last executing test programs: 11.164062018s ago: executing program 4 (id=661): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)) r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000300)="359cb6", 0x3}], 0x2, &(0x7f0000000000)=[@prinfo={0x18, 0x84, 0x5, {0x20, 0x400}}], 0x18}], 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) r3 = fcntl$dupfd(r2, 0x0, r2) write$sndseq(r3, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000240)=0x9) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getuid() sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x6b4eddb}, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r6, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x104, 0x2, 0x3c8, 0xe8, 0xe8, 0x2e0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@MARK={0x28}}, {{@arp={@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, {@mac, {[0xff]}}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 'nicvf0\x00', 'lo\x00'}, 0xc0, 0x110, 0x0, {0xb000000}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @dev={0xac, 0x14, 0x14, 0xb}, @local, 0x8, 0x1}}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x9, {@empty, {[0xff]}}, {@mac=@remote}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 'veth0_macvtap\x00', 'ipvlan1\x00', {}, {}, 0x0, 0x2}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x418) socket$kcm(0x2, 0x3, 0x2) r7 = openat$mixer(0xffffffffffffff9c, &(0x7f0000003fc0), 0x0, 0x0) ioctl$SOUND_MIXER_READ_DEVMASK(r7, 0xc0044dff, &(0x7f0000004000)) r8 = semget$private(0x0, 0x1, 0x201) semtimedop(r8, &(0x7f0000000040)=[{0x0, 0xfffd}], 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 8.051474631s ago: executing program 4 (id=678): socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d21400000000000000000014000000110001"], 0x68}, 0x1, 0x0, 0x0, 0x4006000}, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x1) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x1b, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a0300000000f5ffffff00010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a30000000000b000000020a031747d21400000000000000000014000000110001"], 0x68}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000120000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x8040) 7.799580117s ago: executing program 4 (id=682): bind$inet6(0xffffffffffffffff, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) socket$inet6(0xa, 0x5, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000640)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = socket$pptp(0x18, 0x1, 0x2) connect$pptp(r2, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = syz_io_uring_setup(0x74d, &(0x7f0000000100)={0x0, 0x59c4, 0x8, 0x1000, 0x5cc}, &(0x7f0000000300)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_ACCEPT={0xd, 0x4, 0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x81800, 0x1}) io_uring_enter(r3, 0x6eeb, 0x4, 0x0, 0x0, 0x0) fchown(0xffffffffffffffff, 0x0, 0x0) quotactl_fd$Q_QUOTAON(0xffffffffffffffff, 0xffffffff80000201, 0x0, &(0x7f0000000040)='./file0\x00') setsockopt$inet_IP_XFRM_POLICY(0xffffffffffffffff, 0x0, 0x11, &(0x7f0000000540)={{{@in6=@loopback, @in=@multicast1, 0x4e23, 0x883f, 0x4e24, 0x6, 0x2, 0x0, 0x20, 0x33}, {0x53c5, 0x35, 0x2, 0x6, 0x8, 0x0, 0x9, 0x5}, {0x1, 0x78c0, 0x10000, 0x22}, 0x5b, 0x0, 0x1}, {{@in=@broadcast, 0x4d6, 0x32}, 0x2, @in6=@private2, 0x3501, 0x3, 0x3, 0x2, 0x5, 0x7, 0x3}}, 0xe8) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) r6 = io_uring_setup(0x1fc4, &(0x7f0000000bc0)={0x0, 0x0, 0x12, 0x0, 0x320}) r7 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000040), 0x20000, 0x0) r8 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000001c0), 0x2) r9 = memfd_create(&(0x7f0000000940)='y\x105\xfb\xf7u\x83%\b\x00\x00\x00\x00\x00\x00\x00\xea_\xccZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x10\x00\x00\x00\x04\x879\xa24\xa9a\b\x00\xb2\xd3\xcbZJ\x7fa\xc4\x1acB\xaa\xc1\xfb Q\x96\xd9xJ2\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\xea\b\x00\x00\x00\x00\x00\x00\x00\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9V\x01A\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\x0f<\x91\xb0\xa8\x9eo\xebF(\a\x00\x01vRk\xaabB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\x80\x81\xa0\xa2-g\b\x99\xef\x1d\xa0H\xcd\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00\xd5\xf3\\\x00\xbe]Et\xad*\xecn\x02\xc8\xc4\f\x04\x99\xf6\xfc\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xc8L\xae\x1ff\xcf\xb3\xb65\x12\x89\x02\x82t\x0f\xb0\xe89\x16\fO\x19\x91\xfd\x10\x0e\xa7r\x12\xab\xd4\xd1d\xad\f\x11\xb3\xb3c\xe2\xfe\xcd\x9f7\xa1\x14\xfa\xe2\xdf\x7f\xf4NG\xe3\xeb\x18\xde|\xb3\xf5S\x9a\x04\xb4Lry\xa9\xd6\xfb\xbc\n+N\xf7\xf6\x87\x95\xd9+\xd2sc/\x06\xaa#K3,k\xf3(\xcc\xc7\xb47\xfa\xc3\x1c\x91!\xd3\xd2`-\xa2xrR\x1c\x81i\x87u|29Q\xdf\xed\x10\x9b\x930\xa8v\xa0\x88\xa4t\x17\xb2\xca9\x02\x03\xc9P\xcc\xe0\xb7\x9c\x82\xb4\x03\x83e\xee\x95\xccO\x1b\x83\f\n{\xf3\x12\x90\xcf\x10\xb5>\b3\x80\x8d\xb2%7\x10\xeee\xe4\xc3\xb2^\xad\xb6~\xa2\xbdE\xbf\x91\vqt\x81\xbd\x19\xde\x81\tw\xd4p\xd1\x8aNJ\xb3M\a\xc4\xfa\xb0,$\x81j\xb4Hs\x93>\x16U\xd0t\xe4\xca0T\xb7\xf7\x9d4\b\xd9\xdeps\xec\xa0\nJ\xa5\xfe\xda{(\xee\xb5\x11?\xc3I-\x8bc\xc9\xfb\a\xe5\xab\xf8v1\xdc\xc5\x8c\xebs1\x81\xca\x81l\xa12\xff<\xf5\x12\xcc+\xd4\xab\x84\x16\xa4+\x0e\xd4\x02\xe3\xaa1\xeam\x8ce\xb4r\x0eo&3wff\xe6\x91\x7f\xba\xad\x05\xdd\xc0+\"\xa5\x80\'#\xfd\x9dA&\xee \x18\xe5\x17\x1bd\xd0\xb9\x90\xde\xec\xe4M\xe5\x06\x03r\fc\x8c\x10\x99x\xec`e`\xc3F\xdf\xbc\xa8\xff\x05\xe6\xea\xc3u\xd7\t\x88<\"\xf7!\xd6\x0e\xbbE^\xcd\xb0\x15g\xe6\xf2?y1\x9f\xd3\x95\xc4E\xd0\xb4\x16`r\x14\xad\x02\x17\x9a\x86I]\x02f\xd3\xc9\xe1H\xd7c\xcaQ\x8cE7\xcc\xcf=\xf3\xf7\xb9\xf6s\x88\bZi\b*w\xc5;\x88\r\xab\xa1\t\xf1\x02)5\x00\x84', 0xb) ftruncate(r9, 0xffff) fcntl$addseals(r9, 0x409, 0x7) r10 = ioctl$UDMABUF_CREATE(r8, 0x40187542, &(0x7f00000002c0)={r9, 0x0, 0x0, 0x8000}) r11 = fcntl$dupfd(r10, 0x0, r10) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r7, 0xc00c642e, &(0x7f0000000180)={0x0, 0x0, r11}) r12 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r12, 0x0, 0x60, &(0x7f00000000c0)={'filter\x00', 0x7, 0x4, 0x3d0, 0x110, 0x110, 0x200, 0x2e8, 0x110, 0x2e8, 0x4, 0x0, {[{{@arp={@loopback, @multicast1, 0x0, 0x0, 0x0, 0x0, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'ip6gretap0\x00', 'veth1_macvtap\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @broadcast, @local}}}, {{@uncond, 0xc0, 0xf0}, @unspec=@CONNMARK={0x30}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28, '\x00', 0x0, 0x20000}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x420) close_range(r6, 0xffffffffffffffff, 0x0) 7.458477615s ago: executing program 2 (id=684): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000002200)=@mangle={'mangle\x00', 0x2, 0x6, 0x578, 0xd0, 0x2d8, 0x0, 0x0, 0x208, 0x4a8, 0x4a8, 0x4a8, 0x4a8, 0x4a8, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@uncond, 0x0, 0x100, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @common=@frag={{0x30}, {[0x0, 0x8], 0x6, 0xd, 0x1}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0xfd}, {0xffffffffffffffff, 0x8}, {}, 0x2}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0x0, 0xff, 0x0, 0xffffff00], [], 'bond_slave_1\x00', 'pim6reg1\x00', {}, {}, 0x0, 0x0, 0x2}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [0xffffff00, 0xffffffff, 0xff000000], [0xffffffff, 0xffffffff, 0x0, 0xffffffff], 'geneve1\x00', 'team_slave_1\x00', {0xff}, {}, 0x32, 0x9, 0x1, 0x40}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x1, 0x4, 0x1}, {0x4, 0x4}, {0x2, 0x5, 0x5}, 0x4, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0, 0xa804}, {0x28}}}}, 0x5d8) 6.954309336s ago: executing program 3 (id=686): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x80, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_DEVICE(r3, 0xc00caee0, &(0x7f0000000100)={0xa, 0xffffffffffffffff, 0x1}) ioctl$KVM_SET_DEVICE_ATTR(r4, 0x4018aee1, &(0x7f00000001c0)=@attr_other={0x0, 0x1, 0x2, &(0x7f0000000000)=0x6}) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, &(0x7f0000000300)=@raw={'raw\x00', 0x4001, 0x3, 0x220, 0xf0, 0xb, 0x148, 0x0, 0x148, 0x1b8, 0x230, 0x242, 0x1b8, 0x215, 0x3, 0x0, {[{{@uncond, 0x0, 0xd0, 0xf0, 0x0, {0xff0f000000000000}, [@inet=@rpfilter={{0x28}, {0x4}}, @common=@unspec=@devgroup={{0x38}, {0x0, 0x0, 0x0, 0x6}}]}, @unspec=@TRACE={0x20}}, {{@ip={@multicast2, @rand_addr=0x64010101, 0xffffff00, 0xffffffff, 'veth0_to_batadv\x00', 'pimreg\x00', {0xff}, {0xff}, 0x33, 0x2, 0x22}, 0xec010000, 0x70, 0x98}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x7}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) r5 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x103201, 0x0) write$P9_RSTATu(r5, &(0x7f0000000440)=ANY=[@ANYBLOB="6502000002fd0a4f0524012800001f00000000000000000000000000000037c8f8b92ec3c931dd00000000000000000c00000001040000000000007dff0a"], 0xfd85) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) pselect6(0x40, &(0x7f0000000540)={0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x0, 0x0, 0x0, 0x0) connect$unix(r6, &(0x7f0000000180)=@abs, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x10) munmap(&(0x7f0000ffb000/0x3000)=nil, 0x3000) preadv(r1, &(0x7f0000000000)=[{&(0x7f0000000380)=""/155, 0x9b}], 0x1, 0x4, 0xffffff31) r7 = openat2$dir(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000280)={0x2000, 0x16e, 0x28}, 0x18) openat(r7, &(0x7f00000002c0)='./file0\x00', 0x100c0, 0x10) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x20181, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r9, 0xae60) r10 = ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x0) socket$kcm(0x29, 0x2, 0x0) syz_kvm_setup_cpu$x86(r9, r10, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x48, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x100000e, 0x20c44fb6edc09a38, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x220000, 0x0) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000ffe000/0x1000)=nil) 6.733122423s ago: executing program 1 (id=688): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)) r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000300)="359cb6", 0x3}], 0x2, &(0x7f0000000000)=[@prinfo={0x18, 0x84, 0x5, {0x20, 0x400}}], 0x18}], 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000240)=0x9) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getuid() sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x6b4eddb}, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x104, 0x2, 0x3c8, 0xe8, 0xe8, 0x2e0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@MARK={0x28}}, {{@arp={@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, {@mac, {[0xff]}}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 'nicvf0\x00', 'lo\x00'}, 0xc0, 0x110, 0x0, {0xb000000}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @dev={0xac, 0x14, 0x14, 0xb}, @local, 0x8, 0x1}}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x9, {@empty, {[0xff]}}, {@mac=@remote}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 'veth0_macvtap\x00', 'ipvlan1\x00', {}, {}, 0x0, 0x2}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x418) socket$kcm(0x2, 0x3, 0x2) r6 = openat$mixer(0xffffffffffffff9c, &(0x7f0000003fc0), 0x0, 0x0) ioctl$SOUND_MIXER_READ_DEVMASK(r6, 0xc0044dff, &(0x7f0000004000)) r7 = semget$private(0x0, 0x1, 0x201) semtimedop(r7, &(0x7f0000000040)=[{0x0, 0xfffd}], 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 6.575556402s ago: executing program 2 (id=689): openat$vimc0(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x5, 0x2d, 0x0, 0x0) openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x24, &(0x7f0000000080)=0x1, 0x4) shutdown(r0, 0x0) recvmmsg(r0, &(0x7f0000001980)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000040)=""/26, 0x11}}, {{0x0, 0x0, &(0x7f0000001300)=[{&(0x7f00000000c0)=""/47}, {&(0x7f0000000100)=""/224}, {&(0x7f0000000200)=""/4096}, {&(0x7f0000001200)=""/124}, {&(0x7f0000001280)=""/60}]}}, {{&(0x7f0000001380)=@pppoe={0x18, 0x0, {0x0, @local}}, 0x0, &(0x7f0000001840)=[{&(0x7f0000001400)=""/149}, {&(0x7f0000001b00)=""/118}, {&(0x7f0000001540)=""/188}, {&(0x7f0000001600)=""/57}, {&(0x7f0000001640)=""/135}, {&(0x7f00000014c0)=""/101}, {&(0x7f0000001780)=""/171}], 0x0, &(0x7f00000018c0)=""/176}}], 0x15cbc1ab4c0933f, 0x0, 0x0) (fail_nth: 17) 5.13921359s ago: executing program 1 (id=690): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000001300)=@raw={'raw\x00', 0x3c1, 0x3, 0x410, 0x1c0, 0xc8, 0x8, 0x1c0, 0x5803, 0x340, 0x2e8, 0x2e8, 0x340, 0x2e8, 0x3, 0x0, {[{{@ipv6={@remote, @local, [0xffffffff], [0x0, 0x0, 0x0, 0xffffff00], 'vlan0\x00', 'geneve1\x00', {}, {}, 0x33, 0x0, 0x6}, 0x0, 0x190, 0x1c0, 0x0, {0x0, 0x2000000000000}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "cfcaf80c672f61cd17ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f67222476147864fa03182f5df11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac07a602061c96baebc989f1f35a214e67262c1fe4b124e0f7323a587d2a1fcfe36bbf12eca0a7b66c60c527bac2b5", 0x1, 0x2, {0xfffffffffffffffe}}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@CONNMARK={0x30, 'CONNMARK\x00', 0x1, {0x98, 0x5df5, 0x800}}}, {{@ipv6={@mcast2, @private0, [0x0, 0x0, 0xff], [], 'batadv_slave_1\x00', 'bridge_slave_0\x00', {}, {}, 0x0, 0x0, 0x0, 0xc}, 0x0, 0x118, 0x180, 0x0, {}, [@common=@hbh={{0x48}, {0x0, 0x0, 0x0, [0x0, 0x1ff, 0xfffd, 0x0, 0x0, 0x0, 0x700, 0x3, 0x5], 0xff}}, @inet=@rpfilter={{0x28, 'rpfilter\x00', 0x2}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x6, 0x6, 0x1, 0x9, 'pptp\x00', 'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x470) 5.006641033s ago: executing program 2 (id=691): socket$netlink(0x10, 0x3, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$nl_generic(0x10, 0x3, 0x10) socketpair$tipc(0x1e, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmsg(r1, &(0x7f0000000500)={&(0x7f0000000040)=@hci, 0x80, &(0x7f0000000100)=[{&(0x7f0000000400)=""/248, 0xd68210}], 0x1, 0x0, 0x1f00000000000000, 0x200000}, 0x1f00) sendmsg$tipc(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000140)="a2", 0xfffffdef}], 0x1}, 0x0) accept4(r1, 0x0, 0x0, 0x80800) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) syz_usb_connect$uac1(0x2, 0xdc, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206", @ANYRES8=r0, @ANYRES16=r3, @ANYRESHEX], 0x0) 4.955192252s ago: executing program 1 (id=692): r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000100), 0x41) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000140)={0x2, "13516f3e71aa20efeb0f0dbb10297d1210892a4eb4bad7a762bececf0ca03907"}) r1 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01) write$char_usb(r1, &(0x7f0000000040)="e2", 0x918) write$UHID_CREATE2(r0, &(0x7f0000000880)=ANY=[@ANYBLOB="0b00000073797a300000000000000000000000000000000000000000000000000011000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000000e6ffffffffffffff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000004a00b4776402000000400200030000007c030000108784e83171cd437e242bcbb3008cc13a03b44f53e38b1d32ef524c532304a14261c8dced30528ed16e3ad61ad7b34c69885e1a4bd233aac510f7675d026321892a9ff1165693230deb"], 0x162) 4.814932629s ago: executing program 3 (id=694): socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c00000010008506000000000000000000000001", @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e6400"], 0x3c}}, 0x0) 4.53839176s ago: executing program 1 (id=695): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) (async) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async, rerun: 64) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (rerun: 64) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) (async) sendto$inet6(0xffffffffffffffff, &(0x7f0000000040)='T', 0x1, 0x8910, 0x0, 0x0) (async) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_INPUT(r3, 0xc0045627, &(0x7f00000000c0)=0x3) r4 = syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000540)=@base={0x5, 0x2, 0x2d9b, 0x7, 0x1, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x48) (async, rerun: 64) ioctl$MEDIA_IOC_REQUEST_ALLOC(r4, 0x80047c05, &(0x7f0000000940)=0xffffffffffffffff) (rerun: 64) ioctl$BTRFS_IOC_INO_LOOKUP_USER(r5, 0x7c81, 0x0) (async) r6 = socket$kcm(0x2, 0x5, 0x84) setsockopt$sock_attach_bpf(r6, 0x84, 0x17, &(0x7f0000000000), 0x10) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000006040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x893}, 0x24040084) (async) syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2) (async) membarrier(0x10, 0x0) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-twofish-3way\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000340)="71e67a15cdf0311cfcf33a52a7d86bd1", 0x20) socket$inet_udp(0x2, 0x2, 0x0) (async) socket$inet_mptcp(0x2, 0x1, 0x106) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r8, 0x8933, &(0x7f0000000000)={'batadv0\x00', 0x0}) sendmsg$nl_route(r8, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000140)=@dellink={0x20, 0x11, 0x1, 0x70bd27, 0x25dfdbfd, {0x0, 0x0, 0x0, r9, 0x1480, 0x2104}}, 0x20}, 0x1, 0x0, 0x0, 0x40}, 0x80) (async, rerun: 64) socket$nl_netfilter(0x10, 0x3, 0xc) (rerun: 64) 4.477697405s ago: executing program 4 (id=696): socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, &(0x7f0000000000)={0x3, &(0x7f00000000c0)=[{0x20, 0x0, 0x2, 0xfffff038}, {0x20, 0x0, 0x0, 0xffffefff}, {0x6}]}, 0x10) sendmmsg(r0, &(0x7f0000000180), 0x4000190, 0x0) (fail_nth: 34) 4.014447529s ago: executing program 4 (id=698): creat(0x0, 0x0) epoll_create1(0x80000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$kvm(0x0, &(0x7f0000000080), 0x2382, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01030000000000000000010000010900010073797a310000000054000000030a01040000000000000002010000000900030073797a31000000000900010073797a3100000000280004800800014000000005080002401b2fd2e4060003006970"], 0xc4}, 0x1, 0x0, 0x0, 0x20004000}, 0x24000010) r6 = dup(r4) pipe2$9p(&(0x7f00000000c0), 0x80) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r6, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(0xffffffffffffffff, 0xc1105517, &(0x7f0000000340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x0, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) write$binfmt_aout(r6, 0x0, 0xffffffdb) 3.986549255s ago: executing program 0 (id=699): syz_usb_connect(0x0, 0x5f, 0x0, 0x0) sendmsg$TIPC_NL_LINK_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x24}}, 0x0) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xc, 0x4, 0x0, &(0x7f0000000080)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) r1 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r2, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r3}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='O', 0x28}], 0x1, 0x0, 0x0, 0x2f00}, 0x72}], 0x1, 0x0) ioctl$SNDCTL_SYNTH_INFO(r0, 0xc08c5102, 0x0) r4 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r4, &(0x7f0000002680)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}}, 0x1c, &(0x7f0000000300)=[{&(0x7f0000000340)="18", 0x1}], 0x1}}], 0x1, 0x0) shutdown(r4, 0x1) r5 = socket(0x1e, 0x1, 0x0) connect$tipc(r5, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r5, &(0x7f0000000400), 0x2000011a) recvmmsg$unix(r5, &(0x7f0000000780)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000004c0)=""/152, 0x98}], 0x1}}], 0x1, 0x20012140, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(0xffffffffffffffff, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) symlink(&(0x7f0000000100)='./file0\x00', &(0x7f0000000180)='./file0\x00') sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYBLOB="300001010103000000000000722265553e2400000a0000041073760001800c00028005000100000000000c00198008000100080d000083a367de6a8e3b0b4755d3f3b389d3e414ccdb307b36465e706e349567e4ab95411a417dab76f859668de87b4aa2b6f182aa2d0fedceffbe33de1546206a9a69047855bd672be1afad4948484af94549274941d8d413f6d29a411cfdf5bd5f3af77e3bc907ea9b3ba9039fdfcfa5cc1e26a26888e22dc2"], 0x30}, 0x1, 0x0, 0x0, 0x1}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000001480)=0x14) mkdir(&(0x7f0000000080)='./file0\x00', 0x104) 3.924479339s ago: executing program 3 (id=700): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)) r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000300)="359cb6", 0x3}], 0x2, &(0x7f0000000000)=[@prinfo={0x18, 0x84, 0x5, {0x20, 0x400}}], 0x18}], 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000240)=0x9) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getuid() sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x6b4eddb}, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x104, 0x2, 0x3c8, 0xe8, 0xe8, 0x2e0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@MARK={0x28}}, {{@arp={@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, {@mac, {[0xff]}}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 'nicvf0\x00', 'lo\x00'}, 0xc0, 0x110, 0x0, {0xb000000}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @dev={0xac, 0x14, 0x14, 0xb}, @local, 0x8, 0x1}}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x9, {@empty, {[0xff]}}, {@mac=@remote}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 'veth0_macvtap\x00', 'ipvlan1\x00', {}, {}, 0x0, 0x2}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x418) socket$kcm(0x2, 0x3, 0x2) r6 = openat$mixer(0xffffffffffffff9c, &(0x7f0000003fc0), 0x0, 0x0) ioctl$SOUND_MIXER_READ_DEVMASK(r6, 0xc0044dff, &(0x7f0000004000)) r7 = semget$private(0x0, 0x1, 0x201) semtimedop(r7, &(0x7f0000000040)=[{0x0, 0xfffd}], 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 2.574297454s ago: executing program 1 (id=701): socket$inet6_tcp(0xa, 0x1, 0x0) r0 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r2, 0x0, 0x0, 0x4, 0x0, 0x0, {0x8001, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r4, r2, r3, 0x0, 0x3, 0xddffffff}) close(0x3) socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xa, 0x86, 0xf3, 0x40, 0x1110, 0x9024, 0xdb24, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0xe9, 0x50, 0x9, [{{0x9, 0x4, 0x62, 0x4, 0x0, 0x6f, 0x6f, 0x49, 0x5}}]}}]}}, 0x0) syz_usb_disconnect(r5) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000780)=ANY=[], 0x0) r6 = socket$inet6_sctp(0xa, 0x5, 0x84) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}], {0x14}}, 0xbc}}, 0x0) r8 = socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r8, @ANYRES64=r6, @ANYBLOB="ed"], 0x20) socket$inet6_tcp(0xa, 0x1, 0x0) (async) syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) (async) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r0, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) (async) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000140)={&(0x7f0000000100)=[0x0], 0x1}) (async) ioctl$DRM_IOCTL_MODE_GETPLANE(r0, 0xc02064b6, &(0x7f00000003c0)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) (async) ioctl$DRM_IOCTL_MODE_SETCRTC(r0, 0xc06864a2, &(0x7f0000000400)={0x0, 0x0, r2, 0x0, 0x0, 0x4, 0x0, 0x0, {0x8001, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "b4bc323ef77d1f000071849800000000deff00000000e6ffffff00"}}) (async) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r0, 0xc01064b5, &(0x7f0000000180)={&(0x7f00000000c0)=[0x0], 0x1}) (async) ioctl$DRM_IOCTL_MODE_SETPLANE(r0, 0xc03064b7, &(0x7f0000000040)={r4, r2, r3, 0x0, 0x3, 0xddffffff}) (async) close(0x3) (async) socket$nl_route(0x10, 0x3, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x200, 0xa, 0x86, 0xf3, 0x40, 0x1110, 0x9024, 0xdb24, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0xe9, 0x50, 0x9, [{{0x9, 0x4, 0x62, 0x4, 0x0, 0x6f, 0x6f, 0x49, 0x5}}]}}]}}, 0x0) (async) syz_usb_disconnect(r5) (async) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000780)=ANY=[], 0x0) (async) socket$inet6_sctp(0xa, 0x5, 0x84) (async) socket$nl_netfilter(0x10, 0x3, 0xc) (async) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000440)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x48, 0x3, 0xa, 0x101, 0x0, 0x0, {0x2}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}, @NFTA_CHAIN_TYPE={0x8, 0x7, 'nat\x00'}, @NFTA_CHAIN_HOOK={0x14, 0x4, 0x0, 0x1, [@NFTA_HOOK_HOOKNUM={0x8, 0x1, 0x1, 0x0, 0x1}, @NFTA_HOOK_PRIORITY={0x8}]}]}, @NFT_MSG_DELCHAIN={0x2c, 0x5, 0xa, 0x3, 0x0, 0x0, {0x2, 0x0, 0x6}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}], {0x14}}, 0xbc}}, 0x0) (async) socket$nl_generic(0x10, 0x3, 0x10) (async) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000740)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r8, @ANYRES64=r6, @ANYBLOB="ed"], 0x20) (async) 2.536830542s ago: executing program 0 (id=702): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000400)=ANY=[@ANYBLOB="04010000100007000000000000000000ff020000000000000000000000000001e0000002000000000000000000000000ffff000000000000001a000002000000", @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="ff010000000000000000000000000001000000002b000000fc0000000000000000000000000000000000000000000000000000000000000002000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000070000000000000000000000000000000000040000000000e80a000000000000000000000a000200700000000000000014000e00fe8000000000000000000000000000bbc9bcdedba23c07e45db314f2965fc9bc4e8c1acfac3b3180fe695eb5c5909fda566bc933da157cc221b1bb6ac95caf3f243d0ea68e8faedb6fa447a34e2ae38a6442fe375c98102a0b4b5110e9f12941f0055910e4"], 0x104}}, 0x0) 2.333575155s ago: executing program 0 (id=703): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000110900020073797a32000000000900010073797a3000000000080005400000001f0800034000000004640000000e0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000380003803400008028000180230001"], 0xf0}}, 0x0) 1.999462963s ago: executing program 3 (id=704): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000001880)=ANY=[@ANYBLOB="1b00000000000000000000000020000000000000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000000000000000000e7ffffffffffffff00000000efcbffff6a159b731ba314e02574d95c2279ddc2a39a231fe4c36684b6ddd14bf6d60185fa06818e70507dd2a45fc7a4877306622c8ff9703d57cb9714a8c3de5f5d84ef"], 0x48) r1 = syz_clone(0x21800, &(0x7f00000000c0)="fa51793e124d4266a9ae90463aceaedf7c321d3fb41f0e572ca53678dc98ea01ab49057f1e2956d98c2c67950b386c557eda1819562684cdb5a1a2a68d54fa098d63359add5b9e1e1443dbce16696ddb44f7d0321767bc4e99d57c56dac783a7cdc9e74cfeac6959be1ecc2570094d67aaf97324c290967cc96bfa5e2fcd5d13db734891479c34c7d2537e048c7d73266c4c5caef4b12f4545e482cf1b36e2ef56f1e75d50a65c1acc5bd99ac082acb76366d8a8297086e31c977f7765573b273cbd7972c99e5bf8cc253615b0f485d55afb04232100a983354300013e0417d9ee7b6e7f5e351b25e54021b6d3ca778a5e91eedef61e220944c3f00839a43a7b117564080f2bffb4bc4e54f9a8186f94e153be2763a2c49d38cc110f5eb7fb971ccc799039259acf2c76e57d4cfac81069d3beff93710081b2aea776b3b53d250d1f8d8ecc22f944d969c6e6b00aecb5f31ac4dd6ad7b3cee4cc3523b8bb37625f4229a8985a09aa018eae9c83da6e76458955f5002f2297801e3be3bc0de515529c5b1bf2e371991c4cc6a8edecfe381c368879ae8af12e8b908c0c4771c01f62737aa4356dae3db31d3e9337f5336ce2e5c957eae503c2c525e1c4595f55ad104398b109053417cbc828bd56858c09943c658f2e929ec6fd8fb332f9403f796e49878c02f5af8edfc127c5dabdaa2feb6b34965ba1bcf322d5a84616e669e8c82e7c63ca4661ba8a7ac34d6d2fd300ebff64eb8b90f0bb6d10234408f2e68303f07c21f45a730a7d20d5f5abc83cab8952405fd1da95f1410d5311251dde81997629500d475af298cd7d0c885f906d11eee00abc5affb6dd30531c617335e7076c58d62aad3d5c7d741370f2679bb4957d82dec7a7b1355037068b346edb1ac04b09741e5709aec3e7b4461b296264ef6bb6b14277b1273bbff353fce7f58c9b52d065d44ca80571675ea376b54d051632a6910cf1bb47133074195bbb9c0136ca32c803543fc1e0924a51cda6c700a783685b429f82fe82c627588bb399687ddccdac2b625a701a7c933faf6d67abc6cbf87b3d323af573619043fbbdac0020d2c8853cb8bb884ffc7069c9c39dcc4fa1d7a5d3502a7d5209f228a5a8560fbe65712d89e689bce0a325d3388ec8417f07139d219edda84e7d2214f9c3a22a26f8d29f94ecff7a3263c427db9da83c138855206f30509fb689d5b6b0c2dba1e375f6ef36bc0fbc04312afb34d107163ac594bb78ee4a76298e847228eeffb7810e0dbc036176deac36b45385fd7e44ed7f4a9ce51fd8bc5c6a5d67fb594e6f837dfa82d43bbc8a9102a6a35ee99de9a65f2f3b3c871a8dd1a78a175fae18ad4740da3eeb159cbcd6c1cdf8f3ca31e28b8bbf33f725ebbfe01b75075fb2bc199c029e5b3eb4399f4b496e14448aecb59e05567c361c91e500a789dbb0708cc91f40702de8ec6fed13b1f5c8392f298fe6ea29b36a3f7a81ae31c0cac81f71ad10e753e1ab0868f5467bc648ad31b2ea4c23f4a0c028ad864c93d61e137708378b06931693d12dbd697542fcd1a4f28d965a8e2d4051e02250daaadb0d4486706b8fec1f66d0ebdb1a79d742e584c3c7a04760818026777ccc277533ee1b540a06b6e78915ebf9c797fe832f3a6499880ac26edf969853b7ecff47da71637e18bb17cf58e440117189d977e6c78bc7605e6487b6dcd3f199bbe51e071693d0a456ff3659e87ae49802e5187d7efa62ad2ac91ea2e59d4aedf4dd4d0266cfe4f12d9500de8a01d3aea794629130c217ab8553b3e1d2f0dc745f3e9c6afc3a1788076e6b2ac8df22034c5f4bff91fe75a2fcc5d17c1fa433831e87cb5083d6315f5a19b22d07a9015b13f8838d70901f1830784395802d07eabc6dd352fc47992fc71acf20031a98c803e0d3868b7b23cf038381d048cdc6a01efab93eba7ea513605edfcae6fcda301ec143739faa10d5124334c070904d3de40ca27cea3c94812c1275ea6809e35820f2faaec2b75dd3111a540928f3944744b9127df3dc8ebf80dd6102cb9513851bb026237719a092a010373e8835e0c8fa5f9028a9a32daad55454be73ec8ff6cbe5e153d81da90a6aeabaaf4832f10e268757406b7db2e3bc378522045c7cf724a830d2ffe514d2707732e6fd62be301905fc5dea7f329b287fd5871d8e7a6d7605e2fb539923bde837a9a7b2e36df4aad777aaadaaabbce3d704bd91bc600a45eb80be1bb4b8bdeb1a4caa52f369e2768900e2402caabc1acfd3824ab9cd53332a8118dce9fc37351d96063d94ff99708cbc84f61845420f73b16abcb8bbd95213c2f36ee30d8bfd89124a0a607d8861de8b0c92105820bd6524dfc8d98694b9aa5550ad9d27e0a420b2351216902febf6110e25caefe8d9a430e7da55b0febd87b6e421e56a25190f0ba154acb76460c58c3467fe8a0c228c309e0e7310fa42d1a175ac6d6acef236d6d5e4eb685c1d4019cf6f2d28afc15174d09b42fa880ca9b692a40406bda52a161bba571468f66c83a2367efdcfe940cf16260fd3470990ecc3e8b1df90ffb036b25b0f283652950df98e233d7abd1e919222977b6fd9c354f6a41058d5860179ea5adcaa54e792ede68e00a6e552ecf8d7ab26a11176d81a30a457d82f0fceb1a672262e2d92d0957d53f37104a6a0485ee55f974cf9bb8c4d826bba4108e1efd00ef03cda611d6446c99f4368a5afb61af30cbb9081e46cfb9cb229899900fba50dd0c342018dfd529747cceefa7440b54fabde930fbf7c9d8a499af26b5b7579b5a1f6cff977c67062c6f8ca83f9d9f19d2edcd625a4382bdf77d39c4f574ca12e5cb1f407e44d8cb240ee96e067203edfc843884e17eedb87cc0039ca155a9cc330893e411f27a96e33c4879a072de2b1cedd2f191d8ffbbcd7109ee0217e584c07d7cea79ab89667165cb4e4536fa99eeb05f31c33e9e517382ea76477ced9c414a5a1f63103c07457f4140c0b237e47d7d4cefd1765eccca2d2175d84d2f53a6956bb17733604b0d6f201aee456cf34ec93a43375cbe81676b1593b5048fa425254422470653af72d289d180c9f818d6ffa81c5e2dc80fa825c2f82f259090d5dee321981c7ad28466e43586d82455fdb23f76d82a5da3b937f020b907a7d4a4f444e20cb4372b5cf8ba9651cc53232717b49e2bc6b34536f52f5549643e4521bb73eb4b0b0cb3b379891027437157ab5f06b9f5d34fb2ad92093b7939d33556ff82f7e5f2614a676b5daddfafc35f2742e47c6f703488fd958de96a5a9828e68323df4a552f6f946e3322a11bf8ccc5c01199f48106503d1e44feabb28539506472334350358133fe8eff9d948691bbe9cb24badc3a7c47b149a3f2327ded55b3fca3a81ba9b6ac972bc572d9bf9040eb1604c03371fb68f67f2b2e497b1de5d23e63a406e5a0c54f16e78cce26b92bdc22d0578660a4a5002ae9f92f7fa5e37c3e114b2c86b80a167af1b7ac9052faf6f650b34b26c0401767d120a13f46b8d08b5c70200f8cdad9825a253ef60dde29b3d0aac19c5de6f10938b55edd4236e4bdd67470234d497d7f7a50ab037f00dab382321ac4d7d64c03291fd1944e53ef8f2f89cafcb42f6c71b07f749ecdf330307eefbfcb05d406820355374b1d6e84328bf8c67650f88a3dcd7709746b06b3e57e22dd0316ecde3338977b2eee97e5109fdecd5c2a5f268c5b60bfa071cd88f963a23108b251379b20454750c99a5fdded1735732db8902afa16d05d8acb38b59e8c97c76737b6853ddd585e700dbdc58fa05999e3513444c45218d359de4503f19232686923afc55e646a6a77f375fb95f0939db623f650fbac3103fd13205c1f9799e940e53b8c534ed6f046f856b86d841386242f703246268d948e1ff323b2a93ea176f7f06d376ea4e31b33125bfae70e611f2060d29a02ad77a431df010bf43c8fcb731c75aeafe14be95df40c5baebced594eca8199f13437920093565749d76eb5fc1f9d3ab8275943b238224d3316db27fe9eace3dfb85a623523126e42ac1bbd5617ef7721a55e96167aaf30893f80c68075ee5a7c08c2da3dae9f06632e7ff9cc6861f58533f4f7714080ef66137b601daed57ad01896780c8edc4d6d5bbe70b336799544af09441dff180fe3ac076bc56ae92649d62524402f57ba10a6a9d7019622e076e75233ce50785751d7b39c67b29f52f2fafc2651beaab6722b0fe5676d9a432e1a1e69a10fd4042b315095e800f10f2d0e7741220e6b78a0f61eff1a9e9b508fa1ab8a504e56c7c99edf66c60ee7ea05855e0ef755f2b38157a3161f4b5adbb982535b207ff04c288af489e1ee1e2d4b304436d04444bf96c57d3d60a69ba23b208af0629bffc6775964498f7e79b279be25377d7618cd1edf64b22907c75232acfa8156e2f986ee65e9653ad592302235246f70da0cd15b4e076702939efe3c105726b9bcce18d15fe2af663e18d17a2401e837b1cf609f31195f76afb23aa21b36050c3f0ac513d3bcb6fae0f3e0aec91a0ff7f37d3adcf6b2f43a08a380a178b4cd1950bf36877cd0f8fd9de193a017691fbcc7b42a886a8a14c3f2d2e49a43b496863f9bc1ebf558b8758257b1238ba4e99266ae609bf2a8884c6d4ede578b7e750ee79e0bc23ae960236f52fd79630b79cf644ff90a220803168b6d5c446ffd5184f2fbe3471f0dc70c6046f71cbd7f668b7c8f97e611dbd9b56e315d044b773c9d88a1d8d32ce99cad92ecc22fcfbeaae3965ea8f528d05c49ecb5d8675cd95849c9710fcb8fee95230b91da0fba512c6067eeedc36e315c71a07432216e1e72537d35ab8e38975621942d903263a267ca001417f04005debef378d0f8d377b42059ff02876a5917fe139381e30c8d6b282ead4d612f9102deda582595fd6f308a9733f66a6dbd436a18531f996452f26ba867125507769d515f8376d7951eea603da72a3e03caa7c3a97da30d30cbb115527d091daa660bfeef27ac602ccfb2e8ba66820ca35e7df3259398a48cafce9456a1beb27c11eb06464fd9e4cb96d9ca37bb91c0cdbe6fb5b5ee504740865f002fb97e1e57046534a6b365113b1720765f80bad936a7b3eab66d6e5b7b8ca94af90142dee22c043b38f37c63db5a0ee94a6e1847d49f966b31c6bb6dc56bc0be3c7cf2577e960dd07dd75b5c5305819c60b41768c7e8134a8fddbf726594eeb6a83cdc610b66080ccd3658c0cd640503b9d68b615499955d28b5e28f2e0ae53a49270dd1ec2c721fc565d63edd9de44e11a58bb35a84cbe8610a8a5aba5cd01a97788f3471c4cfd709168f2fe09b0caf29c1387237a6eccb7a310daad98d469c2fae365b5763314775d41fce4335c7f0102780dcca5160fcf2dfc6758a3cc7a655e53388cf97887696a635016949b91f538d393b83750f78f7d9ffe14deb53918e6233fc5ad28262889a88a40bd71c9eabe1a573671f79f79c57e6e0b614b98714b02cad71cef4212984c4e9d9f08b80e904d38dc8524f639e366cdf6f5519733933684a4fd7a611d88e1b2b6b16e0c3aa2fc4115545a26e1774e408dbc9810e2bf89a293491ad818bece1faf9a23277588110095a98139af99f66287f6847ab5262dbb431b0e37203011d4f587644aeab48f28db0815f7db19f75809009fe4c3d0f78e9e4b7067c6ca33be8692cb05d503306c7dbd7f653f49958f2d258551cb341b188881665d0444b39d1129dbd909b2225a0b46f5154eaf7c72c4bae5de6ad6d88b07ddd204b551865c3d4bac76eea4c5fa1360301a0c9b63", 0x1000, &(0x7f0000000000), &(0x7f00000010c0), &(0x7f0000001100)="45bb5617675e230a210d66f0c7ea194f0285b8138b8a037c702963bd03ba7b96fccec6f0ba50f4fd9630e591f48c813a0690d63eda6cccffbefb219c4b2395199a884d23297b74f9fa35895b3681b3876392f512edb042608bf8d5bf028d55bb1ba27107d283e1b15ca8a49218c961f2ffc3fe08ee6d1d0d0f87c53feea485d8792ed3b78ab6002256ed35c9e660331728e5182097aa") r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETRULE(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000440)={0x38, 0x7, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_HANDLE={0xc, 0x3, 0x1, 0x0, 0x2}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x38}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000001480)={'syztnl2\x00', &(0x7f0000001400)={'syztnl2\x00', 0x0, 0x29, 0xfd, 0xf3, 0x1ff, 0x96784a895c5f963b, @dev={0xfe, 0x80, '\x00', 0x14}, @mcast2, 0x40, 0x40, 0x950e, 0x99d}}) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='cpuacct.usage_percpu_sys\x00', 0x275a, 0x0) write$binfmt_script(r5, &(0x7f0000000000), 0xfea7) sendmsg$NL80211_CMD_DEL_KEY(r5, &(0x7f0000001a00)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f00000019c0)={&(0x7f0000001940)=ANY=[@ANYBLOB='d\x00\x00\x00', @ANYRES16=0x0, @ANYBLOB="00012708000300", @ANYRES32=0x0, @ANYBLOB="09000700b89ee5014a0000000800090005ac0f000a00060008021100000000000800090001ac0f00040028000800090005ac0f0009000700f358cd6ef30000000800370001000000"], 0x64}, 0x1, 0x0, 0x0, 0x4000}, 0x800c040) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r5, 0x0) prctl$PR_SET_MM_MAP(0x23, 0xe, &(0x7f0000000000)={&(0x7f0000862000/0x3000)=nil, &(0x7f0000af8000/0x3000)=nil, &(0x7f0000ffc000/0x4000)=nil, &(0x7f0000ffd000/0x1000)=nil, &(0x7f0000af9000/0x3000)=nil, &(0x7f00004e5000/0x1000)=nil, &(0x7f000065e000/0x3000)=nil, &(0x7f0000538000/0xc000)=nil, &(0x7f00004e3000/0x3000)=nil, &(0x7f000089d000/0x3000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0}, 0x68) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1, 0x10012, r6, 0x0) bpf$BPF_BTF_GET_NEXT_ID(0x17, &(0x7f0000001540)={0x7d32, 0x0}, 0x8) r8 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r9 = dup(r8) bind$alg(r6, &(0x7f0000001700)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128l\x00'}, 0x58) write$6lowpan_enable(r9, &(0x7f0000000000)='0', 0xfffffd2c) bpf$PROG_LOAD(0x5, &(0x7f0000001640)={0x13, 0x11, &(0x7f0000001200)=@framed={{0x18, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x5}, [@kfunc={0x85, 0x0, 0x2, 0x0, 0x3}, @jmp={0x5, 0x0, 0xc, 0x6, 0x5, 0x0, 0xfffffffffffffff0}, @map_fd={0x18, 0x8, 0x1, 0x0, r0}, @btf_id={0x18, 0x3, 0x3, 0x0, 0x3}, @map_idx_val={0x18, 0x0, 0x6, 0x0, 0x9, 0x0, 0x0, 0x0, 0x9}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x6}, @map_idx={0x18, 0x9, 0x5, 0x0, 0x10}, @map_idx={0x18, 0xa, 0x5, 0x0, 0x5}]}, &(0x7f00000012c0)='syzkaller\x00', 0x8, 0xf7, &(0x7f0000001300)=""/247, 0x40f00, 0x79, '\x00', r4, @fallback, r6, 0x8, &(0x7f00000014c0)={0xa, 0x4}, 0x8, 0x10, &(0x7f0000001500)={0x0, 0x4, 0xffffffff, 0x7}, 0x10, r7, r9, 0x5, &(0x7f0000001580)=[r0], &(0x7f00000015c0)=[{0x1, 0x1, 0x9, 0xa}, {0x5, 0x4, 0x5, 0xb}, {0x0, 0x5, 0x0, 0x2}, {0x3, 0x3, 0xc, 0x2}, {0x0, 0x1, 0x0, 0x3}], 0x10, 0x3ff, @void, @value}, 0x94) socketpair(0x18, 0x2, 0x1, &(0x7f0000001780)={0xffffffffffffffff, 0xffffffffffffffff}) r11 = accept4(r10, &(0x7f00000017c0)=@nfc_llcp, &(0x7f0000001840)=0x80, 0x800) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) llistxattr(&(0x7f00000000c0)='./cgroup/cgroup.procs\x00', 0x0, 0x0) syz_open_procfs(r1, &(0x7f00000011c0)='net/udplite\x00') mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x0, 0x13, r0, 0x0) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r11, 0x8933, &(0x7f0000001a80)={'batadv0\x00', 0x0}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r6, 0x89f2, &(0x7f0000001b40)={'ip6tnl0\x00', &(0x7f0000001ac0)={'syztnl2\x00', r4, 0x4, 0xe, 0x1, 0x3800000, 0xc, @private0={0xfc, 0x0, '\x00', 0x1}, @private1, 0x1, 0x8, 0x93a, 0x5}}) sendmsg$ETHTOOL_MSG_LINKSTATE_GET(r9, &(0x7f0000001e40)={&(0x7f0000001a40)={0x10, 0x0, 0x0, 0x1000000}, 0xc, &(0x7f0000001e00)={&(0x7f0000001b80)={0x26c, 0x0, 0x300, 0x70bd26, 0x25dfdbff, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r12}]}, @HEADER={0x7c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_vlan\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'caif0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x74, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_bridge\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}]}, @HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth0_virt_wifi\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}]}, @HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan1\x00'}]}, @HEADER={0x68, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r4}, @ETHTOOL_A_HEADER_DEV_NAME={0x14}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r13}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}]}, 0x26c}, 0x1, 0x0, 0x0, 0x40000}, 0x800) 1.950739463s ago: executing program 0 (id=705): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x140, 0x800, 0x3ff, 0x0, 0x0, 0x800001, {0x4, 0x4}, {0xfffffffd}, {0x0, 0x4}, {0x0, 0x4, 0x8}, 0x0, 0x3f0, 0x0, 0x0, 0x8000000, 0x0, 0xfffffffd, 0x3, 0x0, 0x0, 0x6, 0x69, 0x0, 0x100, 0x2, 0xc}) 1.758093934s ago: executing program 0 (id=706): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000000c0)={0x8, 0x6, &(0x7f00000003c0)=ANY=[@ANYBLOB="180000000000000000006400f76873fe45180000000000f1a5000000f0fff0ffc31a00000001000095"], &(0x7f0000000180)='GPL\x00', 0x8, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2cd, @void, @value}, 0x94) 1.609229171s ago: executing program 2 (id=707): mount$fuse(0x0, 0x0, 0x0, 0x0, 0x0) r0 = gettid() r1 = getpgrp(0x0) rt_tgsigqueueinfo(r1, r0, 0xd, &(0x7f0000000000)={0x0, 0x2, 0x18}) prctl$PR_SCHED_CORE(0x3e, 0x1, r1, 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) r4 = syz_open_dev$vim2m(&(0x7f0000000240), 0x7, 0x2) fcntl$getown(r4, 0x9) r5 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r3}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r6, r7, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r2, 0x0, 0x0, 0x0, {}, 0x1}) r8 = signalfd4(0xffffffffffffffff, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) io_uring_enter(r5, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r9 = openat$ptp0(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0542, 0x0) socket$kcm(0x2, 0x3, 0x2) r10 = socket$kcm(0x10, 0x2, 0x4) ioctl$TIOCGPGRP(r8, 0x540f, &(0x7f0000000200)=0x0) capset(&(0x7f0000000000)={0x20080522, r11}, &(0x7f0000000280)={0x0, 0x0, 0x7f, 0x9, 0x3, 0x80000000}) sendmsg$kcm(r10, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000100)="4c000000150097f87059ae08060c040002ff0f020000000000000187ac1414aaa69d35a2cca84708f7abca1bac1414aabd7c493872f750375ed08a560400000003c48f93b82a03000000461e", 0x4c}], 0x1}, 0x0) readv(r9, &(0x7f00000018c0)=[{&(0x7f0000000840)=""/4096, 0x1000}], 0x1) 1.45048312s ago: executing program 0 (id=708): socket$inet6_udplite(0xa, 0x2, 0x88) syz_usb_connect$printer(0x0, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) close(0xffffffffffffffff) fsopen(&(0x7f0000000580)='overlay\x00', 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)=ANY=[@ANYBLOB, @ANYRESHEX], 0x24}], 0x1, 0x0, 0x0, 0x20000000}, 0xc000) sendmsg$nl_route(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={0x0, 0x90}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f0000000100), 0x0, 0xe00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r3 = socket$inet6(0xa, 0x80000, 0x1) r4 = syz_open_dev$dri(0x0, 0x1, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c01000013000100"/20, @ANYRES32=0x0, @ANYBLOB='\x00\x00\x000\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="050027000000000008008500", @ANYRES32=0x0, @ANYBLOB="140003006d6163766c616e31000000000000000008000a00", @ANYRES32=0x0, @ANYBLOB="e8001a8048000a80140007"], 0x15c}, 0x1, 0x9c000000}, 0x4c0a0) ioctl$DRM_IOCTL_MODE_GETGAMMA(r4, 0xc02064a4, 0x0) setsockopt$inet6_IPV6_RTHDR(r3, 0x29, 0x39, &(0x7f0000001640)=ANY=[@ANYBLOB="0002020100000008ff"], 0x18) connect$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0xff}, 0x5}, 0x1c) writev(r3, 0x0, 0x0) 1.450071784s ago: executing program 4 (id=709): mkdir(&(0x7f00000022c0)='./file0\x00', 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) socket$nl_rdma(0x10, 0x3, 0x14) userfaultfd(0x801) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r5, 0x1, 0x1a, &(0x7f00000001c0)={0x3, &(0x7f0000000140)=[{0x20, 0x0, 0x0, 0xfffff00c}, {0x20, 0x0, 0x0, 0xfffff00e}, {0x6, 0x80}]}, 0x10) sendmsg$AUDIT_GET_FEATURE(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x27, &(0x7f0000000100)={&(0x7f0000000000)={0x10}, 0x10}}, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x400000003, 0x2) sendmmsg$unix(r4, &(0x7f00000000c0), 0x3f, 0x0) syz_usb_connect(0x0, 0x63, &(0x7f0000000000)=ANY=[@ANYBLOB="1201010298375720e10655a115b60102030109025100020410200809040a070203000004090509210002fa040909050a0300020d06050904ec05000202ff06030d06052406000105240006000d240f0109000000070002000106241a07001e0424020a"], &(0x7f00000005c0)={0x0, 0x0, 0x0, 0x0}) connect$unix(0xffffffffffffffff, 0x0, 0x0) socket$packet(0x11, 0x2, 0x300) r6 = socket$netlink(0x10, 0x3, 0x4) r7 = syz_io_uring_setup(0xa0, &(0x7f0000000640)={0x0, 0x105cc6, 0x1000, 0x0, 0x207}, &(0x7f0000000100)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) openat$sequencer(0xffffffffffffff9c, &(0x7f00000000c0), 0xd0004, 0x0) r10 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r10, 0x0, 0x40, &(0x7f00000001c0)=@security={'security\x00', 0x3a, 0x4, 0x338, 0xffffffff, 0x110, 0x0, 0x1a8, 0x110, 0xffffffff, 0x110, 0x2a0, 0x2a0, 0xffffffff, 0x4, 0x0, {[{{@uncond, 0x0, 0xb0, 0x110, 0x0, {}, [@common=@set={{0x40}}]}, @common=@SET={0x60}}, {{@uncond, 0x0, 0x70, 0x98}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@ip={@empty, @private, 0x0, 0x0, 'vlan0\x00', 'vlan0\x00'}, 0x0, 0x98, 0xf8, 0x0, {}, [@common=@ttl={{0x28}}]}, @common=@SET={0x60}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x398) syz_io_uring_submit(r8, r9, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000080)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r7, 0x847ba, 0x0, 0xe, 0x0, 0x0) capset(&(0x7f0000000300)={0x19980330}, &(0x7f0000000440)) write(r6, &(0x7f0000000040)="2700000014000707030e0000120f0a0011000100f5fe009d2fb112ff000000008a151f75080039", 0x27) sendmsg$NFT_BATCH(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000009c0)={{0x14}, [@NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x801, 0x0, 0x0, {0x2, 0x0, 0x1}}, @NFT_MSG_NEWSETELEM={0x14, 0xe, 0xa, 0x401, 0x0, 0x0, {0x1}}], {0x14, 0x10}}, 0x50}}, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000040)='\x00', 0x89901) 1.432556315s ago: executing program 3 (id=710): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f0000000080)=ANY=[@ANYBLOB="b4050000000000007112180000000000bf201000800000009500000000020100"], &(0x7f0000003ff6)='GPL\x00', 0xa, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x366, 0x10, &(0x7f0000000000), 0x2b2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 759.764139ms ago: executing program 3 (id=711): r0 = socket(0x10, 0x3, 0x0) userfaultfd(0x801) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x22, 0x2, 0x24) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) memfd_create(&(0x7f0000000d00)='Y\xff\xff\x00\x00\x00\x00\x00K\xb2\x02\x80B\xe9\xe8\xcc\xde\x06\x00l\xa8\x1aJ\xaf\xb2M\xba\xb8_\x05U\xcd<|>\x9e\xec^\x0e\xbe\x18+-\x9b\x893\x02\x00\xa6\x1f+\xb3\xc5\x90z5\xe0\xdfi\xb7\x9f\xb4QW\xc9\xc9\x92\x03\t\x00\x00\x00\x00\x00\xb2\x0f\xee\xbe\f8\xcc\x7f\x00\x00\x00Z\x81\x00\x00\x00\x00\x18I\x13\xf1\xa2x\x04\x81R\xd45R\xae\x05\x00\x00\x00\x00\x00\x00\x00_M^dQ:\xbc\xafq\x88\x19nSF|;]\xe1A\x8c\x8a\x98\xd7|\xdcLF\r\xb1\xfd\xbf!\xc7u\xccP\xdd\x13~\x89\xcf\x85\xca\xa0%\xc6\xc7\x11\x00\x00\x00\x00\x00\x00\x00?M9\\\av~\'\xd9\xb0\xacdya]8\x9d\xb7\v\xf39\xc5{\x9c!\x0f/\xb8o8\xb9\x8d\x19\xe2\xca\x01y\x83\xe7\ng\x87\xd93\xf0y\xd6\xb0\xf2\x9f\xa7\xcf\xad\x86\\\xec\xec\xd6\x9d\bT\xcd\xa2\xea', 0xe) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r3, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) setxattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=ANY=[@ANYBLOB='c'], 0x0, 0x0, 0x2) connect$inet(r3, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) writev(r3, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) r4 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$UI_ABS_SETUP(r4, 0x401c5504, 0x0) shutdown(r3, 0x1) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f000010"], 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000240), 0xc2882, 0x0) rename(&(0x7f0000000000)='./file0\x00', &(0x7f0000000040)='./file0\x00') ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000001c0)={'vcan0\x00'}) 486.636591ms ago: executing program 2 (id=712): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x8, 0x8, &(0x7f0000000180)=@framed={{0x18, 0x8}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0, 0x0, 0x0, 0x0, 0x90}}]}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x24, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 185.275938ms ago: executing program 2 (id=713): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000002200)=@mangle={'mangle\x00', 0x2, 0x6, 0x578, 0xd0, 0x2d8, 0x0, 0x0, 0x208, 0x4a8, 0x4a8, 0x4a8, 0x4a8, 0x4a8, 0x6, 0x0, {[{{@uncond, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@uncond, 0x0, 0x100, 0x138, 0x0, {}, [@inet=@rpfilter={{0x28}, {0xb}}, @common=@frag={{0x30}, {[0x0, 0x8], 0x6, 0xd, 0x1}}]}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff, 0xfd}, {0xffffffffffffffff, 0x8}, {}, 0x2}}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}, {{@ipv6={@remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', [0x0, 0xff, 0x0, 0xffffff00], [], 'bond_slave_1\x00', 'pim6reg1\x00', {}, {}, 0x0, 0x0, 0x2}, 0x0, 0xa8, 0xf0}, @SNPT={0x48, 'SNPT\x00', 0x0, {@ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @empty, [0xffffff00, 0xffffffff, 0xff000000], [0xffffffff, 0xffffffff, 0x0, 0xffffffff], 'geneve1\x00', 'team_slave_1\x00', {0xff}, {}, 0x32, 0x9, 0x1, 0x40}, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0x1, 0x4, 0x1}, {0x4, 0x4}, {0x2, 0x5, 0x5}, 0x4, 0x1}}}], {{'\x00', 0x0, 0xa8, 0xd0, 0xd802}, {0x28}}}}, 0x5d8) 0s ago: executing program 1 (id=714): socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000800)) r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f0000000440)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f00000004c0)=[{&(0x7f0000000100)="03", 0x1}], 0x1}], 0x1, 0x0) sendmmsg$inet_sctp(r0, &(0x7f00000032c0)=[{&(0x7f00000000c0)=@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000240)=[{0x0}, {&(0x7f0000000300)="359cb6", 0x3}], 0x2, &(0x7f0000000000)=[@prinfo={0x18, 0x84, 0x5, {0x20, 0x400}}], 0x18}], 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r1) r2 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @quote}], 0x38) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, &(0x7f0000000240)=0x9) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getuid() sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x5, 0x0, 0x3, 0x6b4eddb}, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r5, 0x0, 0x60, &(0x7f0000000440)={'filter\x00', 0x104, 0x2, 0x3c8, 0xe8, 0xe8, 0x2e0, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0xe8}, @unspec=@MARK={0x28}}, {{@arp={@empty, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, {@mac, {[0x0, 0x0, 0x0, 0x0, 0x0, 0xff]}}, {@mac, {[0xff]}}, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 'nicvf0\x00', 'lo\x00'}, 0xc0, 0x110, 0x0, {0xb000000}}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @empty, @dev={0xac, 0x14, 0x14, 0xb}, @local, 0x8, 0x1}}}, {{@arp={@rand_addr, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 0x0, 0x9, {@empty, {[0xff]}}, {@mac=@remote}, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 'veth0_macvtap\x00', 'ipvlan1\x00', {}, {}, 0x0, 0x2}, 0xc0, 0xe8}, @unspec=@AUDIT={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28, '\x00', 0x0, 0xfffffffb}}}}, 0x418) socket$kcm(0x2, 0x3, 0x2) r6 = openat$mixer(0xffffffffffffff9c, &(0x7f0000003fc0), 0x0, 0x0) ioctl$SOUND_MIXER_READ_DEVMASK(r6, 0xc0044dff, &(0x7f0000004000)) r7 = semget$private(0x0, 0x1, 0x201) semtimedop(r7, &(0x7f0000000040)=[{0x0, 0xfffd}], 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) kernel console output (not intermixed with test programs): ngine, BIOS Google 05/07/2025 [ 155.426875][ T6886] Call Trace: [ 155.426883][ T6886] [ 155.426890][ T6886] dump_stack_lvl+0x189/0x250 [ 155.426921][ T6886] ? __pfx____ratelimit+0x10/0x10 [ 155.426949][ T6886] ? __pfx_dump_stack_lvl+0x10/0x10 [ 155.426976][ T6886] ? __pfx__printk+0x10/0x10 [ 155.427007][ T6886] should_fail_ex+0x414/0x560 [ 155.427037][ T6886] _copy_to_user+0x31/0xb0 [ 155.427058][ T6886] simple_read_from_buffer+0xe1/0x170 [ 155.427097][ T6886] proc_fail_nth_read+0x1df/0x250 [ 155.427121][ T6886] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 155.427142][ T6886] ? rw_verify_area+0x258/0x650 [ 155.427165][ T6886] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 155.427184][ T6886] vfs_read+0x200/0x980 [ 155.427210][ T6886] ? __pfx___mutex_lock+0x10/0x10 [ 155.427234][ T6886] ? __pfx_vfs_read+0x10/0x10 [ 155.427260][ T6886] ? __fget_files+0x2a/0x420 [ 155.427283][ T6886] ? __fget_files+0x3a0/0x420 [ 155.427299][ T6886] ? __fget_files+0x2a/0x420 [ 155.427328][ T6886] ksys_read+0x145/0x250 [ 155.427356][ T6886] ? __pfx_ksys_read+0x10/0x10 [ 155.427376][ T6886] ? rcu_is_watching+0x15/0xb0 [ 155.427405][ T6886] ? do_syscall_64+0xbe/0x3b0 [ 155.427433][ T6886] do_syscall_64+0xfa/0x3b0 [ 155.427457][ T6886] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.427474][ T6886] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 155.427491][ T6886] ? clear_bhb_loop+0x60/0xb0 [ 155.427514][ T6886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 155.427532][ T6886] RIP: 0033:0x7f8c9718d37c [ 155.427550][ T6886] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 155.427565][ T6886] RSP: 002b:00007f8c97f48030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 155.427584][ T6886] RAX: ffffffffffffffda RBX: 00007f8c973b5fa0 RCX: 00007f8c9718d37c [ 155.427597][ T6886] RDX: 000000000000000f RSI: 00007f8c97f480a0 RDI: 0000000000000004 [ 155.427607][ T6886] RBP: 00007f8c97f48090 R08: 0000000000000000 R09: 0000000000000000 [ 155.427618][ T6886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 155.427628][ T6886] R13: 0000000000000000 R14: 00007f8c973b5fa0 R15: 00007f8c974dfa28 [ 155.427660][ T6886] [ 155.879186][ T6887] bond2: entered promiscuous mode [ 155.885066][ T6887] 8021q: adding VLAN 0 to HW filter on device bond2 [ 156.172272][ T6893] netlink: 64 bytes leftover after parsing attributes in process `syz.4.308'. [ 156.213079][ T6893] tipc: Invalid UDP bearer configuration [ 156.213155][ T6893] tipc: Enabling of bearer rejected, failed to enable media [ 156.357782][ T30] kauditd_printk_skb: 17 callbacks suppressed [ 156.357799][ T30] audit: type=1326 audit(1748891549.903:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.4.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 156.436867][ T30] audit: type=1326 audit(1748891549.933:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.4.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 156.536559][ T30] audit: type=1326 audit(1748891549.953:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.4.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 156.539234][ T6898] bridge2: entered promiscuous mode [ 156.667150][ T6902] macsec1: entered allmulticast mode [ 156.672680][ T6902] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 156.782188][ T30] audit: type=1326 audit(1748891549.953:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.4.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 156.812397][ T6902] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 156.909162][ T30] audit: type=1326 audit(1748891549.953:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.4.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 156.961349][ T30] audit: type=1326 audit(1748891549.953:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.4.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 157.002922][ T30] audit: type=1326 audit(1748891549.953:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.4.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 157.038561][ T30] audit: type=1326 audit(1748891549.953:68): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.4.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb9ac58e9a3 code=0x7ffc0000 [ 157.124438][ T30] audit: type=1326 audit(1748891549.953:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.4.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb9ac58e9a3 code=0x7ffc0000 [ 157.178952][ T6909] netlink: 40 bytes leftover after parsing attributes in process `syz.0.312'. [ 157.188426][ T6909] netlink: 4 bytes leftover after parsing attributes in process `syz.0.312'. [ 157.197493][ T6909] netlink: 4 bytes leftover after parsing attributes in process `syz.0.312'. [ 157.207121][ T6909] netlink: 4 bytes leftover after parsing attributes in process `syz.0.312'. [ 157.252210][ T30] audit: type=1326 audit(1748891549.953:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6894 comm="syz.4.311" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 157.525904][ T6003] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 157.611366][ T6003] usb 2-1: USB disconnect, device number 9 [ 157.633135][ T6910] netlink: 'syz.2.313': attribute type 27 has an invalid length. [ 157.917286][ T6910] .30ªX¹¦D: left allmulticast mode [ 157.993600][ T10] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 158.214287][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 158.226094][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 158.303854][ T10] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 158.418486][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.427627][ T6910] bridge0: port 2(bridge_slave_1) entered disabled state [ 158.435258][ T6910] bridge0: port 1(bridge_slave_0) entered disabled state [ 158.536192][ T10] usb 5-1: config 0 descriptor?? [ 159.083879][ T10] usbhid 5-1:0.0: can't add hid device: -71 [ 159.124034][ T10] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 159.172165][ T10] usb 5-1: USB disconnect, device number 10 [ 159.255046][ T5832] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 159.359856][ T6910] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 159.420675][ T6910] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 159.443550][ T5832] usb 1-1: Using ep0 maxpacket: 16 [ 159.466069][ T5832] usb 1-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 159.486047][ T5832] usb 1-1: config 0 interface 0 has no altsetting 0 [ 159.507540][ T5832] usb 1-1: New USB device found, idVendor=1e71, idProduct=2009, bcdDevice= 0.00 [ 159.552684][ T5832] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.603013][ T5832] usb 1-1: config 0 descriptor?? [ 159.755556][ T6910] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.767636][ T6910] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.777682][ T6910] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.789791][ T6910] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 159.889560][ T6910] bridge1: left promiscuous mode [ 159.902805][ T6910] bridge2: left promiscuous mode [ 160.019094][ T6912] 8021q: adding VLAN 0 to HW filter on device bond0 [ 160.030210][ T6912] 8021q: adding VLAN 0 to HW filter on device team0 [ 160.048096][ T6912] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 160.102565][ T6935] bridge3: entered promiscuous mode [ 160.135103][ T6941] geneve2: entered promiscuous mode [ 160.430370][ T6947] netlink: 632 bytes leftover after parsing attributes in process `syz.4.323'. [ 160.549704][ T6954] FAULT_INJECTION: forcing a failure. [ 160.549704][ T6954] name failslab, interval 1, probability 0, space 0, times 0 [ 160.565301][ T6954] CPU: 1 UID: 0 PID: 6954 Comm: syz.3.326 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 160.565332][ T6954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 160.565344][ T6954] Call Trace: [ 160.565352][ T6954] [ 160.565361][ T6954] dump_stack_lvl+0x189/0x250 [ 160.565403][ T6954] ? __pfx____ratelimit+0x10/0x10 [ 160.565428][ T6954] ? __pfx_dump_stack_lvl+0x10/0x10 [ 160.565457][ T6954] ? __pfx__printk+0x10/0x10 [ 160.565484][ T6954] ? __pfx___might_resched+0x10/0x10 [ 160.565507][ T6954] ? fs_reclaim_acquire+0x7d/0x100 [ 160.565533][ T6954] should_fail_ex+0x414/0x560 [ 160.565565][ T6954] ? rhashtable_init_noprof+0x4ee/0xbb0 [ 160.565591][ T6954] should_failslab+0xa8/0x100 [ 160.565621][ T6954] __kvmalloc_node_noprof+0x168/0x600 [ 160.565649][ T6954] ? rhashtable_init_noprof+0x4ee/0xbb0 [ 160.565682][ T6954] rhashtable_init_noprof+0x4ee/0xbb0 [ 160.565718][ T6954] br_mdb_hash_init+0x52/0x90 [ 160.565747][ T6954] br_dev_init+0x47/0x490 [ 160.565775][ T6954] register_netdevice+0x6bc/0x1ae0 [ 160.565807][ T6954] ? alloc_netdev_mqs+0xc9e/0x11e0 [ 160.565918][ T6954] ? __pfx_register_netdevice+0x10/0x10 [ 160.565953][ T6954] ? __pfx_set_operstate+0x10/0x10 [ 160.565994][ T6954] br_dev_newlink+0x6a/0x140 [ 160.566017][ T6954] ? rtnl_newlink_create+0x2fd/0xb00 [ 160.566033][ T6954] ? __pfx_br_dev_newlink+0x10/0x10 [ 160.566056][ T6954] rtnl_newlink_create+0x310/0xb00 [ 160.566082][ T6954] ? __pfx_aa_get_newest_label+0x10/0x10 [ 160.566111][ T6954] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 160.566135][ T6954] ? rtnl_newlink+0x8db/0x1c70 [ 160.566165][ T6954] ? __pfx___mutex_lock+0x10/0x10 [ 160.566203][ T6954] ? ns_capable+0x8a/0xf0 [ 160.566233][ T6954] rtnl_newlink+0x16d6/0x1c70 [ 160.566261][ T6954] ? netlink_sendmsg+0x805/0xb30 [ 160.566295][ T6954] ? __pfx_rtnl_newlink+0x10/0x10 [ 160.566349][ T6954] ? kasan_quarantine_put+0xdd/0x220 [ 160.566373][ T6954] ? lockdep_hardirqs_on+0x9c/0x150 [ 160.566403][ T6954] ? nlmon_xmit+0xb0/0x100 [ 160.566428][ T6954] ? kmem_cache_free+0x18f/0x400 [ 160.566464][ T6954] ? __local_bh_enable_ip+0x12d/0x1c0 [ 160.566488][ T6954] ? lockdep_hardirqs_on+0x9c/0x150 [ 160.566512][ T6954] ? __local_bh_enable_ip+0x12d/0x1c0 [ 160.566535][ T6954] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 160.566563][ T6954] ? __dev_queue_xmit+0x27e/0x3a70 [ 160.566601][ T6954] ? __lock_acquire+0xab9/0xd20 [ 160.566654][ T6954] ? __pfx_rtnl_newlink+0x10/0x10 [ 160.566679][ T6954] rtnetlink_rcv_msg+0x7cf/0xb70 [ 160.566709][ T6954] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 160.566735][ T6954] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 160.566758][ T6954] ? ref_tracker_free+0x63a/0x7d0 [ 160.566782][ T6954] ? __copy_skb_header+0xa7/0x550 [ 160.566814][ T6954] ? __pfx_ref_tracker_free+0x10/0x10 [ 160.566839][ T6954] ? __skb_clone+0x63/0x7a0 [ 160.566868][ T6954] netlink_rcv_skb+0x205/0x470 [ 160.566898][ T6954] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 160.566926][ T6954] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 160.566973][ T6954] ? netlink_deliver_tap+0x2e/0x1b0 [ 160.567000][ T6954] ? netlink_deliver_tap+0x2e/0x1b0 [ 160.567036][ T6954] netlink_unicast+0x758/0x8d0 [ 160.567083][ T6954] netlink_sendmsg+0x805/0xb30 [ 160.567113][ T6954] ? __pfx_netlink_sendmsg+0x10/0x10 [ 160.567138][ T6954] ? aa_sock_msg_perm+0x94/0x160 [ 160.567164][ T6954] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 160.567185][ T6954] ? __pfx_netlink_sendmsg+0x10/0x10 [ 160.567206][ T6954] __sock_sendmsg+0x219/0x270 [ 160.567235][ T6954] ____sys_sendmsg+0x505/0x830 [ 160.567263][ T6954] ? __pfx_____sys_sendmsg+0x10/0x10 [ 160.567296][ T6954] ? import_iovec+0x74/0xa0 [ 160.567321][ T6954] ___sys_sendmsg+0x21f/0x2a0 [ 160.567343][ T6954] ? __pfx____sys_sendmsg+0x10/0x10 [ 160.567408][ T6954] ? __fget_files+0x2a/0x420 [ 160.567426][ T6954] ? __fget_files+0x3a0/0x420 [ 160.567458][ T6954] __x64_sys_sendmsg+0x19b/0x260 [ 160.567480][ T6954] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 160.567512][ T6954] ? __pfx_ksys_write+0x10/0x10 [ 160.567535][ T6954] ? rcu_is_watching+0x15/0xb0 [ 160.567565][ T6954] ? do_syscall_64+0xbe/0x3b0 [ 160.567594][ T6954] do_syscall_64+0xfa/0x3b0 [ 160.567615][ T6954] ? lockdep_hardirqs_on+0x9c/0x150 [ 160.567638][ T6954] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.567657][ T6954] ? clear_bhb_loop+0x60/0xb0 [ 160.567680][ T6954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 160.567698][ T6954] RIP: 0033:0x7f8c9718e969 [ 160.567719][ T6954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 160.567735][ T6954] RSP: 002b:00007f8c97f48038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 160.567757][ T6954] RAX: ffffffffffffffda RBX: 00007f8c973b5fa0 RCX: 00007f8c9718e969 [ 160.567769][ T6954] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 160.567779][ T6954] RBP: 00007f8c97f48090 R08: 0000000000000000 R09: 0000000000000000 [ 160.567789][ T6954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 160.567808][ T6954] R13: 0000000000000000 R14: 00007f8c973b5fa0 R15: 00007f8c974dfa28 [ 160.567837][ T6954] [ 161.142360][ T6954] bridge4: entered promiscuous mode [ 161.359368][ T6955] netdevsim netdevsim2: loading /lib/firmware/. failed with error -22 [ 161.391670][ T6955] netdevsim netdevsim2: Direct firmware load for . failed with error -22 [ 161.406828][ T5832] usbhid 1-1:0.0: can't add hid device: -71 [ 161.413430][ T5832] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 161.426424][ T5832] usb 1-1: USB disconnect, device number 8 [ 161.438151][ T6955] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 161.629170][ T6968] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 161.638459][ T6968] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 161.875565][ T5885] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 162.094327][ T5885] usb 3-1: Using ep0 maxpacket: 16 [ 162.144757][ T5885] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 162.173373][ T5885] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 162.193359][ T5885] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 162.262555][ T5885] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 162.307569][ T6977] FAULT_INJECTION: forcing a failure. [ 162.307569][ T6977] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 162.330095][ T5885] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.353477][ T6977] CPU: 0 UID: 0 PID: 6977 Comm: syz.1.334 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 162.353507][ T6977] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 162.353517][ T6977] Call Trace: [ 162.353525][ T6977] [ 162.353533][ T6977] dump_stack_lvl+0x189/0x250 [ 162.353567][ T6977] ? __pfx____ratelimit+0x10/0x10 [ 162.353590][ T6977] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.353616][ T6977] ? __pfx__printk+0x10/0x10 [ 162.353635][ T6977] ? __might_fault+0xb0/0x130 [ 162.353679][ T6977] should_fail_ex+0x414/0x560 [ 162.353709][ T6977] _copy_from_user+0x2d/0xb0 [ 162.353730][ T6977] ___sys_sendmsg+0x158/0x2a0 [ 162.353752][ T6977] ? __pfx____sys_sendmsg+0x10/0x10 [ 162.353897][ T6977] ? __fget_files+0x2a/0x420 [ 162.353914][ T6977] ? __fget_files+0x3a0/0x420 [ 162.353943][ T6977] __x64_sys_sendmsg+0x19b/0x260 [ 162.353965][ T6977] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 162.353994][ T6977] ? __pfx_ksys_write+0x10/0x10 [ 162.354017][ T6977] ? rcu_is_watching+0x15/0xb0 [ 162.354045][ T6977] ? do_syscall_64+0xbe/0x3b0 [ 162.354071][ T6977] do_syscall_64+0xfa/0x3b0 [ 162.354092][ T6977] ? lockdep_hardirqs_on+0x9c/0x150 [ 162.354113][ T6977] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.354130][ T6977] ? clear_bhb_loop+0x60/0xb0 [ 162.354151][ T6977] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.354168][ T6977] RIP: 0033:0x7f74cff8e969 [ 162.354185][ T6977] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.354200][ T6977] RSP: 002b:00007f74d0d42038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 162.354221][ T6977] RAX: ffffffffffffffda RBX: 00007f74d01b5fa0 RCX: 00007f74cff8e969 [ 162.354234][ T6977] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 162.354245][ T6977] RBP: 00007f74d0d42090 R08: 0000000000000000 R09: 0000000000000000 [ 162.354257][ T6977] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.354267][ T6977] R13: 0000000000000000 R14: 00007f74d01b5fa0 R15: 00007f74d02dfa28 [ 162.354298][ T6977] [ 162.374738][ T5885] usb 3-1: Product: syz [ 162.522270][ C1] vkms_vblank_simulate: vblank timer overrun [ 162.603847][ T5885] usb 3-1: Manufacturer: syz [ 162.608595][ T5885] usb 3-1: SerialNumber: syz [ 162.802282][ T6990] netlink: 40 bytes leftover after parsing attributes in process `syz.1.336'. [ 162.802483][ T6990] netlink: 4 bytes leftover after parsing attributes in process `syz.1.336'. [ 162.890633][ T5885] usb 3-1: 0:2 : does not exist [ 163.046066][ T6983] netlink: 'syz.0.335': attribute type 27 has an invalid length. [ 163.054386][ T5885] usb 3-1: 1:0: cannot get min/max values for control 4 (id 1) [ 163.135530][ T5885] usb 3-1: USB disconnect, device number 10 [ 163.383938][ T5985] udevd[5985]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 163.786106][ T6983] bridge3: left promiscuous mode [ 163.965128][ T6983] bridge4: left promiscuous mode [ 164.049552][ T6983] bond2: left promiscuous mode [ 164.756534][ T6986] 8021q: adding VLAN 0 to HW filter on device bond0 [ 164.789759][ T6986] 8021q: adding VLAN 0 to HW filter on device team0 [ 164.893512][ T6986] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 165.000903][ T7007] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 165.031391][ T7007] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 165.108147][ T7007] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 165.195304][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 165.195325][ T30] audit: type=1326 audit(1748891558.743:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7015 comm="syz.1.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74cff8e969 code=0x7ffc0000 [ 165.223778][ C1] vkms_vblank_simulate: vblank timer overrun [ 165.326529][ T30] audit: type=1326 audit(1748891558.823:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7015 comm="syz.1.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74cff8e969 code=0x7ffc0000 [ 165.398344][ T30] audit: type=1326 audit(1748891558.823:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7015 comm="syz.1.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f74cff8e969 code=0x7ffc0000 [ 165.421138][ C1] vkms_vblank_simulate: vblank timer overrun [ 165.467980][ T7019] vlan2: entered promiscuous mode [ 165.538782][ T30] audit: type=1326 audit(1748891558.823:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7015 comm="syz.1.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74cff8e969 code=0x7ffc0000 [ 165.616767][ T30] audit: type=1326 audit(1748891558.823:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7015 comm="syz.1.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74cff8e969 code=0x7ffc0000 [ 165.639616][ C1] vkms_vblank_simulate: vblank timer overrun [ 165.697006][ T30] audit: type=1326 audit(1748891558.823:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7015 comm="syz.1.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f74cff8e969 code=0x7ffc0000 [ 165.827530][ T30] audit: type=1326 audit(1748891558.823:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7015 comm="syz.1.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74cff8e969 code=0x7ffc0000 [ 165.879042][ T30] audit: type=1326 audit(1748891558.823:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7015 comm="syz.1.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f74cff8e969 code=0x7ffc0000 [ 165.925658][ T30] audit: type=1326 audit(1748891558.823:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7015 comm="syz.1.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f74cff8e969 code=0x7ffc0000 [ 165.960102][ T30] audit: type=1326 audit(1748891558.823:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7015 comm="syz.1.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f74cff8e9a3 code=0x7ffc0000 [ 165.987863][ T10] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 166.184713][ T10] usb 4-1: config 0 has no interfaces? [ 166.202989][ T10] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 166.235730][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.268715][ T10] usb 4-1: Product: syz [ 166.293996][ T10] usb 4-1: Manufacturer: syz [ 166.314569][ T7043] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 166.317223][ T10] usb 4-1: SerialNumber: syz [ 166.368181][ T10] usb 4-1: config 0 descriptor?? [ 166.675600][ T7050] netlink: 32 bytes leftover after parsing attributes in process `syz.1.352'. [ 166.917840][ T7050] netlink: 68 bytes leftover after parsing attributes in process `syz.1.352'. [ 166.975835][ T7057] binder: 7056:7057 ioctl 400c620e 200000000380 returned -22 [ 167.014261][ T7057] netlink: 'syz.0.354': attribute type 29 has an invalid length. [ 167.097516][ T7057] netlink: 'syz.0.354': attribute type 29 has an invalid length. [ 167.428397][ T7058] binder: 7056:7058 ioctl 89f2 200000000340 returned -22 [ 167.436475][ T7058] binder: 7056:7058 ioctl 89f0 200000000980 returned -22 [ 167.444191][ T7058] binder: 7056:7058 ioctl 89f2 200000000a40 returned -22 [ 167.452302][ T7058] binder: 7056:7058 ioctl 89f1 200000000d40 returned -22 [ 167.498977][ T7063] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 167.515027][ T7063] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 167.540965][ T7063] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 167.541098][ T7058] netlink: 596 bytes leftover after parsing attributes in process `syz.0.354'. [ 168.311999][ T7072] netlink: 'syz.2.357': attribute type 27 has an invalid length. [ 168.653022][ T5890] usb 4-1: USB disconnect, device number 10 [ 168.831044][ T7073] 8021q: adding VLAN 0 to HW filter on device bond0 [ 169.771502][ T7073] 8021q: adding VLAN 0 to HW filter on device team0 [ 169.996802][ T7073] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 170.344364][ T7087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 170.372192][ T7087] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 170.589315][ T5887] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 170.647996][ T7092] netlink: 632 bytes leftover after parsing attributes in process `syz.3.363'. [ 170.759724][ T7095] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 170.770583][ T7096] netlink: 12 bytes leftover after parsing attributes in process `syz.2.364'. [ 170.828691][ T7096] netlink: 36 bytes leftover after parsing attributes in process `syz.2.364'. [ 170.931472][ T7096] vlan2: entered allmulticast mode [ 170.953624][ T7096] macvtap0: entered allmulticast mode [ 170.986191][ T7100] netlink: 232 bytes leftover after parsing attributes in process `syz.1.367'. [ 171.206290][ T7105] fuse: Unknown parameter 'rootmode@zHxÏW0000000000040000' [ 171.274381][ T7111] vivid-000: disconnect [ 171.523696][ T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 171.690169][ T7083] vivid-000: reconnect [ 171.766549][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 171.774725][ T10] usb 4-1: too many configurations: 196, using maximum allowed: 8 [ 171.802264][ T10] usb 4-1: invalid descriptor for config index 0: type = 0x2, length = 50 [ 171.842840][ T10] usb 4-1: can't read configurations, error -22 [ 172.195189][ T7118] netlink: 64 bytes leftover after parsing attributes in process `syz.0.373'. [ 172.232886][ T7113] block device autoloading is deprecated and will be removed. [ 172.276254][ T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 172.361731][ T7114] netlink: 12 bytes leftover after parsing attributes in process `syz.2.371'. [ 172.465897][ T7118] tipc: Invalid UDP bearer configuration [ 172.465979][ T7118] tipc: Enabling of bearer rejected, failed to enable media [ 172.503557][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 172.514221][ T10] usb 4-1: too many configurations: 196, using maximum allowed: 8 [ 172.548125][ T10] usb 4-1: invalid descriptor for config index 0: type = 0x2, length = 50 [ 172.695826][ T10] usb 4-1: can't read configurations, error -22 [ 172.744428][ T10] usb usb4-port1: attempt power cycle [ 173.107864][ T10] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 173.135046][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 173.141420][ T10] usb 4-1: too many configurations: 196, using maximum allowed: 8 [ 173.166769][ T10] usb 4-1: invalid descriptor for config index 0: type = 0x2, length = 50 [ 173.181910][ T7128] netlink: 'syz.4.375': attribute type 27 has an invalid length. [ 173.241154][ T10] usb 4-1: can't read configurations, error -22 [ 173.290954][ T7128] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.298663][ T7128] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.363544][ T5887] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 173.383446][ T10] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 173.414298][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 173.420275][ T10] usb 4-1: too many configurations: 196, using maximum allowed: 8 [ 173.430265][ T10] usb 4-1: invalid descriptor for config index 0: type = 0x2, length = 50 [ 173.449849][ T10] usb 4-1: can't read configurations, error -22 [ 173.477168][ T10] usb usb4-port1: unable to enumerate USB device [ 173.513399][ T5887] usb 1-1: Using ep0 maxpacket: 16 [ 173.521081][ T5887] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 173.530843][ T5887] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 173.541397][ T5887] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 173.554413][ T5887] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 173.584978][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.602095][ T5887] usb 1-1: Product: syz [ 173.632960][ T5887] usb 1-1: Manufacturer: syz [ 173.658201][ T5887] usb 1-1: SerialNumber: syz [ 173.744143][ T10] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 174.381434][ T5887] usb 1-1: 0:2 : does not exist [ 174.420787][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 174.439210][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 174.462943][ T10] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 174.495961][ T10] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 174.522338][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 174.562591][ T10] usb 3-1: config 0 descriptor?? [ 174.604133][ T7128] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 174.632142][ T7128] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 174.754167][ T7143] netlink: 4 bytes leftover after parsing attributes in process `syz.3.379'. [ 174.955734][ T7128] veth0_macvtap: left allmulticast mode [ 174.983648][ T5882] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 175.071928][ T7145] vivid-000: disconnect [ 175.084315][ T10] plantronics 0003:047F:FFFF.0003: item 0 4 0 9 parsing failed [ 175.102876][ T10] plantronics 0003:047F:FFFF.0003: parse failed [ 175.109944][ T10] plantronics 0003:047F:FFFF.0003: probe with driver plantronics failed with error -22 [ 175.207879][ T7128] bridge1: left promiscuous mode [ 175.221429][ T7128] bridge2: left promiscuous mode [ 175.266915][ T7128] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.279388][ T7128] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.298550][ T7128] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.313034][ T7128] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 175.322868][ T7128] geneve2: left promiscuous mode [ 175.441330][ T7129] 8021q: adding VLAN 0 to HW filter on device bond0 [ 175.459034][ T7129] 8021q: adding VLAN 0 to HW filter on device team0 [ 175.482821][ T7127] program syz.0.376 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 175.500107][ T7129] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 175.565486][ T5887] usb 1-1: 1:0: failed to get current value for ch 0 (-22) [ 175.636026][ T5887] usb 1-1: USB disconnect, device number 9 [ 175.719371][ T5985] udevd[5985]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 176.241210][ T7155] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 176.267952][ T7155] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 176.294722][ T7155] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 176.403483][ T5887] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 176.553471][ T5887] usb 1-1: Using ep0 maxpacket: 8 [ 176.561202][ T5887] usb 1-1: config 5 has an invalid interface number: 72 but max is 0 [ 176.571002][ T5887] usb 1-1: config 5 has no interface number 0 [ 176.585503][ T5887] usb 1-1: config 5 interface 72 has no altsetting 0 [ 176.603652][ T5887] usb 1-1: New USB device found, idVendor=1b3d, idProduct=01cd, bcdDevice= 8.00 [ 176.617416][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.636592][ T5887] usb 1-1: Product: syz [ 176.645570][ T5887] usb 1-1: Manufacturer: syz [ 176.657283][ T5887] usb 1-1: SerialNumber: syz [ 176.690232][ T7134] vivid-000: reconnect [ 176.707183][ T6032] usb 3-1: USB disconnect, device number 12 [ 176.917338][ T5887] ftdi_sio 1-1:5.72: FTDI USB Serial Device converter detected [ 176.960154][ T5887] usb 1-1: Detected FT4232H [ 176.978014][ T5887] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 177.005732][ T5887] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 177.039783][ T5887] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 177.105833][ T5887] usb 1-1: USB disconnect, device number 10 [ 177.128791][ T5887] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 177.132895][ T7160] netlink: 12 bytes leftover after parsing attributes in process `syz.4.385'. [ 177.175426][ T5887] ftdi_sio 1-1:5.72: device disconnected [ 177.184861][ T7160] netlink: 36 bytes leftover after parsing attributes in process `syz.4.385'. [ 177.204917][ T7162] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(8) [ 177.211538][ T7162] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 177.244365][ T7162] vhci_hcd vhci_hcd.0: Device attached [ 177.257122][ T7160] vlan2: entered allmulticast mode [ 177.288137][ T7162] netlink: 161716 bytes leftover after parsing attributes in process `syz.2.386'. [ 177.324717][ T7162] netlink: zone id is out of range [ 177.338178][ T7162] netlink: zone id is out of range [ 177.345414][ T7162] netlink: zone id is out of range [ 177.352555][ T7162] netlink: zone id is out of range [ 177.365539][ T7162] netlink: zone id is out of range [ 177.442729][ T7163] vhci_hcd: connection closed [ 177.443084][ T59] vhci_hcd: stop threads [ 177.482644][ T59] vhci_hcd: release socket [ 177.493527][ T6032] usb 37-1: new low-speed USB device number 4 using vhci_hcd [ 177.494824][ T59] vhci_hcd: disconnect device [ 177.960729][ T7181] netlink: 'syz.0.391': attribute type 27 has an invalid length. [ 178.064151][ T5884] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 178.172351][ T7187] netlink: 232 bytes leftover after parsing attributes in process `syz.3.395'. [ 178.294971][ T7184] 8021q: adding VLAN 0 to HW filter on device bond0 [ 178.308683][ T7184] 8021q: adding VLAN 0 to HW filter on device team0 [ 178.315437][ T5884] usb 5-1: Using ep0 maxpacket: 16 [ 178.317236][ T5884] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 178.338496][ T7184] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 178.366960][ T5884] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 178.406398][ T5884] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 178.418050][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.426750][ T5884] usb 5-1: Product: syz [ 178.430923][ T5884] usb 5-1: Manufacturer: syz [ 178.437823][ T5884] usb 5-1: SerialNumber: syz [ 178.462072][ T5884] usb 5-1: config 0 descriptor?? [ 178.501004][ T5884] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 178.543568][ T5890] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 178.593478][ T5884] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 178.696086][ T7194] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 178.713086][ T7194] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 178.725761][ T5890] usb 4-1: Using ep0 maxpacket: 32 [ 178.742560][ T7194] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 178.757168][ T5890] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 178.768462][ T5890] usb 4-1: config 0 has no interface number 0 [ 178.791571][ T5890] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 178.803648][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.811897][ T5890] usb 4-1: Product: syz [ 178.838826][ T5890] usb 4-1: Manufacturer: syz [ 178.853556][ T5890] usb 4-1: SerialNumber: syz [ 178.887660][ T5890] usb 4-1: config 0 descriptor?? [ 178.923403][ T5885] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 178.943677][ T5890] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 179.107060][ T5885] usb 3-1: New USB device found, idVendor=0545, idProduct=800d, bcdDevice= 3.0a [ 179.121895][ T5885] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.134104][ T5884] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 179.134605][ T5890] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 179.147736][ T5884] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 179.245624][ T5885] usb 3-1: config 0 descriptor?? [ 179.261951][ T5885] gspca_main: xirlink-cit-2.14.0 probing 0545:800d [ 179.274164][ T5890] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 179.309621][ T5885] input: xirlink-cit as /devices/platform/dummy_hcd.2/usb3/3-1/input/input9 [ 179.337540][ T7189] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 179.363541][ T5884] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 179.378552][ T5884] em28xx 5-1:0.0: No AC97 audio processor [ 179.387024][ T7189] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 179.626647][ T5884] usb 3-1: USB disconnect, device number 13 [ 179.809321][ T7198] nvme_fabrics: unknown parameter or missing value 'syz1' in ctrl creation request [ 179.868299][ T7200] netlink: 56 bytes leftover after parsing attributes in process `syz.0.399'. [ 179.907095][ C1] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 179.908476][ T10] usb 4-1: USB disconnect, device number 16 [ 179.962397][ T10] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 179.998923][ T10] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 180.017705][ T10] quatech2 4-1:0.51: device disconnected [ 180.229114][ T7213] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 180.702092][ T7224] netlink: 12 bytes leftover after parsing attributes in process `syz.3.406'. [ 180.921329][ T5884] usb 5-1: USB disconnect, device number 11 [ 180.992877][ T5884] em28xx 5-1:0.0: Disconnecting em28xx [ 181.022330][ T5884] em28xx 5-1:0.0: Freeing device [ 181.140982][ T7231] netlink: 'syz.1.409': attribute type 27 has an invalid length. [ 181.544560][ T7231] bridge0: port 2(bridge_slave_1) entered disabled state [ 181.552434][ T7231] bridge0: port 1(bridge_slave_0) entered disabled state [ 182.499081][ T7231] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 182.516421][ T7231] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 182.606332][ T6037] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 182.613421][ T6032] vhci_hcd: vhci_device speed not set [ 182.773459][ T6037] usb 3-1: device descriptor read/64, error -71 [ 183.014647][ T7231] netdevsim netdevsim1 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.023982][ T7231] netdevsim netdevsim1 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.032918][ T7231] netdevsim netdevsim1 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.043706][ T7259] FAULT_INJECTION: forcing a failure. [ 183.043706][ T7259] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 183.057481][ T7231] netdevsim netdevsim1 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 183.066533][ T6037] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 183.098977][ T7259] CPU: 1 UID: 0 PID: 7259 Comm: syz.3.416 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 183.098997][ T7259] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 183.099004][ T7259] Call Trace: [ 183.099010][ T7259] [ 183.099016][ T7259] dump_stack_lvl+0x189/0x250 [ 183.099043][ T7259] ? __pfx____ratelimit+0x10/0x10 [ 183.099057][ T7259] ? __pfx_dump_stack_lvl+0x10/0x10 [ 183.099075][ T7259] ? __pfx__printk+0x10/0x10 [ 183.099087][ T7259] ? __might_fault+0xb0/0x130 [ 183.099110][ T7259] should_fail_ex+0x414/0x560 [ 183.099128][ T7259] _copy_from_user+0x2d/0xb0 [ 183.099140][ T7259] ___sys_recvmsg+0x12e/0x510 [ 183.099156][ T7259] ? __pfx____sys_recvmsg+0x10/0x10 [ 183.099186][ T7259] ? __might_fault+0xb0/0x130 [ 183.099203][ T7259] do_recvmmsg+0x307/0x770 [ 183.099220][ T7259] ? __pfx_do_recvmmsg+0x10/0x10 [ 183.099239][ T7259] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 183.099264][ T7259] __x64_sys_recvmmsg+0x190/0x240 [ 183.099278][ T7259] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 183.099289][ T7259] ? rcu_is_watching+0x15/0xb0 [ 183.099306][ T7259] ? do_syscall_64+0xbe/0x3b0 [ 183.099322][ T7259] do_syscall_64+0xfa/0x3b0 [ 183.099336][ T7259] ? lockdep_hardirqs_on+0x9c/0x150 [ 183.099348][ T7259] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.099359][ T7259] ? clear_bhb_loop+0x60/0xb0 [ 183.099373][ T7259] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 183.099383][ T7259] RIP: 0033:0x7f8c9718e969 [ 183.099394][ T7259] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 183.099404][ T7259] RSP: 002b:00007f8c97f48038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 183.099417][ T7259] RAX: ffffffffffffffda RBX: 00007f8c973b5fa0 RCX: 00007f8c9718e969 [ 183.099425][ T7259] RDX: 015cbc1ab4c0933f RSI: 0000200000001980 RDI: 0000000000000004 [ 183.099433][ T7259] RBP: 00007f8c97f48090 R08: 0000000000000000 R09: 0000000000000000 [ 183.099440][ T7259] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 183.099446][ T7259] R13: 0000000000000000 R14: 00007f8c973b5fa0 R15: 00007f8c974dfa28 [ 183.099463][ T7259] [ 183.317452][ C1] vkms_vblank_simulate: vblank timer overrun [ 183.383534][ T6037] usb 3-1: device descriptor read/64, error -71 [ 183.454809][ T7231] bridge1: left promiscuous mode [ 183.470965][ T7231] batman_adv: batadv0: Interface deactivated: macvtap1 [ 183.481315][ T7231] mac80211_hwsim hwsim8 wlan0: left allmulticast mode [ 183.489270][ T7231] macvtap1: left allmulticast mode [ 183.504313][ T6037] usb usb3-port1: attempt power cycle [ 183.510262][ T7235] netdevsim netdevsim4: loading /lib/firmware/. failed with error -22 [ 183.523979][ T7235] netdevsim netdevsim4: Direct firmware load for . failed with error -22 [ 183.550652][ T7235] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 183.576020][ T7237] 8021q: adding VLAN 0 to HW filter on device bond0 [ 183.589320][ T7237] 8021q: adding VLAN 0 to HW filter on device team0 [ 183.609321][ T7237] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 183.738456][ T7261] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 183.745224][ T7261] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 183.773509][ T7261] vhci_hcd vhci_hcd.0: Device attached [ 183.854816][ T6037] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 183.856035][ T7261] netlink: 161716 bytes leftover after parsing attributes in process `syz.0.417'. [ 183.856078][ T7261] netlink: zone id is out of range [ 183.856085][ T7261] netlink: zone id is out of range [ 183.856090][ T7261] netlink: zone id is out of range [ 183.856096][ T7261] netlink: zone id is out of range [ 183.856101][ T7261] netlink: zone id is out of range [ 183.857232][ T7262] vhci_hcd: connection closed [ 183.875337][ T6037] usb 3-1: device descriptor read/8, error -71 [ 183.878218][ T2961] vhci_hcd: stop threads [ 183.878240][ T2961] vhci_hcd: release socket [ 183.878257][ T2961] vhci_hcd: disconnect device [ 183.930469][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 183.930489][ T30] audit: type=1326 audit(1748891577.473:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7269 comm="syz.4.420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 183.930541][ T30] audit: type=1326 audit(1748891577.473:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7269 comm="syz.4.420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 183.933254][ T30] audit: type=1326 audit(1748891577.473:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7269 comm="syz.4.420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 183.936701][ T30] audit: type=1326 audit(1748891577.483:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7269 comm="syz.4.420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 183.936845][ T30] audit: type=1326 audit(1748891577.483:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7269 comm="syz.4.420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 183.942148][ T30] audit: type=1326 audit(1748891577.483:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7269 comm="syz.4.420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 183.942213][ T30] audit: type=1326 audit(1748891577.483:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7269 comm="syz.4.420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 183.942254][ T30] audit: type=1326 audit(1748891577.483:123): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7269 comm="syz.4.420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fb9ac58e969 code=0x7ffc0000 [ 183.942799][ T30] audit: type=1326 audit(1748891577.483:124): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7269 comm="syz.4.420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb9ac58e9a3 code=0x7ffc0000 [ 183.952387][ T30] audit: type=1326 audit(1748891577.493:125): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7269 comm="syz.4.420" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fb9ac58e9a3 code=0x7ffc0000 [ 184.220631][ T6037] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 184.238184][ C1] vkms_vblank_simulate: vblank timer overrun [ 184.414583][ T6037] usb 3-1: device descriptor read/8, error -71 [ 184.437478][ T7281] bridge2: entered promiscuous mode [ 184.531718][ T7285] netlink: 12 bytes leftover after parsing attributes in process `syz.1.425'. [ 184.560001][ T6037] usb usb3-port1: unable to enumerate USB device [ 184.595271][ T7285] 8021q: adding VLAN 0 to HW filter on device bond1 [ 185.702302][ T7300] netlink: 'syz.2.428': attribute type 27 has an invalid length. [ 185.733909][ T7303] netlink: 632 bytes leftover after parsing attributes in process `syz.0.431'. [ 185.873853][ T5884] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 186.073957][ T5884] usb 5-1: Using ep0 maxpacket: 32 [ 186.138930][ T5884] usb 5-1: config 0 has an invalid interface number: 213 but max is 0 [ 186.205773][ T5884] usb 5-1: config 0 has no interface number 0 [ 186.242801][ T7305] netdevsim netdevsim3: loading /lib/firmware/. failed with error -22 [ 186.270274][ T5884] usb 5-1: New USB device found, idVendor=2692, idProduct=9005, bcdDevice=42.c9 [ 186.293384][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.301451][ T5884] usb 5-1: Product: syz [ 186.313943][ T7305] netdevsim netdevsim3: Direct firmware load for . failed with error -22 [ 186.328380][ T7305] netdevsim netdevsim3: Falling back to sysfs fallback for: . [ 186.328741][ T5884] usb 5-1: Manufacturer: syz [ 186.353335][ T5884] usb 5-1: SerialNumber: syz [ 186.362074][ T5884] usb 5-1: config 0 descriptor?? [ 186.388071][ T5884] option 5-1:0.213: GSM modem (1-port) converter detected [ 186.585783][ T7306] 8021q: adding VLAN 0 to HW filter on device bond0 [ 186.603393][ T7299] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.645287][ T7306] 8021q: adding VLAN 0 to HW filter on device team0 [ 186.652450][ T7299] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.720776][ T7306] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 186.741128][ T5884] usb 5-1: USB disconnect, device number 12 [ 186.764766][ T5884] option 5-1:0.213: device disconnected [ 187.013857][ T7333] netlink: 12 bytes leftover after parsing attributes in process `syz.0.439'. [ 187.304931][ T7339] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 187.311616][ T7339] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 187.353536][ T7339] vhci_hcd vhci_hcd.0: Device attached [ 187.392882][ T7339] netlink: 161716 bytes leftover after parsing attributes in process `syz.4.441'. [ 187.423722][ T7339] netlink: zone id is out of range [ 187.431233][ T7339] netlink: zone id is out of range [ 187.442238][ T7339] netlink: zone id is out of range [ 187.489807][ T7344] netlink: 12 bytes leftover after parsing attributes in process `syz.2.442'. [ 187.558110][ T7340] vhci_hcd: connection closed [ 187.568916][ T13] vhci_hcd: stop threads [ 187.609295][ T7344] 8021q: adding VLAN 0 to HW filter on device bond2 [ 187.623391][ T5884] usb 41-1: new low-speed USB device number 5 using vhci_hcd [ 187.641976][ T7347] netlink: 12 bytes leftover after parsing attributes in process `syz.3.443'. [ 187.658672][ T13] vhci_hcd: release socket [ 187.670392][ T13] vhci_hcd: disconnect device [ 187.765947][ T7347] 8021q: adding VLAN 0 to HW filter on device bond2 [ 187.781743][ T7350] netlink: 56 bytes leftover after parsing attributes in process `syz.2.444'. [ 188.128959][ T7360] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 188.222056][ T7360] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 188.268447][ T7360] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 188.468539][ T7367] netlink: 'syz.2.450': attribute type 2 has an invalid length. [ 188.732511][ T7368] binder: 7362:7368 ioctl 40046205 0 returned -22 [ 188.743376][ T7367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.450'. [ 188.749440][ T7368] binder: 7362:7368 ioctl c0306201 200000001a80 returned -14 [ 188.791479][ T7367] netlink: 8 bytes leftover after parsing attributes in process `syz.2.450'. [ 189.484889][ T7380] netlink: 'syz.2.452': attribute type 27 has an invalid length. [ 189.726067][ T6032] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 189.824489][ T7386] 8021q: adding VLAN 0 to HW filter on device bond0 [ 189.851136][ T7386] 8021q: adding VLAN 0 to HW filter on device team0 [ 189.869837][ T7386] net_ratelimit: 2 callbacks suppressed [ 189.869848][ T7386] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 189.913697][ T6032] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 190.003727][ T6032] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 190.082796][ T6032] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 190.167623][ T6032] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 190.202325][ T6032] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 190.270713][ T6032] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 190.306802][ T6032] usb 1-1: invalid MIDI out EP 0 [ 190.423863][ T6030] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 190.540160][ T7388] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 190.551662][ T7388] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 190.589004][ T6001] udevd[6001]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 190.616742][ T6030] usb 5-1: Using ep0 maxpacket: 32 [ 190.656682][ T6032] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 190.666837][ T6030] usb 5-1: config 2 has an invalid interface number: 15 but max is 0 [ 190.697808][ T6030] usb 5-1: config 2 has 2 interfaces, different from the descriptor's value: 1 [ 190.710961][ T6030] usb 5-1: config 2 has no interface number 1 [ 190.717413][ T6030] usb 5-1: config 2 interface 15 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 190.733563][ T6030] usb 5-1: config 2 interface 0 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 190.746878][ T6030] usb 5-1: config 2 interface 0 has no altsetting 0 [ 190.756987][ T6030] usb 5-1: New USB device found, idVendor=0471, idProduct=0312, bcdDevice=94.69 [ 190.769337][ T6030] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.778309][ T6030] usb 5-1: Product: syz [ 190.784322][ T6030] usb 5-1: Manufacturer: syz [ 190.789417][ T6030] usb 5-1: SerialNumber: syz [ 190.823224][ T6030] pwc: Philips PCVC750K (ToUCam Pro Scan) USB webcam detected. [ 191.001001][ T6030] pwc: Failed to set LED on/off time (-71) [ 191.017053][ T6030] pwc: send_video_command error -71 [ 191.031259][ T6030] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 191.066196][ T6030] Philips webcam 5-1:2.0: probe with driver Philips webcam failed with error -71 [ 191.123208][ T6030] usb 5-1: USB disconnect, device number 13 [ 191.370209][ T7399] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 191.376947][ T7399] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 191.407876][ T7399] vhci_hcd vhci_hcd.0: Device attached [ 191.491735][ T7399] netlink: 161716 bytes leftover after parsing attributes in process `syz.3.457'. [ 191.501497][ T7399] netlink: zone id is out of range [ 191.522449][ T7399] netlink: zone id is out of range [ 191.547910][ T7399] netlink: zone id is out of range [ 191.570469][ T7399] netlink: zone id is out of range [ 191.577751][ T7399] netlink: zone id is out of range [ 191.656357][ T5882] usb 39-1: new low-speed USB device number 4 using vhci_hcd [ 191.664065][ T7400] vhci_hcd: connection closed [ 191.666160][ T3002] vhci_hcd: stop threads [ 191.682032][ T3002] vhci_hcd: release socket [ 191.687176][ T3002] vhci_hcd: disconnect device [ 191.823069][ T7406] vlan2: entered promiscuous mode [ 191.833546][ T7406] batadv0: entered promiscuous mode [ 191.930082][ T7412] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 191.936678][ T7412] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 191.989002][ T7412] vhci_hcd vhci_hcd.0: Device attached [ 191.990217][ T7415] netlink: 161716 bytes leftover after parsing attributes in process `syz.2.461'. [ 192.032581][ T7415] netlink: zone id is out of range [ 192.060641][ T7415] netlink: zone id is out of range [ 192.066491][ T7415] netlink: zone id is out of range [ 192.073094][ T7415] netlink: zone id is out of range [ 192.162651][ T7413] vhci_hcd: connection closed [ 192.175016][ T59] vhci_hcd: stop threads [ 192.205389][ T59] vhci_hcd: release socket [ 192.217081][ T59] vhci_hcd: disconnect device [ 192.233519][ T10] usb 37-1: new low-speed USB device number 5 using vhci_hcd [ 192.264810][ T7418] xt_connbytes: Forcing CT accounting to be enabled [ 192.763697][ T6030] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 192.773484][ T5884] vhci_hcd: vhci_device speed not set [ 192.933535][ T6030] usb 2-1: Using ep0 maxpacket: 8 [ 192.946266][ T6030] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 192.960659][ T6030] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 192.983873][ T6030] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 193.005236][ T7440] netlink: 'syz.4.469': attribute type 27 has an invalid length. [ 193.030865][ T6030] usb 2-1: config 250 has no interface number 0 [ 193.043658][ T6030] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 193.069481][ T6030] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 193.095577][ T6030] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 193.118017][ T6030] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 193.146139][ T6030] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 193.163522][ T6030] usb 2-1: config 250 interface 228 has no altsetting 0 [ 193.172650][ T6030] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 193.216594][ T6030] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 193.261636][ T6030] usb 2-1: Product: syz [ 193.279236][ T6030] usb 2-1: SerialNumber: syz [ 193.294368][ T5887] usb 1-1: USB disconnect, device number 11 [ 193.303224][ T6030] hub 2-1:250.228: bad descriptor, ignoring hub [ 193.335997][ T6030] hub 2-1:250.228: probe with driver hub failed with error -5 [ 193.357832][ T7444] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 193.490815][ T7389] delete_channel: no stack [ 193.524000][ T6030] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 11 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 193.602243][ T7441] 8021q: adding VLAN 0 to HW filter on device bond0 [ 193.611464][ T7441] 8021q: adding VLAN 0 to HW filter on device team0 [ 193.657781][ T7446] netlink: 44 bytes leftover after parsing attributes in process `syz.0.471'. [ 193.699252][ T7446] netlink: 43 bytes leftover after parsing attributes in process `syz.0.471'. [ 193.760480][ T7446] netlink: 'syz.0.471': attribute type 5 has an invalid length. [ 193.835475][ T7446] netlink: 43 bytes leftover after parsing attributes in process `syz.0.471'. [ 193.849363][ T7453] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 193.902962][ T7453] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 193.921340][ T7447] netlink: 44 bytes leftover after parsing attributes in process `syz.0.471'. [ 193.958935][ T7447] netlink: 43 bytes leftover after parsing attributes in process `syz.0.471'. [ 193.968533][ T7447] netlink: 'syz.0.471': attribute type 5 has an invalid length. [ 193.981409][ T7447] netlink: 43 bytes leftover after parsing attributes in process `syz.0.471'. [ 194.203449][ T5884] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 194.406933][ T5884] usb 4-1: config 0 has no interfaces? [ 194.415131][ T5884] usb 4-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e [ 194.443028][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.483944][ T5884] usb 4-1: Product: syz [ 194.491681][ T5884] usb 4-1: Manufacturer: syz [ 194.519382][ T5884] usb 4-1: SerialNumber: syz [ 194.556827][ T5884] usb 4-1: config 0 descriptor?? [ 194.627684][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.634410][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.673716][ T5887] usb 2-1: USB disconnect, device number 11 [ 194.702714][ T5887] usblp0: removed [ 194.777228][ T7450] ======================================================= [ 194.777228][ T7450] WARNING: The mand mount option has been deprecated and [ 194.777228][ T7450] and is ignored by this kernel. Remove the mand [ 194.777228][ T7450] option from the mount to silence this warning. [ 194.777228][ T7450] ======================================================= [ 194.866247][ T7450] fuse: Bad value for 'fd' [ 194.892583][ T5887] usb 4-1: USB disconnect, device number 17 [ 195.218690][ T7474] loop6: detected capacity change from 0 to 524287999 [ 195.226930][ T7474] buffer_io_error: 24 callbacks suppressed [ 195.226948][ T7474] Buffer I/O error on dev loop6, logical block 0, async page read [ 195.269104][ T7474] Buffer I/O error on dev loop6, logical block 0, async page read [ 195.281890][ T7474] Buffer I/O error on dev loop6, logical block 0, async page read [ 195.296188][ T7474] Buffer I/O error on dev loop6, logical block 0, async page read [ 195.316369][ T7474] Buffer I/O error on dev loop6, logical block 0, async page read [ 195.327003][ T7474] Buffer I/O error on dev loop6, logical block 0, async page read [ 195.376296][ T7474] Buffer I/O error on dev loop6, logical block 0, async page read [ 195.401603][ T7474] Buffer I/O error on dev loop6, logical block 0, async page read [ 195.433598][ T7474] ldm_validate_partition_table(): Disk read failed. [ 195.668781][ T7474] Buffer I/O error on dev loop6, logical block 0, async page read [ 195.699528][ T7474] Buffer I/O error on dev loop6, logical block 0, async page read [ 195.720551][ T7474] Dev loop6: unable to read RDB block 0 [ 195.739634][ T7474] loop6: unable to read partition table [ 195.830738][ T7474] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 195.937065][ T5203] ldm_validate_partition_table(): Disk read failed. [ 195.960658][ T5203] Dev loop6: unable to read RDB block 0 [ 196.013959][ T6030] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 196.139200][ T5203] loop6: unable to read partition table [ 196.246472][ T6030] usb 1-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 196.283712][ T6030] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 196.322902][ T43] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 196.377941][ T6030] usb 1-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 196.419185][ T6030] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 196.438561][ T6030] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.525436][ T6030] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 196.557942][ T43] usb 4-1: config 0 has no interfaces? [ 196.568575][ T6030] usb 1-1: invalid MIDI out EP 0 [ 196.575326][ T43] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 196.591282][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.635500][ T43] usb 4-1: Product: syz [ 196.639701][ T43] usb 4-1: Manufacturer: syz [ 196.673247][ T43] usb 4-1: SerialNumber: syz [ 196.719316][ T7497] netlink: 'syz.1.485': attribute type 27 has an invalid length. [ 196.761726][ T43] usb 4-1: config 0 descriptor?? [ 196.795181][ T5882] vhci_hcd: vhci_device speed not set [ 196.853486][ T6032] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 196.966224][ T6030] snd-usb-audio 1-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 197.051459][ T6032] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 197.116606][ T7479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.127181][ T7479] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.188163][ T5880] udevd[5880]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 197.230097][ T6032] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBA, changing to 0x8A [ 197.263642][ T6032] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 121, setting to 64 [ 197.286509][ T6032] usb 3-1: New USB device found, idVendor=2294, idProduct=425b, bcdDevice=a2.10 [ 197.296092][ T6032] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.333547][ T10] vhci_hcd: vhci_device speed not set [ 197.385612][ T6032] usb 3-1: Product: syz [ 197.398101][ T6032] usb 3-1: Manufacturer: syz [ 197.435392][ T6032] usb 3-1: SerialNumber: syz [ 197.502643][ T7497] bridge2: left promiscuous mode [ 197.558329][ T6032] usb 3-1: config 0 descriptor?? [ 197.619645][ T7496] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 197.637327][ T7496] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 197.661004][ T6032] usb 3-1: ucan: probing device on interface #0 [ 197.739514][ T7499] 8021q: adding VLAN 0 to HW filter on device bond0 [ 197.800270][ T7499] 8021q: adding VLAN 0 to HW filter on device team0 [ 197.870681][ T7499] net_ratelimit: 2 callbacks suppressed [ 197.870694][ T7499] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 198.117910][ T6032] usb 3-1: ucan: device reported invalid device info [ 198.125092][ T6032] usb 3-1: ucan: probe failed; try to update the device firmware [ 198.203884][ T6037] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 198.413579][ T6037] usb 5-1: Using ep0 maxpacket: 32 [ 198.425947][ T6037] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 198.441229][ T6037] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.465817][ T6037] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 198.508440][ T6037] usb 5-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 198.526156][ T6037] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.548624][ T10] usb 3-1: USB disconnect, device number 18 [ 198.580278][ T6037] usb 5-1: config 0 descriptor?? [ 198.787270][ T6032] usb 1-1: USB disconnect, device number 12 [ 198.901334][ T7477] delete_channel: no stack [ 199.039008][ T6037] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0004/input/input10 [ 199.163244][ T6037] input: HID 0458:5011 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5011.0004/input/input11 [ 199.248630][ T7504] vlan2: entered promiscuous mode [ 199.285282][ T7506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 199.313394][ T7504] batadv0: entered promiscuous mode [ 199.329601][ T7506] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 199.339167][ T10] usb 4-1: USB disconnect, device number 18 [ 199.515431][ T6037] kye 0003:0458:5011.0004: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.4-1/input0 [ 199.725872][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 199.725890][ T30] audit: type=1326 audit(1748891593.263:137): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7516 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 199.840241][ T30] audit: type=1326 audit(1748891593.263:138): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7516 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 199.898573][ T30] audit: type=1326 audit(1748891593.273:139): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7516 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 199.947743][ T7523] xt_ipcomp: unknown flags 12 [ 199.964368][ T7523] xt_ipcomp: unknown flags 12 [ 199.980043][ T30] audit: type=1326 audit(1748891593.273:140): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7516 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 200.016455][ T30] audit: type=1326 audit(1748891593.273:141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7516 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 200.070579][ T30] audit: type=1326 audit(1748891593.273:142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7516 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 200.115632][ T30] audit: type=1326 audit(1748891593.273:143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7516 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 200.139068][ T30] audit: type=1326 audit(1748891593.273:144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7516 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 200.171622][ T30] audit: type=1326 audit(1748891593.273:145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7516 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 200.194927][ T30] audit: type=1326 audit(1748891593.273:146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7516 comm="syz.2.492" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc8e418e9a3 code=0x7ffc0000 [ 200.219580][ T7531] netlink: 8 bytes leftover after parsing attributes in process `syz.0.494'. [ 200.229027][ T7531] netlink: 8 bytes leftover after parsing attributes in process `syz.0.494'. [ 200.394201][ T5885] usb 5-1: reset high-speed USB device number 14 using dummy_hcd [ 200.648660][ T7533] bridge4: entered promiscuous mode [ 200.795978][ T7539] Cannot find map_set index 0 as target [ 200.917080][ T7541] macsec1: entered allmulticast mode [ 200.926053][ T7541] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 201.105130][ T7541] netdevsim netdevsim0 netdevsim0: left allmulticast mode [ 201.223879][ T7543] netlink: 12 bytes leftover after parsing attributes in process `syz.1.500'. [ 201.802621][ T7543] bridge0: port 3(batadv1) entered blocking state [ 201.863524][ T7543] bridge0: port 3(batadv1) entered disabled state [ 201.890046][ T7543] batadv1: entered allmulticast mode [ 201.897708][ T7551] IPVS: set_ctl: invalid protocol: 0 172.20.20.187:20004 [ 201.914644][ T7543] batadv1: entered promiscuous mode [ 201.993709][ T7550] netlink: 'syz.4.501': attribute type 27 has an invalid length. [ 202.208191][ T6032] usb 5-1: USB disconnect, device number 14 [ 202.375819][ T7561] netlink: 12 bytes leftover after parsing attributes in process `syz.3.503'. [ 202.399436][ T59] batman_adv: batadv1: No IGMP Querier present - multicast optimizations disabled [ 202.409015][ T59] batman_adv: batadv1: No MLD Querier present - multicast optimizations disabled [ 202.618827][ T7552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 202.628498][ T7552] 8021q: adding VLAN 0 to HW filter on device team0 [ 202.646750][ T7552] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 202.692457][ T7561] 8021q: adding VLAN 0 to HW filter on device bond3 [ 202.823424][ T7564] netlink: 8 bytes leftover after parsing attributes in process `syz.3.504'. [ 202.838285][ T7564] netlink: 336 bytes leftover after parsing attributes in process `syz.3.504'. [ 203.157587][ T7571] netlink: 'syz.1.505': attribute type 10 has an invalid length. [ 203.220777][ T7572] netlink: 12 bytes leftover after parsing attributes in process `syz.1.505'. [ 203.300638][ T7572] netlink: 31 bytes leftover after parsing attributes in process `syz.1.505'. [ 203.373373][ T7572] netlink: 'syz.1.505': attribute type 3 has an invalid length. [ 203.420372][ T7572] netlink: 'syz.1.505': attribute type 2 has an invalid length. [ 203.472661][ T7572] netlink: 31 bytes leftover after parsing attributes in process `syz.1.505'. [ 204.352337][ T7591] netlink: 8 bytes leftover after parsing attributes in process `syz.2.513'. [ 204.567906][ T7594] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 204.574510][ T7594] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 204.604968][ T7594] vhci_hcd vhci_hcd.0: Device attached [ 204.620803][ T7594] netlink: zone id is out of range [ 204.628864][ T7594] netlink: zone id is out of range [ 204.634636][ T7594] netlink: zone id is out of range [ 204.640148][ T7594] netlink: zone id is out of range [ 204.646679][ T7594] netlink: zone id is out of range [ 204.686742][ T7595] vhci_hcd: connection closed [ 204.687091][ T13] vhci_hcd: stop threads [ 204.743554][ T13] vhci_hcd: release socket [ 204.752631][ T13] vhci_hcd: disconnect device [ 204.797368][ T6032] vhci_hcd: vhci_device speed not set [ 204.934641][ T7605] trusted_key: syz.4.517 sent an empty control message without MSG_MORE. [ 205.190386][ T7613] netlink: 'syz.1.518': attribute type 27 has an invalid length. [ 206.398773][ T7619] futex_wake_op: syz.4.519 tries to shift op by -33; fix this program [ 206.807740][ T7616] 8021q: adding VLAN 0 to HW filter on device bond0 [ 206.833602][ T7616] 8021q: adding VLAN 0 to HW filter on device team0 [ 206.899770][ T7616] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 206.919633][ T7624] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 206.986465][ T7619] netdevsim netdevsim4: Direct firmware load for . [ 206.986465][ T7619] failed with error -2 [ 207.033376][ T7619] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 207.033376][ T7619] [ 207.834052][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 207.834073][ T30] audit: type=1326 audit(1748891601.373:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 207.963601][ T30] audit: type=1326 audit(1748891601.373:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 208.242955][ T7644] __nla_validate_parse: 2 callbacks suppressed [ 208.242969][ T7644] netlink: 632 bytes leftover after parsing attributes in process `syz.1.529'. [ 208.273929][ T30] audit: type=1326 audit(1748891601.373:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 208.330382][ T30] audit: type=1326 audit(1748891601.373:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 208.412204][ T7646] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 208.418803][ T7646] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 208.432798][ T7646] vhci_hcd vhci_hcd.0: Device attached [ 208.447937][ T7646] netlink: 161716 bytes leftover after parsing attributes in process `syz.2.530'. [ 208.460451][ T7646] netlink: zone id is out of range [ 208.467913][ T7646] netlink: zone id is out of range [ 208.479943][ T7646] netlink: zone id is out of range [ 208.485998][ T7646] netlink: zone id is out of range [ 208.510708][ T30] audit: type=1326 audit(1748891601.373:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 208.513791][ T7647] vhci_hcd: connection closed [ 208.673614][ T59] vhci_hcd: stop threads [ 208.688141][ T59] vhci_hcd: release socket [ 208.706772][ T59] vhci_hcd: disconnect device [ 208.734616][ T5885] usb 37-1: new low-speed USB device number 6 using vhci_hcd [ 208.751051][ T5885] usb 37-1: enqueue for inactive port 0 [ 208.763770][ T30] audit: type=1326 audit(1748891601.373:162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 208.813433][ T30] audit: type=1326 audit(1748891601.373:163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 208.883465][ T5885] vhci_hcd: vhci_device speed not set [ 208.911250][ T30] audit: type=1326 audit(1748891601.373:164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f727318e9a3 code=0x7ffc0000 [ 209.023543][ T30] audit: type=1326 audit(1748891601.373:165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f727318e9a3 code=0x7ffc0000 [ 209.093869][ T7654] netlink: 8 bytes leftover after parsing attributes in process `syz.0.534'. [ 209.102735][ T7654] netlink: 8 bytes leftover after parsing attributes in process `syz.0.534'. [ 209.164384][ T30] audit: type=1326 audit(1748891601.413:166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7635 comm="syz.0.527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 209.249443][ T7660] netlink: 232 bytes leftover after parsing attributes in process `syz.2.536'. [ 209.942597][ T7683] netlink: 4 bytes leftover after parsing attributes in process `syz.0.545'. [ 209.953076][ T7683] net_ratelimit: 1 callbacks suppressed [ 209.953131][ T7683] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 210.053694][ T10] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 210.227399][ T10] usb 4-1: config 0 has no interfaces? [ 210.242521][ T10] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 210.267214][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.284887][ T7686] vlan2: entered promiscuous mode [ 210.300329][ T10] usb 4-1: Product: syz [ 210.309120][ T10] usb 4-1: Manufacturer: syz [ 210.331945][ T10] usb 4-1: SerialNumber: syz [ 210.362105][ T10] usb 4-1: config 0 descriptor?? [ 210.607804][ T7696] netlink: 'syz.0.547': attribute type 1 has an invalid length. [ 210.685963][ T7677] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 210.717899][ T7677] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 210.785014][ T7698] netlink: 'syz.0.547': attribute type 10 has an invalid length. [ 210.786133][ T7696] bond3: entered promiscuous mode [ 210.922340][ T7696] 8021q: adding VLAN 0 to HW filter on device bond3 [ 211.714217][ T7709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.552'. [ 211.723899][ T7709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.552'. [ 211.744891][ T7709] netlink: 4 bytes leftover after parsing attributes in process `syz.2.552'. [ 212.084094][ T7684] Bluetooth: hci0: command 0x0406 tx timeout [ 212.084825][ T5838] Bluetooth: hci1: command 0x0406 tx timeout [ 212.090807][ T7684] Bluetooth: hci2: command 0x0406 tx timeout [ 212.102527][ T7684] Bluetooth: hci4: command 0x0406 tx timeout [ 212.102998][ T5838] Bluetooth: hci3: command 0x0406 tx timeout [ 212.640398][ T5885] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 212.933428][ T5885] usb 2-1: Using ep0 maxpacket: 16 [ 213.059922][ T7721] dlm: plock device version mismatch: kernel (1.2.0), user (1.512.0) [ 213.123925][ T5885] usb 2-1: New USB device found, idVendor=06be, idProduct=a232, bcdDevice=33.f3 [ 213.133418][ T5885] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.151488][ T5885] usb 2-1: Product: syz [ 213.157455][ T5885] usb 2-1: Manufacturer: syz [ 213.162112][ T5885] usb 2-1: SerialNumber: syz [ 213.177877][ T5885] usb 2-1: config 0 descriptor?? [ 213.276048][ T10] usb 4-1: USB disconnect, device number 19 [ 213.373471][ T6032] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 213.553397][ T6032] usb 1-1: Using ep0 maxpacket: 32 [ 213.572928][ T6032] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 213.619292][ T6032] usb 1-1: New USB device found, idVendor=05e1, idProduct=0408, bcdDevice=25.11 [ 213.628828][ T6032] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.640131][ T6032] usb 1-1: Product: syz [ 213.750143][ T6032] usb 1-1: Manufacturer: syz [ 213.757843][ T6032] usb 1-1: SerialNumber: syz [ 213.780446][ T6032] usb 1-1: config 0 descriptor?? [ 213.813575][ T6032] usb 1-1: no audio or video endpoints found [ 213.997320][ T5882] usb 1-1: USB disconnect, device number 13 [ 214.024353][ T5885] dvb_usb_dtv5100 2-1:0.0: probe with driver dvb_usb_dtv5100 failed with error -110 [ 214.087235][ T7733] netlink: 12 bytes leftover after parsing attributes in process `syz.4.561'. [ 214.105596][ T7733] netlink: 36 bytes leftover after parsing attributes in process `syz.4.561'. [ 214.143392][ T7240] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 214.220380][ T7733] vlan2: entered allmulticast mode [ 214.335326][ T7240] usb 4-1: Using ep0 maxpacket: 32 [ 214.345747][ T7240] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 214.371134][ T7240] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.401386][ T7240] usb 4-1: config 0 descriptor?? [ 214.554409][ T7738] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 214.561005][ T7738] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 214.588700][ T7738] vhci_hcd vhci_hcd.0: Device attached [ 214.614439][ T7738] netlink: 161716 bytes leftover after parsing attributes in process `syz.4.563'. [ 214.651530][ T7738] netlink: zone id is out of range [ 214.658607][ T7240] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 214.669685][ T7738] netlink: zone id is out of range [ 214.729078][ T7738] netlink: zone id is out of range [ 214.739816][ T7738] netlink: zone id is out of range [ 214.745235][ T7738] netlink: zone id is out of range [ 214.766828][ T7240] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 214.796870][ T7740] vhci_hcd: connection closed [ 214.797342][ T3002] vhci_hcd: stop threads [ 214.826934][ T7240] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 214.831875][ T3002] vhci_hcd: release socket [ 214.843431][ T6003] usb 41-1: new low-speed USB device number 6 using vhci_hcd [ 214.861700][ T3002] vhci_hcd: disconnect device [ 214.870229][ T7731] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 214.883231][ T7731] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 214.901541][ T7240] usb 4-1: media controller created [ 214.983588][ T7751] tipc: Invalid UDP bearer configuration [ 214.983654][ T7751] tipc: Enabling of bearer rejected, failed to enable media [ 215.008624][ T7240] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 215.255328][ T7753] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 215.271450][ T7753] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 215.633181][ T7240] az6027: usb out operation failed. (-71) [ 215.656848][ T7240] stb0899_attach: Driver disabled by Kconfig [ 215.738227][ T7240] az6027: no front-end attached [ 215.738227][ T7240] [ 215.751101][ T7240] az6027: usb out operation failed. (-71) [ 215.757847][ T7240] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 215.772624][ T7240] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.3/usb4/4-1/input/input13 [ 215.822374][ T7240] dvb-usb: schedule remote query interval to 400 msecs. [ 215.830086][ T7240] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 215.846672][ T7240] usb 4-1: USB disconnect, device number 20 [ 215.967463][ T7240] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 216.279035][ T7240] usb 2-1: USB disconnect, device number 12 [ 216.315450][ T7763] vlan2: entered promiscuous mode [ 216.554129][ T7767] netlink: 'syz.3.572': attribute type 30 has an invalid length. [ 216.604236][ T7767] netlink: 32 bytes leftover after parsing attributes in process `syz.3.572'. [ 216.890296][ T7777] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 216.899277][ T7778] netlink: 12 bytes leftover after parsing attributes in process `syz.2.575'. [ 216.937472][ T7777] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 216.982318][ T7784] FAULT_INJECTION: forcing a failure. [ 216.982318][ T7784] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 216.982367][ T7784] CPU: 1 UID: 0 PID: 7784 Comm: syz.0.577 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 216.982390][ T7784] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 216.982401][ T7784] Call Trace: [ 216.982409][ T7784] [ 216.982417][ T7784] dump_stack_lvl+0x189/0x250 [ 216.982451][ T7784] ? __pfx____ratelimit+0x10/0x10 [ 216.982476][ T7784] ? __pfx_dump_stack_lvl+0x10/0x10 [ 216.982503][ T7784] ? __pfx__printk+0x10/0x10 [ 216.982524][ T7784] ? __might_fault+0xb0/0x130 [ 216.982563][ T7784] should_fail_ex+0x414/0x560 [ 216.982597][ T7784] _copy_from_user+0x2d/0xb0 [ 216.982618][ T7784] ___sys_sendmsg+0x158/0x2a0 [ 216.982641][ T7784] ? __pfx____sys_sendmsg+0x10/0x10 [ 216.982710][ T7784] ? __might_fault+0xb0/0x130 [ 216.982739][ T7784] __sys_sendmmsg+0x227/0x430 [ 216.982764][ T7784] ? __pfx___sys_sendmmsg+0x10/0x10 [ 216.982780][ T7784] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 216.982833][ T7784] ? ksys_write+0x22a/0x250 [ 216.982861][ T7784] ? __pfx_ksys_write+0x10/0x10 [ 216.982883][ T7784] ? rcu_is_watching+0x15/0xb0 [ 216.982915][ T7784] __x64_sys_sendmmsg+0xa0/0xc0 [ 216.982936][ T7784] do_syscall_64+0xfa/0x3b0 [ 216.982958][ T7784] ? lockdep_hardirqs_on+0x9c/0x150 [ 216.982980][ T7784] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.982999][ T7784] ? clear_bhb_loop+0x60/0xb0 [ 216.983021][ T7784] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 216.983039][ T7784] RIP: 0033:0x7f727318e969 [ 216.983056][ T7784] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 216.983072][ T7784] RSP: 002b:00007f727401f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 216.983094][ T7784] RAX: ffffffffffffffda RBX: 00007f72733b5fa0 RCX: 00007f727318e969 [ 216.983108][ T7784] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003 [ 216.983121][ T7784] RBP: 00007f727401f090 R08: 0000000000000000 R09: 0000000000000000 [ 216.983132][ T7784] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 216.983143][ T7784] R13: 0000000000000000 R14: 00007f72733b5fa0 R15: 00007f72734dfa28 [ 216.983174][ T7784] [ 217.027342][ T7786] loop6: detected capacity change from 0 to 524287999 [ 217.028056][ T7786] buffer_io_error: 23 callbacks suppressed [ 217.028070][ T7786] Buffer I/O error on dev loop6, logical block 0, async page read [ 217.028215][ T7786] Buffer I/O error on dev loop6, logical block 0, async page read [ 217.028324][ T7786] Buffer I/O error on dev loop6, logical block 0, async page read [ 217.028449][ T7786] Buffer I/O error on dev loop6, logical block 0, async page read [ 217.028561][ T7786] Buffer I/O error on dev loop6, logical block 0, async page read [ 217.028698][ T7786] Buffer I/O error on dev loop6, logical block 0, async page read [ 217.028830][ T7786] Buffer I/O error on dev loop6, logical block 0, async page read [ 217.028941][ T7786] Buffer I/O error on dev loop6, logical block 0, async page read [ 217.029016][ T7786] ldm_validate_partition_table(): Disk read failed. [ 217.029065][ T7786] Buffer I/O error on dev loop6, logical block 0, async page read [ 217.029172][ T7786] Buffer I/O error on dev loop6, logical block 0, async page read [ 217.029452][ T7786] Dev loop6: unable to read RDB block 0 [ 217.029941][ T7786] loop6: unable to read partition table [ 217.030190][ T7786] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 217.055326][ T7240] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 217.137531][ T7788] fuse: Bad value for 'user_id' [ 217.137547][ T7788] fuse: Bad value for 'user_id' [ 217.284911][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 217.284930][ T30] audit: type=1326 audit(1748891610.833:176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7791 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 217.291266][ T7790] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(6) [ 217.291314][ T7790] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 217.292230][ T30] audit: type=1326 audit(1748891610.833:177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7791 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 217.297178][ T30] audit: type=1326 audit(1748891610.843:178): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7791 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 217.297215][ T30] audit: type=1326 audit(1748891610.843:179): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7791 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 217.297239][ T30] audit: type=1326 audit(1748891610.843:180): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7791 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 217.297878][ T30] audit: type=1326 audit(1748891610.843:181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7791 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 217.298011][ T30] audit: type=1326 audit(1748891610.843:182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7791 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 217.298085][ T7790] vhci_hcd vhci_hcd.0: Device attached [ 217.298740][ T30] audit: type=1326 audit(1748891610.843:183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7791 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc8e418e9a3 code=0x7ffc0000 [ 217.310581][ T30] audit: type=1326 audit(1748891610.853:184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7791 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc8e418e9a3 code=0x7ffc0000 [ 217.310637][ T30] audit: type=1326 audit(1748891610.853:185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7791 comm="syz.2.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc8e418e969 code=0x7ffc0000 [ 217.337272][ T7790] netlink: 161716 bytes leftover after parsing attributes in process `syz.0.580'. [ 217.337330][ T7790] netlink: zone id is out of range [ 217.337342][ T7790] netlink: zone id is out of range [ 217.337351][ T7790] netlink: zone id is out of range [ 217.337360][ T7790] netlink: zone id is out of range [ 217.337370][ T7790] netlink: zone id is out of range [ 217.349679][ T7792] vhci_hcd: connection closed [ 217.350961][ T1162] vhci_hcd: stop threads [ 217.350986][ T1162] vhci_hcd: release socket [ 217.351003][ T1162] vhci_hcd: disconnect device [ 217.490884][ C1] vkms_vblank_simulate: vblank timer overrun [ 217.796458][ T5203] ldm_validate_partition_table(): Disk read failed. [ 217.796720][ T5203] Dev loop6: unable to read RDB block 0 [ 217.797048][ T5203] loop6: unable to read partition table [ 218.901674][ T7810] netlink: 4 bytes leftover after parsing attributes in process `syz.0.586'. [ 218.901738][ T7810] netlink: 4 bytes leftover after parsing attributes in process `syz.0.586'. [ 218.901813][ T7810] netlink: 4 bytes leftover after parsing attributes in process `syz.0.586'. [ 219.025700][ C1] vkms_vblank_simulate: vblank timer overrun [ 219.056981][ C1] vkms_vblank_simulate: vblank timer overrun [ 219.668399][ T5882] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 219.840945][ T5882] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 219.841130][ T5882] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.005900][ T6003] vhci_hcd: vhci_device speed not set [ 220.439929][ T5882] usb 2-1: config 0 descriptor?? [ 220.646674][ T7813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.646968][ T7813] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 221.243678][ T6003] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 221.278607][ T7825] binder: 7824:7825 ioctl c0306201 0 returned -14 [ 221.325614][ T7825] netlink: 'syz.4.590': attribute type 10 has an invalid length. [ 221.344948][ T7825] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 221.431670][ T6003] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 221.482638][ T6003] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 221.498642][ T5882] usb 2-1: Cannot set autoneg [ 221.531598][ T6003] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 221.531873][ T5882] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -32 [ 221.585515][ T6003] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 221.595514][ T6003] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 221.623065][ T6003] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 221.638554][ T5882] usb 2-1: USB disconnect, device number 13 [ 221.645615][ T6003] usb 4-1: invalid MIDI out EP 0 [ 221.807518][ T5878] udevd[5878]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 221.848138][ T7822] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 221.863043][ T7822] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 221.892912][ T6003] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 221.931744][ T7834] netlink: 12 bytes leftover after parsing attributes in process `syz.0.593'. [ 222.081962][ T7834] 8021q: adding VLAN 0 to HW filter on device bond4 [ 222.180211][ T7837] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 222.186769][ T7837] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 222.203699][ T7837] vhci_hcd vhci_hcd.0: Device attached [ 222.240984][ T7837] netlink: 161716 bytes leftover after parsing attributes in process `syz.1.594'. [ 222.385579][ T7837] netlink: zone id is out of range [ 222.391051][ T7837] netlink: zone id is out of range [ 222.398957][ T7837] netlink: zone id is out of range [ 222.405589][ T7837] netlink: zone id is out of range [ 222.421589][ T7837] netlink: zone id is out of range [ 222.453535][ T7240] usb 35-1: new low-speed USB device number 3 using vhci_hcd [ 222.465335][ T7838] vhci_hcd: connection closed [ 222.467520][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 222.467539][ T30] audit: type=1326 audit(1748891616.013:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7840 comm="syz.0.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 222.501345][ T3024] vhci_hcd: stop threads [ 222.506571][ T3024] vhci_hcd: release socket [ 222.512239][ T3024] vhci_hcd: disconnect device [ 222.552252][ T30] audit: type=1326 audit(1748891616.013:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7840 comm="syz.0.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 222.583392][ T5882] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 222.743408][ T5882] usb 3-1: Using ep0 maxpacket: 8 [ 222.750810][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 222.763870][ T5882] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 57402, setting to 1024 [ 222.779967][ T5882] usb 3-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 222.797527][ T5882] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 222.819604][ T5882] usb 3-1: config 0 descriptor?? [ 222.883775][ T5885] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 223.036286][ T5885] usb 5-1: config 0 has an invalid interface number: 197 but max is 0 [ 223.063531][ T5885] usb 5-1: config 0 has no interface number 0 [ 223.069905][ T5885] usb 5-1: config 0 interface 197 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 8 [ 223.090079][ T5882] iowarrior 3-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 223.142673][ T5885] usb 5-1: config 0 interface 197 altsetting 0 endpoint 0xC has invalid maxpacket 1023, setting to 64 [ 223.190709][ T5885] usb 5-1: config 0 interface 197 altsetting 0 bulk endpoint 0x87 has invalid maxpacket 1024 [ 223.218236][ T5885] usb 5-1: New USB device found, idVendor=03f0, idProduct=581d, bcdDevice=bb.42 [ 223.253675][ T5882] usb 3-1: USB disconnect, device number 19 [ 223.272014][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 223.308467][ T5885] usb 5-1: Product: syz [ 223.316324][ T5885] usb 5-1: Manufacturer: syz [ 223.331442][ T5885] usb 5-1: SerialNumber: syz [ 223.344207][ T5885] usb 5-1: config 0 descriptor?? [ 223.353858][ T7847] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 223.362524][ T7847] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 225.037724][ T5882] usb 4-1: USB disconnect, device number 21 [ 225.168595][ T7861] xt_bpf: check failed: parse error [ 225.189734][ T7822] delete_channel: no stack [ 225.577813][ T5885] qmi_wwan 5-1:0.197: probe with driver qmi_wwan failed with error -71 [ 225.624173][ T5885] usb 5-1: USB disconnect, device number 16 [ 225.883525][ T6003] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 225.940362][ T30] audit: type=1326 audit(1748891619.483:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.0.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 225.962269][ T10] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 225.962746][ T30] audit: type=1326 audit(1748891619.493:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.0.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 225.992742][ T30] audit: type=1326 audit(1748891619.493:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.0.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 226.015223][ T30] audit: type=1326 audit(1748891619.503:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.0.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 226.037842][ T30] audit: type=1326 audit(1748891619.503:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.0.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 226.072062][ T30] audit: type=1326 audit(1748891619.503:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.0.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 226.097663][ T6003] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 226.121252][ T6003] usb 4-1: New USB device found, idVendor=041e, idProduct=400c, bcdDevice=af.98 [ 226.135079][ T30] audit: type=1326 audit(1748891619.503:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.0.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 226.185435][ T30] audit: type=1326 audit(1748891619.503:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7875 comm="syz.0.608" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 226.193439][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 226.231932][ T6003] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.371744][ T6003] usb 4-1: config 0 descriptor?? [ 226.398797][ T10] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 226.468656][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.510131][ T10] usb 3-1: Product: syz [ 226.524375][ T10] usb 3-1: Manufacturer: syz [ 226.541970][ T10] usb 3-1: SerialNumber: syz [ 226.542316][ T7880] netlink: 12 bytes leftover after parsing attributes in process `syz.1.609'. [ 226.559787][ T7880] netlink: 36 bytes leftover after parsing attributes in process `syz.1.609'. [ 226.575639][ T7880] vlan2: entered allmulticast mode [ 226.581162][ T7880] macvtap0: entered allmulticast mode [ 226.602925][ T10] r8152-cfgselector 3-1: Unknown version 0x0000 [ 226.615943][ T7866] netlink: 4 bytes leftover after parsing attributes in process `syz.3.603'. [ 226.631325][ T7866] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 226.640368][ T7866] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 226.649178][ T7866] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 226.658204][ T7866] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 226.667031][ T10] r8152-cfgselector 3-1: config 0 descriptor?? [ 226.731539][ T7866] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 226.740691][ T7866] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 226.749842][ T7866] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 226.758939][ T7866] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 227.354202][ T5885] usb 2-1: new low-speed USB device number 14 using dummy_hcd [ 227.533479][ T5885] usb 2-1: Invalid ep0 maxpacket: 16 [ 227.573429][ T7240] vhci_hcd: vhci_device speed not set [ 227.633412][ T10] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 227.663373][ T5885] usb 2-1: new low-speed USB device number 15 using dummy_hcd [ 227.793378][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 227.802008][ T10] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 227.822354][ T10] usb 1-1: config 0 has no interface number 0 [ 227.833348][ T5885] usb 2-1: Invalid ep0 maxpacket: 16 [ 227.841716][ T5885] usb usb2-port1: attempt power cycle [ 227.842047][ T10] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 227.876706][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.889441][ T10] usb 1-1: Product: syz [ 227.898583][ T10] usb 1-1: Manufacturer: syz [ 227.916803][ T10] usb 1-1: SerialNumber: syz [ 227.943044][ T10] usb 1-1: config 0 descriptor?? [ 227.961807][ T10] smsc95xx v2.0.0 [ 227.967565][ T10] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 227.978516][ T10] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -22 [ 228.204180][ T5885] usb 2-1: new low-speed USB device number 16 using dummy_hcd [ 228.234216][ T5885] usb 2-1: Invalid ep0 maxpacket: 16 [ 228.373432][ T5885] usb 2-1: new low-speed USB device number 17 using dummy_hcd [ 228.396430][ T6003] usb 4-1: USB disconnect, device number 22 [ 228.404165][ T10] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 228.416640][ T5885] usb 2-1: Invalid ep0 maxpacket: 16 [ 228.440365][ T5885] usb usb2-port1: unable to enumerate USB device [ 228.485460][ T6035] usb 1-1: USB disconnect, device number 14 [ 228.573703][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 228.580852][ T10] usb 5-1: config 253 has an invalid interface number: 184 but max is 0 [ 228.590101][ T10] usb 5-1: config 253 has no interface number 0 [ 228.596834][ T10] usb 5-1: config 253 interface 184 has no altsetting 0 [ 228.606170][ T10] usb 5-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.00 [ 228.615704][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.624227][ T10] usb 5-1: Product: syz [ 228.628598][ T10] usb 5-1: Manufacturer: syz [ 228.633243][ T10] usb 5-1: SerialNumber: syz [ 228.658079][ T10] go7007 5-1:253.184: probe with driver go7007 failed with error -12 [ 228.766571][ T5885] r8152-cfgselector 3-1: USB disconnect, device number 20 [ 228.870000][ T10] usb 5-1: USB disconnect, device number 17 [ 228.999862][ T7912] netlink: 232 bytes leftover after parsing attributes in process `syz.2.620'. [ 229.226860][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 229.226874][ T30] audit: type=1326 audit(1748891622.773:236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7915 comm="syz.0.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 229.298976][ T30] audit: type=1326 audit(1748891622.803:237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7915 comm="syz.0.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 229.361972][ T30] audit: type=1326 audit(1748891622.813:238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7915 comm="syz.0.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 229.455858][ T30] audit: type=1326 audit(1748891622.813:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7915 comm="syz.0.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 229.478580][ T30] audit: type=1326 audit(1748891622.833:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7915 comm="syz.0.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 229.503669][ T30] audit: type=1326 audit(1748891622.833:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7915 comm="syz.0.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 229.511641][ T7919] dummy0: entered promiscuous mode [ 229.553764][ T30] audit: type=1326 audit(1748891622.833:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7915 comm="syz.0.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 229.585745][ T7919] macsec1: entered promiscuous mode [ 229.597968][ T7919] macsec1: entered allmulticast mode [ 229.604030][ T7919] dummy0: entered allmulticast mode [ 229.613643][ T30] audit: type=1326 audit(1748891622.833:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7915 comm="syz.0.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f727318e969 code=0x7ffc0000 [ 229.636205][ T30] audit: type=1326 audit(1748891622.833:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7915 comm="syz.0.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f727318e9a3 code=0x7ffc0000 [ 229.658690][ T30] audit: type=1326 audit(1748891622.833:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7915 comm="syz.0.622" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f727318e9a3 code=0x7ffc0000 [ 229.683923][ T7919] dummy0: left allmulticast mode [ 229.694301][ T7919] dummy0: left promiscuous mode [ 230.846018][ T7942] netlink: 12 bytes leftover after parsing attributes in process `syz.3.632'. [ 230.930556][ T7942] 8021q: adding VLAN 0 to HW filter on device bond5 [ 230.975403][ T7946] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 231.091835][ T7949] netlink: 12 bytes leftover after parsing attributes in process `syz.0.634'. [ 231.156572][ T7949] netlink: 36 bytes leftover after parsing attributes in process `syz.0.634'. [ 231.237021][ T7949] vlan2: entered allmulticast mode [ 232.043573][ T5885] usb 5-1: new full-speed USB device number 18 using dummy_hcd [ 232.353330][ T7964] netlink: 'syz.0.637': attribute type 27 has an invalid length. [ 232.384108][ T5885] usb 5-1: config 1 has an invalid interface number: 1 but max is 0 [ 232.416234][ T5885] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 1 [ 232.471551][ T5885] usb 5-1: config 1 interface 0 altsetting 253 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 232.512147][ T5885] usb 5-1: too many endpoints for config 1 interface 1 altsetting 11: 225, using maximum allowed: 30 [ 232.542689][ T5885] usb 5-1: config 1 interface 1 altsetting 11 has 0 endpoint descriptors, different from the interface descriptor's value: 225 [ 232.590243][ T5885] usb 5-1: config 1 interface 0 has no altsetting 0 [ 232.633901][ T5885] usb 5-1: config 1 interface 1 has no altsetting 0 [ 232.696547][ T7970] fuse: Bad value for 'user_id' [ 232.707852][ T7970] fuse: Bad value for 'user_id' [ 232.753669][ T5885] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 232.785946][ T5885] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.803690][ T5885] usb 5-1: Product: syz [ 232.813585][ T5885] usb 5-1: Manufacturer: syz [ 232.823635][ T5885] usb 5-1: SerialNumber: syz [ 233.277898][ T7964] bond3: left promiscuous mode [ 234.010224][ T7969] 8021q: adding VLAN 0 to HW filter on device bond0 [ 234.049542][ T7969] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.148797][ T7969] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 234.415592][ T5885] usb 5-1: USB disconnect, device number 18 [ 235.153706][ T7240] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 235.317042][ T7240] usb 4-1: Using ep0 maxpacket: 8 [ 235.346807][ T7240] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 235.359648][ T7240] usb 4-1: can't read configurations, error -22 [ 235.513374][ T7240] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 235.516798][ T7996] netlink: 632 bytes leftover after parsing attributes in process `syz.0.649'. [ 235.588526][ T7997] netlink: 12 bytes leftover after parsing attributes in process `syz.4.647'. [ 235.688623][ T7240] usb 4-1: Using ep0 maxpacket: 8 [ 235.725459][ T7240] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 235.742462][ T7240] usb 4-1: can't read configurations, error -22 [ 235.761541][ T7240] usb usb4-port1: attempt power cycle [ 235.892029][ T8006] netlink: 12 bytes leftover after parsing attributes in process `syz.2.652'. [ 235.913725][ T8006] bridge_slave_1: left allmulticast mode [ 235.919686][ T8006] bridge_slave_1: left promiscuous mode [ 235.936440][ T8006] bridge0: port 2(bridge_slave_1) entered disabled state [ 235.995729][ T8006] bridge_slave_0: left allmulticast mode [ 236.010096][ T8006] bridge_slave_0: left promiscuous mode [ 236.018658][ T8006] bridge0: port 1(bridge_slave_0) entered disabled state [ 236.103754][ T7240] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 236.161099][ T7240] usb 4-1: Using ep0 maxpacket: 8 [ 236.172771][ T7240] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 236.201719][ T7240] usb 4-1: can't read configurations, error -22 [ 236.373588][ T7240] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 236.436110][ T7240] usb 4-1: Using ep0 maxpacket: 8 [ 236.444320][ T7240] usb 4-1: config index 0 descriptor too short (expected 9, got 0) [ 236.453114][ T7240] usb 4-1: can't read configurations, error -22 [ 236.473209][ T7240] usb usb4-port1: unable to enumerate USB device [ 238.009469][ T8029] FAULT_INJECTION: forcing a failure. [ 238.009469][ T8029] name failslab, interval 1, probability 0, space 0, times 0 [ 238.037314][ T8029] CPU: 0 UID: 0 PID: 8029 Comm: syz.0.658 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 238.037344][ T8029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 238.037356][ T8029] Call Trace: [ 238.037364][ T8029] [ 238.037372][ T8029] dump_stack_lvl+0x189/0x250 [ 238.037407][ T8029] ? __pfx____ratelimit+0x10/0x10 [ 238.037432][ T8029] ? __pfx_dump_stack_lvl+0x10/0x10 [ 238.037470][ T8029] ? __pfx__printk+0x10/0x10 [ 238.037495][ T8029] ? __pfx___might_resched+0x10/0x10 [ 238.037519][ T8029] ? fs_reclaim_acquire+0x7d/0x100 [ 238.037547][ T8029] should_fail_ex+0x414/0x560 [ 238.037579][ T8029] should_failslab+0xa8/0x100 [ 238.037609][ T8029] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 238.037638][ T8029] ? __alloc_skb+0x112/0x2d0 [ 238.037671][ T8029] __alloc_skb+0x112/0x2d0 [ 238.037703][ T8029] alloc_skb_with_frags+0xca/0x890 [ 238.037737][ T8029] sock_alloc_send_pskb+0x857/0x990 [ 238.037782][ T8029] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 238.037816][ T8029] ? bpf_lsm_socket_getpeersec_dgram+0x9/0x20 [ 238.037845][ T8029] unix_dgram_sendmsg+0x4f6/0x1870 [ 238.037867][ T8029] ? __lock_acquire+0xab9/0xd20 [ 238.037905][ T8029] ? aa_sk_perm+0x81e/0x950 [ 238.037932][ T8029] ? __lock_acquire+0xab9/0xd20 [ 238.037954][ T8029] ? __pfx_unix_dgram_sendmsg+0x10/0x10 [ 238.037982][ T8029] ? aa_sock_msg_perm+0x94/0x160 [ 238.038017][ T8029] ? unix_seqpacket_sendmsg+0x111/0x1e0 [ 238.038038][ T8029] ? __pfx_unix_seqpacket_sendmsg+0x10/0x10 [ 238.038061][ T8029] __sock_sendmsg+0x219/0x270 [ 238.038089][ T8029] ____sys_sendmsg+0x52d/0x830 [ 238.038115][ T8029] ? __pfx_____sys_sendmsg+0x10/0x10 [ 238.038151][ T8029] ? import_iovec+0x74/0xa0 [ 238.038176][ T8029] ___sys_sendmsg+0x21f/0x2a0 [ 238.038199][ T8029] ? __pfx____sys_sendmsg+0x10/0x10 [ 238.038264][ T8029] ? __might_fault+0xb0/0x130 [ 238.038293][ T8029] __sys_sendmmsg+0x227/0x430 [ 238.038319][ T8029] ? __pfx___sys_sendmmsg+0x10/0x10 [ 238.038335][ T8029] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 238.038387][ T8029] ? ksys_write+0x22a/0x250 [ 238.038414][ T8029] ? __pfx_ksys_write+0x10/0x10 [ 238.038434][ T8029] ? rcu_is_watching+0x15/0xb0 [ 238.038474][ T8029] __x64_sys_sendmmsg+0xa0/0xc0 [ 238.038495][ T8029] do_syscall_64+0xfa/0x3b0 [ 238.038516][ T8029] ? lockdep_hardirqs_on+0x9c/0x150 [ 238.038535][ T8029] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.038551][ T8029] ? clear_bhb_loop+0x60/0xb0 [ 238.038572][ T8029] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 238.038587][ T8029] RIP: 0033:0x7f727318e969 [ 238.038604][ T8029] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 238.038620][ T8029] RSP: 002b:00007f727401f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 238.038638][ T8029] RAX: ffffffffffffffda RBX: 00007f72733b5fa0 RCX: 00007f727318e969 [ 238.038650][ T8029] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003 [ 238.038662][ T8029] RBP: 00007f727401f090 R08: 0000000000000000 R09: 0000000000000000 [ 238.038672][ T8029] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 238.038684][ T8029] R13: 0000000000000000 R14: 00007f72733b5fa0 R15: 00007f72734dfa28 [ 238.038712][ T8029] [ 238.937573][ T8046] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 239.033851][ T7240] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 239.188886][ T7240] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 239.222485][ T7240] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 239.297799][ T7240] usb 4-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 239.326321][ T7240] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 239.405415][ T7240] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.473739][ T7240] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 239.494912][ T7240] usb 4-1: invalid MIDI out EP 0 [ 239.623102][ T5984] udevd[5984]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 239.662270][ T7240] snd-usb-audio 4-1:27.0: probe with driver snd-usb-audio failed with error -22 [ 242.091558][ T10] usb 4-1: USB disconnect, device number 27 [ 242.380206][ T8099] netlink: 232 bytes leftover after parsing attributes in process `syz.1.683'. [ 242.598820][ T8033] delete_channel: no stack [ 242.633373][ T6035] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 242.785729][ T8108] Cannot find map_set index 0 as target [ 242.852314][ T6035] usb 5-1: config 0 has no interfaces? [ 243.056161][ T6035] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 243.065837][ T6035] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.090042][ T6035] usb 5-1: Product: syz [ 243.105671][ T6035] usb 5-1: Manufacturer: syz [ 243.110337][ T6035] usb 5-1: SerialNumber: syz [ 243.122488][ T6035] usb 5-1: config 0 descriptor?? [ 243.537075][ T8121] FAULT_INJECTION: forcing a failure. [ 243.537075][ T8121] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.626840][ T8121] CPU: 1 UID: 0 PID: 8121 Comm: syz.2.689 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 243.626871][ T8121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 243.626881][ T8121] Call Trace: [ 243.626889][ T8121] [ 243.626898][ T8121] dump_stack_lvl+0x189/0x250 [ 243.626932][ T8121] ? __pfx____ratelimit+0x10/0x10 [ 243.626961][ T8121] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.626989][ T8121] ? __pfx__printk+0x10/0x10 [ 243.627010][ T8121] ? __might_fault+0xb0/0x130 [ 243.627048][ T8121] should_fail_ex+0x414/0x560 [ 243.627078][ T8121] _copy_from_user+0x2d/0xb0 [ 243.627099][ T8121] ___sys_recvmsg+0x12e/0x510 [ 243.627136][ T8121] ? __pfx____sys_recvmsg+0x10/0x10 [ 243.627191][ T8121] ? __might_fault+0xb0/0x130 [ 243.627220][ T8121] do_recvmmsg+0x307/0x770 [ 243.627250][ T8121] ? __pfx_do_recvmmsg+0x10/0x10 [ 243.627284][ T8121] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 243.627328][ T8121] __x64_sys_recvmmsg+0x190/0x240 [ 243.627353][ T8121] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 243.627371][ T8121] ? rcu_is_watching+0x15/0xb0 [ 243.627400][ T8121] ? do_syscall_64+0xbe/0x3b0 [ 243.627428][ T8121] do_syscall_64+0xfa/0x3b0 [ 243.627451][ T8121] ? lockdep_hardirqs_on+0x9c/0x150 [ 243.627472][ T8121] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.627489][ T8121] ? clear_bhb_loop+0x60/0xb0 [ 243.627512][ T8121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.627529][ T8121] RIP: 0033:0x7fc8e418e969 [ 243.627546][ T8121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.627562][ T8121] RSP: 002b:00007fc8e5086038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 243.627583][ T8121] RAX: ffffffffffffffda RBX: 00007fc8e43b5fa0 RCX: 00007fc8e418e969 [ 243.627597][ T8121] RDX: 015cbc1ab4c0933f RSI: 0000200000001980 RDI: 0000000000000004 [ 243.627609][ T8121] RBP: 00007fc8e5086090 R08: 0000000000000000 R09: 0000000000000000 [ 243.627620][ T8121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 243.627631][ T8121] R13: 0000000000000000 R14: 00007fc8e43b5fa0 R15: 00007fc8e44dfa28 [ 243.627662][ T8121] [ 243.847478][ C1] vkms_vblank_simulate: vblank timer overrun [ 244.871128][ T8133] netlink: 5 bytes leftover after parsing attributes in process `syz.0.693'. [ 244.888860][ T8135] netlink: 12 bytes leftover after parsing attributes in process `syz.3.694'. [ 245.031951][ T8133] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 245.063544][ T6035] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 245.085402][ T5882] usb 5-1: USB disconnect, device number 19 [ 245.190693][ T8139] FAULT_INJECTION: forcing a failure. [ 245.190693][ T8139] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 245.204926][ T8139] CPU: 0 UID: 0 PID: 8139 Comm: syz.4.696 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 245.204953][ T8139] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 245.204964][ T8139] Call Trace: [ 245.204972][ T8139] [ 245.204980][ T8139] dump_stack_lvl+0x189/0x250 [ 245.205012][ T8139] ? __pfx____ratelimit+0x10/0x10 [ 245.205036][ T8139] ? __pfx_dump_stack_lvl+0x10/0x10 [ 245.205064][ T8139] ? __pfx__printk+0x10/0x10 [ 245.205102][ T8139] ? __might_fault+0xb0/0x130 [ 245.205140][ T8139] should_fail_ex+0x414/0x560 [ 245.205170][ T8139] _copy_from_user+0x2d/0xb0 [ 245.205192][ T8139] ___sys_sendmsg+0x158/0x2a0 [ 245.205214][ T8139] ? __pfx____sys_sendmsg+0x10/0x10 [ 245.205282][ T8139] ? __might_fault+0xb0/0x130 [ 245.205316][ T8139] __sys_sendmmsg+0x227/0x430 [ 245.205339][ T8139] ? __pfx___sys_sendmmsg+0x10/0x10 [ 245.205356][ T8139] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 245.205410][ T8139] ? ksys_write+0x22a/0x250 [ 245.205438][ T8139] ? __pfx_ksys_write+0x10/0x10 [ 245.205459][ T8139] ? rcu_is_watching+0x15/0xb0 [ 245.205490][ T8139] __x64_sys_sendmmsg+0xa0/0xc0 [ 245.205512][ T8139] do_syscall_64+0xfa/0x3b0 [ 245.205534][ T8139] ? lockdep_hardirqs_on+0x9c/0x150 [ 245.205556][ T8139] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.205573][ T8139] ? clear_bhb_loop+0x60/0xb0 [ 245.205596][ T8139] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 245.205612][ T8139] RIP: 0033:0x7fb9ac58e969 [ 245.205631][ T8139] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 245.205646][ T8139] RSP: 002b:00007fb9ad3a0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 245.205667][ T8139] RAX: ffffffffffffffda RBX: 00007fb9ac7b5fa0 RCX: 00007fb9ac58e969 [ 245.205681][ T8139] RDX: 0000000004000190 RSI: 0000200000000180 RDI: 0000000000000003 [ 245.205694][ T8139] RBP: 00007fb9ad3a0090 R08: 0000000000000000 R09: 0000000000000000 [ 245.205705][ T8139] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 245.205716][ T8139] R13: 0000000000000000 R14: 00007fb9ac7b5fa0 R15: 00007fb9ac8dfa28 [ 245.205747][ T8139] [ 245.396890][ T8135] 8021q: adding VLAN 0 to HW filter on device bond6 [ 245.444787][ T6035] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 245.455257][ T6035] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 245.475842][ T6035] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 245.490346][ T6035] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.498963][ T6035] usb 3-1: Product: syz [ 245.503237][ T6035] usb 3-1: Manufacturer: syz [ 245.513984][ T6035] usb 3-1: SerialNumber: syz [ 245.815986][ T8152] netlink: 12 bytes leftover after parsing attributes in process `syz.4.698'. [ 247.415197][ T8164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.703'. [ 247.463435][ T8164] netlink: 8 bytes leftover after parsing attributes in process `syz.0.703'. [ 247.497104][ T10] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 247.706645][ T10] usb 2-1: config 0 has an invalid interface number: 98 but max is 0 [ 247.757690][ T10] usb 2-1: config 0 has no interface number 0 [ 247.779583][ T10] usb 2-1: config 0 interface 98 has no altsetting 0 [ 247.818555][ T10] usb 2-1: New USB device found, idVendor=1110, idProduct=9024, bcdDevice=db.24 [ 247.866040][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.903238][ T10] usb 2-1: Product: syz [ 247.913401][ T10] usb 2-1: Manufacturer: syz [ 247.918827][ T10] usb 2-1: SerialNumber: syz [ 247.941643][ T10] usb 2-1: config 0 descriptor?? [ 247.973948][ T6035] usb 3-1: 0:2 : does not exist [ 248.017241][ T6035] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 248.094178][ T6035] usb 3-1: USB disconnect, device number 21 [ 248.209384][ T10] usb 2-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9024) Rev (0XDB24): Eagle II [ 248.431682][ T5985] udevd[5985]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 248.594592][ T8188] netlink: 32 bytes leftover after parsing attributes in process `syz.0.708'. [ 248.603873][ T8188] netlink: 48 bytes leftover after parsing attributes in process `syz.0.708'. [ 248.612885][ T8188] netlink: 48 bytes leftover after parsing attributes in process `syz.0.708'. [ 248.755113][ T10] usb 2-1: reset high-speed USB device number 18 using dummy_hcd [ 248.823570][ T6035] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 249.015246][ T6035] usb 5-1: Using ep0 maxpacket: 32 [ 249.027593][ T6035] usb 5-1: unable to get BOS descriptor or descriptor too short [ 249.041840][ T6035] usb 5-1: config 4 has an invalid interface number: 10 but max is 1 [ 249.060107][ T6035] usb 5-1: config 4 has an invalid interface number: 236 but max is 1 [ 249.459575][ T6035] usb 5-1: config 4 has no interface number 0 [ 249.472044][ T6035] usb 5-1: config 4 has no interface number 1 [ 249.483045][ T6035] usb 5-1: config 4 interface 10 altsetting 7 endpoint 0x9 has an invalid bInterval 250, changing to 7 [ 249.495903][ T6035] usb 5-1: config 4 interface 10 has no altsetting 0 [ 249.512537][ T6035] usb 5-1: config 4 interface 236 has no altsetting 0 [ 249.524079][ T6035] usb 5-1: New USB device found, idVendor=06e1, idProduct=a155, bcdDevice=b6.15 [ 249.540212][ T6035] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 249.566558][ T6035] usb 5-1: Product: syz [ 249.571367][ T10] usb 2-1: failed to restore interface 98 altsetting 4 (error=-71) [ 249.583567][ T5882] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 249.592002][ T10] usb 2-1: [ueagle-atm] pre-firmware device, uploading firmware [ 249.602713][ T6035] usb 5-1: Manufacturer: syz [ 249.612452][ T6035] usb 5-1: SerialNumber: syz [ 249.619240][ T10] usb 2-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw [ 249.629131][ T6003] usb 2-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2 [ 249.646252][ T6003] usb 2-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw [ 249.688347][ T8201] Cannot find map_set index 0 as target [ 249.690618][ T10] usb 2-1: USB disconnect, device number 18 [ 249.746038][ T6003] ------------[ cut here ]------------ [ 249.751787][ T6003] WARNING: CPU: 0 PID: 6003 at fs/kernfs/dir.c:537 kernfs_get+0x72/0x90 [ 249.760781][ T6003] Modules linked in: [ 249.765011][ T6003] CPU: 0 UID: 0 PID: 6003 Comm: kworker/0:8 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 249.777077][ T6003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 249.787361][ T6003] Workqueue: events request_firmware_work_func [ 249.793695][ T6003] RIP: 0010:kernfs_get+0x72/0x90 [ 249.798792][ T6003] Code: e8 03 ba 62 ff 48 89 df be 04 00 00 00 e8 56 46 c6 ff f0 ff 03 eb 05 e8 ec b9 62 ff 5b 5d c3 cc cc cc cc cc e8 df b9 62 ff 90 <0f> 0b 90 eb d6 89 d9 80 e1 07 80 c1 03 38 c1 7c b6 48 89 df e8 55 [ 249.818700][ T6003] RSP: 0018:ffffc9000b5c7620 EFLAGS: 00010293 [ 249.825276][ T6003] RAX: ffffffff825d8101 RBX: ffff8880604e91e0 RCX: ffff888027263c00 [ 249.833452][ T6003] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 249.841631][ T6003] RBP: 0000000000000000 R08: ffff8880604e91e3 R09: 1ffff1100c09d23c [ 249.849843][ T6003] R10: dffffc0000000000 R11: ffffed100c09d23d R12: ffff88804dbf8030 [ 249.858040][ T6003] R13: 1ffff11009b7f007 R14: ffff88804dbf8038 R15: 1ffff11009b7f006 [ 249.866333][ T6003] FS: 0000000000000000(0000) GS:ffff888125c5f000(0000) knlGS:0000000000000000 [ 249.875523][ T6003] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 249.882173][ T6003] CR2: 000000110c370f4a CR3: 0000000079634000 CR4: 00000000003526f0 [ 249.890441][ T6003] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 249.898535][ T6003] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 249.906783][ T6003] Call Trace: [ 249.910125][ T6003] [ 249.913113][ T6003] kobject_add_internal+0x632/0xb40 [ 249.918498][ T6003] kobject_add+0x155/0x220 [ 249.922974][ T6003] ? __pfx_kobject_add+0x10/0x10 [ 249.928129][ T6003] ? __pfx_kobject_add+0x10/0x10 [ 249.933100][ T6003] ? kobject_put+0x43f/0x480 [ 249.937992][ T6003] ? get_device_parent+0x366/0x3a0 [ 249.943222][ T6003] device_add+0x408/0xb50 [ 249.947697][ T6003] firmware_fallback_sysfs+0x2e4/0x9b0 [ 249.953191][ T6003] _request_firmware+0xf83/0x15b0 [ 249.958636][ T6003] ? __pfx__request_firmware+0x10/0x10 [ 249.964233][ T6003] ? process_scheduled_works+0x9ef/0x17b0 [ 249.970061][ T6003] request_firmware_work_func+0xaf/0x1c0 [ 249.975918][ T6003] ? process_scheduled_works+0x9ef/0x17b0 [ 249.981680][ T6003] process_scheduled_works+0xade/0x17b0 [ 249.987364][ T6003] ? __pfx_process_scheduled_works+0x10/0x10 [ 249.993514][ T6003] worker_thread+0x8a0/0xda0 [ 249.998228][ T6003] kthread+0x711/0x8a0 [ 250.002345][ T6003] ? __pfx_worker_thread+0x10/0x10 [ 250.007921][ T6003] ? __pfx_kthread+0x10/0x10 [ 250.012596][ T6003] ? _raw_spin_unlock_irq+0x23/0x50 [ 250.017960][ T6003] ? lockdep_hardirqs_on+0x9c/0x150 [ 250.023205][ T6003] ? __pfx_kthread+0x10/0x10 [ 250.027934][ T6003] ret_from_fork+0x3fc/0x770 [ 250.032579][ T6003] ? __pfx_ret_from_fork+0x10/0x10 [ 250.037811][ T6003] ? __switch_to_asm+0x39/0x70 [ 250.042659][ T6003] ? __switch_to_asm+0x33/0x70 [ 250.047828][ T6003] ? __pfx_kthread+0x10/0x10 [ 250.052497][ T6003] ret_from_fork_asm+0x1a/0x30 [ 250.057813][ T6003] [ 250.060902][ T6003] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 250.068217][ T6003] CPU: 0 UID: 0 PID: 6003 Comm: kworker/0:8 Not tainted 6.15.0-syzkaller-10820-gcd2e103d57e5 #0 PREEMPT(full) [ 250.080237][ T6003] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 250.090747][ T6003] Workqueue: events request_firmware_work_func [ 250.097054][ T6003] Call Trace: [ 250.100372][ T6003] [ 250.103353][ T6003] dump_stack_lvl+0x99/0x250 [ 250.107970][ T6003] ? __asan_memcpy+0x40/0x70 [ 250.112611][ T6003] ? __pfx_dump_stack_lvl+0x10/0x10 [ 250.118064][ T6003] ? __pfx__printk+0x10/0x10 [ 250.122813][ T6003] panic+0x2db/0x790 [ 250.126737][ T6003] ? __pfx_panic+0x10/0x10 [ 250.131169][ T6003] ? show_trace_log_lvl+0x4fb/0x550 [ 250.136429][ T6003] ? ret_from_fork_asm+0x1a/0x30 [ 250.141423][ T6003] __warn+0x31b/0x4b0 [ 250.145510][ T6003] ? kernfs_get+0x72/0x90 [ 250.149969][ T6003] ? kernfs_get+0x72/0x90 [ 250.154422][ T6003] report_bug+0x2be/0x4f0 [ 250.158866][ T6003] ? kernfs_get+0x72/0x90 [ 250.163398][ T6003] ? kernfs_get+0x72/0x90 [ 250.167747][ T6003] ? kernfs_get+0x74/0x90 [ 250.172197][ T6003] handle_bug+0x84/0x160 [ 250.176542][ T6003] exc_invalid_op+0x1a/0x50 [ 250.181064][ T6003] asm_exc_invalid_op+0x1a/0x20 [ 250.185925][ T6003] RIP: 0010:kernfs_get+0x72/0x90 [ 250.190872][ T6003] Code: e8 03 ba 62 ff 48 89 df be 04 00 00 00 e8 56 46 c6 ff f0 ff 03 eb 05 e8 ec b9 62 ff 5b 5d c3 cc cc cc cc cc e8 df b9 62 ff 90 <0f> 0b 90 eb d6 89 d9 80 e1 07 80 c1 03 38 c1 7c b6 48 89 df e8 55 [ 250.210746][ T6003] RSP: 0018:ffffc9000b5c7620 EFLAGS: 00010293 [ 250.216826][ T6003] RAX: ffffffff825d8101 RBX: ffff8880604e91e0 RCX: ffff888027263c00 [ 250.224811][ T6003] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 250.232963][ T6003] RBP: 0000000000000000 R08: ffff8880604e91e3 R09: 1ffff1100c09d23c [ 250.240950][ T6003] R10: dffffc0000000000 R11: ffffed100c09d23d R12: ffff88804dbf8030 [ 250.249023][ T6003] R13: 1ffff11009b7f007 R14: ffff88804dbf8038 R15: 1ffff11009b7f006 [ 250.257100][ T6003] ? kernfs_get+0x71/0x90 [ 250.261460][ T6003] kobject_add_internal+0x632/0xb40 [ 250.266765][ T6003] kobject_add+0x155/0x220 [ 250.271198][ T6003] ? __pfx_kobject_add+0x10/0x10 [ 250.276177][ T6003] ? __pfx_kobject_add+0x10/0x10 [ 250.281187][ T6003] ? kobject_put+0x43f/0x480 [ 250.285819][ T6003] ? get_device_parent+0x366/0x3a0 [ 250.290987][ T6003] device_add+0x408/0xb50 [ 250.295341][ T6003] firmware_fallback_sysfs+0x2e4/0x9b0 [ 250.300836][ T6003] _request_firmware+0xf83/0x15b0 [ 250.305981][ T6003] ? __pfx__request_firmware+0x10/0x10 [ 250.311727][ T6003] ? process_scheduled_works+0x9ef/0x17b0 [ 250.317505][ T6003] request_firmware_work_func+0xaf/0x1c0 [ 250.323173][ T6003] ? process_scheduled_works+0x9ef/0x17b0 [ 250.329018][ T6003] process_scheduled_works+0xade/0x17b0 [ 250.334798][ T6003] ? __pfx_process_scheduled_works+0x10/0x10 [ 250.340806][ T6003] worker_thread+0x8a0/0xda0 [ 250.345441][ T6003] kthread+0x711/0x8a0 [ 250.349543][ T6003] ? __pfx_worker_thread+0x10/0x10 [ 250.354667][ T6003] ? __pfx_kthread+0x10/0x10 [ 250.359274][ T6003] ? _raw_spin_unlock_irq+0x23/0x50 [ 250.364489][ T6003] ? lockdep_hardirqs_on+0x9c/0x150 [ 250.369700][ T6003] ? __pfx_kthread+0x10/0x10 [ 250.374299][ T6003] ret_from_fork+0x3fc/0x770 [ 250.378907][ T6003] ? __pfx_ret_from_fork+0x10/0x10 [ 250.384218][ T6003] ? __switch_to_asm+0x39/0x70 [ 250.389015][ T6003] ? __switch_to_asm+0x33/0x70 [ 250.393907][ T6003] ? __pfx_kthread+0x10/0x10 [ 250.398506][ T6003] ret_from_fork_asm+0x1a/0x30 [ 250.403304][ T6003] [ 250.406661][ T6003] Kernel Offset: disabled [ 250.411008][ T6003] Rebooting in 86400 seconds..