last executing test programs: 7.888268419s ago: executing program 4 (id=4051): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x1de) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r2, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) timer_create(0xfffffffd, 0x0, &(0x7f0000000040)) clock_gettime(0x0, &(0x7f0000000000)={0x0, 0x0}) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, r3+10000000}, {0x77359400}}, 0x0) timer_gettime(0x0, &(0x7f0000000280)) bpf$BPF_PROG_ATTACH(0x8, &(0x7f00000004c0)={@ifindex, 0xffffffffffffffff, 0x33, 0x1, 0xffffffffffffffff, @prog_fd=r1}, 0x20) r4 = openat(0xffffffffffffff9c, 0x0, 0x442, 0x0) write$binfmt_aout(r4, &(0x7f0000000380)=ANY=[], 0x20) r5 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x5, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_INFO(r5, 0xc1105511, &(0x7f0000000080)={{0x0, 0x0, 0x0, 0x0, 'syz1\x00'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'syz0\x00', 0x0}) splice(r2, &(0x7f0000000040), r1, 0x0, 0x808, 0x2) socket$netlink(0x10, 0x3, 0xa) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r6, 0x4000000000000, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x4001, 0x3, 0x220, 0x0, 0xb, 0x148, 0xf8, 0x148, 0x188, 0x242, 0x240, 0x188, 0x215, 0x3, 0x0, {[{{@ip={@broadcast, @empty, 0x0, 0x0, 'geneve1\x00', 'ipvlan0\x00'}, 0x0, 0xd0, 0xf8, 0x0, {0xff0f000000000000}, [@common=@inet=@socket1={{0x28, 'socket\x00', 0x2}}, @common=@unspec=@time={{0x38}, {0x0, 0x0, 0x0, 0xfffffffd}}]}, @common=@unspec=@NFQUEUE2={0x28}}, {{@uncond, 0xec010000, 0x70, 0x90}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x280) ioctl$DRM_IOCTL_MODE_GETRESOURCES(0xffffffffffffffff, 0xc04064a0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, 0x0, 0x0) getsockopt$inet_sctp_SCTP_ASSOCINFO(0xffffffffffffffff, 0x84, 0x1, 0x0, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value, &(0x7f0000000040)=0x8) syz_usb_connect(0x0, 0x36, &(0x7f00000000c0)=ANY=[@ANYBLOB="120100008010bd40820514009dbb0000000109022400011b00000009040000022a3e740009058bff7f0000100109050b36"], 0x0) write$sequencer(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB], 0x8) socket$can_j1939(0x1d, 0x2, 0x7) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_SET(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000140)=ANY=[@ANYBLOB="4800000003080500000000000000000000000000050003002100000024000480080005400000000008000440000000000800024c0000000008000740000000000600024000000000"], 0x48}}, 0x0) fchdir(r0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.swap.events\x00', 0x275a, 0x0) splice(0xffffffffffffffff, &(0x7f0000000300)=0x10, 0xffffffffffffffff, &(0x7f0000000380)=0xe310, 0x9, 0x1) 6.560171142s ago: executing program 1 (id=4057): syz_usb_connect(0x2, 0x24, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x6b, 0xb4, 0x59, 0x10, 0x2013, 0x1faa, 0xde4d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x67, 0x0, 0x0, 0xde, 0xdc, 0xde}}]}}]}}, 0x0) r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000000)={0x9, {0xe7ff, 0x0, 0xfe0f, 0x300}}) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r2, &(0x7f0000000100)="a7", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) shutdown(r2, 0x1) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x1f, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}}, &(0x7f0000000180)=0x90) setsockopt$IP_VS_SO_SET_ADD(r1, 0x0, 0x482, &(0x7f0000000000)={0x11, @multicast1, 0x0, 0x0, 'lblc\x00'}, 0x2c) 6.287378865s ago: executing program 0 (id=4059): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = socket$rds(0x15, 0x5, 0x0) bind$rds(r0, &(0x7f0000000000)={0x2, 0xfffc, @loopback}, 0x10) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x915d) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000003c0), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) syz_open_dev$admmidi(0x0, 0x20, 0x0) ioctl$SNDCTL_SEQ_PANIC(0xffffffffffffffff, 0x5100) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000000)={0xaa, 0x1}) r4 = dup(r3) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) clock_gettime(0x0, &(0x7f00000019c0)={0x0, 0x0}) unshare(0x22020600) creat(&(0x7f00000002c0)='./file1\x00', 0x4) unshare(0x2a020400) r8 = openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x1, 0x0) r9 = landlock_create_ruleset(&(0x7f0000000140)={0x4000}, 0x10, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r9, 0x1, &(0x7f0000000180)={0x4000, r8}, 0x0) landlock_restrict_self(r9, 0x0) truncate(&(0x7f0000000280)='./file1\x00', 0x1) recvmmsg$unix(r4, &(0x7f0000003e80)=[{{&(0x7f0000000140), 0x6e, &(0x7f0000000640), 0x0, &(0x7f0000000380)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x28}}, {{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f00000006c0)=""/234, 0xea}, {&(0x7f00000007c0)=""/137, 0x89}, {&(0x7f0000000880)=""/234, 0xea}, {&(0x7f0000000980)=""/227, 0xe3}, {&(0x7f0000000a80)=""/149, 0x95}, {&(0x7f0000000b40)=""/13, 0xd}, {&(0x7f0000000b80)=""/5, 0x5}, {&(0x7f0000000bc0)=""/104, 0x68}], 0x8, &(0x7f0000000cc0)}}, {{&(0x7f0000000d80), 0x6e, &(0x7f0000000f40)=[{&(0x7f0000000e00)=""/48, 0x30}, {&(0x7f0000000e40)=""/215, 0xd7}], 0x2, &(0x7f0000000f80)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @rights={{0x30, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x90}}, {{&(0x7f0000001040), 0x6e, &(0x7f0000001100)=[{&(0x7f00000010c0)=""/4, 0x4}], 0x1}}, {{&(0x7f0000001140)=@abs, 0x6e, &(0x7f0000001280)=[{&(0x7f00000011c0)=""/165, 0xa5}], 0x1, &(0x7f00000012c0)=[@rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}, @rights={{0x10}}, @cred={{0x1c}}, @cred={{0x1c}}], 0xb0}}, {{&(0x7f0000000280)=@abs, 0x6e, &(0x7f0000001440), 0x0, &(0x7f0000001480)=[@cred={{0x1c}}, @rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x20, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0xb0}}, {{0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000001580)=""/107, 0x6b}, {&(0x7f0000001e80)=""/4096, 0x1000}, {&(0x7f0000001600)=""/46, 0x2e}], 0x3, &(0x7f0000001700)=[@rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0x50}}, {{0x0, 0x0, &(0x7f0000001940)=[{&(0x7f0000001780)=""/136, 0x88}, {&(0x7f0000001840)=""/48, 0x30}, {&(0x7f0000002e80)=""/4096, 0x1000}, {&(0x7f0000000500)=""/146, 0x92}, {&(0x7f0000000400)=""/216, 0xd8}, {&(0x7f0000001b40)=""/196, 0xc4}], 0x6, &(0x7f0000001c40)=[@cred={{0x1c}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x60}}], 0x8, 0x22, &(0x7f0000001d40)={r6, r7+60000000}) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r5, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r3, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r3, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r5, 0xae9a) 5.18531718s ago: executing program 0 (id=4063): ioctl$IOMMU_IOAS_ALLOC(0xffffffffffffffff, 0x3b81, &(0x7f0000000140)={0xc}) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@updpolicy={0xb8, 0x13, 0xcb23c9c9931e99e9, 0x70bd2b, 0x25dfdbff, {{@in=@local, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x2, 0x0, 0x3, 0x0, 0xa, 0x60, 0x0, 0x2, 0x0, 0xee01}, {0x3, 0x40}, {}, 0x0, 0x40000000}}, 0xb8}}, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x0) r2 = userfaultfd(0x80801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffb000/0x2000)=nil, 0x2000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000ffb000/0x2000)=nil, &(0x7f0000ffc000/0x3000)=nil, 0x2000}) ioctl$UFFDIO_COPY(r2, 0xc028aa05, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0x11, 0xd, 0x0, &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r4 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r4, &(0x7f0000000000), 0x10) sendmsg$can_bcm(r4, &(0x7f00000005c0)={&(0x7f0000000180), 0x1, &(0x7f00000001c0)={&(0x7f0000000cc0)=ANY=[@ANYBLOB="01000000000000000800000000220000", @ANYRES64=0x0, @ANYRES64=0xea60, @ANYRES64=0x0, @ANYRES64=0x0, @ANYBLOB="0000000001000000006e03ff95"], 0x38}, 0x2}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000900)={0x1, &(0x7f00000008c0)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) preadv(r3, &(0x7f0000000100)=[{&(0x7f00000005c0)=""/4096, 0x1000}, {&(0x7f00000000c0)=""/39, 0x27}], 0x2, 0xfffffff8, 0x2) 4.75243751s ago: executing program 4 (id=4064): getpgrp(0x0) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r1 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f00000000c0)={0x80000018}) write$tun(r0, &(0x7f0000000080)=ANY=[], 0xfdef) 4.751584883s ago: executing program 1 (id=4065): r0 = memfd_create(&(0x7f0000000580)='\x00\xac=W[[\x87\x12\x04\xd5\xbc\x80K\x06\xcd]4(\xa2\xee2>\xa1\x9c\x86x\x1c\x9f\x97\x87\xd9c\xecR\xd6\xe8\xf3Y\x12\"p^\xc1\x0f\x00\x00\x00\x00\x00\x00\x00t\x00\x00\x00\x00\x00\x00\x00\x05\x00\x00\x00\x00M\xc2N%\x93t[\xf3\xee\xa4\xb4\xfbf\x8dz7\\\x8e\xac\x18\x00\xfd\x89\xe1d\xfa\xcfb\xf3\xdc\xd4CY\x9a\xef\xa3\\\xa7\xa9^\xafL:[\x8e\x83U\xff\xfd\xb0\xfa\xdaL\xa99\x9b\xcfA\xe4n\xa0^\n\x1c\x84\x04\xc5a\xdf\xe5\xd4Hyn\xba:/\xa5\xf4\xaa\xfa\xcd\xc7T\x83\xf5N^\xf2n\xd0=\xb9\t\xdd-F\xacb\xac \xd3\xccj\x13\xa2\x9fLu\'\xed\x91\x867\xaa\xf5\xa0]\xb6\xaa\xea\xfd\xde\xa6\xec\b\x16\x86l:;\xf9\xdb\xcf\x88\"\xca\xe0E\xdb\xec\xf9\xb3\xed\a\x00\x00\x00\x00\x00\x00\x00\xd6.\xf7\x92\xc42\xdf\xefE\xce}\x1b\xda\xdd?\n6\xe1\xb1\xd8\x19\x960\xd1\x00\x00\x00\x00\x00\x00MW\x8f\xc6\x82\xe4\x15\xf7\xe9\xd8\xc5b\x0e\x91\xc5\xc76$\x18\xa4\xbe\xe8V\x8d-\xe3\x8fC\xd5\xf5\xd6L\xe3\xce\xa1\x8dz\xce\xa7\xa5\xc8\xcbhM\x1b\xf8\x98\xc4\xfbD6\x88\xfd\xe5i\x8a\xd8\xcfm\x81Z\x19\xf0\xef\xc15\xe8\xcb\xf5\t\t\x00\x17\xfa\x1fqb\xe7\"\xcb4\xb8\xe5/\xd52\x17\x12\x1d\xd8\x87\xb9|\x8d\x83\xea\xcc\x94\xebZ\xae\xaf\x19\xa4\xb2\xc6\xe1\x926B\xb6\x89Z\xa9\xb5/\xbb\x9d&\xeeO]\xa8}\xec\xb3\xb3\xd4\b`\xa9f\x84\xad\t\x1a\xc2\xd5\x88\xbfo\x80V\x93\x9fl\xd7\xff\x03\xb7J\xed\x183\xe3\x7f\xfaq,\xca\x06\xb0\xc9\x92\x93\xa5I\x89\xb7\x85\x90\xb7\x1b0\xce\xd7!\x8fD\x96\xe1 ^>\x9f\x04\x89<\xb7S\x7f\x1a\x88\xab$\xd3y\xc2\xe1\x99\xbch\xd3\x83\xcd\x7f\xc5n\xb1\xc1X \xe2\xbb\x1f\x01\x90\xb1O\x8d\x7f\xa8\xd4\xdbO\xef\x99\xf3\xd3M\x0f\t\x7f\n,\x84\x1f\xfa\xe2\xc8\x99\x97Oq\xae\x9b\x86h\xfa3\xb9\xfd\xbb\xd4^\xc0t\xa7]Y\xe9\x7f[\x11\xb1\xf3m\x17F\x9d\x18\xe2\xe1\x01\xb6f=-?\xbcI\xf2\xd9\xc4>-\xc0E\x9a\x82\xcc7S\xd4\xb6\'\xd2DY\xa5\x83,\xd1\xbc\xc7\xf6\xe0\x1f o\x06\xc2t\x14\xc2\xe0\x92\xc1\x8a\x85>@\xc9\xb0% \xc7\x13l\x8bJ\xe5\xec\x1dE\xf5\xc5\xe2\xe3\x10G7r#\xbc\x95&\x14\x1e\x97\xce\x83>Q@\xfb\xeb=\x1e\xb3\xd5H\x02\x86\xc6\xf3\xe1i\\\x1d\xf4\xc1\xacJC+\xc8}\x1b{\x86\x17\x00\n\"\xec\xa5x\xe6\xb1i\xeb\xb3\xb7I\x90\x9eai\xde\x01\xdc\xfeA\x05Sn\xe6\xe8^\xdf\x8c`\x17\xca\xbd\\QG\xb15\x82*=\xbd$\xa4\xdaU\xfb^\xd8!\xacxy\xd5X\xef\x03\xa7\x10\xa1C#S~\x0f\x17\t>X\\mv0\x9eZ\x89\xf4\xae\a\xc8\x16\xd2t\x16\xf3X%Q\xbd\xe9\x86V\xf2\x99^0\xe8xI(\xde-\x04s\x15\x06#2\xef\xef@\xa3t0d^^\xad\xf6\xad\xe0\x16\xf6\xa8\x99!\x0e\x9d+;D&\xeb\x9fl\xcb\x16gc\xf5(\xaa_\xec\x9aiE\f\xd4\xc6\xf2\xae\x85n\x995\xcd\xa7\xbb\xf0pz\xaf\tC\x1cq\xaa\x92,Li\r\x95Z\x89\"\xaf]\x95\xb9b_\xe4\xba\xd4\x93\xab\xe1\xb9\xd8E[\xbb\xc9.M+\xbe\x81N\xd2\xae\xf4\x18\xd0\xe7\x98\x90,\xce\ft\xc4\xc7\x02@\xc31\x00\xd2}f\x8cX\xce\xed\xa4\xe4\xca\x00'/975, 0x0) write(r0, &(0x7f0000000140)='/', 0x1) sendfile(r0, r0, &(0x7f0000001000), 0xfec) mmap(&(0x7f0000000000/0x2000)=nil, 0x2000, 0x100000c, 0x11, r0, 0x0) openat$binder_debug(0xffffffffffffff9c, &(0x7f00000001c0)='/sys/kernel/debug/binder/transactions\x00', 0x0, 0x0) 4.635693782s ago: executing program 4 (id=4066): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000003c0)=ANY=[@ANYRES8=r0, @ANYRES32, @ANYBLOB="00000000000000001c0012800b00010062726964676500000c0002800500160002000000"], 0x3c}}, 0x4010) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(0xffffffffffffffff, 0xc018937b, &(0x7f0000000380)={{0x1, 0x1, 0x18, r0, {0x0}}, './file0\x00'}) r2 = add_key$keyring(&(0x7f0000000500), 0x0, 0x0, 0x0, 0xfffffffffffffffa) keyctl$get_persistent(0x16, r1, r2) prlimit64(0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000180), 0x40, 0x0) unshare(0x400) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f00000000c0)) preadv(r3, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r4 = socket(0x1a, 0xa, 0x9) unshare(0x8040080) openat$sysfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_REM(r4, 0x84, 0x65, &(0x7f0000000000)=[@in6={0xa, 0x4e21, 0x7, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x101}], 0x1c) setrlimit(0x9, &(0x7f0000000080)={0x0, 0x1000}) r5 = getpid() sched_setscheduler(r5, 0x0, &(0x7f0000000100)) ioprio_get$pid(0x3, r5) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@bloom_filter={0x1e, 0x10, 0x7a, 0x4, 0xc00, r3, 0x3, '\x00', 0x0, r3, 0x2, 0x5, 0x0, 0xe}, 0x48) bpf$MAP_CREATE(0x0, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340), 0x48) r6 = openat$tun(0xffffffffffffff9c, &(0x7f00000000c0), 0x1c1842, 0x0) ioctl$TUNSETIFF(r6, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x4801}) r7 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) close(r7) socketpair(0x1, 0x1, 0x0, &(0x7f0000000200)) 4.369250737s ago: executing program 0 (id=4068): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x8, 0x4, &(0x7f0000000100)=ANY=[], &(0x7f0000000140)='syzkaller\x00', 0x4, 0xa2, &(0x7f00000002c0)=""/162}, 0x90) syz_emit_ethernet(0xa6, &(0x7f0000000000)={@broadcast, @local, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, '\x00', 0x70, 0x3a, 0xff, @local, @mcast2, {[], @ndisc_ra={0x86, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, [{0x3, 0xa, "bd3e6d4706598080a80300378927fc503b87aafaffffffffffffff23732472eefa45ad96579269748e254c1e4a8a8b3f0ab0c430d3be27df3e34066d42ca0a5c15b37adac15084dbaf736b41e5af0302"}, {0x0, 0x1, "000000050000000026000400"}]}}}}}}, 0x0) (async, rerun: 32) r1 = socket$nl_route(0x10, 0x3, 0x0) (rerun: 32) sendmsg$nl_route(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000001c0)=@newlink={0x44, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BR_AGEING_TIME={0x8, 0x8, 0xffffa888}, @IFLA_BR_VLAN_FILTERING={0x5, 0x7, 0x7}]}}}]}, 0x44}}, 0x0) (async) pipe(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) flock(r3, 0x6) (async) flock(r2, 0x6) (async) ioctl$F2FS_IOC_DEFRAGMENT(r0, 0xc010f508, &(0x7f0000000000)={0xa1, 0x8200000000000000}) (async) socket$tipc(0x1e, 0x5, 0x0) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cgroup.controllers\x00', 0x275a, 0x0) (async) r5 = socket$alg(0x26, 0x5, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000009440)=[{{&(0x7f0000000300)=@l2tp={0x2, 0x0, @multicast2}, 0x80, 0x0}, 0x1}, {{&(0x7f00000007c0)=@un=@abs, 0x80, 0x0, 0x0, &(0x7f0000001f40)=""/208, 0xd0}, 0x2b3c}], 0x2, 0x2, 0x0) (async) bind$alg(r5, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) (async) r6 = accept4(r5, 0x0, 0x0, 0x0) sendmmsg$unix(r6, &(0x7f0000005400)=[{{0x0, 0x8, &(0x7f0000000ac0)=[{&(0x7f0000000080)="3b464c3bcd2bd7d2b1a92eca79c286a06dffdfeb623ea9e40a2c95cd702350d944237596556c9479bf1521276d845eb45d2cd8e6380fc6ce9c3451c4c197909a89cc640607df2e7a07", 0x1c62e}, {&(0x7f0000000180)="fa302c5276f60e090ecdcd2ab8152552e0ec74a69db872f09ac999fb27496391dbf3d0bc94611c29a7ddbe0b2b272911544465bb22aa", 0x36}, {&(0x7f00000002c0)="87c3752dd3dafc", 0x7}], 0x3, 0x0, 0x0, 0x10}}], 0x4000000000001ee, 0x0) (async, rerun: 64) r7 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="9f01000083667d1040206402d14e0102030109021b000100000000090400000190f19c000905f3ed"], 0x0) (rerun: 64) syz_usb_control_io(r7, 0x0, 0x0) (async) syz_usb_control_io(r7, 0x0, 0x0) (async) syz_usb_control_io$cdc_ecm(r7, 0x0, &(0x7f0000002080)={0x1c, &(0x7f0000000380)=ANY=[@ANYBLOB="00000000fc00d70aefb786862bf97435fe43e998"], 0x0, 0x0}) close(r4) ioctl$SNDCTL_DSP_STEREO(r4, 0xc0045003, &(0x7f0000000100)=0x1) 4.092971406s ago: executing program 1 (id=4070): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x280, 0xa, 0xfffbff7f, 0x0, 0x0, 0x180, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1}) 3.866470025s ago: executing program 1 (id=4071): bind$netlink(0xffffffffffffffff, &(0x7f0000000080)={0x10, 0x0, 0x0, 0xffffffffffffbf3d}, 0xc) timer_create(0x0, &(0x7f0000000680)={0x0, 0x21, 0x0, @tid=0xffffffffffffffff}, &(0x7f0000000100)) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) syz_usb_connect$hid(0xf63067478e218e8, 0x36, &(0x7f00000000c0)=ANY=[], 0x0) ioctl$BTRFS_IOC_SCRUB(r0, 0x541b, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) 3.865251698s ago: executing program 0 (id=4072): add_key$user(&(0x7f0000000200), 0x0, 0x0, 0x0, 0xfffffffffffffffe) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) keyctl$clear(0x3, 0xfffffffffffffffc) request_key(&(0x7f0000000000)='asymmetric\x00', &(0x7f00000001c0)={'syz', 0x2}, &(0x7f0000000200)='\x00\xb2\xd1)\xda\xff|\xd1\x85b\xad77\x00\fJ\xfc\xb4\x1e\xae\xe8:`\xe9\x9ew\xf5l\xee\x8dg\xc2\'\x88\xe9\xf3\x05\xe02\xe6\v_\xe9\x89\x86s\x8dh#$\xe4\xb1\xd0\x93\xceh\xfcsP)\xd9\xce\x19+?\xc6\xf7\xc0[G\x15\xde-x\xa9\xe5,\xec\xf6\xfb\xc9~2\xa1\xeb\xb3Pp\x93\x90\x17\xb2\x95\xe7\r\xae^\x92n\xbd\xf3\xb1\xac\xe3sf\xc9X\x05j:\xb6~\xa6#\xbf\x06t\xf2\xb5gd\xd7\xcc\"A_\xecu\xe8\x84\xe3\x92J\xaa!\xae\xa2\xd7\xf3\xc6J\xb9i\x9d\xb4{\xee\xf0|\xd9\x05\xaa\xbb\xfe\x12\xa0\xbb\xecY\x0f \xa3\xba?#\x90\x8c,nNQ\xa1\xed', 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = syz_io_uring_setup(0x239, 0x0, 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, 0x0) io_uring_enter(r2, 0x2def, 0x0, 0x0, 0x0, 0x0) listen(r0, 0x6) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, 0x0) r3 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r3, 0x0, 0x0) fcntl$getownex(r1, 0x10, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) syz_emit_vhci(0x0, 0x7) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r4, 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, 0x0, 0x40241, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=@newtaction={0x70, 0x30, 0x0, 0x0, 0x0, {0x9}, [{0x5c, 0x1, [@m_sample={0x58, 0x0, 0x0, 0x0, {{0xb}, {0x2c, 0x2, 0x0, 0x1, [@TCA_SAMPLE_PSAMPLE_GROUP={0x8}, @TCA_SAMPLE_RATE={0x8}, @TCA_SAMPLE_PARMS={0x18, 0x2, {0x0, 0x0, 0x0, 0x0, 0x80000}}]}, {0x4}, {0xc}, {0xc, 0x8, {0x4}}}}]}]}, 0x70}}, 0x20040000) r6 = socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r6, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00', 0x0}) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="9000000010000305000000000000000000000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r7, @ANYBLOB="08000100", @ANYRES32=r8], 0x90}}, 0x0) 3.685541582s ago: executing program 3 (id=4073): syz_open_procfs$pagemap(0x0, &(0x7f0000000000)) r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000000), 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ethtool(&(0x7f00000002c0), r1) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x20000, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$ETHTOOL_MSG_LINKMODES_SET(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000100)={0x2c, r2, 0x1, 0x0, 0x0, {0x28}, [@ETHTOOL_A_LINKMODES_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_team\x00'}]}]}, 0x2c}}, 0x0) ioctl$SNDRV_SEQ_IOCTL_GET_SUBSCRIPTION(r0, 0xc0505350, &(0x7f0000000340)={{0x0, 0x1}, {0x7, 0x1f}, 0x0, 0x5, 0x2}) r5 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000040), 0x101000, 0x0) dup(r5) r6 = socket$inet_udp(0x2, 0x2, 0x0) r7 = memfd_secret(0x0) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_NEW_KEY(r7, &(0x7f0000000300)={&(0x7f0000000180)={0x10, 0x0, 0x0, 0x100}, 0xc, &(0x7f00000002c0)={&(0x7f0000000280)={0x38, r8, 0x10, 0x70bd2d, 0x25dfdbfb, {{}, {@void, @val={0xc, 0x99, {0xf, 0x1e}}}}, [@NL80211_ATTR_KEY_DATA_WEP40={0x9, 0x7, "a37fb00296"}, @NL80211_ATTR_MAC={0xa, 0x6, @broadcast}]}, 0x38}, 0x1, 0x0, 0x0, 0x2000}, 0x0) ioctl$PPPIOCCONNECT(r7, 0x4004743a, &(0x7f0000000200)=0x1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x0, 0x28011, r7, 0x0) setsockopt$inet_IP_XFRM_POLICY(r6, 0x0, 0x11, &(0x7f0000000080)={{{@in=@multicast2, @in=@remote, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xee00}}, {{@in=@loopback}, 0x0, @in6=@mcast1}}, 0xe8) socket$igmp6(0xa, 0x3, 0x2) 3.491794271s ago: executing program 0 (id=4075): socket$kcm(0x10, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x9) syz_usb_connect$printer(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x250, 0x0, 0x0, 0x0, 0x8, 0x525, 0xa4a8, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1}}]}}, &(0x7f0000000040)={0x0, 0x0, 0xf, 0x0}) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = syz_open_dev$usbfs(&(0x7f0000000280), 0x8, 0x20000) ioctl$USBDEVFS_CONTROL(r2, 0xc0105500, &(0x7f0000000040)={0x2, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0}) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x84, &(0x7f0000000140)={0x0, @in6={{0xa, 0x4e22, 0x0, @empty}}}, &(0x7f0000000200)=0x90) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r4 = syz_io_uring_setup(0x110, &(0x7f0000000140), &(0x7f0000000240), 0x0) io_uring_enter(r4, 0x47f6, 0x0, 0x0, 0x0, 0x0) prctl$PR_SET_CHILD_SUBREAPER(0x24, 0x1) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f00000002c0), 0x0, &(0x7f0000000100)=ANY=[@ANYBLOB, @ANYRES64, @ANYRESDEC=r3]) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000400)={0x50, 0x0, 0x0, {0x7, 0x1f, 0x2, 0x0, 0x0, 0x0, 0x0, 0x4}}, 0x50) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) r5 = socket(0x1e, 0x1, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) r6 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r6, &(0x7f00004b8fe4)={0xa, 0x4e23, 0x0, @empty}, 0x1c) sendto$inet6(r6, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) getsockopt$bt_hci(r5, 0x84, 0x3, &(0x7f0000000480)=""/4067, &(0x7f0000002f00)=0xfe3) socket$vsock_stream(0x28, 0x1, 0x0) r7 = syz_open_dev$dri(&(0x7f0000000000), 0x10ff, 0x0) ioctl$DRM_IOCTL_MODE_GETPROPERTY(r7, 0xc04064aa, &(0x7f0000005000)={0x0, 0x0}) r8 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r8, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r8, 0x84, 0x21, &(0x7f0000000080), &(0x7f00000000c0)=0x4) ioctl$AUTOFS_IOC_CATATONIC(r7, 0x9362, 0x0) 3.37058374s ago: executing program 4 (id=4076): socket$l2tp(0x2, 0x2, 0x73) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000000000406d041bc7000000000001090224000100000000090400000103000000092100000001220700090581"], 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$F2FS_IOC_DEFRAGMENT(0xffffffffffffffff, 0xc010f508, &(0x7f0000000040)={0xb5a2, 0xcf30}) r2 = socket$inet(0x2, 0x3, 0x2) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000140)='bridge0\x00', 0x10) sendto$inet(r2, 0x0, 0x0, 0x8004, &(0x7f0000000080)={0x2, 0x0, @multicast1}, 0x10) sendmmsg$inet(r2, &(0x7f00000023c0)=[{{&(0x7f0000000280)={0x2, 0x4e22, @multicast2}, 0x10, &(0x7f0000000100)=[{&(0x7f0000000180)="41dc6c46ef2e17ee32be", 0xa}], 0x1}}], 0x1, 0x0) r3 = openat$bsg(0xffffffffffffff9c, &(0x7f00000000c0), 0x4000, 0x0) pipe2$watch_queue(&(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) r6 = socket$inet6(0xa, 0x1, 0x0) r7 = dup2(r6, r6) r8 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000040)={'veth0_vlan\x00', 0x0}) ioctl$sock_inet6_SIOCDELRT(r7, 0x890c, &(0x7f0000000640)={@remote, @loopback, @remote, 0x0, 0x40, 0x0, 0x0, 0x0, 0x40100042, r9}) r10 = bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f00000004c0), 0x4) bpf$MAP_UPDATE_CONST_STR(0x2, &(0x7f0000000600)={{0xffffffffffffffff, 0xffffffffffffffff}, &(0x7f0000000580), &(0x7f00000005c0)='%pI4 \x00'}, 0x20) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000680)={0x18, 0x22, &(0x7f00000002c0)=@raw=[@btf_id={0x18, 0x2, 0x3, 0x0, 0x2}, @jmp={0x5, 0x1, 0x2, 0x5, 0xb, 0x100}, @call={0x85, 0x0, 0x0, 0x14}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r3}}, @map_fd={0x18, 0xa, 0x1, 0x0, r4}, @snprintf={{}, {}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x3}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r5}}, @map_idx_val={0x18, 0x5, 0x6, 0x0, 0x1}], &(0x7f0000000400)='GPL\x00', 0x6db, 0x79, &(0x7f0000000440)=""/121, 0x41000, 0x22, '\x00', r9, 0x0, r10, 0x8, &(0x7f0000000500)={0x5, 0x1}, 0x8, 0x10, &(0x7f0000000540)={0x5, 0x0, 0x7, 0x2}, 0x10, 0x0, 0x0, 0x0, &(0x7f0000000640)=[r11], 0x0, 0x10, 0xb26}, 0x90) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r12 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r12, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000080)=[@textreal={0x8, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r12, 0xae80, 0x0) 3.239540958s ago: executing program 3 (id=4077): socket$inet_udplite(0x2, 0x2, 0x88) creat(&(0x7f0000000200)='./file0\x00', 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) openat$hwrng(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f00000000c0), 0xffffffffffffffff) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b80000001900010000e7000000000000e00000020000000000000000000000000000008000000000000000000000000100000000000000000a0000"], 0xb8}}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b800000015"], 0xb8}, 0x1, 0x3000000}, 0x0) 3.048129895s ago: executing program 3 (id=4079): ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wlan1\x00'}) r0 = socket(0x1, 0x803, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)) r2 = openat(0xffffffffffffff9c, &(0x7f0000000140)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) r3 = socket$key(0xf, 0x3, 0x2) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=@framed={{}, [@printk={@p, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x2d}}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000000)='kfree\x00', r4}, 0x10) sendfile(r3, r2, 0x0, 0x1000) r5 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCETHTOOL(r5, 0x8946, &(0x7f0000000200)={'wlan0\x00', &(0x7f0000000100)=@ethtool_eee={0x25, 0x0, 0x0, 0x0, 0x0, 0x100}}) r6 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000580)=ANY=[@ANYBLOB="440000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="7f00000000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r1, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}}, 0x0) 2.762362793s ago: executing program 2 (id=4081): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x1, 0x4, 0x4, 0x1}, 0x48) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000100)={{r0}, &(0x7f0000000040), &(0x7f0000000080)}, 0x20) r1 = socket$inet_udplite(0x2, 0x2, 0x88) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000000)={'syztnl1\x00', &(0x7f0000000140)={'syztnl0\x00', 0x0, 0x29, 0x4, 0x4, 0x9, 0x56, @remote, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x10, 0x8, 0x4, 0x5}}) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) r4 = openat$vcs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) bind$inet(0xffffffffffffffff, 0x0, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) ioctl$ifreq_SIOCGIFINDEX_wireguard(r7, 0x8933, &(0x7f0000000100)={'wg2\x00'}) getsockopt$inet6_IPV6_IPSEC_POLICY(0xffffffffffffffff, 0x29, 0x22, 0x0, &(0x7f0000000240)) setsockopt$inet_IP_XFRM_POLICY(r4, 0x0, 0x11, 0x0, 0x0) ioctl$KVM_SET_MSRS(r7, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="0100000000000001004d564b00000000af"]) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000880)={'bridge_slave_0\x00', 0x0}) r9 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r9, &(0x7f0000000040)={0x0, 0x4, &(0x7f00000006c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="280000001c000702080000000000000007000000", @ANYRES32=r8, @ANYBLOB="4000cc000a000200aaaaaaaaaa0c"], 0x28}}, 0x0) r10 = socket$kcm(0x10, 0x2, 0x10) sendmsg$kcm(r10, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000480)=[{&(0x7f0000000000)="1400000010003507d25a806f8c6394f90324fc60", 0x14}], 0x1}, 0x0) recvmsg$kcm(r10, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000027c0)}, 0x0) r11 = socket$kcm(0x10, 0x3, 0x10) r12 = syz_open_dev$vim2m(&(0x7f0000000580), 0x0, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r12, 0xc0d05605, &(0x7f0000000000)={0x2, @pix={0x0, 0x0, 0x59455247}}) ioctl$vim2m_VIDIOC_REQBUFS(r12, 0xc0145608, &(0x7f0000000100)={0x10001, 0x2, 0x2}) ioctl$vim2m_VIDIOC_STREAMOFF(r12, 0x40045612, &(0x7f0000000140)=0x2) sendmsg$kcm(r11, &(0x7f0000000000)={0x0, 0xffffff0a, &(0x7f0000000080)=[{&(0x7f0000000040)="c018030031000b12d25a80648c2594f90324fc601006034002200600053582c137153e370248078000f01700d1bd", 0x33fe0}], 0x1}, 0x0) ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(r1, 0x89f3, &(0x7f00000000c0)={'gretap0\x00', &(0x7f0000000300)={'syztnl0\x00', r2, 0x8000, 0x20, 0x7, 0x5, {{0x10, 0x4, 0x0, 0x5, 0x40, 0x67, 0x0, 0x1, 0x29, 0x0, @dev={0xac, 0x14, 0x14, 0x16}, @initdev={0xac, 0x1e, 0x0, 0x0}, {[@lsrr={0x83, 0x7, 0x25, [@empty]}, @noop, @timestamp_prespec={0x44, 0x24, 0x11, 0x3, 0x8, [{@loopback, 0x5}, {@empty, 0x2}, {@local, 0x3}, {@dev={0xac, 0x14, 0x14, 0x35}, 0x9}]}]}}}}}) bpf$MAP_LOOKUP_ELEM(0x4, &(0x7f00000001c0)={r0, &(0x7f00000003c0)=',', 0x0}, 0x20) 2.597910588s ago: executing program 3 (id=4082): r0 = openat$cuse(0xffffffffffffff9c, &(0x7f0000001f80), 0x2, 0x0) write$FUSE_NOTIFY_INVAL_ENTRY(r0, &(0x7f0000001fc0)=ANY=[@ANYBLOB="42000000010000000000000000000000000000000000000021"], 0x42) 2.497019493s ago: executing program 3 (id=4083): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x1, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a}, 0x1c) r1 = socket$inet_udp(0x2, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) bind$inet(r1, &(0x7f0000000000)={0x2, 0x4, @local}, 0x10) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x2d, 0x0) syz_emit_ethernet(0x4a, &(0x7f0000000500)={@broadcast, @remote, @val={@void}, {@ipv6={0x86dd, @udp={0x0, 0x6, "f7d8ff", 0x10, 0x3c, 0x0, @rand_addr=' \x01\x00', @mcast2, {[], {0x0, 0x0, 0x10, 0x0, @gue={{0x2}}}}}}}}, 0x0) 2.399996755s ago: executing program 2 (id=4084): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f00000000c0)={0x2, 0x4e20, @multicast2}, 0x10) connect$inet(r0, &(0x7f0000000140)={0x2, 0x4e20, @loopback}, 0x10) sendmmsg$inet(r0, &(0x7f0000005400)=[{{0x0, 0x80101, &(0x7f0000000240)=[{&(0x7f00000037c0)='/', 0x8031e}], 0x1}}, {{0x0, 0x0, &(0x7f0000003d80)=[{&(0x7f0000003ac0)="bb"}], 0x218, 0x0, 0x0, 0x241}}, {{0x0, 0x2c, &(0x7f0000004200)=[{&(0x7f0000003e80)='Z', 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000005380)=[{&(0x7f00000001c0)="81", 0x1}], 0x1}}], 0x4, 0x60cd894) 2.224062185s ago: executing program 3 (id=4085): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000500)) r1 = socket$packet(0x11, 0x3, 0x300) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f00000001c0)={0x0, 0x0, 0x0, &(0x7f00000003c0)=""/75, 0x0}) r2 = dup(r1) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) (async) ioctl$VHOST_NET_SET_BACKEND(r0, 0x4008af30, &(0x7f0000000000)={0x0, r2}) ioctl$VHOST_NET_SET_BACKEND(r0, 0xaf02, 0x0) write(r2, &(0x7f0000000200)="20be9bd01c71654f3b6443f9d649e4e8d6976383f6e517c35a80b694c865789925f6e0371ebbbda0628b437ce0cff67ecb17dc7cfde18a1f9e3bff760551e34d369592e52e3b6533d4e65cb355c3f21dd968e833ce5efec66327dd4bb755efe7cb321c3c888b044c73e455301be31719556b75c17f535bde0f02e52801d28d670b0acb5b543f1e968d4cb4fa39e57701827bb438272296d55c4c062bdb12718ca461e3fde8cf66034655b0079649d90e23010e5b8891375569090f58cd8e8c75d7ca43", 0xc3) r3 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x46d, 0xc211, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}}}]}}]}}, 0x0) syz_usb_control_io(r3, 0x0, 0x0) (async) syz_usb_control_io(r3, 0x0, 0x0) r4 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x83, 0x66, 0x7d, 0x10, 0x2040, 0x264, 0x4ed1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x90, 0xf1, 0x9c, 0x0, [], [{{0x9, 0x5, 0x84}}]}}]}}]}}, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) (async) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io(r4, 0x0, 0x0) (async) syz_usb_control_io(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) add_key$keyring(0x0, &(0x7f00000001c0)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) syz_usb_control_io$printer(r4, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0) (async) syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0) (async) syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0) syz_usb_control_io$printer(r4, 0x0, 0x0) syz_usb_control_io$hid(r3, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, "055b10e0"}]}}, 0x0}, 0x0) (async) syz_usb_control_io$hid(r3, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000080)={0x0, 0x22, 0x5, {[@local=@item_4={0x3, 0x2, 0x0, "055b10e0"}]}}, 0x0}, 0x0) 1.856452911s ago: executing program 1 (id=4086): sendmmsg$alg(0xffffffffffffffff, &(0x7f0000000240)=[{0x20000000, 0xff00, 0x0, 0x0, &(0x7f0000000600)=ANY=[], 0xd8, 0x4010}], 0x1, 0x0) (async) r0 = socket$inet_udp(0x2, 0x2, 0x0) (async) r1 = socket$rds(0x15, 0x5, 0x0) connect$rds(r1, &(0x7f0000000040)={0x2, 0x4e02, @multicast2}, 0x10) (async) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x40000000, 0x0, 0x0}, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) sendmmsg(r0, &(0x7f0000000180), 0x400000000000077, 0x0) 1.751893837s ago: executing program 1 (id=4087): socket$l2tp6(0xa, 0x2, 0x73) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) syz_open_dev$tty1(0xc, 0x4, 0x1) socket$packet(0x11, 0x2, 0x300) setsockopt$inet6_MCAST_JOIN_GROUP(0xffffffffffffffff, 0x29, 0x6, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="04030b00c900ffffff0400000003"], 0xe) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r0, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) r1 = socket(0x80000000000000a, 0x2, 0x0) setsockopt$inet6_group_source_req(r1, 0x29, 0x2e, &(0x7f0000000080)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}, 0xfffffffc}}, {{0xa, 0x0, 0x3, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) setsockopt$inet6_group_source_req(r1, 0x29, 0x2b, &(0x7f0000000200)={0x0, {{0xa, 0x0, 0x0, @mcast1={0xff, 0x7}}}, {{0xa, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}}}, 0x108) r2 = socket$l2tp(0x2, 0x2, 0x73) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, &(0x7f0000000240)='wlan0\x00', 0x10) r3 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$RTC_UIE_ON(r3, 0x7003) ioctl$RTC_SET_TIME(r3, 0x4024700a, &(0x7f0000000340)={0x0, 0x23, 0xe, 0x14, 0x0, 0x4f6}) bind$inet(r2, &(0x7f0000000080)={0x2, 0x4e23, @local}, 0x10) syz_usb_connect$uac1(0x0, 0xab, &(0x7f0000003180)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x99, 0x3, 0x1, 0x0, 0x0, 0x0, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{}, [@feature_unit={0x11, 0x24, 0x6, 0x0, 0x0, 0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}, @extension_unit={0x9, 0x24, 0x8, 0x0, 0x0, 0x0, "8eb5"}, @mixer_unit={0xb, 0x24, 0x4, 0x0, 0x0, "c4b8f2687011"}, @input_terminal={0xc, 0x24, 0x2, 0x4}, @output_terminal={0x9, 0x24, 0x3, 0x0, 0x0, 0x0, 0x4}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) socket$nl_rdma(0x10, 0x3, 0x14) connect$inet(r2, &(0x7f0000000200)={0x2, 0x0, @local}, 0x10) setresuid(0x0, 0xee00, 0xffffffffffffffff) r4 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x8, 0x10, &(0x7f0000000000)=ANY=[@ANYRES32=r4, @ANYBLOB="0000000000000000b705000008e80000850000006900000095"], &(0x7f0000000300)='GPL\x00', 0x8}, 0x90) sendmmsg$inet(r2, &(0x7f0000000900)=[{{0x0, 0x0, 0x0}}], 0x40000cf, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 1.712329614s ago: executing program 4 (id=4088): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c0000001a00000000000000d273000002000000000000000000000085f8ec3289ca8632cbff5cd3b07d8863bbfcce0b31c1b95ad261d1b161"], 0x1c}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_wait_time_recursive\x00', 0x275a, 0x0) write$binfmt_script(r1, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r1, 0x0) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) capset(&(0x7f0000000100)={0x20080522}, &(0x7f0000000000)) r3 = syz_open_procfs$namespace(0x0, &(0x7f0000000700)='ns/cgroup\x00') setns(r3, 0x0) arch_prctl$ARCH_SHSTK_LOCK(0x5003, 0x2) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000500)='status\x00') r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.throttle.io_serviced_recursive\x00', 0x275a, 0x0) write$UHID_CREATE2(r4, &(0x7f00000002c0)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r4, 0x0) getsockopt$sock_cred(r2, 0x1, 0x4d, 0x0, &(0x7f00000000c0)=0x10) mkdirat$cgroup_root(0xffffffffffffff9c, 0x0, 0x1ff) r5 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_REPLACE(r5, 0xa02000000000000, 0x60, &(0x7f0000000000)={'filter\x00', 0x2, 0x4, 0x400, 0x0, 0x108, 0x0, 0x318, 0x108, 0x318, 0x7fffffe, 0x0, {[{{@uncond, 0xc0, 0x108, 0x71000000, {0x15b}}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}, {{@arp={@rand_addr, @empty, 0x0, 0x0, 0x0, 0x0, {@mac=@remote}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 'lo\x00', 'ip6tnl0\x00'}, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}, {{@uncond, 0xc0, 0x108}, @unspec=@LED={0x48, 'LED\x00', 0x0, {'syz0\x00'}}}], {{'\x00', 0xc0, 0xe8, 0x0, {0x1d000000}}, {0x28}}}}, 0x450) 1.472090734s ago: executing program 2 (id=4089): socket$inet6(0xa, 0x80002, 0x0) socket$inet_dccp(0x2, 0x6, 0x0) syz_open_dev$video(&(0x7f00000000c0), 0x0, 0x0) syz_open_dev$vim2m(&(0x7f00000001c0), 0x200000007fff, 0x2) syz_open_dev$video4linux(&(0x7f0000000000), 0x71, 0x0) pselect6(0x40, &(0x7f0000000000)={0xfc}, 0x0, 0x0, 0x0, 0x0) 1.357425816s ago: executing program 2 (id=4090): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x16, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000540)={0x2, 0x4, 0x8, 0x1, 0x80, r0, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x2, 0x3, 0x5}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x42}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f00000002c0)={{r0}, 0x0, &(0x7f0000000340)}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f00000001c0)='kmem_cache_free\x00', r1}, 0x10) openat$pidfd(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) setsockopt$IPT_SO_SET_REPLACE(0xffffffffffffffff, 0x4000000000000, 0x40, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7ffc0000}]}) rseq(&(0x7f0000000040), 0x20, 0x0, 0x0) rseq(&(0x7f0000000500), 0x20, 0x0, 0x0) pipe2(0x0, 0x0) r2 = socket(0x29, 0x3, 0x0) write(r2, &(0x7f0000000140)="2600000022004701050000070000000000000020002b1f000a4a51f1ee839cd53400b017ca", 0x25) recvmmsg(r2, &(0x7f0000000780), 0x3ffffffffffff81, 0x2, 0x0) mq_notify(0xffffffffffffffff, &(0x7f0000000000)={0x20000000, 0x4000000000003, 0x2, @thr={0x0, 0x0}}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$cuse(0xffffffffffffff9c, &(0x7f0000001cc0), 0x2, 0x0) getsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) 1.263837969s ago: executing program 4 (id=4091): r0 = io_uring_setup(0x378e, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x0, 0x7}) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000200)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="73c8"], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 1.13908227s ago: executing program 2 (id=4092): r0 = socket$netlink(0x10, 0x3, 0x14) bind$netlink(r0, &(0x7f0000000340)={0x10, 0x0, 0x0, 0x22ffffffff}, 0xc) socket$netlink(0x10, 0x3, 0x4) socket(0x1e, 0x1, 0x0) (async) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89001) (async) prlimit64(0x0, 0xd, &(0x7f0000000100)={0x8}, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) (async) r2 = socket$inet6_udplite(0xa, 0x2, 0x88) connect$inet6(r2, &(0x7f0000000040)={0xa, 0x0, 0x8, @dev, 0x3}, 0x1c) (async) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x10, 0xffffffffffffffff, 0x0) (async) r3 = socket$inet_smc(0x2b, 0x1, 0x0) ioctl$UI_DEV_DESTROY(r1, 0x5502) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) setsockopt$inet_sctp_SCTP_AUTOCLOSE(r1, 0x84, 0x4, &(0x7f0000000280)=0x6, 0x4) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f00000000c0)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000004c0)={0x0, 0x0, r6, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000440)={r7, 0xd, 0x0, 0x0, 0x0, [0x0], [], [0x1]}) (async) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r4, 0xc02064b2, &(0x7f0000000140)={0x3ff, 0xb, 0xb5}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r4, 0xc00c642d, &(0x7f0000000080)={r8, 0x0, 0xffffffffffffffff}) syz_usb_ep_write$ath9k_ep2(0xffffffffffffffff, 0x83, 0x10, &(0x7f0000000180)=@ready={0x0, 0x0, 0x8, "43900482", {0x1, 0x7f, 0xf, 0x2, 0xc0}}) ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000200)={r7, 0x3, 0x800, 0x0, 0x1, [], [0x8, 0x4000], [0x7, 0xffffffff]}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r5, 0xc00c642e, &(0x7f0000000300)={0x0, 0x0, r9}) close_range(r3, 0xffffffffffffffff, 0x0) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_sys\x00', 0x275a, 0x0) (async) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) 159.752742ms ago: executing program 0 (id=4093): socket$inet6_tcp(0xa, 0x1, 0x0) syz_emit_ethernet(0x68, &(0x7f00000001c0)={@link_local, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x3, 0x0, 0x5a, 0x0, 0x0, 0x0, 0x2f, 0x0, @private, @multicast1}, {{0x0, 0x0, 0x1, 0x0, 0x2, 0x0, 0x0, 0x4, 0x6558, 0x0, 0x0, [0x0]}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x3}}}}}}, 0x0) syz_open_dev$cec(0x0, 0x0, 0x0) r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x20d6, 0xcb17, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000040)={0x0, 0x22, 0x8, {[@main=@item_4={0x3, 0x0, 0xb}, @main=@item_012={0x2, 0x0, 0x0, "6cb1"}]}}, 0x0}, 0x0) socket(0x27, 0x2, 0x7b) shutdown(0xffffffffffffffff, 0x1) openat$mice(0xffffffffffffff9c, &(0x7f0000000000), 0x22002) r1 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r1, 0x40045532, &(0x7f0000000100)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3800003, 0x40010, 0xffffffffffffffff, 0x6bbec000) r2 = socket$inet6_sctp(0xa, 0x801, 0x84) connect$inet6(r2, 0x0, 0x0) 0s ago: executing program 2 (id=4094): syz_usb_connect(0x2, 0x24, &(0x7f00000003c0)={{0x12, 0x1, 0x0, 0x6b, 0xb4, 0x59, 0x10, 0x2013, 0x1faa, 0xde4d, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x67, 0x0, 0x0, 0xde, 0xdc, 0xde}}]}}]}}, 0x0) r0 = syz_open_dev$video(&(0x7f0000000040), 0xa7, 0x0) ioctl$VIDIOC_S_CROP(r0, 0x4014563c, &(0x7f0000000000)={0x9, {0xe7ff, 0x0, 0xfe0f, 0x300}}) socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r1, &(0x7f0000000100)="a7", 0x1, 0x0, &(0x7f0000000040)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00'}, 0x1c) shutdown(r1, 0x1) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r1, 0x84, 0x1f, &(0x7f0000000240)={0x0, @in={{0x2, 0x0, @empty}}}, &(0x7f0000000180)=0x90) kernel console output (not intermixed with test programs): d, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1372.189770][ T5765] usb 5-1: New USB device strings: Mfr=0, Product=162, SerialNumber=123 [ 1372.212177][ T5765] usb 5-1: Product: syz [ 1372.222915][ T5765] usb 5-1: SerialNumber: syz [ 1372.275275][ T5765] usb 5-1: config 0 descriptor?? [ 1372.294029][ T5765] pwc: Askey VC010 type 2 USB webcam detected. [ 1372.502978][ T5765] pwc: send_video_command error -71 [ 1372.509191][ T5765] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 1372.546181][ T5765] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 1372.561392][ T5765] usb 5-1: USB disconnect, device number 68 [ 1372.957875][ T7951] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1372.980324][ T7951] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1372.994387][ T7951] bond0 (unregistering): Released all slaves [ 1373.112604][ T5765] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 1373.314513][ T5765] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1373.353930][ T5765] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1373.372049][ T5765] usb 5-1: New USB device strings: Mfr=0, Product=162, SerialNumber=123 [ 1373.401937][ T5765] usb 5-1: Product: syz [ 1373.410473][ T5765] usb 5-1: SerialNumber: syz [ 1373.443585][ T5765] usb 5-1: config 0 descriptor?? [ 1373.471298][ T5765] pwc: Askey VC010 type 2 USB webcam detected. [ 1373.680610][ T7951] hsr_slave_0: left promiscuous mode [ 1373.702772][T21469] Bluetooth: hci4: command tx timeout [ 1373.764760][ T7951] hsr_slave_1: left promiscuous mode [ 1373.820280][ T7951] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1373.838378][ T7951] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1373.865282][ T7951] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1373.890101][ T7951] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1373.921963][ T5765] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1373.941647][ T5765] pwc: recv_control_msg error -32 req 02 val 2700 [ 1373.951833][ T5765] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1373.965065][ T5765] pwc: recv_control_msg error -32 req 04 val 1000 [ 1373.985303][ T5765] pwc: recv_control_msg error -32 req 04 val 1300 [ 1374.008356][ T7951] veth1_macvtap: left promiscuous mode [ 1374.034629][ T7951] veth0_macvtap: left promiscuous mode [ 1374.099643][ T7951] veth1_vlan: left promiscuous mode [ 1374.130109][ T5765] pwc: recv_control_msg error -71 req 04 val 1400 [ 1374.145307][ T5765] pwc: recv_control_msg error -71 req 02 val 2000 [ 1374.162769][ T7951] veth0_vlan: left promiscuous mode [ 1374.181820][ T5765] pwc: recv_control_msg error -71 req 02 val 2100 [ 1374.190556][ T5765] pwc: recv_control_msg error -71 req 04 val 1500 [ 1374.203652][ T5765] pwc: recv_control_msg error -71 req 02 val 2500 [ 1374.221521][ T5765] pwc: recv_control_msg error -71 req 02 val 2400 [ 1374.234266][ T5765] pwc: recv_control_msg error -71 req 02 val 2600 [ 1374.249180][ T5765] pwc: recv_control_msg error -71 req 02 val 2900 [ 1374.277149][ T5765] pwc: recv_control_msg error -71 req 02 val 2800 [ 1374.292203][ T5765] pwc: recv_control_msg error -71 req 04 val 1100 [ 1374.300744][ T5765] pwc: recv_control_msg error -71 req 04 val 1200 [ 1374.318351][ T5765] pwc: Registered as video71. [ 1374.331211][ T5765] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input218 [ 1374.372211][ T5765] usb 5-1: USB disconnect, device number 69 [ 1375.027078][T23807] misc userio: Buffer overflowed, userio client isn't keeping up [ 1375.312068][T25022] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3846'. [ 1375.339489][T25022] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3846'. [ 1375.362496][T25022] netlink: 12 bytes leftover after parsing attributes in process `syz.1.3846'. [ 1375.480266][T12183] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 1375.697373][T25025] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 1375.703943][T25025] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1375.731313][T12183] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1375.752604][T25025] vhci_hcd vhci_hcd.0: Device attached [ 1375.762137][T12183] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1375.771516][T12183] usb 5-1: New USB device strings: Mfr=0, Product=162, SerialNumber=123 [ 1375.784186][T21469] Bluetooth: hci4: command tx timeout [ 1375.800925][T12183] usb 5-1: Product: syz [ 1375.805300][T12183] usb 5-1: SerialNumber: syz [ 1375.825870][T12183] usb 5-1: config 0 descriptor?? [ 1375.834729][T12183] pwc: Askey VC010 type 2 USB webcam detected. [ 1375.914621][ T7951] team0 (unregistering): Port device team_slave_1 removed [ 1375.990386][ T7951] team0 (unregistering): Port device team_slave_0 removed [ 1376.058174][T12183] pwc: send_video_command error -71 [ 1376.072668][T16203] usb 12-1: SetAddress Request (22) to port 0 [ 1376.075120][T12183] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 1376.079442][T16203] usb 12-1: new SuperSpeed USB device number 22 using vhci_hcd [ 1376.091021][T12183] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 1376.122687][T25026] vhci_hcd: connection closed [ 1376.124265][ T1136] vhci_hcd: stop threads [ 1376.126766][T23807] input: PS/2 Generic Mouse as /devices/serio15/input/input217 [ 1376.128978][ T1136] vhci_hcd: release socket [ 1376.136852][T12183] usb 5-1: USB disconnect, device number 70 [ 1376.157807][ T1136] vhci_hcd: disconnect device [ 1376.362539][T23807] psmouse serio15: Failed to enable mouse on [ 1376.642599][T12183] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 1376.844441][T12183] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1376.861009][T12183] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1376.871012][T12183] usb 5-1: New USB device strings: Mfr=0, Product=162, SerialNumber=123 [ 1376.880050][T12183] usb 5-1: Product: syz [ 1376.884784][T12183] usb 5-1: SerialNumber: syz [ 1376.903446][T12183] usb 5-1: config 0 descriptor?? [ 1376.926360][T12183] pwc: Askey VC010 type 2 USB webcam detected. [ 1376.999274][T24934] chnl_net:caif_netlink_parms(): no params data found [ 1377.356888][T12183] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1377.369433][T12183] pwc: recv_control_msg error -32 req 02 val 2700 [ 1377.380015][T12183] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1377.389171][T24934] bridge0: port 1(bridge_slave_0) entered blocking state [ 1377.393097][T12183] pwc: recv_control_msg error -32 req 04 val 1000 [ 1377.429252][T12183] pwc: recv_control_msg error -32 req 04 val 1300 [ 1377.433292][T24934] bridge0: port 1(bridge_slave_0) entered disabled state [ 1377.472572][T24934] bridge_slave_0: entered allmulticast mode [ 1377.503694][T24934] bridge_slave_0: entered promiscuous mode [ 1377.554343][T24934] bridge0: port 2(bridge_slave_1) entered blocking state [ 1377.561501][T24934] bridge0: port 2(bridge_slave_1) entered disabled state [ 1377.604377][ T29] kauditd_printk_skb: 32 callbacks suppressed [ 1377.604395][ T29] audit: type=1326 audit(1725417722.653:5505): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25060 comm="syz.1.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1377.640202][ T5283] usb 1-1: new high-speed USB device number 100 using dummy_hcd [ 1377.652860][T24934] bridge_slave_1: entered allmulticast mode [ 1377.665766][T24934] bridge_slave_1: entered promiscuous mode [ 1377.695215][ T29] audit: type=1326 audit(1725417722.653:5506): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25060 comm="syz.1.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1377.725330][T12183] pwc: recv_control_msg error -71 req 04 val 1400 [ 1377.760082][ T29] audit: type=1326 audit(1725417722.663:5507): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25060 comm="syz.1.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1377.789810][T12183] pwc: recv_control_msg error -71 req 02 val 2000 [ 1377.795416][T24934] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1377.842367][ T29] audit: type=1326 audit(1725417722.663:5508): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25060 comm="syz.1.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1377.847440][T12183] pwc: recv_control_msg error -71 req 02 val 2100 [ 1377.882537][T21469] Bluetooth: hci4: command tx timeout [ 1377.889970][ T5283] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1377.909025][ T7951] IPVS: stop unused estimator thread 0... [ 1377.917524][T24934] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1377.918500][T12183] pwc: recv_control_msg error -71 req 04 val 1500 [ 1377.927339][ T5283] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1377.947657][ T5283] usb 1-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.10 [ 1377.956926][ T5283] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1377.970176][T25066] FAULT_INJECTION: forcing a failure. [ 1377.970176][T25066] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1377.970190][T21469] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 1377.998495][ T5283] usb 1-1: config 0 descriptor?? [ 1378.013658][ T5283] radioshark2 1-1:0.0: Invalid radioSHARK2 device [ 1378.020145][ T5283] radioshark2 1-1:0.0: probe with driver radioshark2 failed with error -22 [ 1378.029354][ T5283] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1378.057558][ T29] audit: type=1326 audit(1725417722.663:5509): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25060 comm="syz.1.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1378.096811][T12183] pwc: recv_control_msg error -71 req 02 val 2500 [ 1378.106153][ T29] audit: type=1326 audit(1725417722.663:5510): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25060 comm="syz.1.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=333 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1378.111615][T25066] CPU: 1 UID: 0 PID: 25066 Comm: syz.1.3852 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 1378.139442][T25066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1378.147104][ T29] audit: type=1326 audit(1725417722.663:5511): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25060 comm="syz.1.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1378.149496][T25066] Call Trace: [ 1378.149508][T25066] [ 1378.149521][T25066] dump_stack_lvl+0x241/0x360 [ 1378.172053][ T29] audit: type=1326 audit(1725417722.673:5512): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25060 comm="syz.1.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1378.175169][T25066] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1378.175197][T25066] ? __pfx__printk+0x10/0x10 [ 1378.178129][ T29] audit: type=1326 audit(1725417722.673:5513): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25060 comm="syz.1.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1378.182764][T25066] ? snprintf+0xda/0x120 [ 1378.182791][T25066] should_fail_ex+0x3b0/0x4e0 [ 1378.182822][T25066] _copy_to_user+0x2f/0xb0 [ 1378.182846][T25066] simple_read_from_buffer+0xca/0x150 [ 1378.182870][T25066] proc_fail_nth_read+0x1ec/0x260 [ 1378.182893][T25066] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1378.182916][T25066] ? rw_verify_area+0x52a/0x6b0 [ 1378.182936][T25066] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1378.182958][T25066] vfs_read+0x204/0xbc0 [ 1378.182977][T25066] ? __pfx_lock_release+0x10/0x10 [ 1378.183001][T25066] ? __pfx_vhci_write+0x10/0x10 [ 1378.183022][T25066] ? __pfx_vfs_read+0x10/0x10 [ 1378.183042][T25066] ? __fget_files+0x29/0x470 [ 1378.183065][T25066] ? __fget_files+0x3f6/0x470 [ 1378.183100][T25066] ksys_read+0x1a0/0x2c0 [ 1378.183127][T25066] ? __pfx_ksys_read+0x10/0x10 [ 1378.183147][T25066] ? do_syscall_64+0x100/0x230 [ 1378.183170][T25066] ? do_syscall_64+0xb6/0x230 [ 1378.183192][T25066] do_syscall_64+0xf3/0x230 [ 1378.183213][T25066] ? clear_bhb_loop+0x35/0x90 [ 1378.183237][T25066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1378.183258][T25066] RIP: 0033:0x7f401b37b93c [ 1378.183276][T25066] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 1378.183292][T25066] RSP: 002b:00007f401c0c0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1378.218285][ T5283] usb 1-1: USB disconnect, device number 100 [ 1378.237752][T25066] RAX: ffffffffffffffda RBX: 00007f401b535f80 RCX: 00007f401b37b93c [ 1378.237778][T25066] RDX: 000000000000000f RSI: 00007f401c0c00a0 RDI: 0000000000000003 [ 1378.237790][T25066] RBP: 00007f401c0c0090 R08: 0000000000000000 R09: 0000000000000000 [ 1378.237800][T25066] R10: 0000000020000100 R11: 0000000000000246 R12: 0000000000000001 [ 1378.237812][T25066] R13: 0000000000000001 R14: 00007f401b535f80 R15: 00007f401b65fa28 [ 1378.237839][T25066] [ 1378.238000][ C1] vkms_vblank_simulate: vblank timer overrun [ 1378.272284][ T29] audit: type=1326 audit(1725417722.673:5514): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25060 comm="syz.1.3851" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1378.277613][ C1] vkms_vblank_simulate: vblank timer overrun [ 1378.454735][ C1] vkms_vblank_simulate: vblank timer overrun [ 1378.473796][T12183] pwc: recv_control_msg error -71 req 02 val 2400 [ 1378.480895][T12183] pwc: recv_control_msg error -71 req 02 val 2600 [ 1378.490070][T12183] pwc: recv_control_msg error -71 req 02 val 2900 [ 1378.527948][T12183] pwc: recv_control_msg error -71 req 02 val 2800 [ 1378.548323][T25058] dvmrp0: entered allmulticast mode [ 1378.562850][T12183] pwc: recv_control_msg error -71 req 04 val 1100 [ 1378.569753][T12183] pwc: recv_control_msg error -71 req 04 val 1200 [ 1378.574395][T24934] team0: Port device team_slave_0 added [ 1378.583788][T12183] pwc: Registered as video71. [ 1378.590173][T12183] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input219 [ 1378.605971][T12183] usb 5-1: USB disconnect, device number 71 [ 1378.689798][T25073] dvmrp0: left allmulticast mode [ 1378.855318][T24934] team0: Port device team_slave_1 added [ 1379.052962][T24934] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1379.083395][T12183] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 1379.089005][T24934] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1379.157015][T24934] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1379.180534][T24934] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1379.194994][T24934] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1379.225123][T24934] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1379.275923][T12183] usb 5-1: Using ep0 maxpacket: 16 [ 1379.289986][T12183] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1379.305058][T12183] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1379.332212][T12183] usb 5-1: Product: syz [ 1379.338741][T12183] usb 5-1: Manufacturer: syz [ 1379.353593][T12183] usb 5-1: SerialNumber: syz [ 1379.383656][T12183] usb 5-1: config 0 descriptor?? [ 1379.395469][T12183] visor 5-1:0.0: Sony Clie 3.5 converter detected [ 1379.408241][T24934] hsr_slave_0: entered promiscuous mode [ 1379.422773][T23807] usb 1-1: new high-speed USB device number 101 using dummy_hcd [ 1379.434630][T24934] hsr_slave_1: entered promiscuous mode [ 1379.462404][T24934] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1379.471946][T24934] Cannot create hsr debugfs directory [ 1379.623167][T12183] usb 5-1: clie_3_5_startup: get config number failed: -71 [ 1379.631685][T23807] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1379.665923][T12183] visor 5-1:0.0: probe with driver visor failed with error -71 [ 1379.697659][T23807] usb 1-1: config 0 has no interfaces? [ 1379.719848][T23807] usb 1-1: New USB device found, idVendor=07da, idProduct=104d, bcdDevice=e5.48 [ 1379.739086][T12183] usb 5-1: USB disconnect, device number 72 [ 1379.750175][T23807] usb 1-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 1379.792612][T23807] usb 1-1: Product: syz [ 1379.796841][T23807] usb 1-1: SerialNumber: syz [ 1379.890594][T23807] usb 1-1: config 0 descriptor?? [ 1379.953972][T21469] Bluetooth: hci4: command tx timeout [ 1380.042424][T25106] ALSA: mixer_oss: invalid OSS volume '' [ 1380.460004][T25087] netlink: 20 bytes leftover after parsing attributes in process `syz.0.3857'. [ 1380.488380][T25124] pimreg: left allmulticast mode [ 1380.652171][T25129] FAULT_INJECTION: forcing a failure. [ 1380.652171][T25129] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1380.727340][T25129] CPU: 1 UID: 0 PID: 25129 Comm: syz.4.3862 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 1380.738147][T25129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1380.748196][T25129] Call Trace: [ 1380.751483][T25129] [ 1380.754401][T25129] dump_stack_lvl+0x241/0x360 [ 1380.759069][T25129] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1380.764257][T25129] ? __pfx__printk+0x10/0x10 [ 1380.768838][T25129] ? __pfx_lock_release+0x10/0x10 [ 1380.773880][T25129] should_fail_ex+0x3b0/0x4e0 [ 1380.778571][T25129] _copy_from_iter+0x1f6/0x1960 [ 1380.783414][T25129] ? __virt_addr_valid+0x183/0x530 [ 1380.788512][T25129] ? __pfx_lock_release+0x10/0x10 [ 1380.793526][T25129] ? __alloc_skb+0x28f/0x440 [ 1380.798110][T25129] ? __pfx__copy_from_iter+0x10/0x10 [ 1380.803393][T25129] ? __virt_addr_valid+0x183/0x530 [ 1380.808491][T25129] ? __virt_addr_valid+0x183/0x530 [ 1380.813582][T25129] ? __virt_addr_valid+0x45f/0x530 [ 1380.818676][T25129] ? __check_object_size+0x49c/0x900 [ 1380.823958][T25129] netlink_sendmsg+0x73d/0xcb0 [ 1380.828725][T25129] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1380.833997][T25129] ? __import_iovec+0x536/0x820 [ 1380.838838][T25129] ? aa_sock_msg_perm+0x91/0x160 [ 1380.843771][T25129] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1380.849143][T25129] ? security_socket_sendmsg+0x87/0xb0 [ 1380.854589][T25129] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1380.859862][T25129] __sock_sendmsg+0x221/0x270 [ 1380.864533][T25129] ____sys_sendmsg+0x525/0x7d0 [ 1380.869292][T25129] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1380.874586][T25129] __sys_sendmsg+0x2b0/0x3a0 [ 1380.879168][T25129] ? __pfx___sys_sendmsg+0x10/0x10 [ 1380.884263][T25129] ? vfs_write+0x7c4/0xc90 [ 1380.888696][T25129] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1380.895010][T25129] ? do_syscall_64+0x100/0x230 [ 1380.899788][T25129] ? do_syscall_64+0xb6/0x230 [ 1380.904482][T25129] do_syscall_64+0xf3/0x230 [ 1380.908974][T25129] ? clear_bhb_loop+0x35/0x90 [ 1380.913661][T25129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1380.919560][T25129] RIP: 0033:0x7fe0e377cef9 [ 1380.923966][T25129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1380.943646][T25129] RSP: 002b:00007fe0e4607038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1380.952048][T25129] RAX: ffffffffffffffda RBX: 00007fe0e3935f80 RCX: 00007fe0e377cef9 [ 1380.960025][T25129] RDX: 0000000000000000 RSI: 0000000020000200 RDI: 0000000000000003 [ 1380.967984][T25129] RBP: 00007fe0e4607090 R08: 0000000000000000 R09: 0000000000000000 [ 1380.975942][T25129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1380.983906][T25129] R13: 0000000000000000 R14: 00007fe0e3935f80 R15: 00007fe0e3a5fa28 [ 1380.991894][T25129] [ 1381.022379][ T5765] usb 1-1: USB disconnect, device number 101 [ 1381.231976][T16203] usb 12-1: device descriptor read/8, error -110 [ 1381.302358][T25135] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1381.697817][T16203] usb usb12-port1: attempt power cycle [ 1381.783882][ T5283] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 1381.998907][T24934] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1382.016568][ T5283] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1382.029972][T24934] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1382.041467][T24934] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1382.051692][T24934] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1382.113483][ T5283] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 1382.149744][ T5283] usb 5-1: New USB device found, idVendor=077d, idProduct=627a, bcdDevice= 0.10 [ 1382.189121][ T5283] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1382.249137][ T5283] usb 5-1: config 0 descriptor?? [ 1382.274727][ T5283] radioshark2 5-1:0.0: Invalid radioSHARK2 device [ 1382.293576][ T5283] radioshark2 5-1:0.0: probe with driver radioshark2 failed with error -22 [ 1382.311859][ T5283] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1382.403552][T16203] usb usb12-port1: unable to enumerate USB device [ 1382.481217][T24934] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1382.496410][ T5765] usb 5-1: USB disconnect, device number 73 [ 1382.614794][T24934] 8021q: adding VLAN 0 to HW filter on device team0 [ 1382.633070][ T5282] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 1382.654344][T25041] bridge0: port 1(bridge_slave_0) entered blocking state [ 1382.661503][T25041] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1382.720199][T25041] bridge0: port 2(bridge_slave_1) entered blocking state [ 1382.727442][T25041] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1382.862797][ T5282] usb 2-1: Using ep0 maxpacket: 16 [ 1382.869756][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1382.893295][ T5282] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1382.904776][ T5282] usb 2-1: New USB device found, idVendor=056e, idProduct=00fc, bcdDevice= 0.00 [ 1382.914346][ T5282] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1382.924462][T24934] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1382.933827][ T5282] usb 2-1: config 0 descriptor?? [ 1383.117387][T24934] veth0_vlan: entered promiscuous mode [ 1383.148891][T24934] veth1_vlan: entered promiscuous mode [ 1383.317930][T24934] veth0_macvtap: entered promiscuous mode [ 1383.347041][ T5282] elecom 0003:056E:00FC.0044: unexpected long global item [ 1383.369913][T24934] veth1_macvtap: entered promiscuous mode [ 1383.390080][ T5282] elecom 0003:056E:00FC.0044: probe with driver elecom failed with error -22 [ 1383.409742][T24934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1383.421524][T24934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1383.460475][T24934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1383.486867][T24934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1383.497653][T24934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1383.510979][T24934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1383.525304][T25182] xt_ecn: cannot match TCP bits for non-tcp packets [ 1383.533680][T24934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1383.550418][T24934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1383.664084][T24934] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1383.676027][ T58] usb 2-1: USB disconnect, device number 35 [ 1383.726140][T25185] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3873'. [ 1383.760567][T25188] netlink: 60 bytes leftover after parsing attributes in process `syz.4.3873'. [ 1383.844161][T24934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1383.861710][T25194] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.3874'. [ 1383.884195][T24934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1383.902471][T24934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1383.959544][T25193] netlink: 199836 bytes leftover after parsing attributes in process `syz.0.3874'. [ 1383.965320][T24934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1383.990240][T24934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1384.031753][T24934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1384.092886][T24934] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1384.107814][T24934] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1384.172843][T24934] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1384.230156][T24934] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1384.279829][T24934] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1384.324243][T24934] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1384.351750][T24934] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1384.430670][T25205] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3876'. [ 1384.680918][T25041] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1384.701621][T25041] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1384.784336][ T7951] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1384.802488][ T58] usb 1-1: new high-speed USB device number 102 using dummy_hcd [ 1384.828050][T25224] random: crng reseeded on system resumption [ 1384.838881][ T7951] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1384.942948][ T5283] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 1384.992524][ T58] usb 1-1: Using ep0 maxpacket: 16 [ 1385.006630][ T58] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1385.031174][ T58] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1385.043030][T25233] netlink: 104 bytes leftover after parsing attributes in process `syz.3.3826'. [ 1385.065139][ T58] usb 1-1: Product: syz [ 1385.069349][ T58] usb 1-1: Manufacturer: syz [ 1385.075577][T25233] netlink: 180 bytes leftover after parsing attributes in process `syz.3.3826'. [ 1385.092897][ T58] usb 1-1: SerialNumber: syz [ 1385.107042][ T58] usb 1-1: config 0 descriptor?? [ 1385.128393][ T58] visor 1-1:0.0: Sony Clie 3.5 converter detected [ 1385.154288][ T5283] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1385.228631][ T5283] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1385.239438][ T5283] usb 5-1: New USB device strings: Mfr=0, Product=162, SerialNumber=123 [ 1385.259407][ T5283] usb 5-1: Product: syz [ 1385.273997][ T5283] usb 5-1: SerialNumber: syz [ 1385.301633][ T5283] usb 5-1: config 0 descriptor?? [ 1385.324070][ T5283] pwc: Askey VC010 type 2 USB webcam detected. [ 1385.544032][ T5283] pwc: send_video_command error -71 [ 1385.546391][ T58] usb 1-1: clie_3_5_startup: get interface number failed: -71 [ 1385.562471][ T5283] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 1385.577361][ T5283] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 1385.594983][ T58] visor 1-1:0.0: probe with driver visor failed with error -71 [ 1385.618402][ T5283] usb 5-1: USB disconnect, device number 74 [ 1385.625741][ T58] usb 1-1: USB disconnect, device number 102 [ 1386.092547][ T58] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 1386.192732][ T5283] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 1386.282475][ T58] usb 3-1: Using ep0 maxpacket: 16 [ 1386.302405][ T5282] usb 4-1: new high-speed USB device number 100 using dummy_hcd [ 1386.310143][ T58] usb 3-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1386.384416][ T5283] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1386.394780][ T58] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1386.396885][ T5283] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 1386.438421][ T58] usb 3-1: Product: syz [ 1386.440469][ T5283] usb 5-1: New USB device strings: Mfr=0, Product=162, SerialNumber=123 [ 1386.456260][ T58] usb 3-1: Manufacturer: syz [ 1386.472544][ T58] usb 3-1: SerialNumber: syz [ 1386.485292][ T5283] usb 5-1: Product: syz [ 1386.492947][ T58] usb 3-1: config 0 descriptor?? [ 1386.511900][ T5283] usb 5-1: SerialNumber: syz [ 1386.513631][ T58] visor 3-1:0.0: Sony Clie 3.5 converter detected [ 1386.532437][ T5282] usb 4-1: Using ep0 maxpacket: 8 [ 1386.549987][ T5282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has an invalid bInterval 0, changing to 7 [ 1386.572046][ T5283] usb 5-1: config 0 descriptor?? [ 1386.589152][ T5283] pwc: Askey VC010 type 2 USB webcam detected. [ 1386.599850][ T5282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 1386.624897][ T5282] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 1386.665943][ T5282] usb 4-1: New USB device found, idVendor=0bc7, idProduct=0008, bcdDevice=53.c8 [ 1386.676191][ T5282] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1386.688758][ T5282] usb 4-1: Product: syz [ 1386.709347][ T5282] usb 4-1: Manufacturer: syz [ 1386.713014][ T58] usb 3-1: clie_3_5_startup: get config number failed: -71 [ 1386.731774][ T5282] usb 4-1: SerialNumber: syz [ 1386.765895][ T58] visor 3-1:0.0: probe with driver visor failed with error -71 [ 1386.797971][ T58] usb 3-1: USB disconnect, device number 66 [ 1386.803133][ T5282] usb 4-1: config 0 descriptor?? [ 1386.863484][ T5282] ati_remote 4-1:0.0: ati_remote_probe: Unexpected endpoint_in [ 1387.000883][ T5283] pwc: recv_control_msg error -32 req 02 val 2b00 [ 1387.031712][ T5283] pwc: recv_control_msg error -32 req 02 val 2700 [ 1387.058694][ T5283] pwc: recv_control_msg error -32 req 02 val 2c00 [ 1387.092599][ T5283] pwc: recv_control_msg error -32 req 04 val 1000 [ 1387.111546][ T5283] pwc: recv_control_msg error -32 req 04 val 1300 [ 1387.408955][ T5283] pwc: recv_control_msg error -71 req 04 val 1400 [ 1387.457688][ T5283] pwc: recv_control_msg error -71 req 02 val 2000 [ 1387.491405][ T5283] pwc: recv_control_msg error -71 req 02 val 2100 [ 1387.530001][ T5283] pwc: recv_control_msg error -71 req 04 val 1500 [ 1387.546619][ T5283] pwc: recv_control_msg error -71 req 02 val 2500 [ 1387.550934][T25280] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1387.582483][T25280] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1387.588499][ T5283] pwc: recv_control_msg error -71 req 02 val 2400 [ 1387.623959][ T5283] pwc: recv_control_msg error -71 req 02 val 2600 [ 1387.641189][ T5283] pwc: recv_control_msg error -71 req 02 val 2900 [ 1387.657503][ T5283] pwc: recv_control_msg error -71 req 02 val 2800 [ 1387.687799][ T5283] pwc: recv_control_msg error -71 req 04 val 1100 [ 1387.707409][ T5283] pwc: recv_control_msg error -71 req 04 val 1200 [ 1387.712560][ T58] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 1387.741986][ T5283] pwc: Registered as video71. [ 1387.783820][ T5283] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input220 [ 1387.792827][ T5765] usb 1-1: new high-speed USB device number 103 using dummy_hcd [ 1387.879213][ T5283] usb 5-1: USB disconnect, device number 75 [ 1387.913022][ T58] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1387.926990][ T58] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1387.941175][T25287] FAULT_INJECTION: forcing a failure. [ 1387.941175][T25287] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1387.968761][T25287] CPU: 0 UID: 0 PID: 25287 Comm: syz.1.3887 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 1387.979557][T25287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1387.983367][ T5765] usb 1-1: Using ep0 maxpacket: 16 [ 1387.989603][T25287] Call Trace: [ 1387.989668][T25287] [ 1387.989680][T25287] dump_stack_lvl+0x241/0x360 [ 1388.005714][T25287] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1388.010913][T25287] ? __pfx__printk+0x10/0x10 [ 1388.015496][T25287] ? __pfx_lock_release+0x10/0x10 [ 1388.020527][T25287] ? __lock_acquire+0x137a/0x2040 [ 1388.025568][T25287] should_fail_ex+0x3b0/0x4e0 [ 1388.030250][T25287] _copy_from_user+0x2f/0xe0 [ 1388.034835][T25287] kstrtouint_from_user+0xc6/0x190 [ 1388.039947][T25287] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1388.045665][T25287] ? __pfx_lock_acquire+0x10/0x10 [ 1388.050687][T25287] proc_fail_nth_write+0xaa/0x2d0 [ 1388.055722][T25287] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1388.061630][T25287] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1388.067308][T25287] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1388.072983][T25287] vfs_write+0x2a2/0xc90 [ 1388.077242][T25287] ? __pfx_vfs_write+0x10/0x10 [ 1388.081999][T25287] ? __fget_files+0x29/0x470 [ 1388.086586][T25287] ? __fget_files+0x3f6/0x470 [ 1388.091261][T25287] ksys_write+0x1a0/0x2c0 [ 1388.095588][T25287] ? __pfx_ksys_write+0x10/0x10 [ 1388.100443][T25287] ? do_syscall_64+0x100/0x230 [ 1388.105206][T25287] ? do_syscall_64+0xb6/0x230 [ 1388.109877][T25287] do_syscall_64+0xf3/0x230 [ 1388.114372][T25287] ? clear_bhb_loop+0x35/0x90 [ 1388.119046][T25287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1388.124939][T25287] RIP: 0033:0x7f401b37b9df [ 1388.129373][T25287] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 1388.148994][T25287] RSP: 002b:00007f401c0c0030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1388.157403][T25287] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007f401b37b9df [ 1388.165368][T25287] RDX: 0000000000000001 RSI: 00007f401c0c00a0 RDI: 0000000000000004 [ 1388.173361][T25287] RBP: 00007f401c0c0090 R08: 0000000000000000 R09: 0000000000000000 [ 1388.181327][T25287] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000002 [ 1388.189299][T25287] R13: 0000000000000000 R14: 00007f401b535f80 R15: 00007f401b65fa28 [ 1388.197278][T25287] [ 1388.216644][ T58] usb 3-1: Product: syz [ 1388.226427][ T58] usb 3-1: Manufacturer: syz [ 1388.231067][ T58] usb 3-1: SerialNumber: syz [ 1388.249268][ T5765] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1388.293188][ T58] usb 3-1: config 0 descriptor?? [ 1388.303209][ T5765] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1388.325848][ T58] ch341 3-1:0.0: ch341-uart converter detected [ 1388.344961][ T5765] usb 1-1: Product: syz [ 1388.357085][ T5765] usb 1-1: Manufacturer: syz [ 1388.385119][ T5765] usb 1-1: SerialNumber: syz [ 1388.397353][ T5765] usb 1-1: config 0 descriptor?? [ 1388.419045][ T5765] visor 1-1:0.0: Sony Clie 3.5 converter detected [ 1388.481517][T25291] netlink: 24 bytes leftover after parsing attributes in process `syz.4.3888'. [ 1388.529220][ T58] usb 3-1: failed to receive control message: -121 [ 1388.544702][ T58] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -121 [ 1388.622457][ T5765] usb 1-1: clie_3_5_startup: get config number failed: -71 [ 1388.637685][ T5765] visor 1-1:0.0: probe with driver visor failed with error -71 [ 1388.646147][ T29] kauditd_printk_skb: 46 callbacks suppressed [ 1388.646163][ T29] audit: type=1326 audit(1725417733.693:5561): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25293 comm="syz.1.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1388.688938][ T5765] usb 1-1: USB disconnect, device number 103 [ 1388.705416][T21469] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 1388.737078][ T58] usb 3-1: USB disconnect, device number 67 [ 1388.764794][ T58] ch341 3-1:0.0: device disconnected [ 1388.797274][ T29] audit: type=1326 audit(1725417733.723:5562): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25293 comm="syz.1.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f401b37b9df code=0x7ffc0000 [ 1388.899433][ T29] audit: type=1326 audit(1725417733.723:5563): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25293 comm="syz.1.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1388.936778][ T29] audit: type=1326 audit(1725417733.723:5564): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25293 comm="syz.1.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1388.963562][ T29] audit: type=1326 audit(1725417733.723:5565): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25293 comm="syz.1.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1388.988331][ T29] audit: type=1326 audit(1725417733.723:5566): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25293 comm="syz.1.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1389.016780][ T29] audit: type=1326 audit(1725417733.733:5567): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25293 comm="syz.1.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1389.042442][ T29] audit: type=1326 audit(1725417733.733:5568): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25293 comm="syz.1.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1389.085331][ T58] usb 4-1: USB disconnect, device number 100 [ 1389.103644][ T29] audit: type=1326 audit(1725417733.733:5569): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25293 comm="syz.1.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=151 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1389.127173][ T5282] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 1389.142430][T12183] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 1389.142727][ T29] audit: type=1326 audit(1725417733.733:5570): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25293 comm="syz.1.3889" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1389.323390][T12183] usb 2-1: Using ep0 maxpacket: 8 [ 1389.350371][T12183] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1389.362426][ T5282] usb 5-1: Using ep0 maxpacket: 16 [ 1389.376312][T12183] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1389.383931][ T5282] usb 5-1: config index 0 descriptor too short (expected 45029, got 27) [ 1389.406658][T12183] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1389.412524][ T5282] usb 5-1: config 2 has an invalid descriptor of length 0, skipping remainder of the config [ 1389.441499][ T5282] usb 5-1: config 2 has 0 interfaces, different from the descriptor's value: 24 [ 1389.450962][T12183] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1389.466146][ T5282] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1389.479107][T12183] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1389.482380][ T5282] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1389.493426][T25311] FAULT_INJECTION: forcing a failure. [ 1389.493426][T25311] name failslab, interval 1, probability 0, space 0, times 0 [ 1389.520848][ T5282] usb 5-1: Product: syz [ 1389.520975][T12183] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1389.527113][ T5282] usb 5-1: Manufacturer: syz [ 1389.539427][T25311] CPU: 1 UID: 0 PID: 25311 Comm: syz.2.3893 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 1389.546446][ T5282] usb 5-1: SerialNumber: syz [ 1389.550192][T25311] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1389.550210][T25311] Call Trace: [ 1389.550221][T25311] [ 1389.550231][T25311] dump_stack_lvl+0x241/0x360 [ 1389.550259][T25311] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1389.580997][T25311] ? __pfx__printk+0x10/0x10 [ 1389.585619][T25311] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 1389.591643][T25311] ? __pfx___might_resched+0x10/0x10 [ 1389.596976][T25311] should_fail_ex+0x3b0/0x4e0 [ 1389.601700][T25311] should_failslab+0xac/0x100 [ 1389.606420][T25311] ? __alloc_skb+0x1c3/0x440 [ 1389.611045][T25311] kmem_cache_alloc_node_noprof+0x71/0x320 [ 1389.616889][T25311] __alloc_skb+0x1c3/0x440 [ 1389.621345][T25311] ? __pfx___alloc_skb+0x10/0x10 [ 1389.626282][T25311] ? netlink_autobind+0xd6/0x2f0 [ 1389.631303][T25311] ? netlink_autobind+0x2b0/0x2f0 [ 1389.636328][T25311] netlink_sendmsg+0x638/0xcb0 [ 1389.641104][T25311] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1389.646392][T25311] ? __import_iovec+0x536/0x820 [ 1389.651250][T25311] ? aa_sock_msg_perm+0x91/0x160 [ 1389.656224][T25311] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1389.661524][T25311] ? security_socket_sendmsg+0x87/0xb0 [ 1389.666992][T25311] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1389.672279][T25311] __sock_sendmsg+0x221/0x270 [ 1389.676968][T25311] ____sys_sendmsg+0x525/0x7d0 [ 1389.681729][T25311] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1389.687021][T25311] __sys_sendmsg+0x2b0/0x3a0 [ 1389.691614][T25311] ? __pfx___sys_sendmsg+0x10/0x10 [ 1389.696721][T25311] ? vfs_write+0x7c4/0xc90 [ 1389.701148][T25311] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1389.707492][T25311] ? do_syscall_64+0x100/0x230 [ 1389.712277][T25311] ? do_syscall_64+0xb6/0x230 [ 1389.716964][T25311] do_syscall_64+0xf3/0x230 [ 1389.721464][T25311] ? clear_bhb_loop+0x35/0x90 [ 1389.726165][T25311] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1389.732132][T25311] RIP: 0033:0x7fd0abb7cef9 [ 1389.736534][T25311] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1389.756129][T25311] RSP: 002b:00007fd0ac901038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1389.764528][T25311] RAX: ffffffffffffffda RBX: 00007fd0abd35f80 RCX: 00007fd0abb7cef9 [ 1389.772490][T25311] RDX: 0000000000000000 RSI: 0000000020000280 RDI: 0000000000000003 [ 1389.780444][T25311] RBP: 00007fd0ac901090 R08: 0000000000000000 R09: 0000000000000000 [ 1389.782481][ T5283] usb 1-1: new high-speed USB device number 104 using dummy_hcd [ 1389.788400][T25311] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1389.804091][T25311] R13: 0000000000000000 R14: 00007fd0abd35f80 R15: 00007fd0abe5fa28 [ 1389.812072][T25311] [ 1389.816636][T12183] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1389.851867][ T5282] usb 5-1: USB disconnect, device number 76 [ 1390.032723][ T5283] usb 1-1: Using ep0 maxpacket: 8 [ 1390.082991][T12183] usb 2-1: usb_control_msg returned -32 [ 1390.087863][ T5283] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1390.088648][T12183] usbtmc 2-1:16.0: can't read capabilities [ 1390.100644][ T5283] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1390.148713][ T5283] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1390.170736][ T5283] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1390.210395][ T5283] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1390.229346][ T5283] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1390.460783][ T5283] usb 1-1: GET_CAPABILITIES returned 0 [ 1390.474199][ T5283] usbtmc 1-1:16.0: can't read capabilities [ 1390.690517][T12183] usb 1-1: USB disconnect, device number 104 [ 1390.990859][T25330] vivid-004: ================= START STATUS ================= [ 1390.998795][T25330] vivid-004: Radio HW Seek Mode: Bounded [ 1391.007100][T25330] vivid-004: Radio Programmable HW Seek: false [ 1391.013765][T25330] vivid-004: RDS Rx I/O Mode: Block I/O [ 1391.019413][T25330] vivid-004: Generate RBDS Instead of RDS: false [ 1391.026168][T25330] vivid-004: RDS Reception: true [ 1391.028826][T25332] netlink: 'syz.0.3892': attribute type 11 has an invalid length. [ 1391.032668][T25330] vivid-004: RDS Program Type: 0 inactive [ 1391.092677][T25330] vivid-004: RDS PS Name: inactive [ 1391.107242][T25330] vivid-004: RDS Radio Text: inactive [ 1391.159983][T25330] vivid-004: RDS Traffic Announcement: false inactive [ 1391.170087][T25330] vivid-004: RDS Traffic Program: false inactive [ 1391.178693][T25330] vivid-004: RDS Music: false inactive [ 1391.186884][T25330] vivid-004: ================== END STATUS ================== [ 1391.234527][ C0] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1391.264017][T25340] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3901'. [ 1391.276359][T25340] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3901'. [ 1391.472443][T12183] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 1391.482378][ T5282] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 1391.662511][T12183] usb 5-1: Using ep0 maxpacket: 16 [ 1391.689049][T12183] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1391.705769][T12183] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1391.713516][ T5282] usb 3-1: config 0 has an invalid descriptor of length 1, skipping remainder of the config [ 1391.741483][ T5282] usb 3-1: New USB device found, idVendor=0408, idProduct=4011, bcdDevice=fa.f1 [ 1391.751527][ T5282] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1391.752917][T12183] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1391.761906][ T5282] usb 3-1: Product: syz [ 1391.776568][ T5282] usb 3-1: Manufacturer: syz [ 1391.783488][ T5282] usb 3-1: SerialNumber: syz [ 1391.820274][T12183] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1391.821529][ T5282] usb 3-1: config 0 descriptor?? [ 1391.856087][ T5282] usb 3-1: Found UVC 0.00 device syz (0408:4011) [ 1391.863284][ T5765] usb 2-1: USB disconnect, device number 36 [ 1391.883091][T12183] usb 5-1: Product: syz [ 1391.891460][T12183] usb 5-1: Manufacturer: syz [ 1391.910260][T12183] usb 5-1: SerialNumber: syz [ 1391.928240][ T5282] usb 3-1: No valid video chain found. [ 1391.945463][T12183] usb 5-1: config 0 descriptor?? [ 1391.980854][T12183] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1392.011736][T12183] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 1392.382680][ T5765] usb 2-1: new high-speed USB device number 37 using dummy_hcd [ 1392.617563][ T5765] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1392.632840][T12183] em28xx 5-1:0.0: chip ID is em2874 [ 1392.645048][ T5765] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1392.663375][ T5765] usb 2-1: Product: syz [ 1392.669425][ T5765] usb 2-1: Manufacturer: syz [ 1392.677644][ T5765] usb 2-1: SerialNumber: syz [ 1392.690603][ T5765] usb 2-1: config 0 descriptor?? [ 1392.707394][ T5765] ch341 2-1:0.0: ch341-uart converter detected [ 1392.908981][ T5765] usb 2-1: failed to receive control message: -121 [ 1392.918210][ T5765] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -121 [ 1393.118601][T12183] usb 2-1: USB disconnect, device number 37 [ 1393.156370][T12183] ch341 2-1:0.0: device disconnected [ 1393.948912][T12183] usb 5-1: USB disconnect, device number 77 [ 1393.975409][T12183] em28xx 5-1:0.0: Disconnecting em28xx [ 1394.001363][T25377] netlink: 'syz.3.3908': attribute type 12 has an invalid length. [ 1394.021912][T12183] em28xx 5-1:0.0: Freeing device [ 1394.439881][ T5282] usb 3-1: USB disconnect, device number 68 [ 1394.757202][T25392] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3913'. [ 1394.815482][T25392] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3913'. [ 1394.857208][T25392] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3913'. [ 1395.192268][T25392] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(5) [ 1395.198828][T25392] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1395.244507][T25392] vhci_hcd vhci_hcd.0: Device attached [ 1395.552462][T12183] usb 14-1: SetAddress Request (10) to port 0 [ 1395.558782][T12183] usb 14-1: new SuperSpeed USB device number 10 using vhci_hcd [ 1395.643305][T25399] vhci_hcd: connection reset by peer [ 1395.651530][ T7951] vhci_hcd: stop threads [ 1395.662463][ T7951] vhci_hcd: release socket [ 1395.667182][ T7951] vhci_hcd: disconnect device [ 1395.777260][ T62] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1396.139817][ T62] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1396.242107][T25420] delete_channel: no stack [ 1396.431235][ T62] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1396.633305][T19212] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1396.647772][T19212] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1396.678254][T19212] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1396.690873][T19212] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1396.700993][T19212] Bluetooth: hci0: unexpected cc 0x0c25 length: 249 > 3 [ 1396.708815][T19212] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1396.712512][T11454] Bluetooth: hci4: ACL packet for unknown connection handle 2151 [ 1396.790258][ T62] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1397.271102][T25434] chnl_net:caif_netlink_parms(): no params data found [ 1397.284497][ T58] usb 4-1: new high-speed USB device number 101 using dummy_hcd [ 1397.464643][ T62] bridge_slave_1: left allmulticast mode [ 1397.470602][ T62] bridge_slave_1: left promiscuous mode [ 1397.491197][ T62] bridge0: port 2(bridge_slave_1) entered disabled state [ 1397.502546][ T58] usb 4-1: Using ep0 maxpacket: 16 [ 1397.509498][ T58] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1397.512757][ T5283] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 1397.531646][ T58] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1397.548493][ T62] bridge_slave_0: left allmulticast mode [ 1397.559840][ T62] bridge_slave_0: left promiscuous mode [ 1397.575861][ T58] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1397.600343][ T62] bridge0: port 1(bridge_slave_0) entered disabled state [ 1397.642403][ T58] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1397.667543][ T58] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1397.697547][ T58] usb 4-1: config 0 descriptor?? [ 1397.743165][ T5283] usb 5-1: Using ep0 maxpacket: 16 [ 1397.754899][ T5283] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1397.792900][ T5283] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1397.807222][ T5283] usb 5-1: Product: syz [ 1397.811416][ T5283] usb 5-1: Manufacturer: syz [ 1397.843883][ T5283] usb 5-1: SerialNumber: syz [ 1397.860295][ T5283] usb 5-1: config 0 descriptor?? [ 1397.884873][ T5283] visor 5-1:0.0: Sony Clie 3.5 converter detected [ 1398.024032][T25455] FAULT_INJECTION: forcing a failure. [ 1398.024032][T25455] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1398.059593][T25455] CPU: 1 UID: 0 PID: 25455 Comm: syz.1.3933 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 1398.070401][T25455] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1398.080462][T25455] Call Trace: [ 1398.083769][T25455] [ 1398.086727][T25455] dump_stack_lvl+0x241/0x360 [ 1398.091417][T25455] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1398.096612][T25455] ? __pfx__printk+0x10/0x10 [ 1398.101221][T25455] ? snprintf+0xda/0x120 [ 1398.105476][T25455] should_fail_ex+0x3b0/0x4e0 [ 1398.110193][T25455] _copy_to_user+0x2f/0xb0 [ 1398.114609][T25455] simple_read_from_buffer+0xca/0x150 [ 1398.119985][T25455] proc_fail_nth_read+0x1ec/0x260 [ 1398.125011][T25455] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1398.130560][T25455] ? rw_verify_area+0x52a/0x6b0 [ 1398.135403][T25455] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1398.140956][T25455] vfs_read+0x204/0xbc0 [ 1398.145125][T25455] ? __pfx_lock_release+0x10/0x10 [ 1398.150187][T25455] ? __pfx_vfs_read+0x10/0x10 [ 1398.154886][T25455] ? __fget_files+0x29/0x470 [ 1398.159477][T25455] ? __fget_files+0x3f6/0x470 [ 1398.164187][T25455] ksys_read+0x1a0/0x2c0 [ 1398.168449][T25455] ? __pfx_ksys_read+0x10/0x10 [ 1398.173210][T25455] ? arch_syscall_is_vdso_sigreturn+0x125/0x1a0 [ 1398.179473][T25455] ? syscall_user_dispatch+0x4e/0x90 [ 1398.184770][T25455] do_syscall_64+0xf3/0x230 [ 1398.189290][T25455] ? clear_bhb_loop+0x35/0x90 [ 1398.193998][T25455] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1398.199972][T25455] RIP: 0033:0x7f401b37b93c [ 1398.204404][T25455] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 1398.224018][T25455] RSP: 002b:00007f401c0c0030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1398.232466][T25455] RAX: ffffffffffffffda RBX: 00007f401b535f80 RCX: 00007f401b37b93c [ 1398.240464][T25455] RDX: 000000000000000f RSI: 00007f401c0c00a0 RDI: 0000000000000004 [ 1398.248437][T25455] RBP: 00007f401c0c0090 R08: 0000000000000000 R09: 0000000000000000 [ 1398.256420][T25455] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1398.264396][T25455] R13: 0000000000000000 R14: 00007f401b535f80 R15: 00007f401b65fa28 [ 1398.272401][T25455] [ 1398.462876][ T62] erspan0 (unregistering): left promiscuous mode [ 1398.499282][ T5283] usb 5-1: clie_3_5_startup: get interface number failed: -71 [ 1398.510942][ T58] usbhid 4-1:0.0: can't add hid device: -71 [ 1398.518269][ T58] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1398.548275][ T58] usb 4-1: USB disconnect, device number 101 [ 1398.552470][ T5283] visor 5-1:0.0: probe with driver visor failed with error -71 [ 1398.584341][ T62] gretap0 (unregistering): left promiscuous mode [ 1398.597506][ T5283] usb 5-1: USB disconnect, device number 78 [ 1398.742729][T19212] Bluetooth: hci0: command tx timeout [ 1398.771146][T25459] netlink: 4 bytes leftover after parsing attributes in process `syz.1.3934'. [ 1399.293138][ T62] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1399.314611][ T62] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1399.347471][ T62] bond0 (unregistering): Released all slaves [ 1399.425639][ T5283] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 1399.592603][ T5283] usb 3-1: device descriptor read/64, error -71 [ 1399.637116][T25434] bridge0: port 1(bridge_slave_0) entered blocking state [ 1399.687274][T25434] bridge0: port 1(bridge_slave_0) entered disabled state [ 1399.702113][T25434] bridge_slave_0: entered allmulticast mode [ 1399.722078][T25434] bridge_slave_0: entered promiscuous mode [ 1399.767587][T25434] bridge0: port 2(bridge_slave_1) entered blocking state [ 1399.779352][T25434] bridge0: port 2(bridge_slave_1) entered disabled state [ 1399.787943][T25434] bridge_slave_1: entered allmulticast mode [ 1399.818586][T25434] bridge_slave_1: entered promiscuous mode [ 1399.892748][ T5283] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 1399.942455][T14735] usb 2-1: new high-speed USB device number 38 using dummy_hcd [ 1400.082245][T25434] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1400.082409][ T5283] usb 3-1: device descriptor read/64, error -71 [ 1400.160577][T14735] usb 2-1: Using ep0 maxpacket: 8 [ 1400.172346][T14735] usb 2-1: config index 0 descriptor too short (expected 301, got 45) [ 1400.194262][T25434] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1400.211957][ T5283] usb usb3-port1: attempt power cycle [ 1400.217607][T14735] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1400.241453][T14735] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1400.262813][T14735] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1400.280338][T14735] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1400.302759][T14735] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 1400.327401][T14735] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1400.419076][T25497] hsr0: entered promiscuous mode [ 1400.573157][T14735] usb 2-1: usb_control_msg returned -32 [ 1400.578804][T14735] usbtmc 2-1:16.0: can't read capabilities [ 1400.627703][T25434] team0: Port device team_slave_0 added [ 1400.642655][ T5283] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 1400.654948][ T62] batadv_slave_1: left promiscuous mode [ 1400.670868][T12183] usb 14-1: device descriptor read/8, error -110 [ 1400.690954][ T62] hsr_slave_0: left promiscuous mode [ 1400.703219][ T5283] usb 3-1: device descriptor read/8, error -71 [ 1400.718913][ T62] hsr_slave_1: left promiscuous mode [ 1400.730805][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1400.744389][ T62] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1400.757912][ T62] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1400.776396][ T62] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1400.801874][ T62] veth1_macvtap: left promiscuous mode [ 1400.832641][T19212] Bluetooth: hci0: command tx timeout [ 1400.861375][ T62] veth0_macvtap: left promiscuous mode [ 1400.882479][ T62] veth1_vlan: left promiscuous mode [ 1400.901769][ T62] veth0_vlan: left promiscuous mode [ 1400.982456][ T5283] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 1401.033127][ T5283] usb 3-1: device descriptor read/8, error -71 [ 1401.104320][T12183] usb usb14-port1: attempt power cycle [ 1401.162865][ T5283] usb usb3-port1: unable to enumerate USB device [ 1401.764870][T12183] usb usb14-port1: unable to enumerate USB device [ 1402.192960][ T62] team0 (unregistering): Port device team_slave_1 removed [ 1402.309279][ T62] team0 (unregistering): Port device team_slave_0 removed [ 1402.787120][ T5765] usb 2-1: USB disconnect, device number 38 [ 1402.912520][T19212] Bluetooth: hci0: command tx timeout [ 1403.338423][T25528] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(4) [ 1403.345010][T25528] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 1403.373420][T25528] vhci_hcd vhci_hcd.0: Device attached [ 1403.573048][ T5765] vhci_hcd: vhci_device speed not set [ 1403.587699][ T29] kauditd_printk_skb: 5 callbacks suppressed [ 1403.587716][ T29] audit: type=1326 audit(1725417748.633:5576): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25527 comm="syz.2.3951" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fd0abb7cef9 code=0x0 [ 1403.655530][ T5765] usb 13-1: new full-speed USB device number 2 using vhci_hcd [ 1403.675322][T25535] netlink: 180 bytes leftover after parsing attributes in process `syz.2.3951'. [ 1403.696140][T25434] team0: Port device team_slave_1 added [ 1403.758090][T25539] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1403.945753][T25434] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1403.990228][T25434] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1404.030805][T25434] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1404.076510][T25434] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1404.107669][T25434] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1404.169124][T25552] random: crng reseeded on system resumption [ 1404.201645][T25434] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1404.370863][T25434] hsr_slave_0: entered promiscuous mode [ 1404.389821][T25434] hsr_slave_1: entered promiscuous mode [ 1404.423742][T25553] netlink: 'syz.4.3956': attribute type 29 has an invalid length. [ 1404.464709][ T62] IPVS: stop unused estimator thread 0... [ 1404.506853][T25556] netlink: 'syz.4.3956': attribute type 29 has an invalid length. [ 1404.651358][T25529] vhci_hcd: connection reset by peer [ 1404.671347][T25043] vhci_hcd: stop threads [ 1404.693660][T25043] vhci_hcd: release socket [ 1404.705927][T25043] vhci_hcd: disconnect device [ 1404.982473][T19212] Bluetooth: hci0: command tx timeout [ 1405.302747][ T5283] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 1405.310762][T14735] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 1405.502723][ T5283] usb 3-1: Using ep0 maxpacket: 32 [ 1405.518534][ T5283] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1405.531414][ T5283] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1405.544188][T14735] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0038, bcdDevice=69.f5 [ 1405.557888][T25434] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1405.561212][ T5283] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1405.586377][T14735] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1405.586875][T25434] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1405.623397][ T5283] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1405.634747][T14735] usb 5-1: config 0 descriptor?? [ 1405.639850][ T5283] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1405.654303][T14735] dvb-usb: found a 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' in warm state. [ 1405.664430][ T5283] usb 3-1: Product: syz [ 1405.672134][T14735] dvb-usb: bulk message failed: -22 (2/0) [ 1405.680123][ T5283] usb 3-1: Manufacturer: syz [ 1405.686835][T14735] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1405.697438][ T5283] usb 3-1: SerialNumber: syz [ 1405.709647][T25434] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1405.715782][T14735] dvbdev: DVB: registering new adapter (TerraTec/qanu USB2.0 Highspeed DVB-T Receiver) [ 1405.760276][T25434] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1405.776319][T14735] usb 5-1: media controller created [ 1405.855553][T25550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1405.883547][T14735] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1405.913359][T25550] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1405.949973][T25550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1405.971369][T14735] dvb-usb: bulk message failed: -22 (1/0) [ 1405.997444][T25564] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1406.007975][T14735] dvb-usb: no frontend was attached by 'TerraTec/qanu USB2.0 Highspeed DVB-T Receiver' [ 1406.027081][T25550] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1406.069173][T14735] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input221 [ 1406.069293][T25564] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1406.158007][T14735] dvb-usb: schedule remote query interval to 50 msecs. [ 1406.161110][T25434] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1406.205902][T14735] dvb-usb: bulk message failed: -22 (2/0) [ 1406.275588][T14735] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Receiver successfully initialized and connected. [ 1406.288967][ T5282] dvb-usb: bulk message failed: -22 (1/0) [ 1406.298966][ T5283] usb 3-1: 2:1 : sample bitwidth 253 in over sample bytes 2 [ 1406.319613][ T5283] usb 3-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 1406.325854][ T5282] dvb-usb: error while querying for an remote control event. [ 1406.349004][T14735] usb 5-1: USB disconnect, device number 79 [ 1406.456419][ T5283] usb 3-1: USB disconnect, device number 73 [ 1406.504907][T25434] 8021q: adding VLAN 0 to HW filter on device team0 [ 1406.558885][T14735] dvb-usb: TerraTec/qanu USB2.0 Highspeed DVB-T Re successfully deinitialized and disconnected. [ 1406.646172][T25037] bridge0: port 1(bridge_slave_0) entered blocking state [ 1406.653403][T25037] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1406.966084][T25043] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1407.085080][T25037] bridge0: port 2(bridge_slave_1) entered blocking state [ 1407.092333][T25037] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1407.257308][T25043] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1407.637400][T25043] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1407.663466][T21469] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 1407.676988][T21469] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 1407.696023][T21469] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 1407.704534][T21469] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 1407.712459][T21469] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 1407.720416][T21469] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 1407.875012][T25043] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1407.960654][T25434] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1408.123075][ T5285] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 1408.270592][T25633] Cannot find add_set index 0 as target [ 1408.324613][ T5285] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1408.364526][ T5285] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 178 [ 1408.395666][ T5285] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 1408.431760][T25043] bridge_slave_1: left allmulticast mode [ 1408.452684][T25043] bridge_slave_1: left promiscuous mode [ 1408.458487][T25043] bridge0: port 2(bridge_slave_1) entered disabled state [ 1408.475454][ T5285] usb 5-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=31.c9 [ 1408.522034][T25043] bridge_slave_0: left allmulticast mode [ 1408.537723][T25043] bridge_slave_0: left promiscuous mode [ 1408.548103][T25043] bridge0: port 1(bridge_slave_0) entered disabled state [ 1408.564464][ T5285] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1408.609592][ T5285] usb 5-1: config 0 descriptor?? [ 1408.625634][T25621] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 1408.832561][ T5765] vhci_hcd: vhci_device speed not set [ 1408.854257][T25621] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1408.921715][T25621] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1408.940151][ T5285] ath6kl: Failed to submit usb control message: -71 [ 1408.951758][ T5285] ath6kl: unable to send the bmi data to the device: -71 [ 1408.972710][ T5285] ath6kl: Unable to send get target info: -71 [ 1409.015272][ T5285] ath6kl: Failed to init ath6kl core: -71 [ 1409.023851][ T5285] ath6kl_usb 5-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 1409.079895][ T5285] usb 5-1: USB disconnect, device number 80 [ 1409.771032][T25673] vimc link validate: Sensor A:src:640x480 (0x33424752, 8, 0, 0, 0) Raw Capture 0:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 1409.792716][T21469] Bluetooth: hci4: command tx timeout [ 1409.819229][T25043] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1409.831575][T25043] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1409.842239][T25676] audit: audit_lost=1 audit_rate_limit=0 audit_backlog_limit=64 [ 1409.857625][T25043] bond0 (unregistering): Released all slaves [ 1409.882963][T25638] netdevsim netdevsim2: Direct firmware load for ng failed with error -2 [ 1409.884256][T25676] audit: out of memory in audit_log_start [ 1409.900872][T25638] netdevsim netdevsim2: Falling back to sysfs fallback for: ng [ 1409.922810][ T29] audit: type=1326 audit(1725417754.883:5577): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25675 comm="syz.4.3975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e377cef9 code=0x7ffc0000 [ 1409.989340][T25434] veth0_vlan: entered promiscuous mode [ 1409.998133][T25617] chnl_net:caif_netlink_parms(): no params data found [ 1410.042792][ T29] audit: type=1326 audit(1725417754.883:5578): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25675 comm="syz.4.3975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e377cef9 code=0x7ffc0000 [ 1410.118828][ T29] audit: type=1326 audit(1725417754.883:5579): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25675 comm="syz.4.3975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fe0e377b890 code=0x7ffc0000 [ 1410.176512][T25434] veth1_vlan: entered promiscuous mode [ 1410.195345][ T29] audit: type=1326 audit(1725417754.883:5580): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25675 comm="syz.4.3975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe0e377b9df code=0x7ffc0000 [ 1410.259814][ T29] audit: type=1326 audit(1725417755.023:5581): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25675 comm="syz.4.3975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7fe0e377b93c code=0x7ffc0000 [ 1410.263683][T21469] Bluetooth: hci2: command 0x0c1a tx timeout [ 1410.284311][ T29] audit: type=1326 audit(1725417755.023:5582): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25675 comm="syz.4.3975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fe0e377b9df code=0x7ffc0000 [ 1410.312596][ T29] audit: type=1326 audit(1725417755.023:5583): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25675 comm="syz.4.3975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=3 compat=0 ip=0x7fe0e377bb8a code=0x7ffc0000 [ 1410.335627][ T29] audit: type=1326 audit(1725417755.023:5584): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25675 comm="syz.4.3975" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe0e377cef9 code=0x7ffc0000 [ 1410.643323][T25617] bridge0: port 1(bridge_slave_0) entered blocking state [ 1410.650498][T25617] bridge0: port 1(bridge_slave_0) entered disabled state [ 1410.689923][T25617] bridge_slave_0: entered allmulticast mode [ 1410.724824][T25617] bridge_slave_0: entered promiscuous mode [ 1410.880667][T25617] bridge0: port 2(bridge_slave_1) entered blocking state [ 1410.903290][ T5283] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 1410.944439][T25617] bridge0: port 2(bridge_slave_1) entered disabled state [ 1410.951713][T25617] bridge_slave_1: entered allmulticast mode [ 1410.981241][T25617] bridge_slave_1: entered promiscuous mode [ 1411.024336][T23807] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 1411.122590][T25617] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1411.136627][ T5283] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1411.164089][ T5283] usb 5-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 1411.203734][T25617] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1411.225266][ T5283] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1411.252515][T23807] usb 3-1: Using ep0 maxpacket: 8 [ 1411.253961][ T5283] usb 5-1: config 0 descriptor?? [ 1411.276166][ T5283] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1411.291697][T23807] usb 3-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=5f.0e [ 1411.304947][T25043] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1411.325908][T25043] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1411.352403][T23807] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1411.363284][T25043] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1411.370739][T25043] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1411.383488][T23807] usb 3-1: config 0 descriptor?? [ 1411.422422][T23807] rndis_host 3-1:0.0: skipping garbage [ 1411.436113][T23807] rndis_host 3-1:0.0: probe with driver rndis_host failed with error -22 [ 1411.455504][T23807] cdc_acm 3-1:0.0: skipping garbage [ 1411.463540][T23807] cdc_acm 3-1:0.0: Control and data interfaces are not separated! [ 1411.472893][T23807] cdc_acm 3-1:0.0: This needs exactly 3 endpoints [ 1411.479474][T23807] cdc_acm 3-1:0.0: probe with driver cdc_acm failed with error -22 [ 1411.556558][T25043] veth1_macvtap: left promiscuous mode [ 1411.562165][T25043] veth0_macvtap: left promiscuous mode [ 1411.568401][T25043] veth1_vlan: left promiscuous mode [ 1411.574140][T25043] veth0_vlan: left promiscuous mode [ 1411.878447][T21469] Bluetooth: hci4: command tx timeout [ 1412.730795][T25043] team0 (unregistering): Port device team_slave_1 removed [ 1412.831364][T25043] team0 (unregistering): Port device team_slave_0 removed [ 1413.639587][ T5283] usb 3-1: USB disconnect, device number 74 [ 1413.749162][T25434] veth0_macvtap: entered promiscuous mode [ 1413.891835][T25617] team0: Port device team_slave_0 added [ 1413.919233][T25721] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3982'. [ 1413.942929][T21469] Bluetooth: hci4: command tx timeout [ 1413.950724][T25434] veth1_macvtap: entered promiscuous mode [ 1413.964895][T16203] usb 5-1: USB disconnect, device number 81 [ 1414.001618][ T5285] psmouse serio16: Failed to reset mouse on : -5 [ 1414.038686][T25617] team0: Port device team_slave_1 added [ 1414.177243][T25617] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1414.191524][T25617] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1414.246908][T25617] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1414.306962][T25434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1414.330445][T25434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1414.363500][T25434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1414.392742][T25434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1414.411730][T25434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1414.424531][T25434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1414.468842][T25434] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1414.489771][T25617] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1414.498318][T25617] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1414.532618][T25617] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1414.585543][T25434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1414.602440][T25434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1414.644846][T25434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1414.676550][T25434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1414.707803][T25434] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1414.774312][T25434] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1414.833637][T25434] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1414.880561][T25434] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1414.892682][T25434] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1414.904145][T25434] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1414.970838][T25434] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1415.053186][T21469] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 1415.148283][T25617] hsr_slave_0: entered promiscuous mode [ 1415.169979][T25617] hsr_slave_1: entered promiscuous mode [ 1415.186561][T25617] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1415.202378][T25617] Cannot create hsr debugfs directory [ 1415.333271][T23807] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 1415.451677][T25043] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1415.463557][T25043] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1415.535495][T23807] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1415.556753][T25047] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1415.571073][T23807] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1415.583509][T25047] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1415.598215][T23807] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1415.611986][T25754] fuse: Unknown parameter 'grou;_id' [ 1415.612227][T23807] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1415.648564][T23807] usb 5-1: SerialNumber: syz [ 1415.889713][T23807] usb 5-1: 0:2 : does not exist [ 1416.022902][T21469] Bluetooth: hci4: command tx timeout [ 1416.112896][T16203] usb 1-1: new high-speed USB device number 105 using dummy_hcd [ 1416.170457][T23807] usb 5-1: USB disconnect, device number 82 [ 1416.239590][T18382] udevd[18382]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1416.332426][T16203] usb 1-1: Using ep0 maxpacket: 8 [ 1416.350077][T16203] usb 1-1: New USB device found, idVendor=07ca, idProduct=a801, bcdDevice=6a.96 [ 1416.380500][T16203] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1416.418995][T16203] usb 1-1: Product: syz [ 1416.429274][T16203] usb 1-1: Manufacturer: syz [ 1416.442427][T16203] usb 1-1: SerialNumber: syz [ 1416.461448][T16203] usb 1-1: config 0 descriptor?? [ 1416.476139][T16203] dvb-usb: found a 'AVerMedia AverTV DVB-T USB 2.0 (A800)' in warm state. [ 1416.513495][T16203] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 1416.538342][T16203] dvbdev: DVB: registering new adapter (AVerMedia AverTV DVB-T USB 2.0 (A800)) [ 1416.550604][T25617] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1416.560548][T16203] usb 1-1: media controller created [ 1416.573369][T25617] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1416.594295][T25617] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1416.605061][T16203] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 1416.621665][T25617] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1416.643589][T16203] dvb-usb: bulk message failed: -22 (6/0) [ 1416.650234][T16203] dvb-usb: bulk message failed: -22 (6/0) [ 1416.657780][T16203] dvb-usb: no frontend was attached by 'AVerMedia AverTV DVB-T USB 2.0 (A800)' [ 1416.762810][T16203] rc_core: IR keymap rc-avermedia-m135a not found [ 1416.769285][T16203] Registered IR keymap rc-empty [ 1416.789978][T16203] rc rc0: AVerMedia AverTV DVB-T USB 2.0 (A800) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0 [ 1416.814925][T16203] input: AVerMedia AverTV DVB-T USB 2.0 (A800) as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input223 [ 1416.847438][T16203] dvb-usb: schedule remote query interval to 150 msecs. [ 1416.856725][T25617] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1416.878433][T16203] dvb-usb: AVerMedia AverTV DVB-T USB 2.0 (A800) successfully initialized and connected. [ 1416.918969][T16203] usb 1-1: USB disconnect, device number 105 [ 1416.929619][T25617] 8021q: adding VLAN 0 to HW filter on device team0 [ 1416.970880][T25046] bridge0: port 1(bridge_slave_0) entered blocking state [ 1416.978138][T25046] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1417.030887][T25046] bridge0: port 2(bridge_slave_1) entered blocking state [ 1417.038189][T25046] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1417.098464][T16203] dvb-usb: AVerMedia AverTV DVB-T USB 2.0 (A800) successfully deinitialized and disconnected. [ 1417.292113][T25617] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1417.322557][T12183] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 1417.378651][T21469] Bluetooth: hci1: ACL packet for unknown connection handle 4 [ 1417.474514][T25617] veth0_vlan: entered promiscuous mode [ 1417.522629][T12183] usb 5-1: Using ep0 maxpacket: 8 [ 1417.531538][T12183] usb 5-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=5f.0e [ 1417.544523][T25617] veth1_vlan: entered promiscuous mode [ 1417.550911][T12183] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1417.609128][T12183] usb 5-1: config 0 descriptor?? [ 1417.628972][T12183] rndis_host 5-1:0.0: skipping garbage [ 1417.637437][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 1417.637457][ T29] audit: type=1326 audit(1725417762.673:5586): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25793 comm="syz.1.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1417.643436][T12183] rndis_host 5-1:0.0: probe with driver rndis_host failed with error -22 [ 1417.643758][T12183] cdc_acm 5-1:0.0: skipping garbage [ 1417.643776][T12183] cdc_acm 5-1:0.0: Control and data interfaces are not separated! [ 1417.643792][T12183] cdc_acm 5-1:0.0: This needs exactly 3 endpoints [ 1417.643817][T12183] cdc_acm 5-1:0.0: probe with driver cdc_acm failed with error -22 [ 1417.720016][T25617] veth0_macvtap: entered promiscuous mode [ 1417.737208][T25617] veth1_macvtap: entered promiscuous mode [ 1417.772410][ T58] usb 1-1: new high-speed USB device number 106 using dummy_hcd [ 1417.773253][T25617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1417.792143][T25617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1417.803227][T25617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1417.819945][ T29] audit: type=1326 audit(1725417762.723:5587): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25793 comm="syz.1.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1417.850964][ T5285] misc userio: Buffer overflowed, userio client isn't keeping up [ 1417.859956][T25617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1417.873321][T25617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1417.886929][ T29] audit: type=1326 audit(1725417762.753:5588): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25793 comm="syz.1.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=434 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1417.910450][T25617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1417.922422][T25617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1417.948901][ T29] audit: type=1326 audit(1725417762.763:5589): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25793 comm="syz.1.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1417.974025][T25617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1418.002491][ T58] usb 1-1: Using ep0 maxpacket: 16 [ 1418.004487][T25617] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1418.022124][ T29] audit: type=1326 audit(1725417762.763:5590): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25793 comm="syz.1.3993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f401b37cef9 code=0x7ffc0000 [ 1418.045845][ T58] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1418.065138][T21469] Bluetooth: hci1: unexpected event for opcode 0x0401 [ 1418.072992][ T58] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1418.085871][ T58] usb 1-1: Product: syz [ 1418.090278][ T58] usb 1-1: Manufacturer: syz [ 1418.100395][ T58] usb 1-1: SerialNumber: syz [ 1418.121976][ T58] usb 1-1: config 0 descriptor?? [ 1418.131618][ T58] visor 1-1:0.0: Sony Clie 3.5 converter detected [ 1418.136213][T25617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1418.165145][T25617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1418.229883][T25617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1418.252912][T25617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1418.263976][T25617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1418.293370][T25617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1418.307641][T25617] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1418.319954][T25617] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1418.359374][T25617] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1418.367551][T25790] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1418.385994][T25790] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1418.435570][T25617] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1418.453677][T25617] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1418.477216][T25617] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1418.491863][T25617] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1418.627575][T21469] Bluetooth: hci1: ACL packet for unknown connection handle 201 [ 1418.649578][ T58] usb 1-1: clie_3_5_startup: get interface number bad return length: 0 [ 1418.659301][ T58] visor 1-1:0.0: probe with driver visor failed with error -5 [ 1418.766157][T25046] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1418.805475][T25046] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1418.855592][ T58] usb 1-1: USB disconnect, device number 106 [ 1418.897050][T25043] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1418.917373][T25043] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1418.933197][ T5285] input: PS/2 Generic Mouse as /devices/serio16/input/input222 [ 1419.182465][ T5285] psmouse serio16: Failed to enable mouse on [ 1419.452552][ T5283] usb 4-1: new high-speed USB device number 102 using dummy_hcd [ 1419.492766][ T5285] usb 2-1: new high-speed USB device number 39 using dummy_hcd [ 1419.692485][ T5283] usb 4-1: Using ep0 maxpacket: 32 [ 1419.708997][ T5283] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 1419.732544][ T5285] usb 2-1: Using ep0 maxpacket: 32 [ 1419.755484][ T5283] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1419.775757][ T5285] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1419.788253][ T5283] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1419.799148][ T58] usb 1-1: new high-speed USB device number 107 using dummy_hcd [ 1419.799746][ T5285] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDB, changing to 0x8B [ 1419.820362][ T5283] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1419.847048][ T5283] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1419.869810][ T5285] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 28739, setting to 1024 [ 1419.881633][ T5283] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1419.918527][ T5283] usb 4-1: Product: syz [ 1419.929276][ T5285] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1419.945468][ T5333] usb 5-1: USB disconnect, device number 83 [ 1419.955014][ T5283] usb 4-1: Manufacturer: syz [ 1419.961868][ T5283] usb 4-1: SerialNumber: syz [ 1419.979576][ T5285] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xDC, changing to 0x8C [ 1419.994499][ T5285] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 1420.011741][ T5285] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 0 [ 1420.060128][ T5285] usb 2-1: config 0 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1420.072473][ T58] usb 1-1: Using ep0 maxpacket: 8 [ 1420.082117][ T5285] usb 2-1: New USB device found, idVendor=10cf, idProduct=8067, bcdDevice=2c.27 [ 1420.093015][ T5285] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1420.094503][ T58] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 1420.101124][ T5285] usb 2-1: Product: syz [ 1420.142424][ T58] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1420.148071][ T5285] usb 2-1: Manufacturer: syz [ 1420.163577][ T5285] usb 2-1: SerialNumber: syz [ 1420.178326][ T5285] usb 2-1: config 0 descriptor?? [ 1420.190240][ T58] usb 1-1: config 0 descriptor?? [ 1420.195583][T25821] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 1420.286961][ T5283] usb 4-1: 2:1 : invalid UAC_AS_GENERAL desc [ 1420.303457][ T5285] vmk80xx 2-1:0.0: driver 'vmk80xx' failed to auto-configure device. [ 1420.363595][ T5283] usb 4-1: USB disconnect, device number 102 [ 1420.405733][T25829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1420.409548][T18382] udevd[18382]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1420.433036][T25829] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1420.473300][T25829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1420.507268][T25829] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1420.523485][T25829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1420.532739][ T5333] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 1420.581938][T25829] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1420.603382][T25829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1420.642671][T25829] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1420.651645][T25829] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1420.688439][T21469] Bluetooth: hci2: unexpected event for opcode 0x0000 [ 1420.712378][ T5333] usb 5-1: Using ep0 maxpacket: 32 [ 1420.725431][ T5333] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1420.743617][T25829] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1420.762660][ T5333] usb 5-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1420.828552][ T58] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -71 [ 1420.834879][ T5333] usb 5-1: New USB device found, idVendor=0499, idProduct=1010, bcdDevice= 5.f5 [ 1420.860698][ T58] asix 1-1:0.0: probe with driver asix failed with error -71 [ 1420.913741][ T5333] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1420.931439][ T58] usb 1-1: USB disconnect, device number 107 [ 1420.959723][ T5333] usb 5-1: Product: syz [ 1420.987006][ T5333] usb 5-1: Manufacturer: syz [ 1421.005869][ T5333] usb 5-1: SerialNumber: syz [ 1421.031117][ T5333] usb 5-1: config 0 descriptor?? [ 1421.061003][ T5333] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1421.115008][ T5333] snd-usb-audio 5-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1421.197928][T25864] netlink: 20 bytes leftover after parsing attributes in process `syz.3.4003'. [ 1421.217444][T18382] udevd[18382]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1421.307914][T25864] trusted_key: encrypted_key: insufficient parameters specified [ 1421.316337][T25873] IPVS: sync thread started: state = BACKUP, mcast_ifn = veth1_macvtap, syncid = 0, id = 0 [ 1421.361321][T25872] netlink: 'syz.0.4006': attribute type 1 has an invalid length. [ 1421.574143][T25870] dvmrp0: entered allmulticast mode [ 1421.649590][T25870] dvmrp0: left allmulticast mode [ 1421.652577][ T5765] usb 4-1: new high-speed USB device number 103 using dummy_hcd [ 1421.842481][ T5765] usb 4-1: device descriptor read/64, error -71 [ 1421.902551][ T5333] usb 1-1: new high-speed USB device number 108 using dummy_hcd [ 1422.103417][T21469] Bluetooth: hci1: Controller not accepting commands anymore: ncmd = 0 [ 1422.109521][ T5333] usb 1-1: Using ep0 maxpacket: 16 [ 1422.112990][T21469] Bluetooth: hci1: Injecting HCI hardware error event [ 1422.128134][T21469] Bluetooth: hci1: hardware error 0x00 [ 1422.138014][ T5765] usb 4-1: new high-speed USB device number 104 using dummy_hcd [ 1422.178596][ T5333] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid maxpacket 33032, setting to 1024 [ 1422.203032][ T58] usb 2-1: USB disconnect, device number 39 [ 1422.260265][ T5333] usb 1-1: New USB device found, idVendor=0158, idProduct=0100, bcdDevice= 0.00 [ 1422.292722][ T5765] usb 4-1: device descriptor read/64, error -71 [ 1422.306783][ T5333] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1422.384392][ T5333] usb 1-1: config 0 descriptor?? [ 1422.438743][ T5765] usb usb4-port1: attempt power cycle [ 1422.508467][T25898] batadv0: entered promiscuous mode [ 1422.541491][T25898] batadv_slave_0: entered promiscuous mode [ 1422.557858][T25898] batadv_slave_0: left promiscuous mode [ 1422.579852][T25898] batadv0: left promiscuous mode [ 1422.874217][ T5765] usb 4-1: new high-speed USB device number 105 using dummy_hcd [ 1422.936569][ T5765] usb 4-1: device descriptor read/8, error -71 [ 1422.959281][T25876] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1423.008956][T25876] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1423.052406][T12184] usb 2-1: new high-speed USB device number 40 using dummy_hcd [ 1423.053676][ T5333] hid (null): invalid report_size 29539 [ 1423.079849][ T5333] hid (null): unknown global tag 0xd [ 1423.109588][ T5333] hid-generic 0003:0158:0100.0045: unknown main item tag 0x1 [ 1423.142443][ T5333] hid-generic 0003:0158:0100.0045: unexpected long global item [ 1423.145215][ T58] usb 5-1: USB disconnect, device number 84 [ 1423.219772][ T5333] hid-generic 0003:0158:0100.0045: probe with driver hid-generic failed with error -22 [ 1423.245366][ T5765] usb 4-1: new high-speed USB device number 106 using dummy_hcd [ 1423.282468][T12184] usb 2-1: Using ep0 maxpacket: 8 [ 1423.289339][T12184] usb 2-1: config 0 has an invalid descriptor of length 116, skipping remainder of the config [ 1423.305834][ T1265] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.312693][ T5765] usb 4-1: device descriptor read/8, error -71 [ 1423.319002][ T1265] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.332566][T12184] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1423.351205][T12184] usb 2-1: New USB device found, idVendor=1b3d, idProduct=0146, bcdDevice= 1.b8 [ 1423.365046][T12184] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1423.405273][T12184] usb 2-1: config 0 descriptor?? [ 1423.452865][ T5765] usb usb4-port1: unable to enumerate USB device [ 1423.666087][ T5765] usb 1-1: USB disconnect, device number 108 [ 1423.833930][T12184] usb 2-1: string descriptor 0 read error: -71 [ 1423.858887][T12184] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 1423.876210][T12184] usb 2-1: Detected SIO [ 1423.882236][T12184] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 1423.918642][T12184] usb 2-1: USB disconnect, device number 40 [ 1423.927063][T25912] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 1423.937454][T12184] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 1423.977389][T12184] ftdi_sio 2-1:0.0: device disconnected [ 1424.020321][T25912] netpci0: tun_chr_ioctl cmd 1074025677 [ 1424.046773][T25912] netpci0: linktype set to 804 [ 1424.162476][ T29] audit: type=1326 audit(1725417769.193:5591): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25911 comm="syz.2.4013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0abb7cef9 code=0x7ffc0000 [ 1424.182533][T21469] Bluetooth: hci1: Opcode 0x0c03 failed: -110 [ 1424.239302][T25912] can: request_module (can-proto-3) failed. [ 1424.255422][ T29] audit: type=1326 audit(1725417769.193:5592): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25911 comm="syz.2.4013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0abb7cef9 code=0x7ffc0000 [ 1424.342774][ T29] audit: type=1326 audit(1725417769.193:5593): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25911 comm="syz.2.4013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd0abb7b890 code=0x7ffc0000 [ 1424.412396][ T29] audit: type=1326 audit(1725417769.203:5594): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25911 comm="syz.2.4013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd0abb7cafb code=0x7ffc0000 [ 1424.432450][ T58] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 1424.522803][ T29] audit: type=1326 audit(1725417769.213:5595): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25911 comm="syz.2.4013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd0abb7cafb code=0x7ffc0000 [ 1424.622493][ T58] usb 3-1: device descriptor read/64, error -71 [ 1424.622584][ T5333] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 1424.647751][ T29] audit: type=1326 audit(1725417769.213:5596): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25911 comm="syz.2.4013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd0abb7cafb code=0x7ffc0000 [ 1424.742565][T21469] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 1424.753259][T21469] Bluetooth: hci2: Injecting HCI hardware error event [ 1424.759352][ T29] audit: type=1326 audit(1725417769.213:5597): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25911 comm="syz.2.4013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd0abb7cafb code=0x7ffc0000 [ 1424.763717][T21469] Bluetooth: hci2: hardware error 0x00 [ 1424.858061][ T29] audit: type=1326 audit(1725417769.333:5598): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25911 comm="syz.2.4013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd0abb7cafb code=0x7ffc0000 [ 1424.882400][ T5333] usb 5-1: Using ep0 maxpacket: 16 [ 1424.941612][ T29] audit: type=1326 audit(1725417769.413:5599): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25911 comm="syz.2.4013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd0abb7cafb code=0x7ffc0000 [ 1424.964184][ T58] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 1425.031419][ T29] audit: type=1326 audit(1725417769.513:5600): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=25911 comm="syz.2.4013" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd0abb7cafb code=0x7ffc0000 [ 1425.098708][ T5333] usb 5-1: config 0 has an invalid interface number: 161 but max is 0 [ 1425.125628][ T5333] usb 5-1: config 0 has no interface number 0 [ 1425.139888][ T5333] usb 5-1: config 0 interface 161 has no altsetting 0 [ 1425.152552][ T58] usb 3-1: device descriptor read/64, error -71 [ 1425.185971][ T5333] usb 5-1: New USB device found, idVendor=13d3, idProduct=3336, bcdDevice= 5.f5 [ 1425.215811][ T5333] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1425.235763][ T5333] usb 5-1: Product: syz [ 1425.240921][ T5333] usb 5-1: Manufacturer: syz [ 1425.271658][ T5333] usb 5-1: SerialNumber: syz [ 1425.276463][T12183] usb 1-1: new high-speed USB device number 109 using dummy_hcd [ 1425.282986][ T58] usb usb3-port1: attempt power cycle [ 1425.307724][ T5333] usb 5-1: config 0 descriptor?? [ 1425.423606][T12183] usb 1-1: device descriptor read/64, error -71 [ 1425.554917][T25921] netlink: 16 bytes leftover after parsing attributes in process `syz.4.4015'. [ 1425.722496][T12183] usb 1-1: new high-speed USB device number 110 using dummy_hcd [ 1425.730236][ T58] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 1425.764515][ T58] usb 3-1: device descriptor read/8, error -71 [ 1425.882439][T12183] usb 1-1: device descriptor read/64, error -71 [ 1426.014150][T12183] usb usb1-port1: attempt power cycle [ 1426.042467][ T58] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 1426.093566][ T58] usb 3-1: device descriptor read/8, error -71 [ 1426.213273][ T58] usb usb3-port1: unable to enumerate USB device [ 1426.432404][T12183] usb 1-1: new high-speed USB device number 111 using dummy_hcd [ 1426.474929][T12183] usb 1-1: device descriptor read/8, error -71 [ 1426.752496][T12183] usb 1-1: new high-speed USB device number 112 using dummy_hcd [ 1426.803133][T12183] usb 1-1: device descriptor read/8, error -71 [ 1426.902562][T21469] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1426.933962][T12183] usb usb1-port1: unable to enumerate USB device [ 1427.309859][ T5333] r8712u: register rtl8712_netdev_ops to netdev_ops [ 1427.321735][T16203] usb 4-1: new high-speed USB device number 107 using dummy_hcd [ 1427.330786][ T5333] usb 5-1: r8712u: USB_SPEED_HIGH with 0 endpoints [ 1427.357928][ T5333] usb 5-1: r8712u: Boot from EFUSE: Autoload Failed [ 1427.380077][ T5333] usb 5-1: r8712u: MAC Address from efuse = 00:e0:4c:87:00:00 [ 1427.398935][ T5333] usb 5-1: r8712u: Loading firmware from "rtlwifi/rtl8712u.bin" [ 1427.430885][ T5333] usb 5-1: USB disconnect, device number 85 [ 1427.457381][T25967] netlink: 16 bytes leftover after parsing attributes in process `syz.1.4029'. [ 1427.529681][T16203] usb 4-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 1427.546524][T16203] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1427.559142][T16203] usb 4-1: Product: syz [ 1427.567410][T16203] usb 4-1: Manufacturer: syz [ 1427.572092][T16203] usb 4-1: SerialNumber: syz [ 1427.593408][T16203] usb 4-1: config 0 descriptor?? [ 1427.731331][T25980] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4032'. [ 1427.742087][T25980] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4032'. [ 1427.753758][T25980] netlink: 12 bytes leftover after parsing attributes in process `syz.1.4032'. [ 1427.856126][T25981] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(7) [ 1427.862704][T25981] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 1427.913659][T25981] vhci_hcd vhci_hcd.0: Device attached [ 1428.022539][T16203] usb 4-1: Firmware: major: 0, minor: 0, hardware type: ATUSB (0) [ 1428.046211][T16203] usb 4-1: Firmware version (0.0) predates our first public release. [ 1428.082514][T16203] usb 4-1: Please update to version 0.2 or newer [ 1428.212457][ T58] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 1428.228165][T12183] usb 12-1: SetAddress Request (26) to port 0 [ 1428.251249][T12183] usb 12-1: new SuperSpeed USB device number 26 using vhci_hcd [ 1428.317814][T16203] usb 4-1: USB disconnect, device number 107 [ 1428.445898][ T58] usb 5-1: Using ep0 maxpacket: 8 [ 1428.460901][ T58] usb 5-1: New USB device found, idVendor=0421, idProduct=0335, bcdDevice=5f.0e [ 1428.488014][ T58] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1428.520118][ T58] usb 5-1: config 0 descriptor?? [ 1428.555081][ T58] rndis_host 5-1:0.0: skipping garbage [ 1428.575202][T25982] vhci_hcd: connection reset by peer [ 1428.581455][ T58] rndis_host 5-1:0.0: probe with driver rndis_host failed with error -22 [ 1428.593529][ T58] cdc_acm 5-1:0.0: skipping garbage [ 1428.599371][T25047] vhci_hcd: stop threads [ 1428.607543][T25047] vhci_hcd: release socket [ 1428.622099][ T58] cdc_acm 5-1:0.0: Control and data interfaces are not separated! [ 1428.641635][T25047] vhci_hcd: disconnect device [ 1428.649171][ T58] cdc_acm 5-1:0.0: This needs exactly 3 endpoints [ 1428.658469][ T58] cdc_acm 5-1:0.0: probe with driver cdc_acm failed with error -22 [ 1428.907538][T26004] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4038'. [ 1428.938851][T26004] bridge_slave_1: left allmulticast mode [ 1428.951512][T26004] bridge_slave_1: left promiscuous mode [ 1428.960623][T26004] bridge0: port 2(bridge_slave_1) entered disabled state [ 1428.979373][T26004] bridge_slave_0: left allmulticast mode [ 1428.991603][T26004] bridge_slave_0: left promiscuous mode [ 1429.009910][T26004] bridge0: port 1(bridge_slave_0) entered disabled state [ 1429.565094][T16203] usb 3-1: new full-speed USB device number 79 using dummy_hcd [ 1429.756307][T26020] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4044'. [ 1429.774163][T16203] usb 3-1: config 0 has an invalid interface number: 103 but max is 0 [ 1429.802590][T16203] usb 3-1: config 0 has no interface number 0 [ 1429.828807][T16203] usb 3-1: New USB device found, idVendor=2013, idProduct=1faa, bcdDevice=de.4d [ 1429.851237][T16203] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1429.870831][T16203] usb 3-1: Product: syz [ 1429.875180][T16203] usb 3-1: Manufacturer: syz [ 1429.881163][T16203] usb 3-1: SerialNumber: syz [ 1429.907863][T16203] usb 3-1: config 0 descriptor?? [ 1430.160856][T16203] dvb-usb: found a 'DiBcom STK8096-PVR reference design' in cold state, will try to load a firmware [ 1430.203243][T16203] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 1430.225564][T16203] dib0700: firmware download failed at 7 with -22 [ 1430.261578][T16203] usb 3-1: USB disconnect, device number 79 [ 1430.436037][T26024] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(8) [ 1430.442599][T26024] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 1430.468806][T26024] vhci_hcd vhci_hcd.0: Device attached [ 1430.742419][ T5333] usb 15-1: new high-speed USB device number 2 using vhci_hcd [ 1430.890938][ T5765] usb 5-1: USB disconnect, device number 86 [ 1431.065198][ T5282] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 1431.248429][T26044] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1431.274206][ T5282] usb 3-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 1431.297354][T26025] vhci_hcd: connection reset by peer [ 1431.325999][ T5282] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1431.330692][T25047] vhci_hcd: stop threads [ 1431.338461][ T5282] usb 3-1: Product: syz [ 1431.353590][ T5282] usb 3-1: Manufacturer: syz [ 1431.358807][ T5282] usb 3-1: SerialNumber: syz [ 1431.368665][T25047] vhci_hcd: release socket [ 1431.389635][T25047] vhci_hcd: disconnect device [ 1431.399620][ T5282] usb 3-1: config 0 descriptor?? [ 1431.418735][ T5282] ch341 3-1:0.0: ch341-uart converter detected [ 1431.543276][T23807] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 1431.629710][T21469] Bluetooth: hci4: Malformed MSFT vendor event: 0x02 [ 1431.687584][ T29] kauditd_printk_skb: 25 callbacks suppressed [ 1431.687603][ T29] audit: type=1326 audit(1725417776.733:5626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26049 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbfbf7cef9 code=0x7ffc0000 [ 1431.745805][T23807] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1431.771229][T23807] usb 5-1: config 27 interface 0 altsetting 0 endpoint 0xB has invalid wMaxPacketSize 0 [ 1431.777119][ T29] audit: type=1326 audit(1725417776.763:5627): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26049 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=301 compat=0 ip=0x7fdbfbf7cef9 code=0x7ffc0000 [ 1431.829876][ T29] audit: type=1326 audit(1725417776.763:5628): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26049 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbfbf7cef9 code=0x7ffc0000 [ 1431.870677][ T29] audit: type=1326 audit(1725417776.773:5629): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26049 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7fdbfbf7cef9 code=0x7ffc0000 [ 1431.899613][T23807] usb 5-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 0 [ 1431.909597][T23807] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1431.918822][T23807] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1431.976134][T23807] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1431.981600][ T29] audit: type=1326 audit(1725417776.773:5630): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26049 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbfbf7cef9 code=0x7ffc0000 [ 1432.099307][ T29] audit: type=1326 audit(1725417776.773:5631): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26049 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbfbf7cef9 code=0x7ffc0000 [ 1432.218524][ T29] audit: type=1326 audit(1725417776.773:5632): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26049 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fdbfbf7cef9 code=0x7ffc0000 [ 1432.259425][T17680] udevd[17680]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:27.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1432.335621][T23807] snd-usb-audio 5-1:27.0: probe with driver snd-usb-audio failed with error -12 [ 1432.355799][ T29] audit: type=1326 audit(1725417776.773:5633): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26049 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbfbf7cef9 code=0x7ffc0000 [ 1432.449745][ T29] audit: type=1326 audit(1725417776.783:5634): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26049 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fdbfbf7cef9 code=0x7ffc0000 [ 1432.542363][ T29] audit: type=1326 audit(1725417776.783:5635): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26049 comm="syz.3.4053" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fdbfbf7cef9 code=0x7ffc0000 [ 1432.908723][ T5282] ch341-uart ttyUSB0: break control not supported, using simulated break [ 1432.918063][ T5282] usb 3-1: ch341-uart converter now attached to ttyUSB0 [ 1432.945754][T26059] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1432.954268][ T5283] usb 2-1: new full-speed USB device number 41 using dummy_hcd [ 1432.969138][T26059] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1433.166783][ T5283] usb 2-1: config 0 has an invalid interface number: 103 but max is 0 [ 1433.189817][T23807] usb 3-1: USB disconnect, device number 80 [ 1433.204515][T23807] ch341-uart ttyUSB0: ch341-uart converter now disconnected from ttyUSB0 [ 1433.224895][T23807] ch341 3-1:0.0: device disconnected [ 1433.248845][ T5283] usb 2-1: config 0 has no interface number 0 [ 1433.276851][ T5283] usb 2-1: New USB device found, idVendor=2013, idProduct=1faa, bcdDevice=de.4d [ 1433.295794][ T5283] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1433.339525][ T5283] usb 2-1: Product: syz [ 1433.359560][ T5283] usb 2-1: Manufacturer: syz [ 1433.367131][ T5283] usb 2-1: SerialNumber: syz [ 1433.382779][T12183] usb 12-1: device descriptor read/8, error -110 [ 1433.395740][ T5283] usb 2-1: config 0 descriptor?? [ 1433.648212][ T5282] IPVS: starting estimator thread 0... [ 1433.659113][ T5283] dvb-usb: found a 'DiBcom STK8096-PVR reference design' in cold state, will try to load a firmware [ 1433.698245][ T5283] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 1433.747300][T26076] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.4061'. [ 1433.763451][ T5283] dib0700: firmware download failed at 7 with -22 [ 1433.769191][T26075] IPVS: using max 19 ests per chain, 45600 per kthread [ 1433.775283][ T5283] usb 2-1: USB disconnect, device number 41 [ 1433.805996][T26074] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.4061'. [ 1433.835671][T12183] usb usb12-port1: attempt power cycle [ 1434.232830][T23807] usb 5-1: USB disconnect, device number 87 [ 1434.512888][T12183] usb usb12-port1: unable to enumerate USB device [ 1434.862561][T26098] IPv6: addrconf: prefix option has invalid lifetime [ 1434.883035][T26098] IPv6: addrconf: prefix option has invalid lifetime [ 1434.896568][T26099] netlink: 'syz.0.4068': attribute type 8 has an invalid length. [ 1435.012863][T26103] FAULT_INJECTION: forcing a failure. [ 1435.012863][T26103] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1435.038567][T26103] CPU: 1 UID: 0 PID: 26103 Comm: syz.2.4069 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 1435.049378][T26103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1435.059465][T26103] Call Trace: [ 1435.062759][T26103] [ 1435.065684][T26103] dump_stack_lvl+0x241/0x360 [ 1435.070376][T26103] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1435.075594][T26103] ? __pfx__printk+0x10/0x10 [ 1435.080218][T26103] ? snprintf+0xda/0x120 [ 1435.084506][T26103] should_fail_ex+0x3b0/0x4e0 [ 1435.089235][T26103] _copy_to_user+0x2f/0xb0 [ 1435.093689][T26103] simple_read_from_buffer+0xca/0x150 [ 1435.099100][T26103] proc_fail_nth_read+0x1ec/0x260 [ 1435.104170][T26103] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1435.109759][T26103] ? rw_verify_area+0x520/0x6b0 [ 1435.114647][T26103] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1435.120240][T26103] vfs_read+0x204/0xbc0 [ 1435.124430][T26103] ? __pfx_lock_release+0x10/0x10 [ 1435.129500][T26103] ? __pfx_vfs_read+0x10/0x10 [ 1435.134212][T26103] ? __fget_files+0x29/0x470 [ 1435.138939][T26103] ? __fget_files+0x3f6/0x470 [ 1435.143670][T26103] ksys_read+0x1a0/0x2c0 [ 1435.147951][T26103] ? __pfx_ksys_read+0x10/0x10 [ 1435.152748][T26103] ? do_syscall_64+0x100/0x230 [ 1435.157548][T26103] ? do_syscall_64+0xb6/0x230 [ 1435.160976][T26108] netlink: 28 bytes leftover after parsing attributes in process `syz.0.4072'. [ 1435.162242][T26103] do_syscall_64+0xf3/0x230 [ 1435.162273][T26103] ? clear_bhb_loop+0x35/0x90 [ 1435.162298][T26103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1435.171540][T26108] netlink: 'syz.0.4072': attribute type 7 has an invalid length. [ 1435.175726][T26103] RIP: 0033:0x7fd0abb7b93c [ 1435.175754][T26103] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 1435.175770][T26103] RSP: 002b:00007fd0ac901030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1435.175792][T26103] RAX: ffffffffffffffda RBX: 00007fd0abd35f80 RCX: 00007fd0abb7b93c [ 1435.175807][T26103] RDX: 000000000000000f RSI: 00007fd0ac9010a0 RDI: 0000000000000004 [ 1435.175818][T26103] RBP: 00007fd0ac901090 R08: 0000000000000000 R09: 0000000000000000 [ 1435.175829][T26103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1435.175841][T26103] R13: 0000000000000000 R14: 00007fd0abd35f80 R15: 00007fd0abe5fa28 [ 1435.175869][T26103] [ 1435.296260][T26108] netlink: 'syz.0.4072': attribute type 8 has an invalid length. [ 1435.355566][T26108] netlink: 4 bytes leftover after parsing attributes in process `syz.0.4072'. [ 1435.405931][T26108] syz_tun: entered promiscuous mode [ 1435.443631][T26108] batadv_slave_1: entered promiscuous mode [ 1435.466929][T26108] gretap0: entered promiscuous mode [ 1435.883655][T26123] netlink: 104 bytes leftover after parsing attributes in process `syz.3.4077'. [ 1435.893909][ T5333] vhci_hcd: vhci_device speed not set [ 1435.920038][T26109] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1435.932899][ T5285] usb 1-1: new high-speed USB device number 113 using dummy_hcd [ 1435.942767][T26109] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1435.971535][T26109] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1436.004246][T26109] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 1436.012646][T26109] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1436.048222][T26109] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 1436.065464][T23807] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 1436.139320][T26127] hsr0: entered promiscuous mode [ 1436.152544][ T5285] usb 1-1: Using ep0 maxpacket: 8 [ 1436.166401][ T5285] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1436.185398][ T5285] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1436.213741][ T5285] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1436.242429][ T5285] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1436.250496][ T5285] usb 1-1: Product: syz [ 1436.266331][T23807] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1436.276330][ T5285] usb 1-1: Manufacturer: syz [ 1436.276357][ T5285] usb 1-1: SerialNumber: syz [ 1436.323356][T23807] usb 5-1: New USB device found, idVendor=046d, idProduct=c71b, bcdDevice= 0.00 [ 1436.348277][T23807] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1436.392898][T23807] usb 5-1: config 0 descriptor?? [ 1436.412025][T26131] netlink: 'syz.2.4081': attribute type 3 has an invalid length. [ 1436.415124][T23807] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1436.430169][T26131] netlink: 201372 bytes leftover after parsing attributes in process `syz.2.4081'. [ 1436.795386][T12183] usb 5-1: USB disconnect, device number 88 [ 1437.212457][T23807] usb 4-1: new high-speed USB device number 108 using dummy_hcd [ 1437.232076][T26149] IPVS: lblc: UDP 224.0.0.1:0 - no destination available [ 1437.402417][T23807] usb 4-1: Using ep0 maxpacket: 16 [ 1437.419131][T23807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1437.448943][T23807] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1437.481897][T23807] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1437.503380][T23807] usb 4-1: New USB device found, idVendor=046d, idProduct=c211, bcdDevice= 0.00 [ 1437.512840][T23807] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1437.544482][T23807] usb 4-1: config 0 descriptor?? [ 1437.642598][T12184] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 1437.749419][ T29] kauditd_printk_skb: 48 callbacks suppressed [ 1437.749436][ T29] audit: type=1326 audit(1725417782.793:5684): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26160 comm="syz.2.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0abb7cef9 code=0x7ffc0000 [ 1437.789862][ T29] audit: type=1326 audit(1725417782.823:5685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26160 comm="syz.2.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fd0abb7cef9 code=0x7ffc0000 [ 1437.843874][T12184] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1437.878026][T12184] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1437.909964][T12184] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1437.912523][ T29] audit: type=1326 audit(1725417782.823:5686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26160 comm="syz.2.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0abb7cef9 code=0x7ffc0000 [ 1437.922927][T12184] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1437.954925][T21469] Bluetooth: hci0: command 0x0c1a tx timeout [ 1437.962678][T26145] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1437.977805][T26145] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1437.998814][T12184] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1438.010316][T12184] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1438.019534][T12184] usb 2-1: Product: syz [ 1438.024022][T21469] Bluetooth: hci4: command 0x0c1a tx timeout [ 1438.031136][T12184] usb 2-1: Manufacturer: syz [ 1438.036627][T12184] usb 2-1: SerialNumber: syz [ 1438.057437][ T29] audit: type=1326 audit(1725417782.823:5687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26160 comm="syz.2.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0abb7cef9 code=0x7ffc0000 [ 1438.117319][T23807] logitech 0003:046D:C211.0046: hidraw0: USB HID v0.00 Device [HID 046d:c211] on usb-dummy_hcd.3-1/input0 [ 1438.129052][T23807] logitech 0003:046D:C211.0046: no inputs found [ 1438.152495][ T58] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 1438.188061][ T29] audit: type=1326 audit(1725417782.823:5688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26160 comm="syz.2.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=334 compat=0 ip=0x7fd0abb7cef9 code=0x7ffc0000 [ 1438.222883][ T29] audit: type=1326 audit(1725417782.823:5689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26160 comm="syz.2.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0abb7cef9 code=0x7ffc0000 [ 1438.287337][ T29] audit: type=1326 audit(1725417782.823:5690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26160 comm="syz.2.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0abb7cef9 code=0x7ffc0000 [ 1438.395246][ T58] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 1438.440280][ T58] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1438.453418][ T29] audit: type=1326 audit(1725417782.823:5691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26160 comm="syz.2.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=293 compat=0 ip=0x7fd0abb7cef9 code=0x7ffc0000 [ 1438.534778][ T58] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 1438.561375][T12184] usb 2-1: USB disconnect, device number 42 [ 1438.566807][ T29] audit: type=1326 audit(1725417782.823:5692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26160 comm="syz.2.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd0abb7cef9 code=0x7ffc0000 [ 1438.606921][ T58] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1438.666505][ T58] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 1438.688183][ T58] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 1438.713977][ T29] audit: type=1326 audit(1725417782.823:5693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=26160 comm="syz.2.4090" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fd0abb7cef9 code=0x7ffc0000 [ 1438.727286][ T58] usb 5-1: Product: syz [ 1438.758658][ T58] usb 5-1: Manufacturer: syz [ 1438.792117][ T58] cdc_wdm 5-1:1.0: skipping garbage [ 1438.806894][T12183] usb 1-1: USB disconnect, device number 113 [ 1438.892429][ T58] cdc_wdm 5-1:1.0: skipping garbage [ 1438.940616][ T58] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 1438.993800][ T58] cdc_wdm 5-1:1.0: Unknown control protocol [ 1439.026582][ T58] usb 5-1: USB disconnect, device number 89 [ 1439.028253][ C0] ------------[ cut here ]------------ [ 1439.038908][ C0] WARNING: CPU: 0 PID: 26171 at net/hsr/hsr_forward.c:602 hsr_fill_frame_info+0x3da/0x570 [ 1439.048937][ C0] Modules linked in: [ 1439.052928][ C0] CPU: 0 UID: 0 PID: 26171 Comm: syz.0.4093 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 1439.063790][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1439.073943][ C0] RIP: 0010:hsr_fill_frame_info+0x3da/0x570 [ 1439.079891][ C0] Code: 00 31 c0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 05 1d f9 f5 90 0f 0b 90 e9 09 ff ff ff e8 f7 1c f9 f5 90 <0f> 0b 90 eb 93 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c a3 fc ff ff 48 [ 1439.099621][ C0] RSP: 0018:ffffc90000007278 EFLAGS: 00010246 [ 1439.105790][ C0] RAX: ffffffff8b9a6fb9 RBX: 0000000000000000 RCX: ffff888072d03c00 [ 1439.113844][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 1439.121931][ C0] RBP: ffff888074b2ccc0 R08: ffffffff8b9a6e09 R09: 0000000000000000 [ 1439.129930][ C0] R10: ffffc900000073c8 R11: fffff52000000e7b R12: dffffc0000000000 [ 1439.137938][ C0] R13: 000000000000be88 R14: ffff888067504e20 R15: ffffc900000073c0 [ 1439.145942][ C0] FS: 00007f0e2ef466c0(0000) GS:ffff8880b8800000(0000) knlGS:0000000000000000 [ 1439.154893][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1439.161554][ C0] CR2: 00007fd0abcfc178 CR3: 000000002cbb4000 CR4: 00000000003506f0 [ 1439.169579][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000065d1a85f [ 1439.177574][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1439.185567][ C0] Call Trace: [ 1439.188835][ C0] [ 1439.191687][ C0] ? __warn+0x163/0x4e0 [ 1439.195885][ C0] ? hsr_fill_frame_info+0x3da/0x570 [ 1439.201174][ C0] ? report_bug+0x2b3/0x500 [ 1439.205789][ C0] ? hsr_fill_frame_info+0x3da/0x570 [ 1439.211070][ C0] ? handle_bug+0x3e/0x70 [ 1439.215501][ C0] ? exc_invalid_op+0x1a/0x50 [ 1439.220175][ C0] ? asm_exc_invalid_op+0x1a/0x20 [ 1439.225214][ C0] ? hsr_fill_frame_info+0x229/0x570 [ 1439.230488][ C0] ? hsr_fill_frame_info+0x3d9/0x570 [ 1439.235804][ C0] ? hsr_fill_frame_info+0x3da/0x570 [ 1439.241087][ C0] ? hsr_fill_frame_info+0x3d9/0x570 [ 1439.246433][ C0] hsr_forward_skb+0x847/0x2b60 [ 1439.251299][ C0] ? validate_chain+0x11e/0x5900 [ 1439.256265][ C0] ? hsr_forward_skb+0xaf/0x2b60 [ 1439.261200][ C0] ? __pfx_hsr_forward_skb+0x10/0x10 [ 1439.266535][ C0] ? skb_push+0x97/0x100 [ 1439.270797][ C0] hsr_handle_frame+0x51b/0x7d0 [ 1439.275681][ C0] ? __pfx_packet_rcv+0x10/0x10 [ 1439.280533][ C0] ? __pfx_hsr_handle_frame+0x10/0x10 [ 1439.285968][ C0] __netif_receive_skb_core+0x13e8/0x4570 [ 1439.291686][ C0] ? __pfx_hsr_handle_frame+0x10/0x10 [ 1439.297123][ C0] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 1439.303229][ C0] ? validate_chain+0x11e/0x5900 [ 1439.308162][ C0] ? mark_lock+0x9a/0x350 [ 1439.312511][ C0] ? __lock_acquire+0x137a/0x2040 [ 1439.317546][ C0] __netif_receive_skb_list_core+0x2b7/0x980 [ 1439.323552][ C0] ? mark_lock+0x9a/0x350 [ 1439.327887][ C0] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 1439.334412][ C0] ? netif_receive_skb_list_internal+0x4e8/0xe30 [ 1439.340734][ C0] netif_receive_skb_list_internal+0xa51/0xe30 [ 1439.346997][ C0] ? netif_receive_skb_list_internal+0x4e8/0xe30 [ 1439.353339][ C0] ? dev_gro_receive+0x108f/0x24b0 [ 1439.358439][ C0] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 1439.365135][ C0] ? cpufreq_update_util+0x94/0x250 [ 1439.370367][ C0] napi_complete_done+0x310/0x8e0 [ 1439.375425][ C0] ? mark_lock+0x9a/0x350 [ 1439.379756][ C0] ? __pfx_napi_complete_done+0x10/0x10 [ 1439.385321][ C0] ? rcu_is_watching+0x15/0xb0 [ 1439.390075][ C0] ? napi_gro_receive+0x6f3/0xc90 [ 1439.395117][ C0] gro_cell_poll+0x19a/0x1c0 [ 1439.399704][ C0] __napi_poll+0xcb/0x490 [ 1439.404052][ C0] net_rx_action+0x89b/0x1240 [ 1439.408747][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 1439.414070][ C0] ? sched_clock+0x4a/0x70 [ 1439.418492][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1439.424841][ C0] handle_softirqs+0x2c4/0x970 [ 1439.429601][ C0] ? do_softirq+0x11b/0x1e0 [ 1439.432382][T12183] usb 1-1: new high-speed USB device number 114 using dummy_hcd [ 1439.434141][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 1439.447062][ C0] do_softirq+0x11b/0x1e0 [ 1439.451444][ C0] [ 1439.454418][ C0] [ 1439.457354][ C0] ? __pfx_do_softirq+0x10/0x10 [ 1439.462229][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 1439.467935][ C0] ? rcu_is_watching+0x15/0xb0 [ 1439.472747][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 1439.477959][ C0] ? __pfx_netif_receive_skb+0x10/0x10 [ 1439.483467][ C0] ? tun_rx_batched+0x160/0x8f0 [ 1439.488336][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1439.494102][ C0] ? tun_rx_batched+0x160/0x8f0 [ 1439.498967][ C0] tun_rx_batched+0x732/0x8f0 [ 1439.503676][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1439.510024][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 1439.515085][ C0] ? __pfx_tun_rx_batched+0x10/0x10 [ 1439.520305][ C0] tun_get_user+0x2f84/0x4720 [ 1439.525009][ C0] ? tun_get_user+0x2a78/0x4720 [ 1439.529885][ C0] ? __lock_acquire+0x137a/0x2040 [ 1439.534952][ C0] ? __pfx_tun_get_user+0x10/0x10 [ 1439.540009][ C0] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1439.545534][ C0] ? tun_get+0x1e/0x2f0 [ 1439.549703][ C0] ? __pfx_lock_release+0x10/0x10 [ 1439.554784][ C0] ? tun_get+0x1e/0x2f0 [ 1439.558953][ C0] ? tun_get+0x27d/0x2f0 [ 1439.563228][ C0] tun_chr_write_iter+0x113/0x1f0 [ 1439.568270][ C0] vfs_write+0xa72/0xc90 [ 1439.572532][ C0] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1439.578097][ C0] ? __pfx_vfs_write+0x10/0x10 [ 1439.582913][ C0] ? do_futex+0x33b/0x560 [ 1439.587290][ C0] ksys_write+0x1a0/0x2c0 [ 1439.591647][ C0] ? __pfx_ksys_write+0x10/0x10 [ 1439.596756][ C0] ? do_syscall_64+0x100/0x230 [ 1439.601575][ C0] ? do_syscall_64+0xb6/0x230 [ 1439.606304][ C0] do_syscall_64+0xf3/0x230 [ 1439.610907][ C0] ? clear_bhb_loop+0x35/0x90 [ 1439.615623][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1439.621525][ C0] RIP: 0033:0x7f0e2e17b9df [ 1439.625996][ C0] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 1439.645778][ C0] RSP: 002b:00007f0e2ef46000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1439.654259][ C0] RAX: ffffffffffffffda RBX: 00007f0e2e335f80 RCX: 00007f0e2e17b9df [ 1439.662243][ C0] RDX: 0000000000000068 RSI: 00000000200001c0 RDI: 00000000000000c8 [ 1439.670385][ C0] RBP: 00007f0e2e1ef01e R08: 0000000000000000 R09: 0000000000000000 [ 1439.678420][ C0] R10: 0000000000000068 R11: 0000000000000293 R12: 0000000000000000 [ 1439.686471][ C0] R13: 0000000000000000 R14: 00007f0e2e335f80 R15: 00007f0e2e45fa28 [ 1439.694630][ C0] [ 1439.697658][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1439.704977][ C0] CPU: 0 UID: 0 PID: 26171 Comm: syz.0.4093 Not tainted 6.11.0-rc6-syzkaller-00026-g88fac17500f4 #0 [ 1439.715748][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 08/06/2024 [ 1439.725812][ C0] Call Trace: [ 1439.729114][ C0] [ 1439.731967][ C0] dump_stack_lvl+0x241/0x360 [ 1439.736756][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1439.741963][ C0] ? __pfx__printk+0x10/0x10 [ 1439.746552][ C0] ? _printk+0xd5/0x120 [ 1439.750729][ C0] ? vscnprintf+0x5d/0x90 [ 1439.755410][ C0] panic+0x349/0x860 [ 1439.759316][ C0] ? __warn+0x172/0x4e0 [ 1439.763486][ C0] ? __pfx_panic+0x10/0x10 [ 1439.767914][ C0] ? show_trace_log_lvl+0x4e6/0x520 [ 1439.773136][ C0] __warn+0x346/0x4e0 [ 1439.777137][ C0] ? hsr_fill_frame_info+0x3da/0x570 [ 1439.782455][ C0] report_bug+0x2b3/0x500 [ 1439.786798][ C0] ? hsr_fill_frame_info+0x3da/0x570 [ 1439.792121][ C0] handle_bug+0x3e/0x70 [ 1439.796301][ C0] exc_invalid_op+0x1a/0x50 [ 1439.800892][ C0] asm_exc_invalid_op+0x1a/0x20 [ 1439.805855][ C0] RIP: 0010:hsr_fill_frame_info+0x3da/0x570 [ 1439.811787][ C0] Code: 00 31 c0 48 83 c4 10 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 05 1d f9 f5 90 0f 0b 90 e9 09 ff ff ff e8 f7 1c f9 f5 90 <0f> 0b 90 eb 93 89 e9 80 e1 07 80 c1 03 38 c1 0f 8c a3 fc ff ff 48 [ 1439.831499][ C0] RSP: 0018:ffffc90000007278 EFLAGS: 00010246 [ 1439.837570][ C0] RAX: ffffffff8b9a6fb9 RBX: 0000000000000000 RCX: ffff888072d03c00 [ 1439.845556][ C0] RDX: 0000000000000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 1439.853548][ C0] RBP: ffff888074b2ccc0 R08: ffffffff8b9a6e09 R09: 0000000000000000 [ 1439.861623][ C0] R10: ffffc900000073c8 R11: fffff52000000e7b R12: dffffc0000000000 [ 1439.869770][ C0] R13: 000000000000be88 R14: ffff888067504e20 R15: ffffc900000073c0 [ 1439.877793][ C0] ? hsr_fill_frame_info+0x229/0x570 [ 1439.883107][ C0] ? hsr_fill_frame_info+0x3d9/0x570 [ 1439.888437][ C0] ? hsr_fill_frame_info+0x3d9/0x570 [ 1439.893731][ C0] hsr_forward_skb+0x847/0x2b60 [ 1439.898608][ C0] ? validate_chain+0x11e/0x5900 [ 1439.903567][ C0] ? hsr_forward_skb+0xaf/0x2b60 [ 1439.908527][ C0] ? __pfx_hsr_forward_skb+0x10/0x10 [ 1439.913846][ C0] ? skb_push+0x97/0x100 [ 1439.918084][ C0] hsr_handle_frame+0x51b/0x7d0 [ 1439.922944][ C0] ? __pfx_packet_rcv+0x10/0x10 [ 1439.927901][ C0] ? __pfx_hsr_handle_frame+0x10/0x10 [ 1439.933306][ C0] __netif_receive_skb_core+0x13e8/0x4570 [ 1439.939143][ C0] ? __pfx_hsr_handle_frame+0x10/0x10 [ 1439.944565][ C0] ? __pfx___netif_receive_skb_core+0x10/0x10 [ 1439.950641][ C0] ? validate_chain+0x11e/0x5900 [ 1439.955611][ C0] ? mark_lock+0x9a/0x350 [ 1439.959958][ C0] ? __lock_acquire+0x137a/0x2040 [ 1439.965017][ C0] __netif_receive_skb_list_core+0x2b7/0x980 [ 1439.970998][ C0] ? mark_lock+0x9a/0x350 [ 1439.975341][ C0] ? __pfx___netif_receive_skb_list_core+0x10/0x10 [ 1439.981866][ C0] ? netif_receive_skb_list_internal+0x4e8/0xe30 [ 1439.988227][ C0] netif_receive_skb_list_internal+0xa51/0xe30 [ 1439.994402][ C0] ? netif_receive_skb_list_internal+0x4e8/0xe30 [ 1440.000929][ C0] ? dev_gro_receive+0x108f/0x24b0 [ 1440.006071][ C0] ? __pfx_netif_receive_skb_list_internal+0x10/0x10 [ 1440.012759][ C0] ? cpufreq_update_util+0x94/0x250 [ 1440.018101][ C0] napi_complete_done+0x310/0x8e0 [ 1440.023145][ C0] ? mark_lock+0x9a/0x350 [ 1440.027507][ C0] ? __pfx_napi_complete_done+0x10/0x10 [ 1440.033066][ C0] ? rcu_is_watching+0x15/0xb0 [ 1440.037837][ C0] ? napi_gro_receive+0x6f3/0xc90 [ 1440.042888][ C0] gro_cell_poll+0x19a/0x1c0 [ 1440.047476][ C0] __napi_poll+0xcb/0x490 [ 1440.051827][ C0] net_rx_action+0x89b/0x1240 [ 1440.056510][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 1440.061673][ C0] ? sched_clock+0x4a/0x70 [ 1440.066132][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1440.072470][ C0] handle_softirqs+0x2c4/0x970 [ 1440.077257][ C0] ? do_softirq+0x11b/0x1e0 [ 1440.081789][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 1440.087087][ C0] do_softirq+0x11b/0x1e0 [ 1440.091443][ C0] [ 1440.094388][ C0] [ 1440.097320][ C0] ? __pfx_do_softirq+0x10/0x10 [ 1440.102171][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 1440.107842][ C0] ? rcu_is_watching+0x15/0xb0 [ 1440.112628][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 1440.117840][ C0] ? __pfx_netif_receive_skb+0x10/0x10 [ 1440.123318][ C0] ? tun_rx_batched+0x160/0x8f0 [ 1440.128162][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1440.133887][ C0] ? tun_rx_batched+0x160/0x8f0 [ 1440.138849][ C0] tun_rx_batched+0x732/0x8f0 [ 1440.143530][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1440.149863][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 1440.154910][ C0] ? __pfx_tun_rx_batched+0x10/0x10 [ 1440.160128][ C0] tun_get_user+0x2f84/0x4720 [ 1440.164827][ C0] ? tun_get_user+0x2a78/0x4720 [ 1440.169715][ C0] ? __lock_acquire+0x137a/0x2040 [ 1440.174759][ C0] ? __pfx_tun_get_user+0x10/0x10 [ 1440.179814][ C0] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 1440.185288][ C0] ? tun_get+0x1e/0x2f0 [ 1440.189449][ C0] ? __pfx_lock_release+0x10/0x10 [ 1440.194520][ C0] ? tun_get+0x1e/0x2f0 [ 1440.198704][ C0] ? tun_get+0x27d/0x2f0 [ 1440.202974][ C0] tun_chr_write_iter+0x113/0x1f0 [ 1440.208018][ C0] vfs_write+0xa72/0xc90 [ 1440.212278][ C0] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 1440.217835][ C0] ? __pfx_vfs_write+0x10/0x10 [ 1440.222613][ C0] ? do_futex+0x33b/0x560 [ 1440.226983][ C0] ksys_write+0x1a0/0x2c0 [ 1440.231952][ C0] ? __pfx_ksys_write+0x10/0x10 [ 1440.236827][ C0] ? do_syscall_64+0x100/0x230 [ 1440.241709][ C0] ? do_syscall_64+0xb6/0x230 [ 1440.246381][ C0] do_syscall_64+0xf3/0x230 [ 1440.250884][ C0] ? clear_bhb_loop+0x35/0x90 [ 1440.255596][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1440.261498][ C0] RIP: 0033:0x7f0e2e17b9df [ 1440.265930][ C0] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8d 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 1c 8e 02 00 48 [ 1440.285539][ C0] RSP: 002b:00007f0e2ef46000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 1440.294053][ C0] RAX: ffffffffffffffda RBX: 00007f0e2e335f80 RCX: 00007f0e2e17b9df [ 1440.302049][ C0] RDX: 0000000000000068 RSI: 00000000200001c0 RDI: 00000000000000c8 [ 1440.310065][ C0] RBP: 00007f0e2e1ef01e R08: 0000000000000000 R09: 0000000000000000 [ 1440.318064][ C0] R10: 0000000000000068 R11: 0000000000000293 R12: 0000000000000000 [ 1440.326061][ C0] R13: 0000000000000000 R14: 00007f0e2e335f80 R15: 00007f0e2e45fa28 [ 1440.334083][ C0] [ 1440.337324][ C0] Kernel Offset: disabled [ 1440.341647][ C0] Rebooting in 86400 seconds..