last executing test programs: 10.719766974s ago: executing program 0 (id=2781): bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xd, 0x0, 0x4, 0x0, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = syz_open_dev$evdev(&(0x7f0000000080), 0x0, 0x0) readv(r0, &(0x7f0000001140)=[{0x0}, {&(0x7f0000000f40)=""/251, 0xfb}], 0x2) r1 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io(r1, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x5, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000740)={0x44, &(0x7f0000000180)=ANY=[@ANYBLOB="601004000000cf"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r1, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000001480)=ANY=[@ANYBLOB="200104"], 0x0, 0x0}) r2 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x2002, 0x0) ioctl$SNDCTL_DSP_SETFMT(r2, 0xc0045005, &(0x7f0000001180)=0x2000000) ppoll(&(0x7f0000000100)=[{r2, 0x400}, {r2, 0x280}], 0x2, 0x0, 0x0, 0x0) mmap$dsp(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x3, 0x12, r2, 0x0) ioctl$SNDCTL_DSP_GETOPTR(r2, 0x5008, 0x0) ioctl$SNDCTL_DSP_GETODELAY(r2, 0x80045017, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) inotify_init1(0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000200)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f00000001c0), 0x162682, 0x0) r4 = dup(r3) fallocate(r4, 0x10, 0x0, 0x1062200) syz_usb_control_io$cdc_ncm(r1, &(0x7f0000000140)={0x14, &(0x7f00000001c0)={0x0, 0x7, 0x5f, {0x5f, 0x3, "5f67de58e07b4f785aa69656a50d2d5f7a0138b8599dc4577dcc5ce69e3d15f7aeb4faaf33a175f2ccdc41badb0cb27a10eb21c45f8498284c6c71d2bfe47cc7cbbf828bfbc895e145e8164b440cf07190ae8c15532768d0f1fd2c29f6"}}, &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000600)={0x44, &(0x7f0000000440)={0x40, 0x10, 0xe8, "4b033f254770a3dd173812cd062d764b8cd4ef4360f0fb7c8f825449643f2c61a0a934b9c6b950dfbd894ff210d191e92580247605b216a3ca52c49df4a2fd63eec99784d1e28fc135708cf29cec426533e85bfb177815b67a328d96f2cdc5c80ae7fed732f6d8d812ba3c8b92dd78e271b86b86150594decb5a16daeaa9e7836a4badc3f551e95b6c2a80d2cd06fd66c296693ba2b33438c8e1c775c3665387c96b02543d1e5884ddc15fa857aec9efe86d6cc81aff829e24165fdfa72bd82715f76d2907d9f8ee9a293c74786b8ad2044d381a462323401a7452c7bc3740146ba10bf9ce813c7e"}, &(0x7f0000000240)={0x0, 0xa, 0x1, 0x41}, &(0x7f0000000280)={0x0, 0x8, 0x1, 0x7}, &(0x7f00000002c0)={0x20, 0x80, 0x1c, {0xff51, 0x3ff, 0x4, 0x2, 0x8, 0x2, 0x30d, 0x4, 0x7, 0x7, 0x0, 0x4}}, &(0x7f0000000340)={0x20, 0x85, 0x4, 0xfffffffb}, &(0x7f0000000380)={0x20, 0x83, 0x2}, &(0x7f0000000540)={0x20, 0x87, 0x2, 0xe}, &(0x7f0000000580)={0x20, 0x89, 0x2, 0x1}}) syz_usb_control_io$uac1(r1, 0x0, &(0x7f00000013c0)={0x44, &(0x7f00000011c0)={0x20, 0x14, 0x4, "0426fd98"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r1, 0x0, &(0x7f00000005c0)={0x2c, &(0x7f0000000400)=ANY=[@ANYBLOB="008fcb"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r1, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000b00)={0x44, &(0x7f00000009c0)={0x20, 0xb, 0x4, "788a4a87"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 8.197670923s ago: executing program 1 (id=2802): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000300000a20000000000a03400000000000000000010000000900010073797a3000000000400000001c0a07000000000000000000010000000900010073797a3000000000090002"], 0xc0}}, 0x0) 8.098434056s ago: executing program 1 (id=2803): preadv(0xffffffffffffffff, &(0x7f00000015c0)=[{0x0}], 0x1, 0x0, 0x0) r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) bind$can_raw(r0, &(0x7f0000000000), 0x10) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x15) read(r0, &(0x7f00000017c0)=""/4090, 0xffa) 7.136737315s ago: executing program 1 (id=2811): mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket(0x40000000015, 0x5, 0x0) connect$inet(r1, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) bind$inet(r1, &(0x7f0000000340)={0x2, 0x4e20, @loopback}, 0x57) recvmmsg(r1, &(0x7f0000001740)=[{{0x0, 0x0, &(0x7f0000001400)=[{&(0x7f0000000400)=""/4096, 0x10c4}], 0x1}}], 0x4000210, 0x2, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[], 0xc4}}, 0x0) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000040)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) socket$inet6(0xa, 0x3, 0x4) prctl$PR_SET_SECUREBITS(0x1c, 0x17) openat$audio(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) 7.089746496s ago: executing program 4 (id=2812): r0 = syz_open_dev$sg(&(0x7f0000000000), 0xf9ba, 0xc40) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_CAP_ENFORCE_PV_FEATURE_CPUID(r3, 0x4068aea3, &(0x7f00000002c0)={0xbe, 0x0, 0x1}) (async) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) (async) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f00000010c0)=ANY=[@ANYBLOB="0100000000000000074d564b"]) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000002c0)=ANY=[@ANYBLOB="000000000200000035"]) 6.687559999s ago: executing program 4 (id=2813): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x2ded, 0x4000, 0x0, 0x0, 0x51) mknodat(0xffffffffffffff9c, &(0x7f0000000100)='./file3\x00', 0xc1c0, 0x0) r2 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff, 0x0, 0x1}, 0x18, 0x0) landlock_restrict_self(r2, 0x0) renameat2(0xffffffffffffff9c, &(0x7f0000000780)='./file3\x00', 0xffffffffffffff9c, 0x0, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$BPF_PROG_DETACH(0x8, 0x0, 0x0) r3 = syz_open_dev$sndctrl(0x0, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r3, 0x40045532, &(0x7f0000000000)=0x7) syz_open_dev$sndpcmp(&(0x7f0000000440), 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) r4 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) 6.569285851s ago: executing program 1 (id=2814): r0 = syz_usb_connect$cdc_ecm(0x0, 0x5a, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a4400001020301090248000101570040090400000002060000052406000005240000000d240f01000800000000000000042402000905810310"], 0x0) syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e"], 0x0) r1 = inotify_init1(0x0) inotify_add_watch(r1, &(0x7f0000000000)='.\x00', 0x200067d) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f00000002c0)=@file={0x1, './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa'}, 0x6e) bind$unix(r2, &(0x7f0000003000)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000280)={0x28, 0x0, 0x2711}, 0x10) getsockopt(r3, 0x1, 0x4, 0x0, &(0x7f0000000040)=0x13) r4 = openat$nci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) close(r4) syz_usb_disconnect(r0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r5, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYBLOB="6c000000020601000000000600000000000000000e0003006269746d61703a697000000005000400000000000900020073797a3000000000240007800c00028008000140ffffffff0c0001800800014000000000050014001f00080005000500020000000500010006"], 0x6c}}, 0x0) r6 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[], 0x0) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_disconnect(0xffffffffffffffff) r7 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000000), 0x208e24b) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='numa_maps\x00') lseek(r9, 0x1000000, 0x0) ioctl$EVIOCGMASK(r7, 0x40045b17, 0x0) 6.42703549s ago: executing program 0 (id=2815): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)={0x28, 0x9, 0x6, 0x201, 0x300, 0x0, {0x2}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x28}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a54000000090a010400000000000000000000006008000a40000000000900010073797a30000000000900020073797a32000000000800054000000033080003400000001408000c4000000000080008"], 0x7c}, 0x1, 0x0, 0x0, 0x480c0}, 0x0) 6.273038141s ago: executing program 0 (id=2817): r0 = openat$kvm(0xffffff9c, &(0x7f0000000080), 0x2000, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) syz_open_dev$usbfs(&(0x7f0000000080), 0x76, 0x101301) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) fsopen(&(0x7f0000000180)='hugetlbfs\x00', 0x1) socket$inet6_mptcp(0xa, 0x1, 0x106) socket$packet(0x11, 0x3, 0x300) socket$alg(0x26, 0x5, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="6400000010000304000000000000ffffffffffff", @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c000200200000001f000000060001000000000008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0) 5.805658364s ago: executing program 0 (id=2820): io_submit(0x0, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$nl_netfilter(0x10, 0x3, 0xc) eventfd2(0x1, 0x80801) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0) syz_emit_ethernet(0x4e, &(0x7f0000000080)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd600c0a3500180600fe800000000000000000000080fe00bbfe8000000000000000000000000000aa00004e22", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB='`$'], 0x0) 5.769431664s ago: executing program 2 (id=2821): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) bind$can_raw(r0, &(0x7f0000000000), 0x10) read(r0, &(0x7f00000017c0)=""/4090, 0xffa) setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000340)=0x1, 0x4) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) sendmsg$can_raw(r0, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r1}, 0x10, &(0x7f0000000200)={&(0x7f0000000140)=@can={{}, 0x0, 0x0, 0x0, 0x0, "5b7ba3698f28aaf0"}, 0x10}}, 0x0) 5.418938164s ago: executing program 2 (id=2823): r0 = socket(0x10, 0x80002, 0x4) sendmsg$nl_route_sched(r0, &(0x7f0000002980)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000029c0)=@newtaction={0x44c, 0x13, 0x1, 0x0, 0x0, {}, [{0x438, 0x1, [@m_police={0x434, 0x18, 0x0, 0x0, {{0xb}, {0x408, 0x2, 0x0, 0x1, [[@TCA_POLICE_PEAKRATE={0x404, 0x3, [0x5, 0xfffffffe, 0x7, 0x4, 0x58c, 0xcb33, 0x0, 0x5, 0x6, 0xdc, 0x10000000, 0x6, 0x3ff, 0x8, 0xffffff8d, 0x4, 0x8, 0x2, 0x2eb, 0x8, 0x8, 0x8, 0x5, 0x0, 0x46fd, 0x7, 0x7, 0xc, 0x100, 0x8, 0x6, 0x7, 0x3, 0x8000, 0x0, 0x3, 0x4, 0x1, 0x3, 0x8, 0x7, 0x4, 0x3, 0x9, 0x200, 0x8000, 0x400, 0x6, 0x9, 0x80, 0x37, 0x61ac, 0x280, 0x9, 0x5, 0x7, 0x800, 0x0, 0x3bf4, 0x4, 0x2, 0x7463a498, 0x100, 0x9, 0x3, 0xd1, 0x8f67, 0x8070, 0x7fffffff, 0xfffffff7, 0xfff, 0x3, 0x3, 0x7b04, 0xffffffff, 0x1000, 0x3, 0x0, 0x6, 0x2, 0x100, 0x3, 0xa04, 0x6, 0x8, 0x8001, 0x5, 0x9a, 0xbe3a, 0xb14, 0x7, 0x9, 0x6, 0x20, 0x6, 0x9, 0x2, 0xe000, 0x4, 0xfffffffd, 0x5, 0x0, 0x3, 0x9, 0x800, 0x3, 0x4, 0x9, 0xfffffffd, 0x4, 0x80, 0xc8, 0x1, 0xbf, 0x1, 0x3, 0x7, 0x9, 0x4c040000, 0x401, 0x7, 0x0, 0x98, 0xad9, 0xffffffff, 0x800, 0xd, 0x1, 0x2, 0x2, 0x4, 0x75c, 0x7, 0x3, 0x8, 0x200, 0x1ff, 0x8, 0xffffff01, 0x10000, 0x9, 0x2, 0x4, 0x6, 0x7, 0x570, 0x4, 0xffffff6a, 0x8, 0x3, 0xf, 0x2d, 0x6, 0x8, 0xb, 0x8b20, 0xf, 0x6ce, 0x10001, 0x7, 0x7, 0x4, 0x800, 0x200, 0x1, 0x2, 0x2, 0x6, 0x3, 0xa33, 0x7, 0x3, 0x8, 0x6, 0x57687621, 0x7f, 0x0, 0x35, 0x7, 0x1, 0x18000000, 0x8, 0xfffffff8, 0x101, 0x80, 0x4, 0x4, 0x4, 0x5, 0x3, 0xf, 0x5, 0x0, 0x3, 0x5, 0x2, 0x0, 0x3, 0x7a, 0x5, 0x80000, 0x2, 0xe, 0x7e, 0x8, 0x99, 0x2, 0x401, 0x8001, 0x9c92, 0x3, 0x58, 0x2, 0x4, 0x6, 0x8, 0x401, 0x0, 0x2, 0x10, 0x7f, 0x2, 0x10, 0x2, 0x0, 0x8000, 0x7, 0x9, 0x7, 0x3, 0x42, 0x6, 0x1, 0xfffffffb, 0x9, 0xffffffff, 0x8, 0x5, 0x6, 0x9, 0x1, 0xd7, 0x0, 0xfffffffd, 0x5, 0x5, 0x8, 0x3, 0xfffffffd, 0x75, 0x2, 0x7, 0x1, 0x5, 0x7, 0x3]}]]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x2, 0x3}}}}]}]}, 0x44c}}, 0x0) 5.19372938s ago: executing program 0 (id=2824): recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) openat(0xffffffffffffff9c, 0x0, 0x200081, 0x8) r0 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) syz_emit_ethernet(0x60, &(0x7f00000003c0)=ANY=[@ANYBLOB="e33110495bfdaaaaaaed310086dd60cb653e002a3afcfe800000000000000000000000000000fe8000000000000000000000000000aa8900907800000000200100000000000025fe000000000000fc01"], 0x0) 5.159954367s ago: executing program 2 (id=2826): r0 = socket$inet6(0xa, 0x1, 0x100) setsockopt$inet6_int(r0, 0x29, 0x2, &(0x7f0000000040)=0x5, 0x4) r1 = syz_open_dev$evdev(&(0x7f0000000040), 0x3, 0x2000) close(r1) r2 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000075f84c1071042703a461000000010902120001000000000904"], 0x0) syz_usb_control_io$uac1(r2, 0x0, 0x0) syz_usb_control_io$hid(r2, 0x0, &(0x7f00000003c0)={0x2c, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, &(0x7f00000004c0)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000100000011"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r2, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r2, 0x0, 0x0) syz_open_dev$sndctrl(&(0x7f0000000000), 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000001080)=[{&(0x7f0000000040)="a72d11a15c048c0a7d63aebc5cea1f81510ff6091475aeec600831aa9d3944e60bc2ad06a619c560aa0118b28f68f1eb14549d633b4b23f179fb680716faa43414787559be90843c35ab30acad8a6740140e00721abc2eb362f7bde53b3c992d3e28ccc20ec84fdc569947047f6c09a647ee8c0a747b951e66c068ccf1af93ee9e6f9528ff79e2f989383b05a690a6bec4634b867c9446c1c644b3010e8a3514c6328323b4bbdd602b8f0dace6aea70902c4ddd2a2f2810f1348b0d0df3c1e6a5938fcfdc87e7580c6be0c6a06eca62d6f787dd16add086a21391c4c707d8b61929d1252681b84c245e0efafe2e6e73ad86a3cf59235ab0eacbb414af92ec3cdac420a064a98e8cc18bdf63f8997f96436e0fe6f06fdbf47fff353b01a861babd4a38d126bfe3e29049e6cc883e6efae6e70ef9ed124b1b09887a58c991e223b6420dca5ae238027e91b17b1707dc5c0d5f59f0ca95614f1ea1d263c1ee54dfe31ae35eb3c8e3b931dff7920c57fbba89adf2e392c1ad719b90c7ade0d38ff9792934ef1fb12f51d8e2fad12486d5883d5b1a46696fad128c6805cfb25bc6487e1e407d6b266971b09d0d864a7a550284e24b6cdc9f4ae1081a638175dffef002c76ac5558d23e41edbe68f4b4950a13aa000326dae5a857603dc5a40d6c6618a98c7b6e1eebd325ea2c14601a25658965f40864fd015d9b2fff83ee5ed3212ebd9fa429f0140f633556ac07c0c08e67a1848c9942ecc47dd4ffede9a429e9e0472be7cdbcd117e621ddf745c00a814ffff0224634472577dc0b35a9c153409f1a2bddc193b20b4d244d9cbbd59816c46000c596865f58b4e640ed4a9ab6086cede697fb113560925498da83273e679e0e28b84961eb7b9c9b4fa916590965c76b48e5d453f27a821bd2bf0946ff2413ec30f7893d1f046e18f736c40ceda26dfc4a0a62f71a3606d3f72c0a858dfd7895e2572292e11af913c6b513a141d28e501ae7c49618d104aac9abb78466a636efb88120d0eef0a501558a5aa34784a9823f2802a0bcdf318f9b436b34b42a2a7cf513f80364ad9a699d2e23eb4f3a2bbce818bd20da61882b3dac699d05dc24f29b72471b712423ace6278c43df2be7a09e815517b86d8b3ce16af3d64a575958c5fd52aac53b391f3d2a67c24c6c13ec11428b61b80a6a58cbba1790a98d190a572070f63fc0b809669895ea9865c3066b06102f6f2c7171dc7f76e1931b3e4deb569ef9d07d5f86a848f50942e93c419c3a23489f14803b08182dfd48b8d4375be6b7f805a21209c05e5927693a8834c8d5a5acbd47ed8a30a8a741d1ad77639b56b3b90c0b2023fa334befd28b2e27cbcd94b0ce7437f88ce67a925cea6d6d7e5313de6d328b1124a8b9ef83fe39ca3da97d33c60b7fd4af67d3c8fccb595a27a5bffc71e5a5b2ec966828993b0c0f83cbc55f9a7fb66a4101d5c83b77885072b6e2b2ceebe32f635509698c05089b9ff1cb1959b211e114dadb224ef2d5e7a3c55b3ac00fcdc9018577603c6301e5d4341b3d7eeb2665349d448d28d5d108f576408cbe533a6adbba18ebb2d84bb9af81108506a2f50fb56d595579000747930449fdf4ed01715ec624a0cb73636a35b9136f10b79e3d7ded09008b92e92c64e26e6b6d17f18b70b1d9813de8d2ff151c7a6a0452c660a57c33f13e2d9b88fa5f5c0505722d2e787a425e4a3e9b5efa9668e9199f5fb9fe7d5b8a57719a57df152e7f2c6a1087a2a24084f82455b65353a70559f04d5ed12defb81497ea69c1c7e69c373524770b7473c16a69c7a3648a9dd93377b89cdff61cf62512d1ee67a55ea67993937c1f55a2179bc9c8a337364cfb84d295adda1ad9700fc2f5c11cbfc1b90affb4666c6e7e23a6f7751410a5651819f29f690c6dba2b8a67e0f7f8cc377feb1854c393578994c85391ba21b3961aed477f771645571dc7d6cae72bf79c82a92a4edc3742b1398060a0a5c9e81c016b7f2ae3db529c6ff824cc28678764d8ab49d7dc68e5b0556c9e7ffb6fef442776d86fbd458741830e57f22a1f8513b92abd5b2df93a67cc560134078f0b8ecc3276e40aadef5cd579888b86b4988f396679250701f3869e7493b33692035ecd94aca5189fd0a0893ccc5bb19c0b4caca86cf90ebc2a5558f39cccb33f6773a4e425bf551fb3b6456ee1cc62fa1843a9e5539bb2d02ae6ef82533a9dbcfb562c1ab18c1f639ae7ff02083746f74a15ba2d10e4b955940a5d6f488d326a99f287c48ad463ce40367aeeff519cbad0a2d7fdbfa48bff75955467977764c2be2bd2ffa18396c46920c40c50a4037003666406d177e2cd20aee423d07169d8f611f635ba0b62b61265ff2c5548446a2423dd1038482b6852b2d9d2f90aa05d82c5e2c3d1af0c7aad72d82b3da67471af7b037bb0424a785e73f35b5a10a2ab300a195c20cd119a5390e0cd5d49c70bd80883b933e843d0d2902749dcf3c140c708a0f004b7a2f50bf311305dc01719016fcce5863815ca7951de710fcb71cd177551ff6fcd9f8bf01b93868f24c6129b6d7917125338cf62110083093fc7f862015d48450d992f2bb43e601cab19b2ea7b83962a382fc2a31fdf2358bf8a9a9e506eaa7b6eb5e7444d1ef459b24ffa51362abce902dfd84201a0e4b5a3b62757aad54fb65b83821c6bba663886de092065a565921ea3eb6781bb8ed4f4db3abcfeeb379b7e52fca790bea719918e299ab01bf5e92177d134360bf7a16a59e9d03d3dcfb0a25599237e3d41b3f0026c9402b1fb1894426303413a2cbcf7c72807ca694afa285990d07c3bca26413c9947b3b344aafc04544b8c11416e0312b028da7302e316c3966d41884b15055a49a4a0b3eac8e11f88a5615fb0af582f065d28e5a454447e9d0cfc60356439ebf7e1d0a00f5b9cc6daf2bd7195ba96b4d1a0679ff0fb1c01282c378a880f90f460889b67d76d4d0e8db6c928d113533d1d10b810303c43d8ff622c5bab7f095b96e64bf9daa48a2bdf3d9d40bac00cf1b66df61a4f7c3e21938e876f81b1179dce6a008f28eb682cae690ced0ea0d542da604d8056f2b1813ed36683c4c51aeb2650772cfb1c55d4e60604ff06344cfc271b2175a6c94defb807af240b483e24298ca73bfc743ca2ca2e77e6d5b817b3c1986601537faf59ac84c74d8bd0c068cb8e6bd03ac2dcf5793fb4a00b3c901a33aa3ee86e4f0db317b94bb8678ab26e36d305ebac4b0f7f164947148255b562dd0f87648499d45bccfb7d8c9d5624cadf8160a396e79fbcdc100058ba4606e41c02fb2cc0dc6c36196bd28acfde82a18cda2321d2d83fecd3b85380667cd1d0bc68298c6c8f10421a80c8fa86912b6c3e8ddd9d9668520d5151409e6b77f0d7730b374a68a744151bfbd123cfdf871e8c24e70d2ca3b50e84a48e0b78c1781000cfc848d43584985763a76c0ab9ba882c55e3e4aa8f2174255db38adb8350b48a77be22a869d13d183325f859b883464e5e46de5ea8a92532b9a794daaeff657cd361f7f158f8bebe36e9de1f5b9721d4263dcc9472229bc02d3f552180abfb25ca7aa36cb914d99c09fd5bb99dcab9b4e3c634d18fc7dfe84dc4425ad1e39c3e7410d49b4ea0a8a2958688c7725822f6dfc0827d19dc385e0e35a949941e4dd1aaeaab9ebe402f8c584bca7efc829f2ccfb63fd7bde1c182a67c14f9d3f033ca674e2604e89cd55a15419f956cd61a755c1b13554dae98e77be078aadfc131c9677381f1dbe6ef194eb17603a463e8b844ab46a6046e1f07d96d66de669359bff4c3d80948a4de3abb2f171a09b5d8999c379fb62244114e218c79805df7d899e5661320ee6721d652b95f09e4dfe69bd67099c73294b17ab574e0b966aa3ab44478965b9dca3cb3b9282945f24ccdd07c638ae25a84a728ca24f87ff49d718121a694be46f3616e27b1041b3c6cd24b9cf775bfc28dfbe0a009048f0599f2d5d6586cfd1e7f7fe69872d08b98f60d28e6af0d49d7f06ad71a7b5c41df261aba5de114022c7288bc265cc17909fdeadc3d7b256d7ab3b96e40f857060f16b54a6bb7248ee571f87ace5ee39eab412706cf52fa711468b21ea129c3f44bceb429fcc1a0ac2aa87b9365077dcfcfa9a1b32a0a09699197c20019a66cbd0a897feab3706c23123b888ada643d4560082033e31596b0483578968e3c9593ebd97141c228a42fc7645f92171c120aabca36657683fd7c72fcb87217f124d6fabc52f1d221d8410b47b0ad4bd944bf4085365e9b52a53911ab4ee142c5a1ebbe034c9d98c538c066f2dc0acf372eb2397dcac765055123e0ba19be22b18c886bf0f7490abe9fde91ffa62e059962bd134be8501cb5b715a744b1398e2c4c7e8afe72e189dda0654296afa1c1f99ab7d800fa40f72a758625c833b6fc7b7d42250522b456e1e7de815350c36c9cb2f4d1c9cb99109f89b456c559463f11b8b58247809b17a4ed4912bd0a47a529f1364d6dc593ea7f3eb98962078ac90e5012ee1c7b4b9ed5a8c7a9c0231b4ce425693faab64fa0f3482a04d4be2e06ee5d103694d288810a1a7f4d1e908dd82dd2016a064ece5cd67ef1dd5f4cda728fc6f1ccdd949dd8f775d862621507248ef4c83ae274969d19c7ddb02a4e8a1ab2b7aa539a442b22735ceedeefe60a1059dfaaa0979ce8d5387b5a047841fd9749b88ca91216b02d7926408a01916b7781bb7167528ccdb9a486d173437a5ba3e552c8674dff2cc9b21054e0e4f86b61b8723fca58ceef4413bffae9e9be79c5b9788f5449811ce78be9bc7a86375a670197baaef751beabcba0aa6c7c33f1cd702cb78ec39fa1f17d9da733d6abf2b80f9c51ac8f6f664b24edc53a7c9525c3016bd05c67272375fe816b2b121f2de68b885a0fd8f8b8c6c342237b632f6414a3eb3480f5f42106c5812e9bfd4e8c8dea8d08525d9aa1da7c7c2ee7ff3d31b79b211dd01e304a8ffc83a89a59f3b1e2ef5e969b6d90bea7e161066f25622fad914bff52bacd2807093dda1838b529ee57f718b374ce2841b924a42457867547a6edcb8412d85f11796742bf640b5819a9546357df778c332af5983c4373a95d9c58b52dba445eee92e6911824f0c534e7a5934d9eac9b7f6fec22002fc53a3003a3304217f567b47cd326edc5f48eb1f46bb20d1e10e72239afc9769344590cf48902aba5405b7d4baa31a912ab398a2f2d3f037614bb56a89244ece50f3a1e058d274f1e70f944eb8a305be91e561e5eb843d057a81f4deb84a6335ec81ca964cdae5f318d4e9aaea2c477cc279c00c698bcfe4b8e04c09079d8f3f5438d9d45a00f50d2f9", 0xec1}], 0x1}, 0x0) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r1, 0x5452, &(0x7f00000001c0)) bind$inet6(r0, &(0x7f0000f65000)={0xa, 0x4e20, 0x0, @loopback}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0xfffffefffbfbbfbe, &(0x7f0000000100)={0xa, 0x4e20, 0x0, @empty}, 0x1c) sendmsg$inet6(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000140)="420ec6a90ef170729ab4f2d0107f5791c2e092444f09ab02df80b04029258b8119d483559bb2cacb217ec97438c03ae4b4ce3a74b9cd2a3ce0443965972e324ec558ccaff8f9f4d3ccd5c4a6f0a2e0300b301ef8b8d01d8408c90a1cf8353205056d560b", 0x64}, {&(0x7f00000001c0)="bf685ddd990e7186fc5c1749c1a66004ddb112aafab8130d57abece567e508a219ad8601bd595c16cbe882c64539e1738782877f585a2a1ea6ebe179bdb5d409420718c8bc57a22ec2cc19c6581a1fe3270c53de03279d2fd23a46d95c6d8272bad125a45f6ddd38808e5ee2494803031cf14fa0ccb631e9cf3d2a883f697400c41a5511a43101b5ff285274b9efadf9ba30165b230536ccd659cdb8103a7e39bbbb787fa18314e22b541d8c4050d380b00541a84b66a7132f6785fbc3eef24b96d93437e5e5c9b97dd0f93234c3ef4012aa7e9e7eb4dcb7e3bbf51b89f107d57f6ef25c1862225a30e6af81b61d0014b0fe553d8fea5db7fe0d", 0xfa}, {&(0x7f00000002c0)="d791b992edfcf2df4e2fdaaf9fc0c0961d14b0c294c944711cac921213b5e697e2c58e0bed51a5d50de1d0d63eb63c89bdef31c1de23e5e08bad8317f77d800f164fdb4f7cb36b7c08558b0ea65bdcd12141689db32b5d7e5c908d8bb6f0ea", 0x5f}, {&(0x7f0000000340)="250444cffb8507259a796d90e5732de6d9f4b7d73cfd0afcfb60985285c1954f94657be99d84a0d9c423376fe6df62a72a387bace2171dd6afc630d231275f2674f0e7a1fae5e419f8b11571264514b19035fab44a302a08c01f5228099ee5f83d490e58b60db8fe1342526e3990a82a70b61f76df02639f9ba250a57f53dca6997b0da11a14a4fef565c3210a5d58955b5cda03c2f19830869d3fac598fa88e", 0xa0}, {&(0x7f0000000400)="f0264d0f42ee7adf9f9d0368839398129d3d1b05dab0f38423155b49e8e0d1415e3d7c32579147de4e29a0640d016f4f26b73c03402f962f0b653582b2c3fe97a3cad6836cdd8e47157539df33d3e31987d063b23a5a907bfd663e1a1b01d0fb91c56bef", 0x64}, {&(0x7f0000000480)="a2ffb2907a0e7ed717efc9b498147d456653f8cb7bd0ff867bb995955a20c8e3e35f97bfa209d717edfa41f7afbe7fb004b12d9cb36bea3150436839ba4b987be0f62b4b47424d8144c5a4228314ec33f8eece94c7866b615b9e14b70d62894f7d357151a1e8152f98af246c3ea2cd506cdaaea204a9ee8a0b311a1004189ec3f5c45f6f00d661c99168c41f4b71d54e337b3244dc915016d55aa446067a5cdabacbedaa62293e79f00c3b8df5227156ffdb638bf6b4196dcd498223e5be5881edb657d94b8afb8b50dfdcf159e93a4c3cfad71ba73a8d7061ac3e1a5f5e701645b0c283369762c154d4", 0xea}, {&(0x7f0000000000)="3a6beae8fc754dca99c5c0e00b671e928ceafa513b938453cade95993f02e11882f59f9f89969556091a6b28bdc4d69669eb", 0x32}, {&(0x7f0000000580)="b6baad92dda9619a2143dd37bf61646ead0e7e5953ca59764a4d3acd260be0824edd1b089d5caec1c5c947d74f6cca1135eb6d4791503f4bab471d8d5ac4dd62fc7ba17b2338979c1eb308c321a203f707a1354e90183533c44603c505c053ba104a2fe2", 0x64}], 0x8}, 0x40) 5.023497171s ago: executing program 0 (id=2827): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)=@newtaction={0x48, 0x1e, 0x109, 0x0, 0x7000000, {}, [{0x34, 0x1, [@m_mirred={0x30, 0x108, 0x0, 0x0, {{0xb, 0x9}, {0x4}, {0x4}, {0xc, 0x7, {0x1}}, {0xc}}}]}]}, 0x48}, 0x1, 0x2b1e}, 0x4) 4.98397483s ago: executing program 3 (id=2828): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000700)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="50000000070601020000000000000000000000050900020073797a32000000000500018007"], 0x50}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 4.982791154s ago: executing program 4 (id=2829): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05000000000000000000210000000800", @ANYRES32=r3, @ANYBLOB="08009e"], 0x24}}, 0x0) 4.838823209s ago: executing program 4 (id=2831): openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x2080, 0x0) r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) r1 = openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sendfile(r0, r1, 0x0, 0x20000023896) r2 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r2}, &(0x7f0000bbdffc)) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$TIOCSETD(r3, 0x5423, &(0x7f0000000040)=0xd) r4 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') write$binfmt_aout(r1, &(0x7f0000000740)={{0x107, 0x3, 0x1, 0x20b, 0x215, 0x4, 0x31c, 0x2}, "55ebf8926490e5d56ef0f379e46796c1d67eeb732603a0217cdb19adadf7fc638dd51a03ad8dc947f006998cc52c2c69479a781bd1a6b8ef68ed62145118b79a604763d9b9bf033d92daf1066fb23c6e9324cbe9696457c5b21e9d0a640c7d88c1d6af8e17dc4fd2041decff0ba56ec858b04d043b2aec04a895803e4893bbcaf6f4ca69c86bc1e45e87c2ce716aabfa3da88331274316cc247d61ee4aff9be861cc50dac7d989e42d0a0bd07cf878789e3f5beee514270a1a", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x8d9) write$RDMA_USER_CM_CMD_CREATE_ID(r4, 0x0, 0x0) timer_settime(0x0, 0x1, &(0x7f0000000300)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r5, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x3a8, 0x1d8, 0x12, 0x60d, 0x0, 0x202, 0x2d8, 0x2e8, 0x2e8, 0x2d8, 0x2c0, 0x4, 0x0, {[{{@ipv6={@private1, @remote, [], [], 'veth0_to_team\x00', 'macsec0\x00'}, 0x0, 0x190, 0x1d8, 0x0, {}, [@common=@unspec=@string={{0xc0}, {0x0, 0x0, 'bm\x00', "000000165a2e2e0617ae5119b5135c2aee68d23a465cd431e1ecef50c3234e082555f672225d6147864fa03182f5cf11d8c348cbd06dc8de1dcbde7d4e252c3394fed47bf78c70f607b0178fa5ea335019ac05a602061c96baebc989f1f34a214e6726401fe4b124e0f7323a587d2a1fcf07000000eca0a7b66c60c527bac2b5", 0x7, 0x2}}, @inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@uncond, 0x0, 0xd0, 0x100, 0x0, {}, [@common=@hl={{0x28}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x408) syz_genetlink_get_family_id$mptcp(0x0, 0xffffffffffffffff) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) r6 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x0, 0x0}) r7 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) syz_open_dev$usbmon(&(0x7f0000000280), 0x0, 0x0) r8 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x0, 0x2, 0xbedffffc, 0x0, r4}, &(0x7f0000000100)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r9, 0x4, &(0x7f0000000400)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r9, r10, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r8, 0x47f6, 0x0, 0x0, 0x0, 0x0) syz_open_dev$usbmon(&(0x7f0000000700), 0xeba, 0x101283) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ppoll(&(0x7f0000000200)=[{r7, 0x1002}], 0x1, &(0x7f0000000240)={0x77359400}, 0x0, 0x0) fsopen(&(0x7f0000000280)='ubifs\x00', 0x1) write$vga_arbiter(r7, &(0x7f0000000040)=@other={'lock', ' ', 'io+mem'}, 0xc) write$vga_arbiter(r7, &(0x7f0000000080)=@other={'decodes', ' ', 'none'}, 0xd) close_range(r6, 0xffffffffffffffff, 0x0) 4.826780339s ago: executing program 3 (id=2832): r0 = socket(0x10, 0x3, 0x0) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000300)={@fallback=r0, 0xffffffffffffffff, 0x5, 0x1, 0xffffffffffffffff, @void, @value}, 0x20) r1 = socket$inet_smc(0x2b, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0x9}, 0x0) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xe9) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) pread64(0xffffffffffffffff, 0x0, 0x0, 0xc2a) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x2000000, 0x12, 0xffffffffffffffff, 0x0) r5 = socket(0x22, 0x2, 0x4) ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x80044942, 0xfffffffffffffffe) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) write$binfmt_register(0xffffffffffffffff, &(0x7f00000000c0)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x1000, 0x3a, '/dev/bus/usb/00#/00\\\x00', 0x3a, '/dev/bus/usb/00#/00#\x00', 0x3a, './file0'}, 0x51) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x2, &(0x7f0000000500)=[&(0x7f0000454000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil], 0x0, &(0x7f0000000000), 0x2) listen(r1, 0x0) close(r1) r6 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$SG_IO(r6, 0x2285, &(0x7f0000000340)={0x53, 0x0, 0x6, 0x0, @scatter={0x0, 0x3, 0x0}, &(0x7f00000000c0)="bb5abc6b15f3", 0x0, 0x0, 0x32, 0x2, 0x0}) write(r0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 3.632264162s ago: executing program 4 (id=2833): r0 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000080)={'vcan0\x00'}) bind$can_raw(r0, &(0x7f0000000000), 0x10) read(r0, &(0x7f00000017c0)=""/4090, 0xffa) setsockopt$CAN_RAW_RECV_OWN_MSGS(r0, 0x65, 0x4, &(0x7f0000000340)=0x1, 0x4) ioctl$SIOCGSTAMP(r0, 0x8906, 0x0) 3.217700533s ago: executing program 1 (id=2834): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) socket$packet(0x11, 0x2, 0x300) sendmmsg$inet6(r0, &(0x7f0000019680)=[{{&(0x7f0000000100)={0xa, 0x0, 0x0, @loopback={0x0, 0xac141414}}, 0x1c, 0x0, 0x0, 0x0, 0x0, 0xfeffffff}}], 0x1, 0x20004855) 3.088915858s ago: executing program 1 (id=2835): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r0, &(0x7f0000005480)=[{{&(0x7f0000000280)=@hci, 0x80, &(0x7f0000000300)=[{&(0x7f0000000440)=""/89, 0x59}, {&(0x7f0000000580)=""/150, 0x96}, {&(0x7f0000000640)=""/237, 0xed}], 0x3, &(0x7f0000000740)=""/109, 0x6d}, 0xfffffff4}, {{0x0, 0x0, &(0x7f00000008c0)=[{&(0x7f00000007c0)=""/203, 0xcb}], 0x1}, 0x40005}, {{&(0x7f0000000900)=@un=@abs, 0x80, &(0x7f0000000980)}, 0x14}, {{0x0, 0x0, &(0x7f0000001f80)=[{&(0x7f00000009c0)=""/228, 0xe4}, {&(0x7f0000000dc0)=""/4096, 0x1000}, {&(0x7f0000000ac0)=""/31, 0x1f}, {&(0x7f0000000b00)=""/180, 0xb4}, {&(0x7f0000000bc0)=""/84, 0x54}, {&(0x7f0000001dc0)=""/10, 0xa}, {&(0x7f0000001e00)=""/49, 0x31}, {&(0x7f0000001e40)=""/28, 0x1c}, {&(0x7f0000005680)=""/222, 0xde}], 0x9, &(0x7f0000001e80)=""/150, 0x96}, 0x6}, {{0x0, 0x0, &(0x7f0000002280)=[{&(0x7f00000004c0)=""/15, 0xf}, {&(0x7f0000002100)=""/227, 0xe3}, {&(0x7f0000002240)=""/62, 0x3e}], 0x3, &(0x7f0000000500)=""/10, 0xa}, 0x101}, {{&(0x7f0000002300)=@rc, 0x80, &(0x7f0000002780)=[{&(0x7f0000002380)=""/170, 0xaa}, {&(0x7f0000002440)=""/255, 0xff}, {&(0x7f0000002540)=""/109, 0x6d}, {&(0x7f00000025c0)=""/109, 0x6d}, {&(0x7f0000002640)=""/243, 0xf3}, {&(0x7f0000002740)=""/7, 0x7}], 0x6, &(0x7f0000002800)=""/4, 0x4}, 0x2}, {{&(0x7f0000002840)=@ieee802154={0x24, @short}, 0x80, &(0x7f0000002e80)=[{&(0x7f00000028c0)=""/188, 0xbc}, {&(0x7f0000002980)=""/151, 0x97}, {&(0x7f0000000500)}, {&(0x7f0000002a80)}, {&(0x7f0000002ac0)=""/82, 0x52}, {&(0x7f0000002b40)=""/213, 0xd5}, {&(0x7f0000002c40)=""/146, 0x92}, {&(0x7f0000002d00)=""/131, 0x83}, {&(0x7f0000002dc0)=""/168, 0xa8}], 0x9}, 0x3}, {{0x0, 0x0, &(0x7f00000052c0)=[{&(0x7f0000002f40)=""/129, 0x81}, {&(0x7f0000003000)=""/4096, 0x1000}, {&(0x7f0000004000)}, {&(0x7f0000004040)=""/34, 0x22}, {&(0x7f0000004080)=""/90, 0x5a}, {&(0x7f0000004100)=""/4096, 0x1000}, {&(0x7f0000005100)=""/63, 0x3f}, {&(0x7f0000005180)=""/61, 0x3d}, {&(0x7f0000005200)=""/172, 0xac}, {&(0x7f0000005b00)=""/4096, 0x1000}], 0xa, &(0x7f0000005380)=""/211, 0xd3}, 0xbb}], 0x8, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000c40)=ANY=[@ANYBLOB="020000000400000006000000aa0b000004080000", @ANYRES32, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="0000000000000000000000000000000000000000ff0500ff000000007f32373bcc53e582960c10049473ead18f1d8305e1dad323e00010947b0e9008121f2156c9894ae5318c5296996832dfb0e1229d746785935730c3b43cab6e1fb5292aa2ce87d8af9d0644da3f2fc4bf1a64b48825bad1ca95397c8286037a659e5ebd36b82f8b6fb1fdb01a6ddbdaadc9f83ee464a5de572b7f9c393d2ce2c50626a1e59f4ee065453eab2ef58c97b5c7ce59909dbca8495d59a9f2b7d26539f24ea31688e571504c83e28ad222a8"], 0x50) lstat(0x0, 0x0) ioctl$AUTOFS_DEV_IOCTL_TIMEOUT(0xffffffffffffffff, 0xc018937a, 0x0) syz_pidfd_open(0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000001c0)) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x2b, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) prctl$PR_SET_SECCOMP(0x16, 0x1, &(0x7f0000000180)={0x2, &(0x7f0000000040)=[{0xb, 0xf8, 0x8, 0xbf84}, {0x9, 0xff, 0x2, 0x8}]}) write$USERIO_CMD_SEND_INTERRUPT(0xffffffffffffffff, &(0x7f0000002a40)={0x2, 0x90}, 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x161642, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r3, 0xae9a) syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x0) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x81, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x1, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x2], 0xeeee0000, 0x200}) ioctl$KVM_RUN(r3, 0xae80, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) sched_setattr(0x0, 0x0, 0x0) ioctl$VHOST_SET_LOG_FD(0xffffffffffffffff, 0x4004af07, &(0x7f0000000340)) setrlimit(0xf, &(0x7f0000000000)={0x1, 0x3}) prlimit64(0x0, 0x7, 0x0, 0x0) 2.446950283s ago: executing program 4 (id=2836): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) unlink(&(0x7f0000000080)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(aes-aesni)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000c18000)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000400)=[{0x0, 0x0, &(0x7f0000000300)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="c21504239e1dc595f0766418b856f059", 0xfffffe99}], 0x2, &(0x7f0000001a00)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x0) r2 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0xec25, 0x0, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000240)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) syz_usb_connect(0x0, 0x3f, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000e5876e4040200516940a0000000109022d00010000000009040000035883b200090589000000000000090585"], 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x1, 0xf, &(0x7f0000000200)) r5 = syz_usb_connect(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="31010000dccd5e08cb060700000000952301090224000100007e000904340102d469e70009058a", @ANYRES64], 0x0) syz_usb_control_io$uac1(r5, 0x0, 0x0) r6 = socket$inet6_udp(0xa, 0x2, 0x0) r7 = syz_open_procfs(0x0, &(0x7f0000000080)='net/tcp\x00') read$FUSE(r7, &(0x7f0000004440)={0x2020}, 0x2020) setsockopt$IP6T_SO_SET_REPLACE(r6, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x358, 0x0, 0x4c, 0x1a, 0x160, 0x73, 0x288, 0x258, 0x258, 0x288, 0x258, 0x3, 0x0, {[{{@ipv6={@private0, @local, [], [], 'wg2\x00', 'macvlan1\x00', {}, {}, 0x73}, 0x0, 0x118, 0x160, 0x0, {}, [@common=@inet=@l2tp={{0x30}, {0x0, 0x0, 0x2, 0x0, 0x7}}, @common=@unspec=@connlimit={{0x40}}]}, @common=@inet=@TEE={0x48, 'TEE\x00', 0x0, {@ipv4=@remote, 'team_slave_1\x00'}}}, {{@uncond, 0x0, 0xf8, 0x128, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@icmp6={{0x28}, {0x0, "e1f6"}}]}, @common=@inet=@SET2={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x3b8) r8 = mq_open(&(0x7f0000000080)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|', 0x42, 0x0, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000dc0)={0x0, 0x0, &(0x7f0000000d80)={&(0x7f0000000800)=@bridge_getneigh={0x504, 0x1e, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, 0x0, 0x0, 0x20200}, [@IFLA_GSO_MAX_SIZE={0x8}, @IFLA_WEIGHT={0x8}, @IFLA_VF_PORTS={0x330, 0x18, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@IFLA_PORT_VF={0x8, 0x1, 0xdc6}, @IFLA_PORT_VF={0x8, 0x1, 0x3e4}, @IFLA_PORT_REQUEST={0x5, 0x6, 0xd}]}, {0x58, 0x1, 0x0, 0x1, [@IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "431c2a4cc6c1355857eb99b876ebfa19"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "fa982d7cb868cd6d772fdf18b7d330c2"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "52a5d7b320e97bdb1aff90f4bfa8484f"}, @IFLA_PORT_PROFILE={0xd, 0x2, 'macvlan1\x00'}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x5}]}, {0x28, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0xd, 0x2, 'macvlan1\x00'}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "e52fe97f966698244c3afb38005057ed"}]}, {0x18c, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x9, 0x2, 'l2tp\x00'}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "aad6a6047036b4b6fe6bfd39de095c86"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "f8c75fd36dad209f04373ee9316db543"}, @IFLA_PORT_PROFILE={0x154, 0x2, 'eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf6\xdfk\xbf.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xb8\x93\xc3C\xae\x9dc\xd1T\xdd\x14\xd3\xe1\xbe_$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88\x9e0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc7\x8avs\xb2\a\xfe\xb3j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vq7S\xe4H\xf3L\xa0\x9c\x97B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xf6\x1c\x83\xb1J\xec\x926\xb5a0\xa0B\xae|'}]}, {0x44, 0x1, 0x0, 0x1, [@IFLA_PORT_VF={0x8, 0x1, 0x2}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "da7f1c0f3e0cc4555291b178901dbbb9"}, @IFLA_PORT_VF={0x8, 0x1, 0xdf}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "0ff9e02be4c393be721016d294591b6b"}, @IFLA_PORT_PROFILE={0x8, 0x2, 'wg2\x00'}]}, {0xc, 0x1, 0x0, 0x1, [@IFLA_PORT_PROFILE={0x8, 0x2, 'wg2\x00'}]}, {0x78, 0x1, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5, 0x6, 0x2}, @IFLA_PORT_REQUEST={0x5, 0x6, 0xff}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "b772f7677ce5f2d54c08155238e8ca69"}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "6076cd2d14ac634ab6063ce8b61d7e99"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "d35c20508aa19efb623c25c6574d0445"}, @IFLA_PORT_INSTANCE_UUID={0x14, 0x4, "1926f459336c11468da9fe6682fa7714"}, @IFLA_PORT_PROFILE={0x11, 0x2, 'team_slave_1\x00'}]}, {0x30, 0x1, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5, 0x6, 0x3}, @IFLA_PORT_REQUEST={0x5, 0x6, 0x9}, @IFLA_PORT_VF={0x8, 0x1, 0x1}, @IFLA_PORT_HOST_UUID={0x14, 0x5, "cd6f0a6a63ea3883221279e15189ac64"}]}, {0xc, 0x1, 0x0, 0x1, [@IFLA_PORT_REQUEST={0x5, 0x6, 0x2}]}]}, @IFLA_LINK={0x8}, @IFLA_LINK_NETNSID={0x8}, @IFLA_XDP={0x1c, 0x2b, 0x0, 0x1, [@IFLA_XDP_EXPECTED_FD={0x8}, @IFLA_XDP_EXPECTED_FD={0x8}, @IFLA_XDP_EXPECTED_FD={0x8}]}, @IFLA_VFINFO_LIST={0x178, 0x16, 0x0, 0x1, [{0x80, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x9, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x33}}}, @IFLA_VF_VLAN_LIST={0x54, 0xc, 0x0, 0x1, [{0x14}, {0x14, 0x1, {0x4}}, {0x14}, {0x14, 0x1, {0x0, 0x5e7}}]}]}, {0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc}]}, {0x70, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN={0x10}, @IFLA_VF_VLAN_LIST={0x2c, 0xc, 0x0, 0x1, [{0x14}, {0x14}]}, @IFLA_VF_IB_NODE_GUID={0x14}, @IFLA_VF_SPOOFCHK={0xc, 0x4, {0xffffffff, 0x401}}, @IFLA_VF_VLAN={0x10}]}, {0x38, 0x1, 0x0, 0x1, [@IFLA_VF_TRUST={0xc}, @IFLA_VF_TRUST={0xc, 0x9, {0xbc93}}, @IFLA_VF_TX_RATE={0xc, 0x3, {0x5, 0x5}}, @IFLA_VF_VLAN={0x10}]}, {0x3c, 0x1, 0x0, 0x1, [@IFLA_VF_MAC={0x28, 0x1, {0x0, @link_local}}, @IFLA_VF_RATE={0x10}]}]}]}, 0x504}}, 0x0) mq_timedreceive(r8, &(0x7f0000004600)=""/102381, 0xfffffceb, 0x0, 0x0) pipe(&(0x7f0000000000)) 1.689710078s ago: executing program 2 (id=2837): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000040000000000000000000000000a20000000000a05000000000000000000070000010900010073797a30000000843c000000090a010400000000000000000700000008000a40000000000900020073797a31000000000900010073797a30000000000800054000000025940000000c0a01030000000000000000070000080900020073797a31000000000900010073797a30000000006800038064000080080003400000000258000b802c0001800a0001006c696d69740000001c0002800c00014000000000000000030c0002400000000000000010140001800c000100636f756e746572000400028014"], 0x118}, 0x1, 0x0, 0x0, 0x40040}, 0x0) 1.632392796s ago: executing program 2 (id=2838): syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000795d6c08450c3e616dc4010203010902120001000000000904"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) fcntl$lock(0xffffffffffffffff, 0x24, &(0x7f0000000000)={0x1, 0x1, 0x4, 0x9, 0xffffffffffffffff}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000005c0)={{0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x10}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0xb}, {0x2000, 0x5000, 0xc, 0x0, 0x7, 0x2, 0x0, 0x0, 0x3, 0x0, 0xfe, 0xfc}, {0x3000, 0x8000000, 0x0, 0x8, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x4}, {0x10000, 0x1, 0xd, 0x0, 0x0, 0x4, 0x0, 0x3, 0x0, 0x3c, 0x0, 0xff}, {0x0, 0x3000, 0x0, 0x0, 0x0, 0x3, 0x2}, {0x0, 0x5000, 0xe, 0xfe}, {0xeeee8000, 0x0, 0x0, 0x0, 0x0, 0x8b, 0x0, 0xa, 0x26, 0x4}, {0x80a0000}, {0xdddd1000, 0x8}, 0xddf8ffdb, 0x0, 0x0, 0x2b, 0x0, 0x3800, 0x0, [0x0, 0x0, 0x1]}) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x1, 0x4, &(0x7f0000000000)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000140)={r3, 0xffffffffffffffff, 0x6, 0x0, @void}, 0x10) r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r4, 0xc020f509, &(0x7f0000000080)={0xffffffffffffffff, 0x6, 0x7fffffffffffffff}) syz_open_dev$media(&(0x7f0000000100), 0x8, 0x1) getsockopt$TIPC_CONN_TIMEOUT(r5, 0x10f, 0x82, &(0x7f00000001c0), &(0x7f00000000c0)=0xfffffee4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000b40)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r6, 0x8b0f, &(0x7f0000000040)={'wlan1\x00', @random="0e0000000500"}) 776.520312ms ago: executing program 3 (id=2839): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80, 0xfd}, 'port0\x00', 0x426b, 0xc0002, 0x0, 0x8000008, 0x7, 0x4, 0x1, 0x0, 0x7cce8c743ee810df, 0xb}) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) write$binfmt_aout(r1, 0x0, 0xff2e) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) r2 = syz_open_pts(r1, 0x0) r3 = dup3(r2, r1, 0x0) read$FUSE(r3, 0x0, 0xeffd) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000000c0)={&(0x7f0000000040)="a61a8abb9850f4fbda15963da63331f9cf6d998b0839041880a599ea9a69187fafebbf76df0493c94d729555f7301b95ccfa4d1864951ab54e49", &(0x7f0000000080)=""/57, &(0x7f0000000140)="90bfb84705c1bd343acd0e941460166d288d7b95fcf80d89fece1ee8d251e9b53ef9d8a2d33c6ae2f648b01a8bf71141b15fbd4ba10ac0c31106f0d83025bb7b95c9283edec0d33823783b3215c307def364a05f8f4d6e5c001d112019c39c5f6cd40898126ca7f37782f8e6c010f503658bd8609ea049519680c05ad57c5df093f5db2c417e9eea2ec9f524376764c4b430af647f34d6ebc62b63befe21dc859ba907ff870227f0a52f359ca2643ae909d0b83c640264e4c735971fed1c4e12eb28e684224e", &(0x7f0000000240)="57b5421f26bcb0f376fa9cd21e87bdc32f7fb10b242fb8f52613a77add00bcd20131bc423599f2cbd5106578ba1ab20412dee68c003490a505d018cdc696576f4081ad7ea3e0f06efb2f34ec58dad6a3e67f35e6ad47f3ddf6c137843ffc0873e8c3a45303d22f0f3a6fb8cce6d2c81eacd324a619ffbaf317e7bb50ac6fc19d4745a4f73c144fcaed4021d6b7265b9b0a40ce50dbef80655fd3616bd58874", 0x7, r3, 0x4}, 0x38) 572.699219ms ago: executing program 3 (id=2840): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05000000000000000000210000000800", @ANYRES32=r3, @ANYBLOB="08009e"], 0x24}}, 0x0) 339.88063ms ago: executing program 3 (id=2841): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000600000a20000000000a03400000000000000000010000000900010073797a3000000000400000001c0a07000000000000000000010000000900010073797a3000000000090002"], 0xc0}}, 0x0) 177.363529ms ago: executing program 3 (id=2842): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x3, 0x6) r3 = socket(0x10, 0x3, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r4, 0x29, 0x40, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r2, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=@newqdisc={0x88, 0x24, 0xf0b, 0x20, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x5}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x2, [0x0, 0x0, 0x1], 0x0, [0x4, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xf1ff]}}}}]}, 0x88}}, 0x20000000) sendmsg(r1, 0x0, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x1c0, 0x0) ioctl$VIDIOC_G_EXT_CTRLS(0xffffffffffffffff, 0xc0205649, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x810, 0xffffffffffffffff, 0x0) r6 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x1, 0x0) ioctl$TIOCMSET(r6, 0x5418, 0x0) ioctl$TCSETSF(0xffffffffffffffff, 0x5404, 0x0) ioctl$TCSETSF(r6, 0x5404, &(0x7f00000000c0)={0x3ff, 0x7c3, 0x8001, 0x5, 0x12, "4cb8b210acdc716f64cf76062d59a56f2584c4"}) unshare(0x8040600) r7 = syz_usb_connect(0x0, 0x24, 0x0, 0x0) syz_usb_control_io$hid(r7, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r7, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) 0s ago: executing program 2 (id=2843): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00f5ff1700030000000000400300000000000000000006"], 0x1c}}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189) r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x1, r2, 0x0, 0x61000006, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r3, &(0x7f0000000400)=ANY=[], 0x1df) r4 = socket$alg(0x26, 0x5, 0x0) bind$alg(r4, &(0x7f00000003c0)={0x26, 'rng\x00', 0x0, 0x0, 'ansi_cprng\x00'}, 0x58) setsockopt$ALG_SET_KEY(r4, 0x117, 0x1, &(0x7f00000000c0)="b9da06ce171c2e7cc2a25d589ccd75d0275367048f46e1d1833f0b225d71e6aeeafac6b1195e3a2a07b7e7608b3a26ff", 0x30) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000700)=@newsa={0x144, 0x10, 0x633, 0x0, 0x0, {{@in=@rand_addr=0x64010102, @in6=@remote, 0x0, 0x1, 0x4e22, 0x0, 0x0, 0x0, 0xa0}, {@in6=@private0, 0x0, 0x32}, @in6=@ipv4={'\x00', '\xff\xff', @multicast1}, {0x0, 0x2, 0x2, 0x0, 0x0, 0x0, 0xfffffffffffffffc}, {0x0, 0xfffffffffffffffd, 0x0, 0x3}, {}, 0x70bd2b, 0x0, 0xa, 0x1, 0x3, 0x61}, [@algo_aead={0x4c, 0x12, {{'gcm_base(ctr(aes-aesni),ghash-generic)\x00'}, 0x0, 0x60}}, @tfcpad={0x8, 0x16, 0x2}]}, 0x144}, 0x1, 0x0, 0x0, 0x24040000}, 0x10) r6 = accept4(r4, 0x0, 0x0, 0x80000) recvmsg$can_raw(r6, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000140)=""/103, 0x67}], 0x1}, 0x40010022) write$binfmt_misc(r3, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r3, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) kernel console output (not intermixed with test programs): r -61 [ 605.935880][ T5897] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 605.963302][ T5897] usb 4-1: Using ep0 maxpacket: 16 [ 605.970856][ T5897] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 605.983195][ T5897] usb 4-1: can't read configurations, error -61 [ 606.006745][ T5897] usb usb4-port1: unable to enumerate USB device [ 606.119291][T13357] vxcan1: tx address claim with different name [ 606.547255][T10218] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 606.635891][ T10] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 606.698092][T10218] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 606.707021][T10218] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 606.725855][T10218] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 606.749992][T10218] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 606.781932][T10218] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 606.795604][T10218] usb 3-1: config 0 interface 0 has no altsetting 0 [ 606.802513][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 606.811580][ T10] usb 2-1: config 0 has an invalid interface number: 12 but max is 0 [ 606.820114][ T10] usb 2-1: config 0 has no interface number 0 [ 606.826736][ T10] usb 2-1: config 0 interface 12 has no altsetting 0 [ 606.984915][T10218] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 606.998985][ T10] usb 2-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 607.008164][T10218] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 607.017090][T10218] usb 3-1: Product: syz [ 607.021376][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 607.029699][T10218] usb 3-1: Manufacturer: syz [ 607.036018][ T10] usb 2-1: Product: syz [ 607.040224][T10218] usb 3-1: SerialNumber: syz [ 607.045020][ T10] usb 2-1: Manufacturer: syz [ 607.051185][ T10] usb 2-1: SerialNumber: syz [ 607.058640][T10218] usb 3-1: config 0 descriptor?? [ 607.065431][T13365] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 607.074345][ T10] usb 2-1: config 0 descriptor?? [ 607.088681][T10218] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 607.100465][T10218] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 607.378462][T13365] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 607.388170][T13365] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 607.988449][ T10] f81534 2-1:0.12: f81534_get_register: reg: 1003 failed: -71 [ 607.996574][ T10] f81534 2-1:0.12: f81534_find_config_idx: read failed: -71 [ 608.005923][ T10] f81534 2-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 608.181698][ T10] f81534 2-1:0.12: probe with driver f81534 failed with error -71 [ 608.305951][ T5897] usb 4-1: new full-speed USB device number 10 using dummy_hcd [ 608.386311][ T10] usb 2-1: USB disconnect, device number 4 [ 608.509395][ T5897] usb 4-1: config index 0 descriptor too short (expected 156, got 27) [ 608.525000][ T5897] usb 4-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 608.609644][ T5897] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 608.650931][ T5897] usb 4-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 608.680086][ T5897] usb 4-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 608.700616][ T5897] usb 4-1: config 0 interface 0 has no altsetting 0 [ 608.720149][ T5897] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 608.732918][ T5897] usb 4-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 608.743958][ T5897] usb 4-1: Product: syz [ 608.751428][ T5897] usb 4-1: Manufacturer: syz [ 608.762710][ T5897] usb 4-1: SerialNumber: syz [ 608.785283][ T5897] usb 4-1: config 0 descriptor?? [ 608.785886][T13390] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2323'. [ 608.812611][T13382] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 608.823099][ T5897] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 608.836814][ T5897] ldusb 4-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 609.345528][T13378] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 609.363665][T13378] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 609.496113][ T5897] usb 3-1: USB disconnect, device number 6 [ 609.525485][ T5897] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 609.719189][T13397] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2324'. [ 609.729294][T13397] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2324'. [ 610.153394][T13405] loop6: detected capacity change from 0 to 63 [ 610.505988][ T5897] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 610.541943][T13411] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 610.666345][ T5897] usb 2-1: Using ep0 maxpacket: 8 [ 610.677462][ T5897] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 610.685998][ T5897] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 610.706037][ T5897] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 610.741076][ T5897] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 610.813127][ T5897] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 610.863468][ T5897] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 610.880056][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 610.977712][T13415] FAULT_INJECTION: forcing a failure. [ 610.977712][T13415] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 611.092444][T13415] CPU: 0 UID: 0 PID: 13415 Comm: syz.0.2329 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 611.092476][T13415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 611.092489][T13415] Call Trace: [ 611.092498][T13415] [ 611.092508][T13415] dump_stack_lvl+0x241/0x360 [ 611.092547][T13415] ? __pfx_dump_stack_lvl+0x10/0x10 [ 611.092578][T13415] ? __pfx__printk+0x10/0x10 [ 611.092620][T13415] should_fail_ex+0x424/0x570 [ 611.092648][T13415] _copy_from_user+0x2d/0xb0 [ 611.092681][T13415] restore_altstack+0x9a/0x160 [ 611.092751][T13415] ? __pfx_restore_altstack+0x10/0x10 [ 611.092793][T13415] __do_sys_rt_sigreturn+0x19a/0x290 [ 611.092819][T13415] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 611.092859][T13415] ? do_syscall_64+0xb6/0x230 [ 611.092889][T13415] do_syscall_64+0xf3/0x230 [ 611.092915][T13415] ? clear_bhb_loop+0x45/0xa0 [ 611.092940][T13415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 611.092961][T13415] RIP: 0033:0x7f716e72a359 [ 611.092980][T13415] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 611.092997][T13415] RSP: 002b:00007f716f570a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 611.093020][T13415] RAX: ffffffffffffffda RBX: 00007f716e9b5fa0 RCX: 00007f716e72a359 [ 611.093035][T13415] RDX: 00007f716f570a80 RSI: 00007f716f570bb0 RDI: 0000000000000021 [ 611.093050][T13415] RBP: 00007f716f571090 R08: 0000000000000000 R09: 0000000000000000 [ 611.093063][T13415] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 611.093075][T13415] R13: 0000000000000000 R14: 00007f716e9b5fa0 R15: 00007f716eadfa28 [ 611.093107][T13415] [ 611.264073][ C0] vkms_vblank_simulate: vblank timer overrun [ 611.294326][ T5897] usb 2-1: usb_control_msg returned -32 [ 611.472260][T11030] usb 4-1: USB disconnect, device number 10 [ 611.537579][T11030] ldusb 4-1:0.0: LD USB Device #1 now disconnected [ 611.566279][ T5897] usbtmc 2-1:16.0: can't read capabilities [ 611.572479][T13419] No such timeout policy "syz1" [ 611.643199][T13422] program syz.1.2327 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 611.706281][T13422] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 611.706610][T13422] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 612.019180][T13424] vlan2: entered promiscuous mode [ 612.486415][T13442] loop6: detected capacity change from 0 to 63 [ 612.869257][T13451] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 613.064892][T13453] netlink: 64 bytes leftover after parsing attributes in process `syz.2.2342'. [ 613.175099][ T10] usb 2-1: USB disconnect, device number 5 [ 613.304641][T13455] netlink: 128 bytes leftover after parsing attributes in process `syz.1.2344'. [ 613.331470][T13455] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2344'. [ 614.897346][T13474] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2347'. [ 615.145961][ T10] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 615.316612][ T10] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 615.325258][ T10] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 615.358614][T13479] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2348'. [ 615.388360][ T10] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 615.409026][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 615.443562][ T10] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 615.466330][ T10] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 615.477962][ T10] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 615.489587][ T10] usb 3-1: Product: syz [ 615.497436][ T10] usb 3-1: Manufacturer: syz [ 615.518634][ T10] cdc_wdm 3-1:1.0: skipping garbage [ 615.529495][ T10] cdc_wdm 3-1:1.0: skipping garbage [ 615.530594][T13482] vlan2: entered promiscuous mode [ 615.580851][ T10] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 615.605810][ T10] cdc_wdm 3-1:1.0: Unknown control protocol [ 615.645979][T11030] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 615.805911][T11030] usb 4-1: Using ep0 maxpacket: 16 [ 615.849201][T11030] usb 4-1: unable to get BOS descriptor or descriptor too short [ 615.878103][T11030] usb 4-1: config 1 interface 0 has no altsetting 0 [ 615.902453][T11030] usb 4-1: New USB device found, idVendor=04f3, idProduct=274d, bcdDevice= 0.40 [ 615.928521][T11030] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.941354][T11030] usb 4-1: Product: syz [ 615.946157][T11030] usb 4-1: Manufacturer: syz [ 615.951578][T11030] usb 4-1: SerialNumber: syz [ 616.020197][T13490] loop6: detected capacity change from 0 to 63 [ 616.072522][T13492] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2353'. [ 616.207266][T13494] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2353'. [ 616.315219][T11030] usbhid 4-1:1.0: can't add hid device: -71 [ 616.352407][T11030] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 616.378391][T11030] usb 4-1: USB disconnect, device number 11 [ 616.818447][T13504] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 617.185851][ T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 617.335829][ T10] usb 4-1: Using ep0 maxpacket: 8 [ 617.344599][ T10] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 617.353924][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 617.362191][ T10] usb 4-1: Product: syz [ 617.366584][ T10] usb 4-1: Manufacturer: syz [ 617.371233][ T10] usb 4-1: SerialNumber: syz [ 617.378907][ T10] usb 4-1: config 0 descriptor?? [ 617.387561][ T10] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 617.546539][ T5947] usb 3-1: USB disconnect, device number 7 [ 617.621538][ T10] gspca_sonixj: reg_w1 err -71 [ 617.648009][ T10] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 617.699301][ T10] usb 4-1: USB disconnect, device number 12 [ 618.088312][ T5947] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 618.218500][T13525] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2365'. [ 618.237674][T13525] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2365'. [ 618.299565][ T5947] usb 3-1: config 0 has no interfaces? [ 618.312761][ T5947] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 618.322006][ T5947] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 618.342376][ T5947] usb 3-1: Product: syz [ 618.362644][ T5947] usb 3-1: Manufacturer: syz [ 618.371277][ T5947] usb 3-1: SerialNumber: syz [ 618.425544][ T5947] usb 3-1: config 0 descriptor?? [ 618.440483][T13532] sock: sock_set_timeout: `syz.4.2366' (pid 13532) tries to set negative timeout [ 618.457826][T13529] loop6: detected capacity change from 0 to 63 [ 618.486373][T13532] IPVS: stopping backup sync thread 13534 ... [ 618.493196][T13534] IPVS: sync thread started: state = BACKUP, mcast_ifn = wlan0, syncid = 1, id = 0 [ 619.267899][ T5947] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 619.427607][ T5947] usb 2-1: config 0 has an invalid descriptor of length 97, skipping remainder of the config [ 619.438979][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 619.448805][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 97, changing to 7 [ 619.459969][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 24929, setting to 1024 [ 619.473127][ T5947] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 619.606495][ T5947] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 619.624591][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 619.651651][ T5947] usb 2-1: config 0 descriptor?? [ 619.788683][T13548] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 619.896822][T13540] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 619.908215][T13540] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 620.004509][T13551] FAULT_INJECTION: forcing a failure. [ 620.004509][T13551] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 620.022469][T13540] xt_l2tp: v2 doesn't support IP mode [ 620.029661][T13551] CPU: 0 UID: 0 PID: 13551 Comm: syz.0.2371 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 620.029690][T13551] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 620.029704][T13551] Call Trace: [ 620.029713][T13551] [ 620.029722][T13551] dump_stack_lvl+0x241/0x360 [ 620.029760][T13551] ? __pfx_dump_stack_lvl+0x10/0x10 [ 620.029791][T13551] ? __pfx__printk+0x10/0x10 [ 620.029832][T13551] should_fail_ex+0x424/0x570 [ 620.029860][T13551] _copy_to_user+0x31/0xb0 [ 620.029893][T13551] __se_sys_shmctl+0x301/0x3d0 [ 620.029927][T13551] ? __pfx___se_sys_shmctl+0x10/0x10 [ 620.029968][T13551] ? __fget_files+0x2a/0x420 [ 620.029995][T13551] ? fput+0x9b/0xd0 [ 620.030014][T13551] ? ksys_write+0x275/0x2d0 [ 620.030051][T13551] ? do_syscall_64+0xb6/0x230 [ 620.030081][T13551] do_syscall_64+0xf3/0x230 [ 620.030108][T13551] ? clear_bhb_loop+0x45/0xa0 [ 620.030143][T13551] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 620.030165][T13551] RIP: 0033:0x7f716e78e169 [ 620.030183][T13551] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 620.030201][T13551] RSP: 002b:00007f716f571038 EFLAGS: 00000246 ORIG_RAX: 000000000000001f [ 620.030222][T13551] RAX: ffffffffffffffda RBX: 00007f716e9b5fa0 RCX: 00007f716e78e169 [ 620.030238][T13551] RDX: 0000200000004440 RSI: 000000000000000e RDI: 0000000000000000 [ 620.030252][T13551] RBP: 00007f716f571090 R08: 0000000000000000 R09: 0000000000000000 [ 620.030265][T13551] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 620.030281][T13551] R13: 0000000000000001 R14: 00007f716e9b5fa0 R15: 00007f716eadfa28 [ 620.030312][T13551] [ 620.205612][ C0] vkms_vblank_simulate: vblank timer overrun [ 621.193322][ T5842] Bluetooth: hci2: unexpected event for opcode 0x200a [ 621.312110][T13569] loop6: detected capacity change from 0 to 63 [ 621.361281][ T5947] usb 3-1: USB disconnect, device number 8 [ 621.513326][T13572] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2379'. [ 621.522714][T13572] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2379'. [ 622.013977][T11030] usb 2-1: USB disconnect, device number 6 [ 622.313990][T13592] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 623.083373][T13605] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2390'. [ 623.106196][ T5947] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 623.225939][T13605] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2390'. [ 623.380178][ T5947] usb 4-1: config 0 has no interfaces? [ 623.562982][T13613] fuse: Unknown parameter 'user_i00000000000000000000' [ 623.825897][ T10] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 623.886862][ T5947] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 623.909465][ T5947] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 623.928005][T13615] netlink: 'syz.2.2393': attribute type 9 has an invalid length. [ 623.966735][T13615] netlink: 'syz.2.2393': attribute type 6 has an invalid length. [ 623.995877][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 624.010545][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 624.030151][ T10] usb 2-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54 [ 624.111267][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 624.128764][ T5947] usb 4-1: Product: syz [ 624.199543][ T5947] usb 4-1: Manufacturer: syz [ 624.204279][ T5947] usb 4-1: SerialNumber: syz [ 624.235614][ T10] usb 2-1: Product: syz [ 624.320645][ T10] usb 2-1: Manufacturer: syz [ 624.384466][ T5947] usb 4-1: config 0 descriptor?? [ 624.431923][ T10] usb 2-1: SerialNumber: syz [ 624.517026][ T10] usb 2-1: config 0 descriptor?? [ 624.667157][ T10] cdc_phonet 2-1:0.0: skipping garbage [ 624.699197][ T10] cdc_phonet 2-1:0.0: probe with driver cdc_phonet failed with error -22 [ 624.969509][ T5897] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 625.166807][ T5897] usb 3-1: Using ep0 maxpacket: 16 [ 625.182012][ T5897] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 625.242405][ T5897] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 625.285823][ T5897] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 625.317129][T13635] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 625.332601][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 625.359532][ T5897] usb 3-1: Product: syz [ 625.371266][ T5897] usb 3-1: Manufacturer: syz [ 625.385137][ T5897] usb 3-1: SerialNumber: syz [ 625.615493][T13636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 625.629057][T13636] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 625.683447][ T5897] usb 3-1: cannot find UAC_HEADER [ 625.751893][T13640] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2401'. [ 625.771847][T13640] hsr0: entered promiscuous mode [ 625.781001][T13640] vlan2: entered promiscuous mode [ 625.786769][ T5897] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 625.866228][ T10] usb 4-1: USB disconnect, device number 13 [ 625.907027][ T5897] usb 3-1: USB disconnect, device number 9 [ 625.939831][ T6065] udevd[6065]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 626.090050][T13642] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2402'. [ 626.105109][T13642] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2402'. [ 626.460738][ T10] usb 2-1: USB disconnect, device number 7 [ 627.285440][T13680] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2416'. [ 627.419846][ T5897] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 627.435123][ T5897] hid-generic 0000:0000:0000.000D: hidraw0: HID v0.00 Device [syz0] on syz0 [ 627.721868][ T5947] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 627.910461][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 627.953558][T13698] FAULT_INJECTION: forcing a failure. [ 627.953558][T13698] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 627.960487][ T5947] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 628.008607][T13698] CPU: 1 UID: 0 PID: 13698 Comm: syz.0.2422 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 628.008635][T13698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 628.008648][T13698] Call Trace: [ 628.008656][T13698] [ 628.008665][T13698] dump_stack_lvl+0x241/0x360 [ 628.008700][T13698] ? __pfx_dump_stack_lvl+0x10/0x10 [ 628.008730][T13698] ? __pfx__printk+0x10/0x10 [ 628.008768][T13698] should_fail_ex+0x424/0x570 [ 628.008794][T13698] prepare_alloc_pages+0x220/0x610 [ 628.008824][T13698] __alloc_frozen_pages_noprof+0x162/0x5b0 [ 628.008851][T13698] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 628.008888][T13698] ? __lock_acquire+0xad5/0xd80 [ 628.008912][T13698] alloc_pages_mpol+0x339/0x690 [ 628.008938][T13698] ? __lock_acquire+0xad5/0xd80 [ 628.008963][T13698] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 628.009001][T13698] alloc_pages_noprof+0x121/0x190 [ 628.009031][T13698] __pud_alloc+0x95/0x2b0 [ 628.009061][T13698] ? __pfx___pud_alloc+0x10/0x10 [ 628.009101][T13698] handle_mm_fault+0x193c/0x1bf0 [ 628.009143][T13698] ? mt_find+0x28a/0x8f0 [ 628.009197][T13698] ? __pfx_handle_mm_fault+0x10/0x10 [ 628.009250][T13698] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 628.009280][T13698] exc_page_fault+0x2bb/0x920 [ 628.009312][T13698] asm_exc_page_fault+0x26/0x30 [ 628.009331][T13698] RIP: 0010:rep_movs_alternative+0x33/0x90 [ 628.009351][T13698] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb [ 628.009367][T13698] RSP: 0018:ffffc90003cafcc8 EFLAGS: 00050216 [ 628.009386][T13698] RAX: 000000000000000c RBX: 0000200000004470 RCX: 0000000000000030 [ 628.009417][T13698] RDX: 0000000000000000 RSI: ffffc90003cafe40 RDI: 0000200000004440 [ 628.009432][T13698] RBP: ffffc90003caff00 R08: ffffc90003cafe6f R09: 1ffff92000795fcd [ 628.009448][T13698] R10: dffffc0000000000 R11: fffff52000795fce R12: 0000000000000030 [ 628.009463][T13698] R13: 00007ffffffff000 R14: ffffc90003cafe40 R15: 0000200000004440 [ 628.009498][T13698] _copy_to_user+0x8b/0xb0 [ 628.009531][T13698] __se_sys_shmctl+0x301/0x3d0 [ 628.009565][T13698] ? __pfx___se_sys_shmctl+0x10/0x10 [ 628.009617][T13698] ? __fget_files+0x2a/0x420 [ 628.009641][T13698] ? fput+0x9b/0xd0 [ 628.009677][T13698] ? ksys_write+0x275/0x2d0 [ 628.009714][T13698] ? do_syscall_64+0xb6/0x230 [ 628.009743][T13698] do_syscall_64+0xf3/0x230 [ 628.009770][T13698] ? clear_bhb_loop+0x45/0xa0 [ 628.009795][T13698] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 628.009816][T13698] RIP: 0033:0x7f716e78e169 [ 628.009833][T13698] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 628.009850][T13698] RSP: 002b:00007f716f571038 EFLAGS: 00000246 ORIG_RAX: 000000000000001f [ 628.009871][T13698] RAX: ffffffffffffffda RBX: 00007f716e9b5fa0 RCX: 00007f716e78e169 [ 628.009886][T13698] RDX: 0000200000004440 RSI: 000000000000000e RDI: 0000000000000000 [ 628.009899][T13698] RBP: 00007f716f571090 R08: 0000000000000000 R09: 0000000000000000 [ 628.009912][T13698] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 628.009925][T13698] R13: 0000000000000001 R14: 00007f716e9b5fa0 R15: 00007f716eadfa28 [ 628.009957][T13698] [ 628.337384][ C1] vkms_vblank_simulate: vblank timer overrun [ 628.353230][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 628.376988][ T5947] usb 2-1: config 0 descriptor?? [ 628.573202][T13706] program syz.0.2426 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 628.696985][T13686] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 628.732729][T13686] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 628.794251][T13686] trusted_key: encrypted_key: master key parameter '°ƒŠ-Kw-' is invalid [ 629.061937][T13686] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 629.078331][T13686] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 629.307933][ T5897] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 629.477460][ T5897] usb 4-1: config 0 has an invalid descriptor of length 97, skipping remainder of the config [ 629.498440][ T5897] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 629.509854][ T5897] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 97, changing to 7 [ 629.524140][ T5897] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 24929, setting to 1024 [ 629.538053][ T5897] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 629.551462][ T5897] usb 4-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 629.560910][ T5897] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 629.572315][ T5897] usb 4-1: config 0 descriptor?? [ 629.779766][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.792633][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.802541][T13715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 629.826488][T13715] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 629.859589][T13715] xt_l2tp: v2 doesn't support IP mode [ 630.331863][ T5947] usbhid 2-1:0.0: can't add hid device: -71 [ 630.358513][ T5947] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 630.392059][ T5947] usb 2-1: USB disconnect, device number 8 [ 631.487613][T13733] loop6: detected capacity change from 0 to 63 [ 631.653023][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x80700 phys_seg 1 prio class 0 [ 631.720359][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 631.729577][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 631.745896][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 631.755105][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 631.763750][ C0] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 631.773015][ C0] Buffer I/O error on dev loop6, logical block 0, async page read [ 631.781249][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 631.790425][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 631.807123][ C1] I/O error, dev loop6, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 631.816378][ C1] Buffer I/O error on dev loop6, logical block 0, async page read [ 631.971672][ T5947] usb 4-1: USB disconnect, device number 14 [ 632.255453][T13754] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2440'. [ 632.346022][ T5947] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 632.495828][ T5947] usb 4-1: Using ep0 maxpacket: 8 [ 632.539442][ T5947] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 632.581280][ T5947] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 632.601803][ T5947] usb 4-1: Product: syz [ 632.611848][ T5947] usb 4-1: Manufacturer: syz [ 632.624560][ T5947] usb 4-1: SerialNumber: syz [ 632.645879][ T5947] usb 4-1: config 0 descriptor?? [ 632.689120][ T5947] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 632.726328][T13765] could not allocate digest TFM handle sm3-ce [ 632.867922][T13772] loop6: detected capacity change from 0 to 63 [ 632.935975][ T5947] gspca_sonixj: reg_w1 err -71 [ 632.945953][ T5947] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 632.970533][ T5947] usb 4-1: USB disconnect, device number 15 [ 633.624545][T13781] tipc: Enabling of bearer rejected, failed to enable media [ 634.232834][T13792] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2453'. [ 634.845623][T13812] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2460'. [ 634.856316][ T5897] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 634.864837][T13812] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2460'. [ 635.016273][ T5897] usb 3-1: Using ep0 maxpacket: 8 [ 635.029477][ T5897] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 635.043931][T13814] netlink: 'syz.3.2461': attribute type 10 has an invalid length. [ 635.064120][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 635.089392][ T5897] usb 3-1: Product: syz [ 635.102576][ T5897] usb 3-1: Manufacturer: syz [ 635.116497][T13814] mac80211_hwsim hwsim10 wlan1: entered promiscuous mode [ 635.123668][ T5897] usb 3-1: SerialNumber: syz [ 635.133654][T13814] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 635.134788][ T5897] usb 3-1: config 0 descriptor?? [ 635.195375][ T5897] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 635.393494][ T5897] gspca_sonixj: reg_w1 err -71 [ 635.411961][ T5897] sonixj 3-1:0.0: probe with driver sonixj failed with error -71 [ 635.445387][ T5897] usb 3-1: USB disconnect, device number 10 [ 635.535018][T13822] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2463'. [ 635.936608][T13842] FAULT_INJECTION: forcing a failure. [ 635.936608][T13842] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 635.961370][T13842] CPU: 0 UID: 0 PID: 13842 Comm: syz.0.2472 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 635.961398][T13842] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 635.961412][T13842] Call Trace: [ 635.961420][T13842] [ 635.961429][T13842] dump_stack_lvl+0x241/0x360 [ 635.961466][T13842] ? __pfx_dump_stack_lvl+0x10/0x10 [ 635.961494][T13842] ? __pfx__printk+0x10/0x10 [ 635.961532][T13842] should_fail_ex+0x424/0x570 [ 635.961558][T13842] prepare_alloc_pages+0x220/0x610 [ 635.961596][T13842] __alloc_frozen_pages_noprof+0x162/0x5b0 [ 635.961622][T13842] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 635.961643][T13842] ? __mod_memcg_lruvec_state+0x301/0x4f0 [ 635.961693][T13842] alloc_pages_mpol+0x339/0x690 [ 635.961726][T13842] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 635.961758][T13842] ? do_raw_spin_unlock+0x13c/0x8b0 [ 635.961789][T13842] alloc_pages_noprof+0x121/0x190 [ 635.961819][T13842] __pmd_alloc+0x9d/0x440 [ 635.961850][T13842] ? __pfx___pmd_alloc+0x10/0x10 [ 635.961888][T13842] handle_mm_fault+0xf7a/0x1bf0 [ 635.961914][T13842] ? mt_find+0x28a/0x8f0 [ 635.961965][T13842] ? __pfx_handle_mm_fault+0x10/0x10 [ 635.962017][T13842] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 635.962047][T13842] exc_page_fault+0x2bb/0x920 [ 635.962079][T13842] asm_exc_page_fault+0x26/0x30 [ 635.962098][T13842] RIP: 0010:rep_movs_alternative+0x33/0x90 [ 635.962117][T13842] Code: 73 25 85 c9 74 0f 8a 06 88 07 48 ff c7 48 ff c6 48 ff c9 75 f1 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 <48> 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb [ 635.962133][T13842] RSP: 0018:ffffc90003057cc8 EFLAGS: 00050216 [ 635.962151][T13842] RAX: 000000000000000c RBX: 0000200000004470 RCX: 0000000000000030 [ 635.962164][T13842] RDX: 0000000000000000 RSI: ffffc90003057e40 RDI: 0000200000004440 [ 635.962177][T13842] RBP: ffffc90003057f00 R08: ffffc90003057e6f R09: 1ffff9200060afcd [ 635.962191][T13842] R10: dffffc0000000000 R11: fffff5200060afce R12: 0000000000000030 [ 635.962204][T13842] R13: 00007ffffffff000 R14: ffffc90003057e40 R15: 0000200000004440 [ 635.962237][T13842] _copy_to_user+0x8b/0xb0 [ 635.962267][T13842] __se_sys_shmctl+0x301/0x3d0 [ 635.962298][T13842] ? __pfx___se_sys_shmctl+0x10/0x10 [ 635.962333][T13842] ? __fget_files+0x2a/0x420 [ 635.962359][T13842] ? fput+0x9b/0xd0 [ 635.962376][T13842] ? ksys_write+0x275/0x2d0 [ 635.962410][T13842] ? do_syscall_64+0xb6/0x230 [ 635.962438][T13842] do_syscall_64+0xf3/0x230 [ 635.962462][T13842] ? clear_bhb_loop+0x45/0xa0 [ 635.962485][T13842] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 635.962504][T13842] RIP: 0033:0x7f716e78e169 [ 635.962520][T13842] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 635.962536][T13842] RSP: 002b:00007f716f571038 EFLAGS: 00000246 ORIG_RAX: 000000000000001f [ 635.962555][T13842] RAX: ffffffffffffffda RBX: 00007f716e9b5fa0 RCX: 00007f716e78e169 [ 635.962569][T13842] RDX: 0000200000004440 RSI: 000000000000000e RDI: 0000000000000000 [ 635.962586][T13842] RBP: 00007f716f571090 R08: 0000000000000000 R09: 0000000000000000 [ 635.962599][T13842] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 635.962611][T13842] R13: 0000000000000001 R14: 00007f716e9b5fa0 R15: 00007f716eadfa28 [ 635.962641][T13842] [ 636.355819][ T5897] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 636.357107][T13849] netlink: 48 bytes leftover after parsing attributes in process `syz.2.2474'. [ 636.372647][T13849] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2474'. [ 636.400355][T13838] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 636.539955][ T5897] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10 [ 636.546438][T13856] netlink: 64 bytes leftover after parsing attributes in process `syz.1.2478'. [ 636.663505][ T5897] usb 4-1: New USB device found, idVendor=056e, idProduct=00e6, bcdDevice= 0.00 [ 636.680861][ T5897] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.696703][ T5897] usb 4-1: config 0 descriptor?? [ 636.825644][T13860] fuse: Unknown parameter 'group_i00000000000000000000' [ 637.296299][ T5947] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 637.641758][ T5947] usb 2-1: config 0 has no interfaces? [ 637.658606][ T5947] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 637.670343][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 637.697628][ T5947] usb 2-1: Product: syz [ 637.768200][ T5947] usb 2-1: Manufacturer: syz [ 637.874827][ T5947] usb 2-1: SerialNumber: syz [ 637.883736][T13876] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2481'. [ 637.903978][ T5947] usb 2-1: config 0 descriptor?? [ 637.982982][ T5897] elecom 0003:056E:00E6.000E: hidraw0: USB HID v0.00 Device [HID 056e:00e6] on usb-dummy_hcd.3-1/input0 [ 638.078644][T13878] xt_SECMARK: invalid mode: 0 [ 638.115639][T13881] FAULT_INJECTION: forcing a failure. [ 638.115639][T13881] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 638.167277][T13881] CPU: 1 UID: 0 PID: 13881 Comm: syz.4.2483 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 638.167304][T13881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 638.167316][T13881] Call Trace: [ 638.167323][T13881] [ 638.167331][T13881] dump_stack_lvl+0x241/0x360 [ 638.167364][T13881] ? __pfx_dump_stack_lvl+0x10/0x10 [ 638.167389][T13881] ? __pfx__printk+0x10/0x10 [ 638.167415][T13881] should_fail_ex+0x424/0x570 [ 638.167432][T13881] copy_fpstate_to_sigframe+0xae4/0xdc0 [ 638.167454][T13881] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 638.167472][T13881] ? do_raw_spin_lock+0x151/0x370 [ 638.167495][T13881] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 638.167513][T13881] ? do_raw_spin_unlock+0x13c/0x8b0 [ 638.167533][T13881] ? fpu__alloc_mathframe+0xab/0x130 [ 638.167548][T13881] get_sigframe+0x5de/0x810 [ 638.167573][T13881] ? __pfx_get_sigframe+0x10/0x10 [ 638.167600][T13881] x64_setup_rt_frame+0x17d/0xda0 [ 638.167622][T13881] ? get_signal+0x1442/0x1730 [ 638.167644][T13881] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 638.167670][T13881] arch_do_signal_or_restart+0x428/0x840 [ 638.167692][T13881] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 638.167721][T13881] ? syscall_exit_to_user_mode+0xa3/0x340 [ 638.167740][T13881] syscall_exit_to_user_mode+0xce/0x340 [ 638.167758][T13881] do_syscall_64+0x100/0x230 [ 638.167774][T13881] ? clear_bhb_loop+0x45/0xa0 [ 638.167790][T13881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 638.167803][T13881] RIP: 0033:0x7f39e398e167 [ 638.167814][T13881] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 638.167825][T13881] RSP: 002b:00007f39e473a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 638.167839][T13881] RAX: 0000000000000000 RBX: 00007f39e3bb5fa0 RCX: 00007f39e398e169 [ 638.167848][T13881] RDX: 0000000000002020 RSI: 0000200000001f40 RDI: 0000000000000003 [ 638.167856][T13881] RBP: 00007f39e473a090 R08: 0000000000000000 R09: 0000000000000000 [ 638.167865][T13881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 638.167872][T13881] R13: 0000000000000000 R14: 00007f39e3bb5fa0 R15: 00007f39e3cdfa28 [ 638.167891][T13881] [ 638.755930][T11030] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 638.905989][T11030] usb 3-1: Using ep0 maxpacket: 16 [ 638.913522][T11030] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 638.924245][T11030] usb 3-1: can't read configurations, error -61 [ 639.055963][T11030] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 639.156378][T13895] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 639.205806][T11030] usb 3-1: Using ep0 maxpacket: 16 [ 639.216749][T11030] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 639.239296][T11030] usb 3-1: can't read configurations, error -61 [ 639.249406][T11030] usb usb3-port1: attempt power cycle [ 639.615879][T11030] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 639.663400][ T5897] usb 4-1: USB disconnect, device number 16 [ 639.719889][T11030] usb 3-1: Using ep0 maxpacket: 16 [ 639.729731][T11030] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 639.738615][T11030] usb 3-1: can't read configurations, error -61 [ 639.865981][T11030] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 639.906437][T11030] usb 3-1: Using ep0 maxpacket: 16 [ 639.914024][T11030] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 639.925508][T11030] usb 3-1: can't read configurations, error -61 [ 639.932501][T11030] usb usb3-port1: unable to enumerate USB device [ 640.116416][T13907] netlink: 'syz.3.2491': attribute type 7 has an invalid length. [ 640.222044][T13907] : entered promiscuous mode [ 640.342561][T13907] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2491'. [ 640.348441][T13908] fuse: Unknown parameter 'group_i00000000000000000000' [ 640.367763][ T5947] usb 2-1: USB disconnect, device number 9 [ 640.411684][T13907] ksmbd: Daemon and kernel module version mismatch. ksmbd: 0, kernel module: 1. User-space ksmbd should terminate. [ 640.494634][T13916] netlink: 'syz.1.2494': attribute type 9 has an invalid length. [ 640.504316][T13916] netlink: 'syz.1.2494': attribute type 6 has an invalid length. [ 640.555245][T13918] tipc: Enabling of bearer rejected, already enabled [ 640.936017][T11030] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 641.097642][T11030] usb 2-1: config 0 has an invalid descriptor of length 97, skipping remainder of the config [ 641.108165][T11030] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 641.117958][T11030] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 97, changing to 7 [ 641.129028][T11030] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 24929, setting to 1024 [ 641.140344][T11030] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 641.153332][T11030] usb 2-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 641.162634][ T47] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 641.170249][T11030] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 641.181280][T11030] usb 2-1: config 0 descriptor?? [ 641.307096][ T47] usb 4-1: device descriptor read/64, error -71 [ 641.392607][T13921] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 641.401311][T13921] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 641.422596][T13921] xt_l2tp: v2 doesn't support IP mode [ 641.550391][ T47] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 641.785936][ T47] usb 4-1: device descriptor read/64, error -71 [ 641.896632][ T47] usb usb4-port1: attempt power cycle [ 641.943993][T13937] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2501'. [ 641.955899][ T5947] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 641.975234][T13937] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2501'. [ 642.125839][ T5947] usb 3-1: Using ep0 maxpacket: 16 [ 642.133143][ T5947] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 642.163912][ T5947] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 642.177723][ T5947] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 642.189082][ T5947] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 32 [ 642.251279][ T5947] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 642.268200][ T47] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 642.322217][ T47] usb 4-1: device descriptor read/8, error -71 [ 642.359861][ T5947] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 642.371214][ T5947] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 642.392914][ T5947] usb 3-1: SerialNumber: syz [ 642.420717][T13932] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 642.438070][ T5947] cdc_acm 3-1:1.0: Control and data interfaces are not separated! [ 642.518682][ T5947] cdc_acm 3-1:1.0: probe with driver cdc_acm failed with error -12 [ 642.581903][ T47] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 642.608842][ T47] usb 4-1: device descriptor read/8, error -71 [ 642.641349][T11030] usb 3-1: USB disconnect, device number 15 [ 642.716095][ T47] usb usb4-port1: unable to enumerate USB device [ 642.734366][T13946] futex_wake_op: syz.0.2503 tries to shift op by -33; fix this program [ 642.750552][T13946] netdevsim netdevsim0: Direct firmware load for . [ 642.750552][T13946] failed with error -2 [ 642.761263][T13946] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 642.761263][T13946] [ 643.652217][ T5947] usb 2-1: USB disconnect, device number 10 [ 643.971340][T13958] fuse: Unknown parameter 'group_i00000000000000000000' [ 644.076358][ T5947] usb 2-1: new full-speed USB device number 11 using dummy_hcd [ 644.230714][ T5947] usb 2-1: New USB device found, idVendor=14f7, idProduct=0500, bcdDevice=44.85 [ 644.239991][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.248707][ T5947] usb 2-1: Product: syz [ 644.253177][ T5947] usb 2-1: Manufacturer: syz [ 644.258012][ T5947] usb 2-1: SerialNumber: syz [ 644.265530][ T5947] usb 2-1: config 0 descriptor?? [ 644.274487][ T5947] usb 2-1: selecting invalid altsetting 1 [ 644.280697][ T5947] technisat-usb2: could not set alternate setting to 0 [ 644.335967][T11030] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 644.485112][ T5947] technisat-usb2: firmware version: 0.0 [ 644.491029][ T5947] dvb-usb: found a 'Technisat SkyStar USB HD (DVB-S/S2)' in warm state. [ 644.495866][T11030] usb 4-1: Using ep0 maxpacket: 8 [ 644.510953][T11030] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 644.525238][T11030] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 644.533980][T11030] usb 4-1: Product: syz [ 644.539108][T11030] usb 4-1: Manufacturer: syz [ 644.543768][T11030] usb 4-1: SerialNumber: syz [ 644.551893][T11030] usb 4-1: config 0 descriptor?? [ 644.560940][T11030] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 644.767588][T11030] gspca_sonixj: reg_w1 err -71 [ 644.778871][ T5947] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 644.780272][T11030] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 644.821251][ T5947] dvb-usb: Technisat SkyStar USB HD (DVB-S/S2) error while loading driver (-19) [ 644.832828][T11030] usb 4-1: USB disconnect, device number 21 [ 644.858451][ T5947] usb 2-1: USB disconnect, device number 11 [ 644.898486][T13969] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2512'. [ 644.969771][T13975] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 644.969771][T13975] The task syz.4.2513 (13975) triggered the difference, watch for misbehavior. [ 645.831385][T13997] fuse: Unknown parameter 'group_id00000000000000000000' [ 645.880123][T14007] netlink: 'syz.0.2525': attribute type 9 has an invalid length. [ 645.888188][T14007] netlink: 'syz.0.2525': attribute type 6 has an invalid length. [ 645.935492][ T5947] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 645.955598][T14009] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2526'. [ 645.972016][T14012] futex_wake_op: syz.1.2518 tries to shift op by -33; fix this program [ 645.985823][T14012] netdevsim netdevsim1: Direct firmware load for . [ 645.985823][T14012] failed with error -2 [ 645.996728][T14012] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 645.996728][T14012] [ 646.117230][ T5947] usb 4-1: Using ep0 maxpacket: 16 [ 646.134723][ T5947] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 646.148254][ T5947] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 646.169658][ T5947] usb 4-1: New USB device found, idVendor=0e20, idProduct=0101, bcdDevice=7a.5a [ 646.181789][ T5947] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 646.211099][ T5947] usb 4-1: Product: syz [ 646.223096][T14016] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2528'. [ 646.239534][ T5947] usb 4-1: Manufacturer: syz [ 646.253362][ T5947] usb 4-1: SerialNumber: syz [ 646.282210][ T5947] usb 4-1: config 0 descriptor?? [ 646.548021][ T5947] pegasus_notetaker 4-1:0.0: probe with driver pegasus_notetaker failed with error -22 [ 646.681789][ T5947] usb 4-1: USB disconnect, device number 22 [ 647.005864][ T5947] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 647.192641][ T5947] usb 4-1: Using ep0 maxpacket: 8 [ 647.201577][ T5947] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 647.213350][ T5947] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 647.229605][ T5947] usb 4-1: Product: syz [ 647.233795][ T5947] usb 4-1: Manufacturer: syz [ 647.244375][ T5947] usb 4-1: SerialNumber: syz [ 647.254827][T14031] tipc: Enabling of bearer rejected, already enabled [ 647.266373][ T5947] usb 4-1: config 0 descriptor?? [ 647.278791][ T5947] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 647.372329][T14032] futex_wake_op: syz.2.2531 tries to shift op by -33; fix this program [ 647.389841][T14032] netdevsim netdevsim2: Direct firmware load for . [ 647.389841][T14032] failed with error -2 [ 647.400731][T14032] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 647.400731][T14032] [ 647.509092][ T5947] gspca_sonixj: reg_w1 err -71 [ 647.514861][ T5947] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 647.536284][ T5947] usb 4-1: USB disconnect, device number 23 [ 647.666407][T11030] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 647.835817][T11030] usb 2-1: device descriptor read/64, error -71 [ 648.089568][T11030] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 648.255924][T11030] usb 2-1: device descriptor read/64, error -71 [ 648.405621][T11030] usb usb2-port1: attempt power cycle [ 648.517416][T14043] macvlan4: left allmulticast mode [ 648.576037][T14043] mac80211_hwsim hwsim6 wlan0: left allmulticast mode [ 648.587687][T14043] geneve2: left allmulticast mode [ 648.786857][T11030] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 648.816929][T11030] usb 2-1: device descriptor read/8, error -71 [ 649.093300][T14049] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2539'. [ 649.111402][T11030] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 649.158763][T11030] usb 2-1: device descriptor read/8, error -71 [ 649.276731][T11030] usb usb2-port1: unable to enumerate USB device [ 649.429280][T14053] fuse: Unknown parameter 'group_id00000000000000000000' [ 649.627780][T14059] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2543'. [ 649.681037][T14059] vlan0: entered promiscuous mode [ 649.744655][T14061] netlink: 128 bytes leftover after parsing attributes in process `syz.4.2544'. [ 649.764688][T14061] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2544'. [ 649.966826][T14073] futex_wake_op: syz.0.2542 tries to shift op by -33; fix this program [ 649.994074][T14073] netdevsim netdevsim0: Direct firmware load for . [ 649.994074][T14073] failed with error -2 [ 650.005446][T14073] netdevsim netdevsim0: Falling back to sysfs fallback for: . [ 650.005446][T14073] [ 650.145849][T11030] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 650.273740][ T5929] usb 1-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 650.309279][ T5929] dvb_usb_az6007 1-1:0.0: probe with driver dvb_usb_az6007 failed with error -110 [ 650.324839][T11030] usb 3-1: config 0 has an invalid descriptor of length 97, skipping remainder of the config [ 650.335182][T11030] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 650.348996][T11030] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 97, changing to 7 [ 650.370445][ T5929] usb 1-1: USB disconnect, device number 106 [ 650.393490][T11030] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 24929, setting to 1024 [ 650.403771][T14080] vlan2: entered promiscuous mode [ 650.473776][T11030] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 650.490883][T11030] usb 3-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 650.520029][T11030] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 650.554453][T11030] usb 3-1: config 0 descriptor?? [ 650.786803][T14065] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 650.809393][T14065] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 650.903730][T14065] xt_l2tp: v2 doesn't support IP mode [ 651.043550][T14095] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2552'. [ 651.068462][ T5947] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 651.230319][ T5947] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 651.244434][ T5947] usb 2-1: New USB device found, idVendor=1781, idProduct=0938, bcdDevice=9b.49 [ 651.261777][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 651.266965][T14099] kvm: Disabled LAPIC found during irq injection [ 651.270850][ T5947] usb 2-1: Product: syz [ 651.281007][ T5947] usb 2-1: Manufacturer: syz [ 651.289075][ T5947] usb 2-1: SerialNumber: syz [ 651.312526][ T5947] usb 2-1: config 0 descriptor?? [ 651.524483][ T5947] usb 2-1: USB disconnect, device number 16 [ 651.668870][T14111] FAULT_INJECTION: forcing a failure. [ 651.668870][T14111] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 651.697887][T14111] CPU: 1 UID: 0 PID: 14111 Comm: syz.3.2558 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 651.697916][T14111] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 651.697928][T14111] Call Trace: [ 651.697936][T14111] [ 651.697945][T14111] dump_stack_lvl+0x241/0x360 [ 651.697979][T14111] ? __pfx_dump_stack_lvl+0x10/0x10 [ 651.698007][T14111] ? __pfx__printk+0x10/0x10 [ 651.698047][T14111] should_fail_ex+0x424/0x570 [ 651.698072][T14111] _copy_from_user+0x2d/0xb0 [ 651.698101][T14111] restore_altstack+0x9a/0x160 [ 651.698128][T14111] ? __pfx_restore_altstack+0x10/0x10 [ 651.698171][T14111] __do_sys_rt_sigreturn+0x19a/0x290 [ 651.698195][T14111] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 651.698233][T14111] ? do_syscall_64+0xb6/0x230 [ 651.698261][T14111] do_syscall_64+0xf3/0x230 [ 651.698285][T14111] ? clear_bhb_loop+0x45/0xa0 [ 651.698308][T14111] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 651.698327][T14111] RIP: 0033:0x7f000c72a359 [ 651.698343][T14111] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 651.698359][T14111] RSP: 002b:00007f000d53aa80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 651.698380][T14111] RAX: ffffffffffffffda RBX: 00007f000c9b5fa0 RCX: 00007f000c72a359 [ 651.698394][T14111] RDX: 00007f000d53aa80 RSI: 00007f000d53abb0 RDI: 0000000000000021 [ 651.698407][T14111] RBP: 00007f000d53b090 R08: 0000000000000000 R09: 0000000000000000 [ 651.698419][T14111] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 651.698430][T14111] R13: 0000000000000000 R14: 00007f000c9b5fa0 R15: 00007f000cadfa28 [ 651.698459][T14111] [ 651.873655][ C1] vkms_vblank_simulate: vblank timer overrun [ 651.964757][T14119] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2563'. [ 652.013770][T14121] netlink: 'syz.0.2564': attribute type 9 has an invalid length. [ 652.034333][T14121] netlink: 'syz.0.2564': attribute type 6 has an invalid length. [ 652.157875][T14130] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 652.219987][T14130] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 652.238629][T14131] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 652.252497][T14131] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 652.264104][T14137] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2570'. [ 652.274093][T14138] netlink: 'syz.1.2571': attribute type 9 has an invalid length. [ 652.284720][T14138] netlink: 'syz.1.2571': attribute type 6 has an invalid length. [ 652.557461][T14146] bond0: (slave wlan1): Releasing backup interface [ 652.568667][T14146] mac80211_hwsim hwsim10 wlan1: left promiscuous mode [ 652.590523][T14151] netlink: 'syz.0.2576': attribute type 4 has an invalid length. [ 652.704270][ T5929] usb 3-1: USB disconnect, device number 16 [ 652.851058][T14159] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2579'. [ 652.888474][T14159] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2579'. [ 653.288138][ T30] audit: type=1326 audit(1744903150.078:69): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14165 comm="syz.3.2583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000c78e169 code=0x7ffc0000 [ 653.334729][ T30] audit: type=1326 audit(1744903150.078:70): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14165 comm="syz.3.2583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7f000c78e169 code=0x7ffc0000 [ 653.356809][ C1] vkms_vblank_simulate: vblank timer overrun [ 653.380582][ T30] audit: type=1326 audit(1744903150.078:71): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14165 comm="syz.3.2583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000c78e169 code=0x7ffc0000 [ 653.402871][ C1] vkms_vblank_simulate: vblank timer overrun [ 653.512210][ T30] audit: type=1326 audit(1744903150.078:72): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14165 comm="syz.3.2583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=78 compat=0 ip=0x7f000c78e169 code=0x7ffc0000 [ 653.551540][ T30] audit: type=1326 audit(1744903150.078:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14165 comm="syz.3.2583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000c78e169 code=0x7ffc0000 [ 653.573820][ C1] vkms_vblank_simulate: vblank timer overrun [ 653.636674][T14178] netlink: 'syz.0.2584': attribute type 13 has an invalid length. [ 653.666837][ T30] audit: type=1326 audit(1744903150.078:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14165 comm="syz.3.2583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7f000c78e169 code=0x7ffc0000 [ 653.689122][ C1] vkms_vblank_simulate: vblank timer overrun [ 653.723942][ T30] audit: type=1326 audit(1744903150.078:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14165 comm="syz.3.2583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000c78e169 code=0x7ffc0000 [ 653.781324][T14178] syz_tun: entered promiscuous mode [ 653.788837][ T30] audit: type=1326 audit(1744903150.078:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14165 comm="syz.3.2583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f000c78e169 code=0x7ffc0000 [ 653.824482][ T30] audit: type=1326 audit(1744903150.078:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14165 comm="syz.3.2583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f000c78e169 code=0x7ffc0000 [ 653.854212][ T30] audit: type=1326 audit(1744903150.078:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14165 comm="syz.3.2583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f000c78e169 code=0x7ffc0000 [ 653.922280][T14178] 8021q: adding VLAN 0 to HW filter on device bond0 [ 653.960429][T14178] 8021q: adding VLAN 0 to HW filter on device team0 [ 654.246559][T14178] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 654.555946][ T47] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 654.607435][T14191] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2588'. [ 654.616863][T14191] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2588'. [ 654.741350][ T47] usb 3-1: Using ep0 maxpacket: 8 [ 654.796591][ T47] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=99.03 [ 654.806106][ T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 654.814109][ T47] usb 3-1: Product: syz [ 654.823282][ T47] usb 3-1: Manufacturer: syz [ 654.833830][ T47] usb 3-1: SerialNumber: syz [ 654.840938][ T47] usb 3-1: config 0 descriptor?? [ 654.852687][ T47] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state. [ 654.862876][ T47] dvb-usb: bulk message failed: -22 (2/0) [ 654.876219][ T47] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 654.891803][ T47] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver) [ 654.963385][ T47] usb 3-1: media controller created [ 655.006637][ T47] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 655.058272][ T47] dvb-usb: bulk message failed: -22 (1/0) [ 655.066336][ T47] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' [ 655.089581][ T47] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input56 [ 655.105479][ T47] dvb-usb: schedule remote query interval to 50 msecs. [ 655.114634][ T47] dvb-usb: bulk message failed: -22 (2/0) [ 655.120828][ T5929] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 655.141728][ T47] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected. [ 655.170428][T11030] dvb-usb: bulk message failed: -22 (1/0) [ 655.177337][T11030] dvb-usb: error while querying for an remote control event. [ 655.262975][ T47] dvb-usb: bulk message failed: -22 (1/0) [ 655.345928][ T47] dvb-usb: error while querying for an remote control event. [ 655.400843][ T5929] usb 2-1: config 0 has no interfaces? [ 655.414667][ T5929] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 655.424243][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 655.512055][ T47] dvb-usb: bulk message failed: -22 (1/0) [ 655.524131][ T5929] usb 2-1: Product: syz [ 655.538976][ T47] dvb-usb: error while querying for an remote control event. [ 655.566139][ T5929] usb 2-1: Manufacturer: syz [ 655.622942][ T5929] usb 2-1: SerialNumber: syz [ 655.688591][ T47] dvb-usb: bulk message failed: -22 (1/0) [ 655.719662][ T47] dvb-usb: error while querying for an remote control event. [ 655.729114][ T5929] usb 2-1: config 0 descriptor?? [ 655.736075][T11030] usb 3-1: USB disconnect, device number 17 [ 655.820679][T11030] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected. [ 655.976471][T14215] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2597'. [ 655.993671][T14200] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 656.003591][T14200] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 656.063451][T14215] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2597'. [ 656.216631][T11030] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 656.415993][T11030] usb 3-1: Using ep0 maxpacket: 32 [ 656.431713][T11030] usb 3-1: config 64 has an invalid interface number: 4 but max is 0 [ 656.448500][T11030] usb 3-1: config 64 has no interface number 0 [ 656.458174][T11030] usb 3-1: too many endpoints for config 64 interface 4 altsetting 255: 218, using maximum allowed: 30 [ 656.474643][T11030] usb 3-1: config 64 interface 4 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 218 [ 656.506157][T11030] usb 3-1: config 64 interface 4 has no altsetting 0 [ 656.544427][T11030] usb 3-1: New USB device found, idVendor=05c6, idProduct=9215, bcdDevice=28.46 [ 656.566229][T11030] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 656.588290][T11030] usb 3-1: Product: syz [ 656.592573][T11030] usb 3-1: Manufacturer: syz [ 656.600096][T14227] FAULT_INJECTION: forcing a failure. [ 656.600096][T14227] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 656.601100][T11030] usb 3-1: SerialNumber: syz [ 656.661731][T14227] CPU: 0 UID: 0 PID: 14227 Comm: syz.4.2601 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 656.661760][T14227] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 656.661773][T14227] Call Trace: [ 656.661781][T14227] [ 656.661790][T14227] dump_stack_lvl+0x241/0x360 [ 656.661826][T14227] ? __pfx_dump_stack_lvl+0x10/0x10 [ 656.661855][T14227] ? __pfx__printk+0x10/0x10 [ 656.661894][T14227] should_fail_ex+0x424/0x570 [ 656.661920][T14227] _copy_from_user+0x2d/0xb0 [ 656.661951][T14227] restore_sigcontext+0xda/0x7d0 [ 656.661978][T14227] ? __pfx_restore_sigcontext+0x10/0x10 [ 656.662034][T14227] __do_sys_rt_sigreturn+0x1bf/0x290 [ 656.662058][T14227] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 656.662096][T14227] ? do_syscall_64+0xb6/0x230 [ 656.662124][T14227] do_syscall_64+0xf3/0x230 [ 656.662148][T14227] ? clear_bhb_loop+0x45/0xa0 [ 656.662171][T14227] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 656.662190][T14227] RIP: 0033:0x7f39e392a359 [ 656.662215][T14227] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 656.662232][T14227] RSP: 002b:00007f39e4739a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 656.662253][T14227] RAX: ffffffffffffffda RBX: 00007f39e3bb5fa0 RCX: 00007f39e392a359 [ 656.662267][T14227] RDX: 00007f39e4739a80 RSI: 00007f39e4739bb0 RDI: 0000000000000021 [ 656.662280][T14227] RBP: 00007f39e473a090 R08: 0000000000000000 R09: 0000000000000000 [ 656.662292][T14227] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 656.662303][T14227] R13: 0000000000000000 R14: 00007f39e3bb5fa0 R15: 00007f39e3cdfa28 [ 656.662351][T14227] [ 657.290384][ T5929] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 657.439552][ T5929] usb 4-1: Using ep0 maxpacket: 32 [ 657.442093][ T5929] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 657.442151][ T5929] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 8 [ 657.442177][ T5929] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 657.445140][ T5929] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 657.445172][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 657.445234][ T5929] usb 4-1: Product: syz [ 657.445252][ T5929] usb 4-1: Manufacturer: syz [ 657.445269][ T5929] usb 4-1: SerialNumber: syz [ 657.715461][T14240] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2607'. [ 657.744713][T14240] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2607'. [ 658.023464][ T5929] cdc_ncm 4-1:1.0: bind() failure [ 658.104706][ T5929] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 658.147615][ T5929] cdc_ncm 4-1:1.1: bind() failure [ 658.182435][ T5929] usb 4-1: USB disconnect, device number 24 [ 658.868741][ T5929] usb 2-1: USB disconnect, device number 17 [ 659.172726][T11030] usb 3-1: USB disconnect, device number 18 [ 659.616482][T11030] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 659.670023][T14288] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2620'. [ 659.816465][T11030] usb 3-1: Using ep0 maxpacket: 32 [ 659.826317][T11030] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 659.849171][T11030] usb 3-1: config 0 has no interface number 0 [ 659.858738][T14294] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 659.895232][T11030] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 659.908857][T11030] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 659.938637][T11030] usb 3-1: Product: syz [ 659.961960][T11030] usb 3-1: Manufacturer: syz [ 659.973059][T11030] usb 3-1: SerialNumber: syz [ 659.999573][T11030] usb 3-1: config 0 descriptor?? [ 660.008195][T11030] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 660.210812][ C1] usb-serial ttyUSB0: qt2_process_read_urb - unsupported command 48 [ 660.239522][T11030] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 660.255479][T11030] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 660.420484][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 660.430175][T11030] usb 3-1: USB disconnect, device number 19 [ 660.461567][T11030] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 660.514799][T11030] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 660.577079][T11030] quatech2 3-1:0.51: device disconnected [ 660.614674][T14301] loop6: detected capacity change from 0 to 63 [ 660.779585][T14300] blktrace: Concurrent blktraces are not allowed on loop3 [ 660.927810][T14313] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2628'. [ 660.941560][T14313] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2628'. [ 661.269164][T14322] vlan2: entered promiscuous mode [ 661.608303][T11030] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 661.786055][T11030] usb 3-1: Using ep0 maxpacket: 32 [ 661.792854][T11030] usb 3-1: config 0 has an invalid interface number: 129 but max is 0 [ 661.801577][T11030] usb 3-1: config 0 has no interface number 0 [ 661.810298][T11030] usb 3-1: New USB device found, idVendor=06cd, idProduct=0108, bcdDevice=8e.7b [ 661.819685][T11030] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 661.829774][ T47] usb 1-1: new high-speed USB device number 107 using dummy_hcd [ 661.837596][T11030] usb 3-1: Product: syz [ 661.841753][T11030] usb 3-1: Manufacturer: syz [ 661.847279][T11030] usb 3-1: SerialNumber: syz [ 661.857077][T11030] usb 3-1: config 0 descriptor?? [ 661.864344][T11030] keyspan 3-1:0.129: Keyspan 1 port adapter converter detected [ 661.872672][T11030] keyspan 3-1:0.129: found no endpoint descriptor for endpoint 87 [ 661.880605][T11030] keyspan 3-1:0.129: found no endpoint descriptor for endpoint 7 [ 661.890358][T11030] keyspan 3-1:0.129: found no endpoint descriptor for endpoint 81 [ 661.898309][T11030] keyspan 3-1:0.129: found no endpoint descriptor for endpoint 1 [ 661.909021][T11030] keyspan 3-1:0.129: found no endpoint descriptor for endpoint 2 [ 661.917705][T11030] keyspan 3-1:0.129: found no endpoint descriptor for endpoint 85 [ 661.925642][T11030] keyspan 3-1:0.129: found no endpoint descriptor for endpoint 5 [ 661.935418][T11030] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 662.006432][ T47] usb 1-1: Using ep0 maxpacket: 16 [ 662.012986][ T47] usb 1-1: config 2 has an invalid interface number: 97 but max is 0 [ 662.021446][ T47] usb 1-1: config 2 has no interface number 0 [ 662.029846][ T47] usb 1-1: New USB device found, idVendor=17ef, idProduct=7205, bcdDevice=32.bd [ 662.039335][ T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 662.047671][ T47] usb 1-1: Product: syz [ 662.051883][ T47] usb 1-1: Manufacturer: syz [ 662.056537][ T47] usb 1-1: SerialNumber: syz [ 662.065586][T11030] usb 3-1: USB disconnect, device number 20 [ 662.087983][T11030] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 662.097914][ T47] r8152-cfgselector 1-1: Unknown version 0x0000 [ 662.110422][T11030] keyspan 3-1:0.129: device disconnected [ 662.122275][ T47] hub 1-1:2.97: bad descriptor, ignoring hub [ 662.131248][ T47] hub 1-1:2.97: probe with driver hub failed with error -5 [ 662.235091][T14350] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2641'. [ 662.250664][T14350] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2641'. [ 662.368011][T14355] loop6: detected capacity change from 0 to 63 [ 662.419027][T14357] netlink: 'syz.3.2644': attribute type 9 has an invalid length. [ 662.427185][T14357] netlink: 'syz.3.2644': attribute type 6 has an invalid length. [ 663.045986][ T5947] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 663.209042][ T5947] usb 2-1: unable to get BOS descriptor or descriptor too short [ 663.218965][ T5947] usb 2-1: config 6 has an invalid interface number: 200 but max is 0 [ 663.238137][ T5947] usb 2-1: config 6 has no interface number 0 [ 663.244571][ T5947] usb 2-1: config 6 interface 200 has no altsetting 0 [ 663.254644][ T5947] usb 2-1: New USB device found, idVendor=05d8, idProduct=810c, bcdDevice=18.5f [ 663.255888][ T47] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 663.264003][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.279581][ T5947] usb 2-1: Product: syz [ 663.285664][ T5947] usb 2-1: Manufacturer: syz [ 663.291027][ T5947] usb 2-1: SerialNumber: syz [ 663.445805][ T47] usb 3-1: Using ep0 maxpacket: 8 [ 663.452643][ T47] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 663.465284][ T47] usb 3-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.40 [ 663.475015][ T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 663.483209][ T47] usb 3-1: Product: syz [ 663.487876][ T47] usb 3-1: Manufacturer: syz [ 663.492523][ T47] usb 3-1: SerialNumber: syz [ 663.712417][T14376] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 663.723305][T14376] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 663.739064][ T47] usb 3-1: USB disconnect, device number 21 [ 664.063892][ T5947] dvb-usb: found a 'Artec T14 - USB2.0 DVB-T' in warm state. [ 664.088868][ T5947] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 664.103099][ T5947] dvbdev: DVB: registering new adapter (Artec T14 - USB2.0 DVB-T) [ 664.112071][ T5947] usb 2-1: media controller created [ 664.125806][ T10] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 664.144353][T14393] netlink: 56 bytes leftover after parsing attributes in process `syz.4.2658'. [ 664.174276][ T5947] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 664.256004][ T10] usb 4-1: device descriptor read/64, error -71 [ 664.264404][ T5947] dvb-usb: recv bulk message failed: -22 [ 664.279386][T14399] loop6: detected capacity change from 0 to 63 [ 664.468785][T14368] vlan0: entered promiscuous mode [ 664.497733][ T5947] dvb-usb: bulk message failed: -71 (6/0) [ 664.515497][ T5947] dvb-usb: no frontend was attached by 'Artec T14 - USB2.0 DVB-T' [ 664.525274][ T10] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 664.571581][ T47] r8152-cfgselector 1-1: USB disconnect, device number 107 [ 664.587416][ T5947] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.1/usb2/2-1/input/input58 [ 664.641141][ T5947] dvb-usb: schedule remote query interval to 150 msecs. [ 664.665546][ T5947] dvb-usb: Artec T14 - USB2.0 DVB-T successfully initialized and connected. [ 664.686797][ T10] usb 4-1: device descriptor read/64, error -71 [ 664.703926][T14403] netlink: 128 bytes leftover after parsing attributes in process `syz.2.2660'. [ 664.706346][ T5947] usb 2-1: USB disconnect, device number 18 [ 664.723643][T14403] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2660'. [ 664.802067][ T5947] dvb-usb: Artec T14 - USB2.0 DVB-T successfully deinitialized and disconnected. [ 664.826211][ T10] usb usb4-port1: attempt power cycle [ 664.921229][T14413] vlan2: entered promiscuous mode [ 665.042889][T14418] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2667'. [ 665.052900][T14418] netlink: 'syz.4.2667': attribute type 1 has an invalid length. [ 665.178491][ T10] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 665.186089][ T47] usb 1-1: new high-speed USB device number 108 using dummy_hcd [ 665.227080][ T10] usb 4-1: device descriptor read/8, error -71 [ 665.310919][T14433] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 665.348798][ T47] usb 1-1: config 0 has no interfaces? [ 665.356971][ T47] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 665.366262][ T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 665.374298][ T47] usb 1-1: Product: syz [ 665.379144][ T47] usb 1-1: Manufacturer: syz [ 665.383764][ T47] usb 1-1: SerialNumber: syz [ 665.391838][ T47] usb 1-1: config 0 descriptor?? [ 665.465890][ T10] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 665.496998][ T10] usb 4-1: device descriptor read/8, error -71 [ 665.541330][T14442] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2676'. [ 665.559991][T14442] vlan2: entered promiscuous mode [ 665.601594][T14416] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 665.611824][ T10] usb usb4-port1: unable to enumerate USB device [ 665.616154][T14416] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 665.645556][T14416] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2666'. [ 665.680220][ T47] usb 1-1: USB disconnect, device number 108 [ 665.709319][T14444] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2677'. [ 666.081280][T14450] input: syz0 as /devices/virtual/input/input59 [ 666.334243][T14455] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2682'. [ 666.378622][T14455] vlan2: entered promiscuous mode [ 666.451410][ T30] kauditd_printk_skb: 19 callbacks suppressed [ 666.451431][ T30] audit: type=1326 audit(1744903163.248:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14459 comm="syz.0.2685" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f716e78e169 code=0x0 [ 666.689697][T14458] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 667.593021][T14482] netlink: 'syz.0.2691': attribute type 9 has an invalid length. [ 667.635862][T14482] netlink: 'syz.0.2691': attribute type 6 has an invalid length. [ 667.740606][T14484] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 667.809580][ T30] audit: type=1800 audit(1744903164.608:99): pid=14485 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.2692" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 667.895430][T14485] __nla_validate_parse: 3 callbacks suppressed [ 667.895452][T14485] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2692'. [ 667.912047][T14485] openvswitch: netlink: Missing key (keys=40, expected=80) [ 668.297696][ T47] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 668.389037][T14499] FAULT_INJECTION: forcing a failure. [ 668.389037][T14499] name failslab, interval 1, probability 0, space 0, times 0 [ 668.443309][T14499] CPU: 0 UID: 0 PID: 14499 Comm: syz.3.2697 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 668.443339][T14499] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 668.443352][T14499] Call Trace: [ 668.443360][T14499] [ 668.443369][T14499] dump_stack_lvl+0x241/0x360 [ 668.443405][T14499] ? __pfx_dump_stack_lvl+0x10/0x10 [ 668.443434][T14499] ? __pfx__printk+0x10/0x10 [ 668.443465][T14499] ? __pfx___might_resched+0x10/0x10 [ 668.443496][T14499] should_fail_ex+0x424/0x570 [ 668.443528][T14499] should_failslab+0xac/0x100 [ 668.443558][T14499] __kmalloc_cache_noprof+0x73/0x370 [ 668.443585][T14499] ? snd_pcm_oss_change_params_locked+0xb30/0x4150 [ 668.443619][T14499] snd_pcm_oss_change_params_locked+0xb30/0x4150 [ 668.443660][T14499] ? rcu_is_watching+0x15/0xb0 [ 668.443689][T14499] ? __mutex_lock+0x380/0x10c0 [ 668.443731][T14499] ? aa_file_perm+0x139/0xf60 [ 668.443767][T14499] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 668.443814][T14499] ? snd_pcm_oss_write+0x263/0x1280 [ 668.443838][T14499] ? aa_file_perm+0x3f1/0xf60 [ 668.443879][T14499] ? __pfx_aa_file_perm+0x10/0x10 [ 668.443910][T14499] ? kstrtouint+0xfc/0x190 [ 668.443935][T14499] snd_pcm_oss_write+0x2d4/0x1280 [ 668.443980][T14499] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 668.444009][T14499] ? bpf_lsm_file_permission+0x9/0x10 [ 668.444032][T14499] ? rw_verify_area+0x246/0x630 [ 668.444057][T14499] vfs_writev+0x5ba/0xbc0 [ 668.444086][T14499] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 668.444122][T14499] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 668.444149][T14499] ? __pfx_vfs_writev+0x10/0x10 [ 668.444195][T14499] ? __fget_files+0x2a/0x420 [ 668.444215][T14499] ? __fget_files+0x39d/0x420 [ 668.444231][T14499] ? __fget_files+0x2a/0x420 [ 668.444258][T14499] do_writev+0x1b8/0x360 [ 668.444293][T14499] ? __pfx_do_writev+0x10/0x10 [ 668.444328][T14499] ? do_syscall_64+0xb6/0x230 [ 668.444356][T14499] do_syscall_64+0xf3/0x230 [ 668.444381][T14499] ? clear_bhb_loop+0x45/0xa0 [ 668.444405][T14499] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 668.444425][T14499] RIP: 0033:0x7f000c78e169 [ 668.444442][T14499] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 668.444459][T14499] RSP: 002b:00007f000d53b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 668.444480][T14499] RAX: ffffffffffffffda RBX: 00007f000c9b5fa0 RCX: 00007f000c78e169 [ 668.444495][T14499] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 668.444507][T14499] RBP: 00007f000d53b090 R08: 0000000000000000 R09: 0000000000000000 [ 668.444520][T14499] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 668.444538][T14499] R13: 0000000000000000 R14: 00007f000c9b5fa0 R15: 00007f000cadfa28 [ 668.444568][T14499] [ 668.473072][T14504] netlink: 'syz.0.2699': attribute type 4 has an invalid length. [ 668.742065][ T47] usb 3-1: Using ep0 maxpacket: 32 [ 668.750064][ T47] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 668.760642][ T47] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 0 [ 668.799176][ T47] usb 3-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 668.808616][T11030] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 668.827198][ T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 668.835367][ T47] usb 3-1: Product: syz [ 668.850604][ T47] usb 3-1: Manufacturer: syz [ 668.855264][ T47] usb 3-1: SerialNumber: syz [ 668.891520][ T47] usb 3-1: config 0 descriptor?? [ 668.901874][ T47] hub 3-1:0.0: bad descriptor, ignoring hub [ 668.916934][ T47] hub 3-1:0.0: probe with driver hub failed with error -5 [ 668.950033][T14510] netlink: 64 bytes leftover after parsing attributes in process `syz.0.2702'. [ 668.969905][ T47] input: syz syz as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input60 [ 668.999057][T11030] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 669.008623][ T47] usbtouchscreen 3-1:0.0: usbtouch_probe - usb_submit_urb failed with result: -90 [ 669.018889][T11030] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.049204][T11030] usb 2-1: config 0 descriptor?? [ 669.059658][ T47] usbtouchscreen 3-1:0.0: probe with driver usbtouchscreen failed with error -90 [ 669.073270][T11030] cp210x 2-1:0.0: cp210x converter detected [ 669.247408][T14518] vlan0: entered promiscuous mode [ 669.316713][ T10] usb 3-1: USB disconnect, device number 22 [ 669.407880][ T5929] usb 1-1: new high-speed USB device number 109 using dummy_hcd [ 669.464671][T11030] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 669.536791][T14522] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2707'. [ 669.575881][ T5929] usb 1-1: Using ep0 maxpacket: 16 [ 669.582727][ T5929] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 669.593911][ T5929] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 669.607184][ T5929] usb 1-1: New USB device found, idVendor=048d, idProduct=ce50, bcdDevice= 0.00 [ 669.616430][ T5929] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 669.635418][ T5929] usb 1-1: config 0 descriptor?? [ 669.717533][T14525] program syz.3.2708 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 669.758062][T11030] usb 2-1: cp210x converter now attached to ttyUSB0 [ 670.230401][T14537] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 670.262833][T14537] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 670.291751][ T5929] usbhid 1-1:0.0: can't add hid device: -71 [ 670.379372][ T5929] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 670.475825][ T10] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 670.476209][ T5929] usb 1-1: USB disconnect, device number 109 [ 670.635574][ T5947] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 670.666203][ T10] usb 4-1: config 0 has no interfaces? [ 670.681542][ T10] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 670.690854][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 670.701801][ T10] usb 4-1: Product: syz [ 670.709566][ T10] usb 4-1: Manufacturer: syz [ 670.720683][ T10] usb 4-1: SerialNumber: syz [ 670.769438][ T10] usb 4-1: config 0 descriptor?? [ 670.824999][T11030] usb 2-1: USB disconnect, device number 19 [ 670.834953][T11030] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 670.853594][T11030] cp210x 2-1:0.0: device disconnected [ 670.888073][ T5947] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 670.972120][ T5947] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 671.013937][ T5947] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 671.039198][ T5947] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 671.051051][ T5947] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 671.103657][ T5947] usb 3-1: config 0 interface 0 has no altsetting 0 [ 671.160194][ T5947] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 671.202506][ T5947] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 671.222478][ T5947] usb 3-1: Product: syz [ 671.229662][ T5947] usb 3-1: Manufacturer: syz [ 671.239684][ T5947] usb 3-1: SerialNumber: syz [ 671.253843][ T5947] usb 3-1: config 0 descriptor?? [ 671.270134][T14538] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 671.284773][ T5947] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 671.308673][ T5947] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 671.336179][T11030] usb 1-1: new high-speed USB device number 110 using dummy_hcd [ 671.499091][T11030] usb 1-1: config 0 has an invalid descriptor of length 97, skipping remainder of the config [ 671.509619][T11030] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 671.535919][T11030] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has an invalid bInterval 97, changing to 7 [ 671.568978][T11030] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x85 has invalid maxpacket 24929, setting to 1024 [ 671.595801][T11030] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 671.618728][T11030] usb 1-1: New USB device found, idVendor=2040, idProduct=1605, bcdDevice= a.94 [ 671.639788][T11030] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 671.663772][T11030] usb 1-1: config 0 descriptor?? [ 671.818414][T14528] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 671.827868][T14528] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 671.844495][T14545] netlink: 32 bytes leftover after parsing attributes in process `syz.1.2712'. [ 671.898716][T14542] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 671.922337][T14542] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 672.047221][T14546] xt_l2tp: v2 doesn't support IP mode [ 672.525825][T11030] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 672.677971][T11030] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 672.691586][T11030] usb 2-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=7d.d2 [ 672.701235][T11030] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 672.709493][T11030] usb 2-1: Product: syz [ 672.714045][T11030] usb 2-1: Manufacturer: syz [ 672.719098][T11030] usb 2-1: SerialNumber: syz [ 672.727333][T11030] usb 2-1: config 0 descriptor?? [ 673.026241][T11030] usb 4-1: USB disconnect, device number 29 [ 673.168550][ T5929] usb 2-1: USB disconnect, device number 20 [ 673.175152][ T5929] f81534a_ctrl 2-1:0.0: failed to set register 0x116: -19 [ 673.186402][ T47] usb 3-1: USB disconnect, device number 23 [ 673.202649][ T47] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 673.211141][ T5929] f81534a_ctrl 2-1:0.0: failed to enable ports: -19 [ 673.256511][T14558] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2718'. [ 673.292829][T14558] vlan2: entered promiscuous mode [ 673.466168][T11030] usb 4-1: new low-speed USB device number 30 using dummy_hcd [ 674.086513][ T47] usb 1-1: USB disconnect, device number 110 [ 674.227981][T14572] FAULT_INJECTION: forcing a failure. [ 674.227981][T14572] name failslab, interval 1, probability 0, space 0, times 0 [ 674.241327][T14572] CPU: 1 UID: 0 PID: 14572 Comm: syz.0.2722 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 674.241352][T14572] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 674.241365][T14572] Call Trace: [ 674.241372][T14572] [ 674.241381][T14572] dump_stack_lvl+0x241/0x360 [ 674.241414][T14572] ? __pfx_dump_stack_lvl+0x10/0x10 [ 674.241444][T14572] ? __pfx__printk+0x10/0x10 [ 674.241473][T14572] ? __pfx___might_resched+0x10/0x10 [ 674.241501][T14572] should_fail_ex+0x424/0x570 [ 674.241525][T14572] should_failslab+0xac/0x100 [ 674.241552][T14572] __kmalloc_noprof+0xdf/0x4d0 [ 674.241576][T14572] ? snd_pcm_hw_refine+0x978/0x1b80 [ 674.241602][T14572] snd_pcm_hw_refine+0x978/0x1b80 [ 674.241621][T14572] ? __kmalloc_cache_noprof+0x236/0x370 [ 674.241645][T14572] ? snd_pcm_oss_change_params_locked+0xb30/0x4150 [ 674.241670][T14572] ? snd_pcm_oss_write+0x2d4/0x1280 [ 674.241706][T14572] ? __pfx_snd_pcm_hw_refine+0x10/0x10 [ 674.241759][T14572] ? __kasan_kmalloc+0x9d/0xb0 [ 674.241780][T14572] ? snd_interval_refine+0x56d/0x900 [ 674.241810][T14572] snd_pcm_oss_change_params_locked+0xd73/0x4150 [ 674.241861][T14572] ? aa_file_perm+0x139/0xf60 [ 674.241889][T14572] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 674.241916][T14572] ? snd_pcm_oss_write+0x263/0x1280 [ 674.241939][T14572] ? aa_file_perm+0x3f1/0xf60 [ 674.241983][T14572] ? __pfx_aa_file_perm+0x10/0x10 [ 674.242010][T14572] ? kstrtouint+0xfc/0x190 [ 674.242034][T14572] snd_pcm_oss_write+0x2d4/0x1280 [ 674.242076][T14572] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 674.242103][T14572] ? bpf_lsm_file_permission+0x9/0x10 [ 674.242125][T14572] ? rw_verify_area+0x246/0x630 [ 674.242149][T14572] vfs_writev+0x5ba/0xbc0 [ 674.242176][T14572] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 674.242210][T14572] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 674.242236][T14572] ? __pfx_vfs_writev+0x10/0x10 [ 674.242278][T14572] ? __fget_files+0x2a/0x420 [ 674.242297][T14572] ? __fget_files+0x39d/0x420 [ 674.242312][T14572] ? __fget_files+0x2a/0x420 [ 674.242338][T14572] do_writev+0x1b8/0x360 [ 674.242369][T14572] ? __pfx_do_writev+0x10/0x10 [ 674.242402][T14572] ? do_syscall_64+0xb6/0x230 [ 674.242428][T14572] do_syscall_64+0xf3/0x230 [ 674.242451][T14572] ? clear_bhb_loop+0x45/0xa0 [ 674.242473][T14572] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 674.242491][T14572] RIP: 0033:0x7f716e78e169 [ 674.242507][T14572] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 674.242523][T14572] RSP: 002b:00007f716f571038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 674.242542][T14572] RAX: ffffffffffffffda RBX: 00007f716e9b5fa0 RCX: 00007f716e78e169 [ 674.242556][T14572] RDX: 0000000000000001 RSI: 0000200000000040 RDI: 0000000000000003 [ 674.242567][T14572] RBP: 00007f716f571090 R08: 0000000000000000 R09: 0000000000000000 [ 674.242579][T14572] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 674.242590][T14572] R13: 0000000000000000 R14: 00007f716e9b5fa0 R15: 00007f716eadfa28 [ 674.242618][T14572] [ 674.546243][ C1] vkms_vblank_simulate: vblank timer overrun [ 675.024410][T14571] futex_wake_op: syz.1.2723 tries to shift op by -33; fix this program [ 675.056516][T14571] netdevsim netdevsim1: Direct firmware load for . [ 675.056516][T14571] failed with error -2 [ 675.067195][T14571] netdevsim netdevsim1: Falling back to sysfs fallback for: . [ 675.067195][T14571] [ 675.680952][T14588] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 676.135477][T11030] usb 4-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 676.167649][T11030] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 676.197062][T11030] usb 4-1: config 0 descriptor?? [ 676.219282][T11030] usb 4-1: can't set config #0, error -71 [ 676.234530][T11030] usb 4-1: USB disconnect, device number 30 [ 676.516989][T14603] fuse: Bad value for 'fd' [ 676.526041][ T47] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 676.657509][T14610] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2736'. [ 676.669341][T14610] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2736'. [ 676.696131][ T47] usb 2-1: Using ep0 maxpacket: 16 [ 676.704090][ T47] usb 2-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 676.714518][ T47] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 676.725604][ T47] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 676.743092][ T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 676.753848][ T47] usb 2-1: config 0 descriptor?? [ 676.965869][ T5947] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 677.122523][ T5947] usb 3-1: Using ep0 maxpacket: 8 [ 677.131736][T14617] netlink: 'syz.0.2739': attribute type 4 has an invalid length. [ 677.145226][ T5947] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 677.164923][ T5947] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.174738][ T5947] usb 3-1: Product: syz [ 677.184695][ T5947] usb 3-1: Manufacturer: syz [ 677.189717][ T5947] usb 3-1: SerialNumber: syz [ 677.206219][ T5947] usb 3-1: config 0 descriptor?? [ 677.224780][ T5947] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 677.421792][T14612] FAULT_INJECTION: forcing a failure. [ 677.421792][T14612] name failslab, interval 1, probability 0, space 0, times 0 [ 677.446493][T14612] CPU: 1 UID: 0 PID: 14612 Comm: syz.2.2737 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 677.446519][T14612] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 677.446530][T14612] Call Trace: [ 677.446538][T14612] [ 677.446546][T14612] dump_stack_lvl+0x241/0x360 [ 677.446574][T14612] ? __pfx_dump_stack_lvl+0x10/0x10 [ 677.446593][T14612] ? __pfx__printk+0x10/0x10 [ 677.446618][T14612] ? __pfx___might_resched+0x10/0x10 [ 677.446645][T14612] should_fail_ex+0x424/0x570 [ 677.446670][T14612] should_failslab+0xac/0x100 [ 677.446714][T14612] __kmalloc_noprof+0xdf/0x4d0 [ 677.446734][T14612] ? tomoyo_encode+0x26f/0x540 [ 677.446758][T14612] tomoyo_encode+0x26f/0x540 [ 677.446787][T14612] ? __pfx_sockfs_dname+0x10/0x10 [ 677.446816][T14612] tomoyo_realpath_from_path+0x59e/0x5e0 [ 677.446869][T14612] tomoyo_path_number_perm+0x245/0x790 [ 677.446888][T14612] ? tomoyo_path_number_perm+0x215/0x790 [ 677.446907][T14612] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 677.446933][T14612] ? ksys_write+0x24e/0x2d0 [ 677.446963][T14612] ? __lock_acquire+0xad5/0xd80 [ 677.446997][T14612] ? __fget_files+0x2a/0x420 [ 677.447013][T14612] ? __fget_files+0x2a/0x420 [ 677.447027][T14612] ? __fget_files+0x2a/0x420 [ 677.447042][T14612] security_file_ioctl+0xc6/0x2a0 [ 677.447059][T14612] __se_sys_ioctl+0x46/0x160 [ 677.447081][T14612] do_syscall_64+0xf3/0x230 [ 677.447105][T14612] ? clear_bhb_loop+0x45/0xa0 [ 677.447127][T14612] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 677.447144][T14612] RIP: 0033:0x7f44c278e169 [ 677.447161][T14612] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 677.447172][T14612] RSP: 002b:00007f44c3631038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 677.447186][T14612] RAX: ffffffffffffffda RBX: 00007f44c29b5fa0 RCX: 00007f44c278e169 [ 677.447196][T14612] RDX: 0000200000000040 RSI: 0000000000008b0f RDI: 0000000000000006 [ 677.447204][T14612] RBP: 00007f44c3631090 R08: 0000000000000000 R09: 0000000000000000 [ 677.447212][T14612] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 677.447222][T14612] R13: 0000000000000000 R14: 00007f44c29b5fa0 R15: 00007f44c2adfa28 [ 677.447251][T14612] [ 677.447269][T14612] ERROR: Out of memory at tomoyo_realpath_from_path. [ 677.685873][ T10] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 677.711737][ T5947] gspca_sonixj: reg_w1 err -71 [ 677.732663][ T5947] sonixj 3-1:0.0: probe with driver sonixj failed with error -71 [ 677.756733][ T5947] usb 3-1: USB disconnect, device number 24 [ 677.826344][ T47] usb 1-1: new high-speed USB device number 111 using dummy_hcd [ 677.860940][ T10] usb 4-1: config index 0 descriptor too short (expected 8192, got 77) [ 677.922041][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 677.934849][ T10] usb 4-1: config 0 has no interfaces? [ 677.957421][ T10] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 677.966772][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 677.975034][ T10] usb 4-1: Product: syz [ 677.987653][ T10] usb 4-1: Manufacturer: syz [ 677.992495][ T10] usb 4-1: SerialNumber: syz [ 678.033386][ T47] usb 1-1: config 0 has no interfaces? [ 678.130120][ T47] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 678.149913][ T10] usb 4-1: config 0 descriptor?? [ 678.269600][ T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 678.289837][ T47] usb 1-1: Product: syz [ 678.300012][ T47] usb 1-1: Manufacturer: syz [ 678.304666][ T47] usb 1-1: SerialNumber: syz [ 678.348668][ T47] usb 1-1: config 0 descriptor?? [ 678.384888][T14624] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 678.526153][T14624] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 678.811488][T14644] futex_wake_op: syz.4.2744 tries to shift op by -33; fix this program [ 678.824692][T14644] netdevsim netdevsim4: Direct firmware load for . [ 678.824692][T14644] failed with error -2 [ 678.835841][T14644] netdevsim netdevsim4: Falling back to sysfs fallback for: . [ 678.835841][T14644] [ 679.339614][ T47] usb 2-1: USB disconnect, device number 21 [ 679.417931][T14647] netlink: 'syz.1.2746': attribute type 9 has an invalid length. [ 679.455789][T14647] netlink: 'syz.1.2746': attribute type 6 has an invalid length. [ 679.953417][T14651] vlan2: entered promiscuous mode [ 680.295614][ T10] usb 4-1: USB disconnect, device number 31 [ 680.952738][T14660] netlink: 128 bytes leftover after parsing attributes in process `syz.3.2751'. [ 680.965843][T14660] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2751'. [ 680.980128][T14660] FAULT_INJECTION: forcing a failure. [ 680.980128][T14660] name failslab, interval 1, probability 0, space 0, times 0 [ 681.011271][T14660] CPU: 0 UID: 0 PID: 14660 Comm: syz.3.2751 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 681.011300][T14660] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 681.011326][T14660] Call Trace: [ 681.011334][T14660] [ 681.011343][T14660] dump_stack_lvl+0x241/0x360 [ 681.011379][T14660] ? __pfx_dump_stack_lvl+0x10/0x10 [ 681.011406][T14660] ? __pfx__printk+0x10/0x10 [ 681.011432][T14660] ? __lock_acquire+0xad5/0xd80 [ 681.011449][T14660] ? __pfx___might_resched+0x10/0x10 [ 681.011469][T14660] should_fail_ex+0x424/0x570 [ 681.011487][T14660] should_failslab+0xac/0x100 [ 681.011508][T14660] __kmalloc_cache_noprof+0x73/0x370 [ 681.011527][T14660] ? rdma_resolve_ip+0x68/0x850 [ 681.011546][T14660] rdma_resolve_ip+0x68/0x850 [ 681.011561][T14660] ? __pfx_addr_handler+0x10/0x10 [ 681.011581][T14660] rdma_resolve_addr+0x6ed/0x22e0 [ 681.011606][T14660] ? __pfx_rdma_resolve_addr+0x10/0x10 [ 681.011621][T14660] ? trace_contention_end+0x3c/0x120 [ 681.011640][T14660] ? __mutex_lock+0x380/0x10c0 [ 681.011666][T14660] ? ucma_resolve_ip+0x18e/0x310 [ 681.011703][T14660] ucma_resolve_ip+0x1d8/0x310 [ 681.011725][T14660] ? __pfx_ucma_resolve_ip+0x10/0x10 [ 681.011755][T14660] ? __pfx_ucma_resolve_ip+0x10/0x10 [ 681.011774][T14660] ucma_write+0x2db/0x430 [ 681.011798][T14660] ? __pfx_ucma_write+0x10/0x10 [ 681.011816][T14660] ? bpf_lsm_file_permission+0x9/0x10 [ 681.011832][T14660] ? rw_verify_area+0x246/0x630 [ 681.011846][T14660] ? __pfx_ucma_write+0x10/0x10 [ 681.011866][T14660] vfs_write+0x2bc/0xd10 [ 681.011894][T14660] ? __pfx_vfs_write+0x10/0x10 [ 681.011910][T14660] ? __fget_files+0x2a/0x420 [ 681.011922][T14660] ? __fget_files+0x2a/0x420 [ 681.011936][T14660] ? __fget_files+0x39d/0x420 [ 681.011947][T14660] ? __fget_files+0x2a/0x420 [ 681.011965][T14660] ksys_write+0x19d/0x2d0 [ 681.011983][T14660] ? __pfx_ksys_write+0x10/0x10 [ 681.012002][T14660] ? do_syscall_64+0xb6/0x230 [ 681.012022][T14660] do_syscall_64+0xf3/0x230 [ 681.012039][T14660] ? clear_bhb_loop+0x45/0xa0 [ 681.012055][T14660] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.012068][T14660] RIP: 0033:0x7f000c78e169 [ 681.012081][T14660] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 681.012097][T14660] RSP: 002b:00007f000d53b038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 681.012113][T14660] RAX: ffffffffffffffda RBX: 00007f000c9b5fa0 RCX: 00007f000c78e169 [ 681.012123][T14660] RDX: 0000000000000048 RSI: 0000200000000180 RDI: 0000000000000006 [ 681.012132][T14660] RBP: 00007f000d53b090 R08: 0000000000000000 R09: 0000000000000000 [ 681.012140][T14660] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 681.012149][T14660] R13: 0000000000000000 R14: 00007f000c9b5fa0 R15: 00007f000cadfa28 [ 681.012169][T14660] [ 681.432763][ T10] usb 1-1: USB disconnect, device number 111 [ 681.447706][ T5947] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 681.520860][T14669] FAULT_INJECTION: forcing a failure. [ 681.520860][T14669] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 681.540120][T14669] CPU: 1 UID: 0 PID: 14669 Comm: syz.0.2755 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 681.540147][T14669] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 681.540159][T14669] Call Trace: [ 681.540167][T14669] [ 681.540175][T14669] dump_stack_lvl+0x241/0x360 [ 681.540210][T14669] ? __pfx_dump_stack_lvl+0x10/0x10 [ 681.540239][T14669] ? __pfx__printk+0x10/0x10 [ 681.540279][T14669] should_fail_ex+0x424/0x570 [ 681.540329][T14669] _copy_from_user+0x2d/0xb0 [ 681.540361][T14669] restore_altstack+0x9a/0x160 [ 681.540408][T14669] ? __pfx_restore_altstack+0x10/0x10 [ 681.540450][T14669] __do_sys_rt_sigreturn+0x19a/0x290 [ 681.540494][T14669] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 681.540535][T14669] ? do_syscall_64+0xb6/0x230 [ 681.540567][T14669] do_syscall_64+0xf3/0x230 [ 681.540594][T14669] ? clear_bhb_loop+0x45/0xa0 [ 681.540620][T14669] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 681.540641][T14669] RIP: 0033:0x7f716e72a359 [ 681.540660][T14669] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 681.540679][T14669] RSP: 002b:00007f716f570a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 681.540701][T14669] RAX: ffffffffffffffda RBX: 00007f716e9b5fa0 RCX: 00007f716e72a359 [ 681.540717][T14669] RDX: 00007f716f570a80 RSI: 00007f716f570bb0 RDI: 0000000000000021 [ 681.540732][T14669] RBP: 00007f716f571090 R08: 0000000000000000 R09: 0000000000000000 [ 681.540746][T14669] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 681.540759][T14669] R13: 0000000000000000 R14: 00007f716e9b5fa0 R15: 00007f716eadfa28 [ 681.540792][T14669] [ 681.713606][ C1] vkms_vblank_simulate: vblank timer overrun [ 681.741549][ T5947] usb 2-1: config 0 has no interfaces? [ 681.754087][ T5947] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 681.776398][ T5947] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 681.788912][ T5947] usb 2-1: Product: syz [ 681.789322][T14663] fuse: Bad value for 'fd' [ 681.793079][ T5947] usb 2-1: Manufacturer: syz [ 681.806015][ T47] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 681.956567][ T5947] usb 2-1: SerialNumber: syz [ 681.967698][ T5947] usb 2-1: config 0 descriptor?? [ 681.984433][T14679] trusted_key: encrypted_key: insufficient parameters specified [ 682.182083][ T47] usb 4-1: Using ep0 maxpacket: 16 [ 682.209029][ T47] usb 4-1: New USB device found, idVendor=09e8, idProduct=0062, bcdDevice=80.f2 [ 682.221377][ T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 682.240179][ T47] usb 4-1: Product: syz [ 682.245202][ T47] usb 4-1: Manufacturer: syz [ 682.250173][ T47] usb 4-1: SerialNumber: syz [ 682.290447][ T47] usb 4-1: config 0 descriptor?? [ 682.310913][ T47] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 682.472735][ T47] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 682.486176][T11030] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 682.523125][ T47] usb 4-1: USB disconnect, device number 32 [ 682.697969][ T5919] udevd[5919]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 682.759327][T14689] netlink: 'syz.0.2760': attribute type 9 has an invalid length. [ 682.785814][T14689] netlink: 'syz.0.2760': attribute type 6 has an invalid length. [ 683.694959][ T5947] usb 2-1: USB disconnect, device number 22 [ 684.271445][T14701] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2766'. [ 684.295880][T14701] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2766'. [ 684.315111][T14701] netlink: 148 bytes leftover after parsing attributes in process `syz.1.2766'. [ 684.626101][ T5947] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 684.787695][ T5947] usb 2-1: config 0 has an invalid interface number: 156 but max is 0 [ 684.810136][ T5947] usb 2-1: config 0 has no interface number 0 [ 684.831848][ T5947] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 684.840909][T14711] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2770'. [ 684.859528][ T5947] usb 2-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 684.875749][ T5947] usb 2-1: config 0 interface 156 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 684.892519][ T5947] usb 2-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 684.901993][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 684.904508][T14708] fuse: Bad value for 'fd' [ 684.918344][ T5947] usb 2-1: config 0 descriptor?? [ 684.935962][ T5947] gspca_main: spca561-2.14.0 probing abcd:cdee [ 685.401925][T14717] FAULT_INJECTION: forcing a failure. [ 685.401925][T14717] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 685.422620][T14717] CPU: 0 UID: 0 PID: 14717 Comm: syz.2.2772 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 685.422648][T14717] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 685.422662][T14717] Call Trace: [ 685.422670][T14717] [ 685.422679][T14717] dump_stack_lvl+0x241/0x360 [ 685.422724][T14717] ? __pfx_dump_stack_lvl+0x10/0x10 [ 685.422754][T14717] ? __pfx__printk+0x10/0x10 [ 685.422790][T14717] should_fail_ex+0x424/0x570 [ 685.422815][T14717] _copy_to_user+0x31/0xb0 [ 685.422844][T14717] simple_read_from_buffer+0xc4/0x170 [ 685.422875][T14717] proc_fail_nth_read+0x1ef/0x260 [ 685.422903][T14717] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 685.422926][T14717] ? rw_verify_area+0x246/0x630 [ 685.422945][T14717] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 685.422966][T14717] vfs_read+0x21f/0xb90 [ 685.422992][T14717] ? __pfx___mutex_lock+0x10/0x10 [ 685.423016][T14717] ? __pfx_vfs_read+0x10/0x10 [ 685.423040][T14717] ? __fget_files+0x2a/0x420 [ 685.423059][T14717] ? __fget_files+0x39d/0x420 [ 685.423074][T14717] ? __fget_files+0x2a/0x420 [ 685.423099][T14717] ksys_read+0x19d/0x2d0 [ 685.423123][T14717] ? __pfx_ksys_read+0x10/0x10 [ 685.423150][T14717] ? do_syscall_64+0xb6/0x230 [ 685.423176][T14717] do_syscall_64+0xf3/0x230 [ 685.423199][T14717] ? clear_bhb_loop+0x45/0xa0 [ 685.423222][T14717] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 685.423240][T14717] RIP: 0033:0x7f44c278cb7c [ 685.423256][T14717] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 685.423273][T14717] RSP: 002b:00007f44c3631030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 685.423318][T14717] RAX: ffffffffffffffda RBX: 00007f44c29b5fa0 RCX: 00007f44c278cb7c [ 685.423333][T14717] RDX: 000000000000000f RSI: 00007f44c36310a0 RDI: 0000000000000003 [ 685.423359][T14717] RBP: 00007f44c3631090 R08: 0000000000000000 R09: 0000000000000000 [ 685.423371][T14717] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 685.423383][T14717] R13: 0000000000000001 R14: 00007f44c29b5fa0 R15: 00007f44c2adfa28 [ 685.423409][T14717] [ 685.698059][ T5947] spca561 2-1:0.156: probe with driver spca561 failed with error -22 [ 685.707430][ T5947] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 685.714442][ T5947] usb 2-1: MIDIStreaming interface descriptor not found [ 685.905606][T14722] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2775'. [ 685.933069][T14722] vlan2: entered promiscuous mode [ 686.487628][T14736] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2779'. [ 686.640088][T14738] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2780'. [ 686.832248][T14743] vxcan1: tx address claim with different name [ 687.116311][T11030] usb 1-1: new high-speed USB device number 112 using dummy_hcd [ 687.249679][ T10] usb 2-1: USB disconnect, device number 23 [ 687.306819][T11030] usb 1-1: Using ep0 maxpacket: 32 [ 687.318740][T11030] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 687.344866][T14757] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2786'. [ 687.346060][T11030] usb 1-1: config 0 has no interface number 0 [ 687.375140][T11030] usb 1-1: config 0 interface 184 has no altsetting 0 [ 687.377220][T14759] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2787'. [ 687.408496][T11030] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 687.445759][T11030] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 687.453819][T11030] usb 1-1: Product: syz [ 687.472122][T11030] usb 1-1: Manufacturer: syz [ 687.485751][T11030] usb 1-1: SerialNumber: syz [ 687.509449][T11030] usb 1-1: config 0 descriptor?? [ 687.528041][T11030] smsc75xx v1.0.0 [ 688.042149][T14777] FAULT_INJECTION: forcing a failure. [ 688.042149][T14777] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 688.063482][T14777] CPU: 0 UID: 0 PID: 14777 Comm: syz.3.2793 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 688.063512][T14777] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 688.063525][T14777] Call Trace: [ 688.063533][T14777] [ 688.063542][T14777] dump_stack_lvl+0x241/0x360 [ 688.063577][T14777] ? __pfx_dump_stack_lvl+0x10/0x10 [ 688.063605][T14777] ? __pfx__printk+0x10/0x10 [ 688.063644][T14777] should_fail_ex+0x424/0x570 [ 688.063670][T14777] fpu__restore_sig+0x1c3/0x11d0 [ 688.063696][T14777] ? __lock_acquire+0xad5/0xd80 [ 688.063727][T14777] ? __pfx_fpu__restore_sig+0x10/0x10 [ 688.063778][T14777] restore_sigcontext+0x685/0x7d0 [ 688.063804][T14777] ? __pfx_restore_sigcontext+0x10/0x10 [ 688.063858][T14777] __do_sys_rt_sigreturn+0x1bf/0x290 [ 688.063879][T14777] ? __pfx___do_sys_rt_sigreturn+0x10/0x10 [ 688.063914][T14777] ? do_syscall_64+0xb6/0x230 [ 688.063941][T14777] do_syscall_64+0xf3/0x230 [ 688.063964][T14777] ? clear_bhb_loop+0x45/0xa0 [ 688.063986][T14777] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 688.064004][T14777] RIP: 0033:0x7f000c78e167 [ 688.064019][T14777] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 688.064035][T14777] RSP: 002b:00007f000d53b038 EFLAGS: 00000246 [ 688.064051][T14777] RAX: 0000000000000000 RBX: 00007f000c9b5fa0 RCX: 00007f000c78e169 [ 688.064065][T14777] RDX: 0000000000002020 RSI: 0000200000001f40 RDI: 0000000000000003 [ 688.064077][T14777] RBP: 00007f000d53b090 R08: 0000000000000000 R09: 0000000000000000 [ 688.064089][T14777] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 688.064100][T14777] R13: 0000000000000000 R14: 00007f000c9b5fa0 R15: 00007f000cadfa28 [ 688.064128][T14777] [ 688.243884][T11030] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 688.256537][T11030] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 688.687308][T14789] Dev loop2: unable to read RDB block 1 [ 688.796572][T14789] loop2: unable to read partition table [ 688.802408][T14789] loop2: partition table beyond EOD, truncated [ 688.865875][T14789] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 688.895856][ T10] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 689.068480][ T10] usb 4-1: config 0 has no interfaces? [ 689.079767][ T10] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 689.115491][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 689.135821][ T10] usb 4-1: Product: syz [ 689.140004][ T10] usb 4-1: Manufacturer: syz [ 689.153958][ T10] usb 4-1: SerialNumber: syz [ 689.163815][ T10] usb 4-1: config 0 descriptor?? [ 689.319912][T14806] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2802'. [ 689.893001][T14817] tipc: Enabling of bearer rejected, failed to enable media [ 690.038450][T14822] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2808'. [ 690.252520][T14824] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2810'. [ 690.512863][T14829] program syz.4.2812 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 690.979840][T11030] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 690.993372][T11030] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 691.006719][T11030] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 691.020743][T11030] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71 [ 691.068819][T11030] usb 1-1: USB disconnect, device number 112 [ 691.175792][ T47] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 691.220480][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 691.229729][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 691.238477][T14843] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2816'. [ 691.255972][T14843] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2816'. [ 691.314146][T14841] vlan2: entered promiscuous mode [ 691.331301][ T47] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 691.381430][ T47] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 691.417125][ T47] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 691.419468][T14846] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2818'. [ 691.426759][ T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 691.443992][ T47] usb 2-1: Product: syz [ 691.460151][ T47] usb 2-1: Manufacturer: syz [ 691.464917][ T47] usb 2-1: SerialNumber: syz [ 691.614673][T14849] fuse: Unknown parameter '000000000000000000040x0000000000000004' [ 691.700596][T14837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 691.747650][T14837] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 691.845826][ T10] usb 4-1: USB disconnect, device number 33 [ 692.037984][ T47] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 692.214876][ T47] usb 2-1: USB disconnect, device number 24 [ 692.480474][T14881] netlink: 'syz.0.2827': attribute type 9 has an invalid length. [ 692.488536][T14881] netlink: 'syz.0.2827': attribute type 6 has an invalid length. [ 692.533322][T14884] netlink: 'syz.4.2829': attribute type 72 has an invalid length. [ 692.550476][T14884] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2829'. [ 692.556673][T14885] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2828'. [ 692.605819][ T10] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 692.617073][ T47] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 692.765877][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 692.785813][ T47] usb 2-1: device descriptor read/64, error -71 [ 692.792831][ T10] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 692.833087][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 692.853762][ T10] usb 3-1: config 0 descriptor?? [ 692.934100][ T10] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 692.977932][T14894] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 693.025957][ T47] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 693.085797][T11030] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 693.246024][ T47] usb 2-1: device descriptor read/64, error -71 [ 693.312908][T14897] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 693.323384][T14897] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 693.332108][T14897] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 693.339934][T11030] usb 4-1: config 0 has no interfaces? [ 693.351755][T14897] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 693.359779][ T47] usb usb2-port1: attempt power cycle [ 693.366101][T14897] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 693.406014][T11030] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 693.423622][T11030] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 693.471979][T11030] usb 4-1: Product: syz [ 693.522733][T11030] usb 4-1: Manufacturer: syz [ 693.592588][T11030] usb 4-1: SerialNumber: syz [ 693.611068][T11030] usb 4-1: config 0 descriptor?? [ 693.705978][ T47] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 693.747262][ T47] usb 2-1: device descriptor read/8, error -71 [ 694.026088][ T47] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 694.291584][ T47] usb 2-1: device not accepting address 28, error -71 [ 694.332094][ T47] usb usb2-port1: unable to enumerate USB device [ 694.611177][T14898] chnl_net:caif_netlink_parms(): no params data found [ 694.806794][ T47] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 694.935924][ T10] gspca_sonixj: i2c_w8 err -110 [ 694.955889][ T10] sonixj 3-1:0.0: probe with driver sonixj failed with error -110 [ 694.978840][T14898] bridge0: port 1(bridge_slave_0) entered blocking state [ 694.986755][T14898] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.996372][ T47] usb 2-1: config 0 has no interfaces? [ 695.018931][ T47] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 695.028202][ T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 695.044940][ T47] usb 2-1: Product: syz [ 695.050025][ T47] usb 2-1: Manufacturer: syz [ 695.054648][T14898] bridge_slave_0: entered allmulticast mode [ 695.059956][T14898] bridge_slave_0: entered promiscuous mode [ 695.065575][ T47] usb 2-1: SerialNumber: syz [ 695.090261][T14898] bridge0: port 2(bridge_slave_1) entered blocking state [ 695.103935][ T47] usb 2-1: config 0 descriptor?? [ 695.107031][T14898] bridge0: port 2(bridge_slave_1) entered disabled state [ 695.119530][T14898] bridge_slave_1: entered allmulticast mode [ 695.130103][T14898] bridge_slave_1: entered promiscuous mode [ 695.283016][T14898] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 695.306276][T14898] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 695.343343][ T30] audit: type=1326 audit(1744903192.138:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14907 comm="syz.1.2835" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f566ef8e169 code=0x0 [ 695.456915][T14897] Bluetooth: hci5: command tx timeout [ 695.691778][ T10] usb 3-1: USB disconnect, device number 26 [ 695.774874][T14921] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2837'. [ 695.784721][T14921] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2837'. [ 696.031730][ T2912] bond0 (unregistering): left promiscuous mode [ 696.050092][ T2912] bond0 (unregistering): Released all slaves [ 696.068166][T14898] team0: Port device team_slave_0 added [ 696.085578][T14898] team0: Port device team_slave_1 added [ 696.124430][ T2912] tipc: Left network mode [ 696.150965][T14898] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 696.162632][T14898] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 696.165812][ T10] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 696.196128][T14898] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 696.232447][T14898] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 696.239585][T14898] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 696.268204][T14898] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 696.355760][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 696.373410][ T10] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 696.393575][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 696.407456][T14898] hsr_slave_0: entered promiscuous mode [ 696.418718][ T10] usb 3-1: Product: syz [ 696.424198][T14898] hsr_slave_1: entered promiscuous mode [ 696.431863][ T10] usb 3-1: Manufacturer: syz [ 696.444012][T14898] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 696.451786][ T10] usb 3-1: SerialNumber: syz [ 696.463926][ T10] usb 3-1: config 0 descriptor?? [ 696.469074][T14898] Cannot create hsr debugfs directory [ 696.478640][ T10] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 696.628451][T11030] usb 4-1: USB disconnect, device number 34 [ 696.817635][ T10] gspca_sonixj: reg_w1 err -71 [ 696.837319][ T10] sonixj 3-1:0.0: probe with driver sonixj failed with error -71 [ 696.861834][ T10] usb 3-1: USB disconnect, device number 27 [ 696.997763][T14939] netlink: 'syz.3.2840': attribute type 72 has an invalid length. [ 697.007775][T14939] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2840'. [ 697.079275][ T2912] mac80211_hwsim hwsim4 wlan0 (unregistering): left allmulticast mode [ 697.197500][T14943] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2841'. [ 697.484417][ T2912] hsr_slave_0: left promiscuous mode [ 697.490562][ T2912] hsr_slave_1: left promiscuous mode [ 697.554062][T14897] Bluetooth: hci5: command tx timeout [ 697.600390][ T2912] [ 697.602756][ T2912] ====================================================== [ 697.609778][ T2912] WARNING: possible circular locking dependency detected [ 697.616797][ T2912] 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 Not tainted [ 697.623904][ T2912] ------------------------------------------------------ [ 697.630920][ T2912] kworker/u8:7/2912 is trying to acquire lock: [ 697.637067][ T2912] ffff888060068e00 (team->team_lock_key#4){+.+.}-{4:4}, at: team_vlan_rx_kill_vid+0x36/0xe0 [ 697.647182][ T2912] [ 697.647182][ T2912] but task is already holding lock: [ 697.654545][ T2912] ffff8880601c0d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2510 [ 697.666164][ T2912] [ 697.666164][ T2912] which lock already depends on the new lock. [ 697.666164][ T2912] [ 697.676564][ T2912] [ 697.676564][ T2912] the existing dependency chain (in reverse order) is: [ 697.685571][ T2912] [ 697.685571][ T2912] -> #1 (&dev_instance_lock_key#3){+.+.}-{4:4}: [ 697.694012][ T2912] lock_acquire+0x116/0x2f0 [ 697.699043][ T2912] __mutex_lock+0x1a5/0x10c0 [ 697.704173][ T2912] dev_set_mtu+0x11c/0x270 [ 697.709114][ T2912] team_add_slave+0x83b/0x28b0 [ 697.714404][ T2912] do_set_master+0x579/0x730 [ 697.719517][ T2912] do_setlink+0xf76/0x4390 [ 697.724450][ T2912] rtnl_newlink+0x17e2/0x1fe0 [ 697.729653][ T2912] rtnetlink_rcv_msg+0x80f/0xd70 [ 697.735114][ T2912] netlink_rcv_skb+0x208/0x480 [ 697.740401][ T2912] netlink_unicast+0x7f8/0x9a0 [ 697.745688][ T2912] netlink_sendmsg+0x8c3/0xcd0 [ 697.750988][ T2912] __sock_sendmsg+0x221/0x270 [ 697.756190][ T2912] ____sys_sendmsg+0x523/0x860 [ 697.761523][ T2912] __sys_sendmsg+0x271/0x360 [ 697.766643][ T2912] do_syscall_64+0xf3/0x230 [ 697.771674][ T2912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 697.778092][ T2912] [ 697.778092][ T2912] -> #0 (team->team_lock_key#4){+.+.}-{4:4}: [ 697.786277][ T2912] validate_chain+0xa69/0x24e0 [ 697.791568][ T2912] __lock_acquire+0xad5/0xd80 [ 697.796783][ T2912] lock_acquire+0x116/0x2f0 [ 697.801807][ T2912] __mutex_lock+0x1a5/0x10c0 [ 697.806914][ T2912] team_vlan_rx_kill_vid+0x36/0xe0 [ 697.812544][ T2912] vlan_vid_del+0x483/0x770 [ 697.817580][ T2912] vlan_device_event+0x23c/0x1e00 [ 697.823130][ T2912] notifier_call_chain+0x1a5/0x3f0 [ 697.828771][ T2912] dev_close_many+0x33e/0x4c0 [ 697.833974][ T2912] unregister_netdevice_many_notify+0x628/0x2510 [ 697.840827][ T2912] default_device_exit_batch+0x7ff/0x880 [ 697.846989][ T2912] cleanup_net+0x8af/0xd60 [ 697.851935][ T2912] process_scheduled_works+0xac3/0x18e0 [ 697.857999][ T2912] worker_thread+0x870/0xd50 [ 697.863192][ T2912] kthread+0x7b7/0x940 [ 697.867782][ T2912] ret_from_fork+0x4b/0x80 [ 697.872717][ T2912] ret_from_fork_asm+0x1a/0x30 [ 697.877999][ T2912] [ 697.877999][ T2912] other info that might help us debug this: [ 697.877999][ T2912] [ 697.888241][ T2912] Possible unsafe locking scenario: [ 697.888241][ T2912] [ 697.895684][ T2912] CPU0 CPU1 [ 697.901047][ T2912] ---- ---- [ 697.906405][ T2912] lock(&dev_instance_lock_key#3); [ 697.911617][ T2912] lock(team->team_lock_key#4); [ 697.919076][ T2912] lock(&dev_instance_lock_key#3); [ 697.926799][ T2912] lock(team->team_lock_key#4); [ 697.931740][ T2912] [ 697.931740][ T2912] *** DEADLOCK *** [ 697.931740][ T2912] [ 697.939870][ T2912] 5 locks held by kworker/u8:7/2912: [ 697.945144][ T2912] #0: ffff88801bef6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 697.956027][ T2912] #1: ffffc9000b9c7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 697.966554][ T2912] #2: ffffffff900f0a90 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17c/0xd60 [ 697.975954][ T2912] #3: ffffffff900fd5c8 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xde/0x880 [ 697.985966][ T2912] #4: ffff8880601c0d30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2510 [ 697.997980][ T2912] [ 697.997980][ T2912] stack backtrace: [ 698.003862][ T2912] CPU: 1 UID: 0 PID: 2912 Comm: kworker/u8:7 Not tainted 6.15.0-rc2-syzkaller-00087-gcfb2e2c57aef #0 PREEMPT(full) [ 698.003883][ T2912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 698.003895][ T2912] Workqueue: netns cleanup_net [ 698.003921][ T2912] Call Trace: [ 698.003928][ T2912] [ 698.003935][ T2912] dump_stack_lvl+0x241/0x360 [ 698.003962][ T2912] ? __pfx_dump_stack_lvl+0x10/0x10 [ 698.003985][ T2912] ? __pfx__printk+0x10/0x10 [ 698.004008][ T2912] ? print_lock+0x171/0x1a0 [ 698.004030][ T2912] print_circular_bug+0x2e1/0x300 [ 698.004053][ T2912] check_noncircular+0x142/0x160 [ 698.004078][ T2912] validate_chain+0xa69/0x24e0 [ 698.004120][ T2912] __lock_acquire+0xad5/0xd80 [ 698.004138][ T2912] lock_acquire+0x116/0x2f0 [ 698.004153][ T2912] ? team_vlan_rx_kill_vid+0x36/0xe0 [ 698.004170][ T2912] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 698.004190][ T2912] __mutex_lock+0x1a5/0x10c0 [ 698.004209][ T2912] ? team_vlan_rx_kill_vid+0x36/0xe0 [ 698.004226][ T2912] ? debug_object_assert_init+0x30e/0x4d0 [ 698.004243][ T2912] ? team_vlan_rx_kill_vid+0x36/0xe0 [ 698.004259][ T2912] ? __pfx___mutex_lock+0x10/0x10 [ 698.004280][ T2912] ? addrconf_ifdown+0xbd8/0x1b10 [ 698.004302][ T2912] team_vlan_rx_kill_vid+0x36/0xe0 [ 698.004319][ T2912] vlan_vid_del+0x483/0x770 [ 698.004346][ T2912] vlan_device_event+0x23c/0x1e00 [ 698.004364][ T2912] ? br_device_event+0x28f/0xae0 [ 698.004385][ T2912] ? __pfx_phonet_device_notify+0x10/0x10 [ 698.004401][ T2912] ? __pfx_vlan_device_event+0x10/0x10 [ 698.004416][ T2912] ? __pfx_br_device_event+0x10/0x10 [ 698.004436][ T2912] ? raw_notifier+0x9d/0x740 [ 698.004462][ T2912] ? isotp_notifier+0xa4/0x6b0 [ 698.004477][ T2912] ? cgw_notifier+0xd8/0x3b0 [ 698.004490][ T2912] ? packet_notifier+0x76/0xa30 [ 698.004512][ T2912] notifier_call_chain+0x1a5/0x3f0 [ 698.004534][ T2912] dev_close_many+0x33e/0x4c0 [ 698.004558][ T2912] ? __pfx_dev_close_many+0x10/0x10 [ 698.004583][ T2912] unregister_netdevice_many_notify+0x628/0x2510 [ 698.004605][ T2912] ? lockdep_hardirqs_on+0x9d/0x150 [ 698.004641][ T2912] ? __local_bh_enable_ip+0x168/0x200 [ 698.004658][ T2912] ? batadv_tt_local_remove+0x119/0x230 [ 698.004676][ T2912] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 698.004692][ T2912] ? batadv_tt_local_remove+0x119/0x230 [ 698.004710][ T2912] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 698.004737][ T2912] ? unregister_netdevice_queue+0x2c4/0x400 [ 698.004759][ T2912] ? batadv_meshif_destroy_netlink+0x1e6/0x270 [ 698.004784][ T2912] default_device_exit_batch+0x7ff/0x880 [ 698.004813][ T2912] ? __pfx_default_device_exit_batch+0x10/0x10 [ 698.004839][ T2912] ? __pfx_rdma_dev_exit_net+0x10/0x10 [ 698.004862][ T2912] ? cfg802154_pernet_exit+0xc3/0xe0 [ 698.004878][ T2912] ? __pfx_default_device_exit_batch+0x10/0x10 [ 698.004904][ T2912] cleanup_net+0x8af/0xd60 [ 698.004931][ T2912] ? __pfx_cleanup_net+0x10/0x10 [ 698.004959][ T2912] ? process_scheduled_works+0x9cb/0x18e0 [ 698.004977][ T2912] process_scheduled_works+0xac3/0x18e0 [ 698.005006][ T2912] ? __pfx_process_scheduled_works+0x10/0x10 [ 698.005028][ T2912] ? assign_work+0x367/0x3d0 [ 698.005047][ T2912] worker_thread+0x870/0xd50 [ 698.005072][ T2912] ? __kthread_parkme+0x1a8/0x200 [ 698.005093][ T2912] ? __pfx_worker_thread+0x10/0x10 [ 698.005112][ T2912] kthread+0x7b7/0x940 [ 698.005135][ T2912] ? __pfx_worker_thread+0x10/0x10 [ 698.005173][ T2912] ? __pfx_kthread+0x10/0x10 [ 698.005196][ T2912] ? __pfx_kthread+0x10/0x10 [ 698.005218][ T2912] ? __pfx_kthread+0x10/0x10 [ 698.005241][ T2912] ? __pfx_kthread+0x10/0x10 [ 698.005264][ T2912] ? _raw_spin_unlock_irq+0x23/0x50 [ 698.005281][ T2912] ? lockdep_hardirqs_on+0x9d/0x150 [ 698.005300][ T2912] ? __pfx_kthread+0x10/0x10 [ 698.005323][ T2912] ret_from_fork+0x4b/0x80 [ 698.005342][ T2912] ? __pfx_kthread+0x10/0x10 [ 698.005365][ T2912] ret_from_fork_asm+0x1a/0x30 [ 698.005387][ T2912] [ 698.430278][T14951] loop6: detected capacity change from 0 to 7 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 698.851238][T14951] Dev loop6: unable to read RDB block 7 [ 698.880953][T14951] loop6: unable to read partition table [ 699.071403][T14951] loop6: partition table beyond EOD, truncated [ 699.131953][T14951] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 699.615992][T14897] Bluetooth: hci5: command tx timeout [ 700.089575][ T5947] usb 2-1: USB disconnect, device number 29 [ 700.097455][ T6580] bridge0: port 1(syz_tun) entered disabled state [ 700.107663][ T6580] syz_tun (unregistering): left allmulticast mode [ 700.114193][ T6580] syz_tun (unregistering): left promiscuous mode [ 700.120911][ T6580] bridge0: port 1(syz_tun) entered disabled state [ 700.161194][ T6658] syz_tun (unregistering): left allmulticast mode [ 700.167721][ T6658] syz_tun (unregistering): left promiscuous mode [ 700.174607][ T6658] bridge0: port 3(syz_tun) entered disabled state