last executing test programs: 22m7.491400015s ago: executing program 0 (id=793): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000600)={0x18, 0x2e, 0x9, 0x70bd27, 0x0, {0x4, 0x0, 0x600}, [@nested={0x4, 0x16}]}, 0x18}, 0x1, 0x0, 0x0, 0x42804}, 0x84) 22m7.396089512s ago: executing program 0 (id=794): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r0, 0x4008af00, &(0x7f0000000080)=0x200000000) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000001680)) r1 = eventfd2(0x1, 0x1) ioctl$VHOST_SET_VRING_ERR(r0, 0x4008af22, &(0x7f00000001c0)={0x0, r1}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000000)={0x0, r1}) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) 22m7.216202129s ago: executing program 0 (id=795): unshare(0x22020600) bpf$TOKEN_CREATE(0x24, 0x0, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="b8000000fcffffff000000007f000001000000000000000000000000fe8000000000000000000000000000aa4e2200004e2400000a003a6008000000", @ANYRESDEC=r0, @ANYRES32=0xee01, @ANYBLOB="000000000000000001040000000000100000000000000000000000400000000006000000000000001a000000000000000100000000000000feffffffffffffff770000000000000003000000000000000000000000000000ff7f00000000000104000000b16b6e000100030000000000"], 0xb8}}, 0x20000011) munmap(&(0x7f0000001000/0x3000)=nil, 0x3000) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs2/custom0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, &(0x7f0000000100)={0x73622a85, 0x0, 0x1}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r4 = dup3(r3, r2, 0x0) r5 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r5, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r5, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) r6 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r6, 0x6, 0x0, 0x0, 0x0) r7 = fsmount(r6, 0x0, 0x0) fchdir(r7) io_setup(0x1, &(0x7f00000004c0)=0x0) r9 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x101042, 0x0) io_submit(r8, 0x1, &(0x7f0000000200)=[&(0x7f0000000280)={0xffffff7f00000000, 0x0, 0x0, 0x1, 0xfffd, r9, 0x0, 0x0, 0x400a00}]) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000640)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r5, 0xc0306201, &(0x7f0000000440)={0x0, 0x1000000, 0x0, 0x1, 0xa00, &(0x7f00000005c0)="c6"}) sendto$inet6(r0, &(0x7f0000000240)="8a", 0x1, 0x4040050, &(0x7f0000000080)={0xa, 0x3, 0x1, @local, 0x9}, 0x1c) 22m6.066209087s ago: executing program 0 (id=801): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) pivot_root(&(0x7f0000000a00)='./file0/../file0/../file0/../file0\x00', &(0x7f0000000080)='./file0/../file0/../file0/../file0/file0\x00') socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) execve(0x0, 0x0, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000380)=0x0) sched_setattr(r4, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000003c0)=@bridge_getneigh={0x20, 0x1e, 0xd01, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0xa001, 0x45001}}, 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@dev={0xfe, 0x80, '\x00', 0x3c}, 0x800, 0x0, 0x103, 0x1, 0x0, 0x0, 0x2000000}, 0x20) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000040)) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x19, 0x0, 0x0) setsockopt$netlink_NETLINK_DROP_MEMBERSHIP(r5, 0x10e, 0x2, &(0x7f0000000140)=0x2, 0x4) socket$nl_route(0x10, 0x3, 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'macvlan0\x00'}) r7 = socket(0x10, 0x3, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000180)={'wlan1\x00'}) sendmsg$nl_route_sched(r7, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000800)=@gettaction={0x1b4, 0x32, 0x200, 0x70bd25, 0x25dfdbfb, {}, [@action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x9}, @action_gd=@TCA_ACT_TAB={0x54, 0x1, [{0x10, 0x10, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'police\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x44}}, {0xc, 0x4, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x20, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x4}}, {0x10, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'mirred\x00'}}, {0xc, 0x0, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}]}, @action_gd=@TCA_ACT_TAB={0x50, 0x1, [{0xc, 0x5, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xa1d}}, {0xc, 0x6, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0x10, 0xa, 0x0, 0x0, @TCA_ACT_KIND={0x9, 0x1, 'gact\x00'}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0xc, 0x16, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xf}}, {0xc, 0x10, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x5}}]}, @action_dump_flags=@TCA_ROOT_TIME_DELTA={0x8, 0x4, 0x7}, @action_gd=@TCA_ACT_TAB={0x7c, 0x1, [{0xc, 0x9, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x6}}, {0xc, 0x1d, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}, {0x10, 0x5, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0x14, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xf, 0x1, 'tunnel_key\x00'}}, {0xc, 0xb, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0xf}}, {0xc, 0x14, 0x0, 0x0, @TCA_ACT_INDEX={0x8}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x401}}, {0xc, 0xd, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x7}}, {0xc, 0xe, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x9}}]}, @action_gd=@TCA_ACT_TAB={0x70, 0x1, [{0x10, 0x1a, 0x0, 0x0, @TCA_ACT_KIND={0xa, 0x1, 'pedit\x00'}}, {0xc, 0x12, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0x10, 0x14, 0x0, 0x0, @TCA_ACT_KIND={0xb, 0x1, 'sample\x00'}}, {0xc, 0x1e, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x2}}, {0xc, 0x1c, 0x0, 0x0, @TCA_ACT_KIND={0x7, 0x1, 'xt\x00'}}, {0xc, 0x11, 0x0, 0x0, @TCA_ACT_KIND={0x8, 0x1, 'ipt\x00'}}, {0xc, 0x17, 0x0, 0x0, @TCA_ACT_INDEX={0x8, 0x3, 0x1}}, {0x10, 0x13, 0x0, 0x0, @TCA_ACT_KIND={0xc, 0x1, 'skbedit\x00'}}]}]}, 0x1b4}}, 0x880) socket$nl_route(0x10, 0x3, 0x0) 22m2.952860953s ago: executing program 0 (id=811): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000001240)=@newqdisc={0x40, 0x24, 0x3fe3aa0262d8c583, 0x70bd29, 0x25dfdbfe, {0x0, 0x0, 0x0, r1, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x10, 0xe}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_QUANTUM={0x8, 0x3, 0x468fe4e8}, @TCA_FQ_FLOW_PLIMIT={0x8, 0x2, 0x4}]}}]}, 0x40}, 0x1, 0x0, 0x0, 0x4}, 0x4048000) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r2, 0x6, 0x5, &(0x7f0000000040)=0x24, 0x5) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e20, @private=0xa010100}, 0x10) setsockopt$inet_int(r2, 0x0, 0x13, &(0x7f0000000000)=0x800, 0x4) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(0xffffffffffffffff, 0xc01864c6, &(0x7f0000000100)={&(0x7f00000000c0)=[0x0], 0x1, 0x80000, 0x0, 0xffffffffffffffff}) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_DEBUG_SET(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)={0x38, r5, 0x1, 0x0, 0x25dfdbfc, {}, [@ETHTOOL_A_DEBUG_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}, @ETHTOOL_A_DEBUG_MSGMASK={0xc, 0x2, 0x0, 0x1, [@ETHTOOL_A_BITSET_BITS={0x4}, @ETHTOOL_A_BITSET_VALUE={0x4}]}]}, 0x38}}, 0x2008040) r6 = socket$inet6(0xa, 0x2, 0x0) r7 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r7) getsockname$packet(r7, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000000c0)=0x14) sendmsg$nl_route(r7, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000001c0)=@newlink={0x58, 0x10, 0x437, 0x0, 0x0, {0x0, 0x0, 0x0, r8, 0x50483}, [@IFLA_LINKINFO={0x38, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0x28, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5, 0x9, 0x4}, @IFLA_IPTUN_REMOTE={0x14, 0x3, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}}, @IFLA_IPTUN_FLAGS={0x8, 0x8, 0x17}]}}}]}, 0x58}, 0x1, 0x0, 0x0, 0x9005}, 0x0) sendmmsg$inet(r6, &(0x7f0000000880)=[{{&(0x7f0000000580)={0x2, 0x4e1c, @multicast1}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@ip_pktinfo={{0x1c, 0x0, 0x8, {r8, @empty, @multicast1}}}], 0x20}}], 0x1, 0x4880) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x20000050) r9 = socket$inet6(0xa, 0x80002, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) setsockopt$inet6_mreq(r9, 0x29, 0x1b, &(0x7f0000000000)={@dev}, 0x14) r10 = socket$netlink(0x10, 0x3, 0x0) r11 = socket$inet6(0xa, 0x3, 0xff) sendto(r11, 0x0, 0xa00, 0x810, &(0x7f00000008c0)=@nl=@unspec={0x0, 0x700, 0x0, 0x80fe}, 0x80) sendmsg$netlink(r10, &(0x7f0000000740)={0x0, 0x0, &(0x7f00000002c0)=[{&(0x7f0000000300)=ANY=[@ANYBLOB="20000000110001000000000000000000100000e60b"], 0x20}], 0x1}, 0x0) r12 = socket(0x400000000010, 0x3, 0x0) r13 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r13, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r12, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000400)=@newqdisc={0x9c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffdffff, {0x0, 0x0, 0x0, r14, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x10, 0x2}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x4c, 0x2, [@TCA_PIE_LIMIT={0x8, 0x2, 0x2}, @TCA_PIE_BYTEMODE={0x8}, @TCA_PIE_ECN={0x8}, @TCA_PIE_TARGET={0x8, 0x1, 0x1000000}, @TCA_PIE_LIMIT={0x8, 0x2, 0xc}, @TCA_PIE_TUPDATE={0x8, 0x3, 0xd}, @TCA_PIE_ECN={0x8, 0x6, 0x1}, @TCA_PIE_TUPDATE={0x8, 0x3, 0x9}, @TCA_PIE_LIMIT={0x8, 0x2, 0x4}]}}, @TCA_STAB={0x24, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x3, 0x6, 0xf, 0x8000, 0x1, 0x7, 0x7}}, {0x4}}]}]}, 0x9c}}, 0x44080) sendmsg$ETHTOOL_MSG_STRSET_GET(r3, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000200)={&(0x7f0000000180)={0x54, r5, 0x1, 0x70bd26, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_HEADER={0x38, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x4000010}, 0x40000c0) 22m2.469212296s ago: executing program 0 (id=816): fsopen(0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$IPSET_CMD_GET_BYNAME(0xffffffffffffffff, 0x0, 0xc004004) sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x1, 0x401, 0x0, 0x92, 0x55, 0x8, 0x1000006, 0x4}, 0x0) io_uring_enter(0xffffffffffffffff, 0x47f9, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000, 0x2, &(0x7f0000ffc000/0x3000)=nil) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x109800, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000240)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x18, r4}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000340)={0x53, 0x2, r3}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, &(0x7f00000001c0)={0x48, 0x1, r3, 0x0, 0x7, 0x1}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, 0x0) r5 = fsopen(&(0x7f0000000000)='f2fs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000280)='test_dummy_encryption', &(0x7f0000000180)='v2to_da_alloc', 0x0) r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r6, &(0x7f0000000300)='0\x00', 0x2) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[], 0xb}}, 0x0) ioprio_set$pid(0x2, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000540)={0x0, 0xffffffffffffffff, 0x0, 0xd7, &(0x7f0000000580)=' U\xb5\xa6c\x9c\xf6b#\x0f\xc3\x9a9g\x9f%f\x9bcS\xc1\xa5\xfcR-\x9e\x9f\xd8\'R\x94\xb1\xcf\xdc6\xf5\xc0\xea\x15\x83$\xb03]z\xe1\x8f]{\xab\xed6<:\xbd\xebtyY0-\xa5\x87\xd5\xaa\xed\xe3\xe8\xa5rJ\xe2\xbe\xef\x9f{\xe4\xae|W\xce\xb0\xed-\x91i\xba\xcb_R\x13`T3\x18\x013\xa4+* \x84\xd0\xc2\x84-\x88<5\xe1\xf1\xad\x95S\x19\xe3\xe7\xb2\xe4\x91\xe2\xc4\x0e\xac\xed\xf8\x88\x06}X(R\xc8\x1bF\xe5\xa8Dmjz\n\x1b\xd9O\xe39\x87\xa6\xc6Ep\xa3x\xd6\xdd1\xd1/\xae\xeex\x01\xca\x960\xb7\xf2E`R\v\xd7\xcb\xc4\x80\x1d\x96\xb6\x8c]\xdb\x1d\xb0\x99`Ug\xff|q\v\xc5I\x85\xef\vc\xa8N\x03\xbc\xc6\xa5\xed\xe2\x15yVZ\x8eHp\xa5Z'}, 0x30) r8 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0), 0x40202, 0x0) sendfile(r8, r8, 0x0, 0x4800000009) socket$kcm(0x11, 0x3, 0x0) 22m1.779107549s ago: executing program 32 (id=816): fsopen(0x0, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg$IPSET_CMD_GET_BYNAME(0xffffffffffffffff, 0x0, 0xc004004) sched_setattr(0x0, &(0x7f0000000140)={0x38, 0x0, 0x1, 0x401, 0x0, 0x92, 0x55, 0x8, 0x1000006, 0x4}, 0x0) io_uring_enter(0xffffffffffffffff, 0x47f9, 0x0, 0x0, 0x0, 0x0) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x3000, 0x2, &(0x7f0000ffc000/0x3000)=nil) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x109800, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000100)={0xc, 0x0, 0x0}) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000080)={'ip6tnl0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={0x0}}, 0x0) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000240)={@initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0x18, r4}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f0000000340)={0x53, 0x2, r3}) ioctl$IOMMU_TEST_OP_ADD_RESERVED(r2, 0x3ba0, &(0x7f00000001c0)={0x48, 0x1, r3, 0x0, 0x7, 0x1}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, 0x0) r5 = fsopen(&(0x7f0000000000)='f2fs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r5, 0x1, &(0x7f0000000280)='test_dummy_encryption', &(0x7f0000000180)='v2to_da_alloc', 0x0) r6 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r6, &(0x7f0000000300)='0\x00', 0x2) r7 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$TIPC_NL_BEARER_ENABLE(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=ANY=[], 0xb}}, 0x0) ioprio_set$pid(0x2, 0x0, 0x0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000540)={0x0, 0xffffffffffffffff, 0x0, 0xd7, &(0x7f0000000580)=' U\xb5\xa6c\x9c\xf6b#\x0f\xc3\x9a9g\x9f%f\x9bcS\xc1\xa5\xfcR-\x9e\x9f\xd8\'R\x94\xb1\xcf\xdc6\xf5\xc0\xea\x15\x83$\xb03]z\xe1\x8f]{\xab\xed6<:\xbd\xebtyY0-\xa5\x87\xd5\xaa\xed\xe3\xe8\xa5rJ\xe2\xbe\xef\x9f{\xe4\xae|W\xce\xb0\xed-\x91i\xba\xcb_R\x13`T3\x18\x013\xa4+* \x84\xd0\xc2\x84-\x88<5\xe1\xf1\xad\x95S\x19\xe3\xe7\xb2\xe4\x91\xe2\xc4\x0e\xac\xed\xf8\x88\x06}X(R\xc8\x1bF\xe5\xa8Dmjz\n\x1b\xd9O\xe39\x87\xa6\xc6Ep\xa3x\xd6\xdd1\xd1/\xae\xeex\x01\xca\x960\xb7\xf2E`R\v\xd7\xcb\xc4\x80\x1d\x96\xb6\x8c]\xdb\x1d\xb0\x99`Ug\xff|q\v\xc5I\x85\xef\vc\xa8N\x03\xbc\xc6\xa5\xed\xe2\x15yVZ\x8eHp\xa5Z'}, 0x30) r8 = openat$random(0xffffffffffffff9c, &(0x7f00000003c0), 0x40202, 0x0) sendfile(r8, r8, 0x0, 0x4800000009) socket$kcm(0x11, 0x3, 0x0) 7.614293461s ago: executing program 2 (id=5294): r0 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000340)=0x63ba, 0x4) ioctl$SIOCGSTAMPNS(r0, 0x8907, 0x0) 7.329781251s ago: executing program 3 (id=5297): socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet(0xa, 0x801, 0x84) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, 0x0, 0x0) timer_create(0x0, &(0x7f0000001080)={0x0, 0x12, 0x4}, &(0x7f0000044000)) rt_tgsigqueueinfo(0x0, 0x0, 0x30, &(0x7f00000002c0)={0x3f, 0x3, 0x1ff}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x60140, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000bbdffc)) pipe2(&(0x7f0000000040), 0x4000) ioctl$KVM_SET_MP_STATE(r4, 0x4004ae99, &(0x7f00000001c0)=0x3) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000569000/0x18000)=nil, &(0x7f0000000240)=[@textreal={0x8, &(0x7f0000000900)="65f30fa7e066b94209000066b81286694866ba000000000f30baa100ec65a00000660f3881433f640f07b801088ed8baf80c66b834ff178166efbafe0cb000eeb8000002c0640f01cf", 0x49}], 0x1, 0x30, 0x0, 0x0) ioctl$KVM_SET_LAPIC(r4, 0x4400ae8f, &(0x7f0000000380)={"6cdd4237dd245c8404721efdc9c8dc1964125fa96fa42b761c6ec25b2bec0ba4c81036c93a40c8a4d4412a763b00040000000000003c5ca206c047ecee377abaece6b88378e38e06c5fc191f361d264ffa8b46485f02baee1ab6b8154252066178868d1ef4b53606000000000000007c21a984c2b9ca4bbb7a87165c0c1dbc75d7ea4df1001000000000694525952f44500a1f0db509c32cc7ace842c28f37f06e4ea9f1e5f0c6c379f9cc58bf69fcde317fad4825aa1b6a832d4e48cc41bb5a6baa41d614f6c8941bee805954a62d196a4e8d4bf6b21224b57f530d0000c1ffd3bf79a1f5c5dc34cf2645cbc11c4562d22db8780edc5daee171cc04d96d9ec2db07478f347edbd6424923ad4a5672b1b285c7988c4ec0922c655ff600000000c00dc290d936d93236051fadfb4b95d02c0bda7ce38dabb7cd103fe4d0c9c963cd717a77f8df8d46099b1f580968af6afbbc19db161c6df3e7c9c71bc08a282fc2c142856b5e4caff4c0a4f72445ef10dcd2c569319d6e9bb2058d023f669a64fc7d9684b45b000000fb354673dcfa9235ea5a2ff23c4bb5c5acb290e8976dcac779ff0100f5620000003d4e185afe28a774b99d3890bd37428617de4cdd6f53c419ce78754182fd098af7b7f1b1152c691611f897558d4b755cb783978d9859b0537b05b623dcb5c4ca9317471a40fa4998cca80e961efffb4e1aa25d8a17deef0c8694c4395fc99be3c3fe7aeb8af4929ce7d346ca62b25d48fda5d10146702f78b233b5208752726ed9f0c340d494b92d19cc930bb8a5f8b4da8f4603ac0c3b698384e17a570dc8524823ed15af4ecfabb4b2541d3c114b7bba1c21a845c9cf0d1cc24aba47e30f558b2246ad95ccf7d2f80cc0ab26f08336ea1a33b79cf35b898837016eb211a1734c7af076e15451e33519fc978f26df7df4557c91024a8dc130a28ef5f63ad07b39c8d23b85cf434e065e8a29a80047fe17dee6f6347b4951f97b5703dc78b1ca9d74ea6a9ae12ab367c0de2659cc38d2f33ddd86e0597d33361eada119b5132155fa4525c488c7fffd6ceda6e9a02ebd97ced6b0161f2cc84615ceb8b18883299c636e9e46724a9a0600a8bb02f3e489631d522019a35fe12a33caf9dd8768ddbc02a484c345c3eff254297b1dbb04989c3f9f3c7b3c985c39b1d313018068d3809bac8c657e39f4f692613e28387e955722908dd88b56163be8312ff47c5b6f280472935af74e97a5a8110a4d74496f4c8ec82ddb010100000000000001a047526865c888c9ff36056cc4ad258021e1581d43badaaec6cc5a2ef989de9801fed6d4be2bfcfe656c9c46bffbe9dd03970800000000000000d372bdd6d89dc1ecf63c23d506114d0fba2bd1c69e8f7e3fccdcda85ce975ec1381b1cec6ddaa76e186719d819164300"}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 7.306444728s ago: executing program 2 (id=5298): getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, 0x0, &(0x7f0000000040)) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x2, 0x7, 0xfffffe0001000001, 0xfa11, 0xffffffff}, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r3}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r3, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) ioctl$IOMMU_IOAS_UNMAP$ALL(r2, 0x3b86, &(0x7f0000000040)={0x18, r3}) 5.844338997s ago: executing program 1 (id=5303): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) r1 = fcntl$dupfd(r0, 0x406, r0) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000000)={0x1, &(0x7f0000000280)=[{0x6, 0xfd, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendmmsg$inet(r0, &(0x7f0000002bc0)=[{{0x0, 0x0, &(0x7f0000000f40)=[{&(0x7f0000000b00)="f8a2075673c9dfff19f3d32c62c85b6e2e708fed5eb634b8714acdb07a92552e66690d359207ea5a2e95db72fadd620d105fcd22c22781b8c63ac6e171640a62ab8b1bdb27011b", 0x47}, {&(0x7f0000000b80)="d480044576b000e25389284568961b468b3b94dac87e734f4a118d0dd8db1a74906ebfbf4ead95d13e7bf9b479aa3f22b60b238d78a3527ac0cd94664156f51764b731a0c075be544842f52039856dc9e4", 0x51}, {&(0x7f0000000c80)="14f9e80788d5e9ea8729851b606a409e39b7054e91aac3f9e0b8d36cb2c3926ac165d79d8368743a3be1a595bb", 0x2d}], 0x3}}], 0x1, 0x11) syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), r1) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r1) 5.696920894s ago: executing program 1 (id=5307): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x44, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@NFTA_RULE_EXPRESSIONS={0x18, 0x4, 0x0, 0x1, [{0x14, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x4}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x6c}}, 0x0) 5.526779069s ago: executing program 1 (id=5308): socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_xfrm(0x10, 0x3, 0x6) syz_io_uring_submit(0x0, 0x0, &(0x7f0000000200)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffffff, 0x0, &(0x7f0000000b40)='./file1\x00', 0x0, 0x100, 0x12345}) r0 = syz_io_uring_setup(0x81f, &(0x7f0000000480)={0x0, 0xfe15, 0x10, 0x0, 0x30f}, &(0x7f00000000c0)=0x0, &(0x7f0000000540)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x30, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x1}) io_uring_enter(r0, 0x47bc, 0x218, 0x21, 0x0, 0x0) 5.325511632s ago: executing program 2 (id=5310): socketpair$unix(0x1, 0x3, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) mmap(&(0x7f0000000000/0xe7e000)=nil, 0xe7e000, 0xfffffffffffffffe, 0x4031, 0xffffffffffffffff, 0x0) memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) write$binfmt_register(0xffffffffffffffff, 0x0, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x270, 0x0, 0x0}, 0x20040010) io_submit(0x0, 0x1, &(0x7f0000000200)=[&(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0x2}, 0x7, 0x0, &(0x7f0000000040)={{0x0, 0x0, 0x2}}, 0x0, 0x0}}) fsopen(&(0x7f00000001c0)='devpts\x00', 0x0) r3 = socket$inet(0xa, 0x801, 0x84) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x1, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002e000000850000007d00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x35, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r4, 0x0, 0xe40, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) r5 = accept4(r3, 0x0, 0x0, 0x0) sendto$inet(r5, 0x0, 0x0, 0x0, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x4000000) sendmsg$NFT_BATCH(r6, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000042c0)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x7}}, [@NFT_MSG_NEWRULE={0x7c, 0x6, 0xa, 0x403, 0x0, 0x0, {0xa, 0x0, 0x5}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_RULE_EXPRESSIONS={0x50, 0x4, 0x0, 0x1, [{0x4c, 0x1, 0x0, 0x1, @target={{0xb}, @val={0x3c, 0x2, 0x0, 0x1, [@NFTA_TARGET_INFO={0x24, 0x3, "7339f2f304fdd672bad09dfb040000000000000001f9580dabf95ddc91967c20"}, @NFTA_TARGET_REV={0x8}, @NFTA_TARGET_NAME={0xc, 0x1, 'RATEEST\x00'}]}}}]}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa4}, 0x1, 0x0, 0x0, 0x4000850}, 0x20008040) 5.177328161s ago: executing program 3 (id=5312): socket$kcm(0x10, 0x0, 0x0) openat$binfmt(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000090000000000000000000000850000002a000000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000040)='sys_exit\x00', r0}, 0x10) lchown(&(0x7f0000000000)='./cgroup/cgroup.procs\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000340)=0x7) r2 = syz_open_dev$video4linux(&(0x7f0000001380), 0x5, 0x0) ioctl$VIDIOC_SUBDEV_S_CROP(r2, 0xc038563c, &(0x7f0000000040)={0x0, 0x0, {0x6, 0x800000ff, 0xf00, 0x2000005}}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x1}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r5, 0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="12000000040000000400000012"], 0x48) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f00000048c0)={r6, &(0x7f00000047c0), &(0x7f0000004880)=@udp=r5}, 0x20) bpf$BPF_BTF_LOAD(0x12, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="9feb010018000000000000002c0000002c00000005000000000000000200000d0000000000000000020000000000000000001800030000000000000e01000000000000000000005f"], 0x0, 0x49, 0x0, 0x1}, 0x28) set_mempolicy(0x6, &(0x7f00000003c0)=0x8000000000000001, 0xe0) 5.061891213s ago: executing program 1 (id=5313): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="120100004bec0220a20603008cb4010203010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 4.887002583s ago: executing program 4 (id=5314): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x2c240, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000000440)={r0, 0x2000, {0x0, 0x0, 0x0, 0x8, 0x7fffffffffffffff, 0x0, 0x0, 0x0, 0x1c, "339f020bbe78b39843d601010000000000080d0ec0c1b4e9b1c4369d03741250ceaac50104000041dd17c18e8438ef2a565ef1e833236500", "a1163939c787a16c1ca43f8539f3d3289737f0374c72a964a0193b3e8772fd29f35239d200", "24431a5e77a68e174f000300ffffffffff0fe200"}}) 3.822100232s ago: executing program 4 (id=5316): r0 = syz_open_dev$swradio(&(0x7f0000000140), 0x1, 0x2) write$binfmt_elf64(0xffffffffffffffff, 0x0, 0x10a) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000200)={0x9e0000, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x0}) 3.641287518s ago: executing program 2 (id=5318): mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x1000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000001a300)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f00000003c0)=0x6) read$FUSE(0xffffffffffffffff, &(0x7f0000001080)={0x2020}, 0x2020) socket$inet6_tcp(0xa, 0x1, 0x0) socket$inet(0x2, 0x2, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r4, 0x8933, &(0x7f0000000280)={'wg0\x00'}) sendmsg$nl_route(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000180)={0x0}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="0e000000040000000800"], 0x50) r5 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000100)='/proc/timer_list\x00', 0x0, 0x0) preadv(r5, &(0x7f0000000440)=[{&(0x7f0000000180)=""/82, 0x52}], 0x1, 0xd651, 0x72b) 3.62725717s ago: executing program 4 (id=5319): getpid() syz_emit_vhci(&(0x7f0000001800)=ANY=[@ANYBLOB="040e0c"], 0xf) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x5) r1 = bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)=@generic={&(0x7f0000000240)='./file0\x00', 0x0, 0x18}, 0x18) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, r1, 0x17f6000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$SO_ATTACH_FILTER(r6, 0x1, 0x1a, &(0x7f0000fbe000)={0x2, &(0x7f00000004c0)=[{0x28, 0x0, 0x6, 0xff}, {0x80000006, 0x0, 0x12, 0xf6}]}, 0x10) sendmsg$nl_generic(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000001ac0)={0x0}, 0x1, 0x0, 0x0, 0x4000d}, 0x20000000) ioctl$SIOCSIFHWADDR(r4, 0x8b04, &(0x7f0000000100)={'wlan1\x00', @random='\n\x00'}) accept4$inet(0xffffffffffffffff, &(0x7f0000000400)={0x2, 0x0, @empty}, &(0x7f0000000040)=0x6, 0x800) getsockopt$sock_timeval(r4, 0x1, 0x14, &(0x7f00000001c0), &(0x7f00000000c0)=0x10) r7 = socket$packet(0x11, 0x3, 0x300) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x3, 0xc, &(0x7f0000000c40)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020642500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500000006000000850000002300000095"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x2}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r9, 0x0, 0xd, 0x0, &(0x7f0000000100)="edb9547ed387dbe9abc89b6f5b", 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'ip6gretap0\x00', 0x0}) sendto$packet(r7, &(0x7f0000000180)="a6bea8a120e5f8320c30ce5086dda5e986f34c10d8c39c3002de8ec4", 0x1c, 0x0, &(0x7f0000000140)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @random="ad446050e878"}, 0x14) r11 = socket$kcm(0x2, 0x200000000000001, 0x0) r12 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.throttle.io_serviced_recursive\x00', 0x26e1, 0x0) setsockopt$sock_attach_bpf(r11, 0x1, 0x3e, &(0x7f0000000100)=r12, 0x4) sendmsg$inet(r11, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10000000}, 0x52cc) 3.137860828s ago: executing program 3 (id=5321): syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="040eec9e2720"], 0x7) 2.85662036s ago: executing program 3 (id=5324): openat$ppp(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 2.635995227s ago: executing program 5 (id=5325): ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, 0x0) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000600)={0x11, 0x3, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f00000003c0)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000140)='contention_end\x00', r0}, 0x10) r1 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000180), 0x101, 0x0) ioctl$SOUND_MIXER_WRITE_VOLUME(r1, 0xc0044d0d, &(0x7f00000001c0)=0x5c) 2.500900389s ago: executing program 5 (id=5326): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x20, 0x4, &(0x7f0000000000)=@framed={{}, [@ldst={0x1, 0x3, 0x3, 0x0, 0x1, 0x8}]}, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @netfilter=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) connect$unix(0xffffffffffffffff, &(0x7f0000000240)=@abs={0x0, 0x0, 0x4e21}, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$inet6_tcp_TLS_TX(0xffffffffffffffff, 0x11a, 0x1, 0x0, 0x0) socket(0x10, 0x3, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_FILTER(r2, 0x65, 0x1, &(0x7f00000000c0), 0xf00) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000180)={'vxcan1\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r5, {0x7, 0x6}, {0xffff}, {0x1}}}, 0x24}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a05000000000000000000010000000900010073797a300000000040000000030a01020000000000000000010000000900010073797a30000000000900030073797a3000000000140004800800024000000000080001400000000568000000060a010400000008000000000100000008000b4000000000400004803c0001800a0001006d617463680000002c0002800800010065636e000c000300e4edf2b75cc7c0a308000240000000000c000100706b7474797065000900010073797a300000000014000000110001"], 0xf0}}, 0x0) r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r6, 0x2285, &(0x7f00000000c0)={0x53, 0xfffffffe, 0x6, 0x2, @scatter={0x0, 0x40000, 0x0}, &(0x7f0000000080)="0000501effd4", 0x0, 0x800001, 0x10030, 0x1, 0x0}) r7 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$NL80211_CMD_CANCEL_REMAIN_ON_CHANNEL(r0, &(0x7f00000002c0)={&(0x7f0000000140), 0xc, &(0x7f0000000280)={&(0x7f0000000400)=ANY=[@ANYBLOB="2cbf80d848eaf71ca69ed88fd1ac66bb3df6dd4b", @ANYRES16=r7, @ANYBLOB="000829bd7000ffdbdf25380000000c00990009000000680000000c0058003100000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x40}, 0x4000008) setsockopt$netlink_NETLINK_NO_ENOBUFS(r0, 0x10e, 0xc, &(0x7f0000000040)=0x7f, 0x4) 2.454092212s ago: executing program 3 (id=5327): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x80b00, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000580)={0xc2f12bb1a2f1c6a9, 0x0, @ioapic={0x4000, 0xb, 0xfffffffe, 0xfffffffc, 0x0, [{0xc, 0x5, 0x9, '\x00', 0xb4}, {0x83, 0xd, 0x4, '\x00', 0x4b}, {0xae, 0xe, 0x5, '\x00', 0x40}, {0x0, 0xc, 0x3, '\x00', 0x7}, {0x8, 0xc, 0x8, '\x00', 0xa8}, {0x2, 0x91, 0x6, '\x00', 0xff}, {0x7, 0x3, 0x47, '\x00', 0x6}, {0x5, 0x1, 0x3, '\x00', 0x7a}, {0xe, 0x4, 0xaa, '\x00', 0x1}, {0x9, 0xdc, 0x6, '\x00', 0x4}, {0x3, 0xe2, 0x9, '\x00', 0x8}, {0x5, 0x7, 0x6, '\x00', 0x8}, {0x4, 0x8a, 0x6, '\x00', 0xdd}, {0x3, 0xf1, 0x6, '\x00', 0x9}, {0x20, 0x65, 0x0, '\x00', 0x2}, {0x6, 0x9b, 0x42, '\x00', 0x23}, {0x6, 0x2, 0xc, '\x00', 0x3}, {0x0, 0x6, 0x9, '\x00', 0x4}, {0xf, 0x6, 0x6, '\x00', 0x1}, {0x9, 0x3, 0x3, '\x00', 0x4}, {0x1, 0x4, 0x7, '\x00', 0x4}, {0xd, 0x40, 0xa, '\x00', 0x6}, {0x15, 0x8, 0x7, '\x00', 0x2}, {0x92, 0x6, 0xfa, '\x00', 0x42}]}}) 2.229286217s ago: executing program 3 (id=5328): socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x21800, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000380), &(0x7f0000000480)=""/82, 0x52, 0x0) socket(0x1d, 0x2, 0x6) openat$dsp(0xffffffffffffff9c, &(0x7f0000000300), 0x6000, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_ENABLE(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x54, r5, 0x1, 0x0, 0x0, {}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @local}}, {0x14, 0x2, @in={0x2, 0x0, @multicast1}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000280)={0x30, r3, 0x1, 0x0, 0x4000000, {{}, {}, {0x14, 0x17, {0x0, 0x401, @l2={'ib', 0x3a, 'wg1\x00'}}}}}, 0x30}, 0x1, 0x0, 0x0, 0x24008044}, 0x0) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, &(0x7f0000000000)=[0xffffffffffffffff], 0x1) 2.143452478s ago: executing program 5 (id=5329): r0 = syz_open_dev$swradio(&(0x7f0000000140), 0x1, 0x2) ioctl$VIDIOC_G_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000200)={0x9e0000, 0x0, 0x9, 0xffffffffffffffff, 0x0, 0x0}) 2.031371447s ago: executing program 4 (id=5330): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) ioctl$VHOST_NET_SET_BACKEND(r0, 0x8008af26, &(0x7f00000000c0)) 2.028729098s ago: executing program 1 (id=5331): r0 = socket$nl_generic(0x10, 0x3, 0x10) fadvise64(r0, 0x1000, 0x8000000000000000, 0x2) r1 = socket(0xa, 0x3, 0x3a) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r1, 0x84, 0x13, &(0x7f00000000c0)=0x1, 0x4) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) chroot(0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0xc, 0x8001, 0x0, 0x9, 0x4f, 0x8, 0xfa11, 0x1}, 0x0) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000140)=[{0x6, 0x0, 0xe, 0x7fff0000}]}) close_range(r4, 0xffffffffffffffff, 0x0) epoll_create(0x10000e9) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000200), 0x2) r6 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r6, 0xffff) fcntl$addseals(r6, 0x409, 0x7) ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000100)={r6, 0x0, 0x0, 0x1000}) r7 = syz_io_uring_setup(0x111, &(0x7f00000007c0)={0x0, 0xf453, 0x80, 0x0, 0x2f}, &(0x7f0000000240)=0x0, &(0x7f0000000180)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x241}}) io_uring_enter(r7, 0x47f6, 0x880e, 0x0, 0x0, 0x0) getsockopt$inet_pktinfo(0xffffffffffffffff, 0x0, 0x50, 0x0, &(0x7f0000000040)=0x54) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x1}, 0x2) r10 = io_uring_setup(0x76fc, &(0x7f0000000340)={0x0, 0xafd4, 0x1000, 0x5, 0x2d2}) io_uring_register$IORING_REGISTER_BUFFERS(r10, 0x0, &(0x7f0000000540)=[{0x0}], 0x1) io_uring_register$IORING_REGISTER_FILES(0xffffffffffffffff, 0x1e, &(0x7f0000000000), 0x0) 1.94802358s ago: executing program 5 (id=5332): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @cmp={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_CMP_SREG={0x8}, @NFTA_CMP_OP={0x8, 0x2, 0x1, 0x0, 0x2}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc0}}, 0x0) 1.873965244s ago: executing program 4 (id=5333): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x18, 0xc, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000002a000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000b000000095"], &(0x7f00000001c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000580)='sched_switch\x00', r0}, 0x10) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000180)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000002d80)=[{{0x0, 0xfffffffffffffeaf, 0x0}, 0xfd}], 0x1, 0x10043, 0x0) r4 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000006c0), 0x48200, 0x0) ioctl$TIOCSETD(r4, 0x5423, &(0x7f0000000100)=0x2) ioctl$TIOCVHANGUP(r4, 0x5437, 0x200000000000000) 1.873433412s ago: executing program 2 (id=5334): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'wp256-generic\x00'}, 0x58) r1 = accept4$alg(r0, 0x0, 0x0, 0x0) sendmmsg$sock(r1, &(0x7f0000002480)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000340)="8224aca5f41b9e0ec5e7a706c919e7c0e343f0cd0a779c17e7f992396b09252009d2d12e9475a57ec39f71417044cf4151af34ac1dfd5d87cdd80bc4c24478821f64d4d971bbc1fc7bdd181a839344917165bb9cd0fa568aac55d8e38ee30fd3a9bc63e2656b6941c812e6ea0692ec276deb2b7b817906cf8c5429a42164e8bb521e216e554d509a0fd0d86729b5f4b9a01fb336bef1be8a68a628452b83", 0x9e}, {0x0}, {&(0x7f00000005c0)="f2b314c96d50", 0x6}], 0x3}}], 0x1, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) syz_open_dev$loop(&(0x7f0000000100), 0xf01c, 0x0) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000002c0)="36c1fefc4a84cb34adfedaf464", 0xd}], 0x1, &(0x7f0000000b40)=[@hoplimit={{0x14, 0x29, 0x34, 0x4}}, @hoplimit={{0x14, 0x29, 0x34, 0xfffffffd}}, @dstopts_2292={{0x128, 0x29, 0x4, {0x4, 0x21, '\x00', [@calipso={0x7, 0x10, {0x1, 0x2, 0x9, 0x9f, [0x8]}}, @generic={0xfe, 0x72, "f4a4a3142ee1e12b9826287997a6b33d89f3d60da1641d9fe3896c3c1b6c130ef4f01be8f5836d417874540898619050b14420ab124b11de36afb16ef4fc1cf3f4e4fa0e647cd1b07b068d3894180b6aa7527a4a8252f6836a0d67a7782c675a838ea989e567e4774de1f52d188e0b0888c5"}, @generic={0x80, 0x14, "09e12e5f0b6bdcf72f2ec7008a15fa88b025e0ad"}, @calipso={0x7, 0x40, {0x1, 0xe, 0x7a, 0x8001, [0x5, 0x9, 0x4, 0x6, 0x4, 0x400, 0xb]}}, @pad1, @ra={0x5, 0x2, 0xbf4}, @hao={0xc9, 0x10, @private2}, @generic={0x93, 0x11, "e80ee304ecb784ec4655260cecea14e498"}]}}}, @hoplimit={{0x14}}, @hopopts={{0x1b8, 0x29, 0x36, {0x5e, 0x33, '\x00', [@generic={0xff, 0x45, "50d650847249ad288702ebd0d654b985e8908defb7ec6c5ff115c58e128b9e3a21c34b45ef9de99984e143ca7c3509a971b2ec429ee1edc0bb903fe94b32c28f70dac43574"}, @pad1, @pad1, @padn={0x1, 0x8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0]}, @calipso={0x7, 0x40, {0x3, 0xe, 0x0, 0xfff, [0x2, 0x4, 0x966, 0x7, 0xfffffffffffffff7, 0x1, 0x1]}}, @calipso={0x7, 0x10, {0x0, 0x2, 0x7, 0x6, [0x7fff]}}, @generic={0x8, 0xc0, "c8a110995d439fbfac9716a99c357bcb2d59a850490739734f6b321d19b3754df39cc2dc26cf263cbebbddb9a7f17b6771f74c46623f9e38bd23e6f0a2fd3a9a017f66738394aca44d1a9f0b35d9df0a964360ab0900a5e6fcac1cd41c91c97f6826ff706c41edc4e00205bbb53218ed58a1122d993b55a1b9a870a17e7869e3fc704b388202add651f628963a90fea5d8196d5e0373fd13584ae57b4f1c03d4f67005cdb5938591d5ea712014e358ea0808807873fd7290c6d4f033de64c7e8"}, @calipso={0x7, 0x20, {0x3, 0x6, 0x3, 0x7, [0x0, 0x8000, 0xffffffffffffff04]}}, @generic={0x1, 0x8, "2bdb86d1ce6a20c2"}]}}}, @rthdrdstopts={{0x20, 0x29, 0x37, {0x73, 0x0, '\x00', [@pad1]}}}, @flowinfo={{0x14, 0x29, 0xb, 0x2}}, @rthdr={{0x18}}, @rthdr_2292={{0x38, 0x29, 0x39, {0x3a, 0x4, 0x2, 0x70, 0x0, [@mcast1, @mcast2]}}}], 0x3b0}}], 0x1, 0x810) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3be", 0x6) r5 = accept4(r4, 0x0, 0x0, 0x800) sendmmsg$alg(r5, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0xff31}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r5, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000840)={0x1fe, 0x2, 0x3000, 0x2000, &(0x7f0000003000/0x2000)=nil}) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x2) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000100)=[@text32={0x20, &(0x7f00000000c0)="650f340f3566b842000f00d8b805000000b9a00000000f01c13e0f070fde460b0f0130670f01c2f2360f217a0f07", 0x2e}], 0x1, 0x11, 0x0, 0x0) pwritev(0xffffffffffffffff, &(0x7f0000000b00)=[{&(0x7f0000001880)="ea7c5828b87d70214008724bcae1ce6577c01031b19698ecb8a7f5183947918ce2cc9dc778dbfff9e28e1a6df7d8f95c3e45768a6786d6325bc0fe4ed394c8ed0edcbb9f917074251a7f5b6b24c52516a68f181592262dfd12b5af7386658c5fb6c36d86d5084624a302a155c0463b6c36e9fc88338b0f66e2713728a21d19d9a33da93d419df63d8a87fa100381ec74de8b7409f4977d3cd7a9f2fb03cec91c4277b39b2c9f227a9b74926a11960d085e2aaf98673d2a67fa95b8d9dcc72ca6181f6b9b2d1c402267e6cfef5599e1520077d9bc472fb5a5db42b1befd498ec7b8d519b12f065323b15280a2540bc7a4ffe508fc12f93707064caf4111e893142f9867b432b1e6258caa2ae081b8b646c25de7f5366a21f9dd257b84546cd316e17b79d22c4bcaf70e8a96d1e502b53c581c75482d1d63f0d5f3fb5bdbb714583f0798e0c4d6c9d99513e91a68a26612053290f15f5a2e06acfa229356e37b4d57697224e9561c0430a67fcb5dea72acc91e60751a5b07eb603548a646f082ce213347b4ee908bd95cc56775330aa09d4f19f48a8cb5d7f6346d82bab8ff019309684bd01eb4d90febe2269cd2a1100130c242a2995ce38638a3bbc9008ac0e820a1e0b9a9511af47aa7f3e30a69589985423f3b4ea98152433bf1aa53a0981f783f11c4cc50f70fe63b2043b74b9cb7da59caedadc1fa1f662831a353969893d4f93b919cda52a1ce2200a0a7895abb293c29d6d197cce98a4df8fc90c582014742a00b4bd09f1fcc5ff5753320d2b5593e657c0fb87a4cfa323ce59111eea806a6e020fb0c4fdd601087811e33e793975b5e9e936c16d243bdea757e0ee4508f5d5b496ed07b6f0f1f46ed752448f30d679b23ba8142d4ab25beb913ee77547866e5d9501a55e9797ba3407f3f4cc11398bdaf3ac4c2e79a5b133a09fcf8ae790bb985fa01daf2758fd8a77fde15a822227dddf64bb2ebc49a56ad025e01c6c59e4818abdf808789d9f87c103cf7f7d21d2a1345b9b7fd66b1cf96002343fbd62f8080d945e70bd93d4bf42b401477abed49065b4a8ccfb9d93724118168de2e8df4f78ccf3b9593f993423a619ef6bd8392a2cfc6424d3687fcdc67d33073db95d856f312b934d05a3c4e967217837920fee73b00757b617d1ef3bfc2e88a8a72f0948263db2c9e7bd491f059b6ee8d0ea3f2193314562910529869b248172bfe0f914f7a91a27c6e9e6c2e3455a7ae765392b48fc959958aa39a5a483b2a6e873ac76f8579515e42f7a3bbc82bcf71edaf12f7b40a2adc74d67ef793988cc8ac788185049e57fb84757bdc700ffde10afc19df290787ed98222f8afb2b6d11944666331350e2914466b398750acae526146373b2cbe1bdd1803e6c920a182a1ad118a3d09313c2ce2703a0a1c09215cab90c35b03b1c795cf704f42dd31ddff6be67bb355977b2e07609c5228299a170308e54705674384fc294cdfa4abf989d3c3bf3eabbbcf52a6a0646bf6db5b61ad027007464fd6fc10490ee2e9190c28ae5cb3733105cb782c0d53e5c79c3e455609d557d824154d01e282788ec8ae7c8a03fcd6cd4e37829b0f921c46d715454d5e1281c641cf0756a2f31b0369ce94e819e6254af95b88bffd7bb2cfe9469d303497fead174839b2789b5aa703176510eab1f46916b3b63f6f5b2df262fe7274a0cee9bd6e115e5f9f48ac1c09e5b3c546ae95b9916a633869854d3ee39d4acb800e876e7fc084ffd79a20fca8331caff657ec89b445c6012ff7eb9531eb1e8c90cdc66b82d6fd608310099503a9dcf50b40d10a3b1ab520477e20ad5f6405cd4b5b36d201e12088d7868c6e94737ea88db6ed5f7df4d31cbd2d0c4f21cdcc3b181f5aae7216dc4c06b2989bb44e5369ba96ce87f3e3abbb530d103a53d7e0b914115c302c935eea7d256a73aa851d84dec6d9112163be8135889c67fa90e796a6f050fba0a6a740618cd513748072daac9f3e25034772cc400a14834afbde835bc9fd7cf1113d67ebe99a3b78907596886ad5a1670ef572c18e26c98fe40194428de339cba7b8efc5fa7faf7512ef6b89a877f3e534fb4512729df686e14aece08fab3b42ea14acde0e18ffe5dc00e74288661c7463e00f3b942cddf3b71e1dcf71989f378b933df099316451cca296a4e117bbeb3b1e552e5a10f9731449ae830de14989049ce818f720e77e78a86c307c80450b26278bc25ee7390ce6d4c4dfc8d39b6b4b1ce6f3865dbdd1d37aedb555288bea9ef95c8600dea1cd10e9e42d15aa804f99a31bfaa5ea52185333d734c766e3bb4a9abf86cf4d840dc188167a25cc3054b65fd7ce053d38518474ab55e59c1ccaf34d57b4cd73b07ed63d754ab3d57dfc0f67bbdb22e33d9f63aa2b36cf0af338794d4acbd1b13669bde67f7bd032f9c6b400e8054a0cff77fc6e0591195b21715e42c881e23156b4ba504d7e1b6eb9c2ec9b9e382d85f7c52bd964d305da9496dbaa022880ddf236730c458f31258d64ae2668aa863b3fe558c7f8cfb3dabf42edcaf2891e9b9462c44153658eae85cd499abd9dca762adf26d9904d28b772b3fc3d066d56261474c944387ac7eb00059025ff25e34b8f7c2986db1ccc4297e1315c3ceeef1b8f98e0500bbb8bb0ab52d80f8c6c8fa5d24b9a05f5350e2fd59af4b9fa9a2b4339b61e208f227ba968d4dbd36246133de2078c6a15dd57754a3537c31d04da545f062dbf9cbaa0840e23974f441a4d5937fec23ff81c193bd951a7bacac8eb6d4705702cbe3c930f27869753ba6026455bbb7742c53644f1646d7545467091a207905f831505f214fbd818aea4455705b5e727850cdcac40620135b8dba85cb0c0f393af252ec082cba5c43385fbc2cc5682bc1994b064e29c8c5a20e7e6d15fbb13e6fd1a86b2fda666fbcd80fd08be00a7423fcafbdd8283bac88ead203bc10d1c1a13ca2fe853fa6cc8991b0476561be085b086b0d0e45f73e59f519342c13f368a37464cb55b8a13846f4cd610536d5c4b8704fcd347abe6712d3de67d7918e6954898f31647a8ea37ecc2e1bb02b1b26e7a60fbb2b0a48efc5795c12d5c4ac8dc4149dea0f2e085422ec69352882622711b74e1e32c7ead2cf3c554e8ff1648e8b66d0dc6997b6304b3b560a33d75aa49476175a386ca721156ea79bdba432d439dbceb0285561abd5d134badd9f38c04fae8fa920edfff15705371c907848c14acdfb0b22a4c7168e1840e8b8a50349dcee5f429b3cb34e30f0f67acf93604792b8574f36ea9409d422621f3c0c7b781fc8e23d1d46f04a9b44f633e5f72cb079fbde66a9745705666c6dab6238628e57ee6cffa8cfad616dac1abe2789c9efccb4fc7e65e490d9a4e49e7ce72a6980e72f70a17649e67de86f86b61a4b6219daefc939b5904e5712ecaf85c98484fc02585b1aa990b95173e4a2907cf877af696e528e6b2b634a4fb7d791cacc8644fa76e062148d411e18f0da5aed22116828cd700a28e8f46bca950550acb4ab05eddeb6b2dac24702cff4de0a3ece393cac879ed2f0c5b9645839cfdb79fb1df87596b14504cba9dddda51edaffcd0214b91b5898ea022774e699aa0caf0f646cc0cb8e8fc8b8be43c23aa7f6bd29fd0615c0b78f3514a52989d7f35ad08a4bd473e61da6657cc2e85d3b2b7d3fb51174a96f27038ddbc87a35e09a668e436aa40146c6a26dca87b39220f139b772719d80aadb752c622bf09acd6846838fb48a8817ba4aa72eaa32e82251b3789969d8518f9aa07cdcb9a355f73f119725c086168aaca262f13cd742e5f06c969a462638a557e15a4f5d43e3242c08f23b00d2b8d57c60d3636abd4068ec03a4be3429b95e41351ab5c58812e552df90c3e6c9d8779aa484e74f073ea9fcdce13b1dff8e7c101b2c6865c5cefe108e3559f520e2bc42c9dc39b57fddb44ca49f2689e10c1381c0740d20cbca46da475c62f513cb08398a5fd5d4f6b13ce839fe149df0d291a8f7267fe90a7e1845dace17cd927c2d1aeffbdc36bb983172ceff025e84b0419645fcc72897b992f5081c78756122391947f08ccd20806cfc2bded705b472fc52e84734e016cbd309aadebbbb4e8bdfed77b1e0b15ce0904838d9e4d64643df66f0353c377e554b428dc0f31189a134cdb8e66d2755e84c2b2409c3d63a81f5f05616baf6a243b09153a4f8289e15a5a4ffb007b0cbeffde25391bb2acd86b453e245643c0fa1dfe5d42e0e3f1c592a00b77f0133adf7989c6c2bf3ddc0b8a2b14f35d33f62f4ee2fc56166372058e997b9abe6bad8aa718f8d87ad095e8f354aaef540840437b5451771266a8358ed75954db52b38bca4a1c8696dca1de03b12627254409f8bb68c94eeaa1a8bcf894482b96e81b9ff5c2383a907537a191aff0bb5b5418ef5670cecca1cfbd41b61879b11a5a5053cd86cf5d61f8c2f7d7ad2034a1801b3b92a79ac3b4343c680008b1ba10577a35173cac6d4dbc1d00e436f238b57093b34d4ea19c225b84a2d6086cc6cf72595b980c88142d268bbf9c8375a93afe75c3583b3b9687368d78147985d209e6d89c335e948c51696a948f01ad062dcf84a99584466e24646b2e441fefb10ef962432f2925d6d98e790acf4ca7d9339a589a537aa3392ec79f34a6544144072ab8248e45ac560a78c70c5afcbf10909299dfcd67981c88780c1340c951e115ffec56d23b9ead6a55024e199238f4b133e3e1e0e84318b5037a3947ae09749c25c7e4887936ecf0ba9a807dfa471ea1f3350b70feb58dc9e2836365ce4db456a341e43410cac1253fe08e79c21fca932716f4c171fc957cb325737b70532d81f0eb2f0a16478c0d934165728f7b29a8a0ff6bc964e99dea26d3efd28336b00c112a26da7a2ea1c21a9688cc3a68293958edf27ae89e5f9b8348af4121028e760cf68c931af92906d27dad4d330df9201b5395ccce0c803806422883667ccb11438d9dbe1901d4ab98d89914b313338486deb6f748053517e2188c479adb1eabb8e8ed5d05bb3f66826fae83bbc5bce3615ee32d937ffbe8846a1156aaf7bf9b9d4189bdf290b3df254077688eeda824d6ea0a452f7e7f915c1a94ee250a3907ec035d7ba7bb0256811f04646ca156b8925506c774df4d4072c02929e985057a5f7ddc1469c7306e6fdb86b810ada1cc96f6bd389597dd27dd656f55c316fb2d56b2d13eddf893722e813934a19778719be99697c365222db64039f9caab1201c430e53df1af8a0321c8759fc33e8204150080979936d0717f6c4c9145fb828389acbb894a4600485e8b105c7165a40e814889343deead6d434a8da60eed1e50aa507ac2793b4a4c5517265f859f223bb4f6cadc6fb53430304baea18189e2b5ddd266c38f5c325ba391a50fcd34060d217c4118889c4275e40a8428099ddfa3cc0d8241c22fc1554318e922f3b1257f2046d70df460c5283a539487583ffca1972a19237b06480e0a56d9e185fe4dc3607666d81ed0d9d9f5c5c568a5a0a87160b6d35c73dae9c6177f2b25d90a2598042f4b43bc765fa86a831c401a01c391a8fdc8f8c742f2322a1b8ef18ec7d82f013893c981f6bd96ec57d8e73e1633ae3970721fcea055ecc836ce3", 0xf91}], 0x1, 0x1, 0x2) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000180)=[@text64={0x40, 0x0}], 0x1, 0x18, 0x0, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1.63035477s ago: executing program 5 (id=5335): futex(&(0x7f000000cffc), 0x80000000000b, 0x0, 0x0, &(0x7f0000048000), 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$devlink(&(0x7f0000000300), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_POLICER_GET(r0, 0x0, 0x20000040) syz_io_uring_setup(0x22d8, &(0x7f0000000180)={0x0, 0x3c2a, 0x8000, 0x0, 0x135}, &(0x7f0000000340), &(0x7f0000000280)) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) getsockopt(r1, 0x28, 0x8001, 0x0, &(0x7f0000000000)) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000100)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x83, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xfffffffffffffd71, 0xffffffffffffffff}, 0x78) r3 = openat$ppp(0xffffffffffffff9c, &(0x7f00000004c0), 0x800, 0x0) ioctl$EVIOCGPROP(r3, 0x40047438, &(0x7f0000000180)=""/246) r4 = syz_open_dev$radio(&(0x7f0000000080), 0xffffffffffffffff, 0x2) r5 = dup2(r4, r2) sendmsg$nl_xfrm(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000380)=@delsa={0x28, 0x11, 0x300, 0x70bd2b, 0x25dfdbfd, {@in=@rand_addr=0x64010102, 0x4d6, 0xa, 0x32}}, 0x28}, 0x1, 0x0, 0x0, 0x40084}, 0x40000) ioctl$PPPIOCSMRU1(r3, 0x40047452, &(0x7f0000000300)=0x5) 977.839517ms ago: executing program 2 (id=5336): getsockopt$XDP_STATISTICS(0xffffffffffffffff, 0x11b, 0x7, &(0x7f0000000000), &(0x7f0000000040)=0x30) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x0, 0x8, 0x8001, 0x0, 0x2, 0x7, 0xfffffe0001000001, 0xfa11, 0xffffffff}, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder1\x00', 0x0, 0x0) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x80, 0x0) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r3, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r2, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r3, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) ioctl$IOMMU_HWPT_ALLOC$NONE(r2, 0x3b89, &(0x7f0000000000)={0x28, 0x2, r4, r3, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_UNMAP$ALL(r2, 0x3b86, &(0x7f0000000040)={0x18, r3}) ioctl$FS_IOC_READ_VERITY_METADATA(r2, 0xc0286687, &(0x7f00000001c0)={0x1, 0x4, 0x12, &(0x7f0000000080)=""/18}) syz_usb_connect(0x2, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a72b7a104c05e102c8e201020301090224000100000000090471020216fa1f0009051402100000fa0009058202"], 0x0) r5 = openat$uhid(0xffffffffffffff9c, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x40010, r5, 0x2000) syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r6, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) setsockopt$packet_int(r6, 0x107, 0x7, 0x0, 0x0) r7 = syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) r8 = socket$nl_generic(0x10, 0x3, 0x10) recvmmsg(r8, &(0x7f0000001640)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f00000004c0)=""/4096, 0x1e67}, {&(0x7f00000000c0)=""/250, 0x4}], 0x2, 0x0, 0xd64}}], 0x300, 0x34000, 0x0) sendmsg$ETHTOOL_MSG_TSINFO_GET(r8, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000280)=ANY=[@ANYBLOB="18000000", @ANYRES16=r7, @ANYBLOB="a787000000ff000000"], 0x18}}, 0x0) read(r0, 0x0, 0x0) r9 = add_key$keyring(&(0x7f00000000c0), &(0x7f00000002c0)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) keyctl$restrict_keyring(0xa, r9, &(0x7f0000000300)='asymmetric\x00', 0x0) 90.0493ms ago: executing program 1 (id=5337): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="7c010000190001000000000003000000e0000002000000000000000000000000fe8000000000000000000000000000aa00000000000000000a00008000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000c4000500e0000001000000000000000000000000000004d53c0000000200"], 0x17c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 64.602024ms ago: executing program 5 (id=5338): r0 = memfd_create(&(0x7f0000000000)='\xf3e\t\x9f\x918\xc0y\x01c\x1fnux\x00sV\ad\xb0l \xfd\xd7\x8e\x7f\x89\xb8\xc5;~\x04\x03~K\xfbP\x84=\xfa\x81\f\x1et\x10\x0e\xcf^9\xbe\\', 0x0) pwrite64(r0, &(0x7f0000000640)='/', 0x1, 0xe) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r1}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) socket$nl_route(0x10, 0x3, 0x0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1/file2\x00', 0x81c0, 0x0) r5 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x0, 0x10) r6 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000000c0)='/sys/power/disk', 0x121a02, 0xe0) sendfile(r6, r5, 0x0, 0x8) copy_file_range(r0, 0x0, r0, &(0x7f0000000080)=0x1e0, 0xff, 0x0) 0s ago: executing program 4 (id=5339): rt_sigaction(0x80000011, 0x0, 0x0, 0x8, &(0x7f0000000000)) r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_int(r0, 0x0, 0x33, 0x0, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x963b01) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="9feb01001800000000000000340000003400000002000000003451177b72a806800000000300000002000000000fffff000000000000000105000000"], 0x0, 0x4e}, 0x28) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f00000003c0)={0x55, 0x8000, 0xfff9, {0x0, 0x201}, {0x50, 0x2}, @cond=[{0x1ff, 0x5, 0x6f5, 0x800, 0xc7, 0xffff}, {0xffff, 0x5, 0x1, 0x46, 0xcb, 0xfd}]}) socket$inet_udplite(0x2, 0x2, 0x88) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r2, 0x4018620d, 0x0) socket$nl_generic(0x10, 0x3, 0x10) fsopen(&(0x7f0000000280)='ceph\x00', 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) dup3(0xffffffffffffffff, r2, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000002c0)={0x8, 0x0, &(0x7f0000000180)=[@decrefs], 0x0, 0x0, 0x0}) r3 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBMODE(r3, 0x4b45, &(0x7f0000000000)) write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250) ioctl$EVIOCGKEY(r1, 0x80404518, 0x0) kernel console output (not intermixed with test programs): 155][ T10] usb 4-1: config 0 descriptor?? [ 1492.016686][ T5887] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 1492.026205][ T5887] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1492.043354][ T10] ims_pcu 4-1:0.0: Zero length descriptor [ 1492.045520][ T5887] usb 2-1: config 0 descriptor?? [ 1492.104075][ T10] ims_pcu 4-1:0.0: probe with driver ims_pcu failed with error -22 [ 1492.260868][T24027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1492.271175][T24027] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1492.288413][T24027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1492.338649][ T5861] usb 5-1: new high-speed USB device number 100 using dummy_hcd [ 1492.484826][T24027] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1493.061650][ T5861] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00 [ 1493.076834][ T5861] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1493.087530][ T5861] usb 5-1: Product: syz [ 1493.093580][ T5861] usb 5-1: SerialNumber: syz [ 1493.138179][ T5861] usb 5-1: config 0 descriptor?? [ 1493.377038][ T5861] hso 5-1:0.0: Failed to find BULK IN ep [ 1493.428900][ T5887] ath6kl: Failed to read usb control message: -71 [ 1493.445625][ T5887] ath6kl: Unable to read the bmi data from the device: -71 [ 1493.455378][ T5887] ath6kl: Unable to recv target info: -71 [ 1493.464831][ T5961] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 1493.477148][ T5887] ath6kl: Failed to init ath6kl core: -71 [ 1493.492662][ T5887] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 1493.515368][ T5887] usb 2-1: USB disconnect, device number 103 [ 1493.589858][ T5861] usb 5-1: USB disconnect, device number 100 [ 1493.625357][ T5961] usb 6-1: Using ep0 maxpacket: 32 [ 1493.634083][ T5961] usb 6-1: New USB device found, idVendor=ae6f, idProduct=79f4, bcdDevice=8f.99 [ 1493.643723][ T5961] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1493.651932][ T5961] usb 6-1: Product: syz [ 1493.656447][ T5961] usb 6-1: Manufacturer: syz [ 1493.661024][ T5961] usb 6-1: SerialNumber: syz [ 1493.669636][ T5961] usb 6-1: config 0 descriptor?? [ 1493.882328][T24040] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1493.898690][T24040] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1493.918082][T24040] netlink: 8 bytes leftover after parsing attributes in process `syz.5.4815'. [ 1493.932429][ T5887] usb 6-1: USB disconnect, device number 70 [ 1494.674402][ T5861] usb 4-1: USB disconnect, device number 104 [ 1494.979213][T24066] netlink: 'syz.5.4820': attribute type 4 has an invalid length. [ 1494.995778][T24066] netlink: 'syz.5.4820': attribute type 4 has an invalid length. [ 1496.510201][T24086] bridge0: port 2(bridge_slave_1) entered disabled state [ 1496.517526][T24086] bridge0: port 1(bridge_slave_0) entered disabled state [ 1496.787176][ T5961] usb 4-1: new high-speed USB device number 105 using dummy_hcd [ 1497.013175][T24086] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1497.037785][T24086] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1497.041756][ T5961] usb 4-1: Using ep0 maxpacket: 32 [ 1497.084104][ T5961] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 1497.094069][ T5961] usb 4-1: config 0 has no interface number 0 [ 1497.226637][T24106] netlink: 20 bytes leftover after parsing attributes in process `syz.5.4829'. [ 1497.239493][T24106] netlink: 288 bytes leftover after parsing attributes in process `syz.5.4829'. [ 1497.276569][ T5961] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 1497.286468][ T5961] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1497.294991][ T5961] usb 4-1: Product: syz [ 1497.301937][ T5961] usb 4-1: Manufacturer: syz [ 1497.307136][ T5961] usb 4-1: SerialNumber: syz [ 1497.407772][ T5961] usb 4-1: config 0 descriptor?? [ 1497.636451][ T5961] smsc95xx v2.0.0 [ 1497.763127][ T36] netdevsim netdevsim3 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1497.818940][ T36] netdevsim netdevsim3 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1497.829369][ T36] netdevsim netdevsim3 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1497.851241][ T36] netdevsim netdevsim3 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1497.909289][ T36] netdevsim netdevsim3 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1498.008932][ T36] netdevsim netdevsim3 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1498.048322][ T36] netdevsim netdevsim3 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 1498.081431][ T36] netdevsim netdevsim3 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1498.812038][ T5961] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 1498.893304][ T5961] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1498.923460][ T5961] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 1499.008202][ T5961] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 1499.108688][ T5961] usb 4-1: USB disconnect, device number 105 [ 1499.137547][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 1499.137559][ T30] audit: type=1326 audit(1762041285.606:3126): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24116 comm="syz.4.4834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4b558efc9 code=0x7ffc0000 [ 1499.181642][ T30] audit: type=1326 audit(1762041285.606:3127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24116 comm="syz.4.4834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fc4b558efc9 code=0x7ffc0000 [ 1499.245534][ T30] audit: type=1326 audit(1762041285.606:3128): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24116 comm="syz.4.4834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4b558efc9 code=0x7ffc0000 [ 1500.434809][ T30] audit: type=1326 audit(1762041285.606:3129): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24116 comm="syz.4.4834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=199 compat=0 ip=0x7fc4b558efc9 code=0x7ffc0000 [ 1500.459611][ T30] audit: type=1326 audit(1762041285.606:3130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24116 comm="syz.4.4834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4b558efc9 code=0x7ffc0000 [ 1500.483302][ T30] audit: type=1326 audit(1762041285.606:3131): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24116 comm="syz.4.4834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fc4b558efc9 code=0x7ffc0000 [ 1500.507171][ T30] audit: type=1326 audit(1762041285.606:3132): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24116 comm="syz.4.4834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4b558efc9 code=0x7ffc0000 [ 1501.112553][ T30] audit: type=1326 audit(1762041285.606:3133): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24116 comm="syz.4.4834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fc4b558efc9 code=0x7ffc0000 [ 1501.134970][ C0] vkms_vblank_simulate: vblank timer overrun [ 1501.344757][ T30] audit: type=1326 audit(1762041285.626:3134): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24116 comm="syz.4.4834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4b558efc9 code=0x7ffc0000 [ 1501.367223][ C0] vkms_vblank_simulate: vblank timer overrun [ 1501.374761][ T30] audit: type=1326 audit(1762041285.626:3135): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24116 comm="syz.4.4834" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4b558efc9 code=0x7ffc0000 [ 1502.585673][T24137] delete_channel: no stack [ 1502.594256][ T5961] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 1502.813569][ T5961] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1502.824342][ T5961] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1502.846252][ T5961] usb 6-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1502.875984][ T5961] usb 6-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1502.886122][ T5961] usb 6-1: Manufacturer: syz [ 1502.919598][ T5961] usb 6-1: config 0 descriptor?? [ 1503.019034][ T10] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 1503.153296][ T5961] usb 6-1: USB disconnect, device number 71 [ 1503.221264][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1503.237364][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1503.261447][ T10] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1503.381174][ T10] usb 5-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1503.399583][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1503.429949][ T10] usb 5-1: config 0 descriptor?? [ 1503.884040][ T10] hid-multitouch 0003:0EEF:72D0.005C: unbalanced collection at end of report description [ 1503.915703][ T10] hid-multitouch 0003:0EEF:72D0.005C: probe with driver hid-multitouch failed with error -22 [ 1503.969280][ T5961] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 1504.098525][ T89] usb 5-1: USB disconnect, device number 101 [ 1504.224396][ T5961] usb 6-1: Using ep0 maxpacket: 32 [ 1504.231325][ T5961] usb 6-1: config 0 has an invalid interface number: 66 but max is 0 [ 1504.239473][ T5961] usb 6-1: config 0 has no interface number 0 [ 1504.271365][ T5961] usb 6-1: New USB device found, idVendor=0fe9, idProduct=d501, bcdDevice=23.50 [ 1504.291560][ T5961] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1504.314308][ T5961] usb 6-1: Product: syz [ 1504.318554][ T5961] usb 6-1: Manufacturer: syz [ 1504.333380][ T5961] usb 6-1: SerialNumber: syz [ 1504.387027][ T5961] usb 6-1: config 0 descriptor?? [ 1504.421318][ T5961] dvb-usb: found a 'DViCO FusionHDTV5 USB Gold' in warm state. [ 1504.430404][ T5961] dvb-usb: bulk message failed: -22 (2/0) [ 1504.456419][ T5961] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1504.469312][ T5961] dvbdev: DVB: registering new adapter (DViCO FusionHDTV5 USB Gold) [ 1504.517738][ T5961] usb 6-1: media controller created [ 1504.534110][ T5961] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1504.574974][ T5961] cxusb: set interface failed [ 1504.581927][ T5961] dvb-usb: bulk message failed: -22 (1/0) [ 1504.678926][ T5961] DVB: Unable to find symbol lgdt330x_attach() [ 1504.685521][ T5961] dvb-usb: no frontend was attached by 'DViCO FusionHDTV5 USB Gold' [ 1504.771437][ T5961] rc_core: IR keymap rc-dvico-portable not found [ 1504.792390][ T5961] Registered IR keymap rc-empty [ 1504.895825][ T5961] rc rc0: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0 [ 1505.216553][ T5961] input: DViCO FusionHDTV5 USB Gold as /devices/platform/dummy_hcd.5/usb6/6-1/rc/rc0/input133 [ 1505.513548][ T5961] dvb-usb: schedule remote query interval to 100 msecs. [ 1505.712389][ T5961] dvb-usb: DViCO FusionHDTV5 USB Gold successfully initialized and connected. [ 1506.080767][ T89] dvb-usb: bulk message failed: -22 (1/0) [ 1506.089970][ T5961] usb 6-1: USB disconnect, device number 72 [ 1506.245787][ T5887] dvb-usb: bulk message failed: -22 (1/0) [ 1506.906324][ T5961] dvb-usb: DViCO FusionHDTV5 USB Gold successfully deinitialized and disconnected. [ 1507.275391][ T5961] usb 6-1: new high-speed USB device number 73 using dummy_hcd [ 1507.354539][ T5887] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 1507.374274][ T89] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 1507.402861][ T5907] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 1507.474444][ T5961] usb 6-1: Using ep0 maxpacket: 8 [ 1507.484070][ T5961] usb 6-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1507.497897][ T5961] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1507.506600][ T5961] usb 6-1: Product: syz [ 1507.510755][ T5961] usb 6-1: Manufacturer: syz [ 1507.516717][ T5961] usb 6-1: SerialNumber: syz [ 1507.522045][ T5887] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1507.533384][ T5887] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1507.550517][ T89] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 1507.562137][ T89] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1507.586781][ T24] usb 4-1: new high-speed USB device number 106 using dummy_hcd [ 1507.596437][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1507.597218][ T5961] usb 6-1: config 0 descriptor?? [ 1507.608614][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1507.613004][ T5887] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1507.637509][ T5907] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1507.638500][ T89] usb 5-1: config 0 descriptor?? [ 1507.653629][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1507.671373][ T5961] gspca_main: se401-2.14.0 probing 047d:5003 [ 1507.673673][ T5907] usb 2-1: config 0 descriptor?? [ 1507.705114][ T5887] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1507.726496][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1507.736295][ T5887] usb 3-1: Product: syz [ 1507.740691][ T5887] usb 3-1: Manufacturer: syz [ 1507.746912][ T5887] usb 3-1: SerialNumber: syz [ 1507.786589][ T24] usb 4-1: config 0 has no interfaces? [ 1507.795362][ T24] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1507.812366][ T5887] hub 3-1:1.0: bad descriptor, ignoring hub [ 1507.824302][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1507.832738][ T5887] hub 3-1:1.0: probe with driver hub failed with error -5 [ 1507.840753][ T24] usb 4-1: Product: syz [ 1507.848857][ T24] usb 4-1: Manufacturer: syz [ 1507.854998][ T24] usb 4-1: SerialNumber: syz [ 1507.884929][ T24] usb 4-1: config 0 descriptor?? [ 1507.899972][T24180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1507.917924][T24180] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1507.934831][T24180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1507.943957][T24180] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1508.002550][ T5887] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 16 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1508.065930][ T5887] usb 3-1: USB disconnect, device number 16 [ 1508.078298][ T5887] usblp0: removed [ 1508.468248][ T89] ath6kl: Failed to read usb control message: -71 [ 1508.492658][ T89] ath6kl: Unable to read the bmi data from the device: -71 [ 1508.505012][ T89] ath6kl: Unable to recv target info: -71 [ 1508.524541][ T89] ath6kl: Failed to init ath6kl core: -71 [ 1508.530811][ T89] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 1508.565904][ T5887] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 1508.574262][ T89] usb 5-1: USB disconnect, device number 102 [ 1508.643391][ T5961] gspca_se401: read req failed req 0x06 error -19 [ 1508.663100][ T5961] usb 6-1: USB disconnect, device number 73 [ 1508.743883][ T5887] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1508.754751][ T5887] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1508.793013][T24194] syzkaller0: entered allmulticast mode [ 1508.817627][ T5887] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1508.836558][ T5887] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1508.846705][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1508.861624][ T5887] usb 3-1: Product: syz [ 1508.873031][ T5887] usb 3-1: Manufacturer: syz [ 1508.886636][ T5887] usb 3-1: SerialNumber: syz [ 1509.025782][ T5887] hub 3-1:1.0: bad descriptor, ignoring hub [ 1509.060995][ T5887] hub 3-1:1.0: probe with driver hub failed with error -5 [ 1509.229261][ T5887] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 17 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1509.275434][ T5887] usb 3-1: USB disconnect, device number 17 [ 1509.300454][ T5887] usblp0: removed [ 1509.414439][ T10] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 1509.584139][ T10] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 1509.593920][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1509.635596][ T10] usb 5-1: config 0 descriptor?? [ 1509.884813][T24199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1509.909128][T24199] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1509.936357][T24199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1509.948528][T24199] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1510.234595][ T10] ath6kl: Failed to read usb control message: -71 [ 1510.263197][ T10] ath6kl: Unable to read the bmi data from the device: -71 [ 1510.296145][ T10] ath6kl: Unable to recv target info: -71 [ 1510.365159][ T10] ath6kl: Failed to init ath6kl core: -71 [ 1510.371610][ T10] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 1510.403777][T14456] usb 4-1: USB disconnect, device number 106 [ 1510.603977][ T10] usb 5-1: USB disconnect, device number 103 [ 1510.885688][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 1510.885727][ T30] audit: type=1326 audit(1762041297.376:3149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24214 comm="syz.5.4858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09f3f8efc9 code=0x7ffc0000 [ 1511.021415][ T30] audit: type=1326 audit(1762041297.376:3150): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24214 comm="syz.5.4858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09f3f8efc9 code=0x7ffc0000 [ 1511.045283][ T30] audit: type=1326 audit(1762041297.386:3151): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24214 comm="syz.5.4858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=150 compat=0 ip=0x7f09f3f8efc9 code=0x7ffc0000 [ 1511.179286][T24221] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1511.188740][ T30] audit: type=1326 audit(1762041297.386:3152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24214 comm="syz.5.4858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09f3f8efc9 code=0x7ffc0000 [ 1511.302337][ T30] audit: type=1326 audit(1762041297.386:3153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24214 comm="syz.5.4858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09f3f8efc9 code=0x7ffc0000 [ 1511.374415][ T30] audit: type=1326 audit(1762041297.416:3154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24214 comm="syz.5.4858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=158 compat=0 ip=0x7f09f3f8efc9 code=0x7ffc0000 [ 1511.434882][ T30] audit: type=1326 audit(1762041297.416:3155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24214 comm="syz.5.4858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09f3f8efc9 code=0x7ffc0000 [ 1511.511995][ T30] audit: type=1326 audit(1762041297.416:3156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24214 comm="syz.5.4858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09f3f8efc9 code=0x7ffc0000 [ 1511.534829][ T89] usb 6-1: new high-speed USB device number 74 using dummy_hcd [ 1511.600459][ T30] audit: type=1326 audit(1762041297.416:3157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24214 comm="syz.5.4858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f09f3f8efc9 code=0x7ffc0000 [ 1511.684593][ T30] audit: type=1326 audit(1762041297.416:3158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=24214 comm="syz.5.4858" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f09f3f8efc9 code=0x7ffc0000 [ 1511.716058][ T89] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1511.729063][ T89] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1511.754254][ T89] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1511.790854][ T89] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1511.801232][ T89] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1511.804897][T14456] usb 4-1: new high-speed USB device number 107 using dummy_hcd [ 1511.832887][ T89] usb 6-1: config 0 descriptor?? [ 1511.986750][T14456] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 1512.002552][T14456] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1512.062621][T14456] usb 4-1: config 0 descriptor?? [ 1512.260374][ T89] plantronics 0003:047F:FFFF.005D: unknown main item tag 0x0 [ 1512.289869][T24225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1512.303058][T24225] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1512.321173][T24225] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1512.338135][ T89] plantronics 0003:047F:FFFF.005D: unknown main item tag 0x0 [ 1512.338626][T24225] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1512.367451][ T89] plantronics 0003:047F:FFFF.005D: unknown main item tag 0x0 [ 1512.414375][ T5961] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 1512.570766][ T89] plantronics 0003:047F:FFFF.005D: unknown main item tag 0x0 [ 1512.697103][ T89] plantronics 0003:047F:FFFF.005D: unknown main item tag 0x0 [ 1512.704856][ T5961] usb 5-1: Using ep0 maxpacket: 8 [ 1512.785859][ T5961] usb 5-1: New USB device found, idVendor=047d, idProduct=5003, bcdDevice=2f.8c [ 1512.801855][ T89] plantronics 0003:047F:FFFF.005D: unknown main item tag 0x0 [ 1512.811422][ T5961] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1512.884253][ T89] plantronics 0003:047F:FFFF.005D: unknown main item tag 0x0 [ 1512.895704][ T5961] usb 5-1: Product: syz [ 1512.924123][ T5961] usb 5-1: Manufacturer: syz [ 1512.935464][ T5961] usb 5-1: SerialNumber: syz [ 1512.941321][ T89] plantronics 0003:047F:FFFF.005D: unknown main item tag 0x0 [ 1512.963194][ T5961] usb 5-1: config 0 descriptor?? [ 1512.970358][ T89] plantronics 0003:047F:FFFF.005D: unknown main item tag 0x0 [ 1512.988030][ T5961] gspca_main: se401-2.14.0 probing 047d:5003 [ 1512.995557][ T89] plantronics 0003:047F:FFFF.005D: unknown main item tag 0x0 [ 1513.038945][ T89] plantronics 0003:047F:FFFF.005D: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.5-1/input0 [ 1513.200226][ T89] usb 6-1: USB disconnect, device number 74 [ 1513.204800][ T5907] usbhid 2-1:0.0: can't add hid device: -110 [ 1513.238866][T14456] ath6kl: Failed to read usb control message: -71 [ 1513.262341][T14456] ath6kl: Unable to read the bmi data from the device: -71 [ 1513.294887][ T5907] usbhid 2-1:0.0: probe with driver usbhid failed with error -110 [ 1513.345540][T14456] ath6kl: Unable to recv target info: -71 [ 1513.397774][ T5961] gspca_se401: Bayer format not supported! [ 1513.406891][T14456] ath6kl: Failed to init ath6kl core: -71 [ 1513.413188][T14456] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 1513.473491][T24239] fido_id[24239]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.5/usb6/report_descriptor': No such file or directory [ 1513.577753][T14456] usb 4-1: USB disconnect, device number 107 [ 1514.047939][ T89] usb 6-1: new high-speed USB device number 75 using dummy_hcd [ 1514.196215][T24247] netlink: 32 bytes leftover after parsing attributes in process `syz.2.4866'. [ 1514.237186][ T89] usb 6-1: config 160 has an invalid interface number: 200 but max is 0 [ 1514.248152][ T89] usb 6-1: config 160 has no interface number 0 [ 1514.294904][T14456] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 1514.297961][ T89] usb 6-1: config 160 interface 200 has no altsetting 0 [ 1514.520339][ T89] usb 6-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b [ 1514.534203][ T89] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1514.549714][ T89] usb 6-1: Product: syz [ 1514.553892][ T89] usb 6-1: Manufacturer: syz [ 1514.572257][T14456] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1514.582902][ T89] usb 6-1: SerialNumber: syz [ 1514.956987][T14456] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1514.969450][T14456] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1514.986020][T14456] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1514.996722][T14456] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1515.005639][T14456] usb 4-1: Product: syz [ 1515.009858][T14456] usb 4-1: Manufacturer: syz [ 1515.015271][T14456] usb 4-1: SerialNumber: syz [ 1515.125561][T14456] hub 4-1:1.0: bad descriptor, ignoring hub [ 1515.159934][T14456] hub 4-1:1.0: probe with driver hub failed with error -5 [ 1515.333339][T14456] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 108 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1515.665620][T14456] usb 4-1: USB disconnect, device number 108 [ 1515.738803][T14456] usblp0: removed [ 1515.748683][ T5887] usb 5-1: USB disconnect, device number 104 [ 1515.807672][ T89] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1515.870805][ T89] usb 6-1: MIDIStreaming interface descriptor not found [ 1516.784304][ T5887] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 1517.532700][ T89] usb 6-1: USB disconnect, device number 75 [ 1517.674233][ T5887] usb 5-1: Using ep0 maxpacket: 32 [ 1517.681554][ T5887] usb 5-1: config 155 has an invalid descriptor of length 0, skipping remainder of the config [ 1517.714227][ T5887] usb 5-1: config 155 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 1517.756941][ T5887] usb 5-1: config 155 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1517.792219][ T5887] usb 5-1: config 155 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 11 [ 1517.825644][ T5887] usb 5-1: New USB device found, idVendor=15c2, idProduct=ffdc, bcdDevice=bd.30 [ 1517.835130][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1517.860346][ T5887] usb 5-1: Product: syz [ 1517.870256][ T5887] usb 5-1: Manufacturer: syz [ 1517.921229][ T5887] usb 5-1: SerialNumber: syz [ 1517.930481][T24266] netlink: 'syz.2.4872': attribute type 1 has an invalid length. [ 1517.950215][ C1] imon 5-1:155.0: imon usb_rx_callback_intf0: status(-71) [ 1517.975611][ T5887] input: iMON Panel, Knob and Mouse(15c2:ffdc) as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:155.0/input/input134 [ 1518.036663][T24266] bond6: entered promiscuous mode [ 1518.043501][T24266] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1518.165387][ T5887] imon 5-1:155.0: Unknown 0xffdc device, defaulting to VFD and iMON IR [ 1518.275748][ T5887] (id 0x00) [ 1518.327021][ T5907] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 1518.560343][ T5907] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1518.579330][ T5887] rc_core: IR keymap rc-imon-pad not found [ 1518.584792][ T5907] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1518.601342][ T5907] usb 3-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=b1.f9 [ 1518.619715][ T5907] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1518.634541][ T5907] usb 3-1: Product: syz [ 1518.644738][ T5907] usb 3-1: Manufacturer: syz [ 1518.649441][ T5887] Registered IR keymap rc-empty [ 1518.666059][ T5907] usb 3-1: SerialNumber: syz [ 1518.675898][ T5907] usb 3-1: config 0 descriptor?? [ 1518.696695][ T5887] imon 5-1:155.0: Looks like you're trying to use an IR protocol this device does not support [ 1518.753546][ T5907] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 1518.763197][ T5887] imon 5-1:155.0: Unsupported IR protocol specified, overriding to iMON IR protocol [ 1518.809321][ T5887] imon:send_packet: packet tx failed (-71) [ 1518.827657][ T5907] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1518.844362][ T5887] imon 5-1:155.0: remote input dev register failed [ 1518.865075][ T5887] imon 5-1:155.0: imon_init_intf0: rc device setup failed [ 1518.955516][ T5907] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 1518.988908][ T5907] usb 3-1: media controller created [ 1519.009683][ T5887] imon 5-1:155.0: unable to initialize intf0, err 0 [ 1519.067547][ T5887] imon:imon_probe: failed to initialize context! [ 1519.067749][ T5907] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1519.073920][ T5887] imon 5-1:155.0: unable to register, err -19 [ 1519.164459][ T5887] usb 5-1: USB disconnect, device number 105 [ 1519.327751][ T5907] DVB: Unable to find symbol tda10046_attach() [ 1519.334000][ T5907] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 1519.344920][ T24] usb 2-1: USB disconnect, device number 104 [ 1519.439883][ T5907] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 1519.872682][ T5907] dvb_usb_m920x 3-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 1519.889081][ T5907] usb 3-1: USB disconnect, device number 18 [ 1519.904366][ T24] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 1519.912875][ T5887] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 1520.076085][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1520.090388][ T5887] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00 [ 1520.100252][ T24] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1520.110868][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1520.137246][ T24] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1520.151686][ T5887] usb 5-1: Product: syz [ 1520.156146][ T5887] usb 5-1: SerialNumber: syz [ 1520.162386][ T24] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1520.181211][ T5887] usb 5-1: config 0 descriptor?? [ 1520.195025][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1520.225038][ T24] usb 2-1: config 0 descriptor?? [ 1520.530705][ T5887] hso 5-1:0.0: Failed to find BULK IN ep [ 1520.650253][ T5887] usb 5-1: USB disconnect, device number 106 [ 1520.774250][ T24] plantronics 0003:047F:FFFF.005E: unknown main item tag 0x0 [ 1520.785822][ T24] plantronics 0003:047F:FFFF.005E: unknown main item tag 0x0 [ 1520.846006][ T24] plantronics 0003:047F:FFFF.005E: unknown main item tag 0x0 [ 1520.882112][ T24] plantronics 0003:047F:FFFF.005E: unknown main item tag 0x0 [ 1520.912484][ T24] plantronics 0003:047F:FFFF.005E: unknown main item tag 0x0 [ 1520.943963][ T24] plantronics 0003:047F:FFFF.005E: unknown main item tag 0x0 [ 1521.012311][ T24] plantronics 0003:047F:FFFF.005E: unknown main item tag 0x0 [ 1521.080999][ T24] plantronics 0003:047F:FFFF.005E: unknown main item tag 0x0 [ 1521.088521][ T24] plantronics 0003:047F:FFFF.005E: unknown main item tag 0x0 [ 1521.103773][ T24] plantronics 0003:047F:FFFF.005E: unknown main item tag 0x0 [ 1521.169523][ T24] plantronics 0003:047F:FFFF.005E: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1521.241498][ T24] usb 2-1: USB disconnect, device number 105 [ 1521.304086][T24297] fido_id[24297]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 1521.579036][ T5887] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1521.624908][ T5961] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 1521.811614][ T5961] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 1521.822893][ T5961] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1521.900829][ T5961] usb 5-1: config 0 descriptor?? [ 1522.074749][ T5887] usb 3-1: config 160 has an invalid interface number: 200 but max is 0 [ 1522.093346][ T5887] usb 3-1: config 160 has no interface number 0 [ 1522.300879][ T5887] usb 3-1: config 160 interface 200 has no altsetting 0 [ 1522.348645][T24303] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1522.383998][ T5887] usb 3-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b [ 1522.415319][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1522.415616][T24303] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1522.423666][ T5887] usb 3-1: Product: syz [ 1522.444983][ T5887] usb 3-1: Manufacturer: syz [ 1522.454274][ T5887] usb 3-1: SerialNumber: syz [ 1522.531083][T24313] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1522.563556][T24313] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1522.636236][T24313] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1522.643729][T24313] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1522.680730][T24313] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1522.715381][T24313] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1522.751082][ T5887] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1522.767241][ T5887] usb 3-1: MIDIStreaming interface descriptor not found [ 1522.802449][T24313] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1522.815090][T24313] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 1522.882381][ T5887] usb 3-1: USB disconnect, device number 19 [ 1522.918476][T13780] udevd[13780]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:160.200/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1522.964308][ T5961] ath6kl: Failed to submit usb control message: -110 [ 1522.971068][ T5961] ath6kl: unable to send the bmi data to the device: -110 [ 1523.016219][T24313] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1523.024341][T24313] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1523.044321][ T5961] ath6kl: Unable to send get target info: -110 [ 1523.080359][T24303] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1523.101150][T24303] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1523.128952][ T5961] ath6kl: Failed to init ath6kl core: -110 [ 1523.135589][ T5961] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 1523.319642][T24323] loop6: detected capacity change from 0 to 7 [ 1523.331742][T14549] Dev loop6: unable to read RDB block 7 [ 1523.338167][T14549] loop6: AHDI p3 [ 1523.341902][T14549] loop6: partition table partially beyond EOD, truncated [ 1523.372922][T24323] Dev loop6: unable to read RDB block 7 [ 1523.385323][T24323] loop6: AHDI p3 [ 1523.397141][T24323] loop6: partition table partially beyond EOD, truncated [ 1523.836018][T24334] netlink: 44 bytes leftover after parsing attributes in process `syz.2.4885'. [ 1523.894364][ T5887] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 1524.062740][ T5887] usb 4-1: config 1 has an invalid descriptor of length 158, skipping remainder of the config [ 1524.073204][ T5887] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1524.129003][ T5887] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1524.139701][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1524.147895][ T5887] usb 4-1: SerialNumber: syz [ 1524.364986][ T5887] usb 4-1: 0:2 : does not exist [ 1524.408318][ T5887] usb 4-1: unit 5 not found! [ 1524.462574][ T5887] usb 4-1: USB disconnect, device number 109 [ 1524.604311][T20657] Bluetooth: hci4: command 0x0406 tx timeout [ 1524.684558][T20657] Bluetooth: hci3: command 0x0406 tx timeout [ 1524.690595][ T52] Bluetooth: hci5: command 0x0406 tx timeout [ 1524.812003][T14456] usb 5-1: USB disconnect, device number 107 [ 1524.844448][T20657] Bluetooth: hci1: command 0x0405 tx timeout [ 1525.101142][T20657] Bluetooth: hci0: command 0x0406 tx timeout [ 1525.815097][T24370] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1525.874302][ T5961] usb 6-1: new high-speed USB device number 76 using dummy_hcd [ 1525.885451][T24370] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1525.905808][T24363] bridge_slave_1: left allmulticast mode [ 1525.942861][T24363] bridge_slave_1: left promiscuous mode [ 1525.953737][T24363] bridge0: port 2(bridge_slave_1) entered disabled state [ 1526.034807][T14456] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1526.065486][T24363] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 1526.141568][ T5961] usb 6-1: config 160 has an invalid interface number: 200 but max is 0 [ 1526.159647][ T5961] usb 6-1: config 160 has no interface number 0 [ 1526.172591][ T5961] usb 6-1: config 160 interface 200 has no altsetting 0 [ 1526.191287][ T5961] usb 6-1: New USB device found, idVendor=21bb, idProduct=2070, bcdDevice=87.0b [ 1526.212997][ T5961] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1526.245632][ T5961] usb 6-1: Product: syz [ 1526.250498][ T5961] usb 6-1: Manufacturer: syz [ 1526.256357][ T5961] usb 6-1: SerialNumber: syz [ 1526.582997][T24383] netlink: 64 bytes leftover after parsing attributes in process `syz.1.4901'. [ 1526.693701][T20657] Bluetooth: hci4: command 0x0406 tx timeout [ 1526.774632][T20657] Bluetooth: hci3: command 0x0406 tx timeout [ 1526.783403][ T52] Bluetooth: hci5: command 0x0406 tx timeout [ 1526.825184][ T5961] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1526.841219][ T5961] usb 6-1: MIDIStreaming interface descriptor not found [ 1526.892426][ T5907] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 1526.931360][T20657] Bluetooth: hci1: command 0x0405 tx timeout [ 1526.954113][ T5961] usb 6-1: USB disconnect, device number 76 [ 1527.114482][ T5907] usb 4-1: Using ep0 maxpacket: 16 [ 1527.121430][ T5907] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1527.138437][ T5907] usb 4-1: New USB device found, idVendor=0dfc, idProduct=0101, bcdDevice= 0.00 [ 1527.149580][ T5907] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1527.170307][T20657] Bluetooth: hci0: command 0x0406 tx timeout [ 1527.241050][ T5907] usb 4-1: config 0 descriptor?? [ 1527.568709][T24386] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1527.854107][ T5907] hid (null): global environment stack underflow [ 1527.863137][ T5907] hid (null): unknown global tag 0xc [ 1527.870530][ T5907] hid (null): unknown global tag 0x73 [ 1527.881264][ T5907] hid (null): unknown global tag 0xe [ 1527.912291][ T5907] hid (null): unknown global tag 0xc [ 1528.001899][T24404] netlink: 'syz.4.4906': attribute type 4 has an invalid length. [ 1528.061783][T24404] netlink: 'syz.4.4906': attribute type 4 has an invalid length. [ 1528.070659][ T5907] hid (null): unknown global tag 0xd [ 1528.107312][ T5961] usb 6-1: new high-speed USB device number 77 using dummy_hcd [ 1528.167122][ T5907] hid (null): unknown global tag 0x4e [ 1528.189607][ T5907] hid (null): unknown global tag 0xe [ 1528.466116][ T5961] usb 6-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 1528.477991][ T5907] hid-generic 0003:0DFC:0101.005F: unknown main item tag 0x0 [ 1528.504374][ T5961] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1528.522935][ T5907] hid-generic 0003:0DFC:0101.005F: unknown main item tag 0x0 [ 1528.539196][ T5961] usb 6-1: config 0 descriptor?? [ 1528.561943][ T5907] hid-generic 0003:0DFC:0101.005F: unknown main item tag 0x0 [ 1528.626045][ T5907] hid-generic 0003:0DFC:0101.005F: unknown main item tag 0x0 [ 1528.670593][ T5907] hid-generic 0003:0DFC:0101.005F: unknown main item tag 0x0 [ 1528.704784][ T5907] hid-generic 0003:0DFC:0101.005F: unknown main item tag 0x0 [ 1528.742712][ T5907] hid-generic 0003:0DFC:0101.005F: unknown main item tag 0x0 [ 1528.801488][T24401] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1528.906022][T24401] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1529.010139][T24414] tipc: Enabling of bearer rejected, already enabled [ 1529.026383][ T5907] hid-generic 0003:0DFC:0101.005F: unknown main item tag 0x0 [ 1529.134803][ T5907] hid-generic 0003:0DFC:0101.005F: unknown main item tag 0x0 [ 1529.185282][ T5907] hid-generic 0003:0DFC:0101.005F: unknown main item tag 0x0 [ 1529.227458][ T5907] hid-generic 0003:0DFC:0101.005F: unexpected long global item [ 1529.263078][ T5907] hid-generic 0003:0DFC:0101.005F: probe with driver hid-generic failed with error -22 [ 1529.278164][ T5961] ath6kl: Failed to read usb control message: -71 [ 1529.285005][ T5961] ath6kl: Unable to read the bmi data from the device: -71 [ 1529.292658][ T5907] usb 4-1: USB disconnect, device number 110 [ 1529.302574][ T5961] ath6kl: Unable to recv target info: -71 [ 1529.465440][ T5961] ath6kl: Failed to init ath6kl core: -71 [ 1529.513221][ T5961] ath6kl_usb 6-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 1529.563051][ T5961] usb 6-1: USB disconnect, device number 77 [ 1530.627953][T24447] netlink: 24 bytes leftover after parsing attributes in process `syz.1.4915'. [ 1530.954263][ T43] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 1531.209006][T24455] bond3 (unregistering): Released all slaves [ 1531.283371][ T43] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1531.301799][ T43] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1531.536364][ T43] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1531.555155][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1531.570354][ T43] usb 5-1: SerialNumber: syz [ 1531.805085][ T43] usb 5-1: 0:2 : does not exist [ 1531.840845][ T43] usb 5-1: USB disconnect, device number 108 [ 1532.004255][T14549] udevd[14549]: setting mode of /dev/snd/controlC3 to 020660 failed: No such file or directory [ 1532.034067][T14549] udevd[14549]: setting owner of /dev/snd/controlC3 to uid=0, gid=29 failed: No such file or directory [ 1532.477989][T24471] netlink: 44 bytes leftover after parsing attributes in process `syz.5.4924'. [ 1533.552882][T24488] sctp: [Deprecated]: syz.1.4930 (pid 24488) Use of int in max_burst socket option deprecated. [ 1533.552882][T24488] Use struct sctp_assoc_value instead [ 1533.876059][T24503] netlink: 'syz.5.4935': attribute type 11 has an invalid length. [ 1533.895308][T24503] FAULT_INJECTION: forcing a failure. [ 1533.895308][T24503] name failslab, interval 1, probability 0, space 0, times 0 [ 1533.912081][T24503] CPU: 0 UID: 0 PID: 24503 Comm: syz.5.4935 Not tainted syzkaller #0 PREEMPT(full) [ 1533.912102][T24503] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1533.912114][T24503] Call Trace: [ 1533.912122][T24503] [ 1533.912129][T24503] dump_stack_lvl+0x189/0x250 [ 1533.912158][T24503] ? __pfx____ratelimit+0x10/0x10 [ 1533.912178][T24503] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1533.912200][T24503] ? __pfx__printk+0x10/0x10 [ 1533.912223][T24503] ? __pfx___might_resched+0x10/0x10 [ 1533.912242][T24503] ? fs_reclaim_acquire+0x7d/0x100 [ 1533.912271][T24503] should_fail_ex+0x414/0x560 [ 1533.912301][T24503] should_failslab+0xa8/0x100 [ 1533.912322][T24503] kmem_cache_alloc_noprof+0x74/0x6e0 [ 1533.912344][T24503] ? __asan_memcpy+0x40/0x70 [ 1533.912365][T24503] ? __kernfs_new_node+0xd7/0x7e0 [ 1533.912392][T24503] __kernfs_new_node+0xd7/0x7e0 [ 1533.912414][T24503] ? __lock_acquire+0xab9/0xd20 [ 1533.912439][T24503] ? __pfx___kernfs_new_node+0x10/0x10 [ 1533.912462][T24503] ? kernfs_root+0x1c/0x230 [ 1533.912490][T24503] ? kernfs_root+0x1c/0x230 [ 1533.912510][T24503] ? kernfs_root+0x1c/0x230 [ 1533.912529][T24503] ? kernfs_root+0x1c/0x230 [ 1533.912555][T24503] kernfs_new_node+0x102/0x210 [ 1533.912584][T24503] kernfs_create_dir_ns+0x44/0x130 [ 1533.912612][T24503] sysfs_create_dir_ns+0x123/0x280 [ 1533.912637][T24503] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 1533.912661][T24503] ? do_raw_spin_unlock+0x122/0x240 [ 1533.912688][T24503] kobject_add_internal+0x59f/0xb40 [ 1533.912723][T24503] kobject_add+0x155/0x220 [ 1533.912752][T24503] ? __pfx_kobject_add+0x10/0x10 [ 1533.912776][T24503] ? do_raw_spin_unlock+0x122/0x240 [ 1533.912803][T24503] ? get_device_parent+0x366/0x3a0 [ 1533.912828][T24503] device_add+0x408/0xb50 [ 1533.912853][T24503] device_create+0x25b/0x2f0 [ 1533.912877][T24503] ? timer_init_key+0x171/0x2d0 [ 1533.912903][T24503] ? __pfx_device_create+0x10/0x10 [ 1533.912926][T24503] ? ieee80211_alloc_hw_nm+0x18fa/0x1f60 [ 1533.912955][T24503] mac80211_hwsim_new_radio+0x41b/0x5220 [ 1533.912998][T24503] ? __pfx__printk+0x10/0x10 [ 1533.913019][T24503] ? __sock_sendmsg+0x21c/0x270 [ 1533.913044][T24503] ? nla_get_range_unsigned+0x294/0x4b0 [ 1533.913065][T24503] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 1533.913092][T24503] ? __nla_validate_parse+0x2400/0x2d40 [ 1533.913110][T24503] ? __x64_sys_sendmsg+0x19b/0x260 [ 1533.913137][T24503] hwsim_new_radio_nl+0xf5b/0x1bd0 [ 1533.913169][T24503] ? __pfx___nla_validate_parse+0x10/0x10 [ 1533.913200][T24503] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1533.913229][T24503] ? rcu_is_watching+0x15/0xb0 [ 1533.913252][T24503] ? __nla_parse+0x40/0x60 [ 1533.913275][T24503] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 1533.913305][T24503] genl_family_rcv_msg_doit+0x215/0x300 [ 1533.913334][T24503] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1533.913370][T24503] ? bpf_lsm_capable+0x9/0x20 [ 1533.913390][T24503] ? security_capable+0x7e/0x2e0 [ 1533.913420][T24503] genl_rcv_msg+0x60e/0x790 [ 1533.913449][T24503] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1533.913469][T24503] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 1533.913496][T24503] ? __asan_memcpy+0x40/0x70 [ 1533.913517][T24503] ? __pfx_ref_tracker_free+0x10/0x10 [ 1533.913543][T24503] netlink_rcv_skb+0x208/0x470 [ 1533.913567][T24503] ? __lock_acquire+0xab9/0xd20 [ 1533.913585][T24503] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1533.913607][T24503] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1533.913651][T24503] ? down_read+0x1ad/0x2e0 [ 1533.913677][T24503] genl_rcv+0x28/0x40 [ 1533.913695][T24503] netlink_unicast+0x82f/0x9e0 [ 1533.913729][T24503] ? __pfx_netlink_unicast+0x10/0x10 [ 1533.913754][T24503] ? netlink_sendmsg+0x642/0xb30 [ 1533.913770][T24503] ? skb_put+0x11b/0x210 [ 1533.913791][T24503] netlink_sendmsg+0x805/0xb30 [ 1533.913818][T24503] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1533.913840][T24503] ? aa_sock_msg_perm+0xf1/0x1d0 [ 1533.913865][T24503] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1533.913882][T24503] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1533.913899][T24503] __sock_sendmsg+0x21c/0x270 [ 1533.913925][T24503] ____sys_sendmsg+0x505/0x830 [ 1533.913950][T24503] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1533.913978][T24503] ? import_iovec+0x74/0xa0 [ 1533.914008][T24503] ___sys_sendmsg+0x21f/0x2a0 [ 1533.914030][T24503] ? __pfx____sys_sendmsg+0x10/0x10 [ 1533.914088][T24503] ? __fget_files+0x2a/0x420 [ 1533.914104][T24503] ? __fget_files+0x3a0/0x420 [ 1533.914132][T24503] __x64_sys_sendmsg+0x19b/0x260 [ 1533.914153][T24503] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1533.914178][T24503] ? __pfx_ksys_write+0x10/0x10 [ 1533.914204][T24503] ? do_syscall_64+0xbe/0xfa0 [ 1533.914228][T24503] do_syscall_64+0xfa/0xfa0 [ 1533.914247][T24503] ? lockdep_hardirqs_on+0x9c/0x150 [ 1533.914268][T24503] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1533.914285][T24503] ? clear_bhb_loop+0x60/0xb0 [ 1533.914306][T24503] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1533.914323][T24503] RIP: 0033:0x7f09f3f8efc9 [ 1533.914341][T24503] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1533.914356][T24503] RSP: 002b:00007f09f4dd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1533.914376][T24503] RAX: ffffffffffffffda RBX: 00007f09f41e5fa0 RCX: 00007f09f3f8efc9 [ 1533.914389][T24503] RDX: 0000000000000084 RSI: 0000200000000100 RDI: 0000000000000003 [ 1533.914400][T24503] RBP: 00007f09f4dd5090 R08: 0000000000000000 R09: 0000000000000000 [ 1533.914411][T24503] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1533.914423][T24503] R13: 00007f09f41e6038 R14: 00007f09f41e5fa0 R15: 00007f09f430fa28 [ 1533.914455][T24503] [ 1534.448482][ C0] vkms_vblank_simulate: vblank timer overrun [ 1534.476362][T24503] kobject: kobject_add_internal failed for hwsim31 (error: -12 parent: mac80211_hwsim) [ 1535.835286][T24523] vhci_hcd vhci_hcd.0: pdev(5) rhport(0) sockfd(9) [ 1535.841820][T24523] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1535.853865][T24523] vhci_hcd vhci_hcd.0: Device attached [ 1535.877513][T24523] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1535.897909][T24523] vhci_hcd vhci_hcd.0: pdev(5) rhport(2) sockfd(13) [ 1535.904524][T24523] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1535.943501][T24523] vhci_hcd vhci_hcd.0: Device attached [ 1536.009558][T24527] vhci_hcd vhci_hcd.0: pdev(5) rhport(3) sockfd(16) [ 1536.016199][T24527] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1536.024695][T14456] vhci_hcd: vhci_device speed not set [ 1536.044283][T24523] vhci_hcd vhci_hcd.0: pdev(5) rhport(4) sockfd(15) [ 1536.050910][T24523] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1536.074115][T24523] vhci_hcd vhci_hcd.0: Device attached [ 1536.085661][T14456] usb 43-1: new full-speed USB device number 6 using vhci_hcd [ 1536.139637][T24539] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 1536.154559][T24527] vhci_hcd vhci_hcd.0: Device attached [ 1536.154599][T24523] vhci_hcd vhci_hcd.0: pdev(5) rhport(6) sockfd(23) [ 1536.166652][T24523] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1536.174573][T24523] vhci_hcd vhci_hcd.0: Device attached [ 1536.193866][T24523] vhci_hcd vhci_hcd.0: pdev(5) rhport(7) sockfd(18) [ 1536.200488][T24523] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1536.216718][T24523] vhci_hcd vhci_hcd.0: Device attached [ 1536.297395][T24534] vhci_hcd: connection closed [ 1536.297399][T24531] vhci_hcd: connection closed [ 1536.302406][T16612] vhci_hcd: stop threads [ 1536.311772][T24529] vhci_hcd: connection reset by peer [ 1536.317869][T24541] vhci_hcd: connection closed [ 1536.318013][T24544] vhci_hcd: connection closed [ 1536.322845][T16612] vhci_hcd: release socket [ 1536.337054][T16612] vhci_hcd: disconnect device [ 1536.340665][T24536] vhci_hcd: connection closed [ 1536.342095][T16612] vhci_hcd: stop threads [ 1536.357006][T16612] vhci_hcd: release socket [ 1536.367233][T16612] vhci_hcd: disconnect device [ 1536.377634][T16612] vhci_hcd: stop threads [ 1536.385319][T16612] vhci_hcd: release socket [ 1536.390062][T16612] vhci_hcd: disconnect device [ 1536.400108][T16612] vhci_hcd: stop threads [ 1536.458705][T16612] vhci_hcd: release socket [ 1536.463312][T16612] vhci_hcd: disconnect device [ 1536.495061][T16612] vhci_hcd: stop threads [ 1536.500915][T16612] vhci_hcd: release socket [ 1536.510867][T16612] vhci_hcd: disconnect device [ 1536.520642][T16612] vhci_hcd: stop threads [ 1536.534041][T16612] vhci_hcd: release socket [ 1536.548544][T16612] vhci_hcd: disconnect device [ 1536.744844][ T5908] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 1536.905451][ T5908] usb 3-1: Using ep0 maxpacket: 8 [ 1536.915330][ T5908] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 1536.929856][ T5908] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 54240, setting to 1024 [ 1537.132091][ T5908] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 1537.179569][T24559] tipc: Enabling of bearer rejected, already enabled [ 1537.247380][ T5908] usb 3-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1537.332076][ T5908] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 1537.363141][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1537.462258][ T5908] usb 3-1: Product: syz [ 1537.497631][ T5908] usb 3-1: Manufacturer: syz [ 1537.521480][ T5908] usb 3-1: SerialNumber: syz [ 1537.548667][T24551] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1537.557649][T24551] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1537.797244][ T5908] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 1537.828962][ T5908] usbtest 3-1:1.0: Linux user mode ISO test driver [ 1537.845801][ T5908] usbtest 3-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt) [ 1537.979450][ T5908] usb 3-1: USB disconnect, device number 21 [ 1538.204697][ T10] usb 5-1: new high-speed USB device number 109 using dummy_hcd [ 1538.376032][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1538.386203][ T10] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1538.400530][ T10] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1538.465776][ T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1538.475309][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1538.517581][ T10] usb 5-1: Product: syz [ 1538.531948][ T10] usb 5-1: Manufacturer: syz [ 1538.558488][ T10] usb 5-1: SerialNumber: syz [ 1538.601478][ T10] hub 5-1:1.0: bad descriptor, ignoring hub [ 1538.619168][ T10] hub 5-1:1.0: probe with driver hub failed with error -5 [ 1538.821110][ T10] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 109 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1538.917839][T24579] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4954'. [ 1539.324305][ T10] usb 6-1: new high-speed USB device number 78 using dummy_hcd [ 1539.455770][ T10] usb 6-1: device descriptor read/64, error -71 [ 1539.714908][ T10] usb 6-1: new high-speed USB device number 79 using dummy_hcd [ 1539.850336][ T10] usb 6-1: device descriptor read/64, error -71 [ 1539.967434][ T10] usb usb6-port1: attempt power cycle [ 1540.314686][ T5861] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 1540.345014][ T10] usb 6-1: new high-speed USB device number 80 using dummy_hcd [ 1540.366020][ T10] usb 6-1: device descriptor read/8, error -71 [ 1540.483176][ T5861] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 1540.494724][ T5861] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1540.506729][ T5861] usb 4-1: config 220 has no interface number 2 [ 1540.514828][ T5861] usb 4-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1540.529135][ T5861] usb 4-1: config 220 interface 0 has no altsetting 0 [ 1540.534417][ T5961] usb 2-1: new full-speed USB device number 106 using dummy_hcd [ 1540.536922][ T5861] usb 4-1: config 220 interface 76 has no altsetting 0 [ 1540.552171][ T5861] usb 4-1: config 220 interface 1 has no altsetting 0 [ 1540.563550][ T5861] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1540.573282][ T5861] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1540.582251][ T5861] usb 4-1: Product: syz [ 1540.587374][ T5861] usb 4-1: Manufacturer: syz [ 1540.592101][ T5861] usb 4-1: SerialNumber: syz [ 1540.604782][ T10] usb 6-1: new high-speed USB device number 81 using dummy_hcd [ 1540.635525][ T10] usb 6-1: device descriptor read/8, error -71 [ 1540.726227][ T5961] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1540.737607][ T5961] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1540.747125][ T10] usb usb6-port1: unable to enumerate USB device [ 1540.771671][ T5961] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1540.781012][ T5961] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1540.789151][ T5961] usb 2-1: Product: syz [ 1540.793406][ T5961] usb 2-1: Manufacturer: syz [ 1540.806375][ T5961] usb 2-1: SerialNumber: syz [ 1540.866821][ T5861] usb 4-1: selecting invalid altsetting 0 [ 1540.878801][ T5861] uvcvideo 4-1:220.0: Found UVC 7.01 device syz (8086:0b07) [ 1540.892985][ T5861] uvcvideo 4-1:220.0: No valid video chain found. [ 1540.915989][T24604] netlink: 'syz.2.4961': attribute type 4 has an invalid length. [ 1540.959072][T24604] netlink: 'syz.2.4961': attribute type 4 has an invalid length. [ 1540.968362][ T5861] usb 4-1: selecting invalid altsetting 0 [ 1540.974718][ T5861] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 1541.010339][ T5861] usb 4-1: USB disconnect, device number 111 [ 1541.387676][ T5961] usb 2-1: 0:2 : does not exist [ 1541.395806][ T5961] usb 2-1: unit 9 not found! [ 1541.406409][ T5961] usb 2-1: 4:0: cannot get min/max values for control 1 (id 4) [ 1541.416615][T14456] vhci_hcd: vhci_device speed not set [ 1541.618291][ T5961] usb 2-1: USB disconnect, device number 106 [ 1542.417305][T24634] FAULT_INJECTION: forcing a failure. [ 1542.417305][T24634] name failslab, interval 1, probability 0, space 0, times 0 [ 1542.474305][T24634] CPU: 1 UID: 0 PID: 24634 Comm: syz.5.4969 Not tainted syzkaller #0 PREEMPT(full) [ 1542.474332][T24634] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1542.474343][T24634] Call Trace: [ 1542.474352][T24634] [ 1542.474360][T24634] dump_stack_lvl+0x189/0x250 [ 1542.474389][T24634] ? __pfx____ratelimit+0x10/0x10 [ 1542.474412][T24634] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1542.474436][T24634] ? __pfx__printk+0x10/0x10 [ 1542.474460][T24634] ? __pfx___might_resched+0x10/0x10 [ 1542.474485][T24634] should_fail_ex+0x414/0x560 [ 1542.474518][T24634] should_failslab+0xa8/0x100 [ 1542.474539][T24634] __kmalloc_noprof+0xcb/0x7f0 [ 1542.474561][T24634] ? kfree+0x4d/0x6d0 [ 1542.474579][T24634] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1542.474613][T24634] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1542.474639][T24634] ? tomoyo_domain+0xd9/0x130 [ 1542.474663][T24634] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1542.474682][T24634] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1542.474704][T24634] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1542.474758][T24634] ? __fget_files+0x2a/0x420 [ 1542.474779][T24634] ? __fget_files+0x3a0/0x420 [ 1542.474794][T24634] ? __fget_files+0x2a/0x420 [ 1542.474814][T24634] security_file_ioctl+0xcb/0x2d0 [ 1542.474839][T24634] __se_sys_ioctl+0x47/0x170 [ 1542.474861][T24634] do_syscall_64+0xfa/0xfa0 [ 1542.474880][T24634] ? lockdep_hardirqs_on+0x9c/0x150 [ 1542.474902][T24634] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1542.474925][T24634] ? clear_bhb_loop+0x60/0xb0 [ 1542.474945][T24634] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1542.474960][T24634] RIP: 0033:0x7f09f3f8efc9 [ 1542.474976][T24634] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1542.474990][T24634] RSP: 002b:00007f09f4dd5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1542.475010][T24634] RAX: ffffffffffffffda RBX: 00007f09f41e5fa0 RCX: 00007f09f3f8efc9 [ 1542.475021][T24634] RDX: 0000200000000080 RSI: 00000000400454d9 RDI: 0000000000000003 [ 1542.475032][T24634] RBP: 00007f09f4dd5090 R08: 0000000000000000 R09: 0000000000000000 [ 1542.475042][T24634] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1542.475053][T24634] R13: 00007f09f41e6038 R14: 00007f09f41e5fa0 R15: 00007f09f430fa28 [ 1542.475080][T24634] [ 1542.475164][T24634] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1543.044515][ T5907] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 1543.198789][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1543.234057][ T5908] usb 5-1: USB disconnect, device number 109 [ 1543.245498][ T5908] usblp0: removed [ 1543.333233][ T5907] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1543.365026][ T5907] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1543.683563][T24646] netlink: 'syz.3.4972': attribute type 4 has an invalid length. [ 1543.738276][T24646] netlink: 'syz.3.4972': attribute type 4 has an invalid length. [ 1543.747401][ T5907] usb 2-1: New USB device found, idVendor=0eef, idProduct=72d0, bcdDevice= 0.00 [ 1543.952129][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1543.973390][ T5907] usb 2-1: config 0 descriptor?? [ 1544.074605][ T5908] usb 5-1: new high-speed USB device number 110 using dummy_hcd [ 1544.241296][ T5908] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1544.272934][ T5908] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1544.313614][ T5908] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1544.345013][ T5908] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1544.389096][ T5908] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1544.433047][ T5907] hid-multitouch 0003:0EEF:72D0.0060: unbalanced collection at end of report description [ 1544.444128][ T5907] hid-multitouch 0003:0EEF:72D0.0060: probe with driver hid-multitouch failed with error -22 [ 1544.461852][ T5908] usb 5-1: config 0 descriptor?? [ 1544.664045][ T43] usb 2-1: USB disconnect, device number 107 [ 1544.890676][ T5908] plantronics 0003:047F:FFFF.0061: reserved main item tag 0xd [ 1544.920153][ T5908] hid_parser_main: 54 callbacks suppressed [ 1544.920176][ T5908] plantronics 0003:047F:FFFF.0061: unknown main item tag 0x0 [ 1544.944790][ T5908] plantronics 0003:047F:FFFF.0061: unknown main item tag 0x0 [ 1544.957983][ T5908] plantronics 0003:047F:FFFF.0061: unknown main item tag 0x0 [ 1544.972470][ T5908] plantronics 0003:047F:FFFF.0061: unknown main item tag 0x0 [ 1544.986987][ T5908] plantronics 0003:047F:FFFF.0061: unknown main item tag 0x0 [ 1545.256978][ T5908] plantronics 0003:047F:FFFF.0061: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1545.767452][ T5908] usb 5-1: USB disconnect, device number 110 [ 1545.897678][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1545.944948][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1546.835219][ T43] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 1547.016329][ T43] usb 3-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 1547.067361][ T43] usb 3-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 1547.123485][ T43] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1547.169217][ T43] usb 3-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00 [ 1547.212063][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1547.238983][ T43] usb 3-1: config 0 descriptor?? [ 1547.282273][T24672] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1547.625208][ T43] usbhid 3-1:0.0: can't add hid device: -71 [ 1547.846158][ T43] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1547.890209][ T43] usb 3-1: USB disconnect, device number 22 [ 1548.207841][T24704] netdevsim netdevsim1: loading /lib/firmware/. failed with error -22 [ 1548.225106][T24704] netdevsim netdevsim1: Direct firmware load for . failed with error -22 [ 1548.243383][T24704] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 1548.644597][ T5908] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 1548.814499][ T5908] usb 3-1: Using ep0 maxpacket: 32 [ 1548.836394][ T5908] usb 3-1: config 0 has an invalid interface number: 184 but max is 11 [ 1548.848494][ T5908] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 12 [ 1548.879244][ T5908] usb 3-1: config 0 has no interface number 0 [ 1548.898185][ T5908] usb 3-1: config 0 interface 184 has no altsetting 0 [ 1548.927440][ T5908] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 1548.936901][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1548.954706][ T5908] usb 3-1: Product: syz [ 1548.966703][ T5908] usb 3-1: Manufacturer: syz [ 1548.975458][ T5908] usb 3-1: SerialNumber: syz [ 1549.012303][ T5908] usb 3-1: config 0 descriptor?? [ 1549.027917][ T5908] smsc75xx v1.0.0 [ 1549.584251][ T43] usb 2-1: new high-speed USB device number 108 using dummy_hcd [ 1549.633308][ T5908] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 1549.644901][ T5908] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 1549.655326][ T5961] usb 5-1: new high-speed USB device number 111 using dummy_hcd [ 1549.724664][ T24] usb 6-1: new high-speed USB device number 82 using dummy_hcd [ 1549.744263][ T43] usb 2-1: Using ep0 maxpacket: 16 [ 1549.752849][ T43] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1549.763886][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1549.772769][ T43] usb 2-1: Product: syz [ 1549.777216][ T43] usb 2-1: Manufacturer: syz [ 1549.781819][ T43] usb 2-1: SerialNumber: syz [ 1549.793539][ T43] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1549.800321][ T43] r8152-cfgselector 2-1: config 0 descriptor?? [ 1549.814326][ T5961] usb 5-1: Using ep0 maxpacket: 16 [ 1549.821360][ T5961] usb 5-1: config 252 has an invalid interface number: 15 but max is 0 [ 1549.829691][ T5961] usb 5-1: config 252 has no interface number 0 [ 1549.836276][ T5961] usb 5-1: config 252 interface 15 altsetting 0 endpoint 0x83 has invalid maxpacket 1023, setting to 64 [ 1549.850239][ T5961] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=2b.29 [ 1549.859385][ T5961] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1549.868946][ T5961] usb 5-1: Product: syz [ 1549.873148][ T5961] usb 5-1: Manufacturer: syz [ 1549.877869][ T5961] usb 5-1: SerialNumber: syz [ 1549.884569][ T24] usb 6-1: Using ep0 maxpacket: 8 [ 1549.897878][ T24] usb 6-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 1549.907584][ T24] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1549.916574][ T24] usb 6-1: Product: syz [ 1549.922345][ T5961] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 1549.934251][ T24] usb 6-1: Manufacturer: syz [ 1549.938881][ T24] usb 6-1: SerialNumber: syz [ 1549.960639][ T24] usb 6-1: config 0 descriptor?? [ 1549.969529][ T24] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 1550.101013][T24717] ICMPv6: Received fragmented ndisc packet. Carefully consider disabling suppress_frag_ndisc. [ 1550.136464][T24717] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1550.148041][T24717] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1550.230649][T24711] tipc: Enabled bearer , priority 0 [ 1550.300019][T24731] syzkaller0: MTU too low for tipc bearer [ 1550.326593][T24731] tipc: Disabling bearer [ 1550.351333][T24732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1550.363246][T24732] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1550.465562][T24707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1550.495391][T24707] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1550.873941][ T5908] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -71 [ 1550.885498][ T5908] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -71 [ 1550.896008][ T5908] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 1550.906816][ T5908] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71 [ 1550.928491][ T5861] r8152-cfgselector 2-1: USB disconnect, device number 108 [ 1550.955787][ T5908] usb 3-1: USB disconnect, device number 23 [ 1551.007894][ T76] usb 5-1: Failed to submit usb control message: -110 [ 1551.016824][ T76] usb 5-1: unable to send the bmi data to the device: -110 [ 1551.026060][ T76] usb 5-1: unable to get target info from device [ 1551.032966][ T76] usb 5-1: could not get target info (-110) [ 1551.043601][ T76] usb 5-1: could not probe fw (-110) [ 1551.324240][ T43] usb 4-1: new full-speed USB device number 112 using dummy_hcd [ 1551.493254][ T43] usb 4-1: config 0 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 1551.504862][ T43] usb 4-1: config 0 interface 0 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 7 [ 1551.517836][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1551.547133][T24740] FAULT_INJECTION: forcing a failure. [ 1551.547133][T24740] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1551.560498][T24740] CPU: 1 UID: 0 PID: 24740 Comm: syz.2.4998 Not tainted syzkaller #0 PREEMPT(full) [ 1551.560522][T24740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1551.560534][T24740] Call Trace: [ 1551.560541][T24740] [ 1551.560550][T24740] dump_stack_lvl+0x189/0x250 [ 1551.560578][T24740] ? __pfx____ratelimit+0x10/0x10 [ 1551.560600][T24740] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1551.560623][T24740] ? __pfx__printk+0x10/0x10 [ 1551.560641][T24740] ? __might_fault+0xb0/0x130 [ 1551.560675][T24740] should_fail_ex+0x414/0x560 [ 1551.560705][T24740] _copy_from_user+0x2d/0xb0 [ 1551.560727][T24740] ___sys_sendmsg+0x158/0x2a0 [ 1551.560749][T24740] ? __pfx____sys_sendmsg+0x10/0x10 [ 1551.560801][T24740] ? __fget_files+0x2a/0x420 [ 1551.560819][T24740] ? __fget_files+0x3a0/0x420 [ 1551.560845][T24740] __x64_sys_sendmsg+0x19b/0x260 [ 1551.560867][T24740] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1551.560913][T24740] do_syscall_64+0xfa/0xfa0 [ 1551.560937][T24740] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1551.560953][T24740] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 1551.560970][T24740] ? clear_bhb_loop+0x60/0xb0 [ 1551.560991][T24740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1551.561009][T24740] RIP: 0033:0x7f6193f8efc9 [ 1551.561025][T24740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1551.561040][T24740] RSP: 002b:00007f6194d47038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1551.561059][T24740] RAX: ffffffffffffffda RBX: 00007f61941e6180 RCX: 00007f6193f8efc9 [ 1551.561073][T24740] RDX: 0000000024040808 RSI: 0000200000000380 RDI: 000000000000000a [ 1551.561085][T24740] RBP: 00007f6194d47090 R08: 0000000000000000 R09: 0000000000000000 [ 1551.561097][T24740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1551.561107][T24740] R13: 00007f61941e6218 R14: 00007f61941e6180 R15: 00007f619430fa28 [ 1551.561137][T24740] [ 1551.781418][ T43] usb 4-1: New USB device found, idVendor=047f, idProduct=c055, bcdDevice= 0.00 [ 1551.790845][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1551.813759][ T43] usb 4-1: config 0 descriptor?? [ 1551.829738][T24736] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1552.053241][T24736] netlink: 16 bytes leftover after parsing attributes in process `syz.3.4997'. [ 1552.081382][ T43] usbhid 4-1:0.0: can't add hid device: -71 [ 1552.098967][ T43] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1552.135467][ T43] usb 4-1: USB disconnect, device number 112 [ 1552.425144][ T43] usb 5-1: USB disconnect, device number 111 [ 1552.612249][T24734] Bluetooth: hci0: command 0x0406 tx timeout [ 1553.135128][ T5908] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 1553.304432][ T5908] usb 3-1: Using ep0 maxpacket: 8 [ 1553.312078][ T5908] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x73, changing to 0x3 [ 1553.325322][ T5908] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1553.371108][ T5908] usb 3-1: New USB device found, idVendor=0e9c, idProduct=0000, bcdDevice=5b.1e [ 1553.410018][ T5908] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1553.573413][ T5908] usb 3-1: Product: syz [ 1553.585822][ T5908] usb 3-1: Manufacturer: syz [ 1553.601727][ T5908] usb 3-1: SerialNumber: syz [ 1553.620724][ T5908] usb 3-1: config 0 descriptor?? [ 1553.638998][ T5908] streamzap 3-1:0.0: streamzap_probe: endpoint doesn't match input device 0203 [ 1553.736465][ T24] gspca_sonixj: reg_w1 err -71 [ 1553.742077][ T24] sonixj 6-1:0.0: probe with driver sonixj failed with error -71 [ 1553.770212][ T24] usb 6-1: USB disconnect, device number 82 [ 1553.867198][ T5961] usb 3-1: USB disconnect, device number 24 [ 1554.346444][T24781] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1554.400642][T24785] loop6: detected capacity change from 0 to 7 [ 1554.407968][T24785] Dev loop6: unable to read RDB block 7 [ 1554.413637][T24785] loop6: AHDI p3 [ 1554.418598][T24785] loop6: partition table partially beyond EOD, truncated [ 1554.685551][T24734] Bluetooth: hci0: command 0x0406 tx timeout [ 1554.708864][T24792] tipc: Enabling of bearer rejected, already enabled [ 1555.234318][ T24] usb 3-1: new full-speed USB device number 25 using dummy_hcd [ 1555.477819][ T24] usb 3-1: New USB device found, idVendor=2770, idProduct=930c, bcdDevice=8d.6a [ 1555.504290][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1555.514359][ T43] usb 2-1: new high-speed USB device number 109 using dummy_hcd [ 1555.524837][ T24] usb 3-1: Product: syz [ 1555.541943][ T24] usb 3-1: Manufacturer: syz [ 1555.552076][ T24] usb 3-1: SerialNumber: syz [ 1555.707589][ T24] usb 3-1: config 0 descriptor?? [ 1555.734245][ T43] usb 2-1: Using ep0 maxpacket: 16 [ 1555.803948][ T24] gspca_main: sq930x-2.14.0 probing 2770:930c [ 1555.811399][ T43] usb 2-1: config 0 has an invalid interface number: 41 but max is 0 [ 1555.819874][ T43] usb 2-1: config 0 has no interface number 0 [ 1555.827439][ T43] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1555.888018][ T43] usb 2-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1555.932344][ T43] usb 2-1: config 0 interface 41 has no altsetting 0 [ 1555.961728][ T43] usb 2-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 1555.973819][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1556.001093][ T43] usb 2-1: Product: syz [ 1556.031504][ T43] usb 2-1: Manufacturer: syz [ 1556.048925][ T43] usb 2-1: SerialNumber: syz [ 1556.084397][ T43] usb 2-1: config 0 descriptor?? [ 1556.105530][T24802] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1556.112950][T24802] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 1556.361551][ T24] gspca_sq930x: ucbus_write failed -71 [ 1556.375396][ T24] sq930x 3-1:0.0: probe with driver sq930x failed with error -71 [ 1556.409604][ T24] usb 3-1: USB disconnect, device number 25 [ 1556.661955][T24819] GUP no longer grows the stack in syz.5.5023 (24819): 200000005000-200000008000 (200000004000) [ 1556.673504][T24819] CPU: 1 UID: 0 PID: 24819 Comm: syz.5.5023 Not tainted syzkaller #0 PREEMPT(full) [ 1556.673529][T24819] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1556.673541][T24819] Call Trace: [ 1556.673550][T24819] [ 1556.673561][T24819] dump_stack_lvl+0x189/0x250 [ 1556.673594][T24819] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1556.673618][T24819] ? __pfx__printk+0x10/0x10 [ 1556.673634][T24819] ? find_vma+0xe7/0x160 [ 1556.673670][T24819] fixup_user_fault+0x661/0x720 [ 1556.673700][T24819] fault_in_user_writeable+0x72/0xe0 [ 1556.673726][T24819] futex_lock_pi+0x773/0xa90 [ 1556.673753][T24819] ? __pfx_futex_lock_pi+0x10/0x10 [ 1556.673800][T24819] ? __pfx_futex_wake_mark+0x10/0x10 [ 1556.673833][T24819] ? __pfx_userfaultfd_unmap_complete+0x10/0x10 [ 1556.673869][T24819] do_futex+0x292/0x420 [ 1556.673900][T24819] ? __pfx_do_futex+0x10/0x10 [ 1556.673926][T24819] ? __vm_munmap+0x2c1/0x380 [ 1556.673953][T24819] __se_sys_futex+0x36f/0x400 [ 1556.673985][T24819] ? __pfx___se_sys_futex+0x10/0x10 [ 1556.674018][T24819] ? __x64_sys_futex+0x21/0xf0 [ 1556.674047][T24819] do_syscall_64+0xfa/0xfa0 [ 1556.674070][T24819] ? lockdep_hardirqs_on+0x9c/0x150 [ 1556.674093][T24819] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1556.674112][T24819] ? clear_bhb_loop+0x60/0xb0 [ 1556.674136][T24819] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1556.674152][T24819] RIP: 0033:0x7f09f3f8efc9 [ 1556.674167][T24819] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1556.674182][T24819] RSP: 002b:00007f09f4dd5038 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1556.674202][T24819] RAX: ffffffffffffffda RBX: 00007f09f41e5fa0 RCX: 00007f09f3f8efc9 [ 1556.674216][T24819] RDX: 00000000fffffffd RSI: 000000000000008d RDI: 0000200000004000 [ 1556.674228][T24819] RBP: 00007f09f4011f91 R08: 0000000000000000 R09: 0000000000000000 [ 1556.674249][T24819] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1556.674261][T24819] R13: 00007f09f41e6038 R14: 00007f09f41e5fa0 R15: 00007f09f430fa28 [ 1556.674294][T24819] [ 1556.891429][ T5887] usb 4-1: new high-speed USB device number 113 using dummy_hcd [ 1557.021918][ T43] dm9601 2-1:0.41: probe with driver dm9601 failed with error -71 [ 1557.031337][ T43] sr9700 2-1:0.41: probe with driver sr9700 failed with error -71 [ 1557.049163][ T43] usb 2-1: USB disconnect, device number 109 [ 1557.074295][ T5887] usb 4-1: Using ep0 maxpacket: 16 [ 1557.101271][ T5887] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1557.112016][ T5887] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1557.125882][ T5887] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1557.136391][ T5887] usb 4-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 1557.149118][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1557.161516][ T5887] usb 4-1: config 0 descriptor?? [ 1557.654390][ T5861] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 1557.777450][ T5887] hid-picolcd 0003:04D8:F002.0062: unknown main item tag 0x0 [ 1557.843594][ T5887] hid-picolcd 0003:04D8:F002.0062: unknown main item tag 0x0 [ 1557.869367][ T5887] hid-picolcd 0003:04D8:F002.0062: unknown main item tag 0x0 [ 1557.894870][ T5887] hid-picolcd 0003:04D8:F002.0062: unknown main item tag 0x0 [ 1557.973111][ T5887] hid-picolcd 0003:04D8:F002.0062: unknown main item tag 0x0 [ 1557.983259][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1558.084404][ T5887] hid-picolcd 0003:04D8:F002.0062: No report with id 0xf3 found [ 1558.174341][ T5887] hid-picolcd 0003:04D8:F002.0062: No report with id 0xf4 found [ 1558.213915][ T5861] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1558.301149][ T5861] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1558.385697][T24817] netlink: 240 bytes leftover after parsing attributes in process `syz.3.5022'. [ 1558.471144][ T5861] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1558.497095][ T43] usb 4-1: USB disconnect, device number 113 [ 1558.511249][ T5861] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1558.695604][ T5861] usb 2-1: config 0 descriptor?? [ 1559.262741][ T5861] plantronics 0003:047F:FFFF.0063: reserved main item tag 0xe [ 1559.278186][ T5861] plantronics 0003:047F:FFFF.0063: unknown main item tag 0x0 [ 1559.297162][ T5861] plantronics 0003:047F:FFFF.0063: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1559.375453][ T5907] usb 4-1: new high-speed USB device number 114 using dummy_hcd [ 1559.594767][ T5907] usb 4-1: Using ep0 maxpacket: 16 [ 1559.624087][ T5907] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1559.710201][ T5907] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1559.737887][ T5907] usb 4-1: Product: syz [ 1559.752976][ T5907] usb 4-1: Manufacturer: syz [ 1559.758411][ T5907] usb 4-1: SerialNumber: syz [ 1559.783714][ T5907] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1559.798665][ T5907] r8152-cfgselector 4-1: config 0 descriptor?? [ 1559.876321][T24856] tipc: Enabling of bearer rejected, already enabled [ 1560.301033][T24858] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1560.376401][T24858] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1560.759889][ T43] r8152-cfgselector 4-1: USB disconnect, device number 114 [ 1560.854696][T14456] usb 2-1: reset high-speed USB device number 110 using dummy_hcd [ 1561.425321][T24878] netlink: 'syz.2.5038': attribute type 4 has an invalid length. [ 1561.452496][T24878] netlink: 'syz.2.5038': attribute type 4 has an invalid length. [ 1562.194542][T14456] usb 2-1: device descriptor read/64, error -71 [ 1562.444534][T14456] usb 2-1: reset high-speed USB device number 110 using dummy_hcd [ 1562.595370][T14456] usb 2-1: device firmware changed [ 1562.603083][ T5907] usb 2-1: USB disconnect, device number 110 [ 1562.638543][T24903] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1562.663160][T24903] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5047'. [ 1562.744807][ T5907] usb 2-1: new high-speed USB device number 111 using dummy_hcd [ 1562.815062][ T5887] usb 5-1: new high-speed USB device number 112 using dummy_hcd [ 1562.899091][ T5907] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 1562.909935][ T5907] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1562.948347][ T5907] usb 2-1: config 0 descriptor?? [ 1563.006836][ T5887] usb 5-1: Using ep0 maxpacket: 16 [ 1563.026620][ T5887] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1563.038396][ T5887] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1563.051167][ T5887] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 1563.064640][ T43] usb 4-1: new high-speed USB device number 115 using dummy_hcd [ 1563.093692][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1563.102266][ T5887] usb 5-1: Product: syz [ 1563.131934][ T5887] usb 5-1: Manufacturer: syz [ 1563.137005][ T5887] usb 5-1: SerialNumber: syz [ 1563.160758][ T5887] usb 5-1: config 0 descriptor?? [ 1563.195613][ T5961] usb 6-1: new high-speed USB device number 83 using dummy_hcd [ 1563.274906][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 1563.292722][ T43] usb 4-1: config 135 has an invalid interface number: 230 but max is 0 [ 1563.307400][ T43] usb 4-1: config 135 has an invalid descriptor of length 0, skipping remainder of the config [ 1563.318722][ T43] usb 4-1: config 135 has no interface number 0 [ 1563.337770][ T43] usb 4-1: config 135 interface 230 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1563.358691][T24914] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5049'. [ 1563.368400][ T5907] ath6kl: Failed to read usb control message: -71 [ 1563.384691][ T5961] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1563.396510][ T5907] ath6kl: Unable to read the bmi data from the device: -71 [ 1563.407559][ T5907] ath6kl: Unable to recv target info: -71 [ 1563.414545][ T5961] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1563.427333][ T43] usb 4-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=3f.3a [ 1563.427391][ T5907] ath6kl: Failed to init ath6kl core: -71 [ 1563.455989][ T5961] usb 6-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 1563.462914][ T5907] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 1563.469817][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1563.480208][ T5907] usb 2-1: USB disconnect, device number 111 [ 1563.510164][ T5961] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1563.518479][ T43] usb 4-1: Product: syz [ 1563.523833][ T43] usb 4-1: Manufacturer: syz [ 1563.529576][ T5961] usb 6-1: config 0 descriptor?? [ 1563.535349][ T43] usb 4-1: SerialNumber: syz [ 1563.561896][ T43] uvcvideo 4-1:135.230: Found Unit with invalid ID 0 [ 1563.569141][ T43] uvcvideo 4-1:135.230: Found UVC 0.00 device syz (18ec:3288) [ 1563.590918][ T43] uvcvideo 4-1:135.230: No valid video chain found. [ 1563.919039][T24908] netlink: 'syz.5.5048': attribute type 1 has an invalid length. [ 1564.081689][T24922] netlink: 28 bytes leftover after parsing attributes in process `syz.5.5048'. [ 1564.109690][T24908] bond3: entered promiscuous mode [ 1564.117408][T24908] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1564.138842][T24922] bond3: entered allmulticast mode [ 1564.232357][T24908] bond3: (slave bridge1): making interface the new active one [ 1564.245178][T24908] bridge1: entered promiscuous mode [ 1564.250926][T24908] bridge1: entered allmulticast mode [ 1564.330443][T24908] bond3: (slave bridge1): Enslaving as an active interface with an up link [ 1564.414494][ T43] usb 2-1: new high-speed USB device number 112 using dummy_hcd [ 1564.574234][ T43] usb 2-1: Using ep0 maxpacket: 16 [ 1564.589404][ T43] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1564.603685][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1564.618718][ T43] usb 2-1: Product: syz [ 1564.622934][ T43] usb 2-1: Manufacturer: syz [ 1564.630205][ T43] usb 2-1: SerialNumber: syz [ 1564.646235][ T43] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1564.659395][ T43] r8152-cfgselector 2-1: config 0 descriptor?? [ 1565.169777][T24941] FAULT_INJECTION: forcing a failure. [ 1565.169777][T24941] name failslab, interval 1, probability 0, space 0, times 0 [ 1565.184377][T24941] CPU: 0 UID: 0 PID: 24941 Comm: syz.2.5055 Not tainted syzkaller #0 PREEMPT(full) [ 1565.184401][T24941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1565.184411][T24941] Call Trace: [ 1565.184418][T24941] [ 1565.184426][T24941] dump_stack_lvl+0x189/0x250 [ 1565.184452][T24941] ? __pfx____ratelimit+0x10/0x10 [ 1565.184473][T24941] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1565.184495][T24941] ? __pfx__printk+0x10/0x10 [ 1565.184519][T24941] ? __pfx___might_resched+0x10/0x10 [ 1565.184542][T24941] should_fail_ex+0x414/0x560 [ 1565.184571][T24941] should_failslab+0xa8/0x100 [ 1565.184590][T24941] __kmalloc_noprof+0xcb/0x7f0 [ 1565.184614][T24941] ? __keyctl_dh_compute+0x326/0xca0 [ 1565.184643][T24941] __keyctl_dh_compute+0x326/0xca0 [ 1565.184670][T24941] ? __might_fault+0xb0/0x130 [ 1565.184695][T24941] ? __pfx___keyctl_dh_compute+0x10/0x10 [ 1565.184728][T24941] ? __lock_acquire+0xab9/0xd20 [ 1565.184772][T24941] keyctl_dh_compute+0x109/0x160 [ 1565.184791][T24941] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1565.184813][T24941] ? __pfx_keyctl_dh_compute+0x10/0x10 [ 1565.184830][T24941] ? vfs_write+0x956/0xb30 [ 1565.184875][T24941] __se_sys_keyctl+0x423/0x910 [ 1565.184899][T24941] ? __pfx___se_sys_keyctl+0x10/0x10 [ 1565.184924][T24941] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1565.184953][T24941] ? __fget_files+0x3a0/0x420 [ 1565.184975][T24941] ? fput+0xa0/0xd0 [ 1565.184994][T24941] ? ksys_write+0x22a/0x250 [ 1565.185018][T24941] ? __pfx_ksys_write+0x10/0x10 [ 1565.185045][T24941] ? do_syscall_64+0xbe/0xfa0 [ 1565.185066][T24941] ? __x64_sys_keyctl+0x20/0xc0 [ 1565.185089][T24941] do_syscall_64+0xfa/0xfa0 [ 1565.185110][T24941] ? lockdep_hardirqs_on+0x9c/0x150 [ 1565.185132][T24941] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1565.185149][T24941] ? clear_bhb_loop+0x60/0xb0 [ 1565.185170][T24941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1565.185188][T24941] RIP: 0033:0x7f6193f8efc9 [ 1565.185204][T24941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1565.185223][T24941] RSP: 002b:00007f6194d47038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1565.185242][T24941] RAX: ffffffffffffffda RBX: 00007f61941e6180 RCX: 00007f6193f8efc9 [ 1565.185255][T24941] RDX: 00002000000000c0 RSI: 0000200000000140 RDI: 0000000000000017 [ 1565.185268][T24941] RBP: 00007f6194d47090 R08: 0000000000000000 R09: 0000000000000000 [ 1565.185280][T24941] R10: fffffffffffffe4f R11: 0000000000000246 R12: 0000000000000001 [ 1565.185291][T24941] R13: 00007f61941e6218 R14: 00007f61941e6180 R15: 00007f619430fa28 [ 1565.185322][T24941] [ 1565.530507][T24943] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1565.539505][T24943] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1565.849207][ T5907] r8152-cfgselector 2-1: USB disconnect, device number 112 [ 1565.885084][ T5961] usb 6-1: USB disconnect, device number 83 [ 1566.018487][ T5861] usb 5-1: USB disconnect, device number 112 [ 1566.043664][ T43] usb 4-1: USB disconnect, device number 115 [ 1566.784855][ T5861] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 1567.108286][ T5861] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00 [ 1567.303481][ T5861] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1567.356815][ T5861] usb 2-1: Product: syz [ 1567.363675][ T5861] usb 2-1: SerialNumber: syz [ 1567.376621][ T5861] usb 2-1: config 0 descriptor?? [ 1567.645975][ T5861] hso 2-1:0.0: Failed to find BULK IN ep [ 1567.863403][ T5887] usb 2-1: USB disconnect, device number 113 [ 1568.480873][ T5887] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 1568.795883][T24981] sch_tbf: burst 2 is lower than device lo mtu (11337746) ! [ 1568.803433][ T5887] usb 3-1: device descriptor read/64, error -71 [ 1568.913353][T24985] sch_tbf: burst 2 is lower than device lo mtu (11337746) ! [ 1568.928081][T24987] netlink: 6040 bytes leftover after parsing attributes in process `syz.1.5069'. [ 1568.939439][T24981] fuse: Bad value for 'user_id' [ 1568.946235][T24981] fuse: Bad value for 'user_id' [ 1568.952865][T24985] sch_tbf: burst 2 is lower than device lo mtu (11337746) ! [ 1569.025854][T24981] fuse: Unknown parameter 'fsuuid' [ 1569.074671][ T5861] usb 6-1: new high-speed USB device number 84 using dummy_hcd [ 1569.104336][ T5887] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 1569.262178][ T5887] usb 3-1: device descriptor read/64, error -71 [ 1569.379838][ T5861] usb 6-1: Using ep0 maxpacket: 16 [ 1569.387565][ T5861] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1569.405124][ T5861] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1569.416100][ T5887] usb usb3-port1: attempt power cycle [ 1569.448044][ T5861] usb 6-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 1569.458254][ T5861] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1569.511136][ T5861] usb 6-1: Product: syz [ 1569.516331][ T5861] usb 6-1: Manufacturer: syz [ 1569.520978][ T5861] usb 6-1: SerialNumber: syz [ 1569.529608][ T5861] usb 6-1: config 0 descriptor?? [ 1569.824498][ T5887] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1569.891977][T25003] netlink: 'syz.4.5077': attribute type 3 has an invalid length. [ 1570.006305][ T5887] usb 3-1: device descriptor read/8, error -71 [ 1570.334632][ T89] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 1570.591505][ T89] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 1570.600839][ T89] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1570.629594][ T89] usb 2-1: config 0 descriptor?? [ 1571.084096][ T89] ath6kl: Failed to read usb control message: -71 [ 1571.101206][ T89] ath6kl: Unable to read the bmi data from the device: -71 [ 1571.123704][ T89] ath6kl: Unable to recv target info: -71 [ 1571.148865][ T89] ath6kl: Failed to init ath6kl core: -71 [ 1571.168424][ T89] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 1571.208231][ T89] usb 2-1: USB disconnect, device number 114 [ 1571.889412][T25033] FAULT_INJECTION: forcing a failure. [ 1571.889412][T25033] name failslab, interval 1, probability 0, space 0, times 0 [ 1571.998859][T25033] CPU: 1 UID: 0 PID: 25033 Comm: syz.4.5083 Not tainted syzkaller #0 PREEMPT(full) [ 1571.998888][T25033] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1571.998898][T25033] Call Trace: [ 1571.998906][T25033] [ 1571.998913][T25033] dump_stack_lvl+0x189/0x250 [ 1571.998940][T25033] ? __pfx____ratelimit+0x10/0x10 [ 1571.998961][T25033] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1571.998983][T25033] ? __pfx__printk+0x10/0x10 [ 1571.999002][T25033] ? __pfx___might_resched+0x10/0x10 [ 1571.999021][T25033] ? fs_reclaim_acquire+0x7d/0x100 [ 1571.999050][T25033] should_fail_ex+0x414/0x560 [ 1571.999078][T25033] should_failslab+0xa8/0x100 [ 1571.999095][T25033] __kmalloc_cache_noprof+0x6f/0x6f0 [ 1571.999111][T25033] ? rtnl_newlink+0xfb/0x1c80 [ 1571.999126][T25033] ? kasan_save_track+0x4f/0x80 [ 1571.999141][T25033] rtnl_newlink+0xfb/0x1c80 [ 1571.999154][T25033] ? netlink_deliver_tap+0x19c/0x1b0 [ 1571.999163][T25033] ? netlink_unicast+0x7fa/0x9e0 [ 1571.999175][T25033] ? netlink_sendmsg+0x805/0xb30 [ 1571.999183][T25033] ? __sock_sendmsg+0x21c/0x270 [ 1571.999194][T25033] ? ____sys_sendmsg+0x505/0x830 [ 1571.999203][T25033] ? ___sys_sendmsg+0x21f/0x2a0 [ 1571.999213][T25033] ? __x64_sys_sendmsg+0x19b/0x260 [ 1571.999226][T25033] ? do_syscall_64+0xfa/0xfa0 [ 1571.999250][T25033] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1571.999273][T25033] ? __pfx_rtnl_newlink+0x10/0x10 [ 1571.999307][T25033] ? kasan_quarantine_put+0xdd/0x220 [ 1571.999321][T25033] ? lockdep_hardirqs_on+0x9c/0x150 [ 1571.999337][T25033] ? nlmon_xmit+0xb0/0x100 [ 1571.999347][T25033] ? kmem_cache_free+0x19b/0x690 [ 1571.999365][T25033] ? __local_bh_enable_ip+0x12d/0x1c0 [ 1571.999375][T25033] ? lockdep_hardirqs_on+0x9c/0x150 [ 1571.999388][T25033] ? __local_bh_enable_ip+0x12d/0x1c0 [ 1571.999397][T25033] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1571.999409][T25033] ? __dev_queue_xmit+0x27b/0x3b50 [ 1571.999421][T25033] ? __dev_queue_xmit+0x27b/0x3b50 [ 1571.999430][T25033] ? __dev_queue_xmit+0x27b/0x3b50 [ 1571.999441][T25033] ? __dev_queue_xmit+0x1d79/0x3b50 [ 1571.999451][T25033] ? kasan_save_track+0x3e/0x80 [ 1571.999463][T25033] ? __kasan_slab_alloc+0x6c/0x80 [ 1571.999478][T25033] ? __lock_acquire+0xab9/0xd20 [ 1571.999500][T25033] ? __pfx_rtnl_newlink+0x10/0x10 [ 1571.999513][T25033] rtnetlink_rcv_msg+0x7cf/0xb70 [ 1571.999543][T25033] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 1571.999556][T25033] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1571.999568][T25033] ? ref_tracker_free+0x63a/0x7d0 [ 1571.999578][T25033] ? __asan_memcpy+0x40/0x70 [ 1571.999589][T25033] ? __pfx_ref_tracker_free+0x10/0x10 [ 1571.999597][T25033] ? __skb_clone+0x63/0x7a0 [ 1571.999612][T25033] netlink_rcv_skb+0x208/0x470 [ 1571.999627][T25033] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1571.999641][T25033] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1571.999661][T25033] ? netlink_deliver_tap+0x2e/0x1b0 [ 1571.999674][T25033] netlink_unicast+0x82f/0x9e0 [ 1571.999692][T25033] ? __pfx_netlink_unicast+0x10/0x10 [ 1571.999705][T25033] ? netlink_sendmsg+0x642/0xb30 [ 1571.999714][T25033] ? skb_put+0x11b/0x210 [ 1571.999725][T25033] netlink_sendmsg+0x805/0xb30 [ 1571.999739][T25033] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1571.999750][T25033] ? aa_sock_msg_perm+0xf1/0x1d0 [ 1571.999765][T25033] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1571.999775][T25033] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1571.999785][T25033] __sock_sendmsg+0x21c/0x270 [ 1571.999799][T25033] ____sys_sendmsg+0x505/0x830 [ 1571.999812][T25033] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1571.999827][T25033] ? import_iovec+0x74/0xa0 [ 1571.999841][T25033] ___sys_sendmsg+0x21f/0x2a0 [ 1571.999853][T25033] ? __pfx____sys_sendmsg+0x10/0x10 [ 1571.999881][T25033] ? __fget_files+0x2a/0x420 [ 1571.999890][T25033] ? __fget_files+0x3a0/0x420 [ 1571.999904][T25033] __x64_sys_sendmsg+0x19b/0x260 [ 1571.999915][T25033] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1571.999931][T25033] ? __pfx_ksys_write+0x10/0x10 [ 1571.999946][T25033] ? do_syscall_64+0xbe/0xfa0 [ 1571.999960][T25033] do_syscall_64+0xfa/0xfa0 [ 1571.999971][T25033] ? lockdep_hardirqs_on+0x9c/0x150 [ 1571.999983][T25033] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1571.999996][T25033] ? clear_bhb_loop+0x60/0xb0 [ 1572.000008][T25033] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1572.000017][T25033] RIP: 0033:0x7fc4b558efc9 [ 1572.000027][T25033] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1572.000036][T25033] RSP: 002b:00007fc4b6380038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1572.000048][T25033] RAX: ffffffffffffffda RBX: 00007fc4b57e5fa0 RCX: 00007fc4b558efc9 [ 1572.000056][T25033] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 1572.000063][T25033] RBP: 00007fc4b6380090 R08: 0000000000000000 R09: 0000000000000000 [ 1572.000069][T25033] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1572.000075][T25033] R13: 00007fc4b57e6038 R14: 00007fc4b57e5fa0 R15: 00007fc4b590fa28 [ 1572.000091][T25033] [ 1573.009740][T14456] usb 6-1: USB disconnect, device number 84 [ 1573.213478][T25041] netlink: 14 bytes leftover after parsing attributes in process `syz.4.5086'. [ 1573.825108][T25064] program syz.4.5091 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1573.845832][T25064] netlink: 'syz.4.5091': attribute type 10 has an invalid length. [ 1573.854001][T25064] netlink: 40 bytes leftover after parsing attributes in process `syz.4.5091'. [ 1573.889500][T25064] batman_adv: batadv0: Adding interface: virt_wifi0 [ 1573.899679][T25064] batman_adv: batadv0: The MTU of interface virt_wifi0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1573.957944][T25064] batman_adv: batadv0: Interface activated: virt_wifi0 [ 1574.006082][T25063] xt_limit: Overflow, try lower: 268435456/134217728 [ 1574.819524][T25063] netlink: 52 bytes leftover after parsing attributes in process `syz.5.5093'. [ 1575.194278][ T5961] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 1575.298275][T25081] FAULT_INJECTION: forcing a failure. [ 1575.298275][T25081] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1575.354735][T25081] CPU: 1 UID: 0 PID: 25081 Comm: syz.5.5097 Not tainted syzkaller #0 PREEMPT(full) [ 1575.354761][T25081] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1575.354772][T25081] Call Trace: [ 1575.354781][T25081] [ 1575.354790][T25081] dump_stack_lvl+0x189/0x250 [ 1575.354818][T25081] ? __pfx____ratelimit+0x10/0x10 [ 1575.354839][T25081] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1575.354862][T25081] ? __pfx__printk+0x10/0x10 [ 1575.354881][T25081] ? __might_fault+0xb0/0x130 [ 1575.354915][T25081] should_fail_ex+0x414/0x560 [ 1575.354946][T25081] _copy_from_user+0x2d/0xb0 [ 1575.354969][T25081] __sys_connect+0x123/0x440 [ 1575.354995][T25081] ? do_sys_openat2+0x154/0x1c0 [ 1575.355015][T25081] ? __pfx___sys_connect+0x10/0x10 [ 1575.355048][T25081] ? __pfx_ksys_write+0x10/0x10 [ 1575.355075][T25081] __x64_sys_connect+0x7a/0x90 [ 1575.355100][T25081] do_syscall_64+0xfa/0xfa0 [ 1575.355124][T25081] ? lockdep_hardirqs_on+0x9c/0x150 [ 1575.355147][T25081] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1575.355164][T25081] ? clear_bhb_loop+0x60/0xb0 [ 1575.355185][T25081] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1575.355203][T25081] RIP: 0033:0x7f09f3f8efc9 [ 1575.355218][T25081] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1575.355233][T25081] RSP: 002b:00007f09f4dd5038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1575.355253][T25081] RAX: ffffffffffffffda RBX: 00007f09f41e5fa0 RCX: 00007f09f3f8efc9 [ 1575.355267][T25081] RDX: 000000000000000c RSI: 0000200000000000 RDI: 0000000000000003 [ 1575.355279][T25081] RBP: 00007f09f4dd5090 R08: 0000000000000000 R09: 0000000000000000 [ 1575.355291][T25081] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1575.355301][T25081] R13: 00007f09f41e6038 R14: 00007f09f41e5fa0 R15: 00007f09f430fa28 [ 1575.355332][T25081] [ 1575.624294][ T5961] usb 2-1: Using ep0 maxpacket: 16 [ 1575.638404][ T5961] usb 2-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1575.647749][ T5961] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1575.655834][ T5961] usb 2-1: Product: syz [ 1575.659997][ T5961] usb 2-1: Manufacturer: syz [ 1575.664759][ T5961] usb 2-1: SerialNumber: syz [ 1575.678378][ T5961] r8152-cfgselector 2-1: Unknown version 0x0000 [ 1575.694295][ T5961] r8152-cfgselector 2-1: config 0 descriptor?? [ 1576.219559][T25098] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1576.267431][ T5961] usb 4-1: new high-speed USB device number 116 using dummy_hcd [ 1576.313505][T25098] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1576.434365][ T5961] usb 4-1: Using ep0 maxpacket: 16 [ 1576.444859][T14456] usb 6-1: new high-speed USB device number 85 using dummy_hcd [ 1576.466053][ T5961] usb 4-1: config 13 has an invalid interface number: 74 but max is 2 [ 1576.475288][ T5961] usb 4-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config [ 1576.490189][ T5961] usb 4-1: config 13 has 1 interface, different from the descriptor's value: 3 [ 1576.499582][ T5961] usb 4-1: config 13 has no interface number 0 [ 1576.506378][ T5961] usb 4-1: config 13 interface 74 altsetting 220 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 1576.520764][ T5961] usb 4-1: config 13 interface 74 has no altsetting 0 [ 1576.537050][ T5961] usb 4-1: New USB device found, idVendor=0489, idProduct=e145, bcdDevice=6e.84 [ 1576.554357][ T5961] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1576.562381][ T5961] usb 4-1: Product: syz [ 1576.613096][T14456] usb 6-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00 [ 1576.613539][ T89] r8152-cfgselector 2-1: USB disconnect, device number 115 [ 1576.623103][T14456] usb 6-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1576.635526][ T5961] usb 4-1: Manufacturer: 倊 [ 1576.707770][ T5961] usb 4-1: SerialNumber: syz [ 1576.715114][T14456] usb 6-1: Product: syz [ 1576.729899][T14456] usb 6-1: SerialNumber: syz [ 1576.766459][T14456] usb 6-1: config 0 descriptor?? [ 1577.019191][T14456] hso 6-1:0.0: Failed to find BULK IN ep [ 1577.072153][ T5961] option 4-1:13.74: GSM modem (1-port) converter detected [ 1577.103698][ T5961] usb 4-1: USB disconnect, device number 116 [ 1577.119782][ T5961] option 4-1:13.74: device disconnected [ 1577.236959][T14456] usb 6-1: USB disconnect, device number 85 [ 1578.859704][T25132] x_tables: ip_tables: recent.0 match: invalid size 216 (kernel) != (user) 4096 [ 1579.534764][T14456] usb 2-1: new high-speed USB device number 116 using dummy_hcd [ 1579.664526][T14456] usb 2-1: device descriptor read/64, error -71 [ 1579.805253][ T89] usb 4-1: new full-speed USB device number 117 using dummy_hcd [ 1579.904341][T14456] usb 2-1: new high-speed USB device number 117 using dummy_hcd [ 1579.980264][ T89] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1579.990694][ T89] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1579.998675][ T89] usb 4-1: can't read configurations, error -71 [ 1580.098692][T14456] usb 2-1: device descriptor read/64, error -71 [ 1580.215522][T14456] usb usb2-port1: attempt power cycle [ 1580.225833][ T5861] usb 6-1: new high-speed USB device number 86 using dummy_hcd [ 1580.484822][ T5861] usb 6-1: Using ep0 maxpacket: 16 [ 1580.492256][ T5861] usb 6-1: config 3 has an invalid interface number: 155 but max is 0 [ 1580.501353][ T5861] usb 6-1: config 3 has an invalid interface association descriptor of length 3, skipping [ 1580.513585][ T5861] usb 6-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 1580.525788][ T5861] usb 6-1: config 3 has no interface number 0 [ 1580.533416][ T5861] usb 6-1: config 3 interface 155 has no altsetting 0 [ 1580.546867][ T5861] usb 6-1: New USB device found, idVendor=05a9, idProduct=264a, bcdDevice=e5.4c [ 1580.556604][ T5861] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1580.565512][ T5861] usb 6-1: Product: syz [ 1580.747079][T14456] usb 2-1: new high-speed USB device number 118 using dummy_hcd [ 1580.797766][T14456] usb 2-1: device descriptor read/8, error -71 [ 1580.969587][ T5861] usb 6-1: Manufacturer: syz [ 1580.974948][ T5861] usb 6-1: SerialNumber: syz [ 1581.134320][T14456] usb 2-1: new high-speed USB device number 119 using dummy_hcd [ 1581.166647][T14456] usb 2-1: device descriptor read/8, error -71 [ 1581.274347][ T89] usb 4-1: new high-speed USB device number 118 using dummy_hcd [ 1581.315165][T14456] usb usb2-port1: unable to enumerate USB device [ 1581.433430][ T89] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00 [ 1581.444077][ T89] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1581.452397][ T89] usb 4-1: Product: syz [ 1581.458328][ T89] usb 4-1: SerialNumber: syz [ 1581.491170][ T89] usb 4-1: config 0 descriptor?? [ 1581.714998][ T89] hso 4-1:0.0: Failed to find BULK IN ep [ 1581.818865][ T5861] uvcvideo 6-1:3.155: probe with driver uvcvideo failed with error -22 [ 1581.926359][T14456] usb 4-1: USB disconnect, device number 118 [ 1581.975745][T25186] netlink: 'syz.2.5127': attribute type 4 has an invalid length. [ 1582.031083][T25186] netlink: 'syz.2.5127': attribute type 4 has an invalid length. [ 1582.042891][ T5861] usb 6-1: USB disconnect, device number 86 [ 1582.617959][T25192] tipc: Enabled bearer , priority 0 [ 1582.646743][T25192] syzkaller0: entered promiscuous mode [ 1582.666441][T25192] syzkaller0: entered allmulticast mode [ 1582.974288][ T5961] usb 6-1: new high-speed USB device number 87 using dummy_hcd [ 1583.136138][ T5961] usb 6-1: Using ep0 maxpacket: 32 [ 1583.142965][ T5961] usb 6-1: config 0 has an invalid interface number: 130 but max is 0 [ 1583.177578][ T5961] usb 6-1: config 0 has no interface number 0 [ 1583.205286][T25208] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1583.225228][ T5961] usb 6-1: config 0 interface 130 has no altsetting 0 [ 1583.363871][ T5961] usb 6-1: New USB device found, idVendor=1bc7, idProduct=1201, bcdDevice=69.37 [ 1583.379746][T25210] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5136'. [ 1583.476138][T25210] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5136'. [ 1583.491887][ T5961] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1583.534271][ T5961] usb 6-1: Product: syz [ 1583.544511][ T5961] usb 6-1: Manufacturer: syz [ 1583.559110][ T5961] usb 6-1: SerialNumber: syz [ 1583.599170][ T5961] usb 6-1: config 0 descriptor?? [ 1583.641612][T25218] netlink: 96 bytes leftover after parsing attributes in process `syz.1.5139'. [ 1583.812831][T25192] tipc: Resetting bearer [ 1583.835586][ T5961] option 6-1:0.130: GSM modem (1-port) converter detected [ 1583.871442][ T5961] usb 6-1: USB disconnect, device number 87 [ 1583.898466][T25191] tipc: Resetting bearer [ 1583.905698][ T5961] option 6-1:0.130: device disconnected [ 1584.056018][T25191] tipc: Disabling bearer [ 1584.179790][T25238] syzkaller1: entered promiscuous mode [ 1584.194785][T25238] syzkaller1: entered allmulticast mode [ 1584.335174][T25241] hsr0: entered promiscuous mode [ 1584.571111][T25220] hsr0: left promiscuous mode [ 1585.553142][T25261] ip6erspan0: entered promiscuous mode [ 1585.664379][ T89] usb 2-1: new low-speed USB device number 120 using dummy_hcd [ 1586.123825][ T89] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1586.200573][ T89] usb 2-1: config 0 has no interface number 0 [ 1586.226245][ T89] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1586.238199][ T89] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 159, setting to 8 [ 1586.249846][ T89] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 1586.326869][ T89] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1586.339050][ T89] usb 2-1: config 0 descriptor?? [ 1586.405858][T25259] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1586.694832][ T89] iowarrior 2-1:0.1: IOWarrior product=0x1512, serial= interface=1 now attached to iowarrior0 [ 1586.780398][ T89] usb 2-1: USB disconnect, device number 120 [ 1589.054323][ T89] usb 4-1: new high-speed USB device number 119 using dummy_hcd [ 1589.229434][ T89] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1589.263923][ T89] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1589.608796][ T89] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1589.617986][ T89] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1589.640773][ T89] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1589.651216][ T89] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1589.674370][ T89] usb 4-1: Product: syz [ 1589.678575][ T89] usb 4-1: Manufacturer: syz [ 1589.695116][ T89] cdc_wdm 4-1:1.0: skipping garbage [ 1589.700365][ T89] cdc_wdm 4-1:1.0: skipping garbage [ 1589.705798][ T89] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1589.806166][ T5861] usb 2-1: new high-speed USB device number 121 using dummy_hcd [ 1589.908874][ T89] usb 4-1: USB disconnect, device number 119 [ 1589.974088][ T5861] usb 2-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 1589.985241][ T5861] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1589.993325][ T5861] usb 2-1: Product: syz [ 1590.006144][ T5861] usb 2-1: Manufacturer: syz [ 1590.024794][ T5861] usb 2-1: SerialNumber: syz [ 1590.035841][ T5861] usb 2-1: config 0 descriptor?? [ 1590.067820][ T5861] hub 2-1:0.0: bad descriptor, ignoring hub [ 1590.105236][ T5861] hub 2-1:0.0: probe with driver hub failed with error -5 [ 1590.257995][ T5861] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 1590.272258][ T5861] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1590.313384][ T5861] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 1590.342930][ T5861] usb 2-1: media controller created [ 1590.413326][ T5861] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1590.424654][ T89] usb 4-1: new high-speed USB device number 120 using dummy_hcd [ 1590.491230][ T5861] DVB: Unable to find symbol dib7000p_attach() [ 1590.501872][ T5861] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 1590.594098][ T89] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1590.639068][ T89] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1590.649987][ T89] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1590.700787][ T5861] rc_core: IR keymap rc-dib0700-rc5 not found [ 1590.711267][ T5861] Registered IR keymap rc-empty [ 1590.719677][ T5861] dvb-usb: could not initialize remote control. [ 1590.766105][ T5861] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 1590.779220][ T89] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1590.793971][ T89] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1590.803516][ T89] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1590.853088][T24734] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 1590.854239][ T89] usb 4-1: Product: syz [ 1590.855809][ T5861] usb 2-1: USB disconnect, device number 121 [ 1590.861463][ T89] usb 4-1: Manufacturer: syz [ 1590.931456][ T89] cdc_wdm 4-1:1.0: skipping garbage [ 1591.035044][ T89] cdc_wdm 4-1:1.0: skipping garbage [ 1591.040488][ T89] cdc_wdm 4-1:1.0: probe with driver cdc_wdm failed with error -22 [ 1591.129924][ T5861] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 1593.072903][ T5861] usb 4-1: USB disconnect, device number 120 [ 1593.544303][ T89] usb 4-1: new high-speed USB device number 121 using dummy_hcd [ 1593.700235][ T89] usb 4-1: Using ep0 maxpacket: 16 [ 1593.719816][ T89] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1593.733130][ T89] usb 4-1: config 0 has no interface number 0 [ 1593.745887][ T89] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 1593.764892][ T89] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1593.794665][ T89] usb 4-1: Product: syz [ 1593.798864][ T89] usb 4-1: Manufacturer: syz [ 1593.803464][ T89] usb 4-1: SerialNumber: syz [ 1593.830133][ T89] usb 4-1: config 0 descriptor?? [ 1593.841301][ T89] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 1594.062699][ T89] gspca_spca1528: reg_w err -71 [ 1594.084350][ T89] spca1528 4-1:0.1: probe with driver spca1528 failed with error -71 [ 1594.972714][T25412] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5205'. [ 1595.061716][T25412] : entered promiscuous mode [ 1595.196360][ T89] usb 4-1: USB disconnect, device number 121 [ 1595.874595][ T89] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 1596.082874][ T89] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1596.376226][ T89] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1596.419222][ T89] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1596.558003][ T89] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1596.567531][ T89] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1596.594062][ T89] usb 3-1: config 0 descriptor?? [ 1596.626176][T25424] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.5210'. [ 1597.026400][ T89] plantronics 0003:047F:FFFF.0064: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1597.319960][T25448] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5220'. [ 1597.536606][ T5861] usb 3-1: USB disconnect, device number 30 [ 1597.654223][ T89] usb 4-1: new high-speed USB device number 122 using dummy_hcd [ 1597.834524][ T89] usb 4-1: Using ep0 maxpacket: 8 [ 1597.846213][ T89] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 1597.855951][ T89] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1597.864136][ T89] usb 4-1: Product: syz [ 1597.871064][ T89] usb 4-1: Manufacturer: syz [ 1597.876365][ T89] usb 4-1: SerialNumber: syz [ 1597.883287][ T89] usb 4-1: config 0 descriptor?? [ 1598.096635][ T89] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1598.544550][ T89] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1598.563980][ T89] usb 4-1: USB disconnect, device number 122 [ 1598.638899][T25476] netlink: 'syz.2.5230': attribute type 4 has an invalid length. [ 1599.142665][T25495] tipc: Enabling of bearer rejected, failed to enable media [ 1601.218127][ T30] kauditd_printk_skb: 22 callbacks suppressed [ 1601.218144][ T30] audit: type=1326 audit(1762041387.716:3181): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28829 comm="syz.2.5241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6193f8efc9 code=0x7ffc0000 [ 1601.381021][ T30] audit: type=1326 audit(1762041387.716:3182): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28829 comm="syz.2.5241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6193f8efc9 code=0x7ffc0000 [ 1601.463501][ T30] audit: type=1326 audit(1762041387.716:3183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28829 comm="syz.2.5241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f6193f8efc9 code=0x7ffc0000 [ 1601.593644][ T30] audit: type=1326 audit(1762041387.716:3184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28829 comm="syz.2.5241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6193f8efc9 code=0x7ffc0000 [ 1601.680636][ T30] audit: type=1326 audit(1762041387.716:3185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28829 comm="syz.2.5241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=286 compat=0 ip=0x7f6193f8efc9 code=0x7ffc0000 [ 1602.045949][T20657] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 1602.091673][ T30] audit: type=1326 audit(1762041387.716:3186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28829 comm="syz.2.5241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6193f8efc9 code=0x7ffc0000 [ 1602.125754][ T30] audit: type=1326 audit(1762041387.716:3187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28829 comm="syz.2.5241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f6193f8d9dc code=0x7ffc0000 [ 1602.157387][ T30] audit: type=1326 audit(1762041387.806:3188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28829 comm="syz.2.5241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f6193f8da7f code=0x7ffc0000 [ 1602.182806][ T30] audit: type=1326 audit(1762041387.806:3189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28829 comm="syz.2.5241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6193f8efc9 code=0x7ffc0000 [ 1602.239061][ T30] audit: type=1326 audit(1762041387.806:3190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=28829 comm="syz.2.5241" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f6193f8efc9 code=0x7ffc0000 [ 1603.588366][T28873] tipc: Enabled bearer , priority 0 [ 1603.616335][T28873] syzkaller0: entered promiscuous mode [ 1603.644836][T28873] syzkaller0: entered allmulticast mode [ 1603.761826][T28873] tipc: Resetting bearer [ 1603.819635][T28871] tipc: Resetting bearer [ 1603.895090][T28871] tipc: Disabling bearer [ 1604.018242][T28891] tipc: Resetting bearer [ 1604.023699][T28891] tipc: Resetting bearer [ 1604.037717][T28891] bridge0: port 1(bridge_slave_0) entered disabled state [ 1604.066103][T28891] bridge0: port 2(bridge_slave_1) entered disabled state [ 1605.169041][T28912] bridge_slave_0: mtu less than device minimum [ 1606.614722][ T89] usb 4-1: new high-speed USB device number 123 using dummy_hcd [ 1606.864232][ T89] usb 4-1: Using ep0 maxpacket: 8 [ 1607.129493][ T89] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 1607.329983][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.336451][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.423235][ T89] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1607.454247][ T89] usb 4-1: Product: syz [ 1607.458454][ T89] usb 4-1: Manufacturer: syz [ 1607.489086][ T89] usb 4-1: SerialNumber: syz [ 1607.522268][ T89] usb 4-1: config 0 descriptor?? [ 1607.746158][ T89] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1607.963100][ T89] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1608.078820][ T89] usb 4-1: USB disconnect, device number 123 [ 1609.014467][T20657] Bluetooth: hci4: unexpected event for opcode 0x2027 [ 1609.224752][T28995] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1609.358289][T29001] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1609.720909][T29008] input: syz1 as /devices/virtual/input/input138 [ 1610.892161][T20657] Bluetooth: hci0: unexpected event for opcode 0x2027 [ 1611.212477][ T5907] usb 6-1: new high-speed USB device number 88 using dummy_hcd [ 1611.393293][ T5907] usb 6-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 1611.413332][ T5907] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1611.426906][ T5907] usb 6-1: Product: syz [ 1611.431358][ T5907] usb 6-1: Manufacturer: syz [ 1611.442669][ T5907] usb 6-1: SerialNumber: syz [ 1611.470657][ T5907] usb 6-1: config 0 descriptor?? [ 1611.493885][ T5907] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 1611.503501][T29037] loop6: detected capacity change from 0 to 524287999 [ 1611.504318][ T89] usb 2-1: new high-speed USB device number 122 using dummy_hcd [ 1611.518347][ T5907] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1611.572685][T29037] Buffer I/O error on dev loop6, logical block 0, async page read [ 1611.594449][T29037] Buffer I/O error on dev loop6, logical block 0, async page read [ 1611.603149][T29037] Buffer I/O error on dev loop6, logical block 0, async page read [ 1611.614686][T29037] Buffer I/O error on dev loop6, logical block 0, async page read [ 1611.623450][ T5907] dvbdev: DVB: registering new adapter (Nebula Electronics uDigiTV DVB-T USB2.0)) [ 1611.629399][T29037] Buffer I/O error on dev loop6, logical block 0, async page read [ 1611.640839][ T5907] usb 6-1: media controller created [ 1611.656899][T29037] Buffer I/O error on dev loop6, logical block 0, async page read [ 1611.667340][T29037] Buffer I/O error on dev loop6, logical block 0, async page read [ 1611.684042][T29037] Buffer I/O error on dev loop6, logical block 0, async page read [ 1611.693060][T29037] ldm_validate_partition_table(): Disk read failed. [ 1611.702277][T29037] Buffer I/O error on dev loop6, logical block 0, async page read [ 1611.711196][ T5907] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1611.711904][T29037] Buffer I/O error on dev loop6, logical block 0, async page read [ 1611.728625][ T89] usb 2-1: Using ep0 maxpacket: 32 [ 1611.786320][T29037] Dev loop6: unable to read RDB block 0 [ 1611.986172][ T89] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 1612.004463][ T89] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1612.044782][ T89] usb 2-1: Product: syz [ 1612.048982][ T89] usb 2-1: Manufacturer: syz [ 1612.068894][T29037] loop6: unable to read partition table [ 1612.103028][T29037] loop_reread_partitions: partition scan of loop6 (3Ÿ ¾x³˜CÖ) failed (rc=-5) [ 1612.112358][ T89] usb 2-1: SerialNumber: syz [ 1612.126840][ T5907] DVB: Unable to find symbol mt352_attach() [ 1612.164789][ T89] usb 2-1: config 0 descriptor?? [ 1612.196208][ T89] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 1612.212460][ T5907] DVB: Unable to find symbol nxt6000_attach() [ 1612.247506][ T5198] ldm_validate_partition_table(): Disk read failed. [ 1612.266667][ T5907] dvb-usb: no frontend was attached by 'Nebula Electronics uDigiTV DVB-T USB2.0)' [ 1612.295509][ T5198] Dev loop6: unable to read RDB block 0 [ 1612.301701][ T5198] loop6: unable to read partition table [ 1612.321126][ T5907] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input139 [ 1612.447998][ T5907] dvb-usb: schedule remote query interval to 1000 msecs. [ 1612.479666][ T5907] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) successfully initialized and connected. [ 1612.514763][ T5907] dvb-usb: bulk message failed: -22 (7/0) [ 1612.536887][ T5907] dvb-usb: bulk message failed: -22 (7/0) [ 1612.547632][ T5907] usb 6-1: USB disconnect, device number 88 [ 1612.677087][ T5907] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0 successfully deinitialized and disconnected. [ 1612.726930][T20657] Bluetooth: hci1: unexpected event for opcode 0x0000 [ 1613.277664][T20657] Bluetooth: hci3: unexpected event for opcode 0x2027 [ 1613.624647][ T89] gspca_topro: reg_r err -71 [ 1613.629312][ T89] gspca_topro: Sensor soi763a [ 1613.656711][ T89] usb 2-1: USB disconnect, device number 122 [ 1613.856699][T29075] netlink: 4 bytes leftover after parsing attributes in process `syz.5.5326'. [ 1614.228283][T29082] tipc: Enabling of bearer rejected, already enabled [ 1614.237560][T29082] tipc: Enabled bearer , priority 0 [ 1615.449546][T29106] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1615.834361][ T5961] usb 3-1: new full-speed USB device number 31 using dummy_hcd [ 1616.012142][ T5961] usb 3-1: config 0 has an invalid interface number: 113 but max is 0 [ 1616.091908][ T5961] usb 3-1: config 0 has no interface number 0 [ 1616.137144][ T5961] usb 3-1: config 0 interface 113 altsetting 2 has an endpoint descriptor with address 0x14, changing to 0x4 [ 1616.268177][ T5961] usb 3-1: config 0 interface 113 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1616.343582][T29114] binder: 29113:29114 ioctl 4018620d 0 returned -22 [ 1616.354496][ C1] [ 1616.356849][ C1] ======================================================== [ 1616.364042][ C1] WARNING: possible irq lock inversion dependency detected [ 1616.371231][ C1] syzkaller #0 Not tainted [ 1616.375634][ C1] -------------------------------------------------------- [ 1616.382811][ C1] syz.4.5339/29113 just changed the state of lock: [ 1616.389298][ C1] ffff888029769230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340 [ 1616.399004][ C1] but this lock took another, SOFTIRQ-READ-unsafe lock in the past: [ 1616.406964][ C1] (tasklist_lock){.+.+}-{3:3} [ 1616.406989][ C1] [ 1616.406989][ C1] [ 1616.406989][ C1] and interrupts could create inverse lock ordering between them. [ 1616.406989][ C1] [ 1616.426021][ C1] [ 1616.426021][ C1] other info that might help us debug this: [ 1616.434075][ C1] Chain exists of: [ 1616.434075][ C1] &dev->event_lock#2 --> kbd_event_lock --> tasklist_lock [ 1616.434075][ C1] [ 1616.447110][ C1] Possible interrupt unsafe locking scenario: [ 1616.447110][ C1] [ 1616.455418][ C1] CPU0 CPU1 [ 1616.460775][ C1] ---- ---- [ 1616.466120][ C1] lock(tasklist_lock); [ 1616.470351][ C1] local_irq_disable(); [ 1616.477089][ C1] lock(&dev->event_lock#2); [ 1616.484288][ C1] lock(kbd_event_lock); [ 1616.491150][ C1] [ 1616.494599][ C1] lock(&dev->event_lock#2); [ 1616.499802][ C1] [ 1616.499802][ C1] *** DEADLOCK *** [ 1616.499802][ C1] [ 1616.507931][ C1] 1 lock held by syz.4.5339/29113: [ 1616.513024][ C1] #0: ffffffff8df3d620 (rcu_read_lock){....}-{1:3}, at: led_trigger_event+0x4b/0x210 [ 1616.522591][ C1] [ 1616.522591][ C1] the shortest dependencies between 2nd lock and 1st lock: [ 1616.531955][ C1] -> (tasklist_lock){.+.+}-{3:3} { [ 1616.537505][ C1] HARDIRQ-ON-R at: [ 1616.541918][ C1] lock_acquire+0x120/0x360 [ 1616.548926][ C1] _raw_read_lock+0x36/0x50 [ 1616.555938][ C1] __do_wait+0xde/0x740 [ 1616.562608][ C1] do_wait+0x1f8/0x510 [ 1616.569204][ C1] kernel_wait+0xab/0x170 [ 1616.576047][ C1] call_usermodehelper_exec_work+0xbe/0x230 [ 1616.584452][ C1] process_scheduled_works+0xae1/0x17b0 [ 1616.592552][ C1] worker_thread+0x8a0/0xda0 [ 1616.599651][ C1] kthread+0x711/0x8a0 [ 1616.606233][ C1] ret_from_fork+0x4bc/0x870 [ 1616.613341][ C1] ret_from_fork_asm+0x1a/0x30 [ 1616.620612][ C1] SOFTIRQ-ON-R at: [ 1616.625021][ C1] lock_acquire+0x120/0x360 [ 1616.632028][ C1] _raw_read_lock+0x36/0x50 [ 1616.639036][ C1] __do_wait+0xde/0x740 [ 1616.645703][ C1] do_wait+0x1f8/0x510 [ 1616.652284][ C1] kernel_wait+0xab/0x170 [ 1616.659121][ C1] call_usermodehelper_exec_work+0xbe/0x230 [ 1616.667608][ C1] process_scheduled_works+0xae1/0x17b0 [ 1616.675662][ C1] worker_thread+0x8a0/0xda0 [ 1616.682759][ C1] kthread+0x711/0x8a0 [ 1616.689351][ C1] ret_from_fork+0x4bc/0x870 [ 1616.696457][ C1] ret_from_fork_asm+0x1a/0x30 [ 1616.703728][ C1] INITIAL USE at: [ 1616.708049][ C1] lock_acquire+0x120/0x360 [ 1616.714970][ C1] _raw_write_lock_irq+0xa2/0xf0 [ 1616.722330][ C1] copy_process+0x224f/0x3c00 [ 1616.729429][ C1] kernel_clone+0x21e/0x840 [ 1616.736352][ C1] user_mode_thread+0xdd/0x140 [ 1616.743542][ C1] rest_init+0x23/0x300 [ 1616.750114][ C1] start_kernel+0x3ae/0x410 [ 1616.757040][ C1] x86_64_start_reservations+0x24/0x30 [ 1616.764922][ C1] x86_64_start_kernel+0x143/0x1c0 [ 1616.772459][ C1] common_startup_64+0x13e/0x147 [ 1616.779821][ C1] INITIAL READ USE at: [ 1616.784578][ C1] lock_acquire+0x120/0x360 [ 1616.791946][ C1] _raw_read_lock+0x36/0x50 [ 1616.799303][ C1] __do_wait+0xde/0x740 [ 1616.806343][ C1] do_wait+0x1f8/0x510 [ 1616.813275][ C1] kernel_wait+0xab/0x170 [ 1616.820463][ C1] call_usermodehelper_exec_work+0xbe/0x230 [ 1616.829210][ C1] process_scheduled_works+0xae1/0x17b0 [ 1616.837614][ C1] worker_thread+0x8a0/0xda0 [ 1616.845057][ C1] kthread+0x711/0x8a0 [ 1616.851983][ C1] ret_from_fork+0x4bc/0x870 [ 1616.859426][ C1] ret_from_fork_asm+0x1a/0x30 [ 1616.867047][ C1] } [ 1616.869972][ C1] ... key at: [] tasklist_lock+0x18/0x40 [ 1616.878213][ C1] ... acquired at: [ 1616.882438][ C1] lock_acquire+0x120/0x360 [ 1616.887103][ C1] _raw_read_lock+0x36/0x50 [ 1616.891777][ C1] send_sigurg+0x12b/0x420 [ 1616.896367][ C1] sk_send_sigurg+0x6c/0x2e0 [ 1616.901126][ C1] queue_oob+0x420/0x4f0 [ 1616.905536][ C1] unix_stream_sendmsg+0xc3f/0xdf0 [ 1616.910808][ C1] __sock_sendmsg+0x21c/0x270 [ 1616.915646][ C1] ____sys_sendmsg+0x505/0x830 [ 1616.920571][ C1] ___sys_sendmsg+0x21f/0x2a0 [ 1616.925406][ C1] __x64_sys_sendmsg+0x19b/0x260 [ 1616.930504][ C1] do_syscall_64+0xfa/0xfa0 [ 1616.935174][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1616.941229][ C1] [ 1616.943539][ C1] -> (&f_owner->lock){.-..}-{3:3} { [ 1616.949085][ C1] IN-HARDIRQ-R at: [ 1616.953397][ C1] lock_acquire+0x120/0x360 [ 1616.960242][ C1] _raw_read_lock_irqsave+0xaf/0x100 [ 1616.967955][ C1] send_sigio+0x38/0x370 [ 1616.974625][ C1] kill_fasync+0x24d/0x4d0 [ 1616.981383][ C1] tty_wakeup+0xbe/0x100 [ 1616.987964][ C1] tty_port_default_wakeup+0xfb/0x170 [ 1616.995672][ C1] serial8250_tx_chars+0x72e/0x970 [ 1617.003123][ C1] serial8250_handle_irq+0x633/0xbb0 [ 1617.010748][ C1] serial8250_default_handle_irq+0xbf/0x200 [ 1617.018972][ C1] serial8250_interrupt+0x8d/0x180 [ 1617.026419][ C1] __handle_irq_event_percpu+0x295/0xab0 [ 1617.034391][ C1] handle_irq_event+0x8b/0x1e0 [ 1617.041541][ C1] handle_edge_irq+0x23b/0xa10 [ 1617.048638][ C1] __common_interrupt+0x141/0x1f0 [ 1617.056005][ C1] common_interrupt+0xb6/0xe0 [ 1617.063016][ C1] asm_common_interrupt+0x26/0x40 [ 1617.070372][ C1] __sanitizer_cov_trace_const_cmp8+0x37/0x90 [ 1617.078770][ C1] unmap_page_range+0x160f/0x4370 [ 1617.086128][ C1] unmap_vmas+0x399/0x580 [ 1617.092791][ C1] exit_mmap+0x240/0xb40 [ 1617.099375][ C1] __mmput+0x118/0x430 [ 1617.105782][ C1] exit_mm+0x1da/0x2c0 [ 1617.112189][ C1] do_exit+0x648/0x2300 [ 1617.118684][ C1] do_group_exit+0x21c/0x2d0 [ 1617.125611][ C1] get_signal+0x1285/0x1340 [ 1617.132446][ C1] arch_do_signal_or_restart+0xa0/0x790 [ 1617.140328][ C1] exit_to_user_mode_loop+0x72/0x130 [ 1617.147947][ C1] do_syscall_64+0x2bd/0xfa0 [ 1617.154875][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.163159][ C1] INITIAL USE at: [ 1617.167396][ C1] lock_acquire+0x120/0x360 [ 1617.174154][ C1] _raw_write_lock_irq+0xa2/0xf0 [ 1617.181359][ C1] __f_setown+0x67/0x370 [ 1617.187849][ C1] tty_fasync+0x2dc/0x350 [ 1617.194424][ C1] do_fcntl+0x1099/0x1910 [ 1617.201012][ C1] __se_sys_fcntl+0xc8/0x150 [ 1617.207848][ C1] do_syscall_64+0xfa/0xfa0 [ 1617.214598][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.222737][ C1] INITIAL READ USE at: [ 1617.227399][ C1] lock_acquire+0x120/0x360 [ 1617.234581][ C1] _raw_read_lock_irqsave+0xaf/0x100 [ 1617.242559][ C1] send_sigio+0x38/0x370 [ 1617.249491][ C1] kill_fasync+0x24d/0x4d0 [ 1617.256589][ C1] lease_break_callback+0x26/0x30 [ 1617.264306][ C1] __break_lease+0x6a5/0x1620 [ 1617.271687][ C1] do_dentry_open+0x8b7/0x13f0 [ 1617.279129][ C1] vfs_open+0x3b/0x340 [ 1617.285879][ C1] path_openat+0x2ee5/0x3830 [ 1617.293162][ C1] do_filp_open+0x1fa/0x410 [ 1617.300360][ C1] do_sys_openat2+0x121/0x1c0 [ 1617.307721][ C1] __x64_sys_openat+0x138/0x170 [ 1617.315256][ C1] do_syscall_64+0xfa/0xfa0 [ 1617.322441][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.331015][ C1] } [ 1617.333849][ C1] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1617.343036][ C1] ... acquired at: [ 1617.347173][ C1] lock_acquire+0x120/0x360 [ 1617.351845][ C1] _raw_read_lock_irqsave+0xaf/0x100 [ 1617.357295][ C1] send_sigio+0x38/0x370 [ 1617.361706][ C1] kill_fasync+0x24d/0x4d0 [ 1617.366288][ C1] lease_break_callback+0x26/0x30 [ 1617.371529][ C1] __break_lease+0x6a5/0x1620 [ 1617.376373][ C1] do_dentry_open+0x8b7/0x13f0 [ 1617.381299][ C1] vfs_open+0x3b/0x340 [ 1617.385533][ C1] path_openat+0x2ee5/0x3830 [ 1617.390287][ C1] do_filp_open+0x1fa/0x410 [ 1617.394953][ C1] do_sys_openat2+0x121/0x1c0 [ 1617.399796][ C1] __x64_sys_openat+0x138/0x170 [ 1617.404829][ C1] do_syscall_64+0xfa/0xfa0 [ 1617.409500][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.415554][ C1] [ 1617.417866][ C1] -> (&new->fa_lock){.-..}-{3:3} { [ 1617.423238][ C1] IN-HARDIRQ-R at: [ 1617.427465][ C1] lock_acquire+0x120/0x360 [ 1617.434125][ C1] _raw_read_lock_irqsave+0xaf/0x100 [ 1617.441577][ C1] kill_fasync+0x199/0x4d0 [ 1617.448154][ C1] tty_wakeup+0xbe/0x100 [ 1617.454566][ C1] tty_port_default_wakeup+0xfb/0x170 [ 1617.462122][ C1] serial8250_tx_chars+0x72e/0x970 [ 1617.469412][ C1] serial8250_handle_irq+0x633/0xbb0 [ 1617.476867][ C1] serial8250_default_handle_irq+0xbf/0x200 [ 1617.485007][ C1] serial8250_interrupt+0x8d/0x180 [ 1617.492283][ C1] __handle_irq_event_percpu+0x295/0xab0 [ 1617.500080][ C1] handle_irq_event+0x8b/0x1e0 [ 1617.507012][ C1] handle_edge_irq+0x23b/0xa10 [ 1617.513940][ C1] __common_interrupt+0x141/0x1f0 [ 1617.521126][ C1] common_interrupt+0xb6/0xe0 [ 1617.527959][ C1] asm_common_interrupt+0x26/0x40 [ 1617.535152][ C1] __sanitizer_cov_trace_const_cmp8+0x37/0x90 [ 1617.543376][ C1] unmap_page_range+0x160f/0x4370 [ 1617.550560][ C1] unmap_vmas+0x399/0x580 [ 1617.557050][ C1] exit_mmap+0x240/0xb40 [ 1617.563456][ C1] __mmput+0x118/0x430 [ 1617.569686][ C1] exit_mm+0x1da/0x2c0 [ 1617.575942][ C1] do_exit+0x648/0x2300 [ 1617.582260][ C1] do_group_exit+0x21c/0x2d0 [ 1617.589010][ C1] get_signal+0x1285/0x1340 [ 1617.595674][ C1] arch_do_signal_or_restart+0xa0/0x790 [ 1617.603387][ C1] exit_to_user_mode_loop+0x72/0x130 [ 1617.610833][ C1] do_syscall_64+0x2bd/0xfa0 [ 1617.617593][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.625656][ C1] INITIAL USE at: [ 1617.629802][ C1] lock_acquire+0x120/0x360 [ 1617.636380][ C1] _raw_write_lock_irq+0xa2/0xf0 [ 1617.643395][ C1] fasync_remove_entry+0xf1/0x1c0 [ 1617.650495][ C1] tty_fasync+0x13c/0x350 [ 1617.656899][ C1] __fput+0x8a2/0xa70 [ 1617.662956][ C1] task_work_run+0x1d4/0x260 [ 1617.669621][ C1] exit_to_user_mode_loop+0xe9/0x130 [ 1617.676982][ C1] do_syscall_64+0x2bd/0xfa0 [ 1617.683650][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.691614][ C1] INITIAL READ USE at: [ 1617.696189][ C1] lock_acquire+0x120/0x360 [ 1617.703200][ C1] _raw_read_lock_irqsave+0xaf/0x100 [ 1617.711005][ C1] kill_fasync+0x199/0x4d0 [ 1617.717932][ C1] lease_break_callback+0x26/0x30 [ 1617.725471][ C1] __break_lease+0x6a5/0x1620 [ 1617.732661][ C1] do_dentry_open+0x8b7/0x13f0 [ 1617.739929][ C1] vfs_open+0x3b/0x340 [ 1617.746506][ C1] path_openat+0x2ee5/0x3830 [ 1617.753606][ C1] do_filp_open+0x1fa/0x410 [ 1617.760655][ C1] do_sys_openat2+0x121/0x1c0 [ 1617.767842][ C1] __x64_sys_openat+0x138/0x170 [ 1617.775202][ C1] do_syscall_64+0xfa/0xfa0 [ 1617.782221][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.790633][ C1] } [ 1617.793379][ C1] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1617.802308][ C1] ... acquired at: [ 1617.806363][ C1] lock_acquire+0x120/0x360 [ 1617.811042][ C1] _raw_read_lock_irqsave+0xaf/0x100 [ 1617.816489][ C1] kill_fasync+0x199/0x4d0 [ 1617.821067][ C1] __start_tty+0x18c/0x220 [ 1617.825648][ C1] start_tty+0x2b/0x70 [ 1617.829877][ C1] n_tty_set_termios+0xa7c/0x1090 [ 1617.835059][ C1] tty_set_termios+0xda4/0x17e0 [ 1617.840072][ C1] set_termios+0x516/0x6c0 [ 1617.844651][ C1] tty_mode_ioctl+0x47e/0x740 [ 1617.849488][ C1] tty_ioctl+0x9c6/0xde0 [ 1617.853894][ C1] __se_sys_ioctl+0xfc/0x170 [ 1617.858650][ C1] do_syscall_64+0xfa/0xfa0 [ 1617.863319][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.869372][ C1] [ 1617.871679][ C1] -> (&tty->flow.lock){....}-{3:3} { [ 1617.877142][ C1] INITIAL USE at: [ 1617.881195][ C1] lock_acquire+0x120/0x360 [ 1617.887600][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1617.894700][ C1] start_tty+0x20/0x70 [ 1617.900672][ C1] n_tty_set_termios+0xa7c/0x1090 [ 1617.907596][ C1] tty_set_termios+0xda4/0x17e0 [ 1617.914360][ C1] set_termios+0x516/0x6c0 [ 1617.920691][ C1] tty_mode_ioctl+0x47e/0x740 [ 1617.927269][ C1] tty_ioctl+0x9c6/0xde0 [ 1617.933419][ C1] __se_sys_ioctl+0xfc/0x170 [ 1617.939911][ C1] do_syscall_64+0xfa/0xfa0 [ 1617.946321][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1617.954128][ C1] } [ 1617.956789][ C1] ... key at: [] alloc_tty_struct.__key.35+0x0/0x20 [ 1617.965629][ C1] ... acquired at: [ 1617.969591][ C1] lock_acquire+0x120/0x360 [ 1617.974260][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1617.979642][ C1] stop_tty+0x2f/0x150 [ 1617.983873][ C1] kbd_event+0x2b72/0x3f70 [ 1617.988453][ C1] input_handle_events_default+0xd4/0x1a0 [ 1617.994344][ C1] input_pass_values+0x288/0x890 [ 1617.999453][ C1] input_event_dispose+0x330/0x6b0 [ 1618.004733][ C1] input_inject_event+0x1dd/0x340 [ 1618.009927][ C1] evdev_write+0x2fc/0x480 [ 1618.014522][ C1] vfs_write+0x27e/0xb30 [ 1618.018946][ C1] ksys_write+0x145/0x250 [ 1618.023442][ C1] do_syscall_64+0xfa/0xfa0 [ 1618.028113][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1618.034166][ C1] [ 1618.036483][ C1] -> (kbd_event_lock){....}-{3:3} { [ 1618.041773][ C1] INITIAL USE at: [ 1618.045744][ C1] lock_acquire+0x120/0x360 [ 1618.051974][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1618.058901][ C1] vt_reset_unicode+0x2b/0x160 [ 1618.065483][ C1] reset_vc+0x68/0x1b0 [ 1618.071280][ C1] vc_init+0x70/0x4a0 [ 1618.076988][ C1] con_init+0x385/0x9c0 [ 1618.082868][ C1] console_init+0x10e/0x430 [ 1618.089096][ C1] start_kernel+0x254/0x410 [ 1618.095369][ C1] x86_64_start_reservations+0x24/0x30 [ 1618.102552][ C1] x86_64_start_kernel+0x143/0x1c0 [ 1618.109390][ C1] common_startup_64+0x13e/0x147 [ 1618.116059][ C1] } [ 1618.118635][ C1] ... key at: [] kbd_event_lock+0x18/0xa0 [ 1618.126580][ C1] ... acquired at: [ 1618.130456][ C1] lock_acquire+0x120/0x360 [ 1618.135123][ C1] _raw_spin_lock+0x2e/0x40 [ 1618.139790][ C1] kbd_event+0xd2/0x3f70 [ 1618.144199][ C1] input_handle_events_default+0xd4/0x1a0 [ 1618.150084][ C1] input_pass_values+0x288/0x890 [ 1618.155183][ C1] input_event_dispose+0x330/0x6b0 [ 1618.160469][ C1] input_inject_event+0x1dd/0x340 [ 1618.165660][ C1] evdev_write+0x2fc/0x480 [ 1618.170240][ C1] vfs_write+0x27e/0xb30 [ 1618.174658][ C1] ksys_write+0x145/0x250 [ 1618.179155][ C1] do_syscall_64+0xfa/0xfa0 [ 1618.183852][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1618.190168][ C1] [ 1618.192475][ C1] -> (&dev->event_lock#2){..-.}-{3:3} { [ 1618.198028][ C1] IN-SOFTIRQ-W at: [ 1618.201996][ C1] lock_acquire+0x120/0x360 [ 1618.208139][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1618.214982][ C1] input_inject_event+0xa5/0x340 [ 1618.221583][ C1] led_trigger_event+0x138/0x210 [ 1618.228166][ C1] kbd_bh+0x1c6/0x2e0 [ 1618.233791][ C1] tasklet_action_common+0x36c/0x580 [ 1618.240719][ C1] handle_softirqs+0x286/0x870 [ 1618.247126][ C1] __irq_exit_rcu+0xca/0x1f0 [ 1618.253363][ C1] irq_exit_rcu+0x9/0x30 [ 1618.259246][ C1] sysvec_apic_timer_interrupt+0x57/0xc0 [ 1618.266522][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1618.274141][ C1] INITIAL USE at: [ 1618.278032][ C1] lock_acquire+0x120/0x360 [ 1618.284084][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1618.290833][ C1] input_inject_event+0xa5/0x340 [ 1618.297339][ C1] kbd_led_trigger_activate+0xbc/0x100 [ 1618.304355][ C1] led_trigger_set+0x52d/0x950 [ 1618.310686][ C1] led_trigger_set_default+0x260/0x2a0 [ 1618.317700][ C1] led_classdev_register_ext+0x73d/0x930 [ 1618.324885][ C1] input_leds_connect+0x517/0x790 [ 1618.331469][ C1] input_register_device+0xd00/0x1140 [ 1618.338396][ C1] atkbd_connect+0x72e/0xa00 [ 1618.344545][ C1] serio_driver_probe+0x82/0xd0 [ 1618.350958][ C1] really_probe+0x26d/0x9e0 [ 1618.357023][ C1] __driver_probe_device+0x18c/0x2f0 [ 1618.363878][ C1] driver_probe_device+0x4f/0x430 [ 1618.370458][ C1] __driver_attach+0x452/0x700 [ 1618.376779][ C1] bus_for_each_dev+0x233/0x2b0 [ 1618.383181][ C1] serio_handle_event+0x1f9/0x8d0 [ 1618.389763][ C1] process_scheduled_works+0xae1/0x17b0 [ 1618.396859][ C1] worker_thread+0x8a0/0xda0 [ 1618.402999][ C1] kthread+0x711/0x8a0 [ 1618.408619][ C1] ret_from_fork+0x4bc/0x870 [ 1618.414760][ C1] ret_from_fork_asm+0x1a/0x30 [ 1618.421079][ C1] } [ 1618.423564][ C1] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 1618.432577][ C1] ... acquired at: [ 1618.436366][ C1] mark_lock+0x11b/0x190 [ 1618.440772][ C1] __lock_acquire+0x680/0xd20 [ 1618.445604][ C1] lock_acquire+0x120/0x360 [ 1618.450262][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1618.455619][ C1] input_inject_event+0xa5/0x340 [ 1618.460722][ C1] led_trigger_event+0x138/0x210 [ 1618.465820][ C1] kbd_bh+0x1c6/0x2e0 [ 1618.469973][ C1] tasklet_action_common+0x36c/0x580 [ 1618.475425][ C1] handle_softirqs+0x286/0x870 [ 1618.480361][ C1] __irq_exit_rcu+0xca/0x1f0 [ 1618.485129][ C1] irq_exit_rcu+0x9/0x30 [ 1618.489547][ C1] sysvec_apic_timer_interrupt+0x57/0xc0 [ 1618.495348][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1618.501490][ C1] [ 1618.503802][ C1] [ 1618.503802][ C1] stack backtrace: [ 1618.509679][ C1] CPU: 1 UID: 0 PID: 29113 Comm: syz.4.5339 Not tainted syzkaller #0 PREEMPT(full) [ 1618.509698][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 1618.509707][ C1] Call Trace: [ 1618.509716][ C1] [ 1618.509724][ C1] dump_stack_lvl+0x189/0x250 [ 1618.509746][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1618.509765][ C1] ? __pfx__printk+0x10/0x10 [ 1618.509783][ C1] print_irq_inversion_bug+0x1d2/0x1e0 [ 1618.509801][ C1] mark_lock_irq+0x35f/0x390 [ 1618.509819][ C1] mark_lock+0x11b/0x190 [ 1618.509834][ C1] __lock_acquire+0x680/0xd20 [ 1618.509849][ C1] ? input_inject_event+0xa5/0x340 [ 1618.509870][ C1] lock_acquire+0x120/0x360 [ 1618.509883][ C1] ? input_inject_event+0xa5/0x340 [ 1618.509907][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1618.509924][ C1] ? input_inject_event+0xa5/0x340 [ 1618.509944][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 1618.509960][ C1] ? led_trigger_event+0x4b/0x210 [ 1618.509977][ C1] ? led_trigger_event+0x4b/0x210 [ 1618.509994][ C1] input_inject_event+0xa5/0x340 [ 1618.510014][ C1] ? led_trigger_event+0x4b/0x210 [ 1618.510030][ C1] led_trigger_event+0x138/0x210 [ 1618.510047][ C1] kbd_bh+0x1c6/0x2e0 [ 1618.510062][ C1] tasklet_action_common+0x36c/0x580 [ 1618.510081][ C1] ? seqcount_lockdep_reader_access+0x15e/0x1c0 [ 1618.510101][ C1] ? __pfx_tasklet_action_common+0x10/0x10 [ 1618.510120][ C1] ? workqueue_softirq_action+0xd4/0x150 [ 1618.510138][ C1] handle_softirqs+0x286/0x870 [ 1618.510154][ C1] ? __irq_exit_rcu+0xca/0x1f0 [ 1618.510170][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 1618.510187][ C1] __irq_exit_rcu+0xca/0x1f0 [ 1618.510202][ C1] ? __pfx___irq_exit_rcu+0x10/0x10 [ 1618.510226][ C1] irq_exit_rcu+0x9/0x30 [ 1618.510240][ C1] sysvec_apic_timer_interrupt+0x57/0xc0 [ 1618.510258][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1618.510273][ C1] RIP: 0033:0x7fc4b546823d [ 1618.510288][ C1] Code: 08 48 83 c3 08 48 39 d1 72 f3 48 83 e8 08 48 39 f2 73 17 66 2e 0f 1f 84 00 00 00 00 00 48 8b 70 f8 48 83 e8 08 48 39 f2 72 f3 <48> 39 c3 73 3e 48 89 33 48 83 c3 08 48 8b 70 f8 48 89 08 48 8b 0b [ 1618.510301][ C1] RSP: 002b:00007fc4b590fa20 EFLAGS: 00000246 [ 1618.510314][ C1] RAX: 00007fc4b5003f38 RBX: 00007fc4b5001380 RCX: ffffffff876f0fd1 [ 1618.510326][ C1] RDX: ffffffff876f0c90 RSI: ffffffff876f0c90 RDI: 00007fc4b50043b0 [ 1618.510336][ C1] RBP: 00007fc4b50003a8 R08: 00007fc4b50023a8 R09: 00007fc4b57d2000 [ 1618.510347][ C1] R10: 00007fc4b4fff008 R11: 0000000000000011 R12: 00007fc4b50003a0 [ 1618.510357][ C1] R13: 0000000000000015 R14: 00007fc4b590fb48 R15: 00007fc4b4fff008 [ 1618.510369][ C1] ? input_event_dispose+0x401/0x6b0 [ 1618.510390][ C1] ? input_event_dispose+0xc0/0x6b0 [ 1618.510409][ C1] ? input_event_dispose+0xc0/0x6b0 [ 1618.510431][ C1] [ 1618.798837][T20657] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1618.807261][T20657] Bluetooth: hci1: Injecting HCI hardware error event [ 1618.814134][T20657] Bluetooth: hci1: hardware error 0x00 [ 1618.820055][ T5961] usb 3-1: config 0 interface 113 has no altsetting 0 [ 1618.944510][ T5961] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 1618.953775][ T5961] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1618.961927][ T5961] usb 3-1: Product: syz [ 1618.966143][ T5961] usb 3-1: Manufacturer: syz [ 1618.986856][ T5961] usb 3-1: config 0 descriptor?? [ 1618.993793][ T5961] usb 3-1: can't set config #0, error -71 [ 1619.001242][ T5961] usb 3-1: USB disconnect, device number 31 [ 1620.844820][T20657] Bluetooth: hci1: Opcode 0x0c03 failed: -110