last executing test programs: 12.73232055s ago: executing program 1 (id=2956): mknodat$loop(0xffffffffffffff9c, 0x0, 0x6004, 0x1) socket$rxrpc(0x21, 0x2, 0x2) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000e80)=ANY=[@ANYBLOB="0a00000002000000ff0f000007"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b70400000000000085000000c300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x7a05, 0x1700) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) removexattr(0x0, 0x0) 12.487143772s ago: executing program 1 (id=2960): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r0, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000005b80)=@delchain={0x24, 0x26, 0xf31, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {0x0, 0xfff1}}}, 0x24}}, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x19, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000107b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000925e850000000100000095"], &(0x7f0000000180)='GPL\x00', 0x3, 0x0, 0x0, 0x0, 0x20, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000400)={{r1}, &(0x7f0000000380), &(0x7f00000003c0)=r2}, 0x20) recvmmsg(r0, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}, 0x80}, {{&(0x7f0000000280)=@isdn, 0x80, &(0x7f0000000380)=[{0x0, 0x34}], 0x1}, 0x5}, {{0x0, 0x0, 0x0}, 0x1}, {{&(0x7f00000003c0)=@hci, 0x80, &(0x7f0000000180)=[{&(0x7f0000002a00)=""/4096, 0xfffffffffffffe15}, {&(0x7f00000004c0)=""/75, 0x4b}], 0x2, &(0x7f0000000340)=""/45, 0x2d}, 0x8}, {{&(0x7f0000000540)=@xdp, 0x80, &(0x7f0000000600)=[{&(0x7f0000000440)=""/18, 0x12}], 0x1, &(0x7f0000000640)=""/130, 0x82}, 0xe9a8}, {{&(0x7f0000000700)=@caif, 0x80, &(0x7f00000008c0)=[{&(0x7f0000003a00)=""/4096, 0x1000}, {&(0x7f00000007c0)=""/226, 0xe2}], 0x2}, 0x6}], 0x6, 0x0, 0x0) 12.370414646s ago: executing program 1 (id=2962): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018000000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f66f63bb850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x2}) readv(r0, &(0x7f00000001c0)=[{&(0x7f0000001400)=""/227, 0x10}], 0x4) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000000)={'syzkaller1\x00', @link_local}) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r2}, 0x10) 11.282161295s ago: executing program 1 (id=2970): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)=ANY=[@ANYBLOB="0300000004000000040000000a"], 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000005c0)={0x11, 0x8, &(0x7f00000001c0)=@framed={{}, [@tail_call={{0x18, 0x2, 0x1, 0x0, r0}}]}, &(0x7f0000000000)='syzkaller\x00', 0x9, 0x1, &(0x7f0000000180)=""/1, 0x0, 0x17, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1, @void, @value}, 0x94) 11.140171945s ago: executing program 1 (id=2973): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x22, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000000)='kfree\x00', r0}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000001940)=@newtaction={0xe98, 0x30, 0x871a15abc695fa3d, 0x0, 0x0, {}, [{0xe84, 0x1, [@m_pedit={0xe80, 0x1, 0x0, 0x0, {{0xa}, {0xe54, 0x2, 0x0, 0x1, [@TCA_PEDIT_PARMS={0xe50, 0x2, {{{}, 0x97, 0x0, [{}, {}]}, [{0x3}, {}, {}, {}, {}, {0x448eade7}, {0x0, 0x0, 0x80000000}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x4}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x9}, {}, {}, {0x2}, {0x0, 0x0, 0x0, 0x0, 0x80}, {0xfffffffc}, {0x0, 0xe}, {}, {}, {0x0, 0x4, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {}, {}, {}, {0xfffffffe}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x10}, {}, {}, {0x2, 0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x8000000}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x3}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffb}, {0x0, 0x0, 0x0, 0x0, 0x6}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xfffffffc}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x1}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x4}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0xe10}, {}, {}, {}, {}, {}, {}, {}, {0x4}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x2}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0xefa6}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0xb}], [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x5}, {}, {0x4}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x0, 0x1}, {}, {}, {0x0, 0x1}, {}, {}, {}, {}, {}, {0x5}]}}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0xe98}}, 0x0) 9.168056308s ago: executing program 0 (id=3000): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x11, 0xb, &(0x7f0000000280)=ANY=[@ANYBLOB="18000000000000000000000095980000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f0ffffffb702000005000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'vxcan1\x00'}) syz_usb_connect$hid(0x5, 0x36, 0x0, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000000)={0x400000000000000, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x2, 0x7, 0x40, 0x7, 0x7, 0x0, 0x0, 0x20000, [@sadb_address={0x5, 0x17, 0x0, 0x0, 0x0, @in6={0xa, 0x4e22, 0x48000000, @local, 0x6}}]}, 0x38}}, 0x0) 6.087759754s ago: executing program 0 (id=3034): ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="0b00000007000000050000000800000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000027b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='kfree\x00', r1}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)=ANY=[@ANYBLOB="4400000010000104a5270b7357000000925e4a44", @ANYRES32, @ANYBLOB="0dfa130016000000240012000c00010000000000000000000c0002f60800000001180000080001"], 0x44}}, 0x0) r2 = socket(0x10, 0x803, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="4800000010000507000000000000000000000002", @ANYRES32=r3], 0x48}}, 0x0) 4.400144342s ago: executing program 0 (id=3045): r0 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r0, &(0x7f00000002c0), 0x40000000000009f, 0x0) 4.366478203s ago: executing program 0 (id=3046): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0xc2) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x900000d2) read(r0, 0x0, 0x10) 3.553982275s ago: executing program 2 (id=3059): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ec0)=ANY=[@ANYBLOB="18000000000080000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000a3850000007000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r0}, 0x10) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000940)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000000000)="d80000001c0081064e81f782db44b9040a1d08040e00000000000aa1180002000600142603600e1208000f0000810401a8001605200001400200000803600cfab94dcf5c0461c1d67f6f94007134cf6ee08000a0e408e8d8ef52a98516277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9701", 0xd8}], 0x1, 0x0, 0x0, 0x7400}, 0x0) 3.406483918s ago: executing program 2 (id=3061): pipe(&(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newqdisc={0x3c, 0x24, 0x0, 0x70bd25, 0x0, {0x0, 0x0, 0x0, 0x0, {}, {}, {0x0, 0xfff2}}, [@qdisc_kind_options=@q_codel={{0xa}, {0xc, 0x2, [@TCA_CODEL_LIMIT={0x8, 0x2, 0x800}]}}]}, 0x3c}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000000)=ANY=[@ANYBLOB="4800000010001fff752b056800080000faff8141", @ANYRES32=0x0, @ANYBLOB="67a9fde500000000280012800a00010076786c616e"], 0x3}}, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) close(r2) socket$nl_route(0x10, 0x3, 0x0) write$binfmt_misc(r1, &(0x7f0000000000), 0xfffffecc) splice(r0, 0x0, r2, 0x0, 0x4ffe6, 0x0) 3.355048475s ago: executing program 0 (id=3062): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x138, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x4}}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12015002294e7610cd06"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 2.339884468s ago: executing program 2 (id=3068): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="1800000000a0db000000000000000000850000000e000000c50000002a00000095"], &(0x7f00000000c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000080)='netlink_extack\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="200000001400090500000000fcdbdf2502"], 0x20}, 0x1, 0x0, 0x0, 0x40040c5}, 0x0) 2.187950359s ago: executing program 2 (id=3070): r0 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x141a82, 0x0) write$RDMA_USER_CM_CMD_REJECT(r0, &(0x7f0000000280)={0x2e, 0x108, 0xfa00, {0xffffffffffffffff, 0x4, 'H0I', "a34438259d2dec8049b0a69e09994409da95b8359be03664631492535442714665b5445b816cc2ea6dc90c13fa70dda959eb65c5a279c112460b454b58879400619d5dd9ee54f64c9b6df42c5bb4d8bf32d779435a3adc9752e752b75319736c10f087d5aea7ecc5e72f6e658a4f21d8394665518ca0e976fa5967579f7e0e548d03d5f7c07b40640faf9b20426a2367b34425f8184a1fe81f9c665d09c71779c78d551840f8602e1cbe5fcde9c1e8d135fcb8aaf2c924e7680fb4bca69fbf49b7f57e1877bfd1ca812015b0ac4b6c17de6a73f87a8dfb4cddf565e2aae4e35a7f06cff50c5bd298b592253417b9a185f430f4b029ba4f1a51eae47256619edd"}}, 0x110) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={0x0}, 0x18) syz_genetlink_get_family_id$mptcp(&(0x7f0000000100), 0xffffffffffffffff) prctl$PR_SET_SECCOMP(0x16, 0x2, 0x0) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x28, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) prlimit64(0x0, 0xe, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001600)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @synproxy={{0xd}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_SYNPROXY_FLAGS={0x8, 0x3, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000140)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0) syz_emit_ethernet(0x33, &(0x7f0000000300)={@random="e90c630faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x25, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x11, 0x0, @opaque="cbe66f1099d3a415fe"}}}}}, 0x0) 2.093078639s ago: executing program 2 (id=3071): mknodat$loop(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x6004, 0x1) openat$dir(0xffffffffffffff9c, &(0x7f00000002c0)='./file0\x00', 0x0, 0xc2) r0 = inotify_init1(0x0) inotify_add_watch(r0, &(0x7f0000000000)='./file0\x00', 0x900000d2) read(r0, 0x0, 0x10) 1.995493324s ago: executing program 3 (id=3072): r0 = socket$inet_icmp(0x2, 0x2, 0x1) setsockopt$inet_int(r0, 0x0, 0x13, 0x0, 0x0) bind$inet(r0, &(0x7f00000005c0)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10) 1.898026631s ago: executing program 3 (id=3073): r0 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) r1 = fcntl$dupfd(r0, 0x406, 0xffffffffffffffff) syz_genetlink_get_family_id$tipc2(&(0x7f00000002c0), r1) 1.820469843s ago: executing program 3 (id=3074): r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00'}, 0x10) fremovexattr(r0, &(0x7f0000000040)=@known='system.posix_acl_default\x00') 1.715971872s ago: executing program 3 (id=3075): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000540)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x10, @void, @value}, 0x94) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r2}, 0x10) r3 = syz_io_uring_setup(0x10b, &(0x7f00000000c0)={0x0, 0x68f0, 0x80, 0x2, 0x1df}, &(0x7f00000003c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, 0x0, 0x0, 0x29c780}) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0xfffffdcf) 1.595818075s ago: executing program 3 (id=3076): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000002c0)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x1, &(0x7f0000000200)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) r1 = openat(0xffffffffffffff9c, &(0x7f0000000340)='./file0\x00', 0x8d41, 0x0) flock(r1, 0x5) 1.44842458s ago: executing program 3 (id=3077): r0 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000080)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xfffffffffffffe9f}}]}}, 0x0) syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100002439da20cd061201a2d20102030109021b0001000000000904000001717ffe000905a1"], 0x0) syz_usb_connect(0x0, 0xdd, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0xc4, 0xb8, 0x68, 0x8, 0x2357, 0x109, 0xbdda, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0xf1, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x5, 0xff, 0xff, 0xff}}]}}]}}, 0x0) syz_usb_connect(0x0, 0x6d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100003cda2a200a111022"], 0x0) syz_usb_ep_write(0xffffffffffffffff, 0x81, 0x1, &(0x7f00000000c0)="cc") syz_usb_disconnect(r0) r1 = syz_usb_connect(0x3, 0x1cb, &(0x7f0000000400)=ANY=[], 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f00000007c0)={0x84, &(0x7f0000000380)={0x20, 0xa, 0x1, "c3"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) 1.393411398s ago: executing program 4 (id=3078): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000600)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000900850000008200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kfree\x00', r1}, 0x10) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000240)={0x0, 0x10, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a3c000000120a09000000000000000000020000000900020073797a320000000008000440040000000900010073797a30000000000800034000000007"], 0x64}}, 0x0) 1.172115718s ago: executing program 4 (id=3079): r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, 0x0, 0x0) sendmsg$rds(r0, &(0x7f0000000100)={&(0x7f0000000080)={0x2, 0x4e22, @local}, 0x10, 0x0, 0x0, &(0x7f00000012c0)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0}}], 0x30, 0x8004}, 0x0) 1.103456492s ago: executing program 4 (id=3080): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x9, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000002000000000000000018090000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000002000000b704000000000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001700)={&(0x7f0000000080)='kmem_cache_free\x00', r0}, 0x10) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) r2 = socket$netlink(0x10, 0x3, 0x10) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x20, 0x2fffffbff}, 0xc) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f0000000000), 0x4) setsockopt$netlink_NETLINK_BROADCAST_ERROR(r2, 0x10e, 0x4, &(0x7f0000000180)=0x800, 0x4) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), r2) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x1, 0x31, r1, 0x8871b000) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e23, 0x937, @ipv4={'\x00', '\xff\xff', @local}, 0x7f}, 0x1c) 1.087079728s ago: executing program 2 (id=3081): r0 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r0, 0x10d, 0x89, &(0x7f0000000080), &(0x7f0000000040)=0x4) 1.045732582s ago: executing program 1 (id=2976): syz_usb_connect(0x1, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d81000905f7ffffff00000009058303"], 0x0) 929.514944ms ago: executing program 4 (id=3083): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000400)='kfree\x00', r0}, 0x10) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r1, 0x84, 0x81, &(0x7f00000002c0)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r1, 0x84, 0x17, &(0x7f0000000380)=ANY=[], 0x9) 760.79522ms ago: executing program 4 (id=3084): r0 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x281c2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000000c0)='sys_enter\x00'}, 0x10) fremovexattr(r0, &(0x7f0000000040)=@known='system.posix_acl_default\x00') 538.553813ms ago: executing program 4 (id=3085): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) clock_settime(0x0, &(0x7f0000003c80)={0x77359400}) 0s ago: executing program 0 (id=3086): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="170000000000000004000000ff"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0xa, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={&(0x7f0000000f00)='kfree\x00', r1}, 0x10) openat$snapshot(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) kernel console output (not intermixed with test programs): 1219.118244][T15432] skb_clone+0x20c/0x390 [ 1219.118276][T15432] __netlink_deliver_tap+0x3cc/0x7f0 [ 1219.127898][T15432] ? netlink_deliver_tap+0x2e/0x1b0 [ 1219.133103][T15432] netlink_deliver_tap+0x19d/0x1b0 [ 1219.138214][T15432] netlink_unicast+0x7c4/0x990 [ 1219.142991][T15432] ? __pfx_netlink_unicast+0x10/0x10 [ 1219.148285][T15432] ? __virt_addr_valid+0x45f/0x530 [ 1219.153394][T15432] ? __phys_addr_symbol+0x2f/0x70 [ 1219.158414][T15432] ? __check_object_size+0x47a/0x730 [ 1219.163703][T15432] netlink_sendmsg+0x8e4/0xcb0 [ 1219.168473][T15432] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1219.173768][T15432] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1219.179052][T15432] __sock_sendmsg+0x221/0x270 [ 1219.183739][T15432] ____sys_sendmsg+0x52a/0x7e0 [ 1219.188512][T15432] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1219.193793][T15432] ? __fget_files+0x2a/0x410 [ 1219.198382][T15432] ? __fget_files+0x2a/0x410 [ 1219.202979][T15432] __sys_sendmsg+0x269/0x350 [ 1219.207567][T15432] ? __pfx_lock_release+0x10/0x10 [ 1219.212591][T15432] ? __pfx___sys_sendmsg+0x10/0x10 [ 1219.217711][T15432] ? __pfx_vfs_write+0x10/0x10 [ 1219.222496][T15432] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1219.228821][T15432] ? do_syscall_64+0x100/0x230 [ 1219.233591][T15432] ? do_syscall_64+0xb6/0x230 [ 1219.238269][T15432] do_syscall_64+0xf3/0x230 [ 1219.242772][T15432] ? clear_bhb_loop+0x35/0x90 [ 1219.247445][T15432] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1219.253343][T15432] RIP: 0033:0x7f1785185d29 [ 1219.257755][T15432] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1219.277357][T15432] RSP: 002b:00007f1785f8e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1219.285775][T15432] RAX: ffffffffffffffda RBX: 00007f1785375fa0 RCX: 00007f1785185d29 [ 1219.293752][T15432] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 1219.301722][T15432] RBP: 00007f1785f8e090 R08: 0000000000000000 R09: 0000000000000000 [ 1219.309689][T15432] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1219.317660][T15432] R13: 0000000000000000 R14: 00007f1785375fa0 R15: 00007ffe209f6328 [ 1219.325643][T15432] [ 1219.397219][ T8862] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 1219.434609][ T8862] usb 4-1: device descriptor read/8, error -71 [ 1219.451262][T15435] FAULT_INJECTION: forcing a failure. [ 1219.451262][T15435] name failslab, interval 1, probability 0, space 0, times 0 [ 1219.464228][T15435] CPU: 0 UID: 0 PID: 15435 Comm: syz.2.2342 Not tainted 6.13.0-rc4-syzkaller #0 [ 1219.473284][T15435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1219.483379][T15435] Call Trace: [ 1219.486675][T15435] [ 1219.489616][T15435] dump_stack_lvl+0x241/0x360 [ 1219.494328][T15435] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1219.499560][T15435] ? __pfx__printk+0x10/0x10 [ 1219.504204][T15435] should_fail_ex+0x3b0/0x4e0 [ 1219.508905][T15435] should_failslab+0xac/0x100 [ 1219.513617][T15435] ? skb_clone+0x20c/0x390 [ 1219.518060][T15435] kmem_cache_alloc_noprof+0x70/0x380 [ 1219.523465][T15435] skb_clone+0x20c/0x390 [ 1219.527738][T15435] __netlink_deliver_tap+0x3cc/0x7f0 [ 1219.533057][T15435] ? netlink_deliver_tap+0x2e/0x1b0 [ 1219.538281][T15435] netlink_deliver_tap+0x19d/0x1b0 [ 1219.543416][T15435] netlink_unicast+0x7c4/0x990 [ 1219.548221][T15435] ? __pfx_netlink_unicast+0x10/0x10 [ 1219.553528][T15435] ? __virt_addr_valid+0x45f/0x530 [ 1219.558660][T15435] ? __phys_addr_symbol+0x2f/0x70 [ 1219.563712][T15435] ? __check_object_size+0x47a/0x730 [ 1219.569031][T15435] netlink_sendmsg+0x8e4/0xcb0 [ 1219.573833][T15435] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1219.579152][T15435] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1219.584460][T15435] __sock_sendmsg+0x221/0x270 [ 1219.589164][T15435] ____sys_sendmsg+0x52a/0x7e0 [ 1219.593964][T15435] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1219.599272][T15435] ? __fget_files+0x2a/0x410 [ 1219.603887][T15435] ? __fget_files+0x2a/0x410 [ 1219.608509][T15435] __sys_sendmsg+0x269/0x350 [ 1219.613126][T15435] ? __pfx_lock_release+0x10/0x10 [ 1219.618175][T15435] ? __pfx___sys_sendmsg+0x10/0x10 [ 1219.623324][T15435] ? __pfx_vfs_write+0x10/0x10 [ 1219.628141][T15435] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1219.634487][T15435] ? do_syscall_64+0x100/0x230 [ 1219.639259][T15435] ? do_syscall_64+0xb6/0x230 [ 1219.643942][T15435] do_syscall_64+0xf3/0x230 [ 1219.648453][T15435] ? clear_bhb_loop+0x35/0x90 [ 1219.653129][T15435] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1219.659023][T15435] RIP: 0033:0x7fa8d7985d29 [ 1219.663438][T15435] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1219.683044][T15435] RSP: 002b:00007fa8d87ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1219.691457][T15435] RAX: ffffffffffffffda RBX: 00007fa8d7b76080 RCX: 00007fa8d7985d29 [ 1219.699432][T15435] RDX: 0000000000008814 RSI: 0000000020000140 RDI: 0000000000000006 [ 1219.707402][T15435] RBP: 00007fa8d87ce090 R08: 0000000000000000 R09: 0000000000000000 [ 1219.715374][T15435] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1219.723347][T15435] R13: 0000000000000000 R14: 00007fa8d7b76080 R15: 00007ffd7f0dc568 [ 1219.731333][T15435] [ 1219.877343][ T8862] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 1219.991462][ T8862] usb 4-1: device descriptor read/8, error -71 [ 1220.125877][ T8862] usb usb4-port1: unable to enumerate USB device [ 1220.393556][ T11] tipc: Subscription rejected, illegal request [ 1222.282499][T14186] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 1222.478602][T14186] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1222.491048][T14186] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1222.501395][T14186] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1222.526845][T14186] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1222.537037][T15464] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2354'. [ 1222.537557][T14186] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1222.648073][T14186] usb 3-1: config 0 descriptor?? [ 1223.089224][T15476] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2357'. [ 1223.272829][T14186] plantronics 0003:047F:FFFF.002F: No inputs registered, leaving [ 1223.296895][T14186] plantronics 0003:047F:FFFF.002F: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1223.521126][T15483] overlayfs: overlapping lowerdir path [ 1224.658548][ T5876] usb 3-1: USB disconnect, device number 27 [ 1224.798791][T15490] bridge0: entered promiscuous mode [ 1224.805020][T15490] macsec1: entered promiscuous mode [ 1224.827965][T15490] bridge0: left promiscuous mode [ 1226.024190][ T8862] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 1226.195019][ T8862] usb 2-1: Using ep0 maxpacket: 32 [ 1226.268124][ T8862] usb 2-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 1226.277364][ T8862] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1226.356641][ T8862] usb 2-1: config 0 descriptor?? [ 1226.411843][ T8862] usb 2-1: selecting invalid altsetting 3 [ 1226.417632][ T8862] comedi comedi0: could not set alternate setting 3 in high speed [ 1227.852149][ T8862] usbduxsigma 2-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 1227.860241][T15503] 9pnet_fd: Insufficient options for proto=fd [ 1227.891017][ T8862] usbduxsigma 2-1:0.0: probe with driver usbduxsigma failed with error -22 [ 1227.965059][T15503] input: syz1 as /devices/virtual/input/input21 [ 1228.069350][T15511] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2367'. [ 1228.462206][ T5876] usb 2-1: USB disconnect, device number 29 [ 1228.902278][T15524] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2371'. [ 1229.388825][T15527] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2370'. [ 1229.989354][T14450] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 1230.485035][T15532] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2374'. [ 1230.499252][T15533] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2376'. [ 1230.627128][T14450] usb 4-1: Using ep0 maxpacket: 8 [ 1231.510364][T14450] usb 4-1: New USB device found, idVendor=061d, idProduct=c120, bcdDevice=e3.67 [ 1231.533262][T14450] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1231.602233][T14450] usb 4-1: config 0 descriptor?? [ 1231.663465][T14450] usb 4-1: can't set config #0, error -71 [ 1231.789785][T14450] usb 4-1: USB disconnect, device number 47 [ 1232.141251][T15554] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2379'. [ 1232.676831][T15560] capability: warning: `syz.2.2382' uses deprecated v2 capabilities in a way that may be insecure [ 1233.190316][T15565] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2383'. [ 1233.924435][T15578] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2385'. [ 1234.273213][T15580] FAULT_INJECTION: forcing a failure. [ 1234.273213][T15580] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1234.311879][T15580] CPU: 0 UID: 0 PID: 15580 Comm: syz.0.2387 Not tainted 6.13.0-rc4-syzkaller #0 [ 1234.320962][T15580] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1234.331051][T15580] Call Trace: [ 1234.334356][T15580] [ 1234.337309][T15580] dump_stack_lvl+0x241/0x360 [ 1234.342016][T15580] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1234.347248][T15580] ? __pfx__printk+0x10/0x10 [ 1234.351881][T15580] ? snprintf+0xda/0x120 [ 1234.356151][T15580] should_fail_ex+0x3b0/0x4e0 [ 1234.360847][T15580] _copy_to_user+0x31/0xb0 [ 1234.365276][T15580] simple_read_from_buffer+0xca/0x150 [ 1234.370675][T15580] proc_fail_nth_read+0x1e9/0x250 [ 1234.375736][T15580] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1234.381311][T15580] ? rw_verify_area+0x568/0x6f0 [ 1234.386174][T15580] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1234.391744][T15580] vfs_read+0x1fc/0xb70 [ 1234.395906][T15580] ? __pfx___mutex_lock+0x10/0x10 [ 1234.400933][T15580] ? __pfx_vfs_read+0x10/0x10 [ 1234.405613][T15580] ? __fget_files+0x2a/0x410 [ 1234.410200][T15580] ? __fget_files+0x395/0x410 [ 1234.414882][T15580] ? __fget_files+0x2a/0x410 [ 1234.419473][T15580] ksys_read+0x18f/0x2b0 [ 1234.423721][T15580] ? __pfx_ksys_read+0x10/0x10 [ 1234.428485][T15580] ? do_syscall_64+0x100/0x230 [ 1234.433255][T15580] ? do_syscall_64+0xb6/0x230 [ 1234.437935][T15580] do_syscall_64+0xf3/0x230 [ 1234.442447][T15580] ? clear_bhb_loop+0x35/0x90 [ 1234.447129][T15580] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1234.453129][T15580] RIP: 0033:0x7f178518473c [ 1234.457543][T15580] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1234.477147][T15580] RSP: 002b:00007f1785f4c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1234.485567][T15580] RAX: ffffffffffffffda RBX: 00007f1785376160 RCX: 00007f178518473c [ 1234.493536][T15580] RDX: 000000000000000f RSI: 00007f1785f4c0a0 RDI: 0000000000000005 [ 1234.501517][T15580] RBP: 00007f1785f4c090 R08: 0000000000000000 R09: 0000000000000000 [ 1234.509503][T15580] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1234.517473][T15580] R13: 0000000000000000 R14: 00007f1785376160 R15: 00007ffe209f6328 [ 1234.525454][T15580] [ 1234.974780][ T5831] usb 5-1: new low-speed USB device number 38 using dummy_hcd [ 1235.154082][ T5831] usb 5-1: Invalid ep0 maxpacket: 64 [ 1235.292923][ T5831] usb 5-1: new low-speed USB device number 39 using dummy_hcd [ 1235.467760][ T5831] usb 5-1: Invalid ep0 maxpacket: 64 [ 1235.482541][ T5831] usb usb5-port1: attempt power cycle [ 1235.828669][T15598] FAULT_INJECTION: forcing a failure. [ 1235.828669][T15598] name failslab, interval 1, probability 0, space 0, times 0 [ 1235.851604][T15598] CPU: 0 UID: 0 PID: 15598 Comm: syz.2.2392 Not tainted 6.13.0-rc4-syzkaller #0 [ 1235.860693][T15598] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1235.870779][T15598] Call Trace: [ 1235.874163][T15598] [ 1235.877108][T15598] dump_stack_lvl+0x241/0x360 [ 1235.881829][T15598] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1235.887050][T15598] ? __pfx__printk+0x10/0x10 [ 1235.891666][T15598] ? kmem_cache_alloc_noprof+0x48/0x380 [ 1235.897241][T15598] ? __pfx___might_resched+0x10/0x10 [ 1235.902560][T15598] should_fail_ex+0x3b0/0x4e0 [ 1235.902637][ T5831] usb 5-1: new low-speed USB device number 40 using dummy_hcd [ 1235.907241][T15598] should_failslab+0xac/0x100 [ 1235.919381][T15598] ? security_file_alloc+0x32/0x310 [ 1235.924597][T15598] kmem_cache_alloc_noprof+0x70/0x380 [ 1235.930004][T15598] security_file_alloc+0x32/0x310 [ 1235.935038][T15598] init_file+0x91/0x280 [ 1235.939212][T15598] alloc_empty_file+0xb8/0x1d0 [ 1235.943991][T15598] alloc_file_pseudo+0x1da/0x290 [ 1235.948938][T15598] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1235.954404][T15598] anon_inode_getfd+0xce/0x1e0 [ 1235.959188][T15598] __se_sys_fanotify_init+0x792/0x900 [ 1235.964567][T15598] do_syscall_64+0xf3/0x230 [ 1235.969073][T15598] ? clear_bhb_loop+0x35/0x90 [ 1235.973779][T15598] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1235.979676][T15598] RIP: 0033:0x7fa8d7985d29 [ 1235.984087][T15598] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1236.003695][T15598] RSP: 002b:00007fa8d87ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000012c [ 1236.012113][T15598] RAX: ffffffffffffffda RBX: 00007fa8d7b75fa0 RCX: 00007fa8d7985d29 [ 1236.020087][T15598] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000222 [ 1236.028149][T15598] RBP: 00007fa8d87ef090 R08: 0000000000000000 R09: 0000000000000000 [ 1236.036129][T15598] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1236.044100][T15598] R13: 0000000000000001 R14: 00007fa8d7b75fa0 R15: 00007ffd7f0dc568 [ 1236.052086][T15598] [ 1236.105932][ T5831] usb 5-1: Invalid ep0 maxpacket: 64 [ 1236.255246][ T5831] usb 5-1: new low-speed USB device number 41 using dummy_hcd [ 1236.310478][ T5831] usb 5-1: Invalid ep0 maxpacket: 64 [ 1236.330885][ T5831] usb usb5-port1: unable to enumerate USB device [ 1236.524600][T15604] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2394'. [ 1237.224684][T15608] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 1237.228190][T15613] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2398'. [ 1237.292141][ T8862] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1237.507219][ T8862] usb 3-1: Using ep0 maxpacket: 8 [ 1237.534477][ T8862] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1237.717488][ T8862] usb 3-1: config 6 has an invalid interface number: 174 but max is 0 [ 1237.744311][ T8862] usb 3-1: config 6 has no interface number 0 [ 1237.758760][ T8862] usb 3-1: config 6 interface 174 has no altsetting 0 [ 1237.770489][ T8862] usb 3-1: New USB device found, idVendor=106c, idProduct=7c1b, bcdDevice=26.7c [ 1237.780802][ T8862] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1237.789276][ T8862] usb 3-1: Product: syz [ 1237.798599][ T8862] usb 3-1: Manufacturer: syz [ 1237.803239][ T8862] usb 3-1: SerialNumber: syz [ 1238.538848][T15623] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2400'. [ 1238.679850][ T8862] qmi_wwan 3-1:6.174: probe with driver qmi_wwan failed with error -22 [ 1238.683227][T15629] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 1238.693038][ T8862] usb 3-1: USB disconnect, device number 28 [ 1238.694842][T15629] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1238.714027][T15629] vhci_hcd vhci_hcd.0: Device attached [ 1239.497044][T15634] netlink: 'syz.1.2403': attribute type 3 has an invalid length. [ 1239.659839][T15630] vhci_hcd: connection closed [ 1239.677949][ T12] vhci_hcd: stop threads [ 1239.693889][ T12] vhci_hcd: release socket [ 1239.699236][ T12] vhci_hcd: disconnect device [ 1240.403658][ T5877] vhci_hcd: vhci_device speed not set [ 1240.714855][T15649] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2408'. [ 1241.248394][T15652] blktrace: Concurrent blktraces are not allowed on loop6 [ 1241.261619][T15652] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 1241.283927][T15650] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2407'. [ 1242.404668][T15658] random: crng reseeded on system resumption [ 1243.571725][T15668] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2412'. [ 1244.051456][T15675] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2414'. [ 1246.166430][T15683] FAULT_INJECTION: forcing a failure. [ 1246.166430][T15683] name failslab, interval 1, probability 0, space 0, times 0 [ 1246.195755][T15683] CPU: 1 UID: 0 PID: 15683 Comm: syz.3.2417 Not tainted 6.13.0-rc4-syzkaller #0 [ 1246.204847][T15683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1246.214929][T15683] Call Trace: [ 1246.218238][T15683] [ 1246.221199][T15683] dump_stack_lvl+0x241/0x360 [ 1246.225912][T15683] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1246.231128][T15683] ? __pfx__printk+0x10/0x10 [ 1246.235722][T15683] ? kmem_cache_alloc_noprof+0x22d/0x380 [ 1246.241396][T15683] should_fail_ex+0x3b0/0x4e0 [ 1246.246094][T15683] should_failslab+0xac/0x100 [ 1246.250782][T15683] __kmalloc_cache_noprof+0x70/0x390 [ 1246.256066][T15683] ? sctp_add_bind_addr+0x89/0x3a0 [ 1246.261191][T15683] sctp_add_bind_addr+0x89/0x3a0 [ 1246.266132][T15683] sctp_do_bind+0x5d2/0x950 [ 1246.270645][T15683] sctp_connect_new_asoc+0x277/0x6c0 [ 1246.275930][T15683] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 1246.281742][T15683] ? sctp_get_af_specific+0x2a/0x80 [ 1246.286946][T15683] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 1246.292753][T15683] __sctp_connect+0x66d/0xe30 [ 1246.297442][T15683] ? __pfx___sctp_connect+0x10/0x10 [ 1246.302665][T15683] ? __might_fault+0xc6/0x120 [ 1246.307346][T15683] ? _copy_from_user+0x99/0xc0 [ 1246.312117][T15683] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 1246.317671][T15683] sctp_getsockopt_connectx3+0x46c/0x730 [ 1246.323322][T15683] ? __local_bh_enable_ip+0x168/0x200 [ 1246.328702][T15683] ? __pfx_sctp_getsockopt_connectx3+0x10/0x10 [ 1246.334860][T15683] ? __local_bh_enable_ip+0x168/0x200 [ 1246.340257][T15683] ? sctp_getsockopt+0x13a/0xbb0 [ 1246.345206][T15683] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1246.350947][T15683] sctp_getsockopt+0x8de/0xbb0 [ 1246.355717][T15683] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 1246.361619][T15683] do_sock_getsockopt+0x3c4/0x7e0 [ 1246.366647][T15683] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 1246.372189][T15683] ? __fget_files+0x2a/0x410 [ 1246.376782][T15683] ? __fget_files+0x395/0x410 [ 1246.381509][T15683] ? __fget_files+0x2a/0x410 [ 1246.386104][T15683] __x64_sys_getsockopt+0x2a1/0x370 [ 1246.391306][T15683] ? __pfx___x64_sys_getsockopt+0x10/0x10 [ 1246.397032][T15683] ? do_syscall_64+0x100/0x230 [ 1246.401806][T15683] ? do_syscall_64+0xb6/0x230 [ 1246.406490][T15683] do_syscall_64+0xf3/0x230 [ 1246.411009][T15683] ? clear_bhb_loop+0x35/0x90 [ 1246.415686][T15683] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1246.421592][T15683] RIP: 0033:0x7f0655585d29 [ 1246.426008][T15683] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1246.445635][T15683] RSP: 002b:00007f0656407038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 1246.454052][T15683] RAX: ffffffffffffffda RBX: 00007f0655775fa0 RCX: 00007f0655585d29 [ 1246.462046][T15683] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000003 [ 1246.470018][T15683] RBP: 00007f0656407090 R08: 0000000020000100 R09: 0000000000000000 [ 1246.477989][T15683] R10: 00000000200000c0 R11: 0000000000000246 R12: 0000000000000001 [ 1246.485959][T15683] R13: 0000000000000000 R14: 00007f0655775fa0 R15: 00007ffde4f0b4b8 [ 1246.493940][T15683] [ 1246.928447][T15698] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 1248.589012][T15692] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2420'. [ 1248.946426][T15720] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2428'. [ 1249.691036][T15725] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(7) [ 1249.697615][T15725] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1250.007056][T15725] vhci_hcd vhci_hcd.0: Device attached [ 1250.433827][ T8862] vhci_hcd: vhci_device speed not set [ 1250.580455][ T8862] usb 33-1: new full-speed USB device number 21 using vhci_hcd [ 1250.622538][T15740] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2431'. [ 1251.038175][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1251.389252][T15745] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 1251.395826][T15745] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1251.403867][T15745] vhci_hcd vhci_hcd.0: Device attached [ 1251.451925][T15731] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2430'. [ 1251.685733][T15726] vhci_hcd: connection reset by peer [ 1251.704566][ T35] vhci_hcd: stop threads [ 1251.710686][ T35] vhci_hcd: release socket [ 1251.782651][ T35] vhci_hcd: disconnect device [ 1251.808874][T15744] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2434'. [ 1252.425371][T15759] netlink: 'syz.0.2438': attribute type 10 has an invalid length. [ 1252.433910][T15746] vhci_hcd: connection closed [ 1252.434168][ T35] vhci_hcd: stop threads [ 1253.103215][ T35] vhci_hcd: release socket [ 1253.127888][ T35] vhci_hcd: disconnect device [ 1253.750552][T15766] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 1254.880667][T15776] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2440'. [ 1256.086159][ T8862] vhci_hcd: vhci_device speed not set [ 1256.126634][T15799] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2449'. [ 1258.443806][T15815] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2452'. [ 1260.214767][T15825] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 1262.527606][ T3123] tipc: Subscription rejected, illegal request [ 1263.146426][T15850] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2460'. [ 1266.294898][T15876] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2468'. [ 1268.121371][T15880] overlayfs: failed to resolve '/': -2 [ 1269.872856][T15903] blktrace: Concurrent blktraces are not allowed on loop3 [ 1269.972598][T15907] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2477'. [ 1270.333124][ T5831] libceph: connect (1)[c::]:6789 error -101 [ 1270.340965][ T5831] libceph: mon0 (1)[c::]:6789 connect error [ 1270.481089][T15895] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2475'. [ 1270.628393][T14186] libceph: connect (1)[c::]:6789 error -101 [ 1270.637142][T14186] libceph: mon0 (1)[c::]:6789 connect error [ 1271.518760][T14186] libceph: connect (1)[c::]:6789 error -101 [ 1271.547262][T14186] libceph: mon0 (1)[c::]:6789 connect error [ 1271.558233][T15921] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2482'. [ 1272.784695][T14186] libceph: connect (1)[c::]:6789 error -101 [ 1272.791528][T14186] libceph: mon0 (1)[c::]:6789 connect error [ 1272.845836][T15901] ceph: No mds server is up or the cluster is laggy [ 1273.728827][T15938] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2487'. [ 1275.495601][T15950] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2489'. [ 1275.980703][ T5876] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 1276.324034][ T5876] usb 3-1: Using ep0 maxpacket: 32 [ 1276.337091][ T5876] usb 3-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 1276.364938][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1276.429212][T15960] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2494'. [ 1276.450889][ T5876] usb 3-1: config 0 descriptor?? [ 1276.504045][ T5876] usb 3-1: selecting invalid altsetting 3 [ 1276.535524][ T5876] comedi comedi0: could not set alternate setting 3 in high speed [ 1276.555322][ T5876] usbduxsigma 3-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 1276.595807][ T5876] usbduxsigma 3-1:0.0: probe with driver usbduxsigma failed with error -22 [ 1276.640802][T15954] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 1276.647378][T15954] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1276.655664][T15954] vhci_hcd vhci_hcd.0: Device attached [ 1276.945937][ T5831] vhci_hcd: vhci_device speed not set [ 1277.018166][ T5831] usb 39-1: new full-speed USB device number 15 using vhci_hcd [ 1278.122755][ T8862] usb 3-1: USB disconnect, device number 29 [ 1278.280722][T15977] workqueue: Failed to create a rescuer kthread for wq "ceph-completion": -EINTR [ 1278.865170][T15990] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2500'. [ 1279.776552][T15965] vhci_hcd: connection reset by peer [ 1279.798468][ T35] vhci_hcd: stop threads [ 1279.802771][ T35] vhci_hcd: release socket [ 1279.997350][ T35] vhci_hcd: disconnect device [ 1281.510020][T16008] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2504'. [ 1281.726112][T16009] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2505'. [ 1281.817419][T14450] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 1282.130441][T16010] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2506'. [ 1282.354441][T14450] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1282.374531][T14450] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1282.400652][T14450] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1282.454710][T14450] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1282.491881][ T5831] vhci_hcd: vhci_device speed not set [ 1282.493278][T14450] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1282.544151][T14450] usb 3-1: config 0 descriptor?? [ 1283.894224][T14450] plantronics 0003:047F:FFFF.0030: No inputs registered, leaving [ 1283.904327][T14450] plantronics 0003:047F:FFFF.0030: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1284.492664][T14450] libceph: connect (1)[c::]:6789 error -101 [ 1284.499284][T14450] libceph: mon0 (1)[c::]:6789 connect error [ 1284.557559][T14450] libceph: connect (1)[c::]:6789 error -101 [ 1284.564063][T14450] libceph: mon0 (1)[c::]:6789 connect error [ 1285.448934][T14450] libceph: connect (1)[c::]:6789 error -101 [ 1285.456673][T14450] libceph: mon0 (1)[c::]:6789 connect error [ 1285.479191][T16017] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2509'. [ 1285.559845][T14450] usb 3-1: USB disconnect, device number 30 [ 1286.270558][ T5876] libceph: connect (1)[c::]:6789 error -101 [ 1286.591999][ T5876] libceph: mon0 (1)[c::]:6789 connect error [ 1287.791968][ T5877] libceph: connect (1)[c::]:6789 error -101 [ 1287.798167][ T5877] libceph: mon0 (1)[c::]:6789 connect error [ 1287.811095][T16045] blktrace: Concurrent blktraces are not allowed on loop0 [ 1287.871090][T14186] libceph: connect (1)[c::]:6789 error -101 [ 1287.877236][T14186] libceph: mon0 (1)[c::]:6789 connect error [ 1288.432803][ T5831] libceph: connect (1)[c::]:6789 error -101 [ 1288.446216][ T5831] libceph: mon0 (1)[c::]:6789 connect error [ 1288.461878][T16027] ceph: No mds server is up or the cluster is laggy [ 1288.529057][T16041] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 1288.594699][T16045] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 1289.193256][ T5831] libceph: connect (1)[c::]:6789 error -101 [ 1289.203605][T16056] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2514'. [ 1289.217903][ T5831] libceph: mon0 (1)[c::]:6789 connect error [ 1289.958585][T16064] overlayfs: failed to resolve '/': -2 [ 1290.367220][T16061] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2518'. [ 1291.210472][T16072] FAULT_INJECTION: forcing a failure. [ 1291.210472][T16072] name failslab, interval 1, probability 0, space 0, times 0 [ 1291.223475][T16072] CPU: 0 UID: 0 PID: 16072 Comm: syz.2.2519 Not tainted 6.13.0-rc4-syzkaller #0 [ 1291.232538][T16072] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1291.242623][T16072] Call Trace: [ 1291.245913][T16072] [ 1291.248867][T16072] dump_stack_lvl+0x241/0x360 [ 1291.253577][T16072] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1291.258825][T16072] should_fail_ex+0x3b0/0x4e0 [ 1291.263522][T16072] should_failslab+0xac/0x100 [ 1291.268228][T16072] kmem_cache_alloc_node_noprof+0x77/0x380 [ 1291.274056][T16072] ? __alloc_skb+0x1c3/0x440 [ 1291.278654][T16072] __alloc_skb+0x1c3/0x440 [ 1291.283079][T16072] ? __pfx___alloc_skb+0x10/0x10 [ 1291.288016][T16072] ? netlink_ack_tlv_len+0x6e/0x200 [ 1291.293218][T16072] netlink_ack+0x145/0xa50 [ 1291.297636][T16072] ? __sock_sendmsg+0x221/0x270 [ 1291.302488][T16072] ? ____sys_sendmsg+0x52a/0x7e0 [ 1291.307435][T16072] netlink_rcv_skb+0x262/0x430 [ 1291.312198][T16072] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 1291.317666][T16072] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1291.322959][T16072] ? cap_capable+0x1b4/0x250 [ 1291.327550][T16072] ? safesetid_security_capable+0xb2/0x1d0 [ 1291.333357][T16072] ? bpf_lsm_capable+0x9/0x10 [ 1291.338054][T16072] ? security_capable+0x7e/0x2d0 [ 1291.342995][T16072] nfnetlink_rcv+0x297/0x2ab0 [ 1291.347676][T16072] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1291.353400][T16072] ? __dev_queue_xmit+0x2f4/0x3f50 [ 1291.358515][T16072] ? __dev_queue_xmit+0x1775/0x3f50 [ 1291.363711][T16072] ? kasan_save_track+0x51/0x80 [ 1291.368570][T16072] ? ____sys_sendmsg+0x52a/0x7e0 [ 1291.373508][T16072] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1291.378622][T16072] ? __dev_queue_xmit+0x2f4/0x3f50 [ 1291.383736][T16072] ? __pfx___dev_queue_xmit+0x10/0x10 [ 1291.389116][T16072] ? ref_tracker_free+0x643/0x7e0 [ 1291.394139][T16072] ? __asan_memcpy+0x40/0x70 [ 1291.398731][T16072] ? __pfx_ref_tracker_free+0x10/0x10 [ 1291.404112][T16072] ? netlink_deliver_tap+0x2e/0x1b0 [ 1291.409309][T16072] ? skb_clone+0x240/0x390 [ 1291.413730][T16072] ? __pfx_lock_release+0x10/0x10 [ 1291.418755][T16072] ? __netlink_deliver_tap+0x7aa/0x7f0 [ 1291.424224][T16072] ? netlink_deliver_tap+0x2e/0x1b0 [ 1291.429434][T16072] netlink_unicast+0x7f6/0x990 [ 1291.434210][T16072] ? __pfx_netlink_unicast+0x10/0x10 [ 1291.439497][T16072] ? __virt_addr_valid+0x45f/0x530 [ 1291.444607][T16072] ? __phys_addr_symbol+0x2f/0x70 [ 1291.449629][T16072] ? __check_object_size+0x47a/0x730 [ 1291.454922][T16072] netlink_sendmsg+0x8e4/0xcb0 [ 1291.459696][T16072] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1291.464989][T16072] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1291.470273][T16072] __sock_sendmsg+0x221/0x270 [ 1291.474959][T16072] ____sys_sendmsg+0x52a/0x7e0 [ 1291.479732][T16072] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1291.485014][T16072] ? __fget_files+0x2a/0x410 [ 1291.489609][T16072] ? __fget_files+0x2a/0x410 [ 1291.494200][T16072] __sys_sendmsg+0x269/0x350 [ 1291.498791][T16072] ? __pfx_lock_release+0x10/0x10 [ 1291.503818][T16072] ? __pfx___sys_sendmsg+0x10/0x10 [ 1291.508938][T16072] ? __pfx_vfs_write+0x10/0x10 [ 1291.513718][T16072] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1291.520051][T16072] ? do_syscall_64+0x100/0x230 [ 1291.524819][T16072] ? do_syscall_64+0xb6/0x230 [ 1291.529498][T16072] do_syscall_64+0xf3/0x230 [ 1291.534097][T16072] ? clear_bhb_loop+0x35/0x90 [ 1291.538778][T16072] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1291.544676][T16072] RIP: 0033:0x7fa8d7985d29 [ 1291.549090][T16072] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1291.568700][T16072] RSP: 002b:00007fa8d87ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1291.577138][T16072] RAX: ffffffffffffffda RBX: 00007fa8d7b76080 RCX: 00007fa8d7985d29 [ 1291.585110][T16072] RDX: 0000000000008814 RSI: 0000000020000140 RDI: 0000000000000006 [ 1291.593079][T16072] RBP: 00007fa8d87ce090 R08: 0000000000000000 R09: 0000000000000000 [ 1291.601047][T16072] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1291.609020][T16072] R13: 0000000000000000 R14: 00007fa8d7b76080 R15: 00007ffd7f0dc568 [ 1291.617000][T16072] [ 1292.643680][T16077] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(7) [ 1292.650249][T16077] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1292.747637][T16088] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2517'. [ 1293.184363][T14186] vhci_hcd: vhci_device speed not set [ 1293.380795][T16077] vhci_hcd vhci_hcd.0: Device attached [ 1294.287289][T16095] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2524'. [ 1294.324968][T14186] usb 39-1: new full-speed USB device number 16 using vhci_hcd [ 1295.183202][T16079] vhci_hcd: connection reset by peer [ 1295.188755][ T12] vhci_hcd: stop threads [ 1295.193090][ T12] vhci_hcd: release socket [ 1295.221774][ T12] vhci_hcd: disconnect device [ 1295.775890][ T5876] usb 2-1: new full-speed USB device number 30 using dummy_hcd [ 1295.973388][T16109] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2530'. [ 1296.397042][T16105] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 1296.403581][T16105] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1296.411164][T16105] vhci_hcd vhci_hcd.0: Device attached [ 1296.478329][ T5876] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1296.486765][ T5876] usb 2-1: not running at top speed; connect to a high speed hub [ 1296.508786][ T5876] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 1296.521275][T16111] vhci_hcd: connection closed [ 1296.521680][T12075] vhci_hcd: stop threads [ 1296.534516][T12075] vhci_hcd: release socket [ 1296.541471][ T5876] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1296.552386][T12075] vhci_hcd: disconnect device [ 1296.559665][ T5876] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1296.580431][ T5876] usb 2-1: config 1 has no interface number 1 [ 1296.680141][ T5876] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1296.701499][ T8862] vhci_hcd: vhci_device speed not set [ 1296.714145][T16108] dlm: non-version read from control device 8224 [ 1296.726651][T16108] dlm: non-version read from control device 8224 [ 1296.735531][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1297.430596][ T5876] usb 2-1: Product: syz [ 1297.434830][ T5876] usb 2-1: Manufacturer: syz [ 1297.440288][ T5876] usb 2-1: SerialNumber: syz [ 1298.100004][T16127] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2534'. [ 1299.486280][T16131] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2535'. [ 1300.171207][T14186] vhci_hcd: vhci_device speed not set [ 1302.273396][T16141] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 1304.575563][ T5876] usb 2-1: USB disconnect, device number 30 [ 1305.270787][T16153] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2542'. [ 1305.463117][T16166] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2545'. [ 1305.852412][T16170] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2546'. [ 1306.344461][T16177] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2548'. [ 1307.092540][ T5836] Bluetooth: hci1: unexpected event for opcode 0x080f [ 1307.818964][T16189] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2550'. [ 1308.726504][T16195] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2552'. [ 1310.148344][T16203] relay: one or more items not logged [item size (56) > sub-buffer size (10)] [ 1310.252036][ T5876] usb 5-1: new high-speed USB device number 42 using dummy_hcd [ 1310.908225][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1310.925000][ T5876] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1310.935226][ T5876] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1310.949271][ T5876] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1310.958951][ T5876] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1311.249871][ T5876] usb 5-1: config 0 descriptor?? [ 1311.442154][ T5836] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1311.451023][ T5836] Bluetooth: hci1: Injecting HCI hardware error event [ 1311.463427][ T5836] Bluetooth: hci1: hardware error 0x00 [ 1311.534084][T16211] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2557'. [ 1311.680601][T16221] netlink: 'syz.2.2559': attribute type 39 has an invalid length. [ 1311.692448][T16221] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2559'. [ 1311.695008][ T5876] plantronics 0003:047F:FFFF.0031: No inputs registered, leaving [ 1311.953124][ T5876] plantronics 0003:047F:FFFF.0031: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1312.291595][T16232] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2562'. [ 1312.802412][ T8862] libceph: connect (1)[c::]:6789 error -101 [ 1312.803777][ T5876] usb 5-1: USB disconnect, device number 42 [ 1312.808479][ T8862] libceph: mon0 (1)[c::]:6789 connect error [ 1312.981459][T14450] usb 3-1: new low-speed USB device number 31 using dummy_hcd [ 1313.316404][ T8862] libceph: connect (1)[c::]:6789 error -101 [ 1313.332056][ T8862] libceph: mon0 (1)[c::]:6789 connect error [ 1313.885688][ T5836] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1313.923150][ T8862] libceph: connect (1)[c::]:6789 error -101 [ 1313.929553][ T8862] libceph: mon0 (1)[c::]:6789 connect error [ 1313.963174][T14450] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 1313.984788][T14450] usb 3-1: config 0 has no interface number 0 [ 1313.991340][T14450] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1314.002389][T14450] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0xE has invalid maxpacket 32, setting to 8 [ 1314.013316][T14450] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1314.025005][T14450] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1314.036411][T14450] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 120, setting to 8 [ 1314.047501][T14450] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1314.060629][T14450] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1314.069801][T14450] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1314.105028][T14450] usb 3-1: config 0 descriptor?? [ 1314.111147][T16224] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1314.131130][T16224] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1314.157941][T14450] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1314.863111][T16229] ceph: No mds server is up or the cluster is laggy [ 1315.073018][T14450] usb 3-1: USB disconnect, device number 31 [ 1315.143572][T14450] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 1315.186669][ T1095] tipc: Subscription rejected, illegal request [ 1315.619652][T16257] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1315.991841][T16266] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2573'. [ 1316.411760][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1321.490739][T16307] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2584'. [ 1321.626547][T16314] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2585'. [ 1322.111214][T14450] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 1322.790074][T14450] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1322.808009][T14450] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1322.823997][T14450] usb 3-1: New USB device found, idVendor=06cb, idProduct=73f5, bcdDevice= 0.00 [ 1322.835207][T14450] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1322.851901][T14450] usb 3-1: config 0 descriptor?? [ 1322.857604][T16322] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2590'. [ 1323.846041][T14450] itetech 0003:06CB:73F5.0032: unbalanced collection at end of report description [ 1323.855904][T14450] itetech 0003:06CB:73F5.0032: probe with driver itetech failed with error -22 [ 1323.860368][T16317] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1323.881011][T16317] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1324.906492][T14186] usb 3-1: USB disconnect, device number 32 [ 1324.935020][T16338] overlayfs: failed to resolve '/': -2 [ 1325.664746][T16347] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2595'. [ 1326.400415][T16355] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2597'. [ 1327.115544][T16353] overlayfs: failed to resolve './file1': -2 [ 1327.478091][ T9] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 1327.924785][T16369] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2599'. [ 1328.310383][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 1328.431630][ T9] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1328.470494][ T9] usb 4-1: config 6 has an invalid interface number: 96 but max is 0 [ 1328.489903][ T9] usb 4-1: config 6 has no interface number 0 [ 1328.508377][ T9] usb 4-1: config 6 interface 96 has no altsetting 0 [ 1328.532303][ T9] usb 4-1: string descriptor 0 read error: -22 [ 1328.539501][ T9] usb 4-1: New USB device found, idVendor=e1f2, idProduct=ad01, bcdDevice=a9.d8 [ 1328.575006][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1328.612769][ T9] usb-storage 4-1:6.96: USB Mass Storage device detected [ 1328.707305][ T5876] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 1329.478797][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1329.556709][ T5876] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1329.575505][ T9] usb 4-1: USB disconnect, device number 48 [ 1329.587302][ T5876] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1329.765889][ T5876] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1329.781076][ T5876] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1329.873639][T16384] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2604'. [ 1329.917087][ T5876] usb 3-1: config 0 descriptor?? [ 1330.911794][T16390] overlayfs: failed to resolve '/': -2 [ 1331.585174][T16399] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2609'. [ 1331.618999][T16402] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2607'. [ 1331.685458][ T5876] plantronics 0003:047F:FFFF.0033: No inputs registered, leaving [ 1331.698442][ T5876] plantronics 0003:047F:FFFF.0033: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 1332.143399][ T9] usb 3-1: USB disconnect, device number 33 [ 1333.220393][T16417] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2610'. [ 1334.319402][T16422] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2615'. [ 1334.730335][T16430] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2618'. [ 1335.861878][T16434] overlayfs: overlapping lowerdir path [ 1335.953179][ T3123] tipc: Subscription rejected, illegal request [ 1336.018673][T16439] overlay: ./file0 is not a directory [ 1336.229936][T16447] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2622'. [ 1336.890488][T16452] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2623'. [ 1338.265039][ T5876] usb 3-1: new low-speed USB device number 34 using dummy_hcd [ 1338.449825][ T5876] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1338.468157][ T5876] usb 3-1: config 1 has an invalid descriptor of length 112, skipping remainder of the config [ 1338.504132][ T5876] usb 3-1: config 1 interface 0 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1338.705776][ T5876] usb 3-1: config 1 interface 0 has no altsetting 0 [ 1338.833268][T16470] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2629'. [ 1339.043981][T16473] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2631'. [ 1339.701245][ T5876] usb 3-1: string descriptor 0 read error: -22 [ 1339.708261][ T5876] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1339.717403][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1339.773636][ T5876] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 1341.125364][T14186] usb 3-1: USB disconnect, device number 34 [ 1341.808135][T16507] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2636'. [ 1342.867687][ T3123] tipc: Subscription rejected, illegal request [ 1343.097844][ T5825] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 1343.342864][ T5825] usb 2-1: Using ep0 maxpacket: 8 [ 1343.380269][ T5825] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1343.501002][ T5825] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1343.537548][ T5825] usb 2-1: config 1 has no interface number 1 [ 1343.543713][ T5825] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1343.565402][ T5825] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1343.590001][ T5825] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1343.607984][ T5825] usb 2-1: Manufacturer: Ⰹ [ 1343.845893][T16526] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2645'. [ 1344.494245][ T5825] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1344.827927][ T5825] usb 2-1: USB disconnect, device number 31 [ 1344.977031][T16523] delete_channel: no stack [ 1345.974292][T16536] overlayfs: overlapping lowerdir path [ 1349.724242][T16560] fuse: Unknown parameter '000000000000000000000051844674407370955161500000000000000000000' [ 1349.782179][T16559] fuse: Unknown parameter '000000000000000000000051844674407370955161500000000000000000000' [ 1350.705664][T16558] netlink: 11 bytes leftover after parsing attributes in process `syz.2.2655'. [ 1351.435869][T16569] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(7) [ 1351.442444][T16569] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1351.449986][T16569] vhci_hcd vhci_hcd.0: Device attached [ 1351.659988][ T8862] vhci_hcd: vhci_device speed not set [ 1351.724384][ T8862] usb 41-1: new full-speed USB device number 13 using vhci_hcd [ 1351.782128][T16581] netem: incorrect ge model size [ 1351.787666][T16581] netem: change failed [ 1351.820656][T16581] netlink: 'syz.0.2661': attribute type 21 has an invalid length. [ 1351.822721][T16576] vhci_hcd: connection reset by peer [ 1351.843344][T16581] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2661'. [ 1351.857282][ T52] vhci_hcd: stop threads [ 1351.861589][ T52] vhci_hcd: release socket [ 1351.874194][ T52] vhci_hcd: disconnect device [ 1351.878463][T16583] overlayfs: overlapping lowerdir path [ 1353.872447][T16599] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2667'. [ 1354.246106][T16588] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2665'. [ 1354.301707][T16603] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2666'. [ 1356.352795][T16610] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2669'. [ 1357.166277][ T8862] vhci_hcd: vhci_device speed not set [ 1357.400429][T14450] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 1357.703441][T16629] overlayfs: overlapping lowerdir path [ 1357.946059][T14450] usb 4-1: Using ep0 maxpacket: 16 [ 1357.952765][T14450] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 1357.961628][T14450] usb 4-1: config 0 has no interface number 0 [ 1357.967848][T14450] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 1357.977713][T14450] usb 4-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 1358.621691][T14450] usb 4-1: config 0 interface 41 has no altsetting 0 [ 1358.720248][ T5876] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 1358.741628][T14450] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 1358.752965][T14450] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1358.761156][T14450] usb 4-1: Product: syz [ 1358.765344][T14450] usb 4-1: Manufacturer: syz [ 1358.790666][T14450] usb 4-1: SerialNumber: syz [ 1358.811306][T14450] usb 4-1: config 0 descriptor?? [ 1358.909210][T16620] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1359.257622][T16618] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1359.300936][T16620] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1359.400055][ T5876] usb 3-1: too many configurations: 9, using maximum allowed: 8 [ 1359.430821][ T5876] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1359.440364][ T5876] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1359.450578][ T5876] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1359.491904][ T5876] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1359.522977][ T5876] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1359.577702][T16644] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2679'. [ 1359.603365][ T5876] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1359.633401][ T5876] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1359.648996][T16620] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1359.656199][T16620] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1359.682807][ T5876] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1359.709766][ T5876] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1359.740984][ T5876] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1360.451819][ T5876] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1360.473148][ T5876] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1360.789161][T14450] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): sr_get_phy_addr : Error reading PHYID register:ffffffe0 [ 1360.823862][ T5876] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 1360.843521][ T5876] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x8D has invalid wMaxPacketSize 0 [ 1360.861718][ T5876] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1360.934858][ T5876] usb 3-1: unable to read config index 5 descriptor/start: -71 [ 1360.950141][ T5876] usb 3-1: can't read configurations, error -71 [ 1361.326138][T14450] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): Failed to send software reset:ffffffb9 [ 1361.559492][T14450] CoreChips 4-1:0.41 (unnamed net_device) (uninitialized): Failed to reset PHY: -71 [ 1361.570957][T14450] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -71 [ 1361.593174][T14450] usb 4-1: USB disconnect, device number 49 [ 1362.767178][T16675] overlayfs: overlapping lowerdir path [ 1362.785766][T16670] hub 6-0:1.0: USB hub found [ 1362.818684][T16670] hub 6-0:1.0: 1 port detected [ 1363.657261][T16681] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2689'. [ 1364.937233][T16694] netlink: 12 bytes leftover after parsing attributes in process `syz.2.2690'. [ 1365.459132][T16702] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 1365.465716][T16702] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1365.474699][T16702] vhci_hcd vhci_hcd.0: Device attached [ 1365.480589][T14450] usb 5-1: new high-speed USB device number 43 using dummy_hcd [ 1365.675467][T14450] usb 5-1: Using ep0 maxpacket: 16 [ 1366.202131][T14450] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1366.211794][T14450] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1366.231317][T14450] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1366.276904][ T8862] vhci_hcd: vhci_device speed not set [ 1366.338223][ T8862] usb 35-1: new full-speed USB device number 18 using vhci_hcd [ 1366.415749][T14450] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1366.425101][T14450] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1366.433286][T14450] usb 5-1: Product: syz [ 1366.437617][T14450] usb 5-1: Manufacturer: syz [ 1366.442545][T14450] usb 5-1: SerialNumber: syz [ 1366.449604][T16707] vhci_hcd: connection reset by peer [ 1366.466733][ T35] vhci_hcd: stop threads [ 1366.471093][ T35] vhci_hcd: release socket [ 1366.476043][ T35] vhci_hcd: disconnect device [ 1366.642756][T16715] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2699'. [ 1367.203946][T16717] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2700'. [ 1367.604177][T16698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1367.613806][T16698] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1367.980378][T14450] usb 5-1: 0:2 : does not exist [ 1368.445520][T16698] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1368.454581][T16698] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1368.549672][T14450] usb 5-1: 1:0: cannot get min/max values for control 4 (id 1) [ 1369.201997][ T9] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 1369.238060][T14450] usb 5-1: USB disconnect, device number 43 [ 1370.020483][T16739] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2707'. [ 1370.389391][ T9] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1370.399139][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1370.433247][ T9] usb 4-1: config 0 descriptor?? [ 1370.441608][ T9] cp210x 4-1:0.0: cp210x converter detected [ 1370.547685][T16740] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2705'. [ 1370.926113][T14450] usb 5-1: new high-speed USB device number 44 using dummy_hcd [ 1370.961082][T16743] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2708'. [ 1371.095747][ T9] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1371.200186][T14450] usb 5-1: New USB device found, idVendor=1f71, idProduct=3301, bcdDevice=ce.1a [ 1371.213574][T14450] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1371.252914][T14450] usb 5-1: Product: syz [ 1371.468699][T14450] usb 5-1: Manufacturer: syz [ 1371.473845][T14450] usb 5-1: SerialNumber: syz [ 1371.483996][T14450] usb 5-1: config 0 descriptor?? [ 1371.489296][ T9] cp210x 4-1:0.0: failed to get vendor val 0x370c size 73: -71 [ 1371.497442][ T9] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 1371.509573][ T9] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1371.723968][ T9] usb 4-1: USB disconnect, device number 50 [ 1371.801670][ T8862] vhci_hcd: vhci_device speed not set [ 1371.804065][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1371.821050][ T9] cp210x 4-1:0.0: device disconnected [ 1371.865342][T16752] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 1371.871900][T16752] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1371.957307][T16752] vhci_hcd vhci_hcd.0: Device attached [ 1372.042553][T14450] usb 5-1: USB disconnect, device number 44 [ 1372.196651][ T25] vhci_hcd: vhci_device speed not set [ 1372.260750][ T25] usb 37-1: new full-speed USB device number 17 using vhci_hcd [ 1372.274609][T16754] vhci_hcd: connection reset by peer [ 1372.280297][T12075] vhci_hcd: stop threads [ 1372.284615][T12075] vhci_hcd: release socket [ 1372.289459][T12075] vhci_hcd: disconnect device [ 1372.563372][ T9] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 1372.790340][T16764] netlink: 96 bytes leftover after parsing attributes in process `syz.4.2713'. [ 1373.021160][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 1373.185607][ T9] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1373.216997][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1373.234216][ T9] usb 4-1: Product: syz [ 1373.242243][ T9] usb 4-1: Manufacturer: syz [ 1373.252762][ T9] usb 4-1: SerialNumber: syz [ 1373.273843][ T9] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1373.284354][ T9] r8152-cfgselector 4-1: config 0 descriptor?? [ 1373.597791][ T8862] usb 5-1: new high-speed USB device number 45 using dummy_hcd [ 1373.783609][ T8862] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1373.805816][ T8862] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1373.847697][ T8862] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1373.861353][ T8862] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1373.871024][ T8862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1373.882543][T16759] r8152-cfgselector 4-1: USB disconnect, device number 51 [ 1373.887912][T16771] blktrace: Concurrent blktraces are not allowed on loop3 [ 1373.891745][ T8862] usb 5-1: config 0 descriptor?? [ 1374.541106][ T8862] plantronics 0003:047F:FFFF.0034: No inputs registered, leaving [ 1374.647388][ T8862] plantronics 0003:047F:FFFF.0034: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1375.077335][ T8862] usb 5-1: USB disconnect, device number 45 [ 1375.077394][T16783] netlink: 'syz.2.2719': attribute type 3 has an invalid length. [ 1375.102002][T16783] netlink: 199836 bytes leftover after parsing attributes in process `syz.2.2719'. [ 1375.360830][T16787] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2720'. [ 1375.717822][T16792] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2721'. [ 1376.637038][T16799] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2722'. [ 1377.775634][ T25] vhci_hcd: vhci_device speed not set [ 1379.199025][ T46] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 1379.218693][T16759] libceph: connect (1)[c::]:6789 error -101 [ 1379.225096][T16759] libceph: mon0 (1)[c::]:6789 connect error [ 1379.469977][ T46] usb 4-1: device descriptor read/64, error -71 [ 1379.512046][T16759] libceph: connect (1)[c::]:6789 error -101 [ 1379.522533][T16759] libceph: mon0 (1)[c::]:6789 connect error [ 1379.733772][ T46] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 1380.673179][ T25] libceph: connect (1)[c::]:6789 error -101 [ 1380.679382][ T25] libceph: mon0 (1)[c::]:6789 connect error [ 1380.806941][ T46] usb 4-1: device descriptor read/64, error -71 [ 1381.014044][ T46] usb usb4-port1: attempt power cycle [ 1381.096339][T16831] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2731'. [ 1381.259160][T16835] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2732'. [ 1381.316515][T16825] overlayfs: overlapping lowerdir path [ 1381.711749][T16759] libceph: connect (1)[c::]:6789 error -101 [ 1381.717812][T16759] libceph: mon0 (1)[c::]:6789 connect error [ 1382.099431][ T1296] ieee802154 phy0 wpan0: encryption failed: -22 [ 1382.326212][T16849] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2738'. [ 1382.739118][T16819] ceph: No mds server is up or the cluster is laggy [ 1382.752560][ T46] libceph: connect (1)[c::]:6789 error -101 [ 1382.765244][ T46] libceph: mon0 (1)[c::]:6789 connect error [ 1382.785399][T16850] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2737'. [ 1383.078869][T16759] libceph: connect (1)[c::]:6789 error -101 [ 1383.090892][T16759] libceph: mon0 (1)[c::]:6789 connect error [ 1384.544926][T16856] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2739'. [ 1385.312548][T16861] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2741'. [ 1386.137559][T16865] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2744'. [ 1386.381685][ T8047] tipc: Subscription rejected, illegal request [ 1386.492990][T16885] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2750'. [ 1387.003171][ T5877] usb 3-1: new full-speed USB device number 37 using dummy_hcd [ 1387.193646][ T5877] usb 3-1: config 0 has an invalid interface number: 80 but max is 1 [ 1387.288087][ T5877] usb 3-1: config 0 has an invalid interface number: 230 but max is 1 [ 1387.314718][ T5877] usb 3-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 1387.362535][ T5877] usb 3-1: config 0 has no interface number 0 [ 1387.387967][ T5877] usb 3-1: config 0 has no interface number 1 [ 1387.410373][ T5877] usb 3-1: config 0 interface 80 altsetting 6 endpoint 0xC has invalid maxpacket 1024, setting to 64 [ 1387.458202][ T5877] usb 3-1: config 0 interface 80 altsetting 6 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 1387.501621][ T5877] usb 3-1: config 0 interface 80 altsetting 6 has a duplicate endpoint with address 0xB, skipping [ 1387.539441][ T5877] usb 3-1: config 0 interface 230 altsetting 255 has a duplicate endpoint with address 0x4, skipping [ 1387.553600][ T5877] usb 3-1: config 0 interface 230 altsetting 255 has a duplicate endpoint with address 0x4, skipping [ 1387.568283][ T5877] usb 3-1: config 0 interface 230 altsetting 255 has a duplicate endpoint with address 0x8, skipping [ 1387.580545][ T5877] usb 3-1: config 0 interface 230 altsetting 255 endpoint 0x7 has invalid maxpacket 528, setting to 64 [ 1387.596831][ T5877] usb 3-1: config 0 interface 230 altsetting 255 has a duplicate endpoint with address 0x3, skipping [ 1387.634310][ T5877] usb 3-1: config 0 interface 80 has no altsetting 0 [ 1387.643360][ T5877] usb 3-1: config 0 interface 230 has no altsetting 0 [ 1387.721125][ T5877] usb 3-1: New USB device found, idVendor=1608, idProduct=000f, bcdDevice=8b.0d [ 1387.773629][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1387.782502][ T5877] usb 3-1: Product: syz [ 1387.786848][ T5877] usb 3-1: Manufacturer: syz [ 1387.791457][ T5877] usb 3-1: SerialNumber: syz [ 1387.801931][ T5877] usb 3-1: rejected 1 configuration due to insufficient available bus power [ 1387.823346][ T5877] usb 3-1: no configuration chosen from 1 choice [ 1388.489387][ T5877] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 1388.671061][ T5877] usb 4-1: Using ep0 maxpacket: 32 [ 1388.682188][ T5877] usb 4-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 1388.691365][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1389.127078][ T5877] usb 4-1: config 0 descriptor?? [ 1389.214664][T16897] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2754'. [ 1389.228592][ T5877] usb 4-1: selecting invalid altsetting 3 [ 1389.237929][ T5877] comedi comedi0: could not set alternate setting 3 in high speed [ 1389.272606][ T5877] usbduxsigma 4-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 1389.323509][ T5877] usbduxsigma 4-1:0.0: probe with driver usbduxsigma failed with error -22 [ 1389.515383][ T5877] usb 3-1: USB disconnect, device number 37 [ 1390.253441][T16909] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2759'. [ 1390.456967][T16918] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2760'. [ 1390.894465][ T5877] usb 5-1: new high-speed USB device number 46 using dummy_hcd [ 1391.109249][T14450] usb 4-1: USB disconnect, device number 55 [ 1391.528281][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1391.541918][ T5877] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1392.030189][T16929] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2762'. [ 1392.062617][T16930] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2764'. [ 1392.063393][ T5877] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1392.085227][ T5877] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1392.095234][ T5877] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1392.409005][ T5877] usb 5-1: config 0 descriptor?? [ 1393.046538][T16936] FAULT_INJECTION: forcing a failure. [ 1393.046538][T16936] name failslab, interval 1, probability 0, space 0, times 0 [ 1393.059545][T16936] CPU: 1 UID: 0 PID: 16936 Comm: syz.2.2766 Not tainted 6.13.0-rc4-syzkaller #0 [ 1393.068619][T16936] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1393.078714][T16936] Call Trace: [ 1393.082015][T16936] [ 1393.084969][T16936] dump_stack_lvl+0x241/0x360 [ 1393.089780][T16936] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1393.095110][T16936] ? __pfx__printk+0x10/0x10 [ 1393.099745][T16936] ? __kmalloc_noprof+0xb5/0x4c0 [ 1393.104716][T16936] ? __pfx___might_resched+0x10/0x10 [ 1393.110049][T16936] should_fail_ex+0x3b0/0x4e0 [ 1393.114752][T16936] should_failslab+0xac/0x100 [ 1393.119465][T16936] __kmalloc_noprof+0xdd/0x4c0 [ 1393.124260][T16936] ? nla_strdup+0x9c/0x140 [ 1393.128708][T16936] ? __kasan_kmalloc+0x98/0xb0 [ 1393.133510][T16936] nla_strdup+0x9c/0x140 [ 1393.137784][T16936] nf_tables_newtable+0x59b/0x1e10 [ 1393.142940][T16936] ? nfnl_pernet+0x23/0x240 [ 1393.147471][T16936] ? __pfx_nf_tables_newtable+0x10/0x10 [ 1393.153047][T16936] ? __nla_parse+0x40/0x60 [ 1393.157458][T16936] nfnetlink_rcv+0x14e3/0x2ab0 [ 1393.162260][T16936] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 1393.167399][T16936] ? netlink_deliver_tap+0x2e/0x1b0 [ 1393.172633][T16936] ? skb_clone+0x240/0x390 [ 1393.177084][T16936] ? __pfx_lock_release+0x10/0x10 [ 1393.182150][T16936] ? netlink_deliver_tap+0x2e/0x1b0 [ 1393.187373][T16936] netlink_unicast+0x7f6/0x990 [ 1393.192152][T16936] ? __pfx_netlink_unicast+0x10/0x10 [ 1393.197451][T16936] ? __virt_addr_valid+0x45f/0x530 [ 1393.202576][T16936] ? __phys_addr_symbol+0x2f/0x70 [ 1393.207599][T16936] ? __check_object_size+0x47a/0x730 [ 1393.212889][T16936] netlink_sendmsg+0x8e4/0xcb0 [ 1393.217669][T16936] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1393.222975][T16936] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1393.228258][T16936] __sock_sendmsg+0x221/0x270 [ 1393.232934][T16936] ____sys_sendmsg+0x52a/0x7e0 [ 1393.237723][T16936] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1393.243035][T16936] ? __fget_files+0x2a/0x410 [ 1393.247648][T16936] ? __fget_files+0x2a/0x410 [ 1393.252260][T16936] __sys_sendmsg+0x269/0x350 [ 1393.256875][T16936] ? __pfx_lock_release+0x10/0x10 [ 1393.261920][T16936] ? __pfx___sys_sendmsg+0x10/0x10 [ 1393.267045][T16936] ? __pfx_vfs_write+0x10/0x10 [ 1393.271838][T16936] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1393.278164][T16936] ? do_syscall_64+0x100/0x230 [ 1393.282934][T16936] ? do_syscall_64+0xb6/0x230 [ 1393.287619][T16936] do_syscall_64+0xf3/0x230 [ 1393.292150][T16936] ? clear_bhb_loop+0x35/0x90 [ 1393.296838][T16936] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1393.302852][T16936] RIP: 0033:0x7fa8d7985d29 [ 1393.307285][T16936] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1393.326899][T16936] RSP: 002b:00007fa8d87ef038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1393.335321][T16936] RAX: ffffffffffffffda RBX: 00007fa8d7b75fa0 RCX: 00007fa8d7985d29 [ 1393.343298][T16936] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 1393.351280][T16936] RBP: 00007fa8d87ef090 R08: 0000000000000000 R09: 0000000000000000 [ 1393.359336][T16936] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1393.367310][T16936] R13: 0000000000000000 R14: 00007fa8d7b75fa0 R15: 00007ffd7f0dc568 [ 1393.375294][T16936] [ 1393.403686][ T5877] plantronics 0003:047F:FFFF.0035: No inputs registered, leaving [ 1393.417566][ T5877] plantronics 0003:047F:FFFF.0035: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 1394.109334][T16944] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2765'. [ 1394.578855][T16759] usb 5-1: USB disconnect, device number 46 [ 1394.639425][T16942] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2767'. [ 1395.410408][T16960] netlink: 16 bytes leftover after parsing attributes in process `syz.4.2772'. [ 1395.983283][ T46] usb 5-1: new high-speed USB device number 47 using dummy_hcd [ 1396.288411][ T46] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1396.299110][ T46] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1396.338871][ T46] usb 5-1: config 0 descriptor?? [ 1396.428837][ T46] cp210x 5-1:0.0: cp210x converter detected [ 1396.921994][T16972] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2776'. [ 1397.521636][ T46] cp210x 5-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1397.534042][ T46] cp210x 5-1:0.0: failed to get vendor val 0x370c size 73: -71 [ 1397.541816][ T46] cp210x 5-1:0.0: GPIO initialisation failed: -71 [ 1397.562627][ T46] usb 5-1: cp210x converter now attached to ttyUSB0 [ 1397.589949][ T46] usb 5-1: USB disconnect, device number 47 [ 1397.609149][ T46] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1397.618087][ T46] cp210x 5-1:0.0: device disconnected [ 1397.848779][T16977] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2777'. [ 1398.752101][ T9] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 1398.873843][T16985] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2780'. [ 1399.737279][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 1399.804113][T16992] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2781'. [ 1399.874565][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1399.908133][ T9] usb 3-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00 [ 1400.017568][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1400.182931][ T9] usb 3-1: config 0 descriptor?? [ 1400.285885][T16989] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1400.331860][T16989] x_tables: duplicate underflow at hook 3 [ 1400.668662][ T9] lenovo 0003:17EF:60EE.0036: item fetching failed at offset 2/5 [ 1400.678134][ T9] lenovo 0003:17EF:60EE.0036: hid_parse failed [ 1400.692718][ T9] lenovo 0003:17EF:60EE.0036: probe with driver lenovo failed with error -22 [ 1400.761340][T16998] netlink: 12 bytes leftover after parsing attributes in process `syz.0.2785'. [ 1400.770867][ T46] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 1400.997178][ T46] usb 2-1: Using ep0 maxpacket: 32 [ 1401.018716][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1401.030876][ T46] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1401.040948][ T46] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1401.050119][ T46] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1401.192438][ T46] usb 2-1: config 0 descriptor?? [ 1401.215158][ T46] hub 2-1:0.0: USB hub found [ 1401.385577][T17002] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1401.399853][T17002] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1401.511504][ T46] hub 2-1:0.0: 1 port detected [ 1402.486535][T17012] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2788'. [ 1402.817465][ T46] usb 3-1: USB disconnect, device number 38 [ 1402.845461][T16759] hub 2-1:0.0: activate --> -90 [ 1403.147826][T16759] hub 2-1:0.0: hub_ext_port_status failed (err = 0) [ 1403.873154][T16759] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 1404.044051][T16759] usb 4-1: Using ep0 maxpacket: 8 [ 1404.074952][T16759] usb 4-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab [ 1404.084391][T16759] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 1404.105856][T16759] usb 4-1: Product: syz [ 1404.110607][T16759] usb 4-1: Manufacturer: syz [ 1404.115265][T16759] usb 4-1: SerialNumber: syz [ 1404.140820][T16759] usb 4-1: config 0 descriptor?? [ 1404.580730][T16759] usb 4-1: USB disconnect, device number 56 [ 1404.629096][ C1] vkms_vblank_simulate: vblank timer overrun [ 1405.737317][T17039] netlink: 12 bytes leftover after parsing attributes in process `syz.4.2795'. [ 1406.043356][T14450] usb 2-1: USB disconnect, device number 32 [ 1406.195602][ T25] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 1406.588071][ T25] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1406.624892][ T25] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1406.735042][ T25] usb 4-1: config 0 descriptor?? [ 1406.911256][ T25] cp210x 4-1:0.0: cp210x converter detected [ 1408.367479][ T25] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1408.572289][T17064] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(7) [ 1408.578861][T17064] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1408.586803][T17064] vhci_hcd vhci_hcd.0: Device attached [ 1408.609046][ T25] cp210x 4-1:0.0: failed to get vendor val 0x370c size 73: -71 [ 1408.616685][ T25] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 1408.639271][ T25] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1408.887499][ T25] usb 4-1: USB disconnect, device number 57 [ 1408.907956][ T25] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1408.916287][ T25] cp210x 4-1:0.0: device disconnected [ 1408.916537][T17072] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 1408.928223][T17072] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 1408.950969][ T9] vhci_hcd: vhci_device speed not set [ 1408.979516][T17072] vhci_hcd vhci_hcd.0: Device attached [ 1409.015137][ T9] usb 37-1: new full-speed USB device number 18 using vhci_hcd [ 1409.182041][ T46] vhci_hcd: vhci_device speed not set [ 1409.346685][T17068] vhci_hcd: connection reset by peer [ 1409.353120][ T35] vhci_hcd: stop threads [ 1409.357562][ T35] vhci_hcd: release socket [ 1409.369385][ T35] vhci_hcd: disconnect device [ 1409.389309][ T46] usb 35-1: new full-speed USB device number 19 using vhci_hcd [ 1409.774635][T17080] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2805'. [ 1410.118996][T17073] vhci_hcd: connection reset by peer [ 1410.124540][ T35] vhci_hcd: stop threads [ 1410.128946][ T35] vhci_hcd: release socket [ 1410.133440][ T35] vhci_hcd: disconnect device [ 1410.679637][T17094] netlink: 'syz.0.2810': attribute type 10 has an invalid length. [ 1411.080836][T17097] netlink: 'syz.0.2810': attribute type 1 has an invalid length. [ 1414.312400][T17112] delete_channel: no stack [ 1414.456601][ T9] vhci_hcd: vhci_device speed not set [ 1414.793428][T17130] netlink: 16 bytes leftover after parsing attributes in process `syz.1.2819'. [ 1414.936880][ T46] vhci_hcd: vhci_device speed not set [ 1418.754303][ T25] usb 5-1: new high-speed USB device number 48 using dummy_hcd [ 1418.832535][T17151] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2825'. [ 1419.044360][ T25] usb 5-1: Using ep0 maxpacket: 16 [ 1419.073416][T17158] fuse: Unknown parameter 'roovmode' [ 1419.759810][ T25] usb 5-1: config 1 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 1419.771155][ T25] usb 5-1: config 1 interface 0 altsetting 10 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1419.791212][ T25] usb 5-1: config 1 interface 0 altsetting 10 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1419.894225][T17155] netlink: 96 bytes leftover after parsing attributes in process `syz.3.2828'. [ 1419.946396][ T25] usb 5-1: config 1 interface 0 has no altsetting 0 [ 1419.974074][ T25] usb 5-1: string descriptor 0 read error: -71 [ 1420.054844][T17166] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2830'. [ 1420.513629][ T25] usb 5-1: New USB device found, idVendor=044f, idProduct=b300, bcdDevice= 0.40 [ 1420.522880][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1420.539812][ T25] usb 5-1: can't set config #1, error -71 [ 1420.598522][ T25] usb 5-1: USB disconnect, device number 48 [ 1420.889315][T17169] netlink: 96 bytes leftover after parsing attributes in process `syz.0.2831'. [ 1432.967574][T17180] netlink: 96 bytes leftover after parsing attributes in process `syz.2.2835'. [ 1432.989350][T16759] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 1433.233419][T16759] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1433.327401][T16759] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1433.357205][T17182] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2833'. [ 1433.389319][T16759] usb 4-1: config 0 descriptor?? [ 1433.465894][T16759] cp210x 4-1:0.0: cp210x converter detected [ 1433.511670][T17183] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2834'. [ 1434.236464][T16759] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 1434.791780][T16759] cp210x 4-1:0.0: failed to get vendor val 0x370c size 73: -71 [ 1434.799367][T16759] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 1434.813907][T16759] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1434.821674][T16759] usb 4-1: USB disconnect, device number 58 [ 1434.834677][T16759] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1434.842711][T16759] cp210x 4-1:0.0: device disconnected [ 1441.959269][ T5877] kernel write not supported for file /amidi2 (pid: 5877 comm: kworker/0:4) [ 1442.191766][T17203] netlink: 16 bytes leftover after parsing attributes in process `syz.0.2840'. [ 1443.344056][T14450] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 1443.717335][T17206] bond1: entered promiscuous mode [ 1443.736955][T17206] bond1: entered allmulticast mode [ 1443.744014][T14450] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1443.749231][T17206] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1443.753451][T14450] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1443.768194][T14450] usb 4-1: Product: syz [ 1443.772494][T14450] usb 4-1: Manufacturer: syz [ 1443.777140][T14450] usb 4-1: SerialNumber: syz [ 1443.788363][T14450] usb 4-1: config 0 descriptor?? [ 1443.950276][T17206] bond1 (unregistering): Released all slaves [ 1443.970629][T17208] netlink: 96 bytes leftover after parsing attributes in process `syz.1.2841'. [ 1444.185034][T17219] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2846'. [ 1444.850797][T14450] usb 4-1: Firmware: major: 0, minor: 0, hardware type: RZUSB (3) [ 1444.862680][T14450] usb 4-1: Firmware version (0.0) predates our first public release. [ 1444.882484][T14450] usb 4-1: Please update to version 0.2 or newer [ 1444.897035][T14450] usb 4-1: Firmware: build !H,0g@4wڍ@w91Fx,ZhlӰ)>W*t=hy~8A:iZ=s[S2 ktoT{k=#Rs1;"6 1 [ 1475.431708][T16218] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1475.446738][T16218] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1475.457698][T16218] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1475.470653][T16218] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1475.478771][T16218] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1475.637999][T17469] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2915'. [ 1475.750756][T17465] chnl_net:caif_netlink_parms(): no params data found [ 1475.898054][T17465] bridge0: port 1(bridge_slave_0) entered blocking state [ 1475.905508][T17465] bridge0: port 1(bridge_slave_0) entered disabled state [ 1475.913181][T17465] bridge_slave_0: entered allmulticast mode [ 1475.922222][T17465] bridge_slave_0: entered promiscuous mode [ 1475.943136][T17465] bridge0: port 2(bridge_slave_1) entered blocking state [ 1475.950929][T17465] bridge0: port 2(bridge_slave_1) entered disabled state [ 1475.971630][T17465] bridge_slave_1: entered allmulticast mode [ 1475.978993][T17465] bridge_slave_1: entered promiscuous mode [ 1476.013329][ T8862] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 1476.053866][T17465] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1476.070946][T17465] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1476.114023][T17465] team0: Port device team_slave_0 added [ 1476.122118][T17465] team0: Port device team_slave_1 added [ 1476.144601][T17490] batman_adv: batadv0: Adding interface: ip6gretap1 [ 1476.151275][T17490] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1476.177343][T17490] batman_adv: batadv0: Interface activated: ip6gretap1 [ 1476.205586][ T8862] usb 2-1: Using ep0 maxpacket: 16 [ 1476.218300][ T8862] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1476.230404][T17465] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1476.237394][T17465] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1476.269973][ T8862] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1476.279773][ T8862] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1476.293250][T17465] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1476.301353][ T8862] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1476.306585][T17465] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1476.322007][ T8862] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1476.330112][T17465] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1476.330144][T17465] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1476.398973][ T8862] usb 2-1: config 0 descriptor?? [ 1476.557270][T17465] hsr_slave_0: entered promiscuous mode [ 1476.568742][T17465] hsr_slave_1: entered promiscuous mode [ 1476.579400][T17465] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1476.599409][T17465] Cannot create hsr debugfs directory [ 1476.738631][ T29] audit: type=1326 audit(1734960679.287:393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17485 comm="syz.3.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0655585d29 code=0x7ffc0000 [ 1476.776766][ T29] audit: type=1326 audit(1734960679.287:394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17485 comm="syz.3.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0655585d29 code=0x7ffc0000 [ 1476.811620][ T29] audit: type=1326 audit(1734960679.287:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17485 comm="syz.3.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f0655585d29 code=0x7ffc0000 [ 1476.846425][ T29] audit: type=1326 audit(1734960679.287:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17485 comm="syz.3.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0655585d29 code=0x7ffc0000 [ 1476.862612][ T8862] microsoft 0003:045E:07DA.0037: No inputs registered, leaving [ 1476.893260][ T8862] microsoft 0003:045E:07DA.0037: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 1476.905409][ T8862] microsoft 0003:045E:07DA.0037: no inputs found [ 1476.912231][ T8862] microsoft 0003:045E:07DA.0037: could not initialize ff, continuing anyway [ 1476.928375][ T29] audit: type=1326 audit(1734960679.287:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17485 comm="syz.3.2920" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f0655585d29 code=0x7ffc0000 [ 1477.002257][T17506] netlink: 52 bytes leftover after parsing attributes in process `syz.0.2928'. [ 1477.055503][T17465] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1477.100064][ T46] usb 2-1: USB disconnect, device number 34 [ 1477.277013][T17465] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1477.379778][T17465] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1477.503811][T17465] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1477.676625][T16218] Bluetooth: hci0: command tx timeout [ 1477.761257][T17521] syz.1.2935[17521] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1477.761466][T17521] syz.1.2935[17521] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1477.773737][T17521] syz.1.2935[17521] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1477.846940][T17465] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1477.881688][T17523] syz.0.2936[17523] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1477.881783][T17523] syz.0.2936[17523] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1477.898704][T17465] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1477.931033][T17523] syz.0.2936[17523] is installing a program with bpf_probe_write_user helper that may corrupt user memory! [ 1477.933113][T17523] program syz.0.2936 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1477.934007][T17465] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1477.977389][T17465] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1478.496285][T17465] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1478.571715][T17465] 8021q: adding VLAN 0 to HW filter on device team0 [ 1478.578901][ T29] audit: type=1326 audit(1734960680.999:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17545 comm="syz.2.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8d7985d29 code=0x7ffc0000 [ 1478.636168][T11530] bridge0: port 1(bridge_slave_0) entered blocking state [ 1478.643356][T11530] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1478.678582][ T29] audit: type=1326 audit(1734960681.008:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17545 comm="syz.2.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8d7985d29 code=0x7ffc0000 [ 1478.701804][T11530] bridge0: port 2(bridge_slave_1) entered blocking state [ 1478.708957][T11530] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1478.730199][ T29] audit: type=1326 audit(1734960681.008:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17545 comm="syz.2.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fa8d7985d29 code=0x7ffc0000 [ 1478.820422][ T29] audit: type=1326 audit(1734960681.008:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17545 comm="syz.2.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8d7985d29 code=0x7ffc0000 [ 1478.903840][T17465] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1478.932382][ T29] audit: type=1326 audit(1734960681.008:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17545 comm="syz.2.2947" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fa8d7985d29 code=0x7ffc0000 [ 1479.024487][T17565] usb usb2: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 1479.156383][T17573] netlink: 'syz.0.2958': attribute type 1 has an invalid length. [ 1479.320155][T17465] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1479.849681][T17465] veth0_vlan: entered promiscuous mode [ 1479.869264][T17465] veth1_vlan: entered promiscuous mode [ 1479.894793][T16218] Bluetooth: hci0: command tx timeout [ 1479.930418][T17465] veth0_macvtap: entered promiscuous mode [ 1479.946938][T17465] veth1_macvtap: entered promiscuous mode [ 1479.967337][T17465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1479.978250][T17465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1479.992808][T17465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1480.004963][T17465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1480.015538][T17465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1480.026298][T17465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1480.039153][T17465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1480.057347][T17465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1480.071787][T17465] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1480.105710][T17465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1480.119680][T17465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1480.129876][T17465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1480.140597][T17465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1480.161049][T17465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1480.182055][T17465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1480.206216][T17465] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1480.219566][T17465] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1480.244680][T17465] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1480.274421][T17465] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1480.283875][T17465] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1480.293215][T17465] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1480.303093][T17465] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1480.375310][T17611] Invalid ELF header magic: != ELF [ 1480.522830][T17210] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1480.555923][T17210] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1480.643013][T15564] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1480.650898][T15564] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1480.748089][T17626] netlink: 'syz.2.2974': attribute type 6 has an invalid length. [ 1481.209568][T16759] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 1481.428083][T16759] usb 5-1: New USB device found, idVendor=2770, idProduct=9052, bcdDevice=15.f5 [ 1481.446088][T16759] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1481.466936][T16759] usb 5-1: Product: syz [ 1481.471164][T16759] usb 5-1: Manufacturer: syz [ 1481.475801][T16759] usb 5-1: SerialNumber: syz [ 1481.510004][T16759] usb 5-1: config 0 descriptor?? [ 1481.528798][ T7735] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1481.553251][T16759] gspca_main: sq905c-2.14.0 probing 2770:9052 [ 1481.605604][ T5836] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1481.617093][ T5836] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1481.630091][ T5836] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1481.648868][T17659] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2986'. [ 1481.662624][ T5836] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1481.677223][ T5836] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 1481.686089][ T5836] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1481.754006][ T7735] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1481.848680][T17663] netlink: 24 bytes leftover after parsing attributes in process `syz.3.2988'. [ 1481.917501][ T7735] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1482.050451][T16759] gspca_sq905c: sq905c_read: usb_control_msg failed (-71) [ 1482.064136][T16759] sq905c 5-1:0.0: Reading version command failed [ 1482.081843][T16759] sq905c 5-1:0.0: probe with driver sq905c failed with error -71 [ 1482.103175][T16759] usb 5-1: USB disconnect, device number 52 [ 1482.124754][T16218] Bluetooth: hci0: command tx timeout [ 1482.164435][ T7735] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1482.338020][T17656] chnl_net:caif_netlink_parms(): no params data found [ 1482.508149][ T7735] bridge_slave_1: left allmulticast mode [ 1482.514626][ T7735] bridge_slave_1: left promiscuous mode [ 1482.523122][ T7735] bridge0: port 2(bridge_slave_1) entered disabled state [ 1482.549780][ T7735] bridge_slave_0: left allmulticast mode [ 1482.555576][ T7735] bridge_slave_0: left promiscuous mode [ 1482.562335][ T7735] bridge0: port 1(bridge_slave_0) entered disabled state [ 1482.828116][T17703] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3005'. [ 1482.985006][ T29] kauditd_printk_skb: 124 callbacks suppressed [ 1482.985027][ T29] audit: type=1326 audit(1734960684.767:527): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17706 comm="syz.4.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1483.075161][ T29] audit: type=1326 audit(1734960684.767:528): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17706 comm="syz.4.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1483.167662][ T29] audit: type=1326 audit(1734960684.767:529): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17706 comm="syz.4.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1483.216565][ T29] audit: type=1326 audit(1734960684.767:530): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17706 comm="syz.4.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1483.294361][ T29] audit: type=1326 audit(1734960684.767:531): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17706 comm="syz.4.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=2 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1483.330030][ T29] audit: type=1326 audit(1734960684.767:532): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17706 comm="syz.4.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1483.380232][T17725] netlink: 'syz.3.3011': attribute type 10 has an invalid length. [ 1483.388318][T17725] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3011'. [ 1483.413254][ T29] audit: type=1326 audit(1734960684.767:533): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17706 comm="syz.4.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=327 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1483.436313][ T29] audit: type=1326 audit(1734960684.767:534): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17706 comm="syz.4.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1483.495803][ T29] audit: type=1326 audit(1734960684.767:535): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17706 comm="syz.4.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff6a2b84690 code=0x7ffc0000 [ 1483.569828][ T29] audit: type=1326 audit(1734960684.767:536): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17706 comm="syz.4.3006" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1483.628742][T17734] xt_hashlimit: max too large, truncated to 1048576 [ 1483.636669][ T7735] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 1483.641245][T17734] Cannot find set identified by id 0 to match [ 1483.914669][T16218] Bluetooth: hci3: command tx timeout [ 1484.102139][ T7735] bond0 (unregistering): (slave 2@): Releasing backup interface [ 1484.123214][ T7735] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1484.145841][ T7735] bond0 (unregistering): Released all slaves [ 1484.180451][T17712] tipc: Started in network mode [ 1484.185545][T17712] tipc: Node identity 4, cluster identity 4711 [ 1484.196692][T17712] tipc: Node number set to 4 [ 1484.256519][T17725] bridge0: port 4(macvlan1) entered blocking state [ 1484.263148][T17725] bridge0: port 4(macvlan1) entered disabled state [ 1484.298548][T17725] macvlan1: entered allmulticast mode [ 1484.303988][T17725] veth1_vlan: entered allmulticast mode [ 1484.341262][T16218] Bluetooth: hci0: command tx timeout [ 1484.362834][T17725] macvlan1: entered promiscuous mode [ 1484.405902][T17725] bridge0: port 4(macvlan1) entered blocking state [ 1484.412593][T17725] bridge0: port 4(macvlan1) entered forwarding state [ 1484.727838][T17768] : renamed from vlan1 (while UP) [ 1484.744311][T17779] netlink: 132 bytes leftover after parsing attributes in process `syz.3.3025'. [ 1484.807954][T17656] bridge0: port 1(bridge_slave_0) entered blocking state [ 1484.829156][T17656] bridge0: port 1(bridge_slave_0) entered disabled state [ 1484.850387][T17656] bridge_slave_0: entered allmulticast mode [ 1484.887151][T17656] bridge_slave_0: entered promiscuous mode [ 1484.995609][T17782] : renamed from bond0 [ 1485.004793][T17656] bridge0: port 2(bridge_slave_1) entered blocking state [ 1485.014804][T14450] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 1485.018270][T17656] bridge0: port 2(bridge_slave_1) entered disabled state [ 1485.037306][T17656] bridge_slave_1: entered allmulticast mode [ 1485.044591][T17656] bridge_slave_1: entered promiscuous mode [ 1485.119739][ T7735] hsr_slave_0: left promiscuous mode [ 1485.151499][ T7735] hsr_slave_1: left promiscuous mode [ 1485.163245][ T7735] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1485.171865][ T7735] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1485.207571][ T7735] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1485.217508][T14450] usb 5-1: Using ep0 maxpacket: 32 [ 1485.229189][T14450] usb 5-1: config 0 has an invalid interface number: 2 but max is 0 [ 1485.230341][ T7735] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1485.237210][T14450] usb 5-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 1485.237237][T14450] usb 5-1: config 0 has no interface number 1 [ 1485.237279][T14450] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1485.286729][T14450] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1485.292670][ T7735] veth1_macvtap: left promiscuous mode [ 1485.301418][T14450] usb 5-1: too many endpoints for config 0 interface 2 altsetting 3: 32, using maximum allowed: 30 [ 1485.324442][ T7735] veth0_macvtap: left promiscuous mode [ 1485.343075][T14450] usb 5-1: config 0 interface 2 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 32 [ 1485.362932][ T7735] veth1_vlan: left promiscuous mode [ 1485.368017][T14450] usb 5-1: config 0 interface 0 has no altsetting 0 [ 1485.373987][ T7735] veth0_vlan: left promiscuous mode [ 1485.375512][T14450] usb 5-1: config 0 interface 2 has no altsetting 0 [ 1485.400271][T14450] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1c08, bcdDevice= 0.00 [ 1485.410132][T14450] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1485.433903][T14450] usb 5-1: config 0 descriptor?? [ 1485.729158][T17803] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3034'. [ 1485.904435][T14450] usbhid 5-1:0.0: can't add hid device: -71 [ 1485.921162][T14450] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 1485.930783][T14450] hub 5-1:0.2: bad descriptor, ignoring hub [ 1485.949770][T14450] hub 5-1:0.2: probe with driver hub failed with error -5 [ 1486.013651][T14450] usb 5-1: USB disconnect, device number 53 [ 1486.145266][T16218] Bluetooth: hci3: command tx timeout [ 1486.421842][ T7735] team0 (unregistering): Port device team_slave_1 removed [ 1486.561898][ T7735] team0 (unregistering): Port device team_slave_0 removed [ 1486.784482][T17824] xt_connbytes: Forcing CT accounting to be enabled [ 1486.804301][T17824] x_tables: ip_tables: icmp match: only valid for protocol 1 [ 1487.301688][T17656] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1487.326769][T17656] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1487.498766][T17656] team0: Port device team_slave_0 added [ 1487.535403][T17656] team0: Port device team_slave_1 added [ 1487.637561][T17656] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1487.654780][T17656] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1487.736384][T17656] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1487.791892][T17656] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1487.808386][T17656] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1487.858502][T17656] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1487.923933][ T7735] IPVS: stop unused estimator thread 0... [ 1488.007078][T17656] hsr_slave_0: entered promiscuous mode [ 1488.014665][T17656] hsr_slave_1: entered promiscuous mode [ 1488.031527][T17656] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1488.062329][T17656] Cannot create hsr debugfs directory [ 1488.230569][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1488.362285][T16218] Bluetooth: hci3: command tx timeout [ 1488.374909][T17857] bridge0: port 2(bridge_slave_1) entered disabled state [ 1488.382511][T17857] bridge0: port 1(bridge_slave_0) entered disabled state [ 1488.482420][T17869] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3061'. [ 1488.546895][T17857] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1488.563191][T17857] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1488.669872][T17857] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1488.691880][T17857] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1488.702216][T17857] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1488.722301][T17857] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 1488.823855][T17869] netdevsim netdevsim2 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1488.832889][T17869] netdevsim netdevsim2 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1488.841602][T17869] netdevsim netdevsim2 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1488.850455][T17869] netdevsim netdevsim2 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1488.859648][T17869] vxlan0: entered promiscuous mode [ 1489.057571][ T29] kauditd_printk_skb: 312 callbacks suppressed [ 1489.057591][ T29] audit: type=1326 audit(1734960690.444:849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17874 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1489.089125][ T29] audit: type=1326 audit(1734960690.444:850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17874 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1489.112092][ T29] audit: type=1326 audit(1734960690.444:851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17874 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1489.135882][ T29] audit: type=1326 audit(1734960690.444:852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17874 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1489.158760][ T29] audit: type=1326 audit(1734960690.444:853): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17874 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1489.182346][ T29] audit: type=1326 audit(1734960690.444:854): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17874 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1489.205519][ T29] audit: type=1326 audit(1734960690.491:855): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17874 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1489.228847][ T29] audit: type=1326 audit(1734960690.491:856): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17874 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1489.253143][ T29] audit: type=1326 audit(1734960690.491:857): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17874 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1489.276087][ T29] audit: type=1326 audit(1734960690.557:858): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=17874 comm="syz.4.3065" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff6a2b85d29 code=0x7ffc0000 [ 1489.350625][T17656] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1489.399704][T17656] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1489.454513][T17656] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1489.473658][T17883] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3068'. [ 1489.485827][T17656] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1489.694166][T17656] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1489.741929][T17656] 8021q: adding VLAN 0 to HW filter on device team0 [ 1489.773960][T12265] bridge0: port 1(bridge_slave_0) entered blocking state [ 1489.781119][T12265] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1489.808726][T12265] bridge0: port 2(bridge_slave_1) entered blocking state [ 1489.815980][T12265] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1490.063300][T17656] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1490.117990][T17656] veth0_vlan: entered promiscuous mode [ 1490.137758][T17656] veth1_vlan: entered promiscuous mode [ 1490.181363][T17656] veth0_macvtap: entered promiscuous mode [ 1490.193516][T17656] veth1_macvtap: entered promiscuous mode [ 1490.224344][T17656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1490.235353][T17656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1490.246902][T17656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1490.259053][T17656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1490.273096][T17656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1490.302452][T17656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1490.315626][T17656] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1490.338931][T17656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1490.356937][T17656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1490.369225][T17656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1490.381427][T17656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1490.391279][T17656] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1490.401944][T17656] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1490.412989][T17656] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1490.427447][T17656] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1490.438625][T17656] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1490.449402][T17656] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1490.460740][T17656] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1490.527987][T15564] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1490.551122][T15564] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1490.584023][T15564] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1490.593043][T16218] Bluetooth: hci3: command tx timeout [ 1490.607203][T16759] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 1490.615030][T15564] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1490.799143][T16759] usb 4-1: config index 0 descriptor too short (expected 65183, got 72) [ 1490.820957][T16759] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1490.840087][T16759] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1490.862348][T16759] usb 4-1: Product: syz [ 1490.869568][T16759] usb 4-1: Manufacturer: syz [ 1490.882322][T16759] usb 4-1: SerialNumber: syz [ 1490.904633][T16759] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1491.002034][ T5877] usb 2-1: new low-speed USB device number 35 using dummy_hcd [ 1491.026608][ T25] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1491.184753][ T5877] usb 2-1: config 179 has an invalid interface number: 65 but max is 0 [ 1491.193479][ T5877] usb 2-1: config 179 has no interface number 0 [ 1491.232799][ T5877] usb 2-1: config 179 interface 65 altsetting 0 has an endpoint descriptor with address 0xF7, changing to 0x87 [ 1491.257889][ T5877] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 1491.270219][T17910] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1491.279902][ T5877] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x87 has invalid maxpacket 65535, setting to 8 [ 1491.300657][ T5877] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 10 [ 1491.322126][ T5877] usb 2-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid wMaxPacketSize 0 [ 1491.332195][ T5877] usb 2-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1491.349511][T17910] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1491.362196][ T5877] usb 2-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1491.371202][T17910] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1491.371453][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1491.417307][ T5836] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1491.433066][T17920] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 1491.450594][T17910] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1491.459706][T17910] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1491.482514][T17910] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1491.491562][ T5877] usb 4-1: USB disconnect, device number 61 [ 1491.513669][ T5836] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1491.522958][ T5836] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1491.549030][ T5836] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1491.558755][ T5836] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1491.566159][ T5836] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1491.666576][T14457] usb 2-1: USB disconnect, device number 35 [ 1603.776493][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 1603.783504][ C0] rcu: 1-...!: (1 GPs behind) idle=a3d4/1/0x4000000000000000 softirq=59075/59076 fqs=5 [ 1603.794818][ C0] rcu: (detected by 0, t=10505 jiffies, g=64169, q=606 ncpus=2) [ 1603.802576][ C0] Sending NMI from CPU 0 to CPUs 1: [ 1603.802617][ C1] NMI backtrace for cpu 1 [ 1603.802632][ C1] CPU: 1 UID: 0 PID: 17927 Comm: syz.4.3085 Not tainted 6.13.0-rc4-syzkaller #0 [ 1603.802651][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1603.802662][ C1] RIP: 0010:mark_lock+0x136/0x360 [ 1603.802690][ C1] Code: 99 0a 8c e8 4c ef e4 ff 90 0f 0b 90 90 90 31 db 48 83 c3 60 48 89 d8 48 c1 e8 03 42 80 3c 28 00 74 08 48 89 df e8 9a 28 88 00 <41> bc 01 00 00 00 44 85 33 74 16 44 89 e0 48 83 c4 10 5b 41 5c 41 [ 1603.802705][ C1] RSP: 0018:ffffc90000a18a08 EFLAGS: 00000046 [ 1603.802721][ C1] RAX: 1ffffffff277db80 RBX: ffffffff93bedc00 RCX: ffffffff817b274a [ 1603.802735][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff94270888 [ 1603.802747][ C1] RBP: 0000000000000008 R08: ffffffff9427088f R09: 1ffffffff284e111 [ 1603.802759][ C1] R10: dffffc0000000000 R11: fffffbfff284e112 R12: ffff888078e046c4 [ 1603.802772][ C1] R13: dffffc0000000000 R14: 0000000000000100 R15: ffff888078e046e0 [ 1603.802785][ C1] FS: 00007ff6a09f66c0(0000) GS:ffff8880b8700000(0000) knlGS:0000000000000000 [ 1603.802800][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1603.802813][ C1] CR2: 0000000020003c80 CR3: 0000000054c28000 CR4: 00000000003526f0 [ 1603.802828][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1603.802839][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1603.802850][ C1] Call Trace: [ 1603.802858][ C1] [ 1603.802867][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 1603.802891][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1603.802909][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1603.802940][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 1603.802964][ C1] ? nmi_handle+0x14f/0x5a0 [ 1603.802982][ C1] ? nmi_handle+0x2a/0x5a0 [ 1603.803000][ C1] ? mark_lock+0x136/0x360 [ 1603.803018][ C1] ? default_do_nmi+0x63/0x160 [ 1603.803036][ C1] ? exc_nmi+0x123/0x1f0 [ 1603.803053][ C1] ? end_repeat_nmi+0xf/0x53 [ 1603.803072][ C1] ? mark_lock+0x9a/0x360 [ 1603.803090][ C1] ? mark_lock+0x136/0x360 [ 1603.803108][ C1] ? mark_lock+0x136/0x360 [ 1603.803127][ C1] ? mark_lock+0x136/0x360 [ 1603.803145][ C1] [ 1603.803151][ C1] [ 1603.803159][ C1] __lock_acquire+0xc3e/0x2100 [ 1603.803182][ C1] lock_acquire+0x1ed/0x550 [ 1603.803199][ C1] ? __hrtimer_run_queues+0x670/0xd30 [ 1603.803221][ C1] ? advance_sched+0xa02/0xca0 [ 1603.803241][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1603.803261][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1603.803284][ C1] ? taprio_set_budgets+0x32c/0x370 [ 1603.803303][ C1] ? advance_sched+0xa02/0xca0 [ 1603.803320][ C1] ? advance_sched+0xa02/0xca0 [ 1603.803341][ C1] _raw_spin_lock_irq+0xd3/0x120 [ 1603.803361][ C1] ? __hrtimer_run_queues+0x670/0xd30 [ 1603.803381][ C1] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 1603.803405][ C1] __hrtimer_run_queues+0x670/0xd30 [ 1603.803432][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1603.803453][ C1] ? handle_softirqs+0x7e0/0x9b0 [ 1603.803476][ C1] ? rcu_is_watching+0x15/0xb0 [ 1603.803498][ C1] hrtimer_interrupt+0x403/0xa40 [ 1603.803528][ C1] __sysvec_apic_timer_interrupt+0x110/0x420 [ 1603.803548][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1603.803569][ C1] [ 1603.803575][ C1] [ 1603.803582][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1603.803606][ C1] RIP: 0010:preempt_count_add+0x6c/0x190 [ 1603.803630][ C1] Code: 96 7e 48 c7 c0 c0 79 37 9a 48 c1 e8 03 42 0f b6 04 38 84 c0 0f 85 e4 00 00 00 83 3d ad f8 c9 18 00 75 11 65 8b 05 6c 53 96 7e <0f> b6 c0 3d f5 00 00 00 73 5e 65 8b 05 5b 53 96 7e 25 ff ff ff 7f [ 1603.803645][ C1] RSP: 0018:ffffc90004e4f590 EFLAGS: 00000246 [ 1603.803659][ C1] RAX: 0000000080000001 RBX: 0000000000000001 RCX: ffffffff9a377903 [ 1603.803671][ C1] RDX: dffffc0000000000 RSI: ffffc90004e48000 RDI: 0000000000000001 [ 1603.803683][ C1] RBP: ffffc90004e4f718 R08: ffffc90004e4f6d0 R09: 0000000000000000 [ 1603.803696][ C1] R10: ffffc90004e4f730 R11: fffff520009c9ee8 R12: dffffc0000000000 [ 1603.803708][ C1] R13: ffffc90004e4f6e0 R14: ffffffff8141f865 R15: dffffc0000000000 [ 1603.803722][ C1] ? arch_stack_walk+0xe5/0x150 [ 1603.803746][ C1] ? arch_stack_walk+0xe5/0x150 [ 1603.803764][ C1] unwind_next_frame+0xb0/0x22d0 [ 1603.803785][ C1] ? __unwind_start+0xf8/0x740 [ 1603.803804][ C1] __unwind_start+0x59a/0x740 [ 1603.803822][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1603.803847][ C1] arch_stack_walk+0xe5/0x150 [ 1603.803867][ C1] ? arch_stack_walk+0xe5/0x150 [ 1603.803887][ C1] stack_trace_save+0x118/0x1d0 [ 1603.803911][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 1603.803941][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1603.803960][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1603.803978][ C1] kasan_save_track+0x3f/0x80 [ 1603.804018][ C1] ? skb_put+0x114/0x1f0 [ 1603.804036][ C1] kasan_save_free_info+0x40/0x50 [ 1603.804055][ C1] __kasan_slab_free+0x59/0x70 [ 1603.804075][ C1] ? audit_log_d_path_exe+0x42/0x70 [ 1603.804098][ C1] kfree+0x196/0x430 [ 1603.804122][ C1] ? audit_log_d_path_exe+0x42/0x70 [ 1603.804146][ C1] audit_log_d_path_exe+0x42/0x70 [ 1603.804169][ C1] audit_log_task+0x254/0x320 [ 1603.804191][ C1] ? __pfx_audit_log_task+0x10/0x10 [ 1603.804211][ C1] ? __pfx___cant_migrate+0x10/0x10 [ 1603.804238][ C1] audit_seccomp+0x7b/0x1f0 [ 1603.804259][ C1] __seccomp_filter+0xb38/0x1fe0 [ 1603.804283][ C1] ? __pfx_add_device_randomness+0x10/0x10 [ 1603.804303][ C1] ? do_settimeofday64+0x328/0x5e0 [ 1603.804319][ C1] ? __pfx___seccomp_filter+0x10/0x10 [ 1603.804340][ C1] ? do_settimeofday64+0x50c/0x5e0 [ 1603.804355][ C1] ? cap_capable+0x1b4/0x250 [ 1603.804374][ C1] ? __pfx_do_settimeofday64+0x10/0x10 [ 1603.804398][ C1] ? mlx4_ib_tunnel_comp_worker+0x98b/0x2600 [ 1603.804419][ C1] ? capable+0x89/0xe0 [ 1603.804446][ C1] ? __secure_computing+0x125/0x370 [ 1603.804468][ C1] syscall_trace_enter+0xa8/0x150 [ 1603.804489][ C1] do_syscall_64+0xcc/0x230 [ 1603.804512][ C1] ? clear_bhb_loop+0x35/0x90 [ 1603.804528][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1603.804551][ C1] RIP: 0033:0x7ff6a2b85d29 [ 1603.804568][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1603.804582][ C1] RSP: 002b:00007ff6a09f60e8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 1603.804599][ C1] RAX: ffffffffffffffda RBX: 00007ff6a2d75fa8 RCX: 00007ff6a2b85d29 [ 1603.804612][ C1] RDX: 00000000000f4240 RSI: 0000000000000081 RDI: 00007ff6a2d75fac [ 1603.804623][ C1] RBP: 00007ff6a2d75fa0 R08: 7fffffffffffffff R09: 0000000000000000 [ 1603.804636][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007ff6a2d75fac [ 1603.804647][ C1] R13: 0000000000000000 R14: 00007ffd373041a0 R15: 00007ffd37304288 [ 1603.804664][ C1] [ 1603.805606][ C0] rcu: rcu_preempt kthread starved for 10480 jiffies! g64169 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 1604.479302][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 1604.489374][ C0] rcu: RCU grace-period kthread stack dump: [ 1604.495272][ C0] task:rcu_preempt state:R running task stack:25976 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 1604.507045][ C0] Call Trace: [ 1604.510334][ C0] [ 1604.513279][ C0] __schedule+0x17fb/0x4be0 [ 1604.517834][ C0] ? __pfx___schedule+0x10/0x10 [ 1604.522707][ C0] ? __pfx_lock_release+0x10/0x10 [ 1604.527761][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1604.534112][ C0] ? schedule+0x90/0x320 [ 1604.538390][ C0] schedule+0x14b/0x320 [ 1604.542565][ C0] schedule_timeout+0x15a/0x290 [ 1604.547429][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 1604.552816][ C0] ? __pfx_process_timeout+0x10/0x10 [ 1604.558128][ C0] ? prepare_to_swait_event+0x330/0x350 [ 1604.563698][ C0] rcu_gp_fqs_loop+0x2df/0x1330 [ 1604.568565][ C0] ? lockdep_hardirqs_on+0x99/0x150 [ 1604.573797][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 1604.579972][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 1604.585269][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1604.591185][ C0] ? finish_swait+0xd4/0x1e0 [ 1604.595790][ C0] rcu_gp_kthread+0xa7/0x3b0 [ 1604.600398][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1604.605608][ C0] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1604.611522][ C0] ? __kthread_parkme+0x169/0x1d0 [ 1604.616562][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1604.621775][ C0] kthread+0x2f0/0x390 [ 1604.625860][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 1604.631074][ C0] ? __pfx_kthread+0x10/0x10 [ 1604.635690][ C0] ret_from_fork+0x4b/0x80 [ 1604.640118][ C0] ? __pfx_kthread+0x10/0x10 [ 1604.644740][ C0] ret_from_fork_asm+0x1a/0x30 [ 1604.649544][ C0] [ 1604.652571][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 1604.658904][ C0] CPU: 0 UID: 0 PID: 17931 Comm: syz.0.3086 Not tainted 6.13.0-rc4-syzkaller #0 [ 1604.667941][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 1604.678006][ C0] RIP: 0010:smp_call_function_many_cond+0x19f3/0x2c60 [ 1604.684790][ C0] Code: 45 8b 65 00 44 89 e6 83 e6 01 31 ff e8 56 e9 0b 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 01 e5 0b 00 eb 38 f3 90 <42> 0f b6 04 23 84 c0 75 11 41 f7 45 00 01 00 00 00 74 1e e8 e5 e4 [ 1604.704413][ C0] RSP: 0018:ffffc9000b8cf3e0 EFLAGS: 00000246 [ 1604.710498][ C0] RAX: ffffffff81938efb RBX: 1ffff110170e88b9 RCX: 0000000000080000 [ 1604.718486][ C0] RDX: ffffc900048a2000 RSI: 000000000007ffff RDI: 0000000000080000 [ 1604.726471][ C0] RBP: ffffc9000b8cf5e0 R08: ffffffff81938eca R09: 1ffffffff284e110 [ 1604.734456][ C0] R10: dffffc0000000000 R11: fffffbfff284e111 R12: dffffc0000000000 [ 1604.742443][ C0] R13: ffff8880b87445c8 R14: ffff8880b863f940 R15: 0000000000000001 [ 1604.750428][ C0] FS: 00007f1785f8e6c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 1604.759368][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1604.766050][ C0] CR2: 0000001b2fb1bff8 CR3: 000000002c8e4000 CR4: 00000000003526f0 [ 1604.774043][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1604.782023][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1604.790011][ C0] Call Trace: [ 1604.793301][ C0] [ 1604.796167][ C0] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 1604.802522][ C0] ? print_other_cpu_stall+0x1481/0x15c0 [ 1604.808188][ C0] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 1604.814012][ C0] ? cgroup_rstat_updated+0x13b/0xc30 [ 1604.819413][ C0] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 1604.825677][ C0] ? rcu_sched_clock_irq+0xa26/0x10e0 [ 1604.831078][ C0] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 1604.836744][ C0] ? update_process_times+0x242/0x2f0 [ 1604.842234][ C0] ? tick_nohz_handler+0x37c/0x500 [ 1604.847383][ C0] ? __pfx_tick_nohz_handler+0x10/0x10 [ 1604.852873][ C0] ? __hrtimer_run_queues+0x551/0xd30 [ 1604.858289][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1604.864024][ C0] ? sched_clock+0x4a/0x70 [ 1604.868466][ C0] ? read_tsc+0x9/0x20 [ 1604.872557][ C0] ? ktime_get_update_offsets_now+0x393/0x3b0 [ 1604.878645][ C0] ? hrtimer_interrupt+0x403/0xa40 [ 1604.883797][ C0] ? __sysvec_apic_timer_interrupt+0x110/0x420 [ 1604.889973][ C0] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 1604.895795][ C0] [ 1604.898736][ C0] [ 1604.901676][ C0] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1604.907907][ C0] ? smp_call_function_many_cond+0x19da/0x2c60 [ 1604.914133][ C0] ? smp_call_function_many_cond+0x1a0b/0x2c60 [ 1604.920315][ C0] ? smp_call_function_many_cond+0x19f3/0x2c60 [ 1604.926499][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 1604.931565][ C0] ? __pfx___text_poke+0x10/0x10 [ 1604.936522][ C0] ? __get_immv32+0x19c/0x350 [ 1604.941220][ C0] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 1604.947568][ C0] ? __pfx___might_resched+0x10/0x10 [ 1604.952882][ C0] ? __pfx_do_sync_core+0x10/0x10 [ 1604.957927][ C0] on_each_cpu_cond_mask+0x3f/0x80 [ 1604.963068][ C0] text_poke_bp_batch+0x352/0xb30 [ 1604.968117][ C0] ? __mutex_trylock_common+0x183/0x2e0 [ 1604.973689][ C0] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 1604.979261][ C0] ? rcu_is_watching+0x15/0xb0 [ 1604.984057][ C0] ? __SCT__tp_func_kmalloc+0x8/0x8 [ 1604.989274][ C0] text_poke_bp+0xb0/0x100 [ 1604.993714][ C0] ? __pfx_text_poke_bp+0x10/0x10 [ 1604.998758][ C0] ? arch_static_call_transform+0x37/0x380 [ 1605.004586][ C0] ? __SCT__tp_func_kmalloc+0x8/0x8 [ 1605.009838][ C0] __static_call_transform+0x51a/0x810 [ 1605.015328][ C0] ? __SCT__tp_func_kmalloc+0x8/0x8 [ 1605.020545][ C0] ? __pfx___bpf_trace_kfree+0x10/0x10 [ 1605.026028][ C0] ? __pfx___static_call_transform+0x10/0x10 [ 1605.032058][ C0] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1605.038030][ C0] ? __pfx___bpf_trace_kfree+0x10/0x10 [ 1605.043521][ C0] ? __SCT__tp_func_kmalloc+0x8/0x8 [ 1605.048737][ C0] arch_static_call_transform+0x141/0x380 [ 1605.054477][ C0] ? __pfx___bpf_trace_kfree+0x10/0x10 [ 1605.059955][ C0] ? __SCT__tp_func_kmalloc+0x8/0x8 [ 1605.065172][ C0] __static_call_update+0xd8/0x5e0 [ 1605.070301][ C0] ? __pfx___bpf_trace_kfree+0x10/0x10 [ 1605.075789][ C0] ? __pfx___static_call_update+0x10/0x10 [ 1605.081527][ C0] ? trace_kmalloc+0x1f/0xd0 [ 1605.086127][ C0] ? __kmalloc_noprof+0x2a5/0x4c0 [ 1605.091164][ C0] ? __pfx___bpf_trace_kfree+0x10/0x10 [ 1605.096649][ C0] tracepoint_add_func+0x925/0xaa0 [ 1605.101791][ C0] ? __pfx___bpf_trace_kfree+0x10/0x10 [ 1605.107275][ C0] tracepoint_probe_register_prio_may_exist+0x122/0x190 [ 1605.114238][ C0] ? __pfx_tracepoint_probe_register_prio_may_exist+0x10/0x10 [ 1605.121708][ C0] ? __pfx___bpf_trace_kfree+0x10/0x10 [ 1605.127192][ C0] ? anon_inode_getfile+0xff/0x180 [ 1605.132329][ C0] ? bpf_probe_register+0x134/0x1f0 [ 1605.137552][ C0] bpf_raw_tp_link_attach+0x4a3/0x700 [ 1605.142948][ C0] ? __pfx_bpf_raw_tp_link_attach+0x10/0x10 [ 1605.148875][ C0] ? __fget_files+0x2a/0x410 [ 1605.153486][ C0] ? fput+0x21b/0x290 [ 1605.157486][ C0] bpf_raw_tracepoint_open+0x177/0x1f0 [ 1605.162965][ C0] __sys_bpf+0x3c0/0x810 [ 1605.167227][ C0] ? __pfx___sys_bpf+0x10/0x10 [ 1605.172022][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1605.178022][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1605.184369][ C0] ? do_syscall_64+0x100/0x230 [ 1605.189162][ C0] __x64_sys_bpf+0x7c/0x90 [ 1605.193600][ C0] do_syscall_64+0xf3/0x230 [ 1605.198128][ C0] ? clear_bhb_loop+0x35/0x90 [ 1605.202824][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1605.208742][ C0] RIP: 0033:0x7f1785185d29 [ 1605.213181][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1605.232805][ C0] RSP: 002b:00007f1785f8e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 1605.241246][ C0] RAX: ffffffffffffffda RBX: 00007f1785375fa0 RCX: 00007f1785185d29 [ 1605.249233][ C0] RDX: 0000000000000010 RSI: 0000000020000f40 RDI: 0000000000000011 [ 1605.257217][ C0] RBP: 00007f1785201aa8 R08: 0000000000000000 R09: 0000000000000000 [ 1605.265199][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1605.273181][ C0] R13: 0000000000000000 R14: 00007f1785375fa0 R15: 00007ffe209f6328 [ 1605.281183][ C0]