last executing test programs: 2m53.467395926s ago: executing program 2 (id=585): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) recvmmsg$unix(r0, &(0x7f0000002e00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x40002120, &(0x7f0000002f00)) close_range(r0, 0xffffffffffffffff, 0x0) openat$ppp(0xffffffffffffff9c, 0x0, 0x40082, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r1 = syz_io_uring_setup(0x10d2, &(0x7f0000000340)={0x0, 0x7730, 0x80, 0x5, 0xe}, &(0x7f00000000c0)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2d, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) getpid() sendmmsg$inet(0xffffffffffffffff, &(0x7f0000005240), 0x4000095, 0x0) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) 2m42.348001516s ago: executing program 2 (id=600): socket$inet6(0xa, 0x2, 0x0) r0 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42, 0x0) write$dsp(r0, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) (async) ioctl$SNDCTL_DSP_RESET(r0, 0x5000, 0x0) (async) eventfd2(0x1, 0x1) (async, rerun: 32) r1 = socket$packet(0x11, 0x3, 0x300) (rerun: 32) r2 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') (async, rerun: 32) r3 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) (rerun: 32) write$UHID_CREATE2(r3, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) (async) mmap(&(0x7f00003f3000/0xc00000)=nil, 0xc00000, 0xb635773f06ebbeee, 0x4000010, r3, 0x70f9a000) (async) r4 = syz_open_dev$hidraw(&(0x7f0000000000), 0x0, 0x81) write$UHID_DESTROY(r3, &(0x7f00000001c0), 0x4) (async) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) (async) write(r4, &(0x7f0000000100), 0x0) close_range(r5, 0xffffffffffffffff, 0x0) (async) preadv(r2, &(0x7f00000000c0)=[{&(0x7f0000000580)=""/128, 0x80}], 0x1, 0x12e, 0x0) (async) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, &(0x7f0000000380)={&(0x7f0000000100)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f0000000240), &(0x7f0000000300)=[0x0], 0x7, 0x5, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_CURSOR(r2, 0xc01c64a3, &(0x7f00000003c0)={0x0, r6, 0xfffffffc, 0x41a, 0xe, 0x5, 0x5f6}) (async, rerun: 64) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) (rerun: 64) getpeername$packet(r7, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) (async, rerun: 32) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='ns\x00') (rerun: 32) futimesat(r9, &(0x7f0000000000)='./cgroup\x00', 0x0) (async) ioctl$UFFDIO_API(r9, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x240}) (async) sendmmsg(r1, &(0x7f0000000440)=[{{&(0x7f0000000600)=@xdp={0x2c, 0xdd86, r8, 0x36}, 0x80, &(0x7f0000000140)=[{&(0x7f00000000c0)='O', 0x1}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0) socket(0x2a, 0x2, 0x0) (async) sendmsg$nl_route_sched(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000200)=@getqdisc={0x40, 0x26, 0x400, 0x70bd2d, 0x25dfdbfe, {0x0, 0x0, 0x0, r8, {0x3, 0xfff2}, {0xc, 0x9}, {0xd, 0xe}}, [{0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}, {0x4}]}, 0x40}}, 0x801) (async) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000e40)=@newtfilter={0x34, 0x2c, 0x601, 0x70bd2d, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {}, {0xc, 0x1}}, [@filter_kind_options=@f_basic={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x48080}, 0x24000840) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x10000}, 0xc) r10 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000480)=ANY=[@ANYBLOB="1201100100000040700c11f000000000000109022400010000b335385700000103000080092173630d97b0f5cb6ae2e5be810a90000000012207000905810300044000002e39ca7a4b7db8c2438e8f5627964cef34a94549b62b7b9806147c9e815e634c22ebb534a3cca3c2177269b959d65728d24fb94899f12ac099b10b854c3149265dc1c3eef0e1"], 0x0) syz_usb_control_io$hid(r10, 0x0, 0x0) 2m33.055297733s ago: executing program 2 (id=619): r0 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'bridge0\x00', 0x0}) r2 = socket(0x10, 0x80002, 0x0) io_setup(0x401, &(0x7f0000000040)=0x0) io_submit(r3, 0x1, &(0x7f0000000040)) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="440000001300290a000000000000000007000000", @ANYRES32=r1, @ANYBLOB="00000000000000001c001a80080002800800e500080000003e1200"], 0x44}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) unshare(0x400) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="ffffffffffffffffffffffff86dd6060626000102c00fe8000000000000000000000000000bbfe8000000000000000000000000000aa330000"], 0x0) r4 = syz_usb_connect(0x0, 0x202, 0x0, 0x0) syz_usb_control_io$printer(r4, 0x0, 0x0) r5 = socket(0x15, 0x5, 0x0) connect$l2tp6(r5, &(0x7f0000000200)={0xa, 0x0, 0x81, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x808, 0x2}, 0x20) r6 = timerfd_create(0x1, 0x0) timerfd_settime(r6, 0x3, &(0x7f0000000100)={{}, {0x0, 0x3938700}}, 0x0) timerfd_gettime(r6, 0x0) r7 = add_key$keyring(0x0, &(0x7f0000001300)={'syz', 0x1}, 0x0, 0x0, 0xffffffffffffffff) syz_usb_control_io$hid(r4, &(0x7f0000000400)={0x24, &(0x7f0000000880)={0x0, 0x22, 0x9a, {0x9a, 0x1, "17e0813779ecc5feb49f272e0e09f47789dfd071d5aaf8290f0c270ba29c05d2fd20951105743eac785005f11e4d82386de60cebe153f16877d264c67299b8e6c5bdf6665e0a66cd3f5b2b7993bf36511283cd889e58f8231a397aef10248a02e7723b44a6aeec6b5e1a6f93e152fd1282a6bb6236e603f82ebdb9664aebed8aec0e6d1d6b8701dadb2b11afaed954db79407d537f3dc073"}}, &(0x7f0000000240)={0x0, 0x3, 0x81, @string={0x81, 0x3, "8f0b124025ed60a4a1d33383b7f65646ae165bd4d8e7c7a9f24c59522d1b74bdf2f17013db5ee2f315224c3bc186e88bc332498f9baf3d7c7dca3ea331279b24aebbb0b7b870c601cd0f9a161e21c5f79a2c473bffafcdccd424730c66998d31808de378ca1391f7a9dd4e21e5a09d9e97777e7d0ea99f5de0acd4c6d790cb"}}, &(0x7f0000000180), &(0x7f0000000840)={0x0, 0x21, 0x9, {0x9, 0x21, 0x800d, 0x6f, 0x1, {0x22, 0x879}}}}, &(0x7f0000000800)={0x2c, &(0x7f0000000580)={0x40, 0xb, 0x93, "9e60e3cac032d5f5f832f62a28070000000000000085d84f81a3b2ccb840ece6aa96fc47cab6e55f9519633f1fd4710a98cddc4ba405eaee17dada23dbf028e967115dee961112e71a1215de73007f94e827161ca17518e1e5777ffa1452a2c214d35af997ec2678078d5e40f16fc35d637572d9a1a0f0afe02e0864315232c9e950eede6fbad3752b8316a3dfad3133fec827"}, &(0x7f00000004c0)={0x0, 0xa, 0x1, 0x88}, &(0x7f0000000500)={0x0, 0x8, 0x1, 0x4}, &(0x7f0000000640)={0x20, 0x1, 0x100, "263b892bb0e7780d8e6967a77c1a46e575a250a399af8b067ac405e66cce811f19c91eead047ec29ac3b959ba7601515dcacfa8d2d8ddf7fd044760b2058045b1e78f42bacb6aa972113f69266f451b1063dfdad457d3b25c4e8be633dd764a8a989156401460d382b07bda4893e6857a4d67f1a8b64ea6833d1839982e7c6789eabdda2ad4e062f615f3fda1fd98fcb766ab3efc9b5f0cb8797b2064bddfe23424dfed25399779edd0909e4b8f1aa2f7665bb8baea9a13c588e72ca6dfbabc9a1fe62ee5a71a8a68574da87d7485a73cc10a823938008e9fba2b276822a647444f7aa528e66ef647f5537723a47a952c9215fb319b2fc8437aa214663b20431"}, &(0x7f00000001c0)={0x20, 0x3, 0x1, 0xfc}}) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x15, 0x10, 0x8, 0x0, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000001e40)={r8, &(0x7f00000002c0), 0x0}, 0x20) keyctl$get_security(0x11, r7, &(0x7f0000000300)=""/252, 0xfc) 2m31.041960331s ago: executing program 2 (id=622): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x5, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000040)={0x1, @pix={0x3, 0x6, 0x32314752, 0x7, 0x101, 0xc2, 0x3, 0x65, 0x1, 0x6, 0x2, 0x3}}) r2 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'lo\x00', 0x0}) r4 = socket$nl_generic(0x10, 0x3, 0x10) capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200000}) r5 = syz_genetlink_get_family_id$tipc(&(0x7f0000000580), r4) sendmsg$TIPC_CMD_ENABLE_BEARER(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000600)={&(0x7f00000005c0)={0x34, r5, 0x1, 0x70bd2c, 0x25dfdbfb, {{}, {}, {0x18, 0x17, {0x13, 0xa, @l2={'eth', 0x3a, 'ip6gre0\x00'}}}}}, 0x34}, 0x1, 0x0, 0x0, 0x20008000}, 0x4) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="2800000014000305000000000000000002180000", @ANYRES32=r3, @ANYBLOB="08000200ac"], 0x28}}, 0x0) ioctl$sock_inet_SIOCADDRT(r2, 0x890b, &(0x7f0000000680)={0x0, {0x2, 0x100, @empty}, {0x2, 0x0, @loopback}, {0x2, 0x0, @broadcast}, 0x1f, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc7}) 2m29.575193084s ago: executing program 2 (id=623): r0 = socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000440)={{0x12, 0x1, 0x0, 0x5f, 0x2a, 0xb4, 0x20, 0xc72, 0xd, 0x279b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xdb, 0xa2, 0x92}}]}}]}}, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x4) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="89a3000070000100000000cf595c0174675b5b305ea8399e33921ba483614dd11fbf667548d1a5a46db4410d17b057466a02c2eac53465e24ab9a7e9845d8733aebe9408e1", @ANYRES32=r1, @ANYBLOB="0c000180080001"], 0x24}}, 0x0) 2m26.721991294s ago: executing program 2 (id=629): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, 0x0, 0x48080) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000038c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000001440)={'ip6erspan0\x00', 0x2}) ioctl$TUNSETOFFLOAD(r1, 0x400454c9, 0x9) ioctl$TUNGETVNETLE(r1, 0x800454dd, 0x0) ioctl$TUNATTACHFILTER(r1, 0x401054d5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@sco={0x1f, @none}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000100)='O', 0x1}, {&(0x7f0000000240)="f4d93c24447176e4cdb2aae3a65122b3c642edae9dc62951f3705e87bf6fd5aa0804a81f77a049575a6ba8d10355b90dabea86bf89e976f442f31403749bb7344c24f8a55f687e14394755bb2f1dcfe7a4c3aa1ad39a139e677960910f0b79f6081e3d5692835eb5b3f802e60dc2caf59497b9db74adc86b5b68488ac19321d09cd01804f5a72d", 0x87}], 0x2}}], 0x1, 0x0) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_io_uring_setup(0x117, &(0x7f0000000300)={0x0, 0x801, 0x2000, 0x1, 0xfffffffe}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0) inotify_init1(0x800) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)) getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x24}}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) 2m11.293547495s ago: executing program 32 (id=629): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, 0x0, 0x48080) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000038c0), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000001440)={'ip6erspan0\x00', 0x2}) ioctl$TUNSETOFFLOAD(r1, 0x400454c9, 0x9) ioctl$TUNGETVNETLE(r1, 0x800454dd, 0x0) ioctl$TUNATTACHFILTER(r1, 0x401054d5, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/syz0\x00', 0x200002, 0x0) openat$cgroup_int(0xffffffffffffffff, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x1, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r4, 0x107, 0x14, &(0x7f0000000080)=0xfff, 0x4) sendmmsg(r3, &(0x7f0000000440)=[{{&(0x7f0000000700)=@sco={0x1f, @none}, 0x80, &(0x7f0000000180)=[{&(0x7f0000000100)='O', 0x1}, {&(0x7f0000000240)="f4d93c24447176e4cdb2aae3a65122b3c642edae9dc62951f3705e87bf6fd5aa0804a81f77a049575a6ba8d10355b90dabea86bf89e976f442f31403749bb7344c24f8a55f687e14394755bb2f1dcfe7a4c3aa1ad39a139e677960910f0b79f6081e3d5692835eb5b3f802e60dc2caf59497b9db74adc86b5b68488ac19321d09cd01804f5a72d", 0x87}], 0x2}}], 0x1, 0x0) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = syz_io_uring_setup(0x117, &(0x7f0000000300)={0x0, 0x801, 0x2000, 0x1, 0xfffffffe}, 0x0, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0) inotify_init1(0x800) syz_genetlink_get_family_id$batadv(0x0, 0xffffffffffffffff) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f0000000140)) getpeername$packet(0xffffffffffffffff, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f00000000c0)=0x14) sendmsg$BATADV_CMD_GET_NEIGHBORS(0xffffffffffffffff, &(0x7f0000004340)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x24}}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) 1m39.568704086s ago: executing program 3 (id=699): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000009, 0x4008032, 0xffffffffffffffff, 0xffffd000) futex(&(0x7f0000000000), 0x0, 0x0, 0x0, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) fcntl$F_SET_RW_HINT(r1, 0x40c, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) r3 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_ADD_VIF(r3, 0x0, 0xca, &(0x7f00000000c0)={0x1f, 0x0, 0x0, 0x0, @vifc_lcl_addr=@dev={0xac, 0x14, 0x14, 0x2c}, @rand_addr=0xff}, 0x10) setsockopt$MRT_ADD_MFC_PROXY(r3, 0x0, 0xd2, &(0x7f0000000080)={@loopback, @multicast1, 0x1, "d64724f6257e43b341dc333940c1ca0000000000002000", 0xffffffff, 0x0, 0x5, 0xc3b}, 0x3c) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000e00)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000610000005000400000000000900020073797a3100000000050005000200000012000300686173683a6e65742c706f7274"], 0x4c}, 0x1, 0x0, 0x0, 0x20000000}, 0x2) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={0x48, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x20, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0x88}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) sendmsg$IPSET_CMD_DESTROY(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000500)={0x1c, 0x3, 0x6, 0x201, 0x0, 0x0, {0x0, 0x0, 0x7}, [@IPSET_ATTR_PROTOCOL={0x5}]}, 0x1c}}, 0x0) syz_usb_connect(0x2, 0x49, &(0x7f0000002dc0)=ANY=[@ANYBLOB="12010000a52bfb0821048f79548601020301090237000100000000090400000002fe170005"], 0x0) 1m35.642091649s ago: executing program 3 (id=704): bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x5, &(0x7f0000000240)=ANY=[@ANYBLOB="b405000000ee99"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) socket$inet6(0xa, 0x3, 0xff) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r1 = openat(0xffffffffffffffff, 0x0, 0x422180, 0x0) openat$cgroup_ro(r1, 0x0, 0x275a, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)) pipe(&(0x7f0000000080)) socket(0x11, 0x800000003, 0x0) socket$netlink(0x10, 0x3, 0x0) socket(0x2, 0x80805, 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) socket(0x8, 0xa, 0x1004) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x4, 0x1, 0x0, 0x0, 0x2}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x4}}}}]}]}, 0x70}}, 0x20040000) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r5, @ANYBLOB="08000100", @ANYRES32=r7], 0x90}}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) r8 = socket$inet6(0xa, 0x3, 0x38) r9 = fsopen(&(0x7f0000000000)='autofs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r9, 0x1, &(0x7f0000000040)='fd', &(0x7f0000000140)='\x00\x00g\x0e\xaccg\xf6\xd3\'\xec$\xbem\xfc\xf1\xd5\xab\x87u\xeb\xb4\x8c[\xd7R\xa0.3[\x99\v\xb7:b\xd6\x8ek\xf8L=\xf7\x85o\xaeG^\xe5\xa1 )\xab\x98)Rjm\x02\xf7\b\x8d\xa3z\xf8\xd6\xbf=ED\x9csg\xcbw\x81fM\xce/Ly\x1b,\x9c\xae\xc0\xeb\xab\xb0\xb1\xeb\xff\x85w\xe3\xcdz(I', 0x0) setsockopt$inet6_int(r8, 0x29, 0x7, 0x0, 0x0) 1m33.033974337s ago: executing program 3 (id=709): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[], 0x48) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r2, &(0x7f0000000080)={0x10, 0x0, 0x0, 0x1}, 0xc) r3 = socket$inet6(0xa, 0x3, 0x7) syz_emit_vhci(&(0x7f0000000240)=ANY=[@ANYBLOB='\"'], 0x7) ioctl$SOUND_MIXER_INFO(0xffffffffffffffff, 0x805c4d65, &(0x7f00000004c0)) r4 = openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r4, 0x3ba0, 0x0) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r4, 0x3ba0, 0x0) connect$inet6(r3, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r3, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {}, 0x0, 0x0, 0x1}, {{@in=@private=0xa010101, 0x0, 0x33}, 0x0, @in=@dev, 0x200, 0x0, 0x0, 0x7}}, 0xe8) sendmmsg(r3, &(0x7f0000000480), 0x2e9, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r6, &(0x7f0000001b00)={0x0, 0x0, 0x0, 0x0, &(0x7f0000001d80)=ANY=[@ANYBLOB="28010000000000"], 0x128}, 0x0) recvmsg$unix(r5, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x43, 0x0, 0x0, &(0x7f0000000080), 0x100}, 0x0) recvmsg$unix(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900), 0x100}, 0x0) 1m25.242664735s ago: executing program 3 (id=717): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x4000, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x20009}, [@IFLA_PORT_SELF={0x4}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'batadv_slave_0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0xc014}, 0x8010) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000002180)='./file0\x00', 0x0, &(0x7f0000002880)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}}, 0x1, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) (async) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x4000, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0x20009}, [@IFLA_PORT_SELF={0x4}, @IFLA_ADDRESS={0xa, 0x1, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x2d}}, @IFLA_ALT_IFNAME={0x14, 0x35, 'batadv_slave_0\x00'}]}, 0x44}, 0x1, 0x0, 0x0, 0xc014}, 0x8010) (async) syz_mount_image$fuse(&(0x7f0000000080), &(0x7f0000002180)='./file0\x00', 0x0, &(0x7f0000002880)={{}, 0x2c, {'rootmode', 0x3d, 0xa000}}, 0x1, 0x0, 0x0) (async) 1m23.932574085s ago: executing program 3 (id=721): socket(0x10, 0x803, 0x0) r0 = socket(0x10, 0x803, 0x0) r1 = syz_open_dev$mouse(&(0x7f0000000080), 0x5f43, 0x12b143) fremovexattr(r1, &(0x7f0000000500)=@known='system.posix_acl_access\x00') ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000000)={'erspan0\x00', &(0x7f00000000c0)={'gretap0\x00', 0x0, 0x7, 0x700, 0x0, 0x9f74, {{0x24, 0x4, 0x3, 0x5, 0x90, 0x66, 0x0, 0xd0, 0x29, 0x0, @multicast1, @rand_addr=0x64010101, {[@timestamp={0x44, 0x20, 0xef, 0x0, 0x4, [0x24, 0x49d9, 0x7, 0x7, 0x8, 0x10000, 0x4]}, @noop, @ra={0x94, 0x4, 0x1}, @cipso={0x86, 0x3e, 0x0, [{0x6, 0xd, "f3afbbdb2d9d6e01edec1a"}, {0x2, 0x6, "06df0a97"}, {0x0, 0x9, "7db05e4766008c"}, {0x2, 0xd, "be4b681223f30bfa0470d5"}, {0x0, 0xf, "f026e81f12b22e3c53204eed67"}]}, @rr={0x7, 0x17, 0x34, [@empty, @remote, @rand_addr=0x64010102, @local, @empty]}]}}}}}) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000000040)={'syztnl0\x00', &(0x7f0000000180)={'syztnl0\x00', r2, 0x29, 0x4, 0xa4, 0x4, 0x1, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @remote, 0x1, 0x8, 0x7, 0x2}}) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'bridge_slave_1\x00', &(0x7f0000000200)=@ethtool_sset_info={0x37, 0x79, 0x4, [0x401, 0x1, 0x1, 0x6, 0xa5d, 0x2]}}) 1m23.242045792s ago: executing program 3 (id=722): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BATADV_ALGO_NAME={0x10, 0x1, 'BATMAN_V'}]}}}]}, 0xfd12}}, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0) r3 = socket$inet(0x2, 0x4000000805, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000080)="0f236eb9010900000f32826d0800440f20c0350f000000440f22c0b9800000c00f3235000800000f300fc7accd706c00000f017725f6eaf30fa7c02e0f08", 0x3e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) r9 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r8) pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) add_key(&(0x7f00000018c0)='big_key\x00', 0x0, &(0x7f0000001940)='\f', 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r9, r10, 0xb1) r12 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000280)={'fscrypt:', @auto=[0x66, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x34, 0x0, 0x0, 0x64, 0x35, 0x0, 0x39, 0x65]}, &(0x7f0000000180)={0x0, "de8d0d27ca969fa15f8b3b7bae39c1b3327d4332f8c149d2d65a347d67f6db7eb90dfdad3cdebaaf421412f812305c9da91699b5a02c1295596f0fd9ec78f2fd", 0x18}, 0x48, r8) keyctl$KEYCTL_MOVE(0x16, r12, r8, r9, 0x0) r13 = request_key(&(0x7f00000001c0)='cifs.spnego\x00', &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000380)='/dev/uinput\x00', 0x0) keyctl$update(0x2, r13, &(0x7f0000000780)="4725f5c84e06ea5126367389c3125e35a22191588b137b805a384e0a9f101a677d1ae0a43fd7edced92382e7690efb2a7424458a6da9944178286bad00c37bcec18d0c906c4db2670519daf11fb8e6a942abb88000413c542a65b429d86d6bd39e73ec68f62456a6fa23f599d5a6de3631a7a498e5a4e4a4ae4cfd49e8b40b193cb1864b2bcc31ea73490046aaf725aaf2b31cb9e2eb876e604381ab5b1189b8c4f7a87fc823decb1ba83ddb9d6c5b9ca9183835743c330c11a41bd73cf774497fa3320efa0d1e3bb6061bf4891418cc8295b48ac546c930e42832ccbb3eff0922bac0ae44bd634864015ffb794d202ffe1077220424b4a8", 0xf8) keyctl$dh_compute(0x17, &(0x7f0000000180)={r12, 0x0, r13}, &(0x7f0000000380)=""/211, 0xd3, &(0x7f00000002c0)={&(0x7f00000001c0)={'crct10dif-generic\x00'}, &(0x7f0000000240)="ba8b5c6d4b16393229c8ffa3cfb104e3265e54a7fe43111f442fa26e992c", 0x1e}) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000500)={r2}, &(0x7f0000000540)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r11, 0x84, 0x9, &(0x7f0000000580)={r14, @in6={{0xa, 0x4e21, 0x100, @private0, 0x219}}, 0xd, 0x3e6, 0x0, 0x101, 0x2, 0x1, 0x2}, &(0x7f0000000640)=0x9c) getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x27) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000300)={r15}, &(0x7f0000000340)=0x8) 1m7.979114466s ago: executing program 33 (id=722): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @batadv={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BATADV_ALGO_NAME={0x10, 0x1, 'BATMAN_V'}]}}}]}, 0xfd12}}, 0x0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x1c, &(0x7f0000000000)=[@in6={0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x9}]}, 0x0) r3 = socket$inet(0x2, 0x4000000805, 0x0) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = dup(r5) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x2000, 0x1000, &(0x7f0000003000/0x1000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x11, 0x0, 0x0) syz_kvm_setup_cpu$x86(r6, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text32={0x20, &(0x7f0000000080)="0f236eb9010900000f32826d0800440f20c0350f000000440f22c0b9800000c00f3235000800000f300fc7accd706c00000f017725f6eaf30fa7c02e0f08", 0x3e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r7, 0xae80, 0x0) r8 = add_key$keyring(&(0x7f0000000200), &(0x7f0000000240)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffb) r9 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x0}, 0x0, 0x0, r8) pipe2$watch_queue(&(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) add_key(&(0x7f00000018c0)='big_key\x00', 0x0, &(0x7f0000001940)='\f', 0x1, 0xfffffffffffffffe) keyctl$KEYCTL_WATCH_KEY(0x20, r9, r10, 0xb1) r12 = add_key$fscrypt_v1(&(0x7f0000000080), &(0x7f0000000280)={'fscrypt:', @auto=[0x66, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x34, 0x0, 0x0, 0x64, 0x35, 0x0, 0x39, 0x65]}, &(0x7f0000000180)={0x0, "de8d0d27ca969fa15f8b3b7bae39c1b3327d4332f8c149d2d65a347d67f6db7eb90dfdad3cdebaaf421412f812305c9da91699b5a02c1295596f0fd9ec78f2fd", 0x18}, 0x48, r8) keyctl$KEYCTL_MOVE(0x16, r12, r8, r9, 0x0) r13 = request_key(&(0x7f00000001c0)='cifs.spnego\x00', &(0x7f0000000300)={'syz', 0x3}, &(0x7f0000000380)='/dev/uinput\x00', 0x0) keyctl$update(0x2, r13, &(0x7f0000000780)="4725f5c84e06ea5126367389c3125e35a22191588b137b805a384e0a9f101a677d1ae0a43fd7edced92382e7690efb2a7424458a6da9944178286bad00c37bcec18d0c906c4db2670519daf11fb8e6a942abb88000413c542a65b429d86d6bd39e73ec68f62456a6fa23f599d5a6de3631a7a498e5a4e4a4ae4cfd49e8b40b193cb1864b2bcc31ea73490046aaf725aaf2b31cb9e2eb876e604381ab5b1189b8c4f7a87fc823decb1ba83ddb9d6c5b9ca9183835743c330c11a41bd73cf774497fa3320efa0d1e3bb6061bf4891418cc8295b48ac546c930e42832ccbb3eff0922bac0ae44bd634864015ffb794d202ffe1077220424b4a8", 0xf8) keyctl$dh_compute(0x17, &(0x7f0000000180)={r12, 0x0, r13}, &(0x7f0000000380)=""/211, 0xd3, &(0x7f00000002c0)={&(0x7f00000001c0)={'crct10dif-generic\x00'}, &(0x7f0000000240)="ba8b5c6d4b16393229c8ffa3cfb104e3265e54a7fe43111f442fa26e992c", 0x1e}) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r4, 0x84, 0x66, &(0x7f0000000500)={r2}, &(0x7f0000000540)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r11, 0x84, 0x9, &(0x7f0000000580)={r14, @in6={{0xa, 0x4e21, 0x100, @private0, 0x219}}, 0xd, 0x3e6, 0x0, 0x101, 0x2, 0x1, 0x2}, &(0x7f0000000640)=0x9c) getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f00000004c0)=0x27) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.io_queued_recursive\x00', 0x0, 0x0) getsockopt$inet_sctp_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f0000000300)={r15}, &(0x7f0000000340)=0x8) 1m5.960370556s ago: executing program 1 (id=742): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000100)={0x26, 'hash\x00', 0x0, 0x0, 'wp384\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000002740)=ANY=[], 0x24}, 0x1, 0x0, 0x0, 0x2000c090}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r2) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000004c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_CQM(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000600)={&(0x7f0000000500)=ANY=[@ANYBLOB='<\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010025bd7000fcdbdf253f00000008000300", @ANYRES32=r4, @ANYBLOB="20005e8004000100080005001b000000080006000200000008000700ad0410"], 0x3c}, 0x1, 0x0, 0x0, 0x4080}, 0x4004000) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) rt_sigpending(0x0, 0x0) 1m4.494632736s ago: executing program 1 (id=744): syz_emit_ethernet(0xd6, &(0x7f0000001600)={@local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xc8, 0x0, 0x0, 0x0, 0x1, 0x0, @rand_addr=0x64010100, @local}, @time_exceeded={0xb, 0x0, 0x0, 0x3, 0x2c, 0x0, {0x29, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x89, 0x0, @private, @local, {[@cipso={0x86, 0x2a, 0x0, [{0x0, 0xd, "5e000000ff000000000000"}, {0x0, 0x5, "4eb8a6"}, {0x0, 0x12, "9606053d0006ff00800000b61af93a93"}]}, @lsrr={0x83, 0x13, 0x0, [@dev, @loopback, @loopback, @multicast2]}, @cipso={0x86, 0x49, 0x0, [{0x0, 0x7, "4b6cefc500"}, {0x0, 0xc, "df61168c24ac88ad078c"}, {0x0, 0xa, "2189ea43a2149b84"}, {0x0, 0x12, "ffd11634eea26b0faffa0dea2e903528"}, {0x0, 0x6, "02a20948"}, {0x0, 0xe, "ccf0294e2a3bdb4aa40b249e"}]}, @timestamp={0x44, 0x8, 0x0, 0x0, 0x0, [0x0]}]}}, "a815a23da43974ff"}}}}}, 0x0) 1m3.745087703s ago: executing program 1 (id=747): madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) rseq(&(0x7f0000000680), 0x20, 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000700)={&(0x7f0000000200)=ANY=[@ANYBLOB="090000000104010400000000000000100000d97de4177eec66941c2104bbf62097c9570adae0dbef1caac8c6eb84bacf39dc33e5c696694f7944b6a73ec11845ff4600"/78], 0x1c}, 0x1, 0x0, 0x0, 0x20000000}, 0x2400c090) close(r0) r1 = socket$packet(0x11, 0x2, 0x300) socket(0x10, 0x803, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000031, 0x3, 0x0) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000d40)=@newtaction={0x27c, 0x30, 0x4, 0x70bd29, 0x25dfdbff, {}, [{0x268, 0x1, [@m_xt={0x264, 0xc, 0x0, 0x0, {{0x7}, {0x184, 0x2, 0x0, 0x1, [@TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_TARG={0x34, 0x6, {0x3, 'mangle\x00', 0x4, 0x7fff, "d15ab4bd987dffee2c32"}}, @TCA_IPT_HOOK={0x8, 0x2, 0x1}, @TCA_IPT_TARG={0xda, 0x6, {0x3, 'nat\x00', 0x7f, 0x3, "1752210928501d1ed4ddd51c4ec137371620866874a0bf3c1db0ef6de9afa0b6025ae2166823e0b4deb81ece65c97046f332bfa14c7a37ddfb500d6e180bc774d629c55397170529b322788feae13bb07392a339a8253378e5d29934fd8c05426c42fdfb67b8380bcf6ac9cb9f967285b0e3a49d50f788f1f65a9bfd0efaf6f737a7bc7cd3c40854415203e12c194a62b5e51f619703219acb59284e4b5897317167b9c223d43f87615897bf0788205e"}}, @TCA_IPT_HOOK={0x8}, @TCA_IPT_HOOK={0x8, 0x2, 0x3}, @TCA_IPT_INDEX={0x8, 0x3, 0x1000006}, @TCA_IPT_TABLE={0x24, 0x1, 'mangle\x00'}, @TCA_IPT_HOOK={0x8, 0x2, 0x2}]}, {0xb9, 0x6, "a40f1e94f9ca47b130b4b9a4149d61f824384031242bc4de804ddea2fad1ea59898a39562371c57a30f3de59666b1789e4139cc85b701b7abfe1ff50909749c319814142b0ae86f935d6cba3bb88d7b7bbe8cdb25448e408fb4577f8753d518ff7fe99b896af19858b04071d62c26deb6dcc02ab7c95f7f7c61b2d863db25d8b87294a8f6f7ac0911cea5f8f3a81714c077e5b3c730ecd8e8cff78e04f3d1a1fe30ca0b47a6f1c05e8522697796bfb30129ddd6d4d"}, {0xc, 0x7, {0x1, 0x921022959b78a66d}}, {0xc, 0x8, {0x0, 0x1}}}}]}]}, 0x27c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000900)=@delchain={0x3e4, 0x65, 0x20, 0x70bd25, 0x25dfdbfc, {0x0, 0x0, 0x0, r5, {0x7, 0xe}, {0xfff2, 0x4}, {0x2}}, [@filter_kind_options=@f_fw={{0x7}, {0x10, 0x2, [@TCA_FW_POLICE={0xc, 0x2, [@TCA_POLICE_AVRATE={0x8, 0x4, 0xcf}]}]}}, @filter_kind_options=@f_u32={{0x8}, {0x388, 0x2, [@TCA_U32_SEL={0x384, 0x5, {0xc, 0x4, 0x0, 0x6, 0x7, 0x81, 0x401, 0xf, [{0x80, 0x3, 0x8c3c, 0x9}, {0x5, 0x7f, 0xc5, 0x4}, {0x9, 0x10, 0x2, 0xffffffff}, {0xd6a, 0x80000000, 0x2, 0x2}, {0x4, 0x33, 0x7ff, 0x9}, {0x1, 0x0, 0x1, 0xa}, {0x3, 0x8001, 0x8, 0x6}, {0x8, 0xb, 0x9, 0x5636}, {0x9, 0xdaa, 0x3, 0x7}, {0x8001, 0x3, 0x1, 0x8}, {0x2, 0x10001, 0x3ff, 0x5}, {0x4, 0x1, 0xc, 0x428}, {0x8, 0x7, 0x4}, {0x91, 0x9, 0x10001, 0x8}, {0x3ff, 0x9dd, 0x6, 0x4}, {0x2, 0x2, 0x81, 0x6}, {0x4, 0x6, 0x7f, 0x8001}, {0x4, 0x7, 0x800, 0x8}, {0xfffffff7, 0x7, 0x5, 0x1}, {0x9, 0x8, 0x33c, 0x8}, {0x6, 0x5, 0x5, 0x4}, {0x800, 0xfffffffe, 0x10, 0x9}, {0x5, 0x4, 0x8001, 0x9}, {0x3, 0xde, 0x2, 0x2}, {0x7, 0xf2eb, 0x9, 0x5}, {0x7, 0x5, 0xfffffffb}, {0x5, 0x7, 0x8887}, {0x5, 0x40, 0x7fff, 0x9}, {0x4, 0x901, 0x100, 0x3ff}, {0x9, 0x38a, 0x0, 0x3}, {0x9, 0xe, 0xdf5c, 0x8}, {0x40, 0x6, 0x10001, 0x1}, {0x685, 0x7, 0x10001, 0xffffdbdc}, {0x4, 0xb, 0x7, 0x9}, {0x0, 0x1, 0x3, 0x80000001}, {0xe0, 0xffff, 0xdd, 0x7}, {0x1, 0x400, 0xfffffc01, 0x1}, {0x8, 0x40, 0x1, 0x4}, {0x560c, 0x2, 0x7, 0x9}, {0xffffffff, 0x4, 0x9, 0x4}, {0x9, 0x3, 0x1001, 0x8000}, {0x8, 0x2, 0x8, 0x29d}, {0x6, 0x1, 0x4, 0xe0a}, {0x7, 0xa, 0x1, 0x4}, {0x5, 0xfffffe00, 0x1, 0x1000}, {0x4, 0x80000001, 0xfff, 0xf29}, {0x3ff, 0x101, 0x8001, 0xffffffff}, {0x3d780000, 0x9, 0xebf, 0x5}, {0x100, 0x8, 0x1000, 0x6}, {0x3, 0xb73e, 0x5, 0x10}, {0x6, 0x6, 0x8000, 0xc0a}, {0x1, 0xff, 0x3f, 0x2}, {0x7, 0x80006, 0x0, 0xc}, {0x0, 0x1ff, 0x0, 0x72c}, {0x7, 0x8, 0x10, 0x4}]}}]}}, @TCA_RATE={0x6, 0x5, {0xfe, 0xb}}, @TCA_RATE={0x6, 0x5, {0xc0, 0x2}}, @TCA_RATE={0x6, 0x5, {0x9, 0x84}}]}, 0x3e4}, 0x1, 0x0, 0x0, 0x20008804}, 0x200040c4) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000001740)=@nat={'nat\x00', 0x1b, 0x5, 0x490, 0x378, 0x4c0, 0xffffffff, 0x0, 0x258, 0xdb8, 0xdb8, 0xffffffff, 0xdb8, 0xdb8, 0x5, 0x0, {[{{@ipv6={@private2, @loopback, [0xff000000, 0x0, 0xff, 0xffffffff], [0xff, 0xffffffff, 0xff], 'gre0\x00', 'netdevsim0\x00', {0xff}, {0xff}, 0x3b, 0x3, 0x8, 0x24}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x5, @ipv4=@private=0xa010100, @ipv6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', @icmp_id=0x66, @gre_key}}}, {{@ipv6={@loopback, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, [0xffffffff, 0xffffff00, 0xffffff00, 0xffffff00], [0xff000000, 0xff, 0xffffffff, 0xff], 'dummy0\x00', 'veth0_to_hsr\x00', {0xff}, {}, 0x33, 0x1, 0x4, 0xe}, 0x0, 0xa8, 0xf0}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0x0, @ipv4=@private=0xa010101, @ipv6=@local, @gre_key=0x8, @gre_key=0xfffb}}}, {{@ipv6={@loopback, @private2={0xfc, 0x2, '\x00', 0x1}, [0xff, 0xffffff00, 0xff000000], [0xff000000, 0x1fffffe00, 0xff000000, 0xffffffff], 'nr0\x00', 'ip6_vti0\x00', {0xff}, {}, 0x1, 0x9, 0x4, 0x1e}, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x10, @ipv4=@broadcast, @ipv6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, @icmp_id=0x66, @icmp_id=0x68}}}, {{@uncond, 0x0, 0xa8, 0xf0}, @MASQUERADE={0x48, 'MASQUERADE\x00', 0x0, {0x2, @ipv6=@private0, @ipv6=@mcast1, @gre_key=0x1, @gre_key}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x4f0) r6 = socket$alg(0x26, 0x5, 0x0) bind$alg(r6, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r6, 0x117, 0x1, 0x0, 0x0) r7 = accept4(r6, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000035c0), r7) sendmsg$alg(r7, &(0x7f0000003540)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000680)="c8d91646cdf1a1dd3d87db76ccd7cd6e2d0a850a2c32845a0d173637d69df0c54da1be9390b0c211e9757781e11b655fb7c6c97aaec06e4aafd296dda86d216de84fec574df32b892f7a9833375097bbcbf692779b9c917fcfb237e1c48ded03d607fb44bf4171e6866c63c64a41d83ab1a23ea49df988a86bd155b7a89f4b2cb4aef199eba209230c87d230ea700d6b7bda39a86d866505e01a3ae210d12effe650c81b58287dcc2ffdef5e8c7c85681486785bf987731a1e7601c7bf0c8afde7debf8a0fd8355784c3bbf0c72c76e91dfa5036734644a20b61fc215a32fcd97de3b57ca43e65588879abeee1e2e8ac1830e11846f2f0335e18c56ef4fa4aa55e287a46c87b2d8db85137d294bfe869893ce3c9a4ffd024c140afb4a2bef11aa3a669c40f34ee7556f65a8f67fa2a0217c3dfe87c1c5a547cfe26ef68c0bebb7f15509cf8a8f0dbbbd3733babc58fdaedd742ada7a28ac3924ea3e104ba2a54af436692aa88a64fb644298d2ab9dc1a0a56b91fed6af17c6517f24ac9cc09ca1837f45e48f5933679422c0ba522bc45717fc7ed0a1e255d18b318315867ddea303d90250aab7d223ceabf8d5928dea1b22ee442dd02afbc9ca2dc5dad38c83dddfac5a5da4fcf1ec4b75eec001924cc8e154dc9a8d25e070913f4e5a0f71ffaa33002dfe713222c20eb8f3baaf4d8fbb7742c93cd28516ab419366bc80ee65317aa5f7f3409075fdcf4d8f464db7107fd2e66e6128d23a911615609122da2f725f04ddaa32708e444211c4a7895f6a94e11d193a057ac2a0fdf78b418c7ce961467d640d9dfba8b1de4f0e7160b25ee2bf854ca34628798b213681495fe5258b3031d0f9e497f", 0x267}], 0x1}, 0x2008c005) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r1, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x6}, 0x1c) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'xfrm0\x00'}) sendto$packet(r8, &(0x7f00000001c0)="2095a9fa", 0x4, 0x20008801, 0x0, 0x0) 59.114096395s ago: executing program 1 (id=752): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000001140), 0x8200, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000000)=[@textreal={0x8, 0x0}], 0x1, 0x38, &(0x7f0000000180)=[@cr4={0x1, 0x40002}], 0x1) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000200)="0f0d51f40f01d10fc75800f30fc73600102e0f71e100b800008ec0640f017400aa26b9e408000066b81f6269e766ba000000000f30653e0f01c50c0cb8d09bbc8966efbafc0cedba4300ba210066ed3626f00fc70d", 0x55}], 0x1, 0x0, 0x0, 0x0) r3 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000200), 0x103881, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000080)) writev(r3, &(0x7f0000000340)=[{&(0x7f0000000140)="3751f02b82f73ccfc7c431617753f5732f765c975ebce8947e5388c4ff26fa3893119fd147a1576d9456136ab5f15493d175754e4b666e989869d01d418adc376ca22d8077c1b54bea92b5977a41d70ebcc4735ce6c012a5fe5ab7fef98e864216699a235d615ded3292397894b34a794bc14a2edfdc6978c0c97bcb02de69264d", 0x81}, {&(0x7f0000000240)="2857e5671ef0d8e3c39651a014a3a298466c68130e5b77e37f04a5cec22a4cc681c424e649ef28c1bd78afcb20e74b1ad3ac2c75e5c03189383f8e1d3e61a1", 0x3f}, {&(0x7f0000000000)="65f259", 0x3}], 0x3) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="237156a6802450c13cb564337f74b962782d5067628106c9679e84afcf0e7fb8f4c90732dca628b72e80a9afd4c64cff2f0776858012738ce6c6c9a0e6798fddf43df9b0856dbd8cb604f1b4eb2ba96c84858b9c24b90b87c12795f7b7031c5f752cb61befbb2c6f"], 0x60}}, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 57.056253815s ago: executing program 1 (id=754): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, &(0x7f0000000540)={{{@in6=@private2={0xfc, 0x2, '\x00', 0x1}, @in=@remote, 0x4e22, 0x4, 0x4e23, 0x101, 0x2, 0x0, 0x180, 0x21}, {0x3, 0x7dd8e330, 0x7, 0x4, 0x0, 0x9, 0x41c, 0x5}, {0xe, 0x8004, 0xe, 0x9}, 0x2, 0x6e6bb6, 0x0, 0x1, 0x3, 0x1}, {{@in6=@local, 0x4d4, 0x2b}, 0xa, @in6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x0, 0x2, 0x0, 0x7, 0x7, 0x1, 0x80}}, 0xf0) syz_emit_ethernet(0x6a, &(0x7f00000001c0)={@local, @dev, @void, {@ipv4={0x800, @gre={{0x6, 0x4, 0x0, 0x0, 0x5c, 0x0, 0x0, 0x0, 0x2f, 0x0, @local, @private=0xa010100, {[@timestamp={0x44, 0x4, 0x34, 0x0, 0xf}]}}}}}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000005c0)=ANY=[@ANYBLOB="740000001000210400000000fcdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="adffa8886004000024001280090001007866726d000000001400028008000100010000000800020011000000050021000000000008000a00", @ANYRES32, @ANYBLOB='\n\x00:'], 0x74}}, 0x0) ioctl$NBD_PRINT_DEBUG(0xffffffffffffffff, 0xab06) 55.386018699s ago: executing program 1 (id=757): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8401) ioctl$USBDEVFS_ALLOC_STREAMS(r0, 0x8008551c, &(0x7f0000000000)=ANY=[]) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r2, &(0x7f00000004c0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0, 0x0, &(0x7f0000000280)=[@pktinfo={{0x24, 0x29, 0x32, {@ipv4={'\x00', '\xff\xff', @local}}}}, @tclass={{0x14}}], 0x40}}], 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="2800000001070311000000000000000007000003140007"], 0x28}, 0x1, 0x0, 0x0, 0x4048054}, 0x800) fcntl$dupfd(r2, 0x0, r1) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x21c0, 0x0) r5 = fanotify_init(0x200, 0x0) fanotify_mark(r5, 0x201, 0x4800003e, r4, 0x0) unlink(&(0x7f0000000000)='./file0\x00') ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'lo\x00', 0x0}) fstat(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000001c0)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4e24, 0x64, 0x4e24, 0x0, 0xa, 0x20, 0x0, 0x16, r6, r7}, {0x5, 0x0, 0x4, 0x8, 0x5, 0x5, 0x5, 0x9}, {0x100000000, 0x101, 0x6, 0x1d}, 0xf, 0x6e6bb3, 0x1, 0x0, 0x2, 0x2}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x18}, 0x4d5, 0xff}, 0xa, @in6=@empty, 0x3505, 0x3, 0x0, 0x1, 0x1, 0x3, 0x5}}, 0xe8) 39.986726153s ago: executing program 34 (id=757): bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x206, 0x8401) ioctl$USBDEVFS_ALLOC_STREAMS(r0, 0x8008551c, &(0x7f0000000000)=ANY=[]) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) r2 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet6(r2, &(0x7f00000004c0)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c, 0x0, 0x0, &(0x7f0000000280)=[@pktinfo={{0x24, 0x29, 0x32, {@ipv4={'\x00', '\xff\xff', @local}}}}, @tclass={{0x14}}], 0x40}}], 0x1, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_ACCT_GET(r3, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=ANY=[@ANYBLOB="2800000001070311000000000000000007000003140007"], 0x28}, 0x1, 0x0, 0x0, 0x4048054}, 0x800) fcntl$dupfd(r2, 0x0, r1) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x21c0, 0x0) r5 = fanotify_init(0x200, 0x0) fanotify_mark(r5, 0x201, 0x4800003e, r4, 0x0) unlink(&(0x7f0000000000)='./file0\x00') ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)={'lo\x00', 0x0}) fstat(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$inet_IP_XFRM_POLICY(r1, 0x0, 0x11, &(0x7f00000001c0)={{{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4e24, 0x64, 0x4e24, 0x0, 0xa, 0x20, 0x0, 0x16, r6, r7}, {0x5, 0x0, 0x4, 0x8, 0x5, 0x5, 0x5, 0x9}, {0x100000000, 0x101, 0x6, 0x1d}, 0xf, 0x6e6bb3, 0x1, 0x0, 0x2, 0x2}, {{@in6=@dev={0xfe, 0x80, '\x00', 0x18}, 0x4d5, 0xff}, 0xa, @in6=@empty, 0x3505, 0x3, 0x0, 0x1, 0x1, 0x3, 0x5}}, 0xe8) 21.814690708s ago: executing program 0 (id=792): r0 = syz_open_dev$mouse(&(0x7f0000000080), 0xa0000, 0x48401) write$6lowpan_enable(r0, 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000340)="5c00000013006bcd9e3fe3dc4e48aa31086b8703140000001f03000000000000040014000d000a000d0000009ee517d34460bc08eab556a705251e6182949a3651f60a84c9f5d1938837e786a6d0bdd7fcf50e4509c5bb5a00f69853", 0x5c}], 0x1, 0x0, 0x0, 0x1f000801}, 0x0) sendmsg$kcm(r2, &(0x7f00000002c0)={0x0, 0x7, &(0x7f0000000080)=[{&(0x7f0000000300)="2e00000011008108090f9becdb4cb92e0a4831371400000069bd6efb2502eaf60d000100020400bf050005001201", 0x2e}], 0x1}, 0xc0010) listen(r1, 0xfffffffc) r3 = socket$unix(0x1, 0x2, 0x0) bind$unix(r3, &(0x7f0000000080)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r4 = socket$unix(0x1, 0x2, 0x0) connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r4, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x3ec0) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, r3, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x0, 0x0}) connect$inet(r6, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r7 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r7, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000040)=[@in={0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r7, 0x84, 0x9, &(0x7f0000000180)={r8, @in={{0x2, 0x4e24, @initdev={0xac, 0x1e, 0x0, 0x0}}}, 0x9, 0x81, 0x7, 0x6940000, 0x0, 0x9, 0x77}, 0x0) r9 = socket$nl_generic(0x10, 0x3, 0x10) r10 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r9, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r10, 0x7, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) r11 = socket$nl_generic(0x10, 0x3, 0x10) r12 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000280), r11) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r11, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000004c0)={0x30, r12, 0x1, 0x70bd2c, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x1c}}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x3}]}]}, 0x30}, 0x1, 0xff07}, 0x0) 18.129704859s ago: executing program 0 (id=794): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r2) getsockname$packet(r2, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000440)=0x14) readv(r2, &(0x7f00000000c0)=[{&(0x7f0000000500)=""/238, 0xee}], 0x1) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="480000001000050700"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000080)=@newqdisc={0x2c, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_mq={0x7}]}, 0x2c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0xec0, &(0x7f0000000200)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x0, 0x2000000, {0x0, 0x0, 0x0, r3}}, 0x24}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a300000000040000380080001400000000008000240000000002c0003801400010067656e65766530000000000000000000140001007767320000000000000000000000000048000000180a0101000b000000000000010000000900020073797a01000000000900010073797a30000000001c000380180003801400010076657468315f746f5f7465616d0000001400000010000100000000000000000055070000c4eec18284d52a5bcbbe2fb0c5e37d8832b1482003a7ceaca893248fc1b318e522a3590ce71f6dbcaa6be7a2cacaf75793cc9099f30c3a723ec8b8cd563754c9653b2f28c2b534966c4b7e33cee3cdf2846887a3968a3d2af677"], 0xfc}}, 0x0) syz_open_dev$I2C(&(0x7f0000000140), 0x6, 0x1) 16.413890785s ago: executing program 0 (id=796): syz_open_dev$video4linux(&(0x7f0000000080), 0x5d7, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x0, &(0x7f0000000280)}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x14, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}}], {0x14}}, 0x3c}}, 0x0) socket$alg(0x26, 0x5, 0x0) unshare(0x22020600) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 15.353080803s ago: executing program 0 (id=797): r0 = socket$netlink(0x10, 0x3, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) r1 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000007c0)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r2, @ANYBLOB="03000016010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0) ioctl$sock_ipv6_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f0000000000)={'syztnl2\x00', &(0x7f0000000540)={'ip6gre0\x00', r2, 0x4, 0x2, 0x9, 0x400, 0x10, @mcast2, @remote, 0x8, 0x40, 0x800}}) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000800)=@newlink={0x19c, 0x10, 0x439, 0x70bd28, 0x0, {0x0, 0x0, 0xe403, r2, 0x7948, 0x612c3}, [@IFLA_VFINFO_LIST={0x17c, 0x16, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, [@IFLA_VF_TX_RATE={0xc, 0x3, {0x4, 0x2}}, @IFLA_VF_RATE={0x10, 0x6, {0x4, 0x9, 0x7}}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x9, 0x85}}, @IFLA_VF_TRUST={0xc, 0x9, {0xfffff76b, 0x6}}]}, {0x58, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc, 0x5, {0x0, 0xff}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x0, 0x40}}, @IFLA_VF_RSS_QUERY_EN={0xc}, @IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0xf81, 0x6}}, @IFLA_VF_RATE={0x10, 0x6, {0x9, 0x401, 0x1cd0000}}, @IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x200000, 0x1}}]}, {0x14, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10, 0x2, {0xfffffff2, 0x9d3, 0x3}}]}, {0x3c, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0x6, 0xfffffffe}}, @IFLA_VF_IB_PORT_GUID={0x14, 0xb, {0x8, 0xb9}}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0x8, 0xcd4}}, @IFLA_VF_LINK_STATE={0xc, 0x5, {0x9, 0x12000}}]}, {0x68, 0x1, 0x0, 0x1, [@IFLA_VF_IB_NODE_GUID={0x14, 0xa, {0x1, 0x7}}, @IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x3, 0x42}}, @IFLA_VF_RATE={0x10, 0x6, {0x10, 0x6, 0x9}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0xffffffff, 0x5}}, @IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x5, 0x1000}}, @IFLA_VF_RATE={0x10, 0x6, {0x800, 0x9, 0x5}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x8, 0x5}}]}, {0x10, 0x1, 0x0, 0x1, [@IFLA_VF_RSS_QUERY_EN={0xc, 0x7, {0x8, 0x1}}]}, {0x1c, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc, 0x5, {0x4, 0x5}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x5, 0x4d6d3eaf}}]}, {0x4}]}]}, 0x19c}}, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000400)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c0000001000010029bd7000000000000000000053bff80d3d4041a6eed7017c64d3e307c2737ec142ee01181df135000000000000182186c8a4902e0a300638b6b36c21698a652af4607b1cceed70199be43e63adf8393bbc6b5aa48ae9549b756010ffaf4f582d17be637ce034cdf73259f6b5af727a2ad850434bc991e3d5715ac01fbf2d0011aa85bc0da4569dc4a8fedaa89b635ac019bbb9bcae8cf23cbfb3a60937d995838e21f330f2b5e04fc96ec04340fb96cbcbbcb2f51504940e14ae981c7e80f513ba9eeab4e728dd7eff3944b4285b67e101f1145ea60d72834a8dc8fa5fc3f95950ccdc0d12d79753839d7fe8", @ANYRES32=0x0, @ANYBLOB="a8210000000000001400030076657468305f766c616e000000000000180016801400018010000200ffffffff4e0a000008000000"], 0x4c}}, 0x0) 12.252728201s ago: executing program 0 (id=799): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_ifreq(r3, 0x8931, &(0x7f0000000000)={'wlan1\x00', @ifru_mtu=0x4}) ioctl$KVM_SET_MSRS(r2, 0xc008ae88, &(0x7f0000000180)=ANY=[@ANYBLOB="0100000000000000580001c0"]) r4 = syz_io_uring_setup(0x4b5, &(0x7f0000010400)={0x0, 0x86e1, 0x1, 0x8}, &(0x7f0000010080), &(0x7f0000000000)) setsockopt$IP6T_SO_SET_REPLACE(r3, 0x29, 0x40, &(0x7f00000005c0)=@nat={'nat\x00', 0x1b, 0x5, 0x628, 0x440, 0x440, 0xffffffff, 0x100, 0x218, 0x558, 0x558, 0xffffffff, 0x558, 0x558, 0x5, &(0x7f0000000540), {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x3c}, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [0xffffff00, 0x0, 0xffffff00, 0xffffff00], [0xff, 0xff000000, 0xffffffff, 0xffffff00], 'lo\x00', 'ipvlan0\x00', {}, {}, 0xc, 0x1b, 0x4, 0x93}, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x4, 0x2, 0x3, 0x0, 0x2}}]}, @common=@unspec=@AUDIT={0x28, 'AUDIT\x00', 0x0, {0x2}}}, {{@ipv6={@local, @empty, [0xff000000, 0xfffefe, 0xff0000ff, 0xffff00], [0xffffffff, 0xff, 0xff000000, 0xff], 'hsr0\x00', 'wlan0\x00', {}, {0xff}, 0x32, 0x8, 0x2, 0x18}, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@mh={{0x28}, {"c4ea"}}]}, @NETMAP={0x48, 'NETMAP\x00', 0x0, {0xb, @ipv4=@dev={0xac, 0x14, 0x14, 0x26}, @ipv4=@empty, @icmp_id=0x67, @gre_key=0x4}}}, {{@ipv6={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @local, [0xffffffff, 0xffffffff, 0xffffffff, 0xff000000], [0x0, 0xff000000, 0xff, 0xffffffff], 'syzkaller1\x00', 'team_slave_1\x00', {0x1fe}, {}, 0x88, 0x4, 0x7, 0x10}, 0x0, 0x1e0, 0x228, 0x0, {}, [@common=@rt={{0x138}, {0xcc3, [0x4, 0x5], 0x7, 0x0, 0x3, [@loopback, @loopback, @ipv4={'\x00', '\xff\xff', @local}, @loopback, @local, @ipv4={'\x00', '\xff\xff', @multicast1}, @local, @dev={0xfe, 0x80, '\x00', 0x19}, @empty, @private1={0xfc, 0x1, '\x00', 0x1}, @ipv4={'\x00', '\xff\xff', @private=0xa010101}, @empty, @dev={0xfe, 0x80, '\x00', 0x40}, @private0={0xfc, 0x0, '\x00', 0x1}, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @private2={0xfc, 0x2, '\x00', 0x1}], 0xa}}]}, @REDIRECT={0x48, 'REDIRECT\x00', 0x0, {0x2, @ipv4=@loopback, @ipv4=@local, @icmp_id=0x66, @icmp_id=0x64}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@common=@icmp6={{0x28}, {0x11, "2091"}}]}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x4, @ipv6=@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, @ipv6=@rand_addr=' \x01\x00', @gre_key=0xfff0, @gre_key=0xff}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x688) io_uring_register$IORING_REGISTER_BUFFERS(r4, 0x0, &(0x7f0000010300)=[{0x0}], 0x1) io_uring_register$IORING_REGISTER_CLONE_BUFFERS(r4, 0x1e, &(0x7f0000000140), 0x1) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r5, &(0x7f00000004c0)=[{{&(0x7f00000001c0)=@file={0x0, './file0\x00'}, 0x6e, &(0x7f0000000480)=[{&(0x7f0000000240)="5569dae6ae28377c2814d28776f779ddbf987bf13963f464413012123948a1a8b6f2cda606a020a77aaf8628421889f2dbd02bb88a64a0da90dfe28fb9dba638e1048ac1f2c307c9e20caf136a44d62bf27eb83e768f2a9a6d492f849fccd7a4aed1e768a9e33eae3ee1bbe6f1cfb56dc030dd1bda61a7f73c1ca23c6c253306cce33d4a36f51f93c06759f98e51b4b6b7cef4613f1d0501c38b6c81f50ff743f34313ee4ba64a3c121b6dfee67b1269", 0xb0}, {&(0x7f0000000300)="2213c08eac44fdc74acc7d001880191b2cd792212fe0e882b418168d4c15fde51826811252c576169a8afe44306854a5d848a347d58e638285fd0e0e397372fee9ee3f2f886657f57c158a83a4621ed8968e3a439d98939b07ee5abe8133197bc0be082a14c198bffb9a7edf75a96e95fdce04eba9424b7135072de8512bcc460332", 0x82}, {&(0x7f0000000100)="bd02c142727215580e9a38642a3d1f4abf9f0d4be90054", 0x17}, {&(0x7f00000003c0)="0e97c957e6100b90e07d0a0e821bbef31a10e04c0e1731776a861f8287f8d7e1b53a919f10618a3fee2d8d112de41120dfe680c2cb21251691db30e17b6a3532e4e6e7ec8cad00e24dda2d680a0c50688e931b550287e3f8431245e226b0d206b087ee018cb31c87f56de43c6fd4ea8c2d6ba49b25e57ab47934b4984988e2d8a9a78c5a4401f861f14855dd10ca778511b4d401a011d90526786fe14275aa3fcb71ad55343459e5d894f2931cb1e2353cbf584d82bb1cfdf31519672060", 0xbe}], 0x4, 0x0, 0x0, 0x4}}], 0x1, 0x4) socket$nl_route(0x10, 0x3, 0x0) syz_usb_connect(0x0, 0x3d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010102ae299820fc0d0100ac240102030109022b0001fffa10170904510302ffffff01090507100800060808070593ff9b"], &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) ioctl$KVM_SET_CPUID(r2, 0x4008ae8a, &(0x7f0000000c80)={0xa, 0x0, [{0x80000007, 0x6, 0x2, 0x2, 0x5}, {0x0, 0x7, 0x2, 0xffff, 0x9}, {0x2, 0x3, 0x8, 0x7, 0x7}, {0xd, 0xbf03, 0xe, 0xc, 0x4}, {0x6, 0x2, 0x7, 0x800, 0x7}, {0x4, 0x2, 0x0, 0x4, 0xb5}, {0xef5b6f2ac7948bc9, 0xfffffff7, 0x2, 0x86, 0x401}, {0x2, 0xffffffff, 0x8, 0x1, 0x2}, {0xd, 0x81e, 0x2e40, 0x2, 0x5b4321e}, {0x80000001, 0xac, 0x4000, 0x6, 0x4}]}) io_uring_register$IORING_REGISTER_IOWQ_AFF(r4, 0x11, &(0x7f0000000500)="a2f4cde1f0bffe1cf8608fbbf36fe55809a4d0c4fd2c4b1e7bae564e3dd8880a9e60", 0x22) openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x4480) 10.480413233s ago: executing program 4 (id=800): socket$can_j1939(0x1d, 0x2, 0x7) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r0, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xa004}, 0x4) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000000100)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000000c0)={'geneve0\x00', 0x0}) sendto$packet(r1, &(0x7f0000000180)="0b03f6ffe0ff64000200475400f6a13bb1000000080008004803", 0x10000, 0x0, &(0x7f0000000140)={0x11, 0x0, r2}, 0x14) socket$nl_netfilter(0x10, 0x3, 0xc) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x2, 0x300) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) creat(&(0x7f0000000080)='./file0\x00', 0x2a) socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) socket$packet(0x11, 0x3, 0x300) socket$packet(0x11, 0x3, 0x300) ioctl$AUTOFS_DEV_IOCTL_PROTOSUBVER(0xffffffffffffffff, 0xc0189373, 0x0) r4 = socket$packet(0x11, 0xa, 0x300) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000fbe000)={0x1, &(0x7f0000000100)=[{0x80000006}]}, 0x10) sendmsg$nl_route(r3, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001740)=@ipv4_delrule={0x1c, 0x21, 0x9, 0x0, 0x0, {0x2, 0x0, 0x4, 0x3, 0x0, 0x0, 0x0, 0x0, 0x2}}, 0x1c}}, 0x20000000) r5 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_X86_SETUP_MCE(r6, 0x4008ae9c, &(0x7f0000000000)={0x5c, 0x5, 0x46}) 8.996582225s ago: executing program 4 (id=801): ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc0e85667, &(0x7f00000002c0)={0x0, 0x7, "4bca716911ff2972d636cb15cf555dceb8e3c5ca6e291b881616fa2f47a88577", 0x10e2, 0x0, 0x7, 0x100000000, 0x100, 0xa2, 0x9, 0x1, [0x0, 0xf4c8, 0x1000, 0x5]}) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, 0x0, 0x0, 0xc0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a3000000000090003007379"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x9}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) socket$alg(0x26, 0x5, 0x0) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 8.108397116s ago: executing program 0 (id=802): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = syz_io_uring_setup(0x6908, &(0x7f00000006c0)={0x0, 0x2, 0x10100}, &(0x7f0000000200), &(0x7f0000000100)=0x0) syz_io_uring_setup(0x18e8, &(0x7f00000003c0)={0x0, 0x4, 0x2, 0x3}, &(0x7f0000000140)=0x0, &(0x7f00000000c0)) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r1, 0x184c, 0x0, 0x0, 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000002c0)=0x1) r4 = socket$nl_generic(0x10, 0x3, 0x10) unshare(0x2c060000) clock_adjtime(0x5, 0x0) unshare(0x30200) unshare(0x24020400) r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xfffffffffffffff5]}, 0x8, 0x80000) readv(r5, &(0x7f0000002940)=[{&(0x7f0000000000)=""/121, 0xd3}, {0x0, 0xa}], 0x20000000000000d6) setsockopt$inet6_int(r5, 0x29, 0x4a, &(0x7f0000000040)=0x1, 0x4) unshare(0x4060000) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) sendmsg$nl_generic(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000440)=ANY=[@ANYBLOB="1c0000001000010700000000000000000a00000006000100160000001ed4f844ae4bed33fb112b1614c897b687c5aa9306a414628577ac649d01ef5beffe89d287bf67b635695a7dc15a0886d1544f72c4ca8b3410fcd810a40723cd31982a3743ab5b3d5c3a59fd0108f1a41764184070a7690533f85936cf6033142989ebf7c6c4dbf2d03cc585f85f4f696455d60344"], 0x1c}}, 0x0) 6.907870322s ago: executing program 4 (id=803): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000940)={0xffffffffffffffff, 0xffffffffffffffff}) writev(r1, &(0x7f0000000400)=[{&(0x7f0000000100)="92", 0x1}], 0x1) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r3, 0x0, r4, 0x0, 0xf3a, 0x0) close(r1) splice(r0, 0x0, r4, 0x0, 0x1, 0x4) write(r2, 0x0, 0x0) 6.041696978s ago: executing program 4 (id=804): mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) r0 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000000)={0x9}, 0x3c33) write(r0, &(0x7f00000000c0)="240000001e005f0214fffffffffffff80700000001000000000000000500080002000000", 0x24) set_robust_list(&(0x7f0000000140)={0x0, 0x7}, 0x18) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_SET_OPTION(r2, &(0x7f0000000140)={0xe, 0x18, 0xfa00, @id_resuseaddr={&(0x7f0000000180), r3, 0x0, 0x1, 0x4}}, 0x20) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000340), 0xffffffffffffffff) r5 = socket$inet_dccp(0x2, 0x6, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000140)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r1, &(0x7f0000000080)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000040)={&(0x7f0000000780)={0x224, r4, 0x400, 0x70bd29, 0x25dfdbfd, {{}, {@void, @val={0xc, 0x99, {0x1, 0x5}}}}, [@NL80211_ATTR_DONT_WAIT_FOR_ACK={0x4}, @NL80211_ATTR_FRAME={0x1f2, 0x33, @probe_request={{{0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1}, {0xb}, @device_b, @device_a, @from_mac, {0x3, 0x8}, @value=@ver_80211n={0x0, 0x3, 0x2, 0x3, 0x0, 0x1, 0x1, 0x0, 0x0, 0x1}}, @void, @val={0x1, 0x8, [{0x26, 0x1}, {0x48}, {0x9, 0x1}, {0x48}, {0x1, 0x1}, {0x30, 0x1}, {0x48}, {0xb, 0x1}]}, @val={0x3, 0x1, 0xb9}, @val={0x2d, 0x1a, {0x2, 0x0, 0x3, 0x0, {0x78a5, 0x9, 0x0, 0x3, 0x0, 0x0, 0x1, 0x1, 0x1}, 0x8, 0x7, 0x6}}, @void, [{0xdd, 0xc, "12cee01a8028a22ed6572e4f"}, {0xdd, 0x25, "a6701715eeecba8a235bb69650e10ac40705ac739dac0e315daae3ba4567fbff6bc70026c3"}, {0xdd, 0x66, "eb316df4071f6416e26e7d1ba983f6a081f71f029da31dac712b04424b22acfac97004ebbdcf00656df7ec3cb73f5ea00dfc8a278af3b935c27ffde5beeb96403c1da015d5793505c7d9a74cb3b14d61451ff1110270061c6c79dc781f515e9dd1d951ae3569"}, {0xdd, 0xc, "ecfcd1c11dd206e9fb0a3413"}, {0xdd, 0xb9, "0dc09f794a90172cfe9df54e5849148942f3de26396127fd80ebdaf8e30b756fb688027d9b79a1c8a1cd36e085144246cb4e1020bff33365e03047bfa2716b507491df710707851333d1f15c3f1287cf676fd7e6845553e5c4178b85c7c2dc11313a244011ad1eecd708d5034f5472a7a565ff79baf26af87f795bbfd3c0cf0398daed50ee33ce3211019a178666efbd300be6537e9cf14071428a054f91b72f048c6a9617e0b34e4eeebd457246a26d6211a6b4f79df1dd45"}, {0xdd, 0x41, "ba2b226d33e6ca610731e5e7ebbf8a8c96eab29ee6ec327f0c19e69b3067807e69de542f859525abbe287af132b2f1fecc1f4c44d1ec6cb6f2f5057f89d1966de5"}]}}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}, @NL80211_ATTR_TX_NO_CCK_RATE={0x4}, @NL80211_ATTR_OFFCHANNEL_TX_OK={0x4}]}, 0x224}, 0x1, 0x0, 0x0, 0x4000080}, 0x4008004) r7 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x146b, 0x902, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r7, 0x0, 0x0) syz_usb_control_io(r7, &(0x7f0000000580)={0x2c, &(0x7f0000000200)={0x20, 0x25, 0x81, {0x81, 0x32, "2657649857b73e08007601c6a0adf57b995f1ebb07b9d03ebab4d586075e7f1bafcd5914468f44fa63d48b9475665dfc20d512001a6ba4996a7cc2c51cf1a304000000000000002d5abd9ff7a33a1f19a07a81002b344b8fe1d59fec6d641ee6264f4833c6e5e8d30d29a9df4ebdeb1835357780f12f766d9018aa7496b6da"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) sendmsg$NL80211_CMD_FRAME_WAIT_CANCEL(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x1c, r4, 0x1, 0x0, 0x0, {{0x38}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}, 0x1, 0x0, 0x0, 0x600d0}, 0x0) r8 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r8) ptrace$setregs(0xd, r8, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4204, r8, 0x1, &(0x7f0000000740)={0x0}) 1.450210275s ago: executing program 4 (id=805): ioctl$VIDIOC_QUERY_EXT_CTRL(0xffffffffffffffff, 0xc0e85667, &(0x7f00000002c0)={0x0, 0x7, "4bca716911ff2972d636cb15cf555dceb8e3c5ca6e291b881616fa2f47a88577", 0x10e2, 0x0, 0x7, 0x100000000, 0x100, 0xa2, 0x9, 0x1, [0x0, 0xf4c8, 0x1000, 0x5]}) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) sendmmsg$inet(r0, 0x0, 0x0, 0xc0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x58, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_EXPRESSIONS={0x2c, 0x4, 0x0, 0x1, [{0x28, 0x1, 0x0, 0x1, @ct={{0x7}, @val={0x1c, 0x2, 0x0, 0x1, [@NFTA_CT_DREG={0x8, 0x1, 0x1, 0x0, 0x2}, @NFTA_CT_KEY={0x8, 0x2, 0x1, 0x0, 0x9}, @NFTA_CT_DIRECTION={0x5}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x80}}, 0x0) socket$alg(0x26, 0x5, 0x0) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) 0s ago: executing program 4 (id=806): syz_open_dev$video4linux(&(0x7f0000000080), 0x5d7, 0x0) r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x0, &(0x7f0000000280)}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, 0x0, 0x0) socket$netlink(0x10, 0x3, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0xfffe}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x54}}, 0x0) socket$alg(0x26, 0x5, 0x0) unshare(0x22020600) sendto$inet(r0, &(0x7f00000012c0)="09268a927f1f6588b967481241ba7860fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88fecf90b1a7511bf746bec66ba", 0x20c8, 0x11, 0x0, 0x27) kernel console output (not intermixed with test programs): om the descriptor's value: 2 [ 196.919971][ T5834] usb 5-1: New USB device found, idVendor=0cf2, idProduct=6250, bcdDevice=10.ae [ 196.934459][ T974] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 196.987383][ T24] usb 4-1: New USB device found, idVendor=0e41, idProduct=4147, bcdDevice=99.14 [ 197.007518][ T5834] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.049440][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 197.057545][ T24] usb 4-1: Product: syz [ 197.069134][ T974] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 197.078261][ T974] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.086373][ T5834] usb 5-1: Product: syz [ 197.129125][ T5834] usb 5-1: Manufacturer: syz [ 197.133817][ T5834] usb 5-1: SerialNumber: syz [ 197.148671][ T24] usb 4-1: Manufacturer: syz [ 197.195204][ T5834] usb 5-1: config 0 descriptor?? [ 197.224989][ T24] usb 4-1: SerialNumber: syz [ 197.250247][ T974] hub 1-1:1.0: bad descriptor, ignoring hub [ 197.256250][ T974] hub 1-1:1.0: probe with driver hub failed with error -5 [ 197.268126][ T5834] ums_eneub6250 5-1:0.0: USB Mass Storage device detected [ 197.361560][ T974] cdc_wdm 1-1:1.0: skipping garbage [ 197.369429][ T974] cdc_wdm 1-1:1.0: skipping garbage [ 197.374754][ T974] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 197.509151][ T5879] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 197.548226][T12285] Option '[y$ [ 197.548226][T12285] >ڎTkS@SVfhJ' to dns_resolver key: bad/missing value [ 197.706161][ T24] snd_usb_toneport 4-1:244.162: Line 6 TonePort GX found [ 197.797657][ T5879] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 197.853736][ T974] usb 1-1: USB disconnect, device number 30 [ 197.887477][ T24] usb 4-1: selecting invalid altsetting 2 [ 198.018999][ T24] snd_usb_toneport 4-1:244.162: set_interface failed [ 198.049102][ T5879] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid wMaxPacketSize 0 [ 198.159119][ T24] snd_usb_toneport 4-1:244.162: Line 6 TonePort GX now disconnected [ 198.201858][ T5879] usb 3-1: config 0 interface 0 has no altsetting 0 [ 198.304288][ T24] snd_usb_toneport 4-1:244.162: probe with driver snd_usb_toneport failed with error -22 [ 198.305102][ T5879] usb 3-1: New USB device found, idVendor=06a3, idProduct=0621, bcdDevice= 0.00 [ 198.409249][ T974] usb 1-1: new full-speed USB device number 31 using dummy_hcd [ 198.572668][ T24] usb 4-1: USB disconnect, device number 25 [ 198.615597][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.810081][ T974] usb 1-1: device descriptor read/all, error -71 [ 199.055370][ T5879] usb 3-1: config 0 descriptor?? [ 199.213633][ T977] usb 5-1: USB disconnect, device number 29 [ 199.611706][ T5879] saitek 0003:06A3:0621.0004: unknown main item tag 0x3 [ 199.787546][ T5879] saitek 0003:06A3:0621.0004: hidraw0: USB HID v0.00 Device [HID 06a3:0621] on usb-dummy_hcd.2-1/input0 [ 200.020036][ T5881] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 200.365213][ T5881] usb 2-1: unable to get BOS descriptor or descriptor too short [ 200.422132][ T5881] usb 2-1: config 63 has an invalid interface number: 66 but max is 0 [ 200.501971][ T5881] usb 2-1: config 63 has an invalid descriptor of length 0, skipping remainder of the config [ 200.588102][ T9] usb 3-1: USB disconnect, device number 22 [ 200.653208][ T5881] usb 2-1: config 63 has no interface number 0 [ 200.757158][ T5881] usb 2-1: config 63 interface 66 has no altsetting 0 [ 200.865668][ T5881] usb 2-1: New USB device found, idVendor=174f, idProduct=8a31, bcdDevice=39.f4 [ 200.908268][T12323] FAULT_INJECTION: forcing a failure. [ 200.908268][T12323] name failslab, interval 1, probability 0, space 0, times 0 [ 200.960240][ T5881] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.029803][T12324] netlink: 'syz.4.471': attribute type 21 has an invalid length. [ 201.035374][ T5881] usb 2-1: Product: syz [ 201.113388][ T5881] usb 2-1: Manufacturer: syz [ 201.149171][T12324] netlink: 132 bytes leftover after parsing attributes in process `syz.4.471'. [ 201.158274][ T5881] usb 2-1: SerialNumber: syz [ 201.209071][T12323] CPU: 1 UID: 0 PID: 12323 Comm: syz.2.472 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) [ 201.209103][T12323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 201.209116][T12323] Call Trace: [ 201.209123][T12323] [ 201.209131][T12323] dump_stack_lvl+0x241/0x360 [ 201.209165][T12323] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.209191][T12323] ? __pfx__printk+0x10/0x10 [ 201.209218][T12323] ? __pfx___might_resched+0x10/0x10 [ 201.209241][T12323] should_fail_ex+0x424/0x570 [ 201.209272][T12323] should_failslab+0xac/0x100 [ 201.209298][T12323] __kmalloc_noprof+0xdf/0x4d0 [ 201.209324][T12323] ? tomoyo_encode+0x26f/0x540 [ 201.209356][T12323] tomoyo_encode+0x26f/0x540 [ 201.209387][T12323] tomoyo_realpath_from_path+0x59e/0x5e0 [ 201.209424][T12323] tomoyo_path_number_perm+0x245/0x790 [ 201.209459][T12323] ? tomoyo_path_number_perm+0x215/0x790 [ 201.209485][T12323] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 201.209513][T12323] ? ksys_write+0x24e/0x2d0 [ 201.209539][T12323] ? __lock_acquire+0xad5/0xd80 [ 201.209580][T12323] ? __fget_files+0x2a/0x420 [ 201.209608][T12323] ? __fget_files+0x2a/0x420 [ 201.209638][T12323] ? __fget_files+0x2a/0x420 [ 201.209670][T12323] security_file_ioctl+0xc6/0x2a0 [ 201.209694][T12323] __se_sys_ioctl+0x46/0x160 [ 201.209718][T12323] do_syscall_64+0xf3/0x230 [ 201.209747][T12323] ? clear_bhb_loop+0x45/0xa0 [ 201.209771][T12323] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.209790][T12323] RIP: 0033:0x7f7ea9f8d169 [ 201.209808][T12323] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.209826][T12323] RSP: 002b:00007f7eaad24038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 201.209848][T12323] RAX: ffffffffffffffda RBX: 00007f7eaa1a5fa0 RCX: 00007f7ea9f8d169 [ 201.209864][T12323] RDX: 0000200000000000 RSI: 00000000c0105500 RDI: 0000000000000005 [ 201.209878][T12323] RBP: 00007f7eaad24090 R08: 0000000000000000 R09: 0000000000000000 [ 201.209891][T12323] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.209903][T12323] R13: 0000000000000000 R14: 00007f7eaa1a5fa0 R15: 00007f7eaa2cfa28 [ 201.209929][T12323] [ 201.209947][T12323] ERROR: Out of memory at tomoyo_realpath_from_path. [ 201.564538][T12330] netlink: 36 bytes leftover after parsing attributes in process `syz.4.471'. [ 201.624537][T12331] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 201.651243][T12330] netlink: 16 bytes leftover after parsing attributes in process `syz.4.471'. [ 201.797326][T12330] netlink: 36 bytes leftover after parsing attributes in process `syz.4.471'. [ 201.935342][T12331] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 201.989539][T12330] netlink: 36 bytes leftover after parsing attributes in process `syz.4.471'. [ 202.262883][ T5881] usb 2-1: Found UVC 0.07 device syz (174f:8a31) [ 202.346347][ T5881] usb 2-1: No valid video chain found. [ 202.369084][ T5906] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 202.459151][ T5881] usb 2-1: USB disconnect, device number 24 [ 202.631108][ T5906] usb 1-1: device descriptor read/64, error -71 [ 202.880080][ T5906] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 203.209690][ T5906] usb 1-1: device descriptor read/64, error -71 [ 203.429252][ T5906] usb usb1-port1: attempt power cycle [ 203.688566][ T974] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 203.849139][ T24] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 203.979227][ T5906] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 204.008033][ T974] usb 5-1: Using ep0 maxpacket: 32 [ 204.051201][ T974] usb 5-1: config 244 has an invalid interface number: 162 but max is 0 [ 204.076708][ T5906] usb 1-1: device descriptor read/8, error -71 [ 204.100942][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 204.115314][ T24] usb 3-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 204.138382][ T974] usb 5-1: config 244 has no interface number 0 [ 204.175543][ T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 204.215348][ T974] usb 5-1: config 244 interface 162 has no altsetting 0 [ 204.257979][ T24] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 204.284338][ T974] usb 5-1: New USB device found, idVendor=0e41, idProduct=4147, bcdDevice=99.14 [ 204.335866][ T974] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.369356][ T5906] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 204.377124][ T24] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 204.428537][ T974] usb 5-1: Product: syz [ 204.453715][ T974] usb 5-1: Manufacturer: syz [ 204.460954][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 204.469534][ T5906] usb 1-1: device descriptor read/8, error -71 [ 204.493070][ T974] usb 5-1: SerialNumber: syz [ 204.573001][ T24] hub 3-1:1.0: bad descriptor, ignoring hub [ 204.598106][ T24] hub 3-1:1.0: probe with driver hub failed with error -5 [ 204.609023][ T5906] usb usb1-port1: unable to enumerate USB device [ 204.662375][ T24] cdc_wdm 3-1:1.0: skipping garbage [ 204.709050][ T24] cdc_wdm 3-1:1.0: skipping garbage [ 204.737844][ T24] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22 [ 204.756075][T12388] Option '[y$ [ 204.756075][T12388] >ڎTkS@SVfhJ' to dns_resolver key: bad/missing value [ 204.834113][ T974] snd_usb_toneport 5-1:244.162: Line 6 TonePort GX found [ 204.889567][ T974] usb 5-1: selecting invalid altsetting 2 [ 204.900189][ T974] snd_usb_toneport 5-1:244.162: set_interface failed [ 204.908047][ T974] snd_usb_toneport 5-1:244.162: Line 6 TonePort GX now disconnected [ 204.917381][ T974] snd_usb_toneport 5-1:244.162: probe with driver snd_usb_toneport failed with error -22 [ 204.938779][ T974] usb 5-1: USB disconnect, device number 30 [ 205.029979][ T24] usb 3-1: USB disconnect, device number 23 [ 205.386471][T12410] netlink: 'syz.0.487': attribute type 21 has an invalid length. [ 205.400183][ T24] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 205.403484][T12410] netlink: 132 bytes leftover after parsing attributes in process `syz.0.487'. [ 205.532826][T12417] netlink: 36 bytes leftover after parsing attributes in process `syz.0.487'. [ 205.557914][T12417] netlink: 16 bytes leftover after parsing attributes in process `syz.0.487'. [ 205.581326][ T24] usb 3-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 205.593473][T12417] netlink: 36 bytes leftover after parsing attributes in process `syz.0.487'. [ 205.616183][ T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 205.636410][T12417] netlink: 36 bytes leftover after parsing attributes in process `syz.0.487'. [ 205.662773][ T24] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 205.684855][T12421] tipc: Started in network mode [ 205.704793][T12421] tipc: Node identity 4, cluster identity 4711 [ 205.719958][ T24] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 205.733151][T12421] tipc: Node number set to 4 [ 205.741552][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 205.773149][ T24] hub 3-1:1.0: bad descriptor, ignoring hub [ 205.784511][ T24] hub 3-1:1.0: probe with driver hub failed with error -5 [ 205.796160][ T24] cdc_wdm 3-1:1.0: skipping garbage [ 205.808457][ T24] cdc_wdm 3-1:1.0: skipping garbage [ 205.817191][ T24] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22 [ 206.079445][ T5906] usb 3-1: USB disconnect, device number 24 [ 206.129188][ T24] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 206.279106][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 206.286181][ T24] usb 1-1: config 0 has an invalid interface number: 231 but max is 0 [ 206.295409][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 206.306212][ T24] usb 1-1: config 0 has no interface number 0 [ 206.312768][ T24] usb 1-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 206.323749][ T24] usb 1-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 206.347168][ T24] usb 1-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 206.358442][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.373001][ T24] usb 1-1: Product: syz [ 206.377477][ T24] usb 1-1: Manufacturer: syz [ 206.383046][ T24] usb 1-1: SerialNumber: syz [ 206.391292][ T24] usb 1-1: config 0 descriptor?? [ 206.397596][T12428] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 206.409798][ T24] usb-storage 1-1:0.231: USB Mass Storage device detected [ 206.621935][ T9] usb 1-1: USB disconnect, device number 37 [ 206.879177][ T24] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 207.127282][ T24] usb 5-1: config 0 has an invalid interface number: 249 but max is 0 [ 207.184757][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 207.301935][ T24] usb 5-1: config 0 has no interface number 0 [ 207.372814][ T24] usb 5-1: config 0 interface 249 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 207.560176][ T24] usb 5-1: config 0 interface 249 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 0 [ 207.839185][ T24] usb 5-1: config 0 interface 249 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 208.089162][ T9] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 208.140522][ T24] usb 5-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 208.285627][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 208.449048][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 208.559506][ T9] usb 1-1: config 244 has an invalid interface number: 162 but max is 0 [ 208.632605][ T24] usb 5-1: config 0 descriptor?? [ 208.709041][ T9] usb 1-1: config 244 has no interface number 0 [ 208.789173][ T24] port100 5-1:0.249: NFC: Could not find bulk-in or bulk-out endpoint [ 208.856763][ T9] usb 1-1: config 244 interface 162 has no altsetting 0 [ 209.131315][ T9] usb 1-1: New USB device found, idVendor=0e41, idProduct=4147, bcdDevice=99.14 [ 209.584889][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.789416][ T9] usb 1-1: Product: syz [ 209.937768][ T9] usb 1-1: Manufacturer: syz [ 210.105811][ T9] usb 1-1: SerialNumber: syz [ 210.659895][T12531] Option '[y$ [ 210.659895][T12531] >ڎTkS@SVfhJ' to dns_resolver key: bad/missing value [ 211.179210][ T5879] usb 5-1: USB disconnect, device number 31 [ 211.202241][ T9] snd_usb_toneport 1-1:244.162: Line 6 TonePort GX found [ 211.433666][ T9] usb 1-1: selecting invalid altsetting 2 [ 211.629243][ T9] snd_usb_toneport 1-1:244.162: set_interface failed [ 211.743758][ T9] snd_usb_toneport 1-1:244.162: Line 6 TonePort GX now disconnected [ 212.039258][ T9] snd_usb_toneport 1-1:244.162: probe with driver snd_usb_toneport failed with error -22 [ 212.375170][ T9] usb 1-1: USB disconnect, device number 38 [ 212.769124][T13129] netlink: 'syz.0.502': attribute type 21 has an invalid length. [ 213.123382][T13129] netlink: 132 bytes leftover after parsing attributes in process `syz.0.502'. [ 213.409479][T13258] netlink: 36 bytes leftover after parsing attributes in process `syz.0.502'. [ 213.842077][T13258] netlink: 16 bytes leftover after parsing attributes in process `syz.0.502'. [ 214.149479][T13258] netlink: 36 bytes leftover after parsing attributes in process `syz.0.502'. [ 214.352539][T13258] netlink: 36 bytes leftover after parsing attributes in process `syz.0.502'. [ 214.789091][ T974] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 215.129090][ T974] usb 3-1: Using ep0 maxpacket: 8 [ 215.314221][ T974] usb 3-1: config 1 has an invalid descriptor of length 100, skipping remainder of the config [ 215.653936][ T974] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 215.880055][ T974] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 216.196742][ T974] usb 3-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 216.374904][ T974] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 216.586175][ T974] hub 3-1:1.0: bad descriptor, ignoring hub [ 216.727875][ T974] hub 3-1:1.0: probe with driver hub failed with error -5 [ 216.945479][ T974] cdc_wdm 3-1:1.0: skipping garbage [ 217.059005][ T974] cdc_wdm 3-1:1.0: skipping garbage [ 217.064304][ T974] cdc_wdm 3-1:1.0: probe with driver cdc_wdm failed with error -22 [ 217.576386][ T974] usb 3-1: USB disconnect, device number 25 [ 218.389081][ T5906] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 218.619133][ T974] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 218.639039][ T5906] usb 4-1: Using ep0 maxpacket: 32 [ 218.713522][ T5906] usb 4-1: config 0 has an invalid interface number: 231 but max is 0 [ 218.819072][ T5906] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 218.879488][ T5884] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 218.938303][ T5906] usb 4-1: config 0 has no interface number 0 [ 219.009519][ T974] usb 5-1: config 0 has an invalid interface number: 249 but max is 0 [ 219.019024][ T5881] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 219.040881][ T5906] usb 4-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 219.119270][ T974] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 219.135534][ T5884] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 219.189140][ T5906] usb 4-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 219.229034][ T5884] usb 1-1: config 0 has no interface number 0 [ 219.235217][ T5884] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 219.287340][ T974] usb 5-1: config 0 has no interface number 0 [ 219.350343][ T974] usb 5-1: config 0 interface 249 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 219.396873][ T5906] usb 4-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 219.469199][ T5881] usb 3-1: Using ep0 maxpacket: 32 [ 219.478110][ T5884] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 219.488091][ T974] usb 5-1: config 0 interface 249 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 0 [ 219.512774][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.608144][ T5884] usb 1-1: New USB device found, idVendor=041e, idProduct=2801, bcdDevice= 0.00 [ 219.629245][ T974] usb 5-1: config 0 interface 249 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 219.637483][ T5881] usb 3-1: config 244 has an invalid interface number: 162 but max is 0 [ 219.687921][ T5906] usb 4-1: Product: syz [ 219.730467][ T5906] usb 4-1: Manufacturer: syz [ 219.769100][ T5884] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 219.837869][ T5906] usb 4-1: SerialNumber: syz [ 219.850440][ T974] usb 5-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 219.864486][ T5881] usb 3-1: config 244 has no interface number 0 [ 219.935302][ T5884] usb 1-1: config 0 descriptor?? [ 219.955551][ T5906] usb 4-1: config 0 descriptor?? [ 220.009347][ T5881] usb 3-1: config 244 interface 162 has no altsetting 0 [ 220.049339][ T5881] usb 3-1: New USB device found, idVendor=0e41, idProduct=4147, bcdDevice=99.14 [ 220.119405][ T974] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.158736][ T5881] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.167172][T13741] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 220.353431][ T5906] usb-storage 4-1:0.231: USB Mass Storage device detected [ 220.355049][ T5881] usb 3-1: Product: syz [ 220.410185][ T974] usb 5-1: config 0 descriptor?? [ 220.542950][ T974] port100 5-1:0.249: NFC: Could not find bulk-in or bulk-out endpoint [ 220.559485][ T5881] usb 3-1: Manufacturer: syz [ 220.564143][ T5881] usb 3-1: SerialNumber: syz [ 220.729958][ T5884] prodikeys 0003:041E:2801.0005: unknown main item tag 0x4 [ 220.953892][T13839] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 220.965501][ T5906] usb 4-1: USB disconnect, device number 26 [ 221.028891][T13839] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 221.039206][ T5884] prodikeys 0003:041E:2801.0005: hidraw0: USB HID v0.00 Device [HID 041e:2801] on usb-dummy_hcd.0-1/input1 [ 221.222382][ T5881] snd_usb_toneport 3-1:244.162: Line 6 TonePort GX found [ 221.408178][ T5884] hid_prodikeys: hid-prodikeys: failed to find output report [ 221.408178][ T5884] [ 221.709016][ T5881] usb 3-1: selecting invalid altsetting 2 [ 221.888746][ T5884] usb 1-1: USB disconnect, device number 39 [ 221.938171][ T5881] snd_usb_toneport 3-1:244.162: set_interface failed [ 222.062476][T14071] netlink: 'syz.1.516': attribute type 21 has an invalid length. [ 222.109520][ T5881] snd_usb_toneport 3-1:244.162: Line 6 TonePort GX now disconnected [ 222.189759][ T5881] snd_usb_toneport 3-1:244.162: probe with driver snd_usb_toneport failed with error -22 [ 222.235319][T14071] netlink: 132 bytes leftover after parsing attributes in process `syz.1.516'. [ 222.346515][ T9] usb 5-1: USB disconnect, device number 32 [ 222.501105][ T5881] usb 3-1: USB disconnect, device number 26 [ 222.813941][T14086] netlink: 36 bytes leftover after parsing attributes in process `syz.1.516'. [ 222.929071][T14086] netlink: 16 bytes leftover after parsing attributes in process `syz.1.516'. [ 222.938021][T14086] netlink: 36 bytes leftover after parsing attributes in process `syz.1.516'. [ 223.109350][T14086] netlink: 36 bytes leftover after parsing attributes in process `syz.1.516'. [ 224.402789][ T9] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 224.790457][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 224.850545][ T9] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 225.099598][ T9] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 225.221797][ T9] usb 1-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 225.309223][ T5884] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 225.462428][ T9] usb 1-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 225.605232][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 225.721257][ T5884] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 225.968492][ T9] hub 1-1:1.0: bad descriptor, ignoring hub [ 226.022133][ T5884] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 226.222454][ T9] hub 1-1:1.0: probe with driver hub failed with error -5 [ 226.339407][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 226.344675][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 226.402656][ T5884] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 226.423561][ T9] cdc_wdm 1-1:1.0: skipping garbage [ 226.428853][ T9] cdc_wdm 1-1:1.0: probe with driver cdc_wdm failed with error -22 [ 226.589596][ T5884] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 226.819486][ T9] usb 1-1: USB disconnect, device number 40 [ 226.885631][ T5884] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 226.952449][ T5884] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 226.961240][ T5884] usb 5-1: Manufacturer: syz [ 227.302197][ T5884] usb 5-1: config 0 descriptor?? [ 227.405182][ T5906] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 227.439672][ T9] usb 1-1: new full-speed USB device number 41 using dummy_hcd [ 227.619037][ T5906] usb 3-1: Using ep0 maxpacket: 32 [ 227.689100][ T24] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 227.759336][ T5906] usb 3-1: config 0 has an invalid interface number: 231 but max is 0 [ 227.820509][ T30] audit: type=1400 audit(1742944465.712:467): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F04 [ 227.861272][ T5884] appleir 0003:05AC:8243.0006: unknown main item tag 0x0 [ 227.976302][ T5906] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 228.079077][ T5906] usb 3-1: config 0 has no interface number 0 [ 228.085263][ T5906] usb 3-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 228.165661][ T24] usb 2-1: config 0 has an invalid interface number: 249 but max is 0 [ 228.209046][ T5906] usb 3-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 228.239256][ T24] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 228.318172][ T24] usb 2-1: config 0 has no interface number 0 [ 228.400602][ T24] usb 2-1: config 0 interface 249 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 228.424096][ T5906] usb 3-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 228.509250][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.517318][ T5906] usb 3-1: Product: syz [ 228.529306][ T9] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 228.538856][ T24] usb 2-1: config 0 interface 249 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 0 [ 228.679140][ T24] usb 2-1: config 0 interface 249 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 228.708056][ T5906] usb 3-1: Manufacturer: syz [ 228.835688][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 228.843243][ T5906] usb 3-1: SerialNumber: syz [ 228.934066][ T5906] usb 3-1: config 0 descriptor?? [ 228.952730][ T9] usb 1-1: config 244 has an invalid interface number: 162 but max is 0 [ 228.977365][ T24] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 229.028078][ T9] usb 1-1: config 244 has no interface number 0 [ 229.046261][T14487] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 229.050949][ T9] usb 1-1: config 244 interface 162 has no altsetting 0 [ 229.070083][ T9] usb 1-1: New USB device found, idVendor=0e41, idProduct=4147, bcdDevice=99.14 [ 229.101204][ T5906] usb-storage 3-1:0.231: USB Mass Storage device detected [ 229.133846][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.152386][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.216160][ T24] usb 2-1: config 0 descriptor?? [ 229.263264][ T5884] appleir 0003:05AC:8243.0006: No inputs registered, leaving [ 229.272062][ T9] usb 1-1: Product: syz [ 229.276277][ T9] usb 1-1: Manufacturer: syz [ 229.283108][ T24] port100 2-1:0.249: NFC: Could not find bulk-in or bulk-out endpoint [ 229.362165][ T5884] appleir 0003:05AC:8243.0006: hiddev0,hidraw0: USB HID v0.00 Device [syz] on usb-dummy_hcd.4-1/input0 [ 229.421261][ T9] usb 1-1: SerialNumber: syz [ 229.789726][ T9] snd_usb_toneport 1-1:244.162: Line 6 TonePort GX found [ 229.856776][ T9] usb 1-1: selecting invalid altsetting 2 [ 229.936585][ T5906] usb 3-1: USB disconnect, device number 27 [ 229.985880][ T9] snd_usb_toneport 1-1:244.162: set_interface failed [ 230.065842][ T5884] usb 5-1: USB disconnect, device number 33 [ 230.078790][ T9] snd_usb_toneport 1-1:244.162: Line 6 TonePort GX now disconnected [ 230.199683][ T9] snd_usb_toneport 1-1:244.162: probe with driver snd_usb_toneport failed with error -22 [ 230.584879][ T9] usb 1-1: USB disconnect, device number 42 [ 230.876125][ T5906] usb 2-1: USB disconnect, device number 25 [ 231.193388][T14812] netlink: 'syz.4.534': attribute type 21 has an invalid length. [ 231.379104][T14812] netlink: 132 bytes leftover after parsing attributes in process `syz.4.534'. [ 231.860987][T14812] netlink: 36 bytes leftover after parsing attributes in process `syz.4.534'. [ 232.079080][T14812] netlink: 16 bytes leftover after parsing attributes in process `syz.4.534'. [ 232.492509][T14812] netlink: 36 bytes leftover after parsing attributes in process `syz.4.534'. [ 232.529440][ T5906] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 232.719625][T14812] netlink: 36 bytes leftover after parsing attributes in process `syz.4.534'. [ 233.047249][ T5906] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 233.335252][ T5906] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 233.623552][ T5906] usb 3-1: config 4 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 233.849251][ T5906] usb 3-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xDC, changing to 0x8C [ 234.036627][ T5906] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x8C has invalid maxpacket 63987, setting to 1024 [ 234.138680][ T5906] usb 3-1: config 4 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 1024 [ 234.151643][ T5906] usb 3-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 234.181532][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.298997][ T5906] usb 3-1: Product: syz [ 234.361772][ T5906] usb 3-1: Manufacturer: syz [ 234.450219][ T5906] usb 3-1: SerialNumber: syz [ 234.563642][T14883] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 234.722967][ T5906] usb 3-1: ucan: probing device on interface #0 [ 234.774680][ T5906] usb 3-1: ucan: invalid out_ep MaxPacketSize [ 234.909400][ T5906] usb 3-1: ucan: probe failed; try to update the device firmware [ 235.108575][ T5906] usb 3-1: USB disconnect, device number 28 [ 235.109071][ T977] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 235.549066][ T977] usb 5-1: Using ep0 maxpacket: 8 [ 235.619558][ T977] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 235.919023][ T977] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 235.928028][ T977] usb 5-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 236.134027][ T977] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 236.144431][ T977] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.246636][ T977] hub 5-1:1.0: bad descriptor, ignoring hub [ 236.267154][ T977] hub 5-1:1.0: probe with driver hub failed with error -5 [ 236.359617][ T977] cdc_wdm 5-1:1.0: skipping garbage [ 236.364911][ T977] cdc_wdm 5-1:1.0: skipping garbage [ 236.442898][ T977] cdc_wdm 5-1:1.0: skipping garbage [ 236.448289][ T977] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 236.689230][T15284] tipc: Enabling of bearer rejected, failed to enable media [ 236.889877][ T977] usb 5-1: USB disconnect, device number 34 [ 237.137642][T15328] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.544'. [ 237.152324][ T5834] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 237.386502][T15284] netlink: 16402 bytes leftover after parsing attributes in process `syz.0.544'. [ 237.449115][ T977] usb 5-1: new full-speed USB device number 35 using dummy_hcd [ 237.499035][ T5834] usb 3-1: Using ep0 maxpacket: 32 [ 237.600540][ T5834] usb 3-1: config 244 has an invalid interface number: 162 but max is 0 [ 237.749006][ T5834] usb 3-1: config 244 has no interface number 0 [ 237.855494][ T5834] usb 3-1: config 244 interface 162 has no altsetting 0 [ 237.909091][ T977] usb 5-1: device not accepting address 35, error -71 [ 237.999602][ T5834] usb 3-1: New USB device found, idVendor=0e41, idProduct=4147, bcdDevice=99.14 [ 238.008805][ T5834] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.186187][ T5906] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 238.329343][ T5834] usb 3-1: Product: syz [ 238.333601][ T5834] usb 3-1: Manufacturer: syz [ 238.559189][ T5834] usb 3-1: SerialNumber: syz [ 238.683789][ T977] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 238.752379][ T5906] usb 2-1: config 0 has an invalid interface number: 249 but max is 0 [ 238.899095][ T977] usb 5-1: Using ep0 maxpacket: 32 [ 238.936842][ T977] usb 5-1: config 0 has an invalid interface number: 231 but max is 0 [ 238.965809][ T5906] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 238.979009][ T977] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 239.002087][ T5834] snd_usb_toneport 3-1:244.162: Line 6 TonePort GX found [ 239.068997][ T977] usb 5-1: config 0 has no interface number 0 [ 239.075215][ T977] usb 5-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 239.177426][ T5906] usb 2-1: config 0 has no interface number 0 [ 239.204137][ T5834] usb 3-1: selecting invalid altsetting 2 [ 239.261585][ T5906] usb 2-1: config 0 interface 249 altsetting 0 endpoint 0x8 has invalid wMaxPacketSize 0 [ 239.271867][ T5834] snd_usb_toneport 3-1:244.162: set_interface failed [ 239.278757][ T5834] snd_usb_toneport 3-1:244.162: Line 6 TonePort GX now disconnected [ 239.338044][ T5906] usb 2-1: config 0 interface 249 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 0 [ 239.369187][ T5834] snd_usb_toneport 3-1:244.162: probe with driver snd_usb_toneport failed with error -22 [ 239.433343][ T5906] usb 2-1: config 0 interface 249 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 239.449117][ T977] usb 5-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 239.489316][ T5834] usb 3-1: USB disconnect, device number 29 [ 239.611746][ T5906] usb 2-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=be.87 [ 239.659304][ T977] usb 5-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 239.749250][ T5906] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.778693][T15517] netlink: 'syz.0.550': attribute type 21 has an invalid length. [ 239.868223][ T977] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 239.877460][ T5906] usb 2-1: config 0 descriptor?? [ 239.919078][T15517] netlink: 132 bytes leftover after parsing attributes in process `syz.0.550'. [ 239.977537][ T5906] port100 2-1:0.249: NFC: Could not find bulk-in or bulk-out endpoint [ 240.003617][ T977] usb 5-1: Product: syz [ 240.043726][ T977] usb 5-1: Manufacturer: syz [ 240.100833][ T977] usb 5-1: SerialNumber: syz [ 240.106862][T15562] netlink: 36 bytes leftover after parsing attributes in process `syz.0.550'. [ 240.215904][ T977] usb 5-1: config 0 descriptor?? [ 240.256352][T15562] netlink: 16 bytes leftover after parsing attributes in process `syz.0.550'. [ 240.336985][T15388] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 240.386174][T15562] netlink: 36 bytes leftover after parsing attributes in process `syz.0.550'. [ 240.401080][ T977] usb-storage 5-1:0.231: USB Mass Storage device detected [ 240.517363][T15562] netlink: 36 bytes leftover after parsing attributes in process `syz.0.550'. [ 241.016190][ T977] usb 5-1: USB disconnect, device number 36 [ 242.181119][ T5884] usb 2-1: USB disconnect, device number 26 [ 243.559036][ T977] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 243.822199][ T977] usb 2-1: Using ep0 maxpacket: 8 [ 243.902416][ T977] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 243.943107][ T977] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 244.040939][ T977] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 244.209482][ T977] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 244.289010][ T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.398663][ T977] hub 2-1:1.0: bad descriptor, ignoring hub [ 244.461760][ T977] hub 2-1:1.0: probe with driver hub failed with error -5 [ 244.489855][ T977] cdc_wdm 2-1:1.0: skipping garbage [ 244.495613][ T977] cdc_wdm 2-1:1.0: skipping garbage [ 244.505377][ T977] cdc_wdm 2-1:1.0: skipping garbage [ 244.695815][ T977] cdc_wdm 2-1:1.0: probe with driver cdc_wdm failed with error -22 [ 245.145491][ T977] usb 2-1: USB disconnect, device number 27 [ 245.769438][ T977] usb 2-1: new full-speed USB device number 28 using dummy_hcd [ 246.159133][ T977] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 246.405990][ T977] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 246.545148][ T977] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 246.801957][ T977] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 247.177028][ T977] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.382706][ T977] usb 2-1: can't set config #1, error -71 [ 247.469164][ T977] usb 2-1: USB disconnect, device number 28 [ 248.583463][T16271] RDS: rds_bind could not find a transport for ::ffff:100.1.1.2, load rds_tcp or rds_rdma? [ 249.971028][ T5884] usb 1-1: new full-speed USB device number 43 using dummy_hcd [ 250.089027][ T5906] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 250.175314][ T5884] usb 1-1: device descriptor read/64, error -71 [ 250.385636][ T5906] usb 5-1: Using ep0 maxpacket: 32 [ 250.463934][ T5906] usb 5-1: config 0 has an invalid interface number: 231 but max is 0 [ 250.479059][ T5906] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 250.552190][ T5884] usb 1-1: new full-speed USB device number 44 using dummy_hcd [ 250.641565][ T5906] usb 5-1: config 0 has no interface number 0 [ 250.697248][ T5906] usb 5-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 250.748385][ T5906] usb 5-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 250.804172][ T5884] usb 1-1: device descriptor read/64, error -71 [ 250.832385][ T5906] usb 5-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 250.944485][ T5906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.994210][ T5884] usb usb1-port1: attempt power cycle [ 251.109187][ T5906] usb 5-1: Product: syz [ 251.148601][ T5906] usb 5-1: Manufacturer: syz [ 251.169036][ T5906] usb 5-1: SerialNumber: syz [ 251.226871][ T5906] usb 5-1: config 0 descriptor?? [ 251.276899][T16385] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 251.390325][ T5906] usb-storage 5-1:0.231: USB Mass Storage device detected [ 251.489150][ T5884] usb 1-1: new full-speed USB device number 45 using dummy_hcd [ 251.584710][ T5884] usb 1-1: device descriptor read/8, error -71 [ 251.919218][ T5884] usb 1-1: new full-speed USB device number 46 using dummy_hcd [ 251.939112][ T5906] usb 5-1: USB disconnect, device number 37 [ 252.036267][ T30] audit: type=1326 audit(1742944489.912:468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16480 comm="syz.2.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ea9f8d169 code=0x7ffc0000 [ 252.092262][ T5884] usb 1-1: device descriptor read/8, error -71 [ 252.286592][ T5884] usb usb1-port1: unable to enumerate USB device [ 252.584708][ T30] audit: type=1326 audit(1742944489.912:469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16480 comm="syz.2.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f7ea9f8d169 code=0x7ffc0000 [ 252.584756][ T30] audit: type=1326 audit(1742944489.912:470): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16480 comm="syz.2.568" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f7ea9f8d169 code=0x7ffc0000 [ 252.584796][ T30] audit: type=1326 audit(1742944489.912:471): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16480 comm="syz.2.568" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7ea9f8d169 code=0x0 [ 253.085747][T16591] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 253.989130][ T5879] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 254.269071][ T5879] usb 5-1: Using ep0 maxpacket: 8 [ 254.348991][ T5879] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 254.435249][ T5879] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 254.450529][ T5879] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 254.477707][ T5879] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 100, changing to 10 [ 254.489443][ T5879] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 24936, setting to 1024 [ 254.541557][ T5879] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 254.551391][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 254.565274][ T5879] hub 5-1:1.0: bad descriptor, ignoring hub [ 254.585676][ T5879] hub 5-1:1.0: probe with driver hub failed with error -5 [ 254.753736][ T5879] cdc_wdm 5-1:1.0: skipping garbage [ 254.902455][ T5879] cdc_wdm 5-1:1.0: skipping garbage [ 254.925374][T16794] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 254.999171][ T5879] cdc_wdm 5-1:1.0: probe with driver cdc_wdm failed with error -22 [ 255.417108][ T5879] usb 5-1: USB disconnect, device number 38 [ 255.692681][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.711700][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.859286][ T5879] usb 5-1: new full-speed USB device number 39 using dummy_hcd [ 256.074705][ T5879] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 256.115985][ T5879] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 256.132897][T16889] FAULT_INJECTION: forcing a failure. [ 256.132897][T16889] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 256.154538][ T5879] usb 5-1: config 1 interface 0 altsetting 0 has an endpoint descriptor with address 0x76, changing to 0x6 [ 256.319253][T16889] CPU: 0 UID: 0 PID: 16889 Comm: syz.2.576 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) [ 256.319296][T16889] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 256.319310][T16889] Call Trace: [ 256.319317][T16889] [ 256.319326][T16889] dump_stack_lvl+0x241/0x360 [ 256.319359][T16889] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.319384][T16889] ? __pfx__printk+0x10/0x10 [ 256.319415][T16889] should_fail_ex+0x424/0x570 [ 256.319445][T16889] prepare_alloc_pages+0x1dd/0x5c0 [ 256.319471][T16889] __alloc_frozen_pages_noprof+0x181/0x7b0 [ 256.319494][T16889] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 256.319529][T16889] alloc_pages_mpol+0x339/0x690 [ 256.319558][T16889] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 256.319616][T16889] vma_alloc_folio_noprof+0x12d/0x260 [ 256.319646][T16889] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 256.319678][T16889] folio_prealloc+0x2e/0x170 [ 256.319697][T16889] __handle_mm_fault+0x1ef6/0x6ef0 [ 256.319745][T16889] ? __pfx___handle_mm_fault+0x10/0x10 [ 256.319777][T16889] ? __lock_acquire+0xad5/0xd80 [ 256.319808][T16889] ? do_raw_spin_lock+0x151/0x370 [ 256.319835][T16889] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 256.319866][T16889] ? __pte_offset_map_lock+0x276/0x310 [ 256.319917][T16889] ? __pfx___might_resched+0x10/0x10 [ 256.319940][T16889] handle_mm_fault+0x3e5/0x8d0 [ 256.319976][T16889] __get_user_pages+0x1adf/0x4180 [ 256.320038][T16889] ? __pfx___get_user_pages+0x10/0x10 [ 256.320070][T16889] ? __pfx_mt_find+0x10/0x10 [ 256.320122][T16889] populate_vma_page_range+0x266/0x340 [ 256.320155][T16889] ? __pfx_populate_vma_page_range+0x10/0x10 [ 256.320183][T16889] ? userfaultfd_unmap_complete+0x30e/0x360 [ 256.320209][T16889] ? vm_mmap_pgoff+0x340/0x530 [ 256.320245][T16889] __mm_populate+0x27d/0x460 [ 256.320279][T16889] ? __pfx___mm_populate+0x10/0x10 [ 256.320314][T16889] vm_mmap_pgoff+0x390/0x530 [ 256.320348][T16889] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 256.320381][T16889] ? __fget_files+0x2a/0x420 [ 256.320410][T16889] ? __fget_files+0x39d/0x420 [ 256.320437][T16889] ? __fget_files+0x2a/0x420 [ 256.320466][T16889] ksys_mmap_pgoff+0x4ee/0x720 [ 256.320494][T16889] ? __x64_sys_mmap+0x7f/0x140 [ 256.320516][T16889] do_syscall_64+0xf3/0x230 [ 256.320544][T16889] ? clear_bhb_loop+0x45/0xa0 [ 256.320568][T16889] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 256.320587][T16889] RIP: 0033:0x7f7ea9f8d169 [ 256.320605][T16889] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 256.320623][T16889] RSP: 002b:00007f7eaad03038 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 256.320644][T16889] RAX: ffffffffffffffda RBX: 00007f7eaa1a6080 RCX: 00007f7ea9f8d169 [ 256.320659][T16889] RDX: 0000000000000002 RSI: 0000000000b36000 RDI: 0000200000000000 [ 256.320671][T16889] RBP: 00007f7eaad03090 R08: 0000000000000003 R09: 0000000000000000 [ 256.320683][T16889] R10: 0000000000028012 R11: 0000000000000246 R12: 0000000000000002 [ 256.320695][T16889] R13: 0000000000000001 R14: 00007f7eaa1a6080 R15: 00007f7eaa2cfa28 [ 256.320718][T16889] [ 256.630227][ C0] vkms_vblank_simulate: vblank timer overrun [ 256.673178][ T5879] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 26984, setting to 64 [ 256.684185][ T5879] usb 5-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 256.693357][ T5879] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 256.844086][ T5879] usb 5-1: can't set config #1, error -71 [ 256.851168][ T5879] usb 5-1: USB disconnect, device number 39 [ 256.920602][ T5906] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 257.334497][ T5906] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 257.418385][ T5906] usb 1-1: config 0 has no interface number 0 [ 257.579169][ T5879] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 257.597461][ T5906] usb 1-1: config 0 interface 255 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 257.753975][ T5906] usb 1-1: config 0 interface 255 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 257.789126][ T5879] usb 5-1: Using ep0 maxpacket: 32 [ 258.038197][ T5879] usb 5-1: config 244 has an invalid interface number: 162 but max is 0 [ 258.079631][ T5906] usb 1-1: New USB device found, idVendor=10cf, idProduct=8065, bcdDevice=91.79 [ 258.202592][ T5879] usb 5-1: config 244 has no interface number 0 [ 258.425209][ T5879] usb 5-1: config 244 interface 162 has no altsetting 0 [ 258.494569][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.558840][ T5906] usb 1-1: Product: syz [ 258.630550][ T5879] usb 5-1: New USB device found, idVendor=0e41, idProduct=4147, bcdDevice=99.14 [ 258.656494][ T30] audit: type=1326 audit(1742944496.542:472): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17035 comm="syz.1.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 258.751838][ T5906] usb 1-1: Manufacturer: syz [ 258.786769][ T5879] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 258.851811][T17103] netlink: 20 bytes leftover after parsing attributes in process `syz.1.581'. [ 258.891577][ T5906] usb 1-1: SerialNumber: syz [ 258.946840][ T5906] usb 1-1: config 0 descriptor?? [ 258.967432][ T5879] usb 5-1: Product: syz [ 259.089015][ T5879] usb 5-1: Manufacturer: syz [ 259.124119][ T30] audit: type=1326 audit(1742944496.542:473): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17035 comm="syz.1.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 259.239474][ T5906] vmk80xx 1-1:0.255: driver 'vmk80xx' failed to auto-configure device. [ 259.274107][T17141] netlink: 16 bytes leftover after parsing attributes in process `syz.1.581'. [ 259.279106][ T5879] usb 5-1: SerialNumber: syz [ 259.412332][ T5906] vmk80xx 1-1:0.255: probe with driver vmk80xx failed with error -22 [ 259.449547][ T5881] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 259.539250][ T5906] usb 1-1: USB disconnect, device number 47 [ 259.657610][ T6023] udevd[6023]: setting owner of /dev/bus/usb/001/047 to uid=0, gid=0 failed: No such file or directory [ 259.726633][ T5879] snd_usb_toneport 5-1:244.162: Line 6 TonePort GX found [ 259.913567][ T5881] usb 4-1: Using ep0 maxpacket: 32 [ 260.057411][ T30] audit: type=1326 audit(1742944496.602:474): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17035 comm="syz.1.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=259 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 260.082510][ T5879] usb 5-1: selecting invalid altsetting 2 [ 260.160504][ T5881] usb 4-1: config 0 has an invalid interface number: 231 but max is 0 [ 260.199410][ T5879] snd_usb_toneport 5-1:244.162: set_interface failed [ 260.237539][ T5881] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 260.423293][ T5879] snd_usb_toneport 5-1:244.162: Line 6 TonePort GX now disconnected [ 260.476169][ T30] audit: type=1326 audit(1742944496.602:475): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17035 comm="syz.1.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 260.621418][ T5881] usb 4-1: config 0 has no interface number 0 [ 260.701680][ T5879] snd_usb_toneport 5-1:244.162: probe with driver snd_usb_toneport failed with error -22 [ 260.753686][ T5881] usb 4-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 260.930394][ T5879] usb 5-1: USB disconnect, device number 40 [ 261.021610][ T5881] usb 4-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 261.069089][ T30] audit: type=1326 audit(1742944496.602:476): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17035 comm="syz.1.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 261.296275][ T5881] usb 4-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 261.369515][ T30] audit: type=1326 audit(1742944496.602:477): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17035 comm="syz.1.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 261.509449][ T5881] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 261.807068][ T5881] usb 4-1: Product: syz [ 261.826850][ T30] audit: type=1326 audit(1742944496.602:478): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17035 comm="syz.1.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 261.919647][T17346] ip6tnl1: entered promiscuous mode [ 262.071664][ T5881] usb 4-1: Manufacturer: syz [ 262.076505][ T5881] usb 4-1: SerialNumber: syz [ 262.082244][ T30] audit: type=1326 audit(1742944496.602:479): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17035 comm="syz.1.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 262.104528][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.140685][ T5881] usb 4-1: config 0 descriptor?? [ 262.147781][ T30] audit: type=1326 audit(1742944496.622:480): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17035 comm="syz.1.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 262.170107][ C0] vkms_vblank_simulate: vblank timer overrun [ 262.177074][ T30] audit: type=1326 audit(1742944496.742:481): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17035 comm="syz.1.581" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 262.199821][T17346] ip6tnl1: entered allmulticast mode [ 262.243610][ T5881] usb 4-1: can't set config #0, error -71 [ 262.409314][ T5881] usb 4-1: USB disconnect, device number 27 [ 268.544020][ T5884] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 268.870668][ T5884] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 268.925881][ T5884] usb 2-1: New USB device found, idVendor=05ac, idProduct=0238, bcdDevice= 0.40 [ 268.957930][ T5884] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 268.997060][ T5884] usb 2-1: Product: syz [ 269.044024][ T5884] usb 2-1: Manufacturer: syz [ 269.119000][ T5884] usb 2-1: SerialNumber: syz [ 269.212019][ T5884] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input11 [ 269.459019][ T5906] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 269.630157][T17945] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 269.769160][ T5906] usb 1-1: Using ep0 maxpacket: 32 [ 269.809072][ T5906] usb 1-1: config 244 has an invalid interface number: 162 but max is 0 [ 269.817539][ T5906] usb 1-1: config 244 has no interface number 0 [ 269.932252][ T5906] usb 1-1: config 244 interface 162 has no altsetting 0 [ 269.972249][T17945] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 270.019070][ T5906] usb 1-1: New USB device found, idVendor=0e41, idProduct=4147, bcdDevice=99.14 [ 270.028272][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 270.162688][T17980] x_tables: ip_tables: udp match: only valid for protocol 17 [ 270.203068][ T5906] usb 1-1: Product: syz [ 270.207375][ T5906] usb 1-1: Manufacturer: syz [ 270.228662][ T5906] usb 1-1: SerialNumber: syz [ 270.475523][ T9] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 270.495585][ T5906] snd_usb_toneport 1-1:244.162: Line 6 TonePort GX found [ 270.654816][ T5906] usb 1-1: selecting invalid altsetting 2 [ 270.669021][ T5193] bcm5974 2-1:1.0: could not read from device [ 270.760740][ T5906] snd_usb_toneport 1-1:244.162: set_interface failed [ 270.809282][ T5906] snd_usb_toneport 1-1:244.162: Line 6 TonePort GX now disconnected [ 270.889150][ T5884] usb 2-1: USB disconnect, device number 29 [ 270.895271][ T5906] snd_usb_toneport 1-1:244.162: probe with driver snd_usb_toneport failed with error -22 [ 270.949259][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 271.147153][ T5906] usb 1-1: USB disconnect, device number 48 [ 271.211868][ T9] usb 5-1: config 0 has an invalid interface number: 231 but max is 0 [ 271.256673][T18076] netlink: 40 bytes leftover after parsing attributes in process `syz.3.599'. [ 271.394415][T18076] FAULT_INJECTION: forcing a failure. [ 271.394415][T18076] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 271.438533][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 271.499151][T18076] CPU: 0 UID: 0 PID: 18076 Comm: syz.3.599 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) [ 271.499183][T18076] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 271.499196][T18076] Call Trace: [ 271.499203][T18076] [ 271.499212][T18076] dump_stack_lvl+0x241/0x360 [ 271.499246][T18076] ? __pfx_dump_stack_lvl+0x10/0x10 [ 271.499295][T18076] ? __pfx__printk+0x10/0x10 [ 271.499329][T18076] should_fail_ex+0x424/0x570 [ 271.499359][T18076] _copy_from_user+0x2d/0xb0 [ 271.499383][T18076] kstrtouint_from_user+0xd6/0x190 [ 271.499416][T18076] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 271.499449][T18076] ? __lock_acquire+0xad5/0xd80 [ 271.499485][T18076] proc_fail_nth_write+0xac/0x2d0 [ 271.499516][T18076] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 271.499539][T18076] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 271.499575][T18076] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 271.499606][T18076] vfs_write+0x2bc/0xd10 [ 271.499630][T18076] ? fdget_pos+0x247/0x310 [ 271.499663][T18076] ? __pfx_vfs_write+0x10/0x10 [ 271.499685][T18076] ? __fget_files+0x2a/0x420 [ 271.499715][T18076] ? __fget_files+0x39d/0x420 [ 271.499742][T18076] ? __fget_files+0x2a/0x420 [ 271.499776][T18076] ksys_write+0x19d/0x2d0 [ 271.499799][T18076] ? __pfx_ksys_write+0x10/0x10 [ 271.499824][T18076] ? do_syscall_64+0xb6/0x230 [ 271.499855][T18076] do_syscall_64+0xf3/0x230 [ 271.499882][T18076] ? clear_bhb_loop+0x45/0xa0 [ 271.499906][T18076] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 271.499927][T18076] RIP: 0033:0x7fd43578bc1f [ 271.499945][T18076] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 271.499962][T18076] RSP: 002b:00007fd43667f030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 271.499984][T18076] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fd43578bc1f [ 271.499999][T18076] RDX: 0000000000000001 RSI: 00007fd43667f0a0 RDI: 0000000000000004 [ 271.500012][T18076] RBP: 00007fd43667f090 R08: 0000000000000000 R09: 0000000000000000 [ 271.500025][T18076] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 271.500038][T18076] R13: 0000000000000000 R14: 00007fd4359a5fa0 R15: 00007fd435acfa28 [ 271.500063][T18076] [ 271.729968][ C0] vkms_vblank_simulate: vblank timer overrun [ 271.907972][ T9] usb 5-1: config 0 has no interface number 0 [ 271.914267][ T9] usb 5-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 271.924480][ T9] usb 5-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 271.939641][ T9] usb 5-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 271.948744][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.956894][ T9] usb 5-1: Product: syz [ 271.961190][ T9] usb 5-1: Manufacturer: syz [ 271.965843][ T9] usb 5-1: SerialNumber: syz [ 272.047282][ T9] usb 5-1: config 0 descriptor?? [ 272.159566][T17964] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 272.240611][T18130] netlink: 16 bytes leftover after parsing attributes in process `syz.1.602'. [ 272.495326][ T9] usb-storage 5-1:0.231: USB Mass Storage device detected [ 272.682168][T18189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 272.941028][T18189] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 273.096839][ T9] usb 5-1: USB disconnect, device number 41 [ 273.240554][T18130] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 277.329174][ T977] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 277.578968][ T977] usb 1-1: Using ep0 maxpacket: 32 [ 277.772652][ T977] usb 1-1: config 244 has an invalid interface number: 162 but max is 0 [ 277.858962][ T977] usb 1-1: config 244 has no interface number 0 [ 277.965111][ T977] usb 1-1: config 244 interface 162 has no altsetting 0 [ 278.047381][ T977] usb 1-1: New USB device found, idVendor=0e41, idProduct=4147, bcdDevice=99.14 [ 278.167917][ T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 278.292053][ T977] usb 1-1: Product: syz [ 278.378948][ T977] usb 1-1: Manufacturer: syz [ 278.452730][ T977] usb 1-1: SerialNumber: syz [ 278.842841][ T977] snd_usb_toneport 1-1:244.162: Line 6 TonePort GX found [ 278.996272][ T977] usb 1-1: selecting invalid altsetting 2 [ 279.077691][ T977] snd_usb_toneport 1-1:244.162: set_interface failed [ 279.179157][ T977] snd_usb_toneport 1-1:244.162: Line 6 TonePort GX now disconnected [ 279.279076][ T977] snd_usb_toneport 1-1:244.162: probe with driver snd_usb_toneport failed with error -22 [ 279.303611][ T977] usb 1-1: USB disconnect, device number 49 [ 280.289030][ T5834] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 280.580421][ T5834] usb 4-1: Using ep0 maxpacket: 32 [ 280.641107][ T5834] usb 4-1: config 0 has an invalid interface number: 231 but max is 0 [ 280.829167][ T5834] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 280.997926][ T5834] usb 4-1: config 0 has no interface number 0 [ 281.149030][ T5834] usb 4-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 281.293123][ T5834] usb 4-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 281.383797][ T5884] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 281.539066][ T5834] usb 4-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 281.718207][ T5834] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.739008][ T5884] usb 1-1: Using ep0 maxpacket: 8 [ 281.902701][ T5834] usb 4-1: Product: syz [ 281.906949][ T5834] usb 4-1: Manufacturer: syz [ 281.912337][ T5884] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 282.029227][ T5884] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 282.092543][ T5834] usb 4-1: SerialNumber: syz [ 282.119553][ T5834] usb 4-1: config 0 descriptor?? [ 282.125920][T18698] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 282.259205][ T5884] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 282.302860][ T5834] usb-storage 4-1:0.231: USB Mass Storage device detected [ 282.465973][ T5884] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 282.753072][ T5884] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 282.892546][ T5834] usb 4-1: USB disconnect, device number 28 [ 282.958083][ T5884] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 282.989626][ T5881] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 283.100122][ T5884] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 283.162776][T18925] capability: warning: `syz.2.622' uses deprecated v2 capabilities in a way that may be insecure [ 283.267856][ T5884] usb 1-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 283.309065][ T5881] usb 2-1: Using ep0 maxpacket: 8 [ 283.432027][T18941] netlink: 8 bytes leftover after parsing attributes in process `syz.2.622'. [ 283.469014][ T5881] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 3 [ 283.478832][ T5881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 283.498122][ T5884] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 283.759093][ T5884] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 283.812516][ T5881] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 284.085491][ T5881] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 284.288170][ T5884] usb 1-1: unable to read config index 2 descriptor/start: -71 [ 284.309257][ T5881] usb 2-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 284.377751][ T5884] usb 1-1: can't read configurations, error -71 [ 284.388399][ T5881] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.627948][ T5881] usb 2-1: config 0 descriptor?? [ 284.678836][T18889] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 284.789191][ T9] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 284.987729][T19021] netlink: 'syz.0.625': attribute type 21 has an invalid length. [ 285.119242][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 285.268658][ T9] usb 3-1: New USB device found, idVendor=0c72, idProduct=000d, bcdDevice=27.9b [ 285.280108][T19021] netlink: 132 bytes leftover after parsing attributes in process `syz.0.625'. [ 285.340487][T18889] netlink: 8 bytes leftover after parsing attributes in process `syz.1.621'. [ 285.363090][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 285.502260][ T9] usb 3-1: Product: syz [ 285.506593][ T9] usb 3-1: Manufacturer: syz [ 285.567832][ T977] usb 2-1: USB disconnect, device number 30 [ 285.575607][ T5832] Bluetooth: hci5: Opcode 0x0c03 failed: -19 [ 285.610241][T19047] netlink: 36 bytes leftover after parsing attributes in process `syz.0.625'. [ 285.669178][ T5834] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 285.669991][ T9] usb 3-1: SerialNumber: syz [ 285.703175][T19047] netlink: 16 bytes leftover after parsing attributes in process `syz.0.625'. [ 285.802649][ T9] usb 3-1: config 0 descriptor?? [ 285.845549][T19047] netlink: 36 bytes leftover after parsing attributes in process `syz.0.625'. [ 285.959347][ T5834] usb 4-1: Using ep0 maxpacket: 16 [ 285.993544][ T5834] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 286.025374][ T5884] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 286.090018][T19047] netlink: 36 bytes leftover after parsing attributes in process `syz.0.625'. [ 286.121549][ T9] peak_usb 3-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 286.136973][ T5834] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 286.231040][ T9] peak_usb 3-1:0.0: unable to read PCAN-USB Pro firmware info (err -71) [ 286.289100][ T5884] usb 5-1: Using ep0 maxpacket: 32 [ 286.325647][ T5834] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 286.381604][ T5884] usb 5-1: config 244 has an invalid interface number: 162 but max is 0 [ 286.493929][ T5884] usb 5-1: config 244 has no interface number 0 [ 286.524419][ T5834] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 286.571507][ T5884] usb 5-1: config 244 interface 162 has no altsetting 0 [ 286.679152][ T5834] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.705752][ T9] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71 [ 286.729472][ T5884] usb 5-1: New USB device found, idVendor=0e41, idProduct=4147, bcdDevice=99.14 [ 286.884632][ T5834] usb 4-1: config 0 descriptor?? [ 286.938838][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 287.138019][ T5884] usb 5-1: Product: syz [ 287.289069][ T5884] usb 5-1: Manufacturer: syz [ 287.293748][ T5884] usb 5-1: SerialNumber: syz [ 287.358642][ T9] usb 3-1: USB disconnect, device number 30 [ 287.554076][T19007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 287.772094][ T5884] snd_usb_toneport 5-1:244.162: Line 6 TonePort GX found [ 287.786551][T19153] ip6gre1: entered allmulticast mode [ 287.795163][T19007] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 287.933053][ T5884] usb 5-1: selecting invalid altsetting 2 [ 288.004489][ T5884] snd_usb_toneport 5-1:244.162: set_interface failed [ 288.059178][ T5834] microsoft 0003:045E:07DA.0007: unknown main item tag 0xe [ 288.149217][ T5884] snd_usb_toneport 5-1:244.162: Line 6 TonePort GX now disconnected [ 288.167657][ T5834] microsoft 0003:045E:07DA.0007: unknown main item tag 0x6 [ 288.269267][ T5884] snd_usb_toneport 5-1:244.162: probe with driver snd_usb_toneport failed with error -22 [ 288.289195][ T5834] microsoft 0003:045E:07DA.0007: unknown main item tag 0x2 [ 288.393118][ T5834] microsoft 0003:045E:07DA.0007: report is too long [ 288.470031][ T5884] usb 5-1: USB disconnect, device number 42 [ 288.483677][ T5834] microsoft 0003:045E:07DA.0007: item 0 2 0 11 parsing failed [ 288.493156][T19174] ip6erspan0: tun_chr_ioctl cmd 2147767517 [ 288.523616][T19177] ip6erspan0: tun_chr_ioctl cmd 1074812117 [ 288.612927][ T5834] microsoft 0003:045E:07DA.0007: parse failed [ 288.679226][ T5879] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 288.706960][ T5834] microsoft 0003:045E:07DA.0007: probe with driver microsoft failed with error -22 [ 289.024775][ T5879] usb 2-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 289.467703][ T5879] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 289.734458][ T5879] usb 2-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 289.840518][ T5906] usb 4-1: USB disconnect, device number 29 [ 289.883219][ T5879] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 290.007096][ T5879] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.346833][T19325] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 290.378715][T19200] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 290.492913][T19325] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 290.599042][ T5884] usb 5-1: new full-speed USB device number 43 using dummy_hcd [ 290.851274][ T5884] usb 5-1: config 4 has an invalid interface number: 156 but max is 0 [ 291.001749][ T5884] usb 5-1: config 4 has no interface number 0 [ 291.171043][ T5884] usb 5-1: New USB device found, idVendor=0fe9, idProduct=db71, bcdDevice=53.3e [ 291.381928][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.561527][ T5884] usb 5-1: Product: syz [ 291.629099][ T5879] aiptek 2-1:17.0: Aiptek using 400 ms programming speed [ 291.719063][ T5884] usb 5-1: Manufacturer: syz [ 291.723750][ T5884] usb 5-1: SerialNumber: syz [ 291.781410][ T5879] input: Aiptek as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:17.0/input/input12 [ 291.926664][ T5884] dvb-usb: found a 'DViCO FusionHDTV DVB-T NANO2 w/o firmware' in warm state. [ 292.124117][ T5884] usb 5-1: setting power ON [ 292.124998][ T5879] usb 2-1: USB disconnect, device number 31 [ 292.128749][ C0] aiptek 2-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 292.248062][ T5884] dvb-usb: bulk message failed: -22 (2/0) [ 292.423528][ T5884] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 293.359881][ T5884] dvb-usb: DViCO FusionHDTV DVB-T NANO2 w/o firmware error while loading driver (-19) [ 293.598310][ T5884] dvb_usb_cxusb 5-1:4.156: probe with driver dvb_usb_cxusb failed with error -22 [ 293.844710][ T5884] usb 5-1: USB disconnect, device number 43 [ 295.365451][ T5884] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 295.578983][ T5884] usb 5-1: Using ep0 maxpacket: 32 [ 295.699212][ T5884] usb 5-1: config 244 has an invalid interface number: 162 but max is 0 [ 295.851937][ T5884] usb 5-1: config 244 has no interface number 0 [ 295.858300][ T5884] usb 5-1: config 244 interface 162 has no altsetting 0 [ 296.072035][ T5884] usb 5-1: New USB device found, idVendor=0e41, idProduct=4147, bcdDevice=99.14 [ 296.309845][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.317928][ T5884] usb 5-1: Product: syz [ 296.519054][ T5884] usb 5-1: Manufacturer: syz [ 296.523744][ T5884] usb 5-1: SerialNumber: syz [ 296.962584][ T5884] snd_usb_toneport 5-1:244.162: Line 6 TonePort GX found [ 297.089468][ T5884] usb 5-1: selecting invalid altsetting 2 [ 297.169321][ T5884] snd_usb_toneport 5-1:244.162: set_interface failed [ 297.239875][ T5884] snd_usb_toneport 5-1:244.162: Line 6 TonePort GX now disconnected [ 297.318547][ T5884] snd_usb_toneport 5-1:244.162: probe with driver snd_usb_toneport failed with error -22 [ 297.622578][ T5884] usb 5-1: USB disconnect, device number 44 [ 303.743102][T20121] FAULT_INJECTION: forcing a failure. [ 303.743102][T20121] name failslab, interval 1, probability 0, space 0, times 0 [ 303.829155][T20121] CPU: 1 UID: 0 PID: 20121 Comm: syz.4.658 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) [ 303.829202][T20121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 303.829216][T20121] Call Trace: [ 303.829224][T20121] [ 303.829233][T20121] dump_stack_lvl+0x241/0x360 [ 303.829268][T20121] ? __pfx_dump_stack_lvl+0x10/0x10 [ 303.829295][T20121] ? __pfx__printk+0x10/0x10 [ 303.829320][T20121] ? __lock_acquire+0xad5/0xd80 [ 303.829357][T20121] should_fail_ex+0x424/0x570 [ 303.829391][T20121] should_failslab+0xac/0x100 [ 303.829419][T20121] kmem_cache_alloc_noprof+0x78/0x390 [ 303.829448][T20121] ? skb_clone+0x20c/0x390 [ 303.829472][T20121] skb_clone+0x20c/0x390 [ 303.829496][T20121] __netlink_deliver_tap+0x3c4/0x7f0 [ 303.829526][T20121] ? netlink_deliver_tap+0x2e/0x1b0 [ 303.829546][T20121] netlink_deliver_tap+0x19d/0x1b0 [ 303.829567][T20121] netlink_unicast+0x7c6/0x9a0 [ 303.829605][T20121] ? __pfx_netlink_unicast+0x10/0x10 [ 303.829637][T20121] ? __virt_addr_valid+0x45f/0x530 [ 303.829664][T20121] ? __phys_addr_symbol+0x2f/0x70 [ 303.829690][T20121] ? __check_object_size+0x478/0x720 [ 303.829721][T20121] netlink_sendmsg+0x8e8/0xce0 [ 303.829754][T20121] ? __pfx_netlink_sendmsg+0x10/0x10 [ 303.829780][T20121] ? aa_sock_msg_perm+0x91/0x160 [ 303.829814][T20121] ? __pfx_netlink_sendmsg+0x10/0x10 [ 303.829835][T20121] __sock_sendmsg+0x221/0x270 [ 303.829864][T20121] sock_write_iter+0x2d9/0x3f0 [ 303.829889][T20121] ? __pfx_sock_write_iter+0x10/0x10 [ 303.829930][T20121] do_iter_readv_writev+0x71f/0x9d0 [ 303.829961][T20121] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 303.829991][T20121] ? bpf_lsm_file_permission+0x9/0x10 [ 303.830020][T20121] ? rw_verify_area+0x246/0x630 [ 303.830044][T20121] vfs_writev+0x38d/0xbc0 [ 303.830074][T20121] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 303.830101][T20121] ? vfs_write+0xb29/0xd10 [ 303.830126][T20121] ? __lock_acquire+0xad5/0xd80 [ 303.830156][T20121] ? __pfx_vfs_writev+0x10/0x10 [ 303.830213][T20121] ? __fget_files+0x2a/0x420 [ 303.830244][T20121] ? __fget_files+0x39d/0x420 [ 303.830270][T20121] ? __fget_files+0x2a/0x420 [ 303.830305][T20121] do_writev+0x1b8/0x360 [ 303.830338][T20121] ? __pfx_do_writev+0x10/0x10 [ 303.830385][T20121] ? do_syscall_64+0xb6/0x230 [ 303.830415][T20121] do_syscall_64+0xf3/0x230 [ 303.830443][T20121] ? clear_bhb_loop+0x45/0xa0 [ 303.830468][T20121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 303.830489][T20121] RIP: 0033:0x7f4098b8d169 [ 303.830508][T20121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 303.830525][T20121] RSP: 002b:00007f409997e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 303.830548][T20121] RAX: ffffffffffffffda RBX: 00007f4098da5fa0 RCX: 00007f4098b8d169 [ 303.830563][T20121] RDX: 0000000000000001 RSI: 0000200000001200 RDI: 0000000000000005 [ 303.830577][T20121] RBP: 00007f409997e090 R08: 0000000000000000 R09: 0000000000000000 [ 303.830589][T20121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 303.830601][T20121] R13: 0000000000000000 R14: 00007f4098da5fa0 R15: 00007f4098ecfa28 [ 303.830626][T20121] [ 304.429904][ T5147] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 304.499711][ T5147] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 304.517256][ T5147] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 304.549957][ T5147] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 304.558833][ T5147] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 304.566665][ T5147] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 304.573999][ T5879] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 304.739130][ T5879] usb 4-1: Using ep0 maxpacket: 32 [ 304.806770][ T5879] usb 4-1: config 244 has an invalid interface number: 162 but max is 0 [ 304.879008][ T5879] usb 4-1: config 244 has no interface number 0 [ 304.885401][ T5879] usb 4-1: config 244 interface 162 has no altsetting 0 [ 305.122321][ T5879] usb 4-1: New USB device found, idVendor=0e41, idProduct=4147, bcdDevice=99.14 [ 305.273520][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 305.359344][ T5879] usb 4-1: Product: syz [ 305.363608][ T5879] usb 4-1: Manufacturer: syz [ 305.511506][ T5879] usb 4-1: SerialNumber: syz [ 305.932013][ T5834] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 306.292266][ T5834] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 306.392852][ T5879] snd_usb_toneport 4-1:244.162: Line 6 TonePort GX found [ 306.529341][ T5834] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 306.622750][ T5879] usb 4-1: selecting invalid altsetting 2 [ 306.649486][ T5879] snd_usb_toneport 4-1:244.162: set_interface failed [ 306.656412][ T5879] snd_usb_toneport 4-1:244.162: Line 6 TonePort GX now disconnected [ 306.658990][ T5834] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 306.724440][ T5147] Bluetooth: hci5: command tx timeout [ 306.748529][ T5879] snd_usb_toneport 4-1:244.162: probe with driver snd_usb_toneport failed with error -22 [ 306.869319][ T5834] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 307.271504][T20199] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 307.350436][ T5834] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 307.684179][ T5879] usb 4-1: USB disconnect, device number 30 [ 308.449225][ T5834] usb 1-1: USB disconnect, device number 52 [ 308.804949][ T5147] Bluetooth: hci5: command tx timeout [ 308.976629][T20199] could not allocate digest TFM handle [ 309.114736][ T5879] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 309.141013][ T5842] udevd[5842]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 309.454640][ T5879] usb 4-1: Using ep0 maxpacket: 8 [ 309.635615][ T5879] usb 4-1: config 162 has an invalid interface number: 253 but max is 0 [ 309.867777][ T5879] usb 4-1: config 162 has no interface number 0 [ 310.039141][ T5879] usb 4-1: config 162 interface 253 has no altsetting 0 [ 310.141366][ T5879] usb 4-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.09 [ 310.254130][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 310.369168][ T5879] usb 4-1: Product: syz [ 310.373436][ T5879] usb 4-1: Manufacturer: syz [ 310.378075][ T5879] usb 4-1: SerialNumber: syz [ 310.415908][T20482] kAFS: unable to lookup cell '(/cM' [ 310.539884][T20497] fuse: Bad value for 'fd' [ 310.919151][ T5147] Bluetooth: hci5: command tx timeout [ 310.948986][ T5879] go7007 4-1:162.253: probe with driver go7007 failed with error -12 [ 311.259083][ T5879] usb 4-1: USB disconnect, device number 31 [ 312.964230][ T5147] Bluetooth: hci5: command tx timeout [ 315.379197][ T5884] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 315.695231][ T5884] usb 5-1: config 0 has an invalid interface number: 186 but max is 1 [ 315.898930][ T5884] usb 5-1: config 0 has no interface number 1 [ 316.024207][ T5884] usb 5-1: New USB device found, idVendor=0582, idProduct=0005, bcdDevice=e5.83 [ 316.111600][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 316.167339][ T5884] usb 5-1: Product: syz [ 316.268989][ T5884] usb 5-1: Manufacturer: syz [ 316.335818][ T5884] usb 5-1: SerialNumber: syz [ 316.429267][ T5884] usb 5-1: config 0 descriptor?? [ 316.552635][ T5884] hub 5-1:0.186: Invalid hub with more than one config or interface [ 316.651079][ T5884] hub 5-1:0.186: probe with driver hub failed with error -22 [ 317.131205][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.187561][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.529087][ T5884] usb 5-1: USB disconnect, device number 45 [ 319.976794][T20979] xt_hashlimit: Unknown mode mask 300, kernel too old? [ 324.101279][ T9] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 324.419341][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 324.558214][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 324.692474][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 324.917507][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 100, changing to 10 [ 325.188937][ T9] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24936, setting to 1024 [ 325.429155][ T9] usb 2-1: New USB device found, idVendor=0225, idProduct=0000, bcdDevice= 0.00 [ 325.519231][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 325.537453][ T9] hub 2-1:1.0: bad descriptor, ignoring hub [ 325.549248][ T9] hub 2-1:1.0: probe with driver hub failed with error -5 [ 325.556919][ T9] cdc_wdm 2-1:1.0: skipping garbage [ 325.559061][ T5906] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 325.648963][ T9] cdc_wdm 2-1:1.0: skipping garbage [ 325.760480][ T9] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 325.766508][ T9] cdc_wdm 2-1:1.0: Unknown control protocol [ 325.979100][ T5906] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 326.258652][ T5906] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 326.359036][ T9] usb 2-1: USB disconnect, device number 32 [ 326.376712][ T5906] usb 4-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 326.614899][ T5906] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 326.778044][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.799029][ T9] usb 2-1: new full-speed USB device number 33 using dummy_hcd [ 326.876149][ T5906] usb 4-1: Product: syz [ 326.993895][ T5906] usb 4-1: Manufacturer: syz [ 326.998581][ T5906] usb 4-1: SerialNumber: syz [ 327.259247][ T5906] cdc_ncm 4-1:1.0: skipping garbage [ 327.264529][ T5906] cdc_ncm 4-1:1.0: CDC Union missing and no IAD found [ 327.499007][ T5906] cdc_ncm 4-1:1.0: bind() failure [ 327.688604][ T5906] usb 4-1: USB disconnect, device number 32 [ 329.089243][ T5906] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 329.220127][ T5884] usb 5-1: new full-speed USB device number 46 using dummy_hcd [ 329.589173][ T5906] usb 1-1: config 0 has no interfaces? [ 329.595587][ T5884] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 329.892603][ T5906] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 329.946065][ T5884] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 330.099044][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.123042][ T5884] usb 5-1: New USB device found, idVendor=056a, idProduct=0000, bcdDevice= 0.00 [ 330.149278][ T5906] usb 1-1: Product: syz [ 330.153580][ T5906] usb 1-1: Manufacturer: syz [ 330.158221][ T5906] usb 1-1: SerialNumber: syz [ 330.259066][ T5884] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.327452][ T5906] usb 1-1: config 0 descriptor?? [ 330.362476][ T5884] usb 5-1: config 0 descriptor?? [ 330.429836][T21598] FAULT_INJECTION: forcing a failure. [ 330.429836][T21598] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 330.741472][T21598] CPU: 1 UID: 0 PID: 21598 Comm: syz.3.695 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) [ 330.741504][T21598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 330.741532][T21598] Call Trace: [ 330.741540][T21598] [ 330.741549][T21598] dump_stack_lvl+0x241/0x360 [ 330.741582][T21598] ? __pfx_dump_stack_lvl+0x10/0x10 [ 330.741609][T21598] ? __pfx__printk+0x10/0x10 [ 330.741641][T21598] should_fail_ex+0x424/0x570 [ 330.741672][T21598] _copy_from_user+0x2d/0xb0 [ 330.741696][T21598] move_addr_to_kernel+0x8c/0x170 [ 330.741720][T21598] copy_msghdr_from_user+0x477/0x580 [ 330.741754][T21598] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 330.741776][T21598] ? __fget_files+0x2a/0x420 [ 330.741807][T21598] ? __fget_files+0x2a/0x420 [ 330.741841][T21598] __sys_sendmsg+0x20a/0x360 [ 330.741875][T21598] ? __pfx___sys_sendmsg+0x10/0x10 [ 330.741942][T21598] ? do_syscall_64+0xb6/0x230 [ 330.741972][T21598] do_syscall_64+0xf3/0x230 [ 330.741999][T21598] ? clear_bhb_loop+0x45/0xa0 [ 330.742021][T21598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 330.742040][T21598] RIP: 0033:0x7fd43578d169 [ 330.742058][T21598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 330.742076][T21598] RSP: 002b:00007fd43665e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 330.742098][T21598] RAX: ffffffffffffffda RBX: 00007fd4359a6080 RCX: 00007fd43578d169 [ 330.742114][T21598] RDX: 0000000000000004 RSI: 00002000000027c0 RDI: 0000000000000003 [ 330.742127][T21598] RBP: 00007fd43665e090 R08: 0000000000000000 R09: 0000000000000000 [ 330.742140][T21598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 330.742152][T21598] R13: 0000000000000001 R14: 00007fd4359a6080 R15: 00007fd435acfa28 [ 330.742177][T21598] [ 331.639096][ T977] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 331.939589][ T977] usb 2-1: Using ep0 maxpacket: 16 [ 331.983549][ T977] usb 2-1: config 7 has an invalid interface number: 154 but max is 0 [ 332.010639][T21673] netlink: 36 bytes leftover after parsing attributes in process `syz.3.697'. [ 332.048241][ T977] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 332.090160][T21673] netlink: 16 bytes leftover after parsing attributes in process `syz.3.697'. [ 332.201892][ T977] usb 2-1: config 7 has no interface number 0 [ 332.259430][T21673] netlink: 36 bytes leftover after parsing attributes in process `syz.3.697'. [ 332.268429][T21673] netlink: 36 bytes leftover after parsing attributes in process `syz.3.697'. [ 332.310328][ T977] usb 2-1: config 7 interface 154 altsetting 9 has an endpoint descriptor with address 0xD3, changing to 0x83 [ 332.362775][ T5881] usb 5-1: USB disconnect, device number 46 [ 332.520507][T21698] FAULT_INJECTION: forcing a failure. [ 332.520507][T21698] name (null), interval 1, probability 0, space 0, times 1 [ 332.595482][ T977] usb 2-1: config 7 interface 154 altsetting 9 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 332.615544][T21698] CPU: 0 UID: 0 PID: 21698 Comm: syz.4.698 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) [ 332.615588][T21698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 332.615602][T21698] Call Trace: [ 332.615610][T21698] [ 332.615618][T21698] dump_stack_lvl+0x241/0x360 [ 332.615653][T21698] ? __pfx_dump_stack_lvl+0x10/0x10 [ 332.615680][T21698] ? __pfx__printk+0x10/0x10 [ 332.615710][T21698] ? blk_mq_get_tag+0x97c/0xb20 [ 332.615733][T21698] should_fail_ex+0x424/0x570 [ 332.615764][T21698] null_queue_rq+0x26c/0xd60 [ 332.615798][T21698] ? __pfx_autoremove_wake_function+0x10/0x10 [ 332.615836][T21698] null_queue_rqs+0x1e9/0x370 [ 332.615871][T21698] ? __pfx_null_queue_rqs+0x10/0x10 [ 332.615908][T21698] ? blk_mq_flush_plug_list+0x284/0x1880 [ 332.615936][T21698] ? blk_mq_flush_plug_list+0x284/0x1880 [ 332.615964][T21698] blk_mq_flush_plug_list+0x56c/0x1880 [ 332.615994][T21698] ? rcu_is_watching+0x15/0xb0 [ 332.616018][T21698] ? blk_add_rq_to_plug+0x2f7/0x4b0 [ 332.616045][T21698] ? __pfx_blk_mq_flush_plug_list+0x10/0x10 [ 332.616072][T21698] ? blk_mq_submit_bio+0xfbb/0x25e0 [ 332.616103][T21698] ? blk_mq_submit_bio+0x496/0x25e0 [ 332.616133][T21698] __blk_flush_plug+0x422/0x500 [ 332.616165][T21698] ? __pfx___blk_flush_plug+0x10/0x10 [ 332.616200][T21698] __submit_bio+0x56d/0x6d0 [ 332.616231][T21698] ? __pfx___submit_bio+0x10/0x10 [ 332.616274][T21698] submit_bio_noacct_nocheck+0x4d5/0xe30 [ 332.616300][T21698] ? pfn_valid+0xf6/0x450 [ 332.616324][T21698] ? __pfx___might_resched+0x10/0x10 [ 332.616345][T21698] ? iov_iter_revert+0x1c8/0x5a0 [ 332.616364][T21698] ? iov_iter_extract_pages+0x3f3/0x5c0 [ 332.616389][T21698] ? __pfx_submit_bio_noacct_nocheck+0x10/0x10 [ 332.616434][T21698] submit_bio_wait+0x107/0x210 [ 332.616458][T21698] ? __pfx_submit_bio_wait+0x10/0x10 [ 332.616491][T21698] ? bio_init+0x11e/0x250 [ 332.616512][T21698] blkdev_direct_IO+0xec7/0x1560 [ 332.616539][T21698] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 332.616567][T21698] ? __pfx_submit_bio_wait_endio+0x10/0x10 [ 332.616605][T21698] ? rcu_is_watching+0x15/0xb0 [ 332.616630][T21698] ? kiocb_invalidate_pages+0xf8/0x140 [ 332.616665][T21698] blkdev_direct_write+0x7d/0x140 [ 332.616686][T21698] blkdev_write_iter+0x560/0x740 [ 332.616725][T21698] vfs_write+0x70f/0xd10 [ 332.616752][T21698] ? __pfx_blkdev_write_iter+0x10/0x10 [ 332.616785][T21698] ? __pfx_vfs_write+0x10/0x10 [ 332.616810][T21698] ? __fget_files+0x2a/0x420 [ 332.616842][T21698] ? __fget_files+0x2a/0x420 [ 332.616878][T21698] ksys_write+0x19d/0x2d0 [ 332.616902][T21698] ? __pfx_ksys_write+0x10/0x10 [ 332.616928][T21698] ? do_syscall_64+0xb6/0x230 [ 332.616960][T21698] do_syscall_64+0xf3/0x230 [ 332.616987][T21698] ? clear_bhb_loop+0x45/0xa0 [ 332.617011][T21698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 332.617031][T21698] RIP: 0033:0x7f4098b8d169 [ 332.617050][T21698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 332.617068][T21698] RSP: 002b:00007f409997e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 332.617091][T21698] RAX: ffffffffffffffda RBX: 00007f4098da5fa0 RCX: 00007f4098b8d169 [ 332.617106][T21698] RDX: 0000000000002000 RSI: 0000200000001c00 RDI: 0000000000000004 [ 332.617120][T21698] RBP: 00007f409997e090 R08: 0000000000000000 R09: 0000000000000000 [ 332.617133][T21698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 332.617145][T21698] R13: 0000000000000000 R14: 00007f4098da5fa0 R15: 00007f4098ecfa28 [ 332.617171][T21698] [ 332.964019][ C0] vkms_vblank_simulate: vblank timer overrun [ 333.096614][ T977] usb 2-1: config 7 interface 154 altsetting 9 endpoint 0x83 has invalid wMaxPacketSize 0 [ 333.106750][ T977] usb 2-1: config 7 interface 154 altsetting 9 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 333.119919][ T977] usb 2-1: config 7 interface 154 has no altsetting 0 [ 333.311812][ T977] usb 2-1: New USB device found, idVendor=0438, idProduct=b002, bcdDevice=4d.27 [ 333.320995][ T977] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.329161][ T977] usb 2-1: Product: syz [ 333.333405][ T977] usb 2-1: Manufacturer: syz [ 333.338040][ T977] usb 2-1: SerialNumber: syz [ 333.560603][T21614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 333.722422][T21614] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 333.859258][T21614] netlink: 40 bytes leftover after parsing attributes in process `syz.1.696'. [ 334.140083][ T977] em28xx 2-1:7.154: New device syz syz @ 480 Mbps (0438:b002, interface 154, class 154) [ 334.409554][ T977] em28xx 2-1:7.154: Audio interface 154 found (Vendor Class) [ 334.655664][ T977] em28xx 2-1:7.154: unknown em28xx chip ID (0) [ 334.757172][ T977] em28xx 2-1:7.154: Config register raw data: 0xfffffffb [ 334.834109][ T977] em28xx 2-1:7.154: AC97 chip type couldn't be determined [ 334.994959][ T977] em28xx 2-1:7.154: No AC97 audio processor [ 335.139300][ T977] usb 2-1: USB disconnect, device number 34 [ 335.330712][T21822] FAULT_INJECTION: forcing a failure. [ 335.330712][T21822] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 335.479341][ T5881] usb 4-1: new full-speed USB device number 33 using dummy_hcd [ 335.589109][T21822] CPU: 0 UID: 0 PID: 21822 Comm: syz.1.700 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) [ 335.589145][T21822] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 335.589159][T21822] Call Trace: [ 335.589166][T21822] [ 335.589175][T21822] dump_stack_lvl+0x241/0x360 [ 335.589210][T21822] ? __pfx_dump_stack_lvl+0x10/0x10 [ 335.589238][T21822] ? __pfx__printk+0x10/0x10 [ 335.589274][T21822] should_fail_ex+0x424/0x570 [ 335.589306][T21822] _copy_from_iter+0x211/0x1c70 [ 335.589328][T21822] ? _copy_from_iter+0x288/0x1c70 [ 335.589358][T21822] ? __pfx__copy_from_iter+0x10/0x10 [ 335.589379][T21822] ? __pfx__copy_from_iter+0x10/0x10 [ 335.589399][T21822] ? __virt_addr_valid+0x183/0x530 [ 335.589431][T21822] ? page_copy_sane+0x154/0x260 [ 335.589453][T21822] copy_page_from_iter+0x7a/0x100 [ 335.589478][T21822] skb_copy_datagram_from_iter+0x2ed/0x6c0 [ 335.589511][T21822] packet_sendmsg+0x46ae/0x6dd0 [ 335.589568][T21822] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 335.589613][T21822] ? __pfx_packet_sendmsg+0x10/0x10 [ 335.589644][T21822] ? aa_sk_perm+0x96f/0xac0 [ 335.589676][T21822] ? __pfx_aa_sk_perm+0x10/0x10 [ 335.589702][T21822] ? __import_iovec+0x585/0x830 [ 335.589727][T21822] ? aa_sock_msg_perm+0x91/0x160 [ 335.589760][T21822] ? __pfx_packet_sendmsg+0x10/0x10 [ 335.589791][T21822] __sock_sendmsg+0x221/0x270 [ 335.589819][T21822] ____sys_sendmsg+0x53c/0x870 [ 335.589859][T21822] ? __pfx_____sys_sendmsg+0x10/0x10 [ 335.589890][T21822] ? __fget_files+0x2a/0x420 [ 335.589924][T21822] ? __fget_files+0x2a/0x420 [ 335.589961][T21822] __sys_sendmsg+0x271/0x360 [ 335.589999][T21822] ? __pfx___sys_sendmsg+0x10/0x10 [ 335.590080][T21822] ? do_syscall_64+0xb6/0x230 [ 335.590114][T21822] do_syscall_64+0xf3/0x230 [ 335.590143][T21822] ? clear_bhb_loop+0x45/0xa0 [ 335.590168][T21822] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 335.590189][T21822] RIP: 0033:0x7f850958d169 [ 335.590208][T21822] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 335.590227][T21822] RSP: 002b:00007f850a33e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 335.590253][T21822] RAX: ffffffffffffffda RBX: 00007f85097a5fa0 RCX: 00007f850958d169 [ 335.590269][T21822] RDX: 0000000020040051 RSI: 0000200000002ac0 RDI: 0000000000000003 [ 335.590285][T21822] RBP: 00007f850a33e090 R08: 0000000000000000 R09: 0000000000000000 [ 335.590300][T21822] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 335.590313][T21822] R13: 0000000000000000 R14: 00007f85097a5fa0 R15: 00007f85098cfa28 [ 335.590339][T21822] [ 335.855912][ C0] vkms_vblank_simulate: vblank timer overrun [ 336.069139][ T5881] usb 4-1: device descriptor read/64, error -71 [ 336.319149][ T5881] usb 4-1: new full-speed USB device number 34 using dummy_hcd [ 336.509225][ T5881] usb 4-1: device descriptor read/64, error -71 [ 336.619353][ T5881] usb usb4-port1: attempt power cycle [ 336.690238][ T24] usb 1-1: USB disconnect, device number 53 [ 337.169288][ T5881] usb 4-1: new full-speed USB device number 35 using dummy_hcd [ 337.180215][T21924] netlink: 8 bytes leftover after parsing attributes in process `syz.0.702'. [ 337.290450][ T5881] usb 4-1: device descriptor read/8, error -71 [ 337.389090][T21924] netlink: 12 bytes leftover after parsing attributes in process `syz.0.702'. [ 337.398062][T21924] netlink: 'syz.0.702': attribute type 7 has an invalid length. [ 337.561820][T21950] netlink: 5 bytes leftover after parsing attributes in process `syz.0.702'. [ 337.629749][ T5881] usb 4-1: new full-speed USB device number 36 using dummy_hcd [ 337.812292][T21950] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 338.005947][ T5881] usb 4-1: device descriptor read/8, error -71 [ 338.174302][ T5881] usb usb4-port1: unable to enumerate USB device [ 338.579758][T21980] fuse: Bad value for 'fd' [ 338.631233][T22000] netlink: 28 bytes leftover after parsing attributes in process `syz.3.704'. [ 338.640373][T22000] netlink: 'syz.3.704': attribute type 7 has an invalid length. [ 338.662964][T22000] netlink: 'syz.3.704': attribute type 8 has an invalid length. [ 338.774810][T22000] netlink: 4 bytes leftover after parsing attributes in process `syz.3.704'. [ 339.733044][ T1072] null_blk: rq ffff888026222580 timed out [ 339.739625][ T1072] timeout error, dev nullb0, sector 0 op 0x1:(WRITE) flags 0x8800 phys_seg 3 prio class 0 [ 341.080429][T22126] FAULT_INJECTION: forcing a failure. [ 341.080429][T22126] name failslab, interval 1, probability 0, space 0, times 0 [ 341.093528][T22126] CPU: 0 UID: 0 PID: 22126 Comm: syz.4.708 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) [ 341.093558][T22126] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 341.093572][T22126] Call Trace: [ 341.093579][T22126] [ 341.093588][T22126] dump_stack_lvl+0x241/0x360 [ 341.093623][T22126] ? __pfx_dump_stack_lvl+0x10/0x10 [ 341.093649][T22126] ? __pfx__printk+0x10/0x10 [ 341.093683][T22126] should_fail_ex+0x424/0x570 [ 341.093714][T22126] should_failslab+0xac/0x100 [ 341.093742][T22126] kmem_cache_alloc_noprof+0x78/0x390 [ 341.093778][T22126] ? skb_clone+0x20c/0x390 [ 341.093801][T22126] skb_clone+0x20c/0x390 [ 341.093819][T22126] ? dev_queue_xmit_nit+0x3fe/0xca0 [ 341.093850][T22126] dev_queue_xmit_nit+0x249/0xca0 [ 341.093880][T22126] ? dev_queue_xmit_nit+0x2b/0xca0 [ 341.093909][T22126] ? validate_xmit_skb+0xa89/0x1150 [ 341.093945][T22126] dev_hard_start_xmit+0x15f/0x7d0 [ 341.093977][T22126] ? __pfx_validate_xmit_skb+0x10/0x10 [ 341.094018][T22126] __dev_queue_xmit+0x1b80/0x3f60 [ 341.094037][T22126] ? kasan_save_track+0x3f/0x80 [ 341.094057][T22126] ? __kasan_slab_alloc+0x66/0x80 [ 341.094084][T22126] ? do_syscall_64+0xf3/0x230 [ 341.094118][T22126] ? __dev_queue_xmit+0x2f9/0x3f60 [ 341.094140][T22126] ? __pfx___dev_queue_xmit+0x10/0x10 [ 341.094172][T22126] ? __copy_skb_header+0xa7/0x5a0 [ 341.094192][T22126] ? __asan_memcpy+0x40/0x70 [ 341.094212][T22126] ? __skb_clone+0x5c/0x6d0 [ 341.094233][T22126] ? __skb_clone+0x457/0x6d0 [ 341.094258][T22126] ? skb_clone+0x240/0x390 [ 341.094281][T22126] __netlink_deliver_tap+0x561/0x7f0 [ 341.094311][T22126] ? netlink_deliver_tap+0x2e/0x1b0 [ 341.094331][T22126] netlink_deliver_tap+0x19d/0x1b0 [ 341.094354][T22126] netlink_unicast+0x7c6/0x9a0 [ 341.094391][T22126] ? __pfx_netlink_unicast+0x10/0x10 [ 341.094421][T22126] ? __virt_addr_valid+0x45f/0x530 [ 341.094448][T22126] ? __phys_addr_symbol+0x2f/0x70 [ 341.094473][T22126] ? __check_object_size+0x478/0x720 [ 341.094503][T22126] netlink_sendmsg+0x8e8/0xce0 [ 341.094534][T22126] ? __pfx_netlink_sendmsg+0x10/0x10 [ 341.094560][T22126] ? aa_sock_msg_perm+0x91/0x160 [ 341.094592][T22126] ? __pfx_netlink_sendmsg+0x10/0x10 [ 341.094613][T22126] __sock_sendmsg+0x221/0x270 [ 341.094640][T22126] ____sys_sendmsg+0x53c/0x870 [ 341.094678][T22126] ? __pfx_____sys_sendmsg+0x10/0x10 [ 341.094709][T22126] ? __fget_files+0x2a/0x420 [ 341.094742][T22126] ? __fget_files+0x2a/0x420 [ 341.094785][T22126] __sys_sendmsg+0x271/0x360 [ 341.094819][T22126] ? __pfx___sys_sendmsg+0x10/0x10 [ 341.094891][T22126] ? do_syscall_64+0xb6/0x230 [ 341.094921][T22126] do_syscall_64+0xf3/0x230 [ 341.094950][T22126] ? clear_bhb_loop+0x45/0xa0 [ 341.094974][T22126] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 341.094995][T22126] RIP: 0033:0x7f4098b8d169 [ 341.095014][T22126] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 341.095033][T22126] RSP: 002b:00007f409997e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 341.095056][T22126] RAX: ffffffffffffffda RBX: 00007f4098da5fa0 RCX: 00007f4098b8d169 [ 341.095073][T22126] RDX: 0000000000004084 RSI: 0000200000000100 RDI: 0000000000000003 [ 341.095087][T22126] RBP: 00007f409997e090 R08: 0000000000000000 R09: 0000000000000000 [ 341.095100][T22126] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 341.095112][T22126] R13: 0000000000000000 R14: 00007f4098da5fa0 R15: 00007f4098ecfa28 [ 341.095137][T22126] [ 341.439559][ C0] vkms_vblank_simulate: vblank timer overrun [ 344.462372][T22272] IPVS: stopping backup sync thread 6376 ... [ 346.667173][T22391] FAULT_INJECTION: forcing a failure. [ 346.667173][T22391] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 347.008142][T22391] CPU: 0 UID: 0 PID: 22391 Comm: syz.1.714 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) [ 347.008174][T22391] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 347.008188][T22391] Call Trace: [ 347.008195][T22391] [ 347.008204][T22391] dump_stack_lvl+0x241/0x360 [ 347.008238][T22391] ? __pfx_dump_stack_lvl+0x10/0x10 [ 347.008266][T22391] ? __pfx__printk+0x10/0x10 [ 347.008298][T22391] should_fail_ex+0x424/0x570 [ 347.008328][T22391] prepare_alloc_pages+0x1dd/0x5c0 [ 347.008355][T22391] __alloc_frozen_pages_noprof+0x181/0x7b0 [ 347.008379][T22391] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 347.008416][T22391] alloc_pages_mpol+0x339/0x690 [ 347.008447][T22391] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 347.008481][T22391] vma_alloc_folio_noprof+0x12d/0x260 [ 347.008510][T22391] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 347.008545][T22391] folio_prealloc+0x2e/0x170 [ 347.008565][T22391] __handle_mm_fault+0x32e8/0x6ef0 [ 347.008616][T22391] ? __pfx___handle_mm_fault+0x10/0x10 [ 347.008651][T22391] ? __lock_acquire+0xad5/0xd80 [ 347.008683][T22391] ? do_raw_spin_lock+0x151/0x370 [ 347.008712][T22391] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 347.008743][T22391] ? __pte_offset_map_lock+0x276/0x310 [ 347.008797][T22391] ? __pfx___might_resched+0x10/0x10 [ 347.008820][T22391] handle_mm_fault+0x3e5/0x8d0 [ 347.008862][T22391] __get_user_pages+0x1adf/0x4180 [ 347.008924][T22391] ? __pfx___get_user_pages+0x10/0x10 [ 347.008953][T22391] ? __gup_longterm_locked+0x382/0x1850 [ 347.008975][T22391] ? __pfx_down_read_killable+0x10/0x10 [ 347.009006][T22391] ? __lock_acquire+0xad5/0xd80 [ 347.009042][T22391] __gup_longterm_locked+0x488/0x1850 [ 347.009077][T22391] ? __pfx___gup_longterm_locked+0x10/0x10 [ 347.009098][T22391] ? sanity_check_pinned_pages+0x11b2/0x12a0 [ 347.009137][T22391] gup_fast_fallback+0x226b/0x29d0 [ 347.009192][T22391] ? __pfx_gup_fast_fallback+0x10/0x10 [ 347.009223][T22391] ? io_uring_create+0x5b5/0xc00 [ 347.009240][T22391] ? do_syscall_64+0xf3/0x230 [ 347.009266][T22391] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.009310][T22391] ? is_valid_gup_args+0x124/0x200 [ 347.009342][T22391] pin_user_pages_fast+0xd2/0x160 [ 347.009363][T22391] ? __pfx_pin_user_pages_fast+0x10/0x10 [ 347.009380][T22391] ? rcu_is_watching+0x15/0xb0 [ 347.009400][T22391] ? trace_kmalloc+0x1f/0xd0 [ 347.009425][T22391] ? io_pin_pages+0x9a/0x1a0 [ 347.009456][T22391] io_pin_pages+0xb4/0x1a0 [ 347.009483][T22391] io_region_pin_pages+0xe2/0x2c0 [ 347.009514][T22391] ? __pfx_io_region_pin_pages+0x10/0x10 [ 347.009540][T22391] ? __debug_object_init+0x39a/0x480 [ 347.009572][T22391] io_create_region+0x380/0x470 [ 347.009605][T22391] io_allocate_scq_urings+0x2ed/0x900 [ 347.009632][T22391] ? __pfx_io_allocate_scq_urings+0x10/0x10 [ 347.009659][T22391] ? security_capable+0xbc/0x2d0 [ 347.009691][T22391] io_uring_create+0x5b5/0xc00 [ 347.009716][T22391] __se_sys_io_uring_setup+0x2be/0x340 [ 347.009741][T22391] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 347.009777][T22391] ? do_syscall_64+0xb6/0x230 [ 347.009807][T22391] do_syscall_64+0xf3/0x230 [ 347.009834][T22391] ? clear_bhb_loop+0x45/0xa0 [ 347.009856][T22391] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 347.009884][T22391] RIP: 0033:0x7f850958d169 [ 347.009902][T22391] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 347.009920][T22391] RSP: 002b:00007f850a33dfc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 347.009943][T22391] RAX: ffffffffffffffda RBX: 00007f85097a5fa0 RCX: 00007f850958d169 [ 347.009957][T22391] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000002c0e [ 347.009971][T22391] RBP: 0000200000000400 R08: 0000000000000000 R09: 0000000000000000 [ 347.009984][T22391] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000002 [ 347.009996][T22391] R13: 0000000000000000 R14: 0000000000002c0e R15: 0000000000000000 [ 347.010021][T22391] [ 347.393587][ C0] vkms_vblank_simulate: vblank timer overrun [ 348.943470][T22495] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 349.190364][T22495] fuse: Bad value for 'fd' [ 349.254160][T22523] A link change request failed with some changes committed already. Interface batadv_slave_0 may have been left with an inconsistent configuration, please check. [ 349.289378][T22524] fuse: Bad value for 'fd' [ 349.469074][ T5881] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 349.739018][ T5881] usb 1-1: device descriptor read/64, error -71 [ 350.029251][ T5881] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 350.200042][ T5881] usb 1-1: device descriptor read/64, error -71 [ 350.409701][ T5881] usb usb1-port1: attempt power cycle [ 350.932761][ T5881] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 351.088316][ T5881] usb 1-1: device descriptor read/8, error -71 [ 351.535963][T22623] could not allocate digest TFM handle crct10dif-generic [ 351.543526][ T5881] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 351.676250][ T5881] usb 1-1: device descriptor read/8, error -71 [ 351.879401][ T5881] usb usb1-port1: unable to enumerate USB device [ 357.135377][T23010] veth0_to_bridge: entered promiscuous mode [ 358.047056][T23007] veth0_to_bridge: left promiscuous mode [ 358.056794][T23066] FAULT_INJECTION: forcing a failure. [ 358.056794][T23066] name failslab, interval 1, probability 0, space 0, times 0 [ 358.275832][T23066] CPU: 1 UID: 0 PID: 23066 Comm: syz.1.728 Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 PREEMPT(full) [ 358.275864][T23066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 358.275878][T23066] Call Trace: [ 358.275886][T23066] [ 358.275894][T23066] dump_stack_lvl+0x241/0x360 [ 358.275929][T23066] ? __pfx_dump_stack_lvl+0x10/0x10 [ 358.275955][T23066] ? __pfx__printk+0x10/0x10 [ 358.275983][T23066] ? __pfx___might_resched+0x10/0x10 [ 358.276006][T23066] should_fail_ex+0x424/0x570 [ 358.276035][T23066] should_failslab+0xac/0x100 [ 358.276061][T23066] __kmalloc_noprof+0xdf/0x4d0 [ 358.276096][T23066] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 358.276125][T23066] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 358.276158][T23066] tomoyo_realpath_from_path+0xcf/0x5e0 [ 358.276193][T23066] tomoyo_path_number_perm+0x245/0x790 [ 358.276219][T23066] ? tomoyo_path_number_perm+0x215/0x790 [ 358.276243][T23066] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 358.276271][T23066] ? ksys_write+0x24e/0x2d0 [ 358.276297][T23066] ? __lock_acquire+0xad5/0xd80 [ 358.276337][T23066] ? __fget_files+0x2a/0x420 [ 358.276364][T23066] ? __fget_files+0x2a/0x420 [ 358.276393][T23066] ? __fget_files+0x2a/0x420 [ 358.276426][T23066] security_file_ioctl+0xc6/0x2a0 [ 358.276450][T23066] __se_sys_ioctl+0x46/0x160 [ 358.276474][T23066] do_syscall_64+0xf3/0x230 [ 358.276502][T23066] ? clear_bhb_loop+0x45/0xa0 [ 358.276526][T23066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 358.276546][T23066] RIP: 0033:0x7f850958d169 [ 358.276564][T23066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 358.276582][T23066] RSP: 002b:00007f850a33e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 358.276605][T23066] RAX: ffffffffffffffda RBX: 00007f85097a5fa0 RCX: 00007f850958d169 [ 358.276620][T23066] RDX: 00002000000002c0 RSI: 00000000c0845657 RDI: 0000000000000003 [ 358.276634][T23066] RBP: 00007f850a33e090 R08: 0000000000000000 R09: 0000000000000000 [ 358.276647][T23066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 358.276659][T23066] R13: 0000000000000000 R14: 00007f85097a5fa0 R15: 00007f85098cfa28 [ 358.276684][T23066] [ 358.277046][T23066] ERROR: Out of memory at tomoyo_realpath_from_path. [ 360.590064][ T24] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 360.999069][ T24] usb 5-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 361.256735][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.389835][ T24] usb 5-1: config 0 descriptor?? [ 361.521456][ T24] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 363.572279][ T24] usb 5-1: USB disconnect, device number 47 [ 364.608810][T23423] IPVS: stopping master sync thread 23442 ... [ 364.655769][T23442] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 366.472330][ T5832] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 366.493750][ T5832] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 366.519760][ T5832] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 366.619310][ T5832] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 366.722586][ T5832] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 366.758986][ T5832] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 367.102106][ T24] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 367.405957][ T24] usb 1-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 367.536414][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 367.709024][ T24] usb 1-1: Product: syz [ 367.713285][ T24] usb 1-1: Manufacturer: syz [ 367.859021][ T24] usb 1-1: SerialNumber: syz [ 367.961747][ T24] usb 1-1: config 0 descriptor?? [ 368.323240][ T30] kauditd_printk_skb: 52 callbacks suppressed [ 368.323260][ T30] audit: type=1326 audit(1742944606.212:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23624 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 368.529602][ T24] hso 1-1:0.0: Failed to find INT IN ep [ 368.578786][ T24] usb-storage 1-1:0.0: USB Mass Storage device detected [ 368.798081][ T30] audit: type=1326 audit(1742944606.272:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23624 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=127 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 368.877030][T15389] bond0 (unregistering): Released all slaves [ 368.891611][ T5147] Bluetooth: hci5: command tx timeout [ 368.944787][ T5832] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 369.025986][ T30] audit: type=1326 audit(1742944606.272:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23624 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 369.048330][ C0] vkms_vblank_simulate: vblank timer overrun [ 369.052473][ T24] usb 1-1: USB disconnect, device number 58 [ 369.061118][ T5832] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 369.099158][ T5832] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 369.130697][ T30] audit: type=1326 audit(1742944606.272:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23624 comm="syz.1.742" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f850958d169 code=0x7ffc0000 [ 369.156391][ T5832] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 369.174207][ T5832] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 369.184359][ T5832] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 370.969337][ T5147] Bluetooth: hci5: command tx timeout [ 371.439042][ T24] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 371.697989][ T5147] Bluetooth: hci6: command tx timeout [ 371.729275][ T24] usb 5-1: config 0 has an invalid interface number: 239 but max is 0 [ 371.737532][ T24] usb 5-1: config 0 has no interface number 0 [ 371.976783][ T24] usb 5-1: config 0 interface 239 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 372.089380][ T24] usb 5-1: config 0 interface 239 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 372.301792][ T24] usb 5-1: config 0 interface 239 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 372.439640][ T24] usb 5-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=60.d9 [ 372.548954][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 372.557053][ T24] usb 5-1: Product: syz [ 372.745852][ T24] usb 5-1: Manufacturer: syz [ 372.902382][ T24] usb 5-1: SerialNumber: syz [ 372.959780][ T24] usb 5-1: config 0 descriptor?? [ 372.969712][T23805] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 373.051602][ T5147] Bluetooth: hci5: command tx timeout [ 373.447663][ T24] usb 5-1: probing VID:PID(2201:012C) [ 373.575911][ T24] usb 5-1: vub300 testing BULK OUT EndPoint(0) 02 [ 373.697822][ T24] usb 5-1: vub300 testing BULK IN EndPoint(1) 82 [ 373.819461][ T5147] Bluetooth: hci6: command tx timeout [ 373.868944][ T24] usb 5-1: Could not find two sets of bulk-in/out endpoint pairs [ 374.056785][ T24] vub300 5-1:0.239: probe with driver vub300 failed with error -22 [ 374.271767][ T24] usb 5-1: USB disconnect, device number 48 [ 374.801515][ T977] usb 1-1: new full-speed USB device number 59 using dummy_hcd [ 375.090322][T24054] netlink: 4 bytes leftover after parsing attributes in process `syz.4.751'. [ 375.123237][ T5147] Bluetooth: hci5: command tx timeout [ 375.157963][ T977] usb 1-1: not running at top speed; connect to a high speed hub [ 375.177038][ T977] usb 1-1: config 1 interface 0 has no altsetting 0 [ 375.194855][ T977] usb 1-1: New USB device found, idVendor=ffff, idProduct=ffff, bcdDevice= 0.40 [ 375.283770][ T977] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.369261][ T977] usb 1-1: Product: Ђ [ 375.437765][ T977] usb 1-1: Manufacturer: я [ 375.472330][ T977] usb 1-1: SerialNumber: syz [ 375.858925][ T5147] Bluetooth: hci6: command tx timeout [ 376.695213][T24156] ALSA: mixer_oss: invalid OSS volume 'DIGTAL1' [ 376.800148][T24156] ALSA: mixer_oss: invalid OSS volume 'veth1' [ 376.983882][T24156] ALSA: mixer_oss: invalid OSS volume 'team0' [ 377.152815][T24201] netlink: 'syz.1.754': attribute type 58 has an invalid length. [ 377.337257][T24201] netlink: 20 bytes leftover after parsing attributes in process `syz.1.754'. [ 377.778979][ T977] usbhid 1-1:1.0: can't add hid device: -71 [ 377.785067][ T977] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 377.929108][ T5147] Bluetooth: hci6: command tx timeout [ 377.936458][ T977] usb 1-1: USB disconnect, device number 59 [ 378.562946][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.569513][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.606652][T24290] misc userio: Invalid payload size [ 378.809231][ T5881] usb 5-1: new high-speed USB device number 49 using dummy_hcd [ 379.052336][ T5881] usb 5-1: config 0 has an invalid interface number: 83 but max is 0 [ 379.149001][ T5881] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 379.258123][ T5881] usb 5-1: config 0 has no interface number 0 [ 379.309997][ T5881] usb 5-1: config 0 interface 83 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 379.406811][ T5881] usb 5-1: config 0 interface 83 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 379.557762][ T5881] usb 5-1: New USB device found, idVendor=0b48, idProduct=2003, bcdDevice=39.61 [ 379.662452][ T5881] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.859195][ T5881] usb 5-1: config 0 descriptor?? [ 379.952618][ T5881] ttusbir 5-1:0.83: cannot find expected altsetting [ 380.118303][T24288] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 380.199441][T24288] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 380.402353][ T5881] usb 5-1: USB disconnect, device number 49 [ 382.182825][T24525] vhci_hcd vhci_hcd.0: pdev(4) rhport(1) sockfd(13) [ 382.189836][T24525] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 382.245874][T24518] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(10) [ 382.252560][T24518] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 382.531552][T24557] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 382.559568][T24527] ip6tnl2: entered promiscuous mode [ 382.637994][T24518] vhci_hcd vhci_hcd.0: Device attached [ 382.691338][ T5884] vhci_hcd: vhci_device speed not set [ 382.885458][ T5884] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 382.899293][T24525] vhci_hcd vhci_hcd.0: Device attached [ 383.084177][T24593] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(12) [ 383.090876][T24593] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 383.223667][T24525] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 383.348958][T24518] vhci_hcd vhci_hcd.0: pdev(4) rhport(4) sockfd(21) [ 383.355657][T24518] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 383.374285][T24557] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 383.598368][T24593] vhci_hcd vhci_hcd.0: Device attached [ 383.690648][T24525] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 383.705317][T24518] vhci_hcd vhci_hcd.0: Device attached [ 384.099426][T24557] vhci_hcd vhci_hcd.0: port 0 already used [ 384.117967][T24599] vhci_hcd: connection closed [ 384.118548][T24526] vhci_hcd: connection reset by peer [ 384.120331][T24528] vhci_hcd: connection closed [ 384.128672][T24615] vhci_hcd: connection closed [ 384.135730][T15982] vhci_hcd: stop threads [ 384.171348][T15982] vhci_hcd: release socket [ 384.267808][T15982] vhci_hcd: disconnect device [ 384.408486][T15982] vhci_hcd: stop threads [ 384.468279][T15982] vhci_hcd: release socket [ 384.509215][T15982] vhci_hcd: disconnect device [ 384.568339][T15982] vhci_hcd: stop threads [ 384.667526][T15982] vhci_hcd: release socket [ 384.733181][T15982] vhci_hcd: disconnect device [ 384.807823][T15982] vhci_hcd: stop threads [ 384.938138][T15982] vhci_hcd: release socket [ 384.997990][T15982] vhci_hcd: disconnect device [ 388.099023][ T5884] vhci_hcd: vhci_device speed not set [ 395.599490][T25420] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 255 [ 396.633789][ T5832] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 396.643462][ T5832] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 396.660037][ T5832] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 396.672722][ T5832] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 396.680474][ T5832] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 396.687832][ T5832] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 398.811115][ T5832] Bluetooth: hci7: command tx timeout [ 400.889368][ T5832] Bluetooth: hci7: command tx timeout [ 402.789288][ T5906] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 403.025757][ T5832] Bluetooth: hci7: command tx timeout [ 403.129649][ T5906] usb 1-1: Using ep0 maxpacket: 32 [ 403.210873][ T5906] usb 1-1: config 244 has an invalid interface number: 162 but max is 0 [ 403.345474][ T5906] usb 1-1: config 244 has no interface number 0 [ 403.479161][ T5906] usb 1-1: config 244 interface 162 has no altsetting 0 [ 403.670229][ T5906] usb 1-1: New USB device found, idVendor=0e41, idProduct=4147, bcdDevice=99.14 [ 403.769198][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.884232][ T5906] usb 1-1: Product: syz [ 403.888562][ T5906] usb 1-1: Manufacturer: syz [ 403.995065][ T5906] usb 1-1: SerialNumber: syz [ 404.349609][T25831] netlink: 20 bytes leftover after parsing attributes in process `syz.0.784'. [ 404.531151][ T5906] snd_usb_toneport 1-1:244.162: Line 6 TonePort GX found [ 404.538357][ T5906] usb 1-1: selecting invalid altsetting 2 [ 404.759248][ T5906] snd_usb_toneport 1-1:244.162: set_interface failed [ 404.766170][ T5906] snd_usb_toneport 1-1:244.162: Line 6 TonePort GX now disconnected [ 404.974884][ T5906] snd_usb_toneport 1-1:244.162: probe with driver snd_usb_toneport failed with error -22 [ 405.047618][ T5832] Bluetooth: hci7: command tx timeout [ 405.169274][ T5906] usb 1-1: USB disconnect, device number 60 [ 406.036278][T26040] netlink: 830 bytes leftover after parsing attributes in process `syz.0.786'. [ 412.462591][T26479] netlink: 'syz.0.792': attribute type 10 has an invalid length. [ 412.559124][T26479] netlink: 40 bytes leftover after parsing attributes in process `syz.0.792'. [ 412.568079][T26479] batadv0: entered promiscuous mode [ 412.594957][T26479] batadv0: entered allmulticast mode [ 412.753758][T26479] bridge0: port 3(batadv0) entered blocking state [ 412.892795][T26479] bridge0: port 3(batadv0) entered disabled state [ 413.057236][T26479] bridge0: port 3(batadv0) entered blocking state [ 413.064111][T26479] bridge0: port 3(batadv0) entered forwarding state [ 413.268317][T26508] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 413.444914][T26508] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 413.516682][ T7148] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 413.526233][ T7148] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 413.596129][T26508] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 413.818994][T26508] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 414.144220][T26508] bridge0: port 3(batadv0) entered disabled state [ 414.596776][T26508] bridge0: port 3(batadv0) entered disabled state [ 416.125694][T26695] netlink: 24 bytes leftover after parsing attributes in process `syz.0.794'. [ 419.949215][T26942] netlink: 44 bytes leftover after parsing attributes in process `syz.0.797'. [ 421.369143][T27057] usb usb8: usbfs: process 27057 (syz.4.798) did not claim interface 0 before use [ 422.364942][ T24] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 422.699086][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 422.755772][ T24] usb 1-1: unable to get BOS descriptor or descriptor too short [ 422.919461][ T24] usb 1-1: config 255 has an invalid interface number: 81 but max is 0 [ 423.008975][ T24] usb 1-1: config 255 has an invalid descriptor of length 0, skipping remainder of the config [ 423.131147][ T24] usb 1-1: config 255 has no interface number 0 [ 423.137586][ T24] usb 1-1: config 255 interface 81 altsetting 3 has an endpoint descriptor with address 0x93, changing to 0x83 [ 423.332246][ T24] usb 1-1: config 255 interface 81 altsetting 3 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 423.403255][ T24] usb 1-1: config 255 interface 81 has no altsetting 0 [ 423.507344][ T24] usb 1-1: string descriptor 0 read error: -22 [ 423.589813][ T24] usb 1-1: New USB device found, idVendor=0dfc, idProduct=0001, bcdDevice=24.ac [ 423.711261][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.918745][ T24] input: USB Touchscreen 0dfc:0001 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:255.81/input/input15 [ 424.426246][ T24] usb 1-1: USB disconnect, device number 61 [ 426.239773][ T5147] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 426.259199][ T5147] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 426.267982][ T5147] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 426.279234][ T5147] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 426.286908][ T5147] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 426.294458][ T5147] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 428.427441][ T5147] Bluetooth: hci5: command tx timeout [ 430.209774][ T5832] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 430.258041][ T5832] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 430.329806][ T5832] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 430.366372][ T5832] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 430.403962][ T5832] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 430.426550][ T5832] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 430.478639][ T7283] bond0 (unregistering): Released all slaves [ 430.489647][ T5832] Bluetooth: hci5: command tx timeout [ 432.568075][ T5838] Bluetooth: hci6: command tx timeout [ 432.573979][ T5147] Bluetooth: hci5: command tx timeout [ 434.342378][ T31] INFO: task syz.2.629:19154 blocked for more than 143 seconds. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 434.554223][ T31] Not tainted 6.14.0-syzkaller-01103-g2df0c02dab82 #0 [ 434.639804][ T5838] Bluetooth: hci6: command tx timeout [ 434.645387][ T5838] Bluetooth: hci5: command tx timeout [ 434.659772][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 434.668523][ T31] task:syz.2.629 state:D stack:23720 pid:19154 tgid:19154 ppid:5848 task_flags:0x400040 flags:0x00004006 [ 434.851087][ T31] Call Trace: [ 434.889193][ T31] [ 434.892220][ T31] __schedule+0x1b18/0x50e0 [ 434.896774][ T31] ? __lock_acquire+0xad5/0xd80 [ 434.929000][ T31] ? __pfx___schedule+0x10/0x10 [ 434.934037][ T31] ? register_lock_class+0x54/0x330 [ 434.939792][ T31] ? schedule+0x90/0x360 [ 434.944105][ T31] ? schedule+0x90/0x360 [ 434.948395][ T31] schedule+0x163/0x360 [ 434.953200][ T31] schedule_timeout+0xb1/0x290 [ 434.958071][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 435.068931][ T31] ? wait_for_completion+0x30e/0x630 [ 435.074403][ T31] ? wait_for_completion+0x30e/0x630 [ 435.255352][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 435.331715][ T31] ? lockdep_hardirqs_on+0x9d/0x150 [ 435.337011][ T31] ? wait_for_completion+0x30e/0x630 [ 435.508906][ T31] wait_for_completion+0x360/0x630 [ 435.514134][ T31] ? __pfx_wait_for_completion+0x10/0x10 [ 435.793648][ T31] ? __flush_work+0xee/0xc60 [ 435.798343][ T31] __flush_work+0xa48/0xc60 [ 435.914015][ T31] ? __flush_work+0xee/0xc60 [ 435.959174][ T31] ? __pfx___flush_work+0x10/0x10 [ 435.964303][ T31] ? __pfx_wq_barrier_func+0x10/0x10 [ 436.128924][ T31] ? __pfx___timer_delete_sync+0x10/0x10 [ 436.134664][ T31] ? flush_delayed_work+0x149/0x1c0 [ 436.290300][ T31] flush_delayed_work+0x16a/0x1c0 [ 436.295512][ T31] ? __pfx_flush_delayed_work+0x10/0x10 [ 436.511280][ T31] fsnotify_destroy_group+0x21b/0x330 [ 436.516769][ T31] ? __pfx_fsnotify_destroy_group+0x10/0x10 [ 436.599955][ T31] inotify_release+0x42/0x80 [ 436.604730][ T31] ? __pfx_inotify_release+0x10/0x10 [ 436.715004][ T31] __fput+0x3e9/0x9f0 [ 436.749034][ T5838] Bluetooth: hci6: command tx timeout [ 436.769256][ T31] task_work_run+0x251/0x310 [ 436.774105][ T31] ? _raw_spin_unlock+0x28/0x50 [ 436.868711][ T31] ? __pfx_task_work_run+0x10/0x10 [ 436.898453][ T31] ? syscall_exit_to_user_mode+0xa3/0x340 [ 436.906653][ T31] syscall_exit_to_user_mode+0x13f/0x340 [ 436.983907][ T31] do_syscall_64+0x100/0x230 [ 436.988595][ T31] ? clear_bhb_loop+0x45/0xa0 [ 437.031937][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 437.037928][ T31] RIP: 0033:0x7f7ea9f8d169 [ 437.109039][ T31] RSP: 002b:00007f7eaa2cfb88 EFLAGS: 00000246 ORIG_RAX: 00000000000001b4 [ 437.117648][ T31] RAX: 0000000000000000 RBX: 00007f7eaa1a7ba0 RCX: 00007f7ea9f8d169 [ 437.299079][ T31] RDX: 0000000000000000 RSI: 000000000000001e RDI: 0000000000000003 [ 437.307182][ T31] RBP: 00007f7eaa1a7ba0 R08: 0000000000000268 R09: 0000001eaa2cfe7f [ 437.440060][ T31] R10: 00007f7eaa1a7ac0 R11: 0000000000000246 R12: 0000000000046700 [ 437.448159][ T31] R13: 00007f7eaa2cfc80 R14: ffffffffffffffff R15: 00007f7eaa2cfca0 [ 437.641416][ T31] [ 437.658496][ T31] [ 437.658496][ T31] Showing all locks held in the system: [ 437.843086][ T31] 2 locks held by kworker/u8:0/12: [ 437.848276][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 438.317524][ T31] #1: ffffc90000117c60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 438.578889][ T31] 2 locks held by kworker/u8:1/13: [ 438.584090][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 438.818701][ T5838] Bluetooth: hci6: command tx timeout [ 438.981836][ T31] #1: ffffc90000127c60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 439.331456][ T31] 1 lock held by khungtaskd/31: [ 439.336390][ T31] #0: ffffffff8eb3a760 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x30/0x180 [ 439.678965][ T31] 2 locks held by kworker/u8:2/36: [ 439.684158][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 439.809405][ T31] #1: ffffc90000ac7c60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 439.928991][ T31] 2 locks held by kworker/u8:3/53: [ 439.934177][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 440.039794][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.046259][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.164500][ T31] #1: ffffc90000bd7c60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 440.261550][ T31] 2 locks held by kworker/u8:4/68: [ 440.266725][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 440.407179][ T31] #1: ffffc9000156fc60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 440.577446][ T31] 2 locks held by kworker/u8:5/1097: [ 440.616402][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 440.755528][ T31] #1: ffffc90003fefc60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 440.888872][ T31] 2 locks held by kworker/u8:6/1164: [ 440.894271][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 441.116861][ T31] #1: ffffc900042dfc60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 441.182529][ T31] 2 locks held by kworker/u8:7/3568: [ 441.187889][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 441.338474][ T31] #1: ffffc9000d517c60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 441.409066][ T31] 2 locks held by getty/5596: [ 441.413821][ T31] #0: ffff88803500a0a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 441.483801][ T31] #1: ffffc9000331b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x53d/0x16b0 [ 441.528970][ T31] 1 lock held by kworker/0:3/5878: [ 441.534161][ T31] #0: ffff8880b8639ad8 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xb0/0x140 [ 441.624743][ T31] 3 locks held by kworker/1:5/5884: [ 441.688997][ T31] #0: ffff88801ac80d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 441.808012][ T31] #1: ffffc900042afc60 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 441.968949][ T31] #2: ffffffff8eb3fc78 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x384/0x830 [ 442.178893][ T31] 2 locks held by kworker/u8:8/5933: [ 442.184264][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 442.391333][ T31] #1: ffffc9000446fc60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 442.498973][ T31] 2 locks held by kworker/u8:9/7018: [ 442.526718][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 442.621363][ T31] #1: ffffc9000bdd7c60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 442.722620][ T31] 2 locks held by kworker/u8:10/7021: [ 442.728117][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 442.878929][ T31] #1: ffffc9000bdf7c60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 442.929093][ T31] 2 locks held by kworker/u8:11/7023: [ 442.934567][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 442.947593][ T31] #1: ffffc9000be07c60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 443.068659][ T31] 2 locks held by kworker/u8:12/7025: [ 443.142229][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 443.256621][ T31] #1: ffffc900015efc60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 443.425425][ T31] 2 locks held by kworker/u8:13/7031: [ 443.549628][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 443.729399][ T31] #1: ffffc9000be67c60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 443.811108][ T31] 2 locks held by kworker/u8:14/7035: [ 443.816562][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 444.021728][ T31] #1: ffffc900015cfc60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 444.197278][ T31] 2 locks held by kworker/u8:15/7038: [ 444.238543][ T31] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 444.319326][ T31] #1: ffffc9000158fc60 ((work_completion)(&sub_info->work)){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0