last executing test programs: 1m13.196379268s ago: executing program 4 (id=1730): r0 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000180)=@filter={'filter\x00', 0xe, 0x0, 0x90, [0x6000600, 0x2000000000c0, 0x2000000000f0, 0x200000000120], 0x0, 0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="00000000000000000000000000000000000000000000000000000200000000000000000000000000feffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000feffff502c903121092077b21968ca29c4ff00"/144]}, 0x108) 1m12.87114576s ago: executing program 4 (id=1732): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000700)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000b40)=ANY=[@ANYBLOB=',\x00\x00`', @ANYRES16=r1, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r2, @ANYBLOB="10007d"], 0x2c}}, 0x0) 1m12.753915215s ago: executing program 4 (id=1733): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWSET={0x14, 0x9, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0xfffd}}], {0x14, 0x10}}, 0x3c}, 0x1, 0x0, 0x0, 0x40c0}, 0xc4) 1m12.624950349s ago: executing program 4 (id=1734): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) socket$inet_udp(0x2, 0x2, 0x0) bind$qrtr(0xffffffffffffffff, 0x0, 0x0) r0 = getpid() r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000040)={0x3, 0x0, &(0x7f0000000340)={&(0x7f00000000c0)={0x2, 0x3, 0x0, 0x2, 0x14, 0x0, 0x0, 0x0, [@sadb_key={0x6, 0x8, 0x108, 0x0, "041f6255dd400d223296421054f011855acec306fd5e47b5a703e12c5826a2e7e3"}, @sadb_address={0x5, 0x6, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @dev}}, @sadb_sa={0x2, 0x1, 0x0, 0x0, 0x0, 0x9}, @sadb_address={0x5, 0x5, 0x0, 0x0, 0x0, @in6={0xa, 0x0, 0x0, @mcast1}}]}, 0xa0}, 0x1, 0x7}, 0x0) sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0xfffffffffffffc33, &(0x7f0000000280)=0x2) ptrace(0x10, 0x1) socket(0xb, 0x3, 0x0) r4 = inotify_init1(0x0) inotify_add_watch(r4, &(0x7f0000000200)='.\x00', 0x400) inotify_add_watch(r4, &(0x7f0000000280)='.\x00', 0x850003f3) r5 = shmget$private(0x0, 0x4000, 0x0, &(0x7f0000ffa000/0x4000)=nil) shmat(r5, &(0x7f0000000000/0x2000)=nil, 0x5000) syz_emit_ethernet(0x2d, &(0x7f0000000540)={@local, @multicast, @void, {@ipv4={0x800, @generic={{0x7, 0x4, 0x0, 0x0, 0x1f, 0x0, 0x0, 0x0, 0x1, 0x0, @remote, @dev={0xac, 0x14, 0x14, 0x35}, {[@cipso={0x86, 0x6}]}}, "cb8a11"}}}}, 0x0) syz_clone3(&(0x7f00000002c0)={0x80, 0x0, 0x0, 0x0, {0x39}, 0x0, 0x0, 0x0, 0x0}, 0x58) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newlink={0x48, 0x10, 0x1, 0x70bd27, 0x25dfdbf4, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20008}, [@IFLA_IFNAME={0x14, 0x3, 'bridge_slave_0\x00'}, @IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_SPOOFCHK={0xc, 0x4, {0xfff, 0x1}}]}]}]}, 0x48}}, 0x800) 1m9.843475273s ago: executing program 4 (id=1742): r0 = socket(0xa, 0x1, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = dup(r2) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r5 = syz_clone(0x400, 0x0, 0x0, 0x0, 0x0, 0x0) wait4(r5, &(0x7f0000000000), 0x80000000, 0x0) process_vm_writev(r5, 0x0, 0x0, &(0x7f00000002c0)=[{0x0}], 0x1, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@textreal={0x8, &(0x7f0000000240)="0fa8baf80c66b8d4f22a8966efbafc0c66ed65dc7e0a0f06baf80c66b8487e248666efbafc0c66b84700000066ef660f6a2bbaf80c66b89cd1688766efbafc0c66b80048000066ef66f30f090f20c06635080000000f22c06526f30fc734", 0x5e}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) r8 = socket$can_raw(0x1d, 0x3, 0x1) r9 = gettid() sendmmsg$unix(r7, &(0x7f00000000c0)=[{{0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000440)='1', 0x1}], 0x1, &(0x7f0000000480)=ANY=[@ANYBLOB="1c000000000000000100000002000000", @ANYRES32=r9, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000147dcd9fd921f02700000000000000018f25c261cb3eee07f833e97fa6689affd1698050945b056b29603cd2ca9a7021892e31a2362c4a62a0b99d0b16061108af2d1d95eb6e6cdfb9c959d596eb797b427a03a28ee7fd334bafc593c806d55a119f61751e09c9da4186f8800b69ae3b640fa51df0d5a2", @ANYRES32=r8, @ANYBLOB='\x00\x00\x00\x00'], 0x38, 0x4004c}}], 0x1, 0x4) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(r6, 0x1, 0x10, &(0x7f00000002c0)=0x8001, 0x4) splice(r6, 0x0, r10, 0x0, 0xb9000, 0x0) r11 = socket$inet6_sctp(0xa, 0x5, 0x84) r12 = socket$alg(0x26, 0x5, 0x0) bind$alg(r12, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'adiantum(xchacha20-simd,anubis-generic,nhpoly1305-sse2)\x00'}, 0x58) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000003c0), 0x2, 0x0) keyctl$dh_compute(0x17, 0x0, 0x0, 0x0, 0x0) bind$alg(r12, &(0x7f0000000100)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_ctr_aes256\x00'}, 0x58) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r11, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x1c, &(0x7f00000020c0)=[@in6={0xa, 0x0, 0x0, @remote, 0x34}]}, &(0x7f0000002100)=0x10) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x4, &(0x7f0000000300)={0x0, @in6={{0xa, 0x0, 0x0, @empty}}}, &(0x7f0000003c00)=0x90) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) openat$cgroup_ro(r3, &(0x7f0000000400)='blkio.bfq.io_wait_time\x00', 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) 1m6.477953038s ago: executing program 4 (id=1756): r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_linger(r2, 0x1, 0x3d, &(0x7f00000018c0)={0x1}, 0x8) r3 = dup(r1) ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x300, 0x0, 0x0, 0x0, 0x0}) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f00000007c0)=[{{&(0x7f0000000500)={0x2, 0x4e21, @local}, 0x10, 0x0}}], 0x1, 0x4000000) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000640)={{{@in=@multicast1, @in6=@initdev={0xfe, 0x88, '\x00', 0xff, 0x0}, 0x100, 0x0, 0xfffe, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x2, 0x1ff, 0x0, 0xf, 0x0, 0x4, 0x1}, {0x1, 0x40000000, 0x0, 0xfd}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@private=0xa010101, 0x0, 0x32}, 0x0, @in=@empty, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5}}, 0xe8) r5 = socket$igmp6(0xa, 0x3, 0x2) getsockopt(r5, 0x9, 0xb369, &(0x7f00000005c0)=""/65, &(0x7f0000000740)=0x41) r6 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r6, 0xc4c85512, &(0x7f00000000c0)={{0xa, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x8, 0x0, 0xfffffffffffffffe, 0x0, 0x80000000005, 0x4, 0x10000, 0x4, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x3, 0x6, 0x0, 0x0, 0x6, 0xae4f, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x9, 0x7fffffffffffffff, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa2, 0x0, 0xfffffffffffffffb, 0xea4d, 0x375, 0xffffffffffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x4000, 0x1, 0x3ffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x9, 0x4000000000000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x71]}) sendmmsg$inet6(r4, &(0x7f0000000300)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x1, 0x0, @empty, @broadcast, {[@ra={0x94, 0x4, 0x400}]}}, @info_reply={0x10, 0x0, 0x0, 0x10, 0x6}}}}}, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r8 = openat$ptp0(0xffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$PTP_SYS_OFFSET_PRECISE(r8, 0xc0403d08, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) bind$rds(r0, &(0x7f0000000780)={0x2, 0x4e20, @multicast2}, 0x10) 51.368238057s ago: executing program 32 (id=1756): r0 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r0, 0x1, 0x3c, &(0x7f0000000000)=0x1, 0x4) r1 = syz_open_dev$usbfs(&(0x7f0000000000), 0x1ff, 0x2) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_linger(r2, 0x1, 0x3d, &(0x7f00000018c0)={0x1}, 0x8) r3 = dup(r1) ioctl$USBDEVFS_CONTROL(r3, 0xc0185500, &(0x7f0000000240)={0x80, 0x6, 0x300, 0x0, 0x0, 0x0, 0x0}) bind$inet(r0, &(0x7f0000000080)={0x2, 0x0, @local}, 0x10) sendmmsg$inet(r0, &(0x7f00000007c0)=[{{&(0x7f0000000500)={0x2, 0x4e21, @local}, 0x10, 0x0}}], 0x1, 0x4000000) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$inet6_IPV6_XFRM_POLICY(r4, 0x29, 0x23, &(0x7f0000000640)={{{@in=@multicast1, @in6=@initdev={0xfe, 0x88, '\x00', 0xff, 0x0}, 0x100, 0x0, 0xfffe, 0x0, 0xa, 0x0, 0x0, 0x87}, {0x2, 0x1ff, 0x0, 0xf, 0x0, 0x4, 0x1}, {0x1, 0x40000000, 0x0, 0xfd}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@private=0xa010101, 0x0, 0x32}, 0x0, @in=@empty, 0xfffffffe, 0x4, 0x0, 0x0, 0x0, 0x0, 0x5}}, 0xe8) r5 = socket$igmp6(0xa, 0x3, 0x2) getsockopt(r5, 0x9, 0xb369, &(0x7f00000005c0)=""/65, &(0x7f0000000740)=0x41) r6 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r6, 0xc4c85512, &(0x7f00000000c0)={{0xa, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x8, 0x0, 0xfffffffffffffffe, 0x0, 0x80000000005, 0x4, 0x10000, 0x4, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x3, 0x6, 0x0, 0x0, 0x6, 0xae4f, 0x0, 0x0, 0x1, 0x0, 0x0, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x9, 0x7fffffffffffffff, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa2, 0x0, 0xfffffffffffffffb, 0xea4d, 0x375, 0xffffffffffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x4000, 0x1, 0x3ffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x9, 0x4000000000000, 0x0, 0x0, 0x0, 0x5, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, 0x71]}) sendmmsg$inet6(r4, &(0x7f0000000300)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @dev}, 0x1c, 0x0}}], 0x1, 0x0) syz_emit_ethernet(0x2e, &(0x7f0000000000)={@local, @empty, @void, {@ipv4={0x800, @icmp={{0x6, 0x4, 0x0, 0x0, 0x20, 0x0, 0x0, 0x0, 0x1, 0x0, @empty, @broadcast, {[@ra={0x94, 0x4, 0x400}]}}, @info_reply={0x10, 0x0, 0x0, 0x10, 0x6}}}}}, 0x0) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r8 = openat$ptp0(0xffffff9c, &(0x7f00000003c0), 0x0, 0x0) ioctl$PTP_SYS_OFFSET_PRECISE(r8, 0xc0403d08, 0x0) close_range(r7, 0xffffffffffffffff, 0x0) bind$rds(r0, &(0x7f0000000780)={0x2, 0x4e20, @multicast2}, 0x10) 7.511878312s ago: executing program 5 (id=2008): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=ANY=[@ANYBLOB="1c00f5ff1700030000000000400300000000000000000006"], 0x1c}}, 0x0) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/resume', 0x169a82, 0x189) r0 = syz_open_dev$loop(&(0x7f0000000480), 0xd76, 0x181400) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='cgroup.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000400)=ANY=[], 0x1df) r2 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r2, 0xc0285629, &(0x7f0000000080)={0x3, @win={{0xa3, 0x8, 0x80000001, 0x3}, 0x1, 0x2, &(0x7f0000000240)={{0x2, 0x81, 0x7ff, 0x6}}, 0x80, 0x0, 0x1d}}) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000002c0)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x2, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 6.868573067s ago: executing program 5 (id=2010): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0x403, 0xfffffff8, 0x3f, {0x0, 0x0, 0x700, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_IPTABLES={0x5}, @IFLA_BR_NF_CALL_IP6TABLES={0x5}]}}}]}, 0x44}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0) 6.508299601s ago: executing program 5 (id=2013): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000840)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x5, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="120110031fcd1b08cf100355af75010203010902"], &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}) r2 = syz_open_procfs(0x0, &(0x7f0000000280)='timers\x00') sendmsg$L2TP_CMD_SESSION_GET(r2, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={0x0}}, 0x10) r3 = socket$netlink(0x10, 0x3, 0x0) r4 = socket(0x10, 0x803, 0x8) sendmsg$IPVS_CMD_SET_INFO(r4, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x2d}, 0x1, 0x0, 0x0, 0x8801}, 0x8000) socket$netlink(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_CRIT_PROTOCOL_START(r5, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={0x0, 0x1c}}, 0x0) getsockname$packet(r5, &(0x7f0000000600)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=@newlink={0x3c, 0x10, 0x503, 0x0, 0xfffffffc, {}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bond={{0x9}, {0x4}}}, @IFLA_MASTER={0x8, 0xa, r6}]}, 0x3c}, 0x1, 0x0, 0x0, 0x800}, 0x4000) getsockname$packet(r4, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x60, &(0x7f0000000300)={&(0x7f0000000900)=ANY=[@ANYBLOB="5c00000010001ffffcffffff0000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000340012800b0001006772657461700000240002800800070064010100060003001008000008001500700f0d0008000700ac1414bb08000a00", @ANYRES32=r7], 0x5c}}, 0x40) socket(0x10, 0x803, 0x2) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32], 0x3c}}, 0x0) pread64(r2, 0x0, 0x0, 0x40) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000008c0)=ANY=[], 0x154}, 0x1, 0x0, 0x0, 0x20008800}, 0x0) 6.476015892s ago: executing program 2 (id=2014): r0 = creat(&(0x7f0000000040)='./file0\x00', 0x0) close(r0) r1 = mmap$KVM_VCPU(&(0x7f0000ffb000/0x2000)=nil, 0x930, 0x100000e, 0x4018831, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f00000000c0)) r3 = syz_io_uring_setup(0x72ae, &(0x7f0000000280)={0x0, 0x0, 0x10100, 0x0, 0x36}, &(0x7f0000000500), &(0x7f0000000000)=0x0) syz_io_uring_setup(0x2287, &(0x7f0000000200)={0x0, 0x6e79, 0x400, 0x1, 0x1}, &(0x7f0000000080)=0x0, &(0x7f0000001540)) syz_io_uring_submit(r5, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) io_uring_enter(r3, 0x184c, 0x0, 0x0, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) syz_memcpy_off$KVM_EXIT_HYPERCALL(r1, 0x20, &(0x7f0000000180)="5e73663bf4082f7c6c9ecbf09d6dd7be5a06dfd645630500c1a303434a36bfc45a7badc8faed24bb77c848723a43602d1fe0d236c062e105ec77ffdc0fb243c3111dda42112650cc", 0x0, 0x48) ioctl$UFFDIO_UNREGISTER(r0, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffa000/0x3000)=nil, 0x3000}) ioctl$VHOST_SET_VRING_KICK(r0, 0x4008af20, &(0x7f0000000100)={0x2, r0}) 6.084487186s ago: executing program 2 (id=2016): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020bd289400000000000001090224"], 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0), 0x2006c0, 0x0) pipe2(&(0x7f00000000c0), 0x4800) socket$inet6_tcp(0xa, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x801, 0x84) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r1, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r1, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r2, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r3], 0x3c}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x24, 0x10, 0x1, 0x1000000, 0x0, {0x0, 0x0, 0x74, r2, {0xffe0, 0xfff1}, {}, {0xffe0, 0x1}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4004140}, 0x0) 6.048812508s ago: executing program 3 (id=2017): r0 = syz_open_procfs(0x0, &(0x7f0000000280)='fd/3\x00') epoll_create1(0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) socket$kcm(0xa, 0x1, 0x106) bind$netlink(0xffffffffffffffff, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x8, &(0x7f0000000200), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(0xffffffffffffffff, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f00000002c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) ioctl$sock_ipv6_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000000c0)={'syztnl1\x00', &(0x7f0000000040)={'syztnl0\x00', 0x0, 0x0, 0x5f, 0x8, 0x5, 0x20, @mcast1, @mcast2, 0x1, 0x8000, 0x2, 0x6}}) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_NEW_INTERFACE(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=ANY=[@ANYBLOB="e4000000", @ANYRES16=r4, @ANYBLOB="07002abd5248ffdbdf2507ff000008000300", @ANYRES32=r5, @ANYBLOB="0c00990001000c0069000000140004002f6163766c616e3100000000000000000400cc00080005000a"], 0xe4}}, 0x0) 6.033832561s ago: executing program 0 (id=2018): r0 = syz_usb_connect(0x3, 0xfffffffffffffe5b, &(0x7f00000007c0)={{0x12, 0x1, 0x0, 0xc, 0xd9, 0xb, 0x10, 0x20d6, 0x15ab, 0x820e, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x3ac, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x50, 0x0, 0xe, 0xff, 0x5d, 0x1, 0x0, [], [{{0x9, 0x5, 0x7, 0x4, 0x400, 0x5, 0x0, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x1, 0x5}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x3, 0xf801}]}}, {{0x9, 0x5, 0x9, 0x10, 0x20, 0x4, 0x3}}, {{0x9, 0x5, 0x6, 0x2, 0x20, 0x4, 0x43, 0x7}}, {{0x9, 0x5, 0x80, 0x0, 0x10, 0x7, 0x8}}, {{0x9, 0x5, 0x3, 0x0, 0x0, 0x3, 0xdb, 0x1, [@uac_iso={0x7, 0x25, 0x1, 0x82, 0x5, 0x8000}, @generic={0x27, 0x7, "a4e9ba880cd64f94381f20caab69b694b6dbf76ed840e2193e3326ad83e30c903b9ef85339"}]}}, {{0x9, 0x5, 0x1, 0xc, 0x8, 0x3, 0x3, 0x4, [@uac_iso={0x0, 0x25, 0x1, 0x0, 0xb, 0x7}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x6, 0x7}]}}, {{0x9, 0x5, 0x4, 0x13, 0x60, 0x7, 0x4, 0x8, [@generic={0xe, 0xa, "a6ed9815e326986b8ad64371"}]}}, {{0x9, 0x5, 0x4, 0x0, 0x10, 0xd, 0x4, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xdc, 0x2}, @uac_iso={0x7, 0x25, 0x1, 0x100, 0x1, 0x6}]}}, {{0x9, 0x5, 0x8, 0xd, 0x400, 0x7, 0x98, 0x5}}, {{0x9, 0x5, 0xb, 0x10, 0x40, 0x3, 0x50, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0xfa, 0x805}, @generic={0xf1, 0x8, "8f4f58e9439ba2bc6854d1c412b90b30635a56a6079011ca049ce01a0be0b02c562685ba46560fcd2987610c8effb5cad118f7a587cf53111cf233ac2687f6a8f562ed6589ee631a63bdc2576b107e6319c5a357c8ba5226df93ade4bc49e7e74f1123282535343614d0f6af770e8c26b5f8105a29cfd0d2c4ae058782f353e4a02a6c2ebefd7ee5e4d078cab97080b7017a9bdec8464ebf3808453b6a94445fd3900202a8811cbc743018a67634b570dbec245a48c23f698c42c969acfbad9ed9ba2aa326a8ab9c59f84ca823c8ffa5d966c638a5487551ebc95f6c545d79a87adc9d726be6f399ee2056bae4ccf1"}]}}, {{0x9, 0x5, 0x7, 0x0, 0x40, 0x1, 0x7, 0x8, [@generic={0x0, 0x5, "a71a06bf606e000000000000e12e306e48f246cf326cc7339042c15322ab2a474dbd396dd45211caa48737b723942f5c288dc3b023ddfca8f1541ca0a471b4a217"}, @generic={0x0, 0x23, "8315c9a65541f7ca99d9b1c34e89f705f7ff3f6996e87d94748434896371fff8653f791a72839a2f35f64675155b7c2fb25a14ed973d099443f256c3b9027d28f2190facc29c0c5961f29ef50c31097e159510d85a914c89a5fee16de2958dc7f378bfef1f3f54d01f1f532b77eaec9171c1564c16e2ac274f0566f23764c0e8ef1333035723323b244a3ec4b586ab1b64d892e8feb991b1553b55d5c568523eb5f0f921e8c42ef91357f6c4e09d23a19e765f36135c9ce51bc068c341fa5dd77ae150a961357e2bf9b62a5696f8a4f6d9e938d073c6c6fac65ff1a8d32266acd0"}]}}, {{0x9, 0x5, 0x0, 0x0, 0x0, 0x8, 0x5f, 0x8c, [@uac_iso={0x0, 0x25, 0x1, 0x1, 0x7, 0x2}, @uac_iso={0x0, 0x25, 0x1, 0x3, 0x10, 0x7}]}}, {{0x9, 0x5, 0xb, 0x10, 0x40, 0x8, 0x4, 0xc3, [@uac_iso={0x0, 0x25, 0x1, 0x87, 0x1, 0x800}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0x2, 0x9}]}}, {{0x9, 0x5, 0x5, 0x0, 0x40, 0xdb, 0x0, 0x9, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0x3}]}}]}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r1, 0x8983, &(0x7f0000000280)={0x0, 'batadv_slave_0\x00', {0xffffffff}, 0x30a}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000000)=ANY=[@ANYRESDEC=r0, @ANYBLOB="0f68f1308bd3421e31f30b5196fa9146584fb7300f0b9144c4138e4d287b905fcaaef5ebd6344e40d248c77103bf084b4ba1891316ebc5c647159cb2ea88b463944326c08b21bc5c1b53883c94281002edc33fa9c01ba0cf74fce96de5a12eb673ce1eaa2b0df913d0afd90a28f1e6f21ce9ffba2cd6bb9e66652538ff5ceabbf733d69e72ad80ecdc12a3b3f3ccfebe12ec31c70be79849bcdc74fc400cd9739106", @ANYRESHEX=r0, @ANYRESHEX=0x0, @ANYRESHEX=0x0], 0x0, 0x0, 0x0, 0x0, 0x0}) (async) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000000)=ANY=[@ANYRESDEC=r0, @ANYBLOB="0f68f1308bd3421e31f30b5196fa9146584fb7300f0b9144c4138e4d287b905fcaaef5ebd6344e40d248c77103bf084b4ba1891316ebc5c647159cb2ea88b463944326c08b21bc5c1b53883c94281002edc33fa9c01ba0cf74fce96de5a12eb673ce1eaa2b0df913d0afd90a28f1e6f21ce9ffba2cd6bb9e66652538ff5ceabbf733d69e72ad80ecdc12a3b3f3ccfebe12ec31c70be79849bcdc74fc400cd9739106", @ANYRESHEX=r0, @ANYRESHEX=0x0, @ANYRESHEX=0x0], 0x0, 0x0, 0x0, 0x0, 0x0}) 5.0881989s ago: executing program 3 (id=2019): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000020bd289400000000000001090224"], 0x0) openat$bsg(0xffffffffffffff9c, &(0x7f00000001c0), 0x2006c0, 0x0) pipe2(&(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4800) socket$inet6_tcp(0xa, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x801, 0x84) r2 = socket$nl_route(0x10, 0x3, 0x0) openat$ttynull(0xffffffffffffff9c, &(0x7f0000000000), 0x103902, 0x0) mremap(&(0x7f0000002000/0x4000)=nil, 0x200000, 0x4000, 0x3, &(0x7f0000ffc000/0x4000)=nil) mremap(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f0000002000/0x4000)=nil) r3 = socket(0x10, 0x803, 0x0) sendmsg$NL80211_CMD_GET_COALESCE(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f0000000400)={0x0, 0x14}}, 0x0) getsockname$packet(r3, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000040)=0x8f) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000002c0)=ANY=[@ANYBLOB="3c0000001000030400000006000000005dcc0300", @ANYRES32=r4, @ANYBLOB="71e79fd800000000140012800c0001006d616376746170001400028008000500", @ANYRES32=r5], 0x3c}}, 0x0) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000240), r1) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r0, &(0x7f00000003c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x80000000}, 0xc, &(0x7f0000000280)={&(0x7f0000000300)={0xb0, r6, 0x200, 0x70bd28, 0x25dfdbff, {}, [@MPTCP_PM_ATTR_TOKEN={0x8, 0x4, 0x8}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x48, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x18}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0xffffff3f, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_ADDR6={0x14, 0x4, @empty}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e21}, @MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0xc}]}, @MPTCP_PM_ATTR_SUBFLOWS={0x8}, @MPTCP_PM_ATTR_LOC_ID={0x5, 0x5, 0xfe}, @MPTCP_PM_ATTR_SUBFLOWS={0x8, 0x3, 0x3}, @MPTCP_PM_ATTR_ADDR_REMOTE={0x34, 0x6, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e24}, @MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e22}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @dev={0xac, 0x14, 0x14, 0x2c}}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_IF_IDX={0x8, 0x7, r4}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}]}]}, 0xb0}, 0x1, 0x0, 0x0, 0x800}, 0x20004010) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x24, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x74, r4, {0xffe0, 0xfff1}, {}, {0xffe0, 0x1}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x4004140}, 0x0) syz_open_dev$sndctrl(&(0x7f0000000440), 0x7, 0x40000) 3.491227007s ago: executing program 2 (id=2020): syz_genetlink_get_family_id$nl80211(&(0x7f0000000580), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3c8b}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipip6={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_ENCAP_TYPE={0x6, 0xf, 0x3}]}}}]}, 0x3c}}, 0x4000) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000380)=@bpf_tracing={0x1a, 0x29, 0x0, 0x0, 0xe, 0x3b, &(0x7f0000000080)=""/59, 0x40f00, 0x1, '\x00', 0x0, 0x18, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x169a0, 0xffffffffffffffff, 0x2, &(0x7f0000000300)=[r0, 0x1, 0x1, 0xffffffffffffffff, 0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x1, 0x1], &(0x7f0000000340)=[{0x0, 0x4, 0x4, 0x6}, {0x10000002, 0x2, 0x0, 0x3}], 0x10, 0x1, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000680)={r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, &(0x7f0000000540), &(0x7f0000000580), 0x0, 0x0, 0x607}, 0x50) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000680)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r4, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r5, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 3.423580493s ago: executing program 2 (id=2021): r0 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x0, 0x0, 0x40000, 0x0, 0xfffffffc, 0x1}}) 3.332351523s ago: executing program 2 (id=2022): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x6a3, 0xccd, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0xe0, 0xc, [{{0x9, 0x4, 0x0, 0x43, 0x3, 0x3, 0x0, 0x1, 0x0, {0x9, 0x21, 0x5, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x7, 0x80}}}}}]}}]}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)={0x54, r4, 0x1, 0x70bd26, 0x0, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_CSA_C_OFFSETS_TX={0xa, 0xcd, [0x0, 0x5, 0x1]}, @NL80211_ATTR_FRAME={0x2c, 0x33, @reassoc_req={{{0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x1, 0x0, 0x1}, {0x3}, @broadcast, @device_a, @initial, {0x5, 0x3}, @value=@ver_80211n={0x0, 0x120, 0x2, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}}, 0x204, 0x9, @broadcast, {}, @void, @void}}]}, 0x54}, 0x1, 0x0, 0x0, 0xc0}, 0x0) sendmsg$NL80211_CMD_GET_FTM_RESPONDER_STATS(r1, &(0x7f0000000140)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000100)={&(0x7f0000000080)={0x14, r4, 0x200, 0x70bd2c, 0x25dfdbfd, {{}, {@void, @void}}, ["", ""]}, 0x14}, 0x1, 0x0, 0x0, 0x400c0}, 0x24040084) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f00000003c0)={0x2c, &(0x7f00000000c0)={0x40, 0xf, 0x5, {0x5, 0x22, "c07aca"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 3.320071775s ago: executing program 3 (id=2023): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000340)=@raw={'raw\x00', 0x3c1, 0x3, 0x2a8, 0xd0, 0x4c, 0x232, 0xd0, 0x0, 0x1d8, 0x2e8, 0x2e8, 0x1d8, 0x2e8, 0x3, 0x0, {[{{@ipv6={@mcast2, @mcast2, [], [], 'gretap0\x00', 'ip6gre0\x00', {}, {}, 0x6, 0x0, 0x3}, 0x0, 0xa8, 0xd0}, @common=@inet=@SYNPROXY={0x28}}, {{@uncond, 0x0, 0xa8, 0x108}, @common=@inet=@HMARK={0x60, 'HMARK\x00', 0x0, {@ipv4=@initdev={0xac, 0x1e, 0x0, 0x0}, [0xffffffff, 0xff, 0x0, 0xffffff], 0x4e23, 0x4e24, 0x4e20, 0x4e20, 0x3ff, 0xf2, 0x1, 0xb, 0x8ef1}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x308) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=@newlink={0x44, 0x10, 0x403, 0xfffffff8, 0x3f, {0x0, 0x0, 0x0, 0x0, 0x88adfda5}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_NF_CALL_IPTABLES={0x5}, @IFLA_BR_NF_CALL_IP6TABLES={0x5}]}}}]}, 0x44}, 0x1, 0x300000000000000, 0x0, 0x4004}, 0x0) 3.23438475s ago: executing program 3 (id=2024): syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000087ff0f10ab0701fc908d01020301090212433f00003b0009040000000802"], 0x0) quotactl$Q_GETFMT(0xffffffff80000400, &(0x7f00000008c0)=@loop={'/dev/loop', 0x0}, 0x0, 0x0) prlimit64(0x0, 0x7, &(0x7f00000003c0), 0x0) pipe2(0x0, 0x0) syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) (async) r0 = syz_open_dev$radio(&(0x7f0000000000), 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r0, 0xc0205647, &(0x7f0000000100)={0xf000000, 0x1, 0xffffffff, 0xffffffffffffffff, 0x0, &(0x7f0000000140)={0x98f910, 0x797, '\x00', @value64=0x1}}) syz_usb_connect(0x0, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f00090582de", @ANYRESDEC], 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_queued_recursive\x00', 0x275a, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) (async) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@empty, 0x0, 0x6, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004) (async) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000005c0)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@empty, 0x0, 0x6, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29}, {0x0, 0x0, 0x7, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x0, 0x0, 0xffffffffffffffff}}}, 0xb8}}, 0x4004) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) fstat(r1, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@private0, 0x0, 0x8000, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29, 0x0, r4}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x1000000000, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10) (async) sendmsg$nl_xfrm(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=@updpolicy={0xb8, 0x19, 0x1, 0x0, 0x0, {{@in=@multicast2, @in6=@private0, 0x0, 0x8000, 0x0, 0x0, 0xa, 0x0, 0x0, 0x29, 0x0, r4}, {0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0xffffffffffffffff}, {0x0, 0x1000000000, 0x0, 0xffffffffffffffff}, 0x7}}, 0xb8}}, 0x10) ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(r1, 0xc0189375, &(0x7f0000000040)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) setsockopt$inet_sctp6_SCTP_FRAGMENT_INTERLEAVE(r1, 0x84, 0x12, &(0x7f0000000000)=0x7ff, 0x4) 2.788402893s ago: executing program 0 (id=2025): socket$inet6(0xa, 0x3, 0xff) quotactl$Q_QUOTAON(0x0, &(0x7f0000000040)=@filename='./file0\x00', 0x0, &(0x7f0000000240)='./file0\x00') r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r0, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x110000, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNSETQUEUE(r1, 0x400454d9, &(0x7f0000000000)={'geneve1\x00', 0x400}) socket$packet(0x11, 0x3, 0x300) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, &(0x7f00000001c0)=0x2) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000040), 0x0, 0x2810) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = socket$inet6(0x10, 0x80000, 0x3) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$nl_route(0x10, 0x3, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000700), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(r5, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000b80)={&(0x7f0000000440)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="010000000000000000002e000000180001801400020067656e65766530"], 0x2c}, 0x1, 0x0, 0x0, 0x3dc06331d0ffc133}, 0x0) r7 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r7, 0x6, 0x80000000000002, &(0x7f0000000000)=0x3, 0x4) bind$inet(r7, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) setsockopt$SO_ATTACH_FILTER(r4, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r7, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_tcp_TCP_CONGESTION(r7, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) 2.599365699s ago: executing program 0 (id=2026): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) r1 = fsopen(&(0x7f0000000100)='udf\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x22, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r0, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg$inet(r0, &(0x7f0000004980)=[{{&(0x7f0000000000)={0x2, 0x4e24, @loopback}, 0x10, 0x0}}], 0x1, 0x2000c000) 2.504357441s ago: executing program 0 (id=2027): r0 = syz_open_dev$sg(&(0x7f0000000040), 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, &(0x7f00000001c0)=ANY=[@ANYBLOB="00000021000100005d"]) 2.324064803s ago: executing program 5 (id=2028): bpf$BPF_MAP_LOOKUP_AND_DELETE_BATCH(0x18, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, 0x1}, 0x38) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000180)=ANY=[@ANYBLOB="4c00000010004b04227fff00000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c00028008000400000000000800150000000000050016"], 0x4c}, 0x1, 0x0, 0x0, 0x200400a0}, 0x0) 2.244280427s ago: executing program 0 (id=2029): socket$nl_generic(0x10, 0x3, 0x10) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = creat(&(0x7f0000000300)='./bus\x00', 0x0) io_setup(0x6, &(0x7f0000000240)=0x0) io_submit(r2, 0x1, &(0x7f0000000180)=[&(0x7f0000000100)={0xf04aef, 0x3d8, 0x4, 0x1, 0x0, r1, 0x0, 0x30}]) bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x1, 0x4, &(0x7f0000000040)=@framed={{0xffffffb4, 0x8, 0x0, 0x0, 0x0, 0x61, 0x10, 0x54}, [@ldst={0x6}]}, &(0x7f0000003ff6)='GPL\x00', 0x5, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f00000000c0), 0x0, 0x10, &(0x7f0000000080), 0xffffffffffffffb2, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "ff0f000000000000f5a72d866b0000000000f0ffdefe00"}) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r4 = openat$dma_heap(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$DMA_HEAP_IOCTL_ALLOC(r4, 0xc0184800, &(0x7f0000000100)={0x4, r3}) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r6) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r6, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r7, 0x0) syz_emit_ethernet(0x5a, &(0x7f0000000880)=ANY=[@ANYBLOB="86dd60eb370000240600fe800000000000bbfe80000000000000fb0d29df7614d2a6fe44c88f000000000000000000000000000000df55397bba2fa1e029bbc10d354c40407b0d68e98adbff4c3da0cfcfcb3b3583e8d360ba2679de532f690103c274628ab094ad5ce9feeaa65410aa573478165001ae01b665a95127a274", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="94c20000907800871e0400401e0c16c8060000006a000000"], 0x0) ioctl$DMA_BUF_SET_NAME_A(r5, 0x40086203, &(0x7f00000001c0)='\x02\x00\x00\x00\x05\x00\x00\x00-control\x00') write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0x2, 0x6, 0xfffa}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x5, 0x7, 0x5, 0x8006, 0x0, 0x7, 0x3c5b, 0x1, 0x24, 0x10, 0x5, 0x4, 0xffffffff, 0xe661, 0x4, 0x7, 0x20003, 0x8, 0x4c74, 0x10000, 0x242, 0x3, 0xe, 0x4, 0x80008071, 0x7, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x6, 0x6, 0x454f, 0x6, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x9, 0x8000012f, 0x8004, 0x33c, 0xfffffff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x2, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0xff, 0x5, 0xfffff575, 0x5f31, 0xd, 0x4e0, 0x381, 0x4, 0xc, 0x4, 0x9, 0x8, 0x5, 0x6, 0x47, 0x6, 0x1, 0xfe000000, 0x8, 0x2, 0x4, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0x3, 0xbc45, 0x48c93690, 0x42, 0x3], [0x4, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x9, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x3, 0x303c, 0xfffffffa, 0xb, 0x5, 0x2, 0x2, 0x400003, 0x20000008, 0x4, 0x6d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x4, 0xa9, 0x5, 0x0, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x1c, 0x120000, 0x807ff, 0x2006, 0x80a2ed, 0x1, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x1938, 0x6, 0x6, 0x0, 0xb9, 0xce4, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x14c, 0x60a7, 0x6, 0x7, 0xffffffff, 0x80000000, 0x5, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x3, 0x7e, 0x100, 0x9622, 0x7, 0xaf, 0x20000007, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x802, 0xd7, 0x200, 0xb, 0x6]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) openat$fb0(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r8 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r8, 0x0, 0x40, 0x0, 0x0) 2.215284585s ago: executing program 1 (id=2030): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000006c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="3cf0ff001000010400"/20, @ANYRES32=r2, @ANYBLOB="00000000000000001c00128009000100626f6e64000000000c0002800800070003"], 0x3c}}, 0x0) 2.059413887s ago: executing program 5 (id=2031): sendmsg$L2TP_CMD_TUNNEL_CREATE(0xffffffffffffffff, 0x0, 0x0) preadv(0xffffffffffffffff, &(0x7f0000000040)=[{&(0x7f00000002c0)=""/219, 0xdb}], 0x1, 0x1ff, 0x7) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f0000001340)={&(0x7f0000000000)=ANY=[@ANYBLOB, @ANYRES16=r1, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r2, @ANYBLOB="d506330080000000ffffffffffff080211000001"], 0x6f4}}, 0x0) 2.004487241s ago: executing program 1 (id=2032): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000100)={'hsr0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=@newlink={0x38, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x14615, 0xef}, [@IFLA_LINK_NETNSID={0x8, 0x25, 0x2}, @IFLA_TARGET_NETNSID={0x8, 0x2e, 0x1}, @IFLA_MASTER={0x8, 0xa, r1}]}, 0x38}}, 0x0) 2.003735806s ago: executing program 0 (id=2033): ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0xc048aec8, &(0x7f0000000080)={0x0, 0x0, @ioapic={0x80a0000, 0x8000, 0xd, 0x1c, 0x0, [{0x90, 0x5, 0xe, '\x00', 0x9}, {0x4, 0x3, 0x4}, {0x7, 0xd, 0x0, '\x00', 0x3}, {0x6, 0x8, 0x7f, '\x00', 0x5}, {0xb, 0x4, 0x2, '\x00', 0x7}, {0x2f, 0x9, 0x2, '\x00', 0x7a}, {0x4, 0x9, 0x2, '\x00', 0xc}, {0x0, 0xf, 0x80, '\x00', 0x9d}, {0x2a, 0x9, 0x85, '\x00', 0x5}, {0x2, 0x30, 0xd, '\x00', 0xf8}, {0x4, 0x9, 0x1, '\x00', 0x8}, {0xc, 0xe0, 0x2, '\x00', 0x7}, {0x4, 0xaf, 0x2, '\x00', 0x7}, {0x9, 0x11, 0xd, '\x00', 0x7}, {0x5, 0xe, 0x2, '\x00', 0x6}, {0xdd, 0x9, 0xe2, '\x00', 0x7}, {0x18, 0x9, 0x8, '\x00', 0x2}, {0xa2, 0x8, 0x97}, {0x1, 0x0, 0x81, '\x00', 0x4}, {0x3, 0x0, 0x5d, '\x00', 0x2}, {0xfc, 0x5, 0x5, '\x00', 0x1}, {0xba, 0x7, 0x9, '\x00', 0x6b}, {0x2, 0x3, 0xaf, '\x00', 0x7f}, {0x1, 0x7, 0x8, '\x00', 0x4}]}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x1) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f00000000c0)={r2, r2, r2}, 0xffffffffffffffff, 0xfe, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) add_key$keyring(0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) io_uring_enter(0xffffffffffffffff, 0x52de, 0xf62e, 0x8, 0x0, 0x0) prctl$PR_SET_TAGGED_ADDR_CTRL(0x37, 0x0) mbind(&(0x7f0000bcb000/0x1000)=nil, 0x1000, 0x0, 0x0, 0x0, 0x2) r5 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_SET_EVBIT(r5, 0x40045564, 0x14) ioctl$UI_DEV_CREATE(r5, 0x5501) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0x15, &(0x7f0000000200)=0xfffffffa, 0x3) write$input_event(r5, &(0x7f0000000000)={{0x77359400}, 0x15}, 0xfe4f) unshare(0x62040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r6 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$IPT_SO_GET_INFO(r6, 0x0, 0x40, &(0x7f0000000000)={'filter\x00', 0x7003}, &(0x7f0000000100)=0x54) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFULNL_MSG_CONFIG(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="7c00000001040500000000000000000000000000060006400000000008000540000000000500010001"], 0x7c}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) bpf$TOKEN_CREATE(0x24, &(0x7f0000000ac0)={0x0, r1}, 0x8) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) 1.936157656s ago: executing program 1 (id=2034): sendmsg$inet_sctp(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000cc0)=ANY=[], 0x38}, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_inet_SIOCSARP(r4, 0x8935, &(0x7f0000000000)={{0x2, 0x0, @local}, {0x0, @remote}, 0x8, {0x2, 0x0, @loopback}}) ioctl$KVM_SET_REGS(r3, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x6, 0x8000000000, 0x1, 0x1, 0x8, 0x4002004c5, 0x1000, 0x1, 0x0, 0x7, 0xe, 0x0, 0x6, 0x0, 0x49], 0xdddd1000, 0x1c6256}) ioctl$KVM_RUN(r3, 0xae80, 0x0) connect$can_bcm(r0, &(0x7f00000005c0), 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) r7 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000340)=@ipv4_newroute={0x2c, 0x1a, 0x1, 0x0, 0x0, {}, [@RTA_DPORT={0x6, 0x1d, 0xfffe}, @RTA_SPORT={0x6, 0x1c, 0x4e24}]}, 0x2c}}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)={0x38, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_6GHZ={0x18, 0x3, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x7fff, 0x2, 0x9, 0xff, 0x5, 0x4a, 0x9, 0x81]}}]}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x24040044}, 0x0) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="050000007f"], 0x48}}, 0x0) 1.878186723s ago: executing program 5 (id=2035): socket(0x3, 0x4, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r2 = openat$vimc0(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$VIDIOC_SUBDEV_G_FRAME_INTERVAL(r2, 0xc0305615, &(0x7f0000000140)={0x0, {0xfffffff7, 0x8}}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x6, 0xfffffffffffffffd, 0x20, 0xcd26}, 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r5, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) ioctl$TUNSETIFF(r3, 0x400454ca, &(0x7f00000001c0)={'netpci0\x00', 0x7101}) r6 = syz_open_dev$media(&(0x7f00000006c0), 0x4007, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(r6, 0x80047c05, &(0x7f0000000940)) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) syz_80211_inject_frame(&(0x7f0000000000), 0x0, 0x3bb) dup(r7) socket$nl_route(0x10, 0x3, 0x0) socket$alg(0x26, 0x5, 0x0) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r9 = ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) ioctl$KVM_CREATE_VCPU(r9, 0xae41, 0x6) 1.820448752s ago: executing program 3 (id=2036): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x11, r1, 0x5584d000) bind$tipc(r1, 0x0, 0x0) r2 = syz_clone(0x20800000, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$SG_BLKTRACESETUP(0xffffffffffffffff, 0xc0481273, &(0x7f0000000240)={'\x00', 0xedd, 0x75, 0x2, 0x4010002, 0x7}) process_vm_writev(r2, &(0x7f0000001c80)=[{&(0x7f0000001bc0)=""/156, 0x9c}], 0x1, &(0x7f0000001d80)=[{&(0x7f0000001cc0)=""/116, 0x20001c34}], 0x1, 0xefff) 1.674842376s ago: executing program 2 (id=2037): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$int_in(r1, 0x40000000af01, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x2404c800) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x7295, &(0x7f0000000380)={0x0, 0xf74f, 0x1, 0x1, 0x3, 0x0, r3}, &(0x7f0000000080), &(0x7f00000002c0)) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000000400)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r5 = syz_open_dev$video4linux(&(0x7f0000000040), 0x0, 0x40000) ioctl$VIDIOC_DQEVENT(r5, 0x80885659, 0x0) r6 = socket$nl_crypto(0x10, 0x3, 0x15) ioctl$sock_SIOCGIFVLAN_SET_VLAN_NAME_TYPE_CMD(r6, 0x8982, 0x0) r7 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r7, 0x29, 0x40, &(0x7f0000000fc0)=@raw={'raw\x00', 0x8, 0x3, 0x520, 0xd0, 0xffffffff, 0xffffffff, 0xd0, 0xffffffff, 0x450, 0xffffffff, 0xffffffff, 0x450, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [0x0, 0x0, 0x0, 0xffffffff], [0x0, 0x0, 0xffffffff], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'geneve1\x00', {0xff}}, 0x0, 0x350, 0x380, 0x0, {}, [@common=@inet=@hashlimit2={{0x150}, {'nicvf0\x00', {0x1, 0x2, 0x42, 0x5, 0xc, 0x5, 0xfffffffa, 0x0, 0x40}, {0x8}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x8000000000000003, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3, 0x0, 0x18}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x580) r8 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r8, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) r9 = socket$inet6(0xa, 0x5, 0x0) setsockopt$sock_int(r9, 0x1, 0x4000000000000002, &(0x7f0000fee000)=0x3fa, 0x4) bind$inet6(r9, &(0x7f0000000140)={0xa, 0x4e22, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) listen(r9, 0x732) bind$inet6(r8, &(0x7f0000000140)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @local}}, 0x1c) ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(r6, 0x8983, &(0x7f0000000040)={0x0, 'bridge_slave_1\x00', {0x2}, 0x9}) ioctl$VHOST_SET_MEM_TABLE(r1, 0x4008af03, &(0x7f00000007c0)) socket$packet(0x11, 0x3, 0x300) 1.441432564s ago: executing program 3 (id=2038): setreuid(0x0, 0xee01) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(0xffffffffffffffff, 0x89f1, &(0x7f0000000440)={'tunl0\x00', &(0x7f0000000040)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x0, 0x0, @private, @initdev={0xac, 0x1e, 0x0, 0x0}}}}}) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_DSTOPTS(r1, 0x29, 0x3b, &(0x7f00000002c0)=ANY=[], 0x8) bind$inet6(r1, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r1, &(0x7f0000000040), 0x400000000000284, 0x2b, 0x0) r2 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x1, 0x0) fchdir(r3) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x0) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000580)={@rand_addr=' \x01\x00', @empty, @ipv4={'\x00', '\xff\xff', @loopback}, 0x2000000, 0x0, 0x7d, 0x400, 0x0, 0x930310}) ioctl$sock_inet6_SIOCADDRT(r4, 0x890b, &(0x7f0000000040)={@loopback, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, @remote, 0x1, 0x0, 0x40, 0x400, 0x9, 0x10200}) open(&(0x7f0000000080)='./bus\x00', 0x169242, 0x10) rename(&(0x7f0000000440)='./bus\x00', &(0x7f00000003c0)='./file1\x00') setsockopt$inet6_int(r1, 0x29, 0x3a, &(0x7f0000000400)=0x7, 0x4) syz_usb_connect(0x0, 0x5a, &(0x7f0000000200)=ANY=[@ANYBLOB="12010000ec13b2106d04f308280b0102030109024800010000000009046900000e0100000841"], 0x0) r5 = socket$xdp(0x2c, 0x3, 0x0) r6 = pidfd_getfd(0xffffffffffffffff, 0xffffffffffffffff, 0x0) bind$xdp(r5, &(0x7f0000000380)={0x2c, 0x0, r0, 0x36, r6}, 0x10) setsockopt$inet6_int(r1, 0x29, 0x4, &(0x7f0000000000)=0x1, 0x4) sendto$inet6(r1, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 1.332428118s ago: executing program 1 (id=2039): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mremap(&(0x7f000008f000/0x2000)=nil, 0x2000, 0x1000, 0x3, &(0x7f0000486000/0x1000)=nil) (async) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000ac0)=ANY=[@ANYBLOB="b700000001000000bfa30000000000000703000000feffff720af0fff8ffffff71a4f0ff000000003f040000000000002d400300000000006504000001ed00007b130000000000006c440000000000007b0a00fe000000007b13000000000000b5000000000000009500000000000000023bc865b7a379d17cf9333379fc9e94af69912435f1a864a710aad58db6a621a464a3778433e6e393002e7f3be361957adef6ee1c8a2a4f8ef1e50bec919bc461e91a7168c5181554a090f32050e436fe275daf51efd601b6bf01c8e8b1b526375ec5dd6fcd82e4fee5bef7af9aa0d7d600c095090000100000000031eaebbdbd732c9cc00eec363e4a8f645679c294392cf538b07ce2646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e654400e2438ec649dc74a28610643a98d9ec21ead2ed51b104d4d91af25b845d8a7925c3109b151b8b9f75d80000000eda88c658d42ecbf28bf7005005b463bebc72f526d8e8afcb913466aaa7f6df70252e79166d858fc152b7b9da074e1320060d0b11008e59a5923906f88b53987ad1714e72ba7a5b74f0c33290933896a59ff61622cfd9aa58fe8d485f062ae2c0cc65c2a36aaec2477584b6a89adaf17b0a6041bdef728d236619074d6ebdf098bc908f523d228a40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03fb8a63e089679216da18ec0ae564162a27afea62d84f3a10746443d64364f56e24e6d2105bd901204a1deeed415561c459565b1cd17572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee9d5a17f48a7382f98928d5e9b94ff9ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cff538f9ce2bdb1ab062cd54e67011d355d84ce97bb0c6b4a595e487efbb2d710b651f898ba749e40bc6980fe78683ac5c0c31030699ddd71063be9261b2e1aab1675b34a220488c126aeef5f510a8f1aded94a129e4aec6f8c3a13596c2ea3e2e04cfe0e669e51731b2875353193f82ade69d0540059fe6c7fe7c00007502c7596566d674e425da5e87e59602a9f6590521d31d381eb3e0a1053abdc31282dfb15eb6841bb64a1b304502dda787343ce3c95300000000010000003baae244e7bf37548c7f1a4cad2422ee965a38f7defbd2e454da0c052427d14c37960242b104e20dc2d9b0c3567aea26454a47b0f0797a7308d402ccdd9069bd50b994fda7a9de54022a579dfc0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed82641687f3b3a70bfe9b4a9c5a90ff59d54d1f92ecc4e95dd2d18383117c03987d198899b212c53c18294270a1ad10c80fef7c24b78b4ad83238273f4fc87afce829ba0f85da6d888f18ea40ab959f6074ab2a4009b9e5f07ab513cdc6c0e57fb1c1ca57138000b4ead35a385e0b4a26b702396df7e0cbe02b6e4114f244a9bf93f04beb72f0861f7580e69db384ac7eeedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea5aacb1188883ad2a3b1832371fe5bc621426d1ed0a4a9b702cc1b6912a1e717d29135753208165b9cdbae037f27feeb744ddcc536cbae315c7d951680f6f2f9a6a8346962a350845ffa0d829e4f79adc287906943408e6df3adbfd03aac93df8866fb010aec0e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbada1ee7baa5b6a686b50f0937f778af083e055f6138a757ebd0ed91114a6b244f9acf41ac5d73a008364e0602a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844cea001ddeb6dc5f6a9037d2283c42efc54fa84323a3c3e6e4fd2e078b796a825b3dad9ce7b37507e0b83c3ecd01549bca6a016b3e18a00c748894dc3bfe5efda8b0a477d6a6562fdee45eb16e276dee992094ba9830f6c164179e7d532d86060bea930118d3cae1bb5916b9671b7000000000040f4bee5ad2dea2d070095265504c05bba38b095e1679f96ddef65ba5de9c8cfb6465ae4165c0689a314a6eb6b36aa705b957edef3035e14b879c8e7dc00624726042e00bf9a7f7ae5f308744770759558e4fcb99c0dc957521ef255362bf2f3966f3754e81fb9bdef22c19f5a49147b25393f7536bcda9f64b7c5640bf89d4a74d51dc233dee628c1dfbb55669f84784174b34eb234481547e484c6af101396b6977dd668b401391c1d2e242edccf1cabe6be9868d383ebf1db5aee9b73e92bb82c164ab14bb25189817742e054886ed6d7abbacf6319f3c050e7d53df64633eafcb64291b81188fab69b5a06fe029ce46c5cac1bb1ea8ea98aee207fa4c9618a9ce80bd8b530f4b9ba8860bf1e887ec670312ef0502e3d0a0e30dbaf38c042b7fd207c61e6b73d3b61d194acb4bf4d3e0187d62ee27cbee175eb2312209f68747eeeea30c1634d54799f42753df8e7462c6f5331ea8e56b5c4a373dfe9f111d0206f4e90f71c03bc24960dd84345e59e1289d47a929158babfb331f27370928198d2cd367e928e98c54c67b6382cb958fec947d2ece3695755bc71d55a84bb0a0da43cb9f526a20566e9d00cf9fe6be3adf3e0a05771d66664239d199ce84aa7f684c0ce4c342a85d654624736a3b9b067e2bd298ae8a2527ce59fba9448b13655281431335496da08ac626fe0b57ebb4ad0b9495a183587108b4308bc68eeca9062873703ed0ee726a7867436e01dcd6edf1583e7e17043afda8f46fdd688d461125d724404a310"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000080), 0xfffffffffffffdbb, 0x0, 0xffffffffffffffff, 0xffb9, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) 488.970264ms ago: executing program 1 (id=2040): bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000001080)=ANY=[@ANYRES32, @ANYRES32, @ANYBLOB="1a"], 0x20) r0 = socket$kcm(0x10, 0x2, 0x0) bpf$BPF_LINK_CREATE(0x8, &(0x7f00000003c0)={0xffffffffffffffff, 0xffffffffffffffff, 0x31, 0x0, @val=@uprobe_multi={0x0, 0x0, 0x0, 0xb9, 0x0, 0x1}}, 0x40) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 0s ago: executing program 1 (id=2041): sendmmsg$unix(0xffffffffffffffff, &(0x7f00000056c0)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000002000)=ANY=[@ANYBLOB="1c"], 0x118, 0x44000}}], 0x1, 0x0) request_key(&(0x7f0000000040)='asymmetric\x00', &(0x7f0000001ffb)={'syz', 0x1}, &(0x7f0000001fee)='R\x10rust\xe3c*sgrVdn:Dd', 0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x20102, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x74, 0x0, 0x0) ioctl$KVM_RUN(r4, 0xae80, 0x0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_GET_NESTED_STATE(r4, 0xc080aebe, &(0x7f00000004c0)={{0x0, 0x0, 0x80}}) r5 = socket$unix(0x1, 0x5, 0x0) r6 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r7 = socket(0x400000000010, 0x3, 0x0) r8 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r7, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x2c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r9, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@TCA_RATE={0x6, 0x5, {0xe5}}]}, 0x2c}}, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000500)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd608a96460014040000000000000000000000000000000000fe8000000000000000000000000000aa00000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="50009c004e4396a6"], 0x0) sendmsg$nl_route_sched(r7, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000540)=@newtfilter={0x3c, 0x2c, 0xd27, 0x70bd25, 0x8000, {0x0, 0x0, 0x0, r9, {0x5, 0x7}, {}, {0x7, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_KEY_CT_STATE={0x6, 0x5b, 0x3d}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x14004801}, 0x800) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00'}) r10 = syz_open_dev$sndpcmc(&(0x7f0000000040), 0x1, 0x2040) ioctl$SNDRV_PCM_IOCTL_SYNC_PTR(r10, 0xc0884123, &(0x7f00000000c0)={0x2, "edbd2df6c5705168cb7771d31ad5d25955064ff4b852c51ff4a0b7ed5ac362e53c2dd32939d803770168c9e6f30ed611d50be914965e41088181d4e4e18727ec", {0x0, 0xfff}}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={0x0}}, 0x0) r11 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r11, 0x8933, &(0x7f0000000380)={'veth1_macvtap\x00'}) r12 = socket$inet_smc(0x2b, 0x1, 0x0) setsockopt$inet_MCAST_LEAVE_GROUP(r12, 0x0, 0x2d, &(0x7f00000003c0)={0xc, {{0x2, 0x4e24, @rand_addr=0x64010101}}}, 0x88) kernel console output (not intermixed with test programs): [ 494.194577][ T5836] usb 4-1: config 0 descriptor?? [ 494.222037][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 494.229649][ T24] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 494.247733][ T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 494.260792][ T24] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 494.275483][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 494.285578][ T24] usb 3-1: Product: syz [ 494.289904][ T24] usb 3-1: Manufacturer: syz [ 494.294790][ T24] usb 3-1: SerialNumber: syz [ 494.720186][T11118] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 494.729343][T11118] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 494.742666][T11118] netlink: 'syz.1.1596': attribute type 1 has an invalid length. [ 494.811886][ T24] usb 3-1: cannot find UAC_HEADER [ 494.934556][ T24] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 494.972352][ T24] usb 3-1: USB disconnect, device number 101 [ 495.040745][T11126] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1596'. [ 495.152996][ T5894] udevd[5894]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 495.357999][T11121] 8021q: adding VLAN 0 to HW filter on device bond13 [ 495.373473][T11121] bond12: (slave bond13): making interface the new active one [ 495.382897][T11121] bond12: (slave bond13): Enslaving as an active interface with an up link [ 496.001915][ T10] usb 3-1: new high-speed USB device number 102 using dummy_hcd [ 496.161984][ T9] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 496.171991][ T10] usb 3-1: New USB device found, idVendor=05ac, idProduct=0253, bcdDevice=65.5a [ 496.181513][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 496.199932][ T10] usb 3-1: config 0 descriptor?? [ 496.217186][ T10] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 496.341920][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 496.351440][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 496.366886][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 496.395694][ T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 496.407498][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 496.422927][T11134] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1599'. [ 496.441061][ T10] usb 3-1: USB disconnect, device number 102 [ 496.504517][ T9] usb 5-1: Product: syz [ 496.517804][ T9] usb 5-1: Manufacturer: syz [ 496.528012][ T9] usb 5-1: SerialNumber: syz [ 496.832716][ T5836] usbhid 4-1:0.0: can't add hid device: -71 [ 496.864512][ T5836] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 496.899095][ T5836] usb 4-1: USB disconnect, device number 5 [ 496.966727][ T9] usb 5-1: cannot find UAC_HEADER [ 497.133658][ T9] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 497.154827][ T9] usb 5-1: USB disconnect, device number 99 [ 497.486798][T10137] udevd[10137]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 497.740420][T11161] FAULT_INJECTION: forcing a failure. [ 497.740420][T11161] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 497.753947][ T9] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 497.787250][T11161] CPU: 0 UID: 0 PID: 11161 Comm: syz.4.1609 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 497.787286][T11161] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 497.787300][T11161] Call Trace: [ 497.787310][T11161] [ 497.787319][T11161] dump_stack_lvl+0x241/0x360 [ 497.787356][T11161] ? __pfx_dump_stack_lvl+0x10/0x10 [ 497.787384][T11161] ? __pfx__printk+0x10/0x10 [ 497.787425][T11161] should_fail_ex+0x424/0x570 [ 497.787452][T11161] _copy_from_user+0x2d/0xb0 [ 497.787481][T11161] copy_msghdr_from_user+0xb3/0x580 [ 497.787515][T11161] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 497.787559][T11161] __sys_sendmmsg+0x361/0x7b0 [ 497.787594][T11161] ? __pfx___sys_sendmmsg+0x10/0x10 [ 497.787654][T11161] ? rcu_read_lock_any_held+0xbb/0x160 [ 497.787680][T11161] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 497.787720][T11161] ? vfs_write+0xb29/0xd10 [ 497.787755][T11161] ? ksys_write+0x24e/0x2d0 [ 497.787781][T11161] ? __mutex_unlock_slowpath+0x229/0x800 [ 497.787838][T11161] ? ksys_write+0x275/0x2d0 [ 497.787873][T11161] __x64_sys_sendmmsg+0xa0/0xb0 [ 497.787897][T11161] do_syscall_64+0xf3/0x230 [ 497.787921][T11161] ? clear_bhb_loop+0x45/0xa0 [ 497.787945][T11161] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 497.787964][T11161] RIP: 0033:0x7f64e198e169 [ 497.787983][T11161] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 497.788000][T11161] RSP: 002b:00007f64e27c4038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 497.788023][T11161] RAX: ffffffffffffffda RBX: 00007f64e1bb5fa0 RCX: 00007f64e198e169 [ 497.788038][T11161] RDX: 040000000000009f RSI: 00002000000002c0 RDI: 0000000000000004 [ 497.788051][T11161] RBP: 00007f64e27c4090 R08: 0000000000000000 R09: 0000000000000000 [ 497.788064][T11161] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 497.788077][T11161] R13: 0000000000000000 R14: 00007f64e1bb5fa0 R15: 00007f64e1cdfa28 [ 497.788109][T11161] [ 498.034983][T11165] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 498.047349][T11165] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 498.215324][ T9] usb 4-1: device descriptor read/64, error -71 [ 498.408793][ T30] audit: type=1800 audit(1744843384.135:5150): pid=11171 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1614" name="nullb0" dev="devtmpfs" ino=3562 res=0 errno=0 [ 498.462872][ T9] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 498.634173][ T9] usb 4-1: device descriptor read/64, error -71 [ 498.752433][ T9] usb usb4-port1: attempt power cycle [ 499.031976][ T10] usb 5-1: new full-speed USB device number 100 using dummy_hcd [ 499.112114][ T9] usb 4-1: new full-speed USB device number 8 using dummy_hcd [ 499.146216][ T9] usb 4-1: device descriptor read/8, error -71 [ 499.171970][ T10] usb 5-1: device descriptor read/64, error -71 [ 499.401953][ T9] usb 4-1: new full-speed USB device number 9 using dummy_hcd [ 499.411997][ T10] usb 5-1: new full-speed USB device number 101 using dummy_hcd [ 499.435869][ T9] usb 4-1: device descriptor read/8, error -71 [ 499.552014][ T10] usb 5-1: device descriptor read/64, error -71 [ 499.559051][ T9] usb usb4-port1: unable to enumerate USB device [ 499.578641][T11185] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1620'. [ 499.682332][ T10] usb usb5-port1: attempt power cycle [ 500.031964][ T10] usb 5-1: new full-speed USB device number 102 using dummy_hcd [ 500.044825][ T9] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 500.092823][ T10] usb 5-1: device descriptor read/8, error -71 [ 500.231899][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 500.241988][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 500.254703][ T9] usb 3-1: config 0 has no interfaces? [ 500.274150][ T9] usb 3-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af [ 500.289546][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.307148][ T9] usb 3-1: Product: syz [ 500.313373][ T9] usb 3-1: Manufacturer: syz [ 500.319888][ T9] usb 3-1: SerialNumber: syz [ 500.331986][ T10] usb 5-1: new full-speed USB device number 103 using dummy_hcd [ 500.347071][ T9] usb 3-1: config 0 descriptor?? [ 500.372721][ T10] usb 5-1: device descriptor read/8, error -71 [ 500.484648][ T10] usb usb5-port1: unable to enumerate USB device [ 500.576617][T11189] netlink: 'syz.2.1621': attribute type 1 has an invalid length. [ 500.941545][T11201] syz.1.1624: attempt to access beyond end of device [ 500.941545][T11201] nbd0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 501.058013][T11193] 8021q: adding VLAN 0 to HW filter on device bond8 [ 501.068470][T11193] bond7: (slave bond8): making interface the new active one [ 501.097142][T11193] bond7: (slave bond8): Enslaving as an active interface with an up link [ 501.432020][T11189] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1621'. [ 501.511322][ T30] audit: type=1800 audit(1744843387.235:5151): pid=11208 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.1626" name="nullb0" dev="devtmpfs" ino=3562 res=0 errno=0 [ 501.707773][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.714306][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.960859][T11218] netlink: 48 bytes leftover after parsing attributes in process `syz.0.1630'. [ 502.052388][T11220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 502.062340][ T5897] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 502.080306][T11220] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 502.225895][ T5897] usb 4-1: Using ep0 maxpacket: 16 [ 502.249626][ T5897] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 502.371913][ T10] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 502.384628][ T5897] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 502.416624][ T5897] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 502.428650][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 502.442765][ T5897] usb 4-1: Product: syz [ 502.450571][ T5897] usb 4-1: Manufacturer: syz [ 502.462356][ T5897] usb 4-1: SerialNumber: syz [ 502.532164][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 502.543125][ T10] usb 5-1: config 0 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 502.557953][ T10] usb 5-1: config 0 interface 0 altsetting 6 endpoint 0x81 has invalid wMaxPacketSize 0 [ 502.783587][ T10] usb 5-1: config 0 interface 0 has no altsetting 0 [ 502.790295][ T10] usb 5-1: New USB device found, idVendor=0b43, idProduct=0003, bcdDevice= 0.00 [ 502.812058][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.841925][ T10] usb 5-1: config 0 descriptor?? [ 502.895014][T11227] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 502.915373][ T5897] usb 4-1: cannot find UAC_HEADER [ 502.942362][T11227] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 502.968810][ T5897] snd-usb-audio 4-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 503.001070][ T5897] usb 4-1: USB disconnect, device number 10 [ 503.078662][ T5836] usb 3-1: USB disconnect, device number 103 [ 503.183637][T10137] udevd[10137]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 503.273542][ T10] smartjoyplus 0003:0B43:0003.0016: ignoring exceeding usage max [ 503.283646][ T10] smartjoyplus 0003:0B43:0003.0016: unbalanced collection at end of report description [ 503.299593][ T30] audit: type=1800 audit(1744843389.015:5152): pid=11231 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1637" name="nullb0" dev="devtmpfs" ino=3562 res=0 errno=0 [ 503.322484][ T10] smartjoyplus 0003:0B43:0003.0016: parse failed [ 503.328942][ T10] smartjoyplus 0003:0B43:0003.0016: probe with driver smartjoyplus failed with error -22 [ 503.372241][T11233] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1638'. [ 503.437617][T11236] netlink: 64 bytes leftover after parsing attributes in process `syz.2.1639'. [ 503.568952][T11237] bridge0: port 4(syz_tun) entered blocking state [ 503.585403][T11237] bridge0: port 4(syz_tun) entered disabled state [ 503.611276][T11237] syz_tun: entered allmulticast mode [ 503.624451][T11237] syz_tun: entered promiscuous mode [ 503.645411][T11237] bridge0: port 4(syz_tun) entered blocking state [ 503.652066][T11237] bridge0: port 4(syz_tun) entered forwarding state [ 503.971153][T11255] FAULT_INJECTION: forcing a failure. [ 503.971153][T11255] name failslab, interval 1, probability 0, space 0, times 0 [ 503.997959][T11255] CPU: 0 UID: 0 PID: 11255 Comm: syz.1.1646 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 503.997994][T11255] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 503.998005][T11255] Call Trace: [ 503.998013][T11255] [ 503.998022][T11255] dump_stack_lvl+0x241/0x360 [ 503.998058][T11255] ? __pfx_dump_stack_lvl+0x10/0x10 [ 503.998085][T11255] ? __pfx__printk+0x10/0x10 [ 503.998110][T11255] ? preempt_schedule_irq+0x145/0x1c0 [ 503.998136][T11255] ? __pfx___might_resched+0x10/0x10 [ 503.998167][T11255] should_fail_ex+0x424/0x570 [ 503.998194][T11255] should_failslab+0xac/0x100 [ 503.998223][T11255] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 503.998252][T11255] ? __alloc_skb+0x1c2/0x480 [ 503.998275][T11255] __alloc_skb+0x1c2/0x480 [ 503.998300][T11255] ? __pfx___alloc_skb+0x10/0x10 [ 503.998318][T11255] ? __pfx_rtnl_newlink+0x10/0x10 [ 503.998350][T11255] ? netlink_ack_tlv_len+0x6e/0x200 [ 503.998380][T11255] netlink_ack+0x147/0xa70 [ 503.998402][T11255] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 503.998437][T11255] ? ref_tracker_free+0x63e/0x7e0 [ 503.998466][T11255] netlink_rcv_skb+0x296/0x480 [ 503.998495][T11255] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 503.998522][T11255] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 503.998569][T11255] ? netlink_deliver_tap+0x2e/0x1b0 [ 503.998600][T11255] ? netlink_deliver_tap+0x2e/0x1b0 [ 503.998628][T11255] netlink_unicast+0x7f8/0x9a0 [ 503.998672][T11255] ? __pfx_netlink_unicast+0x10/0x10 [ 503.998699][T11255] ? skb_put+0x114/0x1f0 [ 503.998724][T11255] netlink_sendmsg+0x8c3/0xcd0 [ 503.998765][T11255] ? __pfx_netlink_sendmsg+0x10/0x10 [ 503.998797][T11255] ? aa_sock_msg_perm+0x91/0x160 [ 503.998829][T11255] ? __pfx_netlink_sendmsg+0x10/0x10 [ 503.998854][T11255] __sock_sendmsg+0x221/0x270 [ 503.998884][T11255] sock_sendmsg+0x16e/0x250 [ 503.998913][T11255] ? __pfx_sock_sendmsg+0x10/0x10 [ 503.998948][T11255] ? __lock_acquire+0xad5/0xd80 [ 503.998970][T11255] ? iov_iter_bvec+0x4e/0x180 [ 503.998997][T11255] splice_to_socket+0xa2b/0x10e0 [ 503.999052][T11255] ? __pfx_splice_to_socket+0x10/0x10 [ 503.999126][T11255] ? bpf_lsm_file_permission+0x9/0x10 [ 503.999151][T11255] ? rw_verify_area+0x246/0x630 [ 503.999176][T11255] ? __pfx_splice_to_socket+0x10/0x10 [ 503.999198][T11255] do_splice+0xda7/0x1920 [ 503.999220][T11255] ? __lock_acquire+0xad5/0xd80 [ 503.999244][T11255] ? pipe_clear_nowait+0x1ad/0x250 [ 503.999264][T11255] ? __pfx_do_splice+0x10/0x10 [ 503.999278][T11255] ? __fget_files+0x2a/0x420 [ 503.999295][T11255] __se_sys_splice+0x2dc/0x450 [ 503.999316][T11255] ? __pfx___se_sys_splice+0x10/0x10 [ 503.999336][T11255] ? __x64_sys_splice+0x21/0xf0 [ 503.999354][T11255] do_syscall_64+0xf3/0x230 [ 503.999369][T11255] ? clear_bhb_loop+0x45/0xa0 [ 503.999382][T11255] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 503.999394][T11255] RIP: 0033:0x7fa4d058e169 [ 503.999406][T11255] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 503.999416][T11255] RSP: 002b:00007fa4d13e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000113 [ 503.999431][T11255] RAX: ffffffffffffffda RBX: 00007fa4d07b5fa0 RCX: 00007fa4d058e169 [ 503.999440][T11255] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000003 [ 503.999447][T11255] RBP: 00007fa4d13e3090 R08: 0000000000010d00 R09: 0000000000000000 [ 503.999455][T11255] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 503.999462][T11255] R13: 0000000000000000 R14: 00007fa4d07b5fa0 R15: 00007fa4d08dfa28 [ 503.999480][T11255] [ 504.001749][ T9] usb 5-1: USB disconnect, device number 104 [ 504.507780][ T30] audit: type=1800 audit(1744843390.225:5153): pid=11259 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1648" name="nullb0" dev="devtmpfs" ino=3562 res=0 errno=0 [ 504.551918][ T10] usb 4-1: new full-speed USB device number 11 using dummy_hcd [ 504.610385][T11265] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 504.620163][T11265] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 504.691928][ T10] usb 4-1: device descriptor read/64, error -71 [ 504.822075][ T5836] usb 3-1: new high-speed USB device number 104 using dummy_hcd [ 504.874775][ T9] usb 5-1: new low-speed USB device number 105 using dummy_hcd [ 504.942059][ T10] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 504.981893][ T5836] usb 3-1: Using ep0 maxpacket: 16 [ 504.989566][ T5836] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 505.002672][ T5836] usb 3-1: New USB device found, idVendor=046d, idProduct=c24f, bcdDevice= 0.00 [ 505.012245][ T5836] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.025759][ T5836] usb 3-1: config 0 descriptor?? [ 505.045864][ T9] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 505.057031][ T9] usb 5-1: config 0 has no interfaces? [ 505.065237][ T9] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 505.075192][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 505.083624][ T10] usb 4-1: device descriptor read/64, error -71 [ 505.092544][ T9] usb 5-1: config 0 descriptor?? [ 505.189617][T11268] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:bb, vlan:0) [ 505.205838][ T10] usb usb4-port1: attempt power cycle [ 505.442137][ T5836] logitech 0003:046D:C24F.0017: ignoring exceeding usage max [ 505.461621][ T5836] logitech 0003:046D:C24F.0017: hidraw0: USB HID v10.00 Device [HID 046d:c24f] on usb-dummy_hcd.2-1/input0 [ 505.477948][ T5836] logitech 0003:046D:C24F.0017: no inputs found [ 505.552079][ T10] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 505.572445][ T10] usb 4-1: device descriptor read/8, error -71 [ 505.646014][ T9] usb 3-1: USB disconnect, device number 104 [ 505.769536][T11273] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:bb, vlan:0) [ 505.787473][T11273] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:bb, vlan:0) [ 505.832833][ T10] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 505.872744][ T10] usb 4-1: device descriptor read/8, error -71 [ 505.883411][ T9] usb 5-1: USB disconnect, device number 105 [ 505.982744][ T10] usb usb4-port1: unable to enumerate USB device [ 505.998012][T11280] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:bb, vlan:0) [ 506.029143][T11280] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 506.058205][T11280] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 506.091993][T11283] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1657'. [ 506.348658][ T30] audit: type=1800 audit(1744843392.075:5154): pid=11292 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.4.1660" name="nullb0" dev="devtmpfs" ino=3562 res=0 errno=0 [ 506.702023][ T5836] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 506.852084][ T5836] usb 5-1: Using ep0 maxpacket: 32 [ 506.859118][ T5836] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 506.868599][ T5836] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 506.884117][ T5836] usb 5-1: config 0 descriptor?? [ 506.950675][T11300] FAULT_INJECTION: forcing a failure. [ 506.950675][T11300] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 506.967496][T11300] CPU: 0 UID: 0 PID: 11300 Comm: syz.3.1663 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 506.967525][T11300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 506.967537][T11300] Call Trace: [ 506.967545][T11300] [ 506.967551][T11300] dump_stack_lvl+0x241/0x360 [ 506.967574][T11300] ? __pfx_dump_stack_lvl+0x10/0x10 [ 506.967591][T11300] ? __pfx__printk+0x10/0x10 [ 506.967626][T11300] should_fail_ex+0x424/0x570 [ 506.967653][T11300] _copy_to_user+0x31/0xb0 [ 506.967683][T11300] simple_read_from_buffer+0xc4/0x170 [ 506.967715][T11300] proc_fail_nth_read+0x1ef/0x260 [ 506.967739][T11300] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 506.967761][T11300] ? rw_verify_area+0x246/0x630 [ 506.967776][T11300] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 506.967794][T11300] vfs_read+0x21f/0xb90 [ 506.967822][T11300] ? __pfx___mutex_lock+0x10/0x10 [ 506.967846][T11300] ? __pfx_vfs_read+0x10/0x10 [ 506.967882][T11300] ? __fget_files+0x2a/0x420 [ 506.967902][T11300] ? __fget_files+0x39d/0x420 [ 506.967917][T11300] ? __fget_files+0x2a/0x420 [ 506.967942][T11300] ksys_read+0x19d/0x2d0 [ 506.967958][T11300] ? __pfx_ksys_read+0x10/0x10 [ 506.967986][T11300] ? do_syscall_64+0xb6/0x230 [ 506.968013][T11300] do_syscall_64+0xf3/0x230 [ 506.968035][T11300] ? clear_bhb_loop+0x45/0xa0 [ 506.968057][T11300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 506.968070][T11300] RIP: 0033:0x7f99f858cb7c [ 506.968082][T11300] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 506.968093][T11300] RSP: 002b:00007f99f9403030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 506.968108][T11300] RAX: ffffffffffffffda RBX: 00007f99f87b5fa0 RCX: 00007f99f858cb7c [ 506.968119][T11300] RDX: 000000000000000f RSI: 00007f99f94030a0 RDI: 0000000000000006 [ 506.968132][T11300] RBP: 00007f99f9403090 R08: 0000000000000000 R09: 0000000000000000 [ 506.968144][T11300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 506.968156][T11300] R13: 0000000000000000 R14: 00007f99f87b5fa0 R15: 00007f99f88dfa28 [ 506.968188][T11300] [ 507.205425][ T5836] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 507.231086][T11302] syz_tun: entered allmulticast mode [ 507.239474][T11301] syz_tun: left allmulticast mode [ 507.822721][ T30] audit: type=1800 audit(1744843393.555:5155): pid=11321 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1671" name="nullb0" dev="devtmpfs" ino=3562 res=0 errno=0 [ 507.924604][T11327] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1672'. [ 508.241952][ T10] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 508.381944][ T10] usb 4-1: device descriptor read/64, error -71 [ 508.644518][ T10] usb 4-1: new full-speed USB device number 16 using dummy_hcd [ 508.781907][ T10] usb 4-1: device descriptor read/64, error -71 [ 508.903640][ T10] usb usb4-port1: attempt power cycle [ 509.265326][ T10] usb 4-1: new full-speed USB device number 17 using dummy_hcd [ 509.304881][ T10] usb 4-1: device descriptor read/8, error -71 [ 509.439828][T11351] SET target dimension over the limit! [ 509.542096][ T30] audit: type=1800 audit(1744843395.265:5156): pid=11353 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.1.1682" name="nullb0" dev="devtmpfs" ino=3562 res=0 errno=0 [ 509.575850][ T10] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 509.613037][ T10] usb 4-1: device descriptor read/8, error -71 [ 509.742529][ T10] usb usb4-port1: unable to enumerate USB device [ 509.757806][T11357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 509.769902][T11357] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 509.796985][T11357] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:bb, vlan:0) [ 511.411989][ T10] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 511.535139][T11389] program syz.2.1696 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 511.563603][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 511.581886][ T10] usb 4-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 511.607500][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 511.775421][ T10] usb 4-1: config 0 descriptor?? [ 511.794203][T11394] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:bb, vlan:0) [ 511.831670][T11394] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:bb, vlan:0) [ 512.024214][ T10] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 512.199805][T11399] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 512.223070][T11399] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 513.378187][ T30] audit: type=1800 audit(1744843399.105:5157): pid=11414 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.1705" name="nullb0" dev="devtmpfs" ino=3562 res=0 errno=0 [ 514.012798][T11434] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 514.165605][T11442] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 514.249911][T11442] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 514.803856][T11452] IPv6: NLM_F_CREATE should be specified when creating new route [ 514.881733][ T30] audit: type=1804 audit(1744843400.605:5158): pid=11454 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.3.1716" name="/newroot/dev/nullb0" dev="devtmpfs" ino=3562 res=1 errno=0 [ 515.050513][ T30] audit: type=1804 audit(1744843400.775:5159): pid=11456 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.0.1717" name="/newroot/dev/nullb0" dev="devtmpfs" ino=3562 res=1 errno=0 [ 515.594531][ T9] usb 3-1: new high-speed USB device number 105 using dummy_hcd [ 515.763169][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 515.779036][ T9] usb 3-1: New USB device found, idVendor=0ac8, idProduct=c301, bcdDevice=82.d5 [ 515.802760][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 515.816875][ T9] usb 3-1: Product: syz [ 515.824226][ T9] usb 3-1: Manufacturer: syz [ 515.832299][ T9] usb 3-1: SerialNumber: syz [ 515.858411][ T9] usb 3-1: config 0 descriptor?? [ 515.870052][ T9] hub 3-1:0.0: bad descriptor, ignoring hub [ 515.886207][ T9] hub 3-1:0.0: probe with driver hub failed with error -5 [ 515.910746][ T9] gspca_main: vc032x-2.14.0 probing 0ac8:c301 [ 515.938481][T11470] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:bb, vlan:0) [ 515.991233][T11471] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:bb, vlan:0) [ 516.422244][ T9] gspca_vc032x: reg_w err -110 [ 516.430361][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.441356][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.454220][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.471576][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.488633][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.502104][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.514257][T11481] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 516.519123][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.532791][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.538944][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.544517][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.545999][T11481] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 516.551056][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.564435][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.569783][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.575509][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.580855][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.586986][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.592496][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.602543][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.609620][ T9] gspca_vc032x: I2c Bus Busy Wait 00 [ 516.615295][ T9] gspca_vc032x: Unknown sensor... [ 516.620626][ T9] vc032x 3-1:0.0: probe with driver vc032x failed with error -22 [ 516.888523][T11489] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1728'. [ 517.064371][T11489] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1728'. [ 517.073520][T11489] bridge_slave_1: left allmulticast mode [ 517.079272][T11489] bridge_slave_1: left promiscuous mode [ 517.086183][T11489] bridge0: port 2(bridge_slave_1) entered disabled state [ 517.206751][T11489] bridge_slave_0: left allmulticast mode [ 517.212656][T11489] bridge_slave_0: left promiscuous mode [ 517.220144][T11489] bridge0: port 1(bridge_slave_0) entered disabled state [ 517.512613][T11494] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 517.523256][T11494] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 518.412310][T10580] usb 3-1: USB disconnect, device number 105 [ 518.902273][T10580] usb 3-1: new high-speed USB device number 106 using dummy_hcd [ 519.276205][T10580] usb 3-1: Using ep0 maxpacket: 16 [ 519.357969][T10580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 519.382011][T10580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 519.408455][T11522] ptrace attach of "./syz-executor exec"[5856] was attempted by "./syz-executor exec"[11522] [ 519.493739][T10580] usb 3-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 519.642261][T10580] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 519.711684][T10580] usb 3-1: config 0 descriptor?? [ 520.147472][T10580] playstation 0003:054C:05C4.0018: hidraw0: USB HID v0.00 Device [HID 054c:05c4] on usb-dummy_hcd.2-1/input0 [ 520.734210][T10580] playstation 0003:054C:05C4.0018: Failed to retrieve feature with reportID 163: -32 [ 520.743944][T10580] playstation 0003:054C:05C4.0018: Failed to retrieve DualShock4 firmware info: -32 [ 520.788705][T10580] playstation 0003:054C:05C4.0018: Failed to get firmware info from DualShock4 [ 520.850051][T10580] playstation 0003:054C:05C4.0018: HW/FW version data in sysfs will be invalid. [ 520.891662][T10580] playstation 0003:054C:05C4.0018: Invalid gyro calibration data for axis (5), disabling calibration. [ 520.931550][T10580] playstation 0003:054C:05C4.0018: Invalid accelerometer calibration data for axis (0), disabling calibration. [ 520.990093][T10580] playstation 0003:054C:05C4.0018: Invalid accelerometer calibration data for axis (1), disabling calibration. [ 521.059784][T10580] playstation 0003:054C:05C4.0018: Invalid accelerometer calibration data for axis (2), disabling calibration. [ 521.143530][T10580] input: HID 054c:05c4 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:054C:05C4.0018/input/input70 [ 521.245535][T10580] input: HID 054c:05c4 Motion Sensors as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:054C:05C4.0018/input/input71 [ 521.301574][T10580] input: HID 054c:05c4 Touchpad as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:054C:05C4.0018/input/input72 [ 521.352219][T10580] playstation 0003:054C:05C4.0018: Registered DualShock4 controller hw_version=0x00000000 fw_version=0x00000000 [ 521.368459][T10580] usb 3-1: USB disconnect, device number 106 [ 521.587169][T11536] FAULT_INJECTION: forcing a failure. [ 521.587169][T11536] name failslab, interval 1, probability 0, space 0, times 0 [ 521.601368][T11536] CPU: 1 UID: 0 PID: 11536 Comm: syz.0.1743 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 521.601400][T11536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 521.601412][T11536] Call Trace: [ 521.601420][T11536] [ 521.601440][T11536] dump_stack_lvl+0x241/0x360 [ 521.601478][T11536] ? __pfx_dump_stack_lvl+0x10/0x10 [ 521.601506][T11536] ? __pfx__printk+0x10/0x10 [ 521.601536][T11536] ? __pfx___might_resched+0x10/0x10 [ 521.601566][T11536] should_fail_ex+0x424/0x570 [ 521.601592][T11536] should_failslab+0xac/0x100 [ 521.601620][T11536] __kmalloc_cache_noprof+0x73/0x370 [ 521.601646][T11536] ? create_new_entry+0xf8/0xb70 [ 521.601676][T11536] create_new_entry+0xf8/0xb70 [ 521.601703][T11536] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 521.601729][T11536] ? __pfx_create_new_entry+0x10/0x10 [ 521.601776][T11536] ? fuse_permission+0x932/0xbb0 [ 521.601808][T11536] fuse_mknod+0x399/0x540 [ 521.601839][T11536] ? __pfx_fuse_mknod+0x10/0x10 [ 521.601866][T11536] ? end_current_label_crit_section+0x151/0x180 [ 521.601911][T11536] ? HAS_UNMAPPED_ID+0xf9/0x150 [ 521.601934][T11536] ? __pfx_fuse_permission+0x10/0x10 [ 521.601957][T11536] ? bpf_lsm_inode_create+0x9/0x10 [ 521.601983][T11536] ? security_inode_create+0xbe/0x340 [ 521.602007][T11536] vfs_create+0x23c/0x3d0 [ 521.602037][T11536] do_mknodat+0x407/0x600 [ 521.602065][T11536] ? __pfx_do_mknodat+0x10/0x10 [ 521.602090][T11536] ? getname_flags+0x1e0/0x530 [ 521.602123][T11536] __x64_sys_mknod+0x8c/0xa0 [ 521.602149][T11536] do_syscall_64+0xf3/0x230 [ 521.602173][T11536] ? clear_bhb_loop+0x45/0xa0 [ 521.602197][T11536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 521.602216][T11536] RIP: 0033:0x7fc4e118e169 [ 521.602235][T11536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 521.602252][T11536] RSP: 002b:00007fc4e2016038 EFLAGS: 00000246 ORIG_RAX: 0000000000000085 [ 521.602276][T11536] RAX: ffffffffffffffda RBX: 00007fc4e13b5fa0 RCX: 00007fc4e118e169 [ 521.602291][T11536] RDX: 0000000000000700 RSI: 00000000ffff8000 RDI: 00002000000002c0 [ 521.602304][T11536] RBP: 00007fc4e2016090 R08: 0000000000000000 R09: 0000000000000000 [ 521.602318][T11536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 521.602330][T11536] R13: 0000000000000000 R14: 00007fc4e13b5fa0 R15: 00007fc4e14dfa28 [ 521.602364][T11536] [ 522.415881][T10580] usb 3-1: new high-speed USB device number 107 using dummy_hcd [ 522.634633][T11550] FAULT_INJECTION: forcing a failure. [ 522.634633][T11550] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 522.651986][T11550] CPU: 1 UID: 0 PID: 11550 Comm: syz.0.1748 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 522.652019][T11550] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 522.652031][T11550] Call Trace: [ 522.652039][T11550] [ 522.652048][T11550] dump_stack_lvl+0x241/0x360 [ 522.652085][T11550] ? __pfx_dump_stack_lvl+0x10/0x10 [ 522.652113][T11550] ? __pfx__printk+0x10/0x10 [ 522.652155][T11550] should_fail_ex+0x424/0x570 [ 522.652182][T11550] _copy_from_user+0x2d/0xb0 [ 522.652211][T11550] __keyctl_dh_compute+0x1ff/0xf80 [ 522.652243][T11550] ? kstrtouint+0xfc/0x190 [ 522.652264][T11550] ? __pfx___keyctl_dh_compute+0x10/0x10 [ 522.652291][T11550] ? __lock_acquire+0xad5/0xd80 [ 522.652348][T11550] keyctl_dh_compute+0x109/0x160 [ 522.652370][T11550] ? __pfx_keyctl_dh_compute+0x10/0x10 [ 522.652394][T11550] ? ksys_write+0x24e/0x2d0 [ 522.652417][T11550] __se_sys_keyctl+0x3fc/0x940 [ 522.652440][T11550] ? __pfx___se_sys_keyctl+0x10/0x10 [ 522.652461][T11550] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 522.652480][T11550] ? __fget_files+0x2a/0x420 [ 522.652497][T11550] ? __fget_files+0x2a/0x420 [ 522.652516][T11550] ? fput+0x9b/0xd0 [ 522.652530][T11550] ? ksys_write+0x275/0x2d0 [ 522.652556][T11550] ? __x64_sys_keyctl+0x20/0xc0 [ 522.652577][T11550] do_syscall_64+0xf3/0x230 [ 522.652596][T11550] ? clear_bhb_loop+0x45/0xa0 [ 522.652623][T11550] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 522.652638][T11550] RIP: 0033:0x7fc4e118e169 [ 522.652653][T11550] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 522.652673][T11550] RSP: 002b:00007fc4e1fd4038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 522.652692][T11550] RAX: ffffffffffffffda RBX: 00007fc4e13b6160 RCX: 00007fc4e118e169 [ 522.652704][T11550] RDX: 00002000000001c0 RSI: 0000200000001340 RDI: 0000000000000017 [ 522.652714][T11550] RBP: 00007fc4e1fd4090 R08: 0000000000000000 R09: 0000000000000000 [ 522.652724][T11550] R10: 00000000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 522.652734][T11550] R13: 0000000000000000 R14: 00007fc4e13b6160 R15: 00007fc4e14dfa28 [ 522.652759][T11550] [ 522.901912][ T30] audit: type=1326 audit(1744843408.605:5160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.1.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 522.928075][T10580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 522.949087][T10580] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 523.054509][ T30] audit: type=1326 audit(1744843408.605:5161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.1.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 523.081893][T10580] usb 3-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 523.106489][T10580] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.165964][ T30] audit: type=1326 audit(1744843408.605:5162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.1.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 523.195463][T10580] usb 3-1: config 0 descriptor?? [ 523.361879][ T30] audit: type=1326 audit(1744843408.605:5163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.1.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 523.451956][ T30] audit: type=1326 audit(1744843408.605:5164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.1.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 523.570249][ T30] audit: type=1326 audit(1744843408.605:5165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.1.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 523.677651][ T30] audit: type=1326 audit(1744843408.605:5166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.1.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 523.775398][ T30] audit: type=1326 audit(1744843408.605:5167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.1.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 523.984455][ T30] audit: type=1326 audit(1744843408.615:5168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.1.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 524.140690][ T30] audit: type=1326 audit(1744843408.615:5169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11544 comm="syz.1.1747" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 525.272369][T10580] usbhid 3-1:0.0: can't add hid device: -71 [ 525.281532][T10580] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 525.328509][T10580] usb 3-1: USB disconnect, device number 107 [ 525.832018][T10580] usb 3-1: new high-speed USB device number 108 using dummy_hcd [ 526.003830][T10580] usb 3-1: config 17 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 526.033196][T10580] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 526.050007][T10580] usb 3-1: config 17 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 526.061700][T10580] usb 3-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 526.071851][T10580] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 526.087908][T11597] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 526.199781][T11601] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1768'. [ 527.607332][T11625] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1776'. [ 527.687152][ T5899] IPVS: starting estimator thread 0... [ 527.822007][T11630] IPVS: using max 26 ests per chain, 62400 per kthread [ 528.934475][T11650] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 528.948902][T11650] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 530.859146][T10580] aiptek 3-1:17.0: Aiptek using 400 ms programming speed [ 530.897363][T10580] input: Aiptek as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:17.0/input/input73 [ 530.951612][T10580] usb 3-1: USB disconnect, device number 108 [ 530.951680][ C0] aiptek 3-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 531.183813][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 531.183835][ T30] audit: type=1800 audit(1744843416.915:5183): pid=11670 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.1787" name=20019C1437B3CFFCC3A25729EB7393A7C721518FF6ECA56673F56C7B548772D22972A7D6084F9A98F5323A22F412C0542BCD9F767C8DD5B24476638E93D8D6A0C536D278E3633A dev="mqueue" ino=37693 res=0 errno=0 [ 532.343963][T10580] usb 3-1: new high-speed USB device number 109 using dummy_hcd [ 532.522034][T10580] usb 3-1: Using ep0 maxpacket: 32 [ 532.530846][T10580] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 532.540733][T10580] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 532.553562][T10580] usb 3-1: config 0 descriptor?? [ 532.762745][T10580] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 532.791236][T10580] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 532.848363][T10580] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 532.865371][T10580] usb 3-1: media controller created [ 532.940864][T10580] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 533.075874][T11716] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 533.087810][T11716] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 533.103527][T11716] bridge0: received packet on syz_tun with own address as source address (addr:aa:aa:aa:aa:aa:aa, vlan:0) [ 533.119039][T11716] netlink: 224 bytes leftover after parsing attributes in process `syz.1.1808'. [ 533.666467][T11718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 533.675328][T11718] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 533.688962][T11718] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 533.697995][T11718] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 533.872076][T10580] stb0899_attach: Driver disabled by Kconfig [ 533.878133][T10580] az6027: no front-end attached [ 533.878133][T10580] [ 533.888434][T10580] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 533.897955][T10580] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.2/usb3/3-1/input/input74 [ 533.915711][T10580] dvb-usb: schedule remote query interval to 400 msecs. [ 533.924372][T10580] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 534.100340][ T47] usb 3-1: USB disconnect, device number 109 [ 534.146500][ T47] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 534.666950][T11728] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 535.046908][T10580] usb 3-1: new high-speed USB device number 110 using dummy_hcd [ 536.371926][T10580] usb 3-1: new high-speed USB device number 111 using dummy_hcd [ 536.533985][T10580] usb 3-1: Using ep0 maxpacket: 8 [ 536.577537][T10580] usb 3-1: unable to get BOS descriptor or descriptor too short [ 536.657045][T10580] usb 3-1: config 0 has no interfaces? [ 536.692721][T10580] usb 3-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af [ 536.714519][T10580] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 536.759683][T10580] usb 3-1: Product: syz [ 536.823845][T10580] usb 3-1: Manufacturer: syz [ 536.840509][T10580] usb 3-1: SerialNumber: syz [ 536.883090][T10580] usb 3-1: config 0 descriptor?? [ 537.153833][T11765] netlink: 'syz.2.1822': attribute type 1 has an invalid length. [ 537.317194][T11766] 8021q: adding VLAN 0 to HW filter on device bond10 [ 537.398176][T11766] bond9: (slave bond10): making interface the new active one [ 537.406621][T11766] bond9: (slave bond10): Enslaving as an active interface with an up link [ 538.811722][T11805] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1836'. [ 539.158715][T11812] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 539.198456][T11812] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 539.302321][T10580] usb 3-1: USB disconnect, device number 111 [ 539.751919][T10580] usb 3-1: new high-speed USB device number 112 using dummy_hcd [ 539.939039][ T5842] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 539.949587][ T5842] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 539.960210][T10580] usb 3-1: config 0 has no interfaces? [ 539.966409][ T5842] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 539.977568][ T5842] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 539.986455][T10580] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 539.995696][T10580] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.006240][ T5842] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 540.025981][T10580] usb 3-1: Product: syz [ 540.047752][T10580] usb 3-1: Manufacturer: syz [ 540.057443][T10580] usb 3-1: SerialNumber: syz [ 540.075372][T10580] usb 3-1: config 0 descriptor?? [ 540.630991][T11823] chnl_net:caif_netlink_parms(): no params data found [ 540.860120][T11823] bridge0: port 1(bridge_slave_0) entered blocking state [ 540.885612][T11823] bridge0: port 1(bridge_slave_0) entered disabled state [ 540.898889][T11835] xt_l2tp: wrong L2TP version: 0 [ 540.920592][T11823] bridge_slave_0: entered allmulticast mode [ 540.930179][T11823] bridge_slave_0: entered promiscuous mode [ 540.947882][T11823] bridge0: port 2(bridge_slave_1) entered blocking state [ 540.955460][T11823] bridge0: port 2(bridge_slave_1) entered disabled state [ 540.964391][T11823] bridge_slave_1: entered allmulticast mode [ 540.973660][T11823] bridge_slave_1: entered promiscuous mode [ 541.054393][T11823] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 541.078275][T11823] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 541.148638][T11823] team0: Port device team_slave_0 added [ 541.167277][T11823] team0: Port device team_slave_1 added [ 541.239474][T11823] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 541.247381][T11823] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 541.275712][T11823] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 541.290805][T11823] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 541.299193][T11823] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 541.326905][T11823] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 541.403659][T11823] hsr_slave_0: entered promiscuous mode [ 541.410803][T11823] hsr_slave_1: entered promiscuous mode [ 541.418337][T11823] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 541.427119][T11823] Cannot create hsr debugfs directory [ 541.765312][T11842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 541.834887][T11842] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 541.900673][T11823] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 541.925953][T11823] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 541.955752][T11823] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 541.987587][T11823] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 542.102421][ T5842] Bluetooth: hci1: command tx timeout [ 542.277969][T11823] 8021q: adding VLAN 0 to HW filter on device bond0 [ 542.323502][T11823] 8021q: adding VLAN 0 to HW filter on device team0 [ 542.348025][ T6750] bridge0: port 1(bridge_slave_0) entered blocking state [ 542.355206][ T6750] bridge0: port 1(bridge_slave_0) entered forwarding state [ 542.428262][ T6750] bridge0: port 2(bridge_slave_1) entered blocking state [ 542.435529][ T6750] bridge0: port 2(bridge_slave_1) entered forwarding state [ 542.571184][ T5899] usb 3-1: USB disconnect, device number 112 [ 542.685238][T11855] libceph: resolve '. [ 542.685238][T11855] #)|.زf͹Dza×ïÅ2sˆoÖw¿úÕ?£'Ê%ÐKAq‰f»CÖê¨Âz¿e­Sb3L)Hyúo¤¶ÿÿÿÿÿÿÿ÷ǤÜYšM¤¨ìó¤h‡E$ [ 542.685238][T11855] ' (ret=-3): failed [ 543.389304][T11823] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 543.529274][T11823] veth0_vlan: entered promiscuous mode [ 543.546502][T11823] veth1_vlan: entered promiscuous mode [ 543.602896][T11823] veth0_macvtap: entered promiscuous mode [ 543.615376][T11823] veth1_macvtap: entered promiscuous mode [ 544.182139][ T5842] Bluetooth: hci1: command tx timeout [ 544.335322][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 544.346232][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.372073][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 544.387294][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.397932][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 544.408598][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.418582][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 544.429931][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.439864][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 544.450836][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.524168][T11823] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 544.565407][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 544.617674][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.662621][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 544.692054][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.720616][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 544.761870][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.781361][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 544.792307][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.802429][T11823] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 544.831943][T11823] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 544.854153][T11823] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 544.915941][T11823] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.944269][T11823] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.959833][T11823] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 544.968968][T11823] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 545.012081][T10580] usb 3-1: new high-speed USB device number 113 using dummy_hcd [ 545.135266][T11879] FAULT_INJECTION: forcing a failure. [ 545.135266][T11879] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 545.151848][T11879] CPU: 0 UID: 0 PID: 11879 Comm: syz.3.1855 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 545.151878][T11879] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 545.151889][T11879] Call Trace: [ 545.151898][T11879] [ 545.151907][T11879] dump_stack_lvl+0x241/0x360 [ 545.151944][T11879] ? __pfx_dump_stack_lvl+0x10/0x10 [ 545.151973][T11879] ? __pfx__printk+0x10/0x10 [ 545.152015][T11879] should_fail_ex+0x424/0x570 [ 545.152043][T11879] _copy_from_iter+0x211/0x1c70 [ 545.152076][T11879] ? __build_skb_around+0x247/0x3d0 [ 545.152101][T11879] ? __alloc_skb+0x298/0x480 [ 545.152119][T11879] ? __pfx__copy_from_iter+0x10/0x10 [ 545.152149][T11879] ? __pfx___alloc_skb+0x10/0x10 [ 545.152180][T11879] ? skb_put+0x114/0x1f0 [ 545.152206][T11879] netlink_sendmsg+0x73c/0xcd0 [ 545.152258][T11879] ? __pfx_netlink_sendmsg+0x10/0x10 [ 545.152291][T11879] ? aa_sock_msg_perm+0x91/0x160 [ 545.152350][T11879] ? __pfx_netlink_sendmsg+0x10/0x10 [ 545.152400][T11879] __sock_sendmsg+0x221/0x270 [ 545.152443][T11879] ____sys_sendmsg+0x523/0x860 [ 545.152496][T11879] ? __pfx_____sys_sendmsg+0x10/0x10 [ 545.152522][T11879] ? __fget_files+0x2a/0x420 [ 545.152552][T11879] ? __fget_files+0x2a/0x420 [ 545.152582][T11879] __sys_sendmsg+0x271/0x360 [ 545.152610][T11879] ? __pfx___sys_sendmsg+0x10/0x10 [ 545.152690][T11879] ? do_syscall_64+0xb6/0x230 [ 545.152720][T11879] do_syscall_64+0xf3/0x230 [ 545.152744][T11879] ? clear_bhb_loop+0x45/0xa0 [ 545.152769][T11879] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.152789][T11879] RIP: 0033:0x7f99f858e169 [ 545.152809][T11879] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 545.152827][T11879] RSP: 002b:00007f99f93c1038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 545.152850][T11879] RAX: ffffffffffffffda RBX: 00007f99f87b6160 RCX: 00007f99f858e169 [ 545.152865][T11879] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000005 [ 545.152879][T11879] RBP: 00007f99f93c1090 R08: 0000000000000000 R09: 0000000000000000 [ 545.152891][T11879] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 545.152904][T11879] R13: 0000000000000000 R14: 00007f99f87b6160 R15: 00007f99f88dfa28 [ 545.152937][T11879] [ 545.481879][T10580] usb 3-1: Using ep0 maxpacket: 32 [ 545.656568][T11882] sock: sock_set_timeout: `syz.1.1857' (pid 11882) tries to set negative timeout [ 545.667325][T10580] usb 3-1: unable to get BOS descriptor or descriptor too short [ 545.675279][T10580] usb 3-1: no configurations [ 545.679911][T10580] usb 3-1: can't read configurations, error -22 [ 546.162349][ T6750] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 546.177602][ T6750] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 546.268697][ T1158] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 546.272718][ T5842] Bluetooth: hci1: command tx timeout [ 546.314816][T11888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 546.315375][ T1158] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 546.324455][T11888] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 546.387253][ T30] audit: type=1326 audit(1744843432.115:5184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11887 comm="syz.1.1859" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x0 [ 546.490643][T11889] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1859'. [ 546.685891][T11892] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1860'. [ 547.143194][T10580] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 547.312047][T10580] usb 6-1: Using ep0 maxpacket: 16 [ 547.321935][ T5897] usb 3-1: new high-speed USB device number 115 using dummy_hcd [ 547.337014][T10580] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 547.356151][T10580] usb 6-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 547.379612][T10580] usb 6-1: config 0 interface 0 has no altsetting 0 [ 547.396543][T10580] usb 6-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 547.416491][T10580] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.440217][T10580] usb 6-1: config 0 descriptor?? [ 547.483225][ T5897] usb 3-1: Using ep0 maxpacket: 16 [ 547.506497][ T5897] usb 3-1: config index 0 descriptor too short (expected 24356, got 36) [ 547.527185][ T5897] usb 3-1: config 206 has too many interfaces: 47, using maximum allowed: 32 [ 547.556421][ T5897] usb 3-1: config 206 has an invalid descriptor of length 143, skipping remainder of the config [ 547.670809][ T5897] usb 3-1: config 206 has 0 interfaces, different from the descriptor's value: 47 [ 547.720244][ T5897] usb 3-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 547.739245][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 547.764443][ T5897] usb 3-1: Product: syz [ 547.777924][ T5897] usb 3-1: Manufacturer: syz [ 547.791322][ T5897] usb 3-1: SerialNumber: syz [ 547.892973][ C0] raw-gadget.5 gadget.5: ignoring, device is not running [ 547.900523][ C0] raw-gadget.5 gadget.5: ignoring, device is not running [ 547.908110][ C0] raw-gadget.5 gadget.5: ignoring, device is not running [ 547.915435][T10580] usbhid 6-1:0.0: can't add hid device: -32 [ 547.921564][T10580] usbhid 6-1:0.0: probe with driver usbhid failed with error -32 [ 547.937942][T10580] usb 6-1: USB disconnect, device number 2 [ 548.091476][ T5897] usb 3-1: USB disconnect, device number 115 [ 548.342168][ T5842] Bluetooth: hci1: command tx timeout [ 548.406530][T11919] FAULT_INJECTION: forcing a failure. [ 548.406530][T11919] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 548.436687][T11919] CPU: 1 UID: 0 PID: 11919 Comm: syz.3.1868 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 548.436720][T11919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 548.436732][T11919] Call Trace: [ 548.436742][T11919] [ 548.436752][T11919] dump_stack_lvl+0x241/0x360 [ 548.436790][T11919] ? __pfx_dump_stack_lvl+0x10/0x10 [ 548.436818][T11919] ? __pfx__printk+0x10/0x10 [ 548.436859][T11919] should_fail_ex+0x424/0x570 [ 548.436887][T11919] _copy_from_user+0x2d/0xb0 [ 548.436916][T11919] move_addr_to_kernel+0x7f/0x170 [ 548.436945][T11919] __sys_bind+0x12e/0x290 [ 548.436989][T11919] ? __pfx___sys_bind+0x10/0x10 [ 548.437043][T11919] __x64_sys_bind+0x7a/0x90 [ 548.437072][T11919] do_syscall_64+0xf3/0x230 [ 548.437098][T11919] ? clear_bhb_loop+0x45/0xa0 [ 548.437121][T11919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 548.437141][T11919] RIP: 0033:0x7f99f858e169 [ 548.437160][T11919] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 548.437177][T11919] RSP: 002b:00007f99f9403038 EFLAGS: 00000246 ORIG_RAX: 0000000000000031 [ 548.437201][T11919] RAX: ffffffffffffffda RBX: 00007f99f87b5fa0 RCX: 00007f99f858e169 [ 548.437216][T11919] RDX: 000000000000001c RSI: 0000200000000040 RDI: 0000000000000004 [ 548.437229][T11919] RBP: 00007f99f9403090 R08: 0000000000000000 R09: 0000000000000000 [ 548.437241][T11919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 548.437253][T11919] R13: 0000000000000000 R14: 00007f99f87b5fa0 R15: 00007f99f88dfa28 [ 548.437286][T11919] [ 548.672854][T10580] usb 3-1: new high-speed USB device number 116 using dummy_hcd [ 548.834973][T10580] usb 3-1: device descriptor read/64, error -71 [ 549.132442][T10580] usb 3-1: new high-speed USB device number 117 using dummy_hcd [ 549.239768][T11937] netlink: 24 bytes leftover after parsing attributes in process `syz.5.1876'. [ 549.273294][T10580] usb 3-1: device descriptor read/64, error -71 [ 549.301041][T11937] netlink: 10144 bytes leftover after parsing attributes in process `syz.5.1876'. [ 549.385235][T10580] usb usb3-port1: attempt power cycle [ 549.558206][T11937] team0 (unregistering): Port device team_slave_0 removed [ 549.576418][T11937] team0 (unregistering): Port device team_slave_1 removed [ 549.746051][T10580] usb 3-1: new high-speed USB device number 118 using dummy_hcd [ 549.788989][T10580] usb 3-1: device descriptor read/8, error -71 [ 550.486130][T10580] usb 3-1: new high-speed USB device number 119 using dummy_hcd [ 550.541139][T10580] usb 3-1: device descriptor read/8, error -71 [ 550.704312][T10580] usb usb3-port1: unable to enumerate USB device [ 551.210280][T11954] netlink: 12 bytes leftover after parsing attributes in process `syz.5.1881'. [ 551.315216][T11956] syz_tun: entered allmulticast mode [ 551.329994][T11955] syz_tun: left allmulticast mode [ 551.737183][T11966] fuse: Unknown parameter '00000000000000000000003ÿ' [ 552.652607][T11974] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 553.605325][T11983] vivid-001: disconnect [ 553.655645][T11980] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 553.677156][T11980] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 554.474879][T11981] vivid-001: reconnect [ 554.667059][T12004] xfrm0: entered promiscuous mode [ 554.675822][T12004] xfrm0: entered allmulticast mode [ 554.982440][T10580] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 555.027576][T12013] netlink: 'syz.5.1903': attribute type 72 has an invalid length. [ 555.164505][T10580] usb 3-1: Using ep0 maxpacket: 8 [ 555.172912][T10580] usb 3-1: unable to get BOS descriptor or descriptor too short [ 555.193683][T10580] usb 3-1: config 0 has no interfaces? [ 555.252938][T10580] usb 3-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af [ 555.262440][T10580] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.275714][T10580] usb 3-1: Product: syz [ 555.279905][T10580] usb 3-1: Manufacturer: syz [ 555.287601][T10580] usb 3-1: SerialNumber: syz [ 555.327053][T10580] usb 3-1: config 0 descriptor?? [ 555.333769][T11878] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 555.377433][T12019] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 555.391331][T12019] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 555.491980][T11878] usb 6-1: Using ep0 maxpacket: 32 [ 555.504764][T11878] usb 6-1: New USB device found, idVendor=041e, idProduct=403c, bcdDevice=cc.d7 [ 555.528412][T11878] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 555.549079][T11878] usb 6-1: config 0 descriptor?? [ 555.566498][T11878] gspca_main: sq930x-2.14.0 probing 041e:403c [ 555.574055][T12006] netlink: 'syz.2.1898': attribute type 1 has an invalid length. [ 556.103260][T11878] gspca_sq930x: reg_w 0305 fd00 failed -71 [ 556.112464][T11878] sq930x 6-1:0.0: probe with driver sq930x failed with error -71 [ 556.140388][T12007] 8021q: adding VLAN 0 to HW filter on device bond12 [ 556.161224][T11878] usb 6-1: USB disconnect, device number 3 [ 556.182091][T12028] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1908'. [ 556.198425][T12007] bond11: (slave bond12): making interface the new active one [ 556.207824][T12007] bond11: (slave bond12): Enslaving as an active interface with an up link [ 556.210099][T12028] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 556.234338][T12028] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 556.930406][T12037] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 556.942615][T12037] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 557.675031][T11878] usb 3-1: USB disconnect, device number 120 [ 557.822304][ T9] usb 6-1: new full-speed USB device number 4 using dummy_hcd [ 557.995933][ T9] usb 6-1: config 0 has an invalid interface number: 133 but max is 0 [ 558.014430][ T9] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 558.068249][ T5836] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use /scripts/get_dvb_firmware to get the firmware [ 558.069471][ T5917] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 558.101104][ T10] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -2). You can use /scripts/get_dvb_firmware to get the firmware [ 558.146680][ T5836] dvb_usb_az6027 5-1:0.0: probe with driver dvb_usb_az6027 failed with error -2 [ 558.196930][ T9] usb 6-1: config 0 has no interface number 0 [ 558.205108][ T9] usb 6-1: config 0 interface 133 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 558.220434][ T10] dvb_usb_az6027 4-1:0.0: probe with driver dvb_usb_az6027 failed with error -2 [ 558.253514][ T9] usb 6-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 558.265218][ T9] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.274384][ T10] usb 4-1: USB disconnect, device number 19 [ 558.292310][ T5836] usb 5-1: USB disconnect, device number 106 [ 558.292669][ T5917] dvb_usb_az6027 1-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 558.321871][ T9] usb 6-1: Product: syz [ 558.331235][ T9] usb 6-1: Manufacturer: syz [ 558.350170][ T9] usb 6-1: SerialNumber: syz [ 558.400787][ T9] usb 6-1: config 0 descriptor?? [ 558.448949][ T5917] usb 1-1: USB disconnect, device number 90 [ 558.678162][ T9] keyspan 6-1:0.133: Keyspan 1 port adapter converter detected [ 558.749418][ T9] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 82 [ 558.801965][ T9] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 81 [ 558.816598][ T6750] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 558.841572][ T6750] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 558.865122][ T9] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 1 [ 558.898461][ T9] keyspan 6-1:0.133: found no endpoint descriptor for endpoint 2 [ 559.018534][ T9] usb 6-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 559.117239][ T5836] usb 6-1: USB disconnect, device number 4 [ 559.174725][ T5836] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 559.279850][ T5836] keyspan 6-1:0.133: device disconnected [ 559.326521][ T6750] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.364082][ T6750] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 559.530370][ T6750] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.568070][ T6750] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 559.739750][ T6750] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 559.831316][ T6750] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20000 - 0 [ 560.187085][T12076] loop8: detected capacity change from 0 to 7 [ 560.197252][T12076] Dev loop8: unable to read RDB block 7 [ 560.208267][T12076] loop8: AHDI p1 p3 p4 [ 560.256285][T12076] loop8: partition table partially beyond EOD, truncated [ 560.323277][T12076] loop8: p1 start 975770946 is beyond EOD, truncated [ 560.358476][T12076] loop8: p3 start 6514546 is beyond EOD, truncated [ 560.489640][ T6750] bridge_slave_1: left allmulticast mode [ 560.516841][ T6750] bridge_slave_1: left promiscuous mode [ 560.569430][ T6750] bridge0: port 2(bridge_slave_1) entered disabled state [ 560.631019][ T6750] bridge_slave_0: left allmulticast mode [ 560.664934][ T6750] bridge_slave_0: left promiscuous mode [ 560.670825][ T6750] bridge0: port 1(bridge_slave_0) entered disabled state [ 560.671938][ T5836] usb 6-1: new high-speed USB device number 5 using dummy_hcd [ 560.861920][ T5836] usb 6-1: Using ep0 maxpacket: 16 [ 560.908020][ T5836] usb 6-1: config 0 has an invalid descriptor of length 168, skipping remainder of the config [ 560.960510][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 561.024651][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 28928, setting to 1024 [ 561.071912][ T5836] usb 6-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024 [ 561.100916][ T5836] usb 6-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 561.136357][ T5836] usb 6-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 561.198113][ T5836] usb 6-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 561.233849][ T5836] usb 6-1: Manufacturer: syz [ 561.251922][T11878] usb 4-1: new low-speed USB device number 20 using dummy_hcd [ 561.282208][ T5836] usb 6-1: config 0 descriptor?? [ 561.347952][T12088] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 561.354639][T12088] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 561.391889][T11878] usb 4-1: device descriptor read/64, error -71 [ 561.472475][T12088] vhci_hcd vhci_hcd.0: Device attached [ 561.612330][ T5836] rc_core: IR keymap rc-hauppauge not found [ 561.620073][ T5836] Registered IR keymap rc-empty [ 561.631885][ T24] usb 3-1: new full-speed USB device number 121 using dummy_hcd [ 561.653190][ T5836] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 561.664984][T11878] usb 4-1: new low-speed USB device number 21 using dummy_hcd [ 561.692711][ T5836] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 561.713166][ T5897] usb 37-1: new high-speed USB device number 4 using vhci_hcd [ 561.732575][ T5836] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0 [ 561.784581][ T5836] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/rc/rc0/input76 [ 561.822584][ T5836] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 561.835571][ T24] usb 3-1: New USB device found, idVendor=0bda, idProduct=0177, bcdDevice=7d.0b [ 561.846799][ T5836] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 561.861500][T11878] usb 4-1: device descriptor read/64, error -71 [ 561.862194][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 561.892551][ T5836] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 561.932292][ T5836] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 561.939152][ T24] usb 3-1: config 0 descriptor?? [ 561.957794][ T24] ums-realtek 3-1:0.0: USB Mass Storage device detected [ 561.965838][ T5836] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 561.988696][T11878] usb usb4-port1: attempt power cycle [ 562.002392][ T5836] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 562.054118][ T5836] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 562.062870][ T6750] bond3 (unregistering): (slave gretap2): Releasing backup interface [ 562.084980][ T5836] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 562.144885][ T5836] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 562.172731][T12114] support for the xor transformation has been removed. [ 562.182348][ T5836] mceusb 6-1:0.0: Error: mce write urb status = -71 [ 562.206001][ T5836] mceusb 6-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 562.216338][ T5836] mceusb 6-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 562.227000][ T5896] usb 3-1: USB disconnect, device number 121 [ 562.233751][T12097] vhci_hcd: connection reset by peer [ 562.247542][ T6753] vhci_hcd: stop threads [ 562.262721][ T6753] vhci_hcd: release socket [ 562.279584][ T6753] vhci_hcd: disconnect device [ 562.288719][ T5836] usb 6-1: USB disconnect, device number 5 [ 562.367507][T11878] usb 4-1: new low-speed USB device number 22 using dummy_hcd [ 562.412884][T11878] usb 4-1: device descriptor read/8, error -71 [ 562.502723][T12121] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 562.517642][T12121] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 562.662110][T11878] usb 4-1: new low-speed USB device number 23 using dummy_hcd [ 562.703869][T11878] usb 4-1: device descriptor read/8, error -71 [ 562.722553][ T6750] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 562.737093][ T6750] bond_slave_0: left promiscuous mode [ 562.746646][ T6750] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 562.758471][ T6750] bond_slave_1: left promiscuous mode [ 562.766975][ T6750] bond0 (unregistering): Released all slaves [ 562.790243][ T6750] bond1 (unregistering): (slave bond2): Releasing backup interface [ 562.824733][ T6750] bond1 (unregistering): Released all slaves [ 562.832324][T11878] usb usb4-port1: unable to enumerate USB device [ 563.166592][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 563.174548][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.431930][ T5836] usb 3-1: new high-speed USB device number 122 using dummy_hcd [ 563.614913][ T6750] bond2 (unregistering): Released all slaves [ 563.671990][ T5836] usb 3-1: Using ep0 maxpacket: 16 [ 563.679079][ T5836] usb 3-1: config 0 has no interfaces? [ 563.728914][ T5836] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 563.756685][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.808260][ T5836] usb 3-1: Product: syz [ 563.816770][ T5836] usb 3-1: Manufacturer: syz [ 563.821582][ T5836] usb 3-1: SerialNumber: syz [ 563.848444][ T5836] usb 3-1: config 0 descriptor?? [ 564.149544][ T6750] bond3 (unregistering): (slave bond4): Releasing backup interface [ 564.164940][ T6750] bond3 (unregistering): Released all slaves [ 564.560516][ T6750] bond4 (unregistering): Released all slaves [ 564.616241][ T6750] bond5 (unregistering): (slave bond6): Releasing backup interface [ 564.648121][ T6750] bond5 (unregistering): Released all slaves [ 564.828400][T12150] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 564.838329][T12150] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 564.972304][ T6750] bond6 (unregistering): Released all slaves [ 565.001459][ T6750] bond7 (unregistering): (slave bond8): Releasing backup interface [ 565.010451][ T6750] bond7 (unregistering): Released all slaves [ 565.146486][ T6750] bond8 (unregistering): Released all slaves [ 565.631062][T12161] netlink: 'syz.1.1942': attribute type 1 has an invalid length. [ 566.056166][ T6750] hsr_slave_0: left promiscuous mode [ 566.082391][ T6750] hsr_slave_1: left promiscuous mode [ 566.101621][ T6750] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 566.133472][ T6750] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 566.170041][ T6750] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 566.212045][ T6750] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 566.339248][ T6750] veth1_macvtap: left promiscuous mode [ 566.370399][ T9] usb 3-1: USB disconnect, device number 122 [ 566.389568][ T6750] veth0_macvtap: left promiscuous mode [ 566.409921][ T6750] veth1_vlan: left promiscuous mode [ 566.429115][ T6750] veth0_vlan: left promiscuous mode [ 566.473436][T12182] usb usb1: usbfs: interface 0 claimed by hub while 'syz.1.1945' sets config #1 [ 566.552999][T11878] usb 6-1: new high-speed USB device number 6 using dummy_hcd [ 566.621947][ T24] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 566.802727][T11878] usb 6-1: Using ep0 maxpacket: 32 [ 566.874234][T11878] usb 6-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 566.889799][T11878] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.914017][T11878] usb 6-1: config 0 descriptor?? [ 566.933879][ T5897] vhci_hcd: vhci_device speed not set [ 566.944696][ T24] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 566.960929][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 567.011556][ T24] usb 4-1: config 0 descriptor?? [ 567.012226][ T9] usb 3-1: new high-speed USB device number 123 using dummy_hcd [ 567.141359][T11878] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 567.278234][ T9] usb 3-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 567.288343][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 567.315892][T11878] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 567.326748][ T9] usb 3-1: Product: syz [ 567.331873][ T9] usb 3-1: Manufacturer: syz [ 567.342239][ T9] usb 3-1: SerialNumber: syz [ 567.348398][T11878] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 567.375117][ T9] usb 3-1: config 0 descriptor?? [ 567.382086][T11878] usb 6-1: media controller created [ 567.410701][ T9] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 567.478046][T11878] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 567.626865][ T9] gspca_sunplus: reg_r err -71 [ 567.643755][ T9] usb 3-1: USB disconnect, device number 123 [ 568.175184][ T6750] team_slave_1 (unregistering): left promiscuous mode [ 568.189880][ T6750] team0 (unregistering): Port device team_slave_1 removed [ 568.241587][ T6750] team_slave_0 (unregistering): left promiscuous mode [ 568.254049][ T6750] team0 (unregistering): Port device team_slave_0 removed [ 568.304538][T12195] FAULT_INJECTION: forcing a failure. [ 568.304538][T12195] name failslab, interval 1, probability 0, space 0, times 0 [ 568.330855][T12195] CPU: 0 UID: 0 PID: 12195 Comm: syz.1.1949 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 568.330889][T12195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 568.330901][T12195] Call Trace: [ 568.330909][T12195] [ 568.330916][T12195] dump_stack_lvl+0x241/0x360 [ 568.330947][T12195] ? __pfx_dump_stack_lvl+0x10/0x10 [ 568.330969][T12195] ? __pfx__printk+0x10/0x10 [ 568.330996][T12195] ? __pfx___might_resched+0x10/0x10 [ 568.331025][T12195] should_fail_ex+0x424/0x570 [ 568.331046][T12195] should_failslab+0xac/0x100 [ 568.331071][T12195] __kmalloc_cache_noprof+0x73/0x370 [ 568.331091][T12195] ? newseg+0x263/0xc20 [ 568.331115][T12195] newseg+0x263/0xc20 [ 568.331145][T12195] ? __pfx_newseg+0x10/0x10 [ 568.331170][T12195] ? ksys_write+0x24e/0x2d0 [ 568.331192][T12195] ipcget+0x1f9/0xe60 [ 568.331222][T12195] ? __fget_files+0x2a/0x420 [ 568.331238][T12195] ? __pfx_ipcget+0x10/0x10 [ 568.331256][T12195] ? __fget_files+0x2a/0x420 [ 568.331278][T12195] __x64_sys_shmget+0x18d/0x210 [ 568.331314][T12195] ? __pfx___x64_sys_shmget+0x10/0x10 [ 568.331342][T12195] ? do_syscall_64+0xb6/0x230 [ 568.331364][T12195] do_syscall_64+0xf3/0x230 [ 568.331382][T12195] ? clear_bhb_loop+0x45/0xa0 [ 568.331406][T12195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 568.331422][T12195] RIP: 0033:0x7fa4d058e169 [ 568.331441][T12195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 568.331455][T12195] RSP: 002b:00007fa4d13a1038 EFLAGS: 00000246 ORIG_RAX: 000000000000001d [ 568.331474][T12195] RAX: ffffffffffffffda RBX: 00007fa4d07b6160 RCX: 00007fa4d058e169 [ 568.331486][T12195] RDX: 0000000000000800 RSI: 0000000000004000 RDI: 0000000000000000 [ 568.331496][T12195] RBP: 00007fa4d13a1090 R08: 0000000000000000 R09: 0000000000000000 [ 568.331506][T12195] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 568.331516][T12195] R13: 0000000000000000 R14: 00007fa4d07b6160 R15: 00007fa4d08dfa28 [ 568.331541][T12195] [ 568.553209][T11878] stb0899_attach: Driver disabled by Kconfig [ 568.559269][T11878] az6027: no front-end attached [ 568.559269][T11878] [ 568.582001][T11878] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 568.593131][T11878] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.5/usb6/6-1/input/input77 [ 568.616057][T11878] dvb-usb: schedule remote query interval to 400 msecs. [ 568.623215][T11878] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 568.862934][ T5897] usb 6-1: USB disconnect, device number 6 [ 568.975076][ T5897] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 569.762121][ T5897] usb 6-1: new high-speed USB device number 7 using dummy_hcd [ 569.948791][ T5897] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 569.981938][ T5897] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 570.005840][ T24] [drm:udl_init] *ERROR* Selecting channel failed [ 570.034553][ T5897] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 570.075818][ T5897] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 570.096792][ T5897] usb 6-1: New USB device found, idVendor=a9cd, idProduct=cdee, bcdDevice= 5.b9 [ 570.106958][T12208] program syz.1.1954 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 570.119183][ T24] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 570.139324][ T5897] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.147645][ T24] [drm] Initialized udl on minor 2 [ 570.160754][ T24] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 570.193018][ T5897] usb 6-1: config 0 descriptor?? [ 570.215389][ T5897] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 570.244358][ T24] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 570.262069][ T5897] usb 6-1: MIDIStreaming interface descriptor not found [ 570.274911][ T5896] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 570.286935][ T24] usb 4-1: USB disconnect, device number 24 [ 570.301992][ T5836] usb 1-1: new high-speed USB device number 91 using dummy_hcd [ 570.313593][ T5896] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 570.471864][ T5836] usb 1-1: Using ep0 maxpacket: 16 [ 570.487362][ T5836] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 570.517585][ T9] usb 6-1: USB disconnect, device number 7 [ 570.548608][ T5836] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 570.594459][ T5836] usb 1-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 570.649524][ T5836] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 570.689798][ T5836] usb 1-1: config 0 descriptor?? [ 570.788400][ T6093] udevd[6093]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 571.118025][ T5836] usbhid 1-1:0.0: can't add hid device: -32 [ 571.135312][ T5836] usbhid 1-1:0.0: probe with driver usbhid failed with error -32 [ 571.222302][ T5842] Bluetooth: hci0: unknown advertising packet type: 0x07 [ 571.222362][ T5842] Bluetooth: hci0: unknown advertising packet type: 0xa8 [ 571.231103][ T5842] Bluetooth: hci0: unknown advertising packet type: 0x81 [ 571.238471][ T5842] Bluetooth: hci0: unknown advertising packet type: 0x85 [ 571.245775][ T5842] Bluetooth: hci0: unknown advertising packet type: 0x1f [ 571.253414][ T5842] Bluetooth: hci0: unknown advertising packet type: 0xc1 [ 571.274464][ T5836] usb 1-1: USB disconnect, device number 91 [ 571.925619][T12258] fuse: Bad value for 'fd' [ 573.021364][T12286] Invalid logical block size (768) [ 573.188989][T12292] FAULT_INJECTION: forcing a failure. [ 573.188989][T12292] name failslab, interval 1, probability 0, space 0, times 0 [ 573.202507][T12292] CPU: 1 UID: 0 PID: 12292 Comm: syz.1.1974 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 573.202537][T12292] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 573.202548][T12292] Call Trace: [ 573.202556][T12292] [ 573.202564][T12292] dump_stack_lvl+0x241/0x360 [ 573.202611][T12292] ? __pfx_dump_stack_lvl+0x10/0x10 [ 573.202639][T12292] ? __pfx__printk+0x10/0x10 [ 573.202671][T12292] ? __pfx___might_resched+0x10/0x10 [ 573.202700][T12292] should_fail_ex+0x424/0x570 [ 573.202727][T12292] should_failslab+0xac/0x100 [ 573.202756][T12292] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 573.202782][T12292] ? __alloc_skb+0x1c2/0x480 [ 573.202807][T12292] __alloc_skb+0x1c2/0x480 [ 573.202832][T12292] ? __pfx___alloc_skb+0x10/0x10 [ 573.202852][T12292] ? netlink_autobind+0xd6/0x2f0 [ 573.202878][T12292] ? netlink_autobind+0x2b0/0x2f0 [ 573.202911][T12292] netlink_sendmsg+0x638/0xcd0 [ 573.202952][T12292] ? __pfx_netlink_sendmsg+0x10/0x10 [ 573.202986][T12292] ? aa_sock_msg_perm+0x91/0x160 [ 573.203019][T12292] ? __pfx_netlink_sendmsg+0x10/0x10 [ 573.203045][T12292] __sock_sendmsg+0x221/0x270 [ 573.203075][T12292] ____sys_sendmsg+0x523/0x860 [ 573.203108][T12292] ? __pfx_____sys_sendmsg+0x10/0x10 [ 573.203126][T12292] ? __fget_files+0x2a/0x420 [ 573.203148][T12292] ? __fget_files+0x2a/0x420 [ 573.203177][T12292] __sys_sendmsg+0x271/0x360 [ 573.203216][T12292] ? __pfx___sys_sendmsg+0x10/0x10 [ 573.203294][T12292] ? do_syscall_64+0xb6/0x230 [ 573.203323][T12292] do_syscall_64+0xf3/0x230 [ 573.203345][T12292] ? clear_bhb_loop+0x45/0xa0 [ 573.203368][T12292] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.203388][T12292] RIP: 0033:0x7fa4d058e169 [ 573.203406][T12292] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 573.203423][T12292] RSP: 002b:00007fa4d13e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 573.203445][T12292] RAX: ffffffffffffffda RBX: 00007fa4d07b5fa0 RCX: 00007fa4d058e169 [ 573.203460][T12292] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000006 [ 573.203473][T12292] RBP: 00007fa4d13e3090 R08: 0000000000000000 R09: 0000000000000000 [ 573.203486][T12292] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 573.203499][T12292] R13: 0000000000000000 R14: 00007fa4d07b5fa0 R15: 00007fa4d08dfa28 [ 573.203531][T12292] [ 573.536256][ T5836] usb 6-1: new high-speed USB device number 8 using dummy_hcd [ 573.612003][ T5897] usb 1-1: new high-speed USB device number 92 using dummy_hcd [ 573.701942][ T5836] usb 6-1: Using ep0 maxpacket: 16 [ 573.709550][T12300] FAULT_INJECTION: forcing a failure. [ 573.709550][T12300] name failslab, interval 1, probability 0, space 0, times 0 [ 573.726104][T12300] CPU: 1 UID: 0 PID: 12300 Comm: syz.1.1976 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 573.726141][T12300] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 573.726154][T12300] Call Trace: [ 573.726164][T12300] [ 573.726172][T12300] dump_stack_lvl+0x241/0x360 [ 573.726210][T12300] ? __pfx_dump_stack_lvl+0x10/0x10 [ 573.726238][T12300] ? __pfx__printk+0x10/0x10 [ 573.726272][T12300] ? ref_tracker_alloc+0x316/0x4c0 [ 573.726299][T12300] should_fail_ex+0x424/0x570 [ 573.726326][T12300] should_failslab+0xac/0x100 [ 573.726356][T12300] kmem_cache_alloc_noprof+0x78/0x390 [ 573.726383][T12300] ? skb_clone+0x20c/0x390 [ 573.726411][T12300] skb_clone+0x20c/0x390 [ 573.726438][T12300] __netlink_deliver_tap+0x3c4/0x7f0 [ 573.726480][T12300] ? netlink_deliver_tap+0x2e/0x1b0 [ 573.726515][T12300] netlink_deliver_tap+0x19d/0x1b0 [ 573.726544][T12300] netlink_sendskb+0x68/0x140 [ 573.726572][T12300] netlink_unicast+0x39f/0x9a0 [ 573.726594][T12300] ? __asan_memcpy+0x40/0x70 [ 573.726624][T12300] ? __pfx_netlink_unicast+0x10/0x10 [ 573.726662][T12300] netlink_rcv_skb+0x296/0x480 [ 573.726691][T12300] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 573.726721][T12300] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 573.726769][T12300] ? netlink_deliver_tap+0x2e/0x1b0 [ 573.726800][T12300] ? netlink_deliver_tap+0x2e/0x1b0 [ 573.726830][T12300] netlink_unicast+0x7f8/0x9a0 [ 573.726866][T12300] ? __pfx_netlink_unicast+0x10/0x10 [ 573.726895][T12300] ? skb_put+0x114/0x1f0 [ 573.726930][T12300] netlink_sendmsg+0x8c3/0xcd0 [ 573.726973][T12300] ? __pfx_netlink_sendmsg+0x10/0x10 [ 573.727006][T12300] ? aa_sock_msg_perm+0x91/0x160 [ 573.727038][T12300] ? __pfx_netlink_sendmsg+0x10/0x10 [ 573.727062][T12300] __sock_sendmsg+0x221/0x270 [ 573.727089][T12300] ____sys_sendmsg+0x523/0x860 [ 573.727119][T12300] ? __pfx_____sys_sendmsg+0x10/0x10 [ 573.727136][T12300] ? __fget_files+0x2a/0x420 [ 573.727157][T12300] ? __fget_files+0x2a/0x420 [ 573.727184][T12300] __sys_sendmsg+0x271/0x360 [ 573.727210][T12300] ? __pfx___sys_sendmsg+0x10/0x10 [ 573.727288][T12300] ? do_syscall_64+0xb6/0x230 [ 573.727316][T12300] do_syscall_64+0xf3/0x230 [ 573.727340][T12300] ? clear_bhb_loop+0x45/0xa0 [ 573.727364][T12300] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 573.727383][T12300] RIP: 0033:0x7fa4d058e169 [ 573.727401][T12300] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 573.727416][T12300] RSP: 002b:00007fa4d13e3038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 573.727439][T12300] RAX: ffffffffffffffda RBX: 00007fa4d07b5fa0 RCX: 00007fa4d058e169 [ 573.727454][T12300] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 573.727467][T12300] RBP: 00007fa4d13e3090 R08: 0000000000000000 R09: 0000000000000000 [ 573.727480][T12300] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 573.727493][T12300] R13: 0000000000000000 R14: 00007fa4d07b5fa0 R15: 00007fa4d08dfa28 [ 573.727526][T12300] [ 573.729342][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 231, changing to 11 [ 573.970037][T12305] openvswitch: netlink: Port 10289156 exceeds max allowable 65535 [ 574.014019][ T5836] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 33799, setting to 1024 [ 574.075213][ T5897] usb 1-1: Using ep0 maxpacket: 16 [ 574.082681][ T5836] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 574.111993][ T5897] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 574.120293][ T5897] usb 1-1: config 0 has no interface number 0 [ 574.147628][ T5897] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 574.158447][ T5897] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 574.172084][ T9] usb 3-1: new high-speed USB device number 124 using dummy_hcd [ 574.202125][ T5836] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 574.220633][ T5897] usb 1-1: Product: syz [ 574.231344][ T5897] usb 1-1: Manufacturer: syz [ 574.236259][ T5836] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.247230][ T5897] usb 1-1: SerialNumber: syz [ 574.272308][ T5897] usb 1-1: config 0 descriptor?? [ 574.310441][ T5836] usb 6-1: config 0 descriptor?? [ 574.319931][T12280] raw-gadget.2 gadget.5: fail, usb_ep_enable returned -22 [ 574.344668][ T5897] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 574.362217][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 574.376403][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 574.419220][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 574.461539][ T9] usb 3-1: New USB device found, idVendor=054c, idProduct=05c4, bcdDevice= 0.00 [ 574.497329][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 574.567599][ T9] usb 3-1: config 0 descriptor?? [ 574.739895][ T5836] microsoft 0003:045E:07DA.0019: ignoring exceeding usage max [ 574.781322][ T5836] microsoft 0003:045E:07DA.0019: No inputs registered, leaving [ 574.819406][ T5836] microsoft 0003:045E:07DA.0019: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 574.872715][ T30] audit: type=1326 audit(1744843460.595:5185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12321 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 574.905801][ T5836] microsoft 0003:045E:07DA.0019: no inputs found [ 574.952943][T12280] netlink: 8 bytes leftover after parsing attributes in process `syz.5.1971'. [ 574.967593][ T5836] microsoft 0003:045E:07DA.0019: could not initialize ff, continuing anyway [ 575.022504][ T9] usbhid 3-1:0.0: can't add hid device: -32 [ 575.030288][ T9] usbhid 3-1:0.0: probe with driver usbhid failed with error -32 [ 575.075920][ T30] audit: type=1326 audit(1744843460.595:5186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12321 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 575.130739][ T9] usb 3-1: USB disconnect, device number 124 [ 575.292016][ T30] audit: type=1326 audit(1744843460.595:5187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12321 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=239 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 575.417767][ T30] audit: type=1326 audit(1744843460.595:5188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12321 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 575.478335][ T30] audit: type=1326 audit(1744843460.595:5189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12321 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 575.503244][ T30] audit: type=1326 audit(1744843460.595:5190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12321 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 575.527812][T12337] fuse: Unknown parameter 'user_id00000000000000000000' [ 575.544894][ T9] usb 6-1: USB disconnect, device number 8 [ 575.551860][ T30] audit: type=1400 audit(1744843460.675:5191): apparmor="DENIED" operation="stack_onexec" class="file" info="label not found" error=-2 profile="unconfined" name=3AAE86AD47AA0D9495E6D80F7BDE2D18FFB36CF152AED2D408FB58E305FC8E2F2F7D91F81B621CC4214D4A27E1614FBEE0BEAC8F4A045070B770212D46D4A2DF096B791F2A4BA218E12CB76AA24945B70A7C9DD5EDEAC52B5A876F73CFBE66371A72F11F3D9544D6B59B4A5541DCEF5CBF11FFFF37DFD147CCA3E5098A207BE806EA7167101F8C1B5C8FE41E170FD0C775DBC5BE0B6D3AB625AB702E5B1DC15F9C4B3D09BE812F340E681E0694F5BADF640DA3FDFC2F929B4C2BEB9A592C577287B6021BFEEC24146C7F95608BB60A736207A09D9F47E89C4044EADDE57CDEFD15F25B822D2EAF2205DF0D6B71B63EE0B63CB598F26509AF36983578F6F4198A0843CC1B1BD780015007AB9709CC6211E3B5C685B972B5C5E95F054A7A9FE149282F679C8466B9734E3850EC98419DD0C887715902F9E7802842085BC606F30C2654869E9E3701FD0FC69137FE165592689465EEBD5CAFAD7C29DE2ADADEC42A818D8EE389CA1FE33A1EF23617C89116A3A458B56612E4C36C43A9150D5331ADBB0BEB01A062B1F1349FC2ECEA76CB7C40CDFE378185F3099B1D71414D0FDA5A47F8593260CC0BD723A4CCA81435F0 [ 575.594246][ T30] audit: type=1326 audit(1744843461.305:5192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12321 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 575.770600][ T5897] gspca_spca1528: reg_w err -71 [ 575.778734][ T30] audit: type=1326 audit(1744843461.305:5193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12321 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 575.810086][ T30] audit: type=1326 audit(1744843461.485:5194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12321 comm="syz.1.1980" exe="/root/syz-executor" sig=0 arch=c000003e syscall=25 compat=0 ip=0x7fa4d058e169 code=0x7ffc0000 [ 575.812176][ T5897] spca1528 1-1:0.1: probe with driver spca1528 failed with error -71 [ 575.878361][ T5897] usb 1-1: USB disconnect, device number 92 [ 576.274784][T12354] FAULT_INJECTION: forcing a failure. [ 576.274784][T12354] name failslab, interval 1, probability 0, space 0, times 0 [ 576.300202][T12354] CPU: 0 UID: 0 PID: 12354 Comm: syz.3.1985 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 576.300234][T12354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 576.300247][T12354] Call Trace: [ 576.300257][T12354] [ 576.300266][T12354] dump_stack_lvl+0x241/0x360 [ 576.300302][T12354] ? __pfx_dump_stack_lvl+0x10/0x10 [ 576.300332][T12354] ? __pfx__printk+0x10/0x10 [ 576.300365][T12354] ? __pfx___might_resched+0x10/0x10 [ 576.300397][T12354] should_fail_ex+0x424/0x570 [ 576.300426][T12354] should_failslab+0xac/0x100 [ 576.300455][T12354] __kmalloc_cache_noprof+0x73/0x370 [ 576.300481][T12354] ? tcf_action_init_1+0x1e9/0x900 [ 576.300511][T12354] tcf_action_init_1+0x1e9/0x900 [ 576.300546][T12354] ? __pfx_tcf_action_init_1+0x10/0x10 [ 576.300578][T12354] ? _raw_read_unlock+0x28/0x50 [ 576.300598][T12354] ? tc_action_load_ops+0x247/0x530 [ 576.300647][T12354] ? __nla_parse+0x40/0x60 [ 576.300675][T12354] tcf_action_init+0x2e9/0xae0 [ 576.300715][T12354] ? __pfx_tcf_action_init+0x10/0x10 [ 576.300806][T12354] ? __nla_validate_parse+0x28e6/0x32e0 [ 576.300844][T12354] tcf_exts_validate_ex+0x245/0x530 [ 576.300884][T12354] ? __pfx_tcf_exts_validate_ex+0x10/0x10 [ 576.300926][T12354] ? __kasan_kmalloc+0x9d/0xb0 [ 576.300951][T12354] ? __kmalloc_cache_noprof+0x236/0x370 [ 576.300976][T12354] ? tcf_exts_init_ex+0xeb/0x6d0 [ 576.301021][T12354] tcf_exts_validate+0x42/0x60 [ 576.301052][T12354] cls_cgroup_change+0x3de/0x590 [ 576.301092][T12354] ? __pfx_cls_cgroup_change+0x10/0x10 [ 576.301122][T12354] ? __pfx_tcf_chain_tp_insert_unique+0x10/0x10 [ 576.301142][T12354] ? __raw_spin_lock_init+0x45/0x100 [ 576.301172][T12354] ? __pfx_cls_cgroup_change+0x10/0x10 [ 576.301200][T12354] tc_new_tfilter+0x112f/0x1a90 [ 576.301249][T12354] ? __pfx_tc_new_tfilter+0x10/0x10 [ 576.301285][T12354] ? __lock_acquire+0xad5/0xd80 [ 576.301329][T12354] ? __pfx_tc_new_tfilter+0x10/0x10 [ 576.301350][T12354] rtnetlink_rcv_msg+0x80f/0xd70 [ 576.301376][T12354] ? rtnetlink_rcv_msg+0x1ba/0xd70 [ 576.301408][T12354] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 576.301443][T12354] ? ref_tracker_free+0x63e/0x7e0 [ 576.301475][T12354] netlink_rcv_skb+0x208/0x480 [ 576.301504][T12354] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 576.301533][T12354] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 576.301592][T12354] ? netlink_deliver_tap+0x2e/0x1b0 [ 576.301622][T12354] ? netlink_deliver_tap+0x2e/0x1b0 [ 576.301652][T12354] netlink_unicast+0x7f8/0x9a0 [ 576.301689][T12354] ? __pfx_netlink_unicast+0x10/0x10 [ 576.301734][T12354] ? skb_put+0x114/0x1f0 [ 576.301759][T12354] netlink_sendmsg+0x8c3/0xcd0 [ 576.301801][T12354] ? __pfx_netlink_sendmsg+0x10/0x10 [ 576.301832][T12354] ? aa_sock_msg_perm+0x91/0x160 [ 576.301867][T12354] ? __pfx_netlink_sendmsg+0x10/0x10 [ 576.301892][T12354] __sock_sendmsg+0x221/0x270 [ 576.301923][T12354] ____sys_sendmsg+0x523/0x860 [ 576.301954][T12354] ? __pfx_____sys_sendmsg+0x10/0x10 [ 576.301972][T12354] ? __fget_files+0x2a/0x420 [ 576.301994][T12354] ? __fget_files+0x2a/0x420 [ 576.302022][T12354] __sys_sendmsg+0x271/0x360 [ 576.302049][T12354] ? __pfx___sys_sendmsg+0x10/0x10 [ 576.302132][T12354] ? do_syscall_64+0xb6/0x230 [ 576.302161][T12354] do_syscall_64+0xf3/0x230 [ 576.302184][T12354] ? clear_bhb_loop+0x45/0xa0 [ 576.302207][T12354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 576.302228][T12354] RIP: 0033:0x7f99f858e169 [ 576.302247][T12354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 576.302265][T12354] RSP: 002b:00007f99f9403038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 576.302290][T12354] RAX: ffffffffffffffda RBX: 00007f99f87b5fa0 RCX: 00007f99f858e169 [ 576.302303][T12354] RDX: 0000000020004804 RSI: 0000200000006040 RDI: 0000000000000004 [ 576.302317][T12354] RBP: 00007f99f9403090 R08: 0000000000000000 R09: 0000000000000000 [ 576.302329][T12354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 576.302341][T12354] R13: 0000000000000000 R14: 00007f99f87b5fa0 R15: 00007f99f88dfa28 [ 576.302370][T12354] [ 576.888572][T12357] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 576.897521][T12357] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 577.140732][T12370] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1988'. [ 577.150418][T12370] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1988'. [ 577.180027][T12370] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1988'. [ 577.260960][T12368] syzkaller0: entered promiscuous mode [ 577.268672][T12378] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1990'. [ 577.278616][T12368] syzkaller0: entered allmulticast mode [ 577.284669][ T24] usb 1-1: new high-speed USB device number 93 using dummy_hcd [ 577.382498][T12378] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:24) already exists on: dummy0 [ 577.393085][T12378] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 577.406433][T12378] vlan3: entered promiscuous mode [ 577.411591][T12378] dummy0: entered promiscuous mode [ 577.426079][T11884] syzkaller0: tun_net_xmit 48 [ 577.482292][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 577.491929][ T24] usb 1-1: config 0 has no interfaces? [ 577.500142][ T24] usb 1-1: New USB device found, idVendor=1b3d, idProduct=9300, bcdDevice=f2.58 [ 577.532145][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 577.541657][ T24] usb 1-1: Product: syz [ 577.568889][ T24] usb 1-1: Manufacturer: syz [ 577.589687][ T24] usb 1-1: SerialNumber: syz [ 577.604634][T12385] PKCS7: Unknown OID: [4] 5.25.43183(bad) [ 577.610845][T12385] PKCS7: Only support pkcs7_signedData type [ 577.618065][ T24] usb 1-1: config 0 descriptor?? [ 578.290909][T12400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 578.300093][T12400] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 580.268017][T12387] FAULT_INJECTION: forcing a failure. [ 580.268017][T12387] name failslab, interval 1, probability 0, space 0, times 0 [ 580.281303][T12387] CPU: 0 UID: 0 PID: 12387 Comm: syz.2.1993 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 580.281332][T12387] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 580.281344][T12387] Call Trace: [ 580.281354][T12387] [ 580.281363][T12387] dump_stack_lvl+0x241/0x360 [ 580.281401][T12387] ? __pfx_dump_stack_lvl+0x10/0x10 [ 580.281431][T12387] ? __pfx__printk+0x10/0x10 [ 580.281466][T12387] ? ref_tracker_alloc+0x316/0x4c0 [ 580.281494][T12387] should_fail_ex+0x424/0x570 [ 580.281533][T12387] should_failslab+0xac/0x100 [ 580.281562][T12387] kmem_cache_alloc_noprof+0x78/0x390 [ 580.281590][T12387] ? skb_clone+0x20c/0x390 [ 580.281619][T12387] skb_clone+0x20c/0x390 [ 580.281647][T12387] __netlink_deliver_tap+0x3c4/0x7f0 [ 580.281690][T12387] ? netlink_deliver_tap+0x2e/0x1b0 [ 580.281716][T12387] netlink_deliver_tap+0x19d/0x1b0 [ 580.281752][T12387] netlink_sendskb+0x68/0x140 [ 580.281779][T12387] netlink_unicast+0x39f/0x9a0 [ 580.281802][T12387] ? __asan_memcpy+0x40/0x70 [ 580.281834][T12387] ? __pfx_netlink_unicast+0x10/0x10 [ 580.281872][T12387] netlink_rcv_skb+0x296/0x480 [ 580.281900][T12387] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 580.281931][T12387] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 580.281981][T12387] ? netlink_deliver_tap+0x2e/0x1b0 [ 580.282012][T12387] ? netlink_deliver_tap+0x2e/0x1b0 [ 580.282044][T12387] netlink_unicast+0x7f8/0x9a0 [ 580.282081][T12387] ? __pfx_netlink_unicast+0x10/0x10 [ 580.282110][T12387] ? skb_put+0x114/0x1f0 [ 580.282137][T12387] netlink_sendmsg+0x8c3/0xcd0 [ 580.282181][T12387] ? __pfx_netlink_sendmsg+0x10/0x10 [ 580.282216][T12387] ? aa_sock_msg_perm+0x91/0x160 [ 580.282251][T12387] ? __pfx_netlink_sendmsg+0x10/0x10 [ 580.282277][T12387] __sock_sendmsg+0x221/0x270 [ 580.282309][T12387] ____sys_sendmsg+0x523/0x860 [ 580.282342][T12387] ? __pfx_____sys_sendmsg+0x10/0x10 [ 580.282361][T12387] ? __fget_files+0x2a/0x420 [ 580.282385][T12387] ? __fget_files+0x2a/0x420 [ 580.282416][T12387] __sys_sendmsg+0x271/0x360 [ 580.282445][T12387] ? __pfx___sys_sendmsg+0x10/0x10 [ 580.282542][T12387] ? do_syscall_64+0xb6/0x230 [ 580.282572][T12387] do_syscall_64+0xf3/0x230 [ 580.282596][T12387] ? clear_bhb_loop+0x45/0xa0 [ 580.282621][T12387] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 580.282641][T12387] RIP: 0033:0x7f3d3218e169 [ 580.282662][T12387] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 580.282679][T12387] RSP: 002b:00007f3d32f97038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 580.282703][T12387] RAX: ffffffffffffffda RBX: 00007f3d323b5fa0 RCX: 00007f3d3218e169 [ 580.282719][T12387] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 580.282733][T12387] RBP: 00007f3d32f97090 R08: 0000000000000000 R09: 0000000000000000 [ 580.282747][T12387] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 580.282761][T12387] R13: 0000000000000000 R14: 00007f3d323b5fa0 R15: 00007f3d324dfa28 [ 580.282794][T12387] [ 580.579604][ C0] vkms_vblank_simulate: vblank timer overrun [ 580.790101][ T9] usb 1-1: USB disconnect, device number 93 [ 581.066624][T12416] netlink: 'syz.0.1999': attribute type 11 has an invalid length. [ 581.266048][T12424] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 581.327253][T12405] FAULT_INJECTION: forcing a failure. [ 581.327253][T12405] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 581.346752][ T5836] usb 3-1: new high-speed USB device number 125 using dummy_hcd [ 581.395604][T12405] CPU: 1 UID: 0 PID: 12405 Comm: syz.5.1996 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 581.395627][T12405] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 581.395634][T12405] Call Trace: [ 581.395640][T12405] [ 581.395646][T12405] dump_stack_lvl+0x241/0x360 [ 581.395670][T12405] ? __pfx_dump_stack_lvl+0x10/0x10 [ 581.395687][T12405] ? __pfx__printk+0x10/0x10 [ 581.395710][T12405] should_fail_ex+0x424/0x570 [ 581.395727][T12405] prepare_alloc_pages+0x220/0x610 [ 581.395746][T12405] __alloc_frozen_pages_noprof+0x162/0x5b0 [ 581.395762][T12405] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 581.395790][T12405] ? __lock_acquire+0xad5/0xd80 [ 581.395805][T12405] alloc_pages_mpol+0x339/0x690 [ 581.395825][T12405] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 581.395849][T12405] folio_alloc_mpol_noprof+0x36/0x70 [ 581.395866][T12405] __read_swap_cache_async+0x1ee/0x650 [ 581.395889][T12405] ? __pfx___read_swap_cache_async+0x10/0x10 [ 581.395906][T12405] ? blk_start_plug+0x70/0x1b0 [ 581.395923][T12405] swap_cluster_readahead+0x392/0x720 [ 581.395936][T12405] ? validate_chain+0x8a7/0x24e0 [ 581.395955][T12405] ? __pfx_swap_cluster_readahead+0x10/0x10 [ 581.395984][T12405] swapin_readahead+0x1dd/0xd50 [ 581.395998][T12405] ? filemap_get_entry+0x32a/0x3b0 [ 581.396019][T12405] ? __pfx_swapin_readahead+0x10/0x10 [ 581.396040][T12405] ? __filemap_get_folio+0x9d2/0xb40 [ 581.396053][T12405] ? get_swap_device_info+0x1e/0x2c0 [ 581.396071][T12405] ? swap_cache_get_folio+0xa5/0x3c0 [ 581.396087][T12405] do_swap_page+0x5c4/0x5cd0 [ 581.396113][T12405] ? __lock_acquire+0xad5/0xd80 [ 581.396127][T12405] ? do_swap_page+0x1f0/0x5cd0 [ 581.396141][T12405] ? __pfx_do_swap_page+0x10/0x10 [ 581.396165][T12405] ? rcu_is_watching+0x15/0xb0 [ 581.396180][T12405] ? ___pte_offset_map+0x29a/0x350 [ 581.396197][T12405] ? kernel_text_address+0xa7/0xe0 [ 581.396209][T12405] ? __pfx____pte_offset_map+0x10/0x10 [ 581.396224][T12405] ? unwind_get_return_address+0x4d/0x90 [ 581.396238][T12405] ? __pfx_default_wake_function+0x10/0x10 [ 581.396257][T12405] ? pte_offset_map_rw_nolock+0xc4/0x140 [ 581.396275][T12405] handle_pte_fault+0x5b5/0x61c0 [ 581.396297][T12405] ? __pfx_cgroup_rstat_updated+0x10/0x10 [ 581.396315][T12405] ? __pfx_handle_pte_fault+0x10/0x10 [ 581.396334][T12405] ? rcu_is_watching+0x15/0xb0 [ 581.396349][T12405] ? __count_memcg_events+0x1e1/0x3d0 [ 581.396373][T12405] ? count_memcg_event_mm+0x96/0x440 [ 581.396397][T12405] ? mtree_range_walk+0x700/0x8e0 [ 581.396417][T12405] handle_mm_fault+0x1129/0x1bf0 [ 581.396433][T12405] ? mt_find+0x28a/0x8f0 [ 581.396464][T12405] ? __pfx_handle_mm_fault+0x10/0x10 [ 581.396495][T12405] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 581.396514][T12405] exc_page_fault+0x2bb/0x920 [ 581.396533][T12405] asm_exc_page_fault+0x26/0x30 [ 581.396551][T12405] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 581.396563][T12405] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 581.396573][T12405] RSP: 0018:ffffc90002e97818 EFLAGS: 00050206 [ 581.396586][T12405] RAX: ffffffff85029b01 RBX: ffff888034980000 RCX: 000000000000c13e [ 581.396595][T12405] RDX: 0000000000000001 RSI: 0000200000004000 RDI: ffff888034983ec0 [ 581.396603][T12405] RBP: ffffc90002e97990 R08: 0000000000000005 R09: ffffed1006931fff [ 581.396611][T12405] R10: dffffc0000000000 R11: ffffed1006931fff R12: ffffc90002e97d78 [ 581.396619][T12405] R13: 1ffff920005d2fad R14: 000000000000fffe R15: 0000200000000140 [ 581.396633][T12405] ? _copy_from_iter+0x161/0x1c70 [ 581.396653][T12405] _copy_from_iter+0x288/0x1c70 [ 581.396667][T12405] ? __lruvec_stat_mod_folio+0x7d/0x300 [ 581.396694][T12405] ? __pfx__copy_from_iter+0x10/0x10 [ 581.396708][T12405] ? proc_sys_call_handler+0x46c/0x950 [ 581.396723][T12405] ? rcu_is_watching+0x15/0xb0 [ 581.396738][T12405] ? trace_kmalloc+0x1f/0xd0 [ 581.396751][T12405] ? __kvmalloc_node_noprof+0x34a/0x5a0 [ 581.396773][T12405] proc_sys_call_handler+0x501/0x950 [ 581.396794][T12405] ? __pfx_proc_sys_call_handler+0x10/0x10 [ 581.396817][T12405] do_iter_readv_writev+0x71f/0x9d0 [ 581.396836][T12405] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 581.396849][T12405] ? rcu_read_lock_any_held+0xbb/0x160 [ 581.396875][T12405] vfs_writev+0x38d/0xbc0 [ 581.396895][T12405] ? trace_contention_end+0x3c/0x120 [ 581.396911][T12405] ? __mutex_lock+0x380/0x10c0 [ 581.396926][T12405] ? __lock_acquire+0xad5/0xd80 [ 581.396939][T12405] ? __pfx_vfs_writev+0x10/0x10 [ 581.396966][T12405] ? __fget_files+0x2a/0x420 [ 581.396978][T12405] ? __fget_files+0x39d/0x420 [ 581.396987][T12405] ? __fget_files+0x2a/0x420 [ 581.397004][T12405] do_writev+0x1b8/0x360 [ 581.397024][T12405] ? __pfx_do_writev+0x10/0x10 [ 581.397046][T12405] ? do_syscall_64+0xb6/0x230 [ 581.397062][T12405] do_syscall_64+0xf3/0x230 [ 581.397076][T12405] ? clear_bhb_loop+0x45/0xa0 [ 581.397090][T12405] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 581.397101][T12405] RIP: 0033:0x7f87c2d8e169 [ 581.397112][T12405] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 581.397122][T12405] RSP: 002b:00007f87c3b30038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 581.397134][T12405] RAX: ffffffffffffffda RBX: 00007f87c2fb5fa0 RCX: 00007f87c2d8e169 [ 581.397142][T12405] RDX: 0000000000000001 RSI: 00002000000000c0 RDI: 0000000000000003 [ 581.397150][T12405] RBP: 00007f87c3b30090 R08: 0000000000000000 R09: 0000000000000000 [ 581.397157][T12405] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 581.397164][T12405] R13: 0000000000000000 R14: 00007f87c2fb5fa0 R15: 00007f87c30dfa28 [ 581.397183][T12405] [ 582.161949][ T5836] usb 3-1: too many configurations: 151, using maximum allowed: 8 [ 582.231864][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 582.231887][ T30] audit: type=1326 audit(1744843467.785:5197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e118e169 code=0x7ffc0000 [ 582.322182][ T30] audit: type=1326 audit(1744843467.785:5198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12414 comm="syz.0.1999" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e118e169 code=0x7ffc0000 [ 582.363510][ T5836] usb 3-1: New USB device found, idVendor=04d8, idProduct=0082, bcdDevice=ce.b7 [ 582.372737][ T5836] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=130 [ 582.381362][ T5836] usb 3-1: Product: syz [ 582.385822][ T5836] usb 3-1: Manufacturer: syz [ 582.390499][ T5836] usb 3-1: SerialNumber: syz [ 582.402024][ T5836] usb 3-1: config 0 descriptor?? [ 582.630400][T12445] netlink: 'syz.5.2006': attribute type 16 has an invalid length. [ 582.638871][ T10] usb 4-1: new full-speed USB device number 25 using dummy_hcd [ 582.692300][T12445] netlink: 'syz.5.2006': attribute type 17 has an invalid length. [ 582.743838][T12445] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 582.812821][ T10] usb 4-1: device descriptor read/64, error -71 [ 582.888801][ T9] usb 1-1: new high-speed USB device number 94 using dummy_hcd [ 583.052155][ T10] usb 4-1: new full-speed USB device number 26 using dummy_hcd [ 583.062751][ T9] usb 1-1: config 252 has an invalid interface number: 254 but max is 0 [ 583.088407][ T9] usb 1-1: config 252 has an invalid descriptor of length 0, skipping remainder of the config [ 583.109394][ T9] usb 1-1: config 252 has no interface number 0 [ 583.124506][ T9] usb 1-1: config 252 interface 254 has no altsetting 0 [ 583.165678][ T9] usb 1-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=46.29 [ 583.188426][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 583.216912][ T9] usb 1-1: Product: syz [ 583.235333][ T10] usb 4-1: device descriptor read/64, error -71 [ 583.246523][ T9] usb 1-1: Manufacturer: syz [ 583.261228][ T9] usb 1-1: SerialNumber: syz [ 583.288144][ T9] bfusb 1-1:252.254: probe with driver bfusb failed with error -5 [ 583.352348][ T10] usb usb4-port1: attempt power cycle [ 583.352374][T12458] loop6: detected capacity change from 0 to 7 [ 583.375216][T12458] Dev loop6: unable to read RDB block 7 [ 583.381169][T12458] loop6: unable to read partition table [ 583.404642][T12458] loop6: partition table beyond EOD, truncated [ 583.424380][T12458] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 583.504291][ T30] audit: type=1326 audit(1744843469.225:5199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12435 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e118e169 code=0x7ffc0000 [ 583.576433][ T30] audit: type=1326 audit(1744843469.225:5200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12435 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e118e169 code=0x7ffc0000 [ 583.618070][T12438] netlink: 'syz.0.2005': attribute type 11 has an invalid length. [ 583.636411][ T30] audit: type=1326 audit(1744843469.225:5201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12435 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4e118e169 code=0x7ffc0000 [ 583.656480][ T5917] usb 1-1: USB disconnect, device number 94 [ 583.708508][ T30] audit: type=1326 audit(1744843469.225:5202): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12435 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e118e169 code=0x7ffc0000 [ 583.723833][T12466] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 583.742182][ T10] usb 4-1: new full-speed USB device number 27 using dummy_hcd [ 583.816595][ T30] audit: type=1326 audit(1744843469.225:5203): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12435 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fc4e118e169 code=0x7ffc0000 [ 583.820664][ T10] usb 4-1: device descriptor read/8, error -71 [ 583.910898][ T30] audit: type=1326 audit(1744843469.225:5204): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12435 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e118e169 code=0x7ffc0000 [ 583.938032][T12471] bridge1: entered promiscuous mode [ 583.968951][ T30] audit: type=1326 audit(1744843469.235:5205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12435 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7fc4e118e169 code=0x7ffc0000 [ 584.007036][ T30] audit: type=1326 audit(1744843469.235:5206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12435 comm="syz.0.2005" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fc4e118e169 code=0x7ffc0000 [ 584.099777][ T5897] usb 3-1: USB disconnect, device number 125 [ 584.781976][ T5917] usb 6-1: new high-speed USB device number 9 using dummy_hcd [ 585.021871][ T9] usb 1-1: new high-speed USB device number 95 using dummy_hcd [ 585.062891][ T5917] usb 6-1: Using ep0 maxpacket: 8 [ 585.091856][ T5897] usb 3-1: new high-speed USB device number 126 using dummy_hcd [ 585.198098][ T5917] usb 6-1: unable to get BOS descriptor or descriptor too short [ 585.208973][T12499] netlink: 156 bytes leftover after parsing attributes in process `syz.3.2017'. [ 585.228461][ T5917] usb 6-1: config 0 has no interfaces? [ 585.244875][ T5917] usb 6-1: New USB device found, idVendor=10cf, idProduct=5503, bcdDevice=75.af [ 585.259153][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 585.264489][ T5917] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 585.279975][ T5917] usb 6-1: Product: syz [ 585.285713][ T9] usb 1-1: config index 0 descriptor too short (expected 9, got 0) [ 585.294771][ T9] usb 1-1: can't read configurations, error -22 [ 585.305773][ T5917] usb 6-1: Manufacturer: syz [ 585.328157][ T5917] usb 6-1: SerialNumber: syz [ 585.351899][ T5897] usb 3-1: Using ep0 maxpacket: 32 [ 585.366734][ T5897] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 585.384799][ T5917] usb 6-1: config 0 descriptor?? [ 585.398023][ T5897] usb 3-1: config 0 has no interfaces? [ 585.411504][ T5897] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 585.423935][ T9] usb 1-1: new high-speed USB device number 96 using dummy_hcd [ 585.445384][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 585.486403][ T5897] usb 3-1: config 0 descriptor?? [ 585.584019][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 585.591945][ T9] usb 1-1: config index 0 descriptor too short (expected 9, got 0) [ 585.600647][ T9] usb 1-1: can't read configurations, error -22 [ 585.609910][ T9] usb usb1-port1: attempt power cycle [ 585.816287][T12500] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2016'. [ 585.837521][T12486] bond1 (unregistering): Released all slaves [ 585.872818][T12509] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2016'. [ 585.909930][ T10] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 585.972161][ T9] usb 1-1: new high-speed USB device number 97 using dummy_hcd [ 585.993163][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 586.003549][ T9] usb 1-1: config index 0 descriptor too short (expected 9, got 0) [ 586.019126][ T9] usb 1-1: can't read configurations, error -22 [ 586.081627][T12500] macvtap2: entered promiscuous mode [ 586.088776][T12500] macvtap2: entered allmulticast mode [ 586.104798][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 586.113686][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 586.122111][T12500] team0: entered allmulticast mode [ 586.129587][ T10] usb 4-1: config 0 has no interfaces? [ 586.139978][ T10] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 586.141422][T12500] team_slave_0: entered allmulticast mode [ 586.156043][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 586.164248][ T9] usb 1-1: new high-speed USB device number 98 using dummy_hcd [ 586.202767][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 586.211314][ T9] usb 1-1: config index 0 descriptor too short (expected 9, got 0) [ 586.251964][ T9] usb 1-1: can't read configurations, error -22 [ 586.270265][ T9] usb usb1-port1: unable to enumerate USB device [ 586.280515][ T10] usb 4-1: config 0 descriptor?? [ 586.392488][T12500] team_slave_1: entered allmulticast mode [ 586.482145][T12500] 8021q: adding VLAN 0 to HW filter on device macvtap2 [ 586.520630][T12509] team0: left allmulticast mode [ 586.539731][T12509] team_slave_0: left allmulticast mode [ 586.566933][T12509] team_slave_1: left allmulticast mode [ 586.576995][T12506] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2019'. [ 586.598083][ T5836] usb 3-1: USB disconnect, device number 126 [ 586.646528][T12506] macvtap3: entered promiscuous mode [ 586.653374][T12506] macvtap3: entered allmulticast mode [ 586.660058][T12506] dummy0: entered allmulticast mode [ 586.684557][T12512] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2019'. [ 586.702752][T12512] dummy0: left allmulticast mode [ 586.738043][ T24] usb 4-1: USB disconnect, device number 29 [ 587.338852][T12525] bridge0: entered promiscuous mode [ 587.481995][ T5836] usb 3-1: new high-speed USB device number 127 using dummy_hcd [ 587.633776][ T5836] usb 3-1: config 0 interface 0 altsetting 67 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 587.647169][ T5836] usb 3-1: config 0 interface 0 has no altsetting 0 [ 587.654234][ T5836] usb 3-1: New USB device found, idVendor=06a3, idProduct=0ccd, bcdDevice= 0.00 [ 587.663687][ T5836] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 587.666075][ T9] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 587.676074][ T5836] usb 3-1: config 0 descriptor?? [ 587.844630][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 587.853395][ T9] usb 4-1: config index 0 descriptor too short (expected 17170, got 18) [ 587.865227][ T9] usb 4-1: config 0 has too many interfaces: 63, using maximum allowed: 32 [ 587.875563][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 63 [ 587.908977][ T9] usb 4-1: New USB device found, idVendor=07ab, idProduct=fc01, bcdDevice=8d.90 [ 587.920767][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 587.936025][ T9] usb 4-1: Product: syz [ 587.940353][ T9] usb 4-1: Manufacturer: syz [ 587.945955][ T9] usb 4-1: SerialNumber: syz [ 587.955493][ T9] usb 4-1: config 0 descriptor?? [ 587.973390][ T9] ums-freecom 4-1:0.0: USB Mass Storage device detected [ 588.117266][ T5836] saitek 0003:06A3:0CCD.001A: collection stack underflow [ 588.151424][T12537] program syz.0.2027 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 588.186633][ T24] usb 4-1: USB disconnect, device number 30 [ 588.204788][ T5836] saitek 0003:06A3:0CCD.001A: item 0 0 0 12 parsing failed [ 588.243240][ T5836] saitek 0003:06A3:0CCD.001A: parse failed [ 588.246336][ T9] usb 6-1: USB disconnect, device number 9 [ 588.249182][ T5836] saitek 0003:06A3:0CCD.001A: probe with driver saitek failed with error -22 [ 588.340221][ T5836] usb 3-1: USB disconnect, device number 127 [ 588.865020][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 588.865043][ T30] audit: type=1800 audit(1744843474.585:5232): pid=12562 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.2036" name="nullb0" dev="devtmpfs" ino=3562 res=0 errno=0 [ 590.116222][T12557] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 590.166537][T12583] xt_hashlimit: invalid rate [ 590.395416][T12585] netlink: 'syz.1.2040': attribute type 10 has an invalid length. [ 590.405297][T12585] bridge0: port 4(syz_tun) entered disabled state [ 590.412023][T12585] bridge0: port 2(bridge_slave_1) entered disabled state [ 590.420279][T12585] bridge0: port 1(bridge_slave_0) entered disabled state [ 590.698744][T12590] [ 590.701136][T12590] ====================================================== [ 590.708159][T12590] WARNING: possible circular locking dependency detected [ 590.715172][T12590] 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 Not tainted [ 590.722285][T12590] ------------------------------------------------------ [ 590.729398][T12590] syz.1.2041/12590 is trying to acquire lock: [ 590.735469][T12590] ffffffff900fd588 (rtnl_mutex){+.+.}-{4:4}, at: do_ip_setsockopt+0x10f0/0x39c0 [ 590.741852][ T47] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 590.744514][T12590] [ 590.744514][T12590] but task is already holding lock: [ 590.744526][T12590] ffff88805ddea1a8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x1b2/0xd50 [ 590.744579][T12590] [ 590.744579][T12590] which lock already depends on the new lock. [ 590.744579][T12590] [ 590.744588][T12590] [ 590.744588][T12590] the existing dependency chain (in reverse order) is: [ 590.744597][T12590] [ 590.744597][T12590] -> #2 (&smc->clcsock_release_lock){+.+.}-{4:4}: [ 590.744629][T12590] lock_acquire+0x116/0x2f0 [ 590.744649][T12590] __mutex_lock+0x1a5/0x10c0 [ 590.744673][T12590] smc_switch_to_fallback+0x35/0xda0 [ 590.744694][T12590] smc_sendmsg+0x11f/0x530 [ 590.744715][T12590] __sock_sendmsg+0x221/0x270 [ 590.744739][T12590] __sys_sendto+0x365/0x4c0 [ 590.744755][T12590] __x64_sys_sendto+0xde/0x100 [ 590.744772][T12590] do_syscall_64+0xf3/0x230 [ 590.744796][T12590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.744816][T12590] [ 590.744816][T12590] -> #1 (sk_lock-AF_INET){+.+.}-{0:0}: [ 590.744847][T12590] lock_acquire+0x116/0x2f0 [ 590.744866][T12590] lock_sock_nested+0x48/0x100 [ 590.744892][T12590] do_ip_setsockopt+0x17e9/0x39c0 [ 590.744915][T12590] ip_setsockopt+0x63/0x100 [ 590.744936][T12590] do_sock_setsockopt+0x3b1/0x710 [ 590.744954][T12590] __x64_sys_setsockopt+0x1ee/0x280 [ 590.744973][T12590] do_syscall_64+0xf3/0x230 [ 590.744995][T12590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.897474][T12590] [ 590.897474][T12590] -> #0 (rtnl_mutex){+.+.}-{4:4}: [ 590.904696][T12590] validate_chain+0xa69/0x24e0 [ 590.910179][T12590] __lock_acquire+0xad5/0xd80 [ 590.915386][T12590] lock_acquire+0x116/0x2f0 [ 590.920544][T12590] __mutex_lock+0x1a5/0x10c0 [ 590.925663][T12590] do_ip_setsockopt+0x10f0/0x39c0 [ 590.931308][T12590] ip_setsockopt+0x63/0x100 [ 590.936424][T12590] smc_setsockopt+0x25c/0xd50 [ 590.941641][T12590] do_sock_setsockopt+0x3b1/0x710 [ 590.947208][T12590] __x64_sys_setsockopt+0x1ee/0x280 [ 590.952932][T12590] do_syscall_64+0xf3/0x230 [ 590.957965][T12590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 590.964469][T12590] [ 590.964469][T12590] other info that might help us debug this: [ 590.964469][T12590] [ 590.974695][T12590] Chain exists of: [ 590.974695][T12590] rtnl_mutex --> sk_lock-AF_INET --> &smc->clcsock_release_lock [ 590.974695][T12590] [ 590.988269][T12590] Possible unsafe locking scenario: [ 590.988269][T12590] [ 590.995717][T12590] CPU0 CPU1 [ 591.001082][T12590] ---- ---- [ 591.006534][T12590] lock(&smc->clcsock_release_lock); [ 591.011913][T12590] lock(sk_lock-AF_INET); [ 591.018859][T12590] lock(&smc->clcsock_release_lock); [ 591.026929][T12590] lock(rtnl_mutex); [ 591.030920][T12590] [ 591.030920][T12590] *** DEADLOCK *** [ 591.030920][T12590] [ 591.039070][T12590] 1 lock held by syz.1.2041/12590: [ 591.044267][T12590] #0: ffff88805ddea1a8 (&smc->clcsock_release_lock){+.+.}-{4:4}, at: smc_setsockopt+0x1b2/0xd50 [ 591.054898][T12590] [ 591.054898][T12590] stack backtrace: [ 591.060788][T12590] CPU: 0 UID: 0 PID: 12590 Comm: syz.1.2041 Not tainted 6.15.0-rc2-syzkaller-00048-gc62f4b82d571 #0 PREEMPT(full) [ 591.060810][T12590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 591.060820][T12590] Call Trace: [ 591.060826][T12590] [ 591.060833][T12590] dump_stack_lvl+0x241/0x360 [ 591.060858][T12590] ? __pfx_dump_stack_lvl+0x10/0x10 [ 591.060880][T12590] ? __pfx__printk+0x10/0x10 [ 591.060901][T12590] ? print_lock+0x171/0x1a0 [ 591.060920][T12590] print_circular_bug+0x2e1/0x300 [ 591.060942][T12590] check_noncircular+0x142/0x160 [ 591.060964][T12590] validate_chain+0xa69/0x24e0 [ 591.060991][T12590] __lock_acquire+0xad5/0xd80 [ 591.061009][T12590] lock_acquire+0x116/0x2f0 [ 591.061023][T12590] ? do_ip_setsockopt+0x10f0/0x39c0 [ 591.061045][T12590] __mutex_lock+0x1a5/0x10c0 [ 591.061064][T12590] ? do_ip_setsockopt+0x10f0/0x39c0 [ 591.061081][T12590] ? preempt_schedule+0xe4/0xf0 [ 591.061097][T12590] ? preempt_schedule_common+0x84/0xd0 [ 591.061114][T12590] ? look_up_lock_class+0x7b/0x170 [ 591.061132][T12590] ? register_lock_class+0x54/0x330 [ 591.061147][T12590] ? do_ip_setsockopt+0x10f0/0x39c0 [ 591.061165][T12590] ? __pfx___mutex_lock+0x10/0x10 [ 591.061183][T12590] ? __lock_acquire+0xad5/0xd80 [ 591.061201][T12590] ? __pfx___mutex_trylock_common+0x10/0x10 [ 591.061223][T12590] do_ip_setsockopt+0x10f0/0x39c0 [ 591.061243][T12590] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 591.061262][T12590] ? smc_setsockopt+0x1b2/0xd50 [ 591.061280][T12590] ? __pfx___mutex_lock+0x10/0x10 [ 591.061298][T12590] ? futex_wake+0x525/0x5d0 [ 591.061317][T12590] ip_setsockopt+0x63/0x100 [ 591.061335][T12590] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 591.061358][T12590] smc_setsockopt+0x25c/0xd50 [ 591.061376][T12590] ? __pfx_aa_sk_perm+0x10/0x10 [ 591.061395][T12590] ? __pfx_smc_setsockopt+0x10/0x10 [ 591.061413][T12590] ? aa_sock_opt_perm+0x79/0x120 [ 591.061442][T12590] ? __pfx_smc_setsockopt+0x10/0x10 [ 591.061459][T12590] do_sock_setsockopt+0x3b1/0x710 [ 591.061476][T12590] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 591.061490][T12590] ? __fget_files+0x2a/0x420 [ 591.061505][T12590] ? __fget_files+0x39d/0x420 [ 591.061518][T12590] ? __fget_files+0x2a/0x420 [ 591.061533][T12590] __x64_sys_setsockopt+0x1ee/0x280 [ 591.061551][T12590] do_syscall_64+0xf3/0x230 [ 591.061569][T12590] ? clear_bhb_loop+0x45/0xa0 [ 591.061587][T12590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 591.061602][T12590] RIP: 0033:0x7fa4d058e169 [ 591.061617][T12590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 591.061631][T12590] RSP: 002b:00007fa4d13e3038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 591.061648][T12590] RAX: ffffffffffffffda RBX: 00007fa4d07b5fa0 RCX: 00007fa4d058e169 [ 591.061660][T12590] RDX: 000000000000002d RSI: 0000000000000000 RDI: 000000000000000e [ 591.061670][T12590] RBP: 00007fa4d0610a68 R08: 0000000000000088 R09: 0000000000000000 [ 591.061681][T12590] R10: 00002000000003c0 R11: 0000000000000246 R12: 0000000000000000 [ 591.061692][T12590] R13: 0000000000000000 R14: 00007fa4d07b5fa0 R15: 00007fa4d08dfa28 [ 591.061707][T12590] [ 591.391867][ T47] usb 4-1: Using ep0 maxpacket: 16 [ 591.398576][ T47] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 591.411932][ T47] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 591.433238][T12558] netlink: 80 bytes leftover after parsing attributes in process `syz.0.2033'. [ 591.524075][ T47] usb 4-1: config 0 has no interface number 0 [ 591.543069][ T47] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 591.555700][ T47] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 591.566212][ T47] usb 4-1: Product: syz [ 591.570514][ T47] usb 4-1: Manufacturer: syz [ 591.576237][ T47] usb 4-1: SerialNumber: syz [ 591.584229][ T47] usb 4-1: config 0 descriptor?? [ 591.596145][ T47] usb 4-1: Found UVC 0.00 device syz (046d:08f3) [ 591.604301][ T47] usb 4-1: No valid video chain found. [ 591.800151][ T47] usb 4-1: USB disconnect, device number 31