889] usb 3-1: Product: syz [ 88.303313][ T5889] usb 3-1: Manufacturer: syz [ 88.308539][ T5889] usb 3-1: SerialNumber: syz [ 88.315059][ T5833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 88.329074][ T5889] usb 3-1: config 0 descriptor?? [ 88.352908][ T5889] usbtest 3-1:0.0: usb test device [ 88.359276][ T5889] usbtest 3-1:0.0: high-speed {control in/out iso-in} tests (+alt) [ 88.360581][ T5833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 88.379099][ T5833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 88.397359][ T368] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.406929][ T368] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.439585][ T971] usb 4-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 88.456354][ T971] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 88.476134][ T5833] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.494528][ T971] usb 4-1: Product: syz [ 88.499720][ T5833] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.509360][ T971] usb 4-1: Manufacturer: syz [ 88.514008][ T971] usb 4-1: SerialNumber: syz [ 88.538979][ T5833] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.555447][ T5833] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 88.587020][ T971] usb 4-1: config 0 descriptor?? [ 88.620649][ T971] ch341 4-1:0.0: ch341-uart converter detected [ 88.652478][ T25] usb 3-1: USB disconnect, device number 2 [ 88.788063][ T3440] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.804363][ T3440] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 88.972876][ T68] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 88.985505][ T68] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 89.107871][ T5845] Bluetooth: hci0: command tx timeout [ 89.161102][ T5941] Zero length message leads to an empty skb [ 89.171202][ T5941] Cannot find add_set index 2048 as target [ 89.186361][ T5845] Bluetooth: hci4: command tx timeout [ 89.187657][ T5848] Bluetooth: hci2: command tx timeout [ 89.192903][ T5844] Bluetooth: hci1: command tx timeout [ 89.199194][ T5848] Bluetooth: hci3: command tx timeout [ 89.224886][ T5925] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 89.309892][ T5945] FAULT_INJECTION: forcing a failure. [ 89.309892][ T5945] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 89.384868][ T5945] CPU: 0 UID: 0 PID: 5945 Comm: syz.4.5 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 89.395380][ T5945] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 89.405487][ T5945] Call Trace: [ 89.408793][ T5945] [ 89.411752][ T5945] dump_stack_lvl+0x241/0x360 [ 89.416490][ T5945] ? __pfx_dump_stack_lvl+0x10/0x10 [ 89.421726][ T5945] ? __pfx__printk+0x10/0x10 [ 89.426365][ T5945] ? __pfx_lock_release+0x10/0x10 [ 89.431455][ T5945] should_fail_ex+0x3b0/0x4e0 [ 89.436181][ T5945] _copy_from_user+0x2f/0xc0 [ 89.440826][ T5945] copy_msghdr_from_user+0xae/0x680 [ 89.446069][ T5945] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 89.451904][ T5945] __sys_sendmsg+0x22d/0x380 [ 89.456512][ T5945] ? __pfx___sys_sendmsg+0x10/0x10 [ 89.461648][ T5945] ? __pfx_vfs_write+0x10/0x10 [ 89.466443][ T5945] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 89.472786][ T5945] ? do_syscall_64+0x100/0x230 [ 89.477563][ T5945] ? do_syscall_64+0xb6/0x230 [ 89.482255][ T5945] do_syscall_64+0xf3/0x230 [ 89.486773][ T5945] ? clear_bhb_loop+0x35/0x90 [ 89.491468][ T5945] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 89.497388][ T5945] RIP: 0033:0x7f25a1f7e719 [ 89.501817][ T5945] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 89.521438][ T5945] RSP: 002b:00007f25a2db7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 89.529865][ T5945] RAX: ffffffffffffffda RBX: 00007f25a2135f80 RCX: 00007f25a1f7e719 [ 89.537852][ T5945] RDX: 0000000000000000 RSI: 0000000020000000 RDI: 0000000000000003 [ 89.545834][ T5945] RBP: 00007f25a2db7090 R08: 0000000000000000 R09: 0000000000000000 [ 89.553813][ T5945] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 89.561797][ T5945] R13: 0000000000000000 R14: 00007f25a2135f80 R15: 00007ffe759240e8 [ 89.569814][ T5945] [ 89.983299][ T5959] QAT: Invalid ioctl 44609 [ 90.060668][ T5955] netlink: 8 bytes leftover after parsing attributes in process `syz.4.12'. [ 91.030606][ T971] ch341-uart ttyUSB0: failed to read break control: -71 [ 91.038386][ T971] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 91.120258][ T971] usb 4-1: USB disconnect, device number 2 [ 91.177797][ T971] ch341 4-1:0.0: device disconnected [ 93.176345][ T5977] FAULT_INJECTION: forcing a failure. [ 93.176345][ T5977] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 93.190018][ T5977] CPU: 1 UID: 0 PID: 5977 Comm: syz.0.17 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 93.191713][ T5975] netlink: 140 bytes leftover after parsing attributes in process `syz.4.16'. [ 93.200647][ T5977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 93.200668][ T5977] Call Trace: [ 93.200678][ T5977] [ 93.200689][ T5977] dump_stack_lvl+0x241/0x360 [ 93.200725][ T5977] ? __pfx_dump_stack_lvl+0x10/0x10 [ 93.200752][ T5977] ? __pfx__printk+0x10/0x10 [ 93.200779][ T5977] ? __pfx_lock_release+0x10/0x10 [ 93.200822][ T5977] should_fail_ex+0x3b0/0x4e0 [ 93.200851][ T5977] _copy_from_iter+0x21f/0x1e70 [ 93.200882][ T5977] ? __virt_addr_valid+0x183/0x530 [ 93.200908][ T5977] ? __pfx_lock_release+0x10/0x10 [ 93.200948][ T5977] ? __alloc_skb+0x28f/0x440 [ 93.200974][ T5977] ? __pfx__copy_from_iter+0x10/0x10 [ 93.201007][ T5977] ? __virt_addr_valid+0x183/0x530 [ 93.201031][ T5977] ? __virt_addr_valid+0x183/0x530 [ 93.201061][ T5977] ? __virt_addr_valid+0x45f/0x530 [ 93.201087][ T5977] ? __check_object_size+0x48e/0x900 [ 93.201127][ T5977] netlink_sendmsg+0x73d/0xcb0 [ 93.201166][ T5977] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.201204][ T5977] ? __pfx_netlink_sendmsg+0x10/0x10 [ 93.311452][ T5977] __sock_sendmsg+0x221/0x270 [ 93.316259][ T5977] ____sys_sendmsg+0x52a/0x7e0 [ 93.321071][ T5977] ? __pfx_____sys_sendmsg+0x10/0x10 [ 93.326475][ T5977] __sys_sendmsg+0x292/0x380 [ 93.331088][ T5977] ? __pfx___sys_sendmsg+0x10/0x10 [ 93.336226][ T5977] ? __pfx_vfs_write+0x10/0x10 [ 93.341025][ T5977] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 93.347492][ T5977] ? do_syscall_64+0x100/0x230 [ 93.352276][ T5977] ? do_syscall_64+0xb6/0x230 [ 93.357065][ T5977] do_syscall_64+0xf3/0x230 [ 93.361584][ T5977] ? clear_bhb_loop+0x35/0x90 [ 93.366279][ T5977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 93.372186][ T5977] RIP: 0033:0x7f7f1717e719 [ 93.376612][ T5977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 93.396924][ T5977] RSP: 002b:00007f7f17f51038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 93.405352][ T5977] RAX: ffffffffffffffda RBX: 00007f7f17335f80 RCX: 00007f7f1717e719 [ 93.413334][ T5977] RDX: 0000000000008000 RSI: 0000000020000100 RDI: 0000000000000003 [ 93.421317][ T5977] RBP: 00007f7f17f51090 R08: 0000000000000000 R09: 0000000000000000 [ 93.429305][ T5977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 93.437293][ T5977] R13: 0000000000000000 R14: 00007f7f17335f80 R15: 00007ffe10874e78 [ 93.445334][ T5977] [ 93.721976][ T5985] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 93.729473][ T5985] IPv6: NLM_F_CREATE should be set when creating new route [ 93.736906][ T5985] IPv6: NLM_F_CREATE should be set when creating new route [ 93.746089][ T0] NOHZ tick-stop error: local softirq work is pending, handler #242!!! [ 94.065649][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 94.240972][ T0] NOHZ tick-stop error: local softirq work is pending, handler #188!!! [ 94.266137][ T5988] netlink: 'syz.0.20': attribute type 8 has an invalid length. [ 97.306343][ T5917] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 97.935751][ T5845] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 97.945024][ T5845] Bluetooth: hci0: Injecting HCI hardware error event [ 97.959288][ T5142] Bluetooth: hci0: hardware error 0x00 [ 98.225538][ T8] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 98.235712][ T5917] usb 2-1: Using ep0 maxpacket: 8 [ 98.242712][ T5917] usb 2-1: New USB device found, idVendor=061d, idProduct=c120, bcdDevice=e3.67 [ 98.272265][ T5917] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 98.328039][ T5917] usb 2-1: config 0 descriptor?? [ 98.370539][ T5917] quatech2 2-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected [ 98.408267][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 98.460018][ T8] usb 4-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 98.543600][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.604785][ T8] usb 4-1: Product: syz [ 98.611161][ T8] usb 4-1: Manufacturer: syz [ 98.617295][ T8] usb 4-1: SerialNumber: syz [ 98.629386][ T8] usb 4-1: config 0 descriptor?? [ 98.637602][ T8] esd_usb 4-1:0.0: sending version message failed [ 98.645684][ T8] esd_usb 4-1:0.0: probe with driver esd_usb failed with error -22 [ 98.875171][ T6009] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 98.893439][ T6009] loop9: detected capacity change from 0 to 7 [ 98.925655][ T6009] Dev loop9: unable to read RDB block 7 [ 98.931502][ T6009] loop9: AHDI p2 p3 p4 [ 98.965452][ T6009] loop9: partition table partially beyond EOD, truncated [ 99.007423][ T6009] loop9: p2 start 2961973428 is beyond EOD, truncated [ 99.059562][ T6030] tmpfs: Bad value for 'mpol' [ 99.085640][ T6009] loop9: p3 start 1756542996 is beyond EOD, truncated [ 99.200057][ T9] usb 4-1: USB disconnect, device number 3 [ 99.510099][ T6035] tmpfs: Bad value for 'mpol' [ 99.580758][ T6037] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 99.593995][ T6037] infiniband syz1: RDMA CMA: cma_listen_on_dev, error -98 [ 99.632698][ T6033] FAULT_INJECTION: forcing a failure. [ 99.632698][ T6033] name failslab, interval 1, probability 0, space 0, times 0 [ 99.653200][ T6033] CPU: 1 UID: 0 PID: 6033 Comm: syz.4.31 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 99.663853][ T6033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 99.673944][ T6033] Call Trace: [ 99.677241][ T6033] [ 99.680187][ T6033] dump_stack_lvl+0x241/0x360 [ 99.684894][ T6033] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.690114][ T6033] ? __pfx__printk+0x10/0x10 [ 99.694723][ T6033] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 99.700296][ T6033] ? __pfx___might_resched+0x10/0x10 [ 99.705609][ T6033] should_fail_ex+0x3b0/0x4e0 [ 99.710329][ T6033] ? security_file_alloc+0x32/0x310 [ 99.715547][ T6033] should_failslab+0xac/0x100 [ 99.720248][ T6033] ? security_file_alloc+0x32/0x310 [ 99.725481][ T6033] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 99.730870][ T6033] security_file_alloc+0x32/0x310 [ 99.735923][ T6033] init_file+0x93/0x1e0 [ 99.740084][ T6033] alloc_empty_file+0xb8/0x1d0 [ 99.744855][ T6033] path_openat+0x107/0x3590 [ 99.749394][ T6033] ? __pfx_validate_chain+0x10/0x10 [ 99.754658][ T6033] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 99.760669][ T6033] ? __pfx_path_openat+0x10/0x10 [ 99.765628][ T6033] ? _raw_spin_unlock_irqrestore+0x8f/0x140 [ 99.771545][ T6033] ? lockdep_hardirqs_on+0x99/0x150 [ 99.776847][ T6033] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 99.782780][ T6033] do_filp_open+0x235/0x490 [ 99.787317][ T6033] ? __pfx_do_filp_open+0x10/0x10 [ 99.792399][ T6033] ? alloc_bprm+0xac/0xe20 [ 99.796851][ T6033] alloc_bprm+0x178/0xe20 [ 99.801227][ T6033] ? __might_fault+0xaa/0x120 [ 99.806035][ T6033] ? __pfx_lock_release+0x10/0x10 [ 99.811090][ T6033] ? __pfx_alloc_bprm+0x10/0x10 [ 99.815967][ T6033] ? __might_fault+0xaa/0x120 [ 99.820677][ T6033] ? __might_fault+0xc6/0x120 [ 99.825376][ T6033] do_execveat_common+0x18c/0x6f0 [ 99.830440][ T6033] __x64_sys_execveat+0xc4/0xe0 [ 99.835340][ T6033] do_syscall_64+0xf3/0x230 [ 99.839872][ T6033] ? clear_bhb_loop+0x35/0x90 [ 99.844592][ T6033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.850518][ T6033] RIP: 0033:0x7f25a1f7e719 [ 99.854948][ T6033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.874572][ T6033] RSP: 002b:00007f25a2db7038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 99.883009][ T6033] RAX: ffffffffffffffda RBX: 00007f25a2135f80 RCX: 00007f25a1f7e719 [ 99.891006][ T6033] RDX: 0000000000000000 RSI: 0000000020000140 RDI: ffffffffffffff9c [ 99.898998][ T6033] RBP: 00007f25a2db7090 R08: 0000000000000000 R09: 0000000000000000 [ 99.906994][ T6033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 99.914988][ T6033] R13: 0000000000000000 R14: 00007f25a2135f80 R15: 00007ffe759240e8 [ 99.923003][ T6033] [ 99.981639][ T0] NOHZ tick-stop error: local softirq work is pending, handler #342!!! [ 100.075755][ T0] NOHZ tick-stop error: local softirq work is pending, handler #300!!! [ 100.084658][ T0] NOHZ tick-stop error: local softirq work is pending, handler #340!!! [ 100.205405][ T5142] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 100.329160][ T6045] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 100.412407][ T6049] netlink: 44 bytes leftover after parsing attributes in process `syz.3.33'. [ 101.595692][ T9] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 101.786692][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 101.803407][ T9] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 101.898949][ T9] usb 3-1: config 0 has no interface number 0 [ 102.028050][ T5917] usb 2-1: qt2_attach - failed to power on unit: -71 [ 102.034894][ T5917] quatech2 2-1:0.0: probe with driver quatech2 failed with error -71 [ 102.049162][ T9] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 102.059850][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.068215][ T9] usb 3-1: Product: syz [ 102.072433][ T9] usb 3-1: Manufacturer: syz [ 102.077337][ T9] usb 3-1: SerialNumber: syz [ 102.112753][ T5917] usb 2-1: USB disconnect, device number 2 [ 102.126790][ T1206] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 102.127660][ T9] usb 3-1: config 0 descriptor?? [ 102.156460][ T9] smsc95xx v2.0.0 [ 102.315636][ T1206] usb 4-1: Using ep0 maxpacket: 8 [ 102.348013][ T1206] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 102.365357][ T1206] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 200 [ 102.413603][ T1206] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 102.464047][ T1206] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 102.543631][ T1206] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 102.821893][ T1206] usb 4-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 102.835526][ T1206] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.510611][ T1206] usb 4-1: config 0 descriptor?? [ 103.536190][ T6057] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 103.678517][ T9] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 103.785801][ T9] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 103.872552][ T9] usb 3-1: USB disconnect, device number 3 [ 103.930565][ T6071] netlink: 140 bytes leftover after parsing attributes in process `syz.4.43'. [ 104.856228][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 104.873624][ T9] usb 4-1: USB disconnect, device number 4 [ 104.955528][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 104.966046][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 105.187146][ T6081] befs: Unrecognized mount option "¼]<…±‚s_úï4÷ËœrÝÚ3wS1y³›ÏCl* º©]ûÇŽ Ê–ðb"§eÌ#(r’«" or missing value [ 105.241750][ T6081] befs: (nullb0): cannot parse mount options [ 105.300321][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 106.843082][ T6103] netlink: 44 bytes leftover after parsing attributes in process `syz.3.47'. [ 107.369117][ T6114] netlink: 8 bytes leftover after parsing attributes in process `syz.0.46'. [ 107.800065][ T6117] netlink: 140 bytes leftover after parsing attributes in process `syz.2.52'. [ 109.019616][ T6122] binder: BINDER_SET_CONTEXT_MGR already set [ 109.152049][ T6122] binder: 6121:6122 ioctl 4018620d 20000040 returned -16 [ 109.286854][ T5853] udevd[5853]: inotify_add_watch(7, /dev/loop11, 10) failed: No such file or directory [ 110.504587][ T6141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 111.249470][ T6157] netlink: 44 bytes leftover after parsing attributes in process `syz.4.64'. [ 111.603668][ T6122] syz.0.54 (6122): drop_caches: 2 [ 111.681429][ T6155] sctp: failed to load transform for md5: -2 [ 111.913444][ T6168] netlink: 8 bytes leftover after parsing attributes in process `syz.4.67'. [ 112.365523][ T6178] netlink: 44 bytes leftover after parsing attributes in process `syz.1.69'. [ 113.667243][ T6204] FAULT_INJECTION: forcing a failure. [ 113.667243][ T6204] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 113.845431][ T6204] CPU: 1 UID: 0 PID: 6204 Comm: syz.4.76 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 113.856025][ T6204] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 113.866401][ T6204] Call Trace: [ 113.869715][ T6204] [ 113.872684][ T6204] dump_stack_lvl+0x241/0x360 [ 113.877414][ T6204] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.882662][ T6204] ? __pfx__printk+0x10/0x10 [ 113.887302][ T6204] ? __pfx_lock_release+0x10/0x10 [ 113.892376][ T6204] should_fail_ex+0x3b0/0x4e0 [ 113.897077][ T6204] _copy_from_iter+0x21f/0x1e70 [ 113.902043][ T6204] ? __virt_addr_valid+0x183/0x530 [ 113.907167][ T6204] ? __pfx_lock_release+0x10/0x10 [ 113.912221][ T6204] ? __alloc_skb+0x28f/0x440 [ 113.916827][ T6204] ? __pfx__copy_from_iter+0x10/0x10 [ 113.922151][ T6204] ? __virt_addr_valid+0x183/0x530 [ 113.927301][ T6204] ? __virt_addr_valid+0x183/0x530 [ 113.932436][ T6204] ? __virt_addr_valid+0x45f/0x530 [ 113.937567][ T6204] ? __check_object_size+0x48e/0x900 [ 113.942880][ T6204] netlink_sendmsg+0x73d/0xcb0 [ 113.947672][ T6204] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.952983][ T6204] ? __pfx_netlink_sendmsg+0x10/0x10 [ 113.958300][ T6204] __sock_sendmsg+0x221/0x270 [ 113.963038][ T6204] ____sys_sendmsg+0x52a/0x7e0 [ 113.967838][ T6204] ? __pfx_____sys_sendmsg+0x10/0x10 [ 113.973175][ T6204] __sys_sendmsg+0x292/0x380 [ 113.977816][ T6204] ? __pfx___sys_sendmsg+0x10/0x10 [ 113.982957][ T6204] ? __pfx_vfs_write+0x10/0x10 [ 113.987758][ T6204] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 113.994107][ T6204] ? do_syscall_64+0x100/0x230 [ 113.998894][ T6204] ? do_syscall_64+0xb6/0x230 [ 114.003583][ T6204] do_syscall_64+0xf3/0x230 [ 114.008104][ T6204] ? clear_bhb_loop+0x35/0x90 [ 114.012795][ T6204] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.018732][ T6204] RIP: 0033:0x7f25a1f7e719 [ 114.023157][ T6204] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 114.042769][ T6204] RSP: 002b:00007f25a2db7038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 114.051298][ T6204] RAX: ffffffffffffffda RBX: 00007f25a2135f80 RCX: 00007f25a1f7e719 [ 114.059304][ T6204] RDX: 0000000000040000 RSI: 0000000020002040 RDI: 0000000000000003 [ 114.067286][ T6204] RBP: 00007f25a2db7090 R08: 0000000000000000 R09: 0000000000000000 [ 114.075272][ T6204] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 114.083264][ T6204] R13: 0000000000000000 R14: 00007f25a2135f80 R15: 00007ffe759240e8 [ 114.091257][ T6204] [ 115.197918][ T6227] netlink: 44 bytes leftover after parsing attributes in process `syz.4.78'. [ 115.485457][ T5898] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 116.353110][ T5898] usb 3-1: Using ep0 maxpacket: 8 [ 116.676096][ T5898] usb 3-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 116.685214][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.693426][ T5898] usb 3-1: Product: syz [ 116.697716][ T5898] usb 3-1: Manufacturer: syz [ 116.702434][ T5898] usb 3-1: SerialNumber: syz [ 116.709618][ T5898] usb 3-1: config 0 descriptor?? [ 116.716641][ T5898] esd_usb 3-1:0.0: sending version message failed [ 116.723346][ T5898] esd_usb 3-1:0.0: probe with driver esd_usb failed with error -22 [ 116.770608][ T6256] netlink: 140 bytes leftover after parsing attributes in process `syz.0.88'. [ 117.421471][ T6219] loop9: detected capacity change from 0 to 7 [ 117.495535][ T6219] Dev loop9: unable to read RDB block 7 [ 117.501176][ T6219] loop9: AHDI p2 p3 p4 [ 117.505478][ T6219] loop9: partition table partially beyond EOD, truncated [ 117.512727][ T6219] loop9: p2 start 2961973428 is beyond EOD, truncated [ 117.575296][ T6219] loop9: p3 start 1756542996 is beyond EOD, truncated [ 117.697946][ T6261] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.750435][ T6219] tmpfs: Bad value for 'mpol' [ 117.781277][ T25] usb 3-1: USB disconnect, device number 4 [ 117.849836][ T6261] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.873458][ T6261] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 117.906455][ T6261] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 117.936356][ T5888] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 118.082124][ T6266] FAULT_INJECTION: forcing a failure. [ 118.082124][ T6266] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 118.095565][ T6266] CPU: 0 UID: 0 PID: 6266 Comm: syz.1.91 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 118.106105][ T6266] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 118.116170][ T6266] Call Trace: [ 118.119455][ T6266] [ 118.122392][ T6266] dump_stack_lvl+0x241/0x360 [ 118.127092][ T6266] ? __pfx_dump_stack_lvl+0x10/0x10 [ 118.132312][ T6266] ? __pfx__printk+0x10/0x10 [ 118.136917][ T6266] ? __pfx_lock_release+0x10/0x10 [ 118.141968][ T6266] should_fail_ex+0x3b0/0x4e0 [ 118.146664][ T6266] _copy_from_user+0x2f/0xc0 [ 118.151274][ T6266] __se_sys_mount+0x17d/0x3c0 [ 118.155974][ T6266] ? __pfx___se_sys_mount+0x10/0x10 [ 118.161188][ T6266] ? do_syscall_64+0x100/0x230 [ 118.165965][ T6266] ? __x64_sys_mount+0x20/0xc0 [ 118.170741][ T6266] do_syscall_64+0xf3/0x230 [ 118.175255][ T6266] ? clear_bhb_loop+0x35/0x90 [ 118.179949][ T6266] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 118.185891][ T6266] RIP: 0033:0x7f751497e719 [ 118.190313][ T6266] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 118.209937][ T6266] RSP: 002b:00007f75156bc038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 118.218370][ T6266] RAX: ffffffffffffffda RBX: 00007f7514b35f80 RCX: 00007f751497e719 [ 118.226351][ T6266] RDX: 0000000020000080 RSI: 00000000200002c0 RDI: 0000000000000000 [ 118.234763][ T6266] RBP: 00007f75156bc090 R08: 0000000020000400 R09: 0000000000000000 [ 118.242737][ T6266] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 118.250714][ T6266] R13: 0000000000000000 R14: 00007f7514b35f80 R15: 00007fff68ea4888 [ 118.258705][ T6266] [ 118.297025][ T5888] usb 1-1: too many configurations: 9, using maximum allowed: 8 [ 118.320591][ T5888] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 118.340304][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 118.356225][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 118.371516][ T5888] usb 1-1: config 0 interface 0 has no altsetting 0 [ 118.383434][ T5888] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 118.393514][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 118.406997][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 118.418661][ T5888] usb 1-1: config 0 interface 0 has no altsetting 0 [ 118.427380][ T5888] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 118.443834][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 118.469342][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 118.483889][ T5888] usb 1-1: config 0 interface 0 has no altsetting 0 [ 118.493030][ T5888] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 118.513106][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 118.761178][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 118.771652][ T5888] usb 1-1: config 0 interface 0 has no altsetting 0 [ 118.779793][ T5888] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 118.791349][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 118.803654][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 118.813816][ T5888] usb 1-1: config 0 interface 0 has no altsetting 0 [ 118.823356][ T5888] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 118.876471][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 119.154591][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 119.639716][ T5888] usb 1-1: config 0 interface 0 has no altsetting 0 [ 119.649107][ T5888] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 119.658158][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 119.669274][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 119.679142][ T5888] usb 1-1: config 0 interface 0 has no altsetting 0 [ 119.697668][ T5888] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 119.712958][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 119.741352][ T5888] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 120.440957][ T5888] usb 1-1: config 0 interface 0 has no altsetting 0 [ 120.470069][ T5888] usb 1-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 120.479433][ T5888] usb 1-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 120.494633][ T6284] netlink: 44 bytes leftover after parsing attributes in process `syz.3.96'. [ 120.572095][ T5888] usb 1-1: Product: syz [ 120.595523][ T5888] usb 1-1: Manufacturer: syz [ 120.625028][ T5888] usb 1-1: SerialNumber: syz [ 121.090406][ T5888] usb 1-1: config 0 descriptor?? [ 121.097822][ T5888] usb 1-1: can't set config #0, error -71 [ 121.243486][ T5888] usb 1-1: USB disconnect, device number 2 [ 123.246341][ T6308] netlink: 140 bytes leftover after parsing attributes in process `syz.2.103'. [ 123.385548][ T5888] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 123.545728][ T5888] usb 1-1: Using ep0 maxpacket: 8 [ 123.720210][ T5888] usb 1-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 123.768620][ T5888] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.776849][ T5888] usb 1-1: Product: syz [ 123.781235][ T5888] usb 1-1: Manufacturer: syz [ 123.786006][ T5888] usb 1-1: SerialNumber: syz [ 124.373015][ T5888] usb 1-1: config 0 descriptor?? [ 124.436415][ T5888] usb 1-1: can't set config #0, error -71 [ 124.481484][ T5888] usb 1-1: USB disconnect, device number 3 [ 125.534403][ T6315] binder: BINDER_SET_CONTEXT_MGR already set [ 125.541422][ T6315] binder: 6314:6315 ioctl 4018620d 200001c0 returned -16 [ 125.975401][ T8] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 127.049322][ T8] usb 3-1: Using ep0 maxpacket: 8 [ 127.063853][ T6339] netlink: 140 bytes leftover after parsing attributes in process `syz.1.112'. [ 127.095501][ T8] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 127.132987][ T6340] netlink: 44 bytes leftover after parsing attributes in process `syz.0.110'. [ 127.136883][ T8] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 127.505408][ T8] usb 3-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 127.521477][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.595464][ T8] usb 3-1: Product: syz [ 127.715173][ T8] usb 3-1: Manufacturer: syz [ 127.837302][ T8] usb 3-1: SerialNumber: syz [ 127.879726][ T8] usb 3-1: config 0 descriptor?? [ 128.721662][ T5888] usb 3-1: USB disconnect, device number 5 [ 128.823443][ T6353] netlink: 44 bytes leftover after parsing attributes in process `syz.3.114'. [ 129.857444][ T6365] netlink: 4 bytes leftover after parsing attributes in process `syz.4.117'. [ 129.866643][ T6365] netlink: 'syz.4.117': attribute type 13 has an invalid length. [ 129.876890][ T6365] netlink: 'syz.4.117': attribute type 12 has an invalid length. [ 130.250605][ T6365] netdevsim netdevsim4 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 130.259741][ T6365] netdevsim netdevsim4 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 130.268712][ T6365] netdevsim netdevsim4 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 130.277545][ T6365] netdevsim netdevsim4 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 130.650053][ T6365] vxlan0: entered promiscuous mode [ 131.021533][ T6382] FAULT_INJECTION: forcing a failure. [ 131.021533][ T6382] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 131.058806][ T6382] CPU: 0 UID: 0 PID: 6382 Comm: syz.1.123 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 131.069468][ T6382] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 131.079561][ T6382] Call Trace: [ 131.082868][ T6382] [ 131.085831][ T6382] dump_stack_lvl+0x241/0x360 [ 131.090555][ T6382] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.095799][ T6382] ? __pfx__printk+0x10/0x10 [ 131.100429][ T6382] ? __pfx_lock_release+0x10/0x10 [ 131.105516][ T6382] should_fail_ex+0x3b0/0x4e0 [ 131.110237][ T6382] _copy_from_iter+0x21f/0x1e70 [ 131.115134][ T6382] ? __virt_addr_valid+0x183/0x530 [ 131.120324][ T6382] ? __pfx_lock_release+0x10/0x10 [ 131.125403][ T6382] ? __alloc_skb+0x28f/0x440 [ 131.130038][ T6382] ? __pfx__copy_from_iter+0x10/0x10 [ 131.135379][ T6382] ? __virt_addr_valid+0x183/0x530 [ 131.140539][ T6382] ? __virt_addr_valid+0x183/0x530 [ 131.145686][ T6382] ? __virt_addr_valid+0x45f/0x530 [ 131.150844][ T6382] ? __check_object_size+0x48e/0x900 [ 131.156192][ T6382] netlink_sendmsg+0x73d/0xcb0 [ 131.161104][ T6382] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.166446][ T6382] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.171791][ T6382] __sock_sendmsg+0x221/0x270 [ 131.176527][ T6382] ____sys_sendmsg+0x52a/0x7e0 [ 131.181346][ T6382] ? __pfx_____sys_sendmsg+0x10/0x10 [ 131.186685][ T6382] __sys_sendmsg+0x292/0x380 [ 131.191303][ T6382] ? __pfx___sys_sendmsg+0x10/0x10 [ 131.196452][ T6382] ? __pfx_vfs_write+0x10/0x10 [ 131.201251][ T6382] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 131.207615][ T6382] ? do_syscall_64+0x100/0x230 [ 131.212409][ T6382] ? do_syscall_64+0xb6/0x230 [ 131.217107][ T6382] do_syscall_64+0xf3/0x230 [ 131.221622][ T6382] ? clear_bhb_loop+0x35/0x90 [ 131.226313][ T6382] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.232229][ T6382] RIP: 0033:0x7f751497e719 [ 131.236656][ T6382] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.256280][ T6382] RSP: 002b:00007f751569b038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 131.264730][ T6382] RAX: ffffffffffffffda RBX: 00007f7514b36058 RCX: 00007f751497e719 [ 131.272713][ T6382] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000004 [ 131.280694][ T6382] RBP: 00007f751569b090 R08: 0000000000000000 R09: 0000000000000000 [ 131.288673][ T6382] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.296650][ T6382] R13: 0000000000000000 R14: 00007f7514b36058 R15: 00007fff68ea4888 [ 131.304642][ T6382] [ 131.358885][ T6384] warning: `syz.4.124' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 131.375967][ T6384] Driver unsupported XDP return value 0 on prog (id 14) dev N/A, expect packet loss! [ 132.062903][ T6395] netlink: 44 bytes leftover after parsing attributes in process `syz.3.125'. [ 132.818247][ T6404] netlink: 140 bytes leftover after parsing attributes in process `syz.4.128'. [ 133.306811][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.313655][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.447467][ T9] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 133.606417][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 133.636471][ T9] usb 1-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 133.645970][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.654018][ T9] usb 1-1: Product: syz [ 133.699024][ T9] usb 1-1: Manufacturer: syz [ 133.703695][ T9] usb 1-1: SerialNumber: syz [ 133.831396][ T9] usb 1-1: config 0 descriptor?? [ 133.844403][ T9] esd_usb 1-1:0.0: sending version message failed [ 133.883737][ T9] esd_usb 1-1:0.0: probe with driver esd_usb failed with error -22 [ 134.695585][ T25] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 134.756713][ T6403] loop9: detected capacity change from 0 to 7 [ 134.865546][ T6403] Dev loop9: unable to read RDB block 7 [ 134.871205][ T6403] loop9: AHDI p2 p3 p4 [ 134.896722][ T6422] tmpfs: Bad value for 'mpol' [ 134.906650][ T6403] loop9: partition table partially beyond EOD, truncated [ 134.924240][ T6403] loop9: p2 start 2961973428 is beyond EOD, truncated [ 134.941454][ T6403] loop9: p3 start 1756542996 is beyond EOD, truncated [ 135.573896][ T5917] usb 1-1: USB disconnect, device number 4 [ 135.885450][ T25] usb 2-1: Using ep0 maxpacket: 32 [ 135.892535][ T25] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 135.928060][ T25] usb 2-1: config 0 has no interface number 0 [ 135.965238][ T25] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 136.019746][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.075217][ T25] usb 2-1: Product: syz [ 136.117336][ T25] usb 2-1: Manufacturer: syz [ 136.195332][ T25] usb 2-1: SerialNumber: syz [ 136.216067][ T25] usb 2-1: config 0 descriptor?? [ 136.267568][ T25] smsc95xx v2.0.0 [ 136.295665][ T1206] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 136.683767][ T6433] FAULT_INJECTION: forcing a failure. [ 136.683767][ T6433] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 136.735110][ T6433] CPU: 1 UID: 0 PID: 6433 Comm: syz.3.136 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 136.745739][ T6433] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 136.745759][ T6433] Call Trace: [ 136.745769][ T6433] [ 136.745779][ T6433] dump_stack_lvl+0x241/0x360 [ 136.745816][ T6433] ? __pfx_dump_stack_lvl+0x10/0x10 [ 136.745844][ T6433] ? __pfx__printk+0x10/0x10 [ 136.745874][ T6433] ? __pfx_lock_release+0x10/0x10 [ 136.745915][ T6433] should_fail_ex+0x3b0/0x4e0 [ 136.745943][ T6433] _copy_from_iter+0x21f/0x1e70 [ 136.745974][ T6433] ? __virt_addr_valid+0x183/0x530 [ 136.745999][ T6433] ? __pfx_lock_release+0x10/0x10 [ 136.746039][ T6433] ? __alloc_skb+0x28f/0x440 [ 136.746065][ T6433] ? __pfx__copy_from_iter+0x10/0x10 [ 136.746099][ T6433] ? __virt_addr_valid+0x183/0x530 [ 136.746123][ T6433] ? __virt_addr_valid+0x183/0x530 [ 136.746145][ T6433] ? __virt_addr_valid+0x45f/0x530 [ 136.746171][ T6433] ? __check_object_size+0x48e/0x900 [ 136.746209][ T6433] netlink_sendmsg+0x73d/0xcb0 [ 136.746246][ T6433] ? __pfx_netlink_sendmsg+0x10/0x10 [ 136.746284][ T6433] ? __pfx_netlink_sendmsg+0x10/0x10 [ 136.746308][ T6433] __sock_sendmsg+0x221/0x270 [ 136.746345][ T6433] ____sys_sendmsg+0x52a/0x7e0 [ 136.746384][ T6433] ? __pfx_____sys_sendmsg+0x10/0x10 [ 136.746428][ T6433] __sys_sendmsg+0x292/0x380 [ 136.746461][ T6433] ? __pfx___sys_sendmsg+0x10/0x10 [ 136.746502][ T6433] ? __pfx_vfs_write+0x10/0x10 [ 136.746564][ T6433] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 136.883205][ T6433] ? do_syscall_64+0x100/0x230 [ 136.888000][ T6433] ? do_syscall_64+0xb6/0x230 [ 136.892692][ T6433] do_syscall_64+0xf3/0x230 [ 136.897226][ T6433] ? clear_bhb_loop+0x35/0x90 [ 136.901932][ T6433] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.907863][ T6433] RIP: 0033:0x7fbfc797e719 [ 136.912297][ T6433] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 136.931920][ T6433] RSP: 002b:00007fbfc86f4038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 136.940354][ T6433] RAX: ffffffffffffffda RBX: 00007fbfc7b35f80 RCX: 00007fbfc797e719 [ 136.948342][ T6433] RDX: 0000000000000000 RSI: 0000000020000080 RDI: 0000000000000008 [ 136.956346][ T6433] RBP: 00007fbfc86f4090 R08: 0000000000000000 R09: 0000000000000000 [ 136.964328][ T6433] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.972303][ T6433] R13: 0000000000000000 R14: 00007fbfc7b35f80 R15: 00007ffe4d698448 [ 136.980301][ T6433] [ 137.011061][ T1206] usb 5-1: Using ep0 maxpacket: 32 [ 137.155495][ T1206] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.166778][ T1206] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 137.176843][ T1206] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 137.187993][ T1206] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.200165][ T1206] usb 5-1: config 0 descriptor?? [ 137.210025][ T1206] hub 5-1:0.0: USB hub found [ 137.360506][ T6441] FAULT_INJECTION: forcing a failure. [ 137.360506][ T6441] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 137.386718][ T6441] CPU: 0 UID: 0 PID: 6441 Comm: syz.2.138 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 137.397373][ T6441] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 137.407461][ T6441] Call Trace: [ 137.410773][ T6441] [ 137.413732][ T6441] dump_stack_lvl+0x241/0x360 [ 137.418452][ T6441] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.423690][ T6441] ? __pfx__printk+0x10/0x10 [ 137.428326][ T6441] ? snprintf+0xda/0x120 [ 137.432611][ T6441] should_fail_ex+0x3b0/0x4e0 [ 137.437327][ T6441] _copy_to_user+0x31/0xb0 [ 137.441789][ T6441] simple_read_from_buffer+0xca/0x150 [ 137.447212][ T6441] proc_fail_nth_read+0x1e9/0x250 [ 137.452303][ T6441] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 137.457899][ T6441] ? rw_verify_area+0x55e/0x6f0 [ 137.462801][ T6441] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 137.468399][ T6441] vfs_read+0x1fc/0xb70 [ 137.472605][ T6441] ? fdget_pos+0x24e/0x320 [ 137.477097][ T6441] ? __pfx_vfs_read+0x10/0x10 [ 137.481824][ T6441] ? __fget_files+0x3f3/0x470 [ 137.486552][ T6441] ? fdget_pos+0x24e/0x320 [ 137.491019][ T6441] ksys_read+0x183/0x2b0 [ 137.495303][ T6441] ? __pfx_ksys_read+0x10/0x10 [ 137.500109][ T6441] ? do_syscall_64+0x100/0x230 [ 137.504915][ T6441] ? do_syscall_64+0xb6/0x230 [ 137.509631][ T6441] do_syscall_64+0xf3/0x230 [ 137.514174][ T6441] ? clear_bhb_loop+0x35/0x90 [ 137.518905][ T6441] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.524838][ T6441] RIP: 0033:0x7f83a8b7d15c [ 137.529285][ T6441] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 137.548931][ T6441] RSP: 002b:00007f83a9a1c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 137.557397][ T6441] RAX: ffffffffffffffda RBX: 00007f83a8d36058 RCX: 00007f83a8b7d15c [ 137.565405][ T6441] RDX: 000000000000000f RSI: 00007f83a9a1c0a0 RDI: 0000000000000006 [ 137.573415][ T6441] RBP: 00007f83a9a1c090 R08: 0000000000000000 R09: 0000000000000000 [ 137.581422][ T6441] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.589425][ T6441] R13: 0000000000000000 R14: 00007f83a8d36058 R15: 00007ffc777de088 [ 137.597452][ T6441] [ 137.635030][ T1206] hub 5-1:0.0: 1 port detected [ 137.854937][ T25] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 137.914678][ T25] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71 [ 137.973617][ T25] usb 2-1: USB disconnect, device number 3 [ 139.148024][ T5853] udevd[5853]: inotify_add_watch(7, /dev/loop11, 10) failed: No such file or directory [ 139.662430][ T1206] hub 5-1:0.0: hub_hub_status failed (err = -71) [ 139.671139][ T1206] hub 5-1:0.0: config failed, can't get hub status (err -71) [ 140.005019][ T1206] usbhid 5-1:0.0: can't add hid device: -71 [ 140.476513][ T6469] sctp: failed to load transform for md5: -2 [ 140.967741][ T1206] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 140.997244][ T1206] usb 5-1: USB disconnect, device number 2 [ 141.568864][ T6481] netlink: 4 bytes leftover after parsing attributes in process `syz.2.147'. [ 141.606694][ T6483] overlayfs: failed to resolve './file0': -2 [ 141.896286][ T1206] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 142.066953][ T1206] usb 1-1: Using ep0 maxpacket: 8 [ 142.096971][ T1206] usb 1-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 142.202917][ T1206] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.380683][ T1206] usb 1-1: Product: syz [ 142.477958][ T1206] usb 1-1: Manufacturer: syz [ 142.482723][ T1206] usb 1-1: SerialNumber: syz [ 142.536753][ T6495] FAULT_INJECTION: forcing a failure. [ 142.536753][ T6495] name failslab, interval 1, probability 0, space 0, times 0 [ 142.566518][ T1206] usb 1-1: config 0 descriptor?? [ 142.571682][ T6495] CPU: 1 UID: 0 PID: 6495 Comm: syz.1.151 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 142.582321][ T6495] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 142.592423][ T6495] Call Trace: [ 142.595746][ T6495] [ 142.598713][ T6495] dump_stack_lvl+0x241/0x360 [ 142.603442][ T6495] ? __pfx_dump_stack_lvl+0x10/0x10 [ 142.608690][ T6495] ? __pfx__printk+0x10/0x10 [ 142.613337][ T6495] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 142.619367][ T6495] ? __pfx___might_resched+0x10/0x10 [ 142.624725][ T6495] should_fail_ex+0x3b0/0x4e0 [ 142.629457][ T6495] should_failslab+0xac/0x100 [ 142.634190][ T6495] ? __alloc_skb+0x1c3/0x440 [ 142.638824][ T6495] kmem_cache_alloc_node_noprof+0x71/0x320 [ 142.644656][ T6495] __alloc_skb+0x1c3/0x440 [ 142.649095][ T6495] ? __pfx___alloc_skb+0x10/0x10 [ 142.654050][ T6495] ? netlink_autobind+0xd6/0x2f0 [ 142.659004][ T6495] ? netlink_autobind+0x2b0/0x2f0 [ 142.664055][ T6495] netlink_sendmsg+0x638/0xcb0 [ 142.668842][ T6495] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.674148][ T6495] ? __pfx_netlink_sendmsg+0x10/0x10 [ 142.679444][ T6495] __sock_sendmsg+0x221/0x270 [ 142.684141][ T6495] ____sys_sendmsg+0x52a/0x7e0 [ 142.688931][ T6495] ? __pfx_____sys_sendmsg+0x10/0x10 [ 142.694242][ T6495] __sys_sendmsg+0x292/0x380 [ 142.698848][ T6495] ? __pfx___sys_sendmsg+0x10/0x10 [ 142.703979][ T6495] ? __pfx_vfs_write+0x10/0x10 [ 142.708783][ T6495] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 142.715129][ T6495] ? do_syscall_64+0x100/0x230 [ 142.719907][ T6495] ? do_syscall_64+0xb6/0x230 [ 142.724595][ T6495] do_syscall_64+0xf3/0x230 [ 142.729109][ T6495] ? clear_bhb_loop+0x35/0x90 [ 142.733803][ T6495] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 142.739703][ T6495] RIP: 0033:0x7f751497e719 [ 142.744127][ T6495] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 142.763747][ T6495] RSP: 002b:00007f75156bc038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 142.772179][ T6495] RAX: ffffffffffffffda RBX: 00007f7514b35f80 RCX: 00007f751497e719 [ 142.780183][ T6495] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 142.788169][ T6495] RBP: 00007f75156bc090 R08: 0000000000000000 R09: 0000000000000000 [ 142.796149][ T6495] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 142.804126][ T6495] R13: 0000000000000000 R14: 00007f7514b35f80 R15: 00007fff68ea4888 [ 142.812120][ T6495] [ 142.824334][ T1206] esd_usb 1-1:0.0: sending version message failed [ 142.830996][ T1206] esd_usb 1-1:0.0: probe with driver esd_usb failed with error -22 [ 143.143226][ T6486] loop9: detected capacity change from 0 to 7 [ 143.183499][ T6486] Dev loop9: unable to read RDB block 7 [ 143.208255][ T6486] loop9: AHDI p2 p3 p4 [ 143.226175][ T6486] loop9: partition table partially beyond EOD, truncated [ 143.235687][ T1206] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 143.448435][ T6486] loop9: p2 start 2961973428 is beyond EOD, truncated [ 143.459231][ T6513] tmpfs: Bad value for 'mpol' [ 143.477125][ T1206] usb 2-1: Using ep0 maxpacket: 8 [ 143.697737][ T6519] nfs: Unknown parameter ' }Åe´˜¥9…x Y@‘5GW' [ 144.317818][ T6486] loop9: p3 start 1756542996 is beyond EOD, truncated [ 144.371555][ T5888] usb 1-1: USB disconnect, device number 5 [ 144.383229][ T1206] usb 2-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 144.421291][ T1206] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.451588][ T1206] usb 2-1: Product: syz [ 144.461756][ T1206] usb 2-1: Manufacturer: syz [ 144.474549][ T1206] usb 2-1: SerialNumber: syz [ 144.683743][ T1206] usb 2-1: config 0 descriptor?? [ 144.696587][ T1206] esd_usb 2-1:0.0: sending version message failed [ 144.703241][ T1206] esd_usb 2-1:0.0: probe with driver esd_usb failed with error -22 [ 145.473870][ T6503] loop9: detected capacity change from 0 to 7 [ 145.508931][ T6503] Dev loop9: unable to read RDB block 7 [ 145.514522][ T6503] loop9: AHDI p2 p3 p4 [ 145.521641][ T6503] loop9: partition table partially beyond EOD, truncated [ 145.572804][ T6503] loop9: p2 start 2961973428 is beyond EOD, truncated [ 145.724841][ T6503] loop9: p3 start 1756542996 is beyond EOD, truncated [ 145.735872][ T6507] tmpfs: Bad value for 'mpol' [ 145.751083][ T5888] usb 2-1: USB disconnect, device number 4 [ 145.775389][ T25] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 146.867960][ T6542] overlayfs: failed to resolve './file0': -2 [ 146.975535][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 146.987382][ T25] usb 4-1: config index 0 descriptor too short (expected 61467, got 27) [ 147.001678][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 147.105816][ T25] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 147.169108][ T25] usb 4-1: New USB device found, idVendor=04e6, idProduct=0001, bcdDevice= 2.00 [ 147.179697][ T25] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 147.635232][ T25] usb 4-1: Product: syz [ 147.665338][ T25] usb 4-1: Manufacturer: syz [ 147.670009][ T25] usb 4-1: SerialNumber: syz [ 147.722899][ T25] usb 4-1: config 0 descriptor?? [ 147.766036][ T25] usb 4-1: can't set config #0, error -71 [ 147.833434][ T25] usb 4-1: USB disconnect, device number 5 [ 149.683959][ T6573] netlink: 900 bytes leftover after parsing attributes in process `syz.4.168'. [ 149.832440][ T6575] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 150.398383][ T6570] netlink: 68 bytes leftover after parsing attributes in process `syz.1.169'. [ 150.502940][ T6580] overlayfs: failed to resolve './file0': -2 [ 150.770894][ T6593] fuse: Unknown parameter '000000000000000000060x0000000000000006' [ 151.641615][ T6598] netlink: 12 bytes leftover after parsing attributes in process `syz.4.179'. [ 151.872819][ T9] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 152.025401][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 152.046685][ T9] usb 3-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 152.056527][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.273133][ T9] usb 3-1: Product: syz [ 152.343108][ T9] usb 3-1: Manufacturer: syz [ 152.514458][ T9] usb 3-1: SerialNumber: syz [ 152.548947][ T9] usb 3-1: config 0 descriptor?? [ 152.587466][ T9] esd_usb 3-1:0.0: sending version message failed [ 152.610508][ T9] esd_usb 3-1:0.0: probe with driver esd_usb failed with error -22 [ 152.854412][ T8] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 152.880992][ T6585] loop9: detected capacity change from 0 to 7 [ 153.203862][ T6585] Dev loop9: unable to read RDB block 7 [ 153.686953][ T6585] loop9: AHDI p2 p3 p4 [ 153.691191][ T6585] loop9: partition table partially beyond EOD, truncated [ 153.769104][ T6612] tmpfs: Bad value for 'mpol' [ 153.789848][ T8] usb 4-1: Using ep0 maxpacket: 8 [ 153.812603][ T8] usb 4-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 153.826376][ T6585] loop9: p2 start 2961973428 is beyond EOD, truncated [ 153.833386][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.871455][ T6585] loop9: p3 start 1756542996 is beyond EOD, truncated [ 153.881513][ T8] usb 4-1: Product: syz [ 153.895130][ T8] usb 4-1: Manufacturer: syz [ 153.936126][ T9] usb 3-1: USB disconnect, device number 6 [ 153.963295][ T8] usb 4-1: SerialNumber: syz [ 154.011999][ T8] usb 4-1: config 0 descriptor?? [ 154.108081][ T8] esd_usb 4-1:0.0: sending version message failed [ 154.120190][ T8] esd_usb 4-1:0.0: probe with driver esd_usb failed with error -22 [ 154.334697][ T6606] loop9: detected capacity change from 0 to 7 [ 154.344490][ T6606] Dev loop9: unable to read RDB block 7 [ 154.352004][ T6606] loop9: AHDI p2 p3 p4 [ 154.358101][ T6606] loop9: partition table partially beyond EOD, truncated [ 154.366663][ T6606] loop9: p2 start 2961973428 is beyond EOD, truncated [ 154.373678][ T6606] loop9: p3 start 1756542996 is beyond EOD, truncated [ 154.405446][ T8] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 154.459825][ T6606] tmpfs: Bad value for 'mpol' [ 154.475896][ T9] usb 4-1: USB disconnect, device number 6 [ 154.567719][ T8] usb 1-1: Using ep0 maxpacket: 32 [ 154.576281][ T8] usb 1-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 154.585945][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 154.608914][ T8] usb 1-1: config 0 descriptor?? [ 154.643676][ T8] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 154.955464][ T9] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 155.115662][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 155.123769][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 155.149909][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 155.355827][ T9] usb 3-1: New USB device found, idVendor=04da, idProduct=1044, bcdDevice= 0.00 [ 155.366969][ T8] gspca_nw80x: reg_r err -32 [ 155.375480][ T8] nw80x 1-1:0.0: probe with driver nw80x failed with error -32 [ 155.383108][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.418424][ T9] usb 3-1: config 0 descriptor?? [ 155.478690][ T6642] FAULT_INJECTION: forcing a failure. [ 155.478690][ T6642] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 155.491901][ T6642] CPU: 0 UID: 0 PID: 6642 Comm: syz.3.190 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 155.502524][ T6642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 155.512610][ T6642] Call Trace: [ 155.515918][ T6642] [ 155.518871][ T6642] dump_stack_lvl+0x241/0x360 [ 155.523585][ T6642] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.528825][ T6642] ? __pfx__printk+0x10/0x10 [ 155.533452][ T6642] ? __pfx_lock_release+0x10/0x10 [ 155.538524][ T6642] should_fail_ex+0x3b0/0x4e0 [ 155.543234][ T6642] _copy_from_iter+0x21f/0x1e70 [ 155.548120][ T6642] ? __virt_addr_valid+0x183/0x530 [ 155.553258][ T6642] ? __pfx_lock_release+0x10/0x10 [ 155.558325][ T6642] ? __alloc_skb+0x28f/0x440 [ 155.562946][ T6642] ? __pfx__copy_from_iter+0x10/0x10 [ 155.568267][ T6642] ? __virt_addr_valid+0x183/0x530 [ 155.573404][ T6642] ? __virt_addr_valid+0x183/0x530 [ 155.578543][ T6642] ? __virt_addr_valid+0x45f/0x530 [ 155.583709][ T6642] ? __check_object_size+0x48e/0x900 [ 155.589038][ T6642] netlink_sendmsg+0x73d/0xcb0 [ 155.594191][ T6642] ? __pfx_netlink_sendmsg+0x10/0x10 [ 155.599522][ T6642] ? __pfx_netlink_sendmsg+0x10/0x10 [ 155.604832][ T6642] __sock_sendmsg+0x221/0x270 [ 155.609553][ T6642] ____sys_sendmsg+0x52a/0x7e0 [ 155.614388][ T6642] ? __pfx_____sys_sendmsg+0x10/0x10 [ 155.619718][ T6642] __sys_sendmsg+0x292/0x380 [ 155.624340][ T6642] ? __pfx___sys_sendmsg+0x10/0x10 [ 155.629490][ T6642] ? __pfx_vfs_write+0x10/0x10 [ 155.634306][ T6642] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 155.640671][ T6642] ? do_syscall_64+0x100/0x230 [ 155.645479][ T6642] ? do_syscall_64+0xb6/0x230 [ 155.650189][ T6642] do_syscall_64+0xf3/0x230 [ 155.654721][ T6642] ? clear_bhb_loop+0x35/0x90 [ 155.659430][ T6642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.665434][ T6642] RIP: 0033:0x7fbfc797e719 [ 155.669963][ T6642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 155.689620][ T6642] RSP: 002b:00007fbfc86b2038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 155.698082][ T6642] RAX: ffffffffffffffda RBX: 00007fbfc7b36130 RCX: 00007fbfc797e719 [ 155.706080][ T6642] RDX: 0000000000000000 RSI: 0000000020000780 RDI: 0000000000000008 [ 155.714083][ T6642] RBP: 00007fbfc86b2090 R08: 0000000000000000 R09: 0000000000000000 [ 155.722080][ T6642] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.730075][ T6642] R13: 0000000000000000 R14: 00007fbfc7b36130 R15: 00007ffe4d698448 [ 155.738086][ T6642] [ 158.408317][ T8] usb 1-1: USB disconnect, device number 6 [ 160.352812][ T6657] sctp: failed to load transform for md5: -2 [ 160.389113][ T9] usbhid 3-1:0.0: can't add hid device: -71 [ 160.395576][ T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 160.406337][ T9] usb 3-1: USB disconnect, device number 7 [ 160.563568][ T6669] FAULT_INJECTION: forcing a failure. [ 160.563568][ T6669] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 160.601385][ T6669] CPU: 1 UID: 0 PID: 6669 Comm: syz.2.196 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 160.612042][ T6669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 160.622138][ T6669] Call Trace: [ 160.625463][ T6669] [ 160.628427][ T6669] dump_stack_lvl+0x241/0x360 [ 160.633163][ T6669] ? __pfx_dump_stack_lvl+0x10/0x10 [ 160.638382][ T6669] ? __pfx__printk+0x10/0x10 [ 160.642992][ T6669] should_fail_ex+0x3b0/0x4e0 [ 160.647686][ T6669] _copy_from_user+0x2f/0xc0 [ 160.652294][ T6669] move_addr_to_kernel+0x82/0x150 [ 160.657339][ T6669] __sys_connect+0xc1/0x300 [ 160.661854][ T6669] ? __pfx___sys_connect+0x10/0x10 [ 160.666984][ T6669] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 160.673325][ T6669] ? do_syscall_64+0x100/0x230 [ 160.678112][ T6669] __x64_sys_connect+0x7a/0x90 [ 160.682885][ T6669] do_syscall_64+0xf3/0x230 [ 160.687413][ T6669] ? clear_bhb_loop+0x35/0x90 [ 160.692109][ T6669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.698020][ T6669] RIP: 0033:0x7f83a8b7e719 [ 160.702452][ T6669] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.722069][ T6669] RSP: 002b:00007f83a9a3d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 160.730845][ T6669] RAX: ffffffffffffffda RBX: 00007f83a8d35f80 RCX: 00007f83a8b7e719 [ 160.738826][ T6669] RDX: 0000000000000020 RSI: 0000000020000080 RDI: 0000000000000003 [ 160.746807][ T6669] RBP: 00007f83a9a3d090 R08: 0000000000000000 R09: 0000000000000000 [ 160.754785][ T6669] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 160.762763][ T6669] R13: 0000000000000000 R14: 00007f83a8d35f80 R15: 00007ffc777de088 [ 160.770758][ T6669] [ 160.926463][ T6665] netlink: 28 bytes leftover after parsing attributes in process `syz.0.194'. [ 162.323970][ T5917] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 162.506015][ T6691] FAULT_INJECTION: forcing a failure. [ 162.506015][ T6691] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 162.506096][ T6691] CPU: 1 UID: 0 PID: 6691 Comm: syz.4.201 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 162.506125][ T6691] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 162.506140][ T6691] Call Trace: [ 162.506150][ T6691] [ 162.506161][ T6691] dump_stack_lvl+0x241/0x360 [ 162.506197][ T6691] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.506227][ T6691] ? __pfx__printk+0x10/0x10 [ 162.506256][ T6691] ? __pfx_lock_release+0x10/0x10 [ 162.506299][ T6691] should_fail_ex+0x3b0/0x4e0 [ 162.506329][ T6691] _copy_from_user+0x2f/0xc0 [ 162.506365][ T6691] memdup_user+0x64/0xc0 [ 162.506395][ T6691] ucma_set_option+0x1c6/0xe60 [ 162.506436][ T6691] ? __pfx_ucma_set_option+0x10/0x10 [ 162.506491][ T6691] ? __pfx___might_resched+0x10/0x10 [ 162.506524][ T6691] ? __might_fault+0xaa/0x120 [ 162.506553][ T6691] ? __pfx_lock_release+0x10/0x10 [ 162.506591][ T6691] ? __lock_acquire+0x1384/0x2050 [ 162.506630][ T6691] ? __might_fault+0xc6/0x120 [ 162.506664][ T6691] ? __pfx_ucma_set_option+0x10/0x10 [ 162.506697][ T6691] ucma_write+0x2d9/0x420 [ 162.506734][ T6691] ? __pfx_ucma_write+0x10/0x10 [ 162.506766][ T6691] ? bpf_lsm_file_permission+0x9/0x10 [ 162.506788][ T6691] ? security_file_permission+0x74/0x280 [ 162.506822][ T6691] ? rw_verify_area+0x1c3/0x6f0 [ 162.506850][ T6691] ? __pfx_ucma_write+0x10/0x10 [ 162.506883][ T6691] vfs_write+0x2a3/0xd30 [ 162.506921][ T6691] ? __pfx_vfs_write+0x10/0x10 [ 162.506952][ T6691] ? __fget_files+0x29/0x470 [ 162.506987][ T6691] ? __fget_files+0x3f3/0x470 [ 162.507026][ T6691] ? __fget_files+0x29/0x470 [ 162.507066][ T6691] ? fdget_pos+0x19a/0x320 [ 162.507102][ T6691] ksys_write+0x183/0x2b0 [ 162.507134][ T6691] ? __pfx_ksys_write+0x10/0x10 [ 162.507174][ T6691] do_syscall_64+0xf3/0x230 [ 162.507202][ T6691] ? clear_bhb_loop+0x35/0x90 [ 162.507231][ T6691] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.507256][ T6691] RIP: 0033:0x7f25a1f7e719 [ 162.507277][ T6691] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.507297][ T6691] RSP: 002b:00007f25a2d75038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 162.507324][ T6691] RAX: ffffffffffffffda RBX: 00007f25a2136130 RCX: 00007f25a1f7e719 [ 162.507342][ T6691] RDX: 0000000000000020 RSI: 0000000020000380 RDI: 0000000000000005 [ 162.507358][ T6691] RBP: 00007f25a2d75090 R08: 0000000000000000 R09: 0000000000000000 [ 162.507374][ T6691] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.507390][ T6691] R13: 0000000000000000 R14: 00007f25a2136130 R15: 00007ffe759240e8 [ 162.507423][ T6691] [ 163.143388][ T6694] netlink: 16 bytes leftover after parsing attributes in process `syz.2.202'. [ 163.215977][ T5917] usb 4-1: Using ep0 maxpacket: 8 [ 163.222512][ T5917] usb 4-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 163.222547][ T5917] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.222571][ T5917] usb 4-1: Product: syz [ 163.222589][ T5917] usb 4-1: Manufacturer: syz [ 163.222607][ T5917] usb 4-1: SerialNumber: syz [ 163.225574][ T5917] usb 4-1: config 0 descriptor?? [ 163.228357][ T5917] esd_usb 4-1:0.0: sending version message failed [ 163.228421][ T5917] esd_usb 4-1:0.0: probe with driver esd_usb failed with error -22 [ 163.491783][ T6675] loop9: detected capacity change from 0 to 7 [ 163.495552][ T6675] Dev loop9: unable to read RDB block 7 [ 163.495607][ T6675] loop9: AHDI p2 p3 p4 [ 163.495633][ T6675] loop9: partition table partially beyond EOD, truncated [ 163.495822][ T6675] loop9: p2 start 2961973428 is beyond EOD, truncated [ 163.495850][ T6675] loop9: p3 start 1756542996 is beyond EOD, truncated [ 163.543085][ T6699] 9pnet_fd: Insufficient options for proto=fd [ 163.631087][ T6675] tmpfs: Bad value for 'mpol' [ 163.637010][ T8] usb 4-1: USB disconnect, device number 7 [ 163.725390][ T1206] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 164.117527][ T1206] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 164.134518][ T1206] usb 3-1: New USB device found, idVendor=056a, idProduct=00e5, bcdDevice= 0.00 [ 164.159381][ T6715] syz.4.210 uses obsolete (PF_INET,SOCK_PACKET) [ 164.164534][ T8] IPVS: starting estimator thread 0... [ 164.175309][ T1206] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.181794][ T6718] FAULT_INJECTION: forcing a failure. [ 164.181794][ T6718] name failslab, interval 1, probability 0, space 0, times 0 [ 164.198842][ T1206] usb 3-1: config 0 descriptor?? [ 164.235507][ T6718] CPU: 1 UID: 0 PID: 6718 Comm: syz.0.208 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 164.246249][ T6718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 164.256322][ T6718] Call Trace: [ 164.259621][ T6718] [ 164.262582][ T6718] dump_stack_lvl+0x241/0x360 [ 164.267282][ T6718] ? __pfx_dump_stack_lvl+0x10/0x10 [ 164.272498][ T6718] ? __pfx__printk+0x10/0x10 [ 164.277123][ T6718] ? __kmalloc_node_noprof+0xb7/0x440 [ 164.282531][ T6718] ? __pfx___might_resched+0x10/0x10 [ 164.287867][ T6718] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 164.293902][ T6718] should_fail_ex+0x3b0/0x4e0 [ 164.298690][ T6718] should_failslab+0xac/0x100 [ 164.303394][ T6718] __kmalloc_node_noprof+0xdf/0x440 [ 164.308614][ T6718] ? __kvmalloc_node_noprof+0x72/0x190 [ 164.314117][ T6718] __kvmalloc_node_noprof+0x72/0x190 [ 164.319445][ T6718] nf_hook_entries_grow+0x288/0x720 [ 164.324677][ T6718] __nf_register_net_hook+0x278/0x8d0 [ 164.330087][ T6718] nf_register_net_hook+0xb0/0x190 [ 164.335224][ T6718] nf_register_net_hooks+0x41/0x1a0 [ 164.340448][ T6718] nf_defrag_ipv4_enable+0x85/0x110 [ 164.345669][ T6718] nf_ct_netns_do_get+0x187/0x630 [ 164.350724][ T6718] ? __pfx_nf_ct_netns_do_get+0x10/0x10 [ 164.356290][ T6718] ? __asan_memset+0x23/0x50 [ 164.360895][ T6718] ? lockdep_init_map_type+0xa1/0x910 [ 164.366292][ T6718] __ip_vs_update_dest+0x643/0x1600 [ 164.371511][ T6718] ip_vs_add_dest+0x15fb/0x1b80 [ 164.376381][ T6718] ? ip_vs_add_dest+0x2d9/0x1b80 [ 164.381342][ T6718] ? __pfx_ip_vs_add_dest+0x10/0x10 [ 164.386564][ T6718] ? __might_fault+0xc6/0x120 [ 164.391261][ T6718] do_ip_vs_set_ctl+0xdc2/0x13d0 [ 164.396312][ T6718] ? __pfx_do_ip_vs_set_ctl+0x10/0x10 [ 164.401698][ T6718] ? rcu_is_watching+0x15/0xb0 [ 164.406485][ T6718] ? __mutex_unlock_slowpath+0x21d/0x750 [ 164.412238][ T6718] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 164.418261][ T6718] nf_setsockopt+0x295/0x2c0 [ 164.422866][ T6718] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 164.428769][ T6718] do_sock_setsockopt+0x3af/0x720 [ 164.433817][ T6718] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 164.439375][ T6718] ? __fget_files+0x29/0x470 [ 164.443985][ T6718] ? __fget_files+0x3f3/0x470 [ 164.448677][ T6718] ? __fget_files+0x29/0x470 [ 164.453287][ T6718] __sys_setsockopt+0x1a2/0x250 [ 164.458158][ T6718] __x64_sys_setsockopt+0xb5/0xd0 [ 164.463198][ T6718] do_syscall_64+0xf3/0x230 [ 164.467715][ T6718] ? clear_bhb_loop+0x35/0x90 [ 164.472412][ T6718] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.478315][ T6718] RIP: 0033:0x7f7f1717e719 [ 164.482740][ T6718] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.502360][ T6718] RSP: 002b:00007f7f17f51038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 164.510806][ T6718] RAX: ffffffffffffffda RBX: 00007f7f17335f80 RCX: 00007f7f1717e719 [ 164.518792][ T6718] RDX: 0000000000000487 RSI: 0000000000000000 RDI: 0000000000000004 [ 164.526791][ T6718] RBP: 00007f7f17f51090 R08: 0000000000000044 R09: 0000000000000000 [ 164.534770][ T6718] R10: 0000000020000140 R11: 0000000000000246 R12: 0000000000000001 [ 164.542928][ T6718] R13: 0000000000000000 R14: 00007f7f17335f80 R15: 00007ffe10874e78 [ 164.550925][ T6718] [ 164.608329][ T6719] IPVS: using max 15 ests per chain, 36000 per kthread [ 164.753520][ T6724] process 'syz.1.207' launched './file1' with NULL argv: empty string added [ 165.141496][ T5917] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 167.447622][ T9] usb 3-1: USB disconnect, device number 8 [ 167.706855][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 167.772980][ T5917] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.871220][ T5917] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 167.894636][ T6744] FAULT_INJECTION: forcing a failure. [ 167.894636][ T6744] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 167.944364][ T6744] CPU: 1 UID: 0 PID: 6744 Comm: syz.0.215 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 167.955038][ T6744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 167.965143][ T6744] Call Trace: [ 167.968485][ T6744] [ 167.971479][ T6744] dump_stack_lvl+0x241/0x360 [ 167.975741][ T5917] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.976188][ T6744] ? __pfx_dump_stack_lvl+0x10/0x10 [ 167.989399][ T6744] ? __pfx__printk+0x10/0x10 [ 167.994049][ T6744] should_fail_ex+0x3b0/0x4e0 [ 167.998774][ T6744] prepare_alloc_pages+0x1da/0x5b0 [ 168.003944][ T6744] __alloc_pages_noprof+0x16f/0x710 [ 168.009197][ T6744] ? __pfx___alloc_pages_noprof+0x10/0x10 [ 168.014967][ T6744] ? validate_chain+0x11e/0x5920 [ 168.019969][ T6744] ? is_bpf_text_address+0x285/0x2a0 [ 168.025330][ T6744] alloc_pages_mpol_noprof+0x3e8/0x680 [ 168.030884][ T6744] ? __pfx_alloc_pages_mpol_noprof+0x10/0x10 [ 168.036929][ T6744] ? arch_stack_walk+0xfd/0x150 [ 168.041832][ T6744] ? alloc_pages_noprof+0xef/0x170 [ 168.047003][ T6744] pte_alloc_one+0x88/0x5d0 [ 168.051542][ T6744] ? __pfx_pte_alloc_one+0x10/0x10 [ 168.056680][ T6744] ? __lock_acquire+0x1384/0x2050 [ 168.061724][ T6744] ? cgroup_rstat_updated+0x13b/0xc60 [ 168.067122][ T6744] __pte_alloc+0x79/0x390 [ 168.071478][ T6744] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 168.077218][ T6744] ? __pfx___pte_alloc+0x10/0x10 [ 168.082173][ T6744] ? mark_lock+0x9a/0x360 [ 168.086528][ T6744] handle_pte_fault+0x50b4/0x6800 [ 168.091610][ T6744] ? __pfx_handle_pte_fault+0x10/0x10 [ 168.096998][ T6744] ? __pfx_lock_acquire+0x10/0x10 [ 168.102035][ T6744] ? __pmd_alloc+0x4ff/0x620 [ 168.106635][ T6744] ? __pfx_lock_release+0x10/0x10 [ 168.111689][ T6744] ? do_raw_spin_lock+0x14f/0x370 [ 168.116733][ T6744] ? do_raw_spin_unlock+0x13c/0x8b0 [ 168.121953][ T6744] ? _raw_spin_unlock+0x28/0x50 [ 168.126830][ T6744] ? __pmd_alloc+0x4ff/0x620 [ 168.131444][ T6744] ? __pfx___pmd_alloc+0x10/0x10 [ 168.136407][ T6744] handle_mm_fault+0x1053/0x1ad0 [ 168.141382][ T6744] ? __pfx_handle_mm_fault+0x10/0x10 [ 168.146704][ T6744] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 168.152009][ T6744] exc_page_fault+0x2b9/0x8c0 [ 168.156700][ T6744] ? __might_fault+0xaa/0x120 [ 168.161396][ T6744] asm_exc_page_fault+0x26/0x30 [ 168.166259][ T6744] RIP: 0010:rep_movs_alternative+0x4a/0x70 [ 168.172083][ T6744] Code: 75 f1 c3 cc cc cc cc 66 0f 1f 84 00 00 00 00 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 df 83 f9 08 73 e8 eb c9 a4 c3 cc cc cc cc 48 89 c8 48 c1 e9 03 83 e0 07 f3 48 a5 89 c1 [ 168.191709][ T6744] RSP: 0018:ffffc90019827cc8 EFLAGS: 00050206 [ 168.197866][ T6744] RAX: ffffffff84b4b201 RBX: 00000000200000b0 RCX: 0000000000000070 [ 168.205853][ T6744] RDX: 0000000000000000 RSI: ffffc90019827d40 RDI: 0000000020000040 [ 168.213830][ T6744] RBP: ffffc90019827f00 R08: ffffc90019827daf R09: 1ffff92003304fb5 [ 168.221807][ T6744] R10: dffffc0000000000 R11: fffff52003304fb6 R12: 0000000000000070 [ 168.229783][ T6744] R13: 00007fffffffefff R14: ffffc90019827d40 R15: 0000000020000040 [ 168.237792][ T6744] ? _copy_from_user+0x81/0xc0 [ 168.242582][ T6744] _copy_to_user+0x8b/0xb0 [ 168.247019][ T6744] __se_sys_shmctl+0x29b/0x660 [ 168.251887][ T6744] ? __mutex_unlock_slowpath+0x21d/0x750 [ 168.257616][ T6744] ? __pfx___se_sys_shmctl+0x10/0x10 [ 168.262922][ T6744] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 168.268919][ T6744] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 168.275269][ T6744] ? do_syscall_64+0x100/0x230 [ 168.280055][ T6744] ? do_syscall_64+0xb6/0x230 [ 168.284746][ T6744] do_syscall_64+0xf3/0x230 [ 168.289263][ T6744] ? clear_bhb_loop+0x35/0x90 [ 168.293950][ T6744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 168.299844][ T6744] RIP: 0033:0x7f7f1717e719 [ 168.304260][ T6744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 168.323888][ T6744] RSP: 002b:00007f7f17f51038 EFLAGS: 00000246 ORIG_RAX: 000000000000001f [ 168.332312][ T6744] RAX: ffffffffffffffda RBX: 00007f7f17335f80 RCX: 00007f7f1717e719 [ 168.340292][ T6744] RDX: 0000000020000040 RSI: 0000000000000002 RDI: 0000000000000000 [ 168.348298][ T6744] RBP: 00007f7f17f51090 R08: 0000000000000000 R09: 0000000000000000 [ 168.356276][ T6744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 168.364338][ T6744] R13: 0000000000000000 R14: 00007f7f17335f80 R15: 00007ffe10874e78 [ 168.372325][ T6744] [ 168.375451][ C1] vkms_vblank_simulate: vblank timer overrun [ 168.384069][ T5917] usb 4-1: config 0 descriptor?? [ 168.408050][ T5917] usb 4-1: can't set config #0, error -71 [ 168.507178][ T5917] usb 4-1: USB disconnect, device number 8 [ 170.348442][ T6785] netlink: 16 bytes leftover after parsing attributes in process `syz.3.227'. [ 170.357868][ T6785] netlink: 20 bytes leftover after parsing attributes in process `syz.3.227'. [ 170.376312][ T9] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 170.465372][ T1206] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 170.639741][ T1206] usb 2-1: Using ep0 maxpacket: 8 [ 170.676107][ T1206] usb 2-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 170.809501][ T1206] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.032605][ T1206] usb 2-1: Product: syz [ 171.052877][ T1206] usb 2-1: Manufacturer: syz [ 171.070451][ T1206] usb 2-1: SerialNumber: syz [ 171.115544][ T25] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 171.185753][ T1206] usb 2-1: config 0 descriptor?? [ 171.207293][ T1206] esd_usb 2-1:0.0: sending version message failed [ 171.213819][ T1206] esd_usb 2-1:0.0: probe with driver esd_usb failed with error -22 [ 171.315579][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 171.315718][ T25] usb 4-1: Using ep0 maxpacket: 16 [ 171.330562][ T25] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 171.331479][ T9] usb 1-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 171.339840][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.360940][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 171.369712][ T9] usb 1-1: Product: syz [ 171.374079][ T9] usb 1-1: Manufacturer: syz [ 171.376180][ T25] usb 4-1: config 0 descriptor?? [ 171.379362][ T9] usb 1-1: SerialNumber: syz [ 171.391173][ T9] usb 1-1: config 0 descriptor?? [ 171.392187][ T6795] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 171.405076][ T9] esd_usb 1-1:0.0: sending version message failed [ 171.412481][ T9] esd_usb 1-1:0.0: probe with driver esd_usb failed with error -22 [ 171.424282][ T6774] loop9: detected capacity change from 0 to 7 [ 171.425177][ T25] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 171.440042][ T6774] Dev loop9: unable to read RDB block 7 [ 171.447788][ T6774] loop9: AHDI p2 p3 p4 [ 171.452338][ T6774] loop9: partition table partially beyond EOD, truncated [ 171.460378][ T6774] loop9: p2 start 2961973428 is beyond EOD, truncated [ 171.467705][ T6774] loop9: p3 start 1756542996 is beyond EOD, truncated [ 171.471818][ T6795] netlink: 5312 bytes leftover after parsing attributes in process `syz.4.230'. [ 171.491492][ T5917] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 171.511465][ T6774] tmpfs: Bad value for 'mpol' [ 171.522950][ T9] usb 2-1: USB disconnect, device number 5 [ 171.540995][ T6795] kvm: pic: level sensitive irq not supported [ 171.562805][ T6795] kvm: pic: level sensitive irq not supported [ 171.570579][ T6795] kvm: pic: level sensitive irq not supported [ 171.579079][ T6795] kvm: pic: level sensitive irq not supported [ 171.593022][ T6795] kvm: pic: level sensitive irq not supported [ 171.601158][ T6795] kvm: pic: level sensitive irq not supported [ 171.630958][ T6795] kvm: pic: level sensitive irq not supported [ 171.643893][ T5917] usb 3-1: device descriptor read/64, error -71 [ 171.651332][ T6795] kvm: pic: level sensitive irq not supported [ 171.660433][ T6795] kvm: pic: level sensitive irq not supported [ 171.668586][ T6795] kvm: pic: level sensitive irq not supported [ 171.683099][ T6781] loop9: detected capacity change from 0 to 7 [ 171.702792][ T6781] Dev loop9: unable to read RDB block 7 [ 171.709413][ T6781] loop9: AHDI p2 p3 p4 [ 171.713667][ T6781] loop9: partition table partially beyond EOD, truncated [ 171.722166][ T6781] loop9: p2 start 2961973428 is beyond EOD, truncated [ 171.729990][ T6781] loop9: p3 start 1756542996 is beyond EOD, truncated [ 171.779510][ T6781] tmpfs: Bad value for 'mpol' [ 171.790623][ T9] usb 1-1: USB disconnect, device number 7 [ 171.895427][ T5917] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 172.035479][ T5917] usb 3-1: device descriptor read/64, error -71 [ 172.165971][ T5917] usb usb3-port1: attempt power cycle [ 172.242893][ T6802] netlink: 140 bytes leftover after parsing attributes in process `syz.1.232'. [ 172.526094][ T5917] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 172.609346][ T5917] usb 3-1: device descriptor read/8, error -71 [ 172.867428][ T5917] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 172.975764][ T5917] usb 3-1: device descriptor read/8, error -71 [ 173.115653][ T5917] usb usb3-port1: unable to enumerate USB device [ 173.472595][ T6815] netlink: 'syz.4.235': attribute type 1 has an invalid length. [ 173.529593][ T6787] netlink: 'syz.3.227': attribute type 16 has an invalid length. [ 173.545553][ T6787] netlink: 'syz.3.227': attribute type 3 has an invalid length. [ 173.553301][ T6787] netlink: 'syz.3.227': attribute type 1 has an invalid length. [ 173.600351][ T6787] netlink: 64030 bytes leftover after parsing attributes in process `syz.3.227'. [ 173.877887][ T25] gspca_sonixj: reg_r err -110 [ 173.882892][ T25] sonixj 4-1:0.0: probe with driver sonixj failed with error -110 [ 174.126245][ T1206] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 174.345106][ T1206] usb 5-1: Using ep0 maxpacket: 8 [ 174.363173][ T1206] usb 5-1: config 179 has an invalid interface number: 65 but max is 0 [ 174.529464][ T1206] usb 5-1: config 179 has no interface number 0 [ 174.805493][ T1206] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 174.897258][ T1206] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 174.966622][ T5931] usb 4-1: USB disconnect, device number 9 [ 175.004129][ T1206] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 175.045634][ T1206] usb 5-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 175.078542][ T1206] usb 5-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 175.097675][ T6850] FAULT_INJECTION: forcing a failure. [ 175.097675][ T6850] name failslab, interval 1, probability 0, space 0, times 0 [ 175.110785][ T1206] usb 5-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 175.120564][ T6850] CPU: 1 UID: 0 PID: 6850 Comm: syz.3.244 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 175.131212][ T6850] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 175.141303][ T6850] Call Trace: [ 175.144596][ T6850] [ 175.147536][ T6850] dump_stack_lvl+0x241/0x360 [ 175.152239][ T6850] ? __pfx_dump_stack_lvl+0x10/0x10 [ 175.157458][ T6850] ? __pfx__printk+0x10/0x10 [ 175.162063][ T6850] ? fs_reclaim_acquire+0x93/0x130 [ 175.167192][ T6850] ? __pfx___might_resched+0x10/0x10 [ 175.172505][ T6850] should_fail_ex+0x3b0/0x4e0 [ 175.177202][ T6850] ? tomoyo_encode+0x26f/0x540 [ 175.181985][ T6850] should_failslab+0xac/0x100 [ 175.186701][ T6850] ? tomoyo_encode+0x26f/0x540 [ 175.191488][ T6850] __kmalloc_noprof+0xd8/0x400 [ 175.196267][ T6850] tomoyo_encode+0x26f/0x540 [ 175.200886][ T6850] tomoyo_realpath_from_path+0x59e/0x5e0 [ 175.206546][ T6850] tomoyo_path_number_perm+0x23a/0x880 [ 175.212017][ T6850] ? rcu_read_lock_any_held+0xb7/0x160 [ 175.217487][ T6850] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 175.223391][ T6850] ? tomoyo_path_number_perm+0x208/0x880 [ 175.229041][ T6850] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 175.235038][ T6850] ? sb_end_write+0xe9/0x1c0 [ 175.239640][ T6850] ? vfs_write+0x730/0xd30 [ 175.244096][ T6850] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 175.250099][ T6850] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 175.256451][ T6850] security_file_ioctl+0xc6/0x2a0 [ 175.261493][ T6850] __se_sys_ioctl+0x47/0x170 [ 175.266101][ T6850] do_syscall_64+0xf3/0x230 [ 175.270619][ T6850] ? clear_bhb_loop+0x35/0x90 [ 175.275311][ T6850] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 175.281225][ T6850] RIP: 0033:0x7fbfc797e719 [ 175.285650][ T6850] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 175.305271][ T6850] RSP: 002b:00007fbfc86f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 175.313707][ T6850] RAX: ffffffffffffffda RBX: 00007fbfc7b35f80 RCX: 00007fbfc797e719 [ 175.321708][ T6850] RDX: 00000000200000c0 RSI: 000000004008af00 RDI: 0000000000000003 [ 175.329688][ T6850] RBP: 00007fbfc86f4090 R08: 0000000000000000 R09: 0000000000000000 [ 175.337665][ T6850] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 175.345646][ T6850] R13: 0000000000000000 R14: 00007fbfc7b35f80 R15: 00007ffe4d698448 [ 175.353649][ T6850] [ 175.357472][ T1206] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.378968][ T6850] ERROR: Out of memory at tomoyo_realpath_from_path. [ 175.425542][ T5917] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 175.446059][ T29] audit: type=1326 audit(1730410565.396:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6846 comm="syz.1.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751497e719 code=0x7ffc0000 [ 175.467389][ T29] audit: type=1326 audit(1730410565.396:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6846 comm="syz.1.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751497e719 code=0x7ffc0000 [ 175.488858][ T29] audit: type=1326 audit(1730410565.396:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6846 comm="syz.1.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=56 compat=0 ip=0x7f751497e719 code=0x7ffc0000 [ 175.510176][ T29] audit: type=1326 audit(1730410565.486:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6846 comm="syz.1.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751497e719 code=0x7ffc0000 [ 175.531554][ T29] audit: type=1326 audit(1730410565.486:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6846 comm="syz.1.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751497e719 code=0x7ffc0000 [ 175.553628][ T29] audit: type=1326 audit(1730410565.486:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6855 comm="syz.1.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f75149b0805 code=0x7ffc0000 [ 175.554501][ T6821] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 175.575666][ T29] audit: type=1326 audit(1730410565.486:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6846 comm="syz.1.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7f751497e719 code=0x7ffc0000 [ 175.603705][ T29] audit: type=1326 audit(1730410565.486:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6846 comm="syz.1.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751497e719 code=0x7ffc0000 [ 175.625365][ T29] audit: type=1326 audit(1730410565.486:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6846 comm="syz.1.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f751497e719 code=0x7ffc0000 [ 175.628478][ T5917] usb 3-1: Using ep0 maxpacket: 8 [ 175.647100][ T29] audit: type=1326 audit(1730410565.486:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6846 comm="syz.1.242" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f751497e719 code=0x7ffc0000 [ 175.756428][ T8] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 175.809521][ T5917] usb 3-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 175.831201][ T5917] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.915359][ T5917] usb 3-1: Product: syz [ 175.940424][ T5917] usb 3-1: Manufacturer: syz [ 175.975355][ T5917] usb 3-1: SerialNumber: syz [ 175.997658][ T5917] usb 3-1: config 0 descriptor?? [ 176.035400][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 176.044114][ T5917] esd_usb 3-1:0.0: sending version message failed [ 176.055305][ T8] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 176.071353][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.080466][ T5917] esd_usb 3-1:0.0: probe with driver esd_usb failed with error -22 [ 176.108078][ T5888] input: Generic X-Box pad as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:179.65/input/input5 [ 176.145846][ T8] usb 1-1: Product: syz [ 176.160098][ T9] usb 5-1: USB disconnect, device number 3 [ 176.160121][ C1] xpad 5-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 176.175234][ T9] xpad 5-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19 [ 176.175895][ C1] dummy_hcd dummy_hcd.4: timer fired with no URBs pending? [ 176.188767][ T8] usb 1-1: Manufacturer: syz [ 176.660284][ T5888] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 176.884175][ T5888] usb 2-1: Using ep0 maxpacket: 32 [ 176.968722][ T8] usb 1-1: SerialNumber: syz [ 176.984194][ T8] usb 1-1: config 0 descriptor?? [ 176.984401][ T5888] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 177.012748][ T5888] usb 2-1: config 0 has no interface number 0 [ 177.037780][ T6843] loop9: detected capacity change from 0 to 7 [ 177.057380][ T5888] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 177.086322][ T5888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.099012][ T6843] Dev loop9: unable to read RDB block 7 [ 177.114589][ T6843] loop9: AHDI p2 p3 p4 [ 177.125802][ T5888] usb 2-1: Product: syz [ 177.144371][ T5888] usb 2-1: Manufacturer: syz [ 177.149085][ T6843] loop9: partition table partially beyond EOD, truncated [ 177.156567][ T5888] usb 2-1: SerialNumber: syz [ 177.164365][ T6843] loop9: p2 start 2961973428 is beyond EOD, truncated [ 177.179661][ T6843] loop9: p3 start 1756542996 is beyond EOD, truncated [ 177.214992][ T8] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 177.221234][ T6873] tmpfs: Bad value for 'mpol' [ 177.244546][ T5888] usb 2-1: config 0 descriptor?? [ 177.265460][ T5888] smsc95xx v2.0.0 [ 177.303083][ T5931] usb 3-1: USB disconnect, device number 13 [ 179.026017][ T6892] 9pnet_fd: Insufficient options for proto=fd [ 179.238663][ T5888] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 179.249056][ T5888] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71 [ 179.265171][ T5888] usb 2-1: USB disconnect, device number 6 [ 179.857840][ T8] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 179.869449][ T8] usb 1-1: USB disconnect, device number 8 [ 179.965557][ T5872] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 180.107315][ T6914] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 180.131291][ T5872] usb 3-1: Using ep0 maxpacket: 32 [ 180.171091][ T5872] usb 3-1: New USB device found, idVendor=0458, idProduct=7006, bcdDevice=69.91 [ 180.414468][ T5872] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 180.425899][ T5872] usb 3-1: config 0 descriptor?? [ 180.434778][ T5872] gspca_main: sunplus-2.14.0 probing 0458:7006 [ 181.945527][ T5872] gspca_sunplus: reg_w_riv err -110 [ 181.951054][ T5872] sunplus 3-1:0.0: probe with driver sunplus failed with error -110 [ 182.092100][ T6938] netlink: 16 bytes leftover after parsing attributes in process `syz.0.259'. [ 182.948524][ T5917] usb 3-1: USB disconnect, device number 14 [ 183.059974][ T6938] openvswitch: netlink: Actions may not be safe on all matching packets [ 184.059959][ T6961] sctp: failed to load transform for md5: -2 [ 184.327533][ T25] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 184.535479][ T25] usb 2-1: Using ep0 maxpacket: 8 [ 184.548808][ T25] usb 2-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 184.562408][ T25] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.575482][ T5931] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 184.593308][ T25] usb 2-1: Product: syz [ 184.607991][ T25] usb 2-1: Manufacturer: syz [ 184.620795][ T25] usb 2-1: SerialNumber: syz [ 184.640410][ T25] usb 2-1: config 0 descriptor?? [ 184.665812][ T25] esd_usb 2-1:0.0: sending version message failed [ 184.685455][ T25] esd_usb 2-1:0.0: probe with driver esd_usb failed with error -22 [ 184.737299][ T5931] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 184.756686][ T5931] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 184.793089][ T5931] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.870698][ T6956] loop9: detected capacity change from 0 to 7 [ 184.886898][ T6956] Dev loop9: unable to read RDB block 7 [ 184.900215][ T6956] loop9: AHDI p2 p3 p4 [ 184.904532][ T6956] loop9: partition table partially beyond EOD, truncated [ 184.946721][ T6956] loop9: p2 start 2961973428 is beyond EOD, truncated [ 185.003684][ T6956] loop9: p3 start 1756542996 is beyond EOD, truncated [ 185.737063][ T5931] usb 3-1: config 0 descriptor?? [ 185.745395][ T5931] pwc: Askey VC010 type 2 USB webcam detected. [ 185.963848][ T5931] pwc: send_video_command error -71 [ 185.969570][ T5931] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 185.978578][ T5931] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71 [ 186.038659][ T6993] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 186.044107][ T6956] tmpfs: Bad value for 'mpol' [ 186.070127][ T25] usb 2-1: USB disconnect, device number 7 [ 186.089366][ T5931] usb 3-1: USB disconnect, device number 15 [ 186.103971][ T6997] netlink: 140 bytes leftover after parsing attributes in process `syz.0.270'. [ 188.535094][ T7009] netlink: 140 bytes leftover after parsing attributes in process `syz.4.272'. [ 190.858896][ T7028] sctp: failed to load transform for md5: -2 [ 190.958142][ T8] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 191.275512][ T8] usb 2-1: Using ep0 maxpacket: 8 [ 192.141052][ T8] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 192.151472][ T8] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 192.982641][ T7052] netlink: 140 bytes leftover after parsing attributes in process `syz.2.281'. [ 193.002570][ T8] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 193.019895][ T8] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 193.030749][ T8] usb 2-1: Product: syz [ 193.035066][ T8] usb 2-1: Manufacturer: syz [ 193.041773][ T8] usb 2-1: SerialNumber: syz [ 193.213167][ T8] usb 2-1: can't set config #1, error -71 [ 193.255405][ T9] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 193.515716][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 193.616562][ T8] usb 2-1: USB disconnect, device number 8 [ 193.767287][ T9] usb 5-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 194.041016][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.049403][ T9] usb 5-1: Product: syz [ 194.054042][ T9] usb 5-1: Manufacturer: syz [ 194.058895][ T9] usb 5-1: SerialNumber: syz [ 194.115902][ T9] usb 5-1: config 0 descriptor?? [ 194.403132][ T7054] loop9: detected capacity change from 0 to 7 [ 194.404046][ T7067] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 194.435908][ T9] esd_usb 5-1:0.0: sending version message failed [ 194.442374][ T7054] Dev loop9: unable to read RDB block 7 [ 194.442411][ T7054] loop9: AHDI p2 p3 p4 [ 194.442437][ T7054] loop9: partition table partially beyond EOD, [ 195.398042][ T9] esd_usb 5-1:0.0: probe with driver esd_usb failed with error -22 [ 195.402162][ T7054] truncated [ 195.408919][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.422177][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.430217][ T7054] loop9: p2 start 2961973428 is beyond EOD, truncated [ 195.438373][ T7073] tmpfs: Bad value for 'mpol' [ 195.444370][ T7054] loop9: p3 start 1756542996 is beyond EOD, truncated [ 195.707289][ T7074] 9pnet_fd: Insufficient options for proto=fd [ 196.310186][ T5931] usb 5-1: USB disconnect, device number 4 [ 197.226919][ T7082] sctp: failed to load transform for md5: -2 [ 197.290385][ T7077] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 197.297713][ T7077] IPv6: NLM_F_CREATE should be set when creating new route [ 197.305025][ T7077] IPv6: NLM_F_CREATE should be set when creating new route [ 197.753114][ T1206] kernel write not supported for file /adsp1 (pid: 1206 comm: kworker/1:2) [ 198.954459][ T7126] overlayfs: failed to resolve './file1': -2 [ 199.726062][ T7124] capability: warning: `syz.1.299' uses deprecated v2 capabilities in a way that may be insecure [ 200.607563][ T7136] sctp: failed to load transform for md5: -2 [ 200.707982][ T7133] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 201.910393][ T5142] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 201.919379][ T5142] Bluetooth: hci4: Injecting HCI hardware error event [ 202.890283][ T5142] Bluetooth: hci4: hardware error 0x00 [ 207.676249][ T7187] sctp: failed to load transform for md5: -2 [ 207.862749][ T5837] Bluetooth: hci3: command 0x0406 tx timeout [ 207.875478][ T5837] Bluetooth: hci1: command 0x0406 tx timeout [ 207.882318][ T5837] Bluetooth: hci2: command 0x0406 tx timeout [ 208.880606][ T5142] Bluetooth: hci4: Opcode 0x0c03 failed: -110 [ 208.898416][ T7191] FAULT_INJECTION: forcing a failure. [ 208.898416][ T7191] name failslab, interval 1, probability 0, space 0, times 0 [ 208.912924][ T7191] CPU: 0 UID: 0 PID: 7191 Comm: syz.3.315 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 208.923562][ T7191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 208.933652][ T7191] Call Trace: [ 208.936961][ T7191] [ 208.939929][ T7191] dump_stack_lvl+0x241/0x360 [ 208.944667][ T7191] ? __pfx_dump_stack_lvl+0x10/0x10 [ 208.949910][ T7191] ? __pfx__printk+0x10/0x10 [ 208.954575][ T7191] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 208.960085][ T7191] ? __pfx___might_resched+0x10/0x10 [ 208.965401][ T7191] should_fail_ex+0x3b0/0x4e0 [ 208.970106][ T7191] should_failslab+0xac/0x100 [ 208.974809][ T7191] ? __sta_info_destroy_part2+0x2f7/0x450 [ 208.980549][ T7191] __kmalloc_cache_noprof+0x6c/0x2c0 [ 208.985849][ T7191] __sta_info_destroy_part2+0x2f7/0x450 [ 208.991410][ T7191] __sta_info_flush+0x5d0/0x700 [ 208.996272][ T7191] ? __local_bh_enable_ip+0x168/0x200 [ 209.001660][ T7191] ? __pfx___sta_info_flush+0x10/0x10 [ 209.007037][ T7191] ? do_raw_spin_unlock+0x13c/0x8b0 [ 209.012251][ T7191] ieee80211_ibss_disconnect+0x2c5/0x7c0 [ 209.017938][ T7191] ieee80211_ibss_leave+0x25/0x140 [ 209.023096][ T7191] cfg80211_leave_ibss+0x1ef/0x430 [ 209.028221][ T7191] ? cfg80211_leave+0x17c/0x380 [ 209.033089][ T7191] cfg80211_netdev_notifier_call+0x1ba/0x14b0 [ 209.039179][ T7191] ? __pfx_cfg80211_netdev_notifier_call+0x10/0x10 [ 209.045785][ T7191] ? mark_lock+0x9a/0x360 [ 209.050125][ T7191] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 209.056251][ T7191] ? igmp_netdev_event+0x7c/0x770 [ 209.061323][ T7191] notifier_call_chain+0x19f/0x3e0 [ 209.066473][ T7191] __dev_close_many+0x146/0x300 [ 209.071340][ T7191] ? __pfx___dev_close_many+0x10/0x10 [ 209.076726][ T7191] ? dev_set_rx_mode+0x233/0x2e0 [ 209.081703][ T7191] __dev_change_flags+0x30e/0x6f0 [ 209.086762][ T7191] ? __pfx___dev_change_flags+0x10/0x10 [ 209.092319][ T7191] ? rcu_is_watching+0x15/0xb0 [ 209.097091][ T7191] ? trace_contention_end+0x3c/0x120 [ 209.102383][ T7191] ? __mutex_lock+0x2ef/0xd70 [ 209.107068][ T7191] dev_change_flags+0x8b/0x1a0 [ 209.111851][ T7191] dev_ifsioc+0x7c8/0xe70 [ 209.116204][ T7191] ? __pfx_dev_ifsioc+0x10/0x10 [ 209.121063][ T7191] ? dev_load+0x21/0x1f0 [ 209.125403][ T7191] dev_ioctl+0x719/0x1340 [ 209.129739][ T7191] sock_do_ioctl+0x240/0x460 [ 209.134362][ T7191] ? __pfx_sock_do_ioctl+0x10/0x10 [ 209.139517][ T7191] ? __asan_memset+0x23/0x50 [ 209.144125][ T7191] ? smack_file_ioctl+0x29e/0x3a0 [ 209.149153][ T7191] sock_ioctl+0x626/0x8e0 [ 209.153489][ T7191] ? __pfx_sock_ioctl+0x10/0x10 [ 209.158359][ T7191] ? __fget_files+0x3f3/0x470 [ 209.163046][ T7191] ? __pfx_sock_ioctl+0x10/0x10 [ 209.167906][ T7191] __se_sys_ioctl+0xf9/0x170 [ 209.172517][ T7191] do_syscall_64+0xf3/0x230 [ 209.177033][ T7191] ? clear_bhb_loop+0x35/0x90 [ 209.181713][ T7191] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.187604][ T7191] RIP: 0033:0x7fbfc797e719 [ 209.192031][ T7191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.211648][ T7191] RSP: 002b:00007fbfc86f4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 209.220066][ T7191] RAX: ffffffffffffffda RBX: 00007fbfc7b35f80 RCX: 00007fbfc797e719 [ 209.228049][ T7191] RDX: 0000000020000000 RSI: 0000000000008914 RDI: 0000000000000006 [ 209.236056][ T7191] RBP: 00007fbfc86f4090 R08: 0000000000000000 R09: 0000000000000000 [ 209.244047][ T7191] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 209.252023][ T7191] R13: 0000000000000000 R14: 00007fbfc7b35f80 R15: 00007ffe4d698448 [ 209.260012][ T7191] [ 209.263070][ C0] vkms_vblank_simulate: vblank timer overrun [ 209.666065][ T7214] binder: BC_ATTEMPT_ACQUIRE not supported [ 209.672001][ T7214] binder: 7212:7214 ioctl c0306201 20000100 returned -22 [ 209.710031][ T7216] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 210.934243][ T7223] sp0: Synchronizing with TNC [ 210.960403][ T7226] sp0: Found TNC [ 210.965360][ T5888] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 210.980324][ T7222] [U] è` [ 211.021625][ T7228] netlink: 140 bytes leftover after parsing attributes in process `syz.4.324'. [ 211.415766][ T5888] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 211.450445][ T5888] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 211.505129][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 211.706341][ T5888] usb 1-1: config 0 descriptor?? [ 211.760825][ T5888] pwc: Askey VC010 type 2 USB webcam detected. [ 212.581100][ T7238] sctp: failed to load transform for md5: -2 [ 212.675420][ T5888] pwc: send_video_command error -71 [ 212.680703][ T5888] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 212.695402][ T5888] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71 [ 212.735606][ T5888] usb 1-1: USB disconnect, device number 9 [ 213.305531][ T5888] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 213.549469][ T5888] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 213.684588][ T5888] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 213.765025][ T5888] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 213.831583][ T5888] usb 1-1: config 0 descriptor?? [ 213.926507][ T5888] usb 1-1: can't set config #0, error -71 [ 213.956567][ T5888] usb 1-1: USB disconnect, device number 10 [ 216.165574][ T5888] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 216.305364][ T5888] usb 4-1: device descriptor read/64, error -71 [ 216.642170][ T5888] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 217.009995][ T7281] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 217.041407][ T5888] usb 4-1: device descriptor read/64, error -71 [ 217.181519][ T5888] usb usb4-port1: attempt power cycle [ 217.637134][ T5888] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 217.791543][ T5888] usb 4-1: device descriptor read/8, error -71 [ 217.885577][ T7287] sctp: failed to load transform for md5: -2 [ 218.205679][ T5888] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 218.229208][ T5888] usb 4-1: device descriptor read/8, error -71 [ 218.237608][ T7299] netlink: 'syz.1.338': attribute type 1 has an invalid length. [ 218.276531][ T7299] netlink: 9312 bytes leftover after parsing attributes in process `syz.1.338'. [ 218.327200][ T7299] netlink: 'syz.1.338': attribute type 1 has an invalid length. [ 218.377960][ T5888] usb usb4-port1: unable to enumerate USB device [ 219.887720][ T5935] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 220.148675][ T7319] netlink: 12 bytes leftover after parsing attributes in process `syz.1.345'. [ 220.806267][ T5935] usb 5-1: Using ep0 maxpacket: 16 [ 220.814141][ T5935] usb 5-1: config index 0 descriptor too short (expected 16402, got 18) [ 220.829693][ T5935] usb 5-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 220.859245][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.963876][ T5935] usb 5-1: Product: syz [ 220.979919][ T5935] usb 5-1: Manufacturer: syz [ 220.979955][ T5935] usb 5-1: SerialNumber: syz [ 221.038463][ T5935] r8152-cfgselector 5-1: Unknown version 0x0000 [ 221.044787][ T5935] r8152-cfgselector 5-1: config 0 descriptor?? [ 222.390534][ T9] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 222.620311][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 222.685549][ T9] usb 4-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 222.695372][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 222.703434][ T9] usb 4-1: Product: syz [ 222.707895][ T9] usb 4-1: Manufacturer: syz [ 222.712551][ T9] usb 4-1: SerialNumber: syz [ 222.720133][ T9] usb 4-1: config 0 descriptor?? [ 222.765530][ T9] esd_usb 4-1:0.0: sending version message failed [ 222.774084][ T9] esd_usb 4-1:0.0: probe with driver esd_usb failed with error -22 [ 222.794861][ T8] r8152-cfgselector 5-1: USB disconnect, device number 5 [ 222.815387][ T5888] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 222.852531][ T7334] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 222.979392][ T7326] loop9: detected capacity change from 0 to 7 [ 222.996770][ T7326] Dev loop9: unable to read RDB block 7 [ 223.002414][ T7326] loop9: AHDI p2 p3 p4 [ 223.008420][ T5888] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 223.025644][ T7326] loop9: partition table partially beyond EOD, truncated [ 223.033576][ T7326] loop9: p2 start 2961973428 is beyond EOD, truncated [ 223.047628][ T7326] loop9: p3 start 1756542996 is beyond EOD, truncated [ 223.056111][ T7337] tmpfs: Bad value for 'mpol' [ 223.079173][ T8] usb 4-1: USB disconnect, device number 14 [ 223.222233][ T5888] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 223.232688][ T5888] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 223.241917][ T5888] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.252957][ T5888] usb 2-1: config 0 descriptor?? [ 223.379135][ T7339] netlink: 8 bytes leftover after parsing attributes in process `syz.0.351'. [ 224.077125][ T5888] pyra 0003:1E7D:2CF6.0001: hidraw0: USB HID v0.00 Device [HID 1e7d:2cf6] on usb-dummy_hcd.1-1/input0 [ 224.229259][ T7342] bridge0: port 3(syz_tun) entered blocking state [ 224.241650][ T7342] bridge0: port 3(syz_tun) entered disabled state [ 224.249468][ T7342] syz_tun: entered allmulticast mode [ 224.287007][ T7342] syz_tun: entered promiscuous mode [ 224.354578][ T7342] bridge0: port 3(syz_tun) entered blocking state [ 224.361950][ T7342] bridge0: port 3(syz_tun) entered forwarding state [ 224.383299][ T5888] pyra 0003:1E7D:2CF6.0001: couldn't init struct pyra_device [ 224.390939][ T5888] pyra 0003:1E7D:2CF6.0001: couldn't install mouse [ 224.408288][ T5888] pyra 0003:1E7D:2CF6.0001: probe with driver pyra failed with error -5 [ 224.438907][ T5888] usb 2-1: USB disconnect, device number 9 [ 224.577842][ T7357] netlink: 12 bytes leftover after parsing attributes in process `syz.3.356'. [ 226.137486][ T29] kauditd_printk_skb: 11 callbacks suppressed [ 226.137518][ T29] audit: type=1326 audit(1730410616.116:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7370 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfc797e719 code=0x7ffc0000 [ 226.199689][ T29] audit: type=1326 audit(1730410616.116:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7370 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fbfc797e719 code=0x7ffc0000 [ 226.254769][ T29] audit: type=1326 audit(1730410616.116:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7370 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfc797e719 code=0x7ffc0000 [ 226.295345][ T29] audit: type=1326 audit(1730410616.116:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7370 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfc797e719 code=0x7ffc0000 [ 226.335305][ T29] audit: type=1326 audit(1730410616.116:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7370 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7fbfc797e719 code=0x7ffc0000 [ 226.377527][ T29] audit: type=1326 audit(1730410616.116:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7370 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfc797e719 code=0x7ffc0000 [ 226.419413][ T29] audit: type=1326 audit(1730410616.116:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7370 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfc797e719 code=0x7ffc0000 [ 226.465324][ T29] audit: type=1326 audit(1730410616.116:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7370 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fbfc797e719 code=0x7ffc0000 [ 226.520796][ T29] audit: type=1326 audit(1730410616.116:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7370 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfc797e719 code=0x7ffc0000 [ 226.544426][ T29] audit: type=1326 audit(1730410616.116:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7370 comm="syz.3.360" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbfc797e719 code=0x7ffc0000 [ 226.632583][ T9] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 226.845425][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 226.947906][ T9] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 227.034431][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.127472][ T7378] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 227.145338][ T9] usb 4-1: Product: syz [ 227.149753][ T9] usb 4-1: Manufacturer: syz [ 227.154380][ T9] usb 4-1: SerialNumber: syz [ 227.190532][ T9] usb 4-1: config 0 descriptor?? [ 227.210694][ T9] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 227.233794][ T9] usb 4-1: Detected FT232H [ 227.409754][ T9] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 228.163168][ T9] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 228.501403][ T9] usb 4-1: USB disconnect, device number 15 [ 228.540415][ T9] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 228.550166][ T5935] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 228.570244][ T9] ftdi_sio 4-1:0.0: device disconnected [ 228.685468][ T5931] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 228.704337][ T7400] netlink: 140 bytes leftover after parsing attributes in process `syz.1.369'. [ 228.875609][ T5931] usb 1-1: Using ep0 maxpacket: 8 [ 228.914913][ T5935] usb 5-1: Using ep0 maxpacket: 8 [ 228.933578][ T5931] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 228.971290][ T5931] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.060837][ T5931] usb 1-1: Product: syz [ 229.088011][ T5931] usb 1-1: Manufacturer: syz [ 229.103988][ T5935] usb 5-1: New USB device found, idVendor=0ab4, idProduct=0014, bcdDevice=c4.18 [ 229.110653][ T5931] usb 1-1: SerialNumber: syz [ 229.114674][ T5935] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.343571][ T5935] usb 5-1: Product: syz [ 229.345626][ T5931] usb 1-1: config 0 descriptor?? [ 229.348836][ T5935] usb 5-1: Manufacturer: syz [ 229.361869][ T5935] usb 5-1: SerialNumber: syz [ 229.400650][ T5935] usb 5-1: config 0 descriptor?? [ 229.409908][ T5935] esd_usb 5-1:0.0: sending version message failed [ 229.419432][ T5935] esd_usb 5-1:0.0: probe with driver esd_usb failed with error -22 [ 229.599760][ T5931] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 229.626888][ T7389] loop9: detected capacity change from 0 to 7 [ 229.634059][ T7389] Dev loop9: unable to read RDB block 7 [ 229.648259][ T7389] loop9: AHDI p2 p3 p4 [ 229.652514][ T7389] loop9: partition table partially beyond EOD, truncated [ 229.666729][ T7389] loop9: p2 start 2961973428 is beyond EOD, truncated [ 229.673593][ T7389] loop9: p3 start 1756542996 is beyond EOD, truncated [ 229.851116][ T7389] tmpfs: Bad value for 'mpol' [ 230.984676][ T9] usb 5-1: USB disconnect, device number 6 [ 233.246224][ T7428] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 233.501427][ T5931] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 233.551140][ T5931] usb 1-1: USB disconnect, device number 11 [ 233.973845][ T29] kauditd_printk_skb: 59 callbacks suppressed [ 233.973866][ T29] audit: type=1326 audit(1730410623.946:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7431 comm="syz.0.377" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7f1717e719 code=0x0 [ 234.001057][ C1] vkms_vblank_simulate: vblank timer overrun [ 237.314322][ T7471] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 237.358740][ T7471] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 238.260011][ T7480] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 243.435449][ T5931] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 243.517686][ T7502] netlink: 4 bytes leftover after parsing attributes in process `syz.2.394'. [ 245.793200][ T5931] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 245.802033][ T5931] usb 1-1: can't read configurations, error -71 [ 245.925014][ T25] kernel write not supported for file /adsp1 (pid: 25 comm: kworker/1:0) [ 248.170595][ T7543] FAULT_INJECTION: forcing a failure. [ 248.170595][ T7543] name fail_futex, interval 1, probability 0, space 0, times 1 [ 248.971401][ T7543] CPU: 1 UID: 0 PID: 7543 Comm: syz.3.405 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 248.982166][ T7543] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 248.992260][ T7543] Call Trace: [ 248.995552][ T7543] [ 248.998519][ T7543] dump_stack_lvl+0x241/0x360 [ 249.003250][ T7543] ? __pfx_dump_stack_lvl+0x10/0x10 [ 249.008498][ T7543] ? __pfx__printk+0x10/0x10 [ 249.013136][ T7543] should_fail_ex+0x3b0/0x4e0 [ 249.017834][ T7543] get_futex_key+0x19a/0x1080 [ 249.022520][ T7543] ? __pfx_get_futex_key+0x10/0x10 [ 249.027656][ T7543] ? futex_lock_pi+0x907/0xac0 [ 249.032474][ T7543] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 249.038145][ T7543] futex_lock_pi+0x19d/0xac0 [ 249.042766][ T7543] ? get_pid_task+0x23/0x1f0 [ 249.047357][ T7543] ? __pfx_futex_lock_pi+0x10/0x10 [ 249.052502][ T7543] ? kstrtouint_from_user+0x128/0x190 [ 249.057991][ T7543] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 249.063904][ T7543] ? __pfx_futex_wake_mark+0x10/0x10 [ 249.069209][ T7543] ? vfs_write+0x730/0xd30 [ 249.073640][ T7543] do_futex+0x29a/0x560 [ 249.077829][ T7543] ? __pfx_do_futex+0x10/0x10 [ 249.082526][ T7543] ? __fget_files+0x3f3/0x470 [ 249.087231][ T7543] __se_sys_futex+0x3f9/0x480 [ 249.091936][ T7543] ? __pfx___se_sys_futex+0x10/0x10 [ 249.097154][ T7543] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 249.103517][ T7543] ? do_syscall_64+0x100/0x230 [ 249.108305][ T7543] ? __x64_sys_futex+0x21/0xf0 [ 249.113087][ T7543] do_syscall_64+0xf3/0x230 [ 249.117603][ T7543] ? clear_bhb_loop+0x35/0x90 [ 249.122290][ T7543] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 249.128211][ T7543] RIP: 0033:0x7fbfc797e719 [ 249.132635][ T7543] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 249.152251][ T7543] RSP: 002b:00007fbfc86f4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 249.160683][ T7543] RAX: ffffffffffffffda RBX: 00007fbfc7b35f80 RCX: 00007fbfc797e719 [ 249.168665][ T7543] RDX: 0000000000000000 RSI: 0000800000000006 RDI: 000000002000cffc [ 249.176648][ T7543] RBP: 00007fbfc86f4090 R08: 0000000000000000 R09: 0000000000000004 [ 249.184653][ T7543] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 249.192634][ T7543] R13: 0000000000000000 R14: 00007fbfc7b35f80 R15: 00007ffe4d698448 [ 249.200630][ T7543] [ 249.972185][ T7551] netlink: 4 bytes leftover after parsing attributes in process `syz.4.407'. [ 250.405455][ T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 251.211289][ T8] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 251.549576][ T8] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 251.560131][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 251.701743][ T7578] bridge_slave_0: left allmulticast mode [ 251.707640][ T7578] bridge_slave_0: left promiscuous mode [ 251.713629][ T7578] bridge0: port 1(bridge_slave_0) entered disabled state [ 251.735615][ T7578] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 251.763543][ T7578] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 252.566813][ T8] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 252.576008][ T9] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 252.585089][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.593200][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.605563][ T9] usb 3-1: config 0 descriptor?? [ 252.614212][ T8] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 252.647781][ T9] pwc: Askey VC010 type 2 USB webcam detected. [ 252.979782][ T9] pwc: send_video_command error -71 [ 252.985639][ T9] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 252.995697][ T9] Philips webcam 3-1:0.0: probe with driver Philips webcam failed with error -71 [ 253.006652][ T9] usb 3-1: USB disconnect, device number 16 [ 253.611928][ T9] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 253.811432][ T8] stv0680 4-1:4.0: STV(e): camera ping failed!! [ 253.978947][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 254.942211][ T9] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 254.951542][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.016452][ T9] usb 3-1: config 0 descriptor?? [ 255.045621][ T8] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -110 [ 255.054037][ T8] stv0680 4-1:4.0: last error: 0, command = 0x0 [ 255.303472][ T9] usb 3-1: can't set config #0, error -71 [ 255.336997][ T9] usb 3-1: USB disconnect, device number 17 [ 255.394730][ T8] usb 4-1: USB disconnect, device number 16 [ 256.334186][ T7604] sctp: failed to load transform for md5: -2 [ 256.405358][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.411775][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.544505][ T7615] mmap: syz.2.420 (7615) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 256.619720][ T5844] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 256.653487][ T5844] CPU: 1 UID: 0 PID: 5844 Comm: kworker/u9:3 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 256.664418][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 256.674528][ T5844] Workqueue: hci1 hci_rx_work [ 256.679275][ T5844] Call Trace: [ 256.682592][ T5844] [ 256.685563][ T5844] dump_stack_lvl+0x241/0x360 [ 256.690289][ T5844] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.695535][ T5844] ? __pfx__printk+0x10/0x10 [ 256.700182][ T5844] ? sysfs_create_dir_ns+0x28a/0x3a0 [ 256.705522][ T5844] ? __kmalloc_cache_noprof+0x19c/0x2c0 [ 256.711134][ T5844] sysfs_create_dir_ns+0x2ce/0x3a0 [ 256.716303][ T5844] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 256.721997][ T5844] kobject_add_internal+0x435/0x8d0 [ 256.727289][ T5844] kobject_add+0x152/0x220 [ 256.731759][ T5844] ? do_raw_spin_unlock+0x13c/0x8b0 [ 256.737009][ T5844] ? device_add+0x3e7/0xbf0 [ 256.741567][ T5844] ? __pfx_kobject_add+0x10/0x10 [ 256.746563][ T5844] ? _raw_spin_unlock+0x28/0x50 [ 256.751480][ T5844] ? get_device_parent+0x165/0x410 [ 256.752424][ T7621] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 256.756621][ T5844] device_add+0x4e5/0xbf0 [ 256.756688][ T5844] hci_conn_add_sysfs+0xe8/0x200 [ 256.756726][ T5844] le_conn_complete_evt+0xc9f/0x12e0 [ 256.763983][ T7621] IPv6: NLM_F_CREATE should be set when creating new route [ 256.768256][ T5844] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 256.768291][ T5844] ? __mutex_unlock_slowpath+0x21d/0x750 [ 256.773262][ T7621] IPv6: NLM_F_CREATE should be set when creating new route [ 256.778505][ T5844] ? __copy_skb_header+0x437/0x5b0 [ 256.778545][ T5844] ? skb_pull_data+0x112/0x230 [ 256.811275][ T7619] netlink: 4 bytes leftover after parsing attributes in process `syz.4.423'. [ 256.814549][ T5844] hci_le_conn_complete_evt+0x18c/0x420 [ 256.829004][ T5844] hci_event_packet+0xa55/0x1540 [ 256.834014][ T5844] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 256.839367][ T5844] ? __pfx_hci_event_packet+0x10/0x10 [ 256.844796][ T5844] ? set_bredr_complete+0x40/0x4d0 [ 256.845296][ T5848] Bluetooth: hci2: unexpected event for opcode 0x2026 [ 256.849931][ T5844] ? kcov_remote_start+0x97/0x7d0 [ 256.849973][ T5844] hci_rx_work+0x3fe/0xd80 [ 256.866242][ T5844] ? process_scheduled_works+0x976/0x1850 [ 256.872013][ T5844] process_scheduled_works+0xa63/0x1850 [ 256.877662][ T5844] ? __pfx_process_scheduled_works+0x10/0x10 [ 256.883725][ T5844] ? assign_work+0x364/0x3d0 [ 256.888375][ T5844] worker_thread+0x870/0xd30 [ 256.893038][ T5844] ? __kthread_parkme+0x169/0x1d0 [ 256.898115][ T5844] ? __pfx_worker_thread+0x10/0x10 [ 256.903244][ T5844] kthread+0x2f0/0x390 [ 256.907351][ T5844] ? __pfx_worker_thread+0x10/0x10 [ 256.912506][ T5844] ? __pfx_kthread+0x10/0x10 [ 256.917134][ T5844] ret_from_fork+0x4b/0x80 [ 256.921683][ T5844] ? __pfx_kthread+0x10/0x10 [ 256.926316][ T5844] ret_from_fork_asm+0x1a/0x30 [ 256.931133][ T5844] [ 256.940520][ T5844] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 256.955684][ T5844] Bluetooth: hci1: failed to register connection device [ 256.971234][ T5844] ================================================================== [ 256.979417][ T5844] BUG: KASAN: slab-use-after-free in l2cap_connect_cfm+0x70a/0x1220 [ 256.987417][ T5844] Read of size 8 at addr ffff88806005e480 by task kworker/u9:3/5844 [ 256.995493][ T5844] [ 256.997823][ T5844] CPU: 1 UID: 0 PID: 5844 Comm: kworker/u9:3 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 257.008677][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 257.018741][ T5844] Workqueue: hci1 hci_rx_work [ 257.023457][ T5844] Call Trace: [ 257.026747][ T5844] [ 257.029683][ T5844] dump_stack_lvl+0x241/0x360 [ 257.034371][ T5844] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.039578][ T5844] ? __pfx__printk+0x10/0x10 [ 257.044193][ T5844] ? _printk+0xd5/0x120 [ 257.048356][ T5844] ? __virt_addr_valid+0x183/0x530 [ 257.053475][ T5844] ? __virt_addr_valid+0x183/0x530 [ 257.058597][ T5844] print_report+0x169/0x550 [ 257.063117][ T5844] ? __virt_addr_valid+0x183/0x530 [ 257.068237][ T5844] ? __virt_addr_valid+0x183/0x530 [ 257.073356][ T5844] ? __virt_addr_valid+0x45f/0x530 [ 257.078516][ T5844] ? __phys_addr+0xba/0x170 [ 257.083061][ T5844] ? l2cap_connect_cfm+0x70a/0x1220 [ 257.088277][ T5844] kasan_report+0x143/0x180 [ 257.092816][ T5844] ? l2cap_connect_cfm+0x70a/0x1220 [ 257.098047][ T5844] l2cap_connect_cfm+0x70a/0x1220 [ 257.103089][ T5844] ? hci_connect_cfm+0x24/0x150 [ 257.107953][ T5844] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 257.113430][ T5844] ? device_add+0x460/0xbf0 [ 257.117950][ T5844] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 257.123421][ T5844] hci_connect_cfm+0xa2/0x150 [ 257.128107][ T5844] le_conn_complete_evt+0xd3e/0x12e0 [ 257.133406][ T5844] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 257.139135][ T5844] ? __mutex_unlock_slowpath+0x21d/0x750 [ 257.144779][ T5844] ? __copy_skb_header+0x437/0x5b0 [ 257.149912][ T5844] ? skb_pull_data+0x112/0x230 [ 257.154690][ T5844] hci_le_conn_complete_evt+0x18c/0x420 [ 257.160276][ T5844] hci_event_packet+0xa55/0x1540 [ 257.165254][ T5844] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 257.170562][ T5844] ? __pfx_hci_event_packet+0x10/0x10 [ 257.176044][ T5844] ? set_bredr_complete+0x40/0x4d0 [ 257.181175][ T5844] ? kcov_remote_start+0x97/0x7d0 [ 257.186215][ T5844] hci_rx_work+0x3fe/0xd80 [ 257.190651][ T5844] ? process_scheduled_works+0x976/0x1850 [ 257.196401][ T5844] process_scheduled_works+0xa63/0x1850 [ 257.201989][ T5844] ? __pfx_process_scheduled_works+0x10/0x10 [ 257.207999][ T5844] ? assign_work+0x364/0x3d0 [ 257.213216][ T5844] worker_thread+0x870/0xd30 [ 257.217830][ T5844] ? __kthread_parkme+0x169/0x1d0 [ 257.222873][ T5844] ? __pfx_worker_thread+0x10/0x10 [ 257.228091][ T5844] kthread+0x2f0/0x390 [ 257.232172][ T5844] ? __pfx_worker_thread+0x10/0x10 [ 257.237299][ T5844] ? __pfx_kthread+0x10/0x10 [ 257.241897][ T5844] ret_from_fork+0x4b/0x80 [ 257.246329][ T5844] ? __pfx_kthread+0x10/0x10 [ 257.250925][ T5844] ret_from_fork_asm+0x1a/0x30 [ 257.255710][ T5844] [ 257.258734][ T5844] [ 257.261056][ T5844] Allocated by task 5844: [ 257.265393][ T5844] kasan_save_track+0x3f/0x80 [ 257.270099][ T5844] __kasan_kmalloc+0x98/0xb0 [ 257.274699][ T5844] __kmalloc_cache_noprof+0x19c/0x2c0 [ 257.280075][ T5844] l2cap_chan_create+0x50/0x760 [ 257.284938][ T5844] l2cap_sock_new_connection_cb+0x181/0x2b0 [ 257.290842][ T5844] l2cap_connect_cfm+0x377/0x1220 [ 257.295870][ T5844] hci_connect_cfm+0xa2/0x150 [ 257.300551][ T5844] le_conn_complete_evt+0xd3e/0x12e0 [ 257.305841][ T5844] hci_le_conn_complete_evt+0x18c/0x420 [ 257.311399][ T5844] hci_event_packet+0xa55/0x1540 [ 257.316345][ T5844] hci_rx_work+0x3fe/0xd80 [ 257.320777][ T5844] process_scheduled_works+0xa63/0x1850 [ 257.326336][ T5844] worker_thread+0x870/0xd30 [ 257.330936][ T5844] kthread+0x2f0/0x390 [ 257.335006][ T5844] ret_from_fork+0x4b/0x80 [ 257.339436][ T5844] ret_from_fork_asm+0x1a/0x30 [ 257.344209][ T5844] [ 257.346530][ T5844] Freed by task 7611: [ 257.350502][ T5844] kasan_save_track+0x3f/0x80 [ 257.355188][ T5844] kasan_save_free_info+0x40/0x50 [ 257.360224][ T5844] __kasan_slab_free+0x59/0x70 [ 257.365014][ T5844] kfree+0x1a0/0x440 [ 257.368914][ T5844] l2cap_sock_cleanup_listen+0xed/0x3c0 [ 257.374470][ T5844] l2cap_sock_release+0x5d/0x1d0 [ 257.379414][ T5844] sock_close+0xbc/0x240 [ 257.383670][ T5844] __fput+0x23f/0x880 [ 257.387662][ T5844] task_work_run+0x24f/0x310 [ 257.392259][ T5844] syscall_exit_to_user_mode+0x168/0x370 [ 257.397905][ T5844] do_syscall_64+0x100/0x230 [ 257.402500][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.408397][ T5844] [ 257.410720][ T5844] The buggy address belongs to the object at ffff88806005e000 [ 257.410720][ T5844] which belongs to the cache kmalloc-2k of size 2048 [ 257.424773][ T5844] The buggy address is located 1152 bytes inside of [ 257.424773][ T5844] freed 2048-byte region [ffff88806005e000, ffff88806005e800) [ 257.438754][ T5844] [ 257.441082][ T5844] The buggy address belongs to the physical page: [ 257.447502][ T5844] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x60058 [ 257.456266][ T5844] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 257.464766][ T5844] anon flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 257.472762][ T5844] page_type: f5(slab) [ 257.476751][ T5844] raw: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 257.485341][ T5844] raw: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000 [ 257.493930][ T5844] head: 00fff00000000040 ffff88801ac42000 0000000000000000 dead000000000001 [ 257.502603][ T5844] head: 0000000000000000 0000000080080008 00000001f5000000 0000000000000000 [ 257.511276][ T5844] head: 00fff00000000003 ffffea0001801601 ffffffffffffffff 0000000000000000 [ 257.519948][ T5844] head: 0000000000000008 0000000000000000 00000000ffffffff 0000000000000000 [ 257.528618][ T5844] page dumped because: kasan: bad access detected [ 257.535060][ T5844] page_owner tracks the page as allocated [ 257.540781][ T5844] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5193, tgid 5193 (klogd), ts 83301630521, free_ts 24777781780 [ 257.561541][ T5844] post_alloc_hook+0x1f3/0x230 [ 257.566317][ T5844] get_page_from_freelist+0x3033/0x3180 [ 257.571878][ T5844] __alloc_pages_noprof+0x292/0x710 [ 257.577089][ T5844] alloc_pages_mpol_noprof+0x3e8/0x680 [ 257.582651][ T5844] alloc_slab_page+0x6a/0x120 [ 257.587336][ T5844] allocate_slab+0x5a/0x2f0 [ 257.591849][ T5844] ___slab_alloc+0xcd1/0x14b0 [ 257.596531][ T5844] __slab_alloc+0x58/0xa0 [ 257.600875][ T5844] __kmalloc_cache_noprof+0x1d5/0x2c0 [ 257.606251][ T5844] syslog_print+0x121/0x9c0 [ 257.610761][ T5844] do_syslog+0x3c2/0x820 [ 257.615009][ T5844] __x64_sys_syslog+0x7c/0x90 [ 257.619691][ T5844] do_syscall_64+0xf3/0x230 [ 257.624200][ T5844] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.630100][ T5844] page last free pid 1 tgid 1 stack trace: [ 257.635904][ T5844] free_unref_page+0xcd0/0xf00 [ 257.640676][ T5844] free_contig_range+0x152/0x550 [ 257.645647][ T5844] destroy_args+0x8a/0x840 [ 257.650158][ T5844] debug_vm_pgtable+0x4be/0x550 [ 257.655013][ T5844] do_one_initcall+0x248/0x880 [ 257.659794][ T5844] do_initcall_level+0x157/0x210 [ 257.664747][ T5844] do_initcalls+0x3f/0x80 [ 257.669098][ T5844] kernel_init_freeable+0x435/0x5d0 [ 257.674306][ T5844] kernel_init+0x1d/0x2b0 [ 257.678647][ T5844] ret_from_fork+0x4b/0x80 [ 257.683076][ T5844] ret_from_fork_asm+0x1a/0x30 [ 257.687852][ T5844] [ 257.690181][ T5844] Memory state around the buggy address: [ 257.695836][ T5844] ffff88806005e380: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 257.703895][ T5844] ffff88806005e400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 257.711966][ T5844] >ffff88806005e480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 257.720023][ T5844] ^ [ 257.724089][ T5844] ffff88806005e500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 257.732150][ T5844] ffff88806005e580: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 257.740209][ T5844] ================================================================== [ 257.753905][ T5844] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 257.761148][ T5844] CPU: 1 UID: 0 PID: 5844 Comm: kworker/u9:3 Not tainted 6.12.0-rc5-syzkaller-00063-g0fc810ae3ae1 #0 [ 257.772035][ T5844] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 257.782149][ T5844] Workqueue: hci1 hci_rx_work [ 257.786886][ T5844] Call Trace: [ 257.790202][ T5844] [ 257.793163][ T5844] dump_stack_lvl+0x241/0x360 [ 257.797900][ T5844] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.803146][ T5844] ? __pfx__printk+0x10/0x10 [ 257.807777][ T5844] ? preempt_schedule+0xe1/0xf0 [ 257.812672][ T5844] ? vscnprintf+0x5d/0x90 [ 257.817053][ T5844] panic+0x349/0x880 [ 257.820985][ T5844] ? check_panic_on_warn+0x21/0xb0 [ 257.826221][ T5844] ? __pfx_panic+0x10/0x10 [ 257.830675][ T5844] ? _raw_spin_unlock_irqrestore+0x130/0x140 [ 257.836708][ T5844] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 257.843089][ T5844] ? print_report+0x502/0x550 [ 257.847813][ T5844] check_panic_on_warn+0x86/0xb0 [ 257.852790][ T5844] ? l2cap_connect_cfm+0x70a/0x1220 [ 257.858035][ T5844] end_report+0x77/0x160 [ 257.862328][ T5844] kasan_report+0x154/0x180 [ 257.866959][ T5844] ? l2cap_connect_cfm+0x70a/0x1220 [ 257.872187][ T5844] l2cap_connect_cfm+0x70a/0x1220 [ 257.877247][ T5844] ? hci_connect_cfm+0x24/0x150 [ 257.882140][ T5844] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 257.887643][ T5844] ? device_add+0x460/0xbf0 [ 257.892185][ T5844] ? __pfx_l2cap_connect_cfm+0x10/0x10 [ 257.897691][ T5844] hci_connect_cfm+0xa2/0x150 [ 257.902416][ T5844] le_conn_complete_evt+0xd3e/0x12e0 [ 257.907746][ T5844] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 257.913494][ T5844] ? __mutex_unlock_slowpath+0x21d/0x750 [ 257.919150][ T5844] ? __copy_skb_header+0x437/0x5b0 [ 257.924370][ T5844] ? skb_pull_data+0x112/0x230 [ 257.929155][ T5844] hci_le_conn_complete_evt+0x18c/0x420 [ 257.934729][ T5844] hci_event_packet+0xa55/0x1540 [ 257.939692][ T5844] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 257.945079][ T5844] ? __pfx_hci_event_packet+0x10/0x10 [ 257.950469][ T5844] ? set_bredr_complete+0x40/0x4d0 [ 257.955598][ T5844] ? kcov_remote_start+0x97/0x7d0 [ 257.960638][ T5844] hci_rx_work+0x3fe/0xd80 [ 257.965072][ T5844] ? process_scheduled_works+0x976/0x1850 [ 257.970806][ T5844] process_scheduled_works+0xa63/0x1850 [ 257.976379][ T5844] ? __pfx_process_scheduled_works+0x10/0x10 [ 257.982378][ T5844] ? assign_work+0x364/0x3d0 [ 257.986985][ T5844] worker_thread+0x870/0xd30 [ 257.991603][ T5844] ? __kthread_parkme+0x169/0x1d0 [ 257.996643][ T5844] ? __pfx_worker_thread+0x10/0x10 [ 258.001769][ T5844] kthread+0x2f0/0x390 [ 258.005846][ T5844] ? __pfx_worker_thread+0x10/0x10 [ 258.010969][ T5844] ? __pfx_kthread+0x10/0x10 [ 258.015570][ T5844] ret_from_fork+0x4b/0x80 [ 258.020009][ T5844] ? __pfx_kthread+0x10/0x10 [ 258.024602][ T5844] ret_from_fork_asm+0x1a/0x30 [ 258.029383][ T5844] [ 258.032846][ T5844] Kernel Offset: disabled [ 258.037175][ T5844] Rebooting in 86400 seconds..