last executing test programs: 10.924607822s ago: executing program 0 (id=2620): openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x3a240, 0x0) syz_open_dev$evdev(&(0x7f0000000000), 0x7fff, 0x4a0900) r0 = gettid() sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="4400000010001fff00"/20, @ANYRES32=0x0, @ANYBLOB="81ffffff000000001c0012800b00010067726574617000000c000280080001"], 0x44}}, 0x0) writev(0xffffffffffffffff, &(0x7f0000000400)=[{&(0x7f00000000c0)="390000001000111867090707a640400f0021ff3f30000000170a00170000000004003700090003", 0x27}], 0x1) r1 = socket$kcm(0x10, 0x2, 0x10) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000002f80)={0x0, 0x0, &(0x7f0000002f40)={&(0x7f0000000080)=@newtaction={0x60, 0x30, 0x0, 0x0, 0x0, {}, [{0x4c, 0x1, [@m_skbedit={0x48, 0x1, 0x0, 0x0, {{0xc}, {0x1c, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18}]}, {0x4}, {0xc}, {0xc, 0x9}}}]}]}, 0x60}}, 0x0) sendmsg$kcm(r1, &(0x7f0000000000)={0x0, 0xffffff2d, &(0x7f0000000080)=[{&(0x7f0000000040)="c00e02003c000b05d25a806f8c6394f90324fc602f00001550000100053582c137153e370248018088a817008848", 0x33fe0}], 0x1, 0x0, 0x3c}, 0x0) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r2 = openat$ubi_ctrl(0xffffff9c, &(0x7f0000000280), 0x200, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000180)='mm_vmscan_throttled\x00', r2, 0x0, 0x6}, 0x18) ioctl$EVIOCGKEY(0xffffffffffffffff, 0x80404518, &(0x7f0000000100)=""/76) 10.676744097s ago: executing program 0 (id=2677): r0 = creat(&(0x7f0000000200)='./bus\x00', 0x2) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000006ac0)='cpuacct.stat\x00', 0x275a, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(serpent)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, 0x0, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r4, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="e40000000201010800000040000000000a000000d00001800c000280050001000000020014000180080001000000000008000200000000002c00018014000300ff01000000000000000000000000000114000400ff0100000000000000000000000000010c00028005000100000000004700028005000100010000000600064400000000060005"], 0xe4}}, 0x0) sendmmsg$alg(r3, &(0x7f00000011c0)=[{0x0, 0x0, 0x0}], 0x1, 0x0) recvmmsg(r3, &(0x7f0000000940)=[{{0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000580)=""/212, 0xd4}], 0x1}}], 0x1, 0x0, 0x0) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) bind$inet(r5, &(0x7f0000000080)={0x2, 0x4e21, @broadcast}, 0x10) connect$inet(r5, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) syz_usb_connect(0x0, 0x48, &(0x7f0000000000)=ANY=[@ANYBLOB="120100004e4aa92082051600578e01020301090236000200000000090400f50003ed02000905030000000000000904"], 0x0) setsockopt$inet_tcp_TCP_REPAIR(r0, 0x6, 0x13, &(0x7f00000001c0), 0x4) sendto$inet(r5, &(0x7f00000002c0)="256de1cdcca93886d91fa1362838ea54e97dda3478c3e7b173d5b01facc3433f3d6800e7452f99e9191863a630847ce127ecf6e050c3b69a4bba9a40cda476932e9e98c2a19d27d6ccb9d338b95731ab621eab", 0xfef8, 0x0, 0x0, 0x0) write$binfmt_script(r1, &(0x7f0000000180), 0xb) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) membarrier(0x40, 0x0) membarrier(0x20, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) copy_file_range(r1, &(0x7f0000000080), r0, &(0x7f0000000100), 0xfffffffffffffff8, 0x0) 7.474827094s ago: executing program 0 (id=2699): r0 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r0, &(0x7f0000000000)={0x400000000000000, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)={0x2, 0x4, 0x0, 0x0, 0xa, 0x0, 0x0, 0x0, [@sadb_address={0x3, 0x6, 0x0, 0x0, 0x0, @in={0x2, 0x4e22, @multicast1=0xe0000009}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0xff, 0x0, 0x7}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @loopback}}]}, 0x50}, 0x1, 0x2000000}, 0x0) 7.248701902s ago: executing program 0 (id=2700): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r2 = syz_usb_connect(0x5, 0x3f, &(0x7f0000000100)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200067e001009058b1e20"], 0x0) syz_usb_control_io(r2, 0x0, &(0x7f0000000680)={0x84, &(0x7f00000000c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_open_dev$char_usb(0xc, 0xb4, 0x0) fsopen(0x0, 0x3ee3b44119882d06) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000200)={'geneve0\x00', 0x0}) sendmsg$nl_route(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)=ANY=[@ANYBLOB="4400000010000104000000000000000000000b00", @ANYRES32=r5, @ANYBLOB="0000000000000000240012800b00010067656e657665000014000280080001000000000005000c"], 0x44}, 0x1, 0x2}, 0x0) pwritev(r1, &(0x7f0000000000), 0x6f, 0x200, 0x0) 6.88965375s ago: executing program 4 (id=2702): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000040), 0xa0201, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) syz_emit_ethernet(0xf6, &(0x7f0000000000)={@dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @random="57e23d78656a", @val={@val={0x88a8, 0x1, 0x0, 0x2}, {0x8100, 0x4, 0x0, 0x2}}, {@mpls_mc={0x8848, {[{0x8, 0x0, 0x1}], @ipv4=@dccp={{0x8, 0x4, 0x2, 0x7, 0xdc, 0x64, 0x0, 0x75, 0x21, 0x0, @multicast1, @remote, {[@rr={0x7, 0x7, 0x70, [@remote]}, @ra={0x94, 0x4, 0x1}]}}, {{0x4e22, 0x4e21, 0x4, 0x1, 0x4, 0x0, 0x0, 0x5, 0x3, "c02d2c", 0x6, "0cab99"}, "87bb0e0294c95ea39b9e09020f839fbc90e806624f9f7b242eebaaf8de9fc951289532229251a5366d27ad4e547331e4b6ed4c78103d6b013d56d94c83c5d8f2930dd3f95445c82182ffa7836048973f6fe8974b7ff47bcad2d36ee336404ec919ed6d9cba4005b42210c7cc35b1e29a8530924e52f6e594f11be20d3a2b3044ba80ff7f627152f263792d2d668fd8524f6a0c86a491a7ebf01bcb42ee37eb69b338235feeafef0516cbc7e1"}}}}}}, &(0x7f0000000100)={0x1, 0x2, [0x4, 0xc5, 0xe55, 0x1f]}) r0 = socket$inet(0x2, 0x3, 0xa) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000940)='veth1_to_team\x00', 0x10) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x5, &(0x7f0000000100), 0x4) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x2, 0x9, 0x0, 0x0, 0x2}, 0x10}}, 0x0) r3 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000140), 0x200100, 0x0) r4 = openat$vcsu(0xffffff9c, &(0x7f0000000800), 0x40480, 0x0) ioctl$BTRFS_IOC_INO_PATHS(r4, 0xc0389423, &(0x7f0000000880)={0xffffffffffffffff, 0x18, [0x72, 0xc44c, 0x7, 0x3], &(0x7f0000000840)=[0x0, 0x0, 0x0]}) recvmsg$can_bcm(r3, &(0x7f0000000680)={&(0x7f0000000180)=@tipc=@name, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000200)=""/169, 0xa9}, {&(0x7f00000002c0)=""/201, 0xc9}, {&(0x7f0000000440)=""/96, 0x60}, {&(0x7f00000004c0)=""/213, 0xd5}], 0x4, &(0x7f00000005c0)=""/151, 0x97}, 0x20012021) 6.768775909s ago: executing program 4 (id=2703): r0 = socket$nl_route(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r0, 0x10e, 0xc, &(0x7f0000000040)={0x27}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)=ANY=[@ANYBLOB="300000001a00010000000000000000000a"], 0x30}, 0x1, 0x0, 0xff80}, 0x0) 6.738863132s ago: executing program 1 (id=2705): ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)=0x0) r1 = getpid() process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{0x1, 0xffffffffffffffff}, &(0x7f0000000080), &(0x7f00000000c0)='%+9llu \x00'}, 0x1c) r3 = ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, 0xffffffffffffffff) kcmp(r0, r1, 0x4, 0xffffffffffffffff, r2) syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="120100001e61e410b1134200557b0102030109021b0001000000000904000001cf28fc000905822fe9", @ANYRES32=r0], 0x0) ioctl$sock_FIOGETOWN(0xffffffffffffffff, 0x8903, &(0x7f0000000040)) (async) getpid() (async) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) (async) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000100)={{0x1}, &(0x7f0000000080), &(0x7f00000000c0)='%+9llu \x00'}, 0x1c) (async) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) (async) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, 0xffffffffffffffff) (async) kcmp(r0, r1, 0x4, 0xffffffffffffffff, r2) (async) syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="120100001e61e410b1134200557b0102030109021b0001000000000904000001cf28fc000905822fe9", @ANYRES32=r0], 0x0) (async) 6.684830732s ago: executing program 4 (id=2706): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="0500"/18, @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) 6.600326781s ago: executing program 4 (id=2707): r0 = syz_usb_connect$cdc_ncm(0x0, 0x6e, &(0x7f0000000480)={{0x12, 0x1, 0x0, 0x2, 0x0, 0x0, 0x20, 0x525, 0xa4a1, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5c, 0x2, 0x1, 0x0, 0xb8, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x1, 0x2, 0xd, 0x0, 0x0, {{0x5}, {0x5}, {0xd, 0x24, 0xf, 0x1, 0x6}, {0x6}}, {{0x9, 0x5, 0x81, 0x3, 0x200}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x2, 0x2, 0xd, 0x0, 0x0, "", {{{0x9, 0x5, 0x82, 0x2, 0x200}}, {{0x9, 0x5, 0x3, 0x2, 0x200, 0x0, 0x0, 0x10}}}}}}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000140)='/proc/bus/input/devices\x00', 0x0, 0x0) r2 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x12, 0x2, 0x4, 0x2, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000180)={{r4}, &(0x7f0000000040), &(0x7f0000000140)=r3}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r4}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffd}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000040)='hrtimer_init\x00', r5}, 0x10) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TUNSETOFFLOAD(r6, 0xc004743e, 0x20001400) ioctl$UI_DEV_SETUP(r2, 0x405c5503, &(0x7f00000023c0)={{}, 'syz0\x00', 0xe}) ioctl$UI_SET_EVBIT(r2, 0x40045564, 0x5) ioctl$UI_DEV_CREATE(r2, 0x5501) pread64(r1, &(0x7f0000000280)=""/4096, 0x1000, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000340)={0x44, 0x0, 0x0, 0x0, &(0x7f0000000200)={0x20, 0x80, 0x1c, {0x10, 0x10, 0x10, 0x10, 0x0, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10, 0x10}}, 0x0, 0x0, 0x0, 0x0}) r7 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000000c0)={'ip_vti0\x00', 0x0}) r9 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=@newlink={0x48, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, r8, 0x65580000}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @vti={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@vti_common_policy=[@IFLA_VTI_LINK={0x8}, @IFLA_VTI_IKEY={0x8}, @IFLA_VTI_FWMARK={0x8}]]}}}]}, 0x48}}, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000300)=@bpf_lsm={0xc, 0x3, &(0x7f0000000040)=@framed={{0x66, 0xa, 0x0, 0x0, 0x0, 0x61, 0x11, 0x68}}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x1b, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write(r0, 0x82, 0x5, &(0x7f0000002340)='hello') 6.53172524s ago: executing program 2 (id=2708): r0 = socket$pppoe(0x18, 0x1, 0x0) connect$pppoe(r0, &(0x7f0000000080)={0x18, 0x0, {0x1, @empty, 'bond0\x00'}}, 0x1e) sendmmsg$sock(r0, &(0x7f0000001dc0), 0x213, 0x0) (fail_nth: 6) 6.401188706s ago: executing program 2 (id=2710): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) bind(r1, &(0x7f0000000100)=@generic={0x11, "00000100000000000874e4bf7fb3a6835b76e252922cb18f6e2e2aba0000040000003836005404b0e0301a4ce875f2e3ff5f163ee340b7679500800000000000000101013c5811039e156c5027ecce66fd792bbf0e5bf5ff1b0816f3f6db1c00010000000000000049740000000000000006ad8e5ecc326d3a09ffc2c654"}, 0x80) getsockname$packet(r1, &(0x7f0000000740)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000780)=0x14) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f0000000300)={0x0, 0x0, 0x0, 'queue1\x00'}) r3 = socket(0xa, 0x1, 0x0) ioctl(r3, 0x8916, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="400000001400210100004000000000000a000000", @ANYRES32=r2, @ANYBLOB="14000200fa"], 0x40}}, 0x0) 6.256550055s ago: executing program 2 (id=2711): r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/oops_count', 0x1000, 0x84) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/image_size', 0x20202, 0x0) sendfile(r1, r1, 0x0, 0xc3) r2 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) r4 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x1000002, 0x0) r5 = dup(r4) r6 = open(&(0x7f0000000100)='./bus\x00', 0x44542, 0x0) ftruncate(r6, 0xee72) r7 = syz_io_uring_setup(0x4172, &(0x7f0000000780)={0x0, 0x0, 0x10100}, &(0x7f0000000300)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000180)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r7, 0x567, 0x0, 0x0, 0x0, 0x0) r10 = socket$inet6(0xa, 0x80803, 0x84) setsockopt$inet6_IPV6_XFRM_POLICY(r10, 0x29, 0x23, &(0x7f00000004c0)={{{@in6=@local, @in=@local, 0x0, 0x0, 0x0, 0x0, 0xa, 0x0, 0x0, 0x1}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, {0x0, 0x0, 0x0, 0xfffffffffffffffc}, 0x0, 0x0, 0x1}, {{@in=@remote, 0x0, 0x3c}, 0x0, @in6=@mcast1, 0x0, 0x0, 0x0, 0x5}}, 0xe4) connect$inet6(r10, &(0x7f00000000c0), 0x1c) sendfile(r5, r6, 0x0, 0x8000fffffffe) bind$can_j1939(r2, &(0x7f0000000380)={0x1d, r3, 0x1}, 0x18) sendmsg$NFT_BATCH(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[], 0x28}, 0x1, 0x0, 0x0, 0x800}, 0x40000801) sendmsg$IPCTNL_MSG_EXP_NEW(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)={0x0}}, 0x0) openat$drirender128(0xffffff9c, &(0x7f0000000100), 0x2600, 0x0) ioctl$DRM_IOCTL_ADD_CTX(r6, 0xc0086420, &(0x7f0000000340)) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) r11 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_ADD_COUNTERS(r11, 0x29, 0x41, &(0x7f00000013c0)={'filter\x00', 0x5, [{}, {}, {}, {}, {}]}, 0x74) fchdir(r0) sched_setaffinity(0x0, 0x0, 0x0) r12 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$DRM_IOCTL_GET_STATS(r0, 0x807c6406, &(0x7f0000000280)=""/136) ioctl$BINDER_WRITE_READ(r12, 0xc0306201, 0x0) syz_open_dev$vcsn(&(0x7f0000000080), 0x5, 0x0) 4.669733506s ago: executing program 1 (id=2722): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000000741c9934000000010440000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000180003801400008004"], 0xd0}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="240100003b0007010000000000000000047c0000040000000c00018006000600800a000000010280f90014"], 0x124}, 0x1, 0x19}, 0xc000) 4.589172818s ago: executing program 2 (id=2713): r0 = openat$cgroup_ro(0xffffffffffffffff, &(0x7f0000000480)='blkio.bfq.sectors\x00', 0x275a, 0x0) r1 = syz_open_procfs(0x0, &(0x7f0000000040)='oom_score_adj\x00') writev(r1, &(0x7f00000002c0)=[{&(0x7f0000000280)='0', 0x1}], 0x1) io_setup(0x7, &(0x7f00000000c0)=0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r4 = creat(&(0x7f0000000040)='./file0\x00', 0x80) sendfile(r4, r4, 0x0, 0xfffffffb) getsockopt$CAN_RAW_FILTER(r4, 0x65, 0x1, &(0x7f0000000300)=[{}, {}, {}, {}, {}, {}], &(0x7f0000000340)=0x30) io_submit(r2, 0x1, &(0x7f00000005c0)=[&(0x7f00000001c0)={0x0, 0x4, 0x0, 0x0, 0x0, r3, &(0x7f0000002940)="02", 0x1}]) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) syz_emit_ethernet(0x19e, &(0x7f00000007c0)=ANY=[@ANYBLOB="0180c200000e00000000000081003f0008004622018c000000006e019078e000000100000000071705ac141433ac1414bb0a010101ac1414aaac1414bb44144e200000000100007fff00000007000000038927d7ffffffff00000000640101020a010101ffffffffac1414bb7f000001ac14142000000000442c5f11e000000100000008ac141426000000090000000000000040ac1414bb000000080a010100000000018313ef0a010101ac1414aaffffffff7f000001860390ffe00000028651000000030510ec9f410d4ecfae3bf713e7641b42ec010b9c66947cfb0714a0ba07085862de91b6e3000fbc924af2314c3d5344a380cefd000a1edff90fb48db7144454c8630a010102000000ffac1e000100000009e000000200000001ac1414aa00000005ffffffff00000004e0000001000000a40a0101000000005effffffff00000008ac1414aa0000000774010101000000000502907803000000000000000066000b030000adffffffffffffffff880370440c55730a010100000000090067dddd4e7f99baa15a0edf1da0da84e3daddb079916b2dbc8f3aaa044fd8165276046447f9f07f06a17e280bb45606286685b4321b86c1898d5cacd1cdd0bcd0561aae7cc631f2a6c3c0120fec98c73340974d1d2bad5b1aa75ec8635a86e096067e3caed0b22e8ad3592840914cc8596d967044556f68c82cd1dcc0528fce489dabc8f2153934623deac376ecf829641a6b90cccf4d1b1c4bbd1ffb8beb4289dcf123ef4e541b693275ad8d73000000000000"], 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) r5 = syz_open_dev$sg(&(0x7f00000000c0), 0x6, 0x1) ioctl$SG_GET_SG_TABLESIZE(r5, 0x227f, &(0x7f0000000140)) r6 = openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x42f82, 0x0) write$dsp(r6, &(0x7f00000001c0)="5cba91a4", 0xffffffd9) 4.491493212s ago: executing program 1 (id=2714): r0 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000140), 0x200100, 0x0) recvmsg$can_bcm(r0, &(0x7f0000000680)={&(0x7f0000000180)=@tipc=@name, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000200)=""/169, 0xa9}, {&(0x7f00000002c0)=""/201, 0xc9}, {&(0x7f0000000440)=""/96, 0x60}, {&(0x7f00000004c0)=""/213, 0xd5}], 0x4, &(0x7f00000005c0)=""/151, 0x97}, 0x20012021) 4.364578156s ago: executing program 1 (id=2715): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x0, 0x0) ioctl$BTRFS_IOC_SET_RECEIVED_SUBVOL(r0, 0xc0c09425, 0x0) ioctl$BTRFS_IOC_SNAP_DESTROY_V2(0xffffffffffffffff, 0x5000943f, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cgroup.stat\x00', 0x275a, 0x0) write$binfmt_aout(r1, &(0x7f00000010c0)=ANY=[], 0x1a3) r2 = openat$vicodec1(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ppoll(0x0, 0x0, 0x0, &(0x7f0000000000)={[0x2000010001006]}, 0x8) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r3, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x68}}, 0x0) ioctl$VIDIOC_S_INPUT(r2, 0xc0045627, &(0x7f0000000440)=0x2) getpgrp(0x0) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f0000000500)="0adeef0cd3c8f5294248b30be2fcd9461179389b892d67425c9ecdab5e23328d43", 0x21) socket$nl_xfrm(0x10, 0x3, 0x6) open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000280)={&(0x7f0000000040)="bc963e76ebc00bc0e2e92ff7c7dec255b8c66be4d54e8933e69a976b96e945724d6efb96dc3e8f8a2f75094ce9f61df63d553bf837c91b40533567056dc4", 0x0, 0x0, 0x0}, 0x38) write$binfmt_misc(r1, &(0x7f0000000040)=ANY=[], 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x18, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea89de2b7fb0a0100000000000000000300", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 4.293319995s ago: executing program 3 (id=2716): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000040)={'wlan0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) socket$netlink(0x10, 0x3, 0x4) socket$inet(0x2b, 0x1, 0x2) socket(0x10, 0x3, 0x0) r1 = epoll_create1(0x0) socket$inet_dccp(0x2, 0x6, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) socket(0x28, 0x5, 0x0) syz_usb_connect(0x6, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000099d75010520c2aa0ceb18835f85b58d098000805010000000000000000000004"], 0x0) syz_open_dev$video4linux(&(0x7f0000000000), 0x9, 0x4800) epoll_create1(0x0) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_MCAST_MSFILTER(r3, 0x29, 0x48, &(0x7f0000000040)=ANY=[@ANYRES8=r3], 0x90) read$FUSE(r2, &(0x7f00000000c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r2, &(0x7f0000002100)={0x50, 0x0, r4, {0x7, 0x28, 0xc, 0xc52000, 0x3, 0x1, 0x1, 0x7fff}}, 0x50) 4.159502814s ago: executing program 0 (id=2717): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="0500"/18, @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) 4.10653492s ago: executing program 0 (id=2718): socket$key(0xf, 0x3, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f00000004c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000cc0)={'wlan0\x00'}) socket$nl_generic(0x10, 0x3, 0x10) timer_create(0x0, 0x0, 0x0) clock_gettime(0x0, &(0x7f00000002c0)) r2 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_IO(r2, 0x2285, 0x0) r3 = fcntl$dupfd(r2, 0x0, r2) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), 0xffffffffffffffff) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000480)={0x34, r4, 0x1, 0x0, 0x0, {{0x2}, {@val={0x8, 0x3, r6}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_EDMG_CHANNELS={0x5, 0x118, 0x30}, @NL80211_ATTR_WIPHY_EDMG_BW_CONFIG={0x5, 0x119, 0xc}], @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x9b4}]]}, 0x34}}, 0x0) write$sndseq(r3, 0x0, 0x0) write$sndseq(r3, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick=0x2000, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @tick=0x4, {}, {0x0, 0xfc}, @queue={0x1, {0x1, 0xfffffffc}}}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @time={0xffffffff}, {}, {}, @connect={{0x81}}}, {0x0, 0x0, 0x0, 0x0, @tick=0x2, {}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}], 0xa8) epoll_create1(0x0) socket$nl_generic(0x10, 0x3, 0x10) pselect6(0x40, &(0x7f0000001000)={0x7a}, 0x0, 0x0, 0x0, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000097ff8208582005109bc1000000010902120004000000bf575a00"], 0x0) openat$sndseq(0xffffff9c, &(0x7f0000000040), 0x101100) openat$sndseq(0xffffffffffffff9c, &(0x7f0000000040), 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, &(0x7f00000001c0)={0x0, 0x0, 0x0, 'queue0\x00'}) r7 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000340)={'bridge_slave_0\x00'}) socket$netlink(0x10, 0x3, 0x0) 3.780714896s ago: executing program 4 (id=2719): r0 = socket$inet(0x2b, 0x801, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000100)=@broute={'broute\x00', 0x20, 0x3, 0x16e, [0x0, 0x0, 0x0, 0x0, 0xffcf, 0x20000a40], 0x0, 0x0, &(0x7f0000000a40)=[{0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{0x11, 0x11, 0x8884, 'veth1_virt_wifi\x00', 'ipvlan1\x00', 'macsec0\x00', 'veth0_to_batadv\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x35}, [0xff, 0xff, 0xff], @remote, [0x0, 0xff], 0x6e, 0x6e, 0xde, [], [], @common=@nflog={'nflog\x00', 0x4c, {{0x2, 0x401, 0x6, 0x0, 0x0, "bd8278e0f18e9bed79771223ab0fd8da2d19e4396bec2f619edbb7a3675ba003510a161255ba5feaec5ad72e83362305e0a63791ea8b4030c1ef2d1d856062bf"}}}}]}, {0x0, '\x00', 0x1, 0xffffffffffffffff}, {0x0, '\x00', 0x1, 0xfffffffffffffffc}]}, 0x1be) 3.774458755s ago: executing program 4 (id=2720): r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000040)) r1 = fcntl$dupfd(r0, 0x0, r0) setsockopt$ARPT_SO_SET_REPLACE(r1, 0x0, 0x60, &(0x7f00000004c0)={'filter\x00', 0x7, 0x4, 0x3b4, 0xe4, 0x1f0, 0x1f0, 0x2d4, 0x2d4, 0x2d4, 0x4, &(0x7f0000000080), {[{{@arp={@initdev={0xac, 0x1e, 0x0, 0x0}, @rand_addr=0x64010100, 0x0, 0xff000000, 0x8, 0x8, {@empty, {[0x0, 0xff, 0xff, 0xff, 0xff]}}, {@empty, {[0xff, 0x0, 0xff, 0x0, 0xff]}}, 0x74, 0x0, 0xfff, 0x4, 0x7fff, 0x0, 'tunl0\x00', 'team_slave_0\x00'}, 0xbc, 0xe4}, @unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x80, 0x2, 0x2}}}, {{@uncond, 0xbc, 0x10c}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @empty, @rand_addr=0x64010102, @rand_addr=0x64010100, 0x8, 0x1}}}, {{@uncond, 0xbc, 0xe4}, @unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x4, 0x7}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x400) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000200)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a010300000000000000000100fffd0900010073797a300000000040000000030a01020000000000000000010000000900030073797a3200000000140004800800024032658aeb08000140000000010900010073797a300000000044000000060a010400000000000001040100000008000b40000000000900010073797a30000000001c000480180001800d00010073796e70726f7879000000000400028014000000110001"], 0xcc}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000180)={0x5, &(0x7f0000000140)=[{0x3ff, 0x1, 0x8, 0x28f7}, {0x3, 0x5, 0x3, 0x80}, {0x9, 0xe, 0x3, 0x1000}, {0xfffd, 0x7, 0x1, 0x4}, {0x5c, 0x2, 0x9a, 0x2}]}) syz_emit_ethernet(0x36, &(0x7f0000000480)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @empty}, {{0x10, 0x4e26, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0xc2, 0x1}}}}}}, 0x0) ioctl$USBDEVFS_FREE_STREAMS(r0, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007006000000002000020d3"]) ioctl$USBDEVFS_RELEASE_PORT(r0, 0x5514, 0x0) 3.592348638s ago: executing program 3 (id=2721): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f00000018c0)={'team0\x00', 0x0}) r2 = openat$vsock(0xffffff9c, &(0x7f00000001c0), 0x40101, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$vcsu(0xffffff9c, &(0x7f0000000100), 0x82140, 0x0) ioctl$KVM_NMI(r5, 0xae9a) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0xfffffffffffffffe]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000002c0)) getsockopt$ARPT_SO_GET_REVISION_TARGET(r2, 0x0, 0x63, &(0x7f0000000080)={'ipvs\x00'}, &(0x7f00000000c0)=0x1e) ioctl$KVM_RUN(r5, 0xae80, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000022780)=@newlink={0x50, 0x10, 0x49920d862a92153b, 0x0, 0x0, {}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_GTP_RESTART_COUNT={0x5}, @IFLA_GTP_CREATE_SOCKETS={0x5}, @IFLA_GTP_PDP_HASHSIZE={0x8, 0x3, 0xbc7}]}}}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x50}}, 0x0) 3.408222691s ago: executing program 1 (id=2723): r0 = socket$inet_udplite(0x2, 0x2, 0x88) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f00000003c0)={'filter\x00', 0x7, 0x7ffffffc, 0x3c8, 0x0, 0x0, 0x1f8, 0x2e0, 0x2e0, 0x2e0, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@local, @empty, @empty, @multicast2, 0x0, 0xd00}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@STANDARD={0x28}}, {{@arp={@empty, @multicast1, 0x0, 0x0, 0x0, 0x0, {@mac=@multicast}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'wg2\x00', 'ipvlan1\x00'}, 0xc0, 0xe8}, @unspec=@NFQUEUE1={0x28}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x418) 3.232406944s ago: executing program 1 (id=2724): r0 = syz_io_uring_setup(0x353, &(0x7f0000001500), &(0x7f0000ffb000), &(0x7f0000ffb000)) getpid() prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f00000001c0)=[{&(0x7f0000033a80)=""/102386, 0x18ff2}, {&(0x7f0000000580)=""/156, 0x9c}, {&(0x7f00000000c0)=""/11, 0xb}, {&(0x7f0000000740)=""/247, 0xf7}], 0x4, 0x3, 0x0) r2 = socket$inet6_sctp(0xa, 0x1, 0x84) sendto$inet6(r2, &(0x7f0000847fff)='X', 0x34000, 0x0, &(0x7f000005ffe4)={0xa, 0x0, 0x0, @loopback={0x0, 0x1c9ae7fffe9a6f34}}, 0x1c) connect$inet6(r2, &(0x7f0000000340)={0xa, 0x0, 0x0, @private1}, 0x1c) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x6ed3, 0x0, 0x0, 0x0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r2, 0x84, 0x6f, &(0x7f00000000c0)={0x0, 0x1c, &(0x7f0000000080)=[@in6={0xa, 0x0, 0x0, @dev, 0x7}]}, &(0x7f0000000100)=0x10) shutdown(r2, 0x1) syz_emit_ethernet(0x4a, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaade9ea3f675c186dd60083ff200140600fe8000000000000000000000000000bbff02000000000000000000000000000100000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="57a8ef8a490c3ce7"], 0x0) io_uring_register$IORING_UNREGISTER_PERSONALITY(r0, 0x19, 0x20000000, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080000000000000", @ANYRES32, @ANYBLOB="0060517600280200", @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00'/28], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="000000000000000000051200"/32], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='fib_table_lookup\x00', r4}, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000480)={r4, 0xe0, &(0x7f0000000380)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, &(0x7f0000000040)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x5, &(0x7f0000000180)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], &(0x7f00000001c0)=[0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x52, &(0x7f0000000240)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f0000000280), &(0x7f0000000300), 0x8, 0xed, 0x8, 0x8, &(0x7f0000000340)}}, 0x10) setsockopt$inet_pktinfo(r5, 0x0, 0x8, &(0x7f00000004c0)={r6, @multicast2, @empty}, 0xc) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000001840)=ANY=[], 0x48) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r7, 0x8914, &(0x7f0000000000)={'vlan1\x00', @remote}) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)) 1.018892168s ago: executing program 2 (id=2725): openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000640), 0x0, 0x0) r0 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$DCCPDIAG_GETSOCK(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000600)=ANY=[@ANYBLOB="fc1100001200010200"/56, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000f504010007"], 0x11fc}}, 0x0) 798.476563ms ago: executing program 3 (id=2726): r0 = openat$ocfs2_control(0xffffff9c, &(0x7f0000000140), 0x200100, 0x0) recvmsg$can_bcm(r0, &(0x7f0000000680)={&(0x7f0000000180)=@tipc=@name, 0x80, &(0x7f00000003c0)=[{&(0x7f0000000200)=""/169, 0xa9}, {&(0x7f00000002c0)=""/201, 0xc9}, {&(0x7f0000000440)=""/96, 0x60}, {&(0x7f00000004c0)=""/213, 0xd5}], 0x4, &(0x7f00000005c0)=""/151, 0x97}, 0x20012021) 740.853607ms ago: executing program 2 (id=2727): unshare(0x6c060200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bind$can_j1939(0xffffffffffffffff, 0x0, 0x0) (async) bind$can_j1939(0xffffffffffffffff, 0x0, 0x0) r0 = socket(0x11, 0x3, 0x0) ioctl$sock_inet_SIOCSIFADDR(r0, 0x8916, &(0x7f0000000040)={'lo\x00', {0x2, 0x0, @multicast1}}) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a4d2ff40f3054002241b0102030109021b00010000000009040000014eaf32000905d693"], 0x0) (async) syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000a4d2ff40f3054002241b0102030109021b00010000000009040000014eaf32000905d693"], 0x0) 586.33086ms ago: executing program 3 (id=2728): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="300000001000070100dd21200100005b91325b38", @ANYRES32=0x0, @ANYBLOB="000000000080000008001b00000000000500100005"], 0x30}}, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) fsetxattr$trusted_overlay_nlink(r1, &(0x7f0000000080), &(0x7f0000000140)={'L+', 0x7}, 0x16, 0x3) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002300)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYRESOCT=r1, @ANYRES16=r0, @ANYBLOB="b234b7e65c11a7c5e2d2", @ANYRESDEC=0x0], 0x0, 0x0, 0x0) utimensat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', &(0x7f0000000100)={{0x77359400}, {0x0, 0x3fffffff}}, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000380)={'macvlan1\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="4c0000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="ef00000000000000140012800b0001006970766c616e00000400028008000500", @ANYRES32=r3, @ANYBLOB="080004000001000008000a00", @ANYRES32=r3], 0x4c}}, 0x0) 245.236001ms ago: executing program 3 (id=2729): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040), 0x8) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_SET_INTERFACE(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB="1c000000", @ANYRES16=0x0, @ANYBLOB="0500"/18, @ANYRES32=0x0, @ANYBLOB], 0x1c}}, 0x0) 0s ago: executing program 3 (id=2730): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x3523, &(0x7f00000003c0)={0x0, 0x200000, 0x4}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_setup(0x26ec, &(0x7f0000000300)={0x0, 0x45f3, 0x0, 0x8}, &(0x7f00000001c0)=0x0, &(0x7f0000000040)) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_EPOLL_CTL=@del={0x1d, 0x11, 0x0, r1, 0x0, r1, 0x2, 0x0, 0x1}) bpf$PROG_LOAD(0x5, &(0x7f00000054c0)={0x0, 0x16, &(0x7f0000000200)=ANY=[@ANYBLOB="61127600000000006113500000000000bf2000000000000007000000180000003d030100000000009500f000000000006926000000000000bf67000000000000560702000f0200006706000020000000620a00ff0ee60000bf250000000000002d350000000000006507000002080000070700004c0000001f75000000000000bf54000000000000070400000400f9ffcd35010000000000ce040000000000001c000000000000009500000000000000db13d5d8b741f2cdaabc8383c8f56bb5df3083d20f8c2bf304000000815d"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r5 = socket$nl_generic(0x10, 0x3, 0x10) sendto$packet(0xffffffffffffffff, &(0x7f00000002c0)="05040500d3fc09000000478803", 0xd, 0x0, 0x0, 0x0) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0xfffffffffffffef7, &(0x7f0000001340)={&(0x7f00000000c0)=ANY=[@ANYRES16=r3, @ANYRESOCT=r3, @ANYRESDEC=r7, @ANYRES32=r4, @ANYRES8=r6], 0x6f4}}, 0x0) r8 = socket$unix(0x1, 0x5, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r8, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) r10 = socket$can_bcm(0x1d, 0x2, 0x2) r11 = syz_open_procfs(0x0, &(0x7f0000000080)='net/fib_trie\x00') read$FUSE(r11, &(0x7f000000a300)={0x2020}, 0x204c) preadv2(r11, &(0x7f0000000840)=[{&(0x7f00000002c0)=""/185, 0xb9}], 0x1, 0x0, 0x0, 0x0) read$FUSE(r1, &(0x7f0000012400)={0x2020}, 0xfffffffffffffd63) syz_emit_vhci(0x0, 0x0) connect$can_bcm(r10, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r10, &(0x7f0000000480)={&(0x7f0000000080)={0x1d, r9}, 0x10, 0x0}, 0x0) sendmsg$can_bcm(r10, &(0x7f00000005c0)={&(0x7f0000000180)={0x1d, r9}, 0x10, &(0x7f00000001c0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="01000000100100"/16, @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="000000000100000000000000fd"], 0x48}, 0x2}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x8, 0x0, &(0x7f0000006680)) io_setup(0x8, &(0x7f0000000000)=0x0) getsockname$packet(r11, &(0x7f0000000040)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000380)=0x14) r13 = eventfd2(0x0, 0x0) io_submit(r12, 0x0, &(0x7f0000000600)) io_submit(r12, 0x1, &(0x7f0000000200)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x5, 0x0, r13, 0x0}]) kernel console output (not intermixed with test programs): number 84 using dummy_hcd [ 634.087715][ T5279] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 634.097507][ T5279] usb 4-1: Product: syz [ 634.102173][ T5279] usb 4-1: Manufacturer: syz [ 634.106828][ T5279] usb 4-1: SerialNumber: syz [ 634.123410][ T5279] usb 4-1: config 0 descriptor?? [ 634.140543][ T5279] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.56/input/input56 [ 634.209656][ T5296] usb 3-1: device descriptor read/64, error -71 [ 634.347009][ T5279] usb 4-1: USB disconnect, device number 95 [ 634.350545][ T4666] bcm5974 4-1:0.56: could not read from device [ 634.370815][T12017] bcm5974 4-1:0.56: could not read from device [ 634.460243][ T5296] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 634.599592][ T5232] Bluetooth: hci1: command 0x0c1a tx timeout [ 634.606336][ T5296] usb 3-1: device descriptor read/64, error -71 [ 634.720460][ T5296] usb usb3-port1: attempt power cycle [ 635.319541][ T5296] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 635.352392][ T5296] usb 3-1: device descriptor read/8, error -71 [ 635.589516][ T5296] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 635.610159][ T5296] usb 3-1: device descriptor read/8, error -71 [ 635.719792][ T5296] usb usb3-port1: unable to enumerate USB device [ 635.769620][ T5294] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 635.824103][T15958] FAULT_INJECTION: forcing a failure. [ 635.824103][T15958] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 635.838739][T15958] CPU: 1 UID: 0 PID: 15958 Comm: syz.3.2306 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 635.849211][T15958] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 635.859326][T15958] Call Trace: [ 635.862628][T15958] [ 635.865563][T15958] dump_stack_lvl+0x241/0x360 [ 635.870261][T15958] ? __pfx_dump_stack_lvl+0x10/0x10 [ 635.875477][T15958] ? __pfx__printk+0x10/0x10 [ 635.880087][T15958] ? snprintf+0xda/0x120 [ 635.884354][T15958] should_fail_ex+0x3b0/0x4e0 [ 635.889054][T15958] _copy_to_user+0x2f/0xb0 [ 635.893506][T15958] simple_read_from_buffer+0xca/0x150 [ 635.898933][T15958] proc_fail_nth_read+0x1e9/0x250 [ 635.904009][T15958] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 635.909611][T15958] ? rw_verify_area+0x55e/0x6f0 [ 635.914510][T15958] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 635.920078][T15958] vfs_read+0x201/0xbc0 [ 635.924261][T15958] ? __pfx_vfs_read+0x10/0x10 [ 635.928968][T15958] ? __fdget_pos+0x265/0x320 [ 635.933573][T15958] ksys_read+0x1a0/0x2c0 [ 635.937855][T15958] ? __pfx_ksys_read+0x10/0x10 [ 635.942685][T15958] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 635.949339][T15958] ? lockdep_hardirqs_on+0x99/0x150 [ 635.954575][T15958] __do_fast_syscall_32+0xb4/0x110 [ 635.959800][T15958] ? exc_page_fault+0x590/0x8c0 [ 635.964694][T15958] do_fast_syscall_32+0x34/0x80 [ 635.969576][T15958] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 635.975937][T15958] RIP: 0023:0xf745d579 [ 635.980011][T15958] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 635.999651][T15958] RSP: 002b:00000000f57465a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 636.008117][T15958] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5746620 [ 636.016102][T15958] RDX: 000000000000000f RSI: 00000000f744bff4 RDI: 0000000000000000 [ 636.024097][T15958] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 636.032084][T15958] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 636.040085][T15958] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 636.048116][T15958] [ 636.139676][ T5294] usb 5-1: Using ep0 maxpacket: 16 [ 636.158448][ T5294] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 636.185438][ T5294] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 636.214144][ T5294] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.227360][ T5294] usb 5-1: Product: syz [ 636.231811][T15960] vlan2: entered promiscuous mode [ 636.231838][T15960] ip6gretap0: entered promiscuous mode [ 636.243672][T15960] ip6gretap0: left promiscuous mode [ 636.258330][ T5294] usb 5-1: Manufacturer: syz [ 636.267849][ T5294] usb 5-1: SerialNumber: syz [ 636.286914][ T5294] usb 5-1: config 0 descriptor?? [ 636.569450][ T5294] usb 4-1: new high-speed USB device number 96 using dummy_hcd [ 636.679522][ T5232] Bluetooth: hci1: command 0x0c1a tx timeout [ 636.729625][ T5294] usb 4-1: Using ep0 maxpacket: 32 [ 636.750682][ T5281] usb 5-1: USB disconnect, device number 88 [ 636.769786][ T5294] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 636.790563][ T5294] usb 4-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=cb.c8 [ 636.799967][ T5294] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 636.808189][ T5294] usb 4-1: Product: syz [ 636.813504][ T5294] usb 4-1: Manufacturer: syz [ 636.820430][ T5294] usb 4-1: SerialNumber: syz [ 636.838775][ T5294] usb 4-1: config 0 descriptor?? [ 637.113817][T15964] bridge0: port 1(bridge_slave_0) entered blocking state [ 637.121031][T15964] bridge0: port 1(bridge_slave_0) entered forwarding state [ 637.206967][ T9] usb 4-1: USB disconnect, device number 96 [ 637.790745][T16001] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2320'. [ 638.056730][T16010] UHID_CREATE from different security context by process 49 (syz.2.2323), this is not allowed. [ 638.179578][ T5294] usb 4-1: new high-speed USB device number 97 using dummy_hcd [ 638.339414][ T5294] usb 4-1: Using ep0 maxpacket: 16 [ 638.351751][ T5294] usb 4-1: config 0 has no interfaces? [ 638.371485][ T5294] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 638.391945][ T5294] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 638.433875][ T5294] usb 4-1: Product: syz [ 638.438110][ T5294] usb 4-1: Manufacturer: syz [ 638.464399][ T5294] usb 4-1: SerialNumber: syz [ 638.484282][ T5294] r8152-cfgselector 4-1: Unknown version 0x0000 [ 638.495840][ T5294] r8152-cfgselector 4-1: config 0 descriptor?? [ 638.721937][T16008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 638.752827][T16008] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 638.761345][ T5232] Bluetooth: hci1: command 0x0c1a tx timeout [ 638.856882][T16008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 638.883017][T16008] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 638.921638][ T5296] r8152-cfgselector 4-1: USB disconnect, device number 97 [ 640.974084][T12421] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 641.235066][T12421] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 641.280698][T16050] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2339'. [ 641.490188][T12421] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 641.494851][T16031] coredump: 82(syz.1.2330): written to core: VMAs: 36, size 93622272; core: 55985066 bytes, pos 93634560 [ 641.669951][ T5230] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 641.683131][ T5230] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 641.704428][ T5230] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 641.734277][ T5230] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 641.748307][ T5230] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 641.759188][ T5230] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 641.822128][T12421] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 642.459490][T12421] bridge_slave_1: left promiscuous mode [ 642.465358][T12421] bridge0: port 2(bridge_slave_1) entered disabled state [ 642.479546][ T9] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 642.509988][T12421] bridge_slave_0: left allmulticast mode [ 642.536860][T12421] bridge_slave_0: left promiscuous mode [ 642.552909][T12421] bridge0: port 1(bridge_slave_0) entered disabled state [ 642.649402][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 642.696108][ T9] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 642.724793][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 642.828127][ T9] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 642.850916][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 642.876253][ T9] usb 5-1: Product: syz [ 642.880734][ T9] usb 5-1: Manufacturer: syz [ 642.885378][ T9] usb 5-1: SerialNumber: syz [ 642.901603][ T9] usb 5-1: config 0 descriptor?? [ 642.932265][ T9] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 642.963941][ T9] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 643.133808][T16079] syz.1.2348 (16079): drop_caches: 2 [ 643.163006][T16079] syz.1.2348 (16079): drop_caches: 2 [ 643.219648][ T5276] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 643.400110][ T5276] usb 3-1: Using ep0 maxpacket: 16 [ 643.411427][ T5276] usb 3-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 643.423687][ T5276] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 643.449016][ T5276] usb 3-1: config 0 descriptor?? [ 643.472875][ T5276] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 643.552494][ T9] em28xx 5-1:0.0: chip ID is em2870 [ 643.709076][T12421] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 643.725768][T12421] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 643.737962][T12421] bond0 (unregistering): Released all slaves [ 643.761019][ T5294] usb 5-1: USB disconnect, device number 89 [ 643.767879][ T5294] em28xx 5-1:0.0: Disconnecting em28xx [ 643.781069][ T5294] em28xx 5-1:0.0: Freeing device [ 643.801417][ T5232] Bluetooth: hci4: command tx timeout [ 643.908039][T16055] chnl_net:caif_netlink_parms(): no params data found [ 644.362474][T16055] bridge0: port 1(bridge_slave_0) entered blocking state [ 644.378907][T16055] bridge0: port 1(bridge_slave_0) entered disabled state [ 644.387018][T16055] bridge_slave_0: entered allmulticast mode [ 644.407471][T16055] bridge_slave_0: entered promiscuous mode [ 644.480825][T12421] hsr_slave_0: left promiscuous mode [ 644.501602][T12421] hsr_slave_1: left promiscuous mode [ 644.520520][T12421] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 644.544451][T12421] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 644.558718][T12421] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 644.576870][T12421] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 644.633242][T12421] veth1_macvtap: left promiscuous mode [ 644.648935][T12421] veth0_macvtap: left promiscuous mode [ 644.661649][T12421] veth1_vlan: left promiscuous mode [ 644.680277][T12421] veth0_vlan: left promiscuous mode [ 645.405074][T12421] team0 (unregistering): Port device team_slave_1 removed [ 645.889808][ T5232] Bluetooth: hci4: command tx timeout [ 646.239555][ T5276] gspca_sonixj: reg_w1 err -110 [ 646.244662][ T5276] sonixj 3-1:0.0: probe with driver sonixj failed with error -110 [ 646.502441][T16055] bridge0: port 2(bridge_slave_1) entered blocking state [ 646.510135][T16055] bridge0: port 2(bridge_slave_1) entered disabled state [ 646.517438][T16055] bridge_slave_1: entered allmulticast mode [ 646.525078][T16055] bridge_slave_1: entered promiscuous mode [ 646.570301][T16084] pim6reg: entered allmulticast mode [ 646.593539][ T5276] usb 3-1: USB disconnect, device number 88 [ 646.649037][T16055] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 646.674513][T16055] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 646.784157][T16055] team0: Port device team_slave_0 added [ 646.808356][T16055] team0: Port device team_slave_1 added [ 646.926856][T16055] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 646.937243][T16055] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 647.071314][T16055] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 647.097950][T16055] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 647.107055][T16055] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 647.179664][T16055] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 647.398440][T16055] hsr_slave_0: entered promiscuous mode [ 647.433720][T16055] hsr_slave_1: entered promiscuous mode [ 647.458243][T16055] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 647.489460][T16055] Cannot create hsr debugfs directory [ 647.648723][T16159] netlink: 203452 bytes leftover after parsing attributes in process `syz.1.2362'. [ 647.658521][T16159] netlink: 'syz.1.2362': attribute type 2 has an invalid length. [ 647.676748][T16159] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2362'. [ 647.959449][ T5232] Bluetooth: hci4: command tx timeout [ 648.609532][ T5281] usb 3-1: new high-speed USB device number 89 using dummy_hcd [ 648.763904][ T5281] usb 3-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30 [ 648.801980][ T5281] usb 3-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x51, changing to 0x1 [ 648.817244][T16163] ALSA: mixer_oss: invalid OSS volume 'verification' [ 648.825414][ T5281] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 648.840469][T16163] ALSA: mixer_oss: invalid OSS volume 'stack' [ 648.847212][ T5281] usb 3-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101 [ 648.859425][T16163] ALSA: mixer_oss: invalid OSS volume '' [ 648.878257][ T5281] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 648.887685][ T5281] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 649.185024][T16180] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 649.267643][T16180] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 649.302574][ T5281] ath6kl: Failed to submit usb control message: -71 [ 649.320226][ T5281] ath6kl: unable to send the bmi data to the device: -71 [ 649.327289][ T5281] ath6kl: Unable to send get target info: -71 [ 649.352879][ T5294] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 649.395996][T16055] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 649.408758][ T5281] ath6kl: Failed to init ath6kl core: -71 [ 649.431582][ T5281] ath6kl_usb 3-1:4.0: probe with driver ath6kl_usb failed with error -71 [ 649.440031][T16055] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 649.471264][T16055] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 649.492580][ T5281] usb 3-1: USB disconnect, device number 89 [ 649.512150][T16055] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 649.529775][ T5294] usb 2-1: Using ep0 maxpacket: 32 [ 649.538085][ T5294] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 649.554882][ T5294] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 649.574584][ T5294] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 649.592966][ T5294] usb 2-1: Product: syz [ 649.597200][ T5294] usb 2-1: Manufacturer: syz [ 649.617669][ T5294] usb 2-1: SerialNumber: syz [ 649.737906][T16055] 8021q: adding VLAN 0 to HW filter on device bond0 [ 649.787195][T16055] 8021q: adding VLAN 0 to HW filter on device team0 [ 649.815404][T12421] bridge0: port 1(bridge_slave_0) entered blocking state [ 649.822614][T12421] bridge0: port 1(bridge_slave_0) entered forwarding state [ 649.873821][ T2561] bridge0: port 2(bridge_slave_1) entered blocking state [ 649.881037][ T2561] bridge0: port 2(bridge_slave_1) entered forwarding state [ 650.030673][T16055] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 650.040809][ T5232] Bluetooth: hci4: command tx timeout [ 650.060535][T16188] input: syz0 as /devices/virtual/input/input57 [ 650.258990][T16055] veth0_vlan: entered promiscuous mode [ 650.280715][T16055] veth1_vlan: entered promiscuous mode [ 650.367141][T16055] veth0_macvtap: entered promiscuous mode [ 650.398815][T16055] veth1_macvtap: entered promiscuous mode [ 650.467691][T16055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.499636][T16055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.511091][T16215] program syz.4.2374 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 650.524244][T16055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.559050][T16055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.592308][T16055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.624209][T16055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.653199][T16055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.683607][T16055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.711869][T16055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.742332][T16055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.779426][T16055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 650.792202][T16055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.813961][ T5294] cdc_ncm 2-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 650.822390][T16055] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 650.833903][ T5294] cdc_ncm 2-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 650.848619][ T5294] cdc_ncm 2-1:1.0: setting rx_max = 2048 [ 650.863274][T16055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.874413][T16055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.884621][T16055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.895799][T16055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.909521][T16055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.920540][T16055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.930725][T16055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.941642][T16055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.951659][T16055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.962290][T16055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 650.973293][T16055] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 650.986362][T16055] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 651.000199][T16055] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 651.012226][T16055] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.021306][T16055] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.030203][T16055] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.038980][T16055] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 651.154509][ T70] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 651.181195][ T5281] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 651.198268][ T70] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 651.269147][ T2561] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 651.269176][ T2561] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 651.319649][ T5294] cdc_ncm 2-1:1.0: setting tx_max = 88 [ 651.324739][ T5294] cdc_ncm 2-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.1-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 651.329402][ T5281] usb 5-1: device descriptor read/64, error -71 [ 651.363378][ T5294] usb 2-1: USB disconnect, device number 84 [ 651.364247][ T5294] cdc_ncm 2-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.1-1, CDC NCM (NO ZLP) [ 651.589497][ T5281] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 651.607521][T16238] FAULT_INJECTION: forcing a failure. [ 651.607521][T16238] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 651.639051][T16238] CPU: 1 UID: 0 PID: 16238 Comm: syz.2.2378 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 651.649551][T16238] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 651.659659][T16238] Call Trace: [ 651.662979][T16238] [ 651.665954][T16238] dump_stack_lvl+0x241/0x360 [ 651.670693][T16238] ? __pfx_dump_stack_lvl+0x10/0x10 [ 651.676082][T16238] ? __pfx__printk+0x10/0x10 [ 651.680720][T16238] ? snprintf+0xda/0x120 [ 651.685048][T16238] should_fail_ex+0x3b0/0x4e0 [ 651.689763][T16238] _copy_to_user+0x2f/0xb0 [ 651.694239][T16238] simple_read_from_buffer+0xca/0x150 [ 651.699761][T16238] proc_fail_nth_read+0x1e9/0x250 [ 651.704854][T16238] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 651.710468][T16238] ? rw_verify_area+0x55e/0x6f0 [ 651.715378][T16238] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 651.720988][T16238] vfs_read+0x201/0xbc0 [ 651.725201][T16238] ? __pfx_lock_release+0x10/0x10 [ 651.730458][T16238] ? do_sys_openat2+0x17a/0x1d0 [ 651.735583][T16238] ? __pfx_vfs_read+0x10/0x10 [ 651.740341][T16238] ? __fget_files+0x3f3/0x470 [ 651.745083][T16238] ? __fdget_pos+0x24e/0x320 [ 651.749752][T16238] ksys_read+0x1a0/0x2c0 [ 651.754069][T16238] ? __pfx_ksys_read+0x10/0x10 [ 651.759165][T16238] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 651.765813][T16238] ? lockdep_hardirqs_on+0x99/0x150 [ 651.771072][T16238] __do_fast_syscall_32+0xb4/0x110 [ 651.776275][T16238] ? exc_page_fault+0x590/0x8c0 [ 651.781197][T16238] do_fast_syscall_32+0x34/0x80 [ 651.786296][T16238] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 651.792685][T16238] RIP: 0023:0xf740d579 [ 651.796803][T16238] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 651.816461][T16238] RSP: 002b:00000000f56f65a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 651.825025][T16238] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f56f6620 [ 651.833174][T16238] RDX: 000000000000000f RSI: 00000000f73fbff4 RDI: 0000000000000000 [ 651.841203][T16238] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 651.849746][T16238] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 651.857792][T16238] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 651.865844][T16238] [ 651.942796][ T5281] usb 5-1: device descriptor read/64, error -71 [ 652.086849][ T5281] usb usb5-port1: attempt power cycle [ 652.450961][ T5281] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 652.459402][ T5279] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 652.500031][ T5281] usb 5-1: device descriptor read/8, error -71 [ 652.521185][T16270] dvmrp4: entered allmulticast mode [ 652.539394][ T5294] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 652.592347][T16274] netlink: 'syz.3.2385': attribute type 4 has an invalid length. [ 652.619538][ T5279] usb 3-1: Using ep0 maxpacket: 32 [ 652.627491][ T5279] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 652.668069][ T5279] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 652.720352][ T5279] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 652.741483][ T5279] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 652.767087][ T5279] usb 3-1: config 0 descriptor?? [ 652.843269][ T5279] hub 3-1:0.0: bad descriptor, ignoring hub [ 652.851343][ T5294] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 652.867985][ T5294] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 652.879399][ T5281] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 652.897496][ T5279] hub 3-1:0.0: probe with driver hub failed with error -5 [ 652.924350][ T5294] usb 2-1: config 0 descriptor?? [ 652.936364][ T5294] cp210x 2-1:0.0: cp210x converter detected [ 652.945134][ T5281] usb 5-1: device descriptor read/8, error -71 [ 652.975659][ T5279] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 653.059804][ T5281] usb usb5-port1: unable to enumerate USB device [ 653.139609][ T5294] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 653.148217][ T5294] cp210x 2-1:0.0: querying part number failed [ 653.184281][ T5294] usb 2-1: cp210x converter now attached to ttyUSB0 [ 653.236183][ T5294] usb 2-1: USB disconnect, device number 85 [ 653.353124][ T5294] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 653.425872][ T5294] cp210x 2-1:0.0: device disconnected [ 653.473154][T16288] af_packet: tpacket_rcv: packet too big, clamped from 59644 to 3952. macoff=96 [ 653.919556][ T9] usb 4-1: new high-speed USB device number 98 using dummy_hcd [ 653.960130][ T5294] usb 3-1: USB disconnect, device number 90 [ 654.099753][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 654.109325][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 654.118058][ T9] usb 4-1: config 8 has an invalid interface number: 43 but max is 0 [ 654.126711][ T9] usb 4-1: config 8 has no interface number 0 [ 654.135198][ T9] usb 4-1: config 8 interface 43 has no altsetting 0 [ 654.139723][ T5277] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 654.144260][ T9] usb 4-1: New USB device found, idVendor=05ac, idProduct=024a, bcdDevice=74.28 [ 654.159098][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 654.169143][ T9] usb 4-1: Product: syz [ 654.173421][ T9] usb 4-1: Manufacturer: syz [ 654.178048][ T9] usb 4-1: SerialNumber: syz [ 654.289558][ T8] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 654.309612][ T5277] usb 2-1: Using ep0 maxpacket: 8 [ 654.318645][ T5277] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 654.337303][ T5277] usb 2-1: New USB device found, idVendor=13d3, idProduct=3340, bcdDevice=ab.0b [ 654.346515][ T5277] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.360396][ T5277] usb 2-1: config 0 descriptor?? [ 654.401319][ T5277] r8712u: register rtl8712_netdev_ops to netdev_ops [ 654.420351][ T29] audit: type=1326 audit(1727003660.219:998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7f579 code=0x7ffc0000 [ 654.449941][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 654.451435][ T5277] usb 2-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 654.480913][ T29] audit: type=1326 audit(1727003660.219:999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=289 compat=1 ip=0xf7f7f579 code=0x7ffc0000 [ 654.509386][ T29] audit: type=1326 audit(1727003660.219:1000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7f579 code=0x7ffc0000 [ 654.511004][ T8] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 654.546955][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 654.549608][ T29] audit: type=1326 audit(1727003660.219:1001): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f7f579 code=0x7ffc0000 [ 654.564990][ T8] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 654.601821][ T29] audit: type=1326 audit(1727003660.219:1002): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7f579 code=0x7ffc0000 [ 654.608059][ T8] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 654.624884][ T29] audit: type=1326 audit(1727003660.219:1003): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7f579 code=0x7ffc0000 [ 654.637558][ T8] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 654.660047][ T29] audit: type=1326 audit(1727003660.219:1004): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f7f579 code=0x7ffc0000 [ 654.668956][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 654.692096][ T29] audit: type=1326 audit(1727003660.219:1005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7f579 code=0x7ffc0000 [ 654.692142][ T29] audit: type=1326 audit(1727003660.219:1006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f7f579 code=0x7ffc0000 [ 654.692176][ T29] audit: type=1326 audit(1727003660.219:1007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16291 comm="syz.3.2387" exe="/root/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf7f7f579 code=0x7ffc0000 [ 654.770779][ C0] vkms_vblank_simulate: vblank timer overrun [ 655.011305][ T8] usb 5-1: GET_CAPABILITIES returned 0 [ 655.016994][ T8] usbtmc 5-1:16.0: can't read capabilities [ 655.039880][ T5277] usb 2-1: r8712u: Boot from EFUSE: Autoload Failed [ 655.046559][ T5277] usb 2-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 655.069435][ T5277] usb 2-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 655.274126][ T5277] usb 5-1: USB disconnect, device number 94 [ 655.311724][ T9] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:8.43/input/input58 [ 655.344245][ T4666] bcm5974 4-1:8.43: could not read from device [ 655.362175][ T9] usb 4-1: USB disconnect, device number 98 [ 655.390213][ T5281] usb 2-1: USB disconnect, device number 86 [ 655.402618][ T4666] bcm5974 4-1:8.43: could not read from device [ 655.683586][T16325] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2396'. [ 656.003641][T16345] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2399'. [ 656.179487][ T5281] usb 4-1: new low-speed USB device number 99 using dummy_hcd [ 656.320928][ T5281] usb 4-1: device descriptor read/64, error -71 [ 656.569457][ T5281] usb 4-1: new low-speed USB device number 100 using dummy_hcd [ 656.699484][ T5281] usb 4-1: device descriptor read/64, error -71 [ 656.810079][ T5281] usb usb4-port1: attempt power cycle [ 657.159974][ T5281] usb 4-1: new low-speed USB device number 101 using dummy_hcd [ 657.200716][ T5281] usb 4-1: device descriptor read/8, error -71 [ 657.449498][ T5281] usb 4-1: new low-speed USB device number 102 using dummy_hcd [ 657.480163][ T5281] usb 4-1: device descriptor read/8, error -71 [ 657.597810][ T5281] usb usb4-port1: unable to enumerate USB device [ 658.014210][ T35] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.126656][ T35] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.284990][T16396] netlink: 'syz.2.2417': attribute type 12 has an invalid length. [ 658.302918][T16396] netlink: 'syz.2.2417': attribute type 29 has an invalid length. [ 658.321037][T16396] netlink: 'syz.2.2417': attribute type 2 has an invalid length. [ 658.342291][T16396] netlink: 'syz.2.2417': attribute type 2 has an invalid length. [ 658.385935][T16396] netlink: 'syz.2.2417': attribute type 1 has an invalid length. [ 658.403051][T16396] netlink: 'syz.2.2417': attribute type 37 has an invalid length. [ 658.420154][T16396] netlink: 'syz.2.2417': attribute type 2 has an invalid length. [ 658.452341][T16396] bridge0: port 1(bridge_slave_0) entered disabled state [ 658.552373][ T35] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.646755][ T5230] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 658.716167][ T35] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 658.743398][ T5230] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 658.758687][ T5230] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 658.779793][ T5230] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 658.788827][ T5230] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 658.799611][ T5230] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 659.111174][ T35] bridge_slave_1: left allmulticast mode [ 659.116907][ T35] bridge_slave_1: left promiscuous mode [ 659.144811][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 659.188921][ T35] bridge_slave_0: left allmulticast mode [ 659.210687][ T35] bridge_slave_0: left promiscuous mode [ 659.216530][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 659.243197][T16420] netlink: 24 bytes leftover after parsing attributes in process `syz.0.2421'. [ 659.524594][T16425] FAULT_INJECTION: forcing a failure. [ 659.524594][T16425] name failslab, interval 1, probability 0, space 0, times 0 [ 659.548342][T16425] CPU: 0 UID: 0 PID: 16425 Comm: syz.1.2425 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 659.558839][T16425] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 659.569120][T16425] Call Trace: [ 659.572434][T16425] [ 659.575382][T16425] dump_stack_lvl+0x241/0x360 [ 659.580120][T16425] ? __pfx_dump_stack_lvl+0x10/0x10 [ 659.585360][T16425] ? __pfx__printk+0x10/0x10 [ 659.590001][T16425] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 659.596032][T16425] ? __pfx___might_resched+0x10/0x10 [ 659.601357][T16425] should_fail_ex+0x3b0/0x4e0 [ 659.606103][T16425] should_failslab+0xac/0x100 [ 659.610824][T16425] ? __alloc_skb+0x1c3/0x440 [ 659.615480][T16425] kmem_cache_alloc_node_noprof+0x71/0x320 [ 659.621327][T16425] __alloc_skb+0x1c3/0x440 [ 659.625800][T16425] ? __pfx___alloc_skb+0x10/0x10 [ 659.630785][T16425] ? netlink_ack_tlv_len+0x6e/0x200 [ 659.636017][T16425] netlink_ack+0x13f/0xa30 [ 659.640544][T16425] ? __pfx_lock_acquire+0x10/0x10 [ 659.645610][T16425] ? __pfx_ethnl_default_doit+0x10/0x10 [ 659.651212][T16425] netlink_rcv_skb+0x262/0x430 [ 659.656003][T16425] ? __pfx_genl_rcv_msg+0x10/0x10 [ 659.661057][T16425] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 659.666400][T16425] ? __netlink_deliver_tap+0x77e/0x7c0 [ 659.671932][T16425] genl_rcv+0x28/0x40 [ 659.675950][T16425] netlink_unicast+0x7f6/0x990 [ 659.680745][T16425] ? __pfx_netlink_unicast+0x10/0x10 [ 659.686066][T16425] ? __virt_addr_valid+0x183/0x530 [ 659.691218][T16425] ? __check_object_size+0x48e/0x900 [ 659.696542][T16425] netlink_sendmsg+0x8e4/0xcb0 [ 659.701378][T16425] ? __pfx_netlink_sendmsg+0x10/0x10 [ 659.706722][T16425] ? __pfx_lock_release+0x10/0x10 [ 659.711789][T16425] ? aa_sock_msg_perm+0x91/0x160 [ 659.716749][T16425] ? __pfx_netlink_sendmsg+0x10/0x10 [ 659.722064][T16425] __sock_sendmsg+0x221/0x270 [ 659.726878][T16425] ____sys_sendmsg+0x52a/0x7e0 [ 659.731688][T16425] ? __pfx_____sys_sendmsg+0x10/0x10 [ 659.737017][T16425] __sys_sendmsg+0x2aa/0x390 [ 659.741637][T16425] ? __pfx___sys_sendmsg+0x10/0x10 [ 659.746792][T16425] ? vfs_write+0x7bf/0xc90 [ 659.751693][T16425] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 659.758316][T16425] ? lockdep_hardirqs_on+0x99/0x150 [ 659.763716][T16425] __do_fast_syscall_32+0xb4/0x110 [ 659.768865][T16425] ? exc_page_fault+0x590/0x8c0 [ 659.773745][T16425] do_fast_syscall_32+0x34/0x80 [ 659.778692][T16425] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 659.785060][T16425] RIP: 0023:0xf7fbf579 [ 659.789196][T16425] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 659.808825][T16425] RSP: 002b:00000000f574656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 659.817283][T16425] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000b40 [ 659.825281][T16425] RDX: 0000000020008080 RSI: 0000000000000000 RDI: 0000000000000000 [ 659.833325][T16425] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 659.841321][T16425] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 659.849338][T16425] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 659.857371][T16425] [ 659.860526][ C0] vkms_vblank_simulate: vblank timer overrun [ 660.212377][T16439] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2431'. [ 660.660196][ T35] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 660.673178][ T35] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 660.685196][ T35] bond0 (unregistering): Released all slaves [ 660.929538][ T5232] Bluetooth: hci2: command tx timeout [ 661.150084][ T35] hsr_slave_0: left promiscuous mode [ 661.168213][ T35] hsr_slave_1: left promiscuous mode [ 661.175658][T16464] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2434'. [ 661.190219][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 661.206254][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 661.217943][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 661.246351][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 661.290815][ T35] veth1_macvtap: left promiscuous mode [ 661.296707][ T35] veth0_macvtap: left promiscuous mode [ 661.303193][ T35] veth1_vlan: left promiscuous mode [ 661.308813][ T35] veth0_vlan: left promiscuous mode [ 661.966685][ T35] team0 (unregistering): Port device team_slave_1 removed [ 662.021348][ T35] team0 (unregistering): Port device team_slave_0 removed [ 662.697226][T16464] tipc: Enabling of bearer rejected, failed to enable media [ 662.858599][T16405] chnl_net:caif_netlink_parms(): no params data found [ 663.001595][ T5232] Bluetooth: hci2: command tx timeout [ 663.105148][T16484] netlink: 112 bytes leftover after parsing attributes in process `syz.0.2439'. [ 663.161157][T16405] bridge0: port 1(bridge_slave_0) entered blocking state [ 663.166475][T16484] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2439'. [ 663.168292][T16405] bridge0: port 1(bridge_slave_0) entered disabled state [ 663.246543][T16405] bridge_slave_0: entered allmulticast mode [ 663.275318][T16405] bridge_slave_0: entered promiscuous mode [ 663.333077][T16405] bridge0: port 2(bridge_slave_1) entered blocking state [ 663.387853][T16405] bridge0: port 2(bridge_slave_1) entered disabled state [ 663.415653][T16405] bridge_slave_1: entered allmulticast mode [ 663.451466][T16405] bridge_slave_1: entered promiscuous mode [ 663.592994][T16405] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 663.633613][T16405] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 663.797631][T16405] team0: Port device team_slave_0 added [ 663.842149][T16405] team0: Port device team_slave_1 added [ 664.046520][T16518] dvmrp4: entered allmulticast mode [ 664.102559][T16405] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 664.115128][T16405] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.141094][ C0] vkms_vblank_simulate: vblank timer overrun [ 664.175644][T16405] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 664.197592][T16518] netlink: 'syz.1.2447': attribute type 4 has an invalid length. [ 664.248415][T16405] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 664.272157][T16405] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 664.324345][T16405] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 664.506868][T16405] hsr_slave_0: entered promiscuous mode [ 664.523758][T16405] hsr_slave_1: entered promiscuous mode [ 664.534842][T16405] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 664.556044][T16405] Cannot create hsr debugfs directory [ 664.883020][ T8] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 665.040136][ T8] usb 4-1: Using ep0 maxpacket: 16 [ 665.041841][ T8] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD3, changing to 0x83 [ 665.041878][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 665.041911][ T8] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 665.041950][ T8] usb 4-1: New USB device found, idVendor=0458, idProduct=5005, bcdDevice= 0.00 [ 665.041978][ T8] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 665.044176][ T8] usb 4-1: config 0 descriptor?? [ 665.049867][ T9] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 665.091516][ T5232] Bluetooth: hci2: command tx timeout [ 665.229631][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 665.241955][ T9] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 665.255541][ T9] usb 3-1: config 0 has no interface number 0 [ 665.275013][ T9] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 665.292293][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 665.310161][ T9] usb 3-1: Product: syz [ 665.338601][ T9] usb 3-1: Manufacturer: syz [ 665.355328][ T9] usb 3-1: SerialNumber: syz [ 665.365568][ T9] usb 3-1: config 0 descriptor?? [ 665.380425][ T9] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 665.457044][T16526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 665.480469][T16526] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 665.537671][ T8] input: HID 0458:5005 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5005.0027/input/input59 [ 665.591761][ T8] input: HID 0458:5005 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5005.0027/input/input60 [ 665.617676][T16405] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 665.660795][T16405] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 665.687683][ T8] kye 0003:0458:5005.0027: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0458:5005] on usb-dummy_hcd.3-1/input0 [ 665.706312][ C0] raw-gadget.1 gadget.3: ignoring, device is not running [ 665.727188][T16405] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 665.743185][ T8] usb 4-1: USB disconnect, device number 103 [ 665.769167][T16405] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 665.927010][T16405] 8021q: adding VLAN 0 to HW filter on device bond0 [ 665.969913][T16405] 8021q: adding VLAN 0 to HW filter on device team0 [ 665.993718][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 666.000926][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 666.039064][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 666.046309][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 666.050745][ T9] gspca_spca1528: reg_w err -71 [ 666.089994][ T9] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71 [ 666.112687][ T9] usb 3-1: USB disconnect, device number 91 [ 666.164410][T16405] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 666.227864][T16405] veth0_vlan: entered promiscuous mode [ 666.270133][T16405] veth1_vlan: entered promiscuous mode [ 666.372486][T16405] veth0_macvtap: entered promiscuous mode [ 666.405206][T16405] veth1_macvtap: entered promiscuous mode [ 666.442399][T16405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 666.463670][T16405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.507459][T16405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 666.528347][T16405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.549407][T16405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 666.576869][T16405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.590683][T16405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 666.629356][T16405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.646929][T16405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 666.679429][T16405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.701137][T16405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 666.719146][T16405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.741249][T16405] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 666.766986][T16405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 666.789474][ T8] usb 4-1: new high-speed USB device number 104 using dummy_hcd [ 666.809176][T16405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.839651][T16405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 666.859433][T16405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.879442][T16405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 666.899394][T16405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.933195][T16405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 666.951273][ T8] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 666.965313][T16405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 666.979444][ T8] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 666.999425][T16405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 667.039519][T16405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.056943][T16405] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 667.070738][T16405] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 667.082726][T16405] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 667.095142][T16405] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.104120][T16405] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.112953][T16405] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.121742][T16405] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 667.157946][ T8] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 667.167338][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 667.184130][ T5232] Bluetooth: hci2: command tx timeout [ 667.199372][ T8] usb 4-1: Product: syz [ 667.223044][ T8] usb 4-1: Manufacturer: syz [ 667.227747][ T8] usb 4-1: SerialNumber: syz [ 667.252428][ T8] cdc_ncm 4-1:1.0: skipping garbage [ 667.257761][ T8] cdc_ncm 4-1:1.0: NCM or ECM functional descriptors missing [ 667.270065][ T8] cdc_ncm 4-1:1.0: bind() failure [ 667.277363][ T8] usbtest 4-1:1.0: couldn't get endpoints, -22 [ 667.284600][ T8] usbtest 4-1:1.0: probe with driver usbtest failed with error -22 [ 667.311609][ T8] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 667.323385][ T2561] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 667.335648][ T8] cdc_ncm 4-1:1.1: bind() failure [ 667.349745][ T8] usbtest 4-1:1.1: couldn't get endpoints, -22 [ 667.361603][ T8] usbtest 4-1:1.1: probe with driver usbtest failed with error -22 [ 667.362419][ T2561] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 667.424009][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 667.442439][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 667.685375][ T5294] usb 4-1: USB disconnect, device number 104 [ 667.714945][T16595] netlink: 'syz.4.2416': attribute type 8 has an invalid length. [ 667.870327][T16603] netlink: 'syz.4.2460': attribute type 10 has an invalid length. [ 668.209399][ T9] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 668.389401][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 668.406082][ T9] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 668.430185][ T9] usb 5-1: config 1 has an invalid interface descriptor of length 3, skipping [ 668.459430][ T9] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 668.475169][ T9] usb 5-1: config 1 has no interface number 1 [ 668.510325][ T9] usb 5-1: config 1 interface 2 altsetting 254 has 0 endpoint descriptors, different from the interface descriptor's value: 9 [ 668.558055][ T9] usb 5-1: config 1 interface 2 has no altsetting 2 [ 668.600329][ T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 668.629944][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 668.638018][ T9] usb 5-1: Product: syz [ 668.663688][ T9] usb 5-1: Manufacturer: syz [ 668.668357][ T9] usb 5-1: SerialNumber: syz [ 668.812898][ T5281] usb 4-1: new full-speed USB device number 105 using dummy_hcd [ 668.983864][ T9] usb 5-1: USB disconnect, device number 95 [ 669.003229][ T5281] usb 4-1: config 0 has no interfaces? [ 669.020819][ T5281] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 669.035623][T15761] udevd[15761]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 669.035657][ T5281] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.062645][ T5281] usb 4-1: Product: syz [ 669.073364][ T5281] usb 4-1: Manufacturer: 剋庴꠰䟷骣랹ஶ澶臲灐꣞䳚헛믟ꦸ묹馳銸ⷼ刜蜚黁绲匁퓒ᑂ캶鞦効樤㚸௾ऎ苔跺ൟ發慓ׯ雼㰪窄뀒筷해卾誝眞摁席旾쥻뼆체朖럄녁꫻뇅墯熧醵ꄽ觨ዙ鼵攽礠τ浠鼖焦ງ밺륗体 [ 669.122446][ T5281] usb 4-1: SerialNumber: syz [ 669.135446][ T5281] usb 4-1: config 0 descriptor?? [ 669.310200][ T5294] usb 3-1: new high-speed USB device number 92 using dummy_hcd [ 669.364994][ T5281] usb 4-1: USB disconnect, device number 105 [ 669.470114][ T5294] usb 3-1: Using ep0 maxpacket: 8 [ 669.485356][ T5294] usb 3-1: unable to get BOS descriptor or descriptor too short [ 669.498265][ T5294] usb 3-1: config 8 has an invalid interface number: 165 but max is 0 [ 669.507735][ T5294] usb 3-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 669.524414][ T5294] usb 3-1: config 8 has no interface number 0 [ 669.534596][ T5294] usb 3-1: config 8 interface 165 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 669.552647][ T5294] usb 3-1: config 8 interface 165 has no altsetting 0 [ 669.565746][ T5294] usb 3-1: string descriptor 0 read error: -22 [ 669.574910][ T5294] usb 3-1: New USB device found, idVendor=04d8, idProduct=fd08, bcdDevice=32.e3 [ 669.586290][ T5294] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 669.644862][ T5294] ir_toy 3-1:8.165: required endpoints not found [ 669.673076][T16653] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2473'. [ 669.831967][ T5294] usb 3-1: USB disconnect, device number 92 [ 670.134584][T16671] xt_socket: unknown flags 0x10 [ 670.665012][T16686] input: syz0 as /devices/virtual/input/input61 [ 670.676461][T16688] sctp: [Deprecated]: syz.2.2486 (pid 16688) Use of int in max_burst socket option deprecated. [ 670.676461][T16688] Use struct sctp_assoc_value instead [ 671.318612][ T29] kauditd_printk_skb: 24 callbacks suppressed [ 671.318633][ T29] audit: type=1326 audit(1727003677.119:1032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16701 comm="syz.2.2493" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf740d579 code=0x0 [ 671.421434][T16707] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2493'. [ 671.462163][ T8] usb 4-1: new high-speed USB device number 106 using dummy_hcd [ 671.485878][T16709] loop5: detected capacity change from 0 to 16384 [ 671.645405][ T8] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 671.655217][ T8] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 671.666951][ T8] usb 4-1: Product: syz [ 671.671525][ T8] usb 4-1: Manufacturer: syz [ 671.676363][ T8] usb 4-1: SerialNumber: syz [ 671.691014][ T8] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 671.823329][ T5276] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 672.400351][ T5281] usb 4-1: USB disconnect, device number 106 [ 672.840177][ T5232] Bluetooth: hci1: command 0x0c1a tx timeout [ 672.841319][ T5279] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 672.860923][ T5279] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 672.927462][T16726] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2499'. [ 672.934667][ T5276] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 672.966402][ T5276] ath9k_htc: Failed to initialize the device [ 673.003643][ T5281] usb 4-1: ath9k_htc: USB layer deinitialized [ 673.209211][T16730] netlink: 'syz.1.2500': attribute type 3 has an invalid length. [ 673.217483][T16730] netlink: 201372 bytes leftover after parsing attributes in process `syz.1.2500'. [ 673.771654][T16736] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2503'. [ 673.781383][T16736] netlink: 'syz.4.2503': attribute type 7 has an invalid length. [ 673.789134][T16736] netlink: 'syz.4.2503': attribute type 8 has an invalid length. [ 673.797771][T16736] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2503'. [ 675.079550][ T5279] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 675.080112][ T5232] Bluetooth: hci4: command 0x0c1a tx timeout [ 675.096979][ T5279] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 675.361693][T16744] coredump: 24(syz.4.2505): written to core: VMAs: 33, size 97423360; core: 71720702 bytes, pos 97427456 [ 677.239462][ T5279] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 677.240055][ T5232] Bluetooth: hci2: command 0x0c1a tx timeout [ 677.245917][ T5279] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 677.492905][T16755] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2510'. [ 677.651541][ T5281] usb 3-1: new low-speed USB device number 93 using dummy_hcd [ 677.809926][ T5281] usb 3-1: device descriptor read/64, error -71 [ 678.070251][ T5281] usb 3-1: new low-speed USB device number 94 using dummy_hcd [ 678.111775][ T5294] usb 4-1: new high-speed USB device number 107 using dummy_hcd [ 678.221529][ T5281] usb 3-1: device descriptor read/64, error -71 [ 678.280129][ T5294] usb 4-1: Using ep0 maxpacket: 8 [ 678.287315][ T5294] usb 4-1: unable to get BOS descriptor or descriptor too short [ 678.299229][ T5294] usb 4-1: config 15 has an invalid interface number: 175 but max is 0 [ 678.309166][ T5294] usb 4-1: config 15 has no interface number 0 [ 678.317183][ T5294] usb 4-1: config 15 interface 175 altsetting 157 has an invalid descriptor for endpoint zero, skipping [ 678.332650][ T5294] usb 4-1: config 15 interface 175 has no altsetting 0 [ 678.341076][ T5281] usb usb3-port1: attempt power cycle [ 678.351987][ T5294] usb 4-1: New USB device found, idVendor=046d, idProduct=08aa, bcdDevice=97.c9 [ 678.365239][ T5294] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 678.373835][ T5294] usb 4-1: Product: syz [ 678.380134][ T5294] usb 4-1: Manufacturer: syz [ 678.393458][ T5294] usb 4-1: SerialNumber: syz [ 678.400031][ T9] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 678.590593][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 678.597805][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 678.609298][ T9] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 678.620144][ T9] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 678.633227][ T9] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 678.642852][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 678.667323][ T5294] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08aa [ 678.682281][ T5294] gspca_zc3xx: reg_w_i err -71 [ 678.689545][ T5281] usb 3-1: new low-speed USB device number 95 using dummy_hcd [ 678.700219][ T9] usb 2-1: config 0 descriptor?? [ 678.710695][ T5281] usb 3-1: device descriptor read/8, error -71 [ 678.952753][ T5281] usb 3-1: new low-speed USB device number 96 using dummy_hcd [ 678.964862][T16771] netlink: 47 bytes leftover after parsing attributes in process `syz.1.2516'. [ 678.980408][ T5281] usb 3-1: device descriptor read/8, error -71 [ 679.065989][ T9] usbhid 2-1:0.0: can't add hid device: -71 [ 679.072344][ T9] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 679.091491][ T9] usb 2-1: USB disconnect, device number 87 [ 679.100459][ T5281] usb usb3-port1: unable to enumerate USB device [ 679.215286][T16780] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2520'. [ 679.263213][T16781] netlink: 60 bytes leftover after parsing attributes in process `syz.3.2520'. [ 679.276775][T16781] netlink: 'syz.3.2520': attribute type 1 has an invalid length. [ 679.280029][ T5294] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 679.304539][ T5294] gspca_zc3xx 4-1:15.175: probe with driver gspca_zc3xx failed with error -71 [ 679.330185][ T5294] usb 4-1: USB disconnect, device number 107 [ 680.742823][T16810] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2531'. [ 680.960118][T16814] bridge0: port 1(bridge_slave_0) entered disabled state [ 680.985164][T16814] bridge_slave_0: left promiscuous mode [ 680.995179][T16814] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.338379][T16818] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2535'. [ 681.354658][T16818] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.396158][T16818] bridge_slave_0 (unregistering): left allmulticast mode [ 681.404642][T16818] bridge_slave_0 (unregistering): left promiscuous mode [ 681.412550][T16818] bridge0: port 1(bridge_slave_0) entered disabled state [ 681.507136][T16820] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2536'. [ 681.664969][T16824] xt_socket: unknown flags 0x10 [ 681.985789][T16837] FAULT_INJECTION: forcing a failure. [ 681.985789][T16837] name failslab, interval 1, probability 0, space 0, times 0 [ 681.998941][T16837] CPU: 0 UID: 0 PID: 16837 Comm: syz.2.2543 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 682.000021][ T5281] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 682.009477][T16837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 682.009530][T16837] Call Trace: [ 682.009542][T16837] [ 682.009555][T16837] dump_stack_lvl+0x241/0x360 [ 682.009595][T16837] ? __pfx_dump_stack_lvl+0x10/0x10 [ 682.009625][T16837] ? __pfx__printk+0x10/0x10 [ 682.009657][T16837] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 682.009689][T16837] ? __pfx___might_resched+0x10/0x10 [ 682.009727][T16837] should_fail_ex+0x3b0/0x4e0 [ 682.009767][T16837] should_failslab+0xac/0x100 [ 682.009794][T16837] ? kvm_vcpu_ioctl+0x348/0xea0 [ 682.009824][T16837] __kmalloc_cache_noprof+0x6c/0x2c0 [ 682.009854][T16837] ? kfree+0x1a0/0x440 [ 682.009884][T16837] kvm_vcpu_ioctl+0x348/0xea0 [ 682.009920][T16837] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 682.009951][T16837] ? tomoyo_path_number_perm+0x208/0x880 [ 682.009989][T16837] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 682.010043][T16837] ? __pfx_lock_acquire+0x10/0x10 [ 682.010095][T16837] kvm_vcpu_compat_ioctl+0x23f/0x450 [ 682.010129][T16837] ? __pfx_kvm_vcpu_compat_ioctl+0x10/0x10 [ 682.010163][T16837] ? __fget_files+0x3f3/0x470 [ 682.010200][T16837] __se_compat_sys_ioctl+0x510/0xc90 [ 682.130970][T16837] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 682.136816][T16837] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 682.142824][T16837] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 682.149186][T16837] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 682.155797][T16837] ? lockdep_hardirqs_on+0x99/0x150 [ 682.161012][T16837] __do_fast_syscall_32+0xb4/0x110 [ 682.166141][T16837] ? exc_page_fault+0x590/0x8c0 [ 682.171009][T16837] do_fast_syscall_32+0x34/0x80 [ 682.175880][T16837] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 682.182263][T16837] RIP: 0023:0xf740d579 [ 682.186345][T16837] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 682.205975][T16837] RSP: 002b:00000000f56f656c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 682.214421][T16837] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 000000008138ae83 [ 682.222406][T16837] RDX: 0000000020000080 RSI: 0000000000000000 RDI: 0000000000000000 [ 682.230391][T16837] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 682.238380][T16837] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 682.246364][T16837] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 682.254370][T16837] [ 682.339988][ T5281] usb 2-1: Using ep0 maxpacket: 8 [ 682.360179][ T5281] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 682.377874][ T5281] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 682.396561][ T5281] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 682.409920][ T5281] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 682.421683][ T5281] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 682.438882][ T5281] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 682.449225][ T5281] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 682.463075][ T5281] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 682.475715][ T5281] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 682.487636][ T5281] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 682.551078][ T5281] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 682.558562][ T5281] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 682.580122][ T5281] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 682.608676][ T5281] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 682.658945][ T5281] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 682.693347][ T5281] usb 2-1: string descriptor 0 read error: -22 [ 682.700089][ T5281] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 682.714856][ T5281] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 682.759595][ T5281] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 683.023523][T16854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 683.061759][T16854] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 683.658372][T16866] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2552'. [ 683.686635][T16868] FAULT_INJECTION: forcing a failure. [ 683.686635][T16868] name failslab, interval 1, probability 0, space 0, times 0 [ 683.717609][T16868] CPU: 0 UID: 0 PID: 16868 Comm: syz.2.2553 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 683.728121][T16868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 683.738227][T16868] Call Trace: [ 683.741550][T16868] [ 683.744519][T16868] dump_stack_lvl+0x241/0x360 [ 683.749254][T16868] ? __pfx_dump_stack_lvl+0x10/0x10 [ 683.754506][T16868] ? __pfx__printk+0x10/0x10 [ 683.759144][T16868] ? kmem_cache_alloc_noprof+0x44/0x2a0 [ 683.764748][T16868] ? __pfx___might_resched+0x10/0x10 [ 683.770176][T16868] should_fail_ex+0x3b0/0x4e0 [ 683.774907][T16868] ? __kernfs_new_node+0xd8/0x870 [ 683.779994][T16868] should_failslab+0xac/0x100 [ 683.784719][T16868] ? __kernfs_new_node+0xd8/0x870 [ 683.789803][T16868] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 683.795235][T16868] __kernfs_new_node+0xd8/0x870 [ 683.800155][T16868] ? mark_lock+0x9a/0x360 [ 683.804539][T16868] ? __pfx___kernfs_new_node+0x10/0x10 [ 683.810021][ T5281] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 683.810134][T16868] ? __lock_acquire+0x1384/0x2050 [ 683.810196][T16868] kernfs_new_node+0x137/0x240 [ 683.827608][T16868] __kernfs_create_file+0x49/0x2e0 [ 683.832777][T16868] sysfs_add_file_mode_ns+0x24a/0x310 [ 683.838211][T16868] internal_create_group+0x7a7/0x11d0 [ 683.843865][T16868] ? __pfx_internal_create_group+0x10/0x10 [ 683.849767][T16868] sysfs_create_groups+0x56/0x120 [ 683.854854][T16868] device_add_attrs+0x137/0x600 [ 683.859774][T16868] ? __pfx_device_add_attrs+0x10/0x10 [ 683.865197][T16868] ? kobject_put+0x446/0x480 [ 683.869853][T16868] device_add+0x576/0xbf0 [ 683.874246][T16868] input_register_device+0xa53/0x1110 [ 683.879696][T16868] uinput_create_device+0x40e/0x630 [ 683.884968][T16868] uinput_ioctl_handler+0x488/0x1770 [ 683.890318][T16868] ? __pfx_uinput_ioctl_handler+0x10/0x10 [ 683.896111][T16868] ? __fget_files+0x3f3/0x470 [ 683.900852][T16868] __se_compat_sys_ioctl+0x510/0xc90 [ 683.906206][T16868] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 683.912087][T16868] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 683.918165][T16868] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 683.924563][T16868] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 683.931215][T16868] ? lockdep_hardirqs_on+0x99/0x150 [ 683.936477][T16868] __do_fast_syscall_32+0xb4/0x110 [ 683.941652][T16868] ? exc_page_fault+0x590/0x8c0 [ 683.946570][T16868] do_fast_syscall_32+0x34/0x80 [ 683.951482][T16868] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 683.957874][T16868] RIP: 0023:0xf740d579 [ 683.962023][T16868] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 683.981722][T16868] RSP: 002b:00000000f56f656c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 683.981935][ T5281] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 683.990167][T16868] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000000005501 [ 683.990192][T16868] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 683.990208][T16868] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 683.990223][T16868] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 683.990239][T16868] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 683.990269][T16868] [ 684.021962][T16870] sctp: [Deprecated]: syz.0.2554 (pid 16870) Use of int in max_burst socket option deprecated. [ 684.021962][T16870] Use struct sctp_assoc_value instead [ 684.042017][ T5281] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 684.081425][ T5281] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 684.100603][ T5281] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 684.117195][ T5281] usb 5-1: SerialNumber: syz [ 684.203974][T16872] vimc link validate: Scaler:src:16x16 (0x34324142, 4, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 684.365341][ T5281] usb 5-1: 0:2 : does not exist [ 684.450315][ T5281] usb 5-1: USB disconnect, device number 96 [ 684.827870][ T8] usb 2-1: USB disconnect, device number 88 [ 684.906015][T16887] vlan3: entered promiscuous mode [ 685.354537][T16906] fuse: Bad value for 'fd' [ 685.735668][T16903] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 685.768294][T16903] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 685.790647][T16903] bond0 (unregistering): Released all slaves [ 686.041736][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 686.048168][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 686.201865][T16920] netlink: 'syz.1.2571': attribute type 1 has an invalid length. [ 686.479483][ T9] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 686.660279][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 686.667851][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 686.684877][ T9] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 4 [ 686.695200][ T9] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 686.712053][ T9] usb 2-1: Duplicate descriptor for config 0 interface 0 altsetting 0, skipping [ 686.746106][ T9] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 686.765867][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 686.786227][ T9] usb 2-1: Product: syz [ 686.799760][ T9] usb 2-1: Manufacturer: syz [ 686.804717][ T9] usb 2-1: SerialNumber: syz [ 686.836626][ T9] usb 2-1: config 0 descriptor?? [ 686.871298][ T9] usb 2-1: selecting invalid altsetting 1 [ 686.878810][ T9] usb 2-1: Can not set alternate setting to 1, error: -22 [ 686.894773][ T9] synaptics_usb 2-1:0.0: probe with driver synaptics_usb failed with error -22 [ 687.085971][ T5294] usb 2-1: USB disconnect, device number 89 [ 687.211849][T16936] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 687.480241][T16944] tipc: Failed to obtain node identity [ 687.496154][T16944] tipc: Enabling of bearer rejected, failed to enable media [ 687.656722][T16948] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2578'. [ 687.789899][ T5294] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 687.946135][T16962] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2584'. [ 687.957181][T16962] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2584'. [ 687.969002][ T5294] usb 4-1: config 0 has an invalid interface number: 3 but max is 0 [ 687.978561][ T5294] usb 4-1: config 0 has no interface number 0 [ 688.011724][ T5294] usb 4-1: New USB device found, idVendor=0abf, idProduct=3370, bcdDevice=2f.2c [ 688.042159][ T5294] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 688.100119][ T5294] usb 4-1: Product: syz [ 688.116987][ T5294] usb 4-1: Manufacturer: syz [ 688.131675][ T5294] usb 4-1: SerialNumber: syz [ 688.165896][ T5294] usb 4-1: config 0 descriptor?? [ 688.390831][T16944] usb usb7: usbfs: interface 0 claimed by hub while 'syz.3.2576' resets device [ 688.403563][ T5294] usb 4-1: USB disconnect, device number 108 [ 688.970940][T16983] bridge0: port 2(bridge_slave_1) entered disabled state [ 689.080143][ T5294] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 689.220032][ T5294] usb 2-1: device descriptor read/64, error -71 [ 689.460110][ T5294] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 689.600290][ T5294] usb 2-1: device descriptor read/64, error -71 [ 689.720910][ T5294] usb usb2-port1: attempt power cycle [ 690.089966][ T5294] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 690.120778][ T5294] usb 2-1: device descriptor read/8, error -71 [ 690.361628][ T5294] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 690.390650][ T5294] usb 2-1: device descriptor read/8, error -71 [ 690.506017][ T5294] usb usb2-port1: unable to enumerate USB device [ 690.979835][ T5294] usb 4-1: new high-speed USB device number 109 using dummy_hcd [ 691.102261][T17018] FAULT_INJECTION: forcing a failure. [ 691.102261][T17018] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 691.116832][T17018] CPU: 0 UID: 0 PID: 17018 Comm: syz.2.2607 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 691.127316][T17018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 691.137406][T17018] Call Trace: [ 691.140713][T17018] [ 691.143682][T17018] dump_stack_lvl+0x241/0x360 [ 691.144244][ T5294] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 691.148392][T17018] ? __pfx_dump_stack_lvl+0x10/0x10 [ 691.148431][T17018] ? __pfx__printk+0x10/0x10 [ 691.148462][T17018] ? __pfx_lock_release+0x10/0x10 [ 691.148495][T17018] ? aa_file_perm+0x137/0xf50 [ 691.171331][ T5294] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 691.174405][T17018] ? aa_file_perm+0x3ef/0xf50 [ 691.174442][T17018] ? get_synthdev+0x117/0x2c0 [ 691.174476][T17018] should_fail_ex+0x3b0/0x4e0 [ 691.174515][T17018] _copy_from_user+0x2f/0xe0 [ 691.186341][ T5294] usb 4-1: New USB device found, idVendor=0b05, idProduct=17e0, bcdDevice= 0.00 [ 691.188970][T17018] snd_seq_oss_write+0x5a9/0xbb0 [ 691.189024][T17018] ? __pfx_snd_seq_oss_write+0x10/0x10 [ 691.197140][ T5294] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 691.198345][T17018] ? common_file_perm+0x1a6/0x210 [ 691.198382][T17018] ? bpf_lsm_file_permission+0x9/0x10 [ 691.218356][ T5294] usb 4-1: config 0 descriptor?? [ 691.222215][T17018] ? security_file_permission+0x74/0x280 [ 691.222264][T17018] odev_write+0x5b/0x80 [ 691.222289][T17018] ? __pfx_odev_write+0x10/0x10 [ 691.222322][T17018] vfs_write+0x29c/0xc90 [ 691.222364][T17018] ? __pfx_vfs_write+0x10/0x10 [ 691.222398][T17018] ? __fget_files+0x29/0x470 [ 691.222424][T17018] ? __fget_files+0x3f3/0x470 [ 691.222447][T17018] ? __fget_files+0x29/0x470 [ 691.222477][T17018] ? __fdget_pos+0x19a/0x320 [ 691.222504][T17018] ksys_write+0x1a0/0x2c0 [ 691.222542][T17018] ? __pfx_ksys_write+0x10/0x10 [ 691.222579][T17018] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 691.222610][T17018] ? lockdep_hardirqs_on+0x99/0x150 [ 691.222640][T17018] __do_fast_syscall_32+0xb4/0x110 [ 691.222671][T17018] ? exc_page_fault+0x590/0x8c0 [ 691.222701][T17018] do_fast_syscall_32+0x34/0x80 [ 691.222732][T17018] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 691.222764][T17018] RIP: 0023:0xf740d579 [ 691.222786][T17018] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 691.222806][T17018] RSP: 002b:00000000f56f656c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 691.222832][T17018] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000020000080 [ 691.222858][T17018] RDX: 0000000000000265 RSI: 0000000000000000 RDI: 0000000000000000 [ 691.222874][T17018] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 691.222889][T17018] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 691.222904][T17018] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 691.222933][T17018] [ 691.367077][ C1] vkms_vblank_simulate: vblank timer overrun [ 691.979998][T17029] FAULT_INJECTION: forcing a failure. [ 691.979998][T17029] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 692.039723][T17029] CPU: 0 UID: 0 PID: 17029 Comm: syz.4.2611 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 692.050228][T17029] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 692.060325][T17029] Call Trace: [ 692.063649][T17029] [ 692.066718][T17029] dump_stack_lvl+0x241/0x360 [ 692.072017][T17029] ? __pfx_dump_stack_lvl+0x10/0x10 [ 692.074319][ T5294] usbhid 4-1:0.0: can't add hid device: -71 [ 692.077431][T17029] ? __pfx__printk+0x10/0x10 [ 692.077512][T17029] ? snprintf+0xda/0x120 [ 692.086580][ T5294] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 692.088002][T17029] should_fail_ex+0x3b0/0x4e0 [ 692.104732][T17029] _copy_to_user+0x2f/0xb0 [ 692.107168][ T5294] usb 4-1: USB disconnect, device number 109 [ 692.109186][T17029] simple_read_from_buffer+0xca/0x150 [ 692.109239][T17029] proc_fail_nth_read+0x1e9/0x250 [ 692.125773][T17029] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 692.131385][T17029] ? rw_verify_area+0x55e/0x6f0 [ 692.136297][T17029] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 692.141909][T17029] vfs_read+0x201/0xbc0 [ 692.146113][T17029] ? __pfx_lock_release+0x10/0x10 [ 692.151191][T17029] ? __pfx_vfs_read+0x10/0x10 [ 692.155897][T17029] ? __fget_files+0x3f3/0x470 [ 692.160595][T17029] ? __fdget_pos+0x24e/0x320 [ 692.165310][T17029] ksys_read+0x1a0/0x2c0 [ 692.169678][T17029] ? __pfx_ksys_read+0x10/0x10 [ 692.174490][T17029] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 692.181120][T17029] ? lockdep_hardirqs_on+0x99/0x150 [ 692.186349][T17029] __do_fast_syscall_32+0xb4/0x110 [ 692.191486][T17029] ? exc_page_fault+0x590/0x8c0 [ 692.196367][T17029] do_fast_syscall_32+0x34/0x80 [ 692.201242][T17029] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 692.207603][T17029] RIP: 0023:0xf7f33579 [ 692.211686][T17029] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 692.231311][T17029] RSP: 002b:00000000f56955a0 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 692.239750][T17029] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5695620 [ 692.247741][T17029] RDX: 000000000000000f RSI: 00000000f73bbff4 RDI: 0000000000000000 [ 692.255726][T17029] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 692.263713][T17029] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 692.271823][T17029] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 692.279919][T17029] [ 692.991859][T17051] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.003101][T17051] bridge_slave_0: left promiscuous mode [ 693.010660][T17051] bridge0: port 1(bridge_slave_0) entered disabled state [ 693.170350][ T35] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.393943][ T35] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.560519][ T35] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.733207][ T5230] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 693.745096][ T5230] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 693.773599][ T5230] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 693.787638][ T5230] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 693.795506][ T35] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 693.812212][ T5230] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 693.845492][ T5230] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 693.860914][ T5232] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 693.869711][ T5232] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 693.877101][ T5232] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 693.885220][ T5232] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 693.893516][ T5232] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 693.901962][ T5232] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 694.180929][ T5279] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 694.266008][ T35] bridge_slave_1: left allmulticast mode [ 694.280220][ T35] bridge_slave_1: left promiscuous mode [ 694.299632][ T35] bridge0: port 2(bridge_slave_1) entered disabled state [ 694.331540][ T35] bridge_slave_0: left allmulticast mode [ 694.347539][ T35] bridge_slave_0: left promiscuous mode [ 694.363735][ T35] bridge0: port 1(bridge_slave_0) entered disabled state [ 694.375526][ T5279] usb 3-1: Using ep0 maxpacket: 16 [ 694.396475][ T5279] usb 3-1: config 0 has no interfaces? [ 694.414867][ T5279] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 694.427793][ T5279] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 694.458405][ T5279] usb 3-1: Product: syz [ 694.490392][ T5279] usb 3-1: Manufacturer: syz [ 694.504227][ T5279] usb 3-1: SerialNumber: syz [ 694.538416][ T5279] r8152-cfgselector 3-1: Unknown version 0x0000 [ 694.549322][ T5279] r8152-cfgselector 3-1: config 0 descriptor?? [ 694.776992][T17073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 694.791955][T17073] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 694.815777][T17073] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 694.831454][T17073] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 694.888873][ T5279] r8152-cfgselector 3-1: USB disconnect, device number 97 [ 695.122574][T17102] sctp: [Deprecated]: syz.1.2633 (pid 17102) Use of int in max_burst socket option deprecated. [ 695.122574][T17102] Use struct sctp_assoc_value instead [ 695.572238][T17074] chnl_net:caif_netlink_parms(): no params data found [ 695.640869][ T936] usb 4-1: new high-speed USB device number 110 using dummy_hcd [ 695.642483][ T35] hsr_slave_0: left promiscuous mode [ 695.737437][ T35] hsr_slave_1: left promiscuous mode [ 695.758922][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 695.782025][ T35] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 695.799163][T17122] fuse: Bad value for 'fd' [ 695.811978][T17123] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 695.821299][ T936] usb 4-1: Using ep0 maxpacket: 32 [ 695.828443][ T936] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 695.845050][ T936] usb 4-1: New USB device found, idVendor=1ba6, idProduct=0001, bcdDevice=49.88 [ 695.855665][ T35] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 695.863635][T17123] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 695.874512][ T35] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 695.882848][T17125] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2637'. [ 695.889335][ T936] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 695.933778][ T936] usb 4-1: Product: syz [ 695.938014][ T936] usb 4-1: Manufacturer: syz [ 695.959895][ T5230] Bluetooth: hci3: command tx timeout [ 695.977591][ T936] usb 4-1: SerialNumber: syz [ 695.987170][ T35] veth1_macvtap: left promiscuous mode [ 696.005989][ T936] usb 4-1: config 0 descriptor?? [ 696.011552][ T35] veth0_macvtap: left promiscuous mode [ 696.017327][ T35] veth1_vlan: left promiscuous mode [ 696.066284][ T35] veth0_vlan: left promiscuous mode [ 696.197464][ T5232] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 696.211783][ T5232] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 696.221672][ T5232] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 696.232500][ T5232] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 696.241081][ T5232] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 696.250358][ T5232] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 697.347875][ T35] team0 (unregistering): Port device team_slave_1 removed [ 697.423734][ T35] team0 (unregistering): Port device team_slave_0 removed [ 698.049640][ T5232] Bluetooth: hci3: command tx timeout [ 698.157381][ T936] as10x_usb: device has been detected [ 698.168298][ T936] dvbdev: DVB: registering new adapter (Abilis Systems DVB-Titan) [ 698.221219][ T936] usb 4-1: DVB: registering adapter 1 frontend 0 (Abilis Systems DVB-Titan)... [ 698.244152][ T936] as10x_usb: error during firmware upload part1 [ 698.279113][ T936] Registered device Abilis Systems DVB-Titan [ 698.291509][ T936] usb 4-1: USB disconnect, device number 110 [ 698.296331][ T5232] Bluetooth: hci2: command tx timeout [ 698.332372][ T936] Unregistered device Abilis Systems DVB-Titan [ 698.337854][ T936] as10x_usb: device has been disconnected [ 698.584878][T17074] bridge0: port 1(bridge_slave_0) entered blocking state [ 698.618214][T17074] bridge0: port 1(bridge_slave_0) entered disabled state [ 698.627244][T17074] bridge_slave_0: entered allmulticast mode [ 698.634935][T17074] bridge_slave_0: entered promiscuous mode [ 698.704115][T17074] bridge0: port 2(bridge_slave_1) entered blocking state [ 698.746453][T17074] bridge0: port 2(bridge_slave_1) entered disabled state [ 698.784191][T17074] bridge_slave_1: entered allmulticast mode [ 698.819045][T17074] bridge_slave_1: entered promiscuous mode [ 699.124260][T17074] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 699.193929][T17074] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 699.393201][T17133] chnl_net:caif_netlink_parms(): no params data found [ 699.509191][T17074] team0: Port device team_slave_0 added [ 699.583886][T17074] team0: Port device team_slave_1 added [ 699.735256][T17074] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 699.742775][T17074] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 699.783747][T17074] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 699.798323][T17074] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 699.806785][T17074] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 699.833988][T17074] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 699.974677][T17133] bridge0: port 1(bridge_slave_0) entered blocking state [ 699.994706][T17133] bridge0: port 1(bridge_slave_0) entered disabled state [ 700.022125][T17133] bridge_slave_0: entered allmulticast mode [ 700.057369][T17133] bridge_slave_0: entered promiscuous mode [ 700.121062][ T5232] Bluetooth: hci3: command tx timeout [ 700.148292][T17133] bridge0: port 2(bridge_slave_1) entered blocking state [ 700.174765][T17133] bridge0: port 2(bridge_slave_1) entered disabled state [ 700.199177][T17133] bridge_slave_1: entered allmulticast mode [ 700.242978][T17133] bridge_slave_1: entered promiscuous mode [ 700.360296][ T5232] Bluetooth: hci2: command tx timeout [ 700.456975][ T5416] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.604174][T17074] hsr_slave_0: entered promiscuous mode [ 700.620399][T17074] hsr_slave_1: entered promiscuous mode [ 700.636110][T17074] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 700.646422][T17074] Cannot create hsr debugfs directory [ 700.750104][ T5294] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 700.755084][ T5416] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 700.924835][ T5294] usb 3-1: Using ep0 maxpacket: 16 [ 700.944096][ T5294] usb 3-1: config 0 has no interfaces? [ 700.963414][ T5294] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 700.980578][ T5294] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 700.991751][ T5294] usb 3-1: Product: syz [ 700.995977][ T5294] usb 3-1: Manufacturer: syz [ 701.010115][ T5294] usb 3-1: SerialNumber: syz [ 701.030332][ T5294] r8152-cfgselector 3-1: Unknown version 0x0000 [ 701.043005][ T5416] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 701.047920][ T5294] r8152-cfgselector 3-1: config 0 descriptor?? [ 701.159015][T17133] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 701.185778][T17133] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 701.234985][T17217] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2653'. [ 701.310859][T17192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 701.337325][ T5416] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 701.363366][T17192] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 701.410421][T17192] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 701.482940][T17192] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 701.533614][ T936] r8152-cfgselector 3-1: USB disconnect, device number 98 [ 701.549161][T17133] team0: Port device team_slave_0 added [ 701.598720][T17133] team0: Port device team_slave_1 added [ 701.688830][T17133] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 701.700588][T17133] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 701.733740][T17133] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 701.794969][T17133] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 701.812339][T17133] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 701.848736][T17133] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 702.200483][ T5232] Bluetooth: hci3: command tx timeout [ 702.214828][ T5416] bridge_slave_1: left allmulticast mode [ 702.227720][ T5416] bridge_slave_1: left promiscuous mode [ 702.239675][ T5416] bridge0: port 2(bridge_slave_1) entered disabled state [ 702.439553][ T5232] Bluetooth: hci2: command tx timeout [ 702.454929][T17245] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2661'. [ 702.503088][T17245] netlink: 24 bytes leftover after parsing attributes in process `syz.2.2661'. [ 702.830629][ T5277] usb 4-1: new high-speed USB device number 111 using dummy_hcd [ 702.990643][ T5277] usb 4-1: Using ep0 maxpacket: 8 [ 702.997629][ T5277] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 703.032199][ T5277] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 703.049490][ T5277] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 703.059752][ T5277] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 703.070820][ T5277] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 703.084266][ T5277] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 703.094522][ T5277] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 703.142947][ T5416] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 703.157642][ T5416] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 703.187150][ T5416] bond0 (unregistering): Released all slaves [ 703.205149][T17133] hsr_slave_0: entered promiscuous mode [ 703.213890][T17133] hsr_slave_1: entered promiscuous mode [ 703.223657][T17133] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 703.232302][T17133] Cannot create hsr debugfs directory [ 703.311794][ T5277] usb 4-1: usb_control_msg returned -32 [ 703.317613][ T5277] usbtmc 4-1:16.0: can't read capabilities [ 703.327510][T17252] usb usb8: usbfs: process 17252 (syz.3.2664) did not claim interface 0 before use [ 703.654822][ T5416] hsr_slave_0: left promiscuous mode [ 703.663227][ T5416] hsr_slave_1: left promiscuous mode [ 703.671168][ T5416] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 703.679182][ T5416] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 703.696462][ T5416] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 703.704304][ T5416] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 703.733103][ T5416] veth1_macvtap: left promiscuous mode [ 703.738904][ T5416] veth0_macvtap: left promiscuous mode [ 703.759862][ T5416] veth1_vlan: left promiscuous mode [ 703.765350][ T5416] veth0_vlan: left promiscuous mode [ 704.066780][ T9] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 704.266739][ T9] usb 2-1: config index 0 descriptor too short (expected 9, got 0) [ 704.290021][ T9] usb 2-1: can't read configurations, error -22 [ 704.441543][ T9] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 704.525324][ T5232] Bluetooth: hci2: command tx timeout [ 704.577812][ T5416] team0 (unregistering): Port device team_slave_1 removed [ 704.603252][ T9] usb 2-1: config index 0 descriptor too short (expected 9, got 0) [ 704.622464][ T9] usb 2-1: can't read configurations, error -22 [ 704.636719][ T9] usb usb2-port1: attempt power cycle [ 704.671291][ T5416] team0 (unregistering): Port device team_slave_0 removed [ 705.003272][ T9] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 705.035922][ T9] usb 2-1: config index 0 descriptor too short (expected 9, got 0) [ 705.044589][ T9] usb 2-1: can't read configurations, error -22 [ 705.189767][ T9] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 705.234046][ T9] usb 2-1: config index 0 descriptor too short (expected 9, got 0) [ 705.256726][ T9] usb 2-1: can't read configurations, error -22 [ 705.263569][ T9] usb usb2-port1: unable to enumerate USB device [ 705.347768][T17267] bridge0: port 2(bridge_slave_1) entered disabled state [ 705.459007][T17074] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 705.562732][T17074] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 705.600660][T17074] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 705.614959][ T5279] usb 4-1: USB disconnect, device number 111 [ 705.634097][T17074] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 705.927751][T17074] 8021q: adding VLAN 0 to HW filter on device bond0 [ 706.018505][T17074] 8021q: adding VLAN 0 to HW filter on device team0 [ 706.046416][ T12] bridge0: port 1(bridge_slave_0) entered blocking state [ 706.053712][ T12] bridge0: port 1(bridge_slave_0) entered forwarding state [ 706.063364][ T5279] usb 4-1: new high-speed USB device number 112 using dummy_hcd [ 706.084131][ T5421] bridge0: port 2(bridge_slave_1) entered blocking state [ 706.091452][ T5421] bridge0: port 2(bridge_slave_1) entered forwarding state [ 706.133517][T17133] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 706.158371][T17133] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 706.194734][T17133] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 706.228536][T17133] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 706.240093][ T5279] usb 4-1: Using ep0 maxpacket: 32 [ 706.260603][ T5279] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 706.303390][ T5279] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 706.335620][ T5279] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 706.384301][ T5279] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 706.403391][T17074] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 706.419803][ T5279] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 706.448046][ T5279] usb 4-1: config 0 descriptor?? [ 706.479890][T17275] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 706.508347][ T5279] hub 4-1:0.0: USB hub found [ 706.621069][T17133] 8021q: adding VLAN 0 to HW filter on device bond0 [ 706.651496][T17074] veth0_vlan: entered promiscuous mode [ 706.694013][T17074] veth1_vlan: entered promiscuous mode [ 706.722240][ T5279] hub 4-1:0.0: 2 ports detected [ 706.756772][T17292] FAULT_INJECTION: forcing a failure. [ 706.756772][T17292] name failslab, interval 1, probability 0, space 0, times 0 [ 706.782235][T17292] CPU: 1 UID: 0 PID: 17292 Comm: syz.2.2673 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 706.792742][T17292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 706.797341][T17074] veth0_macvtap: entered promiscuous mode [ 706.802817][T17292] Call Trace: [ 706.802831][T17292] [ 706.802842][T17292] dump_stack_lvl+0x241/0x360 [ 706.802881][T17292] ? __pfx_dump_stack_lvl+0x10/0x10 [ 706.824923][T17292] ? __pfx__printk+0x10/0x10 [ 706.829582][T17292] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 706.835644][T17292] ? __pfx___might_resched+0x10/0x10 [ 706.841006][T17292] should_fail_ex+0x3b0/0x4e0 [ 706.845754][T17292] should_failslab+0xac/0x100 [ 706.848569][T17074] veth1_macvtap: entered promiscuous mode [ 706.850454][T17292] ? __alloc_skb+0x1c3/0x440 [ 706.850490][T17292] kmem_cache_alloc_node_noprof+0x71/0x320 [ 706.850527][T17292] __alloc_skb+0x1c3/0x440 [ 706.871495][T17292] ? __pfx___alloc_skb+0x10/0x10 [ 706.874555][T17133] 8021q: adding VLAN 0 to HW filter on device team0 [ 706.876465][T17292] ? netlink_autobind+0xd6/0x2f0 [ 706.888257][T17292] ? netlink_autobind+0x2b0/0x2f0 [ 706.893469][T17292] netlink_sendmsg+0x638/0xcb0 [ 706.898410][T17292] ? __pfx_netlink_sendmsg+0x10/0x10 [ 706.903850][T17292] ? __pfx_lock_release+0x10/0x10 [ 706.908952][T17292] ? aa_sock_msg_perm+0x91/0x160 [ 706.909807][T17074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 706.913943][T17292] ? __pfx_netlink_sendmsg+0x10/0x10 [ 706.925313][T17074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 706.929737][T17292] __sock_sendmsg+0x221/0x270 [ 706.929773][T17292] ____sys_sendmsg+0x52a/0x7e0 [ 706.929812][T17292] ? __pfx_____sys_sendmsg+0x10/0x10 [ 706.929859][T17292] __sys_sendmsg+0x2aa/0x390 [ 706.929894][T17292] ? __pfx___sys_sendmsg+0x10/0x10 [ 706.929925][T17292] ? vfs_write+0x7bf/0xc90 [ 706.930004][T17292] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 706.930035][T17292] ? lockdep_hardirqs_on+0x99/0x150 [ 706.930065][T17292] __do_fast_syscall_32+0xb4/0x110 [ 706.930096][T17292] ? exc_page_fault+0x590/0x8c0 [ 706.930133][T17292] do_fast_syscall_32+0x34/0x80 [ 706.930163][T17292] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 706.930195][T17292] RIP: 0023:0xf740d579 [ 706.930218][T17292] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 706.930240][T17292] RSP: 002b:00000000f56f656c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 706.930268][T17292] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000200002c0 [ 706.930285][T17292] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 706.930300][T17292] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 706.930315][T17292] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 707.066802][T17292] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 707.074811][T17292] [ 707.097292][T17074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.116764][T17074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.136513][T17074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.153362][T17074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.165649][T17074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.179884][T17074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.190450][T17074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 707.201865][T17074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.214066][T17074] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 707.231066][T17074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.242586][T17074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.254242][T17074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.265119][T17074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.275179][T17074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.285840][T17074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.295978][T17074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.309915][T17074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.324344][T17074] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 707.358571][T17074] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 707.401963][T17074] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 707.437975][ T1065] bridge0: port 1(bridge_slave_0) entered blocking state [ 707.445713][ T1065] bridge0: port 1(bridge_slave_0) entered forwarding state [ 707.476974][T17074] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.505328][T17074] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.528808][T17074] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.549415][T17074] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 707.592800][ T1065] bridge0: port 2(bridge_slave_1) entered blocking state [ 707.600184][ T1065] bridge0: port 2(bridge_slave_1) entered forwarding state [ 707.665354][ T5276] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 707.820971][ T5276] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 707.832864][ T5276] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 707.857356][ T5276] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 707.875317][ T5445] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 707.887284][ T5276] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 707.902260][ T5445] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 707.933861][ T5276] usb 2-1: SerialNumber: syz [ 707.947781][T17133] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 708.004672][ T5445] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 708.017712][ T5445] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 708.093051][T17133] veth0_vlan: entered promiscuous mode [ 708.143929][T17133] veth1_vlan: entered promiscuous mode [ 708.169977][ T5276] usb 2-1: 0:2 : does not exist [ 708.269081][T17133] veth0_macvtap: entered promiscuous mode [ 708.316505][T17133] veth1_macvtap: entered promiscuous mode [ 708.432871][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.489003][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.523500][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.567835][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.581322][T17324] netlink: 44 bytes leftover after parsing attributes in process `syz.0.2677'. [ 708.626435][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.637969][T17324] netlink: 43 bytes leftover after parsing attributes in process `syz.0.2677'. [ 708.658857][T17324] netlink: 'syz.0.2677': attribute type 5 has an invalid length. [ 708.667693][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.695504][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.710866][T17324] netlink: 43 bytes leftover after parsing attributes in process `syz.0.2677'. [ 708.749913][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.777310][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.794674][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.805587][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 708.831600][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.844806][T17133] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 708.892346][ T8] usb 2-1: USB disconnect, device number 99 [ 708.929132][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 708.951786][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 708.968284][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 709.003176][ T5280] hub 4-1:0.0: hub_ext_port_status failed (err = -32) [ 709.027843][ T5281] usb 4-1: USB disconnect, device number 112 [ 709.053571][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.077407][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 709.098103][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.118201][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 709.139185][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.186582][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 709.207578][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.227873][T17133] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 709.239152][T17133] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 709.294278][T17133] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 709.334309][T17133] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.354620][T17133] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.369968][T17133] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.388687][T17133] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 709.578457][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.586950][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 709.637279][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 709.646469][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 709.876609][T17364] bridge0: port 2(bridge_slave_1) entered disabled state [ 709.899016][T17368] fuse: Bad value for 'fd' [ 709.961032][ T5294] usb 4-1: new high-speed USB device number 113 using dummy_hcd [ 710.130297][ T5294] usb 4-1: Using ep0 maxpacket: 8 [ 710.131482][T17364] team_slave_1: entered promiscuous mode [ 710.145824][ T5294] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 710.155475][T17364] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 710.178592][ T5294] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 710.187360][T17364] bond0: (slave macvlan2): Enslaving as an active interface with a down link [ 710.215960][ T5294] usb 4-1: config 0 descriptor?? [ 710.742866][ T5294] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 710.790287][ T5294] asix 4-1:0.0: probe with driver asix failed with error -71 [ 710.845164][ T5294] usb 4-1: USB disconnect, device number 113 [ 710.926780][T17397] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2689'. [ 711.111491][T17401] trusted_key: encrypted_key: insufficient parameters specified [ 711.483599][T17420] sctp: [Deprecated]: syz.3.2694 (pid 17420) Use of struct sctp_assoc_value in delayed_ack socket option. [ 711.483599][T17420] Use struct sctp_sack_info instead [ 711.756439][T17430] bridge0: port 1(bridge_slave_0) entered disabled state [ 711.768865][T17435] fuse: Bad value for 'fd' [ 711.784400][T17430] bridge0: port 2(bridge_slave_1) entered disabled state [ 712.018085][ T5232] Bluetooth: hci2: unexpected cc 0x0c58 length: 4 > 2 [ 712.058329][T17430] team_slave_0: entered promiscuous mode [ 712.064157][T17430] team_slave_1: entered promiscuous mode [ 712.071991][T17430] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 712.082251][T17430] bond0: (slave macvlan2): Enslaving as an active interface with an up link [ 712.329518][T17414] syz.3.2694 (17414) used greatest stack depth: 16816 bytes left [ 712.689594][ T936] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 712.755057][T17463] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2710'. [ 712.779928][ T5294] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 712.869450][ T936] usb 2-1: Using ep0 maxpacket: 16 [ 712.883623][ T5279] usb 4-1: new high-speed USB device number 114 using dummy_hcd [ 712.901139][ T936] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 255, changing to 11 [ 712.927995][ T936] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 59369, setting to 1024 [ 712.953556][ T936] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 712.960272][ T5294] usb 5-1: Using ep0 maxpacket: 32 [ 712.970573][ T5294] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 712.972688][ T936] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 712.991382][ T936] usb 2-1: Product: syz [ 712.995604][ T936] usb 2-1: Manufacturer: syz [ 713.003873][ T5294] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 713.005621][T17467] binder: 17464:17467 ioctl c0306201 0 returned -14 [ 713.020197][ T936] usb 2-1: SerialNumber: syz [ 713.024211][ T5294] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 713.042822][ T936] usb 2-1: config 0 descriptor?? [ 713.051505][T17455] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 713.059947][ T5294] usb 5-1: Product: syz [ 713.069853][ T5294] usb 5-1: Manufacturer: syz [ 713.077271][ T936] usb 2-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 713.083718][ T5294] usb 5-1: SerialNumber: syz [ 713.096292][ T5279] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 713.125726][ T5279] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 713.163936][ T5279] usb 4-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00 [ 713.188280][ T5279] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 713.211800][ T5279] usb 4-1: config 0 descriptor?? [ 713.436588][ T5421] usb 2-1: Failed to submit usb control message: -71 [ 713.436861][ T5280] usb 2-1: USB disconnect, device number 100 [ 713.461546][ T5421] usb 2-1: unable to send the bmi data to the device: -71 [ 713.469150][ T5421] usb 2-1: unable to get target info from device [ 713.487402][ T5421] usb 2-1: could not get target info (-71) [ 713.494724][ T5421] usb 2-1: could not probe fw (-71) [ 713.587014][T17457] input: syz0 as /devices/virtual/input/input63 [ 713.653408][ T5279] asus 0003:0B05:1822.0028: item fetching failed at offset 5/7 [ 713.667261][ T5279] asus 0003:0B05:1822.0028: Asus hid parse failed: -22 [ 713.674712][ T5279] asus 0003:0B05:1822.0028: probe with driver asus failed with error -22 [ 713.878704][ T5280] usb 4-1: USB disconnect, device number 114 [ 714.232799][ T5294] cdc_ncm 5-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 714.239997][ T5294] cdc_ncm 5-1:1.0: dwNtbInMaxSize=16 is too small. Using 2048 [ 714.247825][ T5294] cdc_ncm 5-1:1.0: setting rx_max = 2048 [ 714.458799][T17474] openvswitch: netlink: Actions may not be safe on all matching packets [ 714.540643][T17477] fuse: Bad value for 'fd' [ 714.661147][T17476] team_slave_0: entered promiscuous mode [ 714.666964][T17476] team_slave_1: entered promiscuous mode [ 714.678659][T17476] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 714.688698][T17476] bond0: (slave macvlan0): Enslaving as an active interface with an up link [ 714.715754][ T5294] cdc_ncm 5-1:1.0: setting tx_max = 88 [ 714.742608][ T5294] cdc_ncm 5-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.4-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 714.767835][ T5294] usb 5-1: USB disconnect, device number 97 [ 714.798604][ T5294] cdc_ncm 5-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.4-1, CDC NCM (NO ZLP) [ 715.080225][T17491] sg_write: data in/out 8156/126 bytes for SCSI command 0x0-- guessing data in; [ 715.080225][T17491] program syz.0.2718 not setting count and/or reply_len properly [ 715.366677][T17496] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 715.727017][T17500] team0: Device gtp0 is of different type [ 716.046164][ T5232] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 716.057376][ T5232] Bluetooth: hci2: Injecting HCI hardware error event [ 716.071499][ T5232] Bluetooth: hci2: hardware error 0x00 [ 716.194203][T17506] vlan1: entered allmulticast mode [ 718.200014][ T5232] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 718.672814][T17517] fuse: Bad value for 'fd' [ 720.719262][ C0] sched: DL replenish lagged too much [ 736.449138][ T5230] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 736.476048][ T5230] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 736.633452][T11698] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 736.651758][T11698] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 736.665970][T11698] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 736.680420][T17532] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 736.692146][T17532] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 736.704232][T11698] Bluetooth: hci5: unexpected cc 0x0c25 length: 249 > 3 [ 736.712945][T11698] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 736.721878][T17532] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 736.747909][T17532] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 736.756271][T17532] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 736.822367][ T5230] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 736.867039][ T5230] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 736.883287][ T5230] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 736.893002][ T5230] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 736.903017][ T5230] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 736.912972][ T5230] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 737.153408][T17532] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 737.167279][T17532] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 737.182966][T17532] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 737.193391][T17532] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 737.203177][T17532] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 737.212308][T17532] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 737.382447][T17532] Bluetooth: hci7: unexpected cc 0x0c03 length: 249 > 1 [ 737.393947][T17532] Bluetooth: hci7: unexpected cc 0x1003 length: 249 > 9 [ 737.404179][T17532] Bluetooth: hci7: unexpected cc 0x1001 length: 249 > 9 [ 737.414958][T17532] Bluetooth: hci7: unexpected cc 0x0c23 length: 249 > 4 [ 737.424880][T17532] Bluetooth: hci7: unexpected cc 0x0c25 length: 249 > 3 [ 737.438083][T17532] Bluetooth: hci7: unexpected cc 0x0c38 length: 249 > 2 [ 738.840007][T17532] Bluetooth: hci5: command tx timeout [ 738.860839][ T5230] Bluetooth: hci1: command tx timeout [ 739.000101][ T5230] Bluetooth: hci6: command tx timeout [ 739.320013][ T5230] Bluetooth: hci4: command tx timeout [ 739.480222][ T5230] Bluetooth: hci7: command tx timeout [ 740.920145][T17532] Bluetooth: hci5: command tx timeout [ 740.927071][ T5230] Bluetooth: hci1: command tx timeout [ 741.080292][ T5230] Bluetooth: hci6: command tx timeout [ 741.399943][T17532] Bluetooth: hci4: command tx timeout [ 741.560680][T17532] Bluetooth: hci7: command tx timeout [ 743.000025][T17532] Bluetooth: hci1: command tx timeout [ 743.005512][T17532] Bluetooth: hci5: command tx timeout [ 743.160127][T17532] Bluetooth: hci6: command tx timeout [ 743.485451][T17532] Bluetooth: hci4: command tx timeout [ 743.640271][T17532] Bluetooth: hci7: command tx timeout [ 745.080221][ T5230] Bluetooth: hci1: command tx timeout [ 745.085739][T17532] Bluetooth: hci5: command tx timeout [ 745.242357][T17532] Bluetooth: hci6: command tx timeout [ 745.560056][T17532] Bluetooth: hci4: command tx timeout [ 745.719747][T17532] Bluetooth: hci7: command tx timeout [ 747.498508][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 747.506854][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 798.152674][ T5230] Bluetooth: hci8: unexpected cc 0x0c03 length: 249 > 1 [ 798.165764][ T5230] Bluetooth: hci8: unexpected cc 0x1003 length: 249 > 9 [ 798.176080][ T5230] Bluetooth: hci8: unexpected cc 0x1001 length: 249 > 9 [ 798.185162][ T5230] Bluetooth: hci8: unexpected cc 0x0c23 length: 249 > 4 [ 798.194859][ T5230] Bluetooth: hci8: unexpected cc 0x0c25 length: 249 > 3 [ 798.203398][ T5230] Bluetooth: hci8: unexpected cc 0x0c38 length: 249 > 2 [ 798.872971][T17532] Bluetooth: hci9: unexpected cc 0x0c03 length: 249 > 1 [ 798.885329][T17532] Bluetooth: hci9: unexpected cc 0x1003 length: 249 > 9 [ 798.895018][T17532] Bluetooth: hci9: unexpected cc 0x1001 length: 249 > 9 [ 798.912464][T17532] Bluetooth: hci9: unexpected cc 0x0c23 length: 249 > 4 [ 798.921554][T17532] Bluetooth: hci9: unexpected cc 0x0c25 length: 249 > 3 [ 798.929010][T17532] Bluetooth: hci9: unexpected cc 0x0c38 length: 249 > 2 [ 799.140041][T17532] Bluetooth: hci10: unexpected cc 0x0c03 length: 249 > 1 [ 799.155278][T17532] Bluetooth: hci10: unexpected cc 0x1003 length: 249 > 9 [ 799.170365][T17532] Bluetooth: hci10: unexpected cc 0x1001 length: 249 > 9 [ 799.181479][T17532] Bluetooth: hci10: unexpected cc 0x0c23 length: 249 > 4 [ 799.192728][T17532] Bluetooth: hci10: unexpected cc 0x0c25 length: 249 > 3 [ 799.210633][T17532] Bluetooth: hci10: unexpected cc 0x0c38 length: 249 > 2 [ 799.261595][T11698] Bluetooth: hci11: unexpected cc 0x0c03 length: 249 > 1 [ 799.274596][T11698] Bluetooth: hci11: unexpected cc 0x1003 length: 249 > 9 [ 799.284701][T11698] Bluetooth: hci11: unexpected cc 0x1001 length: 249 > 9 [ 799.295603][T11698] Bluetooth: hci11: unexpected cc 0x0c23 length: 249 > 4 [ 799.331015][T11698] Bluetooth: hci11: unexpected cc 0x0c25 length: 249 > 3 [ 799.342383][T11698] Bluetooth: hci11: unexpected cc 0x0c38 length: 249 > 2 [ 799.558826][T17532] Bluetooth: hci12: unexpected cc 0x0c03 length: 249 > 1 [ 799.576485][T17532] Bluetooth: hci12: unexpected cc 0x1003 length: 249 > 9 [ 799.589149][T17532] Bluetooth: hci12: unexpected cc 0x1001 length: 249 > 9 [ 799.601370][T17532] Bluetooth: hci12: unexpected cc 0x0c23 length: 249 > 4 [ 799.610600][T17532] Bluetooth: hci12: unexpected cc 0x0c25 length: 249 > 3 [ 799.618302][T17532] Bluetooth: hci12: unexpected cc 0x0c38 length: 249 > 2 [ 800.359986][T17532] Bluetooth: hci8: command tx timeout [ 801.001244][T17532] Bluetooth: hci9: command tx timeout [ 801.401265][T11698] Bluetooth: hci10: command tx timeout [ 801.417220][T17532] Bluetooth: hci11: command tx timeout [ 801.720110][T17532] Bluetooth: hci12: command tx timeout [ 802.439938][T17532] Bluetooth: hci8: command tx timeout [ 803.080121][T17532] Bluetooth: hci9: command tx timeout [ 803.479997][T11698] Bluetooth: hci10: command tx timeout [ 803.487659][T17532] Bluetooth: hci11: command tx timeout [ 803.800732][T17532] Bluetooth: hci12: command tx timeout [ 804.526820][T17532] Bluetooth: hci8: command tx timeout [ 805.160006][T17532] Bluetooth: hci9: command tx timeout [ 805.559844][T17532] Bluetooth: hci11: command tx timeout [ 805.565840][T17532] Bluetooth: hci10: command tx timeout [ 805.879517][T17532] Bluetooth: hci12: command tx timeout [ 806.602487][T17532] Bluetooth: hci8: command tx timeout [ 807.240120][T17532] Bluetooth: hci9: command tx timeout [ 807.640164][T17532] Bluetooth: hci10: command tx timeout [ 807.645746][T17532] Bluetooth: hci11: command tx timeout [ 807.959908][T17532] Bluetooth: hci12: command tx timeout [ 808.925824][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 808.937698][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 816.127713][T17532] Bluetooth: hci3: command 0x0406 tx timeout [ 858.960672][ T5230] Bluetooth: hci13: unexpected cc 0x0c03 length: 249 > 1 [ 858.974425][ T5230] Bluetooth: hci13: unexpected cc 0x1003 length: 249 > 9 [ 858.984512][ T5230] Bluetooth: hci13: unexpected cc 0x1001 length: 249 > 9 [ 858.994649][ T5230] Bluetooth: hci13: unexpected cc 0x0c23 length: 249 > 4 [ 859.004738][ T5230] Bluetooth: hci13: unexpected cc 0x0c25 length: 249 > 3 [ 859.012899][ T5230] Bluetooth: hci13: unexpected cc 0x0c38 length: 249 > 2 [ 859.932906][ T5232] Bluetooth: hci14: unexpected cc 0x0c03 length: 249 > 1 [ 859.945625][ T5232] Bluetooth: hci14: unexpected cc 0x1003 length: 249 > 9 [ 859.961621][ T5232] Bluetooth: hci14: unexpected cc 0x1001 length: 249 > 9 [ 859.970697][ T5232] Bluetooth: hci14: unexpected cc 0x0c23 length: 249 > 4 [ 859.978473][ T5232] Bluetooth: hci14: unexpected cc 0x0c25 length: 249 > 3 [ 859.987144][ T5232] Bluetooth: hci14: unexpected cc 0x0c38 length: 249 > 2 [ 860.382864][T17581] Bluetooth: hci15: unexpected cc 0x0c03 length: 249 > 1 [ 860.395270][T17581] Bluetooth: hci15: unexpected cc 0x1003 length: 249 > 9 [ 860.409953][T17581] Bluetooth: hci15: unexpected cc 0x1001 length: 249 > 9 [ 860.418831][T17581] Bluetooth: hci15: unexpected cc 0x0c23 length: 249 > 4 [ 860.427840][T17581] Bluetooth: hci15: unexpected cc 0x0c25 length: 249 > 3 [ 860.435963][T17581] Bluetooth: hci15: unexpected cc 0x0c38 length: 249 > 2 [ 860.532268][T17584] Bluetooth: hci16: unexpected cc 0x0c03 length: 249 > 1 [ 860.543277][T17584] Bluetooth: hci16: unexpected cc 0x1003 length: 249 > 9 [ 860.552562][T17584] Bluetooth: hci16: unexpected cc 0x1001 length: 249 > 9 [ 860.561373][T17584] Bluetooth: hci16: unexpected cc 0x0c23 length: 249 > 4 [ 860.570812][T17584] Bluetooth: hci16: unexpected cc 0x0c25 length: 249 > 3 [ 860.583115][T17584] Bluetooth: hci16: unexpected cc 0x0c38 length: 249 > 2 [ 860.653286][T17589] Bluetooth: hci17: unexpected cc 0x0c03 length: 249 > 1 [ 860.664897][T17589] Bluetooth: hci17: unexpected cc 0x1003 length: 249 > 9 [ 860.674708][T17589] Bluetooth: hci17: unexpected cc 0x1001 length: 249 > 9 [ 860.684069][T17589] Bluetooth: hci17: unexpected cc 0x0c23 length: 249 > 4 [ 860.694776][T17589] Bluetooth: hci17: unexpected cc 0x0c25 length: 249 > 3 [ 860.745706][T17589] Bluetooth: hci17: unexpected cc 0x0c38 length: 249 > 2 [ 862.367647][T17581] Bluetooth: hci5: command 0x0406 tx timeout [ 862.385875][T17581] Bluetooth: hci1: command 0x0406 tx timeout [ 862.409795][T17581] Bluetooth: hci6: command 0x0406 tx timeout [ 862.415881][T17581] Bluetooth: hci4: command 0x0406 tx timeout [ 862.422580][T17581] Bluetooth: hci7: command 0x0406 tx timeout [ 863.967617][ T30] INFO: task syz.4.2720:17495 blocked for more than 143 seconds. [ 864.000024][ T30] Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 864.007474][ T30] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 864.047407][ T30] task:syz.4.2720 state:D stack:23776 pid:17495 tgid:17495 ppid:17133 flags:0x20004004 [ 864.097454][ T30] Call Trace: [ 864.109115][ T30] [ 864.179958][ T30] __schedule+0x1895/0x4b30 [ 864.184684][ T30] ? __pfx___schedule+0x10/0x10 [ 864.255570][ T30] ? __pfx_lock_release+0x10/0x10 [ 864.277160][ T30] ? __mutex_trylock_common+0x92/0x2e0 [ 864.284177][ T30] ? schedule+0x90/0x320 [ 864.288517][ T30] schedule+0x14b/0x320 [ 864.304787][ T30] schedule_preempt_disabled+0x13/0x30 [ 864.314878][ T30] __mutex_lock+0x6a7/0xd70 [ 864.325351][ T30] ? __mutex_lock+0x52a/0xd70 [ 864.334597][ T30] ? usbdev_release+0x77/0x7a0 [ 864.345060][ T30] ? __pfx___mutex_lock+0x10/0x10 [ 864.355829][ T30] ? __fsnotify_parent+0x20c/0x5e0 [ 864.368898][ T30] ? __pfx___fsnotify_parent+0x10/0x10 [ 864.379880][ T30] usbdev_release+0x77/0x7a0 [ 864.384558][ T30] ? evm_file_release+0x13d/0x1c0 [ 864.401085][ T30] ? __pfx_usbdev_release+0x10/0x10 [ 864.406374][ T30] __fput+0x23f/0x880 [ 864.418746][ T30] task_work_run+0x24f/0x310 [ 864.425575][ T30] ? __pfx_task_work_run+0x10/0x10 [ 864.438694][ T30] ? syscall_exit_to_user_mode+0xa3/0x370 [ 864.446784][ T30] syscall_exit_to_user_mode+0x168/0x370 [ 864.460945][ T30] __do_fast_syscall_32+0xc4/0x110 [ 864.466244][ T30] ? exc_page_fault+0x590/0x8c0 [ 864.479345][ T30] do_fast_syscall_32+0x34/0x80 [ 864.484273][ T30] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 864.497381][ T30] RIP: 0023:0xf746d579 [ 864.506945][ T30] RSP: 002b:00000000f75bfb1c EFLAGS: 00000206 ORIG_RAX: 00000000000001b4 [ 864.520006][ T30] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 000000000000001e [ 864.528235][ T30] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 864.547051][ T30] RBP: 000000000000048e R08: 0000000000000000 R09: 0000000000000000 [ 864.557472][ T30] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 864.576669][ T30] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 864.588180][ T30] [ 864.598282][ T30] [ 864.598282][ T30] Showing all locks held in the system: [ 864.619780][ T30] 4 locks held by kworker/u8:1/12: [ 864.625060][ T30] #0: ffff88801baed948 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 864.645303][ T30] #1: ffffc90000117d00 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 864.669804][ T30] #2: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: cleanup_net+0x16a/0xcc0 [ 864.694459][ T30] #3: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: ppp_exit_net+0xe3/0x3d0 [ 864.714609][ T30] 1 lock held by khungtaskd/30: [ 864.724073][ T30] #0: ffffffff8e937ee0 (rcu_read_lock){....}-{1:2}, at: debug_show_all_locks+0x55/0x2a0 [ 864.740226][ T30] 2 locks held by kworker/u8:2/35: [ 864.745535][ T30] 3 locks held by kworker/u8:5/1065: [ 864.759868][ T30] #0: ffff88802dda4148 ((wq_completion)ipv6_addrconf){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 864.779364][ T30] #1: ffffc90003c47d00 ((work_completion)(&(&net->ipv6.addr_chk_work)->work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 864.802702][ T30] #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: addrconf_verify_work+0x19/0x30 [ 864.819915][ T30] 3 locks held by kworker/1:2/2635: [ 864.825220][ T30] #0: ffff88801ac81948 ((wq_completion)events_power_efficient){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 864.851596][ T30] #1: ffffc90008fb7d00 ((reg_check_chans).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 864.872776][ T30] #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: reg_check_chans_work+0x99/0xfd0 [ 864.888465][ T30] 2 locks held by getty/4980: [ 864.897718][ T30] #0: ffff8880321120a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 864.919978][ T30] #1: ffffc90002f062f0 (&ldata->atomic_read_lock){+.+.}-{3:3}, at: n_tty_read+0x6a6/0x1e00 [ 864.944760][ T30] 5 locks held by kworker/u9:3/5230: [ 864.953511][ T30] #0: ffff8880672c3948 ((wq_completion)hci7){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 864.976642][ T30] #1: ffffc90003e17d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 864.998490][ T30] #2: ffff8880410b0d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 865.024617][ T30] #3: ffff8880410b0078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 865.044828][ T30] #4: ffffffff8fe379a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x15d/0x300 [ 865.058325][ T30] 4 locks held by kworker/u9:4/5232: [ 865.069992][ T30] #0: ffff8880a6661148 ((wq_completion)hci14#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 865.099710][ T30] #1: ffffc90003e37d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 865.122183][ T30] #2: ffff8880a7448078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 865.144918][ T30] #3: ffffffff8fe379a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 865.169923][ T30] 6 locks held by kworker/0:3/5276: [ 865.175377][ T30] 2 locks held by kworker/0:5/5279: [ 865.190005][ T30] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 865.211400][ T30] #1: ffffc900043afd00 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 865.231837][ T30] 3 locks held by kworker/0:6/5280: [ 865.237115][ T30] 3 locks held by kworker/1:6/5294: [ 865.257766][ T30] #0: ffff88801ac80948 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 865.280155][ T30] #1: ffffc9000449fd00 (deferred_process_work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 865.301369][ T30] #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: switchdev_deferred_process_work+0xe/0x20 [ 865.323260][ T30] 3 locks held by kworker/u8:10/5416: [ 865.328707][ T30] #0: ffff88801ac89148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 865.351725][ T30] #1: ffffc90009087d00 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 865.373030][ T30] #2: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: linkwatch_event+0xe/0x60 [ 865.389810][ T30] 5 locks held by kworker/u9:0/11698: [ 865.395348][ T30] #0: ffff88804d5b8948 ((wq_completion)hci3){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 865.421710][ T30] #1: ffffc900087b7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 865.443591][ T30] #2: ffff888028bd0d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 865.458925][ T30] #3: ffff888028bd0078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 865.479780][ T30] #4: ffffffff8fe379a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x15d/0x300 [ 865.499037][ T30] 1 lock held by syz.3.2628/17078: [ 865.505129][ T30] #0: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: tun_chr_close+0x3b/0x1b0 [ 865.519877][ T30] 1 lock held by syz.4.2720/17495: [ 865.526567][ T30] #0: ffff8881447b7190 (&dev->mutex){....}-{3:3}, at: usbdev_release+0x77/0x7a0 [ 865.546955][ T30] 1 lock held by syz.1.2724/17504: [ 865.555548][ T30] 4 locks held by kworker/u9:1/17532: [ 865.572596][ T30] #0: ffff888098aff948 ((wq_completion)hci13#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 865.594882][ T30] #1: ffffc9000d247d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 865.617460][ T30] #2: ffff888079268078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 865.638874][ T30] #3: ffffffff8fe379a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 865.661911][ T30] 5 locks held by kworker/u9:2/17533: [ 865.667355][ T30] #0: ffff88804e5de148 ((wq_completion)hci4#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 865.690915][ T30] #1: ffffc9000d187d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 865.713100][ T30] #2: ffff8880244c4d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 865.736193][ T30] #3: ffff8880244c4078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 865.757040][ T30] #4: ffffffff8fe379a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x15d/0x300 [ 865.767955][ T30] 2 locks held by syz-executor/17536: [ 865.779679][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 865.798063][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 865.819954][ T30] 2 locks held by syz-executor/17537: [ 865.825407][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 865.846703][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 865.867768][ T30] 2 locks held by syz-executor/17539: [ 865.874985][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 865.889788][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 865.908786][ T30] 2 locks held by syz-executor/17542: [ 865.915162][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 865.936971][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 865.957178][ T30] 2 locks held by syz-executor/17544: [ 865.968261][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 865.987874][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 865.999093][ T30] 1 lock held by dhcpcd/17548: [ 866.013844][ T30] #0: ffff8880222a2258 (sk_lock-AF_PACKET){+.+.}-{0:0}, at: packet_do_bind+0x32/0xcb0 [ 866.030975][ T30] 2 locks held by syz-executor/17557: [ 866.049120][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 866.068736][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 866.088983][ T30] 2 locks held by syz-executor/17559: [ 866.094816][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 866.113665][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 866.128902][ T30] 2 locks held by syz-executor/17563: [ 866.147186][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 866.166750][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 866.187245][ T30] 2 locks held by syz-executor/17564: [ 866.194502][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 866.214861][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 866.234793][ T30] 2 locks held by syz-executor/17566: [ 866.245008][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 866.266765][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 866.287592][ T30] 2 locks held by syz-executor/17574: [ 866.295210][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 866.315779][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 866.335859][ T30] 2 locks held by syz-executor/17577: [ 866.344972][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 866.367306][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 866.388294][ T30] 5 locks held by kworker/u9:5/17578: [ 866.394607][ T30] #0: ffff88807375e948 ((wq_completion)hci6){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 866.409258][ T30] #1: ffffc9000364fd00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 866.432138][ T30] #2: ffff88807c254d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 866.455413][ T30] #3: ffff88807c254078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 866.468822][ T30] #4: ffffffff8fe379a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x15d/0x300 [ 866.491655][ T30] 5 locks held by kworker/u9:6/17579: [ 866.497099][ T30] #0: ffff888061933148 ((wq_completion)hci1#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 866.517216][ T30] #1: ffffc90003ed7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 866.539779][ T30] #2: ffff888062238d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 866.562179][ T30] #3: ffff888062238078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 866.581856][ T30] #4: ffffffff8fe379a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x15d/0x300 [ 866.606397][ T30] 5 locks held by kworker/u9:7/17580: [ 866.615253][ T30] #0: ffff888073536948 ((wq_completion)hci5){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 866.636142][ T30] #1: ffffc90003df7d00 ((work_completion)(&hdev->cmd_sync_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 866.659764][ T30] #2: ffff8880548a4d80 (&hdev->req_lock){+.+.}-{3:3}, at: hci_cmd_sync_work+0x1ec/0x400 [ 866.679825][ T30] #3: ffff8880548a4078 (&hdev->lock){+.+.}-{3:3}, at: hci_abort_conn_sync+0x1ea/0xde0 [ 866.702496][ T30] #4: ffffffff8fe379a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_conn_failed+0x15d/0x300 [ 866.719892][ T30] 4 locks held by kworker/u9:9/17582: [ 866.725422][ T30] #0: ffff8880a7a36948 ((wq_completion)hci15#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 866.745264][ T30] #1: ffffc90003cafd00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 866.771932][ T30] #2: ffff888099c48078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 866.790179][ T30] #3: ffffffff8fe379a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 866.811719][ T30] 4 locks held by kworker/u9:10/17584: [ 866.817240][ T30] #0: ffff8880a7cb7148 ((wq_completion)hci16#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 866.839755][ T30] #1: ffffc90003b17d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 866.862581][ T30] #2: ffff8880a7d60078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 866.878613][ T30] #3: ffffffff8fe379a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 866.901315][ T30] 2 locks held by syz-executor/17585: [ 866.906890][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 866.930349][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 866.949935][ T30] 4 locks held by kworker/u9:12/17589: [ 866.957972][ T30] #0: ffff8880a7df4948 ((wq_completion)hci17#2){+.+.}-{0:0}, at: process_scheduled_works+0x93b/0x1850 [ 866.980607][ T30] #1: ffffc90003807d00 ((work_completion)(&hdev->rx_work)){+.+.}-{0:0}, at: process_scheduled_works+0x976/0x1850 [ 867.000113][ T30] #2: ffff8880904b8078 (&hdev->lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x97/0xaf0 [ 867.022188][ T30] #3: ffffffff8fe379a8 (hci_cb_list_lock){+.+.}-{3:3}, at: hci_remote_features_evt+0x4c3/0xaf0 [ 867.043783][ T30] 2 locks held by syz-executor/17590: [ 867.053930][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 867.074426][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 867.099763][ T30] 2 locks held by syz-executor/17591: [ 867.105231][ T30] #0: ffffffff8fcbe6d0 (pernet_ops_rwsem){++++}-{3:3}, at: copy_net_ns+0x328/0x570 [ 867.123690][ T30] #1: ffffffff8fccb1c8 (rtnl_mutex){+.+.}-{3:3}, at: register_nexthop_notifier+0x84/0x290 [ 867.145743][ T30] [ 867.148134][ T30] ============================================= [ 867.148134][ T30] [ 867.180023][ T30] NMI backtrace for cpu 1 [ 867.184449][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 867.194921][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 867.205023][ T30] Call Trace: [ 867.208337][ T30] [ 867.211304][ T30] dump_stack_lvl+0x241/0x360 [ 867.216035][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 867.221284][ T30] ? __pfx__printk+0x10/0x10 [ 867.226020][ T30] nmi_cpu_backtrace+0x49c/0x4d0 [ 867.231275][ T30] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 867.236784][ T30] ? _printk+0xd5/0x120 [ 867.240991][ T30] ? __pfx__printk+0x10/0x10 [ 867.245725][ T30] ? __wake_up_klogd+0xcc/0x110 [ 867.250649][ T30] ? __pfx__printk+0x10/0x10 [ 867.255297][ T30] ? __rcu_read_unlock+0xa1/0x110 [ 867.260388][ T30] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 867.266421][ T30] nmi_trigger_cpumask_backtrace+0x198/0x320 [ 867.272463][ T30] watchdog+0xff4/0x1040 [ 867.276759][ T30] ? watchdog+0x1ea/0x1040 [ 867.281228][ T30] ? __pfx_watchdog+0x10/0x10 [ 867.286057][ T30] kthread+0x2f0/0x390 [ 867.290166][ T30] ? __pfx_watchdog+0x10/0x10 [ 867.294893][ T30] ? __pfx_kthread+0x10/0x10 [ 867.299526][ T30] ret_from_fork+0x4b/0x80 [ 867.303989][ T30] ? __pfx_kthread+0x10/0x10 [ 867.308614][ T30] ret_from_fork_asm+0x1a/0x30 [ 867.313462][ T30] [ 867.317770][ T30] Sending NMI from CPU 1 to CPUs 0: [ 867.324048][ C0] NMI backtrace for cpu 0 [ 867.324063][ C0] CPU: 0 UID: 0 PID: 5276 Comm: kworker/0:3 Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 867.324086][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 867.324099][ C0] Workqueue: wg-crypt-wg2 wg_packet_decrypt_worker [ 867.324135][ C0] RIP: 0010:__sanitizer_cov_trace_pc+0x20/0x70 [ 867.324162][ C0] Code: 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 c0 d7 03 00 65 8b 15 00 1e 6f 7e 81 e2 00 01 ff 00 74 11 <81> fa 00 01 00 00 75 35 83 b9 1c 16 00 00 00 74 2c 8b 91 f8 15 00 [ 867.324179][ C0] RSP: 0018:ffffc90000006f78 EFLAGS: 00000206 [ 867.324195][ C0] RAX: ffffffff8a4654b2 RBX: 000000000000264e RCX: ffff888061679e00 [ 867.324210][ C0] RDX: 0000000000000100 RSI: 8e853b99eddb45eb RDI: 1000000000000000 [ 867.324224][ C0] RBP: ffffc90000007050 R08: ffffffff8a465348 R09: 1ffff1100f1e715c [ 867.324238][ C0] R10: dffffc0000000000 R11: ffffed100f1e715d R12: 0000000094b86bb2 [ 867.324252][ C0] R13: 2e0c618323cd3784 R14: 0000000000000000 R15: 000000001000264e [ 867.324265][ C0] FS: 0000000000000000(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 867.324282][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 867.324295][ C0] CR2: 000000000c2ff147 CR3: 000000000e734000 CR4: 00000000003506f0 [ 867.324311][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 867.324323][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 867.324335][ C0] Call Trace: [ 867.324342][ C0] [ 867.324350][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 867.324379][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 867.324408][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 867.324435][ C0] ? nmi_handle+0x2a/0x5a0 [ 867.324470][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 867.324496][ C0] ? nmi_handle+0x14f/0x5a0 [ 867.324514][ C0] ? nmi_handle+0x2a/0x5a0 [ 867.324533][ C0] ? __sanitizer_cov_trace_pc+0x20/0x70 [ 867.324556][ C0] ? default_do_nmi+0x63/0x160 [ 867.324584][ C0] ? exc_nmi+0x123/0x1f0 [ 867.324610][ C0] ? end_repeat_nmi+0xf/0x53 [ 867.324636][ C0] ? __cookie_v4_init_sequence+0xd8/0x520 [ 867.324658][ C0] ? __cookie_v4_init_sequence+0x242/0x520 [ 867.324682][ C0] ? __sanitizer_cov_trace_pc+0x20/0x70 [ 867.324705][ C0] ? __sanitizer_cov_trace_pc+0x20/0x70 [ 867.324729][ C0] ? __sanitizer_cov_trace_pc+0x20/0x70 [ 867.324753][ C0] [ 867.324760][ C0] [ 867.324766][ C0] __cookie_v4_init_sequence+0x242/0x520 [ 867.324791][ C0] ? __pfx___cookie_v4_init_sequence+0x10/0x10 [ 867.324815][ C0] ? __pfx___alloc_skb+0x10/0x10 [ 867.324838][ C0] ? skb_put+0x114/0x1f0 [ 867.324863][ C0] synproxy_send_client_synack+0x534/0xf30 [ 867.324890][ C0] ? __pfx_synproxy_send_client_synack+0x10/0x10 [ 867.324912][ C0] ? synproxy_pernet+0x45/0x270 [ 867.324934][ C0] nft_synproxy_eval_v4+0x3ca/0x610 [ 867.324958][ C0] ? __pfx_nft_synproxy_eval_v4+0x10/0x10 [ 867.324981][ C0] ? nf_ip_checksum+0x13a/0x500 [ 867.325005][ C0] nft_synproxy_do_eval+0x362/0xa60 [ 867.325029][ C0] ? __pfx_nft_synproxy_do_eval+0x10/0x10 [ 867.325053][ C0] ? __pfx_validate_chain+0x10/0x10 [ 867.325079][ C0] nft_do_chain+0x4ad/0x1da0 [ 867.325108][ C0] ? __pfx_nft_do_chain+0x10/0x10 [ 867.325128][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 867.325166][ C0] ? __pfx_nf_nat_inet_fn+0x10/0x10 [ 867.325192][ C0] nft_do_chain_inet+0x418/0x6b0 [ 867.325215][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 867.325235][ C0] ? ipt_do_table+0x312/0x1860 [ 867.325264][ C0] ? __pfx_nft_do_chain_inet+0x10/0x10 [ 867.325284][ C0] nf_hook_slow+0xc3/0x220 [ 867.325303][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 867.325330][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 867.325356][ C0] NF_HOOK+0x29e/0x450 [ 867.325383][ C0] ? NF_HOOK+0x9a/0x450 [ 867.325407][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 867.325433][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 867.325468][ C0] ? ip_rcv_finish+0x406/0x560 [ 867.325495][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 867.325521][ C0] NF_HOOK+0x3a4/0x450 [ 867.325545][ C0] ? __lock_acquire+0x1384/0x2050 [ 867.325572][ C0] ? NF_HOOK+0x9a/0x450 [ 867.325596][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 867.325621][ C0] ? ip_rcv_core+0x801/0xd10 [ 867.325647][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 867.325677][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 867.325702][ C0] __netif_receive_skb+0x2bf/0x650 [ 867.325732][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 867.325759][ C0] ? __pfx___netif_receive_skb+0x10/0x10 [ 867.325785][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 867.325812][ C0] ? __pfx_lock_release+0x10/0x10 [ 867.325839][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 867.325865][ C0] process_backlog+0x662/0x15b0 [ 867.325887][ C0] ? process_backlog+0x33b/0x15b0 [ 867.325909][ C0] ? __pfx_process_backlog+0x10/0x10 [ 867.325927][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 867.325955][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 867.325984][ C0] __napi_poll+0xcb/0x490 [ 867.326013][ C0] net_rx_action+0x89b/0x1240 [ 867.326042][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 867.326063][ C0] ? sched_clock+0x4a/0x70 [ 867.326092][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 867.326125][ C0] handle_softirqs+0x2c5/0x980 [ 867.326151][ C0] ? do_softirq+0x11b/0x1e0 [ 867.326175][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 867.326204][ C0] do_softirq+0x11b/0x1e0 [ 867.326225][ C0] [ 867.326232][ C0] [ 867.326239][ C0] ? __pfx_do_softirq+0x10/0x10 [ 867.326262][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 867.326289][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 867.326316][ C0] ? rcu_is_watching+0x15/0xb0 [ 867.326337][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 867.326361][ C0] ? wg_packet_decrypt_worker+0xcde/0xd80 [ 867.326390][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 867.326415][ C0] ? wg_packet_decrypt_worker+0x8b3/0xd80 [ 867.326447][ C0] wg_packet_decrypt_worker+0xcde/0xd80 [ 867.326489][ C0] ? __pfx_wg_packet_decrypt_worker+0x10/0x10 [ 867.326556][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 867.326584][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 867.326616][ C0] ? process_scheduled_works+0x976/0x1850 [ 867.326641][ C0] process_scheduled_works+0xa63/0x1850 [ 867.326679][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 867.326709][ C0] ? assign_work+0x364/0x3d0 [ 867.326735][ C0] worker_thread+0x870/0xd30 [ 867.326764][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 867.326786][ C0] ? __kthread_parkme+0x169/0x1d0 [ 867.326814][ C0] ? __pfx_worker_thread+0x10/0x10 [ 867.326839][ C0] kthread+0x2f0/0x390 [ 867.326856][ C0] ? __pfx_worker_thread+0x10/0x10 [ 867.326881][ C0] ? __pfx_kthread+0x10/0x10 [ 867.326898][ C0] ret_from_fork+0x4b/0x80 [ 867.326923][ C0] ? __pfx_kthread+0x10/0x10 [ 867.326940][ C0] ret_from_fork_asm+0x1a/0x30 [ 867.326974][ C0] [ 867.381558][ T30] Kernel panic - not syncing: hung_task: blocked tasks [ 867.381583][ T30] CPU: 1 UID: 0 PID: 30 Comm: khungtaskd Not tainted 6.11.0-syzkaller-08481-g88264981f208 #0 [ 867.381612][ T30] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 867.381629][ T30] Call Trace: [ 867.381640][ T30] [ 867.381651][ T30] dump_stack_lvl+0x241/0x360 [ 867.381691][ T30] ? __pfx_dump_stack_lvl+0x10/0x10 [ 867.381731][ T30] ? __pfx__printk+0x10/0x10 [ 867.381757][ T30] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 867.381801][ T30] ? vscnprintf+0x5d/0x90 [ 867.381839][ T30] panic+0x349/0x880 [ 867.381869][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 867.381907][ T30] ? __pfx_panic+0x10/0x10 [ 867.381934][ T30] ? tick_nohz_tick_stopped+0x82/0xb0 [ 867.381960][ T30] ? __irq_work_queue_local+0x137/0x410 [ 867.381992][ T30] ? preempt_schedule_thunk+0x1a/0x30 [ 867.382019][ T30] ? nmi_trigger_cpumask_backtrace+0x244/0x320 [ 867.382055][ T30] ? nmi_trigger_cpumask_backtrace+0x2d4/0x320 [ 867.382095][ T30] ? nmi_trigger_cpumask_backtrace+0x2d9/0x320 [ 867.382136][ T30] watchdog+0x1033/0x1040 [ 867.382171][ T30] ? watchdog+0x1ea/0x1040 [ 867.382208][ T30] ? __pfx_watchdog+0x10/0x10 [ 867.382240][ T30] kthread+0x2f0/0x390 [ 867.382264][ T30] ? __pfx_watchdog+0x10/0x10 [ 867.382295][ T30] ? __pfx_kthread+0x10/0x10 [ 867.382319][ T30] ret_from_fork+0x4b/0x80 [ 867.382353][ T30] ? __pfx_kthread+0x10/0x10 [ 867.382377][ T30] ret_from_fork_asm+0x1a/0x30 [ 867.382426][ T30] [ 868.154065][ T30] Kernel Offset: disabled [ 868.158424][ T30] Rebooting in 86400 seconds..