last executing test programs: 8.080920795s ago: executing program 3 (id=1461): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-3way\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040), 0x0, 0x40800) recvmmsg$unix(r1, &(0x7f0000001e40)=[{{0x0, 0x0, &(0x7f0000001e00)=[{&(0x7f0000000a80)=""/14, 0xe}, {&(0x7f0000000cc0)=""/178, 0xb2}], 0x2}}], 0x1, 0x10000, 0x0) 8.011286479s ago: executing program 3 (id=1462): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00') fchdir(r0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$packet(0x11, 0x3, 0x300) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r3) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socket$xdp(0x2c, 0x3, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r5 = dup(r4) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r5, 0x0, 0xffffffdb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 7.082618214s ago: executing program 3 (id=1477): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0xb, 0x59032, 0xffffffffffffffff, 0x0) r0 = userfaultfd(0x1) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) setfsuid(0xffffffffffffffff) r1 = userfaultfd(0x801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)={0xaa, 0x4}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) ioctl$UFFDIO_COPY(r0, 0xc028aa03, &(0x7f0000000100)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000339000/0x1000)=nil, 0x800000}) socket$inet_tcp(0x2, 0x1, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x2, 0x0, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_open_dev$usbfs(&(0x7f0000000100), 0x45e, 0x430003) r3 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001600), 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x47}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a0103"], 0x7c}}, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000040)={&(0x7f0000000500)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xf8, 0xf8, 0x5, [@union={0xb, 0x1, 0x0, 0x5, 0x1, 0x0, [{0x8, 0x3, 0x8b48}]}, @union={0xe, 0x4, 0x0, 0x5, 0x1, 0x36, [{0xd, 0x4, 0x6}, {0xd, 0x2, 0x4}, {0xb, 0x0, 0xfffffffe}, {0x9, 0x5, 0x9}]}, @decl_tag={0x7, 0x0, 0x0, 0x11, 0x4}, @fwd={0xa}, @union={0x7, 0x7, 0x0, 0x5, 0x1, 0x6, [{0x1, 0x0, 0x6}, {0x5, 0x5, 0x1}, {0x2, 0x4, 0xe4}, {0x6, 0x3}, {0x5, 0x4, 0xfffffffa}, {0x9, 0x1, 0xaef}, {0x5, 0x0, 0x3}]}, @typedef={0x4}, @ptr={0x4, 0x0, 0x0, 0x2, 0x3}, @int={0xf, 0x0, 0x0, 0x1, 0x0, 0x43, 0x0, 0x75, 0x6}]}, {0x0, [0x61, 0x30, 0x0]}}, &(0x7f00000003c0)=""/134, 0x115, 0x86, 0x0, 0x9, 0x10000, @value}, 0x28) sendmsg$NFT_BATCH(r3, &(0x7f0000000300)={0x0, 0x0, 0x0}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) openat$tun(0xffffffffffffff9c, 0x0, 0x12000, 0x0) mount$9p_virtio(0x0, &(0x7f00000001c0)='./file0\x00', &(0x7f0000000200), 0x1000012, &(0x7f0000000280)=ANY=[]) bpf$MAP_CREATE(0x0, 0x0, 0x50) 6.141568193s ago: executing program 3 (id=1485): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000001c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0xc, 0xf}}, [@qdisc_kind_options=@q_drr={0x8}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8001}, 0x20008850) sendmsg$nl_route_sched(r1, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x34, 0x2c, 0xd3f, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r3, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) 6.066566862s ago: executing program 3 (id=1489): r0 = socket$inet(0xa, 0x801, 0x84) listen(r0, 0x8) r1 = syz_io_uring_setup(0xd2, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x4, 0xd2}, &(0x7f00000002c0)=0x0, &(0x7f0000000080)=0x0) r4 = open(0x0, 0x0, 0x0) socket(0x1, 0x3, 0x0) r5 = syz_open_dev$midi(&(0x7f00000012c0), 0x80, 0x2) ioctl$SNDRV_RAWMIDI_IOCTL_INFO(r5, 0x810c5701, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="02c9300c0008000500160804000200f6ff"], 0x11) r6 = fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) r7 = socket$l2tp6(0xa, 0x2, 0x73) getpeername$inet6(r7, 0x0, 0x0) ioctl$USBDEVFS_SUBMITURB(r6, 0x8038550a, &(0x7f0000000000)=@urb_type_control={0x2, {}, 0x0, 0x0, &(0x7f0000000080)={0x0, 0xb, 0x0, 0x0, 0x7995}, 0xfcb5, 0x0, 0x0, 0x48000000, 0x0, 0x0, 0x0}) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) r8 = socket$inet6(0xa, 0x3, 0x7) connect$inet6(r8, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x18, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000"], &(0x7f00000004c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0xd, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_MADVISE={0x19, 0x7b, 0x0, 0x0, 0x0, &(0x7f0000011000/0x4000)=nil, 0x4000, 0xc}) io_uring_enter(r1, 0xc6, 0x37d8, 0x12, 0x0, 0x0) ioctl$NS_GET_OWNER_UID(r6, 0xb704, &(0x7f0000000a80)=0x0) fstat(r1, &(0x7f0000000ac0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r11 = openat$dir(0xffffff9c, &(0x7f0000000b40)='./file0\x00', 0x800, 0x0) sendmsg$netlink(0xffffffffffffffff, &(0x7f0000000c40)={&(0x7f0000000100)=@proc={0x10, 0x0, 0x25dfdbfc, 0x8000000}, 0xc, &(0x7f0000000900)=[{&(0x7f00000001c0)=ANY=[@ANYBLOB="2000000000020027bd7000ffdb000008009300ffffff7f05008700000000007f44e716c46f3b724f12bde700fa6900"], 0x20}, {&(0x7f0000000500)={0xe4, 0x26, 0x2, 0x70bd26, 0x25dfdbff, "", [@typed={0x14, 0x7, 0x0, 0x0, @ipv6=@ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}, @nested={0x1c, 0x4, 0x0, 0x1, [@typed={0x8, 0x15, 0x0, 0x0, @uid}, @typed={0x8, 0xf0, 0x0, 0x0, @pid}, @typed={0x8, 0xcd, 0x0, 0x0, @uid}]}, @typed={0x14, 0xf0, 0x0, 0x0, @ipv6=@mcast1}, @nested={0x84, 0x137, 0x0, 0x1, [@generic="5a891ed9d1cb63ee3b7f98e0665aa59ce7c74db4836262c172e0b6dfcf85ba4905c23f5f1ef8b033da2b4de229ae0d3adc7449e9d4ad56c539cd0b169dd473e7095310be179e65a66051d5c0afe88cd95b181b134a460d1b8e14fbf0aaf6474d80f7ebe0f2536d34b94119291bd3e48d2a6e11f2f74117607876ca716ffea24a"]}, @typed={0x8, 0x104, 0x0, 0x0, @uid}, @typed={0x4, 0xa9}]}, 0xe4}, {&(0x7f0000001300)={0x13e8, 0x38, 0x1, 0x70bd25, 0x25dfdbfb, "", [@generic="c32d16099640c3f6d3247b0d5b6cdb8afba6f2aa485cda1bbc274a9b02ee3d807fa669fdb1e25c45655aa9580537bf29d202e3b1704ac02fa4ae85d3899ccc2265bfc98d337418693586ae9e57cb8bf8fcf838e8a8398e7396a33d2dfb97fd30dc6c8fc30ac5fefee2fa9c7d1249cddbc99edfae8ad64caa97b0617861827d883c03de9a1da251b547977caa86bbb085f674c6c857c63f2d698e66a364660a161152019c984d7d81ffccd7028f0578972b554744283aa88855f3dffbaca5677231cc907ffc8e653e1d0f30845fba618c49ccc6", @typed={0x4, 0x69}, @typed={0x8, 0x9c, 0x0, 0x0, @fd}, @typed={0x14, 0xcc, 0x0, 0x0, @ipv6=@mcast1}, @generic="7002bd7d6aa87de28df730ea12fec94bab24e77486844cfb690dddf187d875c3c881f76d0becdd534c9bd67e06812caf0326c298384ca97ee5d410e2707fd4983ded6bb56611a98c90c7e2a5f33b850bce616d37d60ac2ef052b92e049c80a815d917c284d64af7f3c84bb56e31430c9041e778ef130f1467f78af2ce4e4e049aee39579ed270cfe4d5abc09a4b461b8d19f14ab81754c674502b08c391361db4a200db33521f0680820e7c0a6a3dd3d8ba61d05d7223462b10cfa", @nested={0x1133, 0x9, 0x0, 0x1, [@nested={0x4, 0x5}, @generic="020de0fb06c31276c3b01863a58488eec2c24a5f1c0514c0e805e3fd7bffb3e727a7ee7f1b878a7b9e8900be3a82ec500144642d383b61e6d21e4c9c5a33ab9b9d4b610ce6d7b9513732d9c35774ddc65efc0c2f602f389e36e896c51a0810d5688cd55c21154c78d309cdbcab9d2c335dee0d242409ed645fe5593de5434302ae4683ac795ce5ce089e234f817d362cfd78a9ca11f2c6e93aa12d801ec948b1ea5a435e8492ca0a299489f2150ce633adb68ec24f20d5a0cc53014bf9074aa012", @generic="92575d92adebb18795", @generic="f1ba484e39f50cf0a573fe478a69efcd6b0e2ad2b13403eb058532308e816d7c1d3a31f35281bae5c3296d7c8d7f28786d5afe2ec25ccd4408488cd816d7054387cb65a73a332ca0dc66147e6dbc96dbf05f5a97dc9d04e197", @typed={0x8, 0x8d, 0x0, 0x0, @str='GPL\x00'}, @generic="9a36a625adb4b9e18040f39376587016577d06fde77d78626f36503bcf6ffb58a7e01c34e6be28464ca913a1d653ad43f3a12f01b0c250cd3daa8c5e0e86fb1a541598a63f28777c094f4ee96b2a4f3caf9256bcb1feb3046cc4ed54f73e72c63988354e4ac8e151e4ec304f5eed30f71893b559938c1033e1c74e4a61e617a600138f7441bcea596f4fc70ff89eba74dc3571cbcda0878d7ef27e1a3be3ed598f91a4c31ba87fba5ff11e58fbe4121b3753471095ea4d5fe736783761b4406fc0db1545bf4b719a95c9222443c73a5d725652616dc8d75c02d4ec56ce5b1a9ec452318c7790d6e39c76e61c879a72a38df34d92ce98e1fbfd138fb9cd060d017eab3a8c5350b5af4c71a74b5b068e8a55a92d929a3b74996df0e7794002f67732bccf15cca88085426a3c134e4632ac710a86a0bdd481ea90acc619b6963cb226f01c2eb597eaf7bcbcc613e98a25851a13501b938f2abbe037878a4a51fc6d894cec89684c9cfe6579aac50e4876a49ffde0aa2b1126de5e144d5f88fd24188ddeaebd6969f59d093de96497dab92173bcbf2da0751ad9679373d0fd5cfea0ce191ab50ecf4fce112b6bdaff0aec8b7cde1221f948a6f7642903111fe51fb348b871115946d4a7a246bb0a016cddd5f9b3f1222bf2f92729581843f9e4938d5ebe4f59ab0ddb13730b6643b3610806504ce7cf3ed181902bebafdb287740e5a2d47eb6829c03f026cfc5c4bdb90b9333af39bcf9cf6ef0e03fc3280641c9b8f8d236acbb12a8cf989cb24446840a3e030ad3a61a0f304bebe9a57040ef2299c0f078423698c4e0452888631e972e27470e662f58bec556c7e5e36af067e5bfbcc039fdcf4c70aafcd4cafee2bb6753eb9049d307e0ae0b35b6b479340aa01d85bb31c6685357738771b623b3354018babcdf5e80b9373248969cf7eb93f40e360b63fe5617f12328b57ddefa4c99ae3224d6cbb3c1d4bb92fe80621971d02514b22c5deadb998ae4957862ff4fdc3746fe11059d6a7ab66ff1901df01812dde9892733df164b6976f06711e2b45970c2d0891dfa339a5a06f126a227a0bb9898f40f0377bd8ce0824a44abc03b927739eae513a1cffbeb279e072678fe28cc6f49f4f9086b6a03b9036407f0409e3c0e4a33a474936eaba485f280a06123ce9135974b36f0f3cdc2d2052c0bb293af8c0e8247db1793c2f4d5e2566a2b98add3819bb9800e6e11c86e303f707ff13a69e953d33844e6de9ae44d0b00d9329a10bba5167c8766f07672c902bf67b612280c5cee9be93ee81f4e8b6cbaf0e86608d7ea94f56bb1f3ef0fa9858210190f218627f68e80d3d25baf40c82ff7ba23fa1fae3e1850c039353dc38eaa8f167022f45d586e11b9f89f31f4005f23686a15f4bb7b6f920784f4595528f7aa39859aa8b6c8a8f9efb2fde9c1646de1552789dd8597ed4902ab8571cc26ac132c3776ab16094b1db5f109865c6391e0eeda2fabfb3e5a76779d31e2a9089256d4227f606c20eb0192935cd1475eeb84cefdfa5ea4dfb14fa7e2b60bc8a5e2a867731b7804d51cb8811eb872ae2ea34b9735840ac405e3de08b992b999a00f76becc5c0d3e9589eefe4f518c9637813a37e90da0960ee6e1137f7a4d2894900a1836a5e362bf26acd251da1ce209f1e2007602a14e938660ca8310a8b2a903e8172f756f074353bbc178d9d3799aed67cfd5cf5a83f643ff2bcfa726ae2284974aa6b344f3b51ec65cf5efe9b7f8984bad9c2c54bbc5acc58541695655a836a03b2226f5523c35a6c5501a905040bcecb87091fda70de09a1d18687ac7bcb1078f884b5fa83959c10594aa05d4e6987d3940eaa30801e4e5a8998682e85bb36e1835d941b099a9d42de78ec2ff9a21a533bdaba7944b37366a0984c3e2291344f490cd847b9e134ca9add4ddadf0469d40ff682a7c7c93a8980369fd1d6e6935c3d0206a1e66d4dfca2f5799e0129e38422d1651064700f3f2b752b69387781f76453440440aa1558cb7046ccec8f5b3d9a96b3d2e98b019799523e048eebb85928d8485e82aab1a22bf59f3fe1cd49c95ebb111288752c1cd8ae70913ea19dea239bf222ebc3a29ddc5b3f431aefcb6315a61585b6f3d84b7d368b9ec77604e5dd6a8884356afeaaea48ff4c210981e0744f9118a47a7e69ab45fc316d350d5fbdaf7b8f4358db36d78c8a843f6b36c2b89a8fa9ec0891afb3ad16e947f76aeed5b3547fc76129ddd48cb7b83487f1bd82e2994bc202cb0582140e3eaf6445b2acd6662703c4527e967f24628500a686c7d6d521c68e815f82f1fa1035a0373d5b7ab7f33c799489aa28ac561af4f5810f27c1ba978dc4c7cfb1101a27369735ac18e8371f14992874e899a147f0b461c71a3d920f65a483743c2cd12b0715d27f42270134b5131383207d10eeb3953ba1798498acc08b3d4b478f2930e929369f2f9f0a6b17650101e167e41942550c8afd95531149d4ea85713dc89c1b914ecd73ec318811c10d691ef4ac3de5961c56078f71ccab67a6ebe4d419ec6f8b04e7cb40055dd03695f7388d95e033a20abcb357baf3734b883149f76cbc78efe12dece9bb0bc87e510eb2388672dcb244b19b0f00da83c97df479e2023bae8bb3dff237cd1f1c7f10172b29124a6e3fdccbccb0d6f50d7623f52e2ba02da589af1b7dd168c762aedaaa235f3879bd83db3c05bb38018ad41e120257220141d678de9342db4524d09330bbd109bc3189c30066922cfa828b49b0b126bc327c400d6eaf61e78334204f60c2070bd594db25d901f9eeca6f4ea35a12f25407821fd24db81b6b05fabd3e22c4d58053246d4c18043ff37a6a5690863d5aa05b9b39c95fcef1e5fd3692905acc4e1a57f7592bd58146c5cc89b95a5f97137387e63ecef4ae56121c7e4d839c7b24c5d73628e9bff8edc88a79fd0f3477d9bc377e2dc596aed6337ea60127e3609d024c77ec0587437290bed413fb978a40fffc77c28fbf4a2f346bd93ea3c6e3c6030bbd8efff3711aec478d861a66036c964757cded8c374bf43fd0444db07fa26b1b647832499b27bd7169025277c11c973fe4ac598e907572a93b58a8aac9ba8bb9f30f695b77ef04de103a62b74efa807e01f436a9768d95f14cf121c8e513bbbce90307d443c128760483a3415ad24cbc1cc22690810526686ee8e8cbf6691d48fd132f0a0f62a2f8cab27cef42defcc6ea5a1965003b4f180382cb891fde9291100d00d39d61014ba1ca16dc87ad69116dc9d87e0c928b8adf9d3c8accb802372d21e0387936f2d2a7ab88cb1ba455af006cc8094ef348efff8afee09c5be2fe8c7aa8b33bf1f78d538096a92139292dddc6b9797374fab27fd18d1a8c367ee5928418973ecbebefd3701a989b0da27296b276cb338668bc7e238d52f3a94cd9e9527a90d3e24f778b687587a7dc5ee3fb45962f23562385ffca1114b0578f73e2296df49d915ff662b95d228cdbf62a35a6df5b9334fe214d20419dd05134eeadeebff36a4d72a37770f64fe485415146881e85b5ac989b24df3dd690935c0a3fe80e2c4bc906b13c8d0afb23287a6f2f75e1b24cdab7d7c96df338c04c8b3e40bd6a70072d25d1a34d437cafdc111ee11d7ba04584e4357bf12ad8d39372fdfc83a2ea67eb6ceac982f74f8d10bf9456ff6f9853e43ced8fd5de4da0abf78a1c5c84cc39426da33680012c4b4ca78e3845da77b511ff2e1ff3eb62e73b812087099c4ac03941846bda31143e0fce65146178b6ed40e85a2d570c95bd50e4d8ab80726fa90c10d2a97d57f52cafd0caf7bef919771760e588a35be624ba28d6cff0dce991c41507a9eb519b65b053f73671d8a813d20d2925167040e89fd7b3b935aa50667f7c8bb7679654fa66a88cbc9b7af74f6e8d52e7b52165f25f90b5c978d1b9ad632df19d8746fee337c330a699769ea1ce624219e527c4b5aed27d6e88d169a151b8c8022c25322340ca9d227756d0fd9d2e62d2d50638905b88fa11e8e1bf717dfae8c92f3285bb205f8fb0132423ef9e43cbd3a24eedb89a69bca775f97efb06dd07a00cc5112c9d62e1e425b184f7886a7135f209210addedb78b392977d8b66d90e836c07300504cfeea6f77a8dd4bc4212198650ddc3046eb96f499f1fdd0138005b622284a130fe5456389c162e1fc005da86df4511f9e6d45a062350b6e94c4661f5c7d1f4de7f69d897a406e9c7694e926f5ddc1e495e68b4f0917740fb1d0994fbf1b4e8b027e662000ede6cf3bfaaf34ba89fe474091ef273c4ee98ed608bb6d4cd93251339bfb6f97f51fd0f91dbbbe9c074662abb55a148e042001b4d4fb6707a490abd918244dd4749eaf72f5f853c9f593683f788be27ac12e704095e3c914fabdd1bcdf82307ea76c0a092fb7f6f5d319072a9f77ce4f7fecf64f8048de9d720622f9893299384659b2dea6759335956db7cbb39f4ea5b8b22d6a1dce897eb8fd1beccec4f6d96efcccebd992031fa416735e49828d59df844a368da418e7e22e9bd49deb068cfdd63acda365e403c2c4319d1c31ca2fc303d09522906ec4a930f8adc6b310282746fa8cb4c8417233a8a06e6ef039c43a89a020d27f2a4b23dd9059aa580405e6585c69df37a5d56c7c2363adfee89fa9f9f7a1e5680739e739df023840d830b3665a645ebc174361835b28038cd85939c924e892f90d49f1b79a69d22732cca1d63d3ae9fb7ba7f044785f924dce9e3ae41b2b2a5d9ea8b46c3bf4ec13f6d9ba2fabd3285b052f174a5e97864853fa1c0a89fba6a70ee5d90aec37d128ee5cf13e5f48597560934310e890580203f2d998027ae0d29ac568d62844fe2af62f9355d0903ce2c4b20f1486160ea7b6b65aecf7a5b4f8c488cad466031e6cb6b1396dd8060a3ff2f6907c88588c13e47587f4b3326db03af5205037237141f35f275b7e41cb24a98fdf871eb0390fec8800ddb49b64eb88c47293f5af58de77d2a1864dd1427ad4281764247be0aee1f5f3c67bec6f9559ce2f7f7c18a91188a9f29be6080f8dd60b8af6c84c47e8b30d4c11fb1eda6e088462bf7b51c58cf728b7c63fc9d1b9feeb1bd64d80e521304a30a1880dc429aa96e68b56f6c5c24ebc850a2005da6f0828a70baccdd4134035c338f5a49e9597de61688dfa82f5e05909fcf3a7b75543063c4bb69181e5a6e28d02f32443b08d1533fef9f0b495e67891790af873349c9068d115a0c0d0a5b75e139666740607cf7fe0c155984f166e2254e6176dabfea7a1c1fef57adcac26ae3fbd685ee8dd650cb376118b254c2acf3ad359b7f0f5c052d82bfab2cfe7bc0144b58c005493527ceb73ed853fe95b84cdc98e3d780b3cdaf5e23f21e6284766ebccdb755b52b646b338b266e72befdc2e842f5243a91c92511c984a73314bbdc32118986e527f4c83a49eff6800da5446aebfd71be03c3d032dda51ff4131a267e71238fbf522b8ac3ff7d8e93716928d1b67457a0f071319eef4e5ae51f8b67cbc057de1a8ff52861de51ebc53f3ac1dad4460a5d90961cc9081776b4f1a123ee596a0b49f34bdc6a588c8c4a258c8ba3ddd1fcf587d69ac5e8c4e8334216cbca4355601dd510c94c5f1b4b7ba5fd709f6ceb189351f19de78579dfc393278ac508cbe6c81c7a28df9c01e5929ad64fd7806ddcf7c2085e553ce239f2815c2c1b5b42c52c65ea68b2d1a15a8ff8b11d1e4f26ed506a266f2f172954be634387c637e8701f0c60130f9009bd89761b54ef1c70b6851f332cf0bc4c65b5cb3d48"]}, @typed={0xe1, 0x45, 0x0, 0x0, @binary="268a72c14fc3d31fe21f66b43ddaedbf001b808e203ab6fd052d022a286b8d9d1f2c7f039398d0d141c86dd281096caef3aed1e797b0c9f482e868f2298067e5844849c84bb9343ed23e62ac265cdc1c99015a73c77b2692a3bc8dd2e561e7e83f6e051f8b7409f9fbb1b0b579ab9f90ed30a40c80206ca564ef8b0a3144e9d3fb92b8cc27ea46e2a845cb9629a0504fd7d98ccbe85545957a67797c90b4d7e55433f6c5407d1f172be13591f8ba5c54ba6a05821bbc75ae4b01f7fe608640a17b98eddca28e8b8f32f2fbc2bedfacb604d9eb84858f876a4769338489"}, @typed={0x8, 0x73, 0x0, 0x0, @pid}, @typed={0x8, 0x134, 0x0, 0x0, @fd}]}, 0x13e8}, {&(0x7f00000007c0)={0x10c, 0x33, 0x300, 0x70bd27, 0x25dfdbfd, "", [@generic="35acfcf9f9ef7c2babb59713dcbcea5bbea8fa3277d1b47ca1617b5a52d29e5b329b79ac9c1cddeac1de6b457039392a5574ee6b780455fb0366ec76431a345c258674af33083e11fa16015b80d7c15d16968e7a598c2a085e635e79230504d5d8d0a6a9e714668f8999b36111f2b3d62c973182940768c9877722502f4cc71363084b8e1e840581e0450de35417b2fc84e6c6e0c249ba82b74762303103ac609ffc3e5bde0a5a51b3757857709d22d85be451b8fe695fafe12b4e99b523dac4d4c2081c044cd06f56443197975102bf953440a770426022848fda46bf57bb923f436cec2e9e04d4d0bb5924f16fa5782fb6e0eecde14f3bc6ff132f"]}, 0x10c}], 0x4, &(0x7f0000000b80)=[@rights={{0xc}}, @rights={{0x14, 0x1, 0x1, [r4, r6]}}, @cred={{0x18}}, @cred={{0x18}}, @cred={{0x18, 0x1, 0x2, {0x0, r9, r10}}}, @rights={{0x1c, 0x1, 0x1, [r5, r1, r4, r11]}}], 0x84, 0x4884}, 0x0) 5.790901488s ago: executing program 3 (id=1491): r0 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000480)={0x6, @pix={0xffffffff, 0x0, 0x47504a50, 0x0, 0x2, 0xffff, 0x3, 0xfffffffc, 0x0, 0xb, 0x2, 0x7}}) mkdirat(0xffffffffffffff9c, &(0x7f00000021c0)='./file0\x00', 0x3a) mkdir(&(0x7f0000000400)='./file1\x00', 0x0) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) r1 = syz_init_net_socket$nl_rdma(0x10, 0x3, 0x10) sendmsg$SMC_PNETID_ADD(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)={0x34, 0x0, 0x1, 0x0, 0x0, {}, [@SMC_PNETID_NAME={0x9, 0x1, 'syz2\x00'}, @SMC_PNETID_ETHNAME={0x14, 0x2, 'bond0\x00'}]}, 0x34}}, 0xc800) r2 = socket(0x40000000015, 0x5, 0x0) connect$inet(r2, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) setsockopt$SO_TIMESTAMP(r2, 0x1, 0x3f, &(0x7f0000000000)=0x3500, 0x4) bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000002840)=ANY=[@ANYBLOB="b702000000000000bfa300000000000007030000fd"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bind$inet(r2, &(0x7f0000000340)={0x2, 0x0, @loopback}, 0x57) sendmsg$xdp(r2, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) recvmmsg(r2, &(0x7f0000000b40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=""/11, 0xb}}], 0x5df, 0x2, 0x0) sendmsg$netlink(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000200)=ANY=[@ANYBLOB="180100002e00010000000000fcdbdf2507"], 0x118}], 0x1, 0x0, 0x0, 0x1}, 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f00000005c0), 0x0, &(0x7f0000000400)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f0000000200)='./bus\x00') r3 = openat(0xffffffffffffff9c, &(0x7f0000000240)='.\x00', 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) mount(0x0, &(0x7f0000000240)='./file0\x00', &(0x7f0000000280)='tracefs\x00', 0x0, 0x0) mount$tmpfs(0x0, &(0x7f0000000040)='./file0\x00', 0x0, 0x2204c3b, &(0x7f0000000180)={[{@gid}]}) ioctl$FS_IOC_FSSETXATTR(r3, 0x401c5820, &(0x7f00000002c0)={0x71e5b319, 0xfffffffc, 0x2000000, 0x791, 0x9}) fstat(r0, &(0x7f0000000100)) 4.579830287s ago: executing program 1 (id=1494): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00') fchdir(r0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$packet(0x11, 0x3, 0x300) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_dev$video4linux(&(0x7f00000001c0), 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r5 = socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000502000/0x3000)=nil, 0x3000, 0x2000002, 0x20010, r5, 0x3782f000) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r6) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) 4.42814456s ago: executing program 2 (id=1496): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00') fchdir(r0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$packet(0x11, 0x3, 0x300) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = dup(r3) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r4, 0x2000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r5 = socket$xdp(0x2c, 0x3, 0x0) mmap(&(0x7f0000502000/0x3000)=nil, 0x3000, 0x2000002, 0x20010, r5, 0x3782f000) r6 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r6) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) 3.899009316s ago: executing program 0 (id=1497): timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x0, 0x59, 0x0, 0x200, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0xa, @void, @value, @void, @value}, 0x48) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0x0, @local}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0x34000}], 0x8, 0x0, 0x0, 0x2044}, 0x60) sendmsg$inet(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x2, 0x0, @local}, 0x10, &(0x7f0000000440)=[{&(0x7f00000003c0)='\f', 0x1}], 0x1}, 0x0) 3.691712267s ago: executing program 1 (id=1498): timer_create(0x8, &(0x7f00000002c0)={0x0, 0x21, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@bloom_filter={0x1e, 0x0, 0x59, 0x0, 0x200, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x5, 0xa, @void, @value, @void, @value}, 0x48) r0 = socket$kcm(0xa, 0x5, 0x0) sendmsg$inet(r0, &(0x7f0000000380)={&(0x7f0000000040)={0xa, 0x0, @local}, 0x1c, &(0x7f0000000180)=[{&(0x7f0000000080)="a2", 0x34000}], 0x8, 0x0, 0x0, 0x2044}, 0x60) sendmsg$inet(r0, &(0x7f0000000580)={&(0x7f0000000340)={0x2, 0x0, @local}, 0x10, &(0x7f0000000440)=[{&(0x7f00000003c0)='\f', 0x1}], 0x1}, 0x0) (fail_nth: 1) 3.403602191s ago: executing program 1 (id=1499): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00') fchdir(r0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$packet(0x11, 0x3, 0x300) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r3) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socket$xdp(0x2c, 0x3, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r5 = dup(r4) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r5, 0x0, 0xffffffdb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 3.397009056s ago: executing program 2 (id=1500): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="64000024547345a571bd9dffcbdf980ee00002060108000000000000edff00000000142007800800114000000000050000000000050005000a000000050001000700000005000400000000000900020073797a300000000016163a6e65742c706f72742c6e6574000000000000000000c7e25cdb67b36f51dbc61f"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = epoll_create1(0x0) r3 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x40000, 0x0) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r3, &(0x7f0000000200)={0xa000000a}) ioctl$sock_bt_hci(r3, 0x800448d3, &(0x7f0000000780)="ba74a299cd9437031ed1ee4fcc9a572d94d9267393cc70c9891e7217ba2b3cf2dcdd17d7f820418ac4dc312aa3357f1152c9414bb488017e27cf2f34deed184299ad5f") finit_module(r3, 0x0, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff0000000002000000090073797a336c75f765fd79bd225df6920000000014000000110048f43131d6843dd0438f9cd07c27c88cb5e3822f64b77548b6b825d821ea10f09d373a330754", @ANYRESOCT=r0, @ANYBLOB="9b61acfa2c0be68ded3a26ceba3cbaf11666029f888c9d628eddb14280c55f8fb0bd1b6df545930afed212135b98840861791c0b5a0819493d38157cd6fb96e4841c46ddb4e971143b3ec81fb877b0b6fa3bd120e167108adb5a812e5936a0639075cee22ad24c9931b34171cfc61c96a0840ba9"], 0x7c}, 0x1, 0x0, 0x0, 0x60004}, 0x800) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r4, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70003c85d4b2000000003b5d85c70000000000000001ac1414aa00000000000000000000000000000000000000000a00000000000000", @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00000000000000000c00000000000000000000000000000000000000000000000000000000000000ffffffffffffffff000000000000000000000000000000000000000000000000000a000000000000feffffffff7f4000020000000000000800000000000000000100000044000500ac1414aa000000000000000000000000000000003c00000002000000ac1414aa00000000000000000000000006000000040300000000"], 0xfc}}, 0x0) openat$adsp1(0xffffff9c, &(0x7f0000000100), 0x51d141, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r5 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='\x00', 0x89901) move_mount(r5, &(0x7f0000000180)='./file0\x00', r5, &(0x7f0000000300)='./file0\x00', 0x41) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000080)={'veth0_to_bridge\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="380000005500e50128bd70000000000007000000", @ANYRES32=r8, @ANYBLOB="20000100", @ANYRES32=r8, @ANYBLOB="00030300fe8000000000bb08000000"], 0x38}}, 0x800) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) userfaultfd(0x80001) r9 = socket$inet6(0xa, 0x3, 0x5) r10 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_TLS_TX(r10, 0x6, 0x1, &(0x7f00000000c0)=@gcm_256={{0x303}, '\x00', "5171bb672965593497418688ac68cb126474cd3660dab9e2086e246728d7a040", '\x00\x00=*', "1202000000040030"}, 0x38) setsockopt$inet6_tcp_int(r10, 0x6, 0x2000000000000020, &(0x7f0000000040)=0xa, 0x1959cc36) r11 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0xc2540) ioctl$EVIOCGMASK(r11, 0x80104592, &(0x7f0000000240)={0x5, 0x6b, &(0x7f00000005c0)="42d0ec41ab7167de66c4ab2c423924138e69d61630a6b6f807c5b5a6cb38cf38f266c2abdca8875a173ca63e650fb473ba92aed7a83917e9b3fa6b9b24098bbed300c46f2965381b865f00c5211330623dea54b0de573704972554aff35fcbcb8b60d8d22100062edcef76"}) setsockopt$inet6_tcp_TCP_MD5SIG(r10, 0x6, 0xe, &(0x7f0000000300)={@in6={{0xa, 0x4e20, 0x45, @loopback, 0x1}}, 0x0, 0x0, 0x21, 0x0, "5d9ed5ab7ede1bcf73742bc36c0ea13d3dec33e0b7cc1ff724fe1906cf9f794509000000dfea4ffd1e48aaf9a42d97f58d9094d5eb926f70f03d2d46f374a6b62ee9d04ac1bf0bef969bcbd8e4700616"}, 0xd8) connect$inet6(r10, &(0x7f00000001c0)={0xa, 0x0, 0x8001, @loopback}, 0x1c) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r9, 0x29, 0x20, &(0x7f00000000c0)={@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x800, 0x2, 0x0, 0x9, 0x0, 0x8}, 0x20) 2.555879658s ago: executing program 0 (id=1501): socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000010403000000fadbdf2500000000", @ANYRES32=0x0, @ANYBLOB="900100ff7f0000000000000000000100626f6e64000000000c00028008001a00ac1414aa9395f53868dff59bfeb564c8c8c0c54f0cc1fdabddde17fcd19b483575a588983c4688634245a56b15c613f6ac59f47e635e334c1693819dd6686f20cd6160795e"], 0x3c}, 0x1, 0x0, 0x0, 0x40010}, 0x240080c1) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace$setopts(0x4206, r0, 0x0, 0x0) wait4(r0, 0x0, 0x80000000, 0x0) wait4(r0, 0x0, 0x8, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="1e000000000000000500000006"], 0x48) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$BTRFS_IOC_SUBVOL_GETFLAGS(r2, 0x80089419, &(0x7f0000000080)) sendmsg$NFT_BATCH(r3, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x19) socket$netlink(0x10, 0x3, 0x0) openat(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$fuse(0xffffffffffffff9c, 0x0, 0x42, 0x0) socket$igmp6(0xa, 0x3, 0x3a) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) socket$key(0xf, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r5 = dup(r4) write$6lowpan_enable(r5, &(0x7f0000000000)='0', 0xfffffd2c) r6 = socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r6, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) 2.495263073s ago: executing program 1 (id=1502): arch_prctl$ARCH_GET_GS(0x1004, 0x0) unshare(0x20000600) epoll_pwait(0xffffffffffffffff, &(0x7f00000001c0)=[{}, {}], 0x2, 0x6, &(0x7f0000000200)={[0x7]}, 0x8) openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000140)='blkio.bfq.io_service_time\x00', 0x0, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0xfe, 0x0, 0x7ffc9ffe}]}) utime(0x0, 0x0) r0 = signalfd(0xffffffffffffffff, &(0x7f0000000180), 0x8) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) futex_waitv(&(0x7f0000001080)=[{0x3, &(0x7f0000001040)=0x3, 0x82}], 0x1, 0x0, &(0x7f0000001100)={0x77359400}, 0x1) read$msr(r0, &(0x7f00000003c0)=""/203, 0xcb) prlimit64(r1, 0x2, &(0x7f0000000140)={0x8, 0xe}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000380)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x4, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001540)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x40000002}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@ipv6_newroute={0x3c, 0x18, 0x1ef, 0x0, 0x0, {0xa, 0x14, 0x0, 0x0, 0x0, 0x1}, [@RTA_MULTIPATH={0xc, 0x9, {0x8}}, @RTA_GATEWAY={0x14, 0x5, @loopback={0x0, 0x2}}]}, 0x3c}, 0x1, 0x11}, 0x0) write$P9_RVERSION(0xffffffffffffffff, 0x0, 0x15) syz_io_uring_submit(0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, r0, 0x0) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x2}, &(0x7f0000001fee)='R\x10rust\xe3c*s\xa8rVid:\xc4e', 0x0) openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 1.971561159s ago: executing program 2 (id=1503): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=@newtaction={0xa4, 0x30, 0x1, 0x0, 0x0, {}, [{0x90, 0x1, [@m_ct={0x44, 0x2, 0x0, 0x0, {{0x7}, {0x1c, 0x2, 0x0, 0x1, [@TCA_CT_PARMS={0x18, 0x1, {0x9d, 0x11e41e7a, 0x20000000, 0x0, 0xf}}]}, {0x4}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x0, 0x1}}}}, @m_ife={0x48, 0x1, 0x0, 0x0, {{0x8}, {0x20, 0x2, 0x0, 0x1, [@TCA_IFE_PARMS={0x1c}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xa4}, 0x1, 0x0, 0x0, 0x800}, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x6, 0x8031, 0xffffffffffffffff, 0x6a855000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) clock_getres(0x3, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f00000000c0)='mmap_lock_acquire_returned\x00', r3}, 0x10) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) fcntl$addseals(0xffffffffffffffff, 0x409, 0x7) 1.202321243s ago: executing program 0 (id=1504): mkdirat(0xffffffffffffff9c, &(0x7f0000000400)='./file0\x00', 0xc8) capset(&(0x7f0000000500)={0x20080522}, &(0x7f0000000200)={0x200002, 0x200003, 0x801, 0x4, 0x7}) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file1\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000580), 0x0, &(0x7f0000000680)={[{@uuid_null}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}, {@index_off}], [{@fscontext={'fscontext', 0x3d, 'user_u'}}, {@subj_user={'subj_user', 0x3d, 'upperdir'}}]}) chdir(&(0x7f0000000100)='./file1\x00') r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f00000012c0)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e24}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r1 = fcntl$dupfd(r0, 0x0, r0) sendmsg$IPVS_CMD_GET_CONFIG(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[], 0x14}}, 0x0) setsockopt$inet6_tcp_TLS_TX(r1, 0x11a, 0x2, &(0x7f0000000280)=@gcm_256={{0x303, 0x36}, "7221de4d120f747c", "e0fb3b37900597830d49c7df36e7d0e14744e319c4f11d6200", "e39382f8"}, 0x38) syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), r1) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000001e00)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_TDLS_OPER(r4, &(0x7f0000001f00)={0x0, 0x0, &(0x7f0000001ec0)={&(0x7f0000001e40)={0x30, r2, 0x1, 0x70bd27, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_MAC={0xa, 0x6, @broadcast}, @NL80211_ATTR_TDLS_OPERATION={0x5, 0x8a, 0x1}]}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x4084) r6 = creat(&(0x7f0000000280)='./file0\x00', 0xecf86c37d53049cc) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f00000000c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)={0x24, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0x3}]}, 0x24}}, 0x0) sendmsg$NL80211_CMD_START_AP(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x54, r8, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r9}, @void}}, [@NL80211_ATTR_BEACON_INTERVAL={0x8}, @chandef_params, @NL80211_ATTR_BEACON_INTERVAL={0x8}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ_OFFSET={0x8, 0x122, 0x2d6}, @NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0xb69}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x10}, @NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0xa}], @NL80211_ATTR_HE_BSS_COLOR={0x8, 0x11b, 0x0, 0x1, [@NL80211_HE_BSS_COLOR_ATTR_DISABLED={0x4}]}]}, 0x54}}, 0x0) sendmsg$NL80211_CMD_DEL_STATION(r1, &(0x7f00000001c0)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8030000}, 0xc, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="90010000", @ANYRES16=r2, @ANYBLOB="000100bd00000008000300", @ANYRES32=r9, @ANYBLOB="5b00be00ffd0ea7bb0f62d46298f2f105ef3d2b4b2f797f8eb1d878074ddfe2325d05d262f06f6eef9eb9dd01d8c0295cae76a8ec334c139710d7f9d5572fc5927bb820e49adf3766224920e61b333be941feb47c7fb41128cebb700fd00be00c0e08572511825f223cdb23ffcccb9e6a77ee20f0ec82cb641524d9726b02f36136ad08543c3b5bc1a06e515d8608374774a529db053dce786ab6e019ffa0d1ba1eabfb7dff4a29486a6646b93ae8b26149cda051b9359bd60acf01c5ce4b12b57cbb89a8a90c2a7bf2a169d6433f379911538db2ecc509d8e572248798e2fdc1b582c575b7086ef32bbb9c4b2706c88936d823401ded737c73aefb5be99d9aa014eb098c67b6efb1f8293550f65559a3c0b582f406d66aeb7e7be58f75de9cc39c77b5850508932ce71d1dbd3e8e9f45b146603dbe5414832ff360cbd64046fb9d75623ccac0a1391a88ca37b277fff7bb041b4ab8ec156410000000500c2000800000006003600090000000500e40001000000"], 0x190}, 0x1, 0x0, 0x0, 0x20008010}, 0x4000) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) mkdir(&(0x7f00000000c0)='./bus\x00', 0x0) mkdir(&(0x7f0000000440)='./file1\x00', 0x9d) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f0000000a00)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) 1.115239679s ago: executing program 0 (id=1505): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00') fchdir(r0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$packet(0x11, 0x3, 0x300) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r3) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socket$xdp(0x2c, 0x3, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r5 = dup(r4) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r5, 0x0, 0xffffffdb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 887.290371ms ago: executing program 2 (id=1506): unshare(0x68040200) sendmsg$nl_generic(0xffffffffffffffff, 0x0, 0x4044881) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = openat$random(0xffffffffffffff9c, &(0x7f0000000140), 0x181080, 0x0) ioctl$RNDGETENTCNT(r2, 0x80045200, 0x0) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="2400000020000103000000000000000002"], 0x24}, 0x1, 0x0, 0x0, 0x240088d4}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@ipv4_newroute={0x1c, 0x18, 0x1, 0x0, 0x25dfdbfb, {0x2, 0x14, 0x0, 0x0, 0xff, 0x0, 0x0, 0x8}}, 0x1c}, 0x1, 0x0, 0x0, 0x1}, 0x0) 647.259359ms ago: executing program 2 (id=1507): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f00000029c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="140072a952ada50e951f1000000000000a503f00"], 0x14}}, 0x20000080) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="1400000007"], 0x50) pwrite64(0xffffffffffffffff, &(0x7f0000000000)='L', 0x1, 0x7ffffffe) r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write$binfmt_misc(r0, &(0x7f0000000000), 0xd) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x100, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r3 = openat$cachefiles(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) r4 = dup(r3) io_setup(0x19, &(0x7f00000009c0)=0x0) r6 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=ANY=[], 0x50) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000300)='kfree\x00', r7, 0x0, 0x7fff}, 0x18) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[], 0xa8}}, 0x0) r9 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) r10 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r10, 0xc02064b2, &(0x7f0000000040)={0x80, 0x5, 0x10009}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r9, 0x100000) io_submit(r5, 0x1, &(0x7f0000000500)=[&(0x7f0000000200)={0x0, 0x0, 0x0, 0x5, 0x0, r4, 0x0}]) signalfd(0xffffffffffffffff, &(0x7f0000000240)={[0x1, 0x7ff]}, 0x8) pselect6(0x40, &(0x7f0000000040)={0xc, 0xf, 0x1, 0x4, 0xfffffffffffffff1, 0x2, 0x658}, 0x0, 0x0, &(0x7f0000000140), 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000002c0)={'wlan0\x00'}) r11 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r11, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r11, 0x0) 525.38715ms ago: executing program 1 (id=1508): mkdir(&(0x7f0000000180)='./file0\x00', 0x0) r0 = creat(&(0x7f0000000080)='./file0/file1\x00', 0x90) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r1, 0x3) ioctl$sock_SIOCOUTQNSD(r1, 0x894b, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000340)='./file1\x00', 0x0) mkdir(&(0x7f0000000100)='./bus\x00', 0xe8) mount$bind(&(0x7f00000000c0)='./file1\x00', &(0x7f0000000240)='./file0/../file0\x00', 0x0, 0x101091, 0x0) mount$overlay(0x0, &(0x7f0000000140)='./file0\x00', &(0x7f0000000080), 0x20840, &(0x7f0000000040)={[{@index_on}, {@xino_on}, {@upperdir={'upperdir', 0x3d, './file1'}}]}) chdir(&(0x7f00000001c0)='./bus\x00') r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x13, &(0x7f0000000580)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000002500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b70300000000000085000000060000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb70200000a000000b703000000000000850000006d00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f00000003c0)='signal_generate\x00', r2}, 0x40) syz_open_procfs$namespace(0x0, 0xfffffffffffffffe) unlink(&(0x7f0000000100)='./file0/file1\x00') r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$inet_tcp_int(r0, 0x6, 0x24, &(0x7f0000000280), 0x4) write$binfmt_elf32(r0, &(0x7f0000000380)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x1, 0x82, 0x3, 0x816, 0x1, 0x3e, 0x6, 0x81, 0x34, 0x5e, 0x8, 0x2a9, 0x20, 0x0, 0x7, 0x54, 0x8}, [], "2ebc68ff59aba06cb4de9e43f420cf31e1c58798037bb7c8f52c74786576b102d3cf7d48f414c546846c781855885d4555f09911127ca1900ed8931fcc4b7592407118f82bb99ebef80a2501f4ec9cd82a97c397e6375889fe5041f1cc7d565e3f61e5cef9820818c89d081874f46e92a1109b1c0a168d67", ['\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00', '\x00']}, 0x8ac) bind$packet(r3, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x14) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) openat(r0, &(0x7f00000002c0)='./file1\x00', 0x602000, 0xc0) sendmsg$NFNL_MSG_CTHELPER_DEL(r4, &(0x7f0000002500)={0x0, 0x0, &(0x7f00000024c0)={&(0x7f0000002440)={0x18, 0x2, 0x9, 0x301, 0x0, 0x0, {0x0, 0x0, 0x4}, [@NFCTH_TUPLE={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4000}, 0x4010) rmdir(&(0x7f0000000000)='./file0\x00') 450.8587ms ago: executing program 1 (id=1509): r0 = syz_open_procfs(0x0, &(0x7f0000000180)='map_files\x00') fchdir(r0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) socket$packet(0x11, 0x3, 0x300) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, 0xffffffffffffffff, 0x2000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) socket$xdp(0x2c, 0x3, 0x0) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r4 = dup(r3) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r4, 0x0, 0xffffffdb) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 321.120375ms ago: executing program 2 (id=1510): r0 = openat$adsp1(0xffffffffffffff9c, 0x0, 0xa0201, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r1 = socket$packet(0x11, 0x3, 0x300) r2 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r2, 0x40000000af01, 0x0) ioctl$VHOST_SET_VRING_ADDR(r2, 0x4028af11, &(0x7f0000000140)={0x1, 0x0, 0x0, &(0x7f0000000280)=""/167, &(0x7f0000000100)=""/47}) ioctl$VHOST_SET_MEM_TABLE(r2, 0x4008af03, &(0x7f0000000340)) r3 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r2, 0x4008af30, &(0x7f0000000000)={0x1, r3}) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) write$dsp(r0, 0x0, 0x0) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000105509147200ed0000000109022400010000000009040000030300000009210000000122050009058103"], 0x0) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io(r4, &(0x7f0000000100)={0x2c, &(0x7f0000000280)=ANY=[@ANYBLOB="200617"], 0x0, 0x0, 0x0, 0x0}, 0x0) r5 = openat$snapshot(0xffffffffffffff9c, &(0x7f00000001c0), 0x3f, 0x0) close_range(r5, r5, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, 0x0, 0x0) listen(r6, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(0xffffffffffffffff, 0xc0285700, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000002c0)='blkio.bfq.io_queued\x00', 0x275a, 0x0) r8 = syz_io_uring_setup(0x164b, &(0x7f0000000200)={0x0, 0xfc48, 0x4000, 0x0, 0x3d5, 0x0, r3}, &(0x7f0000000040), &(0x7f0000000380)) io_uring_setup(0x3090, &(0x7f00000003c0)={0x0, 0xf0e5, 0x208, 0x2, 0x3a6, 0x0, r8}) write$cgroup_int(r7, &(0x7f0000000000), 0xffffff6a) sendfile(0xffffffffffffffff, r7, 0x0, 0xffffffff000) r9 = socket(0x23, 0x1, 0x8b57) sendto$inet6(r9, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be04020506056403040c5c0009003f0020010a0000000d0085a168d0bf46d32345653600648d270012000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160008000a0000000000e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) 146.433828ms ago: executing program 0 (id=1511): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000300)="d8000000180081064e81f782db4cb904021d0800fe067c05e8fe55a10a0005000140020003600e41b0000900ac0006fc1100000016000500014002000000035c3b61c1d67f6f94007174cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001b14d6d930dfe1d9d322fe7c4650b5b9bd6ee6f63f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b4ff010000000000000dd6e4edef3d93452a09004b43370e9703920723f97e46bb5c07540d3b", 0xd8}], 0x1}, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(0xffffffffffffffff, 0x84, 0x15, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) bind$bt_hci(r1, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x4}, 0x6) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@newtfilter={0x54, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x8, 0x7}, {}, {0xa, 0xfff3}}, [@filter_kind_options=@f_flower={{0xb}, {0x24, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS_MASK={0x8, 0x55, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x4}]}, @TCA_FLOWER_KEY_ENC_OPTS={0x18, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0x14, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x1, 0x1}, @TCA_FLOWER_KEY_ENC_OPT_ERSPAN_INDEX={0x8, 0x2, 0x100c}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, &(0x7f0000001040)={'ip_vti0\x00', &(0x7f0000001000)={'tunl0\x00', 0x0, 0x7800, 0x7800, 0xfffffffd, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x64, 0x0, 0x10, 0x4, 0x0, @broadcast, @dev={0xac, 0x14, 0x14, 0x30}}}}}) 0s ago: executing program 0 (id=1512): syz_open_dev$vim2m(0x0, 0x800, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0xd, 0x4, &(0x7f0000000400)=ANY=[@ANYBLOB="b4000000000000006111500008000000060000000000000095000000"], &(0x7f00000001c0)='syzkaller\x00', 0xa, 0xc3, &(0x7f000000cf3d)=""/195, 0x40f00, 0x0, '\x00', 0x0, @sock_ops, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x0, 0x2}, 0x8, 0x10, &(0x7f0000000000)={0x0, 0x3}, 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$caif_stream(0x25, 0x1, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cgroup.freeze\x00', 0x275a, 0x0) mremap(&(0x7f0000000000/0x9000)=nil, 0x600600, 0x200000, 0x3, &(0x7f0000a00000/0x600000)=nil) write$binfmt_script(r1, &(0x7f0000000280), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r1, 0x0) io_submit(0x0, 0x1, &(0x7f0000000300)=[&(0x7f0000000000)={0x0, 0x0, 0x0, 0x5, 0x0, r0, 0x0}]) writev(r0, &(0x7f0000000940), 0x0) openat$6lowpan_enable(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) r2 = syz_io_uring_setup(0x24fa, &(0x7f0000000080)={0x0, 0x0, 0x10100}, 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES8=r2, @ANYBLOB="fe000000000000001c0012080c000100626f6e64000000000c0002100800010004"], 0x3c}, 0x1, 0x0, 0x0, 0x2000c000}, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r8], 0x54}}, 0x0) r9 = socket$netlink(0x10, 0x3, 0x0) r10 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r10, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r9, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000250800170000000000000a000000", @ANYRES32=r11, @ANYBLOB], 0x20}}, 0x0) sendmsg$nl_route(r3, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000240)=ANY=[@ANYBLOB="20000000110001002dbd7000fbdbdf2500000000", @ANYRES32=r8, @ANYBLOB="0e84ed84da5596b93b"], 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x4010) kernel console output (not intermixed with test programs): onfig 0 has 1 interface, different from the descriptor's value: 9 [ 244.648791][ T61] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 244.652315][ T61] usb 5-1: config 0 interface 0 has no altsetting 0 [ 244.655097][ T61] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 244.657847][ T61] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 244.661366][ T61] usb 5-1: config 0 interface 0 has no altsetting 0 [ 244.664923][ T61] usb 5-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 244.667711][ T61] usb 5-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 244.670405][ T61] usb 5-1: Product: syz [ 244.671882][ T61] usb 5-1: Manufacturer: syz [ 244.673336][ T61] usb 5-1: SerialNumber: syz [ 244.679923][ T61] usb 5-1: config 0 descriptor?? [ 244.685777][ T61] yurex 5-1:0.0: USB YUREX device now attached to Yurex #0 [ 244.943872][ T53] usb 5-1: USB disconnect, device number 27 [ 244.962499][ T53] yurex 5-1:0.0: USB YUREX #0 now disconnected [ 245.379316][ T9472] siw: device registration error -23 [ 245.719715][ T61] usb 7-1: new high-speed USB device number 25 using dummy_hcd [ 245.874456][ T61] usb 7-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 245.878087][ T61] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 245.881486][ T61] usb 7-1: Product: syz [ 245.882818][ T61] usb 7-1: Manufacturer: syz [ 245.884649][ T61] usb 7-1: SerialNumber: syz [ 245.891314][ T61] usb 7-1: config 0 descriptor?? [ 245.896144][ T61] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 246.221329][ T53] usb 6-1: new high-speed USB device number 28 using dummy_hcd [ 246.375763][ T61] gspca_sunplus: reg_r err -71 [ 246.377378][ T61] sunplus 7-1:0.0: probe with driver sunplus failed with error -71 [ 246.381802][ T61] usb 7-1: USB disconnect, device number 25 [ 246.384140][ T53] usb 6-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 246.386876][ T53] usb 6-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 246.390032][ T53] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 246.392933][ T53] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 246.396316][ T53] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 246.405878][ T53] usb 6-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 246.408707][ T53] usb 6-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 246.411386][ T53] usb 6-1: Product: syz [ 246.412703][ T53] usb 6-1: Manufacturer: syz [ 246.417578][ T53] cdc_wdm 6-1:1.0: skipping garbage [ 246.419288][ T53] cdc_wdm 6-1:1.0: skipping garbage [ 246.423048][ T53] cdc_wdm 6-1:1.0: cdc-wdm0: USB WDM device [ 246.424932][ T53] cdc_wdm 6-1:1.0: Unknown control protocol [ 246.431772][ T836] usb 8-1: new high-speed USB device number 42 using dummy_hcd [ 246.600401][ T836] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 246.603735][ T836] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 246.607750][ T836] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 246.610670][ T836] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 246.614471][ T836] usb 8-1: config 0 descriptor?? [ 246.618514][ T836] usbhid 8-1:0.0: couldn't find an input interrupt endpoint [ 246.819148][ T5092] usb 8-1: USB disconnect, device number 42 [ 247.028267][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -EPIPE [ 247.195182][ T9493] siw: device registration error -23 [ 247.524505][ T5092] usb 8-1: new high-speed USB device number 43 using dummy_hcd [ 247.627831][ T9495] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 247.682269][ T5092] usb 8-1: Using ep0 maxpacket: 32 [ 247.685559][ T5092] usb 8-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 247.688516][ T5092] usb 8-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 247.692267][ T5092] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 247.694921][ T5092] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.698794][ T5092] usb 8-1: config 0 descriptor?? [ 247.702451][ T5092] ldusb 8-1:0.0: Interrupt in endpoint not found [ 247.705180][ T5092] usbhid 8-1:0.0: couldn't find an input interrupt endpoint [ 247.955534][ T836] usb 8-1: USB disconnect, device number 43 [ 248.325807][ T9500] siw: device registration error -23 [ 248.454265][ T9503] siw: device registration error -23 [ 248.970491][ C3] cdc_wdm 6-1:1.0: nonzero urb status received: -71 [ 248.970683][ T9] usb 6-1: USB disconnect, device number 28 [ 248.972610][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - 0 bytes [ 248.972622][ C3] cdc_wdm 6-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 249.161128][ T1466] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 249.303791][ T9516] siw: device registration error -23 [ 249.311080][ T1466] usb 5-1: Using ep0 maxpacket: 8 [ 249.315559][ T1466] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 249.318766][ T1466] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 249.323429][ T1466] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 249.326660][ T1466] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 249.330300][ T1466] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 249.335425][ T1466] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 249.338434][ T1466] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 249.557688][ T1466] usb 5-1: GET_CAPABILITIES returned 0 [ 249.559477][ T1466] usbtmc 5-1:16.0: can't read capabilities [ 249.776093][ T5092] usb 5-1: USB disconnect, device number 28 [ 249.830978][ T6017] usb 8-1: new high-speed USB device number 44 using dummy_hcd [ 250.032389][ T6017] usb 8-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 250.036096][ T6017] usb 8-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.039496][ T6017] usb 8-1: Product: syz [ 250.042371][ T6017] usb 8-1: Manufacturer: syz [ 250.043867][ T6017] usb 8-1: SerialNumber: syz [ 250.049060][ T6017] usb 8-1: config 0 descriptor?? [ 250.052261][ T6017] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 250.317340][ T9532] overlayfs: failed to resolve './file0': -2 [ 250.610873][ T1466] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 250.644060][ T9537] siw: device registration error -23 [ 250.762864][ T1466] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 250.766647][ T1466] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 250.771029][ T1466] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 250.774787][ T1466] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 250.779394][ T1466] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 250.786137][ T1466] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 250.790047][ T1466] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 250.793513][ T1466] usb 5-1: Product: syz [ 250.795349][ T1466] usb 5-1: Manufacturer: syz [ 250.805229][ T1466] cdc_wdm 5-1:1.0: skipping garbage [ 250.807544][ T1466] cdc_wdm 5-1:1.0: skipping garbage [ 250.811437][ T1466] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 250.813935][ T1466] cdc_wdm 5-1:1.0: Unknown control protocol [ 250.842639][ T6017] gspca_sunplus: reg_r err -71 [ 250.844321][ T6017] sunplus 8-1:0.0: probe with driver sunplus failed with error -71 [ 250.847784][ T6017] usb 8-1: USB disconnect, device number 44 [ 251.370962][ T1466] usb 6-1: new high-speed USB device number 29 using dummy_hcd [ 251.558294][ T1466] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 251.561711][ T1466] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 251.565784][ T1466] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 251.568601][ T1466] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 251.593587][ T1466] usb 6-1: config 0 descriptor?? [ 251.597739][ T1466] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 251.799824][ T1466] usb 6-1: USB disconnect, device number 29 [ 252.243026][ T6017] usb 6-1: new high-speed USB device number 30 using dummy_hcd [ 252.390919][ T6017] usb 6-1: Using ep0 maxpacket: 32 [ 252.438462][ T6017] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 252.441923][ T6017] usb 6-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 252.445883][ T6017] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 252.448662][ T6017] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.454638][ T6017] usb 6-1: config 0 descriptor?? [ 252.464324][ T6017] ldusb 6-1:0.0: Interrupt in endpoint not found [ 252.470942][ T61] usb 7-1: new high-speed USB device number 26 using dummy_hcd [ 252.473935][ T6017] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 252.621011][ T61] usb 7-1: Using ep0 maxpacket: 8 [ 252.624727][ T61] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 252.628144][ T61] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 252.632322][ T61] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 252.636307][ T61] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 252.639383][ T61] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 252.643722][ T61] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 252.647205][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 252.716876][ T1466] usb 6-1: USB disconnect, device number 30 [ 252.862096][ T61] usb 7-1: GET_CAPABILITIES returned 0 [ 252.863874][ T61] usbtmc 7-1:16.0: can't read capabilities [ 253.383215][ C0] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 253.384847][ T61] usb 5-1: USB disconnect, device number 29 [ 253.385307][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 253.389751][ C0] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 253.401405][ T24] usb 7-1: USB disconnect, device number 26 [ 253.583313][ T9573] siw: device registration error -23 [ 254.346258][ T9586] syzkaller1: entered promiscuous mode [ 254.348574][ T9586] syzkaller1: entered allmulticast mode [ 254.703855][ T9598] siw: device registration error -23 [ 255.123658][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.126556][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.751603][ T9483] usb 6-1: new high-speed USB device number 31 using dummy_hcd [ 255.902181][ T9483] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 255.907089][ T9483] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 255.917126][ T9483] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.926631][ T9483] usb 6-1: config 0 descriptor?? [ 255.934301][ T9483] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 255.999646][ T9620] syzkaller1: entered promiscuous mode [ 256.001614][ T9620] syzkaller1: entered allmulticast mode [ 256.140261][ T6017] usb 6-1: USB disconnect, device number 31 [ 256.377860][ T9629] siw: device registration error -23 [ 257.113931][ T9638] siw: device registration error -23 [ 257.328876][ T6017] usb 6-1: new high-speed USB device number 32 using dummy_hcd [ 257.500963][ T6017] usb 6-1: Using ep0 maxpacket: 32 [ 257.505228][ T6017] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 257.513986][ T6017] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 257.519789][ T6017] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.530274][ T6017] usb 6-1: config 0 descriptor?? [ 257.535702][ T6017] ldusb 6-1:0.0: Interrupt in endpoint not found [ 257.539805][ T6017] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 257.740309][ T6017] usb 6-1: USB disconnect, device number 32 [ 258.273399][ T9652] syzkaller1: entered promiscuous mode [ 258.275219][ T9652] syzkaller1: entered allmulticast mode [ 258.898911][ T9669] siw: device registration error -23 [ 260.191436][ T6017] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 260.342767][ T6017] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 260.346322][ T6017] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 260.349244][ T6017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 260.353600][ T6017] usb 5-1: config 0 descriptor?? [ 260.360267][ T6017] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 260.559519][ T1466] usb 5-1: USB disconnect, device number 30 [ 261.030897][ T6017] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 261.191007][ T6017] usb 5-1: Using ep0 maxpacket: 32 [ 261.195018][ T6017] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 261.198506][ T6017] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 261.202638][ T6017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.208274][ T6017] usb 5-1: config 0 descriptor?? [ 261.218496][ T6017] ldusb 5-1:0.0: Interrupt in endpoint not found [ 261.221563][ T6017] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 261.414664][ T24] usb 5-1: USB disconnect, device number 31 [ 261.798646][ T40] audit: type=1326 audit(1749210754.137:29621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9723 comm="syz.1.1077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7fc00000 [ 262.030925][ T5826] usb 6-1: new high-speed USB device number 33 using dummy_hcd [ 262.080555][ T9730] syzkaller1: entered promiscuous mode [ 262.082531][ T9730] syzkaller1: entered allmulticast mode [ 262.156736][ T9732] netlink: 892 bytes leftover after parsing attributes in process `syz.0.1079'. [ 262.190319][ T9734] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1080'. [ 262.197297][ T5826] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 262.201936][ T5826] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 262.205931][ T5826] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 262.212509][ T5826] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 262.216239][ T5826] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 262.223407][ T5826] usb 6-1: config 0 descriptor?? [ 262.504662][ T9741] siw: device registration error -23 [ 262.643872][ T9727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 262.648033][ T9727] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 262.653335][ T5826] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 262.655681][ T5826] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 262.658009][ T5826] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 262.660303][ T5826] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 262.664108][ T5826] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 262.666435][ T5826] plantronics 0003:047F:FFFF.0008: unknown main item tag 0x0 [ 262.669025][ T5826] plantronics 0003:047F:FFFF.0008: No inputs registered, leaving [ 262.682772][ T5826] plantronics 0003:047F:FFFF.0008: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 262.912648][ T40] audit: type=1326 audit(1749210755.257:29622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9723 comm="syz.1.1077" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf702e579 code=0x7fc00000 [ 262.913974][ T6017] usb 6-1: USB disconnect, device number 33 [ 262.920035][ T40] audit: type=1326 audit(1749210755.257:29623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9723 comm="syz.1.1077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7fc00000 [ 262.930599][ T40] audit: type=1326 audit(1749210755.257:29624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9723 comm="syz.1.1077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7fc00000 [ 262.939059][ T40] audit: type=1326 audit(1749210755.257:29625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9723 comm="syz.1.1077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7fc00000 [ 262.948301][ T40] audit: type=1326 audit(1749210755.257:29626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9723 comm="syz.1.1077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7fc00000 [ 262.957446][ T40] audit: type=1326 audit(1749210755.257:29627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9723 comm="syz.1.1077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7fc00000 [ 262.960955][ T5826] usb 7-1: new high-speed USB device number 27 using dummy_hcd [ 262.965904][ T40] audit: type=1326 audit(1749210755.257:29628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9723 comm="syz.1.1077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7fc00000 [ 262.976375][ T40] audit: type=1326 audit(1749210755.257:29629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9723 comm="syz.1.1077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7fc00000 [ 262.984538][ T40] audit: type=1326 audit(1749210755.257:29630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9723 comm="syz.1.1077" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7fc00000 [ 263.112108][ T5826] usb 7-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 263.115514][ T5826] usb 7-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 263.118534][ T5826] usb 7-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 263.121667][ T5826] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.125733][ T9745] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 263.129524][ T5826] usb 7-1: Quirk or no altset; falling back to MIDI 1.0 [ 263.401024][ T9483] usb 7-1: USB disconnect, device number 27 [ 263.740948][ T1466] usb 6-1: new high-speed USB device number 34 using dummy_hcd [ 263.893124][ T1466] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 263.897873][ T1466] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 263.901952][ T1466] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 263.907420][ T1466] usb 6-1: config 0 descriptor?? [ 263.918311][ T1466] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 264.064049][ T9762] netlink: 892 bytes leftover after parsing attributes in process `syz.0.1089'. [ 264.115731][ T1466] usb 6-1: USB disconnect, device number 34 [ 264.358594][ T9768] siw: device registration error -23 [ 264.720890][ T5092] usb 6-1: new high-speed USB device number 35 using dummy_hcd [ 264.881244][ T5092] usb 6-1: Using ep0 maxpacket: 32 [ 264.884255][ T5092] usb 6-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 264.887695][ T5092] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 264.890559][ T5092] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.894472][ T5092] usb 6-1: config 0 descriptor?? [ 264.899328][ T5092] ldusb 6-1:0.0: Interrupt in endpoint not found [ 264.903735][ T5092] usbhid 6-1:0.0: couldn't find an input interrupt endpoint [ 265.099390][ T24] usb 6-1: USB disconnect, device number 35 [ 265.482936][ T9782] syzkaller1: entered promiscuous mode [ 265.484639][ T9782] syzkaller1: entered allmulticast mode [ 266.805611][ T9816] siw: device registration error -23 [ 266.811166][ T40] kauditd_printk_skb: 5009 callbacks suppressed [ 266.811204][ T40] audit: type=1326 audit(1749210759.157:34640): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9807 comm="syz.0.1104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7fc00000 [ 267.041136][ T24] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 267.169686][ T9820] syzkaller1: entered promiscuous mode [ 267.171611][ T9820] syzkaller1: entered allmulticast mode [ 267.192876][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 267.198217][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 267.201942][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 267.206044][ T24] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 267.208974][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.213132][ T24] usb 5-1: config 0 descriptor?? [ 267.511000][ T9] usb 7-1: new high-speed USB device number 28 using dummy_hcd [ 267.631498][ T9815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 267.641078][ T9815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 267.651371][ T24] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 267.653682][ T24] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 267.656154][ T24] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 267.658538][ T24] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 267.661138][ T24] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 267.662713][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 267.666208][ T24] plantronics 0003:047F:FFFF.0009: unknown main item tag 0x0 [ 267.670082][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 267.670372][ T24] plantronics 0003:047F:FFFF.0009: No inputs registered, leaving [ 267.674330][ T9] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 267.679771][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 267.682625][ T24] plantronics 0003:047F:FFFF.0009: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 267.691595][ T9] usb 7-1: config 0 descriptor?? [ 267.790906][ T61] usb 8-1: new high-speed USB device number 45 using dummy_hcd [ 267.904231][ T40] audit: type=1326 audit(1749210760.247:34641): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9807 comm="syz.0.1104" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fb1579 code=0x7fc00000 [ 267.907155][ T1466] usb 5-1: USB disconnect, device number 32 [ 267.914271][ T40] audit: type=1326 audit(1749210760.257:34642): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9807 comm="syz.0.1104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7fc00000 [ 267.915088][ T9] usbhid 7-1:0.0: can't add hid device: -71 [ 267.923702][ T40] audit: type=1326 audit(1749210760.257:34643): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9807 comm="syz.0.1104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7fc00000 [ 267.927120][ T9] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 267.936672][ T40] audit: type=1326 audit(1749210760.257:34644): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9807 comm="syz.0.1104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7fc00000 [ 267.940884][ T9] usb 7-1: USB disconnect, device number 28 [ 267.944878][ T40] audit: type=1326 audit(1749210760.257:34645): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9807 comm="syz.0.1104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7fc00000 [ 267.954651][ T40] audit: type=1326 audit(1749210760.257:34646): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9807 comm="syz.0.1104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7fc00000 [ 267.957190][ T61] usb 8-1: Using ep0 maxpacket: 8 [ 267.961369][ T40] audit: type=1326 audit(1749210760.257:34647): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9807 comm="syz.0.1104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7fc00000 [ 267.965214][ T61] usb 8-1: config index 0 descriptor too short (expected 301, got 45) [ 267.971653][ T40] audit: type=1326 audit(1749210760.257:34648): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9807 comm="syz.0.1104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7fc00000 [ 267.971679][ T40] audit: type=1326 audit(1749210760.257:34649): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9807 comm="syz.0.1104" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x7fc00000 [ 267.987645][ T61] usb 8-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 267.991610][ T61] usb 8-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 267.994576][ T61] usb 8-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 267.997791][ T61] usb 8-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 268.002816][ T61] usb 8-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 268.005633][ T61] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.012664][ T61] usbtmc 8-1:16.0: bulk endpoints not found [ 268.426152][ T9] usb 7-1: new high-speed USB device number 29 using dummy_hcd [ 268.590906][ T9] usb 7-1: Using ep0 maxpacket: 32 [ 268.593804][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 268.597118][ T9] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 268.600145][ T9] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 268.603288][ T9] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 268.608331][ T9] usb 7-1: config 0 descriptor?? [ 268.616245][ T9] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 268.624678][ T9] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 268.816016][ T9822] ldusb 7-1:0.0: Couldn't submit interrupt_in_urb -90 [ 268.819203][ T9] usb 7-1: USB disconnect, device number 29 [ 268.825144][ T9] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 269.131001][ T6017] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 269.283513][ T6017] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 269.287048][ T6017] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 269.290070][ T6017] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 269.294876][ T9848] syzkaller1: entered promiscuous mode [ 269.295379][ T6017] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 269.296631][ T9848] syzkaller1: entered allmulticast mode [ 269.299334][ T6017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 269.306171][ T6017] usb 5-1: config 0 descriptor?? [ 269.715014][ T9846] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 269.717987][ T9846] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 269.724497][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.730291][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.734418][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.736770][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.739098][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.741795][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.744205][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.746577][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.749037][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.751679][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.754033][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.756390][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.758723][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.761603][ T6017] plantronics 0003:047F:FFFF.000A: unknown main item tag 0x0 [ 269.764737][ T6017] plantronics 0003:047F:FFFF.000A: No inputs registered, leaving [ 269.770676][ T6017] plantronics 0003:047F:FFFF.000A: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 270.559200][ T60] usb 8-1: USB disconnect, device number 45 [ 271.356489][ T5952] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 271.730944][ T53] usb 7-1: new high-speed USB device number 30 using dummy_hcd [ 271.813413][ T60] usb 5-1: USB disconnect, device number 33 [ 271.932317][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 271.935635][ T53] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 271.938557][ T53] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 271.946826][ T53] usb 7-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 271.951001][ T53] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 271.951018][ T1466] usb 6-1: new high-speed USB device number 36 using dummy_hcd [ 271.954547][ T53] usb 7-1: config 0 descriptor?? [ 272.112242][ T1466] usb 6-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 272.115872][ T1466] usb 6-1: config 0 interface 0 has no altsetting 0 [ 272.119758][ T1466] usb 6-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 272.123585][ T1466] usb 6-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 272.126982][ T1466] usb 6-1: Product: syz [ 272.128702][ T1466] usb 6-1: Manufacturer: syz [ 272.130734][ T1466] usb 6-1: SerialNumber: syz [ 272.134751][ T1466] usb 6-1: config 0 descriptor?? [ 272.144566][ T1466] usb 6-1: selecting invalid altsetting 0 [ 272.344527][ T60] usb 6-1: USB disconnect, device number 36 [ 272.402895][ T9891] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 272.405750][ T9891] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 272.618230][ T40] kauditd_printk_skb: 9857 callbacks suppressed [ 272.618241][ T40] audit: type=1326 audit(1749210764.957:44507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.2.1129" exe="/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7fa3579 code=0x7fc00000 [ 272.627086][ T40] audit: type=1326 audit(1749210764.957:44508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.2.1129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7fc00000 [ 272.627499][ T53] usbhid 7-1:0.0: can't add hid device: -71 [ 272.633920][ T40] audit: type=1326 audit(1749210764.957:44509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.2.1129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7fc00000 [ 272.635692][ T53] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 272.642630][ T40] audit: type=1326 audit(1749210764.957:44510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.2.1129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7fc00000 [ 272.649492][ T53] usb 7-1: USB disconnect, device number 30 [ 272.655724][ T40] audit: type=1326 audit(1749210764.957:44511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.2.1129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7fc00000 [ 272.667225][ T40] audit: type=1326 audit(1749210764.957:44512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.2.1129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7fc00000 [ 272.674023][ T40] audit: type=1326 audit(1749210764.957:44513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.2.1129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7fc00000 [ 272.680604][ T40] audit: type=1326 audit(1749210764.957:44514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.2.1129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7fc00000 [ 272.687385][ T40] audit: type=1326 audit(1749210764.957:44515): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.2.1129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7fc00000 [ 272.694176][ T40] audit: type=1326 audit(1749210764.957:44516): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9889 comm="syz.2.1129" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x7fc00000 [ 273.193189][ T9919] syzkaller1: entered promiscuous mode [ 273.195270][ T9919] syzkaller1: entered allmulticast mode [ 273.247367][ T5952] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 273.601149][ T5988] usb 8-1: new high-speed USB device number 46 using dummy_hcd [ 273.772188][ T5988] usb 8-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 273.775364][ T5988] usb 8-1: config 0 interface 0 has no altsetting 0 [ 273.779137][ T5988] usb 8-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 273.782267][ T5988] usb 8-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 273.784818][ T5988] usb 8-1: Product: syz [ 273.786220][ T5988] usb 8-1: Manufacturer: syz [ 273.787725][ T5988] usb 8-1: SerialNumber: syz [ 273.790759][ T5988] usb 8-1: config 0 descriptor?? [ 273.794673][ T5988] usb 8-1: selecting invalid altsetting 0 [ 274.002387][ T60] usb 8-1: USB disconnect, device number 46 [ 274.152651][ T9942] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1147'. [ 274.280970][ T9948] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1150'. [ 274.343666][ T9953] syzkaller1: entered promiscuous mode [ 274.345242][ T9953] syzkaller1: entered allmulticast mode [ 274.420894][ T5988] usb 7-1: new high-speed USB device number 31 using dummy_hcd [ 274.530900][ T61] usb 6-1: new high-speed USB device number 37 using dummy_hcd [ 274.590918][ T5988] usb 7-1: Using ep0 maxpacket: 8 [ 274.593680][ T5988] usb 7-1: config index 0 descriptor too short (expected 301, got 45) [ 274.596275][ T5988] usb 7-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 274.599253][ T5988] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 274.602479][ T5988] usb 7-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 274.605504][ T5988] usb 7-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 274.609521][ T5988] usb 7-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 274.612563][ T5988] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.712308][ T61] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.715760][ T61] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 274.719421][ T61] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 274.724134][ T61] usb 6-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 274.727217][ T61] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 274.731356][ T61] usb 6-1: config 0 descriptor?? [ 274.822448][ T5988] usb 7-1: GET_CAPABILITIES returned 0 [ 274.824249][ T5988] usbtmc 7-1:16.0: can't read capabilities [ 274.981043][ T1466] usb 8-1: new high-speed USB device number 47 using dummy_hcd [ 275.030870][ T53] usb 7-1: USB disconnect, device number 31 [ 275.132471][ T1466] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 275.135900][ T1466] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 275.138703][ T1466] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.141879][ T9949] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 275.142511][ T1466] usb 8-1: config 0 descriptor?? [ 275.145016][ T9949] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 275.359842][ T61] usbhid 6-1:0.0: can't add hid device: -71 [ 275.361935][ T61] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 275.365802][ T61] usb 6-1: USB disconnect, device number 37 [ 275.405584][ T1466] usbhid 8-1:0.0: can't add hid device: -71 [ 275.407586][ T1466] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 275.411105][ T1466] usb 8-1: USB disconnect, device number 47 [ 275.629942][ T9974] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1159'. [ 275.673668][ T9976] fuse: Bad value for 'fd' [ 275.713374][ T9978] syzkaller1: entered promiscuous mode [ 275.715507][ T9978] syzkaller1: entered allmulticast mode [ 275.830949][ T60] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 275.841009][ T53] usb 8-1: new high-speed USB device number 48 using dummy_hcd [ 275.991350][ T53] usb 8-1: Using ep0 maxpacket: 32 [ 275.992298][ T60] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 275.994217][ T53] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 275.999165][ T60] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 276.002260][ T53] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 276.003070][ T60] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 276.007956][ T60] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 276.009203][ T53] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 276.011501][ T60] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 276.015217][ T53] usb 8-1: config 0 descriptor?? [ 276.018631][ T60] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 276.020704][ T53] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 276.021752][ T60] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 276.027068][ T60] usb 5-1: Product: syz [ 276.028457][ T60] usb 5-1: Manufacturer: syz [ 276.029564][ T53] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 276.039170][ T60] cdc_wdm 5-1:1.0: skipping garbage [ 276.041353][ T60] cdc_wdm 5-1:1.0: skipping garbage [ 276.043838][ T60] cdc_wdm 5-1:1.0: cdc-wdm1: USB WDM device [ 276.045649][ T60] cdc_wdm 5-1:1.0: Unknown control protocol [ 276.097768][ T5952] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 276.207786][T10001] syzkaller1: entered promiscuous mode [ 276.209542][T10001] syzkaller1: entered allmulticast mode [ 276.226788][ T9965] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 276.235034][ T9965] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 276.576016][T10006] fuse: Unknown parameter 'use00000000000000000000' [ 276.579491][ T53] usb 8-1: USB disconnect, device number 48 [ 276.581594][ C2] ldusb 8-1:0.0: usb_submit_urb failed (-19) [ 276.583712][ T9965] ldusb 8-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 276.589137][ T53] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 276.860908][ T5988] usb 6-1: new high-speed USB device number 38 using dummy_hcd [ 277.023661][ T5988] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 277.027834][ T5988] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 277.032100][ T5988] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.036790][ T5988] usb 6-1: config 0 descriptor?? [ 277.302357][ T5988] usbhid 6-1:0.0: can't add hid device: -71 [ 277.304483][ T5988] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 277.310051][ T5988] usb 6-1: USB disconnect, device number 38 [ 277.741049][ T53] usb 6-1: new high-speed USB device number 39 using dummy_hcd [ 277.911331][ T53] usb 6-1: Using ep0 maxpacket: 32 [ 277.914265][ T53] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 277.917844][ T53] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 277.920736][ T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 277.925873][ T53] usb 6-1: config 0 descriptor?? [ 277.929285][ T53] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 277.934359][ T53] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 277.948457][ T5952] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 278.004682][ T5952] Bluetooth: hci3: unexpected event 0x03 length: 1 < 11 [ 278.065543][T10026] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1178'. [ 278.118454][T10028] syzkaller1: entered promiscuous mode [ 278.120315][T10028] syzkaller1: entered allmulticast mode [ 278.640546][ T7187] usb 5-1: USB disconnect, device number 34 [ 279.022001][ T7187] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 279.171073][ T7187] usb 5-1: Using ep0 maxpacket: 8 [ 279.174744][ T7187] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 279.177478][ T7187] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 279.180536][ T7187] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 279.183791][ T7187] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 279.186926][ T7187] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 279.192377][ T7187] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 279.195346][ T7187] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.415106][ T7187] usb 5-1: GET_CAPABILITIES returned 0 [ 279.416886][ T7187] usbtmc 5-1:16.0: can't read capabilities [ 279.466454][T10052] syzkaller1: entered promiscuous mode [ 279.468259][T10052] syzkaller1: entered allmulticast mode [ 279.541162][ T5988] usb 7-1: new high-speed USB device number 32 using dummy_hcd [ 279.626761][ T1466] usb 5-1: USB disconnect, device number 35 [ 279.634028][ T7187] usb 6-1: USB disconnect, device number 39 [ 279.643155][ T7187] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 279.702545][ T5988] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 279.711305][ T5988] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 279.715036][ T5988] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 279.722246][ T5988] usb 7-1: config 0 descriptor?? [ 279.939056][ T5988] usbhid 7-1:0.0: can't add hid device: -71 [ 279.941204][ T5988] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 279.945107][ T5988] usb 7-1: USB disconnect, device number 32 [ 280.070987][ T61] usb 6-1: new high-speed USB device number 40 using dummy_hcd [ 280.232513][ T61] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 280.235982][ T61] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 280.238801][ T61] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.243739][ T61] usb 6-1: config 0 descriptor?? [ 280.370980][ T5988] usb 7-1: new high-speed USB device number 33 using dummy_hcd [ 280.400981][ T1466] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 280.510012][ T61] usbhid 6-1:0.0: can't add hid device: -71 [ 280.512556][ T61] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 280.518878][ T61] usb 6-1: USB disconnect, device number 40 [ 280.530958][ T5988] usb 7-1: Using ep0 maxpacket: 32 [ 280.535371][ T5988] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 280.538779][ T5988] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 280.541966][ T5988] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.548119][ T5988] usb 7-1: config 0 descriptor?? [ 280.556180][ T5988] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 280.560584][ T5988] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 280.581564][ T1466] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 280.584865][ T1466] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 280.587652][ T1466] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 280.591296][ T1466] usb 5-1: config 0 descriptor?? [ 280.864987][ T1466] usbhid 5-1:0.0: can't add hid device: -71 [ 280.867026][ T1466] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 280.870555][ T1466] usb 5-1: USB disconnect, device number 36 [ 280.940898][ T61] usb 6-1: new high-speed USB device number 41 using dummy_hcd [ 281.007888][ T5988] usb 7-1: USB disconnect, device number 33 [ 281.011375][ T5988] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 281.090930][ T61] usb 6-1: Using ep0 maxpacket: 32 [ 281.093975][ T61] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 281.097465][ T61] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 281.100307][ T61] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.104154][ T61] usb 6-1: config 0 descriptor?? [ 281.108060][ T61] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 281.114467][ T61] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 281.300923][ T1466] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 281.311350][T10066] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 281.314279][T10066] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 281.450934][ T1466] usb 5-1: Using ep0 maxpacket: 32 [ 281.466798][ T1466] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 281.471940][ T1466] usb 5-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 281.475751][ T1466] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 281.481247][ T1466] usb 5-1: config 0 descriptor?? [ 281.486100][ T1466] ldusb 5-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 281.490933][ T1466] ldusb 5-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 281.628040][T10066] ldusb 6-1:0.0: Couldn't submit HID_REQ_SET_REPORT -71 [ 281.629058][ T1466] usb 6-1: USB disconnect, device number 41 [ 281.630289][ C3] ldusb 6-1:0.0: usb_submit_urb failed (-19) [ 281.634852][ T1466] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 281.691082][T10072] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 281.695542][T10072] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 281.751090][ T7187] usb 8-1: new high-speed USB device number 49 using dummy_hcd [ 281.901601][ T60] usb 5-1: USB disconnect, device number 37 [ 281.906108][ T60] ldusb 5-1:0.0: LD USB Device #1 now disconnected [ 281.922856][ T7187] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 281.925959][ T7187] usb 8-1: config 1 has an invalid descriptor of length 52, skipping remainder of the config [ 281.928946][ T7187] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 281.932138][ T7187] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 7 [ 281.935622][ T7187] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 9272, setting to 1024 [ 281.940276][ T7187] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 281.943373][ T7187] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 281.945802][ T7187] usb 8-1: Product: syz [ 281.947107][ T7187] usb 8-1: Manufacturer: syz [ 281.954666][ T7187] cdc_wdm 8-1:1.0: skipping garbage [ 281.956345][ T7187] cdc_wdm 8-1:1.0: skipping garbage [ 281.958016][ T7187] cdc_wdm 8-1:1.0: probe with driver cdc_wdm failed with error -22 [ 282.909611][T10089] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1200'. [ 282.974538][T10094] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1203'. [ 283.008011][T10098] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1204'. [ 283.062898][T10102] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1206'. [ 283.257041][T10108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1208'. [ 284.254778][T10118] lo speed is unknown, defaulting to 1000 [ 284.273816][T10120] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1212'. [ 284.276715][T10120] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1212'. [ 284.398039][T10133] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1217'. [ 284.534668][ T60] usb 8-1: USB disconnect, device number 49 [ 284.670932][ T53] usb 6-1: new high-speed USB device number 42 using dummy_hcd [ 284.834007][ T53] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 284.838541][ T53] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 284.842547][ T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.850190][ T53] usb 6-1: config 0 descriptor?? [ 285.064659][ T53] usbhid 6-1:0.0: can't add hid device: -71 [ 285.066759][ T53] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 285.070635][ T53] usb 6-1: USB disconnect, device number 42 [ 285.490923][ T5826] usb 7-1: new high-speed USB device number 34 using dummy_hcd [ 285.501126][ T5988] usb 6-1: new high-speed USB device number 43 using dummy_hcd [ 285.660873][ T5988] usb 6-1: Using ep0 maxpacket: 32 [ 285.664467][ T5826] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.667758][ T5826] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 285.670918][ T5826] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.671443][ T5988] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 285.675262][ T5826] usb 7-1: config 0 descriptor?? [ 285.676932][ T5988] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 285.684296][ T5988] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 285.691915][ T5988] usb 6-1: config 0 descriptor?? [ 285.695035][ T5988] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 285.704016][ T5988] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 285.884734][ T5826] usbhid 7-1:0.0: can't add hid device: -71 [ 285.886831][ T5826] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 285.890412][ T5826] usb 7-1: USB disconnect, device number 34 [ 286.331023][ T5988] usb 7-1: new high-speed USB device number 35 using dummy_hcd [ 286.352159][T10163] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1227'. [ 286.482319][ T5988] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 286.485793][ T5988] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 286.488676][ T5988] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 286.493068][ T5988] usb 7-1: config 0 descriptor?? [ 286.996314][ T5988] usbhid 7-1:0.0: can't add hid device: -71 [ 286.998327][ T5988] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 287.002406][ T5988] usb 7-1: USB disconnect, device number 35 [ 287.437805][ T5826] usb 6-1: USB disconnect, device number 43 [ 287.441810][ T5826] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 287.576804][T10191] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1236'. [ 287.852417][ T7979] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 287.967407][T10200] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1240'. [ 288.001452][ T9] usb 8-1: new high-speed USB device number 50 using dummy_hcd [ 288.005420][ T7979] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 288.008132][ T7979] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 288.011444][ T7979] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 288.014281][ T7979] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 288.017783][ T7979] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 288.023103][ T7979] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 288.025890][ T7979] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 288.028561][ T7979] usb 5-1: Product: syz [ 288.029859][ T7979] usb 5-1: Manufacturer: syz [ 288.037006][ T7979] cdc_wdm 5-1:1.0: skipping garbage [ 288.039032][ T7979] cdc_wdm 5-1:1.0: skipping garbage [ 288.042805][ T7979] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 288.044640][ T7979] cdc_wdm 5-1:1.0: Unknown control protocol [ 288.152622][ T9] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 288.156328][ T9] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 288.159169][ T9] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.166706][ T9] usb 8-1: config 0 descriptor?? [ 288.241008][ T1466] usb 7-1: new high-speed USB device number 36 using dummy_hcd [ 288.393334][ T1466] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 288.396691][ T1466] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 288.399949][ T1466] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 288.403859][ T1466] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 288.408508][ T1466] usb 7-1: config 0 descriptor?? [ 288.430155][ T9] usbhid 8-1:0.0: can't add hid device: -71 [ 288.432621][ T9] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 288.442898][ T9] usb 8-1: USB disconnect, device number 50 [ 288.627172][ T1466] usbhid 7-1:0.0: can't add hid device: -71 [ 288.631222][ T1466] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 288.644062][ T1466] usb 7-1: USB disconnect, device number 36 [ 288.812464][ T7187] usb 5-1: USB disconnect, device number 38 [ 288.891030][ T5092] usb 8-1: new high-speed USB device number 51 using dummy_hcd [ 289.050963][ T5092] usb 8-1: Using ep0 maxpacket: 32 [ 289.053839][ T5092] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 289.057390][ T5092] usb 8-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 289.060206][ T5092] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.062981][ T60] usb 7-1: new high-speed USB device number 37 using dummy_hcd [ 289.066575][ T5092] usb 8-1: config 0 descriptor?? [ 289.072049][ T5092] ldusb 8-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 289.077344][ T5092] ldusb 8-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 289.215417][ T60] usb 7-1: Using ep0 maxpacket: 32 [ 289.218504][ T60] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 289.222229][ T60] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 289.230965][ T60] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 289.233828][ T60] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 289.238083][ T60] usb 7-1: config 0 descriptor?? [ 289.242913][ T60] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 289.251103][ T60] ldusb 7-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 289.433040][T10219] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1246'. [ 289.451594][ T5826] usb 7-1: USB disconnect, device number 37 [ 289.456161][ T5826] ldusb 7-1:0.0: LD USB Device #1 now disconnected [ 289.477266][ T60] usb 8-1: USB disconnect, device number 51 [ 289.482858][ T60] ldusb 8-1:0.0: LD USB Device #0 now disconnected [ 290.212317][ T5952] Bluetooth: hci1: unexpected event 0x03 length: 1 < 11 [ 290.252115][ T5826] usb 7-1: new high-speed USB device number 38 using dummy_hcd [ 290.403077][ T5826] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 290.411321][ T5826] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 290.422805][ T5826] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 290.442011][ T5826] usb 7-1: config 0 descriptor?? [ 290.659192][ T5826] usbhid 7-1:0.0: can't add hid device: -71 [ 290.661932][ T5826] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 290.676168][ T5826] usb 7-1: USB disconnect, device number 38 [ 290.925478][ T5952] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 290.991104][ T5092] usb 5-1: new high-speed USB device number 39 using dummy_hcd [ 291.111027][ T5826] usb 7-1: new high-speed USB device number 39 using dummy_hcd [ 291.154404][ T5092] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 291.157383][ T5092] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 291.161751][ T5092] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 291.172435][ T5092] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 291.176013][ T5092] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 291.191075][ T5092] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 291.194214][ T5092] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 291.197071][ T5092] usb 5-1: Product: syz [ 291.198519][ T5092] usb 5-1: Manufacturer: syz [ 291.211849][ T5092] cdc_wdm 5-1:1.0: skipping garbage [ 291.214051][ T5092] cdc_wdm 5-1:1.0: skipping garbage [ 291.226430][ T5092] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 291.228337][ T5092] cdc_wdm 5-1:1.0: Unknown control protocol [ 291.272089][ T5826] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 291.275498][ T5826] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 291.278291][ T5826] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.285992][ T5826] usb 7-1: config 0 descriptor?? [ 291.606003][ T5952] Bluetooth: hci2: unexpected event 0x03 length: 1 < 11 [ 291.730965][ T1466] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 291.743715][ T5826] usbhid 7-1:0.0: can't add hid device: -71 [ 291.745695][ T5826] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 291.749138][ T5826] usb 7-1: USB disconnect, device number 39 [ 291.892197][ C3] cdc_wdm 5-1:1.0: Unexpected error -71 [ 291.894472][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 291.896547][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 291.898661][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 291.900774][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 291.901519][ T1466] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 291.902904][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 291.906174][ T1466] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 291.908161][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 291.908366][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 291.911217][ T1466] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.913148][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 291.913354][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 291.921897][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 291.922141][ T1466] usb 6-1: config 0 descriptor?? [ 291.924020][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 291.927554][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 291.929858][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 291.932367][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 291.934735][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 291.936769][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 291.938838][ T61] usb 5-1: USB disconnect, device number 39 [ 291.938893][ C3] cdc_wdm 5-1:1.0: nonzero urb status received: -71 [ 291.943173][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - 0 bytes [ 291.945267][ C3] cdc_wdm 5-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 292.190231][ T1466] usbhid 6-1:0.0: can't add hid device: -71 [ 292.192260][ T1466] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 292.195729][ T1466] usb 6-1: USB disconnect, device number 44 [ 292.483406][T10288] FAULT_INJECTION: forcing a failure. [ 292.483406][T10288] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 292.489902][T10288] CPU: 2 UID: 0 PID: 10288 Comm: syz.2.1271 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 292.489919][T10288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 292.489926][T10288] Call Trace: [ 292.489930][T10288] [ 292.489935][T10288] dump_stack_lvl+0x16c/0x1f0 [ 292.489972][T10288] should_fail_ex+0x512/0x640 [ 292.489998][T10288] _copy_to_user+0x32/0xd0 [ 292.490010][T10288] simple_read_from_buffer+0xcb/0x170 [ 292.490027][T10288] proc_fail_nth_read+0x197/0x270 [ 292.490042][T10288] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 292.490056][T10288] ? rw_verify_area+0xcf/0x680 [ 292.490070][T10288] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 292.490083][T10288] vfs_read+0x1e1/0xc60 [ 292.490099][T10288] ? fdget_pos+0x2a2/0x370 [ 292.490117][T10288] ? __pfx_vfs_read+0x10/0x10 [ 292.490131][T10288] ? find_held_lock+0x2b/0x80 [ 292.490146][T10288] ? __fget_files+0x20e/0x3c0 [ 292.490165][T10288] ksys_read+0x12a/0x250 [ 292.490180][T10288] ? __pfx_ksys_read+0x10/0x10 [ 292.490195][T10288] ? do_raw_spin_unlock+0x172/0x230 [ 292.490212][T10288] ? rcu_is_watching+0x12/0xc0 [ 292.490226][T10288] __do_fast_syscall_32+0x7c/0x3a0 [ 292.490244][T10288] do_fast_syscall_32+0x32/0x80 [ 292.490260][T10288] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 292.490278][T10288] RIP: 0023:0xf7fa3579 [ 292.490287][T10288] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 292.490297][T10288] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 292.490308][T10288] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f50c6620 [ 292.490315][T10288] RDX: 000000000000000f RSI: 00000000f7432ff4 RDI: 0000000000000000 [ 292.490321][T10288] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 292.490327][T10288] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 292.490333][T10288] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 292.490346][T10288] [ 292.680938][ T53] usb 6-1: new high-speed USB device number 45 using dummy_hcd [ 292.841023][ T53] usb 6-1: Using ep0 maxpacket: 32 [ 292.844617][ T53] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 292.848013][ T53] usb 6-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 292.853501][ T53] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 292.857152][ T53] usb 6-1: config 0 descriptor?? [ 292.860577][ T53] ldusb 6-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 292.864959][ T53] ldusb 6-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 292.911066][ T5826] usb 7-1: new high-speed USB device number 40 using dummy_hcd [ 293.066048][ T5826] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 293.070565][ T5826] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 293.074257][ T5826] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.078401][ T5826] usb 7-1: config 0 descriptor?? [ 293.270129][ T24] usb 6-1: USB disconnect, device number 45 [ 293.279326][ T24] ldusb 6-1:0.0: LD USB Device #0 now disconnected [ 293.292109][ T5826] usbhid 7-1:0.0: can't add hid device: -71 [ 293.294419][ T5826] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 293.298883][ T5826] usb 7-1: USB disconnect, device number 40 [ 293.750897][ T61] usb 7-1: new high-speed USB device number 41 using dummy_hcd [ 293.790963][ T5826] usb 8-1: new high-speed USB device number 52 using dummy_hcd [ 293.910997][ T61] usb 7-1: Using ep0 maxpacket: 32 [ 293.914093][ T61] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 293.918160][ T61] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 293.921171][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.934849][ T61] usb 7-1: config 0 descriptor?? [ 293.939816][ T61] ldusb 7-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 293.943973][ T5826] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 293.949343][ T5826] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 293.959887][ T61] ldusb 7-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 293.962283][ T5826] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 293.969959][ T5826] usb 8-1: config 0 descriptor?? [ 294.184714][ T5826] usbhid 8-1:0.0: can't add hid device: -71 [ 294.186633][ T5826] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 294.196319][ T5826] usb 8-1: USB disconnect, device number 52 [ 294.630918][ T61] usb 8-1: new high-speed USB device number 53 using dummy_hcd [ 294.718888][T10329] ipvlan0: entered promiscuous mode [ 294.724533][T10328] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1283'. [ 294.728141][T10328] 8021q: VLANs not supported on ip6_vti0 [ 294.738968][T10328] trusted_key: syz.0.1283 sent an empty control message without MSG_MORE. [ 294.783024][ T61] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 294.787544][ T61] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 294.791746][ T61] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 294.798827][ T61] usb 8-1: config 0 descriptor?? [ 295.273862][ T61] usbhid 8-1:0.0: can't add hid device: -71 [ 295.275812][ T61] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 295.280760][ T61] usb 8-1: USB disconnect, device number 53 [ 295.695155][ T61] usb 7-1: USB disconnect, device number 41 [ 295.704130][ T61] ldusb 7-1:0.0: LD USB Device #0 now disconnected [ 295.746674][T10356] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1293'. [ 295.789524][T10360] binder: 10359:10360 ioctl c0306201 80000180 returned -14 [ 295.831799][T10362] netlink: 'syz.2.1296': attribute type 9 has an invalid length. [ 295.834739][T10362] netlink: 'syz.2.1296': attribute type 7 has an invalid length. [ 295.837273][T10362] netlink: 'syz.2.1296': attribute type 8 has an invalid length. [ 296.071427][T10374] dlm: Unknown command passed to DLM device : 0 [ 296.071427][T10374] [ 296.147628][T10380] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1303'. [ 296.189705][T10382] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.194090][ T61] usb 7-1: new high-speed USB device number 42 using dummy_hcd [ 296.313345][T10382] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.345224][ T61] usb 7-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 296.349331][ T61] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 296.352384][ T61] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.356550][ T61] usb 7-1: config 0 descriptor?? [ 296.361792][ T61] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 296.391058][T10382] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.456282][T10382] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 296.490962][ T5826] usb 8-1: new high-speed USB device number 54 using dummy_hcd [ 296.563206][T10382] netdevsim netdevsim0 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.570387][ T7187] usb 7-1: USB disconnect, device number 42 [ 296.573239][T10382] netdevsim netdevsim0 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.579635][T10382] netdevsim netdevsim0 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.593201][T10382] netdevsim netdevsim0 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 296.645456][ T5826] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 296.648980][ T5826] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 296.653626][ T5826] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 296.657462][ T5826] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 296.664247][ T5826] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 296.670501][ T5826] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 296.675308][ T5826] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 296.678552][ T5826] usb 8-1: Product: syz [ 296.680420][ T5826] usb 8-1: Manufacturer: syz [ 296.693690][ T5826] cdc_wdm 8-1:1.0: skipping garbage [ 296.695422][ T5826] cdc_wdm 8-1:1.0: skipping garbage [ 296.701100][ T5826] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 296.702912][ T5826] cdc_wdm 8-1:1.0: Unknown control protocol [ 296.926662][T10401] 9pnet_virtio: no channels available for device 127.0.0.1 [ 297.080896][ T7187] usb 7-1: new high-speed USB device number 43 using dummy_hcd [ 297.230884][ T7187] usb 7-1: Using ep0 maxpacket: 32 [ 297.234968][ T7187] usb 7-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 297.239463][ T7187] usb 7-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 297.243398][ T7187] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.248809][ T7187] usb 7-1: config 0 descriptor?? [ 297.254506][ T7187] ldusb 7-1:0.0: Interrupt in endpoint not found [ 297.258101][ T7187] usbhid 7-1:0.0: couldn't find an input interrupt endpoint [ 297.303557][ C2] cdc_wdm 8-1:1.0: nonzero urb status received: -EPIPE [ 297.443782][T10407] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1313'. [ 297.510679][ T5826] usb 7-1: USB disconnect, device number 43 [ 297.675762][T10417] ubi31: attaching mtd0 [ 297.680040][T10417] ubi31: scanning is finished [ 297.682331][T10417] ubi31: empty MTD device detected [ 297.751010][T10417] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 297.754088][T10417] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 297.757013][T10417] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 297.760357][T10417] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 297.763612][T10417] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 297.766431][T10417] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 297.769564][T10417] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 4189524796 [ 297.773530][T10417] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 297.777480][T10419] ubi31: background thread "ubi_bgt31d" started, PID 10419 [ 297.801279][ T5988] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 297.956318][ T5988] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 297.961091][ T5988] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 297.965128][ T5988] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.982844][ T5988] usb 6-1: config 0 descriptor?? [ 298.199150][ T5988] usbhid 6-1:0.0: can't add hid device: -71 [ 298.201497][ T5988] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 298.213063][ T5988] usb 6-1: USB disconnect, device number 46 [ 298.630889][ T5092] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 298.782639][ T5092] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 298.786813][ T5092] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 298.790416][ T5092] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 298.795717][ T5092] usb 6-1: config 0 descriptor?? [ 299.313693][ T5092] usbhid 6-1:0.0: can't add hid device: -71 [ 299.315446][ T5092] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 299.318706][ T5092] usb 6-1: USB disconnect, device number 47 [ 299.575882][T10439] warning: `syz.0.1322' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 300.081917][T10464] FAULT_INJECTION: forcing a failure. [ 300.081917][T10464] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 300.086445][T10464] CPU: 0 UID: 0 PID: 10464 Comm: syz.2.1331 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 300.086461][T10464] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 300.086469][T10464] Call Trace: [ 300.086473][T10464] [ 300.086478][T10464] dump_stack_lvl+0x16c/0x1f0 [ 300.086503][T10464] should_fail_ex+0x512/0x640 [ 300.086523][T10464] _copy_to_user+0x32/0xd0 [ 300.086535][T10464] copy_compat_semid_to_user+0x26a/0x2b0 [ 300.086549][T10464] ? __pfx_copy_compat_semid_to_user+0x10/0x10 [ 300.086565][T10464] ? from_kgid_munged+0xab/0x130 [ 300.086583][T10464] ? find_held_lock+0x2b/0x80 [ 300.086594][T10464] ? find_held_lock+0x2b/0x80 [ 300.086612][T10464] ? semctl_stat+0x430/0x600 [ 300.086628][T10464] compat_ksys_semctl+0x24a/0x360 [ 300.086641][T10464] ? __pfx_compat_ksys_semctl+0x10/0x10 [ 300.086660][T10464] ? rcu_is_watching+0x12/0xc0 [ 300.086673][T10464] __do_fast_syscall_32+0x7c/0x3a0 [ 300.086691][T10464] do_fast_syscall_32+0x32/0x80 [ 300.086707][T10464] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 300.086720][T10464] RIP: 0023:0xf7fa3579 [ 300.086730][T10464] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 300.086741][T10464] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 000000000000018a [ 300.086751][T10464] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000000000004 [ 300.086758][T10464] RDX: 0000000000000014 RSI: 0000000080000080 RDI: 0000000000000000 [ 300.086764][T10464] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 300.086770][T10464] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 300.086776][T10464] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 300.086789][T10464] [ 300.563465][ C2] cdc_wdm 8-1:1.0: nonzero urb status received: -71 [ 300.563564][ T5988] usb 8-1: USB disconnect, device number 54 [ 300.565580][ C2] cdc_wdm 8-1:1.0: wdm_int_callback - 0 bytes [ 300.565592][ C2] cdc_wdm 8-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 300.660007][T10491] FAULT_INJECTION: forcing a failure. [ 300.660007][T10491] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 300.664175][T10491] CPU: 0 UID: 0 PID: 10491 Comm: syz.2.1341 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 300.664190][T10491] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 300.664197][T10491] Call Trace: [ 300.664201][T10491] [ 300.664206][T10491] dump_stack_lvl+0x16c/0x1f0 [ 300.664225][T10491] should_fail_ex+0x512/0x640 [ 300.664245][T10491] _copy_from_user+0x2e/0xd0 [ 300.664256][T10491] move_addr_to_kernel+0x65/0x170 [ 300.664270][T10491] __sys_connect+0xb1/0x160 [ 300.664283][T10491] ? __pfx___sys_connect+0x10/0x10 [ 300.664296][T10491] ? handle_mm_fault+0x200/0xd10 [ 300.664316][T10491] ? __pfx_ksys_write+0x10/0x10 [ 300.664336][T10491] __ia32_sys_connect+0x71/0xb0 [ 300.664348][T10491] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 300.664365][T10491] __do_fast_syscall_32+0x7c/0x3a0 [ 300.664382][T10491] do_fast_syscall_32+0x32/0x80 [ 300.664398][T10491] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 300.664412][T10491] RIP: 0023:0xf7fa3579 [ 300.664420][T10491] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 300.664431][T10491] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 000000000000016a [ 300.664441][T10491] RAX: ffffffffffffffda RBX: 0000000000000009 RCX: 0000000080000140 [ 300.664448][T10491] RDX: 0000000000000010 RSI: 0000000000000000 RDI: 0000000000000000 [ 300.664454][T10491] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 300.664460][T10491] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 300.664466][T10491] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 300.664479][T10491] [ 300.724146][ C0] vkms_vblank_simulate: vblank timer overrun [ 300.735793][T10492] 8021q: adding VLAN 0 to HW filter on device bond0 [ 300.744741][T10492] bond0: (slave rose0): Enslaving as an active interface with an up link [ 300.822352][T10503] FAULT_INJECTION: forcing a failure. [ 300.822352][T10503] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 300.826430][T10503] CPU: 3 UID: 0 PID: 10503 Comm: syz.1.1344 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 300.826445][T10503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 300.826452][T10503] Call Trace: [ 300.826456][T10503] [ 300.826460][T10503] dump_stack_lvl+0x16c/0x1f0 [ 300.826479][T10503] should_fail_ex+0x512/0x640 [ 300.826498][T10503] _copy_from_user+0x2e/0xd0 [ 300.826510][T10503] __sys_bpf+0x21d/0x4d80 [ 300.826522][T10503] ? __pfx___sys_bpf+0x10/0x10 [ 300.826532][T10503] ? ksys_write+0x190/0x250 [ 300.826554][T10503] ? __mutex_unlock_slowpath+0x161/0x6a0 [ 300.826578][T10503] ? fput+0x70/0xf0 [ 300.826589][T10503] ? ksys_write+0x1ac/0x250 [ 300.826604][T10503] ? __pfx_ksys_write+0x10/0x10 [ 300.826622][T10503] __ia32_sys_bpf+0x76/0xe0 [ 300.826633][T10503] __do_fast_syscall_32+0x7c/0x3a0 [ 300.826651][T10503] do_fast_syscall_32+0x32/0x80 [ 300.826667][T10503] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 300.826680][T10503] RIP: 0023:0xf702e579 [ 300.826689][T10503] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 300.826700][T10503] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000165 [ 300.826710][T10503] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 0000000080000340 [ 300.826717][T10503] RDX: 0000000000000018 RSI: 0000000000000000 RDI: 0000000000000000 [ 300.826723][T10503] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 300.826729][T10503] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 300.826735][T10503] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 300.826748][T10503] [ 301.121074][ T53] usb 5-1: new high-speed USB device number 40 using dummy_hcd [ 301.312507][ T53] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 301.316585][ T53] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 301.320108][ T53] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 301.326593][ T53] usb 5-1: config 0 descriptor?? [ 301.450079][ T40] kauditd_printk_skb: 11061 callbacks suppressed [ 301.450090][ T40] audit: type=1326 audit(1749210793.787:55578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10533 comm="syz.1.1351" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x0 [ 301.534756][ T53] usbhid 5-1:0.0: can't add hid device: -71 [ 301.537177][ T53] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 301.544994][ T53] usb 5-1: USB disconnect, device number 40 [ 301.725006][ T40] audit: type=1326 audit(1749210794.067:55579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10552 comm="syz.2.1354" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x0 [ 301.810910][ T40] audit: type=1326 audit(1749210794.147:55580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10556 comm="syz.3.1355" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x0 [ 301.833073][T10570] blktrace: Concurrent blktraces are not allowed on sg0 [ 301.914675][T10571] blktrace: Concurrent blktraces are not allowed on sg0 [ 302.000882][ T7187] usb 5-1: new high-speed USB device number 41 using dummy_hcd [ 302.172362][ T7187] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 302.175744][ T7187] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 302.178597][ T7187] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.182542][ T7187] usb 5-1: config 0 descriptor?? [ 302.329348][ T40] audit: type=1326 audit(1749210794.667:55581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10574 comm="syz.1.1357" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x0 [ 302.394807][T10582] blktrace: Concurrent blktraces are not allowed on sg0 [ 302.598974][ T7187] usbhid 5-1:0.0: can't add hid device: -71 [ 302.600997][ T7187] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 302.606308][ T7187] usb 5-1: USB disconnect, device number 41 [ 304.154951][T10631] 9pnet_virtio: no channels available for device 127.0.0.1 [ 304.167196][T10635] FAULT_INJECTION: forcing a failure. [ 304.167196][T10635] name failslab, interval 1, probability 0, space 0, times 0 [ 304.171505][T10635] CPU: 1 UID: 0 PID: 10635 Comm: syz.1.1372 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 304.171521][T10635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 304.171528][T10635] Call Trace: [ 304.171532][T10635] [ 304.171537][T10635] dump_stack_lvl+0x16c/0x1f0 [ 304.171573][T10635] should_fail_ex+0x512/0x640 [ 304.171601][T10635] ? __kvmalloc_node_noprof+0x124/0x620 [ 304.171626][T10635] should_failslab+0xc2/0x120 [ 304.171638][T10635] __kvmalloc_node_noprof+0x137/0x620 [ 304.171655][T10635] ? seq_read_iter+0x826/0x12c0 [ 304.171672][T10635] ? seq_read_iter+0x826/0x12c0 [ 304.171684][T10635] seq_read_iter+0x826/0x12c0 [ 304.171699][T10635] ? aa_file_perm+0x4d6/0xfb0 [ 304.171718][T10635] ? register_lock_class+0x41/0x4c0 [ 304.171735][T10635] seq_read+0x39e/0x4e0 [ 304.171748][T10635] ? __pfx_seq_read+0x10/0x10 [ 304.171772][T10635] ? __pfx_seq_read+0x10/0x10 [ 304.171785][T10635] proc_reg_read+0x240/0x330 [ 304.171802][T10635] ? __pfx_proc_reg_read+0x10/0x10 [ 304.171819][T10635] vfs_read+0x1e1/0xc60 [ 304.171835][T10635] ? fdget_pos+0x2a2/0x370 [ 304.171853][T10635] ? __pfx_vfs_read+0x10/0x10 [ 304.171867][T10635] ? find_held_lock+0x2b/0x80 [ 304.171882][T10635] ? __fget_files+0x20e/0x3c0 [ 304.171896][T10635] ? handle_mm_fault+0x200/0xd10 [ 304.171915][T10635] ksys_read+0x12a/0x250 [ 304.171930][T10635] ? __pfx_ksys_read+0x10/0x10 [ 304.171946][T10635] ? rcu_is_watching+0x12/0xc0 [ 304.171961][T10635] __do_fast_syscall_32+0x7c/0x3a0 [ 304.171978][T10635] do_fast_syscall_32+0x32/0x80 [ 304.171994][T10635] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 304.172008][T10635] RIP: 0023:0xf702e579 [ 304.172017][T10635] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 304.172028][T10635] RSP: 002b:00000000f4fdc55c EFLAGS: 00000296 ORIG_RAX: 0000000000000003 [ 304.172039][T10635] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800021c0 [ 304.172046][T10635] RDX: 0000000000002020 RSI: 0000000000000000 RDI: 0000000000000000 [ 304.172052][T10635] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 304.172058][T10635] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 304.172064][T10635] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 304.172077][T10635] [ 304.877118][T10637] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1373'. [ 305.591126][ T5092] usb 8-1: new high-speed USB device number 55 using dummy_hcd [ 305.743170][ T5092] usb 8-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 305.746476][ T5092] usb 8-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 305.760870][ T5092] usb 8-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 305.781045][ T5092] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 305.785344][ T5092] usb 8-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 305.790174][ T5092] usb 8-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 305.801378][ T5092] usb 8-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 305.804888][ T5092] usb 8-1: Product: syz [ 305.806234][ T5092] usb 8-1: Manufacturer: syz [ 305.811674][ T5092] cdc_wdm 8-1:1.0: skipping garbage [ 305.813360][ T5092] cdc_wdm 8-1:1.0: skipping garbage [ 305.821155][ T5092] cdc_wdm 8-1:1.0: cdc-wdm0: USB WDM device [ 305.823032][ T5092] cdc_wdm 8-1:1.0: Unknown control protocol [ 306.470186][ T40] audit: type=1326 audit(1749210798.677:55582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10658 comm="syz.2.1378" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fa3579 code=0x0 [ 306.571381][T10676] blktrace: Concurrent blktraces are not allowed on sg0 [ 306.650593][ T9] usb 8-1: USB disconnect, device number 55 [ 307.816458][T10705] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 307.977476][ T40] audit: type=1326 audit(1749210800.317:55583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10692 comm="syz.0.1385" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7fb1579 code=0x0 [ 308.369688][ T40] audit: type=1326 audit(1749210800.707:55584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10714 comm="syz.3.1389" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x0 [ 308.422632][T10724] blktrace: Concurrent blktraces are not allowed on sg0 [ 308.831307][ T9483] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 309.004807][ T9483] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 309.008568][ T9483] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 309.013102][ T9483] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 309.016843][ T9483] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 309.023642][ T9483] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 309.029803][ T9483] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 309.033805][ T9483] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 309.037100][ T9483] usb 5-1: Product: syz [ 309.038819][ T9483] usb 5-1: Manufacturer: syz [ 309.050063][ T9483] cdc_wdm 5-1:1.0: skipping garbage [ 309.054862][ T9483] cdc_wdm 5-1:1.0: skipping garbage [ 309.058355][ T9483] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 309.060793][ T9483] cdc_wdm 5-1:1.0: Unknown control protocol [ 309.858165][ T7979] usb 5-1: USB disconnect, device number 42 [ 310.575930][T10773] bond0: (slave rose0): Error: Device is in use and cannot be enslaved [ 312.770190][T10831] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1416'. [ 312.880341][ T40] audit: type=1326 audit(1749210805.217:55585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10816 comm="syz.3.1411" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x0 [ 312.985882][T10848] blktrace: Concurrent blktraces are not allowed on sg0 [ 313.377115][T10852] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1418'. [ 313.830997][T10863] netlink: 892 bytes leftover after parsing attributes in process `syz.2.1422'. [ 314.013478][T10871] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1426'. [ 314.074631][T10874] netlink: 'syz.0.1427': attribute type 2 has an invalid length. [ 314.653158][T10883] usb usb8: usbfs: process 10883 (syz.1.1430) did not claim interface 0 before use [ 314.886689][T10898] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1435'. [ 315.254223][T10908] FAULT_INJECTION: forcing a failure. [ 315.254223][T10908] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 315.258743][T10908] CPU: 0 UID: 0 PID: 10908 Comm: syz.0.1439 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 315.258758][T10908] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 315.258766][T10908] Call Trace: [ 315.258770][T10908] [ 315.258775][T10908] dump_stack_lvl+0x16c/0x1f0 [ 315.258794][T10908] should_fail_ex+0x512/0x640 [ 315.258814][T10908] _copy_from_user+0x2e/0xd0 [ 315.258825][T10908] get_compat_msghdr+0xa7/0x170 [ 315.258842][T10908] ? __pfx_get_compat_msghdr+0x10/0x10 [ 315.258864][T10908] ___sys_sendmsg+0x1ae/0x1d0 [ 315.258881][T10908] ? __pfx____sys_sendmsg+0x10/0x10 [ 315.258903][T10908] ? find_held_lock+0x2b/0x80 [ 315.258923][T10908] __sys_sendmsg+0x16d/0x220 [ 315.258942][T10908] ? __pfx___sys_sendmsg+0x10/0x10 [ 315.258974][T10908] ? rcu_is_watching+0x12/0xc0 [ 315.258987][T10908] __do_fast_syscall_32+0x7c/0x3a0 [ 315.259005][T10908] do_fast_syscall_32+0x32/0x80 [ 315.259021][T10908] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 315.259036][T10908] RIP: 0023:0xf7fb1579 [ 315.259045][T10908] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 315.259056][T10908] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 315.259071][T10908] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080001040 [ 315.259082][T10908] RDX: 00000000200000d0 RSI: 0000000000000000 RDI: 0000000000000000 [ 315.259092][T10908] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 315.259100][T10908] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 315.259107][T10908] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 315.259120][T10908] [ 315.290896][ T60] usb 7-1: new high-speed USB device number 44 using dummy_hcd [ 315.472094][ T60] usb 7-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 315.474808][ T60] usb 7-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 315.478822][ T60] usb 7-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 315.481887][ T60] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 315.485318][ T60] usb 7-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 315.490214][ T60] usb 7-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 315.493263][ T60] usb 7-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 315.495794][ T60] usb 7-1: Product: syz [ 315.497503][ T60] usb 7-1: Manufacturer: syz [ 315.510320][ T60] cdc_wdm 7-1:1.0: skipping garbage [ 315.512309][ T60] cdc_wdm 7-1:1.0: skipping garbage [ 315.519301][ T60] cdc_wdm 7-1:1.0: cdc-wdm0: USB WDM device [ 315.521339][ T60] cdc_wdm 7-1:1.0: Unknown control protocol [ 315.953915][T10918] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1441'. [ 315.966217][T10918] team1: entered promiscuous mode [ 315.968305][T10918] 8021q: adding VLAN 0 to HW filter on device team1 [ 316.141267][ T60] usb 8-1: new high-speed USB device number 56 using dummy_hcd [ 316.268330][ T5826] usb 7-1: USB disconnect, device number 44 [ 316.413969][ T60] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 316.417638][ T60] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 316.420656][ T60] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 316.472474][ T60] usb 8-1: config 0 descriptor?? [ 316.561986][T10934] FAULT_INJECTION: forcing a failure. [ 316.561986][T10934] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 316.566388][T10934] CPU: 3 UID: 0 PID: 10934 Comm: syz.0.1445 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 316.566405][T10934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 316.566412][T10934] Call Trace: [ 316.566416][T10934] [ 316.566421][T10934] dump_stack_lvl+0x16c/0x1f0 [ 316.566440][T10934] should_fail_ex+0x512/0x640 [ 316.566459][T10934] _copy_from_user+0x2e/0xd0 [ 316.566475][T10934] move_addr_to_kernel+0x65/0x170 [ 316.566489][T10934] __sys_sendto+0x1be/0x520 [ 316.566503][T10934] ? __pfx___sys_sendto+0x10/0x10 [ 316.566529][T10934] ? ksys_write+0x1ac/0x250 [ 316.566545][T10934] ? __pfx_ksys_write+0x10/0x10 [ 316.566563][T10934] __ia32_sys_sendto+0xdd/0x1b0 [ 316.566577][T10934] ? lockdep_hardirqs_on+0x7c/0x110 [ 316.566592][T10934] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 316.566607][T10934] __do_fast_syscall_32+0x7c/0x3a0 [ 316.566625][T10934] do_fast_syscall_32+0x32/0x80 [ 316.566640][T10934] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 316.566654][T10934] RIP: 0023:0xf7fb1579 [ 316.566663][T10934] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 316.566673][T10934] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000171 [ 316.566677][ T1420] ieee802154 phy0 wpan0: encryption failed: -22 [ 316.566684][T10934] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 316.566691][T10934] RDX: 0000000000000004 RSI: 0000000020008040 RDI: 0000000080000080 [ 316.566697][T10934] RBP: 0000000000000014 R08: 0000000000000000 R09: 0000000000000000 [ 316.566703][T10934] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 316.566709][T10934] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 316.566722][T10934] [ 316.630547][ T1420] ieee802154 phy1 wpan1: encryption failed: -22 [ 316.679920][ T60] usbhid 8-1:0.0: can't add hid device: -71 [ 316.682174][ T60] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 316.685830][ T60] usb 8-1: USB disconnect, device number 56 [ 316.950927][ T9] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 317.046753][T10948] netlink: 'syz.1.1451': attribute type 2 has an invalid length. [ 317.103364][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.107500][ T9] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 317.110416][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.116726][ T9] usb 5-1: config 0 descriptor?? [ 317.122937][ T7979] usb 8-1: new high-speed USB device number 57 using dummy_hcd [ 317.294639][ T7979] usb 8-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.299131][ T7979] usb 8-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 317.303361][ T7979] usb 8-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.309807][ T7979] usb 8-1: config 0 descriptor?? [ 317.328535][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 317.330666][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 317.337165][ T9] usb 5-1: USB disconnect, device number 43 [ 317.700160][ T5952] Bluetooth: Wrong link type (-57) [ 317.725972][ T7979] usbhid 8-1:0.0: can't add hid device: -71 [ 317.727900][ T7979] usbhid 8-1:0.0: probe with driver usbhid failed with error -71 [ 317.731440][ T7979] usb 8-1: USB disconnect, device number 57 [ 317.790945][ T5826] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 317.932423][T10961] FAULT_INJECTION: forcing a failure. [ 317.932423][T10961] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 317.937697][T10961] CPU: 0 UID: 0 PID: 10961 Comm: syz.2.1455 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 317.937720][T10961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 317.937730][T10961] Call Trace: [ 317.937737][T10961] [ 317.937744][T10961] dump_stack_lvl+0x16c/0x1f0 [ 317.937772][T10961] should_fail_ex+0x512/0x640 [ 317.937801][T10961] _copy_to_user+0x32/0xd0 [ 317.937818][T10961] simple_read_from_buffer+0xcb/0x170 [ 317.937843][T10961] proc_fail_nth_read+0x197/0x270 [ 317.937865][T10961] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 317.937886][T10961] ? rw_verify_area+0xcf/0x680 [ 317.937908][T10961] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 317.937928][T10961] vfs_read+0x1e1/0xc60 [ 317.937951][T10961] ? fdget_pos+0x2a2/0x370 [ 317.937977][T10961] ? __pfx_vfs_read+0x10/0x10 [ 317.937998][T10961] ? find_held_lock+0x2b/0x80 [ 317.938021][T10961] ? __fget_files+0x20e/0x3c0 [ 317.938051][T10961] ksys_read+0x12a/0x250 [ 317.938073][T10961] ? __pfx_ksys_read+0x10/0x10 [ 317.938098][T10961] ? rcu_is_watching+0x12/0xc0 [ 317.938118][T10961] __do_fast_syscall_32+0x7c/0x3a0 [ 317.938144][T10961] do_fast_syscall_32+0x32/0x80 [ 317.938167][T10961] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 317.938188][T10961] RIP: 0023:0xf7fa3579 [ 317.938200][T10961] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 317.938216][T10961] RSP: 002b:00000000f50c6590 EFLAGS: 00000293 ORIG_RAX: 0000000000000003 [ 317.938231][T10961] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f50c6620 [ 317.938241][T10961] RDX: 000000000000000f RSI: 00000000f7432ff4 RDI: 0000000000000000 [ 317.938251][T10961] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 317.938260][T10961] R10: 0000000000000000 R11: 0000000000000296 R12: 0000000000000000 [ 317.938270][T10961] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 317.938292][T10961] [ 317.952769][ T5826] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 318.030769][ T5826] usb 5-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 318.034609][ T5826] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.040605][ T5826] usb 5-1: config 0 descriptor?? [ 318.231068][ T40] audit: type=1326 audit(1749210810.567:55586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10967 comm="syz.1.1458" exe="/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x0 [ 318.456053][ T5826] usbhid 5-1:0.0: can't add hid device: -71 [ 318.458034][ T5826] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 318.458918][T10981] FAULT_INJECTION: forcing a failure. [ 318.458918][T10981] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 318.461989][ T5826] usb 5-1: USB disconnect, device number 44 [ 318.464623][T10981] CPU: 1 UID: 0 PID: 10981 Comm: syz.3.1460 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 318.464638][T10981] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 318.464646][T10981] Call Trace: [ 318.464650][T10981] [ 318.464654][T10981] dump_stack_lvl+0x16c/0x1f0 [ 318.464673][T10981] should_fail_ex+0x512/0x640 [ 318.464693][T10981] _copy_from_user+0x2e/0xd0 [ 318.464704][T10981] move_addr_to_kernel+0x65/0x170 [ 318.464718][T10981] __sys_bind+0x11b/0x260 [ 318.464730][T10981] ? __pfx___sys_bind+0x10/0x10 [ 318.464742][T10981] ? __fget_files+0x20e/0x3c0 [ 318.464762][T10981] ? __pfx_ksys_write+0x10/0x10 [ 318.464781][T10981] __ia32_sys_bind+0x71/0xb0 [ 318.464793][T10981] ? syscall_enter_from_user_mode_prepare+0x68/0xe0 [ 318.464809][T10981] __do_fast_syscall_32+0x7c/0x3a0 [ 318.464826][T10981] do_fast_syscall_32+0x32/0x80 [ 318.464842][T10981] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 318.464876][T10981] RIP: 0023:0xf7f17579 [ 318.464890][T10981] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 318.464905][T10981] RSP: 002b:00000000f503655c EFLAGS: 00000296 ORIG_RAX: 0000000000000169 [ 318.464919][T10981] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000000 [ 318.464927][T10981] RDX: 000000000000000e RSI: 0000000000000000 RDI: 0000000000000000 [ 318.464932][T10981] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 318.464939][T10981] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 318.464946][T10981] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 318.464959][T10981] [ 318.883600][T10994] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1465'. [ 319.013504][T10998] netlink: 'syz.2.1466': attribute type 2 has an invalid length. [ 319.122524][T11002] netlink: 'syz.2.1469': attribute type 1 has an invalid length. [ 319.200015][T11010] netlink: 'syz.2.1472': attribute type 2 has an invalid length. [ 319.205077][T11010] netlink: 723 bytes leftover after parsing attributes in process `syz.2.1472'. [ 319.311075][ T7979] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 319.341934][ T5952] Bluetooth: Wrong link type (-57) [ 319.396143][T11021] FAULT_INJECTION: forcing a failure. [ 319.396143][T11021] name failslab, interval 1, probability 0, space 0, times 0 [ 319.400240][T11021] CPU: 3 UID: 0 PID: 11021 Comm: syz.2.1476 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 319.400255][T11021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 319.400262][T11021] Call Trace: [ 319.400267][T11021] [ 319.400272][T11021] dump_stack_lvl+0x16c/0x1f0 [ 319.400295][T11021] should_fail_ex+0x512/0x640 [ 319.400312][T11021] ? fs_reclaim_acquire+0xae/0x150 [ 319.400391][T11021] ? tomoyo_realpath_from_path+0xc2/0x6e0 [ 319.400407][T11021] should_failslab+0xc2/0x120 [ 319.400418][T11021] __kmalloc_noprof+0xd2/0x510 [ 319.400438][T11021] tomoyo_realpath_from_path+0xc2/0x6e0 [ 319.400487][T11021] ? tomoyo_profile+0x47/0x60 [ 319.400498][T11021] tomoyo_path_number_perm+0x245/0x580 [ 319.400511][T11021] ? tomoyo_path_number_perm+0x237/0x580 [ 319.400525][T11021] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 319.400554][T11021] ? find_held_lock+0x2b/0x80 [ 319.400565][T11021] ? hook_file_ioctl_common+0x145/0x410 [ 319.400581][T11021] ? __fget_files+0x20e/0x3c0 [ 319.400595][T11021] ? __fput_deferred+0x470/0x480 [ 319.400609][T11021] security_file_ioctl_compat+0x9b/0x240 [ 319.400624][T11021] __ia32_compat_sys_ioctl+0xc3/0x370 [ 319.400640][T11021] __do_fast_syscall_32+0x7c/0x3a0 [ 319.400657][T11021] do_fast_syscall_32+0x32/0x80 [ 319.400673][T11021] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 319.400687][T11021] RIP: 0023:0xf7fa3579 [ 319.400696][T11021] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 319.400707][T11021] RSP: 002b:00000000f50c655c EFLAGS: 00000296 ORIG_RAX: 0000000000000036 [ 319.400718][T11021] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c028aa03 [ 319.400724][T11021] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 319.400730][T11021] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 319.400736][T11021] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 319.400742][T11021] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 319.400755][T11021] [ 319.400760][T11021] ERROR: Out of memory at tomoyo_realpath_from_path. [ 319.482617][ T7979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 319.486021][ T7979] usb 6-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 319.488767][ T7979] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.494540][ T7979] usb 6-1: config 0 descriptor?? [ 319.502430][ T40] audit: type=1326 audit(1749210811.837:55587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1477" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 319.516090][ T40] audit: type=1326 audit(1749210811.837:55588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1477" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 319.529896][ T40] audit: type=1326 audit(1749210811.837:55589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1477" exe="/syz-executor" sig=0 arch=40000003 syscall=138 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 319.548249][ T40] audit: type=1326 audit(1749210811.837:55590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1477" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 319.558516][ T40] audit: type=1326 audit(1749210811.837:55591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1477" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 319.584900][ T40] audit: type=1326 audit(1749210811.837:55592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1477" exe="/syz-executor" sig=0 arch=40000003 syscall=374 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 319.603739][ T40] audit: type=1326 audit(1749210811.837:55593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1477" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 319.620700][ T40] audit: type=1326 audit(1749210811.837:55594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1477" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 319.627679][T11028] FAULT_INJECTION: forcing a failure. [ 319.627679][T11028] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 319.627697][T11028] CPU: 3 UID: 0 PID: 11028 Comm: syz.0.1487 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 319.627711][T11028] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 319.627719][T11028] Call Trace: [ 319.627722][T11028] [ 319.627727][T11028] dump_stack_lvl+0x16c/0x1f0 [ 319.627745][T11028] should_fail_ex+0x512/0x640 [ 319.627765][T11028] _copy_from_user+0x2e/0xd0 [ 319.627776][T11028] get_compat_msghdr+0xa7/0x170 [ 319.627793][T11028] ? __pfx_get_compat_msghdr+0x10/0x10 [ 319.627814][T11028] ___sys_sendmsg+0x1ae/0x1d0 [ 319.627831][T11028] ? __pfx____sys_sendmsg+0x10/0x10 [ 319.627853][T11028] ? find_held_lock+0x2b/0x80 [ 319.627873][T11028] __sys_sendmsg+0x16d/0x220 [ 319.627888][T11028] ? __pfx___sys_sendmsg+0x10/0x10 [ 319.627910][T11028] ? rcu_is_watching+0x12/0xc0 [ 319.627923][T11028] __do_fast_syscall_32+0x7c/0x3a0 [ 319.627940][T11028] do_fast_syscall_32+0x32/0x80 [ 319.627956][T11028] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 319.627970][T11028] RIP: 0023:0xf7fb1579 [ 319.627979][T11028] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 319.627989][T11028] RSP: 002b:00000000f50d655c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 319.628000][T11028] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000900 [ 319.628007][T11028] RDX: 0000000020000800 RSI: 0000000000000000 RDI: 0000000000000000 [ 319.628013][T11028] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 319.628019][T11028] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 319.628025][T11028] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 319.628038][T11028] [ 319.688396][ T40] audit: type=1326 audit(1749210811.837:55595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11022 comm="syz.3.1477" exe="/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f17579 code=0x7ffc0000 [ 319.697998][T11032] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1477'. [ 319.860932][ T5988] usb 7-1: new high-speed USB device number 45 using dummy_hcd [ 319.889069][T11038] netlink: 'syz.0.1482': attribute type 2 has an invalid length. [ 319.892691][T11038] netlink: 723 bytes leftover after parsing attributes in process `syz.0.1482'. [ 320.022568][ T5988] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 320.025962][ T5988] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 320.028671][ T5988] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.032706][ T5988] usb 7-1: config 0 descriptor?? [ 320.254320][ T5988] usbhid 7-1:0.0: can't add hid device: -71 [ 320.256280][ T5988] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 320.259772][ T5988] usb 7-1: USB disconnect, device number 45 [ 320.274250][ T7979] usbhid 6-1:0.0: can't add hid device: -71 [ 320.276443][ T7979] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 320.298095][T11046] IPVS: sync thread started: state = MASTER, mcast_ifn = veth0_virt_wifi, syncid = 33554432, id = 0 [ 320.298623][T11045] IPVS: stopping master sync thread 11046 ... [ 320.322720][ T7979] usb 6-1: USB disconnect, device number 48 [ 320.508861][ T5952] Bluetooth: Wrong link type (-57) [ 320.622998][ T7979] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 320.691040][ T5988] usb 7-1: new high-speed USB device number 46 using dummy_hcd [ 320.775674][T11062] netlink: 260 bytes leftover after parsing attributes in process `syz.3.1491'. [ 320.780890][ T7979] usb 6-1: Using ep0 maxpacket: 32 [ 320.785757][ T7979] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 320.789143][ T7979] usb 6-1: New USB device found, idVendor=0911, idProduct=3333, bcdDevice= 0.40 [ 320.792227][ T7979] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.796972][ T7979] usb 6-1: config 0 descriptor?? [ 320.863783][ T5988] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 320.867175][ T5988] usb 7-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 320.870029][ T5988] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 320.886144][ T5988] usb 7-1: config 0 descriptor?? [ 321.210231][ T7979] usbhid 6-1:0.0: can't add hid device: -71 [ 321.212107][ T7979] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 321.215831][ T7979] usb 6-1: USB disconnect, device number 49 [ 321.243971][ T46] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.296656][ T5988] usbhid 7-1:0.0: can't add hid device: -71 [ 321.299239][ T5988] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 321.306423][ T5988] usb 7-1: USB disconnect, device number 46 [ 321.315136][ T46] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.418451][ T46] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.518582][ T46] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 321.832221][ T46] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 321.838397][ T46] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 321.843182][ T63] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 321.846770][ T63] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 321.850371][ T46] bond0 (unregistering): Released all slaves [ 321.850395][ T63] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 321.859035][ T63] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 321.865619][ T63] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 321.890506][T11068] lo speed is unknown, defaulting to 1000 [ 322.187680][T11068] chnl_net:caif_netlink_parms(): no params data found [ 322.598451][T11068] bridge0: port 1(bridge_slave_0) entered blocking state [ 322.607957][T11068] bridge0: port 1(bridge_slave_0) entered disabled state [ 322.610465][T11068] bridge_slave_0: entered allmulticast mode [ 322.618204][T11068] bridge_slave_0: entered promiscuous mode [ 322.621572][T11068] bridge0: port 2(bridge_slave_1) entered blocking state [ 322.623959][T11068] bridge0: port 2(bridge_slave_1) entered disabled state [ 322.631064][T11068] bridge_slave_1: entered allmulticast mode [ 322.633861][T11068] bridge_slave_1: entered promiscuous mode [ 322.739136][ T46] hsr_slave_0: left promiscuous mode [ 322.744721][ T46] hsr_slave_1: left promiscuous mode [ 322.747683][ T46] batman_adv: batadv0: Interface deactivated: dummy0 [ 322.750562][ T46] batman_adv: batadv0: Removing interface: dummy0 [ 322.759744][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 322.763015][ T46] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 322.767593][ T46] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 322.773622][ T46] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 322.832102][ T46] veth1_macvtap: left promiscuous mode [ 322.834026][ T46] veth0_macvtap: left promiscuous mode [ 322.835731][ T46] veth1_vlan: left promiscuous mode [ 322.838042][ T46] veth0_vlan: left promiscuous mode [ 323.023540][T11097] FAULT_INJECTION: forcing a failure. [ 323.023540][T11097] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 323.027442][T11097] CPU: 2 UID: 0 PID: 11097 Comm: syz.1.1498 Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 323.027457][T11097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 323.027464][T11097] Call Trace: [ 323.027469][T11097] [ 323.027474][T11097] dump_stack_lvl+0x16c/0x1f0 [ 323.027493][T11097] should_fail_ex+0x512/0x640 [ 323.027513][T11097] _copy_from_user+0x2e/0xd0 [ 323.027524][T11097] get_compat_msghdr+0xa7/0x170 [ 323.027541][T11097] ? __pfx_get_compat_msghdr+0x10/0x10 [ 323.027562][T11097] ___sys_sendmsg+0x1ae/0x1d0 [ 323.027579][T11097] ? __pfx____sys_sendmsg+0x10/0x10 [ 323.027601][T11097] ? find_held_lock+0x2b/0x80 [ 323.027622][T11097] __sys_sendmsg+0x16d/0x220 [ 323.027637][T11097] ? __pfx___sys_sendmsg+0x10/0x10 [ 323.027659][T11097] ? rcu_is_watching+0x12/0xc0 [ 323.027672][T11097] __do_fast_syscall_32+0x7c/0x3a0 [ 323.027690][T11097] do_fast_syscall_32+0x32/0x80 [ 323.027706][T11097] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 323.027719][T11097] RIP: 0023:0xf702e579 [ 323.027728][T11097] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 323.027738][T11097] RSP: 002b:00000000f501e55c EFLAGS: 00000296 ORIG_RAX: 0000000000000172 [ 323.027749][T11097] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000580 [ 323.027755][T11097] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 323.027761][T11097] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 323.027767][T11097] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 323.027773][T11097] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 323.027786][T11097] [ 323.271527][T11104] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1500'. [ 323.275959][T11104] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1500'. [ 323.642634][ T46] team0 (unregistering): Port device team_slave_1 removed [ 323.708029][ T46] team0 (unregistering): Port device team_slave_0 removed [ 323.930968][ T5952] Bluetooth: hci2: command tx timeout [ 324.051796][ T40] kauditd_printk_skb: 27 callbacks suppressed [ 324.051808][ T40] audit: type=1326 audit(1749210816.387:55623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11110 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 324.060510][ T40] audit: type=1326 audit(1749210816.387:55624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11110 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 324.068733][ T40] audit: type=1326 audit(1749210816.387:55625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11110 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=40000003 syscall=30 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 324.075537][ T40] audit: type=1326 audit(1749210816.397:55626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11110 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 324.082353][ T40] audit: type=1326 audit(1749210816.397:55627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11110 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 324.089081][ T40] audit: type=1326 audit(1749210816.397:55628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11110 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=40000003 syscall=321 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 324.096723][ T40] audit: type=1326 audit(1749210816.397:55629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11110 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 324.103447][ T40] audit: type=1326 audit(1749210816.397:55630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11110 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 324.110018][ T40] audit: type=1326 audit(1749210816.397:55631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11110 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=40000003 syscall=224 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 324.117160][ T40] audit: type=1326 audit(1749210816.397:55632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11110 comm="syz.1.1502" exe="/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf702e579 code=0x7ffc0000 [ 324.196214][T11116] IPv6: Can't replace route, no match found [ 324.472209][T11068] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 324.477073][T11068] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 324.559926][T11068] team0: Port device team_slave_0 added [ 324.573716][T11068] team0: Port device team_slave_1 added [ 324.690645][T11068] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 324.692959][T11068] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.702282][T11068] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 324.706578][T11068] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 324.708757][T11068] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 324.721231][T11068] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 324.935064][T11068] hsr_slave_0: entered promiscuous mode [ 324.937437][T11068] hsr_slave_1: entered promiscuous mode [ 324.965264][T11068] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 324.967664][T11068] Cannot create hsr debugfs directory [ 325.384777][T11171] overlay: Unknown parameter 'fscontext' [ 325.417004][T11171] overlay: ./file0 is not a directory [ 325.743004][T11183] lo speed is unknown, defaulting to 1000 [ 325.743131][T11184] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1506'. [ 326.008934][T11068] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 326.011125][ T5952] Bluetooth: hci2: command tx timeout [ 326.028041][T11068] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 326.037098][T11068] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 326.045439][T11068] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 326.100020][T11068] 8021q: adding VLAN 0 to HW filter on device bond0 [ 326.109473][T11068] 8021q: adding VLAN 0 to HW filter on device team0 [ 326.115418][ T1055] bridge0: port 1(bridge_slave_0) entered blocking state [ 326.118125][ T1055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 326.126526][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 326.129130][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 326.405488][T11068] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 326.447339][T11068] veth0_vlan: entered promiscuous mode [ 326.453748][T11221] netlink: 'syz.0.1511': attribute type 5 has an invalid length. [ 326.459546][T11068] veth1_vlan: entered promiscuous mode [ 326.470895][ T7979] usb 7-1: new high-speed USB device number 47 using dummy_hcd [ 326.479478][T11068] veth0_macvtap: entered promiscuous mode [ 326.486221][T11068] veth1_macvtap: entered promiscuous mode [ 326.502774][T11068] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 326.511636][T11068] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 326.520540][T11068] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.524204][T11068] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.527011][T11068] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.529734][T11068] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 326.597028][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 326.599653][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 326.618756][ T1142] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 326.623476][ T1142] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 326.636910][T11068] ================================================================== [ 326.639472][T11068] BUG: KASAN: slab-use-after-free in binder_add_device+0xa4/0xb0 [ 326.641928][T11068] Write of size 8 at addr ffff888024e93408 by task syz-executor/11068 [ 326.642314][ T7979] usb 7-1: Using ep0 maxpacket: 16 [ 326.646339][T11068] [ 326.646350][T11068] CPU: 1 UID: 0 PID: 11068 Comm: syz-executor Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 326.646365][T11068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 326.646372][T11068] Call Trace: [ 326.646377][T11068] [ 326.646381][T11068] dump_stack_lvl+0x116/0x1f0 [ 326.646399][T11068] print_report+0xcd/0x680 [ 326.646410][T11068] ? __virt_addr_valid+0x81/0x610 [ 326.646423][T11068] ? __phys_addr+0xe8/0x180 [ 326.646434][T11068] ? binder_add_device+0xa4/0xb0 [ 326.646446][T11068] kasan_report+0xe0/0x110 [ 326.646456][T11068] ? binder_add_device+0xa4/0xb0 [ 326.646468][T11068] binder_add_device+0xa4/0xb0 [ 326.646479][T11068] binderfs_binder_device_create.isra.0+0xa03/0xc30 [ 326.646496][T11068] binderfs_fill_super+0x8d4/0x1360 [ 326.646511][T11068] ? __pfx_binderfs_fill_super+0x10/0x10 [ 326.646531][T11068] ? shrinker_register+0x1a8/0x260 [ 326.646548][T11068] ? sget_fc+0x808/0xc20 [ 326.646564][T11068] ? apparmor_capable+0x114/0x1d0 [ 326.646575][T11068] ? __pfx_set_anon_super_fc+0x10/0x10 [ 326.646589][T11068] ? __pfx_binderfs_fill_super+0x10/0x10 [ 326.646602][T11068] get_tree_nodev+0xda/0x190 [ 326.646618][T11068] vfs_get_tree+0x8e/0x340 [ 326.646630][T11068] path_mount+0x14d4/0x1f70 [ 326.646640][T11068] ? kmem_cache_free+0x2d1/0x4d0 [ 326.646656][T11068] ? __pfx_path_mount+0x10/0x10 [ 326.646672][T11068] ? getname_flags.part.0+0x1c5/0x550 [ 326.646685][T11068] ? putname+0x154/0x1a0 [ 326.646696][T11068] __ia32_sys_mount+0x28b/0x310 [ 326.646705][T11068] ? __pfx___ia32_sys_mount+0x10/0x10 [ 326.646715][T11068] ? __pfx___ia32_sys_umount+0x10/0x10 [ 326.646731][T11068] ? rcu_is_watching+0x12/0xc0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 326.646743][T11068] __do_fast_syscall_32+0x7c/0x3a0 [ 326.646759][T11068] do_fast_syscall_32+0x32/0x80 [ 326.646775][T11068] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 326.646789][T11068] RIP: 0023:0xf7f27579 [ 326.646797][T11068] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 326.646808][T11068] RSP: 002b:00000000fff4cc80 EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 326.646818][T11068] RAX: ffffffffffffffda RBX: 00000000f7246571 RCX: 00000000f7236c67 [ 326.646825][T11068] RDX: 00000000f7246571 RSI: 0000000000000000 RDI: 0000000000000000 [ 326.646832][T11068] RBP: 00000000f7214088 R08: 0000000000000000 R09: 0000000000000000 [ 326.646838][T11068] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 326.646845][T11068] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 326.646854][T11068] [ 326.646858][T11068] [ 326.731818][T11068] Allocated by task 11183: [ 326.733239][T11068] kasan_save_stack+0x33/0x60 [ 326.734732][T11068] kasan_save_track+0x14/0x30 [ 326.736220][T11068] __kasan_kmalloc+0xaa/0xb0 [ 326.737698][T11068] inetdev_init+0x66/0x5a0 [ 326.739110][T11068] inetdev_event+0xc5f/0x18a0 [ 326.740636][T11068] notifier_call_chain+0xbc/0x410 [ 326.742254][T11068] call_netdevice_notifiers_info+0xbe/0x140 [ 326.744066][T11068] register_netdevice+0x182e/0x2270 [ 326.745687][T11068] register_netdev+0x34/0x50 [ 326.747162][T11068] sit_init_net+0x286/0x630 [ 326.748599][T11068] ops_init+0x1e2/0x5f0 [ 326.749926][T11068] setup_net+0x1ff/0x510 [ 326.751266][T11068] copy_net_ns+0x2a6/0x5f0 [ 326.752672][T11068] create_new_namespaces+0x3ea/0xa90 [ 326.754338][T11068] unshare_nsproxy_namespaces+0xc0/0x1f0 [ 326.756093][T11068] ksys_unshare+0x45b/0xa40 [ 326.757520][T11068] __ia32_sys_unshare+0x30/0x40 [ 326.759027][T11068] __do_fast_syscall_32+0x7c/0x3a0 [ 326.760617][T11068] do_fast_syscall_32+0x32/0x80 [ 326.762151][T11068] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 326.764102][T11068] [ 326.764888][T11068] Freed by task 33: [ 326.766105][T11068] kasan_save_stack+0x33/0x60 [ 326.767600][T11068] kasan_save_track+0x14/0x30 [ 326.769046][T11068] kasan_save_free_info+0x3b/0x60 [ 326.770645][T11068] __kasan_slab_free+0x51/0x70 [ 326.772127][T11068] kfree+0x2b4/0x4d0 [ 326.773384][T11068] rcu_core+0x79c/0x14e0 [ 326.774711][T11068] handle_softirqs+0x219/0x8e0 [ 326.776192][T11068] run_ksoftirqd+0x3a/0x60 [ 326.777620][T11068] smpboot_thread_fn+0x3f7/0xae0 [ 326.779175][T11068] kthread+0x3c2/0x780 [ 326.780498][T11068] ret_from_fork+0x5d7/0x6f0 [ 326.781960][T11068] ret_from_fork_asm+0x1a/0x30 [ 326.783700][T11068] [ 326.784689][T11068] Last potentially related work creation: [ 326.786631][T11068] kasan_save_stack+0x33/0x60 [ 326.788231][T11068] kasan_record_aux_stack+0xa7/0xc0 [ 326.790284][T11068] __call_rcu_common.constprop.0+0x9a/0x9f0 [ 326.792507][T11068] in_dev_finish_destroy+0x15c/0x1d0 [ 326.794542][T11068] inetdev_event+0xf8b/0x18a0 [ 326.796345][T11068] notifier_call_chain+0xbc/0x410 [ 326.798298][T11068] call_netdevice_notifiers_info+0xbe/0x140 [ 326.800580][T11068] unregister_netdevice_many_notify+0xf9d/0x2700 [ 326.803184][T11068] ops_undo_list+0x8fc/0xab0 [ 326.805216][T11068] cleanup_net+0x408/0x890 [ 326.807048][T11068] process_one_work+0x9cf/0x1b70 [ 326.808995][T11068] worker_thread+0x6c8/0xf10 [ 326.810840][T11068] kthread+0x3c2/0x780 [ 326.812430][T11068] ret_from_fork+0x5d7/0x6f0 [ 326.814238][T11068] ret_from_fork_asm+0x1a/0x30 [ 326.816083][T11068] [ 326.817040][T11068] The buggy address belongs to the object at ffff888024e93400 [ 326.817040][T11068] which belongs to the cache kmalloc-512 of size 512 [ 326.822266][T11068] The buggy address is located 8 bytes inside of [ 326.822266][T11068] freed 512-byte region [ffff888024e93400, ffff888024e93600) [ 326.827339][T11068] [ 326.828287][T11068] The buggy address belongs to the physical page: [ 326.830416][T11068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff888024e93400 pfn:0x24e90 [ 326.833499][T11068] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 326.836038][T11068] flags: 0xfff00000000240(workingset|head|node=0|zone=1|lastcpupid=0x7ff) [ 326.838630][T11068] page_type: f5(slab) [ 326.839888][T11068] raw: 00fff00000000240 ffff88801b442c80 ffffea00004b3d10 ffffea00004c7f10 [ 326.842568][T11068] raw: ffff888024e93400 000000000010000d 00000000f5000000 0000000000000000 [ 326.845221][T11068] head: 00fff00000000240 ffff88801b442c80 ffffea00004b3d10 ffffea00004c7f10 [ 326.847882][T11068] head: ffff888024e93400 000000000010000d 00000000f5000000 0000000000000000 [ 326.850584][T11068] head: 00fff00000000002 ffffea000093a401 00000000ffffffff 00000000ffffffff [ 326.853254][T11068] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 326.855905][T11068] page dumped because: kasan: bad access detected [ 326.857902][T11068] page_owner tracks the page as allocated [ 326.859605][T11068] page last allocated via order 2, migratetype Unmovable, gfp_mask 0x52820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1142, tgid 1142 (kworker/u32:8), ts 48163879426, free_ts 48124312538 [ 326.865437][T11068] post_alloc_hook+0x1c0/0x230 [ 326.866955][T11068] get_page_from_freelist+0x1321/0x3890 [ 326.868688][T11068] __alloc_frozen_pages_noprof+0x261/0x23f0 [ 326.870545][T11068] alloc_pages_mpol+0x1fb/0x550 [ 326.872066][T11068] new_slab+0x23b/0x330 [ 326.873376][T11068] ___slab_alloc+0xd9c/0x1940 [ 326.874853][T11068] __slab_alloc.constprop.0+0x56/0xb0 [ 326.876529][T11068] __kmalloc_noprof+0x2f2/0x510 [ 326.878071][T11068] fib6_info_alloc+0x40/0x160 [ 326.879553][T11068] ip6_route_info_create+0x14c/0x870 [ 326.881212][T11068] ip6_route_add+0x26/0x1d0 [ 326.882635][T11068] addrconf_prefix_route+0x2fd/0x510 [ 326.884288][T11068] addrconf_add_linklocal+0x329/0x500 [ 326.885987][T11068] addrconf_addr_gen+0x36d/0x3c0 [ 326.887544][T11068] addrconf_init_auto_addrs+0x4b9/0x8f0 [ 326.889278][T11068] addrconf_notify+0x6e2/0x19e0 [ 326.890819][T11068] page last free pid 6015 tgid 6015 stack trace: [ 326.892772][T11068] __free_frozen_pages+0x7fe/0x1180 [ 326.894412][T11068] __put_partials+0x16d/0x1c0 [ 326.895888][T11068] qlist_free_all+0x4d/0x120 [ 326.897351][T11068] kasan_quarantine_reduce+0x195/0x1e0 [ 326.899043][T11068] __kasan_slab_alloc+0x69/0x90 [ 326.900584][T11068] kmem_cache_alloc_noprof+0x1cb/0x3b0 [ 326.902301][T11068] vm_area_alloc+0x1f/0x160 [ 326.903732][T11068] __mmap_region+0xf0e/0x25e0 [ 326.905215][T11068] mmap_region+0x1ab/0x3f0 [ 326.906641][T11068] do_mmap+0xa3e/0x1210 [ 326.907951][T11068] vm_mmap_pgoff+0x281/0x450 [ 326.909418][T11068] ksys_mmap_pgoff+0x32c/0x5c0 [ 326.910938][T11068] __x64_sys_mmap+0x125/0x190 [ 326.912422][T11068] do_syscall_64+0xcd/0x490 [ 326.913863][T11068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 326.915709][T11068] [ 326.916481][T11068] Memory state around the buggy address: [ 326.918246][T11068] ffff888024e93300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 326.920728][T11068] ffff888024e93380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 326.923216][T11068] >ffff888024e93400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 326.925690][T11068] ^ [ 326.927130][T11068] ffff888024e93480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 326.929542][T11068] ffff888024e93500: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 326.932042][T11068] ================================================================== [ 327.013610][T11068] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 327.016075][T11068] CPU: 1 UID: 0 PID: 11068 Comm: syz-executor Not tainted 6.15.0-syzkaller-12426-ge271ed52b344 #0 PREEMPT(full) [ 327.019694][T11068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2~bpo12+1 04/01/2014 [ 327.023006][T11068] Call Trace: [ 327.024066][T11068] [ 327.024969][T11068] dump_stack_lvl+0x3d/0x1f0 [ 327.026394][T11068] panic+0x71c/0x800 [ 327.027638][T11068] ? __pfx_panic+0x10/0x10 [ 327.029049][T11068] ? mark_held_locks+0x49/0x80 [ 327.030546][T11068] ? preempt_schedule_thunk+0x16/0x30 [ 327.032218][T11068] ? binder_add_device+0xa4/0xb0 [ 327.033780][T11068] ? preempt_schedule_common+0x44/0xc0 [ 327.035480][T11068] ? check_panic_on_warn+0x1f/0xb0 [ 327.037155][T11068] ? binder_add_device+0xa4/0xb0 [ 327.038702][T11068] check_panic_on_warn+0xab/0xb0 [ 327.040188][T11068] end_report+0x107/0x170 [ 327.041536][T11068] kasan_report+0xee/0x110 [ 327.042938][T11068] ? binder_add_device+0xa4/0xb0 [ 327.044496][T11068] binder_add_device+0xa4/0xb0 [ 327.046028][T11068] binderfs_binder_device_create.isra.0+0xa03/0xc30 [ 327.048076][T11068] binderfs_fill_super+0x8d4/0x1360 [ 327.049710][T11068] ? __pfx_binderfs_fill_super+0x10/0x10 [ 327.051488][T11068] ? shrinker_register+0x1a8/0x260 [ 327.053081][T11068] ? sget_fc+0x808/0xc20 [ 327.054344][T11068] ? apparmor_capable+0x114/0x1d0 [ 327.055906][T11068] ? __pfx_set_anon_super_fc+0x10/0x10 [ 327.057605][T11068] ? __pfx_binderfs_fill_super+0x10/0x10 [ 327.059255][T11068] get_tree_nodev+0xda/0x190 [ 327.060678][T11068] vfs_get_tree+0x8e/0x340 [ 327.062049][T11068] path_mount+0x14d4/0x1f70 [ 327.063432][T11068] ? kmem_cache_free+0x2d1/0x4d0 [ 327.064940][T11068] ? __pfx_path_mount+0x10/0x10 [ 327.066458][T11068] ? getname_flags.part.0+0x1c5/0x550 [ 327.068088][T11068] ? putname+0x154/0x1a0 [ 327.069402][T11068] __ia32_sys_mount+0x28b/0x310 [ 327.070927][T11068] ? __pfx___ia32_sys_mount+0x10/0x10 [ 327.072603][T11068] ? __pfx___ia32_sys_umount+0x10/0x10 [ 327.074321][T11068] ? rcu_is_watching+0x12/0xc0 [ 327.075817][T11068] __do_fast_syscall_32+0x7c/0x3a0 [ 327.077432][T11068] do_fast_syscall_32+0x32/0x80 [ 327.078953][T11068] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 327.080920][T11068] RIP: 0023:0xf7f27579 [ 327.082168][T11068] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 8d b4 26 00 00 00 00 8d b4 26 00 00 00 00 [ 327.088004][T11068] RSP: 002b:00000000fff4cc80 EFLAGS: 00000296 ORIG_RAX: 0000000000000015 [ 327.090534][T11068] RAX: ffffffffffffffda RBX: 00000000f7246571 RCX: 00000000f7236c67 [ 327.092950][T11068] RDX: 00000000f7246571 RSI: 0000000000000000 RDI: 0000000000000000 [ 327.095415][T11068] RBP: 00000000f7214088 R08: 0000000000000000 R09: 0000000000000000 [ 327.097844][T11068] R10: 0000000000000000 R11: 0000000000000292 R12: 0000000000000000 [ 327.100319][T11068] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 327.102809][T11068] [ 327.104443][T11068] Kernel Offset: disabled [ 327.105818][T11068] Rebooting in 86400 seconds.. VM DIAGNOSIS: 11:53:39 Registers: info registers vcpu 0 CPU#0 RAX=0000000000000000 RBX=0000000000000020 RCX=ffffffff819b0c42 RDX=ffff8880250c4880 RSI=ffffffff819b0c30 RDI=0000000000000001 RBP=0000000000000001 RSP=ffffc90021a97648 R8 =0000000000000001 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=1ffff92004352ecb R13=0000000000000200 R14=ffff88805efa4880 R15=ffffc90021a97710 RIP=ffffffff819b0c32 RFL=00000093 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097765000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000003000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000001000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=0000000080000280 CR3=000000006c301000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000052 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 1 CPU#1 RAX=0000000000000079 RBX=00000000000003f8 RCX=0000000000000000 RDX=00000000000003f8 RSI=ffffffff8557aa85 RDI=ffffffff9ae69a00 RBP=ffffffff9ae699c0 RSP=ffffc900228ff4f0 R8 =0000000000000001 R9 =000000000000001f R10=0000000000000000 R11=6534323038387257 R12=0000000000000000 R13=0000000000000079 R14=ffffffff9ae699c0 R15=ffffffff8557aa20 RIP=ffffffff8557aaaf RFL=00000002 [-------] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0063 ffff888097865000 ffffffff 00d0f300 DPL=3 DS [-WA] LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe000004a000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe0000048000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007effa8c6de9c CR3=000000006227d000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000000000ff ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 4e4f4954504f5f4e 4153410063657865 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 2 CPU#2 RAX=0000000000000000 RBX=ffff88802b2438e0 RCX=ffffffff81af6fed RDX=ffff88802620a440 RSI=ffffffff81af6fc9 RDI=0000000000000005 RBP=0000000000000001 RSP=ffffc90002e9f4d0 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000001 R11=0000000000000001 R12=dffffc0000000000 R13=0000000000000003 R14=ffffed100564871d R15=ffff88802b43d080 RIP=ffffffff81af6fcf RFL=00000293 [--S-A-C] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =002b 0000000000000000 ffffffff 00c0f300 DPL=3 DS [-WA] FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097965000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe0000091000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe000008f000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00000000f7f96e40 CR3=000000000e182000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 2e7a7973f7432ff4 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 f700585858585858 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ffffffffffffffff 0f0e0d0c0b0a0908 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 info registers vcpu 3 CPU#3 RAX=0000000000000007 RBX=ffff888044ac7558 RCX=ffffffff82371616 RDX=0000000000000000 RSI=ffffffff823bbdb0 RDI=ffff888044ac7564 RBP=ffffc900034979c0 RSP=ffffc90003497988 R8 =0000000000000005 R9 =0000000000000000 R10=0000000000000000 R11=0000000000000001 R12=0000000000000000 R13=ffffc90003497c98 R14=ffff88801c374720 R15=ffffc90003497c90 RIP=ffffffff823bbe01 RFL=00000246 [---Z-P-] CPL=0 II=0 A20=1 SMM=0 HLT=0 ES =0000 0000000000000000 ffffffff 00c00000 CS =0010 0000000000000000 ffffffff 00a09b00 DPL=0 CS64 [-RA] SS =0018 0000000000000000 ffffffff 00c09300 DPL=0 DS [-WA] DS =0000 0000000000000000 ffffffff 00c00000 FS =0000 0000000000000000 ffffffff 00c00000 GS =0000 ffff888097a65000 ffffffff 00c00000 LDT=0000 0000000000000000 ffffffff 00c00000 TR =0040 fffffe00000d8000 00000067 00008b00 DPL=0 TSS64-busy GDT= fffffe00000d6000 0000007f IDT= fffffe0000000000 0000ffff CR0=80050033 CR2=00007fc9e3f0f4ac CR3=0000000068f61000 CR4=00352ef0 DR0=0000000000000000 DR1=0000000000000000 DR2=0000000000000000 DR3=0000000000000000 DR6=00000000fffe0ff0 DR7=0000000000000400 EFER=0000000000000d01 FCW=037f FSW=0000 [ST=0] FTW=00 MXCSR=00001f80 FPR0=0000000000000000 0000 FPR1=0000000000000000 0000 FPR2=0000000000000000 0000 FPR3=0000000000000000 0000 FPR4=0000000000000000 0000 FPR5=0000000000000000 0000 FPR6=0000000000000000 0000 FPR7=0000000000000000 0000 Opmask00=0000000000000000 Opmask01=0000000000000000 Opmask02=0000000000000000 Opmask03=0000000000000000 Opmask04=0000000000000000 Opmask05=0000000000000000 Opmask06=0000000000000000 Opmask07=0000000000000000 ZMM00=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM01=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM02=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM03=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM04=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 00000000ff000000 0000000000000000 ZMM05=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000001da0 0000000000033260 ZMM06=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM07=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM08=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM09=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM10=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM11=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM12=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM13=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM14=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM15=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM16=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM17=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM18=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM19=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM20=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM21=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM22=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM23=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM24=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM25=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM26=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM27=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM28=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM29=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM30=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 ZMM31=0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000 0000000000000000