last executing test programs: 18.028579701s ago: executing program 1 (id=5747): ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000280)={'vcan0\x00'}) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) syz_open_dev$vbi(0x0, 0x0, 0x2) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) ustat(0xbe, &(0x7f0000000000)) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000240), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)={0xb0, r3, 0x705, 0x70bd2b, 0x25dfdbff, {}, [@ETHTOOL_A_STRSET_STRINGSETS={0x80, 0x2, 0x0, 0x1, [{0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}]}, {0x3c, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x4}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x6}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x5}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x8}, @ETHTOOL_A_STRINGSET_ID={0x8}]}, {0x24, 0x1, 0x0, 0x1, [@ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x3}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x1}, @ETHTOOL_A_STRINGSET_ID={0x8, 0x1, 0x2}]}]}, @ETHTOOL_A_STRSET_COUNTS_ONLY={0x4}, @ETHTOOL_A_STRSET_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x16, 'lo\x00'}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x80}, 0x0) add_key$fscrypt_v1(0x0, &(0x7f0000003280)={'fscrypt:', @desc4}, 0x0, 0x0, 0xfffffffffffffffb) r4 = syz_io_uring_setup(0x49a, &(0x7f0000000400)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)) unshare(0x28040600) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) io_uring_enter(r4, 0x627, 0xc1040000, 0x43, 0x0, 0x0) 16.704664343s ago: executing program 1 (id=5754): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$wireguard(&(0x7f0000000840), r0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000080)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000880)=ANY=[@ANYBLOB="2c020000", @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d7843e40108804400208024000180ff0000000100000000000000fdffff01000000000000000000000000000000001400040003000000ac1414bb00000000000000000600050000000000000100802400020073e591ec06154031d3954ac0e16752e72640f08b5281a8461d17d26d12f2bbb6060005000021000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39228c00098028000080060001000a0000001400020020010000000000000000000002000001050003000000000088000080060001000a000000140002002001000000f800000000000000000002050003000000001003800080060001008c0e000008000200ac1414aa05000300000000001c000080060001000200000008000200ac1414bb0500030000000000200004000e00000000000000fe800000000000000000000000000000000000009c0000802400020073961633df6dc9cb418b15afd0bae7b90f1e6cfed8bb423cf9285c474163154908000a00010000002400010000000000000000000000000000000000000000000000000000000000000000004800098028000080060001000a00000014000200fe8000000000000000000000000000bb05000300000000001c000080060001000200000008000200000000000500030000000000080005000100000008000100", @ANYRES32=r1], 0x22c}}, 0x0) 16.540256456s ago: executing program 1 (id=5757): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) r1 = syz_usb_connect(0x3, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b362f"], 0x0) (async) close(0x3) syz_open_dev$midi(&(0x7f0000000000), 0x3, 0x88c02) (async) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './cgroup\x00'}, 0x6e) (async) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) r4 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$VIDIOC_G_SELECTION(r4, 0xc040565e, &(0x7f00000000c0)={0x5, 0x0, 0x0, {0xffff, 0x3, 0xb0c, 0x8}}) (async) sendmsg(r2, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) (async) ioctl$EXT4_IOC_GET_ES_CACHE(0xffffffffffffffff, 0x40086602, 0x0) (async) r5 = socket(0x400000000010, 0x3, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000200)={0x0, r5}, 0x8) bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0x2a, &(0x7f0000000280)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0x14, 0xe, 0x0, &(0x7f0000000280)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r6 = socket$inet_sctp(0x2, 0x5, 0x84) shutdown(r6, 0x0) (async) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r6, 0x84, 0x6f, &(0x7f0000000100)={0x0, 0x10, &(0x7f0000000300)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000080)=0x10) prlimit64(0x0, 0x7, 0x0, 0x0) (async) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(r6, 0x84, 0x66, &(0x7f0000000000)={r7, 0x7}, &(0x7f0000000040)=0x8) (async) syz_usb_disconnect(r1) (async) write$dsp(r0, 0x0, 0x0) 16.305512908s ago: executing program 1 (id=5760): r0 = openat$uinput(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$UI_SET_LEDBIT(r0, 0x40045569, 0x7) creat(0x0, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000000740)=ANY=[@ANYBLOB, @ANYRESDEC=0x0]) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000400)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CONTROL_PORT_FRAME(r1, &(0x7f0000003700)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010000000000000000008100000008000300", @ANYRES32=r3, @ANYBLOB="0a000600080211000701000006006600c78800001a003300983d0500505050505050ffffffffffff5050505050"], 0x50}}, 0x0) 16.081531201s ago: executing program 1 (id=5764): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, 0x0, 0x0) sched_setattr(0x0, 0x0, 0x0) r3 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r3, &(0x7f0000000500)={0xa, 0xffff, 0x0, @mcast1, 0x9}, 0x1c) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x80}, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000200), 0x4) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[], 0x98}, 0x1, 0x0, 0x0, 0x20040800}, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000008c0)={0x50, 0x0, 0x1, 0x3, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}]}, 0x50}}, 0x0) pipe2(&(0x7f0000000000), 0x4000) r4 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000840), r0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000080)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000880)=ANY=[@ANYBLOB="2c020000", @ANYRES16=r4, @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d7843e40108804400208024000100ffffff810100000000000000fdffff01000000000000000000000000000000001400040003000000ac1414bb00000000000000000600050000000000000100802400020073e591ec06154031d3954ac0e16752e72640f08b5281a8461d17d26d12f2bbb6060005000021000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39228c00098028000080060001000a0000001400020020010000000000000000000002000001050003000000000088000080060001000a000000140002002001000000f800000000000000000002050003000000001003800080060001008c0e000008000200ac1414aa05000300000000001c000080060001000200000008000200ac1414bb0500030000000000200004000e00000000000000fe800000000000000000000000000000000000009c0000802400020073961633df6dc9cb418b15afd0bae7b90f1e6cfed8bb423cf9285c474163154908000a00010000002400010000000000000000000000000000000000000000000000000000000000000000004800098028000080060001000a00000014000200fe8000000000000000000000000000bb05000300000000001c000080060001000200000008000200000000000500030000000000080005000100000008000100", @ANYRES32=r5], 0x22c}}, 0x0) 11.975599343s ago: executing program 3 (id=5785): connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) (async) r0 = socket$nl_audit(0x10, 0x3, 0x9) setsockopt$netlink_NETLINK_ADD_MEMBERSHIP(r0, 0x10e, 0x1, 0x0, 0x0) bind$netlink(r0, &(0x7f0000000240), 0xc) r1 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r1, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) (async) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) syz_clone(0x4000, 0x0, 0x0, 0x0, 0x0, 0x0) (async) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000000c0), 0xc0000, 0x0) (async) bpf$MAP_CREATE(0x0, &(0x7f0000000580)=@base={0x3, 0x4, 0x4, 0x20002, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) (async) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, &(0x7f0000000000)=""/188) 11.513041447s ago: executing program 3 (id=5787): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a00030100000009040000000101"], 0x0) syz_usb_control_io$uac1(r0, &(0x7f0000001840)={0x14, 0x0, &(0x7f00000001c0)=ANY=[@ANYBLOB="00030200000002030169220af3c1d969ff9cd9728275da21a87e548cfabc179b63a795458305563d4e0b11f9aa43b5ff632b8f50455a1b4d9c9f16e3e61b0ac00dd93d0abcf91acf3b4e111b440b71d2c314e23cdd1e051377dd512d60b9627f191362fe05ac0ba9b337ce97cecb3f02"]}, 0x0) syz_usb_control_io(r0, &(0x7f00000000c0)={0x2c, 0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0003ed000000ed03", @ANYRESHEX=r0, @ANYRESOCT=r0], 0x0, 0x0, 0x0}, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb45, 0x100000000009, 0xa, 0x0, 0x3}, 0x0) openat$vga_arbiter(0xffffffffffffff9c, 0x0, 0x22000, 0x0) socket$unix(0x1, 0x1, 0x0) r3 = io_uring_setup(0x5bde, &(0x7f0000000380)={0x0, 0x5f41, 0x80}) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r4, &(0x7f0000000080)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r4, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r4, 0x6, 0x14, &(0x7f0000000000)=0x1, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r4, 0x6, 0x1d, &(0x7f0000000340), 0x14) write$binfmt_script(r4, &(0x7f00000000c0)={'#! ', './file0'}, 0xb) setsockopt$inet6_tcp_TLS_TX(r4, 0x11a, 0x2, &(0x7f0000000500)=@gcm_128={{0x303}, "668f4918bdecc7bf", "a590d6cbe29665fffe6115bb3dbf924c", "c8beb772", "c8f6140f4d4f5b4c"}, 0x28) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) socket(0x400000000010, 0x3, 0x0) r5 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = syz_kvm_setup_syzos_vm$x86(r6, &(0x7f0000c00000/0x400000)=nil) ioctl$KVM_CREATE_IRQCHIP(r6, 0xae60) syz_kvm_add_vcpu$x86(r7, &(0x7f0000000080)={0x0, 0x0}) 7.084010271s ago: executing program 3 (id=5805): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="020a0003070000000000000000de3f0005001a00ac1414bb000000000000000000000000ff0100000000000000000000000000010a00"], 0x38}}, 0x0) 6.983151317s ago: executing program 3 (id=5806): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000004980)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@local, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x14, 0x6c}, @in=@empty=0x14, {0x0, 0x800000000, 0x0, 0xfffffff7ffffffff, 0x0, 0x0, 0x1000000000000000}, {0x0, 0x4}, {0x0, 0x0, 0x900}, 0x80000000, 0x0, 0x2, 0x1, 0x6, 0x28}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x4004050}, 0x0) 6.813651544s ago: executing program 3 (id=5807): r0 = syz_usb_connect(0x3, 0x24, &(0x7f0000000380)=ANY=[], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000002c0)={0x84, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) socket$l2tp(0x2, 0x2, 0x73) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) syz_open_dev$sndpcmp(&(0x7f00000000c0), 0x8000000000000000, 0x36d41) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) sendmsg$L2TP_CMD_SESSION_DELETE(0xffffffffffffffff, 0x0, 0x20) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, 0x0, 0x800) syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) r3 = openat$yama_ptrace_scope(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) poll(&(0x7f0000000140)=[{r3, 0x41a0}], 0x1, 0x169bb831) r4 = socket$pppl2tp(0x18, 0x1, 0x1) io_uring_enter(0xffffffffffffffff, 0xc74, 0x5519, 0x21, &(0x7f0000000300)={[0x34a]}, 0x8) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$IP6T_SO_GET_REVISION_TARGET(r5, 0x29, 0x45, &(0x7f0000001cc0)={'IDLETIMER\x00'}, &(0x7f0000001d00)=0x1e) r6 = syz_open_dev$sndctrl(&(0x7f0000000440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r6, 0x40045532, &(0x7f0000000040)) openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000060201, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x18, 0xfa00, {0x0, 0x0, 0x0, 0x9}}, 0x20) ioctl$SNDRV_PCM_IOCTL_SW_PARAMS(0xffffffffffffffff, 0xc0884113, &(0x7f0000000240)={0x1, 0x0, 0x200, 0x10001, 0xffffffffffffffff, 0x8, 0x4, 0x200, 0x4, 0x2c, 0x7fffffff, 0x1}) ioctl$SNDRV_PCM_IOCTL_STATUS_EXT64(0xffffffffffffffff, 0xc0984124, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8ad0b19196c79eb5}) ioctl$SIOCSIFMTU(r4, 0x8922, &(0x7f0000000180)={'team0\x00', 0x44}) 5.792709361s ago: executing program 4 (id=5811): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000840), r0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000080)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000880)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d7843e40108804400208024000180ff0000000100000000000000fdffff01000000000000000000000000000000001400040003000000ac1414bb00000000000000000600050000000000000100802400020073e591ec06154031d3954ac0e16752e72640f08b5281a8461d17d26d12f2bbb6060005000021000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39228c00098028000080060001000a0000001400020020010000000000000000000002000001050003000000000088000080060001000a000000140002002001000000f800000000000000000002050003000000001003800080060001008c0e000008000200ac1414aa05000300000000001c000080060001000200000008000200ac1414bb0500030000000000200004000e00000000000000fe800000000000000000000000000000000000009c0000802400020073961633df6dc9cb418b15afd0bae7b90f1e6cfed8bb423cf9285c474163154908000a00010000002400010000000000000000000000000000000000000000000000000000000000000000004800098028000080060001000a00000014000200fe8000000000000000000000000000bb05000300000000001c000080060001000200000008000200000000000500030000000000080005000100000008000100", @ANYRES32=r2], 0x22c}}, 0x0) 5.71329824s ago: executing program 4 (id=5812): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$MAP_CREATE(0x0, 0x0, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xf, &(0x7f0000006ffc)=0x4000000000000200, 0xe50fb6c50bc849c9) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$kcm(0x10, 0x2, 0x4) sendmsg$kcm(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000280)="89000000120081ae08060cdc030000017f03e3f7000000006ee2ffca1b1f0000000504c00e72f750375ed08a56331dbf9ed7815e381ad6e747033a0093b837dc6cc01e32efaec8c7a6ec00123d0001000d080c00bdad01409bbc7a46e39a8285dcdf12176679df069163ce955fed0009d78f0a947ee2b49e33538afaeb2713f450ebd010a20ff27fff", 0x89}], 0x1}, 0x400dc) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000080)=ANY=[@ANYBLOB="010000000a0000000500000007"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000300), &(0x7f0000000100), 0x3f, r5}, 0x38) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r5, &(0x7f00000003c0)="19d39c73f3", &(0x7f0000000580)=""/194}, 0x20) bind$packet(r1, &(0x7f0000000000)={0x11, 0x0, r4, 0x1, 0x0, 0x6, @link_local}, 0x14) pipe(&(0x7f0000000040)) sendto$inet6(r1, &(0x7f0000000280)="02042c08ec074802010e0200c52cf7c20675e005b02f0800eb2b2ff0dac8897c6b112002faffffff3066090cb600c5471d130a66321a54e7df305f80a88161b6fd8f24286a57c3feffff", 0xfc13, 0x800, 0x0, 0x2f) recvmsg(r0, &(0x7f0000001700)={0x0, 0x0, 0x0}, 0x0) sendmsg$IPSET_CMD_LIST(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000001540)=ANY=[@ANYBLOB="1c0000000706010800000000000000000a0000040500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) 5.532488107s ago: executing program 4 (id=5814): mkdir(&(0x7f0000000040)='./file0\x00', 0x187) r0 = syz_usb_connect(0x5, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e20"], 0x0) r1 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x9) ioctl$DMA_HEAP_IOCTL_ALLOC(r1, 0xc0184800, &(0x7f0000000100)={0x4}) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f00000004c0)=ANY=[@ANYBLOB="00000100000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.96999773s ago: executing program 4 (id=5827): r0 = memfd_secret(0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0xa, 0x11, r0, 0x0) r1 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f0000000f40)={'filter\x00', 0x10, 0x4, 0x3f0, 0x110, 0x0, 0x0, 0x308, 0x308, 0x308, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@random="e5fce0c960bc", @private=0xa010102, @dev={0xac, 0x14, 0x14, 0x1e}, 0xf, 0xffffffff}}}, {{@uncond, 0xc0, 0xe8, 0x6000000}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x2}}}, {{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@remote, @broadcast, @loopback, 0x1, 0x1}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) 3.839315042s ago: executing program 4 (id=5828): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) pipe(&(0x7f00000007c0)={0xffffffffffffffff, 0xffffffffffffffff}) vmsplice(r1, &(0x7f00000000c0)=[{&(0x7f0000000180)="77690addcfbe1fbb66ec", 0xff3b}], 0x1, 0x1) close(r1) r2 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r2, 0x6, 0x80000000000002, &(0x7f0000000800)=0x16c, 0x4) socketpair$unix(0x1, 0x2, 0x0, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, 0x0, 0x0) connect$inet6(r3, &(0x7f0000000080), 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4) recvfrom$inet6(r3, 0x0, 0x1000000, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x24, 0x0, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r2, 0x6, 0xe, &(0x7f0000000480)={@in={{0x2, 0x0, @loopback}}, 0x0, 0x20000000005, 0x21}, 0xd8) bind$inet(r2, &(0x7f0000deb000)={0x2, 0x4e23, @multicast2}, 0x10) sendto$inet(r2, 0x0, 0x0, 0x240087f9, &(0x7f0000000100)={0x2, 0x4e23, @loopback}, 0x10) splice(r0, 0x0, r1, 0x0, 0xfffd, 0xd007) 3.765020821s ago: executing program 3 (id=5829): r0 = syz_open_dev$sndpcmp(&(0x7f0000000000), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_UNLINK(r0, 0x80044100, 0x3) r1 = syz_usb_connect(0x2, 0x24, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x73, 0x86, 0x40, 0x20, 0xc72, 0x14, 0x39ac, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0xa, [{{0x9, 0x4, 0x1d, 0xf3, 0x0, 0x71, 0x6c, 0x75}}]}}]}}, 0x0) r2 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_msfilter(r2, 0x0, 0x29, 0x0, 0x20a00) syz_usb_control_io(r1, 0x0, &(0x7f0000000600)={0x84, &(0x7f0000000080)=ANY=[@ANYBLOB="40121400000058cb8bb4819e115141e0cc1977eb513fa33bd16100960b33ee58af6d90614f116356266b51ac0a6e81fce4acc7ce2e26f860918e70593e6b1aa3dd884fc233c0c5a2db1f99711221c912e89bc64d895fc12f1a5f2ef9db47f9719159713a27bd4d17c6bbaeda6b85f61dfb78bc21f5b11f0d00db62137e68ec3b0801d7bce2cb772ee5852412dddeaf697da5341b33348e2f51bc00000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.095624314s ago: executing program 4 (id=5833): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000200)=ANY=[@ANYBLOB="2800000068000100030010000000008000000000000000000400020004000b000600030000a5"], 0x28}, 0x1, 0x0, 0x0, 0x4008000}, 0x4000) socket$inet6_udplite(0xa, 0x2, 0x88) socket(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r2 = syz_open_dev$sndctrl(&(0x7f0000000200), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_INFO(r2, 0xc1205531, &(0x7f0000000540)={0x1, 0x9, 0x0, 0x5, '\x00', '\x00', '\x00', 0x0, 0x0, 0x0, 0x0, "b6855a32474ffa64f778ddcf29c94337"}) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000cc0)=@newqdisc={0x60, 0x24, 0x200, 0x0, 0x3, {0x0, 0x0, 0x0, r4, {0x0, 0x4}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_BURST={0x8, 0x6, 0x2}, @TCA_TBF_PARMS={0x28, 0x1, {{0x0, 0x2, 0x0, 0x0, 0xfffc}, {0x2, 0x0, 0x5, 0x0, 0xffff, 0x40}, 0x2}}]}}]}, 0x60}}, 0x10) r5 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000034709d000000000904000000f2a7cc000a47f14882d8caf185c4fb6f3993f5ffc1481873e3aee2b98b79127de4c242756d90239f817d1c1e0c368267b393ddf66c38605a9dc0f799605bd336da9d18381a8184d23482e805213b232e44549216257e8208b76dd33af831b153fb34d19ed3bd3c65742525d5c005608c97b3712d778dd7dec3142ae50cd4fbfe3bf437dc92e5d6c7a600930bd25a677190de19e5458966600b400d5b2c0434ff02f36ab166933656a2ea32b6e67b1d491331c37ee60bcadaa3a356e2137841ee10a81f685cf023ac2523e173c679ab6b90f2ae8e6fe4fb62a242db1038c8944fcacd603000"/260], 0x0) syz_usb_connect$hid(0x3, 0x3f, &(0x7f0000000100)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x40, 0x11c2, 0x2208, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d, 0x1, 0x1, 0x1, 0xa0, 0x7b, [{{0x9, 0x4, 0x0, 0x9, 0x2, 0x3, 0x1, 0x2, 0x1, {0x9, 0x21, 0x6, 0x50, 0x1, {0x22, 0x7e6}}, {{{0x9, 0x5, 0x81, 0x3, 0x40, 0x8, 0x4, 0xe4}}, [{{0x9, 0x5, 0x2, 0x3, 0x20, 0x2, 0x0, 0x9}}]}}}]}}]}}, &(0x7f0000000240)={0xa, &(0x7f0000000140)={0xa, 0x6, 0x2db098a4f7d69b45, 0x40, 0x5, 0x4, 0x20, 0x1}, 0x3d, &(0x7f0000000180)={0x5, 0xf, 0x3d, 0x2, [@ssp_cap={0x24, 0x10, 0xa, 0xf3, 0x6, 0x1, 0xff00, 0x1, [0x0, 0x0, 0x0, 0xffc0c0, 0x0, 0xa0]}, @ss_container_id={0x14, 0x10, 0x4, 0x2, "1b5e4788310e1fae17ec2889ec4537d1"}]}, 0x2, [{0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0xf4ff}}, {0x0, 0x0}]}) syz_usb_control_io$hid(r5, 0x0, &(0x7f0000000dc0)={0x2c, &(0x7f0000000600)={0x40, 0x16, 0x7a, "afb3e98c33e512970e3268dcb7fd3039495278252054ac75859d2c4d95657f0fdb0f1f3f4daf7589e09052a2823b2c7ecabf12ee0cf2452a072d19e2c7b1f6f2216956cc1a6bec4142374e59fd3492260799333a320e19596d9e941ddd5cf00ccc3239cbbb3566b8783305392cab111116e142fd0b559bbd7cae"}, 0x0, 0x0, 0x0, 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000740)={0x18, 0x3c, 0x107, 0xfffffffc, 0x0, {0x2, 0x7c}, [@nested={0x4, 0x48}]}, 0x18}, 0x1, 0x0, 0x0, 0x88c4}, 0x0) syz_usb_control_io$cdc_ecm(r5, 0x0, &(0x7f0000000340)={0x1c, &(0x7f0000000280)={0x40, 0x3}, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(0xffffffffffffffff, 0x3b88, &(0x7f0000000300)={0xc}) ioctl$IOMMU_VFIO_SET_IOMMU(0xffffffffffffffff, 0x3b66, 0x1) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(0xffffffffffffffff, 0x3b72, &(0x7f0000000440)=ANY=[@ANYBLOB="1800"]) syz_usb_connect$cdc_ecm(0x2, 0x17c, &(0x7f0000000e00)={{0x12, 0x1, 0x300, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x16a, 0x1, 0x1, 0x0, 0x10, 0x9, [{{0x9, 0x4, 0x0, 0x9f, 0x3, 0x2, 0x6, 0x0, 0x5, {{0x7, 0x24, 0x6, 0x0, 0x0, "6ec0"}, {0x5, 0x24, 0x0, 0x9}, {0xd, 0x24, 0xf, 0x1, 0x6, 0x8, 0x7f}, [@mdlm_detail={0xf6, 0x24, 0x13, 0x4, "c0e365bd3b71f3694e80ea260654181a41590ca3a9e658a5f31fdb288eec20dc178619943da408bd24798b434f37331115ccf755b01b82f52a73f2f2e6f9c47c5e046aec0642ed577eaf90fe8f000764e722dcabfd249a92e6cebba9104c37fb19cb49ad04d9daec0d44e8a76df8b3332ebbec851898e541b60013c511396c9075b278192663c7ff77558e8b02be4db92013d59b96e58146e2105db261e54c663b85420314c87e446a31f4f795eabfce297d58c6e970bb7c2bc55503341d91ddf9fb7677edbc3c115f31e82958db95eb47d2e65355ab4a40f099ecadb366e6fbb618785ff01da0bc6ef65c7f8327aa2fe9b0"}, @mdlm={0x15}, @mbim={0xc, 0x24, 0x1b, 0xd, 0xff, 0x3f, 0x5, 0x0, 0x8}, @call_mgmt={0x5, 0x24, 0x1, 0x0, 0x40}, @mbim_extended={0x8, 0x24, 0x1c, 0x3, 0x1, 0x3}]}, {[{{0x9, 0x5, 0x81, 0x3, 0x0, 0x2, 0x34, 0x1}}], {{0x9, 0x5, 0x82, 0x2, 0x400, 0x5, 0x6c, 0x10}}, {{0x9, 0x5, 0x3, 0x2, 0x3ff, 0x0, 0x1, 0x44}}}}}]}}]}}, &(0x7f00000008c0)={0xa, &(0x7f0000000740)={0xa, 0x6, 0x310, 0x7, 0x2e, 0xed, 0x10}, 0x5, &(0x7f0000000780)={0x5, 0xf, 0x5}, 0x2, [{0x53, &(0x7f00000007c0)=@string={0x53, 0x3, "fcac3c94f78799e974357339ed70059d729f1aaeed6e8ad2eb505fead82f4cb06a9ef5e0d8a14fb5961853ba51ed11544eb749540a238f7cea64cea5fc9d9b4761507045424b8fecf7d149e8b095b60f53"}}, {0x1e, &(0x7f0000000880)=@string={0x1e, 0x3, "8c531a61026fb1bb5f6a51192995cd79450fed20faf5e9d62bef1c24"}}]}) syz_usb_control_io$uac1(r5, 0x0, &(0x7f0000000000)={0x44, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r5, 0x0, &(0x7f00000003c0)={0x34, &(0x7f0000001800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000900)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x48}}]}}, 0x0) syz_usb_control_io$printer(r5, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r5, 0x0, &(0x7f0000000b40)={0x34, &(0x7f0000000840)={0x20, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.934375523s ago: executing program 0 (id=5834): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xfd}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x58}}, 0x8000) 2.861748987s ago: executing program 1 (id=5771): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000200)={0x0, 0x22, 0xf, {[@global=@item_012={0x0, 0x1, 0x5}, @local=@item_4={0x3, 0x2, 0x0, "45501821"}, @global=@item_012={0x1, 0x1, 0x9, "f5"}, @global=@item_012={0x1, 0x1, 0x7, "84"}, @main=@item_4={0x3, 0x0, 0xb, "9e3ce079"}]}}, 0x0}, 0x0) r1 = syz_open_dev$hiddev(&(0x7f0000000540), 0x0, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) r2 = openat$drirender128(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) r3 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000140), 0x60e02, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r3, 0xc004500a, &(0x7f0000000000)=0xffff0018) syz_io_uring_setup(0x22f, &(0x7f0000000080)={0x0, 0x96fe, 0x10000, 0x0, 0x100002cc}, &(0x7f0000000040)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r4, r5, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xffffffffffffff31}) ioctl$DRM_IOCTL_VERSION(r2, 0xc0406400, &(0x7f0000000080)={0x8, 0x7fff, 0x10, 0x0, 0x0, 0x1000, &(0x7f0000002240)=""/4096, 0x0, 0x0}) ioctl$HIDIOCGREPORT(r1, 0x400c4807, &(0x7f0000000040)={0x3, 0x100, 0x7}) ioctl$HIDIOCGSTRING(r1, 0x81044804, 0x0) 2.759169602s ago: executing program 0 (id=5836): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r1 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f0000001ac0)={r0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x1c, "ff9f020bbe82b398b1c4369d03740250ceaac594b1b3d741dd17c1ac0d38ef2a565ef1e8336300", "a9103939c787a16c1ca43f80026d1f3c4da06963dd89d130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b7e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0xfffffffffffffffe]}}) ioctl$LOOP_SET_STATUS64(r1, 0x4c04, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0xffffefffffffffff, 0x0, 0xa, 0x15, 0x0, "89753015418ab0df6afb245518580ce0c8bf604cca41f31c108938fcfa393ef569e0bcf244bb4b23555b13ecab66c7d257a037d0f08e8ad896ba67a07696defa", "8b609009aaa722687f3f2513d754f688a9e306ee1dba533f02e1b69da6e26ec889fee40080000027cc7d24fdc26f1a95d702020000e4b8fb1703e47463b969e4", "ca1bf5ffffffffffffff6570128218a0d22915ff6eddb1000080040000000002", [0xc]}) 2.694432701s ago: executing program 2 (id=5837): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) r5 = socket$packet(0x11, 0x3, 0x300) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)) sendmsg$nl_route(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001000250800170000000000000a000000", @ANYRES32=r6, @ANYBLOB="01"], 0x20}}, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000540)=ANY=[@ANYBLOB="500000001000110f000000000009000000000000", @ANYRES32=0x0, @ANYBLOB="040100000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=0x0, @ANYBLOB=' \x00\x00\x00 \x00\x00\x00\b\x00\n\x00', @ANYRES32=r8], 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 2.526186844s ago: executing program 0 (id=5838): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000780)=ANY=[@ANYBLOB="7c010000190001000000000003000000ac141425000000000000000000000000fe8000000000000000000000000000aa00000000fffd00060a00008000000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="02000000000000000000000000000001000000800000000000000000000000000000000000000000000000000000000000000000000000000300000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000c4000500fe880000000000000000000000000101000004d62b00000002"], 0x17c}}, 0x10) 2.498792686s ago: executing program 0 (id=5839): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="020a0003070000000000000000de3f0005001a00ac1414bb000000000000000000000000ff0100000000000000000000000000010a00"], 0x38}}, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_SETINTERFACE(r2, 0x80085504, &(0x7f0000000180)) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) ioctl$BTRFS_IOC_BALANCE_V2(r1, 0xc4009420, &(0x7f0000000380)={0x1c, 0x0, {0x92, @usage=0x1, 0x0, 0x81, 0xffffffffffffffff, 0x8, 0x7, 0x4, 0x24, @usage=0xff, 0x3, 0x6, [0x2, 0x200, 0x2, 0x9, 0xa]}, {0xd, @usage=0x4, 0x0, 0x5, 0x2, 0xa, 0x3, 0x8, 0x80, @usage=0xb9c, 0x2, 0x9, [0x8, 0x0, 0x8000000000000001, 0x7fffffffffffffff, 0x1, 0x8000]}, {0x5, @struct={0x3, 0x1}, 0x0, 0x7, 0xf, 0x0, 0xfffffffffffffffd, 0x800, 0x21, @struct={0x40, 0x7}, 0x7, 0xe138, [0x9fc, 0xe, 0x0, 0xe54, 0x64175eeb, 0x8]}, {0x5, 0x8, 0xffffffffffff0000}}) ioctl$BTRFS_IOC_SCRUB_PROGRESS(r1, 0xc400941d, &(0x7f0000000780)={r3, 0x9, 0x59}) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r4 = socket$kcm(0x21, 0x2, 0x2) sendmsg$inet(r4, &(0x7f0000002780)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="1400000000000000ed0000000d0000009404a3d5000000008475be9081a7aed6230602a932e2f18b6691fe56ec01b508740d8d35c91b6574713164db4fb887ddf29c06e68aba8f7cb1ef7d6adae506a8153a8b09af8ab20e0f592fed0cc3135eb9146be7ec33420e37df4296b7595a7c3fe7938343c1b162b78ebbc5b89da47c3530a3508b4896737bb435779ed6ad2d0f1674378ce2cdc5e81cc5e0da24359120a0e8737a2ca9917396692805c19ccfbfb4b17fa06de596cfac0de52f37025aaa1a1521ce06a526c1e8b170d906b0e3dd1bc72a02c765acca20b9ab559866dc504d24444452c6aa824cbb9839b9099da457b6df2899d1af6756764a2171f6a65ef476efdb107812c7be546eb5c0e394"], 0x18}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mknodat(0xffffffffffffff9c, 0x0, 0x81c0, 0x0) ioctl$VIDIOC_TRY_FMT(0xffffffffffffffff, 0xc0d05640, &(0x7f0000009d80)={0x2, @pix={0x5, 0x2, 0xa0363159, 0x7, 0x9, 0x8001, 0x3, 0x7f, 0x1, 0x4, 0x1, 0x3}}) sched_setattr(0x0, 0x0, 0x0) syz_usb_connect$hid(0x5, 0x36, 0x0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, 0x0, r1, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1ff, @void, @value}, 0x94) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) mkdir(&(0x7f0000000340)='./file0\x00', 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000380)=ANY=[@ANYBLOB='fd=', @ANYRESOCT, @ANYRESDEC]) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(0xffffffffffffffff, 0x0, 0x10000) mmap$IORING_OFF_SQ_RING(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x2000000, 0x1010, 0xffffffffffffffff, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000080), 0xf71, 0x424100) r5 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_ADD(r5, 0x0, 0x482, &(0x7f0000000040)={0x84, @initdev={0xac, 0x1e, 0x1, 0x0}, 0x4e23, 0x3, 'rr\x00', 0x1, 0x7, 0x28}, 0x2c) setsockopt$IP_VS_SO_SET_FLUSH(r5, 0x0, 0x485, 0x0, 0x0) 2.241881618s ago: executing program 2 (id=5840): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000044c0)={0x0}}, 0x8000) 2.021721893s ago: executing program 2 (id=5841): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x58, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0x5}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0xfd}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_TYPENAME={0xc, 0x3, 'hash:ip\x00'}]}, 0x58}}, 0x8000) (fail_nth: 3) 1.838711049s ago: executing program 2 (id=5843): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000840), r0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r0, 0x8933, &(0x7f0000000080)={'wg2\x00', 0x0}) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f0000000d40)={0x0, 0x0, &(0x7f0000000d00)={&(0x7f0000000880)=ANY=[@ANYBLOB="2c02", @ANYRES16=r1, @ANYBLOB="010000000000000000000100000024000300a05ca84f6c9c8e3853e2fd7a70ae0fb20fa152600cb00845174f08076f8d7843e40108804400208024000180ff0000000100000000000000fdffff01000000000000000000000000000000001400040003000000ac1414bb00000000000000000600050000000000000100802400020073e591ec06154031d3954ac0e16752e72640f08b5281a8461d17d26d12f2bbb6060005000021000024000100f44da367a88ee6564f020211456727082f5cebee8b1bf5eb7337341b459b39228c00098028000080060001000a0000001400020020010000000000000000000002000001050003000000000088000080060001000a000000140002002001000000f800000000000000000002050003000000001003800080060001008c0e000008000200ac1414aa05000300000000001c000080060001000200000008000200ac1414bb0500030000000000200004000e00000000000000fe800000000000000000000000000000000000009c0000802400020073961633df6dc9cb418b15afd0bae7b90f1e6cfed8bb423cf9285c474163154908000a00010000002400010000000000000000000000000000000000000000000000000000000000000000004800098028000080060001000a00000014000200fe8000000000000000000000000000bb05000300000000001c000080060001000200000008000200000000000500030000000000080005000100000008000100", @ANYRES32=r2], 0x22c}}, 0x0) 1.760825662s ago: executing program 0 (id=5844): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000004980)=@newsa={0x138, 0x10, 0x1, 0x0, 0x0, {{@in=@initdev={0xac, 0x1e, 0x1, 0x0}, @in6=@local, 0x0, 0x0, 0x2000, 0x0, 0x0, 0x0, 0x0, 0x5c, 0x0, 0xffffffffffffffff}, {@in6=@remote, 0x14, 0x6c}, @in=@empty=0x14, {0x0, 0x800000000, 0x0, 0xfffffff7ffffffff, 0x0, 0x0, 0x1000000000000000}, {0x0, 0x4}, {0x0, 0x0, 0x1900}, 0x80000000, 0x0, 0x2, 0x1, 0x6, 0x28}, [@algo_comp={0x48, 0x3, {{'deflate\x00'}}}]}, 0x138}, 0x1, 0x0, 0x0, 0x4004050}, 0x0) 1.705972305s ago: executing program 2 (id=5845): r0 = socket$inet_udp(0x2, 0x2, 0x0) syz_usb_connect$uac1(0x0, 0xb0, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000206b1d010140000102030109029e0003010230000904000000010100000a24010600310201020b2407030100077cf5354e08240504032920ec082405024045cf7b0a2407010400008c8e58090401000001020000090c0101010102000009050109ff030803dd072501020cf7ff090402000001020000090402010101020000072401800f04000b24020101040901ec27ab08240201070405070905820910"], 0x0) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r0, 0x89f0, &(0x7f0000000100)={'erspan0\x00', &(0x7f00000000c0)={'syztnl0\x00', 0x0, 0x8000, 0x1, 0xe38e, 0x10, {{0x6, 0x4, 0x0, 0x1, 0x18, 0x64, 0x0, 0x7, 0x29, 0x0, @multicast2, @broadcast, {[@noop]}}}}}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000000)={0x11, 0x2000000000000039, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xc, '\x00', r1, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xd, @void, @value}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) setsockopt$IP_VS_SO_SET_ADD(r0, 0x0, 0x482, &(0x7f0000000000)={0x6, @local, 0x0, 0x0, 'dh\x00', 0x10, 0x5, 0x2d}, 0x2c) 1.486198892s ago: executing program 0 (id=5846): r0 = openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000000), 0x80082, 0x0) write$vga_arbiter(r0, &(0x7f0000000040)=ANY=[@ANYBLOB='lock '], 0xc) r1 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000094ae94405f0520c4336a000000010902120001000000000904"], 0x0) syz_usb_control_io(r1, 0x0, 0x0) 0s ago: executing program 2 (id=5847): r0 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000040)="2e00000011007389040f80ec59acbc0413a1f8480f0000005e2900421803001825000a001400000002800600121f", 0x2e}], 0x1}, 0x9000000) kernel console output (not intermixed with test programs): lave_0: left allmulticast mode [ 1210.072023][T22056] team_slave_1: left allmulticast mode [ 1210.078668][T22056] bridge0: port 3(team0) entered disabled state [ 1210.156862][T22056] bridge_slave_1: left allmulticast mode [ 1210.165564][T22056] bridge_slave_1: left promiscuous mode [ 1210.174040][T22056] bridge0: port 2(bridge_slave_1) entered disabled state [ 1210.199497][T22056] bridge_slave_0: left promiscuous mode [ 1210.207851][T22056] bridge0: port 1(bridge_slave_0) entered disabled state [ 1211.091462][T15613] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 1211.240529][T15613] usb 5-1: Using ep0 maxpacket: 32 [ 1211.264317][T15613] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1211.276208][T15613] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1211.325102][T15613] usb 5-1: can't read configurations, error -71 [ 1211.507674][T22077] netlink: 'syz.1.5282': attribute type 29 has an invalid length. [ 1211.524114][T22077] netlink: 'syz.1.5282': attribute type 29 has an invalid length. [ 1211.538264][T22077] netlink: 492 bytes leftover after parsing attributes in process `syz.1.5282'. [ 1211.703222][ T30] audit: type=1326 audit(1748566140.209:1834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22082 comm="syz.1.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1211.733978][ T30] audit: type=1326 audit(1748566140.209:1835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22082 comm="syz.1.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1211.757624][ T30] audit: type=1326 audit(1748566140.229:1836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22082 comm="syz.1.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1211.863663][ T30] audit: type=1326 audit(1748566140.239:1837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22082 comm="syz.1.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1212.043091][ T30] audit: type=1326 audit(1748566140.239:1838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22082 comm="syz.1.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1212.124102][T22087] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5285'. [ 1212.183563][ T30] audit: type=1326 audit(1748566140.239:1839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22082 comm="syz.1.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1212.345264][ T30] audit: type=1326 audit(1748566140.239:1840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22082 comm="syz.1.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1212.487402][ T30] audit: type=1326 audit(1748566140.239:1841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22082 comm="syz.1.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1212.576504][ T30] audit: type=1326 audit(1748566140.239:1842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22082 comm="syz.1.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=433 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1212.612490][ T30] audit: type=1326 audit(1748566140.239:1843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22082 comm="syz.1.5284" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1213.237803][T22110] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5294'. [ 1213.260850][ T8677] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 1213.442201][ T8677] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1213.473073][ T8677] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1213.493308][ T8677] usb 2-1: New USB device found, idVendor=1038, idProduct=12b6, bcdDevice= 0.00 [ 1213.520807][T15613] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 1213.523111][ T8677] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1213.559000][ T8677] usb 2-1: config 0 descriptor?? [ 1213.702903][T15613] usb 4-1: config 0 has no interfaces? [ 1213.735265][T15613] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1213.757477][T15613] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1213.776691][T15613] usb 4-1: Product: syz [ 1213.787829][T15613] usb 4-1: Manufacturer: syz [ 1213.809929][T15613] usb 4-1: SerialNumber: syz [ 1213.897907][T15613] usb 4-1: config 0 descriptor?? [ 1214.189848][T15618] usb 4-1: USB disconnect, device number 68 [ 1214.278153][ T8677] steelseries 0003:1038:12B6.001E: hidraw0: USB HID v0.00 Device [HID 1038:12b6] on usb-dummy_hcd.1-1/input0 [ 1214.418560][T22136] netlink: 'syz.0.5301': attribute type 29 has an invalid length. [ 1214.448731][T22136] netlink: 'syz.0.5301': attribute type 29 has an invalid length. [ 1214.504367][T22137] netlink: 492 bytes leftover after parsing attributes in process `syz.0.5301'. [ 1215.280550][T15617] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 1215.440326][T15617] usb 4-1: Using ep0 maxpacket: 8 [ 1215.465204][T15617] usb 4-1: config 0 has an invalid interface number: 200 but max is 0 [ 1215.511552][T15617] usb 4-1: config 0 has no interface number 0 [ 1215.519518][T15617] usb 4-1: config 0 interface 200 has no altsetting 0 [ 1215.532821][T15617] usb 4-1: New USB device found, idVendor=0b57, idProduct=8528, bcdDevice=6d.39 [ 1215.542298][T15617] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1215.551793][T15617] usb 4-1: Product: syz [ 1215.556255][T15617] usb 4-1: Manufacturer: syz [ 1215.561697][T15617] usb 4-1: SerialNumber: syz [ 1215.573717][T15617] usb 4-1: config 0 descriptor?? [ 1215.809958][T15617] input: Hanwang Art Master III 0906 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.200/input/input76 [ 1215.852332][T15617] usb 4-1: USB disconnect, device number 69 [ 1216.151947][ T8677] steelseries 0003:1038:12B6.001E: hid_hw_raw_request() failed with -71 [ 1216.269960][ T8677] usb 2-1: USB disconnect, device number 93 [ 1216.363471][T22158] netlink: 44 bytes leftover after parsing attributes in process `syz.1.5308'. [ 1216.425356][T15613] usb 3-1: new full-speed USB device number 32 using dummy_hcd [ 1216.568927][T22160] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5306'. [ 1216.771848][T22160] netlink: 'syz.4.5306': attribute type 27 has an invalid length. [ 1216.864260][T15613] usb 3-1: config 150 has an invalid interface number: 204 but max is 1 [ 1216.880563][T15613] usb 3-1: config 150 has an invalid descriptor of length 0, skipping remainder of the config [ 1216.920125][T15613] usb 3-1: config 150 has 1 interface, different from the descriptor's value: 2 [ 1216.962349][T15613] usb 3-1: config 150 has no interface number 0 [ 1216.994728][T15613] usb 3-1: config 150 interface 204 has no altsetting 0 [ 1217.056876][T15613] usb 3-1: New USB device found, idVendor=04e2, idProduct=1424, bcdDevice=c7.eb [ 1217.067275][T15613] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1217.093368][T15613] usb 3-1: Product: syz [ 1217.120018][T15613] usb 3-1: Manufacturer: syz [ 1217.139962][T15613] usb 3-1: SerialNumber: syz [ 1217.224793][T22160] bridge0: port 2(bridge_slave_1) entered disabled state [ 1217.232632][T22160] bridge0: port 1(bridge_slave_0) entered disabled state [ 1217.449323][T22155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1217.528712][T22155] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1217.570482][T15607] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 1217.732481][T15607] usb 2-1: config 0 has no interfaces? [ 1217.743466][T22160] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1217.802701][T22160] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1217.871668][T15607] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1218.081385][T15607] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1218.092602][T15607] usb 2-1: Product: syz [ 1218.096903][T15607] usb 2-1: Manufacturer: syz [ 1218.102348][T15607] usb 2-1: SerialNumber: syz [ 1218.128894][T15607] usb 2-1: config 0 descriptor?? [ 1218.364688][T22160] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1218.412665][T22160] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1218.425123][T22160] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1218.436320][T22160] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1218.575723][T22160] netdevsim netdevsim4 netdevsim0: left promiscuous mode [ 1218.810673][T15611] usb 2-1: USB disconnect, device number 94 [ 1218.855026][T15613] usb 3-1: USB disconnect, device number 32 [ 1219.801800][T15611] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 1219.962705][T15611] usb 2-1: Using ep0 maxpacket: 16 [ 1220.004052][T15611] usb 2-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76 [ 1220.024449][T15611] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1220.050657][T15611] usb 2-1: Product: syz [ 1220.054924][T15611] usb 2-1: Manufacturer: syz [ 1220.059548][T15611] usb 2-1: SerialNumber: syz [ 1220.120685][T15611] usb 2-1: config 0 descriptor?? [ 1220.135173][T22195] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5321'. [ 1220.362002][T15611] usb_8dev 2-1:0.0 can0: sending command message failed [ 1220.362077][T15611] usb_8dev 2-1:0.0 can0: can't get firmware version [ 1220.524698][T22202] input: syz1 as /devices/virtual/input/input77 [ 1220.736244][T15611] usb_8dev 2-1:0.0: probe with driver usb_8dev failed with error -22 [ 1220.744712][T22204] tipc: Enabling of bearer rejected, failed to enable media [ 1220.810497][T15611] usb 2-1: USB disconnect, device number 95 [ 1221.360602][T22223] vlan0: entered promiscuous mode [ 1221.490795][T22225] netlink: 'syz.4.5334': attribute type 1 has an invalid length. [ 1221.590528][T22228] netlink: 'syz.0.5335': attribute type 29 has an invalid length. [ 1221.617320][T22233] netlink: 'syz.0.5335': attribute type 29 has an invalid length. [ 1221.644005][T22228] netlink: 492 bytes leftover after parsing attributes in process `syz.0.5335'. [ 1221.656008][T22231] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1221.726999][T22236] netlink: 14 bytes leftover after parsing attributes in process `syz.1.5337'. [ 1221.787407][T22225] veth3: entered promiscuous mode [ 1221.825321][T22225] bond1: (slave veth3): Enslaving as a backup interface with a down link [ 1221.964026][T15620] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1222.131276][T22243] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5339'. [ 1222.140669][T22243] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5339'. [ 1222.203141][T15620] usb 3-1: Using ep0 maxpacket: 8 [ 1222.212279][T15620] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 1222.231909][T15620] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1222.408168][T15620] usb 3-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76 [ 1222.451736][T15620] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1222.477132][T15620] usb 3-1: Product: syz [ 1222.488028][T15620] usb 3-1: Manufacturer: syz [ 1222.528634][T15620] usb 3-1: SerialNumber: syz [ 1222.530943][T15611] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 1222.611111][T15620] usb 3-1: config 0 descriptor?? [ 1222.653494][T15620] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 found [ 1222.833684][T15607] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 1222.868004][T15620] snd_usb_toneport 3-1:0.0: cannot get proper max packet size [ 1222.899275][T15620] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 now disconnected [ 1222.963357][T15620] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 1223.336822][T15607] usb 2-1: config 0 has no interfaces? [ 1223.385798][T15607] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1223.501498][T15607] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1223.509692][T15607] usb 2-1: Product: syz [ 1223.516183][T15611] usb 5-1: config 0 has no interfaces? [ 1223.543344][T15611] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1223.560311][T15607] usb 2-1: Manufacturer: syz [ 1223.583234][T15607] usb 2-1: SerialNumber: syz [ 1223.745913][T15611] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1223.756050][T15611] usb 5-1: Product: syz [ 1223.769161][T15607] usb 2-1: config 0 descriptor?? [ 1223.776116][T15611] usb 5-1: Manufacturer: syz [ 1223.786538][T15611] usb 5-1: SerialNumber: syz [ 1223.801205][T15611] usb 5-1: config 0 descriptor?? [ 1224.164136][T22257] geneve3: entered promiscuous mode [ 1224.192317][T22257] geneve3: entered allmulticast mode [ 1224.730551][T15613] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 1224.911990][T15613] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1224.929748][T15613] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1224.970568][T15613] usb 4-1: config 0 descriptor?? [ 1224.988811][T15613] cp210x 4-1:0.0: cp210x converter detected [ 1225.323364][T22265] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1225.387963][T22265] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1225.413264][T15620] usb 3-1: USB disconnect, device number 33 [ 1225.773523][T15620] usb 2-1: USB disconnect, device number 96 [ 1226.366023][T22290] netlink: 'syz.2.5355': attribute type 10 has an invalid length. [ 1226.377460][T22290] team0: left promiscuous mode [ 1226.382807][T15620] usb 5-1: USB disconnect, device number 80 [ 1226.384145][T22290] team_slave_0: left promiscuous mode [ 1226.396700][T22290] team_slave_1: left promiscuous mode [ 1226.849190][T22301] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1226.965582][T22301] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 1227.166818][T22297] delete_channel: no stack [ 1227.690393][T15620] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 1227.880362][T15620] usb 3-1: device descriptor read/64, error -71 [ 1228.120942][T15620] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 1228.370434][T15620] usb 3-1: device descriptor read/64, error -71 [ 1228.517082][T15620] usb usb3-port1: attempt power cycle [ 1228.880395][T15620] usb 3-1: new high-speed USB device number 36 using dummy_hcd [ 1228.952041][T15620] usb 3-1: device descriptor read/8, error -71 [ 1229.139169][T22323] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5362'. [ 1229.290487][T15620] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1229.431716][T15620] usb 3-1: device descriptor read/8, error -71 [ 1229.543455][T22264] delete_channel: no stack [ 1229.564702][T15620] usb usb3-port1: unable to enumerate USB device [ 1229.821248][T15613] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1229.853144][T15613] cp210x 4-1:0.0: querying part number failed [ 1229.888766][T15613] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1229.950296][T15620] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 1229.966979][T15613] usb 4-1: USB disconnect, device number 70 [ 1230.015871][T15613] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1230.054252][T15613] cp210x 4-1:0.0: device disconnected [ 1230.100508][T15620] usb 5-1: device descriptor read/64, error -71 [ 1230.152983][ T30] kauditd_printk_skb: 5 callbacks suppressed [ 1230.153008][ T30] audit: type=1800 audit(1748566158.659:1849): pid=22335 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.5365" name="/" dev="fuse" ino=1 res=0 errno=0 [ 1230.530382][T15620] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 1230.670394][T15620] usb 5-1: device descriptor read/64, error -71 [ 1230.793686][T15620] usb usb5-port1: attempt power cycle [ 1230.820411][ T8677] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 1230.974532][ T8677] usb 4-1: Using ep0 maxpacket: 16 [ 1230.985167][ T8677] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1231.014811][ T8677] usb 4-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 1231.038658][ T8677] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1231.072605][ T8677] usb 4-1: config 0 descriptor?? [ 1231.162925][T15620] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 1231.201152][T15620] usb 5-1: device descriptor read/8, error -71 [ 1231.286094][T22339] 8021q: VLANs not supported on vxcan0 [ 1231.311465][ T8677] usb 4-1: USB disconnect, device number 71 [ 1231.495082][T15620] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 1231.551436][T15620] usb 5-1: device descriptor read/8, error -71 [ 1231.720656][T15620] usb usb5-port1: unable to enumerate USB device [ 1232.790517][T15613] usb 3-1: new full-speed USB device number 38 using dummy_hcd [ 1232.910344][T15620] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 1232.968848][ T8677] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 1233.072151][T15613] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1233.083900][T15613] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0x94, changing to 0x84 [ 1233.148854][T15613] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid maxpacket 25647, setting to 64 [ 1233.170293][T15613] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 1233.190493][ T8677] usb 2-1: Using ep0 maxpacket: 32 [ 1233.192654][T15613] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 1233.210119][T15613] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1233.223734][T15613] usb 3-1: Product: syz [ 1233.228022][T15613] usb 3-1: Manufacturer: syz [ 1233.234009][T15613] usb 3-1: SerialNumber: syz [ 1233.245911][T15613] usb 3-1: config 0 descriptor?? [ 1233.253034][T22364] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1233.267886][ T8677] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1233.280359][T15620] usb 5-1: Using ep0 maxpacket: 16 [ 1233.286607][T15613] input: KB Gear Tablet as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input78 [ 1233.357038][ T8677] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 1233.443850][ T8677] usb 2-1: can't read configurations, error -71 [ 1233.653069][T22370] netlink: 216 bytes leftover after parsing attributes in process `syz.4.5374'. [ 1233.669868][ C0] kbtab 3-1:0.0: kbtab_irq - usb_submit_urb failed with result -1 [ 1233.711242][T22370] xt_ecn: cannot match TCP bits for non-tcp packets [ 1233.734948][T22377] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5377'. [ 1234.120801][T22384] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5381'. [ 1235.523000][T15613] usb 3-1: USB disconnect, device number 38 [ 1235.680961][T22396] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5382'. [ 1235.701074][T22396] netlink: 'syz.1.5382': attribute type 5 has an invalid length. [ 1235.709080][T22396] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5382'. [ 1236.175724][T15620] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1236.217824][T15620] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1236.257654][T15620] usb 5-1: can't read configurations, error -71 [ 1236.570472][T22410] x_tables: duplicate underflow at hook 2 [ 1236.571311][T22409] loop6: detected capacity change from 0 to 524288000 [ 1237.059305][T22418] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5392'. [ 1237.500491][T15613] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 1237.681663][T15613] usb 3-1: config 1 has an invalid interface number: 4 but max is 0 [ 1237.721691][T15613] usb 3-1: config 1 has no interface number 0 [ 1237.732736][T15613] usb 3-1: config 1 interface 4 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1237.746355][T15613] usb 3-1: config 1 interface 4 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1237.759785][T15613] usb 3-1: config 1 interface 4 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1237.780654][T15613] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1237.791289][T15613] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1237.799418][T15613] usb 3-1: Product: syz [ 1237.803867][T15613] usb 3-1: Manufacturer: syz [ 1237.808534][T15613] usb 3-1: SerialNumber: syz [ 1237.828635][T22438] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1238.053398][T15613] usblp 3-1:1.4: usblp0: USB Unidirectional printer dev 39 if 4 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1238.284000][T22447] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5403'. [ 1238.379821][T22425] usblp0:failed reading printer status (-71) [ 1238.380343][ T8677] usb 3-1: USB disconnect, device number 39 [ 1238.502595][ T8677] usblp0: removed [ 1238.618282][T22454] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5404'. [ 1238.864277][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1238.872306][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1239.540794][T15611] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 1239.643104][T15613] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 1239.717351][T22476] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5412'. [ 1239.730664][T22476] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5412'. [ 1239.731346][T15611] usb 3-1: Using ep0 maxpacket: 16 [ 1239.772900][T15611] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1239.802010][T15611] usb 3-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 1239.815876][T15613] usb 4-1: config 0 has no interfaces? [ 1239.873004][T15611] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1239.898594][T15611] usb 3-1: config 0 descriptor?? [ 1239.965333][T15613] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1239.993377][T15613] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1240.045913][T15613] usb 4-1: Product: syz [ 1240.119941][T15613] usb 4-1: Manufacturer: syz [ 1240.127489][T15613] usb 4-1: SerialNumber: syz [ 1240.140921][T15613] usb 4-1: config 0 descriptor?? [ 1240.169461][T22467] 8021q: VLANs not supported on vxcan1 [ 1240.187929][T15607] usb 3-1: USB disconnect, device number 40 [ 1240.433531][T22470] netlink: 'syz.3.5409': attribute type 4 has an invalid length. [ 1240.643778][T15613] usb 4-1: USB disconnect, device number 72 [ 1240.790333][T15607] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 1240.960891][T15607] usb 5-1: config 0 has no interfaces? [ 1240.968136][T22491] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1240.987513][T15607] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1241.017398][T15607] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1241.048957][T15607] usb 5-1: Product: syz [ 1241.071916][T15607] usb 5-1: Manufacturer: syz [ 1241.080051][T22496] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1241.099734][T15607] usb 5-1: SerialNumber: syz [ 1241.137259][T15607] usb 5-1: config 0 descriptor?? [ 1241.861725][T22508] netlink: 'syz.0.5420': attribute type 10 has an invalid length. [ 1242.058308][T22488] block device autoloading is deprecated and will be removed. [ 1242.098044][T22488] syz.1.5415: attempt to access beyond end of device [ 1242.098044][T22488] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1242.525918][T22516] x_tables: duplicate underflow at hook 2 [ 1242.761313][T22524] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5428'. [ 1243.051716][T22533] netlink: 596 bytes leftover after parsing attributes in process `syz.1.5430'. [ 1243.076680][T22531] netlink: 'syz.1.5430': attribute type 29 has an invalid length. [ 1243.126311][T22532] netlink: 'syz.1.5430': attribute type 29 has an invalid length. [ 1243.325208][T15607] usb 5-1: USB disconnect, device number 87 [ 1244.418859][T15621] usb 3-1: new full-speed USB device number 41 using dummy_hcd [ 1244.509499][T22563] netlink: 'syz.4.5437': attribute type 1 has an invalid length. [ 1244.517937][T22563] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1244.642114][T15621] usb 3-1: config 0 has an invalid interface number: 140 but max is 0 [ 1244.650984][T15621] usb 3-1: config 0 has no interface number 0 [ 1244.671801][T15621] usb 3-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice=71.01 [ 1244.687935][T15621] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1244.696636][T15621] usb 3-1: Product: syz [ 1244.701239][T15621] usb 3-1: Manufacturer: syz [ 1244.705915][T15621] usb 3-1: SerialNumber: syz [ 1244.722712][T15621] usb 3-1: config 0 descriptor?? [ 1244.842497][T15607] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 1244.943601][T15621] as10x_usb: device has been detected [ 1244.978204][T15621] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 1245.009730][T15621] usb 3-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 1245.039812][T15607] usb 4-1: Using ep0 maxpacket: 8 [ 1245.052102][T15607] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1245.080556][T15607] usb 4-1: New USB device found, idVendor=05ac, idProduct=0246, bcdDevice= 0.00 [ 1245.100636][T15607] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1245.138348][T15607] usb 4-1: config 0 descriptor?? [ 1245.181394][T15607] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input79 [ 1245.187556][T15621] as10x_usb: error during firmware upload part1 [ 1245.232702][T15621] Registered device Elgato EyeTV DTT Deluxe [ 1245.241801][T15621] usb 3-1: USB disconnect, device number 41 [ 1245.375173][T22577] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1245.411482][T22577] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1245.429613][T15621] Unregistered device Elgato EyeTV DTT Deluxe [ 1245.434322][T15621] as10x_usb: device has been disconnected [ 1245.750651][T22581] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1245.808347][T22581] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1246.048691][ T5185] bcm5974 4-1:0.0: could not read from device [ 1246.088808][T15607] usb 4-1: USB disconnect, device number 73 [ 1246.101548][T15613] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 1246.109634][ T5185] bcm5974 4-1:0.0: could not read from device [ 1246.125215][ T5185] bcm5974 4-1:0.0: could not read from device [ 1246.239439][T13048] udevd[13048]: Error opening device "/dev/input/event4": No such file or directory [ 1246.271355][T15613] usb 3-1: Using ep0 maxpacket: 8 [ 1246.283039][T15613] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1246.320923][T15613] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1246.347849][T13048] udevd[13048]: Unable to EVIOCGABS device "/dev/input/event4" [ 1246.397347][T15613] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1246.423494][T13048] udevd[13048]: Unable to EVIOCGABS device "/dev/input/event4" [ 1246.448103][T13048] udevd[13048]: Unable to EVIOCGABS device "/dev/input/event4" [ 1246.476324][T13048] udevd[13048]: Unable to EVIOCGABS device "/dev/input/event4" [ 1246.519023][T15613] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1246.555712][T15613] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1246.598078][T15613] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1246.613268][T15613] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1246.689580][T15613] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1246.730549][T22593] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5451'. [ 1246.750491][T15613] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1246.781360][T22593] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5451'. [ 1246.840524][T15613] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1246.863723][T15613] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 1246.863783][T15613] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 1246.863812][T15613] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1246.863837][T15613] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1246.863863][T15613] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1246.871381][T15613] usb 3-1: string descriptor 0 read error: -22 [ 1246.871516][T15613] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1246.871541][T15613] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1246.877907][T15613] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 1246.941160][T22603] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5453'. [ 1246.971463][T22602] netlink: 'syz.1.5454': attribute type 10 has an invalid length. [ 1247.198576][ T8677] usb 3-1: USB disconnect, device number 42 [ 1247.347581][T22605] syz_tun: entered allmulticast mode [ 1247.503159][T22613] 8021q: VLANs not supported on vxcan1 [ 1247.673376][T22624] netlink: 14 bytes leftover after parsing attributes in process `syz.3.5463'. [ 1248.034987][T22634] input: syz1 as /devices/virtual/input/input80 [ 1248.081090][T22624] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1248.114524][T22624] bond_slave_0: left promiscuous mode [ 1248.167390][T22624] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1248.192832][T22624] bond_slave_1: left promiscuous mode [ 1248.217590][T22624] bond0 (unregistering): (slave team0): Releasing backup interface [ 1248.255151][T22624] team0: left promiscuous mode [ 1248.274049][T22624] team_slave_0: left promiscuous mode [ 1248.282409][T22624] team_slave_1: left promiscuous mode [ 1248.293744][T22624] geneve0: left promiscuous mode [ 1248.303370][T22624] bond0 (unregistering): Released all slaves [ 1248.479372][T22644] tipc: Enabling of bearer rejected, failed to enable media [ 1248.651938][T22649] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5473'. [ 1248.930528][T15613] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 1249.046176][T22663] 8021q: VLANs not supported on vxcan1 [ 1249.080310][T15621] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 1249.104254][T15613] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1249.115523][T15613] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1249.125944][T15613] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 1249.135148][T15613] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1249.146542][T15613] usb 5-1: config 0 descriptor?? [ 1249.230435][T15621] usb 4-1: Using ep0 maxpacket: 32 [ 1249.237962][T15621] usb 4-1: config 0 has an invalid interface number: 231 but max is 0 [ 1249.246511][T15621] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1249.256966][T15621] usb 4-1: config 0 has no interface number 0 [ 1249.263311][T15621] usb 4-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 1249.273558][T15621] usb 4-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1249.290138][T15621] usb 4-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 1249.299413][T15621] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1249.307548][T15621] usb 4-1: Product: syz [ 1249.311852][T15621] usb 4-1: Manufacturer: syz [ 1249.316543][T15621] usb 4-1: SerialNumber: syz [ 1249.325008][T15621] usb 4-1: config 0 descriptor?? [ 1249.331095][T22653] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1249.340424][T15621] usb-storage 4-1:0.231: USB Mass Storage device detected [ 1249.554078][T15607] usb 4-1: USB disconnect, device number 74 [ 1249.569702][T15613] cp2112 0003:10C4:EA90.001F: unknown main item tag 0x0 [ 1249.602794][T15613] cp2112 0003:10C4:EA90.001F: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 1249.772056][T15613] cp2112 0003:10C4:EA90.001F: Part Number: 0x82 Device Version: 0xFE [ 1250.213635][T22683] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5481'. [ 1250.222702][T22683] netlink: 'syz.1.5481': attribute type 5 has an invalid length. [ 1250.231544][T22683] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5481'. [ 1250.420501][ T8677] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 1250.640367][ T8677] usb 3-1: device descriptor read/64, error -71 [ 1250.880285][ T8677] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 1251.044553][ T8677] usb 3-1: device descriptor read/64, error -71 [ 1251.181107][ T8677] usb usb3-port1: attempt power cycle [ 1251.530307][ T8677] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 1251.562434][ T8677] usb 3-1: device descriptor read/8, error -71 [ 1251.657042][T15613] cp2112 0003:10C4:EA90.001F: error setting SMBus config [ 1251.726501][T15613] cp2112 0003:10C4:EA90.001F: probe with driver cp2112 failed with error -71 [ 1251.771391][T15613] usb 5-1: USB disconnect, device number 88 [ 1251.830884][ T8677] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 1251.872615][ T8677] usb 3-1: device descriptor read/8, error -71 [ 1251.988911][ T8677] usb usb3-port1: unable to enumerate USB device [ 1252.034178][T22712] 8021q: VLANs not supported on vxcan1 [ 1252.475027][T22721] netlink: 140 bytes leftover after parsing attributes in process `syz.3.5493'. [ 1253.003748][T22735] macsec0: entered promiscuous mode [ 1253.023605][T22735] macsec0: left promiscuous mode [ 1253.709125][T22751] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5497'. [ 1253.744130][T22754] x_tables: duplicate underflow at hook 2 [ 1253.755823][T22751] netlink: 'syz.1.5497': attribute type 5 has an invalid length. [ 1253.826032][T22751] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5497'. [ 1254.083244][T22758] tipc: Enabling of bearer rejected, failed to enable media [ 1254.600362][T15613] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 1254.742076][T15613] usb 4-1: device descriptor read/64, error -71 [ 1254.830024][T22768] netlink: 52 bytes leftover after parsing attributes in process `syz.4.5508'. [ 1254.888784][T22768] tipc: Invalid UDP bearer configuration [ 1254.888840][T22768] tipc: Enabling of bearer rejected, failed to enable media [ 1255.000509][T15613] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 1255.120484][ T8694] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 1255.174633][T15613] usb 4-1: device descriptor read/64, error -71 [ 1255.292229][ T8694] usb 5-1: config 0 has an invalid interface number: 255 but max is 0 [ 1255.320814][T15613] usb usb4-port1: attempt power cycle [ 1255.330802][ T8694] usb 5-1: config 0 has no interface number 0 [ 1255.372719][ T8694] usb 5-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 1255.475278][ T8694] usb 5-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 1255.506075][T22779] netlink: 24 bytes leftover after parsing attributes in process `syz.1.5512'. [ 1255.526485][ T8694] usb 5-1: config 0 interface 255 has no altsetting 0 [ 1255.591650][ T8694] usb 5-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 1255.601770][ T8694] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1255.619767][ T8694] usb 5-1: config 0 descriptor?? [ 1255.720521][T15613] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 1255.773102][T15613] usb 4-1: device descriptor read/8, error -71 [ 1255.833823][T22788] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5514'. [ 1255.894007][ T8694] usb 5-1: string descriptor 0 read error: -71 [ 1255.923400][ T8694] ums-realtek 5-1:0.255: USB Mass Storage device detected [ 1256.020576][T15613] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 1256.070958][ T8694] usb 5-1: USB disconnect, device number 89 [ 1256.090767][T15613] usb 4-1: device descriptor read/8, error -71 [ 1256.301742][T15613] usb usb4-port1: unable to enumerate USB device [ 1257.040617][T15613] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 1257.181007][T15613] usb 5-1: device descriptor read/64, error -71 [ 1257.422508][T15613] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 1257.560513][T15613] usb 5-1: device descriptor read/64, error -71 [ 1257.670676][T15613] usb usb5-port1: attempt power cycle [ 1257.870745][T15607] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 1258.020779][T15613] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 1258.049636][T15607] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1258.069773][T15613] usb 5-1: device descriptor read/8, error -71 [ 1258.086379][T15607] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1258.104627][T15607] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1258.135643][T22828] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5530'. [ 1258.144546][T15607] usb 2-1: New USB device found, idVendor=048d, idProduct=8595, bcdDevice= 0.00 [ 1258.174365][T15607] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1258.204441][T15607] usb 2-1: config 0 descriptor?? [ 1258.244364][T22831] hub 1-0:1.0: USB hub found [ 1258.262078][T22831] hub 1-0:1.0: 1 port detected [ 1258.321180][T15613] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 1258.361407][T15613] usb 5-1: device descriptor read/8, error -71 [ 1258.481229][T15613] usb usb5-port1: unable to enumerate USB device [ 1258.570401][T15620] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 1258.657959][T22815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1258.683673][T22815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1258.712559][T22815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1258.730440][T15620] usb 4-1: Using ep0 maxpacket: 8 [ 1258.735674][T22815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1258.735852][ T8677] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 1258.766166][T15620] usb 4-1: config 6 has an invalid interface number: 2 but max is 0 [ 1258.777742][T15620] usb 4-1: config 6 has no interface number 0 [ 1258.795702][T15620] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 1258.823205][T15620] usb 4-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1258.850274][T15620] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 1258.870813][T15620] usb 4-1: config 6 interface 2 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 1258.900379][T15620] usb 4-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 1258.910263][T15620] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1258.918292][T15620] usb 4-1: Product: syz [ 1258.923047][T15620] usb 4-1: Manufacturer: syz [ 1258.927698][T15620] usb 4-1: SerialNumber: syz [ 1258.940455][ T8677] usb 1-1: device descriptor read/64, error -71 [ 1258.968376][T15620] hso 4-1:6.2: Failed to find BULK IN ep [ 1259.190444][ T8677] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 1259.340652][ T8677] usb 1-1: device descriptor read/64, error -71 [ 1259.377179][T22847] loop6: detected capacity change from 0 to 524288000 [ 1259.457781][ T8677] usb usb1-port1: attempt power cycle [ 1259.519194][T22833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1259.529954][T15607] usbhid 2-1:0.0: can't add hid device: -71 [ 1259.544614][T22833] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1259.557017][T15607] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1259.561511][T22833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1259.575807][T22833] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1259.603466][T15607] usb 2-1: USB disconnect, device number 99 [ 1259.822700][ T8677] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 1259.873656][ T8677] usb 1-1: device descriptor read/8, error -71 [ 1260.090484][T15613] usb 2-1: new low-speed USB device number 100 using dummy_hcd [ 1260.390301][ T8677] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 1260.412221][ T8677] usb 1-1: device descriptor read/8, error -71 [ 1260.539055][ T8677] usb usb1-port1: unable to enumerate USB device [ 1261.185004][ T8677] usb 4-1: USB disconnect, device number 79 [ 1261.599302][T22874] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5544'. [ 1261.913509][T22888] netlink: 1608 bytes leftover after parsing attributes in process `syz.4.5549'. [ 1262.078481][T22893] input: syz1 as /devices/virtual/input/input81 [ 1262.196603][T22900] x_tables: duplicate underflow at hook 2 [ 1262.530492][T15607] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 1262.686128][T15607] usb 5-1: device descriptor read/64, error -71 [ 1263.040644][T15607] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 1263.200862][T15607] usb 5-1: device descriptor read/64, error -71 [ 1263.321492][T15607] usb usb5-port1: attempt power cycle [ 1263.710357][T15607] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 1263.751278][T15607] usb 5-1: device descriptor read/8, error -71 [ 1264.000417][T15607] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 1264.052800][T15607] usb 5-1: device descriptor read/8, error -71 [ 1264.108362][ T30] audit: type=1326 audit(1748566192.609:1850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22931 comm="syz.0.5563" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f3b5198e969 code=0x0 [ 1264.165299][T22934] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5564'. [ 1264.214254][T15607] usb usb5-port1: unable to enumerate USB device [ 1264.394942][T22939] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5567'. [ 1264.610768][T15611] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 1264.770374][T15607] usb 4-1: new low-speed USB device number 80 using dummy_hcd [ 1264.778349][T15611] usb 2-1: Using ep0 maxpacket: 8 [ 1264.796572][T15611] usb 2-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=dc.00 [ 1264.806539][T15611] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1264.815278][T15611] usb 2-1: Product: syz [ 1264.819757][T15611] usb 2-1: Manufacturer: syz [ 1264.825279][T15611] usb 2-1: SerialNumber: syz [ 1264.834895][T15611] usb 2-1: config 0 descriptor?? [ 1264.857347][T15611] radio-usb-si4713 2-1:0.0: Si4713 development board discovered: (10C4:8244) [ 1265.255608][T22959] netlink: 71 bytes leftover after parsing attributes in process `syz.0.5574'. [ 1265.503304][T15611] radio-usb-si4713 2-1:0.0: probe with driver radio-usb-si4713 failed with error -71 [ 1265.526790][T15611] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1265.573758][T15611] usb 2-1: USB disconnect, device number 101 [ 1266.157438][T22982] netlink: 44 bytes leftover after parsing attributes in process `syz.2.5582'. [ 1266.274052][T22985] netlink: 'syz.1.5583': attribute type 1 has an invalid length. [ 1266.347206][T22985] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1266.365996][T22989] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5577'. [ 1266.387104][T22989] netlink: 'syz.4.5577': attribute type 5 has an invalid length. [ 1266.389379][T22988] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1266.408334][T22989] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5577'. [ 1266.456722][T22988] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1266.482057][T22988] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1266.504895][T22988] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1266.529099][T22988] geneve3: entered promiscuous mode [ 1266.546467][T22988] geneve3: entered allmulticast mode [ 1266.573385][T22988] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1266.598036][T22988] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1266.620649][T22988] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1266.644011][T22988] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1266.745777][T22985] veth5: entered promiscuous mode [ 1266.766396][T22985] bond5: (slave veth5): Enslaving as a backup interface with a down link [ 1266.797147][T22989] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 256 - 0 [ 1266.827712][T22989] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 256 - 0 [ 1266.848856][T22989] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 256 - 0 [ 1266.869622][T22989] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 256 - 0 [ 1266.897914][T22989] geneve2: entered promiscuous mode [ 1266.915340][T22989] geneve2: entered allmulticast mode [ 1267.549839][T23006] input: syz0 as /devices/virtual/input/input82 [ 1267.760935][T23007] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1268.151764][T23012] netlink: 'syz.3.5594': attribute type 29 has an invalid length. [ 1268.163440][T23012] netlink: 'syz.3.5594': attribute type 29 has an invalid length. [ 1268.174156][T23012] netlink: 492 bytes leftover after parsing attributes in process `syz.3.5594'. [ 1268.324779][T23020] vlan0: entered promiscuous mode [ 1268.720563][T15607] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 1268.994208][T23034] input: syz0 as /devices/virtual/input/input83 [ 1269.040564][T15607] usb 4-1: config 0 has no interfaces? [ 1269.099276][T15607] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 1269.108881][T15607] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1269.117734][T15607] usb 4-1: Product: syz [ 1269.122993][T15607] usb 4-1: Manufacturer: syz [ 1269.127814][T15607] usb 4-1: SerialNumber: syz [ 1269.135346][T15607] usb 4-1: config 0 descriptor?? [ 1269.580632][T23047] FAULT_INJECTION: forcing a failure. [ 1269.580632][T23047] name failslab, interval 1, probability 0, space 0, times 0 [ 1269.591264][T15613] usb 1-1: new full-speed USB device number 15 using dummy_hcd [ 1269.611824][T23047] CPU: 0 UID: 0 PID: 23047 Comm: syz.2.5606 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1269.611850][T23047] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1269.611864][T23047] Call Trace: [ 1269.611872][T23047] [ 1269.611881][T23047] dump_stack_lvl+0x189/0x250 [ 1269.611916][T23047] ? __pfx____ratelimit+0x10/0x10 [ 1269.611937][T23047] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1269.611965][T23047] ? __pfx__printk+0x10/0x10 [ 1269.611991][T23047] ? __pfx___might_resched+0x10/0x10 [ 1269.612014][T23047] ? fs_reclaim_acquire+0x7d/0x100 [ 1269.612047][T23047] should_fail_ex+0x414/0x560 [ 1269.612073][T23047] should_failslab+0xa8/0x100 [ 1269.612099][T23047] kmem_cache_alloc_noprof+0x73/0x3c0 [ 1269.612121][T23047] ? getname_flags+0xb8/0x540 [ 1269.612146][T23047] ? __pfx_ksys_write+0x10/0x10 [ 1269.612170][T23047] getname_flags+0xb8/0x540 [ 1269.612200][T23047] __x64_sys_unlink+0x3a/0x50 [ 1269.612221][T23047] do_syscall_64+0xfa/0x3b0 [ 1269.612241][T23047] ? lockdep_hardirqs_on+0x9c/0x150 [ 1269.612261][T23047] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1269.612280][T23047] ? clear_bhb_loop+0x60/0xb0 [ 1269.612303][T23047] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1269.612322][T23047] RIP: 0033:0x7feb5858e969 [ 1269.612339][T23047] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1269.612356][T23047] RSP: 002b:00007feb593e1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000057 [ 1269.612377][T23047] RAX: ffffffffffffffda RBX: 00007feb587b5fa0 RCX: 00007feb5858e969 [ 1269.612391][T23047] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000200000000180 [ 1269.612404][T23047] RBP: 00007feb593e1090 R08: 0000000000000000 R09: 0000000000000000 [ 1269.612416][T23047] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1269.612428][T23047] R13: 0000000000000000 R14: 00007feb587b5fa0 R15: 00007feb588dfa28 [ 1269.612456][T23047] [ 1269.895268][T15613] usb 1-1: config 1 has an invalid descriptor of length 102, skipping remainder of the config [ 1269.905963][T15613] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1269.917477][T15613] usb 1-1: too many endpoints for config 1 interface 1 altsetting 48: 120, using maximum allowed: 30 [ 1269.931167][T15613] usb 1-1: config 1 interface 1 altsetting 48 has 0 endpoint descriptors, different from the interface descriptor's value: 120 [ 1269.944605][T15613] usb 1-1: config 1 interface 1 has no altsetting 0 [ 1269.953285][T15613] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1269.962607][T15613] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1269.970806][T15613] usb 1-1: Product: syz [ 1269.975057][T15613] usb 1-1: Manufacturer: syz [ 1269.979642][T15613] usb 1-1: SerialNumber: syz [ 1270.101375][T15613] usb 1-1: selecting invalid altsetting 1 [ 1270.117478][T15613] usb 1-1: selecting invalid altsetting 0 [ 1270.127691][T15613] usb 1-1: selecting invalid altsetting 0 [ 1270.140612][T15613] cdc_ncm 1-1:1.0: bind() failure [ 1270.313995][T15613] usb 1-1: selecting invalid altsetting 0 [ 1270.320156][T15613] usbtest 1-1:1.1: probe with driver usbtest failed with error -22 [ 1270.344397][T15613] usb 1-1: USB disconnect, device number 15 [ 1270.546680][T23057] netlink: 'syz.3.5596': attribute type 1 has an invalid length. [ 1270.565718][T23057] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1270.620643][T15607] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 1270.752467][T23060] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5604'. [ 1270.762257][T23060] netlink: 'syz.4.5604': attribute type 5 has an invalid length. [ 1270.770059][T23060] netlink: 20 bytes leftover after parsing attributes in process `syz.4.5604'. [ 1270.895218][T15607] usb 2-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1270.912520][T15607] usb 2-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1270.930811][T15607] usb 2-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1270.944259][T15607] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1270.953791][T15607] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1271.015711][T15607] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 1271.141897][T13048] udevd[13048]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1271.211014][T15607] snd-usb-audio 2-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 1271.305659][T15607] usb 2-1: USB disconnect, device number 102 [ 1271.319910][T23072] input: syz1 as /devices/virtual/input/input84 [ 1271.524265][T23075] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5614'. [ 1271.534841][T23075] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5614'. [ 1271.548273][T23075] netlink: 'syz.2.5614': attribute type 15 has an invalid length. [ 1271.820870][T15607] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 1272.000586][T15607] usb 3-1: Using ep0 maxpacket: 32 [ 1272.027980][T15607] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1272.150865][T15607] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1272.189806][T23079] FAULT_INJECTION: forcing a failure. [ 1272.189806][T23079] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1272.205389][T23079] CPU: 1 UID: 0 PID: 23079 Comm: syz.0.5616 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1272.205416][T23079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1272.205428][T23079] Call Trace: [ 1272.205437][T23079] [ 1272.205446][T23079] dump_stack_lvl+0x189/0x250 [ 1272.205486][T23079] ? __pfx____ratelimit+0x10/0x10 [ 1272.205507][T23079] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1272.205536][T23079] ? __pfx__printk+0x10/0x10 [ 1272.205557][T23079] ? __might_fault+0xb0/0x130 [ 1272.205592][T23079] should_fail_ex+0x414/0x560 [ 1272.205620][T23079] _copy_from_user+0x2d/0xb0 [ 1272.205648][T23079] ___sys_sendmsg+0x158/0x2a0 [ 1272.205696][T23079] ? __pfx____sys_sendmsg+0x10/0x10 [ 1272.205765][T23079] ? __fget_files+0x2a/0x420 [ 1272.205792][T23079] ? __fget_files+0x3a0/0x420 [ 1272.205831][T23079] __x64_sys_sendmsg+0x19b/0x260 [ 1272.205866][T23079] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1272.205908][T23079] ? __pfx_ksys_write+0x10/0x10 [ 1272.205931][T23079] ? rcu_is_watching+0x15/0xb0 [ 1272.205964][T23079] ? do_syscall_64+0xbe/0x3b0 [ 1272.205992][T23079] do_syscall_64+0xfa/0x3b0 [ 1272.206014][T23079] ? lockdep_hardirqs_on+0x9c/0x150 [ 1272.206039][T23079] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1272.206060][T23079] ? clear_bhb_loop+0x60/0xb0 [ 1272.206086][T23079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1272.206108][T23079] RIP: 0033:0x7f3b5198e969 [ 1272.206127][T23079] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1272.206146][T23079] RSP: 002b:00007f3b527c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1272.206169][T23079] RAX: ffffffffffffffda RBX: 00007f3b51bb5fa0 RCX: 00007f3b5198e969 [ 1272.206185][T23079] RDX: 0000000000040004 RSI: 0000200000000680 RDI: 0000000000000009 [ 1272.206200][T23079] RBP: 00007f3b527c1090 R08: 0000000000000000 R09: 0000000000000000 [ 1272.206213][T23079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1272.206227][T23079] R13: 0000000000000000 R14: 00007f3b51bb5fa0 R15: 00007f3b51cdfa28 [ 1272.206260][T23079] [ 1272.417084][ C1] vkms_vblank_simulate: vblank timer overrun [ 1272.430892][T15607] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1272.440083][T15607] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1272.451862][T15607] usb 3-1: config 0 descriptor?? [ 1272.460523][T23081] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1272.467757][T23081] IPv6: NLM_F_CREATE should be set when creating new route [ 1272.481040][T23081] netlink: 60 bytes leftover after parsing attributes in process `syz.4.5617'. [ 1272.495915][T15607] hub 3-1:0.0: USB hub found [ 1272.682391][T15607] hub 3-1:0.0: config failed, can't read hub descriptor (err -90) [ 1272.754251][T21864] usb 4-1: USB disconnect, device number 81 [ 1272.883951][T15607] usbhid 3-1:0.0: can't add hid device: -71 [ 1272.890103][T15607] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1272.910564][T15613] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 1272.922302][T15607] usb 3-1: USB disconnect, device number 47 [ 1273.060559][T15613] usb 5-1: Using ep0 maxpacket: 16 [ 1273.068522][T15613] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1273.080684][T15613] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1273.091074][T15613] usb 5-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 1273.100142][T15613] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1273.111560][T15613] usb 5-1: config 0 descriptor?? [ 1273.532046][T15613] hid (null): usage index exceeded [ 1273.540639][T23109] random: crng reseeded on system resumption [ 1273.558340][T15613] hid (null): unknown global tag 0xc [ 1273.571290][T15613] hid (null): unknown global tag 0xdf [ 1273.799498][T15620] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 1273.842135][T15607] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 1273.885200][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 1273.925185][T15613] usb 5-1: string descriptor 0 read error: -71 [ 1273.990708][T15613] usb 5-1: Max retries (5) exceeded reading string descriptor 200 [ 1274.002011][T15613] letsketch 0003:6161:4D15.0020: probe with driver letsketch failed with error -32 [ 1274.040391][T15607] usb 2-1: device descriptor read/64, error -32 [ 1274.060755][T15613] usb 5-1: USB disconnect, device number 98 [ 1274.300731][T15607] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 1274.329198][ C0] raw-gadget.0 gadget.1: ignoring, device is not running [ 1274.349437][T23119] input: syz1 as /devices/virtual/input/input85 [ 1274.481048][T15607] usb 2-1: device descriptor read/64, error -32 [ 1274.551822][T23123] tipc: Enabling of bearer rejected, failed to enable media [ 1274.560318][T15613] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 1274.609646][T15607] usb usb2-port1: attempt power cycle [ 1274.689203][T23127] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5633'. [ 1274.759404][T23130] FAULT_INJECTION: forcing a failure. [ 1274.759404][T23130] name failslab, interval 1, probability 0, space 0, times 0 [ 1274.772694][T23130] CPU: 1 UID: 0 PID: 23130 Comm: syz.0.5634 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1274.772722][T23130] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1274.772735][T23130] Call Trace: [ 1274.772742][T23130] [ 1274.772752][T23130] dump_stack_lvl+0x189/0x250 [ 1274.772789][T23130] ? __pfx____ratelimit+0x10/0x10 [ 1274.772809][T23130] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1274.772840][T23130] ? __pfx__printk+0x10/0x10 [ 1274.772866][T23130] ? __pfx___might_resched+0x10/0x10 [ 1274.772895][T23130] should_fail_ex+0x414/0x560 [ 1274.772922][T23130] should_failslab+0xa8/0x100 [ 1274.772948][T23130] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 1274.772973][T23130] ? __alloc_skb+0x112/0x2d0 [ 1274.773003][T23130] __alloc_skb+0x112/0x2d0 [ 1274.773033][T23130] netlink_sendmsg+0x5c6/0xb30 [ 1274.773070][T23130] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1274.773102][T23130] ? aa_sock_msg_perm+0x94/0x160 [ 1274.773125][T23130] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1274.773144][T23130] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1274.773174][T23130] __sock_sendmsg+0x21c/0x270 [ 1274.773199][T23130] ____sys_sendmsg+0x505/0x830 [ 1274.773233][T23130] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1274.773290][T23130] ? import_iovec+0x74/0xa0 [ 1274.773320][T23130] ___sys_sendmsg+0x21f/0x2a0 [ 1274.773350][T23130] ? __pfx____sys_sendmsg+0x10/0x10 [ 1274.773411][T23130] ? __fget_files+0x2a/0x420 [ 1274.773434][T23130] ? __fget_files+0x3a0/0x420 [ 1274.773467][T23130] __x64_sys_sendmsg+0x19b/0x260 [ 1274.773497][T23130] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1274.773534][T23130] ? __pfx_ksys_write+0x10/0x10 [ 1274.773560][T23130] ? do_syscall_64+0xbe/0x3b0 [ 1274.773584][T23130] do_syscall_64+0xfa/0x3b0 [ 1274.773604][T23130] ? lockdep_hardirqs_on+0x9c/0x150 [ 1274.773623][T23130] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1274.773642][T23130] ? clear_bhb_loop+0x60/0xb0 [ 1274.773664][T23130] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1274.773682][T23130] RIP: 0033:0x7f3b5198e969 [ 1274.773699][T23130] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1274.773716][T23130] RSP: 002b:00007f3b527c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1274.773735][T23130] RAX: ffffffffffffffda RBX: 00007f3b51bb5fa0 RCX: 00007f3b5198e969 [ 1274.773750][T23130] RDX: 0000000000040004 RSI: 0000200000000680 RDI: 0000000000000009 [ 1274.773763][T23130] RBP: 00007f3b527c1090 R08: 0000000000000000 R09: 0000000000000000 [ 1274.773775][T23130] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1274.773786][T23130] R13: 0000000000000000 R14: 00007f3b51bb5fa0 R15: 00007f3b51cdfa28 [ 1274.773813][T23130] [ 1274.774908][T15613] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 1274.988715][ C0] vkms_vblank_simulate: vblank timer overrun [ 1275.058722][T15613] usb 5-1: New USB device found, idVendor=2040, idProduct=5530, bcdDevice=a8.82 [ 1275.067938][T15613] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1275.087085][T15613] usb 5-1: config 0 descriptor?? [ 1275.098729][T15613] smsusb:smsusb_probe: board id=8, interface number 0 [ 1275.106367][T15613] smsusb:smsusb_probe: Device initialized with return code -19 [ 1275.114505][T15607] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 1275.197340][T15607] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 1275.207714][T15607] usb 2-1: config 0 has no interface number 0 [ 1275.216196][T15607] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1275.227540][T15607] usb 2-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1275.232551][T23134] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5635'. [ 1275.237797][T15607] usb 2-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1275.260466][T15607] usb 2-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 1275.263216][T23134] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5635'. [ 1275.269599][T15607] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1275.282457][T15607] usb 2-1: config 0 descriptor?? [ 1275.297428][T23117] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1275.312762][T23117] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1275.335354][T15620] usb 5-1: USB disconnect, device number 99 [ 1275.437498][T23137] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5636'. [ 1275.747727][T23147] FAULT_INJECTION: forcing a failure. [ 1275.747727][T23147] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1275.761256][T23147] CPU: 1 UID: 0 PID: 23147 Comm: syz.0.5640 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1275.761283][T23147] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1275.761296][T23147] Call Trace: [ 1275.761305][T23147] [ 1275.761315][T23147] dump_stack_lvl+0x189/0x250 [ 1275.761350][T23147] ? __pfx____ratelimit+0x10/0x10 [ 1275.761372][T23147] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1275.761404][T23147] ? __pfx__printk+0x10/0x10 [ 1275.761438][T23147] should_fail_ex+0x414/0x560 [ 1275.761465][T23147] _copy_to_user+0x31/0xb0 [ 1275.761497][T23147] simple_read_from_buffer+0xe1/0x170 [ 1275.761527][T23147] proc_fail_nth_read+0x1df/0x250 [ 1275.761560][T23147] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1275.761592][T23147] ? rw_verify_area+0x258/0x650 [ 1275.761613][T23147] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1275.761643][T23147] vfs_read+0x200/0x980 [ 1275.761671][T23147] ? __pfx___mutex_lock+0x10/0x10 [ 1275.761694][T23147] ? __pfx_vfs_read+0x10/0x10 [ 1275.761717][T23147] ? __fget_files+0x2a/0x420 [ 1275.761747][T23147] ? __fget_files+0x3a0/0x420 [ 1275.761771][T23147] ? __fget_files+0x2a/0x420 [ 1275.761808][T23147] ksys_read+0x145/0x250 [ 1275.761832][T23147] ? __pfx_ksys_read+0x10/0x10 [ 1275.761859][T23147] ? do_syscall_64+0xbe/0x3b0 [ 1275.761886][T23147] do_syscall_64+0xfa/0x3b0 [ 1275.761914][T23147] ? lockdep_hardirqs_on+0x9c/0x150 [ 1275.761935][T23147] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1275.761954][T23147] ? clear_bhb_loop+0x60/0xb0 [ 1275.761979][T23147] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1275.761998][T23147] RIP: 0033:0x7f3b5198d37c [ 1275.762016][T23147] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1275.762034][T23147] RSP: 002b:00007f3b527c1030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1275.762055][T23147] RAX: ffffffffffffffda RBX: 00007f3b51bb5fa0 RCX: 00007f3b5198d37c [ 1275.762071][T23147] RDX: 000000000000000f RSI: 00007f3b527c10a0 RDI: 0000000000000003 [ 1275.762085][T23147] RBP: 00007f3b527c1090 R08: 0000000000000000 R09: 0000000000000000 [ 1275.762097][T23147] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1275.762109][T23147] R13: 0000000000000000 R14: 00007f3b51bb5fa0 R15: 00007f3b51cdfa28 [ 1275.762140][T23147] [ 1276.113575][T23151] netlink: 44 bytes leftover after parsing attributes in process `syz.4.5642'. [ 1276.242303][T23155] netlink: 'syz.4.5644': attribute type 1 has an invalid length. [ 1276.281091][T15613] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 1276.290053][T23155] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1276.316187][T23155] veth5: entered promiscuous mode [ 1276.325755][T23155] bond2: (slave veth5): Enslaving as a backup interface with a down link [ 1276.443362][T15613] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1276.453192][T15613] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1276.469512][T15613] usb 1-1: config 0 descriptor?? [ 1276.663940][T23163] FAULT_INJECTION: forcing a failure. [ 1276.663940][T23163] name failslab, interval 1, probability 0, space 0, times 0 [ 1276.679892][T23163] CPU: 1 UID: 0 PID: 23163 Comm: syz.3.5647 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1276.679932][T23163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1276.679946][T23163] Call Trace: [ 1276.679955][T23163] [ 1276.679964][T23163] dump_stack_lvl+0x189/0x250 [ 1276.679999][T23163] ? __pfx____ratelimit+0x10/0x10 [ 1276.680022][T23163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1276.680052][T23163] ? __pfx__printk+0x10/0x10 [ 1276.680086][T23163] ? __pfx___might_resched+0x10/0x10 [ 1276.680111][T23163] ? fs_reclaim_acquire+0x7d/0x100 [ 1276.680145][T23163] should_fail_ex+0x414/0x560 [ 1276.680175][T23163] should_failslab+0xa8/0x100 [ 1276.680202][T23163] __kmalloc_noprof+0xcb/0x4f0 [ 1276.680225][T23163] ? kfree+0x4d/0x440 [ 1276.680245][T23163] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1276.680274][T23163] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1276.680299][T23163] ? tomoyo_domain+0xd9/0x130 [ 1276.680329][T23163] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1276.680361][T23163] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1276.680395][T23163] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1276.680443][T23163] ? __lock_acquire+0xab9/0xd20 [ 1276.680486][T23163] ? __fget_files+0x2a/0x420 [ 1276.680514][T23163] ? __fget_files+0x2a/0x420 [ 1276.680538][T23163] ? __fget_files+0x3a0/0x420 [ 1276.680563][T23163] ? __fget_files+0x2a/0x420 [ 1276.680592][T23163] security_file_ioctl+0xcb/0x2d0 [ 1276.680634][T23163] __se_sys_ioctl+0x47/0x170 [ 1276.680656][T23163] do_syscall_64+0xfa/0x3b0 [ 1276.680674][T23163] ? lockdep_hardirqs_on+0x9c/0x150 [ 1276.680693][T23163] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1276.680712][T23163] ? clear_bhb_loop+0x60/0xb0 [ 1276.680736][T23163] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1276.680755][T23163] RIP: 0033:0x7f988f18e969 [ 1276.680772][T23163] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1276.680789][T23163] RSP: 002b:00007f988ffb2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1276.680809][T23163] RAX: ffffffffffffffda RBX: 00007f988f3b5fa0 RCX: 00007f988f18e969 [ 1276.680822][T23163] RDX: 0000200000000040 RSI: 0000000000005415 RDI: 0000000000000004 [ 1276.680834][T23163] RBP: 00007f988ffb2090 R08: 0000000000000000 R09: 0000000000000000 [ 1276.680847][T23163] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1276.680858][T23163] R13: 0000000000000000 R14: 00007f988f3b5fa0 R15: 00007f988f4dfa28 [ 1276.680888][T23163] [ 1276.935447][T15613] usb 1-1: string descriptor 0 read error: -71 [ 1276.950608][T23163] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1277.076400][T15613] usb 1-1: USB disconnect, device number 16 [ 1277.292565][T23172] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5650'. [ 1277.362431][T15611] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 1277.376698][T23172] vlan2: entered promiscuous mode [ 1277.383627][T23172] hsr0: entered promiscuous mode [ 1277.527449][T15611] usb 4-1: Using ep0 maxpacket: 8 [ 1277.547974][T15611] usb 4-1: too many configurations: 108, using maximum allowed: 8 [ 1277.607055][T15611] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1277.631988][T15611] usb 4-1: can't read configurations, error -61 [ 1277.780663][T15611] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 1277.972627][T15611] usb 4-1: Using ep0 maxpacket: 8 [ 1277.981506][T15611] usb 4-1: too many configurations: 108, using maximum allowed: 8 [ 1278.030921][T15611] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1278.038683][T15611] usb 4-1: can't read configurations, error -61 [ 1278.045653][T15613] usb 5-1: new high-speed USB device number 100 using dummy_hcd [ 1278.059226][T15611] usb usb4-port1: attempt power cycle [ 1278.202766][T15613] usb 5-1: config 1 has an invalid interface number: 4 but max is 0 [ 1278.223081][T15613] usb 5-1: config 1 has no interface number 0 [ 1278.229400][T15613] usb 5-1: config 1 interface 4 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1278.253817][T15613] usb 5-1: config 1 interface 4 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1278.280717][T15613] usb 5-1: config 1 interface 4 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1278.303448][T15613] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1278.312910][T15613] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1278.323045][T15613] usb 5-1: Product: syz [ 1278.327289][T15613] usb 5-1: Manufacturer: syz [ 1278.332087][T15613] usb 5-1: SerialNumber: syz [ 1278.337302][T23181] xt_TCPMSS: Only works on TCP SYN packets [ 1278.372247][T15607] usbhid 2-1:0.1: can't add hid device: -71 [ 1278.378600][T15607] usbhid 2-1:0.1: probe with driver usbhid failed with error -71 [ 1278.401677][T15611] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 1278.421711][T15607] usb 2-1: USB disconnect, device number 105 [ 1278.451243][T15611] usb 4-1: Using ep0 maxpacket: 8 [ 1278.461385][T15611] usb 4-1: too many configurations: 108, using maximum allowed: 8 [ 1278.484787][T15611] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1278.507125][T15611] usb 4-1: can't read configurations, error -61 [ 1278.565665][T23187] netlink: 36 bytes leftover after parsing attributes in process `syz.0.5655'. [ 1278.641238][T15611] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 1278.653554][T15613] usblp 5-1:1.4: usblp0: USB Unidirectional printer dev 100 if 4 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1278.691220][T15611] usb 4-1: Using ep0 maxpacket: 8 [ 1278.699836][T15611] usb 4-1: too many configurations: 108, using maximum allowed: 8 [ 1278.711539][T15611] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 1278.719518][T15611] usb 4-1: can't read configurations, error -61 [ 1278.727851][T15611] usb usb4-port1: unable to enumerate USB device [ 1278.774924][T23194] netlink: 'syz.2.5660': attribute type 1 has an invalid length. [ 1278.876747][T23200] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1278.877825][T23202] FAULT_INJECTION: forcing a failure. [ 1278.877825][T23202] name failslab, interval 1, probability 0, space 0, times 0 [ 1278.885537][T15620] usb 5-1: USB disconnect, device number 100 [ 1278.897163][T23178] usblp0:failed reading printer status (-71) [ 1278.909000][T23202] CPU: 0 UID: 0 PID: 23202 Comm: syz.0.5662 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1278.909029][T23202] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1278.909043][T23202] Call Trace: [ 1278.909051][T23202] [ 1278.909060][T23202] dump_stack_lvl+0x189/0x250 [ 1278.909098][T23202] ? __pfx____ratelimit+0x10/0x10 [ 1278.909122][T23202] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1278.909155][T23202] ? __pfx__printk+0x10/0x10 [ 1278.909181][T23202] ? __pfx___might_resched+0x10/0x10 [ 1278.909209][T23202] ? fs_reclaim_acquire+0x7d/0x100 [ 1278.909244][T23202] should_fail_ex+0x414/0x560 [ 1278.909274][T23202] should_failslab+0xa8/0x100 [ 1278.909304][T23202] __kmalloc_noprof+0xcb/0x4f0 [ 1278.909329][T23202] ? tomoyo_encode+0x28b/0x550 [ 1278.909359][T23202] tomoyo_encode+0x28b/0x550 [ 1278.909392][T23202] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1278.909429][T23202] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 1278.909464][T23202] tomoyo_path_number_perm+0x1e8/0x5a0 [ 1278.909502][T23202] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1278.909551][T23202] ? __lock_acquire+0xab9/0xd20 [ 1278.909595][T23202] ? __fget_files+0x2a/0x420 [ 1278.909626][T23202] ? __fget_files+0x2a/0x420 [ 1278.909661][T23202] ? __fget_files+0x3a0/0x420 [ 1278.909686][T23202] ? __fget_files+0x2a/0x420 [ 1278.909719][T23202] security_file_ioctl+0xcb/0x2d0 [ 1278.909765][T23202] __se_sys_ioctl+0x47/0x170 [ 1278.909788][T23202] do_syscall_64+0xfa/0x3b0 [ 1278.909826][T23202] ? lockdep_hardirqs_on+0x9c/0x150 [ 1278.909849][T23202] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1278.909870][T23202] ? clear_bhb_loop+0x60/0xb0 [ 1278.909908][T23202] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1278.909928][T23202] RIP: 0033:0x7f3b5198e969 [ 1278.909946][T23202] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1278.909965][T23202] RSP: 002b:00007f3b527c1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1278.909986][T23202] RAX: ffffffffffffffda RBX: 00007f3b51bb5fa0 RCX: 00007f3b5198e969 [ 1278.910019][T23202] RDX: 0000200000000040 RSI: 0000000000005415 RDI: 0000000000000004 [ 1278.910034][T23202] RBP: 00007f3b527c1090 R08: 0000000000000000 R09: 0000000000000000 [ 1278.910047][T23202] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1278.910059][T23202] R13: 0000000000000000 R14: 00007f3b51bb5fa0 R15: 00007f3b51cdfa28 [ 1278.910093][T23202] [ 1278.910118][T23202] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1278.988118][T15620] usblp0: removed [ 1279.175142][T23194] veth15: entered promiscuous mode [ 1279.194690][T23194] bond4: (slave veth15): Enslaving as a backup interface with a down link [ 1280.460410][T15611] usb 4-1: new high-speed USB device number 86 using dummy_hcd [ 1280.631380][T15620] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 1280.639138][ T8677] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 1280.661894][T15611] usb 4-1: Using ep0 maxpacket: 16 [ 1280.668757][T15611] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1280.683168][T15611] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1280.745362][T15611] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1280.758886][T15611] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1280.797811][T15611] usb 4-1: Product: syz [ 1280.818519][T15611] usb 4-1: Manufacturer: syz [ 1280.840053][T15611] usb 4-1: SerialNumber: syz [ 1280.934974][T15611] usb 4-1: config 0 descriptor?? [ 1280.953947][T15611] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1280.984013][T23213] syz.2.5666 (23213): drop_caches: 2 [ 1280.998407][T15620] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1281.025222][T15620] usb 1-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 1281.045605][T15620] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1281.097726][T15620] usb 1-1: config 0 descriptor?? [ 1281.126472][T15611] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 1281.199289][ T8677] usb 5-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 1281.230157][ T8677] usb 5-1: config 27 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1281.258104][ T8677] usb 5-1: config 27 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1281.322324][ T8677] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1281.431594][ T8677] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1281.577756][T23239] netlink: 'syz.2.5674': attribute type 29 has an invalid length. [ 1281.596184][ T8677] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1281.640693][T23239] netlink: 'syz.2.5674': attribute type 29 has an invalid length. [ 1281.652264][T23239] netlink: 492 bytes leftover after parsing attributes in process `syz.2.5674'. [ 1281.663644][ T8677] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -2 [ 1281.674015][T15748] udevd[15748]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such device [ 1281.700104][T15611] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 1281.762870][T15611] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 1281.840051][T15613] usb 5-1: USB disconnect, device number 101 [ 1282.367265][T23250] FAULT_INJECTION: forcing a failure. [ 1282.367265][T23250] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1282.396596][T23250] CPU: 1 UID: 0 PID: 23250 Comm: syz.1.5678 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1282.396627][T23250] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1282.396641][T23250] Call Trace: [ 1282.396650][T23250] [ 1282.396661][T23250] dump_stack_lvl+0x189/0x250 [ 1282.396699][T23250] ? __pfx____ratelimit+0x10/0x10 [ 1282.396722][T23250] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1282.396753][T23250] ? __pfx__printk+0x10/0x10 [ 1282.396790][T23250] should_fail_ex+0x414/0x560 [ 1282.396818][T23250] _copy_to_user+0x31/0xb0 [ 1282.396852][T23250] simple_read_from_buffer+0xe1/0x170 [ 1282.396882][T23250] proc_fail_nth_read+0x1df/0x250 [ 1282.396912][T23250] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1282.396936][T23250] ? rw_verify_area+0x258/0x650 [ 1282.396952][T23250] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1282.396984][T23250] vfs_read+0x200/0x980 [ 1282.397013][T23250] ? __pfx___mutex_lock+0x10/0x10 [ 1282.397037][T23250] ? __pfx_vfs_read+0x10/0x10 [ 1282.397059][T23250] ? __fget_files+0x2a/0x420 [ 1282.397081][T23250] ? __fget_files+0x3a0/0x420 [ 1282.397099][T23250] ? __fget_files+0x2a/0x420 [ 1282.397133][T23250] ksys_read+0x145/0x250 [ 1282.397161][T23250] ? __pfx_ksys_read+0x10/0x10 [ 1282.397180][T23250] ? rcu_is_watching+0x15/0xb0 [ 1282.397210][T23250] ? do_syscall_64+0xbe/0x3b0 [ 1282.397230][T23250] do_syscall_64+0xfa/0x3b0 [ 1282.397245][T23250] ? lockdep_hardirqs_on+0x9c/0x150 [ 1282.397261][T23250] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1282.397281][T23250] ? clear_bhb_loop+0x60/0xb0 [ 1282.397311][T23250] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1282.397332][T23250] RIP: 0033:0x7f1a6bb8d37c [ 1282.397350][T23250] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1282.397366][T23250] RSP: 002b:00007f1a6c91d030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1282.397383][T23250] RAX: ffffffffffffffda RBX: 00007f1a6bdb5fa0 RCX: 00007f1a6bb8d37c [ 1282.397394][T23250] RDX: 000000000000000f RSI: 00007f1a6c91d0a0 RDI: 0000000000000005 [ 1282.397403][T23250] RBP: 00007f1a6c91d090 R08: 0000000000000000 R09: 0000000000000000 [ 1282.397413][T23250] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1282.397426][T23250] R13: 0000000000000000 R14: 00007f1a6bdb5fa0 R15: 00007f1a6bedfa28 [ 1282.397460][T23250] [ 1282.630999][ C1] vkms_vblank_simulate: vblank timer overrun [ 1283.039671][T15611] em28xx 4-1:0.0: AC97 chip type couldn't be determined [ 1283.076135][T15611] em28xx 4-1:0.0: No AC97 audio processor [ 1283.200378][T15620] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 1283.473620][T15620] usb 3-1: config 1 has an invalid interface number: 4 but max is 0 [ 1283.483908][T15620] usb 3-1: config 1 has no interface number 0 [ 1283.490132][T15620] usb 3-1: config 1 interface 4 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1283.520318][T15620] usb 3-1: config 1 interface 4 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1283.550593][T15620] usb 3-1: config 1 interface 4 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1283.583749][T15620] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1283.602396][T15620] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1283.622935][T15620] usb 3-1: Product: syz [ 1283.629475][T15620] usb 3-1: Manufacturer: syz [ 1283.640889][T15620] usb 3-1: SerialNumber: syz [ 1283.699656][T23264] input: syz1 as /devices/virtual/input/input86 [ 1283.816269][T15617] usb 1-1: USB disconnect, device number 17 [ 1283.872939][T15620] usblp 3-1:1.4: usblp0: USB Unidirectional printer dev 49 if 4 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1283.990823][T23268] tipc: Enabling of bearer rejected, failed to enable media [ 1284.201125][T23254] usblp0:failed reading printer status (-71) [ 1284.207585][T15620] usb 3-1: USB disconnect, device number 49 [ 1284.246949][T15620] usblp0: removed [ 1284.416997][T23288] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5691'. [ 1284.530478][T15611] usb 5-1: new low-speed USB device number 102 using dummy_hcd [ 1284.547834][T23290] netlink: 40 bytes leftover after parsing attributes in process `syz.0.5691'. [ 1284.575346][T23289] netlink: 428 bytes leftover after parsing attributes in process `syz.0.5691'. [ 1284.599863][T23289] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5691'. [ 1284.678951][T15613] usb 4-1: USB disconnect, device number 86 [ 1284.713944][T15613] em28xx 4-1:0.0: Disconnecting em28xx [ 1284.746346][T15613] em28xx 4-1:0.0: Freeing device [ 1285.420486][T15620] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 1285.582170][T15620] usb 2-1: config 1 has an invalid descriptor of length 61, skipping remainder of the config [ 1285.592796][T15620] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 1285.602409][T15620] usb 2-1: config 1 has no interface number 0 [ 1285.608582][T15620] usb 2-1: config 1 interface 1 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1285.624713][T15620] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1285.695526][T15620] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1285.714870][T15620] usb 2-1: Product: syz [ 1285.726154][T15620] usb 2-1: Manufacturer: syz [ 1285.762754][T15620] usb 2-1: SerialNumber: syz [ 1285.796897][T23324] loop6: detected capacity change from 0 to 524288000 [ 1285.804405][ T8677] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 1285.812507][T15620] cdc_ncm 2-1:1.1: NCM or ECM functional descriptors missing [ 1285.827226][T15620] cdc_ncm 2-1:1.1: bind() failure [ 1285.970822][ T8677] usb 4-1: Using ep0 maxpacket: 32 [ 1285.982172][T15613] usb 2-1: USB disconnect, device number 106 [ 1286.006190][ T8677] usb 4-1: config 0 has no interfaces? [ 1286.033790][ T8677] usb 4-1: New USB device found, idVendor=2040, idProduct=4901, bcdDevice=47.77 [ 1286.053420][ T8677] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1286.066321][ T8677] usb 4-1: Product: syz [ 1286.072961][ T8677] usb 4-1: Manufacturer: syz [ 1286.077757][ T8677] usb 4-1: SerialNumber: syz [ 1286.123355][ T8677] usb 4-1: config 0 descriptor?? [ 1286.340294][T15620] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 1286.455495][T23310] A link change request failed with some changes committed already. Interface gretap0 may have been left with an inconsistent configuration, please check. [ 1286.506331][T15620] usb 3-1: config 1 has an invalid interface number: 4 but max is 0 [ 1286.515597][T15620] usb 3-1: config 1 has no interface number 0 [ 1286.525854][T15620] usb 3-1: config 1 interface 4 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1286.538025][T15620] usb 3-1: config 1 interface 4 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 1286.555831][T15620] usb 3-1: config 1 interface 4 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1286.576373][T15620] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1286.586938][T15620] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1286.612594][T15620] usb 3-1: Product: syz [ 1286.625282][T15620] usb 3-1: Manufacturer: syz [ 1286.637182][T15620] usb 3-1: SerialNumber: syz [ 1286.920019][T15620] usblp 3-1:1.4: usblp0: USB Unidirectional printer dev 50 if 4 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 1287.251436][T15613] usb 3-1: USB disconnect, device number 50 [ 1287.258477][T23328] usblp0:failed reading printer status (-71) [ 1287.303348][T23339] usblp0: removed [ 1287.694818][T23347] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 1287.703555][T23347] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1288.046794][T23352] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode balance-xor(2) [ 1288.460326][T15611] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 1288.536128][ T30] audit: type=1326 audit(1748566217.009:1851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23348 comm="syz.1.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1288.589148][ T30] audit: type=1326 audit(1748566217.009:1852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23348 comm="syz.1.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1288.626756][ T30] audit: type=1326 audit(1748566217.009:1853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23348 comm="syz.1.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=17 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1288.750963][T15611] usb 5-1: Using ep0 maxpacket: 8 [ 1288.762010][T15611] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 1288.793595][T23363] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1288.810636][T15611] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1288.823295][ T30] audit: type=1326 audit(1748566217.009:1854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23348 comm="syz.1.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1288.878222][T15611] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 1288.935163][T15611] usb 5-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1288.967435][ T30] audit: type=1326 audit(1748566217.009:1855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23348 comm="syz.1.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1289.012359][T15611] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 1289.025336][T15611] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1289.050311][ T30] audit: type=1326 audit(1748566217.009:1856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23348 comm="syz.1.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1289.073554][T15611] usb 5-1: Product: syz [ 1289.077764][T15611] usb 5-1: Manufacturer: syz [ 1289.085683][T15617] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 1289.119802][T15613] usb 4-1: USB disconnect, device number 87 [ 1289.127506][T15611] usb 5-1: SerialNumber: syz [ 1289.139553][T23354] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1289.161676][ T30] audit: type=1326 audit(1748566217.009:1857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23348 comm="syz.1.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1289.203417][T15611] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 1289.224193][T15611] usbtest 5-1:1.0: Linux user mode ISO test driver [ 1289.231414][ T30] audit: type=1326 audit(1748566217.009:1858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23348 comm="syz.1.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1a6bb8e969 code=0x7ffc0000 [ 1289.254248][T23369] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 1289.260800][T23369] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 1289.268495][T15611] usbtest 5-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt) [ 1289.293850][T23369] vhci_hcd vhci_hcd.0: Device attached [ 1289.302918][ T30] audit: type=1326 audit(1748566217.009:1859): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23348 comm="syz.1.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1a6bb8d2d0 code=0x7ffc0000 [ 1289.305215][T15617] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1289.343664][T23369] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5719'. [ 1289.366407][ T30] audit: type=1326 audit(1748566217.009:1860): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23348 comm="syz.1.5714" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f1a6bb8d2d0 code=0x7ffc0000 [ 1289.385589][T15617] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1289.392532][T21864] usb 5-1: USB disconnect, device number 103 [ 1289.425457][T15617] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1289.486662][T15617] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1289.496908][T15617] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1289.540587][T15611] usb 37-1: new low-speed USB device number 3 using vhci_hcd [ 1289.556002][T15617] usb 1-1: config 0 descriptor?? [ 1289.630126][T23385] input: syz1 as /devices/virtual/input/input88 [ 1289.650351][T15613] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 1289.803679][T23372] vhci_hcd: connection reset by peer [ 1289.819401][T12824] vhci_hcd: stop threads [ 1289.826323][T15613] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1289.830498][T12824] vhci_hcd: release socket [ 1289.860728][T12824] vhci_hcd: disconnect device [ 1289.865254][T15613] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 1289.895984][T15613] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1289.920524][T15613] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1289.955905][T23374] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1289.994568][T15613] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1290.007120][T15617] plantronics 0003:047F:FFFF.0021: No inputs registered, leaving [ 1290.049545][T15617] plantronics 0003:047F:FFFF.0021: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 1290.170334][T21864] usb 2-1: new high-speed USB device number 107 using dummy_hcd [ 1290.196601][T15617] usb 4-1: USB disconnect, device number 88 [ 1290.343500][T21864] usb 2-1: Using ep0 maxpacket: 32 [ 1290.363144][T23391] netlink: 212376 bytes leftover after parsing attributes in process `syz.1.5729'. [ 1290.394134][T21864] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1290.405191][T21864] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 1290.414209][T21864] usb 2-1: can't read configurations, error -71 [ 1290.446074][T23398] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 1290.454851][T23398] netlink: 56 bytes leftover after parsing attributes in process `syz.2.5731'. [ 1290.834349][T23412] netlink: 24 bytes leftover after parsing attributes in process `syz.2.5737'. [ 1291.049553][T23419] x_tables: duplicate underflow at hook 2 [ 1291.385931][T23435] tipc: Enabling of bearer rejected, failed to enable media [ 1291.431689][ T8677] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 1291.548071][T15617] usb 5-1: new low-speed USB device number 104 using dummy_hcd [ 1291.607425][ T8677] usb 3-1: Using ep0 maxpacket: 16 [ 1291.622983][ T8677] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1291.638701][ T8677] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1291.652466][ T8677] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 1291.665903][ T8677] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 50939, setting to 1024 [ 1291.679694][ T8677] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1291.698930][ T8677] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1291.709267][ T8677] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1291.718414][ T8677] usb 3-1: Manufacturer: syz [ 1291.742300][T15617] usb 5-1: config 0 interface 0 altsetting 129 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1291.758937][ T8677] usb 3-1: config 0 descriptor?? [ 1291.767204][T15617] usb 5-1: config 0 interface 0 altsetting 129 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1291.779180][T15617] usb 5-1: config 0 interface 0 altsetting 129 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1291.809528][T15617] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1291.818060][T15617] usb 5-1: New USB device found, idVendor=28bd, idProduct=0074, bcdDevice= 0.00 [ 1291.828657][T15617] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1291.850815][T15617] usb 5-1: config 0 descriptor?? [ 1292.074093][ T8677] usb 3-1: USB disconnect, device number 51 [ 1292.276185][T23449] usb usb8: usbfs: process 23449 (syz.0.5753) did not claim interface 0 before use [ 1292.320828][T23449] fuse: Bad value for 'fd' [ 1292.351880][ T8677] IPVS: starting estimator thread 0... [ 1292.469882][T21864] usb 1-1: USB disconnect, device number 18 [ 1292.500217][T15617] usbhid 5-1:0.0: can't add hid device: -71 [ 1292.522401][T15618] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 1292.537205][T15617] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1292.560522][T23451] IPVS: using max 28 ests per chain, 67200 per kthread [ 1292.571063][T15617] usb 5-1: USB disconnect, device number 104 [ 1292.700539][T15618] usb 4-1: Using ep0 maxpacket: 16 [ 1292.709604][T15618] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 1292.733557][T15618] usb 4-1: config 0 has no interface number 0 [ 1292.763873][T15618] usb 4-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 1292.789554][T15618] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1292.814895][T15618] usb 4-1: Product: syz [ 1292.819154][T15618] usb 4-1: Manufacturer: syz [ 1292.832289][T15618] usb 4-1: SerialNumber: syz [ 1292.852738][T15618] usb 4-1: config 0 descriptor?? [ 1292.874808][T15618] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 1293.042432][T23463] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5758'. [ 1293.278729][T23469] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5760'. [ 1293.481466][T23447] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1293.510366][T15617] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 1293.528965][T23447] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1293.691160][T15617] usb 5-1: Using ep0 maxpacket: 32 [ 1293.718023][T23470] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.5759'. [ 1293.734302][T15617] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1293.783794][T15618] gspca_spca1528: reg_w err -71 [ 1293.800566][T21864] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 1293.812119][T15617] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1293.840063][T15617] usb 5-1: can't read configurations, error -71 [ 1293.848293][T15618] spca1528 4-1:0.1: probe with driver spca1528 failed with error -71 [ 1293.880463][T15618] usb 4-1: USB disconnect, device number 89 [ 1293.951000][T21864] usb 3-1: Using ep0 maxpacket: 16 [ 1293.966248][T21864] usb 3-1: New USB device found, idVendor=1604, idProduct=8007, bcdDevice=af.a6 [ 1293.976103][T21864] usb 3-1: New USB device strings: Mfr=1, Product=23, SerialNumber=3 [ 1293.985453][T21864] usb 3-1: Product: syz [ 1293.990845][T21864] usb 3-1: Manufacturer: syz [ 1293.995642][T21864] usb 3-1: SerialNumber: syz [ 1294.013090][T21864] usb 3-1: config 0 descriptor?? [ 1294.575761][T23486] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5766'. [ 1294.700483][T15611] vhci_hcd: vhci_device speed not set [ 1294.724334][T23490] input: syz1 as /devices/virtual/input/input89 [ 1295.111932][T23495] tipc: Enabling of bearer rejected, already enabled [ 1295.305639][T23506] tipc: Started in network mode [ 1295.365281][T23506] tipc: Node identity 00000000030000004000000000003a2d, cluster identity 4711 [ 1295.458452][T23506] tipc: Enabling of bearer rejected, failed to enable media [ 1295.593747][T23509] netlink: 'syz.3.5774': attribute type 10 has an invalid length. [ 1295.881491][ T8677] hid-generic FFFC:0003:0000.0022: unknown main item tag 0x0 [ 1295.994072][ T8677] hid-generic FFFC:0003:0000.0022: unknown main item tag 0x0 [ 1296.036775][ T5837] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1296.056205][ T8677] hid-generic FFFC:0003:0000.0022: unknown main item tag 0x0 [ 1296.080258][ T8677] hid-generic FFFC:0003:0000.0022: unknown main item tag 0x0 [ 1296.087719][ T8677] hid-generic FFFC:0003:0000.0022: unknown main item tag 0x0 [ 1296.161107][ T5837] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1296.186654][ T5837] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1296.197487][ T8677] hid-generic FFFC:0003:0000.0022: unknown main item tag 0x0 [ 1296.207809][ T5837] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1296.231362][ T5837] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1296.260776][ T8677] hid-generic FFFC:0003:0000.0022: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1296.466562][T15618] usb 3-1: USB disconnect, device number 52 [ 1296.638450][ T8677] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 1296.731531][T23525] fido_id[23525]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 1296.810941][ T8677] usb 4-1: Using ep0 maxpacket: 32 [ 1296.879342][T23527] netlink: 212376 bytes leftover after parsing attributes in process `syz.3.5779'. [ 1296.924308][ T8677] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1296.943486][ T8677] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1296.961233][ T8677] usb 4-1: can't read configurations, error -71 [ 1297.512006][T15618] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 1297.526510][T23544] netlink: 104 bytes leftover after parsing attributes in process `syz.0.5784'. [ 1297.628361][T23528] chnl_net:caif_netlink_parms(): no params data found [ 1297.690512][T15618] usb 3-1: Using ep0 maxpacket: 32 [ 1297.700282][T15618] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1297.722331][T15618] usb 3-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=de.8e [ 1297.742068][T15618] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1297.770086][T15618] usb 3-1: Product: syz [ 1297.781329][T15618] usb 3-1: Manufacturer: syz [ 1297.792890][T15618] usb 3-1: SerialNumber: syz [ 1297.810703][T15611] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 1297.814030][T15618] usb 3-1: config 0 descriptor?? [ 1297.868753][T15618] gs_usb 3-1:0.0: Required endpoints not found [ 1297.993403][T15611] usb 1-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 1298.003976][T15611] usb 1-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 1298.013292][T15611] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1298.032765][T15611] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 1298.095659][T23528] bridge0: port 1(bridge_slave_0) entered blocking state [ 1298.111955][T23528] bridge0: port 1(bridge_slave_0) entered disabled state [ 1298.119634][T23528] bridge_slave_0: entered allmulticast mode [ 1298.128920][T23528] bridge_slave_0: entered promiscuous mode [ 1298.143280][T23528] bridge0: port 2(bridge_slave_1) entered blocking state [ 1298.152306][T23528] bridge0: port 2(bridge_slave_1) entered disabled state [ 1298.159583][T23528] bridge_slave_1: entered allmulticast mode [ 1298.167404][T23528] bridge_slave_1: entered promiscuous mode [ 1298.210630][T15613] usb 3-1: USB disconnect, device number 53 [ 1298.271403][T23528] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1298.281586][T15618] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 1298.301844][T19781] Bluetooth: hci4: command tx timeout [ 1298.312965][T23528] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1298.326944][T12824] bridge_slave_1: left allmulticast mode [ 1298.335239][T12824] bridge_slave_1: left promiscuous mode [ 1298.342621][T12824] bridge0: port 2(bridge_slave_1) entered disabled state [ 1298.370608][T12824] bridge_slave_0: left allmulticast mode [ 1298.389661][T12824] bridge_slave_0: left promiscuous mode [ 1298.397996][T12824] bridge0: port 1(bridge_slave_0) entered disabled state [ 1298.470548][T15618] usb 4-1: Using ep0 maxpacket: 16 [ 1298.497487][T15618] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1298.523587][T15618] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1298.576103][T15618] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1298.596804][T15618] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1298.605210][T15618] usb 4-1: Product: syz [ 1298.610041][T15618] usb 4-1: Manufacturer: syz [ 1298.618825][T15618] usb 4-1: SerialNumber: syz [ 1298.837741][T23567] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 1299.039554][T15618] usb 4-1: cannot find UAC_HEADER [ 1299.102084][T15611] stv0680 1-1:4.0: STV(e): camera ping failed!! [ 1299.153420][T15618] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 1299.189030][T12824] bond1 (unregistering): Released all slaves [ 1299.274260][T12824] bond2 (unregistering): Released all slaves [ 1299.293060][T13048] udevd[13048]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1299.326460][T15611] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 1299.376621][T15611] stv0680 1-1:4.0: last error: 0, command = 0x0 [ 1299.428228][T15611] usb 1-1: USB disconnect, device number 19 [ 1299.685532][T12824] bond3 (unregistering): Released all slaves [ 1299.839196][T12824] bond4 (unregistering): (slave veth3): Releasing backup interface [ 1299.848388][T12824] bond4 (unregistering): Released all slaves [ 1299.869947][T12824] bond0 (unregistering): Released all slaves [ 1300.066365][T12824] bond5 (unregistering): (slave veth5): Releasing backup interface [ 1300.076028][T12824] bond5 (unregistering): Released all slaves [ 1300.276466][T23582] netlink: 'syz.4.5791': attribute type 29 has an invalid length. [ 1300.294957][T12824] tipc: Left network mode [ 1300.299423][T23581] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1300.322631][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 1300.329125][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 1300.345937][T23528] team0: Port device team_slave_0 added [ 1300.388166][T23582] netlink: 492 bytes leftover after parsing attributes in process `syz.4.5791'. [ 1300.390392][T19781] Bluetooth: hci4: command tx timeout [ 1300.438464][T23528] team0: Port device team_slave_1 added [ 1300.446971][T23584] netlink: 'syz.4.5791': attribute type 29 has an invalid length. [ 1300.609847][T23590] netlink: 'syz.4.5794': attribute type 1 has an invalid length. [ 1300.632919][T23586] tipc: Enabling of bearer rejected, failed to enable media [ 1300.708646][T23528] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1300.716718][T23528] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1300.750296][T23528] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1300.764181][T23528] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1300.779330][T23528] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1300.820875][T23528] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1300.834227][T23591] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1300.953876][ T30] kauditd_printk_skb: 1206 callbacks suppressed [ 1300.953894][ T30] audit: type=1326 audit(1748566229.459:3067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=23598 comm="syz.2.5796" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7feb5858e969 code=0x0 [ 1300.986073][T23590] veth7: entered promiscuous mode [ 1301.005992][T23590] bond3: (slave veth7): Enslaving as a backup interface with a down link [ 1301.151258][T12824] hsr_slave_0: left promiscuous mode [ 1301.168374][T12824] hsr_slave_1: left promiscuous mode [ 1301.181974][T12824] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1301.419577][T23615] FAULT_INJECTION: forcing a failure. [ 1301.419577][T23615] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1301.433558][T23615] CPU: 0 UID: 0 PID: 23615 Comm: syz.4.5799 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1301.433586][T23615] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1301.433599][T23615] Call Trace: [ 1301.433608][T23615] [ 1301.433617][T23615] dump_stack_lvl+0x189/0x250 [ 1301.433656][T23615] ? __pfx____ratelimit+0x10/0x10 [ 1301.433705][T23615] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1301.433738][T23615] ? __pfx__printk+0x10/0x10 [ 1301.433762][T23615] ? __might_fault+0xb0/0x130 [ 1301.433802][T23615] should_fail_ex+0x414/0x560 [ 1301.433831][T23615] _copy_from_user+0x2d/0xb0 [ 1301.433864][T23615] ___sys_sendmsg+0x158/0x2a0 [ 1301.433900][T23615] ? __pfx____sys_sendmsg+0x10/0x10 [ 1301.433978][T23615] ? __fget_files+0x2a/0x420 [ 1301.434006][T23615] ? __fget_files+0x3a0/0x420 [ 1301.434046][T23615] __x64_sys_sendmsg+0x19b/0x260 [ 1301.434080][T23615] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1301.434123][T23615] ? __pfx_ksys_write+0x10/0x10 [ 1301.434145][T23615] ? rcu_is_watching+0x15/0xb0 [ 1301.434177][T23615] ? do_syscall_64+0xbe/0x3b0 [ 1301.434210][T23615] do_syscall_64+0xfa/0x3b0 [ 1301.434232][T23615] ? lockdep_hardirqs_on+0x9c/0x150 [ 1301.434255][T23615] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1301.434276][T23615] ? clear_bhb_loop+0x60/0xb0 [ 1301.434302][T23615] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1301.434324][T23615] RIP: 0033:0x7f9a2698e969 [ 1301.434343][T23615] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1301.434362][T23615] RSP: 002b:00007f9a27854038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1301.434385][T23615] RAX: ffffffffffffffda RBX: 00007f9a26bb5fa0 RCX: 00007f9a2698e969 [ 1301.434401][T23615] RDX: 0000000000008000 RSI: 0000200000000140 RDI: 0000000000000003 [ 1301.434416][T23615] RBP: 00007f9a27854090 R08: 0000000000000000 R09: 0000000000000000 [ 1301.434430][T23615] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1301.434443][T23615] R13: 0000000000000000 R14: 00007f9a26bb5fa0 R15: 00007f9a26cdfa28 [ 1301.434476][T23615] [ 1301.940359][T15613] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 1302.000620][T15611] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 1302.014153][T21864] usb 4-1: USB disconnect, device number 92 [ 1302.107858][T15613] usb 1-1: Using ep0 maxpacket: 8 [ 1302.132630][T15613] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1302.164856][T15611] usb 5-1: Using ep0 maxpacket: 32 [ 1302.171412][T15613] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1302.183019][T15613] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1302.201858][T23620] netlink: 212376 bytes leftover after parsing attributes in process `syz.4.5800'. [ 1302.223592][T15611] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1302.235785][T15613] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1302.249125][T15611] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 1302.260267][T15611] usb 5-1: can't read configurations, error -71 [ 1302.287806][T15613] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1302.297245][T15613] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1302.394464][T23632] netlink: 596 bytes leftover after parsing attributes in process `syz.2.5804'. [ 1302.460669][T19781] Bluetooth: hci4: command tx timeout [ 1302.599671][T15613] usb 1-1: GET_CAPABILITIES returned 0 [ 1302.608997][T12824] team0 (unregistering): Port device team_slave_1 removed [ 1302.612674][T15613] usbtmc 1-1:16.0: can't read capabilities [ 1302.694977][T12824] team0 (unregistering): Port device team_slave_0 removed [ 1302.890558][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1302.900754][ T8677] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 1302.943320][T23642] FAULT_INJECTION: forcing a failure. [ 1302.943320][T23642] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1302.962518][T23637] binder: 23607:23637 ioctl c0306201 200000000100 returned -14 [ 1302.977825][T23642] CPU: 0 UID: 0 PID: 23642 Comm: syz.4.5808 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1302.977848][T23642] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1302.977858][T23642] Call Trace: [ 1302.977864][T23642] [ 1302.977871][T23642] dump_stack_lvl+0x189/0x250 [ 1302.977900][T23642] ? __pfx____ratelimit+0x10/0x10 [ 1302.977917][T23642] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1302.977941][T23642] ? __pfx__printk+0x10/0x10 [ 1302.977957][T23642] ? __might_fault+0xb0/0x130 [ 1302.977984][T23642] should_fail_ex+0x414/0x560 [ 1302.978005][T23642] _copy_from_user+0x2d/0xb0 [ 1302.978029][T23642] do_ipv6_getsockopt+0x2b0/0x2300 [ 1302.978052][T23642] ? __pfx_do_ipv6_getsockopt+0x10/0x10 [ 1302.978070][T23642] ? aa_label_sk_perm+0x413/0x560 [ 1302.978089][T23642] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 1302.978123][T23642] ? __lock_acquire+0xab9/0xd20 [ 1302.978150][T23642] ipv6_getsockopt+0xbd/0x290 [ 1302.978169][T23642] ? __pfx_ipv6_getsockopt+0x10/0x10 [ 1302.978187][T23642] ? sock_common_getsockopt+0x2d/0xb0 [ 1302.978209][T23642] do_sock_getsockopt+0x360/0x650 [ 1302.978233][T23642] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1302.978254][T23642] ? do_syscall_64+0xa0/0x3b0 [ 1302.978270][T23642] ? __fget_files+0x3a0/0x420 [ 1302.978290][T23642] ? __fget_files+0x2a/0x420 [ 1302.978314][T23642] __x64_sys_getsockopt+0x1a5/0x250 [ 1302.978335][T23642] ? do_syscall_64+0xa0/0x3b0 [ 1302.978353][T23642] ? do_syscall_64+0xa0/0x3b0 [ 1302.978372][T23642] do_syscall_64+0xfa/0x3b0 [ 1302.978387][T23642] ? lockdep_hardirqs_on+0x9c/0x150 [ 1302.978403][T23642] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1302.978417][T23642] ? clear_bhb_loop+0x60/0xb0 [ 1302.978435][T23642] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1302.978450][T23642] RIP: 0033:0x7f9a2698e969 [ 1302.978464][T23642] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1302.978477][T23642] RSP: 002b:00007f9a27854038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1302.978500][T23642] RAX: ffffffffffffffda RBX: 00007f9a26bb5fa0 RCX: 00007f9a2698e969 [ 1302.978511][T23642] RDX: 0000000000000006 RSI: 0000000000000029 RDI: 0000000000000003 [ 1302.978520][T23642] RBP: 00007f9a27854090 R08: 0000200000000240 R09: 0000000000000000 [ 1302.978531][T23642] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 1302.978540][T23642] R13: 0000000000000000 R14: 00007f9a26bb5fa0 R15: 00007f9a26cdfa28 [ 1302.978562][T23642] [ 1303.230358][ T8677] usb 4-1: device descriptor read/64, error -71 [ 1303.476357][ T8677] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 1303.610459][ T8677] usb 4-1: device descriptor read/64, error -71 [ 1303.721004][ T8677] usb usb4-port1: attempt power cycle [ 1303.752720][T23630] netlink: 'syz.2.5804': attribute type 29 has an invalid length. [ 1303.770000][T15621] usb 1-1: USB disconnect, device number 20 [ 1303.789719][T23528] hsr_slave_0: entered promiscuous mode [ 1303.816983][T23528] hsr_slave_1: entered promiscuous mode [ 1303.831497][T23528] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1303.839405][T23528] Cannot create hsr debugfs directory [ 1304.076959][ T8677] usb 4-1: new high-speed USB device number 95 using dummy_hcd [ 1304.135901][ T8677] usb 4-1: device descriptor read/8, error -71 [ 1304.151648][T23660] netlink: 14 bytes leftover after parsing attributes in process `syz.2.5816'. [ 1304.191023][T15613] usb 5-1: new high-speed USB device number 109 using dummy_hcd [ 1304.356511][T12824] IPVS: stop unused estimator thread 0... [ 1304.372098][T15613] usb 5-1: Using ep0 maxpacket: 8 [ 1304.381198][ T8677] usb 4-1: new high-speed USB device number 96 using dummy_hcd [ 1304.385328][T15613] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 1304.431712][ T8677] usb 4-1: device descriptor read/8, error -71 [ 1304.432628][T15613] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1304.471256][T15613] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1304.494305][T15613] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1304.542804][T19781] Bluetooth: hci4: command tx timeout [ 1304.548353][T15613] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1304.550836][ T8677] usb usb4-port1: unable to enumerate USB device [ 1304.561630][T15613] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1304.578187][T15613] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1304.731781][T23671] block device autoloading is deprecated and will be removed. [ 1304.767973][T23671] syz.2.5819: attempt to access beyond end of device [ 1304.767973][T23671] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 1304.821592][T15613] usb 5-1: usb_control_msg returned -32 [ 1304.830588][T15613] usbtmc 5-1:16.0: can't read capabilities [ 1304.884559][T15613] usb 5-1: USB disconnect, device number 109 [ 1305.139329][T23528] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1305.152004][T23528] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1305.165917][T23528] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1305.188943][T23528] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1305.246142][T23688] netlink: 'syz.0.5824': attribute type 10 has an invalid length. [ 1305.361407][T23690] usb usb8: usbfs: process 23690 (syz.2.5825) did not claim interface 0 before use [ 1305.425848][T23528] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1305.448675][T23690] fuse: Bad value for 'fd' [ 1305.467051][T23528] 8021q: adding VLAN 0 to HW filter on device team0 [ 1305.484780][T12824] bridge0: port 1(bridge_slave_0) entered blocking state [ 1305.492030][T12824] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1305.529481][ T64] bridge0: port 2(bridge_slave_1) entered blocking state [ 1305.536796][ T64] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1305.708018][T23528] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1305.797197][T23528] veth0_vlan: entered promiscuous mode [ 1305.815732][T23528] veth1_vlan: entered promiscuous mode [ 1305.875651][T23528] veth0_macvtap: entered promiscuous mode [ 1305.887655][T23528] veth1_macvtap: entered promiscuous mode [ 1305.908541][T23528] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1305.940002][T23528] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1305.956957][T23528] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1305.968669][T23528] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1305.980353][T23528] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1305.996791][T23528] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1306.101029][T15613] usb 4-1: new full-speed USB device number 97 using dummy_hcd [ 1306.193384][T12824] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1306.219579][T12824] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1306.303164][T15613] usb 4-1: config 0 has an invalid interface number: 29 but max is 0 [ 1306.347659][T15613] usb 4-1: config 0 has no interface number 0 [ 1306.355315][T22492] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1306.366880][T15613] usb 4-1: config 0 interface 29 has no altsetting 0 [ 1306.391321][T22492] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1306.411801][T15613] usb 4-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac [ 1306.442787][T15613] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1306.466320][T23719] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5833'. [ 1306.482482][T15613] usb 4-1: Product: syz [ 1306.496953][T15613] usb 4-1: Manufacturer: syz [ 1306.518712][T15613] usb 4-1: SerialNumber: syz [ 1306.540012][T15613] usb 4-1: config 0 descriptor?? [ 1306.747899][T23731] loop6: detected capacity change from 0 to 524288000 [ 1306.783947][T15613] peak_usb 4-1:0.29: PEAK-System PCAN-USB X6 v65 fw v224.204.25 (2 channels) [ 1306.795563][T15611] usb 5-1: new high-speed USB device number 110 using dummy_hcd [ 1306.840608][T23733] netlink: 'syz.2.5837': attribute type 1 has an invalid length. [ 1306.870768][T21864] usb 2-1: new high-speed USB device number 110 using dummy_hcd [ 1306.909069][T23735] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1306.960526][T15611] usb 5-1: device descriptor read/64, error -71 [ 1306.975912][T15613] peak_usb 4-1:0.29 can0: unable to request usb[type=2 value=5] err=-71 [ 1306.994221][T23740] usb usb8: usbfs: process 23740 (syz.0.5839) did not claim interface 0 before use [ 1307.023707][T15613] peak_usb 4-1:0.29: unable to tell PCAN-USB X6 driver is loaded (err -71) [ 1307.036167][T23740] fuse: Bad value for 'fd' [ 1307.081745][T23733] veth17: entered promiscuous mode [ 1307.093807][T21864] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1307.105920][T23733] bond5: (slave veth17): Enslaving as a backup interface with a down link [ 1307.126600][T21864] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1307.172255][T21864] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1307.209389][T21864] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1307.220540][T21864] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1307.230849][T15611] usb 5-1: new high-speed USB device number 111 using dummy_hcd [ 1307.241192][T15613] peak_usb 4-1:0.29: probe with driver peak_usb failed with error -71 [ 1307.255194][T21864] usb 2-1: config 0 descriptor?? [ 1307.272204][T15613] usb 4-1: USB disconnect, device number 97 [ 1307.413616][T15611] usb 5-1: device descriptor read/64, error -71 [ 1307.504948][ T5837] Bluetooth: hci2: command 0x0406 tx timeout [ 1307.521822][T15611] usb usb5-port1: attempt power cycle [ 1307.734581][T21864] plantronics 0003:047F:FFFF.0023: No inputs registered, leaving [ 1307.792735][T21864] plantronics 0003:047F:FFFF.0023: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 1307.910701][T15611] usb 5-1: new high-speed USB device number 112 using dummy_hcd [ 1307.976523][T15611] usb 5-1: device descriptor read/8, error -71 [ 1308.130439][T15620] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 1308.240441][T15611] usb 5-1: new high-speed USB device number 113 using dummy_hcd [ 1308.281772][ T8677] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 1308.284201][T15611] usb 5-1: device descriptor read/8, error -71 [ 1308.311270][T15620] usb 3-1: Using ep0 maxpacket: 32 [ 1308.322340][T15620] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1308.353024][T15620] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1308.400289][T15620] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1308.434822][T15611] usb usb5-port1: unable to enumerate USB device [ 1308.449442][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1308.462342][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1308.469697][T15620] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1308.486448][ T8677] usb 1-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 1308.496464][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1308.506875][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1308.515051][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1308.550439][T15620] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1308.558640][ T8677] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1308.575933][T15620] usb 3-1: Product: syz [ 1308.588198][ T8677] usb 1-1: config 0 descriptor?? [ 1308.593503][T15620] usb 3-1: Manufacturer: syz [ 1308.598178][T15620] usb 3-1: SerialNumber: syz [ 1308.607566][ T8677] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 1308.728507][T12821] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1308.739810][T12821] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1308.896693][T23759] IPVS: Scheduler module ip_vs_ not found [ 1308.944373][T15620] usb 3-1: 2:1 : no or invalid class specific endpoint descriptor [ 1308.957866][T12821] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1308.976580][T12821] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1309.014596][ T8677] gspca_sunplus: reg_w_riv err -71 [ 1309.019888][ T8677] sunplus 1-1:0.0: probe with driver sunplus failed with error -71 [ 1309.080730][T15620] usb 3-1: USB disconnect, device number 54 [ 1309.088073][ T8677] usb 1-1: USB disconnect, device number 21 [ 1309.154962][T12821] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1309.160683][T15621] usb 2-1: reset high-speed USB device number 110 using dummy_hcd [ 1309.176434][T12821] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1309.220011][T13036] udevd[13036]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1309.344824][T12821] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1309.356720][T12821] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 256 - 0 [ 1309.500517][ C0] ------------[ cut here ]------------ [ 1309.506667][ C0] refcount_t: addition on 0; use-after-free. [ 1309.513462][ C0] WARNING: CPU: 0 PID: 23717 at lib/refcount.c:25 refcount_warn_saturate+0xfa/0x1d0 [ 1309.522961][ C0] Modules linked in: [ 1309.527414][ C0] CPU: 0 UID: 0 PID: 23717 Comm: syz.4.5833 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1309.539234][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1309.549370][ C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 1309.555572][ C0] Code: 00 00 e8 19 6f 00 fd 5b 41 5e e9 81 eb a6 06 cc e8 0b 6f 00 fd c6 05 e7 f2 ca 0a 01 90 48 c7 c7 00 19 e2 8b e8 57 5b c4 fc 90 <0f> 0b 90 90 eb d7 e8 eb 6e 00 fd c6 05 c8 f2 ca 0a 01 90 48 c7 c7 [ 1309.575288][ C0] RSP: 0018:ffffc90000007668 EFLAGS: 00010246 [ 1309.581471][ C0] RAX: 8f3850defc4f1300 RBX: 0000000000000002 RCX: ffff88807fd8bc00 [ 1309.589528][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 1309.597567][ C0] RBP: ffffc900000077e8 R08: 0000000000000003 R09: 0000000000000004 [ 1309.605658][ C0] R10: dffffc0000000000 R11: fffffbfff1bfa66c R12: ffff88802f324100 [ 1309.613717][ C0] R13: dffffc0000000000 R14: ffff88802f32426c R15: ffff88802355f400 [ 1309.621776][ C0] FS: 0000000000000000(0000) GS:ffff888125c64000(0000) knlGS:0000000000000000 [ 1309.630782][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1309.632724][T23790] netlink: 14 bytes leftover after parsing attributes in process `syz.2.5847'. [ 1309.637409][ C0] CR2: 00007feb592e56c0 CR3: 00000000610ea000 CR4: 00000000003526f0 [ 1309.654455][ C0] DR0: 0000040000000000 DR1: 000000000000064f DR2: 0000000000000006 [ 1309.662521][ C0] DR3: 0000000000000006 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 1309.670575][ C0] Call Trace: [ 1309.673885][ C0] [ 1309.676760][ C0] tipc_crypto_xmit+0x1820/0x22c0 [ 1309.681896][ C0] ? __pfx_tipc_crypto_xmit+0x10/0x10 [ 1309.687355][ C0] ? skb_clone+0x246/0x3a0 [ 1309.691839][ C0] ? tipc_crypto_clone_msg+0x32/0x170 [ 1309.697276][ C0] tipc_crypto_clone_msg+0x90/0x170 [ 1309.702578][ C0] tipc_crypto_xmit+0x1998/0x22c0 [ 1309.707671][ C0] ? tipc_net+0x45/0x270 [ 1309.712607][ C0] ? __pfx_tipc_crypto_xmit+0x10/0x10 [ 1309.718037][ C0] ? tipc_net+0x45/0x270 [ 1309.722415][ C0] tipc_bearer_xmit_skb+0x245/0x400 [ 1309.727656][ C0] ? tipc_bearer_xmit_skb+0xa9/0x400 [ 1309.733030][ C0] ? __pfx_tipc_bearer_xmit_skb+0x10/0x10 [ 1309.738837][ C0] tipc_disc_timeout+0x580/0x6d0 [ 1309.743877][ C0] ? __pfx_tipc_disc_timeout+0x10/0x10 [ 1309.749399][ C0] call_timer_fn+0x17e/0x5f0 [ 1309.754069][ C0] ? __pfx_tipc_disc_timeout+0x10/0x10 [ 1309.759557][ C0] ? call_timer_fn+0xbe/0x5f0 [ 1309.764318][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 1309.769504][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1309.774778][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 1309.780016][ C0] ? __pfx_tipc_disc_timeout+0x10/0x10 [ 1309.785568][ C0] __run_timer_base+0x61a/0x860 [ 1309.790493][ C0] ? ktime_get+0x3e/0x1f0 [ 1309.794882][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 1309.800326][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 1309.806666][ C0] run_timer_softirq+0xb7/0x180 [ 1309.811591][ C0] handle_softirqs+0x286/0x870 [ 1309.816402][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 1309.821264][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 1309.826621][ C0] __irq_exit_rcu+0xca/0x1f0 [ 1309.831301][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 1309.836591][ C0] irq_exit_rcu+0x9/0x30 [ 1309.840922][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1309.846607][ C0] [ 1309.849581][ C0] [ 1309.852601][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1309.858648][ C0] RIP: 0010:lock_acquire+0x175/0x360 [ 1309.864031][ C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 bb aa fd 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 1309.883748][ C0] RSP: 0018:ffffc9000d7e7238 EFLAGS: 00000206 [ 1309.886232][T23771] chnl_net:caif_netlink_parms(): no params data found [ 1309.889872][ C0] RAX: 8f3850defc4f1300 RBX: 0000000000000000 RCX: 8f3850defc4f1300 [ 1309.904751][ C0] RDX: 0000000000000000 RSI: ffffffff8db59fcc RDI: ffffffff8be26380 [ 1309.912807][ C0] RBP: ffffffff81727865 R08: 0000000000000000 R09: ffffffff81727865 [ 1309.920871][ C0] R10: ffffc9000d7e73f8 R11: ffffffff81acc920 R12: 0000000000000002 [ 1309.928890][ C0] R13: ffffffff8e13ccc0 R14: 0000000000000000 R15: 0000000000000246 [ 1309.936981][ C0] ? unwind_next_frame+0xa5/0x2390 [ 1309.942186][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1309.948412][ C0] ? unwind_next_frame+0xa5/0x2390 [ 1309.953651][ C0] ? unwind_next_frame+0xa5/0x2390 [ 1309.958816][ C0] ? __kasan_kmalloc+0x93/0xb0 [ 1309.963397][T15617] usb 2-1: USB disconnect, device number 110 [ 1309.963653][ C0] ? unwind_next_frame+0xa5/0x2390 [ 1309.974798][ C0] unwind_next_frame+0xc2/0x2390 [ 1309.979781][ C0] ? unwind_next_frame+0xa5/0x2390 [ 1309.985019][ C0] ? unwind_next_frame+0xa5/0x2390 [ 1309.990218][ C0] ? kasan_save_track+0x3e/0x80 [ 1309.995133][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1310.001921][ C0] arch_stack_walk+0x11c/0x150 [ 1310.006746][ C0] ? __kasan_kmalloc+0x93/0xb0 [ 1310.011591][ C0] stack_trace_save+0x9c/0xe0 [ 1310.016322][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1310.021782][ C0] ? __mmput+0x118/0x420 [ 1310.026073][ C0] ? __lock_acquire+0xab9/0xd20 [ 1310.030995][ C0] kasan_save_track+0x3e/0x80 [ 1310.035779][ C0] ? kasan_save_track+0x3e/0x80 [ 1310.040694][ C0] ? __kasan_kmalloc+0x93/0xb0 [ 1310.045551][ C0] __kasan_kmalloc+0x93/0xb0 [ 1310.050218][ C0] __kmalloc_cache_noprof+0x230/0x3d0 [ 1310.055660][ C0] ? kmem_cache_free+0x166/0x400 [ 1310.060685][ C0] ? exit_mmap+0x593/0xba0 [ 1310.065169][ C0] kmem_cache_free+0x166/0x400 [ 1310.070013][ C0] exit_mmap+0x593/0xba0 [ 1310.074335][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 1310.079148][ C0] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 1310.084861][ C0] ? __pfx_exit_aio+0x10/0x10 [ 1310.089619][ C0] ? uprobe_clear_state+0x274/0x290 [ 1310.094898][ C0] __mmput+0x118/0x420 [ 1310.099008][ C0] exit_mm+0x1da/0x2c0 [ 1310.103162][ C0] ? __pfx_exit_mm+0x10/0x10 [ 1310.107783][ C0] ? rcu_is_watching+0x15/0xb0 [ 1310.112611][ C0] do_exit+0x864/0x2550 [ 1310.116796][ C0] ? __lock_acquire+0xab9/0xd20 [ 1310.121735][ C0] ? do_raw_spin_lock+0x121/0x290 [ 1310.126810][ C0] ? __pfx_do_exit+0x10/0x10 [ 1310.131475][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1310.136946][ C0] do_group_exit+0x21c/0x2d0 [ 1310.141614][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 1310.146883][ C0] get_signal+0x1286/0x1340 [ 1310.151508][ C0] arch_do_signal_or_restart+0x9a/0x750 [ 1310.157118][ C0] ? read_tsc+0x9/0x20 [ 1310.161254][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1310.167458][ C0] ? exit_to_user_mode_loop+0x40/0x110 [ 1310.173040][ C0] exit_to_user_mode_loop+0x75/0x110 [ 1310.178373][ C0] do_syscall_64+0x2bd/0x3b0 [ 1310.183053][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 1310.188326][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1310.194477][ C0] ? clear_bhb_loop+0x60/0xb0 [ 1310.199202][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1310.205213][ C0] RIP: 0033:0x7f9a2698e969 [ 1310.209668][ C0] Code: Unable to access opcode bytes at 0x7f9a2698e93f. [ 1310.216763][ C0] RSP: 002b:00007f9a26cdfb88 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1310.225277][ C0] RAX: fffffffffffffdfc RBX: 000000000013ef79 RCX: 00007f9a2698e969 [ 1310.233336][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9a26bb5fac [ 1310.241394][ C0] RBP: 0000000000000bea R08: 7fffffffffffffff R09: 0000001026cdfe7f [ 1310.249507][ C0] R10: 00007f9a26cdfc80 R11: 0000000000000246 R12: 00007f9a26bb5fac [ 1310.257574][ C0] R13: 00007f9a26cdfc80 R14: 000000000013fb63 R15: 00007f9a26cdfca0 [ 1310.265657][ C0] [ 1310.268762][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1310.276075][ C0] CPU: 0 UID: 0 PID: 23717 Comm: syz.4.5833 Not tainted 6.15.0-syzkaller-08297-ge0797d3b91de #0 PREEMPT(full) [ 1310.287828][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1310.297986][ C0] Call Trace: [ 1310.301293][ C0] [ 1310.304164][ C0] dump_stack_lvl+0x99/0x250 [ 1310.308800][ C0] ? __asan_memcpy+0x40/0x70 [ 1310.313426][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1310.318667][ C0] ? __pfx__printk+0x10/0x10 [ 1310.323303][ C0] panic+0x2db/0x790 [ 1310.327256][ C0] ? __pfx_panic+0x10/0x10 [ 1310.331717][ C0] ? show_trace_log_lvl+0x4fb/0x550 [ 1310.336985][ C0] __warn+0x31b/0x4b0 [ 1310.341017][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 1310.346523][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 1310.352032][ C0] report_bug+0x2be/0x4f0 [ 1310.356396][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 1310.361908][ C0] ? refcount_warn_saturate+0xfa/0x1d0 [ 1310.367415][ C0] ? refcount_warn_saturate+0xfc/0x1d0 [ 1310.372918][ C0] handle_bug+0x84/0x160 [ 1310.377204][ C0] exc_invalid_op+0x1a/0x50 [ 1310.381762][ C0] asm_exc_invalid_op+0x1a/0x20 [ 1310.386642][ C0] RIP: 0010:refcount_warn_saturate+0xfa/0x1d0 [ 1310.392760][ C0] Code: 00 00 e8 19 6f 00 fd 5b 41 5e e9 81 eb a6 06 cc e8 0b 6f 00 fd c6 05 e7 f2 ca 0a 01 90 48 c7 c7 00 19 e2 8b e8 57 5b c4 fc 90 <0f> 0b 90 90 eb d7 e8 eb 6e 00 fd c6 05 c8 f2 ca 0a 01 90 48 c7 c7 [ 1310.412409][ C0] RSP: 0018:ffffc90000007668 EFLAGS: 00010246 [ 1310.418527][ C0] RAX: 8f3850defc4f1300 RBX: 0000000000000002 RCX: ffff88807fd8bc00 [ 1310.426544][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000002 [ 1310.434550][ C0] RBP: ffffc900000077e8 R08: 0000000000000003 R09: 0000000000000004 [ 1310.442558][ C0] R10: dffffc0000000000 R11: fffffbfff1bfa66c R12: ffff88802f324100 [ 1310.450570][ C0] R13: dffffc0000000000 R14: ffff88802f32426c R15: ffff88802355f400 [ 1310.458618][ C0] ? refcount_warn_saturate+0xf9/0x1d0 [ 1310.464138][ C0] tipc_crypto_xmit+0x1820/0x22c0 [ 1310.469235][ C0] ? __pfx_tipc_crypto_xmit+0x10/0x10 [ 1310.474674][ C0] ? skb_clone+0x246/0x3a0 [ 1310.479130][ C0] ? tipc_crypto_clone_msg+0x32/0x170 [ 1310.484565][ C0] tipc_crypto_clone_msg+0x90/0x170 [ 1310.489828][ C0] tipc_crypto_xmit+0x1998/0x22c0 [ 1310.494927][ C0] ? tipc_net+0x45/0x270 [ 1310.499215][ C0] ? __pfx_tipc_crypto_xmit+0x10/0x10 [ 1310.504637][ C0] ? tipc_net+0x45/0x270 [ 1310.508931][ C0] tipc_bearer_xmit_skb+0x245/0x400 [ 1310.514166][ C0] ? tipc_bearer_xmit_skb+0xa9/0x400 [ 1310.519500][ C0] ? __pfx_tipc_bearer_xmit_skb+0x10/0x10 [ 1310.525269][ C0] tipc_disc_timeout+0x580/0x6d0 [ 1310.530242][ C0] ? __pfx_tipc_disc_timeout+0x10/0x10 [ 1310.535771][ C0] call_timer_fn+0x17e/0x5f0 [ 1310.540400][ C0] ? __pfx_tipc_disc_timeout+0x10/0x10 [ 1310.545883][ C0] ? call_timer_fn+0xbe/0x5f0 [ 1310.550571][ C0] ? __pfx_call_timer_fn+0x10/0x10 [ 1310.555714][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 1310.560927][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 1310.566219][ C0] ? __pfx_tipc_disc_timeout+0x10/0x10 [ 1310.571690][ C0] __run_timer_base+0x61a/0x860 [ 1310.576556][ C0] ? ktime_get+0x3e/0x1f0 [ 1310.580912][ C0] ? __pfx___run_timer_base+0x10/0x10 [ 1310.586297][ C0] ? seqcount_lockdep_reader_access+0x15f/0x1c0 [ 1310.592564][ C0] run_timer_softirq+0xb7/0x180 [ 1310.597419][ C0] handle_softirqs+0x286/0x870 [ 1310.602208][ C0] ? __irq_exit_rcu+0xca/0x1f0 [ 1310.606984][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 1310.612288][ C0] __irq_exit_rcu+0xca/0x1f0 [ 1310.616897][ C0] ? __pfx___irq_exit_rcu+0x10/0x10 [ 1310.622113][ C0] irq_exit_rcu+0x9/0x30 [ 1310.626360][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1310.632001][ C0] [ 1310.634935][ C0] [ 1310.637871][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1310.643853][ C0] RIP: 0010:lock_acquire+0x175/0x360 [ 1310.649142][ C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 bb aa fd 10 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 1310.668752][ C0] RSP: 0018:ffffc9000d7e7238 EFLAGS: 00000206 [ 1310.674829][ C0] RAX: 8f3850defc4f1300 RBX: 0000000000000000 RCX: 8f3850defc4f1300 [ 1310.682806][ C0] RDX: 0000000000000000 RSI: ffffffff8db59fcc RDI: ffffffff8be26380 [ 1310.690789][ C0] RBP: ffffffff81727865 R08: 0000000000000000 R09: ffffffff81727865 [ 1310.698764][ C0] R10: ffffc9000d7e73f8 R11: ffffffff81acc920 R12: 0000000000000002 [ 1310.706745][ C0] R13: ffffffff8e13ccc0 R14: 0000000000000000 R15: 0000000000000246 [ 1310.714729][ C0] ? unwind_next_frame+0xa5/0x2390 [ 1310.719853][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1310.726023][ C0] ? unwind_next_frame+0xa5/0x2390 [ 1310.731190][ C0] ? unwind_next_frame+0xa5/0x2390 [ 1310.736311][ C0] ? __kasan_kmalloc+0x93/0xb0 [ 1310.741083][ C0] ? unwind_next_frame+0xa5/0x2390 [ 1310.746199][ C0] unwind_next_frame+0xc2/0x2390 [ 1310.751147][ C0] ? unwind_next_frame+0xa5/0x2390 [ 1310.756270][ C0] ? unwind_next_frame+0xa5/0x2390 [ 1310.761403][ C0] ? kasan_save_track+0x3e/0x80 [ 1310.766272][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1310.772439][ C0] arch_stack_walk+0x11c/0x150 [ 1310.777220][ C0] ? __kasan_kmalloc+0x93/0xb0 [ 1310.782017][ C0] stack_trace_save+0x9c/0xe0 [ 1310.786708][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1310.792092][ C0] ? __mmput+0x118/0x420 [ 1310.796349][ C0] ? __lock_acquire+0xab9/0xd20 [ 1310.801216][ C0] kasan_save_track+0x3e/0x80 [ 1310.805901][ C0] ? kasan_save_track+0x3e/0x80 [ 1310.810782][ C0] ? __kasan_kmalloc+0x93/0xb0 [ 1310.815604][ C0] __kasan_kmalloc+0x93/0xb0 [ 1310.820212][ C0] __kmalloc_cache_noprof+0x230/0x3d0 [ 1310.825605][ C0] ? kmem_cache_free+0x166/0x400 [ 1310.830559][ C0] ? exit_mmap+0x593/0xba0 [ 1310.834994][ C0] kmem_cache_free+0x166/0x400 [ 1310.839778][ C0] exit_mmap+0x593/0xba0 [ 1310.844044][ C0] ? __pfx_exit_mmap+0x10/0x10 [ 1310.848828][ C0] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 1310.854481][ C0] ? __pfx_exit_aio+0x10/0x10 [ 1310.859193][ C0] ? uprobe_clear_state+0x274/0x290 [ 1310.864408][ C0] __mmput+0x118/0x420 [ 1310.868509][ C0] exit_mm+0x1da/0x2c0 [ 1310.872597][ C0] ? __pfx_exit_mm+0x10/0x10 [ 1310.877209][ C0] ? rcu_is_watching+0x15/0xb0 [ 1310.881984][ C0] do_exit+0x864/0x2550 [ 1310.886138][ C0] ? __lock_acquire+0xab9/0xd20 [ 1310.891000][ C0] ? do_raw_spin_lock+0x121/0x290 [ 1310.896035][ C0] ? __pfx_do_exit+0x10/0x10 [ 1310.900646][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1310.906048][ C0] do_group_exit+0x21c/0x2d0 [ 1310.910648][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 1310.915856][ C0] get_signal+0x1286/0x1340 [ 1310.920387][ C0] arch_do_signal_or_restart+0x9a/0x750 [ 1310.925941][ C0] ? read_tsc+0x9/0x20 [ 1310.930018][ C0] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1310.936196][ C0] ? exit_to_user_mode_loop+0x40/0x110 [ 1310.941685][ C0] exit_to_user_mode_loop+0x75/0x110 [ 1310.946997][ C0] do_syscall_64+0x2bd/0x3b0 [ 1310.951598][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 1310.956805][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1310.962913][ C0] ? clear_bhb_loop+0x60/0xb0 [ 1310.967598][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1310.973505][ C0] RIP: 0033:0x7f9a2698e969 [ 1310.977933][ C0] Code: Unable to access opcode bytes at 0x7f9a2698e93f. [ 1310.984957][ C0] RSP: 002b:00007f9a26cdfb88 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1310.993385][ C0] RAX: fffffffffffffdfc RBX: 000000000013ef79 RCX: 00007f9a2698e969 [ 1311.001368][ C0] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f9a26bb5fac [ 1311.009341][ C0] RBP: 0000000000000bea R08: 7fffffffffffffff R09: 0000001026cdfe7f [ 1311.017319][ C0] R10: 00007f9a26cdfc80 R11: 0000000000000246 R12: 00007f9a26bb5fac [ 1311.025296][ C0] R13: 00007f9a26cdfc80 R14: 000000000013fb63 R15: 00007f9a26cdfca0 [ 1311.033295][ C0] [ 1311.036637][ C0] Kernel Offset: disabled [ 1311.040975][ C0] Rebooting in 86400 seconds..