last executing test programs: 9.043318224s ago: executing program 1 (id=3645): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f04ebbee7, 0x8031, 0xffffffffffffffff, 0x30914000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, 0x0, 0x0, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="18000000000000000000000015000000181100", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$packet(0x11, 0x3, 0x300) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000740)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b703000000030000850000001b000000b70000000000000095"], &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2a, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r4}, 0x18) r5 = socket$nl_route(0x10, 0x3, 0x0) connect$netlink(r5, &(0x7f0000000280)=@proc={0x10, 0x0, 0x25dfdbfc}, 0xc) sendmsg$nl_route(r5, &(0x7f0000000300)={&(0x7f0000000080), 0xc, &(0x7f00000001c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="1c00000021000f0000f901000000000002"], 0x1c}}, 0x8000) 8.617689348s ago: executing program 3 (id=3649): openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1803000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000014000800b7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000140)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) sendto$inet6(r2, 0x0, 0x5c4, 0x404c844, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @local}, 0x1c) 8.418385808s ago: executing program 3 (id=3652): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000001c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) 8.101693163s ago: executing program 3 (id=3654): openat(0xffffffffffffff9c, 0x0, 0x401c2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f00000001c0)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b00"/11], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000017850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000980)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x3, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r4}, 0x10) r5 = socket(0x10, 0x3, 0x0) sendmsg$nl_generic(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)={0x28, 0x26, 0xa01, 0x0, 0x0, {0xa}, [@nested={0x14, 0xdd, 0x0, 0x1, [@nested={0x10, 0x67, 0x0, 0x1, [@typed={0xc, 0x13f, 0x0, 0x0, @u64=0x10}]}]}]}, 0x28}}, 0x0) 7.890419951s ago: executing program 1 (id=3655): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0600000004000000ff00000006"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000340)='kmem_cache_free\x00', r1}, 0x18) r2 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r2, 0x107, 0xf, &(0x7f0000000000)=0x9, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'wg0\x00', 0x0}) sendto$packet(r2, &(0x7f0000000180)="0b03feff4f00020002004788aa96a13bb1000011000088ca1a00", 0x1fffc, 0x0, &(0x7f0000000140)={0x11, 0x0, r3}, 0x14) 7.692179184s ago: executing program 1 (id=3656): fsopen(0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000880)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f00000002c0)=@framed={{0x18, 0x0, 0x0, 0x0, 0xffffffff}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r3}}]}, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000200)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r6 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r6, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x1, 0x5}}, 0x10) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000240)={0x42, 0x1}, 0x10) bpf$MAP_CREATE(0x0, 0x0, 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000340)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x15, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r7, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000680)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r8, @ANYBLOB='ya\x00\x00\x00\x00\x00\x00\x00\x00~'], 0x1c}}, 0x0) 5.501213799s ago: executing program 3 (id=3667): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=@base={0x17, 0x0, 0x4, 0xff, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000000000000b704000000000000850000005700000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000a40)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x2b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0x3, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="180000000000000000000000000000008500000061000000850000002300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000500)={r2, 0x18000000000002a0, 0xe, 0x0, &(0x7f0000000780)="d2205d96c717ab96f0ded75d88a8", 0x0, 0xd5b5, 0x60000000, 0x0, 0x0, 0x0, 0x0}, 0x50) 5.159954814s ago: executing program 3 (id=3668): bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x0) getresgid(0x0, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x6) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000040)=[@text32={0x20, &(0x7f0000000140)="66baf80cb8044fdc87efed660f388059e0b805000000b91e4200000f01c10f20c035000000200f22c0f20fa20f01cb36263e660f381efc660f7c150c000000b805000000b9210000000f01c1c4e17929d8", 0x51}], 0x1, 0x11, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x8, @empty, 0x3}, 0x1c) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text16={0x10, 0x0}], 0x1, 0xd, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.764195532s ago: executing program 1 (id=3669): rt_sigprocmask(0x1, &(0x7f0000000000)={[0x6]}, 0x0, 0x8) 4.636338951s ago: executing program 1 (id=3671): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000000)={'bridge_slave_1\x00'}) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x200488c1}, 0x0) 4.54274991s ago: executing program 1 (id=3673): bpf$PROG_LOAD(0x5, 0x0, 0x0) socket(0x1e, 0x80004, 0x0) r0 = socket(0x1e, 0x4, 0x0) setsockopt$packet_tx_ring(r0, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc, 0x7, 0x0, 0x1000004}, 0x10) r1 = socket(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f00000004c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x3, &(0x7f0000000c00)=@framed, &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r5}, 0x10) socket$nl_generic(0x10, 0x3, 0x10) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000001540)=@newtaction={0x68, 0x30, 0x829, 0x0, 0x25dfdbfc, {}, [{0x54, 0x1, [@m_skbedit={0x50, 0x1, 0x0, 0x0, {{0xc}, {0x24, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x0, 0x6}}, @TCA_SKBEDIT_MARK={0x8, 0x5, 0x100}]}, {0x4}, {0xc}, {0xc}}}]}]}, 0x68}}, 0x0) 4.452001725s ago: executing program 3 (id=3674): r0 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) socket$netlink(0x10, 0x3, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x3000008, 0x12, r0, 0x3864d000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000540)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = openat$ppp(0xffffffffffffff9c, 0x0, 0x6a6e81, 0x0) signalfd(r4, 0x0, 0x0) connect$unix(r2, &(0x7f0000000380)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000014c0)={0x11, 0xc, &(0x7f0000000180)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000400)='kmem_cache_free\x00', r5, 0x0, 0x3}, 0x18) bpf$OBJ_GET_PROG(0x7, &(0x7f0000000280)=@generic={&(0x7f00000000c0)='./file0\x00', 0x0, 0x10}, 0x18) recvmmsg(r2, &(0x7f0000000480), 0x400034f, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_rx_ring(r6, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x9, 0x0, 0xffffffff}, 0x1c) r7 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x4, 0x0, 0x7fff0006}]}) close_range(r7, 0xffffffffffffffff, 0x0) 4.352666358s ago: executing program 0 (id=3675): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="0b00000007000000080000000800000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000100000000000000fe0018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000500)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000100)={r0, &(0x7f0000000080), &(0x7f0000000280)=@udp}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r1}, 0x10) r2 = socket$nl_generic(0x11, 0x3, 0x10) sendmsg$WG_CMD_SET_DEVICE(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, 0x0}, 0x0) sendmsg(r2, &(0x7f0000000640)={&(0x7f00000000c0)=@caif=@dgm={0x25, 0xd}, 0x80, 0x0, 0x0, 0x0, 0x0, 0x11000000}, 0x0) 4.171100035s ago: executing program 0 (id=3676): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000001c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) 3.721999827s ago: executing program 4 (id=3678): sched_setscheduler(0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0xc, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x8, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000300)={0x11, 0x20000000000001d2, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000001000000000"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x30, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0xffffffffffffff52, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffffe, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000640)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000080)='sched_switch\x00', r1}, 0x10) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000200), 0x4002, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) add_key$fscrypt_v1(0x0, 0x0, &(0x7f00000000c0)={0x0, "f1a1173fb9462d3589e67197f90be6e423ceb0ab4912f9f6a31854ec98e950cfed21fcad7ff0fbcb566a0982f8938caa52dd8d39af14c31ed56ad59300"}, 0x48, 0xffffffffffffffff) bpf$PROG_LOAD(0x5, &(0x7f00000005c0)={0x18, 0xc, 0x0, &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x6, 0x4, 0x8, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) 3.490543669s ago: executing program 4 (id=3679): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18060000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000003000000b703000000000000850000007300000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000001c0)={&(0x7f0000000140)='kmem_cache_free\x00', r0}, 0x10) syz_emit_ethernet(0x4e, &(0x7f00000006c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @void, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x3, 0x1, 0x40, 0x68, 0x0, 0x7, 0x6, 0x0, @private=0xa010102, @loopback}, @payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x1, 0xb, 0x1, 0x2, 0x7, 0x0, 0x3, 0xd, 0x3, 0x1, 0x8, 0xfffa, 0x3, 0x4e21, 0x4e23}, 0x1, 0x1}, 0x2}, 0x3}}}}}}}, 0x0) 3.256171611s ago: executing program 4 (id=3680): bpf$PROG_LOAD(0x5, &(0x7f00000006c0)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x1e, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="0b00000005000000000400000900000001"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000800000000000000000000018110000", @ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='sched_switch\x00', r1}, 0x10) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)=ANY=[@ANYBLOB="4c00000010004b0400f4ed00000000007a000000", @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800b00010062726964676500001c0002800800040000000000060006"], 0x4c}}, 0x0) 3.056095335s ago: executing program 4 (id=3681): r0 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x70, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='\v\x00\x00\x00\a\x00\x00\x00\b\x00\x00\x00\b\x00\x00\x00'], 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000cc0)=@newqdisc={0x50, 0x24, 0xd0f, 0x3, 0x0, {0x60, 0x0, 0x0, 0x0, {0x0, 0x2}, {0xffff, 0xffff}, {0x4}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x20, 0x2, {{0x10, 0x3, 0x1, 0x3, 0x400, 0x8}, [@TCA_NETEM_DELAY_DIST={0x4}]}}}]}, 0x50}, 0x1, 0x0, 0x0, 0x40001d4}, 0x8840) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) socket(0x0, 0x800, 0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e23, @multicast1}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000640)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000004000000b703000000000000850000007200000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x23, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000400)={&(0x7f0000000040)='sched_switch\x00', r5}, 0x10) sendto$inet(r0, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @empty}, 0x10) sendto$inet(r0, &(0x7f0000000700)="09268a60fcfaf65ac618ded8974895abeaf4b4834ff922b3f1e0b02bd67aa03059bcecc7a95425a3a07e758044ab4ea6f7ae55d88ff4f90b1a7511bf746bec66ba1fe92e8615fc3f7af9c3310b39cc2dc3616dcdfaebc65ca325fd99357ed9d11b266a7c88722db6e38df1089394f438cb9fbc08e62754c233cced4a4d4d05a3e5029a01298d3ee87d8a0803a2d26906f42f5b5aaf47d2752a8b23954f309cae13ef250cf76775ddfd153eef2b1a8458a3cb6dc764f19b41c8c61c7305a51a4bfa0c897c7c1f438a851222a5560c0e77b0b5934296bc6f28af87d651f7348a2ba2ca67f930cc", 0xe6, 0x40040, 0x0, 0x0) 3.047061635s ago: executing program 0 (id=3682): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) chroot(&(0x7f0000000300)='./file0/../file0/../file0/../file0\x00') r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="04000000040000000400000005"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70800000000e7057b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000001600000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, &(0x7f0000000480)=ANY=[@ANYBLOB="18020000000030000000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000100)='kmem_cache_free\x00', r1}, 0x10) pivot_root(&(0x7f0000000080)='./file0\x00', &(0x7f0000000200)='./file0/../file0/../file0/../file0\x00') 2.840257564s ago: executing program 0 (id=3683): r0 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x16, 0x0, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, @void, @value}, 0x94) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=ANY=[@ANYBLOB="1b000000000000000000"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000b80)=ANY=[@ANYBLOB="19000000040000000800000008"], 0x50) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000018c0)={0x6, 0x10, &(0x7f0000000280)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000002000000850000008600000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bca2000000000000a6020000f8ffffffb703000008000000b704000000000000850000003300000095"], &(0x7f0000000180)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000380)={r4, r1, 0x25, 0x2, @val=@tcx={@void, @value}}, 0x1c) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) close_range(r5, 0xffffffffffffffff, 0x0) 2.670921057s ago: executing program 0 (id=3684): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeea, 0x8031, 0xffffffffffffffff, 0x28f43000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB="19000000040000000400000008"], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000001500000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00', r4}, 0x10) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff}) ioctl$int_in(r5, 0x5452, &(0x7f0000000080)=0x8000000ffffffff) r6 = socket$nl_route(0x10, 0x3, 0x0) r7 = socket(0x1, 0x803, 0x0) getsockname$packet(r7, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r6, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @macsec={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_MACSEC_PORT={0x6, 0x2, 0x1, 0x0, 0x4e23}]}}}, @IFLA_LINK={0x8, 0x5, r8}]}, 0x44}}, 0x8000) 2.161981698s ago: executing program 2 (id=3685): r0 = getpid() sched_getattr(r0, &(0x7f00000001c0)={0x38}, 0x38, 0x0) unshare(0x22020600) bpf$MAP_CREATE(0x0, &(0x7f0000000740)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x4, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r1 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000300)='kmem_cache_free\x00', r1}, 0x18) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000cc0), 0x1c1341, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) syz_emit_ethernet(0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="bbbbbbbbbbbbbbbbbbbbbbb908001a31925451ac26aa00069078ac1414007f00000100000000", @ANYRES32=0x41424344, @ANYRES32=0x41424344, @ANYBLOB="5000000090780000"], 0x0) r3 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x189081, 0x0) close(r3) socket$netlink(0x10, 0x3, 0x0) ioctl$SIOCSIFHWADDR(r3, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) write$cgroup_subtree(r2, &(0x7f0000000180)=ANY=[], 0x36) 1.790245609s ago: executing program 2 (id=3686): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000001800)={0x11, 0xc, &(0x7f0000000600)=ANY=[], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x34, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) execveat(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1000) 1.630908045s ago: executing program 2 (id=3687): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b70300000000a999850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x60, &(0x7f0000000080)={'filter\x00', 0x1058, [{}, {0x0, 0x100000000000000}]}, 0x68) 1.227937654s ago: executing program 2 (id=3688): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$inet(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)=[{&(0x7f0000000340)="e636", 0x2}], 0x1}, 0x4040001) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="19000000040000000800000006"], 0x48) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa2000000"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback=0x26, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000600)={{r2}, &(0x7f0000000580), &(0x7f00000005c0)=r3}, 0x20) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000000)={&(0x7f0000000040)='kmem_cache_free\x00', r3}, 0x10) recvmsg$unix(r0, &(0x7f0000000bc0)={0x0, 0x0, &(0x7f0000000300)=[{&(0x7f00000000c0)=""/109, 0x6d}], 0x1}, 0x0) 995.100508ms ago: executing program 2 (id=3689): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000b00)={0x11, 0xf, &(0x7f0000000340)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b70200001400001cb7030000000000008500000083000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000085000000b70000000000000095"], &(0x7f0000000080)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r1}, 0x18) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000140)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x20) 752.058549ms ago: executing program 2 (id=3690): sendmsg$MPTCP_PM_CMD_GET_LIMITS(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x41}, 0x809d) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000001c0)={0x0}}, 0x4004080) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000300)='blkio.bfq.io_merged_recursive\x00', 0x275a, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000100)=ANY=[@ANYBLOB="000002f0d31209000000bc2e79e995"], 0x0) write$binfmt_script(r2, &(0x7f0000000100), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x3e, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe6000/0x18000)=nil, &(0x7f0000000040)=[@text16={0x10, &(0x7f0000000180)="66b9800000c00f326635000800000f300f0f1c9a65660ff3b20618baa000ec672e660f38803d004000000f285473f61366b9800000c00f326635004000000f300f20e06635800000000f22e0f30fa6c8", 0x50}], 0x1, 0x0, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x200040c0}, 0x14) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f00000004c0)=[@text32={0x20, 0x0}], 0x1, 0x0, 0x0, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000000)={0x1c, 0x3a, 0xb, 0x0, 0x0, {0x4}, [@nested={0x4}, @nested={0x4, 0x9}]}, 0x1c}}, 0x0) syz_emit_ethernet(0x46, &(0x7f0000000300)={@local, @random="bfee05ab5ac3", @void, {@ipv6={0x86dd, @dccp_packet={0x3, 0x6, "ec820e", 0x10, 0x21, 0x0, @local, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, {[], {{0x4e20, 0x4e21, 0x4, 0x1, 0xf, 0x0, 0x0, 0x5, 0x7, "03ae81", 0x85, "b925fd"}}}}}}}, 0x0) sendmsg$tipc(0xffffffffffffffff, &(0x7f0000000380)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x4000884}, 0x4) ioctl$KVM_RUN(r3, 0xae80, 0x0) 411.237176ms ago: executing program 4 (id=3691): syz_emit_ethernet(0x4e, &(0x7f00000006c0)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, @void, {@ipv4={0x800, @tipc={{0x5, 0x4, 0x3, 0x1, 0x40, 0x68, 0x0, 0x7, 0x6, 0x0, @private=0xa010102, @loopback}, @payload_mcast={{{{{{0x2c, 0x0, 0x0, 0x0, 0x1, 0xb, 0x1, 0x2, 0x7, 0x0, 0x3, 0xd, 0x3, 0x1, 0x8, 0xfffa, 0x3, 0x4e21, 0x4e23}, 0x1, 0x1}, 0x2}, 0x3}}}}}}}, 0x0) 182.770563ms ago: executing program 4 (id=3692): bpf$MAP_CREATE(0x0, &(0x7f0000000280)=@base={0x7, 0x4, 0x8, 0x1, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000001c0)) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) 0s ago: executing program 0 (id=3693): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000840)=@base={0xb, 0x5, 0x2, 0x2, 0x5, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=@framed={{}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r0}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0xfffffffc}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000580)='GPL\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x19, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000200)='fdb_delete\x00', r1}, 0x10) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="09000000070000000000010003"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000001070000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000001"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x8, '\x00', 0x0, @fallback=0x1b, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000200)='fdb_delete\x00', r3}, 0x18) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r4, 0x8924, &(0x7f0000000000)={'bridge_slave_0\x00', @random="010000201000"}) kernel console output (not intermixed with test programs): -1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 981.300918][ T5926] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 981.309016][ T5926] usb 5-1: Product: syz [ 981.323536][ T5926] usb 5-1: Manufacturer: syz [ 981.338510][ T5926] usb 5-1: SerialNumber: syz [ 981.358173][ T5926] usb 5-1: config 0 descriptor?? [ 981.370860][ T5927] usb usb4-port1: unable to enumerate USB device [ 981.425635][ T5932] usb 2-1: device descriptor read/8, error -71 [ 981.760554][ T5932] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 981.781165][ T5932] usb 2-1: device descriptor read/8, error -71 [ 982.002715][ T5932] usb usb2-port1: unable to enumerate USB device [ 983.480824][ T5927] usb 2-1: new full-speed USB device number 9 using dummy_hcd [ 983.714454][ T5927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 983.726155][ T5927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 983.755462][ T5927] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 983.766379][ T5927] usb 2-1: New USB device strings: Mfr=145, Product=0, SerialNumber=0 [ 983.781827][ T5927] usb 2-1: Manufacturer: syz [ 983.812909][ T5927] usb 2-1: config 0 descriptor?? [ 983.834092][ T5927] hub 2-1:0.0: USB hub found [ 983.930534][T15602] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 984.061814][ T5843] usb 5-1: USB disconnect, device number 22 [ 984.100612][T15602] usb 4-1: Using ep0 maxpacket: 16 [ 984.126445][T16198] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2844'. [ 984.180290][T16201] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 984.184657][T16198] macvlan5: entered promiscuous mode [ 984.238433][ T5927] hub 2-1:0.0: config failed, can't read hub descriptor (err -22) [ 984.276321][T16201] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 984.482537][T16198] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2844'. [ 984.536225][ T5927] usbhid 2-1:0.0: can't add hid device: -71 [ 984.550699][ T5927] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 984.593664][ T5927] usb 2-1: USB disconnect, device number 9 [ 984.640620][ T5843] usb 5-1: new full-speed USB device number 23 using dummy_hcd [ 984.935313][ T5843] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 984.954745][ T5843] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 985.018313][ T5843] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 985.029632][ T5843] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 985.049913][ T5843] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 985.059660][ T5843] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 985.071065][ T5843] usb 5-1: Product: syz [ 985.075322][ T5843] usb 5-1: Manufacturer: syz [ 985.079967][ T5843] usb 5-1: SerialNumber: syz [ 985.201877][ T5843] usb 5-1: config 0 descriptor?? [ 985.213229][ T5843] radio-si470x 5-1:0.0: could not find interrupt in endpoint [ 985.223296][ T5843] radio-si470x 5-1:0.0: probe with driver radio-si470x failed with error -5 [ 985.260710][ T5843] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 985.277931][T16217] fuse: Bad value for 'user_id' [ 985.298036][T16217] fuse: Bad value for 'user_id' [ 985.697684][T15602] usb 4-1: unable to get BOS descriptor or descriptor too short [ 985.728824][T16220] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 985.752803][T16220] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 985.840558][ T5927] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 985.925687][T15602] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 985.966816][T15602] usb 4-1: can't read configurations, error -71 [ 986.219606][T16225] : entered promiscuous mode [ 986.243305][ T5927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 986.266890][ T5927] usb 2-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 986.373306][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 986.393263][ T5927] usb 2-1: config 0 descriptor?? [ 986.858517][ T5927] keytouch 0003:0926:3333.0014: fixing up Keytouch IEC report descriptor [ 986.960210][ T5927] input: HID 0926:3333 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:0926:3333.0014/input/input50 [ 987.162245][ T5927] keytouch 0003:0926:3333.0014: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.1-1/input0 [ 987.297107][ T5927] usb 2-1: USB disconnect, device number 10 [ 987.337150][ T5919] usb 5-1: USB disconnect, device number 23 [ 987.368483][T16204] delete_channel: no stack [ 987.478178][T16230] fido_id[16230]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/2-1/report_descriptor': No such file or directory [ 987.830683][ T5919] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 988.056244][ T5919] usb 5-1: Using ep0 maxpacket: 8 [ 988.088547][ T5919] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 988.121301][ T5919] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 988.129917][ T5919] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 988.180635][ T5919] usb 5-1: config 250 has no interface number 0 [ 988.187009][ T5919] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 988.210545][ T5927] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 988.218292][ T5919] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 988.240560][ T5919] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 988.257537][ T5919] usb 5-1: config 250 interface 228 has no altsetting 0 [ 988.270765][ T5919] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 988.280298][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 988.289425][T16244] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2858'. [ 988.306473][ T5919] usb 5-1: Product: syz [ 988.311219][ T5919] usb 5-1: SerialNumber: syz [ 988.325167][ T5919] hub 5-1:250.228: bad descriptor, ignoring hub [ 988.338682][ T5919] hub 5-1:250.228: probe with driver hub failed with error -5 [ 988.380517][ T5927] usb 2-1: Using ep0 maxpacket: 32 [ 988.389206][ T5927] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 988.398687][ T5927] usb 2-1: config 0 has no interface number 0 [ 988.409960][ T5927] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 988.421374][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 988.429484][ T5927] usb 2-1: Product: syz [ 988.434782][ T5927] usb 2-1: Manufacturer: syz [ 988.439466][ T5927] usb 2-1: SerialNumber: syz [ 988.451288][ T5927] usb 2-1: config 0 descriptor?? [ 988.461887][ T5927] smsc95xx v2.0.0 [ 988.540682][ T2156] usb 3-1: new high-speed USB device number 113 using dummy_hcd [ 988.556821][ T5919] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 24 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 988.580606][T15602] usb 4-1: new low-speed USB device number 28 using dummy_hcd [ 988.664872][ T5927] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 988.679305][ T5927] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 988.710609][ T2156] usb 3-1: Using ep0 maxpacket: 8 [ 988.718028][ T2156] usb 3-1: config 1 interface 0 altsetting 111 bulk endpoint 0x89 has invalid maxpacket 1024 [ 988.734362][ T2156] usb 3-1: config 1 interface 0 has no altsetting 0 [ 988.746325][ T2156] usb 3-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice= 2.40 [ 988.750736][T15602] usb 4-1: string descriptor 0 read error: -22 [ 988.762780][T15602] usb 4-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 988.772629][ T2156] usb 3-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 988.776010][T15602] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 988.793113][ T2156] usb 3-1: Product: syz [ 988.797386][ T2156] usb 3-1: SerialNumber: syz [ 988.807647][T15602] usb 4-1: config 0 descriptor?? [ 988.828817][T16244] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 988.841991][T15602] usbtest 4-1:0.0: FX2 device [ 988.857150][T15602] usbtest 4-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 988.877987][ C0] usblp0: nonzero read bulk status received: -71 [ 988.901261][ T5927] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 988.932732][ T5927] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -32 [ 989.065633][ T2156] input: bcm5974 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/input/input51 [ 989.086876][ T5190] bcm5974 3-1:1.0: could not read from device [ 989.109712][ T5190] bcm5974 3-1:1.0: could not read from device [ 989.123603][ T2156] usb 3-1: USB disconnect, device number 113 [ 989.688255][T16253] netlink: 'syz.2.2859': attribute type 1 has an invalid length. [ 989.738825][T16256] fuse: Bad value for 'user_id' [ 989.756041][T16256] fuse: Bad value for 'user_id' [ 989.777178][T16253] bond1: entered promiscuous mode [ 989.792000][T16253] 8021q: adding VLAN 0 to HW filter on device bond1 [ 989.941026][ T5927] usb 5-1: USB disconnect, device number 24 [ 989.958248][ T5927] usblp0: removed [ 990.027589][T16262] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2861'. [ 990.047031][T16259] netlink: 60 bytes leftover after parsing attributes in process `syz.0.2861'. [ 990.420668][T15602] usb 3-1: new high-speed USB device number 114 using dummy_hcd [ 990.570724][T15602] usb 3-1: Using ep0 maxpacket: 16 [ 990.578427][T15602] usb 3-1: too many endpoints for config 0 interface 0 altsetting 109: 65, using maximum allowed: 30 [ 990.589918][T15602] usb 3-1: config 0 interface 0 altsetting 109 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 990.602025][T15602] usb 3-1: config 0 interface 0 altsetting 109 has 1 endpoint descriptor, different from the interface descriptor's value: 65 [ 990.615345][T15602] usb 3-1: config 0 interface 0 has no altsetting 0 [ 990.622550][T15602] usb 3-1: New USB device found, idVendor=172f, idProduct=0500, bcdDevice= 0.00 [ 990.632364][T15602] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 990.643734][T15602] usb 3-1: config 0 descriptor?? [ 990.980864][T12740] usb 2-1: USB disconnect, device number 11 [ 991.066560][T15602] waltop 0003:172F:0500.0015: unknown main item tag 0x0 [ 991.085037][T16281] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2870'. [ 991.099247][T15602] waltop 0003:172F:0500.0015: unknown main item tag 0x0 [ 991.118893][T15602] waltop 0003:172F:0500.0015: unknown main item tag 0x0 [ 991.137552][T15602] waltop 0003:172F:0500.0015: unknown main item tag 0x0 [ 991.146829][T15602] waltop 0003:172F:0500.0015: unknown main item tag 0x0 [ 991.158319][T15602] waltop 0003:172F:0500.0015: hidraw0: USB HID v0.05 Device [HID 172f:0500] on usb-dummy_hcd.2-1/input0 [ 991.234489][T15602] usb 4-1: USB disconnect, device number 28 [ 991.303320][ T5927] usb 3-1: USB disconnect, device number 114 [ 991.353796][T16285] fido_id[16285]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/3-1/report_descriptor': No such file or directory [ 991.377645][T16287] fuse: Bad value for 'fd' [ 991.450584][ T5843] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 991.478950][T12740] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 991.532008][T16289] netlink: 'syz.3.2872': attribute type 1 has an invalid length. [ 991.569549][T16289] bond3: entered promiscuous mode [ 991.575802][T16289] 8021q: adding VLAN 0 to HW filter on device bond3 [ 991.610536][ T5843] usb 5-1: device descriptor read/64, error -71 [ 991.630884][T12740] usb 2-1: Using ep0 maxpacket: 8 [ 991.638266][T12740] usb 2-1: config 1 interface 0 altsetting 111 bulk endpoint 0x89 has invalid maxpacket 1024 [ 991.650524][T12740] usb 2-1: config 1 interface 0 has no altsetting 0 [ 991.659377][T12740] usb 2-1: New USB device found, idVendor=05ac, idProduct=024d, bcdDevice= 2.40 [ 991.671714][T12740] usb 2-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 991.680568][T12740] usb 2-1: Product: syz [ 991.684963][T12740] usb 2-1: SerialNumber: syz [ 991.702059][T16281] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 991.870551][ T5843] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 991.925610][T12740] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input52 [ 991.945780][ T5190] bcm5974 2-1:1.0: could not read from device [ 991.956016][ T5190] bcm5974 2-1:1.0: could not read from device [ 991.967382][T12740] usb 2-1: USB disconnect, device number 12 [ 992.014919][ T5843] usb 5-1: device descriptor read/64, error -71 [ 992.080801][T15602] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 992.135259][ T5843] usb usb5-port1: attempt power cycle [ 992.250655][T15602] usb 4-1: Using ep0 maxpacket: 32 [ 992.262913][T15602] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 992.280288][T15602] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 992.291812][T15602] usb 4-1: New USB device found, idVendor=0c45, idProduct=760b, bcdDevice= 0.00 [ 992.304728][T15602] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 992.318535][T15602] usb 4-1: config 0 descriptor?? [ 992.490710][ T5843] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 992.512562][ T5843] usb 5-1: device descriptor read/8, error -71 [ 992.577503][T12740] hid-generic 0000:0000:0000.0016: unknown main item tag 0x0 [ 992.624615][T12740] hid-generic 0000:0000:0000.0016: hidraw0: HID v0.00 Device [syz1] on syz0 [ 992.749680][T15602] redragon 0003:0C45:760B.0017: hidraw1: USB HID v0.02 Device [HID 0c45:760b] on usb-dummy_hcd.3-1/input0 [ 992.762177][ T5843] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 992.803903][ T5843] usb 5-1: device descriptor read/8, error -71 [ 992.921549][ T5843] usb usb5-port1: unable to enumerate USB device [ 992.948995][ T5843] usb 4-1: USB disconnect, device number 29 [ 993.057744][T16311] fido_id[16311]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 993.166154][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 993.172692][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 993.298445][T16315] xt_CT: No such helper "snmp" [ 993.495340][T16321] fuse: Bad value for 'fd' [ 993.645067][T16323] netlink: 'syz.3.2883': attribute type 1 has an invalid length. [ 993.781499][T16323] bond4: entered promiscuous mode [ 993.790320][T16323] 8021q: adding VLAN 0 to HW filter on device bond4 [ 994.415149][ T30] audit: type=1326 audit(1750410034.911:877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16348 comm="syz.4.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 994.459051][T16353] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2892'. [ 994.542781][ T30] audit: type=1326 audit(1750410034.911:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16348 comm="syz.4.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=99 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 994.630553][ T5927] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 994.658950][ T30] audit: type=1326 audit(1750410034.911:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16348 comm="syz.4.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 994.739137][ T30] audit: type=1326 audit(1750410034.921:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16348 comm="syz.4.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 994.828535][ T30] audit: type=1326 audit(1750410034.921:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16348 comm="syz.4.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 994.909921][ T30] audit: type=1326 audit(1750410034.921:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16348 comm="syz.4.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 994.970524][ T5927] usb 4-1: Using ep0 maxpacket: 16 [ 995.201414][ T30] audit: type=1326 audit(1750410034.921:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16348 comm="syz.4.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 995.232161][T16351] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2891'. [ 995.575698][ T30] audit: type=1326 audit(1750410034.921:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16348 comm="syz.4.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 995.614717][T16362] fuse: Bad value for 'fd' [ 995.647746][ T30] audit: type=1326 audit(1750410035.021:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16348 comm="syz.4.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 995.675940][T16351] macvlan6: entered promiscuous mode [ 995.770568][ T2156] usb 3-1: new high-speed USB device number 115 using dummy_hcd [ 995.799332][ T30] audit: type=1326 audit(1750410035.021:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16348 comm="syz.4.2892" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 995.854429][T16347] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 995.874959][T16347] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 995.915284][T16347] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2891'. [ 995.935530][T16366] netlink: 'syz.0.2896': attribute type 1 has an invalid length. [ 995.944288][ T2156] usb 3-1: Using ep0 maxpacket: 16 [ 995.970217][T16358] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2893'. [ 996.048692][T16366] bond5: entered promiscuous mode [ 996.056770][T16360] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 996.066962][T16360] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 996.151343][T16366] 8021q: adding VLAN 0 to HW filter on device bond5 [ 997.333050][ T5927] usb 4-1: unable to get BOS descriptor or descriptor too short [ 997.361804][ T5927] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 997.369583][ T5927] usb 4-1: can't read configurations, error -71 [ 997.422293][T16379] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2898'. [ 997.429424][T16380] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2899'. [ 997.774201][ T2156] usb 3-1: unable to get BOS descriptor or descriptor too short [ 997.785630][ T2156] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 997.834010][ T2156] usb 3-1: can't read configurations, error -71 [ 998.170249][T16395] fuse: Bad value for 'fd' [ 998.200612][ T2156] usb 3-1: new full-speed USB device number 116 using dummy_hcd [ 998.365986][T15602] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 998.372385][ T2156] usb 3-1: config 0 has an invalid interface number: 133 but max is 0 [ 998.382699][ T2156] usb 3-1: config 0 has no interface number 0 [ 998.393821][ T2156] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 998.403626][ T2156] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 998.425521][ T2156] usb 3-1: Product: syz [ 998.429928][ T2156] usb 3-1: Manufacturer: syz [ 998.440757][ T2156] usb 3-1: SerialNumber: syz [ 998.585656][T15602] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 998.586335][T16399] netlink: 'syz.4.2907': attribute type 1 has an invalid length. [ 998.602667][T15602] usb 2-1: New USB device found, idVendor=04d8, idProduct=0083, bcdDevice=83.9c [ 998.609635][ T2156] usb 3-1: config 0 descriptor?? [ 998.632527][T15602] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 998.663096][T16399] bond5: entered promiscuous mode [ 998.669200][T16399] 8021q: adding VLAN 0 to HW filter on device bond5 [ 998.686736][T15602] usb 2-1: Product: syz [ 998.692092][T16399] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2907'. [ 998.719648][T15602] usb 2-1: Manufacturer: syz [ 998.739991][T15602] usb 2-1: SerialNumber: syz [ 998.795110][T15602] usb 2-1: config 0 descriptor?? [ 998.886145][ T2156] keyspan 3-1:0.133: Keyspan 1 port adapter converter detected [ 998.890955][T15602] ims_pcu 2-1:0.0: Missing CDC union descriptor [ 998.907989][T15602] ims_pcu 2-1:0.0: probe with driver ims_pcu failed with error -22 [ 998.946878][ T2156] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 81 [ 998.991663][ T2156] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 1 [ 999.050730][ T2156] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 2 [ 999.065861][ T2156] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 999.237616][T16408] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 999.257958][T16413] loop2: detected capacity change from 0 to 7 [ 999.275799][T16413] loop2: [ 999.279877][T16413] loop2: partition table partially beyond EOD, truncated [ 999.290926][T16408] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 999.499019][T16387] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2903'. [ 999.612141][T16409] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 999.636858][T16409] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 999.977783][T16428] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 999.987887][T16428] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1000.055744][T16430] binder: 16429:16430 ioctl 80086601 200000000280 returned -22 [ 1000.090553][ T2156] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 1000.240579][ T2156] usb 5-1: Using ep0 maxpacket: 8 [ 1000.248822][ T2156] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 13 [ 1000.261951][ T2156] usb 5-1: New USB device found, idVendor=046d, idProduct=08ae, bcdDevice=11.58 [ 1000.271628][ T2156] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1000.279829][ T2156] usb 5-1: Product: syz [ 1000.285401][ T2156] usb 5-1: Manufacturer: syz [ 1000.290279][ T2156] usb 5-1: SerialNumber: syz [ 1000.298468][ T2156] usb 5-1: config 0 descriptor?? [ 1000.309242][ T2156] gspca_main: gspca_zc3xx-2.14.0 probing 046d:08ae [ 1000.726079][T16434] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1000.737516][T16434] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1000.951030][ T5919] usb 3-1: USB disconnect, device number 116 [ 1000.985020][ T5919] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1001.017031][ T5919] keyspan 3-1:0.133: device disconnected [ 1001.058169][T16436] fuse: Bad value for 'fd' [ 1001.097479][T16438] netlink: 'syz.3.2918': attribute type 1 has an invalid length. [ 1001.187374][T16445] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2918'. [ 1001.227785][T16438] bond5: entered promiscuous mode [ 1001.265062][T16438] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1001.278931][T15602] usb 2-1: USB disconnect, device number 13 [ 1001.454364][T16452] program syz.1.2921 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 1001.499327][T16454] FAULT_INJECTION: forcing a failure. [ 1001.499327][T16454] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1001.531130][T16454] CPU: 0 UID: 0 PID: 16454 Comm: syz.3.2923 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1001.531161][T16454] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1001.531178][T16454] Call Trace: [ 1001.531187][T16454] [ 1001.531197][T16454] dump_stack_lvl+0x189/0x250 [ 1001.531232][T16454] ? __pfx____ratelimit+0x10/0x10 [ 1001.531262][T16454] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1001.531291][T16454] ? __pfx__printk+0x10/0x10 [ 1001.531311][T16454] ? __might_fault+0xb0/0x130 [ 1001.531343][T16454] should_fail_ex+0x414/0x560 [ 1001.531381][T16454] _copy_to_iter+0x1db/0x16f0 [ 1001.531410][T16454] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 1001.531437][T16454] ? lockdep_hardirqs_on+0x9c/0x150 [ 1001.531468][T16454] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1001.531496][T16454] ? __pfx__copy_to_iter+0x10/0x10 [ 1001.531521][T16454] ? __skb_try_recv_from_queue+0x2b2/0x730 [ 1001.531555][T16454] ? __skb_try_recv_datagram+0x3da/0x4e0 [ 1001.531588][T16454] __skb_datagram_iter+0xf8/0x990 [ 1001.531616][T16454] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 1001.531653][T16454] skb_copy_datagram_iter+0xc5/0x230 [ 1001.531684][T16454] netlink_recvmsg+0x2ab/0xa30 [ 1001.531718][T16454] ? __pfx_netlink_recvmsg+0x10/0x10 [ 1001.531746][T16454] ? aa_sock_msg_perm+0x94/0x160 [ 1001.531773][T16454] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 1001.531796][T16454] ? security_socket_recvmsg+0x7e/0x2e0 [ 1001.531825][T16454] ? __pfx_netlink_recvmsg+0x10/0x10 [ 1001.531848][T16454] sock_recvmsg+0x229/0x270 [ 1001.531882][T16454] __sys_recvfrom+0x1f6/0x340 [ 1001.531909][T16454] ? __pfx___sys_recvfrom+0x10/0x10 [ 1001.531942][T16454] ? count_memcg_event_mm+0x21/0x260 [ 1001.531981][T16454] ? exc_page_fault+0x76/0xf0 [ 1001.532013][T16454] ? do_user_addr_fault+0xc8a/0x1390 [ 1001.532044][T16454] __x64_sys_recvfrom+0xde/0x100 [ 1001.532071][T16454] do_syscall_64+0xfa/0x3b0 [ 1001.532088][T16454] ? lockdep_hardirqs_on+0x9c/0x150 [ 1001.532114][T16454] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.532133][T16454] ? clear_bhb_loop+0x60/0xb0 [ 1001.532158][T16454] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1001.532177][T16454] RIP: 0033:0x7fe99cf906f4 [ 1001.532194][T16454] Code: 89 4c 24 1c e8 ed 5f 02 00 44 8b 54 24 1c 8b 3c 24 45 31 c9 89 c5 48 8b 54 24 10 48 8b 74 24 08 45 31 c0 b8 2d 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 34 89 ef 48 89 04 24 e8 39 60 02 00 48 8b 04 [ 1001.532209][T16454] RSP: 002b:00007fe99adf4ed0 EFLAGS: 00000246 ORIG_RAX: 000000000000002d [ 1001.532230][T16454] RAX: ffffffffffffffda RBX: 0000000000000024 RCX: 00007fe99cf906f4 [ 1001.532243][T16454] RDX: 0000000000001000 RSI: 00007fe99adf4ff0 RDI: 0000000000000004 [ 1001.532256][T16454] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1001.532268][T16454] R10: 0000000000000000 R11: 0000000000000246 R12: 00007fe99d011910 [ 1001.532280][T16454] R13: 00007fe99adf4fa0 R14: 000000000000000c R15: 0000000000000000 [ 1001.532312][T16454] [ 1001.821028][ C0] vkms_vblank_simulate: vblank timer overrun [ 1001.988464][T16461] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1001.997522][T16461] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1002.062161][T16464] FAULT_INJECTION: forcing a failure. [ 1002.062161][T16464] name failslab, interval 1, probability 0, space 0, times 0 [ 1002.079485][T16464] CPU: 1 UID: 0 PID: 16464 Comm: syz.2.2926 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1002.079515][T16464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1002.079527][T16464] Call Trace: [ 1002.079536][T16464] [ 1002.079545][T16464] dump_stack_lvl+0x189/0x250 [ 1002.079580][T16464] ? __pfx____ratelimit+0x10/0x10 [ 1002.079609][T16464] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1002.079645][T16464] ? __pfx__printk+0x10/0x10 [ 1002.079673][T16464] ? __pfx___might_resched+0x10/0x10 [ 1002.079701][T16464] ? fs_reclaim_acquire+0x7d/0x100 [ 1002.079730][T16464] should_fail_ex+0x414/0x560 [ 1002.079758][T16464] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1002.079784][T16464] should_failslab+0xa8/0x100 [ 1002.079806][T16464] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1002.079832][T16464] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 1002.079851][T16464] ? sock_alloc_inode+0x28/0xc0 [ 1002.079881][T16464] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1002.079905][T16464] sock_alloc_inode+0x28/0xc0 [ 1002.079929][T16464] alloc_inode+0x67/0x1b0 [ 1002.079947][T16464] __sock_create+0x12d/0x9f0 [ 1002.079971][T16464] __sys_socket+0xd7/0x1b0 [ 1002.079988][T16464] __x64_sys_socket+0x7a/0x90 [ 1002.080004][T16464] do_syscall_64+0xfa/0x3b0 [ 1002.080017][T16464] ? lockdep_hardirqs_on+0x9c/0x150 [ 1002.080039][T16464] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1002.080057][T16464] ? clear_bhb_loop+0x60/0xb0 [ 1002.080076][T16464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1002.080091][T16464] RIP: 0033:0x7f8a89190847 [ 1002.080106][T16464] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1002.080119][T16464] RSP: 002b:00007f8a89f98e58 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1002.080137][T16464] RAX: ffffffffffffffda RBX: 0000200000000040 RCX: 00007f8a89190847 [ 1002.080148][T16464] RDX: 0000000000000000 RSI: 0000000000080002 RDI: 0000000000000001 [ 1002.080158][T16464] RBP: 00007f8a89f98e70 R08: 000000000000000a R09: 0000000000000000 [ 1002.080168][T16464] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000024 [ 1002.080178][T16464] R13: 00007f8a89f98fa0 R14: 00007f8a89f98fa0 R15: 0000200000000080 [ 1002.080207][T16464] [ 1002.080222][T16464] socket: no more sockets [ 1002.108150][T16466] binder: 16465:16466 ioctl 80086601 200000000280 returned -22 [ 1002.321176][ T2156] gspca_zc3xx: reg_w_i err -71 [ 1002.419359][T16469] can: request_module (can-proto-0) failed. [ 1002.940564][ T2156] gspca_zc3xx: Unknown sensor - set to TAS5130C [ 1002.948551][ T2156] gspca_zc3xx 5-1:0.0: probe with driver gspca_zc3xx failed with error -71 [ 1002.985433][T16479] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1003.054156][ T2156] usb 5-1: USB disconnect, device number 29 [ 1003.640191][T16487] netlink: 'syz.3.2933': attribute type 1 has an invalid length. [ 1003.750626][ T5927] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 1003.770522][ T2156] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 1003.843587][T16489] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2933'. [ 1003.930675][ T5927] usb 2-1: Using ep0 maxpacket: 32 [ 1004.026126][T16487] bond6: entered promiscuous mode [ 1004.031842][T16487] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1004.103373][ T5927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1004.142009][ T5927] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1004.176716][ T5927] usb 2-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1004.213288][ T5927] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1004.260359][ T5927] usb 2-1: config 0 descriptor?? [ 1004.272719][ T5927] hub 2-1:0.0: USB hub found [ 1004.451267][ T2156] usb 5-1: device descriptor read/64, error -71 [ 1004.472551][ T5927] hub 2-1:0.0: 1 port detected [ 1004.710547][ T2156] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 1004.881788][ T5927] usb 2-1: USB disconnect, device number 14 [ 1004.892025][ T2156] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1004.914203][ T2156] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1004.949148][ T2156] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 1004.977766][ T2156] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1005.008996][ T2156] usb 5-1: Product: syz [ 1005.022412][ T2156] usb 5-1: Manufacturer: syz [ 1005.031460][T16508] netlink: 20 bytes leftover after parsing attributes in process `syz.3.2939'. [ 1005.050922][ T2156] usb 5-1: SerialNumber: syz [ 1005.073343][ T2156] usb 5-1: config 0 descriptor?? [ 1005.302613][ T5927] usb 5-1: USB disconnect, device number 31 [ 1005.918075][T16521] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=64 (128 ns) > initial count (12 ns). Using initial count to start timer. [ 1005.958235][T16523] binder: 16522:16523 ioctl 80086601 200000000280 returned -22 [ 1007.209337][T16539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1007.261592][T16539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1007.869769][T16543] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1007.882167][T16543] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1007.891941][T16543] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1007.901874][T16543] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1007.928882][T16543] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1007.994016][ T51] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1008.007089][ T51] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1008.016073][ T51] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1008.026919][ T51] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1008.041673][ T51] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1008.396871][T12406] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1008.410849][ T5927] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 1008.548000][T16563] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1008.592617][T16563] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1008.592862][ T5927] usb 2-1: Using ep0 maxpacket: 8 [ 1008.654899][ T5927] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1008.665420][ T5927] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1008.704865][ T5927] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1008.721355][ T5927] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1008.736262][T12406] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1008.739751][ T5927] usb 2-1: Product: syz [ 1008.761341][ T5927] usb 2-1: Manufacturer: syz [ 1008.770826][ T5927] usb 2-1: SerialNumber: syz [ 1008.939168][T12406] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.018442][ T5927] usb 2-1: 0:2 : does not exist [ 1009.133909][ T5927] usb 2-1: USB disconnect, device number 15 [ 1009.157043][T12406] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1009.298117][T16569] binder: 16565:16569 ioctl 80086601 200000000280 returned -22 [ 1009.303211][ T6360] udevd[6360]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1009.818676][T16552] chnl_net:caif_netlink_parms(): no params data found [ 1009.896137][T12406] bridge_slave_1: left allmulticast mode [ 1009.920522][T12406] bridge_slave_1: left promiscuous mode [ 1009.928835][T12406] bridge0: port 2(bridge_slave_1) entered disabled state [ 1009.956680][T12406] bridge_slave_0: left allmulticast mode [ 1009.970530][T12406] bridge_slave_0: left promiscuous mode [ 1009.976371][T12406] bridge0: port 1(bridge_slave_0) entered disabled state [ 1010.123771][ T51] Bluetooth: hci5: command tx timeout [ 1010.595415][T12406] bond0 (unregistering): (slave bridge0): Releasing backup interface [ 1011.167935][T12406] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1011.179219][T12406] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1011.189591][T12406] bond0 (unregistering): Released all slaves [ 1011.338526][T12406] bond1 (unregistering): Released all slaves [ 1011.482196][T16552] bridge0: port 1(bridge_slave_0) entered blocking state [ 1011.491081][T16552] bridge0: port 1(bridge_slave_0) entered disabled state [ 1011.498310][T16552] bridge_slave_0: entered allmulticast mode [ 1011.507880][T16552] bridge_slave_0: entered promiscuous mode [ 1011.517086][T16552] bridge0: port 2(bridge_slave_1) entered blocking state [ 1011.524465][T16552] bridge0: port 2(bridge_slave_1) entered disabled state [ 1011.532781][T16552] bridge_slave_1: entered allmulticast mode [ 1011.539952][T16552] bridge_slave_1: entered promiscuous mode [ 1011.584928][T16552] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1011.598217][T16552] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1011.694737][T16552] team0: Port device team_slave_0 added [ 1011.706897][T16552] team0: Port device team_slave_1 added [ 1011.811888][ T30] kauditd_printk_skb: 296 callbacks suppressed [ 1011.811908][ T30] audit: type=1326 audit(1750410052.341:1183): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16597 comm="syz.3.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe99cf8e929 code=0x7ffc0000 [ 1011.863212][T16552] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1011.893800][T16552] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1011.941251][ T30] audit: type=1326 audit(1750410052.371:1184): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16597 comm="syz.3.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fe99cf8e929 code=0x7ffc0000 [ 1011.992608][T16552] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1012.010501][ T30] audit: type=1326 audit(1750410052.371:1185): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16597 comm="syz.3.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe99cf8e929 code=0x7ffc0000 [ 1012.039011][T16552] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1012.063387][T16552] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1012.110831][ T30] audit: type=1326 audit(1750410052.371:1186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16597 comm="syz.3.2960" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe99cf8e929 code=0x7ffc0000 [ 1012.170547][T16552] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1012.200953][ T5843] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 1012.202590][ T51] Bluetooth: hci5: command tx timeout [ 1012.436771][T16618] netlink: 12 bytes leftover after parsing attributes in process `syz.3.2964'. [ 1012.454734][ T5843] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 1012.490700][ T5843] usb 5-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1012.510674][ T5843] usb 5-1: config 220 has 2 interfaces, different from the descriptor's value: 3 [ 1012.542404][ T5843] usb 5-1: config 220 has no interface number 1 [ 1012.550094][T16552] hsr_slave_0: entered promiscuous mode [ 1012.553307][ T5843] usb 5-1: config 220 interface 0 has no altsetting 0 [ 1012.580066][ T5843] usb 5-1: config 220 interface 76 has no altsetting 0 [ 1012.595309][T16552] hsr_slave_1: entered promiscuous mode [ 1012.609004][ T5843] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1012.633265][ T5843] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1012.648641][ T5843] usb 5-1: Product: syz [ 1012.654641][T16552] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1012.664116][ T5843] usb 5-1: Manufacturer: syz [ 1012.688159][ T5843] usb 5-1: SerialNumber: syz [ 1012.700569][T16552] Cannot create hsr debugfs directory [ 1012.974751][ T5843] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 1013.061371][ T5843] usb 5-1: No valid video chain found. [ 1013.127699][ T5843] usb 5-1: USB disconnect, device number 32 [ 1013.342004][T15602] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 1013.421317][T16639] binder: 16637:16639 ioctl 80086601 200000000280 returned -22 [ 1013.514404][T15602] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1013.529566][T15602] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x7 has invalid maxpacket 0 [ 1013.548777][T15602] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x89 has invalid wMaxPacketSize 0 [ 1013.606425][T15602] usb 2-1: New USB device found, idVendor=2040, idProduct=2000, bcdDevice=65.72 [ 1013.640803][T15602] usb 2-1: New USB device strings: Mfr=151, Product=0, SerialNumber=0 [ 1013.649051][T15602] usb 2-1: Manufacturer: syz [ 1013.731586][T15602] usb 2-1: config 0 descriptor?? [ 1013.765323][T15602] smsusb:smsusb_probe: board id=9, interface number 0 [ 1013.811221][T15602] smsusb:smsusb_probe: Device initialized with return code -19 [ 1014.285911][ T51] Bluetooth: hci5: command tx timeout [ 1014.340730][ T5843] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 1014.515268][ T5843] usb 5-1: device descriptor read/64, error -71 [ 1014.595772][T16663] openvswitch: netlink: IP tunnel attribute has 12 unknown bytes. [ 1014.815010][ T5843] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 1014.970475][ T5843] usb 5-1: device descriptor read/64, error -71 [ 1015.086765][ T5843] usb usb5-port1: attempt power cycle [ 1015.262679][T16552] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1015.288680][T16552] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1015.318302][T16552] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1015.370757][T16552] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1015.442782][ T5843] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 1015.476147][ T5843] usb 5-1: device descriptor read/8, error -71 [ 1015.677512][T16552] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1015.727118][T16552] 8021q: adding VLAN 0 to HW filter on device team0 [ 1015.750923][ T5843] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 1015.763461][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 1015.771035][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1015.921269][ T5843] usb 5-1: device descriptor read/8, error -71 [ 1015.921424][T12404] bridge0: port 2(bridge_slave_1) entered blocking state [ 1015.934754][T12404] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1016.104632][ T5843] usb usb5-port1: unable to enumerate USB device [ 1016.220069][ T5843] usb 2-1: USB disconnect, device number 16 [ 1016.347561][T16552] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1016.361752][ T51] Bluetooth: hci5: command tx timeout [ 1016.533317][T16552] veth0_vlan: entered promiscuous mode [ 1016.576952][T16552] veth1_vlan: entered promiscuous mode [ 1016.650517][ T5927] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1016.662545][T16552] veth0_macvtap: entered promiscuous mode [ 1016.696161][T16552] veth1_macvtap: entered promiscuous mode [ 1016.738074][T16552] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1016.756259][T16552] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1016.779775][T16552] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1016.789961][T16552] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1016.805703][T16552] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1016.815132][T16552] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1016.826813][ T5927] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 1016.836173][ T5927] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1016.848167][ T5927] usb 4-1: config 220 has 2 interfaces, different from the descriptor's value: 3 [ 1016.866049][ T5927] usb 4-1: config 220 has no interface number 1 [ 1016.994725][ T5927] usb 4-1: config 220 interface 0 has no altsetting 0 [ 1017.046178][ T5927] usb 4-1: config 220 interface 76 has no altsetting 0 [ 1017.102811][ T5927] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1017.112390][ T5927] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1017.141069][ T5927] usb 4-1: Product: syz [ 1017.158159][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1017.178429][ T5927] usb 4-1: Manufacturer: syz [ 1017.193556][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1017.201707][ T5927] usb 4-1: SerialNumber: syz [ 1017.272653][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1017.317709][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1017.464246][ T5927] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 1017.473199][ T5927] usb 4-1: No valid video chain found. [ 1017.507724][ T5927] usb 4-1: USB disconnect, device number 32 [ 1017.617879][T16710] netlink: 'syz.2.2946': attribute type 1 has an invalid length. [ 1017.633162][T16710] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2946'. [ 1021.088838][T16543] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1021.108501][T16543] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1021.119745][T16543] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1021.180496][T16543] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1021.200620][T16543] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1022.329120][T16780] chnl_net:caif_netlink_parms(): no params data found [ 1022.546810][T12740] usb 3-1: new high-speed USB device number 117 using dummy_hcd [ 1022.638793][T16780] bridge0: port 1(bridge_slave_0) entered blocking state [ 1022.648709][T16780] bridge0: port 1(bridge_slave_0) entered disabled state [ 1022.657784][T16780] bridge_slave_0: entered allmulticast mode [ 1022.666406][T16780] bridge_slave_0: entered promiscuous mode [ 1022.676029][T16780] bridge0: port 2(bridge_slave_1) entered blocking state [ 1022.686730][T16780] bridge0: port 2(bridge_slave_1) entered disabled state [ 1022.695006][T16780] bridge_slave_1: entered allmulticast mode [ 1022.703904][T16780] bridge_slave_1: entered promiscuous mode [ 1022.753182][T12740] usb 3-1: config 220 has an invalid interface number: 76 but max is 2 [ 1022.768893][T12740] usb 3-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 1022.850148][T12740] usb 3-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 1022.880243][T12740] usb 3-1: config 220 has no interface number 2 [ 1022.888490][T12740] usb 3-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 1022.903021][T12740] usb 3-1: config 220 interface 0 has no altsetting 0 [ 1022.909837][T12740] usb 3-1: config 220 interface 76 has no altsetting 0 [ 1022.937908][T12740] usb 3-1: config 220 interface 1 has no altsetting 0 [ 1022.949848][T16780] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1022.967175][T12740] usb 3-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1022.977321][T12740] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1022.986237][T12740] usb 3-1: Product: syz [ 1023.009969][T16780] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1023.334689][T16543] Bluetooth: hci3: command tx timeout [ 1023.365000][T12740] usb 3-1: Manufacturer: syz [ 1023.375983][T12740] usb 3-1: SerialNumber: syz [ 1023.496070][T16780] team0: Port device team_slave_0 added [ 1023.518842][T16780] team0: Port device team_slave_1 added [ 1023.629476][T12740] usb 3-1: selecting invalid altsetting 0 [ 1023.637161][T12740] usb 3-1: Found UVC 7.01 device syz (8086:0b07) [ 1023.657438][T12740] usb 3-1: No valid video chain found. [ 1023.785174][T12740] usb 3-1: selecting invalid altsetting 0 [ 1023.895766][T12740] usbtest 3-1:220.1: probe with driver usbtest failed with error -22 [ 1023.927042][T12740] usb 3-1: USB disconnect, device number 117 [ 1024.032892][T16780] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1024.040015][T16780] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1024.078772][T16780] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1024.160990][T16780] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1024.178841][T16780] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1024.281713][T16780] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1024.463154][T16780] hsr_slave_0: entered promiscuous mode [ 1024.482468][T16780] hsr_slave_1: entered promiscuous mode [ 1024.500178][T16780] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1024.527676][T16780] Cannot create hsr debugfs directory [ 1024.591707][T16829] netlink: 'syz.1.2998': attribute type 1 has an invalid length. [ 1024.640324][T16829] bond1: entered promiscuous mode [ 1024.652033][T16831] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2998'. [ 1024.683202][T16829] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1025.073886][T16839] netlink: 'syz.4.3000': attribute type 4 has an invalid length. [ 1025.205983][T16844] netlink: 277 bytes leftover after parsing attributes in process `syz.2.3003'. [ 1025.397730][T16780] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1025.412209][T16543] Bluetooth: hci3: command tx timeout [ 1025.575450][T16780] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1025.636421][T16856] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1025.649180][T16856] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1025.692371][T16780] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1025.704572][T12740] usb 3-1: new full-speed USB device number 118 using dummy_hcd [ 1025.852037][T16780] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1025.883005][T12740] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1025.894775][T12740] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 240, setting to 64 [ 1025.906839][T12740] usb 3-1: New USB device found, idVendor=057e, idProduct=200e, bcdDevice= 0.00 [ 1025.916437][T12740] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1025.941248][T12740] usb 3-1: config 0 descriptor?? [ 1025.947297][T16851] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1026.214810][T16780] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1026.229503][T16780] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1026.243341][T16780] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1026.361714][T16780] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1026.429354][T12740] nintendo 0003:057E:200E.0018: hidraw0: USB HID v80.00 Device [HID 057e:200e] on usb-dummy_hcd.2-1/input0 [ 1026.688039][T16851] netlink: 'syz.2.3005': attribute type 2 has an invalid length. [ 1026.736486][T12740] nintendo 0003:057E:200E.0018: Failed charging grip handshake [ 1026.748721][T12740] nintendo 0003:057E:200E.0018: Failed to initialize controller; ret=-110 [ 1026.822355][T12740] nintendo 0003:057E:200E.0018: probe - fail = -110 [ 1026.838455][T12740] nintendo 0003:057E:200E.0018: probe with driver nintendo failed with error -110 [ 1026.878035][T12740] usb 3-1: USB disconnect, device number 118 [ 1027.161791][T16780] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1027.247465][T16780] 8021q: adding VLAN 0 to HW filter on device team0 [ 1027.266411][ T65] bridge0: port 1(bridge_slave_0) entered blocking state [ 1027.275059][ T65] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1027.296804][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 1027.304003][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1027.491428][T16543] Bluetooth: hci3: command tx timeout [ 1027.872253][T16780] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1027.997809][T16780] veth0_vlan: entered promiscuous mode [ 1028.028645][T16780] veth1_vlan: entered promiscuous mode [ 1028.141160][T16780] veth0_macvtap: entered promiscuous mode [ 1028.179517][T16780] veth1_macvtap: entered promiscuous mode [ 1028.246473][T16780] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1028.282774][T16780] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1028.324299][T16780] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1028.346290][T16780] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1028.357651][T16780] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1028.404895][T16780] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1029.840645][T16543] Bluetooth: hci3: command tx timeout [ 1030.336518][T16892] FAULT_INJECTION: forcing a failure. [ 1030.336518][T16892] name failslab, interval 1, probability 0, space 0, times 0 [ 1030.385195][T16892] CPU: 1 UID: 0 PID: 16892 Comm: syz.2.3016 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1030.385222][T16892] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1030.385232][T16892] Call Trace: [ 1030.385240][T16892] [ 1030.385248][T16892] dump_stack_lvl+0x189/0x250 [ 1030.385279][T16892] ? __pfx____ratelimit+0x10/0x10 [ 1030.385304][T16892] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1030.385328][T16892] ? __pfx__printk+0x10/0x10 [ 1030.385353][T16892] ? __pfx___might_resched+0x10/0x10 [ 1030.385375][T16892] ? fs_reclaim_acquire+0x7d/0x100 [ 1030.385401][T16892] should_fail_ex+0x414/0x560 [ 1030.385427][T16892] ? alloc_netdev_mqs+0xa8b/0x11e0 [ 1030.385448][T16892] should_failslab+0xa8/0x100 [ 1030.385468][T16892] __kvmalloc_node_noprof+0x161/0x5f0 [ 1030.385486][T16892] ? alloc_netdev_mqs+0xa8b/0x11e0 [ 1030.385514][T16892] alloc_netdev_mqs+0xa8b/0x11e0 [ 1030.385543][T16892] rtnl_create_link+0x31f/0xd10 [ 1030.385573][T16892] rtnl_newlink_create+0x25c/0xb00 [ 1030.385599][T16892] ? __mutex_lock+0x51b/0xe80 [ 1030.385621][T16892] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 1030.385638][T16892] ? rtnl_newlink+0x8db/0x1c70 [ 1030.385658][T16892] ? __pfx___mutex_lock+0x10/0x10 [ 1030.385683][T16892] ? ns_capable+0x8a/0xf0 [ 1030.385712][T16892] rtnl_newlink+0x16d6/0x1c70 [ 1030.385731][T16892] ? netlink_sendmsg+0x805/0xb30 [ 1030.385764][T16892] ? __pfx_rtnl_newlink+0x10/0x10 [ 1030.385818][T16892] ? kasan_quarantine_put+0xdd/0x220 [ 1030.385841][T16892] ? lockdep_hardirqs_on+0x9c/0x150 [ 1030.385873][T16892] ? nlmon_xmit+0xb0/0x100 [ 1030.385894][T16892] ? kmem_cache_free+0x18f/0x400 [ 1030.385919][T16892] ? __local_bh_enable_ip+0x12d/0x1c0 [ 1030.385943][T16892] ? lockdep_hardirqs_on+0x9c/0x150 [ 1030.385967][T16892] ? __local_bh_enable_ip+0x12d/0x1c0 [ 1030.385991][T16892] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1030.386026][T16892] ? __dev_queue_xmit+0x27e/0x3a70 [ 1030.386069][T16892] ? __lock_acquire+0xab9/0xd20 [ 1030.386129][T16892] ? __pfx_rtnl_newlink+0x10/0x10 [ 1030.386146][T16892] rtnetlink_rcv_msg+0x7cf/0xb70 [ 1030.386168][T16892] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 1030.386190][T16892] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1030.386205][T16892] ? ref_tracker_free+0x63a/0x7d0 [ 1030.386224][T16892] ? __copy_skb_header+0xa7/0x550 [ 1030.386247][T16892] ? __pfx_ref_tracker_free+0x10/0x10 [ 1030.386279][T16892] netlink_rcv_skb+0x205/0x470 [ 1030.386300][T16892] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 1030.386319][T16892] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1030.386354][T16892] ? netlink_deliver_tap+0x2e/0x1b0 [ 1030.386372][T16892] ? netlink_deliver_tap+0x2e/0x1b0 [ 1030.386406][T16892] netlink_unicast+0x758/0x8d0 [ 1030.386436][T16892] netlink_sendmsg+0x805/0xb30 [ 1030.386466][T16892] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1030.386491][T16892] ? aa_sock_msg_perm+0x94/0x160 [ 1030.386515][T16892] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1030.386536][T16892] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1030.386557][T16892] __sock_sendmsg+0x219/0x270 [ 1030.386587][T16892] ____sys_sendmsg+0x505/0x830 [ 1030.386616][T16892] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1030.386649][T16892] ? import_iovec+0x74/0xa0 [ 1030.386673][T16892] ___sys_sendmsg+0x21f/0x2a0 [ 1030.386698][T16892] ? __pfx____sys_sendmsg+0x10/0x10 [ 1030.386759][T16892] ? __fget_files+0x2a/0x420 [ 1030.386778][T16892] ? __fget_files+0x3a0/0x420 [ 1030.386803][T16892] __x64_sys_sendmsg+0x19b/0x260 [ 1030.386819][T16892] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1030.386840][T16892] ? __pfx_ksys_write+0x10/0x10 [ 1030.386853][T16892] ? rcu_is_watching+0x15/0xb0 [ 1030.386875][T16892] ? do_syscall_64+0xbe/0x3b0 [ 1030.386888][T16892] do_syscall_64+0xfa/0x3b0 [ 1030.386899][T16892] ? lockdep_hardirqs_on+0x9c/0x150 [ 1030.386915][T16892] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1030.386926][T16892] ? clear_bhb_loop+0x60/0xb0 [ 1030.386941][T16892] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1030.386952][T16892] RIP: 0033:0x7f817898e929 [ 1030.386965][T16892] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1030.386976][T16892] RSP: 002b:00007f81767f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1030.386990][T16892] RAX: ffffffffffffffda RBX: 00007f8178bb5fa0 RCX: 00007f817898e929 [ 1030.386998][T16892] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000003 [ 1030.387006][T16892] RBP: 00007f81767f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1030.387013][T16892] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1030.387028][T16892] R13: 0000000000000000 R14: 00007f8178bb5fa0 R15: 00007f8178cdfa28 [ 1030.387053][T16892] [ 1031.043331][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1031.051381][T12404] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1031.059325][T12404] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1031.129144][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1031.679131][T16906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1031.711779][T16906] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1031.819987][T16906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1031.855624][T16906] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1032.024320][T16914] FAULT_INJECTION: forcing a failure. [ 1032.024320][T16914] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1032.090539][T16914] CPU: 0 UID: 0 PID: 16914 Comm: syz.3.3024 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1032.090572][T16914] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1032.090584][T16914] Call Trace: [ 1032.090594][T16914] [ 1032.090603][T16914] dump_stack_lvl+0x189/0x250 [ 1032.090637][T16914] ? __pfx____ratelimit+0x10/0x10 [ 1032.090657][T16914] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1032.090674][T16914] ? __pfx__printk+0x10/0x10 [ 1032.090694][T16914] should_fail_ex+0x414/0x560 [ 1032.090712][T16914] _copy_to_user+0x31/0xb0 [ 1032.090726][T16914] simple_read_from_buffer+0xe1/0x170 [ 1032.090742][T16914] proc_fail_nth_read+0x1df/0x250 [ 1032.090759][T16914] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1032.090774][T16914] ? rw_verify_area+0x258/0x650 [ 1032.090791][T16914] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1032.090805][T16914] vfs_read+0x1fd/0x980 [ 1032.090825][T16914] ? __pfx___mutex_lock+0x10/0x10 [ 1032.090837][T16914] ? __pfx_vfs_read+0x10/0x10 [ 1032.090855][T16914] ? __fget_files+0x2a/0x420 [ 1032.090878][T16914] ? __fget_files+0x3a0/0x420 [ 1032.090890][T16914] ? __fget_files+0x2a/0x420 [ 1032.090912][T16914] ksys_read+0x145/0x250 [ 1032.090925][T16914] ? __pfx_ksys_read+0x10/0x10 [ 1032.090940][T16914] ? fput+0xa0/0xd0 [ 1032.090957][T16914] ? do_syscall_64+0xbe/0x3b0 [ 1032.090971][T16914] do_syscall_64+0xfa/0x3b0 [ 1032.090980][T16914] ? lockdep_hardirqs_on+0x9c/0x150 [ 1032.090996][T16914] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1032.091007][T16914] ? clear_bhb_loop+0x60/0xb0 [ 1032.091021][T16914] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1032.091032][T16914] RIP: 0033:0x7f39b5f8d33c [ 1032.091044][T16914] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 1032.091054][T16914] RSP: 002b:00007f39b6e13030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1032.091068][T16914] RAX: ffffffffffffffda RBX: 00007f39b61b5fa0 RCX: 00007f39b5f8d33c [ 1032.091077][T16914] RDX: 000000000000000f RSI: 00007f39b6e130a0 RDI: 0000000000000004 [ 1032.091084][T16914] RBP: 00007f39b6e13090 R08: 0000000000000000 R09: 0000000000000000 [ 1032.091091][T16914] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1032.091098][T16914] R13: 0000000000000000 R14: 00007f39b61b5fa0 R15: 00007f39b62dfa28 [ 1032.091118][T16914] [ 1032.493769][T16916] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1032.502985][T16916] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1032.544894][T16906] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1032.586436][T16906] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1032.600240][T16919] FAULT_INJECTION: forcing a failure. [ 1032.600240][T16919] name failslab, interval 1, probability 0, space 0, times 0 [ 1032.634117][T16919] CPU: 0 UID: 0 PID: 16919 Comm: syz.3.3026 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1032.634148][T16919] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1032.634161][T16919] Call Trace: [ 1032.634170][T16919] [ 1032.634180][T16919] dump_stack_lvl+0x189/0x250 [ 1032.634216][T16919] ? __pfx____ratelimit+0x10/0x10 [ 1032.634245][T16919] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1032.634275][T16919] ? __pfx__printk+0x10/0x10 [ 1032.634303][T16919] ? __pfx___might_resched+0x10/0x10 [ 1032.634330][T16919] ? fs_reclaim_acquire+0x7d/0x100 [ 1032.634359][T16919] should_fail_ex+0x414/0x560 [ 1032.634388][T16919] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1032.634417][T16919] should_failslab+0xa8/0x100 [ 1032.634440][T16919] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1032.634467][T16919] kmem_cache_alloc_lru_noprof+0x78/0x3d0 [ 1032.634486][T16919] ? sock_alloc_inode+0x28/0xc0 [ 1032.634519][T16919] ? __pfx_sock_alloc_inode+0x10/0x10 [ 1032.634547][T16919] sock_alloc_inode+0x28/0xc0 [ 1032.634575][T16919] alloc_inode+0x67/0x1b0 [ 1032.634600][T16919] __sock_create+0x12d/0x9f0 [ 1032.634630][T16919] __sys_socket+0xd7/0x1b0 [ 1032.634654][T16919] __x64_sys_socket+0x7a/0x90 [ 1032.634675][T16919] do_syscall_64+0xfa/0x3b0 [ 1032.634693][T16919] ? lockdep_hardirqs_on+0x9c/0x150 [ 1032.634721][T16919] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1032.634740][T16919] ? clear_bhb_loop+0x60/0xb0 [ 1032.634765][T16919] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1032.634783][T16919] RIP: 0033:0x7f39b5f90847 [ 1032.634802][T16919] Code: f0 ff ff 77 06 c3 0f 1f 44 00 00 48 c7 c2 a8 ff ff ff f7 d8 64 89 02 b8 ff ff ff ff c3 66 0f 1f 44 00 00 b8 29 00 00 00 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1032.634817][T16919] RSP: 002b:00007f39b6e11e58 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 1032.634840][T16919] RAX: ffffffffffffffda RBX: 0000200000000040 RCX: 00007f39b5f90847 [ 1032.634854][T16919] RDX: 0000000000000000 RSI: 0000000000080002 RDI: 0000000000000001 [ 1032.634867][T16919] RBP: 00007f39b6e11e70 R08: 000000000000000a R09: 0000000000000000 [ 1032.634880][T16919] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000024 [ 1032.634893][T16919] R13: 00007f39b6e11fa0 R14: 00007f39b6e11fa0 R15: 0000000000000000 [ 1032.634925][T16919] [ 1032.634938][T16919] socket: no more sockets [ 1033.189616][T16543] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1033.200001][T16543] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1033.208877][T16543] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1033.220782][T16543] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1033.230859][T16543] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1033.301333][T16931] tipc: Started in network mode [ 1033.324950][T16931] tipc: Node identity 7f000001, cluster identity 4711 [ 1033.351802][T16934] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3029'. [ 1033.364966][T16931] tipc: New replicast peer: 0.0.0.0 [ 1033.382742][T16931] tipc: Enabled bearer , priority 10 [ 1033.779441][T16945] capability: warning: `syz.0.3033' uses 32-bit capabilities (legacy support in use) [ 1033.870652][ T5927] usb 5-1: new high-speed USB device number 37 using dummy_hcd [ 1034.020549][ T5927] usb 5-1: Using ep0 maxpacket: 8 [ 1034.028189][ T5927] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1034.081383][ T5927] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1034.113146][ T5927] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1034.171117][ T5927] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1034.330679][ T5927] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1034.336597][T16932] chnl_net:caif_netlink_parms(): no params data found [ 1034.340035][ T5927] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1034.365162][T16952] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1034.403179][T16952] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1034.501814][ T5919] tipc: Node number set to 2130706433 [ 1034.560791][ T5843] usb 3-1: new high-speed USB device number 119 using dummy_hcd [ 1034.585017][ T5927] usb 5-1: GET_CAPABILITIES returned 0 [ 1034.595512][ T5927] usbtmc 5-1:16.0: can't read capabilities [ 1034.733483][ T5843] usb 3-1: config 0 interface 0 altsetting 7 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1034.768837][ T5843] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1034.781137][T16932] bridge0: port 1(bridge_slave_0) entered blocking state [ 1034.785761][T16942] netlink: 'syz.4.3031': attribute type 21 has an invalid length. [ 1034.788868][ T5843] usb 3-1: New USB device found, idVendor=05ac, idProduct=0269, bcdDevice= 0.00 [ 1034.809547][T16932] bridge0: port 1(bridge_slave_0) entered disabled state [ 1034.817287][T16932] bridge_slave_0: entered allmulticast mode [ 1034.825936][ T5843] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1034.830825][T16942] netlink: 'syz.4.3031': attribute type 21 has an invalid length. [ 1034.835652][T16932] bridge_slave_0: entered promiscuous mode [ 1034.854958][ T5843] usb 3-1: config 0 descriptor?? [ 1034.868348][T16932] bridge0: port 2(bridge_slave_1) entered blocking state [ 1034.876546][T16932] bridge0: port 2(bridge_slave_1) entered disabled state [ 1034.886690][ T5843] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 1034.897670][T16942] netlink: 'syz.4.3031': attribute type 21 has an invalid length. [ 1034.913654][T16932] bridge_slave_1: entered allmulticast mode [ 1034.929813][T16932] bridge_slave_1: entered promiscuous mode [ 1034.942312][T16942] netlink: 'syz.4.3031': attribute type 21 has an invalid length. [ 1034.957586][T16961] kAFS: unable to lookup cell '/,' [ 1034.982257][T16942] netlink: 'syz.4.3031': attribute type 21 has an invalid length. [ 1035.009785][T16932] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1035.023124][T16942] netlink: 'syz.4.3031': attribute type 21 has an invalid length. [ 1035.034115][T16942] netlink: 'syz.4.3031': attribute type 21 has an invalid length. [ 1035.044409][T16932] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1035.061449][T16942] netlink: 'syz.4.3031': attribute type 21 has an invalid length. [ 1035.097457][T16942] netlink: 'syz.4.3031': attribute type 21 has an invalid length. [ 1035.130836][T16942] netlink: 'syz.4.3031': attribute type 21 has an invalid length. [ 1035.154992][T12740] usb 5-1: USB disconnect, device number 37 [ 1035.223074][T16932] team0: Port device team_slave_0 added [ 1035.249270][T16932] team0: Port device team_slave_1 added [ 1035.330681][ T51] Bluetooth: hci0: command tx timeout [ 1035.453559][T16932] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1035.468869][T16932] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1035.522411][T16932] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1035.552236][T16932] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1035.570692][T16932] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1035.609466][T16932] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1035.924471][T16932] hsr_slave_0: entered promiscuous mode [ 1035.943789][T16932] hsr_slave_1: entered promiscuous mode [ 1035.965845][T16932] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1035.980054][T16932] Cannot create hsr debugfs directory [ 1036.079211][ T30] audit: type=1326 audit(1750410076.601:1187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16974 comm="syz.4.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 1036.140549][ T30] audit: type=1326 audit(1750410076.601:1188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16974 comm="syz.4.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 1036.210036][ T30] audit: type=1326 audit(1750410076.631:1189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16974 comm="syz.4.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=248 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 1036.267063][ T30] audit: type=1326 audit(1750410076.631:1190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16974 comm="syz.4.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 1036.370536][ T30] audit: type=1326 audit(1750410076.631:1191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=16974 comm="syz.4.3041" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fd84e18e929 code=0x7ffc0000 [ 1036.654860][T16932] netdevsim netdevsim1 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1036.858324][T16932] netdevsim netdevsim1 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1036.988289][T16932] netdevsim netdevsim1 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1037.082426][T16932] netdevsim netdevsim1 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1037.342791][ T5919] usb 3-1: USB disconnect, device number 119 [ 1037.410923][ T51] Bluetooth: hci0: command tx timeout [ 1039.638902][ T51] Bluetooth: hci0: command tx timeout [ 1039.853808][T16998] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3046'. [ 1039.879771][T16997] bond0: entered promiscuous mode [ 1039.930546][T16997] bond_slave_0: entered promiscuous mode [ 1040.025458][T16997] bond_slave_1: entered promiscuous mode [ 1040.346468][T16932] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1040.375619][T16932] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1040.629198][T16932] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1040.827385][T16932] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1040.878373][T17008] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1040.893140][T17008] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1041.248571][T17015] mmap: syz.0.3048 (17015) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1041.539156][T16932] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1041.583419][T16932] 8021q: adding VLAN 0 to HW filter on device team0 [ 1041.637155][ T3990] bridge0: port 1(bridge_slave_0) entered blocking state [ 1041.644448][ T3990] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1041.730849][ T51] Bluetooth: hci0: command tx timeout [ 1041.900024][ T3990] bridge0: port 2(bridge_slave_1) entered blocking state [ 1041.907314][ T3990] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1042.323602][T16932] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1042.365216][T17026] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3051'. [ 1042.577489][T17029] validate_nla: 55 callbacks suppressed [ 1042.577511][T17029] netlink: 'syz.3.3052': attribute type 4 has an invalid length. [ 1042.588424][T16932] veth0_vlan: entered promiscuous mode [ 1042.676554][T16932] veth1_vlan: entered promiscuous mode [ 1042.989535][T17034] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3053'. [ 1043.107280][T17035] FAULT_INJECTION: forcing a failure. [ 1043.107280][T17035] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1043.127672][T17035] CPU: 1 UID: 0 PID: 17035 Comm: syz.0.3054 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1043.127702][T17035] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1043.127723][T17035] Call Trace: [ 1043.127732][T17035] [ 1043.127742][T17035] dump_stack_lvl+0x189/0x250 [ 1043.127778][T17035] ? __pfx____ratelimit+0x10/0x10 [ 1043.127808][T17035] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1043.127837][T17035] ? __pfx__printk+0x10/0x10 [ 1043.127859][T17035] ? __might_fault+0xb0/0x130 [ 1043.127890][T17035] should_fail_ex+0x414/0x560 [ 1043.127921][T17035] _copy_from_iter+0x1db/0x16f0 [ 1043.127955][T17035] ? rcu_is_watching+0x15/0xb0 [ 1043.127984][T17035] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 1043.128005][T17035] ? __pfx__copy_from_iter+0x10/0x10 [ 1043.128036][T17035] ? __build_skb_around+0x257/0x3e0 [ 1043.128063][T17035] ? netlink_sendmsg+0x642/0xb30 [ 1043.128085][T17035] ? skb_put+0x11b/0x210 [ 1043.128111][T17035] netlink_sendmsg+0x6b2/0xb30 [ 1043.128144][T17035] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1043.128171][T17035] ? aa_sock_msg_perm+0x94/0x160 [ 1043.128199][T17035] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1043.128223][T17035] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1043.128248][T17035] __sock_sendmsg+0x219/0x270 [ 1043.128281][T17035] ____sys_sendmsg+0x505/0x830 [ 1043.128312][T17035] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1043.128348][T17035] ? import_iovec+0x74/0xa0 [ 1043.128372][T17035] ___sys_sendmsg+0x21f/0x2a0 [ 1043.128399][T17035] ? __pfx____sys_sendmsg+0x10/0x10 [ 1043.128463][T17035] ? __fget_files+0x2a/0x420 [ 1043.128484][T17035] ? __fget_files+0x3a0/0x420 [ 1043.128513][T17035] __x64_sys_sendmsg+0x19b/0x260 [ 1043.128539][T17035] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1043.128572][T17035] ? __pfx_ksys_write+0x10/0x10 [ 1043.128588][T17035] ? rcu_is_watching+0x15/0xb0 [ 1043.128622][T17035] ? do_syscall_64+0xbe/0x3b0 [ 1043.128645][T17035] do_syscall_64+0xfa/0x3b0 [ 1043.128662][T17035] ? lockdep_hardirqs_on+0x9c/0x150 [ 1043.128694][T17035] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.128723][T17035] ? clear_bhb_loop+0x60/0xb0 [ 1043.128747][T17035] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1043.128766][T17035] RIP: 0033:0x7f958298e929 [ 1043.128785][T17035] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1043.128802][T17035] RSP: 002b:00007f9583839038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1043.128825][T17035] RAX: ffffffffffffffda RBX: 00007f9582bb5fa0 RCX: 00007f958298e929 [ 1043.128840][T17035] RDX: 0000000000000000 RSI: 0000200000000300 RDI: 0000000000000003 [ 1043.128853][T17035] RBP: 00007f9583839090 R08: 0000000000000000 R09: 0000000000000000 [ 1043.128866][T17035] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1043.128878][T17035] R13: 0000000000000000 R14: 00007f9582bb5fa0 R15: 00007f9582cdfa28 [ 1043.128910][T17035] [ 1043.453350][T16932] veth0_macvtap: entered promiscuous mode [ 1043.504655][T16932] veth1_macvtap: entered promiscuous mode [ 1043.709283][T16932] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1043.722611][ T2156] usb 4-1: new full-speed USB device number 33 using dummy_hcd [ 1043.774781][T16932] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1043.835094][T17039] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3056'. [ 1043.861355][T16932] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1043.870220][T16932] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1043.903308][ T2156] usb 4-1: config 0 has an invalid interface number: 133 but max is 0 [ 1043.922557][ T2156] usb 4-1: config 0 has no interface number 0 [ 1043.940470][T16932] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1043.949505][T16932] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1043.951068][ T2156] usb 4-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 1044.015132][ T2156] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1044.058248][ T2156] usb 4-1: Product: syz [ 1044.066657][ T2156] usb 4-1: Manufacturer: syz [ 1044.103954][ T2156] usb 4-1: SerialNumber: syz [ 1044.152973][ T2156] usb 4-1: config 0 descriptor?? [ 1044.311831][ T1316] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1044.359838][ T1316] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1044.410255][ T2156] keyspan 4-1:0.133: Keyspan 1 port adapter converter detected [ 1044.463156][ T2156] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 81 [ 1044.487520][ T2156] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 1 [ 1044.503783][ T2156] keyspan 4-1:0.133: found no endpoint descriptor for endpoint 2 [ 1044.519364][ T2156] usb 4-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 1044.582346][ T36] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1044.617316][ T36] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1045.484155][T17073] wg2: entered promiscuous mode [ 1045.508283][T17073] wg2: entered allmulticast mode [ 1046.429851][T17091] pim6reg1: entered promiscuous mode [ 1046.435751][T17091] pim6reg1: entered allmulticast mode [ 1047.039604][T17111] wg2: entered promiscuous mode [ 1047.047214][T17111] wg2: entered allmulticast mode [ 1047.047574][T15602] usb 4-1: USB disconnect, device number 33 [ 1047.064707][T15602] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 1047.149726][T15602] keyspan 4-1:0.133: device disconnected [ 1047.363284][T17123] pim6reg1: entered promiscuous mode [ 1047.369196][T17123] pim6reg1: entered allmulticast mode [ 1047.545058][T17128] pim6reg1: entered promiscuous mode [ 1047.556280][T17128] pim6reg1: entered allmulticast mode [ 1047.728524][T17134] pim6reg1: entered promiscuous mode [ 1047.735752][T17134] pim6reg1: entered allmulticast mode [ 1048.815506][T17167] pim6reg1: entered promiscuous mode [ 1048.825162][T17167] pim6reg1: entered allmulticast mode [ 1053.064300][T17202] pim6reg1: entered promiscuous mode [ 1053.069724][T17202] pim6reg1: entered allmulticast mode [ 1054.100754][T12740] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 1054.320697][T12740] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1054.358549][T12740] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1054.387394][T12740] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1054.430568][T12740] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1054.439680][T12740] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1054.497566][T12740] usb 3-1: config 0 descriptor?? [ 1054.615791][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.622275][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.795830][T12740] usbhid 3-1:0.0: can't add hid device: -71 [ 1054.812486][T12740] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1054.844356][T12740] usb 3-1: USB disconnect, device number 120 [ 1055.381170][T17274] pim6reg1: entered promiscuous mode [ 1055.410518][T17274] pim6reg1: entered allmulticast mode [ 1061.370108][T17354] netlink: 96 bytes leftover after parsing attributes in process `syz.2.3172'. [ 1061.390250][T17354] 8021q: VLANs not supported on ip_vti0 [ 1061.714375][T17358] veth0_vlan: entered allmulticast mode [ 1061.936353][T17358] ÿÿÿÿÿÿ: renamed from vlan1 [ 1062.285550][ T30] audit: type=1326 audit(1750410102.791:1192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17368 comm="syz.0.3177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1062.374269][ T30] audit: type=1326 audit(1750410102.791:1193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17368 comm="syz.0.3177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1062.428625][ T30] audit: type=1326 audit(1750410102.801:1194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17368 comm="syz.0.3177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=63 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1062.463989][T17367] loop8: detected capacity change from 16320 to 16383 [ 1062.499319][ T30] audit: type=1326 audit(1750410102.801:1195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17368 comm="syz.0.3177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1062.602393][ T30] audit: type=1326 audit(1750410102.801:1196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17368 comm="syz.0.3177" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1064.551111][ T30] audit: type=1326 audit(1750410105.071:1197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17403 comm="syz.3.3195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1064.600736][ T30] audit: type=1326 audit(1750410105.071:1198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17403 comm="syz.3.3195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1064.645079][T16543] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1064.661901][T16543] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1064.670928][T16543] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1064.682135][T16543] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1064.700863][T16543] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1064.710626][ T1210] usb 3-1: new high-speed USB device number 121 using dummy_hcd [ 1064.742720][ T30] audit: type=1326 audit(1750410105.071:1199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17403 comm="syz.3.3195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1064.801201][ T30] audit: type=1326 audit(1750410105.071:1200): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17403 comm="syz.3.3195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1064.870650][ T30] audit: type=1326 audit(1750410105.071:1201): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17403 comm="syz.3.3195" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1064.900456][ T1210] usb 3-1: Using ep0 maxpacket: 16 [ 1064.936860][ T1210] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1064.970442][ T1210] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1065.000542][ T1210] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2db4, bcdDevice= 0.00 [ 1065.009657][ T1210] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1065.043680][ T1210] usb 3-1: config 0 descriptor?? [ 1065.472420][ T1210] usbhid 3-1:0.0: can't add hid device: -71 [ 1065.479369][ T1210] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1065.530885][ T1210] usb 3-1: USB disconnect, device number 121 [ 1065.608949][T17410] chnl_net:caif_netlink_parms(): no params data found [ 1065.681867][T17419] pim6reg1: entered promiscuous mode [ 1065.687246][T17419] pim6reg1: entered allmulticast mode [ 1066.020989][T17410] bridge0: port 1(bridge_slave_0) entered blocking state [ 1066.028789][T17410] bridge0: port 1(bridge_slave_0) entered disabled state [ 1066.037041][T17410] bridge_slave_0: entered allmulticast mode [ 1066.047867][T17410] bridge_slave_0: entered promiscuous mode [ 1066.060786][T17410] bridge0: port 2(bridge_slave_1) entered blocking state [ 1066.068294][T17410] bridge0: port 2(bridge_slave_1) entered disabled state [ 1066.134495][T17410] bridge_slave_1: entered allmulticast mode [ 1066.169651][T17410] bridge_slave_1: entered promiscuous mode [ 1066.412071][T17410] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1066.468143][T17410] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1066.760978][T16543] Bluetooth: hci1: command tx timeout [ 1066.770297][T17410] team0: Port device team_slave_0 added [ 1066.814926][T17410] team0: Port device team_slave_1 added [ 1066.943599][T17410] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1066.950926][T17410] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1067.029695][T17410] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1067.064388][T17410] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1067.087191][T17410] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1067.142042][T17410] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1067.357297][T17410] hsr_slave_0: entered promiscuous mode [ 1067.386730][T17410] hsr_slave_1: entered promiscuous mode [ 1067.408031][T17410] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1067.460508][T17410] Cannot create hsr debugfs directory [ 1067.519046][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 1067.519067][ T30] audit: type=1326 audit(1750410108.041:1205): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17445 comm="syz.3.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1067.610195][ T30] audit: type=1326 audit(1750410108.041:1206): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17445 comm="syz.3.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1067.664462][ T30] audit: type=1326 audit(1750410108.041:1207): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17445 comm="syz.3.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1067.753093][ T30] audit: type=1326 audit(1750410108.041:1208): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17445 comm="syz.3.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1067.826910][ T30] audit: type=1326 audit(1750410108.041:1209): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17445 comm="syz.3.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1067.915456][ T30] audit: type=1326 audit(1750410108.041:1210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17445 comm="syz.3.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=426 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1068.011276][ T30] audit: type=1326 audit(1750410108.041:1211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17445 comm="syz.3.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1068.090532][ T30] audit: type=1326 audit(1750410108.051:1212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17445 comm="syz.3.3206" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1068.840745][T16543] Bluetooth: hci1: command tx timeout [ 1069.788526][T17410] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1069.875282][T17410] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1069.975949][T17410] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1070.064867][T17410] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1070.537658][T17410] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1070.693940][T17410] 8021q: adding VLAN 0 to HW filter on device team0 [ 1070.930795][T16543] Bluetooth: hci1: command tx timeout [ 1071.209814][T17055] bridge0: port 1(bridge_slave_0) entered blocking state [ 1071.210965][T17509] random: crng reseeded on system resumption [ 1071.217243][T17055] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1071.299652][ T65] bridge0: port 2(bridge_slave_1) entered blocking state [ 1071.306864][ T65] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1071.638860][T17516] bond_slave_1: entered promiscuous mode [ 1071.779129][T17410] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1071.911386][T12740] usb 3-1: new high-speed USB device number 122 using dummy_hcd [ 1071.989830][T17410] veth0_vlan: entered promiscuous mode [ 1072.038919][T17410] veth1_vlan: entered promiscuous mode [ 1072.091543][T12740] usb 3-1: Using ep0 maxpacket: 32 [ 1072.111413][T12740] usb 3-1: config 242 has an invalid interface number: 219 but max is 0 [ 1072.130253][T12740] usb 3-1: config 242 has no interface number 0 [ 1072.155843][T17410] veth0_macvtap: entered promiscuous mode [ 1072.162721][T12740] usb 3-1: config 242 interface 219 altsetting 129 bulk endpoint 0x2 has invalid maxpacket 8 [ 1072.224026][T12740] usb 3-1: config 242 interface 219 has no altsetting 0 [ 1072.231557][T17410] veth1_macvtap: entered promiscuous mode [ 1072.244829][T12740] usb 3-1: New USB device found, idVendor=05f9, idProduct=ffff, bcdDevice=62.a4 [ 1072.269699][T12740] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1072.299177][T12740] usb 3-1: Product: syz [ 1072.325032][T17410] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1072.329639][T12740] usb 3-1: Manufacturer: syz [ 1072.353500][T12740] usb 3-1: SerialNumber: syz [ 1072.395590][T17410] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1072.420899][T17516] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1072.457311][T17410] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1072.496109][T17410] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1072.546245][T17410] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1072.575974][T17410] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1072.730118][T17538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1072.788433][ T30] audit: type=1326 audit(1750410113.311:1213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17539 comm="syz.3.3231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1072.813845][T17538] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1072.890659][ T30] audit: type=1326 audit(1750410113.351:1214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17539 comm="syz.3.3231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1072.987070][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1072.991028][ T30] audit: type=1326 audit(1750410113.351:1215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17539 comm="syz.3.3231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1073.020757][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1073.026732][T16543] Bluetooth: hci1: command tx timeout [ 1073.042692][ T30] audit: type=1326 audit(1750410113.351:1216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17539 comm="syz.3.3231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1073.085972][ T30] audit: type=1326 audit(1750410113.351:1217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17539 comm="syz.3.3231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1073.145409][T12740] usbserial_generic 3-1:242.219: The "generic" usb-serial driver is only for testing and one-off prototypes. [ 1073.178330][ T30] audit: type=1326 audit(1750410113.351:1218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17539 comm="syz.3.3231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1073.211001][T17516] bond_slave_1: left promiscuous mode [ 1073.220976][T12740] usbserial_generic 3-1:242.219: Tell linux-usb@vger.kernel.org to add your device to a proper driver. [ 1073.256333][T16898] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1073.272183][T12740] usbserial_generic 3-1:242.219: generic converter detected [ 1073.294206][ T30] audit: type=1326 audit(1750410113.351:1219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17539 comm="syz.3.3231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=285 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1073.312359][T16898] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1073.338619][T12740] usb 3-1: generic converter now attached to ttyUSB0 [ 1073.386976][T12740] usb 3-1: USB disconnect, device number 122 [ 1073.398606][ T30] audit: type=1326 audit(1750410113.351:1220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17539 comm="syz.3.3231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=96 compat=0 ip=0xffffffffff600000 code=0x7ffc0000 [ 1073.457730][T12740] generic ttyUSB0: generic converter now disconnected from ttyUSB0 [ 1073.482332][T12740] usbserial_generic 3-1:242.219: device disconnected [ 1073.517860][ T30] audit: type=1326 audit(1750410113.351:1221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17539 comm="syz.3.3231" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1073.751769][T17553] ªªªªªª: renamed from vlan0 [ 1073.890246][ T30] audit: type=1326 audit(1750410114.411:1222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17555 comm="syz.0.3236" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1074.314563][T17573] veth0_vlan: entered allmulticast mode [ 1074.462866][T17573] veth0_vlan: left promiscuous mode [ 1074.472992][T17573] veth0_vlan: entered promiscuous mode [ 1076.877613][T17625] netem: change failed [ 1082.261158][T17708] netlink: 32 bytes leftover after parsing attributes in process `syz.2.3274'. [ 1084.090778][ T30] kauditd_printk_skb: 44 callbacks suppressed [ 1084.090802][ T30] audit: type=1326 audit(1750410124.601:1267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17728 comm="syz.1.3280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1084.090859][ T30] audit: type=1326 audit(1750410124.601:1268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17728 comm="syz.1.3280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1084.090907][ T30] audit: type=1326 audit(1750410124.611:1269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17728 comm="syz.1.3280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=296 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1084.090952][ T30] audit: type=1326 audit(1750410124.611:1270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17728 comm="syz.1.3280" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1085.993115][ T30] audit: type=1326 audit(1750410126.521:1271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17759 comm="syz.3.3292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1086.042186][ T30] audit: type=1326 audit(1750410126.521:1272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17759 comm="syz.3.3292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1086.430474][ T30] audit: type=1326 audit(1750410126.521:1273): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17759 comm="syz.3.3292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1086.470481][ T30] audit: type=1326 audit(1750410126.521:1274): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17759 comm="syz.3.3292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1086.568299][ T30] audit: type=1326 audit(1750410126.521:1275): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17759 comm="syz.3.3292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1086.599324][ T30] audit: type=1326 audit(1750410126.521:1276): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17759 comm="syz.3.3292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f39b5f8e929 code=0x7ffc0000 [ 1087.331364][T17785] netlink: 'syz.3.3301': attribute type 12 has an invalid length. [ 1088.156004][ T5926] usb 3-1: new high-speed USB device number 123 using dummy_hcd [ 1088.335254][ T5926] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1088.396729][ T5926] usb 3-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 1088.455317][ T5926] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1088.485969][ T5926] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1088.507915][ T5926] usb 3-1: Product: syz [ 1088.518065][ T5926] usb 3-1: Manufacturer: syz [ 1088.538442][ T5926] usb 3-1: SerialNumber: syz [ 1088.779405][T17796] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1088.968078][T17815] veth0_vlan: entered allmulticast mode [ 1089.097547][T17815] veth0_vlan: left promiscuous mode [ 1089.111906][T17815] veth0_vlan: entered promiscuous mode [ 1089.490827][T17796] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1089.701604][ T5926] cdc_mbim 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 1089.708298][ T5926] cdc_mbim 3-1:1.0: dwNtbInMaxSize=0 is too small. Using 2048 [ 1089.720443][ T5926] cdc_mbim 3-1:1.0: setting rx_max = 2048 [ 1089.920573][ T5926] cdc_mbim 3-1:1.0: setting tx_max = 184 [ 1089.937064][ T5926] cdc_mbim 3-1:1.0: cdc-wdm0: USB WDM device [ 1089.988969][ T5926] wwan wwan0: port wwan0mbim0 attached [ 1090.048032][ T5926] cdc_mbim 3-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.2-1, CDC MBIM, 42:42:42:42:42:42 [ 1090.119258][T15602] usb 3-1: USB disconnect, device number 123 [ 1090.157243][T15602] cdc_mbim 3-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.2-1, CDC MBIM [ 1090.322612][T15602] wwan wwan0: port wwan0mbim0 disconnected [ 1091.208205][T17834] ip6gretap0: entered promiscuous mode [ 1093.747269][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 1093.747293][ T30] audit: type=1326 audit(1750410134.261:1291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1093.860458][ T30] audit: type=1326 audit(1750410134.271:1292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1093.964653][ T30] audit: type=1326 audit(1750410134.271:1293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=424 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1094.041723][ T30] audit: type=1326 audit(1750410134.271:1294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1094.105587][ T30] audit: type=1326 audit(1750410134.271:1295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1094.173694][ T30] audit: type=1326 audit(1750410134.271:1296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1094.263589][ T30] audit: type=1326 audit(1750410134.271:1297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1094.296343][ T30] audit: type=1326 audit(1750410134.271:1298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17863 comm="syz.2.3328" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1094.331201][ T30] audit: type=1326 audit(1750410134.731:1299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17873 comm="syz.1.3332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1094.385798][ T30] audit: type=1326 audit(1750410134.731:1300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=17873 comm="syz.1.3332" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1097.944574][T17936] netlink: 24 bytes leftover after parsing attributes in process `syz.2.3354'. [ 1098.107070][T17942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1098.137813][T17942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1098.622965][T17946] netlink: 'syz.3.3358': attribute type 4 has an invalid length. [ 1098.632461][T17946] netlink: 'syz.3.3358': attribute type 4 has an invalid length. [ 1098.863288][T17948] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3354'. [ 1099.777947][T17963] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3364'. [ 1099.794318][T17964] netlink: 'syz.1.3363': attribute type 4 has an invalid length. [ 1099.814013][T17963] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3364'. [ 1101.774967][T17991] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3372'. [ 1103.153739][T17993] bridge0: entered promiscuous mode [ 1103.166204][T17993] bridge0: entered allmulticast mode [ 1105.717578][T18033] xt_bpf: check failed: parse error [ 1106.989902][T18054] ptrace attach of "./syz-executor exec"[18055] was attempted by "./syz-executor exec"[18054] [ 1110.200702][ T1210] usb 3-1: new high-speed USB device number 124 using dummy_hcd [ 1110.407409][T18087] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1110.442497][T18087] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1110.486939][ T1210] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1110.500701][ T1210] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 1110.528907][ T1210] usb 3-1: can't read configurations, error -71 [ 1110.570784][ T2156] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 1110.752763][ T2156] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1110.780667][ T2156] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1110.798616][ T2156] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 1110.820431][ T2156] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 1110.828640][ T2156] usb 2-1: SerialNumber: syz [ 1111.093807][ T2156] usb 2-1: 0:2 : does not exist [ 1111.112436][ T2156] usb 2-1: unit 5: unexpected type 0x0d [ 1111.172816][ T2156] usb 2-1: USB disconnect, device number 17 [ 1111.327718][ T6360] udevd[6360]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1112.705081][T18117] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3412'. [ 1116.060532][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 1116.066929][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 1117.929261][ T30] kauditd_printk_skb: 3 callbacks suppressed [ 1117.929284][ T30] audit: type=1326 audit(1750410158.451:1304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18200 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1118.043936][ T30] audit: type=1326 audit(1750410158.451:1305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18200 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1118.113911][ T30] audit: type=1326 audit(1750410158.501:1306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18200 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1118.188482][ T30] audit: type=1326 audit(1750410158.501:1307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18200 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1118.259274][ T30] audit: type=1326 audit(1750410158.501:1308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18200 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1118.303448][T18208] binder: BC_ATTEMPT_ACQUIRE not supported [ 1118.309439][T18208] binder: 18207:18208 ioctl c0306201 2000000025c0 returned -22 [ 1118.311399][ T30] audit: type=1326 audit(1750410158.501:1309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18200 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1118.398448][ T30] audit: type=1326 audit(1750410158.501:1310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18200 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1118.448447][ T30] audit: type=1326 audit(1750410158.501:1311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18200 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1118.534485][ T30] audit: type=1326 audit(1750410158.501:1312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18200 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1118.640182][ T30] audit: type=1326 audit(1750410158.501:1313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18200 comm="syz.1.3445" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1123.840589][ T5919] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1124.039132][ T5919] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1124.060635][ T5919] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1124.109970][ T5919] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 1124.144317][ T5919] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 1124.176462][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1124.226877][ T5919] usb 4-1: config 0 descriptor?? [ 1124.672967][ T5919] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1124.711292][ T5919] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1124.741234][ T5919] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1124.748709][ T5919] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1124.811984][ T5919] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1124.836738][ T5919] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1124.849842][ T5919] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1124.880134][ T5919] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1124.899227][ T5919] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1124.907400][ T5919] plantronics 0003:047F:FFFF.0019: unknown main item tag 0x0 [ 1124.934346][ T5919] plantronics 0003:047F:FFFF.0019: No inputs registered, leaving [ 1124.991114][ T5919] plantronics 0003:047F:FFFF.0019: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 1125.061129][ T5919] usb 4-1: USB disconnect, device number 34 [ 1125.210833][T18287] fido_id[18287]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 1127.666705][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 1127.666727][ T30] audit: type=1326 audit(1750410168.191:1318): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18334 comm="syz.2.3491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1127.801621][ T30] audit: type=1326 audit(1750410168.231:1319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18334 comm="syz.2.3491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1127.896940][ T30] audit: type=1326 audit(1750410168.251:1320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18334 comm="syz.2.3491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1127.956981][ T30] audit: type=1326 audit(1750410168.251:1321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18334 comm="syz.2.3491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1128.061412][ T30] audit: type=1326 audit(1750410168.251:1322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18334 comm="syz.2.3491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1128.210510][ T30] audit: type=1326 audit(1750410168.251:1323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18334 comm="syz.2.3491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1128.328706][ T30] audit: type=1326 audit(1750410168.261:1324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18334 comm="syz.2.3491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1128.419683][ T30] audit: type=1326 audit(1750410168.261:1325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18334 comm="syz.2.3491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1128.492493][T18342] @ÿ: renamed from bond_slave_0 (while UP) [ 1128.510511][ T30] audit: type=1326 audit(1750410168.261:1326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18334 comm="syz.2.3491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1128.581212][ T30] audit: type=1326 audit(1750410168.261:1327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18334 comm="syz.2.3491" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f817898e929 code=0x7ffc0000 [ 1132.561195][T18381] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3510'. [ 1133.481879][T11069] Bluetooth: hci5: command 0x0406 tx timeout [ 1134.126864][ T5919] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 1134.283677][ T5919] usb 4-1: config 0 interface 0 altsetting 185 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1134.304156][ T5919] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1134.325000][ T5919] usb 4-1: New USB device found, idVendor=05ac, idProduct=027a, bcdDevice= 0.00 [ 1134.354743][ T5919] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1134.395456][ T5919] usb 4-1: config 0 descriptor?? [ 1135.171740][ T5919] apple 0003:05AC:027A.001A: hidraw0: USB HID v8.00 Device [HID 05ac:027a] on usb-dummy_hcd.3-1/input0 [ 1135.198491][ T5919] usb 4-1: USB disconnect, device number 35 [ 1135.350717][T18419] fido_id[18419]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 1137.358934][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 1137.358958][ T30] audit: type=1326 audit(1750410177.851:1330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18438 comm="syz.4.3527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b2b8e929 code=0x7ffc0000 [ 1137.520532][ T30] audit: type=1326 audit(1750410177.851:1331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18438 comm="syz.4.3527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b2b8e929 code=0x7ffc0000 [ 1137.560602][ T30] audit: type=1326 audit(1750410177.851:1332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18438 comm="syz.4.3527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=213 compat=0 ip=0x7f39b2b8e929 code=0x7ffc0000 [ 1137.630206][ T30] audit: type=1326 audit(1750410177.851:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18438 comm="syz.4.3527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b2b8e929 code=0x7ffc0000 [ 1137.777430][ T30] audit: type=1326 audit(1750410177.851:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18438 comm="syz.4.3527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b2b8e929 code=0x7ffc0000 [ 1137.830517][ T30] audit: type=1326 audit(1750410177.851:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18438 comm="syz.4.3527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=232 compat=0 ip=0x7f39b2b8e929 code=0x7ffc0000 [ 1137.872999][ T30] audit: type=1326 audit(1750410177.851:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18438 comm="syz.4.3527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b2b8e929 code=0x7ffc0000 [ 1137.960602][ T30] audit: type=1326 audit(1750410177.851:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18438 comm="syz.4.3527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b2b8e929 code=0x7ffc0000 [ 1138.030460][ T30] audit: type=1326 audit(1750410177.851:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18438 comm="syz.4.3527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f39b2b8d290 code=0x7ffc0000 [ 1138.120677][ T30] audit: type=1326 audit(1750410177.851:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18438 comm="syz.4.3527" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f39b2b8d290 code=0x7ffc0000 [ 1142.216951][T18492] netlink: 'syz.3.3542': attribute type 12 has an invalid length. [ 1142.399109][T18500] xt_hashlimit: size too large, truncated to 1048576 [ 1143.720582][T11069] Bluetooth: hci3: command 0x0406 tx timeout [ 1144.979275][T18542] netlink: 'syz.4.3556': attribute type 4 has an invalid length. [ 1145.230507][ T2156] usb 3-1: new high-speed USB device number 126 using dummy_hcd [ 1145.382057][ T2156] usb 3-1: Using ep0 maxpacket: 32 [ 1145.417392][ T2156] usb 3-1: config 0 interface 0 altsetting 74 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1145.443595][ T2156] usb 3-1: config 0 interface 0 altsetting 74 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1145.474059][ T2156] usb 3-1: config 0 interface 0 has no altsetting 0 [ 1145.494398][ T2156] usb 3-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 1145.524933][ T2156] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1145.546335][ T2156] usb 3-1: config 0 descriptor?? [ 1145.792010][ T2156] usbhid 3-1:0.0: can't add hid device: -71 [ 1145.812286][ T2156] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1145.846443][ T30] kauditd_printk_skb: 49 callbacks suppressed [ 1145.846462][ T30] audit: type=1326 audit(1750410186.371:1389): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18554 comm="syz.1.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1145.846874][ T2156] usb 3-1: USB disconnect, device number 126 [ 1145.887527][ T30] audit: type=1326 audit(1750410186.401:1390): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18554 comm="syz.1.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1145.959714][ T30] audit: type=1326 audit(1750410186.441:1391): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18554 comm="syz.1.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1146.037137][ T30] audit: type=1326 audit(1750410186.441:1392): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18554 comm="syz.1.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1146.094979][ T30] audit: type=1326 audit(1750410186.441:1393): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18554 comm="syz.1.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1146.130314][ T30] audit: type=1326 audit(1750410186.451:1394): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18554 comm="syz.1.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1146.167534][ T30] audit: type=1326 audit(1750410186.451:1395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18554 comm="syz.1.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1146.238921][ T30] audit: type=1326 audit(1750410186.451:1396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18554 comm="syz.1.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1146.304723][ T30] audit: type=1326 audit(1750410186.451:1397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18554 comm="syz.1.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1146.357972][ T30] audit: type=1326 audit(1750410186.451:1398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18554 comm="syz.1.3564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb5f618e929 code=0x7ffc0000 [ 1146.543157][T18569] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3568'. [ 1146.717719][T18570] input: syz1 as /devices/virtual/input/input58 [ 1147.089381][T18569] batadv1: entered allmulticast mode [ 1150.591119][ T5919] usb 5-1: new high-speed USB device number 38 using dummy_hcd [ 1150.753159][ T5919] usb 5-1: Using ep0 maxpacket: 16 [ 1150.780178][ T5919] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1150.832428][ T5919] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1150.860432][ T5919] usb 5-1: New USB device found, idVendor=056a, idProduct=0318, bcdDevice= 0.00 [ 1150.879872][ T5919] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1150.909976][ T5919] usb 5-1: config 0 descriptor?? [ 1151.608523][ T5926] usb 5-1: USB disconnect, device number 38 [ 1152.727727][T18667] binder: 18638:18667 ioctl c0306201 0 returned -14 [ 1154.770690][ T5926] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 1154.930569][ T5926] usb 2-1: Using ep0 maxpacket: 16 [ 1154.945242][ T5926] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1154.963929][ T5926] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1154.984500][ T5926] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1154.999442][ T5926] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1155.025079][ T5926] usb 2-1: config 0 descriptor?? [ 1155.709867][ T5926] HID 045e:07da: Invalid code 65791 type 1 [ 1155.788609][ T5926] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.001C/input/input60 [ 1155.851102][ T5926] microsoft 0003:045E:07DA.001C: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 1156.088587][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 1156.088606][ T30] audit: type=1326 audit(1750410196.611:1419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18720 comm="syz.0.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1156.190494][ T30] audit: type=1326 audit(1750410196.611:1420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18720 comm="syz.0.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1156.307456][ T30] audit: type=1326 audit(1750410196.651:1421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18720 comm="syz.0.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1156.352245][ T30] audit: type=1326 audit(1750410196.651:1422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18720 comm="syz.0.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1156.377513][ T30] audit: type=1326 audit(1750410196.651:1423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18720 comm="syz.0.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1156.403370][ T30] audit: type=1326 audit(1750410196.651:1424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18720 comm="syz.0.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1156.426288][ T30] audit: type=1326 audit(1750410196.651:1425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18720 comm="syz.0.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1156.449417][ T30] audit: type=1326 audit(1750410196.651:1426): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18720 comm="syz.0.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=429 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1156.503377][ T30] audit: type=1326 audit(1750410196.651:1427): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18720 comm="syz.0.3623" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f958298e929 code=0x7ffc0000 [ 1156.531238][T18715] batadv_slave_1: entered promiscuous mode [ 1157.649371][T18697] batadv_slave_1: left promiscuous mode [ 1157.729181][ T5926] usb 2-1: USB disconnect, device number 18 [ 1159.084699][T11069] Bluetooth: hci0: command 0x0406 tx timeout [ 1162.203156][T18784] fuse: Unknown parameter '0x00000000000000070xffffffffffffffff' [ 1162.382860][T18791] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1162.817594][T18802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1162.854831][T18802] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1163.856493][T18820] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3654'. [ 1166.000453][ T30] audit: type=1326 audit(1750410206.411:1428): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18827 comm="syz.4.3665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b2b8e929 code=0x7ffc0000 [ 1166.064875][ T30] audit: type=1326 audit(1750410206.411:1429): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18827 comm="syz.4.3665" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f39b2b8e929 code=0x7ffc0000 [ 1167.844094][T18874] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3680'. [ 1169.700178][T18893] x_tables: duplicate underflow at hook 4 [ 1170.642117][T18899] kvm: kvm [18898]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc1) = 0x4000 [ 1170.668606][T18899] kvm: kvm [18898]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0xc2) = 0x4000 [ 1171.080843][ T31] INFO: task kworker/u8:10:12406 blocked for more than 143 seconds. [ 1171.109648][ T31] Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1171.129919][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 1171.167072][ T31] task:kworker/u8:10 state:D stack:19608 pid:12406 tgid:12406 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 1171.250409][ T31] Workqueue: netns cleanup_net [ 1171.260526][ T31] Call Trace: [ 1171.263876][ T31] [ 1171.300551][ T31] __schedule+0x16f5/0x4d00 [ 1171.306031][ T31] ? schedule+0x165/0x360 [ 1171.360536][ T31] ? __pfx___schedule+0x10/0x10 [ 1171.365506][ T31] ? schedule+0x91/0x360 [ 1171.369797][ T31] schedule+0x165/0x360 [ 1171.420583][ T31] afs_cell_purge+0x3d9/0x540 [ 1171.425374][ T31] ? __pfx_afs_cell_purge+0x10/0x10 [ 1171.440523][ T31] ? __pfx_var_wake_function+0x10/0x10 [ 1171.446064][ T31] ? afs_net+0x45/0x270 [ 1171.450287][ T31] ? afs_net+0x45/0x270 [ 1171.488310][ T31] afs_net_exit+0x50/0x100 [ 1171.520480][ T31] ops_undo_list+0x49a/0x990 [ 1171.525178][ T31] ? __pfx_ops_undo_list+0x10/0x10 [ 1171.550539][ T31] cleanup_net+0x4c5/0x800 [ 1171.555062][ T31] ? __pfx_cleanup_net+0x10/0x10 [ 1171.560050][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1171.600473][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1171.606385][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 1171.614017][ T31] process_scheduled_works+0xae1/0x17b0 [ 1171.619753][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 1171.630476][ T31] worker_thread+0x8a0/0xda0 [ 1171.635158][ T31] kthread+0x70e/0x8a0 [ 1171.639315][ T31] ? __pfx_worker_thread+0x10/0x10 [ 1171.660479][ T31] ? __pfx_kthread+0x10/0x10 [ 1171.665206][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1171.670787][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1171.676204][ T31] ? __pfx_kthread+0x10/0x10 [ 1171.690503][ T31] ret_from_fork+0x3f9/0x770 [ 1171.695182][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1171.700525][ T31] ? __switch_to_asm+0x39/0x70 [ 1171.705323][ T31] ? __switch_to_asm+0x33/0x70 [ 1171.710124][ T31] ? __pfx_kthread+0x10/0x10 [ 1171.730468][ T31] ret_from_fork_asm+0x1a/0x30 [ 1171.735425][ T31] [ 1171.750527][ T31] [ 1171.750527][ T31] Showing all locks held in the system: [ 1171.758584][ T31] 1 lock held by khungtaskd/31: [ 1171.780435][ T31] #0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 1171.791955][ T31] 2 locks held by kworker/1:2/1210: [ 1171.797198][ T31] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1171.850471][ T31] #1: ffffc9000410fbc0 (free_ipc_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1171.880481][ T31] 2 locks held by getty/5600: [ 1171.885228][ T31] #0: ffff8880351f20a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 1171.920408][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 1171.950825][ T31] 3 locks held by kworker/u8:10/12406: [ 1171.956355][ T31] #0: ffff88801b2fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 1172.010487][ T31] #1: ffffc9000e6f7bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 1172.040574][ T31] #2: ffffffff8f503750 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0xf7/0x800 [ 1172.050022][ T31] 1 lock held by syz.0.1779/12831: [ 1172.080445][ T31] #0: ffffffff8e1448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 1172.110486][ T31] 5 locks held by syz-executor/16780: [ 1172.115937][ T31] #0: ffff88805a188d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x1fe/0x500 [ 1172.137665][ T31] #1: ffff88805a188078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 1172.160446][ T31] #2: ffffffff8f6783a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 1172.180426][ T31] #3: ffff888024274b38 (&conn->lock#2){+.+.}-{4:4}, at: l2cap_conn_del+0x70/0x680 [ 1172.190114][ T31] #4: ffffffff8e1448b8 (rcu_state.exp_mutex){+.+.}-{4:4}, at: synchronize_rcu_expedited+0x3b9/0x730 [ 1172.201718][ T31] 1 lock held by syz.3.3674/18865: [ 1172.206951][ T31] 3 locks held by syz.4.3692/18906: [ 1172.212572][ T31] #0: ffff88804f9d8d80 (&hdev->req_lock){+.+.}-{4:4}, at: hci_unregister_dev+0x1fe/0x500 [ 1172.223031][ T31] #1: ffff88804f9d8078 (&hdev->lock){+.+.}-{4:4}, at: hci_dev_close_sync+0x66a/0x1330 [ 1172.234729][ T31] #2: ffffffff8f6783a8 (hci_cb_list_lock){+.+.}-{4:4}, at: hci_conn_hash_flush+0xa1/0x230 [ 1172.324962][ T31] [ 1172.327373][ T31] ============================================= [ 1172.327373][ T31] [ 1172.366133][ T31] NMI backtrace for cpu 0 [ 1172.366155][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1172.366175][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1172.366187][ T31] Call Trace: [ 1172.366197][ T31] [ 1172.366206][ T31] dump_stack_lvl+0x189/0x250 [ 1172.366237][ T31] ? __wake_up_klogd+0xd9/0x110 [ 1172.366262][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1172.366292][ T31] ? __pfx__printk+0x10/0x10 [ 1172.366326][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 1172.366355][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 1172.366377][ T31] ? _printk+0xcf/0x120 [ 1172.366401][ T31] ? __pfx__printk+0x10/0x10 [ 1172.366423][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 1172.366450][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 1172.366486][ T31] watchdog+0xfee/0x1030 [ 1172.366512][ T31] ? watchdog+0x1de/0x1030 [ 1172.366545][ T31] kthread+0x70e/0x8a0 [ 1172.366567][ T31] ? __pfx_watchdog+0x10/0x10 [ 1172.366591][ T31] ? __pfx_kthread+0x10/0x10 [ 1172.366613][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1172.366637][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1172.366661][ T31] ? __pfx_kthread+0x10/0x10 [ 1172.366684][ T31] ret_from_fork+0x3f9/0x770 [ 1172.366711][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1172.366741][ T31] ? __switch_to_asm+0x39/0x70 [ 1172.366759][ T31] ? __switch_to_asm+0x33/0x70 [ 1172.366778][ T31] ? __pfx_kthread+0x10/0x10 [ 1172.366799][ T31] ret_from_fork_asm+0x1a/0x30 [ 1172.366831][ T31] [ 1172.366838][ T31] Sending NMI from CPU 0 to CPUs 1: [ 1172.528084][ C1] NMI backtrace for cpu 1 [ 1172.528105][ C1] CPU: 1 UID: 0 PID: 12831 Comm: syz.0.1779 Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1172.528123][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1172.528133][ C1] RIP: 0010:__lock_acquire+0x5b8/0xd20 [ 1172.528160][ C1] Code: 48 c7 c7 b0 fe 00 8e 48 89 de e8 a3 ae 58 03 48 8b 3c 24 e9 56 ff ff ff 83 bf d4 0a 00 00 00 41 0f 94 c4 45 00 e4 41 80 c4 03 <44> 3b bf e8 0a 00 00 0f 8c fc fe ff ff 44 89 e0 41 38 c5 76 1a e8 [ 1172.528173][ C1] RSP: 0018:ffffc90003fbf408 EFLAGS: 00000006 [ 1172.528190][ C1] RAX: 0000000000000000 RBX: 0000000000000003 RCX: 00000000ffffffff [ 1172.528201][ C1] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffff888024cbbc00 [ 1172.528211][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: ffffffff81729af5 [ 1172.528221][ C1] R10: ffffc90003fbf658 R11: ffffffff81acf690 R12: ffffffffffffff05 [ 1172.528233][ C1] R13: 0000000000000001 R14: ffff888024cbc6f0 R15: 0000000000000000 [ 1172.528244][ C1] FS: 0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000 [ 1172.528257][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1172.528268][ C1] CR2: 0000200000f5b030 CR3: 000000000df38000 CR4: 00000000003526f0 [ 1172.528284][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1172.528293][ C1] DR3: 3a810b1eb6134bdc DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1172.528304][ C1] Call Trace: [ 1172.528311][ C1] [ 1172.528321][ C1] ? unwind_next_frame+0xa5/0x2390 [ 1172.528344][ C1] lock_acquire+0x120/0x360 [ 1172.528363][ C1] ? unwind_next_frame+0xa5/0x2390 [ 1172.528386][ C1] ? unwind_next_frame+0xa5/0x2390 [ 1172.528413][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.528429][ C1] ? unwind_next_frame+0xa5/0x2390 [ 1172.528449][ C1] unwind_next_frame+0xc2/0x2390 [ 1172.528469][ C1] ? unwind_next_frame+0xa5/0x2390 [ 1172.528491][ C1] ? unwind_next_frame+0xa5/0x2390 [ 1172.528511][ C1] ? do_syscall_64+0x2bd/0x3b0 [ 1172.528528][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1172.528545][ C1] arch_stack_walk+0x11c/0x150 [ 1172.528563][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.528579][ C1] stack_trace_save+0x9c/0xe0 [ 1172.528595][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 1172.528614][ C1] save_stack+0xf5/0x1f0 [ 1172.528630][ C1] ? __pfx_save_stack+0x10/0x10 [ 1172.528644][ C1] ? __free_frozen_pages+0xc71/0xe70 [ 1172.528660][ C1] ? vfree+0x25a/0x400 [ 1172.528673][ C1] ? kcov_close+0x28/0x50 [ 1172.528690][ C1] ? __fput+0x44c/0xa70 [ 1172.528707][ C1] ? task_work_run+0x1d1/0x260 [ 1172.528724][ C1] ? do_exit+0x6ad/0x22e0 [ 1172.528739][ C1] ? do_group_exit+0x21c/0x2d0 [ 1172.528755][ C1] ? get_signal+0x1286/0x1340 [ 1172.528774][ C1] ? arch_do_signal_or_restart+0x9a/0x750 [ 1172.528792][ C1] ? exit_to_user_mode_loop+0x75/0x110 [ 1172.528811][ C1] ? do_syscall_64+0x2bd/0x3b0 [ 1172.528824][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.528841][ C1] ? page_ext_put+0x97/0xc0 [ 1172.528859][ C1] __reset_page_owner+0x71/0x1f0 [ 1172.528874][ C1] __free_frozen_pages+0xc71/0xe70 [ 1172.528893][ C1] vfree+0x25a/0x400 [ 1172.528908][ C1] ? __pfx_kcov_close+0x10/0x10 [ 1172.528926][ C1] kcov_close+0x28/0x50 [ 1172.528943][ C1] __fput+0x44c/0xa70 [ 1172.528964][ C1] task_work_run+0x1d1/0x260 [ 1172.528982][ C1] ? __pfx_task_work_run+0x10/0x10 [ 1172.529000][ C1] ? kmem_cache_free+0x18f/0x400 [ 1172.529017][ C1] do_exit+0x6ad/0x22e0 [ 1172.529035][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1172.529051][ C1] ? do_raw_spin_lock+0x121/0x290 [ 1172.529068][ C1] ? __pfx_do_exit+0x10/0x10 [ 1172.529089][ C1] do_group_exit+0x21c/0x2d0 [ 1172.529106][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 1172.529128][ C1] get_signal+0x1286/0x1340 [ 1172.529155][ C1] arch_do_signal_or_restart+0x9a/0x750 [ 1172.529173][ C1] ? __pfx_get_timespec64+0x10/0x10 [ 1172.529193][ C1] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 1172.529216][ C1] ? exit_to_user_mode_loop+0x40/0x110 [ 1172.529237][ C1] exit_to_user_mode_loop+0x75/0x110 [ 1172.529256][ C1] do_syscall_64+0x2bd/0x3b0 [ 1172.529269][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 1172.529289][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.529304][ C1] ? clear_bhb_loop+0x60/0xb0 [ 1172.529321][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1172.529335][ C1] RIP: 20fb:0x294e66b3c7c44cb4 [ 1172.529348][ C1] Code: Unable to access opcode bytes at 0x294e66b3c7c44c8a. [ 1172.529357][ C1] RSP: 002b:0000000000000000 EFLAGS: 00000202 ORIG_RAX: ce3d5c200518e753 [ 1172.529373][ C1] RAX: 6d02b596a6d6b2c6 RBX: 46b00e13ac8c17fa RCX: 1d6d567492f1521e [ 1172.529385][ C1] RDX: eb30e365dd53f3a0 RSI: c553273f825e1cf7 RDI: b331ef28487276fd [ 1172.529396][ C1] RBP: 9c8c87e20081ee76 R08: cf9d780a350b4549 R09: c7e58b697db8ef3d [ 1172.529491][ C1] R10: d68d02d45a22dc24 R11: 19b4d49ef33da9ed R12: 39cb75b6fa6cb3d1 [ 1172.529507][ C1] R13: a8d7b5dbf29d588f R14: 9b8908dcbb4f02b4 R15: 107b9d1451766018 [ 1172.529526][ C1] [ 1173.218931][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 1173.226023][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00162-g41687a5c6f8b #0 PREEMPT(full) [ 1173.238058][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 1173.248429][ T31] Call Trace: [ 1173.251756][ T31] [ 1173.254727][ T31] dump_stack_lvl+0x99/0x250 [ 1173.259363][ T31] ? __asan_memcpy+0x40/0x70 [ 1173.264005][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1173.269244][ T31] ? __pfx__printk+0x10/0x10 [ 1173.274142][ T31] panic+0x2db/0x790 [ 1173.278400][ T31] ? __pfx_panic+0x10/0x10 [ 1173.282870][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 1173.288832][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 1173.294277][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 1173.300480][ T31] watchdog+0x102d/0x1030 [ 1173.304941][ T31] ? watchdog+0x1de/0x1030 [ 1173.309422][ T31] kthread+0x70e/0x8a0 [ 1173.313644][ T31] ? __pfx_watchdog+0x10/0x10 [ 1173.318488][ T31] ? __pfx_kthread+0x10/0x10 [ 1173.323410][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 1173.328747][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 1173.334059][ T31] ? __pfx_kthread+0x10/0x10 [ 1173.338826][ T31] ret_from_fork+0x3f9/0x770 [ 1173.343463][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 1173.348624][ T31] ? __switch_to_asm+0x39/0x70 [ 1173.353519][ T31] ? __switch_to_asm+0x33/0x70 [ 1173.358327][ T31] ? __pfx_kthread+0x10/0x10 [ 1173.363062][ T31] ret_from_fork_asm+0x1a/0x30 [ 1173.367880][ T31] [ 1173.371223][ T31] Kernel Offset: disabled [ 1173.375561][ T31] Rebooting in 86400 seconds..