last executing test programs: 8.717767929s ago: executing program 3 (id=5890): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a3200000000140000001100"], 0x7c}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETFLOWTABLE(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000680)={0x2c, 0x17, 0xa, 0x401, 0x0, 0x0, {}, [@NFTA_FLOWTABLE_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz0\x00'}]}, 0x2c}}, 0x0) 7.803672777s ago: executing program 3 (id=5892): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_DELETE_ELEM(0x3, 0x0, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$team(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'team_slave_0\x00', 0x0}) ioctl$ifreq_SIOCGIFINDEX_team(r0, 0x8933, &(0x7f0000000080)={'team0\x00', 0x0}) sendmsg$TEAM_CMD_OPTIONS_SET(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="38040000", @ANYRES16=r2, @ANYBLOB="0908000000000000000001000000", @ANYBLOB="0400028008000100", @ANYRES32=r5, @ANYBLOB="8c0102803c00010024000100757365725f6c696e6b757000000000000000000000000000000000000000000005000300060000000400040008000600", @ANYRES32=r4], 0x438}}, 0x0) 7.549495919s ago: executing program 3 (id=5894): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) ioctl$USBDEVFS_FREE_STREAMS(0xffffffffffffffff, 0x802c550a, &(0x7f0000000000)=ANY=[@ANYBLOB="02002303100007"]) sched_setscheduler(0x0, 0x0, 0x0) getsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x0, 0xffffffffffffffff, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r3 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r3, &(0x7f0000019680)=""/102392, 0x18ff8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001d00)=ANY=[], 0x0}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r4, 0x18000000000002a0, 0x0, 0x0, 0x0, 0x0, 0x10fe, 0x60000000, 0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x0, 0x700}, 0x50) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x0, 0x8, &(0x7f0000001c40)=ANY=[], &(0x7f0000000380)='GPL\x00'}, 0x90) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000080)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG(r5, 0x4048ae9b, &(0x7f0000000280)={0x4376ea830d56d49d, 0x0, [0x0, 0x2, 0x400000000000000]}) ioctl$KVM_RUN(r5, 0xae80, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000500)={0x0, 0x0, 0x200000, 0x2000, &(0x7f0000000000/0x2000)=nil}) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) prctl$PR_SET_THP_DISABLE(0x29, 0x0) ioctl$KVM_NMI(r0, 0xae9a) sendmmsg$inet6(0xffffffffffffffff, &(0x7f00000071c0), 0x0, 0x0) 5.820990951s ago: executing program 4 (id=5901): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000000)={0x0, 0xffffffffffffffff, 0x0, 0x24, &(0x7f0000000180)='/proc/sys/net/ipv4/vs/sync_qlen_max\x00'}, 0x30) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) write$binfmt_script(r0, &(0x7f0000000100), 0xfecc) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x12, r0, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='memory.events\x00', 0x275a, 0x0) 5.72436696s ago: executing program 1 (id=5902): sendmsg$ETHTOOL_MSG_PRIVFLAGS_SET(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x0) syz_genetlink_get_family_id$gtp(&(0x7f0000000500), 0xffffffffffffffff) socket(0x0, 0x0, 0x0) fchownat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x100) fcntl$dupfd(0xffffffffffffffff, 0x0, 0xffffffffffffffff) sendmsg$GTP_CMD_DELPDP(0xffffffffffffffff, 0x0, 0x0) r0 = syz_open_dev$tty20(0xc, 0x4, 0x0) r1 = fcntl$dupfd(r0, 0x0, r0) ioctl$TCFLSH(r1, 0x5608, 0x1) 5.551210624s ago: executing program 4 (id=5904): r0 = getpid() syz_open_procfs(0xffffffffffffffff, 0x0) process_vm_readv(r0, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x7ffff000}, {&(0x7f0000006180)=""/152, 0x98}], 0x2, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x7ffff000}], 0x286, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) io_setup(0x6, &(0x7f0000000180)=0x0) io_submit(r2, 0x1, &(0x7f0000000040)=[&(0x7f00000000c0)={0x0, 0x300, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0}]) process_vm_readv(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = memfd_create(&(0x7f0000000100)=';e\x00\x00\xa4\xd8\xe0\x9c\x7f9\x8aZ]3N\xbb\xe1^\x9c\xe1\x9b6s$0Y\xf8\x90\x00\x00\x00\x00\xd2~l\xf6\x12\xde\xdd\xd5\x1d\x96\xb0a\xad\xcd\x16\xd8G\xae\xd9DZm\xabO\xad\x11%\x7f`@\x16c\xc0\xb6\x1f\xe3\x00\x1a_\xc7\xbf\xa7T\xbe\x13\x8b\xb3r\x8fL\xe6\xba\xe7\x18\xb4$BIj\xa3\xc9\xc6|\x9b\x88\xddPx\x02I\xde\xe8\xcd\x02\xc1\xedc2\x06\xcbM\xfb\x13jZ\x96\xeej\x9b\xe4XjN\xb9>\xdf3U\r \x8dh8T/h)\x90\xff\x8d\xd9\x89\xab\xf8P\xacYtk\xa3\xed\xfa*8\x13\b\xce\xf8z\xed\xadnz\x96\xa3\x9a9R\xd9]\xe11We\xfe3\xe06\x1a^\x04^\xef\xa3\x0fU\x9b1\xc6J\x83\x9d[\\a\xfd\xdc\xa1\xcd\xbe\x9b\xc5z7\xe8VP\x89\x16MK`\xe5\x137\b\x00\x00\x00\xd5\x01\xea\x98\xe6Z\x95j\xe3\x0ek>\x14\x80\rXS\xce\xf9\x0e\x89\xc4\xc6\x1bOm4Lla\r\xce\x17\xb5r&\xf3\x96\xbc\xc39\xa7\x95\xd9F\x17', 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) rt_sigpending(0x0, 0x1000000) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) r5 = syz_open_dev$dri(&(0x7f00000008c0), 0xd21, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r5, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r5, 0xc06864a1, &(0x7f00000002c0)={0x0, 0x0, r6, 0x0}) ioctl$DRM_IOCTL_MODE_GETFB2(r5, 0xc06864ce, &(0x7f0000000240)={r7, 0x0, 0x0, 0x0, 0x0, [0x0], [], [0x0, 0x3f]}) ioctl$DRM_IOCTL_PRIME_HANDLE_TO_FD(r5, 0xc00c642d, &(0x7f0000000100)={r8, 0x0, 0xffffffffffffffff}) ioctl$DRM_IOCTL_PRIME_FD_TO_HANDLE(r4, 0xc00c642e, &(0x7f0000000800)={0x0, 0x0, r9}) close_range(r3, 0xffffffffffffffff, 0x0) 5.419348976s ago: executing program 1 (id=5905): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000001140)={0x1f, 0x0, 0x1}, 0x6) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) ioctl$HCIINQUIRY(r1, 0x800448f0, &(0x7f00000000c0)={0x0, 0x0, "a686cf"}) 5.226222098s ago: executing program 3 (id=5907): setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x108) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) capset(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0xffffffff}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socket$nl_route(0x10, 0x3, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001d40)={0x1c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}}, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000480)=@mangle={'mangle\x00', 0x44, 0x6, 0x418, 0x2b0, 0x210, 0x2b0, 0x2b0, 0x98, 0x380, 0x380, 0x380, 0x380, 0x380, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @ECN={0x28}}, {{@ip={@loopback, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x478) ioctl$sock_inet_SIOCSARP(r7, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e22, @empty}, {0x1, @multicast}, 0x8, {0x2, 0x0, @empty}, 'syzkaller0\x00'}) r8 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r8, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) setsockopt$inet6_mreq(r8, 0x29, 0x1d, &(0x7f0000000200)={@empty}, 0x14) syz_emit_ethernet(0x4e, &(0x7f0000001dc0)=ANY=[@ANYBLOB], 0x0) 4.323374121s ago: executing program 1 (id=5909): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) connect$bt_l2cap(r0, &(0x7f0000000240), 0xe) prlimit64(0x0, 0x0, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) ptrace$ARCH_GET_FS(0x1e, 0x0, &(0x7f00000001c0), 0x1003) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000000000000000000000850000000f00000018010000646c000000000000000000007b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b703000000000000850000000600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2d, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r2}, 0x10) syz_clone3(&(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, &(0x7f0000000040), 0x2}, 0xa0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x0) connect$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x0, @fixed}, 0xe) 3.253939695s ago: executing program 3 (id=5910): r0 = gettid() timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000000)={{}, {0x0, 0x989680}}, 0x0) r1 = openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) write$binfmt_script(r2, &(0x7f0000000340), 0xffffff46) dup3(r2, r1, 0x0) sendmsg$netlink(r1, &(0x7f0000001300)={0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000180)=ANY=[], 0x10}], 0x1}, 0x0) close(r1) recvmsg(0xffffffffffffffff, &(0x7f0000001300)={&(0x7f0000000100)=@in6={0xa, 0x0, 0x0, @local}, 0x80, 0x0}, 0x0) rt_sigreturn() poll(0x0, 0x0, 0x64) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) rt_sigreturn() mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) r3 = socket$unix(0x1, 0x3, 0x0) ioctl$sock_SIOCGIFBR(r3, 0x8901, 0x0) 2.709770608s ago: executing program 3 (id=5914): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = eventfd(0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$FUSE_ATTR(r2, &(0x7f0000000240)={0x78, 0xfffffffffffffffe}, 0x78) write$cgroup_devices(r2, &(0x7f0000000380)=ANY=[@ANYBLOB="01202a3a8a"], 0x8) close(r2) rt_sigreturn() futex(&(0x7f0000000700), 0x0, 0x2, &(0x7f0000000100)={0x0, 0x3938700}, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x3938700}}, 0x0) mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$BTRFS_IOC_SPACE_INFO(r3, 0x541b, 0x0) 2.393515266s ago: executing program 2 (id=5916): sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x60cd894) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) getsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_IRQCHIP(r1, 0x4048aec9, &(0x7f0000000740)={0x4, 0x0, @ioapic}) 2.01991449s ago: executing program 4 (id=5919): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = socket$unix(0x1, 0x1, 0x0) r2 = socket$inet_tcp(0x2, 0x1, 0x0) r3 = fcntl$dupfd(r2, 0x0, r1) timer_settime(0x0, 0x0, &(0x7f000006b000)={{}, {0x0, 0x989680}}, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) write$binfmt_script(r4, &(0x7f0000000200)={'#! ', '', [{0x20, '#!2'}, {0x20, '#! '}, {0x20, '/proc/sys/net/ipv4/tcp_congestion_control\x00'}, {}], 0xa, "8855d1bef46f70e481dbdabbfc3bcc3f005c1079e7344e4392717247b88b05708cd1663511237737ac00004c03fa9d00005380"}, 0xfffffe59) sendmsg$unix(r4, &(0x7f0000000640)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f00000002c0)='c', 0x1}], 0x1}, 0x0) rt_sigreturn() timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) mlockall(0x1) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) connect$inet(r2, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r2, &(0x7f0000000480)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bd", 0x10af6109, 0xc000, 0x0, 0xfffffcef) 1.928064421s ago: executing program 2 (id=5920): setsockopt$EBT_SO_SET_ENTRIES(0xffffffffffffffff, 0x0, 0x80, 0x0, 0x108) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) capset(0x0, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x0, 0xffffffff}) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) bpf$BPF_MAP_LOOKUP_AND_DELETE_ELEM(0x15, 0x0, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000440)={0x11, 0x6, &(0x7f0000000cc0)=ANY=[@ANYBLOB="050000000000000061110c00000000008510000002000000850000000500000095000000000000009500a5050000000077d8f3b423cdac8d80000000000000002be16ad10a48b243ccc42606d25dfd73a015e0ca7fc2506a0f7535f7866907dc0200000000000000ae669e17fd6587d452d6453559c3421eed73d56615fe6c54c3b3ffe1b4ce25d7c983c044c03bf3a48dfe47ec9dd6c091c30b93bfae76d9ebacd3ed3e26e7a23129d6606fd28a69989d552af6bda9df2c3af36effff9af2551ce896165127cb3f011a7d06602e2fc40848228567ffb400000000003ed38ae89d24e1cebfba2f87925bfacba83109751fe6c05405d027edd68149ee99eef6a6992308a4fc0b7c70bc677d6dd4aed4af7500d7900a820b6347184e9a217b5614cd50cbe43a1ed2526814bc0000e9e086ce48e90defb6670c3df2624f56da648d28ad0a97aec7291c25447c106a99893e10db21901eb397b2f5fd71400fa7a050fbbef9e326ea27e513e96068fd1e8a43e89f9c85c822a961546ed5363c17ff1432d08806bc376e3e49ee52b59d13182e1f24ed200ada10eb1affb87ba55b2d72078e9f40b4ae7d01000000d11cd22c35d32940000088dde499000000fdffffff00000000000f000000ef0000000000000000000000000c52f4ebd2c893bb97a068bd10734a83584898eccb26f7b789cfc4cd995fa3e11a5c74c85404e2df3ad37b729ac83b0dcb4f48f3c3356b9997fc455a17690b6f7f9ccbe4b1701941b18aba6b16455a66c3b84b138efc20a546d3d5227e23b03f2a834391ade2ff3e93ee296c4082ee73e7c353312c9d75711ce1623e9c54bdff59d2a69dcb7d84c235b23a4480c2461b405cfd1a38992f295ad3adc94cd07c850d1ce6d0b2fea02c24e9280333152fb794e4ddea02017a6c139b50101caecaf2abc0847a1ff2f7fc3c2b99a96fc4275ad107274e2934a87a4ddcdb112754ca5bdec0ead14b6c0f19a43a2f05c7f0be31491eb8c9ff68236c8600040000000000000000000066e034c81c3cab64e4fc8dc55ce0ada18dcbf31c6e82893add3bee3e10fc873d1d922b0877cbcd95b839d3059d5140a1f742f6e75741e39e5cb6a193e06a1043375b0f61b5d4e17c81baa31b924d84f224baf1221c15fa12313ffbfa7c2730309f66705b71e6205e7cbf3643561eabb9a63fcd604d5cc27e1317ad94cf438d71873e540be16b6ca205081173bd03c4754fc4674812daab482fd390a1c903b5d28a1eb247b5837d7603b92495d5c569f6433c3fca5206cb0000003fdbbd3892c52c2e7612e05de32322e980a3d69931e2c9312dd517c96f2ee90362476ed853c4c9b7d4ebf13cbaa795860e92a3d7d004f2c491db38eb769f094d5d48b262cc35c40682138cf13a49aa9f27abec00002f01ba1251aaf2385416ca719300"], &(0x7f0000000080)='GPL\x00', 0x5, 0x29e, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x6}, 0x70) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socket$nl_route(0x10, 0x3, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r5, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000001d40)={0x1c, r4, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r6}, @void}}}, 0x1c}}, 0x0) r7 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r7, 0x0, 0x40, &(0x7f0000000480)=@mangle={'mangle\x00', 0x44, 0x6, 0x418, 0x2b0, 0x210, 0x2b0, 0x2b0, 0x98, 0x380, 0x380, 0x380, 0x380, 0x380, 0x6, 0x0, {[{{@ip={@broadcast, @multicast1=0xe0007600, 0x0, 0x0, 'geneve1\x00', 'ip6gre0\x00'}, 0x0, 0x70, 0x98}, @inet=@DSCP={0x28}}, {{@ip={@initdev={0xac, 0x1e, 0x0, 0x0}, @local, 0x0, 0x0, 'batadv_slave_1\x00', 'veth1_virt_wifi\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @local}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'vlan1\x00', 'nr0\x00'}, 0x0, 0xb0, 0xd8, 0x0, {}, [@common=@unspec=@connlimit={{0x40}}]}, @ECN={0x28}}, {{@ip={@loopback, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth1_to_team\x00'}, 0x0, 0x70, 0xa0}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @empty}}}, {{@ip={@broadcast, @multicast2, 0x0, 0x0, 'lo\x00', 'batadv_slave_1\x00'}, 0x0, 0xa0, 0xd0, 0x0, {}, [@common=@unspec=@mac={{0x30}, {@multicast}}]}, @TPROXY={0x30, 'TPROXY\x00', 0x0, {0x0, 0x0, @loopback}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x478) ioctl$sock_inet_SIOCSARP(r7, 0x8955, &(0x7f00000000c0)={{0x2, 0x4e22, @empty}, {0x1, @multicast}, 0x8, {0x2, 0x0, @empty}, 'syzkaller0\x00'}) r8 = socket$inet6(0xa, 0x3, 0x3a) setsockopt$inet6_int(r8, 0x29, 0x4e, &(0x7f0000000040)=0x9, 0x4) setsockopt$inet6_mreq(r8, 0x29, 0x1d, &(0x7f0000000200)={@empty}, 0x14) syz_emit_ethernet(0x4e, &(0x7f0000001dc0)=ANY=[@ANYBLOB], 0x0) 1.910782936s ago: executing program 0 (id=5921): futex(&(0x7f0000000700), 0x0, 0x0, 0x0, 0x0, 0x0) r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = eventfd(0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$FUSE_ATTR(r2, &(0x7f0000000240)={0x78, 0xfffffffffffffffe}, 0x78) write$cgroup_devices(r2, &(0x7f0000000040)=ANY=[@ANYBLOB='b *:\n'], 0x8) close(r2) socket$unix(0x1, 0x1, 0x0) rt_sigreturn() r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, &(0x7f0000000100), 0x4) bind$inet(r3, &(0x7f0000000000)={0x2, 0x4e21, @local}, 0x10) connect$inet(r3, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) sendto$inet(r3, &(0x7f0000000480)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bd", 0xfffffea5, 0xc000, 0x0, 0xfffffcef) getsockname$inet(r3, 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f00000000c0)={{}, {0x0, 0x3938700}}, 0x0) 1.732494985s ago: executing program 1 (id=5922): poll(0x0, 0x0, 0x64) rt_sigreturn() r0 = gettid() timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) r1 = eventfd(0x0) r2 = fcntl$dupfd(r1, 0x0, r1) write$FUSE_ATTR(r2, &(0x7f0000000240)={0x78, 0xfffffffffffffffe}, 0x78) write$cgroup_devices(r2, &(0x7f00000000c0)=ANY=[@ANYBLOB="01202a3a8a"], 0x8) close(r2) futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) mlockall(0x1) mremap(&(0x7f0000ff5000/0x2000)=nil, 0x2000, 0x5000000, 0x3, &(0x7f0000ffd000/0x1000)=nil) setxattr$smack_xattr_label(0x0, 0x0, 0x0, 0x0, 0x0) 1.528390573s ago: executing program 4 (id=5923): r0 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x541b, 0x0) 1.527997289s ago: executing program 0 (id=5924): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, 0x0, 0x0) sendto$inet(r0, &(0x7f0000000740)="fbbf0b5044e308cb7bd572aa2b42e9678bcf30eff9f3aed14dc94a114bd2b45956aebe2b108a87e865501a5f9e0383611afdd3f8bac3d5cfd7772a3ab48d0ba4b600731e357e38716c449fae7c28548a4f2105f44b8fd9b33041270ae01f1a405e3f650fc3b0926d481c364fca00000000000000006d3a3ede9fc738b8d86209c060161d5ddb5fcf3d09001117cdb9d055aa2d89fe3458720724853a876448d4a1fe9ef0569ad98a05ab5df763923b4e2c576e00000000000000000000000000000000002090666159e3075f7244cf4ec3d7814c0c934f44e200219e6dd7bc23397d5f2f2c76a5baddd0fd8c340362691ef226f7a0ac51b74b6be5ed6737948514cd466943d08eeb3895b80499da2b209da4f3ec5e3744ce3e863b0e04d0ec2f39edf50b6e08c4b47e448a35414763d687fbe3792ee15c5b9791310a346472723c100bf77a310b0ced8004b5ac6d48c40439f512e8ef34a53d65f55563f68136a577736ca5f6f66e01ef4ec2cdc8db34f6de50713adaa3f70189958263fddc1314f8a28ccdef6e1390c5fbaeadc3035d019f0dc75de307de6c0d010000000000000027083d1d5b4b013c503b863b560688d94de886b6dc73d5da2dfeff4bed1a49a975a6c8dbb480e4415ddca5657a5a8e3b111015499e952bb5e8d8f60de3d688df7802c6e8b27b31fac4e199038b79a3999920e634a5af162a9581b0e6647e410700246548234acacf9cb43ab332a37bbc926c39897395c974fda31536be523bf4260300730ae6136fecae5f0fa6ab2df8d98128b24589e3bbe5230e07dc5e0d65cc397e3f8204d48e59e8e294a6d7008ba8fba28cd5009fe1a7c569ce740078bf1c7389a6ba0f89257f0eac417aac0d2d89b05ee5dafa2f1d936c87264d077b2c0d5abdbc64ce943f895dd4c2e9dd7393543d89b00dc6b3a25045d4ec932366c67dfad087fa8dc104644828440bdf67dd97ebccb3bd", 0xfffffea5, 0x0, 0x0, 0x5c3f77325ed370f1) rt_sigreturn() r1 = fcntl$dupfd(r0, 0x0, 0xffffffffffffffff) futex(&(0x7f0000000700)=0x2, 0x0, 0x2, &(0x7f0000000740)={0x0, 0x3938700}, 0x0, 0x0) rt_sigreturn() write$9p(r1, 0x0, 0x0) 1.202795319s ago: executing program 1 (id=5925): write$binfmt_script(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e20, @multicast1}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x20020084, &(0x7f00000018c0)={0x2, 0x4e20}, 0x10) r1 = bpf$PROG_LOAD(0x5, &(0x7f000000e000)={0xe, 0x4, &(0x7f0000000b80)=ANY=[@ANYBLOB="b4050000200080006110600000000000c60000000000000295000000000000009f33ef60916e6e893f1eeb0be2566cd0723043c47c896ce0bce66a245ad99b817fd98cd824498949714ffaac8a6f77ef26dcca5582054d54d53cd2b6db714e4b94bdae214fa68a0557eb2c5ca683a4b6fc89398f2b9000f224891060017cfa6fa26fa7a34701008c61897d4a6148a1c11428607c40de60beac671e8e8fdecb03588aa623fa71f871ab5c2ff88afc6002084e5b52710800e835cf0d78e45f70983826fb8579c1fb01d2c5553d2ccb5fc5b51fe6b174bed9907dcff414ed55b0c20cdbe7009a6fe7cc78762f1d4dcdbca64920db9a50f86c21632fd30bf05121438bb74e4670ab5dfe447a4bd344e0bd74ff05d37ef68e3b9db863c758ffffffffb426e1230bc1cd4c02c4c2e6d17dc5c2edf332a62f5fe68fbbbbfcfd78a9f3fdc1f50c445e3f30e703cf05b90fbf940e6652d377474ed5f816f66ac3027460ae991e7f834dd7a7fc2a7003d1a6cf5478533584961c329fcf4fed5c9455640dcd28273dc9753cc979113f2915a3039c3ca60ec53bb1130c2d27fed7d67c440e23d130e51eea1e085bebabe7059de9cbfc51177cce5ef265c92b7957a334ff7be2ca867fd94286e016febfdb5827efc7a6efb01d66a396f84c1ca75daa4ead099694ed03d449b185cc836bab1a41a61bd6f03a54fafcee554bbb52adf8f1d7ede9f9a711256fb45e6c3d12ff560ee69d68733d522d9bbecf52396f15976381c27015403778139808142b48ced145ca8a6da5f322d413d09cc38b832fa05dd3c799042588f9eea6f443baa759257a000000000000000000bed1dad228e11f80cfea5848e436acf6e89dfae0b3d95b911af1818e0081504811a5f3c5d1ced3e592224f1d2ca3bdb2cc89001605db6987899eb99f94265401a95ff0a5a266438f1db461b7ebedd419bc038f7d36bd2bd4b3f92cd1469b63b1ce456a96152d353a8ab65f8bae521db73ff00b5d5cac7a439ab40d97e57f23e703fd6395930b9c3485ab181a83ed568cade43111530ec584cfb48e0cc5d63e2807b2e98525a84f9ac59cf74f3ba279e228e2a0dc8da8017cba3996541008785ab8f041f0a8d1399d88a3a58765e5a0149b9d0ea54b323675149783ec057ec6d6e8e600b9eced07ddcc56b77d8ea08223"], &(0x7f0000003ff6)='GPL\x00', 0x4, 0xfd90, &(0x7f000000cf3d)=""/195, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x366, 0x10, &(0x7f0000000000), 0x1dd}, 0x48) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000200)=@base={0xf, 0x4, 0x4, 0x12}, 0x48) bpf$BPF_PROG_DETACH(0x8, &(0x7f0000000080)={@map=r2, r1, 0x5}, 0x10) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r2, &(0x7f0000000340), &(0x7f0000000040)=@tcp=r0}, 0x20) setsockopt$sock_int(r0, 0x1, 0x7, &(0x7f0000000140), 0x4) sendto$inet(r0, &(0x7f00000000c0)='+', 0xffffffffffffff60, 0xf405, 0x0, 0xf06) 867.869388ms ago: executing program 0 (id=5926): r0 = bpf$MAP_CREATE_CONST_STR(0x0, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x11, 0x10, &(0x7f0000000000)=@framed={{}, [@snprintf={{}, {}, {}, {}, {}, {}, {}, {}, {}, {0x18, 0x3, 0x2, 0x0, r0, 0x0, 0x0, 0x0, 0x4}}]}, &(0x7f0000000300)='GPL\x00', 0x3, 0x408, &(0x7f0000001e00)=""/4087}, 0x90) 772.104418ms ago: executing program 4 (id=5927): syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) waitid(0x0, 0x0, 0x0, 0x2, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000180)={0xa, 0x0, 0x0, @dev}, 0x1c) rt_sigreturn() sendto$inet6(r0, 0x0, 0x0, 0x0, 0x0, 0x0) 769.395461ms ago: executing program 2 (id=5928): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @remote}, 0x1c) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x0, @tid=r1}, &(0x7f0000bbdffc)) write$tun(r0, 0x0, 0x0) close_range(r0, r0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000540)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='freezer.state\x00', 0x275a, 0x0) 677.245937ms ago: executing program 0 (id=5929): r0 = msgget$private(0x0, 0x0) msgrcv(r0, 0x0, 0x0, 0x0, 0x0) rt_sigreturn() select(0x0, 0x0, 0x0, 0x0, 0x0) msgsnd(r0, &(0x7f0000002140)=ANY=[@ANYBLOB="03"], 0x8, 0x0) 548.412036ms ago: executing program 2 (id=5930): sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x60cd894) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) socket$netlink(0x10, 0x3, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x0) socket$key(0xf, 0x3, 0x2) getsockopt$bt_BT_RCVMTU(0xffffffffffffffff, 0x112, 0xd, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_SET_IRQCHIP(0xffffffffffffffff, 0x4048aec9, &(0x7f0000000740)={0x4, 0x0, @ioapic}) 548.158461ms ago: executing program 4 (id=5931): pipe2$9p(&(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) write$P9_RRENAMEAT(r0, &(0x7f0000000100)={0x7}, 0xffffff5b) 485.099433ms ago: executing program 2 (id=5932): r0 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) r1 = inotify_init1(0x0) fcntl$setown(r1, 0x8, 0xffffffffffffffff) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1}, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000005900000095"], 0x0}, 0x90) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000080)={{r2}, 0x0, &(0x7f00000002c0)}, 0x20) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r3}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x0, 0x0) io_pgetevents(0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0) fcntl$getownex(r1, 0x10, &(0x7f0000000140)={0x0, 0x0}) r5 = syz_open_procfs(r4, &(0x7f0000000600)='fd/4\x00') ioctl$EXT4_IOC_GROUP_EXTEND(r5, 0x40086607, &(0x7f0000000240)) 455.667771ms ago: executing program 0 (id=5933): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000280)={0x18, 0x5, &(0x7f0000000500)=ANY=[@ANYBLOB="180100002100000000000000000000008500000075000000a50000002300000095"], &(0x7f00000000c0)='GPL\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000100)={&(0x7f00000001c0)='mmap_lock_acquire_returned\x00', r0}, 0x10) clock_nanosleep(0x0, 0x0, 0x0, 0x0) 262.762227ms ago: executing program 2 (id=5934): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f00000000c0)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x0) rmdir(0x0) 208.307187ms ago: executing program 0 (id=5935): r0 = timerfd_create(0x0, 0x0) timerfd_settime(r0, 0x3, &(0x7f0000000080)={{0x0, 0x3938700}, {0x77359400}}, 0x0) r1 = timerfd_create(0x0, 0x0) timerfd_settime(r1, 0x3, &(0x7f0000000440)={{0x0, 0x989680}}, 0x0) clock_adjtime(0x0, &(0x7f0000000480)={0xd54, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000}) 0s ago: executing program 1 (id=5936): sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) unshare(0x20040600) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace(0x8, r0) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet_sctp(0x2, 0x0, 0x84) openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0) kernel console output (not intermixed with test programs): ? __pfx_netlink_sendmsg+0x10/0x10 [ 2193.076027][T25109] ? __import_iovec+0x536/0x820 [ 2193.080929][T25109] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2193.086261][T25109] ? security_socket_sendmsg+0x87/0xb0 [ 2193.091772][T25109] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2193.097107][T25109] __sock_sendmsg+0x221/0x270 [ 2193.101835][T25109] ____sys_sendmsg+0x525/0x7d0 [ 2193.106643][T25109] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2193.111981][T25109] __sys_sendmsg+0x2b0/0x3a0 [ 2193.116612][T25109] ? __pfx___sys_sendmsg+0x10/0x10 [ 2193.121847][T25109] ? vfs_write+0x7c4/0xc90 [ 2193.126356][T25109] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2193.132732][T25109] ? do_syscall_64+0x100/0x230 [ 2193.137558][T25109] ? do_syscall_64+0xb6/0x230 [ 2193.142287][T25109] do_syscall_64+0xf3/0x230 [ 2193.146842][T25109] ? clear_bhb_loop+0x35/0x90 [ 2193.151568][T25109] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2193.157510][T25109] RIP: 0033:0x7f42ca977299 [ 2193.161959][T25109] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2193.181611][T25109] RSP: 002b:00007f42cb6cf048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2193.190069][T25109] RAX: ffffffffffffffda RBX: 00007f42cab05f80 RCX: 00007f42ca977299 [ 2193.198080][T25109] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 2193.206087][T25109] RBP: 00007f42cb6cf0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2193.214092][T25109] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2193.222100][T25109] R13: 000000000000000b R14: 00007f42cab05f80 R15: 00007ffedd8f80e8 [ 2193.230649][T25109] [ 2195.387111][T25128] netlink: 'syz.3.5246': attribute type 16 has an invalid length. [ 2196.657139][T25135] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2196.663171][T25135] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2196.677643][T25135] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2196.704809][T25135] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2196.727363][T25135] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2196.756371][T25135] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2197.071203][T25135] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2197.683850][T25154] netlink: 108 bytes leftover after parsing attributes in process `syz.1.5253'. [ 2198.432256][T25154] netlink: 32 bytes leftover after parsing attributes in process `syz.1.5253'. [ 2198.799676][T25168] netlink: 'syz.0.5257': attribute type 16 has an invalid length. [ 2199.118951][T25172] kvm: apic: phys broadcast and lowest prio [ 2199.174380][T25151] delete_channel: no stack [ 2200.476225][T25191] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 2200.552856][T15934] usb 5-1: new high-speed USB device number 112 using dummy_hcd [ 2201.118535][T15934] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 255, changing to 11 [ 2201.133450][T15934] usb 5-1: config 17 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 59391, setting to 1024 [ 2201.145603][T15934] usb 5-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 2201.155056][T15934] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2201.184695][T25184] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 2203.473201][T25227] netlink: 108 bytes leftover after parsing attributes in process `syz.0.5276'. [ 2203.545524][T15934] aiptek 5-1:17.0: Aiptek using 400 ms programming speed [ 2203.552917][ T5275] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 2203.569682][T25227] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5276'. [ 2203.586557][T15934] input: Aiptek as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:17.0/input/input198 [ 2203.621519][T15934] usb 5-1: USB disconnect, device number 112 [ 2203.621590][ C1] aiptek 5-1:17.0: aiptek_irq - usb_submit_urb failed with result -19 [ 2203.762754][ T5275] usb 4-1: Using ep0 maxpacket: 32 [ 2203.774018][ T5275] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 2203.783200][ T5275] usb 4-1: config 0 has no interface number 0 [ 2203.790632][ T5275] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2203.805932][ T5275] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2203.816434][ T5275] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 2203.846349][ T5275] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2203.859513][ T5275] usb 4-1: config 0 descriptor?? [ 2204.107356][T25230] kvm: apic: phys broadcast and lowest prio [ 2204.142823][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.153051][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.162729][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.175127][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.213066][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.232796][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.272789][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.333232][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.352392][T25225] delete_channel: no stack [ 2204.382746][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.394638][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.420761][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.443717][T25239] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 2204.461931][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.475008][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.483223][T25218] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2204.502999][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.513996][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.523310][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.542779][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.552849][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.561531][T25218] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2204.601205][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.602894][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.614716][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.634543][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.660739][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.679331][ T5275] uclogic 0003:28BD:0094.001D: failed retrieving string descriptor #100: -71 [ 2204.717894][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.719279][ T5275] uclogic 0003:28BD:0094.001D: failed retrieving pen parameters: -71 [ 2204.723979][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.732343][ T5275] uclogic 0003:28BD:0094.001D: pen probing failed: -71 [ 2204.772755][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.783107][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.784725][ T5275] uclogic 0003:28BD:0094.001D: failed probing parameters: -71 [ 2204.813783][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.818830][ T5275] uclogic 0003:28BD:0094.001D: probe with driver uclogic failed with error -71 [ 2204.822889][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.847536][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.880736][ T5275] usb 4-1: USB disconnect, device number 20 [ 2204.884089][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.926246][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2204.995303][T25235] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2208.725336][T25279] netlink: 'syz.2.5291': attribute type 16 has an invalid length. [ 2209.069248][T25286] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 2212.760016][T25326] netlink: 'syz.2.5304': attribute type 1 has an invalid length. [ 2212.987692][T25328] bond1: (slave gretap1): making interface the new active one [ 2213.010134][T25328] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 2214.517041][T25347] atomic_op ffff88807c8db198 conn xmit_atomic 0000000000000000 [ 2214.621759][T25355] x_tables: ip6_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 2215.692441][T25374] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 2217.287805][T25394] overlayfs: conflicting lowerdir path [ 2217.293076][T25396] atomic_op ffff88802ed90198 conn xmit_atomic 0000000000000000 [ 2217.418205][T25396] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 2219.015682][T25428] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 2220.375782][T25442] kvm: apic: phys broadcast and lowest prio [ 2221.506906][T25458] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 2221.763502][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 2221.867867][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 2225.022640][T19438] usb 3-1: new high-speed USB device number 127 using dummy_hcd [ 2225.047557][T25512] netlink: 'syz.1.5349': attribute type 16 has an invalid length. [ 2225.233756][T19438] usb 3-1: Using ep0 maxpacket: 32 [ 2225.247556][T19438] usb 3-1: New USB device found, idVendor=05ac, idProduct=0240, bcdDevice=73.1b [ 2225.267217][T19438] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2225.290457][T19438] usb 3-1: Product: syz [ 2225.304624][T19438] usb 3-1: Manufacturer: syz [ 2225.309310][T19438] usb 3-1: SerialNumber: syz [ 2225.348915][T19438] usb 3-1: config 0 descriptor?? [ 2225.368108][T19438] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/input/input199 [ 2225.638842][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 2225.638864][ T29] audit: type=1326 audit(1722277901.644:2699): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25524 comm="syz.1.5353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2225.877340][ T29] audit: type=1326 audit(1722277901.644:2700): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25524 comm="syz.1.5353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2225.911880][ T29] audit: type=1326 audit(1722277901.644:2701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25524 comm="syz.1.5353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2226.066500][ T4654] bcm5974 3-1:0.0: could not read from device [ 2226.087930][ T4654] bcm5974 3-1:0.0: could not read from device [ 2226.144563][ T4654] bcm5974 3-1:0.0: could not read from device [ 2226.155150][T19438] usb 3-1: USB disconnect, device number 127 [ 2226.221419][ T29] audit: type=1326 audit(1722277901.644:2702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25524 comm="syz.1.5353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2226.353459][ T29] audit: type=1326 audit(1722277901.644:2703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25524 comm="syz.1.5353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2226.378651][ T29] audit: type=1326 audit(1722277901.644:2704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25524 comm="syz.1.5353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2226.533493][ T29] audit: type=1326 audit(1722277901.644:2705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25524 comm="syz.1.5353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2226.594606][ T29] audit: type=1326 audit(1722277901.644:2706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25524 comm="syz.1.5353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2226.632657][ T29] audit: type=1326 audit(1722277901.654:2707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25524 comm="syz.1.5353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2226.712439][ T29] audit: type=1326 audit(1722277901.654:2708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25524 comm="syz.1.5353" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2227.905543][T25538] kvm: apic: phys broadcast and lowest prio [ 2228.234164][T25562] FAULT_INJECTION: forcing a failure. [ 2228.234164][T25562] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2228.348844][T25562] CPU: 0 UID: 0 PID: 25562 Comm: syz.2.5362 Not tainted 6.11.0-rc1-syzkaller-00004-gdc1c8034e31b #0 [ 2228.359674][T25562] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2228.369749][T25562] Call Trace: [ 2228.373087][T25562] [ 2228.376042][T25562] dump_stack_lvl+0x241/0x360 [ 2228.380761][T25562] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2228.386006][T25562] ? __pfx__printk+0x10/0x10 [ 2228.390617][T25562] ? __pfx_lock_release+0x10/0x10 [ 2228.395674][T25562] should_fail_ex+0x3b0/0x4e0 [ 2228.400391][T25562] _copy_from_user+0x2f/0xe0 [ 2228.405035][T25562] memdup_user+0x64/0xc0 [ 2228.409316][T25562] strndup_user+0x68/0xc0 [ 2228.413664][T25562] __se_sys_fsconfig+0x74c/0xf80 [ 2228.418628][T25562] ? __pfx___se_sys_fsconfig+0x10/0x10 [ 2228.424102][T25562] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2228.430218][T25562] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2228.436568][T25562] ? do_syscall_64+0x100/0x230 [ 2228.441364][T25562] ? __x64_sys_fsconfig+0x20/0xc0 [ 2228.446472][T25562] do_syscall_64+0xf3/0x230 [ 2228.451000][T25562] ? clear_bhb_loop+0x35/0x90 [ 2228.455713][T25562] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2228.461627][T25562] RIP: 0033:0x7f42ca977299 [ 2228.466061][T25562] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2228.485704][T25562] RSP: 002b:00007f42cb6cf048 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 2228.494148][T25562] RAX: ffffffffffffffda RBX: 00007f42cab05f80 RCX: 00007f42ca977299 [ 2228.502172][T25562] RDX: 0000000020000180 RSI: 0000000000000001 RDI: 0000000000000003 [ 2228.510189][T25562] RBP: 00007f42cb6cf0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2228.518190][T25562] R10: 0000000020000440 R11: 0000000000000246 R12: 0000000000000001 [ 2228.526177][T25562] R13: 000000000000000b R14: 00007f42cab05f80 R15: 00007ffedd8f80e8 [ 2228.534268][T25562] [ 2231.802416][T25633] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5379'. [ 2231.896599][T25633] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5379'. [ 2234.353307][T15934] usb 2-1: new high-speed USB device number 118 using dummy_hcd [ 2234.520062][T25683] netlink: 32 bytes leftover after parsing attributes in process `syz.2.5390'. [ 2234.591724][T15934] usb 2-1: config 0 has an invalid interface number: 100 but max is 0 [ 2234.622661][T15934] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 2234.659082][T15934] usb 2-1: config 0 has no interface number 1 [ 2234.674464][T15934] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 2234.700308][T15934] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 2234.744685][T15934] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2234.822793][T15934] usb 2-1: too many endpoints for config 0 interface 100 altsetting 7: 237, using maximum allowed: 30 [ 2234.859942][T15934] usb 2-1: config 0 interface 100 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 237 [ 2234.920178][T15934] usb 2-1: config 0 interface 100 has no altsetting 0 [ 2234.956639][T15934] usb 2-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 2234.982675][T15934] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2234.997879][T15934] usb 2-1: Product: syz [ 2235.002387][T15934] usb 2-1: Manufacturer: syz [ 2235.009738][T15934] usb 2-1: SerialNumber: syz [ 2235.018688][T15934] usb 2-1: config 0 descriptor?? [ 2235.271052][T15934] kaweth 2-1:0.0: Firmware present in device. [ 2235.323530][ T1170] usb 5-1: new high-speed USB device number 113 using dummy_hcd [ 2235.442741][ T5275] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 2235.481666][T15934] kaweth 2-1:0.0: Statistics collection: 0 [ 2235.513106][T15934] kaweth 2-1:0.0: Multicast filter limit: 0 [ 2235.533849][T15934] kaweth 2-1:0.0: MTU: 0 [ 2235.554163][ T1170] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2235.573833][T15934] kaweth 2-1:0.0: Read MAC address 00:00:00:00:00:00 [ 2235.589645][ T1170] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2235.601123][ T1170] usb 5-1: New USB device found, idVendor=056a, idProduct=00d0, bcdDevice= 0.00 [ 2235.617549][ T1170] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2235.639900][ T5275] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=31.c9 [ 2235.658133][ T1170] usb 5-1: config 0 descriptor?? [ 2235.666947][ T5275] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=186 [ 2235.676102][ T5275] usb 3-1: SerialNumber: syz [ 2235.690700][ T5275] usb 3-1: config 0 descriptor?? [ 2235.921248][T25701] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2235.948012][T25701] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2236.117365][ T5275] ath6kl: Failed to submit usb control message: -71 [ 2236.129609][ T1170] wacom 0003:056A:00D0.001E: Unknown device_type for 'HID 056a:00d0'. Assuming pen. [ 2236.139627][ T5275] ath6kl: unable to send the bmi data to the device: -71 [ 2236.149604][ T5275] ath6kl: Unable to send get target info: -71 [ 2236.159241][ T1170] wacom 0003:056A:00D0.001E: hidraw0: USB HID v0.00 Device [HID 056a:00d0] on usb-dummy_hcd.4-1/input0 [ 2236.179523][ T5275] ath6kl: Failed to init ath6kl core: -71 [ 2236.188538][ T5275] ath6kl_usb 3-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 2236.200117][ T1170] input: Wacom Bamboo 2FG Pen as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:056A:00D0.001E/input/input200 [ 2236.221819][ T5275] usb 3-1: USB disconnect, device number 2 [ 2237.119112][ T1170] usb 5-1: USB disconnect, device number 113 [ 2237.214199][T15934] kaweth 2-1:0.0: probe with driver kaweth failed with error -5 [ 2237.277303][T15934] kaweth 2-1:0.100: Firmware present in device. [ 2237.307757][T15934] kaweth 2-1:0.100: Error reading configuration (-71), no net device created [ 2237.338708][T15934] kaweth 2-1:0.100: probe with driver kaweth failed with error -5 [ 2237.376205][T15934] usb 2-1: USB disconnect, device number 118 [ 2237.693006][T25734] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 2238.182694][T25741] netlink: 20 bytes leftover after parsing attributes in process `syz.2.5403'. [ 2238.902803][T17072] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 2239.103232][T17072] usb 3-1: Invalid ep0 maxpacket: 9 [ 2239.272778][T17072] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 2239.442449][T25779] netlink: 'syz.1.5411': attribute type 9 has an invalid length. [ 2239.508347][T17072] usb 3-1: Invalid ep0 maxpacket: 9 [ 2239.526460][T25779] netlink: 209836 bytes leftover after parsing attributes in process `syz.1.5411'. [ 2239.544886][T17072] usb usb3-port1: attempt power cycle [ 2240.053160][T17072] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 2240.138892][T17072] usb 3-1: Invalid ep0 maxpacket: 9 [ 2240.307388][T17072] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 2240.344457][T17072] usb 3-1: Invalid ep0 maxpacket: 9 [ 2240.357539][T17072] usb usb3-port1: unable to enumerate USB device [ 2240.492921][T25789] FAULT_INJECTION: forcing a failure. [ 2240.492921][T25789] name failslab, interval 1, probability 0, space 0, times 0 [ 2240.507359][T25789] CPU: 1 UID: 0 PID: 25789 Comm: syz.1.5415 Not tainted 6.11.0-rc1-syzkaller-00004-gdc1c8034e31b #0 [ 2240.518215][T25789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2240.528284][T25789] Call Trace: [ 2240.531566][T25789] [ 2240.534503][T25789] dump_stack_lvl+0x241/0x360 [ 2240.539317][T25789] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2240.544639][T25789] ? __pfx__printk+0x10/0x10 [ 2240.549278][T25789] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 2240.554782][T25789] ? __pfx___might_resched+0x10/0x10 [ 2240.560080][T25789] should_fail_ex+0x3b0/0x4e0 [ 2240.564797][T25789] should_failslab+0xac/0x100 [ 2240.569538][T25789] ? alloc_netdev_mqs+0xb9d/0x1000 [ 2240.574699][T25789] __kmalloc_cache_noprof+0x6c/0x2c0 [ 2240.580027][T25789] ? __xdp_rxq_info_reg+0x142/0x290 [ 2240.585259][T25789] alloc_netdev_mqs+0xb9d/0x1000 [ 2240.590248][T25789] rtnl_create_link+0x2f9/0xc20 [ 2240.595146][T25789] rtnl_newlink+0x1423/0x20a0 [ 2240.599862][T25789] ? rtnl_newlink+0xae1/0x20a0 [ 2240.604684][T25789] ? __pfx_rtnl_newlink+0x10/0x10 [ 2240.609746][T25789] ? __pfx___mutex_trylock_common+0x10/0x10 [ 2240.615660][T25789] ? rcu_is_watching+0x15/0xb0 [ 2240.620444][T25789] ? trace_contention_end+0x3c/0x120 [ 2240.625741][T25789] ? __mutex_lock+0x2ef/0xd70 [ 2240.630447][T25789] ? __pfx_lock_release+0x10/0x10 [ 2240.635521][T25789] ? __pfx_rtnl_newlink+0x10/0x10 [ 2240.640591][T25789] rtnetlink_rcv_msg+0x73f/0xcf0 [ 2240.645556][T25789] ? rtnetlink_rcv_msg+0x1a7/0xcf0 [ 2240.650715][T25789] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2240.656195][T25789] ? ref_tracker_free+0x643/0x7e0 [ 2240.661238][T25789] netlink_rcv_skb+0x1e3/0x430 [ 2240.666016][T25789] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2240.671518][T25789] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2240.676935][T25789] ? netlink_deliver_tap+0x2e/0x1b0 [ 2240.682159][T25789] netlink_unicast+0x7f0/0x990 [ 2240.686969][T25789] ? __pfx_netlink_unicast+0x10/0x10 [ 2240.692265][T25789] ? __virt_addr_valid+0x183/0x530 [ 2240.697581][T25789] ? __check_object_size+0x49c/0x900 [ 2240.702971][T25789] ? bpf_lsm_netlink_send+0x9/0x10 [ 2240.708102][T25789] netlink_sendmsg+0x8e4/0xcb0 [ 2240.712895][T25789] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2240.718220][T25789] ? __import_iovec+0x536/0x820 [ 2240.723094][T25789] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2240.728391][T25789] ? security_socket_sendmsg+0x87/0xb0 [ 2240.733889][T25789] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2240.739188][T25789] __sock_sendmsg+0x221/0x270 [ 2240.743884][T25789] ____sys_sendmsg+0x525/0x7d0 [ 2240.748667][T25789] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2240.753974][T25789] __sys_sendmsg+0x2b0/0x3a0 [ 2240.758661][T25789] ? __pfx___sys_sendmsg+0x10/0x10 [ 2240.763802][T25789] ? vfs_write+0x7c4/0xc90 [ 2240.768260][T25789] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2240.774605][T25789] ? do_syscall_64+0x100/0x230 [ 2240.779382][T25789] ? do_syscall_64+0xb6/0x230 [ 2240.784071][T25789] do_syscall_64+0xf3/0x230 [ 2240.788590][T25789] ? clear_bhb_loop+0x35/0x90 [ 2240.793305][T25789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2240.799282][T25789] RIP: 0033:0x7f8a6b177299 [ 2240.803706][T25789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2240.823322][T25789] RSP: 002b:00007f8a6bfca048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2240.831750][T25789] RAX: ffffffffffffffda RBX: 00007f8a6b305f80 RCX: 00007f8a6b177299 [ 2240.839817][T25789] RDX: 0000000000000000 RSI: 0000000020000100 RDI: 0000000000000003 [ 2240.847799][T25789] RBP: 00007f8a6bfca0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2240.855806][T25789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2240.863790][T25789] R13: 000000000000000b R14: 00007f8a6b305f80 R15: 00007ffeeb409bc8 [ 2240.871783][T25789] [ 2240.896511][T25790] netlink: 80 bytes leftover after parsing attributes in process `syz.4.5414'. [ 2240.919754][T25790] netlink: 80 bytes leftover after parsing attributes in process `syz.4.5414'. [ 2241.042728][ T1170] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 2241.233571][ T1170] usb 4-1: config 0 has an invalid interface number: 100 but max is 0 [ 2241.250014][ T1170] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 2241.430837][ T1170] usb 4-1: config 0 has no interface number 1 [ 2241.437659][ T1170] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 2241.447521][ T1170] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 2241.466547][ T1170] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2241.555940][T25802] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 2241.769223][ T1170] usb 4-1: too many endpoints for config 0 interface 100 altsetting 7: 237, using maximum allowed: 30 [ 2241.780726][ T1170] usb 4-1: config 0 interface 100 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 237 [ 2241.794705][ T1170] usb 4-1: config 0 interface 100 has no altsetting 0 [ 2241.805470][ T1170] usb 4-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 2241.876078][ T1170] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2241.958505][ T1170] usb 4-1: Product: syz [ 2241.968675][ T1170] usb 4-1: Manufacturer: syz [ 2241.979960][ T1170] usb 4-1: SerialNumber: syz [ 2242.051143][ T1170] usb 4-1: config 0 descriptor?? [ 2247.799039][ T1170] kaweth 4-1:0.0: Firmware present in device. [ 2248.037449][ T1170] kaweth 4-1:0.0: Error reading configuration (-71), no net device created [ 2248.077528][ T1170] kaweth 4-1:0.0: probe with driver kaweth failed with error -5 [ 2248.160277][ T1170] kaweth 4-1:0.100: Firmware present in device. [ 2248.170500][ T1170] kaweth 4-1:0.100: Error reading configuration (-71), no net device created [ 2248.204285][ T1170] kaweth 4-1:0.100: probe with driver kaweth failed with error -5 [ 2248.245167][ T1170] usb 4-1: USB disconnect, device number 21 [ 2248.405441][T25821] netlink: 'syz.0.5425': attribute type 9 has an invalid length. [ 2248.433815][T25821] netlink: 209836 bytes leftover after parsing attributes in process `syz.0.5425'. [ 2248.584101][ T29] kauditd_printk_skb: 25 callbacks suppressed [ 2248.584126][ T29] audit: type=1326 audit(1722277924.594:2734): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25826 comm="syz.2.5428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42ca977299 code=0x7ffc0000 [ 2248.621340][ T29] audit: type=1326 audit(1722277924.594:2735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25826 comm="syz.2.5428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42ca977299 code=0x7ffc0000 [ 2248.644178][ T29] audit: type=1326 audit(1722277924.594:2736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25826 comm="syz.2.5428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f42ca977299 code=0x7ffc0000 [ 2250.600926][ T29] audit: type=1326 audit(1722277924.594:2737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25826 comm="syz.2.5428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42ca977299 code=0x7ffc0000 [ 2250.623065][ T29] audit: type=1326 audit(1722277924.594:2738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25826 comm="syz.2.5428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42ca977299 code=0x7ffc0000 [ 2250.703565][ T29] audit: type=1326 audit(1722277924.634:2739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25826 comm="syz.2.5428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f42ca977299 code=0x7ffc0000 [ 2250.798007][ T29] audit: type=1326 audit(1722277924.634:2740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25826 comm="syz.2.5428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42ca977299 code=0x7ffc0000 [ 2250.906720][ T29] audit: type=1326 audit(1722277924.634:2741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25826 comm="syz.2.5428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42ca977299 code=0x7ffc0000 [ 2250.956074][ T29] audit: type=1326 audit(1722277924.684:2742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25826 comm="syz.2.5428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f42ca977299 code=0x7ffc0000 [ 2251.014741][ T29] audit: type=1326 audit(1722277924.684:2743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=25826 comm="syz.2.5428" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f42ca977299 code=0x7ffc0000 [ 2251.297403][T17072] usb 2-1: new high-speed USB device number 119 using dummy_hcd [ 2251.661608][T17072] usb 2-1: too many configurations: 65, using maximum allowed: 8 [ 2252.070097][T15934] usb 5-1: new high-speed USB device number 114 using dummy_hcd [ 2252.071373][T25869] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2252.202902][T17072] usb 2-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 2252.253181][T17072] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2252.285552][T15934] usb 5-1: New USB device found, idVendor=0c45, idProduct=614a, bcdDevice=e6.af [ 2252.302593][T15934] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2252.332408][T15934] usb 5-1: config 0 descriptor?? [ 2252.354986][T15934] gspca_main: sonixj-2.14.0 probing 0c45:614a [ 2252.879090][T15934] gspca_sonixj: reg_w1 err -110 [ 2252.892900][T15934] sonixj 5-1:0.0: probe with driver sonixj failed with error -110 [ 2252.916776][T25845] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2252.939391][T25845] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2252.953124][T25884] netlink: 'syz.4.5434': attribute type 4 has an invalid length. [ 2253.015954][T17072] usb 2-1: string descriptor 0 read error: -71 [ 2253.037964][T17072] usb 2-1: Found UVC 0.00 device (046d:08c1) [ 2253.051390][T17072] usb 2-1: No valid video chain found. [ 2253.068610][T17072] usb 2-1: USB disconnect, device number 119 [ 2253.334401][T25895] netlink: 'syz.3.5446': attribute type 9 has an invalid length. [ 2253.358744][T25895] netlink: 209836 bytes leftover after parsing attributes in process `syz.3.5446'. [ 2259.530808][T15934] usb 5-1: USB disconnect, device number 114 [ 2262.203908][T25977] fuse: Bad value for 'group_id' [ 2262.212346][T25977] fuse: Bad value for 'group_id' [ 2263.337727][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.347704][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.388347][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.458855][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.478096][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.512825][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.654239][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.682811][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.708453][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.739940][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.778152][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.797936][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.827689][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.857703][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.888663][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.912438][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2263.958557][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2264.077773][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2264.111492][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2264.204758][T25988] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2264.599148][ T1170] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 2264.813437][ T1170] usb 4-1: Using ep0 maxpacket: 32 [ 2264.952980][ T1170] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 2264.961055][ T1170] usb 4-1: config 0 has no interface number 0 [ 2264.974102][ T1170] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2265.045568][ T1170] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2265.105216][ T1170] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 2265.144093][ T1170] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2265.195677][ T1170] usb 4-1: config 0 descriptor?? [ 2265.831289][T25996] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2265.855522][T25996] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2265.924870][ T1170] uclogic 0003:28BD:0094.001F: failed retrieving string descriptor #100: -71 [ 2265.951681][ T1170] uclogic 0003:28BD:0094.001F: failed retrieving pen parameters: -71 [ 2265.964392][ T1170] uclogic 0003:28BD:0094.001F: pen probing failed: -71 [ 2265.973133][ T1170] uclogic 0003:28BD:0094.001F: failed probing parameters: -71 [ 2265.981545][ T1170] uclogic 0003:28BD:0094.001F: probe with driver uclogic failed with error -71 [ 2265.996518][ T1170] usb 4-1: USB disconnect, device number 22 [ 2266.072789][ T5303] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 2266.130465][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.140489][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.160490][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.188612][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.228303][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.260513][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.283855][ T5303] usb 3-1: too many configurations: 65, using maximum allowed: 8 [ 2266.315477][ T5303] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 2266.322681][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.327124][ T5303] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2266.347011][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.350507][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.380487][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.400456][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.410488][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.430518][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.440589][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.450467][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.471340][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.490532][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.513977][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.532427][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.552685][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.570687][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.580488][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.600563][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.622573][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.640523][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.660456][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.670479][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.690479][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.710482][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.726744][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.740480][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.760459][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.774099][T26017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2266.800556][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.810980][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.830621][T26022] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2266.852970][T26017] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2266.914217][ T5303] usb 3-1: string descriptor 0 read error: -71 [ 2266.931044][ T5303] usb 3-1: Found UVC 0.00 device (046d:08c1) [ 2266.939766][ T5303] usb 3-1: No valid video chain found. [ 2266.959341][ T5303] usb 3-1: USB disconnect, device number 7 [ 2267.296344][T26048] FAULT_INJECTION: forcing a failure. [ 2267.296344][T26048] name failslab, interval 1, probability 0, space 0, times 0 [ 2267.325272][T26048] CPU: 0 UID: 0 PID: 26048 Comm: syz.3.5491 Not tainted 6.11.0-rc1-syzkaller-00004-gdc1c8034e31b #0 [ 2267.336169][T26048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2267.346273][T26048] Call Trace: [ 2267.349593][T26048] [ 2267.352557][T26048] dump_stack_lvl+0x241/0x360 [ 2267.357290][T26048] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2267.362540][T26048] ? __pfx__printk+0x10/0x10 [ 2267.367177][T26048] ? _copy_from_iter+0x26b/0x1960 [ 2267.372255][T26048] should_fail_ex+0x3b0/0x4e0 [ 2267.376976][T26048] ? build_skb+0x52/0x2a0 [ 2267.381369][T26048] should_failslab+0xac/0x100 [ 2267.386101][T26048] ? build_skb+0x52/0x2a0 [ 2267.390483][T26048] kmem_cache_alloc_noprof+0x6c/0x2a0 [ 2267.395903][T26048] ? __pfx_lock_release+0x10/0x10 [ 2267.400993][T26048] build_skb+0x52/0x2a0 [ 2267.405200][T26048] ? __tun_build_skb+0x25/0x2f0 [ 2267.410073][T26048] __tun_build_skb+0x33/0x2f0 [ 2267.414769][T26048] tun_get_user+0x20bb/0x4720 [ 2267.419462][T26048] ? tun_get_user+0x871/0x4720 [ 2267.424244][T26048] ? __lock_acquire+0x137a/0x2040 [ 2267.429293][T26048] ? __pfx_tun_get_user+0x10/0x10 [ 2267.434348][T26048] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 2267.439820][T26048] ? tun_get+0x1e/0x2f0 [ 2267.443991][T26048] ? __pfx_lock_release+0x10/0x10 [ 2267.449047][T26048] ? tun_get+0x1e/0x2f0 [ 2267.453212][T26048] ? tun_get+0x27d/0x2f0 [ 2267.457467][T26048] tun_chr_write_iter+0x113/0x1f0 [ 2267.462512][T26048] vfs_write+0xa72/0xc90 [ 2267.466780][T26048] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 2267.472341][T26048] ? __pfx_vfs_write+0x10/0x10 [ 2267.477137][T26048] ksys_write+0x1a0/0x2c0 [ 2267.481504][T26048] ? __pfx_ksys_write+0x10/0x10 [ 2267.486414][T26048] ? do_syscall_64+0x100/0x230 [ 2267.491214][T26048] ? do_syscall_64+0xb6/0x230 [ 2267.495920][T26048] do_syscall_64+0xf3/0x230 [ 2267.500451][T26048] ? clear_bhb_loop+0x35/0x90 [ 2267.505157][T26048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2267.511080][T26048] RIP: 0033:0x7fed41f75e1f [ 2267.515505][T26048] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 29 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 7c 8c 02 00 48 [ 2267.535122][T26048] RSP: 002b:00007fed42c93010 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 2267.544865][T26048] RAX: ffffffffffffffda RBX: 00007fed42105f80 RCX: 00007fed41f75e1f [ 2267.552957][T26048] RDX: 000000000000004e RSI: 0000000020000600 RDI: 00000000000000c8 [ 2267.560960][T26048] RBP: 00007fed42c930a0 R08: 0000000000000000 R09: 0000000000000000 [ 2267.568946][T26048] R10: 000000000000004e R11: 0000000000000293 R12: 0000000000000001 [ 2267.576927][T26048] R13: 000000000000000b R14: 00007fed42105f80 R15: 00007ffc49bc0718 [ 2267.585363][T26048] [ 2267.762731][ T5303] usb 2-1: new high-speed USB device number 120 using dummy_hcd [ 2267.895675][T26059] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2267.953130][ T5303] usb 2-1: Using ep0 maxpacket: 16 [ 2267.967531][T26059] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2267.979532][ T5303] usb 2-1: config 0 has an invalid descriptor of length 28, skipping remainder of the config [ 2267.990005][ T5303] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2268.004398][ T5303] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 191 [ 2268.045631][ T5303] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2268.109483][ T5303] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 2268.121120][ T5303] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 2268.138981][ T5303] usb 2-1: Manufacturer: syz [ 2268.157701][ T5303] usb 2-1: config 0 descriptor?? [ 2268.523442][ T5303] rc_core: IR keymap rc-hauppauge not found [ 2268.560870][ T5303] Registered IR keymap rc-empty [ 2268.578287][ T5303] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 2268.621576][ T5303] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 2268.685916][ T5303] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 2268.761569][ T5303] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input203 [ 2268.812166][ T5303] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 2268.910844][ T5303] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 2268.959818][ T5303] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 2269.022993][ T5303] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 2269.103453][ T5303] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 2269.163487][ T5303] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 2269.228750][ T5303] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 2269.278393][ T5303] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 2269.365554][ T5303] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 2269.429728][ T5303] mceusb 2-1:0.0: Error: mce write urb status = -71 [ 2269.491745][ T5303] mceusb 2-1:0.0: Registered with mce emulator interface version 1 [ 2269.537840][ T5303] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 2269.605565][ T5303] usb 2-1: USB disconnect, device number 120 [ 2269.859276][ T8] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 2270.083810][ T8] usb 3-1: too many configurations: 65, using maximum allowed: 8 [ 2270.137818][ T8] usb 3-1: New USB device found, idVendor=046d, idProduct=08c1, bcdDevice=ee.8d [ 2270.180113][ T8] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2270.305180][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.324416][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.384902][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.403271][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.434614][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.462851][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.494424][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.663798][T26093] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2270.704576][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.717587][T26093] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2270.766724][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.783046][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.859821][ T8] usb 3-1: string descriptor 0 read error: -71 [ 2270.874507][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.933370][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.944001][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.952816][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.962891][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.974493][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2270.995677][ T8] usb 3-1: Found UVC 0.00 device (046d:08c1) [ 2271.042313][ T8] usb 3-1: No valid video chain found. [ 2271.168082][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2271.172866][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2271.198824][ T8] usb 3-1: USB disconnect, device number 8 [ 2271.235258][T26109] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2271.803440][ T8] usb 5-1: new high-speed USB device number 115 using dummy_hcd [ 2272.176715][ T8] usb 5-1: Using ep0 maxpacket: 32 [ 2272.585037][ T8] usb 5-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=ba.e3 [ 2272.594477][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2272.622150][ T8] usb 5-1: Product: syz [ 2272.641410][ T8] usb 5-1: Manufacturer: syz [ 2272.672009][ T8] usb 5-1: SerialNumber: syz [ 2272.686787][ T8] usb 5-1: config 0 descriptor?? [ 2273.119650][T26115] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2273.153113][T26115] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2273.237028][ T1170] usb 5-1: USB disconnect, device number 115 [ 2273.258547][ T1170] f81534a_ctrl 5-1:0.0: failed to set register 0x116: -19 [ 2273.296059][ T1170] f81534a_ctrl 5-1:0.0: failed to enable ports: -19 [ 2273.421139][T26145] syz.3.5516 (26145): /proc/26145/oom_adj is deprecated, please use /proc/26145/oom_score_adj instead. [ 2273.625360][T26152] fuse: Invalid rootmode [ 2273.841331][T26155] atomic_op ffff88802e82d198 conn xmit_atomic 0000000000000000 [ 2273.982258][T26162] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 2275.275189][T26177] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2275.285149][T26177] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2275.317062][T26177] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2275.346262][T26177] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2275.395188][T26177] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2275.416307][T26177] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2275.495171][T26177] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2275.616763][T26177] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2275.795159][T26177] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2275.885325][T26177] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2275.910456][T26177] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2276.429985][T26177] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2276.703272][ T5303] usb 5-1: new high-speed USB device number 116 using dummy_hcd [ 2276.972866][ T5303] usb 5-1: Using ep0 maxpacket: 32 [ 2277.001068][ T5303] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2277.027364][ T5303] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2277.037710][ T5303] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 2277.050961][ T5303] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2277.076201][ T5303] usb 5-1: config 0 descriptor?? [ 2277.672613][ T5275] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 2278.065714][ T5275] usb 3-1: config 0 has an invalid interface number: 100 but max is 0 [ 2278.127352][ T5275] usb 3-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 2278.167158][ T5275] usb 3-1: config 0 has no interface number 1 [ 2278.202936][ T5275] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 2278.248565][ T5275] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 2278.327385][ T5275] usb 3-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2278.450197][ T5275] usb 3-1: too many endpoints for config 0 interface 100 altsetting 7: 237, using maximum allowed: 30 [ 2278.527047][ T5275] usb 3-1: config 0 interface 100 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 237 [ 2278.571175][ T5976] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 2278.634862][ T5275] usb 3-1: config 0 interface 100 has no altsetting 0 [ 2278.683349][ T5275] usb 3-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 2278.721588][ T5275] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2278.779266][ T5275] usb 3-1: Product: syz [ 2278.794695][ T5275] usb 3-1: Manufacturer: syz [ 2278.812624][ T5976] usb 4-1: config 0 has an invalid interface number: 100 but max is 0 [ 2278.838360][ T5275] usb 3-1: SerialNumber: syz [ 2278.860653][ T5976] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 2278.874880][ T5275] usb 3-1: config 0 descriptor?? [ 2278.897417][ T5976] usb 4-1: config 0 has no interface number 1 [ 2278.913319][ T5976] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 2278.936845][ T5976] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 2278.971477][ T5976] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2278.986560][ T5976] usb 4-1: too many endpoints for config 0 interface 100 altsetting 7: 237, using maximum allowed: 30 [ 2279.001655][T26217] atomic_op ffff88802e68e998 conn xmit_atomic 0000000000000000 [ 2279.021847][ T5976] usb 4-1: config 0 interface 100 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 237 [ 2279.074080][ T5976] usb 4-1: config 0 interface 100 has no altsetting 0 [ 2279.093033][ T5976] usb 4-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 2279.132625][ T1170] usb 2-1: new high-speed USB device number 121 using dummy_hcd [ 2279.141623][ T5976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2279.174797][ T5976] usb 4-1: Product: syz [ 2279.192301][ T5275] kaweth 3-1:0.0: Firmware present in device. [ 2279.198990][ T5976] usb 4-1: Manufacturer: syz [ 2279.213674][ T5976] usb 4-1: SerialNumber: syz [ 2279.237115][ T5976] usb 4-1: config 0 descriptor?? [ 2279.343280][ T1170] usb 2-1: Using ep0 maxpacket: 32 [ 2279.361196][ T5275] kaweth 3-1:0.0: Statistics collection: 0 [ 2279.379380][ T1170] usb 2-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=ba.e3 [ 2279.402665][ T5275] kaweth 3-1:0.0: Multicast filter limit: 0 [ 2279.412774][ T1170] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2279.446050][ T5275] kaweth 3-1:0.0: MTU: 0 [ 2279.451893][ T5275] kaweth 3-1:0.0: Read MAC address 00:00:00:00:00:00 [ 2279.458962][ T1170] usb 2-1: Product: syz [ 2279.482784][ T1170] usb 2-1: Manufacturer: syz [ 2279.502572][ T1170] usb 2-1: SerialNumber: syz [ 2279.533676][T26221] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5534'. [ 2279.555581][ T1170] usb 2-1: config 0 descriptor?? [ 2279.633591][ T5976] kaweth 4-1:0.0: Firmware present in device. [ 2279.830429][ T5976] kaweth 4-1:0.0: Statistics collection: 0 [ 2279.848465][ T5976] kaweth 4-1:0.0: Multicast filter limit: 0 [ 2279.866262][ T5976] kaweth 4-1:0.0: MTU: 0 [ 2279.883944][ T5976] kaweth 4-1:0.0: Read MAC address 00:00:00:00:00:00 [ 2279.984347][T26215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2280.019352][T26215] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2280.093135][ T1170] usb 2-1: USB disconnect, device number 121 [ 2280.139273][ T1170] f81534a_ctrl 2-1:0.0: failed to set register 0x116: -19 [ 2280.174793][ T1170] f81534a_ctrl 2-1:0.0: failed to enable ports: -19 [ 2280.563277][ T5303] usbhid 5-1:0.0: can't add hid device: -71 [ 2280.582717][ T5303] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 2280.597767][ T5303] usb 5-1: USB disconnect, device number 116 [ 2280.777640][ T5275] kaweth 3-1:0.0: probe with driver kaweth failed with error -5 [ 2280.833067][ T5275] kaweth 3-1:0.100: Firmware present in device. [ 2280.858015][ T5275] kaweth 3-1:0.100: Error reading configuration (-71), no net device created [ 2280.882025][ T5275] kaweth 3-1:0.100: probe with driver kaweth failed with error -5 [ 2280.917454][ T5275] usb 3-1: USB disconnect, device number 9 [ 2281.182817][ T5976] kaweth 4-1:0.0: probe with driver kaweth failed with error -5 [ 2281.189503][T26236] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=808464432 (1616928864 ns) > initial count (2 ns). Using initial count to start timer. [ 2281.258766][T26236] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 2281.306684][ T5976] kaweth 4-1:0.100: Firmware present in device. [ 2281.321629][ T5976] kaweth 4-1:0.100: Error reading configuration (-71), no net device created [ 2281.348482][T26242] netlink: 'syz.1.5539': attribute type 8 has an invalid length. [ 2281.380377][ T5976] kaweth 4-1:0.100: probe with driver kaweth failed with error -5 [ 2281.404256][T26243] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5540'. [ 2281.443373][ T5976] usb 4-1: USB disconnect, device number 23 [ 2282.135421][T26260] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2282.141665][T26254] atomic_op ffff88806becc198 conn xmit_atomic 0000000000000000 [ 2282.145444][T26260] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2282.296738][T26260] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2282.375656][T26260] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2282.646262][T26260] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2282.695760][T26260] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2282.725902][T26260] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2282.752579][T26260] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2282.795513][T26260] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2282.956773][T26260] llcp: llcp_sock_recvmsg: Recv datagram failed state 4 -512 0 [ 2282.971585][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 2282.986681][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 2283.204117][T26272] FAULT_INJECTION: forcing a failure. [ 2283.204117][T26272] name failslab, interval 1, probability 0, space 0, times 0 [ 2283.258481][T26272] CPU: 1 UID: 0 PID: 26272 Comm: syz.2.5545 Not tainted 6.11.0-rc1-syzkaller-00004-gdc1c8034e31b #0 [ 2283.269301][T26272] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2283.279375][T26272] Call Trace: [ 2283.282669][T26272] [ 2283.285630][T26272] dump_stack_lvl+0x241/0x360 [ 2283.290339][T26272] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2283.295558][T26272] ? __pfx__printk+0x10/0x10 [ 2283.300173][T26272] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 2283.305648][T26272] ? __pfx___might_resched+0x10/0x10 [ 2283.310951][T26272] should_fail_ex+0x3b0/0x4e0 [ 2283.315637][T26272] should_failslab+0xac/0x100 [ 2283.320326][T26272] ? drm_mode_duplicate+0x9c/0x140 [ 2283.325480][T26272] __kmalloc_cache_noprof+0x6c/0x2c0 [ 2283.330792][T26272] drm_mode_duplicate+0x9c/0x140 [ 2283.335740][T26272] ? __pfx_drm_mode_duplicate+0x10/0x10 [ 2283.341299][T26272] ? drm_mode_probed_add+0x9c/0x130 [ 2283.346508][T26272] drm_add_modes_noedid+0x139/0x240 [ 2283.351734][T26272] vkms_conn_get_modes+0x20/0x40 [ 2283.352955][ T29] kauditd_printk_skb: 27 callbacks suppressed [ 2283.352975][ T29] audit: type=1326 audit(1722277959.274:2771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26273 comm="syz.1.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2283.356690][T26272] drm_helper_probe_single_connector_modes+0x8b7/0x1800 [ 2283.362926][ T29] audit: type=1326 audit(1722277959.274:2772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26273 comm="syz.1.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2283.384382][T26272] ? __pfx_drm_helper_probe_single_connector_modes+0x10/0x10 [ 2283.420511][T26272] ? _raw_spin_unlock+0x28/0x50 [ 2283.425393][T26272] ? __pfx_drm_helper_probe_single_connector_modes+0x10/0x10 [ 2283.432785][T26272] drm_mode_getconnector+0x621/0x1430 [ 2283.438181][T26272] ? __pfx_drm_mode_getconnector+0x10/0x10 [ 2283.444046][T26272] ? drm_dev_enter+0x45/0x150 [ 2283.448732][T26272] drm_ioctl_kernel+0x33a/0x440 [ 2283.453631][T26272] ? __pfx_drm_mode_getconnector+0x10/0x10 [ 2283.459451][T26272] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 2283.464837][T26272] ? __might_fault+0xc6/0x120 [ 2283.469528][T26272] drm_ioctl+0x611/0xad0 [ 2283.473801][T26272] ? __pfx_drm_mode_getconnector+0x10/0x10 [ 2283.479649][T26272] ? __pfx_drm_ioctl+0x10/0x10 [ 2283.484457][T26272] ? bpf_lsm_file_ioctl+0x9/0x10 [ 2283.489436][T26272] ? security_file_ioctl+0x87/0xb0 [ 2283.494562][T26272] ? __pfx_drm_ioctl+0x10/0x10 [ 2283.499347][T26272] __se_sys_ioctl+0xfc/0x170 [ 2283.503947][T26272] do_syscall_64+0xf3/0x230 [ 2283.508469][T26272] ? clear_bhb_loop+0x35/0x90 [ 2283.513162][T26272] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2283.519071][T26272] RIP: 0033:0x7f42ca977299 [ 2283.523486][T26272] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2283.543099][T26272] RSP: 002b:00007f42cb6cf048 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2283.551523][T26272] RAX: ffffffffffffffda RBX: 00007f42cab05f80 RCX: 00007f42ca977299 [ 2283.559502][T26272] RDX: 0000000020000340 RSI: 00000000c05064a7 RDI: 0000000000000003 [ 2283.567483][T26272] RBP: 00007f42cb6cf0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2283.575460][T26272] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 2283.583435][T26272] R13: 000000000000000b R14: 00007f42cab05f80 R15: 00007ffedd8f80e8 [ 2283.591430][T26272] [ 2283.607650][ T29] audit: type=1326 audit(1722277959.624:2773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26273 comm="syz.1.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2283.799772][ T29] audit: type=1326 audit(1722277959.624:2774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26273 comm="syz.1.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2283.821866][ T29] audit: type=1326 audit(1722277959.624:2775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26273 comm="syz.1.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2283.847845][ T29] audit: type=1326 audit(1722277959.624:2776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26273 comm="syz.1.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2284.487462][ T29] audit: type=1326 audit(1722277959.624:2777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26273 comm="syz.1.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2284.509234][ C0] vkms_vblank_simulate: vblank timer overrun [ 2284.647241][ T29] audit: type=1326 audit(1722277959.624:2778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26273 comm="syz.1.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2284.730258][ T29] audit: type=1326 audit(1722277959.624:2779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26273 comm="syz.1.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2284.820099][ T29] audit: type=1326 audit(1722277959.624:2780): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26273 comm="syz.1.5546" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2285.242627][ T5976] usb 2-1: new high-speed USB device number 122 using dummy_hcd [ 2285.442829][ T5976] usb 2-1: Using ep0 maxpacket: 16 [ 2285.450760][ T5976] usb 2-1: config 3 has an invalid interface number: 216 but max is 0 [ 2285.468215][ T5976] usb 2-1: config 3 has 2 interfaces, different from the descriptor's value: 1 [ 2285.527533][ T5976] usb 2-1: config 3 has no interface number 1 [ 2285.534671][ T5976] usb 2-1: config 3 interface 216 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 2286.672138][ T5976] usb 2-1: too many endpoints for config 3 interface 0 altsetting 0: 198, using maximum allowed: 30 [ 2286.684188][ T5976] usb 2-1: config 3 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 198 [ 2286.706495][ T5976] usb 2-1: New USB device found, idVendor=07af, idProduct=0004, bcdDevice= 1.01 [ 2286.722566][ T5976] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2286.731021][ T5976] usb 2-1: Product: syz [ 2286.747076][ T5976] usb 2-1: Manufacturer: syz [ 2286.751906][ T5976] usb 2-1: SerialNumber: syz [ 2286.776088][T26295] FAULT_INJECTION: forcing a failure. [ 2286.776088][T26295] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2286.793319][ T5976] usb-storage 2-1:3.216: USB Mass Storage device detected [ 2286.809901][T26295] CPU: 1 UID: 0 PID: 26295 Comm: syz.3.5552 Not tainted 6.11.0-rc1-syzkaller-00004-gdc1c8034e31b #0 [ 2286.820752][T26295] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2286.830823][T26295] Call Trace: [ 2286.834115][T26295] [ 2286.837052][T26295] dump_stack_lvl+0x241/0x360 [ 2286.841744][T26295] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2286.846970][T26295] ? __pfx__printk+0x10/0x10 [ 2286.851577][T26295] ? __pfx_lock_release+0x10/0x10 [ 2286.856618][T26295] should_fail_ex+0x3b0/0x4e0 [ 2286.861390][T26295] _copy_from_iter+0x1f6/0x1960 [ 2286.866335][T26295] ? __virt_addr_valid+0x183/0x530 [ 2286.871447][T26295] ? __pfx_lock_release+0x10/0x10 [ 2286.876488][T26295] ? __alloc_skb+0x28f/0x440 [ 2286.881095][T26295] ? __pfx__copy_from_iter+0x10/0x10 [ 2286.886388][T26295] ? __virt_addr_valid+0x183/0x530 [ 2286.891501][T26295] ? __virt_addr_valid+0x183/0x530 [ 2286.896612][T26295] ? __virt_addr_valid+0x45f/0x530 [ 2286.901727][T26295] ? __check_object_size+0x49c/0x900 [ 2286.907025][T26295] netlink_sendmsg+0x73d/0xcb0 [ 2286.911810][T26295] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2286.917116][T26295] ? __import_iovec+0x536/0x820 [ 2286.921974][T26295] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2286.927278][T26295] ? security_socket_sendmsg+0x87/0xb0 [ 2286.932763][T26295] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2286.938056][T26295] __sock_sendmsg+0x221/0x270 [ 2286.942745][T26295] ____sys_sendmsg+0x525/0x7d0 [ 2286.947518][T26295] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2286.952819][T26295] __sys_sendmsg+0x2b0/0x3a0 [ 2286.957410][T26295] ? __pfx___sys_sendmsg+0x10/0x10 [ 2286.962531][T26295] ? vfs_write+0x7c4/0xc90 [ 2286.967003][T26295] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2286.973366][T26295] ? do_syscall_64+0x100/0x230 [ 2286.978144][T26295] ? do_syscall_64+0xb6/0x230 [ 2286.982878][T26295] do_syscall_64+0xf3/0x230 [ 2286.987412][T26295] ? clear_bhb_loop+0x35/0x90 [ 2286.992188][T26295] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2286.998095][T26295] RIP: 0033:0x7fed41f77299 [ 2287.002520][T26295] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2287.022149][T26295] RSP: 002b:00007fed42c93048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2287.030570][T26295] RAX: ffffffffffffffda RBX: 00007fed42105f80 RCX: 00007fed41f77299 [ 2287.038573][T26295] RDX: 0000000000000000 RSI: 00000000200000c0 RDI: 0000000000000003 [ 2287.046550][T26295] RBP: 00007fed42c930a0 R08: 0000000000000000 R09: 0000000000000000 [ 2287.054523][T26295] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2287.062505][T26295] R13: 000000000000000b R14: 00007fed42105f80 R15: 00007ffc49bc0718 [ 2287.070510][T26295] [ 2287.085780][ T5976] usb-storage 2-1:3.216: Quirks match for vid 07af pid 0004: 4 [ 2287.220424][ T5976] usb-storage 2-1:3.0: USB Mass Storage device detected [ 2287.264579][ T5976] usb-storage 2-1:3.0: Quirks match for vid 07af pid 0004: 4 [ 2287.351939][ T5976] usb 2-1: USB disconnect, device number 122 [ 2287.882628][T26316] atomic_op ffff888079d9c198 conn xmit_atomic 0000000000000000 [ 2288.410652][ T29] kauditd_printk_skb: 23 callbacks suppressed [ 2288.410673][ T29] audit: type=1326 audit(1722277964.424:2804): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26319 comm="syz.1.5557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2288.676982][ T29] audit: type=1326 audit(1722277964.424:2805): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26319 comm="syz.1.5557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2289.570882][ T29] audit: type=1326 audit(1722277964.424:2806): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26319 comm="syz.1.5557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2289.628362][ T29] audit: type=1326 audit(1722277964.424:2807): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26319 comm="syz.1.5557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2289.711745][ T29] audit: type=1326 audit(1722277964.424:2808): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26319 comm="syz.1.5557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2289.711804][ T29] audit: type=1326 audit(1722277964.454:2809): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26319 comm="syz.1.5557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2289.711852][ T29] audit: type=1326 audit(1722277964.454:2810): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26319 comm="syz.1.5557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2289.711900][ T29] audit: type=1326 audit(1722277964.454:2811): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26319 comm="syz.1.5557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2289.711947][ T29] audit: type=1326 audit(1722277964.454:2812): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26319 comm="syz.1.5557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2289.711995][ T29] audit: type=1326 audit(1722277964.454:2813): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26319 comm="syz.1.5557" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8a6b177299 code=0x7ffc0000 [ 2289.956053][T14351] Bluetooth: hci2: unexpected event for opcode 0x0c5a [ 2290.022821][ T8] usb 5-1: new high-speed USB device number 117 using dummy_hcd [ 2290.504193][ T5219] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 2290.746533][ T5219] usb 3-1: config 33 has an invalid descriptor of length 0, skipping remainder of the config [ 2290.746571][ T5219] usb 3-1: config 33 has 1 interface, different from the descriptor's value: 3 [ 2291.012727][ T5219] usb 3-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 2291.021851][ T5219] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 2291.030150][ T5219] usb 3-1: SerialNumber: syz [ 2291.630240][T26336] netlink: 'syz.2.5562': attribute type 1 has an invalid length. [ 2291.684302][T26336] netlink: 228 bytes leftover after parsing attributes in process `syz.2.5562'. [ 2291.864940][ T5219] usb 3-1: 0:2 : does not exist [ 2291.871565][ T5219] usb 3-1: unit 5 not found! [ 2291.889655][ T5219] usb 3-1: USB disconnect, device number 10 [ 2292.102710][T17072] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 2292.181452][T26363] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 2292.190298][T26363] overlayfs: missing 'lowerdir' [ 2292.504697][T17072] usb 4-1: Using ep0 maxpacket: 8 [ 2292.584993][T17072] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 2292.735023][T17072] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 2292.855062][T17072] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 2292.887367][T17072] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2293.067146][T17072] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 2293.112556][T17072] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2294.272711][T14351] Bluetooth: hci2: Controller not accepting commands anymore: ncmd = 0 [ 2294.276918][T17072] usb 4-1: GET_CAPABILITIES returned 0 [ 2294.376688][T14351] Bluetooth: hci2: Injecting HCI hardware error event [ 2294.387255][T14351] Bluetooth: hci2: hardware error 0x00 [ 2294.428576][T17072] usbtmc 4-1:16.0: can't read capabilities [ 2294.654555][ T5275] usb 4-1: USB disconnect, device number 24 [ 2295.678975][T26386] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=808464432 (1616928864 ns) > initial count (2 ns). Using initial count to start timer. [ 2295.704655][T26395] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 2295.933367][T17072] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 2296.277635][T17072] usb 3-1: Using ep0 maxpacket: 32 [ 2296.307621][T17072] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 2296.307672][T17072] usb 3-1: config 0 has no interface number 0 [ 2296.307894][T17072] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2296.307945][T17072] usb 3-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2296.308091][T17072] usb 3-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 2296.308141][T17072] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2296.354683][T17072] usb 3-1: config 0 descriptor?? [ 2296.520567][T14351] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 2297.795558][T26381] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2297.852872][T26381] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2297.929083][T17072] uclogic 0003:28BD:0094.0020: failed retrieving string descriptor #100: -71 [ 2297.956560][T17072] uclogic 0003:28BD:0094.0020: failed retrieving pen parameters: -71 [ 2297.988267][T17072] uclogic 0003:28BD:0094.0020: pen probing failed: -71 [ 2298.015642][T17072] uclogic 0003:28BD:0094.0020: failed probing parameters: -71 [ 2298.042615][T17072] uclogic 0003:28BD:0094.0020: probe with driver uclogic failed with error -71 [ 2298.099985][T17072] usb 3-1: USB disconnect, device number 11 [ 2298.434332][ T29] kauditd_printk_skb: 60 callbacks suppressed [ 2298.434348][ T29] audit: type=1326 audit(1722277974.424:2874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26426 comm="syz.0.5582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79b77299 code=0x7ffc0000 [ 2298.690052][ T29] audit: type=1326 audit(1722277974.454:2875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26426 comm="syz.0.5582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79b77299 code=0x7ffc0000 [ 2299.633791][ T29] audit: type=1326 audit(1722277974.454:2876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26426 comm="syz.0.5582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=283 compat=0 ip=0x7f5f79b77299 code=0x7ffc0000 [ 2299.669454][ T1170] usb 2-1: new high-speed USB device number 123 using dummy_hcd [ 2299.786457][ T29] audit: type=1326 audit(1722277974.454:2877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26426 comm="syz.0.5582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79b77299 code=0x7ffc0000 [ 2299.852726][ T29] audit: type=1326 audit(1722277974.454:2878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26426 comm="syz.0.5582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79b77299 code=0x7ffc0000 [ 2299.948279][ T1170] usb 2-1: Using ep0 maxpacket: 32 [ 2299.958119][ T29] audit: type=1326 audit(1722277974.454:2879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26426 comm="syz.0.5582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=287 compat=0 ip=0x7f5f79b77299 code=0x7ffc0000 [ 2299.972109][ T1170] usb 2-1: config index 0 descriptor too short (expected 29220, got 36) [ 2300.071063][ T29] audit: type=1326 audit(1722277974.454:2880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26426 comm="syz.0.5582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79b77299 code=0x7ffc0000 [ 2300.110010][ T1170] usb 2-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 2300.122945][ T1170] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 2300.136755][ T1170] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 2301.081488][ T1170] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 2301.213159][ T1170] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 2301.238462][ T29] audit: type=1326 audit(1722277974.454:2881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26426 comm="syz.0.5582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79b77299 code=0x7ffc0000 [ 2301.264982][ T1170] usb 2-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 2301.274916][ T1170] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2301.298107][ T1170] usb 2-1: config 0 descriptor?? [ 2301.339196][ T1170] usb 2-1: can't set config #0, error -71 [ 2301.373403][ T29] audit: type=1326 audit(1722277974.454:2882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26426 comm="syz.0.5582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f5f79b77299 code=0x7ffc0000 [ 2301.374322][ T1170] usb 2-1: USB disconnect, device number 123 [ 2301.534899][ T29] audit: type=1326 audit(1722277974.484:2883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=26426 comm="syz.0.5582" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f5f79b77299 code=0x7ffc0000 [ 2302.869739][T26463] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5592'. [ 2303.023288][T26463] macvtap1: entered promiscuous mode [ 2303.205615][T26463] bond0: entered promiscuous mode [ 2304.152726][T26463] bond_slave_0: entered promiscuous mode [ 2304.158661][T26463] bond_slave_1: entered promiscuous mode [ 2304.204613][T17072] usb 2-1: new high-speed USB device number 124 using dummy_hcd [ 2304.215225][T26463] macvtap1: entered allmulticast mode [ 2304.220664][T26463] bond0: entered allmulticast mode [ 2304.251535][T26463] bond_slave_0: entered allmulticast mode [ 2304.260902][T26463] bond_slave_1: entered allmulticast mode [ 2304.282743][T26463] 8021q: adding VLAN 0 to HW filter on device macvtap1 [ 2304.305264][T26465] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5592'. [ 2304.322150][T26465] bond0: left allmulticast mode [ 2304.330691][T26465] bond_slave_0: left allmulticast mode [ 2304.338596][T26465] bond_slave_1: left allmulticast mode [ 2304.344775][T26465] bond0: left promiscuous mode [ 2304.352775][T26465] bond_slave_0: left promiscuous mode [ 2305.227644][T26465] bond_slave_1: left promiscuous mode [ 2305.262697][T26465] macvtap1: left promiscuous mode [ 2305.273049][T26465] macvtap1: left allmulticast mode [ 2305.378681][T17072] usb 2-1: device descriptor read/all, error -71 [ 2314.612605][T17072] usb 2-1: new high-speed USB device number 126 using dummy_hcd [ 2314.893109][T17072] usb 2-1: config 0 has an invalid interface number: 100 but max is 0 [ 2314.932701][T17072] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 2314.990368][T17072] usb 2-1: config 0 has no interface number 1 [ 2315.011325][T17072] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 2315.063387][T17072] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 2315.114302][T17072] usb 2-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2315.154308][T17072] usb 2-1: too many endpoints for config 0 interface 100 altsetting 7: 237, using maximum allowed: 30 [ 2318.840984][T17072] usb 2-1: config 0 interface 100 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 237 [ 2318.855026][T17072] usb 2-1: config 0 interface 100 has no altsetting 0 [ 2319.053271][ C1] eth0: bad gso: type: 1, size: 1408 [ 2319.067527][T17072] usb 2-1: string descriptor 0 read error: -71 [ 2319.083496][T17072] usb 2-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 2319.099608][T17072] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2319.163831][T17072] usb 2-1: config 0 descriptor?? [ 2319.171045][T17072] usb 2-1: can't set config #0, error -71 [ 2319.199265][T17072] usb 2-1: USB disconnect, device number 126 [ 2319.237525][T26584] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5621'. [ 2319.262634][T26584] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5621'. [ 2319.308022][T26582] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=808464432 (1616928864 ns) > initial count (2 ns). Using initial count to start timer. [ 2319.335205][T26582] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 2319.399681][T26590] hpfs: bad mount options. [ 2319.544892][T26599] netlink: 'syz.3.5624': attribute type 4 has an invalid length. [ 2319.615235][T26601] netlink: 'syz.3.5624': attribute type 4 has an invalid length. [ 2319.865999][T17072] usb 2-1: new high-speed USB device number 127 using dummy_hcd [ 2320.238622][T17072] usb 2-1: config 0 has an invalid interface number: 254 but max is 0 [ 2320.247176][T17072] usb 2-1: config 0 has an invalid interface number: 127 but max is 0 [ 2320.256948][T17072] usb 2-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 2320.384405][T17072] usb 2-1: config 0 has no interface number 0 [ 2320.391815][T17072] usb 2-1: config 0 has no interface number 1 [ 2320.399398][T17072] usb 2-1: config 0 interface 254 altsetting 0 endpoint 0x5 has an invalid bInterval 84, changing to 7 [ 2320.723014][T17072] usb 2-1: config 0 interface 254 altsetting 0 has an endpoint descriptor with address 0xEF, changing to 0x8F [ 2320.739446][T17072] usb 2-1: config 0 interface 254 altsetting 0 endpoint 0x8F has invalid maxpacket 24582, setting to 1024 [ 2320.771992][T17072] usb 2-1: config 0 interface 254 altsetting 0 endpoint 0x9 has invalid maxpacket 608, setting to 64 [ 2320.784142][T17072] usb 2-1: config 0 interface 254 altsetting 0 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 2320.802585][T17072] usb 2-1: config 0 interface 254 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 15 [ 2320.840335][T17072] usb 2-1: config 0 interface 127 altsetting 130 has 0 endpoint descriptors, different from the interface descriptor's value: 24 [ 2320.874114][T17072] usb 2-1: config 0 interface 127 has no altsetting 0 [ 2320.894389][T17072] usb 2-1: New USB device found, idVendor=10c4, idProduct=ea7a, bcdDevice=82.99 [ 2320.909435][T17072] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2320.923575][T17072] usb 2-1: Product: syz [ 2320.932148][T17072] usb 2-1: Manufacturer: syz [ 2320.946809][T26618] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 2320.948294][T17072] usb 2-1: SerialNumber: syz [ 2320.975217][T17072] usb 2-1: config 0 descriptor?? [ 2320.995804][T17072] cp210x 2-1:0.254: cp210x converter detected [ 2321.202161][T17072] cp210x 2-1:0.254: failed to get vendor val 0x370b size 1: -71 [ 2321.221383][T17072] cp210x 2-1:0.254: querying part number failed [ 2321.251235][T17072] usb 2-1: cp210x converter now attached to ttyUSB0 [ 2321.283148][T17072] cp210x 2-1:0.127: cp210x converter detected [ 2321.298152][T17072] cp210x 2-1:0.127: failed to get vendor val 0x370b size 1: -71 [ 2321.509327][T17072] cp210x 2-1:0.127: querying part number failed [ 2321.532878][T17072] usb 2-1: cp210x converter now attached to ttyUSB1 [ 2321.580556][T17072] usb 2-1: USB disconnect, device number 127 [ 2322.296157][ T5976] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 2322.834258][T17072] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 2322.843109][T17072] cp210x 2-1:0.254: device disconnected [ 2322.852692][T17072] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1 [ 2322.860917][T17072] cp210x 2-1:0.127: device disconnected [ 2322.888052][ T5976] usb 3-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 2322.907698][ T5976] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2322.928014][ T5976] usb 3-1: Product: syz [ 2322.932257][ T5976] usb 3-1: Manufacturer: syz [ 2322.942891][T26641] netlink: 36 bytes leftover after parsing attributes in process `syz.4.5635'. [ 2322.963250][ T5976] usb 3-1: SerialNumber: syz [ 2322.974711][ T5976] usb 3-1: config 0 descriptor?? [ 2323.099858][T26645] vxcan2: entered promiscuous mode [ 2323.129616][T26645] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5637'. [ 2323.256782][ T1170] usb 5-1: new high-speed USB device number 118 using dummy_hcd [ 2323.281461][ T5976] kaweth 3-1:0.0: Firmware present in device. [ 2323.302804][ T5976] kaweth 3-1:0.0: Error reading configuration (-71), no net device created [ 2323.332220][ T5976] kaweth 3-1:0.0: probe with driver kaweth failed with error -5 [ 2323.346333][ T5976] usb 3-1: USB disconnect, device number 12 [ 2323.893164][ T5271] kworker/1:3 (5271) used greatest stack depth: 14648 bytes left [ 2324.375573][T26658] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5640'. [ 2324.377246][ T1170] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2324.396917][ T1170] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 2324.406326][ T1170] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2324.419708][ T1170] usb 5-1: config 0 descriptor?? [ 2324.428842][ T1170] pwc: Askey VC010 type 2 USB webcam detected. [ 2324.791152][T26667] netem: incorrect gi model size [ 2324.826620][T26667] netem: change failed [ 2324.838114][ T1170] pwc: send_video_command error -71 [ 2324.844542][ T1170] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 2324.853106][ T1170] Philips webcam 5-1:0.0: probe with driver Philips webcam failed with error -71 [ 2324.864574][ T1170] usb 5-1: USB disconnect, device number 118 [ 2324.976875][T26671] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 2326.816286][T26693] FAULT_INJECTION: forcing a failure. [ 2326.816286][T26693] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2326.831244][T26693] CPU: 1 UID: 0 PID: 26693 Comm: syz.3.5651 Not tainted 6.11.0-rc1-syzkaller-00004-gdc1c8034e31b #0 [ 2326.842084][T26693] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2326.842787][ T5303] usb 5-1: new high-speed USB device number 119 using dummy_hcd [ 2326.852318][T26693] Call Trace: [ 2326.852339][T26693] [ 2326.852350][T26693] dump_stack_lvl+0x241/0x360 [ 2326.852392][T26693] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2326.852424][T26693] ? __pfx__printk+0x10/0x10 [ 2326.852455][T26693] ? __pfx_lock_release+0x10/0x10 [ 2326.852496][T26693] should_fail_ex+0x3b0/0x4e0 [ 2326.852526][T26693] _copy_from_iter+0x1f6/0x1960 [ 2326.852556][T26693] ? __virt_addr_valid+0x183/0x530 [ 2326.852581][T26693] ? __pfx_lock_release+0x10/0x10 [ 2326.852621][T26693] ? __alloc_skb+0x28f/0x440 [ 2326.852654][T26693] ? __pfx__copy_from_iter+0x10/0x10 [ 2326.852683][T26693] ? __virt_addr_valid+0x183/0x530 [ 2326.921175][T26693] ? __virt_addr_valid+0x183/0x530 [ 2326.926329][T26693] ? __virt_addr_valid+0x45f/0x530 [ 2326.931458][T26693] ? __check_object_size+0x49c/0x900 [ 2326.936784][T26693] netlink_sendmsg+0x73d/0xcb0 [ 2326.941621][T26693] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2326.946984][T26693] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 2326.952330][T26693] ? security_socket_sendmsg+0x87/0xb0 [ 2326.957855][T26693] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2326.963204][T26693] __sock_sendmsg+0x221/0x270 [ 2326.967953][T26693] ____sys_sendmsg+0x525/0x7d0 [ 2326.972789][T26693] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2326.978159][T26693] __sys_sendmsg+0x2b0/0x3a0 [ 2326.982805][T26693] ? __pfx___sys_sendmsg+0x10/0x10 [ 2326.987971][T26693] ? vfs_write+0x7c4/0xc90 [ 2326.992481][T26693] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2326.998870][T26693] ? do_syscall_64+0x100/0x230 [ 2327.003673][T26693] ? do_syscall_64+0xb6/0x230 [ 2327.008382][T26693] do_syscall_64+0xf3/0x230 [ 2327.012934][T26693] ? clear_bhb_loop+0x35/0x90 [ 2327.017667][T26693] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2327.023597][T26693] RIP: 0033:0x7fed41f77299 [ 2327.028018][T26693] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2327.042580][ T5303] usb 5-1: Using ep0 maxpacket: 16 [ 2327.047704][T26693] RSP: 002b:00007fed42c71048 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2327.047739][T26693] RAX: ffffffffffffffda RBX: 00007fed42106058 RCX: 00007fed41f77299 [ 2327.047758][T26693] RDX: 0000000000000000 RSI: 0000000020000040 RDI: 000000000000000c [ 2327.047775][T26693] RBP: 00007fed42c710a0 R08: 0000000000000000 R09: 0000000000000000 [ 2327.085634][T26693] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2327.093611][T26693] R13: 000000000000006e R14: 00007fed42106058 R15: 00007ffc49bc0718 [ 2327.101605][T26693] [ 2327.147784][ T5303] usb 5-1: config 3 has an invalid interface number: 216 but max is 0 [ 2327.167825][ T5303] usb 5-1: config 3 has 2 interfaces, different from the descriptor's value: 1 [ 2327.197382][ T5303] usb 5-1: config 3 has no interface number 1 [ 2327.216300][ T5303] usb 5-1: config 3 interface 216 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 2327.281797][ T5303] usb 5-1: too many endpoints for config 3 interface 0 altsetting 0: 198, using maximum allowed: 30 [ 2327.297801][ T5303] usb 5-1: config 3 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 198 [ 2327.330484][ T5303] usb 5-1: New USB device found, idVendor=07af, idProduct=0004, bcdDevice= 1.01 [ 2327.344917][ T5303] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2327.372287][ T5303] usb 5-1: Product: syz [ 2327.386232][ T5303] usb 5-1: Manufacturer: syz [ 2327.422796][ T5303] usb 5-1: SerialNumber: syz [ 2327.454051][ T5303] usb-storage 5-1:3.216: USB Mass Storage device detected [ 2327.481333][ T5303] usb-storage 5-1:3.216: Quirks match for vid 07af pid 0004: 4 [ 2327.672275][ T5303] usb-storage 5-1:3.0: USB Mass Storage device detected [ 2327.716575][ T5303] usb-storage 5-1:3.0: Quirks match for vid 07af pid 0004: 4 [ 2327.759678][ T5303] usb 5-1: USB disconnect, device number 119 [ 2327.862754][ T5219] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 2328.054414][ T5219] usb 4-1: config 1 has an invalid interface number: 3 but max is 2 [ 2328.062649][ T5219] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 2328.071487][ T5219] usb 4-1: config 1 has no interface number 1 [ 2328.079506][ T5219] usb 4-1: too many endpoints for config 1 interface 3 altsetting 0: 187, using maximum allowed: 30 [ 2328.090902][ T5219] usb 4-1: config 1 interface 3 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 187 [ 2328.110259][ T5219] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2328.122661][ T5275] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 2328.129011][ T5219] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2328.140380][ T5219] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2328.154215][ T5219] usb 4-1: Product: syz [ 2328.159219][ T5219] usb 4-1: Manufacturer: syz [ 2328.164830][ T5219] usb 4-1: SerialNumber: syz [ 2328.392999][ T5275] usb 2-1: Using ep0 maxpacket: 32 [ 2328.422244][ T5275] usb 2-1: New USB device found, idVendor=2c42, idProduct=16f8, bcdDevice=ba.e3 [ 2328.438824][ T5275] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2328.459837][ T5275] usb 2-1: Product: syz [ 2328.468894][ T5275] usb 2-1: Manufacturer: syz [ 2328.477410][ T5275] usb 2-1: SerialNumber: syz [ 2328.490102][ T5275] usb 2-1: config 0 descriptor?? [ 2328.576234][ T5219] hub 4-1:1.3: bad descriptor, ignoring hub [ 2328.591530][ T5219] hub 4-1:1.3: probe with driver hub failed with error -5 [ 2328.645662][ T5219] usb 4-1: USB disconnect, device number 25 [ 2328.804354][T26727] FAULT_INJECTION: forcing a failure. [ 2328.804354][T26727] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2328.818625][T26727] CPU: 0 UID: 0 PID: 26727 Comm: syz.4.5661 Not tainted 6.11.0-rc1-syzkaller-00004-gdc1c8034e31b #0 [ 2328.829607][T26727] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2328.839700][T26727] Call Trace: [ 2328.842985][T26727] [ 2328.845918][T26727] dump_stack_lvl+0x241/0x360 [ 2328.850611][T26727] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2328.855837][T26727] ? __pfx__printk+0x10/0x10 [ 2328.860445][T26727] ? snprintf+0xda/0x120 [ 2328.864701][T26727] should_fail_ex+0x3b0/0x4e0 [ 2328.869388][T26727] _copy_to_user+0x2f/0xb0 [ 2328.873829][T26727] simple_read_from_buffer+0xca/0x150 [ 2328.879262][T26727] proc_fail_nth_read+0x1e9/0x250 [ 2328.884328][T26727] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2328.889899][T26727] ? rw_verify_area+0x520/0x6b0 [ 2328.894755][T26727] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2328.900315][T26727] vfs_read+0x204/0xbc0 [ 2328.904484][T26727] ? __pfx_lock_release+0x10/0x10 [ 2328.909544][T26727] ? __pfx_vfs_read+0x10/0x10 [ 2328.914224][T26727] ? __fget_files+0x29/0x470 [ 2328.918822][T26727] ? __fget_files+0x3f6/0x470 [ 2328.923542][T26727] ksys_read+0x1a0/0x2c0 [ 2328.927814][T26727] ? __pfx_ksys_read+0x10/0x10 [ 2328.932593][T26727] ? do_syscall_64+0x100/0x230 [ 2328.937375][T26727] ? do_syscall_64+0xb6/0x230 [ 2328.942068][T26727] do_syscall_64+0xf3/0x230 [ 2328.946677][T26727] ? clear_bhb_loop+0x35/0x90 [ 2328.951374][T26727] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2328.957286][T26727] RIP: 0033:0x7f6064d75d7c [ 2328.961712][T26727] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 c9 8c 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 1f 8d 02 00 48 [ 2328.981340][T26727] RSP: 002b:00007f6065bed040 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 2328.989775][T26727] RAX: ffffffffffffffda RBX: 00007f6064f05f80 RCX: 00007f6064d75d7c [ 2328.997765][T26727] RDX: 000000000000000f RSI: 00007f6065bed0b0 RDI: 0000000000000004 [ 2329.005747][T26727] RBP: 00007f6065bed0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2329.013725][T26727] R10: 0000000000000001 R11: 0000000000000246 R12: 0000000000000001 [ 2329.021716][T26727] R13: 000000000000000b R14: 00007f6064f05f80 R15: 00007ffdb2b56398 [ 2329.029731][T26727] [ 2329.048431][T26715] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2329.057694][T26715] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2329.072711][ T5976] usb 2-1: USB disconnect, device number 2 [ 2329.089670][ T5976] f81534a_ctrl 2-1:0.0: failed to set register 0x116: -19 [ 2329.097025][ T5976] f81534a_ctrl 2-1:0.0: failed to enable ports: -19 [ 2329.132319][T26729] dlm: non-version read from control device 275 [ 2329.230243][T26732] netlink: 188 bytes leftover after parsing attributes in process `syz.4.5662'. [ 2329.260218][T26732] netlink: 'syz.4.5662': attribute type 1 has an invalid length. [ 2329.420395][T26738] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 2329.470844][T26740] FAULT_INJECTION: forcing a failure. [ 2329.470844][T26740] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2329.484525][T26740] CPU: 1 UID: 0 PID: 26740 Comm: syz.0.5666 Not tainted 6.11.0-rc1-syzkaller-00004-gdc1c8034e31b #0 [ 2329.495512][T26740] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2329.505605][T26740] Call Trace: [ 2329.509083][T26740] [ 2329.512035][T26740] dump_stack_lvl+0x241/0x360 [ 2329.516745][T26740] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2329.521975][T26740] ? __pfx__printk+0x10/0x10 [ 2329.526606][T26740] should_fail_ex+0x3b0/0x4e0 [ 2329.531313][T26740] strncpy_from_user+0x36/0x2e0 [ 2329.536201][T26740] ? kmem_cache_alloc_noprof+0x185/0x2a0 [ 2329.541869][T26740] getname_flags+0xf1/0x540 [ 2329.546401][T26740] do_sys_openat2+0xd2/0x1d0 [ 2329.551014][T26740] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 2329.557010][T26740] ? __pfx_do_sys_openat2+0x10/0x10 [ 2329.562223][T26740] ? __fget_files+0x3f6/0x470 [ 2329.566926][T26740] __x64_sys_openat+0x247/0x2a0 [ 2329.571802][T26740] ? __pfx___x64_sys_openat+0x10/0x10 [ 2329.577194][T26740] ? do_syscall_64+0x100/0x230 [ 2329.581984][T26740] ? do_syscall_64+0xb6/0x230 [ 2329.586682][T26740] do_syscall_64+0xf3/0x230 [ 2329.591201][T26740] ? clear_bhb_loop+0x35/0x90 [ 2329.595902][T26740] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2329.601818][T26740] RIP: 0033:0x7f5f79b77299 [ 2329.606247][T26740] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2329.625868][T26740] RSP: 002b:00007f5f7a86c048 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 2329.634295][T26740] RAX: ffffffffffffffda RBX: 00007f5f79d05f80 RCX: 00007f5f79b77299 [ 2329.642280][T26740] RDX: 0000000000004301 RSI: 0000000020000080 RDI: ffffffffffffff9c [ 2329.650261][T26740] RBP: 00007f5f7a86c0a0 R08: 0000000000000000 R09: 0000000000000000 [ 2329.658241][T26740] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2329.666225][T26740] R13: 000000000000000b R14: 00007f5f79d05f80 R15: 00007ffc16915d98 [ 2329.674219][T26740] [ 2330.848571][T26764] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5668'. [ 2331.582852][ T5219] usb 5-1: new high-speed USB device number 120 using dummy_hcd [ 2332.214881][ T5219] usb 5-1: config 1 has an invalid interface number: 3 but max is 2 [ 2332.244383][ T5219] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 2332.256271][T26789] FAULT_INJECTION: forcing a failure. [ 2332.256271][T26789] name failslab, interval 1, probability 0, space 0, times 0 [ 2332.278297][T26789] CPU: 1 UID: 0 PID: 26789 Comm: syz.1.5674 Not tainted 6.11.0-rc1-syzkaller-00004-gdc1c8034e31b #0 [ 2332.279513][ T5219] usb 5-1: config 1 has no interface number 1 [ 2332.289093][T26789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2332.289117][T26789] Call Trace: [ 2332.289128][T26789] [ 2332.289140][T26789] dump_stack_lvl+0x241/0x360 [ 2332.289181][T26789] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2332.289213][T26789] ? __pfx__printk+0x10/0x10 [ 2332.289243][T26789] ? kmem_cache_alloc_node_noprof+0x49/0x320 [ 2332.289278][T26789] ? __pfx___might_resched+0x10/0x10 [ 2332.289307][T26789] ? __might_fault+0xaa/0x120 [ 2332.289337][T26789] should_fail_ex+0x3b0/0x4e0 [ 2332.289367][T26789] should_failslab+0xac/0x100 [ 2332.289398][T26789] ? __alloc_skb+0x1c3/0x440 [ 2332.289434][T26789] kmem_cache_alloc_node_noprof+0x71/0x320 [ 2332.289474][T26789] __alloc_skb+0x1c3/0x440 [ 2332.289522][T26789] ? __pfx___alloc_skb+0x10/0x10 [ 2332.289555][T26789] ? __check_object_size+0x49c/0x900 [ 2332.289598][T26789] __ip6_append_data+0x2ba6/0x4070 [ 2332.296846][ T5219] usb 5-1: too many endpoints for config 1 interface 3 altsetting 0: 187, using maximum allowed: 30 [ 2332.305918][T26789] ? __pfx_udplite_getfrag+0x10/0x10 [ 2332.305978][T26789] ? __pfx___ip6_append_data+0x10/0x10 [ 2332.306011][T26789] ? ip6_setup_cork+0x9fd/0xfb0 [ 2332.306045][T26789] ip6_make_skb+0x43b/0x530 [ 2332.306080][T26789] ? ip6_dst_check+0xe7/0x7e0 [ 2332.306103][T26789] ? ip6_dst_check+0x5d9/0x7e0 [ 2332.306131][T26789] ? __pfx_udplite_getfrag+0x10/0x10 [ 2332.306160][T26789] ? __pfx_ip6_make_skb+0x10/0x10 [ 2332.306193][T26789] ? ip6_sk_dst_lookup_flow+0x714/0xa30 [ 2332.306235][T26789] ? __pfx_ip6_sk_dst_lookup_flow+0x10/0x10 [ 2332.306269][T26789] ? unwind_next_frame+0x196f/0x2a00 [ 2332.306304][T26789] ? udpv6_sendmsg+0x1cc7/0x3270 [ 2332.306335][T26789] udpv6_sendmsg+0x237f/0x3270 [ 2332.306379][T26789] ? __pfx_udplite_getfrag+0x10/0x10 [ 2332.306415][T26789] ? __pfx_udpv6_sendmsg+0x10/0x10 [ 2332.306450][T26789] ? __lock_acquire+0x137a/0x2040 [ 2332.306490][T26789] ? smack_socket_sendmsg+0x172/0x540 [ 2332.310023][ T5219] usb 5-1: config 1 interface 3 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 187 [ 2332.312727][T26789] ? __pfx_tomoyo_socket_sendmsg_permission+0x10/0x10 [ 2332.312776][T26789] ? inet_send_prepare+0x21/0x260 [ 2332.312809][T26789] ? inet_send_prepare+0x5a/0x260 [ 2332.317519][ T5219] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2332.322692][T26789] __sock_sendmsg+0xef/0x270 [ 2332.322733][T26789] sock_write_iter+0x2dd/0x400 [ 2332.322764][T26789] ? __pfx_sock_write_iter+0x10/0x10 [ 2332.322803][T26789] ? __pfx_sock_write_iter+0x10/0x10 [ 2332.322840][T26789] vfs_write+0xa72/0xc90 [ 2332.322868][T26789] ? __pfx_sock_write_iter+0x10/0x10 [ 2332.322898][T26789] ? __pfx_vfs_write+0x10/0x10 [ 2332.322945][T26789] ksys_write+0x1a0/0x2c0 [ 2332.559848][T26789] ? __pfx_ksys_write+0x10/0x10 [ 2332.564725][T26789] ? do_syscall_64+0x100/0x230 [ 2332.569513][T26789] ? do_syscall_64+0xb6/0x230 [ 2332.574240][T26789] do_syscall_64+0xf3/0x230 [ 2332.578782][T26789] ? clear_bhb_loop+0x35/0x90 [ 2332.583492][T26789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2332.589408][T26789] RIP: 0033:0x7f8a6b177299 [ 2332.593851][T26789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2332.613497][T26789] RSP: 002b:00007f8a6bfa9048 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 2332.621940][T26789] RAX: ffffffffffffffda RBX: 00007f8a6b306058 RCX: 00007f8a6b177299 [ 2332.629956][T26789] RDX: 000000000000e6da RSI: 0000000020000040 RDI: 0000000000000007 [ 2332.637965][T26789] RBP: 00007f8a6bfa90a0 R08: 0000000000000000 R09: 0000000000000000 [ 2332.645951][T26789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2332.653937][T26789] R13: 000000000000006e R14: 00007f8a6b306058 R15: 00007ffeeb409bc8 [ 2332.661943][T26789] [ 2332.729158][ T5219] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2332.738445][ T5219] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2332.789337][ T5219] usb 5-1: Product: syz [ 2332.826663][ T5219] usb 5-1: Manufacturer: syz [ 2332.855642][ T5219] usb 5-1: SerialNumber: syz [ 2333.343591][ T5273] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 2334.061205][ T5219] hub 5-1:1.3: bad descriptor, ignoring hub [ 2334.071905][ T5219] hub 5-1:1.3: probe with driver hub failed with error -5 [ 2334.083959][ T5273] usb 3-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 2334.100975][ T5273] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2334.110459][ T5273] usb 3-1: Product: syz [ 2334.120392][ T5273] usb 3-1: Manufacturer: syz [ 2334.128332][ T5219] usb 5-1: USB disconnect, device number 120 [ 2334.168769][ T5273] usb 3-1: SerialNumber: syz [ 2334.204909][ T5273] usb 3-1: config 0 descriptor?? [ 2334.479054][ T5273] kaweth 3-1:0.0: Firmware present in device. [ 2334.500044][ T5273] kaweth 3-1:0.0: Error reading configuration (-71), no net device created [ 2334.523275][ T5976] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 2334.535687][ T5273] kaweth 3-1:0.0: probe with driver kaweth failed with error -5 [ 2334.582745][ T5273] usb 3-1: USB disconnect, device number 13 [ 2334.623269][T26813] smc: net device lo applied user defined pnetid SYZ2 [ 2334.734584][ T5976] usb 4-1: config 0 has an invalid interface number: 100 but max is 0 [ 2334.759315][ T5976] usb 4-1: config 0 has 2 interfaces, different from the descriptor's value: 1 [ 2334.796992][ T5976] usb 4-1: config 0 has no interface number 1 [ 2334.809016][ T5976] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 2334.825642][ T5976] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 2334.840076][ T5976] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2334.861217][ T5976] usb 4-1: too many endpoints for config 0 interface 100 altsetting 7: 237, using maximum allowed: 30 [ 2334.881987][ T5976] usb 4-1: config 0 interface 100 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 237 [ 2334.902583][ T5976] usb 4-1: config 0 interface 100 has no altsetting 0 [ 2334.915128][ T5976] usb 4-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 2334.931036][ T5976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2334.939807][ T5976] usb 4-1: Product: syz [ 2334.951331][ T5976] usb 4-1: Manufacturer: syz [ 2334.956156][ T5976] usb 4-1: SerialNumber: syz [ 2334.967282][ T5976] usb 4-1: config 0 descriptor?? [ 2335.086488][T26820] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5683'. [ 2335.250755][ T5976] kaweth 4-1:0.0: Firmware present in device. [ 2335.452705][ T5976] kaweth 4-1:0.0: Statistics collection: 0 [ 2335.469143][ T5976] kaweth 4-1:0.0: Multicast filter limit: 0 [ 2335.479355][ T5976] kaweth 4-1:0.0: MTU: 0 [ 2335.487947][ T5976] kaweth 4-1:0.0: Read MAC address 00:00:00:00:00:00 [ 2335.595592][T26828] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 2336.399064][T26840] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2336.424030][T26840] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2336.886670][T26848] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5689'. [ 2336.921730][T26848] macvtap10: entered promiscuous mode [ 2336.933619][T26848] macvtap10: entered allmulticast mode [ 2336.968923][T26848] 8021q: adding VLAN 0 to HW filter on device macvtap10 [ 2337.019627][T26851] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5689'. [ 2337.084248][T26851] macvtap10: left promiscuous mode [ 2337.110077][T26851] macvtap10: left allmulticast mode [ 2337.763894][ T5976] kaweth 4-1:0.0: probe with driver kaweth failed with error -5 [ 2337.834443][ T5219] usb 5-1: new high-speed USB device number 121 using dummy_hcd [ 2338.329559][ T5976] kaweth 4-1:0.100: Firmware present in device. [ 2338.337961][ T5976] kaweth 4-1:0.100: Error reading configuration (-71), no net device created [ 2338.355076][ T5976] kaweth 4-1:0.100: probe with driver kaweth failed with error -5 [ 2338.370715][ T5976] usb 4-1: USB disconnect, device number 26 [ 2339.300208][ T5219] usb 5-1: config 1 has an invalid interface number: 3 but max is 2 [ 2339.314605][ T5219] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 2339.341729][ T5219] usb 5-1: config 1 has no interface number 1 [ 2339.360799][ T5219] usb 5-1: too many endpoints for config 1 interface 3 altsetting 0: 187, using maximum allowed: 30 [ 2339.387761][ T5219] usb 5-1: config 1 interface 3 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 187 [ 2339.429913][ T5219] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2339.455546][T26872] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5695'. [ 2339.475744][ T5219] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2339.491636][T26872] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5695'. [ 2339.502986][ T5219] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2339.560489][ T5219] usb 5-1: Product: syz [ 2339.582919][ T5219] usb 5-1: Manufacturer: syz [ 2339.597218][ T5219] usb 5-1: SerialNumber: syz [ 2339.682872][ T5976] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 2339.707483][T26876] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5696'. [ 2339.898491][ T5976] usb 4-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 2339.934233][ T5976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2339.958303][ T5976] usb 4-1: Product: syz [ 2339.971820][ T5976] usb 4-1: Manufacturer: syz [ 2339.987379][ T5976] usb 4-1: SerialNumber: syz [ 2340.038211][ T5976] usb 4-1: config 0 descriptor?? [ 2340.133549][ T5219] hub 5-1:1.3: bad descriptor, ignoring hub [ 2340.154243][ T5219] hub 5-1:1.3: probe with driver hub failed with error -5 [ 2340.260471][ T5219] usb 5-1: USB disconnect, device number 121 [ 2340.432180][ T5976] kaweth 4-1:0.0: Firmware present in device. [ 2340.448069][ T5976] kaweth 4-1:0.0: Error reading configuration (-71), no net device created [ 2340.460470][ T5976] kaweth 4-1:0.0: probe with driver kaweth failed with error -5 [ 2340.484604][ T5976] usb 4-1: USB disconnect, device number 27 [ 2340.572972][T26890] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 2342.965911][ T5303] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 2343.038465][T26918] netlink: 4 bytes leftover after parsing attributes in process `syz.2.5708'. [ 2343.262596][ T5303] usb 4-1: Using ep0 maxpacket: 32 [ 2343.274521][ T5303] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 2343.289750][ T5303] usb 4-1: config 0 has no interface number 0 [ 2343.316827][ T5303] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2343.352992][ T5303] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2343.386570][ T5303] usb 4-1: New USB device found, idVendor=28bd, idProduct=0094, bcdDevice= 0.00 [ 2343.395989][ T5303] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2343.422234][ T5303] usb 4-1: config 0 descriptor?? [ 2343.837055][T26934] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 2344.384952][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 2344.391559][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 2344.610821][ T5303] uclogic 0003:28BD:0094.0021: failed retrieving string descriptor #100: -71 [ 2344.620714][ T5303] uclogic 0003:28BD:0094.0021: failed retrieving pen parameters: -71 [ 2344.636416][ T5303] uclogic 0003:28BD:0094.0021: pen probing failed: -71 [ 2344.649848][ T5303] uclogic 0003:28BD:0094.0021: failed probing parameters: -71 [ 2344.673020][ T5303] uclogic 0003:28BD:0094.0021: probe with driver uclogic failed with error -71 [ 2344.705199][ T5303] usb 4-1: USB disconnect, device number 28 [ 2345.162974][ T5275] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 2345.236071][T26945] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5713'. [ 2345.373141][ T5275] usb 3-1: Using ep0 maxpacket: 16 [ 2345.400889][ T5275] usb 3-1: config 3 has an invalid interface number: 216 but max is 0 [ 2345.436746][ T5275] usb 3-1: config 3 has 2 interfaces, different from the descriptor's value: 1 [ 2345.470343][ T5275] usb 3-1: config 3 has no interface number 1 [ 2345.478767][ T5275] usb 3-1: config 3 interface 216 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 2345.498561][ T5275] usb 3-1: too many endpoints for config 3 interface 0 altsetting 0: 198, using maximum allowed: 30 [ 2345.510172][ T5275] usb 3-1: config 3 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 198 [ 2345.531777][ T5275] usb 3-1: New USB device found, idVendor=07af, idProduct=0004, bcdDevice= 1.01 [ 2345.541170][ T5275] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2345.554257][ T5275] usb 3-1: Product: syz [ 2345.558583][ T5275] usb 3-1: Manufacturer: syz [ 2345.566399][ T5275] usb 3-1: SerialNumber: syz [ 2345.577199][ T5275] usb-storage 3-1:3.216: USB Mass Storage device detected [ 2345.590008][ T5275] usb-storage 3-1:3.216: Quirks match for vid 07af pid 0004: 4 [ 2345.734081][ T5976] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 2345.752630][T17072] usb 5-1: new high-speed USB device number 122 using dummy_hcd [ 2345.766377][ T5273] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 2345.787004][ T5275] usb-storage 3-1:3.0: USB Mass Storage device detected [ 2345.798295][ T5275] usb-storage 3-1:3.0: Quirks match for vid 07af pid 0004: 4 [ 2345.849567][ T5275] usb 3-1: USB disconnect, device number 14 [ 2345.869841][T26961] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5718'. [ 2345.879671][T26961] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5718'. [ 2345.928848][ T5976] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 2345.932825][T17072] usb 5-1: Using ep0 maxpacket: 16 [ 2345.940713][ T5976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 2345.948510][T17072] usb 5-1: config 0 has an invalid descriptor of length 28, skipping remainder of the config [ 2345.964451][ T5976] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 2345.969355][T17072] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2345.984402][ T5976] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 2345.992963][T17072] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 191 [ 2346.011593][T17072] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2346.024775][ T5976] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2346.024813][ T5976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2346.027792][ T5976] usb 2-1: config 0 descriptor?? [ 2346.039965][ T5273] usb 4-1: New USB device found, idVendor=04bb, idProduct=0901, bcdDevice=55.ba [ 2346.057269][ T5273] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2346.065621][ T5273] usb 4-1: Product: syz [ 2346.071224][ T5273] usb 4-1: Manufacturer: syz [ 2346.077863][T17072] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 2346.087393][T17072] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 2346.099630][T17072] usb 5-1: Manufacturer: syz [ 2346.104411][ T5273] usb 4-1: SerialNumber: syz [ 2346.113487][T17072] usb 5-1: config 0 descriptor?? [ 2346.125468][ T5273] usb 4-1: config 0 descriptor?? [ 2346.391016][ T5273] kaweth 4-1:0.0: Firmware present in device. [ 2346.404069][T17072] rc_core: IR keymap rc-hauppauge not found [ 2346.413699][T17072] Registered IR keymap rc-empty [ 2346.426173][ T5273] kaweth 4-1:0.0: Error reading configuration (-71), no net device created [ 2346.435667][T17072] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 2346.446102][ T5273] kaweth 4-1:0.0: probe with driver kaweth failed with error -5 [ 2346.457785][ T5273] usb 4-1: USB disconnect, device number 29 [ 2346.468032][T17072] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 2346.766192][T17072] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0 [ 2346.789765][ T5976] usbhid 2-1:0.0: can't add hid device: -71 [ 2346.790904][T17072] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/rc/rc0/input205 [ 2346.810478][ T5976] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 2346.842840][ T5976] usb 2-1: USB disconnect, device number 3 [ 2346.865165][T26968] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5720'. [ 2346.951416][T17072] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 2346.985327][T17072] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 2347.042762][T17072] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 2347.103848][T17072] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 2347.153385][T17072] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 2347.218020][T17072] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 2347.260959][T17072] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 2347.284601][T26985] netlink: 184 bytes leftover after parsing attributes in process `syz.0.5727'. [ 2347.306629][T17072] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 2347.312960][T26985] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5727'. [ 2347.359684][T17072] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 2347.409615][T17072] mceusb 5-1:0.0: Error: mce write urb status = -71 [ 2347.443507][T26995] netlink: 236 bytes leftover after parsing attributes in process `syz.3.5732'. [ 2347.455373][T17072] mceusb 5-1:0.0: Registered with mce emulator interface version 1 [ 2347.457917][T26995] netlink: 12 bytes leftover after parsing attributes in process `syz.3.5732'. [ 2347.463619][T17072] mceusb 5-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 2347.468502][T17072] usb 5-1: USB disconnect, device number 122 [ 2347.481714][T26995] netlink: 40 bytes leftover after parsing attributes in process `syz.3.5732'. [ 2347.733643][ T5275] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 2347.932741][ T5275] usb 3-1: Using ep0 maxpacket: 16 [ 2347.945414][ T5275] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2347.958902][ T5275] usb 3-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2347.982024][ T5275] usb 3-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 2348.001639][ T5275] usb 3-1: config 0 interface 0 has no altsetting 0 [ 2348.009203][ T5275] usb 3-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00 [ 2348.022558][ T5275] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2348.036384][ T5275] usb 3-1: config 0 descriptor?? [ 2348.390752][T27011] netlink: 236 bytes leftover after parsing attributes in process `syz.0.5737'. [ 2348.412791][T27011] netlink: 12 bytes leftover after parsing attributes in process `syz.0.5737'. [ 2348.433208][T27011] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5737'. [ 2348.455785][ T5275] hid-generic 0003:045E:05DA.0022: unbalanced delimiter at end of report description [ 2348.473544][ T5275] hid-generic 0003:045E:05DA.0022: probe with driver hid-generic failed with error -22 [ 2348.660531][T17072] usb 3-1: USB disconnect, device number 15 [ 2349.121241][T27032] netlink: 'syz.4.5745': attribute type 1 has an invalid length. [ 2349.139599][T27032] netlink: 9372 bytes leftover after parsing attributes in process `syz.4.5745'. [ 2349.159994][T27032] netlink: 4 bytes leftover after parsing attributes in process `syz.4.5745'. [ 2349.201051][T27032] netlink: 11 bytes leftover after parsing attributes in process `syz.4.5745'. [ 2349.438906][T27045] netlink: 'syz.0.5750': attribute type 2 has an invalid length. [ 2349.446970][T27045] netlink: 'syz.0.5750': attribute type 3 has an invalid length. [ 2349.454838][T27045] netlink: 'syz.0.5750': attribute type 5 has an invalid length. [ 2349.483569][T27045] netlink: 'syz.0.5750': attribute type 6 has an invalid length. [ 2349.503087][T27045] netlink: 'syz.0.5750': attribute type 7 has an invalid length. [ 2349.514445][T27045] netlink: 'syz.0.5750': attribute type 7 has an invalid length. [ 2349.532591][T27045] netlink: 12522 bytes leftover after parsing attributes in process `syz.0.5750'. [ 2349.558865][T27045] netlink: 105116 bytes leftover after parsing attributes in process `syz.0.5750'. [ 2349.577382][T27045] netlink: 'syz.0.5750': attribute type 2 has an invalid length. [ 2349.588128][T27045] netlink: 'syz.0.5750': attribute type 3 has an invalid length. [ 2349.601225][T27045] netlink: 'syz.0.5750': attribute type 5 has an invalid length. [ 2349.618246][T27045] netlink: 12522 bytes leftover after parsing attributes in process `syz.0.5750'. [ 2350.108547][T27067] fuse: Unknown parameter 'fd1844674407370955161500000000000000000000' [ 2352.856242][ T5976] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 2352.893430][T27101] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5771'. [ 2352.961825][T27104] input: syz1 as /devices/virtual/input/input206 [ 2353.112975][ T5976] usb 4-1: Using ep0 maxpacket: 8 [ 2353.126292][ T5976] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 2353.144032][ T5976] usb 4-1: config 1 has no interface number 1 [ 2353.153301][ T5976] usb 4-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 2353.163263][ T5976] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2353.178088][ T5976] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2353.193800][ T5976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2353.232806][ T5976] usb 4-1: Product: syz [ 2353.247514][ T5976] usb 4-1: Manufacturer: syz [ 2353.258803][ T5976] usb 4-1: SerialNumber: syz [ 2353.510298][ T5976] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 2353.528686][ T5976] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 2353.618211][ T5976] usb 4-1: USB disconnect, device number 30 [ 2353.880373][ C1] eth0: bad gso: type: 1, size: 1408 [ 2357.076296][T27148] bridge0: port 3(veth0) entered blocking state [ 2357.195353][T27148] bridge0: port 3(veth0) entered disabled state [ 2357.220421][T27148] veth0: entered allmulticast mode [ 2357.273197][T27148] veth0: entered promiscuous mode [ 2357.278536][T27155] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(4) [ 2357.285108][T27155] vhci_hcd vhci_hcd.0: devid(0) speed(5) speed_str(super-speed) [ 2357.326093][T27148] bridge0: port 3(veth0) entered blocking state [ 2357.332954][T27155] vhci_hcd vhci_hcd.0: Device attached [ 2357.334470][T27148] bridge0: port 3(veth0) entered forwarding state [ 2357.397322][T27158] usbip_core: unknown command [ 2357.402080][T27158] vhci_hcd: unknown pdu 3281309441 [ 2357.421261][T27161] xt_CT: You must specify a L4 protocol and not use inversions on it [ 2357.442626][T27158] usbip_core: unknown command [ 2357.461636][T10799] vhci_hcd: stop threads [ 2357.468417][T10799] vhci_hcd: release socket [ 2357.483333][T27163] __nla_validate_parse: 2 callbacks suppressed [ 2357.483356][T27163] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5790'. [ 2357.504499][T10799] vhci_hcd: disconnect device [ 2358.124183][T19438] usb usb12-port1: attempt power cycle [ 2358.639651][ T29] kauditd_printk_skb: 63 callbacks suppressed [ 2358.639673][ T29] audit: type=1326 audit(1722278034.654:2947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=27196 comm="syz.4.5803" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f6064d77299 code=0x0 [ 2358.811086][T19438] usb usb12-port1: unable to enumerate USB device [ 2362.513269][T27245] validate_nla: 3 callbacks suppressed [ 2362.513294][T27245] netlink: 'syz.1.5818': attribute type 10 has an invalid length. [ 2362.672411][T27245] batman_adv: batadv0: Adding interface: team0 [ 2362.697159][T27245] batman_adv: batadv0: The MTU of interface team0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2362.817366][T27245] batman_adv: batadv0: Not using interface team0 (retrying later): interface not active [ 2363.963453][T27254] netlink: 'syz.2.5820': attribute type 5 has an invalid length. [ 2364.524877][T27272] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5829'. [ 2364.606780][T27272] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5829'. [ 2364.882864][ T5219] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 2365.254020][ T5219] usb 2-1: config 1 has an invalid descriptor of length 127, skipping remainder of the config [ 2365.286918][ T5219] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 2365.324187][ T5219] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 2365.337412][ T5219] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 2365.353824][ T5219] usb 2-1: SerialNumber: syz [ 2365.649897][ T5219] usb 2-1: 0:2 : does not exist [ 2365.685302][ T5219] usb 2-1: unit 255 not found! [ 2365.761768][ T5219] usb 2-1: 5:0: cannot get min/max values for control 2 (id 5) [ 2365.817592][ T5219] usb 2-1: 5:0: cannot get min/max values for control 3 (id 5) [ 2365.878069][ T5219] usb 2-1: 5:0: cannot get min/max values for control 5 (id 5) [ 2365.951749][ T5273] usb 5-1: new high-speed USB device number 123 using dummy_hcd [ 2365.971836][ T5219] usb 2-1: 5:0: cannot get min/max values for control 7 (id 5) [ 2366.079471][ T5219] usb 2-1: USB disconnect, device number 4 [ 2366.202571][ T5273] usb 5-1: Using ep0 maxpacket: 16 [ 2366.222851][ T5273] usb 5-1: config 0 has an invalid interface number: 7 but max is 0 [ 2366.246290][ T5273] usb 5-1: config 0 has no interface number 0 [ 2366.282591][ T5273] usb 5-1: config 0 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2366.323714][ T5273] usb 5-1: config 0 interface 7 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2366.358899][ T5273] usb 5-1: config 0 interface 7 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 2366.417133][ T5273] usb 5-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 4.00 [ 2366.455504][ T5273] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2366.491385][ T5273] usb 5-1: config 0 descriptor?? [ 2366.529856][ T5273] input: PXRC Flight Controller Adapter as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.7/input/input207 [ 2366.566275][ T4654] pxrc 5-1:0.7: pxrc_open - usb_submit_urb failed, error: -90 [ 2366.590454][ T4654] pxrc 5-1:0.7: pxrc_open - usb_submit_urb failed, error: -90 [ 2366.800956][T19438] usb 5-1: USB disconnect, device number 123 [ 2368.386393][T27332] netlink: 16 bytes leftover after parsing attributes in process `syz.4.5849'. [ 2369.033357][T27346] netlink: 'syz.1.5855': attribute type 10 has an invalid length. [ 2369.045764][T27346] bridge0: left promiscuous mode [ 2369.073851][T27346] bridge0: port 2(bridge_slave_1) entered blocking state [ 2369.081105][T27346] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2369.088832][T27346] bridge0: port 1(bridge_slave_0) entered blocking state [ 2369.096113][T27346] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2369.127708][T27346] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 2369.448981][T27366] usb usb1: usbfs: process 27366 (syz.3.5864) did not claim interface 0 before use [ 2369.877996][T27390] xt_bpf: check failed: parse error [ 2369.967400][ T8] usb 5-1: new high-speed USB device number 124 using dummy_hcd [ 2370.183198][ T8] usb 5-1: Using ep0 maxpacket: 8 [ 2370.224045][ T8] usb 5-1: config 0 has an invalid interface number: 52 but max is 0 [ 2370.232210][ T8] usb 5-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config [ 2370.255923][ T8] usb 5-1: config 0 has no interface number 0 [ 2370.270816][ T8] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 48, changing to 9 [ 2370.293570][ T8] usb 5-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid maxpacket 24624, setting to 1024 [ 2370.315394][ T8] usb 5-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 2370.338769][ T8] usb 5-1: config 0 interface 52 has no altsetting 0 [ 2370.357101][ T8] usb 5-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 2370.369031][ T8] usb 5-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 2370.402621][ T8] usb 5-1: Product: syz [ 2370.406913][ T8] usb 5-1: Manufacturer: syz [ 2370.411569][ T8] usb 5-1: SerialNumber: syz [ 2370.445460][ T8] usb 5-1: config 0 descriptor?? [ 2370.948164][ T8] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.52/input/input208 [ 2371.585729][ T8] usb 5-1: USB disconnect, device number 124 [ 2371.585792][ C0] synaptics_usb 5-1:0.52: synusb_irq - usb_submit_urb failed with result: -19 [ 2371.646745][T27429] netlink: 332 bytes leftover after parsing attributes in process `syz.3.5892'. [ 2371.676573][T27429] netlink: 652 bytes leftover after parsing attributes in process `syz.3.5892'. [ 2375.446521][T27484] xt_TPROXY: Can be used only with -p tcp or -p udp [ 2376.110134][ C1] eth0: bad gso: type: 1, size: 1408 [ 2376.929290][T27503] xt_CT: You must specify a L4 protocol and not use inversions on it [ 2377.030374][T27503] program syz.0.5915 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 2377.919229][T27527] xt_TPROXY: Can be used only with -p tcp or -p udp [ 2484.272396][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 2484.279425][ C1] rcu: 0-...!: (1 GPs behind) idle=14ec/1/0x4000000000000000 softirq=114218/114219 fqs=10 [ 2484.292270][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P27556/1:b..l [ 2484.300323][ C1] rcu: (detected by 1, t=10502 jiffies, g=172177, q=90 ncpus=2) [ 2484.308068][ C1] Sending NMI from CPU 1 to CPUs 0: [ 2484.313329][ C0] NMI backtrace for cpu 0 [ 2484.313346][ C0] CPU: 0 UID: 0 PID: 27558 Comm: syz.0.5935 Not tainted 6.11.0-rc1-syzkaller-00004-gdc1c8034e31b #0 [ 2484.313367][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2484.313379][ C0] RIP: 0010:lock_release+0xb8/0xa30 [ 2484.313413][ C0] Code: 08 0f 83 fe 05 00 00 89 c3 48 89 d8 48 c1 e8 06 48 8d 3c c5 a8 76 f6 8f be 08 00 00 00 e8 b0 c6 87 00 48 0f a3 1d 30 a5 86 0e <73> 16 e8 a1 ce 09 00 84 c0 75 0d 80 3d ab 7b 70 0e 00 0f 84 fc 05 [ 2484.313430][ C0] RSP: 0018:ffffc90000007b80 EFLAGS: 00000057 [ 2484.313446][ C0] RAX: 0000000000000001 RBX: 0000000000000000 RCX: ffffffff816fd170 [ 2484.313459][ C0] RDX: 0000000000000000 RSI: 0000000000000008 RDI: ffffffff8ff676a8 [ 2484.313471][ C0] RBP: ffffc90000007cb0 R08: ffffffff8ff676af R09: 1ffffffff1feced5 [ 2484.313485][ C0] R10: dffffc0000000000 R11: fffffbfff1feced6 R12: 1ffff92000000f7c [ 2484.313499][ C0] R13: ffffffff8180cac7 R14: ffffc90000007ce0 R15: dffffc0000000000 [ 2484.313513][ C0] FS: 00007f5f7a86c6c0(0000) GS:ffff8880b9200000(0000) knlGS:0000000000000000 [ 2484.313530][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2484.313543][ C0] CR2: 000000110c34d93e CR3: 000000007b7ca000 CR4: 00000000003506f0 [ 2484.313559][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2484.313570][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2484.313582][ C0] Call Trace: [ 2484.313591][ C0] [ 2484.313602][ C0] ? nmi_cpu_backtrace+0x3c2/0x4d0 [ 2484.313635][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 2484.313666][ C0] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 2484.313694][ C0] ? nmi_handle+0x2a/0x5a0 [ 2484.313721][ C0] ? nmi_cpu_backtrace_handler+0xc/0x20 [ 2484.313745][ C0] ? nmi_handle+0x14f/0x5a0 [ 2484.313763][ C0] ? nmi_handle+0x2a/0x5a0 [ 2484.313781][ C0] ? lock_release+0xb8/0xa30 [ 2484.313804][ C0] ? default_do_nmi+0x63/0x160 [ 2484.313824][ C0] ? exc_nmi+0x123/0x1f0 [ 2484.313840][ C0] ? end_repeat_nmi+0xf/0x53 [ 2484.313867][ C0] ? __hrtimer_run_queues+0x477/0xd50 [ 2484.313890][ C0] ? lock_release+0xb0/0xa30 [ 2484.313914][ C0] ? lock_release+0xb8/0xa30 [ 2484.313939][ C0] ? lock_release+0xb8/0xa30 [ 2484.313964][ C0] ? lock_release+0xb8/0xa30 [ 2484.313988][ C0] [ 2484.313995][ C0] [ 2484.314003][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 2484.314028][ C0] ? __pfx_lock_release+0x10/0x10 [ 2484.314054][ C0] ? debug_object_deactivate+0x2d5/0x390 [ 2484.314076][ C0] ? __pfx_debug_object_deactivate+0x10/0x10 [ 2484.314097][ C0] _raw_spin_unlock_irqrestore+0x79/0x140 [ 2484.314119][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 2484.314143][ C0] ? timerqueue_del+0xac/0x100 [ 2484.314168][ C0] ? __pfx_advance_sched+0x10/0x10 [ 2484.314196][ C0] __hrtimer_run_queues+0x477/0xd50 [ 2484.314217][ C0] ? ktime_get_update_offsets_now+0x3c/0x250 [ 2484.314254][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 2484.314274][ C0] ? ktime_get_update_offsets_now+0x22d/0x250 [ 2484.314304][ C0] hrtimer_interrupt+0x396/0x990 [ 2484.314338][ C0] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 2484.314369][ C0] sysvec_apic_timer_interrupt+0xa1/0xc0 [ 2484.314392][ C0] [ 2484.314398][ C0] [ 2484.314404][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 2484.314433][ C0] RIP: 0010:_raw_spin_unlock_irqrestore+0xd8/0x140 [ 2484.314454][ C0] Code: 9c 8f 44 24 20 42 80 3c 23 00 74 08 4c 89 f7 e8 ce ba 40 f6 f6 44 24 21 02 75 52 41 f7 c7 00 02 00 00 74 01 fb bf 01 00 00 00 83 04 ac f5 65 8b 05 04 fc 4c 74 85 c0 74 43 48 c7 04 24 0e 36 [ 2484.314469][ C0] RSP: 0018:ffffc9001011fa20 EFLAGS: 00000206 [ 2484.314484][ C0] RAX: e5a8199524080600 RBX: 1ffff92002023f48 RCX: ffffffff94ce3903 [ 2484.314498][ C0] RDX: dffffc0000000000 RSI: ffffffff8bead520 RDI: 0000000000000001 [ 2484.314512][ C0] RBP: ffffc9001011fab0 R08: ffffffff8ff676af R09: 1ffffffff1feced5 [ 2484.314526][ C0] R10: dffffc0000000000 R11: fffffbfff1feced6 R12: dffffc0000000000 [ 2484.314540][ C0] R13: 1ffff92002023f44 R14: ffffc9001011fa40 R15: 0000000000000246 [ 2484.314565][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 2484.314586][ C0] ? __asan_memcpy+0x40/0x70 [ 2484.314605][ C0] ? timekeeping_update+0x3e5/0x450 [ 2484.314630][ C0] ? do_adjtimex+0x515/0xab0 [ 2484.314654][ C0] timekeeping_inject_offset+0x4de/0x580 [ 2484.314682][ C0] ? do_adjtimex+0x515/0xab0 [ 2484.314709][ C0] ? __pfx_timekeeping_inject_offset+0x10/0x10 [ 2484.314733][ C0] ? paravirt_set_cap+0x44/0x250 [ 2484.314755][ C0] ? __pfx_add_device_randomness+0x10/0x10 [ 2484.314785][ C0] ? security_capable+0x90/0xb0 [ 2484.314816][ C0] do_adjtimex+0x515/0xab0 [ 2484.314845][ C0] ? __pfx_do_adjtimex+0x10/0x10 [ 2484.314869][ C0] ? __pfx___might_resched+0x10/0x10 [ 2484.314893][ C0] ? __might_fault+0xaa/0x120 [ 2484.314915][ C0] ? __pfx_lock_release+0x10/0x10 [ 2484.314946][ C0] ? __might_fault+0xc6/0x120 [ 2484.314971][ C0] __x64_sys_clock_adjtime+0x1e1/0x290 [ 2484.314997][ C0] ? __pfx___x64_sys_clock_adjtime+0x10/0x10 [ 2484.315038][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2484.315064][ C0] ? do_syscall_64+0x100/0x230 [ 2484.315089][ C0] ? do_syscall_64+0xb6/0x230 [ 2484.315114][ C0] do_syscall_64+0xf3/0x230 [ 2484.315138][ C0] ? clear_bhb_loop+0x35/0x90 [ 2484.315165][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2484.315191][ C0] RIP: 0033:0x7f5f79b77299 [ 2484.315207][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2484.315222][ C0] RSP: 002b:00007f5f7a86c048 EFLAGS: 00000246 ORIG_RAX: 0000000000000131 [ 2484.315239][ C0] RAX: ffffffffffffffda RBX: 00007f5f79d05f80 RCX: 00007f5f79b77299 [ 2484.315252][ C0] RDX: 0000000000000000 RSI: 0000000020000480 RDI: 0000000000000000 [ 2484.315263][ C0] RBP: 00007f5f79be48e6 R08: 0000000000000000 R09: 0000000000000000 [ 2484.315275][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2484.315286][ C0] R13: 000000000000000b R14: 00007f5f79d05f80 R15: 00007ffc16915d98 [ 2484.315309][ C0] [ 2484.316317][ C1] task:syz.2.5934 state:R running task stack:26576 pid:27556 tgid:27555 ppid:20749 flags:0x00004000 [ 2484.920160][ C1] Call Trace: [ 2484.923473][ C1] [ 2484.926434][ C1] __schedule+0x17ae/0x4a10 [ 2484.930973][ C1] ? mark_lock+0x9a/0x350 [ 2484.935347][ C1] ? __lock_acquire+0x137a/0x2040 [ 2484.940427][ C1] ? __pfx___schedule+0x10/0x10 [ 2484.945314][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2484.951349][ C1] ? preempt_schedule+0xe1/0xf0 [ 2484.956234][ C1] preempt_schedule_common+0x84/0xd0 [ 2484.961559][ C1] preempt_schedule+0xe1/0xf0 [ 2484.966281][ C1] ? __pfx_preempt_schedule+0x10/0x10 [ 2484.971687][ C1] ? __tlb_remove_folio_pages_size+0x2b/0x590 [ 2484.977808][ C1] preempt_schedule_thunk+0x1a/0x30 [ 2484.983045][ C1] _raw_spin_unlock+0x3e/0x50 [ 2484.987749][ C1] unmap_page_range+0x3818/0x42c0 [ 2484.992870][ C1] ? __pfx_unmap_page_range+0x10/0x10 [ 2484.998326][ C1] ? mas_next_slot+0xeab/0xf90 [ 2485.003148][ C1] ? uprobe_munmap+0x183/0x460 [ 2485.007951][ C1] ? unmap_single_vma+0x1bd/0x2b0 [ 2485.013019][ C1] unmap_vmas+0x3cc/0x5f0 [ 2485.017394][ C1] ? __pfx_unmap_vmas+0x10/0x10 [ 2485.022310][ C1] ? tlb_gather_mmu_fullmm+0x160/0x210 [ 2485.027801][ C1] exit_mmap+0x264/0xc80 [ 2485.032092][ C1] ? __pfx_exit_mmap+0x10/0x10 [ 2485.036894][ C1] ? __asan_memset+0x23/0x50 [ 2485.041539][ C1] ? uprobe_clear_state+0x277/0x290 [ 2485.047295][ C1] ? mm_update_next_owner+0xa2/0x8a0 [ 2485.052611][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 2485.057849][ C1] __mmput+0x115/0x380 [ 2485.061960][ C1] exit_mm+0x220/0x310 [ 2485.066062][ C1] ? __pfx_exit_mm+0x10/0x10 [ 2485.070677][ C1] ? taskstats_exit+0x326/0xa60 [ 2485.075577][ C1] do_exit+0x9b2/0x27f0 [ 2485.079799][ C1] ? __pfx_do_exit+0x10/0x10 [ 2485.084451][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2485.090480][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2485.096846][ C1] ? cgroup_freezing+0x2a8/0x350 [ 2485.101826][ C1] do_group_exit+0x207/0x2c0 [ 2485.106444][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 2485.111676][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 2485.116911][ C1] get_signal+0x1695/0x1730 [ 2485.121471][ C1] ? __pfx_get_signal+0x10/0x10 [ 2485.126388][ C1] arch_do_signal_or_restart+0x96/0x860 [ 2485.131971][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 2485.138157][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 2485.144189][ C1] ? syscall_exit_to_user_mode+0xa3/0x370 [ 2485.149946][ C1] syscall_exit_to_user_mode+0xc9/0x370 [ 2485.155534][ C1] do_syscall_64+0x100/0x230 [ 2485.160162][ C1] ? clear_bhb_loop+0x35/0x90 [ 2485.164882][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2485.170813][ C1] RIP: 0033:0x7f42ca977299 [ 2485.175251][ C1] RSP: 002b:00007f42cb6cf0f8 EFLAGS: 00000246 ORIG_RAX: 00000000000000ca [ 2485.183702][ C1] RAX: fffffffffffffe00 RBX: 00007f42cab05f88 RCX: 00007f42ca977299 [ 2485.191700][ C1] RDX: 0000000000000000 RSI: 0000000000000080 RDI: 00007f42cab05f88 [ 2485.199697][ C1] RBP: 00007f42cab05f80 R08: 00007f42cb6cf6c0 R09: 00007f42cb6cf6c0 [ 2485.207695][ C1] R10: 0000000000000000 R11: 0000000000000246 R12: 00007f42cab05f8c [ 2485.215691][ C1] R13: 000000000000000b R14: 00007ffedd8f8000 R15: 00007ffedd8f80e8 [ 2485.223709][ C1] [ 2485.226750][ C1] rcu: rcu_preempt kthread starved for 10482 jiffies! g172177 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=1 [ 2485.238057][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 2485.248072][ C1] rcu: RCU grace-period kthread stack dump: [ 2485.253979][ C1] task:rcu_preempt state:R running task stack:25232 pid:17 tgid:17 ppid:2 flags:0x00004000 [ 2485.265754][ C1] Call Trace: [ 2485.269055][ C1] [ 2485.272011][ C1] __schedule+0x17ae/0x4a10 [ 2485.276572][ C1] ? __pfx___schedule+0x10/0x10 [ 2485.281458][ C1] ? __pfx_lock_release+0x10/0x10 [ 2485.286525][ C1] ? __asan_memset+0x23/0x50 [ 2485.291149][ C1] ? __pfx_lockdep_init_map_type+0x10/0x10 [ 2485.296991][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 2485.303361][ C1] ? schedule+0x90/0x320 [ 2485.307633][ C1] schedule+0x14b/0x320 [ 2485.311820][ C1] schedule_timeout+0x1be/0x310 [ 2485.316722][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 2485.322139][ C1] ? __pfx_process_timeout+0x10/0x10 [ 2485.327476][ C1] ? prepare_to_swait_event+0x32e/0x350 [ 2485.333064][ C1] rcu_gp_fqs_loop+0x2df/0x1330 [ 2485.337948][ C1] ? lockdep_hardirqs_on+0x99/0x150 [ 2485.343190][ C1] ? __pfx_rcu_implicit_dynticks_qs+0x10/0x10 [ 2485.349301][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 2485.354615][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 2485.360547][ C1] ? finish_swait+0xd4/0x1e0 [ 2485.365174][ C1] rcu_gp_kthread+0xa7/0x3b0 [ 2485.369805][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 2485.375034][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 2485.381047][ C1] ? __kthread_parkme+0x169/0x1d0 [ 2485.386104][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 2485.391355][ C1] kthread+0x2f0/0x390 [ 2485.395450][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 2485.400675][ C1] ? __pfx_kthread+0x10/0x10 [ 2485.405287][ C1] ret_from_fork+0x4b/0x80 [ 2485.409736][ C1] ? __pfx_kthread+0x10/0x10 [ 2485.414347][ C1] ret_from_fork_asm+0x1a/0x30 [ 2485.419162][ C1] [ 2485.422199][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 2485.428543][ C1] CPU: 1 UID: 0 PID: 10802 Comm: kworker/u8:20 Not tainted 6.11.0-rc1-syzkaller-00004-gdc1c8034e31b #0 [ 2485.439582][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 2485.449661][ C1] Workqueue: events_unbound toggle_allocation_gate [ 2485.456208][ C1] RIP: 0010:smp_call_function_many_cond+0x1869/0x29d0 [ 2485.463004][ C1] Code: 01 31 ff e8 79 14 0c 00 41 83 e4 01 49 bc 00 00 00 00 00 fc ff df 75 07 e8 24 10 0c 00 eb 38 f3 90 42 0f b6 04 23 84 c0 75 11 <41> f7 45 00 01 00 00 00 74 1e e8 08 10 0c 00 eb e4 44 89 e9 80 e1 [ 2485.482650][ C1] RSP: 0018:ffffc9000d20f700 EFLAGS: 00000246 [ 2485.488744][ C1] RAX: 0000000000000000 RBX: 1ffff11017248c61 RCX: ffff88807dee5a00 [ 2485.496799][ C1] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000000 [ 2485.504809][ C1] RBP: ffffc9000d20f8e0 R08: ffffffff81877247 R09: 1ffffffff269d700 [ 2485.512838][ C1] R10: dffffc0000000000 R11: fffffbfff269d701 R12: dffffc0000000000 [ 2485.520845][ C1] R13: ffff8880b9246308 R14: ffff8880b933fb40 R15: 0000000000000000 [ 2485.528841][ C1] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 2485.537797][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2485.544408][ C1] CR2: 0000555559acb808 CR3: 000000000e534000 CR4: 00000000003506f0 [ 2485.552412][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 2485.560586][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 2485.568672][ C1] Call Trace: [ 2485.572001][ C1] [ 2485.574965][ C1] ? rcu_check_gp_kthread_starvation+0x278/0x310 [ 2485.581342][ C1] ? print_other_cpu_stall+0x1470/0x15a0 [ 2485.587025][ C1] ? __pfx_print_other_cpu_stall+0x10/0x10 [ 2485.592882][ C1] ? __pfx_lock_release+0x10/0x10 [ 2485.597954][ C1] ? kvm_check_and_clear_guest_paused+0x6a/0xd0 [ 2485.604331][ C1] ? rcu_sched_clock_irq+0xa2c/0x10d0 [ 2485.609754][ C1] ? __pfx_rcu_sched_clock_irq+0x10/0x10 [ 2485.615424][ C1] ? hrtimer_run_queues+0x16c/0x460 [ 2485.620650][ C1] ? acct_account_cputime+0x207/0x210 [ 2485.626062][ C1] ? update_process_times+0x1ce/0x230 [ 2485.631470][ C1] ? tick_nohz_handler+0x37c/0x500 [ 2485.636615][ C1] ? __pfx_tick_nohz_handler+0x10/0x10 [ 2485.642102][ C1] ? __hrtimer_run_queues+0x551/0xd50 [ 2485.647504][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 2485.653535][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 2485.659287][ C1] ? ktime_get_update_offsets_now+0x22d/0x250 [ 2485.665401][ C1] ? hrtimer_interrupt+0x396/0x990 [ 2485.670569][ C1] ? __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 2485.676763][ C1] ? sysvec_apic_timer_interrupt+0xa1/0xc0 [ 2485.682606][ C1] [ 2485.685558][ C1] [ 2485.688521][ C1] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 2485.694721][ C1] ? smp_call_function_many_cond+0x1847/0x29d0 [ 2485.700906][ C1] ? smp_call_function_many_cond+0x1869/0x29d0 [ 2485.707095][ C1] ? kmem_cache_alloc_bulk_noprof+0x146/0x770 [ 2485.713286][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 2485.718345][ C1] ? kmem_cache_alloc_bulk_noprof+0x146/0x770 [ 2485.724466][ C1] ? __pfx_smp_call_function_many_cond+0x10/0x10 [ 2485.730909][ C1] ? __pfx___might_resched+0x10/0x10 [ 2485.736222][ C1] ? __mutex_trylock_common+0x183/0x2e0 [ 2485.741792][ C1] ? __pfx___might_resched+0x10/0x10 [ 2485.747548][ C1] ? __pfx_do_sync_core+0x10/0x10 [ 2485.752605][ C1] on_each_cpu_cond_mask+0x3f/0x80 [ 2485.757749][ C1] text_poke_bp_batch+0x352/0xb30 [ 2485.762905][ C1] ? __pfx_text_poke_bp_batch+0x10/0x10 [ 2485.768485][ C1] ? __pfx___mutex_lock+0x10/0x10 [ 2485.773554][ C1] ? arch_jump_label_transform_queue+0x9b/0x100 [ 2485.779836][ C1] text_poke_finish+0x30/0x50 [ 2485.784541][ C1] arch_jump_label_transform_apply+0x1c/0x30 [ 2485.790551][ C1] static_key_disable_cpuslocked+0xce/0x1c0 [ 2485.796480][ C1] static_key_disable+0x1a/0x20 [ 2485.801360][ C1] toggle_allocation_gate+0x1b8/0x250 [ 2485.806770][ C1] ? __pfx_toggle_allocation_gate+0x10/0x10 [ 2485.812696][ C1] ? __pfx_autoremove_wake_function+0x10/0x10 [ 2485.818812][ C1] ? process_scheduled_works+0x945/0x1830 [ 2485.824651][ C1] process_scheduled_works+0xa2c/0x1830 [ 2485.830264][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 2485.836301][ C1] ? assign_work+0x364/0x3d0 [ 2485.840930][ C1] worker_thread+0x86d/0xd40 [ 2485.845573][ C1] ? __kthread_parkme+0x169/0x1d0 [ 2485.850637][ C1] ? __pfx_worker_thread+0x10/0x10 [ 2485.855783][ C1] kthread+0x2f0/0x390 [ 2485.859872][ C1] ? __pfx_worker_thread+0x10/0x10 [ 2485.865017][ C1] ? __pfx_kthread+0x10/0x10 [ 2485.869717][ C1] ret_from_fork+0x4b/0x80 [ 2485.874167][ C1] ? __pfx_kthread+0x10/0x10 [ 2485.878781][ C1] ret_from_fork_asm+0x1a/0x30 [ 2485.883606][ C1]