last executing test programs: 9.181709624s ago: executing program 2 (id=1767): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000120000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000004640000000e0a01020000000000000000010000000900020073797a32000000000900010073797a30"], 0xf0}}, 0x0) 8.953359748s ago: executing program 2 (id=1770): openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sched_setscheduler(0x0, 0x2, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r0 = gettid() r1 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000180), 0x40e02, 0x0) write$rfkill(r1, &(0x7f0000000300)={0x0, 0x2, 0x3, 0x1, 0x1}, 0x8) shmget$private(0x0, 0x3000, 0x8, &(0x7f0000ffd000/0x3000)=nil) write$rfkill(r1, &(0x7f0000000340)={0x53, 0x8, 0x0, 0x1, 0xcc}, 0x8) timer_create(0x0, &(0x7f0000000040)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x1, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 8.677529251s ago: executing program 4 (id=1771): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000380)=ANY=[@ANYBLOB="b700000012edfffebfa300000000000e0703000028feffff7a0af0fff8ffffff61a4f0ff000000001d040000000000001c000000000000007504000001ed0a0064000000170000000c040000000000007b0a00fe000000006e04000000000000c6000000000000009500000000000000023bc065b7a379d17cf9333379fc9e84af69912435f1b6a693002e7f3be3619184a0b139d8d4209c8ef1e50b91f32050e436fe275daf51efd601b6482a0800000098efd2a102ee010400006e7a1de4a21f379dbf01de00b1b564fef3bef70548aed0d600c095199fe3ff3128e599b0eaebbdbd7359a48f5b0afc532ef58de3c1b7646cb7798b3e6440c2fbdb00a3e35208b0bbf12cd8dff095edc710e4000000000000009fbe4b61a615c6c57a2b649dc74a1a610643b08d9ec21ead2ed51b104d4d91af25b8123deda8a3658d42ecbf28bf6d8e8afcb913466aaa7f6df70252e79166d8582755a314d31a76e42f2460d0b11008e59a5923906f88b53987ad1714e72ba7a54f0800000000000000d5f728d236619074d6ebdf098bc908f50ae728a40f9411fe7226a4040b96e37c4f46010400000000c3da29fa9ec35866a96960bca97af133824b881cc1f62c0f8f8f0e8d76b86f9c45636614786f5a2cb77230a874640dcbe0b20bb77c022d4cab080078fce8c5c81b7037181fc2f18f781aaa6e2957d7e39cc1baddcb7ec6667e699f24e41697ee7ea23e4b29a8b6cc9a1f5a7b3caae05f13792292cb949b3aab06b1e042ff2164d80c605532b18ab1c156b97e5889685a96949e4cb40df77b8bb84b0e733a63784ccc214d930cbb7e090df9a2867b3acec439c163fc8706869ada11390d4dbcf840fa68e7d7071b53ac29df826f8ae6d6e18c1eacf5bf870768d5217e9bb5a05d9e224e67f1231bd236ed200073824d93c4e1a0f50a74bb4850486727d970acc546087acbf30f2f8165b47ba56dfadd14b306e98931485747292c6fe6e188750cf4f87cce2aa7d67c7133a9f05954cde298a35ea6d715ba80aee63300000000000000000000000000000000000040000000000000000386000000b854adb4f8080064e8407c6bdb37114c80fbaa4a0ec5aaf4b0ac6f2128668279eb6fc144344e2d461c9a1be8fa0061ea9d55ee4716bea8e1cebf9ed39325ab4c5530dd6ee9fffc00000000000000d7c5af73c683625aaad5eda5004a76c9f8975ed4c5e4eb3e77e9885f69754932609f19e2f615a01cb6d17fbf5cb539403cb0572534f054d5514ad8264f7b029b2bdf2ca4958a62a6e744f9a4c1e646e1dd2ca19583f0f8b0dc53debd7d44f334e6ed7445a9580f970e483b307c4b3c018bc194b23d37e6a2e52d8288e5aab6fec586d52386e8c07a88c88e8faec5f1b16b2014f6952ce7d6be12c6bdb9651ca6fc907061be311d1354e6295698594a73136237bee068d3819400e43544830a3f74b7942f22336953978a5b2032da4238cc61162c04c1297395b73e18c9387615a2bc87d9e2445f3d323d3fac347926a4bac694c55fe9d145906d410f58f1951405d10504efe402cae085afef5dbd617e87ddbd239e4a50d7eb8e327fb5db12cbd6a9efe8e671c4f251cafffe3400a670d14b9b3cd8d86e492997a0168c022ef3536bd1dc731f4f9f8cb6c3857fb8aaaa95024f8da775f72950212b84fc6133ae14d1429cd4905dabb52e43af7e65acf97b4951fa1e967d16a5ed642efc855a4a46b85cd079934ad3188276efae9387eaa232697526e24b5d4fded86c3811ccd00520150b16000080122965558074956da5e4c3bbefcb64aa8be4456ed2caf0f467b6bbf3aa4371f5e76ab3f60afea80bb066aafb7517f787b090f419a20278a3c779e03afd9a6af6fd518e5dce030f88ec5a5cb7601a161da0f80893220800c523040d13e1f1300c2c6555bce60d95dd3288e53435713f03add23f14c8db5555c62de4f626483632a2ab547f88dd6efec73a0271a19ca3aa860aa4dcaeeb9bd91a0cb429efae2a5fcc08b3a572969bbe917d1767e38ba49e3e57fafea83e495a6a1d1a4ebf83434986091dd66ffe3ffed0c39552a312e2db596d9c827e02f6fc13c8ddbb50bfd7dd8aa2f35f259fc83e007fe79d2d25e30830b92fca00a292dd3b856faa4b7e66e1b64505f65900839df71a97d4d07d37f7ecf8ed9a22da26ae674bba16c204f6b2f8f74fc56b7126d7c11ece6e88ec41192aaee75415c58d264a2b6adae02c821b62428902aad499825ab85a348638384cd12e61dbde5c47056f0a20b4e2a2328d5db5cfe56557a129e6be231acf5f57995c60d9fca5f63a0dfd18054717120bda466d04774b53208ad8b022719ca77a4e0a66b4708f791d849a5e2aaa0074a9560ede2600df5a5c41392fe9460080fcb1e65233fb8dbeec4c86dbcf6a0673e38d2d3615e5bfbde44afe0fa7564231fff7e7f1f3ad68492dd2ccb1decb15b5d7d3e37e8b7d28921c4b9280979521173f322df408d9818b6cc400098abb869921911480a876fbba698801937e8b4264eb6f5137bdaa075f1488d22230592a79000000000000000000000000000000000000000000110000000000000000000000000000000000000000000000000000000000000000002f316aa0886c174b73decb46c1c85edf50d8fcbac5ff76b365611666da86a8e65b308706bd7c000000000000003f7cd4d5cb9076b81b7741ec03877afb5237ea1694addebc14c3ae49f88c462ea2050acf2d9a97d3be29a5614d1eba2c98cf0236401e02d7c445e50f76419ab4f78f67a09e63dd4faa2e7b59399f055f2fa278783f26d0a52aefb0a5ef0b41e14a6fe6ba306206670b84894e901a523fcbadfeff535f2514bc834e876810d9a6a78e70a9e22860c36a724770b4185de44db6bf21fef32a8d5b36d9014f38fee012365f963b2a85e7d8075c333475b9f0284405e3127dde7e41285fbe0bdd370c06c6a41744c3d24eab511317f97b7b4a1c2ec33fedc46e9bf0fa640eebd3d58f0ebdb7cb8ccffd6d6ab7e0e843591d2618e2d2cdc7081c8fafffe9c3500800000087de4ee7aac6478d99de7dd82bef044a6d33c789d566c90c46ad581aa22f910547a77d55e26bf19f1d4661550b177ef53933a305e69b8a95119dcf5bda599d625054776151b2cd1fcde238bdc527594a6c17aa9728af24e2bb7a3830e7092b01b119ea4e7e7f0e21527d622cc29c9f0c8720195368f8374337ab4d130619d93c5ef37e7ddd0b2da147e6e513455b88753452de959a6cbfa1ffbc7ad5d8c3b48017fd31dcf72f337b639253f44cb27a12174bc4c191e21015d0c431a71906eb9c6a14c8a060459ef26787ce3d1cbfd5cc459f0048b5d06f6cbd3e9b34c89f3fb2f951ae81d7fcc8bc0000000000000000000000000000000000000000009231feef3117197c796369f776c8b2ea3970f358107945d9e74e9bdfa58e68b65a9201bc4b73b431df5aa29f363917f90e3fa1eaf553db1c761dd9b634a9c4d7c21d24fe6d953ed9438cad0f8dfe03e5e2f73019352f1fb682a5a6ebbf24ebc49e3d7058e696eb3f4b642f36c9006c0067e24a64aa8c53dd824a4ee271e35ed90000800847683c08bfda74a143c855030ae004ac797c575c202d8091eb77565212548ead770d680000000000"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00') preadv(r3, 0x0, 0x0, 0x8, 0x0) ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8923, &(0x7f0000000100)={'vlan0\x00', 0x40}) close(0xffffffffffffffff) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000140)=@newqdisc={0x40, 0x24, 0xd0f, 0x70bd2d, 0x0, {0x60, 0x0, 0x0, r5, {0x0, 0x1}, {0xffff, 0xffff}, {0x0, 0xffff}}, [@qdisc_kind_options=@q_pie={{0x8}, {0x14, 0x2, [@TCA_PIE_ECN={0x8, 0x6, 0x7}, @TCA_PIE_ECN={0x8, 0x6, 0x80000}]}}]}, 0x40}}, 0x44080) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0x24, 0x24, 0xd0f, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r5, {0xf, 0xa}, {0xffe0, 0xa}, {0xfff3, 0x10}}}, 0x24}, 0x1, 0x0, 0x0, 0x55}, 0x4000) openat$ubi_ctrl(0xffffffffffffff9c, 0x0, 0x84002, 0x0) sendmsg$nl_route(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000540)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c000000100005ff00000000000000000000004a", @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b00010062617461647600000400028008000a00", @ANYRES32, @ANYBLOB="bd1b5c7809"], 0x3c}}, 0x0) 7.548803765s ago: executing program 2 (id=1774): socket$nl_route(0x10, 0x3, 0x0) r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'team0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000006c0)=ANY=[@ANYBLOB="4400000010000104000002000000000000000000", @ANYRES32=0x0, @ANYBLOB="0380000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32=r2], 0x44}, 0x1, 0x0, 0x0, 0x20004885}, 0x4054) 7.177597508s ago: executing program 3 (id=1775): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000200)={0x44, 0x0, 0x211, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x30, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @loopback}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x44}}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000180)=ANY=[@ANYBLOB="d80000000001010400000000000000000a0000003c0001802c00018014000300003a000000000000000000000000000014000400ff0100000000000000000000000000010c00028005000100000000003c0002802c000180140003002001000000000000000000000000000114000400fe8000000000000000000000000000aa0c0002800500010000000000080007400000000044000e800c00028005000100210000002c00018014"], 0xd8}}, 0x0) 7.100417437s ago: executing program 2 (id=1776): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv(cbc(aes),sha256)\x00'}, 0x58) r3 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/net', 0x0, 0x48) getdents(r4, 0x0, 0x0) r5 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGREPORTINFO(r5, 0xc00c4809, &(0x7f0000000540)={0x2, 0x201, 0x591b4a83}) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x12) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/8, 0x8}], 0x1}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x51}, 0x9c) bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f0000847fff)='X', 0xcf88, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 6.877485845s ago: executing program 3 (id=1778): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = syz_open_dev$sndctrl(&(0x7f0000000600), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r1, 0xc1105517, &(0x7f0000001340)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x3, 0x0, 0x8, 0x0, 0x3, 0x0, 'syz1\x00', &(0x7f0000000180)=['\x00', '-[\'\x00', 'r\x0e\x81|\x0f\xa3\x8a\xb9\x8c\x94\x04\x17\v\rh\x10'], 0xfee5}) openat$ttyprintk(0xffffffffffffff9c, &(0x7f0000000080), 0x20002, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r2, 0x107, 0x5, 0x0, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000200)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x85}, 0x50) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="143b8ba046ef0cd81f000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000048000000090a01040000000000000012010000000800000900020073797a32250000000900010873797a3000000500080005400000001f"], 0xec}, 0x1, 0x0, 0x0, 0x20048811}, 0x0) 6.344270266s ago: executing program 3 (id=1783): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv(cbc(aes),sha256)\x00'}, 0x58) r3 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/net', 0x0, 0x48) getdents(r4, 0x0, 0x0) r5 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGREPORTINFO(r5, 0xc00c4809, &(0x7f0000000540)={0x2, 0x201, 0x591b4a83}) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x12) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/8, 0x8}], 0x1}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x51}, 0x9c) bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f0000847fff)='X', 0xcf88, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 5.293769408s ago: executing program 4 (id=1787): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x6, 0x9, 0x8, 0x0, 0x3}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) r2 = socket(0x10, 0x803, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000280)={0xffffffffffffffff, 0x53, 0xb, 0x7ff}) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00'], 0x48}, 0x1, 0x0, 0x0, 0x8804}, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000280)={{0x6, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x9, 0xfffffff000000001, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0xffffffffbfffffff, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x3, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x40, 0x0, 0xfffffffffffffffd, 0x100200000, 0x0, 0x0, 0x0, 0x0, 0xa, 0x9, 0xd, 0x10000, 0x1000, 0x0, 0x3, 0x100000000000, 0x4b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x7, 0x8, 0x7785, 0x0, 0x4, 0x4, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400000000, 0x80000000000, 0x0, 0x5, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0x40000000000000, 0xfffffffffffffffe, 0x0, 0x2000, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x100, 0x0, 0xfffffffffffffffd, 0x7ff, 0x0, 0x7, 0x2, 0x0, 0xfffffffffffffffc, 0x3, 0x2, 0x0, 0x0, 0xc0c0, 0x8, 0x7fffffffffffffff, 0x3, 0x0, 0x1, 0x0, 0x3, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x80]}) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2) ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x40305829, &(0x7f0000000000)={0xd, "7154bbc8aae250bd23544617d5"}) 5.027506469s ago: executing program 4 (id=1789): syz_emit_ethernet(0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x23, 0x4, @tid=r0}, &(0x7f00000001c0)) r1 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$SO_TIMESTAMPING(r1, 0x1, 0x41, &(0x7f0000000200)=0x632a, 0x4) setsockopt$inet6_int(r1, 0x29, 0x33, &(0x7f00000003c0)=0xfff, 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000640)={'wlan0\x00'}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB='@\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="050026bd7000fedbdf250600000008000300", @ANYRES32, @ANYBLOB="08000500060000001c00e700505b2e4562542476aed6fa73fae9b4d775e225fdffffff00"], 0x40}, 0x1, 0x0, 0x0, 0x4094}, 0x8080) setsockopt$inet6_int(r1, 0x29, 0x4a, &(0x7f0000000000)=0x2, 0x4) sendto$inet6(r1, 0x0, 0x0, 0x24000800, &(0x7f00000000c0)={0xa, 0x4e23, 0x0, @local}, 0x1c) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r4) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000008c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r4, &(0x7f0000000a00)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000440)=ANY=[@ANYBLOB="44000000920733dc8a4dd0da4b2676836967d1a5cc967a213d4b7f1708", @ANYRES16=r5, @ANYBLOB="33fafdffffff030000800700000008000300", @ANYRES32=r6, @ANYBLOB="140004006361696630000000000000000000000008000500060000000c0017800400040004000300"], 0x44}, 0x1, 0x0, 0x0, 0xc804}, 0xc2010) recvmmsg(r1, &(0x7f00000066c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001fc0)=""/148, 0x94}}], 0x1, 0x2000, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x77359400}}, 0x0) r7 = socket(0x10, 0x803, 0x0) socket(0x10, 0x3, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004042, 0x0) r8 = syz_io_uring_setup(0x177, &(0x7f00000000c0)={0x0, 0x2423, 0x1000, 0x1, 0xffffffff}, &(0x7f0000000540)=0x0, &(0x7f0000000240)=0x0) syz_io_uring_submit(r9, r10, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x4004, @fd_index=0x4, 0x10000000000000, &(0x7f0000000400)=[{&(0x7f0000001800)=""/4110, 0x100e}], 0x1}) io_uring_enter(r8, 0x567, 0x20, 0x0, 0x0, 0x0) sendto(r7, 0x0, 0x0, 0x0, 0x0, 0x0) recvmmsg(r7, 0x0, 0x0, 0x2040000, 0x0) r11 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100009e1736bb4e6dd47206de01020301090212000100000000090400000002060000"], 0x0) syz_usb_control_io$cdc_ncm(r11, 0x0, &(0x7f0000000600)={0x44, &(0x7f0000000380)=ANY=[@ANYBLOB="000a04000000d5620963"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$BTRFS_IOC_SNAP_DESTROY(r7, 0x5000940f, &(0x7f0000000680)={{r7}, "8f30c7f4990b34c73194299c5427ba31e0724e972c43b66fb0439b7a452f7125944b4e8c32dff447aad32f8e80d79818a6df02c359f5db9e7e883820ebe0fe729309e87b3c1f8fdbf666a605efc891d622ccaf6968eb7e0bddf21a5581bc7bf9b6cf0300b9ffcc451f5a7aa372b6081ab464ca05883c140dd2c84815bb2c7f2fd16f5cc56c6b086d2f796a92cb7f14e9b06addc5803ffa826d59e08819078b896be3080e574977d557b396eb0420aeda515830e07e7564fca93ca1873b94cf1ac49e96a38b3565bb4547db6ce2ef414bf091db9db769b1c7f76a94f0ca6b50f417d53fd5e56fb9c9bd29f6cce16c24f200fe9bc3b76ca03aca03e2338d598223b1a6dc7ae96bb7386c9ff06877492ea4e1d6236223e24e3d88305e32fa6666020de7da0f11af186b68862024a1449ee30dd4636d892106fe8b02278a0965539f9f33e025cfb0bd433902911b9494937c5485c063a49ea3dd89f7dccec8724494a770b3be43f440db9e96c8f869ef3c4dd6b883576641a17137cacedd5875085865aa150f76f7a4faf0908bb3214a93ba4fd87e6016a9d2a19936f4c60fe7f234697656f7502ee014769fa1441065ef0e7aa3bbdc08f0f741d068462c86ba777e73d6f309653601ba3761379168826125ee34a5ccfea1d0b79d51818571852e32b07d367d139c536eda7b3a580e79e7a1c69bce7bde880c85ef75821038ece50cb05210a6857b68d937d11e65b734c1e874dc6c1f4d515ee38618cbf08208345a436b4385c1cdc9e170b32215892702f11193eceac5295d726448f692f31443e1ac827c81abaac77d227fccc3e262390b7860235f6bc7770e48feedfe0e882d22ad1b7a596ed866d471b39431f582a32407f508e001f963f01f39100d27da14d0992544b5365a884c4567594eb4f18eaf38686e6e045295238328b0779420bd26c43854bb7fa585c8073f3be38ea0be150119e0bee3ce39be0790f422008c5fa6de7da474dcd535169b4a0cb9e28ed52ce33edc7b467a43d4828076f2bde7b232954afa1238070eff3007e34c05866edf9c8e43b6bc0d1ec0c7bb04545f9a025284ceaa26c5565d633886608731e6c73764e0338f1ce9781115d85959f9874f86870b80f754b30ca42a6184aee0c35325eb1e08faef7295c04b04a4ed81d91b19c65169d2597ff21a9c5a14d7ff180644df474534ee4be4928005b35a1c6486ebb254db0dcb2300e3ae396765483d2c0ef9d07d9e3bbd16ee05d0e68f975c85b00ce2051a8f1a65cb763f5eb252c6be21a5fc92ced73d58144e6cf162b308912de2198d3d1ec195cf261443440b289d11ac849cf85a23820ebfe30e0456d3356686b4d723b223a9d854cf885d123cd9365e61d40ab57d476de16927652eebe73ad6f84d5272eb7433640e34983d50a1010b14ab10bb0aa8a73525cdf334f7bad856f38693e59d21945f68ff14b94fa97cf63fabb317bc972dcc7fb2e641a8653a0e57ea98c51da4b0734d6ac1dc5bac3dba2cd77f98246aaaf5abe7f6330ef604a3229b1b9742e16f3c855db266687be1b595cd485a6504e2901f6a4dc4e524b697efeecbaf56251c649e6b6b8ede4dfac71e74295e2a0786fc7a29e96d7c976f793d563f6c059e87a127e56fb6994d9644f8ccca43ed8cc9146dd152c695a76aa4217e3d789fba7b931b30d3c5ed13098e0679f90496d0decd141252cc394b4a2c27de0bd1c0f8f4c154150387f9f73d5c8e94d91d1613c91165ddb037260d735ba3170a643eca8dd43ab8dc57bc9b1fa2446752a5080ef75c1485c9b9fa77663a60cf2ab641d2b0e770095c93f30dbbf136b169611e5c2824548b00a018f587f99bb387884cd23278d838947516d44878ead3301308f12731e94027a98e8e4288b53e0f86a7249ab1d9f8ec7ca1ed9292e6d95829b502a82b40d9bd4d68bbffb05fbb929eb7c93c68f0a69b338b1c8997ca7f0ab428673bf5bef865f2de64d4054815c9dc6bce31e7812809adc1a2838d823845b201c6ea8c46146648d1b214e8aeca2549350728242845d16acdda86b2ea556c895d323b8147754c384bd8c55e6a13441d047a7e1735795b90f947441baac51ac8e8aefdc4a7e3ac600caa031f61a824f382e28a0870182f76f647b26fed71ef48bd5218fac69c6ce4e8ea7e38308285143bd7350b9f5991f1560c23ead6592a4d39509294f5745f2fc9599370c95a648c0bf6b1f7adb19d3d7a4f53e9cea56904d0bab39ca03d66805c51ab41c63d451b873c553565827d774a909a5633c5fa1a2f4f59bf7fcc2de3377944851879bef54b4962112b54930cf6e4b23e5b12d24e36e595bc1bd7e84499c62be08263442859d9da895f7fd4c09f1b1f00ddc7adee4615c4ddce775c18a3c545a6289ecf8893710270eaf97acfc4b367a9b5f6248b4e1897478f7509b68f847176a1b505c2af7a97daecb2042b8545a0e3d293726f248a76f9411ee7d82868c18271e9311f67705025aa179a45ada3effbec2cec11804cf6f7dac2dfc41d60ecd3ee2bea8e0238e6332a996159f7f17884b129861ce419a5491ef226ca3ca0394ac9e12aea462e11e6a9f9fb592707b62205a2787b9fd40817d45de9c44aedaaf700d909a8ce5d8fed547c94231b7cf4f0a818e24e2a7f986abb2e3b78eeb0cafa265e7b3becdf36c9c9dc6020f1f36b7b3782dadd52736eb69d2bf5ac017ede4df2e29b1f20695d6df4b04dfe19e23e15b4b3764d19800ac4c98629634fe2a4d53fed4d5512e1c79dd6baf4fe0635582b8081c7848b3c9c424aa746e28bc363c7654795dc548a8188ee2ba995d3181c3cf5ac6a2d2aeb6f55d251a5e290594be8f89c6fdd3d5572f7214acca87aabf544bab79b32e651fc963911606bf8c28b9dc511762219a9711e3cab2dac9fa313d6285bb547c03eba2da977d1ad32bd50e298f6468a966330dac379821f1281bce310e3aa139943f3b9ca555907032a2718cb2996fb5d29dd782f03d4df0cfc5d9868ef21c7fae7575589c1617d0d99b524722e2d1d255f8a38c34c209285129ba15451acb48b7e742c3e280c2a7a846334d59c0ee6d4036b1b683b686ffb5567acf35ce76bdad305feab5b30aa50c5230553facefd896fb56f4747fe73f4ea39d79a39077ca46ba0466a039e2b784abb71a43e7713ceed4dc797ddb33dc73e02bed93795cbc1ea469c60d66f425bfef99e9f3ad4c3070474ced5a71245feb05a28b0a68ab5f20233416e7e636f6ec0521ee28a3f2fa4e9c1e68fb4e1241f606b4193ea9dc43ab1f100944661bc31101ab58b2d1d64c15818a6e0ada256f2d3a023750a656b150c5c71f9aa51ab87d4042ecd41031183e9699dd1649b07abf3261344b73a17475321b73b0ec8f140f8d04bc3527e24ffe11b82efeb1b586e861e674ef84a1237caa8a92ae9175d33be5d65837e3bf2e39d651e253a81333130a768d74e17adbbdc1a407951ffb35ca64c6886fd04b5c96ac05a7a407e4b2644b5cb1d3648f97d22d9709e82c0ed24bee45f351675f45cda356a23ca24901ee3c5f3f37f1cc9873ca4ebf38d8ab5bba58cf5a17557b6341f583b4cadd589249a14ad511587ee4311c93e54fe0b6127a2859916fdfb9c96b99f09fc627c69a5c6ebd29faa0ecb6b402c0b8dd6976ce78227d08928c6f14fbb39df2b3edc35d44d4d0f61f55b475031adebf7868f32b03ebc99bfe5e7a3c087037ebcc553cc567d18bee56974ea627f80a3ae31d093c93690ec24bbd953c0b9725d6368bb679553cef8a6789a3f62b90fc4f9c1984d15bf68b65e9583e07567a56c22ad0829deefa16d492d92d436d65730747f41855e584872916e4974d798554a444d300bb0b93eb457a7c4ff9d20bf4a1cdcbd8ce5dc6827f94b536d58075a9dbdbe1545ffc06039b0e1cb0173d00674922ff49e1582189b8f0166f0ccf2580d265cfc860a22527f5188e031893a1d03967d57254e489f67a72013105df98110865272ff4b607a20d31e7a9f073700090c9b8ef4b36138901017bdddb9b908c3e941135eabe94101081ff487dc965899b69b813833cdecec4935b8634cc5ff83930acb8ee30b676c3f499bd9a5f4c872fc1f35c28ca99cfb49259818d324660f578f55eff3357823d6c2801404b1b907a4c524ed78af085a26c4dd5c977b60f0719b188b21b6e2dec1c40099edd1d99e17745990fee31d6faf4c3f15be9f7328940f87ed78846b8d29cc8591c8f85091590d3f700380050207d6cbc4e0b8a3af3637342c120344b620435d8b3801b08586d41b48035d25e3b8ecd4ae9fd9ef2cae136325cfbceaefe9a6af21cde733d25e2610592c578ad87c563ea99c4a95984415c97e690313bd9def19903237692093463f97be30c0b0364912d67a3da123d4302bacd878542b102ce0451a5da4fc5173f6cf0437dfe37660d529a734d1a4478b24a6d2477b3d02d023fc74150354829e6bf33168a47d693be6329345fdc4d57888da89787b3ca658f00359ff30f4e6eefc3d711a06014c9db4d0cf3e91e44580faf93ac5be6a50820c2e8d4566587601cec8c9dd50a2c4a867c121f15096646b41af0e17a103d82336a2953e42225a64a2512308709049021f464a3a56b3f91475d4c4d279ab7aa1162d7ef07c9c70cf854aeb7bbaa24ba424d2f3de6ed3338ffefa37a5cb6e114ac10a84f70963acf099c17e172e7c5e321b87ba233178208f31c0136a0ce27f4155dbca5b95b27402a2ae5ad12b0c09f15d72988dd427dea88b3f571e697192024a85a781b13453c8cf402ef014e32d761dad37736acb584df901f256b7306b57925f64c43868229eb072ee72ae225e16e181f5f62589a7f49db754ab88789be3dbee6a934f095f636c3c3bc1098c536435a9bd61c31935f94da727b31c0f204125906627d84780c7b82dc627b2089f09e558f38cc9f962428fb2d3304990ec5f820db5ea634cb6992dce59aa12eb28713b0ac6fb4e9ab2af5396879c2c4752ca1724f80342fa791e02ed84cd2ca07058fdada9dee0ed38885aa601ce5a7b664b3e12a4cd7d85488c20fddd54147abb51607faaf8209d7234dd1146e9a55749e3c3e37f0bb48a855f003540186c13b94b0536946d0bcbe9a92eb5b29e884c50667c967449125bfcfaf08f9d7d02215d66b0e95e96ae5f48b7ee9efc19e0fd8add98ea946b45c9f168a726587c2f3386aa012ea9fa5d7c7eeb1d197502304b1278a714b85f16b8cfe78b5be8155cbfc1aeba562b0cb7233a8b1044b58fed19b933a94f07615e148d2cc851df0696926ff66accc438cc1fd2a46d8b754164b4d9c3055a6ef6e14b98ce36c01a78aeb3cbd2921553b2af39c43f74b647d4e6b94319759509f7ef3488afecc5b18d9d79e4069ae66289e8877b73173db342377c227c868af30f3656ee0651248351711f23ce0c5f03f463e1f08a3c2e147f57ed9ef2f3f5beec1b7a021585011ab77aee5a682a0d1ed6bfad9ffa34c407bac4e7b5cf79832610097b9a6ef41a306c41d3f075396f74e21d45eafbf5283468ec146c1f7135e168fa5a4fe1786cb62a963e2fa664530dc6e366582229ba91655fae75dc86cb8a3facd17e209a77eba10e393c6feb40a18d86f5615b27e37a5286eec10c3462d7dd400bec09cb3f35c9731b90d6e1e1c2722cb662862dbaa7963602ea0155ce90fca1efbe83165cfe2364c3cbba45fa50947f893f35868a6ca3f04a97a7c0fca9a2bc0f9d317baf785061391d78c332f7cd10252ed6571378cd9cbeba0997010e3ad1"}) 4.471421066s ago: executing program 0 (id=1790): r0 = openat$cgroup(0xffffffffffffffff, &(0x7f0000000100)='syz1\x00', 0x200002, 0x0) r1 = openat$cgroup_ro(r0, &(0x7f0000000080)='blkio.bfq.io_service_time_recursive\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x12, r1, 0x0) bpf$OBJ_PIN_MAP(0x6, &(0x7f0000000040)=@generic={&(0x7f0000000000)='./file0\x00', r1}, 0x18) epoll_pwait(r1, 0x0, 0x0, 0xfa, &(0x7f0000001f80)={[0x1]}, 0x8) r2 = fcntl$getown(r1, 0x9) r3 = syz_open_procfs(r2, &(0x7f00000000c0)='net/udplite6\x00') getdents(r3, 0x0, 0x48) syz_open_dev$evdev(&(0x7f0000000140), 0xfffffffffffffb9f, 0x123400) shutdown(r1, 0x1) 4.145455869s ago: executing program 0 (id=1791): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x81, 0x2000) ioctl$SG_BLKTRACESTART(r0, 0x1274, 0x0) r1 = syz_open_dev$audion(&(0x7f0000000040), 0x6, 0x200) bind$inet(r1, &(0x7f0000000080)={0x2, 0x5, @dev={0xac, 0x14, 0x14, 0x3e}}, 0x10) read$nci(r1, &(0x7f00000000c0)=""/161, 0xa1) (async) getsockopt$inet6_IPV6_XFRM_POLICY(r1, 0x29, 0x23, &(0x7f0000000180)={{{@in=@multicast1, @in=@broadcast, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{}, 0x0, @in=@local}}, &(0x7f0000000280)=0xe8) fchown(0xffffffffffffffff, r2, 0xee00) (async) lseek(0xffffffffffffffff, 0x1e2, 0x2) (async) bind$rds(r1, &(0x7f00000002c0)={0x2, 0x4e23, @loopback}, 0x10) (async) syncfs(r1) r3 = socket$igmp6(0xa, 0x3, 0x2) bind$inet6(r3, &(0x7f0000000300)={0xa, 0x4e23, 0x9, @loopback, 0xfffffff1}, 0x1c) (async) ioctl$GIO_CMAP(r1, 0x4b70, &(0x7f0000000340)) r4 = socket$inet(0x2, 0x5, 0x1) (async) ioctl$SG_BLKTRACESTART(r1, 0x1274, 0x0) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x20000, 0x0) (async) ioctl$TIOCOUTQ(r1, 0x5411, &(0x7f00000003c0)) openat$fuse(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) (async) r5 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f00000004c0)={'ip6gre0\x00', &(0x7f0000000440)=@ethtool_coalesce={0xe, 0xfffffff8, 0x25c8c376, 0x2, 0x2, 0x5, 0x9, 0x5, 0x9, 0xc915, 0xb4e, 0x1, 0x9, 0x9, 0x7fffffff, 0x0, 0x7ff, 0x1, 0x7f, 0xd80, 0x6364, 0x5, 0x1}}) ioctl$SOUND_MIXER_READ_CAPS(r1, 0x80044dfc, &(0x7f0000000500)) (async) ioctl$TIOCMGET(r1, 0x5415, &(0x7f0000000540)) r6 = mmap$IORING_OFF_CQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x0, 0x100010, r1, 0x8000000) (async) r7 = mmap$IORING_OFF_SQES(&(0x7f0000ffc000/0x2000)=nil, 0x2000, 0x300000c, 0x2010, r1, 0x10000000) (async) r8 = io_uring_register$IORING_REGISTER_PERSONALITY(0xffffffffffffffff, 0x9, 0x0, 0x0) syz_io_uring_submit(r6, r7, &(0x7f00000005c0)=@IORING_OP_LINK_TIMEOUT={0xf, 0xeb4f6e094100595f, 0x0, 0x0, 0x0, &(0x7f0000000580), 0x1, 0x4, 0x0, {0x0, r8}}) (async) getsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000600)={0x0, 0xc83, 0x30}, &(0x7f0000000640)=0xc) setsockopt$inet_sctp_SCTP_STREAM_SCHEDULER(r4, 0x84, 0x7b, &(0x7f0000000680)={r9, 0xd43}, 0x8) syz_open_dev$sndpcmp(&(0x7f00000006c0), 0x8, 0x4a081) (async) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000840)={&(0x7f0000000700)={0x10, 0x0, 0x0, 0x4000}, 0xc, &(0x7f0000000800)={&(0x7f0000000740)={0xb0, 0x0, 0x800, 0x70bd27, 0x25dfdbfe, {}, [@TIPC_NLA_BEARER={0x50, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_DOMAIN={0x8, 0x3, 0xb517}, @TIPC_NLA_BEARER_PROP={0x44, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xd}, @TIPC_NLA_PROP_TOL={0x8, 0x2, 0x90e7}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x1d}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0xfffffffb}, @TIPC_NLA_PROP_WIN={0x8, 0x3, 0x9bee}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0xa}, @TIPC_NLA_PROP_PRIO={0x8, 0x1, 0x1}, @TIPC_NLA_PROP_MTU={0x8, 0x4, 0x6}]}]}, @TIPC_NLA_MON={0x4c, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1ff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x1}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x3}, @TIPC_NLA_MON_REF={0x8, 0x2, 0xffffffff}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x9}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x7f0}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x5}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x610e200b0bca16d}, 0x0) 3.980180836s ago: executing program 0 (id=1793): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000180)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x10, &(0x7f0000000bc0)=ANY=[@ANYBLOB="1808000000fffffffffffffff800000018120000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70300002000000085000000d0000000b7000000000000001801000000082c2500000000002120207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 3.689325891s ago: executing program 0 (id=1795): r0 = socket$key(0xf, 0x3, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) getresuid(&(0x7f0000005780), &(0x7f0000003240), &(0x7f0000005700)) fchdir(r1) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0) write$nbd(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="01"], 0x40) syz_usb_connect(0x4, 0x579, &(0x7f0000000700)={{0x12, 0x1, 0x110, 0xc0, 0x7f, 0x5c, 0xff, 0x46d, 0x8b0, 0x64d5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x567, 0x1, 0xe, 0x6c, 0x0, 0x3, [{{0x9, 0x4, 0xd7, 0x3, 0x10, 0xfd, 0x58, 0xc9, 0x9, [], [{{0x9, 0x5, 0x8, 0x1, 0x200, 0xff, 0x4, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x66}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x3, 0x26}]}}, {{0x9, 0x5, 0x80, 0x10, 0x0, 0x3, 0xfd, 0xfb}}, {{0x9, 0x5, 0x4, 0x0, 0x3ff, 0x20, 0x4, 0x5, [@generic={0x7e, 0x7, "be232c9aa78df2b0c39510d1a456f9f98a902081c47cf340076658cca3408648486dbb0ae51ac928096bdf3b63e01bee8eee39895d8ee1fb2560524a2b564bfa5434044264ebfea2f0815d7944378d5f3b3a00056c0969aa96ace50b26ae63a6dc91a22eee98222e70fe15905e214e781a73942708fdb40667c6df09"}, @generic={0xf5, 0x3, "b017d45b8e2bd21f943a18985c18f5bff8b6a425796f468df9da0ba4a7606eae9a87ec5df9fc20d934ceb6dc6e7897c65d9c97e463c026b2fa885035d8285ba5f36385d91b182b6aef6ea0ba84b3909076f9daa96a4f1bd6237cc173f2dff3a1495cd5c8311d6978c3f0f50ea483ff050a799fb2f35874409e066c02a04ccec9da0069d4ab4e84e24f7af5cf95b9f7666f1d06bc6dc79b8da071d539a6f0feb60fc4a0e027ded0f488812c503953730c0cd6881f0138fb0bad581f7bf9062af86c33e9307ed7af7fd557f01b13d530a45e2bed875584adabb2c05d043f3c9716322f3ca0c2a8abff2c73c3d4bfe1d1b654736f"}]}}, {{0x9, 0x5, 0x80, 0x4, 0x3ff, 0x9, 0xa, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x43, 0x1ff}]}}, {{0x9, 0x5, 0x8, 0x0, 0x200, 0x8, 0x6, 0xf}}, {{0x9, 0x5, 0x0, 0x10, 0x10, 0x70, 0x5, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0x40}]}}, {{0x9, 0x5, 0xa, 0x10, 0x3ff, 0xb9, 0xd, 0x9, [@generic={0x30, 0x2, "80edadd3ec51d10498768878d99510d3b88b96d827ba000760fcc9fa0e581a0d6f604ac46c4bdb93b2c7515251dd"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x400, 0x6, 0x7f, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x9}, @generic={0xb0, 0x3a, "d9160a166e495b381663eb5a4e2e755456112c17f884705c4dcfccaaf25cd1dd19ce81491ed71abced92c609c4e5da9ddb24cdd1a0ae471244604df43d2949176843f0f5b4b26f8000b1dfa02509e7886904f31a299c1a3119134bd3bce1cd548154c5c3f870faa7e793759019dc78a0ca558917d36752beff2ab39ab78a7668bd850219db8e8f054b6ab056b67c48226d77ede7729bcc9392685f8e5828a246112958fdefc3744dc50b68676b7a"}]}}, {{0x9, 0x5, 0x9, 0x4, 0x400, 0x1, 0xb, 0x6}}, {{0x9, 0x5, 0x8, 0x0, 0x40, 0x0, 0xc9, 0x5c, [@generic={0x3, 0x23, "d8"}]}}, {{0x9, 0x5, 0x0, 0x8, 0x3ff, 0x2, 0x1, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x33, 0x6}, @generic={0x6f, 0xb, "0019ba902af51d048e7fc152a7db7a3a4d0d5f781ac54388bb7ed0e91e9d972164fb1e5fee24967dd71727fbcbb18e6156c4ff9ffe454f5c8ac28905a2378f91f1401e8d91b706f9e6915fb42d7c1d966dfc9de0a700c45d3af27fd3b5dbd13eb3f1ec5aac779c3fb0c46b36b9"}]}}, {{0x9, 0x5, 0x5, 0x2, 0x400, 0x9, 0xf, 0xfa}}, {{0x9, 0x5, 0xf, 0x3, 0x8, 0x7b, 0x7, 0x21, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0x1ff}]}}, {{0x9, 0x5, 0x1, 0x0, 0x20, 0x7, 0x9, 0x8, [@generic={0x9d, 0x4, "b8d09568eda40209fdc6d3e977f5c3addf386a8b9560e2a646e82535d3d870b6306426de7cf3facb0616a5e2eaa1e76fc69e9cb4715dc2ac9e445db74a8b03cd94914b58e8864fada31dc77d1e794bad79a480fb7a0634ce387fcf933a02814af926e3b867f0169883b5abaa5a8e34f8fe096caac0c167ac69d1c2e6795769781257bb7191c96e805548d6a29a407310df24e9a7f7e1e10e5fe61c"}, @generic={0x4a, 0x24, "7af67a76f807889bb65bcd21eb62314b86265828d4abf96487f69185ce73bd24242c85db08b224f2e7f5eab847efdb2ef78a361eb2bec9bbf3896b84c7bb3b0270cd53cd52d38614"}]}}, {{0x9, 0x5, 0x0, 0xc, 0x3ff, 0xff, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x3, 0xebd}, @generic={0xe1, 0xa, "f985511b8941a65d105a5fecc56bb3befcd97dc74a787b8594bed0ba09809abb9c14c9bb3feab8558d1ea59685373aecdacd6bee7a7bf16940df52050fe7fabc5632f8c4b1c30d3e86c72695cda1db3cbae666fc699776018d0a866551eb5cca6d6042a8cbff44f34ca4c8d10ae434c4dd045572845f11a80188e5c657d005a5dcbd34675d6fbdea24c975799679bc4764125d3f6070597af3228ca4b4e9dfdba5e0f5e6abbe01ec092b21c20c2ddccc0f5ee466c89f93192e8f1fe4e5e3964ffd797f5fc02410efcc2d8acd9cbe3bbb70ce97c5f959f9fd7b095c546478e1"}]}}, {{0x9, 0x5, 0x8f, 0x3, 0x200, 0x5, 0x6, 0xaa}}]}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x300, 0x1, 0xf9, 0xa8, 0x20, 0x5}, 0x7e, &(0x7f0000000400)={0x5, 0xf, 0x7e, 0x5, [@generic={0x58, 0x10, 0xa, "3501bfc34460b1285b29d4cb75b3e7b52de3e28b06d13567f371646544199099a7f1e29dd007e4d85e149e427be427fd8aa12725aacdab9993d63fa58d4e21b787518c5b22cfbe32d8b629fc03ebfb250885746ff8"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0x1, 0x8, 0x759}, @ss_container_id={0x14, 0x10, 0x4, 0x50, "65142f4aad5190ce8576d9c2c73cbc84"}, @ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x1, [{0x3e, &(0x7f0000000280)=ANY=[@ANYBLOB="3e03eecf4d0cf274157124b4a5ed3a317089942a18bb26b73ce5c65180b05cbeee2b814e91d5440900926224f495f0f4f557ee12f0264f27"]}]}) r3 = socket$netlink(0x10, 0x3, 0x6) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0x28, r5, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x7}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x10) sendmsg$NL80211_CMD_GET_MPP(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r5, 0x10, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x147a, 0x73}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x8004}, 0x10) mkdir(&(0x7f0000000100)='./control\x00', 0x0) rmdir(&(0x7f0000000040)='./control\x00') r7 = openat$cgroup_freezer_state(r1, &(0x7f0000000080), 0x2, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) sendfile(r7, r7, 0x0, 0x8000002) r8 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r8, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {0x1, @local}, 0x4a, {0x2, 0x0, @dev}}) unshare(0x44040000) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') preadv(r9, &(0x7f0000000080)=[{&(0x7f0000000b40)=""/119, 0x50}, {&(0x7f0000000bc0)=""/95, 0x5f}], 0x2, 0x4000ffe, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r10, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32], 0x254}}, 0x0) 2.993659045s ago: executing program 1 (id=1798): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}) syz_usb_connect$uac1(0x4, 0x0, 0x0, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x4, &(0x7f0000000100)=@lang_id={0x4, 0x3, 0x410}}]}) write$tun(r0, &(0x7f00000000c0)=ANY=[@ANYBLOB="000086dd000311000400000000006eec00be10a42f01fe8000000000000000000000120000aaff020000000000000000000000000001330022eb"], 0x10da) 2.757584761s ago: executing program 2 (id=1799): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x6, 0x9, 0x8, 0x0, 0x3}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) r2 = socket(0x10, 0x803, 0x0) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000280)={0xffffffffffffffff, 0x53, 0xb, 0x7ff}) sendmsg$nl_route(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB='H\x00\x00'], 0x48}, 0x1, 0x0, 0x0, 0x8804}, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(0xffffffffffffffff, 0xc4c85512, &(0x7f0000000280)={{0x6, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x0, 0x9, 0xfffffff000000001, 0x0, 0x8, 0x0, 0x0, 0x4, 0x0, 0x0, 0xffffffffbfffffff, 0x0, 0x0, 0x0, 0x3, 0x80000000, 0x3, 0x0, 0x0, 0x4, 0x0, 0x6, 0x0, 0x40, 0x0, 0xfffffffffffffffd, 0x100200000, 0x0, 0x0, 0x0, 0x0, 0xa, 0x9, 0xd, 0x10000, 0x1000, 0x0, 0x3, 0x100000000000, 0x4b, 0x1, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x7, 0x8, 0x7785, 0x0, 0x4, 0x4, 0x8, 0x0, 0x2, 0x0, 0x0, 0x0, 0x400000000, 0x80000000000, 0x0, 0x5, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0x0, 0x0, 0x80000000000000, 0x0, 0xfffffffffffffffe, 0x0, 0x40000000000000, 0xfffffffffffffffe, 0x0, 0x2000, 0x0, 0x200000000000000, 0x0, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x100, 0x0, 0xfffffffffffffffd, 0x7ff, 0x0, 0x7, 0x2, 0x0, 0xfffffffffffffffc, 0x3, 0x2, 0x0, 0x0, 0xc0c0, 0x8, 0x7fffffffffffffff, 0x3, 0x0, 0x1, 0x0, 0x3, 0x0, 0x8, 0x0, 0x1, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20000000, 0x0, 0x80]}) syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TCFLSH(0xffffffffffffffff, 0x540b, 0x2) ioctl$HIDIOCGRDESC(0xffffffffffffffff, 0x40305829, &(0x7f0000000000)={0xd, "7154bbc8aae250bd23544617d5"}) 2.724707276s ago: executing program 3 (id=1800): r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) (async) r1 = open(&(0x7f0000000000)='.\x00', 0x0, 0x0) mkdirat(r1, &(0x7f0000000200)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x0) (async) renameat2(r1, &(0x7f0000000100)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000180)='./file1\x00', 0x4) (async) renameat2(r0, &(0x7f0000000380)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', r0, &(0x7f0000000300)='\x13\x13w\xc5\xfc5\xd4\x14T\xd5\xd4\x1d)\xad\x1a`)Y\x81F\xe6\xbe\x16nA\xad\r\xbd@T\x03<\x9f3\xbb\xda\x82$\xa2\xf3\xd7r\xe7cnH\xb3<\xbfp\x83r\xe8\xf1\xb9\x93>\xc5\x12wC\xbe\"\x06 \x9e\xf0-\xf9\xcb\xf2\xf6\xe8\x80\xd38/\x00', 0x2) pipe(&(0x7f0000000d00)={0xffffffffffffffff, 0xffffffffffffffff}) (async) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) (async) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r4, &(0x7f0000000040), 0x10) (async) r5 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r5}, &(0x7f0000000040)) (async) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) r6 = openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000080), 0x40000) readv(r6, &(0x7f0000000080)=[{&(0x7f0000000880)=""/97, 0x61}], 0x1) (async) write$binfmt_misc(r2, &(0x7f0000000240), 0xfffffecc) (async) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) (async) r8 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r8, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) (async) connect$inet6(r8, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) (async) setsockopt$inet6_tcp_TCP_ULP(r8, 0x6, 0x1f, &(0x7f0000000040), 0x4) (async) setsockopt$inet6_tcp_TLS_TX(r8, 0x11a, 0x1, &(0x7f0000000180)=@gcm_128={{0x304}, "d56d9847bfcb49e2", "16549f18408d640d012ebcc31bd9870b", "bcd58d40", "4f5b22bc20c62b22"}, 0x28) sendto$inet6(r8, &(0x7f0000000340)="d1", 0x1, 0x8000, 0x0, 0x0) (async) write$binfmt_aout(r8, 0x0, 0xfdef) sendto$inet6(r8, &(0x7f0000000080)="c62ef5d642787b4ea89f2287cb40935313b6", 0x12, 0x8040, 0x0, 0x0) (async) splice(r7, 0x0, r6, 0x0, 0x80000000000714f, 0x0) r9 = syz_usb_connect$uac1(0x0, 0xdc, &(0x7f0000000180)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902ca0003010070000904000000010100000a24010800000201020d24060000030800000000000000240803960c03112d9cd2ce0c240208000103000000ff000924060506020100000924030003030005490c240206"], 0x0) syz_usb_control_io(r9, &(0x7f0000001bc0)={0x2c, 0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="dac4fb624ebf725b562f839ed926204c4b5b9470c05f49dfba5806e5ce4054bcba15d271a29bf1f320a15bdefc14aa16db49de136911c6ad578c5dfec346aea7230d5bfd"], 0x0, 0x0, 0x0}, 0x0) (async) syz_usb_control_io$uac1(r9, &(0x7f0000000000)={0x14, 0x0, &(0x7f0000000240)=ANY=[@ANYBLOB="0203020000000203"]}, 0x0) syz_usb_control_io$uac1(r9, &(0x7f0000000200)={0x14, 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB="0003060000003b2c00005f63"]}, 0x0) 2.673756498s ago: executing program 0 (id=1801): r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB="fc11000012000102000000000000000000000000000000000000000000000000000000000000000a00"/56, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000f504010007"], 0x11fc}, 0x1, 0x0, 0x0, 0x20000010}, 0x0) 2.409594556s ago: executing program 3 (id=1802): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000400)=ANY=[@ANYBLOB="140000001000010000000000000000600000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f0800034000000004640000000e0a01020000000000000000010000000900020073797a32000000000900010073797a30000000003800038034000080280001802300010011"], 0xf0}}, 0x0) 2.409278286s ago: executing program 0 (id=1803): r0 = syz_open_dev$vim2m(&(0x7f0000000680), 0x7ff, 0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeec, 0x8031, 0xffffffffffffffff, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x3000)=nil, 0x7fffffffffffffff, 0x15) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000580)='smaps_rollup\x00') madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) lseek(r1, 0x2003, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ppoll(&(0x7f0000000040)=[{r0, 0x5}], 0x1, 0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_CREATE_BUFS(r0, 0xc100565c, &(0x7f0000000340)={0x0, 0x4005, 0x4, {0x1, @win={{0xfffffffe}, 0x3, 0xfffffff8, 0x0, 0x0, 0x0}}}) 2.156331097s ago: executing program 1 (id=1804): r0 = fsopen(&(0x7f0000000040)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000140)='source\x00\xb5\x838\x8d\xbd\xdf\xfe\x9a\xf2RM\xb6\xe0\xf9\xac\xa2\x06\x1cD\xe7C\xa5<\xd1=\x93\xf7\xf7Sn\xcb\xd5\xa7\xc9@D\x81\xff\xaar\xc8\xa9\x13\b\x9a\x8bF\v\x8a\x93F\x00\x00\x00\x00\x00\x06\x00\x00\x00', &(0x7f00000001c0)='.\n#)|.\x02\xd8\b\xb2f\xcd\x04\xb9\xc7\x9d\xb2b\r\xd7\xef\xc5\x112s\x88\x06\x13o\xd6w\xbf\xfa\xd5?\xa3\'\xca%\xd0\x8fKAq\x89f\xbb\x9dC\xd6\xea\xa8\xc2z\xbfe\xadSb3L)Hy\xfao\b\xa4\xb6\xff\xff\xff\xff\xff\xff\xff\xf7\xc7\xa4\xdcY\x9aM\x90\xa4\x05\xa8\xec\xf3\xa4h\x11\x19\x87E$\n://\xf3\x96\xaf\x1c8\b\x84x\'+\xd5\xd4?[e\x19\xa3\\J\xe9\x8a\xb9\xe495/\x00d\xd2\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf0\xb7\x1e\xf7Ys#m\xd40\xceP\xdc\x15FI>\x01\xfa\x15\x93\x9a&\xb4):\xc7?\x8d\x8e\x02\xc6\xf61\xbd\xbcBq\xba\xc6\x8e\x89\x15UTaf\xfc\x89\xab\x19\xd7\x82\x16\x94m\x0e\xb7$\x8c\xd76K\xdc\xd1;\\QPh@$\x06F\x81\xc9\xf8\xf8H\xb2\x85\xa8Cl\xa6\xcd\xb5\xf0\xd0\x1f\'\xc30]\xad7\x1eZA7\x89\xf5\x81b\r\xc1\x7f[\x84y\xac\x12\xaa\xa2-t\x16>V\xfc\xbf\xdb\xe4\x9a\x9eE^\x90oe\xc0\xd9\xc68\x0f\xd4\xcdKC\xadp\xba\xaa\xab\'\x1cRO\x89\x17i\x88\"\x8dQI\xed\x1d\xe1v\xe6&\xd3\x14\xe92\xca\x9dBe\\\x8f\xff\x9b\xc7Sd!\xf8(Z\xd42\xa2\xcdjjBP\xae3\xbd\xec\x8a\x8f:\xeb1\x1cK\xf2\x04s\b\xcb\xa9\x17\x8529\xd7`\v\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xf1\xa4C\x81\xc8iy\xc4\xf7\x7f\x90\xf80\x18jT\xd45\xde\b\x88\xc9Xw\xe9\xf4\xa4\x94Q\x03s/\xac\xd4\xb7o\x99\xf5\xdb\xf9\x99,+\b\x17\xe4\xf4r}\xda\xf5\x12\x16\xb6g\x00\'(\x02[\xef\x03\x90W% \xe6b\xa2\\\x86\xac\xdax\x997AOJ=\x1f\x00\xe1/\n\xael\x15\xcfR\v\x0e\xbc!\xe8\x1cV-`\xf0$\xa6a \x93PV\x8dm@\x9c', 0x0) 2.095309098s ago: executing program 3 (id=1805): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r2, &(0x7f00000000c0)=@nameseq={0x1e, 0x1, 0x0, {0x0, 0x4}}, 0x10) connect$unix(r0, &(0x7f0000000840)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_usb_connect(0x5, 0x3f, &(0x7f0000000500)=ANY=[@ANYBLOB="120110031fcd1b08cf100355af750102030109022d000208091003090418"], &(0x7f0000000400)={0x0, 0x0, 0x0, 0x0}) syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), 0xffffffffffffffff) pread64(0xffffffffffffffff, &(0x7f0000000040)=""/44, 0x2c, 0x40) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000640)=ANY=[@ANYBLOB="540100001a00130700000000fcffffff00000000000000000000000000000001ac141412000000000000000000000004000000004e2100000000008000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fe8800000000000000000100000000010000000032000000ac1414bb0000000000000000000000000000000000000000fcffffffffffffff000000000000000000000000000000004d00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000a000100400000000000000048000200656362286369706865725f6e756c6c29"], 0x154}}, 0x0) r4 = add_key$user(0x0, 0x0, &(0x7f00000000c0), 0x0, 0xfffffffffffffffd) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058560f, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000000)={r4, r4, r4}, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) 1.793619708s ago: executing program 1 (id=1806): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = openat$kvm(0x0, 0x0, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r5, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r6, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x4, 0x4, 0x80a0000, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000000000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x10002, 0x0, 0xeeee8000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) 1.762039319s ago: executing program 4 (id=1807): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000000000/0x2000)=nil}) r2 = openat$kvm(0x0, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) mmap$KVM_VCPU(&(0x7f0000000000/0xa000)=nil, 0x930, 0x1000001, 0x11, r4, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x4, 0x4, 0x80a0000, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_syzos_vm$x86(r1, &(0x7f0000000000/0x400000)=nil) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000000)={0x10002, 0x0, 0xeeee8000, 0x1000, &(0x7f0000ffd000/0x1000)=nil}) 1.398292986s ago: executing program 4 (id=1808): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) prlimit64(0x0, 0x7, &(0x7f0000000300), 0x0) memfd_create(&(0x7f0000000180)='-B\xd5NI\xc5j\x9appp\xf0\b\x84\xa2m\x00\v\x18\x004\xa6Ey\xdb\xd1\xa7\xb1S\xf1:)\x00\xca\xd7Uw\x00\xbc\xfa2\xb3\xbb\x8d\xac\xac\xbe\xe1}knh#\xcf)\x0f\xc8\xc0\"\x9cc\x10d\xee\xa9\x8b\x06\x97k\xde\xc5\xe96\xddU)\xc98M\xcd\xfb\xcc\x82n=\x7f=\xcdJx\xaa\xcf~\xb90a\xa9\xb2\x04\x1d\xa1\xce\x8b\x19\xea\xef\xe3\x00\x00\x00\x00\x00\x00\x00\x00', 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000040)={0x5, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000000)={0x1, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = dup(r0) syz_kvm_setup_cpu$x86(r1, r1, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@textreal={0x8, &(0x7f0000000180)="baf80c66b8632d3a8766efbafc0cec81870e009bdb36660fe9a4f000f20f1105baf80c66b83209f58666efbafc0cec008b00000fa7c0bad10466ed66b9800000c00f326635000100000f30f3a6", 0x4d}], 0x1, 0x36, &(0x7f0000000200), 0x0) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000003c0)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000400)=@newtfilter={0x24, 0x2c, 0x8, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r8, {0x0, 0xe}, {}, {0x7}}}, 0x24}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000600)=@newtfilter={0x84, 0x2c, 0xd27, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {0x0, 0xe}, {}, {0x7}}, [@filter_kind_options=@f_matchall={{0xd}, {0x50, 0x2, [@TCA_MATCHALL_ACT={0x4c, 0x2, [@m_gact={0x48, 0x1, 0x0, 0x0, {{0x9}, {0x1c, 0x2, 0x0, 0x1, [@TCA_GACT_PARMS={0x18, 0x2, {0x6, 0x9, 0x3, 0x80000001}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x2, 0x2}}}}]}]}}]}, 0x84}, 0x1, 0x0, 0x0, 0x10}, 0x0) ioctl$PTP_EXTTS_REQUEST2(r1, 0xc0603d0f, &(0x7f0000000040)) 1.33705293s ago: executing program 1 (id=1809): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_user\x00', 0x275a, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={0x0, 0xffffffffffffffff, 0x0, 0xfffffffffffffffc}, 0x18) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x4, 0x0, 0x6000000, 0x0, 0xb, 0x1d, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd00078000000000cd69e0ae0000040004af1ed23e0600", [0x0, 0x2000000000001]}}) 1.142968408s ago: executing program 2 (id=1810): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv(cbc(aes),sha256)\x00'}, 0x58) r3 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000000009040000010300000009"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/net', 0x0, 0x48) getdents(r4, 0x0, 0x0) r5 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGREPORTINFO(r5, 0xc00c4809, &(0x7f0000000540)={0x2, 0x201, 0x591b4a83}) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x12) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/8, 0x8}], 0x1}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x51}, 0x9c) bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f0000847fff)='X', 0xcf88, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.049224653s ago: executing program 1 (id=1811): r0 = socket$key(0xf, 0x3, 0x2) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r1 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) getresuid(&(0x7f0000005780), &(0x7f0000003240), &(0x7f0000005700)) fchdir(r1) r2 = openat$dlm_plock(0xffffffffffffff9c, &(0x7f0000000000), 0x41, 0x0) write$nbd(r2, &(0x7f0000000240)=ANY=[@ANYBLOB="01"], 0x40) syz_usb_connect(0x4, 0x579, &(0x7f0000000700)={{0x12, 0x1, 0x110, 0xc0, 0x7f, 0x5c, 0xff, 0x46d, 0x8b0, 0x64d5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x567, 0x1, 0xe, 0x6c, 0x0, 0x3, [{{0x9, 0x4, 0xd7, 0x3, 0x10, 0xfd, 0x58, 0xc9, 0x9, [], [{{0x9, 0x5, 0x8, 0x1, 0x200, 0xff, 0x4, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x8, 0x66}, @uac_iso={0x7, 0x25, 0x1, 0x83, 0x3, 0x26}]}}, {{0x9, 0x5, 0x80, 0x10, 0x0, 0x3, 0xfd, 0xfb}}, {{0x9, 0x5, 0x4, 0x0, 0x3ff, 0x20, 0x4, 0x5, [@generic={0x7e, 0x7, "be232c9aa78df2b0c39510d1a456f9f98a902081c47cf340076658cca3408648486dbb0ae51ac928096bdf3b63e01bee8eee39895d8ee1fb2560524a2b564bfa5434044264ebfea2f0815d7944378d5f3b3a00056c0969aa96ace50b26ae63a6dc91a22eee98222e70fe15905e214e781a73942708fdb40667c6df09"}, @generic={0xf5, 0x3, "b017d45b8e2bd21f943a18985c18f5bff8b6a425796f468df9da0ba4a7606eae9a87ec5df9fc20d934ceb6dc6e7897c65d9c97e463c026b2fa885035d8285ba5f36385d91b182b6aef6ea0ba84b3909076f9daa96a4f1bd6237cc173f2dff3a1495cd5c8311d6978c3f0f50ea483ff050a799fb2f35874409e066c02a04ccec9da0069d4ab4e84e24f7af5cf95b9f7666f1d06bc6dc79b8da071d539a6f0feb60fc4a0e027ded0f488812c503953730c0cd6881f0138fb0bad581f7bf9062af86c33e9307ed7af7fd557f01b13d530a45e2bed875584adabb2c05d043f3c9716322f3ca0c2a8abff2c73c3d4bfe1d1b654736f"}]}}, {{0x9, 0x5, 0x80, 0x4, 0x3ff, 0x9, 0xa, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x43, 0x1ff}]}}, {{0x9, 0x5, 0x8, 0x0, 0x200, 0x8, 0x6, 0xf}}, {{0x9, 0x5, 0x0, 0x10, 0x10, 0x70, 0x5, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x8, 0x40}]}}, {{0x9, 0x5, 0xa, 0x10, 0x3ff, 0xb9, 0xd, 0x9, [@generic={0x30, 0x2, "80edadd3ec51d10498768878d99510d3b88b96d827ba000760fcc9fa0e581a0d6f604ac46c4bdb93b2c7515251dd"}]}}, {{0x9, 0x5, 0x1, 0x0, 0x400, 0x6, 0x7f, 0xff, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x9}, @generic={0xb0, 0x3a, "d9160a166e495b381663eb5a4e2e755456112c17f884705c4dcfccaaf25cd1dd19ce81491ed71abced92c609c4e5da9ddb24cdd1a0ae471244604df43d2949176843f0f5b4b26f8000b1dfa02509e7886904f31a299c1a3119134bd3bce1cd548154c5c3f870faa7e793759019dc78a0ca558917d36752beff2ab39ab78a7668bd850219db8e8f054b6ab056b67c48226d77ede7729bcc9392685f8e5828a246112958fdefc3744dc50b68676b7a"}]}}, {{0x9, 0x5, 0x9, 0x4, 0x400, 0x1, 0xb, 0x6}}, {{0x9, 0x5, 0x8, 0x0, 0x40, 0x0, 0xc9, 0x5c, [@generic={0x3, 0x23, "d8"}]}}, {{0x9, 0x5, 0x0, 0x8, 0x3ff, 0x2, 0x1, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x33, 0x6}, @generic={0x6f, 0xb, "0019ba902af51d048e7fc152a7db7a3a4d0d5f781ac54388bb7ed0e91e9d972164fb1e5fee24967dd71727fbcbb18e6156c4ff9ffe454f5c8ac28905a2378f91f1401e8d91b706f9e6915fb42d7c1d966dfc9de0a700c45d3af27fd3b5dbd13eb3f1ec5aac779c3fb0c46b36b9"}]}}, {{0x9, 0x5, 0x5, 0x2, 0x400, 0x9, 0xf, 0xfa}}, {{0x9, 0x5, 0xf, 0x3, 0x8, 0x7b, 0x7, 0x21, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x0, 0x1ff}]}}, {{0x9, 0x5, 0x1, 0x0, 0x20, 0x7, 0x9, 0x8, [@generic={0x9d, 0x4, "b8d09568eda40209fdc6d3e977f5c3addf386a8b9560e2a646e82535d3d870b6306426de7cf3facb0616a5e2eaa1e76fc69e9cb4715dc2ac9e445db74a8b03cd94914b58e8864fada31dc77d1e794bad79a480fb7a0634ce387fcf933a02814af926e3b867f0169883b5abaa5a8e34f8fe096caac0c167ac69d1c2e6795769781257bb7191c96e805548d6a29a407310df24e9a7f7e1e10e5fe61c"}, @generic={0x4a, 0x24, "7af67a76f807889bb65bcd21eb62314b86265828d4abf96487f69185ce73bd24242c85db08b224f2e7f5eab847efdb2ef78a361eb2bec9bbf3896b84c7bb3b0270cd53cd52d38614"}]}}, {{0x9, 0x5, 0x0, 0xc, 0x3ff, 0xff, 0x1, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x3, 0xebd}, @generic={0xe1, 0xa, "f985511b8941a65d105a5fecc56bb3befcd97dc74a787b8594bed0ba09809abb9c14c9bb3feab8558d1ea59685373aecdacd6bee7a7bf16940df52050fe7fabc5632f8c4b1c30d3e86c72695cda1db3cbae666fc699776018d0a866551eb5cca6d6042a8cbff44f34ca4c8d10ae434c4dd045572845f11a80188e5c657d005a5dcbd34675d6fbdea24c975799679bc4764125d3f6070597af3228ca4b4e9dfdba5e0f5e6abbe01ec092b21c20c2ddccc0f5ee466c89f93192e8f1fe4e5e3964ffd797f5fc02410efcc2d8acd9cbe3bbb70ce97c5f959f9fd7b095c546478e1"}]}}, {{0x9, 0x5, 0x8f, 0x3, 0x200, 0x5, 0x6, 0xaa}}]}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000200)={0xa, 0x6, 0x300, 0x1, 0xf9, 0xa8, 0x20, 0x5}, 0x7e, &(0x7f0000000400)={0x5, 0xf, 0x7e, 0x5, [@generic={0x58, 0x10, 0xa, "3501bfc34460b1285b29d4cb75b3e7b52de3e28b06d13567f371646544199099a7f1e29dd007e4d85e149e427be427fd8aa12725aacdab9993d63fa58d4e21b787518c5b22cfbe32d8b629fc03ebfb250885746ff8"}, @ext_cap={0x7, 0x10, 0x2, 0x4, 0x1, 0x8, 0x759}, @ss_container_id={0x14, 0x10, 0x4, 0x50, "65142f4aad5190ce8576d9c2c73cbc84"}, @ptm_cap={0x3}, @ptm_cap={0x3}]}, 0x1, [{0x3e, &(0x7f0000000280)=ANY=[@ANYBLOB="3e03eecf4d0cf274157124b4a5ed3a317089942a18bb26b73ce5c65180b05cbeee2b814e91d5440900926224f495f0f4f557ee12f0264f27"]}]}) r3 = socket$netlink(0x10, 0x3, 0x6) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000240)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_REGISTER_FRAME(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f00000006c0)={0x28, r5, 0x1, 0x70bd25, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r6}, @void}}, [@NL80211_ATTR_FRAME_MATCH={0x4}, @NL80211_ATTR_FRAME_TYPE={0x6, 0x65, 0x7}]}, 0x28}, 0x1, 0x0, 0x0, 0x1}, 0x10) sendmsg$NL80211_CMD_GET_MPP(r2, &(0x7f00000001c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f0000000180)={&(0x7f0000000140)={0x28, r5, 0x10, 0x70bd2d, 0x25dfdbfb, {{}, {@val={0x8}, @val={0xc, 0x99, {0x147a, 0x73}}}}}, 0x28}, 0x1, 0x0, 0x0, 0x8004}, 0x10) mkdir(&(0x7f0000000100)='./control\x00', 0x0) rmdir(&(0x7f0000000040)='./control\x00') r7 = openat$cgroup_freezer_state(r1, &(0x7f0000000080), 0x2, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) sendfile(r7, r7, 0x0, 0x8000002) r8 = socket$inet(0x2, 0x3, 0x6) ioctl$sock_inet_SIOCSARP(r8, 0x8955, &(0x7f0000000000)={{0x2, 0x0, @empty}, {0x1, @local}, 0x4a, {0x2, 0x0, @dev}}) unshare(0x44040000) r9 = syz_open_procfs(0xffffffffffffffff, &(0x7f00000000c0)='net/arp\x00') preadv(r9, &(0x7f0000000080)=[{&(0x7f0000000b40)=""/119, 0x50}, {&(0x7f0000000bc0)=""/95, 0x5f}], 0x2, 0x4000ffe, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r0, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r10 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r10, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000900)={&(0x7f0000000400)=ANY=[@ANYBLOB="54020000170001000000000000000000200100000000000000000000000000010000000000000000ac141400000000000000000000000000fc020000000000000003000000000000e000000200001000000000000000000000000000000000080a00000000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="1242ffff040000000000000000000037660b6aff00000000000000000000000000000000000000000200002000000000", @ANYRES32, @ANYRES32], 0x254}}, 0x0) 1.03835728s ago: executing program 4 (id=1812): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'essiv(cbc(aes),sha256)\x00'}, 0x58) r3 = syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000500)=ANY=[@ANYBLOB="12010000000000207d1e5a2d00000000000109022400010000"], 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, &(0x7f0000000140)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="002208000000a20100c3"], 0x0}, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/class/net', 0x0, 0x48) getdents(r4, 0x0, 0x0) r5 = syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) ioctl$HIDIOCGREPORTINFO(r5, 0xc00c4809, &(0x7f0000000540)={0x2, 0x201, 0x591b4a83}) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef91", 0x12) recvmsg(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000100)=""/8, 0x8}], 0x1}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r6, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x51}, 0x9c) bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r6, &(0x7f0000847fff)='X', 0xcf88, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 0s ago: executing program 1 (id=1813): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) sendmmsg$inet6(r0, &(0x7f0000000a00)=[{{&(0x7f0000000240)={0xa, 0x4e20, 0x9, @remote, 0x2}, 0x1c, &(0x7f0000000200)=[{&(0x7f0000000140)='S', 0x1}], 0x1}}], 0x1, 0x4000001) listen(r0, 0x2000ffc) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="1400000010"], 0xa8}}, 0x0) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f00000004c0)={0x3, &(0x7f0000000040)=[{0x20, 0x0, 0x1, 0xfffff010}, {0x20, 0x0, 0x1, 0xdffff010}, {0x6}]}, 0x10) sendmmsg$unix(r1, &(0x7f00000000c0), 0x3f, 0x0) accept(r0, 0xfffffffffffffffd, &(0x7f0000000500)=0xfffffffffffffc9f) kernel console output (not intermixed with test programs): tdevsim4 netdevsim0: left allmulticast mode [ 379.372734][ T5889] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 379.571828][ T5889] usb 3-1: Using ep0 maxpacket: 16 [ 379.601940][T10129] loop2: detected capacity change from 0 to 7 [ 379.648556][ T5889] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 379.658990][ T5889] usb 3-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 379.679495][T10129] Dev loop2: unable to read RDB block 7 [ 379.685285][T10129] loop2: unable to read partition table [ 379.695767][T10129] loop2: partition table beyond EOD, truncated [ 379.711770][T10129] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 379.713625][ T5896] usb 4-1: USB disconnect, device number 47 [ 379.730093][T10131] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1322'. [ 379.747602][T10131] ip6gretap2: entered promiscuous mode [ 379.753900][T10131] ip6gretap2: entered allmulticast mode [ 379.999519][ T5889] usb 3-1: string descriptor 0 read error: -22 [ 380.010358][ T5889] usb 3-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 380.024265][ T5889] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 380.299750][T10122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 380.310275][T10122] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 380.632559][T10135] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1325'. [ 380.666015][T10135] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1325'. [ 380.858178][ T30] kauditd_printk_skb: 157 callbacks suppressed [ 380.858193][ T30] audit: type=1326 audit(1748978295.248:6563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10138 comm="syz.4.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 380.926158][ T30] audit: type=1326 audit(1748978295.288:6564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10138 comm="syz.4.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 381.008485][ T30] audit: type=1326 audit(1748978295.288:6565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10138 comm="syz.4.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f977658e969 code=0x7ffc0000 [ 381.089330][ T30] audit: type=1326 audit(1748978295.288:6566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10138 comm="syz.4.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f977658e969 code=0x7ffc0000 [ 381.198189][ T30] audit: type=1326 audit(1748978295.288:6567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10138 comm="syz.4.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f977658e969 code=0x7ffc0000 [ 381.366264][ T30] audit: type=1326 audit(1748978295.288:6568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10138 comm="syz.4.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f977658e969 code=0x7ffc0000 [ 381.622301][ T30] audit: type=1326 audit(1748978295.288:6569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10138 comm="syz.4.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 381.909350][ T30] audit: type=1326 audit(1748978295.288:6570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10138 comm="syz.4.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f977658e969 code=0x7ffc0000 [ 381.977311][ T30] audit: type=1326 audit(1748978295.288:6571): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10138 comm="syz.4.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f977658e969 code=0x7ffc0000 [ 382.100979][ T30] audit: type=1326 audit(1748978295.288:6572): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10138 comm="syz.4.1327" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 382.131495][ T5889] usb 3-1: USB disconnect, device number 49 [ 382.169516][T10155] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1333'. [ 382.561739][ T5889] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 382.691730][ T5889] usb 3-1: device descriptor read/64, error -71 [ 382.853387][T10162] xfrm0: entered promiscuous mode [ 382.858456][T10162] xfrm0: entered allmulticast mode [ 382.931785][ T5887] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 382.952659][ T5889] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 383.110446][T10164] team0: Device ipvlan0 is up. Set it down before adding it as a team port [ 383.138103][ T5887] usb 4-1: Using ep0 maxpacket: 32 [ 383.151731][ T5889] usb 3-1: device descriptor read/64, error -71 [ 383.184318][ T5887] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 383.218333][ T5887] usb 4-1: config 0 has no interface number 0 [ 383.227674][ T5887] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 383.247751][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 383.257036][ T5887] usb 4-1: Product: syz [ 383.261291][ T5887] usb 4-1: Manufacturer: syz [ 383.266436][ T5889] usb usb3-port1: attempt power cycle [ 383.278031][ T5887] usb 4-1: SerialNumber: syz [ 383.303595][ T5887] usb 4-1: config 0 descriptor?? [ 383.315128][ T5887] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 383.443092][T10166] libceph: resolve '. [ 383.443092][T10166] #)|.fǝb2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 383.443092][T10166] ' (ret=-3): failed [ 383.515433][ T5887] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 383.592912][ T5887] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 383.631777][ T5889] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 383.667998][ T5889] usb 3-1: device descriptor read/8, error -71 [ 383.914414][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 383.928106][ T5896] usb 4-1: USB disconnect, device number 48 [ 384.392723][ T5896] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 384.431789][ T5889] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 384.445936][ T5896] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 384.465395][ T5896] quatech2 4-1:0.51: device disconnected [ 384.547182][ T5887] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 384.585606][ T5889] usb 3-1: device descriptor read/8, error -71 [ 384.733055][ T5889] usb usb3-port1: unable to enumerate USB device [ 384.801757][ T5887] usb 2-1: Using ep0 maxpacket: 16 [ 384.807293][T10183] delete_channel: no stack [ 384.817123][T10183] netlink: 'syz.4.1344': attribute type 4 has an invalid length. [ 384.818106][ T5887] usb 2-1: unable to get BOS descriptor or descriptor too short [ 384.826006][T10183] netlink: 152 bytes leftover after parsing attributes in process `syz.4.1344'. [ 384.849850][T10183] A link change request failed with some changes committed already. Interface bond0 may have been left with an inconsistent configuration, please check. [ 384.850232][ T5887] usb 2-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 384.881869][ T5887] usb 2-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 384.895741][ T5887] usb 2-1: config 1 interface 0 has no altsetting 0 [ 384.906315][ T5887] usb 2-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 384.915583][ T5887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 384.927081][ T5887] usb 2-1: Product: syz [ 384.931263][ T5887] usb 2-1: Manufacturer: syz [ 384.935951][ T5887] usb 2-1: SerialNumber: syz [ 385.101948][ T5899] usb 5-1: new high-speed USB device number 50 using dummy_hcd [ 385.264466][ T5899] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 385.290557][ T5899] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 385.305891][ T5899] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 385.317183][ T5899] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 385.333928][T10185] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 385.334585][T10187] tipc: Enabling of bearer rejected, failed to enable media [ 385.360063][ T5899] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 385.557643][T10191] loop2: detected capacity change from 0 to 7 [ 385.567664][ T6351] Dev loop2: unable to read RDB block 7 [ 385.573761][ T6351] loop2: unable to read partition table [ 385.579973][ T6351] loop2: partition table beyond EOD, truncated [ 385.590250][T10191] Dev loop2: unable to read RDB block 7 [ 385.598130][T10191] loop2: unable to read partition table [ 385.604422][T10191] loop2: partition table beyond EOD, truncated [ 385.613451][T10191] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 385.670876][ T5889] usb 5-1: USB disconnect, device number 50 [ 386.941876][ T5889] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 387.116117][ T5887] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 387.137115][ T5887] usb 2-1: USB disconnect, device number 59 [ 387.271728][ T5896] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 387.321722][ T5889] usb 5-1: Using ep0 maxpacket: 16 [ 387.552154][ T5887] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 387.565003][ T5889] usb 5-1: unable to get BOS descriptor or descriptor too short [ 387.632797][ T5889] usb 5-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 387.655818][ T5889] usb 5-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 387.657371][T10209] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1353'. [ 387.726675][ T5889] usb 5-1: config 1 interface 0 has no altsetting 0 [ 387.767808][ T5889] usb 5-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 387.794743][T10211] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1354'. [ 387.810324][ T5887] usb 2-1: too many configurations: 9, using maximum allowed: 8 [ 387.820557][ T5889] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.838594][ T5887] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 387.849333][ T5889] usb 5-1: Product: syz [ 387.857730][ T5889] usb 5-1: Manufacturer: syz [ 387.863224][ T5887] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 387.883231][ T5896] usb 4-1: config 0 has no interfaces? [ 387.888918][ T5889] usb 5-1: SerialNumber: syz [ 387.960613][ T5887] usb 2-1: config 0 interface 0 has no altsetting 0 [ 388.012740][ T5887] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 388.040332][ T5887] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 388.067382][ T5896] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 388.105555][ T5887] usb 2-1: config 0 interface 0 has no altsetting 0 [ 388.117809][ T5896] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.145332][ T5887] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 388.158402][ T5896] usb 4-1: Product: syz [ 388.167697][ T5896] usb 4-1: Manufacturer: syz [ 388.181576][ T5887] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 388.200528][ T5896] usb 4-1: SerialNumber: syz [ 388.228868][ T5887] usb 2-1: config 0 interface 0 has no altsetting 0 [ 388.262869][ T5896] usb 4-1: config 0 descriptor?? [ 388.285052][ T5887] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 388.299371][ T5887] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 388.367269][ T5887] usb 2-1: config 0 interface 0 has no altsetting 0 [ 388.377494][ T5887] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 388.390401][ T5887] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 388.403275][ T5887] usb 2-1: config 0 interface 0 has no altsetting 0 [ 388.426317][ T5887] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 388.550831][ T5887] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 388.574039][T10207] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 388.586142][ T5887] usb 2-1: config 0 interface 0 has no altsetting 0 [ 388.594758][ T5899] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 388.607673][ T5887] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 388.608826][T10219] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1357'. [ 388.621275][ T5887] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 388.639971][T10207] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 388.648916][ T5887] usb 2-1: config 0 interface 0 has no altsetting 0 [ 388.668316][ T5887] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 388.677968][ T5887] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 388.725994][ T5887] usb 2-1: config 0 interface 0 has no altsetting 0 [ 388.749113][ T5887] usb 2-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 388.759175][ T5887] usb 2-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 388.775908][ T5887] usb 2-1: Product: syz [ 388.792794][ T5887] usb 2-1: Manufacturer: syz [ 388.849621][ T5887] usb 2-1: SerialNumber: syz [ 388.867504][ T5887] usb 2-1: config 0 descriptor?? [ 388.995676][ T5887] yurex 2-1:0.0: USB YUREX device now attached to Yurex #0 [ 389.141748][ T5899] usb 3-1: Using ep0 maxpacket: 16 [ 389.170821][T10223] xfrm0: entered promiscuous mode [ 389.189878][ T5899] usb 3-1: unable to get BOS descriptor or descriptor too short [ 389.190388][T10205] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 389.219295][T10223] xfrm0: entered allmulticast mode [ 389.298602][T10205] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 389.339686][ T5899] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 389.354493][ T5899] usb 3-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 389.375466][ T5899] usb 3-1: config 1 interface 0 has no altsetting 0 [ 389.399117][ T5898] usb 2-1: USB disconnect, device number 60 [ 389.414443][ T5898] yurex 2-1:0.0: USB YUREX #0 now disconnected [ 389.445100][ T5899] usb 3-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 389.456686][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.465303][ T5899] usb 3-1: Product: syz [ 389.475239][ T5899] usb 3-1: Manufacturer: syz [ 389.488276][ T5899] usb 3-1: SerialNumber: syz [ 390.060418][ T5898] usb 4-1: USB disconnect, device number 49 [ 390.421291][ T5889] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 390.457291][ T5889] usb 5-1: USB disconnect, device number 51 [ 390.595454][T10235] netlink: 'syz.1.1364': attribute type 29 has an invalid length. [ 390.613615][T10235] netlink: 'syz.1.1364': attribute type 29 has an invalid length. [ 390.646537][T10235] netlink: 500 bytes leftover after parsing attributes in process `syz.1.1364'. [ 390.704676][ T5898] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 390.850033][T10239] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1367'. [ 390.907046][T10239] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1367'. [ 390.935336][ T5898] usb 4-1: Using ep0 maxpacket: 16 [ 390.963093][T10242] tipc: Enabling of bearer rejected, failed to enable media [ 390.978297][ T5898] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 390.998932][ T5898] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 391.010738][ T5898] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 391.022295][ T5898] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576 [ 391.048216][ T5898] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 391.076255][ T5898] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 391.086189][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 391.098394][ T5898] usb 4-1: SerialNumber: syz [ 391.136876][T10233] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 391.163556][ T5898] cdc_acm 4-1:1.0: Control and data interfaces are not separated! [ 391.192988][ T5898] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -12 [ 391.523378][T10233] netlink: 'syz.3.1363': attribute type 2 has an invalid length. [ 391.531276][T10233] netlink: 132 bytes leftover after parsing attributes in process `syz.3.1363'. [ 391.599571][ T5898] usb 4-1: USB disconnect, device number 50 [ 391.824132][ T5899] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 391.867595][ T5899] usb 3-1: USB disconnect, device number 54 [ 392.481883][ T5899] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 392.684674][ T5899] usb 3-1: Using ep0 maxpacket: 16 [ 392.717542][ T5899] usb 3-1: unable to get BOS descriptor or descriptor too short [ 392.727540][ T5899] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 392.743444][ T5899] usb 3-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 392.765823][ T5899] usb 3-1: config 1 interface 0 has no altsetting 0 [ 392.791149][ T5899] usb 3-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 392.804395][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 392.815446][ T5899] usb 3-1: Product: syz [ 392.822821][ T5899] usb 3-1: Manufacturer: syz [ 392.833983][ T5899] usb 3-1: SerialNumber: syz [ 393.476477][T10290] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1381'. [ 394.625005][T10307] loop6: detected capacity change from 0 to 63 [ 394.661187][T10307] Buffer I/O error on dev loop6, logical block 0, async page read [ 394.670311][T10307] Buffer I/O error on dev loop6, logical block 1, async page read [ 394.678562][T10307] Buffer I/O error on dev loop6, logical block 2, async page read [ 394.686820][T10307] Buffer I/O error on dev loop6, logical block 3, async page read [ 394.702047][T10307] Buffer I/O error on dev loop6, logical block 0, async page read [ 394.711104][T10307] Buffer I/O error on dev loop6, logical block 1, async page read [ 394.719331][T10307] Buffer I/O error on dev loop6, logical block 2, async page read [ 394.729366][T10307] Buffer I/O error on dev loop6, logical block 3, async page read [ 394.737723][T10307] Buffer I/O error on dev loop6, logical block 0, async page read [ 394.750473][T10307] Buffer I/O error on dev loop6, logical block 1, async page read [ 395.581555][ T5899] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 395.716614][ T5899] usb 3-1: USB disconnect, device number 55 [ 396.101731][ T5899] usb 3-1: new full-speed USB device number 56 using dummy_hcd [ 396.276654][ T5899] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 396.289780][ T5899] usb 3-1: New USB device found, idVendor=0c70, idProduct=f00b, bcdDevice= 0.00 [ 396.534817][ T5899] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 396.688652][ T5899] usb 3-1: config 0 descriptor?? [ 396.699256][ T30] kauditd_printk_skb: 257 callbacks suppressed [ 396.699274][ T30] audit: type=1326 audit(1748978311.088:6830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10318 comm="syz.3.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19a2d8e969 code=0x7ffc0000 [ 396.761296][ T30] audit: type=1326 audit(1748978311.088:6831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10318 comm="syz.3.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19a2d8e969 code=0x7ffc0000 [ 396.854690][ T30] audit: type=1326 audit(1748978311.088:6832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10318 comm="syz.3.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f19a2d2ab39 code=0x7ffc0000 [ 396.937826][ T30] audit: type=1326 audit(1748978311.088:6833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10318 comm="syz.3.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19a2d8e969 code=0x7ffc0000 [ 396.941940][T10321] FAULT_INJECTION: forcing a failure. [ 396.941940][T10321] name failslab, interval 1, probability 0, space 0, times 0 [ 396.976393][ T30] audit: type=1326 audit(1748978311.088:6834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10318 comm="syz.3.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f19a2d2ab39 code=0x7ffc0000 [ 396.999375][ T30] audit: type=1326 audit(1748978311.088:6835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10318 comm="syz.3.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19a2d8e969 code=0x7ffc0000 [ 397.022783][T10321] CPU: 1 UID: 0 PID: 10321 Comm: syz.4.1394 Not tainted 6.15.0-syzkaller-11173-g546b1c9e93c2 #0 PREEMPT(full) [ 397.022805][T10321] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 397.022815][T10321] Call Trace: [ 397.022822][T10321] [ 397.022829][T10321] dump_stack_lvl+0x189/0x250 [ 397.022857][T10321] ? __pfx____ratelimit+0x10/0x10 [ 397.022881][T10321] ? __pfx_dump_stack_lvl+0x10/0x10 [ 397.022913][T10321] ? __pfx__printk+0x10/0x10 [ 397.022933][T10321] ? __pfx___might_resched+0x10/0x10 [ 397.022948][T10321] ? fs_reclaim_acquire+0x7d/0x100 [ 397.022972][T10321] should_fail_ex+0x414/0x560 [ 397.023001][T10321] should_failslab+0xa8/0x100 [ 397.023020][T10321] __kmalloc_noprof+0xcb/0x4f0 [ 397.023036][T10321] ? process_vm_rw+0x348/0xb40 [ 397.023054][T10321] process_vm_rw+0x348/0xb40 [ 397.023069][T10321] ? get_pid_task+0x20/0x1f0 [ 397.023096][T10321] ? __pfx_process_vm_rw+0x10/0x10 [ 397.023109][T10321] ? rcu_read_lock_any_held+0xb3/0x120 [ 397.023126][T10321] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 397.023146][T10321] ? vfs_write+0x8d8/0xa90 [ 397.023176][T10321] ? __pfx_vfs_write+0x10/0x10 [ 397.023208][T10321] ? ksys_write+0x22a/0x250 [ 397.023224][T10321] ? __pfx_ksys_write+0x10/0x10 [ 397.023238][T10321] ? rcu_is_watching+0x15/0xb0 [ 397.023255][T10321] __x64_sys_process_vm_writev+0xe0/0x100 [ 397.023275][T10321] do_syscall_64+0xfa/0x3b0 [ 397.023289][T10321] ? lockdep_hardirqs_on+0x9c/0x150 [ 397.023312][T10321] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.023327][T10321] ? clear_bhb_loop+0x60/0xb0 [ 397.023345][T10321] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 397.023361][T10321] RIP: 0033:0x7f977658e969 [ 397.023375][T10321] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 397.023388][T10321] RSP: 002b:00007f97743f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 397.023404][T10321] RAX: ffffffffffffffda RBX: 00007f97767b5fa0 RCX: 00007f977658e969 [ 397.023416][T10321] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000373 [ 397.023425][T10321] RBP: 00007f97743f6090 R08: 000000000000023a R09: 0000000000000000 [ 397.023435][T10321] R10: 0000200000121000 R11: 0000000000000246 R12: 0000000000000001 [ 397.023445][T10321] R13: 0000000000000000 R14: 00007f97767b5fa0 R15: 00007f97768dfa28 [ 397.023467][T10321] [ 397.287611][ T5899] usb 3-1: string descriptor 0 read error: -71 [ 397.300376][ T5899] usbhid 3-1:0.0: can't add hid device: -71 [ 397.306441][ T5899] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 397.321597][ T5899] usb 3-1: USB disconnect, device number 56 [ 397.344159][ T30] audit: type=1326 audit(1748978311.088:6836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10318 comm="syz.3.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19a2d8e969 code=0x7ffc0000 [ 397.367415][ T30] audit: type=1326 audit(1748978311.088:6837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10318 comm="syz.3.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f19a2d8e969 code=0x7ffc0000 [ 397.393424][ T30] audit: type=1326 audit(1748978311.088:6838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10318 comm="syz.3.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f19a2d2ab39 code=0x7ffc0000 [ 397.417135][ T30] audit: type=1326 audit(1748978311.088:6839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10318 comm="syz.3.1393" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f19a2d2ab39 code=0x7ffc0000 [ 398.031868][ T5899] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 398.181931][ T5899] usb 4-1: device descriptor read/64, error -71 [ 398.431780][ T5899] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 398.435406][T10340] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1402'. [ 398.459032][T10338] team0: Device ipvlan0 is up. Set it down before adding it as a team port [ 398.551839][ T5887] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 398.611789][ T5899] usb 4-1: device descriptor read/64, error -71 [ 398.721764][ T5887] usb 3-1: Using ep0 maxpacket: 16 [ 398.739354][ T5887] usb 3-1: unable to get BOS descriptor or descriptor too short [ 398.750049][ T5887] usb 3-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 398.763204][ T5887] usb 3-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 398.778183][ T5899] usb usb4-port1: attempt power cycle [ 398.786657][ T5887] usb 3-1: config 1 interface 0 has no altsetting 0 [ 398.811296][ T5887] usb 3-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 398.821423][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 398.834149][ T5887] usb 3-1: Product: syz [ 398.838336][ T5887] usb 3-1: Manufacturer: syz [ 398.863481][ T5887] usb 3-1: SerialNumber: syz [ 399.212863][ T5899] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 399.235012][ T5899] usb 4-1: device descriptor read/8, error -71 [ 399.354080][ T5898] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 399.491722][ T5899] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 399.499760][ T5898] usb 2-1: device descriptor read/64, error -71 [ 399.523747][ T5899] usb 4-1: device descriptor read/8, error -71 [ 399.641974][ T5899] usb usb4-port1: unable to enumerate USB device [ 399.751963][ T5898] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 399.891789][ T5898] usb 2-1: device descriptor read/64, error -71 [ 400.034189][ T5898] usb usb2-port1: attempt power cycle [ 400.394728][ T5898] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 400.413839][ T5898] usb 2-1: device descriptor read/8, error -71 [ 400.491488][T10390] libceph: resolve '. [ 400.491488][T10390] #)|.fǝb2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 400.491488][T10390] ' (ret=-3): failed [ 400.652146][ T5898] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 400.673469][ T5898] usb 2-1: device descriptor read/8, error -71 [ 400.761842][ T5899] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 400.792357][ T5898] usb usb2-port1: unable to enumerate USB device [ 400.820845][T10398] macsec1: entered allmulticast mode [ 400.820904][T10398] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 400.946176][T10398] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 400.958497][ T5899] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 400.958522][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 400.958545][ T5899] usb 5-1: Product: syz [ 400.958562][ T5899] usb 5-1: Manufacturer: syz [ 400.958579][ T5899] usb 5-1: SerialNumber: syz [ 400.968034][ T5899] usb 5-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 400.998009][ T5899] usb 5-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 401.410936][T10392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 401.411516][T10392] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 401.875274][T10392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 401.875822][T10392] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 401.879560][ T5889] usb 5-1: USB disconnect, device number 52 [ 401.891707][ C1] dummy_hcd dummy_hcd.4: timer fired with no URBs pending? [ 402.111704][ T5899] ath9k_htc 5-1:1.0: ath9k_htc: Target is unresponsive [ 402.111905][ T5899] ath9k_htc: Failed to initialize the device [ 402.112595][ T5889] usb 5-1: ath9k_htc: USB layer deinitialized [ 402.490366][ T5887] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 402.493309][ T5887] usb 3-1: USB disconnect, device number 57 [ 402.509620][T10403] ip6gre1: entered allmulticast mode [ 402.593133][T10405] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1412'. [ 402.916148][T10416] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1414'. [ 403.104302][T10422] tipc: Started in network mode [ 403.109244][T10422] tipc: Node identity 0000000000000000000000625f953d01, cluster identity 4711 [ 403.151853][T10422] tipc: Enabling of bearer rejected, failed to enable media [ 403.381845][T10433] netlink: 'syz.2.1421': attribute type 12 has an invalid length. [ 403.393194][T10430] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1420'. [ 403.408679][T10433] (unnamed net_device) (uninitialized): option primary_reselect: invalid value (9) [ 404.007480][ T5887] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 404.158555][T10451] macsec1: entered allmulticast mode [ 404.164048][T10451] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 404.210072][T10452] loop2: detected capacity change from 0 to 7 [ 404.218896][ T5886] Dev loop2: unable to read RDB block 7 [ 404.227034][ T5886] loop2: unable to read partition table [ 404.232966][ T5886] loop2: partition table beyond EOD, truncated [ 404.247650][T10452] Dev loop2: unable to read RDB block 7 [ 404.260018][T10452] loop2: unable to read partition table [ 404.325079][ T5887] usb 4-1: config 0 has no interfaces? [ 404.331056][T10452] loop2: partition table beyond EOD, truncated [ 404.345292][ T5887] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 404.354814][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.366940][T10451] netdevsim netdevsim1 netdevsim0: left allmulticast mode [ 404.378324][ T5887] usb 4-1: Product: syz [ 404.388230][ T5887] usb 4-1: Manufacturer: syz [ 404.395210][T10452] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 404.416199][ T5887] usb 4-1: SerialNumber: syz [ 404.490582][ T5887] usb 4-1: config 0 descriptor?? [ 404.955397][T10445] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 405.056430][T10445] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 405.501759][ T5887] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 405.683528][ T5887] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 405.719524][ T5887] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 405.775842][ T5887] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 405.811194][ T5887] usb 3-1: config 0 interface 0 has no altsetting 0 [ 405.830996][T10466] No such timeout policy "syz1" [ 405.839924][ T5887] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 405.858993][ T5887] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 405.897294][ T5887] usb 3-1: config 0 interface 0 has no altsetting 0 [ 405.925723][ T5887] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 405.958264][ T5887] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 406.031172][ T5887] usb 3-1: config 0 interface 0 has no altsetting 0 [ 406.071541][ T5887] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 406.096701][ T5887] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 406.160136][ T5887] usb 3-1: config 0 interface 0 has no altsetting 0 [ 406.189357][ T5887] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 406.241538][ T5887] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 406.277076][ T5887] usb 3-1: config 0 interface 0 has no altsetting 0 [ 406.300910][ T5887] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 406.322987][ T5887] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 406.350477][ T5887] usb 3-1: config 0 interface 0 has no altsetting 0 [ 406.373941][ T5887] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 406.391105][ T5887] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 406.428463][ T5887] usb 3-1: config 0 interface 0 has no altsetting 0 [ 406.451439][ T5887] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 406.465194][ T5887] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has an invalid bInterval 0, changing to 7 [ 406.538407][ T5887] usb 3-1: config 0 interface 0 has no altsetting 0 [ 406.557883][ T5887] usb 3-1: New USB device found, idVendor=0c45, idProduct=1010, bcdDevice=49.8e [ 406.570631][ T5887] usb 3-1: New USB device strings: Mfr=41, Product=64, SerialNumber=168 [ 406.728550][ T5889] usb 4-1: USB disconnect, device number 55 [ 406.791698][ T5887] usb 3-1: Product: syz [ 406.812179][ T5887] usb 3-1: Manufacturer: syz [ 406.816862][ T5887] usb 3-1: SerialNumber: syz [ 406.838624][T10471] input: syz0 as /devices/virtual/input/input30 [ 406.849379][ T5887] usb 3-1: config 0 descriptor?? [ 406.879250][ T5887] yurex 3-1:0.0: USB YUREX device now attached to Yurex #0 [ 407.007991][T10473] SET target dimension over the limit! [ 407.095540][T10462] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.138284][T10462] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.248629][T10476] openvswitch: netlink: VXLAN extension message has 4 unknown bytes. [ 407.272700][ T5887] usb 5-1: new full-speed USB device number 53 using dummy_hcd [ 407.291931][ C0] usb 3-1: yurex_control_callback - control failed: -2 [ 407.493631][ T5899] usb 3-1: USB disconnect, device number 58 [ 407.534919][ T5887] usb 5-1: unable to get BOS descriptor or descriptor too short [ 407.576452][ T5887] usb 5-1: not running at top speed; connect to a high speed hub [ 407.589301][ T5899] yurex 3-1:0.0: USB YUREX #0 now disconnected [ 407.684558][ T5887] usb 5-1: config 129 has an invalid descriptor of length 0, skipping remainder of the config [ 407.736068][ T5887] usb 5-1: New USB device found, idVendor=0fc5, idProduct=1227, bcdDevice=f4.4a [ 407.774965][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.810781][ T5887] usb 5-1: Product: syz [ 407.830467][ T5887] usb 5-1: Manufacturer: syz [ 407.859670][ T5887] usb 5-1: SerialNumber: syz [ 407.918612][T10489] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 408.187200][T10496] FAULT_INJECTION: forcing a failure. [ 408.187200][T10496] name failslab, interval 1, probability 0, space 0, times 0 [ 408.210524][T10496] CPU: 0 UID: 0 PID: 10496 Comm: syz.1.1444 Not tainted 6.15.0-syzkaller-11173-g546b1c9e93c2 #0 PREEMPT(full) [ 408.210554][T10496] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 408.210567][T10496] Call Trace: [ 408.210575][T10496] [ 408.210585][T10496] dump_stack_lvl+0x189/0x250 [ 408.210627][T10496] ? __pfx____ratelimit+0x10/0x10 [ 408.210660][T10496] ? __pfx_dump_stack_lvl+0x10/0x10 [ 408.210693][T10496] ? __pfx__printk+0x10/0x10 [ 408.210722][T10496] ? __pfx___might_resched+0x10/0x10 [ 408.210748][T10496] should_fail_ex+0x414/0x560 [ 408.210787][T10496] should_failslab+0xa8/0x100 [ 408.210813][T10496] kmem_cache_alloc_noprof+0x73/0x3c0 [ 408.210835][T10496] ? ptlock_alloc+0x20/0x70 [ 408.210861][T10496] ptlock_alloc+0x20/0x70 [ 408.210882][T10496] pte_alloc_one+0x7d/0x170 [ 408.210916][T10496] __pte_alloc+0x25/0x1a0 [ 408.210947][T10496] __handle_mm_fault+0x4b8a/0x5620 [ 408.210988][T10496] ? __pfx___handle_mm_fault+0x10/0x10 [ 408.211030][T10496] ? __pfx___might_resched+0x10/0x10 [ 408.211054][T10496] handle_mm_fault+0x40a/0x8e0 [ 408.211086][T10496] __get_user_pages+0x1af4/0x30b0 [ 408.211167][T10496] ? __pfx___get_user_pages+0x10/0x10 [ 408.211210][T10496] __gup_longterm_locked+0xd66/0x15b0 [ 408.211257][T10496] pin_user_pages_remote+0xd4/0x120 [ 408.211292][T10496] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 408.211316][T10496] ? down_read+0x1ad/0x2e0 [ 408.211339][T10496] process_vm_rw+0x59e/0xb40 [ 408.211360][T10496] ? get_pid_task+0x20/0x1f0 [ 408.211396][T10496] ? __pfx_process_vm_rw+0x10/0x10 [ 408.211434][T10496] ? rcu_read_lock_any_held+0xb3/0x120 [ 408.211491][T10496] ? __pfx_vfs_write+0x10/0x10 [ 408.211537][T10496] ? ksys_write+0x22a/0x250 [ 408.211561][T10496] ? __pfx_ksys_write+0x10/0x10 [ 408.211579][T10496] ? rcu_is_watching+0x15/0xb0 [ 408.211603][T10496] __x64_sys_process_vm_writev+0xe0/0x100 [ 408.211631][T10496] do_syscall_64+0xfa/0x3b0 [ 408.211650][T10496] ? lockdep_hardirqs_on+0x9c/0x150 [ 408.211681][T10496] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.211702][T10496] ? clear_bhb_loop+0x60/0xb0 [ 408.211728][T10496] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.211748][T10496] RIP: 0033:0x7f339e58e969 [ 408.211767][T10496] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.211785][T10496] RSP: 002b:00007f339f323038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 408.211808][T10496] RAX: ffffffffffffffda RBX: 00007f339e7b5fa0 RCX: 00007f339e58e969 [ 408.211824][T10496] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 000000000000031c [ 408.211838][T10496] RBP: 00007f339f323090 R08: 000000000000023a R09: 0000000000000000 [ 408.211851][T10496] R10: 0000200000121000 R11: 0000000000000246 R12: 0000000000000001 [ 408.211864][T10496] R13: 0000000000000000 R14: 00007f339e7b5fa0 R15: 00007f339e8dfa28 [ 408.211896][T10496] [ 408.892140][ T5899] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 409.461726][ T5899] usb 2-1: Using ep0 maxpacket: 16 [ 409.481348][ T5899] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 16 [ 409.524045][ T5899] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid wMaxPacketSize 0 [ 409.540868][ T5899] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 0 [ 409.565155][ T5899] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice=4f.32 [ 409.575136][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.591689][ T5899] usb 2-1: Product: syz [ 409.596011][ T5899] usb 2-1: Manufacturer: syz [ 409.602256][ T5899] usb 2-1: SerialNumber: syz [ 409.611811][T10512] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1451'. [ 409.632741][ T5899] usb 2-1: config 0 descriptor?? [ 409.642873][T10503] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 409.653208][ T5899] mceusb 2-1:0.0: mceusb_dev_probe: device setup failed! [ 409.660332][ T5899] mceusb 2-1:0.0: probe with driver mceusb failed with error -12 [ 409.882795][T10503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.901422][T10503] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 409.923794][T10503] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.937126][T10521] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.958066][T10503] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 409.970873][T10521] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 410.081913][ T5887] usbsevseg 5-1:129.0: USB 7 Segment device now attached [ 410.112292][ T5887] usb 5-1: USB disconnect, device number 53 [ 410.120486][ T5887] usbsevseg 5-1:129.0: USB 7 Segment now disconnected [ 410.167546][ T5899] usb 2-1: USB disconnect, device number 65 [ 410.228543][T10524] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 410.468629][T10531] netlink: 104 bytes leftover after parsing attributes in process `syz.2.1457'. [ 411.560315][T10560] netlink: 136 bytes leftover after parsing attributes in process `syz.4.1466'. [ 411.589797][T10560] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 411.767869][T10562] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 411.854679][T10565] libceph: resolve '. [ 411.854679][T10565] #)|.fǝb2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 411.854679][T10565] ' (ret=-3): failed [ 412.133338][T10569] ip6gre2: entered allmulticast mode [ 412.217347][T10571] veth5: entered promiscuous mode [ 412.245850][T10571] veth5: entered allmulticast mode [ 412.351909][T10576] IPVS: set_ctl: invalid protocol: 43 10.1.1.0:20004 [ 412.568366][T10585] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1477'. [ 412.611948][ T5889] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 412.743297][ T5889] usb 5-1: device descriptor read/64, error -71 [ 412.814689][T10593] FAULT_INJECTION: forcing a failure. [ 412.814689][T10593] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 412.835471][T10593] CPU: 1 UID: 0 PID: 10593 Comm: syz.1.1480 Not tainted 6.15.0-syzkaller-11173-g546b1c9e93c2 #0 PREEMPT(full) [ 412.835503][T10593] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 412.835516][T10593] Call Trace: [ 412.835524][T10593] [ 412.835533][T10593] dump_stack_lvl+0x189/0x250 [ 412.835588][T10593] ? __pfx____ratelimit+0x10/0x10 [ 412.835621][T10593] ? __pfx_dump_stack_lvl+0x10/0x10 [ 412.835655][T10593] ? __pfx__printk+0x10/0x10 [ 412.835681][T10593] ? fs_reclaim_acquire+0x7d/0x100 [ 412.835716][T10593] should_fail_ex+0x414/0x560 [ 412.835755][T10593] prepare_alloc_pages+0x213/0x610 [ 412.835790][T10593] __alloc_frozen_pages_noprof+0x123/0x370 [ 412.835825][T10593] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 412.835859][T10593] ? __lruvec_stat_mod_folio+0x79/0x2f0 [ 412.835893][T10593] ? policy_nodemask+0x27c/0x720 [ 412.835922][T10593] alloc_pages_mpol+0x232/0x4a0 [ 412.835952][T10593] vma_alloc_folio_noprof+0xe4/0x200 [ 412.835980][T10593] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 412.836017][T10593] ? do_raw_spin_unlock+0x122/0x240 [ 412.836052][T10593] folio_prealloc+0x30/0x180 [ 412.836079][T10593] __handle_mm_fault+0x2c88/0x5620 [ 412.836123][T10593] ? __pfx___handle_mm_fault+0x10/0x10 [ 412.836167][T10593] ? __pfx___might_resched+0x10/0x10 [ 412.836192][T10593] handle_mm_fault+0x40a/0x8e0 [ 412.836226][T10593] __get_user_pages+0x1af4/0x30b0 [ 412.836298][T10593] ? __pfx___get_user_pages+0x10/0x10 [ 412.836341][T10593] __gup_longterm_locked+0xd66/0x15b0 [ 412.836390][T10593] pin_user_pages_remote+0xd4/0x120 [ 412.836414][T10593] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 412.836441][T10593] ? down_read+0x1ad/0x2e0 [ 412.836467][T10593] process_vm_rw+0x59e/0xb40 [ 412.836488][T10593] ? get_pid_task+0x20/0x1f0 [ 412.836529][T10593] ? __pfx_process_vm_rw+0x10/0x10 [ 412.836549][T10593] ? rcu_read_lock_any_held+0xb3/0x120 [ 412.836605][T10593] ? __pfx_vfs_write+0x10/0x10 [ 412.836653][T10593] ? ksys_write+0x22a/0x250 [ 412.836676][T10593] ? __pfx_ksys_write+0x10/0x10 [ 412.836695][T10593] ? rcu_is_watching+0x15/0xb0 [ 412.836721][T10593] __x64_sys_process_vm_writev+0xe0/0x100 [ 412.836750][T10593] do_syscall_64+0xfa/0x3b0 [ 412.836770][T10593] ? lockdep_hardirqs_on+0x9c/0x150 [ 412.836802][T10593] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.836824][T10593] ? clear_bhb_loop+0x60/0xb0 [ 412.836851][T10593] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 412.836873][T10593] RIP: 0033:0x7f339e58e969 [ 412.836892][T10593] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 412.836911][T10593] RSP: 002b:00007f339f323038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 412.836934][T10593] RAX: ffffffffffffffda RBX: 00007f339e7b5fa0 RCX: 00007f339e58e969 [ 412.836950][T10593] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000330 [ 412.836964][T10593] RBP: 00007f339f323090 R08: 000000000000023a R09: 0000000000000000 [ 412.836977][T10593] R10: 0000200000121000 R11: 0000000000000246 R12: 0000000000000001 [ 412.836991][T10593] R13: 0000000000000000 R14: 00007f339e7b5fa0 R15: 00007f339e8dfa28 [ 412.837031][T10593] [ 413.203221][T10597] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1484'. [ 413.291825][ T5889] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 413.431802][ T5889] usb 5-1: device descriptor read/64, error -71 [ 413.497536][T10614] macsec1: entered allmulticast mode [ 413.506326][T10614] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 413.558980][T10614] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 413.568105][ T5889] usb usb5-port1: attempt power cycle [ 413.701930][ T5887] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 413.819499][T10617] loop6: detected capacity change from 0 to 524288000 [ 413.932333][ T5889] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 413.981879][ T5887] usb 2-1: Using ep0 maxpacket: 8 [ 413.995415][ T5889] usb 5-1: device descriptor read/8, error -71 [ 414.013121][ T5887] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 414.042700][ T5887] usb 2-1: New USB device found, idVendor=0421, idProduct=798f, bcdDevice=86.54 [ 414.076748][ T5887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 414.112555][ T5887] usb 2-1: Product: syz [ 414.118984][ T5887] usb 2-1: Manufacturer: syz [ 414.129683][ T5887] usb 2-1: SerialNumber: syz [ 414.174529][ T5887] usb 2-1: config 0 descriptor?? [ 414.213738][ T5887] cdc_phonet 2-1:0.0: skipping garbage [ 414.219275][ T5887] cdc_phonet 2-1:0.0: invalid descriptor buffer length [ 414.228403][ T5887] cdc_phonet 2-1:0.0: probe with driver cdc_phonet failed with error -22 [ 414.281877][ T5889] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 414.302824][ T5889] usb 5-1: device descriptor read/8, error -71 [ 414.413509][ T5889] usb usb5-port1: unable to enumerate USB device [ 414.453392][T10597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 414.462473][T10597] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 414.476157][ T5899] usb 2-1: USB disconnect, device number 66 [ 414.832166][T10632] : entered promiscuous mode [ 415.067046][ T30] kauditd_printk_skb: 233 callbacks suppressed [ 415.067066][ T30] audit: type=1326 audit(1748978329.458:7073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10636 comm="syz.2.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d8278e969 code=0x7ffc0000 [ 415.102189][ T30] audit: type=1326 audit(1748978329.488:7074): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10636 comm="syz.2.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d8278e969 code=0x7ffc0000 [ 415.131803][ T30] audit: type=1326 audit(1748978329.488:7075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10636 comm="syz.2.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d8272ab39 code=0x7ffc0000 [ 415.161346][ T30] audit: type=1326 audit(1748978329.488:7076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10636 comm="syz.2.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d8272ab39 code=0x7ffc0000 [ 415.201685][ T30] audit: type=1326 audit(1748978329.488:7077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10636 comm="syz.2.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d8272ab39 code=0x7ffc0000 [ 415.291691][ T30] audit: type=1326 audit(1748978329.488:7078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10636 comm="syz.2.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d8272ab39 code=0x7ffc0000 [ 415.402363][T10645] No such timeout policy "syz1" [ 415.432640][ T30] audit: type=1326 audit(1748978329.488:7079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10636 comm="syz.2.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d8272ab39 code=0x7ffc0000 [ 415.508405][ T30] audit: type=1326 audit(1748978329.488:7080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10636 comm="syz.2.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d8278e969 code=0x7ffc0000 [ 415.535704][ T30] audit: type=1326 audit(1748978329.488:7081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10636 comm="syz.2.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1d8278e969 code=0x7ffc0000 [ 415.565251][ T30] audit: type=1326 audit(1748978329.488:7082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10636 comm="syz.2.1497" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f1d8272ab39 code=0x7ffc0000 [ 415.777627][T10656] netlink: 136 bytes leftover after parsing attributes in process `syz.3.1505'. [ 415.788570][T10656] A link change request failed with some changes committed already. Interface ip_vti0 may have been left with an inconsistent configuration, please check. [ 415.962891][ T5889] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 416.131403][ T5889] usb 2-1: config 0 has no interfaces? [ 416.255101][ T5889] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 416.264466][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.272775][ T5889] usb 2-1: Product: syz [ 416.277009][ T5889] usb 2-1: Manufacturer: syz [ 416.282325][ T5889] usb 2-1: SerialNumber: syz [ 416.343197][ T5889] usb 2-1: config 0 descriptor?? [ 416.559429][T10672] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1510'. [ 417.259889][T10677] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.273461][T10677] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.287680][T10677] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.300157][T10677] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 417.327348][T10677] geneve2: entered promiscuous mode [ 417.421069][T10677] geneve2: entered allmulticast mode [ 417.452482][ T5889] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 417.480077][T10677] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.533618][T10692] netlink: 596 bytes leftover after parsing attributes in process `syz.3.1517'. [ 417.550197][T10677] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.585263][T10677] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.634366][ T5889] usb 3-1: Using ep0 maxpacket: 16 [ 417.650132][ T5889] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 192, changing to 11 [ 417.662188][ T5889] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 8 [ 417.672050][ T5889] usb 3-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 18 [ 417.685746][T10677] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 417.701251][ T5889] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 417.710959][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 417.733470][ T5889] usb 3-1: SerialNumber: syz [ 417.763385][T10682] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 417.965487][T10690] netlink: 'syz.3.1517': attribute type 29 has an invalid length. [ 417.974122][T10691] netlink: 'syz.3.1517': attribute type 29 has an invalid length. [ 418.057978][ T5889] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -71 [ 418.217299][ T5889] usb 3-1: USB disconnect, device number 59 [ 418.382083][ T5899] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 418.514574][T10699] SET target dimension over the limit! [ 418.541828][ T5899] usb 4-1: Using ep0 maxpacket: 32 [ 418.573515][ T5899] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 418.585266][ T5899] usb 4-1: config 0 has no interface number 0 [ 418.591531][ T5899] usb 4-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 418.594763][ T5889] usb 2-1: USB disconnect, device number 67 [ 418.603591][ T5899] usb 4-1: config 0 interface 1 has no altsetting 0 [ 418.618266][ T5899] usb 4-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 418.628609][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 418.647209][ T5899] usb 4-1: Product: syz [ 418.652189][ T5899] usb 4-1: Manufacturer: syz [ 418.661286][ T5899] usb 4-1: SerialNumber: syz [ 418.675402][ T5899] usb 4-1: config 0 descriptor?? [ 418.823113][T10703] veth7: entered promiscuous mode [ 418.830837][T10703] veth7: entered allmulticast mode [ 418.840641][T10707] FAULT_INJECTION: forcing a failure. [ 418.840641][T10707] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 418.854626][T10707] CPU: 0 UID: 0 PID: 10707 Comm: syz.1.1524 Not tainted 6.15.0-syzkaller-11173-g546b1c9e93c2 #0 PREEMPT(full) [ 418.854656][T10707] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 418.854669][T10707] Call Trace: [ 418.854678][T10707] [ 418.854687][T10707] dump_stack_lvl+0x189/0x250 [ 418.854727][T10707] ? __pfx____ratelimit+0x10/0x10 [ 418.854759][T10707] ? __pfx_dump_stack_lvl+0x10/0x10 [ 418.854794][T10707] ? __pfx__printk+0x10/0x10 [ 418.854820][T10707] ? fs_reclaim_acquire+0x7d/0x100 [ 418.854857][T10707] should_fail_ex+0x414/0x560 [ 418.854896][T10707] prepare_alloc_pages+0x213/0x610 [ 418.854934][T10707] __alloc_frozen_pages_noprof+0x123/0x370 [ 418.854968][T10707] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 418.855002][T10707] ? policy_nodemask+0x27c/0x720 [ 418.855018][T10707] ? __lock_acquire+0xab9/0xd20 [ 418.855045][T10707] alloc_pages_mpol+0x232/0x4a0 [ 418.855071][T10707] vma_alloc_folio_noprof+0xe4/0x200 [ 418.855089][T10707] ? page_table_check_set+0x18d/0x730 [ 418.855109][T10707] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 418.855139][T10707] folio_prealloc+0x30/0x180 [ 418.855158][T10707] __handle_mm_fault+0x2c88/0x5620 [ 418.855191][T10707] ? __pfx___handle_mm_fault+0x10/0x10 [ 418.855220][T10707] ? follow_page_pte+0x8d6/0x14b0 [ 418.855244][T10707] handle_mm_fault+0x40a/0x8e0 [ 418.855269][T10707] __get_user_pages+0x1af4/0x30b0 [ 418.855325][T10707] ? __pfx___get_user_pages+0x10/0x10 [ 418.855360][T10707] __gup_longterm_locked+0xd66/0x15b0 [ 418.855397][T10707] pin_user_pages_remote+0xd4/0x120 [ 418.855415][T10707] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 418.855436][T10707] ? down_read+0x1ad/0x2e0 [ 418.855455][T10707] process_vm_rw+0x59e/0xb40 [ 418.855471][T10707] ? get_pid_task+0x20/0x1f0 [ 418.855502][T10707] ? __pfx_process_vm_rw+0x10/0x10 [ 418.855516][T10707] ? rcu_read_lock_any_held+0xb3/0x120 [ 418.855559][T10707] ? __pfx_vfs_write+0x10/0x10 [ 418.855605][T10707] ? ksys_write+0x22a/0x250 [ 418.855625][T10707] ? __pfx_ksys_write+0x10/0x10 [ 418.855647][T10707] __x64_sys_process_vm_writev+0xe0/0x100 [ 418.855672][T10707] do_syscall_64+0xfa/0x3b0 [ 418.855690][T10707] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.855707][T10707] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 418.855724][T10707] ? clear_bhb_loop+0x60/0xb0 [ 418.855745][T10707] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.855762][T10707] RIP: 0033:0x7f339e58e969 [ 418.855777][T10707] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.855792][T10707] RSP: 002b:00007f339f323038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 418.855812][T10707] RAX: ffffffffffffffda RBX: 00007f339e7b5fa0 RCX: 00007f339e58e969 [ 418.855824][T10707] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 000000000000033d [ 418.855835][T10707] RBP: 00007f339f323090 R08: 000000000000023a R09: 0000000000000000 [ 418.855846][T10707] R10: 0000200000121000 R11: 0000000000000246 R12: 0000000000000001 [ 418.855856][T10707] R13: 0000000000000000 R14: 00007f339e7b5fa0 R15: 00007f339e8dfa28 [ 418.855883][T10707] [ 419.197698][ T5899] cx231xx 4-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 419.209089][ T5899] cx231xx 4-1:0.1: Failed to read PCB config [ 419.214459][T10709] input: syz0 as /devices/virtual/input/input31 [ 419.221763][ T5899] cx231xx 4-1:0.1: probe with driver cx231xx failed with error -71 [ 419.276413][ T5899] usb 4-1: USB disconnect, device number 56 [ 419.588256][T10717] macsec1: entered allmulticast mode [ 419.593812][T10717] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 419.682870][T10717] netdevsim netdevsim1 netdevsim0: left allmulticast mode [ 419.721719][ T5899] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 419.802133][ T5898] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 419.820273][T10719] team0: Device ipvlan2 is up. Set it down before adding it as a team port [ 419.881868][ T5899] usb 4-1: Using ep0 maxpacket: 32 [ 419.888707][ T5899] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 419.925727][ T5899] usb 4-1: config 0 has no interface number 0 [ 419.946125][ T5899] usb 4-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 419.973927][ T5898] usb 3-1: device descriptor read/64, error -71 [ 420.075589][ T5899] usb 4-1: config 0 interface 1 has no altsetting 0 [ 420.097897][ T5899] usb 4-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 420.114861][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.133136][ T30] kauditd_printk_skb: 570 callbacks suppressed [ 420.133155][ T30] audit: type=1326 audit(1748978334.518:7653): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10720 comm="syz.0.1530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=149 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 420.162453][ T5899] usb 4-1: Product: syz [ 420.171817][ T5899] usb 4-1: Manufacturer: syz [ 420.177598][ T5899] usb 4-1: SerialNumber: syz [ 420.194684][ T5899] usb 4-1: config 0 descriptor?? [ 420.240479][ T5898] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 420.421875][ T5898] usb 3-1: device descriptor read/64, error -71 [ 420.467947][ T30] audit: type=1326 audit(1748978334.678:7654): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10720 comm="syz.0.1530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 420.505768][ T5899] cx231xx 4-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 420.574027][ T30] audit: type=1326 audit(1748978334.678:7655): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10720 comm="syz.0.1530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 420.582009][ T5898] usb usb3-port1: attempt power cycle [ 420.636878][ T5899] cx231xx 4-1:0.1: bad scenario!!!!! [ 420.636878][ T5899] config_info=0 [ 420.671695][ T5899] cx231xx 4-1:0.1: Failed to read PCB config [ 420.787465][ T30] audit: type=1326 audit(1748978335.168:7656): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10720 comm="syz.0.1530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 420.820382][ T5887] usb 4-1: USB disconnect, device number 57 [ 420.882078][ T30] audit: type=1326 audit(1748978335.168:7657): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10720 comm="syz.0.1530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 420.977448][ T30] audit: type=1326 audit(1748978335.168:7658): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10720 comm="syz.0.1530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 421.030961][ T5898] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 421.072206][ T30] audit: type=1326 audit(1748978335.168:7659): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10720 comm="syz.0.1530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=311 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 421.102393][ T30] audit: type=1326 audit(1748978335.178:7660): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10720 comm="syz.0.1530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 421.125286][ T5898] usb 3-1: device descriptor read/8, error -71 [ 421.142089][ T30] audit: type=1326 audit(1748978335.178:7661): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10720 comm="syz.0.1530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 421.171749][ T30] audit: type=1326 audit(1748978335.358:7662): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10720 comm="syz.0.1530" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 421.371832][ T5898] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 421.416403][ T5898] usb 3-1: device descriptor read/8, error -71 [ 421.534618][ T5898] usb usb3-port1: unable to enumerate USB device [ 421.878731][T10739] macsec1: entered allmulticast mode [ 421.886551][T10739] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 421.908290][T10739] netdevsim netdevsim1 netdevsim0: left allmulticast mode [ 421.931976][ T5898] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 422.111515][ T5898] usb 4-1: Using ep0 maxpacket: 8 [ 422.130948][ T5898] usb 4-1: unable to get BOS descriptor or descriptor too short [ 422.176447][ T5898] usb 4-1: config 8 has an invalid interface number: 24 but max is 1 [ 422.195843][ T5898] usb 4-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 422.208032][ T5898] usb 4-1: config 8 has 1 interface, different from the descriptor's value: 2 [ 422.218762][ T5898] usb 4-1: config 8 has no interface number 0 [ 422.237357][ T5898] usb 4-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af [ 422.281038][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 422.299987][ T5898] usb 4-1: Product: syz [ 422.310043][ T5898] usb 4-1: Manufacturer: syz [ 422.324413][ T5898] usb 4-1: SerialNumber: syz [ 422.343318][T10743] Timeout policy `syz1' can only be used by L3 protocol number 34978 [ 422.418778][T10745] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1538'. [ 422.566153][T10735] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1534'. [ 422.947212][T10755] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 423.309527][T10761] netlink: 52 bytes leftover after parsing attributes in process `syz.2.1544'. [ 425.279107][ T5898] vmk80xx 4-1:8.24: driver 'vmk80xx' failed to auto-configure device. [ 425.341567][ T5898] usb 4-1: USB disconnect, device number 58 [ 425.994280][T10805] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1557'. [ 426.005085][T10805] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1557'. [ 426.012055][ T5898] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 426.215436][T10807] input: syz0 as /devices/virtual/input/input32 [ 426.234106][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.254282][ T5898] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 426.276880][T10811] netlink: 'syz.0.1556': attribute type 4 has an invalid length. [ 426.289773][T10811] netlink: 17 bytes leftover after parsing attributes in process `syz.0.1556'. [ 426.289804][ T5898] usb 4-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 426.313347][ T5898] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.326528][ T5898] usb 4-1: config 0 descriptor?? [ 426.452823][ T5887] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 426.478988][T10814] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1560'. [ 426.624125][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.646254][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 426.714893][ T5887] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 426.800172][ T5887] usb 5-1: New USB device found, idVendor=5543, idProduct=0047, bcdDevice= 0.00 [ 426.851945][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.869453][ T5887] usb 5-1: config 0 descriptor?? [ 427.163164][ T5898] logitech 0003:046D:C29C.0015: unknown main item tag 0x0 [ 427.184375][ T5898] logitech 0003:046D:C29C.0015: unknown main item tag 0x0 [ 427.211769][ T5898] logitech 0003:046D:C29C.0015: unknown main item tag 0x0 [ 427.239151][ T5898] logitech 0003:046D:C29C.0015: unknown main item tag 0x0 [ 427.264326][ T5898] logitech 0003:046D:C29C.0015: unknown main item tag 0x0 [ 427.292164][ T5898] logitech 0003:046D:C29C.0015: hidraw0: USB HID v0.00 Device [HID 046d:c29c] on usb-dummy_hcd.3-1/input0 [ 427.523786][ T5887] usb 5-1: string descriptor 0 read error: -71 [ 427.555695][ T5887] uclogic 0003:5543:0047.0016: failed retrieving string descriptor #200: -71 [ 427.569099][T10840] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1567'. [ 427.597357][ T5887] uclogic 0003:5543:0047.0016: failed retrieving pen parameters: -71 [ 427.621977][ T5887] uclogic 0003:5543:0047.0016: failed probing pen v2 parameters: -71 [ 427.640523][ T5887] uclogic 0003:5543:0047.0016: failed probing parameters: -71 [ 427.681838][ T5887] uclogic 0003:5543:0047.0016: probe with driver uclogic failed with error -71 [ 427.688969][ T5887] usb 5-1: USB disconnect, device number 58 [ 428.085959][ T30] kauditd_printk_skb: 29 callbacks suppressed [ 428.085979][ T30] audit: type=1326 audit(1748978342.478:7692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10853 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f339e52ab39 code=0x7ffc0000 [ 428.115686][ T30] audit: type=1326 audit(1748978342.508:7693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10853 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f339e52ab39 code=0x7ffc0000 [ 428.235870][ T30] audit: type=1326 audit(1748978342.518:7694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10853 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f339e52ab39 code=0x7ffc0000 [ 428.269391][ T30] audit: type=1326 audit(1748978342.518:7695): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10853 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f339e52ab39 code=0x7ffc0000 [ 428.308155][T10857] xfrm0: entered promiscuous mode [ 428.315937][T10857] xfrm0: entered allmulticast mode [ 428.321231][ T30] audit: type=1326 audit(1748978342.518:7696): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10853 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f339e52ab39 code=0x7ffc0000 [ 428.380083][ T30] audit: type=1326 audit(1748978342.518:7697): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10853 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f339e52ab39 code=0x7ffc0000 [ 428.458977][ T30] audit: type=1326 audit(1748978342.518:7698): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10853 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f339e52ab39 code=0x7ffc0000 [ 428.509061][T10860] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1573'. [ 428.544693][T10861] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1575'. [ 428.578053][ T30] audit: type=1326 audit(1748978342.518:7699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10853 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f339e52ab39 code=0x7ffc0000 [ 428.615247][T10860] binder_alloc: 10858: pid 10858 spamming oneway? 1 buffers allocated for a total size of 4096 [ 428.725655][ T30] audit: type=1326 audit(1748978342.518:7700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10853 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f339e52ab39 code=0x7ffc0000 [ 428.748930][T10863] binder_alloc: 10858: pid 10858 spamming oneway? 2 buffers allocated for a total size of 5120 [ 428.807139][ T30] audit: type=1326 audit(1748978342.518:7701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10853 comm="syz.1.1571" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f339e52ab39 code=0x7ffc0000 [ 428.873126][T10864] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 428.915269][T10864] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 428.971247][ T5898] logitech 0003:046D:C29C.0015: no inputs found [ 429.039956][ T5898] usb 4-1: USB disconnect, device number 59 [ 429.531774][ T5899] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 429.692187][ T5899] usb 5-1: Using ep0 maxpacket: 16 [ 429.755408][ T5899] usb 5-1: unable to get BOS descriptor or descriptor too short [ 429.839376][ T5899] usb 5-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 429.890005][ T5899] usb 5-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 429.991881][ T5899] usb 5-1: config 1 interface 0 has no altsetting 0 [ 430.127635][T10884] team0: Device ipvlan2 is up. Set it down before adding it as a team port [ 430.169247][ T5899] usb 5-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 430.178803][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.203210][ T5899] usb 5-1: Product: syz [ 430.207429][ T5899] usb 5-1: Manufacturer: syz [ 430.257282][ T5899] usb 5-1: SerialNumber: syz [ 430.351707][ T5898] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 430.521711][ T5898] usb 4-1: Using ep0 maxpacket: 32 [ 430.530776][ T5898] usb 4-1: unable to get BOS descriptor or descriptor too short [ 430.550865][ T5898] usb 4-1: config 4 has an invalid interface number: 239 but max is 0 [ 430.563457][ T5898] usb 4-1: config 4 has no interface number 0 [ 430.598184][ T5898] usb 4-1: New USB device found, idVendor=0dba, idProduct=5000, bcdDevice=48.59 [ 430.773526][ T5898] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.798459][T10887] tipc: Enabling of bearer rejected, failed to enable media [ 430.810127][ T5898] usb 4-1: Product: syz [ 430.832456][ T5898] usb 4-1: Manufacturer: syz [ 430.867589][ T5898] usb 4-1: SerialNumber: syz [ 431.115636][ T5898] usb 4-1: MBOX3: Invalid descriptor size=18. [ 431.241299][ T5898] usb 4-1: USB disconnect, device number 60 [ 431.411765][ T5897] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 431.560011][T10898] macsec1: entered allmulticast mode [ 431.568688][T10898] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 431.695739][ T5897] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 431.706793][ T5897] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 431.820334][T10898] netdevsim netdevsim1 netdevsim0: left allmulticast mode [ 431.835742][ T5897] usb 3-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 431.856929][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.081507][ T5897] usb 3-1: config 0 descriptor?? [ 432.935633][T10911] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 433.131538][T10911] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 433.276134][T10913] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1591'. [ 433.525080][ T5899] usbhid 5-1:1.0: couldn't find an input interrupt endpoint [ 433.598141][ T5899] usb 5-1: USB disconnect, device number 59 [ 433.992339][ T5899] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 434.164896][ T5899] usb 5-1: config 0 has no interfaces? [ 434.292938][ T5899] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 434.321690][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.331070][ T5899] usb 5-1: Product: syz [ 434.340520][ T5899] usb 5-1: Manufacturer: syz [ 434.345538][ T5899] usb 5-1: SerialNumber: syz [ 434.359126][ T5899] usb 5-1: config 0 descriptor?? [ 434.387949][T10921] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1595'. [ 434.647693][ T5897] usbhid 3-1:0.0: can't add hid device: -71 [ 434.717008][ T5897] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 434.761531][ T5897] usb 3-1: USB disconnect, device number 64 [ 434.791469][ T5887] usb 5-1: USB disconnect, device number 60 [ 435.181725][ T5897] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 435.338826][T10949] team0: Device ipvlan0 is up. Set it down before adding it as a team port [ 435.424681][ T5897] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 435.435237][ T5897] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 435.451683][ T5897] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 435.494816][ T5897] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 435.525103][ T5897] usb 3-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 435.535258][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 435.542540][T10954] netlink: 'syz.1.1606': attribute type 29 has an invalid length. [ 435.543399][ T5897] usb 3-1: Product: syz [ 435.555980][ T5897] usb 3-1: Manufacturer: syz [ 435.557382][T10954] netlink: 'syz.1.1606': attribute type 29 has an invalid length. [ 435.560694][ T5897] usb 3-1: SerialNumber: syz [ 435.582902][T10954] netlink: 500 bytes leftover after parsing attributes in process `syz.1.1606'. [ 435.592556][ T5887] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 435.622533][ T5897] usb 3-1: config 0 descriptor?? [ 435.630694][ T5897] usb 3-1: ucan: probing device on interface #0 [ 435.659372][ T5897] usb 3-1: ucan: invalid endpoint configuration [ 435.701717][ T5897] usb 3-1: ucan: probe failed; try to update the device firmware [ 435.752703][ T5887] usb 5-1: Using ep0 maxpacket: 16 [ 435.762813][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 197, changing to 11 [ 435.774458][ T5887] usb 5-1: New USB device found, idVendor=2179, idProduct=0053, bcdDevice= 0.00 [ 435.853892][T10932] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1599'. [ 435.881741][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.888947][T10957] ip6gre2: entered allmulticast mode [ 435.904938][T10932] tipc: Resetting bearer [ 435.938879][ T5887] usb 5-1: config 0 descriptor?? [ 436.114557][ T5899] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 436.194378][ T5887] uclogic 0003:2179:0053.0017: interface is invalid, ignoring [ 436.282158][ T5899] usb 4-1: Using ep0 maxpacket: 32 [ 436.289576][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 436.301069][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 436.314745][T10932] tipc: Disabling bearer [ 436.357192][T10932] team0 (unregistering): Port device team_slave_0 removed [ 436.364681][ T5899] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 436.364782][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 436.385015][ T5899] usb 4-1: config 0 descriptor?? [ 436.399309][ T5899] hub 4-1:0.0: USB hub found [ 436.457628][T10932] team0 (unregistering): Port device team_slave_1 removed [ 436.703868][T10958] use of bytesused == 0 is deprecated and will be removed in the future, [ 436.716041][T10958] use the actual size instead. [ 436.786647][ T5899] hub 4-1:0.0: 1 port detected [ 436.844023][ T5897] usb 5-1: USB disconnect, device number 61 [ 436.988862][ T5887] usb 3-1: USB disconnect, device number 65 [ 437.341915][ T5889] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 437.389482][ T5899] hub 4-1:0.0: activate --> -90 [ 437.504540][ T5889] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 437.520233][ T5889] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 437.539217][ T5889] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 437.555707][ T5889] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 437.565777][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 437.623560][ T5889] usb 2-1: config 0 descriptor?? [ 438.064078][ T5889] plantronics 0003:047F:FFFF.0018: No inputs registered, leaving [ 438.071839][ T5897] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 438.131409][ T5889] plantronics 0003:047F:FFFF.0018: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 438.323559][ T5897] usb 3-1: config 0 has no interfaces? [ 438.342286][ T5887] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 438.353750][ T5897] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 438.366427][T10973] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1611'. [ 438.403682][T10973] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1611'. [ 438.416412][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 438.445116][ T5897] usb 3-1: Product: syz [ 438.449381][ T5897] usb 3-1: Manufacturer: syz [ 438.516340][T10973] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 438.525926][T10973] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 438.526399][ T5897] usb 3-1: SerialNumber: syz [ 438.534852][T10973] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 438.534917][T10973] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 438.550876][ T5887] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 438.571337][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 438.582314][ T5887] usb 5-1: config 0 descriptor?? [ 438.620999][ T5897] usb 3-1: config 0 descriptor?? [ 438.771915][ T5899] hub 4-1:0.0: hub_ext_port_status failed (err = -71) [ 438.779274][ T5899] hub_port_connect: 732 callbacks suppressed [ 438.779291][ T5899] usb 4-1-port1: connect-debounce failed [ 438.793573][ T5889] usb 4-1: USB disconnect, device number 61 [ 438.917761][ T5899] usb 3-1: USB disconnect, device number 66 [ 438.982356][T11013] binder: BINDER_SET_CONTEXT_MGR already set [ 438.988898][T11013] binder: 11012:11013 ioctl 4018620d 2000000000c0 returned -16 [ 439.000223][T11013] binder: 11012:11013 ioctl c0306201 2000000003c0 returned -14 [ 439.021200][T11013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 439.032120][ T5887] ath6kl: Failed to read usb control message: -71 [ 439.040984][T11013] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 439.042235][ T5887] ath6kl: Unable to read the bmi data from the device: -71 [ 439.058732][ T5887] ath6kl: Unable to recv target info: -71 [ 439.075739][ T5887] ath6kl: Failed to init ath6kl core: -71 [ 439.083263][ T5887] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 439.098314][ T5887] usb 5-1: USB disconnect, device number 62 [ 439.251916][ T5897] usb 4-1: new full-speed USB device number 62 using dummy_hcd [ 439.416368][ T5897] usb 4-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config [ 439.426951][ T5897] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 439.438042][ T5897] usb 4-1: too many endpoints for config 1 interface 1 altsetting 48: 120, using maximum allowed: 30 [ 439.467957][ T5897] usb 4-1: config 1 interface 1 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 120 [ 439.482363][ T5897] usb 4-1: config 1 interface 1 has no altsetting 0 [ 439.493615][ T5897] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 439.513803][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 439.523561][ T5897] usb 4-1: Product: syz [ 439.527868][ T5897] usb 4-1: Manufacturer: syz [ 439.533723][ T5897] usb 4-1: SerialNumber: syz [ 439.541948][ T5899] usb 2-1: reset high-speed USB device number 68 using dummy_hcd [ 439.558364][ T5897] usb 4-1: selecting invalid altsetting 1 [ 439.582531][ T5897] usb 4-1: selecting invalid altsetting 0 [ 439.588927][ T5897] usb 4-1: selecting invalid altsetting 0 [ 439.595660][ T5897] cdc_ncm 4-1:1.0: bind() failure [ 439.755872][T11013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 439.798151][T11013] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 439.822169][ T5897] usb 4-1: selecting invalid altsetting 0 [ 439.829053][ T5897] usbtest 4-1:1.1: probe with driver usbtest failed with error -22 [ 439.847231][ T5897] usb 4-1: USB disconnect, device number 62 [ 440.015468][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.021953][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.091976][ T5889] usb 5-1: new full-speed USB device number 63 using dummy_hcd [ 440.285326][ T5889] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 440.307234][ T5889] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 440.445495][ T5889] usb 5-1: New USB device found, idVendor=056a, idProduct=0057, bcdDevice= 0.00 [ 440.454814][ T5889] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 440.484344][ T5889] usb 5-1: config 0 descriptor?? [ 440.854020][ T5835] usb 2-1: USB disconnect, device number 68 [ 441.032005][ T5887] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 441.207229][ T5889] usbhid 5-1:0.0: can't add hid device: -71 [ 441.219383][ T5887] usb 4-1: device descriptor read/64, error -71 [ 441.227579][ T5889] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 441.285939][ T5889] usb 5-1: USB disconnect, device number 63 [ 441.481913][ T5887] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 441.621983][ T5887] usb 4-1: device descriptor read/64, error -71 [ 441.732996][ T5887] usb usb4-port1: attempt power cycle [ 441.847514][T11061] SET target dimension over the limit! [ 442.101877][ T5887] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 442.138732][ T5887] usb 4-1: device descriptor read/8, error -71 [ 442.382137][ T5887] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 442.462595][ T5887] usb 4-1: device descriptor read/8, error -71 [ 442.572360][ T5887] usb usb4-port1: unable to enumerate USB device [ 442.912476][ T5835] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 443.105568][ T5835] usb 3-1: config 0 has no interfaces? [ 443.117256][ T5835] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 443.130501][ T5835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.154091][ T5835] usb 3-1: Product: syz [ 443.162799][ T5835] usb 3-1: Manufacturer: syz [ 443.180754][ T5835] usb 3-1: SerialNumber: syz [ 443.207279][ T5835] usb 3-1: config 0 descriptor?? [ 443.541390][T11080] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1630'. [ 443.703658][ T5835] usb 3-1: USB disconnect, device number 67 [ 444.201362][T11101] ip6gre3: entered allmulticast mode [ 444.581767][ T5899] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 444.761731][ T5899] usb 4-1: Using ep0 maxpacket: 16 [ 444.787826][ T5899] usb 4-1: unable to get BOS descriptor or descriptor too short [ 444.799711][ T5899] usb 4-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 444.825641][ T5899] usb 4-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 444.884155][ T5899] usb 4-1: config 1 interface 0 has no altsetting 0 [ 444.956803][ T5899] usb 4-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 444.999171][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 445.022295][ T5899] usb 4-1: Product: syz [ 445.033516][ T5899] usb 4-1: Manufacturer: syz [ 445.045843][ T5899] usb 4-1: SerialNumber: syz [ 445.876636][T11141] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1642'. [ 446.181831][ T5889] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 446.260101][T11154] fuse: Unknown parameter '' [ 446.313241][ T30] audit: type=1326 audit(1748978360.708:8434): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11153 comm="syz.0.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 446.397796][ T30] audit: type=1326 audit(1748978360.728:8435): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11153 comm="syz.0.1649" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 446.407432][ T5889] usb 2-1: config 0 has no interfaces? [ 446.536806][ T5889] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 446.569593][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.615624][ T5889] usb 2-1: Product: syz [ 446.647536][ T5889] usb 2-1: Manufacturer: syz [ 446.668491][ T5889] usb 2-1: SerialNumber: syz [ 446.701539][ T5889] usb 2-1: config 0 descriptor?? [ 446.791870][ T5887] usb 3-1: new full-speed USB device number 68 using dummy_hcd [ 446.804928][T11172] netlink: 104 bytes leftover after parsing attributes in process `syz.0.1654'. [ 446.906178][ T5896] usb 5-1: new full-speed USB device number 64 using dummy_hcd [ 446.998166][ T5887] usb 3-1: config 1 interface 0 has no altsetting 0 [ 447.012055][ T5887] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 447.021740][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 447.030540][ T5887] usb 3-1: Product: syz [ 447.035139][ T5887] usb 3-1: Manufacturer: syz [ 447.039948][ T5887] usb 3-1: SerialNumber: syz [ 447.069936][T11176] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1647'. [ 447.125088][ T5896] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 447.163654][ T5896] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFC, changing to 0x8C [ 447.200634][ T5896] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 447.248496][ T5889] usb 2-1: USB disconnect, device number 69 [ 447.298636][ T5887] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 68 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 447.318691][ T5896] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 447.351079][ T5887] usb 3-1: USB disconnect, device number 68 [ 447.364182][ T5896] usb 5-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice=a4.8f [ 447.374187][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 447.393583][ T5887] usblp0: removed [ 447.401319][ T5896] usb 5-1: Product: syz [ 447.426528][ T5896] usb 5-1: Manufacturer: syz [ 447.440875][ T5896] usb 5-1: SerialNumber: syz [ 447.458731][T11180] netlink: 4400 bytes leftover after parsing attributes in process `syz.0.1656'. [ 447.469979][ T5896] usb 5-1: config 0 descriptor?? [ 447.482775][ T5896] xbox_remote_probe: Unexpected endpoint_in [ 447.502842][T11180] workqueue: name exceeds WQ_NAME_LEN. Truncating to: `] Iq!>s*!)\+` [ 447.711730][ T5887] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 447.730160][T11166] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1652'. [ 447.789176][ T5899] usbhid 4-1:1.0: couldn't find an input interrupt endpoint [ 447.835811][ T5899] usb 4-1: USB disconnect, device number 67 [ 447.873794][ T5887] usb 3-1: Using ep0 maxpacket: 32 [ 447.893735][ T5887] usb 3-1: config 0 has an invalid interface number: 150 but max is 0 [ 447.927823][ T5887] usb 3-1: config 0 has no interface number 0 [ 447.954772][ T5887] usb 3-1: config 0 interface 150 has no altsetting 0 [ 447.980860][ T5887] usb 3-1: New USB device found, idVendor=093a, idProduct=2603, bcdDevice=53.01 [ 448.002197][ T5887] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 448.026017][ T5887] usb 3-1: Product: syz [ 448.030867][ T5887] usb 3-1: Manufacturer: syz [ 448.055879][ T5887] usb 3-1: SerialNumber: syz [ 448.085432][ T5887] usb 3-1: config 0 descriptor?? [ 448.107938][ T5896] usb 5-1: USB disconnect, device number 64 [ 448.117957][ T5887] gspca_main: pac7311-2.14.0 probing 093a:2603 [ 448.510933][T11163] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 448.520209][T11163] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 448.573943][T11207] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1663'. [ 448.601752][ T5887] gspca_pac7311: reg_w() failed index 0x78, value 0x40, error -71 [ 448.609737][ T5887] pac7311 3-1:0.150: probe with driver pac7311 failed with error -71 [ 448.687381][ T5887] usb 3-1: USB disconnect, device number 69 [ 449.292307][ T5899] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 449.498363][ T5899] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 449.498394][ T5899] usb 4-1: can't read configurations, error -61 [ 449.621884][ T5899] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 449.778349][ T5899] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 449.790525][ T5899] usb 4-1: can't read configurations, error -61 [ 449.812526][ T5899] usb usb4-port1: attempt power cycle [ 449.944004][ T5835] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 450.112447][ T5835] usb 5-1: Using ep0 maxpacket: 16 [ 450.124969][ T5835] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 450.135328][ T5835] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 450.162571][ T5835] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 450.186413][ T5899] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 450.217552][ T5899] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 450.311225][ T5835] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.324417][ T5899] usb 4-1: can't read configurations, error -61 [ 450.339970][ T5835] usb 5-1: Product: syz [ 450.358640][ T5835] usb 5-1: Manufacturer: syz [ 450.365319][ T5835] usb 5-1: SerialNumber: syz [ 450.522286][ T5899] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 450.569774][ T5899] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 450.599133][ T5899] usb 4-1: can't read configurations, error -61 [ 450.660415][ T5899] usb usb4-port1: unable to enumerate USB device [ 450.789612][ T5835] usb 5-1: 0:2 : does not exist [ 451.202641][ T5835] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 451.210521][T11281] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1677'. [ 451.221230][T11281] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1677'. [ 451.247522][ T5835] usb 5-1: USB disconnect, device number 65 [ 451.286540][ T5886] udevd[5886]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 451.809959][T11289] tipc: Enabling of bearer rejected, failed to enable media [ 451.957564][T11294] input: syz0 as /devices/virtual/input/input34 [ 452.661823][ T5835] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 452.670409][T11324] loop2: detected capacity change from 0 to 7 [ 452.680459][T11324] Dev loop2: unable to read RDB block 7 [ 452.686136][T11324] loop2: unable to read partition table [ 452.695110][T11324] loop2: partition table beyond EOD, truncated [ 452.722066][T11324] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 452.831800][ T5835] usb 3-1: Using ep0 maxpacket: 8 [ 452.852157][ T5835] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 452.911156][ T5835] usb 3-1: New USB device found, idVendor=16d0, idProduct=10a9, bcdDevice=30.52 [ 452.951259][ T5835] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.972931][ T5835] usb 3-1: Product: syz [ 452.985319][ T5835] usb 3-1: Manufacturer: syz [ 452.989944][ T5835] usb 3-1: SerialNumber: syz [ 453.012539][ T5835] usb 3-1: config 0 descriptor?? [ 453.070448][T11335] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1698'. [ 453.080251][T11332] FAULT_INJECTION: forcing a failure. [ 453.080251][T11332] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 453.198751][T11332] CPU: 0 UID: 0 PID: 11332 Comm: syz.0.1697 Not tainted 6.15.0-syzkaller-11173-g546b1c9e93c2 #0 PREEMPT(full) [ 453.198783][T11332] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 453.198801][T11332] Call Trace: [ 453.198809][T11332] [ 453.198819][T11332] dump_stack_lvl+0x189/0x250 [ 453.198858][T11332] ? __pfx____ratelimit+0x10/0x10 [ 453.198890][T11332] ? __pfx_dump_stack_lvl+0x10/0x10 [ 453.198924][T11332] ? __pfx__printk+0x10/0x10 [ 453.198960][T11332] should_fail_ex+0x414/0x560 [ 453.199000][T11332] _copy_to_user+0x31/0xb0 [ 453.199031][T11332] simple_read_from_buffer+0xe1/0x170 [ 453.199061][T11332] proc_fail_nth_read+0x1df/0x250 [ 453.199093][T11332] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 453.199126][T11332] ? rw_verify_area+0x258/0x650 [ 453.199146][T11332] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 453.199176][T11332] vfs_read+0x200/0x980 [ 453.199202][T11332] ? __pfx___mutex_lock+0x10/0x10 [ 453.199223][T11332] ? __pfx_vfs_read+0x10/0x10 [ 453.199245][T11332] ? __fget_files+0x2a/0x420 [ 453.199275][T11332] ? __fget_files+0x3a0/0x420 [ 453.199299][T11332] ? __fget_files+0x2a/0x420 [ 453.199341][T11332] ksys_read+0x145/0x250 [ 453.199364][T11332] ? __pfx_ksys_read+0x10/0x10 [ 453.199382][T11332] ? rcu_is_watching+0x15/0xb0 [ 453.199408][T11332] ? do_syscall_64+0xbe/0x3b0 [ 453.199432][T11332] do_syscall_64+0xfa/0x3b0 [ 453.199450][T11332] ? lockdep_hardirqs_on+0x9c/0x150 [ 453.199481][T11332] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.199502][T11332] ? clear_bhb_loop+0x60/0xb0 [ 453.199528][T11332] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.199552][T11332] RIP: 0033:0x7f963918d37c [ 453.199571][T11332] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 453.199589][T11332] RSP: 002b:00007f9636ff6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 453.199612][T11332] RAX: ffffffffffffffda RBX: 00007f96393b5fa0 RCX: 00007f963918d37c [ 453.199627][T11332] RDX: 000000000000000f RSI: 00007f9636ff60a0 RDI: 0000000000000006 [ 453.199640][T11332] RBP: 00007f9636ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 453.199652][T11332] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 453.199665][T11332] R13: 0000000000000000 R14: 00007f96393b5fa0 R15: 00007f96394dfa28 [ 453.199697][T11332] [ 453.432372][ C0] vkms_vblank_simulate: vblank timer overrun [ 453.860559][ T30] audit: type=1326 audit(1748978368.248:8436): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11340 comm="syz.4.1700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 453.923117][ T30] audit: type=1326 audit(1748978368.248:8437): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11340 comm="syz.4.1700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 453.946026][ T30] audit: type=1326 audit(1748978368.248:8438): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11340 comm="syz.4.1700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 453.971724][ T30] audit: type=1326 audit(1748978368.298:8439): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11340 comm="syz.4.1700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 453.994247][ T30] audit: type=1326 audit(1748978368.298:8440): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11340 comm="syz.4.1700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 454.016848][ T30] audit: type=1326 audit(1748978368.298:8441): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11340 comm="syz.4.1700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 454.039760][ T30] audit: type=1326 audit(1748978368.298:8442): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11340 comm="syz.4.1700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 454.081728][ T30] audit: type=1326 audit(1748978368.298:8443): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11340 comm="syz.4.1700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 454.135586][ T30] audit: type=1326 audit(1748978368.298:8444): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11340 comm="syz.4.1700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 454.157990][ C0] vkms_vblank_simulate: vblank timer overrun [ 454.171905][ T30] audit: type=1326 audit(1748978368.318:8445): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11340 comm="syz.4.1700" exe="/root/syz-executor" sig=0 arch=c000003e syscall=15 compat=0 ip=0x7f977652ab39 code=0x7ffc0000 [ 454.194263][ C0] vkms_vblank_simulate: vblank timer overrun [ 454.491095][T11356] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1706'. [ 454.541754][ T5835] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 454.594257][T11358] FAULT_INJECTION: forcing a failure. [ 454.594257][T11358] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 454.629066][T11358] CPU: 0 UID: 0 PID: 11358 Comm: syz.0.1707 Not tainted 6.15.0-syzkaller-11173-g546b1c9e93c2 #0 PREEMPT(full) [ 454.629113][T11358] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 454.629127][T11358] Call Trace: [ 454.629135][T11358] [ 454.629144][T11358] dump_stack_lvl+0x189/0x250 [ 454.629193][T11358] ? __pfx____ratelimit+0x10/0x10 [ 454.629226][T11358] ? __pfx_dump_stack_lvl+0x10/0x10 [ 454.629259][T11358] ? __pfx__printk+0x10/0x10 [ 454.629284][T11358] ? fs_reclaim_acquire+0x7d/0x100 [ 454.629320][T11358] should_fail_ex+0x414/0x560 [ 454.629360][T11358] prepare_alloc_pages+0x213/0x610 [ 454.629396][T11358] __alloc_frozen_pages_noprof+0x123/0x370 [ 454.629431][T11358] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 454.629470][T11358] ? policy_nodemask+0x27c/0x720 [ 454.629491][T11358] ? __lock_acquire+0xab9/0xd20 [ 454.629527][T11358] alloc_pages_mpol+0x232/0x4a0 [ 454.629557][T11358] vma_alloc_folio_noprof+0xe4/0x200 [ 454.629581][T11358] ? page_table_check_set+0x18d/0x730 [ 454.629606][T11358] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 454.629644][T11358] folio_prealloc+0x30/0x180 [ 454.629670][T11358] __handle_mm_fault+0x2c88/0x5620 [ 454.629712][T11358] ? __pfx___handle_mm_fault+0x10/0x10 [ 454.629748][T11358] ? follow_page_pte+0x8d6/0x14b0 [ 454.629780][T11358] handle_mm_fault+0x40a/0x8e0 [ 454.629812][T11358] __get_user_pages+0x1af4/0x30b0 [ 454.629881][T11358] ? __pfx___get_user_pages+0x10/0x10 [ 454.629942][T11358] __gup_longterm_locked+0xd66/0x15b0 [ 454.629990][T11358] pin_user_pages_remote+0xd4/0x120 [ 454.630015][T11358] ? __pfx_pin_user_pages_remote+0x10/0x10 [ 454.630042][T11358] ? down_read+0x1ad/0x2e0 [ 454.630067][T11358] process_vm_rw+0x59e/0xb40 [ 454.630088][T11358] ? get_pid_task+0x20/0x1f0 [ 454.630129][T11358] ? __pfx_process_vm_rw+0x10/0x10 [ 454.630149][T11358] ? rcu_read_lock_any_held+0xb3/0x120 [ 454.630212][T11358] ? __pfx_vfs_write+0x10/0x10 [ 454.630260][T11358] ? ksys_write+0x22a/0x250 [ 454.630285][T11358] ? __pfx_ksys_write+0x10/0x10 [ 454.630305][T11358] ? rcu_is_watching+0x15/0xb0 [ 454.630330][T11358] __x64_sys_process_vm_writev+0xe0/0x100 [ 454.630360][T11358] do_syscall_64+0xfa/0x3b0 [ 454.630379][T11358] ? lockdep_hardirqs_on+0x9c/0x150 [ 454.630411][T11358] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.630433][T11358] ? clear_bhb_loop+0x60/0xb0 [ 454.630459][T11358] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 454.630479][T11358] RIP: 0033:0x7f963918e969 [ 454.630498][T11358] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 454.630518][T11358] RSP: 002b:00007f9636ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000137 [ 454.630541][T11358] RAX: ffffffffffffffda RBX: 00007f96393b5fa0 RCX: 00007f963918e969 [ 454.630558][T11358] RDX: 0000000000000001 RSI: 0000200000000000 RDI: 0000000000000375 [ 454.630572][T11358] RBP: 00007f9636ff6090 R08: 000000000000023a R09: 0000000000000000 [ 454.630585][T11358] R10: 0000200000121000 R11: 0000000000000246 R12: 0000000000000002 [ 454.630599][T11358] R13: 0000000000000000 R14: 00007f96393b5fa0 R15: 00007f96394dfa28 [ 454.630632][T11358] [ 454.939581][ C0] vkms_vblank_simulate: vblank timer overrun [ 454.981738][ T5835] usb 2-1: Using ep0 maxpacket: 16 [ 455.003449][ T5835] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 455.015541][ T5835] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 455.054061][ T5835] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 455.063663][ T5835] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.101829][ T5835] usb 2-1: Product: syz [ 455.111979][ T5835] usb 2-1: Manufacturer: syz [ 455.116631][ T5835] usb 2-1: SerialNumber: syz [ 455.155735][ T5835] usb 2-1: config 0 descriptor?? [ 455.166395][ T5835] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 455.201717][ T5835] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 455.401927][ T5899] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 455.417778][T11373] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1714'. [ 455.469537][ T5897] usb 3-1: USB disconnect, device number 70 [ 455.572153][ T5899] usb 5-1: Using ep0 maxpacket: 16 [ 455.587241][ T5899] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 455.608562][ T5899] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 455.633243][ T5899] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 455.663528][ T5899] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576 [ 455.690417][ T5899] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 455.743200][ T5899] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 455.769561][ T5835] em28xx 2-1:0.0: chip ID is em2874 [ 455.799766][ T5899] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 455.828648][ T5899] usb 5-1: SerialNumber: syz [ 455.859724][T11366] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 455.887362][ T5899] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 455.897633][ T5899] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -12 [ 455.993955][ T5896] usb 2-1: USB disconnect, device number 70 [ 456.017852][ T5896] em28xx 2-1:0.0: Disconnecting em28xx [ 456.052400][ T5896] em28xx 2-1:0.0: Freeing device [ 456.229239][T11366] netlink: 'syz.4.1711': attribute type 2 has an invalid length. [ 456.237294][T11366] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1711'. [ 456.304421][ T5899] usb 5-1: USB disconnect, device number 66 [ 456.721938][ T5896] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 457.167577][T11403] tipc: Enabling of bearer rejected, failed to enable media [ 457.214235][ T5896] usb 3-1: config 0 has no interfaces? [ 457.230038][ T5896] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 457.239234][ T5896] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 457.247300][ T5896] usb 3-1: Product: syz [ 457.258036][ T5896] usb 3-1: Manufacturer: syz [ 457.268113][ T5896] usb 3-1: SerialNumber: syz [ 457.375617][ T5896] usb 3-1: config 0 descriptor?? [ 457.851845][ T5896] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 458.034060][ T5896] usb 5-1: config 6 has an invalid interface number: 108 but max is 0 [ 458.042590][ T5896] usb 5-1: config 6 has no interface number 0 [ 458.067157][ T5896] usb 5-1: config 6 interface 108 has no altsetting 0 [ 458.100825][ T5896] usb 5-1: New USB device found, idVendor=0856, idProduct=ac30, bcdDevice=d2.1d [ 458.125044][ T5896] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 458.191359][ T5896] usb 5-1: Product: syz [ 458.216711][ T5896] usb 5-1: Manufacturer: syz [ 458.222537][ T5896] usb 5-1: SerialNumber: syz [ 458.296017][T11418] macsec1: entered allmulticast mode [ 458.301391][T11418] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 458.445486][T11418] netdevsim netdevsim1 netdevsim0: left allmulticast mode [ 458.782713][ T5896] mos7840 5-1:6.108: missing endpoints [ 458.792387][ T5896] usb 5-1: USB disconnect, device number 67 [ 458.831402][T11422] macsec1: entered allmulticast mode [ 458.836973][T11422] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 458.867178][T11422] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 459.812746][ T5887] usb 3-1: USB disconnect, device number 71 [ 459.951715][ T5896] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 460.192240][ T5896] usb 5-1: Using ep0 maxpacket: 16 [ 460.509289][ T5896] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 460.547025][ T5896] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 460.562252][ T5896] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 460.580783][ T5896] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 576 [ 460.592299][ T5896] usb 5-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 460.613396][ T5896] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 460.631776][ T5896] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 460.631823][ T5896] usb 5-1: SerialNumber: syz [ 460.667640][T11425] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 460.682101][ T5896] cdc_acm 5-1:1.0: Control and data interfaces are not separated! [ 460.692851][ T5896] cdc_acm 5-1:1.0: probe with driver cdc_acm failed with error -12 [ 461.009280][T11425] netlink: 'syz.4.1733': attribute type 2 has an invalid length. [ 461.017909][T11425] netlink: 132 bytes leftover after parsing attributes in process `syz.4.1733'. [ 461.055644][ T5899] usb 5-1: USB disconnect, device number 68 [ 461.312047][ T5896] usb 2-1: new full-speed USB device number 71 using dummy_hcd [ 461.624716][ T5896] usb 2-1: unable to get BOS descriptor or descriptor too short [ 461.635182][ T5896] usb 2-1: not running at top speed; connect to a high speed hub [ 461.645374][ T5896] usb 2-1: config 1 has an invalid descriptor of length 255, skipping remainder of the config [ 461.656684][ T5896] usb 2-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 461.671023][ T5896] usb 2-1: config 1 interface 0 has no altsetting 0 [ 461.724793][ T5896] usb 2-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 461.735542][ T5896] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 461.746213][ T5896] usb 2-1: Manufacturer: ㆞붳枤鴤杰령쿤퍏闬 [ 461.753465][ T5896] usb 2-1: SerialNumber: ᠊ [ 462.357961][T11440] IPVS: set_ctl: invalid protocol: 111 172.30.1.2:20003 [ 462.821751][ T5887] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 463.058264][ T5887] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 463.075364][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 463.133902][ T5887] usb 4-1: Product: syz [ 463.155786][ T5887] usb 4-1: Manufacturer: syz [ 463.185720][ T5887] usb 4-1: SerialNumber: syz [ 463.315730][ T5887] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 463.372451][ T5889] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 463.387157][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 463.387174][ T30] audit: type=1326 audit(1748978377.778:8460): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11468 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 463.460969][ T30] audit: type=1326 audit(1748978377.778:8461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11468 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 463.491817][ T30] audit: type=1326 audit(1748978377.778:8462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11468 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 463.519115][ T30] audit: type=1326 audit(1748978377.778:8463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11468 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 463.546001][ T30] audit: type=1326 audit(1748978377.778:8464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11468 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 463.603256][ T30] audit: type=1326 audit(1748978377.778:8465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11468 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 463.631134][ T30] audit: type=1326 audit(1748978377.778:8466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11468 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 463.658901][ T30] audit: type=1326 audit(1748978377.808:8467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11468 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 463.707304][ T30] audit: type=1326 audit(1748978377.838:8468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11468 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 463.798377][ T30] audit: type=1326 audit(1748978377.838:8469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11468 comm="syz.0.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7f963918e969 code=0x7ffc0000 [ 464.112186][ T5899] usb 4-1: USB disconnect, device number 72 [ 464.208050][ T5896] usbhid 2-1:1.0: couldn't find an input interrupt endpoint [ 464.243081][ T5896] usb 2-1: USB disconnect, device number 71 [ 464.475254][T11481] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1749'. [ 464.524377][T11483] syzkaller1: entered promiscuous mode [ 464.534114][T11483] syzkaller1: entered allmulticast mode [ 464.651936][ T5889] usb 4-1: Service connection timeout for: 256 [ 464.658297][ T5889] ath9k_htc 4-1:1.0: ath9k_htc: Unable to initialize HTC services [ 464.667397][ T5889] ath9k_htc: Failed to initialize the device [ 464.678103][ T5899] usb 4-1: ath9k_htc: USB layer deinitialized [ 465.021730][T11495] netlink: 'syz.0.1751': attribute type 20 has an invalid length. [ 465.313989][T11501] gtp0: entered promiscuous mode [ 465.408331][T11506] ip6gre2: entered allmulticast mode [ 466.147413][T11523] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1764'. [ 466.174849][T11523] batadv0: entered promiscuous mode [ 466.265474][T11523] 8021q: adding VLAN 0 to HW filter on device macvlan4 [ 466.276811][T11523] batadv0: left promiscuous mode [ 466.664012][T11531] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1767'. [ 466.764405][T11535] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1768'. [ 466.907344][T11535] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1768'. [ 467.064188][T11538] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 467.071830][T11538] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 467.176207][T11538] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 467.301903][T11538] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 467.561755][ T5899] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 467.683001][T11538] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 467.738412][ T5899] usb 5-1: config 0 has no interfaces? [ 467.761683][T11538] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 467.811288][T11538] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 467.820568][T11538] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 467.820678][ T5899] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 467.841842][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.849983][ T5899] usb 5-1: Product: syz [ 467.873009][ T5899] usb 5-1: Manufacturer: syz [ 467.879848][ T5899] usb 5-1: SerialNumber: syz [ 467.896507][ T5899] usb 5-1: config 0 descriptor?? [ 468.014791][T11538] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 468.045019][T11538] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 468.293762][T11549] input: syz0 as /devices/virtual/input/input35 [ 468.640218][T11553] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1775'. [ 468.685137][T11553] netlink: 'syz.3.1775': attribute type 1 has an invalid length. [ 469.252158][ T5889] usb 3-1: new full-speed USB device number 72 using dummy_hcd [ 469.487205][ T5889] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 469.526671][ T5889] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 469.552613][ T5889] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 469.568804][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 469.730256][ T5889] usb 3-1: config 0 descriptor?? [ 469.921767][ T5899] usb 4-1: new full-speed USB device number 73 using dummy_hcd [ 469.929784][T11579] syzkaller0: entered promiscuous mode [ 469.936145][T11579] syzkaller0: entered allmulticast mode [ 470.208993][ T5899] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 470.238491][ T5899] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 470.272693][ T5899] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 470.302937][ T5899] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 470.343230][ T5899] usb 4-1: config 0 descriptor?? [ 470.381452][ T5889] usb 5-1: USB disconnect, device number 69 [ 470.754422][T11589] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 470.764429][T11583] FAULT_INJECTION: forcing a failure. [ 470.764429][T11583] name failslab, interval 1, probability 0, space 0, times 0 [ 470.821768][T11583] CPU: 0 UID: 0 PID: 11583 Comm: syz.0.1788 Not tainted 6.15.0-syzkaller-11173-g546b1c9e93c2 #0 PREEMPT(full) [ 470.821797][T11583] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 470.821808][T11583] Call Trace: [ 470.821814][T11583] [ 470.821822][T11583] dump_stack_lvl+0x189/0x250 [ 470.821853][T11583] ? __pfx____ratelimit+0x10/0x10 [ 470.821878][T11583] ? __pfx_dump_stack_lvl+0x10/0x10 [ 470.821903][T11583] ? __pfx__printk+0x10/0x10 [ 470.821922][T11583] ? __pfx___might_resched+0x10/0x10 [ 470.821938][T11583] ? fs_reclaim_acquire+0x7d/0x100 [ 470.821962][T11583] should_fail_ex+0x414/0x560 [ 470.821991][T11583] should_failslab+0xa8/0x100 [ 470.822011][T11583] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 470.822028][T11583] ? dup_task_struct+0x52/0x860 [ 470.822047][T11583] dup_task_struct+0x52/0x860 [ 470.822063][T11583] ? lockdep_hardirqs_on+0x9c/0x150 [ 470.822089][T11583] copy_process+0x54b/0x3c00 [ 470.822144][T11583] ? __pfx_copy_process+0x10/0x10 [ 470.822168][T11583] ? __pfx_kvm_nx_huge_page_recovery_worker+0x10/0x10 [ 470.822193][T11583] vhost_task_create+0x1c4/0x290 [ 470.822211][T11583] ? __pfx_kvm_nx_huge_page_recovery_worker_kill+0x10/0x10 [ 470.822233][T11583] ? __pfx_vhost_task_create+0x10/0x10 [ 470.822257][T11583] ? __pfx_vhost_task_fn+0x10/0x10 [ 470.822281][T11583] ? kasan_save_track+0x4f/0x80 [ 470.822294][T11583] ? kasan_save_track+0x3e/0x80 [ 470.822312][T11583] kvm_mmu_post_init_vm+0x147/0x2b0 [ 470.822339][T11583] kvm_arch_vcpu_ioctl_run+0xdc/0x1940 [ 470.822361][T11583] ? __mutex_trylock_common+0x153/0x260 [ 470.822380][T11583] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 470.822400][T11583] ? rcu_is_watching+0x15/0xb0 [ 470.822414][T11583] ? look_up_lock_class+0x74/0x170 [ 470.822439][T11583] ? register_lock_class+0x51/0x320 [ 470.822464][T11583] ? __lock_acquire+0xab9/0xd20 [ 470.822506][T11583] kvm_vcpu_ioctl+0x95c/0xe90 [ 470.822527][T11583] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 470.822540][T11583] ? __lock_acquire+0xab9/0xd20 [ 470.822576][T11583] ? __fget_files+0x2a/0x420 [ 470.822597][T11583] ? __fget_files+0x2a/0x420 [ 470.822614][T11583] ? __fget_files+0x3a0/0x420 [ 470.822631][T11583] ? __fget_files+0x2a/0x420 [ 470.822651][T11583] ? bpf_lsm_file_ioctl+0x9/0x20 [ 470.822674][T11583] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 470.822690][T11583] __se_sys_ioctl+0xf9/0x170 [ 470.822716][T11583] do_syscall_64+0xfa/0x3b0 [ 470.822730][T11583] ? lockdep_hardirqs_on+0x9c/0x150 [ 470.822752][T11583] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.822766][T11583] ? clear_bhb_loop+0x60/0xb0 [ 470.822785][T11583] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 470.822799][T11583] RIP: 0033:0x7f963918e969 [ 470.822813][T11583] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 470.822826][T11583] RSP: 002b:00007f9636ff6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 470.822842][T11583] RAX: ffffffffffffffda RBX: 00007f96393b5fa0 RCX: 00007f963918e969 [ 470.822854][T11583] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 470.822863][T11583] RBP: 00007f9636ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 470.822872][T11583] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 470.822881][T11583] R13: 0000000000000000 R14: 00007f96393b5fa0 R15: 00007f96394dfa28 [ 470.822904][T11583] [ 471.621853][ T5899] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 471.782109][ T5899] usb 5-1: device descriptor read/64, error -71 [ 472.022128][ T5899] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 472.182637][ T5899] usb 5-1: device descriptor read/64, error -71 [ 472.292440][ T5899] usb usb5-port1: attempt power cycle [ 472.397986][T11618] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1796'. [ 472.420982][T11618] netlink: 24 bytes leftover after parsing attributes in process `syz.1.1796'. [ 472.433954][T11618] batadv0: entered promiscuous mode [ 472.691699][ T5899] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 472.733583][ T5899] usb 5-1: device descriptor read/8, error -71 [ 472.914505][ T5889] usb 3-1: USB disconnect, device number 72 [ 472.935458][ T5835] usb 4-1: USB disconnect, device number 73 [ 473.042235][ T5899] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 473.095861][ T5899] usb 5-1: device descriptor read/8, error -71 [ 473.232526][ T5899] usb usb5-port1: unable to enumerate USB device [ 473.409239][T11638] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1802'. [ 473.489442][T11638] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1802'. [ 473.726218][T11640] libceph: resolve '. [ 473.726218][T11640] #)|.fǝb2sow?'%ЏKAqfCzeSb3L)HyoǤYMhE$ [ 473.726218][T11640] ' (ret=-3): failed [ 474.361706][ T5899] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 474.462423][T11654] loop2: detected capacity change from 0 to 7 [ 474.481147][T11654] Dev loop2: unable to read RDB block 7 [ 474.499460][T11654] loop2: unable to read partition table [ 474.509581][T11654] loop2: partition table beyond EOD, truncated [ 474.536585][T11654] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 474.601726][ T5899] usb 4-1: Using ep0 maxpacket: 8 [ 474.634818][ T5899] usb 4-1: unable to get BOS descriptor or descriptor too short [ 474.714775][ T5899] usb 4-1: config 8 has an invalid interface number: 24 but max is 1 [ 474.874092][ T5899] usb 4-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 475.097679][ T5899] usb 4-1: config 8 has 1 interface, different from the descriptor's value: 2 [ 475.122116][ T5899] usb 4-1: config 8 has no interface number 0 [ 475.164849][ T5899] usb 4-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af [ 475.212999][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 475.224930][ T5899] usb 4-1: Product: syz [ 475.231357][ T5899] usb 4-1: Manufacturer: syz [ 475.231740][ T5889] usb 3-1: new full-speed USB device number 73 using dummy_hcd [ 475.243774][ T5896] usb 5-1: new full-speed USB device number 74 using dummy_hcd [ 475.251847][ T5899] usb 4-1: SerialNumber: syz [ 475.426227][ T5896] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 475.444573][ T5896] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 475.587470][ T5889] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 475.628549][T11651] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1805'. [ 475.647023][ T5889] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 475.670342][ T5896] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 475.724601][ T5896] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.735392][ T5889] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 475.819282][ T5896] usb 5-1: config 0 descriptor?? [ 475.827942][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 475.913160][ T5889] usb 3-1: config 0 descriptor?? [ 475.955465][ T5889] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 476.178679][T11674] ================================================================== [ 476.186796][T11674] BUG: KASAN: vmalloc-out-of-bounds in tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 476.195419][T11674] Write of size 1280 at addr ffffc9001eaabb40 by task vivid-000-vid-c/11674 [ 476.204101][T11674] [ 476.206483][T11674] CPU: 0 UID: 0 PID: 11674 Comm: vivid-000-vid-c Not tainted 6.15.0-syzkaller-11173-g546b1c9e93c2 #0 PREEMPT(full) [ 476.206511][T11674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 476.206526][T11674] Call Trace: [ 476.206536][T11674] [ 476.206548][T11674] dump_stack_lvl+0x189/0x250 [ 476.206579][T11674] ? __pfx_dump_stack_lvl+0x10/0x10 [ 476.206604][T11674] ? __pfx__printk+0x10/0x10 [ 476.206629][T11674] ? __pfx__printk+0x10/0x10 [ 476.206651][T11674] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 476.206682][T11674] ? __virt_addr_valid+0xdc/0x5c0 [ 476.206706][T11674] print_report+0xd2/0x2b0 [ 476.206739][T11674] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 476.206766][T11674] kasan_report+0x118/0x150 [ 476.206792][T11674] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 476.206816][T11674] kasan_check_range+0x2b0/0x2c0 [ 476.206837][T11674] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 476.206857][T11674] __asan_memcpy+0x40/0x70 [ 476.206879][T11674] tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 476.206922][T11674] vivid_thread_vid_cap_tick+0xfff/0x5fd0 [ 476.206954][T11674] ? finish_task_switch+0x18b/0x950 [ 476.206989][T11674] ? rcu_is_watching+0x15/0xb0 [ 476.207009][T11674] ? __schedule+0x1713/0x4d00 [ 476.207037][T11674] ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10 [ 476.207066][T11674] ? lockdep_hardirqs_on+0x9c/0x150 [ 476.207102][T11674] vivid_thread_vid_cap+0x8da/0x10d0 [ 476.207143][T11674] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 476.207171][T11674] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 476.207191][T11674] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 476.207213][T11674] ? __kthread_parkme+0x7b/0x200 [ 476.207233][T11674] ? __kthread_parkme+0x1a1/0x200 [ 476.207256][T11674] kthread+0x711/0x8a0 [ 476.207278][T11674] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 476.207308][T11674] ? __pfx_kthread+0x10/0x10 [ 476.207325][T11674] ? _raw_spin_unlock_irq+0x23/0x50 [ 476.207344][T11674] ? lockdep_hardirqs_on+0x9c/0x150 [ 476.207364][T11674] ? __pfx_kthread+0x10/0x10 [ 476.207387][T11674] ret_from_fork+0x3f9/0x770 [ 476.207416][T11674] ? __pfx_ret_from_fork+0x10/0x10 [ 476.207451][T11674] ? __switch_to_asm+0x39/0x70 [ 476.207469][T11674] ? __switch_to_asm+0x33/0x70 [ 476.207483][T11674] ? __pfx_kthread+0x10/0x10 [ 476.207499][T11674] ret_from_fork_asm+0x1a/0x30 [ 476.207520][T11674] [ 476.207528][T11674] [ 476.434105][T11674] The buggy address belongs to the virtual mapping at [ 476.434105][T11674] [ffffc9001eaa9000, ffffc9001eaad000) created by: [ 476.434105][T11674] vb2_vmalloc_alloc+0xef/0x340 [ 476.452023][T11674] [ 476.454356][T11674] The buggy address belongs to the physical page: [ 476.460775][T11674] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88804ede7330 pfn:0x4ede7 [ 476.470862][T11674] flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 476.477997][T11674] raw: 00fff00000000000 0000000000000000 dead000000000122 0000000000000000 [ 476.486593][T11674] raw: ffff88804ede7330 0000000000000000 00000001ffffffff 0000000000000000 [ 476.495181][T11674] page dumped because: kasan: bad access detected [ 476.501626][T11674] page_owner tracks the page as allocated [ 476.507357][T11674] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x2dc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO|__GFP_NOWARN), pid 11672, tgid 11636 (syz.0.1803), ts 476150096064, free_ts 474272234333 [ 476.526847][T11674] post_alloc_hook+0x240/0x2a0 [ 476.531668][T11674] get_page_from_freelist+0x21e4/0x22c0 [ 476.537271][T11674] __alloc_frozen_pages_noprof+0x181/0x370 [ 476.543103][T11674] alloc_pages_mpol+0x232/0x4a0 [ 476.547978][T11674] alloc_pages_noprof+0xa9/0x190 [ 476.552942][T11674] __vmalloc_node_range_noprof+0x97d/0x12f0 [ 476.558868][T11674] vmalloc_user_noprof+0xad/0xf0 [ 476.563834][T11674] vb2_vmalloc_alloc+0xef/0x340 [ 476.568701][T11674] __vb2_queue_alloc+0x9c2/0x15a0 [ 476.573731][T11674] vb2_core_reqbufs+0xc31/0x1420 [ 476.578718][T11674] __vb2_init_fileio+0x318/0xff0 [ 476.583684][T11674] vb2_core_poll+0x4c1/0x840 [ 476.588304][T11674] vb2_fop_poll+0x168/0x380 [ 476.592815][T11674] v4l2_poll+0x147/0x2c0 [ 476.597164][T11674] do_sys_poll+0x8c6/0x1070 [ 476.601764][T11674] __se_sys_ppoll+0x1ff/0x260 [ 476.606479][T11674] page last free pid 11642 tgid 11642 stack trace: [ 476.613000][T11674] __free_frozen_pages+0xc71/0xe70 [ 476.618137][T11674] vfree+0x25a/0x400 [ 476.622053][T11674] kvm_arch_free_memslot+0x13e/0x170 [ 476.627349][T11674] kvm_free_memslots+0x15b/0x200 [ 476.632300][T11674] kvm_put_kvm+0x1146/0x1650 [ 476.636929][T11674] kvm_vm_release+0x43/0x50 [ 476.641466][T11674] __fput+0x44c/0xa70 [ 476.645501][T11674] task_work_run+0x1d4/0x260 [ 476.650114][T11674] exit_to_user_mode_loop+0xec/0x110 [ 476.655443][T11674] do_syscall_64+0x2bd/0x3b0 [ 476.660046][T11674] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.665969][T11674] [ 476.668307][T11674] Memory state around the buggy address: [ 476.673971][T11674] ffffc9001eaabf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 476.682062][T11674] ffffc9001eaabf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 476.690147][T11674] >ffffc9001eaac000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 476.698231][T11674] ^ [ 476.702313][T11674] ffffc9001eaac080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 476.710397][T11674] ffffc9001eaac100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 476.718568][T11674] ================================================================== [ 477.062435][T11674] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 477.069688][T11674] CPU: 1 UID: 0 PID: 11674 Comm: vivid-000-vid-c Not tainted 6.15.0-syzkaller-11173-g546b1c9e93c2 #0 PREEMPT(full) [ 477.081838][T11674] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 477.091900][T11674] Call Trace: [ 477.095182][T11674] [ 477.098117][T11674] dump_stack_lvl+0x99/0x250 [ 477.102746][T11674] ? __asan_memcpy+0x40/0x70 [ 477.107344][T11674] ? __pfx_dump_stack_lvl+0x10/0x10 [ 477.112545][T11674] ? __pfx__printk+0x10/0x10 [ 477.117141][T11674] panic+0x2db/0x790 [ 477.121045][T11674] ? __pfx_panic+0x10/0x10 [ 477.125472][T11674] ? check_panic_on_warn+0x75/0xb0 [ 477.130589][T11674] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 477.136221][T11674] check_panic_on_warn+0x89/0xb0 [ 477.141164][T11674] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 477.146800][T11674] end_report+0x78/0x160 [ 477.151043][T11674] kasan_report+0x129/0x150 [ 477.155552][T11674] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 477.161185][T11674] kasan_check_range+0x2b0/0x2c0 [ 477.166124][T11674] ? tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 477.171774][T11674] __asan_memcpy+0x40/0x70 [ 477.176194][T11674] tpg_fill_plane_buffer+0x1b9b/0x5ec0 [ 477.181690][T11674] vivid_thread_vid_cap_tick+0xfff/0x5fd0 [ 477.187442][T11674] ? finish_task_switch+0x18b/0x950 [ 477.192692][T11674] ? rcu_is_watching+0x15/0xb0 [ 477.197504][T11674] ? __schedule+0x1713/0x4d00 [ 477.202229][T11674] ? __pfx_vivid_thread_vid_cap_tick+0x10/0x10 [ 477.208427][T11674] ? lockdep_hardirqs_on+0x9c/0x150 [ 477.213654][T11674] vivid_thread_vid_cap+0x8da/0x10d0 [ 477.218970][T11674] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 477.224708][T11674] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 477.230617][T11674] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 477.236961][T11674] ? __kthread_parkme+0x7b/0x200 [ 477.241912][T11674] ? __kthread_parkme+0x1a1/0x200 [ 477.246946][T11674] kthread+0x711/0x8a0 [ 477.251027][T11674] ? __pfx_vivid_thread_vid_cap+0x10/0x10 [ 477.256765][T11674] ? __pfx_kthread+0x10/0x10 [ 477.261367][T11674] ? _raw_spin_unlock_irq+0x23/0x50 [ 477.266586][T11674] ? lockdep_hardirqs_on+0x9c/0x150 [ 477.271802][T11674] ? __pfx_kthread+0x10/0x10 [ 477.276406][T11674] ret_from_fork+0x3f9/0x770 [ 477.281018][T11674] ? __pfx_ret_from_fork+0x10/0x10 [ 477.286149][T11674] ? __switch_to_asm+0x39/0x70 [ 477.290921][T11674] ? __switch_to_asm+0x33/0x70 [ 477.295926][T11674] ? __pfx_kthread+0x10/0x10 [ 477.300550][T11674] ret_from_fork_asm+0x1a/0x30 [ 477.305351][T11674] [ 477.308701][T11674] Kernel Offset: disabled [ 477.313039][T11674] Rebooting in 86400 seconds..