last executing test programs: 23.522391553s ago: executing program 4 (id=8970): ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a80)=ANY=[@ANYBLOB="5c0000001000030400000000fedbdf2500007400", @ANYRES32=r0, @ANYBLOB="00080000075005003c0012800b00010062726964676500002c00028005001900020000000c00230001000000000000000c0022000600000000f1160005002400010000008d70d53c8fc4f2703f7e67f4fa7e10bdceb568d89a29f2330eee934eb2ee6a007ccc5ccce0bb391686770644f937875ce405cb0627a27cba65a35d9f345ac707ff9321af9313525ad9945821f3af1a67dc39fbcd8f78bd1bdbad6a14b01073f670b7531a9329f23062d2b95bcde20b9f"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 23.250647473s ago: executing program 4 (id=8974): r0 = socket$inet(0x2, 0x3, 0x2) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000240)=@migrate={0xa0, 0x21, 0x1, 0x0, 0x0, {{@in=@dev={0xac, 0x14, 0x14, 0x50}, @in6=@remote}, 0x0, 0x2}, [@migrate={0x50, 0x11, [{@in=@multicast1, @in=@local, @in=@local, @in=@broadcast}]}]}, 0xa0}}, 0x0) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000040)={@multicast2, @local}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f0000000280)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @dev, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x20, 0x28, 0x64, 0x0, 0x0, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x80000002, 0x1000014}}}}}, 0x0) 22.959615845s ago: executing program 4 (id=8977): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001600)=@newqdisc={0xa4, 0x24, 0xf0b, 0x0, 0xfffffffc, {0x0, 0x0, 0x12, r2, {0x0, 0xffe0}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x74, 0x2, [@TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0xb}, @TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8, 0x0, 0xfffe, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffd]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x10, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}]}]}}]}, 0xa4}, 0x1, 0x0, 0x0, 0x20000001}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB, @ANYRES32, @ANYBLOB="0c00017238ee"], 0x24}, 0x1, 0x0, 0x0, 0x40000050}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000340)={'filter\x00', 0x7, 0x2, 0x408, 0x110, 0x0, 0x0, 0x320, 0x320, 0x320, 0x4, 0x0, {[{{@uncond, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@multicast, @mac=@local, @initdev={0xac, 0x1e, 0x0, 0x0}, @loopback}}}, {{@arp={@loopback, @multicast2, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@random}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'ipvlan0\x00', 'bond0\x00'}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@link_local, @empty, @empty, @local}}}, {{@arp={@private, @multicast1, 0x0, 0x0, 0x0, 0x0, {}, {@mac=@multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'veth0_to_team\x00', 'ipvlan0\x00'}, 0xc0, 0x100}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "7fe0262a2c3f61d8b01499b0a06dbe1103006325eb3b9094dcaad5273454"}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x49b) r5 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r5, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000380)=@newqdisc={0x34, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r6, {0x0, 0x4}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x4}}]}, 0x34}}, 0x0) 22.362922998s ago: executing program 4 (id=8980): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000800)={0x1f, 0x4, &(0x7f00000001c0)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x7b}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x11, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) readv(r1, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4) r2 = socket$kcm(0x2, 0xa, 0x2) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r0, 0x8983, &(0x7f0000000040)={0x0, 'syzkaller1\x00', {0x4}, 0x1}) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) 21.443038465s ago: executing program 4 (id=8989): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) bind$inet(r0, &(0x7f0000000400)={0x2, 0x4e23, @multicast1}, 0x10) sendmmsg$inet(r0, 0x0, 0x0, 0x4000) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000000000)={0x2, 0x24e23, @loopback}, 0x10) sendto$inet(r0, &(0x7f0000000440)='m', 0x1, 0x14000040, 0x0, 0x0) recvmmsg(r0, &(0x7f0000007f40)=[{{0x0, 0x0, 0x0}, 0x1}], 0x1, 0x40011140, 0x0) 21.177948374s ago: executing program 4 (id=8991): r0 = syz_usb_connect$hid(0x2, 0x49, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x5ac, 0x264, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x30, 0xf, [{{0x9, 0x4, 0x0, 0x0, 0x4, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0xfffa, 0x8, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc9}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000002c0)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0xa, {[@local=@item_4={0x3, 0x2, 0xa}, @global=@item_4={0x3, 0x1, 0x1, "93a0b815"}]}}, 0x0}, 0x0) 4.879173918s ago: executing program 1 (id=9107): prctl$PR_SET_NAME(0xf, &(0x7f0000000a00)='fdinfo/3\x00') 4.770350116s ago: executing program 1 (id=9108): syz_usb_connect(0x3, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000074020440fd07010099480102030109021b000100000000090400", @ANYRES32], 0x0) 2.769742887s ago: executing program 2 (id=9114): socket$nl_xfrm(0x10, 0x3, 0x6) r0 = socket$inet6(0xa, 0x3, 0x26) connect$inet6(r0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev={0xac, 0x14, 0x14, 0x15}, @in6=@loopback, 0x4e20, 0x0, 0x4e22, 0x0, 0xa}, {0x9, 0x0, 0x0, 0x800000, 0x0, 0x2, 0x0, 0x24}, {0x0, 0x4, 0x1}, 0x0, 0x0, 0x1, 0x0, 0x5, 0x2}, {{@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x800, 0x33}, 0xa, @in=@empty, 0x0, 0x0, 0x0, 0x4, 0xfffffffc, 0x4, 0x401}}, 0xe8) sendmmsg(r0, &(0x7f0000000480), 0x2e9, 0x0) 2.685988775s ago: executing program 2 (id=9115): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "fc7771", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x3, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 2.567361348s ago: executing program 2 (id=9116): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x8000, @empty, 0x3}, 0x1c) listen(r0, 0x3) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r1, 0x29, 0x3, &(0x7f00000002c0)=0x7, 0x4) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x1a, 0x0, 0x0) bind$inet6(r1, 0x0, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x240540c7, &(0x7f0000000200)={0xa, 0x4e22, 0x0, @loopback}, 0x1c) 2.482196667s ago: executing program 2 (id=9117): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x46, &(0x7f0000000c40)=0xfff, 0x4) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x40, 0x0, @dev={0xfe, 0x80, '\x00', 0x3c}, 0x7}, 0x1c) sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 2.404311383s ago: executing program 2 (id=9118): r0 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@delneigh={0x30, 0x1d, 0x1, 0x0, 0x0, {0x7, 0x0, 0x0, r2, 0x0, 0x96}, [@NDA_LLADDR={0xa, 0x2, @dev={'\xaa\xaa\xaa\xaa\xaa', 0xc}}, @NDA_VLAN={0x4, 0x5, 0x3}]}, 0x30}}, 0x800) 1.660202148s ago: executing program 1 (id=9121): open(&(0x7f0000000140)='./file0\x00', 0x2a4c0, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) socket(0x10, 0x3, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r1 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000083000000bf0900000000000055090100000000009500000800000000bf91000000000000b702000043e7b5538500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x10) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x10000000000003, 0xfffffffffffffffd, 0xffffffffffffffff, 0x0, 0x4, 0x8000000000000}, 0x0, &(0x7f0000000180)={0x3fe, 0x0, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000000), 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r0, 0xc0096616, 0x0) 1.484538566s ago: executing program 1 (id=9125): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000080)={@local, @empty, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "fc7771", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x3, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x0, 0x0, 0x0) 1.307133218s ago: executing program 0 (id=9127): mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000352000/0x1000)=nil, 0x1000, &(0x7f0000000080)='}\\.#\x00') prctl$PR_SET_VMA(0x53564d41, 0x0, &(0x7f0000350000/0x12000)=nil, 0x12000, &(0x7f0000000000)='/\xba\x00') 1.28676512s ago: executing program 2 (id=9128): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000009002c1011046e0088a30102030109021200010000000009048500"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000500)={0x2c, &(0x7f0000000340)={0x0, 0x8}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, &(0x7f0000000400)={0x44, &(0x7f00000001c0)={0x0, 0x31, 0xc, "b3bcb80b607646d9a1dff02a"}, &(0x7f0000000200)={0x0, 0xa, 0x1, 0x1}, &(0x7f0000000240)={0x0, 0x8, 0x1, 0x5}, &(0x7f0000000280)={0x20, 0x80, 0x1c, {0x4, 0x200, 0x6, 0xde, 0x1000, 0x8, 0x6, 0x4, 0xffcd, 0x7, 0x10, 0x1}}, &(0x7f00000002c0)={0x20, 0x85, 0x4, 0x2}, &(0x7f0000000300)={0x20, 0x83, 0x2, 0x1}, 0x0, 0x0}) 1.080678708s ago: executing program 0 (id=9129): r0 = open(&(0x7f0000000000)='./cgroup.cpu/cpuset.cpus\x00', 0x1a1342, 0x162) write$cgroup_subtree(r0, &(0x7f0000000680)=ANY=[@ANYBLOB="312d36a3"], 0x31) 1.021719991s ago: executing program 3 (id=9130): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x10) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) close(r2) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x13, 0x10, 0x8, 0x0, 0x0, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r3) r4 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x4e22, 0x0, @local, 0xb}, 0x1c) listen(r4, 0x0) syz_emit_ethernet(0x4e, &(0x7f00000002c0)={@local, @local, @val={@void, {0x8100, 0x0, 0x0, 0x2}}, {@ipv6={0x86dd, @tcp={0x0, 0x6, "001bae", 0x14, 0x6, 0x0, @ipv4={'\x00', '\xff\xff', @multicast2}, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x2, 0x5, 0xc2, 0x0, 0x0, 0x4}}}}}}}, 0x0) 998.666595ms ago: executing program 1 (id=9131): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) r0 = socket$inet(0x2, 0x2, 0x0) readv(r0, &(0x7f0000000700)=[{&(0x7f0000000800)=""/4096, 0x1000}, {&(0x7f0000002240)=""/4096, 0x1000}], 0x2) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e20, @empty}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x4, @void, @value}, 0x94) pipe(&(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r3 = socket$inet_udp(0x2, 0x2, 0x0) close(r3) r4 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r3, &(0x7f0000000140)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r4, &(0x7f0000000500)=[{{&(0x7f0000000080)={0x2, 0x4e20, @multicast1}, 0x10, 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB='p'], 0x70}}], 0x1, 0x2000c044) write$binfmt_misc(r2, &(0x7f0000000000), 0xfffffecc) splice(r1, 0x0, r3, 0x0, 0x7151, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) 922.183278ms ago: executing program 0 (id=9132): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, 0x0, 0x0) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)={0xd0, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x3c, 0x1, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @empty}, {0x14, 0x4, @mcast1}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TUPLE_REPLY={0x3c, 0x2, 0x0, 0x1, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @local}, {0x14, 0x4, @local}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5}}]}, @CTA_TIMEOUT={0x8}, @CTA_NAT_SRC={0x3c, 0x6, 0x0, 0x1, [@CTA_NAT_V6_MINIP={0x14, 0x4, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01'}, @CTA_NAT_PROTO={0x24, 0x3, 0x0, 0x1, [@CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e20}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e23}, @CTA_PROTONAT_PORT_MIN={0x6, 0x1, 0x4e22}]}]}]}, 0xd0}}, 0x0) 802.128959ms ago: executing program 3 (id=9133): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_int(r0, 0x29, 0x24, &(0x7f0000000440)=0x3, 0x4) syz_emit_ethernet(0x6e, &(0x7f0000000200)=ANY=[@ANYBLOB="0180c2000001a0725cdc403b86dd60cb800000383aff00000000000000000000ffffffffffffff0200"/53], 0x0) 685.635965ms ago: executing program 3 (id=9134): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMAXCID(r0, 0x40047451, &(0x7f0000000200)) pwritev(r0, &(0x7f0000000540)=[{&(0x7f00000003c0)='\x00!G', 0x3}], 0x1, 0x0, 0x0) 682.184286ms ago: executing program 0 (id=9135): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000180)={0x5c, 0x2, 0x6, 0x201, 0x0, 0x0, {}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT_TO={0x6}, @IPSET_ATTR_PORT={0x6}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_REVISION={0x5}]}, 0x5c}}, 0x0) 425.672135ms ago: executing program 0 (id=9136): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000004c0)=0x79, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f0000000000)='cdg\x00', 0xff25) sendmmsg$inet(r0, 0x0, 0x0, 0x2000c000) 313.897867ms ago: executing program 3 (id=9137): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r1 = socket$packet(0x11, 0x3, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000400)={0x1, 0xf, &(0x7f00000006c0)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x8, 0x0, 0x0, 0x0, 0x8000}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {}, {0x85, 0x0, 0x0, 0x84}}}, &(0x7f0000000380)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000040)=r2, 0x4) syz_emit_ethernet(0x4a, &(0x7f0000000180)=ANY=[], 0x0) 197.574979ms ago: executing program 0 (id=9138): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000080)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x44, 0x10, 0x40d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, 0x0, 0x12d44}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge_slave={{0x11}, {0xc, 0x5, 0x0, 0x1, [@IFLA_BRPORT_BACKUP_PORT={0x8}]}}}]}, 0x44}, 0x1, 0x0, 0x0, 0x4}, 0x4004040) 187.934701ms ago: executing program 3 (id=9139): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000140)={0xc, 0x17, &(0x7f0000000340)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x107a655, 0x0, 0x0, 0x0, 0x1}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x3}}, @ringbuf_query={{0x18, 0x1, 0x1, 0x0, r0}}], {{}, {}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r1, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) 52.089762ms ago: executing program 3 (id=9140): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000a80)=ANY=[@ANYBLOB="5c0000001000030400000000fedbdf2500007400", @ANYRES32=r1, @ANYBLOB="00080000075005003c0012800b00010062726964676500002c00028005001900020000000c0023000100000000"], 0x5c}, 0x1, 0x0, 0x0, 0x800}, 0x0) 0s ago: executing program 1 (id=9141): r0 = syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x862b01) r1 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') fcntl$setstatus(r1, 0x4, 0x2400) ioctl$EVIOCSFF(0xffffffffffffffff, 0x40304580, &(0x7f0000000240)={0x57, 0xffff, 0x0, {0x7, 0x1}, {0x50, 0x2}, @period={0x59, 0x7, 0xc1f, 0x6773, 0x8000, {0x9, 0x9, 0x1, 0x1}, 0x0, 0x0}}) write$char_usb(r0, &(0x7f0000000040)="e2", 0x2250) kernel console output (not intermixed with test programs): T22759] usb 3-1: can't read configurations, error -61 [ 2637.016692][T22759] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 2637.057327][T22759] usb 3-1: Using ep0 maxpacket: 8 [ 2637.088301][T22759] usb 3-1: too many configurations: 143, using maximum allowed: 8 [ 2637.220368][T22759] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 2637.246382][T22759] usb 3-1: can't read configurations, error -61 [ 2637.275315][T22759] usb usb3-port1: unable to enumerate USB device [ 2637.546300][T22759] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 2637.706832][T22759] usb 4-1: Using ep0 maxpacket: 32 [ 2637.717640][T22759] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2637.730586][T22759] usb 4-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 2637.753117][T22759] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2637.773219][T22759] usb 4-1: config 0 descriptor?? [ 2637.992367][ T1936] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2638.002735][ T1936] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2638.285938][ T1939] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2638.295564][ T1939] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2638.753823][ T1948] 8021q: adding VLAN 0 to HW filter on device bond11 [ 2640.483655][ T9] usb 4-1: USB disconnect, device number 48 [ 2640.706806][T22759] usb 3-1: new high-speed USB device number 121 using dummy_hcd [ 2641.304778][ T1970] syz.1.8130: attempt to access beyond end of device [ 2641.304778][ T1970] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 2641.426680][T22759] usb 3-1: Using ep0 maxpacket: 8 [ 2641.469491][T22759] usb 3-1: config 2 has an invalid interface number: 216 but max is 2 [ 2641.481834][T22759] usb 3-1: config 2 has an invalid interface number: 82 but max is 2 [ 2641.497187][T22759] usb 3-1: config 2 has an invalid interface number: 104 but max is 2 [ 2641.507998][T22759] usb 3-1: config 2 has an invalid interface number: 221 but max is 2 [ 2641.526728][T22759] usb 3-1: config 2 has 4 interfaces, different from the descriptor's value: 3 [ 2641.545877][T22759] usb 3-1: config 2 has no interface number 0 [ 2641.556532][T22759] usb 3-1: config 2 has no interface number 1 [ 2641.562759][T22759] usb 3-1: config 2 has no interface number 2 [ 2641.607982][T22759] usb 3-1: config 2 has no interface number 3 [ 2641.625905][T22759] usb 3-1: config 2 interface 216 altsetting 166 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 2641.640444][T22759] usb 3-1: config 2 interface 216 altsetting 166 has a duplicate endpoint with address 0x3, skipping [ 2641.652446][T22759] usb 3-1: config 2 interface 216 altsetting 166 has an invalid descriptor for endpoint zero, skipping [ 2641.667191][ T1982] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8135'. [ 2641.676820][T22759] usb 3-1: config 2 interface 216 altsetting 166 has an endpoint descriptor with address 0x6F, changing to 0xF [ 2641.697627][T22759] usb 3-1: config 2 interface 216 altsetting 166 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 2641.711851][T22759] usb 3-1: config 2 interface 216 altsetting 166 has a duplicate endpoint with address 0x3, skipping [ 2641.753286][T22759] usb 3-1: config 2 interface 82 altsetting 0 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 2641.766895][T22759] usb 3-1: config 2 interface 82 altsetting 0 has a duplicate endpoint with address 0x8, skipping [ 2641.778243][T22759] usb 3-1: config 2 interface 82 altsetting 0 has a duplicate endpoint with address 0x8, skipping [ 2641.789321][T22759] usb 3-1: config 2 interface 82 altsetting 0 has a duplicate endpoint with address 0xF, skipping [ 2641.800609][T22759] usb 3-1: config 2 interface 82 altsetting 0 has a duplicate endpoint with address 0x3, skipping [ 2641.822180][T22759] usb 3-1: config 2 interface 82 altsetting 0 has 9 endpoint descriptors, different from the interface descriptor's value: 10 [ 2641.856593][T22759] usb 3-1: too many endpoints for config 2 interface 104 altsetting 95: 61, using maximum allowed: 30 [ 2641.868174][T22759] usb 3-1: config 2 interface 104 altsetting 95 has an invalid descriptor for endpoint zero, skipping [ 2641.889542][T22759] usb 3-1: config 2 interface 104 altsetting 95 has 1 endpoint descriptor, different from the interface descriptor's value: 61 [ 2641.903256][T22759] usb 3-1: config 2 interface 216 has no altsetting 0 [ 2641.917653][T22759] usb 3-1: config 2 interface 104 has no altsetting 0 [ 2641.924571][T22759] usb 3-1: config 2 interface 221 has no altsetting 0 [ 2642.502217][T22759] usb 3-1: New USB device found, idVendor=0403, idProduct=ff3c, bcdDevice=b7.51 [ 2642.511910][T22759] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2642.520890][T22759] usb 3-1: Product: syz [ 2642.525099][T22759] usb 3-1: Manufacturer: 疙ꑢ譭뤃⢕쉥웖㝸ꟼ쓯葮縠胄乙癕풳ە镁ﲌ煜琎꫊光ܚ⹖ [ 2642.541269][T22759] usb 3-1: can't set config #2, error -71 [ 2642.556837][T22759] usb 3-1: USB disconnect, device number 121 [ 2642.653770][ T1986] 8021q: adding VLAN 0 to HW filter on device bond6 [ 2642.856743][T24999] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 2643.032817][T24999] usb 4-1: config 1 interface 0 altsetting 84 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2643.053926][T24999] usb 4-1: config 1 interface 0 has no altsetting 0 [ 2643.066924][T24999] usb 4-1: New USB device found, idVendor=05ac, idProduct=0263, bcdDevice= 0.40 [ 2643.076451][T24999] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2643.090482][T24999] usb 4-1: Product: syz [ 2643.094708][T24999] usb 4-1: Manufacturer: syz [ 2643.099954][T24999] usb 4-1: SerialNumber: syz [ 2643.381569][ T2007] usb usb8: usbfs: process 2007 (syz.3.8139) did not claim interface 0 before use [ 2643.499024][ T1994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2643.563859][ T1994] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2643.900732][ T2016] syz.4.8146: attempt to access beyond end of device [ 2643.900732][ T2016] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 2644.586764][ T605] usb 3-1: new high-speed USB device number 122 using dummy_hcd [ 2644.796360][ T605] usb 3-1: Using ep0 maxpacket: 16 [ 2644.818718][ T605] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2644.830720][ T605] usb 3-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 2644.844350][ T605] usb 3-1: config 0 interface 0 has no altsetting 0 [ 2644.851639][ T605] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 2644.868170][ T605] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2644.890705][ T605] usb 3-1: config 0 descriptor?? [ 2644.910821][ T605] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 2645.691749][T24999] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input68 [ 2645.888763][ T5182] bcm5974 4-1:1.0: could not read from device [ 2645.899455][T24999] usb 4-1: USB disconnect, device number 49 [ 2645.918686][ T5182] bcm5974 4-1:1.0: could not read from device [ 2646.283982][ T2039] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8153'. [ 2646.519497][T24999] usb 3-1: USB disconnect, device number 122 [ 2647.009821][ T2048] fuse: Unknown parameter 'fd0x0000000000000005' [ 2647.332215][ T2053] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8158'. [ 2647.504758][ T2056] fuse: Bad value for 'rootmode' [ 2649.691308][ T2095] fuse: Bad value for 'rootmode' [ 2651.680564][ T2117] netlink: 36 bytes leftover after parsing attributes in process `syz.0.8184'. [ 2651.931452][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 2651.948677][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 2653.189074][ T2145] 8021q: adding VLAN 0 to HW filter on device bond9 [ 2654.281975][ T2137] input: syz1 as /devices/virtual/input/input69 [ 2654.761952][ T2172] netlink: 144 bytes leftover after parsing attributes in process `syz.3.8201'. [ 2655.026536][ T5876] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 2655.166567][ T5876] usb 4-1: device descriptor read/64, error -71 [ 2655.417451][ T5876] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 2655.556359][ T5876] usb 4-1: device descriptor read/64, error -71 [ 2655.668510][ T5876] usb usb4-port1: attempt power cycle [ 2655.706539][T24999] usb 3-1: new high-speed USB device number 123 using dummy_hcd [ 2655.866601][T24999] usb 3-1: Using ep0 maxpacket: 16 [ 2655.873963][T24999] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2655.886919][T24999] usb 3-1: config 0 interface 0 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 2655.900213][T24999] usb 3-1: config 0 interface 0 has no altsetting 0 [ 2655.907242][T24999] usb 3-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 2655.916506][T24999] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2655.933010][T24999] usb 3-1: config 0 descriptor?? [ 2655.942096][T24999] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 2656.019114][ T5876] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 2656.047281][ T5876] usb 4-1: device descriptor read/8, error -71 [ 2656.157344][ T2180] batadv_slave_0: entered promiscuous mode [ 2656.173659][T24999] usb 3-1: USB disconnect, device number 123 [ 2656.269734][ T2183] fuse: Unknown parameter 'fd0x0000000000000005' [ 2656.298217][ T5876] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 2656.330378][ T5876] usb 4-1: device descriptor read/8, error -71 [ 2656.456928][ T5876] usb usb4-port1: unable to enumerate USB device [ 2657.066676][T22759] usb 3-1: new high-speed USB device number 124 using dummy_hcd [ 2657.236411][T22759] usb 3-1: Using ep0 maxpacket: 32 [ 2657.338710][T22759] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2657.359722][T22759] usb 3-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 2657.384275][T22759] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2657.397779][T22759] usb 3-1: config 0 descriptor?? [ 2657.914907][ T2187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2657.935571][ T2187] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2658.080742][ T2187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2658.091208][ T2187] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2658.301997][T22759] usb 3-1: USB disconnect, device number 124 [ 2659.694172][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 2659.694195][ T30] audit: type=1326 audit(1748665217.041:20953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2213 comm="syz.2.8218" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96539 code=0x7ffc0000 [ 2659.734860][ T30] audit: type=1326 audit(1748665217.041:20954): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2213 comm="syz.2.8218" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96539 code=0x7ffc0000 [ 2659.759537][ T30] audit: type=1326 audit(1748665217.041:20955): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2213 comm="syz.2.8218" exe="/root/syz-executor" sig=0 arch=40000003 syscall=298 compat=1 ip=0xf7f96539 code=0x7ffc0000 [ 2659.784951][ T30] audit: type=1326 audit(1748665217.041:20956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2213 comm="syz.2.8218" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96539 code=0x7ffc0000 [ 2659.811025][ T30] audit: type=1326 audit(1748665217.041:20957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2213 comm="syz.2.8218" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96539 code=0x7ffc0000 [ 2659.833880][ T30] audit: type=1326 audit(1748665217.041:20958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2213 comm="syz.2.8218" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f96539 code=0x7ffc0000 [ 2659.857422][ T30] audit: type=1326 audit(1748665217.041:20959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2213 comm="syz.2.8218" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96539 code=0x7ffc0000 [ 2659.882332][ T30] audit: type=1326 audit(1748665217.041:20960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2213 comm="syz.2.8218" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96539 code=0x7ffc0000 [ 2659.906328][ T30] audit: type=1326 audit(1748665217.051:20961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2213 comm="syz.2.8218" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7f96539 code=0x7ffc0000 [ 2659.929568][ T30] audit: type=1326 audit(1748665217.051:20962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2213 comm="syz.2.8218" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f96539 code=0x7ffc0000 [ 2661.096672][T24999] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 2661.279429][T24999] usb 4-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 2661.315370][T24999] usb 4-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 2661.340875][T24999] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 2661.359943][T24999] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2662.706690][T22759] usb 3-1: new high-speed USB device number 125 using dummy_hcd [ 2662.866362][T22759] usb 3-1: Using ep0 maxpacket: 32 [ 2662.873878][T22759] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 2662.882935][T22759] usb 3-1: config 0 has no interface number 0 [ 2662.889737][T22759] usb 3-1: config 0 interface 184 has no altsetting 0 [ 2662.902461][T22759] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 2662.912114][T22759] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2662.920661][T22759] usb 3-1: Product: syz [ 2662.924907][T22759] usb 3-1: Manufacturer: syz [ 2662.929765][T22759] usb 3-1: SerialNumber: syz [ 2662.943310][T22759] usb 3-1: config 0 descriptor?? [ 2662.964023][T22759] smsc75xx v1.0.0 [ 2662.968354][T22759] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 2662.980839][T22759] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -22 [ 2663.237406][ T2260] binder: 2258:2260 ioctl c0306201 80000100 returned -11 [ 2663.254988][ T2260] fuse: Invalid rootmode [ 2663.812951][T22759] usb 4-1: USB disconnect, device number 54 [ 2664.211070][ T2276] 8021q: adding VLAN 0 to HW filter on device bond8 [ 2664.396543][T22759] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 2664.546385][T22759] usb 4-1: Using ep0 maxpacket: 32 [ 2664.553906][T22759] usb 4-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 2664.563804][T22759] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2664.581417][T22759] usb 4-1: config 0 descriptor?? [ 2664.592115][T22759] usb 4-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state [ 2664.608890][T22759] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 2664.622757][T22759] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+) [ 2664.631268][T22759] usb 4-1: media controller created [ 2664.659791][T22759] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2664.693962][T22759] usb 4-1: selecting invalid altsetting 1 [ 2664.707954][T22759] set interface failed [ 2664.708036][T22759] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 2664.725298][T22759] error writing reg: 0xff, val: 0x00 [ 2664.802671][ T2280] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2664.853978][T22759] dvb_usb_mxl111sf 4-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 2664.868002][ T2280] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2665.028004][ T2284] 8021q: adding VLAN 0 to HW filter on device bond7 [ 2665.445760][ T2301] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8246'. [ 2665.458127][ T2302] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2665.584668][ T2302] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2666.756465][ T9874] usb 3-1: USB disconnect, device number 125 [ 2666.821706][ T2312] netlink: 144 bytes leftover after parsing attributes in process `syz.0.8250'. [ 2667.092625][ T2318] netlink: 144 bytes leftover after parsing attributes in process `syz.0.8261'. [ 2667.195515][T24999] usb 4-1: USB disconnect, device number 55 [ 2668.136384][T24999] usb 3-1: new high-speed USB device number 126 using dummy_hcd [ 2668.432379][T24999] usb 3-1: config 27 has an invalid descriptor of length 0, skipping remainder of the config [ 2668.443587][T24999] usb 3-1: config 27 has 0 interfaces, different from the descriptor's value: 1 [ 2668.459754][T24999] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 2668.470028][T24999] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2669.810003][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 2669.810022][ T30] audit: type=1326 audit(1748665227.161:20991): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2356 comm="syz.4.8265" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2669.861983][ T30] audit: type=1326 audit(1748665227.161:20992): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2356 comm="syz.4.8265" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2669.886013][ T30] audit: type=1326 audit(1748665227.171:20993): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2356 comm="syz.4.8265" exe="/root/syz-executor" sig=0 arch=40000003 syscall=298 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2669.911198][ T30] audit: type=1326 audit(1748665227.171:20994): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2356 comm="syz.4.8265" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2669.940913][ T30] audit: type=1326 audit(1748665227.171:20995): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2356 comm="syz.4.8265" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2670.002030][ T2362] netlink: 48 bytes leftover after parsing attributes in process `syz.0.8266'. [ 2670.004149][ T30] audit: type=1326 audit(1748665227.171:20996): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2356 comm="syz.4.8265" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2670.045368][ T30] audit: type=1326 audit(1748665227.171:20997): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2356 comm="syz.4.8265" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2670.071948][ T30] audit: type=1326 audit(1748665227.171:20998): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2356 comm="syz.4.8265" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2670.115841][ T30] audit: type=1326 audit(1748665227.171:20999): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2356 comm="syz.4.8265" exe="/root/syz-executor" sig=0 arch=40000003 syscall=361 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2670.141275][ T30] audit: type=1326 audit(1748665227.171:21000): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=2356 comm="syz.4.8265" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2670.663302][T22759] usb 3-1: USB disconnect, device number 126 [ 2670.732702][ T2373] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8272'. [ 2671.076973][ T2379] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8275'. [ 2671.085912][ T2379] netlink: 40 bytes leftover after parsing attributes in process `syz.1.8275'. [ 2671.495111][ T2391] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8279'. [ 2672.491202][ T2414] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 2672.766367][T24999] usb 3-1: new high-speed USB device number 127 using dummy_hcd [ 2672.896472][T24999] usb 3-1: device descriptor read/64, error -71 [ 2672.936892][T22759] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 2673.118499][T22759] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 2673.130059][T22759] usb 4-1: config 0 has no interface number 0 [ 2673.138980][T22759] usb 4-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 2673.146496][T24999] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 2673.153406][T22759] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2673.164266][T22759] usb 4-1: Product: syz [ 2673.168683][T22759] usb 4-1: Manufacturer: syz [ 2673.173328][T22759] usb 4-1: SerialNumber: syz [ 2673.181059][T22759] usb 4-1: config 0 descriptor?? [ 2673.276975][T24999] usb 3-1: device descriptor read/64, error -71 [ 2673.349209][ T2430] 8021q: adding VLAN 0 to HW filter on device bond10 [ 2673.396009][T22759] usb 4-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 2673.396748][T24999] usb usb3-port1: attempt power cycle [ 2673.418918][T22759] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 2673.430166][T22759] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 2673.439998][T22759] usb 4-1: media controller created [ 2673.462388][T22759] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2673.704295][ T2434] bond16: entered promiscuous mode [ 2673.710451][ T2434] bond16: entered allmulticast mode [ 2673.716870][ T2434] 8021q: adding VLAN 0 to HW filter on device bond16 [ 2673.749193][T24999] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 2673.798749][T24999] usb 3-1: device descriptor read/8, error -71 [ 2674.083125][ T2434] bond16 (unregistering): Released all slaves [ 2674.089875][T24999] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 2674.134184][T24999] usb 3-1: device descriptor read/8, error -71 [ 2674.238942][ T2447] FAULT_INJECTION: forcing a failure. [ 2674.238942][ T2447] name failslab, interval 1, probability 0, space 0, times 0 [ 2674.252330][ T2447] CPU: 0 UID: 0 PID: 2447 Comm: syz.1.8295 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 2674.252358][ T2447] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2674.252372][ T2447] Call Trace: [ 2674.252382][ T2447] [ 2674.252392][ T2447] dump_stack_lvl+0x189/0x250 [ 2674.252430][ T2447] ? __pfx____ratelimit+0x10/0x10 [ 2674.252453][ T2447] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2674.252487][ T2447] ? __pfx__printk+0x10/0x10 [ 2674.252526][ T2447] should_fail_ex+0x414/0x560 [ 2674.252555][ T2447] should_failslab+0xa8/0x100 [ 2674.252585][ T2447] kmem_cache_alloc_noprof+0x73/0x3c0 [ 2674.252614][ T2447] ? skb_clone+0x212/0x3a0 [ 2674.252651][ T2447] skb_clone+0x212/0x3a0 [ 2674.252686][ T2447] __netlink_deliver_tap+0x404/0x850 [ 2674.252729][ T2447] ? netlink_deliver_tap+0x2e/0x1b0 [ 2674.252769][ T2447] netlink_deliver_tap+0x19c/0x1b0 [ 2674.252799][ T2447] netlink_sendskb+0x68/0x140 [ 2674.252826][ T2447] rtnl_stats_get+0x521/0x6c0 [ 2674.252859][ T2447] ? __pfx_rtnl_stats_get+0x10/0x10 [ 2674.252899][ T2447] ? __pfx_rtnl_stats_get+0x10/0x10 [ 2674.252924][ T2447] rtnetlink_rcv_msg+0x77c/0xb70 [ 2674.252953][ T2447] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 2674.252978][ T2447] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2674.253000][ T2447] ? ref_tracker_free+0x63a/0x7d0 [ 2674.253025][ T2447] ? __copy_skb_header+0xa7/0x550 [ 2674.253058][ T2447] ? __pfx_ref_tracker_free+0x10/0x10 [ 2674.253095][ T2447] netlink_rcv_skb+0x208/0x470 [ 2674.253124][ T2447] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2674.253151][ T2447] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2674.253193][ T2447] ? netlink_deliver_tap+0x2e/0x1b0 [ 2674.253220][ T2447] ? netlink_deliver_tap+0x2e/0x1b0 [ 2674.253257][ T2447] netlink_unicast+0x75b/0x8d0 [ 2674.253300][ T2447] netlink_sendmsg+0x805/0xb30 [ 2674.253359][ T2447] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2674.253393][ T2447] ? aa_sock_msg_perm+0x94/0x160 [ 2674.253420][ T2447] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2674.253443][ T2447] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2674.253475][ T2447] __sock_sendmsg+0x21c/0x270 [ 2674.253502][ T2447] sock_write_iter+0x258/0x330 [ 2674.253528][ T2447] ? __pfx_sock_write_iter+0x10/0x10 [ 2674.253562][ T2447] ? bpf_lsm_file_permission+0x9/0x20 [ 2674.253587][ T2447] ? security_file_permission+0x75/0x290 [ 2674.253632][ T2447] vfs_write+0x548/0xa90 [ 2674.253663][ T2447] ? __pfx_sock_write_iter+0x10/0x10 [ 2674.253685][ T2447] ? __pfx_vfs_write+0x10/0x10 [ 2674.253725][ T2447] ? __fget_files+0x2a/0x420 [ 2674.253773][ T2447] ksys_write+0x145/0x250 [ 2674.253803][ T2447] ? __pfx_ksys_write+0x10/0x10 [ 2674.253831][ T2447] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2674.253856][ T2447] ? lockdep_hardirqs_on+0x9c/0x150 [ 2674.253882][ T2447] __do_fast_syscall_32+0xb6/0x2b0 [ 2674.253907][ T2447] ? lockdep_hardirqs_on+0x9c/0x150 [ 2674.253934][ T2447] do_fast_syscall_32+0x34/0x80 [ 2674.253958][ T2447] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2674.253985][ T2447] RIP: 0023:0xf705e539 [ 2674.254003][ T2447] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2674.254024][ T2447] RSP: 002b:00000000f504e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 2674.254047][ T2447] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000100 [ 2674.254062][ T2447] RDX: 000000000000001c RSI: 0000000000000000 RDI: 0000000000000000 [ 2674.254075][ T2447] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2674.254088][ T2447] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2674.254101][ T2447] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2674.254134][ T2447] [ 2674.567526][T22759] i2c i2c-1: ec100: i2c rd failed=-110 reg=33 [ 2674.573974][T24999] usb usb3-port1: unable to enumerate USB device [ 2674.766727][T22759] usb 4-1: USB disconnect, device number 56 [ 2674.840235][ T2453] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8297'. [ 2677.436896][ T5892] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 2677.599096][ T5892] usb 3-1: Using ep0 maxpacket: 32 [ 2677.606887][ T5892] usb 3-1: config 0 interface 0 has no altsetting 0 [ 2677.613930][ T5892] usb 3-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 2677.629085][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2677.646085][ T5892] usb 3-1: config 0 descriptor?? [ 2677.718388][ T5892] usb 3-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state [ 2677.800650][ T5892] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 2677.840684][ T5892] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+) [ 2677.849765][ T5892] usb 3-1: media controller created [ 2677.874396][ T5892] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2677.898428][ T9] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 2678.350899][ T9] usb 4-1: config 0 has no interfaces? [ 2678.367739][ T9] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 2678.378503][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2678.387123][ T9] usb 4-1: Product: syz [ 2678.392198][ T9] usb 4-1: Manufacturer: syz [ 2678.406952][ T9] usb 4-1: SerialNumber: syz [ 2678.424539][ T9] usb 4-1: config 0 descriptor?? [ 2678.449335][ T2492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2678.462381][ T2492] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2678.722927][ T5892] set interface failed [ 2678.722963][ T5892] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 2678.734407][ T5892] error writing reg: 0xff, val: 0x00 [ 2678.775394][ T5892] dvb_usb_mxl111sf 3-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 2678.800476][ T5892] usb 3-1: USB disconnect, device number 5 [ 2679.740329][ T979] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 2679.899960][ T979] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 2679.922649][ T979] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2679.950176][ T979] usb 3-1: config 0 descriptor?? [ 2680.587472][ T979] usb 3-1: Cannot read MAC address [ 2680.599025][ T979] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 2680.657401][ T979] usb 3-1: USB disconnect, device number 6 [ 2680.698885][ T9] usb 4-1: USB disconnect, device number 57 [ 2681.096734][ T9] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 2681.250714][ T9] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 2681.262767][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2681.271656][ T9] usb 4-1: Product: syz [ 2681.280832][ T9] usb 4-1: Manufacturer: syz [ 2681.285994][ T9] usb 4-1: SerialNumber: syz [ 2681.301254][ T9] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 2681.322140][ T979] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 2681.532786][ T2544] random: crng reseeded on system resumption [ 2681.674525][ T2551] batadv_slave_0: entered promiscuous mode [ 2682.626889][ T9] usb 4-1: USB disconnect, device number 58 [ 2682.641577][ T979] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 2682.683454][ T979] ath9k_htc: Failed to initialize the device [ 2682.701682][ T9] usb 4-1: ath9k_htc: USB layer deinitialized [ 2682.736298][T24999] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 2682.744778][ C0] raw-gadget.2 gadget.2: ignoring, device is not running [ 2682.887092][T24999] usb 3-1: device descriptor read/64, error -32 [ 2683.136884][T24999] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 2683.286880][T24999] usb 3-1: device descriptor read/64, error -71 [ 2683.407059][T24999] usb usb3-port1: attempt power cycle [ 2683.757283][T24999] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 2683.793925][T24999] usb 3-1: device descriptor read/8, error -71 [ 2684.046679][T24999] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 2684.066982][T24999] usb 3-1: device descriptor read/8, error -71 [ 2684.182639][T24999] usb usb3-port1: unable to enumerate USB device [ 2684.803345][ T2604] netlink: 52 bytes leftover after parsing attributes in process `syz.0.8338'. [ 2686.418237][ T2599] syz.2.8336: vmalloc error: size 566231040, failed to allocated page array size 1105920, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=syz2,mems_allowed=0-1 [ 2686.457364][ T2599] CPU: 1 UID: 0 PID: 2599 Comm: syz.2.8336 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 2686.457397][ T2599] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2686.457412][ T2599] Call Trace: [ 2686.457423][ T2599] [ 2686.457433][ T2599] dump_stack_lvl+0x189/0x250 [ 2686.457487][ T2599] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2686.457523][ T2599] ? __pfx__printk+0x10/0x10 [ 2686.457549][ T2599] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2686.457582][ T2599] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2686.457619][ T2599] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 2686.457655][ T2599] warn_alloc+0x214/0x310 [ 2686.457697][ T2599] ? __pfx_warn_alloc+0x10/0x10 [ 2686.457740][ T2599] ? __get_vm_area_node+0x28f/0x300 [ 2686.457773][ T2599] ? vb2_vmalloc_alloc+0xef/0x340 [ 2686.457808][ T2599] __vmalloc_node_range_noprof+0x67e/0x1340 [ 2686.457875][ T2599] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 2686.457910][ T2599] ? vb2_vmalloc_alloc+0xb2/0x340 [ 2686.457941][ T2599] ? __kasan_kmalloc+0x93/0xb0 [ 2686.457974][ T2599] vmalloc_user_noprof+0xad/0xf0 [ 2686.458005][ T2599] ? vb2_vmalloc_alloc+0xef/0x340 [ 2686.458034][ T2599] vb2_vmalloc_alloc+0xef/0x340 [ 2686.458063][ T2599] ? __pfx_vb2_vmalloc_alloc+0x10/0x10 [ 2686.458094][ T2599] __vb2_queue_alloc+0x9bf/0x15a0 [ 2686.458150][ T2599] vb2_core_reqbufs+0xc31/0x1420 [ 2686.458198][ T2599] ? __pfx_vb2_core_reqbufs+0x10/0x10 [ 2686.458235][ T2599] ? __vb2_init_fileio+0x1e8/0xff0 [ 2686.458269][ T2599] __vb2_init_fileio+0x318/0xff0 [ 2686.458317][ T2599] ? __pfx___mutex_lock+0x10/0x10 [ 2686.458346][ T2599] __vb2_perform_fileio+0x284/0x1600 [ 2686.458395][ T2599] vb2_fop_read+0x273/0x360 [ 2686.458431][ T2599] v4l2_read+0x199/0x2c0 [ 2686.458460][ T2599] ? __pfx_v4l2_read+0x10/0x10 [ 2686.458496][ T2599] vfs_read+0x200/0x980 [ 2686.458532][ T2599] ? __pfx_vfs_read+0x10/0x10 [ 2686.458560][ T2599] ? __fget_files+0x2a/0x420 [ 2686.458595][ T2599] ? __fget_files+0x2a/0x420 [ 2686.458624][ T2599] ? __fget_files+0x3a0/0x420 [ 2686.458654][ T2599] ? __fget_files+0x2a/0x420 [ 2686.458696][ T2599] ksys_pread64+0x126/0x1c0 [ 2686.458726][ T2599] ? __pfx_ksys_pread64+0x10/0x10 [ 2686.458757][ T2599] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2686.458783][ T2599] ? __ia32_sys_ia32_pread64+0x20/0xd0 [ 2686.458814][ T2599] __do_fast_syscall_32+0xb6/0x2b0 [ 2686.458840][ T2599] ? asm_int80_emulation+0x1a/0x20 [ 2686.458862][ T2599] ? do_int80_emulation+0x1f3/0x390 [ 2686.458892][ T2599] do_fast_syscall_32+0x34/0x80 [ 2686.458917][ T2599] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2686.458945][ T2599] RIP: 0023:0xf7f96539 [ 2686.458965][ T2599] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2686.458987][ T2599] RSP: 002b:00000000f507455c EFLAGS: 00000206 ORIG_RAX: 00000000000000b4 [ 2686.459011][ T2599] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000180 [ 2686.459028][ T2599] RDX: 0000000000000051 RSI: 0000000000000000 RDI: 0000000000000000 [ 2686.459043][ T2599] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2686.459056][ T2599] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2686.459071][ T2599] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2686.459103][ T2599] [ 2686.459203][ T2599] Mem-Info: [ 2686.832097][ T2599] active_anon:6169 inactive_anon:1 isolated_anon:0 [ 2686.832097][ T2599] active_file:24996 inactive_file:5075 isolated_file:0 [ 2686.832097][ T2599] unevictable:768 dirty:144 writeback:0 [ 2686.832097][ T2599] slab_reclaimable:11854 slab_unreclaimable:119892 [ 2686.832097][ T2599] mapped:35273 shmem:2389 pagetables:936 [ 2686.832097][ T2599] sec_pagetables:0 bounce:0 [ 2686.832097][ T2599] kernel_misc_reclaimable:0 [ 2686.832097][ T2599] free:1296499 free_pcp:1729 free_cma:0 [ 2686.884104][ T2599] Node 0 active_anon:24676kB inactive_anon:4kB active_file:99984kB inactive_file:20164kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:141092kB dirty:576kB writeback:0kB shmem:8020kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:13312kB pagetables:3744kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 2686.923587][ T2599] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 2686.936400][ T9] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 2686.989698][ T2599] Node 0 DMA free:15360kB boost:0kB min:204kB low:252kB high:300kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 2687.024555][ T2599] lowmem_reserve[]: 0 2501 2503 2503 2503 [ 2687.041104][ T2599] Node 0 DMA32 free:1258340kB boost:0kB min:34264kB low:42828kB high:51392kB reserved_highatomic:0KB active_anon:24668kB inactive_anon:4kB active_file:99836kB inactive_file:18556kB unevictable:1536kB writepending:692kB present:3129332kB managed:2561256kB mlocked:0kB bounce:0kB free_pcp:256kB local_pcp:0kB free_cma:0kB [ 2687.076818][ T2599] lowmem_reserve[]: 0 0 1 1 1 [ 2687.092117][ T2599] Node 0 Normal free:24kB boost:0kB min:24kB low:28kB high:32kB reserved_highatomic:0KB active_anon:92kB inactive_anon:0kB active_file:148kB inactive_file:1604kB unevictable:0kB writepending:0kB present:1048580kB managed:1900kB mlocked:0kB bounce:0kB free_pcp:32kB local_pcp:24kB free_cma:0kB [ 2687.172145][ T2599] lowmem_reserve[]: 0 0 0 0 0 [ 2687.178601][ T2599] Node 1 Normal free:3917028kB boost:0kB min:55612kB low:69512kB high:83412kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:136kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:6144kB local_pcp:6144kB free_cma:0kB [ 2687.212154][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 2687.219412][ T2599] lowmem_reserve[]: 0 0 0 0 0 [ 2687.222710][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 2687.235524][ T9] usb 4-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 2687.245807][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2687.265705][ T9] usb 4-1: config 0 descriptor?? [ 2687.285323][ T2599] Node 0 DMA: 0*4kB [ 2687.289109][ T9] usb 4-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state [ 2687.338462][ T9] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 2687.353839][ T9] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+) [ 2687.363417][ T9] usb 4-1: media controller created [ 2687.414124][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2687.479851][ T2599] 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 2687.505493][ T2599] Node 0 DMA32: 2*4kB (ME) 956*8kB (UME) 920*16kB (ME) 462*32kB (ME) 243*64kB (UME) 87*128kB (UME) 56*256kB (UME) 107*512kB (UME) 32*1024kB (UME) 6*2048kB (UME) 263*4096kB (UM) = 1255272kB [ 2687.538855][ T2641] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2687.550672][ T2641] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2687.557841][ T2599] Node 0 Normal: 2*4kB (M) 2*8kB (M) 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 24kB [ 2687.571601][ T2599] Node 1 Normal: 210*4kB (UME) 54*8kB (UME) 40*16kB (UME) 213*32kB (UME) 108*64kB (UME) 30*128kB (UME) 21*256kB (UME) 6*512kB (UME) 4*1024kB (UME) 1*2048kB (E) 948*4096kB (M) = 3917080kB [ 2687.590447][ T2599] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2687.600642][ T2599] Node 0 hugepages_total=3 hugepages_free=3 hugepages_surp=0 hugepages_size=2048kB [ 2687.611174][ T2599] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 2687.620878][ T2599] Node 1 hugepages_total=1 hugepages_free=1 hugepages_surp=0 hugepages_size=2048kB [ 2687.632372][ T2599] 32456 total pagecache pages [ 2687.637178][ T2599] 1 pages in swap cache [ 2687.641375][ T2599] Free swap = 124992kB [ 2687.645561][ T2599] Total swap = 124996kB [ 2687.649938][ T2599] 2097051 pages RAM [ 2687.653771][ T2599] 0 pages HighMem/MovableOnly [ 2687.658876][ T2599] 424631 pages reserved [ 2687.663064][ T2599] 0 pages cma reserved [ 2687.803362][ T2656] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2687.812358][ T2656] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2689.611586][ T9] set interface failed [ 2689.611624][ T9] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 2689.654933][ T9] error writing reg: 0xff, val: 0x00 [ 2689.788652][ T9] dvb_usb_mxl111sf 4-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 2689.879546][ T9] usb 4-1: USB disconnect, device number 59 [ 2690.267641][ T2706] 8021q: adding VLAN 0 to HW filter on device bond9 [ 2693.015820][ T2757] netlink: 52 bytes leftover after parsing attributes in process `syz.2.8382'. [ 2693.724959][ T2777] 8021q: adding VLAN 0 to HW filter on device bond12 [ 2694.467046][ T9] usb 4-1: new full-speed USB device number 60 using dummy_hcd [ 2694.633921][ T9] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2694.654355][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 2694.701654][ T9] usb 4-1: New USB device found, idVendor=1b1c, idProduct=1c07, bcdDevice= 0.00 [ 2694.724551][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2694.752646][ T9] usb 4-1: config 0 descriptor?? [ 2694.772401][ T9] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 2694.985904][ T2793] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2695.000396][ T2793] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2695.266066][ T2807] 8021q: adding VLAN 0 to HW filter on device bond8 [ 2695.419531][ T2823] [U]  [ 2695.422880][ T2823] [U] K{ [ 2695.425910][ T2823] [U] t 1ŠFfˊ`GJgo/mC [ 2695.432861][ T2823] [U] tؖ/,~Ĝj}8'o1"7-JQKWq5c%"H12YX``+(!(z'tXlnIgjݭp~7!" (5Ob̓J [ 2695.448424][ T2823] [U] k\&}66XHX .`a$40|϶9ި U4Vbz}wMTQΦr 4 [ 2695.458876][ T2823] [U] ".h6"k[J4In[Z(C|T]z{3c=x4w)\TXJSH{q;칢t+gd.˂>ywUhfNhl]S2\g%O&z)'pul_< ذ`ұT;_"(u{7j2X /'cIHcճV=Ai%wEs RjgrhIa6-DV i"n Asc~48c*OO5/J~wvK+3Y)Mvyq潀DTrOtpem%fejA5T_-X~^aaۂq [ 2695.494607][ T2823] [U] +wG?]'a: )' B>tf/<'U'hi.+]e.-ɿ%>2`^U8F.63+A«g3p6:^0tv'EtYCnrϩnPj ;Z8!\Aʖ2$­wi.#/Bai`4jdy@zgW5˿B ٜNy"vI2 [ 2695.518147][ T2823] [U] T_K5tYJ9c$brLNul 9w|G"ʃ%C؝q 3qN^HP*$ .7yӱ2 [ 2695.529280][ T2823] [U] ? h*37鍾^#Q"0~ (oX Lb,'v=CSGS0ւ`ه=1(p#2DO*Ƀ [ 2695.540943][ T2823] [U] sgGud-{|&2Lc_!`oz֥B%>rwSsH"yA4O.Y䏄RTԶB[+/<>{q_՝LX8U{Z)7?rR;crhײڣ1>)Măt(aϝ}9ڥJ*Mќġ'Lq DW=|q ÆW;5Ž!dBx`/E`ƦMX"\ [ 2695.647745][ T2823] [U] {; ٘_o2)o.2W2yx_ HPϱSD:]{ [ 2695.656458][ T2823] [U] I,> 51^1N4oǶ'0?֒i9w._.WaV`)Zc6GiӹaXL[F*OW)+'\n[K@2Ǭp"^` [ 2695.670029][ T2823] [U] 22Ʃx?0;3u [ 2695.674198][ T2823] [U] ޜsObx8W4(~/KUԖoQe+G-ygY_>v3.hә]̈́2)D, D~d+w; A\FPȘ|$)KؐIɿkYT^R癵A=#ܜ aet1ݯ4K.e"RS|s:>p r"z#P!KY"}FN84hޱosߙ̫%Dlwm [ 2695.699132][ T2823] [U] [['xn' ,mr/1D=!Dx91BwRlfKZ#` l؛˜b~m [ 2695.708446][ T2823] [U] L>d+d"5h3<iR=F^fnvDOIO:U>Y [ 2695.717140][ T2823] [U] 'B6v20瞥׌"t8{9FW]쩍 [ 2695.723318][ T2823] [U] 72uC6τI]8ctۨQSkYI |V'TV/g$[ 9kh`"}[^=0]%̂TF_v4C [ 2695.735653][ T2823] [U] ec [ 2695.738790][ T2823] [U] |<:^3$7nK~-@?/mtl۾Iw@g~t{P+$jp| IRipm Y 8tV,l, [ 2695.823370][ T2822] [U] K)0~ʪiP'fzr @B]5{ʼ'8ƥFUTqUdǩK;70c[yYCذmL8T͚5rxW xoQhVi'8L [ 2696.149972][ T2838] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8403'. [ 2696.206700][ T2838] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8403'. [ 2696.227472][ T2838] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8403'. [ 2697.170408][ T979] usb 4-1: USB disconnect, device number 60 [ 2699.586702][ T5892] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 2699.806391][ T5892] usb 4-1: Using ep0 maxpacket: 16 [ 2699.886154][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2699.901795][ T5892] usb 4-1: New USB device found, idVendor=05ac, idProduct=024b, bcdDevice= 0.00 [ 2699.915290][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2700.020476][ T5892] usb 4-1: config 0 descriptor?? [ 2700.530790][ T5892] apple 0003:05AC:024B.0083: item fetching failed at offset 2/69 [ 2700.570540][ T5892] apple 0003:05AC:024B.0083: parse failed [ 2700.576562][ T5892] apple 0003:05AC:024B.0083: probe with driver apple failed with error -22 [ 2700.718766][ T9] usb 4-1: USB disconnect, device number 61 [ 2700.989080][ T2909] netlink: 40 bytes leftover after parsing attributes in process `syz.0.8423'. [ 2701.555534][ T2921] netlink: 'syz.3.8426': attribute type 2 has an invalid length. [ 2701.566844][ T2921] netlink: 132 bytes leftover after parsing attributes in process `syz.3.8426'. [ 2702.016319][ T5892] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 2702.166401][ T5892] usb 4-1: Using ep0 maxpacket: 32 [ 2702.174375][ T5892] usb 4-1: config 0 has an invalid interface number: 74 but max is 1 [ 2702.189458][ T5892] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2702.205624][ T5892] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 2702.216989][ T5892] usb 4-1: config 0 has no interface number 0 [ 2702.228007][ T5892] usb 4-1: New USB device found, idVendor=07fd, idProduct=0004, bcdDevice=8e.fa [ 2702.237762][ T5892] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2702.249367][ T5892] usb 4-1: Product: syz [ 2702.255241][ T5892] usb 4-1: Manufacturer: syz [ 2702.260067][ T5892] usb 4-1: SerialNumber: syz [ 2702.284921][ T5892] usb 4-1: config 0 descriptor?? [ 2702.499985][ T2928] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8428'. [ 2702.509332][ T2928] netlink: 28 bytes leftover after parsing attributes in process `syz.3.8428'. [ 2702.528964][ T2928] ip6gretap0: entered promiscuous mode [ 2702.535664][ T2928] syz_tun: entered promiscuous mode [ 2702.557931][ T9] usb 4-1: USB disconnect, device number 62 [ 2702.721888][ T2946] tipc: Enabling of bearer rejected, failed to enable media [ 2702.755371][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 2702.755941][ T30] audit: type=1804 audit(1748665260.101:21013): pid=2946 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.8434" name="/newroot/425/bus" dev="tmpfs" ino=2244 res=1 errno=0 [ 2702.783590][ C1] vkms_vblank_simulate: vblank timer overrun [ 2705.306634][ T9] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 2705.486655][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 2705.493942][ T9] usb 4-1: config 0 interface 0 has no altsetting 0 [ 2705.500762][ T9] usb 4-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 2705.510049][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2705.536970][ T9] usb 4-1: config 0 descriptor?? [ 2705.549394][ T9] usb 4-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state [ 2705.575046][ T9] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 2705.593496][ T9] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+) [ 2705.602103][ T9] usb 4-1: media controller created [ 2705.624022][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2705.751470][ T2982] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2705.760697][ T2982] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2706.004368][ T2991] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2706.031675][ T2991] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2706.859813][ T2998] xt_CT: No such helper "netbios-ns" [ 2708.336607][ T9] set interface failed [ 2708.336646][ T9] usb 4-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 2708.403094][ T9] error writing reg: 0xff, val: 0x00 [ 2708.582832][ T9] dvb_usb_mxl111sf 4-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 2709.046370][ T9] usb 4-1: USB disconnect, device number 63 [ 2709.283470][ T3027] xt_CT: No such helper "netbios-ns" [ 2709.806120][ T3042] 8021q: adding VLAN 0 to HW filter on device bond11 [ 2710.481240][ T3054] netlink: 40 bytes leftover after parsing attributes in process `syz.2.8473'. [ 2712.439876][ T3065] netlink: 36 bytes leftover after parsing attributes in process `syz.3.8477'. [ 2712.989649][ T3078] 8021q: adding VLAN 0 to HW filter on device bond10 [ 2713.371037][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 2713.380284][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 2714.576454][ T3110] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8489'. [ 2715.246832][ T9874] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 2715.431735][ T9874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2715.447474][ T9874] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2715.458621][ T9874] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 2715.487901][ T9874] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2715.560935][ T9874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2715.577925][ T9874] usb 4-1: config 0 descriptor?? [ 2715.603298][ T3116] team_slave_0: entered promiscuous mode [ 2715.609111][ T3116] team_slave_1: entered promiscuous mode [ 2715.657271][ T3116] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 2715.678744][ T3116] team0: Device macvlan2 is already an upper device of the team interface [ 2715.692615][ T3116] team_slave_0: left promiscuous mode [ 2715.698384][ T3116] team_slave_1: left promiscuous mode [ 2716.789127][ T3130] netlink: 52 bytes leftover after parsing attributes in process `syz.1.8495'. [ 2717.075127][ T3142] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8500'. [ 2717.863719][ T9874] usbhid 4-1:0.0: can't add hid device: -71 [ 2717.873555][ T9874] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 2717.886023][ T9874] usb 4-1: USB disconnect, device number 64 [ 2718.919139][ T3178] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8511'. [ 2720.118604][ T3201] netlink: 52 bytes leftover after parsing attributes in process `syz.4.8518'. [ 2721.026419][T22759] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 2721.186298][T22759] usb 3-1: Using ep0 maxpacket: 32 [ 2721.193840][T22759] usb 3-1: config 0 interface 0 has no altsetting 0 [ 2721.201193][T22759] usb 3-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 2721.210757][T22759] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2721.224448][T22759] usb 3-1: config 0 descriptor?? [ 2721.243306][T22759] usb 3-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state [ 2721.254392][T22759] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 2721.269653][T22759] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+) [ 2721.278570][T22759] usb 3-1: media controller created [ 2721.302740][T22759] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2721.442809][ T3216] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2721.459117][ T3216] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2721.615992][ T3222] netlink: 8 bytes leftover after parsing attributes in process `syz.1.8525'. [ 2722.442081][ T3216] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2722.473602][ T3216] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2722.513225][ T3232] netlink: 52 bytes leftover after parsing attributes in process `syz.0.8529'. [ 2723.089792][T22759] set interface failed [ 2723.089832][T22759] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 2723.124763][T22759] error writing reg: 0xff, val: 0x00 [ 2723.190615][T22759] dvb_usb_mxl111sf 3-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 2723.287613][T22759] usb 3-1: USB disconnect, device number 11 [ 2724.216094][ T3264] 0{X: left allmulticast mode [ 2724.643815][ T3264] wg2: left promiscuous mode [ 2724.685537][ T3264] batadv_slave_0: left promiscuous mode [ 2724.739107][ T3264] net veth1_virt_wifi virt_wifi0: left promiscuous mode [ 2724.746108][ T3264] net veth1_virt_wifi virt_wifi0: left allmulticast mode [ 2724.808931][ T3264] netdevsim netdevsim2 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2724.818720][ T3264] netdevsim netdevsim2 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2724.832177][ T3264] netdevsim netdevsim2 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2724.841704][ T3264] netdevsim netdevsim2 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 2724.883997][ T3264] netdevsim netdevsim2 netdevsim0: unset [0, 0] type 1 family 0 port 8472 - 0 [ 2724.894317][ T3264] netdevsim netdevsim2 netdevsim1: unset [0, 0] type 1 family 0 port 8472 - 0 [ 2724.904107][ T3264] netdevsim netdevsim2 netdevsim2: unset [0, 0] type 1 family 0 port 8472 - 0 [ 2724.913118][ T3264] netdevsim netdevsim2 netdevsim3: unset [0, 0] type 1 family 0 port 8472 - 0 [ 2725.258837][ T3288] netlink: 48 bytes leftover after parsing attributes in process `syz.4.8548'. [ 2725.321177][ T3289] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8548'. [ 2725.993882][ T3296] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8551'. [ 2727.522986][ T3320] netlink: 48 bytes leftover after parsing attributes in process `syz.3.8556'. [ 2727.572505][ T3320] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8556'. [ 2727.979152][ T3304] syz.4.8554 (3304): drop_caches: 2 [ 2729.036037][ T3332] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8569'. [ 2730.529412][ T3363] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8567'. [ 2730.805081][ T3369] pim6reg1: entered promiscuous mode [ 2730.810682][ T3369] pim6reg1: entered allmulticast mode [ 2731.043982][ T3371] 8021q: adding VLAN 0 to HW filter on device bond16 [ 2731.306464][ T2282] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 2731.476571][ T2282] usb 3-1: Using ep0 maxpacket: 32 [ 2731.486900][ T2282] usb 3-1: config 0 interface 0 has no altsetting 0 [ 2731.493598][ T2282] usb 3-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 2731.503953][ T2282] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2731.516874][ T2282] usb 3-1: config 0 descriptor?? [ 2731.535998][ T2282] usb 3-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state [ 2731.551515][ T2282] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 2731.564540][ T2282] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+) [ 2731.573859][ T2282] usb 3-1: media controller created [ 2731.615081][ T2282] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2731.703405][ T30] audit: type=1326 audit(1748665289.051:21014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3377 comm="syz.3.8574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000 [ 2731.752443][ T30] audit: type=1326 audit(1748665289.081:21015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3377 comm="syz.3.8574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3539 code=0x7ffc0000 [ 2731.807466][ T30] audit: type=1326 audit(1748665289.081:21016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3377 comm="syz.3.8574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000 [ 2731.836728][ T30] audit: type=1326 audit(1748665289.081:21017): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3377 comm="syz.3.8574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000 [ 2731.867654][ T30] audit: type=1326 audit(1748665289.081:21018): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3377 comm="syz.3.8574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000 [ 2731.967007][ T30] audit: type=1326 audit(1748665289.081:21019): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3377 comm="syz.3.8574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3539 code=0x7ffc0000 [ 2731.994257][ T30] audit: type=1326 audit(1748665289.081:21020): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3377 comm="syz.3.8574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000 [ 2732.056496][ T3376] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2732.092940][ T30] audit: type=1326 audit(1748665289.081:21021): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3377 comm="syz.3.8574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7ff3539 code=0x7ffc0000 [ 2732.159699][ T30] audit: type=1326 audit(1748665289.081:21022): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3377 comm="syz.3.8574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000 [ 2732.190960][ T30] audit: type=1326 audit(1748665289.081:21023): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3377 comm="syz.3.8574" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7ff3558 code=0x7ffc0000 [ 2732.334355][ T3376] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2733.622402][ T3401] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2733.632283][ T3401] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2733.864759][ T3406] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8578'. [ 2733.878630][ T3408] sctp: [Deprecated]: syz.1.8580 (pid 3408) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2733.878630][ T3408] Use struct sctp_sack_info instead [ 2733.891207][ T3406] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8578'. [ 2733.947400][ T3406] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8578'. [ 2733.975008][ T3409] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8580'. [ 2734.278866][ T3417] pim6reg1: entered promiscuous mode [ 2734.284241][ T3417] pim6reg1: entered allmulticast mode [ 2734.650845][ T3429] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8585'. [ 2734.812422][ T3428] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 2735.013042][ T3434] netlink: 'syz.0.8587': attribute type 10 has an invalid length. [ 2735.739921][ T3447] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8590'. [ 2735.752544][ T3447] netlink: 16 bytes leftover after parsing attributes in process `syz.0.8590'. [ 2736.403735][ T3456] netlink: 52 bytes leftover after parsing attributes in process `syz.1.8593'. [ 2736.717844][ T2282] set interface failed [ 2736.717882][ T2282] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 2736.736966][ T2282] error writing reg: 0xff, val: 0x00 [ 2736.796836][ T2282] dvb_usb_mxl111sf 3-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 2736.815753][ T2282] usb 3-1: USB disconnect, device number 12 [ 2737.589268][ T3464] 8021q: adding VLAN 0 to HW filter on device bond12 [ 2738.387628][ T30] kauditd_printk_skb: 130 callbacks suppressed [ 2738.387645][ T30] audit: type=1326 audit(1748665295.721:21154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3485 comm="syz.4.8599" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb2558 code=0x7ffc0000 [ 2738.516271][ T30] audit: type=1326 audit(1748665295.721:21155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3485 comm="syz.4.8599" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2738.539761][ T30] audit: type=1326 audit(1748665295.721:21156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3485 comm="syz.4.8599" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb2558 code=0x7ffc0000 [ 2738.581246][ T30] audit: type=1326 audit(1748665295.721:21157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3485 comm="syz.4.8599" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2738.607563][ T30] audit: type=1326 audit(1748665295.721:21158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3485 comm="syz.4.8599" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb2558 code=0x7ffc0000 [ 2738.633590][ T30] audit: type=1326 audit(1748665295.721:21159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3485 comm="syz.4.8599" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2738.718098][ T30] audit: type=1326 audit(1748665295.721:21160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3485 comm="syz.4.8599" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb2558 code=0x7ffc0000 [ 2738.862920][ T30] audit: type=1326 audit(1748665295.721:21161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3485 comm="syz.4.8599" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2739.076371][ T30] audit: type=1326 audit(1748665295.721:21162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3485 comm="syz.4.8599" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fb2539 code=0x7ffc0000 [ 2739.119806][ T30] audit: type=1326 audit(1748665295.721:21163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3485 comm="syz.4.8599" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fb2558 code=0x7ffc0000 [ 2739.531860][ T3494] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8601'. [ 2740.226628][ T3501] netlink: 8 bytes leftover after parsing attributes in process `syz.2.8602'. [ 2740.263463][ T3500] netlink: 72 bytes leftover after parsing attributes in process `syz.4.8603'. [ 2740.826273][ T2282] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 2741.009237][ T2282] usb 3-1: Using ep0 maxpacket: 32 [ 2741.139078][ T2282] usb 3-1: config 0 interface 0 has no altsetting 0 [ 2741.145900][ T2282] usb 3-1: New USB device found, idVendor=2040, idProduct=c603, bcdDevice= 1.8e [ 2741.195245][ T2282] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2741.273198][ T2282] usb 3-1: config 0 descriptor?? [ 2741.380582][ T2282] usb 3-1: dvb_usb_v2: found a 'Hauppauge 126xxx ATSC+' in warm state [ 2741.411235][ T2282] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 2741.438636][ T2282] dvbdev: DVB: registering new adapter (Hauppauge 126xxx ATSC+) [ 2741.451297][ T2282] usb 3-1: media controller created [ 2741.484037][ T2282] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 2741.520965][ T3506] syz.1.8606 (3506): drop_caches: 2 [ 2741.701849][ T3511] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2741.718818][ T3511] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2742.176110][ T3531] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2742.185763][ T3531] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2742.492250][ T3539] tipc: Enabling of bearer rejected, failed to enable media [ 2743.854620][ T2282] set interface failed [ 2743.854667][ T2282] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 2743.898818][ T2282] error writing reg: 0xff, val: 0x00 [ 2743.969650][ T2282] dvb_usb_mxl111sf 3-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 2744.002209][ T3541] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8617'. [ 2744.014121][ T2282] usb 3-1: USB disconnect, device number 13 [ 2744.029167][ T3541] netlink: 4 bytes leftover after parsing attributes in process `syz.4.8617'. [ 2744.203163][ T3545] fuse: Bad value for 'user_id' [ 2744.209295][ T3545] fuse: Bad value for 'user_id' [ 2745.316326][ T2282] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 2745.598623][ T2282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2745.612668][ T2282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2745.624355][ T2282] usb 4-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.00 [ 2745.637712][ T2282] usb 4-1: New USB device strings: Mfr=0, Product=2, SerialNumber=0 [ 2745.645888][ T2282] usb 4-1: Product: syz [ 2745.655072][ T2282] usb 4-1: config 0 descriptor?? [ 2745.926483][T11609] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 2746.120678][T11609] usb 3-1: config 0 has an invalid interface number: 3 but max is 0 [ 2746.146032][T11609] usb 3-1: config 0 has no interface number 0 [ 2746.173474][T11609] usb 3-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=98.59 [ 2746.212337][T11609] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2746.246964][T11609] usb 3-1: config 0 descriptor?? [ 2746.265693][T11609] hub 3-1:0.3: bad descriptor, ignoring hub [ 2746.272437][T11609] hub 3-1:0.3: probe with driver hub failed with error -5 [ 2746.281281][T11609] sierra 3-1:0.3: Sierra USB modem converter detected [ 2746.295640][ T3573] input: syz1 as /devices/virtual/input/input70 [ 2746.350424][ T3576] netlink: 'syz.0.8628': attribute type 58 has an invalid length. [ 2746.385025][ T3576] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8628'. [ 2747.647919][ T3589] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2747.655237][ T3589] IPv6: NLM_F_CREATE should be set when creating new route [ 2747.944924][T11609] usb 3-1: Sierra USB modem converter now attached to ttyUSB0 [ 2748.020233][T11609] usb 3-1: USB disconnect, device number 14 [ 2748.039734][T11609] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 2748.051250][T11609] sierra 3-1:0.3: device disconnected [ 2748.416002][ T3595] netlink: 'syz.2.8631': attribute type 27 has an invalid length. [ 2748.596810][ T5892] usb 4-1: USB disconnect, device number 65 [ 2749.713812][ T3621] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8641'. [ 2749.724184][ T3621] bridge_slave_1: left allmulticast mode [ 2749.730458][ T3621] bridge_slave_1: left promiscuous mode [ 2749.736734][ T3621] bridge0: port 2(bridge_slave_1) entered disabled state [ 2749.750891][ T3621] bridge_slave_0: left promiscuous mode [ 2749.758432][ T3621] bridge0: port 1(bridge_slave_0) entered disabled state [ 2750.036640][T22759] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 2750.198703][T22759] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 2750.207105][T22759] usb 4-1: config 0 has no interface number 0 [ 2750.213329][T22759] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2750.225129][T22759] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2750.235369][T22759] usb 4-1: config 0 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 2750.254013][T22759] usb 4-1: New USB device found, idVendor=28bd, idProduct=0042, bcdDevice= 0.00 [ 2750.263954][T22759] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2750.274826][T22759] usb 4-1: config 0 descriptor?? [ 2750.895497][T22759] input: HID 28bd:0042 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.1/0003:28BD:0042.0084/input/input71 [ 2750.989392][T22759] uclogic 0003:28BD:0042.0084: input,hidraw0: USB HID v0.00 Keypad [HID 28bd:0042] on usb-dummy_hcd.3-1/input1 [ 2751.041462][ T3633] netlink: 'syz.1.8646': attribute type 1 has an invalid length. [ 2751.141883][ T3635] bond11: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 2751.165388][T12645] bond11: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 2751.167890][ T3633] 8021q: adding VLAN 0 to HW filter on device bond11 [ 2751.244971][ T3636] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2751.261408][ T3636] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2751.277535][T12645] bond11: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 2751.314910][T11609] usb 4-1: USB disconnect, device number 66 [ 2751.544476][ T3646] netlink: 'syz.3.8651': attribute type 4 has an invalid length. [ 2752.206253][T11609] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 2752.416609][T11609] usb 4-1: Using ep0 maxpacket: 8 [ 2752.445728][T11609] usb 4-1: unable to get BOS descriptor or descriptor too short [ 2752.465727][T11609] usb 4-1: config 9 has an invalid interface number: 5 but max is 0 [ 2752.482835][T11609] usb 4-1: config 9 has no interface number 0 [ 2752.506541][T11609] usb 4-1: config 9 interface 5 has no altsetting 0 [ 2752.729736][T11609] usb 4-1: New USB device found, idVendor=06f8, idProduct=b000, bcdDevice=5d.a8 [ 2752.760340][T11609] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2752.816677][T11609] usb 4-1: Product: syz [ 2752.832361][T11609] usb 4-1: Manufacturer: syz [ 2752.844268][T11609] usb 4-1: SerialNumber: syz [ 2754.147171][ T3680] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (128 ns). Using initial count to start timer. [ 2755.087796][ T3694] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8665'. [ 2755.313277][ T3698] FAULT_INJECTION: forcing a failure. [ 2755.313277][ T3698] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2755.327587][ T3698] CPU: 1 UID: 0 PID: 3698 Comm: syz.2.8667 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 2755.327620][ T3698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2755.327635][ T3698] Call Trace: [ 2755.327644][ T3698] [ 2755.327654][ T3698] dump_stack_lvl+0x189/0x250 [ 2755.327697][ T3698] ? __pfx____ratelimit+0x10/0x10 [ 2755.327720][ T3698] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2755.327755][ T3698] ? __pfx__printk+0x10/0x10 [ 2755.327779][ T3698] ? __might_fault+0xb0/0x130 [ 2755.327822][ T3698] should_fail_ex+0x414/0x560 [ 2755.327852][ T3698] _copy_from_user+0x2d/0xb0 [ 2755.327886][ T3698] __ia32_compat_sys_socketcall+0x14f/0x9c0 [ 2755.327922][ T3698] ? __fget_files+0x3a0/0x420 [ 2755.327958][ T3698] ? __pfx___ia32_compat_sys_socketcall+0x10/0x10 [ 2755.327991][ T3698] ? fput+0xa0/0xd0 [ 2755.328025][ T3698] ? ksys_write+0x22a/0x250 [ 2755.328059][ T3698] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2755.328085][ T3698] ? lockdep_hardirqs_on+0x9c/0x150 [ 2755.328109][ T3698] __do_fast_syscall_32+0xb6/0x2b0 [ 2755.328135][ T3698] ? lockdep_hardirqs_on+0x9c/0x150 [ 2755.328161][ T3698] do_fast_syscall_32+0x34/0x80 [ 2755.328185][ T3698] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2755.328212][ T3698] RIP: 0023:0xf7f96539 [ 2755.328233][ T3698] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2755.328252][ T3698] RSP: 002b:00000000f50b54d0 EFLAGS: 00000206 ORIG_RAX: 0000000000000066 [ 2755.328276][ T3698] RAX: ffffffffffffffda RBX: 0000000000000001 RCX: 00000000f50b54e0 [ 2755.328300][ T3698] RDX: 00000000f7422ff4 RSI: 000000000000002a RDI: 0000000000000000 [ 2755.328315][ T3698] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2755.328327][ T3698] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2755.328341][ T3698] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2755.328373][ T3698] [ 2755.531172][ C1] vkms_vblank_simulate: vblank timer overrun [ 2755.589112][T11609] usb 4-1: USB disconnect, device number 67 [ 2755.615352][ T3701] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2757.470303][ T3724] netlink: 72 bytes leftover after parsing attributes in process `syz.0.8678'. [ 2757.535262][ T30] kauditd_printk_skb: 284 callbacks suppressed [ 2757.535282][ T30] audit: type=1326 audit(1748665314.881:21448): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3727 comm="syz.1.8679" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x0 [ 2757.976800][ T9874] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 2758.131080][ T9874] usb 4-1: config 0 has no interfaces? [ 2758.140084][ T9874] usb 4-1: New USB device found, idVendor=1532, idProduct=010e, bcdDevice= 0.00 [ 2758.149546][ T9874] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2758.160544][ T9874] usb 4-1: config 0 descriptor?? [ 2758.379354][ T3742] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2758.395338][ T3742] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2758.431704][ T3742] bond_slave_1: entered promiscuous mode [ 2758.440389][ T3742] macsec1: entered promiscuous mode [ 2758.460692][ T3742] bond0: entered promiscuous mode [ 2758.465952][ T3742] bond3: entered promiscuous mode [ 2758.510651][ T3742] bond0: left promiscuous mode [ 2758.516720][ T3742] bond3: left promiscuous mode [ 2758.522103][ T3742] bond_slave_1: left promiscuous mode [ 2758.561354][ T3752] netlink: 12 bytes leftover after parsing attributes in process `syz.1.8686'. [ 2758.626265][T22759] usb 4-1: USB disconnect, device number 68 [ 2760.495995][ T3785] hsr0: entered promiscuous mode [ 2760.508945][ T3785] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8697'. [ 2760.637935][ T3785] hsr_slave_0: left promiscuous mode [ 2760.674862][ T3785] hsr_slave_1: left promiscuous mode [ 2760.749542][ T3785] hsr0 (unregistering): left promiscuous mode [ 2761.223089][ T3798] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8696'. [ 2761.234197][ T3798] netlink: 4 bytes leftover after parsing attributes in process `syz.2.8696'. [ 2761.676003][ T3802] netlink: 40 bytes leftover after parsing attributes in process `syz.4.8701'. [ 2762.134956][ T3821] netlink: 'syz.3.8709': attribute type 58 has an invalid length. [ 2762.143491][ T3821] netlink: 20 bytes leftover after parsing attributes in process `syz.3.8709'. [ 2762.212270][T22759] hid-generic 0000:0000:0000.0085: unknown main item tag 0x0 [ 2762.240592][T22759] hid-generic 0000:0000:0000.0085: hidraw0: HID v0.00 Device [syz1] on syz0 [ 2762.681474][ T3825] 8021q: adding VLAN 0 to HW filter on device bond13 [ 2762.840543][ T3833] netlink: 4 bytes leftover after parsing attributes in process `syz.3.8711'. [ 2763.426319][T22759] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 2763.587216][T22759] usb 4-1: Using ep0 maxpacket: 8 [ 2763.602909][T22759] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 2763.625384][T22759] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 2763.652630][T22759] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 2763.672975][T22759] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 2763.682234][T22759] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2763.690639][T22759] usb 4-1: Product: syz [ 2763.695065][T22759] usb 4-1: Manufacturer: syz [ 2763.699892][T22759] usb 4-1: SerialNumber: syz [ 2763.713600][ T3840] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 2763.959580][T22759] usblp 4-1:1.0: usblp0: USB Bidirectional printer dev 69 if 0 alt 0 proto 3 vid 0x0525 pid 0xA4A8 [ 2764.146074][ C0] usblp0: nonzero read bulk status received: -71 [ 2764.155675][ T3840] usblp0: error -71 reading from printer [ 2764.176206][ C0] usblp0: nonzero read bulk status received: -71 [ 2764.355761][ T9] usb 4-1: USB disconnect, device number 69 [ 2764.400022][ T9] usblp0: removed [ 2765.157815][ T3868] FAULT_INJECTION: forcing a failure. [ 2765.157815][ T3868] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2765.171179][ T3868] CPU: 0 UID: 0 PID: 3868 Comm: syz.2.8723 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 2765.171211][ T3868] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2765.171226][ T3868] Call Trace: [ 2765.171236][ T3868] [ 2765.171246][ T3868] dump_stack_lvl+0x189/0x250 [ 2765.171286][ T3868] ? __pfx____ratelimit+0x10/0x10 [ 2765.171309][ T3868] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2765.171351][ T3868] ? __pfx__printk+0x10/0x10 [ 2765.171376][ T3868] ? __might_fault+0xb0/0x130 [ 2765.171418][ T3868] should_fail_ex+0x414/0x560 [ 2765.171445][ T3868] _copy_from_iter+0x1db/0x16f0 [ 2765.171479][ T3868] ? rcu_is_watching+0x15/0xb0 [ 2765.171510][ T3868] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 2765.171542][ T3868] ? __pfx__copy_from_iter+0x10/0x10 [ 2765.171574][ T3868] ? __build_skb_around+0x257/0x3e0 [ 2765.171603][ T3868] ? netlink_sendmsg+0x642/0xb30 [ 2765.171759][ T3868] ? skb_put+0x11b/0x210 [ 2765.171807][ T3868] netlink_sendmsg+0x6b2/0xb30 [ 2765.171848][ T3868] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2765.171884][ T3868] ? __import_iovec+0x5d4/0x7f0 [ 2765.171916][ T3868] ? aa_sock_msg_perm+0x94/0x160 [ 2765.171944][ T3868] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2765.171970][ T3868] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2765.172003][ T3868] __sock_sendmsg+0x21c/0x270 [ 2765.172031][ T3868] ____sys_sendmsg+0x505/0x830 [ 2765.172069][ T3868] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2765.172119][ T3868] ___sys_sendmsg+0x21f/0x2a0 [ 2765.172155][ T3868] ? __pfx____sys_sendmsg+0x10/0x10 [ 2765.172227][ T3868] ? __fget_files+0x2a/0x420 [ 2765.172258][ T3868] ? __fget_files+0x3a0/0x420 [ 2765.172301][ T3868] __sys_sendmsg+0x164/0x220 [ 2765.172335][ T3868] ? __pfx___sys_sendmsg+0x10/0x10 [ 2765.172380][ T3868] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2765.172407][ T3868] ? lockdep_hardirqs_on+0x9c/0x150 [ 2765.172433][ T3868] __do_fast_syscall_32+0xb6/0x2b0 [ 2765.172461][ T3868] ? lockdep_hardirqs_on+0x9c/0x150 [ 2765.172487][ T3868] do_fast_syscall_32+0x34/0x80 [ 2765.172513][ T3868] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2765.172541][ T3868] RIP: 0023:0xf7f96539 [ 2765.172561][ T3868] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2765.172584][ T3868] RSP: 002b:00000000f509555c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2765.172609][ T3868] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 2765.172646][ T3868] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2765.172661][ T3868] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2765.172674][ T3868] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2765.172689][ T3868] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2765.172724][ T3868] [ 2765.712838][ T3874] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8726'. [ 2767.047578][ T3884] hsr0: entered promiscuous mode [ 2767.054402][ T3882] hsr0: left promiscuous mode [ 2767.259855][ T3887] netlink: 16 bytes leftover after parsing attributes in process `syz.2.8729'. [ 2768.021648][ T3899] FAULT_INJECTION: forcing a failure. [ 2768.021648][ T3899] name failslab, interval 1, probability 0, space 0, times 0 [ 2768.043769][ T3899] CPU: 1 UID: 0 PID: 3899 Comm: syz.0.8733 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 2768.043814][ T3899] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2768.043829][ T3899] Call Trace: [ 2768.043838][ T3899] [ 2768.043848][ T3899] dump_stack_lvl+0x189/0x250 [ 2768.043896][ T3899] ? __pfx____ratelimit+0x10/0x10 [ 2768.043919][ T3899] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2768.043953][ T3899] ? __pfx__printk+0x10/0x10 [ 2768.043984][ T3899] ? __pfx___might_resched+0x10/0x10 [ 2768.044017][ T3899] should_fail_ex+0x414/0x560 [ 2768.044047][ T3899] should_failslab+0xa8/0x100 [ 2768.044080][ T3899] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 2768.044110][ T3899] ? __alloc_skb+0x112/0x2d0 [ 2768.044143][ T3899] __alloc_skb+0x112/0x2d0 [ 2768.044176][ T3899] netlink_sendmsg+0x5c6/0xb30 [ 2768.044217][ T3899] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2768.044249][ T3899] ? __import_iovec+0x5d4/0x7f0 [ 2768.044279][ T3899] ? aa_sock_msg_perm+0x94/0x160 [ 2768.044306][ T3899] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2768.044329][ T3899] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2768.044359][ T3899] __sock_sendmsg+0x21c/0x270 [ 2768.044386][ T3899] ____sys_sendmsg+0x505/0x830 [ 2768.044430][ T3899] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2768.044479][ T3899] ___sys_sendmsg+0x21f/0x2a0 [ 2768.044513][ T3899] ? __pfx____sys_sendmsg+0x10/0x10 [ 2768.044582][ T3899] ? __fget_files+0x2a/0x420 [ 2768.044613][ T3899] ? __fget_files+0x3a0/0x420 [ 2768.044654][ T3899] __sys_sendmsg+0x164/0x220 [ 2768.044688][ T3899] ? __pfx___sys_sendmsg+0x10/0x10 [ 2768.044734][ T3899] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2768.044759][ T3899] ? lockdep_hardirqs_on+0x9c/0x150 [ 2768.044783][ T3899] __do_fast_syscall_32+0xb6/0x2b0 [ 2768.044808][ T3899] ? lockdep_hardirqs_on+0x9c/0x150 [ 2768.044834][ T3899] do_fast_syscall_32+0x34/0x80 [ 2768.044858][ T3899] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2768.044885][ T3899] RIP: 0023:0xf70fe539 [ 2768.044904][ T3899] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2768.044924][ T3899] RSP: 002b:00000000f50ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2768.044948][ T3899] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000300 [ 2768.044975][ T3899] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2768.044990][ T3899] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2768.045002][ T3899] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2768.045016][ T3899] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2768.045046][ T3899] [ 2768.305393][ C1] vkms_vblank_simulate: vblank timer overrun [ 2768.725068][ T30] audit: type=1800 audit(1748665326.061:21449): pid=3890 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.8730" name="/" dev="fuse" ino=1 res=0 errno=0 [ 2768.965704][T22759] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 2769.169606][T22759] usb 3-1: config 0 interface 0 altsetting 12 endpoint 0x87 has an invalid bInterval 102, changing to 10 [ 2769.206605][T22759] usb 3-1: config 0 interface 0 altsetting 12 endpoint 0x87 has invalid maxpacket 24624, setting to 1024 [ 2769.220087][T22759] usb 3-1: config 0 interface 0 has no altsetting 0 [ 2769.512949][T22759] usb 3-1: New USB device found, idVendor=06cd, idProduct=0115, bcdDevice=d9.c3 [ 2769.530207][T22759] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2769.543566][T22759] usb 3-1: Product: syz [ 2769.554285][T22759] usb 3-1: Manufacturer: syz [ 2769.561716][T22759] usb 3-1: SerialNumber: syz [ 2769.597886][T22759] usb 3-1: config 0 descriptor?? [ 2769.610006][T22759] keyspan 3-1:0.0: Keyspan 2 port adapter converter detected [ 2769.624482][T22759] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 7 [ 2769.645450][T22759] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 81 [ 2769.660454][T22759] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 1 [ 2769.671807][T22759] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 2 [ 2769.682166][T22759] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 85 [ 2769.693717][T22759] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 5 [ 2769.708885][T22759] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 2769.747336][T22759] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 83 [ 2769.882393][T22759] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 3 [ 2769.910179][T22759] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 4 [ 2769.922867][T22759] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 86 [ 2769.941175][T22759] keyspan 3-1:0.0: found no endpoint descriptor for endpoint 6 [ 2769.964944][T22759] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 2770.844357][ T3890] netlink: 28 bytes leftover after parsing attributes in process `syz.2.8730'. [ 2770.858071][T24999] usb 3-1: USB disconnect, device number 15 [ 2770.867944][T24999] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 2770.881559][T24999] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 2770.899736][T24999] keyspan 3-1:0.0: device disconnected [ 2771.131450][ T3924] netlink: 'syz.4.8740': attribute type 4 has an invalid length. [ 2771.195566][ T3924] netlink: 17 bytes leftover after parsing attributes in process `syz.4.8740'. [ 2772.015115][ T3953] [U] v3f"S/4:XTzWtlW= [ 2772.023084][ T3953] [U] J"e:" [ 2772.040787][ T3957] hsr0: entered promiscuous mode [ 2772.048466][ T3956] hsr0: left promiscuous mode [ 2772.373710][ T3971] netlink: 12 bytes leftover after parsing attributes in process `syz.3.8753'. [ 2773.551217][ T3980] 8021q: adding VLAN 0 to HW filter on device bond17 [ 2773.967720][ T3924] delete_channel: no stack [ 2774.018925][ T3996] hsr0: entered promiscuous mode [ 2774.025266][ T3993] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8760'. [ 2774.037094][ T3996] netlink: 4 bytes leftover after parsing attributes in process `syz.0.8760'. [ 2774.044807][ T3997] hsr0: entered promiscuous mode [ 2774.051952][ T3996] hsr_slave_0: left promiscuous mode [ 2774.061585][ T3996] hsr_slave_1: left promiscuous mode [ 2774.152237][ T3996] hsr0 (unregistering): left promiscuous mode [ 2774.198581][ T3995] hsr0: left promiscuous mode [ 2774.275627][ T4002] FAULT_INJECTION: forcing a failure. [ 2774.275627][ T4002] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2774.415470][ T4002] CPU: 1 UID: 0 PID: 4002 Comm: syz.3.8762 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 2774.415505][ T4002] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2774.415520][ T4002] Call Trace: [ 2774.415530][ T4002] [ 2774.415541][ T4002] dump_stack_lvl+0x189/0x250 [ 2774.415581][ T4002] ? __pfx____ratelimit+0x10/0x10 [ 2774.415614][ T4002] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2774.415648][ T4002] ? __pfx__printk+0x10/0x10 [ 2774.415673][ T4002] ? __might_fault+0xb0/0x130 [ 2774.415715][ T4002] should_fail_ex+0x414/0x560 [ 2774.415746][ T4002] _copy_from_user+0x2d/0xb0 [ 2774.415781][ T4002] get_compat_msghdr+0xad/0x4a0 [ 2774.415825][ T4002] ? __pfx_get_compat_msghdr+0x10/0x10 [ 2774.415872][ T4002] ___sys_sendmsg+0x193/0x2a0 [ 2774.415908][ T4002] ? __pfx____sys_sendmsg+0x10/0x10 [ 2774.415979][ T4002] ? __fget_files+0x2a/0x420 [ 2774.416010][ T4002] ? __fget_files+0x3a0/0x420 [ 2774.416052][ T4002] __sys_sendmmsg+0x28e/0x430 [ 2774.416091][ T4002] ? __pfx___sys_sendmmsg+0x10/0x10 [ 2774.416133][ T4002] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 2774.416176][ T4002] ? ksys_write+0x22a/0x250 [ 2774.416214][ T4002] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 2774.416252][ T4002] __do_fast_syscall_32+0xb6/0x2b0 [ 2774.416278][ T4002] ? lockdep_hardirqs_on+0x9c/0x150 [ 2774.416305][ T4002] do_fast_syscall_32+0x34/0x80 [ 2774.416330][ T4002] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2774.416358][ T4002] RIP: 0023:0xf7ff3539 [ 2774.416378][ T4002] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2774.416397][ T4002] RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 2774.416421][ T4002] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080005240 [ 2774.416438][ T4002] RDX: 0000000004000095 RSI: 0000000000000000 RDI: 0000000000000000 [ 2774.416452][ T4002] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2774.416465][ T4002] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2774.416479][ T4002] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2774.416511][ T4002] [ 2774.821088][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 2774.827662][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 2775.105947][ T4008] netlink: 'syz.4.8766': attribute type 15 has an invalid length. [ 2775.932942][T29343] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2775.943631][T29343] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2775.953180][T29343] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2775.963000][T29343] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2775.970868][T29343] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2776.015997][T23558] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2776.031172][T23558] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2776.040156][T23558] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2776.048534][T23558] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2776.119515][T23558] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2776.561664][ T1412] syz_tun (unregistering): left promiscuous mode [ 2776.578720][ T4029] netlink: 52 bytes leftover after parsing attributes in process `syz.0.8772'. [ 2776.887231][ T4035] syz.2.8770: attempt to access beyond end of device [ 2776.887231][ T4035] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 2777.412575][ T4022] chnl_net:caif_netlink_parms(): no params data found [ 2777.621431][ T30] audit: type=1326 audit(1748665334.971:21450): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4049 comm="syz.1.8777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2777.647928][ T4055] IPv6: Can't replace route, no match found [ 2777.655616][ T4055] netlink: 'syz.1.8777': attribute type 10 has an invalid length. [ 2777.664262][ T30] audit: type=1326 audit(1748665334.991:21451): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4049 comm="syz.1.8777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2777.695426][ T30] audit: type=1326 audit(1748665335.001:21452): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4049 comm="syz.1.8777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=328 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2777.719608][ T30] audit: type=1326 audit(1748665335.001:21453): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4049 comm="syz.1.8777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2777.742417][ T30] audit: type=1326 audit(1748665335.001:21454): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4049 comm="syz.1.8777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2777.765355][ T30] audit: type=1326 audit(1748665335.001:21455): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4049 comm="syz.1.8777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2777.789131][ T30] audit: type=1326 audit(1748665335.001:21456): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4049 comm="syz.1.8777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2777.811713][ T30] audit: type=1326 audit(1748665335.001:21457): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4049 comm="syz.1.8777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2777.868071][ T4022] bridge0: port 1(bridge_slave_0) entered blocking state [ 2777.878600][ T4022] bridge0: port 1(bridge_slave_0) entered disabled state [ 2777.887243][ T4022] bridge_slave_0: entered allmulticast mode [ 2777.895451][ T4022] bridge_slave_0: entered promiscuous mode [ 2777.918540][ T4055] team0: Port device hsr_slave_0 added [ 2777.936817][ T30] audit: type=1326 audit(1748665335.291:21458): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4049 comm="syz.1.8777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2777.974901][ T30] audit: type=1326 audit(1748665335.291:21459): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4049 comm="syz.1.8777" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2778.010632][ T4022] bridge0: port 2(bridge_slave_1) entered blocking state [ 2778.019458][ T4022] bridge0: port 2(bridge_slave_1) entered disabled state [ 2778.028446][ T4022] bridge_slave_1: entered allmulticast mode [ 2778.037368][ T4022] bridge_slave_1: entered promiscuous mode [ 2778.096506][ T4065] binder: 4064:4065 ioctl 4018620d 0 returned -22 [ 2778.135339][ T4022] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2778.174137][T29343] Bluetooth: hci0: command tx timeout [ 2778.183655][ T4022] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2778.284785][ T4068] netlink: 52 bytes leftover after parsing attributes in process `syz.4.8783'. [ 2778.317300][ T4022] team0: Port device team_slave_0 added [ 2778.331160][ T4022] team0: Port device team_slave_1 added [ 2778.484182][ T4074] syz.4.8784: attempt to access beyond end of device [ 2778.484182][ T4074] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 2778.513418][ T4069] 8021q: adding VLAN 0 to HW filter on device bond12 [ 2778.530650][ T4022] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2778.552118][ T4022] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2778.615293][ T4022] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2778.639071][ T4022] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2778.646773][ T4022] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2778.673985][ T4022] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2778.804343][ T4022] hsr_slave_0: entered promiscuous mode [ 2778.818868][ T4022] hsr_slave_1: entered promiscuous mode [ 2778.825138][ T4022] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2778.833590][ T4022] Cannot create hsr debugfs directory [ 2779.184471][ T4022] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2779.274475][ T4082] input: syz1 as /devices/virtual/input/input72 [ 2779.283870][ T4022] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2779.654429][ T4022] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2779.732116][T22759] hid-generic 0000:0003:0000.0086: item fetching failed at offset 0/2 [ 2780.017264][T22759] hid-generic 0000:0003:0000.0086: probe with driver hid-generic failed with error -22 [ 2780.098813][ T4022] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2780.251359][T29343] Bluetooth: hci0: command tx timeout [ 2780.362789][ T4022] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2780.374872][ T4022] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2780.386676][ T4022] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2780.400223][ T4022] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2780.532616][ T4022] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2780.562397][ T4022] 8021q: adding VLAN 0 to HW filter on device team0 [ 2780.590989][T12648] bridge0: port 1(bridge_slave_0) entered blocking state [ 2780.598189][T12648] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2780.611665][T12648] bridge0: port 2(bridge_slave_1) entered blocking state [ 2780.618878][T12648] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2780.733844][ T4022] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2780.859096][ T4022] veth0_vlan: entered promiscuous mode [ 2780.879504][ T4022] veth1_vlan: entered promiscuous mode [ 2780.934217][ T4022] veth0_macvtap: entered promiscuous mode [ 2780.948024][ T4022] veth1_macvtap: entered promiscuous mode [ 2780.992065][ T4022] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2781.009636][ T4022] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2781.096004][ T4022] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2781.108630][ T4022] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2781.122155][ T4022] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2781.133632][ T4022] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2781.392317][T12648] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2781.440853][T12648] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2781.573145][T12648] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2781.581840][T12648] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2782.327238][T29343] Bluetooth: hci0: command tx timeout [ 2782.356419][T22759] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 2782.556621][T22759] usb 4-1: Using ep0 maxpacket: 8 [ 2782.614938][T22759] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2782.641670][T22759] usb 4-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00 [ 2782.670931][T22759] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2782.693379][T22759] usb 4-1: config 0 descriptor?? [ 2783.327966][T22759] usbhid 4-1:0.0: can't add hid device: -71 [ 2783.348728][T22759] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 2783.384666][T22759] usb 4-1: USB disconnect, device number 70 [ 2783.703601][ T4102] syz.4.8792 (4102): drop_caches: 1 [ 2784.406352][T29343] Bluetooth: hci0: command tx timeout [ 2784.552250][ T4130] ref_tracker: memory allocation failure, unreliable refcount tracker. [ 2786.017434][ T9] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 2786.176341][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 2786.183273][ T9] usb 3-1: config 0 has no interfaces? [ 2786.189417][ T9] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 2786.199009][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2786.211496][ T9] usb 3-1: config 0 descriptor?? [ 2786.428352][ T5892] usb 3-1: USB disconnect, device number 16 [ 2787.537201][ T4161] bridge0: entered promiscuous mode [ 2787.542733][ T4161] macvlan2: entered promiscuous mode [ 2787.553510][ T4161] bridge0: port 3(macvlan2) entered blocking state [ 2787.565072][ T4161] bridge0: port 3(macvlan2) entered disabled state [ 2787.582257][ T4161] macvlan2: entered allmulticast mode [ 2787.583470][ T30] audit: type=1800 audit(1748665344.931:21460): pid=4164 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.8811" name="/" dev="fuse" ino=1 res=0 errno=0 [ 2787.588734][ T4161] bridge0: entered allmulticast mode [ 2787.681131][ T4161] macvlan2: left allmulticast mode [ 2787.689282][ T4161] bridge0: left allmulticast mode [ 2787.699432][ T4161] bridge0: left promiscuous mode [ 2787.845882][ T30] audit: type=1326 audit(1748665345.191:21461): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.1.8815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2787.961070][ T30] audit: type=1326 audit(1748665345.191:21462): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.1.8815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e558 code=0x7ffc0000 [ 2788.029613][ T30] audit: type=1326 audit(1748665345.191:21463): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.1.8815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2788.143259][ T30] audit: type=1326 audit(1748665345.221:21464): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.1.8815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2788.264266][ T30] audit: type=1326 audit(1748665345.221:21465): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.1.8815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e558 code=0x7ffc0000 [ 2788.435316][ T30] audit: type=1326 audit(1748665345.221:21466): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.1.8815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2788.472229][ T30] audit: type=1326 audit(1748665345.221:21467): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.1.8815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e558 code=0x7ffc0000 [ 2788.494443][ C1] vkms_vblank_simulate: vblank timer overrun [ 2788.511470][ T30] audit: type=1326 audit(1748665345.221:21468): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.1.8815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf705e558 code=0x7ffc0000 [ 2788.544466][ T30] audit: type=1326 audit(1748665345.221:21469): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4170 comm="syz.1.8815" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 2788.579183][ T4156] netlink: 'syz.0.8811': attribute type 7 has an invalid length. [ 2788.626586][ T4156] netlink: 32 bytes leftover after parsing attributes in process `syz.0.8811'. [ 2788.814747][ T4167] fuse: Bad value for 'fd' [ 2789.827101][T22759] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 2789.986739][T22759] usb 3-1: Using ep0 maxpacket: 16 [ 2789.994212][T22759] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 2790.007502][T22759] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 2790.026398][T22759] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 2790.044723][T22759] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2790.063654][T22759] usb 3-1: Product: syz [ 2790.073170][T22759] usb 3-1: Manufacturer: syz [ 2790.080516][T22759] usb 3-1: SerialNumber: syz [ 2790.088629][T22759] usb 3-1: config 0 descriptor?? [ 2790.102004][T22759] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 2790.112077][T22759] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 2790.209931][ T4185] netlink: 'syz.4.8820': attribute type 58 has an invalid length. [ 2790.221520][ T4185] netlink: 20 bytes leftover after parsing attributes in process `syz.4.8820'. [ 2790.321394][ T5892] hid-generic 0000:0000:0000.0087: unknown main item tag 0x0 [ 2790.342105][ T5892] hid-generic 0000:0000:0000.0087: hidraw0: HID v0.00 Device [syz1] on syz0 [ 2790.835257][ T4187] fido_id[4187]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 2790.924609][ T4199] netlink: 12 bytes leftover after parsing attributes in process `syz.0.8825'. [ 2791.550872][ T4208] vlan2: entered promiscuous mode [ 2791.557221][ T4208] vlan2: entered allmulticast mode [ 2791.562778][ T4208] hsr_slave_1: entered allmulticast mode [ 2791.662369][T22759] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 2791.671545][T22759] em28xx 3-1:0.0: Config register raw data: 0x33 [ 2791.678285][T22759] em28xx 3-1:0.0: I2S Audio (3 sample rate(s)) [ 2791.684531][T22759] em28xx 3-1:0.0: No AC97 audio processor [ 2791.725061][ T4211] netlink: 24 bytes leftover after parsing attributes in process `syz.3.8829'. [ 2792.412518][ T4232] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.8838'. [ 2792.432413][ T4229] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.8838'. [ 2792.441256][ T4234] netlink: 9 bytes leftover after parsing attributes in process `syz.1.8840'. [ 2793.037845][ T9] usb 3-1: USB disconnect, device number 17 [ 2793.816766][ T4268] vlan4: entered promiscuous mode [ 2793.822393][ T4268] bridge0: entered promiscuous mode [ 2793.836759][ T4268] vlan4: entered allmulticast mode [ 2793.845388][ T4268] bridge0: entered allmulticast mode [ 2794.133314][ T30] kauditd_printk_skb: 269 callbacks suppressed [ 2794.133335][ T30] audit: type=1800 audit(1748665351.481:21739): pid=4257 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.8847" name="cgroup.controllers" dev="tmpfs" ino=3096 res=0 errno=0 [ 2794.161195][ C1] vkms_vblank_simulate: vblank timer overrun [ 2794.450512][ T4287] netlink: 'syz.0.8863': attribute type 12 has an invalid length. [ 2794.472311][ T4287] netlink: 'syz.0.8863': attribute type 28 has an invalid length. [ 2794.491251][ T4287] netlink: 148 bytes leftover after parsing attributes in process `syz.0.8863'. [ 2794.922066][ T4301] 8021q: adding VLAN 0 to HW filter on device bond14 [ 2794.965672][ T4301] bridge0: port 3(bond14) entered blocking state [ 2795.002472][ T4301] bridge0: port 3(bond14) entered disabled state [ 2795.029621][ T4301] bond14: entered allmulticast mode [ 2795.058047][ T4301] bond14: entered promiscuous mode [ 2795.066183][ T4301] bridge0: port 3(bond14) entered blocking state [ 2795.073275][ T4301] bridge0: port 3(bond14) entered forwarding state [ 2795.222473][T12636] bridge0: port 3(bond14) entered disabled state [ 2797.020784][T23558] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 2797.033100][T23558] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 2797.047803][T23558] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 2797.054603][T12643] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2797.086605][T23558] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 2797.094686][T23558] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 2797.305573][T12643] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2797.441987][T12643] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2797.488558][ T4390] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 2797.509471][ T4390] bridge0: port 2(bridge_slave_1) entered disabled state [ 2797.516978][ T4390] bridge0: port 1(bridge_slave_0) entered disabled state [ 2797.621494][T12643] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2797.885103][ T4377] chnl_net:caif_netlink_parms(): no params data found [ 2798.300974][ T4377] bridge0: port 1(bridge_slave_0) entered blocking state [ 2798.309938][ T4377] bridge0: port 1(bridge_slave_0) entered disabled state [ 2798.318909][ T4377] bridge_slave_0: entered allmulticast mode [ 2798.329195][ T4377] bridge_slave_0: entered promiscuous mode [ 2798.343353][ T4377] bridge0: port 2(bridge_slave_1) entered blocking state [ 2798.356455][ T4377] bridge0: port 2(bridge_slave_1) entered disabled state [ 2798.364490][ T4377] bridge_slave_1: entered allmulticast mode [ 2798.373667][ T4377] bridge_slave_1: entered promiscuous mode [ 2798.380631][ T4420] IPv6: NLM_F_CREATE should be specified when creating new route [ 2798.458113][ T4377] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2798.544548][ T4377] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2798.676546][ T9874] IPVS: starting estimator thread 0... [ 2798.787330][ T4431] IPVS: using max 25 ests per chain, 60000 per kthread [ 2799.043566][T12643] bond11 (unregistering): (slave ip6gretap1): Removing an active aggregator [ 2799.062663][T12643] bond11 (unregistering): (slave ip6gretap1): Releasing backup interface [ 2799.216377][T23558] Bluetooth: hci3: command tx timeout [ 2799.567905][ T4447] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 2799.784096][T12643] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2799.807004][T12643] bond_slave_0: left promiscuous mode [ 2799.818216][T12643] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2799.830580][T12643] bond_slave_1: left promiscuous mode [ 2799.839610][T12643] bond0 (unregistering): Released all slaves [ 2799.861080][T12643] bond1 (unregistering): Released all slaves [ 2800.073436][T12643] bond2 (unregistering): Released all slaves [ 2800.283078][T12643] bond3 (unregistering): Released all slaves [ 2800.529385][T12643] bond4 (unregistering): Released all slaves [ 2800.747758][ T4451] netlink: 12 bytes leftover after parsing attributes in process `syz.2.8934'. [ 2800.759174][T12643] bond5 (unregistering): Released all slaves [ 2800.966074][T12643] bond6 (unregistering): Released all slaves [ 2801.197251][T12643] bond7 (unregistering): Released all slaves [ 2801.288881][T23558] Bluetooth: hci3: command tx timeout [ 2801.394983][T12643] bond8 (unregistering): Released all slaves [ 2801.654825][T12643] bond9 (unregistering): Released all slaves [ 2801.853814][T12643] bond10 (unregistering): Released all slaves [ 2802.073464][T12643] bond11 (unregistering): Released all slaves [ 2802.267562][T12643] bond12 (unregistering): Released all slaves [ 2802.282062][ T4425] netlink: 20 bytes leftover after parsing attributes in process `syz.0.8921'. [ 2802.610127][ T4377] team0: Port device team_slave_0 added [ 2802.623214][ T4377] team0: Port device team_slave_1 added [ 2802.764721][ T4464] tipc: Started in network mode [ 2802.792580][ T4464] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 2802.847892][ T4464] tipc: Enabled bearer , priority 1 [ 2802.948776][ T4377] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2802.955873][ T4377] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2803.023929][ T4377] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2803.069035][ T4377] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2803.079517][ T4377] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2803.107368][ T4377] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2803.136867][ T4474] netlink: 'syz.0.8942': attribute type 39 has an invalid length. [ 2803.366374][T23558] Bluetooth: hci3: command tx timeout [ 2803.619818][ T4377] hsr_slave_0: entered promiscuous mode [ 2803.627361][ T4377] hsr_slave_1: entered promiscuous mode [ 2803.634243][ T4377] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2803.646300][ T4377] Cannot create hsr debugfs directory [ 2803.743285][ T4493] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 2803.765148][T12643] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2803.806405][T12643] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2803.829874][T12643] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2803.849898][T22759] tipc: Node number set to 4269801488 [ 2803.860056][T12643] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2803.977680][T12643] veth1_macvtap: left promiscuous mode [ 2803.983315][T12643] veth0_macvtap: left promiscuous mode [ 2804.018485][T12643] veth1_vlan: left promiscuous mode [ 2804.023922][T12643] veth0_vlan: left promiscuous mode [ 2804.662675][ T4517] af_packet: tpacket_rcv: packet too big, clamped from 4 to 4294967272. macoff=96 [ 2804.988903][ T4526] netlink: 'syz.4.8960': attribute type 4 has an invalid length. [ 2805.036429][T12643] team0 (unregistering): Port device hsr_slave_0 removed [ 2805.244486][T12643] team0 (unregistering): Port device team_slave_1 removed [ 2805.456604][T23558] Bluetooth: hci3: command tx timeout [ 2806.840411][T12643] IPVS: stop unused estimator thread 0... [ 2808.040312][ T4377] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 2808.200704][ T4377] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 2808.499342][ T4377] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 2808.511780][ T4377] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 2808.930187][ T4377] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2809.040598][ T4377] 8021q: adding VLAN 0 to HW filter on device team0 [ 2809.072804][T12636] bridge0: port 1(bridge_slave_0) entered blocking state [ 2809.080032][T12636] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2809.117643][T12636] bridge0: port 2(bridge_slave_1) entered blocking state [ 2809.124828][T12636] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2809.430056][ T4377] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2809.617584][ T4377] veth0_vlan: entered promiscuous mode [ 2809.638265][ T4377] veth1_vlan: entered promiscuous mode [ 2809.754612][ T4377] veth0_macvtap: entered promiscuous mode [ 2809.795850][ T4377] veth1_macvtap: entered promiscuous mode [ 2809.835448][ T4377] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2809.875217][ T4377] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2809.945448][ T4377] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2809.964015][ T4377] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2809.977508][ T4377] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2809.987095][ T4377] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2810.200711][ T4665] IPv6: NLM_F_CREATE should be specified when creating new route [ 2810.262082][T22929] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2810.316661][T22929] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2810.397397][T22929] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2810.429966][T22929] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2810.693016][T12648] macsec0: left allmulticast mode [ 2810.711920][T12648] veth1_macvtap: left allmulticast mode [ 2810.730004][T12648] macsec0: left promiscuous mode [ 2810.745685][T12648] bridge0: port 3(macsec0) entered disabled state [ 2810.775185][T12648] bridge_slave_1: left allmulticast mode [ 2810.799648][T12648] bridge_slave_1: left promiscuous mode [ 2810.820751][ T4677] netlink: 'syz.1.8890': attribute type 17 has an invalid length. [ 2810.825965][T12648] bridge0: port 2(bridge_slave_1) entered disabled state [ 2810.839995][ T4677] netlink: 4 bytes leftover after parsing attributes in process `syz.1.8890'. [ 2810.856327][ T4677] netlink: 28 bytes leftover after parsing attributes in process `syz.1.8890'. [ 2810.881494][T12648] bridge_slave_0: left allmulticast mode [ 2810.896694][T12648] bridge_slave_0: left promiscuous mode [ 2810.902663][T12648] bridge0: port 1(bridge_slave_0) entered disabled state [ 2811.159739][T12648] ip6gretap0 (unregistering): left promiscuous mode [ 2811.632553][ T4685] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 2811.682966][T12648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2811.696895][T12648] bond0 (unregistering): (slave bond3): Releasing backup interface [ 2811.707495][T12648] bond0 (unregistering): Released all slaves [ 2811.961662][T12648] bond1 (unregistering): Released all slaves [ 2812.398714][T12648] bond2 (unregistering): Released all slaves [ 2812.690812][T29343] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2812.700430][T29343] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2812.729998][T29343] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2812.761223][T29343] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2812.807081][T29343] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2812.918090][T12648] bond3 (unregistering): Released all slaves [ 2813.126011][T12648] bond4 (unregistering): Released all slaves [ 2813.343581][T12648] bond5 (unregistering): Released all slaves [ 2813.568681][T12648] bond6 (unregistering): Released all slaves [ 2813.763834][T12648] bond7 (unregistering): Released all slaves [ 2813.963411][T12648] bond8 (unregistering): Released all slaves [ 2814.177915][T12648] bond9 (unregistering): Released all slaves [ 2814.354607][T12648] bond10 (unregistering): Released all slaves [ 2814.540209][T12648] bond11 (unregistering): Released all slaves [ 2814.729208][T12648] bond12 (unregistering): Released all slaves [ 2814.891579][T29343] Bluetooth: hci2: command tx timeout [ 2814.928283][T12648] bond13 (unregistering): Released all slaves [ 2815.117448][T12648] bond14 (unregistering): Released all slaves [ 2815.292388][T12648] bond15 (unregistering): Released all slaves [ 2815.462992][T12648] bond16 (unregistering): Released all slaves [ 2815.643343][T12648] bond17 (unregistering): Released all slaves [ 2816.133759][T12648] tipc: Left network mode [ 2816.926332][T11609] usb 4-1: new full-speed USB device number 71 using dummy_hcd [ 2816.967652][T29343] Bluetooth: hci2: command tx timeout [ 2817.065784][ T4698] chnl_net:caif_netlink_parms(): no params data found [ 2817.111980][T11609] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 2817.149317][T11609] usb 4-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 2817.178363][T12648] hsr_slave_0: left promiscuous mode [ 2817.193324][T11609] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2817.205885][T12648] hsr_slave_1: left promiscuous mode [ 2817.213654][T11609] usb 4-1: config 0 descriptor?? [ 2817.232690][ T4724] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 2817.279188][T12648] veth1_macvtap: left promiscuous mode [ 2817.284913][T12648] veth0_macvtap: left promiscuous mode [ 2817.292517][T12648] veth1_vlan: left promiscuous mode [ 2817.298172][T12648] veth0_vlan: left promiscuous mode [ 2817.487217][T12648] pim6reg (unregistering): left allmulticast mode [ 2817.727562][T11609] elan 0003:04F3:0755.0088: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.3-1/input0 [ 2817.822070][ T4754] netlink: 'syz.1.9036': attribute type 1 has an invalid length. [ 2817.948813][T11609] usb 4-1: USB disconnect, device number 71 [ 2818.717937][T12648] team0 (unregistering): Port device team_slave_1 removed [ 2818.801277][T12648] team0 (unregistering): Port device team_slave_0 removed [ 2818.839596][ T5892] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 2819.007035][ T5892] usb 4-1: Using ep0 maxpacket: 16 [ 2819.014312][ T5892] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2819.025426][ T5892] usb 4-1: New USB device found, idVendor=056a, idProduct=00da, bcdDevice= 0.00 [ 2819.048135][T29343] Bluetooth: hci2: command tx timeout [ 2819.053853][ T5892] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2819.066857][ T5892] usb 4-1: config 0 descriptor?? [ 2819.704234][ T5892] usb 4-1: USB disconnect, device number 72 [ 2820.184071][ T4698] bridge0: port 1(bridge_slave_0) entered blocking state [ 2820.196362][ T4698] bridge0: port 1(bridge_slave_0) entered disabled state [ 2820.203849][ T4698] bridge_slave_0: entered allmulticast mode [ 2820.225007][ T4698] bridge_slave_0: entered promiscuous mode [ 2820.250776][ T4698] bridge0: port 2(bridge_slave_1) entered blocking state [ 2820.277063][ T4698] bridge0: port 2(bridge_slave_1) entered disabled state [ 2820.306753][ T4698] bridge_slave_1: entered allmulticast mode [ 2820.314969][ T4698] bridge_slave_1: entered promiscuous mode [ 2820.499758][ T4698] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2820.528117][ T4698] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2820.696203][ T4698] team0: Port device team_slave_0 added [ 2820.720044][ T4698] team0: Port device team_slave_1 added [ 2820.941270][ T4698] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2820.959585][ T4698] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2820.994438][ T4698] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2821.008272][ T4698] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2821.015385][ T4698] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2821.054561][ T4698] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2821.131308][T29343] Bluetooth: hci2: command tx timeout [ 2821.305347][ T4698] hsr_slave_0: entered promiscuous mode [ 2821.323651][ T4698] hsr_slave_1: entered promiscuous mode [ 2821.331546][ T4698] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2821.354749][ T4698] Cannot create hsr debugfs directory [ 2821.889090][T12648] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2822.063489][T12648] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2822.243779][T12648] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2822.393525][T12648] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2822.820968][T12648] bond14: left allmulticast mode [ 2822.846631][T12648] bond14: left promiscuous mode [ 2822.851806][T12648] bridge0: port 3(bond14) entered disabled state [ 2822.878647][T12648] bridge_slave_1: left allmulticast mode [ 2822.884406][T12648] bridge_slave_1: left promiscuous mode [ 2822.906530][T12648] bridge0: port 2(bridge_slave_1) entered disabled state [ 2822.954477][T12648] bridge_slave_0: left allmulticast mode [ 2822.966427][T12648] bridge_slave_0: left promiscuous mode [ 2822.972302][T12648] bridge0: port 1(bridge_slave_0) entered disabled state [ 2823.610132][ T30] audit: type=1326 audit(1748665380.951:21740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=4895 comm="syz.0.9096" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf70fe539 code=0x0 [ 2824.298979][T12648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2824.311537][T12648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2824.323242][T12648] bond0 (unregistering): Released all slaves [ 2824.730906][T12648] bond1 (unregistering): Released all slaves [ 2825.137854][T12648] bond2 (unregistering): Released all slaves [ 2825.445670][T12648] bond3 (unregistering): Released all slaves [ 2825.707618][T12648] bond4 (unregistering): Released all slaves [ 2825.986653][T12648] bond5 (unregistering): Released all slaves [ 2826.213217][T12648] bond6 (unregistering): Released all slaves [ 2826.456620][T12648] bond7 (unregistering): Released all slaves [ 2826.712836][T12648] bond8 (unregistering): Released all slaves [ 2827.043321][T12648] bond9 (unregistering): Released all slaves [ 2827.297923][T12648] bond10 (unregistering): Released all slaves [ 2827.525174][T12648] bond11 (unregistering): Released all slaves [ 2827.755151][T12648] bond12 (unregistering): Released all slaves [ 2827.975244][T12648] bond13 (unregistering): Released all slaves [ 2828.171161][T12648] bond14 (unregistering): Released all slaves [ 2828.857662][ T4971] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 2828.888390][ T4971] bridge0: port 2(bridge_slave_1) entered disabled state [ 2828.897677][ T4971] bridge0: port 1(bridge_slave_0) entered disabled state [ 2828.962756][T12648] tipc: Left network mode [ 2830.001312][T12648] hsr_slave_0: left promiscuous mode [ 2830.033068][T12648] hsr_slave_1: left promiscuous mode [ 2830.064480][T12648] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2830.103959][ T5013] netlink: 20 bytes leftover after parsing attributes in process `syz.3.9140'. [ 2830.106391][T12648] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2830.134474][T12648] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2830.146178][T12648] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2830.189936][ T5016] [ 2830.190181][T12648] veth1_macvtap: left promiscuous mode [ 2830.192312][ T5016] ===================================================== [ 2830.197892][T12648] veth0_macvtap: left promiscuous mode [ 2830.204686][ T5016] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 2830.204722][ T5016] 6.15.0-syzkaller-09113-g8477ab143069 #0 Not tainted [ 2830.210968][T12648] veth1_vlan: left promiscuous mode [ 2830.217613][ T5016] ----------------------------------------------------- SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 2830.217635][ T5016] syz.1.9141/5016 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 2830.224633][T12648] veth0_vlan: left promiscuous mode [ 2830.229609][ T5016] ffff88802c963750 (&new->fa_lock){...-}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 2830.258217][ T5016] [ 2830.258217][ T5016] and this task is already holding: [ 2830.265676][ T5016] ffff888068253028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 2830.275456][ T5016] which would create a new lock dependency: [ 2830.281347][ T5016] (&client->buffer_lock){....}-{3:3} -> (&new->fa_lock){...-}-{3:3} [ 2830.289490][ T5016] [ 2830.289490][ T5016] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 2830.298947][ T5016] (&dev->event_lock#2){..-.}-{3:3} [ 2830.298988][ T5016] [ 2830.298988][ T5016] ... which became SOFTIRQ-irq-safe at: [ 2830.311970][ T5016] lock_acquire+0x120/0x360 [ 2830.316663][ T5016] _raw_spin_lock_irqsave+0xa7/0xf0 [ 2830.322072][ T5016] input_inject_event+0xab/0x320 [ 2830.327127][ T5016] led_trigger_event+0x138/0x210 [ 2830.332166][ T5016] kbd_bh+0x1c6/0x2e0 [ 2830.336250][ T5016] tasklet_action_common+0x36c/0x580 [ 2830.341649][ T5016] handle_softirqs+0x286/0x870 [ 2830.346514][ T5016] __irq_exit_rcu+0xca/0x1f0 [ 2830.351204][ T5016] irq_exit_rcu+0x9/0x30 [ 2830.355547][ T5016] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 2830.361283][ T5016] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 2830.367360][ T5016] _raw_spin_unlock_irq+0x29/0x50 [ 2830.372534][ T5016] n_tty_ioctl_helper+0x27e/0x340 [ 2830.377682][ T5016] tty_ioctl+0x9c3/0xde0 [ 2830.382036][ T5016] __ia32_compat_sys_ioctl+0x543/0x840 [ 2830.387602][ T5016] __do_fast_syscall_32+0xb6/0x2b0 [ 2830.392819][ T5016] do_fast_syscall_32+0x34/0x80 [ 2830.397771][ T5016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2830.404199][ T5016] [ 2830.404199][ T5016] to a SOFTIRQ-irq-unsafe lock: [ 2830.411229][ T5016] (tasklist_lock){.+.+}-{3:3} [ 2830.411262][ T5016] [ 2830.411262][ T5016] ... which became SOFTIRQ-irq-unsafe at: [ 2830.423900][ T5016] ... [ 2830.423909][ T5016] lock_acquire+0x120/0x360 [ 2830.431097][ T5016] _raw_read_lock+0x36/0x50 [ 2830.435706][ T5016] __do_wait+0xde/0x740 [ 2830.439956][ T5016] do_wait+0x1f8/0x520 [ 2830.444122][ T5016] kernel_wait+0xab/0x170 [ 2830.448546][ T5016] call_usermodehelper_exec_work+0xbe/0x230 [ 2830.454556][ T5016] process_scheduled_works+0xae1/0x17b0 [ 2830.460200][ T5016] worker_thread+0x8a0/0xda0 [ 2830.464890][ T5016] kthread+0x70e/0x8a0 [ 2830.469064][ T5016] ret_from_fork+0x3fc/0x770 [ 2830.473754][ T5016] ret_from_fork_asm+0x1a/0x30 [ 2830.478613][ T5016] [ 2830.478613][ T5016] other info that might help us debug this: [ 2830.478613][ T5016] [ 2830.488848][ T5016] Chain exists of: [ 2830.488848][ T5016] &dev->event_lock#2 --> &client->buffer_lock --> tasklist_lock [ 2830.488848][ T5016] [ 2830.502453][ T5016] Possible interrupt unsafe locking scenario: [ 2830.502453][ T5016] [ 2830.510872][ T5016] CPU0 CPU1 [ 2830.516243][ T5016] ---- ---- [ 2830.521611][ T5016] lock(tasklist_lock); [ 2830.525867][ T5016] local_irq_disable(); [ 2830.532707][ T5016] lock(&dev->event_lock#2); [ 2830.539924][ T5016] lock(&client->buffer_lock); [ 2830.547305][ T5016] [ 2830.550768][ T5016] lock(&dev->event_lock#2); [ 2830.555639][ T5016] [ 2830.555639][ T5016] *** DEADLOCK *** [ 2830.555639][ T5016] [ 2830.563792][ T5016] 7 locks held by syz.1.9141/5016: [ 2830.568906][ T5016] #0: ffff88802988a118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x1a1/0x480 [ 2830.578080][ T5016] #1: ffff888147302230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xab/0x320 [ 2830.588221][ T5016] #2: ffffffff8e13cc80 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xbc/0x320 [ 2830.597902][ T5016] #3: ffffffff8e13cc80 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8d/0x890 [ 2830.607496][ T5016] #4: ffffffff8e13cc80 (rcu_read_lock){....}-{1:3}, at: evdev_events+0x79/0x340 [ 2830.616669][ T5016] #5: ffff888068253028 (&client->buffer_lock){....}-{3:3}, at: evdev_pass_values+0xb9/0xbd0 [ 2830.626874][ T5016] #6: ffffffff8e13cc80 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 2830.635944][ T5016] [ 2830.635944][ T5016] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 2830.646353][ T5016] -> (&dev->event_lock#2){..-.}-{3:3} { [ 2830.652026][ T5016] IN-SOFTIRQ-W at: [ 2830.656119][ T5016] lock_acquire+0x120/0x360 [ 2830.662483][ T5016] _raw_spin_lock_irqsave+0xa7/0xf0 [ 2830.669637][ T5016] input_inject_event+0xab/0x320 [ 2830.676473][ T5016] led_trigger_event+0x138/0x210 [ 2830.683263][ T5016] kbd_bh+0x1c6/0x2e0 [ 2830.689084][ T5016] tasklet_action_common+0x36c/0x580 [ 2830.696213][ T5016] handle_softirqs+0x286/0x870 [ 2830.702814][ T5016] __irq_exit_rcu+0xca/0x1f0 [ 2830.709237][ T5016] irq_exit_rcu+0x9/0x30 [ 2830.715310][ T5016] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 2830.722786][ T5016] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 2830.730603][ T5016] _raw_spin_unlock_irq+0x29/0x50 [ 2830.737471][ T5016] n_tty_ioctl_helper+0x27e/0x340 [ 2830.744333][ T5016] tty_ioctl+0x9c3/0xde0 [ 2830.750414][ T5016] __ia32_compat_sys_ioctl+0x543/0x840 [ 2830.757711][ T5016] __do_fast_syscall_32+0xb6/0x2b0 [ 2830.764661][ T5016] do_fast_syscall_32+0x34/0x80 [ 2830.771447][ T5016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2830.779611][ T5016] INITIAL USE at: [ 2830.783597][ T5016] lock_acquire+0x120/0x360 [ 2830.789862][ T5016] _raw_spin_lock_irqsave+0xa7/0xf0 [ 2830.796820][ T5016] input_inject_event+0xab/0x320 [ 2830.803502][ T5016] kbd_led_trigger_activate+0xbc/0x100 [ 2830.810712][ T5016] led_trigger_set+0x52d/0x950 [ 2830.817226][ T5016] led_trigger_set_default+0x215/0x250 [ 2830.824424][ T5016] led_classdev_register_ext+0x73d/0x930 [ 2830.831810][ T5016] input_leds_connect+0x517/0x790 [ 2830.838677][ T5016] input_register_device+0xcee/0x10b0 [ 2830.845795][ T5016] atkbd_connect+0x70e/0x9c0 [ 2830.852136][ T5016] serio_driver_probe+0x82/0xa0 [ 2830.858735][ T5016] really_probe+0x26a/0x9a0 [ 2830.864981][ T5016] __driver_probe_device+0x18c/0x2f0 [ 2830.872005][ T5016] driver_probe_device+0x4f/0x430 [ 2830.878774][ T5016] __driver_attach+0x452/0x700 [ 2830.885282][ T5016] bus_for_each_dev+0x230/0x2b0 [ 2830.891881][ T5016] serio_handle_event+0x1a2/0x860 [ 2830.898661][ T5016] process_scheduled_works+0xae1/0x17b0 [ 2830.905957][ T5016] worker_thread+0x8a0/0xda0 [ 2830.912309][ T5016] kthread+0x70e/0x8a0 [ 2830.918165][ T5016] ret_from_fork+0x3fc/0x770 [ 2830.924511][ T5016] ret_from_fork_asm+0x1a/0x30 [ 2830.931025][ T5016] } [ 2830.933613][ T5016] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 2830.942749][ T5016] -> (&client->buffer_lock){....}-{3:3} { [ 2830.948503][ T5016] INITIAL USE at: [ 2830.952409][ T5016] lock_acquire+0x120/0x360 [ 2830.958486][ T5016] _raw_spin_lock_irq+0xa2/0xf0 [ 2830.964937][ T5016] evdev_read+0x370/0xca0 [ 2830.970856][ T5016] vfs_read+0x200/0x980 [ 2830.976590][ T5016] ksys_read+0x145/0x250 [ 2830.982403][ T5016] __do_fast_syscall_32+0xb6/0x2b0 [ 2830.989094][ T5016] do_fast_syscall_32+0x34/0x80 [ 2830.995519][ T5016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2831.003442][ T5016] } [ 2831.005941][ T5016] ... key at: [] evdev_open.__key.25+0x0/0x20 [ 2831.014106][ T5016] ... acquired at: [ 2831.017912][ T5016] lock_acquire+0x120/0x360 [ 2831.022615][ T5016] _raw_spin_lock+0x2e/0x40 [ 2831.027322][ T5016] evdev_pass_values+0xb9/0xbd0 [ 2831.032391][ T5016] evdev_events+0x1e6/0x340 [ 2831.037091][ T5016] input_pass_values+0x288/0x890 [ 2831.042220][ T5016] input_event_dispose+0x330/0x6b0 [ 2831.047529][ T5016] input_inject_event+0x1fe/0x320 [ 2831.052742][ T5016] evdev_write+0x2fc/0x480 [ 2831.057352][ T5016] vfs_write+0x27e/0xa90 [ 2831.061777][ T5016] ksys_write+0x145/0x250 [ 2831.066287][ T5016] __do_fast_syscall_32+0xb6/0x2b0 [ 2831.071582][ T5016] do_fast_syscall_32+0x34/0x80 [ 2831.076614][ T5016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2831.083126][ T5016] [ 2831.085478][ T5016] [ 2831.085478][ T5016] the dependencies between the lock to be acquired [ 2831.085489][ T5016] and SOFTIRQ-irq-unsafe lock: [ 2831.099024][ T5016] -> (tasklist_lock){.+.+}-{3:3} { [ 2831.104343][ T5016] HARDIRQ-ON-R at: [ 2831.108504][ T5016] lock_acquire+0x120/0x360 [ 2831.115064][ T5016] _raw_read_lock+0x36/0x50 [ 2831.121670][ T5016] __do_wait+0xde/0x740 [ 2831.127831][ T5016] do_wait+0x1f8/0x520 [ 2831.133901][ T5016] kernel_wait+0xab/0x170 [ 2831.140239][ T5016] call_usermodehelper_exec_work+0xbe/0x230 [ 2831.148143][ T5016] process_scheduled_works+0xae1/0x17b0 [ 2831.155696][ T5016] worker_thread+0x8a0/0xda0 [ 2831.162312][ T5016] kthread+0x70e/0x8a0 [ 2831.168506][ T5016] ret_from_fork+0x3fc/0x770 [ 2831.175153][ T5016] ret_from_fork_asm+0x1a/0x30 [ 2831.181937][ T5016] SOFTIRQ-ON-R at: [ 2831.186102][ T5016] lock_acquire+0x120/0x360 [ 2831.192629][ T5016] _raw_read_lock+0x36/0x50 [ 2831.199164][ T5016] __do_wait+0xde/0x740 [ 2831.205432][ T5016] do_wait+0x1f8/0x520 [ 2831.211506][ T5016] kernel_wait+0xab/0x170 [ 2831.217869][ T5016] call_usermodehelper_exec_work+0xbe/0x230 [ 2831.225788][ T5016] process_scheduled_works+0xae1/0x17b0 [ 2831.233352][ T5016] worker_thread+0x8a0/0xda0 [ 2831.239960][ T5016] kthread+0x70e/0x8a0 [ 2831.246041][ T5016] ret_from_fork+0x3fc/0x770 [ 2831.252642][ T5016] ret_from_fork_asm+0x1a/0x30 [ 2831.259412][ T5016] INITIAL USE at: [ 2831.263496][ T5016] lock_acquire+0x120/0x360 [ 2831.269915][ T5016] _raw_write_lock_irq+0xa2/0xf0 [ 2831.276792][ T5016] copy_process+0x224f/0x3c00 [ 2831.283408][ T5016] kernel_clone+0x21e/0x870 [ 2831.289853][ T5016] user_mode_thread+0xdd/0x140 [ 2831.296567][ T5016] rest_init+0x23/0x300 [ 2831.302778][ T5016] start_kernel+0x478/0x500 [ 2831.309221][ T5016] x86_64_start_reservations+0x24/0x30 [ 2831.316623][ T5016] x86_64_start_kernel+0x143/0x1c0 [ 2831.323657][ T5016] common_startup_64+0x13e/0x147 [ 2831.330523][ T5016] INITIAL READ USE at: [ 2831.335053][ T5016] lock_acquire+0x120/0x360 [ 2831.341911][ T5016] _raw_read_lock+0x36/0x50 [ 2831.348775][ T5016] __do_wait+0xde/0x740 [ 2831.355279][ T5016] do_wait+0x1f8/0x520 [ 2831.361716][ T5016] kernel_wait+0xab/0x170 [ 2831.368402][ T5016] call_usermodehelper_exec_work+0xbe/0x230 [ 2831.376674][ T5016] process_scheduled_works+0xae1/0x17b0 [ 2831.384665][ T5016] worker_thread+0x8a0/0xda0 [ 2831.391609][ T5016] kthread+0x70e/0x8a0 [ 2831.398041][ T5016] ret_from_fork+0x3fc/0x770 [ 2831.404983][ T5016] ret_from_fork_asm+0x1a/0x30 [ 2831.412116][ T5016] } [ 2831.414799][ T5016] ... key at: [] tasklist_lock+0x18/0x40 [ 2831.422710][ T5016] ... acquired at: [ 2831.426695][ T5016] lock_acquire+0x120/0x360 [ 2831.431466][ T5016] _raw_read_lock+0x36/0x50 [ 2831.436165][ T5016] send_sigio+0x101/0x370 [ 2831.440680][ T5016] dnotify_handle_event+0x169/0x440 [ 2831.446081][ T5016] fsnotify+0x1814/0x1a80 [ 2831.450770][ T5016] vfs_mkdir+0x477/0x510 [ 2831.455248][ T5016] do_mkdirat+0x247/0x590 [ 2831.459845][ T5016] __ia32_sys_mkdirat+0x87/0xa0 [ 2831.464878][ T5016] __do_fast_syscall_32+0xb6/0x2b0 [ 2831.470170][ T5016] do_fast_syscall_32+0x34/0x80 [ 2831.475222][ T5016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2831.481744][ T5016] [ 2831.484093][ T5016] -> (&f_owner->lock){....}-{3:3} { [ 2831.489410][ T5016] INITIAL USE at: [ 2831.493400][ T5016] lock_acquire+0x120/0x360 [ 2831.499673][ T5016] _raw_write_lock_irq+0xa2/0xf0 [ 2831.506354][ T5016] __f_setown+0x67/0x370 [ 2831.512355][ T5016] fcntl_dirnotify+0x3d6/0x690 [ 2831.518867][ T5016] do_fcntl+0x6d0/0x1910 [ 2831.524935][ T5016] do_compat_fcntl64+0x477/0x720 [ 2831.531632][ T5016] __do_fast_syscall_32+0xb6/0x2b0 [ 2831.538486][ T5016] do_fast_syscall_32+0x34/0x80 [ 2831.545079][ T5016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2831.553156][ T5016] INITIAL READ USE at: [ 2831.557578][ T5016] lock_acquire+0x120/0x360 [ 2831.564256][ T5016] _raw_read_lock_irq+0xaa/0xf0 [ 2831.571291][ T5016] f_getown+0x54/0x2a0 [ 2831.577533][ T5016] sock_ioctl+0x536/0x790 [ 2831.584038][ T5016] compat_sock_ioctl+0x285/0xc80 [ 2831.591152][ T5016] __ia32_compat_sys_ioctl+0x543/0x840 [ 2831.598800][ T5016] __do_fast_syscall_32+0xb6/0x2b0 [ 2831.606088][ T5016] do_fast_syscall_32+0x34/0x80 [ 2831.613127][ T5016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2831.621638][ T5016] } [ 2831.624224][ T5016] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 2831.633175][ T5016] ... acquired at: [ 2831.637068][ T5016] lock_acquire+0x120/0x360 [ 2831.641754][ T5016] _raw_read_lock_irqsave+0xaf/0x100 [ 2831.647235][ T5016] send_sigio+0x38/0x370 [ 2831.651657][ T5016] kill_fasync+0x24d/0x4d0 [ 2831.656258][ T5016] sock_wake_async+0x137/0x160 [ 2831.661204][ T5016] sk_wake_async+0x184/0x280 [ 2831.666013][ T5016] unix_release_sock+0x6d4/0xc60 [ 2831.671137][ T5016] unix_release+0x92/0xd0 [ 2831.675663][ T5016] sock_close+0xc3/0x240 [ 2831.680083][ T5016] __fput+0x44c/0xa70 [ 2831.684238][ T5016] task_work_run+0x1d1/0x260 [ 2831.689010][ T5016] get_signal+0x11ed/0x1340 [ 2831.693693][ T5016] arch_do_signal_or_restart+0x9a/0x750 [ 2831.699423][ T5016] exit_to_user_mode_loop+0x75/0x110 [ 2831.704899][ T5016] __do_fast_syscall_32+0x1f4/0x2b0 [ 2831.710281][ T5016] do_fast_syscall_32+0x34/0x80 [ 2831.715313][ T5016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2831.721822][ T5016] [ 2831.724150][ T5016] -> (&new->fa_lock){...-}-{3:3} { [ 2831.729304][ T5016] IN-SOFTIRQ-R at: [ 2831.733310][ T5016] lock_acquire+0x120/0x360 [ 2831.739488][ T5016] _raw_read_lock_irqsave+0xaf/0x100 [ 2831.746450][ T5016] kill_fasync+0x199/0x4d0 [ 2831.752527][ T5016] sock_wake_async+0x137/0x160 [ 2831.758954][ T5016] sock_def_error_report+0x332/0x390 [ 2831.765900][ T5016] sk_error_report+0x45/0x290 [ 2831.772237][ T5016] tcp_validate_incoming+0x15fc/0x23a0 [ 2831.779366][ T5016] tcp_rcv_established+0x7c5/0x1de0 [ 2831.786227][ T5016] tcp_v6_do_rcv+0xa9d/0x13f0 [ 2831.792601][ T5016] tcp_v6_rcv+0x238d/0x2bf0 [ 2831.798780][ T5016] ip6_protocol_deliver_rcu+0xcb0/0x15c0 [ 2831.806082][ T5016] ip6_input_finish+0xde/0x190 [ 2831.812529][ T5016] NF_HOOK+0x30c/0x3a0 [ 2831.818316][ T5016] ip6_input+0x16a/0x270 [ 2831.824228][ T5016] NF_HOOK+0x30c/0x3a0 [ 2831.829971][ T5016] __netif_receive_skb+0xd3/0x380 [ 2831.837005][ T5016] process_backlog+0x60e/0x14f0 [ 2831.843521][ T5016] __napi_poll+0xc4/0x480 [ 2831.849511][ T5016] net_rx_action+0x707/0xe30 [ 2831.855765][ T5016] handle_softirqs+0x286/0x870 [ 2831.862190][ T5016] run_ksoftirqd+0x9b/0x100 [ 2831.868356][ T5016] smpboot_thread_fn+0x53f/0xa60 [ 2831.874952][ T5016] kthread+0x70e/0x8a0 [ 2831.880686][ T5016] ret_from_fork+0x3fc/0x770 [ 2831.886937][ T5016] ret_from_fork_asm+0x1a/0x30 [ 2831.893370][ T5016] INITIAL USE at: [ 2831.897290][ T5016] lock_acquire+0x120/0x360 [ 2831.903365][ T5016] _raw_write_lock_irq+0xa2/0xf0 [ 2831.909876][ T5016] fasync_remove_entry+0xf1/0x1c0 [ 2831.916472][ T5016] __fput+0x89f/0xa70 [ 2831.922021][ T5016] fput_close_sync+0x119/0x200 [ 2831.928347][ T5016] __ia32_sys_close+0x7f/0x110 [ 2831.934688][ T5016] __do_fast_syscall_32+0xb6/0x2b0 [ 2831.941376][ T5016] do_fast_syscall_32+0x34/0x80 [ 2831.947817][ T5016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2831.955729][ T5016] INITIAL READ USE at: [ 2831.960063][ T5016] lock_acquire+0x120/0x360 [ 2831.966600][ T5016] _raw_read_lock_irqsave+0xaf/0x100 [ 2831.973901][ T5016] kill_fasync+0x199/0x4d0 [ 2831.980323][ T5016] sock_wake_async+0x137/0x160 [ 2831.987111][ T5016] sock_def_error_report+0x332/0x390 [ 2831.994413][ T5016] sk_error_report+0x45/0x290 [ 2832.001190][ T5016] tls_rx_msg_size+0x409/0x5e0 [ 2832.007968][ T5016] tls_strp_check_rcv+0x928/0xf10 [ 2832.015011][ T5016] tls_rx_rec_wait+0x3b1/0xa30 [ 2832.021781][ T5016] tls_sw_recvmsg+0x73f/0x1820 [ 2832.028550][ T5016] inet6_recvmsg+0x234/0x6b0 [ 2832.035144][ T5016] sock_recvmsg+0x105/0x270 [ 2832.041653][ T5016] __sys_recvfrom+0x1f6/0x340 [ 2832.048347][ T5016] __ia32_compat_sys_socketcall+0x852/0x9c0 [ 2832.056255][ T5016] __do_fast_syscall_32+0xb6/0x2b0 [ 2832.063478][ T5016] do_fast_syscall_32+0x34/0x80 [ 2832.070349][ T5016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2832.078687][ T5016] } [ 2832.081227][ T5016] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 2832.090004][ T5016] ... acquired at: [ 2832.093811][ T5016] lock_acquire+0x120/0x360 [ 2832.098499][ T5016] _raw_read_lock_irqsave+0xaf/0x100 [ 2832.103974][ T5016] kill_fasync+0x199/0x4d0 [ 2832.108575][ T5016] evdev_pass_values+0x627/0xbd0 [ 2832.113729][ T5016] evdev_events+0x1e6/0x340 [ 2832.118421][ T5016] input_pass_values+0x288/0x890 [ 2832.123548][ T5016] input_event_dispose+0x330/0x6b0 [ 2832.128838][ T5016] input_inject_event+0x1fe/0x320 [ 2832.134073][ T5016] evdev_write+0x2fc/0x480 [ 2832.138699][ T5016] vfs_write+0x27e/0xa90 [ 2832.143136][ T5016] ksys_write+0x145/0x250 [ 2832.147655][ T5016] __do_fast_syscall_32+0xb6/0x2b0 [ 2832.152959][ T5016] do_fast_syscall_32+0x34/0x80 [ 2832.157997][ T5016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2832.164510][ T5016] [ 2832.166834][ T5016] [ 2832.166834][ T5016] stack backtrace: [ 2832.172741][ T5016] CPU: 0 UID: 0 PID: 5016 Comm: syz.1.9141 Not tainted 6.15.0-syzkaller-09113-g8477ab143069 #0 PREEMPT(full) [ 2832.172765][ T5016] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2832.172777][ T5016] Call Trace: [ 2832.172787][ T5016] [ 2832.172796][ T5016] dump_stack_lvl+0x189/0x250 [ 2832.172828][ T5016] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2832.172856][ T5016] ? __pfx__printk+0x10/0x10 [ 2832.172879][ T5016] validate_chain+0x1f05/0x2140 [ 2832.172914][ T5016] __lock_acquire+0xab9/0xd20 [ 2832.172936][ T5016] ? kill_fasync+0x199/0x4d0 [ 2832.172952][ T5016] lock_acquire+0x120/0x360 [ 2832.172971][ T5016] ? kill_fasync+0x199/0x4d0 [ 2832.172993][ T5016] _raw_read_lock_irqsave+0xaf/0x100 [ 2832.173022][ T5016] ? kill_fasync+0x199/0x4d0 [ 2832.173039][ T5016] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 2832.173066][ T5016] ? do_raw_spin_lock+0x121/0x290 [ 2832.173097][ T5016] kill_fasync+0x199/0x4d0 [ 2832.173114][ T5016] ? kill_fasync+0x53/0x4d0 [ 2832.173131][ T5016] evdev_pass_values+0x627/0xbd0 [ 2832.173160][ T5016] ? evdev_pass_values+0x5c1/0xbd0 [ 2832.173188][ T5016] evdev_events+0x1e6/0x340 [ 2832.173211][ T5016] ? evdev_events+0x79/0x340 [ 2832.173235][ T5016] ? input_pass_values+0x8d/0x890 [ 2832.173258][ T5016] input_pass_values+0x288/0x890 [ 2832.173284][ T5016] ? input_handle_event+0x70c/0xf30 [ 2832.173311][ T5016] input_event_dispose+0x330/0x6b0 [ 2832.173337][ T5016] input_inject_event+0x1fe/0x320 [ 2832.173361][ T5016] ? input_inject_event+0xbc/0x320 [ 2832.173390][ T5016] evdev_write+0x2fc/0x480 [ 2832.173418][ T5016] ? __pfx_evdev_write+0x10/0x10 [ 2832.173445][ T5016] ? bpf_lsm_file_permission+0x9/0x20 [ 2832.173466][ T5016] ? security_file_permission+0x75/0x290 [ 2832.173495][ T5016] ? rw_verify_area+0x258/0x650 [ 2832.173515][ T5016] ? __pfx_evdev_write+0x10/0x10 [ 2832.173540][ T5016] vfs_write+0x27e/0xa90 [ 2832.173564][ T5016] ? __pfx_vfs_write+0x10/0x10 [ 2832.173585][ T5016] ? __fget_files+0x2a/0x420 [ 2832.173611][ T5016] ? __fget_files+0x2a/0x420 [ 2832.173635][ T5016] ? __fget_files+0x3a0/0x420 [ 2832.173659][ T5016] ? __fget_files+0x2a/0x420 [ 2832.173785][ T5016] ksys_write+0x145/0x250 [ 2832.173821][ T5016] ? __pfx_ksys_write+0x10/0x10 [ 2832.173845][ T5016] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2832.173866][ T5016] ? lockdep_hardirqs_on+0x9c/0x150 [ 2832.173885][ T5016] __do_fast_syscall_32+0xb6/0x2b0 [ 2832.173907][ T5016] ? lockdep_hardirqs_on+0x9c/0x150 [ 2832.173926][ T5016] do_fast_syscall_32+0x34/0x80 [ 2832.173947][ T5016] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2832.173970][ T5016] RIP: 0023:0xf709e539 [ 2832.173989][ T5016] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2832.174006][ T5016] RSP: 002b:00000000f508e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 2832.174025][ T5016] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 2832.174038][ T5016] RDX: 0000000000002250 RSI: 0000000000000000 RDI: 0000000000000000 [ 2832.174050][ T5016] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2832.174060][ T5016] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2832.174072][ T5016] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2832.174090][ T5016] [ 2832.757797][ T9] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 2832.924787][T12648] pimreg3 (unregistering): left allmulticast mode [ 2833.365896][T12648] team0 (unregistering): Port device team_slave_1 removed [ 2833.419914][T12648] team0 (unregistering): Port device team_slave_0 removed [ 2833.684313][ T5013] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 2834.610343][T12648] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2834.662159][T12648] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2834.722273][T12648] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2834.774163][T12648] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2834.889995][T12648] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2834.932255][T12648] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2834.983688][T12648] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2835.041394][T12648] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2835.447039][T12648] bridge_slave_1: left allmulticast mode [ 2835.452748][T12648] bridge_slave_1: left promiscuous mode [ 2835.461453][T12648] bridge0: port 2(bridge_slave_1) entered disabled state [ 2835.476679][T12648] bridge_slave_0: left allmulticast mode [ 2835.482343][T12648] bridge_slave_0: left promiscuous mode [ 2835.496335][T12648] bridge0: port 1(bridge_slave_0) entered disabled state [ 2835.511174][T12648] bridge_slave_1: left allmulticast mode [ 2835.519214][T12648] bridge_slave_1: left promiscuous mode [ 2835.524959][T12648] bridge0: port 2(bridge_slave_1) entered disabled state [ 2835.535582][T12648] bridge_slave_0: left allmulticast mode [ 2835.541692][T12648] bridge_slave_0: left promiscuous mode [ 2835.550071][T12648] bridge0: port 1(bridge_slave_0) entered disabled state [ 2835.562613][T12648] bridge_slave_1: left allmulticast mode [ 2835.570392][T12648] bridge_slave_1: left promiscuous mode [ 2835.577214][T12648] bridge0: port 2(bridge_slave_1) entered disabled state [ 2835.585825][T12648] bridge_slave_0: left allmulticast mode [ 2835.594462][T12648] bridge_slave_0: left promiscuous mode [ 2835.601246][T12648] bridge0: port 1(bridge_slave_0) entered disabled state [ 2835.785957][T12648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2835.797244][T12648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2835.811044][T12648] bond0 (unregistering): Released all slaves [ 2835.922412][T12648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2835.934705][T12648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2835.944652][T12648] bond0 (unregistering): Released all slaves [ 2836.015508][T12648] team0: Port device geneve0 removed [ 2836.152946][T12648] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2836.163232][T12648] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2836.173390][T12648] bond0 (unregistering): Released all slaves [ 2836.253421][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 2836.260250][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 2836.392534][T12648] bond1 (unregistering): Released all slaves [ 2836.552668][T12648] bond2 (unregistering): Released all slaves [ 2836.721745][T12648] bond3 (unregistering): Released all slaves [ 2836.871741][T12648] bond4 (unregistering): Released all slaves [ 2837.043123][T12648] bond5 (unregistering): Released all slaves [ 2837.207421][T12648] bond6 (unregistering): Released all slaves [ 2837.373658][T12648] bond7 (unregistering): Released all slaves [ 2837.539827][T12648] bond8 (unregistering): Released all slaves [ 2837.739696][T12648] team0: Port device geneve0 removed [ 2837.988099][T12648] bond0 (unregistering): Released all slaves [ 2838.136773][T12648] bond1 (unregistering): Released all slaves [ 2838.297562][T12648] bond2 (unregistering): Released all slaves [ 2838.487431][T12648] bond3 (unregistering): Released all slaves [ 2838.657806][T12648] bond4 (unregistering): Released all slaves [ 2838.823491][T12648] bond5 (unregistering): Released all slaves [ 2838.981093][T12648] bond6 (unregistering): Released all slaves [ 2839.129302][T12648] bond7 (unregistering): Released all slaves [ 2839.278590][T12648] bond8 (unregistering): Released all slaves [ 2839.430228][T12648] bond9 (unregistering): Released all slaves [ 2839.587141][T12648] bond10 (unregistering): Released all slaves [ 2839.736632][T12648] bond11 (unregistering): Released all slaves [ 2839.888022][T12648] bond12 (unregistering): Released all slaves