last executing test programs: 5m46.127968657s ago: executing program 3 (id=2748): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$kcm(0x21, 0x2, 0x2) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="18000000000000001001000001"], 0x18}, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x107, 0x14, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$binfmt_register(0xffffffffffffffff, 0x0, 0x0) flock(0xffffffffffffffff, 0x2) mount_setattr(0xffffffffffffffff, &(0x7f0000000380)='./file0\x00', 0x9800, &(0x7f0000000580)={0x100003, 0x1, 0x180000}, 0x20) getpeername$qrtr(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x1000000000, 0x7, 0xfa11, 0xffffffff}, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="fc00000019000100000000000000000000000000000000000000000000000000fc01000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000010000000000000000000000000000000b93760000000000000000000000000000000000000000000200000000000000010000000000000044000500ac141400000000000000000000000000000000003c00000000000000000000000000000000000000000000000000000001"], 0xfc}, 0x1, 0x0, 0x0, 0x24008040}, 0x20040000) sendmsg$nl_xfrm(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="c400000019000100fcffffff00000000ac14142c000000000000000000000000fe8000000000000000000000000000aa4e2200004e2400000a000060000000006ad85c5eb0d459af252f4c763dd639a87c18ccabc252069a64ea01edd2643f7ce2302c4d849346f819f47ab95f021ec4546c903c9b", @ANYRESOCT=r5], 0xc4}}, 0x8044) keyctl$KEYCTL_CAPABILITIES(0x1f, &(0x7f0000000000)=""/2, 0x2) sendto$inet6(r4, &(0x7f0000000240)="8a", 0x1, 0x51, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x20000080) bpf$MAP_DELETE_ELEM(0x3, &(0x7f0000000080)={0xffffffffffffffff, &(0x7f0000000040)="ca6ab0"}, 0x20) sendmsg$kcm(r1, &(0x7f0000000140)={&(0x7f0000000440)=@rxrpc=@in6={0x21, 0x4, 0x2, 0x1c, {0xa, 0x4e22, 0xddd, @mcast1, 0x7}}, 0x80, 0x0, 0x0, &(0x7f00000005c0)=ANY=[], 0x10b8}, 0x20000000) sendmsg$kcm(r1, &(0x7f0000000100)={&(0x7f0000000080)=@rxrpc=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e22, @dev={0xac, 0x14, 0x14, 0x23}}}, 0x80, 0x0, 0x0, &(0x7f0000001a00)=ANY=[], 0x10b8}, 0x0) openat$dsp(0xffffffffffffff9c, 0x0, 0x42, 0x0) sendmsg$IPSET_CMD_CREATE(r0, 0x0, 0x0) syz_emit_ethernet(0x82, &(0x7f0000000400)=ANY=[@ANYBLOB="fffffffffffe8eff80ec003108004570007400000000000190780a010101ac1414aa0400907800000000460000000000000000110000ffffffff000000000186400000000000109e0cec69d2dae06de9173b3f60c80005f34629000b3033a70f1c0f9d1bfd000a3aba454f6dc54cc6000bdebbd3e9f1fdeefc2c"], 0x0) 5m44.014595667s ago: executing program 3 (id=2753): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x150, 0x1a, 0x713, 0x0, 0x25dfdbfc, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x4e21, 0x2, 0x2, 0x0, 0x0, 0x3b, 0x0, 0xee00}, {@in6=@private1, 0xfe, 0x32}, @in6=@dev={0xfe, 0x80, '\x00', 0x1b}, {0xffffffffffffffff, 0x0, 0x0, 0x8, 0xffffffffffffffff, 0x2000000000000000, 0x0, 0x543}, {0x4, 0x7fffffffffffffff}, {0x0, 0x0, 0x3}, 0x70bd28, 0x3500, 0xa, 0x4}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "217d66d38547aa140db8a200000000c538c7cb7a"}}]}, 0x150}, 0x1, 0x0, 0x0, 0x880}, 0x0) 5m43.758820013s ago: executing program 3 (id=2756): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x80, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffc}, 0x0) r5 = socket(0x10, 0x2, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x13, 0xc, &(0x7f0000000380)=ANY=[@ANYBLOB="b67cbbec5102eb1971bff5f530e2d88ec21f3fd29f17849707a2e95f59a7ed8ec2ec92c2cf182c3535", @ANYRES64=r5, @ANYRESDEC=r2, @ANYRESOCT=r4, @ANYRESHEX=r4, @ANYRESOCT=r2, @ANYRES32=r3, @ANYRES16=r4, @ANYRES8=r4, @ANYRESHEX=r3], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x14, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r6 = socket(0xa, 0x5, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r6, 0x84, 0x64, &(0x7f0000000200)=[@in6={0xa, 0x4e24, 0x4, @loopback}], 0x1c) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r5, 0x84, 0x73, &(0x7f0000000000)={0x0, 0x9, 0x0, 0x3000000000, 0xf}, &(0x7f0000000240)=0x18) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000002700)={0x0, 0x0, &(0x7f00000005c0), 0x0, 0x0, 0x0, 0x10004800}, 0xc000) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r10 = dup(r9) ioctl$KVM_SET_USER_MEMORY_REGION(r9, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r11 = ioctl$KVM_CREATE_VCPU(r10, 0xae41, 0x0) openat$vsock(0xffffffffffffff9c, &(0x7f00000005c0), 0x80000, 0x0) syz_kvm_setup_cpu$x86(r10, r11, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000600)="990f01c466b80a0000000f23c00f21f86635030007000f23f8f3a766b9800000c00f326635008000000f30f30f012ff02843040f78e3fc0f68c9", 0x3a}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r9, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r11, 0xae80, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r5, 0x84, 0x71, &(0x7f0000000280)={r7, 0x40}, &(0x7f00000002c0)=0x8) setsockopt$inet_sctp_SCTP_MAXSEG(r6, 0x84, 0xd, &(0x7f0000000080)=@assoc_id=r12, 0x4) setsockopt$inet6_IPV6_DSTOPTS(r6, 0x29, 0x3b, &(0x7f0000000480)=ANY=[@ANYBLOB="211d00000000000007e6"], 0xf0) sendto$inet6(r6, &(0x7f0000000040)="00d8", 0x20a00, 0x44004, &(0x7f0000000100)={0xa, 0x4e24, 0xb, @loopback, 0xc5f}, 0x1c) setsockopt$IP_VS_SO_SET_DEL(r1, 0x0, 0x484, &(0x7f0000001280)={0x20000000000084, @remote, 0x0, 0x0, 'rr\x00'}, 0x2c) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x530, 0x0, 0x18c, 0x203, 0x0, 0x19030000, 0x460, 0x2e0, 0x2e0, 0x460, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x2d8, 0x320, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{0x2000, 0x0, 0x8, 0x2000000}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8}, {}, {0x0, 0x0, 0x0, 0xe}, {0x0, 0x0, 0x0, 0x3}, {0x0, 0x0, 0x3}, {0x2, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x8}, {}, {0x16}, {0x0, 0xff}, {}, {0x7}, {0x0, 0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0x101}, {}, {0x0, 0x0, 0x5}, {}, {0x0, 0x0, 0x0, 0x9}, {0xfffc, 0x0, 0x0, 0x10}, {}, {0xfffe}, {}, {}, {}, {0xfffe, 0xfb}, {}, {0x7a04}, {}, {}, {0x20, 0x6}, {}, {}, {}, {0x0, 0x0, 0x0, 0x800}, {}, {0xb8c, 0x0, 0x0, 0xf00}, {0x0, 0x1, 0x0, 0x3}, {0x3}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {}, {0x0, 0xfd}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffd}, {}, {0x0, 0xb}, {0x4, 0x2}]}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0x2, 'syz0\x00', {0x8001}}}}, {{@uncond, 0x0, 0xf8, 0x140, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @inet=@rpfilter={{0x28}, {0xd}}]}, @common=@unspec=@IDLETIMER={0x48, 'IDLETIMER\x00', 0x0, {0xb, 'syz1\x00', {0x6c8}}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x590) 5m40.779654573s ago: executing program 3 (id=2764): timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r2 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x404, &(0x7f0000002140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}) move_mount(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', r2, &(0x7f0000000100)='./file0\x00', 0x1) prctl$PR_GET_NAME(0x10, &(0x7f0000000000)=""/83) timer_create(0x0, &(0x7f0000000200)={0x0, 0x21, 0x2, @tid=0xffffffffffffffff}, &(0x7f0000000300)) (async) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) (async) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) (async) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) (async) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) (async) syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) (async) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (async) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) (async) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) (async) move_mount(r2, 0x0, 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x226) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) (async) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) (async) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x404, &(0x7f0000002140)={{'fd', 0x3d, r4}, 0x2c, {'rootmode', 0x3d, 0x4000}}) (async) move_mount(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', r2, &(0x7f0000000100)='./file0\x00', 0x1) (async) prctl$PR_GET_NAME(0x10, &(0x7f0000000000)=""/83) (async) 5m40.416310089s ago: executing program 3 (id=2769): r0 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYRESDEC=r0, @ANYRESDEC=r0], 0x0) (async) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYRESDEC=r0, @ANYRESDEC=r0], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$hid(r1, &(0x7f0000000280)={0x24, 0x0, 0x0, &(0x7f00000001c0)={0x0, 0x22, 0xf, {[@local=@item_4={0x3, 0x2, 0x0, "2e2b5aa4"}, @local=@item_4={0x3, 0x2, 0x0, "f85edaca"}, @main=@item_4={0x3, 0x0, 0x8}]}}, 0x0}, 0x0) r2 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) ioctl$HIDIOCGUSAGE(r2, 0xc018480b, &(0x7f0000000040)={0x1, 0xffffffff, 0x6f94, 0x5, 0xa45a2b2e, 0x7fff}) (async) ioctl$HIDIOCGUSAGE(r2, 0xc018480b, &(0x7f0000000040)={0x1, 0xffffffff, 0x6f94, 0x5, 0xa45a2b2e, 0x7fff}) 5m39.540675925s ago: executing program 3 (id=2771): r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad342e87ed63595e043a81fa36feb0f49bca508854", @ANYRESDEC, @ANYBLOB="40ef35a971d35097635122028eb919802534a9e95b3ca94bf84415370e72798ba993e10be6a82eee4caa011b2c213a3a032f32435692c0ba1dc1f06b1de6bc83e6d684a1f35c", @ANYRESOCT]) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80015500, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 5m38.452642065s ago: executing program 32 (id=2771): r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) mount$fuse(0x0, 0x0, 0x0, 0xa02002, &(0x7f00000004c0)=ANY=[@ANYBLOB="66643dc6953bd340e3272b71d8f75d2e259bf1b1641dbb07e599bb12e499abcbe83cb20c3beb0dfa38c10e940b6828039ec26a486cc445322e0a22037201a9aafdefaad479199cd361137641824dfeb422ab103c6a236f4c9ae516aaf718425b7cbf0a21a98a672989ebb66211460e26e8d8f0a8338d62ea54b8dbc1492deefab8989d8802bb1b8c5d61349a79922cad342e87ed63595e043a81fa36feb0f49bca508854", @ANYRESDEC, @ANYBLOB="40ef35a971d35097635122028eb919802534a9e95b3ca94bf84415370e72798ba993e10be6a82eee4caa011b2c213a3a032f32435692c0ba1dc1f06b1de6bc83e6d684a1f35c", @ANYRESOCT]) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80015500, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 13.435484752s ago: executing program 4 (id=4019): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000fc0)={&(0x7f0000000600)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010014000000000000000200e70308000300", @ANYRES32=r2, @ANYBLOB="0c00990000000000000000000800a000ea15000008009f000b000000080026000816"], 0x40}}, 0x0) 13.024509224s ago: executing program 4 (id=4022): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4000000) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x5, 0x8, 0x0, 0xb}, 0x0) io_uring_setup(0x664c, &(0x7f0000000500)) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a58000000060a010400000000000000000a0000010900010073797a31000000002c0004802800018007000100637400001c00028005000300011000000800024000000013080001400000000909"], 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) syz_emit_ethernet(0x66, &(0x7f0000000180)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "a24b9f", 0x30, 0x2b, 0x0, @remote, @local, {[@routing={0x3a, 0x2, 0x2, 0x1, 0x0, [@mcast1]}], {0x4e22, 0x0, 0x18, 0x0, @wg=@data}}}}}}, 0x0) socket$kcm(0x29, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x2, 0x1, 0x0) r2 = socket$qrtr(0x2a, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000600)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000040], 0x0, 0x0, &(0x7f0000000040)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x108) 9.730734741s ago: executing program 4 (id=4029): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000440)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000080)="2e00000010008188040f46ecdb4cb9cca7480ef43c000000e3bd6efb440009000e000a0010000000ba8000001201", 0x2e}], 0x1}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="01002ebd700e000000001400000018000180140002006e657464657673696d30000000000000050019000000000308001500f1ffff01050018"], 0x44}}, 0x0) socket$netlink(0x10, 0x3, 0x12) socket(0x2a, 0x2, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) ptrace$poke(0x4, 0xffffffffffffffff, &(0x7f00000000c0), 0x4) socket$key(0xf, 0x3, 0x2) socket$pppl2tp(0x18, 0x1, 0x1) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r5, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) sendmsg$sock(r0, &(0x7f00000003c0)={&(0x7f0000000140)=@ieee802154={0x24, @none={0x0, 0x2}}, 0x80, &(0x7f0000000700)=[{&(0x7f00000004c0)="c5a0eb5618e37a3a6e8b53576f068cf7307ae267cdf7afce9adef95f04603fefaf3f85b0397d33fdae8c0aa09421b5f313cc4980bd4b3c2019f9420ecb77633452113e39374fece91662387f2d164773d4e897d1d336789901", 0x59}, {&(0x7f0000000580)="bb89d2467f807313de5c65f2704e227828ff6bdc80f112c4234a13f465b4924932eb1e21ecfe5f49ea92c82787cf37197add41eddc511eb915041cf02c897aa15f06336f0fbf18975a0f4b23aea6effbe93426ec978c3376b8fb7cd7de71a3e53409c3bb481584510b69fdc0cdeba6b3ed45cb0f508b1e4b8be94009a36aff767eedf590228025932c96a2dd9900db461918439e0c933a9c45fd2f146bb006d01cead0b723bc60e863cae5cbeead4177cc7faf6f9eaad11d2b50e728d14e1b66fed543", 0xc3}, {&(0x7f0000000200)="554926982a4f595eaed886c1c491920d1e8ea0b0c9583562074df19ef9051f76b0756de1", 0x24}, {&(0x7f0000000680)="519271e8423fbca53201754fdf6074ee8d37f71056745b232c355e4c72c0dcbbe5661bc612b94ac36211e85f985bbf99a7c594408dd439ab2771481e21aad128596671a5cd25f7712c5121b777626bb325249f1260f7a36bdf20fdab6ab2307c076d44b46984e930dad3b606", 0x6c}, {&(0x7f0000000280)="5f33946b9e1607408eaf856e8248706b81b8121afae86bcf212fb991ee79", 0x1e}], 0x5, &(0x7f0000000780)=[@timestamping={{0x14, 0x1, 0x25, 0x5}}, @timestamping={{0x14, 0x1, 0x25, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x4}}, @txtime={{0x18}}, @mark={{0x14, 0x1, 0x24, 0x1}}], 0x78}, 0x20000000) setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffc, 0x0, 0x6}, {0x0, 0x0, 0x400000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x0, 0x32}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0xb7, 0x2, 0xfffffffe}}, 0xe8) sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x1c) 8.502347157s ago: executing program 1 (id=4032): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x1, 0x4, &(0x7f0000000580)=ANY=[@ANYBLOB="18010000000000000000000000000000850000007a00000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, 0x94) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$sock_attach_bpf(r2, 0x1, 0x32, &(0x7f0000000080)=r1, 0x4) sendmmsg$inet6(r0, &(0x7f0000000580)=[{{&(0x7f00000001c0)={0xa, 0x4e21, 0x0, @local, 0x9}, 0x1c, 0x0, 0x0, &(0x7f00000020c0)=ANY=[@ANYBLOB="38020000000000002900000036000000004300000000000004013f040100c910ff010000000000000000000000000001c910fc0000000000000000000000000000000001000740000000000e07010101000000010000000200000000000000000000000000000001000000010000002000000000000000ffffffff00000000ffffffffffffff7f06aeb07c1c192077cc9e7c45705803ad5588ca8b194d23f748fe792cfa3d32221f25d73b8ffe64a4ddda6efcfb7483b588194d29c7a04395d8500965a9a1d07879040c44db1d5d6f618d2ab920f0bf168ddc9acc6a51edd1230760d4ae8bf30f5f82a78e8114849ee8e37364560400000035bfa8197ef2ba99103ee5f5aae28ec5c8e2675db11530f5c466d55f2244d479dc653c854406155eada3eaeb90d39149b8d13bab75a9bd1452c8c76284b9ddfbeff41344e64f1771d78a706e1c5a6d63f1c954e24a1e73f75c26e9f09ec9b606cc3470f11c4842db651926bd2263a4a0a8fe80de8b2f9cb176e51819d5f4d10a5d1f0488d5e46953fbfd750f6137fbebe89a8d462158a87f9622355104b4f68d7a6d3ad85c373ea52a25afad37ffb743a5c361158087904b09fcc806d032bac00ee0e0251fc032446e45a3e12417ff4703526ffc45f71567857777927903799e0ba453334186009d22e38099c67b5350c7e82136bba947a18fb61d36fcba1f9efe3d79485d06252702833dc8ee417f40bb9064878fb89dd75a49135e5df148c4ad1e1d5626b44c8112d822f4c9a05e693fd5ae5595627f8684016b37a2bf6d0040030000000000002900000037000000006500000000000000fb1a63687c244e6df3aecb13d6eb957495b669cc032f6d0a11a5e16eed9937b046c9dc1a61dcf9754b767df4735c3f8c37b4d5cd15a99c5a19cc62c921ad4e90d6e3695ec1891223a53600d5031b5735acafb556e22279975f958ad437c76573e544506e58455772eb11493af933099a5dc7e9e0c8b907e68e23e59d7b94bc774309e2047132758b60955301f277a9032b0bc47e660b243e9e2126733f13ab99055a0999068ada35a38d105a5efe6c7115774effe28695ecae3944413b7764eefde26ed571d857b2cb2dd1b2a4a84c1fec0799cf90f57f7a6d35e2b60cd425b9372ae4a27f453e5d7da2eacd3b98cdb10cec9152d5829c2511eb0f9600a0cd280f3d08849b6cd43d25e3dcd62f7c7dee6123a2682daf4aa9a856b31e9204c5c2b80b84dbeec05d93a64a550f1ebc326488cd620c6fe1aa266a0ce5b24be03b5037786e037cc85ed61f362e081fb694e12e54fcb9eb0f86d6d91fd159023a073278f84d6ada8f9aa25ec223d268f3291b25392c941740932bd1a82f40a8fc586db23d2f6240ce883e3c1dc1e0d07fc3aa73a9ac82a1538d129c9e66cb6a8100abe95bc4064581e8c01ce65ba3ea751db5d8c0a1173fe62b2fd2d415042a97ade4d274a466b6d997eed6bf5d7a305ead804c36b9e1c314b26676ed83412417610d3cf4d07e5b24cf3de9c790ae93850e0f8bba047b710cf340c78a80cef5f6665a647681ff5f7b6ecce8ab65e26406b6a6e0e72ff8501c545bffc00f034dc3a5b251390ae68bb61d936dc9a24e6f66c72e7911c51c716dfd4304566fb32e6c2745d232f990d0bbe0ddf9dc58398dda292c07b16da766a37c60bd9993b4f21e641036a8afa2ccdb47d7990d5a007faccb2f86664179f2e229723bce870aec3f7f4e529c92add713590ce6c0ea1a0499fb76d32636cfd18b6b39fb48f1a6d46f6ae8f45c47ee8260f9531070d170ab92739be0bdf5b76f8a9b93a5e550dfecab79d2e46085a67024b6be883c79ade2873458fda5a7f4eb62b05634356ee3b45723f4cff19c654ad441ff5b8792df7f18d841c351e195151b1b3532e742a6525c86efdb29653f35ce8e0a41c8c6d39f39531e13aeb1172893eeedd83b6afb939f8e6abc5482696aa48918000000000000002900000037"], 0x590}}, {{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f00000002c0)="1a6f9f325e43651aba66512fb11276f4a52c2c8229451ca504361f51dcc556214359159912c3a0ad01a198", 0x2b}], 0x1}}], 0x2, 0x8008801) sendmmsg$inet6(r0, &(0x7f0000001240)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000a80)="4117", 0x2}], 0x1}}], 0x1, 0x3000000) 8.375281768s ago: executing program 1 (id=4033): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$inet6(0xa, 0x3, 0x84) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f00000006c0)={{{@in=@multicast2, @in=@private=0xa010102, 0x0, 0x0, 0x4620, 0x200, 0x2}, {0x0, 0x0, 0x0, 0x2, 0x8001, 0x100000}, {0xfffffffffffffffd}, 0x0, 0x1, 0x1}, {{@in6=@private2, 0x4d6, 0x3c}, 0xa, @in6=@private2, 0x0, 0x1, 0x0, 0x0, 0x0, 0xffffffff}}, 0xe8) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @dev}}, 0x1c) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000240)={0x1b, 0x0, 0x0, 0x7, 0x0, 0x1, 0x2, '\x00', 0x0, 0xffffffffffffffff, 0x3, 0x4, 0x2}, 0x50) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x39) fcntl$getownex(r2, 0x10, &(0x7f0000000180)={0x0, 0x0}) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r6, &(0x7f0000000300)={0x11, 0x0, r7, 0x1, 0x0, 0x6, @remote}, 0x14) bind$packet(r6, &(0x7f00000007c0)={0x11, 0x0, r7, 0x1, 0xf, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, 0x14) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r9, &(0x7f0000003580)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000380)="a1", 0x1}], 0x1, &(0x7f0000000800)=ANY=[@ANYBLOB="14000000000000000100000001000000", @ANYRES32=r8, @ANYBLOB="0000000014"], 0x30, 0x40400d1}}], 0x1, 0x810) pipe(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r8, 0x0, r10, 0x0, 0xa85, 0xf) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f00000002c0)={r5, r10, 0x0, 0x8, &(0x7f0000000200)='syz_tun\x00'}, 0x30) r11 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x2) ioctl$KVM_SET_VCPU_EVENTS(r11, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x10, 0x2, 0xb6, '\x00', 0x2}) ioctl$KVM_SET_MSRS(r11, 0x4008ae89, &(0x7f00000004c0)={0x1, 0x0, [{0x40000070, 0x0, 0x6}]}) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f00000001c0)='syz_tun\x00', 0x10) bind$inet6(r0, &(0x7f00000001c0)={0xa, 0x8000002, 0x0, @mcast2}, 0x50) syz_emit_ethernet(0x66, &(0x7f0000000600)=ANY=[@ANYBLOB="bbbbbbbbbbbb0180c200000086dd6002adf700303a00fe880000000000000000000000000001ff020000000000000000000000000001020090780000000060fd906300003a00ff01000000000000000000000000000100000000000000000000ffffac1414aa5a128dcc39750b444e94d1c412855f0726bc4dcf5869eccce0460d5941352c37f0af6328d4be1634e69424fd77966d1156cdd2a952fb1e958f38d5ee11a05306e55d903938d691750fe55ab023b74af4cca844e1c89320ba0ca056f5b7c3d7e18f63ceb1f4d276c81bd8e16ac0fd3a10dee4aa4a1ee181ca68a75359b7835bb24c9fdc70f8849d63c10257761600d13cd6c92e2d9ed07b64deccdb46ddee31499a0293e10596"], 0x0) r12 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r12, 0x8008f512, &(0x7f0000000000)) socket$inet_sctp(0x2, 0x1, 0x84) syz_usb_connect(0x0, 0x24, &(0x7f00000006c0)={{0x12, 0x1, 0x0, 0x8f, 0x2, 0x53, 0x40, 0xc45, 0x8003, 0xd6bb, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x6e, 0xe4, 0x4e}}]}}]}}, 0x0) 7.59636031s ago: executing program 2 (id=4034): r0 = syz_io_uring_setup(0x49a, &(0x7f0000000480)={0x0, 0x2535, 0x3180, 0x8000, 0x400250}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) unshare(0x25040200) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0x7, &(0x7f0000000100)={0x0, 0x989680}, 0x1, 0x4, 0x1}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000020303000000000000000000000000100800e079c8a57af21e83c46b000b00"/46], 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0x94f7cfd7d57de2ec}, 0x0) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) write$dsp(r4, &(0x7f00000001c0)='\\', 0x1) r5 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380)={0x4a000, 0x82}, 0x18) r6 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x6766, 0x40, 0x3}, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x5e2, &(0x7f0000000600)={0x0, 0x0, 0x864, 0x0, 0x0, 0x0, r6}, 0x0, 0x0) readlinkat(r5, &(0x7f0000000400)='./file0\x00', &(0x7f0000000900)=""/4096, 0x1000) syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) r7 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x3, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r7, 0xc0884113, &(0x7f0000000240)={0x1, 0x1fffffe, 0x0, 0x0, 0x8000000000000004, 0x80000000, 0xfffdfffffffffffb, 0x6, 0x0, 0x1000000000003, 0xfffffffd, 0x1}) r8 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x80) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r8, 0xc2604110, &(0x7f0000000680)={0x0, [[0x5, 0xb, 0x9, 0x1, 0xfffffff5, 0x0, 0x0, 0x1], [0x4, 0x100000, 0x0, 0x401, 0x0, 0x0, 0x0, 0x8], [0x100091, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffe]], '\x00', [{0x0, 0x4}, {}, {0x4}, {}, {}, {0x8}, {}, {}, {}, {0xb}, {0x2, 0xf7b8}, {0x0, 0x4}], '\x00', 0x1}) io_uring_enter(r0, 0x627, 0xc1040000, 0x43, 0x0, 0x0) 7.003091103s ago: executing program 1 (id=4035): getsockopt$inet_sctp6_SCTP_RECVRCVINFO(0xffffffffffffffff, 0x84, 0x20, &(0x7f0000000100), &(0x7f0000000140)=0x4) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni-avx2\x00'}, 0x58) accept4(r0, 0x0, 0x0, 0x800) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) (fail_nth: 6) 6.914946856s ago: executing program 2 (id=4036): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x7c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xd}, @NFTA_SET_EXPRESSIONS={0x38, 0x12, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @limit={{0xa}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_LIMIT_RATE={0xc, 0x1, 0x1, 0x0, 0xfffffffffffffffd}, @NFTA_LIMIT_UNIT={0xc, 0x2, 0x1, 0x0, 0x1000}, @NFTA_LIMIT_BURST={0x8, 0x3, 0x1, 0x0, 0x7ff}]}}}]}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x110}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xc4}, 0x1, 0x0, 0x200000000000000}, 0x20050800) 6.620334599s ago: executing program 5 (id=4037): socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) r3 = accept$alg(r2, 0x0, 0x0) add_key$user(&(0x7f00000003c0), 0x0, 0x0, 0x0, 0xfffffffffffffffd) sendmsg$alg(r3, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[@iv={0x38, 0x117, 0x2, 0x1d, "a3c97958821c88833b9be14acb1f6f32884228903a7a7ae22b5041bc56"}], 0x38, 0xc040}, 0x0) write$binfmt_script(r3, &(0x7f0000000600), 0xfec8) recvmmsg(r3, &(0x7f0000000640)=[{{0x0, 0x37, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0xc8}], 0x1, 0x0, 0x0, 0x2000000}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000009c0)=""/4096, 0x1000}], 0x1}, 0x80000000}], 0x2, 0xcb, 0x0) 6.620117943s ago: executing program 1 (id=4038): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000c80)=ANY=[@ANYBLOB="5c000000090601080000000000000000070007000900020073797a3100f0ff000500010007000000340007801800018014000240fe800000004f0000000000bb060004400e1f000005"], 0x5c}, 0x1, 0x0, 0x0, 0x10000042}, 0x90) 6.507278526s ago: executing program 4 (id=4039): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x4000000) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x5, 0x8, 0x0, 0xb}, 0x0) io_uring_setup(0x664c, &(0x7f0000000500)) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a58000000060a010400000000000000000a0000010900010073797a31000000002c0004802800018007000100637400001c00028005000300011000000800024000000013080001400000000909"], 0x80}, 0x1, 0x0, 0x0, 0x4008091}, 0x24000000) syz_emit_ethernet(0x66, &(0x7f0000000180)={@local, @empty, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "a24b9f", 0x30, 0x2b, 0x0, @remote, @local, {[@routing={0x3a, 0x2, 0x2, 0x1, 0x0, [@mcast1]}], {0x4e22, 0x0, 0x18, 0x0, @wg=@data}}}}}}, 0x0) socket$kcm(0x29, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) socket$kcm(0x2, 0x1, 0x0) r2 = socket$qrtr(0x2a, 0x2, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r3, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000011}, 0x0) r4 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r4, 0x0, 0x80, &(0x7f0000000600)=@broute={'broute\x00', 0x20, 0x0, 0x90, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200000000040], 0x0, 0x0, &(0x7f0000000040)=[{0x0, '\x00', 0x0, 0xffffffffffffffff}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}]}, 0x108) 6.304172234s ago: executing program 2 (id=4041): modify_ldt$write(0x1, &(0x7f0000000000)={0x3fd, 0xffffffffffffffff, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), r2) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c657230"], 0x38}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) r4 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x100, 0x0) close(r4) r5 = socket$unix(0x1, 0x1, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000880)=@newqdisc={0x80, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x8000000, {0x0, 0x0, 0x0, r7, {0x0, 0xb}, {0xffff, 0xffff}, {0xfff2}}, [@qdisc_kind_options=@q_sfb={{0x8}, {0x2c, 0x2, @TCA_SFB_PARMS={0x28, 0x1, {0xffffffff, 0x400, 0x7fff, 0x9, 0x4, 0x0, 0x0, 0x70d0db32, 0x8}}}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x2, 0x4, 0x1ff, 0xffff, 0x1, 0x401, 0x4, 0x1}}, {0x6, 0x2, [0xac86]}}]}]}, 0x80}, 0x1, 0x0, 0x0, 0x20000001}, 0x4040010) ioctl$SIOCSIFHWADDR(r4, 0x8922, &(0x7f0000002280)={'syzkaller0\x00', @random="2b0100004ec6"}) r8 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r8, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f00000004c0)={'erspan0\x00', 0x0}) sendto$packet(r8, &(0x7f0000000180)="0b041400e0ffe2ff02004788001ca13bb100000208007f604803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r10}, 0x14) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) syz_clone(0x640c7400, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xfff000)=nil, 0xfff002, 0x0, 0x2000000000032, 0xffffffffffffffff, 0x0) 6.303806894s ago: executing program 1 (id=4042): openat$mixer(0xffffffffffffff9c, &(0x7f00000018c0), 0x0, 0x0) r0 = socket$inet_sctp(0x2, 0x1, 0x84) listen(r0, 0xda90) accept4(r0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8b0f, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020bd2894000000000000010902"], 0x0) syz_open_dev$sndctrl(&(0x7f0000000040), 0x2, 0x0) socket(0x10, 0x80002, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000002100)='/proc/bus/input/devices\x00', 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002ef1c0000001f00000006000100fe0f000008000500", @ANYRES32=r4, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 5.885649635s ago: executing program 0 (id=4044): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="180000002d00090027bd7000001000040400000004001d"], 0x18}, 0x1, 0x0, 0x0, 0x42804}, 0x84) 4.984276193s ago: executing program 0 (id=4045): openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) syz_mount_image$fuse(0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket(0x2a, 0x80000, 0x20003) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x14, 0x82d, 0x9, 0x70bd27, 0x25dfdbfe, {0x5}}, 0x14}}, 0x84) ioctl$sock_inet_tcp_SIOCOUTQ(r0, 0x5411, 0x0) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), r3) sendmsg$TIPC_CMD_SHOW_LINK_STATS(r3, &(0x7f0000003680)={0x0, 0x0, &(0x7f0000003640)={&(0x7f0000000100)={0x30, r5, 0x1, 0x70bd2d, 0x25dfdbff, {{}, {}, {0x14, 0x14, 'broadcast-link\x00'}}}, 0x30}, 0x1, 0x0, 0x0, 0x4000040}, 0x20000004) stat(&(0x7f0000000100)='./file0\x00', &(0x7f0000000140)) openat$fuse(0xffffff9c, &(0x7f00000000c0), 0x2, 0x0) fsopen(&(0x7f00000001c0)='ocfs2_dlmfs\x00', 0x1) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000000)={0x1, 0x2, 0x9113, 0xfffffff5}) sendmmsg$alg(0xffffffffffffffff, &(0x7f00000004c0)=[{0x0, 0x0, &(0x7f0000001400), 0x0, 0x0, 0x0, 0x4000800}, {0x0, 0x0, &(0x7f0000000440), 0x0, 0x0, 0x0, 0x20000000}], 0x2, 0x4004) sendmmsg(0xffffffffffffffff, &(0x7f0000002340), 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000a40), 0x1, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000002580)) 4.973810539s ago: executing program 2 (id=4046): r0 = syz_io_uring_setup(0x49a, &(0x7f0000000480)={0x0, 0x2535, 0x3180, 0x8000, 0x400250}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) unshare(0x25040200) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f00000002c0)=@IORING_OP_TIMEOUT={0xb, 0x11, 0x0, 0x0, 0x7, &(0x7f0000000100)={0x0, 0x989680}, 0x1, 0x4, 0x1}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)=ANY=[@ANYBLOB="1c000000020303000000000000000000000000100800e079c8a57af21e83c46b000b00"/46], 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000003c0)={0x0}, 0x1, 0x0, 0x0, 0x94f7cfd7d57de2ec}, 0x0) r4 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x8041, 0x0) write$dsp(r4, &(0x7f00000001c0)='\\', 0x1) r5 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000380)={0x4a000, 0x82}, 0x18) r6 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x6766, 0x40, 0x3}, &(0x7f0000000180), &(0x7f00000001c0)) syz_io_uring_setup(0x5e2, &(0x7f0000000600)={0x0, 0x0, 0x864, 0x0, 0x0, 0x0, r6}, 0x0, 0x0) readlinkat(r5, &(0x7f0000000400)='./file0\x00', &(0x7f0000000900)=""/4096, 0x1000) syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) r7 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x3, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(r7, 0xc0884113, &(0x7f0000000240)={0x1, 0x1fffffe, 0x0, 0x0, 0x8000000000000004, 0x80000000, 0xfffdfffffffffffb, 0x6, 0x0, 0x1000000000003, 0xfffffffd, 0x1}) r8 = syz_open_dev$sndpcmc(&(0x7f0000000180), 0x0, 0x80) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r8, 0xc2604110, &(0x7f0000000680)={0x0, [[0x5, 0xb, 0x9, 0x1, 0xfffffff5, 0x0, 0x0, 0x1], [0x4, 0x100000, 0x0, 0x401, 0x0, 0x0, 0x0, 0x8], [0x100091, 0x4, 0x0, 0x0, 0xfffffffe, 0x0, 0xfffffffe]], '\x00', [{0x0, 0x4}, {}, {0x4}, {}, {}, {0x8}, {}, {}, {}, {0xb}, {0x2, 0xf7b8}, {0x0, 0x4}], '\x00', 0x1}) io_uring_enter(r0, 0x627, 0xc1040000, 0x43, 0x0, 0x0) 4.725423756s ago: executing program 4 (id=4047): syz_usb_connect(0x3, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000538acc089c0e00001e5b0102030109", @ANYRES64], 0x0) r0 = socket(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="700200001300290a000000000000000007000000", @ANYRES32=r2, @ANYBLOB="000000000000000010010c"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) sendmmsg(r0, &(0x7f0000000000), 0x400000000000235, 0x0) 4.553927263s ago: executing program 5 (id=4048): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000002c0)=ANY=[@ANYBLOB="940000001000ffff2abd7000fedbdf2500000000", @ANYRES32=0x0, @ANYRES32=r0, @ANYRES32=r0, @ANYBLOB="14000880ac1e0101ac1514bb640101010a010100080013"], 0x94}, 0x1, 0x0, 0x0, 0x20000040}, 0x8000002) (fail_nth: 8) 4.40025255s ago: executing program 5 (id=4049): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000440)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000400)=[{&(0x7f0000000080)="2e00000010008188040f46ecdb4cb9cca7480ef43c000000e3bd6efb440009000e000a0010000000ba8000001201", 0x2e}], 0x1}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(r4, &(0x7f0000000540)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000100)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16, @ANYBLOB="01002ebd700e000000001400000018000180140002006e657464657673696d30000000000000050019000000000308001500f1ffff01050018"], 0x44}}, 0x0) socket$netlink(0x10, 0x3, 0x12) socket(0x2a, 0x2, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) ptrace$poke(0x4, 0xffffffffffffffff, &(0x7f00000000c0), 0x4) socket$key(0xf, 0x3, 0x2) socket$pppl2tp(0x18, 0x1, 0x1) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r5, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) sendmsg$sock(r0, &(0x7f00000003c0)={&(0x7f0000000140)=@ieee802154={0x24, @none={0x0, 0x2}}, 0x80, &(0x7f0000000700)=[{&(0x7f00000004c0)="c5a0eb5618e37a3a6e8b53576f068cf7307ae267cdf7afce9adef95f04603fefaf3f85b0397d33fdae8c0aa09421b5f313cc4980bd4b3c2019f9420ecb77633452113e39374fece91662387f2d164773d4e897d1d336789901", 0x59}, {&(0x7f0000000580)="bb89d2467f807313de5c65f2704e227828ff6bdc80f112c4234a13f465b4924932eb1e21ecfe5f49ea92c82787cf37197add41eddc511eb915041cf02c897aa15f06336f0fbf18975a0f4b23aea6effbe93426ec978c3376b8fb7cd7de71a3e53409c3bb481584510b69fdc0cdeba6b3ed45cb0f508b1e4b8be94009a36aff767eedf590228025932c96a2dd9900db461918439e0c933a9c45fd2f146bb006d01cead0b723bc60e863cae5cbeead4177cc7faf6f9eaad11d2b50e728d14e1b66fed543", 0xc3}, {&(0x7f0000000200)="554926982a4f595eaed886c1c491920d1e8ea0b0c9583562074df19ef9051f76b0756de1", 0x24}, {&(0x7f0000000680)="519271e8423fbca53201754fdf6074ee8d37f71056745b232c355e4c72c0dcbbe5661bc612b94ac36211e85f985bbf99a7c594408dd439ab2771481e21aad128596671a5cd25f7712c5121b777626bb325249f1260f7a36bdf20fdab6ab2307c076d44b46984e930dad3b606", 0x6c}, {&(0x7f0000000280)="5f33946b9e1607408eaf856e8248706b81b8121afae86bcf212fb991ee79", 0x1e}], 0x5, &(0x7f0000000780)=[@timestamping={{0x14, 0x1, 0x25, 0x5}}, @timestamping={{0x14, 0x1, 0x25, 0x2}}, @txtime={{0x18, 0x1, 0x3d, 0x4}}, @txtime={{0x18}}, @mark={{0x14, 0x1, 0x24, 0x1}}], 0x78}, 0x20000000) setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffc, 0x0, 0x6}, {0x0, 0x0, 0x400000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x0, 0x32}, 0x0, @in6=@loopback, 0x0, 0x0, 0x0, 0xb7, 0x2, 0xfffffffe}}, 0xe8) sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x1c) 4.166403661s ago: executing program 2 (id=4050): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x35, 0xff, 0xaa, 0x20, 0xccd, 0x10af, 0x384e, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x59, 0x2, 0x1, 0x9b, 0x1e, 0x2a, 0x0, [], [{{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) (async) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000640)={0x3, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) (async) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000200)={0x20, 0x8}, 0x0, 0x0, 0x0, 0x0}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1) (async) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0) (async) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2000002, 0x200000005c832, 0xffffffffffffffff, 0x0) mlock(&(0x7f0000ffb000/0x3000)=nil, 0x3000) 3.455979297s ago: executing program 0 (id=4051): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000940)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-serpent-sse2\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept$alg(r0, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000002c0)=[@iv={0x38, 0x117, 0x2, 0x1d, "a3c97958821c88833b9be14acb1f6f32884228903a7a7ae22b5041bc56"}], 0x38, 0xc040}, 0x0) write$binfmt_script(r1, &(0x7f0000000600), 0xfec8) recvmmsg(r1, &(0x7f0000000640)=[{{0x0, 0x37, &(0x7f00000005c0)=[{&(0x7f00000001c0)=""/200, 0xc8}], 0x1, 0x0, 0x0, 0x2000000}}, {{0x0, 0x0, &(0x7f0000000500)=[{&(0x7f00000009c0)=""/4096, 0x1000}], 0x1}, 0x80000000}], 0x2, 0xcb, 0x0) 3.410923313s ago: executing program 0 (id=4052): open(&(0x7f0000000100)='./file0\x00', 0x80ff, 0x36) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000180), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000001400), 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x8401) syz_io_uring_setup(0xec6, &(0x7f0000000240)={0x0, 0x0, 0x100, 0x0, 0x71, 0x0, r1}, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) unshare(0xc000400) pselect6(0x40, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x5d}, 0x0, &(0x7f0000000140)={0x3ff, 0x0, 0xc3ac, 0x0, 0xfefdffffffffffff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) read$FUSE(r0, &(0x7f0000006300)={0x2020}, 0x2020) 3.248302317s ago: executing program 0 (id=4053): ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000140)=0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x1, 0x0, 0x0, 0x8000000, 0x100000000, 0xfffffff9, 0x88000000}, 0x0) unshare(0x22020400) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000c00)=ANY=[@ANYBLOB="b7000000ff020000bfa3000000000000070300c034ffffff620af0fff8ffffff71a4f0ff000000002d040200000000001d400200000000004604000001ed000062030000c0ff00001d440000000000007a0a00fe00ffffffc3030000a1000000b5000000000000009500000000000000023bc065b58111c6dfa041b63af4a3912435f1a864a710e4d58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168c50000000190f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00c37dfca3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75dd08d123deda88c658d42ecbf28bf7076c15b463bebba2c598b4fc72f526d8e8afcb913466aaa7f6df70252e79166d858fcd0e06dd31af9612f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0c33d39000d06a59ff616236fd9aa58f2477184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe722631cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10746443d6438e959532e0617d419c6bc6ea9f2bca4464f56e24e6d2105bd901204a1deeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b989b40000000000000da60d2ae20cfb91d6a49964757cdf538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d71cde2c140952f9a0f0bc6980fe78683ac5c0c31032599ddd71063be9261b2e1aab1675b34a22048ef8c126aeef5f510a8f1aded94a129e4aec6f8d9ab06faffc3a15d96c2ea3e2e04cfe031b2875353193f82ade69d0540059fe6c7fe7cd8697502c7596566d674e425da5e87e59602a9f6590521d31d3804b3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c953992e4a982f3c48153baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2160242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44028d6112a0c2d21b2dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c039862198899b212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d15017ab513cdc6c0e57fb1c1ca571380d7b4ead35a385e0b4a26b702396df7e0465f2f994114f244a9bf93f04bf072f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb744ddcc536cbae315c7d1fe1399562ba6824840b08000000f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3c3bfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed93517a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201ddeb6dc5f6a903792283c42efc54fa84323afc4c10eff462c8843187f1dd48ef3fa293774d582956ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538d6ee6ba65893ff1f908ba7554ba583fef3ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738012e4fee18a22da19fcdb4c2890cda1f96b952511e3a69d694d625e0b2f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427f0688430754c02180d61542c25000000000000000005a7b57f03ca91a01ba2e30ca99e8ebc15ecb4d91675767999d146aef7799738b292fd640dfef6b04d086f737a159d7e0c6e4d81ad64a8bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d120617d12d91db2633d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c3d4bbec8d722824c0ebca8db1ea4a003d2fbdc1f9be78537756ab5bbe4fe9af5d785d0128171c90d9900ce2532b0f9d01c4b45294fbba468df3e1b393cb4e62e754598e47df6bd06431c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a8811922929e085392ab3d1311b8243266d87047f601fa88a0da36b9f302e82623951743283070744f143fdec90ba5a82668d5fac114c13955ad6dca5db2231d8ba14c54c47ed04a4b4ace17e357e1d6432399f87a7a14245bbd796a09313b247b95d37ff40a404bdad74bd20000000000000000000099fef7cd7af3ce64a92f95d89d125b1e641240d7e5e27a3d1f7684448c3e3822d617e205061298b939a191be4b48e169bde2cae3accc5bd40a2968b59c93d35f8e42366fdef9a2abae1cf01ce68abff28861aac8302d268569dd42e194e330c7aaa54ebbcefd23f21ce8153b9926e12e925cb56119df72c7533a48d028ad0c74e2a9478fa3be18a1a2b65079cc1c7bc46dd12305a1ae9dd19e8d525206c0a728cfd42193abe8130b51d6c9b94c5513df2d85e8c01a2d69841f3d7799ac04bdc590bb1c89b9c695f163e57343c9bfb59909433c9001c5f8b23e38534a538fc933cac6c2a92d038df638a0f226df9fb857bd414c2cd69985e8053e3dfa41614d7c74d04d8c2471041d17c730fad28395f8d4688898cd58b9d600c851626529bb58aa364b55e73f053450665e7b94ad1012fd7a8139166fd5e59c84f4ab279b1b99c028db4cb9680c8035f967db18de738844da7e260a830c1ffa49f5af3c15423a0e315acb82a3e89218cb314e68fda4d94aa1d815babc13b9fd336d205c5913ef670000000000000000ba470bfe62fe2933082149d42e8a00a5b4f7e9ad0500000000000000"], &(0x7f00000001c0)='GPL\x00', 0x3, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0xa}, 0x8, 0x10, &(0x7f0000000000), 0x10}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000019240)='net/netstat\x00') pread64(r3, &(0x7f0000000080)=""/102356, 0x18fd4, 0x200) r4 = syz_open_procfs(r0, &(0x7f0000000040)='attr/current\x00') r5 = socket$inet_mptcp(0x2, 0x1, 0x106) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r5, 0x8983, &(0x7f00000001c0)={0x0, 'vlan1\x00', {0x1}, 0x7f}) r6 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x800, 0x0) read$char_usb(r4, 0x0, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r6, 0x10000000000) mkdirat(r3, &(0x7f0000019080)='./file0/../file0\x00', 0x2) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x2, 0x0) mount$fuse(0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f00000190c0)=ANY=[]) openat2$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0/../file0\x00', &(0x7f0000000200)={0x200000}, 0x18) read$FUSE(r4, &(0x7f0000000640)={0x2020}, 0x2020) r7 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000003000/0x2000)=nil, 0x2000, 0x0, 0x50, 0xffffffffffffffff, 0x991f000) r8 = syz_open_dev$sndpcmc(&(0x7f0000000080), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_CHANNEL_INFO(r8, 0xc0844123, &(0x7f0000002fc0)) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), r7) socket$nl_generic(0x10, 0x3, 0x10) 3.117279163s ago: executing program 1 (id=4054): r0 = userfaultfd(0x80001) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) pipe(0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r2, 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000540)='./cgroup.cpu/syz0\x00', 0x200002, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x0, 0x0, 0x0, 0x0, 0x13dc, 0x9, 0x8, 0x0, 0x400003}, 0x0) syz_usb_connect(0x0, 0x0, 0x0, 0x0) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='smaps\x00') syz_open_dev$vcsn(&(0x7f0000000000), 0x0, 0x60) socketpair$unix(0x1, 0x0, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$int_in(r5, 0x5452, &(0x7f00000001c0)=0x8001) shutdown(r4, 0x1) ptrace$getsig(0x4202, r3, 0xfffffffffffffff9, &(0x7f0000000140)) read$FUSE(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(0xffffffffffffffff, 0xc004500a, &(0x7f0000000000)=0xffff0018) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x27c}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) ftruncate(r6, 0x8008976) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r6, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000280000/0x3000)=nil, &(0x7f00009bb000/0x4000)=nil, 0x3000}) 1.722165864s ago: executing program 0 (id=4055): r0 = socket(0x40000000015, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x44, 0x10, 0x401, 0x70bd29, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @ipip={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_IPTUN_REMOTE={0x8, 0x3, @empty}, @IFLA_IPTUN_TTL={0x5}]}}}]}, 0x44}, 0x1, 0xd}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/freeze_filesystems', 0x20202, 0xa4) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'wlan0\x00'}) syz_open_procfs(0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f00003ef000/0x3000)=nil, 0x3000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bind$alg(0xffffffffffffffff, 0x0, 0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) write$binfmt_script(0xffffffffffffffff, &(0x7f0000000600), 0xfec8) r6 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r6}, &(0x7f0000bbdffc)) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000003c40)=[{{0x0, 0x0, 0x0}}], 0x1, 0x4000) madvise(&(0x7f000042f000/0x800000)=nil, 0x800000, 0x15) sendfile(r3, r3, 0x0, 0x68) fsconfig$FSCONFIG_SET_STRING(r3, 0x1, &(0x7f00000001c0)='1', &(0x7f0000000200)='PCI:', 0x0) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b36"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) setsockopt$SO_RDS_TRANSPORT(r0, 0x114, 0x8, 0x0, 0x0) 1.460369331s ago: executing program 4 (id=4056): r0 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$sndctrl(0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x5, 0x6, 0x7}, 0x0) socket$igmp(0x2, 0x3, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a3200000000140000001100014e8815788f76"], 0x7c}, 0x1, 0x0, 0x0, 0x8080}, 0x2004c4c0) sendmsg$NFT_BATCH(r3, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a60000000060a010400000000000000000a0000050900020073797a320000002434000480200001800d00010073796e70726f7879000000000c0002800800034000000008100001800800010064757000040002800900010073797a31"], 0x88}, 0x1, 0x0, 0x0, 0x4000850}, 0x24000840) 1.34774554s ago: executing program 5 (id=4057): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xd, 0x400009, 0x8, 0xa}, 0x0) gettid() ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000200)) getdents64(0xffffffffffffffff, &(0x7f0000001f00)=""/4111, 0x100f) r2 = socket$pppl2tp(0x18, 0x1, 0x1) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r3, {0x2, 0x0, @multicast2}, 0x2, 0x0, 0x1}}, 0x2e) r4 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r4, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @multicast1}, 0x2, 0x2}}, 0x26) close_range(r3, 0xffffffffffffffff, 0x0) 229.150165ms ago: executing program 2 (id=4058): socket(0x10, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) r2 = openat$vimc2(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r3, 0x3ba0, &(0x7f0000000200)={0x48}) r4 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) ioctl$FBIOBLANK(r4, 0x4611, 0x3) ioctl$FBIO_WAITFORVSYNC(r4, 0x40044620, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000f40)=@raw={'raw\x00', 0x8, 0x3, 0x478, 0x1c0, 0xffffffff, 0xffffffff, 0x1c0, 0xffffffff, 0x3a8, 0xffffffff, 0xffffffff, 0x3a8, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@remote, @loopback, [0xff, 0x0, 0xff, 0xff], [0xffffffff, 0xff, 0xff], 'team_slave_0\x00', 'netdevsim0\x00', {}, {0xff}, 0x29, 0x3, 0x0, 0x60}, 0x0, 0x1a0, 0x1c0, 0x60030000, {0x0, 0xff000000}, [@common=@inet=@recent0={{0xf8}, {0x9, 0x2, 0x24, 0x0, 'syz0\x00'}}]}, @unspec=@TRACE={0x20}}, {{@uncond, 0x0, 0x1c8, 0x1e8, 0x0, {}, [@common=@inet=@recent0={{0xf8}, {0x0, 0x0, 0x1, 0x1, 'syz0\x00', 0xfe}}, @common=@mh={{0x28}, {"b11c", 0x1}}]}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4d8) ioctl$IOMMU_IOAS_ALLOC(r3, 0x3b81, &(0x7f00000002c0)={0xfffffffffffffdf2}) ioctl$IOMMU_HWPT_SET_DIRTY_TRACKING(r3, 0x3b8b, &(0x7f0000000040)={0x10, 0x1}) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x0, 0x10b8}, 0xff00) syz_open_procfs(0x0, &(0x7f0000000000)='net/rt6_stats\x00') pread64(r4, &(0x7f0000001600)=""/4096, 0x1000, 0x93) socket$kcm(0xa, 0x5, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb010018000000000000007b0000007b00000003000300000f02000000010000000500000002000000010000000600000005000000050000000900000046470000f9040c0000000100000f0100000005000000090000000befff000109000000000002b67a001010000000000000000000000300000000030000000100000009000000060000000000000c0200000000"], &(0x7f0000000140)=""/57, 0x97, 0x39, 0x1, 0x0, 0xb084bc3c7a3a145b}, 0x28) ioctl$IOMMU_DESTROY$hwpt(0xffffffffffffffff, 0x3b80, 0x0) ioctl$VIDIOC_CREATE_BUFS(r2, 0xc100565c, &(0x7f0000000640)={0x0, 0xfff, 0x4, {0x9, @win={{0x3ac, 0x5, 0x2bc, 0x6d}, 0x5, 0xd, &(0x7f0000000300)={{0x5, 0x5cc, 0xfffffff7, 0x1}}, 0x2, &(0x7f0000000340)="9c", 0x22}}, 0xfffffffd}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x4000) 205.697104ms ago: executing program 5 (id=4059): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="54000000020601040000000000000000000000000c00078008000640000000010500010006000000050005000a000000050004000a0000000900020073797a31000000000d000300686173683a6e657400000000bffb2648c216955eadf2594f9a8b282112759761b8fbd6cd305a1b"], 0x54}}, 0x0) 0s ago: executing program 5 (id=4060): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x403, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) listen(r2, 0xfffffffc) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)={0x24, 0x4, 0x8, 0x801, 0x0, 0x0, {0x3}, [@CTA_TIMEOUT_L3PROTO={0x6, 0x2, 0x1, 0x0, 0x6558}, @CTA_TIMEOUT_L4PROTO={0x5, 0x3, 0x11}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x4000000) ioctl$sock_inet6_tcp_SIOCOUTQNSD(r2, 0x894b, &(0x7f00000000c0)) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, &(0x7f0000000380)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r1, 0x3ba0, &(0x7f0000000200)={0x48, 0x2, r4, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_REPLACE(r1, 0x3ba0, &(0x7f0000000180)={0x48, 0xa, r5}) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc400000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000014000380100000800c0001d10300002c0000000e0a3f0200000000000000000a0000000900010073797a31000000000900020073797a3100000000140000001100010000000000000000000100000a3220e3ae204613b0adc0e5df2200343e03bd42203f3aedfe8abb878891ad4575a0878b5ab4f92857bf873f70fb8c7ac22aaa2bc29d355e534c076f61aa1d86c254ee1000347d759de1afdaadc6e3615199f013898d4cffbccb2495393cf97aff21baa8f59034ff481005023a4c1f9b12c4532ba6cdfaa53c3228cc82f443b8a15e"], 0xd0}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) r7 = socket$inet6_sctp(0xa, 0x1, 0x84) r8 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/diskstats\x00', 0x0, 0x0) preadv(r8, &(0x7f0000003780)=[{&(0x7f0000001300)=""/170, 0xaa}], 0x1, 0xffff, 0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r7, 0x84, 0xb, &(0x7f00000004c0)={0x1, 0x1, 0x4, 0x1, 0x4, 0x6, 0xb, 0xfd, 0xb, 0x3, 0x70, 0x81, 0x7, 0x9}, 0xe) r9 = socket(0x400000000010, 0x3, 0x0) r10 = socket$unix(0x1, 0x2, 0x0) r11 = syz_open_dev$dri(&(0x7f0000000080), 0x6, 0x420002) ioctl$DRM_IOCTL_MODE_RMFB(r11, 0xc00464af, &(0x7f0000000080)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r12, 0x8946, &(0x7f0000000700)={'vlan0\x00', &(0x7f00000000c0)=@ethtool_channels={0x1, 0xf, 0x7, 0x6d8, 0x7, 0x5, 0x1, 0x4, 0x3a45}}) ioctl$sock_SIOCGIFINDEX(r10, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) pipe2$9p(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}, 0x800) write$P9_ROPEN(r14, &(0x7f00000000c0)={0x18, 0x71, 0x2, {{0x9c, 0x4, 0x1}, 0x878}}, 0x18) sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r13, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000680)=@newtfilter={0x88, 0x2c, 0xd27, 0x70bd25, 0x2, {0x0, 0x0, 0x0, r13, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_flow={{0x9}, {0x58, 0x2, [@TCA_FLOW_ACT={0x54, 0x9, 0x0, 0x1, [@m_mirred={0x50, 0x1, 0x0, 0x0, {{0xb}, {0x25, 0x2, 0x0, 0x1, [@TCA_MIRRED_PARMS={0x20, 0x2, {{0xfffffffa, 0x0, 0x20000001, 0x96, 0x2}, 0x1, r13}}]}, {0x4}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}}]}, 0x88}}, 0x4000000) bind$alg(r0, &(0x7f0000000440)={0x26, 'hash\x00', 0x0, 0x0, 'sha3-256-ce\x00'}, 0x58) kernel console output (not intermixed with test programs): batadv0: Interface activated: batadv_slave_1 [ 945.731316][ T3668] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 945.746026][ T3668] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 945.806579][ T3668] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 945.897531][ T3668] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 945.922287][ T24] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 946.132416][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 946.188529][ T24] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 946.200787][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 946.250020][T17675] bridge0: port 3(macsec0) entered blocking state [ 946.257706][T17675] bridge0: port 3(macsec0) entered disabled state [ 946.268207][T17675] macsec0: entered allmulticast mode [ 946.273859][T17675] veth1_macvtap: entered allmulticast mode [ 946.301046][T17675] macsec0: entered promiscuous mode [ 946.315538][T17675] bridge0: port 3(macsec0) entered blocking state [ 946.322451][T17675] bridge0: port 3(macsec0) entered forwarding state [ 946.350674][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 946.383605][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 946.394087][T17492] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 946.429366][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 946.504812][ T24] usb 2-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 946.522353][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 946.530385][T17492] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 946.579144][ T24] usb 2-1: Product: syz [ 946.591439][ T24] usb 2-1: Manufacturer: syz [ 946.620816][ T24] usb 2-1: SerialNumber: syz [ 946.656538][ T24] usb 2-1: config 0 descriptor?? [ 946.763874][ T13] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 946.775449][ T13] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 947.462328][T15466] usb 3-1: new high-speed USB device number 104 using dummy_hcd [ 947.619888][T15466] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 947.671273][T15466] usb 3-1: config 0 has no interfaces? [ 947.709826][T15466] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 947.751241][T15466] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 947.931351][ T24] iforce 2-1:0.0: usb_submit_urb failed: -110 [ 947.943570][T15466] usb 3-1: config 0 descriptor?? [ 947.965659][ T24] input input45: Device does not respond to id packet M [ 947.998200][T17700] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3258'. [ 948.033747][T17700] random: crng reseeded on system resumption [ 948.062786][ T24] iforce 2-1:0.0: usb_submit_urb failed: -32 [ 948.129983][ T24] input input45: Device does not respond to id packet P [ 948.167684][ T24] iforce 2-1:0.0: usb_submit_urb failed: -32 [ 948.184076][ T24] input input45: Device does not respond to id packet B [ 948.205184][ T24] iforce 2-1:0.0: usb_submit_urb failed: -32 [ 948.218030][ T24] input input45: Device does not respond to id packet N [ 948.296714][ T24] iforce 2-1:0.0: usb_submit_urb failed: -32 [ 948.328963][ T24] iforce 2-1:0.0: usb_submit_urb failed: -32 [ 948.365769][ T24] iforce 2-1:0.0: usb_submit_urb failed: -32 [ 948.395706][ T24] iforce 2-1:0.0: usb_submit_urb failed: -32 [ 948.895855][ T24] input: Unknown I-Force Device [%04x:%04x] as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input45 [ 948.931001][ T24] usb 2-1: USB disconnect, device number 31 [ 949.379201][T17713] syzkaller0: entered promiscuous mode [ 949.423562][T17713] syzkaller0: entered allmulticast mode [ 949.767316][T17728] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3262'. [ 949.833660][T15466] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 950.187693][ T24] usb 3-1: USB disconnect, device number 104 [ 952.178225][T17751] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3271'. [ 953.719962][T17778] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3282'. [ 954.963879][T17798] netlink: 6 bytes leftover after parsing attributes in process `syz.4.3285'. [ 955.363219][T17806] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 955.376934][T17806] team0: Port device batadv1 added [ 955.501493][T17811] FAULT_INJECTION: forcing a failure. [ 955.501493][T17811] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 955.528260][T17811] CPU: 1 UID: 0 PID: 17811 Comm: syz.1.3289 Not tainted syzkaller #0 PREEMPT(full) [ 955.528293][T17811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 955.528309][T17811] Call Trace: [ 955.528318][T17811] [ 955.528329][T17811] dump_stack_lvl+0x189/0x250 [ 955.528360][T17811] ? __pfx____ratelimit+0x10/0x10 [ 955.528388][T17811] ? __pfx_dump_stack_lvl+0x10/0x10 [ 955.528412][T17811] ? __pfx__printk+0x10/0x10 [ 955.528449][T17811] should_fail_ex+0x414/0x560 [ 955.528483][T17811] strncpy_from_user+0x36/0x290 [ 955.528515][T17811] getname_flags+0xf3/0x540 [ 955.528543][T17811] do_sys_openat2+0xbc/0x1c0 [ 955.528572][T17811] ? __pfx_do_sys_openat2+0x10/0x10 [ 955.528599][T17811] ? ksys_write+0x22a/0x250 [ 955.528631][T17811] ? __pfx_ksys_write+0x10/0x10 [ 955.528666][T17811] __x64_sys_creat+0x8f/0xc0 [ 955.528696][T17811] do_syscall_64+0xfa/0xfa0 [ 955.528727][T17811] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 955.528749][T17811] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 955.528772][T17811] ? clear_bhb_loop+0x60/0xb0 [ 955.528800][T17811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 955.528822][T17811] RIP: 0033:0x7f03c838eec9 [ 955.528843][T17811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 955.528862][T17811] RSP: 002b:00007f03c9271038 EFLAGS: 00000246 ORIG_RAX: 0000000000000055 [ 955.528887][T17811] RAX: ffffffffffffffda RBX: 00007f03c85e5fa0 RCX: 00007f03c838eec9 [ 955.528903][T17811] RDX: 0000000000000000 RSI: 0000000000000008 RDI: 00002000000001c0 [ 955.528918][T17811] RBP: 00007f03c9271090 R08: 0000000000000000 R09: 0000000000000000 [ 955.528932][T17811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 955.528946][T17811] R13: 00007f03c85e6038 R14: 00007f03c85e5fa0 R15: 00007f03c870fa28 [ 955.528982][T17811] [ 955.920351][T14739] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 956.082292][T14739] usb 6-1: device descriptor read/64, error -71 [ 956.332320][T14739] usb 6-1: new high-speed USB device number 16 using dummy_hcd [ 956.542508][T14739] usb 6-1: device descriptor read/64, error -71 [ 956.654392][T14739] usb usb6-port1: attempt power cycle [ 957.052310][T14739] usb 6-1: new high-speed USB device number 17 using dummy_hcd [ 957.072966][T14739] usb 6-1: device descriptor read/8, error -71 [ 957.352333][T14739] usb 6-1: new high-speed USB device number 18 using dummy_hcd [ 957.430380][T14739] usb 6-1: device descriptor read/8, error -71 [ 957.606993][T14739] usb usb6-port1: unable to enumerate USB device [ 959.023065][T17862] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3301'. [ 960.320472][T17886] netlink: 'syz.4.3304': attribute type 4 has an invalid length. [ 960.584724][T17903] random: crng reseeded on system resumption [ 960.979856][T17912] netlink: 'syz.0.3307': attribute type 4 has an invalid length. [ 961.824258][T17923] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 961.986188][T17923] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 962.052394][ T5930] usb 6-1: new high-speed USB device number 19 using dummy_hcd [ 962.234285][ T5930] usb 6-1: config 0 has an invalid interface number: 47 but max is 0 [ 962.242868][ T5930] usb 6-1: config 0 has no interface number 0 [ 962.307102][ T5930] usb 6-1: config 0 interface 47 altsetting 252 bulk endpoint 0xD has invalid maxpacket 8 [ 962.336787][ T5930] usb 6-1: config 0 interface 47 altsetting 252 bulk endpoint 0x1 has invalid maxpacket 8 [ 962.356691][ T5930] usb 6-1: config 0 interface 47 altsetting 252 endpoint 0x9 has invalid maxpacket 1024, setting to 64 [ 962.398854][ T5930] usb 6-1: config 0 interface 47 has no altsetting 0 [ 962.442309][T14739] usb 5-1: new full-speed USB device number 97 using dummy_hcd [ 962.549046][ T5930] usb 6-1: New USB device found, idVendor=7d15, idProduct=31b2, bcdDevice=57.4b [ 962.599521][ T5930] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 962.605053][T14739] usb 5-1: not running at top speed; connect to a high speed hub [ 962.648702][ T5930] usb 6-1: config 0 descriptor?? [ 962.664739][T17922] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 962.673106][T17922] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 962.687210][T14739] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 962.714114][ T5930] usb-storage 6-1:0.47: USB Mass Storage device detected [ 962.744563][T14739] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 495, setting to 64 [ 962.771433][T14739] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 962.788556][T14739] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 962.810391][T14739] usb 5-1: Product: Ѕ [ 962.820335][T14739] usb 5-1: Manufacturer: 㭄ⷓꄹᚉ㹆䍯싶鎚꣠嶮ӹꅳఐ጑凁໧쬵䮷ᢻ斦곋ᅇ᭔Ʉ⋯ퟫ [ 962.896716][T14739] usb 5-1: SerialNumber: Ф [ 962.910251][T17928] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 962.946497][ T24] usb 6-1: USB disconnect, device number 19 [ 963.120747][T17928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 963.121466][T17928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 963.136007][T17928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 963.136525][T17928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 963.137888][T17928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 963.138369][T17928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 963.139571][T17928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 963.140058][T17928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 963.141293][T17928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 963.141771][T17928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 963.228688][T15475] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 963.247913][T14739] cdc_ncm 5-1:1.0: bind() failure [ 963.253796][T14739] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 963.253860][T14739] cdc_ncm 5-1:1.1: bind() failure [ 963.261126][T14739] usb 5-1: USB disconnect, device number 97 [ 963.384053][T15475] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 963.397009][T15475] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 963.425454][T15475] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 963.458011][T15475] usb 1-1: New USB device found, idVendor=0a07, idProduct=00d0, bcdDevice=10.13 [ 963.472119][T15475] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 963.488333][T15475] usb 1-1: Product: syz [ 963.492416][T17946] netlink: 84 bytes leftover after parsing attributes in process `syz.4.3320'. [ 963.496175][T17947] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3319'. [ 963.511011][T15475] usb 1-1: Manufacturer: syz [ 963.513834][T17946] vlan0: entered promiscuous mode [ 963.521707][T15475] usb 1-1: SerialNumber: syz [ 963.531683][T15475] usb 1-1: config 0 descriptor?? [ 963.756808][T15475] adutux 1-1:0.0: ADU208 4242424 now attached to /dev/usb/adutux0 [ 963.786054][T15475] usb 1-1: USB disconnect, device number 66 [ 964.892339][T14754] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 965.113819][T17983] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3328'. [ 965.122924][ T5930] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 965.282345][T14754] usb 1-1: Using ep0 maxpacket: 8 [ 965.509216][T14754] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 965.523557][ T5930] usb 2-1: config 0 has an invalid interface number: 117 but max is 0 [ 965.532111][ T5930] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 965.562065][T14754] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 965.578169][ T5930] usb 2-1: config 0 has no interface number 0 [ 965.588490][T14754] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 965.608921][ T5930] usb 2-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 965.626885][T14754] usb 1-1: Product: syz [ 965.637966][T14754] usb 1-1: Manufacturer: syz [ 965.647802][ T5930] usb 2-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 965.675254][T14754] usb 1-1: SerialNumber: syz [ 965.716103][T14754] usb 1-1: config 0 descriptor?? [ 965.760287][T17985] cgroup: fork rejected by pids controller in /syz5 [ 965.813806][ T5930] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 965.852381][ T5930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 965.875998][T14754] streamzap 1-1:0.0: streamzap_probe: endpoint doesn't match input device 0204 [ 965.892689][ T5930] usb 2-1: Product: syz [ 965.898985][ T5930] usb 2-1: Manufacturer: syz [ 965.923625][ T5930] usb 2-1: SerialNumber: syz [ 965.931715][ T5930] usb 2-1: config 0 descriptor?? [ 966.104962][T14754] usb 1-1: USB disconnect, device number 67 [ 966.419272][ T5930] usbtouchscreen 2-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 966.456662][ T5930] usb 2-1: USB disconnect, device number 33 [ 966.628829][T18510] netlink: 'syz.4.3332': attribute type 4 has an invalid length. [ 968.382879][T14754] usb 6-1: new high-speed USB device number 20 using dummy_hcd [ 968.553629][T14754] usb 6-1: Using ep0 maxpacket: 16 [ 968.577726][T14754] usb 6-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 968.586886][T14754] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 968.623728][T14754] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 968.655889][T14754] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 968.666148][T14754] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 968.689528][T14754] usb 6-1: Product: syz [ 968.698801][T18538] tipc: Enabled bearer , priority 0 [ 968.706237][T14754] usb 6-1: Manufacturer: syz [ 968.711712][T18538] syzkaller0: entered promiscuous mode [ 968.717660][T14754] usb 6-1: SerialNumber: syz [ 968.728141][T18538] syzkaller0: entered allmulticast mode [ 968.779220][T18538] tipc: Resetting bearer [ 968.795444][T18537] tipc: Resetting bearer [ 968.821217][T18537] tipc: Disabling bearer [ 969.220655][T14754] usb 6-1: 0:2 : does not exist [ 969.378674][T14752] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 969.406855][ T856] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 969.712272][T14752] usb 5-1: Using ep0 maxpacket: 8 [ 969.712290][ T856] usb 2-1: Using ep0 maxpacket: 8 [ 969.714571][ T856] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 969.742345][ T856] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 969.752080][ T856] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 969.771353][ T856] usb 2-1: Product: syz [ 969.779007][T14752] usb 5-1: config 211 has too many interfaces: 130, using maximum allowed: 32 [ 969.794850][ T856] usb 2-1: Manufacturer: syz [ 969.794861][T14752] usb 5-1: config 211 has an invalid descriptor of length 168, skipping remainder of the config [ 969.794887][T14752] usb 5-1: config 211 has 0 interfaces, different from the descriptor's value: 130 [ 969.838802][ T856] usb 2-1: SerialNumber: syz [ 969.923466][ T856] usb 2-1: config 0 descriptor?? [ 969.963230][T18525] ALSA: seq fatal error: cannot create timer (-22) [ 969.972243][T18525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 969.989911][T18525] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 970.006735][ T856] streamzap 2-1:0.0: streamzap_probe: endpoint doesn't match input device 0204 [ 970.022437][T14752] usb 5-1: New USB device found, idVendor=0af0, idProduct=6811, bcdDevice=8e.06 [ 970.032108][T14752] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 970.157428][T14752] usb 5-1: Product: syz [ 970.170213][T14752] usb 5-1: Manufacturer: syz [ 970.175033][T14752] usb 5-1: SerialNumber: syz [ 970.266164][ T856] usb 2-1: USB disconnect, device number 34 [ 970.395730][T18541] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3341'. [ 970.410830][T18541] veth0: entered promiscuous mode [ 970.418355][T18541] veth0: left promiscuous mode [ 970.507581][T14752] usb 5-1: USB disconnect, device number 98 [ 970.861674][T18555] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3346'. [ 971.301854][T14754] usb 6-1: USB disconnect, device number 20 [ 971.980809][ T5883] udevd[5883]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 972.342882][T14754] usb 6-1: new high-speed USB device number 21 using dummy_hcd [ 972.482287][T14754] usb 6-1: device descriptor read/64, error -71 [ 972.752269][T14754] usb 6-1: new high-speed USB device number 22 using dummy_hcd [ 972.832322][T14752] usb 1-1: new high-speed USB device number 68 using dummy_hcd [ 972.892643][T14754] usb 6-1: device descriptor read/64, error -71 [ 973.004964][T14752] usb 1-1: config 0 has no interfaces? [ 973.010595][T14752] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 973.020422][T14754] usb usb6-port1: attempt power cycle [ 973.036939][T14752] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 973.072568][T14752] usb 1-1: config 0 descriptor?? [ 973.282769][ T5930] usb 3-1: new high-speed USB device number 105 using dummy_hcd [ 973.392443][T14754] usb 6-1: new high-speed USB device number 23 using dummy_hcd [ 973.443921][T14754] usb 6-1: device descriptor read/8, error -71 [ 973.472277][ T5930] usb 3-1: Using ep0 maxpacket: 16 [ 973.574162][ T5930] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 973.604699][ T5930] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 973.632970][ T5930] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 973.646702][ T5930] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 973.665800][ T5930] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 973.682720][ T856] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 973.692276][T14754] usb 6-1: new high-speed USB device number 24 using dummy_hcd [ 973.706771][ T5930] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 973.718851][T14754] usb 6-1: device descriptor read/8, error -71 [ 973.728482][ T5930] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 973.736854][ T5930] usb 3-1: Manufacturer: syz [ 973.749550][ T5930] usb 3-1: config 0 descriptor?? [ 973.833454][T14754] usb usb6-port1: unable to enumerate USB device [ 973.843235][ T856] usb 5-1: Using ep0 maxpacket: 16 [ 973.860161][ T856] usb 5-1: config 0 has no interfaces? [ 973.869573][ T856] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 973.879974][ T856] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 973.888669][ T856] usb 5-1: Manufacturer: syz [ 973.898236][ T856] usb 5-1: config 0 descriptor?? [ 974.282287][ T5930] rc_core: IR keymap rc-hauppauge not found [ 974.288387][ T5930] Registered IR keymap rc-empty [ 974.293849][ T5930] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 974.313766][ T5930] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 974.343657][ T5930] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 974.554443][ T5930] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input47 [ 974.731387][ T5930] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 974.763278][ T5930] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 974.782926][ T5930] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 974.805688][ T5930] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 974.842771][ T5930] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 974.972568][ T5930] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 974.994042][ T5930] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 975.023444][ T5930] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 975.124873][ T5930] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 975.165460][ T5930] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 975.194424][ T5930] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 975.261339][ T5930] mceusb 3-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 975.443228][ T5930] usb 3-1: USB disconnect, device number 105 [ 975.527438][T18631] random: crng reseeded on system resumption [ 976.049465][ T5930] usb 1-1: USB disconnect, device number 68 [ 976.839521][T14739] usb 5-1: USB disconnect, device number 99 [ 977.316644][T18644] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3365'. [ 977.604663][T18648] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3368'. [ 977.709751][T18648] bond1: option ad_actor_sys_prio: invalid value (0) [ 977.737823][T18648] bond1: option ad_actor_sys_prio: allowed values 1 - 65535 [ 977.765621][T18648] bond1 (unregistering): Released all slaves [ 978.096015][T18663] netlink: 72 bytes leftover after parsing attributes in process `syz.4.3372'. [ 978.412291][T15475] usb 6-1: new high-speed USB device number 25 using dummy_hcd [ 978.615393][T15475] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 978.682463][T15475] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 978.702104][T15475] usb 6-1: config 0 descriptor?? [ 978.748971][T15475] cp210x 6-1:0.0: cp210x converter detected [ 979.104117][T15475] usb 6-1: cp210x converter now attached to ttyUSB0 [ 979.301681][T15475] usb 6-1: USB disconnect, device number 25 [ 979.329586][T15475] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 979.370759][T15475] cp210x 6-1:0.0: device disconnected [ 979.936124][T18696] vlan0: entered promiscuous mode [ 981.603290][T18717] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3390'. [ 981.639331][T18719] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3391'. [ 982.043211][T18723] 8021q: adding VLAN 0 to HW filter on device bond0 [ 982.062842][T18723] 8021q: adding VLAN 0 to HW filter on device team0 [ 982.123111][T18723] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 982.234807][T18717] vim2m vim2m.0: vidioc_s_fmt queue busy [ 982.798207][T18741] netlink: 'syz.2.3396': attribute type 4 has an invalid length. [ 982.825175][T18741] netlink: 'syz.2.3396': attribute type 4 has an invalid length. [ 984.158707][T18763] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3402'. [ 984.279858][T18763] random: crng reseeded on system resumption [ 984.672295][ T5930] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 984.824741][ T5930] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 984.877617][ T5930] usb 2-1: config 0 has no interfaces? [ 984.928056][ T5930] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 985.097847][ T5930] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 985.219403][ T5930] usb 2-1: config 0 descriptor?? [ 985.391890][T18786] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3409'. [ 986.086308][ T30] audit: type=1326 audit(1760149413.106:932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18802 comm="syz.2.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0158eec9 code=0x7ffc0000 [ 986.108733][ C1] vkms_vblank_simulate: vblank timer overrun [ 986.122430][T14754] usb 1-1: new high-speed USB device number 69 using dummy_hcd [ 986.171625][ T30] audit: type=1326 audit(1760149413.106:933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18802 comm="syz.2.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0158eec9 code=0x7ffc0000 [ 986.196131][ T30] audit: type=1326 audit(1760149413.136:934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18802 comm="syz.2.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0158eec9 code=0x7ffc0000 [ 986.219096][ T30] audit: type=1326 audit(1760149413.136:935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18802 comm="syz.2.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0158eec9 code=0x7ffc0000 [ 986.241483][ C1] vkms_vblank_simulate: vblank timer overrun [ 986.257502][ T30] audit: type=1326 audit(1760149413.136:936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18802 comm="syz.2.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=101 compat=0 ip=0x7fbf0158eec9 code=0x7ffc0000 [ 986.280640][ T30] audit: type=1326 audit(1760149413.136:937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18802 comm="syz.2.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0158eec9 code=0x7ffc0000 [ 986.321949][T14754] usb 1-1: Using ep0 maxpacket: 16 [ 986.324444][ T30] audit: type=1326 audit(1760149413.136:938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18802 comm="syz.2.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0158eec9 code=0x7ffc0000 [ 986.350792][ T30] audit: type=1326 audit(1760149413.156:939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18802 comm="syz.2.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0158eec9 code=0x7ffc0000 [ 986.373206][ C1] vkms_vblank_simulate: vblank timer overrun [ 986.396471][T14754] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 986.407981][T14754] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 986.429849][ T30] audit: type=1326 audit(1760149413.156:940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18802 comm="syz.2.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=294 compat=0 ip=0x7fbf0158eec9 code=0x7ffc0000 [ 986.455772][ T30] audit: type=1326 audit(1760149413.156:941): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18802 comm="syz.2.3414" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf0158eec9 code=0x7ffc0000 [ 986.491120][T14754] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 986.513129][T14754] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 986.526836][T14754] usb 1-1: Product: syz [ 986.534925][T14754] usb 1-1: Manufacturer: syz [ 986.539684][T14754] usb 1-1: SerialNumber: syz [ 986.932556][T14752] usb 3-1: new high-speed USB device number 106 using dummy_hcd [ 986.968577][T14754] usb 1-1: 0:2 : does not exist [ 987.118710][T14752] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 987.136976][T14752] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 987.146895][T14752] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 987.156040][T14752] usb 3-1: Product: syz [ 987.160827][T14752] usb 3-1: Manufacturer: syz [ 987.166163][T14752] usb 3-1: SerialNumber: syz [ 987.193967][T14752] usb 3-1: config 0 descriptor?? [ 987.334722][T15466] usb 6-1: new high-speed USB device number 26 using dummy_hcd [ 987.422709][T14754] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 987.496370][T14754] usb 1-1: USB disconnect, device number 69 [ 987.503400][T15466] usb 6-1: Using ep0 maxpacket: 32 [ 987.513469][T15466] usb 6-1: config 0 has no interfaces? [ 987.521266][T15466] usb 6-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 987.559700][T15466] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 987.590847][ T856] usb 2-1: USB disconnect, device number 35 [ 987.757492][T15466] usb 6-1: config 0 descriptor?? [ 988.044959][T18819] dummy0: entered promiscuous mode [ 988.045432][ T5883] udevd[5883]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 988.107411][T18819] vlan2: entered promiscuous mode [ 988.557180][T18829] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3421'. [ 988.628949][T18829] random: crng reseeded on system resumption [ 988.668302][T18832] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3422'. [ 989.452631][T18840] netlink: 'syz.4.3423': attribute type 10 has an invalid length. [ 989.476598][T18840] team0: Device ipvlan1 failed to register rx_handler [ 989.809885][T18845] random: crng reseeded on system resumption [ 990.407627][ T856] usb 6-1: USB disconnect, device number 26 [ 990.700504][T15475] usb 3-1: USB disconnect, device number 106 [ 991.218741][T14739] usb 6-1: new high-speed USB device number 27 using dummy_hcd [ 991.322329][T18869] random: crng reseeded on system resumption [ 991.448530][T14739] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 991.474985][T14739] usb 6-1: config 0 has no interfaces? [ 991.487539][T14739] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 991.512584][T14739] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 991.557749][T14739] usb 6-1: config 0 descriptor?? [ 991.643648][T18876] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3432'. [ 993.616664][T18892] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3435'. [ 993.689242][T18895] random: crng reseeded on system resumption [ 994.041765][T18905] netlink: 'syz.0.3438': attribute type 2 has an invalid length. [ 994.049906][T18905] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3438'. [ 994.119108][T18907] netlink: 72 bytes leftover after parsing attributes in process `syz.0.3439'. [ 994.132333][T15475] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 994.303366][T15475] usb 2-1: Using ep0 maxpacket: 32 [ 994.310530][T15475] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 994.322004][T15475] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 994.412495][T15475] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 994.618654][T15475] usb 2-1: config 0 descriptor?? [ 994.626563][T15475] hub 2-1:0.0: bad descriptor, ignoring hub [ 994.633045][T15475] hub 2-1:0.0: probe with driver hub failed with error -5 [ 994.646381][T15475] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 994.993232][T15475] usb 6-1: USB disconnect, device number 27 [ 995.142571][T14739] usb 2-1: USB disconnect, device number 36 [ 996.099225][T18946] netlink: 'syz.1.3448': attribute type 27 has an invalid length. [ 996.112293][ T5930] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 996.431609][ T5930] usb 6-1: Using ep0 maxpacket: 16 [ 996.505104][ T5930] usb 6-1: config 0 has an invalid interface number: 53 but max is 0 [ 996.804383][T18945] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 996.864624][T18946] vlan0: left promiscuous mode [ 996.879428][ T5930] usb 6-1: config 0 has no interface number 0 [ 997.013768][ T5930] usb 6-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=ed.e2 [ 997.073360][ T5930] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 997.170322][ T5930] usb 6-1: Product: syz [ 997.234941][ T5930] usb 6-1: Manufacturer: syz [ 997.239614][ T5930] usb 6-1: SerialNumber: syz [ 997.391067][T15475] usb 2-1: new full-speed USB device number 37 using dummy_hcd [ 997.423061][T18965] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3451'. [ 997.483344][ T5930] usb 6-1: config 0 descriptor?? [ 997.601365][T15475] usb 2-1: New USB device found, idVendor=09c0, idProduct=0203, bcdDevice=d3.43 [ 997.615285][T15475] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 997.651068][T15475] usb 2-1: config 0 descriptor?? [ 997.680457][T15475] dvb-usb: found a 'Genpix SkyWalker-1 DVB-S receiver' in warm state. [ 997.930083][T18967] program syz.1.3452 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 997.940963][T18967] netlink: 'syz.1.3452': attribute type 11 has an invalid length. [ 997.993245][T18961] bridge_slave_0: left allmulticast mode [ 998.029295][T18961] bridge_slave_0: left promiscuous mode [ 998.054657][T18961] bridge0: port 1(bridge_slave_0) entered disabled state [ 998.155058][T18961] bridge_slave_1: left allmulticast mode [ 998.161539][T18961] bridge_slave_1: left promiscuous mode [ 998.189089][T18961] bridge0: port 2(bridge_slave_1) entered disabled state [ 998.270193][T18961] bond0: (slave bond_slave_0): Releasing backup interface [ 998.344560][T18961] bond0: (slave bond_slave_1): Releasing backup interface [ 998.370653][T18961] team0: Port device team_slave_0 removed [ 998.404205][T18961] team0: Port device team_slave_1 removed [ 998.425567][T18961] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 998.450662][T18961] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 998.474981][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 998.483691][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 998.540507][T18961] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 999.160779][T15475] gp8psk: usb in 138 operation failed. [ 999.174209][T15475] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 999.221448][T15475] dvb-usb: Genpix SkyWalker-1 DVB-S receiver error while loading driver (-19) [ 999.269486][T15475] usb 2-1: USB disconnect, device number 37 [ 999.368542][T14739] usb 6-1: USB disconnect, device number 28 [ 999.399894][T18976] netlink: 'syz.0.3454': attribute type 4 has an invalid length. [ 999.933878][T18994] loop6: detected capacity change from 0 to 7 [ 1000.029116][ T5883] Dev loop6: unable to read RDB block 7 [ 1000.041045][ T5883] loop6: unable to read partition table [ 1000.046896][T14739] usb 1-1: new high-speed USB device number 70 using dummy_hcd [ 1000.133144][ T5883] loop6: partition table beyond EOD, truncated [ 1000.219736][T18994] Dev loop6: unable to read RDB block 7 [ 1000.272266][T15475] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 1000.286100][T19002] netlink: 'syz.2.3461': attribute type 1 has an invalid length. [ 1000.311917][T18994] loop6: unable to read partition table [ 1000.427148][T18994] loop6: partition table beyond EOD, truncated [ 1000.433800][T18994] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 1000.443832][T14739] usb 1-1: config 0 has no interfaces? [ 1000.527758][T19002] macvlan2: entered promiscuous mode [ 1000.535102][T19002] macvlan2: entered allmulticast mode [ 1000.556033][T19002] bond1: entered promiscuous mode [ 1000.567669][T19002] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 1000.585560][T15475] usb 6-1: Using ep0 maxpacket: 16 [ 1000.598201][T19002] bond1: left promiscuous mode [ 1000.710279][T15475] usb 6-1: config 0 has no interfaces? [ 1000.720896][T14739] usb 1-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1000.826499][T15475] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1000.875686][T14739] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1000.912685][T15475] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1000.922354][T14739] usb 1-1: Product: syz [ 1000.942411][T15475] usb 6-1: Manufacturer: syz [ 1000.947198][T14739] usb 1-1: Manufacturer: syz [ 1000.958548][T14739] usb 1-1: SerialNumber: syz [ 1000.968530][T15475] usb 6-1: config 0 descriptor?? [ 1001.127414][T14739] usb 1-1: config 0 descriptor?? [ 1001.292834][T18986] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1001.331292][T18986] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1001.417489][T18982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1001.443415][T19012] random: crng reseeded on system resumption [ 1001.478201][T18982] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1001.771640][T15475] usb 1-1: USB disconnect, device number 70 [ 1002.946934][T10802] hsr_slave_1 (unregistering): left promiscuous mode [ 1003.589430][T15475] usb 1-1: new high-speed USB device number 71 using dummy_hcd [ 1003.648547][T19024] cgroup: fork rejected by pids controller in /syz0 [ 1003.743418][T15475] usb 1-1: Using ep0 maxpacket: 16 [ 1003.759751][T15475] usb 1-1: config 0 has an invalid interface number: 53 but max is 0 [ 1003.768215][T15475] usb 1-1: config 0 has no interface number 0 [ 1003.781245][T15475] usb 1-1: New USB device found, idVendor=03fd, idProduct=ebbe, bcdDevice=ed.e2 [ 1003.919138][T15475] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1003.957888][T15475] usb 1-1: Product: syz [ 1004.006420][T15475] usb 1-1: Manufacturer: syz [ 1004.012108][T15475] usb 1-1: SerialNumber: syz [ 1004.087482][T14754] usb 6-1: USB disconnect, device number 29 [ 1004.089280][T15475] usb 1-1: config 0 descriptor?? [ 1004.226506][T19270] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 1004.255121][T19270] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3469'. [ 1004.403605][T19273] syz_tun: entered promiscuous mode [ 1004.409173][T19273] macvtap1: entered promiscuous mode [ 1004.431263][T19273] macvtap1: entered allmulticast mode [ 1004.437307][T19273] syz_tun: entered allmulticast mode [ 1004.449255][T19273] syz_tun: left allmulticast mode [ 1004.465091][T19273] syz_tun: left promiscuous mode [ 1006.313135][ T5930] usb 1-1: USB disconnect, device number 71 [ 1007.212412][T19331] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3495'. [ 1007.221720][T19331] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3495'. [ 1013.151175][T19420] fuse: Unknown parameter '0x00000000000002c6' [ 1013.733667][T19430] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3526'. [ 1014.097575][T19439] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3530'. [ 1014.213984][T19441] netlink: 48 bytes leftover after parsing attributes in process `syz.0.3531'. [ 1014.684750][T19451] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3536'. [ 1014.776708][T19451] bridge1: port 1(ip6gretap1) entered blocking state [ 1014.809645][T19451] bridge1: port 1(ip6gretap1) entered disabled state [ 1014.832771][T19451] ip6gretap1: entered allmulticast mode [ 1014.875446][T19451] ip6gretap1: entered promiscuous mode [ 1014.923028][T19456] tipc: Started in network mode [ 1014.929846][T19456] tipc: Node identity fffffffa, cluster identity 4711 [ 1014.939191][T19456] tipc: Node number set to 4294967290 [ 1015.057943][T19463] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1015.552258][T14754] usb 3-1: new high-speed USB device number 107 using dummy_hcd [ 1015.704054][T14754] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 1015.730512][T14754] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 64 [ 1015.766057][T14754] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 1015.779833][T14754] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1015.798115][T14754] usb 3-1: Product: syz [ 1015.807004][T14754] usb 3-1: Manufacturer: syz [ 1015.817257][T14754] usb 3-1: SerialNumber: syz [ 1015.836298][T14754] usb 3-1: config 0 descriptor?? [ 1015.845481][T19472] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1015.853475][T19472] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1016.067317][T19472] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1016.087212][T19472] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1016.710070][T14754] dm9601 3-1:0.0 (unnamed net_device) (uninitialized): Error reading chip ID [ 1017.124466][T14754] usb 3-1: USB disconnect, device number 107 [ 1017.899781][T19509] binder_alloc: 19508: binder_alloc_buf, no vma [ 1018.019128][T19512] fuse: Unknown parameter '0x0000000000000006' [ 1018.392319][T14754] usb 3-1: new high-speed USB device number 108 using dummy_hcd [ 1018.416645][ T30] kauditd_printk_skb: 56 callbacks suppressed [ 1018.416664][ T30] audit: type=1326 audit(1760149445.436:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19506 comm="syz.1.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c838eec9 code=0x7ffc0000 [ 1018.485907][ T30] audit: type=1326 audit(1760149445.476:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19506 comm="syz.1.3556" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c838eec9 code=0x7ffc0000 [ 1018.565198][T14754] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1018.579773][T14754] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1018.600060][T14754] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2dbe, bcdDevice= 0.00 [ 1018.620065][T14754] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1018.725015][T14754] usb 3-1: config 0 descriptor?? [ 1019.148623][T14754] konepure 0003:1E7D:2DBE.0013: item fetching failed at offset 5/7 [ 1019.173949][T14754] konepure 0003:1E7D:2DBE.0013: parse failed [ 1019.180176][T14754] konepure 0003:1E7D:2DBE.0013: probe with driver konepure failed with error -22 [ 1019.356065][T14754] usb 3-1: USB disconnect, device number 108 [ 1020.173154][T19553] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3569'. [ 1020.200110][T19552] random: crng reseeded on system resumption [ 1020.919097][T19566] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3571'. [ 1021.212265][T15475] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 1021.372823][T15475] usb 2-1: Using ep0 maxpacket: 8 [ 1021.416296][T15475] usb 2-1: config 211 has too many interfaces: 130, using maximum allowed: 32 [ 1021.426228][T15475] usb 2-1: config 211 has an invalid descriptor of length 168, skipping remainder of the config [ 1021.513759][T14739] usb 1-1: new high-speed USB device number 72 using dummy_hcd [ 1021.587728][ T856] IPVS: starting estimator thread 0... [ 1021.603864][T15475] usb 2-1: config 211 has 0 interfaces, different from the descriptor's value: 130 [ 1021.707777][T19580] IPVS: using max 37 ests per chain, 88800 per kthread [ 1021.722940][T15475] usb 2-1: New USB device found, idVendor=0af0, idProduct=6811, bcdDevice=8e.06 [ 1021.745762][T14739] usb 1-1: Using ep0 maxpacket: 8 [ 1021.832847][T14739] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 1021.859169][T15475] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1021.952430][T14739] usb 1-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 1021.972321][T14739] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1022.162228][T15475] usb 2-1: Product: syz [ 1022.166966][T14739] usb 1-1: Product: syz [ 1022.171190][T15475] usb 2-1: Manufacturer: syz [ 1022.179377][T14739] usb 1-1: Manufacturer: syz [ 1022.185746][T15475] usb 2-1: SerialNumber: syz [ 1022.191147][T14739] usb 1-1: SerialNumber: syz [ 1022.244754][T14739] usb 1-1: config 0 descriptor?? [ 1022.400726][T14739] streamzap 1-1:0.0: streamzap_probe: endpoint doesn't match input device 0204 [ 1022.406566][T19567] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3570'. [ 1022.508817][T19567] veth0: entered promiscuous mode [ 1022.546488][T19567] veth0: left promiscuous mode [ 1022.893601][T19588] sctp: [Deprecated]: syz.5.3576 (pid 19588) Use of int in maxseg socket option. [ 1022.893601][T19588] Use struct sctp_assoc_value instead [ 1022.930451][T14739] usb 1-1: USB disconnect, device number 72 [ 1022.998627][T15475] usb 2-1: USB disconnect, device number 38 [ 1024.119835][T19602] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3578'. [ 1024.152067][T19602] random: crng reseeded on system resumption [ 1025.078223][T19616] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3582'. [ 1025.658587][T19625] program syz.5.3585 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1026.314687][T19637] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3588'. [ 1026.584134][T19642] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3587'. [ 1026.656125][T19643] random: crng reseeded on system resumption [ 1029.402285][T14752] usb 2-1: new full-speed USB device number 39 using dummy_hcd [ 1029.554120][T14752] usb 2-1: config 0 has an invalid interface number: 128 but max is 0 [ 1029.563194][T14752] usb 2-1: config 0 has no interface number 0 [ 1029.572330][T14752] usb 2-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1029.582296][T14752] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1029.590463][T14752] usb 2-1: Product: syz [ 1029.604795][T14752] usb 2-1: Manufacturer: syz [ 1029.616844][T14752] usb 2-1: SerialNumber: syz [ 1029.638321][T14752] usb 2-1: config 0 descriptor?? [ 1029.758180][T10801] bond5 (unregistering): (slave ip6gretap1): Releasing active interface [ 1030.127230][T14752] usb 2-1: Firmware: major: 0, minor: 83, hardware type: ATUSB (1) [ 1030.265995][T10801] bond2 (unregistering): (slave gretap1): Releasing active interface [ 1030.596668][T19690] binder: 19670:19690 ioctl c0306201 200000000240 returned -14 [ 1030.840721][T10801] bond0 (unregistering): Released all slaves [ 1030.862070][T10801] bond1 (unregistering): Released all slaves [ 1031.193100][T14752] usb 2-1: failed to fetch extended address, random address set [ 1031.383275][T10801] bond2 (unregistering): Released all slaves [ 1031.570635][T10801] bond3 (unregistering): (slave veth7): Releasing active interface [ 1031.588576][T10801] bond3 (unregistering): Released all slaves [ 1031.799229][T10801] bond4 (unregistering): Released all slaves [ 1031.963604][T10801] bond5 (unregistering): Released all slaves [ 1032.078877][T10801] 8: left promiscuous mode [ 1032.247744][T10801] tipc: Left network mode [ 1032.780492][T10801] hsr_slave_0: left promiscuous mode [ 1032.814174][T10801] hsr_slave_1: left promiscuous mode [ 1032.864916][T10801] veth1_macvtap: left promiscuous mode [ 1032.870893][T10801] veth0_macvtap: left promiscuous mode [ 1032.893724][T10801] veth1_vlan: left promiscuous mode [ 1032.905722][T10801] veth0_vlan: left promiscuous mode [ 1033.075865][T14739] usb 2-1: USB disconnect, device number 39 [ 1033.299578][T19740] netlink: 'syz.1.3615': attribute type 27 has an invalid length. [ 1033.656377][T10801] team0 (unregistering): Port device batadv2 removed [ 1033.761377][T10801] team0 (unregistering): Port device batadv1 removed [ 1035.177906][T19734] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1035.622363][T14752] usb 3-1: new high-speed USB device number 109 using dummy_hcd [ 1035.976858][T14752] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1035.997889][T14752] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1036.008746][T19777] @: renamed from syz_tun (while UP) [ 1036.038059][T14752] usb 3-1: config 0 descriptor?? [ 1036.039030][T19781] netlink: 'syz.0.3629': attribute type 4 has an invalid length. [ 1036.047014][T14752] cp210x 3-1:0.0: cp210x converter detected [ 1036.618637][T14752] usb 3-1: cp210x converter now attached to ttyUSB0 [ 1036.815601][T14739] usb 3-1: USB disconnect, device number 109 [ 1036.896202][T14739] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1036.954589][T14739] cp210x 3-1:0.0: device disconnected [ 1038.502664][T14754] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 1038.652309][T14754] usb 6-1: Using ep0 maxpacket: 8 [ 1038.659655][T14754] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 1038.668745][T14754] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1038.679358][T14754] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1038.880006][T14754] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1038.949807][T19816] random: crng reseeded on system resumption [ 1039.107129][T14754] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1039.139212][T14754] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1039.148441][T14754] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1039.391282][T14754] usb 6-1: usb_control_msg returned -32 [ 1039.397751][T14754] usbtmc 6-1:16.0: can't read capabilities [ 1041.345063][T14752] usb 6-1: USB disconnect, device number 30 [ 1044.082084][T19877] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3654'. [ 1044.179396][T19877] random: crng reseeded on system resumption [ 1044.559897][T19884] syzkaller0: entered promiscuous mode [ 1044.576693][T19884] syzkaller0: entered allmulticast mode [ 1044.785818][T19884] kvm: vcpu 2: requested 148514 ns lapic timer period limited to 200000 ns [ 1044.795005][T19884] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=198462431 (396924862 ns) > initial count (200000 ns). Using initial count to start timer. [ 1045.762370][T14754] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 1045.972359][T14754] usb 2-1: Using ep0 maxpacket: 8 [ 1045.985152][T14754] usb 2-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 1046.004902][T14754] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1046.036945][T14754] usb 2-1: Product: syz [ 1046.062392][T14754] usb 2-1: Manufacturer: syz [ 1046.075074][T14754] usb 2-1: SerialNumber: syz [ 1046.108026][T14754] usb 2-1: config 0 descriptor?? [ 1046.492571][T14752] usb 3-1: new high-speed USB device number 110 using dummy_hcd [ 1046.552439][ T5930] usb 6-1: new full-speed USB device number 31 using dummy_hcd [ 1046.615399][T19890] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1046.649854][T19890] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1046.661055][T14752] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1046.671896][T14752] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1046.699023][T14752] usb 3-1: config 0 descriptor?? [ 1046.712088][T14752] cp210x 3-1:0.0: cp210x converter detected [ 1046.721693][ T5930] usb 6-1: config 0 has an invalid interface number: 206 but max is 1 [ 1046.747086][ T5930] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1046.774074][ T5930] usb 6-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1046.793397][T14754] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 1046.811953][ T5930] usb 6-1: config 0 has no interface number 0 [ 1046.819751][T14754] gspca_sunplus: reg_w_riv err -71 [ 1046.832361][T14754] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 1046.840596][ T5930] usb 6-1: config 0 interface 206 altsetting 2 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 1046.869832][T14754] usb 2-1: USB disconnect, device number 40 [ 1046.886322][ T5930] usb 6-1: config 0 interface 206 altsetting 2 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 1046.939961][ T5930] usb 6-1: config 0 interface 206 altsetting 2 endpoint 0x8C has invalid maxpacket 30768, setting to 64 [ 1046.973413][ T5930] usb 6-1: config 0 interface 206 altsetting 2 has 5 endpoint descriptors, different from the interface descriptor's value: 7 [ 1046.987361][ T5930] usb 6-1: config 0 interface 206 has no altsetting 0 [ 1047.080677][T19917] FAULT_INJECTION: forcing a failure. [ 1047.080677][T19917] name failslab, interval 1, probability 0, space 0, times 0 [ 1047.109678][T19917] CPU: 1 UID: 0 PID: 19917 Comm: syz.2.3659 Not tainted syzkaller #0 PREEMPT(full) [ 1047.109709][T19917] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1047.109723][T19917] Call Trace: [ 1047.109732][T19917] [ 1047.109744][T19917] dump_stack_lvl+0x189/0x250 [ 1047.109775][T19917] ? __pfx____ratelimit+0x10/0x10 [ 1047.109801][T19917] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1047.109825][T19917] ? __pfx__printk+0x10/0x10 [ 1047.109851][T19917] ? __pfx___might_resched+0x10/0x10 [ 1047.109876][T19917] ? fs_reclaim_acquire+0x7d/0x100 [ 1047.109915][T19917] should_fail_ex+0x414/0x560 [ 1047.109948][T19917] should_failslab+0xa8/0x100 [ 1047.109972][T19917] kmem_cache_alloc_noprof+0x74/0x6e0 [ 1047.110004][T19917] ? fuse_get_req+0x7b9/0x10b0 [ 1047.110044][T19917] fuse_get_req+0x7b9/0x10b0 [ 1047.110079][T19917] ? stack_depot_save_flags+0x40/0x860 [ 1047.110120][T19917] ? __pfx_fuse_get_req+0x10/0x10 [ 1047.110151][T19917] ? fuse_readdir+0x1473/0x2bc0 [ 1047.110183][T19917] ? iterate_dir+0x396/0x570 [ 1047.110209][T19917] ? __se_sys_getdents64+0xe4/0x260 [ 1047.110237][T19917] ? do_syscall_64+0xfa/0xfa0 [ 1047.110273][T19917] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1047.110312][T19917] __fuse_simple_request+0x2bb/0x1bb0 [ 1047.110363][T19917] ? __pfx___fuse_simple_request+0x10/0x10 [ 1047.110416][T19917] ? rcu_is_watching+0x15/0xb0 [ 1047.110443][T19917] ? trace_kmalloc+0x1f/0xd0 [ 1047.110471][T19917] ? __kvmalloc_node_noprof+0x5ed/0x910 [ 1047.110507][T19917] ? fuse_readdir+0x1473/0x2bc0 [ 1047.110538][T19917] ? fuse_read_args_fill+0x34/0x340 [ 1047.110576][T19917] fuse_readdir+0x1776/0x2bc0 [ 1047.110608][T19917] ? __lock_acquire+0xab9/0xd20 [ 1047.110647][T19917] ? __lock_acquire+0xab9/0xd20 [ 1047.110680][T19917] ? __lock_acquire+0xab9/0xd20 [ 1047.110711][T19917] ? __pfx_fuse_readdir+0x10/0x10 [ 1047.110755][T19917] ? aa_file_perm+0x13a/0x1550 [ 1047.110792][T19917] ? aa_file_perm+0x13a/0x1550 [ 1047.110825][T19917] ? aa_file_perm+0x44d/0x1550 [ 1047.110862][T19917] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1047.110893][T19917] ? look_up_lock_class+0x74/0x170 [ 1047.110926][T19917] ? register_lock_class+0x51/0x320 [ 1047.110985][T19917] ? down_read_killable+0x1d1/0x350 [ 1047.111024][T19917] iterate_dir+0x396/0x570 [ 1047.111058][T19917] __se_sys_getdents64+0xe4/0x260 [ 1047.111091][T19917] ? __pfx___se_sys_getdents64+0x10/0x10 [ 1047.111118][T19917] ? ksys_write+0x22a/0x250 [ 1047.111145][T19917] ? __pfx_filldir64+0x10/0x10 [ 1047.111178][T19917] ? __pfx_ksys_write+0x10/0x10 [ 1047.111214][T19917] ? do_syscall_64+0xbe/0xfa0 [ 1047.111247][T19917] do_syscall_64+0xfa/0xfa0 [ 1047.111284][T19917] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1047.111306][T19917] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1047.111329][T19917] ? clear_bhb_loop+0x60/0xb0 [ 1047.111357][T19917] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1047.111378][T19917] RIP: 0033:0x7fbf0158eec9 [ 1047.111398][T19917] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1047.111418][T19917] RSP: 002b:00007fbf02361038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d9 [ 1047.111442][T19917] RAX: ffffffffffffffda RBX: 00007fbf017e6090 RCX: 00007fbf0158eec9 [ 1047.111458][T19917] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000006 [ 1047.111472][T19917] RBP: 00007fbf02361090 R08: 0000000000000000 R09: 0000000000000000 [ 1047.111485][T19917] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1047.111497][T19917] R13: 00007fbf017e6128 R14: 00007fbf017e6090 R15: 00007fbf0190fa28 [ 1047.111534][T19917] [ 1047.111661][ T5930] usb 6-1: New USB device found, idVendor=0499, idProduct=1007, bcdDevice=df.8f [ 1047.492357][T14752] usb 3-1: cp210x converter now attached to ttyUSB0 [ 1047.541170][T19919] loop6: detected capacity change from 0 to 7 [ 1047.601363][T19467] Dev loop6: unable to read RDB block 7 [ 1047.610138][T19467] loop6: unable to read partition table [ 1047.635104][T19467] loop6: partition table beyond EOD, truncated [ 1047.654836][T19919] Dev loop6: unable to read RDB block 7 [ 1047.660621][T19919] loop6: unable to read partition table [ 1047.667583][T19919] loop6: partition table beyond EOD, truncated [ 1047.682288][T19919] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 1047.727220][ T5930] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1047.777325][ T5930] usb 6-1: Product: syz [ 1047.808637][ T5930] usb 6-1: Manufacturer: syz [ 1047.825319][ T5930] usb 6-1: SerialNumber: syz [ 1047.854435][ T5930] usb 6-1: config 0 descriptor?? [ 1047.870928][T19897] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 1048.097425][T19897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1048.111314][T19897] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1048.132248][T15475] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 1048.163928][T19897] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1048.182742][T19897] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1048.215818][ T5930] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1048.279168][ T5930] usb 6-1: USB disconnect, device number 31 [ 1048.294162][T15475] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1048.309514][T15475] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1048.327268][T15475] usb 2-1: config 0 descriptor?? [ 1048.355832][T15475] cp210x 2-1:0.0: cp210x converter detected [ 1048.401871][T19931] udevd[19931]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.206/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1049.068203][T19939] ALSA: mixer_oss: invalid OSS volume 'IG' [ 1049.195291][T15475] usb 2-1: cp210x converter now attached to ttyUSB1 [ 1049.278399][T15475] usb 3-1: USB disconnect, device number 110 [ 1049.289141][T15475] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1049.309291][T15475] cp210x 3-1:0.0: device disconnected [ 1049.732281][T15475] usb 3-1: new high-speed USB device number 111 using dummy_hcd [ 1049.936997][T15475] usb 3-1: Using ep0 maxpacket: 8 [ 1049.952614][T15475] usb 3-1: config index 0 descriptor too short (expected 30, got 18) [ 1049.966006][T15475] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 1049.975376][T15475] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1049.985178][T15475] usb 3-1: Product: syz [ 1049.990276][T15475] usb 3-1: Manufacturer: syz [ 1049.995375][T15475] usb 3-1: SerialNumber: syz [ 1050.062558][T15475] usb 3-1: config 0 descriptor?? [ 1050.079279][T15475] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 1050.088077][T15475] usb 3-1: setting power ON [ 1050.097488][T15475] dvb-usb: bulk message failed: -22 (2/0) [ 1050.114824][T15475] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1050.144921][T15475] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 1050.155897][T15475] usb 3-1: media controller created [ 1050.219136][T15475] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1050.258693][T15475] usb 3-1: selecting invalid altsetting 6 [ 1050.283163][T15475] usb 3-1: digital interface selection failed (-22) [ 1050.294886][T15475] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 1050.309870][T15475] usb 3-1: setting power OFF [ 1050.350157][T15475] dvb-usb: bulk message failed: -22 (2/0) [ 1050.357170][T15475] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 1050.366680][T15475] (NULL device *): no alternate interface [ 1050.415422][T15475] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 1050.449070][T15475] usb 3-1: USB disconnect, device number 111 [ 1051.086802][T15466] usb 2-1: USB disconnect, device number 41 [ 1051.102809][T15466] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1 [ 1051.209118][T15466] cp210x 2-1:0.0: device disconnected [ 1051.246033][T19972] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3680'. [ 1051.259105][T19972] random: crng reseeded on system resumption [ 1051.410465][T15475] usb 3-1: new full-speed USB device number 112 using dummy_hcd [ 1051.664304][T15475] usb 3-1: config 0 has an invalid interface number: 206 but max is 1 [ 1051.672900][T15475] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1051.726932][T15475] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1051.746855][ T5825] Bluetooth: hci1: command 0x0406 tx timeout [ 1051.791445][T15475] usb 3-1: config 0 has no interface number 0 [ 1051.808499][T15475] usb 3-1: config 0 interface 206 altsetting 2 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 1051.821829][ T30] audit: type=1326 audit(1760149478.826:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19984 comm="syz.1.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c838eec9 code=0x7ffc0000 [ 1051.863225][T15475] usb 3-1: config 0 interface 206 altsetting 2 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 1051.874957][T15475] usb 3-1: config 0 interface 206 altsetting 2 endpoint 0x8C has invalid maxpacket 30768, setting to 64 [ 1051.892279][T15475] usb 3-1: config 0 interface 206 altsetting 2 has 5 endpoint descriptors, different from the interface descriptor's value: 7 [ 1052.093452][T15475] usb 3-1: config 0 interface 206 has no altsetting 0 [ 1052.093487][ T30] audit: type=1326 audit(1760149478.826:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19984 comm="syz.1.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c838eec9 code=0x7ffc0000 [ 1052.173120][T15475] usb 3-1: New USB device found, idVendor=0499, idProduct=1007, bcdDevice=df.8f [ 1052.454951][T15475] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1052.477015][T15475] usb 3-1: Product: syz [ 1052.477047][ T30] audit: type=1326 audit(1760149478.826:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19984 comm="syz.1.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f03c838eec9 code=0x7ffc0000 [ 1052.513152][T15475] usb 3-1: Manufacturer: syz [ 1052.522538][T15475] usb 3-1: SerialNumber: syz [ 1052.542867][T15475] usb 3-1: config 0 descriptor?? [ 1052.554915][T19969] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1052.591767][ T30] audit: type=1326 audit(1760149478.876:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19984 comm="syz.1.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c838eec9 code=0x7ffc0000 [ 1052.615156][ T30] audit: type=1326 audit(1760149478.876:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19984 comm="syz.1.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=49 compat=0 ip=0x7f03c838eec9 code=0x7ffc0000 [ 1052.653159][T20001] ALSA: mixer_oss: invalid OSS volume 'IG' [ 1052.666501][ T30] audit: type=1326 audit(1760149478.876:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19984 comm="syz.1.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f03c838eec9 code=0x7ffc0000 [ 1052.689091][ C1] vkms_vblank_simulate: vblank timer overrun [ 1052.749109][ T30] audit: type=1326 audit(1760149478.876:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19984 comm="syz.1.3683" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f03c838eec9 code=0x7ffc0000 [ 1052.790286][T19969] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1052.799247][T19969] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1052.845309][T15475] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1052.856438][ T30] audit: type=1326 audit(1760149479.206:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19984 comm="syz.1.3683" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f03c838eec9 code=0x0 [ 1053.047322][T15475] usb 3-1: USB disconnect, device number 112 [ 1053.195983][T19471] udevd[19471]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.206/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1054.303321][T20018] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3693'. [ 1055.893154][ T856] usb 1-1: new full-speed USB device number 73 using dummy_hcd [ 1056.054075][ T856] usb 1-1: config 0 has an invalid interface number: 206 but max is 1 [ 1056.066514][ T856] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1056.118026][ T856] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 1056.157680][ T856] usb 1-1: config 0 has no interface number 0 [ 1056.169692][ T856] usb 1-1: config 0 interface 206 altsetting 2 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 1056.194936][ T856] usb 1-1: config 0 interface 206 altsetting 2 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 1056.216372][ T856] usb 1-1: config 0 interface 206 altsetting 2 endpoint 0x8C has invalid maxpacket 30768, setting to 64 [ 1056.262944][ T856] usb 1-1: config 0 interface 206 altsetting 2 has 5 endpoint descriptors, different from the interface descriptor's value: 7 [ 1056.318935][ T856] usb 1-1: config 0 interface 206 has no altsetting 0 [ 1056.338107][ T856] usb 1-1: New USB device found, idVendor=0499, idProduct=1007, bcdDevice=df.8f [ 1056.350572][ T856] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1056.359084][ T856] usb 1-1: Product: syz [ 1056.370168][ T856] usb 1-1: Manufacturer: syz [ 1056.381668][ T856] usb 1-1: SerialNumber: syz [ 1056.399775][ T856] usb 1-1: config 0 descriptor?? [ 1056.424229][T20040] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1056.638847][T20040] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1056.653520][T20046] ALSA: mixer_oss: invalid OSS volume 'IG' [ 1056.666553][T20040] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1056.894964][ T856] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1057.067257][ T856] usb 1-1: USB disconnect, device number 73 [ 1057.154422][T19594] udevd[19594]: setting mode of /dev/mixer3 to 020660 failed: No such file or directory [ 1057.236176][T19471] udevd[19471]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.206/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1057.277964][T19594] udevd[19594]: setting owner of /dev/mixer3 to uid=0, gid=29 failed: No such file or directory [ 1057.797701][T20064] netlink: 'syz.2.3707': attribute type 27 has an invalid length. [ 1057.817036][T20064] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3707'. [ 1057.827698][T20064] bond0: option tlb_dynamic_lb: mode dependency failed, not supported in mode balance-rr(0) [ 1059.196418][T20088] vlan0: entered promiscuous mode [ 1059.919105][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1059.925669][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1061.059181][T20120] netlink: 'syz.2.3725': attribute type 4 has an invalid length. [ 1061.107273][T20120] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3725'. [ 1061.825786][T20133] netlink: 'syz.4.3728': attribute type 9 has an invalid length. [ 1061.833794][T20133] netlink: 'syz.4.3728': attribute type 6 has an invalid length. [ 1061.841754][T20133] netlink: 'syz.4.3728': attribute type 7 has an invalid length. [ 1061.849683][T20133] netlink: 'syz.4.3728': attribute type 8 has an invalid length. [ 1061.882583][T14754] usb 3-1: new high-speed USB device number 113 using dummy_hcd [ 1062.032311][T14754] usb 3-1: device descriptor read/64, error -71 [ 1062.184467][T20135] FAULT_INJECTION: forcing a failure. [ 1062.184467][T20135] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1062.197930][T20135] CPU: 0 UID: 0 PID: 20135 Comm: syz.5.3730 Not tainted syzkaller #0 PREEMPT(full) [ 1062.198002][T20135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1062.198018][T20135] Call Trace: [ 1062.198029][T20135] [ 1062.198039][T20135] dump_stack_lvl+0x189/0x250 [ 1062.198068][T20135] ? __pfx____ratelimit+0x10/0x10 [ 1062.198096][T20135] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1062.198118][T20135] ? __pfx__printk+0x10/0x10 [ 1062.198144][T20135] should_fail_ex+0x414/0x560 [ 1062.198168][T20135] _copy_to_user+0x31/0xb0 [ 1062.198187][T20135] simple_read_from_buffer+0xe1/0x170 [ 1062.198216][T20135] proc_fail_nth_read+0x1b3/0x220 [ 1062.198239][T20135] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1062.198262][T20135] ? rw_verify_area+0x2a6/0x4d0 [ 1062.198283][T20135] ? __lock_acquire+0xab9/0xd20 [ 1062.198297][T20135] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1062.198318][T20135] vfs_read+0x1fd/0xa30 [ 1062.198339][T20135] ? fdget_pos+0x247/0x320 [ 1062.198366][T20135] ? __pfx___mutex_lock+0x10/0x10 [ 1062.198398][T20135] ? __pfx_vfs_read+0x10/0x10 [ 1062.198425][T20135] ? __fget_files+0x2a/0x420 [ 1062.198443][T20135] ? __fget_files+0x3a0/0x420 [ 1062.198457][T20135] ? __fget_files+0x2a/0x420 [ 1062.198478][T20135] ksys_read+0x145/0x250 [ 1062.198501][T20135] ? __pfx_ksys_read+0x10/0x10 [ 1062.198526][T20135] ? do_syscall_64+0xbe/0xfa0 [ 1062.198550][T20135] do_syscall_64+0xfa/0xfa0 [ 1062.198569][T20135] ? lockdep_hardirqs_on+0x9c/0x150 [ 1062.198590][T20135] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1062.198605][T20135] ? clear_bhb_loop+0x60/0xb0 [ 1062.198625][T20135] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1062.198641][T20135] RIP: 0033:0x7fd70df8d8dc [ 1062.198655][T20135] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1062.198670][T20135] RSP: 002b:00007fd70eeeb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1062.198687][T20135] RAX: ffffffffffffffda RBX: 00007fd70e1e5fa0 RCX: 00007fd70df8d8dc [ 1062.198700][T20135] RDX: 000000000000000f RSI: 00007fd70eeeb0a0 RDI: 0000000000000003 [ 1062.198710][T20135] RBP: 00007fd70eeeb090 R08: 0000000000000000 R09: 0000000000000000 [ 1062.198720][T20135] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1062.198730][T20135] R13: 00007fd70e1e6038 R14: 00007fd70e1e5fa0 R15: 00007fd70e30fa28 [ 1062.198755][T20135] [ 1062.682447][T14754] usb 3-1: new high-speed USB device number 114 using dummy_hcd [ 1062.742887][T20138] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3732'. [ 1062.823285][T14754] usb 3-1: device descriptor read/64, error -71 [ 1062.932830][T14754] usb usb3-port1: attempt power cycle [ 1063.282343][T14754] usb 3-1: new high-speed USB device number 115 using dummy_hcd [ 1063.554099][T14754] usb 3-1: device descriptor read/8, error -71 [ 1063.832279][T14754] usb 3-1: new high-speed USB device number 116 using dummy_hcd [ 1063.881371][T14754] usb 3-1: device descriptor read/8, error -71 [ 1064.002909][T14754] usb usb3-port1: unable to enumerate USB device [ 1064.117361][T20163] random: crng reseeded on system resumption [ 1064.691719][T20176] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3743'. [ 1065.370896][T20192] netlink: 36 bytes leftover after parsing attributes in process `syz.1.3747'. [ 1065.410893][T20193] random: crng reseeded on system resumption [ 1067.144057][T20209] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3748'. [ 1067.819465][T20212] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1067.839153][T20216] vim2m vim2m.0: vidioc_s_fmt queue busy [ 1070.550552][T20244] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3756'. [ 1070.717587][T20247] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1070.732434][T20247] netlink: 'syz.0.3757': attribute type 27 has an invalid length. [ 1071.537369][T20255] random: crng reseeded on system resumption [ 1072.332271][T15475] usb 3-1: new high-speed USB device number 117 using dummy_hcd [ 1072.494576][T15475] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1072.505681][T15475] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1072.516554][T15475] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1072.531627][T15475] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1072.545335][T15475] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1072.565143][T15475] usb 3-1: config 0 descriptor?? [ 1072.781615][T20271] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1072.872750][T20271] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1073.276015][T15475] plantronics 0003:047F:FFFF.0014: item fetching failed at offset 11/15 [ 1073.303151][T15475] plantronics 0003:047F:FFFF.0014: parse failed [ 1073.309581][T15475] plantronics 0003:047F:FFFF.0014: probe with driver plantronics failed with error -22 [ 1073.322429][ T5930] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 1073.611224][T20305] ptrace attach of "./syz-executor exec"[20306] was attempted by "./syz-executor exec"[20305] [ 1073.634498][ T5930] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1073.682342][T20304] netlink: 'syz.1.3775': attribute type 4 has an invalid length. [ 1073.703642][T20304] netlink: 'syz.1.3775': attribute type 4 has an invalid length. [ 1073.707881][ T5930] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1073.846785][ T5930] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1073.868345][ T5930] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1073.916901][T20294] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1073.961821][ T5930] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1074.251106][T20294] fuse: Unknown parameter '0x0000000000000008' [ 1075.208245][T20317] macsec0: entered promiscuous mode [ 1075.260677][T15466] usb 3-1: USB disconnect, device number 117 [ 1075.595253][T20322] vlan2: entered promiscuous mode [ 1075.595275][T20322] macvlan1: entered promiscuous mode [ 1076.360073][T20329] fanotify: failed to encode fid (type=0, len=0, err=-2) [ 1077.744154][T15475] usb 1-1: USB disconnect, device number 74 [ 1078.342280][T15466] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 1078.534797][T15466] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1078.545673][T15466] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1078.556446][T15466] usb 1-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1078.566511][T15466] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1078.578558][T15466] usb 1-1: SerialNumber: syz [ 1078.816534][T15466] usb 1-1: 0:2 : does not exist [ 1078.821484][T15466] usb 1-1: unit 5 not found! [ 1078.881044][T15466] usb 1-1: USB disconnect, device number 75 [ 1079.462582][T20364] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3790'. [ 1079.554025][T14739] IPVS: starting estimator thread 0... [ 1079.706587][T20367] IPVS: using max 37 ests per chain, 88800 per kthread [ 1080.472400][T14739] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 1081.353615][T14739] usb 2-1: Using ep0 maxpacket: 32 [ 1081.433013][T14739] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1081.511072][T14739] usb 2-1: config 0 has no interface number 0 [ 1081.583308][T14739] usb 2-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 1081.710521][T14739] usb 2-1: config 0 interface 1 has no altsetting 0 [ 1081.749639][T14739] usb 2-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 1081.768527][T20377] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3795'. [ 1081.791827][T14739] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1081.818494][T14739] usb 2-1: Product: syz [ 1081.838193][T14739] usb 2-1: Manufacturer: syz [ 1081.858214][T14739] usb 2-1: SerialNumber: syz [ 1081.911969][T14739] usb 2-1: config 0 descriptor?? [ 1082.215899][T14739] cx231xx 2-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 1082.251615][T14739] cx231xx 2-1:0.1: Not found matching IAD interface [ 1082.284545][T14739] usb 2-1: USB disconnect, device number 42 [ 1082.897954][T20399] netlink: 'syz.2.3802': attribute type 46 has an invalid length. [ 1082.907420][T20399] netlink: 55 bytes leftover after parsing attributes in process `syz.2.3802'. [ 1083.066715][T20405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1083.151907][T20409] netlink: 'syz.0.3804': attribute type 27 has an invalid length. [ 1083.234445][T14739] usb 2-1: new full-speed USB device number 43 using dummy_hcd [ 1083.362553][ T856] usb 3-1: new high-speed USB device number 118 using dummy_hcd [ 1083.394760][T14739] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 1083.404939][T14739] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 1083.421549][T14739] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1083.435182][T14739] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 1083.449430][T14739] usb 2-1: config 1 has no interface number 0 [ 1083.460549][T14739] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1083.470022][T14739] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1083.523549][ T856] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1083.538968][ T856] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1083.570853][T14739] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 1083.595705][ T856] usb 3-1: config 0 descriptor?? [ 1083.613541][ T856] cp210x 3-1:0.0: cp210x converter detected [ 1083.909096][T20412] kvm: pic: level sensitive irq not supported [ 1083.917628][T20412] kvm: pic: non byte read [ 1083.965102][T20412] kvm: pic: level sensitive irq not supported [ 1083.965177][T20412] kvm: pic: non byte read [ 1083.987596][ T856] usb 3-1: cp210x converter now attached to ttyUSB0 [ 1084.023859][T20412] kvm: pic: level sensitive irq not supported [ 1084.023932][T20412] kvm: pic: non byte read [ 1084.187010][ T5905] usb 3-1: USB disconnect, device number 118 [ 1084.197262][ T5905] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1084.206033][ T5905] cp210x 3-1:0.0: device disconnected [ 1084.243752][T14739] snd_usb_pod 2-1:1.1: set_interface failed [ 1084.264989][T14739] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 1084.287289][T14739] snd_usb_pod 2-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 1084.313192][T14739] usb 2-1: USB disconnect, device number 43 [ 1084.769243][T20439] sctp: [Deprecated]: syz.1.3812 (pid 20439) Use of int in maxseg socket option. [ 1084.769243][T20439] Use struct sctp_assoc_value instead [ 1084.849563][T20439] xt_bpf: check failed: parse error [ 1085.145782][T20447] sch_tbf: burst 0 is lower than device bond0 mtu (1514) ! [ 1085.556271][T20453] FAULT_INJECTION: forcing a failure. [ 1085.556271][T20453] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1085.572875][T20453] CPU: 0 UID: 0 PID: 20453 Comm: syz.0.3818 Not tainted syzkaller #0 PREEMPT(full) [ 1085.572898][T20453] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1085.572910][T20453] Call Trace: [ 1085.572916][T20453] [ 1085.572924][T20453] dump_stack_lvl+0x189/0x250 [ 1085.572945][T20453] ? __pfx____ratelimit+0x10/0x10 [ 1085.572965][T20453] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1085.572982][T20453] ? __pfx__printk+0x10/0x10 [ 1085.572999][T20453] ? __might_fault+0xb0/0x130 [ 1085.573037][T20453] should_fail_ex+0x414/0x560 [ 1085.573061][T20453] _copy_from_user+0x2d/0xb0 [ 1085.573078][T20453] ___sys_recvmsg+0x12e/0x510 [ 1085.573104][T20453] ? __pfx____sys_recvmsg+0x10/0x10 [ 1085.573142][T20453] ? __fget_files+0x3a0/0x420 [ 1085.573169][T20453] __x64_sys_recvmsg+0x198/0x260 [ 1085.573191][T20453] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 1085.573219][T20453] ? __pfx_ksys_write+0x10/0x10 [ 1085.573244][T20453] ? do_syscall_64+0xbe/0xfa0 [ 1085.573268][T20453] do_syscall_64+0xfa/0xfa0 [ 1085.573290][T20453] ? lockdep_hardirqs_on+0x9c/0x150 [ 1085.573310][T20453] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1085.573325][T20453] ? clear_bhb_loop+0x60/0xb0 [ 1085.573344][T20453] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1085.573359][T20453] RIP: 0033:0x7fce7478eec9 [ 1085.573374][T20453] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1085.573388][T20453] RSP: 002b:00007fce729f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 1085.573406][T20453] RAX: ffffffffffffffda RBX: 00007fce749e5fa0 RCX: 00007fce7478eec9 [ 1085.573418][T20453] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000000000000007 [ 1085.573430][T20453] RBP: 00007fce729f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1085.573445][T20453] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1085.573459][T20453] R13: 00007fce749e6038 R14: 00007fce749e5fa0 R15: 00007fce74b0fa28 [ 1085.573493][T20453] [ 1086.603206][T20471] netlink: 64 bytes leftover after parsing attributes in process `syz.4.3821'. [ 1086.838422][T20470] vim2m vim2m.0: vidioc_s_fmt queue busy [ 1086.958582][T20471] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1088.104108][T20484] sch_tbf: burst 0 is lower than device bond0 mtu (1514) ! [ 1088.496341][T20492] ALSA: mixer_oss: invalid OSS volume 'IG' [ 1088.672332][T20497] netlink: 100 bytes leftover after parsing attributes in process `syz.1.3831'. [ 1089.776864][T20521] netlink: 72 bytes leftover after parsing attributes in process `syz.2.3835'. [ 1090.564712][T20538] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3841'. [ 1091.020520][T20544] ALSA: mixer_oss: invalid OSS volume 'IG' [ 1092.453010][T20565] netlink: 'syz.5.3851': attribute type 4 has an invalid length. [ 1092.482220][ T856] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 1092.654281][ T856] usb 1-1: config index 0 descriptor too short (expected 126, got 72) [ 1092.671977][ T856] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1092.692296][ T856] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1092.718309][ T856] usb 1-1: Product: syz [ 1092.742166][ T856] usb 1-1: Manufacturer: syz [ 1092.746989][ T856] usb 1-1: SerialNumber: syz [ 1092.790799][ T856] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1092.818899][T14739] usb 1-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1092.869596][T20576] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3856'. [ 1093.294981][T14754] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 1093.302422][ T856] usb 1-1: USB disconnect, device number 76 [ 1093.483001][T14754] usb 2-1: Using ep0 maxpacket: 8 [ 1093.491542][T14754] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1093.507909][T14754] usb 2-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 1093.519114][T14754] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1093.538374][T14754] usb 2-1: Product: syz [ 1093.548113][T14754] usb 2-1: Manufacturer: syz [ 1093.556268][T14754] usb 2-1: SerialNumber: syz [ 1093.565428][T14754] usb 2-1: config 0 descriptor?? [ 1093.574700][T14754] streamzap 2-1:0.0: streamzap_probe: Unexpected desc.bNumEndpoints (0) [ 1093.846748][T14754] usb 2-1: USB disconnect, device number 44 [ 1093.906192][T14739] ath9k_htc 1-1:1.0: ath9k_htc: Target is unresponsive [ 1093.915257][T14739] ath9k_htc: Failed to initialize the device [ 1093.922385][ T856] usb 1-1: ath9k_htc: USB layer deinitialized [ 1094.086262][T20610] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3864'. [ 1094.252228][ T856] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 1094.382273][ T856] usb 1-1: device descriptor read/64, error -71 [ 1094.622742][ T856] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 1095.214832][ T856] usb 1-1: device descriptor read/64, error -71 [ 1095.268623][T20615] netlink: 20 bytes leftover after parsing attributes in process `syz.1.3865'. [ 1095.453397][ T856] usb usb1-port1: attempt power cycle [ 1095.802311][ T856] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 1095.822966][ T856] usb 1-1: device descriptor read/8, error -71 [ 1096.028476][T20623] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3868'. [ 1096.068572][T20623] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3868'. [ 1096.083903][ T856] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 1096.113653][ T856] usb 1-1: device descriptor read/8, error -71 [ 1096.168131][T20628] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3871'. [ 1096.206183][T15475] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 1096.252715][ T856] usb usb1-port1: unable to enumerate USB device [ 1096.301316][T20630] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3870'. [ 1096.392487][T15475] usb 6-1: device descriptor read/64, error -71 [ 1096.400873][T20631] random: crng reseeded on system resumption [ 1096.550341][T20628] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1096.671264][T15475] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 1096.808439][T20642] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3873'. [ 1096.817618][T20642] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3873'. [ 1096.832296][T15475] usb 6-1: device descriptor read/64, error -71 [ 1097.117172][T15475] usb usb6-port1: attempt power cycle [ 1097.740139][T15475] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 1097.813639][T15475] usb 6-1: device descriptor read/8, error -71 [ 1098.112248][T15475] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 1098.165132][T15475] usb 6-1: device descriptor read/8, error -71 [ 1098.272627][T15475] usb usb6-port1: unable to enumerate USB device [ 1098.295805][T20655] x_tables: ip6_tables: mh match: only valid for protocol 135 [ 1099.376316][T20669] x_tables: ip6_tables: rpfilter match: used from hooks INPUT, but only valid from PREROUTING [ 1099.667919][ T5930] usb 6-1: new full-speed USB device number 36 using dummy_hcd [ 1099.832283][ T5930] usb 6-1: device descriptor read/64, error -71 [ 1100.192394][ T5930] usb 6-1: new full-speed USB device number 37 using dummy_hcd [ 1100.325471][ T5930] usb 6-1: device descriptor read/64, error -71 [ 1100.432617][ T5930] usb usb6-port1: attempt power cycle [ 1100.522219][T15466] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 1100.683968][T15466] usb 1-1: config 0 has an invalid interface number: 64 but max is 0 [ 1100.713906][T20688] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3886'. [ 1100.751293][T15466] usb 1-1: config 0 has no interface number 0 [ 1100.772504][T15466] usb 1-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice= 0.07 [ 1100.792840][T15466] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1100.803009][ T5930] usb 6-1: new full-speed USB device number 38 using dummy_hcd [ 1100.812287][T15466] usb 1-1: Product: syz [ 1100.816566][T15466] usb 1-1: Manufacturer: syz [ 1100.821189][T15466] usb 1-1: SerialNumber: syz [ 1100.842947][ T5930] usb 6-1: device descriptor read/8, error -71 [ 1100.865680][T15466] usb 1-1: config 0 descriptor?? [ 1100.992383][T14754] usb 3-1: new high-speed USB device number 119 using dummy_hcd [ 1101.082476][ T5930] usb 6-1: new full-speed USB device number 39 using dummy_hcd [ 1101.104424][ T5930] usb 6-1: device descriptor read/8, error -71 [ 1101.116588][T15466] uvcvideo 1-1:0.64: Found UVC 0.08 device syz (046d:0823) [ 1101.124132][T15466] uvcvideo 1-1:0.64: No valid video chain found. [ 1101.133049][T15466] usb 1-1: USB disconnect, device number 81 [ 1101.169432][T14754] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1101.179601][T14754] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1101.201440][T14754] usb 3-1: New USB device found, idVendor=5543, idProduct=0047, bcdDevice= 0.00 [ 1101.223792][ T5930] usb usb6-port1: unable to enumerate USB device [ 1101.236342][T14754] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1101.263243][T14754] usb 3-1: config 0 descriptor?? [ 1101.975215][T20703] sch_tbf: burst 3 is lower than device bond0 mtu (1514) ! [ 1102.689772][T20707] xt_cgroup: xt_cgroup: no path or classid specified [ 1103.069224][T20713] FAULT_INJECTION: forcing a failure. [ 1103.069224][T20713] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1103.108998][T20713] CPU: 1 UID: 0 PID: 20713 Comm: syz.1.3895 Not tainted syzkaller #0 PREEMPT(full) [ 1103.109022][T20713] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1103.109035][T20713] Call Trace: [ 1103.109044][T20713] [ 1103.109054][T20713] dump_stack_lvl+0x189/0x250 [ 1103.109085][T20713] ? __pfx____ratelimit+0x10/0x10 [ 1103.109112][T20713] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1103.109133][T20713] ? __pfx__printk+0x10/0x10 [ 1103.109159][T20713] should_fail_ex+0x414/0x560 [ 1103.109182][T20713] _copy_to_user+0x31/0xb0 [ 1103.109209][T20713] put_user_ifreq+0x6b/0xd0 [ 1103.109241][T20713] sock_do_ioctl+0x25b/0x300 [ 1103.109275][T20713] ? __pfx_sock_do_ioctl+0x10/0x10 [ 1103.109311][T20713] sock_ioctl+0x576/0x790 [ 1103.109336][T20713] ? __pfx_sock_ioctl+0x10/0x10 [ 1103.109373][T20713] ? __fget_files+0x3a0/0x420 [ 1103.109392][T20713] ? __fget_files+0x2a/0x420 [ 1103.109415][T20713] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1103.109437][T20713] ? __pfx_sock_ioctl+0x10/0x10 [ 1103.109459][T20713] __se_sys_ioctl+0xf9/0x170 [ 1103.109481][T20713] do_syscall_64+0xfa/0xfa0 [ 1103.109507][T20713] ? lockdep_hardirqs_on+0x9c/0x150 [ 1103.109536][T20713] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1103.109564][T20713] ? clear_bhb_loop+0x60/0xb0 [ 1103.109587][T20713] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1103.109603][T20713] RIP: 0033:0x7f03c838eec9 [ 1103.109618][T20713] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1103.109632][T20713] RSP: 002b:00007f03c9271038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1103.109654][T20713] RAX: ffffffffffffffda RBX: 00007f03c85e5fa0 RCX: 00007f03c838eec9 [ 1103.109672][T20713] RDX: 0000200000000040 RSI: 0000000000008933 RDI: 0000000000000003 [ 1103.109687][T20713] RBP: 00007f03c9271090 R08: 0000000000000000 R09: 0000000000000000 [ 1103.109701][T20713] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1103.109714][T20713] R13: 00007f03c85e6038 R14: 00007f03c85e5fa0 R15: 00007f03c870fa28 [ 1103.109744][T20713] [ 1103.643255][T20723] vlan0: left promiscuous mode [ 1103.660497][T20723] macsec0: left promiscuous mode [ 1103.672430][T20724] random: crng reseeded on system resumption [ 1103.874924][T14754] usb 3-1: string descriptor 0 read error: -71 [ 1103.895764][T14754] uclogic 0003:5543:0047.0015: failed retrieving string descriptor #200: -71 [ 1103.914975][T14754] uclogic 0003:5543:0047.0015: failed retrieving pen parameters: -71 [ 1103.932905][T14754] uclogic 0003:5543:0047.0015: failed probing pen v2 parameters: -71 [ 1104.073531][T14754] uclogic 0003:5543:0047.0015: failed probing parameters: -71 [ 1104.099852][T14754] uclogic 0003:5543:0047.0015: probe with driver uclogic failed with error -71 [ 1104.139104][T14754] usb 3-1: USB disconnect, device number 119 [ 1104.153945][T20737] netlink: 'syz.1.3900': attribute type 6 has an invalid length. [ 1106.139065][T20772] tipc: Started in network mode [ 1106.162217][T20772] tipc: Node identity ac141441, cluster identity 4711 [ 1106.180047][T20772] tipc: Enabled bearer , priority 10 [ 1106.264220][T20775] trusted_key: encrypted_key: keylen parameter is missing [ 1106.881155][T20786] netlink: 36 bytes leftover after parsing attributes in process `syz.4.3910'. [ 1106.917921][T20786] random: crng reseeded on system resumption [ 1106.925226][T14739] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 1107.094207][T14739] usb 1-1: config 17 has an invalid descriptor of length 13, skipping remainder of the config [ 1107.104685][T15475] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 1107.112685][T14739] usb 1-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1107.179272][T14739] usb 1-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 1107.189491][T14739] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1107.295515][ T856] tipc: Node number set to 2886997057 [ 1107.345043][T15475] usb 3-1: Using ep0 maxpacket: 8 [ 1107.356270][T15475] usb 3-1: config 211 has too many interfaces: 130, using maximum allowed: 32 [ 1107.369706][T15475] usb 3-1: config 211 has an invalid descriptor of length 168, skipping remainder of the config [ 1107.390556][T14739] aiptek 1-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 1107.403966][T15475] usb 3-1: config 211 has 0 interfaces, different from the descriptor's value: 130 [ 1107.439725][T15475] usb 3-1: New USB device found, idVendor=0af0, idProduct=6811, bcdDevice=8e.06 [ 1107.449567][T15475] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1107.457706][T15475] usb 3-1: Product: syz [ 1107.462386][T15475] usb 3-1: Manufacturer: syz [ 1107.683065][T15475] usb 3-1: SerialNumber: syz [ 1108.002560][T15466] usb 2-1: new full-speed USB device number 45 using dummy_hcd [ 1108.258552][T15466] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1108.267371][T15466] usb 2-1: config 0 has no interface number 0 [ 1108.277535][T15466] usb 2-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 1108.298653][T15466] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1108.339687][T15466] usb 2-1: config 0 descriptor?? [ 1108.361769][T15466] usb 2-1: selecting invalid altsetting 1 [ 1108.369498][T15466] dvb_ttusb_budget: ttusb_init_controller: error [ 1108.376949][T15466] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 1108.401111][T20801] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3911'. [ 1108.430653][T20783] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3912'. [ 1108.477292][T15475] usb 3-1: USB disconnect, device number 120 [ 1108.498418][T20801] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3911'. [ 1108.830427][T15466] DVB: Unable to find symbol cx22700_attach() [ 1109.051153][T15466] DVB: Unable to find symbol tda10046_attach() [ 1109.071020][T15466] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 1109.351199][T20813] netlink: 36 bytes leftover after parsing attributes in process `syz.2.3915'. [ 1109.377479][T20813] random: crng reseeded on system resumption [ 1110.362010][T20828] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3916'. [ 1110.679551][ T5930] usb 2-1: USB disconnect, device number 45 [ 1111.158954][T20840] random: crng reseeded on system resumption [ 1111.270003][ T24] usb 1-1: USB disconnect, device number 82 [ 1112.213421][T20854] binder: 20853:20854 ioctl c0306201 2000000003c0 returned -14 [ 1112.222656][T20854] binder: 20853:20854 ioctl c0306201 2000000001c0 returned -14 [ 1112.392469][ T24] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 1112.762185][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 1112.776835][ T24] usb 6-1: config 211 has too many interfaces: 130, using maximum allowed: 32 [ 1112.791231][ T24] usb 6-1: config 211 has an invalid descriptor of length 168, skipping remainder of the config [ 1112.822058][ T24] usb 6-1: config 211 has 0 interfaces, different from the descriptor's value: 130 [ 1112.845579][ T24] usb 6-1: New USB device found, idVendor=0af0, idProduct=6811, bcdDevice=8e.06 [ 1112.862799][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1112.883462][ T24] usb 6-1: Product: syz [ 1112.893588][ T24] usb 6-1: Manufacturer: syz [ 1112.911556][ T24] usb 6-1: SerialNumber: syz [ 1113.166849][T20852] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3925'. [ 1113.176123][T14752] usb 3-1: new high-speed USB device number 121 using dummy_hcd [ 1113.203192][ T24] usb 6-1: USB disconnect, device number 40 [ 1113.332225][T14752] usb 3-1: Using ep0 maxpacket: 32 [ 1113.339786][T14752] usb 3-1: config 0 has no interfaces? [ 1113.349910][T14752] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1113.360483][T14752] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1113.381021][T14752] usb 3-1: config 0 descriptor?? [ 1113.541605][T20874] ALSA: mixer_oss: invalid OSS volume 'IG' [ 1114.026382][T20879] netlink: 'syz.4.3932': attribute type 1 has an invalid length. [ 1114.190588][T20879] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1114.311665][T20884] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1114.514059][T20883] erspan0: entered allmulticast mode [ 1114.572579][T20883] bond1: (slave erspan0): making interface the new active one [ 1114.593360][T20883] bond1: (slave erspan0): Enslaving as an active interface with an up link [ 1114.618287][T20887] sch_tbf: burst 3 is lower than device bond0 mtu (1514) ! [ 1115.189007][T20893] netlink: 48 bytes leftover after parsing attributes in process `syz.4.3934'. [ 1115.375036][T20898] netlink: 40 bytes leftover after parsing attributes in process `syz.1.3935'. [ 1115.874722][ T5930] usb 3-1: USB disconnect, device number 121 [ 1116.980262][T20920] sctp: [Deprecated]: syz.2.3940 (pid 20920) Use of int in maxseg socket option. [ 1116.980262][T20920] Use struct sctp_assoc_value instead [ 1117.011144][T20920] xt_bpf: check failed: parse error [ 1118.504568][T20929] ALSA: mixer_oss: invalid OSS volume 'IG' [ 1119.073392][T20937] xt_CT: No such helper "netbios-ns" [ 1119.092232][ T24] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 1119.246199][ T24] usb 2-1: config 0 has no interfaces? [ 1119.251955][ T24] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 1119.261648][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1119.284545][ T24] usb 2-1: config 0 descriptor?? [ 1119.504092][T20949] netlink: 'syz.2.3949': attribute type 27 has an invalid length. [ 1119.567093][T20949] bridge0: port 2(bridge_slave_1) entered disabled state [ 1119.574744][T20949] bridge0: port 1(bridge_slave_0) entered disabled state [ 1119.905015][T20957] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1119.924390][T20949] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1119.925435][T20957] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1119.940497][T20958] netlink: 36 bytes leftover after parsing attributes in process `syz.0.3950'. [ 1120.006566][T20949] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1120.039016][T20961] random: crng reseeded on system resumption [ 1120.222898][T20969] netlink: 'syz.4.3953': attribute type 27 has an invalid length. [ 1120.505973][T20960] sch_tbf: burst 3 is lower than device bond0 mtu (1514) ! [ 1120.809436][T20969] erspan0: left allmulticast mode [ 1120.968182][T20969] bridge0: port 2(bridge_slave_1) entered disabled state [ 1120.976016][T20969] bridge0: port 1(bridge_slave_0) entered disabled state [ 1121.347981][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1121.355873][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1121.391721][T20969] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1121.466154][T20969] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1121.806019][ T5930] usb 2-1: USB disconnect, device number 46 [ 1121.822568][T20969] vlan0: left promiscuous mode [ 1122.215816][T17492] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1122.444886][T17492] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1122.783407][T17492] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1122.814828][T17492] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1122.836254][T17492] netdevsim netdevsim4 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1122.855598][T17492] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1123.102499][T17492] netdevsim netdevsim4 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1123.111547][T17492] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1123.121699][T17492] netdevsim netdevsim4 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1123.132140][T17492] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1123.141125][T17492] netdevsim netdevsim4 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1123.150811][T17492] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1124.364017][T21035] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3965'. [ 1125.106109][T21054] binder: 21048:21054 ioctl c0306201 0 returned -14 [ 1125.532685][T21005] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 1125.730002][T21063] tipc: Enabled bearer , priority 10 [ 1125.813387][T21005] usb 1-1: Using ep0 maxpacket: 8 [ 1125.823688][T21005] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1125.834315][T21005] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1125.868735][T21005] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1125.895967][T21005] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 1125.955155][T21005] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 1126.116110][T21005] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice= 0.40 [ 1126.125579][T21005] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1126.154003][T21005] usb 1-1: SerialNumber: syz [ 1126.252278][T21005] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 1126.488320][T21005] usbtest 1-1:1.0: Linux gadget zero [ 1126.496127][T21005] usbtest 1-1:1.0: high-speed {control in/out bulk-in int-in} tests (+alt) [ 1126.652266][T15475] tipc: Node number set to 3227816023 [ 1126.962294][ T30] audit: type=1326 audit(1760149553.906:1008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21090 comm="syz.1.3978" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f03c838eec9 code=0x0 [ 1127.025484][T21003] usb 1-1: USB disconnect, device number 83 [ 1127.384557][T21103] cgroup: fork rejected by pids controller in /syz1 [ 1127.395910][T21098] netlink: 116 bytes leftover after parsing attributes in process `syz.5.3980'. [ 1127.562753][T20987] usb 3-1: new high-speed USB device number 122 using dummy_hcd [ 1127.842178][T20987] usb 3-1: Using ep0 maxpacket: 32 [ 1127.849230][T20987] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 1127.859515][T20987] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 16 [ 1127.878031][T20987] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1127.892205][T20987] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1127.902435][T20987] usb 3-1: Product: ѕ [ 1127.910559][T20987] usb 3-1: Manufacturer: ﯄빗婖㩰号⤥ퟩɾ࡫譂Ꮁ粖맬跬年箄䶽괠ﱀত씭뚃믩뾻⸟崛椎꼌㥈㒒ߌ힘憙铠瞦였⏚쓦렞䫀⿖좖륙嬤ሆ옴ㄱዘᅮ큲戰旜櫚ႏٖ덄戧䔁ꩼ㡯䶾凿貐쩤 [ 1128.078166][T20987] usb 3-1: SerialNumber: ⃎렿쬊泻絭봗᯳ຳゎ氳ꑯ暦뾴䒉﹄⯉宠ᓰ獢幟ᛜ㹺쮬꠮紗岙볫毱Ⴛ岙녵窸侤㮗ɼ鱠腱棂듮 [ 1128.648169][T20987] cdc_ncm 3-1:1.0: bind() failure [ 1128.668235][T20987] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 1128.681867][T20987] cdc_ncm 3-1:1.1: bind() failure [ 1128.724009][T20987] usb 3-1: USB disconnect, device number 122 [ 1129.833739][T21468] macvtap1: entered promiscuous mode [ 1129.839103][T21468] syz_tun: entered promiscuous mode [ 1130.039143][T21473] hub 9-0:1.0: USB hub found [ 1130.051016][T21473] hub 9-0:1.0: 1 port detected [ 1130.093864][T21468] macvtap1: entered allmulticast mode [ 1130.142909][T21475] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3990'. [ 1130.154641][T21468] syz_tun: entered allmulticast mode [ 1130.324357][T21468] syz_tun: left allmulticast mode [ 1130.329722][T21468] syz_tun: left promiscuous mode [ 1130.393504][T21482] netlink: 16 bytes leftover after parsing attributes in process `syz.4.3992'. [ 1130.462512][T21483] vim2m vim2m.0: vidioc_s_fmt queue busy [ 1130.877125][T21472] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 1130.904458][T21472] team0: Port device batadv1 added [ 1131.116852][T21475] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1131.147060][T21475] 8021q: adding VLAN 0 to HW filter on device team0 [ 1131.208272][T21475] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 1131.373133][T21005] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1131.448038][T21499] random: crng reseeded on system resumption [ 1131.484859][T17492] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1131.662762][T21005] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1132.472191][T21518] fuse: Bad value for 'fd' [ 1132.665555][T10801] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1132.703099][T10801] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1132.762664][T21003] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1133.505280][T21536] FAULT_INJECTION: forcing a failure. [ 1133.505280][T21536] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1133.522794][T21536] CPU: 1 UID: 0 PID: 21536 Comm: syz.1.4004 Not tainted syzkaller #0 PREEMPT(full) [ 1133.522817][T21536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1133.522827][T21536] Call Trace: [ 1133.522834][T21536] [ 1133.522842][T21536] dump_stack_lvl+0x189/0x250 [ 1133.522864][T21536] ? __pfx____ratelimit+0x10/0x10 [ 1133.522884][T21536] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1133.522901][T21536] ? __pfx__printk+0x10/0x10 [ 1133.522917][T21536] ? __might_fault+0xb0/0x130 [ 1133.522947][T21536] should_fail_ex+0x414/0x560 [ 1133.522971][T21536] _copy_from_user+0x2d/0xb0 [ 1133.522988][T21536] ___sys_sendmsg+0x158/0x2a0 [ 1133.523011][T21536] ? __pfx____sys_sendmsg+0x10/0x10 [ 1133.523063][T21536] ? __fget_files+0x2a/0x420 [ 1133.523077][T21536] ? __fget_files+0x3a0/0x420 [ 1133.523099][T21536] __x64_sys_sendmsg+0x19b/0x260 [ 1133.523121][T21536] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1133.523148][T21536] ? __pfx_ksys_write+0x10/0x10 [ 1133.523173][T21536] ? do_syscall_64+0xbe/0xfa0 [ 1133.523196][T21536] do_syscall_64+0xfa/0xfa0 [ 1133.523215][T21536] ? lockdep_hardirqs_on+0x9c/0x150 [ 1133.523235][T21536] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1133.523251][T21536] ? clear_bhb_loop+0x60/0xb0 [ 1133.523270][T21536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1133.523285][T21536] RIP: 0033:0x7f03c838eec9 [ 1133.523300][T21536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1133.523313][T21536] RSP: 002b:00007f03c9271038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1133.523330][T21536] RAX: ffffffffffffffda RBX: 00007f03c85e5fa0 RCX: 00007f03c838eec9 [ 1133.523342][T21536] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000004 [ 1133.523352][T21536] RBP: 00007f03c9271090 R08: 0000000000000000 R09: 0000000000000000 [ 1133.523362][T21536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1133.523371][T21536] R13: 00007f03c85e6038 R14: 00007f03c85e5fa0 R15: 00007f03c870fa28 [ 1133.523395][T21536] [ 1133.732057][T21003] usb 3-1: new high-speed USB device number 123 using dummy_hcd [ 1134.052285][T21003] usb 3-1: Using ep0 maxpacket: 32 [ 1134.075970][T21003] usb 3-1: config 4 has an invalid interface number: 128 but max is 0 [ 1134.097802][T21003] usb 3-1: config 4 has no interface number 0 [ 1134.115880][T21003] usb 3-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1134.149875][T21003] usb 3-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1134.168537][T21003] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1134.211843][T21003] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1134.224670][T21003] hub 3-1:4.128: USB hub found [ 1134.612456][T21545] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for gretap1 [ 1134.641614][T21545] gretap1: entered promiscuous mode [ 1134.649647][T21543] fuse: Bad value for 'fd' [ 1134.651555][T21545] gretap1: entered allmulticast mode [ 1134.669284][T21003] hub 3-1:4.128: config failed, can't read hub descriptor (err -22) [ 1134.760996][T21003] usb 3-1: USB disconnect, device number 123 [ 1135.252267][T21005] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 1135.413225][T21005] usb 6-1: Using ep0 maxpacket: 8 [ 1135.420569][T21005] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1135.430546][T21005] usb 6-1: can't read configurations, error -61 [ 1135.542494][T21003] usb 3-1: new high-speed USB device number 124 using dummy_hcd [ 1135.562280][T21005] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 1135.706179][T21003] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1135.732402][T21005] usb 6-1: Using ep0 maxpacket: 8 [ 1135.746875][T21003] usb 3-1: config 0 has no interfaces? [ 1135.764975][T21003] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1135.774475][T21003] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1135.783109][T21005] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1135.790726][T21005] usb 6-1: can't read configurations, error -61 [ 1135.807401][T21005] usb usb6-port1: attempt power cycle [ 1135.832246][T21003] usb 3-1: config 0 descriptor?? [ 1136.192239][T21005] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 1136.354627][T21005] usb 6-1: Using ep0 maxpacket: 8 [ 1136.371833][T21005] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1136.382330][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1136.390716][T21005] usb 6-1: can't read configurations, error -61 [ 1136.552368][T21005] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 1136.603258][T21005] usb 6-1: Using ep0 maxpacket: 8 [ 1136.642984][T21005] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1136.663098][T21005] usb 6-1: can't read configurations, error -61 [ 1136.690146][T21005] usb usb6-port1: unable to enumerate USB device [ 1136.869924][T21562] random: crng reseeded on system resumption [ 1137.190964][T21568] rtc_cmos 00:00: Alarms can be up to one day in the future [ 1137.200995][T21568] netlink: 'syz.4.4013': attribute type 1 has an invalid length. [ 1137.286370][T21568] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1137.316871][T21570] bond2: (slave gretap1): making interface the new active one [ 1137.326615][T21570] bond2: (slave gretap1): Enslaving as an active interface with an up link [ 1138.089452][T21584] netlink: 16 bytes leftover after parsing attributes in process `syz.0.4016'. [ 1138.373220][T15475] usb 3-1: USB disconnect, device number 124 [ 1138.382477][T20987] usb 1-1: new high-speed USB device number 84 using dummy_hcd [ 1138.613967][T20987] usb 1-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1138.637696][T20987] usb 1-1: config 0 interface 0 has no altsetting 0 [ 1138.676474][T20987] usb 1-1: New USB device found, idVendor=5543, idProduct=0047, bcdDevice= 0.00 [ 1138.752224][T21005] usb 6-1: new full-speed USB device number 45 using dummy_hcd [ 1138.769556][T20987] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1138.870050][T20987] usb 1-1: config 0 descriptor?? [ 1139.061842][T21005] usb 6-1: descriptor type invalid, skip [ 1139.092322][T14739] usb 3-1: new high-speed USB device number 125 using dummy_hcd [ 1139.110811][T21005] usb 6-1: descriptor type invalid, skip [ 1139.234461][T21005] usb 6-1: config 1 has an invalid descriptor of length 239, skipping remainder of the config [ 1139.252300][T14739] usb 3-1: Using ep0 maxpacket: 8 [ 1139.260308][T14739] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1139.271992][T14739] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1139.303061][T14739] usb 3-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00 [ 1139.331333][T14739] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1139.365699][T14739] usb 3-1: config 0 descriptor?? [ 1139.452596][T21005] usb 6-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 1139.528476][T21005] usb 6-1: language id specifier not provided by device, defaulting to English [ 1139.590216][T21005] usb 6-1: New USB device found, idVendor=056a, idProduct=0319, bcdDevice= 0.40 [ 1139.605605][T21005] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1139.620546][T21005] usb 6-1: Product: Г [ 1139.627623][T21005] usb 6-1: SerialNumber: 榔ↈᝨ䁐躵޺鋜戾ॽ [ 1139.925762][T14739] input: HID 28bd:0935 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:28BD:0935.0017/input/input51 [ 1140.264929][T14739] uclogic 0003:28BD:0935.0017: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0935] on usb-dummy_hcd.2-1/input0 [ 1140.523590][T14739] usb 3-1: USB disconnect, device number 125 [ 1141.082668][T21606] fido_id[21606]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 1142.216306][T21618] netlink: 71 bytes leftover after parsing attributes in process `syz.2.4026'. [ 1142.315629][T21005] usb 6-1: USB disconnect, device number 45 [ 1142.588191][T20987] usb 1-1: string descriptor 0 read error: -71 [ 1142.609783][T20987] uclogic 0003:5543:0047.0016: failed retrieving string descriptor #200: -71 [ 1142.715943][T20987] uclogic 0003:5543:0047.0016: failed retrieving pen parameters: -71 [ 1142.745223][T20987] uclogic 0003:5543:0047.0016: failed probing pen v2 parameters: -71 [ 1142.772458][T20987] uclogic 0003:5543:0047.0016: failed probing parameters: -71 [ 1142.800645][T20987] uclogic 0003:5543:0047.0016: probe with driver uclogic failed with error -71 [ 1142.847129][T20987] usb 1-1: USB disconnect, device number 84 [ 1142.862618][T21005] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 1142.947971][T21630] netlink: 'syz.4.4029': attribute type 10 has an invalid length. [ 1142.973619][T21630] team0: Device ipvlan1 failed to register rx_handler [ 1143.043932][T21005] usb 6-1: Using ep0 maxpacket: 8 [ 1143.051644][T21005] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1143.060238][T21005] usb 6-1: can't read configurations, error -61 [ 1143.322236][T21005] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 1143.352217][T20987] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 1143.472230][T21005] usb 6-1: Using ep0 maxpacket: 8 [ 1143.483817][T21005] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1143.491770][T21005] usb 6-1: can't read configurations, error -61 [ 1143.506057][T21005] usb usb6-port1: attempt power cycle [ 1143.545447][T20987] usb 1-1: Using ep0 maxpacket: 32 [ 1143.561611][T20987] usb 1-1: config 0 has an invalid interface number: 62 but max is 0 [ 1143.580047][T20987] usb 1-1: config 0 has no interface number 0 [ 1143.596640][T20987] usb 1-1: config 0 interface 62 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 1143.630099][T20987] usb 1-1: config 0 interface 62 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1143.667423][T20987] usb 1-1: config 0 interface 62 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1143.681171][T20987] usb 1-1: New USB device found, idVendor=055f, idProduct=c220, bcdDevice=10.d4 [ 1143.700529][T20987] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1143.708954][T20987] usb 1-1: Product: syz [ 1143.713329][T20987] usb 1-1: Manufacturer: syz [ 1143.718050][T20987] usb 1-1: SerialNumber: syz [ 1143.730244][T20987] usb 1-1: config 0 descriptor?? [ 1143.862451][T21005] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 1143.893042][T21005] usb 6-1: Using ep0 maxpacket: 8 [ 1143.901067][T21005] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1143.911216][T21005] usb 6-1: can't read configurations, error -61 [ 1144.043661][T21005] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 1144.067615][ T30] audit: type=1326 audit(1760149571.076:1009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21624 comm="syz.0.4028" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fce7478eec9 code=0x0 [ 1144.113068][T21005] usb 6-1: Using ep0 maxpacket: 8 [ 1144.120730][T21005] usb 6-1: unable to read config index 0 descriptor/start: -61 [ 1144.132521][T21005] usb 6-1: can't read configurations, error -61 [ 1144.147579][T21005] usb usb6-port1: unable to enumerate USB device [ 1144.382704][ C0] ip6_tunnel: ip6gretap0 xmit: Local address not yet configured! [ 1144.492510][T15475] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 1144.657641][T15475] usb 2-1: New USB device found, idVendor=0c45, idProduct=8003, bcdDevice=d6.bb [ 1144.666884][T15475] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1144.674984][T15475] usb 2-1: Product: syz [ 1144.679234][T15475] usb 2-1: Manufacturer: syz [ 1144.686442][T15475] usb 2-1: SerialNumber: syz [ 1144.696950][T15475] usb 2-1: config 0 descriptor?? [ 1144.712600][T15475] gspca_main: sn9c2028-2.14.0 probing 0c45:8003 [ 1144.907471][T15475] gspca_sn9c2028: read1 error -71 [ 1144.917365][T15475] gspca_sn9c2028: read1 error -71 [ 1144.925002][T15475] gspca_sn9c2028: read1 error -71 [ 1144.930670][T15475] sn9c2028 2-1:0.0: probe with driver sn9c2028 failed with error -71 [ 1144.944062][T15475] usb 2-1: USB disconnect, device number 47 [ 1145.529841][T21650] FAULT_INJECTION: forcing a failure. [ 1145.529841][T21650] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1145.545304][T21650] CPU: 1 UID: 0 PID: 21650 Comm: syz.1.4035 Not tainted syzkaller #0 PREEMPT(full) [ 1145.545336][T21650] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1145.545351][T21650] Call Trace: [ 1145.545361][T21650] [ 1145.545371][T21650] dump_stack_lvl+0x189/0x250 [ 1145.545401][T21650] ? __pfx____ratelimit+0x10/0x10 [ 1145.545434][T21650] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1145.545459][T21650] ? __pfx__printk+0x10/0x10 [ 1145.545495][T21650] should_fail_ex+0x414/0x560 [ 1145.545528][T21650] _copy_to_user+0x31/0xb0 [ 1145.545554][T21650] simple_read_from_buffer+0xe1/0x170 [ 1145.545593][T21650] proc_fail_nth_read+0x1b3/0x220 [ 1145.545625][T21650] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1145.545657][T21650] ? rw_verify_area+0x2a6/0x4d0 [ 1145.545687][T21650] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1145.545717][T21650] vfs_read+0x1fd/0xa30 [ 1145.545751][T21650] ? poll_select_finish+0x264/0x5e0 [ 1145.545788][T21650] ? __pfx_vfs_read+0x10/0x10 [ 1145.545822][T21650] ? set_user_sigmask+0xc7/0x1b0 [ 1145.545847][T21650] ? __pfx_set_user_sigmask+0x10/0x10 [ 1145.545873][T21650] ? do_sys_openat2+0x154/0x1c0 [ 1145.545908][T21650] ksys_read+0x145/0x250 [ 1145.545941][T21650] ? __pfx_ksys_read+0x10/0x10 [ 1145.545976][T21650] ? do_syscall_64+0xbe/0xfa0 [ 1145.546009][T21650] do_syscall_64+0xfa/0xfa0 [ 1145.546038][T21650] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1145.546061][T21650] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1145.546084][T21650] ? clear_bhb_loop+0x60/0xb0 [ 1145.546111][T21650] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1145.546134][T21650] RIP: 0033:0x7f03c838d8dc [ 1145.546154][T21650] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1145.546174][T21650] RSP: 002b:00007f03c9271030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1145.546199][T21650] RAX: ffffffffffffffda RBX: 00007f03c85e5fa0 RCX: 00007f03c838d8dc [ 1145.546216][T21650] RDX: 000000000000000f RSI: 00007f03c92710a0 RDI: 0000000000000005 [ 1145.546230][T21650] RBP: 00007f03c9271090 R08: 0000000000000000 R09: 0000000000000000 [ 1145.546244][T21650] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1145.546258][T21650] R13: 00007f03c85e6038 R14: 00007f03c85e5fa0 R15: 00007f03c870fa28 [ 1145.546302][T21650] [ 1145.978270][T21657] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4038'. [ 1146.000707][T20987] gspca_main: spca500-2.14.0 probing 055f:c220 [ 1146.038178][T20987] usb 1-1: USB disconnect, device number 85 [ 1146.247048][T21667] tipc: Enabled bearer , priority 0 [ 1146.372420][T21667] syzkaller0: entered promiscuous mode [ 1146.416483][T21667] syzkaller0: entered allmulticast mode [ 1146.474416][T21667] tipc: Resetting bearer [ 1146.548073][T21667] skbuff: bad partial csum: csum=65506/2 headroom=178 headlen=65526 [ 1146.642300][T20987] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 1146.896885][T20987] usb 2-1: Using ep0 maxpacket: 32 [ 1147.077570][T20987] usb 2-1: config 0 has no interfaces? [ 1147.099208][T20987] usb 2-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 1147.111286][T20987] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1147.125446][T20987] usb 2-1: config 0 descriptor?? [ 1147.325756][T21665] tipc: Resetting bearer [ 1147.393008][T21665] tipc: Disabling bearer [ 1147.435331][T21676] vlan2: entered promiscuous mode [ 1147.461600][T21676] dummy0: entered promiscuous mode [ 1148.002359][T21698] netlink: 88 bytes leftover after parsing attributes in process `syz.5.4048'. [ 1148.224630][T21701] netlink: 'syz.5.4049': attribute type 10 has an invalid length. [ 1148.234488][T21701] team0: Device ipvlan1 failed to register rx_handler [ 1149.162265][T15475] usb 3-1: new high-speed USB device number 126 using dummy_hcd [ 1149.322258][T15475] usb 3-1: Using ep0 maxpacket: 32 [ 1149.341542][T15475] usb 3-1: config 0 has an invalid interface number: 89 but max is 0 [ 1149.350597][T15475] usb 3-1: config 0 has no interface number 0 [ 1149.352034][T21000] usb 2-1: USB disconnect, device number 48 [ 1149.357562][T15475] usb 3-1: config 0 interface 89 has no altsetting 0 [ 1149.383506][T15475] usb 3-1: New USB device found, idVendor=0ccd, idProduct=10af, bcdDevice=38.4e [ 1149.485175][T15475] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1149.547176][T15475] usb 3-1: Product: syz [ 1149.551623][T15475] usb 3-1: Manufacturer: syz [ 1149.561999][T15475] usb 3-1: SerialNumber: syz [ 1149.584839][T15475] usb 3-1: config 0 descriptor?? [ 1149.599719][T15475] em28xx 3-1:0.89: New device syz syz @ 480 Mbps (0ccd:10af, interface 89, class 89) [ 1149.611100][T15475] em28xx 3-1:0.89: Video interface 89 found: bulk [ 1150.457026][T15475] em28xx 3-1:0.89: unknown em28xx chip ID (0) [ 1151.075504][T15475] em28xx 3-1:0.89: failed to get i2c transfer status from bridge register (error=-5) [ 1151.085424][T15475] em28xx 3-1:0.89: board has no eeprom [ 1151.282223][T15475] em28xx 3-1:0.89: Identified as Terratec Grabby (card=67) [ 1151.312532][T15475] em28xx 3-1:0.89: analog set to bulk mode. [ 1151.536787][T20987] em28xx 3-1:0.89: Registering V4L2 extension [ 1151.615183][T15475] usb 3-1: USB disconnect, device number 126 [ 1151.625300][T15475] em28xx 3-1:0.89: Disconnecting em28xx [ 1151.764677][T20987] em28xx 3-1:0.89: Config register raw data: 0xffffffed [ 1151.786861][T20987] em28xx 3-1:0.89: AC97 chip type couldn't be determined [ 1151.822708][T20987] em28xx 3-1:0.89: No AC97 audio processor [ 1152.282210][T14739] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 1152.344557][T20987] usb 3-1: Decoder not found [ 1152.349235][T20987] em28xx 3-1:0.89: failed to create media graph [ 1152.355654][T20987] em28xx 3-1:0.89: V4L2 device video103 deregistered [ 1152.476401][T21742] ================================================================== [ 1152.484523][T21742] BUG: KASAN: slab-use-after-free in v4l2_fh_open+0xac/0x420 [ 1152.491906][T21742] Read of size 8 at addr ffff8880322d0740 by task v4l_id/21742 [ 1152.499448][T21742] [ 1152.501785][T21742] CPU: 0 UID: 0 PID: 21742 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) [ 1152.501804][T21742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1152.501815][T21742] Call Trace: [ 1152.501821][T21742] [ 1152.501829][T21742] dump_stack_lvl+0x189/0x250 [ 1152.501853][T21742] ? __virt_addr_valid+0x1c8/0x5c0 [ 1152.501875][T21742] ? rcu_is_watching+0x15/0xb0 [ 1152.501894][T21742] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1152.501911][T21742] ? rcu_is_watching+0x15/0xb0 [ 1152.501929][T21742] ? lock_release+0x4b/0x3e0 [ 1152.501947][T21742] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 1152.501973][T21742] ? __virt_addr_valid+0x1c8/0x5c0 [ 1152.501997][T21742] ? __virt_addr_valid+0x4a5/0x5c0 [ 1152.502020][T21742] print_report+0xca/0x240 [ 1152.502038][T21742] ? v4l2_fh_open+0xac/0x420 [ 1152.502057][T21742] kasan_report+0x118/0x150 [ 1152.502073][T21742] ? v4l2_fh_open+0xac/0x420 [ 1152.502101][T21742] v4l2_fh_open+0xac/0x420 [ 1152.502126][T21742] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1152.502162][T21742] em28xx_v4l2_open+0x157/0x9a0 [ 1152.502184][T21742] v4l2_open+0x1bc/0x3a0 [ 1152.502206][T21742] chrdev_open+0x4c9/0x5e0 [ 1152.502222][T21742] ? __pfx_chrdev_open+0x10/0x10 [ 1152.502237][T21742] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 1152.502256][T21742] ? __pfx_chrdev_open+0x10/0x10 [ 1152.502269][T21742] do_dentry_open+0x950/0x13f0 [ 1152.502291][T21742] vfs_open+0x3b/0x340 [ 1152.502306][T21742] ? path_openat+0x2ecd/0x3830 [ 1152.502327][T21742] path_openat+0x2ee5/0x3830 [ 1152.502359][T21742] ? __pfx_path_openat+0x10/0x10 [ 1152.502386][T21742] do_filp_open+0x1fa/0x410 [ 1152.502404][T21742] ? __lock_acquire+0xab9/0xd20 [ 1152.502420][T21742] ? __pfx_do_filp_open+0x10/0x10 [ 1152.502447][T21742] ? _raw_spin_unlock+0x28/0x50 [ 1152.502464][T21742] ? alloc_fd+0x64c/0x6c0 [ 1152.502497][T21742] do_sys_openat2+0x121/0x1c0 [ 1152.502516][T21742] ? __pfx_do_sys_openat2+0x10/0x10 [ 1152.502534][T21742] ? exc_page_fault+0x82/0x100 [ 1152.502555][T21742] ? do_user_addr_fault+0xc85/0x1380 [ 1152.502572][T21742] __x64_sys_openat+0x138/0x170 [ 1152.502592][T21742] do_syscall_64+0xfa/0xfa0 [ 1152.502612][T21742] ? lockdep_hardirqs_on+0x9c/0x150 [ 1152.502632][T21742] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1152.502647][T21742] ? clear_bhb_loop+0x60/0xb0 [ 1152.502665][T21742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1152.502680][T21742] RIP: 0033:0x7fe1566a7407 [ 1152.502696][T21742] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 1152.502711][T21742] RSP: 002b:00007ffddf67b050 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1152.502727][T21742] RAX: ffffffffffffffda RBX: 00007fe156e12880 RCX: 00007fe1566a7407 [ 1152.502740][T21742] RDX: 0000000000000000 RSI: 00007ffddf67bf1b RDI: ffffffffffffff9c [ 1152.502751][T21742] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 1152.502761][T21742] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 1152.502771][T21742] R13: 00007ffddf67b2a0 R14: 00007fe156f79000 R15: 0000561702fd14d8 [ 1152.502789][T21742] [ 1152.502795][T21742] [ 1152.581573][T14739] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1152.581676][T21742] Allocated by task 20987: [ 1152.586337][T14739] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 1152.590782][T21742] kasan_save_track+0x3e/0x80 [ 1152.836141][T21742] __kasan_kmalloc+0x93/0xb0 [ 1152.840755][T21742] __kmalloc_cache_noprof+0x3d5/0x6f0 [ 1152.846140][T21742] em28xx_v4l2_init+0x10b/0x2e70 [ 1152.851184][T21742] em28xx_init_extension+0x11d/0x1c0 [ 1152.856502][T21742] process_scheduled_works+0xae1/0x17b0 [ 1152.862068][T21742] worker_thread+0x8a0/0xda0 [ 1152.866685][T21742] kthread+0x711/0x8a0 [ 1152.870780][T21742] ret_from_fork+0x4bc/0x870 [ 1152.875395][T21742] ret_from_fork_asm+0x1a/0x30 [ 1152.880174][T21742] [ 1152.882508][T21742] Freed by task 20987: [ 1152.886574][T21742] kasan_save_track+0x3e/0x80 [ 1152.891260][T21742] __kasan_save_free_info+0x46/0x50 [ 1152.896483][T21742] __kasan_slab_free+0x5c/0x80 [ 1152.901261][T21742] kfree+0x19a/0x6d0 [ 1152.905174][T21742] em28xx_v4l2_init+0x1683/0x2e70 [ 1152.910222][T21742] em28xx_init_extension+0x11d/0x1c0 [ 1152.915536][T21742] process_scheduled_works+0xae1/0x17b0 [ 1152.921096][T21742] worker_thread+0x8a0/0xda0 [ 1152.925701][T21742] kthread+0x711/0x8a0 [ 1152.929780][T21742] ret_from_fork+0x4bc/0x870 [ 1152.934384][T21742] ret_from_fork_asm+0x1a/0x30 [ 1152.939157][T21742] [ 1152.941500][T21742] The buggy address belongs to the object at ffff8880322d0000 [ 1152.941500][T21742] which belongs to the cache kmalloc-8k of size 8192 [ 1152.955561][T21742] The buggy address is located 1856 bytes inside of [ 1152.955561][T21742] freed 8192-byte region [ffff8880322d0000, ffff8880322d2000) [ 1152.969538][T21742] [ 1152.971865][T21742] The buggy address belongs to the physical page: [ 1152.978289][T21742] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x322d0 [ 1152.987256][T21742] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1152.995781][T21742] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1153.003346][T21742] page_type: f5(slab) [ 1153.007344][T21742] raw: 00fff00000000040 ffff88813ffa7280 ffffea00016e3200 dead000000000004 [ 1153.015938][T21742] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 1153.024534][T21742] head: 00fff00000000040 ffff88813ffa7280 ffffea00016e3200 dead000000000004 [ 1153.033211][T21742] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 1153.041894][T21742] head: 00fff00000000003 ffffea0000c8b401 00000000ffffffff 00000000ffffffff [ 1153.050578][T21742] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1153.059253][T21742] page dumped because: kasan: bad access detected [ 1153.065673][T21742] page_owner tracks the page as allocated [ 1153.071400][T21742] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2040(__GFP_IO|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 5489, tgid 5489 (S41dhcpcd), ts 57462817075, free_ts 57368646511 [ 1153.091737][T21742] post_alloc_hook+0x240/0x2a0 [ 1153.096523][T21742] get_page_from_freelist+0x2365/0x2440 [ 1153.102070][T21742] __alloc_frozen_pages_noprof+0x181/0x370 [ 1153.107904][T21742] alloc_pages_mpol+0x232/0x4a0 [ 1153.112780][T21742] allocate_slab+0x96/0x3a0 [ 1153.117298][T21742] ___slab_alloc+0xe94/0x18a0 [ 1153.122011][T21742] __slab_alloc+0x65/0x100 [ 1153.126440][T21742] __kmalloc_cache_noprof+0x411/0x6f0 [ 1153.131835][T21742] tomoyo_init_log+0x111f/0x1f70 [ 1153.136791][T21742] tomoyo_supervisor+0x340/0x1480 [ 1153.141834][T21742] tomoyo_env_perm+0x149/0x1e0 [ 1153.146606][T21742] tomoyo_find_next_domain+0x15cf/0x1aa0 [ 1153.152252][T21742] tomoyo_bprm_check_security+0x11c/0x180 [ 1153.158011][T21742] security_bprm_check+0x89/0x270 [ 1153.163072][T21742] bprm_execve+0x8ee/0x1450 [ 1153.167593][T21742] do_execveat_common+0x510/0x6a0 [ 1153.172639][T21742] page last free pid 5487 tgid 5487 stack trace: [ 1153.178968][T21742] __free_frozen_pages+0xbc4/0xd30 [ 1153.184098][T21742] __put_partials+0x146/0x170 [ 1153.188794][T21742] put_cpu_partial+0x1f2/0x2e0 [ 1153.193564][T21742] __slab_free+0x2b9/0x390 [ 1153.197998][T21742] qlist_free_all+0x97/0x140 [ 1153.202604][T21742] kasan_quarantine_reduce+0x148/0x160 [ 1153.208079][T21742] __kasan_slab_alloc+0x22/0x80 [ 1153.212969][T21742] kmem_cache_alloc_noprof+0x367/0x6e0 [ 1153.218459][T21742] vm_area_alloc+0x24/0x140 [ 1153.222978][T21742] _install_special_mapping+0x2e/0x350 [ 1153.228455][T21742] map_vdso+0x1df/0x480 [ 1153.232626][T21742] load_elf_binary+0x1c25/0x2740 [ 1153.237569][T21742] bprm_execve+0x99c/0x1450 [ 1153.242090][T21742] do_execveat_common+0x510/0x6a0 [ 1153.247151][T21742] __x64_sys_execve+0x94/0xb0 [ 1153.251845][T21742] do_syscall_64+0xfa/0xfa0 [ 1153.256360][T21742] [ 1153.258692][T21742] Memory state around the buggy address: [ 1153.264326][T21742] ffff8880322d0600: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1153.272396][T21742] ffff8880322d0680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1153.280465][T21742] >ffff8880322d0700: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1153.288531][T21742] ^ [ 1153.294694][T21742] ffff8880322d0780: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1153.302784][T21742] ffff8880322d0800: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1153.310873][T21742] ================================================================== [ 1153.332162][T20987] em28xx 3-1:0.89: Registering snapshot button... [ 1153.338680][T14739] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 1153.350697][T20987] input: em28xx snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.89/input/input52 [ 1153.357342][T21747] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1153.361360][T14739] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1153.378776][T14739] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1153.387645][T21742] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1153.394892][T21742] CPU: 0 UID: 0 PID: 21742 Comm: v4l_id Not tainted syzkaller #0 PREEMPT(full) [ 1153.404002][T21742] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1153.414599][T21742] Call Trace: [ 1153.417912][T21742] [ 1153.420882][T21742] dump_stack_lvl+0x99/0x250 [ 1153.425482][T21742] ? __asan_memcpy+0x40/0x70 [ 1153.430081][T21742] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1153.435286][T21742] ? __pfx__printk+0x10/0x10 [ 1153.439973][T21742] vpanic+0x237/0x6d0 [ 1153.443986][T21742] ? __pfx_vpanic+0x10/0x10 [ 1153.448496][T21742] ? preempt_schedule+0xae/0xc0 [ 1153.453353][T21742] ? __pfx_preempt_schedule+0x10/0x10 [ 1153.458750][T21742] panic+0xb9/0xc0 [ 1153.462482][T21742] ? __pfx_panic+0x10/0x10 [ 1153.466905][T21742] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 1153.472808][T21742] ? is_module_address+0x17/0xf0 [ 1153.477756][T21742] ? v4l2_fh_open+0xac/0x420 [ 1153.482353][T21742] check_panic_on_warn+0x89/0xb0 [ 1153.487741][T21742] ? v4l2_fh_open+0xac/0x420 [ 1153.492336][T21742] end_report+0x78/0x160 [ 1153.496584][T21742] kasan_report+0x129/0x150 [ 1153.501087][T21742] ? v4l2_fh_open+0xac/0x420 [ 1153.505704][T21742] v4l2_fh_open+0xac/0x420 [ 1153.510125][T21742] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1153.516113][T21742] em28xx_v4l2_open+0x157/0x9a0 [ 1153.520971][T21742] v4l2_open+0x1bc/0x3a0 [ 1153.525219][T21742] chrdev_open+0x4c9/0x5e0 [ 1153.529637][T21742] ? __pfx_chrdev_open+0x10/0x10 [ 1153.534574][T21742] ? fsnotify_open_perm_and_set_mode+0x113/0x610 [ 1153.540902][T21742] ? __pfx_chrdev_open+0x10/0x10 [ 1153.545855][T21742] do_dentry_open+0x950/0x13f0 [ 1153.550629][T21742] vfs_open+0x3b/0x340 [ 1153.554696][T21742] ? path_openat+0x2ecd/0x3830 [ 1153.559467][T21742] path_openat+0x2ee5/0x3830 [ 1153.564075][T21742] ? __pfx_path_openat+0x10/0x10 [ 1153.569025][T21742] do_filp_open+0x1fa/0x410 [ 1153.573533][T21742] ? __lock_acquire+0xab9/0xd20 [ 1153.578383][T21742] ? __pfx_do_filp_open+0x10/0x10 [ 1153.583441][T21742] ? _raw_spin_unlock+0x28/0x50 [ 1153.588310][T21742] ? alloc_fd+0x64c/0x6c0 [ 1153.592656][T21742] do_sys_openat2+0x121/0x1c0 [ 1153.597336][T21742] ? __pfx_do_sys_openat2+0x10/0x10 [ 1153.602542][T21742] ? exc_page_fault+0x82/0x100 [ 1153.607312][T21742] ? do_user_addr_fault+0xc85/0x1380 [ 1153.612599][T21742] __x64_sys_openat+0x138/0x170 [ 1153.617457][T21742] do_syscall_64+0xfa/0xfa0 [ 1153.621981][T21742] ? lockdep_hardirqs_on+0x9c/0x150 [ 1153.627181][T21742] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1153.633248][T21742] ? clear_bhb_loop+0x60/0xb0 [ 1153.637929][T21742] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1153.643825][T21742] RIP: 0033:0x7fe1566a7407 [ 1153.648265][T21742] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 1153.667870][T21742] RSP: 002b:00007ffddf67b050 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1153.676291][T21742] RAX: ffffffffffffffda RBX: 00007fe156e12880 RCX: 00007fe1566a7407 [ 1153.684355][T21742] RDX: 0000000000000000 RSI: 00007ffddf67bf1b RDI: ffffffffffffff9c [ 1153.692345][T21742] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 1153.700320][T21742] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 1153.708384][T21742] R13: 00007ffddf67b2a0 R14: 00007fe156f79000 R15: 0000561702fd14d8 [ 1153.716367][T21742] [ 1153.719721][T21742] Kernel Offset: disabled [ 1153.724052][T21742] Rebooting in 86400 seconds..