last executing test programs: 8.571129711s ago: executing program 0 (id=2412): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x4c050) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000fc02000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000044000500ac1414aa000000000000000000000000000000003c0000"], 0xfc}}, 0x0) syz_emit_ethernet(0x46, &(0x7f00000009c0)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra}}}}}, 0x0) 8.439331582s ago: executing program 0 (id=2415): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40000}, 0x0) 7.671885481s ago: executing program 0 (id=2417): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x2, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0xe4}, {0x7, 0x1, 0x2, 0x81}]}, 0x10) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000200)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) connect$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e21, @rand_addr=0x64010102}}, 0x24) syz_open_dev$vim2m(&(0x7f0000000180), 0x6, 0x2) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) gettid() r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0) write$rfkill(r2, &(0x7f0000000300)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, 0x0, 0x0) io_setup(0x8, &(0x7f0000004200)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000d0000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff00080003400000000c2c0000000b0a01010000000000000000070000000900020073797a31000000000900010073797a30"], 0xc0}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f0000000600), 0x8) 5.167572091s ago: executing program 2 (id=2436): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000540)={0xfffffffffffffffc, 0x608000, 0x800, 0x700, 0x2}, 0x5d) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010003b15000000000000000000214907", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b00010067726574617000001800028004001200060003001c00000006000e"], 0x48}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f0000000380), 0x4) socket$inet(0x2, 0x801, 0xc) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x2, 0x4, 0x3a0, 0xffffffff, 0x0, 0x130, 0x0, 0xfeffffff, 0xffffffff, 0x2d0, 0x2d0, 0x2d0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0x108, 0x130, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}, @common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5040}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@loopback, @remote, [], [], 'erspan0\x00', 'veth1_to_bond\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x400) close_range(r3, 0xffffffffffffffff, 0x0) 4.694943582s ago: executing program 2 (id=2441): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x0, 0x1}, 0xc) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x7, @private0, 0x34}]}, &(0x7f0000002100)=0x10) openat$full(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x8840, 0x0) read$FUSE(r1, &(0x7f0000002600)={0x2020}, 0x2020) 4.617175937s ago: executing program 1 (id=2442): syz_open_dev$dri(&(0x7f00000000c0), 0x0, 0x0) syz_open_dev$dri(&(0x7f00000000c0), 0x1, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xfffffffffffffffd}, 0xc) r1 = socket$inet6(0xa, 0x3, 0x1) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@private0={0xfc, 0x0, '\x00', 0x1}, @in6=@mcast2, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x7}, {}, 0x0, 0x0, 0x1}, {{@in=@dev={0xac, 0x14, 0x14, 0x33}, 0xfffffffd, 0x33}, 0x0, @in6=@dev={0xfe, 0x80, '\x00', 0x2}, 0x0, 0x0, 0x0, 0xfd, 0x0, 0x0, 0xfffffffe}}, 0xe8) sendmmsg(r1, &(0x7f0000000480), 0x21, 0x0) 4.577931815s ago: executing program 2 (id=2443): openat$urandom(0xffffffffffffff9c, 0x0, 0x8000, 0x0) r0 = socket(0x2, 0x80805, 0x0) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f00000000c0)={0x84, @dev={0xac, 0x14, 0x14, 0x3d}, 0x4e20, 0x3, 'dh\x00', 0x1, 0x800002, 0x6e}, 0x2c) setsockopt$IP_VS_SO_SET_ADDDEST(r0, 0x0, 0x487, &(0x7f0000000000)={{0x84, @loopback, 0x4e21, 0x3, 'none\x00', 0x4, 0x8, 0x8077}, {@rand_addr=0x64010102, 0x4e23, 0x1, 0xcd, 0x12d5f, 0x3}}, 0x44) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SET_MM_AUXV(0x23, 0xc, 0xffffffffffffffff, 0x2b) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r5, 0x0, 0x0, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x1, @loopback, 0x1}, 0x1c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000480)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000440)={&(0x7f0000000400)=@gettclass={0x24, 0x2a, 0x704, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xb, 0xfff1}, {0xfff3, 0xfffb}}}, 0x24}, 0x1, 0x0, 0x0, 0x20008081}, 0x800) setsockopt$inet6_tcp_int(r5, 0x6, 0x10, &(0x7f0000001a00)=0x4, 0x4) socket(0x10, 0x3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) read$FUSE(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADDDEST(0xffffffffffffffff, 0x0, 0x487, &(0x7f0000000580)={{0x84, @multicast2, 0x4e23, 0x3, 'lc\x00', 0x2, 0x4, 0x7e}, {@private=0xa010102, 0x4e20, 0x2, 0xc8, 0x80012d58, 0x12d5c}}, 0x44) 4.541788099s ago: executing program 1 (id=2444): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000180), 0x14d802, 0x0) r1 = dup(r0) r2 = open(&(0x7f0000000240)='./file1\x00', 0x183142, 0x2f) sendfile(r1, r2, 0x0, 0x800000009) 4.431884274s ago: executing program 1 (id=2445): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) socket(0x1d, 0x6, 0x9) r2 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_UNLINK(r2, 0x40044160, 0x3) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000bc0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x3}}, [@NFT_MSG_DELRULE={0x68, 0x8, 0xa, 0x101, 0x0, 0x0, {0x2, 0x0, 0x7}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x2}, @NFTA_RULE_POSITION_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffd}, @NFTA_RULE_POSITION={0xc, 0x6, 0x1, 0x0, 0x1}, @NFTA_RULE_EXPRESSIONS={0x20, 0x4, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, @match={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8, 0x2, 0x1, 0x0, 0x3}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_POSITION_ID={0x8}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x90}, 0x1, 0x0, 0x0, 0x4000}, 0x800) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT32(r2, 0xc06c4124, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r3, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x20, 0x3, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000900)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r7 = bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000080)={r6, 0xffffffffffffffff, 0x2d, 0x0, @val=@netfilter={0xa, 0x0, 0x5, 0x1}}, 0x20) close_range(r7, r7, 0x0) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x4, "339f020bbe82b398000000000000000000000d0ec0c1b4e9b1c4369d03740250ceaac594b1b3d741dd17c1c50d38ef2a565ef1e83323691c58d66500", "a9103939c787a16c1ca43f80026d1a8554fe581b59ded130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b3e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200"}}) memfd_secret(0x0) read$FUSE(0xffffffffffffffff, 0x0, 0x0) 4.270163402s ago: executing program 0 (id=2446): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4b, &(0x7f0000000100)=0x4, 0x4) r1 = socket(0x10, 0x3, 0x0) r2 = socket$can_bcm(0x1d, 0x2, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) r5 = getpid() write$cgroup_pid(r0, &(0x7f0000000040)=r5, 0x12) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$can_bcm(r2, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)=ANY=[@ANYRES64=r2], 0x80}, 0x1, 0x0, 0x0, 0x20040000}, 0x440c0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) r6 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r6, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000640)=ANY=[@ANYRES32=0x0, @ANYRES32], 0x138}, 0x1, 0x0, 0x0, 0x4004050}, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}, 0x1c) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e20}, @IFLA_GENEVE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x40800) socket$inet6_tcp(0xa, 0x1, 0x0) 3.516073623s ago: executing program 3 (id=2448): mprotect(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x2) r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000003c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x7, r2, 0x0, 0x10000, 0x0, 0x4, 0x1fc01b, 0x253a19}) 3.39199782s ago: executing program 3 (id=2449): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_XEN_HVM_CONFIG(r1, 0x4038ae7a, &(0x7f0000000340)={0x80, 0x40000094, 0x0, 0x0}) sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) r2 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r3, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r3, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r3, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000003c0)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="1c0006"], 0x1c}}, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) 3.072309222s ago: executing program 2 (id=2452): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000540)={0xfffffffffffffffc, 0x608000, 0x800, 0x700, 0x2}, 0x5d) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000010003b15000000000000000000214907", @ANYRES32=0x0, @ANYBLOB="0000000000000000280012800b00010067726574617000001800028004001200060003001c00000006000e"], 0x48}, 0x1, 0x0, 0x0, 0x20040080}, 0x0) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f0000000380), 0x4) socket$inet(0x2, 0x801, 0xc) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x2, 0x4, 0x3a0, 0xffffffff, 0x0, 0x130, 0x0, 0xfeffffff, 0xffffffff, 0x2d0, 0x2d0, 0x2d0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0x108, 0x130, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}, @common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5040}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@loopback, @remote, [], [], 'erspan0\x00', 'veth1_to_bond\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x400) close_range(r3, 0xffffffffffffffff, 0x0) 2.947157751s ago: executing program 4 (id=2453): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) bind$inet6(r0, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000740)={0x2, 0x9, 0x3, 0x7, 0x3, 0x18, 0x2, 0x6}, 0x20) sendmmsg$inet6(r0, &(0x7f0000004900)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000008c0)="fbf5bd1959d81aeeac3454fdc990f648f16f48c6bd4232bcba18dbc0f755e79fa071a979e36fceaad82b436111801308f7770a63e4af8720f362a3559335c80b0f28c7e01ead726228ef5a48b82c35dfe1e57921007e14cdcfc69e8cd9c03b8dff27b2f3d51fe535b9e051e2a0f0ecef9e06b0a57cbc87f684a08aa33abb5f9733caa9dabc3c55dd5be864ac0ecb7fcd0a7bed095a5dff80f811095086ab552e18e25379a87dea4e871ac2227eb855f2b4c5b49099c40cce3d29b6f67056712c5516e28720863f9665c33e23bcaff1b058e8dd3be2231d645c926d23945e1ff887828e49434210bd92a856f9183bda01232558bb9afcf711301734915f8bc5f007a72bf7543a389d89f3fa8ffb4397820adccc1841c410168fbb12d1a9f2c8032c268074345392e1b46fbbbeab52a0c1ab4448ebb9b19f8bd682224bdecf8d7741c96d2e189b18f8e922689c5633e29bca2bb0a13c15a92445f4685a30edd8bfca8d40fc3151933594a47547eefd2929020cffa9142cae147ad6559a1b394782b3b6e28a4e8af47c0a625a31899736ab4df87534f7f1d1d0375b07ad7b6ddd765f76bee526044e1a0c69eb5e7b46d5a44874a5e88211b322dafabd91948e6fa35826cafa6d0495905f7e249288b7b2823a251d35ec3e6259e2abfafd6e7e98eb8b65fb7638dacf0fab435427a0563971066c60f7d91019439650d68d8f01bb040fe143e4b940f14cba2ebf841c71c9e7a9aac194d34f75598aa366283635ec6b673adf703ef425685e9a8f5e30306847368e0f4438b6d7c95f80886240a2602af66e5e3c5e45107e1fc68f6a3db2411d6d2500980c92c261903fb3cdbb981d9655e78630b4d16a3930de90874409795603565999f232ea2736c92e1353fe3f640d4e4d6f656d9dd59dc99aab86e318e3d68740be38671b2f413efabe1ac739d5aae7deadb8ed6651a34684ce8e996491798f9c4fd37ebe1a1a50d88866192edf3183faed4e657f7bc5e971183b43755bd2eeafda22708469ad55d911061bdd0df48180fd84d43804733a78bfc6a8d927fac2f01675a4d82bbaedc8e73a602247a54fdcb5bf4130fbb438f2ff7d69475fbb6e72ae322a06377ea65397fc050737f9473e6ef37315b636d5b6e6d3788a44a5e686e0b948af57bc2b01ccfd1e93fba41719b7826d99125485ac93217d67cc15f7c1e60217ab84e570e78917b4357781ea8042ebe826d7ae382f9d3c35296b1d885198e6dfc510d25534dfdb81c0b01501bb3abb5ca086cd8a6d93126b6b9b25b22a63f0af878851d145c2be092d10bf3d97490de2973f94b86fac0a62091737a8a6830767ed326252cf940946490e2149ed6e723470caaec4741d7cce735fcd0a42c47a8e62b1cd591e05bdb18b", 0x3df}], 0x1}}], 0x1, 0x11) 2.897775878s ago: executing program 3 (id=2454): r0 = socket$qrtr(0x2a, 0x2, 0x0) connect$qrtr(r0, &(0x7f0000000040)={0x2a, 0x0, 0x1}, 0xc) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x2) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x7, @private0, 0x34}]}, &(0x7f0000002100)=0x10) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) r1 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x8840, 0x0) read$FUSE(r1, &(0x7f0000002600)={0x2020}, 0x2020) 2.758977927s ago: executing program 2 (id=2455): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0xfffffffffffffffc}, {0x0, 0xacb0, 0x400000000}, 0x400}}, 0xb8}}, 0x4c050) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000fc02000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000044000500ac1414aa000000000000000000000000000000003c0000"], 0xfc}}, 0x0) syz_emit_ethernet(0x46, &(0x7f00000009c0)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra}}}}}, 0x0) 2.633916504s ago: executing program 2 (id=2456): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x2, &(0x7f00000002c0)=[{0x6, 0x0, 0x0, 0xe4}, {0x7, 0x1, 0x2, 0x81}]}, 0x10) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, &(0x7f0000000200)={{0x1, 0x1, 0x18, r0, {0x1}}, './file0\x00'}) connect$rxrpc(r1, &(0x7f0000000000)=@in4={0x21, 0x0, 0x2, 0x10, {0x2, 0x4e21, @rand_addr=0x64010102}}, 0x24) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f00000001c0)={0x2, 0x1, 0x0, "6906007722266ccee4ba568eb4f80102fd372f2c74f6024305f11fd3454ad23c", 0x14000214}) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) gettid() r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0) write$rfkill(r2, &(0x7f0000000300)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8) syz_genetlink_get_family_id$ethtool(&(0x7f0000000300), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x10, 0x0, 0x0) io_setup(0x8, &(0x7f0000004200)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a030000000d0000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a3000000000080005400000000d08000640ffffff00080003400000000c2c0000000b0a01010000000000000000070000000900020073797a31000000000900010073797a30"], 0xc0}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) read$eventfd(0xffffffffffffffff, &(0x7f0000000600), 0x8) 2.168088682s ago: executing program 1 (id=2457): socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = accept4$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @remote}, &(0x7f0000000040)=0xfffffffffffffef4, 0x80800) r3 = accept$packet(r2, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @local}, &(0x7f0000000680)=0x14) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sendmsg$TCPDIAG_GETSOCK(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000280)=ANY=[@ANYRESOCT, @ANYRES16=r3], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x8000) r4 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0xe8) close(r4) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000001380)={0x40, r6, 0x1, 0xfffffffe, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_OURS={0x14, 0x3, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_BITSET_BIT_INDEX={0x8, 0x1, 0x79}]}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000002d00091327bd70000000000006"], 0x20}}, 0x4000800) recvmmsg(r7, &(0x7f0000001700)=[{{0x0, 0x0, 0x0}, 0xfffff2a8}], 0x1, 0x40002102, 0x0) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) mkdir(&(0x7f00000003c0)='./file0\x00', 0x83) syz_emit_ethernet(0x2a, &(0x7f0000000500)=ANY=[@ANYBLOB="0180c200000eaaaaaaaaaabb08004500001cfffe0000a02f90787f000001e00000012001880b00089078cc810f432c6ca22e5580dbb2137e4e7d270af433b2ef563342e77c47d26f4c1457b82cceb958876d60526c673bb0750d691746759f0308597b611ebd2601c4c72ca40ad18e77f59e36c005cedfb6d5c26e14d475f3f9a8e2afcc702f7334c44555480713b4ecbd924a0e027d741c367971dcdcb4ee5a27f7a4"], 0x0) name_to_handle_at(0xffffffffffffff9c, 0x0, 0x0, &(0x7f0000000180), 0x0) syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f00000000c0)={0x14, &(0x7f0000000240)=ANY=[@ANYBLOB="2522611d7aa1cafc93390fd140f2005302c2e673f5f4500a21"], 0x0}, 0x0) r8 = io_uring_setup(0xf08, &(0x7f000000c480)={0x0, 0xabd0, 0x400, 0x2, 0x349}) ioctl$FS_IOC_GETVERSION(0xffffffffffffffff, 0x80087601, &(0x7f00000002c0)) socket$nl_rdma(0x10, 0x3, 0x14) r9 = io_uring_setup(0x7629, &(0x7f0000000600)={0x0, 0x1e28, 0x20, 0x3f, 0x800089, 0x0, r8}) getrlimit(0x1, &(0x7f0000000000)) io_uring_register$IORING_REGISTER_FILES(r9, 0x1e, &(0x7f0000000000)=[r8], 0x1) 1.951309603s ago: executing program 4 (id=2458): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e22, @empty}, 0x67) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='syz_tun\x00', 0x10) sendto$inet(r0, 0x0, 0x0, 0x20000800, &(0x7f0000000080)={0x2, 0x0, @remote}, 0x10) syz_emit_ethernet(0x7a, &(0x7f00000000c0)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x6c, 0x0, 0x0, 0x0, 0x6, 0x0, @remote, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x16, 0xc2, 0x0, 0x0, 0x0, {[@sack_perm={0x4, 0x2}, @sack_perm={0x4, 0x2}, @window={0x3, 0x3, 0xd1}, @mss={0x2, 0x4, 0x100}, @window={0x3, 0x3, 0x5}, @sack={0x5, 0x1a, [0x8, 0x25c, 0xfff, 0x1ff, 0x3, 0x7fffffff]}, @mptcp=@capable={0x1e, 0xc, 0x0, 0x8, 0x9, 0xd945}, @timestamp={0x8, 0xa, 0x80000001, 0xa}, @exp_fastopen={0xfe, 0x4}]}}}}}}}, 0x0) 1.876529409s ago: executing program 4 (id=2459): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000440), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x7, 0x13, r2, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x141400, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f0000000100)={'tunl0\x00', 0x800}) r4 = socket(0x1f, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, 0x0) listen(0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x401, 0x9, 0x8, 0x0, 0x7}, 0x0) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000003e000701fcfffffffddbf525017c0000100036800c00020007000000000000000c000180080016"], 0x30}, 0x1, 0x0, 0x0, 0x488c0}, 0xc000) setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f00000000c0)='vegas\x00', 0x6) r9 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r9, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000bc0)={0x4c, 0x12, 0x301, 0x0, 0x0, {0x0, 0x6, 0x0, 0x0, {0x4e23, 0x0, [0x0, 0x0, 0x81], [0x1, 0xfffffffd, 0x10000], 0x0, [0x2, 0x7fff]}, 0x7}}, 0x4c}, 0x1, 0x0, 0x0, 0x20044190}, 0x40000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000480)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0xff, 0x7fff0010}]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) r10 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)=[{}], 0x1}, 0x0) r11 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=ANY=[@ANYBLOB="150000000800000008"], 0x50) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000140)=ANY=[@ANYBLOB="b281ed0d2807507f3121736137dd74b100000000000000000000000000001811000071685153b4c215f8d033bfbde9535910e420178f1429db6ad042f18e4468e9884dc359ffd9e6053a70f445a90fd4bcbd120625f89689d92685bcce845855852b0684e22ffd659b824f580ebaa3a17bd5dbb3bfd7cdfd8fbbe002debdbc4b59afe8967add1fac8b3c7394cc5b2bf017fd33ad4e7d5f0bee100defbabb794ae7ed041c7ba3bf1af1ae89aa698c1959ce25709f483789832496df4f596dbd979e361314412926b77fb53d4e6eee3ed793a0fa56871f4d903c844613b401cb3dc2e901cc0ab6453a0dcd114a2a00a8e78861568f6c1d51f641bfafaf250876187cfd76221fb290ade54c6488c0b5fd9b3b0e0bedba04a41bb11ca77b49dfc06b92ad14c16bb774dfb0d0f7ab7b4acdcd5b524a643d42ec54f4659f1d7313", @ANYRES32=r11, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b7000000000000009500000000000000"], &(0x7f0000000000)='GPL\x00'}, 0x90) 1.662180802s ago: executing program 3 (id=2460): r0 = socket$unix(0x1, 0x1, 0x0) r1 = socket$unix(0x1, 0x1, 0x0) bind$unix(r1, 0x0, 0x0) listen(r1, 0x0) connect$unix(r0, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r2 = socket$unix(0x1, 0x1, 0x0) connect$unix(r2, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) listen(r1, 0x802) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r3, 0xffffffffffffffff, 0x0) 1.491791046s ago: executing program 3 (id=2461): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) sendmsg$NL80211_CMD_JOIN_MESH(r0, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000480)={0x28, r1, 0x1, 0x70bd29, 0x25dfdbfe, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_MESH_CONFIG={0xc, 0x23, 0x0, 0x1, [@NL80211_MESHCONF_TTL={0x5, 0x6, 0x9}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x14}, 0x0) 1.227683955s ago: executing program 3 (id=2462): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'netdevsim0\x00'}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x6dc, @loopback}, 0x1c) listen(r1, 0x5) r2 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, &(0x7f0000000400)={0x2c, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) capset(&(0x7f0000000040)={0x20080522}, &(0x7f0000000080)) ioctl$sock_SIOCSIFBR(r1, 0x8941, &(0x7f0000000440)=@add_del={0x2, &(0x7f0000000400)='veth1_to_batadv\x00'}) sendto$inet6(r3, 0x0, 0x0, 0x24040014, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @empty, 0xfffffffe}, 0x1c) socket$inet6(0x10, 0x2, 0x4) 787.908184ms ago: executing program 0 (id=2463): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_genetlink_get_family_id$mptcp(&(0x7f0000000080), r0) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r0) recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, 0x0}, 0x5}, {{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000000600)}, 0x7ffffffe}, {{0x0, 0x0, 0x0}, 0x5}], 0x5, 0x18042, 0x0) 567.664073ms ago: executing program 0 (id=2464): r0 = socket$kcm(0xa, 0x922000000003, 0x11) recvmsg$kcm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000340)=""/4106, 0x5a8}], 0x10}, 0x406) 297.097553ms ago: executing program 4 (id=2465): r0 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f0000000540)={0xfffffffffffffffc, 0x608000, 0x800, 0x700, 0x2}, 0x5d) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=@setlink={0x40, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3000000}, [@IFLA_PROTO_DOWN={0x5}, @IFLA_IFNAME={0x14, 0x3, 'macvlan1\x00'}, @IFLA_AF_SPEC={0x4}]}, 0x40}}, 0x0) r2 = socket$kcm(0x29, 0x2, 0x0) ioctl$sock_kcm_SIOCKCMUNATTACH(r2, 0x89e1, 0x0) r3 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r3, 0x114, 0x8, &(0x7f0000000380), 0x4) socket$inet(0x2, 0x801, 0xc) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, &(0x7f0000000000)=@filter={'filter\x00', 0x2, 0x4, 0x3a0, 0xffffffff, 0x0, 0x130, 0x0, 0xfeffffff, 0xffffffff, 0x2d0, 0x2d0, 0x2d0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x2f2, 0x108, 0x130, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}, @common=@srh={{0x30}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x5040}}]}, @REJECT={0x28}}, {{@uncond, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}, {{@ipv6={@loopback, @remote, [], [], 'erspan0\x00', 'veth1_to_bond\x00'}, 0x0, 0xa8, 0xd0}, @REJECT={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x400) close_range(r3, 0xffffffffffffffff, 0x0) 205.130046ms ago: executing program 1 (id=2466): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0xfd3649826d894c67, 0x0, 0x0, {{@in6=@private0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x1, 0x0, 0x0, 0x0, 0x0, 0x800000, 0x0, 0xfffffffffffffffc}, {0x0, 0xacb0, 0x400000000}, 0x400}}, 0xb8}}, 0x4c050) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc00000019000100000000000000000020010000000000000000000000000000fc02000000000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000ffffffffffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000044000500ac1414aa000000000000000000000000000000003c0000"], 0xfc}}, 0x0) syz_emit_ethernet(0x46, &(0x7f00000009c0)={@link_local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x10, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_ra}}}}}, 0x0) 115.752639ms ago: executing program 4 (id=2467): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000f10000000000000095000000009bd3277060e1000000d5d31b335b0813d594c85f56b07391e31134e5001a1b7f5d457c105fc0420d126c81"], 0x0}, 0x94) ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, &(0x7f0000000500)={'syz_tun\x00', &(0x7f0000000180)=@ethtool_link_settings={0x4d, 0x400, 0xf, 0x80, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, [0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1]}}) r0 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_LINKMODES_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000640)={0x3c, r0, 0x1, 0x0, 0x0, {}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_LINKMODES_AUTONEG={0x5, 0x2, 0xfc}, @ETHTOOL_A_LINKMODES_SPEED={0x8, 0x5, 0x64}]}, 0x3c}}, 0x0) 106.845078ms ago: executing program 1 (id=2468): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e21, @multicast1}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='westwood\x00', 0x9) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, 0x0, 0x0) 0s ago: executing program 4 (id=2469): r0 = socket$inet6(0xa, 0x80002, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_CT_GET_STATS_CPU(r1, &(0x7f0000000400)={&(0x7f00000002c0)={0x10, 0x0, 0x0, 0x8000}, 0xc, &(0x7f00000003c0)={&(0x7f0000000300)={0x14, 0x4, 0x1, 0x3, 0x0, 0x0, {0xa, 0x0, 0xa}}, 0x14}, 0x1, 0x0, 0x0, 0x8000}, 0x1) setsockopt$inet6_udp_int(r0, 0x11, 0x67, &(0x7f0000000040)=0x91, 0x4) connect$inet6(r0, &(0x7f0000000140)={0xa, 0x4e24, 0x1ff, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x2a}}, 0x6}, 0x1c) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, 0x0, &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock}, 0x94) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f00000000c0)={0x14, 0x5, 0xd}) r5 = syz_kvm_add_vcpu$x86(0x0, &(0x7f0000000180)={0x0, 0x0}) ioctl$KVM_GET_VCPU_EVENTS(r5, 0x8040ae9f, &(0x7f00000001c0)=@arm64) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008f02"]) r6 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000080)=@newqdisc={0x60, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r8, {0x0, 0xa}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x4, 0x2, 0x0, 0x0, 0x7, 0x8}, {0x12, 0x3, 0x0, 0x1, 0x8001, 0x2400}, 0xa5, 0x4, 0x10100000}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}]}, 0x60}}, 0x44080) sendmsg$nl_route_sched(r6, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000380)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd26, 0x0, {0x60, 0x0, 0x0, r8, {}, {0xfff2, 0xa}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}}, 0x800) sendmmsg$inet6(r0, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000003980), 0x171}}], 0x400000000000172, 0x4001c00) kernel console output (not intermixed with test programs): 94.082827][ T5905] usb usb1-port1: unable to enumerate USB device [ 94.096315][ T5945] usb 3-1: Using ep0 maxpacket: 16 [ 94.107241][ T5945] usb 3-1: too many endpoints for config 0 interface 0 altsetting 229: 247, using maximum allowed: 30 [ 94.119069][ T5945] usb 3-1: config 0 interface 0 altsetting 229 has 0 endpoint descriptors, different from the interface descriptor's value: 247 [ 94.134076][ T5945] usb 3-1: config 0 interface 0 has no altsetting 0 [ 94.148713][ T5945] usb 3-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=59.31 [ 94.160495][ T5945] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.168583][ T5945] usb 3-1: Product: syz [ 94.172880][ T5945] usb 3-1: Manufacturer: syz [ 94.177907][ T5945] usb 3-1: SerialNumber: syz [ 94.187421][ T5945] usb 3-1: config 0 descriptor?? [ 94.197009][ T5945] usb 3-1: cannot find UAC_HEADER [ 94.215883][ T5945] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 94.225159][ T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 94.506764][ T3093] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 94.547001][ T10] usb 4-1: device descriptor read/8, error -71 [ 94.575847][ T5858] udevd[5858]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 94.656752][ T10] usb usb4-port1: unable to enumerate USB device [ 94.760622][ T3093] usb 2-1: Using ep0 maxpacket: 8 [ 94.769573][ T3093] usb 2-1: config 0 has an invalid interface number: 213 but max is 1 [ 94.778438][ T3093] usb 2-1: config 0 has an invalid interface number: 4 but max is 1 [ 94.789761][ T3093] usb 2-1: config 0 has no interface number 0 [ 94.981631][ T3093] usb 2-1: config 0 has no interface number 1 [ 95.005461][ T3093] usb 2-1: config 0 interface 213 altsetting 5 endpoint 0xD has invalid maxpacket 495, setting to 64 [ 95.028350][ T3093] usb 2-1: config 0 interface 213 altsetting 5 endpoint 0xE has invalid maxpacket 390, setting to 64 [ 95.039831][ T3093] usb 2-1: config 0 interface 213 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 95.053159][ T3093] usb 2-1: config 0 interface 213 altsetting 5 endpoint 0x4 has invalid maxpacket 1024, setting to 64 [ 95.064719][ T3093] usb 2-1: config 0 interface 4 altsetting 5 has a duplicate endpoint with address 0x4, skipping [ 95.077406][ T3093] usb 2-1: config 0 interface 4 altsetting 5 has an endpoint descriptor with address 0x95, changing to 0x85 [ 95.089608][ T3093] usb 2-1: config 0 interface 4 altsetting 5 endpoint 0x85 has invalid maxpacket 1023, setting to 64 [ 95.102250][ T3093] usb 2-1: config 0 interface 4 altsetting 5 has a duplicate endpoint with address 0xB, skipping [ 95.165317][ T3093] usb 2-1: config 0 interface 213 has no altsetting 0 [ 95.175772][ T3093] usb 2-1: config 0 interface 4 has no altsetting 0 [ 95.248262][ T3093] usb 2-1: New USB device found, idVendor=2013, idProduct=0259, bcdDevice=bc.a3 [ 95.341120][ T3093] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 95.391031][ T3093] usb 2-1: Product: 닟ⶳ쪝銷糓餔剳칬㻴呶ำዷ癊ᡋ䴰綦樃粈㧔硭⨚㣴⊏텛쉨锎 [ 95.433314][ T6215] openvswitch: netlink: Duplicate or invalid key (type 0). [ 95.446401][ T3093] usb 2-1: Manufacturer: Н [ 95.456454][ T3093] usb 2-1: SerialNumber: 뵯瑘峾ᨧ䏜芳ȅ㣑ᔡ痁첧䭨瀍岇䧲냂ಜ᳐ވ [ 95.476781][ T6198] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 95.487566][ T6215] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 95.510428][ T6198] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.544838][ T5946] usb 3-1: USB disconnect, device number 3 [ 95.545555][ T3093] usb 2-1: config 0 descriptor?? [ 95.583074][ T6218] netlink: 12 bytes leftover after parsing attributes in process `syz.3.74'. [ 95.626898][ T6218] bridge0: port 3(vlan2) entered blocking state [ 95.646897][ T6218] bridge0: port 3(vlan2) entered disabled state [ 95.653363][ T6218] vlan2: entered allmulticast mode [ 95.693455][ T6218] bridge0: entered allmulticast mode [ 95.718181][ T6218] vlan2: left allmulticast mode [ 95.726989][ T6218] bridge0: left allmulticast mode [ 95.831520][ T6220] FAULT_INJECTION: forcing a failure. [ 95.831520][ T6220] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 95.874249][ T6220] CPU: 0 UID: 0 PID: 6220 Comm: syz.4.75 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 95.874277][ T6220] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 95.874287][ T6220] Call Trace: [ 95.874294][ T6220] [ 95.874301][ T6220] dump_stack_lvl+0x189/0x250 [ 95.874327][ T6220] ? __pfx____ratelimit+0x10/0x10 [ 95.874353][ T6220] ? __pfx_dump_stack_lvl+0x10/0x10 [ 95.874371][ T6220] ? __pfx__printk+0x10/0x10 [ 95.874393][ T6220] ? __might_fault+0xb0/0x130 [ 95.874422][ T6220] should_fail_ex+0x414/0x560 [ 95.874451][ T6220] _copy_from_user+0x2d/0xb0 [ 95.874471][ T6220] restore_altstack+0x9d/0x4b0 [ 95.874494][ T6220] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 95.874520][ T6220] ? __pfx_restore_altstack+0x10/0x10 [ 95.874548][ T6220] ? _raw_spin_unlock_irq+0x23/0x50 [ 95.874569][ T6220] ? lockdep_hardirqs_on+0x9c/0x150 [ 95.874587][ T6220] __ia32_sys_rt_sigreturn+0x1ac/0x7b0 [ 95.874608][ T6220] ? lockdep_hardirqs_on+0x9c/0x150 [ 95.874631][ T6220] ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10 [ 95.874646][ T6220] ? _raw_spin_unlock_irq+0x2e/0x50 [ 95.874667][ T6220] ? signal_setup_done+0x230/0x310 [ 95.874689][ T6220] ? __lock_acquire+0xab9/0xd20 [ 95.874725][ T6220] ? __task_pid_nr_ns+0x28/0x470 [ 95.874752][ T6220] ? do_syscall_64+0xbe/0x3b0 [ 95.874772][ T6220] do_syscall_64+0xfa/0x3b0 [ 95.874787][ T6220] ? lockdep_hardirqs_on+0x9c/0x150 [ 95.874802][ T6220] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.874818][ T6220] ? clear_bhb_loop+0x60/0xb0 [ 95.874838][ T6220] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 95.874854][ T6220] RIP: 0033:0x7f39b532ab19 [ 95.874869][ T6220] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 95.874882][ T6220] RSP: 002b:00007f39b6285a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 95.874900][ T6220] RAX: ffffffffffffffda RBX: 00007f39b55b5fa0 RCX: 00007f39b532ab19 [ 95.874912][ T6220] RDX: 00007f39b6285a80 RSI: 00007f39b6285bb0 RDI: 0000000000000021 [ 95.874923][ T6220] RBP: 00007f39b6286090 R08: 0000000000000f3e R09: 0000000000000000 [ 95.874934][ T6220] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 95.874943][ T6220] R13: 0000000000000000 R14: 00007f39b55b5fa0 R15: 00007f39b56dfa28 [ 95.874970][ T6220] [ 96.181119][ T6224] FAULT_INJECTION: forcing a failure. [ 96.181119][ T6224] name failslab, interval 1, probability 0, space 0, times 0 [ 96.194199][ T6224] CPU: 0 UID: 0 PID: 6224 Comm: syz.3.76 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 96.194221][ T6224] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 96.194231][ T6224] Call Trace: [ 96.194238][ T6224] [ 96.194244][ T6224] dump_stack_lvl+0x189/0x250 [ 96.194269][ T6224] ? __pfx____ratelimit+0x10/0x10 [ 96.194294][ T6224] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.194313][ T6224] ? __pfx__printk+0x10/0x10 [ 96.194340][ T6224] ? __pfx___might_resched+0x10/0x10 [ 96.194371][ T6224] should_fail_ex+0x414/0x560 [ 96.194400][ T6224] should_failslab+0xa8/0x100 [ 96.194424][ T6224] __kmalloc_node_noprof+0xd1/0x4e0 [ 96.194444][ T6224] ? alloc_slab_obj_exts+0x39/0xa0 [ 96.194467][ T6224] alloc_slab_obj_exts+0x39/0xa0 [ 96.194486][ T6224] __memcg_slab_post_alloc_hook+0x31e/0x7f0 [ 96.194522][ T6224] kmem_cache_alloc_node_noprof+0x2bd/0x3c0 [ 96.194542][ T6224] ? __alloc_skb+0x112/0x2d0 [ 96.194566][ T6224] __alloc_skb+0x112/0x2d0 [ 96.194588][ T6224] alloc_skb_with_frags+0xca/0x890 [ 96.194612][ T6224] ? __lock_acquire+0xab9/0xd20 [ 96.194636][ T6224] sock_alloc_send_pskb+0x857/0x990 [ 96.194677][ T6224] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 96.194707][ T6224] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 96.194727][ T6224] unix_dgram_sendmsg+0x4f6/0x1870 [ 96.194766][ T6224] ? aa_sk_perm+0x81e/0x950 [ 96.194793][ T6224] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 96.194820][ T6224] ? aa_sock_msg_perm+0x94/0x160 [ 96.194844][ T6224] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 96.194858][ T6224] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 96.194881][ T6224] __sock_sendmsg+0x21c/0x270 [ 96.194901][ T6224] ____sys_sendmsg+0x52d/0x830 [ 96.194927][ T6224] ? __pfx_____sys_sendmsg+0x10/0x10 [ 96.194957][ T6224] ? import_iovec+0x74/0xa0 [ 96.194980][ T6224] ___sys_sendmsg+0x21f/0x2a0 [ 96.195003][ T6224] ? __pfx____sys_sendmsg+0x10/0x10 [ 96.195064][ T6224] ? __might_fault+0xb0/0x130 [ 96.195087][ T6224] __sys_sendmmsg+0x227/0x430 [ 96.195114][ T6224] ? __pfx___sys_sendmmsg+0x10/0x10 [ 96.195132][ T6224] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 96.195175][ T6224] ? ksys_write+0x22a/0x250 [ 96.195197][ T6224] ? __pfx_ksys_write+0x10/0x10 [ 96.195213][ T6224] ? rcu_is_watching+0x15/0xb0 [ 96.195238][ T6224] __x64_sys_sendmmsg+0xa0/0xc0 [ 96.195261][ T6224] do_syscall_64+0xfa/0x3b0 [ 96.195277][ T6224] ? lockdep_hardirqs_on+0x9c/0x150 [ 96.195292][ T6224] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.195308][ T6224] ? clear_bhb_loop+0x60/0xb0 [ 96.195328][ T6224] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.195344][ T6224] RIP: 0033:0x7f9324b8e929 [ 96.195366][ T6224] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.195379][ T6224] RSP: 002b:00007f93259d0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 96.195397][ T6224] RAX: ffffffffffffffda RBX: 00007f9324db5fa0 RCX: 00007f9324b8e929 [ 96.195409][ T6224] RDX: 0307017fdb7a66cb RSI: 0000200000002dc0 RDI: 0000000000000004 [ 96.195419][ T6224] RBP: 00007f93259d0090 R08: 0000000000000000 R09: 0000000000000000 [ 96.195429][ T6224] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 96.195439][ T6224] R13: 0000000000000000 R14: 00007f9324db5fa0 R15: 00007f9324edfa28 [ 96.195465][ T6224] [ 96.772481][ T6233] netlink: 40 bytes leftover after parsing attributes in process `syz.2.79'. [ 96.781727][ T6233] netlink: 40 bytes leftover after parsing attributes in process `syz.2.79'. [ 97.263934][ T3093] usb 2-1: USB disconnect, device number 7 [ 97.366937][ T5946] usb 1-1: new low-speed USB device number 8 using dummy_hcd [ 97.531622][ T6247] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 97.599874][ T5946] usb 1-1: Invalid ep0 maxpacket: 16 [ 97.762008][ T6248] netlink: 'syz.3.80': attribute type 10 has an invalid length. [ 97.769842][ T5946] usb 1-1: new low-speed USB device number 9 using dummy_hcd [ 98.026348][ T5946] usb 1-1: Invalid ep0 maxpacket: 16 [ 98.101650][ T5946] usb usb1-port1: attempt power cycle [ 98.587574][ T5946] usb 1-1: new low-speed USB device number 10 using dummy_hcd [ 98.623811][ T5946] usb 1-1: Invalid ep0 maxpacket: 16 [ 98.779792][ T5946] usb 1-1: new low-speed USB device number 11 using dummy_hcd [ 98.863193][ T5946] usb 1-1: Invalid ep0 maxpacket: 16 [ 98.900512][ T5946] usb usb1-port1: unable to enumerate USB device [ 99.368200][ T24] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 99.566352][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 99.574083][ T24] usb 2-1: config 0 has an invalid interface number: 85 but max is 0 [ 99.584116][ T24] usb 2-1: config 0 has no interface number 0 [ 99.590746][ T24] usb 2-1: config 0 interface 85 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 99.648535][ T24] usb 2-1: config 0 interface 85 has no altsetting 0 [ 99.719608][ T24] usb 2-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 99.788978][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.804359][ T24] usb 2-1: Product: syz [ 99.849276][ T24] usb 2-1: Manufacturer: syz [ 99.867765][ T24] usb 2-1: SerialNumber: syz [ 99.932661][ T24] usb 2-1: config 0 descriptor?? [ 99.953179][ T24] appletouch 2-1:0.85: Could not find int-in endpoint [ 99.983976][ T24] appletouch 2-1:0.85: probe with driver appletouch failed with error -5 [ 100.001753][ T24] usbhid 2-1:0.85: couldn't find an input interrupt endpoint [ 100.056078][ T6265] netlink: 40 bytes leftover after parsing attributes in process `syz.2.85'. [ 100.065938][ T6265] sch_tbf: burst 88 is lower than device netdevsim1 mtu (1514) ! [ 100.476388][ T6275] netlink: 12 bytes leftover after parsing attributes in process `syz.2.88'. [ 100.596461][ T5905] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 100.776564][ T5905] usb 4-1: Using ep0 maxpacket: 8 [ 100.798016][ T5905] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 100.926613][ T5905] usb 4-1: config 179 has no interface number 0 [ 100.961035][ T5905] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has an invalid bInterval 63, changing to 9 [ 100.999076][ T5905] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0xF has invalid maxpacket 57605, setting to 1024 [ 101.024789][ T5905] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has an invalid bInterval 52, changing to 9 [ 101.167486][ T5905] usb 4-1: config 179 interface 65 altsetting 12 endpoint 0x83 has invalid maxpacket 8241, setting to 1024 [ 101.186624][ T5905] usb 4-1: config 179 interface 65 altsetting 12 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 101.224100][ T5905] usb 4-1: config 179 interface 65 has no altsetting 0 [ 101.242052][ T5905] usb 4-1: New USB device found, idVendor=12ab, idProduct=0004, bcdDevice= 0.00 [ 101.257694][ T5905] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 101.503412][ T6273] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 101.523184][ T5905] input: Honey Bee Xbox360 dancepad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input8 [ 101.676380][ T6273] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 101.798059][ T5202] input input8: unable to receive magic message: -110 [ 101.943536][ T5202] input input8: unable to receive magic message: -32 [ 102.049669][ T5202] input input8: unable to receive magic message: -32 [ 102.065091][ T5918] usb 4-1: USB disconnect, device number 9 [ 102.065088][ C0] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 102.079950][ C0] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 102.154360][ T6289] program syz.2.91 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 102.189034][ T24] usb 2-1: USB disconnect, device number 8 [ 103.912618][ T6311] bridge1: entered promiscuous mode [ 103.928402][ T6311] bridge1: entered allmulticast mode [ 103.945497][ T6313] netlink: 'syz.3.97': attribute type 1 has an invalid length. [ 103.970463][ T6311] team0: Port device bridge1 added [ 104.139312][ T6313] 8021q: adding VLAN 0 to HW filter on device bond1 [ 104.264298][ T6316] bond1: (slave veth0_to_bond): Enslaving as an active interface with an up link [ 104.543415][ T6319] netlink: 40 bytes leftover after parsing attributes in process `syz.1.98'. [ 104.554649][ T6319] sch_tbf: burst 88 is lower than device team_slave_0 mtu (1514) ! [ 104.573880][ T6319] netlink: 20 bytes leftover after parsing attributes in process `syz.1.98'. [ 105.073029][ T6329] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.082037][ T6329] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.090977][ T6329] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.099844][ T6329] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 105.404406][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 105.404422][ T30] audit: type=1326 audit(1751816614.479:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dbd78e929 code=0x7ffc0000 [ 105.423037][ T6341] mmap: syz.3.106 (6341) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 105.552839][ T30] audit: type=1326 audit(1751816614.479:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=243 compat=0 ip=0x7f1dbd78e929 code=0x7ffc0000 [ 105.594466][ T30] audit: type=1326 audit(1751816614.479:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dbd78e929 code=0x7ffc0000 [ 105.625956][ T30] audit: type=1326 audit(1751816614.479:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f1dbd78e929 code=0x7ffc0000 [ 105.679826][ T30] audit: type=1326 audit(1751816614.479:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dbd78e929 code=0x7ffc0000 [ 105.760572][ T6348] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 106.214247][ T6354] netlink: 40 bytes leftover after parsing attributes in process `syz.0.109'. [ 106.224445][ T6354] sch_tbf: burst 88 is lower than device ipvlan1 mtu (1514) ! [ 106.256101][ T30] audit: type=1326 audit(1751816614.479:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f1dbd78e929 code=0x7ffc0000 [ 106.286397][ T6354] netlink: 20 bytes leftover after parsing attributes in process `syz.0.109'. [ 106.336335][ T30] audit: type=1326 audit(1751816614.479:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dbd78e929 code=0x7ffc0000 [ 106.537291][ T30] audit: type=1326 audit(1751816614.489:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1dbd78e929 code=0x7ffc0000 [ 106.564782][ T30] audit: type=1326 audit(1751816614.489:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dbd78e929 code=0x7ffc0000 [ 106.773751][ T30] audit: type=1326 audit(1751816614.489:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6335 comm="syz.0.104" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dbd78e929 code=0x7ffc0000 [ 106.833695][ T6360] netlink: 24 bytes leftover after parsing attributes in process `syz.2.110'. [ 106.863842][ T6361] netlink: 8 bytes leftover after parsing attributes in process `syz.4.105'. [ 106.872788][ T6361] netlink: 8 bytes leftover after parsing attributes in process `syz.4.105'. [ 107.819375][ T6376] 8021q: adding VLAN 0 to HW filter on device bond1 [ 107.828061][ T6376] bridge0: port 2(bond1) entered blocking state [ 107.834656][ T6376] bridge0: port 2(bond1) entered disabled state [ 107.841662][ T6376] bond1: entered allmulticast mode [ 107.849646][ T6376] bond1: entered promiscuous mode [ 107.855680][ T6376] bridge0: port 2(bond1) entered blocking state [ 107.862336][ T6376] bridge0: port 2(bond1) entered forwarding state [ 107.921132][ T36] bridge0: port 2(bond1) entered disabled state [ 109.272641][ T6405] netlink: 68 bytes leftover after parsing attributes in process `syz.4.122'. [ 109.282166][ T6405] unsupported nla_type 28183 [ 109.586067][ T6415] netlink: 161716 bytes leftover after parsing attributes in process `syz.3.124'. [ 109.627329][ T6415] netlink: zone id is out of range [ 109.635911][ T6415] netlink: zone id is out of range [ 109.676205][ T6415] netlink: zone id is out of range [ 109.689412][ T6415] netlink: zone id is out of range [ 109.694828][ T6415] netlink: zone id is out of range [ 109.702828][ T6415] netlink: zone id is out of range [ 109.758709][ T6415] netlink: zone id is out of range [ 109.765063][ T6415] netlink: zone id is out of range [ 109.771881][ T6415] netlink: zone id is out of range [ 109.780339][ T6415] netlink: zone id is out of range [ 109.949831][ T6421] program syz.1.126 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 111.026584][ T3093] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 111.299730][ T3093] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 111.329578][ T6443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.341943][ T6443] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.351017][ T3093] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 111.378611][ T3093] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 111.393187][ T6443] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.402104][ T3093] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 111.420203][ T6443] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.634362][ T3093] usb 1-1: GET_CAPABILITIES returned 0 [ 111.640057][ T3093] usbtmc 1-1:16.0: can't read capabilities [ 111.989034][ T6454] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 112.052275][ T6454] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 112.115201][ T6457] netlink: 8 bytes leftover after parsing attributes in process `syz.2.132'. [ 112.124228][ T6457] netlink: 8 bytes leftover after parsing attributes in process `syz.2.132'. [ 112.852319][ T10] usb 1-1: USB disconnect, device number 12 [ 113.179249][ T6470] netlink: 8 bytes leftover after parsing attributes in process `syz.1.137'. [ 113.193661][ T6475] FAULT_INJECTION: forcing a failure. [ 113.193661][ T6475] name fail_page_alloc, interval 1, probability 0, space 0, times 1 [ 113.218908][ T6470] netlink: 8 bytes leftover after parsing attributes in process `syz.1.137'. [ 113.236487][ T6475] CPU: 1 UID: 0 PID: 6475 Comm: syz.0.138 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 113.236513][ T6475] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 113.236523][ T6475] Call Trace: [ 113.236530][ T6475] [ 113.236538][ T6475] dump_stack_lvl+0x189/0x250 [ 113.236563][ T6475] ? __pfx____ratelimit+0x10/0x10 [ 113.236587][ T6475] ? __pfx_dump_stack_lvl+0x10/0x10 [ 113.236607][ T6475] ? __pfx__printk+0x10/0x10 [ 113.236630][ T6475] ? fs_reclaim_acquire+0x7d/0x100 [ 113.236679][ T6475] should_fail_ex+0x414/0x560 [ 113.236708][ T6475] prepare_alloc_pages+0x213/0x610 [ 113.236745][ T6475] __alloc_frozen_pages_noprof+0x123/0x370 [ 113.236773][ T6475] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 113.236794][ T6475] ? do_raw_spin_lock+0x121/0x290 [ 113.236819][ T6475] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 113.236844][ T6475] ? policy_nodemask+0x27c/0x720 [ 113.236869][ T6475] alloc_pages_mpol+0x232/0x4a0 [ 113.236894][ T6475] alloc_pages_noprof+0xa9/0x190 [ 113.236917][ T6475] get_free_pages_noprof+0xf/0x80 [ 113.236940][ T6475] __pollwait+0x27b/0x460 [ 113.236962][ T6475] ? __pfx___pollwait+0x10/0x10 [ 113.236980][ T6475] pipe_poll+0x16c/0x470 [ 113.237003][ T6475] ? __pfx_pipe_poll+0x10/0x10 [ 113.237023][ T6475] do_sys_poll+0x8c9/0x1070 [ 113.237049][ T6475] ? do_sys_poll+0x3f1/0x1070 [ 113.237077][ T6475] ? __pfx_do_sys_poll+0x10/0x10 [ 113.237104][ T6475] ? __pfx___pollwait+0x10/0x10 [ 113.237129][ T6475] ? __pfx_pollwake+0x10/0x10 [ 113.237150][ T6475] ? __pfx_pollwake+0x10/0x10 [ 113.237171][ T6475] ? __pfx_pollwake+0x10/0x10 [ 113.237191][ T6475] ? __pfx_pollwake+0x10/0x10 [ 113.237213][ T6475] ? __pfx_pollwake+0x10/0x10 [ 113.237235][ T6475] ? __pfx_pollwake+0x10/0x10 [ 113.237258][ T6475] ? __pfx_pollwake+0x10/0x10 [ 113.237281][ T6475] ? __pfx_pollwake+0x10/0x10 [ 113.237304][ T6475] ? __pfx_pollwake+0x10/0x10 [ 113.237325][ T6475] ? rcu_read_lock_any_held+0xb3/0x120 [ 113.237345][ T6475] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 113.237368][ T6475] ? vfs_write+0x8d8/0xa90 [ 113.237412][ T6475] ? set_user_sigmask+0xc7/0x1b0 [ 113.237431][ T6475] ? __pfx_set_user_sigmask+0x10/0x10 [ 113.237460][ T6475] __se_sys_ppoll+0x1ff/0x260 [ 113.237483][ T6475] ? __pfx___se_sys_ppoll+0x10/0x10 [ 113.237503][ T6475] ? __pfx_ksys_write+0x10/0x10 [ 113.237520][ T6475] ? rcu_is_watching+0x15/0xb0 [ 113.237543][ T6475] ? do_syscall_64+0xbe/0x3b0 [ 113.237559][ T6475] ? __x64_sys_ppoll+0x20/0xc0 [ 113.237581][ T6475] do_syscall_64+0xfa/0x3b0 [ 113.237596][ T6475] ? lockdep_hardirqs_on+0x9c/0x150 [ 113.237612][ T6475] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.237628][ T6475] ? clear_bhb_loop+0x60/0xb0 [ 113.237648][ T6475] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 113.237664][ T6475] RIP: 0033:0x7f1dbd78e929 [ 113.237680][ T6475] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.237693][ T6475] RSP: 002b:00007f1dbe6c2038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 113.237711][ T6475] RAX: ffffffffffffffda RBX: 00007f1dbd9b5fa0 RCX: 00007f1dbd78e929 [ 113.237729][ T6475] RDX: 0000000000000000 RSI: 20000000000000dc RDI: 00002000000000c0 [ 113.237740][ T6475] RBP: 00007f1dbe6c2090 R08: 0000000000000000 R09: 0000000000000000 [ 113.237750][ T6475] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.237760][ T6475] R13: 0000000000000000 R14: 00007f1dbd9b5fa0 R15: 00007f1dbdadfa28 [ 113.237786][ T6475] [ 113.581267][ C1] vkms_vblank_simulate: vblank timer overrun [ 113.969141][ T6480] IPVS: sync thread started: state = BACKUP, mcast_ifn = lo, syncid = 5, id = 0 [ 114.216493][ T24] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 114.389864][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 114.414384][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 114.438094][ T24] usb 2-1: New USB device found, idVendor=0c70, idProduct=f00d, bcdDevice= 0.00 [ 114.446361][ T5946] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 114.485306][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.518929][ T24] usb 2-1: config 0 descriptor?? [ 114.599073][ T5946] usb 1-1: device descriptor read/64, error -71 [ 114.745952][ T6486] ALSA: mixer_oss: invalid OSS volume '010000E0' [ 114.759883][ T6486] ALSA: mixer_oss: invalid OSS volume '4' [ 114.781012][ T6486] ALSA: mixer_oss: invalid OSS volume '010000E0' [ 114.790808][ T6486] ALSA: mixer_oss: invalid OSS volume '5' [ 114.803882][ T6486] ALSA: mixer_oss: invalid OSS volume '010000E0' [ 114.833189][ T6494] netlink: 8 bytes leftover after parsing attributes in process `syz.4.142'. [ 114.842350][ T6486] ALSA: mixer_oss: invalid OSS volume '6' [ 114.852638][ T6486] ALSA: mixer_oss: invalid OSS volume '' [ 114.876319][ T5946] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 115.017875][ T5946] usb 1-1: device descriptor read/64, error -71 [ 115.140300][ T5946] usb usb1-port1: attempt power cycle [ 115.185843][ T24] usbhid 2-1:0.0: can't add hid device: -71 [ 115.185958][ T24] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 115.202915][ T24] usb 2-1: USB disconnect, device number 9 [ 115.496551][ T5946] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 115.517064][ T5946] usb 1-1: device descriptor read/8, error -71 [ 115.756461][ T5946] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 115.826527][ T5946] usb 1-1: device descriptor read/8, error -71 [ 115.936563][ T5946] usb usb1-port1: unable to enumerate USB device [ 116.425718][ T6525] net_ratelimit: 674 callbacks suppressed [ 116.425798][ T6525] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 116.596446][ T5946] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 116.751048][ T5946] usb 2-1: Using ep0 maxpacket: 16 [ 116.774097][ T5946] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 116.801055][ T5946] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 116.819029][ T5946] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 116.873694][ T5946] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.903592][ T5946] usb 2-1: Product: syz [ 116.913591][ T5946] usb 2-1: Manufacturer: syz [ 116.926141][ T5946] usb 2-1: SerialNumber: syz [ 117.184452][ T5946] usb 2-1: 0:2 : does not exist [ 117.272909][ T5946] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 117.346829][ T5946] usb 2-1: USB disconnect, device number 10 [ 117.786179][ T6534] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 117.820488][ T6534] netlink: 'syz.2.153': attribute type 10 has an invalid length. [ 118.025775][ T6543] netlink: 'syz.1.155': attribute type 1 has an invalid length. [ 118.179902][ T6546] netlink: 8 bytes leftover after parsing attributes in process `syz.1.155'. [ 119.076534][ T6559] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 119.112925][ T6543] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 119.119747][ T6546] netlink: 'syz.1.155': attribute type 2 has an invalid length. [ 119.362773][ T6564] netlink: 8 bytes leftover after parsing attributes in process `syz.4.160'. [ 119.371851][ T6564] netlink: 8 bytes leftover after parsing attributes in process `syz.4.160'. [ 119.727610][ T6572] netlink: 8 bytes leftover after parsing attributes in process `syz.2.164'. [ 119.791437][ T6572] netlink: 8 bytes leftover after parsing attributes in process `syz.2.164'. [ 120.274132][ T6583] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 120.282190][ T6583] batadv_slave_0: entered promiscuous mode [ 121.581715][ T6609] bridge2: entered promiscuous mode [ 121.587077][ T6609] bridge2: entered allmulticast mode [ 121.599746][ T6609] team0: Port device bridge2 added [ 121.651041][ T6608] netlink: 20 bytes leftover after parsing attributes in process `syz.0.173'. [ 121.837945][ T6615] bridge1: entered promiscuous mode [ 121.843201][ T6615] bridge1: entered allmulticast mode [ 121.876826][ T6615] team0: Port device bridge1 added [ 122.590585][ T6621] netlink: 28 bytes leftover after parsing attributes in process `syz.0.176'. [ 122.623029][ T6621] netlink: 8 bytes leftover after parsing attributes in process `syz.0.176'. [ 122.788121][ T6627] netlink: 12 bytes leftover after parsing attributes in process `syz.1.175'. [ 122.860433][ T6627] netlink: 4 bytes leftover after parsing attributes in process `syz.1.175'. [ 123.246333][ T5946] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 123.427133][ T5946] usb 4-1: Using ep0 maxpacket: 8 [ 123.443433][ T5946] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 123.453503][ T5946] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.462547][ T5946] usb 4-1: Product: syz [ 123.467252][ T5946] usb 4-1: Manufacturer: syz [ 123.472621][ T5946] usb 4-1: SerialNumber: syz [ 123.481799][ T5946] usb 4-1: config 0 descriptor?? [ 123.700036][ T5946] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 123.856441][ T5905] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 124.034250][ T6655] sctp: [Deprecated]: syz.0.186 (pid 6655) Use of int in maxseg socket option. [ 124.034250][ T6655] Use struct sctp_assoc_value instead [ 124.095435][ T5905] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 124.111713][ T5905] usb 5-1: config 0 interface 0 has no altsetting 0 [ 124.168411][ T6655] netlink: 'syz.0.186': attribute type 10 has an invalid length. [ 124.198272][ T6655] veth0_vlan: left promiscuous mode [ 124.218877][ T5905] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 124.229386][ T6655] veth0_vlan: entered promiscuous mode [ 124.242035][ T6655] team0: Device veth0_vlan failed to register rx_handler [ 124.279993][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 124.297227][ T5905] usb 5-1: Product: syz [ 124.332916][ T5905] usb 5-1: Manufacturer: syz [ 124.353885][ T5905] usb 5-1: SerialNumber: syz [ 124.410212][ T5905] usb 5-1: config 0 descriptor?? [ 124.424804][ T5905] usb 5-1: selecting invalid altsetting 0 [ 125.353614][ T5946] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 125.424519][ T5946] usb 4-1: USB disconnect, device number 11 [ 125.571696][ T6663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 125.582119][ T6663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 125.655895][ T6644] netlink: 8 bytes leftover after parsing attributes in process `syz.4.184'. [ 125.947742][ T6671] bridge_slave_0: left allmulticast mode [ 125.953451][ T6671] bridge_slave_0: left promiscuous mode [ 125.960560][ T6671] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.995357][ T6671] bond0: (slave bridge_slave_1): Releasing backup interface [ 126.008314][ T6671] bond0: (slave bond_slave_0): Releasing backup interface [ 126.043930][ T6671] bond0: (slave bond_slave_1): Releasing backup interface [ 126.166967][ T6671] team0: Port device team_slave_0 removed [ 126.177702][ T6671] team0: Port device team_slave_1 removed [ 126.184040][ T6671] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 126.198258][ T6671] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.206147][ T6671] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 126.225339][ T6671] bond1: left allmulticast mode [ 126.231029][ T6671] bond1: left promiscuous mode [ 126.238149][ T6671] bridge0: port 2(bond1) entered disabled state [ 126.716695][ T5946] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 126.809902][ T6655] syz.0.186 (6655) used greatest stack depth: 20008 bytes left [ 126.833514][ T24] usb 5-1: USB disconnect, device number 3 [ 126.933407][ T6684] bridge1: entered promiscuous mode [ 126.947222][ T6684] bridge1: entered allmulticast mode [ 126.991225][ T5946] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 127.082779][ T5946] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 127.142366][ T5946] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.156130][ T6684] team0: Port device bridge1 added [ 127.234070][ T5946] usb 3-1: config 0 descriptor?? [ 127.345155][ T6694] netlink: 24 bytes leftover after parsing attributes in process `syz.4.195'. [ 127.379063][ T5946] pwc: Askey VC010 type 2 USB webcam detected. [ 128.027608][ T5946] pwc: recv_control_msg error -32 req 02 val 2b00 [ 128.039015][ T5946] pwc: recv_control_msg error -32 req 02 val 2700 [ 128.055251][ T5946] pwc: recv_control_msg error -32 req 02 val 2c00 [ 128.063026][ T5946] pwc: recv_control_msg error -32 req 04 val 1000 [ 128.070864][ T5946] pwc: recv_control_msg error -32 req 04 val 1300 [ 128.077988][ T5946] pwc: recv_control_msg error -32 req 04 val 1400 [ 128.085606][ T5946] pwc: recv_control_msg error -32 req 02 val 2000 [ 128.300127][ T5946] pwc: recv_control_msg error -32 req 04 val 1500 [ 128.307642][ T5946] pwc: recv_control_msg error -32 req 02 val 2500 [ 128.331930][ T6698] RDS: rds_bind could not find a transport for fe80::bb, load rds_tcp or rds_rdma? [ 128.523255][ T6707] netlink: 36 bytes leftover after parsing attributes in process `syz.1.200'. [ 128.523449][ T5946] pwc: recv_control_msg error -71 req 02 val 2600 [ 128.548089][ T5946] pwc: recv_control_msg error -71 req 02 val 2900 [ 128.555152][ T5946] pwc: recv_control_msg error -71 req 02 val 2800 [ 128.607459][ T5946] pwc: recv_control_msg error -71 req 04 val 1100 [ 128.636566][ T5946] pwc: recv_control_msg error -71 req 04 val 1200 [ 128.663683][ T5946] pwc: Registered as video103. [ 128.717558][ T5946] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input10 [ 128.759216][ T5946] usb 3-1: USB disconnect, device number 4 [ 129.630193][ T6722] netlink: 40 bytes leftover after parsing attributes in process `syz.2.204'. [ 129.732691][ T6722] (unnamed net_device) (uninitialized): option arp_interval: invalid value (18446744073709551615) [ 129.743694][ T6722] (unnamed net_device) (uninitialized): option arp_interval: allowed values 0 - 2147483647 [ 129.911338][ T6732] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 130.598957][ T24] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 130.786496][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 130.915839][ T24] usb 5-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 130.927318][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.936274][ T24] usb 5-1: Product: syz [ 130.940435][ T24] usb 5-1: Manufacturer: syz [ 130.945007][ T24] usb 5-1: SerialNumber: syz [ 131.032372][ T24] usb 5-1: config 0 descriptor?? [ 131.066482][ T24] gspca_main: sq930x-2.14.0 probing 2770:930c [ 131.488310][ T3093] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 131.606584][ T24] gspca_sq930x: reg_r 001f failed -110 [ 131.612277][ T24] sq930x 5-1:0.0: probe with driver sq930x failed with error -110 [ 131.661139][ T6761] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 131.670326][ T3093] usb 1-1: config 0 has no interfaces? [ 131.692308][ T3093] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 131.748483][ T3093] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.760968][ T3093] usb 1-1: Product: syz [ 131.766394][ T3093] usb 1-1: Manufacturer: syz [ 131.771301][ T3093] usb 1-1: SerialNumber: syz [ 131.778659][ T3093] usb 1-1: config 0 descriptor?? [ 131.804260][ T6761] netlink: 'syz.3.217': attribute type 5 has an invalid length. [ 131.934638][ T6761] netlink: 199836 bytes leftover after parsing attributes in process `syz.3.217'. [ 131.986642][ T5905] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 132.641938][ T5848] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 132.829855][ T5848] usb 2-1: Using ep0 maxpacket: 8 [ 132.867125][ T5848] usb 2-1: unable to get BOS descriptor or descriptor too short [ 132.875383][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.881811][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.909688][ T5848] usb 2-1: config 1 interface 0 altsetting 13 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 132.955700][ T5848] usb 2-1: config 1 interface 0 altsetting 13 bulk endpoint 0x82 has invalid maxpacket 8 [ 133.001115][ T5848] usb 2-1: config 1 interface 0 altsetting 13 bulk endpoint 0x3 has invalid maxpacket 1024 [ 133.030249][ T5848] usb 2-1: config 1 interface 0 has no altsetting 0 [ 133.059595][ T5848] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 133.084630][ T5848] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.112836][ T5848] usb 2-1: Product: syz [ 133.142206][ T5905] usb 5-1: USB disconnect, device number 4 [ 133.163300][ T5848] usb 2-1: Manufacturer: syz [ 133.183195][ T5848] usb 2-1: SerialNumber: syz [ 133.254517][ T6768] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 133.276049][ T6768] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 133.504402][ T6768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 133.552596][ T6768] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 133.700700][ T5848] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -71 [ 133.725350][ T5848] usb 2-1: USB disconnect, device number 11 [ 133.896678][ T24] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 133.974261][ T6789] netlink: 'syz.2.227': attribute type 1 has an invalid length. [ 134.066491][ T24] usb 4-1: Using ep0 maxpacket: 8 [ 134.075515][ T24] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 134.113110][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.151578][ T5905] usb 1-1: USB disconnect, device number 17 [ 134.173633][ T24] usb 4-1: Product: syz [ 134.233451][ T24] usb 4-1: Manufacturer: syz [ 134.255158][ T6791] netlink: 8 bytes leftover after parsing attributes in process `syz.4.228'. [ 134.264343][ T24] usb 4-1: SerialNumber: syz [ 134.293699][ T6791] netlink: 8 bytes leftover after parsing attributes in process `syz.4.228'. [ 134.321124][ T24] usb 4-1: config 0 descriptor?? [ 134.555421][ T24] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 135.006382][ T5904] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 135.160825][ T24] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 135.226353][ T5904] usb 1-1: Using ep0 maxpacket: 32 [ 135.241843][ T6804] netlink: 12 bytes leftover after parsing attributes in process `syz.2.231'. [ 135.261018][ T5904] usb 1-1: New USB device found, idVendor=046d, idProduct=08f6, bcdDevice=81.8a [ 135.266481][ T6804] netlink: 4 bytes leftover after parsing attributes in process `syz.2.231'. [ 135.280994][ T5904] usb 1-1: New USB device strings: Mfr=0, Product=9, SerialNumber=0 [ 135.312756][ T5904] usb 1-1: Product: syz [ 135.328259][ T5904] usb 1-1: config 0 descriptor?? [ 135.349753][ T5904] gspca_main: STV06xx-2.14.0 probing 046d:08f6 [ 135.364153][ T6805] netlink: 'syz.4.232': attribute type 1 has an invalid length. [ 135.376687][ T5904] gspca_stv06xx: st6422 sensor detected [ 135.541622][ T6799] warning: `syz.0.230' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 135.688576][ T6799] netlink: 8 bytes leftover after parsing attributes in process `syz.0.230'. [ 135.819979][ T5904] STV06xx 1-1:0.0: probe with driver STV06xx failed with error -71 [ 135.832256][ T5904] usb 1-1: USB disconnect, device number 18 [ 136.660257][ T3093] usb 4-1: USB disconnect, device number 13 [ 136.778626][ T6834] program syz.3.241 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 136.816633][ T24] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 136.896802][ T6837] netlink: 8 bytes leftover after parsing attributes in process `syz.1.242'. [ 136.972841][ T6837] netlink: 8 bytes leftover after parsing attributes in process `syz.1.242'. [ 136.986350][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 137.037346][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 137.053337][ T6840] netlink: 'syz.2.243': attribute type 2 has an invalid length. [ 137.055631][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 137.076340][ T5905] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 137.178675][ T24] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xF has invalid maxpacket 0 [ 137.231267][ T5905] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 137.242526][ T5905] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 137.263112][ T5905] usb 5-1: New USB device found, idVendor=04e2, idProduct=1420, bcdDevice=9e.b9 [ 137.274299][ T5905] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.282951][ T5905] usb 5-1: Product: syz [ 137.287298][ T5905] usb 5-1: Manufacturer: syz [ 137.291965][ T5905] usb 5-1: SerialNumber: syz [ 137.305766][ T5905] usb 5-1: config 0 descriptor?? [ 137.426656][ T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 137.554374][ T24] usb 1-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 137.564573][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.573367][ T24] usb 1-1: Product: syz [ 137.577914][ T24] usb 1-1: Manufacturer: syz [ 137.701146][ T24] usb 1-1: SerialNumber: syz [ 137.731761][ T6833] FAULT_INJECTION: forcing a failure. [ 137.731761][ T6833] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 137.745374][ T6833] CPU: 1 UID: 0 PID: 6833 Comm: syz.4.240 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 137.745399][ T6833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 137.745410][ T6833] Call Trace: [ 137.745417][ T6833] [ 137.745425][ T6833] dump_stack_lvl+0x189/0x250 [ 137.745460][ T6833] ? __pfx____ratelimit+0x10/0x10 [ 137.745486][ T6833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 137.745504][ T6833] ? __pfx__printk+0x10/0x10 [ 137.745524][ T6833] ? __might_fault+0xb0/0x130 [ 137.745553][ T6833] should_fail_ex+0x414/0x560 [ 137.745578][ T6833] _copy_from_user+0x2d/0xb0 [ 137.745590][ T6833] ___sys_sendmsg+0x158/0x2a0 [ 137.745604][ T6833] ? __pfx____sys_sendmsg+0x10/0x10 [ 137.745634][ T6833] ? __fget_files+0x2a/0x420 [ 137.745645][ T6833] ? __fget_files+0x3a0/0x420 [ 137.745662][ T6833] __sys_sendmmsg+0x227/0x430 [ 137.745677][ T6833] ? __pfx___sys_sendmmsg+0x10/0x10 [ 137.745687][ T6833] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 137.745710][ T6833] ? ksys_write+0x22a/0x250 [ 137.745722][ T6833] ? __pfx_ksys_write+0x10/0x10 [ 137.745731][ T6833] ? rcu_is_watching+0x15/0xb0 [ 137.745746][ T6833] __x64_sys_sendmmsg+0xa0/0xc0 [ 137.745758][ T6833] do_syscall_64+0xfa/0x3b0 [ 137.745767][ T6833] ? lockdep_hardirqs_on+0x9c/0x150 [ 137.745776][ T6833] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.745785][ T6833] ? clear_bhb_loop+0x60/0xb0 [ 137.745796][ T6833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 137.745805][ T6833] RIP: 0033:0x7f39b538e929 [ 137.745820][ T6833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 137.745827][ T6833] RSP: 002b:00007f39b6286038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 137.745841][ T6833] RAX: ffffffffffffffda RBX: 00007f39b55b5fa0 RCX: 00007f39b538e929 [ 137.745847][ T6833] RDX: 0000000000000001 RSI: 0000200000000e80 RDI: 0000000000000003 [ 137.745853][ T6833] RBP: 00007f39b6286090 R08: 0000000000000000 R09: 0000000000000000 [ 137.745858][ T6833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 137.745864][ T6833] R13: 0000000000000000 R14: 00007f39b55b5fa0 R15: 00007f39b56dfa28 [ 137.745878][ T6833] [ 137.974906][ T24] usb 1-1: config 0 descriptor?? [ 138.083331][ T24] port100 1-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint [ 138.096496][ T24] usb 5-1: USB disconnect, device number 5 [ 138.350284][ T6860] netlink: 12 bytes leftover after parsing attributes in process `syz.0.238'. [ 138.413059][ T5945] usb 1-1: USB disconnect, device number 19 [ 138.866810][ T5945] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 139.034797][ T5945] usb 3-1: config 0 has an invalid interface number: 101 but max is 0 [ 139.043199][ T5945] usb 3-1: config 0 has no interface number 0 [ 139.091332][ T5945] usb 3-1: config 0 interface 101 altsetting 0 endpoint 0x9 has an invalid bInterval 0, changing to 7 [ 139.146107][ T5945] usb 3-1: config 0 interface 101 altsetting 0 endpoint 0x9 has invalid maxpacket 2007, setting to 1024 [ 139.202097][ T5945] usb 3-1: New USB device found, idVendor=093a, idProduct=2623, bcdDevice=b2.14 [ 139.217034][ T5945] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.239312][ T5945] usb 3-1: Product: syz [ 139.250946][ T5945] usb 3-1: Manufacturer: syz [ 139.302679][ T5945] usb 3-1: SerialNumber: syz [ 139.332224][ T5945] usb 3-1: config 0 descriptor?? [ 139.345120][ T30] kauditd_printk_skb: 63 callbacks suppressed [ 139.345131][ T30] audit: type=1326 audit(1751816648.419:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6874 comm="syz.0.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dbd78e929 code=0x7ffc0000 [ 139.389516][ T5945] gspca_main: gspca_pac7302-2.14.0 probing 093a:2623 [ 139.482459][ T30] audit: type=1326 audit(1751816648.419:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6874 comm="syz.0.254" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1dbd78e929 code=0x7ffc0000 [ 139.504467][ T6879] netlink: 28 bytes leftover after parsing attributes in process `syz.1.255'. [ 139.553427][ T6879] netlink: 8 bytes leftover after parsing attributes in process `syz.1.255'. [ 140.273377][ T5945] input: gspca_pac7302 as /devices/platform/dummy_hcd.2/usb3/3-1/input/input11 [ 140.609555][ T6892] FAULT_INJECTION: forcing a failure. [ 140.609555][ T6892] name failslab, interval 1, probability 0, space 0, times 0 [ 140.622446][ T6892] CPU: 1 UID: 0 PID: 6892 Comm: syz.4.258 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 140.622469][ T6892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 140.622479][ T6892] Call Trace: [ 140.622487][ T6892] [ 140.622494][ T6892] dump_stack_lvl+0x189/0x250 [ 140.622520][ T6892] ? __pfx____ratelimit+0x10/0x10 [ 140.622546][ T6892] ? __pfx_dump_stack_lvl+0x10/0x10 [ 140.622565][ T6892] ? __pfx__printk+0x10/0x10 [ 140.622587][ T6892] ? register_lock_class+0x51/0x320 [ 140.622616][ T6892] should_fail_ex+0x414/0x560 [ 140.622645][ T6892] should_failslab+0xa8/0x100 [ 140.622669][ T6892] kmem_cache_alloc_noprof+0x73/0x3c0 [ 140.622689][ T6892] ? inet_bind2_bucket_create+0x34/0x4b0 [ 140.622714][ T6892] inet_bind2_bucket_create+0x34/0x4b0 [ 140.622739][ T6892] inet_csk_get_port+0xdee/0x16e0 [ 140.622762][ T6892] ? inet_csk_get_port+0xba1/0x16e0 [ 140.622789][ T6892] ? lockdep_hardirqs_on+0x9c/0x150 [ 140.622806][ T6892] ? __local_bh_enable_ip+0x12d/0x1c0 [ 140.622825][ T6892] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 140.622848][ T6892] ? do_raw_spin_unlock+0x122/0x240 [ 140.622876][ T6892] __inet_bind+0x5dd/0xb80 [ 140.622899][ T6892] inet_bind_sk+0x120/0x1e0 [ 140.622916][ T6892] ? __local_bh_enable_ip+0x12d/0x1c0 [ 140.622934][ T6892] ? __pfx_inet_bind_sk+0x10/0x10 [ 140.622955][ T6892] ? mptcp_info2sockaddr+0x16a/0x3f0 [ 140.622985][ T6892] mptcp_pm_nl_add_addr_doit+0x110b/0x1460 [ 140.623011][ T6892] ? __nla_validate_parse+0x2400/0x2d40 [ 140.623040][ T6892] ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10 [ 140.623071][ T6892] ? __pfx___nla_validate_parse+0x10/0x10 [ 140.623127][ T6892] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 140.623154][ T6892] genl_family_rcv_msg_doit+0x212/0x300 [ 140.623178][ T6892] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 140.623215][ T6892] ? bpf_lsm_capable+0x9/0x20 [ 140.623231][ T6892] ? security_capable+0x7e/0x2e0 [ 140.623262][ T6892] genl_rcv_msg+0x60e/0x790 [ 140.623292][ T6892] ? __pfx_genl_rcv_msg+0x10/0x10 [ 140.623314][ T6892] ? ref_tracker_free+0x63a/0x7d0 [ 140.623329][ T6892] ? __pfx_mptcp_pm_nl_add_addr_doit+0x10/0x10 [ 140.623354][ T6892] ? __pfx_ref_tracker_free+0x10/0x10 [ 140.623382][ T6892] netlink_rcv_skb+0x208/0x470 [ 140.623404][ T6892] ? __pfx_genl_rcv_msg+0x10/0x10 [ 140.623429][ T6892] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 140.623468][ T6892] ? down_read+0x1ad/0x2e0 [ 140.623489][ T6892] genl_rcv+0x28/0x40 [ 140.623510][ T6892] netlink_unicast+0x75b/0x8d0 [ 140.623540][ T6892] netlink_sendmsg+0x805/0xb30 [ 140.623571][ T6892] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.623600][ T6892] ? aa_sock_msg_perm+0x94/0x160 [ 140.623626][ T6892] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 140.623642][ T6892] ? __pfx_netlink_sendmsg+0x10/0x10 [ 140.623663][ T6892] __sock_sendmsg+0x21c/0x270 [ 140.623684][ T6892] ____sys_sendmsg+0x505/0x830 [ 140.623712][ T6892] ? __pfx_____sys_sendmsg+0x10/0x10 [ 140.623743][ T6892] ? import_iovec+0x74/0xa0 [ 140.623767][ T6892] ___sys_sendmsg+0x21f/0x2a0 [ 140.623791][ T6892] ? __pfx____sys_sendmsg+0x10/0x10 [ 140.623850][ T6892] ? __fget_files+0x2a/0x420 [ 140.623872][ T6892] ? __fget_files+0x3a0/0x420 [ 140.623904][ T6892] __x64_sys_sendmsg+0x19b/0x260 [ 140.623929][ T6892] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 140.623961][ T6892] ? __pfx_ksys_write+0x10/0x10 [ 140.623988][ T6892] ? rcu_is_watching+0x15/0xb0 [ 140.624014][ T6892] ? do_syscall_64+0xbe/0x3b0 [ 140.624034][ T6892] do_syscall_64+0xfa/0x3b0 [ 140.624050][ T6892] ? lockdep_hardirqs_on+0x9c/0x150 [ 140.624065][ T6892] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.624082][ T6892] ? clear_bhb_loop+0x60/0xb0 [ 140.624102][ T6892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 140.624118][ T6892] RIP: 0033:0x7f39b538e929 [ 140.624135][ T6892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 140.624148][ T6892] RSP: 002b:00007f39b6265038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 140.624165][ T6892] RAX: ffffffffffffffda RBX: 00007f39b55b6080 RCX: 00007f39b538e929 [ 140.624177][ T6892] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000008 [ 140.624187][ T6892] RBP: 00007f39b6265090 R08: 0000000000000000 R09: 0000000000000000 [ 140.624197][ T6892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 140.624207][ T6892] R13: 0000000000000000 R14: 00007f39b55b6080 R15: 00007f39b56dfa28 [ 140.624235][ T6892] [ 141.310595][ T6898] netlink: 68 bytes leftover after parsing attributes in process `syz.1.261'. [ 141.486714][ T6897] netlink: 'syz.3.259': attribute type 9 has an invalid length. [ 141.553051][ T6897] netlink: 'syz.3.259': attribute type 6 has an invalid length. [ 141.615857][ T6897] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 141.647139][ T3093] usb 3-1: USB disconnect, device number 5 [ 145.295775][ T6997] netlink: 'syz.0.298': attribute type 3 has an invalid length. [ 145.988638][ T7023] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 146.084207][ T42] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 146.384000][ T7041] netlink: 'syz.2.319': attribute type 3 has an invalid length. [ 146.619106][ T7051] netlink: 64 bytes leftover after parsing attributes in process `syz.3.323'. [ 150.226433][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 150.366476][ T7117] netlink: 8 bytes leftover after parsing attributes in process `syz.4.347'. [ 150.388326][ T7117] netlink: 8 bytes leftover after parsing attributes in process `syz.4.347'. [ 151.037900][ T7137] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 151.705131][ T7147] netlink: 64 bytes leftover after parsing attributes in process `syz.1.359'. [ 151.942053][ T7153] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 155.366861][ T7216] syzkaller1: entered promiscuous mode [ 155.372383][ T7216] syzkaller1: entered allmulticast mode [ 155.918032][ T7226] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 155.942264][ T5905] wlan1: No legacy rates in association response [ 155.960502][ T7232] input: syz0 as /devices/virtual/input/input14 [ 157.058064][ T7269] netlink: 4 bytes leftover after parsing attributes in process `syz.1.410'. [ 157.170520][ T7273] netlink: 'syz.0.412': attribute type 12 has an invalid length. [ 157.203894][ T7273] netlink: 'syz.0.412': attribute type 29 has an invalid length. [ 157.240461][ T7273] netlink: 148 bytes leftover after parsing attributes in process `syz.0.412'. [ 157.282881][ T7273] netlink: 'syz.0.412': attribute type 2 has an invalid length. [ 157.299176][ T7273] netlink: 43 bytes leftover after parsing attributes in process `syz.0.412'. [ 158.477448][ T30] audit: type=1326 audit(1751816667.559:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7308 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b538e929 code=0x7fc00000 [ 158.526581][ T30] audit: type=1326 audit(1751816667.559:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7308 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f39b538e929 code=0x7fc00000 [ 158.599390][ T30] audit: type=1326 audit(1751816667.559:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7308 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b538e929 code=0x7fc00000 [ 158.667042][ T30] audit: type=1326 audit(1751816667.559:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7308 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b538e929 code=0x7fc00000 [ 158.714004][ T30] audit: type=1326 audit(1751816667.559:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7308 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b538e929 code=0x7fc00000 [ 158.769446][ T30] audit: type=1326 audit(1751816667.559:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7308 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b538e929 code=0x7fc00000 [ 158.792301][ T30] audit: type=1326 audit(1751816667.559:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7308 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b538e929 code=0x7fc00000 [ 158.818028][ T30] audit: type=1326 audit(1751816667.559:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7308 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b538e929 code=0x7fc00000 [ 158.840785][ T30] audit: type=1326 audit(1751816667.559:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7308 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b538e929 code=0x7fc00000 [ 158.863593][ T30] audit: type=1326 audit(1751816667.559:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7308 comm="syz.4.427" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b538e929 code=0x7fc00000 [ 159.106434][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 159.487468][ T7335] netlink: 4 bytes leftover after parsing attributes in process `syz.0.435'. [ 160.278687][ T7364] mapping of prio or/and queue is allowed only from OUTPUT/FORWARD/POSTROUTING chains [ 161.930059][ T7399] io-wq is not configured for unbound workers [ 162.048426][ T42] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 162.394812][ T7417] trusted_key: syz.4.470 sent an empty control message without MSG_MORE. [ 162.641059][ T7426] loop6: detected capacity change from 0 to 1 [ 162.666534][ T7426] Dev loop6: unable to read RDB block 1 [ 162.684047][ T7426] loop6: unable to read partition table [ 162.693300][ T7426] loop6: partition table beyond EOD, truncated [ 162.712740][ T7426] loop_reread_partitions: partition scan of loop6 (被x ) failed (rc=-5) [ 163.415098][ T3093] IPVS: starting estimator thread 0... [ 163.436804][ T7455] xt_TCPMSS: Only works on TCP SYN packets [ 163.538505][ T7457] IPVS: using max 27 ests per chain, 64800 per kthread [ 164.320757][ T7477] netlink: 8 bytes leftover after parsing attributes in process `syz.0.494'. [ 165.906430][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 166.826753][ T7532] netlink: 12 bytes leftover after parsing attributes in process `syz.0.514'. [ 168.605891][ T7590] netlink: 40 bytes leftover after parsing attributes in process `syz.0.543'. [ 169.622818][ T42] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 169.683720][ T7626] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 169.846926][ T7631] netlink: 104 bytes leftover after parsing attributes in process `syz.3.563'. [ 170.068138][ T7640] xt_hashlimit: size too large, truncated to 1048576 [ 170.727727][ T7655] binder: 7654:7655 ioctl c0306201 200000000040 returned -14 [ 171.547918][ T7683] netlink: 64 bytes leftover after parsing attributes in process `syz.4.585'. [ 171.557625][ T4522] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 172.112567][ T7702] netlink: 104 bytes leftover after parsing attributes in process `syz.4.594'. [ 172.287920][ T7706] veth1: entered promiscuous mode [ 172.673582][ T7715] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.681516][ T7715] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.907220][ T7715] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 173.015842][ T7715] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 173.139831][ T7724] usb usb8: usbfs: process 7724 (syz.1.601) did not claim interface 0 before use [ 173.456516][ T7715] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.482246][ T7715] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.506379][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 173.535323][ T7715] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.549113][ T7715] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 173.571775][ T7715] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 173.637017][ T7715] bridge1: left promiscuous mode [ 173.642091][ T7715] bridge1: left allmulticast mode [ 173.826607][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 173.881585][ T7735] netlink: 28 bytes leftover after parsing attributes in process `syz.0.606'. [ 174.180629][ T7746] netlink: 104 bytes leftover after parsing attributes in process `syz.3.611'. [ 174.815357][ T7764] loop9: detected capacity change from 0 to 7 [ 174.822614][ T7764] Buffer I/O error on dev loop9, logical block 0, async page read [ 174.864032][ T7764] Buffer I/O error on dev loop9, logical block 0, async page read [ 174.955354][ T7764] Buffer I/O error on dev loop9, logical block 0, async page read [ 175.086036][ T7771] syz_tun: entered allmulticast mode [ 175.091744][ T7764] Buffer I/O error on dev loop9, logical block 0, async page read [ 175.123292][ T7764] Buffer I/O error on dev loop9, logical block 0, async page read [ 175.150236][ T7764] Buffer I/O error on dev loop9, logical block 0, async page read [ 175.190914][ T7764] Buffer I/O error on dev loop9, logical block 0, async page read [ 175.226909][ T7770] syz_tun: left allmulticast mode [ 175.244127][ T7764] ldm_validate_partition_table(): Disk read failed. [ 175.254905][ T7764] Buffer I/O error on dev loop9, logical block 0, async page read [ 175.263376][ T7764] Buffer I/O error on dev loop9, logical block 0, async page read [ 175.277470][ T7764] Buffer I/O error on dev loop9, logical block 0, async page read [ 175.285507][ T7764] Dev loop9: unable to read RDB block 0 [ 175.295271][ T7764] loop9: unable to read partition table [ 175.303003][ T7764] loop9: partition table beyond EOD, truncated [ 175.324947][ T7764] loop_reread_partitions: partition scan of loop9 (被xڬdGݡ [ 175.324947][ T7764] ) failed (rc=-5) [ 175.746624][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 175.906412][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 176.635771][ T7805] netlink: 104 bytes leftover after parsing attributes in process `syz.3.634'. [ 177.772754][ T7844] netlink: 112 bytes leftover after parsing attributes in process `syz.4.648'. [ 177.936007][ T44] hid-generic 0000:0000:0000.0001: unknown main item tag 0x0 [ 177.959423][ T44] hid-generic 0000:0000:0000.0001: hidraw0: HID v0.00 Device [syz1] on syz0 [ 179.756885][ T7899] netlink: 104 bytes leftover after parsing attributes in process `syz.3.670'. [ 180.710697][ T7919] netlink: 8 bytes leftover after parsing attributes in process `syz.0.677'. [ 181.506401][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 182.879033][ T7988] netlink: 104 bytes leftover after parsing attributes in process `syz.3.707'. [ 183.514003][ T8007] netlink: 8 bytes leftover after parsing attributes in process `syz.1.714'. [ 183.574202][ T8010] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 183.977878][ T8018] netlink: 104 bytes leftover after parsing attributes in process `syz.1.720'. [ 184.237493][ T8030] netlink: 8 bytes leftover after parsing attributes in process `syz.0.724'. [ 184.437304][ T8034] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 184.898576][ T8053] input: syz0 as /devices/virtual/input/input17 [ 185.346402][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 185.954647][ T8080] netlink: 4 bytes leftover after parsing attributes in process `syz.3.745'. [ 187.299115][ T3093] hid-generic 0000:0000:0000.0002: unknown main item tag 0x0 [ 187.324912][ T3093] hid-generic 0000:0000:0000.0002: hidraw0: HID v0.00 Device [syz1] on syz0 [ 188.687778][ T8166] netlink: 104 bytes leftover after parsing attributes in process `syz.0.782'. [ 189.332165][ T8184] netlink: 112 bytes leftover after parsing attributes in process `syz.3.788'. [ 189.775442][ T8201] blkio.reset_stats is deprecated [ 189.826400][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 191.119645][ T8264] netlink: 272 bytes leftover after parsing attributes in process `syz.0.826'. [ 191.449883][ T8273] netlink: 4 bytes leftover after parsing attributes in process `syz.3.830'. [ 191.635584][ T8283] netlink: 8 bytes leftover after parsing attributes in process `syz.3.836'. [ 191.741366][ T5904] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 191.797084][ T8289] netlink: 272 bytes leftover after parsing attributes in process `syz.2.838'. [ 191.926479][ T5904] usb 5-1: Using ep0 maxpacket: 8 [ 191.934599][ T5904] usb 5-1: too many endpoints for config 1 interface 0 altsetting 1: 255, using maximum allowed: 30 [ 191.951344][ T5904] usb 5-1: config 1 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 191.996374][ T5904] usb 5-1: config 1 interface 0 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32 [ 191.999975][ T8296] netlink: 112 bytes leftover after parsing attributes in process `syz.3.841'. [ 192.036535][ T5904] usb 5-1: config 1 interface 0 altsetting 1 has 2 endpoint descriptors, different from the interface descriptor's value: 255 [ 192.114440][ T5904] usb 5-1: config 1 interface 0 has no altsetting 0 [ 192.167227][ T5904] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 192.196506][ T5904] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 192.222724][ T5904] usb 5-1: SerialNumber: syz [ 192.240149][ T8279] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 192.261221][ T8306] netlink: 4 bytes leftover after parsing attributes in process `syz.2.846'. [ 192.468645][ T5904] cdc_acm 5-1:1.0: skipping garbage [ 192.494972][ T5904] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 192.528936][ T5904] cdc_acm 5-1:1.0: This needs exactly 3 endpoints [ 192.535434][ T5904] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -22 [ 192.608818][ T5904] usb 5-1: USB disconnect, device number 6 [ 193.313334][ T8339] netlink: 272 bytes leftover after parsing attributes in process `syz.4.863'. [ 193.950762][ T8368] netlink: 4 bytes leftover after parsing attributes in process `syz.1.875'. [ 194.096059][ T8372] netlink: 8 bytes leftover after parsing attributes in process `syz.4.877'. [ 194.149098][ T8374] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 194.316941][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.323344][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.389100][ T8387] netlink: 112 bytes leftover after parsing attributes in process `syz.2.883'. [ 194.490772][ T44] hid-generic 0000:0000:0000.0003: unknown main item tag 0x0 [ 194.529496][ T44] hid-generic 0000:0000:0000.0003: hidraw0: HID v0.00 Device [syz1] on syz0 [ 194.782778][ T8396] fido_id[8396]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 195.038145][ T8406] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 196.369852][ T8446] netlink: 112 bytes leftover after parsing attributes in process `syz.1.909'. [ 197.009636][ T8465] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 197.320826][ T8473] netlink: 112 bytes leftover after parsing attributes in process `syz.2.921'. [ 197.800795][ T8494] process 'syz.2.925' launched './file1' with NULL argv: empty string added [ 198.075607][ T8500] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 198.127820][ T8500] bridge0: port 2(bridge_slave_1) entered disabled state [ 198.136719][ T8500] bridge0: port 1(bridge_slave_0) entered disabled state [ 198.146366][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 200.653161][ T5904] hid-generic 0000:0000:0000.0004: unknown main item tag 0x0 [ 200.679592][ T5904] hid-generic 0000:0000:0000.0004: hidraw0: HID v0.00 Device [syz1] on syz0 [ 200.854414][ T8574] netlink: 12 bytes leftover after parsing attributes in process `syz.0.960'. [ 201.720938][ T8591] netlink: 100 bytes leftover after parsing attributes in process `syz.2.966'. [ 202.359950][ T8611] bridge0: port 2(bridge_slave_1) entered disabled state [ 202.367765][ T8611] bridge0: port 1(bridge_slave_0) entered disabled state [ 202.540551][ T8619] netlink: 48 bytes leftover after parsing attributes in process `syz.4.976'. [ 202.626432][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 202.802065][ T8627] netlink: 68 bytes leftover after parsing attributes in process `syz.1.980'. [ 203.308996][ T8647] sock: sock_timestamping_bind_phc: sock not bind to device [ 203.435721][ T8650] netlink: 112 bytes leftover after parsing attributes in process `syz.0.989'. [ 203.536051][ T8654] netlink: 68 bytes leftover after parsing attributes in process `syz.0.992'. [ 204.402346][ T8681] netlink: 112 bytes leftover after parsing attributes in process `syz.3.1003'. [ 205.319972][ T8700] Unknown status report in ack skb [ 206.089811][ T8714] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1014'. [ 206.641369][ T8728] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1020'. [ 207.746435][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 209.177391][ T8785] binfmt_misc: register: failed to install interpreter file ./file1 [ 209.285223][ T8787] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1045'. [ 209.397945][ T8795] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1048'. [ 209.482359][ T8799] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1050'. [ 209.963757][ T8820] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1061'. [ 210.197683][ T8833] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1067'. [ 210.566891][ T8841] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 210.716616][ T8841] syz.3.1071 (8841) used greatest stack depth: 19928 bytes left [ 210.904368][ T8859] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1082'. [ 210.932670][ T8861] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1079'. [ 211.237580][ T8879] netlink: 24 bytes leftover after parsing attributes in process `syz.2.1090'. [ 211.670290][ T8895] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1097'. [ 211.749325][ T8897] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1098'. [ 211.762955][ T8899] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1099'. [ 212.368269][ T8913] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1103'. [ 212.814514][ T8927] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1110'. [ 213.012154][ T8932] tipc: Started in network mode [ 213.034156][ T8932] tipc: Node identity 4, cluster identity 4711 [ 213.062131][ T8932] tipc: Node number set to 4 [ 213.082958][ T8934] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1112'. [ 213.525345][ T8944] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1115'. [ 213.972069][ T8953] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1121'. [ 214.431949][ T8969] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1126'. [ 216.779563][ T9029] __nla_validate_parse: 3 callbacks suppressed [ 216.779584][ T9029] netlink: 104 bytes leftover after parsing attributes in process `syz.3.1152'. [ 217.565054][ T9049] netlink: 64 bytes leftover after parsing attributes in process `syz.0.1160'. [ 217.654298][ T9051] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1162'. [ 218.250070][ T9075] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1173'. [ 218.412894][ T9079] netlink: 68 bytes leftover after parsing attributes in process `syz.0.1175'. [ 219.138226][ T9109] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1188'. [ 219.203011][ T9111] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1189'. [ 219.886826][ T9131] syzkaller1: entered promiscuous mode [ 219.904291][ T9131] syzkaller1: entered allmulticast mode [ 220.112451][ T9139] netlink: 'syz.0.1202': attribute type 1 has an invalid length. [ 220.212689][ T9141] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1203'. [ 220.547275][ T9155] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1198'. [ 220.607591][ T9155] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1198'. [ 221.727489][ T9171] netlink: 'syz.3.1214': attribute type 1 has an invalid length. [ 221.926296][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 221.926313][ T30] audit: type=1326 audit(1751816730.999:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9174 comm="syz.3.1216" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9324b8e929 code=0x0 [ 222.466409][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 222.607658][ T9188] __nla_validate_parse: 2 callbacks suppressed [ 222.607675][ T9188] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1220'. [ 222.642684][ T9189] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1221'. [ 222.911131][ T9200] netlink: 280 bytes leftover after parsing attributes in process `syz.1.1226'. [ 223.355326][ T9216] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1233'. [ 223.669119][ T9225] af_packet: tpacket_rcv: packet too big, clamped from 4300 to 3942. macoff=106 [ 223.857089][ T9232] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1240'. [ 224.445402][ T9251] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1245'. [ 226.581471][ T9274] capability: warning: `syz.4.1252' uses 32-bit capabilities (legacy support in use) [ 227.347621][ T9286] netlink: 76 bytes leftover after parsing attributes in process `syz.0.1256'. [ 227.723931][ T9298] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1260'. [ 228.550320][ T9310] netlink: 136 bytes leftover after parsing attributes in process `syz.2.1266'. [ 229.411695][ T9336] netlink: 76 bytes leftover after parsing attributes in process `syz.2.1277'. [ 229.913771][ T9358] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1286'. [ 230.146778][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 230.481668][ T9368] syzkaller1: entered promiscuous mode [ 230.523621][ T9368] syzkaller1: entered allmulticast mode [ 231.047055][ T9373] netlink: 128 bytes leftover after parsing attributes in process `syz.1.1294'. [ 233.947585][ T9438] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1322'. [ 234.625197][ T9453] ALSA: mixer_oss: invalid OSS volume '' [ 235.906502][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 236.396763][ T9479] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1333'. [ 237.666908][ T9495] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1341'. [ 237.697223][ T9493] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 237.997117][ T9504] tipc: Started in network mode [ 238.012293][ T9504] tipc: Node identity 080211000001, cluster identity 4711 [ 238.033179][ T9504] tipc: Enabled bearer , priority 0 [ 238.099572][ T9504] tipc: Resetting bearer [ 239.107327][ T5945] tipc: Node number set to 134418688 [ 240.537644][ T9550] netlink: 112 bytes leftover after parsing attributes in process `syz.3.1359'. [ 241.065330][ T9560] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1363'. [ 242.934007][ T9584] random: crng reseeded on system resumption [ 242.955836][ T9587] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1372'. [ 243.188762][ T24] IPVS: starting estimator thread 0... [ 243.297159][ T9594] IPVS: using max 29 ests per chain, 69600 per kthread [ 244.677707][ T9623] netlink: 112 bytes leftover after parsing attributes in process `syz.2.1385'. [ 244.922130][ T9505] Set syz1 is full, maxelem 65536 reached [ 245.206315][ T9631] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1388'. [ 245.562828][ T9640] dvmrp0: entered allmulticast mode [ 246.171937][ T9666] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1401'. [ 248.454365][ T9740] bridge_slave_0: left allmulticast mode [ 248.461784][ T9740] bridge_slave_0: left promiscuous mode [ 248.481825][ T9740] bridge0: port 1(bridge_slave_0) entered disabled state [ 248.511100][ T9740] bridge_slave_1: left allmulticast mode [ 248.520322][ T9740] bridge_slave_1: left promiscuous mode [ 248.524411][ T9745] netlink: 136 bytes leftover after parsing attributes in process `syz.2.1435'. [ 248.527560][ T9740] bridge0: port 2(bridge_slave_1) entered disabled state [ 248.549188][ T9740] bond0: (slave bond_slave_0): Releasing backup interface [ 248.560713][ T9740] bond0: (slave bond_slave_1): Releasing backup interface [ 248.579410][ T9740] team0: Failed to send options change via netlink (err -105) [ 248.587548][ T9740] team0: Failed to send port change of device team_slave_0 via netlink (err -105) [ 248.598172][ T9740] team0: Port device team_slave_0 removed [ 248.606527][ T44] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 248.617997][ T9740] team0: Failed to send options change via netlink (err -105) [ 248.625994][ T9740] team0: Failed to send port change of device team_slave_1 via netlink (err -105) [ 248.637350][ T9740] team0: Port device team_slave_1 removed [ 248.643804][ T9740] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 248.651397][ T9740] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 248.660323][ T9740] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 248.668411][ T9740] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 248.779234][ T44] usb 2-1: config index 0 descriptor too short (expected 1051, got 27) [ 248.792508][ T44] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 248.806039][ T44] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 248.816806][ T44] usb 2-1: config 0 interface 0 altsetting 12 bulk endpoint 0x87 has invalid maxpacket 149 [ 248.839369][ T44] usb 2-1: config 0 interface 0 has no altsetting 0 [ 248.855260][ T44] usb 2-1: New USB device found, idVendor=06cd, idProduct=010a, bcdDevice=d9.c3 [ 248.886270][ T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.895408][ T44] usb 2-1: Product: syz [ 248.915610][ T44] usb 2-1: Manufacturer: syz [ 248.926265][ T44] usb 2-1: SerialNumber: syz [ 248.957786][ T44] usb 2-1: config 0 descriptor?? [ 248.981470][ T9738] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 249.304358][ T9765] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1443'. [ 249.956726][ T44] keyspan 2-1:0.0: Keyspan 4 port adapter converter detected [ 249.993970][ T44] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 7 [ 250.006671][ T44] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 81 [ 250.020799][ T44] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 1 [ 250.033000][ T44] usb 2-1: Keyspan 4 port adapter converter now attached to ttyUSB0 [ 250.045204][ T44] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 82 [ 250.050547][ T9776] netlink: 136 bytes leftover after parsing attributes in process `syz.4.1447'. [ 250.059439][ T44] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 2 [ 250.079634][ T44] usb 2-1: Keyspan 4 port adapter converter now attached to ttyUSB1 [ 250.112928][ T44] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 83 [ 250.120966][ T44] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 3 [ 250.198740][ T44] usb 2-1: Keyspan 4 port adapter converter now attached to ttyUSB2 [ 250.232491][ T44] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 84 [ 250.332586][ T44] keyspan 2-1:0.0: found no endpoint descriptor for endpoint 4 [ 250.357242][ T44] usb 2-1: Keyspan 4 port adapter converter now attached to ttyUSB3 [ 250.535056][ T44] usb 2-1: USB disconnect, device number 12 [ 250.675497][ T44] keyspan_4 ttyUSB0: Keyspan 4 port adapter converter now disconnected from ttyUSB0 [ 250.716323][ T44] keyspan_4 ttyUSB1: Keyspan 4 port adapter converter now disconnected from ttyUSB1 [ 250.760068][ T44] keyspan_4 ttyUSB2: Keyspan 4 port adapter converter now disconnected from ttyUSB2 [ 250.782003][ T44] keyspan_4 ttyUSB3: Keyspan 4 port adapter converter now disconnected from ttyUSB3 [ 250.804633][ T44] keyspan 2-1:0.0: device disconnected [ 250.862795][ T9797] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1453'. [ 251.721277][ T9820] random: crng reseeded on system resumption [ 252.986734][ T5904] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 253.147456][ T9873] netlink: 87 bytes leftover after parsing attributes in process `syz.2.1485'. [ 253.157508][ T5904] usb 4-1: Using ep0 maxpacket: 16 [ 253.174445][ T5904] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 253.215175][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 253.226342][ T5904] usb 4-1: Product: syz [ 253.230742][ T5904] usb 4-1: Manufacturer: syz [ 253.246808][ T5904] usb 4-1: SerialNumber: syz [ 253.281292][ T5904] r8152-cfgselector 4-1: Unknown version 0x0000 [ 253.297873][ T5904] r8152-cfgselector 4-1: config 0 descriptor?? [ 253.817529][ T5904] r8152-cfgselector 4-1: Unknown version 0x0000 [ 253.836478][ T5904] r8152-cfgselector 4-1: bad CDC descriptors [ 253.876110][ T5904] r8152-cfgselector 4-1: USB disconnect, device number 14 [ 254.896346][ T9925] random: crng reseeded on system resumption [ 255.750581][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.757081][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.907252][ T5945] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 255.921342][ T9960] random: crng reseeded on system resumption [ 256.416239][ T5945] usb 3-1: Using ep0 maxpacket: 32 [ 256.437376][ T5945] usb 3-1: config 0 interface 0 altsetting 17 endpoint 0x81 has invalid wMaxPacketSize 0 [ 256.452632][ T5945] usb 3-1: config 0 interface 0 altsetting 17 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 256.476260][ T5945] usb 3-1: config 0 interface 0 has no altsetting 0 [ 256.482947][ T5945] usb 3-1: New USB device found, idVendor=048d, idProduct=ce50, bcdDevice= 0.00 [ 256.506433][ T5945] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.545880][ T5945] usb 3-1: config 0 descriptor?? [ 256.777735][ T5945] usbhid 3-1:0.0: can't add hid device: -71 [ 256.796341][ T5945] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 256.848748][ T5945] usb 3-1: USB disconnect, device number 6 [ 257.343637][ T9989] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1532'. [ 257.794641][ T9996] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1535'. [ 260.667320][T10054] netlink: 'syz.2.1558': attribute type 1 has an invalid length. [ 261.887448][T10078] netlink: 87 bytes leftover after parsing attributes in process `syz.2.1567'. [ 262.161904][T10084] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1570'. [ 263.086744][T10106] netlink: 44 bytes leftover after parsing attributes in process `syz.0.1580'. [ 263.499194][T10116] random: crng reseeded on system resumption [ 264.297882][T10144] random: crng reseeded on system resumption [ 264.826241][ T44] IPVS: starting estimator thread 0... [ 264.936404][T10168] IPVS: using max 31 ests per chain, 74400 per kthread [ 265.930168][T10192] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1617'. [ 266.066409][ T5918] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 266.153250][T10195] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1618'. [ 266.175095][T10195] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1618'. [ 266.226268][ T5918] usb 4-1: Using ep0 maxpacket: 16 [ 266.246994][ T5918] usb 4-1: config 0 has an invalid interface number: 198 but max is 0 [ 266.255464][ T5918] usb 4-1: config 0 has no interface number 0 [ 266.297951][ T5918] usb 4-1: New USB device found, idVendor=1a0a, idProduct=0101, bcdDevice=30.1d [ 266.316229][ T5918] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.334918][ T5918] usb 4-1: Product: syz [ 266.351152][ T5918] usb 4-1: Manufacturer: syz [ 266.355921][ T5918] usb 4-1: SerialNumber: syz [ 266.377906][ T5918] usb 4-1: config 0 descriptor?? [ 266.411437][ T5918] usb_ehset_test 4-1:0.198: probe with driver usb_ehset_test failed with error -32 [ 266.591548][T10190] input input19: cannot allocate more than FF_MAX_EFFECTS effects [ 266.620371][ T5945] usb 4-1: USB disconnect, device number 15 [ 267.341747][T10209] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1622'. [ 267.723657][T10222] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1629'. [ 267.732941][T10222] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1629'. [ 270.505129][T10256] kvm: kvm [10255]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800 [ 270.546532][T10256] kvm: kvm [10255]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000 [ 270.556523][T10268] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1644'. [ 270.725826][T10272] random: crng reseeded on system resumption [ 271.390262][T10284] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 271.402982][T10286] capability: warning: `syz.0.1645' uses deprecated v2 capabilities in a way that may be insecure [ 272.256581][T10302] TCP: tcp_parse_options: Illegal window scaling value 209 > 14 received [ 272.783981][T10308] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1658'. [ 273.411124][T10316] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1663'. [ 273.416637][T10143] Set syz1 is full, maxelem 65536 reached [ 274.396259][ T24] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 274.469835][T10341] binder: 10337:10341 ioctl c0306201 200000000540 returned -14 [ 274.580961][ T24] usb 3-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 274.592520][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 274.611693][ T24] usb 3-1: Product: syz [ 274.623651][ T24] usb 3-1: Manufacturer: syz [ 274.638779][ T24] usb 3-1: SerialNumber: syz [ 274.672739][ T24] usb 3-1: config 0 descriptor?? [ 274.695000][ T24] i2c-tiny-usb 3-1:0.0: version 6d.cc found at bus 003 address 007 [ 275.327392][ T24] i2c i2c-1: failure reading functionality [ 275.425591][ T24] i2c i2c-1: connected i2c-tiny-usb device [ 275.473683][ T24] usb 3-1: USB disconnect, device number 7 [ 276.226447][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 278.364881][T10431] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1709'. [ 279.944608][T10459] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1719'. [ 280.148051][T10465] netlink: 72 bytes leftover after parsing attributes in process `syz.3.1721'. [ 281.116684][T10496] netlink: 87 bytes leftover after parsing attributes in process `syz.4.1733'. [ 281.410871][T10504] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1737'. [ 281.506368][ T24] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 281.692093][ T24] usb 5-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 281.713198][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.729375][ T24] usb 5-1: config 0 descriptor?? [ 282.236527][T10522] netlink: 87 bytes leftover after parsing attributes in process `syz.0.1744'. [ 282.808083][T10530] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 283.397944][ T24] usb 5-1: Cannot set autoneg [ 283.402911][ T24] MOSCHIP usb-ethernet driver 5-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 283.526699][ T24] usb 5-1: USB disconnect, device number 7 [ 284.698844][T10559] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 284.740568][ T3093] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 284.751981][ T3093] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz1] on syz0 [ 284.888836][ T30] audit: type=1326 audit(1751816793.939:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10547 comm="syz.3.1754" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9324b8e929 code=0x0 [ 285.164523][T10564] fido_id[10564]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 285.453982][T10580] input: syz1 as /devices/virtual/input/input20 [ 287.340377][ T5904] hid-generic 0000:0000:0000.0006: unknown main item tag 0x0 [ 287.372463][ T5904] hid-generic 0000:0000:0000.0006: hidraw0: HID v0.00 Device [syz1] on syz0 [ 287.549206][T10601] fido_id[10601]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 288.048200][T10610] netlink: 87 bytes leftover after parsing attributes in process `syz.4.1774'. [ 288.320072][T10619] netlink: 72 bytes leftover after parsing attributes in process `syz.4.1776'. [ 288.824989][T10621] kvm: kvm [10620]: vcpu0, guest rIP: 0x18e Unhandled WRMSR(0xc1) = 0x800 [ 289.424037][T10635] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1783'. [ 290.116524][ T30] audit: type=1326 audit(1751816799.009:147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10626 comm="syz.2.1779" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f493178e929 code=0x0 [ 290.516866][T10655] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 291.586469][ C0] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 291.913023][T10675] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1795'. [ 292.230105][T10682] xt_l2tp: v2 doesn't support IP mode [ 292.586266][ T5945] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 292.748623][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 292.776278][ T5945] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 292.786062][ T5945] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 292.915226][T10702] netlink: 87 bytes leftover after parsing attributes in process `syz.1.1806'. [ 293.059560][ T5945] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 293.077653][ T5945] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.107159][ T5945] usb 1-1: config 0 descriptor?? [ 293.548555][ T5945] plantronics 0003:047F:FFFF.0007: unknown main item tag 0x0 [ 293.574061][T10710] netlink: 96 bytes leftover after parsing attributes in process `syz.1.1810'. [ 293.651765][ T5945] plantronics 0003:047F:FFFF.0007: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 293.848841][ T5905] usb 1-1: USB disconnect, device number 20 [ 293.855763][T10686] plantronics 0003:047F:FFFF.0007: usb_submit_urb(ctrl) failed: -19 [ 294.122605][T10729] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1817'. [ 294.371988][T10737] netlink: 'syz.3.1820': attribute type 10 has an invalid length. [ 294.381502][T10737] bridge0: port 2(bridge_slave_1) entered disabled state [ 294.390291][T10737] bridge0: port 1(bridge_slave_0) entered disabled state [ 294.405597][T10737] bridge0: port 2(bridge_slave_1) entered blocking state [ 294.413065][T10737] bridge0: port 2(bridge_slave_1) entered forwarding state [ 294.420656][T10737] bridge0: port 1(bridge_slave_0) entered blocking state [ 294.427903][T10737] bridge0: port 1(bridge_slave_0) entered forwarding state [ 294.493606][T10737] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 294.806590][ T24] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 294.986403][ T24] usb 5-1: Using ep0 maxpacket: 8 [ 294.997761][ T24] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 295.016555][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 295.046012][ T24] usb 5-1: config 0 descriptor?? [ 295.667335][ T24] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -61 [ 295.699299][ T24] asix 5-1:0.0: probe with driver asix failed with error -61 [ 296.640047][T10777] input: syz0 as /devices/virtual/input/input22 [ 296.706394][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 296.938286][T10789] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1837'. [ 297.601077][ T5946] usb 5-1: USB disconnect, device number 8 [ 297.857315][T10826] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1850'. [ 298.652737][T10865] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1864'. [ 298.794751][T10869] [U]  [ 298.800612][T10870] bridge_slave_0: left allmulticast mode [ 298.821641][T10870] bridge_slave_0: left promiscuous mode [ 298.836170][T10870] bridge0: port 1(bridge_slave_0) entered disabled state [ 298.950894][T10870] bridge_slave_1: left allmulticast mode [ 298.982439][T10870] bridge_slave_1: left promiscuous mode [ 299.026519][T10870] bridge0: port 2(bridge_slave_1) entered disabled state [ 299.142775][T10870] bond0: (slave bond_slave_0): Releasing backup interface [ 299.179951][T10870] bond0: (slave bond_slave_1): Releasing backup interface [ 299.200303][T10870] team0: Port device team_slave_0 removed [ 299.219888][T10870] team0: Port device team_slave_1 removed [ 299.229867][T10870] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 299.243734][T10870] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 299.259920][T10870] team0: Port device bridge1 removed [ 299.626974][T10901] random: crng reseeded on system resumption [ 299.887466][T10894] batman_adv: batadv0: Adding interface: ip6gretap1 [ 299.907008][T10911] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1877'. [ 299.960920][T10894] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 300.044401][T10894] batman_adv: batadv0: Not using interface ip6gretap1 (retrying later): interface not active [ 300.087571][T10905] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 300.095099][T10905] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 300.166383][ T24] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 300.182180][T10905] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 300.218275][T10905] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 300.289089][T10905] batman_adv: batadv0: Removing interface: ip6gretap1 [ 300.455428][ T24] usb 1-1: config 0 has no interfaces? [ 300.545533][ T24] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 300.592670][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 300.607392][ T24] usb 1-1: Product: syz [ 300.611831][ T24] usb 1-1: Manufacturer: syz [ 300.640353][ T24] usb 1-1: SerialNumber: syz [ 300.740582][ T24] usb 1-1: config 0 descriptor?? [ 301.705176][T10954] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1889'. [ 303.550078][ T5946] usb 1-1: USB disconnect, device number 21 [ 304.902797][T11037] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1910'. [ 305.717670][ T3093] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 305.933021][ T3093] usb 5-1: Using ep0 maxpacket: 16 [ 305.975592][ T3093] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 306.026195][ T3093] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 306.098807][ T3093] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 306.148481][ T3093] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.204381][ T3093] usb 5-1: Product: syz [ 306.219712][ T3093] usb 5-1: Manufacturer: syz [ 306.224369][ T3093] usb 5-1: SerialNumber: syz [ 306.280266][ T3093] usb 5-1: config 0 descriptor?? [ 306.304763][ T3093] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 306.342465][T11074] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1921'. [ 306.356314][ T3093] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 306.906083][ T3093] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 306.914425][ T3093] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 306.946357][ C1] ip6_tunnel: ip6tnl1 xmit: Local address not yet configured! [ 307.525095][ T3093] em28xx 5-1:0.0: Unknown AC97 audio processor detected! [ 307.548254][ T3093] em28xx 5-1:0.0: couldn't setup AC97 register 2 [ 307.557845][ T3093] em28xx 5-1:0.0: couldn't setup AC97 register 4 [ 307.588442][ T3093] em28xx 5-1:0.0: couldn't setup AC97 register 6 [ 307.686442][T11104] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1932'. [ 307.801757][ T3093] em28xx 5-1:0.0: couldn't setup AC97 register 54 [ 307.816664][ T3093] em28xx 5-1:0.0: couldn't setup AC97 register 56 [ 307.844953][ T3093] usb 5-1: USB disconnect, device number 9 [ 307.974849][T11115] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1937'. [ 308.190300][T11122] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 309.516060][T11152] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1949'. [ 310.269699][T11173] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1957'. [ 310.813830][T11180] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1960'. [ 312.717994][ T3093] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 312.921579][ T3093] usb 1-1: Using ep0 maxpacket: 16 [ 312.929964][ T3093] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 312.942516][ T3093] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 312.959090][ T3093] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 312.996454][ T3093] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.009320][ T3093] usb 1-1: Product: syz [ 313.013984][ T3093] usb 1-1: Manufacturer: syz [ 313.028103][ T3093] usb 1-1: SerialNumber: syz [ 313.051707][ T3093] usb 1-1: config 0 descriptor?? [ 313.171380][ T3093] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 313.196174][ T3093] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 313.277103][T11254] netlink: 27 bytes leftover after parsing attributes in process `syz.2.1987'. [ 313.794755][ T3093] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 313.805180][ T3093] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 313.813844][T11267] loop6: detected capacity change from 0 to 7 [ 313.828444][T11267] Dev loop6: unable to read RDB block 7 [ 313.846566][T11267] loop6: AHDI p1 p2 [ 313.861508][T11267] loop6: partition table partially beyond EOD, truncated [ 313.872207][T11267] loop6: p1 start 926365495 is beyond EOD, truncated [ 314.022264][T11273] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 314.029058][T11273] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 314.050070][T11273] vhci_hcd vhci_hcd.0: Device attached [ 314.296943][ T5946] usb 39-1: new high-speed USB device number 2 using vhci_hcd [ 314.313780][T11274] vhci_hcd: connection reset by peer [ 314.325409][ T4522] vhci_hcd: stop threads [ 314.350773][ T4522] vhci_hcd: release socket [ 314.373461][ T4522] vhci_hcd: disconnect device [ 314.434837][T11281] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1995'. [ 314.445475][ T3093] em28xx 1-1:0.0: Unknown AC97 audio processor detected! [ 314.457187][ T3093] em28xx 1-1:0.0: couldn't setup AC97 register 2 [ 314.806537][ T3093] em28xx 1-1:0.0: couldn't setup AC97 register 4 [ 314.816249][ T3093] em28xx 1-1:0.0: couldn't setup AC97 register 6 [ 314.836256][ T3093] em28xx 1-1:0.0: couldn't setup AC97 register 54 [ 314.856957][ T3093] em28xx 1-1:0.0: couldn't setup AC97 register 56 [ 314.886593][ T3093] usb 1-1: USB disconnect, device number 22 [ 314.989005][T11288] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1998'. [ 315.108602][ T5905] IPVS: starting estimator thread 0... [ 315.206228][T11293] IPVS: using max 33 ests per chain, 79200 per kthread [ 316.094121][T11318] netlink: 116 bytes leftover after parsing attributes in process `syz.3.2010'. [ 316.252119][T11323] netlink: 44 bytes leftover after parsing attributes in process `syz.3.2012'. [ 316.833666][T11355] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2025'. [ 317.193734][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.200128][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 318.128346][T11386] netlink: 44 bytes leftover after parsing attributes in process `syz.2.2036'. [ 318.317868][ T3093] IPVS: starting estimator thread 0... [ 318.416534][T11395] IPVS: using max 29 ests per chain, 69600 per kthread [ 318.746239][ T3093] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 318.937012][ T3093] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 318.983731][ T3093] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 319.025319][ T3093] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 319.056347][ T3093] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 319.086213][ T3093] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 319.105565][ T3093] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.127695][ T3093] usb 3-1: config 0 descriptor?? [ 319.538166][ T5946] vhci_hcd: vhci_device speed not set [ 319.598457][ T3093] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 319.919102][ T5904] usb 3-1: USB disconnect, device number 8 [ 320.372827][T11433] fido_id[11433]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 324.449625][T11544] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2081'. [ 324.461158][T11544] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2081'. [ 326.793962][T11599] loop6: detected capacity change from 0 to 2560 [ 326.803885][T11599] buffer_io_error: 9 callbacks suppressed [ 326.803900][T11599] Buffer I/O error on dev loop6, logical block 0, async page read [ 326.829934][T11599] Buffer I/O error on dev loop6, logical block 0, async page read [ 326.846449][T11599] Buffer I/O error on dev loop6, logical block 0, async page read [ 326.868100][T11599] Buffer I/O error on dev loop6, logical block 0, async page read [ 326.921495][T11599] Buffer I/O error on dev loop6, logical block 0, async page read [ 326.951234][T11599] Buffer I/O error on dev loop6, logical block 0, async page read [ 326.982669][T11599] Buffer I/O error on dev loop6, logical block 0, async page read [ 327.013252][T11599] Buffer I/O error on dev loop6, logical block 0, async page read [ 327.099664][T11599] ldm_validate_partition_table(): Disk read failed. [ 327.177272][T11599] Buffer I/O error on dev loop6, logical block 0, async page read [ 327.217787][T11599] Buffer I/O error on dev loop6, logical block 0, async page read [ 327.225890][T11599] Dev loop6: unable to read RDB block 0 [ 327.326724][T11599] loop6: unable to read partition table [ 327.332642][T11599] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 327.640532][ T5217] ldm_validate_partition_table(): Disk read failed. [ 328.216954][ T5217] Dev loop6: unable to read RDB block 0 [ 328.307230][ T5217] loop6: unable to read partition table [ 332.186948][ T24] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 332.347053][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 332.354242][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 332.391875][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 332.433232][ T24] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 332.466958][ T24] usb 1-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 332.476032][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.511382][ T24] usb 1-1: config 0 descriptor?? [ 332.537178][T11666] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 332.546070][T11685] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2131'. [ 332.566357][ T24] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input24 [ 332.687117][T11686] loop6: detected capacity change from 0 to 524287999 [ 332.793385][ T5904] usb 1-1: USB disconnect, device number 23 [ 333.562464][T11699] veth0: entered promiscuous mode [ 333.581538][T11699] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2135'. [ 334.165407][T11710] input: syz0 as /devices/virtual/input/input25 [ 334.259396][T11710] hub 9-0:1.0: USB hub found [ 334.267277][T11710] hub 9-0:1.0: 1 port detected [ 335.892629][T11745] tipc: Started in network mode [ 335.917668][T11745] tipc: Node identity 00000000000000000000000000000001, cluster identity 6 [ 335.952589][T11745] tipc: Enabled bearer , priority 10 [ 336.463438][T11761] netlink: 'syz.0.2157': attribute type 27 has an invalid length. [ 336.472497][T11761] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 337.068307][ T5945] tipc: Node number set to 1 [ 337.154711][T11778] syz_tun: entered allmulticast mode [ 337.174701][T11778] syz_tun: left allmulticast mode [ 337.941515][T11812] netlink: 'syz.2.2178': attribute type 27 has an invalid length. [ 337.959669][T11812] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 338.509091][ T5945] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 338.696228][ T5945] usb 4-1: Using ep0 maxpacket: 32 [ 338.712261][ T5945] usb 4-1: unable to get BOS descriptor or descriptor too short [ 338.747261][ T5945] usb 4-1: config 5 has an invalid interface number: 89 but max is 0 [ 338.755382][ T5945] usb 4-1: config 5 has no interface number 0 [ 338.786321][ T5945] usb 4-1: config 5 interface 89 has no altsetting 0 [ 338.818626][ T5945] usb 4-1: New USB device found, idVendor=07fa, idProduct=0847, bcdDevice=b9.2f [ 338.838166][ T5945] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 338.867677][ T5945] usb 4-1: Product: syz [ 338.871880][ T5945] usb 4-1: Manufacturer: syz [ 338.874054][T11838] loop6: detected capacity change from 0 to 2560 [ 338.898947][ T5945] usb 4-1: SerialNumber: syz [ 338.913395][T11838] buffer_io_error: 27 callbacks suppressed [ 338.913410][T11838] Buffer I/O error on dev loop6, logical block 0, async page read [ 339.018451][T11838] Buffer I/O error on dev loop6, logical block 0, async page read [ 339.086341][T11838] Buffer I/O error on dev loop6, logical block 0, async page read [ 339.192791][T11838] Buffer I/O error on dev loop6, logical block 0, async page read [ 339.224704][ T5945] HFC-S_USB 4-1:5.89: probe with driver HFC-S_USB failed with error -5 [ 339.243724][T11838] Buffer I/O error on dev loop6, logical block 0, async page read [ 339.281464][ T5945] usb 4-1: USB disconnect, device number 16 [ 339.322091][T11838] Buffer I/O error on dev loop6, logical block 0, async page read [ 339.573871][T11838] Buffer I/O error on dev loop6, logical block 0, async page read [ 339.683171][T11838] Buffer I/O error on dev loop6, logical block 0, async page read [ 339.719063][T11838] ldm_validate_partition_table(): Disk read failed. [ 339.776272][T11838] Buffer I/O error on dev loop6, logical block 0, async page read [ 339.784257][T11838] Buffer I/O error on dev loop6, logical block 0, async page read [ 339.844853][T11838] Dev loop6: unable to read RDB block 0 [ 339.867023][T11838] loop6: unable to read partition table [ 339.906712][T11838] loop_reread_partitions: partition scan of loop6 (3 ) failed (rc=-5) [ 340.223082][ T30] audit: type=1326 audit(1751816849.299:148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11866 comm="syz.1.2197" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f62e1b8e929 code=0x0 [ 340.697072][T11883] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 341.951736][ T30] audit: type=1326 audit(1751816851.029:149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11907 comm="syz.2.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493178e929 code=0x7ffc0000 [ 342.036904][ T30] audit: type=1326 audit(1751816851.059:150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11907 comm="syz.2.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=32 compat=0 ip=0x7f493178e929 code=0x7ffc0000 [ 342.150588][ T30] audit: type=1326 audit(1751816851.059:151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11907 comm="syz.2.2214" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f493178e929 code=0x7ffc0000 [ 342.248883][ T30] audit: type=1326 audit(1751816851.329:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11914 comm="syz.2.2216" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f493178e929 code=0x0 [ 342.935703][T11931] netlink: 'syz.1.2222': attribute type 27 has an invalid length. [ 342.945067][T11931] sch_tbf: burst 32855 is lower than device lo mtu (65550) ! [ 343.686342][ T5945] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 343.857259][ T5945] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 343.876246][ T5945] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 343.916314][ T5945] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 343.946411][ T5945] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 343.968242][ T5945] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 343.989341][ T5945] usb 5-1: config 0 descriptor?? [ 344.425334][ T5945] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 344.449927][ T5945] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 344.658469][ T5945] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 344.669286][ T5945] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 344.683510][ T5945] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 344.696259][ T5945] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 344.741747][ T5945] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 344.791451][ T5945] usb 5-1: USB disconnect, device number 10 [ 344.929276][T11964] fido_id[11964]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 346.544056][T12000] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2244'. [ 347.113727][ T30] audit: type=1326 audit(1751816856.189:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12011 comm="syz.1.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e1b8e929 code=0x7ffc0000 [ 347.207026][ T30] audit: type=1326 audit(1751816856.229:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12011 comm="syz.1.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e1b8e929 code=0x7ffc0000 [ 347.229397][ C1] vkms_vblank_simulate: vblank timer overrun [ 347.274970][ T30] audit: type=1326 audit(1751816856.229:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12011 comm="syz.1.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=70 compat=0 ip=0x7f62e1b8e929 code=0x7ffc0000 [ 347.297280][ C1] vkms_vblank_simulate: vblank timer overrun [ 347.389882][ T30] audit: type=1326 audit(1751816856.229:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12011 comm="syz.1.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e1b8e929 code=0x7ffc0000 [ 347.452614][ T30] audit: type=1326 audit(1751816856.229:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12011 comm="syz.1.2252" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f62e1b8e929 code=0x7ffc0000 [ 348.177399][ T30] audit: type=1326 audit(1751816857.259:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12034 comm="syz.4.2261" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f39b538e929 code=0x0 [ 348.199196][ C1] vkms_vblank_simulate: vblank timer overrun [ 348.794678][T12060] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2270'. [ 349.226461][ T5945] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 349.407330][ T5945] usb 3-1: Using ep0 maxpacket: 8 [ 349.433423][ T5945] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 349.472674][ T5945] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 349.562641][ T5945] usb 3-1: config 0 has no interface number 0 [ 349.582635][ T5945] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 349.608363][ T5945] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 349.642853][ T5945] usb 3-1: config 0 interface 52 has no altsetting 0 [ 349.657558][ T5945] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 349.672619][ T5945] usb 3-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 349.706649][ T5945] usb 3-1: Manufacturer: syz [ 349.717955][T12084] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2280'. [ 349.740111][ T5945] usb 3-1: config 0 descriptor?? [ 349.849958][T12086] atomic_op ffff888079025998 conn xmit_atomic 0000000000000000 [ 349.866509][T12088] program syz.4.2282 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 349.901974][ T30] audit: type=1326 audit(1751816858.979:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12089 comm="syz.3.2283" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f9324b8e929 code=0x0 [ 349.977764][ T5945] input: syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.52/input/input26 [ 350.736235][ T24] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 350.921969][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 350.930872][ T24] usb 2-1: config 162 has an invalid interface number: 251 but max is 1 [ 350.946321][ T24] usb 2-1: config 162 has an invalid interface number: 209 but max is 1 [ 350.954842][ T24] usb 2-1: config 162 has no interface number 0 [ 350.969368][ T24] usb 2-1: config 162 has no interface number 1 [ 351.004338][ T24] usb 2-1: config 162 interface 251 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 351.030748][ T24] usb 2-1: config 162 interface 209 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 351.069480][ T24] usb 2-1: config 162 interface 209 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 351.100360][ T24] usb 2-1: config 162 interface 209 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 351.142623][ T24] usb 2-1: config 162 interface 209 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 351.177116][ T24] usb 2-1: config 162 interface 209 altsetting 1 has 5 endpoint descriptors, different from the interface descriptor's value: 4 [ 351.204178][ T24] usb 2-1: config 162 interface 251 has no altsetting 0 [ 351.220383][ T24] usb 2-1: config 162 interface 209 has no altsetting 0 [ 351.235307][ T24] usb 2-1: New USB device found, idVendor=1608, idProduct=0010, bcdDevice=4f.88 [ 351.245931][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.262225][ T24] usb 2-1: Product: syz [ 351.273653][ T24] usb 2-1: Manufacturer: syz [ 351.282931][ T24] usb 2-1: SerialNumber: syz [ 351.402748][T12122] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2297'. [ 351.547231][ T24] io_edgeport 2-1:162.251: required endpoints missing [ 351.639962][T12124] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(3) [ 351.646543][T12124] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 351.718588][T12124] vhci_hcd vhci_hcd.0: Device attached [ 351.758175][ T24] io_edgeport 2-1:162.209: Edgeport 2 port adapter converter detected [ 351.926307][ T5945] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 351.966359][ T5918] usb 41-1: new low-speed USB device number 2 using vhci_hcd [ 352.004532][T12132] netlink: 'syz.0.2300': attribute type 12 has an invalid length. [ 352.045349][ T5904] usb 3-1: USB disconnect, device number 9 [ 352.051394][ C0] synaptics_usb 3-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 352.108251][ T5945] usb 5-1: config 0 has no interfaces? [ 352.114011][ T5945] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 352.147906][ T24] usb 2-1: у detected [ 352.159600][ T5945] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 352.252422][ T5945] usb 5-1: config 0 descriptor?? [ 352.364089][ T24] usb 2-1: Edgeport 2 port adapter converter now attached to ttyUSB0 [ 352.466670][ T24] usb 2-1: Edgeport 2 port adapter converter now attached to ttyUSB1 [ 352.495206][ T3093] usb 5-1: USB disconnect, device number 11 [ 352.501430][T12126] usbip_core: unknown command [ 352.526232][T12126] vhci_hcd: unknown pdu 302055424 [ 352.561525][ C1] usb 2-1: edge_interrupt_callback - Error -19 submitting control urb [ 352.570007][ T24] usb 2-1: USB disconnect, device number 13 [ 352.579993][T12126] usbip_core: unknown command [ 352.588891][ T1308] vhci_hcd: stop threads [ 352.614959][ T1308] vhci_hcd: release socket [ 352.620088][ T24] edgeport_2 ttyUSB0: Edgeport 2 port adapter converter now disconnected from ttyUSB0 [ 352.653696][ T1308] vhci_hcd: disconnect device [ 352.701192][ T24] edgeport_2 ttyUSB1: Edgeport 2 port adapter converter now disconnected from ttyUSB1 [ 352.802248][ T24] io_edgeport 2-1:162.209: device disconnected [ 353.228607][T12151] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2304'. [ 353.249001][T12151] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2304'. [ 353.395738][T12158] netlink: 'syz.4.2308': attribute type 1 has an invalid length. [ 353.445828][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2309'. [ 353.462797][T12159] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2309'. [ 353.513921][T12158] 8021q: adding VLAN 0 to HW filter on device bond1 [ 354.916850][T12185] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2317'. [ 355.722816][T12195] netlink: 'syz.0.2322': attribute type 1 has an invalid length. [ 355.780023][T12195] 8021q: adding VLAN 0 to HW filter on device bond1 [ 355.875885][T12201] program syz.4.2324 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 356.127787][T12210] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2325'. [ 356.153845][T12210] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2325'. [ 356.718589][T12208] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2315'. [ 356.727754][T12208] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2315'. [ 357.096251][ T5918] vhci_hcd: vhci_device speed not set [ 358.026871][T12242] bridge4: entered promiscuous mode [ 358.033422][T12242] bridge4: entered allmulticast mode [ 358.055487][T12242] team0: Port device bridge4 added [ 358.155622][T12247] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2338'. [ 358.819245][T12266] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 359.756666][T12273] __nla_validate_parse: 1 callbacks suppressed [ 359.756679][T12273] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2345'. [ 359.802084][T12273] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2345'. [ 360.345266][T12286] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 360.492924][T12290] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 361.248615][T12310] ip6t_srh: unknown srh match flags 5040 [ 361.286335][T12311] netlink: 48 bytes leftover after parsing attributes in process `syz.4.2358'. [ 361.891393][T12327] netlink: 'syz.3.2364': attribute type 1 has an invalid length. [ 362.070039][T12327] 8021q: adding VLAN 0 to HW filter on device bond2 [ 362.169225][T12329] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 362.906405][T12350] loop6: detected capacity change from 0 to 524287999 [ 363.066242][T12351] ip6t_srh: unknown srh match flags 5040 [ 363.931058][T12375] syz_tun: entered allmulticast mode [ 363.938510][T12375] syz_tun: left allmulticast mode [ 363.947165][T12376] netlink: 'syz.3.2380': attribute type 1 has an invalid length. [ 364.074339][T12376] 8021q: adding VLAN 0 to HW filter on device bond3 [ 364.386693][T12398] ip6t_srh: unknown srh match flags 5040 [ 364.389339][T12397] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2389'. [ 364.404397][T12397] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2389'. [ 364.703392][T12406] batadv_slave_0: entered allmulticast mode [ 364.712140][T12407] loop6: detected capacity change from 0 to 524287999 [ 364.717719][T12406] batadv_slave_0: left allmulticast mode [ 365.364600][T12419] program syz.3.2398 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 365.540749][T12425] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 365.975498][T12432] netlink: 'syz.2.2402': attribute type 1 has an invalid length. [ 366.080734][T12432] 8021q: adding VLAN 0 to HW filter on device bond1 [ 366.089511][T12435] 8021q: VLANs not supported on gre0 [ 366.102179][T12436] vlan3: entered allmulticast mode [ 366.159838][T12436] veth1: entered allmulticast mode [ 366.317938][T12442] syz_tun: entered allmulticast mode [ 366.334389][T12442] syz_tun: left allmulticast mode [ 367.811681][T12467] netdevsim netdevsim2 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 367.820954][T12467] netdevsim netdevsim2 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 367.832779][T12467] netdevsim netdevsim2 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 367.841730][T12467] netdevsim netdevsim2 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 367.851828][T12467] geneve2: entered promiscuous mode [ 367.857164][T12467] geneve2: entered allmulticast mode [ 368.461901][T12473] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 368.791046][T12481] fuse: Invalid uid '00000000000000000003' [ 369.035836][T12490] loop6: detected capacity change from 0 to 524287999 [ 370.281626][T12515] fuse: Invalid uid '00000000000000000003' [ 370.973678][T12531] ip6t_srh: unknown srh match flags 5040 [ 372.408815][T12555] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 372.477402][T12562] loop6: detected capacity change from 0 to 524287999 [ 372.525023][T12555] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 372.570706][T12555] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 372.593807][T12555] geneve2: entered promiscuous mode [ 372.611817][T12555] geneve2: entered allmulticast mode [ 373.010329][T12574] ip6t_srh: unknown srh match flags 5040 [ 374.543341][T12602] openvswitch: netlink: Either Ethernet header or EtherType is required. [ 375.096204][ T5904] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 375.246919][ T5904] usb 4-1: Using ep0 maxpacket: 8 [ 375.256413][ T5904] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 375.267656][ T5904] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.275841][ T5904] usb 4-1: Product: syz [ 375.280373][ T5904] usb 4-1: Manufacturer: syz [ 375.299924][ T5904] usb 4-1: SerialNumber: syz [ 375.319944][ T5904] usb 4-1: config 0 descriptor?? [ 375.539937][ T5904] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 375.752082][T12613] ip6t_srh: unknown srh match flags 5040 [ 375.923775][T12622] Oops: general protection fault, probably for non-canonical address 0xdffffc000000000b: 0000 [#1] SMP KASAN PTI [ 375.935693][T12622] KASAN: null-ptr-deref in range [0x0000000000000058-0x000000000000005f] [ 375.944103][T12622] CPU: 0 UID: 0 PID: 12622 Comm: syz.4.2469 Not tainted 6.16.0-rc4-syzkaller-00324-g1f988d0788f5 #0 PREEMPT(full) [ 375.956157][T12622] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 375.966219][T12622] RIP: 0010:qfq_qlen_notify+0x29/0x70 [ 375.971615][T12622] Code: 90 f3 0f 1e fa 41 57 41 56 53 48 89 f3 49 89 fe e8 7c 35 37 f8 4c 8d 7b 58 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ff e8 29 b8 9a f8 49 8b 07 4c 39 f8 74 1c [ 375.991232][T12622] RSP: 0018:ffffc900040af0c8 EFLAGS: 00010202 [ 375.997295][T12622] RAX: 000000000000000b RBX: 0000000000000000 RCX: dffffc0000000000 [ 376.005262][T12622] RDX: ffffc9000bed1000 RSI: 0000000000000279 RDI: 000000000000027a [ 376.013231][T12622] RBP: dffffc0000000000 R08: ffff88802ee99e00 R09: 0000000000000002 [ 376.021732][T12622] R10: 00000000ffffffff R11: ffffffff89892900 R12: 0000000000000000 [ 376.029710][T12622] R13: ffff8880257ac000 R14: ffff8880257ac000 R15: 0000000000000058 [ 376.037679][T12622] FS: 00007f39b62866c0(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000 [ 376.046636][T12622] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 376.053228][T12622] CR2: 00007f39b55b7bac CR3: 000000005558c000 CR4: 00000000003526f0 [ 376.061291][T12622] Call Trace: [ 376.064807][T12622] [ 376.067763][T12622] qdisc_tree_reduce_backlog+0x29c/0x480 [ 376.073409][T12622] ? qdisc_tree_reduce_backlog+0x3c/0x480 [ 376.079127][T12622] codel_change+0x859/0xae0 [ 376.083631][T12622] ? is_dynamic_key+0xd6/0x1c0 [ 376.088390][T12622] ? qdisc_alloc+0x789/0xaa0 [ 376.093505][T12622] ? qdisc_create+0x12c/0xea0 [ 376.098178][T12622] ? rtnetlink_rcv_msg+0x779/0xb70 [ 376.103285][T12622] ? netlink_rcv_skb+0x208/0x470 [ 376.108212][T12622] ? netlink_unicast+0x75b/0x8d0 [ 376.113141][T12622] ? netlink_sendmsg+0x805/0xb30 [ 376.118338][T12622] ? __sock_sendmsg+0x21c/0x270 [ 376.123192][T12622] ? ____sys_sendmsg+0x505/0x830 [ 376.128148][T12622] ? ___sys_sendmsg+0x21f/0x2a0 [ 376.132994][T12622] ? __x64_sys_sendmsg+0x19b/0x260 [ 376.138104][T12622] ? __pfx_codel_change+0x10/0x10 [ 376.143122][T12622] codel_init+0x1f7/0x3e0 [ 376.147441][T12622] ? __pfx_codel_init+0x10/0x10 [ 376.152316][T12622] qdisc_create+0x7ac/0xea0 [ 376.156875][T12622] tc_modify_qdisc+0x1426/0x2010 [ 376.161819][T12622] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 376.167131][T12622] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 376.172425][T12622] rtnetlink_rcv_msg+0x779/0xb70 [ 376.177445][T12622] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 376.182550][T12622] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 376.188005][T12622] netlink_rcv_skb+0x208/0x470 [ 376.192772][T12622] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 376.198258][T12622] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 376.203555][T12622] ? netlink_deliver_tap+0x2e/0x1b0 [ 376.208769][T12622] ? netlink_deliver_tap+0x2e/0x1b0 [ 376.213975][T12622] netlink_unicast+0x75b/0x8d0 [ 376.218750][T12622] netlink_sendmsg+0x805/0xb30 [ 376.223528][T12622] ? __pfx_netlink_sendmsg+0x10/0x10 [ 376.228817][T12622] ? aa_sock_msg_perm+0x94/0x160 [ 376.233758][T12622] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 376.239043][T12622] ? __pfx_netlink_sendmsg+0x10/0x10 [ 376.244323][T12622] __sock_sendmsg+0x21c/0x270 [ 376.249000][T12622] ____sys_sendmsg+0x505/0x830 [ 376.253761][T12622] ? __pfx_____sys_sendmsg+0x10/0x10 [ 376.259040][T12622] ? import_iovec+0x74/0xa0 [ 376.263534][T12622] ___sys_sendmsg+0x21f/0x2a0 [ 376.268214][T12622] ? __pfx____sys_sendmsg+0x10/0x10 [ 376.273414][T12622] ? __fget_files+0x2a/0x420 [ 376.277999][T12622] ? __fget_files+0x3a0/0x420 [ 376.282671][T12622] __x64_sys_sendmsg+0x19b/0x260 [ 376.287608][T12622] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 376.293075][T12622] ? rcu_is_watching+0x15/0xb0 [ 376.297844][T12622] ? do_syscall_64+0xbe/0x3b0 [ 376.302523][T12622] do_syscall_64+0xfa/0x3b0 [ 376.307078][T12622] ? lockdep_hardirqs_on+0x9c/0x150 [ 376.312273][T12622] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.318336][T12622] ? clear_bhb_loop+0x60/0xb0 [ 376.323089][T12622] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 376.329065][T12622] RIP: 0033:0x7f39b538e929 [ 376.333465][T12622] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 376.353066][T12622] RSP: 002b:00007f39b6286038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 376.361475][T12622] RAX: ffffffffffffffda RBX: 00007f39b55b5fa0 RCX: 00007f39b538e929 [ 376.369440][T12622] RDX: 0000000000000800 RSI: 0000200000000100 RDI: 0000000000000008 [ 376.377407][T12622] RBP: 00007f39b5410b39 R08: 0000000000000000 R09: 0000000000000000 [ 376.385386][T12622] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 376.393360][T12622] R13: 0000000000000000 R14: 00007f39b55b5fa0 R15: 00007f39b56dfa28 [ 376.401332][T12622] [ 376.404338][T12622] Modules linked in: [ 376.408434][T12622] ---[ end trace 0000000000000000 ]--- [ 376.413923][T12622] RIP: 0010:qfq_qlen_notify+0x29/0x70 [ 376.419363][T12622] Code: 90 f3 0f 1e fa 41 57 41 56 53 48 89 f3 49 89 fe e8 7c 35 37 f8 4c 8d 7b 58 4c 89 f8 48 c1 e8 03 48 b9 00 00 00 00 00 fc ff df <80> 3c 08 00 74 08 4c 89 ff e8 29 b8 9a f8 49 8b 07 4c 39 f8 74 1c [ 376.439041][T12622] RSP: 0018:ffffc900040af0c8 EFLAGS: 00010202 [ 376.445258][T12622] RAX: 000000000000000b RBX: 0000000000000000 RCX: dffffc0000000000 [ 376.453281][T12622] RDX: ffffc9000bed1000 RSI: 0000000000000279 RDI: 000000000000027a [ 376.461313][T12622] RBP: dffffc0000000000 R08: ffff88802ee99e00 R09: 0000000000000002 [ 376.469346][T12622] R10: 00000000ffffffff R11: ffffffff89892900 R12: 0000000000000000 [ 376.477373][T12622] R13: ffff8880257ac000 R14: ffff8880257ac000 R15: 0000000000000058 [ 376.485364][T12622] FS: 00007f39b62866c0(0000) GS:ffff888125c1c000(0000) knlGS:0000000000000000 [ 376.494349][T12622] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 376.500966][T12622] CR2: 00007f39b55b7bac CR3: 000000005558c000 CR4: 00000000003526f0 [ 376.508984][T12622] Kernel panic - not syncing: Fatal exception in interrupt [ 376.516480][T12622] Kernel Offset: disabled [ 376.520796][T12622] Rebooting in 86400 seconds..