last executing test programs: 2m35.124430619s ago: executing program 4 (id=3091): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f00000000c0)={0x0, 0xc000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000000)={0x2000, 0x1000, 0xfffffffc}) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x7, 0x0, 0xfffffffffffff47c, 0x9, 0x0, 0x7, 0x3}, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x80000000000002, 0x0, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r6, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r6, &(0x7f00000001c0)={0xa, 0x40, 0x9, @empty, 0x6}, 0x1c) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000640)={0x0, 0x80000}) r7 = socket$netlink(0x10, 0x3, 0x8000000004) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) writev(r7, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff810000400e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) futex_waitv(&(0x7f0000002180)=[{0x200, &(0x7f0000000140)=0x3, 0x82}, {0x4, &(0x7f0000000200)=0x100000001, 0x2}, {0x5, &(0x7f00000002c0)=0x8, 0x2}, {0x8, &(0x7f0000000300)=0x8, 0x2}, {0x6070d72e, &(0x7f0000000340)=0xfffffffffffffffd, 0x82}, {0x609f0de7, &(0x7f00000003c0)=0xfb, 0x82}, {0x20000, &(0x7f0000000400)=0x2, 0x82}, {0x30000000000, &(0x7f0000000440)=0x9, 0x2}, {0xd232, 0x0, 0x82}, {0xffffffff00000000, &(0x7f00000006c0)=0x80, 0x2}, {0x94a, &(0x7f0000000700)=0xfffffffffffffff9, 0x2}, {0x6, 0x0, 0x2}, {0x8, &(0x7f00000007c0)=0x18, 0x82}, {0x3, 0x0, 0x82}, {0xfffffffffffffffc, &(0x7f0000000840)=0x9, 0x2}, {0x0, &(0x7f0000000880)=0x200000009, 0x82}, {0x1, &(0x7f00000008c0), 0x2}, {0x100000000, &(0x7f0000000900)=0x1, 0x2}, {0xffffffffffffffff, &(0x7f0000000940)=0x8000000000000000, 0x2}, {0x3, &(0x7f0000000980)=0xffffffffffffffff, 0x2}, {0xffffffffffffffff, &(0x7f00000009c0)=0x3, 0x82}, {0x0, &(0x7f0000000a00)=0x5, 0x82}, {0xa, &(0x7f0000000680)=0x10000, 0x82}, {0x6, &(0x7f0000000a80), 0x2}, {0x1, &(0x7f0000000ac0)=0x1000, 0x82}, {0x3000, &(0x7f0000000b00)=0x100d29, 0x82}, {0x0, &(0x7f0000000b40)=0x1ff, 0x2}, {0x9, &(0x7f0000000b80)=0x5, 0x2}, {0x8000000000000001, &(0x7f0000000bc0)=0x4c, 0x82}, {0x2, &(0x7f0000000c00)=0x8001, 0x82}, {0x7fffffffffffffff, 0x0, 0x82}, {0x0, &(0x7f0000000cc0)=0x401, 0x2}, {0x46, &(0x7f0000000d00)=0x8, 0x2}, {0x7, &(0x7f0000000d40)=0x100000001, 0x82}, {0x80000000000000, &(0x7f0000000d80)=0x2, 0x2}, {0xd, &(0x7f0000000dc0)=0xa, 0x82}, {0xb, &(0x7f0000000e00)=0x9, 0x82}, {0x3, &(0x7f0000000e40)=0xe84, 0x2}, {0x1, &(0x7f0000000e80)=0xe, 0x2}, {0x2, &(0x7f0000000ec0)=0x6, 0x2}, {0x6, &(0x7f0000000f00)=0x3, 0x2}, {0x38, &(0x7f0000000f40)=0x1, 0x2}, {0x80000000, &(0x7f0000000f80)=0x7, 0x82}, {0xd11c, &(0x7f0000000fc0)=0x6, 0x2}, {0x2, &(0x7f0000001000)=0x7fffffff, 0x2}, {0x7ff, &(0x7f0000001040)=0x8000000000000001, 0x2}, {0x8ec3, &(0x7f0000001080)=0x8, 0x2}, {0x1, &(0x7f00000010c0)=0x4, 0x2}, {0x1, &(0x7f0000001100)=0xfffffffffffffff7, 0x2}, {0x0, &(0x7f0000001140)=0xfc, 0x2}, {0x2396, &(0x7f0000001180)=0x3ff0000000000000, 0x2}, {0x9, &(0x7f00000011c0)=0x6, 0x2}, {0x4, &(0x7f0000001240)=0x6}, {0x2, &(0x7f0000001280)=0x4, 0x2}, {0xffff, &(0x7f00000012c0)=0x7}, {0x6, &(0x7f0000001300)=0x8, 0x82}, {0x3, &(0x7f0000001340)=0x7, 0x2}, {0x9, &(0x7f0000001380)=0x5, 0x2}, {0x4, &(0x7f00000013c0)=0x6, 0x82}, {0x5, &(0x7f0000001400)=0x3, 0x82}, {0x5, &(0x7f0000001440)=0x3, 0x82}, {0x0, &(0x7f0000001480)=0xfff, 0x82}, {0x800, &(0x7f00000014c0)=0x8, 0x82}, {0x7, &(0x7f0000001500)=0x4, 0x82}, {0x1ff, &(0x7f0000001540)=0xfffffffffffff801, 0x82}, {0x3, &(0x7f0000001580)=0x2, 0x82}, {0x9, &(0x7f00000015c0)=0x8}, {0xadf2, &(0x7f0000001600)=0x7, 0x82}, {0x10001, &(0x7f0000001640)=0x7, 0x82}, {0x2, &(0x7f0000001680)=0x100, 0x82}, {0x2, &(0x7f00000016c0), 0x82}, {0x6, &(0x7f0000001700)=0x7, 0x82}, {0xe, &(0x7f0000001740)=0x7fff, 0x82}, {0xfff, &(0x7f0000001780)=0x4, 0x2}, {0x3, &(0x7f00000017c0)=0x87e, 0x82}, {0xa, &(0x7f0000001800)=0xffffffff, 0x2}, {0x4d6, 0x0, 0x82}, {0x0, &(0x7f0000001880)=0x373, 0x2}, {0x5, &(0x7f00000018c0)=0x6, 0x82}, {0xa, 0x0, 0x82}, {0x5, &(0x7f0000001940)=0x5, 0x2}, {0x32, &(0x7f0000001980)=0x3, 0x82}, {0x9, 0x0, 0x2}, {0x7fffffffffffffff, &(0x7f0000001a00)=0xbe92, 0x2}, {0x7, 0x0, 0x82}, {0x80000000, &(0x7f0000001a80)=0xffffffffffffffff, 0x2}, {0x8, &(0x7f0000001b00)=0x7, 0x2}, {0x8001, &(0x7f0000001b40)=0x4, 0x2}, {0x7, &(0x7f0000001b80)=0x3, 0x82}, {0x0, 0x0}, {0x2, &(0x7f0000001c00)=0x7fff, 0x82}, {0x0, 0x0, 0x2}, {0xffffffff, &(0x7f0000001c80)=0x4, 0x82}, {0x3, &(0x7f0000001cc0), 0x82}, {0x8, &(0x7f0000001d00)=0xfffffffffffffffc, 0x82}, {0x6, &(0x7f0000001d40)=0x5}, {0xe, 0x0, 0x82}, {0x1, &(0x7f0000001dc0)=0x1, 0x2}, {0x2, &(0x7f0000001e00)=0x3a5, 0x2}, {0x6c2, 0x0, 0x82}, {0xb54, 0x0, 0x82}, {0x6, &(0x7f0000001f00)=0x139fcf2c, 0x2}, {0xa80, &(0x7f0000001f40)=0x100000000, 0x2}, {0x181b, &(0x7f0000001f80)=0x40, 0x2}, {0x1, &(0x7f0000001fc0)=0x4f, 0x2}, {0x2, &(0x7f0000002000)=0x3ff, 0x2}, {0x8000, &(0x7f0000002040)=0x8, 0x82}, {0x6, &(0x7f0000002080)=0xfffffffffffffffd}, {0x7fffffffffffffff, &(0x7f00000020c0)=0xf, 0x2}, {0x4, &(0x7f0000002140)=0x7ff, 0x82}], 0x6e, 0x0, &(0x7f0000000240)={0x77359400}, 0x1) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) ioctl$UFFDIO_API(r5, 0xc018aa3f, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="b4000000190001000000000000000000ac1414aa000000000000000000000000ffffffff000000000000000000000000000000034e1d00000a0000805e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000800000000000000000000000000000700000000000000000000000000000000000000000000000300000000007a5a92f72d2d69f8000000000000000000000000000000000000010000000000000000000e000000000000000000000000000000000040fae88df2b9c79a1f0084e6e275250da6a69ce67f366208a6e00e06000000b1bc024b77f2dc48fbe7525d010282b8e9d69c538a21afefb9fab264d1a58fb8aa3a48f9961845aa33184e2288655df3360549a15746741f8f5638be7cb804000000d97a9ddb4c21690f521d4fea7d53ae9288db85d75f17036ac3da8c6c290520f849da84a06b64af0a71c9894df1bae8bfad104c7292b29e26c0289b1b9b5d4f0f454781ecc07d97cd01db2f47aa2eb3d9d2ed57e8cbbfb1a3ec7aab98ddab019062bab7142f6cae67c17bc7206dcdca7f2fd3a93be418ac2d9bb1c8beffad5b06bc284ca5c0631a06f51e1798812e32fca81cebd939cfba48c6bb31009b2c1491f6"], 0xb4}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="e5ff0000000000004e00000000001c004000740000000000950000000000000041cca068850255544d211b541796"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xb579, &(0x7f000000cf3d)=""/195}, 0x23) 2m31.875321588s ago: executing program 4 (id=3095): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x6a855000) r0 = eventfd(0x3) ioctl$EXT4_IOC_GETFSUUID(r0, 0x8008662c, &(0x7f0000000240)) madvise(&(0x7f00009f6000/0x4000)=nil, 0x4000, 0xf) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r1) r2 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x4018831, 0xffffffffffffffff, 0x0) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f00000000c0)) r4 = socket$inet_smc(0x2b, 0x1, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000009c0)=ANY=[@ANYBLOB="2400000001040102000000c9fd0000000000000008000340000100000500010001"], 0x24}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) sendmsg$NFULNL_MSG_CONFIG(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x24, 0x1, 0x4, 0x5, 0x0, 0x0, {0x7}, [@NFULA_CFG_FLAGS={0x6}, @NFULA_CFG_CMD={0x5, 0x1, 0x2}]}, 0x24}}, 0x2000004) r6 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x2040, 0x0) fcntl$setlease(r6, 0x400, 0x1) timer_create(0x0, &(0x7f00000002c0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)=0x0) timer_settime(r7, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) truncate(&(0x7f0000000900)='./file1\x00', 0x24b9) close_range(r4, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)={{0x14}, [@NFT_MSG_NEWRULE={0xa8, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x7c, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x18, 0x2, 0x0, 0x1, [@NFTA_LOG_SNAPLEN={0x8, 0x3, 0x1, 0x0, 0x80}, @NFTA_LOG_PREFIX={0x9, 0x2, 0x1, 0x0, 'syz0\x00'}]}}}, {0x54, 0x1, 0x0, 0x1, @match={{0xa}, @val={0x44, 0x2, 0x0, 0x1, [@NFTA_MATCH_REV={0x8}, @NFTA_MATCH_INFO={0x2c, 0x3, "346384ea362eefeec3c408bf0004000000000000901d71dbb01843fcb3eaa0221283bd05c74e4430"}, @NFTA_MATCH_NAME={0xa, 0x1, 'limit\x00'}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xd0}}, 0x0) syz_memcpy_off$KVM_EXIT_HYPERCALL(r2, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6c9ecbf09d6dd7be5a06dfd645630500c1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc", 0x0, 0x48) read(r1, &(0x7f0000000100)=""/71, 0x47) ioctl$UFFDIO_UNREGISTER(r1, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}) fchmodat(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0xfffffe09) 2m29.413355088s ago: executing program 4 (id=3103): r0 = syz_open_dev$vbi(&(0x7f0000000180), 0x2, 0x2) ioctl$VIDIOC_DQBUF(r0, 0xc0585611, &(0x7f0000000040)=@mmap={0x8, 0x6, 0x4, 0x4000, 0xffffff5e, {}, {0x3, 0x1, 0x44, 0x0, 0x69, 0x5, "c8022c12"}, 0x210, 0x1, {}, 0x27}) r1 = openat$vicodec1(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmsg$unix(r2, &(0x7f0000000480)={&(0x7f00000001c0), 0x6e, &(0x7f0000000140)=[{&(0x7f0000000540)=""/260, 0xffffffffffffff35}, {&(0x7f0000000340)=""/67, 0x43}, {&(0x7f00000003c0)=""/121, 0x79}], 0x3, &(0x7f00000004c0)=[@rights={{0x10, 0x1, 0x1, [0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x14, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x0, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x38}, 0x0) ioctl$VIDIOC_ENUMINPUT(r1, 0xc04c561a, &(0x7f00000000c0)={0xd6, "41487cf55e5703d2f69406b9212df226a49c533b5ca076ac6dd69289b730056a", 0x2, 0x4, 0x3, 0x400000, 0x400, 0x8}) 2m28.071544105s ago: executing program 4 (id=3108): syz_mount_image$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x2000000, 0x0, 0x0, 0x0, 0x0) r0 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r0, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r1 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x9801) move_mount(r1, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) move_mount(r1, 0x0, 0xffffffffffffff9c, &(0x7f0000000780)='./file0\x00', 0x226) r2 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0x7, &(0x7f00000004c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r2}}]}, &(0x7f0000001a00)='syzkaller\x00', 0xa, 0x0, 0x0, 0x0, 0x61, '\x00', 0x0, @fallback=0xa, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3}, 0x94) 2m27.596315656s ago: executing program 4 (id=3111): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xb}}, 0x6}, 0x1c) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xd}, 0x1c) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000a00)=@delchain={0x1d0, 0x65, 0x20, 0x70bd27, 0x25dfdbfc, {0x0, 0x0, 0x0, 0x0, {0x2, 0x2}, {0x0, 0xd}, {0x0, 0xffea}}, [@TCA_CHAIN={0x8, 0xb, 0x6}, @filter_kind_options=@f_route={{0xa}, {0x198, 0x2, [@TCA_ROUTE4_ACT={0x194, 0x6, [@m_vlan={0x74, 0x6, 0x0, 0x0, {{0x9}, {0x14, 0x2, 0x0, 0x1, [@TCA_VLAN_PUSH_VLAN_ID={0x6, 0x3, 0x1b6}, @TCA_VLAN_PUSH_VLAN_PROTOCOL={0x6, 0x4, 0x8100}]}, {0x36, 0x6, "657c8f856bb2bb5d377d3e798375b1d28aa9ff79c5750c001846426a94e358dab26224b357e0bd9c9b84cfee21ec99f48cf5"}, {0xc}, {0xc}}}, @m_bpf={0x11c, 0xa, 0x0, 0x0, {{0x8}, {0x4}, {0xf1, 0x6, "8eb55930760aaf0b59772c5971036fba8994239acc2d66a896c98c740ca7d203000000000000002a326cef7c8ba136d0bce7d5be2f44c0f7df2af8b58cd15301925bdef87ac2e982db6d48439b06b9d7e9e88cb4d0262a5d0900461c33b2f76470602416519436d7f6f3d3dec1bf02a5ce6e83f8664d689fd77f1519cfac04b8ebd7ea20e82977ee8d8e46d44e8f8c8485af903929b1f3288322548d9e6a92389a03899eaaba97faeef8863180bc96804713e41b3d6d0032dc6414d0626a176725767c2a42131583a64bf3c2e43f64d02f9be090aa44978db670068ac547d4aa7dfb2219f8c926b7d6925ec910"}, {0xc, 0x7, {0x1, 0x1}}, {0xc, 0x8, {0x2, 0x1}}}}]}]}}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x4004}, 0x20008885) sendto(0xffffffffffffffff, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0x14}, {&(0x7f00000007c0)=""/154, 0x21}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0xffffffffffffff2f}}], 0x4000000000003b4, 0x2040000, &(0x7f0000003700)={0x77359400}) 2m27.380623505s ago: executing program 4 (id=3113): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f00000000c0)={0x0, 0xc000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000000)={0x2000, 0x1000, 0xfffffffc}) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x7, 0x0, 0xfffffffffffff47c, 0x9, 0x0, 0x7, 0x3}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r6, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r6, &(0x7f00000001c0)={0xa, 0x40, 0x9, @empty, 0x6}, 0x1c) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000640)={0x0, 0x80000}) r7 = socket$netlink(0x10, 0x3, 0x8000000004) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) writev(r7, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff810000400e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) futex_waitv(&(0x7f0000002180)=[{0x200, &(0x7f0000000140)=0x3, 0x82}, {0x4, &(0x7f0000000200)=0x100000001, 0x2}, {0x5, &(0x7f00000002c0)=0x8, 0x2}, {0x8, &(0x7f0000000300)=0x8, 0x2}, {0x6070d72e, &(0x7f0000000340)=0xfffffffffffffffd, 0x82}, {0x609f0de7, &(0x7f00000003c0)=0xfb, 0x82}, {0x20000, &(0x7f0000000400)=0x2, 0x82}, {0x30000000000, &(0x7f0000000440)=0x9, 0x2}, {0xd232, 0x0, 0x82}, {0xffffffff00000000, &(0x7f00000006c0)=0x80, 0x2}, {0x94a, &(0x7f0000000700)=0xfffffffffffffff9, 0x2}, {0x6, 0x0, 0x2}, {0x8, &(0x7f00000007c0)=0x18, 0x82}, {0x3, 0x0, 0x82}, {0xfffffffffffffffc, &(0x7f0000000840)=0x9, 0x2}, {0x0, &(0x7f0000000880)=0x200000009, 0x82}, {0x1, &(0x7f00000008c0), 0x2}, {0x100000000, &(0x7f0000000900)=0x1, 0x2}, {0xffffffffffffffff, &(0x7f0000000940)=0x8000000000000000, 0x2}, {0x3, &(0x7f0000000980)=0xffffffffffffffff, 0x2}, {0xffffffffffffffff, &(0x7f00000009c0)=0x3, 0x82}, {0x0, &(0x7f0000000a00)=0x5, 0x82}, {0xa, &(0x7f0000000680)=0x10000, 0x82}, {0x6, &(0x7f0000000a80), 0x2}, {0x1, &(0x7f0000000ac0)=0x1000, 0x82}, {0x3000, &(0x7f0000000b00)=0x100d29, 0x82}, {0x0, &(0x7f0000000b40)=0x1ff, 0x2}, {0x9, &(0x7f0000000b80)=0x5, 0x2}, {0x8000000000000001, &(0x7f0000000bc0)=0x4c, 0x82}, {0x2, &(0x7f0000000c00)=0x8001, 0x82}, {0x7fffffffffffffff, 0x0, 0x82}, {0x0, &(0x7f0000000cc0)=0x401, 0x2}, {0x46, &(0x7f0000000d00)=0x8, 0x2}, {0x7, &(0x7f0000000d40)=0x100000001, 0x82}, {0x80000000000000, &(0x7f0000000d80)=0x2, 0x2}, {0xd, &(0x7f0000000dc0)=0xa, 0x82}, {0xb, &(0x7f0000000e00)=0x9, 0x82}, {0x3, &(0x7f0000000e40)=0xe84, 0x2}, {0x1, &(0x7f0000000e80)=0xe, 0x2}, {0x2, &(0x7f0000000ec0)=0x6, 0x2}, {0x6, &(0x7f0000000f00)=0x3, 0x2}, {0x38, &(0x7f0000000f40)=0x1, 0x2}, {0x80000000, &(0x7f0000000f80)=0x7, 0x82}, {0xd11c, &(0x7f0000000fc0)=0x6, 0x2}, {0x2, &(0x7f0000001000)=0x7fffffff, 0x2}, {0x7ff, &(0x7f0000001040)=0x8000000000000001, 0x2}, {0x8ec3, &(0x7f0000001080)=0x8, 0x2}, {0x1, &(0x7f00000010c0)=0x4, 0x2}, {0x1, &(0x7f0000001100)=0xfffffffffffffff7, 0x2}, {0x0, &(0x7f0000001140)=0xfc, 0x2}, {0x2396, &(0x7f0000001180)=0x3ff0000000000000, 0x2}, {0x9, &(0x7f00000011c0)=0x6, 0x2}, {0x4, &(0x7f0000001240)=0x6}, {0x2, &(0x7f0000001280)=0x4, 0x2}, {0xffff, &(0x7f00000012c0)=0x7}, {0x6, &(0x7f0000001300)=0x8, 0x82}, {0x3, &(0x7f0000001340)=0x7, 0x2}, {0x9, &(0x7f0000001380)=0x5, 0x2}, {0x4, &(0x7f00000013c0)=0x6, 0x82}, {0x5, &(0x7f0000001400)=0x3, 0x82}, {0x5, &(0x7f0000001440)=0x3, 0x82}, {0x0, &(0x7f0000001480)=0xfff, 0x82}, {0x800, &(0x7f00000014c0)=0x8, 0x82}, {0x7, &(0x7f0000001500)=0x4, 0x82}, {0x1ff, &(0x7f0000001540)=0xfffffffffffff801, 0x82}, {0x3, &(0x7f0000001580)=0x2, 0x82}, {0x9, &(0x7f00000015c0)=0x8}, {0xadf2, &(0x7f0000001600)=0x7, 0x82}, {0x10001, &(0x7f0000001640)=0x7, 0x82}, {0x2, &(0x7f0000001680)=0x100, 0x82}, {0x2, &(0x7f00000016c0), 0x82}, {0x6, &(0x7f0000001700)=0x7, 0x82}, {0xe, &(0x7f0000001740)=0x7fff, 0x82}, {0xfff, &(0x7f0000001780)=0x4, 0x2}, {0x3, &(0x7f00000017c0)=0x87e, 0x82}, {0xa, &(0x7f0000001800)=0xffffffff, 0x2}, {0x4d6, 0x0, 0x82}, {0x0, &(0x7f0000001880)=0x373, 0x2}, {0x5, &(0x7f00000018c0)=0x6, 0x82}, {0xa, 0x0, 0x82}, {0x5, &(0x7f0000001940)=0x5, 0x2}, {0x32, &(0x7f0000001980)=0x3, 0x82}, {0x9, 0x0, 0x2}, {0x7fffffffffffffff, &(0x7f0000001a00)=0xbe92, 0x2}, {0x7, 0x0, 0x82}, {0x80000000, &(0x7f0000001a80)=0xffffffffffffffff, 0x2}, {0x8, &(0x7f0000001b00)=0x7, 0x2}, {0x8001, &(0x7f0000001b40)=0x4, 0x2}, {0x7, &(0x7f0000001b80)=0x3, 0x82}, {0x0, 0x0}, {0x2, &(0x7f0000001c00)=0x7fff, 0x82}, {0x0, 0x0, 0x2}, {0xffffffff, &(0x7f0000001c80)=0x4, 0x82}, {0x3, &(0x7f0000001cc0), 0x82}, {0x8, &(0x7f0000001d00)=0xfffffffffffffffc, 0x82}, {0x6, &(0x7f0000001d40)=0x5}, {0xe, 0x0, 0x82}, {0x1, &(0x7f0000001dc0)=0x1, 0x2}, {0x2, &(0x7f0000001e00)=0x3a5, 0x2}, {0x6c2, 0x0, 0x82}, {0xb54, 0x0, 0x82}, {0x6, &(0x7f0000001f00)=0x139fcf2c, 0x2}, {0xa80, &(0x7f0000001f40)=0x100000000, 0x2}, {0x181b, &(0x7f0000001f80)=0x40, 0x2}, {0x1, &(0x7f0000001fc0)=0x4f, 0x2}, {0x2, &(0x7f0000002000)=0x3ff, 0x2}, {0x8000, &(0x7f0000002040)=0x8, 0x82}, {0x6, &(0x7f0000002080)=0xfffffffffffffffd}, {0x7fffffffffffffff, &(0x7f00000020c0)=0xf, 0x2}, {0x4, &(0x7f0000002140)=0x7ff, 0x82}], 0x6e, 0x0, &(0x7f0000000240)={0x77359400}, 0x1) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) ioctl$UFFDIO_API(r5, 0xc018aa3f, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="b4000000190001000000000000000000ac1414aa000000000000000000000000ffffffff000000000000000000000000000000034e1d00000a0000805e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000800000000000000000000000000000700000000000000000000000000000000000000000000000300000000007a5a92f72d2d69f8000000000000000000000000000000000000010000000000000000000e000000000000000000000000000000000040fae88df2b9c79a1f0084e6e275250da6a69ce67f366208a6e00e06000000b1bc024b77f2dc48fbe7525d010282b8e9d69c538a21afefb9fab264d1a58fb8aa3a48f9961845aa33184e2288655df3360549a15746741f8f5638be7cb804000000d97a9ddb4c21690f521d4fea7d53ae9288db85d75f17036ac3da8c6c290520f849da84a06b64af0a71c9894df1bae8bfad104c7292b29e26c0289b1b9b5d4f0f454781ecc07d97cd01db2f47aa2eb3d9d2ed57e8cbbfb1a3ec7aab98ddab019062bab7142f6cae67c17bc7206dcdca7f2fd3a93be418ac2d9bb1c8beffad5b06bc284ca5c0631a06f51e1798812e32fca81cebd939cfba48c6bb31009b2c1491f6"], 0xb4}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="e5ff0000000000004e00000000001c004000740000000000950000000000000041cca068850255544d211b541796"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xb579, &(0x7f000000cf3d)=""/195}, 0x23) 2m25.79523151s ago: executing program 32 (id=3113): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x2) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$KVM_REGISTER_COALESCED_MMIO(r5, 0x4010ae67, &(0x7f00000000c0)={0x0, 0xc000}) ioctl$KVM_UNREGISTER_COALESCED_MMIO(r5, 0x4010ae68, &(0x7f0000000000)={0x2000, 0x1000, 0xfffffffc}) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x7, 0x0, 0xfffffffffffff47c, 0x9, 0x0, 0x7, 0x3}, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) r6 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r6, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) connect$inet6(r6, &(0x7f00000001c0)={0xa, 0x40, 0x9, @empty, 0x6}, 0x1c) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000640)={0x0, 0x80000}) r7 = socket$netlink(0x10, 0x3, 0x8000000004) capset(&(0x7f0000000000)={0x20080522}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x81, 0xffffffff}) writev(r7, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff810000400e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) futex_waitv(&(0x7f0000002180)=[{0x200, &(0x7f0000000140)=0x3, 0x82}, {0x4, &(0x7f0000000200)=0x100000001, 0x2}, {0x5, &(0x7f00000002c0)=0x8, 0x2}, {0x8, &(0x7f0000000300)=0x8, 0x2}, {0x6070d72e, &(0x7f0000000340)=0xfffffffffffffffd, 0x82}, {0x609f0de7, &(0x7f00000003c0)=0xfb, 0x82}, {0x20000, &(0x7f0000000400)=0x2, 0x82}, {0x30000000000, &(0x7f0000000440)=0x9, 0x2}, {0xd232, 0x0, 0x82}, {0xffffffff00000000, &(0x7f00000006c0)=0x80, 0x2}, {0x94a, &(0x7f0000000700)=0xfffffffffffffff9, 0x2}, {0x6, 0x0, 0x2}, {0x8, &(0x7f00000007c0)=0x18, 0x82}, {0x3, 0x0, 0x82}, {0xfffffffffffffffc, &(0x7f0000000840)=0x9, 0x2}, {0x0, &(0x7f0000000880)=0x200000009, 0x82}, {0x1, &(0x7f00000008c0), 0x2}, {0x100000000, &(0x7f0000000900)=0x1, 0x2}, {0xffffffffffffffff, &(0x7f0000000940)=0x8000000000000000, 0x2}, {0x3, &(0x7f0000000980)=0xffffffffffffffff, 0x2}, {0xffffffffffffffff, &(0x7f00000009c0)=0x3, 0x82}, {0x0, &(0x7f0000000a00)=0x5, 0x82}, {0xa, &(0x7f0000000680)=0x10000, 0x82}, {0x6, &(0x7f0000000a80), 0x2}, {0x1, &(0x7f0000000ac0)=0x1000, 0x82}, {0x3000, &(0x7f0000000b00)=0x100d29, 0x82}, {0x0, &(0x7f0000000b40)=0x1ff, 0x2}, {0x9, &(0x7f0000000b80)=0x5, 0x2}, {0x8000000000000001, &(0x7f0000000bc0)=0x4c, 0x82}, {0x2, &(0x7f0000000c00)=0x8001, 0x82}, {0x7fffffffffffffff, 0x0, 0x82}, {0x0, &(0x7f0000000cc0)=0x401, 0x2}, {0x46, &(0x7f0000000d00)=0x8, 0x2}, {0x7, &(0x7f0000000d40)=0x100000001, 0x82}, {0x80000000000000, &(0x7f0000000d80)=0x2, 0x2}, {0xd, &(0x7f0000000dc0)=0xa, 0x82}, {0xb, &(0x7f0000000e00)=0x9, 0x82}, {0x3, &(0x7f0000000e40)=0xe84, 0x2}, {0x1, &(0x7f0000000e80)=0xe, 0x2}, {0x2, &(0x7f0000000ec0)=0x6, 0x2}, {0x6, &(0x7f0000000f00)=0x3, 0x2}, {0x38, &(0x7f0000000f40)=0x1, 0x2}, {0x80000000, &(0x7f0000000f80)=0x7, 0x82}, {0xd11c, &(0x7f0000000fc0)=0x6, 0x2}, {0x2, &(0x7f0000001000)=0x7fffffff, 0x2}, {0x7ff, &(0x7f0000001040)=0x8000000000000001, 0x2}, {0x8ec3, &(0x7f0000001080)=0x8, 0x2}, {0x1, &(0x7f00000010c0)=0x4, 0x2}, {0x1, &(0x7f0000001100)=0xfffffffffffffff7, 0x2}, {0x0, &(0x7f0000001140)=0xfc, 0x2}, {0x2396, &(0x7f0000001180)=0x3ff0000000000000, 0x2}, {0x9, &(0x7f00000011c0)=0x6, 0x2}, {0x4, &(0x7f0000001240)=0x6}, {0x2, &(0x7f0000001280)=0x4, 0x2}, {0xffff, &(0x7f00000012c0)=0x7}, {0x6, &(0x7f0000001300)=0x8, 0x82}, {0x3, &(0x7f0000001340)=0x7, 0x2}, {0x9, &(0x7f0000001380)=0x5, 0x2}, {0x4, &(0x7f00000013c0)=0x6, 0x82}, {0x5, &(0x7f0000001400)=0x3, 0x82}, {0x5, &(0x7f0000001440)=0x3, 0x82}, {0x0, &(0x7f0000001480)=0xfff, 0x82}, {0x800, &(0x7f00000014c0)=0x8, 0x82}, {0x7, &(0x7f0000001500)=0x4, 0x82}, {0x1ff, &(0x7f0000001540)=0xfffffffffffff801, 0x82}, {0x3, &(0x7f0000001580)=0x2, 0x82}, {0x9, &(0x7f00000015c0)=0x8}, {0xadf2, &(0x7f0000001600)=0x7, 0x82}, {0x10001, &(0x7f0000001640)=0x7, 0x82}, {0x2, &(0x7f0000001680)=0x100, 0x82}, {0x2, &(0x7f00000016c0), 0x82}, {0x6, &(0x7f0000001700)=0x7, 0x82}, {0xe, &(0x7f0000001740)=0x7fff, 0x82}, {0xfff, &(0x7f0000001780)=0x4, 0x2}, {0x3, &(0x7f00000017c0)=0x87e, 0x82}, {0xa, &(0x7f0000001800)=0xffffffff, 0x2}, {0x4d6, 0x0, 0x82}, {0x0, &(0x7f0000001880)=0x373, 0x2}, {0x5, &(0x7f00000018c0)=0x6, 0x82}, {0xa, 0x0, 0x82}, {0x5, &(0x7f0000001940)=0x5, 0x2}, {0x32, &(0x7f0000001980)=0x3, 0x82}, {0x9, 0x0, 0x2}, {0x7fffffffffffffff, &(0x7f0000001a00)=0xbe92, 0x2}, {0x7, 0x0, 0x82}, {0x80000000, &(0x7f0000001a80)=0xffffffffffffffff, 0x2}, {0x8, &(0x7f0000001b00)=0x7, 0x2}, {0x8001, &(0x7f0000001b40)=0x4, 0x2}, {0x7, &(0x7f0000001b80)=0x3, 0x82}, {0x0, 0x0}, {0x2, &(0x7f0000001c00)=0x7fff, 0x82}, {0x0, 0x0, 0x2}, {0xffffffff, &(0x7f0000001c80)=0x4, 0x82}, {0x3, &(0x7f0000001cc0), 0x82}, {0x8, &(0x7f0000001d00)=0xfffffffffffffffc, 0x82}, {0x6, &(0x7f0000001d40)=0x5}, {0xe, 0x0, 0x82}, {0x1, &(0x7f0000001dc0)=0x1, 0x2}, {0x2, &(0x7f0000001e00)=0x3a5, 0x2}, {0x6c2, 0x0, 0x82}, {0xb54, 0x0, 0x82}, {0x6, &(0x7f0000001f00)=0x139fcf2c, 0x2}, {0xa80, &(0x7f0000001f40)=0x100000000, 0x2}, {0x181b, &(0x7f0000001f80)=0x40, 0x2}, {0x1, &(0x7f0000001fc0)=0x4f, 0x2}, {0x2, &(0x7f0000002000)=0x3ff, 0x2}, {0x8000, &(0x7f0000002040)=0x8, 0x82}, {0x6, &(0x7f0000002080)=0xfffffffffffffffd}, {0x7fffffffffffffff, &(0x7f00000020c0)=0xf, 0x2}, {0x4, &(0x7f0000002140)=0x7ff, 0x82}], 0x6e, 0x0, &(0x7f0000000240)={0x77359400}, 0x1) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x1, 0x0, 0x0, 0x2) ioctl$UFFDIO_API(r5, 0xc018aa3f, 0x0) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="b4000000190001000000000000000000ac1414aa000000000000000000000000ffffffff000000000000000000000000000000034e1d00000a0000805e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000800000000000000000000000000000700000000000000000000000000000000000000000000000300000000007a5a92f72d2d69f8000000000000000000000000000000000000010000000000000000000e000000000000000000000000000000000040fae88df2b9c79a1f0084e6e275250da6a69ce67f366208a6e00e06000000b1bc024b77f2dc48fbe7525d010282b8e9d69c538a21afefb9fab264d1a58fb8aa3a48f9961845aa33184e2288655df3360549a15746741f8f5638be7cb804000000d97a9ddb4c21690f521d4fea7d53ae9288db85d75f17036ac3da8c6c290520f849da84a06b64af0a71c9894df1bae8bfad104c7292b29e26c0289b1b9b5d4f0f454781ecc07d97cd01db2f47aa2eb3d9d2ed57e8cbbfb1a3ec7aab98ddab019062bab7142f6cae67c17bc7206dcdca7f2fd3a93be418ac2d9bb1c8beffad5b06bc284ca5c0631a06f51e1798812e32fca81cebd939cfba48c6bb31009b2c1491f6"], 0xb4}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x1, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="e5ff0000000000004e00000000001c004000740000000000950000000000000041cca068850255544d211b541796"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xb579, &(0x7f000000cf3d)=""/195}, 0x23) 6.263249115s ago: executing program 3 (id=3580): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000480)={0x73622a85, 0x0, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x80000) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000040)={0x10, 0x0, &(0x7f0000000440)=[@request_death={0x400c6313}], 0xffffffffffffff9a, 0x1000000, 0x0}) ioctl$EVIOCREVOKE(r2, 0x40044591, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000640)={0x8, 0x0, &(0x7f0000000000)=[@decrefs={0x400c6314}], 0x0, 0x0, 0x0}) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, 0x0, 0x0) 6.055832849s ago: executing program 3 (id=3582): r0 = syz_usb_connect(0x2, 0x36, &(0x7f00000005c0)={{0x12, 0x1, 0x0, 0x3a, 0x37, 0x5, 0x20, 0x781, 0x5, 0x5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xe6, 0x2, 0x2, 0x5b, 0xbd, 0x97, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) connect$unix(r1, &(0x7f0000000040)=@abs={0x0, 0x0, 0x4e20}, 0x6e) r2 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x822b01) r3 = socket$nl_generic(0x10, 0x3, 0x10) fdatasync(r1) sendmsg$netlink(r3, &(0x7f0000001900)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000001a00)={0x10, 0x25, 0x4, 0x70bd26, 0x25dfdbff}, 0x10}], 0x1, 0x0, 0x0, 0x20000801}, 0x40010) r4 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r4, &(0x7f0000514ff4)={0x10, 0x0, 0x25dfdbfb, 0x10000400}, 0xc) bind$netlink(r4, &(0x7f0000000080)={0x10, 0x0, 0x25dfdbfb, 0x1}, 0xc) r5 = socket$caif_seqpacket(0x25, 0x5, 0x0) ioctl$AUTOFS_IOC_PROTOSUBVER(r5, 0x80049367, &(0x7f0000000280)) syz_genetlink_get_family_id$devlink(&(0x7f0000000000), r3) recvmmsg(r3, &(0x7f00000086c0)=[{{0x0, 0x0, &(0x7f0000000840)=[{&(0x7f0000000340)=""/154, 0x9a}, {&(0x7f0000000880)=""/4111, 0x100f}, {&(0x7f00000007c0)=""/97, 0x61}], 0x3}, 0x7}, {{0x0, 0x0, 0x0}, 0x1000}], 0x2, 0x8042, 0x0) write$char_usb(r2, &(0x7f0000000040)="e2", 0x12d8) sendmsg$key(r1, &(0x7f0000000100)={0x40000000, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="021800001c000000000000000000000005000600000000000a00000000000000000000000000000000000000000000000000000000000000020012000000000000000000fcffffff0600ff0000000000000000000000000000000000000000000000000001000000fe8000000000002100000000000000bb050005002b0000000a00000000000000fc010000000200000002000000000000"], 0xe0}}, 0x0) r6 = socket(0x1e, 0x1, 0x0) recvmmsg$unix(r6, &(0x7f0000000340)=[{{0x0, 0x0, 0x0}}], 0x1, 0x60012140, 0x0) socket$xdp(0x2c, 0x3, 0x0) r7 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000240)='blkio.throttle.io_serviced\x00', 0x275a, 0x0) fcntl$lock(r4, 0x25, &(0x7f0000000300)={0x0, 0x2, 0x9, 0x8a}) fcntl$lock(r7, 0x5, &(0x7f0000000140)={0x0, 0x1, 0x107ffffc}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000004c0)={0x24, &(0x7f0000000240)={0x40}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000200)={0x10, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) setsockopt$RXRPC_SECURITY_KEYRING(r7, 0x110, 0x2, &(0x7f00000002c0)='{^\x00', 0x3) bind$unix(0xffffffffffffffff, &(0x7f0000000100)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) 2.995334445s ago: executing program 0 (id=3598): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2002, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000240)="67400f07c40249af4b8bb9800000c00f3235010000000f300f20a366450f769e00000100440f20c03588001d00440f22c0460f01c9c4827d24c366bafc0cf0ff07ef87f345a57a43e16806a4", 0x4c}], 0x1, 0x7c, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000300)={[0x9, 0x7, 0x6, 0x7fffffff, 0x7, 0xf, 0xe5, 0x3ff, 0xfffffffffffffc00, 0x80000001, 0x3, 0x8, 0x0, 0x5, 0x9, 0x84], 0xeeef0000, 0x28010}) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x80a0000, 0x4000, 0x8, 0xe, 0x3, 0xd0, 0x40, 0x7, 0x0, 0x2e, 0x19}, {0x5000, 0x2, 0x8, 0x2, 0x40, 0x7, 0x7f, 0x6, 0x5, 0x0, 0x3, 0x6}, {0x3000, 0x4000, 0x8, 0x5, 0x1, 0x7, 0x0, 0x9, 0x0, 0xa7, 0x8, 0x81}, {0x6000, 0x100000, 0xa, 0x6, 0x3, 0x2, 0x1, 0xf8, 0x8, 0x9, 0xe, 0xf1}, {0x4000, 0x2000, 0x10, 0x3, 0x15, 0x2, 0xab, 0x7f, 0x1, 0x83, 0xf7, 0x6}, {0x1000, 0x80a0000, 0xc, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x80, 0xf, 0x1, 0x7}, {0x0, 0x1, 0x4, 0x5, 0x0, 0x5, 0x4, 0x3, 0x5, 0x81, 0x3, 0x70}, {0x0, 0xeeef0000, 0xc, 0x5, 0xf, 0x7, 0x1, 0x34, 0x2, 0x8, 0xf0, 0x9}, {0xeeef0000, 0x30}, {0x3000, 0x7}, 0x80000031, 0x0, 0x6000, 0x2024, 0x6, 0x0, 0x3000, [0x6800000000000000, 0x9, 0x5e, 0x3]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.891388823s ago: executing program 2 (id=3599): r0 = socket$inet6_udp(0xa, 0x2, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r0, 0x852ac000) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x86, 0x4) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000100)=0x4583c57b, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x40000, &(0x7f0000000180)={0xa, 0x4e20, 0xbb9f, @loopback, 0x627bcafb}, 0x1c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000040)=0x8, 0x4) recvmmsg(r0, &(0x7f0000000f40)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000f80)=""/201, 0xc9}, 0x4}], 0x1, 0x40002000, 0x0) 2.629344321s ago: executing program 2 (id=3600): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000140)={0x0, 0x10, &(0x7f0000000100)=[@in={0x2, 0x4e24, @private=0xa010101}]}, &(0x7f0000000180)=0x10) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(r0, 0x84, 0xc, &(0x7f00000000c0), 0x4) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x1f, &(0x7f0000000240)={r1, @in={{0x2, 0x4e24, @private=0xa010101}}, 0x4, 0x4}, 0x90) 2.543208615s ago: executing program 1 (id=3601): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000240)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0x1, 0x41, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000080)=@x86={0x82, 0x10, 0x6, 0x0, 0x80000001, 0x9, 0x0, 0x4b, 0x2, 0x4, 0x2, 0x0, 0x0, 0x1, 0x9, 0x0, 0xf, 0x8, 0x44, '\x00', 0x7, 0xb4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.51661068s ago: executing program 0 (id=3602): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f000000a000)=[{{&(0x7f00000000c0)={0xa, 0x22, 0x0, @rand_addr=' \x01\x00'}, 0x1c, &(0x7f0000000000)=[{&(0x7f0000000240)="ad", 0x1}], 0x1}}], 0x1, 0x0) r1 = socket$netlink(0x10, 0x3, 0x4) writev(r1, &(0x7f0000000080)=[{&(0x7f0000000e40)="480000001400190d09004beafd0d36020a8447000b4e230f00000000a2bc560119d7004f19dfb7f393d7359031033f817f00000000000000000101ff05c00e030002000000ffff01", 0x48}], 0x1) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r2, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}], 0x10) sendto$inet6(r2, &(0x7f0000000240)='\x00', 0x1, 0x0, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0x5}, 0x1c) setsockopt$inet_sctp6_SCTP_EVENTS(r2, 0x84, 0xb, 0x0, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000140), r1) 1.980949529s ago: executing program 1 (id=3603): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x33, &(0x7f0000000100)=0x9, 0x4) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x300000a, 0x12, r0, 0x852ac000) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000000)=0x86, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x40000, &(0x7f0000000180)={0xa, 0x4e20, 0x8001, @loopback, 0x627bcafb}, 0x1c) setsockopt$SO_TIMESTAMP(r0, 0x1, 0x23, &(0x7f0000000040)=0x8, 0x4) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000200)=0x209, 0x4) recvmmsg(r0, &(0x7f0000000140)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000fc0)=""/4110, 0x100e}, 0x7ffffffe}], 0x1, 0x40002000, 0x0) 1.807441386s ago: executing program 1 (id=3604): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x205, 0x6, 0x0, 0x0, 0x10003, 0x41, 0x400200cc4, 0xffd, 0x4, 0x0, 0x7, 0x0, 0x2, 0x0, 0x6a, 0x8d], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000040)=@arm64={0x3, 0x0, 0x0, '\x00', 0x3a}) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000280)={'\x00', 0xf, 0x66a, 0x9, 0x0, 0x1, 0x80a4000, 0xd000, '\x00', 0xd5ad}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.690286808s ago: executing program 5 (id=3605): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmmsg$inet(r0, &(0x7f00000014c0)=[{{&(0x7f0000001380)={0x2, 0x4e22, @local}, 0x10, 0x0}}, {{&(0x7f0000000000)={0x2, 0x4e21, @rand_addr=0x64010102}, 0x10, 0x0, 0x0, &(0x7f0000000080)=[@ip_retopts={{0x18, 0x0, 0x7, {[@timestamp_prespec={0x44, 0x4, 0xa4, 0x3, 0x2}, @rr={0x7, 0x3, 0x1}]}}}], 0x18}}], 0x2, 0x0) 1.551901342s ago: executing program 3 (id=3606): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000000f478ef8ed"]) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x205, 0x6, 0x0, 0x0, 0x10003, 0x41, 0x400200cc4, 0xffd, 0x4, 0x0, 0x7, 0x0, 0x2, 0x0, 0x6a, 0x8d], 0xeeee8000, 0x2011c0}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000040)=@x86={0x8, 0xd, 0x5c, 0x0, 0x7, 0xe, 0x7, 0x25, 0x9, 0x0, 0xff, 0x4, 0x0, 0x400, 0x2, 0x81, 0x4, 0xe, 0x61, '\x00', 0x6, 0xffff}) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000280)={'\x00', 0xf, 0x66a, 0x9, 0x0, 0x1, 0x80a4000, 0xd000, '\x00', 0xd5ad}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.52146883s ago: executing program 2 (id=3607): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000240)) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) r3 = ioctl$KVM_GET_VCPU_MMAP_SIZE(r0, 0xae04) mmap$KVM_VCPU(&(0x7f0000fe9000/0x3000)=nil, r3, 0x1000006, 0x13, r2, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe5000/0x18000)=nil, &(0x7f00000000c0)=[@text64={0x40, 0x0}], 0xaaaac09, 0x41, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000080)=0x4) ioctl$KVM_SET_MP_STATE(r2, 0x4004ae99, &(0x7f0000000100)=0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.51181309s ago: executing program 5 (id=3608): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x101000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000040)={0x0, 0x3, 0x0, 0x1000, &(0x7f0000fe6000/0x1000)=nil}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000100)="0fae4afb663667360f01df66b9800000c00f326635001000000f303e0f08c04e0100bad104ed66b9800000c00f326635010000000f300fc7aa0060baf80c66b8cab6738966efbafc0ced66b9130800000f32", 0x52}], 0x1, 0x3, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.43268822s ago: executing program 0 (id=3609): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000036000/0x18000)=nil, &(0x7f0000000000)=[@text64={0x40, 0x0}], 0x1, 0x49, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x2000, 0xeeee0000, 0x8, 0x9, 0xfb, 0xe4, 0x40, 0x7, 0x0, 0x2e, 0x1a}, {0x5000, 0xeeee6001, 0x3, 0x0, 0x40, 0x5, 0x7d, 0x6, 0x5, 0x3, 0x3}, {0xeeef0000, 0x5000, 0xc, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa7, 0x5, 0x81}, {0x3000, 0x1, 0x9, 0x3, 0x4, 0x42, 0xb, 0xff, 0xa, 0x7, 0xe}, {0xeeee0000, 0xd000, 0xb, 0x5, 0x15, 0x7, 0xab, 0x7f, 0x7, 0x83, 0xf7, 0x83}, {0x1000, 0x0, 0xc, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x80, 0xf, 0x1, 0x7}, {0x3000, 0x8000000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x3, 0x5, 0x81, 0x0, 0x70}, {0x100000, 0x1000, 0xe, 0x5, 0xf, 0x7, 0x1, 0x34, 0x2, 0xb, 0xb0, 0x9}, {0xeeef0000, 0x30}, {0x6000, 0x7}, 0x80000031, 0x0, 0x8000000, 0x2024, 0x3, 0x0, 0x3000, [0x6800000000000000, 0x4, 0x60, 0xff]}) ioctl$KVM_SET_SREGS(r2, 0x4138ae84, &(0x7f00000001c0)={{0x100000, 0xeeef0000, 0xa, 0xaf, 0x3, 0xd2, 0x81, 0x7, 0x0, 0x2b, 0x9}, {0xf000, 0x2, 0x9, 0x0, 0x40, 0x7, 0x7f, 0x6, 0x5, 0x0, 0x3, 0x6}, {0x4000, 0x1, 0x8, 0x5, 0x1, 0x4, 0x3, 0xc5, 0x0, 0xa7, 0x8, 0x81}, {0xeeef0000, 0x100000, 0xc, 0x3, 0x3, 0x2, 0x1, 0xfb, 0x10, 0x7, 0xe, 0xf1}, {0x0, 0x2000, 0x8, 0xd, 0x5, 0x6, 0xa, 0x7f, 0x9, 0x0, 0xf7, 0x43}, {0x1000, 0x8080000, 0xa, 0x80, 0xb1, 0x8, 0x4, 0x80, 0x80, 0xf, 0x1, 0x8}, {0x5000, 0xeeee8000, 0xc, 0x7, 0x0, 0x5, 0x1, 0x3, 0x5, 0x80, 0x3, 0x2}, {0x100000, 0x1, 0xc, 0x5, 0x5, 0x7, 0x1, 0x37, 0x9, 0x8, 0xf0, 0xa}, {0xeeef0000, 0x70}, {0x5000, 0x3}, 0x80000031, 0x0, 0xe6ee0000, 0x2004, 0xa, 0x0, 0x3000, [0x8000000000000000, 0xfffffffffffffffd, 0x15e, 0x3]}) 1.41215012s ago: executing program 1 (id=3610): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000180)={0x0, 0x1c000, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000380)={0x4, 0x3c000, 0x1}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000040)={0x0, 0x12000, 0x1}) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f0000000000)={0xeeee8000, 0x2000, 0x1}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.183482515s ago: executing program 5 (id=3611): r0 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x190) r1 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x98) r2 = open(&(0x7f00000000c0)='./file0\x00', 0x108843, 0x98) fcntl$setlease(r2, 0x400, 0x1) fcntl$setlease(r1, 0x400, 0x0) fcntl$getflags(r0, 0x401) 1.112426935s ago: executing program 3 (id=3612): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x1, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_DISABLE_QUIRKS(r1, 0x4068aea3, &(0x7f0000000000)={0x74, 0x0, 0x10}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_CPUID2(r2, 0x4008ae90, &(0x7f00000000c0)={0x1, 0x0, [{0x1, 0x0, 0x5, 0x3, 0x3, 0x7, 0x1}]}) 1.05512945s ago: executing program 0 (id=3613): rseq(&(0x7f0000000000)={0x0, 0x0, 0x0, 0x2}, 0x20, 0x0, 0x0) syz_clone(0x104680, 0x0, 0x0, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) 1.04970619s ago: executing program 2 (id=3614): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000280)={0x1, 0x3, 0x0, 0x1000, &(0x7f0000fe6000/0x1000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe6000/0x18000)=nil, &(0x7f00000000c0)=[@textreal={0x8, &(0x7f0000000100)="f3a50f09cbd0640f01c4660f38817ac5baf80c66b814370f8766efbafc0cb000ef0f01c40f07568000048e3665660ff5649ff082622463baf80c66b8b8ba8a8966efbafc0cec8ed8", 0x48}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000002c0)=[@text64={0x40, 0x0}], 0x1, 0xf, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f0000000000)=@arm64={0xa2, 0xc, 0x1, '\x00', 0x9}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000001c0)={[0x628, 0x6, 0x9, 0x6, 0x8, 0x8000, 0xffffffffffffff9d, 0x1, 0xfffffffffffffffe, 0x8, 0x5dc66883, 0x7, 0x0, 0x2000006, 0xfe, 0xffffffffffff5f24], 0xeeef0000, 0x890}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.019185081s ago: executing program 5 (id=3615): r0 = socket$inet6(0xa, 0x80001, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000fca000)={0x100000001, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f00000003c0)={0x3, {{0xa, 0x4e21, 0x9, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f00000000c0)={0x1, {{0xa, 0x4e20, 0x5, @mcast2, 0x6}}}, 0x88) setsockopt$inet6_MCAST_MSFILTER(r0, 0x29, 0x30, &(0x7f0000000500)=ANY=[@ANYBLOB="01000000000000000a004e2000000000ff010000000000000000000000000001"], 0x110) 680.241663ms ago: executing program 3 (id=3616): r0 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000180)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r0, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000006c0)=[{&(0x7f0000000380)='N', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0xc851) sendmmsg$inet_sctp(r0, &(0x7f0000001880)=[{&(0x7f0000000100)=@in={0x2, 0x4e21, @local}, 0x10, 0x0, 0x0, &(0x7f0000000000)=[@sndrcv={0x30, 0x84, 0x1, {0xe2, 0x7, 0x203, 0x0, 0x6, 0x9, 0x1, 0x4}}], 0x30}], 0x1, 0x10) 536.424692ms ago: executing program 2 (id=3617): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="010000000000eeff820200"]) 418.459543ms ago: executing program 5 (id=3618): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd2(0xe5c, 0x80000) r3 = eventfd2(0x4001, 0x800) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x7, 0x2, r3}) r4 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_IRQ_LINE(r1, 0x4008ae61, &(0x7f00000000c0)={0x7, 0x1}) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000600)={0x0, 0x0, @pic={0x2d, 0xc0, 0x5, 0x7, 0x7f, 0x5, 0xf, 0x9, 0x3, 0x41, 0x7, 0x5c, 0x5, 0x15, 0xdf, 0x7f}}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x35, 0xe, 0x4, 0x1, 0x2, 0x1000, 0xf1, 0x0, 0x7fffffffffffb, 0x1, 0x1, 0x40001, 0x0, 0xc12, 0x1, 0xbde], 0x1000, 0x3d4316}) ioctl$KVM_RUN(r4, 0xae80, 0x0) 399.159272ms ago: executing program 0 (id=3619): r0 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000300)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000100)=[@flowinfo={{0x14, 0x29, 0xb, 0x10001}}, @flowinfo={{0x14, 0x29, 0xb, 0x7fffffff}}], 0x30}}], 0x1, 0x20000010) 347.522363ms ago: executing program 3 (id=3620): r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000000)={[{0x1, 0x4, 0xc2, 0x53, 0x3d, 0x0, 0x80, 0x41, 0x6b, 0x45, 0x8, 0x2, 0x1}, {0xb, 0xa7f3, 0x8, 0x6a, 0x33, 0xfd, 0x4, 0x3, 0xe, 0x7, 0x3, 0x6, 0x1}, {0x0, 0x7, 0xd, 0x10, 0x21, 0x9, 0x0, 0xff, 0x4, 0x15, 0xe, 0x2, 0x4}], 0x9}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x8, 0x8e, 0x7fffffffffffe, 0x20000008, 0x400, 0xfffffffffffffffd, 0x6, 0x1000, 0x6, 0x8, 0x10, 0x2, 0x3, 0x0, 0x3], 0x3000, 0x1011c4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 286.871617ms ago: executing program 1 (id=3621): r0 = socket(0x10, 0x803, 0x0) setsockopt$sock_int(r0, 0x1, 0x8, &(0x7f0000d9bffc), 0x4) mremap(&(0x7f0000003000/0x1000)=nil, 0x1000, 0x2000, 0x3, &(0x7f0000ffa000/0x2000)=nil) sendto(r0, &(0x7f00000005c0)="120000001200e7ef007b00000000000000a1", 0x12, 0x20000090, 0x0, 0x0) syz_genetlink_get_family_id$team(&(0x7f0000000380), r0) recvmmsg(r0, &(0x7f0000009c80)=[{{0x0, 0x0, 0x0}, 0x8}, {{0x0, 0x0, &(0x7f0000004b00)=[{&(0x7f0000002a00)=""/4082, 0xff2}], 0x1}}], 0x2, 0x0, 0x0) 140.780583ms ago: executing program 0 (id=3622): ioctl$TIOCL_SETSEL(0xffffffffffffffff, 0x541c, 0x0) io_submit(0x0, 0x0, 0x0) r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x77, 0x29, 0x4, 0x20, 0x424, 0x9901, 0xc257, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0x43, 0x0, 0x2, 0x31, 0x7d, 0x55, 0x0, [], [{{0x9, 0x5, 0x2, 0x2, 0x200, 0x2}}, {{0x9, 0x5, 0x82, 0x2, 0x200}}]}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000500)={0x44, &(0x7f0000000140)={0x0, 0xf, 0x4, "e41939a7"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000c00)={0x34, &(0x7f00000009c0)={0x20, 0x8, 0x4, "882a0a11"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000240)={0x40, 0xf, 0x5, "34335e1862"}, &(0x7f0000000300)={0x0, 0xa, 0x1, 0x8}, &(0x7f0000000340)={0x0, 0x8, 0x1, 0x9}, &(0x7f0000000380)={0x20, 0x80, 0x1c, {0x3, 0x0, 0x8, 0x3, 0x0, 0xf, 0x8, 0x8, 0x7, 0x4, 0x1, 0xe}}, &(0x7f00000003c0)={0x20, 0x85, 0x4, 0xb0b}, &(0x7f0000000400)={0x20, 0x83, 0x2, 0x1}, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, 0x0) 95.618401ms ago: executing program 2 (id=3623): bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000140)={'pim6reg1\x00', 0x2}) r1 = userfaultfd(0x0) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x5}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x3}) mlock(&(0x7f0000ffd000/0x3000)=nil, 0x3000) r2 = openat$vcsu(0xffffffffffffff9c, 0x0, 0x0, 0x0) getsockopt$inet6_tcp_TCP_ZEROCOPY_RECEIVE(r2, 0x6, 0x23, 0x0, 0x0) r3 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r3) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f0000000bc0)={&(0x7f0000ffd000/0x2000)=nil, &(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2}) ioctl$UFFDIO_ZEROPAGE(r1, 0xc020aa04, &(0x7f0000000100)={{&(0x7f0000ffe000/0x2000)=nil, 0x2000}}) 74.689227ms ago: executing program 1 (id=3624): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x68000) fcntl$setstatus(r0, 0x4, 0x2000) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x1, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4020aeb2, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x2, 0x862b01) ioctl$EVIOCSFF(r1, 0x40304580, &(0x7f0000000b40)={0x56, 0x0, 0x8, {0x80c, 0x1}, {0x45, 0x400}, @rumble={0xdc, 0x8}}) write$char_usb(r1, &(0x7f0000000040)="e2", 0x2250) 0s ago: executing program 5 (id=3625): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = eventfd2(0xe5c, 0x80000) r3 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x400, 0x0) ioctl$TIOCGPKT(r3, 0x80045438, 0x0) r4 = eventfd2(0x4001, 0x800) bpf$MAP_CREATE(0x0, 0x0, 0x48) capset(0x0, 0x0) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000100)={r2, 0x7, 0x2, r4}) r5 = eventfd2(0x8, 0x80001) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f0000000140)={r5, 0x5, 0x2, r4}) ioctl$KVM_IRQFD(r1, 0x4020ae76, &(0x7f00000000c0)={r5, 0x2d, 0x1, r4}) ioctl$KVM_RUN(0xffffffffffffffff, 0xae80, 0x0) kernel console output (not intermixed with test programs): face 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 922.230396][ T24] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 922.305516][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 922.320208][ T10] usb 3-1: config 0 has no interfaces? [ 922.341987][ T24] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 922.342843][ T10] usb 3-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 922.385118][ T24] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 922.401540][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 922.426714][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 922.449368][ T10] usb 3-1: Product: syz [ 922.479007][ T10] usb 3-1: Manufacturer: syz [ 922.578291][ T10] usb 3-1: SerialNumber: syz [ 922.603786][ T10] usb 3-1: config 0 descriptor?? [ 922.802781][ T24] usb 4-1: usb_control_msg returned -32 [ 922.818838][ T24] usbtmc 4-1:16.0: can't read capabilities [ 922.907816][T17759] tipc: Enabling of bearer rejected, already enabled [ 922.943095][ T24] usb 4-1: USB disconnect, device number 28 [ 923.010154][ T5950] ums-usbat 2-1:0.230: probe with driver ums-usbat failed with error -5 [ 923.273562][ T92] usb 5-1: new full-speed USB device number 42 using dummy_hcd [ 923.428890][ T92] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 923.440921][ T92] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 923.481172][ T92] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 923.492807][ T92] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 923.550403][T17770] netlink: 'syz.3.3036': attribute type 10 has an invalid length. [ 923.573777][ T92] usb 5-1: Product: syz [ 923.574935][T17770] 8021q: adding VLAN 0 to HW filter on device team0 [ 923.590984][T17770] bond0: (slave team0): Enslaving as an active interface with an up link [ 923.604634][T17771] netlink: 'syz.3.3036': attribute type 10 has an invalid length. [ 923.610686][ T92] usb 5-1: Manufacturer: syz [ 923.625364][ T92] usb 5-1: SerialNumber: syz [ 923.681377][T17771] bond0: (slave team0): Releasing backup interface [ 923.709197][T17771] bridge0: port 3(team0) entered blocking state [ 923.719756][T17771] bridge0: port 3(team0) entered disabled state [ 923.727309][T17771] team0: entered allmulticast mode [ 923.732799][T17771] team_slave_0: entered allmulticast mode [ 923.739244][T17771] team_slave_1: entered allmulticast mode [ 923.802459][T17771] team0: entered promiscuous mode [ 923.810618][T17771] team_slave_0: entered promiscuous mode [ 923.819908][T17771] team_slave_1: entered promiscuous mode [ 923.870713][T17764] netlink: 'syz.4.3033': attribute type 39 has an invalid length. [ 923.903046][ T92] usb 5-1: 0:2 : does not exist [ 923.945371][ T92] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 924.019068][T17773] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3037'. [ 924.063042][ T92] usb 5-1: USB disconnect, device number 42 [ 924.171033][ T6022] udevd[6022]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 924.210771][ T10] usb 2-1: USB disconnect, device number 48 [ 924.311815][ T5857] usb 3-1: USB disconnect, device number 16 [ 924.419909][T17778] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3039'. [ 925.905207][ T5857] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 926.086387][ T5857] usb 3-1: Using ep0 maxpacket: 32 [ 926.111270][ T5857] usb 3-1: New USB device found, idVendor=0b95, idProduct=2791, bcdDevice= d.2d [ 926.123982][ T5857] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 926.132825][ T5857] usb 3-1: Product: syz [ 926.139937][ T5857] usb 3-1: Manufacturer: syz [ 926.145769][ T5857] usb 3-1: SerialNumber: syz [ 926.278156][T17799] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3045'. [ 926.331789][T17799] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3045'. [ 926.426577][T17801] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3048'. [ 926.428950][T17790] fuse: Bad value for 'user_id' [ 926.450094][T17790] fuse: Bad value for 'user_id' [ 926.496752][ T5857] aqc111 3-1:1.0: probe with driver aqc111 failed with error -22 [ 926.502152][T17806] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3046'. [ 926.529739][ T5857] usb 3-1: USB disconnect, device number 17 [ 926.537388][T17805] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3047'. [ 926.576114][T17803] netlink: 44 bytes leftover after parsing attributes in process `syz.3.3046'. [ 926.921619][T17821] IPv6: NLM_F_CREATE should be specified when creating new route [ 926.937231][T17821] netlink: 52 bytes leftover after parsing attributes in process `syz.4.3052'. [ 926.968749][T17817] FAULT_INJECTION: forcing a failure. [ 926.968749][T17817] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 926.990520][T17817] CPU: 1 UID: 0 PID: 17817 Comm: syz.3.3051 Not tainted syzkaller #0 PREEMPT(full) [ 926.990548][T17817] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 926.990560][T17817] Call Trace: [ 926.990568][T17817] [ 926.990576][T17817] dump_stack_lvl+0x189/0x250 [ 926.990606][T17817] ? __pfx____ratelimit+0x10/0x10 [ 926.990627][T17817] ? __pfx_dump_stack_lvl+0x10/0x10 [ 926.990650][T17817] ? __pfx__printk+0x10/0x10 [ 926.990677][T17817] ? __might_fault+0xb0/0x130 [ 926.990717][T17817] should_fail_ex+0x414/0x560 [ 926.990750][T17817] _copy_from_user+0x2d/0xb0 [ 926.990775][T17817] snd_pcm_oss_write+0x84f/0x11a0 [ 926.990801][T17817] ? get_pid_task+0x20/0x1f0 [ 926.990845][T17817] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 926.990874][T17817] ? bpf_lsm_file_permission+0x9/0x20 [ 926.990895][T17817] ? security_file_permission+0x75/0x290 [ 926.990922][T17817] ? rw_verify_area+0x255/0x4d0 [ 926.990945][T17817] ? __lock_acquire+0xab9/0xd20 [ 926.990969][T17817] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 926.990995][T17817] vfs_write+0x27b/0xb30 [ 926.991030][T17817] ? __pfx_vfs_write+0x10/0x10 [ 926.991055][T17817] ? __fget_files+0x2a/0x420 [ 926.991075][T17817] ? __fget_files+0x2a/0x420 [ 926.991089][T17817] ? __fget_files+0x3a0/0x420 [ 926.991103][T17817] ? __fget_files+0x2a/0x420 [ 926.991130][T17817] ksys_write+0x145/0x250 [ 926.991155][T17817] ? __pfx_ksys_write+0x10/0x10 [ 926.991181][T17817] ? lockdep_hardirqs_on+0x9c/0x150 [ 926.991204][T17817] __do_fast_syscall_32+0xb6/0x2b0 [ 926.991223][T17817] ? lockdep_hardirqs_on+0x9c/0x150 [ 926.991257][T17817] do_fast_syscall_32+0x34/0x80 [ 926.991277][T17817] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 926.991298][T17817] RIP: 0023:0xf705e539 [ 926.991315][T17817] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 926.991330][T17817] RSP: 002b:00000000f542d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 926.991352][T17817] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800012c0 [ 926.991365][T17817] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 926.991375][T17817] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 926.991385][T17817] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 926.991395][T17817] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 926.991426][T17817] [ 927.548462][T17827] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3053'. [ 928.234295][T17838] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3055'. [ 929.035238][T13298] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 929.175157][T13298] usb 3-1: device descriptor read/64, error -71 [ 929.219665][T17847] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3060'. [ 929.425470][T13298] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 929.565064][T13298] usb 3-1: device descriptor read/64, error -71 [ 929.675671][T13298] usb usb3-port1: attempt power cycle [ 930.115213][T13298] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 930.115316][ T43] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 930.146349][ T5857] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 930.159555][T13298] usb 3-1: device descriptor read/8, error -71 [ 930.296639][ T43] usb 5-1: Using ep0 maxpacket: 32 [ 930.311363][ T43] usb 5-1: New USB device found, idVendor=0b95, idProduct=2791, bcdDevice= d.2d [ 930.315411][ T5857] usb 2-1: Using ep0 maxpacket: 8 [ 930.320888][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 930.337539][ T5857] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 930.338817][ T43] usb 5-1: Product: syz [ 930.355747][ T5857] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 930.368142][ T43] usb 5-1: Manufacturer: syz [ 930.372938][ T43] usb 5-1: SerialNumber: syz [ 930.377126][ T5857] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 930.389184][ T5857] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 930.401187][ T5857] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 930.420258][ T5857] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 930.429712][T13298] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 930.442152][ T5857] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 930.462201][T13298] usb 3-1: device descriptor read/8, error -71 [ 930.575797][T13298] usb usb3-port1: unable to enumerate USB device [ 930.616403][T17857] fuse: Bad value for 'user_id' [ 930.621483][T17857] fuse: Bad value for 'user_id' [ 930.651363][ T43] aqc111 5-1:1.0: probe with driver aqc111 failed with error -22 [ 930.675746][ T43] usb 5-1: USB disconnect, device number 43 [ 930.680315][ T5857] usb 2-1: usb_control_msg returned -32 [ 930.695966][ T5857] usbtmc 2-1:16.0: can't read capabilities [ 930.731880][ T5857] usb 2-1: USB disconnect, device number 49 [ 931.480489][ T30] audit: type=1326 audit(1757301025.701:2780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17878 comm="syz.4.3072" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44539 code=0x7ffc0000 [ 931.577226][ T30] audit: type=1326 audit(1757301025.701:2781): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17878 comm="syz.4.3072" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44539 code=0x7ffc0000 [ 931.712586][ T30] audit: type=1326 audit(1757301025.701:2782): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17878 comm="syz.4.3072" exe="/root/syz-executor" sig=0 arch=40000003 syscall=444 compat=1 ip=0xf7f44539 code=0x7ffc0000 [ 931.778925][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 931.786114][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 931.800293][ T30] audit: type=1326 audit(1757301025.701:2783): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17878 comm="syz.4.3072" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44539 code=0x7ffc0000 [ 931.807089][T17884] __nla_validate_parse: 6 callbacks suppressed [ 931.807108][T17884] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3073'. [ 931.823718][ T30] audit: type=1326 audit(1757301025.701:2784): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17878 comm="syz.4.3072" exe="/root/syz-executor" sig=0 arch=40000003 syscall=360 compat=1 ip=0xf7f44539 code=0x7ffc0000 [ 932.016887][T17886] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3073'. [ 932.194363][ T30] audit: type=1326 audit(1757301025.701:2785): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17878 comm="syz.4.3072" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44539 code=0x7ffc0000 [ 932.366253][ T30] audit: type=1326 audit(1757301025.701:2786): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17878 comm="syz.4.3072" exe="/root/syz-executor" sig=0 arch=40000003 syscall=362 compat=1 ip=0xf7f44539 code=0x7ffc0000 [ 932.489744][ T30] audit: type=1326 audit(1757301025.701:2787): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17878 comm="syz.4.3072" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44539 code=0x7ffc0000 [ 932.606045][T13298] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 932.647165][T17901] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3077'. [ 932.836209][T13298] usb 5-1: Using ep0 maxpacket: 16 [ 932.837291][ T30] audit: type=1326 audit(1757301025.701:2788): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17878 comm="syz.4.3072" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7f44539 code=0x7ffc0000 [ 932.912390][T13298] usb 5-1: config 0 has no interfaces? [ 932.948732][ T30] audit: type=1326 audit(1757301025.701:2789): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17878 comm="syz.4.3072" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f44539 code=0x7ffc0000 [ 933.039443][T13298] usb 5-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 933.198237][T13298] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 933.244526][T13298] usb 5-1: Product: syz [ 933.285011][T13298] usb 5-1: Manufacturer: syz [ 933.289670][T13298] usb 5-1: SerialNumber: syz [ 933.328452][T17910] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3080'. [ 933.329053][T13298] usb 5-1: config 0 descriptor?? [ 933.455292][T17912] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3081'. [ 933.691438][T17896] tipc: Enabling of bearer rejected, already enabled [ 934.295089][T13298] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 934.575082][T13298] usb 2-1: Using ep0 maxpacket: 8 [ 934.586069][T13298] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 934.594851][T13298] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 934.606397][T13298] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 934.616750][T13298] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 934.671423][T13298] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 934.701639][T13298] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 934.831966][T13298] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 935.068887][T13298] usb 2-1: usb_control_msg returned -32 [ 935.085315][T13298] usbtmc 2-1:16.0: can't read capabilities [ 935.112835][ T5950] usb 5-1: USB disconnect, device number 44 [ 935.218122][T13298] usb 2-1: USB disconnect, device number 50 [ 935.335479][T17931] netlink: 76 bytes leftover after parsing attributes in process `syz.4.3087'. [ 935.606401][T17933] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3088'. [ 935.668983][T17933] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3088'. [ 935.713644][T17933] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3088'. [ 935.759104][T17933] netlink: 128 bytes leftover after parsing attributes in process `syz.4.3088'. [ 935.805462][T17936] tipc: Enabling of bearer rejected, already enabled [ 936.026954][T17938] usb usb9: usbfs: process 17938 (syz.1.3090) did not claim interface 0 before use [ 936.055214][T17941] usb usb9: usbfs: process 17941 (syz.1.3090) did not claim interface 0 before use [ 936.145137][ T5950] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 936.670714][ T5950] usb 4-1: Using ep0 maxpacket: 32 [ 936.684747][ T5950] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9 [ 936.727668][ T5950] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 936.742707][ T5950] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 936.854238][ T5950] usb 4-1: Product: syz [ 936.885671][ T5950] usb 4-1: Manufacturer: syz [ 936.892671][ T5950] usb 4-1: SerialNumber: syz [ 936.902102][ T5950] usb 4-1: config 0 descriptor?? [ 936.918592][T17936] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 936.943751][ T5950] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input38 [ 938.295352][ T5950] usb 4-1: USB disconnect, device number 29 [ 938.301571][ C1] usbtouchscreen 4-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 939.766198][T17966] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3096'. [ 939.917963][T17968] netlink: 76 bytes leftover after parsing attributes in process `syz.1.3098'. [ 940.987995][T17979] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3101'. [ 941.017075][T17979] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3101'. [ 941.062991][T17979] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3101'. [ 941.090239][T17983] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3102'. [ 941.145533][T17984] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3101'. [ 941.745972][T17980] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3100'. [ 943.320983][T18003] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3107'. [ 943.488946][T18005] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3109'. [ 944.502662][T12818] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 944.515616][T12818] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 944.528166][T12818] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 944.539137][T12818] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 944.547841][T12818] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 945.123384][ T1166] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 945.429619][ T1166] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 945.704100][ T24] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 945.801947][ T1166] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 945.927745][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 945.946319][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 945.980660][ T24] usb 4-1: config 9 has an invalid interface number: 34 but max is 0 [ 946.036969][ T24] usb 4-1: config 9 has no interface number 0 [ 946.077840][ T24] usb 4-1: config 9 interface 34 altsetting 127 endpoint 0xB has invalid maxpacket 2559, setting to 1024 [ 946.135873][ T24] usb 4-1: config 9 interface 34 altsetting 127 bulk endpoint 0xB has invalid maxpacket 1024 [ 946.220369][ T24] usb 4-1: config 9 interface 34 altsetting 127 endpoint 0xA has an invalid bInterval 179, changing to 11 [ 946.239933][ T1166] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 946.277521][ T24] usb 4-1: config 9 interface 34 altsetting 127 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 946.330650][ T24] usb 4-1: config 9 interface 34 has no altsetting 0 [ 946.436169][ T24] usb 4-1: New USB device found, idVendor=52f6, idProduct=ba46, bcdDevice=f1.65 [ 946.473652][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 946.533093][ T24] usb 4-1: Product: syz [ 946.555933][ T24] usb 4-1: Manufacturer: syz [ 946.575760][ T24] usb 4-1: SerialNumber: syz [ 946.609490][T18020] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 946.628928][ T5876] Bluetooth: hci1: command tx timeout [ 946.705503][ T10] usb 2-1: new full-speed USB device number 51 using dummy_hcd [ 946.827590][T12818] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 946.840467][T12818] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 946.858041][T12818] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 946.871291][T12818] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 946.901958][T12818] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 946.949644][ T10] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 946.992313][ T10] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 947.029070][ T10] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 947.042819][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 947.055335][ T10] usb 2-1: Product: syz [ 947.061341][ T10] usb 2-1: Manufacturer: syz [ 947.068136][ T10] usb 2-1: SerialNumber: syz [ 947.257553][T18033] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 947.295764][T18033] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 947.391716][T18034] netlink: 'syz.1.3118': attribute type 39 has an invalid length. [ 948.597497][ T43] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 948.708645][T12818] Bluetooth: hci1: command tx timeout [ 948.800908][ T43] usb 3-1: config 0 has no interfaces? [ 948.814283][ T43] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 948.836288][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 948.900633][ T43] usb 3-1: Product: syz [ 948.909389][ T43] usb 3-1: Manufacturer: syz [ 948.922826][ T43] usb 3-1: SerialNumber: syz [ 948.954381][ T43] usb 3-1: config 0 descriptor?? [ 948.960802][T12818] Bluetooth: hci2: command tx timeout [ 949.322549][T18057] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 949.368920][T18057] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 950.149065][ T1166] bond1 (unregistering): Released all slaves [ 950.600948][ T1166] bond0 (unregistering): Released all slaves [ 950.647265][ T10] usb 2-1: 0:2 : does not exist [ 950.720247][T18017] chnl_net:caif_netlink_parms(): no params data found [ 950.725691][ T10] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 950.778829][T18055] syzkaller1: entered promiscuous mode [ 950.785476][T12818] Bluetooth: hci1: command tx timeout [ 950.835206][T18055] syzkaller1: entered allmulticast mode [ 950.906822][ T10] usb 2-1: USB disconnect, device number 51 [ 950.944025][ T24] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 950.953900][ T24] usb 4-1: MIDIStreaming interface descriptor not found [ 951.025500][T12818] Bluetooth: hci2: command tx timeout [ 951.184735][ T24] usb 4-1: USB disconnect, device number 30 [ 951.753269][ T1166] : left promiscuous mode [ 952.011882][ T1166] tipc: Disabling bearer [ 952.025594][ T1166] tipc: Left network mode [ 952.469721][T18081] __nla_validate_parse: 1 callbacks suppressed [ 952.469746][T18081] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3126'. [ 952.576920][T18081] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3126'. [ 952.645434][T18083] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3126'. [ 952.660812][T18017] bridge0: port 1(bridge_slave_0) entered blocking state [ 952.687369][T18017] bridge0: port 1(bridge_slave_0) entered disabled state [ 952.707237][T18081] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3126'. [ 952.735369][T18017] bridge_slave_0: entered allmulticast mode [ 952.765143][T18017] bridge_slave_0: entered promiscuous mode [ 952.798680][T18017] bridge0: port 2(bridge_slave_1) entered blocking state [ 952.824820][T18017] bridge0: port 2(bridge_slave_1) entered disabled state [ 952.855251][T18017] bridge_slave_1: entered allmulticast mode [ 952.865669][T12818] Bluetooth: hci1: command tx timeout [ 952.877898][T18017] bridge_slave_1: entered promiscuous mode [ 953.117072][T12818] Bluetooth: hci2: command tx timeout [ 953.508374][T18017] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 953.595396][T18017] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 954.489768][T18017] team0: Port device team_slave_0 added [ 954.527756][T18017] team0: Port device team_slave_1 added [ 954.607699][ T10] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 954.796823][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 954.844805][ T10] usb 2-1: config 0 has no interfaces? [ 954.864570][ T10] usb 2-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 954.885030][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 954.914778][T18017] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 954.934197][ T10] usb 2-1: Product: syz [ 954.983272][T18017] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 955.017234][ T10] usb 2-1: Manufacturer: syz [ 955.023145][ T10] usb 2-1: SerialNumber: syz [ 955.298563][T12818] Bluetooth: hci2: command tx timeout [ 955.303227][ T10] usb 2-1: config 0 descriptor?? [ 955.406640][T18017] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 955.812546][T18104] tipc: Enabling of bearer rejected, already enabled [ 955.838298][T18017] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 955.850253][T18017] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 956.080509][T18017] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 956.217526][ T5950] usb 3-1: USB disconnect, device number 22 [ 957.179680][ T1166] hsr_slave_0: left promiscuous mode [ 957.207233][ T5857] usb 2-1: USB disconnect, device number 52 [ 957.207343][ T1166] hsr_slave_1: left promiscuous mode [ 957.295475][ T1166] veth1_macvtap: left promiscuous mode [ 957.301085][ T1166] veth0_macvtap: left promiscuous mode [ 957.308546][ T1166] veth1_vlan: left promiscuous mode [ 957.314315][ T1166] veth0_vlan: left promiscuous mode [ 958.756402][T18138] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3136'. [ 958.783748][T18138] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3136'. [ 958.795726][T18138] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3136'. [ 958.836457][T18138] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3136'. [ 960.114211][T18131] batadv_slave_1: entered promiscuous mode [ 960.126357][T18133] batadv_slave_1: left promiscuous mode [ 960.146367][T18017] hsr_slave_0: entered promiscuous mode [ 960.161346][T18017] hsr_slave_1: entered promiscuous mode [ 960.182976][T18017] debugfs: 'hsr0' already exists in 'hsr' [ 960.198886][T18017] Cannot create hsr debugfs directory [ 960.248914][T18031] chnl_net:caif_netlink_parms(): no params data found [ 962.039793][T18031] bridge0: port 1(bridge_slave_0) entered blocking state [ 962.065482][T18031] bridge0: port 1(bridge_slave_0) entered disabled state [ 962.088739][T18031] bridge_slave_0: entered allmulticast mode [ 962.147189][T18031] bridge_slave_0: entered promiscuous mode [ 962.182860][T18031] bridge0: port 2(bridge_slave_1) entered blocking state [ 962.198229][T18031] bridge0: port 2(bridge_slave_1) entered disabled state [ 962.223604][T18031] bridge_slave_1: entered allmulticast mode [ 962.263139][T18031] bridge_slave_1: entered promiscuous mode [ 962.604163][T18031] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 962.682811][T18187] netlink: 92 bytes leftover after parsing attributes in process `syz.1.3146'. [ 962.735465][T18187] netlink: 56 bytes leftover after parsing attributes in process `syz.1.3146'. [ 962.824754][T18031] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 963.404923][T18031] team0: Port device team_slave_0 added [ 963.703598][T18031] team0: Port device team_slave_1 added [ 963.890556][T18031] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 963.926189][T18031] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 963.945482][ T24] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 963.982095][T18031] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 964.135427][ T5950] usb 3-1: new full-speed USB device number 23 using dummy_hcd [ 964.151527][T18031] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 964.167864][ T24] usb 4-1: config 0 has no interfaces? [ 964.176612][T18031] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 964.178489][ T24] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 964.231549][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 964.243056][ T24] usb 4-1: Product: syz [ 964.250529][ T24] usb 4-1: Manufacturer: syz [ 964.259049][ T24] usb 4-1: SerialNumber: syz [ 964.265420][T18031] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 964.286741][ T24] usb 4-1: config 0 descriptor?? [ 964.311095][ T5950] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 964.348951][ T5950] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 964.381229][T18187] syz.1.3146 (18187): drop_caches: 1 [ 964.407672][ T5950] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 964.442888][ T5950] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 964.463722][ T5950] usb 3-1: Product: syz [ 964.486488][ T5950] usb 3-1: Manufacturer: syz [ 964.500407][ T5950] usb 3-1: SerialNumber: syz [ 964.830068][T18204] netlink: 'syz.2.3150': attribute type 39 has an invalid length. [ 964.896970][T18031] hsr_slave_0: entered promiscuous mode [ 964.959289][T18213] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 964.971543][T18031] hsr_slave_1: entered promiscuous mode [ 964.978677][T18031] debugfs: 'hsr0' already exists in 'hsr' [ 964.986118][T18213] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 964.995934][T18031] Cannot create hsr debugfs directory [ 965.043654][T18212] syzkaller1: entered promiscuous mode [ 965.068345][T18212] syzkaller1: entered allmulticast mode [ 965.501771][ T5950] usb 3-1: 0:2 : does not exist [ 965.612071][ T5950] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 965.675628][ T5950] usb 3-1: USB disconnect, device number 23 [ 965.769418][ T6022] udevd[6022]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 966.051580][ T5950] usb 4-1: USB disconnect, device number 32 [ 966.280645][T18017] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 966.328251][T18017] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 966.359645][T18017] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 966.516656][T18017] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 966.595938][ T5857] usb 3-1: new full-speed USB device number 24 using dummy_hcd [ 966.767597][ T5857] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 966.829264][ T5857] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 966.885277][ T5857] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 966.901545][ T5857] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 966.951835][ T5857] usb 3-1: Product: syz [ 967.002506][ T5857] usb 3-1: Manufacturer: syz [ 967.022931][ T5857] usb 3-1: SerialNumber: syz [ 967.410497][T18228] netlink: 'syz.2.3152': attribute type 39 has an invalid length. [ 968.118742][T18031] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 968.135532][ T5857] usb 3-1: 0:2 : does not exist [ 968.209575][T18031] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 968.251742][ T5857] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 968.252829][T18031] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 968.363643][T18031] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 968.401213][ T5857] usb 3-1: USB disconnect, device number 24 [ 968.572491][ T6022] udevd[6022]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 968.779237][T18017] 8021q: adding VLAN 0 to HW filter on device bond0 [ 968.896244][T18017] 8021q: adding VLAN 0 to HW filter on device team0 [ 968.964115][ T4531] bridge0: port 1(bridge_slave_0) entered blocking state [ 968.972124][ T4531] bridge0: port 1(bridge_slave_0) entered forwarding state [ 969.056391][ T24] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 969.073096][ T4531] bridge0: port 2(bridge_slave_1) entered blocking state [ 969.080767][ T4531] bridge0: port 2(bridge_slave_1) entered forwarding state [ 969.365324][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 969.392738][ T24] usb 2-1: config 1 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 23, changing to 8 [ 969.435177][ T24] usb 2-1: config 1 interface 0 altsetting 10 bulk endpoint 0x3 has invalid maxpacket 32 [ 969.453732][T18031] 8021q: adding VLAN 0 to HW filter on device bond0 [ 969.508486][T18031] 8021q: adding VLAN 0 to HW filter on device team0 [ 969.527365][ T24] usb 2-1: config 1 interface 0 has no altsetting 0 [ 969.538485][ T24] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 969.565249][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 969.590199][ T1141] bridge0: port 1(bridge_slave_0) entered blocking state [ 969.598965][ T1141] bridge0: port 1(bridge_slave_0) entered forwarding state [ 969.605999][ T24] usb 2-1: Product: ï¦ãµ²ã®‚렻嘦렩ⲵ㓳䷆멿㣗බ䫣쿫嫛麘ï§â€¢Ã„懆朑䜣哾蜼왡暲Ċâ²ì«›á •ä“¸ìŸ¥î•„쨞猉ë§ã±‘뢕₨⮿ãŽí†¥î¥…挀ᴲ࠱⨗炮死èŒå©¿ì‰¤æ¼±é’ˆç†³ä†â‚ªç‚°ã¿¸ë©¯æ•Ÿç¸¼ç¹«ä““ä³á«¸æ—‘ꔎçŸé‚¾ã§®ê¹«â–燇î¨î¤è‡™ [ 969.654315][ T24] usb 2-1: Manufacturer: â°‹ [ 969.703380][T18017] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 969.762122][ T24] usb 2-1: SerialNumber: Р [ 969.807527][T18017] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 969.836853][T12818] Bluetooth: hci0: command 0x0406 tx timeout [ 969.845784][T18263] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 969.863708][ T1141] bridge0: port 2(bridge_slave_1) entered blocking state [ 969.871110][ T1141] bridge0: port 2(bridge_slave_1) entered forwarding state [ 970.215616][T18017] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 970.336499][T18263] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 970.413340][T18263] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 970.486932][T18263] netlink: 'syz.1.3156': attribute type 1 has an invalid length. [ 970.646767][T18263] 8021q: adding VLAN 0 to HW filter on device bond1 [ 970.819704][T18282] bond1: (slave geneve2): making interface the new active one [ 970.842625][T18282] bond1: (slave geneve2): Enslaving as an active interface with an up link [ 970.925093][T18283] bond1: entered promiscuous mode [ 970.935686][ T5950] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 970.948501][T18283] geneve2: entered promiscuous mode [ 971.029394][ T24] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -71 [ 971.054783][T18017] veth0_vlan: entered promiscuous mode [ 971.075484][ T24] usb 2-1: USB disconnect, device number 53 [ 971.105316][ T5950] usb 4-1: Using ep0 maxpacket: 8 [ 971.105756][T18031] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 971.125218][ T43] usb 3-1: new full-speed USB device number 25 using dummy_hcd [ 971.155717][T18017] veth1_vlan: entered promiscuous mode [ 971.156537][ T5950] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 971.208750][ T5950] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 971.230009][ T5950] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 971.259886][ T5950] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 971.275962][ T5950] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 971.297696][ T5950] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 971.309412][ T5950] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 971.330938][ T43] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 971.373944][ T43] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 971.390104][ T43] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 971.390819][T18017] veth0_macvtap: entered promiscuous mode [ 971.407660][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 971.417357][ T43] usb 3-1: Product: syz [ 971.426831][ T43] usb 3-1: Manufacturer: syz [ 971.441088][T18017] veth1_macvtap: entered promiscuous mode [ 971.445202][ T43] usb 3-1: SerialNumber: syz [ 971.542682][T18031] veth0_vlan: entered promiscuous mode [ 971.583849][ T5950] usb 4-1: GET_CAPABILITIES returned 0 [ 971.584662][T18017] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 971.615610][ T5950] usbtmc 4-1:16.0: can't read capabilities [ 971.620723][T18031] veth1_vlan: entered promiscuous mode [ 971.648912][T18017] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 971.673882][T18283] syz.1.3156 (18283) used greatest stack depth: 18744 bytes left [ 971.718639][T18292] netlink: 'syz.2.3161': attribute type 39 has an invalid length. [ 971.720470][ T4531] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 971.768645][ T4531] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 971.819482][ T5950] usb 4-1: USB disconnect, device number 33 [ 971.822102][ T4531] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 971.860709][ T4531] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 971.991507][T18031] veth0_macvtap: entered promiscuous mode [ 972.025448][ T43] usb 3-1: 0:2 : does not exist [ 972.059201][T18031] veth1_macvtap: entered promiscuous mode [ 972.062586][ T43] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 972.145478][ T43] usb 3-1: USB disconnect, device number 25 [ 972.232076][ T6022] udevd[6022]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 972.335253][T15364] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 972.363825][T15364] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 972.419757][T18031] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 972.532249][T18031] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 972.633340][ T49] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 972.749987][ T49] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 972.776030][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 972.800680][ T49] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 972.813365][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 972.841061][ T49] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 973.115306][T18318] binder: 18316:18318 ioctl 4018620d 0 returned -22 [ 973.162716][ T13] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 973.211659][ T13] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 973.425236][ T5857] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 973.592006][ T5857] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 973.666676][ T5857] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 973.715803][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 973.721476][ T5857] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 973.747541][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 973.801602][ T5857] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 973.843842][ T5857] usb 3-1: Manufacturer: syz [ 973.884639][ T5857] usb 3-1: config 0 descriptor?? [ 973.944593][T18330] fuse: Bad value for 'fd' [ 974.211737][T18336] IPv6: NLM_F_CREATE should be specified when creating new route [ 974.271098][T18336] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3115'. [ 974.317689][ T5857] rc_core: IR keymap rc-hauppauge not found [ 974.324207][ T5857] Registered IR keymap rc-empty [ 974.383091][ T5857] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 974.410692][ T30] kauditd_printk_skb: 33 callbacks suppressed [ 974.410715][ T30] audit: type=1326 audit(1757301068.631:2823): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18340 comm="syz.1.3167" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x0 [ 974.497427][ T5857] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input40 [ 974.519416][T18347] binder: 18316:18347 ioctl c0306201 80000a00 returned -14 [ 974.547815][ C0] igorplugusb 3-1:0.0: Error: urb status = -32 [ 974.614236][ T5857] usb 3-1: USB disconnect, device number 26 [ 974.855712][ T24] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 975.048606][ T24] usb 4-1: config 0 has no interfaces? [ 975.079439][ T24] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 975.103817][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 975.121365][ T24] usb 4-1: Product: syz [ 975.134451][ T24] usb 4-1: Manufacturer: syz [ 975.175227][ T24] usb 4-1: SerialNumber: syz [ 975.249430][ T24] usb 4-1: config 0 descriptor?? [ 975.556994][T18360] netlink: 76 bytes leftover after parsing attributes in process `syz.5.3171'. [ 975.666759][T18345] syzkaller1: entered promiscuous mode [ 975.685826][T18345] syzkaller1: entered allmulticast mode [ 975.781141][T18345] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 975.811588][T18345] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 975.949038][ T24] usb 4-1: USB disconnect, device number 34 [ 976.045231][ T92] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 976.085284][ T5857] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 976.225093][ T92] usb 6-1: Using ep0 maxpacket: 8 [ 976.253786][ T92] usb 6-1: config index 0 descriptor too short (expected 301, got 45) [ 976.272401][ T92] usb 6-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 976.273031][ T5857] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 976.302999][ T92] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 976.319244][ T92] usb 6-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 976.324861][T18374] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3177'. [ 976.335916][ T5857] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 976.365409][ T92] usb 6-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 976.380797][ T92] usb 6-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 976.394066][ T5857] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 976.410071][ T92] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 976.423811][ T5857] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 976.527819][T18369] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 976.595994][ T5857] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 976.675667][ T92] usb 6-1: GET_CAPABILITIES returned 0 [ 976.682979][ T92] usbtmc 6-1:16.0: can't read capabilities [ 977.019223][T12818] Bluetooth: hci4: unexpected event for opcode 0x080b [ 977.044802][ T92] usb 6-1: USB disconnect, device number 2 [ 977.095697][ T5857] usb 3-1: USB disconnect, device number 27 [ 977.800210][T18388] IPv6: NLM_F_CREATE should be specified when creating new route [ 977.823820][T18388] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3180'. [ 978.391500][T18391] binder: 18390:18391 ioctl 4018620d 0 returned -22 [ 978.685120][ T5989] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 978.883393][ T5989] usb 3-1: config index 0 descriptor too short (expected 23569, got 27) [ 978.905123][ T5989] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 978.925119][ T24] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 978.930535][T18400] netlink: 76 bytes leftover after parsing attributes in process `syz.3.3186'. [ 978.950136][ T5989] usb 3-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 978.969758][ T5989] usb 3-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 978.985028][ T5989] usb 3-1: Manufacturer: syz [ 979.017412][ T5989] usb 3-1: config 0 descriptor?? [ 979.095183][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 979.134200][ T24] usb 2-1: New USB device found, idVendor=0b95, idProduct=2791, bcdDevice= d.2d [ 979.182873][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 979.244810][ T24] usb 2-1: Product: syz [ 979.268645][ T5989] rc_core: IR keymap rc-hauppauge not found [ 979.292107][ T24] usb 2-1: Manufacturer: syz [ 979.298107][ T5989] Registered IR keymap rc-empty [ 979.305384][ T24] usb 2-1: SerialNumber: syz [ 979.311912][ T5989] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 979.341595][ T5989] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input41 [ 979.386310][ C1] igorplugusb 3-1:0.0: Error: urb status = -32 [ 979.407575][T18391] binder: 18390:18391 ioctl c0306201 80000a00 returned -14 [ 979.455199][ T43] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 979.483771][ T10] usb 3-1: USB disconnect, device number 28 [ 979.577082][T18394] fuse: Bad value for 'user_id' [ 979.637812][T18394] fuse: Bad value for 'user_id' [ 979.665202][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 979.699117][ T43] usb 4-1: config index 0 descriptor too short (expected 30, got 18) [ 979.718718][ T43] usb 4-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 979.742077][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 979.763150][ T43] usb 4-1: Product: syz [ 979.769165][ T43] usb 4-1: Manufacturer: syz [ 979.778456][ T24] aqc111 2-1:1.0: probe with driver aqc111 failed with error -22 [ 979.838117][ T43] usb 4-1: SerialNumber: syz [ 979.882023][ T43] usb 4-1: config 0 descriptor?? [ 979.912280][ T43] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 979.944083][ T24] usb 2-1: USB disconnect, device number 54 [ 979.966328][ T43] usb 4-1: setting power ON [ 980.013753][ T43] dvb-usb: bulk message failed: -22 (2/0) [ 980.071509][ T43] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 980.114029][T18407] dvb-usb: bulk message failed: -22 (3/0) [ 980.127551][ T43] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 980.147709][ T43] usb 4-1: media controller created [ 980.174514][ T43] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 980.197645][T18407] dvb-usb: bulk message failed: -22 (3/0) [ 980.214618][ T43] usb 4-1: selecting invalid altsetting 6 [ 980.228476][ T43] usb 4-1: digital interface selection failed (-22) [ 980.249042][ T43] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 980.262877][ T43] usb 4-1: setting power OFF [ 980.358244][ T43] dvb-usb: bulk message failed: -22 (2/0) [ 980.393532][ T43] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 980.407286][ T43] (NULL device *): no alternate interface [ 980.542318][ T43] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 980.570002][ C1] vkms_vblank_simulate: vblank timer overrun [ 980.703349][ T43] usb 4-1: USB disconnect, device number 35 [ 981.539284][T18434] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3193'. [ 982.545188][ T43] usb 4-1: new full-speed USB device number 36 using dummy_hcd [ 982.632125][T18447] netlink: 76 bytes leftover after parsing attributes in process `syz.2.3198'. [ 982.741725][ T43] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 982.761292][ T43] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 982.841578][ T43] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 982.845212][T13298] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 982.897628][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 982.907623][ T43] usb 4-1: Product: syz [ 982.912677][ T43] usb 4-1: Manufacturer: syz [ 982.925046][ T43] usb 4-1: SerialNumber: syz [ 983.087515][T13298] usb 2-1: Using ep0 maxpacket: 8 [ 983.115749][T13298] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 983.146729][T13298] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 983.169700][T13298] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 983.217885][T13298] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 983.237613][T18438] netlink: 'syz.3.3194': attribute type 39 has an invalid length. [ 983.249730][T13298] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 983.317773][T13298] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 983.350423][T13298] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 983.494015][ T43] usb 4-1: 0:2 : does not exist [ 983.614615][T13298] usb 2-1: GET_CAPABILITIES returned 0 [ 983.627931][ T43] usb 4-1: 5:0: failed to get current value for ch 0 (-22) [ 983.645282][T13298] usbtmc 2-1:16.0: can't read capabilities [ 983.820979][ T43] usb 4-1: USB disconnect, device number 36 [ 983.874439][T18460] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 983.885235][T13298] usb 2-1: USB disconnect, device number 55 [ 983.915223][T18460] [U] J"—e:ÀÆ" [ 984.008679][ T6022] udevd[6022]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 987.156228][T18498] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3213'. [ 988.373199][T12818] Bluetooth: hci3: unexpected event for opcode 0x080b [ 988.925185][ T43] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 989.119435][ T43] usb 4-1: config 0 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 989.137959][ C1] vkms_vblank_simulate: vblank timer overrun [ 989.236670][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 989.255889][ T43] usb 4-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00 [ 989.272443][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 989.330682][ T43] usb 4-1: config 0 descriptor?? [ 989.436199][ T24] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 989.625123][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 989.664125][ T24] usb 2-1: New USB device found, idVendor=0b95, idProduct=2791, bcdDevice= d.2d [ 989.689525][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 989.755221][ T24] usb 2-1: Product: syz [ 989.761565][ T24] usb 2-1: Manufacturer: syz [ 989.780281][ T24] usb 2-1: SerialNumber: syz [ 989.885128][ T5989] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 989.985906][ T43] usbhid 4-1:0.0: can't add hid device: -71 [ 990.055832][ T5989] usb 6-1: config 0 has no interfaces? [ 990.080207][ T43] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 990.147879][ T5989] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 990.150582][T18522] fuse: Bad value for 'user_id' [ 990.173147][ T5989] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 990.177909][T18522] fuse: Bad value for 'user_id' [ 990.187380][ T43] usb 4-1: USB disconnect, device number 37 [ 990.235777][ T5989] usb 6-1: Product: syz [ 990.253950][ T5989] usb 6-1: Manufacturer: syz [ 990.306899][ T5989] usb 6-1: SerialNumber: syz [ 990.431633][ T24] aqc111 2-1:1.0: probe with driver aqc111 failed with error -22 [ 990.444638][ T5989] usb 6-1: config 0 descriptor?? [ 990.509876][ T24] usb 2-1: USB disconnect, device number 56 [ 991.536321][ T10] usb 6-1: USB disconnect, device number 3 [ 992.937693][T13298] IPVS: starting estimator thread 0... [ 993.055331][T18559] IPVS: using max 32 ests per chain, 76800 per kthread [ 993.195574][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.202785][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.771898][ T10] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 993.988982][T18566] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3235'. [ 994.012949][ T10] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 994.125114][ T10] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 994.366070][ T10] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 994.401426][ T10] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 994.429995][T18563] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 994.457728][ T10] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 994.656289][T18571] ptrace attach of "./syz-executor exec"[18574] was attempted by "./syz-executor exec"[18571] [ 994.701863][ T5989] usb 6-1: USB disconnect, device number 4 [ 995.194692][T18580] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3239'. [ 995.285107][ T5989] usb 3-1: new full-speed USB device number 29 using dummy_hcd [ 995.448657][ T5989] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 995.505095][ T5989] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 995.550910][ T5989] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 995.579004][ T5989] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 995.596105][ T5989] usb 3-1: Product: syz [ 995.601053][ T5989] usb 3-1: Manufacturer: syz [ 995.641345][ T5989] usb 3-1: SerialNumber: syz [ 995.906670][T18578] netlink: 'syz.2.3238': attribute type 39 has an invalid length. [ 996.091265][ T5989] usb 3-1: 0:2 : does not exist [ 996.170609][T18599] netlink: 52 bytes leftover after parsing attributes in process `syz.1.3247'. [ 996.488004][ T5989] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 996.613205][ T5989] usb 3-1: USB disconnect, device number 29 [ 996.775889][ T6022] udevd[6022]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 997.685595][ T5989] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 997.877199][ T5989] usb 3-1: Using ep0 maxpacket: 8 [ 997.950002][ T5989] usb 3-1: config index 0 descriptor too short (expected 301, got 45) [ 998.025052][ T5989] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 998.055344][ T5989] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 998.076992][ T5989] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 998.097461][ T5989] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 998.116215][ T5989] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 998.116242][T18631] netlink: 'syz.5.3255': attribute type 1 has an invalid length. [ 998.129446][ T5989] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 998.281982][T18635] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 998.625577][ T5989] usb 3-1: GET_CAPABILITIES returned 0 [ 998.643236][ T5989] usbtmc 3-1:16.0: can't read capabilities [ 998.994492][T13298] usb 3-1: USB disconnect, device number 30 [ 999.042864][T18638] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3257'. [ 999.906271][T13298] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1000.070410][T13298] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1000.087198][T13298] usb 4-1: config 1 interface 0 has no altsetting 0 [ 1000.107198][T13298] usb 4-1: New USB device found, idVendor=05ac, idProduct=0259, bcdDevice= 0.40 [ 1000.133734][T13298] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1000.161391][T13298] usb 4-1: Product: syz [ 1000.175402][T13298] usb 4-1: Manufacturer: syz [ 1000.191761][T13298] usb 4-1: SerialNumber: syz [ 1000.552026][T13298] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input42 [ 1000.634908][ T5220] bcm5974 4-1:1.0: could not read from device [ 1000.659748][T13298] usb 4-1: USB disconnect, device number 38 [ 1000.689411][ T5220] bcm5974 4-1:1.0: could not read from device [ 1000.723235][T18665] netlink: 'syz.5.3269': attribute type 1 has an invalid length. [ 1000.859635][T18665] bond1: entered promiscuous mode [ 1000.865713][T18665] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1000.900685][T18665] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1000.940675][T18668] bond1: (slave bridge1): making interface the new active one [ 1000.981872][T18668] bridge1: entered promiscuous mode [ 1001.109471][T18668] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 1001.478815][T18678] netlink: 52 bytes leftover after parsing attributes in process `syz.3.3272'. [ 1002.675063][T13298] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 1002.865293][T13298] usb 4-1: Using ep0 maxpacket: 8 [ 1002.891113][T13298] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 1002.920962][T13298] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1002.973299][T13298] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1003.085191][T13298] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1003.138113][T13298] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1003.241942][T13298] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1003.293213][T13298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1003.597839][T18701] ptrace attach of "./syz-executor exec"[18705] was attempted by "./syz-executor exec"[18701] [ 1003.601282][T13298] usb 4-1: GET_CAPABILITIES returned 0 [ 1003.638827][T13298] usbtmc 4-1:16.0: can't read capabilities [ 1003.765586][ T5950] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 1003.959535][ T5950] usb 6-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1003.983580][ T43] usb 4-1: USB disconnect, device number 39 [ 1004.059572][ T5950] usb 6-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1004.092372][ T5950] usb 6-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1004.276935][ T5950] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1004.322593][T18707] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 1004.396734][ T5950] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1004.504309][T18718] FAULT_INJECTION: forcing a failure. [ 1004.504309][T18718] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1004.551145][T18718] CPU: 1 UID: 0 PID: 18718 Comm: syz.2.3283 Not tainted syzkaller #0 PREEMPT(full) [ 1004.551173][T18718] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1004.551185][T18718] Call Trace: [ 1004.551193][T18718] [ 1004.551203][T18718] dump_stack_lvl+0x189/0x250 [ 1004.551227][T18718] ? __pfx____ratelimit+0x10/0x10 [ 1004.551247][T18718] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1004.551276][T18718] ? __pfx__printk+0x10/0x10 [ 1004.551304][T18718] ? __might_fault+0xb0/0x130 [ 1004.551338][T18718] should_fail_ex+0x414/0x560 [ 1004.551406][T18718] _copy_from_iter+0x1de/0x1790 [ 1004.551435][T18718] ? rcu_is_watching+0x15/0xb0 [ 1004.551454][T18718] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 1004.551480][T18718] ? __pfx__copy_from_iter+0x10/0x10 [ 1004.551502][T18718] ? __build_skb_around+0x257/0x3e0 [ 1004.551525][T18718] ? netlink_sendmsg+0x642/0xb30 [ 1004.551543][T18718] ? skb_put+0x11b/0x210 [ 1004.551565][T18718] netlink_sendmsg+0x6b2/0xb30 [ 1004.551592][T18718] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1004.551612][T18718] ? __import_iovec+0x5d4/0x7f0 [ 1004.551631][T18718] ? aa_sock_msg_perm+0xf1/0x1d0 [ 1004.551650][T18718] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1004.551669][T18718] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1004.551689][T18718] __sock_sendmsg+0x21c/0x270 [ 1004.551732][T18718] ____sys_sendmsg+0x505/0x830 [ 1004.551761][T18718] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1004.551800][T18718] ___sys_sendmsg+0x21f/0x2a0 [ 1004.551824][T18718] ? __pfx____sys_sendmsg+0x10/0x10 [ 1004.551879][T18718] ? __fget_files+0x2a/0x420 [ 1004.551896][T18718] ? __fget_files+0x3a0/0x420 [ 1004.551922][T18718] __sys_sendmsg+0x164/0x220 [ 1004.551947][T18718] ? __pfx___sys_sendmsg+0x10/0x10 [ 1004.551987][T18718] ? lockdep_hardirqs_on+0x9c/0x150 [ 1004.552008][T18718] __do_fast_syscall_32+0xb6/0x2b0 [ 1004.552029][T18718] ? lockdep_hardirqs_on+0x9c/0x150 [ 1004.552051][T18718] do_fast_syscall_32+0x34/0x80 [ 1004.552070][T18718] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1004.552091][T18718] RIP: 0023:0xf710e539 [ 1004.552108][T18718] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1004.552124][T18718] RSP: 002b:00000000f54fe55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1004.552146][T18718] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000 [ 1004.552159][T18718] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1004.552171][T18718] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1004.552182][T18718] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1004.552194][T18718] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1004.552223][T18718] [ 1004.868304][T18711] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1004.885206][T18711] Bluetooth: hci4: Error when powering off device on rfkill (-4) [ 1004.955908][T18711] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1004.963546][T18711] Bluetooth: hci3: Error when powering off device on rfkill (-4) [ 1005.033467][T13298] usb 6-1: USB disconnect, device number 5 [ 1005.281930][T18723] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1006.070914][T18729] vlan2: entered allmulticast mode [ 1006.097106][T18729] bond0: entered allmulticast mode [ 1006.118208][T18729] bond_slave_0: entered allmulticast mode [ 1006.154161][T18729] bond_slave_1: entered allmulticast mode [ 1006.257974][T18740] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3288'. [ 1006.597921][T18733] vlan2: entered allmulticast mode [ 1007.241220][T18711] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1007.334371][T18711] Bluetooth: hci0: Error when powering off device on rfkill (-4) [ 1007.701562][T18711] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 1007.745509][T18711] Bluetooth: hci1: Error when powering off device on rfkill (-4) [ 1007.938965][T18711] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1007.995745][T18711] Bluetooth: hci2: Error when powering off device on rfkill (-4) [ 1008.468476][T13298] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 1009.055100][T18293] usb 6-1: new full-speed USB device number 6 using dummy_hcd [ 1009.155028][T13298] usb 3-1: Using ep0 maxpacket: 16 [ 1009.217911][T18293] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1009.235813][T13298] usb 3-1: config 0 has no interfaces? [ 1009.270694][T18293] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1009.344459][T18293] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1009.366352][T13298] usb 3-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 1009.395781][T18293] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1009.440417][T13298] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1009.475053][T13298] usb 3-1: Product: syz [ 1009.481549][T13298] usb 3-1: Manufacturer: syz [ 1009.491737][T18293] usb 6-1: Product: syz [ 1009.519791][T13298] usb 3-1: SerialNumber: syz [ 1009.545076][T18293] usb 6-1: Manufacturer: syz [ 1009.550110][T18293] usb 6-1: SerialNumber: syz [ 1009.587330][T13298] usb 3-1: config 0 descriptor?? [ 1009.828897][T18780] netlink: 'syz.5.3298': attribute type 39 has an invalid length. [ 1009.925123][ T10] usb 2-1: new full-speed USB device number 57 using dummy_hcd [ 1010.010889][T18776] tipc: Enabling of bearer rejected, already enabled [ 1010.158023][ T10] usb 2-1: config 0 has an invalid interface number: 230 but max is 0 [ 1010.176910][ T10] usb 2-1: config 0 has no interface number 0 [ 1010.205832][ T10] usb 2-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 1010.251917][ T10] usb 2-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 1010.299184][T18293] usb 6-1: 0:2 : does not exist [ 1010.309891][ T10] usb 2-1: config 0 interface 230 has no altsetting 0 [ 1010.347180][T18293] usb 6-1: 5:0: failed to get current value for ch 0 (-22) [ 1010.349182][ T10] usb 2-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1010.443644][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1010.485093][ T10] usb 2-1: Product: syz [ 1010.536686][T18293] usb 6-1: USB disconnect, device number 6 [ 1010.542116][ T10] usb 2-1: Manufacturer: syz [ 1010.566340][ T10] usb 2-1: SerialNumber: syz [ 1010.606697][ T10] usb 2-1: config 0 descriptor?? [ 1010.641429][T18790] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 1010.654261][T18790] raw-gadget.3 gadget.1: fail, usb_ep_enable returned -22 [ 1010.708746][ T10] ums-usbat 2-1:0.230: USB Mass Storage device detected [ 1010.753571][ T10] ums-usbat 2-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1011.316721][T13298] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 1011.478183][T13298] usb 6-1: config 0 interface 0 altsetting 8 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1011.501858][T13298] usb 6-1: config 0 interface 0 has no altsetting 0 [ 1011.512483][T13298] usb 6-1: New USB device found, idVendor=04b4, idProduct=0001, bcdDevice= 0.00 [ 1011.523721][T13298] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1011.756909][T13298] usb 6-1: config 0 descriptor?? [ 1012.047707][ T92] usb 3-1: USB disconnect, device number 31 [ 1012.162170][T18817] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3302'. [ 1012.270251][T18817] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3302'. [ 1012.636644][ T92] usb 3-1: new full-speed USB device number 32 using dummy_hcd [ 1012.659390][T13298] usbhid 6-1:0.0: can't add hid device: -71 [ 1012.697607][T13298] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1012.734582][T13298] usb 6-1: USB disconnect, device number 7 [ 1012.803575][T18826] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3304'. [ 1012.850176][ T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 1012.912424][ T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1012.957083][ T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 1012.971676][ T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1012.989322][ T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 1013.007778][ T10] ums-usbat 2-1:0.230: probe with driver ums-usbat failed with error -5 [ 1013.052495][ T92] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1013.102285][ T92] usb 3-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9 [ 1013.139172][ T92] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1013.177107][ T92] usb 3-1: Product: syz [ 1013.181616][ T92] usb 3-1: Manufacturer: syz [ 1013.217606][ T92] usb 3-1: SerialNumber: syz [ 1013.236542][ T92] usb 3-1: config 0 descriptor?? [ 1013.241718][T18833] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3305'. [ 1013.251741][ T92] ti_usb_3410_5052 3-1:0.0: TI USB 5052 2 port adapter converter detected [ 1013.252176][ T92] ti_usb_3410_5052 3-1:0.0: missing endpoints [ 1013.454354][ T43] usb 3-1: USB disconnect, device number 32 [ 1014.045311][ T43] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 1014.208174][ T43] usb 6-1: config 0 has no interfaces? [ 1014.229110][ T43] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1014.242139][ T43] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1014.254584][ T43] usb 6-1: Product: syz [ 1014.258996][ T43] usb 6-1: Manufacturer: syz [ 1014.263812][ T43] usb 6-1: SerialNumber: syz [ 1014.276076][ T24] usb 2-1: USB disconnect, device number 57 [ 1014.295533][ T43] usb 6-1: config 0 descriptor?? [ 1014.532846][T18293] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 1014.566731][T18866] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3315'. [ 1014.761987][T18866] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3315'. [ 1014.777616][T18293] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1014.789276][T18293] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1014.800056][T18293] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1014.811584][T18293] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1014.852182][T18869] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3315'. [ 1014.852805][T18858] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1014.936764][T18844] syzkaller1: entered promiscuous mode [ 1014.963149][T18293] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1014.986167][T18844] syzkaller1: entered allmulticast mode [ 1015.564209][ T9] usb 6-1: USB disconnect, device number 8 [ 1015.566782][T18293] usb 4-1: USB disconnect, device number 40 [ 1015.831897][T18877] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3317'. [ 1016.001042][T18879] A link change request failed with some changes committed already. Interface veth0_macvtap may have been left with an inconsistent configuration, please check. [ 1016.523158][T18892] netlink: 52 bytes leftover after parsing attributes in process `syz.5.3321'. [ 1016.580124][T18896] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3323'. [ 1017.572289][T18913] __nla_validate_parse: 1 callbacks suppressed [ 1017.572304][T18913] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3326'. [ 1017.596520][T18913] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3326'. [ 1017.647285][T18919] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3326'. [ 1018.555603][ T5950] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1018.791241][ T5950] usb 3-1: config 0 has no interfaces? [ 1018.941750][ T9] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 1018.978213][ T5950] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1019.073106][ T5950] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1019.105463][ T5950] usb 3-1: Product: syz [ 1019.111165][ T5950] usb 3-1: Manufacturer: syz [ 1019.158915][ T5950] usb 3-1: SerialNumber: syz [ 1019.276123][ T9] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1019.326782][ T9] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1019.365966][ T5950] usb 3-1: config 0 descriptor?? [ 1019.383257][ T9] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1019.425740][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1019.666570][T18936] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1019.711925][ T9] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1020.498365][ T9] usb 4-1: USB disconnect, device number 41 [ 1020.574649][T13298] usb 3-1: USB disconnect, device number 33 [ 1020.839898][T18954] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3334'. [ 1021.153227][T18968] netlink: 52 bytes leftover after parsing attributes in process `syz.2.3338'. [ 1023.065344][ T9] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 1023.225912][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 1023.245914][ T9] usb 2-1: config 0 interface 0 altsetting 42 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1023.286814][ T9] usb 2-1: config 0 interface 0 has no altsetting 0 [ 1023.385509][ T9] usb 2-1: New USB device found, idVendor=056a, idProduct=00d6, bcdDevice= 0.00 [ 1023.466372][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1023.530436][ T9] usb 2-1: config 0 descriptor?? [ 1025.075096][T18293] usb 2-1: USB disconnect, device number 58 [ 1025.208293][T18970] syz.5.3335 (18970): drop_caches: 2 [ 1025.816668][ T10] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 1025.908645][ T5957] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 1026.000877][ T10] usb 3-1: config 0 has no interfaces? [ 1026.016419][ T10] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1026.065315][ T5957] usb 4-1: Using ep0 maxpacket: 16 [ 1026.091918][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1026.137132][ T5957] usb 4-1: config 0 has no interfaces? [ 1026.179465][ T10] usb 3-1: Product: syz [ 1026.251251][ T10] usb 3-1: Manufacturer: syz [ 1026.300136][ T10] usb 3-1: SerialNumber: syz [ 1026.306058][ T5957] usb 4-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 1026.330166][ T5957] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1026.364743][ T10] usb 3-1: config 0 descriptor?? [ 1026.384173][ T5957] usb 4-1: Product: syz [ 1026.391656][T19012] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3347'. [ 1026.423368][ T5957] usb 4-1: Manufacturer: syz [ 1026.439907][T19012] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3347'. [ 1026.458274][ T5957] usb 4-1: SerialNumber: syz [ 1026.586257][ T5957] usb 4-1: config 0 descriptor?? [ 1026.607103][T19018] netlink: 80 bytes leftover after parsing attributes in process `syz.0.3350'. [ 1026.931748][ T5950] usb 3-1: USB disconnect, device number 34 [ 1027.048836][T19009] tipc: Enabling of bearer rejected, already enabled [ 1029.007374][T19036] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3355'. [ 1029.147555][T18293] usb 4-1: USB disconnect, device number 42 [ 1030.195374][T18293] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 1030.440224][T19060] netlink: 204 bytes leftover after parsing attributes in process `syz.0.3361'. [ 1030.465077][T18293] usb 4-1: Using ep0 maxpacket: 16 [ 1030.539626][T18293] usb 4-1: config 0 has no interfaces? [ 1030.605150][T18293] usb 4-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 1030.625144][T18293] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1030.635290][ T5950] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 1030.713599][T18293] usb 4-1: Product: syz [ 1030.752596][T18293] usb 4-1: Manufacturer: syz [ 1030.758957][T18293] usb 4-1: SerialNumber: syz [ 1031.149258][T18293] usb 4-1: config 0 descriptor?? [ 1031.176941][ T5950] usb 2-1: config 0 has no interfaces? [ 1031.186209][ T5950] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1031.200534][ T5950] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1031.209719][ T5950] usb 2-1: Product: syz [ 1031.235283][ T5950] usb 2-1: Manufacturer: syz [ 1031.245450][ T5950] usb 2-1: SerialNumber: syz [ 1031.256550][ T5950] usb 2-1: config 0 descriptor?? [ 1031.464310][T19054] tipc: Enabling of bearer rejected, already enabled [ 1031.895947][ T92] usb 2-1: USB disconnect, device number 59 [ 1031.903649][ T30] audit: type=1326 audit(1757301126.101:2824): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.0.3366" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32539 code=0x7ffc0000 [ 1032.049875][ T30] audit: type=1326 audit(1757301126.101:2825): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.0.3366" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32539 code=0x7ffc0000 [ 1032.074407][ C0] vkms_vblank_simulate: vblank timer overrun [ 1032.117835][ T30] audit: type=1326 audit(1757301126.101:2826): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.0.3366" exe="/root/syz-executor" sig=0 arch=40000003 syscall=81 compat=1 ip=0xf7f32539 code=0x7ffc0000 [ 1032.142619][ C0] vkms_vblank_simulate: vblank timer overrun [ 1032.661934][ T10] usb 4-1: USB disconnect, device number 43 [ 1032.705051][ T30] audit: type=1326 audit(1757301126.101:2827): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.0.3366" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32539 code=0x7ffc0000 [ 1032.802186][ T30] audit: type=1326 audit(1757301126.101:2828): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.0.3366" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f32539 code=0x7ffc0000 [ 1032.825621][ C0] vkms_vblank_simulate: vblank timer overrun [ 1032.876746][ T30] audit: type=1326 audit(1757301126.101:2829): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.0.3366" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f32539 code=0x7ffc0000 [ 1033.041996][ T30] audit: type=1326 audit(1757301126.101:2830): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.0.3366" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f32539 code=0x7ffc0000 [ 1033.158401][ T30] audit: type=1326 audit(1757301126.101:2831): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.0.3366" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f32539 code=0x7ffc0000 [ 1033.194115][ T10] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 1033.229648][ T30] audit: type=1326 audit(1757301126.101:2832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.0.3366" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f32539 code=0x7ffc0000 [ 1033.254718][ C0] vkms_vblank_simulate: vblank timer overrun [ 1033.265722][ T30] audit: type=1326 audit(1757301126.101:2833): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19072 comm="syz.0.3366" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f32539 code=0x7ffc0000 [ 1033.289450][ C0] vkms_vblank_simulate: vblank timer overrun [ 1033.426871][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 1033.438552][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1033.456980][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1033.507852][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1033.536554][ T10] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1033.548464][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1033.569567][ T10] usb 2-1: config 0 descriptor?? [ 1035.049743][ T10] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0025/input/input43 [ 1035.276266][ T10] microsoft 0003:045E:07DA.0025: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 1035.626935][ T5950] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 1035.779798][ T10] usb 2-1: USB disconnect, device number 60 [ 1035.805841][ T5950] usb 6-1: Using ep0 maxpacket: 16 [ 1035.838165][ T5950] usb 6-1: config 0 has no interfaces? [ 1035.891709][ T5950] usb 6-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 1035.945165][ T5950] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1035.971578][ T5950] usb 6-1: Product: syz [ 1035.983374][ T5950] usb 6-1: Manufacturer: syz [ 1036.005550][ T5950] usb 6-1: SerialNumber: syz [ 1036.024762][ T5950] usb 6-1: config 0 descriptor?? [ 1036.690614][T19118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3376'. [ 1036.748588][T19118] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3376'. [ 1036.915838][T19118] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3376'. [ 1037.251717][T19121] netlink: 28 bytes leftover after parsing attributes in process `syz.3.3377'. [ 1037.995724][T19135] FAULT_INJECTION: forcing a failure. [ 1037.995724][T19135] name failslab, interval 1, probability 0, space 0, times 0 [ 1038.075735][T19135] CPU: 0 UID: 0 PID: 19135 Comm: syz.1.3384 Not tainted syzkaller #0 PREEMPT(full) [ 1038.075767][T19135] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1038.075778][T19135] Call Trace: [ 1038.075787][T19135] [ 1038.075795][T19135] dump_stack_lvl+0x189/0x250 [ 1038.075824][T19135] ? __pfx____ratelimit+0x10/0x10 [ 1038.075843][T19135] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1038.075866][T19135] ? __pfx__printk+0x10/0x10 [ 1038.075899][T19135] ? __pfx___might_resched+0x10/0x10 [ 1038.075916][T19135] ? fs_reclaim_acquire+0x7d/0x100 [ 1038.075951][T19135] should_fail_ex+0x414/0x560 [ 1038.075985][T19135] should_failslab+0xa8/0x100 [ 1038.076016][T19135] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 1038.076042][T19135] ? __d_alloc+0x36/0x7a0 [ 1038.076068][T19135] __d_alloc+0x36/0x7a0 [ 1038.076097][T19135] d_alloc_parallel+0xe5/0x15e0 [ 1038.076136][T19135] ? __lock_acquire+0xab9/0xd20 [ 1038.076171][T19135] ? __pfx_d_alloc_parallel+0x10/0x10 [ 1038.076198][T19135] ? __raw_spin_lock_init+0x45/0x100 [ 1038.076222][T19135] ? __init_waitqueue_head+0xa9/0x150 [ 1038.076251][T19135] __lookup_slow+0x116/0x3d0 [ 1038.076278][T19135] ? __pfx___lookup_slow+0x10/0x10 [ 1038.076312][T19135] ? d_lookup+0x8a/0xa0 [ 1038.076333][T19135] ? lookup_noperm+0x112/0x220 [ 1038.076360][T19135] simple_start_creating+0xfd/0x1e0 [ 1038.076380][T19135] ? __pfx_simple_start_creating+0x10/0x10 [ 1038.076413][T19135] start_creating+0x10f/0x180 [ 1038.076443][T19135] __debugfs_create_file+0x79/0x4f0 [ 1038.076479][T19135] debugfs_create_file_full+0x3f/0x60 [ 1038.076512][T19135] ref_tracker_dir_debugfs+0x14e/0x270 [ 1038.076532][T19135] ? __pfx_ref_tracker_dir_debugfs+0x10/0x10 [ 1038.076593][T19135] ? rcu_is_watching+0x15/0xb0 [ 1038.076613][T19135] ? alloc_netdev_mqs+0xa3/0x11b0 [ 1038.076645][T19135] ? __raw_spin_lock_init+0x45/0x100 [ 1038.076672][T19135] alloc_netdev_mqs+0x26f/0x11b0 [ 1038.076697][T19135] ? __pfx_ipip_tunnel_setup+0x10/0x10 [ 1038.076724][T19135] rtnl_create_link+0x31f/0xd10 [ 1038.076759][T19135] rtnl_newlink_create+0x25c/0xb00 [ 1038.076787][T19135] ? __lock_acquire+0xab9/0xd20 [ 1038.076821][T19135] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 1038.076847][T19135] ? __pfx___mutex_lock+0x10/0x10 [ 1038.076881][T19135] ? ns_capable+0x8a/0xf0 [ 1038.076905][T19135] rtnl_newlink+0x16d6/0x1c70 [ 1038.076928][T19135] ? netlink_sendmsg+0x805/0xb30 [ 1038.076964][T19135] ? __pfx_rtnl_newlink+0x10/0x10 [ 1038.077014][T19135] ? kasan_quarantine_put+0xdd/0x220 [ 1038.077038][T19135] ? lockdep_hardirqs_on+0x9c/0x150 [ 1038.077064][T19135] ? nlmon_xmit+0xb0/0x100 [ 1038.077084][T19135] ? kmem_cache_free+0x18f/0x400 [ 1038.077119][T19135] ? __local_bh_enable_ip+0x12d/0x1c0 [ 1038.077138][T19135] ? lockdep_hardirqs_on+0x9c/0x150 [ 1038.077159][T19135] ? __local_bh_enable_ip+0x12d/0x1c0 [ 1038.077179][T19135] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1038.077202][T19135] ? __dev_queue_xmit+0x27b/0x3b50 [ 1038.077225][T19135] ? __dev_queue_xmit+0x27b/0x3b50 [ 1038.077246][T19135] ? __dev_queue_xmit+0x27b/0x3b50 [ 1038.077272][T19135] ? __dev_queue_xmit+0x1d79/0x3b50 [ 1038.077303][T19135] ? __lock_acquire+0xab9/0xd20 [ 1038.077363][T19135] ? __pfx_rtnl_newlink+0x10/0x10 [ 1038.077382][T19135] rtnetlink_rcv_msg+0x7cf/0xb70 [ 1038.077408][T19135] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 1038.077427][T19135] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1038.077445][T19135] ? ref_tracker_free+0x63a/0x7d0 [ 1038.077464][T19135] ? __asan_memcpy+0x40/0x70 [ 1038.077484][T19135] ? __pfx_ref_tracker_free+0x10/0x10 [ 1038.077500][T19135] ? __skb_clone+0x63/0x7a0 [ 1038.077536][T19135] netlink_rcv_skb+0x205/0x470 [ 1038.077558][T19135] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1038.077580][T19135] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1038.077623][T19135] ? netlink_deliver_tap+0x2e/0x1b0 [ 1038.077655][T19135] netlink_unicast+0x82c/0x9e0 [ 1038.077696][T19135] ? __pfx_netlink_unicast+0x10/0x10 [ 1038.077727][T19135] ? netlink_sendmsg+0x642/0xb30 [ 1038.077746][T19135] ? skb_put+0x11b/0x210 [ 1038.077771][T19135] netlink_sendmsg+0x805/0xb30 [ 1038.077803][T19135] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1038.077828][T19135] ? __import_iovec+0x5d4/0x7f0 [ 1038.077850][T19135] ? aa_sock_msg_perm+0xf1/0x1d0 [ 1038.077872][T19135] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1038.077893][T19135] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1038.077915][T19135] __sock_sendmsg+0x21c/0x270 [ 1038.077954][T19135] ____sys_sendmsg+0x505/0x830 [ 1038.077986][T19135] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1038.078030][T19135] ___sys_sendmsg+0x21f/0x2a0 [ 1038.078057][T19135] ? __pfx____sys_sendmsg+0x10/0x10 [ 1038.078127][T19135] ? __fget_files+0x2a/0x420 [ 1038.078145][T19135] ? __fget_files+0x3a0/0x420 [ 1038.078176][T19135] __sys_sendmsg+0x164/0x220 [ 1038.078203][T19135] ? __pfx___sys_sendmsg+0x10/0x10 [ 1038.078248][T19135] ? lockdep_hardirqs_on+0x9c/0x150 [ 1038.078271][T19135] __do_fast_syscall_32+0xb6/0x2b0 [ 1038.078294][T19135] ? lockdep_hardirqs_on+0x9c/0x150 [ 1038.078319][T19135] do_fast_syscall_32+0x34/0x80 [ 1038.078340][T19135] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1038.078363][T19135] RIP: 0023:0xf70ce539 [ 1038.078383][T19135] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1038.078399][T19135] RSP: 002b:00000000f54be55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1038.078422][T19135] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 0000000080000140 [ 1038.078436][T19135] RDX: 0000000000084000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1038.078448][T19135] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1038.078458][T19135] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1038.078470][T19135] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1038.078500][T19135] [ 1038.851422][ T5950] usb 6-1: USB disconnect, device number 9 [ 1040.466498][T19159] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3390'. [ 1041.687800][T19179] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3394'. [ 1041.698516][T19179] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3394'. [ 1041.747869][T19179] netlink: 128 bytes leftover after parsing attributes in process `syz.1.3394'. [ 1042.795347][T18293] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 1042.961796][T19195] netlink: 'syz.1.3400': attribute type 1 has an invalid length. [ 1042.991513][T18293] usb 3-1: config 0 has no interfaces? [ 1043.016062][T18293] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1043.032847][T19195] bond2: entered promiscuous mode [ 1043.045034][T18293] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1043.063921][T18293] usb 3-1: Product: syz [ 1043.074084][T18293] usb 3-1: Manufacturer: syz [ 1043.082637][T19197] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1043.097589][T18293] usb 3-1: SerialNumber: syz [ 1043.117041][T18293] usb 3-1: config 0 descriptor?? [ 1043.164104][T19195] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1043.278319][T19194] bond2: (slave bridge4): making interface the new active one [ 1043.305583][T19194] bridge4: entered promiscuous mode [ 1043.316664][T19194] bond2: (slave bridge4): Enslaving as an active interface with an up link [ 1043.439561][ T5950] usb 3-1: USB disconnect, device number 35 [ 1046.006359][T19216] fuse: Bad value for 'fd' [ 1046.026992][ T5950] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 1046.240773][ T5950] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1046.272544][ T5950] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1046.325910][ T5950] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1046.385170][ T5950] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1046.446310][T19204] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1046.933500][ T5950] usb 4-1: can't set config #27, error -71 [ 1046.959183][ T5950] usb 4-1: USB disconnect, device number 44 [ 1048.326185][T19217] trusted_key: encrypted_key: master key parameter 'defult$ôË<«:syz' is invalid [ 1049.117503][T19232] netlink: 'syz.3.3408': attribute type 1 has an invalid length. [ 1049.298456][T19232] bond1: entered promiscuous mode [ 1049.337886][T19232] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1049.338640][T19238] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1049.444328][T19237] bond1: (slave bridge1): making interface the new active one [ 1049.503007][T19242] netlink: 204 bytes leftover after parsing attributes in process `syz.1.3410'. [ 1049.525551][T19237] bridge1: entered promiscuous mode [ 1049.554007][T19237] bond1: (slave bridge1): Enslaving as an active interface with an up link [ 1051.040031][T18293] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 1051.277160][T18293] usb 3-1: config 0 has no interfaces? [ 1051.297905][T18293] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1051.308438][ T5950] usb 6-1: new high-speed USB device number 10 using dummy_hcd [ 1051.340936][T18293] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1051.376745][T18293] usb 3-1: Product: syz [ 1051.381260][T18293] usb 3-1: Manufacturer: syz [ 1051.418517][T18293] usb 3-1: SerialNumber: syz [ 1051.454480][T18293] usb 3-1: config 0 descriptor?? [ 1051.525332][ T5950] usb 6-1: Using ep0 maxpacket: 16 [ 1051.596286][ T5950] usb 6-1: config 0 has no interfaces? [ 1051.622582][ T5950] usb 6-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 1051.637858][ T5950] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1051.657297][ T5950] usb 6-1: Product: syz [ 1051.672727][ T5950] usb 6-1: Manufacturer: syz [ 1051.685182][ T5950] usb 6-1: SerialNumber: syz [ 1051.729604][ T5950] usb 6-1: config 0 descriptor?? [ 1052.049774][T18293] usb 3-1: USB disconnect, device number 36 [ 1052.113874][T19256] tipc: Started in network mode [ 1052.152714][T19256] tipc: Node identity 7f000001, cluster identity 4711 [ 1052.183138][T19256] tipc: New replicast peer: 0.0.0.0 [ 1052.213847][T19256] tipc: Enabled bearer , priority 10 [ 1052.332576][T19271] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3417'. [ 1052.554260][T19277] qrtr: Invalid version 0 [ 1052.934269][T19281] netlink: 'syz.2.3422': attribute type 1 has an invalid length. [ 1053.170190][T19287] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1053.325169][ T43] tipc: Node number set to 2130706433 [ 1053.374231][T19281] bond2: entered promiscuous mode [ 1053.414210][T19281] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1053.560067][T19284] bond2: (slave bridge3): making interface the new active one [ 1053.569101][T19294] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3425'. [ 1053.605338][T19284] bridge3: entered promiscuous mode [ 1053.627488][T19284] bond2: (slave bridge3): Enslaving as an active interface with an up link [ 1053.879375][ T43] usb 6-1: USB disconnect, device number 10 [ 1054.500539][T19317] netlink: 24 bytes leftover after parsing attributes in process `syz.1.3431'. [ 1054.630995][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.638179][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 1055.385911][ T92] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 1055.591566][ T92] usb 2-1: config 0 has no interfaces? [ 1055.606227][ T92] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 1055.625320][ T92] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1055.645671][ T92] usb 2-1: Product: syz [ 1055.654662][ T92] usb 2-1: Manufacturer: syz [ 1055.659713][ T92] usb 2-1: SerialNumber: syz [ 1055.761252][ T92] usb 2-1: config 0 descriptor?? [ 1056.063090][T18293] usb 2-1: USB disconnect, device number 61 [ 1056.110191][T19333] netlink: 'syz.5.3436': attribute type 1 has an invalid length. [ 1056.175633][T19333] bond2: entered promiscuous mode [ 1056.181692][T19333] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1056.237248][T19335] bond2: (slave bridge2): making interface the new active one [ 1056.250021][T19335] bridge2: entered promiscuous mode [ 1056.256824][T19333] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1056.257611][T19335] bond2: (slave bridge2): Enslaving as an active interface with an up link [ 1056.283839][T19337] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1056.532443][T19341] ip6erspan0: entered promiscuous mode [ 1056.813803][T19347] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3441'. [ 1056.837716][T19349] netlink: 108 bytes leftover after parsing attributes in process `syz.1.3440'. [ 1057.597790][T18293] usb 6-1: new full-speed USB device number 11 using dummy_hcd [ 1057.767635][T18293] usb 6-1: config 0 has an invalid interface number: 230 but max is 0 [ 1057.807621][T18293] usb 6-1: config 0 has no interface number 0 [ 1057.814851][T18293] usb 6-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 1057.827153][T18293] usb 6-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 1057.846048][T18293] usb 6-1: config 0 interface 230 has no altsetting 0 [ 1057.861091][T18293] usb 6-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1057.884245][T18293] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1057.893126][T18293] usb 6-1: Product: syz [ 1057.897754][T18293] usb 6-1: Manufacturer: syz [ 1057.905825][T18293] usb 6-1: SerialNumber: syz [ 1057.921632][T18293] usb 6-1: config 0 descriptor?? [ 1057.936089][T19361] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1057.952562][T19361] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1057.982897][T18293] ums-usbat 6-1:0.230: USB Mass Storage device detected [ 1058.076776][T18293] ums-usbat 6-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1058.581750][T19374] vivid-006: disconnect [ 1058.702111][T19375] FAULT_INJECTION: forcing a failure. [ 1058.702111][T19375] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1058.719937][T19375] CPU: 1 UID: 0 PID: 19375 Comm: syz.0.3447 Not tainted syzkaller #0 PREEMPT(full) [ 1058.719957][T19375] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1058.719964][T19375] Call Trace: [ 1058.719970][T19375] [ 1058.719975][T19375] dump_stack_lvl+0x189/0x250 [ 1058.719994][T19375] ? __pfx____ratelimit+0x10/0x10 [ 1058.720006][T19375] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1058.720020][T19375] ? __pfx__printk+0x10/0x10 [ 1058.720036][T19375] ? __might_fault+0xb0/0x130 [ 1058.720057][T19375] should_fail_ex+0x414/0x560 [ 1058.720077][T19375] _copy_from_user+0x2d/0xb0 [ 1058.720092][T19375] get_compat_msghdr+0xad/0x4a0 [ 1058.720109][T19375] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1058.720129][T19375] ___sys_sendmsg+0x193/0x2a0 [ 1058.720145][T19375] ? __pfx____sys_sendmsg+0x10/0x10 [ 1058.720180][T19375] ? __fget_files+0x2a/0x420 [ 1058.720190][T19375] ? __fget_files+0x3a0/0x420 [ 1058.720206][T19375] __sys_sendmmsg+0x28e/0x430 [ 1058.720224][T19375] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1058.720243][T19375] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1058.720266][T19375] ? ksys_write+0x22a/0x250 [ 1058.720287][T19375] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 1058.720362][T19375] __do_fast_syscall_32+0xb6/0x2b0 [ 1058.720375][T19375] ? lockdep_hardirqs_on+0x9c/0x150 [ 1058.720389][T19375] do_fast_syscall_32+0x34/0x80 [ 1058.720401][T19375] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1058.720415][T19375] RIP: 0023:0xf7f32539 [ 1058.720426][T19375] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1058.720436][T19375] RSP: 002b:00000000f542555c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 1058.720450][T19375] RAX: ffffffffffffffda RBX: 0000000000000008 RCX: 0000000080003b80 [ 1058.720462][T19375] RDX: 0000000004000070 RSI: 0000000000008000 RDI: 0000000000000000 [ 1058.720470][T19375] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1058.720476][T19375] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1058.720483][T19375] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1058.720501][T19375] [ 1059.248555][T19373] vivid-006: reconnect [ 1060.231249][T18293] ums-usbat 6-1:0.230: probe with driver ums-usbat failed with error -5 [ 1060.246780][ T5950] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1060.415673][ T5950] usb 3-1: Using ep0 maxpacket: 16 [ 1060.442753][ T5950] usb 3-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.02 [ 1060.506000][ T5950] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1060.553411][ T5950] usb 3-1: Product: syz [ 1060.560768][ T5950] usb 3-1: Manufacturer: syz [ 1060.567760][ T5950] usb 3-1: SerialNumber: syz [ 1060.586534][ T5950] usb 3-1: config 0 descriptor?? [ 1060.600443][ T5950] go7007 3-1:0.0: probe with driver go7007 failed with error -12 [ 1060.728636][T19397] netlink: 24 bytes leftover after parsing attributes in process `syz.3.3455'. [ 1060.830059][T19392] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1060.850239][T19392] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1060.918320][ T9] usb 3-1: USB disconnect, device number 37 [ 1061.037811][T19400] netlink: 108 bytes leftover after parsing attributes in process `syz.3.3456'. [ 1061.327094][T13298] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 1061.497951][T13298] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1061.548680][T18293] usb 6-1: USB disconnect, device number 11 [ 1061.549734][T13298] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1061.607485][T13298] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1061.648263][T13298] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1061.701678][T19402] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 1061.733238][T13298] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1061.761194][T19410] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3460'. [ 1061.988198][T13298] usb 2-1: USB disconnect, device number 62 [ 1063.093247][ T24] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 1063.314050][T19433] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3467'. [ 1063.366429][ T24] usb 3-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 1063.396973][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1063.450348][ T24] usb 3-1: Product: syz [ 1063.469350][ T24] usb 3-1: Manufacturer: syz [ 1063.489675][ T24] usb 3-1: SerialNumber: syz [ 1063.564231][ T24] usb 3-1: config 0 descriptor?? [ 1063.841956][T19424] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1063.901452][T19424] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1063.952909][ T5950] usb 3-1: USB disconnect, device number 38 [ 1064.144656][T19443] qrtr: Invalid version 0 [ 1064.315772][T19445] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3472'. [ 1064.365303][ T24] usb 6-1: new high-speed USB device number 12 using dummy_hcd [ 1064.379660][ C1] raw-gadget.0 gadget.5: ignoring, device is not running [ 1064.526593][ T24] usb 6-1: device descriptor read/64, error -32 [ 1064.686233][ T9] usb 2-1: new full-speed USB device number 63 using dummy_hcd [ 1064.785678][ T24] usb 6-1: new high-speed USB device number 13 using dummy_hcd [ 1064.836383][T13298] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 1064.870508][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1064.886400][ T9] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1064.902443][ T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1064.913548][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1064.923023][ T9] usb 2-1: Product: syz [ 1064.925302][ T24] usb 6-1: device descriptor read/64, error -71 [ 1064.927830][ T9] usb 2-1: Manufacturer: syz [ 1064.939856][ T9] usb 2-1: SerialNumber: syz [ 1065.012676][T13298] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1065.024548][T13298] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1065.036462][T13298] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1065.046627][T13298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1065.055599][ T24] usb usb6-port1: attempt power cycle [ 1065.076080][T19456] raw-gadget.3 gadget.3: fail, usb_ep_enable returned -22 [ 1065.163429][T19453] netlink: 'syz.1.3475': attribute type 39 has an invalid length. [ 1065.217655][ T9] usb 2-1: 0:2 : does not exist [ 1065.236425][ T9] usb 2-1: 5:0: failed to get current value for ch 0 (-22) [ 1065.263215][T13298] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1065.279920][ T9] usb 2-1: USB disconnect, device number 63 [ 1065.395476][ T24] usb 6-1: new high-speed USB device number 14 using dummy_hcd [ 1065.397046][T13298] usb 4-1: USB disconnect, device number 45 [ 1065.431622][ T24] usb 6-1: device descriptor read/8, error -71 [ 1065.477322][ T6022] udevd[6022]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1065.695328][ T24] usb 6-1: new high-speed USB device number 15 using dummy_hcd [ 1065.979455][ T24] usb 6-1: device descriptor read/8, error -71 [ 1066.116806][ T24] usb usb6-port1: unable to enumerate USB device [ 1066.620795][T19480] qrtr: Invalid version 0 [ 1066.805059][T18293] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 1066.915639][T19482] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1066.955160][T18293] usb 4-1: device descriptor read/64, error -71 [ 1067.225357][T18293] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 1067.233582][T19485] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3487'. [ 1067.388586][T18293] usb 4-1: device descriptor read/64, error -71 [ 1067.518715][T18293] usb usb4-port1: attempt power cycle [ 1067.875544][T18293] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 1067.922235][T18293] usb 4-1: device descriptor read/8, error -71 [ 1068.165072][T18293] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 1068.213078][T19498] netlink: 108 bytes leftover after parsing attributes in process `syz.0.3491'. [ 1068.235212][T18293] usb 4-1: device descriptor read/8, error -71 [ 1068.355800][T18293] usb usb4-port1: unable to enumerate USB device [ 1068.667286][T19502] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3492'. [ 1069.122497][T19514] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3494'. [ 1069.400001][T19519] FAULT_INJECTION: forcing a failure. [ 1069.400001][T19519] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1069.500411][T19519] CPU: 1 UID: 0 PID: 19519 Comm: syz.2.3496 Not tainted syzkaller #0 PREEMPT(full) [ 1069.500441][T19519] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1069.500453][T19519] Call Trace: [ 1069.500461][T19519] [ 1069.500470][T19519] dump_stack_lvl+0x189/0x250 [ 1069.500498][T19519] ? __pfx____ratelimit+0x10/0x10 [ 1069.500519][T19519] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1069.500541][T19519] ? __pfx__printk+0x10/0x10 [ 1069.500568][T19519] ? __might_fault+0xb0/0x130 [ 1069.500606][T19519] should_fail_ex+0x414/0x560 [ 1069.500639][T19519] _copy_from_user+0x2d/0xb0 [ 1069.500664][T19519] get_compat_msghdr+0xad/0x4a0 [ 1069.500693][T19519] ? __pfx_get_compat_msghdr+0x10/0x10 [ 1069.500730][T19519] ___sys_sendmsg+0x193/0x2a0 [ 1069.500769][T19519] ? __pfx____sys_sendmsg+0x10/0x10 [ 1069.500830][T19519] ? __fget_files+0x2a/0x420 [ 1069.500847][T19519] ? __fget_files+0x3a0/0x420 [ 1069.500873][T19519] __sys_sendmsg+0x164/0x220 [ 1069.500897][T19519] ? __pfx___sys_sendmsg+0x10/0x10 [ 1069.500938][T19519] ? lockdep_hardirqs_on+0x9c/0x150 [ 1069.500960][T19519] __do_fast_syscall_32+0xb6/0x2b0 [ 1069.500980][T19519] ? lockdep_hardirqs_on+0x9c/0x150 [ 1069.501003][T19519] do_fast_syscall_32+0x34/0x80 [ 1069.501023][T19519] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1069.501044][T19519] RIP: 0023:0xf710e539 [ 1069.501062][T19519] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1069.501076][T19519] RSP: 002b:00000000f54fe55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1069.501097][T19519] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000180 [ 1069.501119][T19519] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1069.501130][T19519] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1069.501141][T19519] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1069.501153][T19519] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1069.501181][T19519] [ 1069.723794][ C1] vkms_vblank_simulate: vblank timer overrun [ 1070.017251][T19532] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1070.110445][ T30] audit: type=1326 audit(1757301164.331:2834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19520 comm="syz.5.3498" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f47539 code=0x0 [ 1070.295762][T19538] netlink: 108 bytes leftover after parsing attributes in process `syz.2.3505'. [ 1070.395901][T19540] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3506'. [ 1070.880581][T19547] netlink: 212408 bytes leftover after parsing attributes in process `syz.5.3508'. [ 1070.908601][T19547] netlink: zone id is out of range [ 1070.915056][T18293] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 1070.938661][T19547] netlink: zone id is out of range [ 1070.961225][T19547] netlink: zone id is out of range [ 1070.983219][T19547] netlink: get zone limit has 8 unknown bytes [ 1071.079377][T18293] usb 2-1: device descriptor read/64, error -71 [ 1071.217462][T19557] FAULT_INJECTION: forcing a failure. [ 1071.217462][T19557] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1071.252475][T19557] CPU: 0 UID: 0 PID: 19557 Comm: syz.3.3511 Not tainted syzkaller #0 PREEMPT(full) [ 1071.252504][T19557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1071.252516][T19557] Call Trace: [ 1071.252524][T19557] [ 1071.252533][T19557] dump_stack_lvl+0x189/0x250 [ 1071.252560][T19557] ? __pfx____ratelimit+0x10/0x10 [ 1071.252580][T19557] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1071.252602][T19557] ? __pfx__printk+0x10/0x10 [ 1071.252636][T19557] should_fail_ex+0x414/0x560 [ 1071.252667][T19557] _copy_to_user+0x31/0xb0 [ 1071.252692][T19557] simple_read_from_buffer+0xe1/0x170 [ 1071.252722][T19557] proc_fail_nth_read+0x1b3/0x220 [ 1071.252747][T19557] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1071.252770][T19557] ? rw_verify_area+0x2a6/0x4d0 [ 1071.252837][T19557] ? __lock_acquire+0xab9/0xd20 [ 1071.252863][T19557] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1071.252885][T19557] vfs_read+0x200/0xa30 [ 1071.252907][T19557] ? fdget_pos+0x247/0x320 [ 1071.252929][T19557] ? __pfx___mutex_lock+0x10/0x10 [ 1071.252949][T19557] ? __pfx_vfs_read+0x10/0x10 [ 1071.252975][T19557] ? __fget_files+0x2a/0x420 [ 1071.252997][T19557] ? __fget_files+0x3a0/0x420 [ 1071.253013][T19557] ? __fget_files+0x2a/0x420 [ 1071.253039][T19557] ksys_read+0x145/0x250 [ 1071.253065][T19557] ? __pfx_ksys_read+0x10/0x10 [ 1071.253093][T19557] ? lockdep_hardirqs_on+0x9c/0x150 [ 1071.253114][T19557] __do_fast_syscall_32+0xb6/0x2b0 [ 1071.253134][T19557] ? lockdep_hardirqs_on+0x9c/0x150 [ 1071.253158][T19557] do_fast_syscall_32+0x34/0x80 [ 1071.253179][T19557] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1071.253203][T19557] RIP: 0023:0xf705e539 [ 1071.253221][T19557] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1071.253237][T19557] RSP: 002b:00000000f544e590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 1071.253260][T19557] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f544e620 [ 1071.253274][T19557] RDX: 000000000000000f RSI: 00000000f73d4ff4 RDI: 0000000000000000 [ 1071.253286][T19557] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 1071.253298][T19557] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1071.253310][T19557] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1071.253340][T19557] [ 1071.501335][T18293] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 1071.645049][T18293] usb 2-1: device descriptor read/64, error -71 [ 1071.675377][T19562] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1071.763093][T18293] usb usb2-port1: attempt power cycle [ 1072.115629][T18293] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 1072.160657][T18293] usb 2-1: device descriptor read/8, error -71 [ 1072.409420][T18293] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 1072.489309][T18293] usb 2-1: device descriptor read/8, error -71 [ 1072.647268][T18293] usb usb2-port1: unable to enumerate USB device [ 1072.861259][T19580] FAULT_INJECTION: forcing a failure. [ 1072.861259][T19580] name failslab, interval 1, probability 0, space 0, times 0 [ 1072.895021][T19580] CPU: 0 UID: 0 PID: 19580 Comm: syz.5.3519 Not tainted syzkaller #0 PREEMPT(full) [ 1072.895050][T19580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1072.895061][T19580] Call Trace: [ 1072.895069][T19580] [ 1072.895078][T19580] dump_stack_lvl+0x189/0x250 [ 1072.895105][T19580] ? __pfx____ratelimit+0x10/0x10 [ 1072.895124][T19580] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1072.895153][T19580] ? __pfx__printk+0x10/0x10 [ 1072.895184][T19580] ? __pfx___might_resched+0x10/0x10 [ 1072.895202][T19580] ? fs_reclaim_acquire+0x7d/0x100 [ 1072.895235][T19580] should_fail_ex+0x414/0x560 [ 1072.895268][T19580] should_failslab+0xa8/0x100 [ 1072.895298][T19580] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 1072.895325][T19580] ? __alloc_skb+0x112/0x2d0 [ 1072.895351][T19580] __alloc_skb+0x112/0x2d0 [ 1072.895377][T19580] netlink_ack+0x146/0xa50 [ 1072.895393][T19580] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1072.895415][T19580] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 1072.895439][T19580] ? __pfx_nl80211_post_doit+0x10/0x10 [ 1072.895464][T19580] ? __asan_memcpy+0x40/0x70 [ 1072.895486][T19580] ? __pfx_ref_tracker_free+0x10/0x10 [ 1072.895514][T19580] netlink_rcv_skb+0x28c/0x470 [ 1072.895532][T19580] ? __lock_acquire+0xab9/0xd20 [ 1072.895560][T19580] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1072.895587][T19580] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1072.895629][T19580] ? down_read+0x1ad/0x2e0 [ 1072.895655][T19580] genl_rcv+0x28/0x40 [ 1072.895677][T19580] netlink_unicast+0x82c/0x9e0 [ 1072.895716][T19580] ? __pfx_netlink_unicast+0x10/0x10 [ 1072.895746][T19580] ? netlink_sendmsg+0x642/0xb30 [ 1072.895764][T19580] ? skb_put+0x11b/0x210 [ 1072.895790][T19580] netlink_sendmsg+0x805/0xb30 [ 1072.895822][T19580] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1072.895847][T19580] ? __import_iovec+0x5d4/0x7f0 [ 1072.895868][T19580] ? aa_sock_msg_perm+0xf1/0x1d0 [ 1072.895890][T19580] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1072.895912][T19580] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1072.895934][T19580] __sock_sendmsg+0x21c/0x270 [ 1072.895966][T19580] ____sys_sendmsg+0x505/0x830 [ 1072.895997][T19580] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1072.896041][T19580] ___sys_sendmsg+0x21f/0x2a0 [ 1072.896067][T19580] ? __pfx____sys_sendmsg+0x10/0x10 [ 1072.896141][T19580] ? __fget_files+0x2a/0x420 [ 1072.896158][T19580] ? __fget_files+0x3a0/0x420 [ 1072.896187][T19580] __sys_sendmsg+0x164/0x220 [ 1072.896212][T19580] ? __pfx___sys_sendmsg+0x10/0x10 [ 1072.896253][T19580] ? lockdep_hardirqs_on+0x9c/0x150 [ 1072.896275][T19580] __do_fast_syscall_32+0xb6/0x2b0 [ 1072.896296][T19580] ? lockdep_hardirqs_on+0x9c/0x150 [ 1072.896320][T19580] do_fast_syscall_32+0x34/0x80 [ 1072.896341][T19580] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1072.896363][T19580] RIP: 0023:0xf7f47539 [ 1072.896381][T19580] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1072.896396][T19580] RSP: 002b:00000000f545655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 1072.896417][T19580] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000180 [ 1072.896430][T19580] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 1072.896441][T19580] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1072.896452][T19580] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1072.896463][T19580] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1072.896494][T19580] [ 1073.748736][T19591] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3524'. [ 1073.782708][T19591] netlink: 128 bytes leftover after parsing attributes in process `syz.5.3524'. [ 1074.832288][T19607] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3529'. [ 1074.884668][T19607] netlink: 24 bytes leftover after parsing attributes in process `syz.0.3529'. [ 1075.190522][T19617] netlink: 6 bytes leftover after parsing attributes in process `syz.2.3532'. [ 1075.237061][T19617] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1075.342751][T19621] loop2: detected capacity change from 0 to 7 [ 1075.367434][T19621] Dev loop2: unable to read RDB block 7 [ 1075.385106][T19621] loop2: unable to read partition table [ 1075.414223][T19621] loop2: partition table beyond EOD, truncated [ 1075.492568][T19621] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 1076.125425][ T92] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 1076.298654][ T92] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1076.322882][ T92] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1076.346612][ T92] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1076.375275][ T92] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1076.401231][T19634] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1076.421460][ T92] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 1076.677692][ T92] usb 3-1: USB disconnect, device number 39 [ 1076.847282][T19648] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3544'. [ 1076.875701][T19648] netlink: 128 bytes leftover after parsing attributes in process `syz.5.3544'. [ 1077.270881][T19654] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3545'. [ 1077.282170][T19654] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3545'. [ 1079.072871][T19680] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3556'. [ 1079.109651][T19680] netlink: 128 bytes leftover after parsing attributes in process `syz.5.3556'. [ 1082.335170][ T5950] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 1082.587241][ T5950] usb 3-1: Using ep0 maxpacket: 32 [ 1082.765243][ T5950] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 1082.774777][ T5950] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1082.866169][ T5950] usb 3-1: Product: syz [ 1082.870666][ T5950] usb 3-1: Manufacturer: syz [ 1082.875512][ T5950] usb 3-1: SerialNumber: syz [ 1082.885095][ T5950] usb 3-1: config 0 descriptor?? [ 1082.914539][ T5950] cdc_ether 3-1:0.0: More than one union descriptor, skipping ... [ 1083.040470][ T5950] usb 3-1: bad CDC descriptors [ 1083.041873][T19721] ip6gretap1: entered promiscuous mode [ 1083.073527][ T5950] usb 3-1: unsupported MDLM descriptors [ 1083.145256][T19721] ip6gretap1: entered allmulticast mode [ 1083.231525][T19719] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1083.305686][T19719] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1083.504815][ T92] usb 3-1: USB disconnect, device number 40 [ 1083.775498][T19732] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3571'. [ 1083.792965][T19732] netlink: 24 bytes leftover after parsing attributes in process `syz.5.3571'. [ 1083.896649][ T5950] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 1084.039050][ T5950] usb 2-1: device descriptor read/64, error -71 [ 1084.285229][ T5950] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 1084.445058][ T5950] usb 2-1: device descriptor read/64, error -71 [ 1084.567811][ T5950] usb usb2-port1: attempt power cycle [ 1084.782365][T19754] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1084.925350][ T5950] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 1084.956064][ T5950] usb 2-1: device descriptor read/8, error -71 [ 1084.968326][T19758] binder: 19756:19758 ioctl 40044591 0 returned -22 [ 1085.018020][T19757] binder: 19756:19757 ioctl c0306201 80000040 returned -14 [ 1085.091193][T19762] binder: 19759:19762 ioctl 40044591 0 returned -22 [ 1085.099514][T19762] FAULT_INJECTION: forcing a failure. [ 1085.099514][T19762] name failslab, interval 1, probability 0, space 0, times 0 [ 1085.116705][T19762] CPU: 0 UID: 0 PID: 19762 Comm: syz.2.3581 Not tainted syzkaller #0 PREEMPT(full) [ 1085.116731][T19762] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1085.116740][T19762] Call Trace: [ 1085.116747][T19762] [ 1085.116754][T19762] dump_stack_lvl+0x189/0x250 [ 1085.116779][T19762] ? __pfx____ratelimit+0x10/0x10 [ 1085.116795][T19762] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1085.116812][T19762] ? __pfx__printk+0x10/0x10 [ 1085.116837][T19762] ? __pfx___might_resched+0x10/0x10 [ 1085.116850][T19762] ? fs_reclaim_acquire+0x7d/0x100 [ 1085.116876][T19762] should_fail_ex+0x414/0x560 [ 1085.116903][T19762] should_failslab+0xa8/0x100 [ 1085.116924][T19762] __kmalloc_noprof+0xcb/0x4f0 [ 1085.116941][T19762] ? kfree+0x4d/0x440 [ 1085.116956][T19762] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1085.116976][T19762] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1085.116993][T19762] ? tomoyo_domain+0xd9/0x130 [ 1085.117013][T19762] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1085.117033][T19762] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1085.117055][T19762] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1085.117091][T19762] ? __lock_acquire+0xab9/0xd20 [ 1085.117137][T19762] ? __fget_files+0x2a/0x420 [ 1085.117154][T19762] ? __fget_files+0x3a0/0x420 [ 1085.117166][T19762] ? __fget_files+0x2a/0x420 [ 1085.117182][T19762] security_file_ioctl_compat+0xcb/0x2d0 [ 1085.117206][T19762] __ia32_compat_sys_ioctl+0x128/0x840 [ 1085.117227][T19762] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 1085.117246][T19762] ? __fget_files+0x3a0/0x420 [ 1085.117265][T19762] ? fput+0xa0/0xd0 [ 1085.117280][T19762] ? ksys_write+0x22a/0x250 [ 1085.117307][T19762] ? lockdep_hardirqs_on+0x9c/0x150 [ 1085.117326][T19762] __do_fast_syscall_32+0xb6/0x2b0 [ 1085.117342][T19762] ? lockdep_hardirqs_on+0x9c/0x150 [ 1085.117360][T19762] do_fast_syscall_32+0x34/0x80 [ 1085.117376][T19762] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1085.117393][T19762] RIP: 0023:0xf710e539 [ 1085.117406][T19762] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 1085.117419][T19762] RSP: 002b:00000000f54dd55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 1085.117436][T19762] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000c0306201 [ 1085.117447][T19762] RDX: 0000000080000640 RSI: 0000000000000000 RDI: 0000000000000000 [ 1085.117457][T19762] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1085.117465][T19762] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 1085.117474][T19762] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 1085.117498][T19762] [ 1085.117508][T19762] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1085.215264][ T5950] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 1085.368163][ T92] usb 4-1: new full-speed USB device number 50 using dummy_hcd [ 1085.451955][T19760] binder: 19759:19760 ioctl c0306201 80000040 returned -14 [ 1085.548945][ T5950] usb 2-1: device descriptor read/8, error -71 [ 1085.597708][ T92] usb 4-1: config 0 has an invalid interface number: 230 but max is 0 [ 1085.602262][T19766] netlink: 28 bytes leftover after parsing attributes in process `syz.2.3583'. [ 1085.615002][ T92] usb 4-1: config 0 has no interface number 0 [ 1085.634364][ T92] usb 4-1: config 0 interface 230 altsetting 2 endpoint 0x2 has invalid maxpacket 512, setting to 64 [ 1085.666475][ T5950] usb usb2-port1: unable to enumerate USB device [ 1085.675047][ T92] usb 4-1: config 0 interface 230 altsetting 2 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 1085.692364][T19767] binder: 19765:19767 ioctl 40044591 0 returned -22 [ 1085.726412][ T92] usb 4-1: config 0 interface 230 has no altsetting 0 [ 1085.742557][ T92] usb 4-1: New USB device found, idVendor=0781, idProduct=0005, bcdDevice= 0.05 [ 1085.763925][ T92] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1085.797970][ T92] usb 4-1: Product: syz [ 1085.803161][ T92] usb 4-1: Manufacturer: syz [ 1085.821501][ T92] usb 4-1: SerialNumber: syz [ 1085.840688][ T92] usb 4-1: config 0 descriptor?? [ 1085.857464][T19763] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1085.876266][T19763] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1085.878907][T19772] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3585'. [ 1085.887737][ T92] ums-usbat 4-1:0.230: USB Mass Storage device detected [ 1085.930710][ T92] ums-usbat 4-1:0.230: Quirks match for vid 0781 pid 0005: 1 [ 1085.988264][T19772] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3585'. [ 1086.002274][T19772] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3585'. [ 1088.178303][ T92] ums-usbat 4-1:0.230: probe with driver ums-usbat failed with error -5 [ 1089.570999][ T92] usb 4-1: USB disconnect, device number 50 [ 1091.187060][ C1] [ 1091.189941][ C1] ======================================================== [ 1091.197674][ C1] WARNING: possible irq lock inversion dependency detected [ 1091.205065][ C1] syzkaller #0 Not tainted [ 1091.209742][ C1] -------------------------------------------------------- [ 1091.217044][ C1] ksoftirqd/1/23 just changed the state of lock: [ 1091.223379][ C1] ffff88802943a230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xa5/0x340 [ 1091.233660][ C1] but this lock took another, SOFTIRQ-READ-unsafe lock in the past: [ 1091.243923][ C1] (tasklist_lock){.+.+}-{3:3} [ 1091.243959][ C1] [ 1091.243959][ C1] [ 1091.243959][ C1] and interrupts could create inverse lock ordering between them. [ 1091.243959][ C1] [ 1091.265484][ C1] [ 1091.265484][ C1] other info that might help us debug this: [ 1091.274179][ C1] Chain exists of: [ 1091.274179][ C1] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 1091.274179][ C1] [ 1091.287763][ C1] Possible interrupt unsafe locking scenario: [ 1091.287763][ C1] [ 1091.297422][ C1] CPU0 CPU1 [ 1091.303235][ C1] ---- ---- [ 1091.308803][ C1] lock(tasklist_lock); [ 1091.313126][ C1] local_irq_disable(); [ 1091.321920][ C1] lock(&dev->event_lock#2); [ 1091.330731][ C1] lock(&client->buffer_lock); [ 1091.339104][ C1] [ 1091.343484][ C1] lock(&dev->event_lock#2); [ 1091.349862][ C1] [ 1091.349862][ C1] *** DEADLOCK *** [ 1091.349862][ C1] [ 1091.359510][ C1] 1 lock held by ksoftirqd/1/23: [ 1091.364569][ C1] #0: ffffffff8e139f20 (rcu_read_lock){....}-{1:3}, at: led_trigger_event+0x4b/0x210 [ 1091.375797][ C1] [ 1091.375797][ C1] the shortest dependencies between 2nd lock and 1st lock: [ 1091.386344][ C1] -> (tasklist_lock){.+.+}-{3:3} { [ 1091.393272][ C1] HARDIRQ-ON-R at: [ 1091.398187][ C1] lock_acquire+0x120/0x360 [ 1091.405998][ C1] _raw_read_lock+0x36/0x50 [ 1091.414618][ C1] __do_wait+0xde/0x740 [ 1091.423245][ C1] do_wait+0x1f8/0x520 [ 1091.431008][ C1] kernel_wait+0xab/0x170 [ 1091.438860][ C1] call_usermodehelper_exec_work+0xbe/0x230 [ 1091.447932][ C1] process_scheduled_works+0xae1/0x17b0 [ 1091.459126][ C1] worker_thread+0x8a0/0xda0 [ 1091.466867][ C1] kthread+0x70e/0x8a0 [ 1091.474741][ C1] ret_from_fork+0x3fc/0x770 [ 1091.482609][ C1] ret_from_fork_asm+0x1a/0x30 [ 1091.490526][ C1] SOFTIRQ-ON-R at: [ 1091.496262][ C1] lock_acquire+0x120/0x360 [ 1091.503834][ C1] _raw_read_lock+0x36/0x50 [ 1091.512282][ C1] __do_wait+0xde/0x740 [ 1091.519495][ C1] do_wait+0x1f8/0x520 [ 1091.526108][ C1] kernel_wait+0xab/0x170 [ 1091.532899][ C1] call_usermodehelper_exec_work+0xbe/0x230 [ 1091.541783][ C1] process_scheduled_works+0xae1/0x17b0 [ 1091.550917][ C1] worker_thread+0x8a0/0xda0 [ 1091.558888][ C1] kthread+0x70e/0x8a0 [ 1091.567275][ C1] ret_from_fork+0x3fc/0x770 [ 1091.575584][ C1] ret_from_fork_asm+0x1a/0x30 [ 1091.584219][ C1] INITIAL USE at: [ 1091.589799][ C1] lock_acquire+0x120/0x360 [ 1091.598410][ C1] _raw_write_lock_irq+0xa2/0xf0 [ 1091.607728][ C1] copy_process+0x224f/0x3c00 [ 1091.615390][ C1] kernel_clone+0x21e/0x840 [ 1091.624032][ C1] user_mode_thread+0xdd/0x140 [ 1091.633632][ C1] rest_init+0x23/0x300 [ 1091.640771][ C1] start_kernel+0x3a9/0x410 [ 1091.648277][ C1] x86_64_start_reservations+0x24/0x30 [ 1091.656737][ C1] x86_64_start_kernel+0x143/0x1c0 [ 1091.664861][ C1] common_startup_64+0x13e/0x147 [ 1091.673242][ C1] INITIAL READ USE at: [ 1091.679018][ C1] lock_acquire+0x120/0x360 [ 1091.687233][ C1] _raw_read_lock+0x36/0x50 [ 1091.695167][ C1] __do_wait+0xde/0x740 [ 1091.702787][ C1] do_wait+0x1f8/0x520 [ 1091.710447][ C1] kernel_wait+0xab/0x170 [ 1091.717734][ C1] call_usermodehelper_exec_work+0xbe/0x230 [ 1091.727585][ C1] process_scheduled_works+0xae1/0x17b0 [ 1091.736982][ C1] worker_thread+0x8a0/0xda0 [ 1091.747164][ C1] kthread+0x70e/0x8a0 [ 1091.754142][ C1] ret_from_fork+0x3fc/0x770 [ 1091.763283][ C1] ret_from_fork_asm+0x1a/0x30 [ 1091.772788][ C1] } [ 1091.775739][ C1] ... key at: [] tasklist_lock+0x18/0x40 [ 1091.784356][ C1] ... acquired at: [ 1091.789561][ C1] lock_acquire+0x120/0x360 [ 1091.795587][ C1] _raw_read_lock+0x36/0x50 [ 1091.801194][ C1] send_sigio+0x101/0x370 [ 1091.805721][ C1] dnotify_handle_event+0x169/0x440 [ 1091.811458][ C1] fsnotify+0x1671/0x1a80 [ 1091.816164][ C1] __fsnotify_parent+0x3fe/0x540 [ 1091.821304][ C1] notify_change+0xb70/0xe40 [ 1091.826336][ C1] file_remove_privs_flags+0x38d/0x5f0 [ 1091.832161][ C1] shmem_file_write_iter+0xa7/0x120 [ 1091.837626][ C1] vfs_write+0x5c6/0xb30 [ 1091.842217][ C1] ksys_write+0x145/0x250 [ 1091.846841][ C1] __do_fast_syscall_32+0xb6/0x2b0 [ 1091.852321][ C1] do_fast_syscall_32+0x34/0x80 [ 1091.858281][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1091.865098][ C1] [ 1091.867515][ C1] -> (&f_owner->lock){....}-{3:3} { [ 1091.873323][ C1] INITIAL USE at: [ 1091.877596][ C1] lock_acquire+0x120/0x360 [ 1091.884832][ C1] _raw_write_lock_irq+0xa2/0xf0 [ 1091.892732][ C1] __f_setown+0x67/0x370 [ 1091.899820][ C1] fcntl_dirnotify+0x3fa/0x6a0 [ 1091.907217][ C1] do_fcntl+0x6d0/0x1910 [ 1091.914080][ C1] do_compat_fcntl64+0x477/0x720 [ 1091.921318][ C1] __do_fast_syscall_32+0xb6/0x2b0 [ 1091.928899][ C1] do_fast_syscall_32+0x34/0x80 [ 1091.936215][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1091.945361][ C1] INITIAL READ USE at: [ 1091.949970][ C1] lock_acquire+0x120/0x360 [ 1091.957751][ C1] _raw_read_lock_irqsave+0xaf/0x100 [ 1091.966722][ C1] send_sigio+0x38/0x370 [ 1091.974474][ C1] dnotify_handle_event+0x169/0x440 [ 1091.982580][ C1] fsnotify+0x1814/0x1a80 [ 1091.989906][ C1] path_openat+0x171e/0x3830 [ 1091.997601][ C1] do_filp_open+0x1fa/0x410 [ 1092.005713][ C1] do_sys_openat2+0x121/0x1c0 [ 1092.014270][ C1] __ia32_compat_sys_open+0x117/0x140 [ 1092.022541][ C1] __do_fast_syscall_32+0xb6/0x2b0 [ 1092.031096][ C1] do_fast_syscall_32+0x34/0x80 [ 1092.038590][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1092.048726][ C1] } [ 1092.052152][ C1] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1092.061923][ C1] ... acquired at: [ 1092.066033][ C1] lock_acquire+0x120/0x360 [ 1092.070720][ C1] _raw_read_lock_irqsave+0xaf/0x100 [ 1092.076733][ C1] send_sigio+0x38/0x370 [ 1092.081673][ C1] kill_fasync+0x24d/0x4d0 [ 1092.086503][ C1] lease_break_callback+0x26/0x30 [ 1092.092584][ C1] __break_lease+0x6a2/0x1620 [ 1092.098265][ C1] do_dentry_open+0x8b7/0x13f0 [ 1092.103661][ C1] vfs_open+0x3b/0x340 [ 1092.108476][ C1] path_openat+0x2ee5/0x3830 [ 1092.113969][ C1] do_filp_open+0x1fa/0x410 [ 1092.119209][ C1] do_sys_openat2+0x121/0x1c0 [ 1092.124340][ C1] __ia32_compat_sys_openat+0x131/0x160 [ 1092.130249][ C1] __do_fast_syscall_32+0xb6/0x2b0 [ 1092.136236][ C1] do_fast_syscall_32+0x34/0x80 [ 1092.141728][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1092.148341][ C1] [ 1092.150790][ C1] -> (&new->fa_lock){...-}-{3:3} { [ 1092.157014][ C1] IN-SOFTIRQ-R at: [ 1092.162247][ C1] lock_acquire+0x120/0x360 [ 1092.170245][ C1] _raw_read_lock_irqsave+0xaf/0x100 [ 1092.178081][ C1] kill_fasync+0x199/0x4d0 [ 1092.184785][ C1] sock_wake_async+0x137/0x160 [ 1092.192468][ C1] sock_def_readable+0x3bb/0x550 [ 1092.199718][ C1] mptcp_data_ready+0x554/0xa50 [ 1092.206951][ C1] subflow_data_ready+0x2c0/0x7e0 [ 1092.214511][ C1] tcp_data_queue+0x2026/0x6380 [ 1092.222344][ C1] tcp_rcv_established+0xf9e/0x1eb0 [ 1092.229947][ C1] tcp_v4_do_rcv+0xa23/0xce0 [ 1092.237202][ C1] tcp_v4_rcv+0x26a6/0x2f40 [ 1092.244738][ C1] ip_protocol_deliver_rcu+0x221/0x440 [ 1092.252485][ C1] ip_local_deliver_finish+0x3bb/0x6f0 [ 1092.260248][ C1] NF_HOOK+0x309/0x3a0 [ 1092.266624][ C1] NF_HOOK+0x309/0x3a0 [ 1092.272847][ C1] __netif_receive_skb+0x143/0x380 [ 1092.280244][ C1] process_backlog+0x60e/0x14f0 [ 1092.287280][ C1] __napi_poll+0xc4/0x360 [ 1092.293613][ C1] net_rx_action+0x707/0xe30 [ 1092.300197][ C1] handle_softirqs+0x283/0x870 [ 1092.306963][ C1] run_ksoftirqd+0x9b/0x100 [ 1092.314016][ C1] smpboot_thread_fn+0x53f/0xa60 [ 1092.322095][ C1] kthread+0x70e/0x8a0 [ 1092.328396][ C1] ret_from_fork+0x3fc/0x770 [ 1092.335803][ C1] ret_from_fork_asm+0x1a/0x30 [ 1092.343587][ C1] INITIAL USE at: [ 1092.348321][ C1] lock_acquire+0x120/0x360 [ 1092.355421][ C1] _raw_write_lock_irq+0xa2/0xf0 [ 1092.362980][ C1] fasync_remove_entry+0xf1/0x1c0 [ 1092.371234][ C1] pipe_fasync+0xa9/0x1e0 [ 1092.377663][ C1] __fput+0x8a2/0xa70 [ 1092.384024][ C1] task_work_run+0x1d1/0x260 [ 1092.391337][ C1] exit_to_user_mode_loop+0xec/0x110 [ 1092.399954][ C1] __do_fast_syscall_32+0x1f4/0x2b0 [ 1092.407627][ C1] do_fast_syscall_32+0x34/0x80 [ 1092.414830][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1092.423481][ C1] INITIAL READ USE at: [ 1092.428292][ C1] lock_acquire+0x120/0x360 [ 1092.435824][ C1] _raw_read_lock_irqsave+0xaf/0x100 [ 1092.444969][ C1] kill_fasync+0x199/0x4d0 [ 1092.452643][ C1] pipe_release+0x19c/0x330 [ 1092.460489][ C1] __fput+0x449/0xa70 [ 1092.467660][ C1] task_work_run+0x1d1/0x260 [ 1092.475912][ C1] exit_to_user_mode_loop+0xec/0x110 [ 1092.485913][ C1] __do_fast_syscall_32+0x1f4/0x2b0 [ 1092.494722][ C1] do_fast_syscall_32+0x34/0x80 [ 1092.503656][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1092.513567][ C1] } [ 1092.516545][ C1] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1092.528221][ C1] ... acquired at: [ 1092.533617][ C1] lock_acquire+0x120/0x360 [ 1092.538732][ C1] _raw_read_lock_irqsave+0xaf/0x100 [ 1092.544580][ C1] kill_fasync+0x199/0x4d0 [ 1092.549770][ C1] evdev_pass_values+0x627/0xbd0 [ 1092.556041][ C1] evdev_events+0x1e6/0x340 [ 1092.563794][ C1] input_pass_values+0x288/0x890 [ 1092.570087][ C1] input_event_dispose+0x330/0x6b0 [ 1092.576357][ C1] input_inject_event+0x1dd/0x340 [ 1092.582022][ C1] evdev_write+0x2fc/0x480 [ 1092.586982][ C1] vfs_write+0x27b/0xb30 [ 1092.591664][ C1] ksys_write+0x145/0x250 [ 1092.596550][ C1] __do_fast_syscall_32+0xb6/0x2b0 [ 1092.603253][ C1] do_fast_syscall_32+0x34/0x80 [ 1092.609007][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1092.617455][ C1] [ 1092.620871][ C1] -> (&client->buffer_lock){....}-{3:3} { [ 1092.628461][ C1] INITIAL USE at: [ 1092.633103][ C1] lock_acquire+0x120/0x360 [ 1092.640560][ C1] _raw_spin_lock+0x2e/0x40 [ 1092.647443][ C1] evdev_pass_values+0xb9/0xbd0 [ 1092.655385][ C1] evdev_events+0x1e6/0x340 [ 1092.663141][ C1] input_pass_values+0x288/0x890 [ 1092.670558][ C1] input_event_dispose+0x330/0x6b0 [ 1092.679007][ C1] input_inject_event+0x1dd/0x340 [ 1092.686978][ C1] evdev_write+0x2fc/0x480 [ 1092.694220][ C1] vfs_write+0x27b/0xb30 [ 1092.702120][ C1] ksys_write+0x145/0x250 [ 1092.710621][ C1] __do_fast_syscall_32+0xb6/0x2b0 [ 1092.718553][ C1] do_fast_syscall_32+0x34/0x80 [ 1092.726990][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1092.737131][ C1] } [ 1092.740599][ C1] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 1092.751042][ C1] ... acquired at: [ 1092.756178][ C1] lock_acquire+0x120/0x360 [ 1092.765715][ C1] _raw_spin_lock+0x2e/0x40 [ 1092.771405][ C1] evdev_pass_values+0xb9/0xbd0 [ 1092.776639][ C1] evdev_events+0x1e6/0x340 [ 1092.781859][ C1] input_pass_values+0x288/0x890 [ 1092.787262][ C1] input_event_dispose+0x330/0x6b0 [ 1092.792816][ C1] input_inject_event+0x1dd/0x340 [ 1092.798836][ C1] evdev_write+0x2fc/0x480 [ 1092.804874][ C1] vfs_write+0x27b/0xb30 [ 1092.810299][ C1] ksys_write+0x145/0x250 [ 1092.815226][ C1] __do_fast_syscall_32+0xb6/0x2b0 [ 1092.821620][ C1] do_fast_syscall_32+0x34/0x80 [ 1092.827948][ C1] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 1092.834670][ C1] [ 1092.837562][ C1] -> (&dev->event_lock#2){..-.}-{3:3} { [ 1092.844325][ C1] IN-SOFTIRQ-W at: [ 1092.848688][ C1] lock_acquire+0x120/0x360 [ 1092.856126][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1092.863592][ C1] input_inject_event+0xa5/0x340 [ 1092.870644][ C1] led_trigger_event+0x138/0x210 [ 1092.877342][ C1] kbd_bh+0x1c6/0x2e0 [ 1092.883248][ C1] tasklet_action_common+0x36c/0x580 [ 1092.890903][ C1] handle_softirqs+0x283/0x870 [ 1092.898028][ C1] run_ksoftirqd+0x9b/0x100 [ 1092.904479][ C1] smpboot_thread_fn+0x53f/0xa60 [ 1092.911453][ C1] kthread+0x70e/0x8a0 [ 1092.917892][ C1] ret_from_fork+0x3fc/0x770 [ 1092.924423][ C1] ret_from_fork_asm+0x1a/0x30 [ 1092.931670][ C1] INITIAL USE at: [ 1092.936210][ C1] lock_acquire+0x120/0x360 [ 1092.942841][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1092.949897][ C1] input_inject_event+0xa5/0x340 [ 1092.956846][ C1] kbd_led_trigger_activate+0xbc/0x100 [ 1092.964480][ C1] led_trigger_set+0x52a/0x950 [ 1092.971401][ C1] led_trigger_set_default+0x260/0x2a0 [ 1092.978849][ C1] led_classdev_register_ext+0x73d/0x930 [ 1092.987027][ C1] input_leds_connect+0x517/0x790 [ 1092.995246][ C1] input_register_device+0xcfd/0x1140 [ 1093.003094][ C1] atkbd_connect+0x72e/0xa00 [ 1093.009923][ C1] serio_driver_probe+0x82/0xd0 [ 1093.017408][ C1] really_probe+0x26d/0x9e0 [ 1093.024295][ C1] __driver_probe_device+0x18c/0x2f0 [ 1093.032515][ C1] driver_probe_device+0x4f/0x430 [ 1093.041138][ C1] __driver_attach+0x452/0x700 [ 1093.048489][ C1] bus_for_each_dev+0x233/0x2b0 [ 1093.055922][ C1] serio_handle_event+0x1f9/0x8d0 [ 1093.063267][ C1] process_scheduled_works+0xae1/0x17b0 [ 1093.073013][ C1] worker_thread+0x8a0/0xda0 [ 1093.080291][ C1] kthread+0x70e/0x8a0 [ 1093.087079][ C1] ret_from_fork+0x3fc/0x770 [ 1093.094401][ C1] ret_from_fork_asm+0x1a/0x30 [ 1093.101960][ C1] } [ 1093.104477][ C1] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 1093.114192][ C1] ... acquired at: [ 1093.118365][ C1] mark_lock+0x11b/0x190 [ 1093.123141][ C1] __lock_acquire+0x680/0xd20 [ 1093.128491][ C1] lock_acquire+0x120/0x360 [ 1093.133644][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1093.139376][ C1] input_inject_event+0xa5/0x340 [ 1093.144987][ C1] led_trigger_event+0x138/0x210 [ 1093.151314][ C1] kbd_bh+0x1c6/0x2e0 [ 1093.155768][ C1] tasklet_action_common+0x36c/0x580 [ 1093.162741][ C1] handle_softirqs+0x283/0x870 [ 1093.168167][ C1] run_ksoftirqd+0x9b/0x100 [ 1093.174357][ C1] smpboot_thread_fn+0x53f/0xa60 [ 1093.179940][ C1] kthread+0x70e/0x8a0 [ 1093.184555][ C1] ret_from_fork+0x3fc/0x770 [ 1093.189777][ C1] ret_from_fork_asm+0x1a/0x30 [ 1093.195404][ C1] [ 1093.198079][ C1] [ 1093.198079][ C1] stack backtrace: [ 1093.205154][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) [ 1093.205174][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 1093.205185][ C1] Call Trace: [ 1093.205193][ C1] [ 1093.205201][ C1] dump_stack_lvl+0x189/0x250 [ 1093.205223][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1093.205239][ C1] ? __pfx__printk+0x10/0x10 [ 1093.205260][ C1] print_irq_inversion_bug+0x1d2/0x1e0 [ 1093.205277][ C1] mark_lock_irq+0x35f/0x390 [ 1093.205293][ C1] mark_lock+0x11b/0x190 [ 1093.205306][ C1] __lock_acquire+0x680/0xd20 [ 1093.205327][ C1] ? input_inject_event+0xa5/0x340 [ 1093.205345][ C1] lock_acquire+0x120/0x360 [ 1093.205362][ C1] ? input_inject_event+0xa5/0x340 [ 1093.205383][ C1] _raw_spin_lock_irqsave+0xa7/0xf0 [ 1093.205403][ C1] ? input_inject_event+0xa5/0x340 [ 1093.205419][ C1] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 1093.205437][ C1] ? led_trigger_event+0x4b/0x210 [ 1093.205453][ C1] ? led_trigger_event+0x4b/0x210 [ 1093.205468][ C1] input_inject_event+0xa5/0x340 [ 1093.205486][ C1] ? led_trigger_event+0x4b/0x210 [ 1093.205500][ C1] led_trigger_event+0x138/0x210 [ 1093.205515][ C1] kbd_bh+0x1c6/0x2e0 [ 1093.205534][ C1] tasklet_action_common+0x36c/0x580 [ 1093.205552][ C1] ? __pfx_tasklet_action_common+0x10/0x10 [ 1093.205568][ C1] ? workqueue_softirq_action+0xd4/0x150 [ 1093.205585][ C1] handle_softirqs+0x283/0x870 [ 1093.205599][ C1] ? run_ksoftirqd+0x9b/0x100 [ 1093.205615][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 1093.205629][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 1093.205643][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 1093.205655][ C1] run_ksoftirqd+0x9b/0x100 [ 1093.205669][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 1093.205686][ C1] smpboot_thread_fn+0x53f/0xa60 [ 1093.205699][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 1093.205715][ C1] kthread+0x70e/0x8a0 [ 1093.205731][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 1093.205744][ C1] ? __pfx_kthread+0x10/0x10 [ 1093.205759][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 1093.205778][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 1093.205798][ C1] ? __pfx_kthread+0x10/0x10 [ 1093.205814][ C1] ret_from_fork+0x3fc/0x770 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1093.205830][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 1093.205845][ C1] ? __switch_to_asm+0x39/0x70 [ 1093.205862][ C1] ? __switch_to_asm+0x33/0x70 [ 1093.205878][ C1] ? __pfx_kthread+0x10/0x10 [ 1093.205893][ C1] ret_from_fork_asm+0x1a/0x30 [ 1093.205914][ C1] [ 1094.262048][ T4531] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1094.372086][ T4531] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1094.482997][ T4531] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1094.580706][ T4531] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1094.691512][ T4531] team0: left allmulticast mode [ 1094.697774][ T4531] team_slave_0: left allmulticast mode [ 1094.703724][ T4531] team_slave_1: left allmulticast mode [ 1094.709985][ T4531] team0: left promiscuous mode [ 1094.715441][ T4531] team_slave_0: left promiscuous mode [ 1094.721643][ T4531] team_slave_1: left promiscuous mode [ 1094.727514][ T4531] bridge0: port 3(team0) entered disabled state [ 1094.738584][ T4531] bridge_slave_1: left allmulticast mode [ 1094.744380][ T4531] bridge_slave_1: left promiscuous mode [ 1094.750475][ T4531] bridge0: port 2(bridge_slave_1) entered disabled state [ 1094.760470][ T4531] bridge_slave_0: left allmulticast mode [ 1094.768001][ T4531] bridge_slave_0: left promiscuous mode [ 1094.774700][ T4531] bridge0: port 1(bridge_slave_0) entered disabled state [ 1094.949384][ T4531] bond1 (unregistering): (slave bridge1): Releasing backup interface [ 1094.959435][ T4531] bridge1 (unregistering): left promiscuous mode [ 1095.039346][ T4531] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1095.063139][ T4531] bond_slave_0: left allmulticast mode [ 1095.076734][ T4531] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1095.095919][ T4531] bond_slave_1: left allmulticast mode [ 1095.115844][ T4531] bond0 (unregistering): Released all slaves [ 1095.143532][ T4531] bond1 (unregistering): Released all slaves [ 1095.199375][ T4531] tipc: Disabling bearer [ 1095.209864][ T4531] tipc: Left network mode [ 1095.635713][ T4531] hsr_slave_0: left promiscuous mode [ 1095.655289][ T4531] hsr_slave_1: left promiscuous mode [ 1095.662843][ T4531] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1095.685184][ T4531] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1095.705656][ T4531] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1095.714688][ T4531] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1095.743298][ T4531] veth1_macvtap: left promiscuous mode [ 1095.750837][ T4531] veth0_macvtap: left promiscuous mode [ 1095.758930][ T4531] veth1_vlan: left promiscuous mode [ 1095.767014][ T4531] veth0_vlan: left promiscuous mode [ 1096.084124][ T4531] team0 (unregistering): Port device team_slave_1 removed [ 1096.135789][ T4531] team0 (unregistering): Port device team_slave_0 removed [ 1097.032508][ T4531] IPVS: stop unused estimator thread 0... [ 1097.112797][ T4531] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.158887][ T4531] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.219356][ T4531] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.281093][ T4531] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.368332][ T4531] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.419032][ T4531] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.488995][ T4531] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.559734][ T4531] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.726959][ T4531] netdevsim netdevsim5 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.773588][ T4531] netdevsim netdevsim5 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.822098][ T4531] netdevsim netdevsim5 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1097.893952][ T4531] netdevsim netdevsim5 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1098.009178][ T4531] bridge_slave_1: left allmulticast mode [ 1098.015421][ T4531] bridge_slave_1: left promiscuous mode [ 1098.024093][ T4531] bridge0: port 2(bridge_slave_1) entered disabled state [ 1098.034587][ T4531] bridge_slave_0: left allmulticast mode [ 1098.040633][ T4531] bridge_slave_0: left promiscuous mode [ 1098.048279][ T4531] bridge0: port 1(bridge_slave_0) entered disabled state [ 1098.058794][ T4531] bridge_slave_1: left allmulticast mode [ 1098.065439][ T4531] bridge_slave_1: left promiscuous mode [ 1098.071361][ T4531] bridge0: port 2(bridge_slave_1) entered disabled state [ 1098.082810][ T4531] bridge_slave_0: left allmulticast mode [ 1098.090129][ T4531] bridge_slave_0: left promiscuous mode [ 1098.102321][ T4531] bridge0: port 1(bridge_slave_0) entered disabled state [ 1098.130964][ T4531] bridge_slave_1: left allmulticast mode [ 1098.142657][ T4531] bridge_slave_1: left promiscuous mode [ 1098.154306][ T4531] bridge0: port 2(bridge_slave_1) entered disabled state [ 1098.180325][ T4531] bridge_slave_0: left allmulticast mode [ 1098.194713][ T4531] bridge_slave_0: left promiscuous mode [ 1098.212567][ T4531] bridge0: port 1(bridge_slave_0) entered disabled state [ 1098.379692][ T4531] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1098.393369][ T4531] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1098.404835][ T4531] bond0 (unregistering): Released all slaves [ 1098.448608][ T4531] bond1 (unregistering): (slave geneve2): Releasing active interface [ 1098.459291][ T4531] geneve2 (unregistering): left promiscuous mode [ 1098.687932][ T4531] bond2 (unregistering): (slave bridge4): Releasing backup interface [ 1098.696878][ T4531] bridge4 (unregistering): left promiscuous mode [ 1098.731358][ T4531] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1098.742270][ T4531] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1098.752513][ T4531] bond0 (unregistering): Released all slaves [ 1098.949562][ T4531] bond1 (unregistering): Released all slaves [ 1099.147539][ T4531] bond2 (unregistering): Released all slaves [ 1099.229603][ T4531] bond1 (unregistering): (slave bridge1): Releasing backup interface [ 1099.238120][ T4531] bridge1 (unregistering): left promiscuous mode [ 1099.278217][ T4531] bond2 (unregistering): (slave bridge2): Releasing backup interface [ 1099.289327][ T4531] bridge2 (unregistering): left promiscuous mode [ 1099.330352][ T4531] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1099.341556][ T4531] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1099.353190][ T4531] bond0 (unregistering): Released all slaves [ 1099.367438][ T4531] bond1 (unregistering): Released all slaves [ 1099.379893][ T4531] bond2 (unregistering): Released all slaves [ 1099.547470][ T4531] tipc: Disabling bearer [ 1099.564253][ T4531] tipc: Left network mode [ 1099.571911][ T4531] tipc: Disabling bearer [ 1099.579029][ T4531] tipc: Left network mode [ 1100.094135][ T4531] hsr_slave_0: left promiscuous mode [ 1100.102441][ T4531] hsr_slave_1: left promiscuous mode [ 1100.109051][ T4531] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1100.119849][ T4531] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1100.128653][ T4531] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1100.137846][ T4531] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1100.151032][ T4531] hsr_slave_0: left promiscuous mode [ 1100.162215][ T4531] hsr_slave_1: left promiscuous mode [ 1100.175250][ T4531] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1100.183339][ T4531] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1100.193999][ T4531] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1100.213715][ T4531] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1100.240257][ T4531] hsr_slave_0: left promiscuous mode [ 1100.256043][ T4531] hsr_slave_1: left promiscuous mode [ 1100.263898][ T4531] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1100.284072][ T4531] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1100.293882][ T4531] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1100.303877][ T4531] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1100.333933][ T4531] veth1_macvtap: left promiscuous mode [ 1100.352860][ T4531] veth0_macvtap: left promiscuous mode [ 1100.361617][ T4531] veth1_vlan: left promiscuous mode [ 1100.375917][ T4531] veth0_vlan: left promiscuous mode [ 1100.383146][ T4531] veth1_macvtap: left promiscuous mode [ 1100.394408][ T4531] veth0_macvtap: left promiscuous mode [ 1100.401807][ T4531] veth1_vlan: left promiscuous mode [ 1100.407915][ T4531] veth0_vlan: left promiscuous mode [ 1100.414360][ T4531] veth1_macvtap: left promiscuous mode [ 1100.420922][ T4531] veth0_macvtap: left promiscuous mode [ 1100.429307][ T4531] veth1_vlan: left promiscuous mode [ 1100.437122][ T4531] veth0_vlan: left promiscuous mode [ 1100.702287][ T4531] team0 (unregistering): Port device team_slave_1 removed [ 1100.739286][ T4531] team0 (unregistering): Port device team_slave_0 removed [ 1101.013274][ T4531] team0 (unregistering): Port device team_slave_1 removed [ 1101.032043][ T4531] team0 (unregistering): Port device team_slave_0 removed