last executing test programs: 44.470903479s ago: executing program 4 (id=6905): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace5ffb2e9fc603dd282100000002ff02000000000000000000000000000104004e20004db0"], 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x6, 0xfffa}, 0x2b, [0x8000, 0xc95a, 0xffffdff3, 0x1, 0x80, 0x6, 0x3, 0x7f, 0x6, 0x4d, 0x39cc191a, 0x5f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x800, 0x5, 0x4, 0x7, 0x4, 0x3c5b, 0x1, 0x24, 0x9, 0x1, 0x1f461e2c, 0x2, 0xe661, 0x4, 0x7, 0x3, 0x7fff, 0x4c74, 0x80000000, 0x242, 0xc, 0x400000e, 0x0, 0x71, 0x7, 0x7, 0x3, 0x2, 0x8005, 0x3f, 0x8f, 0x6, 0x6, 0x0, 0x5, 0x4, 0x3, 0x0, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x12f, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x9, 0xfffffffc, 0x3, 0x4, 0x7, 0x5, 0x2f, 0xe, 0x312, 0x78, 0xea4, 0x9, 0x3, 0x3, 0x8000, 0x9, 0x400, 0x401, 0x6, 0x1, 0x8, 0x5, 0x10005, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0x9, 0x4, 0x9, 0x8, 0x9, 0x6, 0x7, 0x28, 0x1, 0xfe000000, 0xffff, 0x2, 0x7, 0x9, 0x3ff, 0x3, 0x9, 0x1, 0x7, 0x3, 0x9, 0x48c93690, 0x12000000, 0x2], [0x100007, 0x4, 0x7, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0x2, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x8, 0x8, 0x86, 0x10000003, 0x1000, 0x3e7, 0x9, 0x5, 0x2, 0x2, 0x5, 0x8, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0x83, 0x4, 0x2950bfaf, 0x1000, 0xa2, 0x7, 0x53cf697b, 0x5, 0x6, 0x2ac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x0, 0x1, 0xffff, 0x0, 0x4, 0x1c, 0x120000, 0x3, 0x2, 0xaaed, 0x4, 0x25], [0x9, 0x6, 0x3, 0xb, 0x5, 0x934, 0x6, 0x6, 0x0, 0xbdfe, 0xce7, 0x1ff, 0xfffffffe, 0x7, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x8003, 0xffff, 0x81, 0xff, 0x800005, 0x1, 0xfffffffe, 0x14c, 0x60a7, 0xa71d, 0x6, 0xffffffff, 0x80000001, 0x5, 0x8, 0xc8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7f, 0x3ff, 0x9602, 0x7, 0x2, 0x7, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa23, 0xc, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0x2, 0x1, 0x200, 0xffff3441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 44.236429259s ago: executing program 4 (id=6906): munmap(&(0x7f0000002000/0x1000)=nil, 0x1000) preadv(0xffffffffffffffff, &(0x7f0000000540)=[{&(0x7f00000020c0)=""/4096, 0x1000}], 0x1, 0x20, 0x2) 43.677208487s ago: executing program 4 (id=6909): r0 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r1 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r1, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f7", 0x1}], 0x1}], 0x1, 0x40800) recvmsg(r1, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000004c0)=""/242, 0xf2}], 0x1}, 0x0) 43.449247691s ago: executing program 4 (id=6912): syz_emit_ethernet(0x3a, &(0x7f0000000080)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0xd9, 0x6, 0x0, @private=0xa210104, @local, {[@generic={0x7, 0x4, "0403"}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x80}}}}}}, 0x0) 43.227868063s ago: executing program 4 (id=6914): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x1, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8}, 0x94) r0 = syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_pidfd_open(r0, 0x0) pidfd_send_signal(r1, 0x2, 0x0, 0x0) r2 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7736, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f00000002c0)={0x1, &(0x7f0000000200)=[{0x32, 0x0, 0x0, 0x4}]}, 0x10) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_LINK_TIMEOUT={0xf, 0x1, 0x0, 0x0, 0x0, 0x0, 0x1, 0x8}) io_uring_enter(r2, 0x47bc, 0x0, 0x0, 0x0, 0x0) 41.21836908s ago: executing program 4 (id=6925): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870fd000905820200020004"], 0x0) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x44040}, 0x4000041) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0x12, &(0x7f0000000040)=ANY=[@ANYBLOB="a200004ef3b11f948ef66b0ee0b3d41b1b"]) 36.201333443s ago: executing program 0 (id=6964): socket$packet(0x11, 0xa, 0x300) syz_emit_ethernet(0x66, &(0x7f0000000180)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd60a24b9f00302b00fe8000000000000000000000000000bbfe8000000000"], 0x0) 35.981541752s ago: executing program 0 (id=6966): r0 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r0, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) r1 = socket$inet6(0xa, 0x2, 0x0) sendto$inet6(r1, 0x0, 0x0, 0x2409c8c1, &(0x7f0000000240)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) sendto$inet6(r1, &(0x7f0000000e80)="0d0ad7c36d6617110e434332d6ac582208222cfb7c37ce1148f448455bc37f5f70c92774dcb201629979039d7c8943b207e5bdf9ab8eed9ace110469c51f4f211dd9fad815eb5b273ac04e1edc679bcdf0a0d24482de5454be9003cb80714a95e136bb704ee58e707d1e69b3c3a1c2c37f9c0402e14abdeb32086a49aff25e5c0f0131d59b4783316b9fa2c71c51ce76942d5f519145c9e3bf0d4182b4a62970b2ce81d35a7afc8384b387b8e21f2051d90d92323a710cabe5275d335b64453e759251a140de480541d8dd7662a14296a59eba99b95bfdf5b22992c323865b471d13ad79867e2692fd4eece299a81e2b33336b6801f51c2ae8d73e4df90c9bd70cd535b72cbdf67754acdc44b3780450308d9c5527c3314eb7b2cc38b61e96403a30a8ba0c8a357aa04d3c62bc51bcf55cf214f44a909b29c30c18c3a43c86472612086664a80f2aa8490e58352732acb96eb46deab42895d1957a6029ad86e7a5ced6bde89c158aaee721954beeebe5973059007f7dd5459029af6d3f1d73d35f07d19b7cedfc80d1d7ef37f8b113f564afd0f093202929fef43e788619ca522c7f679dd2f27949d879b4dab46581a0e054b4ed1db37e43f528748b56ec5a54b7af198d4ae551046f7814fe3a5cbc1cc7cb6655fc198939b049f3c02443148c588e34d6ebef81096b4e48f468016d2bde0828664c0874d71e2d88b3bc04079d4a504255a83c3f07a4f1c3e5a4c66f55f36e51e344392487c8299d8d1bfb568780c0d57df48990cb5d6b35c3f7445f80312186d8598faf61072d4eefc961fb5a7e72b971c8f94a8346effd27362cee8d72a98b55e317de280d2d63ee83ca7140b7913122d402c536d914c8510c81d08f0ad1c952f5b7ad5e7ef72d7c58cb4d5bafbea535b381df6ebe94c62cf782cf7ab81c017c296a88ca91d641b45748d230cf5e87e5dbee4764ea4d131ae022e6bbf3ffc3ea7b264737d9db44354bfffa63d79bc403d3ac23fb615edc382d18b0daf1bbb2fbd708d1830ddac1c3f098b8cb1ef9a0019d804bf5d953110f12f3b9a8b9b7e0c61cb5d34116add1fc9a92721ffa5fdc83e1488cf88aa6e56ad2dd55e0aadd827cc7b4e7242f01241f49e905e5e7451092c28c3f6560a6a0002e5d91fc253a5a8fd8f27e42f4f02f5849528b7d93df9b0c568022acaff410e797e88d2f8eeadbba66e423335b843df734d203fa62a861b712da8f33d5ea721767871aa2cd53e659e505507de9a54d7e6fa3c20bbfb28cd6dd2b314dabbb59e9ce15c0a94ec3b3efc54eaaa27bd7576a687dcaf58dc182662539943014a02e76dc89f48c9f83cc7199038418f965ad3dc866098b89cabcac8691b0f51ffb71902337e49293309c4480a8f1b32411cc1b55a0ec0fe2c2572fe9d488a25bfc12ba74048e1d7beee93321c7aa49ea17cb9728dc46e5272154b3b995feacbacb8885621b335274af4df9365f8c8121ff323b572d320c8fc46acd6218b9579d43005e7b0506ccb14d9a0dac4cc6efaf5366c44342eaea8b5a11457f5afbea913ce4975ab67e6a85bc46e714ca5741da38a7cceb9e85d77fd03f83f7a5ecc7241e69e2bda327f769b48ba5f13662585c72778d12bd0e9a62a3d0dbe376d1aee81e6845c2cf23f42c458ae5668c8d387bf9ab224bc9703f1c08347be810d2f19278fe8d97560b3c9f1816667d0461a25e778eb1404dcaac1ed0a6a0745f3a5d2dc1b6babf98f5135d531cb26334ef2fec4c78c95b7193935139664fc65f17b047eb3dc39e251ba52ce33f8099719f1a789db1690347355e7b02d4c522692b9597fd31abb90f973ae4eb0bd0d900cdd887ff01d4845d7f0aee39b220a65a5aeee0fd386054070723c841c042d5339cc6325f07f0f733d124c6524f388ef7419f42c06278b8fceaa3a16b202dfb539b129762397e29cdd679ca6240272fa0c3e2e8c0a27aaa407f30b4024d0638dfca1bc9483db3ccc2880f", 0x5c6, 0x6d91fb6102d8910c, 0x0, 0xfffffffffffffe38) sendto$inet6(r1, 0x0, 0x0, 0x0, 0x0, 0x0) 35.757094195s ago: executing program 0 (id=6967): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge0\x00'}) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, 0x0, 0x0) 35.615283906s ago: executing program 0 (id=6968): bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000240)={0x0, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_sockopt=0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000400)={r0, 0x3, 0x16, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r1, 0x0, 0x27, &(0x7f0000000040)={@multicast1, @local, @rand_addr=0x100000}, 0xc) 31.687024532s ago: executing program 0 (id=6981): openat$ptmx(0xffffffffffffff9c, 0x0, 0x103683, 0x0) 31.32429379s ago: executing program 0 (id=6985): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10c3f97f) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x85}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$video(&(0x7f0000000100), 0x8, 0x0) ioctl$VIDIOC_S_CROP(r4, 0x4014563c, &(0x7f0000000000)={0xa, {0xfffffff5, 0x800fff}}) r5 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x58) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000600)={0x4c, 0x14, 0x905, 0x70bd28, 0x25dfdbfb, {0xa, 0x6, 0x4, 0x0, {0x4e26, 0x4e23, [0x0, 0x2c000000, 0x6, 0x3], [0xfffffffe, 0x5, 0x21, 0x8a67], 0x0, [0x3, 0x1002]}, 0x4, 0xffffffff}}, 0x4c}, 0x1, 0x0, 0x0, 0x26004801}, 0xc810) r7 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000003c0)={'bridge_slave_1\x00'}) sendmsg$nl_route(r7, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4) 15.647433508s ago: executing program 32 (id=6985): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000500)={0xa, 0x4e22, 0x9, @ipv4={'\x00', '\xff\xff', @loopback}, 0x5}, 0x1c) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0x106}, 0x1c) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x10c3f97f) syz_mount_image$fuse(0x0, &(0x7f00000000c0)='./bus\x00', 0x3000009, 0x0, 0x1, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x85}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r4 = syz_open_dev$video(&(0x7f0000000100), 0x8, 0x0) ioctl$VIDIOC_S_CROP(r4, 0x4014563c, &(0x7f0000000000)={0xa, {0xfffffff5, 0x800fff}}) r5 = fcntl$dupfd(r0, 0x0, r0) setsockopt$inet6_tcp_TCP_CONGESTION(r5, 0x6, 0xd, &(0x7f0000000000)='dctcp\x00', 0x58) r6 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$TCPDIAG_GETSOCK(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000600)={0x4c, 0x14, 0x905, 0x70bd28, 0x25dfdbfb, {0xa, 0x6, 0x4, 0x0, {0x4e26, 0x4e23, [0x0, 0x2c000000, 0x6, 0x3], [0xfffffffe, 0x5, 0x21, 0x8a67], 0x0, [0x3, 0x1002]}, 0x4, 0xffffffff}}, 0x4c}, 0x1, 0x0, 0x0, 0x26004801}, 0xc810) r7 = socket$netlink(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f00000003c0)={'bridge_slave_1\x00'}) sendmsg$nl_route(r7, &(0x7f0000000340)={0x0, 0x0, 0x0}, 0x4) 13.994010236s ago: executing program 2 (id=7005): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="1400000032000107fcffffff000000ea06"], 0x14}, 0x1, 0x0, 0x0, 0x40800}, 0x0) 13.344846957s ago: executing program 2 (id=7009): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211000000"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) 13.344423962s ago: executing program 3 (id=7010): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r0, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000240)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000002010000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000240)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000300)={&(0x7f0000000000)='sched_switch\x00', r2}, 0x10) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000040), 0x40801, 0x0) 11.907547284s ago: executing program 3 (id=7011): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000380)=ANY=[@ANYBLOB="340000001400010026bd7000f8dbdf250a2000ff", @ANYRES32, @ANYBLOB="080008000306000014000200ff"], 0x34}, 0x1, 0x0, 0x0, 0x4c051}, 0x4) ioctl$sock_inet6_SIOCSIFADDR(r0, 0x8916, &(0x7f0000003800)={@private0={0xfc, 0x0, '\x00', 0x1}, 0x1b}) 11.670558696s ago: executing program 2 (id=7012): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18020000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb703000008000000b703000000000020850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='sched_switch\x00', r0}, 0x10) rt_sigprocmask(0x0, 0x0, 0x0, 0x0) r1 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000000)={'vxcan1\x00', 0x0}) bind$can_j1939(r1, &(0x7f00000000c0)={0x1d, r2}, 0x18) connect$can_j1939(r1, &(0x7f0000000140)={0x1d, r2, 0x0, {0x1, 0xff, 0xa8fe8ad4eea2351f}, 0x2}, 0x18) sendmmsg(r1, &(0x7f0000003e40), 0x3fffffffffffe3d, 0xf5) 7.818428148s ago: executing program 2 (id=7013): r0 = syz_open_procfs(0x0, &(0x7f0000000100)='net/ipv6_route\x00') preadv(r0, 0x0, 0x0, 0x33, 0x0) 7.464796265s ago: executing program 1 (id=7014): r0 = socket(0x2, 0x80805, 0x0) bind$inet6(r0, &(0x7f0000001140)={0xa, 0x4e22, 0x4, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x39}, 0x1c) 7.13331162s ago: executing program 2 (id=7015): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000019200)={0x18, 0x4, &(0x7f00000192c0)=ANY=[@ANYBLOB="18090000002300810000000000000000850000007b00000095"], &(0x7f0000000000)='syzkaller\x00', 0x9, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x8001}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000280)='kfree\x00', r0, 0x0, 0x1000000000000}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x4, 0x0, &(0x7f0000000140)='syzkaller\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe}, 0x94) r1 = syz_io_uring_setup(0x121d, &(0x7f0000000500)={0x0, 0x7d10, 0x80, 0x3, 0x1000034e}, &(0x7f0000000040)=0x0, &(0x7f0000000580)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r4 = socket(0x2a, 0x2, 0x0) getsockname$packet(r4, &(0x7f0000000200)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x50, 0x0, 0x0, 0x0, 0x23457}) io_uring_enter(r1, 0x201463, 0x1f05, 0x0, 0x0, 0x0) 7.003377774s ago: executing program 3 (id=7016): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) write$RDMA_USER_CM_CMD_SET_OPTION(0xffffffffffffffff, 0x0, 0x0) r1 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r1, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x2000000000004, &(0x7f0000000080), 0x106}}, 0x20) writev(r0, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="08000000246837f73199aee6fdb9291b3091ec1a2d41d227975ad8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3) 6.863017069s ago: executing program 1 (id=7017): r0 = socket(0x2, 0x2, 0x1) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) r2 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f00000001c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x1}}, &(0x7f0000000040)='GPL\x00', 0x5, 0x0, 0x0, 0x40f00, 0x40, '\x00', r1, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xff}, 0x94) r3 = socket$nl_route(0x10, 0x3, 0x0) r4 = socket$inet6_udplite(0xa, 0x2, 0x88) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000280)={'batadv_slave_1\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=@getchain={0x24, 0x11, 0x43d, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {0xe, 0xb}}}, 0x24}}, 0x800) socketpair$unix(0x1, 0x2, 0x0, 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000001840)=@bpf_ext={0x1c, 0x1, &(0x7f0000000300)=@raw=[@alu={0x4, 0x1, 0xf3767c68fa0481d3, 0x4, 0x7, 0x20, 0x8}], &(0x7f0000000340)='GPL\x00', 0xfffffc00, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2469, r2, 0x0, 0x0, 0x0, 0x10, 0x878}, 0x94) 6.715770798s ago: executing program 3 (id=7018): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) r2 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000740)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000003c0)='kfree\x00', r2}, 0x10) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000c00)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r1, @ANYBLOB="8b332cbd70000000000005"], 0x1c}}, 0x4c002) 5.874830117s ago: executing program 1 (id=7019): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xcc}}, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x24, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}}, 0x24}, 0x1, 0x0, 0x0, 0x40000}, 0x0) syz_emit_ethernet(0x42, &(0x7f0000000580)={@local, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x29}, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x34, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010100, @local}, {{0x0, 0x4e29, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x4, 0x1, 0x0, 0x0, {[@timestamp={0x8, 0xa, 0xffff54af, 0x1}]}}}}}}}, 0x0) 5.542819474s ago: executing program 3 (id=7020): bpf$MAP_CREATE(0x0, 0x0, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000280), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000000c00)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000300)=ANY=[@ANYBLOB="88020000", @ANYRES16=r1, @ANYBLOB="010000000000000000003b00000008000300", @ANYRES32=r2, @ANYBLOB="6102330050300100080211000001080211000000"], 0x288}, 0x1, 0x0, 0x0, 0x800}, 0x0) 5.449272051s ago: executing program 1 (id=7021): r0 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r0, &(0x7f0000000100)={0xa, 0x0, 0x0, @empty, 0x0, 0x80000}, 0x20) r1 = socket$l2tp6(0xa, 0x2, 0x73) bind$l2tp6(r1, 0x0, 0x0) connect$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @local, 0xc}, 0x20) syz_emit_ethernet(0x8e, &(0x7f0000000100)=ANY=[@ANYBLOB="aaaaaaaaaaaa1acd1f78800d86dd608a37f200587300fe8000000000000000000000000000bbfe8000000000000000000000000000aa00000000", @ANYRES8], 0x0) 5.04313085s ago: executing program 3 (id=7022): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000140)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x4) mincore(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x0) 4.87039859s ago: executing program 1 (id=7023): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000001e40)=ANY=[@ANYBLOB="0b00000005000000020000000200000005"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000580)=ANY=[@ANYBLOB="1800000000160000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000fcffffff7b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000300000095"], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='kmem_cache_free\x00', r1}, 0x10) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x6, 0x0, 0x0, 0x7ffc1ffb}]}) openat2$dir(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', &(0x7f0000000040)={0x1840, 0x124, 0x8}, 0x18) lstat(&(0x7f0000000180)='./file0\x00', &(0x7f0000000500)) 3.62214528s ago: executing program 1 (id=7024): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x0, &(0x7f00000000c0)}) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, 0x0, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_clone(0x100411, 0x0, 0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000007"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, 0x0, 0x0}, 0x94) ioctl$ifreq_SIOCGIFINDEX_wireguard(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'wg1\x00'}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000380)='qgroup_update_reserve\x00', 0xffffffffffffffff, 0x0, 0x5d}, 0x18) socket$nl_route(0x10, 0x3, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={&(0x7f0000000040)='kmem_cache_free\x00', r0}, 0x10) r1 = open(&(0x7f00000005c0)='./bus\x00', 0x167842, 0x19) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400"], 0x50) bpf$PROG_LOAD_XDP(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000080)='kfree\x00'}, 0x10) socket$pppl2tp(0x18, 0x1, 0x1) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x11, 0x3a, &(0x7f00000003c0)=ANY=[@ANYBLOB="1801000000800000000100000000f603850000006d00000095"], &(0x7f00000000c0)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0xc, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffd}, 0x94) r2 = socket$inet_sctp(0x2, 0x1, 0x84) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @multicast}, &(0x7f0000000140)=0x14) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x1b, &(0x7f00000000c0)={@remote={0xfe, 0x80, '\x00', 0xffffffffffffffff}}, 0x20) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r5, {}, {}, {0xfff3}}}, 0x24}}, 0x0) close_range(r2, 0xffffffffffffffff, 0x0) 0s ago: executing program 2 (id=7025): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="b8000000190001000000000000000000e000000200000000000000000000000000000000000000000000ffffac1414bb00f66b00000000000a000089"], 0xb8}}, 0x0) kernel console output (not intermixed with test programs): has an invalid descriptor of length 0, skipping remainder of the config [ 2692.827589][ T9703] usb 5-1: New USB device found, idVendor=18ec, idProduct=3288, bcdDevice=69.cf [ 2692.837324][ T9703] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2692.845476][ T9703] usb 5-1: Product: syz [ 2692.850410][ T9703] usb 5-1: Manufacturer: syz [ 2692.855097][ T9703] usb 5-1: SerialNumber: syz [ 2692.863906][ T9703] usb 5-1: config 0 descriptor?? [ 2692.974007][ T9703] usb 2-1: USB disconnect, device number 52 [ 2693.628753][ T9703] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 2693.828821][ T9703] usb 3-1: Using ep0 maxpacket: 8 [ 2693.840968][ T9703] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 2693.858423][ T9703] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 2693.880522][ T9703] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 2693.897718][ T9703] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 2693.955018][ T9703] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 2694.020263][ T9703] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 2694.656304][ T9703] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 2694.710819][ T9703] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 2694.744094][ T9703] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 2694.770997][ T5862] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 2694.844817][ T9703] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 2694.874736][ T9703] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 2694.885998][ T9703] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 2694.902325][ T9703] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 2694.915247][ T9703] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 2694.930588][ T9703] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 2694.981388][ T9703] usb 3-1: string descriptor 0 read error: -22 [ 2694.987660][ T9703] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 2695.038638][ T5862] usb 2-1: Using ep0 maxpacket: 16 [ 2695.052936][ T9703] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2695.097289][ T9703] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 2695.183205][ T1146] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2695.197250][ T1146] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2695.225077][ T1146] tipc: Enabled bearer , priority 0 [ 2695.234455][ T1146] syzkaller0: entered promiscuous mode [ 2695.240776][ T1146] syzkaller0: entered allmulticast mode [ 2695.285219][ T1146] tipc: Resetting bearer [ 2695.331162][ T9703] usb 5-1: USB disconnect, device number 52 [ 2695.380033][ T1134] bridge7: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 2695.391996][ T1134] bridge7: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 2695.423533][T30986] usb 3-1: USB disconnect, device number 53 [ 2695.869248][T16336] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 2696.038518][T16336] usb 5-1: Using ep0 maxpacket: 16 [ 2696.045657][T16336] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 2696.060097][T16336] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 2696.074552][T16336] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 2696.091358][T16336] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2696.099586][T16336] usb 5-1: Product: syz [ 2696.103918][T16336] usb 5-1: Manufacturer: syz [ 2696.109435][T16336] usb 5-1: SerialNumber: syz [ 2696.119862][T16336] usb 5-1: config 0 descriptor?? [ 2696.132599][T16336] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 2696.142804][T16336] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 2696.899834][ T5862] usb 2-1: unable to get BOS descriptor or descriptor too short [ 2697.025857][ T5862] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 2697.052479][ T5862] usb 2-1: can't read configurations, error -71 [ 2697.402213][ T1174] vhci_hcd vhci_hcd.0: pdev(0) rhport(0) sockfd(10) [ 2697.408885][ T1174] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 2697.417901][ T5862] usb 2-1: new high-speed USB device number 54 using dummy_hcd [ 2697.447894][ T1174] vhci_hcd vhci_hcd.0: Device attached [ 2697.478807][T16336] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 2697.485387][T16336] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 2697.596607][T16336] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 2697.604199][ T5862] usb 2-1: Using ep0 maxpacket: 32 [ 2697.612358][T16336] em28xx 5-1:0.0: No AC97 audio processor [ 2697.619645][ T5862] usb 2-1: config index 0 descriptor too short (expected 35577, got 27) [ 2697.634402][ T5862] usb 2-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 2697.670253][ T5862] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 2697.678561][T30986] usb 33-1: new high-speed USB device number 9 using vhci_hcd [ 2697.810871][ T5862] usb 2-1: config 1 has no interface number 0 [ 2697.842746][ T5862] usb 2-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2697.923186][ T5862] usb 2-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 2697.988693][ T5862] usb 2-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 2698.238648][ T1175] vhci_hcd: connection reset by peer [ 2698.244982][ T5862] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2698.270620][T19110] vhci_hcd: stop threads [ 2698.281774][T19110] vhci_hcd: release socket [ 2698.293902][T19110] vhci_hcd: disconnect device [ 2698.308649][T16336] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 2698.328018][ T5862] snd_usb_pod 2-1:1.1: Line 6 Pocket POD found [ 2698.364210][ T1147] tipc: Resetting bearer [ 2698.444417][ T1147] tipc: Disabling bearer [ 2698.480076][ T5862] snd_usb_pod 2-1:1.1: set_interface failed [ 2698.509934][ T5862] snd_usb_pod 2-1:1.1: Line 6 Pocket POD now disconnected [ 2698.530245][T16336] usb 3-1: config 0 has no interfaces? [ 2698.540345][T16336] usb 3-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 2698.553280][ T5862] snd_usb_pod 2-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 2698.572892][T16336] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2698.597580][ T5862] usb 2-1: USB disconnect, device number 54 [ 2698.608575][T16336] usb 3-1: Product: syz [ 2698.648450][T16336] usb 3-1: Manufacturer: syz [ 2698.653092][T16336] usb 3-1: SerialNumber: syz [ 2698.671559][ T1186] netlink: 'syz.3.6491': attribute type 1 has an invalid length. [ 2698.865447][T16336] usb 3-1: config 0 descriptor?? [ 2699.121970][T26944] usb 3-1: USB disconnect, device number 54 [ 2699.375065][ T1192] IPv6: NLM_F_CREATE should be specified when creating new route [ 2699.383245][T19868] usb 2-1: new high-speed USB device number 55 using dummy_hcd [ 2699.394992][ T1192] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 2699.402587][ T1192] IPv6: NLM_F_CREATE should be set when creating new route [ 2699.409906][ T1192] IPv6: NLM_F_CREATE should be set when creating new route [ 2699.417139][ T1192] IPv6: NLM_F_CREATE should be set when creating new route [ 2699.538684][T19868] usb 2-1: Using ep0 maxpacket: 16 [ 2699.578422][T19868] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 2699.599978][T19868] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2699.634034][T19868] usb 2-1: config 0 descriptor?? [ 2699.660768][T19868] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 2699.825169][ T5862] usb 5-1: USB disconnect, device number 53 [ 2699.832751][ T5862] em28xx 5-1:0.0: Disconnecting em28xx [ 2699.867990][ T5862] em28xx 5-1:0.0: Freeing device [ 2699.903897][ T1190] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2699.945386][ T1190] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2700.313156][ T1201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2700.401114][ T1201] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2700.603076][T19868] usb 2-1: Detected FT232B [ 2701.272247][T19868] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 2701.302817][T19868] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 2701.342186][T19868] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2701.408955][T26944] usb 5-1: new high-speed USB device number 54 using dummy_hcd [ 2701.477779][T19868] usb 2-1: USB disconnect, device number 55 [ 2701.564594][ T1218] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 2701.573264][T26944] usb 5-1: Using ep0 maxpacket: 16 [ 2701.658081][T19868] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2701.687080][T19868] ftdi_sio 2-1:0.0: device disconnected [ 2702.070047][ T5862] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 2702.228272][ T5862] usb 3-1: Using ep0 maxpacket: 32 [ 2702.237046][ T5862] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 2702.249801][ T5862] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 2702.291827][ T5862] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 2702.313578][ T5862] usb 3-1: config 1 has no interface number 0 [ 2702.334632][ T5862] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2702.363619][ T5862] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 2702.500763][ T5862] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 2702.512019][ T5862] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2702.559742][ T5862] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 2702.588583][T16336] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 2702.630080][ T1233] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2702.663045][ T1233] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2702.730822][ T5862] snd_usb_pod 3-1:1.1: set_interface failed [ 2702.740762][ T5862] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 2702.758599][T30986] vhci_hcd: vhci_device speed not set [ 2702.781230][ T5862] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 2702.931972][ T5862] usb 3-1: USB disconnect, device number 55 [ 2703.016462][T16336] usb 2-1: config 0 has an invalid interface number: 117 but max is 0 [ 2703.025973][T16336] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2703.073386][T16336] usb 2-1: config 0 has no interface number 0 [ 2703.122986][T16336] usb 2-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 2703.133426][T16336] usb 2-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2703.312817][T16336] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 2703.394943][T16336] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2703.439874][T16336] usb 2-1: Product: syz [ 2703.447755][T16336] usb 2-1: Manufacturer: syz [ 2703.486396][T16336] usb 2-1: SerialNumber: syz [ 2703.765366][T26944] usb 5-1: unable to get BOS descriptor or descriptor too short [ 2703.855113][T26944] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 2703.878397][T30986] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 2703.899542][T26944] usb 5-1: can't read configurations, error -71 [ 2703.937031][T16336] usb 2-1: config 0 descriptor?? [ 2703.946728][ T1247] netlink: 20 bytes leftover after parsing attributes in process `syz.0.6510'. [ 2703.963546][ T1247] lo: MTU too low for tipc bearer [ 2703.991158][ T1247] tipc: Enabling of bearer rejected, failed to enable media [ 2704.029647][ T1249] FAULT_INJECTION: forcing a failure. [ 2704.029647][ T1249] name failslab, interval 1, probability 0, space 0, times 0 [ 2704.045455][ T1249] CPU: 0 UID: 0 PID: 1249 Comm: syz.3.6511 Not tainted syzkaller #0 PREEMPT(full) [ 2704.045474][ T1249] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2704.045482][ T1249] Call Trace: [ 2704.045487][ T1249] [ 2704.045492][ T1249] dump_stack_lvl+0x189/0x250 [ 2704.045514][ T1249] ? __pfx____ratelimit+0x10/0x10 [ 2704.045533][ T1249] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2704.045548][ T1249] ? __pfx__printk+0x10/0x10 [ 2704.045568][ T1249] ? __pfx___might_resched+0x10/0x10 [ 2704.045584][ T1249] should_fail_ex+0x414/0x560 [ 2704.045603][ T1249] should_failslab+0xa8/0x100 [ 2704.045622][ T1249] kmem_cache_alloc_noprof+0x73/0x3c0 [ 2704.045638][ T1249] ? getname_flags+0xb8/0x540 [ 2704.045652][ T1249] getname_flags+0xb8/0x540 [ 2704.045663][ T1249] ? __fget_files+0x3a0/0x420 [ 2704.045676][ T1249] user_path_at+0x24/0x60 [ 2704.045690][ T1249] __se_sys_mount+0x2d3/0x410 [ 2704.045712][ T1249] ? __pfx___se_sys_mount+0x10/0x10 [ 2704.045730][ T1249] ? __secure_computing+0xe2/0x2a0 [ 2704.045745][ T1249] ? __x64_sys_mount+0x20/0xc0 [ 2704.045765][ T1249] do_syscall_64+0xfa/0x3b0 [ 2704.045776][ T1249] ? lockdep_hardirqs_on+0x9c/0x150 [ 2704.045800][ T1249] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2704.045812][ T1249] ? clear_bhb_loop+0x60/0xb0 [ 2704.045827][ T1249] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2704.045838][ T1249] RIP: 0033:0x7f095138ebe9 [ 2704.045851][ T1249] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2704.045862][ T1249] RSP: 002b:00007f094f5f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000000a5 [ 2704.045877][ T1249] RAX: ffffffffffffffda RBX: 00007f09515c5fa0 RCX: 00007f095138ebe9 [ 2704.045887][ T1249] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000000 [ 2704.045895][ T1249] RBP: 00007f094f5f6090 R08: 0000000000000000 R09: 0000000000000000 [ 2704.045902][ T1249] R10: 0000000000200024 R11: 0000000000000246 R12: 0000000000000001 [ 2704.045910][ T1249] R13: 00007f09515c6038 R14: 00007f09515c5fa0 R15: 00007f09516efa28 [ 2704.045929][ T1249] [ 2704.324247][T30986] usb 3-1: Using ep0 maxpacket: 16 [ 2704.368713][T30986] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 2704.441849][T30986] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 2704.451304][T30986] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2704.459723][T30986] usb 3-1: Product: syz [ 2704.463918][T30986] usb 3-1: Manufacturer: syz [ 2704.468683][T30986] usb 3-1: SerialNumber: syz [ 2704.476627][T30986] usb 3-1: config 0 descriptor?? [ 2704.494839][T30986] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 2704.511101][T30986] usb 3-1: Detected FT232R [ 2704.809779][ T1261] netlink: 'syz.4.6514': attribute type 1 has an invalid length. [ 2705.088712][ T1244] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6509'. [ 2705.099140][ T1244] netlink: 'syz.2.6509': attribute type 8 has an invalid length. [ 2705.112197][ T1265] netlink: 16 bytes leftover after parsing attributes in process `syz.0.6515'. [ 2705.141590][T30986] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 2705.181100][T30986] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 2705.211386][T30986] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2705.354863][T30986] usb 3-1: USB disconnect, device number 56 [ 2705.371011][T30986] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2705.398015][T30986] ftdi_sio 3-1:0.0: device disconnected [ 2706.539437][T30986] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 2706.620533][T16336] usbtouchscreen 2-1:0.117: probe with driver usbtouchscreen failed with error -71 [ 2706.684377][T16336] usb 2-1: USB disconnect, device number 56 [ 2706.761208][T30986] usb 3-1: Using ep0 maxpacket: 8 [ 2706.773200][T30986] usb 3-1: config index 0 descriptor too short (expected 74, got 45) [ 2706.803195][T30986] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 2706.851080][T30986] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 2706.887876][T30986] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 2706.923924][T30986] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 2707.005611][T30986] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2707.029330][T30986] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 2707.045646][T30986] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2707.308555][T16336] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 2707.472020][T16336] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2707.576247][T16336] usb 2-1: config 0 interface 0 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2707.576783][T30986] usb 3-1: GET_CAPABILITIES returned 0 [ 2707.592925][T16336] usb 2-1: config 0 interface 0 has no altsetting 0 [ 2707.733432][T16336] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 2707.743078][T16336] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2707.753216][T30986] usbtmc 3-1:16.0: can't read capabilities [ 2707.770450][T16336] usb 2-1: config 0 descriptor?? [ 2707.861818][T30986] usb 3-1: USB disconnect, device number 57 [ 2708.613973][T16336] usb 2-1: string descriptor 0 read error: -71 [ 2708.621965][T16336] uclogic 0003:256C:006D.002F: failed retrieving string descriptor #200: -71 [ 2708.634670][T16336] uclogic 0003:256C:006D.002F: failed retrieving pen parameters: -71 [ 2708.643752][T16336] uclogic 0003:256C:006D.002F: failed probing pen v2 parameters: -71 [ 2708.654579][ T5862] usb 5-1: new high-speed USB device number 56 using dummy_hcd [ 2708.664461][T16336] uclogic 0003:256C:006D.002F: failed probing parameters: -71 [ 2708.673040][T16336] uclogic 0003:256C:006D.002F: probe with driver uclogic failed with error -71 [ 2708.698411][T16336] usb 2-1: USB disconnect, device number 57 [ 2708.779124][T30986] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 2708.808401][ T5862] usb 5-1: Using ep0 maxpacket: 16 [ 2708.938503][T30986] usb 3-1: Using ep0 maxpacket: 16 [ 2708.950777][T30986] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 2708.975074][T30986] usb 3-1: New USB device found, idVendor=4752, idProduct=0011, bcdDevice=32.4f [ 2708.990012][T30986] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2709.001439][T30986] usb 3-1: Product: syz [ 2709.005778][T30986] usb 3-1: Manufacturer: syz [ 2709.012282][T30986] usb 3-1: SerialNumber: syz [ 2709.035346][T30986] usb 3-1: config 0 descriptor?? [ 2709.092389][T30986] hub 3-1:0.0: bad descriptor, ignoring hub [ 2709.101349][T30986] hub 3-1:0.0: probe with driver hub failed with error -5 [ 2709.111925][T30986] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 2709.283698][ T1311] vlan5: entered promiscuous mode [ 2709.297568][ T1309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2709.309256][ T1309] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2709.436615][ T1317] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6528'. [ 2709.817478][T30986] usb 3-1: USB disconnect, device number 58 [ 2710.815844][T30986] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 2711.088467][T30986] usb 3-1: Using ep0 maxpacket: 8 [ 2711.106146][ T5862] usb 5-1: unable to get BOS descriptor or descriptor too short [ 2711.120519][ T5862] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 2711.122974][T30986] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 2711.137760][T30986] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2711.192238][ T1332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2711.203746][ T1332] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2711.274066][T30986] usb 3-1: Product: syz [ 2711.288733][T30986] usb 3-1: Manufacturer: syz [ 2711.299378][T30986] usb 3-1: SerialNumber: syz [ 2711.328625][T30986] usb 3-1: config 0 descriptor?? [ 2711.347214][ T5862] usb 5-1: can't read configurations, error -71 [ 2711.351956][T30986] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 2712.040119][ T5862] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 2712.168772][T16336] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 2712.209716][ T5862] usb 5-1: Using ep0 maxpacket: 8 [ 2712.225646][ T5862] usb 5-1: config index 0 descriptor too short (expected 74, got 45) [ 2712.238911][ T5862] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 1536, setting to 1024 [ 2712.257730][ T5862] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 2712.269203][ T5862] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 30768, setting to 1024 [ 2712.281912][ T5862] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 2712.298477][ T5862] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2712.322449][ T5862] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 2712.333178][T16336] usb 2-1: Using ep0 maxpacket: 16 [ 2712.338998][ T5862] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2712.354023][T16336] usb 2-1: unable to get BOS descriptor or descriptor too short [ 2712.383984][T16336] usb 2-1: config 127 has an invalid interface number: 121 but max is 0 [ 2712.409584][T16336] usb 2-1: config 127 has no interface number 0 [ 2712.425940][T16336] usb 2-1: config 127 interface 121 has no altsetting 0 [ 2712.451944][T16336] usb 2-1: New USB device found, idVendor=1a0a, idProduct=0102, bcdDevice=ba.4a [ 2712.461496][T16336] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2712.486553][T16336] usb 2-1: Product: syz [ 2712.495980][T16336] usb 2-1: Manufacturer: syz [ 2712.505416][T16336] usb 2-1: SerialNumber: syz [ 2712.577733][ T5862] usb 5-1: GET_CAPABILITIES returned 0 [ 2712.583357][ T5862] usbtmc 5-1:16.0: can't read capabilities [ 2712.730570][ T1340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2712.740011][ T1340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2712.754535][ T1340] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6538'. [ 2712.765404][ T1340] netlink: 20 bytes leftover after parsing attributes in process `syz.1.6538'. [ 2712.792252][T26944] usb 5-1: USB disconnect, device number 57 [ 2712.792695][ T1340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2712.807356][ T1340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2712.873271][T16336] usb_ehset_test 2-1:127.121: probe with driver usb_ehset_test failed with error -32 [ 2712.909437][T16336] usb 2-1: USB disconnect, device number 58 [ 2713.493350][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 2713.499909][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 2713.809017][T16336] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 2713.988850][T16336] usb 5-1: Using ep0 maxpacket: 32 [ 2714.007367][T16336] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 2714.022989][T16336] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 2714.034559][T16336] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 2714.073893][T16336] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 2714.102125][T16336] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 2714.132521][T16336] usb 5-1: Product: syz [ 2714.153885][T16336] usb 5-1: Manufacturer: syz [ 2714.168880][T16336] usb 5-1: SerialNumber: syz [ 2714.207293][T16336] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input214 [ 2714.393204][T16336] usb 5-1: USB disconnect, device number 58 [ 2714.435976][T16336] appletouch 5-1:1.0: input: appletouch disconnected [ 2714.616799][T30986] gspca_sonixj: reg_r err -71 [ 2714.640957][T30986] sonixj 3-1:0.0: probe with driver sonixj failed with error -71 [ 2714.723922][T30986] usb 3-1: USB disconnect, device number 59 [ 2715.048423][T16336] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 2715.268776][T16336] usb 2-1: Using ep0 maxpacket: 16 [ 2715.282725][T16336] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 2715.323064][T16336] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 2715.336882][T16336] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2715.345403][T16336] usb 2-1: Product: syz [ 2715.355727][T16336] usb 2-1: Manufacturer: syz [ 2715.360823][T16336] usb 2-1: SerialNumber: syz [ 2715.383319][T16336] usb 2-1: config 0 descriptor?? [ 2715.403884][T16336] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 2715.422390][T16336] usb 2-1: Detected FT232R [ 2715.488586][ T5862] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 2715.908044][ T1389] netlink: 8 bytes leftover after parsing attributes in process `syz.1.6545'. [ 2715.929215][ T5862] usb 5-1: Using ep0 maxpacket: 16 [ 2715.941306][ T5862] usb 5-1: unable to get BOS descriptor or descriptor too short [ 2715.953122][ T5862] usb 5-1: config 8 has an invalid interface number: 132 but max is 0 [ 2715.964281][ T5862] usb 5-1: config 8 has an invalid descriptor of length 0, skipping remainder of the config [ 2715.991704][ T5862] usb 5-1: config 8 has no interface number 0 [ 2716.055857][ T5862] usb 5-1: config 8 interface 132 altsetting 252 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 2716.128221][ T5862] usb 5-1: config 8 interface 132 has no altsetting 0 [ 2716.152827][T16336] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 2716.165594][T16336] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 2716.194845][T16336] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2716.214591][ T5862] usb 5-1: New USB device found, idVendor=07cf, idProduct=1001, bcdDevice=8f.8b [ 2716.224970][ T5862] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2716.253932][ T5862] usb 5-1: Product: syz [ 2716.261168][T16336] usb 2-1: USB disconnect, device number 59 [ 2716.287182][ T5862] usb 5-1: Manufacturer: syz [ 2716.375732][ T5862] usb 5-1: SerialNumber: syz [ 2716.405483][T16336] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2716.425958][T16336] ftdi_sio 2-1:0.0: device disconnected [ 2716.990681][ T1421] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6552'. [ 2717.218641][T30986] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 2717.381947][T30986] usb 2-1: config 0 has an invalid interface number: 175 but max is 0 [ 2717.402132][T30986] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2717.448374][T30986] usb 2-1: config 0 has no interface number 0 [ 2717.465887][T30986] usb 2-1: config 0 interface 175 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C [ 2717.498373][T30986] usb 2-1: config 0 interface 175 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 2717.528985][T30986] usb 2-1: config 0 interface 175 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 2717.558096][T30986] usb 2-1: config 0 interface 175 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16 [ 2717.612500][T30986] usb 2-1: New USB device found, idVendor=05e0, idProduct=0600, bcdDevice=f9.9b [ 2717.621903][T30986] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2717.634598][T30986] usb 2-1: Product: syz [ 2717.639553][T30986] usb 2-1: Manufacturer: syz [ 2717.644463][T30986] usb 2-1: SerialNumber: syz [ 2717.668727][T30986] usb 2-1: config 0 descriptor?? [ 2717.697595][T30986] symbolserial 2-1:0.175: symbol converter detected [ 2717.740035][T30986] usb 2-1: symbol converter now attached to ttyUSB0 [ 2717.929277][ T1419] syzkaller1: entered promiscuous mode [ 2717.935229][ T1419] syzkaller1: entered allmulticast mode [ 2717.992205][ T5862] usb-storage 5-1:8.132: USB Mass Storage device detected [ 2718.024526][ T5862] usb-storage 5-1:8.132: Quirks match for vid 07cf pid 1001: a [ 2718.113564][ T5862] usb 5-1: USB disconnect, device number 59 [ 2718.333228][T30986] usb 2-1: USB disconnect, device number 60 [ 2718.354388][ T1438] tipc: Invalid UDP bearer configuration [ 2718.354454][ T1438] tipc: Enabling of bearer rejected, failed to enable media [ 2718.428864][T30986] symbol ttyUSB0: symbol converter now disconnected from ttyUSB0 [ 2718.444575][T30986] symbolserial 2-1:0.175: device disconnected [ 2718.445390][ T30] audit: type=1400 audit(1756860457.596:941): apparmor="DENIED" operation="setprocattr" info="invalid" error=-22 profile="unconfined" pid=1436 comm="syz.4.6558" [ 2718.538332][T16336] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 2718.701585][T16336] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2718.829898][T16336] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 2718.840020][T16336] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2718.956350][T16336] usb 3-1: config 0 descriptor?? [ 2719.006914][T16336] pwc: Askey VC010 type 2 USB webcam detected. [ 2719.413796][T16336] pwc: recv_control_msg error -32 req 02 val 2b00 [ 2719.422158][T16336] pwc: recv_control_msg error -32 req 02 val 2700 [ 2719.432370][T16336] pwc: recv_control_msg error -32 req 02 val 2c00 [ 2719.484555][T16336] pwc: recv_control_msg error -32 req 04 val 1000 [ 2719.555741][T16336] pwc: recv_control_msg error -32 req 04 val 1300 [ 2719.598996][T16336] pwc: recv_control_msg error -32 req 04 val 1400 [ 2719.646839][T16336] pwc: recv_control_msg error -32 req 02 val 2000 [ 2719.865910][T16336] pwc: recv_control_msg error -32 req 04 val 1500 [ 2719.897685][T16336] pwc: recv_control_msg error -71 req 02 val 2500 [ 2719.923835][T16336] pwc: recv_control_msg error -71 req 02 val 2400 [ 2719.947011][T16336] pwc: recv_control_msg error -71 req 02 val 2600 [ 2719.980352][T16336] pwc: recv_control_msg error -71 req 02 val 2900 [ 2719.987148][T16336] pwc: recv_control_msg error -71 req 02 val 2800 [ 2720.000974][T16336] pwc: recv_control_msg error -71 req 04 val 1100 [ 2720.026630][T16336] pwc: recv_control_msg error -71 req 04 val 1200 [ 2720.048380][ T5862] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 2720.075921][T16336] pwc: Registered as video103. [ 2720.122764][T16336] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input215 [ 2720.216692][T16336] usb 3-1: USB disconnect, device number 60 [ 2720.228633][ T5862] usb 2-1: Using ep0 maxpacket: 16 [ 2720.267939][ T5862] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 2720.314411][ T5862] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2720.379885][ T5862] usb 2-1: config 0 descriptor?? [ 2720.415676][ T5862] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 2720.572835][ T1472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2720.590619][ T1472] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2720.700197][ T1463] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2720.713847][ T1463] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2720.734425][ T1463] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2720.746527][ T1463] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2720.766167][ T1476] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6567'. [ 2721.110587][ T1484] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2721.129458][ T1484] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2721.518517][ T5862] usb 2-1: Detected FT232B [ 2721.572264][ T1487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2721.584190][ T1487] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2721.625899][ T1487] syzkaller1: entered promiscuous mode [ 2721.652391][ T1487] syzkaller1: entered allmulticast mode [ 2721.951783][ T5862] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 2722.008976][ T5862] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 2722.071873][ T5862] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2722.115809][ T5862] usb 2-1: USB disconnect, device number 61 [ 2722.152097][ T5862] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2722.202685][ T5862] ftdi_sio 2-1:0.0: device disconnected [ 2722.908697][ T5862] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 2722.959130][T16336] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 2723.048765][ T5862] usb 2-1: device descriptor read/64, error -71 [ 2723.128642][T16336] usb 5-1: Using ep0 maxpacket: 16 [ 2723.136317][T16336] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2723.152068][T16336] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2723.164767][T16336] usb 5-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 2723.179377][T16336] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 2723.187400][T16336] usb 5-1: Manufacturer: syz [ 2723.205129][T16336] usb 5-1: config 0 descriptor?? [ 2723.319141][ T5862] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 2723.468316][ T5862] usb 2-1: device descriptor read/64, error -71 [ 2723.599379][ T5862] usb usb2-port1: attempt power cycle [ 2723.627777][ T1509] FAULT_INJECTION: forcing a failure. [ 2723.627777][ T1509] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2723.643896][ T1509] CPU: 0 UID: 0 PID: 1509 Comm: syz.2.6579 Not tainted syzkaller #0 PREEMPT(full) [ 2723.643924][ T1509] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2723.643938][ T1509] Call Trace: [ 2723.643946][ T1509] [ 2723.643955][ T1509] dump_stack_lvl+0x189/0x250 [ 2723.643986][ T1509] ? __pfx____ratelimit+0x10/0x10 [ 2723.644017][ T1509] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2723.644043][ T1509] ? __pfx__printk+0x10/0x10 [ 2723.644072][ T1509] ? __might_fault+0xb0/0x130 [ 2723.644114][ T1509] should_fail_ex+0x414/0x560 [ 2723.644148][ T1509] _copy_from_user+0x2d/0xb0 [ 2723.644174][ T1509] ___sys_recvmsg+0x12e/0x510 [ 2723.644205][ T1509] ? __pfx____sys_recvmsg+0x10/0x10 [ 2723.644258][ T1509] ? __fget_files+0x3a0/0x420 [ 2723.644290][ T1509] do_recvmmsg+0x307/0x770 [ 2723.644324][ T1509] ? __pfx_do_recvmmsg+0x10/0x10 [ 2723.644369][ T1509] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 2723.644411][ T1509] __x64_sys_recvmmsg+0x190/0x240 [ 2723.644439][ T1509] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 2723.644460][ T1509] ? rcu_is_watching+0x15/0xb0 [ 2723.644488][ T1509] ? do_syscall_64+0xbe/0x3b0 [ 2723.644511][ T1509] do_syscall_64+0xfa/0x3b0 [ 2723.644529][ T1509] ? lockdep_hardirqs_on+0x9c/0x150 [ 2723.644559][ T1509] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2723.644579][ T1509] ? clear_bhb_loop+0x60/0xb0 [ 2723.644603][ T1509] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2723.644623][ T1509] RIP: 0033:0x7fb17ed8ebe9 [ 2723.644642][ T1509] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2723.644661][ T1509] RSP: 002b:00007fb17fbc7038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 2723.644683][ T1509] RAX: ffffffffffffffda RBX: 00007fb17efc5fa0 RCX: 00007fb17ed8ebe9 [ 2723.644699][ T1509] RDX: 0000000000000002 RSI: 0000200000001440 RDI: 000000000000000b [ 2723.644712][ T1509] RBP: 00007fb17fbc7090 R08: 0000000000000000 R09: 0000000000000000 [ 2723.644725][ T1509] R10: 0000000000010002 R11: 0000000000000246 R12: 0000000000000001 [ 2723.644738][ T1509] R13: 00007fb17efc6038 R14: 00007fb17efc5fa0 R15: 00007fb17f0efa28 [ 2723.644771][ T1509] [ 2723.871167][ T1513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2723.882218][ T1513] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2723.909074][ T1513] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 2723.938015][ T1513] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus [ 2723.988619][ T5862] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 2724.032083][ T5862] usb 2-1: device descriptor read/8, error -71 [ 2724.249142][T16336] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 2724.319935][ T5862] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 2724.478512][T16336] usb 3-1: Using ep0 maxpacket: 8 [ 2724.484987][ T5862] usb 2-1: device descriptor read/8, error -71 [ 2724.493434][T16336] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2724.503843][T16336] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 2724.519053][T16336] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 2724.530923][T16336] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 2724.541225][T16336] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 2724.604229][ T5862] usb usb2-port1: unable to enumerate USB device [ 2724.691494][T16336] usb 3-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 2724.702172][T16336] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 2724.713106][T16336] usb 3-1: Product: syz [ 2724.717376][T16336] usb 3-1: Manufacturer: syz [ 2724.724177][T16336] usb 3-1: SerialNumber: syz [ 2724.735774][T16336] usb 3-1: config 0 descriptor?? [ 2724.974959][T16336] radio-si470x 3-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 2724.982416][T16336] radio-si470x 3-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 2725.177385][ T1518] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6581'. [ 2725.186738][ T1518] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6581'. [ 2725.343308][ T1518] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2725.355106][ T1518] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2725.383293][T16336] radio-si470x 3-1:0.0: software version 253, hardware version 55 [ 2725.427502][T16336] radio-si470x 3-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 2725.445427][T16336] radio-si470x 3-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 2725.454826][T16336] radio-si470x 3-1:0.0: submitting int urb failed (-90) [ 2725.466478][T16336] radio-si470x 3-1:0.0: si470x_set_report: usb_control_msg returned -71 [ 2725.486019][T16336] radio-si470x 3-1:0.0: probe with driver radio-si470x failed with error -22 [ 2725.502797][T16336] usb 3-1: USB disconnect, device number 61 [ 2725.744435][ T1307] usb 5-1: USB disconnect, device number 60 [ 2725.911227][T16336] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 2726.069824][T16336] usb 3-1: config 0 has an invalid interface number: 175 but max is 0 [ 2726.078832][ T5862] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 2726.086551][T16336] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2726.096868][T16336] usb 3-1: config 0 has no interface number 0 [ 2726.103947][T16336] usb 3-1: config 0 interface 175 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C [ 2726.115666][T16336] usb 3-1: config 0 interface 175 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 2726.126790][T16336] usb 3-1: config 0 interface 175 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 2726.137071][T16336] usb 3-1: config 0 interface 175 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16 [ 2726.154519][T16336] usb 3-1: New USB device found, idVendor=05e0, idProduct=0600, bcdDevice=f9.9b [ 2726.163664][T16336] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2726.172128][T16336] usb 3-1: Product: syz [ 2726.176297][T16336] usb 3-1: Manufacturer: syz [ 2726.180991][T16336] usb 3-1: SerialNumber: syz [ 2726.187786][T16336] usb 3-1: config 0 descriptor?? [ 2726.200230][T16336] symbolserial 3-1:0.175: symbol converter detected [ 2726.208615][ T1307] usb 5-1: new full-speed USB device number 61 using dummy_hcd [ 2726.218015][T16336] usb 3-1: symbol converter now attached to ttyUSB0 [ 2726.248379][ T5862] usb 2-1: Using ep0 maxpacket: 32 [ 2726.262634][ T5862] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 2726.271120][ T5862] usb 2-1: config 0 has no interface number 0 [ 2726.282343][ T5862] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 2726.292844][ T5862] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2726.301052][ T5862] usb 2-1: Product: syz [ 2726.305362][ T5862] usb 2-1: Manufacturer: syz [ 2726.310454][ T5862] usb 2-1: SerialNumber: syz [ 2726.318900][ T5862] usb 2-1: config 0 descriptor?? [ 2726.328632][ T5862] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 2726.373721][ T1307] usb 5-1: config 0 has an invalid interface number: 113 but max is 0 [ 2726.386022][ T1307] usb 5-1: config 0 has no interface number 0 [ 2726.392687][ T1307] usb 5-1: config 0 interface 113 has no altsetting 0 [ 2726.404345][ T1307] usb 5-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 2726.416955][ T1307] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2726.426653][ T1307] usb 5-1: Product: syz [ 2726.433554][ T1307] usb 5-1: Manufacturer: syz [ 2726.438928][ T1307] usb 5-1: SerialNumber: syz [ 2726.456054][ T1524] syzkaller1: entered promiscuous mode [ 2726.463318][ T1524] syzkaller1: entered allmulticast mode [ 2726.463469][ T1307] usb 5-1: config 0 descriptor?? [ 2726.485723][ T1307] pn533_usb 5-1:0.113: NFC: Could not find bulk-in or bulk-out endpoint [ 2726.533607][ T5862] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 2726.547263][ T5862] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB2 [ 2726.636644][ T5862] usb 3-1: USB disconnect, device number 62 [ 2726.661875][ T5862] symbol ttyUSB0: symbol converter now disconnected from ttyUSB0 [ 2726.682207][ T5862] symbolserial 3-1:0.175: device disconnected [ 2726.751461][ T1526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2726.769846][ T1526] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2726.807247][ T1532] binder: 1531:1532 ioctl c01064c1 200000000600 returned -22 [ 2726.826624][ T1532] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2726.845630][ T1532] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2726.875725][ T1532] bridge7: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 2726.887490][ T1532] bridge7: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 2726.894549][T26944] usb 5-1: USB disconnect, device number 61 [ 2726.923103][ T1535] ptrace attach of "./syz-executor exec"[5883] was attempted by " Àÿ Ðÿ ð¥ Àÿ Àÿ Ðÿ àÿ ðÿ °ÿ Àÿ ÿÿÿÿ [ 2726.931014][ T1535] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2727.034138][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 2727.043355][ T5862] usb 2-1: USB disconnect, device number 66 [ 2727.043732][ T1535] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2727.055646][ T5862] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 2727.080692][ T5862] quatech-serial ttyUSB2: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB2 [ 2727.094609][ T5862] quatech2 2-1:0.51: device disconnected [ 2727.538646][ T1307] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 2727.722804][ T1307] usb 3-1: Using ep0 maxpacket: 16 [ 2727.764294][ T1307] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2727.803460][ T1307] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2727.894832][ T1307] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 2727.951387][T30986] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 2727.979251][ T1307] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 2728.032573][ T1307] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2728.110227][T30986] usb 5-1: config 0 has no interfaces? [ 2728.121318][T30986] usb 5-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 2728.140962][T30986] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2728.184485][ T1307] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 2728.193687][ T1307] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 2728.223094][ T1307] usb 3-1: Manufacturer: syz [ 2728.226613][T30986] usb 5-1: Product: syz [ 2728.234300][ T1307] usb 3-1: config 0 descriptor?? [ 2728.257830][T30986] usb 5-1: Manufacturer: syz [ 2728.275837][T30986] usb 5-1: SerialNumber: syz [ 2728.327244][T30986] usb 5-1: config 0 descriptor?? [ 2728.632150][ T1307] rc_core: IR keymap rc-hauppauge not found [ 2728.649456][ T1307] Registered IR keymap rc-empty [ 2728.668596][ T1307] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 2728.678120][ T5862] usb 5-1: USB disconnect, device number 62 [ 2728.711064][ T1307] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 2728.769793][ T1307] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 2728.842231][ T1307] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input216 [ 2729.026201][ T1307] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 2729.238597][ T1307] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 2729.270660][ T1307] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 2729.449760][ T1307] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 2729.478343][ T1307] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 2729.669114][ T1307] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 2729.713885][ T1307] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 2729.845397][ T1307] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 2729.958497][ T1307] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 2730.009214][ T1307] mceusb 3-1:0.0: Error: mce write submit urb error = -90 [ 2730.106914][ T1307] mceusb 3-1:0.0: Registered with mce emulator interface version 1 [ 2730.188523][ T1307] mceusb 3-1:0.0: 2 tx ports (0x1 cabled) and 2 rx sensors (0x0 active) [ 2730.471784][ T1568] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2730.481412][ T1568] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2732.851162][T30986] usb 3-1: USB disconnect, device number 63 [ 2733.368331][T16336] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 2733.533384][ T1589] FAULT_INJECTION: forcing a failure. [ 2733.533384][ T1589] name failslab, interval 1, probability 0, space 0, times 0 [ 2733.581016][T16336] usb 2-1: config 0 has an invalid interface number: 175 but max is 0 [ 2733.597588][T16336] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2733.625009][ T1589] CPU: 1 UID: 0 PID: 1589 Comm: syz.0.6602 Not tainted syzkaller #0 PREEMPT(full) [ 2733.625037][ T1589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2733.625051][ T1589] Call Trace: [ 2733.625060][ T1589] [ 2733.625069][ T1589] dump_stack_lvl+0x189/0x250 [ 2733.625099][ T1589] ? __pfx____ratelimit+0x10/0x10 [ 2733.625130][ T1589] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2733.625154][ T1589] ? __pfx__printk+0x10/0x10 [ 2733.625181][ T1589] ? genl_rcv+0x28/0x40 [ 2733.625205][ T1589] ? ____sys_sendmsg+0x505/0x830 [ 2733.625227][ T1589] ? __x64_sys_sendmsg+0x19b/0x260 [ 2733.625271][ T1589] should_fail_ex+0x414/0x560 [ 2733.625306][ T1589] should_failslab+0xa8/0x100 [ 2733.625339][ T1589] kmem_cache_alloc_noprof+0x73/0x3c0 [ 2733.625365][ T1589] ? skb_clone+0x212/0x3a0 [ 2733.625395][ T1589] skb_clone+0x212/0x3a0 [ 2733.625425][ T1589] __netlink_deliver_tap+0x404/0x850 [ 2733.625471][ T1589] ? netlink_deliver_tap+0x2e/0x1b0 [ 2733.625503][ T1589] netlink_deliver_tap+0x19c/0x1b0 [ 2733.625534][ T1589] netlink_sendskb+0x68/0x140 [ 2733.625564][ T1589] netlink_unicast+0x397/0x9e0 [ 2733.625590][ T1589] ? __asan_memcpy+0x40/0x70 [ 2733.625625][ T1589] ? __pfx_netlink_unicast+0x10/0x10 [ 2733.625666][ T1589] netlink_rcv_skb+0x28c/0x470 [ 2733.625694][ T1589] ? __lock_acquire+0xab9/0xd20 [ 2733.625725][ T1589] ? __pfx_genl_rcv_msg+0x10/0x10 [ 2733.625752][ T1589] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2733.625807][ T1589] ? down_read+0x1ad/0x2e0 [ 2733.625833][ T1589] genl_rcv+0x28/0x40 [ 2733.625857][ T1589] netlink_unicast+0x82c/0x9e0 [ 2733.625897][ T1589] ? __pfx_netlink_unicast+0x10/0x10 [ 2733.625929][ T1589] ? netlink_sendmsg+0x642/0xb30 [ 2733.625947][ T1589] ? skb_put+0x11b/0x210 [ 2733.625974][ T1589] netlink_sendmsg+0x805/0xb30 [ 2733.626006][ T1589] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2733.626031][ T1589] ? aa_sock_msg_perm+0xf1/0x1d0 [ 2733.626055][ T1589] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2733.626078][ T1589] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2733.626099][ T1589] __sock_sendmsg+0x219/0x270 [ 2733.626133][ T1589] ____sys_sendmsg+0x505/0x830 [ 2733.626165][ T1589] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2733.626201][ T1589] ? import_iovec+0x74/0xa0 [ 2733.626229][ T1589] ___sys_sendmsg+0x21f/0x2a0 [ 2733.626264][ T1589] ? __pfx____sys_sendmsg+0x10/0x10 [ 2733.626333][ T1589] ? __fget_files+0x2a/0x420 [ 2733.626352][ T1589] ? __fget_files+0x3a0/0x420 [ 2733.626383][ T1589] __x64_sys_sendmsg+0x19b/0x260 [ 2733.626410][ T1589] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 2733.626444][ T1589] ? __pfx_ksys_write+0x10/0x10 [ 2733.626478][ T1589] ? do_syscall_64+0xbe/0x3b0 [ 2733.626503][ T1589] do_syscall_64+0xfa/0x3b0 [ 2733.626520][ T1589] ? lockdep_hardirqs_on+0x9c/0x150 [ 2733.626550][ T1589] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2733.626571][ T1589] ? clear_bhb_loop+0x60/0xb0 [ 2733.626596][ T1589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2733.626615][ T1589] RIP: 0033:0x7f6d1798ebe9 [ 2733.626635][ T1589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 2733.626653][ T1589] RSP: 002b:00007f6d18736038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 2733.626676][ T1589] RAX: ffffffffffffffda RBX: 00007f6d17bc5fa0 RCX: 00007f6d1798ebe9 [ 2733.626691][ T1589] RDX: 0000000000000004 RSI: 0000200000000180 RDI: 0000000000000003 [ 2733.626704][ T1589] RBP: 00007f6d18736090 R08: 0000000000000000 R09: 0000000000000000 [ 2733.626716][ T1589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 2733.626729][ T1589] R13: 00007f6d17bc6038 R14: 00007f6d17bc5fa0 R15: 00007f6d17cefa28 [ 2733.626765][ T1589] [ 2733.640158][ T1594] binder: 1590:1594 ioctl c0306201 200000000480 returned -14 [ 2733.712368][T16336] usb 2-1: config 0 has no interface number 0 [ 2733.712430][T16336] usb 2-1: config 0 interface 175 altsetting 0 has an endpoint descriptor with address 0xBC, changing to 0x8C [ 2733.712457][T16336] usb 2-1: config 0 interface 175 altsetting 0 endpoint 0x8C has an invalid bInterval 0, changing to 7 [ 2733.712486][T16336] usb 2-1: config 0 interface 175 altsetting 0 endpoint 0x8C has invalid wMaxPacketSize 0 [ 2733.712515][T16336] usb 2-1: config 0 interface 175 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 16 [ 2734.171700][T16336] usb 2-1: New USB device found, idVendor=05e0, idProduct=0600, bcdDevice=f9.9b [ 2734.197107][T16336] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2734.243314][T16336] usb 2-1: Product: syz [ 2734.252376][T16336] usb 2-1: Manufacturer: syz [ 2734.252370][ T1599] ptrace attach of "./syz-executor exec"[5880] was attempted by " Àÿ Ðÿ ð¥ Àÿ Àÿ Ðÿ àÿ ðÿ °ÿ Àÿ ÿÿÿÿ [ 2734.267218][T16336] usb 2-1: SerialNumber: syz [ 2734.412518][ T1602] netlink: 28 bytes leftover after parsing attributes in process `syz.0.6605'. [ 2734.441577][T16336] usb 2-1: config 0 descriptor?? [ 2734.466278][T16336] symbolserial 2-1:0.175: symbol converter detected [ 2734.498086][T16336] usb 2-1: symbol converter now attached to ttyUSB0 [ 2734.498504][T30986] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 2734.650391][T30986] usb 3-1: Using ep0 maxpacket: 8 [ 2734.657959][T30986] usb 3-1: config 0 has an invalid interface number: 130 but max is 0 [ 2734.667062][T30986] usb 3-1: config 0 has no interface number 0 [ 2734.679464][T30986] usb 3-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=e6.56 [ 2734.704471][T30986] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2734.713164][T30986] usb 3-1: Product: syz [ 2734.717352][T30986] usb 3-1: Manufacturer: syz [ 2734.722710][T30986] usb 3-1: SerialNumber: syz [ 2734.851658][ T1582] syzkaller1: entered promiscuous mode [ 2734.859122][T30986] usb 3-1: config 0 descriptor?? [ 2734.873147][ T1582] syzkaller1: entered allmulticast mode [ 2734.885923][T30986] as10x_usb: device has been detected [ 2734.892720][T30986] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e)) [ 2734.978040][T30986] usb 3-1: DVB: registering adapter 3 frontend 0 (PCTV Systems picoStick (74e))... [ 2735.049655][T30986] as10x_usb: error during firmware upload part1 [ 2735.078498][T19868] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 2735.117187][T30986] Registered device PCTV Systems picoStick (74e) [ 2735.156286][T16336] usb 2-1: USB disconnect, device number 67 [ 2735.204018][T16336] symbol ttyUSB0: symbol converter now disconnected from ttyUSB0 [ 2735.233349][T16336] symbolserial 2-1:0.175: device disconnected [ 2735.420827][T19868] usb 5-1: unable to get BOS descriptor or descriptor too short [ 2735.440926][T19868] usb 5-1: config 13 has an invalid interface number: 50 but max is 3 [ 2735.476218][T19868] usb 5-1: config 13 has an invalid descriptor of length 0, skipping remainder of the config [ 2735.513321][T19868] usb 5-1: config 13 has 1 interface, different from the descriptor's value: 4 [ 2735.550531][T19868] usb 5-1: config 13 has no interface number 0 [ 2735.568028][T19868] usb 5-1: config 13 interface 50 altsetting 4 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 2735.594761][T19868] usb 5-1: config 13 interface 50 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 2735.635293][T19868] usb 5-1: config 13 interface 50 has no altsetting 0 [ 2735.662175][T19868] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=a9.e8 [ 2735.677075][T19868] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2735.734725][T19868] usb 5-1: Product: syz [ 2735.746185][T19868] usb 5-1: Manufacturer: syz [ 2735.756341][T19868] usb 5-1: SerialNumber: syz [ 2736.899776][ T5869] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 2736.910204][ T5869] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 2736.920665][ T5869] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 2736.934484][ T5869] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 2736.944600][ T5869] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 2737.261243][T16336] usb 3-1: USB disconnect, device number 64 [ 2737.444600][ T1618] chnl_net:caif_netlink_parms(): no params data found [ 2737.501807][T16336] Unregistered device PCTV Systems picoStick (74e) [ 2737.553849][T16336] as10x_usb: device has been disconnected [ 2738.004007][T19868] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 2738.043482][ T1386] usb 5-1: Failed to submit usb control message: -71 [ 2738.088662][ T1386] usb 5-1: unable to send the bmi data to the device: -71 [ 2738.091382][T19868] usb 5-1: USB disconnect, device number 63 [ 2738.180835][ T1386] usb 5-1: unable to get target info from device [ 2738.187225][ T1386] usb 5-1: could not get target info (-71) [ 2738.244204][ T1386] usb 5-1: could not probe fw (-71) [ 2739.008551][ T5869] Bluetooth: hci5: command tx timeout [ 2739.454810][T27652] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 2739.504114][T27652] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2739.780276][ T1618] bridge0: port 1(bridge_slave_0) entered blocking state [ 2739.808844][ T1618] bridge0: port 1(bridge_slave_0) entered disabled state [ 2739.848475][ T1618] bridge_slave_0: entered allmulticast mode [ 2739.870836][ T1618] bridge_slave_0: entered promiscuous mode [ 2739.940226][T27652] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 2739.968462][T27652] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2739.994612][ T1618] bridge0: port 2(bridge_slave_1) entered blocking state [ 2740.018613][ T1618] bridge0: port 2(bridge_slave_1) entered disabled state [ 2740.038447][ T1618] bridge_slave_1: entered allmulticast mode [ 2740.055243][ T1618] bridge_slave_1: entered promiscuous mode [ 2740.437797][T27652] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 2740.462521][T27652] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2740.584342][ T1665] ptrace attach of "./syz-executor exec"[5880] was attempted by " Àÿ Ðÿ ð¥ Àÿ Àÿ Ðÿ àÿ ðÿ °ÿ Àÿ ÿÿÿÿ [ 2740.594369][ T1618] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2740.753668][ T1618] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2740.958630][ T5862] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 2741.086012][T27652] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 2741.099609][ T5869] Bluetooth: hci5: command tx timeout [ 2741.122315][T27652] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2741.132629][ T5862] usb 3-1: Using ep0 maxpacket: 8 [ 2741.179764][ T5862] usb 3-1: config 0 has an invalid interface number: 130 but max is 0 [ 2741.187969][ T5862] usb 3-1: config 0 has no interface number 0 [ 2741.243652][ T5862] usb 3-1: New USB device found, idVendor=2013, idProduct=0246, bcdDevice=e6.56 [ 2741.269929][ T1618] team0: Port device team_slave_0 added [ 2741.275618][ T5862] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2741.292365][ T1618] team0: Port device team_slave_1 added [ 2741.303352][ T5862] usb 3-1: Product: syz [ 2741.313496][ T5862] usb 3-1: Manufacturer: syz [ 2741.336372][ T5862] usb 3-1: SerialNumber: syz [ 2741.379376][ T5862] usb 3-1: config 0 descriptor?? [ 2741.434820][ T5862] as10x_usb: device has been detected [ 2741.488238][ T5862] dvbdev: DVB: registering new adapter (PCTV Systems picoStick (74e)) [ 2741.563772][ T1618] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2741.590883][ T1618] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2741.645349][ T5862] usb 3-1: DVB: registering adapter 3 frontend 0 (PCTV Systems picoStick (74e))... [ 2741.675774][ T1618] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2741.709083][ T5862] as10x_usb: error during firmware upload part1 [ 2741.739935][ T5862] Registered device PCTV Systems picoStick (74e) [ 2741.761382][ T1618] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2741.813204][ T1618] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2741.894919][ T1618] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2742.095973][ T1618] hsr_slave_0: entered promiscuous mode [ 2742.105905][ T1618] hsr_slave_1: entered promiscuous mode [ 2742.114902][ T1618] debugfs: 'hsr0' already exists in 'hsr' [ 2742.121330][ T1618] Cannot create hsr debugfs directory [ 2742.199043][T27652] batman_adv: batadv0: Interface deactivated: vxlan0 [ 2742.626534][T27652] dvmrp8 (unregistering): left allmulticast mode [ 2742.744210][T27652] batman_adv: batadv0: Removing interface: vxlan0 [ 2743.087790][T27652] bond0 (unregistering): Released all slaves [ 2743.180767][ T5869] Bluetooth: hci5: command tx timeout [ 2743.247876][T27652] bond1 (unregistering): Released all slaves [ 2743.397375][T27652] bond2 (unregistering): (slave veth5): Releasing active interface [ 2743.407063][T27652] bond2 (unregistering): Released all slaves [ 2743.557874][T27652] bond3 (unregistering): (slave veth7): Releasing active interface [ 2743.582557][ T5862] usb 3-1: USB disconnect, device number 65 [ 2743.593360][T27652] bond3 (unregistering): (slave vlan0): Releasing active interface [ 2743.626375][T27652] bond3 (unregistering): Released all slaves [ 2743.628010][ T5862] Unregistered device PCTV Systems picoStick (74e) [ 2743.652282][ T5862] as10x_usb: device has been disconnected [ 2743.795948][T27652] bond4 (unregistering): Released all slaves [ 2743.934180][T27652] bond5 (unregistering): (slave veth9): Releasing active interface [ 2743.944667][T27652] bond5 (unregistering): Released all slaves [ 2744.073505][T27652] : left promiscuous mode [ 2744.227719][T27652] : left promiscuous mode [ 2744.262640][T27652] _ÐZ`Ô€@ÿÃ: left promiscuous mode [ 2744.339708][T27652] tipc: Left network mode [ 2744.991270][T27652] hsr_slave_0: left promiscuous mode [ 2745.027039][T27652] veth1_macvtap: left promiscuous mode [ 2745.033181][T27652] veth0_macvtap: left promiscuous mode [ 2745.248590][ T5869] Bluetooth: hci5: command tx timeout [ 2745.272815][T27652] team0 (unregistering): Port device batadv1 removed [ 2746.380488][ T1618] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 2746.390981][ T1618] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 2746.402897][ T1618] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 2746.415875][ T1618] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 2746.542193][ T1618] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2746.575860][ T1618] 8021q: adding VLAN 0 to HW filter on device team0 [ 2746.596087][T23493] bridge0: port 1(bridge_slave_0) entered blocking state [ 2746.603278][T23493] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2746.633244][ T1385] bridge0: port 2(bridge_slave_1) entered blocking state [ 2746.640456][ T1385] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2746.779455][ T1618] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2746.827099][ T1618] veth0_vlan: entered promiscuous mode [ 2746.841339][ T1618] veth1_vlan: entered promiscuous mode [ 2746.866025][T27652] IPVS: stop unused estimator thread 0... [ 2746.883318][ T1618] veth0_macvtap: entered promiscuous mode [ 2746.897683][ T1618] veth1_macvtap: entered promiscuous mode [ 2746.934306][ T1618] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2746.947898][ T1618] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2746.984740][ T1386] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2746.995626][ T1386] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2747.022667][ T1386] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2747.042944][ T1386] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2747.126937][ T1385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2747.150085][ T1385] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2747.180096][T23493] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2747.188080][T23493] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2748.175758][ T1713] netlink: 24 bytes leftover after parsing attributes in process `syz.2.6623'. [ 2748.693656][ T1728] bridge0: entered promiscuous mode [ 2748.703425][ T1728] vlan2: entered promiscuous mode [ 2748.835072][ T5862] IPVS: starting estimator thread 0... [ 2748.978418][ T1733] IPVS: using max 24 ests per chain, 57600 per kthread [ 2750.110799][ T5877] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 2750.138556][ T5877] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 2750.153756][ T5877] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 2750.199146][ T5877] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 2750.229310][ T5877] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 2750.663916][T27654] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2750.689045][T19868] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 2750.853167][ T30] audit: type=1326 audit(1756860489.996:942): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1722 comm="syz.4.6627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f475d58ebe9 code=0x7ffc0000 [ 2751.070618][ T30] audit: type=1326 audit(1756860489.996:943): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1722 comm="syz.4.6627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f475d58ebe9 code=0x7ffc0000 [ 2751.106739][T19868] usb 3-1: Using ep0 maxpacket: 16 [ 2751.128460][T19868] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 2751.143563][T27654] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2751.169958][ T30] audit: type=1326 audit(1756860489.996:944): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1722 comm="syz.4.6627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=150 compat=0 ip=0x7f475d58ebe9 code=0x7ffc0000 [ 2751.198315][T19868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 2751.242078][T19868] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 2751.252919][T19868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2751.266679][T19868] usb 3-1: Product: syz [ 2751.274046][T19868] usb 3-1: Manufacturer: syz [ 2751.282297][T19868] usb 3-1: SerialNumber: syz [ 2751.356763][T19868] usb 3-1: config 0 descriptor?? [ 2751.377501][T19868] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 2751.399805][T27654] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2751.418695][T19868] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 2751.607630][T27654] netdevsim netdevsim0  (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2751.670718][ T1762] syzkaller0: tun_chr_ioctl cmd 1074025676 [ 2751.676591][ T1762] syzkaller0: owner set to 0 [ 2751.733690][T16336] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 2751.968890][T16336] usb 5-1: Using ep0 maxpacket: 16 [ 2751.978749][T16336] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 2752.368974][T16336] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 2752.380046][ T5877] Bluetooth: hci2: command tx timeout [ 2752.396706][ T1770] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2752.406036][ T1770] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2752.417646][ T1770] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2752.426650][ T1770] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2752.516966][T16336] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 2752.545952][T16336] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2752.546060][T16336] usb 5-1: Product: syz [ 2752.546078][T16336] usb 5-1: Manufacturer: syz [ 2752.546095][T16336] usb 5-1: SerialNumber: syz [ 2752.553734][T16336] usb 5-1: config 0 descriptor?? [ 2752.567046][T16336] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 2752.567080][T16336] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 2752.929340][T19868] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 2752.936401][T19868] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 2752.975927][ T1745] chnl_net:caif_netlink_parms(): no params data found [ 2752.994318][T19868] em28xx 3-1:0.0: AC97 chip type couldn't be determined [ 2753.019096][T19868] em28xx 3-1:0.0: No AC97 audio processor [ 2753.173172][T16336] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 2753.180482][T16336] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 2753.795671][T16336] em28xx 5-1:0.0: Unknown AC97 audio processor detected! [ 2753.917470][T26944] usb 3-1: USB disconnect, device number 66 [ 2753.950028][T26944] em28xx 3-1:0.0: Disconnecting em28xx [ 2753.968946][T26944] em28xx 3-1:0.0: Freeing device [ 2754.064976][T16336] em28xx 5-1:0.0: couldn't setup AC97 register 2 [ 2754.132388][T16336] em28xx 5-1:0.0: couldn't setup AC97 register 4 [ 2754.142162][T16336] em28xx 5-1:0.0: couldn't setup AC97 register 6 [ 2754.172353][T16336] em28xx 5-1:0.0: couldn't setup AC97 register 54 [ 2754.191858][T16336] em28xx 5-1:0.0: couldn't setup AC97 register 56 [ 2754.229011][T16336] usb 5-1: USB disconnect, device number 64 [ 2754.449352][ T5877] Bluetooth: hci2: command tx timeout [ 2755.050958][ T1307] IPVS: starting estimator thread 0... [ 2755.138390][ T1805] IPVS: using max 48 ests per chain, 115200 per kthread [ 2755.290690][T27654] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2755.466393][T27654] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2755.507816][T27654] bond0 (unregistering): Released all slaves [ 2755.835506][T27654] bond1 (unregistering): (slave veth3): Releasing active interface [ 2755.850070][T27654] vlan2: entered promiscuous mode [ 2755.866153][T27654] bond1 (unregistering): (slave vlan2): Releasing active interface [ 2755.880148][T27654] bond1 (unregistering): Released all slaves [ 2755.927411][ T1814] netlink: 4 bytes leftover after parsing attributes in process `syz.1.6644'. [ 2755.965313][ T30] audit: type=1326 audit(1756860495.106:945): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1802 comm="syz.3.6643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f095138ebe9 code=0x7ffc0000 [ 2755.989122][ T30] audit: type=1326 audit(1756860495.106:946): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1802 comm="syz.3.6643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f095138ebe9 code=0x7ffc0000 [ 2756.025241][ T30] audit: type=1326 audit(1756860495.146:947): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1802 comm="syz.3.6643" exe="/root/syz-executor" sig=0 arch=c000003e syscall=150 compat=0 ip=0x7f095138ebe9 code=0x7ffc0000 [ 2756.316616][T27654] bond2 (unregistering): (slave veth5): Releasing active interface [ 2756.338038][T27654] bond2 (unregistering): Released all slaves [ 2756.504917][ T1818] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6646'. [ 2756.529681][ T5877] Bluetooth: hci2: command tx timeout [ 2756.593803][T27654] : left promiscuous mode [ 2756.886281][T27654] : left promiscuous mode [ 2757.249019][T27654] tipc: Left network mode [ 2757.259247][ T1745] bridge0: port 1(bridge_slave_0) entered blocking state [ 2757.287557][ T1745] bridge0: port 1(bridge_slave_0) entered disabled state [ 2757.319287][T27654] IPVS: stopping master sync thread 20495 ... [ 2757.498766][ T1745] bridge_slave_0: entered allmulticast mode [ 2757.510876][ T1745] bridge_slave_0: entered promiscuous mode [ 2757.531437][ T1745] bridge0: port 2(bridge_slave_1) entered blocking state [ 2757.540564][ T1745] bridge0: port 2(bridge_slave_1) entered disabled state [ 2757.547752][ T1745] bridge_slave_1: entered allmulticast mode [ 2757.714756][ T1745] bridge_slave_1: entered promiscuous mode [ 2758.194851][ T1745] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2758.378700][ T1745] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2758.609579][ T5877] Bluetooth: hci2: command tx timeout [ 2758.692802][ T1745] team0: Port device team_slave_0 added [ 2758.740662][ T1745] team0: Port device team_slave_1 added [ 2758.970731][ T1745] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2759.038269][ T1745] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2759.064266][ C0] vkms_vblank_simulate: vblank timer overrun [ 2759.088843][T19868] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 2759.190595][ T1745] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2759.215785][ T1745] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2759.225464][ T1745] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2759.291387][T19868] usb 3-1: Using ep0 maxpacket: 16 [ 2759.301971][T19868] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 2759.311218][ T1745] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2759.333366][T19868] usb 3-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 2759.346184][T19868] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2759.361524][T19868] usb 3-1: Product: syz [ 2759.374615][T19868] usb 3-1: Manufacturer: syz [ 2759.380314][T19868] usb 3-1: SerialNumber: syz [ 2759.393388][ T30] audit: type=1326 audit(1756860498.546:948): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1854 comm="syz.4.6652" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f475d58ebe9 code=0x0 [ 2759.401194][T19868] usb 3-1: config 0 descriptor?? [ 2759.431331][ T1857] ptrace attach of "./syz-executor exec"[5883] was attempted by "./syz-executor exec"[1857] [ 2759.542104][T19868] ftdi_sio 3-1:0.0: FTDI USB Serial Device converter detected [ 2759.577888][T19868] usb 3-1: Detected FT232R [ 2759.943524][ T1848] netlink: 8 bytes leftover after parsing attributes in process `syz.2.6651'. [ 2759.955110][ T1848] netlink: 'syz.2.6651': attribute type 8 has an invalid length. [ 2760.071198][ T1745] hsr_slave_0: entered promiscuous mode [ 2760.115619][ T1745] hsr_slave_1: entered promiscuous mode [ 2760.167901][ T1745] debugfs: 'hsr0' already exists in 'hsr' [ 2760.225394][ T1745] Cannot create hsr debugfs directory [ 2760.304893][T19868] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 2760.335283][T19868] ftdi_sio 3-1:0.0: GPIO initialisation failed: -71 [ 2760.353418][T19868] usb 3-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 2760.438863][T19868] usb 3-1: USB disconnect, device number 67 [ 2760.462612][T19868] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 2760.771821][T19868] ftdi_sio 3-1:0.0: device disconnected [ 2761.068413][T26944] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 2761.086526][ T1886] netlink: 12 bytes leftover after parsing attributes in process `syz.1.6661'. [ 2761.240776][T26944] usb 5-1: Using ep0 maxpacket: 32 [ 2761.271983][T26944] usb 5-1: config 0 has an invalid interface number: 85 but max is 0 [ 2761.281088][T26944] usb 5-1: config 0 has no interface number 0 [ 2761.288451][T26944] usb 5-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 2761.301371][T26944] usb 5-1: config 0 interface 85 altsetting 7 has 1 endpoint descriptor, different from the interface descriptor's value: 19 [ 2761.345351][T27654] hsr_slave_0: left promiscuous mode [ 2761.362120][T26944] usb 5-1: config 0 interface 85 has no altsetting 0 [ 2761.380093][T27654] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2761.577479][T27654] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2761.601574][T27654] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2761.618587][T26944] usb 5-1: New USB device found, idVendor=05ac, idProduct=ea6b, bcdDevice=f0.72 [ 2761.630910][T27654] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2761.646243][T26944] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2761.689369][T26944] usb 5-1: Product: syz [ 2761.722318][T26944] usb 5-1: Manufacturer: syz [ 2761.761343][T27654] team0: left allmulticast mode [ 2761.773277][T27654] team_slave_0: left allmulticast mode [ 2761.779426][T27654] team_slave_1: left allmulticast mode [ 2761.786105][T27654] batadv1: left allmulticast mode [ 2761.786121][T26944] usb 5-1: SerialNumber: syz [ 2761.805753][T27654] team0: left promiscuous mode [ 2761.815850][T27654] team_slave_0: left promiscuous mode [ 2761.821565][T27654] team_slave_1: left promiscuous mode [ 2761.827083][T27654] batadv1: left promiscuous mode [ 2761.845449][T27654] veth1_macvtap: left promiscuous mode [ 2761.859576][T27654] veth0_macvtap: left promiscuous mode [ 2761.867009][T26944] usb 5-1: config 0 descriptor?? [ 2762.000885][ T1902] netlink: 16 bytes leftover after parsing attributes in process `syz.3.6664'. [ 2762.328635][T26944] usb 5-1: USB disconnect, device number 65 [ 2762.580249][T27654] team0 (unregistering): Port device batadv1 removed [ 2763.183385][T27654] team0 (unregistering): Port device team_slave_1 removed [ 2763.233874][T27654] team0 (unregistering): Port device team_slave_0 removed [ 2763.847538][ T1906] vlan1: entered promiscuous mode [ 2764.025695][ T1914] netlink: 'syz.1.6669': attribute type 27 has an invalid length. [ 2764.233066][ T1924] netlink: 'syz.1.6672': attribute type 2 has an invalid length. [ 2764.445081][ T30] audit: type=1326 audit(1756860503.596:949): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1912 comm="syz.4.6668" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f475d58ebe9 code=0x0 [ 2764.959009][T26944] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 2765.124131][T26944] usb 3-1: config 0 has no interfaces? [ 2765.141835][T26944] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 2765.151238][T26944] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2765.163061][T26944] usb 3-1: Product: syz [ 2765.204634][T26944] usb 3-1: Manufacturer: syz [ 2765.231327][T26944] usb 3-1: SerialNumber: syz [ 2765.304357][T26944] usb 3-1: config 0 descriptor?? [ 2765.491007][ T1745] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 2765.579076][ T1745] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 2765.693847][ T1928] netlink: 12 bytes leftover after parsing attributes in process `syz.2.6670'. [ 2765.740205][ T1745] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 2765.830387][ T1745] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 2765.849414][T26944] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 2766.010424][T26944] usb 2-1: config 0 has an invalid descriptor of length 113, skipping remainder of the config [ 2766.044975][T26944] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 2766.097489][T26944] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 2766.107383][T26944] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2766.136362][T26944] usb 2-1: Product: syz [ 2766.161793][T26944] usb 2-1: Manufacturer: syz [ 2766.184793][T26944] usb 2-1: SerialNumber: syz [ 2766.214302][T26944] usb 2-1: config 0 descriptor?? [ 2766.220662][ T1745] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2766.351217][ T1745] 8021q: adding VLAN 0 to HW filter on device team0 [ 2766.404270][ T1964] netlink: 'syz.4.6676': attribute type 23 has an invalid length. [ 2766.525317][ T30] audit: type=1326 audit(1756860505.606:950): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1942 comm="syz.3.6674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f095138ebe9 code=0x7ffc0000 [ 2766.561745][T27654] bridge0: port 1(bridge_slave_0) entered blocking state [ 2766.569048][T27654] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2766.595522][ T30] audit: type=1326 audit(1756860505.606:951): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1942 comm="syz.3.6674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f095138ebe9 code=0x7ffc0000 [ 2766.666608][ T30] audit: type=1326 audit(1756860505.606:952): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1942 comm="syz.3.6674" exe="/root/syz-executor" sig=0 arch=c000003e syscall=150 compat=0 ip=0x7f095138ebe9 code=0x7ffc0000 [ 2766.695791][T27652] bridge0: port 2(bridge_slave_1) entered blocking state [ 2766.702998][T27652] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2766.893105][ T30] audit: type=1326 audit(1756860506.046:953): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=1946 comm="syz.1.6675" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f338138ebe9 code=0x0 [ 2766.914910][ C0] vkms_vblank_simulate: vblank timer overrun [ 2767.545847][ T1745] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2767.734106][ T5862] usb 3-1: USB disconnect, device number 68 [ 2767.750901][ T1745] veth0_vlan: entered promiscuous mode [ 2767.815680][ T1745] veth1_vlan: entered promiscuous mode [ 2768.071466][ T1973] vlan3: entered promiscuous mode [ 2768.171483][ T1745] veth0_macvtap: entered promiscuous mode [ 2768.219864][ T1745] veth1_macvtap: entered promiscuous mode [ 2768.312312][ T1986] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 2768.323608][ T1745] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2768.396445][ T1745] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2768.451030][T23493] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2768.471533][T14257] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2768.510853][T14257] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2768.552049][T14257] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2768.798585][ T5862] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 2768.899100][T27652] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2768.906973][T27652] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2768.965624][T16336] usb 2-1: USB disconnect, device number 68 [ 2768.989052][ T5862] usb 5-1: Using ep0 maxpacket: 16 [ 2769.009925][ T5862] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 2769.058996][ T5862] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2769.104812][T27652] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2769.108240][ T5862] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 2769.134871][T27652] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2769.178168][ T5862] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 2769.241545][ T5862] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 2769.273217][ T5862] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2769.299232][ T5862] usb 5-1: Product: syz [ 2769.316447][ T5862] usb 5-1: Manufacturer: syz [ 2769.334877][ T5862] usb 5-1: SerialNumber: syz [ 2769.444460][ T2006] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 2769.658766][ T5862] usb 5-1: USB disconnect, device number 66 [ 2769.768507][T27532] udevd[27532]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 2770.511374][ T5869] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 2770.528100][ T5869] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 2770.541112][ T5869] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 2770.556648][ T5869] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 2770.567252][ T5869] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 2771.442487][T19110] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2771.645340][T19110] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2771.762079][ T2035] chnl_net:caif_netlink_parms(): no params data found [ 2771.856906][ T2074] Dead loop on virtual device ip6_vti0, fix it urgently! [ 2771.930798][T19110] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2772.093287][ T2081] netlink: 8 bytes leftover after parsing attributes in process `syz.3.6703'. [ 2772.135294][T19110] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2772.150245][ T2085] netlink: 12 bytes leftover after parsing attributes in process `syz.4.6704'. [ 2772.191046][ T2081] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 2772.227736][ T2081] bridge0: port 2(bridge_slave_1) entered disabled state [ 2772.235124][ T2081] bridge0: port 1(bridge_slave_0) entered disabled state [ 2772.511927][ T2035] bridge0: port 1(bridge_slave_0) entered blocking state [ 2772.552067][ T2035] bridge0: port 1(bridge_slave_0) entered disabled state [ 2772.581012][ T2035] bridge_slave_0: entered allmulticast mode [ 2772.609434][ T5869] Bluetooth: hci4: command tx timeout [ 2772.617433][ T2035] bridge_slave_0: entered promiscuous mode [ 2772.640928][ T2035] bridge0: port 2(bridge_slave_1) entered blocking state [ 2772.650709][ T2035] bridge0: port 2(bridge_slave_1) entered disabled state [ 2772.658102][ T2035] bridge_slave_1: entered allmulticast mode [ 2772.667332][ T2035] bridge_slave_1: entered promiscuous mode [ 2772.889421][ T2035] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2772.937345][ T2035] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2773.332283][ T2125] netlink: 12 bytes leftover after parsing attributes in process `syz.0.6715'. [ 2773.358064][ T2035] team0: Port device team_slave_0 added [ 2773.392389][ T2035] team0: Port device team_slave_1 added [ 2773.601313][ T2131] netlink: 'syz.1.6718': attribute type 4 has an invalid length. [ 2773.725737][ T2035] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2773.751284][ T2035] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2773.834066][ T2035] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2773.845596][ T2142] netlink: 36 bytes leftover after parsing attributes in process `syz.1.6722'. [ 2773.868097][ T2035] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2773.908463][ T2035] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2773.934401][ C0] vkms_vblank_simulate: vblank timer overrun [ 2773.992312][ T2035] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2774.022706][T19110] bridge_slave_1: left allmulticast mode [ 2774.029101][T19110] bridge_slave_1: left promiscuous mode [ 2774.037146][T19110] bridge0: port 2(bridge_slave_1) entered disabled state [ 2774.050408][ T2152] binder: BINDER_SET_CONTEXT_MGR already set [ 2774.056434][ T2152] binder: 2151:2152 ioctl 4018620d 2000000000c0 returned -16 [ 2774.078904][T19110] bridge_slave_0: left allmulticast mode [ 2774.084629][T19110] bridge_slave_0: left promiscuous mode [ 2774.099453][T19110] bridge0: port 1(bridge_slave_0) entered disabled state [ 2774.492722][T19110] erspan0 (unregistering): left allmulticast mode [ 2774.578314][ T2154] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 2774.688291][ T5869] Bluetooth: hci4: command tx timeout [ 2774.729613][ T2154] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 2774.740664][ T2154] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 2774.750833][ T2154] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 2774.766407][ T2154] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 2774.776642][ T2154] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 2774.784939][ T2154] usb 5-1: Product: syz [ 2774.792234][ T2154] usb 5-1: Manufacturer: syz [ 2774.796832][ T2154] usb 5-1: SerialNumber: syz [ 2774.932504][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 2774.939677][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 2775.028542][ T2154] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 67 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 2775.225026][ T1307] usb 5-1: USB disconnect, device number 67 [ 2775.235188][T19110] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2775.262343][ T1307] usblp0: removed [ 2775.274718][T19110] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2775.302908][T19110] bond0 (unregistering): Released all slaves [ 2775.462123][T19110] bond1 (unregistering): Released all slaves [ 2775.481693][T19110] bond2 (unregistering): Released all slaves [ 2775.629859][T19110] bond3 (unregistering): (slave veth5): Releasing active interface [ 2775.641317][T19110] bond3 (unregistering): Released all slaves [ 2775.796303][T19110] bond4 (unregistering): (slave veth7): Releasing active interface [ 2775.804506][T19110] vlan3: entered promiscuous mode [ 2775.814295][T19110] bond4 (unregistering): (slave vlan3): Releasing active interface [ 2775.827917][T19110] bond4 (unregistering): Released all slaves [ 2775.996500][T19110] bond5 (unregistering): (slave veth9): Releasing active interface [ 2776.006065][T19110] bond5 (unregistering): Released all slaves [ 2776.149810][T19110] bond6 (unregistering): (slave veth11): Releasing active interface [ 2776.160746][T19110] bond6 (unregistering): Released all slaves [ 2776.307455][T19110] bond7 (unregistering): (slave veth13): Releasing active interface [ 2776.318262][T19110] bond7 (unregistering): Released all slaves [ 2776.457820][T19110] bond8 (unregistering): Released all slaves [ 2776.610031][T19110] bond9 (unregistering): Released all slaves [ 2776.757128][T19110] bond10 (unregistering): (slave veth15): Releasing active interface [ 2776.768379][ T5869] Bluetooth: hci4: command tx timeout [ 2776.781809][T19110] bond10 (unregistering): Released all slaves [ 2777.045128][T19110] bond11 (unregistering): (slave veth21): Releasing active interface [ 2777.060308][T19110] bond11 (unregistering): Released all slaves [ 2777.087238][T19110] bond12 (unregistering): Released all slaves [ 2777.144250][ T2191] vxcan1: entered promiscuous mode [ 2777.396103][ T2035] hsr_slave_0: entered promiscuous mode [ 2777.418966][ T2035] hsr_slave_1: entered promiscuous mode [ 2777.425418][ T2035] debugfs: 'hsr0' already exists in 'hsr' [ 2777.435759][ T2035] Cannot create hsr debugfs directory [ 2777.460291][T19110] : left promiscuous mode [ 2777.669080][T19110] tipc: Left network mode [ 2778.370222][ T2215] tipc: Started in network mode [ 2778.375140][ T2215] tipc: Node identity 9aa81e4ea17c, cluster identity 4711 [ 2778.448998][ T2215] tipc: Enabled bearer , priority 0 [ 2778.493972][ T2223] syzkaller0: entered promiscuous mode [ 2778.541838][ T2223] syzkaller0: entered allmulticast mode [ 2778.836483][ T2232] tipc: Resetting bearer [ 2778.851876][ T5869] Bluetooth: hci4: command tx timeout [ 2779.008421][ T2213] tipc: Resetting bearer [ 2779.111280][ T2213] tipc: Disabling bearer [ 2780.313805][ T2244] team0 (unregistering): Port device team_slave_0 removed [ 2780.347051][ T2244] team0 (unregistering): Port device team_slave_1 removed [ 2782.057997][ T2035] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 2782.146676][ T2035] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 2782.579380][ T2270] netlink: 8 bytes leftover after parsing attributes in process `syz.4.6764'. [ 2782.716013][ T2035] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 2782.914821][T19110] hsr_slave_0: left promiscuous mode [ 2782.935629][ T2289] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 2782.973435][T19110] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2782.992748][T19110] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2783.029297][T19110] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2783.036823][T19110] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2783.103584][T19110] veth1_macvtap: left promiscuous mode [ 2783.125539][T19110] veth0_macvtap: left promiscuous mode [ 2784.035206][T19110] vlan2 (unregistering): left allmulticast mode [ 2784.046994][T19110] team0 (unregistering): Port device vlan2 removed [ 2784.161356][T19110] pim6reg (unregistering): left allmulticast mode [ 2784.896147][T19110] team_slave_1 (unregistering): left allmulticast mode [ 2784.907151][T19110] team0 (unregistering): Port device team_slave_1 removed [ 2785.137873][T19110] team_slave_0 (unregistering): left allmulticast mode [ 2785.155916][T19110] team0 (unregistering): Port device team_slave_0 removed [ 2786.093403][ T2330] program syz.3.6781 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 2786.264027][T19110] team0 (unregistering): left allmulticast mode [ 2786.296927][ T2035] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 2786.449246][ T2345] random: crng reseeded on system resumption [ 2786.708479][ T2035] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2786.789553][ T2035] 8021q: adding VLAN 0 to HW filter on device team0 [ 2786.817721][T14257] bridge0: port 1(bridge_slave_0) entered blocking state [ 2786.825951][T14257] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2786.923295][T14257] bridge0: port 2(bridge_slave_1) entered blocking state [ 2786.930547][T14257] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2787.202321][ T2371] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 2787.238055][ T2035] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 2787.249025][ T2035] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 2787.290822][ T2035] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2787.727884][ T2035] veth0_vlan: entered promiscuous mode [ 2787.776663][ T2035] veth1_vlan: entered promiscuous mode [ 2787.893793][ T2035] veth0_macvtap: entered promiscuous mode [ 2787.922057][ T2035] veth1_macvtap: entered promiscuous mode [ 2788.003940][ T2035] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2788.038901][ T2035] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2788.087701][ T1385] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2788.121200][T27654] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2788.173373][T27654] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2788.199956][ T6035] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2788.495827][ T6035] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2788.534711][ T6035] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2788.643756][ T1385] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2788.714901][ T2406] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 2788.798152][ T1385] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2788.836867][T19110] IPVS: stop unused estimator thread 0... [ 2790.101720][ T2445] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6808'. [ 2790.147514][ T2445] netlink: 4 bytes leftover after parsing attributes in process `syz.0.6808'. [ 2790.570453][ T1996] usb 4-1: USB disconnect, device number 117 [ 2790.853317][ T2461] netlink: 104 bytes leftover after parsing attributes in process `syz.1.6812'. [ 2791.668952][ T5877] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 2791.684579][ T5877] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 2791.695073][ T5877] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 2791.706552][ T5877] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 2791.718246][ T1307] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 2791.728625][ T5877] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 2791.891126][ T1307] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2791.977144][ T1307] usb 2-1: config 0 has no interfaces? [ 2791.996181][ T1307] usb 2-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=44.1f [ 2792.006524][ T1307] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2792.022910][ T1307] usb 2-1: Product: syz [ 2792.037200][ T1307] usb 2-1: Manufacturer: syz [ 2792.048640][ T1307] usb 2-1: SerialNumber: syz [ 2792.086815][ T1307] usb 2-1: config 0 descriptor?? [ 2792.500732][ T2154] usb 2-1: USB disconnect, device number 69 [ 2792.574840][T23493] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2792.598161][ T30] audit: type=1800 audit(1756860531.746:954): pid=2484 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.4.6819" name="/" dev="fuse" ino=9 res=0 errno=0 [ 2792.902355][T23493] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2793.141307][T23493] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2793.394881][T23493] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2793.581594][ T2486] chnl_net:caif_netlink_parms(): no params data found [ 2793.808623][ T5869] Bluetooth: hci3: command tx timeout [ 2794.012697][ T2529] kvm: pic: level sensitive irq not supported [ 2794.014571][ T2529] kvm: pic: non byte write [ 2794.059516][ T2486] bridge0: port 1(bridge_slave_0) entered blocking state [ 2794.066712][ T2486] bridge0: port 1(bridge_slave_0) entered disabled state [ 2794.078847][ T2529] kvm: pic: non byte write [ 2794.086218][ T2486] bridge_slave_0: entered allmulticast mode [ 2794.093825][ T2529] kvm: pic: non byte write [ 2794.114289][ T2486] bridge_slave_0: entered promiscuous mode [ 2794.116072][ T2529] kvm: pic: non byte write [ 2794.146072][ T2529] kvm: pic: level sensitive irq not supported [ 2794.147529][ T2486] bridge0: port 2(bridge_slave_1) entered blocking state [ 2794.156306][ T2529] kvm: pic: level sensitive irq not supported [ 2794.180262][ T2529] kvm: pic: single mode not supported [ 2794.182971][ T2486] bridge0: port 2(bridge_slave_1) entered disabled state [ 2794.205652][ T2529] kvm: pic: level sensitive irq not supported [ 2794.205831][ T2529] kvm: pic: non byte write [ 2794.212345][ T2486] bridge_slave_1: entered allmulticast mode [ 2794.214507][ T2486] bridge_slave_1: entered promiscuous mode [ 2794.249534][ T2529] kvm: pic: non byte write [ 2794.279348][ T2529] kvm: pic: level sensitive irq not supported [ 2794.279619][ T2529] kvm: pic: level sensitive irq not supported [ 2794.306250][ T2529] kvm: pic: single mode not supported [ 2794.329990][ T2529] kvm: pic: non byte write [ 2794.409041][ T2529] kvm: pic: non byte write [ 2794.446015][ T2529] kvm: pic: single mode not supported [ 2794.446781][ T2529] kvm: pic: level sensitive irq not supported [ 2794.466643][ T2486] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2794.512882][ T2529] kvm: pic: non byte write [ 2794.517454][ T2529] kvm: pic: non byte write [ 2794.553780][ T2486] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2794.565897][ T2529] kvm: pic: single mode not supported [ 2794.567939][ T2529] kvm: pic: level sensitive irq not supported [ 2794.585064][T23493] bridge_slave_1: left allmulticast mode [ 2794.623909][ T2529] kvm: pic: single mode not supported [ 2794.624852][ T2529] kvm: pic: level sensitive irq not supported [ 2794.634149][T23493] bridge_slave_1: left promiscuous mode [ 2794.666548][ T2529] kvm: pic: single mode not supported [ 2794.666574][ T2529] kvm: pic: level sensitive irq not supported [ 2794.668486][T23493] bridge0: port 2(bridge_slave_1) entered disabled state [ 2794.678985][ T2529] kvm: pic: single mode not supported [ 2794.690887][ T2529] kvm: pic: single mode not supported [ 2794.697982][ T2529] kvm: pic: single mode not supported [ 2794.715038][ T2529] kvm: pic: single mode not supported [ 2794.764858][T23493] bridge_slave_0: left allmulticast mode [ 2794.839931][T23493] bridge_slave_0: left promiscuous mode [ 2794.845817][T23493] bridge0: port 1(bridge_slave_0) entered disabled state [ 2795.659512][T19868] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 2795.823919][T19868] usb 3-1: config index 0 descriptor too short (expected 45, got 36) [ 2795.838261][T19868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 255, changing to 11 [ 2795.858628][T19868] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 59391, setting to 1024 [ 2795.897584][ T5869] Bluetooth: hci3: command tx timeout [ 2795.985412][T19868] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 2796.042071][T19868] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 2796.061590][T19868] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2796.088941][T19868] usb 3-1: config 0 descriptor?? [ 2796.134637][ T2577] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 2796.591987][T19868] plantronics 0003:047F:FFFF.0030: reserved main item tag 0xd [ 2796.677000][T19868] plantronics 0003:047F:FFFF.0030: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 2796.869159][T23493] bond1 (unregistering): (slave veth3): Releasing active interface [ 2796.889425][ T1996] usb 3-1: USB disconnect, device number 69 [ 2796.907491][T23493] bond1 (unregistering): Released all slaves [ 2796.919955][ T2617] fido_id[2617]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 2797.368860][T23493] bond2 (unregistering): Released all slaves [ 2797.944314][T23493] bond3 (unregistering): (slave vlan2): Releasing active interface [ 2797.969780][ T5869] Bluetooth: hci3: command tx timeout [ 2797.995490][T23493] bond3 (unregistering): Released all slaves [ 2798.600824][T23493] bond0 (unregistering): Released all slaves [ 2798.973821][T23493] bond4 (unregistering): (slave veth5): Releasing active interface [ 2798.997548][T23493] bond4 (unregistering): Released all slaves [ 2799.041977][T23493] bond5 (unregistering): Released all slaves [ 2799.285674][T23493] bond6 (unregistering): (slave veth7): Releasing active interface [ 2799.297786][T23493] bond6 (unregistering): Released all slaves [ 2799.437943][ T2637] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 2799.448584][ T2637] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 2799.477429][ T2637] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2799.490477][ T2637] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2799.583450][ T2486] team0: Port device team_slave_0 added [ 2799.611734][ T2486] team0: Port device team_slave_1 added [ 2799.651857][T23493] : left promiscuous mode [ 2799.797175][T23493] : left promiscuous mode [ 2799.826686][ T2486] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2799.835354][ T2486] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2799.865396][ T2486] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2799.890872][ T2486] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2799.913003][ T2486] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2799.960500][ T2486] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2800.033198][T23493] tipc: Disabling bearer [ 2800.049323][ T5869] Bluetooth: hci3: command tx timeout [ 2800.064356][T23493] tipc: Left network mode [ 2800.099288][T23493] IPVS: stopping backup sync thread 29303 ... [ 2800.322665][ T2486] hsr_slave_0: entered promiscuous mode [ 2800.350359][ T2486] hsr_slave_1: entered promiscuous mode [ 2800.470978][ T2694] netlink: 28 bytes leftover after parsing attributes in process `syz.2.6875'. [ 2800.697173][ T2690] fuse: root generation should be zero [ 2803.131178][T23493] hsr_slave_0: left promiscuous mode [ 2803.225241][T23493] veth1_macvtap: left promiscuous mode [ 2803.280415][T23493] veth0_macvtap: left promiscuous mode [ 2803.286247][T23493] veth1_vlan: left promiscuous mode [ 2803.292270][T23493] veth0_vlan: left promiscuous mode [ 2803.895540][T23493] pim6reg9 (unregistering): left allmulticast mode [ 2806.199306][ T2486] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 2806.287764][ T2486] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 2806.333348][ T2486] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 2806.402815][ T2486] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 2806.498353][T23493] IPVS: stop unused estimator thread 0... [ 2807.172778][ T2486] 8021q: adding VLAN 0 to HW filter on device bond0 [ 2807.312276][ T2486] 8021q: adding VLAN 0 to HW filter on device team0 [ 2807.433827][ T1385] bridge0: port 1(bridge_slave_0) entered blocking state [ 2807.441115][ T1385] bridge0: port 1(bridge_slave_0) entered forwarding state [ 2807.506868][ T1385] bridge0: port 2(bridge_slave_1) entered blocking state [ 2807.514119][ T1385] bridge0: port 2(bridge_slave_1) entered forwarding state [ 2807.965035][ T2486] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 2808.246012][ T2486] veth0_vlan: entered promiscuous mode [ 2808.327537][ T2486] veth1_vlan: entered promiscuous mode [ 2808.506745][ T2486] veth0_macvtap: entered promiscuous mode [ 2808.576922][ T2486] veth1_macvtap: entered promiscuous mode [ 2808.722535][ T2486] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 2808.804539][ T2486] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 2808.845680][T27657] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 2809.353764][T27657] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 2809.380375][T27657] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 2809.409188][T27657] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 2809.789674][ T1385] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2809.828641][ T1385] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2809.925270][T27652] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 2809.979205][T27652] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 2810.258401][T16336] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 2810.449326][T16336] usb 5-1: Using ep0 maxpacket: 32 [ 2810.470449][T16336] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 2810.480077][T16336] usb 5-1: config 0 has no interface number 0 [ 2810.486290][ T30] audit: type=1800 audit(1756860549.636:955): pid=2907 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.2.6926" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 2810.550138][T16336] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 2810.599441][T16336] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2810.653678][T16336] usb 5-1: Product: syz [ 2810.658646][T16336] usb 5-1: Manufacturer: syz [ 2810.663401][T16336] usb 5-1: SerialNumber: syz [ 2810.693381][T16336] usb 5-1: config 0 descriptor?? [ 2810.708081][T16336] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 2810.957079][T16336] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 2811.103672][T16336] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 2811.141167][ C1] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short [ 2811.344539][ C1] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 2811.345721][T26944] usb 5-1: USB disconnect, device number 68 [ 2811.464910][T26944] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 2811.514297][T26944] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 2811.527352][T26944] quatech2 5-1:0.51: device disconnected [ 2811.680538][ T2927] binder: 2904:2927 ioctl c0306201 0 returned -14 [ 2812.118975][ T2932] binder: BINDER_SET_CONTEXT_MGR already set [ 2812.148429][ T2932] binder: 2931:2932 ioctl 4018620d 2000000000c0 returned -16 [ 2812.715417][ T1616] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 2812.728286][ T1616] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 2812.737895][ T1616] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 2812.746641][ T1616] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 2812.757105][ T1616] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 2813.059870][ T1996] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 2813.178237][ T5877] Bluetooth: hci3: command 0x0405 tx timeout [ 2813.261146][ T1996] usb 3-1: Using ep0 maxpacket: 16 [ 2813.268836][ T1996] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2813.298507][ T1996] usb 3-1: New USB device found, idVendor=045e, idProduct=0284, bcdDevice= 1.00 [ 2813.307789][ T1996] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2813.322448][ T1996] usb 3-1: config 0 descriptor?? [ 2813.478341][ T1996] rc_core: IR keymap rc-xbox-dvd not found [ 2813.484215][ T1996] Registered IR keymap rc-empty [ 2813.507045][T27657] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2813.519023][ T1996] rc rc0: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 2813.535652][T27657] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 2813.580374][ T1996] input: Xbox DVD USB Remote Control(045e,0284) as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input218 [ 2813.636667][ T2943] chnl_net:caif_netlink_parms(): no params data found [ 2813.712707][ T1996] usb 3-1: USB disconnect, device number 70 [ 2813.719008][ C1] xbox_remote 3-1:0.0: xbox_remote_irq_in: usb_submit_urb()=-19 [ 2813.806460][T27657] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2813.823527][T27657] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 2813.930868][T27657] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2813.946448][T27657] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 2814.084237][T27657] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 2814.118263][T27657] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 20004 - 0 [ 2814.341217][ T2987] binder: BINDER_SET_CONTEXT_MGR already set [ 2814.376746][ T2987] binder: 2986:2987 ioctl 4018620d 2000000000c0 returned -16 [ 2814.394443][ T2943] bridge0: port 1(bridge_slave_0) entered blocking state [ 2814.411861][ T2943] bridge0: port 1(bridge_slave_0) entered disabled state [ 2814.438519][ T2943] bridge_slave_0: entered allmulticast mode [ 2814.453557][ T2943] bridge_slave_0: entered promiscuous mode [ 2814.500137][ T2943] bridge0: port 2(bridge_slave_1) entered blocking state [ 2814.507392][ T2943] bridge0: port 2(bridge_slave_1) entered disabled state [ 2814.529440][ T2943] bridge_slave_1: entered allmulticast mode [ 2814.545478][ T2943] bridge_slave_1: entered promiscuous mode [ 2814.792002][ T2943] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 2814.828362][ T5862] usb 4-1: new high-speed USB device number 118 using dummy_hcd [ 2814.848750][ T5877] Bluetooth: hci1: command tx timeout [ 2814.866475][ T2943] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 2815.019864][T27657] bridge_slave_1: left allmulticast mode [ 2815.037272][T27657] bridge_slave_1: left promiscuous mode [ 2815.066872][T27657] bridge0: port 2(bridge_slave_1) entered disabled state [ 2815.074526][ T5862] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 2815.092102][ T5862] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 2815.105181][ T5862] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 2815.120050][T27657] bridge_slave_0: left allmulticast mode [ 2815.125727][T27657] bridge_slave_0: left promiscuous mode [ 2815.131810][ T5862] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2815.141018][T27657] bridge0: port 1(bridge_slave_0) entered disabled state [ 2815.156005][ T2996] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 2815.177839][ T5862] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 2815.462858][ T5862] usb 4-1: USB disconnect, device number 118 [ 2816.186766][T27657] bond1 (unregistering): (slave geneve2): Releasing active interface [ 2816.323646][ T3038] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 2816.865674][T27657] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 2816.876330][T27657] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 2816.888022][T27657] bond0 (unregistering): Released all slaves [ 2816.905487][T27657] bond1 (unregistering): Released all slaves [ 2816.928473][ T5877] Bluetooth: hci1: command tx timeout [ 2817.052861][T27657] bond2 (unregistering): (slave veth3): Releasing active interface [ 2817.063315][T27657] bond2 (unregistering): Released all slaves [ 2817.236435][T27657] bond3 (unregistering): (slave veth5): Releasing active interface [ 2817.249972][T27657] bond3 (unregistering): Released all slaves [ 2817.504044][T27657] bond4 (unregistering): (slave veth7): Releasing active interface [ 2817.514187][T27657] vlan2: entered promiscuous mode [ 2817.539178][T27657] bond4 (unregistering): (slave vlan2): Releasing active interface [ 2817.560625][T27657] bond4 (unregistering): Released all slaves [ 2817.875064][T27657] bond5 (unregistering): (slave veth9): Releasing active interface [ 2817.905641][T27657] bond5 (unregistering): Released all slaves [ 2818.237983][T27657] bond6 (unregistering): (slave veth11): Releasing active interface [ 2818.279881][T27657] bond6 (unregistering): Released all slaves [ 2818.335445][T27657] bond7 (unregistering): Released all slaves [ 2818.932279][T27657] bond8 (unregistering): Released all slaves [ 2819.013659][ T5877] Bluetooth: hci1: command tx timeout [ 2819.124815][ T2943] team0: Port device team_slave_0 added [ 2819.543359][ T2943] team0: Port device team_slave_1 added [ 2819.732082][T27657] : left promiscuous mode [ 2819.954707][ T2943] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 2819.994533][ T2943] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2820.138408][ T2943] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 2820.173039][T27657] : left promiscuous mode [ 2820.310303][ T2943] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 2820.384742][ T2943] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 2820.547966][ T2943] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 2820.625602][T27657] tipc: Left network mode [ 2821.090155][ T5877] Bluetooth: hci1: command tx timeout [ 2821.176890][ T3094] netlink: 356 bytes leftover after parsing attributes in process `syz.2.6993'. [ 2821.318716][ T30] audit: type=1326 audit(1756860560.466:956): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3090 comm="syz.2.6993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f886838ebe9 code=0x7ffc0000 [ 2821.382706][ T2943] hsr_slave_0: entered promiscuous mode [ 2822.713080][ T2943] hsr_slave_1: entered promiscuous mode [ 2822.783293][ T30] audit: type=1326 audit(1756860560.466:957): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3090 comm="syz.2.6993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f886838ebe9 code=0x7ffc0000 [ 2822.808892][ T2943] debugfs: 'hsr0' already exists in 'hsr' [ 2822.814657][ T2943] Cannot create hsr debugfs directory [ 2822.933149][ T30] audit: type=1326 audit(1756860560.466:958): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3090 comm="syz.2.6993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f886838ebe9 code=0x7ffc0000 [ 2823.115775][ T30] audit: type=1326 audit(1756860560.466:959): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3090 comm="syz.2.6993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=44 compat=0 ip=0x7f886838ebe9 code=0x7ffc0000 [ 2823.828765][ T30] audit: type=1326 audit(1756860560.466:960): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3090 comm="syz.2.6993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f886838ebe9 code=0x7ffc0000 [ 2826.275894][ T30] audit: type=1326 audit(1756860560.466:961): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3090 comm="syz.2.6993" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f886838ebe9 code=0x7ffc0000 [ 2827.344666][ C1] sched: DL replenish lagged too much [ 2833.288214][ T30] audit: type=1326 audit(1756860562.026:962): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3097 comm="syz.3.6994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47df38ebe9 code=0x7ffc0000 [ 2835.176104][ T30] audit: type=1326 audit(1756860562.026:963): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3097 comm="syz.3.6994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47df38ebe9 code=0x7ffc0000 [ 2835.436485][ T30] audit: type=1326 audit(1756860562.026:964): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3097 comm="syz.3.6994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=172 compat=0 ip=0x7f47df38ebe9 code=0x7ffc0000 [ 2835.648370][ T30] audit: type=1326 audit(1756860562.026:965): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3097 comm="syz.3.6994" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f47df38ebe9 code=0x7ffc0000 [ 2836.396023][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 2836.402530][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 2838.132898][ T3143] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7009'. [ 2839.091799][ T5869] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 2839.102859][ T5869] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 2839.118410][ T5869] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 2839.126730][ T5869] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 2839.138874][ T5869] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 2841.248387][ T5877] Bluetooth: hci0: command tx timeout [ 2843.328224][ T5877] Bluetooth: hci0: command tx timeout [ 2844.448983][ T3169] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7017'. [ 2844.535090][ T3169] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 2844.720627][ T3169] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 2845.157787][ T3173] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7018'. [ 2845.414112][ T5877] Bluetooth: hci0: command tx timeout [ 2845.725872][ T3184] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7020'. [ 2846.596044][ T30] audit: type=1326 audit(1756860585.746:966): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3193 comm="syz.1.7023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f338138ebe9 code=0x7ffc0000 [ 2847.268427][ T30] audit: type=1326 audit(1756860585.786:967): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3193 comm="syz.1.7023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f338138ebe9 code=0x7ffc0000 [ 2847.488404][ T5877] Bluetooth: hci0: command tx timeout [ 2847.497148][ T30] audit: type=1326 audit(1756860585.786:968): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3193 comm="syz.1.7023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f338138ebe9 code=0x7ffc0000 [ 2847.807711][ T30] audit: type=1326 audit(1756860586.296:969): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3193 comm="syz.1.7023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=6 compat=0 ip=0x7f338138ebe9 code=0x7ffc0000 [ 2847.902480][ T30] audit: type=1326 audit(1756860586.296:970): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3193 comm="syz.1.7023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f338138ebe9 code=0x7ffc0000 [ 2848.356793][ T30] audit: type=1326 audit(1756860586.296:971): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=3193 comm="syz.1.7023" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f338138ebe9 code=0x7ffc0000 [ 2848.430164][ T2943] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 2848.673658][ T3206] netlink: 4 bytes leftover after parsing attributes in process `syz.1.7024'. [ 2851.372117][ T2943] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 2866.490527][ T1616] Bluetooth: hci5: command 0x0406 tx timeout [ 2968.728066][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 2968.735080][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P26944/1:b..l P5608/1:b..l [ 2968.744794][ C0] rcu: (detected by 0, t=10502 jiffies, g=262489, q=648 ncpus=2) [ 2968.752622][ C0] task:crond state:R running task stack:24104 pid:5608 tgid:5608 ppid:1 task_flags:0x400000 flags:0x00004002 [ 2968.767353][ C0] Call Trace: [ 2968.770662][ C0] [ 2968.773615][ C0] __schedule+0x1798/0x4cc0 [ 2968.778161][ C0] ? is_bpf_text_address+0x26/0x2b0 [ 2968.783400][ C0] ? __kernel_text_address+0xd/0x40 [ 2968.788642][ C0] ? __pfx___schedule+0x10/0x10 [ 2968.793527][ C0] ? stack_trace_save+0x9c/0xe0 [ 2968.798418][ C0] ? preempt_schedule_irq+0xaa/0x150 [ 2968.803741][ C0] preempt_schedule_irq+0xb5/0x150 [ 2968.808881][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 2968.814640][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 2968.820470][ C0] irqentry_exit+0x6f/0x90 [ 2968.824916][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 2968.830921][ C0] RIP: 0010:lock_release+0x2b5/0x3e0 [ 2968.836234][ C0] Code: 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 75 56 f7 c3 00 02 00 00 74 01 fb 65 48 8b 05 1b 0f 03 11 <48> 3b 44 24 28 0f 85 8b 00 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e [ 2968.855860][ C0] RSP: 0018:ffffc90003b6f2d0 EFLAGS: 00000206 [ 2968.861961][ C0] RAX: 996ab9f87963a900 RBX: 0000000000000202 RCX: 996ab9f87963a900 [ 2968.869953][ C0] RDX: 0000000000000001 RSI: ffffffff8dba7f2b RDI: ffffffff8be33880 [ 2968.877948][ C0] RBP: ffff88802abc4718 R08: ffffc90003b6f780 R09: 0000000000000000 [ 2968.885940][ C0] R10: ffffc90003b6f458 R11: fffff5200076de8d R12: 0000000000000001 [ 2968.893934][ C0] R13: 0000000000000001 R14: ffffffff8e139f20 R15: ffff88802abc3c00 [ 2968.901955][ C0] ? unwind_next_frame+0xa5/0x2390 [ 2968.907098][ C0] ? unwind_next_frame+0xa5/0x2390 [ 2968.912236][ C0] unwind_next_frame+0x19a9/0x2390 [ 2968.917381][ C0] ? unwind_next_frame+0xa5/0x2390 [ 2968.922515][ C0] ? __put_partials+0x156/0x1a0 [ 2968.927392][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2968.933567][ C0] arch_stack_walk+0x11c/0x150 [ 2968.938366][ C0] ? put_cpu_partial+0x17c/0x250 [ 2968.943331][ C0] stack_trace_save+0x9c/0xe0 [ 2968.948055][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 2968.953478][ C0] save_stack+0xf5/0x1f0 [ 2968.957763][ C0] ? __pfx_save_stack+0x10/0x10 [ 2968.962646][ C0] ? __free_frozen_pages+0xbc4/0xd30 [ 2968.967973][ C0] ? __put_partials+0x156/0x1a0 [ 2968.972877][ C0] ? page_ext_put+0x97/0xc0 [ 2968.977422][ C0] __reset_page_owner+0x71/0x1f0 [ 2968.982396][ C0] __free_frozen_pages+0xbc4/0xd30 [ 2968.987554][ C0] __put_partials+0x156/0x1a0 [ 2968.992274][ C0] put_cpu_partial+0x17c/0x250 [ 2968.997077][ C0] ? put_cpu_partial+0x6d/0x250 [ 2969.001961][ C0] __slab_free+0x2d5/0x3c0 [ 2969.006408][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 2969.012772][ C0] ? __phys_addr+0xd3/0x180 [ 2969.017312][ C0] qlist_free_all+0x97/0x140 [ 2969.021938][ C0] kasan_quarantine_reduce+0x148/0x160 [ 2969.027430][ C0] __kasan_slab_alloc+0x22/0x80 [ 2969.032313][ C0] kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 2969.037800][ C0] ? alloc_empty_file+0x55/0x1d0 [ 2969.042766][ C0] alloc_empty_file+0x55/0x1d0 [ 2969.047553][ C0] path_openat+0x107/0x3830 [ 2969.052079][ C0] ? arch_stack_walk+0xfc/0x150 [ 2969.056973][ C0] ? stack_trace_save+0x9c/0xe0 [ 2969.061857][ C0] ? stack_depot_save_flags+0x40/0x860 [ 2969.067354][ C0] ? kasan_save_track+0x4f/0x80 [ 2969.072229][ C0] ? kasan_save_track+0x3e/0x80 [ 2969.077102][ C0] ? __kasan_slab_alloc+0x6c/0x80 [ 2969.082151][ C0] ? getname_flags+0xb8/0x540 [ 2969.086850][ C0] ? __pfx_path_openat+0x10/0x10 [ 2969.091817][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2969.097929][ C0] do_filp_open+0x1fa/0x410 [ 2969.102461][ C0] ? __lock_acquire+0xab9/0xd20 [ 2969.107346][ C0] ? __pfx_do_filp_open+0x10/0x10 [ 2969.112428][ C0] ? _raw_spin_unlock+0x28/0x50 [ 2969.117304][ C0] ? alloc_fd+0x64c/0x6c0 [ 2969.121687][ C0] do_sys_openat2+0x121/0x1c0 [ 2969.126411][ C0] ? __pfx_do_sys_openat2+0x10/0x10 [ 2969.131645][ C0] ? rcu_is_watching+0x15/0xb0 [ 2969.136444][ C0] __x64_sys_openat+0x138/0x170 [ 2969.141330][ C0] do_syscall_64+0xfa/0x3b0 [ 2969.145868][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2969.151960][ C0] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 2969.157621][ C0] ? clear_bhb_loop+0x60/0xb0 [ 2969.162329][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2969.168242][ C0] RIP: 0033:0x7f52dc04d407 [ 2969.172678][ C0] RSP: 002b:00007ffcba2a2920 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 2969.181115][ C0] RAX: ffffffffffffffda RBX: 00007f52dbefdc80 RCX: 00007f52dc04d407 [ 2969.189105][ C0] RDX: 0000000000000000 RSI: 00007f52dc240764 RDI: ffffffffffffff9c [ 2969.197094][ C0] RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000 [ 2969.205085][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 00007f52dc24c492 [ 2969.213088][ C0] R13: 00007f52dc24c492 R14: 0000000000000001 R15: 000000000000000e [ 2969.221108][ C0] [ 2969.224145][ C0] task:kworker/0:5 state:R running task stack:20168 pid:26944 tgid:26944 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 2969.237749][ C0] Workqueue: events nsim_fib_event_work [ 2969.243323][ C0] Call Trace: [ 2969.246621][ C0] [ 2969.249578][ C0] __schedule+0x1798/0x4cc0 [ 2969.254133][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 2969.259360][ C0] ? __pfx___schedule+0x10/0x10 [ 2969.264235][ C0] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 2969.270171][ C0] ? preempt_schedule_irq+0xaa/0x150 [ 2969.275490][ C0] preempt_schedule_irq+0xb5/0x150 [ 2969.280632][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 2969.286392][ C0] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 2969.292225][ C0] irqentry_exit+0x6f/0x90 [ 2969.296672][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 2969.302673][ C0] RIP: 0010:lock_acquire+0x175/0x360 [ 2969.307985][ C0] Code: 00 00 00 00 9c 8f 44 24 30 f7 44 24 30 00 02 00 00 0f 85 cd 00 00 00 f7 44 24 08 00 02 00 00 74 01 fb 65 48 8b 05 8b 21 03 11 <48> 3b 44 24 58 0f 85 f2 00 00 00 48 83 c4 60 5b 41 5c 41 5d 41 5e [ 2969.327613][ C0] RSP: 0018:ffffc900033d6ff8 EFLAGS: 00000206 [ 2969.333705][ C0] RAX: 022492541deba900 RBX: 0000000000000000 RCX: 022492541deba900 [ 2969.341696][ C0] RDX: 0000000000000000 RSI: ffffffff8dba7f2b RDI: ffffffff8be33880 [ 2969.349685][ C0] RBP: ffffffff8172c195 R08: 0000000000000000 R09: ffffffff8172c195 [ 2969.357674][ C0] R10: ffffc900033d71b8 R11: ffffffff81ac3ad0 R12: 0000000000000002 [ 2969.365682][ C0] R13: ffffffff8e139f20 R14: 0000000000000000 R15: 0000000000000246 [ 2969.373677][ C0] ? unwind_next_frame+0xa5/0x2390 [ 2969.378846][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2969.385044][ C0] ? unwind_next_frame+0xa5/0x2390 [ 2969.390215][ C0] ? unwind_next_frame+0xa5/0x2390 [ 2969.395357][ C0] ? __put_partials+0x156/0x1a0 [ 2969.400233][ C0] ? unwind_next_frame+0xa5/0x2390 [ 2969.405369][ C0] unwind_next_frame+0xc2/0x2390 [ 2969.410331][ C0] ? unwind_next_frame+0xa5/0x2390 [ 2969.415476][ C0] ? unwind_next_frame+0xa5/0x2390 [ 2969.420612][ C0] ? __free_frozen_pages+0xbc4/0xd30 [ 2969.425931][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 2969.432117][ C0] arch_stack_walk+0x11c/0x150 [ 2969.436914][ C0] ? __put_partials+0x156/0x1a0 [ 2969.441796][ C0] stack_trace_save+0x9c/0xe0 [ 2969.446500][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 2969.451906][ C0] save_stack+0xf5/0x1f0 [ 2969.456178][ C0] ? __pfx_save_stack+0x10/0x10 [ 2969.461055][ C0] ? __free_frozen_pages+0xbc4/0xd30 [ 2969.466375][ C0] ? __put_partials+0x156/0x1a0 [ 2969.471268][ C0] __reset_page_owner+0x71/0x1f0 [ 2969.476236][ C0] __free_frozen_pages+0xbc4/0xd30 [ 2969.481385][ C0] __put_partials+0x156/0x1a0 [ 2969.486096][ C0] put_cpu_partial+0x17c/0x250 [ 2969.490881][ C0] ? put_cpu_partial+0x6d/0x250 [ 2969.495758][ C0] __slab_free+0x2d5/0x3c0 [ 2969.500201][ C0] ? __phys_addr+0xd3/0x180 [ 2969.504750][ C0] qlist_free_all+0x97/0x140 [ 2969.509388][ C0] kasan_quarantine_reduce+0x148/0x160 [ 2969.514895][ C0] __kasan_slab_alloc+0x22/0x80 [ 2969.519789][ C0] __kmalloc_cache_noprof+0x1be/0x3d0 [ 2969.525197][ C0] ? nsim_fib6_rt_nh_add+0x53/0x210 [ 2969.530429][ C0] nsim_fib6_rt_nh_add+0x53/0x210 [ 2969.535482][ C0] nsim_fib_event_work+0x1cf4/0x3180 [ 2969.540814][ C0] ? __pfx_nsim_fib_event_work+0x10/0x10 [ 2969.546500][ C0] ? do_raw_spin_lock+0x121/0x290 [ 2969.551560][ C0] ? look_up_lock_class+0x74/0x170 [ 2969.556722][ C0] ? register_lock_class+0x51/0x320 [ 2969.561990][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 2969.567227][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 2969.572972][ C0] ? process_scheduled_works+0x9ef/0x17b0 [ 2969.578720][ C0] process_scheduled_works+0xae1/0x17b0 [ 2969.584325][ C0] ? __pfx_process_scheduled_works+0x10/0x10 [ 2969.590344][ C0] worker_thread+0x8a0/0xda0 [ 2969.594992][ C0] kthread+0x70e/0x8a0 [ 2969.599096][ C0] ? __pfx_worker_thread+0x10/0x10 [ 2969.604226][ C0] ? __pfx_kthread+0x10/0x10 [ 2969.608843][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 2969.614077][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 2969.619303][ C0] ? __pfx_kthread+0x10/0x10 [ 2969.623919][ C0] ret_from_fork+0x3fc/0x770 [ 2969.628539][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 2969.633681][ C0] ? __switch_to_asm+0x39/0x70 [ 2969.638473][ C0] ? __switch_to_asm+0x33/0x70 [ 2969.643264][ C0] ? __pfx_kthread+0x10/0x10 [ 2969.647884][ C0] ret_from_fork_asm+0x1a/0x30 [ 2969.652689][ C0] [ 2969.655728][ C0] rcu: rcu_preempt kthread starved for 9979 jiffies! g262489 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x0 ->cpu=0 [ 2969.666942][ C0] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 2969.676929][ C0] rcu: RCU grace-period kthread stack dump: [ 2969.682827][ C0] task:rcu_preempt state:R running task stack:27160 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 2969.696359][ C0] Call Trace: [ 2969.699659][ C0] [ 2969.702610][ C0] __schedule+0x1798/0x4cc0 [ 2969.707175][ C0] ? __pfx___schedule+0x10/0x10 [ 2969.712076][ C0] ? schedule+0x91/0x360 [ 2969.716350][ C0] schedule+0x165/0x360 [ 2969.720536][ C0] schedule_timeout+0x12b/0x270 [ 2969.725410][ C0] ? __pfx_schedule_timeout+0x10/0x10 [ 2969.730803][ C0] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 2969.736722][ C0] ? __pfx_process_timeout+0x10/0x10 [ 2969.742039][ C0] ? prepare_to_swait_event+0x341/0x380 [ 2969.747625][ C0] rcu_gp_fqs_loop+0x301/0x1540 [ 2969.752521][ C0] ? __pfx_rcu_watching_snap_recheck+0x10/0x10 [ 2969.758705][ C0] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 2969.764015][ C0] ? _raw_spin_unlock_irq+0x2e/0x50 [ 2969.769247][ C0] ? finish_swait+0xcd/0x1f0 [ 2969.773862][ C0] rcu_gp_kthread+0x99/0x390 [ 2969.778481][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 2969.783708][ C0] ? __kthread_parkme+0x7b/0x200 [ 2969.788677][ C0] ? __kthread_parkme+0x1a1/0x200 [ 2969.793731][ C0] kthread+0x70e/0x8a0 [ 2969.797829][ C0] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 2969.803054][ C0] ? __pfx_kthread+0x10/0x10 [ 2969.807680][ C0] ? _raw_spin_unlock_irq+0x23/0x50 [ 2969.812909][ C0] ? lockdep_hardirqs_on+0x9c/0x150 [ 2969.818152][ C0] ? __pfx_kthread+0x10/0x10 [ 2969.822768][ C0] ret_from_fork+0x3fc/0x770 [ 2969.827387][ C0] ? __pfx_ret_from_fork+0x10/0x10 [ 2969.832526][ C0] ? __switch_to_asm+0x39/0x70 [ 2969.837313][ C0] ? __switch_to_asm+0x33/0x70 [ 2969.842098][ C0] ? __pfx_kthread+0x10/0x10 [ 2969.846714][ C0] ret_from_fork_asm+0x1a/0x30 [ 2969.851517][ C0] [ 2969.854555][ C0] rcu: Stack dump where RCU GP kthread last ran: [ 2969.860896][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted syzkaller #0 PREEMPT(full) [ 2969.869846][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2969.879922][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 2969.885678][ C0] Code: 13 e8 02 00 cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 73 57 0e 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 2969.905304][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2 [ 2969.911399][ C0] RAX: 8e6fbc2e6bdbe100 RBX: ffffffff819683f8 RCX: 8e6fbc2e6bdbe100 [ 2969.919388][ C0] RDX: 0000000000000001 RSI: ffffffff8d9b8acb RDI: ffffffff8be33880 [ 2969.927382][ C0] RBP: ffffffff8de07eb8 R08: ffff8880b8632f9b R09: 1ffff110170c65f3 [ 2969.935375][ C0] R10: dffffc0000000000 R11: ffffed10170c65f4 R12: ffffffff8fa39630 [ 2969.943368][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a20 [ 2969.951359][ C0] FS: 0000000000000000(0000) GS:ffff888125c18000(0000) knlGS:0000000000000000 [ 2969.960305][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2969.966901][ C0] CR2: 00007f68821c0068 CR3: 000000004047c000 CR4: 00000000003526f0 [ 2969.974894][ C0] Call Trace: [ 2969.978192][ C0] [ 2969.981141][ C0] default_idle+0x13/0x20 [ 2969.985496][ C0] default_idle_call+0x74/0xb0 [ 2969.990283][ C0] do_idle+0x1e8/0x510 [ 2969.994382][ C0] ? __pfx_do_idle+0x10/0x10 [ 2969.999010][ C0] cpu_startup_entry+0x44/0x60 [ 2970.003797][ C0] rest_init+0x2de/0x300 [ 2970.008069][ C0] start_kernel+0x3a9/0x410 [ 2970.012603][ C0] x86_64_start_reservations+0x24/0x30 [ 2970.018099][ C0] x86_64_start_kernel+0x143/0x1c0 [ 2970.023231][ C0] common_startup_64+0x13e/0x147 [ 2970.028209][ C0] [ 2970.343410][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 2970.349843][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 2970.359434][ T1305] ieee802154 phy0 wpan0: encryption failed: -22 [ 2970.365751][ T1305] ieee802154 phy1 wpan1: encryption failed: -22 [ 2973.908258][ T3215] Bluetooth: hci3: command 0x0405 tx timeout [ 2974.468400][ T3215] Bluetooth: hci0: command 0x0406 tx timeout [ 2974.474480][ T3215] Bluetooth: hci1: command 0x0406 tx timeout [ 2974.488147][ T3215] Bluetooth: hci4: command 0x0406 tx timeout SYZFAIL: failed to send rpc fd=3 want=304 sent=0 n=-1 (errno 32: Broken pipe) [ 2977.479094][ T3219] syz-executor: vmalloc error: size 4194304, failed to allocated page array size 8192, mode:0xdc2(GFP_KERNEL|__GFP_HIGHMEM|__GFP_ZERO), nodemask=(null),cpuset=/,mems_allowed=0-1 [ 2977.618206][ T3219] CPU: 0 UID: 0 PID: 3219 Comm: syz-executor Not tainted syzkaller #0 PREEMPT(full) [ 2977.618241][ T3219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 2977.618255][ T3219] Call Trace: [ 2977.618264][ T3219] [ 2977.618274][ T3219] dump_stack_lvl+0x189/0x250 [ 2977.618308][ T3219] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2977.618334][ T3219] ? __pfx__printk+0x10/0x10 [ 2977.618364][ T3219] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2977.618389][ T3219] ? cpuset_print_current_mems_allowed+0x1f/0x360 [ 2977.618415][ T3219] ? cpuset_print_current_mems_allowed+0x2ee/0x360 [ 2977.618443][ T3219] warn_alloc+0x214/0x310 [ 2977.618482][ T3219] ? __pfx_warn_alloc+0x10/0x10 [ 2977.618523][ T3219] ? __get_vm_area_node+0x28f/0x300 [ 2977.618553][ T3219] ? kcov_ioctl+0x55/0x640 [ 2977.618586][ T3219] __vmalloc_node_range_noprof+0x67e/0x12f0 [ 2977.618650][ T3219] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 2977.618688][ T3219] ? __pfx_kcov_ioctl+0x10/0x10 [ 2977.618724][ T3219] vmalloc_user_noprof+0xad/0xf0 [ 2977.618755][ T3219] ? kcov_ioctl+0x55/0x640 [ 2977.618783][ T3219] kcov_ioctl+0x55/0x640 [ 2977.618812][ T3219] ? bpf_lsm_file_ioctl+0x9/0x20 [ 2977.618838][ T3219] ? __pfx_kcov_ioctl+0x10/0x10 [ 2977.618866][ T3219] __se_sys_ioctl+0xf9/0x170 [ 2977.618895][ T3219] do_syscall_64+0xfa/0x3b0 [ 2977.618915][ T3219] ? lockdep_hardirqs_on+0x9c/0x150 [ 2977.618944][ T3219] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2977.618964][ T3219] ? clear_bhb_loop+0x60/0xb0 [ 2977.618989][ T3219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2977.619009][ T3219] RIP: 0033:0x7f448298e7eb [ 2977.619029][ T3219] Code: 00 48 89 44 24 18 31 c0 48 8d 44 24 60 c7 04 24 10 00 00 00 48 89 44 24 08 48 8d 44 24 20 48 89 44 24 10 b8 10 00 00 00 0f 05 <89> c2 3d 00 f0 ff ff 77 1c 48 8b 44 24 18 64 48 2b 04 25 28 00 00 [ 2977.619048][ T3219] RSP: 002b:00007fff75519db0 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 2977.619072][ T3219] RAX: ffffffffffffffda RBX: 0000000000080000 RCX: 00007f448298e7eb [ 2977.619087][ T3219] RDX: 0000000000080000 RSI: ffffffff80086301 RDI: 00000000000000d8 [ 2977.619101][ T3219] RBP: 00007f4482bc6038 R08: 0000000000000005 R09: 0000000000000000 [ 2977.619114][ T3219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 2977.619126][ T3219] R13: 0000000000000003 R14: 0000000000000009 R15: 0000000000000000 [ 2977.619159][ T3219] [ 2977.619167][ T3219] Mem-Info: [ 2978.648163][ T3219] active_anon:20662 inactive_anon:0 isolated_anon:214 [ 2978.648163][ T3219] active_file:20918 inactive_file:40995 isolated_file:14 [ 2978.648163][ T3219] unevictable:768 dirty:5 writeback:0 [ 2978.648163][ T3219] slab_reclaimable:6228 slab_unreclaimable:331521 [ 2978.648163][ T3219] mapped:17867 shmem:18602 pagetables:1168 [ 2978.648163][ T3219] sec_pagetables:0 bounce:0 [ 2978.648163][ T3219] kernel_misc_reclaimable:0 [ 2978.648163][ T3219] free:1058557 free_pcp:19277 free_cma:0