last executing test programs: 57.974800667s ago: executing program 1 (id=145): syz_usb_connect$hid(0x2, 0x0, 0x0, &(0x7f0000000500)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x4, 0x0, 0x5, 0x20, 0x10}, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000002580)={0x2020}, 0x2020) r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x1e10c0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d000000"], &(0x7f0000000100)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) socket$nl_netfilter(0x10, 0x3, 0xc) ptrace$getsig(0x4202, r2, 0x5, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000840)={&(0x7f0000000780)={0xa0, 0x0, 0x4, 0x70bd29, 0x25dfdbfd, {}, [@HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4}, 0x100) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, 0x0, 0x0) 54.079919963s ago: executing program 1 (id=156): r0 = accept$netrom(0xffffffffffffffff, &(0x7f0000000280)={{0x3, @netrom}, [@rose, @default, @rose, @remote, @default, @remote, @default, @rose]}, &(0x7f0000000300)=0x48) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x80}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYBLOB="00edcf69920000000400001a000000603200"/28], 0x50) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) read$dsp(r1, &(0x7f0000000440)=""/105, 0x69) accept$netrom(r0, &(0x7f00000001c0)={{0x3, @netrom}, [@null, @default, @remote, @netrom, @netrom, @bcast, @default]}, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x109942, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='./cgroup\x00', &(0x7f0000000040)='xfs\x00', 0x800013, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') read$FUSE(r4, &(0x7f0000003480)={0x2020}, 0x2020) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, 0x0) ioctl$PPPIOCSACTIVE(r3, 0x40107446, &(0x7f0000000080)={0x1, &(0x7f0000000000)=[{0x5, 0x0, 0x0, 0x9}]}) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4) r6 = accept4(r5, 0x0, 0x0, 0x80800) sendmmsg$alg(r6, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}, @op={0x18}], 0x30, 0x55}], 0x1, 0x0) unshare(0x22020400) 51.648072853s ago: executing program 1 (id=161): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r0, 0xc04064a0, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000440)=[0x0], 0x0, 0x0, 0x0, 0x1}) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) sendmsg$NL80211_CMD_NEW_MPATH(r2, &(0x7f0000000940)={&(0x7f0000000840)={0x10, 0x0, 0x0, 0x8020}, 0xc, &(0x7f0000000440)={&(0x7f0000000000)=ANY=[], 0x14}, 0x1, 0x0, 0x0, 0x4040889}, 0x40) ioctl$sock_SIOCINQ(r2, 0x541b, &(0x7f0000000a00)) ioctl$DRM_IOCTL_MODE_GETCONNECTOR(r0, 0xc05064a7, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)=[0x0], &(0x7f0000000540), 0x0, 0x1, 0x0, 0x0, r1}) writev(r2, &(0x7f0000000180)=[{&(0x7f0000000280)="8540e2f4d923d6681c3af15d840903e05cf5c3bd5bb6d3657cdaec5fd84bad3b70013d74015d799a0311363f3f94b0d609c81ff53b1c7f96b645dc8eb94f2e1df1153647f532eb28bfe2f447b7c2a481c10565c0f0809d201af303e2b73296cfecbed4430e2baf18224638003b76855fb0575b27da7670a89047f9e3e482055d7bfec847bb152376dcdfb5491d8d83fc3b6e6640891726fe62aa3813903b44374f3313baac0fbb7f85f1f3bdeb750834136204ff7ff36deaa07bc4e8ec9147c0ef38a42de3499319512d8468b97b2f6a9c90973ee95bb834af2b334271020aba026932765758028c91741a588c", 0xed}, {&(0x7f0000000100)="806489ce", 0x4}, {&(0x7f0000000a40)="86ca69d55ce042285baf5485ca172589aefc84b51a2e455f6feaaaac4fd33d700e9361142c2839f5f4096724dfed4f071643097404f0b8b0afeee729ad3c355920491a4db0c7d7e14cf7f70d4987689d3d2701d6e62f08b4b176bc21df7fe2387e516f049ddc95fc36c5a0487266462c651418b8d4c4d67fb6598eed59973ad86459fac7a42c72cc41aee22a8d6a4db22071e6162e58ba8defa5b2f9ace4b91044a0f05c3c96c03a0ea3e2ba53107fda5c4400cffe737e16a33e62fe70764292b1d7afd1edf424525025aa094bf5db1d64c64415d8437c72e286c712227b7fad161da471ee9e66e511d0a92089816a57a61e5bc53120e7fa8f1df7b38c45dd76ae8789fafd231e5fc7bb458d5de6d6171c925da7160a6a14935e1f8505479a82a3d80bd75ed447c59478f46e02e5c3d4e2024cacc3be5952381aa6316bf9c65cf954c647f5a55ab8bfe9d87d6d165bc215969444a7a15abcafa664632c6dc4aa7d2f0db9b247c7f53af158b1fa03564b55b842cd88a6df76582b895ea4283aaca8400178901f7211f0b89603efb710d5dc7690390638dd48d60acdd866aae9e368664e75cf7e87d87e05dbf9efdfd0e1cf27953813fe3b41fc1309a3aad3ae9ff45048e28630094e026113a60c9c265ab4f710b00d637a8402a881d2e4c26684adacc027f95a48d9ede04e0ece389ff589f6d3ed8e7c2263218036eaa9a1a769b950566f556c651e49c230b15f9c005dfca07a47e6732b52732ac0440d5054c0b897574694a8512a04cb034c684fdbb3d4d15d7391d904b162250f33575e9df7830e368e1ec6c91354a24d1c88c3fb52ee6d6f1ed486ee5f382373a71d802de18c7e6bf125eacab66b042b2f7a52f772a701e428e7f7a636e0e59ea884387364deb6cc6ff5c29cd37fc04f694cf43051f0b2b4056949d021ffd7e144402410311ef6c34001de1a293fce18175fcf47270b6a3d35a4d832384e3b27ba79d1174e333f2b3214a8fa71079d5c7c09f10014b40d081ca75cafc0a8904e6d3d47748ab3aebfb4dc7f30bc32e4d20f3c327487f594c2ee80b4e7387ea0dafbf38849e3967a530f844fb63007033a8afa287b04aeb91f54e3d483085dacc1a128a22eb135ac72673c0ac57c781d330c3ae86db886fcac2f89111a33b1cbde26c8e8fcf2d179424c11f7bf16820b4598b4c2b54416dfd368af05c058304b55da61663aaada78686c41f2e5b61a7db0d18ef3984a73ea2682fc90fe5d158b89317714d49a4bb2d942fc2fbd3baed553a18e480c56672a63902d4e14d4ee25f1ba62135029a5b6faaaabc4028f0bd8554e5b9be725c7b33b6be25b9ac9d0a43145842479c5561923ef7c6ccd6d2aa7ec22bdcf1d6d07760cb3d9f31e539d91fc00a5449ea954b586993c196d9f783e943d244e1c500143e8c6edbac706c700bd39b92615dded440a926d078d663d5a99c9dac369190a2bb3670dbf91b34410a7e55ea9c87054f69ca685ed2385697052ce3d4efce3a9455c7fcbb68fc724faef18cea06c1b644624a689d2ea081400d9ad5f68de86e8a467d1c8345ae196b9f5ee395c2b6e946d4f29d514240a1b61fdb57662c4374b54bf4edf6d4458e0dac2bd21e2b450e2cb30ba2a4dbb022918d7f28052c8a86ba8256a1c01e11f60bd08aaff2b4090649db98156f66168773b427a7e5e653f9714d4ce309a233ab27f7f73cf897c73a433a56055ac1206cdfbd4ab977c9621c63a410be723a2ae52c850715a3134fb23d4e5027675c79e13ecfa48f4d6958e5b09baefe30c3b6d775a83d462357f3b46c484eaa407e407d4e0171c09014d21472a79af6aa03fdba16415139bf2129d58355dc71008319950a08db0d75ebd7c7e5d13440335adcb16b8dd9015b2d9b09269fa39fefb73c1acf7092b4a432762b02735a45b710a69a8effbcc35a84c74013cb4eb217f6462e5d143f017b460da28b4c232fd581c81b7dc032557a514f9e3bebcfb59a5e9bd7614e7fca68f9b3b4d8ffabacb45816cce083fa0db7d449922aef53762db17632ba556bd6cb46f577038066887174f92b4cc15a4e1b80940b7ff8116c016513db863500d6768d3f05ecab6a1f1540a2791572d4bbf6b16e1d4a07c3e3ba55e5183a569deba67889b26876412508a4ab5c404a75d5b45ff3b4456b466b4e59b4745cda9de6f495b47ee812f66453fd1b4ac05259c4182c6a33a6b1af51b380d6a828e86d3e2b85f1a1365e936bb2f5bce2a4ca032f57507123204f64f5d70d5260aaaf501df3102daf47a2fe8f4c6023ac16a31c351602014a6bab9a3ace8d748c442b8d5909fc156a0b4a3c2aab232a8728cb6a29ae025b5d1c45b471f21de85f20aaa41745489be3f403d88b2e86d0eb8652cb59c13abff827235838cb64e966ca7b69e08b9042d3e8980bd6bbdbdae1d21949019982204c4bf61db7dab226af4b2828c06a5ef5495774e6183056f31187b2072f01cb9b5bb8e85e0efac573440694aae9e8814828af90a983f1cc5be0e8b506809faf7ec39e009bb09b2f3c1f1067e25bcc18597501825e400d7204dc6c5407968ecbdff7a94e2851358469fb081b1bc18d7a48ddd7c760118bee66032d200e10516b483eef86760ac83cd6ebb259595088b03631becf4da5b99de4d818d7f58375e6c489e7864d3f0d8ced71ad9863ac59e81683f1f6a2343ebc378add95554c7a33c198cfd7cb4cadb4c8249003d8d01585da312e4085e7dcdecf43dcf9ac0f34d041b27397a3c8325a91a05c29177f8c4765c26b81791f49720f6856774ec46542e056af274a13cd01fa27f6112ac457a724ab986f15f34992dd947f7d7d9321b9ed3125172a7066cc3e546ff77c7018b570644b54951267119253d7f0a252be22136307f316d745680f0646549bd1d795167253f4990d35845a88e07ab5fdec5013c96d12ee5fb5115d9b017d3a8e13bdc1bca3136d3da1e7fd7f6ddcc71282fb9782d59bab2a6770f69069cb1ba488db2db0a520bb8ebf63991736283f1da08c647bad053a8bff6e0241a2a6ceea192a65bcacedfaa13c18d7bdd3f76c8bd8b42bcd35a15855c5156460733ac380d27bd4f7f763438e326aa77cfea323203096a8fa8093366ce52f4f69f33d179f2f627f89656226e0386606b843685e3d719d91c16e05bc37acce0e4393e3d058b08abceb90db41f546f79922f3603ac8c6a2f440f14ce1180121f1fe3f1384c2ebbd9dd1350d9248f747b7b4b73b514dbad8bda797a39d607740785cdf31e13df2f1060bfb03d9c2a31049d12f8f563563f7e1626861bc63cf5c3395a1094b204ce1a96b4e433b2eb6b832e54d189c3c49af197aa4f1125803152c041418c6af93cb1447238f2face6b351ef55605bab5407aebbb140e146bdeb72a98f2883fb25f9f1760dfb45480e044a6e95ba4d4db5f9221efac54f30259603dfc8efc8e9f61191f394a5b2e4342b189190715b24fc1aaab48e6d6e0bbb094659c647f3bbe066c867c9ce38fffad9f76841e8b08d85e3fc671fb291246d25d7b450b714b825981193c81049faf3e448dbe8e9205a8c82238cb36c27ffba0f1c2926cc40404ea0d412818724bdf6c075def7eb22c9932d700178e8d5d49398e803eddeaadd95109b192900c2e6e286b8ded42df65670d357a523452796c4ad484fe24a53addc98a379c18e6505f6acf0a3132eac7cda3a22de8268b3a1faf50ca2dcc998b4f1ba1364df3a038969957903f4c67b74d1b73e1c4a3a567514f5c99833e14223407a79f2b04a5e16db087463244516705b49c36e88fc5b0a695b9f5bdbc038510b77b5c5225802e118231571bc9ff24bd59da4679f4fc02a552acb725cac25d3f019db5fe539ec1d7f44208c720555a43844e2656cf45a286dfd1baa0f10d2d9b7eba099451a53dd3d34d3abbbbd32ed7c4165473520660f005844cc16bc7a02c6518a1af006ea5a5a517c0acc49fc70d6f79b54a5c7e419dd463a690c0f8a422c02b6d5639fc91e4aaa412b7c3c0c2c7b26e2091ee5386fa4e0ca4cb2b476b6d13dbef880753a6e9e5dc04ba02d131a40d0d994c6a2a66627f8ab2fc697e1882a680b67ec24b1bae9a2b9c3de3e07438daf61ab187caa8ac9e1f25835e5f46e75d7b33920140d09955ed6e9278a26b62b31dce2647cae2d730eae156c6f656351f4b501a1c42b01b29c30dc74780c720024f26ab644b015f64427299a734f8606e9e4c7e6beeca6edb70a20e2b85779eb9ec58c90c670aa08f1edbfa505f08bae39baf060b24c583cb86ba1545c6e88d2d9fa9b6e944a89634114ac9b749738ff0e3509ecf804aa3a18e9e53d61d1662d710608785e129563a0ab4252c005ece7af6f6522eec7eee3d4ae8c51cc8d10361879d68804c42634125ea1e280f431c48cbaaa1968d03c43fdccb335e30ef338f4ca7254a874e47daa86e717e07d51cb24e35b1beb60ad36adc7931ae96174b59a798440b1f95543c1a69792891bac6428c88aabdb538d0182b0c6763c3c7541cd8ce67e47bad1a6edaec9337b37f34edeabae70c972a4ca63b1b14418dc4fad74c3477a65661606cf3f1d960d2d0e3c1389d1a4b9ce29ab7f482be005f8213d45062f024d33f1aca74f4e1234eba7f4558185c6eeed5ba28d5511f4cb765bd5619843fcbbcca5a3cc0447719cad6a00889f1cf3717552ac78b2c14c8db07cc6a365d449ad1269d5059b46815345c17ff8c0eb32647b81d9942d2d47b8643e21da14cc697d1725dbff7ebd9d34a6350bd6b1cee0ebd2016b17ce0a5f157e608329c3efda8f67d08498b9d36fafe5d544b31fba893ef2cf35f9b54331145144596689992300053de37106d392a53b8d877c7fdd2409c043ff94fd22c3aea586c34621e76fe44af86ddbdf637aecf30da2f0b60d5ba8b6492f67294ee6469588c418637251273faa9d6593785925a106b7b8dcaf6c2c204fb8b0931d4bad50baad9dcea24e4f44980b9dc78e01e4746e08f07e26330f46c950739076d838eb16d9c147f5f2751c505a50a2c1716a3ed8409a734a1817cd8f31e49888bf8e1ebd9f02f35551a3877ba6d3a25d448c13c766bb6b5c8336540010ef267e0ee8dd2150457561b1b30e8473c743d23348340267ecda758ea5d543ee47a0d309fbcd791ef67210533b6535527fc4598ef64e6d6eb823a0e7ef2991f97e7de745311603465abb98189bd4567fe14c180336f148f3b8cbac87eaeef91291fd68a02fb561a5f142f7d1f83004665e36dfb3c7e06a037df04b4030108ef62a8f055689e02c026d730aa5d08d33f3b65e312f53a850adb7738f5db1c476486508ae61baaa56a1213d1d61657164116f4835965749b4d376287a7d91cc461acc643dca3e59b63b85d6fc7dfdd0eda6ff3cc3f2003c29e5857fc8bf7519d6b40c01e6da5da9dc4d13d1edbf7e2dc44e70f23e85dc8c4ad118d4981f2fdd32eaeeff82533cad511c6cda6da9b737f0a7602d48b2ea80c186e1cb4c509f0eb111c8d9489da9940973f030c7214b4b790ff28f226fb765de01ae136591c89e11ae054100e74f631510d49c7d5dfa490ea784c4ff4a9af285fc1745fdfc842dbdeaad1e83c077752313088525199f10bae8814f8aad4664b13857c033d3b3f99b1c245885e522286393d76dcacaa810a517a00deeb53c5f34ef2227fc49a89fc32da9099f4580a801c72750968f62efb7e75f389b539d4831d3110e612731a961091e921be44bee1cfb055d985eb89a3a11ea3fef2abd4c0cb6e183229524370054c04e131a8788f04258f7c", 0x1000}], 0x3) ioctl$DRM_IOCTL_MODE_SETPROPERTY(r0, 0xc01064ab, &(0x7f0000000040)={0x3, r3, r1}) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r5, 0x40204706, 0x0) ioctl$DRM_IOCTL_WAIT_VBLANK(r4, 0xc018643a, &(0x7f00000000c0)={0x4000001, 0x71, 0x200000009}) socket$nl_route(0x10, 0x3, 0x0) 51.159592723s ago: executing program 1 (id=166): syz_usb_connect$hid(0x2, 0x0, 0x0, &(0x7f0000000500)={0xa, &(0x7f0000000040)={0xa, 0x6, 0x110, 0x4, 0x0, 0x5, 0x20, 0x10}, 0x0, 0x0}) read$FUSE(0xffffffffffffffff, &(0x7f0000002580)={0x2020}, 0x2020) r0 = openat$incfs(0xffffffffffffff9c, &(0x7f0000000080)='.log\x00', 0x1e10c0, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x18, 0x4, &(0x7f00000009c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) socket$nl_route(0x10, 0x3, 0x0) syz_open_procfs$pagemap(0x0, &(0x7f0000001080)) socket$nl_netfilter(0x10, 0x3, 0xc) ptrace$getsig(0x4202, r2, 0x5, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x4}}]}}]}, 0x48}}, 0x20040084) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000008c0)=@newqdisc={0x34, 0x28, 0x4ee4e6a52ff56541, 0x4001, 0xfffffdfc, {0x0, 0x0, 0x0, 0x0, {0xffff}, {0xffff, 0xffff}, {0x2, 0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x400dc}, 0x0) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000880)={&(0x7f0000000400)={0x10, 0x0, 0x0, 0x200}, 0xc, &(0x7f0000000840)={&(0x7f0000000780)={0xa0, 0x0, 0x4, 0x70bd29, 0x25dfdbfd, {}, [@HEADER={0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp1\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'xfrm0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}]}]}, 0xa0}, 0x1, 0x0, 0x0, 0x4}, 0x100) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, 0x0, 0x0) 48.005512464s ago: executing program 1 (id=173): socket$packet(0x11, 0x3, 0x300) socket$inet_sctp(0x2, 0x1, 0x84) socket$alg(0x26, 0x5, 0x0) open(&(0x7f00000000c0)='.\x00', 0x800, 0x50) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000040)='GPL\x00'}, 0x80) epoll_create1(0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) socket(0x200000000000011, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$packet(0x11, 0xa, 0x300) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES16], 0x54}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 47.245561752s ago: executing program 1 (id=176): rseq(&(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, 0x20, 0x0, 0x0) sync() 31.62304096s ago: executing program 32 (id=176): rseq(&(0x7f0000000100)={0x0, 0x0, 0x0, 0x2}, 0x20, 0x0, 0x0) sync() 12.483039655s ago: executing program 0 (id=283): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io$rtl8150(0xffffffffffffffff, 0x0, &(0x7f0000000380)={0x2c, 0x0, &(0x7f0000000280)={0x0, 0xa, 0x1, 0xa}, 0x0, 0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="4005050000008b9068"]}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 10.576113944s ago: executing program 3 (id=287): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000c00)=@delchain={0x28c, 0x65, 0x100, 0x170bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x1, 0x2}, {0x0, 0xe}, {0x0, 0xb}}, [@filter_kind_options=@f_bpf={{0x8}, {0x4}}, @TCA_RATE={0x6, 0x5, {0x8, 0x81}}, @filter_kind_options=@f_bpf={{0x8}, {0x24c, 0x2, [@TCA_BPF_ACT={0x148, 0x1, [@m_skbedit={0x144, 0x11, 0x0, 0x0, {{0xc}, {0x44, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_MARK={0x8, 0x5, 0x80}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x5}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x4}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x1}, @TCA_SKBEDIT_PARMS={0x18, 0x2, {0xfffffffb, 0x16, 0xffffffffffffffff, 0x8, 0x5}}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0xa1}]}, {0xd5, 0x6, "30cbb705b416ba0830f20a58294437adf387be2c5c0be289398c099b2e0fad0a4e749a52e1f5a75d291f8d128db69182792fc2d2dbf61c190aa5138085d5d1951d7457c5c0b4920793d96054893043f112825e710e6e179fa7d28f3c6acd5d743d405349005c0f6844ffcfe048e388a1892a78b93651bb59aba27cca473a0b429df512055b4c2f60e2129626ee8e15fb1bf13e9eee7666aeb8dbadabba9390558fb564b10d8157063b659e8fef7826919e49eb188a131ccb59a77af84e69b3494839567e5e29a2241bc2664912b1c349e9"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x2}}}}]}, @TCA_BPF_FD={0x8}, @TCA_BPF_ACT={0xf8, 0x1, [@m_connmark={0xf4, 0x15, 0x0, 0x0, {{0xd}, {0x90, 0x2, 0x0, 0x1, [@TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x9, 0x2, 0x8, 0x3ff, 0x1}, 0x661}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x9, 0x200, 0x6, 0x8, 0x4}, 0x8}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x5, 0x0, 0x5, 0x6, 0x1}, 0x8}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0xc6e, 0x0, 0x4, 0x5, 0x1}, 0xd}}, @TCA_CONNMARK_PARMS={0x1c, 0x1, {{0x3, 0x5b98, 0x2, 0x0, 0x9}, 0x2}}]}, {0x35, 0x6, "0fdc401c94aa908312019756e78d106f29a8ecf9aef9b418e6eff93ef467a48e551aa78003ae4bc16b5e25228460b59f11"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x1, 0x2}}}}]}]}}]}, 0x28c}, 0x1, 0x0, 0x0, 0x80}, 0x8030) r0 = socket(0x10, 0x803, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r2 = openat$cgroup_int(r1, &(0x7f0000000080)='hugetlb.2MB.limit_in_bytes\x00', 0x2, 0x0) write$cgroup_subtree(r2, &(0x7f0000000180)=ANY=[@ANYBLOB='-1'], 0x27) syz_usb_connect$hid(0x1, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000200000008c016e175000000000001090224312a53e6f00009040004010300220009210000000122050009058103"], 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r3, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) futex(&(0x7f000000cffc), 0xc, 0x1, 0x0, &(0x7f0000048000), 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000140), 0x0, &(0x7f0000000200)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0xc000}}) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r0, 0x89f3, &(0x7f0000000580)={'syztnl0\x00', &(0x7f0000000540)={'syztnl0\x00', 0x0, 0x1, 0x8, 0x9, 0x8, {{0x7, 0x4, 0x2, 0x4, 0x1c, 0x66, 0x0, 0x7, 0x4, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x8, 0xbd, 0x0, 0x7, [0xeea]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f00000005c0)={'ip6_vti0\x00', &(0x7f00000006c0)={'syztnl2\x00', r5, 0x2f, 0x8, 0x68, 0x5, 0x20, @private1={0xfc, 0x1, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x700, 0x8, 0x1, 0xdddb}}) read$FUSE(r4, &(0x7f0000001280)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) syz_fuse_handle_req(r4, &(0x7f0000004300)="00e7a0633e8438bafa888b9b02144af32e296a0a01dc194d649b6fa26d6d5e63bac4a04baeeb8aacb22c6eec461b67db6a737737c6d2687acb00572f92e3fdb5d0cb2f11121c557a943020200755bcab77b39c406b733239e2bb1175b9322ba39dc7d67da8f77aed1714dae2e6c24c3ea96be9d151c6ab7b3c54bbe507b8b2461fb4be8dc90042184af6d48f8ace16abb5e3fc943cf61cdb75624a259bdb5f7829b9775820f85f2d1a6ee6c6c2af4fd41ab8a41ecb2612abf13cd2c6f9f3e6db505e4bbe68cc000cf5fa6d5636191a4b366ab59af52132a3f9678d4ed1bd577bacffb3b52850804005eebf3dfa4763168ff30490a11acdbbf4c3312a45f30139f6b72b1e7cdec185006bb30e0e8fa88da2cefc718cae7e9830f7ca101e4e23c6bd16bfacf4a9927fb13af4b79c86ab999beda4ad396abdda354a42fb4ef21d6749175dc21a0cf9191aa4f90d274b50370a580ad8dcd166d2b06c0d8b071973c3fde30f7e2bc371a51ca5866bf8b24eaac75bf482dd4436b214ff62d32e20df223b0b680ede28b3a49e66e330a8a3ecace0db9855d235d5ff23765e742d1a739c2ac8743f4c62664a3b347279da55a1a5b16e1e2828b584a013577d50f890e3894d9e8d6bfccdfb2b70221f12a7fac24b7a8818edce72b65f622c77bf1312771a2c0d805ec9a25c536c91868762032255be78903b77b2c1a773a03996fabba69214e76f5df6df0375b592692a2c3c86c75a3be56fe598ddaea0b9901d20db7e43e128e04e5509283f833c24c625887288459db5727210ba9a301fb8c934dd1d8dca68039fe5b2e1a8d7cdfc6d875e5851098100c3cd42544ed90bb55b58d20a501fabbc485d148c615a3b070fa0520da2ed68ee115a4411d5418b47f3d95616096f67a7a36d68f1e8df82eca8ef96fb4a96b3422fe046a37ea5f5967513a559bd770fecab7228b0692f439765c9e9c6ea4fc608e0b27f9b49064dd2f9ac06f83f6d87ebc61fa3a29bb5ed39641245ce8cf43770df32a84838802b0827ca5a40e2003915e2ed108a005637bb028d29bd2cfd28a1bd55e67ed1b6b7b72163c27c4b0e36d1b134d6dfdb165a66fb46498fc04bb8053b84098af5b18758631d1318d625a6fa4d3ce5a4d3a90e10c6363a26b5ae96c2d56f87ad21a6118af6847d041f88f852ddc3f250c088ef5cb31198f3ac81cff9a5bab26ed56c09f8416188974e08349f7da28fc754b98c1ac4ea0060ac1e1b1c49f7dbadbc59254b265dc418cab9ac14e2bbecc4c3103543e37984efb1f61315e10d2b422732217d3a9b0cfe4561f3765d3bda60be239e02bdc164dd631582e8c87dd8fa60d63dcf9e7f3dadc4ce5e4433a42425b8ee8cb8a2defab0bf9b6109c90b5655b79b18c06884f2670a985d454e08e54de69f645cb0cbb70620bd988ee717c310ae77b4abe81c01c6e7f47268ee20bc30b9062830917705682eba2c5ef966b877f33294aa5f8b29d3dd5ed92302087f34fa18d19a005de05f925e3e93c8c0f24507ff20cd23d9ae5452c32ff58c78ccdb1ab32c98edfaa6d2c3971934ca8f849ac360c286566eb72b0793f12cef84bd282368d533247ee750f18aeda484167f3d680e4aaa3aa0694441d4ff6a71531f1a30f87eeb71afd04c5d686e1f86f27586f4e2c8ff77c09612ba1af9b3fb93efd31af42f8e0498f35d07c662b743a08f2839cad8f95b90cbb4fc0ed2ca45dd093a549cde4c6ff08ce09a2cbc6f9f78b6f96643357f92f8f403202742057731fd3e343a87c0affe803cfdbddb8c2694ab63f2dc35da705624747e30a943000fc82c40f10e1975d2e2ec15aefd531b6dbc053606b054dc976f44d5b5a5f37e9c08532ce16cf8bca55ab6c814ceb855ab50b8b52620f8645a9dc25fcb732080d84bf39c3ebb235b4d96da527b64ec4b72f69e91d16a4efcaf76f2e1f968ca68a06f60b01ec7becc9ffd7877c0992cb0f80fb3daabc039513896bd7697843be06aba53e7761e11e075c61ef2d897d4d9f90041c14283746feeb3f0d456ba4be27843350fe43e7c1110b4439489139f6dae01c43f23ec71f08d3042662483887657c76219c6e49de45bf078d3182a1bc1208bc59379e705aa3309579947409f2a8b3d79099c8619f916e7a6fa333d2312a274247156b8c25cbcfcc59ef13339c700f56a8691dff39bd4338789001872c0d90929037dc0ad99b380a6ba73f331f73f9274f4c2bf5233d7482edf37bf6ffed4f2c0ee44a1d57cae0d644f25591dc03bf837571a82d0c31b61be7ff85a5b3843e8f96a50eaa43f5c137ecfc4e4530d08a2afa4ba02fcc50117a4ad0d5862302017639344c82749f673dbd650e49b35302d0acbab45c0973198291bb42b4cfcd3b0c252074341ea8eca19e122cd234da6d41bf5eedb706e16c17687ed8b84db67130796d26b94eac83bbcd785b603242bd6252c155711efd7dd22cc54e1eaf6d910d0f22c701f3d4da0314dd2829c6ee13bbcbd126558b47b8066bf0766c792a012315bd29bfeda8f28a2c1f4e638b701758e19a0e5bd5b4f19048b00a877d956292e345f8a3a8367892f955bcb5e50ca145ec5e2c9309e25941bd277e393aaad38f9b72a42514b27da6856223c37a1fc1327fa760551d3fdeb0b222ab180b16c9eea138cf4f327e88fdfee293c5b6b007028eb796a60772148282dcd17ffc1c90ed8b6540ede933545ed5a5301d6ff39734444ff3d85cda4ac3befa5083a4685e9e231eba4a91a35f4f7f48fd5ac2447c64c010e2a9f8e80691c95460e1995444466ec5f3cd71fe509a26ff0b7f3254bc8c3255e903834e841b37c70b267fb33deb0d1ed4ea84a869453ba508fc255b12cf847103d5195046c930ae4a75c956f22fcfe4186d547686b54bd7a534940d5d62216994eac0e8ed3bd2bd59354e6b9c6b5b10511d54a8b928040f1e13c4a423b0cf519fc6e9673df5c48c0778c7edb8fa8d8ace77463a77d2d6313160e1ee72742953e433b670400d59c93464fd91520847db238610ed0c289fc55647881a7d6257cf28090c75a6f19df079cfd35742a74a5ab270314f7c8039c20ff0f3f543d029b75a741b5dc6425241ac2ffabf1f96288e6d4ba34da09fb6049c2c8753fbd41fdb4bc68c57bf374ef4feb0df00c41319debb26afba2ff39e1799a1c2137f4e920ee5b02d93789b6b0c853e8143dae5b08ee85da2ea7c31803610ce797293ea95c16ade6dae2afb008e59d8b9505737f008b5227df5f1e4eb5d707f502698a17ead9b1f5ec09dff34248ff2fb153dc6df4812e39754a4baa42e1d8b77fbddef3ca091701ac28ae5fd422dbd8db5b122d3965383abc37a52d2fca5ce56eba974dba3d059cefe40e3c35c9daa8ae31198214303c1dcb90d58fc983ccfd504fa43925636f94b128d44e8aa5cd3ecfabd50a84062d03f7508a0575ab65ecc749d3ef566fdbc529a8139b7a7fb3a9bd784df52cddc6f2699044ba47615163fbbe19f3d88d38a8b71fe52b2611ca74341429d1cef1a7e350545be29d2caa560e60352cab074c298c44ca2c07f9795ce52f10aa3e2fcdef371f24e309b19e52218881f25a4674527edbe3b3bd0b9b536d810c6f9500c0c81bcfd9a440dd91c1d35c52758d2b2ae1a8497bb394c4f09d3947cf777727b0d1daf5ac4fe4fa3c247a791702cb84b96321b7fec81bf549d4eb5d6dafe019b26187417c68b064e4308908535a3e77b6cd3e28caaf12d726f15590b7958e40134d045a38cbb689131a7e85532f1c63dd4bac9e4d00645cd7b2b71704563f3738b92044a8153f6ba717800ab7cb238175c376d7add2c5ec38e4c856f1ab9c3ee33f6ca6d576ae908dd290e4bae23470182e253765e04e8eb02a791c4396a511ef467879a9e2818b8a4b1b0b39a6c44e816e3ebf6e3be93929dfcb38d5dad7d20b60215447674d0608b8b02331ac20e57083cb9b4449fecbb149441aea0ad82f00a82d87d743fc80d410922bc20923516885440f43c9f32beb81ce148def6140952583a7825c2d2fe012d52d30ef66d32a8a0864ac5c1737e2506228d41ff0515ee80be4cf012927dde0fd2a07cac68eff8c4437f2844d4df07936fd8753e5909f962c5c767f8719cc295bdfa8a16f3f36ff56e34d7b14b6b8c46d5af248b04a9c5396f84990e23d145670950bce5f5638e5e2cea37c3732fa1c05dd9d21d2a69e5fa3abe9a2dad2237be20b4088393c04aa66cf13718de4bffac72f641a8c017a1d5568fa15a6a06e4dc833874ec95af6f115bdadf15179bfc8c4e3e64f26f1299e282c4ab397340934efc1e601afc630fe195e8ae7d8da1310568cab4f2fad085d0ec39710d8b7c812b3fd55c6f50925bcfc90fbcb35b8daa0f1e1f69d82fae2034039f7ad6921694ed48a55a68bc541e6d86f1e33c261a92d48b50eb58a03d8e31b2f6564a4ddc3ee988d0dc47b4b610a9a9dcb87571b5c1edb3362df0ec3d58872157e0f7247dfa8100b4478b705702a5620c9201010f40232327550db333e845dbecd6aadbd0a94c064862b1100b6dd45ece811b8c0275e3753e11b4bcd8bc5ed7668e72afa5bc5cc17b4c313273755f532ecfdefdf2d5c47999453a3b7c158d98332f0bd3a820cfb2c8c3bcd43197e7395a032cec6e41662079f2f654965aebc393e22b5c8516d9b8ad01e33ee481a4ac46a2df304dadeaa9e5274d340aaebe14dcea315fe1279f1a41a5c7aa8c94bf4b3d48757503171f53488e01210145e62c0de7c39737848dbdb1b207d4d33b8de180b020e8a76b1b521905e5e3ce97292f8558fb68efdee774681bfffcf1dc3eef35f660dd1659a32950de2d50e762313beee330d9c2a9fe8ce5e4e61ddd86378d3551335f6ef62053d3b248a8c33a11abdf3f3aa1975a15f4a6957a13d5b12a44d0f2b52b9a2d996e98c630c0f2abca80c7ae89efcf81ae284a0d19582cb1319d207077e5657d245533181ed6e07e0f7647123fc46c37bd75b4f4d181112b4a08acdcf445332cb9dde69a0923dd9244dd2ecd818b19588939922e3b2d8dd9d9fed95fa55b0e4564b38aca2c4d24eebc634664400177fbdeaeb278bb1d8eb11baf4be5c87d4f8d9a855bfa75df4c51fb4eec87a27c59df9a47d82523b08022a1c0fb22ff6f93c3d2cc22a4111a6ec5be428cba33617be65739c2240248f3a02d01ddf2d6aca9e537a2296b16d082d2b868504371dd5e41898885b03ebfaca73b40e8924ece83c1c80de6ce14943e1199c6f81bf359f44c3ed5ae3c6eacb730b1039f0b6555347bd566dfff45a7a2176420ab2b40916a73b66a3ad07af6e1ac5597393d203fa1ad34d4564af956a0a3e2997e27a4e5eff67dd89cce8875d995e00c1858234f149f6ad4cac2b8056966f726df57b8c4ee8f22f23097ba1471b1f1036e3a499400fccdb75b56eb13e9eca1407d5bff4b075b06d00fcbfcafc28431eb33156232e73c6577e3eca437330c494ede57b9609e1f40634918dea767338b5542197410cdc000143ace89ca0b7bf645b3267f74767d7c7fce05d2f59c137204e56bfa711f66903c511f681cf7a1b4f9fc0f42b7c438ff8957e1059375321df5b0c5c884f46d94c21686e1300582d34928bc398653118f79bfeea2e7cfbbf31a7718f4aab50fae57db94203d43e060365c9a7455241be03d82dffc3783d0f6aa170c0866eb0dad07485831526922d8348a7a16e2e9903a2ac93c58c6dce83127fab17703ec004a519ae5675baffb31bf4b52f9ca992a84017a44d68dc693abd829947342f277fdcbc87168bcc03c32b8b1e81a1915af2517c464af07d52b79d1b0e53164c82ba049f81e92ed1dc20a88fd72e9ce7aa4b22a7cc57dc5527d14f62bc29cfc9d57ed26fd523cac39ac00ba12d3a49d694709924275fc0793d56acf9558818dc9eb210749fa5307d45886b879257d627cee0542b51c2ce6ce134100efb47c92456ece5b73cdc051f570810a8d534222649eb56cf73a377162b753de6c282bcd4a25dda21dd10901bd8dfe8fd4ba8a70811c39707beded23dd60f23e2933372e3a6bce099899b07f0a4c4956fd98e956a8649622c77717de099463c0c6c9389ab4a1ae10f8ddd086d876af2943ee0b6b402ae5f89e09922e8c510ec0caa0a83e366e916400bfec88a52ab457037a35ddc6a8e2289c33684a5915c37bf5d227cbc65a737b52bdcb4fbbb7b4e7f965db116b46044d0870846c730dce12e120b1fe6dd5798ced24cad72c59a3f44de4978b8bc05a1dbeb766be6e2abf6ef46c67a58a370e54e92d89e5f44525e82b94a388d8d0cb20c3469a258c1633c9dddb6854aee255f93f59435ff317622f6899250aa185c207644275278580c5d32401741fe264a2e03b80f442ed58fd0704ebac923ac6a5abb7f0c695252f82e3fbcf2b99d721589a8fe3fad4d5926aee3d7bfafb6739e525faae3d25b12841fa2cc61dddc44d36acb9a8b72d60ecdd9c8cf04f9bac341b5e0f9bc59042db8126324888b07afe72b18cce36d61eec975b6b4ef5dc4a16ac14440cf770599bd4db630bd110eb63a03a80cd95c16d314a4de60cc5115bf0754cb7ab84a827ecefafa96069c721a5979f227fdc2467b4cd1975dafb5b28e1d6f3c1c3a2816ad831dd98c1378a03798c128f176426eaa0e361571e758d54bf4ec2c988355f016e16d6cd5cf97bb4891ab33f5623b7e796af313cc7a9e2f9510cd2bead1ea5dd080d9de1f595b2629ebccf69a0feaed3963ae8a6c89edd66fbf6e566379898185828925f8669668d6bddff961b08aaedbbe7fc196931a887ec740da6bcdab8f826a34aa2aa1e406a258558f3baf022a64222df4d6ee8726c79ba3dd6e11a19e4b4bb49b4a8cd99c189e6392f08ad731e415b65d0ccb919dca46efe9f79e21437111ab09e926d3038182044ae047bf1cc92e2d2644c528985719667a1a8abaf65d0f211172ea789b2fa016e1a88325d1ed706239da4dbb9e2079e3598b4ae5885667587ba1e0921c9ba55d7a3be4c47bc2f2f3547ce9efe32e5a22855f761bd4cbe1cd9337eda4bd7d82a918084d7e116b656104ca87e64b1b8c62323c3c296c5b5b98051feb607b872edf9f789744aff710c4b7279711182bcac6b76c05f5cd982f52f451e7e29046550e012e01d8cdd3e305427030f4247488c9136303084c12175c5c781cdd08aede5a356ea0ccdd05a460be3c7b4bfd62c3ce9ab68e285a36c1546d0b18edad71f69f5bedb340772e1bbb035514b085067259e39f59dc292a12557350c66904b253efee29a5eb7a6920f583c899dc46a1d3e2af2db3a3d1a0e8d1f98722a16c6cc1e401058d60c8c436d8f1166ba53bdde5810f9d0288528affd486c266546a864c92af3df8abd451cc1e0d6bfea534865cea9d49b3ea5e390fa823118df8a61e31022f5fbb8ceee870bf2e60890263c4d14e24d053d0fddf665ff80a66fa00a5957f8a30fe82a4b82cf2f6b4d49def98f66bfcdaa0aef13314e950ca9f3849b1edf3b82eaf74a0dbcf45c3dba9bd2d853281a78484f1efaf4150da1207ec3cb61fbcbf759f8182b7052b28d7164b73197b0a440759fe9d5ddf827f1897a174e82fb968a9a07c61bee44bc1f7f9ee5c6de04c02d57735c5fab741b36aec7c8642e56cba932a08b8e8a9d3eb066a4ee7cbf22e5abbd4346de59eca1f24ad9f7f9ff7621e5f30dd08f4cddda8e80e496908109f5212a72bab1378d1237def07bdda4178719975346c68405de15153031fb17535894e5e3c1de6fdd507333f0226b78ba7cae509cfb48d6735ede9392650bf85ac1db919b1e9fe0a823119d8253204dbb2f7a8f524be6d419f3a45c5051a7a88ef0bd41586d90c11a894d647f03895f671a6e19f1c70e32668653aba8366a3d372522f49844081a9637db080663ab02f4a8af502955d5411461b62f85308c91852f8fb9f0bdddd500b4a133791d3a2f91a82dc4b09f5ad2196a9172ab0cd3fafe7266e9f6d159110d99ca8da8a34b17be17a04ad4509a9fffab1e45e10f10e0cf9cfbd9c761ad044064c07e473fdc626289cfb88b13a11455c069b70aa02426d9119ac878a14c9483be9c0d5bcbb5fa76c8d06531f59c7cf7c26372e750e2f332418ca769e5e7fbeb3ada7bb58b573a0635e2e3ad9a53ddb809ea01086a3fa993ad57e89da6f9c5e61bd0f8ba69212a386b2aa1ae17520d7fb989dbe14021885eb50fa3048aebd42c861a09a308b660d382c0480ead8a52a1e14927c7c77957f94bb59ccfd557f8c4a7af23360a298a603d20ebc386db041d8c306b3e32b0bff541bdec5ff75c3b40950815cf9f89d48a382f67e44c409d046c01fb1262aca0df6f5238a3c3c09977261494f7361ba326815d6e23f49e4d6d4b54665081067332265fff59cf54af9da0db9d19bc611cbcb6e6f3f1e2e1ffb6cdd6253578d78d06a2ff5f9250f1994c5749e3ce49231fbd63bba28e948f9150933e3ae31299babaa41043b181a100882e613b4b4b8f49ceeb742d22f860853a9b917f5a323a8a1fb1f3363a7be4407fba44b408f259b5db79a055b92ce3d7a0649cc59f4afa2b1f69959d5c6f5eef1fa7987a47bee4491f685c52e9db1ee1a231ab5a4bae1019c97868a409dd0d57b32525394a233023c4a7ac429808bbcb57a34b41883202744c3bdebc0a637773273f19c2be6e806bef7fc1002846db762ee4e16867773808c5477987d5851d5b1641d070feabc203cb3d7943ffb206272fcac1bccb616352d85975f5a22c0f247548535ad9fb83fb2be17689453f10691143c060cd964df63c3c70e7b1cfc7e2b468015f327f9869353477bfeeed330b03ddd9e4e0a2441182244da283d7a59d2b2b20e6de3e3a47c26aeef4944c1190bba674523a6c3c4ed6bac53b9edffcb0e9fb19d8bf36949d03ef6a7e59eb903a00d9614f642d1932c766421906f5b177963c71e881453560e3ffcec792e8dc46b1832a8fcb2ab2268a9c1fb648d1c6fa1c8cbd50d5a2d8264fbc6c063e6daac5519d362da389dcd3d12c8039f991de91e728abf5bab95c3aef66dd8cc36c60e73cb10afb02eff6df20ff12c59b142b07fc48fe94612de80b8b958f78256fd7cf3c6f79a83867f3bb5f70da392957badadecefdf7b6e4ebd39ff945397c7d302ca0a5a3918d8abb893cd9cdd680916a50fe19699ff0476ad82e6ba46523f26ccc5eb65313c1df1077c8876d2b73bf86ba311862d12b0c557a92ef827197121512e87f817167d4b17c7e225a48b3f8fbbf4187438e0e9b78e905cdbeb72e80dfb37ec0104f5186b39b4ff34f0cdf4b74dc915acd3f98874cd6a67308d0ad9697121ac477550b1affe004f433705933f9647522be65cb5a7471120ec942aeb956f195be0c1783102cf7d842f2968222ae1a7fa6513f200d3fa85d71724956ed697f0673ee3b40a4d46ba4850439ec125b708ed52b52b9f72906477d520c90a9f5dd49a7a33a328137a183f439895532b78ae451a8c3db789bc862fbc37241d523027e1a008629c969380f6eb55f9cf3f0675bca6851f00df6aaf90de9f62d5c179945ef81d1073850301f97e379ea415d830e3f3751cf83e2dba541cb6cdd89e6b674f2c53e329e5f3dd418d534ada6469a5b3bca5b7cfbdfdd6df4abaf77d4520d0311e801145c91b52586a56086e663841b702f52cef9fff8cfb7b33dfa125688ba6b4fadd1dca8defaf4259ca85323b23d3bbb45933562c25af3e8d7bc6ad4a50ae974f8d207994b3bd74a6812ab6a40fcaf96bb4e17bd20d742b14c72226caef3e0f5c56c4930071e9f9a894f18650fbb785c6f707605c86b634c9722c8690cf3a954f68d7c2db3a257339ade67a41259f6f878dd0ab7876deffa77f6f00819282a8f4c4da84c6cf4f335cd0410770a2b1a1fbb3f85f4489eeceb78bbfddb2d1866c57b41f6ed179a0bc3750a486403d23473f2feef43ebc5af1018d9c20089e277d77fb9c34f425c8f8af4c49864b57572fa8c232e61ef37194251a1ddc2f73ffecd57e638751cb72bcb2c40d22540166ca1e8588f24b010c9fbd962e3a2c23a7e93f131df61b8703ce326ed80cc87912d3c6aaa27574bbe8d65bcaecd660c31cead132a44b1d0e4a53cacc0b82a263c4e7783944af0af08ea9e68e8e25ed9111cfef841f1b2fd24164f9097f70efe09b1109e5cb91fe68a2760381fd63a7fd422dd578a60661abc9ee3a5db1c2cde2fb21f2040f1ed3fc27b99e254256949d0560e8b98fa028fca50768caa951a87bf8969af498d50a9ee773c9caa7d9f7d8e1955506013f198cda316d79b177e59f233b98f727afd2494fc18642f0015adab756ea6742690c7d00f28655b915ce4eb8b3ba2e8559ba23e1ff1ccc9f79ae2df85f924459c56715dec78ef4592352eb1a850cd65ecd36e1a9121e888586b7b2fa84da920b8cf44480433e61ab076b10171c0537524bb170a4b99b0b0c437418a665b7ef909652b6483b20362e557c1480c2a2a0efa221fc59054a48122b52d38245f9bd026001635be5b155f5c766a59306fbde231fa72b4d74449a2fe8fb969496ee26af5881adaafb4189b439877ab8f78709cfd32c10ea576a010bfc137b7a4aae137ea3d29070ce3bc8dbe6655e967115ca3461ad9d28b9cf8af07441e68a54ec5e889846f3978f07ba51f7d5af5da78c5c675dc5d0c1a4a399ff4247203573a46fb903eaf7bc886e6cbd3126fa4a3fe3bb13bbdfea7da871f6563aa750f6ad7895b34b2809563dcf5ed30f1c60cef4138aa49d4f55e396534ed10cf4d857723a2b442f47d79de162c30ec6c4daf939b4c88649494e3682d1da81b4a5928d8e18a16c46707a685305e592589acb484e28e9d5af89c44b6e563d125ec97c0155410527406d94b90bc9576a662db99da1cb82b04d610d02187ce08f22ea0e8fd31919d53fa6aaf980e31ca7f8610e695a41919c24136a8406c62d5f15fca365892a2b54ece17664b5247583ad60d863f283f3c288946139575dcaedc978762e85f534e56334ef0221c34ffae054ddf79339b8f08701e9699b11041df8f518dd33203363c8098fbefb01555bcc2542422777b38d8dff11b15aadb0c251ce2c5b32f8735b3cb784f2e5731b48feb5a0e791a1106abdea0f7d1f087737cbe7fdf523fa14c9be2a2987511004c5b7ac1814ef6961db16799698242452c469a07c30e4a1f73193c74a41bdd88aef50035e4648bc9dfa276951798420a45e4085932bdb9381af3cc4678bd962af616549e4020d2c9fd25e2117a6d8934fde2218273d7833d60ea492e251417a27e7fb32012a940a6b6487af4b64958bf05f1b1107732149d227eeda5ca5a43cf583dc297d66072a1acd75e93a7caefd36a0d581e21d5cb08654c4ecef46ebac5391546e0b7d2a6418548d8f816446bcf237f676e873e6bae9107234abe5ab24c53ea472ad10653cef068fd9f4e729fc0d526e489f8df13af5575f1e70e0ec22899728b0659d70fc2dd509d9df3ec170638f89e540f4d3f02aa9b1b1819f84da596e0d7b45a5818061728f8eeccd2bea0f460dd7e18cb95f2364c50e351f0690e184eb63ebbb14a0b4b2117e44f3b2b300", 0x2000, &(0x7f0000000b40)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)={0x130, 0x0, 0x4fcb6236, {0x0, 0xfffffff7, 0x0, '\x00', {0x1, 0x801, 0x8000000000000000, 0x804, r6, r7, 0xc000, '\x00', 0x6, 0x85, 0xffffffff, 0x3, {0x8, 0x8}, {0x4000000000006, 0xd}, {0x2f, 0x7}, {0x1000000000, 0xa00}, 0x8, 0xe5, 0xfffffffe, 0x4}}}}) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f00000000c0), 0x25088, &(0x7f0000000a00)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@noxattr}, {@dfltgid={'dfltgid', 0x3d, r7}}, {@access_user}, {}], [{@context={'context', 0x3d, 'unconfined_u'}}, {@smackfshat}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@pcr={'pcr', 0x3d, 0x40}}, {@rootcontext={'rootcontext', 0x3d, 'system_u'}}, {@func={'func', 0x3d, 'FIRMWARE_CHECK'}}, {@measure}, {@smackfstransmute={'smackfstransmute', 0x3d, './cgroup.cpu/syz0\x00'}}, {@func={'func', 0x3d, 'KEXEC_INITRAMFS_CHECK'}}]}}) 7.375474326s ago: executing program 3 (id=289): r0 = accept$netrom(0xffffffffffffffff, &(0x7f0000000280)={{0x3, @netrom}, [@rose, @default, @rose, @remote, @default, @remote, @default, @rose]}, &(0x7f0000000300)=0x48) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000580)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x4, 0x80}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000540)=0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB='\x00'/18, @ANYRES32=0x0, @ANYBLOB="00edcf69920000000400001a000000603200"/28], 0x50) ioctl$SNDCTL_DSP_SETFRAGMENT(r1, 0xc004500a, &(0x7f0000000240)=0x3) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f00000000c0)) read$dsp(r1, &(0x7f0000000440)=""/105, 0x69) accept$netrom(r0, &(0x7f00000001c0)={{0x3, @netrom}, [@null, @default, @remote, @netrom, @netrom, @bcast, @default]}, 0x0) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x109942, 0x0) mkdir(&(0x7f0000000180)='./file0\x00', 0x0) mount(&(0x7f0000000000)=@nullb, &(0x7f00000001c0)='./cgroup\x00', &(0x7f0000000040)='xfs\x00', 0x800013, 0x0) r4 = syz_open_procfs(0x0, &(0x7f00000001c0)='mountinfo\x00') read$FUSE(r4, &(0x7f0000003480)={0x2020}, 0x2020) ioctl$PPPIOCNEWUNIT(r3, 0xc004743e, &(0x7f0000000580)=0x4) ioctl$PPPIOCSACTIVE(r3, 0x40107446, &(0x7f0000000080)) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5", 0x4) r6 = accept4(r5, 0x0, 0x0, 0x80800) sendmmsg$alg(r6, &(0x7f0000000400)=[{0x0, 0x0, 0x0, 0x0, &(0x7f0000000340)=[@op={0x18, 0x117, 0x3, 0x1}, @op={0x18}], 0x30, 0x55}], 0x1, 0x0) unshare(0x22020400) 5.609494938s ago: executing program 4 (id=292): socket$packet(0x11, 0x3, 0x300) socket$inet_sctp(0x2, 0x1, 0x84) socket$alg(0x26, 0x5, 0x0) open(&(0x7f00000000c0)='.\x00', 0x800, 0x50) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000040)='GPL\x00'}, 0x80) epoll_create1(0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0xe, &(0x7f00000004c0)=ANY=[@ANYBLOB="b702000000000000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000001e6400000000000045040400010000001704000001000a00b7040000000100006a0af2fe00000000850000001a000000b7000000000000009500000000000000455781a5feee5e1ce784909b849d5550adf200000000000000b61d69f2ffdaa10350e11cb97c8ad51bcda0c4ee6d9674c77404ceb9971e43405d621ffbc9a4fd39b0631f6dde53a9a53608c10556e5734eb84049761471ce540c772e2d9f8004e26f7fcc059c062234d5595f6dba87b81d0806fb0289ce67a66afd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7480884bd8048a967d9b912ef9f1dcc4ff8546fee53f5b2e7b91c61ced1ebad000000000000e8122a793c080a882add4e1179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3ad198e3f3a532efa04137d452ff47d2638da3261c8362bb7c7824be6195a66d2e17e122040e11e3bd4a69fc6e8d9f7043e09b9e10dc7777bfae5884e4ba1e9cc4a2bbe99e30816127f46a1aae33d4d63d716c0975e1ce4a655362e7062ff6ab3934555c0184021b829472adefa06d3482c7b2711b98eabdca89b77efd13e6dba4a431ce47910000118093b6cabaa17a57727474e1785ee234835088445aa4a9b677d3d342640e328504aea02a2d727e62b7f097a02dbf8fe1d704765de7482040b2fc3000000000000000008947baeaaf954aff687deaa2f80492461d273ee26d8115cbca081a14cba24788779291745083fccdddc90d7af35c528df8000000d8d79c79ddca066da478c197d4a550470557bc99cca336bd88cd28a5ee651627e3a6fbf6ea53b95ddb64c69c7d8d2f4baddc239828760459564124bad68209d2a1d16ad085886c017679cfcda8b1e152ac1e2bcc5ede5b5687aa418abfa29acd7339e73b2cd185c9eb5fb34fccd20ffa155b16c0c309ed6f6663677df37de0ec0d0f548b273940be5d1fe0bae14d1a76bf741330dacd9cc19c0163bcc93059e8d2d1bfa928e2ba458ecd989cb3581a3f270ad48255ac0dad4923e3e36629589ff6b0ceb3438e4b432dd454c04be2d538aaf60c9f7a7281d32142f2fdbc3d37e5a072b5d7f0a349f1a75f01b5c203d4bdde6ff12de9a37f7fb9a16059ad97e2edefb5e0b0326bd25f6fd1d108efa9d30a9883815654486fe42cf2f676cdbb"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000340), 0x10}, 0x94) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) socket$inet_udp(0x2, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) socket(0x200000000000011, 0x2, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$packet(0x11, 0xa, 0x300) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="540000001000010400000000000000ffff000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000240012800c0001006d6163766c616e00140002800800010008000000060002000100000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES16], 0x54}}, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 5.067023531s ago: executing program 3 (id=293): r0 = socket(0x10, 0x803, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0xfffffffe}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000780)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x10, &(0x7f0000000800)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000003000000850000008600000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x65) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x6, 0xe, &(0x7f00000008c0)=ANY=[@ANYBLOB="b7020000000d0000bfa30000000000000703000000feffff7a0af0fff8ffff1971a4f0ff00000000b7060000080000006f6400000000000045040400010000001704000001000a00b7040000ff0100006a0a00fe0000000085000000bd000000b70000000000000095000000000000009e17f199a68b06d83298a8cdc21ce784909b849d5550ad857d0454d8877a6db61d69f2ffcaa10350e11cb97c8adf1bc9a0c4eeceb9971e43405d621ffbc9ce000000d8ca56b50d0c010d631f6dde53a9a53608c10556e5734eb84049761451ce540c772e2d9f8004e26f7fcc059c062234d5595f6fbaa187b81d1106000000000fd60000fd9ac3d09e29a9d542ca9d85a5c9c88474895d679838def0a83a733dc6a39b63a5ed69d32394c53361d7e43c5cbd80450f859ce8122a79c3e40000b59b0fc46d6cec3c0802882add4e3179bd4a44f231b6d753a7be428ba953df4aece69311687f4122073a236c3a32efa04137d4524847d2638da3261c8162bb7c7824be6195a66d2e17e122040e1100000000928612a29fc691e4f1f7bd053abb885f39381f1759410b1059f05684261f332d606834669b49ec99320ca7712d7e79bd5bf5ed818ecc7640917f6a559a47db608fcf9f6c131b84e41c354c66838f72b9e12d36e996f316f0812ca83efb30c7f6c6d57c4a64590401eec22523dd712c680013e87f649a1ede7142ca9d5d8a8c9f9b440fe4331ad5532c74d9a31a5d737537f7a2caa30581253d14dd3e92af7dc836686365ae01bdec561c0402b67801267a8df97d2f85426a5963d4fa3e26cc05972c162f223f000000d999e80de00fcbcc02d0aed7bb8f7ba337d59c14f39dcd4aad4139ef6425a9367f1bd1467fc6b95a4df7669839771ce9d5788029901e5a79d8b9990ace8f74087f25ad50c46088000000008000"/686], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x3a, 0x10, &(0x7f0000000340), 0xfffffd31, 0x0, 0xffffffffffffffff, 0xffffffffffffff5b}, 0x42) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000c80)={r4, 0x2000000, 0xfe7f, 0x0, &(0x7f0000000c40)="63eced8e46dc3f2ddf33c9e9b986", 0x0, 0x7ffe, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) write(r0, &(0x7f0000000340)="2600000022004701050007108980e8ff06006d20002b1ffec0e90101c7bb0000b00000000000", 0x26) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000005e0001003c94ec50162cbd7000fddbdf250000000062"], 0x1c}, 0x1, 0x0, 0x0, 0x2004e904}, 0x4000080) 4.910851868s ago: executing program 4 (id=294): r0 = socket$packet(0x11, 0x3, 0x300) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000c00)={0x1, 0xb, &(0x7f0000000000)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f0000000040)=r1, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000a00), 0xffffffffffffffff) 4.507663951s ago: executing program 4 (id=296): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000100)='/dev/comedi4\x00', 0x0, 0x0) ioctl$COMEDI_CHANINFO(r0, 0x80306403, 0x0) pipe(&(0x7f00000000c0)) syz_open_procfs$namespace(0x0, &(0x7f0000000000)='ns/net\x00') fsopen(&(0x7f00000029c0)='tmpfs\x00', 0x1) r1 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r1, &(0x7f00000002c0), 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000180)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r3 = getpid() sched_setaffinity(0x0, 0xfffffffffffffe77, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="050000000400000006000000230000000000", @ANYRES32=0x1, @ANYBLOB="0300"/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000100000000000000000000078d846565d7cc6b070f380f2d93d6887e83a46a11ed3a92764ded63b06efe337c311f6c56fed34dcb146792bae48021e00363ac7f8123bb9fa497c01b5d33f28e4d328d0ae4d8f084f0951d1bd9e32d6d0a86ef711f8afb3db10d9cfc6b07b8c8786722bdf910128f6a49001d75abcad"], 0x50) close(0x3) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000080)={0x3, &(0x7f0000000240)=[{0x3d, 0x0, 0x1, 0x100000}, {0x1d, 0x0, 0x0, 0x10000000}, {0x6}]}) socket$nl_netfilter(0x10, 0x3, 0xc) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x3000002, 0x31, 0xffffffffffffffff, 0x0) io_uring_register$IORING_REGISTER_BUFFERS2(0xffffffffffffffff, 0xf, &(0x7f0000002700)={0x1, 0x0, 0x0, &(0x7f0000000200)=[{0x0}], 0x0}, 0x20) socket(0x400000000010, 0x3, 0x0) futex(&(0x7f0000004640), 0xd, 0x2, 0x0, 0x0, 0x0) 4.412920533s ago: executing program 3 (id=298): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r1, @ANYBLOB="2da52abd7000fbdbdf250300000008000100000000000800010000000000"], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000) 4.088348821s ago: executing program 2 (id=299): r0 = fsopen(&(0x7f0000000140)='tracefs\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x0) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000080)='.\x00', 0x101000, 0x108) getdents(r2, &(0x7f0000000f00)=""/87, 0x57) getdents64(r2, &(0x7f0000000f80)=""/4096, 0x101c) (fail_nth: 2) 3.033493878s ago: executing program 3 (id=300): socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x94, 0x0, 0x1, 0x401, 0x0, 0x0, {0x2}, [@CTA_TUPLE_ORIG={0x24, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @rand_addr=0x64010100}, {0x8, 0x2, @loopback}}}, @CTA_TUPLE_PROTO={0xfffffffffffffe13, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x24, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @empty}, {0x8, 0x2, @multicast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_TIMEOUT={0x8, 0x7, 0x1, 0x0, 0x4}, @CTA_TUPLE_MASTER={0x30, 0xe, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @loopback}, {0x14, 0x4, @ipv4={'\x00', '\xff\xff', @multicast2}}}}]}]}, 0x94}, 0x1, 0x0, 0x0, 0x4040815}, 0x40) r1 = openat$autofs(0xffffffffffffff9c, &(0x7f0000000100), 0x101002, 0x0) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f00000001c0)={{0x1, 0x1, 0x1018}, './file0\x00'}) mkdir(0x0, 0x0) r2 = getpgrp(0x0) sched_setaffinity(r2, 0x8, &(0x7f0000000040)=0x5) prlimit64(0x0, 0xe, &(0x7f0000000100)={0xc, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x2, 0x0) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000000)=0x3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r4 = syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r4, 0x1, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000019680)=""/102392, 0x18ff8) r6 = socket$tipc(0x1e, 0x5, 0x0) connect$tipc(r6, &(0x7f0000000140)=@id, 0x10) r7 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r7, 0x40045532, &(0x7f0000000040)=0x7) r8 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040301, 0x0) r9 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) write$RDMA_USER_CM_CMD_CREATE_ID(r8, &(0x7f0000000500)={0x0, 0xfffffffffffffd83, 0xfa00, {0x1000000000000, 0x0}}, 0xfdbc) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r9, 0xc0884113, &(0x7f0000000300)={0x1, 0xfffffe00, 0x9dc6, 0x8, 0x7, 0x0, 0x6, 0x9, 0x0, 0x1, 0x100100}) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0900000004000000ff0f000005"], 0x50) 3.032023975s ago: executing program 4 (id=301): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[], 0x0}, 0x94) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'geneve1\x00'}) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48810}, 0x4000010) bind$packet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$key(0xf, 0x3, 0x2) connect$unix(r2, &(0x7f0000000040)=@abs={0x0, 0x0, 0x4e20}, 0x6e) r3 = syz_open_dev$evdev(0x0, 0x2, 0x822b01) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f0000001900)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001a00)={0x10, 0x25, 0x4, 0x70bd26, 0x25dfdbff}, 0x10}], 0x1, 0x0, 0x0, 0x20000801}, 0x40010) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r4) recvmmsg(r4, &(0x7f00000086c0)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000340)=""/154, 0x9a}, {&(0x7f0000000880)=""/4111, 0x100f}, {&(0x7f00000007c0)=""/97, 0x61}], 0x3}, 0x7}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f00000004c0)=""/153, 0x99}, {&(0x7f00000005c0)=""/233, 0xe9}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000400)=""/161, 0xa1}], 0x6}, 0x1000}], 0x3, 0x8042, 0x0) write$char_usb(r3, &(0x7f0000000040)="e2", 0x12d8) 1.367157894s ago: executing program 3 (id=302): r0 = fsopen(&(0x7f00000000c0)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsopen(&(0x7f0000000300)='sysfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) 1.283849633s ago: executing program 2 (id=303): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$gtp(&(0x7f0000000400), 0xffffffffffffffff) bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="14000000040000000400000001"], 0x48) (async) r2 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r2, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) (async) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r2, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r2, 0xc02064b6, &(0x7f00000001c0)={r3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GET_LEASE(r2, 0xc01064c8, &(0x7f0000000280)={0x1, 0x0, &(0x7f0000000200)=[0x0]}) (async) ioctl$DRM_IOCTL_MODE_OBJ_GETPROPERTIES(r2, 0xc02064b9, &(0x7f00000002c0)={&(0x7f0000000240)=[0x0, 0x0], &(0x7f0000000040), 0x2, r4}) ioctl$DRM_IOCTL_MODE_ATOMIC(r2, 0xc03864bc, &(0x7f0000000380)={0x200, 0x1, &(0x7f0000000440)=[r4], &(0x7f0000000200), &(0x7f0000000300)=[r5], &(0x7f0000000340)}) r6 = syz_open_procfs(0x0, &(0x7f0000000080)='fdinfo/3\x00') preadv(r6, &(0x7f0000000640)=[{&(0x7f0000000140)=""/134, 0x86}], 0x1, 0x0, 0x0) (async) sendmsg$GTP_CMD_GETPDP(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c085900", @ANYRES16=r1, @ANYBLOB="01000000000000000000020000000800020000000000"], 0x1c}}, 0x0) 1.237940085s ago: executing program 0 (id=304): ioctl$sock_netdev_private(0xffffffffffffffff, 0x89ff, &(0x7f0000000000)="3a86bba1454675afd5c84444144046") 1.136137635s ago: executing program 4 (id=305): r0 = openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000000080)='/proc/sys/fs/binfmt_misc/syz1\x00', 0x2, 0x0) lseek(r0, 0xffffffffffffffff, 0x0) 1.044192804s ago: executing program 0 (id=306): bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000280)={0xffffffffffffffff, 0x20, &(0x7f0000000240)={&(0x7f0000000000)=""/16, 0x10, 0x0, &(0x7f00000000c0)=""/168, 0xa8}}, 0x10) r1 = openat$full(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) preadv2(r1, &(0x7f0000000280)=[{0x0}, {&(0x7f0000001380)=""/129, 0x81}], 0x2, 0x0, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xe, 0x2, &(0x7f00000002c0)=@raw=[@map_val={0x18, 0xa, 0x2, 0x0, 0x1, 0x0, 0x0, 0x0, 0x10}], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, r0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) 970.462297ms ago: executing program 2 (id=307): r0 = socket$nl_audit(0x10, 0x3, 0x9) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x800, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0205649, &(0x7f0000000540)={0x2, @pix={0x3, 0x401, 0x3132564e, 0x1, 0x3, 0x3, 0xc, 0x7, 0x0, 0x0, 0x0, 0x3}}) sendmsg$AUDIT_TTY_SET(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000040)={0x18, 0x3ec, 0x200, 0x70bd2d, 0x25dfdbfc, {0x0, 0x1}}, 0x18}, 0x1, 0x0, 0x0, 0x8840}, 0x800) 952.079065ms ago: executing program 4 (id=308): socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x4}, 0x94) syz_emit_ethernet(0x2a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaaaaaaaaa0806000188000604"], 0x0) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r1 = syz_usb_connect$hid(0x0, 0x0, 0x0, 0x0) syz_usb_control_io(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000000)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="0300"], 0x0}, 0x0) 860.480122ms ago: executing program 0 (id=309): r0 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$netlink(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000240)={0xe0, 0x20, 0x1, 0x3, 0x25dfdbfb, "", [@nested={0xcd, 0x117, 0x0, 0x1, [@typed={0xc, 0xad, 0x0, 0x0, @u64=0xfac08}, @typed={0x14, 0x1, 0x0, 0x0, @ipv6=@empty}, @generic="50bb2d6f67d29d6fabadb107d0def49c88ea04abde1d5e8d3fb22a1b5046778bdafefc46b0449ade68bf84b36ec72dd71265fc2e882348c26c2126237dd5b37f5ae655b1086cda40e00aec58754734be31d750351dc076eb43d9621dc08c029d1608a46cf26fbe816b89f7cb81bff81a8b9482565856555ee923c65973deb0a99b962bc0fe94a3fcae3697bd7b85b3a682167c43dbf137115a40ebddcad74875ec", @typed={0x8, 0xeb, 0x0, 0x0, @pid}]}]}, 0xe0}], 0x1, 0x0, 0x0, 0x1}, 0x14) 706.843088ms ago: executing program 2 (id=310): r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nbd(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$NBD_CMD_RECONFIGURE(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="98000000", @ANYRES16=r1, @ANYBLOB="2da52abd7000fbdbdf250300000008000100000000000800010000000000340007800c"], 0x98}, 0x1, 0x0, 0x0, 0x4008040}, 0x4000) 550.209772ms ago: executing program 0 (id=311): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000380)={0x2, 0x4e22, @multicast1}, 0x10) setsockopt$sock_int(r0, 0x1, 0x800000000f, &(0x7f0000000080)=0x7, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000140)={0xa, 0xce22, 0x7f, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xffffffff}, 0x1c) listen(r0, 0x0) listen(r1, 0x2) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r2, 0x1, 0xf, &(0x7f0000000180)=0x800001, 0x4) bind$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x7f, @ipv4={'\x00', '\xff\xff', @multicast1}, 0xffffffff}, 0x20) listen(r2, 0x2) (fail_nth: 2) 344.930998ms ago: executing program 2 (id=312): r0 = socket$packet(0x11, 0x2, 0x300) getpeername$packet(r0, &(0x7f0000000300)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000340)=0x14) bpf$MAP_CREATE(0x0, &(0x7f0000000380)=@base={0x4, 0x1, 0x4, 0x81, 0x801, 0xffffffffffffffff, 0xfffffffb, '\x00', r1, 0xffffffffffffffff, 0x5, 0x2, 0x4}, 0x50) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000100)=@req={0xffff, 0x0, 0x483, 0x2}, 0x10) 213.898159ms ago: executing program 0 (id=313): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) syz_usb_control_io$rtl8150(0xffffffffffffffff, 0x0, &(0x7f0000000380)={0x2c, 0x0, &(0x7f0000000280)={0x0, 0xa, 0x1, 0xa}, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 2 (id=314): bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x4, 0xe, &(0x7f00000014c0)=ANY=[], 0x0}, 0x94) r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'geneve1\x00'}) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_MESH_CONFIG(r1, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) getsockname$packet(r1, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x48810}, 0x4000010) bind$packet(0xffffffffffffffff, 0x0, 0x0) r2 = socket$key(0xf, 0x3, 0x2) connect$unix(r2, &(0x7f0000000040)=@abs={0x0, 0x0, 0x4e20}, 0x6e) r3 = syz_open_dev$evdev(0x0, 0x2, 0x822b01) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r4, &(0x7f0000001900)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001a00)={0x10, 0x25, 0x4, 0x70bd26, 0x25dfdbff}, 0x10}], 0x1, 0x0, 0x0, 0x20000801}, 0x40010) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r4) recvmmsg(r4, &(0x7f00000086c0)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000340)=""/154, 0x9a}, {&(0x7f0000000880)=""/4111, 0x100f}, {&(0x7f00000007c0)=""/97, 0x61}], 0x3}, 0x7}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f0000001980)=[{&(0x7f00000004c0)=""/153, 0x99}, {&(0x7f00000005c0)=""/233, 0xe9}, {0x0}, {0x0}, {0x0}, {&(0x7f0000000400)=""/161, 0xa1}], 0x6}, 0x1000}], 0x3, 0x8042, 0x0) write$char_usb(r3, &(0x7f0000000040)="e2", 0x12d8) kernel console output (not intermixed with test programs): atman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.105188][ T5805] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.427292][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.427305][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.427318][ T5821] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.564986][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 91.564999][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.565013][ T5811] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 91.566932][ T5821] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.567059][ T5821] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.567075][ T5821] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.735582][ T5811] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 91.735599][ T5811] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 91.735633][ T5811] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 91.847508][ T5808] hsr_slave_0: entered promiscuous mode [ 91.848445][ T5808] hsr_slave_1: entered promiscuous mode [ 91.864698][ T5806] hsr_slave_0: entered promiscuous mode [ 91.865522][ T5806] hsr_slave_1: entered promiscuous mode [ 91.866439][ T5806] debugfs: 'hsr0' already exists in 'hsr' [ 91.866529][ T5806] Cannot create hsr debugfs directory [ 91.985153][ T5805] hsr_slave_0: entered promiscuous mode [ 91.985940][ T5805] hsr_slave_1: entered promiscuous mode [ 91.986491][ T5805] debugfs: 'hsr0' already exists in 'hsr' [ 91.986509][ T5805] Cannot create hsr debugfs directory [ 92.383269][ T5815] Bluetooth: hci3: command tx timeout [ 92.383303][ T5815] Bluetooth: hci0: command tx timeout [ 92.383445][ T5812] Bluetooth: hci1: command tx timeout [ 92.463374][ T5812] Bluetooth: hci4: command tx timeout [ 92.470501][ T5821] hsr_slave_0: entered promiscuous mode [ 92.471254][ T5821] hsr_slave_1: entered promiscuous mode [ 92.471837][ T5821] debugfs: 'hsr0' already exists in 'hsr' [ 92.471856][ T5821] Cannot create hsr debugfs directory [ 92.543325][ T5812] Bluetooth: hci2: command tx timeout [ 92.641350][ T5811] hsr_slave_0: entered promiscuous mode [ 92.642189][ T5811] hsr_slave_1: entered promiscuous mode [ 92.642883][ T5811] debugfs: 'hsr0' already exists in 'hsr' [ 92.642899][ T5811] Cannot create hsr debugfs directory [ 93.920760][ T5808] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 93.961583][ T5808] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 93.998782][ T5808] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 94.051300][ T5808] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 94.180761][ T5805] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 94.222826][ T5805] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 94.258401][ T5805] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 94.312963][ T5805] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 94.463660][ T5120] Bluetooth: hci1: command tx timeout [ 94.463674][ T5815] Bluetooth: hci0: command tx timeout [ 94.463713][ T5812] Bluetooth: hci3: command tx timeout [ 94.464241][ T5806] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 94.522979][ T5806] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 94.544069][ T5812] Bluetooth: hci4: command tx timeout [ 94.565529][ T5806] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 94.623671][ T5812] Bluetooth: hci2: command tx timeout [ 94.631942][ T5806] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 94.781533][ T5821] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 94.834805][ T5821] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 94.883989][ T5821] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 94.937196][ T5821] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.059021][ T5808] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.109025][ T5811] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 95.150837][ T5811] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 95.189553][ T5811] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 95.237702][ T5811] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 95.295015][ T5808] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.327086][ T3672] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.327970][ T3672] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.366504][ T5805] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.376699][ T3672] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.376893][ T3672] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.445404][ T5805] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.455899][ T5806] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.484363][ T1470] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.484488][ T1470] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.519392][ T1470] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.519517][ T1470] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.567830][ T5806] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.601333][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.601456][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.631922][ T5821] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.651647][ T43] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.651772][ T43] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.776410][ T5821] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.845095][ T43] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.845292][ T43] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.888267][ T5811] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.910715][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.910894][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.022145][ T5811] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.087830][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.088356][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.131166][ T5808] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.150678][ T1307] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.151803][ T1307] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.370513][ T5805] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.438878][ T5808] veth0_vlan: entered promiscuous mode [ 96.492862][ T5806] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.507693][ T5808] veth1_vlan: entered promiscuous mode [ 96.612031][ T5805] veth0_vlan: entered promiscuous mode [ 96.631801][ T5821] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.690538][ T5805] veth1_vlan: entered promiscuous mode [ 96.718157][ T5808] veth0_macvtap: entered promiscuous mode [ 96.747095][ T5808] veth1_macvtap: entered promiscuous mode [ 96.812229][ T5806] veth0_vlan: entered promiscuous mode [ 96.842055][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.890441][ T5806] veth1_vlan: entered promiscuous mode [ 96.895101][ T5808] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.914179][ T5805] veth0_macvtap: entered promiscuous mode [ 96.970184][ T1307] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.979175][ T5805] veth1_macvtap: entered promiscuous mode [ 96.985500][ T1307] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.989891][ T5811] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 97.013633][ T1307] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.018982][ T1307] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.190410][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.284629][ T5805] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.302969][ T5806] veth0_macvtap: entered promiscuous mode [ 97.338925][ T780] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.357311][ T5806] veth1_macvtap: entered promiscuous mode [ 97.359594][ T780] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.401315][ T780] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.418947][ T780] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.466300][ T1013] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.466327][ T1013] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.591174][ T5811] veth0_vlan: entered promiscuous mode [ 97.610603][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.676423][ T5821] veth0_vlan: entered promiscuous mode [ 97.709070][ T1470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.709090][ T1470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.732747][ T5806] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.772917][ T5811] veth1_vlan: entered promiscuous mode [ 97.795988][ T5821] veth1_vlan: entered promiscuous mode [ 97.797391][ T780] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.800539][ T1470] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.800557][ T1470] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.805098][ T780] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.835290][ T12] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.839852][ T12] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.005626][ T43] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.005649][ T43] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.178041][ T5821] veth0_macvtap: entered promiscuous mode [ 98.182271][ T5811] veth0_macvtap: entered promiscuous mode [ 98.237083][ T5821] veth1_macvtap: entered promiscuous mode [ 98.286304][ T5811] veth1_macvtap: entered promiscuous mode [ 98.302958][ T5922] Zero length message leads to an empty skb [ 98.356169][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.356188][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.434971][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.497937][ T5821] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.520650][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.521529][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.521547][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.575138][ T780] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.583917][ T5811] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.585451][ T780] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.604291][ T780] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.605685][ T780] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.628862][ T780] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.635287][ T780] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.650707][ T780] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.654550][ T780] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 99.216850][ T1307] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.216870][ T1307] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.307554][ T43] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.307569][ T43] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.425793][ T5890] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 99.498296][ T1470] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.498316][ T1470] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.526028][ T3497] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 99.526049][ T3497] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 99.678143][ T5890] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 99.678163][ T5890] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 99.678188][ T5890] usb 2-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice= 0.00 [ 99.678200][ T5890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 99.691311][ T5890] usb 2-1: config 0 descriptor?? [ 100.027193][ T5890] usb 2-1: string descriptor 0 read error: -71 [ 100.109403][ T5890] usbhid 2-1:0.0: can't add hid device: -71 [ 100.109517][ T5890] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 100.167716][ T5890] usb 2-1: USB disconnect, device number 2 [ 100.235841][ T5944] FAULT_INJECTION: forcing a failure. [ 100.235841][ T5944] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 100.235897][ T5944] CPU: 1 UID: 0 PID: 5944 Comm: syz.3.9 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 100.235919][ T5944] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 100.235935][ T5944] Call Trace: [ 100.235945][ T5944] [ 100.235953][ T5944] dump_stack_lvl+0xe8/0x150 [ 100.235988][ T5944] should_fail_ex+0x46c/0x600 [ 100.236016][ T5944] _copy_to_user+0x31/0xb0 [ 100.236038][ T5944] poll_select_finish+0x446/0x5e0 [ 100.236058][ T5944] ? __pfx_poll_select_finish+0x10/0x10 [ 100.236082][ T5944] ? __pfx_timespec64_add_safe+0x10/0x10 [ 100.236117][ T5944] __se_sys_select+0x21d/0x270 [ 100.236145][ T5944] ? __pfx___se_sys_select+0x10/0x10 [ 100.236170][ T5944] ? __pfx_ksys_write+0x10/0x10 [ 100.236199][ T5944] ? __x64_sys_select+0x20/0xc0 [ 100.236225][ T5944] do_syscall_64+0xec/0xf80 [ 100.236244][ T5944] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.236260][ T5944] ? trace_irq_disable+0x37/0x100 [ 100.236276][ T5944] ? clear_bhb_loop+0x60/0xb0 [ 100.236293][ T5944] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 100.236307][ T5944] RIP: 0033:0x7fecacddf749 [ 100.236326][ T5944] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 100.236339][ T5944] RSP: 002b:00007fecab046038 EFLAGS: 00000246 ORIG_RAX: 0000000000000017 [ 100.236356][ T5944] RAX: ffffffffffffffda RBX: 00007fecad035fa0 RCX: 00007fecacddf749 [ 100.236367][ T5944] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 100.236376][ T5944] RBP: 00007fecab046090 R08: 0000200000000100 R09: 0000000000000000 [ 100.236387][ T5944] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 100.236397][ T5944] R13: 00007fecad036038 R14: 00007fecad035fa0 R15: 00007fff8fdb6b98 [ 100.236427][ T5944] [ 100.803184][ T5928] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 100.953213][ T5928] usb 4-1: Using ep0 maxpacket: 32 [ 100.962163][ T5928] usb 4-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 100.962219][ T5928] usb 4-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 100.962247][ T5928] usb 4-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 100.962274][ T5928] usb 4-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 101.039607][ T5928] usb 4-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 101.039633][ T5928] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.039643][ T5928] usb 4-1: Product: syz [ 101.039651][ T5928] usb 4-1: Manufacturer: syz [ 101.039659][ T5928] usb 4-1: SerialNumber: syz [ 101.093731][ T10] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 101.093755][ T5883] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 101.137664][ C0] imon 4-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 101.178910][ T5928] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/input/input5 [ 101.253159][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 101.259391][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 101.259425][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 101.259465][ T10] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 101.259488][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.296132][ T10] usb 2-1: config 0 descriptor?? [ 101.329252][ T5883] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 101.329284][ T5883] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.329303][ T5883] usb 3-1: Product: syz [ 101.329318][ T5883] usb 3-1: Manufacturer: syz [ 101.329332][ T5883] usb 3-1: SerialNumber: syz [ 101.363216][ T5928] imon 4-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 101.363235][ T5928] (id 0x00) [ 101.499944][ T5883] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 101.518033][ T5940] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 101.604841][ T5928] rc_core: IR keymap rc-imon-pad not found [ 101.604863][ T5928] Registered IR keymap rc-empty [ 101.605001][ T5928] imon 4-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 101.605019][ T5928] imon 4-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 101.668758][ T5928] rc rc0: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0 [ 101.693545][ T5940] usb 5-1: Using ep0 maxpacket: 16 [ 101.718689][ T5940] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 101.725561][ T5940] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 101.725590][ T5940] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.725657][ T5940] usb 5-1: Product: syz [ 101.725671][ T5940] usb 5-1: Manufacturer: syz [ 101.725684][ T5940] usb 5-1: SerialNumber: syz [ 101.748632][ T5928] input: iMON Remote (15c2:ffdc) as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:155.0/rc/rc0/input6 [ 101.816181][ T5940] usb 5-1: config 0 descriptor?? [ 101.870633][ T10] ft260 0003:0403:6030.0001: item fetching failed at offset 0/2 [ 101.872758][ T10] ft260 0003:0403:6030.0001: failed to parse HID [ 101.872844][ T10] ft260 0003:0403:6030.0001: probe with driver ft260 failed with error -22 [ 101.930865][ T804] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 101.975256][ T5928] imon 4-1:155.0: iMON device (15c2:ffdc, intf0) on usb<4:2> initialized [ 102.023658][ T5928] usb 4-1: USB disconnect, device number 2 [ 102.125730][ T5963] netlink: 64 bytes leftover after parsing attributes in process `syz.0.14'. [ 102.126715][ T5963] block nbd0: not configured, cannot reconfigure [ 102.666547][ T5965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 102.666994][ T5965] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 103.707048][ T804] usb 3-1: Service connection timeout for: 256 [ 103.707086][ T804] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services [ 104.149141][ T804] ath9k_htc: Failed to initialize the device [ 104.182626][ T804] usb 3-1: ath9k_htc: USB layer deinitialized [ 104.361922][ T5974] usb 2-1: USB disconnect, device number 3 [ 104.382044][ T5890] usb 5-1: USB disconnect, device number 2 [ 104.604389][ T5910] usb 3-1: USB disconnect, device number 2 [ 104.735489][ T5981] FAULT_INJECTION: forcing a failure. [ 104.735489][ T5981] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 104.735522][ T5981] CPU: 0 UID: 0 PID: 5981 Comm: syz.1.19 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 104.735544][ T5981] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 104.735555][ T5981] Call Trace: [ 104.735563][ T5981] [ 104.735570][ T5981] dump_stack_lvl+0xe8/0x150 [ 104.735600][ T5981] should_fail_ex+0x46c/0x600 [ 104.735630][ T5981] prepare_alloc_pages+0x22b/0x6c0 [ 104.735658][ T5981] __alloc_frozen_pages_noprof+0x123/0x370 [ 104.735681][ T5981] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 104.735712][ T5981] ? mtree_range_walk+0x6aa/0x840 [ 104.735735][ T5981] alloc_pages_mpol+0xd1/0x380 [ 104.735759][ T5981] alloc_pages_noprof+0xcf/0x1e0 [ 104.735781][ T5981] __pud_alloc+0x3a/0x470 [ 104.735812][ T5981] handle_mm_fault+0xdf7/0x1330 [ 104.735844][ T5981] ? handle_mm_fault+0xd1/0x1330 [ 104.735866][ T5981] ? is_bpf_text_address+0x292/0x2b0 [ 104.735891][ T5981] ? __pfx_handle_mm_fault+0x10/0x10 [ 104.735928][ T5981] ? __lock_acquire+0x6b6/0x2cf0 [ 104.735958][ T5981] ? lock_mm_and_find_vma+0x9c/0x300 [ 104.735985][ T5981] do_user_addr_fault+0x764/0x1380 [ 104.736024][ T5981] exc_page_fault+0x71/0xd0 [ 104.736044][ T5981] asm_exc_page_fault+0x26/0x30 [ 104.736062][ T5981] RIP: 0010:rep_movs_alternative+0xf/0x90 [ 104.736084][ T5981] Code: c4 10 e9 04 20 05 00 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 83 f9 40 73 44 83 f9 08 73 25 85 c9 74 0f <8a> 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 e9 cd 1f 05 00 66 2e [ 104.736099][ T5981] RSP: 0018:ffffc90005517c10 EFLAGS: 00050202 [ 104.736116][ T5981] RAX: 00007ffffffff001 RBX: 0000000000000004 RCX: 0000000000000004 [ 104.736129][ T5981] RDX: 0000000000000001 RSI: 0000200000000100 RDI: ffffc90005517d70 [ 104.736141][ T5981] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 [ 104.736151][ T5981] R10: dffffc0000000000 R11: fffff52000aa2fae R12: ffff888056200000 [ 104.736165][ T5981] R13: 1ffff92000aa2f90 R14: ffffc90005517d70 R15: 0000200000000100 [ 104.736196][ T5981] _copy_from_user+0x7a/0xb0 [ 104.736216][ T5981] copy_from_sockptr+0x5e/0xa0 [ 104.736236][ T5981] packet_setsockopt+0xa14/0x12c0 [ 104.736262][ T5981] ? do_raw_spin_lock+0x121/0x290 [ 104.736283][ T5981] ? __pfx_packet_setsockopt+0x10/0x10 [ 104.736317][ T5981] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 104.736339][ T5981] ? __fget_files+0x2a/0x420 [ 104.736370][ T5981] ? __fget_files+0x2a/0x420 [ 104.736392][ T5981] ? __fget_files+0x2a/0x420 [ 104.736410][ T5981] ? bpf_lsm_socket_setsockopt+0x9/0x20 [ 104.736432][ T5981] ? __pfx_packet_setsockopt+0x10/0x10 [ 104.736458][ T5981] do_sock_setsockopt+0x17c/0x1b0 [ 104.736486][ T5981] __x64_sys_setsockopt+0x145/0x1b0 [ 104.736513][ T5981] do_syscall_64+0xec/0xf80 [ 104.736531][ T5981] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.736548][ T5981] ? trace_irq_disable+0x37/0x100 [ 104.736567][ T5981] ? clear_bhb_loop+0x60/0xb0 [ 104.736590][ T5981] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 104.736608][ T5981] RIP: 0033:0x7fe26df8f749 [ 104.736624][ T5981] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 104.736638][ T5981] RSP: 002b:00007fe26c1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 104.736656][ T5981] RAX: ffffffffffffffda RBX: 00007fe26e1e5fa0 RCX: 00007fe26df8f749 [ 104.736670][ T5981] RDX: 0000000000000008 RSI: 0000000000000107 RDI: 0000000000000003 [ 104.736681][ T5981] RBP: 00007fe26c1f6090 R08: 0000000000000004 R09: 0000000000000000 [ 104.736693][ T5981] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 104.736704][ T5981] R13: 00007fe26e1e6038 R14: 00007fe26e1e5fa0 R15: 00007ffc858b1eb8 [ 104.736734][ T5981] [ 105.000073][ T5980] kernel profiling enabled (shift: 63) [ 105.000095][ T5980] profiling shift: 63 too large [ 105.893307][ T5928] usb 4-1: new full-speed USB device number 3 using dummy_hcd [ 106.049889][ T5928] usb 4-1: unable to get BOS descriptor or descriptor too short [ 106.051103][ T5928] usb 4-1: not running at top speed; connect to a high speed hub [ 106.073471][ T5928] usb 4-1: config 2 has an invalid interface number: 254 but max is 0 [ 106.073500][ T5928] usb 4-1: config 2 has an invalid descriptor of length 36, skipping remainder of the config [ 106.073520][ T5928] usb 4-1: config 2 has no interface number 0 [ 106.073555][ T5928] usb 4-1: config 2 interface 254 has no altsetting 0 [ 106.079414][ T5928] usb 4-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=20.52 [ 106.079444][ T5928] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.079465][ T5928] usb 4-1: Product: syz [ 106.079481][ T5928] usb 4-1: Manufacturer: syz [ 106.079496][ T5928] usb 4-1: SerialNumber: syz [ 106.426960][ T37] audit: type=1326 audit(1766932716.075:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=5987 comm="syz.2.20" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f778ef8f749 code=0x0 [ 107.343256][ T804] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 107.534379][ T804] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 107.534403][ T804] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 107.535263][ T804] usb 5-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice= 0.00 [ 107.535290][ T804] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.577273][ T804] usb 5-1: config 0 descriptor?? [ 107.791458][ T5928] ims_pcu 4-1:2.254: Missing CDC union descriptor [ 107.791521][ T5928] ims_pcu 4-1:2.254: probe with driver ims_pcu failed with error -22 [ 107.829331][ T5928] usb 4-1: USB disconnect, device number 3 [ 107.915810][ T804] usb 5-1: string descriptor 0 read error: -71 [ 107.968703][ T804] usbhid 5-1:0.0: can't add hid device: -71 [ 107.968834][ T804] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 107.996954][ T804] usb 5-1: USB disconnect, device number 3 [ 108.070195][ T6006] warning: `syz.1.25' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 108.153189][ T932] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 108.223411][ T5891] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 108.313209][ T804] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 108.338783][ T932] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 108.338814][ T932] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.338829][ T932] usb 3-1: Product: syz [ 108.338837][ T932] usb 3-1: Manufacturer: syz [ 108.338845][ T932] usb 3-1: SerialNumber: syz [ 108.407354][ T932] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 108.427852][ T5891] usb 1-1: config index 0 descriptor too short (expected 78, got 72) [ 108.447355][ T5891] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 108.447384][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.447404][ T5891] usb 1-1: Product: syz [ 108.447418][ T5891] usb 1-1: Manufacturer: syz [ 108.447432][ T5891] usb 1-1: SerialNumber: syz [ 108.504761][ T5928] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 108.527069][ T804] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 108.527095][ T804] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 108.527113][ T804] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 108.527133][ T804] usb 2-1: config 1 has no interface number 0 [ 108.527217][ T804] usb 2-1: too many endpoints for config 1 interface 1 altsetting 1: 32, using maximum allowed: 30 [ 108.527265][ T804] usb 2-1: config 1 interface 1 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 108.539077][ T804] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 108.539106][ T804] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 108.539126][ T804] usb 2-1: Product: syz [ 108.539140][ T804] usb 2-1: Manufacturer: syz [ 108.539155][ T804] usb 2-1: SerialNumber: syz [ 108.641055][ T5891] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 108.725532][ T804] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 108.725640][ T804] cdc_ncm 2-1:1.1: bind() failure [ 108.735686][ T56] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 109.603231][ T804] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 109.743241][ T5928] usb 3-1: Service connection timeout for: 256 [ 109.743265][ T5928] ath9k_htc 3-1:1.0: ath9k_htc: Unable to initialize HTC services [ 109.780584][ T5928] ath9k_htc: Failed to initialize the device [ 109.844202][ T5928] usb 3-1: ath9k_htc: USB layer deinitialized [ 110.630694][ T56] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 110.630859][ T56] ath9k_htc: Failed to initialize the device [ 110.874032][ T5972] usb 2-1: USB disconnect, device number 4 [ 111.250110][ T5972] usb 3-1: USB disconnect, device number 3 [ 111.573150][ T5928] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 111.635564][ T5961] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 111.648776][ T6017] usb 1-1: USB disconnect, device number 2 [ 111.689144][ T6017] usb 1-1: ath9k_htc: USB layer deinitialized [ 111.706199][ C1] dummy_hcd dummy_hcd.0: timer fired with no URBs pending? [ 111.720951][ T804] usb 5-1: Using ep0 maxpacket: 32 [ 111.723812][ T804] usb 5-1: config 0 interface 0 has no altsetting 0 [ 111.726968][ T804] usb 5-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 111.727008][ T804] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 111.727027][ T804] usb 5-1: Product: syz [ 111.727048][ T804] usb 5-1: Manufacturer: syz [ 111.727063][ T804] usb 5-1: SerialNumber: syz [ 111.754912][ T5928] usb 2-1: Using ep0 maxpacket: 32 [ 111.815635][ T5928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 111.815669][ T5928] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 111.815708][ T5928] usb 2-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 111.815731][ T5928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.913545][ T5928] usb 2-1: config 0 descriptor?? [ 111.938844][ T804] usb 5-1: config 0 descriptor?? [ 112.053773][ T5961] usb 4-1: device not accepting address 4, error -71 [ 112.142807][ T804] usb 5-1: can't set config #0, error -71 [ 112.216709][ T804] usb 5-1: USB disconnect, device number 4 [ 112.256183][ T6031] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 112.398933][ T5928] ft260 0003:0403:6030.0002: item fetching failed at offset 0/2 [ 112.441232][ T5928] ft260 0003:0403:6030.0002: failed to parse HID [ 112.441358][ T5928] ft260 0003:0403:6030.0002: probe with driver ft260 failed with error -22 [ 112.707861][ T6037] nbd0: detected capacity change from 0 to 127 [ 112.742976][ T6038] netlink: 64 bytes leftover after parsing attributes in process `syz.0.36'. [ 112.749025][ T5812] block nbd0: Receive control failed (result -104) [ 112.866339][ T6044] netlink: 64 bytes leftover after parsing attributes in process `syz.4.39'. [ 113.177565][ T6047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.178074][ T6047] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 113.366475][ T5961] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 113.366658][ T5882] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 113.710902][ T6060] netlink: 12 bytes leftover after parsing attributes in process `syz.3.45'. [ 113.717595][ T6060] smc: net device bond0 applied user defined pnetid SYZ0 [ 114.209551][ T5882] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 114.209583][ T5882] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.209604][ T5882] usb 5-1: Product: syz [ 114.209618][ T5882] usb 5-1: Manufacturer: syz [ 114.209632][ T5882] usb 5-1: SerialNumber: syz [ 114.275691][ T5961] usb 1-1: unable to get BOS descriptor or descriptor too short [ 114.279272][ T5961] usb 1-1: not running at top speed; connect to a high speed hub [ 114.281641][ T5961] usb 1-1: config 2 has an invalid interface number: 254 but max is 0 [ 114.281668][ T5961] usb 1-1: config 2 has an invalid descriptor of length 36, skipping remainder of the config [ 114.281686][ T5961] usb 1-1: config 2 has no interface number 0 [ 114.281716][ T5961] usb 1-1: config 2 interface 254 has no altsetting 0 [ 114.316599][ T5940] usb 2-1: USB disconnect, device number 5 [ 114.376085][ T5961] usb 1-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=20.52 [ 114.376114][ T5961] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.376135][ T5961] usb 1-1: Product: syz [ 114.376149][ T5961] usb 1-1: Manufacturer: syz [ 114.376163][ T5961] usb 1-1: SerialNumber: syz [ 114.421231][ T5882] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 114.467211][ T56] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 114.794554][ T5961] ims_pcu 1-1:2.254: Missing CDC union descriptor [ 114.794611][ T5961] ims_pcu 1-1:2.254: probe with driver ims_pcu failed with error -22 [ 114.814614][ T5940] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 114.835302][ T5961] usb 1-1: USB disconnect, device number 3 [ 114.985917][ T5940] usb 2-1: Using ep0 maxpacket: 16 [ 114.991429][ T5940] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 114.991462][ T5940] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 115.062093][ T5940] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 115.062121][ T5940] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.062141][ T5940] usb 2-1: Product: syz [ 115.062156][ T5940] usb 2-1: Manufacturer: syz [ 115.062170][ T5940] usb 2-1: SerialNumber: syz [ 115.118899][ T5940] usb 2-1: config 0 descriptor?? [ 115.207164][ T5940] em28xx 2-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers ! [ 115.743879][ T56] usb 5-1: Service connection timeout for: 256 [ 115.743902][ T56] ath9k_htc 5-1:1.0: ath9k_htc: Unable to initialize HTC services [ 115.781576][ T56] ath9k_htc: Failed to initialize the device [ 115.832674][ T56] usb 5-1: ath9k_htc: USB layer deinitialized [ 116.056070][ T5940] usb 5-1: USB disconnect, device number 5 [ 116.181069][ T6081] nbd1: detected capacity change from 0 to 127 [ 116.181658][ T6085] netlink: 64 bytes leftover after parsing attributes in process `syz.2.52'. [ 116.192721][ T6085] block nbd0: reconnected socket [ 116.195915][ T5812] block nbd1: Receive control failed (result -32) [ 116.206373][ T5815] block nbd0: Receive control failed (result -32) [ 116.266966][ T5856] block nbd1: Dead connection, failed to find a fallback [ 116.266994][ T5856] block nbd1: shutting down sockets [ 116.267297][ T5856] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 116.267428][ T5856] Buffer I/O error on dev nbd1, logical block 0, async page read [ 116.267603][ T5856] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 116.267625][ T5856] Buffer I/O error on dev nbd1, logical block 1, async page read [ 116.267673][ T5856] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 116.267695][ T5856] Buffer I/O error on dev nbd1, logical block 2, async page read [ 116.267739][ T5856] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 116.267761][ T5856] Buffer I/O error on dev nbd1, logical block 3, async page read [ 116.267819][ T5856] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 116.267840][ T5856] Buffer I/O error on dev nbd1, logical block 0, async page read [ 116.267880][ T5856] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 116.267896][ T5856] Buffer I/O error on dev nbd1, logical block 1, async page read [ 116.267928][ T5856] I/O error, dev nbd1, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 116.267944][ T5856] Buffer I/O error on dev nbd1, logical block 2, async page read [ 116.270466][ T5856] I/O error, dev nbd1, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 116.270497][ T5856] Buffer I/O error on dev nbd1, logical block 3, async page read [ 116.270585][ T5856] I/O error, dev nbd1, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 116.270605][ T5856] Buffer I/O error on dev nbd1, logical block 0, async page read [ 116.270648][ T5856] I/O error, dev nbd1, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 116.270667][ T5856] Buffer I/O error on dev nbd1, logical block 1, async page read [ 116.345914][ T5856] ldm_validate_partition_table(): Disk read failed. [ 116.346594][ T5856] Dev nbd1: unable to read RDB block 0 [ 116.347484][ T5856] nbd1: unable to read partition table [ 116.534103][ T5856] ldm_validate_partition_table(): Disk read failed. [ 116.534717][ T5856] Dev nbd1: unable to read RDB block 0 [ 116.535471][ T5856] nbd1: unable to read partition table [ 116.988154][ T6098] Illegal XDP return value 836697107 on prog (id 15) dev N/A, expect packet loss! [ 117.384858][ T37] audit: type=1326 audit(1766932727.045:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6105 comm="syz.2.60" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f778ef8f749 code=0x0 [ 118.263182][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.273101][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.283107][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 118.740641][ T5882] usb 2-1: USB disconnect, device number 6 [ 119.146778][ T5882] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 119.293118][ T5882] usb 5-1: Using ep0 maxpacket: 16 [ 119.294946][ T5882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 119.294977][ T5882] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 119.295012][ T5882] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 119.295034][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.309833][ T6118] nbd2: detected capacity change from 0 to 127 [ 119.337317][ T6121] netlink: 64 bytes leftover after parsing attributes in process `syz.2.65'. [ 119.337579][ T6121] block nbd0: reconnected socket [ 119.342137][ T5815] block nbd2: Receive control failed (result -104) [ 119.396587][ T5882] usb 5-1: config 0 descriptor?? [ 119.406266][ T5812] block nbd0: Receive control failed (result -32) [ 119.724634][ T5910] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 119.894304][ T5910] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 119.894337][ T5910] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.894357][ T5910] usb 2-1: Product: syz [ 119.894372][ T5910] usb 2-1: Manufacturer: syz [ 119.894387][ T5910] usb 2-1: SerialNumber: syz [ 119.987358][ T6113] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 119.987856][ T6113] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 119.991374][ T5910] usb 2-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 120.054811][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 120.054987][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 120.055158][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 120.055332][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 120.055873][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 120.121526][ T5882] lua 0003:1E7D:2C2E.0003: ignoring exceeding usage max [ 120.155177][ T5940] usb 2-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 120.231764][ T6113] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.276633][ T6113] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.366824][ T5882] lua 0003:1E7D:2C2E.0003: hidraw0: USB HID v0.00 Device [HID 1e7d:2c2e] on usb-dummy_hcd.4-1/input0 [ 120.542044][ T5882] usb 5-1: USB disconnect, device number 6 [ 121.643075][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 121.695090][ T5940] usb 2-1: Service connection timeout for: 256 [ 121.695618][ T5940] ath9k_htc 2-1:1.0: ath9k_htc: Unable to initialize HTC services [ 121.973375][ T0] NOHZ tick-stop error: local softirq work is pending, handler #80!!! [ 122.575859][ T5940] ath9k_htc: Failed to initialize the device [ 122.671955][ T5940] usb 2-1: ath9k_htc: USB layer deinitialized [ 122.835098][ T804] usb 2-1: USB disconnect, device number 7 [ 122.859313][ T6146] netlink: 'syz.3.71': attribute type 13 has an invalid length. [ 123.037597][ T6136] fido_id[6136]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 123.344294][ T6146] gretap0: refused to change device tx_queue_len [ 123.344534][ T6146] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 123.423497][ T804] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 123.455612][ T6152] netlink: 'syz.1.74': attribute type 13 has an invalid length. [ 123.573642][ T804] usb 5-1: Using ep0 maxpacket: 16 [ 123.576668][ T804] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 123.576800][ T804] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 123.614153][ T804] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 123.614183][ T804] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.614199][ T804] usb 5-1: Product: syz [ 123.614206][ T804] usb 5-1: Manufacturer: syz [ 123.614214][ T804] usb 5-1: SerialNumber: syz [ 123.629775][ T804] usb 5-1: config 0 descriptor?? [ 123.650891][ T6155] vivid-006: disconnect [ 123.679669][ T804] em28xx 5-1:0.0: error: skipping audio endpoint 0x83, because it uses bulk transfers ! [ 123.897467][ T6152] gretap0: refused to change device tx_queue_len [ 123.897492][ T6152] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 124.415023][ T6154] vivid-006: reconnect [ 125.802858][ T37] audit: type=1326 audit(1766932734.245:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6164 comm="syz.0.77" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f318e23f749 code=0x0 [ 127.115416][ T6176] XFS (nullb0): Invalid superblock magic number [ 127.494520][ T6017] usb 5-1: USB disconnect, device number 7 [ 128.843793][ T5812] block nbd3: Receive control failed (result -32) [ 129.876919][ T37] audit: type=1326 audit(1766932738.635:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6191 comm="syz.0.82" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f318e23f749 code=0x0 [ 130.198320][ T6177] nbd3: detected capacity change from 0 to 127 [ 130.296312][ T6185] netlink: 64 bytes leftover after parsing attributes in process `syz.1.78'. [ 130.300704][ T5856] block nbd3: Dead connection, failed to find a fallback [ 130.300729][ T5856] block nbd3: shutting down sockets [ 130.300743][ T5856] blk_print_req_error: 138 callbacks suppressed [ 130.300754][ T5856] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.300777][ T5856] buffer_io_error: 138 callbacks suppressed [ 130.300787][ T5856] Buffer I/O error on dev nbd3, logical block 0, async page read [ 130.300845][ T5856] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.300868][ T5856] Buffer I/O error on dev nbd3, logical block 1, async page read [ 130.300914][ T5856] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.300936][ T5856] Buffer I/O error on dev nbd3, logical block 2, async page read [ 130.300981][ T5856] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.301004][ T5856] Buffer I/O error on dev nbd3, logical block 3, async page read [ 130.301058][ T5856] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.301080][ T5856] Buffer I/O error on dev nbd3, logical block 0, async page read [ 130.301125][ T5856] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.301147][ T5856] Buffer I/O error on dev nbd3, logical block 1, async page read [ 130.307897][ T5856] I/O error, dev nbd3, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.307931][ T5856] Buffer I/O error on dev nbd3, logical block 2, async page read [ 130.307987][ T5856] I/O error, dev nbd3, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.308009][ T5856] Buffer I/O error on dev nbd3, logical block 3, async page read [ 130.308086][ T5856] I/O error, dev nbd3, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.308105][ T5856] Buffer I/O error on dev nbd3, logical block 0, async page read [ 130.308150][ T5856] I/O error, dev nbd3, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 130.308275][ T5856] Buffer I/O error on dev nbd3, logical block 1, async page read [ 130.309139][ T5856] ldm_validate_partition_table(): Disk read failed. [ 130.309845][ T5856] Dev nbd3: unable to read RDB block 0 [ 130.315712][ T5856] nbd3: unable to read partition table [ 130.606997][ T5856] ldm_validate_partition_table(): Disk read failed. [ 130.607396][ T5856] Dev nbd3: unable to read RDB block 0 [ 130.607917][ T5856] nbd3: unable to read partition table [ 130.761215][ T6206] netlink: 4 bytes leftover after parsing attributes in process `syz.0.83'. [ 131.975707][ T6216] netlink: 268 bytes leftover after parsing attributes in process `syz.2.87'. [ 133.548655][ T37] audit: type=1326 audit(1766932742.335:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6224 comm="syz.2.92" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f778ef8f749 code=0x0 [ 133.549099][ T5882] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 133.942310][ T5928] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 134.033813][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 134.033993][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 134.506780][ T5882] usb 4-1: Using ep0 maxpacket: 16 [ 134.537811][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 134.537846][ T5882] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 134.537886][ T5882] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2c2e, bcdDevice= 0.00 [ 134.537909][ T5882] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.584214][ T5882] usb 4-1: config 0 descriptor?? [ 134.684369][ T5928] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 134.684428][ T5928] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 134.684471][ T5928] usb 2-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 134.684494][ T5928] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 134.701776][ T5928] usb 2-1: config 0 descriptor?? [ 134.716932][ T5928] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 135.056363][ T6219] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.067377][ T6219] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.717462][ T6251] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.780254][ T6251] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 135.875117][ T5812] block nbd4: Receive control failed (result -32) [ 135.986926][ T5882] lua 0003:1E7D:2C2E.0004: ignoring exceeding usage max [ 136.012765][ T6241] nbd4: detected capacity change from 0 to 127 [ 136.014596][ T6245] netlink: 64 bytes leftover after parsing attributes in process `syz.2.95'. [ 136.036212][ T5856] block nbd4: Dead connection, failed to find a fallback [ 136.036236][ T5856] block nbd4: shutting down sockets [ 136.036248][ T5856] blk_print_req_error: 138 callbacks suppressed [ 136.036258][ T5856] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 136.036283][ T5856] buffer_io_error: 138 callbacks suppressed [ 136.036293][ T5856] Buffer I/O error on dev nbd4, logical block 0, async page read [ 136.036353][ T5856] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 136.036376][ T5856] Buffer I/O error on dev nbd4, logical block 1, async page read [ 136.036423][ T5856] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 136.036444][ T5856] Buffer I/O error on dev nbd4, logical block 2, async page read [ 136.036491][ T5856] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 136.036512][ T5856] Buffer I/O error on dev nbd4, logical block 3, async page read [ 136.036568][ T5856] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 136.036589][ T5856] Buffer I/O error on dev nbd4, logical block 0, async page read [ 136.124007][ T5928] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 136.180454][ T5856] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 136.180477][ T5856] Buffer I/O error on dev nbd4, logical block 1, async page read [ 136.180509][ T5856] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 136.180522][ T5856] Buffer I/O error on dev nbd4, logical block 2, async page read [ 136.180548][ T5856] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 136.180560][ T5856] Buffer I/O error on dev nbd4, logical block 3, async page read [ 136.180598][ T5856] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 136.180615][ T5856] Buffer I/O error on dev nbd4, logical block 0, async page read [ 136.180657][ T5856] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 136.180678][ T5856] Buffer I/O error on dev nbd4, logical block 1, async page read [ 136.184206][ T5882] lua 0003:1E7D:2C2E.0004: hidraw0: USB HID v0.00 Device [HID 1e7d:2c2e] on usb-dummy_hcd.3-1/input0 [ 136.285920][ T5856] ldm_validate_partition_table(): Disk read failed. [ 136.291811][ T5856] Dev nbd4: unable to read RDB block 0 [ 136.309261][ T5856] nbd4: unable to read partition table [ 136.312488][ T5882] usb 4-1: USB disconnect, device number 6 [ 136.377807][ T5856] ldm_validate_partition_table(): Disk read failed. [ 136.378423][ T5856] Dev nbd4: unable to read RDB block 0 [ 136.381326][ T5856] nbd4: unable to read partition table [ 136.563142][ T5928] usb 5-1: Using ep0 maxpacket: 16 [ 136.639474][ T6256] fido_id[6256]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 136.720933][ T5928] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 136.720971][ T5928] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 136.727086][ T5928] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 136.727118][ T5928] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.727143][ T5928] usb 5-1: Product: syz [ 136.727157][ T5928] usb 5-1: Manufacturer: syz [ 136.727172][ T5928] usb 5-1: SerialNumber: syz [ 136.861462][ T6259] netlink: 12 bytes leftover after parsing attributes in process `syz.2.98'. [ 137.094741][ T804] usb 2-1: USB disconnect, device number 8 [ 137.126068][ T5928] usb 5-1: config 0 descriptor?? [ 137.146559][ T5928] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 137.151720][ T5928] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 137.391302][ T6265] FAULT_INJECTION: forcing a failure. [ 137.391302][ T6265] name failslab, interval 1, probability 0, space 0, times 1 [ 137.391736][ T6265] CPU: 0 UID: 0 PID: 6265 Comm: syz.1.100 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 137.391759][ T6265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 137.391771][ T6265] Call Trace: [ 137.391779][ T6265] [ 137.391786][ T6265] dump_stack_lvl+0xe8/0x150 [ 137.391829][ T6265] should_fail_ex+0x46c/0x600 [ 137.391857][ T6265] should_failslab+0xa8/0x100 [ 137.391876][ T6265] __kmalloc_cache_node_noprof+0x8b/0x700 [ 137.391905][ T6265] ? __get_vm_area_node+0x172/0x350 [ 137.391936][ T6265] __get_vm_area_node+0x172/0x350 [ 137.391964][ T6265] __vmalloc_node_range_noprof+0x371/0x16a0 [ 137.391990][ T6265] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 137.392031][ T6265] ? is_bpf_text_address+0x26/0x2b0 [ 137.392054][ T6265] ? kernel_text_address+0xa5/0xe0 [ 137.392082][ T6265] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 137.392109][ T6265] ? __lock_acquire+0x6b6/0x2cf0 [ 137.392141][ T6265] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 137.392160][ T6265] __vmalloc_noprof+0xd2/0x120 [ 137.392185][ T6265] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 137.392209][ T6265] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 137.392234][ T6265] bpf_prog_alloc+0x3c/0x1a0 [ 137.392258][ T6265] bpf_prog_load+0x735/0x1a10 [ 137.392287][ T6265] ? get_pid_task+0x20/0x1f0 [ 137.392312][ T6265] ? __pfx_bpf_prog_load+0x10/0x10 [ 137.392333][ T6265] ? __might_fault+0xb0/0x130 [ 137.392377][ T6265] ? bpf_lsm_bpf+0x9/0x20 [ 137.392393][ T6265] ? security_bpf+0x7e/0x300 [ 137.392421][ T6265] __sys_bpf+0x507/0x860 [ 137.392444][ T6265] ? __pfx___sys_bpf+0x10/0x10 [ 137.392462][ T6265] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 137.392503][ T6265] ? ksys_write+0x230/0x260 [ 137.392530][ T6265] ? __pfx_ksys_write+0x10/0x10 [ 137.392561][ T6265] __x64_sys_bpf+0x7c/0x90 [ 137.392581][ T6265] do_syscall_64+0xec/0xf80 [ 137.392767][ T6265] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.392794][ T6265] ? trace_irq_disable+0x37/0x100 [ 137.392814][ T6265] ? clear_bhb_loop+0x60/0xb0 [ 137.392837][ T6265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.392856][ T6265] RIP: 0033:0x7fe26df8f749 [ 137.392885][ T6265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.392898][ T6265] RSP: 002b:00007fe26c1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 137.393004][ T6265] RAX: ffffffffffffffda RBX: 00007fe26e1e5fa0 RCX: 00007fe26df8f749 [ 137.393021][ T6265] RDX: 0000000000000094 RSI: 0000200000000880 RDI: 0000000000000005 [ 137.393032][ T6265] RBP: 00007fe26c1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 137.393042][ T6265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.393053][ T6265] R13: 00007fe26e1e6038 R14: 00007fe26e1e5fa0 R15: 00007ffc858b1eb8 [ 137.393082][ T6265] [ 137.446076][ T6265] syz.1.100: vmalloc error: size 4096, vm_struct allocation failed, mode:0x500dc0(GFP_USER|__GFP_ZERO|__GFP_ACCOUNT), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 137.456146][ T6265] CPU: 1 UID: 0 PID: 6265 Comm: syz.1.100 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 137.456169][ T6265] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 137.456179][ T6265] Call Trace: [ 137.456187][ T6265] [ 137.456196][ T6265] dump_stack_lvl+0xe8/0x150 [ 137.456226][ T6265] warn_alloc+0x22e/0x3b0 [ 137.456253][ T6265] ? should_fail_ex+0x344/0x600 [ 137.456283][ T6265] ? __pfx_warn_alloc+0x10/0x10 [ 137.456308][ T6265] ? __kmalloc_cache_node_noprof+0x2aa/0x700 [ 137.456334][ T6265] ? __get_vm_area_node+0x172/0x350 [ 137.456361][ T6265] ? __get_vm_area_node+0x2e2/0x350 [ 137.456391][ T6265] __vmalloc_node_range_noprof+0x396/0x16a0 [ 137.456435][ T6265] ? is_bpf_text_address+0x26/0x2b0 [ 137.456461][ T6265] ? kernel_text_address+0xa5/0xe0 [ 137.456490][ T6265] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 137.456517][ T6265] ? __lock_acquire+0x6b6/0x2cf0 [ 137.456548][ T6265] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 137.456567][ T6265] __vmalloc_noprof+0xd2/0x120 [ 137.456605][ T6265] ? bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 137.456629][ T6265] bpf_prog_alloc_no_stats+0x4a/0x4d0 [ 137.456654][ T6265] bpf_prog_alloc+0x3c/0x1a0 [ 137.456677][ T6265] bpf_prog_load+0x735/0x1a10 [ 137.456704][ T6265] ? get_pid_task+0x20/0x1f0 [ 137.456733][ T6265] ? __pfx_bpf_prog_load+0x10/0x10 [ 137.456753][ T6265] ? __might_fault+0xb0/0x130 [ 137.456796][ T6265] ? bpf_lsm_bpf+0x9/0x20 [ 137.456811][ T6265] ? security_bpf+0x7e/0x300 [ 137.456839][ T6265] __sys_bpf+0x507/0x860 [ 137.456869][ T6265] ? __pfx___sys_bpf+0x10/0x10 [ 137.456886][ T6265] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 137.456926][ T6265] ? ksys_write+0x230/0x260 [ 137.456953][ T6265] ? __pfx_ksys_write+0x10/0x10 [ 137.456983][ T6265] __x64_sys_bpf+0x7c/0x90 [ 137.457003][ T6265] do_syscall_64+0xec/0xf80 [ 137.457021][ T6265] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.457039][ T6265] ? trace_irq_disable+0x37/0x100 [ 137.457058][ T6265] ? clear_bhb_loop+0x60/0xb0 [ 137.457079][ T6265] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.457097][ T6265] RIP: 0033:0x7fe26df8f749 [ 137.457114][ T6265] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.457133][ T6265] RSP: 002b:00007fe26c1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 137.457151][ T6265] RAX: ffffffffffffffda RBX: 00007fe26e1e5fa0 RCX: 00007fe26df8f749 [ 137.457164][ T6265] RDX: 0000000000000094 RSI: 0000200000000880 RDI: 0000000000000005 [ 137.457176][ T6265] RBP: 00007fe26c1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 137.457186][ T6265] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.457197][ T6265] R13: 00007fe26e1e6038 R14: 00007fe26e1e5fa0 R15: 00007ffc858b1eb8 [ 137.457226][ T6265] [ 137.457728][ T6265] Mem-Info: [ 137.457753][ T6265] active_anon:3105 inactive_anon:6331 isolated_anon:0 [ 137.457753][ T6265] active_file:5382 inactive_file:38254 isolated_file:0 [ 137.457753][ T6265] unevictable:768 dirty:316 writeback:0 [ 137.457753][ T6265] slab_reclaimable:11285 slab_unreclaimable:102014 [ 137.457753][ T6265] mapped:30180 shmem:4230 pagetables:1250 [ 137.457753][ T6265] sec_pagetables:0 bounce:0 [ 137.457753][ T6265] kernel_misc_reclaimable:0 [ 137.457753][ T6265] free:1327949 free_pcp:2548 free_cma:0 [ 137.457803][ T6265] Node 0 active_anon:12420kB inactive_anon:25324kB active_file:21324kB inactive_file:153016kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120720kB dirty:1264kB writeback:0kB shmem:15384kB kernel_stack:13448kB pagetables:4852kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 137.457847][ T6265] Node 1 active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB kernel_stack:64kB pagetables:148kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 137.457893][ T6265] Node 0 DMA free:15360kB boost:0kB min:20kB low:32kB high:44kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 137.457952][ T6265] lowmem_reserve[]: 0 2514 2515 2515 2515 [ 137.457984][ T6265] Node 0 DMA32 free:1397208kB boost:0kB min:3944kB low:6492kB high:9040kB reserved_highatomic:0KB free_highatomic:0KB active_anon:12420kB inactive_anon:25324kB active_file:21324kB inactive_file:153016kB unevictable:1536kB writepending:1264kB zspages:0kB present:3129332kB managed:2574692kB mlocked:0kB bounce:0kB free_pcp:10160kB local_pcp:6324kB free_cma:0kB [ 137.459673][ T6265] lowmem_reserve[]: 0 0 1 1 1 [ 137.459703][ T6265] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB zspages:0kB present:1048580kB managed:1644kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 137.459756][ T6265] lowmem_reserve[]: 0 0 0 0 0 [ 137.459786][ T6265] Node 1 Normal free:3899228kB boost:0kB min:6360kB low:10468kB high:14576kB reserved_highatomic:0KB free_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:204kB inactive_file:0kB unevictable:1536kB writepending:0kB zspages:0kB present:4194300kB managed:4111100kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:0kB free_cma:0kB [ 137.459845][ T6265] lowmem_reserve[]: 0 0 0 0 0 [ 137.459886][ T6265] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 137.459992][ T6265] Node 0 DMA32: 1298*4kB (U) 625*8kB (UE) 391*16kB (UM) 21*32kB (U) 11*64kB (UME) 24*128kB (UME) 8*256kB (M) 6*512kB (ME) 7*1024kB (UM) 2*2048kB (ME) 332*4096kB (UM) = 1397152kB [ 137.460135][ T6265] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 137.460223][ T6265] Node 1 Normal: 189*4kB (UE) 41*8kB (UME) 30*16kB (UME) 203*32kB (UME) 98*64kB (UME) 21*128kB (UM) 13*256kB (UME) 8*512kB (UM) 6*1024kB (UME) 1*2048kB (E) 944*4096kB (M) = 3899260kB [ 137.460373][ T6265] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 137.460388][ T6265] Node 0 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 137.460403][ T6265] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 137.460418][ T6265] Node 1 hugepages_total=2 hugepages_free=2 hugepages_surp=0 hugepages_size=2048kB [ 137.460432][ T6265] 47862 total pagecache pages [ 137.460443][ T6265] 0 pages in swap cache [ 137.460450][ T6265] Free swap = 124996kB [ 137.460456][ T6265] Total swap = 124996kB [ 137.460463][ T6265] 2097051 pages RAM [ 137.460469][ T6265] 0 pages HighMem/MovableOnly [ 137.460475][ T6265] 421352 pages reserved [ 137.460481][ T6265] 0 pages cma reserved [ 137.794218][ T5928] em28xx 5-1:0.0: unknown em28xx chip ID (10) [ 138.250710][ T5928] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 139.262106][ T5928] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 139.262131][ T5928] em28xx 5-1:0.0: No AC97 audio processor [ 139.475924][ T5928] usb 5-1: USB disconnect, device number 8 [ 139.496150][ T5928] em28xx 5-1:0.0: Disconnecting em28xx [ 139.517014][ T5928] em28xx 5-1:0.0: Freeing device [ 139.688326][ T6284] FAULT_INJECTION: forcing a failure. [ 139.688326][ T6284] name failslab, interval 1, probability 0, space 0, times 0 [ 139.688356][ T6284] CPU: 0 UID: 0 PID: 6284 Comm: syz.3.106 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 139.688373][ T6284] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 139.688382][ T6284] Call Trace: [ 139.688388][ T6284] [ 139.688395][ T6284] dump_stack_lvl+0xe8/0x150 [ 139.688419][ T6284] should_fail_ex+0x46c/0x600 [ 139.688445][ T6284] ? getname_flags+0xb8/0x540 [ 139.688463][ T6284] should_failslab+0xa8/0x100 [ 139.688482][ T6284] ? getname_flags+0xb8/0x540 [ 139.688498][ T6284] kmem_cache_alloc_noprof+0x84/0x6c0 [ 139.688521][ T6284] ? do_raw_spin_lock+0x121/0x290 [ 139.688548][ T6284] getname_flags+0xb8/0x540 [ 139.688570][ T6284] do_sys_openat2+0xbc/0x200 [ 139.688603][ T6284] ? __pfx_do_sys_openat2+0x10/0x10 [ 139.688635][ T6284] __se_sys_openat2+0x226/0x2c0 [ 139.688660][ T6284] ? __pfx___se_sys_openat2+0x10/0x10 [ 139.688695][ T6284] do_syscall_64+0xec/0xf80 [ 139.688714][ T6284] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.688732][ T6284] ? trace_irq_disable+0x37/0x100 [ 139.688751][ T6284] ? clear_bhb_loop+0x60/0xb0 [ 139.688773][ T6284] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 139.688791][ T6284] RIP: 0033:0x7fecacddf749 [ 139.688808][ T6284] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 139.688822][ T6284] RSP: 002b:00007fecab025038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b5 [ 139.688842][ T6284] RAX: ffffffffffffffda RBX: 00007fecad036090 RCX: 00007fecacddf749 [ 139.688856][ T6284] RDX: 00002000000002c0 RSI: 0000200000000080 RDI: ffffffffffffff9c [ 139.688869][ T6284] RBP: 00007fecab025090 R08: 0000000000000000 R09: 0000000000000000 [ 139.688881][ T6284] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001 [ 139.688892][ T6284] R13: 00007fecad036128 R14: 00007fecad036090 R15: 00007fff8fdb6b98 [ 139.688922][ T6284] [ 140.816618][ T37] audit: type=1326 audit(1766932749.595:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6280 comm="syz.2.105" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f778ef8f749 code=0x0 [ 141.810773][ T6293] XFS (nullb0): Invalid superblock magic number [ 143.074973][ T6305] XFS (nullb0): Invalid superblock magic number [ 143.413216][ T11] block nbd0: Possible stuck request ffff888024bd5080: control (read@0,1024B). Runtime 30 seconds [ 143.414705][ T11] block nbd0: Possible stuck request ffff888024bd5240: control (read@1024,1024B). Runtime 30 seconds [ 143.414769][ T11] block nbd0: Possible stuck request ffff888024bd5400: control (read@2048,1024B). Runtime 30 seconds [ 143.414819][ T11] block nbd0: Possible stuck request ffff888024bd55c0: control (read@3072,1024B). Runtime 30 seconds [ 143.415250][ T11] block nbd0: Dead connection, failed to find a fallback [ 143.415269][ T11] block nbd0: shutting down sockets [ 143.415282][ T11] blk_print_req_error: 138 callbacks suppressed [ 143.415294][ T11] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 143.415320][ T11] buffer_io_error: 138 callbacks suppressed [ 143.415330][ T11] Buffer I/O error on dev nbd0, logical block 3, async page read [ 143.415400][ T11] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 143.415422][ T11] Buffer I/O error on dev nbd0, logical block 2, async page read [ 143.416424][ T11] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 143.420530][ T11] Buffer I/O error on dev nbd0, logical block 1, async page read [ 143.420572][ T11] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 143.420595][ T11] Buffer I/O error on dev nbd0, logical block 0, async page read [ 143.523597][ T5986] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 143.523643][ T5986] Buffer I/O error on dev nbd0, logical block 0, async page read [ 143.523821][ T5986] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 143.523855][ T5986] Buffer I/O error on dev nbd0, logical block 1, async page read [ 143.524038][ T5986] I/O error, dev nbd0, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 143.524101][ T5986] Buffer I/O error on dev nbd0, logical block 2, async page read [ 143.524279][ T5986] I/O error, dev nbd0, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 143.524334][ T5986] Buffer I/O error on dev nbd0, logical block 3, async page read [ 143.524488][ T5986] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 143.524511][ T5986] Buffer I/O error on dev nbd0, logical block 0, async page read [ 143.524637][ T5986] I/O error, dev nbd0, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 143.524705][ T5986] Buffer I/O error on dev nbd0, logical block 1, async page read [ 143.547830][ T5986] ldm_validate_partition_table(): Disk read failed. [ 143.548404][ T5986] Dev nbd0: unable to read RDB block 0 [ 143.569005][ T5986] nbd0: unable to read partition table [ 143.767032][ T5986] ldm_validate_partition_table(): Disk read failed. [ 143.767612][ T5986] Dev nbd0: unable to read RDB block 0 [ 143.768363][ T5986] nbd0: unable to read partition table [ 144.243369][ T804] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 144.393194][ T804] usb 4-1: Using ep0 maxpacket: 32 [ 144.401367][ T804] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.401401][ T804] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 144.401440][ T804] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 144.401464][ T804] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 144.408735][ T804] usb 4-1: config 0 descriptor?? [ 144.862060][ T804] ft260 0003:0403:6030.0005: item fetching failed at offset 0/2 [ 144.862828][ T804] ft260 0003:0403:6030.0005: failed to parse HID [ 144.862941][ T804] ft260 0003:0403:6030.0005: probe with driver ft260 failed with error -22 [ 145.003200][ T56] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 145.244134][ T56] usb 2-1: Using ep0 maxpacket: 16 [ 145.247561][ T56] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 145.247592][ T56] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 145.254788][ T56] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 145.254817][ T56] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.254881][ T56] usb 2-1: Product: syz [ 145.254895][ T56] usb 2-1: Manufacturer: syz [ 145.254907][ T56] usb 2-1: SerialNumber: syz [ 145.261924][ T56] usb 2-1: config 0 descriptor?? [ 145.381630][ T37] audit: type=1326 audit(1766932755.035:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6339 comm="syz.0.121" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f318e23f749 code=0x0 [ 146.743512][ T56] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 146.743548][ T56] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 146.856872][ T6346] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 147.170636][ T6344] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 147.171164][ T6344] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 147.952009][ T56] em28xx 2-1:0.0: unknown em28xx chip ID (10) [ 148.136847][ T56] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 148.137206][ T56] em28xx 2-1:0.0: AC97 chip type couldn't be determined [ 148.137239][ T56] em28xx 2-1:0.0: No AC97 audio processor [ 148.159998][ T56] usb 2-1: USB disconnect, device number 9 [ 148.169680][ T56] em28xx 2-1:0.0: Disconnecting em28xx [ 148.172323][ T56] em28xx 2-1:0.0: Freeing device [ 148.252478][ T6145] usb 4-1: USB disconnect, device number 7 [ 148.453133][ T5961] usb 5-1: new full-speed USB device number 9 using dummy_hcd [ 148.583201][ T5961] usb 5-1: device descriptor read/64, error -71 [ 148.723165][ T6145] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 148.843138][ T5961] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 148.853132][ T6145] usb 4-1: device descriptor read/64, error -71 [ 148.973251][ T5961] usb 5-1: device descriptor read/64, error -71 [ 149.094520][ T5961] usb usb5-port1: attempt power cycle [ 149.095760][ T6145] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 149.223133][ T6145] usb 4-1: device descriptor read/64, error -71 [ 149.333445][ T6145] usb usb4-port1: attempt power cycle [ 149.473220][ T5961] usb 5-1: new full-speed USB device number 11 using dummy_hcd [ 149.496455][ T5961] usb 5-1: device descriptor read/8, error -71 [ 149.544493][ T32] block nbd2: Possible stuck request ffff888024c50000: control (read@0,1024B). Runtime 30 seconds [ 149.545407][ T32] block nbd2: Possible stuck request ffff888024c501c0: control (read@1024,1024B). Runtime 30 seconds [ 149.545442][ T32] block nbd2: Possible stuck request ffff888024c50380: control (read@2048,1024B). Runtime 30 seconds [ 149.545470][ T32] block nbd2: Possible stuck request ffff888024c50540: control (read@3072,1024B). Runtime 30 seconds [ 149.673126][ T6145] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 149.706014][ T6145] usb 4-1: device descriptor read/8, error -71 [ 149.734164][ T5961] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 149.775909][ T5961] usb 5-1: device descriptor read/8, error -71 [ 149.885946][ T5961] usb usb5-port1: unable to enumerate USB device [ 150.069387][ T6145] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 150.248069][ T6145] usb 4-1: device descriptor read/8, error -71 [ 150.368175][ T37] audit: type=1326 audit(1766932760.045:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6379 comm="syz.0.134" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f318e23f749 code=0x0 [ 150.610127][ T6145] usb usb4-port1: unable to enumerate USB device [ 151.951086][ T6396] netlink: 52 bytes leftover after parsing attributes in process `syz.0.139'. [ 151.951109][ T6396] netlink: 4 bytes leftover after parsing attributes in process `syz.0.139'. [ 152.241327][ T6403] netlink: 12 bytes leftover after parsing attributes in process `syz.0.142'. [ 152.393331][ T5940] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 152.545194][ T5940] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 152.545225][ T5940] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.551577][ T5940] usb 3-1: config 0 descriptor?? [ 153.169813][ T5940] usb 3-1: Cannot set autoneg [ 153.170078][ T5940] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 153.181393][ T6408] netlink: 'syz.4.143': attribute type 13 has an invalid length. [ 153.220341][ T5940] usb 3-1: USB disconnect, device number 4 [ 155.021591][ T6412] netlink: 4 bytes leftover after parsing attributes in process `syz.3.144'. [ 155.635630][ T6408] gretap0: refused to change device tx_queue_len [ 155.635708][ T6408] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 157.165634][ T6440] XFS (nullb0): Invalid superblock magic number [ 158.695070][ T5999] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 158.844795][ T6456] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR [ 158.963802][ T5999] usb 5-1: Using ep0 maxpacket: 32 [ 158.967745][ T5999] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 158.967780][ T5999] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 158.967821][ T5999] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 158.967845][ T5999] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.971172][ T5999] usb 5-1: config 0 descriptor?? [ 158.979555][ T5999] hub 5-1:0.0: USB hub found [ 159.181783][ T5999] hub 5-1:0.0: config failed, can't read hub descriptor (err -90) [ 159.389295][ T6453] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 159.389798][ T6453] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 159.393353][ T6453] dlm: no locking on control device [ 159.605416][ T5999] usbhid 5-1:0.0: can't add hid device: -71 [ 159.605541][ T5999] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 159.644301][ T5999] usb 5-1: USB disconnect, device number 13 [ 159.700211][ T6472] FAULT_INJECTION: forcing a failure. [ 159.700211][ T6472] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 159.700242][ T6472] CPU: 0 UID: 0 PID: 6472 Comm: syz.3.162 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 159.700263][ T6472] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 159.700274][ T6472] Call Trace: [ 159.700281][ T6472] [ 159.700289][ T6472] dump_stack_lvl+0xe8/0x150 [ 159.700317][ T6472] should_fail_ex+0x46c/0x600 [ 159.700345][ T6472] _copy_from_user+0x2d/0xb0 [ 159.700364][ T6472] do_ip_getsockopt+0x25f/0x1b60 [ 159.700385][ T6472] ? __lock_acquire+0x6b6/0x2cf0 [ 159.700416][ T6472] ? __pfx_do_ip_getsockopt+0x10/0x10 [ 159.700445][ T6472] ? kstrtouint+0x6e/0xe0 [ 159.700468][ T6472] ? get_pid_task+0x20/0x1f0 [ 159.700497][ T6472] ? __lock_acquire+0x6b6/0x2cf0 [ 159.700523][ T6472] ? get_pid_task+0x20/0x1f0 [ 159.700544][ T6472] ? get_pid_task+0x20/0x1f0 [ 159.700574][ T6472] ? __lock_acquire+0x6b6/0x2cf0 [ 159.700601][ T6472] ? __might_fault+0xb0/0x130 [ 159.700628][ T6472] ip_getsockopt+0xbb/0x220 [ 159.700656][ T6472] ? __pfx_ip_getsockopt+0x10/0x10 [ 159.700681][ T6472] ? sctp_getsockopt+0x9b/0xb90 [ 159.700705][ T6472] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 159.700726][ T6472] do_sock_getsockopt+0x2b4/0x3d0 [ 159.700750][ T6472] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 159.700772][ T6472] ? __fget_files+0x3a6/0x420 [ 159.700791][ T6472] ? __fget_files+0x2a/0x420 [ 159.700816][ T6472] __x64_sys_getsockopt+0x1ab/0x250 [ 159.700854][ T6472] do_syscall_64+0xec/0xf80 [ 159.700873][ T6472] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.700889][ T6472] ? trace_irq_disable+0x37/0x100 [ 159.700908][ T6472] ? clear_bhb_loop+0x60/0xb0 [ 159.700929][ T6472] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 159.700947][ T6472] RIP: 0033:0x7fecacddf749 [ 159.700963][ T6472] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 159.700978][ T6472] RSP: 002b:00007fecab046038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 159.700997][ T6472] RAX: ffffffffffffffda RBX: 00007fecad035fa0 RCX: 00007fecacddf749 [ 159.701011][ T6472] RDX: 0000000000000029 RSI: 0000000000000000 RDI: 0000000000000003 [ 159.701022][ T6472] RBP: 00007fecab046090 R08: 0000200000000080 R09: 0000000000000000 [ 159.701033][ T6472] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 159.701043][ T6472] R13: 00007fecad036038 R14: 00007fecad035fa0 R15: 00007fff8fdb6b98 [ 159.701071][ T6472] [ 160.172019][ T6483] netlink: 'syz.2.165': attribute type 11 has an invalid length. [ 160.274867][ T5972] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 160.277009][ T6488] netlink: 16 bytes leftover after parsing attributes in process `syz.2.165'. [ 161.103162][ T5972] usb 1-1: Using ep0 maxpacket: 16 [ 161.108518][ T5972] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 161.108551][ T5972] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 161.145246][ T5972] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 161.145265][ T5972] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.145275][ T5972] usb 1-1: Product: syz [ 161.145283][ T5972] usb 1-1: Manufacturer: syz [ 161.145291][ T5972] usb 1-1: SerialNumber: syz [ 161.214989][ T5972] usb 1-1: config 0 descriptor?? [ 161.607473][ T5972] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 161.607496][ T5972] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 162.133090][ T6493] workqueue: Failed to create a rescuer kthread for wq "xfs-reclaim/nullb0": -EINTR [ 162.139151][ T5972] em28xx 1-1:0.0: chip ID is em2874 [ 162.215359][ T6500] FAULT_INJECTION: forcing a failure. [ 162.215359][ T6500] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 162.215392][ T6500] CPU: 1 UID: 0 PID: 6500 Comm: syz.2.169 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 162.215413][ T6500] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 162.215424][ T6500] Call Trace: [ 162.215431][ T6500] [ 162.215439][ T6500] dump_stack_lvl+0xe8/0x150 [ 162.215468][ T6500] should_fail_ex+0x46c/0x600 [ 162.215498][ T6500] _copy_to_user+0x31/0xb0 [ 162.215516][ T6500] simple_read_from_buffer+0xe1/0x170 [ 162.215540][ T6500] proc_fail_nth_read+0x1b6/0x220 [ 162.215567][ T6500] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 162.215594][ T6500] ? rw_verify_area+0x2ac/0x4e0 [ 162.215618][ T6500] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 162.215643][ T6500] vfs_read+0x206/0xa30 [ 162.215675][ T6500] ? __pfx_vfs_read+0x10/0x10 [ 162.215700][ T6500] ? __pfx_do_tcp_setsockopt+0x10/0x10 [ 162.215724][ T6500] ? do_sys_openat2+0x15a/0x200 [ 162.215798][ T6500] ksys_read+0x14b/0x260 [ 162.215825][ T6500] ? __pfx_ksys_read+0x10/0x10 [ 162.215859][ T6500] do_syscall_64+0xec/0xf80 [ 162.215878][ T6500] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.215895][ T6500] ? trace_irq_disable+0x37/0x100 [ 162.215912][ T6500] ? clear_bhb_loop+0x60/0xb0 [ 162.215930][ T6500] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.215944][ T6500] RIP: 0033:0x7f778ef8e15c [ 162.215961][ T6500] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 162.215974][ T6500] RSP: 002b:00007f778d1ee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 162.215992][ T6500] RAX: ffffffffffffffda RBX: 00007f778f1e5fa0 RCX: 00007f778ef8e15c [ 162.216004][ T6500] RDX: 000000000000000f RSI: 00007f778d1ee0a0 RDI: 0000000000000004 [ 162.216016][ T6500] RBP: 00007f778d1ee090 R08: 0000000000000000 R09: 0000000000000000 [ 162.216027][ T6500] R10: 0000200000000100 R11: 0000000000000246 R12: 0000000000000001 [ 162.216037][ T6500] R13: 00007f778f1e6038 R14: 00007f778f1e5fa0 R15: 00007ffdfe1737e8 [ 162.216064][ T6500] [ 162.475117][ T5972] usb 1-1: USB disconnect, device number 4 [ 162.478092][ T5972] em28xx 1-1:0.0: Disconnecting em28xx [ 162.528055][ T5972] em28xx 1-1:0.0: Freeing device [ 163.106155][ T6506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.171'. [ 163.106211][ T6506] netlink: 8 bytes leftover after parsing attributes in process `syz.4.171'. [ 163.513184][ T6145] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 163.735874][ T6145] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 163.735904][ T6145] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 163.735941][ T6145] usb 1-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice= 0.00 [ 163.735963][ T6145] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 163.806156][ T6145] usb 1-1: config 0 descriptor?? [ 164.136422][ T6145] usb 1-1: string descriptor 0 read error: -71 [ 164.158199][ T6145] usbhid 1-1:0.0: can't add hid device: -71 [ 164.158285][ T6145] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 164.188255][ T6145] usb 1-1: USB disconnect, device number 5 [ 164.389176][ T6527] FAULT_INJECTION: forcing a failure. [ 164.389176][ T6527] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 164.389209][ T6527] CPU: 1 UID: 0 PID: 6527 Comm: syz.2.179 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 164.389230][ T6527] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 164.389240][ T6527] Call Trace: [ 164.389247][ T6527] [ 164.389253][ T6527] dump_stack_lvl+0xe8/0x150 [ 164.389279][ T6527] should_fail_ex+0x46c/0x600 [ 164.389312][ T6527] _copy_from_user+0x2d/0xb0 [ 164.389332][ T6527] __se_sys_rt_tgsigqueueinfo+0x39e/0x490 [ 164.389356][ T6527] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 164.389384][ T6527] ? __pfx___se_sys_rt_tgsigqueueinfo+0x10/0x10 [ 164.389414][ T6527] ? ksys_write+0x230/0x260 [ 164.389453][ T6527] do_syscall_64+0xec/0xf80 [ 164.389471][ T6527] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.389494][ T6527] ? trace_irq_disable+0x37/0x100 [ 164.389513][ T6527] ? clear_bhb_loop+0x60/0xb0 [ 164.389536][ T6527] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 164.389553][ T6527] RIP: 0033:0x7f778ef8f749 [ 164.389569][ T6527] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 164.389583][ T6527] RSP: 002b:00007f778d1ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000129 [ 164.389602][ T6527] RAX: ffffffffffffffda RBX: 00007f778f1e5fa0 RCX: 00007f778ef8f749 [ 164.389615][ T6527] RDX: 000000000000001d RSI: 0000000000000000 RDI: 0000000000000000 [ 164.389625][ T6527] RBP: 00007f778d1ee090 R08: 0000000000000000 R09: 0000000000000000 [ 164.389636][ T6527] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 164.389646][ T6527] R13: 00007f778f1e6038 R14: 00007f778f1e5fa0 R15: 00007ffdfe1737e8 [ 164.389675][ T6527] [ 164.632571][ T5890] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 164.793153][ T5890] usb 4-1: Using ep0 maxpacket: 32 [ 164.797049][ T5890] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 164.797076][ T5890] usb 4-1: config 0 has no interface number 0 [ 164.797121][ T5890] usb 4-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 164.797143][ T5890] usb 4-1: config 0 interface 1 has no altsetting 0 [ 164.808409][ T5890] usb 4-1: New USB device found, idVendor=0572, idProduct=58a2, bcdDevice=27.0a [ 164.808438][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.808457][ T5890] usb 4-1: Product: syz [ 164.808470][ T5890] usb 4-1: Manufacturer: syz [ 164.808482][ T5890] usb 4-1: SerialNumber: syz [ 164.835497][ T5890] usb 4-1: config 0 descriptor?? [ 164.893195][ T5999] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 165.044481][ T5999] usb 3-1: Using ep0 maxpacket: 16 [ 165.056068][ T5999] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 165.056094][ T5999] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 165.067336][ T5999] usb 3-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 165.067425][ T5999] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.067455][ T5999] usb 3-1: Product: syz [ 165.067470][ T5999] usb 3-1: Manufacturer: syz [ 165.067485][ T5999] usb 3-1: SerialNumber: syz [ 165.092142][ T6525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.097631][ T6525] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 165.116506][ T5999] usb 3-1: config 0 descriptor?? [ 166.585340][ T6546] vivid-000: disconnect [ 168.289621][ T6545] vivid-000: reconnect [ 168.297017][ T5890] cx231xx 4-1:0.1: New device syz syz @ 480 Mbps (0572:58a2) with 1 interfaces [ 168.297049][ T5890] cx231xx 4-1:0.1: Not found matching IAD interface [ 168.378522][ T5890] usb 4-1: USB disconnect, device number 12 [ 168.473973][ T804] usb 3-1: USB disconnect, device number 5 [ 170.003226][ T5890] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 170.165693][ T5890] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 170.165742][ T5890] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 170.165764][ T5890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.169620][ T6562] nbd5: detected capacity change from 0 to 127 [ 170.170094][ T6565] netlink: 64 bytes leftover after parsing attributes in process `syz.2.191'. [ 170.170255][ T6565] block nbd0: reconnected socket [ 170.174578][ T5890] usb 4-1: config 0 descriptor?? [ 170.191829][ T5890] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 170.250749][ T5812] block nbd5: Receive control failed (result -32) [ 170.264912][ T5856] block nbd5: Dead connection, failed to find a fallback [ 170.264937][ T5856] block nbd5: shutting down sockets [ 170.264949][ T5856] blk_print_req_error: 138 callbacks suppressed [ 170.264961][ T5856] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 170.264985][ T5856] buffer_io_error: 138 callbacks suppressed [ 170.264995][ T5856] Buffer I/O error on dev nbd5, logical block 0, async page read [ 170.265051][ T5856] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 170.265071][ T5856] Buffer I/O error on dev nbd5, logical block 1, async page read [ 170.265118][ T5856] I/O error, dev nbd5, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 170.265137][ T5856] Buffer I/O error on dev nbd5, logical block 2, async page read [ 170.265181][ T5856] I/O error, dev nbd5, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 170.265203][ T5856] Buffer I/O error on dev nbd5, logical block 3, async page read [ 170.265260][ T5856] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 170.265282][ T5856] Buffer I/O error on dev nbd5, logical block 0, async page read [ 170.265327][ T5856] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 170.265349][ T5856] Buffer I/O error on dev nbd5, logical block 1, async page read [ 170.265393][ T5856] I/O error, dev nbd5, sector 4 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 170.265415][ T5856] Buffer I/O error on dev nbd5, logical block 2, async page read [ 170.265460][ T5856] I/O error, dev nbd5, sector 6 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 170.265482][ T5856] Buffer I/O error on dev nbd5, logical block 3, async page read [ 170.265535][ T5856] I/O error, dev nbd5, sector 0 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 170.265557][ T5856] Buffer I/O error on dev nbd5, logical block 0, async page read [ 170.265603][ T5856] I/O error, dev nbd5, sector 2 op 0x0:(READ) flags 0x800000 phys_seg 1 prio class 2 [ 170.265625][ T5856] Buffer I/O error on dev nbd5, logical block 1, async page read [ 170.266517][ T5856] ldm_validate_partition_table(): Disk read failed. [ 170.267116][ T5856] Dev nbd5: unable to read RDB block 0 [ 170.267868][ T5856] nbd5: unable to read partition table [ 170.303698][ T5815] block nbd0: Receive control failed (result -32) [ 170.363248][ T5856] ldm_validate_partition_table(): Disk read failed. [ 170.363837][ T5856] Dev nbd5: unable to read RDB block 0 [ 170.364583][ T5856] nbd5: unable to read partition table [ 170.888088][ T6574] vivid-000: disconnect [ 171.151675][ T6591] netlink: 'syz.4.201': attribute type 1 has an invalid length. [ 171.323233][ T804] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 171.483138][ T804] usb 3-1: Using ep0 maxpacket: 32 [ 171.485916][ T804] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 171.485950][ T804] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.485988][ T804] usb 3-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 171.486012][ T804] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.505519][ T804] usb 3-1: config 0 descriptor?? [ 171.686971][ T6573] vivid-000: reconnect [ 172.178326][ T804] ft260 0003:0403:6030.0006: item fetching failed at offset 0/2 [ 172.180786][ T804] ft260 0003:0403:6030.0006: failed to parse HID [ 172.180897][ T804] ft260 0003:0403:6030.0006: probe with driver ft260 failed with error -22 [ 172.970394][ T5910] usb 4-1: USB disconnect, device number 13 [ 173.356892][ T6617] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 173.401767][ T6619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 173.402362][ T6619] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 173.458650][ T6622] FAULT_INJECTION: forcing a failure. [ 173.458650][ T6622] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 173.458683][ T6622] CPU: 1 UID: 0 PID: 6622 Comm: syz.4.212 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 173.458705][ T6622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 173.458715][ T6622] Call Trace: [ 173.458722][ T6622] [ 173.458730][ T6622] dump_stack_lvl+0xe8/0x150 [ 173.458758][ T6622] should_fail_ex+0x46c/0x600 [ 173.458787][ T6622] _copy_from_user+0x2d/0xb0 [ 173.458806][ T6622] do_ipv6_getsockopt+0x2b0/0x2300 [ 173.458835][ T6622] ? __pfx_do_ipv6_getsockopt+0x10/0x10 [ 173.458857][ T6622] ? kstrtoull+0x12f/0x1d0 [ 173.458882][ T6622] ? kstrtouint+0x6e/0xe0 [ 173.458905][ T6622] ? get_pid_task+0x20/0x1f0 [ 173.458934][ T6622] ? __lock_acquire+0x6b6/0x2cf0 [ 173.458961][ T6622] ? get_pid_task+0x20/0x1f0 [ 173.458982][ T6622] ? get_pid_task+0x20/0x1f0 [ 173.459012][ T6622] ? __lock_acquire+0x6b6/0x2cf0 [ 173.459040][ T6622] ? __might_fault+0xb0/0x130 [ 173.459080][ T6622] ipv6_getsockopt+0xbd/0x290 [ 173.459104][ T6622] ? __pfx_ipv6_getsockopt+0x10/0x10 [ 173.459128][ T6622] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 173.459147][ T6622] do_sock_getsockopt+0x2b4/0x3d0 [ 173.459172][ T6622] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 173.459194][ T6622] ? __fget_files+0x3a6/0x420 [ 173.459213][ T6622] ? __fget_files+0x2a/0x420 [ 173.459239][ T6622] __x64_sys_getsockopt+0x1ab/0x250 [ 173.459269][ T6622] do_syscall_64+0xec/0xf80 [ 173.459288][ T6622] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.459305][ T6622] ? trace_irq_disable+0x37/0x100 [ 173.459324][ T6622] ? clear_bhb_loop+0x60/0xb0 [ 173.459346][ T6622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 173.459363][ T6622] RIP: 0033:0x7f15dbaaf749 [ 173.459379][ T6622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 173.459392][ T6622] RSP: 002b:00007f15d9d0e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 173.459412][ T6622] RAX: ffffffffffffffda RBX: 00007f15dbd05fa0 RCX: 00007f15dbaaf749 [ 173.459426][ T6622] RDX: 0000000000000030 RSI: 0000000000000029 RDI: 0000000000000003 [ 173.459436][ T6622] RBP: 00007f15d9d0e090 R08: 0000200000000080 R09: 0000000000000000 [ 173.459446][ T6622] R10: 0000200000000180 R11: 0000000000000246 R12: 0000000000000001 [ 173.459457][ T6622] R13: 00007f15dbd06038 R14: 00007f15dbd05fa0 R15: 00007ffe0d2cd9b8 [ 173.459491][ T6622] [ 173.573800][ T6624] syz.0.211 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 173.582790][ T6624] pimreg: entered allmulticast mode [ 173.610300][ T6624] pimreg: left allmulticast mode [ 173.923802][ T6017] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 174.100400][ T6017] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.100431][ T6017] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 174.100476][ T6017] usb 4-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice= 0.00 [ 174.100491][ T6017] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.110710][ T6017] usb 4-1: config 0 descriptor?? [ 174.133504][ T6635] netlink: 12 bytes leftover after parsing attributes in process `syz.4.213'. [ 174.303475][ T5972] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 174.413158][ T6017] usb 4-1: string descriptor 0 read error: -71 [ 174.443288][ T6017] usbhid 4-1:0.0: can't add hid device: -71 [ 174.443411][ T6017] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 174.461833][ T6017] usb 4-1: USB disconnect, device number 14 [ 174.504879][ T5972] usb 1-1: Using ep0 maxpacket: 32 [ 174.525046][ T5972] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.525082][ T5972] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.525122][ T5972] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 174.525145][ T5972] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.572230][ T5972] usb 1-1: config 0 descriptor?? [ 174.634867][ T10] usb 3-1: USB disconnect, device number 6 [ 175.003820][ T5972] ft260 0003:0403:6030.0007: item fetching failed at offset 0/2 [ 175.004532][ T5972] ft260 0003:0403:6030.0007: failed to parse HID [ 175.004634][ T5972] ft260 0003:0403:6030.0007: probe with driver ft260 failed with error -22 [ 175.105500][ T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 175.262440][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 175.262495][ T10] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 175.262518][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 175.309255][ T10] usb 3-1: config 0 descriptor?? [ 175.320844][ T10] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 175.797667][ T6649] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 175.798429][ T6649] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 177.018857][ T6672] FAULT_INJECTION: forcing a failure. [ 177.018857][ T6672] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 177.018888][ T6672] CPU: 1 UID: 0 PID: 6672 Comm: syz.3.229 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 177.018918][ T6672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 177.018928][ T6672] Call Trace: [ 177.018935][ T6672] [ 177.018944][ T6672] dump_stack_lvl+0xe8/0x150 [ 177.018973][ T6672] should_fail_ex+0x46c/0x600 [ 177.019002][ T6672] _copy_to_user+0x31/0xb0 [ 177.019023][ T6672] simple_read_from_buffer+0xe1/0x170 [ 177.019045][ T6672] proc_fail_nth_read+0x1b6/0x220 [ 177.019072][ T6672] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 177.019098][ T6672] ? rw_verify_area+0x2ac/0x4e0 [ 177.019121][ T6672] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 177.019147][ T6672] vfs_read+0x206/0xa30 [ 177.019178][ T6672] ? __pfx_vfs_read+0x10/0x10 [ 177.019203][ T6672] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 177.019222][ T6672] ? lockdep_hardirqs_on+0x7b/0x110 [ 177.019239][ T6672] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 177.019256][ T6672] ? mutex_lock_nested+0x154/0x1d0 [ 177.019277][ T6672] ? fdget_pos+0x253/0x320 [ 177.019306][ T6672] ksys_read+0x14b/0x260 [ 177.019331][ T6672] ? __pfx_ksys_read+0x10/0x10 [ 177.019365][ T6672] do_syscall_64+0xec/0xf80 [ 177.019382][ T6672] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.019401][ T6672] ? clear_bhb_loop+0x60/0xb0 [ 177.019423][ T6672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 177.019440][ T6672] RIP: 0033:0x7fecacdde15c [ 177.019457][ T6672] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 177.019471][ T6672] RSP: 002b:00007fecab046030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 177.019491][ T6672] RAX: ffffffffffffffda RBX: 00007fecad035fa0 RCX: 00007fecacdde15c [ 177.019505][ T6672] RDX: 000000000000000f RSI: 00007fecab0460a0 RDI: 0000000000000004 [ 177.019517][ T6672] RBP: 00007fecab046090 R08: 0000000000000000 R09: 0000000000000000 [ 177.019529][ T6672] R10: 0000200000000200 R11: 0000000000000246 R12: 0000000000000001 [ 177.019540][ T6672] R13: 00007fecad036038 R14: 00007fecad035fa0 R15: 00007fff8fdb6b98 [ 177.019572][ T6672] [ 177.260339][ T10] usb 1-1: USB disconnect, device number 6 [ 177.373236][ T5999] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 177.521668][ T6680] netlink: 12 bytes leftover after parsing attributes in process `syz.0.233'. [ 177.536718][ T5999] usb 4-1: unable to get BOS descriptor or descriptor too short [ 177.537282][ T5999] usb 4-1: not running at top speed; connect to a high speed hub [ 177.538493][ T5999] usb 4-1: config 2 has an invalid interface number: 254 but max is 0 [ 177.538517][ T5999] usb 4-1: config 2 has an invalid descriptor of length 36, skipping remainder of the config [ 177.538536][ T5999] usb 4-1: config 2 has no interface number 0 [ 177.538568][ T5999] usb 4-1: config 2 interface 254 has no altsetting 0 [ 177.540821][ T5999] usb 4-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=20.52 [ 177.540848][ T5999] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.540868][ T5999] usb 4-1: Product: syz [ 177.540881][ T5999] usb 4-1: Manufacturer: syz [ 177.540968][ T5999] usb 4-1: SerialNumber: syz [ 177.773738][ T56] usb 3-1: USB disconnect, device number 7 [ 178.069249][ T5999] ims_pcu 4-1:2.254: Missing CDC union descriptor [ 178.069320][ T5999] ims_pcu 4-1:2.254: probe with driver ims_pcu failed with error -22 [ 178.085133][ T5999] usb 4-1: USB disconnect, device number 15 [ 178.186720][ T6686] netlink: 'syz.2.234': attribute type 13 has an invalid length. [ 179.331262][ T6686] gretap0: refused to change device tx_queue_len [ 179.331288][ T6686] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 179.692628][ T32] block nbd2: Possible stuck request ffff888024c50000: control (read@0,1024B). Runtime 60 seconds [ 179.692672][ T32] block nbd2: Possible stuck request ffff888024c501c0: control (read@1024,1024B). Runtime 60 seconds [ 179.692698][ T32] block nbd2: Possible stuck request ffff888024c50380: control (read@2048,1024B). Runtime 60 seconds [ 179.692723][ T32] block nbd2: Possible stuck request ffff888024c50540: control (read@3072,1024B). Runtime 60 seconds [ 179.782700][ T6698] netlink: 12 bytes leftover after parsing attributes in process `syz.3.238'. [ 181.532554][ T5812] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 181.549935][ T5812] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 181.567019][ T5812] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 181.568309][ T5812] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 181.569142][ T5812] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 183.310952][ T6728] FAULT_INJECTION: forcing a failure. [ 183.310952][ T6728] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.310984][ T6728] CPU: 0 UID: 0 PID: 6728 Comm: syz.2.246 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 183.311005][ T6728] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 183.311015][ T6728] Call Trace: [ 183.311023][ T6728] [ 183.311031][ T6728] dump_stack_lvl+0xe8/0x150 [ 183.311058][ T6728] should_fail_ex+0x46c/0x600 [ 183.311088][ T6728] _copy_to_user+0x31/0xb0 [ 183.311108][ T6728] simple_read_from_buffer+0xe1/0x170 [ 183.311132][ T6728] proc_fail_nth_read+0x1b6/0x220 [ 183.311159][ T6728] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 183.311187][ T6728] ? rw_verify_area+0x2ac/0x4e0 [ 183.311209][ T6728] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 183.311234][ T6728] vfs_read+0x206/0xa30 [ 183.311266][ T6728] ? __pfx_vfs_read+0x10/0x10 [ 183.311291][ T6728] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 183.311311][ T6728] ? lockdep_hardirqs_on+0x7b/0x110 [ 183.311328][ T6728] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 183.311345][ T6728] ? mutex_lock_nested+0x154/0x1d0 [ 183.311365][ T6728] ? fdget_pos+0x253/0x320 [ 183.311388][ T6728] ksys_read+0x14b/0x260 [ 183.311412][ T6728] ? __pfx_ksys_read+0x10/0x10 [ 183.311446][ T6728] do_syscall_64+0xec/0xf80 [ 183.311464][ T6728] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.311482][ T6728] ? trace_irq_disable+0x37/0x100 [ 183.311501][ T6728] ? clear_bhb_loop+0x60/0xb0 [ 183.311523][ T6728] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.311541][ T6728] RIP: 0033:0x7f778ef8e15c [ 183.311557][ T6728] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 183.311582][ T6728] RSP: 002b:00007f778d1ee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 183.311601][ T6728] RAX: ffffffffffffffda RBX: 00007f778f1e5fa0 RCX: 00007f778ef8e15c [ 183.311614][ T6728] RDX: 000000000000000f RSI: 00007f778d1ee0a0 RDI: 0000000000000005 [ 183.311626][ T6728] RBP: 00007f778d1ee090 R08: 0000000000000000 R09: 0000000000000000 [ 183.311637][ T6728] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.311648][ T6728] R13: 00007f778f1e6038 R14: 00007f778f1e5fa0 R15: 00007ffdfe1737e8 [ 183.311676][ T6728] [ 183.317624][ T6729] netlink: 'syz.4.245': attribute type 13 has an invalid length. [ 183.565359][ T6729] gretap0: refused to change device tx_queue_len [ 183.565382][ T6729] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 183.583364][ T5815] Bluetooth: hci5: command tx timeout [ 183.595673][ T6734] netlink: 12 bytes leftover after parsing attributes in process `syz.2.247'. [ 185.370338][ T6708] chnl_net:caif_netlink_parms(): no params data found [ 185.510948][ T6745] Invalid source name [ 185.664440][ T5815] Bluetooth: hci5: command tx timeout [ 186.737338][ T6764] FAULT_INJECTION: forcing a failure. [ 186.737338][ T6764] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 186.737371][ T6764] CPU: 0 UID: 0 PID: 6764 Comm: syz.3.254 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 186.737394][ T6764] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 186.737405][ T6764] Call Trace: [ 186.737412][ T6764] [ 186.737421][ T6764] dump_stack_lvl+0xe8/0x150 [ 186.737459][ T6764] should_fail_ex+0x46c/0x600 [ 186.737489][ T6764] _copy_to_user+0x31/0xb0 [ 186.737510][ T6764] simple_read_from_buffer+0xe1/0x170 [ 186.737534][ T6764] proc_fail_nth_read+0x1b6/0x220 [ 186.737563][ T6764] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 186.737590][ T6764] ? rw_verify_area+0x2ac/0x4e0 [ 186.737613][ T6764] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 186.737640][ T6764] vfs_read+0x206/0xa30 [ 186.737672][ T6764] ? __pfx_vfs_read+0x10/0x10 [ 186.737697][ T6764] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 186.737717][ T6764] ? lockdep_hardirqs_on+0x7b/0x110 [ 186.737735][ T6764] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 186.737753][ T6764] ? mutex_lock_nested+0x154/0x1d0 [ 186.737775][ T6764] ? fdget_pos+0x253/0x320 [ 186.737804][ T6764] ksys_read+0x14b/0x260 [ 186.737834][ T6764] ? __pfx_ksys_read+0x10/0x10 [ 186.737868][ T6764] do_syscall_64+0xec/0xf80 [ 186.737886][ T6764] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.737904][ T6764] ? trace_irq_disable+0x37/0x100 [ 186.737923][ T6764] ? clear_bhb_loop+0x60/0xb0 [ 186.737945][ T6764] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.737963][ T6764] RIP: 0033:0x7fecacdde15c [ 186.737980][ T6764] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 186.737995][ T6764] RSP: 002b:00007fecab046030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 186.738015][ T6764] RAX: ffffffffffffffda RBX: 00007fecad035fa0 RCX: 00007fecacdde15c [ 186.738029][ T6764] RDX: 000000000000000f RSI: 00007fecab0460a0 RDI: 0000000000000003 [ 186.738041][ T6764] RBP: 00007fecab046090 R08: 0000000000000000 R09: 0000000000000000 [ 186.738053][ T6764] R10: 0000200000000440 R11: 0000000000000246 R12: 0000000000000001 [ 186.738064][ T6764] R13: 00007fecad036038 R14: 00007fecad035fa0 R15: 00007fff8fdb6b98 [ 186.738096][ T6764] [ 186.803190][ T6766] netlink: 64 bytes leftover after parsing attributes in process `syz.0.255'. [ 186.803221][ T6766] netlink: 8 bytes leftover after parsing attributes in process `syz.0.255'. [ 187.356531][ T6708] bridge0: port 1(bridge_slave_0) entered blocking state [ 187.356785][ T6708] bridge0: port 1(bridge_slave_0) entered disabled state [ 187.357015][ T6708] bridge_slave_0: entered allmulticast mode [ 187.361939][ T6708] bridge_slave_0: entered promiscuous mode [ 187.392653][ T6708] bridge0: port 2(bridge_slave_1) entered blocking state [ 187.392723][ T6708] bridge0: port 2(bridge_slave_1) entered disabled state [ 187.392859][ T6708] bridge_slave_1: entered allmulticast mode [ 188.289967][ T5815] Bluetooth: hci5: command tx timeout [ 188.333700][ T6708] bridge_slave_1: entered promiscuous mode [ 188.343253][ T5999] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 188.559603][ T5999] usb 1-1: unable to get BOS descriptor or descriptor too short [ 188.560143][ T5999] usb 1-1: not running at top speed; connect to a high speed hub [ 188.561777][ T5999] usb 1-1: config 2 has an invalid interface number: 254 but max is 0 [ 188.561802][ T5999] usb 1-1: config 2 has an invalid descriptor of length 36, skipping remainder of the config [ 188.561822][ T5999] usb 1-1: config 2 has no interface number 0 [ 188.561853][ T5999] usb 1-1: config 2 interface 254 has no altsetting 0 [ 188.579095][ T5999] usb 1-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=20.52 [ 188.579125][ T5999] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.579145][ T5999] usb 1-1: Product: syz [ 188.579159][ T5999] usb 1-1: Manufacturer: syz [ 188.579175][ T5999] usb 1-1: SerialNumber: syz [ 188.900316][ T5999] ims_pcu 1-1:2.254: Missing CDC union descriptor [ 188.900354][ T5999] ims_pcu 1-1:2.254: probe with driver ims_pcu failed with error -22 [ 188.918700][ T5999] usb 1-1: USB disconnect, device number 7 [ 188.947704][ T6708] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 188.951767][ T6708] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 189.355529][ T6708] team0: Port device team_slave_0 added [ 189.361135][ T6708] team0: Port device team_slave_1 added [ 190.403256][ T37] audit: type=1326 audit(1766932799.185:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6788 comm="syz.4.262" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15dbaaf749 code=0x0 [ 190.698607][ T5815] Bluetooth: hci5: command tx timeout [ 190.948839][ T6796] process 'syz.2.263' launched './file0' with NULL argv: empty string added [ 191.048629][ T6801] vivid-000: disconnect [ 191.185987][ T6800] sp0: Synchronizing with TNC [ 191.189537][ T6708] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 191.189548][ T6708] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.189562][ T6708] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 191.212590][ T6708] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 191.212606][ T6708] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 191.212630][ T6708] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 191.420295][ T6794] [U] è [ 191.777698][ T6798] vivid-000: reconnect [ 192.149849][ T6817] netlink: 32 bytes leftover after parsing attributes in process `syz.2.271'. [ 192.166678][ T6708] hsr_slave_0: entered promiscuous mode [ 192.185704][ T6708] hsr_slave_1: entered promiscuous mode [ 192.186689][ T6708] debugfs: 'hsr0' already exists in 'hsr' [ 192.186712][ T6708] Cannot create hsr debugfs directory [ 192.541139][ T6823] mmap: syz.2.273 (6823) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 194.267276][ T37] audit: type=1326 audit(1766932803.935:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6829 comm="syz.2.274" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f778ef8f749 code=0x0 [ 195.053338][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.058053][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.128732][ T6835] netlink: 12 bytes leftover after parsing attributes in process `syz.0.275'. [ 195.614330][ T6840] 9p: Bad value for 'rfdno' [ 196.415712][ T6842] FAULT_INJECTION: forcing a failure. [ 196.415712][ T6842] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 196.415749][ T6842] CPU: 1 UID: 0 PID: 6842 Comm: syz.2.277 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 196.415775][ T6842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 196.415790][ T6842] Call Trace: [ 196.415797][ T6842] [ 196.415805][ T6842] dump_stack_lvl+0xe8/0x150 [ 196.415833][ T6842] should_fail_ex+0x46c/0x600 [ 196.415862][ T6842] strncpy_from_user+0x36/0x2c0 [ 196.415888][ T6842] getname_flags+0xf3/0x540 [ 196.415912][ T6842] __x64_sys_execve+0x7a/0xb0 [ 196.415937][ T6842] do_syscall_64+0xec/0xf80 [ 196.415956][ T6842] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.415973][ T6842] ? trace_irq_disable+0x37/0x100 [ 196.415992][ T6842] ? clear_bhb_loop+0x60/0xb0 [ 196.416014][ T6842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 196.416032][ T6842] RIP: 0033:0x7f778ef8f749 [ 196.416049][ T6842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 196.416063][ T6842] RSP: 002b:00007f778d1ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000003b [ 196.416083][ T6842] RAX: ffffffffffffffda RBX: 00007f778f1e5fa0 RCX: 00007f778ef8f749 [ 196.416097][ T6842] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000000 [ 196.416109][ T6842] RBP: 00007f778d1ee090 R08: 0000000000000000 R09: 0000000000000000 [ 196.416121][ T6842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 196.416133][ T6842] R13: 00007f778f1e6038 R14: 00007f778f1e5fa0 R15: 00007ffdfe1737e8 [ 196.416164][ T6842] [ 196.565954][ T6847] netlink: 8 bytes leftover after parsing attributes in process `syz.3.279'. [ 196.565986][ T6847] netlink: 28 bytes leftover after parsing attributes in process `syz.3.279'. [ 196.589517][ T6848] vivid-008: disconnect [ 196.785897][ T6847] ip6gretap1: entered allmulticast mode [ 198.265556][ T6843] vivid-008: reconnect [ 198.643928][ T6862] netlink: 16 bytes leftover after parsing attributes in process `syz.3.282'. [ 198.643962][ T6862] netlink: 12 bytes leftover after parsing attributes in process `syz.3.282'. [ 198.957080][ T6708] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 199.048458][ T6708] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 199.216195][ T6708] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 200.243099][ T37] audit: type=1326 audit(1766932809.045:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6871 comm="syz.3.286" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fecacddf749 code=0x0 [ 200.613470][ T6708] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 200.883356][ T5910] usb 4-1: new low-speed USB device number 16 using dummy_hcd [ 201.069995][ T5910] usb 4-1: config index 0 descriptor too short (expected 12580, got 36) [ 201.070023][ T5910] usb 4-1: config 83 has too many interfaces: 42, using maximum allowed: 32 [ 201.070045][ T5910] usb 4-1: config 83 has 1 interface, different from the descriptor's value: 42 [ 201.070178][ T5910] usb 4-1: config 83 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 201.070235][ T5910] usb 4-1: config 83 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.070259][ T5910] usb 4-1: config 83 interface 0 has no altsetting 0 [ 201.070360][ T5910] usb 4-1: New USB device found, idVendor=16c0, idProduct=75e1, bcdDevice= 0.00 [ 201.070424][ T5910] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.460979][ T6887] XFS (nullb0): Invalid superblock magic number [ 203.737455][ T5910] usb 4-1: string descriptor 0 read error: -71 [ 203.756169][ T5910] usbhid 4-1:83.0: can't add hid device: -71 [ 203.756274][ T5910] usbhid 4-1:83.0: probe with driver usbhid failed with error -71 [ 203.811912][ T5910] usb 4-1: USB disconnect, device number 16 [ 204.478376][ T6903] XFS (nullb0): Invalid superblock magic number [ 205.641636][ T6708] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.018769][ T6708] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.041327][ T3461] bridge0: port 1(bridge_slave_0) entered blocking state [ 206.041914][ T3461] bridge0: port 1(bridge_slave_0) entered forwarding state [ 206.073181][ T5940] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 206.093573][ T3461] bridge0: port 2(bridge_slave_1) entered blocking state [ 206.093714][ T3461] bridge0: port 2(bridge_slave_1) entered forwarding state [ 206.223300][ T5940] usb 1-1: Using ep0 maxpacket: 16 [ 206.225894][ T5940] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 206.225925][ T5940] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 206.228659][ T5940] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 206.228685][ T5940] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.228704][ T5940] usb 1-1: Product: syz [ 206.228717][ T5940] usb 1-1: Manufacturer: syz [ 206.228732][ T5940] usb 1-1: SerialNumber: syz [ 206.295944][ T5940] usb 1-1: config 0 descriptor?? [ 206.311553][ T5940] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 206.311589][ T5940] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 206.924911][ T6708] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 206.940516][ T5940] em28xx 1-1:0.0: unknown em28xx chip ID (10) [ 207.117850][ T37] audit: type=1326 audit(1766932816.775:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6932 comm="syz.4.296" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f15dbaaf749 code=0x0 [ 207.878385][ T5940] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 207.878849][ T5940] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 207.878867][ T5940] em28xx 1-1:0.0: No AC97 audio processor [ 207.910831][ T5940] usb 1-1: USB disconnect, device number 8 [ 207.912890][ T5940] em28xx 1-1:0.0: Disconnecting em28xx [ 207.931085][ T5940] em28xx 1-1:0.0: Freeing device [ 208.162863][ T6947] FAULT_INJECTION: forcing a failure. [ 208.162863][ T6947] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 208.162897][ T6947] CPU: 0 UID: 0 PID: 6947 Comm: syz.2.299 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 208.162919][ T6947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 208.162929][ T6947] Call Trace: [ 208.162937][ T6947] [ 208.162944][ T6947] dump_stack_lvl+0xe8/0x150 [ 208.162973][ T6947] should_fail_ex+0x46c/0x600 [ 208.163012][ T6947] _copy_to_user+0x31/0xb0 [ 208.163031][ T6947] simple_read_from_buffer+0xe1/0x170 [ 208.163052][ T6947] proc_fail_nth_read+0x1b6/0x220 [ 208.163078][ T6947] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 208.163104][ T6947] ? rw_verify_area+0x2ac/0x4e0 [ 208.163126][ T6947] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 208.163152][ T6947] vfs_read+0x206/0xa30 [ 208.163185][ T6947] ? __pfx_vfs_read+0x10/0x10 [ 208.163210][ T6947] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 208.163230][ T6947] ? lockdep_hardirqs_on+0x7b/0x110 [ 208.163248][ T6947] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 208.163267][ T6947] ? mutex_lock_nested+0x154/0x1d0 [ 208.163288][ T6947] ? fdget_pos+0x253/0x320 [ 208.163316][ T6947] ksys_read+0x14b/0x260 [ 208.163337][ T6947] ? __pfx_filldir64+0x10/0x10 [ 208.163363][ T6947] ? __pfx_ksys_read+0x10/0x10 [ 208.163398][ T6947] do_syscall_64+0xec/0xf80 [ 208.163416][ T6947] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.163434][ T6947] ? trace_irq_disable+0x37/0x100 [ 208.163452][ T6947] ? clear_bhb_loop+0x60/0xb0 [ 208.163473][ T6947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 208.163489][ T6947] RIP: 0033:0x7f778ef8e15c [ 208.163505][ T6947] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 208.163520][ T6947] RSP: 002b:00007f778d1ee030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 208.163539][ T6947] RAX: ffffffffffffffda RBX: 00007f778f1e5fa0 RCX: 00007f778ef8e15c [ 208.163552][ T6947] RDX: 000000000000000f RSI: 00007f778d1ee0a0 RDI: 0000000000000006 [ 208.163564][ T6947] RBP: 00007f778d1ee090 R08: 0000000000000000 R09: 0000000000000000 [ 208.163576][ T6947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 208.163586][ T6947] R13: 00007f778f1e6038 R14: 00007f778f1e5fa0 R15: 00007ffdfe1737e8 [ 208.163613][ T6947] [ 208.207342][ T6951] netlink: 12 bytes leftover after parsing attributes in process `syz.3.300'. [ 210.225492][ T6708] veth0_vlan: entered promiscuous mode [ 210.248511][ T6708] veth1_vlan: entered promiscuous mode [ 210.301139][ T6708] veth0_macvtap: entered promiscuous mode [ 210.314205][ T6708] veth1_macvtap: entered promiscuous mode [ 210.343264][ T32] block nbd2: Possible stuck request ffff888024c50000: control (read@0,1024B). Runtime 90 seconds [ 210.343309][ T32] block nbd2: Possible stuck request ffff888024c501c0: control (read@1024,1024B). Runtime 90 seconds [ 210.343338][ T32] block nbd2: Possible stuck request ffff888024c50380: control (read@2048,1024B). Runtime 90 seconds [ 210.343366][ T32] block nbd2: Possible stuck request ffff888024c50540: control (read@3072,1024B). Runtime 90 seconds [ 210.345613][ T6708] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 210.411086][ T6708] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 210.459256][ T12] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.472435][ T12] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.472484][ T12] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.472519][ T12] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.580232][ T6978] netlink: 64 bytes leftover after parsing attributes in process `syz.2.310'. [ 210.580265][ T6978] nbd: socks must be embedded in a SOCK_ITEM attr [ 210.627069][ T6980] FAULT_INJECTION: forcing a failure. [ 210.627069][ T6980] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 210.627102][ T6980] CPU: 1 UID: 0 PID: 6980 Comm: syz.0.311 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 210.627125][ T6980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 210.627136][ T6980] Call Trace: [ 210.627144][ T6980] [ 210.627153][ T6980] dump_stack_lvl+0xe8/0x150 [ 210.627181][ T6980] should_fail_ex+0x46c/0x600 [ 210.627210][ T6980] _copy_to_user+0x31/0xb0 [ 210.627231][ T6980] simple_read_from_buffer+0xe1/0x170 [ 210.627257][ T6980] proc_fail_nth_read+0x1b6/0x220 [ 210.627285][ T6980] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 210.627313][ T6980] ? rw_verify_area+0x2ac/0x4e0 [ 210.627337][ T6980] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 210.627364][ T6980] vfs_read+0x206/0xa30 [ 210.627396][ T6980] ? __pfx_vfs_read+0x10/0x10 [ 210.627423][ T6980] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 210.627444][ T6980] ? lockdep_hardirqs_on+0x7b/0x110 [ 210.627462][ T6980] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 210.627481][ T6980] ? mutex_lock_nested+0x154/0x1d0 [ 210.627503][ T6980] ? fdget_pos+0x253/0x320 [ 210.627532][ T6980] ksys_read+0x14b/0x260 [ 210.627563][ T6980] ? __pfx_ksys_read+0x10/0x10 [ 210.627599][ T6980] do_syscall_64+0xec/0xf80 [ 210.627618][ T6980] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.627636][ T6980] ? trace_irq_disable+0x37/0x100 [ 210.627656][ T6980] ? clear_bhb_loop+0x60/0xb0 [ 210.627679][ T6980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 210.627703][ T6980] RIP: 0033:0x7f318e23e15c [ 210.627720][ T6980] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 210.627735][ T6980] RSP: 002b:00007f318c49e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 210.627755][ T6980] RAX: ffffffffffffffda RBX: 00007f318e495fa0 RCX: 00007f318e23e15c [ 210.627769][ T6980] RDX: 000000000000000f RSI: 00007f318c49e0a0 RDI: 0000000000000006 [ 210.627781][ T6980] RBP: 00007f318c49e090 R08: 0000000000000000 R09: 0000000000000000 [ 210.627792][ T6980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 210.627803][ T6980] R13: 00007f318e496038 R14: 00007f318e495fa0 R15: 00007ffecb121a98 [ 210.627835][ T6980] [ 211.099008][ T12] ------------[ cut here ]------------ [ 211.099022][ T12] kernel BUG at net/ipv6/route.c:1473! [ 211.099063][ T12] Oops: invalid opcode: 0000 [#1] SMP KASAN PTI [ 211.099083][ T12] CPU: 1 UID: 0 PID: 12 Comm: kworker/u8:0 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 211.099101][ T12] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/25/2025 [ 211.099111][ T12] Workqueue: wg-kex-wg2 wg_packet_handshake_send_worker SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 211.099136][ T12] RIP: 0010:ip6_pol_route+0x117d/0x1180 [ 211.099160][ T12] Code: 9d f8 e9 f4 fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fb ff ff 48 89 df e8 7e 6e 9d f8 e9 f6 fa ff ff e8 44 37 3b f8 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e [ 211.099174][ T12] RSP: 0018:ffffc900001172e0 EFLAGS: 00010293 [ 211.099187][ T12] RAX: ffffffff898472dc RBX: ffff888126def000 RCX: ffff88801b6bdac0 [ 211.099200][ T12] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 211.099210][ T12] RBP: ffffc900001173f0 R08: ffffe8ffffd9171f R09: 1ffffd1ffffb22e3 [ 211.099222][ T12] R10: dffffc0000000000 R11: fffff91ffffb22e4 R12: ffff88803bccb640 [ 211.099235][ T12] R13: ffffffff898462c2 R14: dffffc0000000000 R15: 0000607ed8fa2718 [ 211.099248][ T12] FS: 0000000000000000(0000) GS:ffff888126def000(0000) knlGS:0000000000000000 [ 211.099262][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 211.099275][ T12] CR2: 00005555939ba5c8 CR3: 000000004c432000 CR4: 00000000003526f0 [ 211.099299][ T12] Call Trace: [ 211.099305][ T12] [ 211.099313][ T12] ? ip6_pol_route+0x162/0x1180 [ 211.099336][ T12] ? __pfx_ip6_pol_route+0x10/0x10 [ 211.099354][ T12] ? __lock_acquire+0x6b6/0x2cf0 [ 211.099378][ T12] ? check_[ 211.099378][ T12] ? check_noncircular+0xda/0x150 [ 211.099406][ T12] fib6_rule_lookup+0x1fc/0x6f0 [ 211.099430][ T12] ? __pfx_ip6_pol_route_output+0x10/0x10 [ 211.099451][ T12] ? __pfx_fib6_rule_lookup+0x10/0x10 [ 211.099475][ T12] ? ip6_route_output_flags+0x2e/0x5d0 [ 211.099498][ T12] ? ip6_route_output_flags+0x2e/0x5d0 [ 211.099525][ T12] ip6_route_output_flags+0x364/0x5d0 [ 211.099547][ T12] ? ip6_route_output_flags+0x2e/0x5d0 [ 211.099570][ T12] ip6_dst_lookup_tail+0x1ae/0x1510 [ 211.099603][ T12] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 211.099622][ T12] ? lockdep_hardirqs_on+0x7b/0x110 [ 211.099639][ T12] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 211.099657][ T12] ? __pfx_ip6_dst_lookup_tail+0x10/0x10 [ 211.099682][ T12] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 211.099706][ T12] ? rt_spin_unlock+0x150/0x200 [ 211.099729][ T12] ? rt_spin_unlock+0x161/0x200 [ 211.099751][ T12] ip6_dst_lookup_flow+0x47/0xe0 [ 211.099776][ T12] ? __pfx_ip6_dst_lookup_flow+0x10/0x10 [ 211.099800][ T12] send6+0x4ce/0x8d0 [ 211.099818][ T12] ? rt_read_lock+0x203/0x490 [ 211.099839][ T12] ? send6+0x220/0x8d0 [ 211.099859][ T12] ? __pfx_send6+0x10/0x10 [ 211.099875][ T12] ? rcu_is_watching+0x15/0xb0 [ 211.099895][ T12] ? __local_bh_disable_ip+0x3c/0x420 [ 211.099917][ T12] ? wg_socket_send_skb_to_peer+0x59/0x200 [ 211.099936][ T12] ? wg_socket_send_skb_to_peer+0x59/0x200 [ 211.099955][ T12] wg_socket_send_skb_to_peer+0x128/0x200 [ 211.099976][ T12] wg_packet_handshake_send_worker+0x1db/0x320 [ 211.099997][ T12] ? __pfx_wg_packet_handshake_send_worker+0x10/0x10 [ 211.100025][ T12] ? process_scheduled_works+0x9ef/0x1770 [ 211.100044][ T12] ? process_scheduled_works+0x9ef/0x1770 [ 211.100064][ T12] process_scheduled_works+0xad1/0x1770 [ 211.100094][ T12] ? __pfx_process_scheduled_works+0x10/0x10 [ 211.100113][ T12] ? do_raw_spin_lock+0x121/0x290 [ 211.100137][ T12] worker_thread+0x8a0/0xda0 [ 211.100166][ T12] kthread+0x711/0x8a0 [ 211.100190][ T12] ? __pfx_worker_thread+0x10/0x10 [ 211.100210][ T12] ? __pfx_kthread+0x10/0x10 [ 211.100230][ T12] ? rt_spin_unlock+0x150/0x200 [ 211.100263][ T12] ? rt_spin_unlock+0x161/0x200 [ 211.100284][ T12] ? __pfx_kthread+0x10/0x10 [ 211.100306][ T12] ret_from_fork+0x510/0xa50 [ 211.100325][ T12] ? __pfx_ret_from_fork+0x10/0x10 [ 211.100342][ T12] ? __switch_to+0xc9e/0x1480 [ 211.100367][ T12] ? __pfx_kthread+0x10/0x10 [ 211.100393][ T12] ret_from_fork_asm+0x1a/0x30 [ 211.100422][ T12] [ 211.100428][ T12] Modules linked in: [ 211.100469][ T12] ---[ end trace 0000000000000000 ]--- [ 211.222578][ T6708] ieee80211 phy19: Selected rate control algorithm 'minstrel_ht' [ 211.273052][ T12] RIP: 0010:ip6_pol_route+0x117d/0x1180 [ 211.273087][ T12] Code: 9d f8 e9 f4 fa ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c 03 fb ff ff 48 89 df e8 7e 6e 9d f8 e9 f6 fa ff ff e8 44 37 3b f8 90 <0f> 0b 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e [ 211.273101][ T12] RSP: 0018:ffffc900001172e0 EFLAGS: 00010293 [ 211.273119][ T12] RAX: ffffffff898472dc RBX: ffff888126def000 RCX: ffff88801b6bdac0 [ 211.273134][ T12] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 211.273145][ T12] RBP: ffffc900001173f0 R08: ffffe8ffffd9171f R09: 1ffffd1ffffb22e3 [ 211.273157][ T12] R10: dffffc0000000000 R11: fffff91ffffb22e4 R12: ffff88803bccb640 [ 211.273171][ T12] R13: ffffffff898462c2 R14: dffffc0000000000 R15: 0000607ed8fa2718 [ 211.273183][ T12] FS: 0000000000000000(0000) GS:ffff888126def000(0000) knlGS:0000000000000000 [ 211.273198][ T12] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 211.273209][ T12] CR2: 00007f778fd156c0 CR3: 0000000027b12000 CR4: 00000000003526f0 [ 211.273229][ T12] Kernel panic - not syncing: Fatal exception in interrupt [ 211.273609][ T12] Kernel Offset: disabled