last executing test programs: 4.894582308s ago: executing program 4 (id=567): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_DELFLOWTABLE={0x2c, 0x16, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz0\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10}}, 0x54}}, 0x0) 4.792155592s ago: executing program 4 (id=568): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r1, &(0x7f0000000380)={0xa, 0x14e24}, 0x1c) connect$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e24, 0x100, @private0}, 0x1c) sendmmsg(r1, &(0x7f0000002cc0)=[{{0x0, 0x0, &(0x7f0000000400)=[{&(0x7f00000004c0)="f5", 0x1}], 0x1}}], 0x1, 0x0) splice(r1, 0x0, r0, 0x0, 0x1000, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000001000010000000000000000000013cd00000a2c000000160a01010000000000000000010000000900020073797a30000000000900010073797a3000000000140000001000010000000000000000000000000a"], 0x54}}, 0x0) 4.52647425s ago: executing program 1 (id=569): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) syz_usb_connect(0x0, 0x86, &(0x7f0000001140)={{0x12, 0x1, 0x110, 0x7d, 0x43, 0x65, 0x8, 0x79b, 0x27, 0x699c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x74, 0x2, 0xa2, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0xa2, 0x2, 0x3, 0x4, 0x17, 0x4c, 0x5b, [@uac_control={{0xa, 0x24, 0x1, 0xa, 0x6}, [@extension_unit={0xc, 0x24, 0x8, 0x5, 0x6, 0x7, "0d0a329ce2"}]}], [{{0x9, 0x5, 0x86, 0x10, 0x400, 0xf4, 0x8, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x2f, 0x8}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x81, 0x3, 0xff}}, {{0x9, 0x5, 0x9, 0x1b, 0x8, 0xc, 0x7, 0x80}}]}}, {{0x9, 0x4, 0x4, 0x1, 0x3, 0x6, 0x12, 0xe7, 0x3, [], [{{0x9, 0x5, 0x9, 0x0, 0x0, 0x3, 0x0, 0x4}}, {{0x9, 0x5, 0x2, 0x2, 0x200, 0xf7, 0x81, 0x6}}, {{0x9, 0x5, 0x3, 0x3, 0x3ff, 0x8, 0x40, 0x4, [@generic={0x7, 0x5, "a6c6415a9f"}]}}]}}]}}]}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000c40), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000840)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f0000000880), 0x12) syz_emit_ethernet(0x3e, &(0x7f0000000500)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x7, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@noop, @timestamp_prespec={0x44, 0x4}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000010bd283509000000000001090224000100000000090400000103000000092100000001220700090581030000000000"], 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r0}, 0x8) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="8a7226ea3c00"/25, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) dup(r0) syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x2200) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r7, @ANYRES64=0x0, @ANYRESHEX=r7], 0x20) 4.339873107s ago: executing program 0 (id=571): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x210, 0x65, 0x0, 0x0, 0x0, {}, [@filter_kind_options=@f_matchall={{0xd}, {0xd8, 0x2, [@TCA_MATCHALL_CLASSID={0x8, 0x1, {0x10, 0xfff3}}, @TCA_MATCHALL_ACT={0x4}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x4}, @TCA_MATCHALL_ACT={0x4}, @TCA_MATCHALL_ACT={0xb4, 0x2, [@m_gact={0xb0, 0x20, 0x0, 0x0, {{0x9}, {0x34, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x5, 0xc, 0x1, 0x7, 0x9}}, @TCA_GACT_PARMS={0x18, 0x2, {0x80000001, 0x1, 0x4, 0x6, 0x45}}]}, {0x51, 0x6, "d871ed204c11deb87cc8b7ffd3b5f90068e394f8191e0343857e38e56ce94992f86e8952f47b912714395ffd6104f1ec474f1e2b74ee9b18fa213d70c5b4be00e14b813e3c92699d461e852a78"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0xb1c53254cd377db2, 0x3}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x6}]}}, @TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @filter_kind_options=@f_route={{0xa}, {0xe8, 0x2, [@TCA_ROUTE4_FROM={0x8}, @TCA_ROUTE4_ACT={0x4}, @TCA_ROUTE4_ACT={0xd8, 0x6, [@m_nat={0xa4, 0x2, 0x0, 0x0, {{0x8}, {0x4}, {0x7a, 0x6, "a65ca894c806c791ad43a04f8721eceb7247b1aa8a19a994fd7407d39f4dac144f5a782ff2d62928a43ec46ab5d6f7ba21da2d05422326a6a7f083beceff1bb477787241e6ecdf94fcc737724cf9c16577128ff8d38cbfd0d8737d1e39ab456a03052da5cd4a60a047df411282a2278de3c1fc7fbbec"}, {0xc}, {0xc, 0x8, {0x4, 0x3}}}}, @m_csum={0x30, 0x0, 0x0, 0x0, {{0x9}, {0x4}, {0x4}, {0xc}, {0xc}}}]}]}}]}, 0x210}}, 0x4000001) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x334}, {&(0x7f00000007c0)=""/154, 0x2c}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x3b9aca00, &(0x7f0000003700)={0x77359400}) 4.210138411s ago: executing program 0 (id=573): syz_usb_connect(0x0, 0x86, &(0x7f0000001140)={{0x12, 0x1, 0x110, 0x7d, 0x43, 0x65, 0x8, 0x79b, 0x27, 0x699c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x74, 0x2, 0xa2, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0xa2, 0x2, 0x3, 0x4, 0x17, 0x4c, 0x5b, [@uac_control={{0xa, 0x24, 0x1, 0xa, 0x6}, [@extension_unit={0xc, 0x24, 0x8, 0x5, 0x6, 0x7, "0d0a329ce2"}]}], [{{0x9, 0x5, 0x86, 0x10, 0x400, 0xf4, 0x8, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x2f, 0x8}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x81, 0x3, 0xff}}, {{0x9, 0x5, 0x9, 0x1b, 0x8, 0xc, 0x7, 0x80}}]}}, {{0x9, 0x4, 0x4, 0x1, 0x3, 0x6, 0x12, 0xe7, 0x3, [], [{{0x9, 0x5, 0x9, 0x0, 0x0, 0x3, 0x0, 0x4}}, {{0x9, 0x5, 0x2, 0x2, 0x200, 0xf7, 0x81, 0x6}}, {{0x9, 0x5, 0x3, 0x3, 0x3ff, 0x8, 0x40, 0x4, [@generic={0x7, 0x5, "a6c6415a9f"}]}}]}}]}}]}}, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$packet(0x11, 0x3, 0x300) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r0, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r1, &(0x7f0000000840)='tasks\x00', 0x2, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000010bd283509000000000001090224000100000000090400000103000000092100000001220700090581030000000000"], 0x0) dup(0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x2200) socket$nl_netfilter(0x10, 0x3, 0xc) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r2, @ANYRES64=0x0, @ANYRESHEX=r2], 0x20) 4.148160513s ago: executing program 3 (id=574): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f0000000080)=0x400000001, 0x4) r0 = socket$inet6(0xa, 0x805, 0x0) getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000000080)=""/4076, 0x0) 3.998177948s ago: executing program 3 (id=575): socket(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="043d0eaaaaaaaaaa10bc205c7f30b257b9b56077dac5989b6963cb480ea7646257012a612c62a8a28b2c0e523427815b13ac93285f3cb016c18f150d2f0a89713e22745d7c30db48e9a979b684fdb54c5a5a1ff99485badc283586ed68c90b12e61f56b8fca5bea17ef38a60aa7b0efbf449c5f171c189c3f7c05aac28a8d0e4f3df3f7550692630902fb0bcb349276cdb2b08812cf979db4c3fbcfd5cd2d6e4342ab12bb32c869ebb4d35648bfc1b167e"], 0x11) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="05c8900a0006000500012002000400"], 0xf) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x45, &(0x7f0000000000)='cgroup\x00'}, 0x21) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000680)=ANY=[@ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="020000000200000000000000", @ANYRES32, @ANYBLOB="f82a450ff69cc3b94796ef1eee3d262595a4f5d01d3cbb5d599727eaac38c66d34c471dfe734019637963e9fd7481f495bdb0b16e5484ffc1cd15cd6e82f781b09a7af3b4c9ecbce16a3f823c54822f4ab614901f6da2e290d3a5b2259c23812222447dc02cb45f2ef3e08cb72ef2710cc24d2b043286e1d3c76382f12a53142c6bf09170352829ef28a90ed93c726490ba7f6a57109c2f95def0a0234713ec48d2ea7aa556065f8a184a5fce9d9fb02e2b5b90a113c6ffc5b6ce0", @ANYRES64=0x0], 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYRES64=r3], &(0x7f0000000100)='GPL\x00', 0xfff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000780)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYBLOB="020000000000000000400000", @ANYRES32, @ANYBLOB="29718d0cc259729312d54be042fe531134c1e2815ac9a390d9bc13e6091c34864b20c3ee5b1ca9a8c6a4b2915e29055438980fc52d28653db6f0e0ae6cddb1f7e237e7e58f8d6ab4087b7672a5ec40afcfca59a852b720d508558bc9f96a185c5cb33947e705f2bd69f3479612b51013f8b1420f72a7c487b054c2e0923dbc257f0cfe18d1651e2ec9fd09f3fb2e629dab47499d3446c986bf07e7745f9df308200211b8b7cde990b6415767106724eae75174a2832dbd45a97017ad9856ecf497c774db3c7ff2a6941c8018234287e66a617d181feeaaa7090ce72ca150a3a0f42725718bf5db", @ANYRES64=0x0], 0x10) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f00000000c0)) add_key$user(0x0, 0x0, &(0x7f0000000200)="4319e2aabc1e4a13e696a7f0d7557242d86bf77f9c16bad3035548f5cdb5bc12d17a90b4063934ce295fa65c2323953d5e52a3ff4c543f094d35b793ab9f722d816203247e4fb54ca97d0053f1606f9fe21d35d3b25e2c3a713579039c1ea1f53aaeabd7b902297b5fd3dccd0b11db742f0e5a832b3adef3a6eae7952cbf3874ef323373b5d03e736994b6eef1e78e566d8c26a21a5e0896bc5b515603985946e75f93f7bd54adfdb387b992d26814248b", 0xb1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000049c000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r7, 0x4008ae93, &(0x7f0000000640)=0x1) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x4, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xe8e, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}) ioctl$KVM_RUN(r7, 0xae80, 0x0) 3.560919559s ago: executing program 3 (id=578): r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000000)) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='net_prio.prioidx\x00', 0x275a, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90324fc602f00001550000100053582c137153e370248018088471700d1bd", 0x33fe0}], 0x1}, 0x0) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_SREGS(r6, 0x4138ae84, &(0x7f0000000100)={{0x0, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x10}, {0x0, 0x5000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7}, {0x2000, 0x5000, 0x0, 0x0, 0x7, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfc}, {0x3000, 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10}, {0x0, 0x0, 0xd, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x3c}, {0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0xd, 0xfe}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x5, 0xfe}, {0x1000}, {}, 0xddf8ffdb, 0x0, 0x0, 0x140030, 0x0, 0x0, 0x0, [0x0, 0x0, 0x1]}) write$binfmt_script(r3, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000000, 0x810, r3, 0x0) preadv(r3, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r7, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000000c0)={{0x14}, [@NFT_MSG_NEWRULE={0x68, 0x6, 0xa, 0x401, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x3c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @dynset={{0xb}, @val={0x28, 0x2, 0x0, 0x1, [@NFTA_DYNSET_SET_NAME={0x9, 0x1, 'syz0\x00'}, @NFTA_DYNSET_SREG_KEY={0x8}, @NFTA_DYNSET_FLAGS={0x8}, @NFTA_DYNSET_OP={0x8}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x90}}, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x6) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r8, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x64, 0x0, 0x0) sendmsg$NL80211_CMD_SET_REKEY_OFFLOAD(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x80}, 0x0) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(0xffffffffffffffff, 0x4008941a, &(0x7f0000000100)) ioctl$KVM_RUN(r8, 0xae80, 0x0) socket$inet_udp(0x2, 0x2, 0x0) 3.374491795s ago: executing program 2 (id=579): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99bfa00180133070000000f0000bd30", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001ec0)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f00000002c0)=""/30, 0x1e}], 0x1}}], 0x1, 0x0, 0x0) 2.441408966s ago: executing program 2 (id=580): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99bfa00180133070000000f0000bd30", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, &(0x7f0000000000), 0x0, 0x0) recvmmsg(r1, &(0x7f0000001ec0)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f00000002c0)=""/30, 0x1e}], 0x1}}], 0x1, 0x0, 0x0) 2.151189876s ago: executing program 0 (id=581): madvise(&(0x7f000036c000/0x1000)=nil, 0x1000, 0x16) r0 = syz_open_procfs$pagemap(0x0, &(0x7f0000000040)) ioctl$PAGEMAP_SCAN(r0, 0xc0606610, &(0x7f00000004c0)={0x60, 0x0, &(0x7f0000165000/0x4000)=nil, &(0x7f0000ffb000/0x4000)=nil, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x20, 0x4}) 1.990452035s ago: executing program 0 (id=582): unshare(0x400) r0 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x8, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x0, 0x0, 0x0, 0x0, 0x61, 0x11, 0x5c}, [@ldst={0x6}], {0x95, 0x0, 0x74}}, &(0x7f0000000000)='syzkaller\x00', 0x2, 0xc3, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) socket$nl_route(0x10, 0x3, 0x0) socket$igmp6(0xa, 0x3, 0x2) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x62181) r2 = mq_open(&(0x7f0000000100)='x-{[]-:!!\x00', 0x800, 0x22, &(0x7f0000000380)={0x3, 0x8, 0x3, 0x1}) sync_file_range(r2, 0x4, 0x4, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000380), 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) sendmmsg$inet6(r3, &(0x7f0000000440)=[{{&(0x7f0000000000)={0xa, 0x4e23, 0x0, @ipv4={'\x00', '\xff\xff', @remote={0x64}}}, 0x1c, 0x0, 0x0, &(0x7f0000000180)=[@pktinfo={{0x24, 0x29, 0x32, {@ipv4={'\x00', '\xff\xff', @local}}}}, @dstopts={{0x18, 0x29, 0x32}}], 0x40}}], 0x1, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(r1, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) write$sndseq(r1, 0x0, 0x0) r4 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r4, 0x1, r1, &(0x7f0000000180)) syz_emit_ethernet(0xdf, &(0x7f0000000280)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0xa9, 0x3a, 0xff, @dev, @local, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @rand_addr=' \x01\x00', @private1, [{0x4, 0x10, "9595f429ae08a565c9a41d413a70a44d2e6f790a3872d50bb14d25344dc5b3a281f175f5ee04aab21301b94d966c72c15a143c69205625466855101cf44d89d9f6ee47d77c0d4e53e34b67c542fc6f6f6c60139c43b78286f5bb8f4f11d164af24e2633a45bf4ed944b0ef6a7b7167f73cf54e78686ac09402659c29eb0ce3"}]}}}}}}, 0x0) epoll_pwait(r4, &(0x7f0000001280)=[{}], 0x1, 0xffffffff, 0x0, 0x0) write$sndseq(r1, &(0x7f0000000000)=[{0x84, 0x77, 0x0, 0x0, @tick, {}, {}, @raw32}], 0xffc8) socket(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=ANY=[], 0x44}}, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) unshare(0x24040400) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_mreq(r5, 0x0, 0x23, &(0x7f00000000c0)={@multicast1=0xe0000300, @dev={0xac, 0x14, 0x14, 0x23}}, 0x8) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000080)={r0, 0xe800, 0x0}, 0x10) 1.989976785s ago: executing program 1 (id=583): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc}) ioctl$IOMMU_IOAS_ALLOC(r2, 0x3b81, &(0x7f0000000080)={0xc}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN_FLAGS(r2, 0x3ba0, &(0x7f00000002c0)={0x48, 0x2, r1}) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000100)={0xc}) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000140)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r2, 0x3ba0, &(0x7f00000001c0)={0x48, 0x3, r3}) r4 = socket$netlink(0x10, 0x3, 0x8000000004) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r5) r6 = socket$inet(0x2, 0x2000000080002, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r6, 0x0, 0x80, &(0x7f0000000040)=@broute={'broute\x00', 0x20, 0x2, 0x1d8, [0x0, 0x0, 0x0, 0x0, 0x0, 0x200005c0], 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000feffffff010000001100000000000000000076657468315f746f5f6d65616d0000007369743020000000000004000000000062adc42d925553c1df0000000000000076657468305f746f5f627269646365000180c2000000000000000000aaaaaaaaaa0000000000000000007000000070000000a80000006d61726b0000000000000000000000000000000000000003000000000000000010000000000000000000000000000000feff01ff0000000000000000000000000000000000000000000000000000000000000000000000000000000001000000feffffff01000000110000000000000000007465716c30000000000000000000000073797a5f74757e0000000000000000006976366772653000e8ffffff080000007663616e30000000d53fa73b00000000ffffffffffff000000000000aaaaaace98aa008d857c510000007000000070000000a0000000415544495400000000000000000000000000ff000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000001900000000000002000000ffffffff00000000"]}, 0x250) fcntl$getownex(r4, 0x10, &(0x7f0000000180)={0x0, 0x0}) tkill(r7, 0x36) r8 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r5, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) r9 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x1b, 0x7c5, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xd, &(0x7f0000000400)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r9, @ANYRESHEX], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$KDFONTOP_GET(0xffffffffffffffff, 0x4b72, &(0x7f0000000380)={0x1, 0x1, 0x7, 0xf, 0x14f, &(0x7f00000007c0)}) listen(r8, 0x0) r10 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=0x0) bind$unix(0xffffffffffffffff, &(0x7f0000000300)=@file={0x0, './file0\x00'}, 0x6e) r12 = syz_io_uring_setup(0xa94, &(0x7f0000000280), &(0x7f0000000040)=0x0, &(0x7f00000005c0)) r14 = io_uring_register$IORING_REGISTER_PERSONALITY(r12, 0x9, 0x0, 0x0) syz_io_uring_submit(r13, r11, &(0x7f00000001c0)=@IORING_OP_READ=@use_registered_buffer={0x16, 0x29, 0x2004, @fd_index=0x5, 0x1, 0x0, 0x0, 0x8, 0x0, {0x2, r14}}) io_uring_enter(r10, 0xb15, 0x0, 0x0, 0x0, 0x0) writev(r4, &(0x7f0000000280)=[{&(0x7f0000000040)="580000001400192340834b80040d8c560a067fbc45ff81054e220000000058000b480400945f64009400050038925a01000000000000008004000000ffe809000000fff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) openat$dlm_control(0xffffffffffffff9c, &(0x7f00000000c0), 0x161001, 0x0) 1.98600987s ago: executing program 3 (id=584): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030086dd601b8b97004d88c19edace00000000000000002100000002ff02000000000000000000000000000104004e20004d13"], 0x0) recvmmsg(r0, &(0x7f00000007c0)=[{{0x0, 0x0, &(0x7f0000000680)=[{0x0}, {&(0x7f0000000280)=""/70, 0x46}], 0x2, &(0x7f0000000740)=""/104, 0x68}, 0x8}], 0x1, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) 1.757891869s ago: executing program 1 (id=585): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f0000000080)=0x400000001, 0x4) r0 = socket$inet6(0xa, 0x805, 0x0) getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000000080)=""/4076, 0x0) 1.654241434s ago: executing program 4 (id=586): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xc8}}, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [], {{0x4, 0x1, 0x3, 0x8, 0x9, 0x8004}, {0x4, 0x0, 0x5, 0x8}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)={@map=r0, r1, 0x36, 0x8, 0x0, @void, @value}, 0x20) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x3c, 0x7, 0x6, 0x0, 0x0, 0x0, {0x5, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x48051) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r3, &(0x7f0000847fff)='X', 0x1, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @private2}, 0x1c) connect$inet6(r3, &(0x7f0000000340)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r3, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r3, 0x84, 0x18, &(0x7f0000000400)={0x0, 0x7cd3}, 0x8) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) ppoll(&(0x7f0000000000)=[{0xffffffffffffffff, 0x280}, {0xffffffffffffffff, 0x44a1}], 0x2f, &(0x7f0000000080), &(0x7f00000000c0)={[0x3]}, 0x8) sendmsg$NFQNL_MSG_VERDICT(r2, &(0x7f0000000540)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000500)={&(0x7f0000000240)={0x294, 0x1, 0x3, 0x5, 0x0, 0x0, {0x0, 0x0, 0x7}, [@NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x6}, @NFQA_PAYLOAD={0xa3, 0xa, "317fc62f83986dd4ded99b2a0aa8f1f6a46e692ea8fdfa7005b94ec749ad7868a52aa458f490f098a66d73743302ce076aa8686db00aaed5ac190f2d3e81259dff1b356458bdc3058e0e58b26a6078e224954adcbc2cd817419a55bbf30d46b74e07bfaba4212162434bddc2d82d95db2e899e20cba0f6f4f6c2e925bdba0ef3dcbf3d88743702f3af0254c83c26dc0ead8153cb9a5bde560adfe47521271e"}, @NFQA_CT={0x38, 0xb, 0x0, 0x1, [@CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x1}, @CTA_LABELS_MASK={0x24, 0x17, [0xdc8f, 0x3, 0x8, 0x80000000, 0x2, 0xfc21, 0x9, 0x0]}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x2}]}, @NFQA_CT={0x180, 0xb, 0x0, 0x1, [@CTA_SEQ_ADJ_REPLY={0x1c, 0x10, 0x0, 0x1, [@CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0x4800}, @CTA_SEQADJ_OFFSET_AFTER={0x8, 0x3, 0x1, 0x0, 0x6}, @CTA_SEQADJ_CORRECTION_POS={0x8, 0x1, 0x1, 0x0, 0xb09}]}, @CTA_TUPLE_ORIG={0x2c, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x88}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @empty}}}]}, @CTA_TUPLE_ORIG={0xd8, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @broadcast}, {0x8, 0x2, @broadcast}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x21}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @remote}, {0x14, 0x4, @private2}}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x1}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x3a}}, @CTA_TUPLE_ZONE={0x6, 0x3, 0x1, 0x0, 0x2}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast1}, {0x14, 0x4, @private2={0xfc, 0x2, '\x00', 0x1}}}}, @CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @private2}, {0x14, 0x4, @empty}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @CTA_TUPLE_REPLY={0x5c, 0x2, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_IP={0x14, 0x1, 0x0, 0x1, @ipv4={{0x8, 0x1, @private=0xa010102}, {0x8, 0x2, @remote}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x84}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x11}}, @CTA_TUPLE_ZONE={0x6}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}]}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0xfffffffe}, @NFQA_VERDICT_HDR={0xc, 0x2, {0xfffffffffffffffe}}, @NFQA_MARK={0x8, 0x3, 0x1, 0x0, 0x2}]}, 0x294}, 0x1, 0x0, 0x0, 0x40850}, 0x4000800) 1.638364162s ago: executing program 1 (id=587): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@my=0x1}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000001c0)={{@host}, @host, 0x0, 0x0, 0x2449}) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f0000000040)={{@my=0x1}, @any, 0x0, 0x0, 0x9}) r1 = openat$dlm_monitor(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000, 0x0) ioctl$AUTOFS_IOC_ASKUMOUNT(r1, 0x80049370, &(0x7f0000000240)) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) r2 = syz_io_uring_setup(0x24f9, &(0x7f0000000180)={0x0, 0x0, 0x10100}, &(0x7f0000000100)=0x0, &(0x7f0000000200)=0x0) r5 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r5, &(0x7f0000000040)=ANY=[@ANYBLOB='1q'], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r5, 0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000000)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r2, 0x2d3e, 0x0, 0x0, 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r6, 0xae03, 0x33) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, &(0x7f00000002c0)={{@my=0x1}, @my=0x1, 0x1, 0xffffffffffffffff, 0x7, 0x0, 0x40000000000000}) 1.530845156s ago: executing program 1 (id=588): socket(0xa, 0x1, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f00000001c0)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_emit_vhci(&(0x7f00000002c0)=ANY=[@ANYBLOB="043d0eaaaaaaaaaa10bc205c7f30b257b9b56077dac5989b6963cb480ea7646257012a612c62a8a28b2c0e523427815b13ac93285f3cb016c18f150d2f0a89713e22745d7c30db48e9a979b684fdb54c5a5a1ff99485badc283586ed68c90b12e61f56b8fca5bea17ef38a60aa7b0efbf449c5f171c189c3f7c05aac28a8d0e4f3df3f7550692630902fb0bcb349276cdb2b08812cf979db4c3fbcfd5cd2d6e4342ab12bb32c869ebb4d35648bfc1b167e"], 0x11) syz_emit_vhci(&(0x7f0000000040)=ANY=[@ANYBLOB="05c8900a0006000500012002000400"], 0xf) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x45, &(0x7f0000000000)='cgroup\x00'}, 0x21) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f00000005c0)='./cgroup.net/syz1\x00', 0x200002, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1e, 0x4, &(0x7f00000008c0)=ANY=[@ANYBLOB="180000000000000000000000000000006112000000000000950000000000000051fa7824c74186dc02ec0696c37b64e3b24da3180100000005165c0f63cdc2e82818254950ee03568b8809a1ff4c7c4750eabfafcb9531b31e6a86827d1010c5a909ab98e00e19644a88e95ba26d1c9eecddb2d11c541418ceeb29b9b6829c6e433822bdb3cc85244aab60c1aae1314d7381fcfeb970bea672cf1e926f6a51479343144648a07a975bd89dc398712376610f6254f12495b4658319684387f6f3543205d4bc4ce05b8b961103673dff7f158052e62b20f05fd24108d8363d44fcd0f8f3647899762a17282a1914452d11f557c28f396eebdc858558db0276d14f9035f2b5f703e5be7e4acf8b78c2834ae5805fffee38a9a0033d520bcf6b08ede50899d4b9bdf85c71c5de2503dab358f42a2624c7daa9ed44039aab46419496362e54cfad05a0004ac71a003d7b85d07191bed4e5a890826300214146f7ed569985439baa355c2766dd056f5d79e454f3d873095e7a237bc06d035a8d601f21746d886419f38b34a495040000000071c2f0cce8c93cc17e9afa314fcb2ba15d646c66b0f65021829f87d988b4e2d71753b1549fa734f0b2e56dbd21ed2e09d0cddad721971637f384eed3034597c93e1c52f42cad0ed09c395dc6e9703660fefa1c80f467367c006f25caf0cbcefd13d68839893e39c588eb032905f91cafa4996dbf0c9be9654db05fb918086cc8228d02a3092c0830b8f587a5624515298b2d4eb2bde6f9a2eb83d53f717f13fa7552d92c51dbd32ea50c490ecd085d2811a7555c538cffffff7f00000000dd872244bfa64779e0f43a9c277e2910b7ccdc3d6726d34ad2101033a623ca2a49ad344884289130bc71cee2b7de62bf48129ae1af052a2d46a61625735a9eea7f793946b3229e861d8ea49806b3f7d4295f6b000000000000f337b1ceb2d8a65dcdcd895d7ba37098d2593fdaaef445af5bee02019c00000099b13ecda2a5b37de0519e974cba92ebaf0f701611a9b027ce04340bda4594cc9049c3f101629ab028145e004209ebe71a6fe84af50804000000000000004a27213354964e250a98fe357676f94b6947383e320fbb1118f586d5b9b1b977e1e1a4490ff67703a9b5900f8a6f8a805879dd91ec5ff435b219c53680c0ae04dcc4ef69b98fcb0d6b6a03a8b71a66b4e2876dc4b610444bf10000000000b046b6ae5d68156bcbd6d8793ade9a22ac8fc7857e5bbc14adc4e12b08f350c6789283b9990c72e64372a1f79769a8bdc632fc1a0b3417855d8b7d25ca4d404c23631ad3d2f55dcd385371c86170a4bca58c2b2b4eabc365f45bd10bb45b0c5bc354456a52be18d9b44014d20a3c51c8f013dade83562e73278662829e4f5a9ac00fd91178468c737f0872d97d38d11a176be5a0d7294c51eb161eddcfefa8837c7430721851ec2a107af0df6d43e732bbc01e76c66895eb85d36798d61622773591ee21ad9f6a1b73fa9cf3ffeb8a00b63af800a81d0fb8aa29df8b8ad6fbafefb5802a23cbdeeabceda5bfc5ff2fa5c1d61d04a1324794c6ed000696d9f04010c35474e690545c3d9bd836d4cef2585ba616e01c3d000000000000000000470ebc6f3453ecbf3047e4547d7632d3ad21798e730cb5d1da059b5bdb8107815dff995c0788906790406dfb4f8ee9f24ff94233e2e6e581e6e5de33a5f254c9a8b612547473c3001df3928dac9203b744619082421a8da7c00000000000000000000000000000018a73ef40cca690fb7595c6962984f8276677be6f66cbdbccf1896433808c9c84d74ac4a7c186a04a2250972f7acb156b21f9826b6acb7db32c4e3b3ec8b59fd972975edb1da872d81a35e4fda2f5cbde6b40bea20418c6e9dad30b791eea58f53e80fee4dd7fe08373ea2784fcd3a65261de71eb866458d2c22a"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sk_lookup, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000680)=ANY=[@ANYRES32=r3, @ANYRES32=r4, @ANYBLOB="020000000200000000000000", @ANYRES32, @ANYBLOB="f82a450ff69cc3b94796ef1eee3d262595a4f5d01d3cbb5d599727eaac38c66d34c471dfe734019637963e9fd7481f495bdb0b16e5484ffc1cd15cd6e82f781b09a7af3b4c9ecbce16a3f823c54822f4ab614901f6da2e290d3a5b2259c23812222447dc02cb45f2ef3e08cb72ef2710cc24d2b043286e1d3c76382f12a53142c6bf09170352829ef28a90ed93c726490ba7f6a57109c2f95def0a0234713ec48d2ea7aa556065f8a184a5fce9d9fb02e2b5b90a113c6ffc5b6ce0", @ANYRES64=0x0], 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x9, 0x4, &(0x7f0000000280)=ANY=[@ANYRES64=r3], &(0x7f0000000100)='GPL\x00', 0xfff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sock, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000780)=ANY=[@ANYRES32=r6, @ANYRES32=r5, @ANYBLOB="020000000000000000400000", @ANYRES32, @ANYBLOB="29718d0cc259729312d54be042fe531134c1e2815ac9a390d9bc13e6091c34864b20c3ee5b1ca9a8c6a4b2915e29055438980fc52d28653db6f0e0ae6cddb1f7e237e7e58f8d6ab4087b7672a5ec40afcfca59a852b720d508558bc9f96a185c5cb33947e705f2bd69f3479612b51013f8b1420f72a7c487b054c2e0923dbc257f0cfe18d1651e2ec9fd09f3fb2e629dab47499d3446c986bf07e7745f9df308200211b8b7cde990b6415767106724eae75174a2832dbd45a97017ad9856ecf497c774db3c7ff2a6941c8018234287e66a617d181feeaaa7090ce72ca150a3a0f42725718bf5db", @ANYRES64=0x0], 0x10) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4138ae84, &(0x7f00000000c0)) add_key$user(0x0, 0x0, &(0x7f0000000200)="4319e2aabc1e4a13e696a7f0d7557242d86bf77f9c16bad3035548f5cdb5bc12d17a90b4063934ce295fa65c2323953d5e52a3ff4c543f094d35b793ab9f722d816203247e4fb54ca97d0053f1606f9fe21d35d3b25e2c3a713579039c1ea1f53aaeabd7b902297b5fd3dccd0b11db742f0e5a832b3adef3a6eae7952cbf3874ef323373b5d03e736994b6eef1e78e566d8c26a21a5e0896bc5b515603985946e75f93f7bd54adfdb387b992d26814248b", 0xb1, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x39, '\x00', 0x0, @fallback=0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) r7 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000001200)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4266ef66ba420066b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f000049c000/0x18000)=nil, &(0x7f0000000400)=[@text16={0x10, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_VAPIC_ADDR(r7, 0x4008ae93, &(0x7f0000000640)=0x1) ioctl$KVM_SET_VCPU_EVENTS(r7, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x4, 0xff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0xe8e, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x8}) ioctl$KVM_RUN(r7, 0xae80, 0x0) 1.45050077s ago: executing program 2 (id=589): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000480)={0x84, r1, 0x5, 0x0, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@beacon=[@NL80211_ATTR_BEACON_HEAD={0x55, 0xe, {{{}, {}, @device_a, @device_b}, 0x0, @random=0x9, 0x0, @void, @void, @void, @val={0x4, 0x6}, @val={0x6, 0x2}, @void, @val={0x25, 0x3}, @void, @void, @val={0x2d, 0x1a}, @void, @void, @void}}], @NL80211_ATTR_BEACON_INTERVAL={0x8}, @NL80211_ATTR_P2P_CTWINDOW={0x5, 0xa2, 0x6}]}, 0x84}, 0x1, 0x300000000000000}, 0x0) 1.365843755s ago: executing program 2 (id=590): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(aes)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000300)="c99bfa00180133070000000f0000bd30", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg$alg(r1, 0x0, 0x0, 0x0) recvmmsg(r1, &(0x7f0000001ec0)=[{{0x0, 0x0, &(0x7f0000001680)=[{&(0x7f00000002c0)=""/30, 0x1e}], 0x1}}], 0x1, 0x0, 0x0) 1.33318332s ago: executing program 1 (id=591): syz_usb_connect(0x0, 0x86, &(0x7f0000001140)={{0x12, 0x1, 0x110, 0x7d, 0x43, 0x65, 0x8, 0x79b, 0x27, 0x699c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x74, 0x2, 0xa2, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0xa2, 0x2, 0x3, 0x4, 0x17, 0x4c, 0x5b, [@uac_control={{0xa, 0x24, 0x1, 0xa, 0x6}, [@extension_unit={0xc, 0x24, 0x8, 0x5, 0x6, 0x7, "0d0a329ce2"}]}], [{{0x9, 0x5, 0x86, 0x10, 0x400, 0xf4, 0x8, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x2f, 0x8}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x81, 0x3, 0xff}}, {{0x9, 0x5, 0x9, 0x1b, 0x8, 0xc, 0x7, 0x80}}]}}, {{0x9, 0x4, 0x4, 0x1, 0x3, 0x6, 0x12, 0xe7, 0x3, [], [{{0x9, 0x5, 0x9, 0x0, 0x0, 0x3, 0x0, 0x4}}, {{0x9, 0x5, 0x2, 0x2, 0x200, 0xf7, 0x81, 0x6}}, {{0x9, 0x5, 0x3, 0x3, 0x3ff, 0x8, 0x40, 0x4, [@generic={0x7, 0x5, "a6c6415a9f"}]}}]}}]}}]}}, 0x0) openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$packet(0x11, 0x3, 0x300) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r0, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_procs(r1, &(0x7f0000000840)='tasks\x00', 0x2, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000010bd283509000000000001090224000100000000090400000103000000092100000001220700090581030000000000"], 0x0) dup(0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x2200) socket$nl_netfilter(0x10, 0x3, 0xc) openat$audio(0xffffffffffffff9c, &(0x7f00000000c0), 0x88602, 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r2, @ANYRES64=0x0, @ANYRESHEX=r2], 0x20) 1.054178006s ago: executing program 0 (id=592): r0 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80082) unshare(0x20000400) unshare(0x0) write$binfmt_elf32(r0, &(0x7f0000000280)={{0x7f, 0x45, 0x4c, 0x46, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x38}, [{}]}, 0x58) pselect6(0x29, &(0x7f0000000040)={0x8}, 0x0, 0x0, 0x0, 0x0) 1.003585887s ago: executing program 0 (id=593): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) syz_usb_connect(0x0, 0x86, &(0x7f0000001140)={{0x12, 0x1, 0x110, 0x7d, 0x43, 0x65, 0x8, 0x79b, 0x27, 0x699c, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x74, 0x2, 0xa2, 0x0, 0x20, 0x0, [{{0x9, 0x4, 0xa2, 0x2, 0x3, 0x4, 0x17, 0x4c, 0x5b, [@uac_control={{0xa, 0x24, 0x1, 0xa, 0x6}, [@extension_unit={0xc, 0x24, 0x8, 0x5, 0x6, 0x7, "0d0a329ce2"}]}], [{{0x9, 0x5, 0x86, 0x10, 0x400, 0xf4, 0x8, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x2f, 0x8}]}}, {{0x9, 0x5, 0x0, 0x10, 0x40, 0x81, 0x3, 0xff}}, {{0x9, 0x5, 0x9, 0x1b, 0x8, 0xc, 0x7, 0x80}}]}}, {{0x9, 0x4, 0x4, 0x1, 0x3, 0x6, 0x12, 0xe7, 0x3, [], [{{0x9, 0x5, 0x9, 0x0, 0x0, 0x3, 0x0, 0x4}}, {{0x9, 0x5, 0x2, 0x2, 0x200, 0xf7, 0x81, 0x6}}, {{0x9, 0x5, 0x3, 0x3, 0x3ff, 0x8, 0x40, 0x4, [@generic={0x7, 0x5, "a6c6415a9f"}]}}]}}]}}]}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r2, 0x107, 0x12, &(0x7f0000000040)={0x0, 0x6}, 0x4) recvmsg$unix(0xffffffffffffffff, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_procs(r3, &(0x7f0000000200)='cgroup.procs\x00', 0x2, 0x0) write$cgroup_pid(r4, &(0x7f0000000c40), 0x12) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r5 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r6 = openat$cgroup_procs(r5, &(0x7f0000000840)='tasks\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f0000000880), 0x12) syz_emit_ethernet(0x3e, &(0x7f0000000500)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x7, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x6, 0x0, @dev, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@noop, @timestamp_prespec={0x44, 0x4}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x0, 0x5}}}}}}, 0x0) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000010bd283509000000000001090224000100000000090400000103000000092100000001220700090581030000000000"], 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000040)={0x0, r0}, 0x8) bpf$MAP_CREATE(0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="8a7226ea3c00"/25, @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x50) dup(r0) syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x2200) socket$nl_netfilter(0x10, 0x3, 0xc) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000240)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64=r7, @ANYRES64=0x0, @ANYRESHEX=r7], 0x20) 963.341064ms ago: executing program 3 (id=594): r0 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'\x00', 0x1}) ioctl$TUNSETLINK(r0, 0x400454cd, 0x337) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000180)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) listen(r1, 0x3f7) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet6(r2, 0x0, 0x0, 0x24000004, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @empty}, 0x1c) r3 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r3, &(0x7f0000000140)=[{&(0x7f00000001c0)="580000001400192340834b80040d8c560a067f0202ff000000000000000058000b4824ca945f64009400ff0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100040c10000000010000000000", 0x58}], 0x1) 698.482669ms ago: executing program 4 (id=595): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = dup(r0) write$UHID_INPUT(r1, &(0x7f00000010c0)={0xb, {"a2e3ad21ed9b52f91b5d370987f70e06d038e7ff7fc6e5539b3247298b089b3408356d090890e0878f0e1ac6e7049b3350959bfc9a240d2567f3988f7ef319520100ffe8d178708c523c921b1b9b31070d074b0936cd3b78130daa61d8e809ea882f5802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb056d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498be0800000000000000f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6efcffac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ec126c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b8247068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d97b9a6d6d5495c198045651cf4778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c5409711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e24919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7348663a52190202c7af288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f00000000000000000000b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d53588a0f9455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d664130bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7899484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ea4cd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f031755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb24ee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x10c0}}, 0x1006) 568.396542ms ago: executing program 3 (id=596): r0 = socket$igmp(0x2, 0x3, 0x2) openat$dsp1(0xffffffffffffff9c, &(0x7f0000000280), 0xa709faed8b0a09be, 0x0) syz_usb_connect(0x2, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000794a29408c46ea906d990102030109022400010000000009040000010e010100"], 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) ioctl$vim2m_VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, &(0x7f0000000080)={0x4, 0x2, 0x0, "a68c30eaf375ef0c06000000bb8e45abf53700", 0x59565955}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(0xffffffffffffffff, 0xc01064b5, 0x0) execveat(r0, 0x0, 0x0, 0x0, 0x400) syz_emit_ethernet(0x5e, 0x0, 0x0) setxattr$trusted_overlay_opaque(&(0x7f0000000140)='./file2\x00', &(0x7f0000000180), &(0x7f00000001c0), 0x2, 0x2) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r2 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fstat(r2, &(0x7f0000000180)) mkdirat(0xffffffffffffffff, &(0x7f00000010c0)='./file2\x00', 0x121) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0x5, 0xffff}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_REFILL_DELAY={0x8, 0x9, 0xfffffff8}, @TCA_FQ_BUCKETS_LOG={0x8}]}}]}, 0x40}}, 0x0) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000001180)={&(0x7f0000001600)=ANY=[@ANYBLOB="9feb010008000000000000000c0000000c000000030000000c0000000000000205000000006100ddf6e7bf185de90a0468b31a15de6738da69369d28c62131c1a9163e5348e800311f52934b120be61bc520090643903458fcc1b2028f87532e71e2586d158599f60b895d7b87ad0b420b738db75800e0e43abfac68541f14bb92bd6a4d0bfdd781eabea3ad5dce3fb8ff42ec57d0e8c739ce32c75b1ccf77bdb887817de66b508d1887ea7ea14c43083397aa59c6194d74685b18bd2cb043a135ee9b94a036011c71cdc1b90d89ec74c4cdeb249ebd1e6ad56fe3e5be3ba8246e0f44437678af2da8e1c38b15403a7da36fdf5ec3a3ab839858ad57cbc47bf28f6f"], &(0x7f0000001340)=""/201, 0x27, 0xc9, 0x0, 0x7, 0x0, @void, @value}, 0x20) bpf$MAP_CREATE(0x0, &(0x7f0000001440)=@bloom_filter={0x1e, 0x10001, 0x9, 0x8, 0x250, r2, 0x5bb, '\x00', r5, r6, 0x80004, 0x5, 0x8002, 0x3, @void, @value, @void, @value}, 0x50) r7 = openat$procfs(0xffffffffffffff9c, &(0x7f0000001280)='/proc/sysvipc/sem\x00', 0x0, 0x0) read$hiddev(r7, &(0x7f00000000c0)=""/4092, 0xffc) preadv(r7, &(0x7f0000001300)=[{&(0x7f0000000040)=""/7, 0x7}], 0x1, 0x0, 0x0) r8 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r8, 0xaf01, 0x0) ioctl$EXT4_IOC_GETSTATE(r8, 0x4008af24, &(0x7f0000000080)) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x0) 411.100779ms ago: executing program 2 (id=597): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x1e, &(0x7f0000000080)=0x400000001, 0x4) r0 = socket$inet6(0xa, 0x805, 0x0) getsockopt$bt_hci(r0, 0x84, 0x81, &(0x7f0000000080)=""/4076, 0x0) 318.420308ms ago: executing program 4 (id=598): bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x2, 0x0, @empty}, 0x1c) listen(r0, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0xa, &(0x7f0000002180)=0x3, 0x4) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20000004, &(0x7f0000b63fe4)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) openat$cgroup_procs(0xffffffffffffffff, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmmsg$inet6(0xffffffffffffffff, 0x0, 0x0, 0x20044051) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$sock_int(r1, 0x1, 0x7, &(0x7f0000000180)=0xffffffff, 0x4) sendto$inet6(r1, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090011006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) shutdown(r1, 0x1) 20.377832ms ago: executing program 2 (id=599): preadv(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0x8, &(0x7f0000000100)=0x40049, 0x4) recvmmsg(r1, &(0x7f0000000480)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000003c0)=""/11, 0x17}}], 0x400000000000179, 0x0, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x4001, 0x0, @dev={0xfe, 0x80, '\x00', 0x1b}, 0xd}, 0x1c) write$binfmt_script(r0, &(0x7f0000000200), 0xfffffd9d) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000005c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x2, &(0x7f0000000100)={&(0x7f00000003c0)=ANY=[@ANYBLOB="7c0000001000010400"/20, @ANYRES32, @ANYBLOB="00000000000000005c001280110001006272696467655f736c617665000000004400058005000900000000000500200001000000050008000000000006001f00000000000800030004"], 0x7c}}, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@bloom_filter={0x1e, 0x7f, 0x8, 0x5, 0x2050, 0xffffffffffffffff, 0xea, '\x00', 0x0, 0xffffffffffffffff, 0x4, 0x5, 0x1, 0x1, @void, @value, @void, @value}, 0x50) getsockopt$kcm_KCM_RECV_DISABLE(0xffffffffffffffff, 0x65, 0x5, 0x0, 0x20000000) 0s ago: executing program 4 (id=600): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0) fcntl$lock(r0, 0x26, &(0x7f0000000000)={0x2}) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='freezer.state\x00', 0x275a, 0x0) fcntl$lock(r1, 0x7, &(0x7f0000000180)={0x1}) r2 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) sched_setscheduler(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) syz_io_uring_setup(0x2000003, &(0x7f0000000300)={0x0, 0x84ac, 0x16, 0x4003, 0x3c0, 0x0, r4}, 0x0, &(0x7f0000000280)) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) r5 = signalfd4(0xffffffffffffffff, &(0x7f0000000100), 0x8, 0x800) io_setup(0x206, &(0x7f0000000200)=0x0) io_submit(r6, 0x1, &(0x7f00000005c0)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x0, r5, &(0x7f0000000200)="951aa14bd6f68579cac67c83bf8d4500e5cea1bb1596d4ee6645bd8dba2b0c966867d8e1fa16fa7cacb9214070a622a2c57b89075f5ab85c7b5b2c41edc9d2cd5a2c95ed75c2f72425be9c1a2df1b61ac59ba042a40166b9208e9d2e423c32ad8e47adedf5dc425c6bcb031fb2230835d41afc23476eaed7242f19d88173216c", 0x80}]) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) ftruncate(0xffffffffffffffff, 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f00000043c0)=ANY=[@ANYBLOB="12010004010000c4a8a700"/24], 0x0) creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) syz_usb_connect$hid(0x4, 0x3f, &(0x7f00000002c0)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x20, 0x46d, 0xc531, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x30, 0xf0, 0x7, [{{0x9, 0x4, 0x0, 0x21, 0x2, 0x3, 0x1, 0x3, 0x0, {0x9, 0x21, 0x5, 0xf8, 0x1, {0x22, 0xae1}}, {{{0x9, 0x5, 0x81, 0x3, 0x268, 0x0, 0x5, 0xd}}, [{{0x9, 0x5, 0x2, 0x3, 0x3ff, 0x6, 0x7, 0x6}}]}}}]}}]}}, &(0x7f0000000140)={0xa, &(0x7f00000003c0)={0xa, 0x6, 0x110, 0x4, 0xad, 0xb, 0x40, 0x4}, 0x2c, &(0x7f00000005c0)=ANY=[@ANYBLOB="050f2c00028cfde458d306ee20100a06250100000077b0010000ff0030000000c000000000ff0000c0ff0000"], 0x3, [{0x0, 0x0}, {0xc8, &(0x7f00000004c0)=@string={0xc8, 0x3, "6dda01467ddbb4ff79430ac61d545425a890c31db1fa8fab5a2923f103c1a08a88082137767ef068bb1b4fcbc3bc8e299d1cfa36bbc9d6e3a2e3f196654e1bd075fa4b76a4a9a2f7cdf80a482479e13f22aaa5b9407549423a4deb814efb9869a975ea3e91a5f7c47b91582db972fd21e92cba000579bf4a1e69acadee77fa522e93d05143064eb98a2b8e883885f4b7c5140c41113f3caae6d3b11aa20e5b3646e6e165298cf2fd859c20f91412a13a57c090190329cf57082396f5f43b576dec216bc0887c"}}, {0xb2, &(0x7f0000000680)=ANY=[@ANYBLOB="b203ace243468fd6dbe3983ab7d908ee7026cddb08b34adac711a7c0086512b9ccc62a8a847dacfffcaf811c1e001aaf593975292eb713c45dd730f853d989d587220118aaeee2b4175071391ba49822563b96bc9f3a5e21dc1d444334b57eb46f550c6b13a3031003d0a2929a2956fc511d7a0487333f73f76abec844db4df623d65f26110567d60411fff2981b68bf56317a48f7ff6605273c264975df7dd4d4748d293fb2962fa16d1629e562046209dc"]}]}) execve(0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000740)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007baaf8ff00000000b508020000000000db8a120001000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000800000018230000", @ANYBLOB="bff5574daffd5a94d4924be9939dfe221c84140485a8491b61734d1e20b1d49eb03a72559394b9075b443866c2a564cf24a6b84f629128bb9b3dd8ebb02cb34891f4199d98ac32a477879270ca5a3f6fa681e0997593bfa4766bba3bffc7aba2f35ef7a1ef264917c6784ec9c93a9e931c3d443a19b89ddb78207a6bb21c6ae5e994e994b5cdf6a66d1abb350f0500563a4ef70e96d578439ad8d4e18d43aaa4cbafa2bbf40471afbd014860d1cede9c12427242d84a8edba69794abca1d4fce"], &(0x7f0000000300)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3, @void, @value}, 0x94) quotactl_fd$Q_SYNC(r1, 0xffffffff80000101, 0x0, 0x0) kernel console output (not intermixed with test programs): 5-1:162.4: required interrupt-in endpoint missing [ 151.115610][ T937] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.144200][ T6245] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 151.159939][ T5280] usb 5-1: USB disconnect, device number 16 [ 151.478796][ T46] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 151.672686][ T46] usb 3-1: Using ep0 maxpacket: 8 [ 151.725819][ T46] usb 3-1: config 162 has an invalid interface number: 162 but max is 1 [ 151.796441][ T46] usb 3-1: config 162 has an invalid interface number: 4 but max is 1 [ 151.804929][ T46] usb 3-1: config 162 has no interface number 0 [ 151.814244][ T46] usb 3-1: config 162 has no interface number 1 [ 151.820759][ T46] usb 3-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 151.834043][ T46] usb 3-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 151.846307][ T46] usb 3-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 151.858084][ T46] usb 3-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 151.870101][ T46] usb 3-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 151.880906][ T46] usb 3-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 151.894226][ T46] usb 3-1: config 162 interface 162 has no altsetting 0 [ 151.901335][ T46] usb 3-1: config 162 interface 4 has no altsetting 0 [ 151.950719][ T46] usb 3-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 151.960316][ T46] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.969218][ T46] usb 3-1: Product: syz [ 151.973432][ T46] usb 3-1: Manufacturer: syz [ 151.978073][ T46] usb 3-1: SerialNumber: syz [ 152.478511][ T6267] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 152.575972][ T6267] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 152.840342][ T5288] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 152.949536][ T6279] futex_wake_op: syz.1.204 tries to shift op by -1; fix this program [ 153.058832][ T5288] usb 4-1: Using ep0 maxpacket: 8 [ 153.066100][ T5288] usb 4-1: config 162 has an invalid interface number: 162 but max is 1 [ 153.085432][ T5288] usb 4-1: config 162 has an invalid interface number: 4 but max is 1 [ 153.098477][ T5288] usb 4-1: config 162 has no interface number 0 [ 153.128455][ T5288] usb 4-1: config 162 has no interface number 1 [ 153.150031][ T5288] usb 4-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 153.173803][ T5288] usb 4-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 153.202100][ T5288] usb 4-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 153.221747][ T5288] usb 4-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 153.242230][ T5288] usb 4-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 153.271538][ T5288] usb 4-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 153.295952][ T5288] usb 4-1: config 162 interface 162 has no altsetting 0 [ 153.305697][ T5288] usb 4-1: config 162 interface 4 has no altsetting 0 [ 153.350455][ T5288] usb 4-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 153.392148][ T5288] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 153.454768][ T5288] usb 4-1: Product: syz [ 153.482257][ T5288] usb 4-1: Manufacturer: syz [ 153.492440][ T5288] usb 4-1: SerialNumber: syz [ 153.618030][ T937] usb 1-1: USB disconnect, device number 16 [ 153.618099][ C0] xpad 1-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 153.618139][ C0] xpad 1-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 153.967596][ T6289] netlink: 'syz.1.205': attribute type 21 has an invalid length. [ 154.026799][ T6286] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 154.055796][ T6289] netlink: 128 bytes leftover after parsing attributes in process `syz.1.205'. [ 154.125512][ T6286] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 154.155131][ T46] pl2303 3-1:162.162: required endpoints missing [ 154.181711][ T46] pl2303 3-1:162.4: required interrupt-in endpoint missing [ 154.251548][ T46] usb 3-1: USB disconnect, device number 14 [ 154.349444][ T5278] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 154.488862][ T5278] usb 5-1: device descriptor read/64, error -71 [ 154.586040][ T5288] pl2303 4-1:162.162: required endpoints missing [ 154.618412][ T5288] pl2303 4-1:162.4: required interrupt-in endpoint missing [ 154.641415][ T5288] usb 4-1: USB disconnect, device number 21 [ 154.719065][ T5280] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 154.738906][ T5278] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 154.879011][ T5278] usb 5-1: device descriptor read/64, error -71 [ 154.909944][ T5280] usb 1-1: Using ep0 maxpacket: 8 [ 154.947435][ T5280] usb 1-1: config 162 has an invalid interface number: 162 but max is 1 [ 154.976883][ T5280] usb 1-1: config 162 has an invalid interface number: 4 but max is 1 [ 154.997335][ T5280] usb 1-1: config 162 has no interface number 0 [ 155.022400][ T5280] usb 1-1: config 162 has no interface number 1 [ 155.042888][ T5278] usb usb5-port1: attempt power cycle [ 155.052120][ T5280] usb 1-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 155.106046][ T5280] usb 1-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 155.136112][ T5280] usb 1-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 155.166974][ T5280] usb 1-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 155.200979][ T29] kauditd_printk_skb: 319 callbacks suppressed [ 155.201008][ T29] audit: type=1326 audit(1726828146.019:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc59fd74ea7 code=0x7ffc0000 [ 155.208676][ T5280] usb 1-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 155.277476][ T29] audit: type=1326 audit(1726828146.059:1343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc59fd19879 code=0x7ffc0000 [ 155.299827][ C0] vkms_vblank_simulate: vblank timer overrun [ 155.346479][ T5280] usb 1-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 155.374178][ T29] audit: type=1326 audit(1726828146.059:1344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc59fd74ea7 code=0x7ffc0000 [ 155.414322][ T5280] usb 1-1: config 162 interface 162 has no altsetting 0 [ 155.428721][ T5278] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 155.444715][ T29] audit: type=1326 audit(1726828146.059:1345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc59fd19879 code=0x7ffc0000 [ 155.466921][ C0] vkms_vblank_simulate: vblank timer overrun [ 155.482315][ T5280] usb 1-1: config 162 interface 4 has no altsetting 0 [ 155.511771][ T29] audit: type=1326 audit(1726828146.059:1346): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc59fd7df33 code=0x7ffc0000 [ 155.520996][ T5278] usb 5-1: device descriptor read/8, error -71 [ 155.534538][ C0] vkms_vblank_simulate: vblank timer overrun [ 155.541116][ T29] audit: type=1326 audit(1726828146.059:1347): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fc59fd7df33 code=0x7ffc0000 [ 155.628017][ T5280] usb 1-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 155.656279][ T5280] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.666328][ T29] audit: type=1326 audit(1726828146.079:1348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fc59fd74ea7 code=0x7ffc0000 [ 155.678690][ T5280] usb 1-1: Product: syz [ 155.707915][ T5280] usb 1-1: Manufacturer: syz [ 155.712744][ T5280] usb 1-1: SerialNumber: syz [ 155.735967][ T29] audit: type=1326 audit(1726828146.079:1349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fc59fd19879 code=0x7ffc0000 [ 155.772243][ T29] audit: type=1326 audit(1726828146.079:1350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 155.850873][ T29] audit: type=1326 audit(1726828146.079:1351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6300 comm="syz.2.211" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 155.900104][ T5278] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 155.938731][ T5281] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 155.953187][ T5278] usb 5-1: device descriptor read/8, error -71 [ 156.055644][ T6314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 156.070037][ T5278] usb usb5-port1: unable to enumerate USB device [ 156.076617][ T6314] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 156.098681][ T5281] usb 3-1: Using ep0 maxpacket: 8 [ 156.126708][ T6314] netlink: 68 bytes leftover after parsing attributes in process `syz.0.209'. [ 156.147149][ T5281] usb 3-1: config 162 has an invalid interface number: 162 but max is 1 [ 156.175046][ T5281] usb 3-1: config 162 has an invalid interface number: 4 but max is 1 [ 156.199397][ T6316] futex_wake_op: syz.1.216 tries to shift op by -1; fix this program [ 156.200730][ T5281] usb 3-1: config 162 has no interface number 0 [ 156.297092][ T5281] usb 3-1: config 162 has no interface number 1 [ 156.331566][ T5281] usb 3-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 156.367468][ T5281] usb 3-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 156.381536][ T5281] usb 3-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 156.396256][ T5281] usb 3-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 156.427554][ T5281] usb 3-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 156.444765][ T5281] usb 3-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 156.464389][ T5281] usb 3-1: config 162 interface 162 has no altsetting 0 [ 156.477511][ T5281] usb 3-1: config 162 interface 4 has no altsetting 0 [ 156.516232][ T5281] usb 3-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 156.527407][ T5281] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.536624][ T5281] usb 3-1: Product: syz [ 156.541688][ T5281] usb 3-1: Manufacturer: syz [ 156.546892][ T5281] usb 3-1: SerialNumber: syz [ 156.655225][ T5280] pl2303 1-1:162.162: required endpoints missing [ 156.667733][ T5280] pl2303 1-1:162.4: required interrupt-in endpoint missing [ 156.697582][ T5280] usb 1-1: USB disconnect, device number 17 [ 156.848684][ T6322] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 156.864799][ T6322] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 157.116298][ T5281] pl2303 3-1:162.162: required endpoints missing [ 157.147872][ T5281] pl2303 3-1:162.4: required interrupt-in endpoint missing [ 157.162867][ T5281] usb 3-1: USB disconnect, device number 15 [ 157.489836][ T5226] Bluetooth: hci4: unexpected subevent 0x1a length: 10 > 6 [ 157.509283][ T6333] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 157.516014][ T6333] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 157.543563][ T6333] vhci_hcd vhci_hcd.0: Device attached [ 157.623400][ T6341] netlink: 'syz.4.222': attribute type 21 has an invalid length. [ 157.665196][ T6341] netlink: 128 bytes leftover after parsing attributes in process `syz.4.222'. [ 157.778769][ T5281] usb 9-1: new high-speed USB device number 2 using vhci_hcd [ 158.061938][ T5276] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 158.220660][ T5276] usb 1-1: Using ep0 maxpacket: 8 [ 158.245987][ T5276] usb 1-1: config 0 has no interfaces? [ 158.265942][ T5276] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 158.318446][ T5276] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.368840][ T5276] usb 1-1: Product: syz [ 158.382778][ T5276] usb 1-1: Manufacturer: syz [ 158.387455][ T5276] usb 1-1: SerialNumber: syz [ 158.404464][ T5276] usb 1-1: config 0 descriptor?? [ 159.380383][ T5276] usb 1-1: USB disconnect, device number 18 [ 159.404432][ T6334] vhci_hcd: connection reset by peer [ 159.427579][ T52] vhci_hcd: stop threads [ 159.438904][ T52] vhci_hcd: release socket [ 159.445702][ T52] vhci_hcd: disconnect device [ 159.836708][ T937] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 159.957877][ T6374] futex_wake_op: syz.4.229 tries to shift op by -1; fix this program [ 160.067094][ T937] usb 1-1: Using ep0 maxpacket: 8 [ 160.083189][ T937] usb 1-1: config 162 has an invalid interface number: 162 but max is 1 [ 160.100403][ T937] usb 1-1: config 162 has an invalid interface number: 4 but max is 1 [ 160.116389][ T937] usb 1-1: config 162 has no interface number 0 [ 160.153238][ T937] usb 1-1: config 162 has no interface number 1 [ 160.210095][ T29] kauditd_printk_skb: 231 callbacks suppressed [ 160.210117][ T29] audit: type=1326 audit(1726828151.029:1583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6353 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbc30974ea7 code=0x7ffc0000 [ 160.242369][ T29] audit: type=1326 audit(1726828151.029:1584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6353 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbc30919879 code=0x7ffc0000 [ 160.265080][ T937] usb 1-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 160.265132][ T937] usb 1-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 160.265164][ T937] usb 1-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 160.265195][ T937] usb 1-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 160.265229][ T937] usb 1-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 160.265258][ T937] usb 1-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 160.265290][ T937] usb 1-1: config 162 interface 162 has no altsetting 0 [ 160.265314][ T937] usb 1-1: config 162 interface 4 has no altsetting 0 [ 160.283315][ T937] usb 1-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 160.366296][ T937] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.392569][ T937] usb 1-1: Product: syz [ 160.403150][ T937] usb 1-1: Manufacturer: syz [ 160.408958][ T937] usb 1-1: SerialNumber: syz [ 160.467999][ T29] audit: type=1326 audit(1726828151.029:1585): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6353 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3097def9 code=0x7ffc0000 [ 160.688909][ T29] audit: type=1326 audit(1726828151.059:1586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6353 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbc30974ea7 code=0x7ffc0000 [ 160.824054][ T6377] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 160.829412][ T29] audit: type=1326 audit(1726828151.059:1587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6353 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbc30919879 code=0x7ffc0000 [ 160.885353][ T6377] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 160.977290][ T29] audit: type=1326 audit(1726828151.059:1588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6353 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3097def9 code=0x7ffc0000 [ 160.999796][ C0] vkms_vblank_simulate: vblank timer overrun [ 161.086389][ T29] audit: type=1326 audit(1726828151.109:1589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6353 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbc30974ea7 code=0x7ffc0000 [ 161.174606][ T29] audit: type=1326 audit(1726828151.109:1590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6353 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7fbc30919879 code=0x7ffc0000 [ 161.196913][ C0] vkms_vblank_simulate: vblank timer overrun [ 161.220040][ T5280] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 161.273433][ T29] audit: type=1326 audit(1726828151.109:1591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6353 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3097def9 code=0x7ffc0000 [ 161.330616][ T6384] wg2: entered promiscuous mode [ 161.341885][ T29] audit: type=1326 audit(1726828151.129:1592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6353 comm="syz.1.225" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7fbc30974ea7 code=0x7ffc0000 [ 161.365084][ T6384] wg2: entered allmulticast mode [ 161.389477][ T5280] usb 4-1: Using ep0 maxpacket: 8 [ 161.426542][ T937] pl2303 1-1:162.162: required endpoints missing [ 161.437119][ T5280] usb 4-1: config 162 has an invalid interface number: 162 but max is 1 [ 161.437678][ T937] pl2303 1-1:162.4: required interrupt-in endpoint missing [ 161.472901][ T937] usb 1-1: USB disconnect, device number 19 [ 161.480654][ T5280] usb 4-1: config 162 has an invalid interface number: 4 but max is 1 [ 161.496811][ T5280] usb 4-1: config 162 has no interface number 0 [ 161.523457][ T5278] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 161.540731][ T5280] usb 4-1: config 162 has no interface number 1 [ 161.579620][ T5280] usb 4-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 161.608820][ T5280] usb 4-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 161.619934][ T5280] usb 4-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 161.637449][ T5280] usb 4-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 161.649679][ T5280] usb 4-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 161.660409][ T5280] usb 4-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 161.673789][ T5280] usb 4-1: config 162 interface 162 has no altsetting 0 [ 161.681286][ T5280] usb 4-1: config 162 interface 4 has no altsetting 0 [ 161.703104][ T5280] usb 4-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 161.712718][ T5280] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.720937][ T5280] usb 4-1: Product: syz [ 161.725146][ T5280] usb 4-1: Manufacturer: syz [ 161.731826][ T5280] usb 4-1: SerialNumber: syz [ 161.778802][ T5278] usb 5-1: Using ep0 maxpacket: 8 [ 161.790516][ T5278] usb 5-1: config 162 has an invalid interface number: 162 but max is 1 [ 161.817638][ T5278] usb 5-1: config 162 has an invalid interface number: 4 but max is 1 [ 161.838307][ T5278] usb 5-1: config 162 has no interface number 0 [ 161.849671][ T5278] usb 5-1: config 162 has no interface number 1 [ 161.865132][ T5278] usb 5-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 161.898923][ T5278] usb 5-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 161.913743][ T5278] usb 5-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 161.927267][ T5278] usb 5-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 161.940948][ T5278] usb 5-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 161.958817][ T5278] usb 5-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 161.973082][ T5278] usb 5-1: config 162 interface 162 has no altsetting 0 [ 161.980349][ T5278] usb 5-1: config 162 interface 4 has no altsetting 0 [ 161.994821][ T5278] usb 5-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 162.005603][ T5278] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 162.013999][ T5278] usb 5-1: Product: syz [ 162.018245][ T5278] usb 5-1: Manufacturer: syz [ 162.022923][ T5278] usb 5-1: SerialNumber: syz [ 162.185295][ T6401] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.219782][ T6401] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 162.308146][ T6401] netlink: 68 bytes leftover after parsing attributes in process `syz.3.233'. [ 162.339237][ T6407] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.376706][ T6407] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 162.477313][ T6408] wg2: entered promiscuous mode [ 162.525785][ T6408] wg2: entered allmulticast mode [ 162.981970][ T5280] pl2303 4-1:162.162: required endpoints missing [ 163.022626][ T5280] pl2303 4-1:162.4: required interrupt-in endpoint missing [ 163.041185][ T5281] vhci_hcd: vhci_device speed not set [ 163.099988][ T5280] usb 4-1: USB disconnect, device number 22 [ 163.318997][ T5288] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 163.482164][ T5278] pl2303 5-1:162.162: required endpoints missing [ 163.494657][ T5288] usb 3-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98 [ 163.508777][ T5288] usb 3-1: New USB device strings: Mfr=16, Product=0, SerialNumber=0 [ 163.523693][ T5278] pl2303 5-1:162.4: required interrupt-in endpoint missing [ 163.535625][ T5288] usb 3-1: Manufacturer: syz [ 163.551912][ T5278] usb 5-1: USB disconnect, device number 21 [ 163.562478][ T5288] usb 3-1: config 0 descriptor?? [ 163.583632][ T5288] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 163.607794][ T5288] ftdi_sio ttyUSB0: unknown device type: 0xc698 [ 163.849366][ T5278] usb 3-1: USB disconnect, device number 16 [ 163.884695][ T5278] ftdi_sio 3-1:0.0: device disconnected [ 164.518889][ T5281] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 164.616404][ T6464] pim6reg1: entered promiscuous mode [ 164.627072][ T6464] pim6reg1: entered allmulticast mode [ 164.679224][ T5281] usb 4-1: Using ep0 maxpacket: 8 [ 164.686261][ T5281] usb 4-1: config 162 has an invalid interface number: 162 but max is 1 [ 164.695778][ T5281] usb 4-1: config 162 has an invalid interface number: 4 but max is 1 [ 164.736210][ T5281] usb 4-1: config 162 has no interface number 0 [ 164.751226][ T5281] usb 4-1: config 162 has no interface number 1 [ 164.776152][ T5281] usb 4-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 164.833393][ T5281] usb 4-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 164.873671][ T5281] usb 4-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 164.907233][ T5281] usb 4-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 164.940189][ T5281] usb 4-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 164.963118][ T5281] usb 4-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 164.999027][ T5281] usb 4-1: config 162 interface 162 has no altsetting 0 [ 165.006394][ T5281] usb 4-1: config 162 interface 4 has no altsetting 0 [ 165.029805][ T5281] usb 4-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 165.040736][ T5281] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.059742][ T5281] usb 4-1: Product: syz [ 165.094816][ T5281] usb 4-1: Manufacturer: syz [ 165.099941][ T5281] usb 4-1: SerialNumber: syz [ 165.580434][ T6503] netlink: 144 bytes leftover after parsing attributes in process `syz.1.284'. [ 165.617195][ T6497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 165.653115][ T6497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 165.687000][ T6497] netlink: 68 bytes leftover after parsing attributes in process `syz.3.258'. [ 166.078960][ T5281] pl2303 4-1:162.162: required endpoints missing [ 166.107465][ T5281] pl2303 4-1:162.4: required interrupt-in endpoint missing [ 166.134839][ T5281] usb 4-1: USB disconnect, device number 23 [ 166.775455][ T6543] pim6reg1: entered promiscuous mode [ 166.781640][ T6543] pim6reg1: entered allmulticast mode [ 167.125894][ T6557] sit0: entered promiscuous mode [ 167.131277][ T6557] sit0: entered allmulticast mode [ 167.392356][ T6570] bridge0: port 3(hsr_slave_1) entered blocking state [ 167.399775][ T6570] bridge0: port 3(hsr_slave_1) entered disabled state [ 167.407001][ T6570] hsr_slave_1: entered allmulticast mode [ 167.489561][ T6570] hsr_slave_1: left allmulticast mode [ 168.989512][ T6628] pim6reg1: entered promiscuous mode [ 169.007423][ T6628] pim6reg1: entered allmulticast mode [ 169.349488][ T6641] pim6reg1: entered promiscuous mode [ 169.395176][ T6641] pim6reg1: entered allmulticast mode [ 169.885836][ T6655] syzkaller0: entered promiscuous mode [ 169.922546][ T6655] syzkaller0: entered allmulticast mode [ 170.158884][ T6663] syzkaller0: entered promiscuous mode [ 170.178186][ T6663] syzkaller0: entered allmulticast mode [ 171.981504][ T6562] coredump: 183(syz.3.304): written to core: VMAs: 35, size 97345536; core: 59945982 bytes, pos 97353728 [ 172.737355][ T6649] coredump: 203(syz.0.351): written to core: VMAs: 35, size 97345536; core: 59945982 bytes, pos 97353728 [ 178.027637][ T6741] netlink: 'syz.1.386': attribute type 21 has an invalid length. [ 178.066028][ T6741] netlink: 128 bytes leftover after parsing attributes in process `syz.1.386'. [ 178.099695][ T6736] loop7: detected capacity change from 0 to 16384 [ 178.630718][ T6746] kvm_intel: kvm [6734]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x1d9) = 0x1f800000095 [ 178.688328][ T6746] kvm_intel: kvm [6734]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x1d9) = 0x2400000009b [ 178.748832][ T6749] loop7: detected capacity change from 16384 to 16383 [ 179.331556][ T46] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 179.499439][ T46] usb 1-1: Using ep0 maxpacket: 8 [ 179.546745][ T46] usb 1-1: config 162 has an invalid interface number: 162 but max is 1 [ 179.563178][ T5288] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 179.613431][ T46] usb 1-1: config 162 has an invalid interface number: 4 but max is 1 [ 179.631361][ T46] usb 1-1: config 162 has no interface number 0 [ 179.639314][ T46] usb 1-1: config 162 has no interface number 1 [ 179.657717][ T46] usb 1-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 179.678862][ T46] usb 1-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 179.698309][ T46] usb 1-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 179.716287][ T46] usb 1-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 179.737653][ T46] usb 1-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 179.758372][ T5288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 179.780076][ T46] usb 1-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 179.799714][ T5288] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 179.816495][ T46] usb 1-1: config 162 interface 162 has no altsetting 0 [ 179.850122][ T5288] usb 3-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 179.866215][ T46] usb 1-1: config 162 interface 4 has no altsetting 0 [ 179.877562][ T5288] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 179.891441][ T46] usb 1-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 179.913906][ T46] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 179.929228][ T46] usb 1-1: Product: syz [ 179.935263][ T46] usb 1-1: Manufacturer: syz [ 179.942916][ T5288] usb 3-1: config 0 descriptor?? [ 179.982887][ T46] usb 1-1: SerialNumber: syz [ 180.355148][ T6776] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 180.386141][ T5288] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 180.406809][ T5288] cm6533_jd 0003:0D8C:0022.0004: unknown main item tag 0x0 [ 180.437306][ T6776] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 180.477694][ T5288] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0D8C:0022.0004/input/input6 [ 180.495966][ C1] vkms_vblank_simulate: vblank timer overrun [ 180.740784][ T5288] cm6533_jd 0003:0D8C:0022.0004: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.2-1/input0 [ 181.967623][ T5288] usb 3-1: reset high-speed USB device number 17 using dummy_hcd [ 182.264472][ T6791] futex_wake_op: syz.4.400 tries to shift op by -1; fix this program [ 183.362289][ T46] pl2303 1-1:162.162: required endpoints missing [ 183.382503][ T46] pl2303 1-1:162.4: required interrupt-in endpoint missing [ 183.443185][ T46] usb 1-1: USB disconnect, device number 20 [ 183.634051][ T6850] netlink: 'syz.3.402': attribute type 21 has an invalid length. [ 183.647375][ T6850] netlink: 128 bytes leftover after parsing attributes in process `syz.3.402'. [ 183.914771][ T6858] netlink: 'syz.4.404': attribute type 21 has an invalid length. [ 183.935772][ T6858] netlink: 128 bytes leftover after parsing attributes in process `syz.4.404'. [ 184.198147][ T6863] netlink: 44 bytes leftover after parsing attributes in process `syz.0.408'. [ 184.558068][ T5278] usb 3-1: USB disconnect, device number 17 [ 184.753473][ T5277] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 185.018991][ T5224] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 185.092245][ T5277] usb 4-1: Using ep0 maxpacket: 32 [ 185.128804][ T5288] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 185.143928][ T5277] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 185.209570][ T5224] usb 1-1: Using ep0 maxpacket: 16 [ 185.222013][ T5277] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 185.267305][ T5224] usb 1-1: config 0 has no interfaces? [ 185.288709][ T5277] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 185.304320][ T5224] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 185.327261][ T5277] usb 4-1: config 0 descriptor?? [ 185.337323][ T5224] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.359112][ T5288] usb 2-1: Using ep0 maxpacket: 32 [ 185.366938][ T5277] hub 4-1:0.0: bad descriptor, ignoring hub [ 185.399826][ T5224] usb 1-1: Product: syz [ 185.413987][ T6870] kvm_intel: kvm [6864]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x1d9) = 0x1f800000095 [ 185.434792][ T5288] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 185.456048][ T6870] kvm_intel: kvm [6864]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x1d9) = 0x2400000009b [ 185.483966][ T5277] hub 4-1:0.0: probe with driver hub failed with error -5 [ 185.493031][ T5288] usb 2-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 185.495427][ T5224] usb 1-1: Manufacturer: syz [ 185.538185][ T5288] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.544785][ T5277] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 185.572412][ T5224] usb 1-1: SerialNumber: syz [ 185.588452][ T5288] usb 2-1: Product: syz [ 185.622862][ T5288] usb 2-1: Manufacturer: syz [ 185.645740][ T5224] usb 1-1: config 0 descriptor?? [ 185.655049][ T5288] usb 2-1: SerialNumber: syz [ 185.733795][ T5288] usb 2-1: config 0 descriptor?? [ 185.775967][ T6875] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 185.844492][ T5288] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 186.176949][ T6869] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.287729][ T6869] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.398322][ T6893] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.431085][ T5288] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 186.453289][ T6893] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.527557][ T6893] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 186.551051][ C1] vkms_vblank_simulate: vblank timer overrun [ 186.604430][ T6893] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 186.639000][ T5288] usb 5-1: Using ep0 maxpacket: 8 [ 186.659091][ T5288] usb 5-1: config 162 has an invalid interface number: 162 but max is 1 [ 186.682617][ T5288] usb 5-1: config 162 has an invalid interface number: 4 but max is 1 [ 186.703114][ T5280] usb 1-1: USB disconnect, device number 21 [ 186.738254][ T5288] usb 5-1: config 162 has no interface number 0 [ 186.757832][ T29] kauditd_printk_skb: 26 callbacks suppressed [ 186.757859][ T29] audit: type=1326 audit(1726828177.569:1619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.2.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 186.765916][ T5288] usb 5-1: config 162 has no interface number 1 [ 186.814919][ C1] vkms_vblank_simulate: vblank timer overrun [ 186.863302][ T5288] usb 5-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 186.887424][ C1] vkms_vblank_simulate: vblank timer overrun [ 186.910644][ T29] audit: type=1326 audit(1726828177.569:1620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.2.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 186.945823][ C1] vkms_vblank_simulate: vblank timer overrun [ 186.969227][ T5288] usb 5-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 187.015360][ T29] audit: type=1326 audit(1726828177.569:1621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.2.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 187.047791][ C1] vkms_vblank_simulate: vblank timer overrun [ 187.077580][ T5288] usb 5-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 187.105212][ C1] vkms_vblank_simulate: vblank timer overrun [ 187.132553][ T29] audit: type=1326 audit(1726828177.569:1622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.2.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 187.169576][ C1] vkms_vblank_simulate: vblank timer overrun [ 187.181410][ T5288] usb 5-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 187.202824][ T5288] usb 5-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 187.220288][ T5288] usb 5-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 187.238861][ T29] audit: type=1326 audit(1726828177.569:1623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.2.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 187.285520][ C1] vkms_vblank_simulate: vblank timer overrun [ 187.322883][ T5288] usb 5-1: config 162 interface 162 has no altsetting 0 [ 187.382993][ T5288] usb 5-1: config 162 interface 4 has no altsetting 0 [ 187.423866][ T6905] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 187.432010][ T5288] usb 5-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 187.487887][ T5288] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 187.514382][ T29] audit: type=1326 audit(1726828177.669:1624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.2.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 187.554116][ C1] vkms_vblank_simulate: vblank timer overrun [ 187.588726][ T5288] usb 5-1: Product: syz [ 187.608927][ T5288] usb 5-1: Manufacturer: syz [ 187.628724][ T5288] usb 5-1: SerialNumber: syz [ 187.702800][ T29] audit: type=1326 audit(1726828177.669:1625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.2.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 187.741961][ C1] vkms_vblank_simulate: vblank timer overrun [ 187.749882][ T6905] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 187.803154][ T29] audit: type=1326 audit(1726828177.669:1626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.2.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 187.842507][ C1] vkms_vblank_simulate: vblank timer overrun [ 188.018421][ T29] audit: type=1326 audit(1726828177.669:1627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.2.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 188.145426][ T29] audit: type=1326 audit(1726828177.669:1628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6899 comm="syz.2.417" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 188.186617][ C1] vkms_vblank_simulate: vblank timer overrun [ 188.338205][ T6909] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.496543][ T6909] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.604912][ T5280] usb 2-1: USB disconnect, device number 14 [ 188.905784][ T6915] netlink: 'syz.2.421': attribute type 21 has an invalid length. [ 188.923552][ T6915] netlink: 128 bytes leftover after parsing attributes in process `syz.2.421'. [ 189.702182][ T5280] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 190.072306][ T5280] usb 1-1: New USB device found, idVendor=0403, idProduct=6010, bcdDevice=c6.98 [ 190.090535][ T5280] usb 1-1: New USB device strings: Mfr=16, Product=0, SerialNumber=0 [ 190.162262][ T5280] usb 1-1: Manufacturer: syz [ 190.195393][ T5280] usb 1-1: config 0 descriptor?? [ 190.222222][ T5280] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 190.281707][ T5280] ftdi_sio ttyUSB0: unknown device type: 0xc698 [ 190.787936][ T5281] usb 1-1: USB disconnect, device number 22 [ 190.823284][ T5281] ftdi_sio 1-1:0.0: device disconnected [ 190.837996][ T5288] pl2303 5-1:162.162: required endpoints missing [ 191.026933][ T6936] netlink: 'syz.2.425': attribute type 21 has an invalid length. [ 191.076349][ T6936] netlink: 128 bytes leftover after parsing attributes in process `syz.2.425'. [ 191.101268][ T5288] pl2303 5-1:162.4: required interrupt-in endpoint missing [ 191.262822][ T5288] usb 5-1: USB disconnect, device number 22 [ 191.452971][ T5224] usb 4-1: USB disconnect, device number 24 [ 191.819654][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 191.819686][ T29] audit: type=1326 audit(1726828182.629:1689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3097def9 code=0x7ffc0000 [ 192.028123][ T29] audit: type=1326 audit(1726828182.629:1690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3097def9 code=0x7ffc0000 [ 192.077975][ T29] audit: type=1326 audit(1726828182.629:1691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7fbc3097def9 code=0x7ffc0000 [ 192.131426][ T29] audit: type=1326 audit(1726828182.629:1692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3097def9 code=0x7ffc0000 [ 192.216495][ T29] audit: type=1326 audit(1726828182.629:1693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3097def9 code=0x7ffc0000 [ 192.260750][ T29] audit: type=1326 audit(1726828182.629:1694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7fbc3097def9 code=0x7ffc0000 [ 192.311809][ T29] audit: type=1326 audit(1726828182.629:1695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3097def9 code=0x7ffc0000 [ 192.347816][ T29] audit: type=1326 audit(1726828182.629:1696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fbc3097def9 code=0x7ffc0000 [ 192.389682][ T29] audit: type=1326 audit(1726828182.629:1697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbc3097def9 code=0x7ffc0000 [ 192.446453][ T29] audit: type=1326 audit(1726828182.629:1698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6943 comm="syz.1.429" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fbc3097def9 code=0x7ffc0000 [ 192.464386][ T5226] Bluetooth: hci3: ISO packet for unknown connection handle 200 [ 192.753123][ T6958] futex_wake_op: syz.3.428 tries to shift op by -1; fix this program [ 193.027646][ T6968] netlink: 12 bytes leftover after parsing attributes in process `syz.4.434'. [ 193.308821][ T5281] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 193.483049][ T5281] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 193.531000][ T5281] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 193.580976][ T5281] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 193.608954][ T5224] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 193.628784][ T5281] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 193.638298][ T5281] usb 5-1: SerialNumber: syz [ 193.806863][ T5224] usb 4-1: Using ep0 maxpacket: 8 [ 193.816138][ T5224] usb 4-1: config 162 has an invalid interface number: 162 but max is 1 [ 193.842673][ T5224] usb 4-1: config 162 has an invalid interface number: 4 but max is 1 [ 193.901221][ T5281] usb 5-1: 0:2 : does not exist [ 193.909179][ T5281] usb 5-1: unit 11 not found! [ 193.918350][ T5224] usb 4-1: config 162 has no interface number 0 [ 193.973674][ T5224] usb 4-1: config 162 has no interface number 1 [ 194.001197][ T5281] usb 5-1: USB disconnect, device number 23 [ 194.010209][ T5224] usb 4-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 194.043264][ T5224] usb 4-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 194.101106][ T6686] udevd[6686]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 194.139138][ T5224] usb 4-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 194.191562][ T5224] usb 4-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 194.228168][ T6987] netlink: 'syz.0.441': attribute type 21 has an invalid length. [ 194.242625][ T5224] usb 4-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 194.256632][ T6987] netlink: 128 bytes leftover after parsing attributes in process `syz.0.441'. [ 194.320094][ T5224] usb 4-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 194.354819][ T5224] usb 4-1: config 162 interface 162 has no altsetting 0 [ 194.375771][ T5224] usb 4-1: config 162 interface 4 has no altsetting 0 [ 194.422393][ T5224] usb 4-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 194.442531][ T5224] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.498916][ T5224] usb 4-1: Product: syz [ 194.515540][ T5224] usb 4-1: Manufacturer: syz [ 194.526313][ T5224] usb 4-1: SerialNumber: syz [ 194.542880][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.555932][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.922437][ T6991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 195.000249][ T6991] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 195.936608][ T7006] futex_wake_op: syz.2.446 tries to shift op by -1; fix this program [ 196.639895][ T5224] pl2303 4-1:162.162: required endpoints missing [ 196.686404][ T5224] pl2303 4-1:162.4: required interrupt-in endpoint missing [ 196.787382][ T5224] usb 4-1: USB disconnect, device number 25 [ 196.999281][ T5277] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 197.186316][ T5277] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 197.306373][ T1068] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.331254][ C1] vkms_vblank_simulate: vblank timer overrun [ 197.375375][ T5277] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 197.395898][ T5277] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 197.422393][ T5277] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.464807][ T7015] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 197.494222][ T5277] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 197.615624][ T1068] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.702565][ T5277] usb 2-1: USB disconnect, device number 15 [ 197.879247][ T1068] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 197.947508][ T29] kauditd_printk_skb: 204 callbacks suppressed [ 197.947560][ T29] audit: type=1326 audit(1726828188.759:1903): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 198.006706][ T29] audit: type=1326 audit(1726828188.759:1904): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 198.051954][ T29] audit: type=1326 audit(1726828188.809:1905): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7027 comm="syz.3.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 198.104803][ T29] audit: type=1326 audit(1726828188.809:1906): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7027 comm="syz.3.457" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 198.176663][ T5280] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 198.228284][ T29] audit: type=1326 audit(1726828188.809:1907): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 198.269773][ T5226] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 198.294440][ T5226] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 198.314990][ T5226] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 198.325015][ T5277] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 198.334603][ T29] audit: type=1326 audit(1726828188.809:1908): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 198.373271][ C1] vkms_vblank_simulate: vblank timer overrun [ 198.390890][ T5226] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 198.403932][ T5226] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 198.415290][ T5226] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 198.502638][ T5280] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 198.503737][ T5277] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 198.539339][ T5277] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 198.564093][ T5277] usb 2-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice= 0.9c [ 198.580651][ T5277] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 198.595621][ T5280] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 198.597849][ T5277] usb 2-1: Product: syz [ 198.628876][ T29] audit: type=1326 audit(1726828188.809:1909): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 198.671309][ T1068] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 198.694660][ T5277] usb 2-1: Manufacturer: syz [ 198.709904][ T5277] usb 2-1: SerialNumber: syz [ 198.729800][ T5280] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 198.732096][ T5277] usb 2-1: config 0 descriptor?? [ 198.753125][ T29] audit: type=1326 audit(1726828188.809:1910): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 198.797073][ T5277] ims_pcu 2-1:0.0: Missing CDC union descriptor [ 198.808666][ T5280] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 198.821809][ T5277] ims_pcu 2-1:0.0: probe with driver ims_pcu failed with error -22 [ 198.848850][ T29] audit: type=1326 audit(1726828188.809:1911): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 198.897227][ T29] audit: type=1326 audit(1726828188.809:1912): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7028 comm="syz.2.458" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc59fd7def9 code=0x7ffc0000 [ 199.036503][ T5281] usb 2-1: USB disconnect, device number 16 [ 199.262427][ T5280] usb 1-1: string descriptor 0 read error: -71 [ 199.274181][ T5280] usb 1-1: USB disconnect, device number 23 [ 199.777318][ T1068] bridge_slave_1: left allmulticast mode [ 199.841330][ T1068] bridge_slave_1: left promiscuous mode [ 199.888981][ T1068] bridge0: port 2(bridge_slave_1) entered disabled state [ 199.947228][ T1068] bridge_slave_0: left allmulticast mode [ 200.013232][ T1068] bridge_slave_0: left promiscuous mode [ 200.058158][ T7053] futex_wake_op: syz.1.462 tries to shift op by -1; fix this program [ 200.128080][ T1068] bridge0: port 1(bridge_slave_0) entered disabled state [ 200.146829][ T5277] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 200.338904][ T5277] usb 1-1: Using ep0 maxpacket: 8 [ 200.382700][ T5277] usb 1-1: config 162 has an invalid interface number: 162 but max is 1 [ 200.448819][ T5277] usb 1-1: config 162 has an invalid interface number: 4 but max is 1 [ 200.538790][ T5226] Bluetooth: hci1: command tx timeout [ 200.559625][ T5277] usb 1-1: config 162 has no interface number 0 [ 200.609425][ T5277] usb 1-1: config 162 has no interface number 1 [ 200.698027][ T5277] usb 1-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 200.785039][ T5277] usb 1-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 200.859512][ T5277] usb 1-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 200.891727][ T5277] usb 1-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 200.927462][ T5277] usb 1-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 200.965943][ T5277] usb 1-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 201.069455][ T5277] usb 1-1: config 162 interface 162 has no altsetting 0 [ 201.102654][ T5277] usb 1-1: config 162 interface 4 has no altsetting 0 [ 201.154155][ T5277] usb 1-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 201.178083][ T5277] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.203938][ T5277] usb 1-1: Product: syz [ 201.219996][ T5277] usb 1-1: Manufacturer: syz [ 201.238640][ T5277] usb 1-1: SerialNumber: syz [ 201.534249][ T7049] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 201.610866][ T7049] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 201.630515][ T5280] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 201.821369][ T5280] usb 2-1: Using ep0 maxpacket: 8 [ 201.842458][ T5280] usb 2-1: config 162 has an invalid interface number: 162 but max is 1 [ 201.880344][ T5280] usb 2-1: config 162 has an invalid interface number: 4 but max is 1 [ 201.890985][ T5288] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 201.924160][ T1068] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 201.926259][ T5280] usb 2-1: config 162 has no interface number 0 [ 201.948085][ T5280] usb 2-1: config 162 has no interface number 1 [ 201.959237][ T5280] usb 2-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 201.959929][ T1068] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 201.980892][ T5280] usb 2-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 201.980942][ T5280] usb 2-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 201.980975][ T5280] usb 2-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 201.981009][ T5280] usb 2-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 201.981089][ T5280] usb 2-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 201.981141][ T5280] usb 2-1: config 162 interface 162 has no altsetting 0 [ 201.981167][ T5280] usb 2-1: config 162 interface 4 has no altsetting 0 [ 201.984201][ T5280] usb 2-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 202.137507][ T1068] bond0 (unregistering): Released all slaves [ 202.142497][ T5280] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.164283][ T5280] usb 2-1: Product: syz [ 202.173942][ T5280] usb 2-1: Manufacturer: syz [ 202.179905][ T5280] usb 2-1: SerialNumber: syz [ 202.314909][ T7035] chnl_net:caif_netlink_parms(): no params data found [ 202.333528][ T5288] usb 4-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 202.368807][ T5288] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.533604][ T5288] usb 4-1: config 0 descriptor?? [ 202.685349][ T5288] pwc: Samsung MPC-C10 USB webcam detected. [ 202.699750][ T5226] Bluetooth: hci1: command tx timeout [ 202.721027][ T5277] pl2303 1-1:162.162: required endpoints missing [ 202.804678][ T7087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 202.831352][ T5277] pl2303 1-1:162.4: required interrupt-in endpoint missing [ 202.872947][ T5288] pwc: send_video_command error -71 [ 202.894071][ T7087] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 202.904409][ T5288] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 202.921148][ T5288] Philips webcam 4-1:0.0: probe with driver Philips webcam failed with error -71 [ 202.928166][ T7087] netlink: 68 bytes leftover after parsing attributes in process `syz.1.468'. [ 202.951836][ T5288] usb 4-1: USB disconnect, device number 26 [ 202.969313][ T5277] usb 1-1: USB disconnect, device number 24 [ 203.468864][ T5288] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 203.628518][ T5280] pl2303 2-1:162.162: required endpoints missing [ 203.682132][ T5280] pl2303 2-1:162.4: required interrupt-in endpoint missing [ 203.703701][ T7035] bridge0: port 1(bridge_slave_0) entered blocking state [ 203.718043][ T5280] usb 2-1: USB disconnect, device number 17 [ 203.762526][ T5288] usb 4-1: New USB device found, idVendor=055d, idProduct=9000, bcdDevice=31.44 [ 203.769099][ T7035] bridge0: port 1(bridge_slave_0) entered disabled state [ 203.841796][ T5288] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.879052][ T7035] bridge_slave_0: entered allmulticast mode [ 203.879737][ T5288] usb 4-1: config 0 descriptor?? [ 203.911865][ T5288] pwc: Samsung MPC-C10 USB webcam detected. [ 203.953553][ T7035] bridge_slave_0: entered promiscuous mode [ 204.064802][ T1068] hsr_slave_0: left promiscuous mode [ 204.086084][ T1068] hsr_slave_1: left promiscuous mode [ 204.120665][ T1068] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 204.160049][ T1068] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 204.195789][ T1068] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 204.240888][ T1068] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 204.329937][ T5288] pwc: recv_control_msg error -32 req 02 val 2b00 [ 204.395130][ T5288] pwc: recv_control_msg error -32 req 02 val 2700 [ 204.430982][ T1068] veth1_macvtap: left promiscuous mode [ 204.454016][ T5288] pwc: recv_control_msg error -32 req 04 val 1700 [ 204.476188][ T5288] pwc: recv_control_msg error -32 req 02 val 2c00 [ 204.478860][ T1068] veth0_macvtap: left promiscuous mode [ 204.494711][ T5288] pwc: recv_control_msg error -32 req 04 val 1000 [ 204.524934][ T1068] veth1_vlan: left promiscuous mode [ 204.529720][ T5288] pwc: recv_control_msg error -32 req 04 val 1300 [ 204.550627][ T5288] pwc: recv_control_msg error -32 req 04 val 1400 [ 204.576549][ T1068] veth0_vlan: left promiscuous mode [ 204.615631][ T5288] pwc: recv_control_msg error -32 req 02 val 2000 [ 204.643908][ T5288] pwc: recv_control_msg error -32 req 02 val 2100 [ 204.689711][ T5288] pwc: recv_control_msg error -32 req 02 val 2200 [ 204.794697][ T5226] Bluetooth: hci1: command tx timeout [ 204.848748][ T5279] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 204.919207][ T5288] pwc: recv_control_msg error -71 req 04 val 1500 [ 204.941073][ T5288] pwc: recv_control_msg error -71 req 02 val 2500 [ 204.969521][ T5288] pwc: recv_control_msg error -71 req 02 val 2400 [ 204.998352][ T5288] pwc: recv_control_msg error -71 req 02 val 2600 [ 205.025949][ T5288] pwc: recv_control_msg error -71 req 02 val 2900 [ 205.060404][ T5279] usb 2-1: not running at top speed; connect to a high speed hub [ 205.093180][ T5288] pwc: recv_control_msg error -71 req 02 val 2800 [ 205.109523][ T5279] usb 2-1: config 95 has an invalid interface number: 1 but max is 0 [ 205.145886][ T5279] usb 2-1: config 95 has no interface number 0 [ 205.171837][ T5288] pwc: recv_control_msg error -71 req 04 val 1100 [ 205.189508][ T5288] pwc: recv_control_msg error -71 req 04 val 1200 [ 205.212322][ T5279] usb 2-1: config 95 interface 1 has no altsetting 0 [ 205.343908][ T5279] usb 2-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice=79.79 [ 205.379480][ T5288] pwc: Registered as video71. [ 205.421205][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 205.459169][ T5288] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input7 [ 205.488654][ T5279] usb 2-1: Product: syz [ 205.522523][ T5279] usb 2-1: Manufacturer: syz [ 205.592949][ T5279] usb 2-1: SerialNumber: syz [ 205.686551][ T5288] usb 4-1: USB disconnect, device number 27 [ 205.820479][ T7115] netlink: 209840 bytes leftover after parsing attributes in process `syz.3.472'. [ 205.941027][ T7115] netlink: 32 bytes leftover after parsing attributes in process `syz.3.472'. [ 206.859466][ T5226] Bluetooth: hci1: command tx timeout [ 207.720197][ T5279] usb 2-1: USB disconnect, device number 18 [ 207.823649][ C1] vkms_vblank_simulate: vblank timer overrun [ 207.975800][ T6686] udevd[6686]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:95.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 208.119065][ T5226] Bluetooth: hci3: ISO packet for unknown connection handle 200 [ 208.178129][ T7126] futex_wake_op: syz.3.477 tries to shift op by -1; fix this program [ 208.317208][ T1068] team0 (unregistering): Port device team_slave_1 removed [ 208.337929][ C1] vkms_vblank_simulate: vblank timer overrun [ 208.436277][ T1068] team0 (unregistering): Port device team_slave_0 removed [ 209.274695][ T7096] netlink: 'syz.0.470': attribute type 21 has an invalid length. [ 209.299501][ T7096] netlink: 128 bytes leftover after parsing attributes in process `syz.0.470'. [ 209.324544][ T7035] bridge0: port 2(bridge_slave_1) entered blocking state [ 209.374277][ T7035] bridge0: port 2(bridge_slave_1) entered disabled state [ 209.390292][ T7035] bridge_slave_1: entered allmulticast mode [ 209.439734][ T7035] bridge_slave_1: entered promiscuous mode [ 209.507721][ T7124] Zero length message leads to an empty skb [ 209.733776][ T7035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 209.765263][ T29] kauditd_printk_skb: 301 callbacks suppressed [ 209.765287][ T29] audit: type=1326 audit(1726828200.579:2214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.3.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 209.867399][ T7035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 209.887089][ T29] audit: type=1326 audit(1726828200.579:2215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.3.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=108 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 210.018855][ T937] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 210.057374][ T29] audit: type=1326 audit(1726828200.579:2216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.3.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 210.163271][ T7035] team0: Port device team_slave_0 added [ 210.200792][ T29] audit: type=1326 audit(1726828200.579:2217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.3.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f35af77c890 code=0x7ffc0000 [ 210.283635][ T7035] team0: Port device team_slave_1 added [ 210.294067][ T29] audit: type=1326 audit(1726828200.579:2218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.3.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f35af77dafb code=0x7ffc0000 [ 210.313262][ T937] usb 4-1: config 0 has an invalid interface number: 182 but max is 0 [ 210.376645][ T29] audit: type=1326 audit(1726828200.579:2219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.3.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f35af77dafb code=0x7ffc0000 [ 210.458774][ T5277] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 210.486076][ T937] usb 4-1: config 0 has no interface number 0 [ 210.512224][ T937] usb 4-1: New USB device found, idVendor=eb1a, idProduct=e350, bcdDevice=f8.fa [ 210.535149][ T29] audit: type=1326 audit(1726828200.639:2220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.3.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f35af77dafb code=0x7ffc0000 [ 210.584205][ T937] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 210.608780][ T5277] usb 2-1: device descriptor read/64, error -71 [ 210.637212][ T7035] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 210.659458][ T7035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.736746][ T937] usb 4-1: config 0 descriptor?? [ 210.755180][ T29] audit: type=1326 audit(1726828200.639:2221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.3.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f35af77dafb code=0x7ffc0000 [ 210.795786][ T7035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 210.820950][ T7035] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 210.820979][ T7035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 210.967541][ T29] audit: type=1326 audit(1726828200.699:2222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.3.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f35af77dafb code=0x7ffc0000 [ 211.008926][ T5277] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 211.015114][ T7035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 211.082381][ T7142] netlink: 'syz.3.481': attribute type 29 has an invalid length. [ 211.110921][ T29] audit: type=1326 audit(1726828200.779:2223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7136 comm="syz.3.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f35af77dafb code=0x7ffc0000 [ 211.171209][ T5277] usb 2-1: device descriptor read/64, error -71 [ 211.289151][ T5279] usb 4-1: USB disconnect, device number 28 [ 211.371082][ T5277] usb usb2-port1: attempt power cycle [ 211.522039][ T7035] hsr_slave_0: entered promiscuous mode [ 211.590326][ T7035] hsr_slave_1: entered promiscuous mode [ 211.628159][ T7035] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 211.708018][ T7035] Cannot create hsr debugfs directory [ 211.778725][ T5277] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 211.829641][ T4617] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 211.844933][ T5277] usb 2-1: device descriptor read/8, error -71 [ 211.887353][ T4617] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 211.906048][ T4617] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 211.920827][ T4617] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 211.940296][ T4617] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 211.952295][ T4617] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 211.984065][ T4617] Bluetooth: hci0: command 0x0406 tx timeout [ 212.108847][ T5277] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 212.193465][ T5277] usb 2-1: device descriptor read/8, error -71 [ 212.352106][ T5277] usb usb2-port1: unable to enumerate USB device [ 212.358247][ T1068] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.666424][ T1068] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 212.847096][ T1068] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.365735][ T1068] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 213.541346][ T5223] Bluetooth: hci0: ISO packet for unknown connection handle 200 [ 213.650840][ T7185] futex_wake_op: syz.1.489 tries to shift op by -1; fix this program [ 213.739031][ T5279] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 213.931957][ T5279] usb 4-1: config 0 has an invalid interface number: 18 but max is 0 [ 213.981934][ T5279] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 214.015366][ T5279] usb 4-1: config 0 has no interface number 0 [ 214.034368][ T5279] usb 4-1: New USB device found, idVendor=054c, idProduct=03d5, bcdDevice= 0.10 [ 214.066752][ T5279] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 214.085425][ T5223] Bluetooth: hci2: command tx timeout [ 214.118857][ T5279] usb 4-1: Manufacturer: syz [ 214.172565][ T5279] usb 4-1: config 0 descriptor?? [ 214.589661][ T5288] hid-generic 0000:0000:0000.0005: unknown main item tag 0x0 [ 214.651361][ T7187] QAT: Device 0 not found [ 214.668045][ T5288] hid-generic 0000:0000:0000.0005: hidraw0: HID v0.00 Device [syz0] on syz1 [ 214.699837][ T5279] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 214.817195][ T4617] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 214.850227][ T4617] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 214.869088][ T4617] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 214.897343][ T4617] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 214.912665][ T4617] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 214.918931][ T5279] usb 2-1: Using ep0 maxpacket: 8 [ 214.931505][ T4617] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 214.982570][ T5279] usb 2-1: config 162 has an invalid interface number: 162 but max is 1 [ 214.999767][ T5279] usb 2-1: config 162 has an invalid interface number: 4 but max is 1 [ 215.017792][ T5279] usb 2-1: config 162 has no interface number 0 [ 215.061377][ T5279] usb 2-1: config 162 has no interface number 1 [ 215.072541][ T5279] usb 2-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 215.111207][ T5279] usb 2-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 215.137742][ T5279] usb 2-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 215.154668][ T5279] usb 2-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 215.173848][ T5279] usb 2-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 215.190332][ T5279] usb 2-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 215.212932][ T5279] usb 2-1: config 162 interface 162 has no altsetting 0 [ 215.222007][ T5279] usb 2-1: config 162 interface 4 has no altsetting 0 [ 215.244676][ T5279] usb 2-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 215.281776][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.310205][ T7167] chnl_net:caif_netlink_parms(): no params data found [ 215.332878][ T5279] usb 2-1: Product: syz [ 215.388659][ T5279] usb 2-1: Manufacturer: syz [ 215.400347][ T5279] usb 2-1: SerialNumber: syz [ 215.482494][ T1068] bridge_slave_1: left allmulticast mode [ 215.498300][ T1068] bridge_slave_1: left promiscuous mode [ 215.515784][ T1068] bridge0: port 2(bridge_slave_1) entered disabled state [ 215.556101][ T1068] bridge_slave_0: left allmulticast mode [ 215.565021][ T1068] bridge_slave_0: left promiscuous mode [ 215.574301][ T1068] bridge0: port 1(bridge_slave_0) entered disabled state [ 215.788991][ T7201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 215.812018][ T7201] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 215.857652][ T7201] netlink: 68 bytes leftover after parsing attributes in process `syz.1.491'. [ 216.140103][ T4617] Bluetooth: hci2: command tx timeout [ 216.919819][ T1068] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 216.955041][ T5288] usb 4-1: USB disconnect, device number 29 [ 216.968942][ T1068] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 217.020364][ T4617] Bluetooth: hci4: command tx timeout [ 217.041306][ T1068] bond0 (unregistering): Released all slaves [ 217.346626][ T5279] pl2303 2-1:162.162: required endpoints missing [ 217.372452][ T5279] pl2303 2-1:162.4: required interrupt-in endpoint missing [ 217.392773][ T5279] usb 2-1: USB disconnect, device number 23 [ 217.779687][ T7167] bridge0: port 1(bridge_slave_0) entered blocking state [ 217.803588][ T7167] bridge0: port 1(bridge_slave_0) entered disabled state [ 217.815803][ T7167] bridge_slave_0: entered allmulticast mode [ 217.836952][ T7167] bridge_slave_0: entered promiscuous mode [ 217.967954][ T7167] bridge0: port 2(bridge_slave_1) entered blocking state [ 218.053162][ T7167] bridge0: port 2(bridge_slave_1) entered disabled state [ 218.082126][ T7167] bridge_slave_1: entered allmulticast mode [ 218.110056][ T7167] bridge_slave_1: entered promiscuous mode [ 218.219265][ T5223] Bluetooth: hci2: command tx timeout [ 218.236552][ T1068] hsr_slave_0: left promiscuous mode [ 218.299160][ T1068] hsr_slave_1: left promiscuous mode [ 218.326732][ T1068] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 218.361982][ T1068] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 218.408081][ T1068] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 218.432110][ T1068] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 218.526144][ T1068] veth1_macvtap: left promiscuous mode [ 218.545773][ T1068] veth0_macvtap: left promiscuous mode [ 218.556428][ T1068] veth1_vlan: left promiscuous mode [ 218.566424][ T1068] veth0_vlan: left promiscuous mode [ 218.798703][ T5280] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 218.838779][ T5277] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 218.938942][ T5280] usb 2-1: device descriptor read/64, error -71 [ 219.001463][ T5277] usb 4-1: too many configurations: 9, using maximum allowed: 8 [ 219.021225][ T5277] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 219.037780][ T5277] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 219.061318][ T5277] usb 4-1: config 0 interface 0 has no altsetting 0 [ 219.095908][ T5277] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 219.106947][ T5223] Bluetooth: hci4: command tx timeout [ 219.129878][ T5277] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 219.154563][ T5277] usb 4-1: config 0 interface 0 has no altsetting 0 [ 219.164878][ T5277] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 219.180858][ T5277] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 219.201558][ T5277] usb 4-1: config 0 interface 0 has no altsetting 0 [ 219.202201][ T5280] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 219.259564][ T5277] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 219.278861][ T5277] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 219.314126][ T5277] usb 4-1: config 0 interface 0 has no altsetting 0 [ 219.325818][ T5277] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 219.352876][ T5277] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 219.370099][ T5277] usb 4-1: config 0 interface 0 has no altsetting 0 [ 219.372976][ T5280] usb 2-1: device descriptor read/64, error -71 [ 219.393167][ T5277] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 219.404708][ T5277] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 219.436486][ T5277] usb 4-1: config 0 interface 0 has no altsetting 0 [ 219.446889][ T5277] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 219.462434][ T5277] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 219.479269][ T5277] usb 4-1: config 0 interface 0 has no altsetting 0 [ 219.493631][ T5277] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 219.509929][ T5277] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 219.519085][ T5280] usb usb2-port1: attempt power cycle [ 219.530787][ T5277] usb 4-1: config 0 interface 0 has no altsetting 0 [ 219.534049][ T5277] usb 4-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 219.568485][ T5277] usb 4-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 219.591735][ T5277] usb 4-1: Product: syz [ 219.603611][ T5277] usb 4-1: Manufacturer: syz [ 219.608487][ T5277] usb 4-1: SerialNumber: syz [ 219.614141][ T1068] team0 (unregistering): Port device team_slave_1 removed [ 219.626743][ T5277] usb 4-1: config 0 descriptor?? [ 219.711347][ T5277] yurex 4-1:0.0: USB YUREX device now attached to Yurex #0 [ 219.725777][ T1068] team0 (unregistering): Port device team_slave_0 removed [ 219.927099][ T5280] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 219.958041][ C0] usb 4-1: yurex_control_callback - control failed: -71 [ 219.958688][ T5288] usb 4-1: USB disconnect, device number 30 [ 219.983709][ T5280] usb 2-1: device descriptor read/8, error -71 [ 220.003835][ T5288] yurex 4-1:0.0: USB YUREX #0 now disconnected [ 220.249211][ T5280] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 220.312704][ T5280] usb 2-1: device descriptor read/8, error -71 [ 220.326421][ T5223] Bluetooth: hci2: command tx timeout [ 220.444926][ T5280] usb usb2-port1: unable to enumerate USB device [ 220.785080][ T7207] chnl_net:caif_netlink_parms(): no params data found [ 220.824954][ T7167] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 220.854335][ T7167] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 220.995412][ T7035] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 221.045600][ T7035] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 221.159398][ T7035] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 221.181158][ T5223] Bluetooth: hci4: command tx timeout [ 221.278400][ T7167] team0: Port device team_slave_0 added [ 221.298310][ T7035] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 221.368146][ T7167] team0: Port device team_slave_1 added [ 221.606308][ T7167] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 221.671444][ T7167] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 221.787738][ T7167] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 221.899728][ T7167] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 221.998323][ T7167] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 222.085316][ T7167] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 222.121383][ T7207] bridge0: port 1(bridge_slave_0) entered blocking state [ 222.150988][ T7207] bridge0: port 1(bridge_slave_0) entered disabled state [ 222.197356][ T7207] bridge_slave_0: entered allmulticast mode [ 222.254762][ T7207] bridge_slave_0: entered promiscuous mode [ 222.294610][ T7207] bridge0: port 2(bridge_slave_1) entered blocking state [ 222.326581][ T7207] bridge0: port 2(bridge_slave_1) entered disabled state [ 222.367143][ T7207] bridge_slave_1: entered allmulticast mode [ 222.435085][ T7207] bridge_slave_1: entered promiscuous mode [ 222.493415][ T7244] netlink: 'syz.1.498': attribute type 21 has an invalid length. [ 222.506579][ T7244] netlink: 128 bytes leftover after parsing attributes in process `syz.1.498'. [ 222.675472][ T7207] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 222.706550][ T7207] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 223.009441][ T7207] team0: Port device team_slave_0 added [ 223.051160][ T7207] team0: Port device team_slave_1 added [ 223.114900][ T7167] hsr_slave_0: entered promiscuous mode [ 223.167267][ T7167] hsr_slave_1: entered promiscuous mode [ 223.176836][ T7167] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 223.200108][ T7167] Cannot create hsr debugfs directory [ 223.259355][ T5223] Bluetooth: hci4: command tx timeout [ 223.359637][ T7207] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 223.378771][ T5276] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 223.398713][ T7207] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 223.496142][ T7207] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 223.555580][ T7207] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 223.584337][ T7207] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 223.636732][ T7207] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 223.668738][ T5276] usb 2-1: Using ep0 maxpacket: 16 [ 223.701017][ T5276] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 223.716067][ T5276] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 223.733951][ T5276] usb 2-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00 [ 223.789075][ T5276] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.852092][ T5276] usb 2-1: config 0 descriptor?? [ 223.974242][ T1068] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.078910][ T5279] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 224.093882][ T5276] usbhid 2-1:0.0: can't add hid device: -71 [ 224.116936][ T5276] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 224.151457][ T5276] usb 2-1: USB disconnect, device number 28 [ 224.235200][ T1068] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.278894][ T5279] usb 4-1: Using ep0 maxpacket: 8 [ 224.295622][ T5279] usb 4-1: config 162 has an invalid interface number: 162 but max is 1 [ 224.328793][ T5279] usb 4-1: config 162 has an invalid interface number: 4 but max is 1 [ 224.358011][ T5279] usb 4-1: config 162 has no interface number 0 [ 224.375700][ T5279] usb 4-1: config 162 has no interface number 1 [ 224.386400][ T7207] hsr_slave_0: entered promiscuous mode [ 224.387023][ T5279] usb 4-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 224.414564][ T7207] hsr_slave_1: entered promiscuous mode [ 224.422128][ T5279] usb 4-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 224.441355][ C1] vkms_vblank_simulate: vblank timer overrun [ 224.454776][ T5279] usb 4-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 224.458902][ T7207] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 224.474065][ T5279] usb 4-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 224.514566][ T5279] usb 4-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 224.528987][ T7207] Cannot create hsr debugfs directory [ 224.586819][ T5279] usb 4-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 224.614071][ C1] vkms_vblank_simulate: vblank timer overrun [ 224.676743][ T1068] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 224.706909][ T5279] usb 4-1: config 162 interface 162 has no altsetting 0 [ 224.717273][ T5279] usb 4-1: config 162 interface 4 has no altsetting 0 [ 224.766905][ T5279] usb 4-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 224.790100][ T5279] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 224.803194][ T5279] usb 4-1: Product: syz [ 224.813536][ T5279] usb 4-1: Manufacturer: syz [ 224.822937][ T5279] usb 4-1: SerialNumber: syz [ 225.005566][ T1068] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 225.126414][ T7035] 8021q: adding VLAN 0 to HW filter on device bond0 [ 225.225186][ T7306] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 225.279837][ T7306] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 225.336164][ T7306] netlink: 68 bytes leftover after parsing attributes in process `syz.3.504'. [ 225.407799][ T7035] 8021q: adding VLAN 0 to HW filter on device team0 [ 225.804577][ T6834] bridge0: port 1(bridge_slave_0) entered blocking state [ 225.815399][ T6834] bridge0: port 1(bridge_slave_0) entered forwarding state [ 225.969003][ T1068] bridge_slave_1: left allmulticast mode [ 226.011222][ T1068] bridge_slave_1: left promiscuous mode [ 226.060048][ T1068] bridge0: port 2(bridge_slave_1) entered disabled state [ 226.161277][ T1068] bridge_slave_0: left allmulticast mode [ 226.180544][ T1068] bridge_slave_0: left promiscuous mode [ 226.197926][ T1068] bridge0: port 1(bridge_slave_0) entered disabled state [ 226.534493][ T7318] FAULT_INJECTION: forcing a failure. [ 226.534493][ T7318] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 226.559895][ T7318] CPU: 0 UID: 0 PID: 7318 Comm: syz.1.507 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 226.577054][ T7318] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 226.591152][ T7318] Call Trace: [ 226.597026][ T7318] [ 226.600716][ T7318] dump_stack_lvl+0x241/0x360 [ 226.606373][ T7318] ? __pfx_dump_stack_lvl+0x10/0x10 [ 226.616020][ T7318] ? __pfx__printk+0x10/0x10 [ 226.623166][ T7318] ? snprintf+0xda/0x120 [ 226.630024][ T7318] should_fail_ex+0x3b0/0x4e0 [ 226.638019][ T7318] _copy_to_user+0x2f/0xb0 [ 226.644547][ T7318] simple_read_from_buffer+0xca/0x150 [ 226.653602][ T7318] proc_fail_nth_read+0x1e9/0x250 [ 226.660887][ T7318] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 226.668707][ T7318] ? rw_verify_area+0x55e/0x6f0 [ 226.678929][ T7318] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 226.688474][ T7318] vfs_read+0x201/0xbc0 [ 226.693750][ T7318] ? __pfx_lock_release+0x10/0x10 [ 226.702816][ T7318] ? __pfx_vfs_read+0x10/0x10 [ 226.713698][ T7318] ? __fget_files+0x3f3/0x470 [ 226.722229][ T7318] ? __fdget_pos+0x24e/0x320 [ 226.730201][ T7318] ksys_read+0x1a0/0x2c0 [ 226.736006][ T7318] ? __pfx_ksys_read+0x10/0x10 [ 226.745018][ T7318] ? do_syscall_64+0x100/0x230 [ 226.753124][ T7318] ? do_syscall_64+0xb6/0x230 [ 226.759022][ T7318] do_syscall_64+0xf3/0x230 [ 226.764986][ T7318] ? clear_bhb_loop+0x35/0x90 [ 226.772217][ T7318] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.781589][ T7318] RIP: 0033:0x7fbc3097c93c [ 226.789922][ T7318] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 226.818126][ T7318] RSP: 002b:00007fbc31757030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 226.828620][ T7318] RAX: ffffffffffffffda RBX: 00007fbc30b35f80 RCX: 00007fbc3097c93c [ 226.837756][ T7318] RDX: 000000000000000f RSI: 00007fbc317570a0 RDI: 0000000000000005 [ 226.847850][ T7318] RBP: 00007fbc31757090 R08: 0000000000000000 R09: 0000000000000000 [ 226.866780][ T7318] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.879313][ T7318] R13: 0000000000000000 R14: 00007fbc30b35f80 R15: 00007fbc30c5fa28 [ 226.890218][ T7318] [ 227.533483][ T1068] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 227.556277][ T1068] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 227.576378][ T1068] bond0 (unregistering): Released all slaves [ 227.621195][ T6841] bridge0: port 2(bridge_slave_1) entered blocking state [ 227.630326][ T6841] bridge0: port 2(bridge_slave_1) entered forwarding state [ 227.694711][ T5279] pl2303 4-1:162.162: required endpoints missing [ 227.737575][ T5279] pl2303 4-1:162.4: required interrupt-in endpoint missing [ 227.784072][ T5279] usb 4-1: USB disconnect, device number 31 [ 227.906114][ T29] kauditd_printk_skb: 58 callbacks suppressed [ 227.906139][ T29] audit: type=1326 audit(1726828218.719:2282): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7327 comm="syz.3.510" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x0 [ 228.050164][ T7167] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 228.240896][ T7167] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 228.298175][ T7167] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 228.489548][ T7167] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 228.622223][ T1068] hsr_slave_0: left promiscuous mode [ 228.643842][ T1068] hsr_slave_1: left promiscuous mode [ 228.655138][ T1068] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 228.685620][ T1068] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 228.718225][ T1068] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 228.747324][ T1068] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 228.784794][ T1068] veth1_macvtap: left promiscuous mode [ 228.794818][ T1068] veth0_macvtap: left promiscuous mode [ 228.802875][ T1068] veth1_vlan: left promiscuous mode [ 228.822566][ T1068] veth0_vlan: left promiscuous mode [ 228.948974][ T5224] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 229.157616][ T5224] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 229.185953][ T5224] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 229.222454][ T5224] usb 2-1: Product: syz [ 229.248638][ T5224] usb 2-1: Manufacturer: syz [ 229.258083][ T5224] usb 2-1: SerialNumber: syz [ 229.303804][ T5224] usb 2-1: config 0 descriptor?? [ 229.330629][ T5224] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 230.048996][ T5224] gspca_sunplus: reg_w_riv err -110 [ 230.055066][ T5224] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 230.963999][ T1068] team0 (unregistering): Port device team_slave_1 removed [ 231.057633][ T1068] team0 (unregistering): Port device team_slave_0 removed [ 232.060623][ T5276] usb 2-1: USB disconnect, device number 29 [ 232.085373][ T7035] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 232.284741][ T29] audit: type=1326 audit(1726828223.089:2283): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 232.343938][ T29] audit: type=1326 audit(1726828223.089:2284): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 232.384023][ T29] audit: type=1326 audit(1726828223.149:2285): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 232.430122][ T29] audit: type=1326 audit(1726828223.149:2286): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 232.572056][ T29] audit: type=1326 audit(1726828223.149:2287): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 232.695688][ T29] audit: type=1326 audit(1726828223.149:2288): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=64 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 232.731627][ T29] audit: type=1326 audit(1726828223.149:2289): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 232.791167][ T7207] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 232.813980][ T29] audit: type=1326 audit(1726828223.149:2290): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 232.877715][ T29] audit: type=1326 audit(1726828223.149:2291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 232.975339][ T29] audit: type=1326 audit(1726828223.149:2292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 233.112227][ T29] audit: type=1326 audit(1726828223.149:2293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 233.183090][ T7207] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 233.239232][ T29] audit: type=1326 audit(1726828223.159:2294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 233.276819][ T29] audit: type=1326 audit(1726828223.159:2295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 233.355358][ T7207] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 233.431680][ T29] audit: type=1326 audit(1726828223.159:2296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 233.473857][ T29] audit: type=1326 audit(1726828223.159:2297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 233.510501][ T29] audit: type=1326 audit(1726828223.159:2298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=295 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 233.543618][ T29] audit: type=1326 audit(1726828223.199:2299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f35af774ea7 code=0x7ffc0000 [ 233.578422][ T29] audit: type=1326 audit(1726828223.199:2300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f35af719879 code=0x7ffc0000 [ 233.624442][ T29] audit: type=1326 audit(1726828223.199:2301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7387 comm="syz.3.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=39 compat=0 ip=0x7f35af774ea7 code=0x7ffc0000 [ 233.805405][ T7167] 8021q: adding VLAN 0 to HW filter on device bond0 [ 233.879527][ T7207] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 233.934425][ T7035] veth0_vlan: entered promiscuous mode [ 233.998117][ T7035] veth1_vlan: entered promiscuous mode [ 234.185436][ T7167] 8021q: adding VLAN 0 to HW filter on device team0 [ 234.299687][ T6841] bridge0: port 1(bridge_slave_0) entered blocking state [ 234.315363][ T6841] bridge0: port 1(bridge_slave_0) entered forwarding state [ 234.401664][ T6841] bridge0: port 2(bridge_slave_1) entered blocking state [ 234.412670][ T6841] bridge0: port 2(bridge_slave_1) entered forwarding state [ 234.613849][ T7035] veth0_macvtap: entered promiscuous mode [ 234.660322][ T5223] Bluetooth: hci3: ISO packet for unknown connection handle 200 [ 234.793841][ T7422] futex_wake_op: syz.3.519 tries to shift op by -1; fix this program [ 234.804331][ T7035] veth1_macvtap: entered promiscuous mode [ 234.843589][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.864930][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.877618][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 234.901055][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.921568][ T7035] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 234.937555][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.954743][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 234.968694][ T7035] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 234.990927][ T7035] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 235.008078][ T7035] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 235.024268][ T7035] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.039841][ T7035] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.052508][ T7035] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.068648][ T7035] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 235.164815][ T7167] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 235.189478][ T7167] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 235.480351][ T2578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.569736][ T2578] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.702311][ T6829] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 235.718681][ T6829] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 235.732045][ T7167] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 235.854808][ T7207] 8021q: adding VLAN 0 to HW filter on device bond0 [ 235.941990][ T7432] trusted_key: syz.4.454 sent an empty control message without MSG_MORE. [ 235.997269][ T7207] 8021q: adding VLAN 0 to HW filter on device team0 [ 236.123174][ T3013] bridge0: port 1(bridge_slave_0) entered blocking state [ 236.133435][ T3013] bridge0: port 1(bridge_slave_0) entered forwarding state [ 236.199735][ T3013] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.208696][ T3013] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.367537][ T7167] veth0_vlan: entered promiscuous mode [ 236.397606][ T7167] veth1_vlan: entered promiscuous mode [ 236.694592][ T7167] veth0_macvtap: entered promiscuous mode [ 236.769737][ T7167] veth1_macvtap: entered promiscuous mode [ 236.905590][ T7207] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 236.952183][ T7167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.018853][ T7167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.077401][ T7167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.114467][ T7167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.135686][ T7167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 237.158578][ T7167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.197014][ T7167] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 237.298771][ T937] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 237.385058][ T7167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 237.428936][ T7167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.448804][ T7167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 237.466000][ T7167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.485548][ T937] usb 5-1: Using ep0 maxpacket: 8 [ 237.485577][ T7167] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 237.515872][ T7167] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 237.550999][ T937] usb 5-1: config 162 has an invalid interface number: 162 but max is 1 [ 237.553500][ T7167] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 237.656117][ T937] usb 5-1: config 162 has an invalid interface number: 4 but max is 1 [ 237.661938][ T7167] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.687848][ T937] usb 5-1: config 162 has no interface number 0 [ 237.748971][ T7167] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.772137][ T7167] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.787394][ T7167] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 237.813791][ T937] usb 5-1: config 162 has no interface number 1 [ 237.874189][ T7207] veth0_vlan: entered promiscuous mode [ 237.880254][ T937] usb 5-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 237.937962][ T7207] veth1_vlan: entered promiscuous mode [ 237.978825][ T937] usb 5-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 238.047782][ T937] usb 5-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 238.072009][ T937] usb 5-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 238.094613][ T937] usb 5-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 238.126980][ T937] usb 5-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 238.170042][ T2578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.192266][ T2578] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.241265][ T937] usb 5-1: config 162 interface 162 has no altsetting 0 [ 238.296643][ T937] usb 5-1: config 162 interface 4 has no altsetting 0 [ 238.313926][ T937] usb 5-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 238.336091][ T937] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.352031][ T937] usb 5-1: Product: syz [ 238.373882][ T937] usb 5-1: Manufacturer: syz [ 238.397128][ T937] usb 5-1: SerialNumber: syz [ 238.431220][ T3013] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 238.482329][ T7207] veth0_macvtap: entered promiscuous mode [ 238.485709][ T3013] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 238.553759][ T7207] veth1_macvtap: entered promiscuous mode [ 238.682170][ T7207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.768688][ T7207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.851320][ T7207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.888509][ T7207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 238.915314][ T7207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 238.939370][ T7207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.028922][ T7207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 239.069192][ T7472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 239.164149][ T7207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.261311][ T7207] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 239.268980][ T5276] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 239.284934][ T7472] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 239.435230][ T7474] (unnamed net_device) (uninitialized): ARP target 1.0.0.0 is already present [ 239.514514][ T7474] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (1) [ 239.556563][ T7207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.648169][ T7207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.690539][ T7207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.716535][ T7207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.733945][ T7207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.765336][ T7207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.797710][ T7207] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 239.829149][ T7207] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 239.881504][ T7207] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 239.993699][ T7207] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.023420][ T7207] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.038709][ T7207] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.063136][ T937] pl2303 5-1:162.162: required endpoints missing [ 240.103680][ T7207] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 240.126763][ T937] pl2303 5-1:162.4: required interrupt-in endpoint missing [ 240.195649][ T937] usb 5-1: USB disconnect, device number 24 [ 240.353995][ T7484] netlink: 8 bytes leftover after parsing attributes in process `syz.2.531'. [ 240.414914][ T2578] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.446851][ T2578] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.485377][ T2578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 240.497823][ T2578] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 240.693236][ T5223] Bluetooth: hci3: ISO packet for unknown connection handle 200 [ 241.158963][ T5280] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 241.197687][ T7505] vivid-003: ================= START STATUS ================= [ 241.210484][ T7505] vivid-003: Radio HW Seek Mode: Bounded [ 241.223295][ T7505] vivid-003: Radio Programmable HW Seek: false [ 241.245705][ T7505] vivid-003: RDS Rx I/O Mode: Block I/O [ 241.281858][ T7505] vivid-003: Generate RBDS Instead of RDS: false [ 241.307660][ T7505] vivid-003: RDS Reception: true [ 241.317278][ T7505] vivid-003: RDS Program Type: 0 inactive [ 241.325489][ T5280] usb 5-1: Using ep0 maxpacket: 16 [ 241.333429][ T7505] vivid-003: RDS PS Name: inactive [ 241.343609][ T7505] vivid-003: RDS Radio Text: inactive [ 241.357388][ T7505] vivid-003: RDS Traffic Announcement: false inactive [ 241.369667][ T7505] vivid-003: RDS Traffic Program: false inactive [ 241.385227][ T7505] vivid-003: RDS Music: [ 241.385613][ T5280] usb 5-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 241.422782][ T7505] false inactive [ 241.435571][ T5280] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.449502][ T7505] vivid-003: ================== END STATUS ================== [ 241.478397][ T5280] usb 5-1: Product: syz [ 241.509506][ T5280] usb 5-1: Manufacturer: syz [ 241.534774][ T5280] usb 5-1: SerialNumber: syz [ 241.595582][ T5280] usb 5-1: config 0 descriptor?? [ 241.661962][ T5280] appledisplay 5-1:0.0: Could not find int-in endpoint [ 241.712250][ T5280] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 241.917921][ T7524] netlink: 'syz.0.543': attribute type 1 has an invalid length. [ 241.935185][ T5277] usb 5-1: USB disconnect, device number 25 [ 242.332932][ T7538] coredump: 13(syz.0.546): written to core: VMAs: 3, size 4096; core: 2771 bytes, pos 8192 [ 242.508822][ T5280] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 242.720010][ T5280] usb 2-1: Using ep0 maxpacket: 8 [ 242.730875][ T5280] usb 2-1: config 162 has an invalid interface number: 162 but max is 1 [ 242.763563][ T5280] usb 2-1: config 162 has an invalid interface number: 4 but max is 1 [ 242.785714][ T5280] usb 2-1: config 162 has no interface number 0 [ 242.819977][ T5280] usb 2-1: config 162 has no interface number 1 [ 242.833349][ T7548] syz.2.551 uses obsolete (PF_INET,SOCK_PACKET) [ 242.844214][ T5280] usb 2-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 242.875737][ T5280] usb 2-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 242.908255][ T5280] usb 2-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 242.929552][ T5280] usb 2-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 242.958649][ T5280] usb 2-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 242.989348][ T5280] usb 2-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 243.013892][ T5280] usb 2-1: config 162 interface 162 has no altsetting 0 [ 243.037298][ T5280] usb 2-1: config 162 interface 4 has no altsetting 0 [ 243.052641][ T5280] usb 2-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 243.068165][ T5280] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 243.082113][ T5280] usb 2-1: Product: syz [ 243.088606][ T5280] usb 2-1: Manufacturer: syz [ 243.093496][ T5280] usb 2-1: SerialNumber: syz [ 243.121873][ T7551] netlink: 116 bytes leftover after parsing attributes in process `syz.2.552'. [ 243.469528][ T7552] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 243.497710][ T7552] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 243.743365][ T29] kauditd_printk_skb: 144 callbacks suppressed [ 243.743390][ T29] audit: type=1326 audit(1726828234.559:2446): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7555 comm="syz.3.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 243.968032][ T29] audit: type=1326 audit(1726828234.559:2447): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7555 comm="syz.3.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 244.015680][ T7561] input: syz1 as /devices/virtual/input/input8 [ 244.057400][ T5280] pl2303 2-1:162.162: required endpoints missing [ 244.085424][ T5280] pl2303 2-1:162.4: required interrupt-in endpoint missing [ 244.109528][ T5280] usb 2-1: USB disconnect, device number 30 [ 244.163637][ T29] audit: type=1326 audit(1726828234.629:2448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7555 comm="syz.3.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 244.224851][ T7564] netlink: 'syz.3.554': attribute type 8 has an invalid length. [ 244.315222][ T29] audit: type=1326 audit(1726828234.629:2449): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7555 comm="syz.3.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 244.529430][ T5277] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 244.718703][ T29] audit: type=1326 audit(1726828234.629:2450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7555 comm="syz.3.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 244.759014][ T5277] usb 5-1: Using ep0 maxpacket: 8 [ 244.767297][ T29] audit: type=1326 audit(1726828234.629:2451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7555 comm="syz.3.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 244.812980][ T29] audit: type=1326 audit(1726828234.639:2452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7555 comm="syz.3.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 244.856595][ T5277] usb 5-1: config 0 has an invalid interface number: 0 but max is -1 [ 244.904221][ T5277] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 244.960717][ T29] audit: type=1326 audit(1726828234.639:2453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7555 comm="syz.3.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 245.040991][ T5277] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 245.064449][ T29] audit: type=1326 audit(1726828234.639:2454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7555 comm="syz.3.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f35af77def9 code=0x7ffc0000 [ 245.131398][ T5277] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 245.166770][ T29] audit: type=1326 audit(1726828234.659:2455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7555 comm="syz.3.554" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f35af77c9df code=0x7ffc0000 [ 245.174968][ T5277] usb 5-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 245.366904][ T5277] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 245.463396][ T5277] usb 5-1: config 0 descriptor?? [ 245.905860][ T5277] hid-picolcd 0003:04D8:F002.0006: unknown main item tag 0x0 [ 245.926533][ T5277] hid-picolcd 0003:04D8:F002.0006: unknown main item tag 0x0 [ 245.956159][ T5277] hid-picolcd 0003:04D8:F002.0006: unknown main item tag 0x0 [ 246.004008][ T5277] hid-picolcd 0003:04D8:F002.0006: unknown main item tag 0x0 [ 246.024739][ T5277] hid-picolcd 0003:04D8:F002.0006: unknown main item tag 0x0 [ 246.142522][ T5277] hid-picolcd 0003:04D8:F002.0006: No report with id 0xf3 found [ 246.204671][ T5277] hid-picolcd 0003:04D8:F002.0006: No report with id 0xf4 found [ 246.231937][ T5280] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 246.259195][ T5277] usb 5-1: USB disconnect, device number 26 [ 246.446201][ T5280] usb 3-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 246.465316][ T5280] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 246.486176][ T5280] usb 3-1: Product: syz [ 246.502881][ T5280] usb 3-1: Manufacturer: syz [ 246.512547][ T5280] usb 3-1: SerialNumber: syz [ 246.524192][ T7595] Invalid logical block size (1011) [ 246.525082][ T5280] usb 3-1: config 0 descriptor?? [ 246.551155][ T5280] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 246.766563][ T5280] usb 3-1: USB disconnect, device number 18 [ 247.373965][ T5280] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 247.549048][ T5280] usb 2-1: Using ep0 maxpacket: 8 [ 247.581862][ T5280] usb 2-1: config 162 has an invalid interface number: 162 but max is 1 [ 247.608658][ T5280] usb 2-1: config 162 has an invalid interface number: 4 but max is 1 [ 247.652659][ T5280] usb 2-1: config 162 has no interface number 0 [ 247.665370][ T5280] usb 2-1: config 162 has no interface number 1 [ 247.686069][ T5280] usb 2-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 247.712497][ T5288] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 247.738191][ T5280] usb 2-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 247.756883][ T5280] usb 2-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 247.806803][ T5280] usb 2-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 247.828160][ T5280] usb 2-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 247.854604][ T5280] usb 2-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 247.891827][ T5223] Bluetooth: hci3: ISO packet for unknown connection handle 200 [ 247.904616][ T5288] usb 1-1: Using ep0 maxpacket: 8 [ 247.929931][ T5280] usb 2-1: config 162 interface 162 has no altsetting 0 [ 247.931027][ T5288] usb 1-1: config 162 has an invalid interface number: 162 but max is 1 [ 247.955843][ T5280] usb 2-1: config 162 interface 4 has no altsetting 0 [ 247.967405][ T5288] usb 1-1: config 162 has an invalid interface number: 4 but max is 1 [ 247.982469][ T5288] usb 1-1: config 162 has no interface number 0 [ 247.991191][ T5288] usb 1-1: config 162 has no interface number 1 [ 248.009574][ T5288] usb 1-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 248.029896][ T5280] usb 2-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 248.046231][ T5280] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.056479][ T5288] usb 1-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 248.070787][ T5280] usb 2-1: Product: syz [ 248.078442][ T5280] usb 2-1: Manufacturer: syz [ 248.086261][ T5288] usb 1-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 248.102362][ T5280] usb 2-1: SerialNumber: syz [ 248.129641][ T5288] usb 1-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 248.173421][ T5288] usb 1-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 248.201598][ T5288] usb 1-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 248.246697][ T5288] usb 1-1: config 162 interface 162 has no altsetting 0 [ 248.293150][ T5288] usb 1-1: config 162 interface 4 has no altsetting 0 [ 248.334432][ T5288] usb 1-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 248.359842][ T5288] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 248.426339][ T5288] usb 1-1: Product: syz [ 248.449714][ T5288] usb 1-1: Manufacturer: syz [ 248.466314][ T5288] usb 1-1: SerialNumber: syz [ 248.508402][ T7633] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 248.556097][ T7633] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 248.760684][ T7613] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 248.812222][ T7613] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 248.894257][ T5288] pl2303 1-1:162.162: required endpoints missing [ 248.965823][ T5288] pl2303 1-1:162.4: required interrupt-in endpoint missing [ 249.037104][ T5288] usb 1-1: USB disconnect, device number 25 [ 249.051534][ T5280] pl2303 2-1:162.162: required endpoints missing [ 249.075979][ T5280] pl2303 2-1:162.4: required interrupt-in endpoint missing [ 249.113409][ T5280] usb 2-1: USB disconnect, device number 31 [ 249.746452][ T7643] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 250.207252][ T5223] Bluetooth: hci0: ISO packet for unknown connection handle 200 [ 250.581520][ T5280] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 250.739567][ T5280] usb 2-1: Using ep0 maxpacket: 8 [ 250.758228][ T5280] usb 2-1: config 162 has an invalid interface number: 162 but max is 1 [ 250.773640][ T5280] usb 2-1: config 162 has an invalid interface number: 4 but max is 1 [ 250.788217][ T5280] usb 2-1: config 162 has no interface number 0 [ 250.803757][ T5280] usb 2-1: config 162 has no interface number 1 [ 250.824791][ T5280] usb 2-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 250.868657][ T5280] usb 2-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 250.885906][ T5280] usb 2-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 250.916114][ T5280] usb 2-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 250.938049][ T5280] usb 2-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 250.958253][ T5280] usb 2-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 250.987542][ T5280] usb 2-1: config 162 interface 162 has no altsetting 0 [ 250.992770][ T937] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 251.008809][ T5280] usb 2-1: config 162 interface 4 has no altsetting 0 [ 251.031556][ T5280] usb 2-1: New USB device found, idVendor=079b, idProduct=0027, bcdDevice=69.9c [ 251.031605][ T5280] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.031634][ T5280] usb 2-1: Product: syz [ 251.031655][ T5280] usb 2-1: Manufacturer: syz [ 251.031676][ T5280] usb 2-1: SerialNumber: syz [ 251.189091][ T937] usb 1-1: Using ep0 maxpacket: 8 [ 251.206484][ T937] usb 1-1: config 162 has an invalid interface number: 162 but max is 1 [ 251.228099][ T937] usb 1-1: config 162 has an invalid interface number: 4 but max is 1 [ 251.247595][ T937] usb 1-1: config 162 has no interface number 0 [ 251.265326][ T7663] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 251.266317][ T937] usb 1-1: config 162 has no interface number 1 [ 251.306624][ T937] usb 1-1: config 162 interface 162 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 251.329336][ T7663] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 251.346039][ T937] usb 1-1: config 162 interface 4 altsetting 1 has a duplicate endpoint with address 0x9, skipping [ 251.396028][ T937] usb 1-1: config 162 interface 4 altsetting 1 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 251.419179][ C1] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:2. Sending cookies. [ 251.423110][ T5224] usb 4-1: new full-speed USB device number 33 using dummy_hcd [ 251.462685][ T937] usb 1-1: config 162 interface 4 altsetting 1 endpoint 0x86 has invalid maxpacket 23105, setting to 1024 [ 251.469384][ T5280] pl2303 2-1:162.162: required endpoints missing [ 251.534541][ T5280] pl2303 2-1:162.4: required interrupt-in endpoint missing [ 251.562955][ T5280] usb 2-1: USB disconnect, device number 32 [ 251.675739][ T5224] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 251.699020][ T937] usb 1-1: config 162 interface 4 altsetting 1 bulk endpoint 0x86 has invalid maxpacket 1024 [ 251.716018][ T5224] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 251.764502][ T937] usb 1-1: config 162 interface 4 altsetting 1 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 251.821360][ T5224] usb 4-1: New USB device found, idVendor=468c, idProduct=90ea, bcdDevice=99.6d [ 251.849661][ T5224] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.862052][ T937] usb 1-1: config 162 interface 162 has no altsetting 0 [ 251.876606][ T7687] ------------[ cut here ]------------ [ 251.885523][ T7687] WARNING: CPU: 0 PID: 7687 at include/linux/cpumask.h:135 io_sq_offload_create+0xd2f/0xfd0 [ 251.897088][ T7687] Modules linked in: [ 251.902551][ T7687] CPU: 0 UID: 0 PID: 7687 Comm: syz.4.600 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 251.921277][ T7687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 251.939583][ T7687] RIP: 0010:io_sq_offload_create+0xd2f/0xfd0 [ 251.951499][ T7687] Code: 3e f6 e9 57 f4 ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a2 f3 ff ff 48 89 df e8 1c 13 3e f6 e9 95 f3 ff ff e8 e2 89 d6 f5 90 <0f> 0b 90 e9 f3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 4c [ 251.985928][ T7687] RSP: 0018:ffffc90002f9fc40 EFLAGS: 00010287 [ 251.999137][ T7687] RAX: ffffffff8bbe353e RBX: ffffc90002f9fe0c RCX: 0000000000040000 [ 252.011593][ T7687] RDX: ffffc9000e5f9000 RSI: 0000000000001e7c RDI: 0000000000001e7d [ 252.024785][ T7687] RBP: ffffc90002f9fd40 R08: ffffffff8bbe322b R09: 1ffffffff2038b55 [ 252.034138][ T7687] R10: dffffc0000000000 R11: fffffbfff2038b56 R12: ffff88802f27c000 [ 252.047553][ T7687] R13: 0000000000004003 R14: 1ffff920005f3f94 R15: ffffc90002f9fcc0 [ 252.066272][ T7687] FS: 00007fee3e7ff6c0(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 [ 252.081591][ T7687] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 252.093757][ T7687] CR2: 00007fee3e7ffd58 CR3: 000000007b976000 CR4: 00000000003506f0 [ 252.108152][ T7687] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 252.121421][ T7687] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 252.134399][ T7687] Call Trace: [ 252.138363][ T7687] [ 252.145784][ T7687] ? __warn+0x168/0x4e0 [ 252.151297][ T7687] ? io_sq_offload_create+0xd2f/0xfd0 [ 252.159233][ T7687] ? report_bug+0x2b3/0x500 [ 252.166693][ T7687] ? io_sq_offload_create+0xd2f/0xfd0 [ 252.176360][ T7687] ? handle_bug+0x60/0x90 [ 252.182270][ T7687] ? exc_invalid_op+0x1a/0x50 [ 252.189952][ T7687] ? asm_exc_invalid_op+0x1a/0x20 [ 252.197441][ T7687] ? io_sq_offload_create+0xa1b/0xfd0 [ 252.205645][ T7687] ? io_sq_offload_create+0xd2e/0xfd0 [ 252.213970][ T7687] ? io_sq_offload_create+0xd2f/0xfd0 [ 252.221925][ T7687] ? __pfx_io_sq_offload_create+0x10/0x10 [ 252.231108][ T7687] ? io_allocate_scq_urings+0x426/0x640 [ 252.240239][ T7687] io_uring_create+0x792/0x1360 [ 252.251666][ T7687] __se_sys_io_uring_setup+0x2ba/0x330 [ 252.265357][ T7687] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 252.278541][ T7687] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 252.287121][ T7687] ? exc_page_fault+0x590/0x8c0 [ 252.294951][ T7687] ? do_syscall_64+0xb6/0x230 [ 252.305580][ T7687] do_syscall_64+0xf3/0x230 [ 252.310442][ T7687] ? clear_bhb_loop+0x35/0x90 [ 252.320480][ T7687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.330219][ T7687] RIP: 0033:0x7fee3ed7def9 [ 252.337252][ T7687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.372671][ T7687] RSP: 002b:00007fee3e7fefc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 252.386338][ T7687] RAX: ffffffffffffffda RBX: 00007fee3ef36058 RCX: 00007fee3ed7def9 [ 252.398916][ T7687] RDX: 0000000020000280 RSI: 0000000020000300 RDI: 0000000002000003 [ 252.413276][ T7687] RBP: 0000000020000300 R08: 0000000000000000 R09: 0000000020000280 [ 252.428216][ T7687] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 252.439223][ T7687] R13: 0000000000000000 R14: 0000000002000003 R15: 0000000020000280 [ 252.451709][ T7687] [ 252.455492][ T7687] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 252.467619][ T7687] CPU: 0 UID: 0 PID: 7687 Comm: syz.4.600 Not tainted 6.11.0-syzkaller-07337-g2004cef11ea0 #0 [ 252.480967][ T7687] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 252.497717][ T7687] Call Trace: [ 252.504293][ T7687] [ 252.511598][ T7687] dump_stack_lvl+0x241/0x360 [ 252.521482][ T7687] ? __pfx_dump_stack_lvl+0x10/0x10 [ 252.532567][ T7687] ? __pfx__printk+0x10/0x10 [ 252.546110][ T7687] ? vscnprintf+0x5d/0x90 [ 252.551517][ T7687] panic+0x349/0x880 [ 252.556810][ T7687] ? __warn+0x177/0x4e0 [ 252.561642][ T7687] ? __pfx_panic+0x10/0x10 [ 252.568285][ T7687] __warn+0x34b/0x4e0 [ 252.573055][ T7687] ? io_sq_offload_create+0xd2f/0xfd0 [ 252.581103][ T7687] report_bug+0x2b3/0x500 [ 252.586850][ T7687] ? io_sq_offload_create+0xd2f/0xfd0 [ 252.594043][ T7687] handle_bug+0x60/0x90 [ 252.601298][ T7687] exc_invalid_op+0x1a/0x50 [ 252.610193][ T7687] asm_exc_invalid_op+0x1a/0x20 [ 252.616682][ T7687] RIP: 0010:io_sq_offload_create+0xd2f/0xfd0 [ 252.626134][ T7687] Code: 3e f6 e9 57 f4 ff ff 89 d9 80 e1 07 80 c1 03 38 c1 0f 8c a2 f3 ff ff 48 89 df e8 1c 13 3e f6 e9 95 f3 ff ff e8 e2 89 d6 f5 90 <0f> 0b 90 e9 f3 fc ff ff 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 4c [ 252.650914][ T7687] RSP: 0018:ffffc90002f9fc40 EFLAGS: 00010287 [ 252.660989][ T7687] RAX: ffffffff8bbe353e RBX: ffffc90002f9fe0c RCX: 0000000000040000 [ 252.671327][ T7687] RDX: ffffc9000e5f9000 RSI: 0000000000001e7c RDI: 0000000000001e7d [ 252.684075][ T7687] RBP: ffffc90002f9fd40 R08: ffffffff8bbe322b R09: 1ffffffff2038b55 [ 252.695759][ T7687] R10: dffffc0000000000 R11: fffffbfff2038b56 R12: ffff88802f27c000 [ 252.706831][ T7687] R13: 0000000000004003 R14: 1ffff920005f3f94 R15: ffffc90002f9fcc0 [ 252.718142][ T7687] ? io_sq_offload_create+0xa1b/0xfd0 [ 252.727734][ T7687] ? io_sq_offload_create+0xd2e/0xfd0 [ 252.734318][ T7687] ? __pfx_io_sq_offload_create+0x10/0x10 [ 252.740996][ T7687] ? io_allocate_scq_urings+0x426/0x640 [ 252.750533][ T7687] io_uring_create+0x792/0x1360 [ 252.756206][ T7687] __se_sys_io_uring_setup+0x2ba/0x330 [ 252.765314][ T7687] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 252.776599][ T7687] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 252.783565][ T7687] ? exc_page_fault+0x590/0x8c0 [ 252.791196][ T7687] ? do_syscall_64+0xb6/0x230 [ 252.801225][ T7687] do_syscall_64+0xf3/0x230 [ 252.806547][ T7687] ? clear_bhb_loop+0x35/0x90 [ 252.813252][ T7687] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 252.820859][ T7687] RIP: 0033:0x7fee3ed7def9 [ 252.827150][ T7687] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 252.858555][ T7687] RSP: 002b:00007fee3e7fefc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 252.871861][ T7687] RAX: ffffffffffffffda RBX: 00007fee3ef36058 RCX: 00007fee3ed7def9 [ 252.880416][ T7687] RDX: 0000000020000280 RSI: 0000000020000300 RDI: 0000000002000003 [ 252.892076][ T7687] RBP: 0000000020000300 R08: 0000000000000000 R09: 0000000020000280 [ 252.901448][ T7687] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000000 [ 252.914946][ T7687] R13: 0000000000000000 R14: 0000000002000003 R15: 0000000020000280 [ 252.929819][ T7687] [ 252.933651][ T7687] Kernel Offset: disabled [ 252.938047][ T7687] Rebooting in 86400 seconds..