last executing test programs: 18.184259137s ago: executing program 2 (id=7275): bind$netlink(0xffffffffffffffff, 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xb, 0x39f}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) creat(0x0, 0x0) syz_mount_image$fuse(&(0x7f0000002d00), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000001a80)={0x2020}, 0x2020) socket$nl_route(0x10, 0x3, 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000001c0)={0x6, @sliced={0x0, [0x0, 0xfffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc68d]}}) r1 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x88602, 0x0) r2 = getpid() syz_pidfd_open(r2, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0xc0844123, &(0x7f0000000300)) ftruncate(0xffffffffffffffff, 0x0) write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000d40)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0}}, @mask_cswp={0x58, 0x114, 0x9, {{}, 0x0, 0x0}}], 0x88}, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000400)={0x18, 0x0, {0x0, @dev, 'lo\x00'}}, 0x1e) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="e40000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000222803001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32, @ANYBLOB='\b\x00?'], 0xe4}}, 0x0) 17.809183405s ago: executing program 0 (id=7276): r0 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x1, 0x2) syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x9) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$NL80211_CMD_START_AP(0xffffffffffffffff, 0x0, 0x20044001) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f00000014c0), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)={0x2c, r6, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r8}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x98f}], @NL80211_ATTR_CH_SWITCH_COUNT={0x8}]}, 0x2c}}, 0x0) sendmsg$NL80211_CMD_GET_STATION(r3, &(0x7f0000000100)={&(0x7f0000000000), 0xc, &(0x7f0000000080)={&(0x7f0000000440)={0x4c, r6, 0x100, 0x70bd2d, 0x25dfdbfd, {{}, {@void, @void}}, [@NL80211_ATTR_STA_FLAGS2={0xc, 0x43, {0x4, 0x4}}, @NL80211_ATTR_STA_AID={0x6}, @NL80211_ATTR_STA_WME={0x24, 0x81, [@NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x5}, @NL80211_STA_WME_UAPSD_QUEUES={0x5, 0x1, 0x3}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x29}, @NL80211_STA_WME_MAX_SP={0x5, 0x2, 0x5}]}]}, 0x4c}, 0x1, 0x0, 0x0, 0x20040000}, 0x40000) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f0000000180)={'batadv0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) r11 = syz_genetlink_get_family_id$batadv(&(0x7f00000000c0), r3) sendmsg$BATADV_CMD_SET_HARDIF(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000e00)={0x2c, r11, 0x18fe2a01ed25d92f, 0x0, 0x0, {}, [@BATADV_ATTR_MESH_IFINDEX={0x8, 0x3, r9}, @BATADV_ATTR_HARD_IFINDEX={0x8, 0x6, r10}, @BATADV_ATTR_THROUGHPUT_OVERRIDE={0x8}]}, 0x2c}}, 0x0) r12 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$UI_BEGIN_FF_ERASE(r12, 0x4004556b, &(0x7f0000000000)) syz_usbip_server_init(0x5) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000340)={'wlan1\x00'}) ioctl$UI_SET_EVBIT(r12, 0x40045564, 0x15) connect$inet(0xffffffffffffffff, &(0x7f0000000000)={0x2, 0x0, @remote}, 0x10) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000040)={0x4, 0x1, 0x0, "9611e6d6ffc88885163200000000000000000000050000000000000083df5dbe"}) 16.473746333s ago: executing program 2 (id=7279): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x1d, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast2}, {@dev={0xac, 0x14, 0x14, 0x32}, 0x659}, {@broadcast, 0x8000}, {@empty}, {@multicast1, 0xffd200}, {@private=0xfffffffd, 0x7}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) (fail_nth: 18) sendto$inet(0xffffffffffffffff, &(0x7f0000000e40)="bd3119fab037020de607352a978727cdd46a7ad7671829c16bb1339d3f711b7c5da66f48a8b5842dad66eedf75899eb65d733423ca5651013e1db97f5d192e302ac583ccd19e1e8a3e7812af51f0eea31c5e05cec737cc11a38936d67d4c7cd78351177f51dab5ebe8523e54dd8db33ab6214499c610051df74b67669c9b554b25c70c3238ffaa908675df728ef76e7ae5ee938e025ed07603ec4cc86ee67be10ef6087e7ff0017b358ebee016f08b756cfd2645ccdf335d8b62b630939ba724776a5f2caa487586527f2066b2845e52758b6da2ce07de99165195af70ea9659005901a0f28e90b49a0803ab10698ade4c07337535c2600c45b8c497ab6863ad984815f375df57e5940e5322d90d66c84937e9b7f2356a6e16a026b2393670d370759a4567a87fd2a4d0d5857b9e2559a5a0a857b845f0e1495e8d9b574b0f4d1a55ec8d93c148a50c5c4228c653be69a7d728fa497ee129ec4e7b821ce041be389d37efd40b81a9704e5182b9cdca1f2d3312351e9edaa8ac96088c465a953e0ec3e8f26aa17ea3e1913b4d147141d1aef80b3ed959d14fad4ead4de92e10f0faca7acdce7c712ab95a11ff4c72798565f0794d7bc50f5082b52b34a1de7c5609e31e1fcc05fc7dbd73973b5dfc92896f57f5b76fd9df5067eb273f0960560df3dfd00ba068e28812244f700d76da4197bb332245f00112b73659c63dfb854eb8eed1a9881e5c49399b2c6932b540d3464d470cabb6", 0x216, 0x0, 0x0, 0x0) 15.901608636s ago: executing program 0 (id=7280): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000680)=ANY=[@ANYBLOB="020100000000004058041a500000000000010902240001000000000906000001030000000921000000012205000905810300000000007f29b31798072003ffd808e9a5da4bc0604b618a3ab564b786ad8b0a7ef154887e809fb639089a5e89d87ce066"], 0x0) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000630000000000000000000000000a20000000000a0101000000000000000001000000090001007379"], 0xcc}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) syz_genetlink_get_family_id$nl80211(&(0x7f0000000140), 0xffffffffffffffff) socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)) r0 = socket$inet6(0xa, 0x6, 0x0) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e20}, 0x1c) listen(r0, 0x80080400) r1 = socket$inet_dccp(0x2, 0x6, 0x0) connect$inet(r1, &(0x7f0000e5c000)={0x2, 0x4e20, @loopback=0x7f000002}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000000c0)={'ipvlan0\x00', 0x0}) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=@newlink={0x3c, 0x10, 0x503, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x144}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r3}]}, 0x3c}}, 0x0) getsockopt$inet_int(r1, 0x10d, 0xe, &(0x7f00000000c0), &(0x7f0000000140)=0x4) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(0xffffffffffffffff, 0x29, 0x20, &(0x7f00000000c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, 0xff41) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) openat$ttyS3(0xffffffffffffff9c, &(0x7f00000098c0), 0x0, 0x0) socket$can_bcm(0x1d, 0x2, 0x2) r4 = socket$inet6(0xa, 0x80002, 0x0) ioctl$EXT4_IOC_CHECKPOINT(r4, 0x4004662b, &(0x7f0000000040)=0x3) syz_open_dev$vim2m(&(0x7f0000000000), 0x7fff, 0x2) r5 = syz_open_dev$video4linux(&(0x7f0000000000), 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) unlinkat(0xffffffffffffffff, 0x0, 0x0) ioctl$VIDIOC_TRY_DECODER_CMD(r5, 0xc0585605, &(0x7f0000000080)={0x1, 0x1, @raw_data=[0x0, 0x0, 0x100b]}) 13.905739623s ago: executing program 2 (id=7283): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) syz_genetlink_get_family_id$nl80211(&(0x7f0000004200), 0xffffffffffffffff) sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg$unix(0xffffffffffffffff, &(0x7f00000027c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=""/104, 0x68}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 12.527805397s ago: executing program 0 (id=7284): prlimit64(0x0, 0xe, &(0x7f0000000280)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) openat$dir(0xffffffffffffff9c, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000002080)={0x2020}, 0x2020) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0xf, 0x0, &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x2d) r4 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000a00)=@newqdisc={0x888, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {0x0, 0xffe0}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x85c, 0x2, [@TCA_TBF_RTAB={0x404, 0x2, [0x875, 0x1, 0x1ff, 0x6, 0x3, 0x101, 0xd, 0xd, 0x3, 0x8, 0xb33, 0x23, 0x3, 0x8, 0x6, 0xe, 0xd, 0x8, 0x3, 0x7, 0x6, 0x0, 0x2, 0x3, 0x0, 0xe, 0x20000008, 0xf, 0x0, 0x80000001, 0xd, 0x7, 0x4f51, 0x7fff, 0x6, 0x0, 0x6, 0x0, 0xfffd, 0x9, 0x0, 0xd, 0x81, 0x38, 0x100008, 0x81, 0x8000, 0x1000, 0x4, 0x0, 0x1000, 0x9, 0x4, 0x4, 0x0, 0x3, 0x81, 0x6, 0xb8, 0x0, 0x1ff, 0x2cb, 0x14a, 0x5, 0x9, 0x2, 0x3, 0x0, 0x21ab782f, 0x1, 0x1000, 0x1, 0x7, 0x3, 0x6, 0x6fec530c, 0x7, 0xb, 0x7, 0xc2e, 0x7, 0x0, 0x2, 0x4000007, 0x3, 0x1, 0x3ff, 0x3, 0xf40, 0x3, 0x14, 0x8, 0x6, 0xc2a80000, 0xdf, 0x3, 0x1, 0x82, 0x5, 0xb, 0x1000, 0x6, 0x4, 0xffff206d, 0x7fff, 0xcaa60000, 0xffffffff, 0x9, 0x9, 0x7, 0x1, 0x9, 0x992, 0x9, 0x1, 0xa957, 0xfffffffb, 0x48aa5bd0, 0x7, 0xfffffffc, 0x49327aa2, 0x800, 0x93aa, 0xfff, 0xe5, 0xfffffff6, 0xfffff001, 0x1, 0xfffffffb, 0x80, 0x4, 0x4, 0xffffff6f, 0x7023, 0x4, 0x7, 0x2, 0x8a0, 0x8, 0x81, 0x8, 0xa01, 0x7fff, 0x4, 0x81, 0x0, 0xb, 0x8, 0x8, 0x4, 0x4, 0x30, 0x7, 0x0, 0x66, 0x2, 0x9, 0x5, 0xa, 0x9, 0x1, 0xa, 0x3e, 0x4, 0x7ff, 0xc5fb, 0x100, 0xb141, 0x3, 0x32, 0x81, 0x4, 0x0, 0xfffffff7, 0x2f, 0x0, 0xe, 0x801, 0x6, 0x80000001, 0x891, 0x2, 0x1, 0x0, 0x8000, 0x94eb, 0x3, 0x6, 0x9, 0x1, 0x2dba, 0x8001, 0x1ff, 0x2, 0x93, 0xffffffc0, 0xa02, 0x4, 0x8, 0x6, 0x101, 0x80000000, 0x3, 0x546a, 0x2, 0xf05, 0x2, 0x800, 0x0, 0x8, 0xffff, 0x3, 0x81, 0x3, 0x3b, 0x0, 0x4, 0xf, 0x84b, 0xb, 0x1, 0xfe6, 0xe, 0x0, 0xf46, 0x180, 0x1, 0x4, 0xfffffffc, 0xac4, 0x1, 0x7, 0xffffffff, 0x0, 0x4, 0x1, 0x1, 0xd65c, 0x5, 0xffff2d65, 0x1, 0x10001, 0x80000000, 0x7, 0x6, 0xc65a, 0xfffffffa, 0x100, 0x80000001, 0x0, 0xff, 0x935, 0x0, 0x9b4, 0x3375, 0x6]}, @TCA_TBF_RATE64={0xc, 0x4, 0xf049d23aa0f411c}, @TCA_TBF_PRATE64={0xc, 0x5, 0x3d5653a0b35cd406}, @TCA_TBF_PBURST={0x8, 0x7, 0x1ae}, @TCA_TBF_BURST={0x8, 0x6, 0x1}, @TCA_TBF_PTAB={0x404, 0x3, [0x7, 0x7, 0x8000, 0x80000001, 0x8, 0x1, 0x5, 0x5, 0x8, 0xa, 0x5, 0x8, 0x6, 0xffffffff, 0x7, 0x0, 0x0, 0x7, 0x5, 0xffffffff, 0x2, 0x9, 0x8, 0x5, 0x336, 0x80000000, 0x6, 0x5, 0x3, 0x5, 0x239, 0x6, 0x12, 0x4a, 0x2, 0x3, 0x4, 0x6, 0x7f, 0x570e, 0x3, 0x9, 0x1000007, 0x80, 0x4, 0x364, 0x4, 0x7fffffff, 0x1, 0xf7, 0x5, 0x8, 0xb3f, 0xc11, 0xb, 0xfffffdb5, 0x4, 0xc2, 0x9, 0x9, 0x3, 0x1000, 0x2, 0x7, 0xa, 0xffffffff, 0x7, 0x3, 0xfff, 0xffffffff, 0x80000001, 0x0, 0xdeff, 0x10, 0xa61, 0x3, 0xc3, 0x9, 0x7fff, 0xbc, 0x6, 0x1, 0x0, 0x3, 0x273005e4, 0x9, 0x9, 0x4, 0x8001, 0x3, 0x0, 0x6, 0x10, 0xcd0, 0x6, 0xfffffff7, 0xd, 0x4, 0x4, 0xd, 0x3, 0x6, 0x6, 0x2, 0xd, 0x8, 0x7, 0x6, 0x10007, 0x80000000, 0xffffffff, 0x7ff, 0x3, 0x5, 0x0, 0x40, 0x3545882, 0x7fffffff, 0x0, 0xfffffff7, 0x5, 0xa, 0x7fff, 0xfff, 0x0, 0x2, 0x29, 0x4, 0x6, 0x9, 0x4, 0xfffffffc, 0xfffffffe, 0x4, 0x8, 0x5, 0x7, 0x800, 0x2, 0x0, 0x2, 0xa, 0x0, 0xfffff9f5, 0xfffff001, 0x401, 0x8, 0x8, 0x4, 0x0, 0x1, 0x7, 0x1, 0x2, 0x2f2e, 0x0, 0x4, 0x2, 0x3, 0x9, 0x5, 0x1, 0x3, 0x5, 0x2, 0x4, 0x8000, 0x2, 0xfff, 0x0, 0x9, 0xa, 0x3, 0x0, 0x8, 0x7, 0xffffb32b, 0x81, 0xfffffffc, 0x2, 0x5, 0x8, 0x3, 0x7, 0xa35e, 0x2, 0x2, 0x8, 0xa, 0x400, 0x177, 0x7fff, 0x1, 0x7ff, 0x3, 0x0, 0x4e5d, 0x100, 0x4, 0x7, 0xccd, 0xc5, 0x5, 0xe, 0x8, 0xf5bc, 0x9, 0x4, 0xfffffffb, 0x2, 0x4, 0x9, 0x6, 0xfffff50b, 0x3, 0x2, 0x0, 0x2, 0x6, 0x3, 0x5, 0x9, 0x1, 0x3, 0x2, 0x5, 0x36c0, 0x401, 0xff, 0x7, 0x80000000, 0x80000000, 0x80, 0x3, 0xffff8000, 0x4, 0x9, 0x4, 0x6, 0xa, 0xffff, 0x4, 0x80, 0x7, 0x1, 0x4, 0x1004, 0x40, 0xa25d, 0x400, 0x80000000, 0x7, 0xffffffff, 0x36, 0x5]}, @TCA_TBF_PARMS={0x28, 0x1, {{0x6, 0x1, 0x0, 0x8, 0x1, 0xc}, {0xd, 0x1, 0x0, 0x5, 0x5e1d, 0x8}, 0x80000000, 0x0, 0x99}}]}}]}, 0x888}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r6, &(0x7f0000000080)={0xa, 0xce22, 0x0, @empty}, 0x1c) listen(r6, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r7, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r7, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r8 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x401) preadv(r8, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102394, 0x19045}], 0x1, 0x0, 0x0) io_uring_enter(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 11.250291017s ago: executing program 1 (id=7288): bind$netlink(0xffffffffffffffff, 0x0, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) io_uring_setup(0x0, &(0x7f0000000000)={0x0, 0x0, 0x0, 0xb, 0x39f}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) creat(0x0, 0x0) syz_mount_image$fuse(&(0x7f0000002d00), 0x0, 0x0, 0x0, 0x0, 0x0, 0x0) read$FUSE(0xffffffffffffffff, &(0x7f0000001a80)={0x2020}, 0x2020) socket$nl_route(0x10, 0x3, 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f00000001c0)={0x6, @sliced={0x0, [0x0, 0xfffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0xfbf, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc68d]}}) r1 = syz_open_dev$sndctrl(&(0x7f00000000c0), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) openat$audio(0xffffffffffffff9c, &(0x7f0000000180), 0x88602, 0x0) r2 = getpid() syz_pidfd_open(r2, 0x0) r3 = syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) ioctl$SNDRV_PCM_IOCTL_REWIND(r3, 0xc0844123, &(0x7f0000000300)) ftruncate(0xffffffffffffffff, 0x0) write$FUSE_ATTR(0xffffffffffffffff, 0x0, 0x0) bind$rds(0xffffffffffffffff, &(0x7f0000000040)={0x2, 0x0, @loopback}, 0x10) sendmsg$rds(0xffffffffffffffff, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f0000000d40)=[@rdma_map={0x30, 0x114, 0x3, {{0x0}, 0x0}}, @mask_cswp={0x58, 0x114, 0x9, {{}, 0x0, 0x0}}], 0x88}, 0x0) r4 = syz_open_dev$vim2m(&(0x7f0000000000), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r4, 0xc0145608, 0x0) connect$pppoe(0xffffffffffffffff, &(0x7f0000000400)={0x18, 0x0, {0x0, @dev, 'lo\x00'}}, 0x1e) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="e40000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000222803001c0012800c0001006d6163766c616e000c000280080001000800000008000500", @ANYRES32, @ANYBLOB='\b\x00?'], 0xe4}}, 0x0) 10.059584346s ago: executing program 1 (id=7291): syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000980)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581d3b3"], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) preadv(r0, 0x0, 0x0, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$sock_inet_tcp_SIOCATMARK(0xffffffffffffffff, 0x8905, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) ioctl$KVM_IRQ_LINE_STATUS(r2, 0xc008ae67, &(0x7f0000000000)={0x9, 0x5}) (fail_nth: 2) ioctl$KVM_SET_IRQCHIP(r2, 0x8208ae63, &(0x7f00000003c0)={0x0, 0x0, @ioapic={0x4, 0x0, 0x0, 0x0, 0x0, [{}, {}, {}, {}, {}, {}, {}, {}, {0xe0}, {0x0, 0x0, 0x1}, {0x0, 0xfc}, {}, {0x0, 0xb, 0xff, '\x00', 0x6c}, {0x0, 0x0, 0x0, '\x00', 0x9}, {}, {}, {0x0, 0x20}, {}, {}, {}, {}, {0x1}]}}) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x0) r3 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) fchdir(0xffffffffffffffff) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x11, 0x5, 0x0, &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, r4}, 0xffffffffffffffb1) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f000000b500), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r5, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TID_CONFIG(r5, &(0x7f000000d040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x1c, r6, 0x8de13c6b70ae92c3, 0x0, 0x0, {{0x5d}, {@val={0x8, 0x3, r7}, @void}}}, 0x1c}}, 0x0) r8 = socket$alg(0x26, 0x5, 0x0) bind$alg(r8, &(0x7f00000000c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(camellia)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r8, 0x117, 0x1, 0x0, 0x0) r9 = accept4(r8, 0x0, 0x0, 0x0) sendmsg$alg(r9, &(0x7f0000000700)={0x0, 0x0, 0x0}, 0x0) dup3(r4, r3, 0x0) lgetxattr(&(0x7f00000000c0)='./file1\x00', 0x0, 0x0, 0x0) r10 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r10, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00'}) 8.262683969s ago: executing program 2 (id=7293): syz_emit_ethernet(0x11, &(0x7f00000002c0)={@remote, @random="6b8e22dbf1a0", @void, {@llc_tr={0x11, {@llc={0x0, 0x0, "bf"}}}}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) r5 = socket$pppl2tp(0x18, 0x1, 0x1) r6 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r6, &(0x7f0000000240)={0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="00000c000000070001"], 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io(r6, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r6, 0x0, 0x0) syz_usb_control_io(r6, 0x0, &(0x7f0000001200)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000040)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r6, 0x0, &(0x7f00000012c0)={0x2c, &(0x7f0000001000)={0x0, 0x0, 0x4, "a77b2dd8"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r7 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r5, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r7, {0x2, 0x0, @dev}, 0x2}}, 0x2e) sendmsg$L2TP_CMD_SESSION_GET(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000280)={0x38, r4, 0x1, 0x0, 0x0, {0x7}, [@L2TP_ATTR_IFNAME={0x14}, @L2TP_ATTR_SEND_SEQ={0x5}, @L2TP_ATTR_LNS_MODE={0x5}]}, 0x38}}, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r8 = dup(r1) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0x4000}) ioctl$KVM_RUN(r9, 0xae80, 0x0) 8.157164356s ago: executing program 3 (id=7294): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b405000000000000711041000000"], &(0x7f0000003ff6)='GPL\x00', 0x0, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x42, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x8}, 0x10}, 0x90) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) r1 = socket$inet6(0xa, 0x5, 0xfffffffe) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x6, &(0x7f0000000140), 0x300) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x800) openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r2) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000090400"/19, @ANYRES32=0x0, @ANYBLOB="00000000401000002400128009000100626f6e64000000001400028008000a000000000008000b00", @ANYRES32=0x0, @ANYBLOB="4a5f6f8edc451fd2fc55d1ea46bed8863fac0b542765f782f2b33faf55022ff93c58aad5056f0010afdcaacc6a66e1e812"], 0x44}}, 0x0) ptrace$getregs(0xe, 0x0, 0x0, 0x0) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) io_setup(0x222, 0x0) io_submit(0x0, 0x2, &(0x7f00000000c0)=[&(0x7f0000000200)={0x0, 0x0, 0x8, 0x0, 0x0, r5, &(0x7f0000000000)='%', 0x1a000}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) 7.089444126s ago: executing program 4 (id=7296): ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) ioctl$TUNATTACHFILTER(0xffffffffffffffff, 0x401054d5, &(0x7f00000000c0)={0x1, &(0x7f0000000300)=[{0x2}]}) ioctl$TUNGETIFF(0xffffffffffffffff, 0x800454d2, &(0x7f0000000180)={'geneve0\x00'}) r0 = openat$bsg(0xffffffffffffff9c, &(0x7f0000002300), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = socket$kcm(0x10, 0x3, 0x10) r3 = syz_open_procfs(0x0, &(0x7f0000000040)='map_files\x00') getdents(r3, 0x0, 0x48) sendmsg$kcm(r2, &(0x7f0000000000)={0x0, 0xfffffdf2, &(0x7f0000000080)=[{&(0x7f0000000040)="e03f03003e000b05d25a806c8c6f94f90324fc60350005000a000200053582c137153e37000c0980fc0b10000300", 0x33fe0}], 0x1}, 0x0) fsetxattr$system_posix_acl(r0, &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000480)=ANY=[@ANYBLOB="020000000100000200000000040028700783d481ea180000000000802000000000000000"], 0x24, 0x0) socket$key(0xf, 0x3, 0x2) pipe(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) write(r1, &(0x7f0000000780)="31ac92000000000000005a4694a27dc32b5875f8412fe079426d04658d0500221a0000000000000000000000000000bb2e1d9d139459ff1019d3de197d0d52664af931e0a900000000000000095a77a5f10251396142dcdee5c912fb89f51557783df9b52f9683d133fb722600df34f3a769d5b7dc87cea1aa8650cd180a6baa4c92cc079022111fd14577a5374f56c5f78628d2b76d17a155a7a2b207f40063c03cc79120713b6c1441c412b22e7ebc14cc13ec17691cfade977f0f0f43e85f9efc9737b53b8c3d82d69befa8fa40b3867561bd207c618b0000000000000000000000000000000000000000000000000000d6af299c502e5cb08a2ffe09d96ba372efed2dba833d6d9c60acf6bd67c7b99b5320c9995db66b84870fded9f30000000000000000", 0x127) io_setup(0x3ff, &(0x7f0000000500)=0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x7, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) io_submit(r6, 0x1, &(0x7f0000000140)=[&(0x7f0000000100)={0x0, 0x0, 0x0, 0x8, 0x0, r5, &(0x7f0000000080)="4e8fc38e71", 0x5}]) io_submit(r6, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x0, 0x0, 0x5, 0x0, r5, 0x0}]) vmsplice(r4, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) r7 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r7, 0x1, 0x25, &(0x7f0000000100)=0x3915, 0x4) bind$inet(r7, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r7, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=@newlink={0x34, 0x10, 0x0, 0x0, 0x0, {}, [@IFLA_VFINFO_LIST={0x14, 0x16, 0x0, 0x1, [{0x10, 0x1, 0x0, 0x1, [@IFLA_VF_LINK_STATE={0xc}]}]}]}, 0x34}}, 0x0) sendmmsg(r7, &(0x7f0000007fc0), 0x2d, 0x0) recvmmsg(r7, &(0x7f0000000040), 0x401, 0x45833af96e4b39fe, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$VHOST_SET_VRING_ADDR(r1, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000000ac0)=""/4096, &(0x7f0000000380)=""/31, 0x2}) 6.986452739s ago: executing program 1 (id=7297): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000040)={0x0, 0x0}, 0x10) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) r2 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r2, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp_SCTP_ENABLE_STREAM_RESET(0xffffffffffffffff, 0x84, 0x76, 0x0, &(0x7f0000000080)) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000140)={r3}, 0x8) timer_create(0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r1, &(0x7f00000007c0)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r4 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x0, 0x0) r5 = fanotify_init(0x202, 0x0) fanotify_mark(r5, 0x1, 0x4800003e, r4, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r6 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r6) r7 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r6, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r7, 0x6) syz_emit_ethernet(0x42, &(0x7f0000000440)=ANY=[@ANYBLOB="aaaaaaaaaaaa0180c2000000080045000034000000000056058ae91414bbac1414aa00004e22cc9784a202ee67d91158df6bbea1d709e8b4f3a8b7e76692270385aa2fb22aeabe8962401bbe78aacf2f309f0aee724423d7cd282481076f465aed4e2b9789caf2c69fbfbfc33ff14fad8be3f2e9786b189061", @ANYBLOB="cf87fcf02af9ef9442f308e3a41d0b78bec80da5bf79d8be1737817d8dc0e643a4bd141e9fa7a24bf0d249e0a91062e8761f577b409d4554e2cea1624bcdcc9cbe8207dbc7d66ec1891009b3dbaae0199c0083c2ffe2cd25a732499e345b416f53fc2a6c4f29b5b1c132b8e2fb7172f85d5cae969cd0efecfd9d2e140c42ca4b576d2e485378571dccd415b8a7259b9a3cf2f499ec7b6ff9b24c5fb38caed7e8abbed1b3619cc2cb0bc5e7534af37876ae8e4d3e9347241aaf373dc35ccb200cfb17631bd2d9a83dc2e3f8ab", @ANYRES32=0x41424344, @ANYBLOB="8cc20000907800001eca262af737deeae5dd4cf20c100000000000000000003884943ded0eed11c2ed0db9b2c0cbc4ae2b780095e742a0de1cc3d9e1aa09f631d16bbec41263115f8710335586375c1eb61fc434a45dcae4ad3ae9a82be71413cfd62f4254709933d29f3f047fce07209dc8dbfbcecf136f863c2bdbd8e08b3bb74a4fb19c7fe4bcc861c8b967e9faf1b77ebe261c1c0ca664ff0b3e7341ff9e02e4ff387aa77ef6668b154365c8fc6ef9cb"], 0x0) r8 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000080)={0x5}, 0x10) write(r8, &(0x7f0000000000)="240000001a005f0214f9f4070d0903001f00000000000005000000000800040001000000", 0x24) dup(0xffffffffffffffff) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x600) write$binfmt_script(r9, &(0x7f0000000180), 0xfecc) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00304, 0x15) 6.470220662s ago: executing program 3 (id=7298): r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x2, {{0x1, 0x1}}}, 0x10) write$UHID_CREATE(0xffffffffffffffff, 0x0, 0x0) write$binfmt_misc(r0, &(0x7f0000000080)=ANY=[], 0x2000011a) poll(0x0, 0x0, 0x2) recvmsg(0xffffffffffffffff, 0x0, 0x0) sendmsg$SEG6_CMD_SET_TUNSRC(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000001c0)=ANY=[@ANYRESHEX, @ANYRES8], 0x14}, 0x1, 0x0, 0x0, 0x8001}, 0x20040810) syz_open_dev$sg(&(0x7f00000000c0), 0x0, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, 0x0, 0x0) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000940)=ANY=[], 0x102c}, 0x1, 0x0, 0x0, 0xc000}, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) bind$alg(0xffffffffffffffff, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha224-generic\x00'}, 0x58) 5.441250008s ago: executing program 1 (id=7299): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002a9000070d00be0083"], 0x0}, 0x0) syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[], 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r2}, 0x10) setrlimit(0x2, &(0x7f00000000c0)={0x2, 0x2400000}) mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000001000/0x1000)=nil) r3 = socket$inet6(0xa, 0x80002, 0x0) sendmmsg$inet(r3, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x1, @dev}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000900)="e4f9aabcdc885746f079f3927e64da27008753aaa40539ce410c697224a939514662b2a0e6f641294ce6c0541d2936addd2aee32de2878dffe07f25811d71151a2408f65d14b4743ca0a24da7d8cd58341ef97b398b6eb452246430bd92a280ae9b88173d819abcf28d77ef7b5381950f518bc89a876a10b6233ac6958477d486f6ab556c6f68040c3196eb31543ce56d4fd6cab6cac3c9e1572f3393de5880ac74041008cfa5669a380260a5c229fcfc3b5a7ab39e02b78a04404b645d79125a53fb56aa3376fb145125309a753dd099f4e7bcbed08264c84a96afbd5727bd2851df243ebaa208bfc4fc552a953645ed97893c556c67f6d35c13a088ac03144ad7897a36cd73dcddc6b36a7ef1a72f066c4e0f9b242a2215b2a942634e472ba16ed34d032a1c09ae37687efed42898d62346f774e248f89b65e3288568fa17ad1ac763a49386d9420a997dd4b71d53279c1f2b8fbbaa9a46ab2d59edd69baf64382fb39bb85367a5e82138eb9135d65073fc092a0b18b010ab6215fcdbce646837d959621704862b16c19202cd2ce9bd5271ecefb4d76d25a8ba7ba820bdf25a37bff949df7b433499c2a0e1fa2cd69ad9a26e0d91ed726b271a715646496a474828ef7735c07726ceb97a6e890137562a098614abe609e99721ba21eda01e6018db80e29f1d3f42460724cf061abdac03905abf298b310838140d5b6b968b91c5a85f4ea6e4954dae5c53c338d1a65052f7b874438aa5bb429c7d973bd028f61bce9bbeb85d358a665eb290ddbb329a56480e019aef4304516ad55046f7b51a8ca044e510b07962b15e734081b7c224cd9de873507aa00d7f3cb13ad768ab92b247dcf405301991e5d445303b890bb7e972d9f3ef4537887c7f53737f265a4c8b9dfa789e2dad8e8cb0b3f88036ac37071af73be99504769a4c42af83d2371db648cef1a429040dd7f652546588e20143a2f984a883cd7798ca8033847adb6212e0efef984eefffe31695c4d7eb48cbd300b366e14686aa51954f0ed66d982df18f75f58cbfe24b8082631e6ec31d5e36d3924bb6690e9661799af31786c731a023a91a549015690aa8c9df755882c6ec305bed415e7ea99df9b0a14c5b2c0a4bb991ebfb3eaef6e07336e2d51c6a2dddd88d6c411d257021161c09c89ad384698a76c8b3a3af0800b6957a868cd54c93c8f5b15d0793d57651d71f43960299ae47d4b5f72d4876b0d9bba2d1f67f07e0c1d3011e3745cc4b38479387573a7a8b2686040ff8f37ef0eb6e27ac180c7d937312ecb186c91361a5361ce297e3c6fe7acf9ac2b2e70f00181109bcd709d32ce1c88aac3e7fbf3b21d438f014fd2a31074ea1d81039a5a8d1b611796acb4f5e1c0afb08586f9b62090371933c4380952c62da7b77719d6be3a80c3bc01aea9fee7f3adce9e59af5fc3a83cc612d450e202d61b6f99d9859025b951fee1190e41e214b07d70b4c837bff0028efafdaefdbb791bdc8853d53085849b283a14603d1ce4dd205184628aaa51492e37c83095ebb2c89705f6b8745d512247636e724c439a053f4abd72c0e01f101121eaae4f3079ca5f2553221da250fe0e9e6659166cc18409ce88b132e70f7730afc8ad68c808b6e53c1bc1b0dc9155eb9f190b2993810e352fd54d9c63ba51f5122992de868239d3af97a61e4e5c7d4a4bca164e6ee100562c0564bc142e8625879cc1af9d5ddbab5d0659380621fc20bccd69d0afb3df71f98a624fc452547c3a756ed5894a928b5d6ec5c15f183b84f735a9b8c685c7f8fee1bd9be932bee62ddd1236ee01353e0f7bd815850900cbe7270f7f7a4c5f584713662d945e00ffb403471d40dc989e7d6ee631940d6eb71ab72db934298d83472d6c2a2173ea74aa1a2d589d74b0dc44098d89bc903e7a031a3569baa61858806c0e52248fca8ebb7e70acdde9e40796da68fe5dd874993d90adb40e058fb249be32be28b715b0cf4321f2342b756ff93c90e4a114603ed28ca5353f8c19883d3e2c2270781a0224e6b1b3951fbb4925afe0b6f40b231f4adc66223a9b53b21006fdc38f4396dd74e6af9399ce53d5de98130077424eed1606a8dedfaf40500821b9ddb23f976fc7657fd130f0b26ea8e89819323e13d44414ac9f045463fe1c948919232d42b9c1671c55b273b1f568efe23fab85002e845fac2fbf98c51d39032ef659140b4f9d8a37836a98ce62f3a1a0818fabf4adb3aae508ccf0611f98338e7768ae4033ef240af4e7dce0059c1deca6aae430ec235418154b4a434e35f4695032f857504e54fd3840d616b23206fd340b768eaba7cabf53c18d6654bb5e1227ef5f676e96eb8d682d29e217051fefb842c4df50c52f813dd7124bc7f35cc73b36ea439807022291e707241f7ff5b38a7493c07e719632f54d9a5e06069770c1d6041c440af92b969c05fa780633249f148e523443cdfc1b551ed7225e8fcbfa0fef72fdb6c36f71e796947c6bcad1966f072b3689d38e13533f25e244f685fbd4843426fed6f2", 0x701}], 0x1}}], 0x1, 0x0) 5.370048634s ago: executing program 4 (id=7300): pipe(&(0x7f0000001780)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x8000002}, 0x1c) sendto$inet6(r1, 0x0, 0x0, 0x2200c041, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000000080), 0x0, 0x1, 0x0, 0x0) splice(r1, 0x0, r0, 0x0, 0x1ff, 0x0) 5.075180707s ago: executing program 3 (id=7301): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xf, &(0x7f0000f59ffc)=0x4, 0x4) bind$inet6(r0, &(0x7f0000000480)={0xa, 0x4e20, 0x0, @mcast1, 0x2}, 0x1c) r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r1, 0xc0145608, &(0x7f00000000c0)={0x3, 0x2, 0x1}) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) syz_open_dev$dri(0x0, 0xfffffffffffffffb, 0x0) syz_emit_vhci(&(0x7f0000001ac0)=@HCI_EVENT_PKT={0x4, @hci_ev_cmd_complete={{0xe, 0x4}, @HCI_OP_EXIT_PERIODIC_INQ={{}, 0x81}}}, 0x7) bind$can_j1939(r3, &(0x7f0000001200)={0x1d, 0x0, 0x0, {0x0, 0x0, 0x4}}, 0x18) connect$can_j1939(r3, &(0x7f0000000080), 0x18) writev(r3, &(0x7f0000000240)=[{&(0x7f0000000000)='h', 0xfdef}], 0x1) setsockopt$SO_J1939_FILTER(r3, 0x6b, 0x1, &(0x7f0000000700)=[{0x2, 0x3}, {}], 0x40) r4 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000240)={'vxcan0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=@getchain={0x24, 0x11, 0x839, 0x0, 0x0, {0x0, 0x0, 0x0, r5}}, 0x24}}, 0x0) 4.879233898s ago: executing program 0 (id=7302): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x6}]}) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) 3.722033827s ago: executing program 0 (id=7303): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x26e1, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) openat$dsp(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) socket$inet6_mptcp(0xa, 0x1, 0x106) syz_genetlink_get_family_id$nl80211(&(0x7f0000004200), 0xffffffffffffffff) sendmmsg(0xffffffffffffffff, &(0x7f00000030c0)=[{{0x0, 0xa9cc7003, &(0x7f0000000400)=[{&(0x7f00000000c0)="ee", 0x101d0}], 0x1}}], 0x400000000000181, 0x9200000000000000) recvmmsg$unix(0xffffffffffffffff, &(0x7f00000027c0)=[{{0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000100)=""/104, 0x68}], 0x1}}, {{0x0, 0x0, 0x0}}], 0x2, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 3.677454522s ago: executing program 3 (id=7304): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x300000a, 0x4031, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80001) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) r2 = userfaultfd(0x80001) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa08, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x0, 0x2}) 3.099790536s ago: executing program 1 (id=7305): r0 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0x5, &(0x7f00000000c0)=@req3={0x8000, 0x6, 0x8000, 0x6}, 0x1c) mmap(&(0x7f0000000000/0x2000)=nil, 0x30000, 0x2, 0x11, r0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=@newtaction={0x70, 0x30, 0x800, 0x0, 0x0, {}, [{0x5c, 0x1, [@m_ct={0x58, 0x0, 0x0, 0x0, {{0x7}, {0x4}, {0x2d, 0x6, "7692f8bd1f3512fc77bc02c00fb651bed78541f9f4714034e1960bfac955b72b02181229835ee64e13"}, {0xc}, {0xc}}}]}]}, 0x70}}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xf, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) setfsgid(0xee00) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c000000030800000000000000000000000000000900010073797a31000000001c0004800800034000000000080005400c00000008"], 0x3c}}, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05604, &(0x7f0000000080)={0x0, @sdr}) sendmsg$nl_generic(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[], 0x78}}, 0x0) 2.319827257s ago: executing program 2 (id=7306): futex(&(0x7f0000000000)=0x2, 0x2, 0x10, 0x0, 0x0, 0x0) r0 = openat$ttynull(0xffffffffffffff9c, &(0x7f0000000040), 0x4000, 0x0) ioctl$TIOCGDEV(r0, 0x80045432, &(0x7f0000000080)) 2.26028668s ago: executing program 3 (id=7307): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) socket$nl_route(0x10, 0x3, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$can_raw(0x1d, 0x3, 0x1) socket$inet6(0xa, 0x3, 0x39) socket$nl_route(0x10, 0x3, 0x0) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) (fail_nth: 3) 2.005849651s ago: executing program 4 (id=7308): r0 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r0, 0x29, 0x2e, 0x0, 0x0) 1.830976804s ago: executing program 4 (id=7309): r0 = socket$inet(0x2, 0x4000000000000001, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x7a, 0x4) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) setsockopt$SO_ATTACH_FILTER(r0, 0x1, 0x1a, &(0x7f0000000140)={0x1, &(0x7f0000000280)=[{0x6, 0x0, 0x0, 0xe4}]}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) sendto$inet(r0, &(0x7f0000000180)='{', 0x1, 0x0, 0x0, 0x0) sendmmsg$inet(r0, &(0x7f0000003400)=[{{0x0, 0x0, &(0x7f00000006c0)=[{&(0x7f00000002c0)="ce5b550b14dd04c2fa638125e6a08c8afc9544e026080580cd85c3eb2f86929b595b54111a0a8cbb8153b116dbc45fd564375e23c77253e437b511198d77aa69b31a693980b2c127a3436d9b55b08171de831554e27f6e7ce17c453bee12d9ad0b358e1f15586bca82f46501b3c5a531a7ab82770e354d8259f25dd23781314174a7cbdcc14506b95aaaa380d307c46ab27a1bc0b8f53339b2abf7600029e3886ccb38733b", 0xa5}, {&(0x7f0000000380)="f7ef0c2e3fa8667b6e", 0x9}, {&(0x7f00000003c0)="c2a68dacc669ca0bfab693837620e09b1768f23f0456a00677a414", 0x1b}, {&(0x7f0000000e80)="06987728e729ecb494924da9913d596cb581d832ab199384137f164cc9d8f2eb0c2fade94b8aefad67a53c4c9156a4832a4e0e90e3e1e9dc0f2acc20598fd58f57a34db4b44479e52edbd8c946a0f25d9fa32717aafdad752136eba890ac1830cc7c6e57ceb18a738f3dcc19c2559e6c2a19dbdc2ba64e56c37b2449a96847d1c9c4c9995966aee50ac537a665c40773628b174417c5b56c8cc39a928cd97ce7f042b82551363cb60ec44905c3c1e435df90e4634ac4d641514343743aae1e3a8df492e31d5c8661e099965a778b3b8d637a6290f41f5e42118c36e5914f0ff8b20b0bc5e7b512485e5cd9711af4db73a97105ec8ff23f0e85bff5f5716d52ab1b2cb80123da2852c9575bc6b63430adebcfdb91a0a5e50d833a0e707d789e34cc04e708659c7a9ef8b225a4e41267c20361d28a89f9eb6182759cb83ff9b8531784bb01a1f30d252647c3da9bb2c56c5ab3735d70073868001e777da158143ad476588a3835b5d4bbb9e9ad82a19fc9a532b42081518722359b09a31176fb61fdf5d2e5e917b4ff968023f2a5fe735caece86c4fdda8b94859750343ba9a52d7c670ce5cadab0e5f21e5ff3eee1eb97f17cfd3a79024c177a6e9aad3c22e5aba833751b185bde64b9fcadf78ea3e89fec4f1b36278af8db12620b75de8cdf1e0cd2f6430d3a5b4c55eb3a421a1f6e25511dd58db94cb7c60e048e811c9c6beaa8f7f45fdfecc4778fb7016a9d3d4a14f021e512abc65afb5a8ec10e40d2f5e8a21f098e3d9805e53666c27b3bb5ecda8a9eac41125d8c86cd38", 0x23a}], 0x4}}], 0x1, 0x0) sendmmsg$inet(r0, &(0x7f0000000e40)=[{{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000880)="d51bea8a3a7a9f11bdb6a37b69751f4fc9b43c211d9dccf8de698ab41303e10068ea5deb65e3a8e78dce6207179f92118585938a4509c5fb36a6519358da1cffd32cec80da48998b2a98c0bbec29a972cb61bed21830a974b9e0303beea60607d728888c6ffbfc04446df912c9e5f02ddc1000c77480edb8a30e9badfe45fbfe26f1aeff4e9a6b61762060c40c99a293a8403760985ae64734abda01e8ede5a55d675385f6c3477a76fa39e9c4214f943d638ea03f71b9c191678e7519fb352d4055b405", 0xc4}], 0x1}, 0x1200}], 0x1, 0x0) 1.530395095s ago: executing program 2 (id=7310): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000180)=[{0x6, 0x0, 0x0, 0x7fc00101}]}) epoll_create1(0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f0000002280)={0x0}) r2 = syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=0x0) syz_io_uring_setup(0xa94, &(0x7f0000000280), &(0x7f0000000040)=0x0, &(0x7f00000005c0)) syz_io_uring_submit(r4, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) seccomp$SECCOMP_SET_MODE_FILTER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000040)=[{0xd4fa, 0x0, 0x8, 0x8}]}) r8 = dup(r7) ioctl$KVM_SET_CPUID2(r8, 0x4008ae90, &(0x7f0000000000)=ANY=[@ANYBLOB="02000000000000030100000000000000000000000100000000000000760f00001d00002000000000000000000000000007"]) io_uring_enter(r2, 0xb15, 0x0, 0x0, 0x0, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_SEND(r0, 0xc0182101, &(0x7f0000000300)={r1}) 1.241200323s ago: executing program 4 (id=7311): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0x0, 0x4, &(0x7f0000000040)=ANY=[@ANYBLOB="b405000000000000711041000000"], &(0x7f0000003ff6)='GPL\x00', 0x0, 0xc9, &(0x7f0000000080)=""/201, 0x0, 0x42, '\x00', 0x0, 0x28, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000)={0x0, 0x8}, 0x10}, 0x90) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) r1 = socket$inet6(0xa, 0x5, 0xfffffffe) sendmsg$inet6(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_buf(r1, 0x29, 0x6, &(0x7f0000000140), 0x300) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x800) openat$nullb(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r2 = gettid() prctl$PR_SET_PTRACER(0x59616d61, r2) r3 = inotify_init1(0x0) fcntl$setown(r3, 0x8, 0xffffffffffffffff) fcntl$getownex(r3, 0x10, 0x0) ptrace$setopts(0x4206, 0x0, 0x0, 0x0) dup(0xffffffffffffffff) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000480)=ANY=[@ANYBLOB="440000001000090400"/19, @ANYRES32=0x0, @ANYBLOB="00000000401000002400128009000100626f6e64000000001400028008000a000000000008000b00", @ANYRES32=0x0, @ANYBLOB="4a5f6f8edc451fd2fc55d1ea46bed8863fac0b542765f782f2b33faf55022ff93c58aad5056f0010afdcaacc6a66e1e812"], 0x44}}, 0x0) ptrace$getregs(0xe, 0x0, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) io_setup(0x222, &(0x7f0000000180)=0x0) io_submit(r5, 0x0, 0x0) 1.240834187s ago: executing program 3 (id=7312): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, 0x0, 0x0) socket(0x18, 0xa, 0x1000) r1 = syz_open_dev$video4linux(&(0x7f0000000040), 0x10000, 0x0) ioctl$CAPI_REGISTER(r1, 0xc0585604, &(0x7f0000000140)={0x2}) socket$packet(0x11, 0x2, 0x300) ioctl$TIOCGPGRP(0xffffffffffffffff, 0x540f, &(0x7f0000000100)) r2 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r2, 0x11b, 0x4, &(0x7f0000000400)={&(0x7f0000000000)=""/74, 0x32b000, 0x1000}, 0x81) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) r3 = socket$kcm(0x10, 0x2, 0x4) close(r3) socket$kcm(0x10, 0x2, 0x0) sendmsg$inet(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000340)=[{&(0x7f0000000140)="5c00000011006bcc9e3be35c6e17aa31076b876c1d0000007ea60864160af36514001ac004000202080002000300010004000200eab556a705251e618294ff0051f60a84c9f4d4938037e786a6d0001000000e4509c5bbcd72c6c953", 0x5c}, {&(0x7f0000000240)="e5a64b1de69ad8ca0a0856698424883c9e8178b472525d3a7f0b46f78366dcbadc5fd602ac748b8ee5b2eb33c6b98750918e76e4fffa5c8ad8a7e67596c6f293642b70695d5fff81a9f22f5b646397040452d12fce99b943fc153f82591cfc5824b0ed3e98131fb1cb7f22d4a5a7acaf9debae6372fbecd5e5e0fff49fb8a8434ee2fe16976f20d9ae33b89af46033f90de3dabbb2703310e38263a411d29622acb45e032f6b76039c5f0851500aa23bd4dbd7e025a125857a1b24fca59949f483ba78d4c2962bc1a1a3a4e71933e577b52183ec6ad7e49497a7f48772c281382859011b7cb93de7d21adc67ae39ee1acd8381", 0xf3}, {&(0x7f00000001c0)="d3acc69731a03f194d08d8db8c80a53454a3d2af93279afbd2e97aa0b230070002000082310c7fdfe2fb6d", 0x2b}], 0x3, 0x0, 0x0, 0x1f00c00e}, 0x0) setsockopt$XDP_UMEM_COMPLETION_RING(r2, 0x11b, 0x6, &(0x7f0000000080)=0x1, 0x4) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$XDP_RX_RING(r2, 0x11b, 0x2, &(0x7f0000001980)=0x100, 0x4) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00'}) setsockopt$XDP_UMEM_FILL_RING(r2, 0x11b, 0x5, &(0x7f0000000140)=0x1, 0x4) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) r6 = socket$unix(0x1, 0x5, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000080)=0x100000001, 0x4) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000540), 0x4) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_128={{0x303, 0x37}, "475566172f45f011", "bd14060000000000000092f94413582b", "a4774ec6", "15b188e5e74e13ed"}, 0x28) r8 = dup2(r6, r5) close_range(r8, 0xffffffffffffffff, 0x0) 164.391711ms ago: executing program 1 (id=7313): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) listen(r0, 0x0) r1 = syz_io_uring_setup(0x239, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x2def, 0x0, 0x0, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000080)={0x1, &(0x7f0000000200)=[{0x6}]}) setsockopt$packet_int(0xffffffffffffffff, 0x107, 0x0, 0x0, 0x0) shutdown(0xffffffffffffffff, 0x0) 8.479838ms ago: executing program 0 (id=7314): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000018105e04da0700000000000109022400010000000009040000090300000009210000000122220009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000001c0)={0x24, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="00222200000096231306e53f070c0000002a9000070d00be0083"], 0x0}, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[], 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0xb, 0x7, 0x8, 0x8, 0x5}, 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xd, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000850000005000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085"], &(0x7f0000001b80)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='kfree\x00', r3}, 0x10) setrlimit(0x2, &(0x7f00000000c0)={0x2, 0x2400000}) mremap(&(0x7f0000000000/0x1000)=nil, 0x1000, 0x1000, 0x7, &(0x7f0000001000/0x1000)=nil) r4 = socket$inet6(0xa, 0x80002, 0x0) sendmmsg$inet(r4, &(0x7f0000000880)=[{{&(0x7f0000000040)={0x2, 0x1, @dev}, 0x10, &(0x7f0000000140)=[{&(0x7f0000000900)="e4f9aabcdc885746f079f3927e64da27008753aaa40539ce410c697224a939514662b2a0e6f641294ce6c0541d2936addd2aee32de2878dffe07f25811d71151a2408f65d14b4743ca0a24da7d8cd58341ef97b398b6eb452246430bd92a280ae9b88173d819abcf28d77ef7b5381950f518bc89a876a10b6233ac6958477d486f6ab556c6f68040c3196eb31543ce56d4fd6cab6cac3c9e1572f3393de5880ac74041008cfa5669a380260a5c229fcfc3b5a7ab39e02b78a04404b645d79125a53fb56aa3376fb145125309a753dd099f4e7bcbed08264c84a96afbd5727bd2851df243ebaa208bfc4fc552a953645ed97893c556c67f6d35c13a088ac03144ad7897a36cd73dcddc6b36a7ef1a72f066c4e0f9b242a2215b2a942634e472ba16ed34d032a1c09ae37687efed42898d62346f774e248f89b65e3288568fa17ad1ac763a49386d9420a997dd4b71d53279c1f2b8fbbaa9a46ab2d59edd69baf64382fb39bb85367a5e82138eb9135d65073fc092a0b18b010ab6215fcdbce646837d959621704862b16c19202cd2ce9bd5271ecefb4d76d25a8ba7ba820bdf25a37bff949df7b433499c2a0e1fa2cd69ad9a26e0d91ed726b271a715646496a474828ef7735c07726ceb97a6e890137562a098614abe609e99721ba21eda01e6018db80e29f1d3f42460724cf061abdac03905abf298b310838140d5b6b968b91c5a85f4ea6e4954dae5c53c338d1a65052f7b874438aa5bb429c7d973bd028f61bce9bbeb85d358a665eb290ddbb329a56480e019aef4304516ad55046f7b51a8ca044e510b07962b15e734081b7c224cd9de873507aa00d7f3cb13ad768ab92b247dcf405301991e5d445303b890bb7e972d9f3ef4537887c7f53737f265a4c8b9dfa789e2dad8e8cb0b3f88036ac37071af73be99504769a4c42af83d2371db648cef1a429040dd7f652546588e20143a2f984a883cd7798ca8033847adb6212e0efef984eefffe31695c4d7eb48cbd300b366e14686aa51954f0ed66d982df18f75f58cbfe24b8082631e6ec31d5e36d3924bb6690e9661799af31786c731a023a91a549015690aa8c9df755882c6ec305bed415e7ea99df9b0a14c5b2c0a4bb991ebfb3eaef6e07336e2d51c6a2dddd88d6c411d257021161c09c89ad384698a76c8b3a3af0800b6957a868cd54c93c8f5b15d0793d57651d71f43960299ae47d4b5f72d4876b0d9bba2d1f67f07e0c1d3011e3745cc4b38479387573a7a8b2686040ff8f37ef0eb6e27ac180c7d937312ecb186c91361a5361ce297e3c6fe7acf9ac2b2e70f00181109bcd709d32ce1c88aac3e7fbf3b21d438f014fd2a31074ea1d81039a5a8d1b611796acb4f5e1c0afb08586f9b62090371933c4380952c62da7b77719d6be3a80c3bc01aea9fee7f3adce9e59af5fc3a83cc612d450e202d61b6f99d9859025b951fee1190e41e214b07d70b4c837bff0028efafdaefdbb791bdc8853d53085849b283a14603d1ce4dd205184628aaa51492e37c83095ebb2c89705f6b8745d512247636e724c439a053f4abd72c0e01f101121eaae4f3079ca5f2553221da250fe0e9e6659166cc18409ce88b132e70f7730afc8ad68c808b6e53c1bc1b0dc9155eb9f190b2993810e352fd54d9c63ba51f5122992de868239d3af97a61e4e5c7d4a4bca164e6ee100562c0564bc142e8625879cc1af9d5ddbab5d0659380621fc20bccd69d0afb3df71f98a624fc452547c3a756ed5894a928b5d6ec5c15f183b84f735a9b8c685c7f8fee1bd9be932bee62ddd1236ee01353e0f7bd815850900cbe7270f7f7a4c5f584713662d945e00ffb403471d40dc989e7d6ee631940d6eb71ab72db934298d83472d6c2a2173ea74aa1a2d589d74b0dc44098d89bc903e7a031a3569baa61858806c0e52248fca8ebb7e70acdde9e40796da68fe5dd874993d90adb40e058fb249be32be28b715b0cf4321f2342b756ff93c90e4a114603ed28ca5353f8c19883d3e2c2270781a0224e6b1b3951fbb4925afe0b6f40b231f4adc66223a9b53b21006fdc38f4396dd74e6af9399ce53d5de98130077424eed1606a8dedfaf40500821b9ddb23f976fc7657fd130f0b26ea8e89819323e13d44414ac9f045463fe1c948919232d42b9c1671c55b273b1f568efe23fab85002e845fac2fbf98c51d39032ef659140b4f9d8a37836a98ce62f3a1a0818fabf4adb3aae508ccf0611f98338e7768ae4033ef240af4e7dce0059c1deca6aae430ec235418154b4a434e35f4695032f857504e54fd3840d616b23206fd340b768eaba7cabf53c18d6654bb5e1227ef5f676e96eb8d682d29e217051fefb842c4df50c52f813dd7124bc7f35cc73b36ea439807022291e707241f7ff5b38a7493c07e719632f54d9a5e06069770c1d6041c440af92b969c05fa780633249f148e523443cdfc1b551ed7225e8fcbfa0fef72fdb6c36f71e796947c6bcad1966f072b3689d38e13533f25e244f685fbd4843426fed6f2", 0x701}], 0x1}}], 0x1, 0x0) syz_usb_control_io$printer(r1, 0x0, 0x0) read$hidraw(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$evdev(0x0, 0x0, 0x200040) 0s ago: executing program 4 (id=7315): r0 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) socket$alg(0x26, 0x5, 0x0) socket$kcm(0x10, 0x0, 0x10) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000200)=@newqdisc={0xbc, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x8c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [], 0x0, [0x8, 0x4], [0x0, 0x8]}}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x28, 0x2, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_CMD={0x5}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8}, @TCA_TAPRIO_SCHED_ENTRY_GATE_MASK={0x8, 0x3, 0xe}, @TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x80}]}]}]}}]}, 0xbc}}, 0x0) kernel console output (not intermixed with test programs): tes leftover after parsing attributes in process `syz.4.7005'. [ 2159.924513][ T5328] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 2159.964298][ T9985] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 2159.994117][ T9985] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 2160.049684][ T9985] usb 2-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 2160.095991][T15060] netlink: 4616 bytes leftover after parsing attributes in process `syz.4.7005'. [ 2160.104049][ T9985] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2160.106941][ T5328] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 2160.136683][T15060] netlink: 4616 bytes leftover after parsing attributes in process `syz.4.7005'. [ 2160.178345][ T9985] usb 2-1: config 0 descriptor?? [ 2160.184120][ T5328] em28xx 1-1:0.0: board has no eeprom [ 2160.274087][ T5328] em28xx 1-1:0.0: Identified as Kaiomy TVnPC U2 (card=63) [ 2160.284112][ T5328] em28xx 1-1:0.0: analog set to bulk mode. [ 2160.299978][T12464] em28xx 1-1:0.0: Registering V4L2 extension [ 2160.397229][ T9985] hdpvr 2-1:0.0: unexpected answer of status request, len 0 [ 2160.418631][ T5328] usb 1-1: USB disconnect, device number 11 [ 2160.441920][ T5328] em28xx 1-1:0.0: Disconnecting em28xx [ 2160.456893][ T9985] hdpvr 2-1:0.0: device init failed [ 2160.492992][ T9985] hdpvr 2-1:0.0: probe with driver hdpvr failed with error -12 [ 2160.631159][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 2160.645411][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 2160.914406][T12464] i2c i2c-1: Invalid 7-bit I2C address 0x00 [ 2161.058432][T15020] ɶƣ0GC: entered promiscuous mode [ 2161.153787][T12464] tuner: 1-0061: Tuner -1 found with type(s) Radio TV. [ 2161.636913][T12464] DVB: Unable to find symbol xc2028_attach() [ 2161.690703][T12464] tuner: 1-0061: Tuner has no way to set tv freq [ 2161.741036][T12464] em28xx 1-1:0.0: Config register raw data: 0xffffffed [ 2161.785799][T12464] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 2161.816881][ T9985] usb 3-1: USB disconnect, device number 103 [ 2161.853629][T12464] em28xx 1-1:0.0: No AC97 audio processor [ 2161.879221][T12464] tuner: 1-0061: Tuner has no way to set tv freq [ 2162.008575][T21044] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2162.027120][T12464] em28xx 1-1:0.0: Registered radio device as radio32 [ 2162.076466][T12464] usb 1-1: Decoder not found [ 2162.134212][T12464] em28xx 1-1:0.0: failed to create media graph [ 2162.195007][T12464] em28xx 1-1:0.0: V4L2 device radio32 deregistered [ 2162.268053][T12464] em28xx 1-1:0.0: V4L2 device video71 deregistered [ 2162.359765][T12464] em28xx 1-1:0.0: Registering input extension [ 2162.391837][ T5328] em28xx 1-1:0.0: Closing input extension [ 2162.422384][ T9985] usb 2-1: USB disconnect, device number 112 [ 2162.498933][ T691] usb 5-1: USB disconnect, device number 104 [ 2162.541053][ T5328] em28xx 1-1:0.0: Freeing device [ 2162.649067][T21044] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2163.215952][T29601] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 2163.228547][T21044] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2163.260711][T15159] program syz.2.7014 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 2163.322499][T12464] usb 2-1: new high-speed USB device number 113 using dummy_hcd [ 2163.424169][T29601] usb 4-1: Using ep0 maxpacket: 32 [ 2163.432668][T29601] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 2163.485541][T21044] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2163.504257][T29601] usb 4-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 2163.543365][T29601] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2163.568082][T12464] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 2163.587423][T29601] usb 4-1: config 0 descriptor?? [ 2163.595195][T12464] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2163.597946][T29601] hub 4-1:0.0: bad descriptor, ignoring hub [ 2163.647892][T29601] hub 4-1:0.0: probe with driver hub failed with error -5 [ 2163.649513][T12464] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 2163.660917][T29601] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 2163.754141][T12464] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2163.820388][T12464] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 2163.861157][T12464] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 2163.923723][T12464] usb 2-1: Product: syz [ 2163.972760][T12464] usb 2-1: Manufacturer: syz [ 2164.002290][T21044] bridge_slave_1: left allmulticast mode [ 2164.007360][T12464] cdc_wdm 2-1:1.0: skipping garbage [ 2164.034933][T12464] cdc_wdm 2-1:1.0: skipping garbage [ 2164.045776][T21044] bridge_slave_1: left promiscuous mode [ 2164.067671][T21044] bridge0: port 2(bridge_slave_1) entered disabled state [ 2164.095981][T12464] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 2164.112698][ T4618] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2164.128800][ T4618] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2164.143214][T12464] cdc_wdm 2-1:1.0: Unknown control protocol [ 2164.143274][ T4618] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2164.173499][ T4618] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2164.183635][ T4618] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 2164.194522][ T4618] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2164.195503][T21044] bridge_slave_0: left allmulticast mode [ 2164.344036][T21044] bridge_slave_0: left promiscuous mode [ 2164.381098][T21044] bridge0: port 1(bridge_slave_0) entered disabled state [ 2165.207366][ T691] usb 2-1: USB disconnect, device number 113 [ 2165.492943][T15230] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7019'. [ 2166.080193][ T5279] usb 4-1: USB disconnect, device number 12 [ 2166.294811][T28663] Bluetooth: hci1: command tx timeout [ 2166.461595][T21044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2166.504993][T21044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2166.544849][T21044] bond0 (unregistering): Released all slaves [ 2167.932636][T12464] usb 3-1: new high-speed USB device number 104 using dummy_hcd [ 2168.145283][T12464] usb 3-1: Using ep0 maxpacket: 8 [ 2168.158021][T21044] hsr_slave_0: left promiscuous mode [ 2168.196155][T21044] hsr_slave_1: left promiscuous mode [ 2168.216338][T12464] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 2168.237576][T21044] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2168.253971][T12464] usb 3-1: can't read configurations, error -61 [ 2168.270994][T21044] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2168.299834][T21044] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2168.326244][T21044] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2168.374353][T28663] Bluetooth: hci1: command tx timeout [ 2168.433811][T21044] veth1_macvtap: left promiscuous mode [ 2168.441723][T12464] usb 3-1: new high-speed USB device number 105 using dummy_hcd [ 2168.494701][T21044] veth0_macvtap: left promiscuous mode [ 2168.501253][T21044] veth1_vlan: left promiscuous mode [ 2168.527294][T21044] veth0_vlan: left promiscuous mode [ 2168.694466][T12464] usb 3-1: Using ep0 maxpacket: 8 [ 2168.706754][T12464] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 2168.771159][T12464] usb 3-1: can't read configurations, error -61 [ 2168.804667][T12464] usb usb3-port1: attempt power cycle [ 2169.316038][ T8422] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 2169.334266][T12464] usb 3-1: new high-speed USB device number 106 using dummy_hcd [ 2169.388576][ T4618] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 2169.402281][T12464] usb 3-1: Using ep0 maxpacket: 8 [ 2169.414931][ T4618] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 2169.439512][ T4618] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 2169.452302][T12464] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 2169.462783][ T4618] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 2169.484103][T12464] usb 3-1: can't read configurations, error -61 [ 2169.484193][ T4618] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 2169.502352][ T4618] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 2169.537688][ T8422] usb 4-1: Using ep0 maxpacket: 32 [ 2169.556803][ T8422] usb 4-1: New USB device found, idVendor=055f, idProduct=d001, bcdDevice=88.92 [ 2169.575368][ T8422] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2169.594773][ T8422] usb 4-1: config 0 descriptor?? [ 2169.606361][ T8422] gspca_main: nw80x-2.14.0 probing 055f:d001 [ 2169.694502][T12464] usb 3-1: new high-speed USB device number 107 using dummy_hcd [ 2169.764137][T12464] usb 3-1: Using ep0 maxpacket: 8 [ 2169.792801][T12464] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 2169.835560][T12464] usb 3-1: can't read configurations, error -61 [ 2169.865293][T12464] usb usb3-port1: unable to enumerate USB device [ 2170.215659][ T29] kauditd_printk_skb: 4 callbacks suppressed [ 2170.215719][ T29] audit: type=1326 audit(1722659405.427:2245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15304 comm="syz.3.7032" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x0 [ 2170.457658][ T4618] Bluetooth: hci1: command tx timeout [ 2170.723369][T15330] netlink: 60 bytes leftover after parsing attributes in process `syz.2.7034'. [ 2170.824729][ T8422] gspca_nw80x: reg_r err -110 [ 2170.832514][ T8422] nw80x 4-1:0.0: probe with driver nw80x failed with error -110 [ 2170.845041][T21044] team0 (unregistering): Port device team_slave_1 removed [ 2170.992632][T21044] team0 (unregistering): Port device team_slave_0 removed [ 2171.579506][ T4618] Bluetooth: hci3: command tx timeout [ 2172.535361][ T4618] Bluetooth: hci1: command tx timeout [ 2172.763312][T15196] chnl_net:caif_netlink_parms(): no params data found [ 2173.015242][T12465] usb 4-1: USB disconnect, device number 13 [ 2173.653093][T21044] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2173.667126][ T4618] Bluetooth: hci3: command tx timeout [ 2173.934671][T15494] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7038'. [ 2173.954191][T15318] chnl_net:caif_netlink_parms(): no params data found [ 2174.128414][T21044] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2174.172110][T15196] bridge0: port 1(bridge_slave_0) entered blocking state [ 2174.201561][T15196] bridge0: port 1(bridge_slave_0) entered disabled state [ 2174.244869][T15196] bridge_slave_0: entered allmulticast mode [ 2174.252548][T15196] bridge_slave_0: entered promiscuous mode [ 2174.301098][T15196] bridge0: port 2(bridge_slave_1) entered blocking state [ 2174.330719][T15196] bridge0: port 2(bridge_slave_1) entered disabled state [ 2174.355167][T15196] bridge_slave_1: entered allmulticast mode [ 2174.378498][T15196] bridge_slave_1: entered promiscuous mode [ 2174.583763][T21044] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2174.837416][T21044] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2175.076719][T15196] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2175.186625][T15196] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2175.522087][ T29] audit: type=1326 audit(1722659410.727:2246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000 [ 2175.645963][ T29] audit: type=1326 audit(1722659410.727:2247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000 [ 2175.734108][ T4618] Bluetooth: hci3: command tx timeout [ 2175.741119][ T29] audit: type=1326 audit(1722659410.727:2248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000 [ 2175.765817][ T29] audit: type=1326 audit(1722659410.727:2249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000 [ 2175.812079][T15196] team0: Port device team_slave_0 added [ 2175.824040][ T29] audit: type=1326 audit(1722659410.757:2250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000 [ 2175.855074][T15318] bridge0: port 1(bridge_slave_0) entered blocking state [ 2175.863483][T15318] bridge0: port 1(bridge_slave_0) entered disabled state [ 2175.875068][T12464] usb 2-1: new high-speed USB device number 114 using dummy_hcd [ 2175.886779][ T29] audit: type=1326 audit(1722659410.757:2251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000 [ 2175.913004][T15318] bridge_slave_0: entered allmulticast mode [ 2175.931887][ T29] audit: type=1326 audit(1722659410.757:2252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x7ffc0000 [ 2175.956476][T15318] bridge_slave_0: entered promiscuous mode [ 2175.972882][ T29] audit: type=1326 audit(1722659410.757:2253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb7e6f79817 code=0x7ffc0000 [ 2176.055826][T15196] team0: Port device team_slave_1 added [ 2176.083293][ T29] audit: type=1326 audit(1722659410.757:2254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7fb7e6f7978c code=0x7ffc0000 [ 2176.106934][T12464] usb 2-1: Using ep0 maxpacket: 8 [ 2176.127884][T12464] usb 2-1: New USB device found, idVendor=061d, idProduct=c120, bcdDevice=e3.67 [ 2176.150555][T12464] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2176.175493][T12464] usb 2-1: config 0 descriptor?? [ 2176.187807][ T29] audit: type=1326 audit(1722659410.757:2255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=15706 comm="syz.3.7049" exe="/root/syz-executor" sig=0 arch=c000003e syscall=45 compat=0 ip=0x7fb7e6f796c4 code=0x7ffc0000 [ 2176.195685][T15318] bridge0: port 2(bridge_slave_1) entered blocking state [ 2176.215233][T12464] quatech2 2-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected [ 2176.294436][T15318] bridge0: port 2(bridge_slave_1) entered disabled state [ 2176.334732][T15318] bridge_slave_1: entered allmulticast mode [ 2176.359076][T15318] bridge_slave_1: entered promiscuous mode [ 2176.755654][T15196] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2176.774569][T15196] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2176.903171][T15196] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2177.036030][T15318] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2177.216658][T15196] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2177.253747][T15196] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2177.331893][T15196] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2177.389322][T15318] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2177.586272][ T4618] Bluetooth: hci5: command tx timeout [ 2177.587197][T12464] usb 2-1: qt2_attach - failed to power on unit: -71 [ 2177.636317][T21044] bridge_slave_1: left allmulticast mode [ 2177.642010][T21044] bridge_slave_1: left promiscuous mode [ 2177.698197][T12464] quatech2 2-1:0.0: probe with driver quatech2 failed with error -71 [ 2177.786666][T21044] bridge0: port 2(bridge_slave_1) entered disabled state [ 2177.814154][T28663] Bluetooth: hci3: command tx timeout [ 2177.816507][T12464] usb 2-1: USB disconnect, device number 114 [ 2177.913838][T21044] bridge_slave_0: left allmulticast mode [ 2177.968299][T21044] bridge_slave_0: left promiscuous mode [ 2177.992696][T21044] bridge0: port 1(bridge_slave_0) entered disabled state [ 2179.572341][T21044] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2179.602430][T21044] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2179.645833][T21044] bond0 (unregistering): Released all slaves [ 2179.660766][T28663] Bluetooth: hci5: command 0x0406 tx timeout [ 2179.864749][T15318] team0: Port device team_slave_0 added [ 2179.896268][T21044] ɶƣ0GC: left promiscuous mode [ 2180.013420][ T5279] usb 3-1: new high-speed USB device number 108 using dummy_hcd [ 2180.162980][T15318] team0: Port device team_slave_1 added [ 2180.224160][ T5279] usb 3-1: Using ep0 maxpacket: 32 [ 2180.250136][ T5279] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 2180.270837][ T5279] usb 3-1: config 0 has no interface number 0 [ 2180.274496][T15196] hsr_slave_0: entered promiscuous mode [ 2180.291535][ T5279] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2180.326882][T15196] hsr_slave_1: entered promiscuous mode [ 2180.345297][ T5279] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2180.358651][ T5279] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 2180.365309][T15951] xt_CONNSECMARK: invalid mode: 0 [ 2180.369750][ T5279] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2180.372851][T15196] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2180.372877][T15196] Cannot create hsr debugfs directory [ 2180.465931][ T5279] usb 3-1: config 0 descriptor?? [ 2180.621006][ T9687] usb 2-1: new high-speed USB device number 115 using dummy_hcd [ 2180.661488][T15318] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2180.703821][T15318] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2180.804230][T15318] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2180.850571][T15318] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2180.879067][T15318] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2180.895647][ T9687] usb 2-1: New USB device found, idVendor=0547, idProduct=6801, bcdDevice=43.6f [ 2180.974505][ T9687] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2180.983912][T15318] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2181.047698][ T9687] usb 2-1: Product: syz [ 2181.114559][ T9687] usb 2-1: Manufacturer: syz [ 2181.120127][ T9687] usb 2-1: SerialNumber: syz [ 2181.159496][ T9687] usb 2-1: config 0 descriptor?? [ 2181.174374][ T5279] uclogic 0003:28BD:0094.008A: pen parameters not found [ 2181.183025][ T5279] uclogic 0003:28BD:0094.008A: interface is invalid, ignoring [ 2181.211476][ T9687] gspca_main: touptek-2.14.0 probing 0547:6801 [ 2181.270047][ T5279] usb 3-1: USB disconnect, device number 108 [ 2181.768983][T15318] hsr_slave_0: entered promiscuous mode [ 2181.790626][T15318] hsr_slave_1: entered promiscuous mode [ 2181.818878][T15318] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2181.829610][T15318] Cannot create hsr debugfs directory [ 2181.882056][T21044] hsr_slave_0: left promiscuous mode [ 2181.901698][T21044] hsr_slave_1: left promiscuous mode [ 2181.919075][T21044] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2181.961857][T21044] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2181.998056][T21044] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2182.032494][T21044] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2182.254698][T21044] veth1_macvtap: left promiscuous mode [ 2182.260273][T21044] veth0_macvtap: left promiscuous mode [ 2182.303051][T21044] veth1_vlan: left promiscuous mode [ 2182.326711][T21044] veth0_vlan: left promiscuous mode [ 2183.315341][T12465] usb 2-1: USB disconnect, device number 115 [ 2184.604737][T21044] team0 (unregistering): Port device team_slave_1 removed [ 2184.816449][T21044] team0 (unregistering): Port device team_slave_0 removed [ 2186.730993][T16112] netlink: 152 bytes leftover after parsing attributes in process `syz.3.7072'. [ 2186.824518][T16114] sch_tbf: burst 1 is lower than device lo mtu (65550) ! [ 2186.990095][T16132] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7073'. [ 2187.150059][T16165] fuse: Bad value for 'fd' [ 2187.228479][T16158] team0: mtu less than device minimum [ 2189.558326][T15196] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 2189.632050][T15196] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 2189.769755][T15196] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 2189.825800][T15196] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 2190.463172][T15196] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2190.508426][T15196] 8021q: adding VLAN 0 to HW filter on device team0 [ 2190.577596][ T9687] bridge0: port 1(bridge_slave_0) entered blocking state [ 2190.585625][ T9687] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2190.643759][ T9687] bridge0: port 2(bridge_slave_1) entered blocking state [ 2190.652298][ T9687] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2190.721944][T16330] netlink: 152 bytes leftover after parsing attributes in process `syz.2.7082'. [ 2191.107020][T15318] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2191.167714][T15318] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2191.236387][T16352] team0: mtu less than device minimum [ 2191.276736][T15318] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 2191.285549][T16357] fuse: Bad value for 'fd' [ 2191.335799][T15318] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 2191.651219][T15196] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2192.017732][T15196] veth0_vlan: entered promiscuous mode [ 2192.129004][T15318] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2192.223673][T15318] 8021q: adding VLAN 0 to HW filter on device team0 [ 2192.262229][T15196] veth1_vlan: entered promiscuous mode [ 2192.289528][ T5328] bridge0: port 1(bridge_slave_0) entered blocking state [ 2192.296730][ T5328] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2192.363916][ T5328] bridge0: port 2(bridge_slave_1) entered blocking state [ 2192.371080][ T5328] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2192.534920][T15196] veth0_macvtap: entered promiscuous mode [ 2192.578163][T15196] veth1_macvtap: entered promiscuous mode [ 2192.679577][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2192.732176][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2192.762692][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2192.802392][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2192.835578][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2192.884056][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2192.917350][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2192.959239][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2192.994127][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2193.026664][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2193.057825][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2193.083996][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2193.123731][T15196] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2193.173656][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2193.223925][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2193.274339][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2193.307042][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2193.331620][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2193.355079][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2193.385297][ T4618] Bluetooth: hci5: Malformed MSFT vendor event: 0x02 [ 2193.391474][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2193.404187][ T4618] Bluetooth: hci5: SCO packet for unknown connection handle 14 [ 2193.436217][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2193.477443][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 2193.477460][ T29] audit: type=1326 audit(1722659428.677:2316): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000 [ 2193.526315][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2193.563925][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2193.593404][ T29] audit: type=1326 audit(1722659428.677:2317): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=301 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000 [ 2193.619074][T15196] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2193.652658][T15196] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2193.684968][ T29] audit: type=1326 audit(1722659428.677:2318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000 [ 2193.710089][T15196] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2193.776024][T15196] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2193.815250][T15196] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2193.826529][ T29] audit: type=1326 audit(1722659428.677:2319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000 [ 2193.884109][T15196] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2193.923635][T15196] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2193.948659][ T29] audit: type=1326 audit(1722659428.677:2320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000 [ 2194.021124][T15318] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2194.050434][T16416] FAULT_INJECTION: forcing a failure. [ 2194.050434][T16416] name failslab, interval 1, probability 0, space 0, times 0 [ 2194.065996][ T29] audit: type=1326 audit(1722659428.677:2321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000 [ 2194.122189][T16416] CPU: 0 UID: 0 PID: 16416 Comm: syz.3.7095 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 2194.133001][T16416] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2194.143068][T16416] Call Trace: [ 2194.146367][T16416] [ 2194.149307][T16416] dump_stack_lvl+0x241/0x360 [ 2194.154010][T16416] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2194.159230][T16416] ? __pfx__printk+0x10/0x10 [ 2194.163836][T16416] ? fs_reclaim_acquire+0x93/0x140 [ 2194.168963][T16416] ? __pfx___might_resched+0x10/0x10 [ 2194.174274][T16416] should_fail_ex+0x3b0/0x4e0 [ 2194.178985][T16416] ? tomoyo_encode+0x26f/0x540 [ 2194.183766][T16416] should_failslab+0xac/0x100 [ 2194.188466][T16416] ? tomoyo_encode+0x26f/0x540 [ 2194.193246][T16416] __kmalloc_noprof+0xd8/0x400 [ 2194.198033][T16416] tomoyo_encode+0x26f/0x540 [ 2194.202650][T16416] tomoyo_realpath_from_path+0x59e/0x5e0 [ 2194.208319][T16416] tomoyo_path_number_perm+0x23a/0x880 [ 2194.213810][T16416] ? tomoyo_path_number_perm+0x208/0x880 [ 2194.219466][T16416] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 2194.225511][T16416] ? __fget_files+0x29/0x470 [ 2194.230125][T16416] ? __fget_files+0x3f6/0x470 [ 2194.234822][T16416] ? __fget_files+0x29/0x470 [ 2194.239445][T16416] security_file_ioctl+0x75/0xb0 [ 2194.244405][T16416] __se_sys_ioctl+0x47/0x170 [ 2194.249018][T16416] do_syscall_64+0xf3/0x230 [ 2194.253542][T16416] ? clear_bhb_loop+0x35/0x90 [ 2194.258243][T16416] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2194.264157][T16416] RIP: 0033:0x7fb7e6f779f9 [ 2194.268590][T16416] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2194.288219][T16416] RSP: 002b:00007fb7e7db1048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2194.296658][T16416] RAX: ffffffffffffffda RBX: 00007fb7e7105f80 RCX: 00007fb7e6f779f9 [ 2194.304648][T16416] RDX: 0000000020000e80 RSI: 000000004008744b RDI: 0000000000000003 [ 2194.312631][T16416] RBP: 00007fb7e7db10a0 R08: 0000000000000000 R09: 0000000000000000 [ 2194.320616][T16416] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2194.328599][T16416] R13: 000000000000000b R14: 00007fb7e7105f80 R15: 00007fb7e722fa38 [ 2194.336605][T16416] [ 2194.345882][ T29] audit: type=1326 audit(1722659428.677:2322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000 [ 2194.444151][ T29] audit: type=1326 audit(1722659428.687:2323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000 [ 2194.515323][T16416] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2194.542746][ T29] audit: type=1326 audit(1722659428.687:2324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000 [ 2194.576510][ T29] audit: type=1326 audit(1722659428.687:2325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16403 comm="syz.1.7094" exe="/root/syz-executor" sig=0 arch=c000003e syscall=270 compat=0 ip=0x7fccaed779f9 code=0x7ffc0000 [ 2194.748963][T15318] veth0_vlan: entered promiscuous mode [ 2194.813302][T15318] veth1_vlan: entered promiscuous mode [ 2194.911453][T16442] team0: mtu less than device minimum [ 2194.965425][ T140] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2194.973573][T16442] fuse: Bad value for 'fd' [ 2195.020349][ T140] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2195.197438][T19256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2195.242686][T19256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2195.267081][T15318] veth0_macvtap: entered promiscuous mode [ 2195.321252][T15318] veth1_macvtap: entered promiscuous mode [ 2195.386799][T12465] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 2195.496371][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2195.540436][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2195.594009][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2195.606548][T12465] usb 4-1: Using ep0 maxpacket: 16 [ 2195.627432][T12465] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2195.644131][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2195.674491][T12465] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2195.684671][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2195.703473][T12465] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 2195.724926][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2195.740303][T12465] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 2195.927384][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2195.949447][T12465] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2195.961463][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2195.986399][T12465] usb 4-1: config 0 descriptor?? [ 2196.002358][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2196.033919][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2196.068688][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2196.113312][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2196.139221][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2196.178648][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2196.231821][ T9687] usb 2-1: new full-speed USB device number 116 using dummy_hcd [ 2196.275904][T15318] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2196.483202][ T9687] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2196.557070][ T9687] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2196.622141][ T9687] usb 2-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 2196.707980][ T9687] usb 2-1: New USB device found, idVendor=413c, idProduct=81d1, bcdDevice=fb.93 [ 2196.744443][ T9687] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2196.800976][ T9687] usb 2-1: Product: syz [ 2196.830070][ T9687] usb 2-1: Manufacturer: syz [ 2196.859380][ T9687] usb 2-1: SerialNumber: syz [ 2196.934547][ T9687] usb 2-1: config 0 descriptor?? [ 2197.665115][T12465] usbhid 4-1:0.0: can't add hid device: -71 [ 2197.702956][T12465] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 2197.794630][T12465] usb 4-1: USB disconnect, device number 14 [ 2197.815734][T16471] syz.1.7099: attempt to access beyond end of device [ 2197.815734][T16471] md102: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 2198.817389][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2198.881019][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2198.944026][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2199.019906][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.067004][T12465] usb 2-1: USB disconnect, device number 116 [ 2199.107454][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2199.157064][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.214086][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2199.273980][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.338674][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2199.372218][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.462654][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2199.591437][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.721277][T15318] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2199.764014][T15318] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2199.764271][T12465] usb 3-1: new high-speed USB device number 109 using dummy_hcd [ 2199.815652][T16549] fuse: Bad value for 'fd' [ 2199.837128][T15318] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2199.930796][T16548] team0: mtu less than device minimum [ 2199.991662][T15318] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2200.062047][T15318] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2200.091691][T12465] usb 3-1: Using ep0 maxpacket: 32 [ 2200.122754][T15318] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2200.150524][T15318] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2200.178300][T12465] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 2200.259859][T16555] dvmrp0: entered allmulticast mode [ 2200.351766][T12465] usb 3-1: New USB device found, idVendor=0c72, idProduct=0011, bcdDevice= 9.75 [ 2200.363698][T16554] dvmrp0: left allmulticast mode [ 2200.427011][T12465] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2200.484398][T12465] usb 3-1: Product: syz [ 2200.489414][T12465] usb 3-1: Manufacturer: syz [ 2200.569660][T12465] usb 3-1: SerialNumber: syz [ 2200.629591][T12465] usb 3-1: config 0 descriptor?? [ 2200.843335][T16566] FAULT_INJECTION: forcing a failure. [ 2200.843335][T16566] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2200.860604][T16566] CPU: 0 UID: 0 PID: 16566 Comm: syz.1.7110 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 2200.871398][T16566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2200.881471][T16566] Call Trace: [ 2200.884764][T16566] [ 2200.887710][T16566] dump_stack_lvl+0x241/0x360 [ 2200.892415][T16566] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2200.897643][T16566] ? __pfx__printk+0x10/0x10 [ 2200.902255][T16566] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2200.908267][T16566] ? shmem_get_folio_gfp+0x19c7/0x2370 [ 2200.913758][T16566] should_fail_ex+0x3b0/0x4e0 [ 2200.918467][T16566] copy_page_from_iter_atomic+0x54d/0x1aa0 [ 2200.924311][T16566] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 2200.930576][T16566] ? shmem_write_begin+0x23f/0x4d0 [ 2200.935709][T16566] ? __pfx_shmem_write_begin+0x10/0x10 [ 2200.941199][T16566] generic_perform_write+0x4a1/0x840 [ 2200.946598][T16566] ? __pfx_generic_perform_write+0x10/0x10 [ 2200.952413][T16566] ? mnt_put_write_access_file+0xc2/0x100 [ 2200.958141][T16566] ? file_update_time+0x3b8/0x430 [ 2200.963178][T16566] shmem_file_write_iter+0xfc/0x120 [ 2200.968386][T16566] do_iter_readv_writev+0x60a/0x890 [ 2200.973610][T16566] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 2200.979343][T16566] ? rcu_read_lock_any_held+0xb7/0x160 [ 2200.984823][T16566] vfs_writev+0x37c/0xbb0 [ 2200.989169][T16566] ? __pfx_lock_acquire+0x10/0x10 [ 2200.994196][T16566] ? __pfx_vfs_writev+0x10/0x10 [ 2200.999061][T16566] ? __fget_files+0x29/0x470 [ 2201.003671][T16566] __se_sys_pwritev2+0x1ca/0x2d0 [ 2201.008616][T16566] ? __pfx___se_sys_pwritev2+0x10/0x10 [ 2201.014081][T16566] ? do_syscall_64+0x100/0x230 [ 2201.018884][T16566] ? __x64_sys_pwritev2+0x21/0xf0 [ 2201.023925][T16566] do_syscall_64+0xf3/0x230 [ 2201.028437][T16566] ? clear_bhb_loop+0x35/0x90 [ 2201.033109][T16566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2201.039008][T16566] RIP: 0033:0x7fccaed779f9 [ 2201.043424][T16566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2201.063042][T16566] RSP: 002b:00007fccafbb3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000148 [ 2201.071458][T16566] RAX: ffffffffffffffda RBX: 00007fccaef05f80 RCX: 00007fccaed779f9 [ 2201.079438][T16566] RDX: 000000000000003a RSI: 0000000020000240 RDI: 0000000000000006 [ 2201.087408][T16566] RBP: 00007fccafbb30a0 R08: 0000000000000000 R09: 0000000000000003 [ 2201.095371][T16566] R10: 0000000000001400 R11: 0000000000000246 R12: 0000000000000002 [ 2201.103339][T16566] R13: 000000000000000b R14: 00007fccaef05f80 R15: 00007fccaf02fa38 [ 2201.111316][T16566] [ 2201.332664][T16537] wg1: entered promiscuous mode [ 2201.490657][T12465] peak_usb 3-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 2201.599008][T12465] peak_usb 3-1:0.0: unable to read PCAN-USB Pro FD firmware info (err -71) [ 2202.006245][T12465] peak_usb 3-1:0.0: probe with driver peak_usb failed with error -71 [ 2202.106916][T12465] usb 3-1: USB disconnect, device number 109 [ 2202.217894][ T53] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2202.293956][ T53] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2202.499861][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2202.554864][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2203.213488][ T9687] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 2203.454139][T12465] usb 5-1: new high-speed USB device number 105 using dummy_hcd [ 2203.487704][ T9687] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 2203.519413][ T9687] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2203.564695][ T9687] usb 4-1: config 0 has no interfaces? [ 2203.592998][ T9687] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 2203.634095][ T9687] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 2203.727092][T12465] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 2203.738231][ T9687] usb 4-1: Manufacturer: syz [ 2203.758280][ T29] audit: type=1326 audit(1722659438.967:2326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16641 comm="syz.2.7117" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x0 [ 2203.807327][T12465] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2203.831294][T16646] netlink: 152 bytes leftover after parsing attributes in process `syz.0.7118'. [ 2203.861447][ T9687] usb 4-1: config 0 descriptor?? [ 2203.923447][T12465] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 2204.061711][T12465] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2204.120891][T12465] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 2204.133605][T12465] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 2204.444495][T12465] usb 5-1: Product: syz [ 2204.467741][T12465] usb 5-1: Manufacturer: syz [ 2204.577513][T12465] cdc_wdm 5-1:1.0: skipping garbage [ 2204.583824][T12465] cdc_wdm 5-1:1.0: skipping garbage [ 2205.109206][T12465] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 2205.207151][T12465] cdc_wdm 5-1:1.0: Unknown control protocol [ 2205.484383][T16672] team0: mtu less than device minimum [ 2205.698527][T16680] fuse: Bad value for 'fd' [ 2205.978642][T29601] usb 4-1: USB disconnect, device number 15 [ 2206.159199][ T5279] usb 5-1: USB disconnect, device number 105 [ 2206.561735][T16704] sctp: [Deprecated]: syz.3.7124 (pid 16704) Use of int in max_burst socket option deprecated. [ 2206.561735][T16704] Use struct sctp_assoc_value instead [ 2207.505726][T12465] usb 5-1: new high-speed USB device number 106 using dummy_hcd [ 2207.568755][T16725] syzkaller1: entered promiscuous mode [ 2207.629377][T16725] syzkaller1: entered allmulticast mode [ 2207.678238][ T29] audit: type=1326 audit(1722659442.867:2327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16730 comm="syz.2.7130" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x0 [ 2207.764008][T12465] usb 5-1: Using ep0 maxpacket: 8 [ 2207.794526][T12465] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 2207.842853][T12465] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 2207.910749][T12465] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 2207.978793][T12465] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2208.058236][T12465] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 2208.113190][T12465] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2208.127768][T16738] netlink: 152 bytes leftover after parsing attributes in process `syz.0.7131'. [ 2208.527802][T12465] usb 5-1: GET_CAPABILITIES returned 0 [ 2208.576009][T12465] usbtmc 5-1:16.0: can't read capabilities [ 2209.426723][T12465] usb 5-1: USB disconnect, device number 106 [ 2213.574137][ T4618] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 2213.585845][ T4618] Bluetooth: hci0: Injecting HCI hardware error event [ 2213.598586][T28663] Bluetooth: hci0: hardware error 0x00 [ 2213.709802][T29601] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 2213.775153][T12465] usb 5-1: new high-speed USB device number 107 using dummy_hcd [ 2213.934044][T29601] usb 1-1: Using ep0 maxpacket: 8 [ 2213.967991][T29601] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2213.997951][T29601] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2214.004178][T12465] usb 5-1: Using ep0 maxpacket: 8 [ 2214.043456][T12465] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2214.044212][ T29] audit: type=1326 audit(1722659449.227:2328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16816 comm="syz.3.7143" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fb7e6f779f9 code=0x0 [ 2214.111804][T29601] usb 1-1: New USB device found, idVendor=056a, idProduct=00e5, bcdDevice= 0.00 [ 2214.132009][T12465] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2214.150782][T29601] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2214.192353][T29601] usb 1-1: config 0 descriptor?? [ 2214.194077][T12465] usb 5-1: New USB device found, idVendor=056a, idProduct=00e5, bcdDevice= 0.00 [ 2214.214212][ T5279] usb 2-1: new full-speed USB device number 117 using dummy_hcd [ 2214.321787][T12465] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2214.409123][T12465] usb 5-1: config 0 descriptor?? [ 2214.451870][ T5279] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2214.519177][ T5279] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2214.603250][ T29] audit: type=1326 audit(1722659449.777:2329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16821 comm="syz.2.7144" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x0 [ 2214.643233][ T5279] usb 2-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 2214.695206][ T5279] usb 2-1: New USB device found, idVendor=413c, idProduct=81d1, bcdDevice=fb.93 [ 2214.717295][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2214.727795][ T5279] usb 2-1: Product: syz [ 2214.732974][ T5279] usb 2-1: Manufacturer: syz [ 2214.736270][T16829] netlink: 152 bytes leftover after parsing attributes in process `syz.3.7145'. [ 2214.742494][ T5279] usb 2-1: SerialNumber: syz [ 2214.790017][ T5279] usb 2-1: config 0 descriptor?? [ 2215.077254][T16828] fuse: Bad value for 'fd' [ 2215.437708][T16811] syz.1.7142: attempt to access beyond end of device [ 2215.437708][T16811] md102: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 2215.734709][T28663] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 2215.964505][T16798] fuse: Bad value for 'fd' [ 2216.887630][T29601] usbhid 1-1:0.0: can't add hid device: -71 [ 2216.925787][T29601] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 2217.053642][T29601] usb 1-1: USB disconnect, device number 12 [ 2217.139564][ T5328] usb 2-1: USB disconnect, device number 117 [ 2217.584101][T12465] usbhid 5-1:0.0: can't add hid device: -71 [ 2217.597052][T12465] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 2217.633171][T12465] usb 5-1: USB disconnect, device number 107 [ 2217.704166][T29601] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 2217.947102][T29601] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 2217.978997][T29601] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2218.019823][T29601] usb 1-1: config 0 descriptor?? [ 2218.041386][T29601] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 2218.064136][ T5279] usb 2-1: new high-speed USB device number 118 using dummy_hcd [ 2218.167236][T16901] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2218.244316][T12465] usb 5-1: new high-speed USB device number 108 using dummy_hcd [ 2218.261016][ T5279] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2218.362185][ T5279] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2218.416398][ T5279] usb 2-1: too many endpoints for config 1 interface 1 altsetting 255: 255, using maximum allowed: 30 [ 2218.464052][T12465] usb 5-1: Using ep0 maxpacket: 32 [ 2218.470652][ T5279] usb 2-1: config 1 interface 1 altsetting 255 endpoint 0x3 has invalid wMaxPacketSize 0 [ 2218.491730][T12465] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 2218.511281][ T5279] usb 2-1: config 1 interface 1 altsetting 255 bulk endpoint 0x3 has invalid maxpacket 0 [ 2218.572641][ T5279] usb 2-1: config 1 interface 1 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 255 [ 2218.585468][T12465] usb 5-1: New USB device found, idVendor=0c72, idProduct=0011, bcdDevice= 9.75 [ 2218.614306][T12465] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2218.646473][T12465] usb 5-1: Product: syz [ 2218.663852][ T5279] usb 2-1: config 1 interface 1 has no altsetting 1 [ 2218.665134][T12465] usb 5-1: Manufacturer: syz [ 2218.695579][ T5279] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2218.721265][T12465] usb 5-1: SerialNumber: syz [ 2218.739878][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2218.764144][ T5279] usb 2-1: Product: syz [ 2218.769333][ T5279] usb 2-1: Manufacturer: syz [ 2218.778743][T12465] usb 5-1: config 0 descriptor?? [ 2218.821779][ T5279] usb 2-1: SerialNumber: syz [ 2218.877895][ T5279] usb 2-1: selecting invalid altsetting 1 [ 2219.062211][T16891] wg1: entered promiscuous mode [ 2219.091424][T16918] PKCS7: Unknown OID: [4] 2.19.0.2.86.14.43(bad) [ 2219.142917][T16918] PKCS7: Only support pkcs7_signedData type [ 2219.176335][T12465] peak_usb 5-1:0.0 can0: unable to request usb[type=0 value=1] err=-71 [ 2219.232850][T12465] peak_usb 5-1:0.0: unable to read PCAN-USB Pro FD firmware info (err -71) [ 2219.263506][T29601] usb 1-1: USB disconnect, device number 13 [ 2219.302751][ T5279] cdc_ncm 2-1:1.0: failed GET_NTB_PARAMETERS [ 2219.333578][ T5279] cdc_ncm 2-1:1.0: bind() failure [ 2219.390256][ T5279] cdc_ncm 2-1:1.1: CDC Union missing and no IAD found [ 2219.416248][T12465] peak_usb 5-1:0.0: probe with driver peak_usb failed with error -71 [ 2219.424486][ T5279] cdc_ncm 2-1:1.1: bind() failure [ 2219.496451][T12465] usb 5-1: USB disconnect, device number 108 [ 2220.834272][ T691] usb 5-1: new full-speed USB device number 109 using dummy_hcd [ 2221.090132][T16960] syzkaller1: entered promiscuous mode [ 2221.120326][ T691] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2221.215855][ T691] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2221.269450][T16960] syzkaller1: entered allmulticast mode [ 2221.288626][T12465] usb 2-1: USB disconnect, device number 118 [ 2221.296726][ T691] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 2221.473404][ T691] usb 5-1: New USB device found, idVendor=413c, idProduct=81d1, bcdDevice=fb.93 [ 2221.564603][ T691] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2221.627986][ T691] usb 5-1: Product: syz [ 2221.633022][ T691] usb 5-1: Manufacturer: syz [ 2221.674114][ T691] usb 5-1: SerialNumber: syz [ 2221.735256][ T691] usb 5-1: config 0 descriptor?? [ 2222.059133][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 2222.067085][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 2222.175588][T16950] syz.4.7160: attempt to access beyond end of device [ 2222.175588][T16950] md102: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 2223.372297][ T5279] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 2223.704710][ T691] usb 5-1: USB disconnect, device number 109 [ 2223.710570][ T5279] usb 1-1: New USB device found, idVendor=a766, idProduct=7cb5, bcdDevice=55.3a [ 2223.789099][ T5279] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2223.885235][ T5279] usb 1-1: config 0 descriptor?? [ 2223.938789][ T5279] usb-storage 1-1:0.0: USB Mass Storage device detected [ 2224.355127][T17030] netlink: 152 bytes leftover after parsing attributes in process `syz.3.7173'. [ 2224.501140][T17032] PKCS7: Unknown OID: [4] 2.19.0.2.86.14.43(bad) [ 2224.543193][T17032] PKCS7: Only support pkcs7_signedData type [ 2225.868351][ T691] usb 3-1: new high-speed USB device number 110 using dummy_hcd [ 2226.140260][ T690] usb 1-1: USB disconnect, device number 14 [ 2226.157735][ T691] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 64, changing to 10 [ 2226.262583][ T691] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 2226.364246][ T691] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 2226.437917][ T691] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2226.504881][T17036] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 2226.689418][ T691] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 2228.220459][T17094] netlink: 152 bytes leftover after parsing attributes in process `syz.4.7187'. [ 2228.514218][ T691] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 2228.798221][ T691] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 2228.843662][ T691] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 2228.955280][ T691] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 2229.075045][ T691] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x89 has invalid maxpacket 0 [ 2229.154118][ T691] usb 4-1: New USB device found, idVendor=2040, idProduct=4900, bcdDevice=4d.8b [ 2229.224036][ T691] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2229.252071][ T691] usb 4-1: config 0 descriptor?? [ 2229.274135][T29601] usb 2-1: new high-speed USB device number 119 using dummy_hcd [ 2229.497668][ T5279] usb 3-1: USB disconnect, device number 110 [ 2229.505334][ T691] hdpvr 4-1:0.0: firmware version 0x5b dated 7vi0 [ 2229.505334][ T691] pY3LR<<$4 [ 2229.505399][T29601] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 2229.583751][ T691] hdpvr 4-1:0.0: untested firmware, the driver might not work. [ 2229.623038][T29601] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2229.669300][T29601] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 2229.685980][T29601] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2229.745420][T29601] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 2229.765804][T29601] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 2229.784662][T29601] usb 2-1: Product: syz [ 2229.800115][T29601] usb 2-1: Manufacturer: syz [ 2229.829749][T29601] cdc_wdm 2-1:1.0: skipping garbage [ 2229.845614][T29601] cdc_wdm 2-1:1.0: skipping garbage [ 2229.874953][T29601] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 2229.888545][T29601] cdc_wdm 2-1:1.0: Unknown control protocol [ 2230.431931][T17110] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2230.454854][T17110] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2230.487749][T17155] tmpfs: Unknown parameter 'nGK.e [ 2230.487749][T17155]  ٣7]X#' [ 2230.531387][T17163] netlink: 56 bytes leftover after parsing attributes in process `syz.0.7196'. [ 2230.838263][T12465] usb 5-1: new high-speed USB device number 110 using dummy_hcd [ 2230.944434][ T5328] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 2231.037606][ T691] hdpvr 4-1:0.0: device init failed [ 2231.051118][ T691] hdpvr 4-1:0.0: probe with driver hdpvr failed with error -12 [ 2231.094748][T12465] usb 5-1: Using ep0 maxpacket: 8 [ 2231.111560][ T691] usb 4-1: USB disconnect, device number 16 [ 2231.152791][T12465] usb 5-1: config 0 has an invalid descriptor of length 129, skipping remainder of the config [ 2231.165746][ T690] usb 3-1: new high-speed USB device number 111 using dummy_hcd [ 2231.214199][ T5328] usb 1-1: Using ep0 maxpacket: 16 [ 2231.220817][T12465] usb 5-1: too many endpoints for config 0 interface 0 altsetting 1: 34, using maximum allowed: 30 [ 2231.255422][ T5328] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2231.274058][T12465] usb 5-1: config 0 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 34 [ 2231.294673][ T5328] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2231.310102][ T5328] usb 1-1: New USB device found, idVendor=146b, idProduct=0902, bcdDevice= 0.00 [ 2231.328765][T12465] usb 5-1: config 0 interface 0 has no altsetting 0 [ 2231.369280][T12465] usb 5-1: New USB device found, idVendor=093a, idProduct=8003, bcdDevice= 0.00 [ 2231.381062][ T5328] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2231.394049][T12465] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2231.410984][ T5328] usb 1-1: config 0 descriptor?? [ 2231.425752][ T690] usb 3-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a [ 2231.476499][ T690] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2231.512819][T12465] usb 5-1: config 0 descriptor?? [ 2231.583072][ T690] usb 3-1: config 0 descriptor?? [ 2231.623666][ T690] gspca_main: sn9c2028-2.14.0 probing 0c45:8001 [ 2231.894916][ T5328] bigben 0003:146B:0902.008B: unexpected rdesc, please submit for review [ 2231.925671][T17159] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2231.980364][ T5328] bigben 0003:146B:0902.008B: item fetching failed at offset 1/5 [ 2231.990137][ T690] gspca_sn9c2028: read1 error -32 [ 2232.003210][T17159] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2232.039908][ T690] gspca_sn9c2028: read1 error -71 [ 2232.124154][ T5328] bigben 0003:146B:0902.008B: parse failed [ 2232.145114][ T5328] bigben 0003:146B:0902.008B: probe with driver bigben failed with error -22 [ 2232.171705][ T690] gspca_sn9c2028: read1 error -71 [ 2232.197185][ T690] sn9c2028 3-1:0.0: probe with driver sn9c2028 failed with error -71 [ 2232.227848][ C1] wdm_int_callback: 17 callbacks suppressed [ 2232.227870][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 2232.240395][ C1] wdm_int_callback: 17 callbacks suppressed [ 2232.240410][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 2232.250144][ T5328] usb 1-1: USB disconnect, device number 15 [ 2232.255969][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 2232.265283][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 2232.272030][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 2232.278657][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 2232.287552][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 2232.294176][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 2232.302887][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 2232.309513][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 2232.318381][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 2232.325012][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 2232.333736][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 2232.340358][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 2232.349072][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 2232.355702][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 2232.388587][ T690] usb 3-1: USB disconnect, device number 111 [ 2232.399385][T29601] usb 2-1: USB disconnect, device number 119 [ 2233.544084][T12465] usb 5-1: string descriptor 0 read error: -71 [ 2233.598952][T12465] usb 5-1: USB disconnect, device number 110 [ 2236.956148][T17236] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7202'. [ 2237.146071][ C0] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 2237.153980][ C0] vxcan0: j1939_xtp_rx_dat: no rx connection found [ 2237.162069][ C0] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 2237.169695][ C0] vxcan0: j1939_xtp_rx_dat: no rx connection found [ 2237.177522][ C0] vxcan0: j1939_xtp_rx_dat: no tx connection found [ 2237.185400][ C0] vxcan0: j1939_xtp_rx_dat: no rx connection found [ 2237.937608][ T2939] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2238.408526][ T2939] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2238.455083][T29601] usb 2-1: new high-speed USB device number 120 using dummy_hcd [ 2238.522247][T17279] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7207'. [ 2238.656135][ T2939] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2238.717221][T29601] usb 2-1: New USB device found, idVendor=0c45, idProduct=8001, bcdDevice=90.0a [ 2238.737732][T29601] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2238.808845][T29601] usb 2-1: config 0 descriptor?? [ 2238.882105][T29601] gspca_main: sn9c2028-2.14.0 probing 0c45:8001 [ 2239.086182][T29601] gspca_sn9c2028: read1 error -32 [ 2239.129705][ T2939] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2239.144233][T29601] gspca_sn9c2028: read1 error -71 [ 2239.165397][T29601] gspca_sn9c2028: read1 error -71 [ 2239.171510][T29601] sn9c2028 2-1:0.0: probe with driver sn9c2028 failed with error -71 [ 2239.257750][ T4618] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2239.261241][T29601] usb 2-1: USB disconnect, device number 120 [ 2239.276749][ T4618] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2239.289670][ T4618] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2239.307724][ T4618] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2239.325312][ T4618] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 2239.333996][ T4618] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2240.054403][ T2939] bridge_slave_1: left allmulticast mode [ 2240.099321][ T2939] bridge_slave_1: left promiscuous mode [ 2240.164817][ T2939] bridge0: port 2(bridge_slave_1) entered disabled state [ 2240.254638][ T2939] bridge_slave_0: left allmulticast mode [ 2240.274627][ T2939] bridge_slave_0: left promiscuous mode [ 2240.281702][ T2939] bridge0: port 1(bridge_slave_0) entered disabled state [ 2240.504197][T12465] usb 2-1: new high-speed USB device number 121 using dummy_hcd [ 2240.804283][T12465] usb 2-1: Using ep0 maxpacket: 32 [ 2240.840925][T12465] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 2240.920576][T12465] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 2240.970404][T12465] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 2241.068434][T12465] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 2241.119679][T12465] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2241.186158][T12465] usb 2-1: config 0 descriptor?? [ 2241.222568][T17346] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2241.288687][T12465] hub 2-1:0.0: USB hub found [ 2241.414670][T28663] Bluetooth: hci1: command tx timeout [ 2241.536478][T12465] hub 2-1:0.0: config failed, can't read hub descriptor (err -22) [ 2241.799918][T12465] usbhid 2-1:0.0: can't add hid device: -32 [ 2241.828522][T12465] usbhid 2-1:0.0: probe with driver usbhid failed with error -32 [ 2242.124514][ T5328] usb 5-1: new high-speed USB device number 111 using dummy_hcd [ 2242.377380][ T5328] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2242.405753][ T5328] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2242.436992][ T5328] usb 5-1: New USB device found, idVendor=044f, idProduct=b65d, bcdDevice= 0.00 [ 2242.471343][ T5328] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2242.501739][ T5328] usb 5-1: config 0 descriptor?? [ 2242.654607][ T2939] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2242.695730][ T2939] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2242.736970][ T2939] bond0 (unregistering): Released all slaves [ 2242.820543][T17357] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7218'. [ 2242.976392][ T5328] hid-thrustmaster 0003:044F:B65D.008C: unknown main item tag 0x0 [ 2243.028512][ T5328] hid-thrustmaster 0003:044F:B65D.008C: hidraw0: USB HID v0.00 Device [HID 044f:b65d] on usb-dummy_hcd.4-1/input0 [ 2243.066262][ T5328] hid-thrustmaster 0003:044F:B65D.008C: Wrong number of endpoints? [ 2243.375002][ C0] hid-thrustmaster 0003:044F:B65D.008C: URB to get model id failed with error -71 [ 2243.394788][ T9687] usb 5-1: USB disconnect, device number 111 [ 2243.432597][T17389] FAULT_INJECTION: forcing a failure. [ 2243.432597][T17389] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2243.469361][ T8422] usb 2-1: USB disconnect, device number 121 [ 2243.494319][ T4618] Bluetooth: hci1: command tx timeout [ 2243.521601][T17394] netlink: 104 bytes leftover after parsing attributes in process `syz.3.7222'. [ 2243.684837][T17389] CPU: 1 UID: 0 PID: 17389 Comm: syz.2.7221 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 2243.695655][T17389] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2243.705720][T17389] Call Trace: [ 2243.709085][T17389] [ 2243.712032][T17389] dump_stack_lvl+0x241/0x360 [ 2243.716736][T17389] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2243.721956][T17389] ? __pfx__printk+0x10/0x10 [ 2243.726566][T17389] ? __pfx_lock_release+0x10/0x10 [ 2243.731604][T17389] ? __lock_acquire+0x137a/0x2040 [ 2243.736653][T17389] should_fail_ex+0x3b0/0x4e0 [ 2243.741356][T17389] _copy_from_user+0x2f/0xe0 [ 2243.745964][T17389] kstrtouint_from_user+0xc6/0x190 [ 2243.751101][T17389] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 2243.756841][T17389] ? __pfx_lock_acquire+0x10/0x10 [ 2243.761895][T17389] proc_fail_nth_write+0xaa/0x2d0 [ 2243.766935][T17389] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 2243.772845][T17389] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 2243.778503][T17389] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 2243.784151][T17389] vfs_write+0x2a2/0xc90 [ 2243.788414][T17389] ? __pfx_vfs_write+0x10/0x10 [ 2243.793193][T17389] ? __fget_files+0x29/0x470 [ 2243.797801][T17389] ? __fget_files+0x3f6/0x470 [ 2243.802512][T17389] ksys_write+0x1a0/0x2c0 [ 2243.806869][T17389] ? __pfx_ksys_write+0x10/0x10 [ 2243.811732][T17389] ? do_syscall_64+0x100/0x230 [ 2243.816517][T17389] ? do_syscall_64+0xb6/0x230 [ 2243.821214][T17389] do_syscall_64+0xf3/0x230 [ 2243.825739][T17389] ? clear_bhb_loop+0x35/0x90 [ 2243.830430][T17389] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2243.836341][T17389] RIP: 0033:0x7f4fea3764df [ 2243.840769][T17389] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8d 02 00 48 [ 2243.860386][T17389] RSP: 002b:00007f4feb203040 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2243.868814][T17389] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f4fea3764df [ 2243.876799][T17389] RDX: 0000000000000001 RSI: 00007f4feb2030b0 RDI: 0000000000000007 [ 2243.884781][T17389] RBP: 00007f4feb2030a0 R08: 0000000000000000 R09: 0000000000000000 [ 2243.892756][T17389] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 2243.900738][T17389] R13: 000000000000000b R14: 00007f4fea505f80 R15: 00007f4fea62fa38 [ 2243.908739][T17389] [ 2244.221375][T17458] usb usb7: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 2244.507065][T17458] input: syz0 as /devices/virtual/input/input91 [ 2244.617119][ T4618] Bluetooth: hci5: command 0x0406 tx timeout [ 2244.886023][T17508] Cannot find set identified by id 0 to match [ 2244.942798][ T2939] hsr_slave_0: left promiscuous mode [ 2245.065422][ T2939] hsr_slave_1: left promiscuous mode [ 2245.174466][ T2939] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2245.183387][ T2939] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2245.259552][ T2939] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2245.307270][ T2939] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2245.584060][T28663] Bluetooth: hci1: command tx timeout [ 2245.689936][ T2939] veth1_macvtap: left promiscuous mode [ 2245.734141][ T2939] veth0_macvtap: left promiscuous mode [ 2245.741043][ T2939] veth1_vlan: left promiscuous mode [ 2245.798986][ T2939] veth0_vlan: left promiscuous mode [ 2247.659095][T28663] Bluetooth: hci1: command tx timeout [ 2249.004979][ T2939] team0 (unregistering): Port device team_slave_1 removed [ 2249.237317][ T2939] team0 (unregistering): Port device team_slave_0 removed [ 2249.272715][T17554] FAULT_INJECTION: forcing a failure. [ 2249.272715][T17554] name failslab, interval 1, probability 0, space 0, times 0 [ 2249.288368][T17554] CPU: 1 UID: 0 PID: 17554 Comm: syz.1.7236 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 2249.299156][T17554] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2249.309226][T17554] Call Trace: [ 2249.312514][T17554] [ 2249.315457][T17554] dump_stack_lvl+0x241/0x360 [ 2249.320196][T17554] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2249.325419][T17554] ? __pfx__printk+0x10/0x10 [ 2249.330027][T17554] ? fs_reclaim_acquire+0x93/0x140 [ 2249.335154][T17554] ? __pfx___might_resched+0x10/0x10 [ 2249.340456][T17554] should_fail_ex+0x3b0/0x4e0 [ 2249.345163][T17554] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 2249.350900][T17554] should_failslab+0xac/0x100 [ 2249.355603][T17554] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 2249.361343][T17554] __kmalloc_noprof+0xd8/0x400 [ 2249.366118][T17554] ? kfree+0x4e/0x360 [ 2249.370111][T17554] tomoyo_realpath_from_path+0xcf/0x5e0 [ 2249.375681][T17554] tomoyo_path_number_perm+0x23a/0x880 [ 2249.381163][T17554] ? tomoyo_path_number_perm+0x208/0x880 [ 2249.386807][T17554] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 2249.392840][T17554] ? __fget_files+0x29/0x470 [ 2249.397450][T17554] ? __fget_files+0x3f6/0x470 [ 2249.402145][T17554] ? __fget_files+0x29/0x470 [ 2249.406755][T17554] security_file_ioctl+0x75/0xb0 [ 2249.411704][T17554] __se_sys_ioctl+0x47/0x170 [ 2249.416314][T17554] do_syscall_64+0xf3/0x230 [ 2249.420831][T17554] ? clear_bhb_loop+0x35/0x90 [ 2249.425518][T17554] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2249.431427][T17554] RIP: 0033:0x7fccaed779f9 [ 2249.435852][T17554] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2249.455467][T17554] RSP: 002b:00007fccafbb3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2249.463904][T17554] RAX: ffffffffffffffda RBX: 00007fccaef05f80 RCX: 00007fccaed779f9 [ 2249.471883][T17554] RDX: 0000000020000280 RSI: 0000000040605346 RDI: 0000000000000003 [ 2249.479861][T17554] RBP: 00007fccafbb30a0 R08: 0000000000000000 R09: 0000000000000000 [ 2249.487836][T17554] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2249.495814][T17554] R13: 000000000000000b R14: 00007fccaef05f80 R15: 00007fccaf02fa38 [ 2249.503810][T17554] [ 2249.552164][T17554] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2251.184063][ T5322] usb 2-1: new high-speed USB device number 122 using dummy_hcd [ 2251.457267][ T5322] usb 2-1: Using ep0 maxpacket: 16 [ 2251.485831][ T5322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2251.529752][ T5322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2251.557724][ T5322] usb 2-1: New USB device found, idVendor=05ac, idProduct=027d, bcdDevice= 0.00 [ 2251.591425][ T5322] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2251.660717][ T5322] usb 2-1: config 0 descriptor?? [ 2251.680303][T17530] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7230'. [ 2251.786481][T17298] chnl_net:caif_netlink_parms(): no params data found [ 2251.899573][T17561] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2251.950465][T17561] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2251.975551][ T5322] apple 0003:05AC:027D.008D: hidraw0: USB HID v0.00 Device [HID 05ac:027d] on usb-dummy_hcd.1-1/input0 [ 2252.165125][ T9985] usb 2-1: USB disconnect, device number 122 [ 2252.206956][T17618] rdma_op ffff88802d60e1f0 conn xmit_rdma 0000000000000000 [ 2252.817717][T17298] bridge0: port 1(bridge_slave_0) entered blocking state [ 2252.902134][T17298] bridge0: port 1(bridge_slave_0) entered disabled state [ 2252.931297][T17298] bridge_slave_0: entered allmulticast mode [ 2253.036283][T17298] bridge_slave_0: entered promiscuous mode [ 2253.076991][ T8422] usb 3-1: new full-speed USB device number 112 using dummy_hcd [ 2253.085486][T17298] bridge0: port 2(bridge_slave_1) entered blocking state [ 2253.085664][T17298] bridge0: port 2(bridge_slave_1) entered disabled state [ 2253.085941][T17298] bridge_slave_1: entered allmulticast mode [ 2253.096096][T17298] bridge_slave_1: entered promiscuous mode [ 2254.754335][ T5322] usb 5-1: new low-speed USB device number 112 using dummy_hcd [ 2255.957222][T17298] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2256.391220][T17298] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2257.068086][ T8422] usb 3-1: device descriptor read/all, error -71 [ 2257.450341][T17298] team0: Port device team_slave_0 added [ 2257.518013][T17298] team0: Port device team_slave_1 added [ 2257.783072][T17298] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2257.830679][T17298] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2257.994783][T17298] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2258.059201][T17298] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2258.102717][T17298] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2258.174327][ T5279] usb 2-1: new low-speed USB device number 123 using dummy_hcd [ 2258.288083][T17298] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2258.390995][T17774] netlink: 152 bytes leftover after parsing attributes in process `syz.4.7246'. [ 2258.437125][ T5279] usb 2-1: unable to get BOS descriptor set [ 2258.516686][ T5279] usb 2-1: config 1 has an invalid descriptor of length 48, skipping remainder of the config [ 2258.887989][T17298] hsr_slave_0: entered promiscuous mode [ 2258.924925][T17298] hsr_slave_1: entered promiscuous mode [ 2258.984287][T17298] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2259.003623][T17298] Cannot create hsr debugfs directory [ 2259.514176][ T5322] usb 3-1: new high-speed USB device number 114 using dummy_hcd [ 2259.794822][ T5322] usb 3-1: Using ep0 maxpacket: 16 [ 2259.852460][ T5322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2259.888910][ T690] usb 5-1: new high-speed USB device number 113 using dummy_hcd [ 2259.944284][ T5322] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2260.009088][ T5322] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 2260.099911][ T5322] usb 3-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 2260.144439][ T690] usb 5-1: Using ep0 maxpacket: 16 [ 2260.161363][ T5322] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2260.195770][ T690] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2260.262273][ T5322] usb 3-1: config 0 descriptor?? [ 2260.281398][ T690] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2260.356532][ T690] usb 5-1: New USB device found, idVendor=0458, idProduct=0138, bcdDevice= 0.00 [ 2260.434413][ T690] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2260.549832][ T690] usb 5-1: config 0 descriptor?? [ 2260.595295][ T5279] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 2260.661238][ T5279] usb 2-1: New USB device strings: Mfr=1, Product=18, SerialNumber=3 [ 2260.764763][ T5279] usb 2-1: can't set config #1, error -71 [ 2260.826711][ T5279] usb 2-1: USB disconnect, device number 123 [ 2260.879194][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0 [ 2260.947831][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0 [ 2260.989733][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0 [ 2261.084659][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0 [ 2261.093519][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0 [ 2261.094932][T17842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2261.194200][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0 [ 2261.238712][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0 [ 2261.260902][T17842] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2261.284685][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0 [ 2261.354464][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0 [ 2261.392482][ T5322] microsoft 0003:045E:07DA.008E: unknown main item tag 0x0 [ 2261.400408][T17842] mmap: syz.2.7247 (17842): VmData 37462016 exceed data ulimit 2. Update limits or use boot option ignore_rlimit_data. [ 2261.504966][T28663] Bluetooth: hci5: unexpected event for opcode 0x0404 [ 2261.699059][T17944] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7250'. [ 2261.857448][ T5322] input: HID 045e:07da as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:045E:07DA.008E/input/input92 [ 2261.900131][ T5322] microsoft 0003:045E:07DA.008E: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.2-1/input0 [ 2262.054936][ T5322] usb 3-1: USB disconnect, device number 114 [ 2262.364803][ T690] usbhid 5-1:0.0: can't add hid device: -71 [ 2262.371978][ T690] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 2262.468762][T17298] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 2262.542687][ T690] usb 5-1: USB disconnect, device number 113 [ 2262.769523][T17298] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 2262.895230][T17298] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 2263.006315][T17298] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 2263.179131][T17995] netlink: 152 bytes leftover after parsing attributes in process `syz.4.7253'. [ 2263.826651][T17298] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2263.915688][ T4618] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 2263.935713][ T4618] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 2263.947104][ T4618] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 2263.982008][ T4618] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 2264.008692][ T4618] Bluetooth: hci6: unexpected cc 0x0c25 length: 249 > 3 [ 2264.024383][ T4618] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 2264.151669][T18008] FAULT_INJECTION: forcing a failure. [ 2264.151669][T18008] name failslab, interval 1, probability 0, space 0, times 0 [ 2264.178338][T18008] CPU: 1 UID: 0 PID: 18008 Comm: syz.2.7255 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 2264.189152][T18008] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2264.199227][T18008] Call Trace: [ 2264.202527][T18008] [ 2264.205474][T18008] dump_stack_lvl+0x241/0x360 [ 2264.210184][T18008] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2264.215416][T18008] ? __pfx__printk+0x10/0x10 [ 2264.220034][T18008] ? fs_reclaim_acquire+0x93/0x140 [ 2264.225177][T18008] ? __pfx___might_resched+0x10/0x10 [ 2264.230491][T18008] should_fail_ex+0x3b0/0x4e0 [ 2264.235202][T18008] ? tomoyo_encode+0x26f/0x540 [ 2264.239989][T18008] should_failslab+0xac/0x100 [ 2264.244699][T18008] ? tomoyo_encode+0x26f/0x540 [ 2264.249488][T18008] __kmalloc_noprof+0xd8/0x400 [ 2264.254278][T18008] tomoyo_encode+0x26f/0x540 [ 2264.258903][T18008] tomoyo_realpath_from_path+0x59e/0x5e0 [ 2264.264578][T18008] tomoyo_path_number_perm+0x23a/0x880 [ 2264.270067][T18008] ? tomoyo_path_number_perm+0x208/0x880 [ 2264.275728][T18008] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 2264.281772][T18008] ? __fget_files+0x29/0x470 [ 2264.286389][T18008] ? __fget_files+0x3f6/0x470 [ 2264.291087][T18008] ? __fget_files+0x29/0x470 [ 2264.295705][T18008] security_file_ioctl+0x75/0xb0 [ 2264.300665][T18008] __se_sys_ioctl+0x47/0x170 [ 2264.305280][T18008] do_syscall_64+0xf3/0x230 [ 2264.309804][T18008] ? clear_bhb_loop+0x35/0x90 [ 2264.314509][T18008] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2264.320429][T18008] RIP: 0033:0x7f4fea3779f9 [ 2264.324867][T18008] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2264.344493][T18008] RSP: 002b:00007f4feb1e2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2264.352935][T18008] RAX: ffffffffffffffda RBX: 00007f4fea506058 RCX: 00007f4fea3779f9 [ 2264.360924][T18008] RDX: 0000000000000000 RSI: 000000004008af24 RDI: 0000000000000007 [ 2264.368909][T18008] RBP: 00007f4feb1e20a0 R08: 0000000000000000 R09: 0000000000000000 [ 2264.376895][T18008] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2264.384881][T18008] R13: 000000000000006e R14: 00007f4fea506058 R15: 00007f4fea62fa38 [ 2264.392883][T18008] [ 2264.704532][T18008] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2264.956816][T17298] 8021q: adding VLAN 0 to HW filter on device team0 [ 2265.146461][ T5322] bridge0: port 1(bridge_slave_0) entered blocking state [ 2265.154921][ T5322] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2265.414807][T18040] sch_tbf: burst 1 is lower than device lo mtu (65550) ! [ 2265.576339][ T4618] Bluetooth: hci5: Controller not accepting commands anymore: ncmd = 0 [ 2265.589403][ T4618] Bluetooth: hci5: Injecting HCI hardware error event [ 2265.602950][T28663] Bluetooth: hci5: hardware error 0x00 [ 2265.840701][T12465] bridge0: port 2(bridge_slave_1) entered blocking state [ 2265.849202][T12465] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2266.145046][ T4618] Bluetooth: hci6: command tx timeout [ 2267.113614][T17298] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2267.314098][T18017] chnl_net:caif_netlink_parms(): no params data found [ 2267.477289][ T5279] usb 5-1: new high-speed USB device number 114 using dummy_hcd [ 2267.714352][ T5279] usb 5-1: Using ep0 maxpacket: 16 [ 2267.734976][T28663] Bluetooth: hci5: Opcode 0x0c03 failed: -110 [ 2267.763492][ T5279] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2267.788330][ T5279] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2267.825828][ T5279] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 2267.842973][ T5279] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 2267.854252][ T5279] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2267.891162][ T5279] usb 5-1: config 0 descriptor?? [ 2268.110515][T17298] veth0_vlan: entered promiscuous mode [ 2268.214207][T28663] Bluetooth: hci6: command tx timeout [ 2268.365841][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0 [ 2268.403587][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0 [ 2268.412685][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0 [ 2268.457640][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0 [ 2268.500102][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0 [ 2268.561406][T18147] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2268.577894][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0 [ 2268.634688][T18147] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2268.664554][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0 [ 2268.672941][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0 [ 2268.685848][T18017] bridge0: port 1(bridge_slave_0) entered blocking state [ 2268.734469][T18017] bridge0: port 1(bridge_slave_0) entered disabled state [ 2268.763507][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0 [ 2268.778782][T18017] bridge_slave_0: entered allmulticast mode [ 2268.828133][ T5279] microsoft 0003:045E:07DA.008F: unknown main item tag 0x0 [ 2268.844367][T18017] bridge_slave_0: entered promiscuous mode [ 2268.908272][T17298] veth1_vlan: entered promiscuous mode [ 2268.964359][ T5279] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.008F/input/input93 [ 2268.998175][T18017] bridge0: port 2(bridge_slave_1) entered blocking state [ 2269.055545][ T5279] microsoft 0003:045E:07DA.008F: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 2269.074206][T18017] bridge0: port 2(bridge_slave_1) entered disabled state [ 2269.125334][T18017] bridge_slave_1: entered allmulticast mode [ 2269.205036][T18017] bridge_slave_1: entered promiscuous mode [ 2269.223744][ T5279] usb 5-1: USB disconnect, device number 114 [ 2269.883270][T18017] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2269.984121][T18017] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2270.282388][T18281] netlink: 36 bytes leftover after parsing attributes in process `syz.4.7261'. [ 2270.305149][T28663] Bluetooth: hci6: command tx timeout [ 2270.665835][T18017] team0: Port device team_slave_0 added [ 2270.806813][T18017] team0: Port device team_slave_1 added [ 2270.909369][ T690] IPVS: starting estimator thread 0... [ 2271.065846][T18308] IPVS: using max 19 ests per chain, 45600 per kthread [ 2271.148429][T18017] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2271.203939][T18017] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2271.363973][T18017] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2271.482260][T17298] veth0_macvtap: entered promiscuous mode [ 2271.559056][T17298] veth1_macvtap: entered promiscuous mode [ 2271.658200][T18339] netlink: 152 bytes leftover after parsing attributes in process `syz.4.7264'. [ 2271.697826][T18017] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2271.737078][T18017] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2271.856644][T18017] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2271.904057][T18343] netlink: 'syz.2.7263': attribute type 21 has an invalid length. [ 2271.992009][T18343] netlink: 132 bytes leftover after parsing attributes in process `syz.2.7263'. [ 2272.283511][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2272.384464][T28663] Bluetooth: hci6: command tx timeout [ 2272.386588][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2272.540346][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2272.619844][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2272.742382][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2272.824116][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2272.944690][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2272.998910][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2273.049896][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2273.109064][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2273.157694][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2273.234319][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2273.258107][ T9687] usb 5-1: new full-speed USB device number 115 using dummy_hcd [ 2273.274092][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2273.364714][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2273.410528][T17298] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2273.639242][ T9687] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2273.683422][T18366] netlink: 104 bytes leftover after parsing attributes in process `syz.1.7269'. [ 2273.734095][ T9687] usb 5-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2273.833974][ T9687] usb 5-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 4 [ 2273.991455][ T9687] usb 5-1: New USB device found, idVendor=413c, idProduct=81d1, bcdDevice=fb.93 [ 2274.013540][T18017] hsr_slave_0: entered promiscuous mode [ 2274.055280][ T9687] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2274.067345][T18017] hsr_slave_1: entered promiscuous mode [ 2274.129193][ T9687] usb 5-1: Product: syz [ 2274.144974][T18017] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 2274.174613][ T9687] usb 5-1: Manufacturer: syz [ 2274.180195][ T9687] usb 5-1: SerialNumber: syz [ 2274.227365][T18017] Cannot create hsr debugfs directory [ 2274.305811][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2274.340106][ T9687] usb 5-1: config 0 descriptor?? [ 2274.415359][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2274.487148][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2274.556340][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2274.634046][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2274.694594][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2274.745198][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2274.784097][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2274.839107][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2274.901800][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2274.941147][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2275.013381][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2275.077792][T17298] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2275.141156][T17298] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2275.208475][T17298] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2275.291787][T17298] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2275.314353][T18355] syz.4.7267: attempt to access beyond end of device [ 2275.314353][T18355] md102: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 2275.373472][T17298] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2275.434105][T17298] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2275.501113][T17298] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2276.695133][T21044] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2276.760581][T29601] usb 5-1: USB disconnect, device number 115 [ 2276.764443][T21044] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2277.432828][T18017] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2277.592386][ T2462] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2277.634493][ T2462] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2278.006549][T18017] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2278.610642][T18017] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2279.008361][T18017] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2279.562942][T18526] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(13) [ 2279.569609][T18526] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 2279.583702][T18526] vhci_hcd vhci_hcd.0: Device attached [ 2279.724765][T18538] trusted_key: encrypted_key: insufficient parameters specified [ 2279.872170][T18532] vhci_hcd: connection closed [ 2279.876040][ T2462] vhci_hcd: stop threads [ 2279.927399][ T2462] vhci_hcd: release socket [ 2279.927558][ T2462] vhci_hcd: disconnect device [ 2279.971728][T29601] usb 10-1: enqueue for inactive port 0 [ 2280.096118][T18017] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2280.129724][T18017] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2280.150613][T18017] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2280.168603][T18017] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2280.493977][T29601] usb usb10-port1: attempt power cycle [ 2280.525201][ T690] usb 2-1: new high-speed USB device number 124 using dummy_hcd [ 2280.737100][ T690] usb 2-1: config 0 has more interface descriptors, than it declares in bNumInterfaces, ignoring interface number: 1 [ 2280.791104][T18017] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2280.803690][ T690] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2280.874139][ T690] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 2280.918418][T18017] 8021q: adding VLAN 0 to HW filter on device team0 [ 2280.937499][T18557] FAULT_INJECTION: forcing a failure. [ 2280.937499][T18557] name failslab, interval 1, probability 0, space 0, times 0 [ 2280.958121][ T690] usb 2-1: New USB device found, idVendor=1908, idProduct=1315, bcdDevice= 0.00 [ 2280.971141][T18566] FAULT_INJECTION: forcing a failure. [ 2280.971141][T18566] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2280.974959][ T690] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2280.995288][T18557] CPU: 1 UID: 0 PID: 18557 Comm: syz.2.7279 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 2280.995360][T18557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2280.995374][T18557] Call Trace: [ 2280.995383][T18557] [ 2280.995393][T18557] dump_stack_lvl+0x241/0x360 [ 2280.995427][T18557] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2280.995452][T18557] ? __pfx__printk+0x10/0x10 [ 2280.995489][T18557] should_fail_ex+0x3b0/0x4e0 [ 2280.995520][T18557] ? __kvm_mmu_topup_memory_cache+0x1e3/0x6b0 [ 2280.995542][T18557] should_failslab+0xac/0x100 [ 2280.995569][T18557] ? __kvm_mmu_topup_memory_cache+0x1e3/0x6b0 [ 2280.995588][T18557] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 2280.995615][T18557] __kvm_mmu_topup_memory_cache+0x1e3/0x6b0 [ 2280.995650][T18557] kvm_mmu_load+0x115/0x26e0 [ 2280.995679][T18557] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2280.995704][T18557] ? __mutex_unlock_slowpath+0x21d/0x750 [ 2280.995736][T18557] ? irqentry_exit+0x63/0x90 [ 2280.995758][T18557] ? lockdep_hardirqs_on+0x99/0x150 [ 2280.995784][T18557] ? __pfx_kvm_mmu_load+0x10/0x10 [ 2280.995821][T18557] ? vmx_flush_tlb_all+0xba/0x3c0 [ 2280.995846][T18557] ? vmx_flush_tlb_guest+0x1e5/0x310 [ 2280.995868][T18557] ? __pfx_vmx_flush_tlb_guest+0x10/0x10 [ 2280.995893][T18557] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2280.995921][T18557] ? kvm_apic_has_interrupt+0x9d4/0xa70 [ 2280.995947][T18557] ? vmx_get_nmi_mask+0xdf/0x1a0 [ 2280.995981][T18557] vcpu_run+0x6c3d/0x88b0 [ 2280.996010][T18557] ? __lock_acquire+0x137a/0x2040 [ 2280.996124][T18557] ? __pfx_vcpu_run+0x10/0x10 [ 2280.996161][T18557] ? __pfx_lock_acquire+0x10/0x10 [ 2280.996196][T18557] ? trace_kvm_fpu+0x73/0x210 [ 2280.996220][T18557] ? trace_kvm_fpu+0x4d/0x210 [ 2280.996247][T18557] ? rcu_is_watching+0x15/0xb0 [ 2280.996277][T18557] kvm_arch_vcpu_ioctl_run+0xa73/0x19d0 [ 2280.996303][T18557] ? mark_lock+0x9a/0x350 [ 2280.996337][T18557] ? kvm_arch_vcpu_ioctl_run+0x1c9/0x19d0 [ 2280.996362][T18557] ? __pfx_kvm_arch_vcpu_ioctl_run+0x10/0x10 [ 2280.996410][T18557] ? __pfx_lock_acquire+0x10/0x10 [ 2280.996435][T18557] ? get_task_pid+0x23/0x310 [ 2280.996455][T18557] ? __pfx_lock_release+0x10/0x10 [ 2280.996480][T18557] ? kvm_vcpu_ioctl+0x1dd/0xea0 [ 2280.996515][T18557] ? get_task_pid+0x23/0x310 [ 2280.996538][T18557] kvm_vcpu_ioctl+0x91d/0xea0 [ 2280.996568][T18557] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 2280.996613][T18557] ? __fget_files+0x29/0x470 [ 2280.996640][T18557] ? __fget_files+0x3f6/0x470 [ 2280.996663][T18557] ? __fget_files+0x29/0x470 [ 2280.996693][T18557] ? bpf_lsm_file_ioctl+0x9/0x10 [ 2280.996718][T18557] ? security_file_ioctl+0x87/0xb0 [ 2280.996736][T18557] ? __pfx_kvm_vcpu_ioctl+0x10/0x10 [ 2280.996761][T18557] __se_sys_ioctl+0xfc/0x170 [ 2280.996787][T18557] do_syscall_64+0xf3/0x230 [ 2280.996812][T18557] ? clear_bhb_loop+0x35/0x90 [ 2280.996835][T18557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2280.996863][T18557] RIP: 0033:0x7f4fea3779f9 [ 2280.996882][T18557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2280.996900][T18557] RSP: 002b:00007f4feb1e2048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2280.996924][T18557] RAX: ffffffffffffffda RBX: 00007f4fea506058 RCX: 00007f4fea3779f9 [ 2280.996939][T18557] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000007 [ 2280.996952][T18557] RBP: 00007f4feb1e20a0 R08: 0000000000000000 R09: 0000000000000000 [ 2280.996964][T18557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2280.996977][T18557] R13: 000000000000006e R14: 00007f4fea506058 R15: 00007f4fea62fa38 [ 2280.997012][T18557] [ 2281.060039][ T9687] bridge0: port 1(bridge_slave_0) entered blocking state [ 2281.060210][ T9687] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2281.114531][ T9687] bridge0: port 2(bridge_slave_1) entered blocking state [ 2281.124670][T18566] CPU: 0 UID: 0 PID: 18566 Comm: syz.4.7281 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 2281.126193][ T9687] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2281.130269][T18566] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2281.130283][T18566] Call Trace: [ 2281.130293][T18566] [ 2281.130303][T18566] dump_stack_lvl+0x241/0x360 [ 2281.130338][T18566] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2281.130364][T18566] ? __pfx__printk+0x10/0x10 [ 2281.130391][T18566] ? __pfx_lock_release+0x10/0x10 [ 2281.130424][T18566] should_fail_ex+0x3b0/0x4e0 [ 2281.130457][T18566] _copy_from_user+0x2f/0xe0 [ 2281.130482][T18566] copy_msghdr_from_user+0xae/0x680 [ 2281.130514][T18566] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 2281.130555][T18566] __sys_sendmsg+0x23d/0x3a0 [ 2281.130580][T18566] ? __pfx___sys_sendmsg+0x10/0x10 [ 2281.130628][T18566] ? irqtime_account_irq+0x18e/0x1e0 [ 2281.130665][T18566] ? __irq_exit_rcu+0xf4/0x1c0 [ 2281.130703][T18566] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2281.130735][T18566] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2281.130759][T18566] ? __irq_exit_rcu+0x100/0x1c0 [ 2281.130785][T18566] ? do_syscall_64+0xb6/0x230 [ 2281.130813][T18566] do_syscall_64+0xf3/0x230 [ 2281.130838][T18566] ? clear_bhb_loop+0x35/0x90 [ 2281.130862][T18566] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2281.130889][T18566] RIP: 0033:0x7fd3a7d779f9 [ 2281.130907][T18566] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2281.130924][T18566] RSP: 002b:00007fd3a8abd048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2281.130947][T18566] RAX: ffffffffffffffda RBX: 00007fd3a7f05f80 RCX: 00007fd3a7d779f9 [ 2281.130963][T18566] RDX: 0000000000000000 RSI: 0000000020000680 RDI: 0000000000000004 [ 2281.130976][T18566] RBP: 00007fd3a8abd0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2281.130989][T18566] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2281.131002][T18566] R13: 000000000000000b R14: 00007fd3a7f05f80 R15: 00007fd3a802fa38 [ 2281.131032][T18566] [ 2281.181014][ T690] usb 2-1: Product: syz [ 2281.235839][T29601] usb usb10-port1: unable to enumerate USB device [ 2281.245029][ T5322] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 2281.753847][T18017] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2281.774151][ T690] usb 2-1: Manufacturer: syz [ 2281.779731][ T690] usb 2-1: SerialNumber: syz [ 2281.830355][T18017] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2281.876533][ T690] usb 2-1: config 0 descriptor?? [ 2281.955168][T18017] veth0_vlan: entered promiscuous mode [ 2281.975463][T18017] veth1_vlan: entered promiscuous mode [ 2282.046180][ T690] usb-storage 2-1:0.0: USB Mass Storage device detected [ 2282.057617][T18017] veth0_macvtap: entered promiscuous mode [ 2282.077557][T18017] veth1_macvtap: entered promiscuous mode [ 2282.109617][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2282.136274][ T690] usb-storage 2-1:0.0: Quirks match for vid 1908 pid 1315: 20000 [ 2282.204430][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.226961][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2282.338145][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.338198][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2282.338217][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.338259][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2282.338274][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.338317][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2282.338332][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.338347][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2282.338388][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.338406][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2282.338446][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.338463][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 2282.338477][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.393554][T18017] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2282.443608][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2282.443635][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.443673][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2282.443687][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.443699][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2282.443737][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.443749][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2282.443762][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.443801][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2282.443815][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.443827][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2282.448728][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.448747][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2282.448790][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.448804][T18017] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 2282.448845][T18017] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 2282.451864][T18017] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2282.532147][T18017] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2282.532216][T18017] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2282.532273][T18017] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2282.532301][T18017] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2283.169560][ T4651] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2283.664076][ T5322] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2283.664154][ T5322] usb 1-1: New USB device found, idVendor=0458, idProduct=501a, bcdDevice= 0.00 [ 2283.664208][ T5322] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2283.668269][ T5322] usb 1-1: config 0 descriptor?? [ 2283.669210][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 2283.669334][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 2283.777728][ T4651] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2283.890846][T19256] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2283.890900][T19256] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2284.040748][ T5322] usb 1-1: USB disconnect, device number 16 [ 2284.860468][T29601] usb 2-1: USB disconnect, device number 124 [ 2285.745147][ T29] audit: type=1326 audit(1722659520.937:2330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18615 comm="syz.3.7287" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f371f1779f9 code=0x0 [ 2285.754382][T18619] netlink: 152 bytes leftover after parsing attributes in process `syz.1.7288'. [ 2286.504197][ T691] usb 5-1: new high-speed USB device number 116 using dummy_hcd [ 2286.667758][T18633] sch_tbf: burst 1 is lower than device lo mtu (65550) ! [ 2286.764024][ T691] usb 5-1: Using ep0 maxpacket: 16 [ 2286.793363][ T691] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2286.845522][ T691] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2286.896528][ T691] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 2286.936650][ T691] usb 5-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 2286.957800][ T691] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2286.983995][ T5328] usb 2-1: new high-speed USB device number 125 using dummy_hcd [ 2287.012882][ T691] usb 5-1: config 0 descriptor?? [ 2287.190180][ T5328] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 2287.228399][ T5328] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2287.315940][ T5328] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 2287.385334][ T5328] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2287.466574][ T5328] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 2287.494906][ T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0 [ 2287.503683][ T5328] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 2287.504854][ T5328] usb 2-1: Product: syz [ 2287.504873][ T5328] usb 2-1: Manufacturer: syz [ 2287.564858][ T5328] cdc_wdm 2-1:1.0: skipping garbage [ 2287.564912][ T5328] cdc_wdm 2-1:1.0: skipping garbage [ 2287.570694][ T5328] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 2287.625331][ T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0 [ 2287.659080][ T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0 [ 2287.674531][ T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0 [ 2287.685803][ T5328] cdc_wdm 2-1:1.0: Unknown control protocol [ 2287.695122][T18623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2287.713789][ T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0 [ 2287.725254][T18623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2287.798168][ T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0 [ 2287.865800][ T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0 [ 2287.885691][T18629] FAULT_INJECTION: forcing a failure. [ 2287.885691][T18629] name failslab, interval 1, probability 0, space 0, times 0 [ 2287.912135][ T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0 [ 2287.989124][ T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0 [ 2287.994460][T18629] CPU: 1 UID: 0 PID: 18629 Comm: syz.1.7291 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 2288.007156][T18629] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2288.017224][T18629] Call Trace: [ 2288.020511][T18629] [ 2288.023447][T18629] dump_stack_lvl+0x241/0x360 [ 2288.028143][T18629] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2288.033357][T18629] ? __pfx__printk+0x10/0x10 [ 2288.037964][T18629] ? fs_reclaim_acquire+0x93/0x140 [ 2288.043090][T18629] ? __pfx___might_resched+0x10/0x10 [ 2288.048396][T18629] ? dynamic_dname+0x141/0x1b0 [ 2288.053199][T18629] should_fail_ex+0x3b0/0x4e0 [ 2288.057914][T18629] ? tomoyo_encode+0x26f/0x540 [ 2288.062702][T18629] should_failslab+0xac/0x100 [ 2288.067405][T18629] ? tomoyo_encode+0x26f/0x540 [ 2288.072192][T18629] __kmalloc_noprof+0xd8/0x400 [ 2288.076993][T18629] tomoyo_encode+0x26f/0x540 [ 2288.081605][T18629] ? __pfx_anon_inodefs_dname+0x10/0x10 [ 2288.087166][T18629] tomoyo_realpath_from_path+0x59e/0x5e0 [ 2288.092824][T18629] tomoyo_path_number_perm+0x23a/0x880 [ 2288.098314][T18629] ? tomoyo_path_number_perm+0x208/0x880 [ 2288.103977][T18629] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 2288.110040][T18629] ? __fget_files+0x29/0x470 [ 2288.114649][T18629] ? __fget_files+0x3f6/0x470 [ 2288.119339][T18629] ? __fget_files+0x29/0x470 [ 2288.123947][T18629] security_file_ioctl+0x75/0xb0 [ 2288.128902][T18629] __se_sys_ioctl+0x47/0x170 [ 2288.133513][T18629] do_syscall_64+0xf3/0x230 [ 2288.138038][T18629] ? clear_bhb_loop+0x35/0x90 [ 2288.142727][T18629] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2288.148641][T18629] RIP: 0033:0x7fccaed779f9 [ 2288.153068][T18629] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2288.172687][T18629] RSP: 002b:00007fccafbb3048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2288.181117][T18629] RAX: ffffffffffffffda RBX: 00007fccaef05f80 RCX: 00007fccaed779f9 [ 2288.189094][T18629] RDX: 0000000020000000 RSI: 00000000c008ae67 RDI: 0000000000000006 [ 2288.197075][T18629] RBP: 00007fccafbb30a0 R08: 0000000000000000 R09: 0000000000000000 [ 2288.205052][T18629] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2288.213028][T18629] R13: 000000000000000b R14: 00007fccaef05f80 R15: 00007fccaf02fa38 [ 2288.221029][T18629] [ 2288.278896][ T691] microsoft 0003:045E:07DA.0090: unknown main item tag 0x0 [ 2288.343974][T18629] ERROR: Out of memory at tomoyo_realpath_from_path. [ 2288.428915][ T691] input: HID 045e:07da as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:045E:07DA.0090/input/input95 [ 2288.585598][ T691] microsoft 0003:045E:07DA.0090: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.4-1/input0 [ 2288.733283][ T691] usb 5-1: USB disconnect, device number 116 [ 2288.953777][ T5322] usb 2-1: USB disconnect, device number 125 [ 2289.154036][T18685] netlink: 36 bytes leftover after parsing attributes in process `syz.3.7294'. [ 2289.852002][T18697] netlink: 209852 bytes leftover after parsing attributes in process `syz.4.7296'. [ 2290.294181][ T8422] usb 3-1: new high-speed USB device number 115 using dummy_hcd [ 2290.554043][ T8422] usb 3-1: Using ep0 maxpacket: 32 [ 2290.586982][ T8422] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2290.694791][ T8422] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2290.789358][ T8422] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 2290.851091][ T8422] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2290.906037][ T8422] usb 3-1: config 0 descriptor?? [ 2291.004526][ T8422] hub 3-1:0.0: USB hub found [ 2291.348045][ T8422] hub 3-1:0.0: 1 port detected [ 2291.584156][ T5322] usb 2-1: new high-speed USB device number 126 using dummy_hcd [ 2291.794486][ T5322] usb 2-1: Using ep0 maxpacket: 16 [ 2291.824287][ T5322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2291.866749][ T5322] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2291.895740][ T29] audit: type=1326 audit(1722659527.107:2331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18724 comm="syz.0.7302" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f33123779f9 code=0x0 [ 2291.934411][ T5322] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 2291.958432][ T5322] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 2291.969764][ T5322] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2291.986421][ T5322] usb 2-1: config 0 descriptor?? [ 2292.066388][T18722] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7301'. [ 2292.091175][ T8422] hub 3-1:0.0: activate --> -90 [ 2292.439951][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0 [ 2292.479398][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0 [ 2292.504099][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0 [ 2292.534127][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0 [ 2292.551047][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0 [ 2292.580194][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0 [ 2292.610730][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0 [ 2292.633983][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0 [ 2292.645060][T18714] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2292.694483][T18714] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2292.703700][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0 [ 2292.724222][ T5322] microsoft 0003:045E:07DA.0091: unknown main item tag 0x0 [ 2292.828559][ T5322] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0091/input/input96 [ 2292.909570][ T5322] microsoft 0003:045E:07DA.0091: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 2292.997089][ T5322] usb 2-1: USB disconnect, device number 126 [ 2293.484147][ T5322] usb 3-1: USB disconnect, device number 115 [ 2294.617508][T18780] FAULT_INJECTION: forcing a failure. [ 2294.617508][T18780] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2294.744028][T18780] CPU: 1 UID: 0 PID: 18780 Comm: syz.3.7307 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 2294.754929][T18780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2294.765001][T18780] Call Trace: [ 2294.768297][T18780] [ 2294.771245][T18780] dump_stack_lvl+0x241/0x360 [ 2294.775960][T18780] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2294.781182][T18780] ? __pfx__printk+0x10/0x10 [ 2294.785793][T18780] ? __pfx_lock_release+0x10/0x10 [ 2294.790844][T18780] should_fail_ex+0x3b0/0x4e0 [ 2294.795550][T18780] _copy_from_user+0x2f/0xe0 [ 2294.800164][T18780] core_sys_select+0x639/0x910 [ 2294.804957][T18780] ? __pfx_core_sys_select+0x10/0x10 [ 2294.810272][T18780] ? lockdep_hardirqs_on+0x99/0x150 [ 2294.815518][T18780] ? __pfx_set_user_sigmask+0x10/0x10 [ 2294.820916][T18780] ? __fget_files+0x3f6/0x470 [ 2294.825622][T18780] __se_sys_pselect6+0x319/0x3f0 [ 2294.830587][T18780] ? __pfx___se_sys_pselect6+0x10/0x10 [ 2294.836063][T18780] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2294.842410][T18780] ? do_syscall_64+0x100/0x230 [ 2294.847198][T18780] ? __x64_sys_pselect6+0x21/0xf0 [ 2294.852257][T18780] do_syscall_64+0xf3/0x230 [ 2294.856770][T18780] ? clear_bhb_loop+0x35/0x90 [ 2294.861443][T18780] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2294.867340][T18780] RIP: 0033:0x7f371f1779f9 [ 2294.871748][T18780] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2294.891350][T18780] RSP: 002b:00007f371ebff048 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 2294.899764][T18780] RAX: ffffffffffffffda RBX: 00007f371f305f80 RCX: 00007f371f1779f9 [ 2294.907729][T18780] RDX: 0000000000000000 RSI: 00000000200001c0 RDI: 0000000000000040 [ 2294.915694][T18780] RBP: 00007f371ebff0a0 R08: 0000000020000300 R09: 0000000000000000 [ 2294.923669][T18780] R10: 00000000200002c0 R11: 0000000000000246 R12: 0000000000000001 [ 2294.931633][T18780] R13: 000000000000000b R14: 00007f371f305f80 R15: 00007f371f42fa38 [ 2294.939633][T18780] [ 2295.581343][T18795] netlink: 36 bytes leftover after parsing attributes in process `syz.4.7311'. [ 2295.758688][ T29] audit: type=1326 audit(1722659530.967:2332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2295.894149][T28663] Bluetooth: hci3: command 0x0406 tx timeout [ 2295.974632][T28663] Bluetooth: hci6: Controller not accepting commands anymore: ncmd = 0 [ 2295.985559][T28663] Bluetooth: hci6: Injecting HCI hardware error event [ 2295.997580][T28663] Bluetooth: hci6: hardware error 0x00 [ 2296.405145][ T29] audit: type=1326 audit(1722659531.617:2333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=291 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2296.513095][ T29] audit: type=1326 audit(1722659531.617:2334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2296.612320][ T29] audit: type=1326 audit(1722659531.617:2335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2386.723592][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 2386.731469][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 2386.766426][ T29] audit: type=1326 audit(1722659531.617:2336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2386.844038][T28663] Bluetooth: hci6: Opcode 0x0c03 failed: -110 [ 2386.941331][ T29] audit: type=1326 audit(1722659531.617:2337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2387.114041][ T29] audit: type=1326 audit(1722659531.617:2338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2387.243966][ T29] audit: type=1326 audit(1722659531.617:2339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2387.374000][ T29] audit: type=1326 audit(1722659531.617:2340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2387.513978][ T29] audit: type=1326 audit(1722659531.617:2341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2387.643956][ T29] audit: type=1326 audit(1722659531.617:2342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2387.844330][ T29] audit: type=1326 audit(1722659531.617:2343): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2388.064010][ T29] audit: type=1326 audit(1722659531.617:2344): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2388.233984][ T29] audit: type=1326 audit(1722659531.617:2345): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18788 comm="syz.2.7310" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4fea3779f9 code=0x7fc00000 [ 2393.765125][ T4618] Bluetooth: hci1: command 0x0406 tx timeout [ 2413.974945][ T1268] ieee802154 phy0 wpan0: encryption failed: -22 [ 2413.982654][ T1268] ieee802154 phy1 wpan1: encryption failed: -22 [ 2414.303996][ T690] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 2430.116070][ T19] rcu: INFO: rcu_preempt detected expedited stalls on CPUs/tasks: { 1-...D } 3845 jiffies s: 296409 root: 0x2/. [ 2430.153906][ T19] rcu: blocking rcu_node structures (internal RCU debug): [ 2430.162482][ T19] Sending NMI from CPU 0 to CPUs 1: [ 2430.168801][ C1] NMI backtrace for cpu 1 [ 2430.168817][ C1] CPU: 1 UID: 0 PID: 17593 Comm: syz.3.7239 Not tainted 6.11.0-rc1-syzkaller-00233-g948752d2e010 #0 [ 2430.168839][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2430.168850][ C1] RIP: 0010:lock_release+0xb8/0xa30 [ 2430.168877][ C1] Code: 08 0f 83 fe 05 00 00 89 c3 48 89 d8 48 c1 e8 06 48 8d 3c c5 a8 ac 17 90 be 08 00 00 00 e8 30 d0 8a 00 48 0f a3 1d 80 da a7 0e <73> 16 e8 a1 ce 09 00 84 c0 75 0d 80 3d 6a a9 91 0e 00 0f 84 fc 05 [ 2430.168892][ C1] RSP: 0018:ffffc90000a18a60 EFLAGS: 00000057 [ 2430.168908][ C1] RAX: 0000000000000001 RBX: 0000000000000001 RCX: ffffffff816fd220 [ 2430.168920][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff9017aca8 [ 2430.168931][ C1] RBP: ffffc90000a18b90 R08: ffffffff9017acaf R09: 1ffffffff202f595 [ 2430.168943][ C1] R10: dffffc0000000000 R11: fffffbfff202f596 R12: 1ffff92000143158 [ 2430.168956][ C1] R13: ffffffff84b7e8f5 R14: ffffc90000a18bc0 R15: dffffc0000000000 [ 2430.168969][ C1] FS: 00007fb7e7db16c0(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 2430.168985][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2430.168997][ C1] CR2: 000000110c28bf90 CR3: 000000006ee2e000 CR4: 00000000003506f0 [ 2430.169012][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2430.169022][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2430.169034][ C1] Call Trace: [ 2430.169043][ C1] [ 2430.169051][ C1] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 2430.169069][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 2430.169091][ C1] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 2430.169108][ C1] ? nmi_handle+0x2a/0x5a0 [ 2430.169133][ C1] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 2430.169151][ C1] ? nmi_handle+0x14f/0x5a0 [ 2430.169168][ C1] ? nmi_handle+0x2a/0x5a0 [ 2430.169185][ C1] ? lock_release+0xb8/0xa30 [ 2430.169204][ C1] ? default_do_nmi+0x63/0x160 [ 2430.169221][ C1] ? exc_nmi+0x123/0x1f0 [ 2430.169238][ C1] ? end_repeat_nmi+0xf/0x53 [ 2430.169255][ C1] ? debug_object_deactivate+0x2d5/0x390 [ 2430.169279][ C1] ? lock_release+0xb0/0xa30 [ 2430.169301][ C1] ? lock_release+0xb8/0xa30 [ 2430.169320][ C1] ? lock_release+0xb8/0xa30 [ 2430.169341][ C1] ? lock_release+0xb8/0xa30 [ 2430.169361][ C1] [ 2430.169367][ C1] [ 2430.169377][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 2430.169395][ C1] ? __pfx_lock_release+0x10/0x10 [ 2430.169416][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 2430.169437][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 2430.169459][ C1] _raw_spin_unlock_irqrestore+0x79/0x140 [ 2430.169478][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 2430.169505][ C1] debug_object_deactivate+0x2d5/0x390 [ 2430.169528][ C1] ? __pfx_debug_object_deactivate+0x10/0x10 [ 2430.169553][ C1] ? timerqueue_add+0x260/0x290 [ 2430.169580][ C1] debug_deactivate+0x1b/0x220 [ 2430.169598][ C1] __hrtimer_run_queues+0x305/0xd50 [ 2430.169622][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 2430.169651][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 2430.169673][ C1] hrtimer_interrupt+0x396/0x990 [ 2430.169704][ C1] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 2430.169728][ C1] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 2430.169748][ C1] [ 2430.169754][ C1] [ 2430.169761][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 2430.169778][ C1] RIP: 0010:__mutex_unlock_slowpath+0xf6/0x750 [ 2430.169800][ C1] Code: 00 00 48 89 9c 24 88 00 00 00 49 8d 7e 68 4c 89 fe e8 ce 65 b1 f5 4c 89 f7 be 08 00 00 00 e8 a1 36 3c f6 4c 89 f0 48 c1 e8 03 <48> 89 44 24 28 42 80 3c 28 00 74 08 4c 89 f7 e8 16 34 3c f6 49 8b [ 2430.169813][ C1] RSP: 0018:ffffc9000d47fb40 EFLAGS: 00000a02 [ 2430.169828][ C1] RAX: 1ffff1100d3f5408 RBX: ffffc9000d47fbc0 RCX: ffffffff8bbe6baf [ 2430.169840][ C1] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffff888069faa040 [ 2430.169852][ C1] RBP: ffffc9000d47fc50 R08: ffff888069faa047 R09: 1ffff1100d3f5408 [ 2430.169864][ C1] R10: dffffc0000000000 R11: ffffed100d3f5409 R12: ffffc9000d47fbe0 [ 2430.169876][ C1] R13: dffffc0000000000 R14: ffff888069faa040 R15: ffffffff84a66eae [ 2430.169890][ C1] ? __se_sys_io_uring_enter+0x1c3e/0x2670 [ 2430.169912][ C1] ? __mutex_unlock_slowpath+0xef/0x750 [ 2430.169936][ C1] ? __io_cqring_overflow_flush+0x590/0x690 [ 2430.169956][ C1] ? __se_sys_io_uring_enter+0x1c2a/0x2670 [ 2430.169975][ C1] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 2430.169997][ C1] ? __pfx___io_cqring_overflow_flush+0x10/0x10 [ 2430.170019][ C1] ? prepare_to_wait_exclusive+0x81/0x220 [ 2430.170043][ C1] __se_sys_io_uring_enter+0x1c3e/0x2670 [ 2430.170074][ C1] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 2430.170093][ C1] ? __pfx_io_wake_function+0x10/0x10 [ 2430.170119][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2430.170140][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2430.170162][ C1] ? do_syscall_64+0x100/0x230 [ 2430.170183][ C1] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 2430.170202][ C1] do_syscall_64+0xf3/0x230 [ 2430.170224][ C1] ? clear_bhb_loop+0x35/0x90 [ 2430.170241][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2430.170263][ C1] RIP: 0033:0x7fb7e6f779f9 [ 2430.170278][ C1] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2430.170292][ C1] RSP: 002b:00007fb7e7db1048 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 2430.170307][ C1] RAX: ffffffffffffffda RBX: 00007fb7e7105f80 RCX: 00007fb7e6f779f9 [ 2430.170319][ C1] RDX: 0000000000400000 RSI: 0000000000000000 RDI: 0000000000000008 [ 2430.170329][ C1] RBP: 00007fb7e6fe58ee R08: 0000000000000000 R09: 0000000000000000 [ 2430.170341][ C1] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000000 [ 2430.170352][ C1] R13: 000000000000000b R14: 00007fb7e7105f80 R15: 00007fb7e722fa38 [ 2430.170371][ C1] [ 2437.285463][ T690] usb 1-1: device descriptor read/64, error -110