last executing test programs: 9.098521411s ago: executing program 3 (id=2883): socket$nl_route(0x10, 0x3, 0x0) (async) r0 = socket$nl_generic(0x10, 0x3, 0x10) (async) creat(&(0x7f0000000240)='./file0\x00', 0x0) (async) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async) chmod(&(0x7f0000000140)='./file0\x00', 0x0) (async) socket$inet_udplite(0x2, 0x2, 0x88) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000980)={&(0x7f0000000300)={0x20, r1, 0x9, 0x0, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0xc, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0xa}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x20048814}, 0x0) 9.042846028s ago: executing program 3 (id=2884): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)="6f047851635eb95491bbb32ae5f516844034859ffa6fc78aec38d50ea0598197f442b573960c345b09bb147dc9792a85949bccdb7aa094f0a02405f7c54027a2b8775e5f63b6cffc624c2273d63045f78e40136a8adde33dad343603eac07e6c09960243c5cc63b25bdb47e197a45a561cd9d2886db78e4878da58d5482977b794f6d194e305d70ae5e1cdc60534f83b066266fa24c8e9f4e2a1b18a20cff76ee6962b98a7045e049daf1344c3c6cd80ee", 0xb1}], 0x1}}], 0x1, 0x4001c00) (async) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000003cc0)=[{{0x0, 0x0, &(0x7f0000000080)=[{&(0x7f00000001c0)="6f047851635eb95491bbb32ae5f516844034859ffa6fc78aec38d50ea0598197f442b573960c345b09bb147dc9792a85949bccdb7aa094f0a02405f7c54027a2b8775e5f63b6cffc624c2273d63045f78e40136a8adde33dad343603eac07e6c09960243c5cc63b25bdb47e197a45a561cd9d2886db78e4878da58d5482977b794f6d194e305d70ae5e1cdc60534f83b066266fa24c8e9f4e2a1b18a20cff76ee6962b98a7045e049daf1344c3c6cd80ee", 0xb1}], 0x1}}], 0x1, 0x4001c00) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0xe8381, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ead95913e9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9ecda75e2a7d49d5cbcb370c4d789390a328ba42c9c60cf2154d1b659aa709e", 0x51, 0x0, 0x0, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) (async) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x0, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@x86={0xaf, 0x40, 0x7, 0x0, 0x6, 0x5, 0xc, 0x7, 0x5, 0x0, 0x2, 0x52, 0x0, 0x9a, 0x1ff, 0x0, 0x9, 0xd, 0x1, '\x00', 0x5}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8.885413368s ago: executing program 3 (id=2885): syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x45050, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00') 8.824296697s ago: executing program 3 (id=2886): unshare(0x2040400) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)=0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000140)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0001}]}) r1 = socket$tipc(0x1e, 0x2, 0x0) timer_getoverrun(r0) bind$tipc(r1, &(0x7f0000000180)=@nameseq={0x1e, 0x1, 0x0, {0x42}}, 0x10) r2 = socket$tipc(0x1e, 0x2, 0x0) r3 = socket(0x20, 0x80805, 0xfffffffd) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0xc) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000001080)=0x8) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000040)={r4}, &(0x7f00000001c0)=0x8) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000000)={0x2042, 0xfffffffd}, 0x10) r5 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r5, &(0x7f0000000380)={&(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x42, 0x4}}}, 0x10, 0x0}, 0x0) pause() unshare(0x68040200) r6 = socket$nl_generic(0x10, 0x3, 0x10) syz_usb_connect(0x2, 0x24, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000cea208105d0502905e230102030109021200010000000009040000002484b400"], 0x0) r7 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r7, &(0x7f0000000000)={0x0, 0x3, &(0x7f0000000080)={&(0x7f00000002c0)={0x2, 0x3, 0x0, 0x9, 0xa, 0x0, 0x70bd28, 0x0, [@sadb_address={0x3, 0x6, 0x3c, 0x0, 0xe, @in={0x2, 0x0, @loopback}}, @sadb_sa={0x2, 0x1, 0x0, 0x3, 0x0, 0x2, 0x1, 0x60000000}, @sadb_address={0x3, 0x5, 0x0, 0x0, 0x0, @in={0x2, 0x0, @multicast1}}]}, 0x50}}, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000e00), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r6, 0x8933, &(0x7f0000000e40)={'wlan1\x00', 0x0}) syz_usb_connect(0x4, 0x36, &(0x7f00000001c0)=ANY=[@ANYRESOCT=0x0, @ANYRES32=r8, @ANYRESDEC=r0, @ANYRES32=r5, @ANYBLOB="b9c5c61cc10153d8498df15608", @ANYRES32=r7, @ANYRES16=r2, @ANYRES8=r1, @ANYRESDEC=r7], 0x0) sendmsg$NL80211_CMD_GET_SCAN(r6, &(0x7f0000000f00)={0x0, 0x0, &(0x7f0000000ec0)={0x0, 0x1c}, 0x1, 0x0, 0x0, 0x20000015}, 0x4000) syz_genetlink_get_family_id$SEG6(&(0x7f0000000080), r6) r9 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/asound/seq/clients\x00', 0x0, 0x0) mbind(&(0x7f0000ff9000/0x4000)=nil, 0x4000, 0x8000, &(0x7f00000000c0)=0x82b, 0x866, 0x9) preadv(r9, 0x0, 0x0, 0x8100, 0x0) 6.807940174s ago: executing program 0 (id=2892): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000340), 0xffffffffffffffff) creat(&(0x7f0000000040)='./file0\x00', 0x1a8) r2 = landlock_create_ruleset(&(0x7f0000000240)={0x1fff}, 0x10, 0x0) landlock_restrict_self(r2, 0x1) unlinkat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x200) sendmsg$ETHTOOL_MSG_WOL_SET(r0, &(0x7f00000008c0)={0x0, 0x0, &(0x7f0000000880)={&(0x7f0000000040)=ANY=[@ANYBLOB="2c00000083d283e800d7ef0ef95e173b5872fceb46f095ec41a1ecf0a28302bc15b1f121667911428b9d34d19ddf94a860303dc85b831dc6287c68d2cbdcbce3d055ece037515b775b07705bd94f17d8d87adf22865adc53f7a1cf16c3993f470cce24eeea5fa5d9b8da5ffc919d86489ae03cc1cd8e5c06c83ba8f70c5c8095d1ee22ee93f774db14d91e0ebb9c0b39cf6487aaab", @ANYRES16=r1, @ANYBLOB="050129bd7000ffdbdf250a000000180001801400020069703667726530000000000000000000"], 0x2c}, 0x1, 0x0, 0x0, 0x5}, 0x20000820) 6.657355991s ago: executing program 0 (id=2893): r0 = socket(0x40000000015, 0x5, 0x0) getsockopt(r0, 0x200000000114, 0x2716, &(0x7f0000000340)=""/102400, &(0x7f0000000240)=0x19000) r1 = openat$tun(0xffffff9c, &(0x7f0000000040), 0x82001, 0x0) r2 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000580)=@newqdisc={0x6c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r4, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x3c, 0x2, {{0x9, 0x3, 0x0, 0x6, 0xfffffffa, 0x22}, [@TCA_NETEM_RATE={0x14, 0x6, {0xe1, 0x79d, 0x0, 0x3}}, @TCA_NETEM_RATE64={0xc, 0x8, 0xe61c6a5c983a3b82}]}}}]}, 0x6c}}, 0x0) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f00000000c0)={'syzkaller0\x00', @random="93361fd4bcca"}) r5 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCETHTOOL(r5, 0x89b0, &(0x7f0000000140)={'wg0\x00', &(0x7f0000000040)=@ethtool_pauseparam={0x1, 0x81, 0x1, 0x3}}) r6 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000a8aff735613489601dd000000019040000000000cc9ca1bda588"], 0x0) syz_usb_control_io$printer(r6, 0x0, &(0x7f0000000300)={0x34, &(0x7f0000000180)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r6, &(0x7f00000002c0)={0xc, &(0x7f0000000180)=ANY=[@ANYBLOB="00039d0000009d21e062016ad60279a0972f9633da1649495c023319f1f1e3405615f72756ca0e1d2fd6b10ec0f7b449829ea54e42ded99dfa91b1180bc096f7cab8498978c03ed3c75001d5563bbd8195866c60670b3234b4d0e3002d0b7d8c4e80e739b9a62af1bc5a5e274b53838321ef06450f62917f19e9c63f65dbce7f77fe7f8723dff94684e5a852a229aa4250448c7f42806068e9f1b695f51fdbb8359c11"], &(0x7f0000000280)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x40f}}}, &(0x7f00000194c0)={0x1c, &(0x7f0000019340)=ANY=[@ANYBLOB="a5a78378d6c3ba44fc1c2b01c7c368bb0097cc95b0070000"], &(0x7f0000019380)={0x0, 0xa, 0x1, 0x86}, &(0x7f00000193c0)={0x0, 0x8, 0x1, 0x93}, &(0x7f0000019400)={0x20, 0x0, 0x2d, {0x2b, "bd3f771db985ab828c95e12801ad9ca6b98b42594e27b1d69f1f87a281f2f7e9231f8cb61ce8ee91afaa42"}}, &(0x7f0000019440)={0x20, 0x1, 0x1, 0x9b}, &(0x7f0000019480)={0x20, 0x0, 0x1, 0x7}}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) eventfd(0x2) fsopen(&(0x7f0000000300)='bpf\x00', 0x0) fcntl$lock(r7, 0x24, &(0x7f00000000c0)={0x0, 0x0, 0x2000400, 0x6}) 6.603865127s ago: executing program 1 (id=2894): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0xc70, 0xf011, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x400, 0x40}}}}}]}}]}}, 0x0) r1 = socket$alg(0x26, 0x5, 0x0) r2 = epoll_create1(0x0) r3 = epoll_create1(0x0) close(r2) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r3, 0x1, r2, &(0x7f0000c85000)) epoll_ctl$EPOLL_CTL_MOD(r3, 0x3, r2, &(0x7f0000000140)={0x77540947ad9a168d}) bind$alg(r1, &(0x7f0000000280)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(cipher_null)\x00'}, 0x58) r4 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x5}, 0x10) sendmsg$nl_route(r4, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c0000001a00010000000000000000000a00000000000000000000000800100000000000060015"], 0x2c}}, 0x0) sendmsg$tipc(r4, &(0x7f00000004c0)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x1, {0x41}}, 0x10, &(0x7f0000000240)=[{&(0x7f00000000c0)="afbe59690bfbcedacf4b50331f5f7e2dae119f8c896999b059710e67e19dc3130a6ff3ff09b5c732ec8ba7a850150a3d4b028b14f5acd97ed6771817365fe6d03f610d1f5d5c2b5ac63f0111ab39bb61191ac070cde05065e4fc4c84885583f43cef926dc92d424c33e32b631771c69a988577", 0x73}, {&(0x7f0000000180)="c1def26a9ca2eb78c5240f45cc8cb5c701f051406e5e6bbf2ad75b7f2c7db4f3a67e7f94991611ba461efb7ee85f3935186c8099e6ea550e1b862dd033cbc0818d6ffe72a728b9ee088598f8cf4430da7515adca0d", 0x55}, {&(0x7f0000000300)="d08c677d1ec440441ea3f9a19e1239f7c11d01ecbfd9f7ca83a4003dc079b8f7b0e0fd12d9ede6c99762721aef5a088680798dafc7cb48644996cf2cf36e209b9f79af6cfb90d8e71dc4507b1962790b5656d07121038bab6b9a1959f2e37702aea3ace3580a8f5bcdb479e975660c59997d58ba8e44e2aaf0aa18f0f9b47dff3836efb29a1a7bae27a69339dc944bded2e7b6898dce9d9493a0344299f0e93b180f0607adb507d2597986a99b3c00d2d7e1c5fe7b6a8778379d756a55dc5130721f439da4698f07f0669da6bbf3e761b9ae551f", 0xd4}], 0x3, &(0x7f0000000400)="b657657b4b4a590d4802d9490c28bd1a2c8d0f93b1e52599034ffb72d11ea0d6f0b02c6b1caaa2e18f737f635370d8ebd4583f566dc8d715ec473ffde7e068ce256c7ba749fd7a1dbb13ca264ce617acbd17a22e1512833bd5be55bf1e69532d24a6aa6a0f7f86fdbd86618c90d5c63d2853999ccca3adcef1da5ac909f5cf94048741ae18f7c3d38dbf1279d0112d9fec", 0x91, 0x20000840}, 0x1) r5 = accept4(r1, 0x0, 0x0, 0x0) sendmmsg(r5, &(0x7f0000000800)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, 0x0, 0x0, &(0x7f00000005c0)=[{0xc, 0x117, 0x3}], 0xc}}], 0x2, 0x14008000) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000200)={0x18, &(0x7f0000000040)={0x3a, 0x2, 0x7, {0x7, 0x0, "34fe801d5e"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 6.115948391s ago: executing program 3 (id=2895): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) sendmsg$TIPC_NL_MON_GET(0xffffffffffffffff, &(0x7f0000000240)={&(0x7f0000000040), 0xc, 0x0}, 0x0) (async, rerun: 32) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) (rerun: 32) getsockopt$inet_mptcp_buf(r1, 0x11c, 0x3, &(0x7f0000000040)=""/185, &(0x7f0000000100)=0xb9) (async) ioctl$sock_SIOCETHTOOL(r0, 0x8946, &(0x7f0000000180)={'netdevsim0\x00', &(0x7f0000000840)=@ethtool_drvinfo={0x3, "49b820ab1bfd46ac0800000700352bba9d02a0d82e62b68a6101008ff88887b1", "412a859fe0dac1fda7ca6f3622189bc740fbf38f167bb8b2c0109398f266df9a", "b6c9e319fb89e34b241da27da59f044d120048000000000000000000000005e0", "1e26f4cdd078a644160e7bf7fc43dfa5c61c2f30e82a9b8a0e7bc3817382e866", "b26535e8a3c18807b0275595080c687b6d5d2a745906d46900e92b18414c38df", "96497edbfc910e1a2eb17425", 0x2, 0x7, 0x10001, 0x8000002, 0x9}}) 5.956261217s ago: executing program 3 (id=2896): syz_mount_image$fuse(0x0, &(0x7f0000000080)='./file0\x00', 0x45050, 0x0, 0x0, 0x0, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000001dc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', 0x0) rename(&(0x7f0000000580)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00', &(0x7f0000000200)='./file0\x00') 5.91057505s ago: executing program 4 (id=2897): r0 = socket$inet(0x2, 0x3, 0x4) setsockopt$inet_opts(r0, 0x0, 0x4, &(0x7f0000000000)="8907040400", 0x5) sendmmsg$inet(r0, &(0x7f0000000f40)=[{{&(0x7f0000000040)={0x2, 0x0, @broadcast}, 0x10, 0x0}}], 0x68000, 0x0) 5.697970875s ago: executing program 4 (id=2900): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r0, &(0x7f00000009c0)={0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x21}}, 0x10) recvfrom$inet(r0, &(0x7f0000000280)=""/139, 0x8b, 0x11022, 0x0, 0x0) 4.802700466s ago: executing program 4 (id=2901): sendmsg$NL80211_CMD_NEW_STATION(0xffffffffffffffff, 0x0, 0x0) r0 = socket$kcm(0x10, 0x3, 0x10) sendmsg$kcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000030c0)=[{&(0x7f0000000340)="1400000016001963d25a80648c56915a19aa2bfe", 0x14}], 0x1}, 0x0) recvmsg(r0, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xa00100}, 0x0) 4.735491251s ago: executing program 4 (id=2902): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) r4 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r4, 0x107, 0xd, &(0x7f0000000380)=@req3={0x10000, 0x100000001, 0x10000, 0x1}, 0x1c) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'veth0_macvtap\x00', 0x0}) bind$packet(r4, &(0x7f0000000140)={0x11, 0x10, r5, 0x1, 0x0, 0x6, @remote}, 0x14) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r7 = dup(r6) write$6lowpan_enable(r7, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x499f, &(0x7f0000000380)={0x0, 0x1ffffa, 0x400, 0x0, 0x0, 0x0, r7}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r8, r9, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) r10 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/partitions\x00', 0x0, 0x0) r11 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) sendfile(r11, r10, &(0x7f0000002080)=0x64, 0x23b) socket$nl_xfrm(0x10, 0x3, 0x6) socket$pppl2tp(0x18, 0x1, 0x1) getpid() socket$nl_xfrm(0x10, 0x3, 0x6) r12 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r12, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_IPV6_XFRM_POLICY(r12, 0x29, 0x23, &(0x7f0000000340)={{{@in=@remote, @in6=@dev, 0x40, 0x0, 0x3, 0x0, 0xa}, {0x0, 0x0, 0x4}, {0x0, 0x4, 0x0, 0xa78a}, 0xfffffffe, 0x0, 0x1}, {{@in=@private, 0x0, 0x33}, 0x0, @in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0x0, 0x3, 0x1, 0x7}}, 0xe8) sendmmsg(r12, &(0x7f0000000480), 0x2e9, 0x0) sendmmsg$sock(r4, &(0x7f00000004c0)=[{{0x0, 0x0, 0x0}}, {{&(0x7f0000000040)=@x25={0x9, @remote={'\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc\xcc', 0x1}}, 0x80, 0x0}}], 0x2, 0x20004874) 4.547827231s ago: executing program 1 (id=2903): r0 = socket$inet(0xa, 0x801, 0x84) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) connect$inet(r0, 0x0, 0x0) r1 = openat$cgroup_type(0xffffffffffffffff, &(0x7f0000000180), 0x2, 0x0) ioctl$BTRFS_IOC_SNAP_CREATE(r1, 0x50009401, &(0x7f00000002c0)={{}, "d12c68919ec8218c564c99cc739c3fc1865764f33a7342721b7f224ac080c015028791a97fbad73f6c51a054abf719c167938373545bc763da0729b1f234d32ace3545528fae203df2114f207c98f5e6d932e1baa70791d9ee1a87c2e66918b1741eff301dc3d4b626fe1fa6113a1e17e62a338fb34ca4929140ec0d7786bd4d26892cc734aa554af96fb217d3146bea39cc04cbd392f3b00e7df372d7b58feb089b005f10b04125d3bb8567160eebb5ca5844c388cbac2bf248153f5f118e79312c340e5e4e554394727d4bde7d9e50084c4780fcd0836499383736a0fed8e99324774b5a2c4fd13be8ba5da4172c53e998bdd682ad3b56683f08ab1b214d92bfed6e50811acd69d986629009d206ca0fac95f888741b7cbd5280f9b5567034de06b06c06625e6ceca7c8faca6eb0ca751db120b4c1c0c023353de1cc8eccafe811b8ca9eaeb06c94d3cee344bc061c256d935d4a8be7282d4d0b3e5d1daeb9c4a85b0489b05e1dca75803e27ec29ecf11e9f03cbd172834599d798c33fbe63d7a0043989e5491e8e8dd0dfff379d0feefb7fd721f01c63453449f3d9d030d650c3d89fa788edd6d1e168465e674ba89376d109e6a26efb3beb348042a4d66cbbc7b60523d0fc3189b7601d96cf83d46155d1170b5c06b5b3b502aaa4374b2c62275700f5b1a38b784dacda4c1faf02752b5d38cc673cd0c93f5ea0be44f7846db9287877187ebabcc03d3287e0dd72b9ad094c22d71f54460c744dbc719aac5cd660a822d01d3e48846832b5bbac931fae9f24bb92bfbd4ab9fe3b147d9dc43cdbeea5c31cb002e8406451946abcf92182da140cf612693b76119e62de4cd8498eff31256c173d74c61a7fdb9ddf3411299c9578cb23799dedc040bfe8012b7482c71fbda311dfd5e5ee828fdc0025f65b13599451482326b73ec313d3616c45344e0e86422e0e759454c68ccfb70a09327e7fa63961dcf059a44fb07719bfc692a7eecdbb5994f95b9145bb61bcbc97ee576a51c8628e7276c5d7a3541ca95d8d1c06c260a7ff2466ccd6bf102285f966f22b92e861b1086cbf8390db0ab79d768a6de80e8d0f8b4fa775afa9fac1dcb17cb14423437002d2009d4315590f9fedbb689a781bb3c6c35752cb5bc2a3f9a4575d78a535b77780bb09308ea53fb796f9fa500b63faa60516a35340d1865dfab27152ff731841f1ec8072e2fc7ce68fd25b2fda5febf09d061a7168a85c84df8687a640e8d490f4bfd0d54bd2bd3bc196a2f8d638102065e78aaf70b3774926a37ce17e64341512c7bb115c8ce836af25b10744bdddf6f49b837f1af087dad89198996e6a5b5c80d2b2e43a887cb26436083005562c527197cb3cda640add669572c0403f9e2ed0f3558579c4945c9c27e04f9be6f01b4256c50e41640ba5dd643ef6dec4ec336e59a6a7efe77249d1069ab380bf329271b31eebdb839e2d6f7f7110570ac9fbc0d0e91a8516b58993b6a0814055cd2862ef976cc6eaba647105c6c4a02dcf69c96efc8a178724ca50a54d0e1b31ad04235a0728e0901b6b15cec6628ddb2d3a04a6d4e74ac53e4086722989d0b930d97f2473604f54b629f0dcf5334e2ea5f864ebc28b0c150532e587a857c47f3159f826758b81dff16bdbe55234b89483c91fa1fb074c35f05337cb669992814c7479635b25cd55ad6b11c332a819aef9530893fe61cbf33916d90ab705b1acde2277ffad50c36f9aa54ffaaed4537ef41912b157b43e05d88da5855316d11f14841c538232859fbbf070f5bc3198bf0ca85a05699870ada940f4eceb8024ed39808834e5755efaf0a5c850add3155db08c36c16396049b4a30d45d4d2c6aeb03248d068b4bd741ada4e0fe0868e4cec744ee3993eb897048478077c7276ba05235369f2d0cac9c808abd7b37366fcc3a1ac3a7ebe233972e91f683b7d5ef9d677ce17a557ee10ca2efbc37b64ccd41bc02da1c6789b95ff4a3e458766d4f01f56950b7b61d4eaf0ea98942ff4e8d7bf6b11401570431c1978765d5365d97b33a89e0c2f43cd9d392ea05a81e660caac23e61f9d63e22493c3d3e6cf20d08059e9759220466092777189c60b0f7ee863cd3e247d4f92380ab5b3cf1f3850c639f59019c60c767b54ffe302267d27a0634264cd765debf6dd56a1622fc00ef76b60143dd848488f88781d18c8659eb8049b9523b1820fddaad55dbd081b22a41af212302fd3dfa0f78b0c6471e8d6c0919d417e38b05106b9e4accc04ea44ed5ea0a9ab348d44f941626acbf6ea5eb57d4c08edc461df31fe55291572fb8f5a25fabcde292c766d1c49d1167940edfb998274ccb94da94979536a65cb9f7a29a691ff271882e7474c365a9ab1d179b1e6abed74c41cda572795f4ed7511b7f3b7f190c1b2a37954c2cad562c37c438c4ed3f30b4aa3e021713185c2f32ee203c844162d45a2692d8722c1933a0413caefd03821cae107c0e5a5d9f45b874771fdf35f958d256d914ec86418e25ab19902dbefafca4adfd570986ca97bbf953c77bae8aa8fc32346cd9e62e49ca16aee8c9be95413f5077c20e608b88923705c9a3c1b9008cdc8f9780fc4f8aa4d4301e5bc2d37bb63b43d39c1e361a5df0ad808d35289a1510a4cb5c0f3f88f2e6635b7d4410044bb881f8d40a12973f929325d85df57451a517e4c4ada33e2b4516a52f956d31789662b00298fb5e94fefae2de262dd7166b1c423c7634afc49dc56adf5759855c119fbcbc44dc70d289b7ed53a15e0459ed6926fd36da860dc1e7b95543c0f8fe5dcec3de22300d0127619f41ceb985328b4aa407d050137cff30dc3f5e5eca5e1485867c578590a1ef4231174eba383afcc08bb8e49f9f9345f06dd1f437515c0417709c525c78ebbd5e531a0d80ef397d818f410f2fe8fdc8a31606dca760e61e7c71aa17532056d31b4d7f23e09aa84878efdaabc13c8080bd429c85088ef9b05c3af3bced4310b138cf785c5e34421ef192d2cd409decd7f6e1a7da0d8d79d47e793572313b89e15c195dc1229588d4b0087aa69798f12a13ddde2a980e944f7fc539a07d24f05587c6c752986a6f73a6db61c8e01aeb000714b7f509b8dd26d7ba8c083682531372b074790aa15aaca6b5e268034a16bee18baee27da5224d0c4f788e8e0a3f03644665232653bf642f9361ef8ac41ce0e1fac68d994d60c723e0daad2c090a1e9a99fb31d0e6f9d28849ec2502a3a73c0dadf0ef9afb05e06f39ea07bbf1ba12807087de0f6189f150431ef27e943c24824c924ac22a2d3b9595a89e3e61d71d05285868b1018779f6ef9ec44bf3629381185002408eaa2557d24c7af17ab1f79f9c7796dddbe4d2c449c1344a13ee2a42668e735903e13f75fb199c65fb97409f728f318209c0ae41575f64bbfc5138c926d7f20261e50096bf69062f29cff7f4b79e982b25ea24e600c1892a22f92073e2889acd4ea6b34642f998e33d0a9881954adf901fc981f233c9cb912869b66ef0f5847d565adca57bc0f50043dda9e3b9e8a456ce4a3a31d1fc1ccdb94f55a893dcd2559eea2115322c5d4d1fc317c3bf20f465b0b87c095f560e5df1a7d08879f155b72df8988f448dc995d52c5e29614e4ff4f4e96f066c70c58ec8b2a2ccd6b448d60ebf58b52f664e007fbc9dc3c31a4cd0f5b678e09c65f8b1ba6007fa4487b6330f160c0073462354ece3a4c599660b3a7a8b6bb010b7ec1984bfa1657190aee839dffc43619b1dad36d04d7e5c730e62938163cfb70a488463c43b56a54e379269283c1fec6fb38412cf6c86494ab78caaaa5ef0716a2b42afa98c39913ca62624d5475edabcafcc3bd332f0ec3fe7ce106c984618103936cf15017a286f576d09f447fa28a5fb071b0ac6cfccb1171a062b0ae51f22578df26ef186c2e481b2ea1dcaff6b717a40bd0ed61b70e6743cc41190fc76fb0c77391fca2b7bb529ad42d78f3795688c91b0041a80fdf2fcf612d99e4e71ad9113ac930eead843cbf51641f6be7ffbfed0cecb16e831fada9b9573efec161ef1131c609d978a50b49930bcda58ba4a9202bcd8fba1f676579d2de19e55ec9849c6fc28f152b6880106405afaa49b1872ddd3974011ed4fa010722b303f615319b2e95a529911a736398fce16f8775548a95c81c963af0eff3919e21f2bbdb0baa7e7a55185d64b8a4637d002303deb5ba5f4a74929b1271a810bf79a90200f07c2ba6515987e5f98eab050e2935fb57535cd10b4730a5af2612db8359f5a8c61f85854d3eca7beb479ff06c2c94e2551815de962a8245a0fa79d0e04cbc1f49c9c3ade82b9a40ab3c3e37758d2f50fde4a81d2a060755b454876c3c9c30161fab5fa67730b7582705350ee7e1a0e67aed4f15677c7d27c999a405073c7ba9bc9b81f2474aac5034f7885b6882118736b10d634235cb87fb66552adc639aec9a784a98c6174934b2e8495c570e3e3b52e1ff35a5252a1057cf6f0af61671461a63b90766317c53626afd0cae05fa6b053996e861e15b45d772cf007aeb35e7007030a637b0eea66410e4f26e39272e104a78a8b6beaece18605d1a28013e82a05e064950dbbba60105460073afb2c3ebc3d9308e3720c8dc12c6c13209a9da83ad8fa08675ac242ec5c896ad7210f0e1173c8c5da1d365e4b5f245df733347968002ae923f3e5cb81347ce46ddf8870c0d76f6cce6ef88bd9c4307bbd70e32f45ae5f824dc9d0ccc84f3cbebef168fd6816bfc1373fbc8d9c767f5bd39d3c66f4a143e3dc39ac532f84b80a50de3835dc86c7f640e5903940138a15b3ff1c24eaa52fa15f9e11e12cf83ce2e55ba23b5b5888c40d5f678f42405d3314e29074c9dab301452b956dfb9238e66ee16313317407a75f9511a0d1bb22bfb6f77d97c370f90b1ea96668f7a8e8ca6069fdf173c4dc0505718541036ef0ee7bcf2bbca801cf7bde2172eee8c660cb471c2b5a07d977a5a7fa0b5a70827f91479b4f45f0a597e6a1f51943c751fb830c98efe651965ac36c1668c17b063fa99695d2c9b5f819194bb168c1a4822f278e341f8f1e5da87413d51bff4c8d2b17748eee8f337b3d85054dce91768a15130e1d26596513be14f65723c32df607725d197ec9f5c16a93addefd70079c7d412521c38de7518aa58b0194bbfacc93bdd511d3d5d1176449afe4f044fd238be2e8a90efb6f6c77d001d4f9572aa2bc06a5e6bc9cf156bffccf83e1d7e3932fdc4d23493f49bb302ac917a82e073be3abad297c2ccb51997c51249860185772aae1cf6be9a79aa41d68d6281cce4955ae040e33a4751d513d7998bdb4c6983461d15f8559db9b5b22cd7f27efe4d876c1325c7dd196974fdbbc6d30310a414c60f0ed4ca3df5e2cb6fb5552906fb759aa366b08f7e95cfad5d2567caad0cb2c223b0876d7713f8485043893efc67625af3a765e257083f3b52fcd352b54ad946513a1ccaacdc68321f711db90bde29e35adabc560325f1c256eb899101fb760de946d278f3dbd8745b0e43d48cf2cfa74755a9b2c8e123bae9971cd15f077b0019c5d8293ac418333b8a76fc9082d9e4953ccd954a9ceefc59ad2a1c2a667607af80ee425b2b017f73b8c107d4d62ef027a8a8a3ee08c9e0d63756bd7b3c046338ae65e59b29347d961e15ed874a36d25aafef4568fd73b04bc79b854150b2c3a0aa64a8efdfde15e9ce128fff523cb494362d34f348e9da14d63ec22821dbfe4a2956faf469d3eae71ce0d02ed2c0103586e840f13d96a4b5f62be49"}) listen(r0, 0xfffffffd) r2 = accept4(r0, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r2, 0x84, 0x72, &(0x7f00000001c0)={0x0, 0x1}, 0xc) r3 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r3, 0x4008ae89, &(0x7f0000000100)={0x4, 0x0, [{0x285, 0x0, 0xfffffffffffffffa}, {0x2f4, 0x0, 0x7b}, {0x242, 0x0, 0x3b}, {0x1a6, 0x0, 0xfff}]}) ioctl$KVM_CAP_EXIT_HYPERCALL(0xffffffffffffffff, 0x4068aea3, 0x0) r4 = socket(0x200000000000011, 0x2, 0x0) bind$packet(r4, 0x0, 0x0) r5 = socket(0x200000000000011, 0x2, 0x1) setsockopt$packet_fanout(r5, 0x107, 0x12, &(0x7f0000000140)={0x0, 0x1}, 0x4) syz_emit_ethernet(0x3e, &(0x7f0000000440)={@local, @random="00e300", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x30, 0x0, 0x0, 0x0, 0x1, 0x0, @empty, @multicast1}, @parameter_prob={0xc, 0x0, 0x0, 0x4, 0x1, 0x0, {0x5, 0x4, 0x3, 0xf, 0x4, 0x64, 0x9, 0x2, 0x21, 0x3, @loopback, @multicast2}}}}}}, 0x0) 4.412955618s ago: executing program 1 (id=2904): unshare(0x400) r0 = socket(0x15, 0x5, 0x0) bind$l2tp6(r0, &(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @empty=0xe0ff}}, 0x20) 4.007804958s ago: executing program 1 (id=2906): creat(&(0x7f0000000040)='./file0\x00', 0x4b) syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x140) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r0 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r0, 0xc01864c6, &(0x7f0000000100)={0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_io_uring_setup(0x117, &(0x7f0000000300), &(0x7f0000000280)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) syz_io_uring_submit(r4, r5, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc}) io_uring_enter(r3, 0x47f6, 0x0, 0x0, 0x0, 0x0) (fail_nth: 1) 3.45525687s ago: executing program 0 (id=2907): r0 = socket(0x27, 0x4, 0x6) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, &(0x7f00000001c0), 0x4) r1 = creat(&(0x7f0000000040)='./file0\x00', 0x4b) syz_open_dev$evdev(&(0x7f0000000000), 0x2, 0x140) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="000000000000000000000000e2ffffff00"], 0x48) r2 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_CREATE_LEASE(r2, 0xc01864c6, &(0x7f0000000100)={0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x800000000000081, 0x2, 0x0) r5 = syz_io_uring_setup(0x117, &(0x7f0000000140), &(0x7f0000000280)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f0000000080)=0xfffffc00, 0x0, 0x4) socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000240)={'vxcan1\x00', 0x400}) syz_io_uring_submit(r6, r7, &(0x7f00000000c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x7, 0x0, 0x0, 0x0, 0xc}) io_uring_enter(r5, 0x47f6, 0x0, 0x0, 0x0, 0x0) 3.094739305s ago: executing program 2 (id=2908): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setrlimit(0x40000000000008, &(0x7f0000000000)) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$sock_linger(r2, 0x1, 0x3c, &(0x7f0000000400)={0x200000000000001, 0xfffffffe}, 0x8) sendto$inet6(r2, 0x0, 0x0, 0x4c881, &(0x7f0000000280)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c) sendmmsg$inet6(r2, &(0x7f0000001a00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000c40)=[{&(0x7f0000000bc0)="c019d15a08", 0x5}], 0x1}}], 0x2, 0x400c404) 2.227541042s ago: executing program 1 (id=2909): r0 = syz_open_dev$video4linux(&(0x7f0000000200), 0x85, 0x73502) r1 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0xc9518bf1eb68b25, 0x0) r2 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_GET(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000001c0)=ANY=[@ANYBLOB="2800000011143dcf0000000000000000080001000000000008004b0028"], 0x28}}, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r0, 0x4020565a, &(0x7f0000000340)={0x3, 0x1000, 0x2}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) getsockopt$inet_sctp_SCTP_PR_ASSOC_STATUS(r3, 0x84, 0x73, &(0x7f0000000380)={0x0, 0x9, 0x30, 0x6, 0x100000001}, &(0x7f00000003c0)=0x18) getsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r3, 0x84, 0x7c, &(0x7f0000000400)={r5, 0x6}, &(0x7f0000000440)=0x8) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="280000005e00010000000000000000000c0000000108"], 0x28}], 0x1}, 0x0) r7 = syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$kcm(0x11, 0x200000000000002, 0x300) r10 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000740)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r11 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x9, &(0x7f0000000240)=ANY=[@ANYBLOB="1808000000000000000000000000000018120000", @ANYRES32=r10, @ANYBLOB="0000000000000000b703000000000000850000002f000000b709000000000000850000000700000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x50, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) (fail_nth: 1) setsockopt$sock_attach_bpf(r9, 0x1, 0x32, &(0x7f0000001300)=r11, 0x4) sendmsg$nl_route_sched(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x1f00, {0x0, 0x0, 0x74, 0x0, {0xb, 0xfff2}, {}, {0xe, 0xc}}}, 0x24}, 0x1, 0xf0ffffffffffff, 0x0, 0x8881}, 0x0) preadv(r7, &(0x7f0000000c00)=[{&(0x7f0000000740)=""/121, 0x79}], 0x1, 0x80000000, 0x5) bpf$BPF_PROG_QUERY(0x10, &(0x7f0000000580)={@ifindex, 0x1d, 0x0, 0x6, &(0x7f0000000480)=[0x0, 0x0, 0x0], 0x3, 0x0, &(0x7f00000004c0)=[0x0, 0x0], &(0x7f0000000500)=[0x0, 0x0], &(0x7f0000000540)=[0x0, 0x0, 0x0, 0x0], 0x0}, 0x40) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000005c0)={@map=r10, r3, 0xd, 0x2004, 0x0, @value=r4, @void, @void, @void, r12}, 0x20) ioctl$VIDIOC_S_FREQUENCY(r7, 0x402c5639, &(0x7f00000000c0)={0x0, 0x4, 0x927c0}) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0x1) pipe(&(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) tee(r3, r13, 0x5, 0x0) getsockopt$sock_cred(r6, 0x1, 0x11, &(0x7f0000000240)={0x0, 0x0, 0x0}, &(0x7f0000000280)=0xc) ioctl$AUTOFS_DEV_IOCTL_REQUESTER(r4, 0xc018937b, &(0x7f00000002c0)={{0x1, 0x1, 0x18, r4, {0x0, r14}}, './file0\x00'}) socket$xdp(0x2c, 0x3, 0x0) close_range(r1, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_QUERY_EXT_CTRL(r0, 0xc0e85667, &(0x7f00000000c0)={0x40980001, 0x102, "117431cb65715646b76482f13996ba0cfbc4287ea7b89a56baae0f39f9ffd339", 0x100000000005, 0x9, 0x7, 0x7, 0x80000000, 0x1, 0x8001, 0x3, [0x3, 0x8, 0x5, 0xfffffc01]}) 2.223826563s ago: executing program 4 (id=2910): socket$can_j1939(0x1d, 0x2, 0x7) openat$dir(0xffffffffffffff9c, &(0x7f0000000100)='.\x00', 0x0, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x401, 0x0, 0x0, {0x1, 0x0, 0x8003}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x101, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz2\x00'}]}, @NFT_MSG_NEWRULE={0x94, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x6c, 0x4, 0x0, 0x1, [{0x34, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_DREG={0x8, 0x1, 0x1, 0x0, 0xc}, @NFTA_EXTHDR_OFFSET={0x8, 0x3, 0x1, 0x0, 0xe1}, @NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x22}, @NFTA_EXTHDR_TYPE={0x5, 0x2, 0x7}]}}}, {0x34, 0x1, 0x0, 0x1, @bitwise={{0xc}, @val={0x24, 0x2, 0x0, 0x1, [@NFTA_BITWISE_LEN={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_BITWISE_SREG={0x8, 0x1, 0x1, 0x0, 0x14}, @NFTA_BITWISE_DREG={0x8, 0x2, 0x1, 0x0, 0x12}, @NFTA_BITWISE_XOR={0x4}, @NFTA_BITWISE_MASK={0x4}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x7}}}, 0x108}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$packet(0x11, 0x3, 0x300) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r2, 0x8933, &(0x7f0000000000)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB="58000000100037042dbd7000fbdbdf2500000000", @ANYRES32=r3, @ANYBLOB="94a4010080a000000500110009000000300016"], 0x58}, 0x1, 0x0, 0x0, 0x8841}, 0x24044804) socket$packet(0x11, 0x2, 0x300) socket$netlink(0x10, 0x3, 0x0) socket(0x10, 0x803, 0x0) write$sndseq(0xffffffffffffffff, 0x0, 0x0) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000340), 0x302, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) r7 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r7, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000640)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd26, 0xffffffff, {0x0, 0x0, 0x0, r8, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x10, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x4, 0x6}}]}}]}, 0x48}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0xe4, 0x2c, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x0, r8, {0xe, 0x7}, {}, {0x7}}, [@filter_kind_options=@f_u32={{0x8}, {0xb8, 0x2, [@TCA_U32_SEL={0x74, 0x5, {0x3, 0xef, 0x6, 0x8, 0x5, 0x9, 0x7, 0x0, [{0x1000, 0x4, 0x401, 0x6}, {0x8, 0x7, 0x1008, 0x5}, {0xfffffff9, 0x43, 0x7ffd, 0x5}, {0x7fde, 0x40, 0x51, 0x3ff}, {0x5, 0xb, 0x2, 0x42}, {0x200, 0x4, 0x8, 0x8}]}}, @TCA_U32_POLICE={0x40, 0x6, [@TCA_POLICE_TBF={0x3c, 0x1, {0x28bf, 0x20000000, 0xebb, 0x1, 0x2, {0xff, 0x2, 0x3, 0x3, 0x6}, {0xf3, 0x1, 0xfffb, 0x6f4, 0x6, 0x6}, 0x6, 0x0, 0xfafd}}]}]}}]}, 0xe4}, 0x1, 0x0, 0x0, 0x80}, 0x40) close_range(r4, 0xffffffffffffffff, 0x0) socket$kcm(0xa, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$nl_generic(0x10, 0x3, 0x10) io_uring_setup(0x2e89, &(0x7f0000000140)={0x0, 0x27c, 0x10, 0x0, 0xe5}) syz_io_uring_setup(0x7596, &(0x7f00000001c0)={0x0, 0x3c2e, 0x1, 0x0, 0x2}, 0x0, 0x0) creat(&(0x7f0000000040)='./file0\x00', 0x62) 2.116019572s ago: executing program 0 (id=2911): r0 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r0, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) writev(r0, &(0x7f0000000200)=[{&(0x7f00000000c0)='X', 0x8030000}], 0x1) recvfrom$inet(r0, &(0x7f0000000280)=""/139, 0x8b, 0x11022, 0x0, 0x0) 1.935553011s ago: executing program 0 (id=2912): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0xea100, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f018581c0bc0065666765f36f0f33f0100a660f3a0cb9000000752066b9800000c00f3a32c632c6004000a50f01d70f0901", 0x32}], 0x1, 0x54, 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x8000000000000000, 0x100000001, 0x800000000, 0x3e, 0x0, 0x0, 0x2004cc, 0x5, 0x0, 0x0, 0xfffffffdfffffffc, 0xfffffffffffffffc, 0x0, 0x9, 0x4000000000000004, 0x767], 0xeeef0000, 0xc0086}) ioctl$KVM_RUN(r2, 0xae80, 0xffffffff) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000040)={0x1, 0x0, 0x1000, 0x2000, &(0x7f0000fa2000/0x2000)=nil}) 1.597239368s ago: executing program 0 (id=2913): r0 = signalfd(0xffffffffffffffff, 0x0, 0x0) fcntl$lock(r0, 0x7, &(0x7f0000000000)={0x1, 0x0, 0x100000000000, 0x0, 0xffffffffffffffff}) fcntl$lock(r0, 0x7, 0x0) syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='fdinfo/3\x00') r1 = syz_open_dev$vcsa(&(0x7f0000000000), 0x40000000, 0x50441) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) mknod$loop(0x0, 0x100000000000600d, 0x1) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='blkio.bfq.time\x00', 0x26e1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000280)={0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r2, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) io_setup(0x2278, &(0x7f0000000180)=0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_timeval(r4, 0x1, 0x14, &(0x7f0000000000)={0x0, 0xea60}, 0x10) io_submit(r3, 0x2, &(0x7f0000000140)=[&(0x7f00000001c0)={0x0, 0x4, 0x0, 0x0, 0x0, r4, &(0x7f0000000240)="22dd", 0x2, 0x0, 0x0, 0x2}, &(0x7f0000000080)={0x0, 0x0, 0x2, 0x7, 0x2, r4, 0x0}]) (fail_nth: 1) syz_clone(0x640c7000, 0x0, 0x0, 0x0, 0x0, 0x0) setsockopt$ARPT_SO_SET_REPLACE(0xffffffffffffffff, 0x0, 0x60, &(0x7f0000000580)={'filter\x00', 0x7, 0x4, 0x3a0, 0x1e0, 0x1e0, 0x1e0, 0x2c0, 0x2c0, 0x2c0, 0x4, 0x0, {[{{@arp={@empty, @broadcast, 0xff, 0xffffffff, 0x0, 0x0, {@mac=@broadcast, {[0xff, 0x0, 0x0, 0xff]}}, {@mac=@multicast, {[0x0, 0x0, 0xff, 0x0, 0xff, 0xff]}}, 0x100, 0x1, 0x7, 0x4, 0x5, 0x3, 'bond_slave_1\x00', 'batadv_slave_1\x00', {0xff}, {0xff}, 0x0, 0x6}, 0xbc, 0xfc}, @unspec=@ERROR={0x40, 'ERROR\x00', 0x0, "44724e5a18f8fb0ad3a2888ec59b7d437f0fa7f7b0b6079e814ca54f4417"}}, {{@uncond, 0xbc, 0xe4}, @unspec=@MARK={0x28, 'MARK\x00', 0x2, {0x6, 0x4}}}, {{@arp={@empty, @rand_addr=0x64010100, 0x7fffffff, 0xff000000, 0x1, 0xf, {@empty, {[0x0, 0x0, 0x0, 0xff, 0xff]}}, {@empty, {[0x0, 0xff, 0x0, 0x0, 0xff]}}, 0x1c6, 0x68b, 0x9, 0x1000, 0x9, 0x5, 'team_slave_1\x00', 'bond_slave_0\x00', {}, {}, 0x0, 0xd1}, 0xbc, 0xe0}, @unspec=@AUDIT={0x24, 'AUDIT\x00', 0x0, {0x2}}}], {{'\x00', 0xbc, 0xe0}, {0x24}}}}, 0x3ec) fallocate(0xffffffffffffffff, 0x0, 0x0, 0x1000f4) read$FUSE(r1, &(0x7f0000000040)={0x2020}, 0x2020) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r6, {0x0, 0xd}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) 1.596539261s ago: executing program 2 (id=2914): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x0, 0x12, r1, 0x0) r2 = dup(r0) ioctl$KVM_SET_MSRS(r2, 0xc008aec1, 0x0) r3 = socket(0x11, 0x800000003, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000600)={'team0\x00', 0x0}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r5, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000004c0)=@newqdisc={0x8c, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x12, r4, {0x0, 0xb}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x5c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x6, [0x1, 0x0, 0x0, 0xb], 0x1, [0x8, 0x4, 0x0, 0x0, 0xffff], [0x0, 0x8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8]}}]}}]}, 0x8c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) 1.223374964s ago: executing program 2 (id=2915): socket$packet(0x11, 0x3, 0x300) r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmmsg$inet6(r0, &(0x7f0000019680)=[{{&(0x7f0000000100)={0xa, 0x10, 0x0, @loopback={0x0, 0xac141414}}, 0x1c, 0x0}}], 0x1, 0x20004855) 1.019860804s ago: executing program 2 (id=2916): r0 = socket$packet(0x11, 0x3, 0x300) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) sendmmsg$inet6(r1, &(0x7f0000019680)=[{{&(0x7f0000000100)={0xa, 0x10, 0x0, @loopback={0x0, 0xac141414}}, 0x1c, 0x0}}], 0x1, 0x20004855) fcntl$getflags(r0, 0x1) 909.221347ms ago: executing program 2 (id=2917): connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x1, 0x4, &(0x7f0000000540)=ANY=[@ANYBLOB="180000000000000000000000000000003c0001000000000095"], &(0x7f0000000040)='GPL\x00', 0x2, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) getsockopt$bt_hci(r1, 0x0, 0x3, &(0x7f0000000300)=""/247, &(0x7f0000000140)=0xf7) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000000c0)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x80000) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000200)="ad00"/16, 0x10) sendmmsg$unix(r3, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0, 0x0, 0x0, 0x0, 0x9802}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000bf7000)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r4 = open(&(0x7f0000000280)='.\x00', 0x80, 0x28) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, 0x0) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x8000, 0x0, 0x0, 0x2) 711.259729ms ago: executing program 4 (id=2918): openat$dsp1(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r0 = socket$inet(0xa, 0x801, 0x84) r1 = socket$rxrpc(0x21, 0x2, 0x2) bind$rxrpc(r1, 0x0, 0x0) r2 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x8946, &(0x7f0000000200)={'gre0\x00', &(0x7f0000000000)=@ethtool_cmd={0x4a, 0x3, 0x487, 0x9, 0x0, 0x1, 0x2, 0x7, 0x3a, 0x9, 0x80000000, 0xfffffffe, 0x97be, 0x8, 0xfa, 0x8, [0x1154, 0x7]}}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r5 = socket$inet6(0xa, 0x6, 0x0) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r6, 0x0, 0x0) setsockopt$sock_linger(r6, 0x1, 0xd, &(0x7f0000000100)={0x1, 0x80000001}, 0x8) close(r6) bind$inet6(r5, &(0x7f00000000c0)={0xa, 0x4e20, 0x10001, @empty}, 0x1c) preadv(0xffffffffffffffff, &(0x7f0000000080), 0x0, 0x0, 0x0) r7 = socket$inet_dccp(0x2, 0x6, 0x0) listen(r5, 0x400005) connect$inet(r7, &(0x7f0000000000)={0x2, 0x4e20, @local}, 0x10) sendmmsg(r7, &(0x7f0000002980), 0x400000000000239, 0x0) connect$inet(r0, 0x0, 0x0) r8 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r8, 0x29, 0x40, &(0x7f0000000ec0)=@raw={'raw\x00', 0x3c1, 0x3, 0x438, 0x0, 0x150, 0x150, 0x0, 0xf8010000, 0x370, 0x238, 0x238, 0x370, 0x238, 0x3, 0x0, {[{{@ipv6={@mcast1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [], 'team_slave_0\x00', 'hsr0\x00', {}, {}, 0x84}, 0x0, 0x240, 0x2a8, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'batadv0\x00', {0x0, 0x0, 0x4, 0x0, 0x0, 0xffff725c, 0x4}}}, @common=@inet=@sctp={{0x144}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @local, [], [], 'batadv_slave_0\x00', 'gre0\x00'}, 0x0, 0xa4, 0xc8}, @common=@inet=@SYNPROXY={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x494) listen(r8, 0x8) accept4(r0, 0x0, 0x0, 0x0) 595.530142ms ago: executing program 1 (id=2919): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_CONFIG(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000180)={0x1c, 0x2, 0x3, 0x3, 0x0, 0x0, {0x0, 0x0, 0x10}, [@NFQA_CFG_CMD={0x8, 0x1, {0x1}}]}, 0x1c}}, 0x0) sendmsg$NFQNL_MSG_VERDICT_BATCH(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000340)={0x20, 0x3, 0x3, 0x301, 0x0, 0x0, {0x5}, [@NFQA_VERDICT_HDR={0xc, 0x2, {0x5ffffff, 0x9}}]}, 0x20}, 0x1, 0x0, 0x0, 0x20004000}, 0x4) r1 = syz_io_uring_setup(0x10d, &(0x7f0000000140)={0x0, 0x8b7c, 0x800, 0x7, 0x22}, &(0x7f0000000940)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_CONNECT={0x10, 0xa, 0x0, 0xffffffffffffffff, 0x0, 0x0}) io_uring_enter(r1, 0x47f9, 0x0, 0x0, 0x0, 0x0) clock_nanosleep(0x2, 0x37dc12502000000, &(0x7f00000000c0)={0x0, 0x989680}, 0x0) r4 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_IO(r4, 0x2285, 0x0) r5 = fcntl$dupfd(r4, 0x0, r4) write$sndseq(r5, &(0x7f0000000200)=[{0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @raw32}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @ext={0x0, 0x0}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @control}, {0x0, 0x0, 0xb, 0x0, @tick, {}, {}, @control}, {0x0, 0x0, 0x0, 0x0, @tick, {}, {}, @quote={{}, 0xffff}}, {0x0, 0x0, 0x0, 0x0, @tick=0x2, {}, {}, @raw8={"448cc880fe353ca0f2c2e953"}}, {0x0, 0x0, 0x0, 0x0, @time, {}, {}, @connect={{0x4}}}], 0xc4) read$snapshot(r5, 0x0, 0xffffffbf) epoll_ctl$EPOLL_CTL_MOD(r5, 0x3, r5, &(0x7f0000000000)={0x1015}) r6 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000000), 0xc0802, 0x0) ioctl$PPPIOCNEWUNIT(r6, 0xc004743e, &(0x7f00000000c0)) ioctl$PPPIOCSMAXCID(r6, 0x40047451, &(0x7f0000000200)=0x3) ioctl$PPPIOCSFLAGS1(r6, 0x40047459, &(0x7f0000000100)=0x2000004) pwritev(r6, &(0x7f0000000040)=[{&(0x7f0000000340)="00214f17a7128d000000030640710a069daaa672ea9ba9", 0x17}], 0x1, 0x9a4d, 0x1) poll(&(0x7f0000000040)=[{r4, 0x4010}], 0x1, 0x7fff) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000480)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000002c0)={0xffffffffffffffff}, 0x13f}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r7, &(0x7f0000000100)={0x3, 0x40, 0xfa00, {{0xa, 0x4e21, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, {0xa, 0x0, 0x1000, @mcast2, 0x6}, r8}}, 0x48) socket$isdn(0x22, 0x3, 0x21) 0s ago: executing program 2 (id=2920): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f00000005c0), 0xffffffffffffffff) sendmsg$TIPC_NL_LINK_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000380)=ANY=[@ANYBLOB="ac000000", @ANYRES16=r2, @ANYBLOB="01060000000000000000090000002c000480130001"], 0xac}}, 0x4000000) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000480)={0xffffffffffffffff, 0x0, 0x25, 0x2, @val=@uprobe_multi={0x0, 0x0, 0x0, 0x6, 0x0, 0x1}}, 0x40) r3 = socket$inet6_dccp(0xa, 0x6, 0x0) bind$inet6(r3, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2, 0x1}, 0x1c) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) r5 = eventfd(0xffffffff) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)=r5) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, &(0x7f0000000040)={0x1, r5}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) setxattr$incfs_id(&(0x7f0000001740)='.\x00', &(0x7f0000001780), 0x0, 0x0, 0x2) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000480)=""/74}) ioctl$VHOST_SET_MEM_TABLE(r4, 0x4008af03, &(0x7f0000000680)={0x1, 0x0, [{0x0, 0xfffffeac, &(0x7f00000001c0)=""/115}]}) ioctl$VHOST_VSOCK_SET_RUNNING(r4, 0x4004af61, &(0x7f0000000000)=0x1) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x9) syz_emit_ethernet(0x3a, &(0x7f0000000080)={@local, @local, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010101, @local, {[@rr={0x7, 0x3, 0x12}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0xc2}}}}}}, 0x0) kernel console output (not intermixed with test programs): onnect, device number 24 [ 435.212843][ T976] usb 3-1: device descriptor read/64, error -71 [ 435.237981][ T5895] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 435.271145][ T5895] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 435.292424][ T5895] quatech2 1-1:0.51: device disconnected [ 435.325934][ T976] usb usb3-port1: attempt power cycle [ 435.684952][ T976] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 435.715585][ T976] usb 3-1: device descriptor read/8, error -71 [ 436.064867][ T976] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 436.106493][ T976] usb 3-1: device descriptor read/8, error -71 [ 436.222662][ T976] usb usb3-port1: unable to enumerate USB device [ 436.347684][ T10] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 436.582098][ T10] usb 1-1: Using ep0 maxpacket: 16 [ 436.590875][ T10] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 436.608471][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 436.635478][ T10] usb 1-1: config 0 has no interface number 0 [ 436.656697][ T10] usb 1-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 436.667789][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.792025][ T10] usb 1-1: Product: syz [ 436.796414][ T10] usb 1-1: Manufacturer: syz [ 436.805571][ T10] usb 1-1: SerialNumber: syz [ 436.837961][T13421] xt_CT: No such helper "syz0" [ 436.944294][ T10] usb 1-1: config 0 descriptor?? [ 436.981223][ T5895] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 437.391837][ T5895] usb 4-1: config 0 has no interfaces? [ 437.411450][ T5895] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 437.429371][ T5895] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.457890][ T5895] usb 4-1: Product: syz [ 437.466022][ T5895] usb 4-1: Manufacturer: syz [ 437.470632][ T5895] usb 4-1: SerialNumber: syz [ 437.493609][ T5895] usb 4-1: config 0 descriptor?? [ 437.899790][T13430] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2462'. [ 437.928494][T13430] bridge_slave_0: left allmulticast mode [ 437.937692][T13430] bridge_slave_0: left promiscuous mode [ 437.955582][T13430] bridge0: port 1(bridge_slave_0) entered disabled state [ 437.997933][T13430] bridge_slave_1: left allmulticast mode [ 438.007559][T13430] bridge_slave_1: left promiscuous mode [ 438.028882][T13430] bridge0: port 2(bridge_slave_1) entered disabled state [ 438.088761][T13430] bond0: (slave bond_slave_0): Releasing backup interface [ 438.140891][T13430] bond0: (slave bond_slave_1): Releasing backup interface [ 438.216695][T13430] team0: Port device team_slave_0 removed [ 438.270643][T13430] team0: Port device team_slave_1 removed [ 438.285683][T13430] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 438.348563][T13430] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 438.384510][T13443] kvm: kvm [13442]: vcpu0, guest rIP: 0xfff0 Unhandled RDMSR(0x4000008d) [ 438.424823][T13430] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 438.438035][T13430] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 438.825262][T13431] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 439.062210][ T5895] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 439.272325][ T5895] usb 3-1: device descriptor read/64, error -71 [ 439.453611][T13407] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 439.465705][ T10] usb 1-1: USB disconnect, device number 25 [ 439.556409][ T5895] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 439.692782][ T5895] usb 3-1: device descriptor read/64, error -71 [ 439.802415][ T5895] usb usb3-port1: attempt power cycle [ 440.009870][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.016385][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.052854][T13477] fuse: Unknown parameter '' [ 440.074584][T13477] random: crng reseeded on system resumption [ 440.152066][ T5895] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 440.184239][ T5895] usb 3-1: device descriptor read/8, error -71 [ 440.434324][ T5895] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 440.462574][ T5895] usb 3-1: device descriptor read/8, error -71 [ 440.517248][T12838] usb 4-1: USB disconnect, device number 36 [ 440.575437][ T5895] usb usb3-port1: unable to enumerate USB device [ 441.672275][T12838] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 441.832114][T12838] usb 2-1: Using ep0 maxpacket: 8 [ 441.844643][T12838] usb 2-1: unable to get BOS descriptor or descriptor too short [ 441.857208][T12838] usb 2-1: config 7 has an invalid interface number: 162 but max is 0 [ 441.866821][ T24] usb 4-1: new high-speed USB device number 37 using dummy_hcd [ 441.887256][T12838] usb 2-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 441.913081][T12838] usb 2-1: config 7 has no interface number 0 [ 441.919281][T12838] usb 2-1: config 7 interface 162 has no altsetting 0 [ 441.929496][T12838] usb 2-1: New USB device found, idVendor=9b30, idProduct=a016, bcdDevice=11.82 [ 441.939034][T12838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 441.947094][T12838] usb 2-1: Product: syz [ 441.951252][T12838] usb 2-1: Manufacturer: syz [ 441.955944][T12838] usb 2-1: SerialNumber: syz [ 442.061963][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 442.074696][ T24] usb 4-1: config 0 has no interfaces? [ 442.088854][ T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 442.100072][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 442.108465][ T24] usb 4-1: Product: syz [ 442.112810][ T24] usb 4-1: Manufacturer: syz [ 442.117421][ T24] usb 4-1: SerialNumber: syz [ 442.130775][ T24] usb 4-1: config 0 descriptor?? [ 442.197691][T12838] rndis_host 2-1:7.162: skipping garbage [ 442.241544][T12838] usb 2-1: bad CDC descriptors [ 442.260238][T12838] usb 2-1: USB disconnect, device number 31 [ 442.416866][ T976] usb 4-1: USB disconnect, device number 37 [ 442.982201][T13520] netlink: 'syz.2.2491': attribute type 1 has an invalid length. [ 443.086303][T13533] program syz.0.2496 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 443.131744][T13535] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2497'. [ 443.157939][ T24] hid-generic 0000:0000:0000.0008: unknown main item tag 0x0 [ 443.178108][ T24] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz0] on syz0 [ 443.230646][T13535] kvm: requested 4190 ns i8254 timer period limited to 200000 ns [ 443.272002][T12838] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 443.401947][T12838] usb 3-1: device descriptor read/64, error -71 [ 443.452117][ T52] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 443.615087][ T52] usb 4-1: Using ep0 maxpacket: 16 [ 443.628813][ T52] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 443.645647][ T52] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 443.659524][ T52] usb 4-1: config 0 has no interface number 0 [ 443.675854][ T52] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 443.686494][T12838] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 443.703699][ T52] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.720345][ T52] usb 4-1: Product: syz [ 443.728209][ T52] usb 4-1: Manufacturer: syz [ 443.733026][ T52] usb 4-1: SerialNumber: syz [ 443.782016][ T52] usb 4-1: config 0 descriptor?? [ 443.783037][ T5895] usb 2-1: new high-speed USB device number 32 using dummy_hcd [ 443.842385][T12838] usb 3-1: device descriptor read/64, error -71 [ 443.952454][T12838] usb usb3-port1: attempt power cycle [ 443.963164][ T5895] usb 2-1: Using ep0 maxpacket: 8 [ 443.979055][ T5895] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 444.003352][ T5895] usb 2-1: New USB device found, idVendor=17ef, idProduct=6062, bcdDevice= 0.00 [ 444.027328][ T5895] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 444.049991][ T5895] usb 2-1: config 0 descriptor?? [ 444.611985][T12838] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 444.632762][T12838] usb 3-1: device descriptor read/8, error -71 [ 444.816512][ T5895] lenovo 0003:17EF:6062.0009: hidraw0: USB HID v0.00 Device [HID 17ef:6062] on usb-dummy_hcd.1-1/input0 [ 444.865133][T13558] xt_CT: No such helper "syz0" [ 444.903854][T12838] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 444.932464][T12838] usb 3-1: device descriptor read/8, error -71 [ 444.963507][ T24] usb 2-1: USB disconnect, device number 32 [ 445.043112][T12838] usb usb3-port1: unable to enumerate USB device [ 445.407726][T12459] tipc: Subscription rejected, illegal request [ 445.628133][T13571] raw_sendmsg: syz.0.2505 forgot to set AF_INET. Fix it! [ 445.962141][T12838] usb 2-1: new high-speed USB device number 33 using dummy_hcd [ 446.116773][T12838] usb 2-1: device descriptor read/64, error -71 [ 446.135395][T13554] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 446.172032][ T10] usb 4-1: USB disconnect, device number 38 [ 446.240632][T13589] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2511'. [ 446.362146][ T24] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 446.370245][T12838] usb 2-1: new high-speed USB device number 34 using dummy_hcd [ 446.517169][T12838] usb 2-1: device descriptor read/64, error -71 [ 446.668535][T12838] usb usb2-port1: attempt power cycle [ 446.855125][ C1] sd 0:0:1:0: [sda] tag#6544 FAILED Result: hostbyte=DID_ERROR driverbyte=DRIVER_OK cmd_age=0s [ 446.865614][ C1] sd 0:0:1:0: [sda] tag#6544 CDB: Write(6) 0a 00 4e 21 00 00 00 00 20 01 00 00 [ 446.880390][ T24] usb 3-1: config 0 has no interfaces? [ 446.890229][ T24] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 446.900377][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.916857][ T24] usb 3-1: Product: syz [ 446.989110][ T24] usb 3-1: Manufacturer: syz [ 447.124874][T13603] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 447.137845][T12838] usb 2-1: new high-speed USB device number 35 using dummy_hcd [ 447.147362][T13603] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 447.173497][T12838] usb 2-1: device descriptor read/8, error -71 [ 447.195672][ T24] usb 3-1: SerialNumber: syz [ 447.219317][T13601] xt_CT: No such helper "syz0" [ 447.244933][ T24] usb 3-1: config 0 descriptor?? [ 447.472554][T12838] usb 2-1: new high-speed USB device number 36 using dummy_hcd [ 447.511813][T12838] usb 2-1: device descriptor read/8, error -71 [ 447.569366][T13608] FAULT_INJECTION: forcing a failure. [ 447.569366][T13608] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 447.602439][T13608] CPU: 1 UID: 0 PID: 13608 Comm: syz.4.2515 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 447.602454][T13608] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 447.602460][T13608] Call Trace: [ 447.602464][T13608] [ 447.602469][T13608] dump_stack_lvl+0x241/0x360 [ 447.602488][T13608] ? __pfx_dump_stack_lvl+0x10/0x10 [ 447.602501][T13608] ? __pfx__printk+0x10/0x10 [ 447.602521][T13608] should_fail_ex+0x424/0x570 [ 447.602535][T13608] _copy_from_user+0x2d/0xb0 [ 447.602549][T13608] kstrtouint_from_user+0xce/0x1a0 [ 447.602562][T13608] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 447.602575][T13608] ? __lock_acquire+0xad5/0xd80 [ 447.602591][T13608] proc_fail_nth_write+0xac/0x2d0 [ 447.602602][T13608] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 447.602615][T13608] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 447.602628][T13608] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 447.602638][T13608] vfs_write+0x2bc/0xd10 [ 447.602655][T13608] ? __pfx_vfs_write+0x10/0x10 [ 447.602677][T13608] ksys_write+0x19d/0x2d0 [ 447.602689][T13608] ? __pfx_ksys_write+0x10/0x10 [ 447.602701][T13608] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 447.602716][T13608] ? lockdep_hardirqs_on+0x9d/0x150 [ 447.602728][T13608] __do_fast_syscall_32+0xb4/0x110 [ 447.602740][T13608] ? exc_page_fault+0x5f8/0x920 [ 447.602753][T13608] do_fast_syscall_32+0x34/0x80 [ 447.602765][T13608] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 447.602777][T13608] RIP: 0023:0xf7f76579 [ 447.602786][T13608] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 447.602794][T13608] RSP: 002b:00000000f5075590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 447.602805][T13608] RAX: ffffffffffffffda RBX: 0000000000000007 RCX: 00000000f5075620 [ 447.602811][T13608] RDX: 0000000000000001 RSI: 00000000f73fdff4 RDI: 0000000000000000 [ 447.602817][T13608] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 447.602822][T13608] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 447.602828][T13608] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 447.602842][T13608] [ 447.652008][T12838] usb usb2-port1: unable to enumerate USB device [ 448.499784][T13633] FAULT_INJECTION: forcing a failure. [ 448.499784][T13633] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 448.514083][T13633] CPU: 1 UID: 0 PID: 13633 Comm: syz.4.2523 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 448.514097][T13633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 448.514103][T13633] Call Trace: [ 448.514108][T13633] [ 448.514112][T13633] dump_stack_lvl+0x241/0x360 [ 448.514132][T13633] ? __pfx_dump_stack_lvl+0x10/0x10 [ 448.514147][T13633] ? __pfx__printk+0x10/0x10 [ 448.514168][T13633] should_fail_ex+0x424/0x570 [ 448.514182][T13633] _copy_from_user+0x2d/0xb0 [ 448.514195][T13633] get_compat_msghdr+0xb3/0x730 [ 448.514211][T13633] ? __fget_files+0x2a/0x420 [ 448.514221][T13633] ? __pfx_get_compat_msghdr+0x10/0x10 [ 448.514241][T13633] __sys_sendmsg+0x23b/0x360 [ 448.514255][T13633] ? __pfx___sys_sendmsg+0x10/0x10 [ 448.514289][T13633] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 448.514301][T13633] ? lockdep_hardirqs_on+0x9d/0x150 [ 448.514313][T13633] __do_fast_syscall_32+0xb4/0x110 [ 448.514324][T13633] ? exc_page_fault+0x5f8/0x920 [ 448.514337][T13633] do_fast_syscall_32+0x34/0x80 [ 448.514349][T13633] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 448.514361][T13633] RIP: 0023:0xf7f76579 [ 448.514370][T13633] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 448.514378][T13633] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 448.514389][T13633] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800000c0 [ 448.514395][T13633] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 448.514401][T13633] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 448.514406][T13633] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 448.514411][T13633] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 448.514425][T13633] [ 448.854287][T13620] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 449.382006][ T10] usb 2-1: new full-speed USB device number 37 using dummy_hcd [ 449.512088][ T10] usb 2-1: device descriptor read/64, error -71 [ 449.587227][ T976] usb 3-1: USB disconnect, device number 49 [ 449.672227][ T5895] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 449.687178][T13665] netlink: 48 bytes leftover after parsing attributes in process `syz.3.2532'. [ 449.723534][T13670] FAULT_INJECTION: forcing a failure. [ 449.723534][T13670] name failslab, interval 1, probability 0, space 0, times 0 [ 449.770959][ T10] usb 2-1: new full-speed USB device number 38 using dummy_hcd [ 449.815934][T13670] CPU: 1 UID: 0 PID: 13670 Comm: syz.4.2533 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 449.815958][T13670] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 449.815968][T13670] Call Trace: [ 449.815974][T13670] [ 449.815981][T13670] dump_stack_lvl+0x241/0x360 [ 449.816012][T13670] ? __pfx_dump_stack_lvl+0x10/0x10 [ 449.816036][T13670] ? __pfx__printk+0x10/0x10 [ 449.816071][T13670] ? __pfx___might_resched+0x10/0x10 [ 449.816097][T13670] should_fail_ex+0x424/0x570 [ 449.816120][T13670] should_failslab+0xac/0x100 [ 449.816146][T13670] __kmalloc_noprof+0xdf/0x4d0 [ 449.816168][T13670] ? kobject_get_path+0xc3/0x2c0 [ 449.816194][T13670] kobject_get_path+0xc3/0x2c0 [ 449.816212][T13670] ? kfree+0x198/0x430 [ 449.816239][T13670] input_devices_seq_show+0x38/0x650 [ 449.816266][T13670] traverse+0x1df/0x550 [ 449.816299][T13670] seq_read_iter+0xc7f/0xda0 [ 449.816317][T13670] ? aa_file_perm+0x139/0xf60 [ 449.816342][T13670] ? aa_file_perm+0x3f1/0xf60 [ 449.816382][T13670] seq_read+0x3ab/0x4f0 [ 449.816407][T13670] ? __pfx_seq_read+0x10/0x10 [ 449.816452][T13670] ? __pfx_seq_read+0x10/0x10 [ 449.816469][T13670] proc_reg_read+0x201/0x2f0 [ 449.816494][T13670] vfs_readv+0x6be/0xa80 [ 449.816528][T13670] ? __pfx_proc_reg_read+0x10/0x10 [ 449.816548][T13670] ? __pfx_vfs_readv+0x10/0x10 [ 449.816589][T13670] ? __fget_files+0x2a/0x420 [ 449.816606][T13670] ? __fget_files+0x39d/0x420 [ 449.816620][T13670] ? __fget_files+0x2a/0x420 [ 449.816645][T13670] __se_compat_sys_preadv+0x169/0x280 [ 449.816671][T13670] ? __pfx___se_compat_sys_preadv+0x10/0x10 [ 449.816696][T13670] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 449.816716][T13670] ? lockdep_hardirqs_on+0x9d/0x150 [ 449.816733][T13670] ? __ia32_compat_sys_preadv+0x20/0xc0 [ 449.816757][T13670] __do_fast_syscall_32+0xb4/0x110 [ 449.816777][T13670] ? exc_page_fault+0x5f8/0x920 [ 449.816801][T13670] do_fast_syscall_32+0x34/0x80 [ 449.816821][T13670] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 449.816841][T13670] RIP: 0023:0xf7f76579 [ 449.816856][T13670] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 449.816870][T13670] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 000000000000014d [ 449.816888][T13670] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000740 [ 449.816901][T13670] RDX: 0000000000000001 RSI: 0000000000000401 RDI: 0000000000000000 [ 449.816910][T13670] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 449.816920][T13670] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 449.816930][T13670] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 449.816957][T13670] [ 450.091097][ T5895] usb 1-1: Using ep0 maxpacket: 32 [ 450.098675][ T5895] usb 1-1: unable to get BOS descriptor or descriptor too short [ 450.109347][ T5895] usb 1-1: config 7 has an invalid interface number: 128 but max is 0 [ 450.131419][ T5895] usb 1-1: config 7 contains an unexpected descriptor of type 0x1, skipping [ 450.142700][ T5895] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 450.152984][ T10] usb 2-1: device descriptor read/64, error -71 [ 450.166574][ T5895] usb 1-1: config 7 has no interface number 0 [ 450.176041][ T5895] usb 1-1: config 7 interface 128 altsetting 2 has an endpoint descriptor with address 0x17, changing to 0x7 [ 450.188956][ T5895] usb 1-1: config 7 interface 128 altsetting 2 bulk endpoint 0x7 has invalid maxpacket 32 [ 450.218694][ T5895] usb 1-1: config 7 interface 128 altsetting 2 endpoint 0x87 has an invalid bInterval 209, changing to 11 [ 450.272475][ T10] usb usb2-port1: attempt power cycle [ 450.356466][ T5895] usb 1-1: config 7 interface 128 altsetting 2 has 2 endpoint descriptors, different from the interface descriptor's value: 6 [ 450.372524][ T5895] usb 1-1: config 7 interface 128 has no altsetting 0 [ 450.385200][ T5895] usb 1-1: New USB device found, idVendor=6033, idProduct=4108, bcdDevice=cc.13 [ 450.394470][ T5895] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 450.408608][ T5895] usb 1-1: Product: syz [ 450.418751][ T5895] usb 1-1: Manufacturer: syz [ 450.423629][ T976] usb 4-1: new high-speed USB device number 39 using dummy_hcd [ 450.439042][ T5895] usb 1-1: SerialNumber: syz [ 450.511860][T13660] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 450.601785][ T976] usb 4-1: Using ep0 maxpacket: 8 [ 450.632799][ T976] usb 4-1: config index 0 descriptor too short (expected 301, got 45) [ 450.641012][ T976] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 450.653271][ T976] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 450.663369][ T10] usb 2-1: new full-speed USB device number 39 using dummy_hcd [ 450.676021][ T976] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 450.694301][ T976] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 450.710270][ T10] usb 2-1: device descriptor read/8, error -71 [ 450.719729][ T976] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 450.736349][T13660] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 450.747209][ T976] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.768099][T13660] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 450.850501][ T5895] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 450.868296][ T5895] usb 1-1: MIDIStreaming interface descriptor not found [ 450.940189][ T5895] usb 1-1: USB disconnect, device number 26 [ 450.962092][ T10] usb 2-1: new full-speed USB device number 40 using dummy_hcd [ 451.010260][ T976] usb 4-1: usb_control_msg returned -32 [ 451.016400][ T10] usb 2-1: device descriptor read/8, error -71 [ 451.032453][ T976] usbtmc 4-1:16.0: can't read capabilities [ 451.140448][T13694] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 451.149324][ T10] usb usb2-port1: unable to enumerate USB device [ 451.149908][T13694] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 451.225437][T11797] udevd[11797]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:7.128/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 451.372040][ T976] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 451.523725][ T976] usb 3-1: config 0 has an invalid interface number: 11 but max is 0 [ 451.531844][ T976] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 451.542266][ T976] usb 3-1: config 0 has no interface number 0 [ 451.548366][ T976] usb 3-1: config 0 interface 11 has no altsetting 0 [ 451.555347][ T976] usb 3-1: New USB device found, idVendor=1871, idProduct=0306, bcdDevice=1a.d2 [ 451.564508][ T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 451.575317][ T976] usb 3-1: config 0 descriptor?? [ 451.682028][T12838] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 451.785403][ T976] usb 3-1: string descriptor 0 read error: -71 [ 451.796873][ T976] usb 3-1: Found UVC 0.00 device (1871:0306) [ 451.803955][ T976] usb 3-1: No valid video chain found. [ 451.812136][ T976] usb 3-1: USB disconnect, device number 50 [ 451.855348][T12838] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 451.865043][T12838] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 451.877390][T12838] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 451.886585][T12838] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 451.898461][T12838] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 451.911012][T12838] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 451.920159][T12838] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 451.928234][T12838] usb 1-1: Product: syz [ 451.932421][T12838] usb 1-1: Manufacturer: syz [ 451.941508][T12838] cdc_wdm 1-1:1.0: skipping garbage [ 451.946793][T12838] cdc_wdm 1-1:1.0: skipping garbage [ 451.953766][T12838] cdc_wdm 1-1:1.0: cdc-wdm1: USB WDM device [ 451.959698][T12838] cdc_wdm 1-1:1.0: Unknown control protocol [ 452.704285][T13706] usbtmc 4-1:16.0: send_request_dev_dep_msg_in returned -90 [ 452.838383][ T10] usb 4-1: USB disconnect, device number 39 [ 453.371251][T13701] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 453.452018][ T24] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 453.623878][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 453.631089][ T24] usb 3-1: config 0 has an invalid interface number: 105 but max is 0 [ 453.641362][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 453.654683][ T24] usb 3-1: config 0 has no interface number 0 [ 453.666221][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 453.677587][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.685668][ T24] usb 3-1: Product: syz [ 453.690068][ T24] usb 3-1: Manufacturer: syz [ 453.702030][ T976] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 453.714123][ T24] usb 3-1: SerialNumber: syz [ 453.725546][ T24] usb 3-1: config 0 descriptor?? [ 453.857159][ T976] usb 4-1: config 0 has no interfaces? [ 453.884645][ T976] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 453.954348][ T976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.963150][ T976] usb 4-1: Product: syz [ 453.968579][ T976] usb 4-1: Manufacturer: syz [ 453.975492][ T976] usb 4-1: SerialNumber: syz [ 453.990674][ T976] usb 4-1: config 0 descriptor?? [ 454.253680][T13720] xt_CT: No such helper "netbios-ns" [ 454.526426][ T976] usb 1-1: USB disconnect, device number 27 [ 454.949242][T13737] trusted_key: syz.0.2549 sent an empty control message without MSG_MORE. [ 455.047403][T13739] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2550'. [ 455.126893][T13741] Invalid logical block size (65279) [ 455.316306][ T30] audit: type=1326 audit(1744302043.371:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13746 comm="syz.0.2552" exe="/root/syz-executor" sig=31 arch=40000003 syscall=240 compat=1 ip=0xf745d579 code=0x0 [ 455.492166][T12838] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 455.672244][T12838] usb 2-1: Using ep0 maxpacket: 16 [ 455.686650][T12838] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 455.704468][T12838] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 455.727427][T12838] usb 2-1: config 0 has no interface number 0 [ 455.742068][T12838] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 455.751185][T12838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 455.761858][T12838] usb 2-1: Product: syz [ 455.766218][T12838] usb 2-1: Manufacturer: syz [ 455.772238][T12838] usb 2-1: SerialNumber: syz [ 455.790662][T12838] usb 2-1: config 0 descriptor?? [ 455.908784][T13707] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 455.922681][ T976] usb 3-1: USB disconnect, device number 51 [ 456.059742][ T5895] usb 4-1: USB disconnect, device number 40 [ 456.175909][T13759] netlink: 72 bytes leftover after parsing attributes in process `syz.0.2557'. [ 456.190794][T13759] netlink: 372 bytes leftover after parsing attributes in process `syz.0.2557'. [ 456.996679][T13754] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 457.627097][T13785] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2561'. [ 457.732491][T13787] xt_CT: No such helper "syz0" [ 458.016944][T13767] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 458.245729][T13744] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 458.263182][T12838] usb 2-1: USB disconnect, device number 41 [ 458.402092][ T24] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 458.460427][T13796] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2564'. [ 458.469691][T13796] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2564'. [ 458.554332][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 458.578894][ T24] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 458.589404][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.603095][ T24] usb 3-1: config 0 descriptor?? [ 458.873339][ T52] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 458.912266][T13803] netlink: 20 bytes leftover after parsing attributes in process `syz.0.2566'. [ 459.019621][ T24] keytouch 0003:0926:3333.000A: fixing up Keytouch IEC report descriptor [ 459.029978][T13806] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2569'. [ 459.051033][T13806] (unnamed net_device) (uninitialized): option mode: invalid value (47) [ 459.081967][ T52] usb 2-1: Using ep0 maxpacket: 16 [ 459.131224][ T24] input: HID 0926:3333 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/0003:0926:3333.000A/input/input15 [ 459.179952][ T52] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 459.188491][ T52] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 459.230630][ T52] usb 2-1: config 0 has no interface number 0 [ 459.289777][ T52] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 459.327999][ T24] keytouch 0003:0926:3333.000A: input,hidraw0: USB HID v0.00 Keyboard [HID 0926:3333] on usb-dummy_hcd.2-1/input0 [ 459.349979][ T52] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.391763][ T52] usb 2-1: Product: syz [ 459.404734][ T52] usb 2-1: Manufacturer: syz [ 459.413792][ T52] usb 2-1: SerialNumber: syz [ 459.436478][ T52] usb 2-1: config 0 descriptor?? [ 459.574528][ T24] usb 3-1: USB disconnect, device number 52 [ 460.036167][T13827] FAULT_INJECTION: forcing a failure. [ 460.036167][T13827] name failslab, interval 1, probability 0, space 0, times 0 [ 460.050845][T13827] CPU: 1 UID: 0 PID: 13827 Comm: syz.3.2575 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 460.050860][T13827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 460.050866][T13827] Call Trace: [ 460.050871][T13827] [ 460.050876][T13827] dump_stack_lvl+0x241/0x360 [ 460.050896][T13827] ? __pfx_dump_stack_lvl+0x10/0x10 [ 460.050910][T13827] ? __pfx__printk+0x10/0x10 [ 460.050926][T13827] ? __pfx___might_resched+0x10/0x10 [ 460.050941][T13827] should_fail_ex+0x424/0x570 [ 460.050955][T13827] should_failslab+0xac/0x100 [ 460.050975][T13827] __kmalloc_cache_noprof+0x73/0x370 [ 460.050989][T13827] ? alloc_netdev_mqs+0xc7c/0x1210 [ 460.051004][T13827] alloc_netdev_mqs+0xc7c/0x1210 [ 460.051019][T13827] rtnl_create_link+0x2f9/0xc90 [ 460.051035][T13827] rtnl_newlink_create+0x2f2/0xcb0 [ 460.051051][T13827] ? __mutex_lock+0x380/0x10c0 [ 460.051065][T13827] ? __pfx_aa_get_newest_label+0x10/0x10 [ 460.051081][T13827] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 460.051097][T13827] ? __pfx___mutex_lock+0x10/0x10 [ 460.051113][T13827] ? ns_capable+0x8a/0xf0 [ 460.051125][T13827] rtnl_newlink+0x18b0/0x1fe0 [ 460.051139][T13827] ? stack_depot_save_flags+0x44/0x940 [ 460.051158][T13827] ? __pfx_rtnl_newlink+0x10/0x10 [ 460.051169][T13827] ? __netlink_deliver_tap+0x561/0x7f0 [ 460.051181][T13827] ? netlink_deliver_tap+0x19d/0x1b0 [ 460.051192][T13827] ? netlink_unicast+0x7c6/0x9a0 [ 460.051202][T13827] ? netlink_sendmsg+0x8c3/0xcd0 [ 460.051216][T13827] ? __sock_sendmsg+0x221/0x270 [ 460.051228][T13827] ? ____sys_sendmsg+0x523/0x860 [ 460.051236][T13827] ? __sys_sendmsg+0x271/0x360 [ 460.051245][T13827] ? __do_fast_syscall_32+0xb4/0x110 [ 460.051256][T13827] ? do_fast_syscall_32+0x34/0x80 [ 460.051267][T13827] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 460.051297][T13827] ? kasan_quarantine_put+0xdc/0x230 [ 460.051307][T13827] ? lockdep_hardirqs_on+0x9d/0x150 [ 460.051319][T13827] ? nlmon_xmit+0xaf/0x100 [ 460.051337][T13827] ? __local_bh_enable_ip+0x168/0x200 [ 460.051346][T13827] ? lockdep_hardirqs_on+0x9d/0x150 [ 460.051361][T13827] ? aa_get_newest_label+0x101/0x6f0 [ 460.051377][T13827] ? __lock_acquire+0xad5/0xd80 [ 460.051398][T13827] ? __pfx_rtnl_newlink+0x10/0x10 [ 460.051412][T13827] rtnetlink_rcv_msg+0x80f/0xd70 [ 460.051424][T13827] ? rtnetlink_rcv_msg+0x1ba/0xd70 [ 460.051439][T13827] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 460.051456][T13827] ? ref_tracker_free+0x63e/0x7e0 [ 460.051470][T13827] netlink_rcv_skb+0x208/0x480 [ 460.051483][T13827] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 460.051497][T13827] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 460.051519][T13827] ? netlink_deliver_tap+0x2e/0x1b0 [ 460.051533][T13827] ? netlink_deliver_tap+0x2e/0x1b0 [ 460.051547][T13827] netlink_unicast+0x7f8/0x9a0 [ 460.051563][T13827] ? __pfx_netlink_unicast+0x10/0x10 [ 460.051576][T13827] ? skb_put+0x114/0x1f0 [ 460.051588][T13827] netlink_sendmsg+0x8c3/0xcd0 [ 460.051607][T13827] ? __pfx_netlink_sendmsg+0x10/0x10 [ 460.051622][T13827] ? __import_iovec+0x585/0x830 [ 460.051634][T13827] ? aa_sock_msg_perm+0x91/0x160 [ 460.051650][T13827] ? __pfx_netlink_sendmsg+0x10/0x10 [ 460.051661][T13827] __sock_sendmsg+0x221/0x270 [ 460.051675][T13827] ____sys_sendmsg+0x523/0x860 [ 460.051690][T13827] ? __pfx_____sys_sendmsg+0x10/0x10 [ 460.051709][T13827] __sys_sendmsg+0x271/0x360 [ 460.051721][T13827] ? __pfx___sys_sendmsg+0x10/0x10 [ 460.051758][T13827] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 460.051769][T13827] ? lockdep_hardirqs_on+0x9d/0x150 [ 460.051781][T13827] __do_fast_syscall_32+0xb4/0x110 [ 460.051795][T13827] ? exc_page_fault+0x5f8/0x920 [ 460.051809][T13827] do_fast_syscall_32+0x34/0x80 [ 460.051820][T13827] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 460.051831][T13827] RIP: 0023:0xf7f77579 [ 460.051840][T13827] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 460.051848][T13827] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 460.051859][T13827] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 460.051866][T13827] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 460.051873][T13827] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 460.051882][T13827] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 460.051892][T13827] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 460.051916][T13827] [ 460.779772][T13818] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 461.602043][ T24] usb 1-1: new full-speed USB device number 28 using dummy_hcd [ 461.647314][T13844] xt_CT: No such helper "syz0" [ 461.787462][T13800] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 461.820624][ T52] usb 2-1: USB disconnect, device number 42 [ 462.377570][T13835] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 462.407606][T13833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 462.425746][T13833] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 462.691712][T13853] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2580'. [ 463.224219][T13862] xt_CT: No such helper "syz0" [ 464.041222][T13895] FAULT_INJECTION: forcing a failure. [ 464.041222][T13895] name failslab, interval 1, probability 0, space 0, times 0 [ 464.069829][T13895] CPU: 0 UID: 0 PID: 13895 Comm: syz.1.2594 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 464.069845][T13895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 464.069852][T13895] Call Trace: [ 464.069857][T13895] [ 464.069862][T13895] dump_stack_lvl+0x241/0x360 [ 464.069881][T13895] ? __pfx_dump_stack_lvl+0x10/0x10 [ 464.069898][T13895] ? __pfx__printk+0x10/0x10 [ 464.069914][T13895] ? __pfx___might_resched+0x10/0x10 [ 464.069928][T13895] should_fail_ex+0x424/0x570 [ 464.069942][T13895] should_failslab+0xac/0x100 [ 464.069957][T13895] __kmalloc_noprof+0xdf/0x4d0 [ 464.069970][T13895] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 464.069984][T13895] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 464.070001][T13895] tomoyo_realpath_from_path+0xcf/0x5e0 [ 464.070021][T13895] tomoyo_path_number_perm+0x245/0x790 [ 464.070033][T13895] ? __lock_acquire+0xad5/0xd80 [ 464.070044][T13895] ? tomoyo_path_number_perm+0x215/0x790 [ 464.070057][T13895] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 464.070089][T13895] ? __fget_files+0x2a/0x420 [ 464.070097][T13895] ? __fget_files+0x2a/0x420 [ 464.070107][T13895] ? __fget_files+0x2a/0x420 [ 464.070118][T13895] security_file_ioctl_compat+0xc6/0x2a0 [ 464.070131][T13895] __se_compat_sys_ioctl+0xd8/0xc30 [ 464.070143][T13895] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 464.070156][T13895] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 464.070167][T13895] ? __fget_files+0x2a/0x420 [ 464.070179][T13895] ? fput+0x9b/0xd0 [ 464.070187][T13895] ? ksys_write+0x275/0x2d0 [ 464.070203][T13895] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 464.070214][T13895] ? lockdep_hardirqs_on+0x9d/0x150 [ 464.070226][T13895] __do_fast_syscall_32+0xb4/0x110 [ 464.070238][T13895] ? exc_page_fault+0x5f8/0x920 [ 464.070251][T13895] do_fast_syscall_32+0x34/0x80 [ 464.070263][T13895] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 464.070275][T13895] RIP: 0023:0xf747d579 [ 464.070284][T13895] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 464.070292][T13895] RSP: 002b:00000000f510655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 464.070304][T13895] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 000000004008af00 [ 464.070310][T13895] RDX: 0000000080000100 RSI: 0000000000000000 RDI: 0000000000000000 [ 464.070316][T13895] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 464.070321][T13895] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 464.070327][T13895] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 464.070341][T13895] [ 464.070345][T13895] ERROR: Out of memory at tomoyo_realpath_from_path. [ 464.394345][ T10] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 464.552454][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 464.576863][ T10] usb 3-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 464.587960][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.600713][ T10] usb 3-1: Product: syz [ 464.640182][T13884] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 464.718737][ T10] usb 3-1: Manufacturer: syz [ 464.729021][ T10] usb 3-1: SerialNumber: syz [ 464.773094][ T10] usb 3-1: config 0 descriptor?? [ 464.779975][ T10] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 464.871712][T13899] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 464.966481][T13906] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2598'. [ 464.982435][T13888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 464.991109][T13888] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 465.007723][T13906] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2598'. [ 465.024149][T13906] netlink: 104 bytes leftover after parsing attributes in process `syz.0.2598'. [ 465.063274][T13907] €Â: renamed from syzkaller0 [ 465.294350][ T10] gspca_sonixj: reg_w1 err -110 [ 465.299250][ T10] sonixj 3-1:0.0: probe with driver sonixj failed with error -110 [ 465.572285][T13907] xt_CONNSECMARK: invalid mode: 0 [ 465.764553][T13915] syzkaller0: entered promiscuous mode [ 465.770155][T13915] syzkaller0: entered allmulticast mode [ 465.902019][ T10] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 466.064364][ T10] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 466.078650][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 466.182888][ T10] usb 2-1: config 0 descriptor?? [ 466.226040][ T10] cp210x 2-1:0.0: cp210x converter detected [ 466.522556][T13927] xt_CT: No such helper "syz0" [ 466.632181][T12838] usb 1-1: new full-speed USB device number 29 using dummy_hcd [ 466.656031][ T10] cp210x 2-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 466.871221][ T10] usb 2-1: cp210x converter now attached to ttyUSB0 [ 466.963723][T12838] usb 1-1: config 0 has an invalid interface number: 186 but max is 0 [ 466.974981][T12838] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 466.995160][T12838] usb 1-1: config 0 has no interface number 0 [ 467.009458][T12838] usb 1-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 467.036444][T12838] usb 1-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 467.215039][T12838] usb 1-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 467.246514][T13888] syz.2.2593 (13888): drop_caches: 3 [ 467.296452][T12838] usb 1-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 467.318605][ T10] usb 2-1: USB disconnect, device number 43 [ 467.321506][T12838] usb 1-1: New USB device found, idVendor=07c0, idProduct=1504, bcdDevice=b8.c5 [ 467.331506][ T10] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 467.333769][T12838] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.333791][T12838] usb 1-1: Product: syz [ 467.333804][T12838] usb 1-1: Manufacturer: syz [ 467.333818][T12838] usb 1-1: SerialNumber: syz [ 467.373063][T12838] usb 1-1: config 0 descriptor?? [ 467.447155][T12838] iowarrior 1-1:0.186: no interrupt-out endpoint found [ 467.461607][ T10] cp210x 2-1:0.0: device disconnected [ 467.661976][T12838] usb 1-1: USB disconnect, device number 29 [ 468.042419][ T976] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 468.205466][ T976] usb 4-1: config 0 has no interfaces? [ 468.223815][ T976] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 468.241571][ T976] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.263326][ T976] usb 4-1: Product: syz [ 468.267541][ T976] usb 4-1: Manufacturer: syz [ 468.288926][ T976] usb 4-1: SerialNumber: syz [ 468.300957][ T976] usb 4-1: config 0 descriptor?? [ 468.505768][T13690] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 468.665429][T13690] usb 1-1: Using ep0 maxpacket: 8 [ 468.691850][T13690] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 468.703347][T13690] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 468.717043][T13690] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 468.733960][T13690] usb 1-1: New USB device found, idVendor=1477, idProduct=1022, bcdDevice= 0.00 [ 468.747160][T13690] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.768202][T13690] usb 1-1: config 0 descriptor?? [ 469.026463][T13942] netlink: 'syz.4.2608': attribute type 7 has an invalid length. [ 469.034521][T13942] netlink: 'syz.4.2608': attribute type 8 has an invalid length. [ 469.115946][ T52] usb 3-1: USB disconnect, device number 53 [ 469.211359][T13690] hid-generic 0003:1477:1022.000B: unknown main item tag 0x0 [ 469.230423][T13690] hid-generic 0003:1477:1022.000B: unknown main item tag 0x0 [ 469.247436][T13690] hid-generic 0003:1477:1022.000B: unknown main item tag 0x0 [ 469.266198][T13690] hid-generic 0003:1477:1022.000B: unknown main item tag 0x0 [ 469.285232][T13690] hid-generic 0003:1477:1022.000B: unknown main item tag 0x0 [ 469.298954][T13690] hid-generic 0003:1477:1022.000B: unknown main item tag 0x0 [ 469.317834][T13690] hid-generic 0003:1477:1022.000B: unknown main item tag 0x0 [ 469.326704][T13690] hid-generic 0003:1477:1022.000B: unknown main item tag 0x0 [ 469.338383][T13690] hid-generic 0003:1477:1022.000B: unknown main item tag 0x0 [ 469.361238][T13690] hid-generic 0003:1477:1022.000B: unknown main item tag 0x0 [ 469.383585][T13690] hid-generic 0003:1477:1022.000B: unknown main item tag 0x0 [ 469.416636][T13690] hid-generic 0003:1477:1022.000B: hidraw0: USB HID v0.00 Device [HID 1477:1022] on usb-dummy_hcd.0-1/input0 [ 469.504637][T13953] input: syz0 as /devices/virtual/input/input16 [ 469.607048][ T52] usb 3-1: new low-speed USB device number 54 using dummy_hcd [ 469.742078][ T52] usb 3-1: device descriptor read/64, error -71 [ 469.982037][ T52] usb 3-1: new low-speed USB device number 55 using dummy_hcd [ 470.113038][ T52] usb 3-1: device descriptor read/64, error -71 [ 470.157984][ T10] usb 1-1: USB disconnect, device number 30 [ 470.206303][T13948] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 470.236793][ T52] usb usb3-port1: attempt power cycle [ 470.522684][T13978] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2614'. [ 470.622228][ T52] usb 3-1: new low-speed USB device number 56 using dummy_hcd [ 471.030155][ T5900] usb 4-1: USB disconnect, device number 41 [ 471.081247][ T52] usb 3-1: device descriptor read/8, error -71 [ 471.462517][ T52] usb 3-1: new low-speed USB device number 57 using dummy_hcd [ 471.486291][ T30] audit: type=1326 audit(1744302059.541:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz.4.2617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 471.508082][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.523979][ T30] audit: type=1326 audit(1744302059.571:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz.4.2617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 471.546263][ T30] audit: type=1326 audit(1744302059.601:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz.4.2617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 471.573034][ T52] usb 3-1: device descriptor read/8, error -71 [ 471.575222][ T30] audit: type=1326 audit(1744302059.601:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz.4.2617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 471.605276][ T5841] Bluetooth: hci0: command 0x0406 tx timeout [ 471.612044][ T30] audit: type=1326 audit(1744302059.601:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz.4.2617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 471.641687][ T30] audit: type=1326 audit(1744302059.601:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz.4.2617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 471.644137][ T24] Bluetooth: hci0: Opcode 0x0c1a failed: -110 [ 471.664386][ T30] audit: type=1326 audit(1744302059.601:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz.4.2617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 471.702241][ T5900] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 471.730219][ T30] audit: type=1326 audit(1744302059.601:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz.4.2617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 471.730625][ T52] usb usb3-port1: unable to enumerate USB device [ 471.774488][T13991] kernel profiling enabled (shift: 17) [ 471.778036][ T24] Bluetooth: hci0: Error when powering off device on rfkill (-110) [ 471.851315][ T30] audit: type=1326 audit(1744302059.601:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz.4.2617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=27 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 471.873182][ C0] vkms_vblank_simulate: vblank timer overrun [ 471.904385][ T30] audit: type=1326 audit(1744302059.601:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13986 comm="syz.4.2617" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f76579 code=0x7ffc0000 [ 471.944496][ T5900] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 471.956666][ T5900] usb 4-1: config 1 has an invalid descriptor of length 83, skipping remainder of the config [ 471.982435][ T5900] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 472.001848][ T5900] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 126, changing to 10 [ 472.029897][ T5900] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 26590, setting to 1024 [ 472.052109][ T5900] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 472.061282][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 472.099102][ T5900] usb 4-1: Product: syz [ 472.120704][ T5900] usb 4-1: Manufacturer: syz [ 472.139279][T13981] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 472.154981][ T5900] cdc_wdm 4-1:1.0: skipping garbage [ 472.169480][ T5900] cdc_wdm 4-1:1.0: skipping garbage [ 472.186095][ T5900] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 472.199164][ T5900] cdc_wdm 4-1:1.0: Unknown control protocol [ 472.352444][ T10] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 472.477102][ C0] wdm_int_callback: 26 callbacks suppressed [ 472.477124][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 472.489618][ C0] wdm_int_callback: 26 callbacks suppressed [ 472.489629][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 472.502131][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 472.508728][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 472.515689][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 472.522271][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 472.528499][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 472.535092][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 472.541327][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 472.547905][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 472.554114][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 472.560687][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 472.566948][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 472.573535][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 472.579835][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 472.586415][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 472.592877][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 472.599455][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 472.605666][ C0] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 472.612240][ C0] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 472.672705][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 472.680747][ T10] usb 2-1: unable to get BOS descriptor or descriptor too short [ 472.692334][ T10] usb 2-1: config 3 has an invalid interface number: 182 but max is 0 [ 472.700748][ T10] usb 2-1: config 3 has no interface number 0 [ 472.707182][ T10] usb 2-1: config 3 interface 182 altsetting 8 endpoint 0xA has an invalid bInterval 129, changing to 11 [ 472.737802][T14014] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2623'. [ 472.763602][ T10] usb 2-1: config 3 interface 182 altsetting 8 endpoint 0x3 has an invalid bInterval 92, changing to 10 [ 472.779582][ T10] usb 2-1: config 3 interface 182 has no altsetting 0 [ 472.793558][ T10] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a0, bcdDevice=90.57 [ 472.810543][T14020] bridge0: port 1(vlan2) entered blocking state [ 472.817076][T14020] bridge0: port 1(vlan2) entered disabled state [ 472.825392][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 472.834571][T14020] vlan2: entered allmulticast mode [ 472.839998][T14020] bridge0: entered allmulticast mode [ 472.845752][ T10] usb 2-1: Product: syz [ 472.850091][ T10] usb 2-1: Manufacturer: syz [ 472.858834][ T10] usb 2-1: SerialNumber: syz [ 472.865973][T14020] vlan2: left allmulticast mode [ 472.872128][T14020] bridge0: left allmulticast mode [ 473.137904][ T10] usbtest 2-1:3.182: couldn't get endpoints, -71 [ 473.162897][ T10] usbtest 2-1:3.182: probe with driver usbtest failed with error -71 [ 473.200595][ T10] usb 2-1: USB disconnect, device number 44 [ 473.252404][ T5905] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 473.422026][ T5905] usb 1-1: Using ep0 maxpacket: 8 [ 473.430743][ T5905] usb 1-1: config 0 has an invalid interface number: 112 but max is 1 [ 473.445224][ T5905] usb 1-1: config 0 has an invalid interface number: 17 but max is 1 [ 473.460790][ T5905] usb 1-1: config 0 has no interface number 0 [ 473.471357][ T5905] usb 1-1: config 0 has no interface number 1 [ 473.480966][ T5905] usb 1-1: New USB device found, idVendor=04c1, idProduct=009d, bcdDevice=1f.14 [ 473.517467][ T5905] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 473.541156][ T5905] usb 1-1: Product: syz [ 473.666005][ T5905] usb 1-1: Manufacturer: syz [ 473.674015][ T5905] usb 1-1: SerialNumber: syz [ 473.757164][ T5905] usb 1-1: config 0 descriptor?? [ 473.842464][ T5841] Bluetooth: hci1: command 0x0406 tx timeout [ 473.845783][ T24] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 473.863239][ T24] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 473.907559][T14050] xt_CT: No such helper "syz0" [ 473.976405][ T5905] usb 1-1: USB disconnect, device number 31 [ 474.110492][ T52] usb 4-1: USB disconnect, device number 42 [ 474.158500][T14058] FAULT_INJECTION: forcing a failure. [ 474.158500][T14058] name failslab, interval 1, probability 0, space 0, times 0 [ 474.200241][T14058] CPU: 0 UID: 0 PID: 14058 Comm: syz.4.2632 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 474.200269][T14058] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 474.200279][T14058] Call Trace: [ 474.200287][T14058] [ 474.200293][T14058] dump_stack_lvl+0x241/0x360 [ 474.200323][T14058] ? __pfx_dump_stack_lvl+0x10/0x10 [ 474.200346][T14058] ? __pfx__printk+0x10/0x10 [ 474.200367][T14058] ? arch_stack_walk+0xff/0x150 [ 474.200392][T14058] ? __pfx___might_resched+0x10/0x10 [ 474.200417][T14058] should_fail_ex+0x424/0x570 [ 474.200440][T14058] should_failslab+0xac/0x100 [ 474.200465][T14058] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 474.200489][T14058] ? __alloc_skb+0x1c2/0x480 [ 474.200510][T14058] __alloc_skb+0x1c2/0x480 [ 474.200532][T14058] ? __pfx___alloc_skb+0x10/0x10 [ 474.200547][T14058] ? __update_page_owner_handle+0x5a/0x550 [ 474.200578][T14058] alloc_skb_with_frags+0xc3/0x830 [ 474.200611][T14058] sock_alloc_send_pskb+0x91c/0xa70 [ 474.200649][T14058] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 474.200672][T14058] ? dev_get_by_index+0x23/0x2d0 [ 474.200695][T14058] ? dev_get_by_index+0x23/0x2d0 [ 474.200719][T14058] packet_sendmsg+0x4322/0x6ed0 [ 474.200764][T14058] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 474.200824][T14058] ? __pfx_packet_sendmsg+0x10/0x10 [ 474.200843][T14058] ? aa_sk_perm+0x96f/0xac0 [ 474.200872][T14058] ? __pfx_aa_sk_perm+0x10/0x10 [ 474.200896][T14058] ? __import_iovec+0x585/0x830 [ 474.200917][T14058] ? aa_sock_msg_perm+0x91/0x160 [ 474.200945][T14058] ? __pfx_packet_sendmsg+0x10/0x10 [ 474.200965][T14058] __sock_sendmsg+0x221/0x270 [ 474.200990][T14058] ____sys_sendmsg+0x523/0x860 [ 474.201017][T14058] ? __pfx_____sys_sendmsg+0x10/0x10 [ 474.201052][T14058] __sys_sendmmsg+0x4a3/0x7b0 [ 474.201088][T14058] ? __pfx___sys_sendmmsg+0x10/0x10 [ 474.201112][T14058] ? __lock_acquire+0xad5/0xd80 [ 474.201167][T14058] ? vfs_write+0xb29/0xd10 [ 474.201202][T14058] ? __mutex_unlock_slowpath+0x229/0x800 [ 474.201233][T14058] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 474.201252][T14058] ? __fget_files+0x2a/0x420 [ 474.201280][T14058] ? fput+0x9b/0xd0 [ 474.201295][T14058] ? ksys_write+0x275/0x2d0 [ 474.201325][T14058] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 474.201353][T14058] __do_fast_syscall_32+0xb4/0x110 [ 474.201373][T14058] ? exc_page_fault+0x5f8/0x920 [ 474.201397][T14058] do_fast_syscall_32+0x34/0x80 [ 474.201417][T14058] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 474.201438][T14058] RIP: 0023:0xf7f76579 [ 474.201453][T14058] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 474.201467][T14058] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 474.201486][T14058] RAX: ffffffffffffffda RBX: 0000000000000011 RCX: 0000000080000440 [ 474.201497][T14058] RDX: 0000000000000001 RSI: 0000000000000000 RDI: 0000000000000000 [ 474.201507][T14058] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 474.201517][T14058] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 474.201527][T14058] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 474.201553][T14058] [ 474.513852][ C0] vkms_vblank_simulate: vblank timer overrun [ 475.020465][T14073] bridge_slave_0: entered promiscuous mode [ 475.036804][T14073] bridge_slave_0: entered allmulticast mode [ 475.602403][ T976] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 475.764547][ T976] usb 3-1: config index 0 descriptor too short (expected 3133, got 61) [ 475.818017][ T976] usb 3-1: config 0 has an invalid interface number: 156 but max is 1 [ 475.843809][ T976] usb 3-1: config 0 has an invalid descriptor of length 105, skipping remainder of the config [ 475.862050][ T976] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 475.910815][ T976] usb 3-1: config 0 has no interface number 0 [ 475.926839][ T976] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 475.960676][ T976] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 475.981181][ T976] usb 3-1: config 0 interface 156 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 475.998434][ T976] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 476.007734][ T5841] Bluetooth: hci2: command 0x0406 tx timeout [ 476.013682][ T24] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 476.017590][ T976] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 476.030908][ T976] usb 3-1: config 0 descriptor?? [ 476.039634][ T24] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 476.043462][ T976] gspca_main: spca561-2.14.0 probing abcd:cdee [ 476.287270][T14138] vlan2: entered allmulticast mode [ 476.297539][T14135] xt_CT: No such helper "syz0" [ 476.371637][T14138] bridge_slave_0: entered allmulticast mode [ 476.828927][ T976] spca561 3-1:0.156: probe with driver spca561 failed with error -22 [ 476.863166][ T976] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 476.888667][ T976] usb 3-1: MIDIStreaming interface descriptor not found [ 477.118151][T14153] netlink: 'syz.3.2657': attribute type 6 has an invalid length. [ 477.502006][ T52] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 477.658776][ T52] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 477.676160][ T52] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 477.688710][ T52] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 477.700099][ T52] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 477.710377][ T52] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.718658][ T52] usb 4-1: Product: syz [ 477.723449][ T52] usb 4-1: Manufacturer: syz [ 477.728059][ T52] usb 4-1: SerialNumber: syz [ 477.960840][ T52] usb 4-1: 0:2 : does not exist [ 477.977688][ T52] usb 4-1: USB disconnect, device number 43 [ 478.162257][ T5841] Bluetooth: hci3: command 0x0406 tx timeout [ 478.162272][ T24] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 478.162290][ T24] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 478.189490][T11749] udevd[11749]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 478.257640][T14178] hsr_slave_0: hsr_addr_subst_dest: Unknown node [ 478.264369][T14178] hsr_slave_1: hsr_addr_subst_dest: Unknown node [ 478.291212][ T52] usb 3-1: USB disconnect, device number 58 [ 479.247668][T14205] xt_CT: No such helper "syz0" [ 479.253408][T14184] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 479.553987][T14203] xt_CT: No such helper "syz0" [ 480.001745][T14194] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 480.243480][ T5841] Bluetooth: hci4: command 0x0406 tx timeout [ 480.260079][ T24] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 480.277363][ T24] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 480.422510][T14214] netlink: 'syz.1.2670': attribute type 6 has an invalid length. [ 481.039261][ T5151] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 481.055976][ T5151] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 481.065135][ T5151] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 481.075792][ T5151] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 481.083598][ T5151] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 481.092036][ T976] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 481.118613][ T5841] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 481.138999][ T5841] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 481.152613][ T5841] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 481.168600][ T5841] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 481.178745][ T5841] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 481.256040][ T976] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 481.269478][ T976] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 481.290138][ T976] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 481.317529][ T976] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 481.321976][T14057] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 481.356329][ T976] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 481.386063][ T976] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 481.404525][ T976] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 481.506410][ T976] usb 3-1: Product: syz [ 481.510636][ T976] usb 3-1: Manufacturer: syz [ 481.523218][ T976] cdc_wdm 3-1:1.0: skipping garbage [ 481.530648][ T976] cdc_wdm 3-1:1.0: skipping garbage [ 481.539868][ T976] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 481.546400][ T976] cdc_wdm 3-1:1.0: Unknown control protocol [ 481.554229][T14234] chnl_net:caif_netlink_parms(): no params data found [ 481.562474][T14057] usb 4-1: device descriptor read/64, error -71 [ 481.755484][T14229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 481.766428][T14229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 481.806291][T14234] bridge0: port 1(bridge_slave_0) entered blocking state [ 481.813827][T14234] bridge0: port 1(bridge_slave_0) entered disabled state [ 481.820980][T14234] bridge_slave_0: entered allmulticast mode [ 481.822221][T14057] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 481.829043][T14234] bridge_slave_0: entered promiscuous mode [ 481.844384][T14234] bridge0: port 2(bridge_slave_1) entered blocking state [ 481.851614][T14234] bridge0: port 2(bridge_slave_1) entered disabled state [ 481.858995][T14234] bridge_slave_1: entered allmulticast mode [ 481.867161][T14234] bridge_slave_1: entered promiscuous mode [ 481.920494][T14234] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 481.933382][T14234] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 481.972403][T14057] usb 4-1: device descriptor read/64, error -71 [ 481.980542][T14229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 481.986989][T14234] team0: Port device team_slave_0 added [ 481.990035][T14229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 482.000958][T14234] team0: Port device team_slave_1 added [ 482.025902][T14229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 482.045293][T14229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 482.072920][T14234] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 482.079989][T14234] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 482.105879][ C0] vkms_vblank_simulate: vblank timer overrun [ 482.113123][T14234] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 482.126148][ C0] wdm_int_callback: 6973 callbacks suppressed [ 482.126161][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 482.134552][T14057] usb usb4-port1: attempt power cycle [ 482.138764][ C0] wdm_int_callback: 6973 callbacks suppressed [ 482.138783][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 482.157086][ C0] vkms_vblank_simulate: vblank timer overrun [ 482.163231][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 482.169813][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 482.176077][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 482.182658][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 482.188879][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 482.195452][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 482.201659][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 482.208233][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 482.214443][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 482.221030][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 482.227241][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 482.233814][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 482.240030][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 482.246602][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 482.252848][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 482.259425][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 482.265631][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 482.272202][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 482.283804][T14234] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 482.290780][T14234] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 482.317757][ T976] usb 3-1: USB disconnect, device number 59 [ 482.323911][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 482.338399][T14234] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 482.404980][T14234] hsr_slave_0: entered promiscuous mode [ 482.411750][T14234] hsr_slave_1: entered promiscuous mode [ 482.418239][T14234] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 482.426517][T14234] Cannot create hsr debugfs directory [ 482.560860][T14234] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.626675][T14234] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.692133][T14057] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 482.720947][T14234] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.733629][T14057] usb 4-1: device descriptor read/8, error -71 [ 482.751170][T14243] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 482.792362][T14234] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 482.906356][T14234] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 482.915915][T14234] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 482.925370][T14234] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 482.937720][T14234] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 482.993040][T14057] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 483.009131][T14234] 8021q: adding VLAN 0 to HW filter on device bond0 [ 483.022958][T14057] usb 4-1: device descriptor read/8, error -71 [ 483.029537][T14234] 8021q: adding VLAN 0 to HW filter on device team0 [ 483.059466][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 483.067245][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 483.113356][ T12] bridge0: port 2(bridge_slave_1) entered blocking state [ 483.120454][ T12] bridge0: port 2(bridge_slave_1) entered forwarding state [ 483.146508][T14057] usb usb4-port1: unable to enumerate USB device [ 483.202408][ T5841] Bluetooth: hci5: command tx timeout [ 483.218856][T14234] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 483.313545][T14234] veth0_vlan: entered promiscuous mode [ 483.350550][T14234] veth1_vlan: entered promiscuous mode [ 483.370197][T14257] netlink: 'syz.1.2683': attribute type 6 has an invalid length. [ 483.414416][T14234] veth0_macvtap: entered promiscuous mode [ 483.437472][T14234] veth1_macvtap: entered promiscuous mode [ 483.476620][T14234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 483.487130][T14234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.503601][T14234] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 483.520334][T14234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.532251][T14234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.542474][T14234] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 483.553477][T14234] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 483.568615][T14234] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 483.599193][T14234] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.624548][T14234] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.633717][T14234] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.642716][T14234] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 483.829179][ T1153] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.830505][T14271] netlink: 60 bytes leftover after parsing attributes in process `syz.4.2690'. [ 483.846227][ T1153] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 483.866198][T14270] delete_channel: no stack [ 483.896606][ T1338] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 483.906206][ T1338] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 484.011982][ T24] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 484.152193][ T24] usb 3-1: device descriptor read/64, error -71 [ 484.405707][ T24] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 484.552212][ T24] usb 3-1: device descriptor read/64, error -71 [ 484.683975][ T24] usb usb3-port1: attempt power cycle [ 484.733065][T14292] netlink: 'syz.1.2695': attribute type 6 has an invalid length. [ 484.835034][T14296] usb usb8: usbfs: process 14296 (syz.4.2697) did not claim interface 0 before use [ 484.892662][T14281] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 485.052119][ T24] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 485.082719][ T24] usb 3-1: device descriptor read/8, error -71 [ 485.162062][T14057] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 485.292081][ T5841] Bluetooth: hci5: command tx timeout [ 485.342225][ T24] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 485.349853][T14057] usb 2-1: Using ep0 maxpacket: 16 [ 485.373611][ T24] usb 3-1: device descriptor read/8, error -71 [ 485.400134][T14057] usb 2-1: unable to get BOS descriptor or descriptor too short [ 485.415862][T14057] usb 2-1: config 1 interface 0 has no altsetting 0 [ 485.432044][T14057] usb 2-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 485.521100][ T24] usb usb3-port1: unable to enumerate USB device [ 485.529305][T14057] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 485.564931][T14057] usb 2-1: Product: syz [ 485.627115][T14057] usb 2-1: Manufacturer: syz [ 485.866955][T14314] xt_CT: No such helper "syz0" [ 485.898002][T14057] usb 2-1: SerialNumber: syz [ 486.892548][T14322] xt_CT: No such helper "syz0" [ 487.362125][ T5841] Bluetooth: hci5: command tx timeout [ 487.587147][T14336] netlink: 40 bytes leftover after parsing attributes in process `syz.0.2706'. [ 488.134646][T14057] usbhid 2-1:1.0: can't add hid device: -71 [ 488.140617][T14057] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 488.217248][T14057] usb 2-1: USB disconnect, device number 45 [ 488.312071][ T24] usb 4-1: new high-speed USB device number 48 using dummy_hcd [ 488.433024][T14346] FAULT_INJECTION: forcing a failure. [ 488.433024][T14346] name failslab, interval 1, probability 0, space 0, times 0 [ 488.458627][T14346] CPU: 0 UID: 0 PID: 14346 Comm: syz.4.2710 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 488.458651][T14346] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 488.458661][T14346] Call Trace: [ 488.458668][T14346] [ 488.458676][T14346] dump_stack_lvl+0x241/0x360 [ 488.458707][T14346] ? __pfx_dump_stack_lvl+0x10/0x10 [ 488.458731][T14346] ? __pfx__printk+0x10/0x10 [ 488.458759][T14346] ? __pfx___might_resched+0x10/0x10 [ 488.458791][T14346] should_fail_ex+0x424/0x570 [ 488.458815][T14346] should_failslab+0xac/0x100 [ 488.458840][T14346] __kmalloc_noprof+0xdf/0x4d0 [ 488.458862][T14346] ? tomoyo_realpath_from_path+0xc2/0x5e0 [ 488.458886][T14346] ? tomoyo_realpath_from_path+0xcf/0x5e0 [ 488.458915][T14346] tomoyo_realpath_from_path+0xcf/0x5e0 [ 488.458953][T14346] tomoyo_path_number_perm+0x245/0x790 [ 488.458973][T14346] ? __lock_acquire+0xad5/0xd80 [ 488.458993][T14346] ? tomoyo_path_number_perm+0x215/0x790 [ 488.459016][T14346] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 488.459075][T14346] ? __fget_files+0x2a/0x420 [ 488.459090][T14346] ? __fget_files+0x2a/0x420 [ 488.459109][T14346] ? __fget_files+0x2a/0x420 [ 488.459130][T14346] security_file_ioctl_compat+0xc6/0x2a0 [ 488.459152][T14346] __se_compat_sys_ioctl+0xd8/0xc30 [ 488.459173][T14346] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 488.459195][T14346] ? __pfx___se_compat_sys_ioctl+0x10/0x10 [ 488.459216][T14346] ? __fget_files+0x2a/0x420 [ 488.459237][T14346] ? fput+0x9b/0xd0 [ 488.459253][T14346] ? ksys_write+0x275/0x2d0 [ 488.459281][T14346] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 488.459300][T14346] ? lockdep_hardirqs_on+0x9d/0x150 [ 488.459322][T14346] __do_fast_syscall_32+0xb4/0x110 [ 488.459343][T14346] ? exc_page_fault+0x5f8/0x920 [ 488.459366][T14346] do_fast_syscall_32+0x34/0x80 [ 488.459387][T14346] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 488.459408][T14346] RIP: 0023:0xf7f76579 [ 488.459423][T14346] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 488.459437][T14346] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 488.459455][T14346] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000002285 [ 488.459466][T14346] RDX: 0000000080000040 RSI: 0000000000000000 RDI: 0000000000000000 [ 488.459475][T14346] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 488.459485][T14346] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 488.459494][T14346] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 488.459518][T14346] [ 488.459525][T14346] ERROR: Out of memory at tomoyo_realpath_from_path. [ 488.492077][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 488.756682][ T24] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 488.812051][ T24] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 488.837189][ T24] usb 4-1: config 0 has no interface number 0 [ 488.913588][ T24] usb 4-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 488.928590][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.941335][ T24] usb 4-1: Product: syz [ 488.947971][ T24] usb 4-1: Manufacturer: syz [ 488.958058][ T24] usb 4-1: SerialNumber: syz [ 489.072301][ T24] usb 4-1: config 0 descriptor?? [ 489.292004][T14368] netlink: 148 bytes leftover after parsing attributes in process `syz.0.2714'. [ 489.449467][ T5841] Bluetooth: hci5: command tx timeout [ 489.620888][T14349] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 489.998775][T14372] netlink: 'syz.4.2718': attribute type 10 has an invalid length. [ 491.035381][T14388] fuse: Bad value for 'fd' [ 491.069952][T14388] xt_physdev: --physdev-out and --physdev-is-out only supported in the FORWARD and POSTROUTING chains with bridged traffic [ 491.191961][T14390] sctp: [Deprecated]: syz.1.2723 (pid 14390) Use of int in max_burst socket option deprecated. [ 491.191961][T14390] Use struct sctp_assoc_value instead [ 491.212214][T13690] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 491.352924][T13690] usb 1-1: device descriptor read/64, error -71 [ 491.432047][ T976] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 491.480452][T14340] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 491.482007][ T9] usb 2-1: new full-speed USB device number 46 using dummy_hcd [ 491.491043][T14057] usb 4-1: USB disconnect, device number 48 [ 491.584058][ T976] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 491.593120][T13690] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 491.600711][ T976] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 491.611110][ T976] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 491.620602][ T976] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 491.633455][ T976] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 491.642671][ T976] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 491.650669][ T976] usb 3-1: Product: syz [ 491.655056][ T976] usb 3-1: Manufacturer: syz [ 491.661232][ T9] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 491.671599][ T9] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 491.686331][ T9] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 491.695622][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 491.705095][ T976] cdc_wdm 3-1:1.0: skipping garbage [ 491.710287][ T976] cdc_wdm 3-1:1.0: skipping garbage [ 491.720168][ T976] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 491.726250][ T976] cdc_wdm 3-1:1.0: Unknown control protocol [ 491.742022][T13690] usb 1-1: device descriptor read/64, error -71 [ 491.852231][T13690] usb usb1-port1: attempt power cycle [ 491.873186][T14057] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 491.910864][ T2153] usb 3-1: USB disconnect, device number 64 [ 491.931454][ T9] usb 2-1: usb_control_msg returned -32 [ 491.937776][ T9] usbtmc 2-1:16.0: can't read capabilities [ 492.033751][T14057] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 492.044406][T14057] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 492.053812][T14057] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 492.064486][T14057] usb 4-1: config 0 descriptor?? [ 492.071605][T14057] pwc: Askey VC010 type 2 USB webcam detected. [ 492.192014][T13690] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 492.212664][T13690] usb 1-1: device descriptor read/8, error -71 [ 492.271279][T14057] pwc: recv_control_msg error -32 req 02 val 2b00 [ 492.354862][ T2153] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 492.452224][T13690] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 492.471199][T14057] pwc: recv_control_msg error -32 req 02 val 2700 [ 492.474764][T13690] usb 1-1: device descriptor read/8, error -71 [ 492.498063][T14057] pwc: recv_control_msg error -71 req 02 val 2c00 [ 492.508750][T14057] pwc: recv_control_msg error -71 req 04 val 1000 [ 492.517420][T14057] pwc: recv_control_msg error -71 req 04 val 1300 [ 492.526057][ T2153] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 492.535047][ T2153] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 492.546185][T14057] pwc: recv_control_msg error -71 req 04 val 1400 [ 492.554827][ T2153] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 492.564161][T14057] pwc: recv_control_msg error -71 req 02 val 2000 [ 492.575394][T14057] pwc: recv_control_msg error -71 req 02 val 2100 [ 492.582100][ T2153] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 492.593736][T14057] pwc: recv_control_msg error -71 req 04 val 1500 [ 492.594619][T13690] usb usb1-port1: unable to enumerate USB device [ 492.600873][T14057] pwc: recv_control_msg error -71 req 02 val 2500 [ 492.614120][ T2153] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 492.623304][ T2153] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 492.631306][ T2153] usb 3-1: Product: syz [ 492.636201][ T2153] usb 3-1: Manufacturer: syz [ 492.640880][T14057] pwc: recv_control_msg error -71 req 02 val 2400 [ 492.647617][T14057] pwc: recv_control_msg error -71 req 02 val 2600 [ 492.656485][T14057] pwc: recv_control_msg error -71 req 02 val 2900 [ 492.665323][ T2153] cdc_wdm 3-1:1.0: skipping garbage [ 492.670567][ T2153] cdc_wdm 3-1:1.0: skipping garbage [ 492.676415][T14057] pwc: recv_control_msg error -71 req 02 val 2800 [ 492.684900][ T2153] cdc_wdm 3-1:1.0: cdc-wdm1: USB WDM device [ 492.690816][ T2153] cdc_wdm 3-1:1.0: Unknown control protocol [ 492.697752][T14057] pwc: recv_control_msg error -71 req 04 val 1100 [ 492.704808][T14057] pwc: recv_control_msg error -71 req 04 val 1200 [ 492.724186][T14406] dvmrp0: entered allmulticast mode [ 492.732490][T14057] pwc: Registered as video103. [ 492.741259][T14057] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input17 [ 492.760247][T14057] usb 4-1: USB disconnect, device number 49 [ 493.852102][T14057] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 493.992103][T14057] usb 4-1: device descriptor read/64, error -71 [ 494.204902][T14429] netlink: 'syz.0.2734': attribute type 1 has an invalid length. [ 494.225294][ T2153] usb 3-1: USB disconnect, device number 65 [ 494.265179][T14057] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 494.288473][T13690] usb 2-1: USB disconnect, device number 46 [ 494.415346][T14057] usb 4-1: device descriptor read/64, error -71 [ 494.462643][ T9] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 494.547941][T14435] xt_CT: No such helper "syz0" [ 494.553419][T14057] usb usb4-port1: attempt power cycle [ 494.601999][ T9] usb 1-1: device descriptor read/64, error -71 [ 494.852181][ T9] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 494.949081][T14057] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 494.973504][T14057] usb 4-1: device descriptor read/8, error -71 [ 495.002021][ T9] usb 1-1: device descriptor read/64, error -71 [ 495.135335][ T9] usb usb1-port1: attempt power cycle [ 495.211960][T14057] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 495.232725][T14057] usb 4-1: device descriptor read/8, error -71 [ 495.352330][T14057] usb usb4-port1: unable to enumerate USB device [ 495.482022][ T9] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 495.566982][ T9] usb 1-1: device descriptor read/8, error -71 [ 495.812180][ T9] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 495.833014][ T9] usb 1-1: device descriptor read/8, error -71 [ 495.942286][ T9] usb usb1-port1: unable to enumerate USB device [ 496.625881][T14469] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2745'. [ 496.647246][T14470] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2745'. [ 497.766254][T14491] xt_CT: No such helper "syz0" [ 497.856316][T14493] xt_CT: No such helper "syz0" [ 498.009412][T14499] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2752'. [ 498.964218][T14513] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2756'. [ 499.076089][T14513] dummy0: entered promiscuous mode [ 499.104914][T14513] macsec1: entered allmulticast mode [ 499.148665][T14513] dummy0: entered allmulticast mode [ 499.206804][T14524] usb usb5: usbfs: process 14524 (syz.0.2759) did not claim interface 0 before use [ 499.389693][T14528] netlink: 'syz.3.2760': attribute type 21 has an invalid length. [ 499.441691][T14528] netlink: 'syz.3.2760': attribute type 1 has an invalid length. [ 500.973293][T14570] Cannot find del_set index 4 as target [ 501.285209][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 501.285229][ T30] audit: type=1326 audit(1744302089.311:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14557 comm="syz.0.2768" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 501.521255][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.527645][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.741940][ T5895] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 501.893507][ T30] audit: type=1326 audit(1744302089.311:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14557 comm="syz.0.2768" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 502.162032][ T30] audit: type=1326 audit(1744302089.321:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14557 comm="syz.0.2768" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 502.190484][ T30] audit: type=1326 audit(1744302089.331:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14557 comm="syz.0.2768" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 502.212659][ T30] audit: type=1326 audit(1744302089.331:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14557 comm="syz.0.2768" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 502.310401][ T5895] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 502.369321][ T5895] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 502.410278][ T5895] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 502.421364][ T30] audit: type=1326 audit(1744302089.331:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14557 comm="syz.0.2768" exe="/root/syz-executor" sig=0 arch=40000003 syscall=372 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 502.454727][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.568000][T14562] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 502.576904][ T30] audit: type=1326 audit(1744302089.331:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14557 comm="syz.0.2768" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 502.604478][ T5895] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 502.619123][T14594] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2775'. [ 502.628307][T14594] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2775'. [ 502.641630][T14594] netlink: 'syz.1.2775': attribute type 12 has an invalid length. [ 502.672303][ T30] audit: type=1326 audit(1744302089.331:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14557 comm="syz.0.2768" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 502.681020][T14598] loop0: detected capacity change from 0 to 128 [ 502.714958][T14598] loop0: [CUMANA/ADFS] p1 [ADFS] p1 [ 502.720686][T14598] loop0: partition table partially beyond EOD, truncated [ 502.771000][T14598] loop0: p1 size 348879409 extends beyond EOD, truncated [ 502.868917][ T30] audit: type=1326 audit(1744302089.331:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14557 comm="syz.0.2768" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 502.999715][T14603] netlink: 4 bytes leftover after parsing attributes in process `syz.2.2779'. [ 503.020583][ T30] audit: type=1326 audit(1744302089.331:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14557 comm="syz.0.2768" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 503.117255][T14604] usb usb8: usbfs: process 14604 (syz.2.2779) did not claim interface 0 before use [ 504.366739][T14628] bond2: entered allmulticast mode [ 504.401301][T14628] 8021q: adding VLAN 0 to HW filter on device bond2 [ 504.489425][T12838] usb 1-1: USB disconnect, device number 40 [ 504.899707][T14642] netlink: 'syz.4.2791': attribute type 30 has an invalid length. [ 505.989143][T14659] xt_CT: No such helper "syz0" [ 508.172964][ T30] kauditd_printk_skb: 37 callbacks suppressed [ 508.172979][ T30] audit: type=1326 audit(1744302096.191:73): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14709 comm="syz.0.2807" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 508.200885][ C1] vkms_vblank_simulate: vblank timer overrun [ 508.285545][ T30] audit: type=1326 audit(1744302096.191:74): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14709 comm="syz.0.2807" exe="/root/syz-executor" sig=0 arch=40000003 syscall=436 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 508.420251][ T30] audit: type=1326 audit(1744302096.201:75): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14709 comm="syz.0.2807" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 508.570116][ T2153] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 508.633565][ T2153] hid-generic 0000:0000:0000.000C: hidraw0: HID v0.00 Device [syz0] on syz0 [ 508.647047][T14723] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2811'. [ 508.733201][ T30] audit: type=1326 audit(1744302096.201:76): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14709 comm="syz.0.2807" exe="/root/syz-executor" sig=0 arch=40000003 syscall=192 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 508.796889][T14720] could not allocate digest TFM handle poly1305-neon [ 508.854096][ T30] audit: type=1326 audit(1744302096.201:77): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14709 comm="syz.0.2807" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 508.911665][ T30] audit: type=1326 audit(1744302096.201:78): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14709 comm="syz.0.2807" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 508.933594][ C1] vkms_vblank_simulate: vblank timer overrun [ 509.137993][ T30] audit: type=1326 audit(1744302096.201:79): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14709 comm="syz.0.2807" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 509.370386][ T30] audit: type=1326 audit(1744302096.201:80): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14709 comm="syz.0.2807" exe="/root/syz-executor" sig=0 arch=40000003 syscall=366 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 509.496950][T14740] openvswitch: netlink: Tunnel attr 16370 out of range max 16 [ 509.664290][ T30] audit: type=1326 audit(1744302096.201:81): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14709 comm="syz.0.2807" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 509.693755][ T30] audit: type=1326 audit(1744302096.201:82): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14709 comm="syz.0.2807" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf7f15579 code=0x7ffc0000 [ 509.762995][ T9] usb 4-1: new low-speed USB device number 54 using dummy_hcd [ 509.912035][ T9] usb 4-1: Invalid ep0 maxpacket: 16 [ 510.043443][ T9] usb 4-1: new low-speed USB device number 55 using dummy_hcd [ 510.209809][ T9] usb 4-1: Invalid ep0 maxpacket: 16 [ 510.222413][ T9] usb usb4-port1: attempt power cycle [ 510.572239][ T9] usb 4-1: new low-speed USB device number 56 using dummy_hcd [ 510.604709][ T9] usb 4-1: Invalid ep0 maxpacket: 16 [ 510.636724][T14761] netlink: 100 bytes leftover after parsing attributes in process `syz.1.2822'. [ 510.732022][ T9] usb 4-1: new low-speed USB device number 57 using dummy_hcd [ 510.756649][ T9] usb 4-1: Invalid ep0 maxpacket: 16 [ 510.762662][ T9] usb usb4-port1: unable to enumerate USB device [ 511.043166][ T9] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 511.262394][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 511.269047][ T9] usb 2-1: config 0 has an invalid interface number: 105 but max is 0 [ 511.277381][ T9] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 511.287627][ T9] usb 2-1: config 0 has no interface number 0 [ 511.296726][ T9] usb 2-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 511.305965][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 511.314079][ T9] usb 2-1: Product: syz [ 511.318247][ T9] usb 2-1: Manufacturer: syz [ 511.323002][ T9] usb 2-1: SerialNumber: syz [ 511.337047][ T9] usb 2-1: config 0 descriptor?? [ 511.459257][T14770] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2825'. [ 511.469955][T14770] netlink: 168 bytes leftover after parsing attributes in process `syz.4.2825'. [ 511.553961][T14774] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 511.602291][T14774] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 513.533565][T14802] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 513.542742][T14802] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 513.756908][T14762] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 513.833774][T12838] usb 2-1: USB disconnect, device number 47 [ 514.012137][ T9] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 514.203888][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 514.263133][ T9] usb 3-1: New USB device found, idVendor=1de1, idProduct=c102, bcdDevice=7d.08 [ 514.272678][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 514.280765][ T9] usb 3-1: Product: syz [ 514.288489][ T9] usb 3-1: Manufacturer: syz [ 514.293277][ T9] usb 3-1: SerialNumber: syz [ 514.308409][ T9] usb 3-1: config 0 descriptor?? [ 514.320651][ T9] gm12u320 3-1:0.0: [drm:gm12u320_set_ecomode] *ERROR* Misc. req. error -8 [ 514.332425][ T9] gm12u320 3-1:0.0: probe with driver gm12u320 failed with error -5 [ 514.347433][ T9] usb-storage 3-1:0.0: USB Mass Storage device detected [ 514.364715][ T9] usb-storage 3-1:0.0: device ignored [ 515.116070][ T5895] usb 3-1: USB disconnect, device number 66 [ 515.291002][T14828] bridge0: entered promiscuous mode [ 515.305776][T14833] netlink: 364 bytes leftover after parsing attributes in process `syz.1.2842'. [ 515.315694][T14828] macvlan2: entered promiscuous mode [ 515.323386][T14833] netlink: 364 bytes leftover after parsing attributes in process `syz.1.2842'. [ 515.354290][T14828] netlink: 14 bytes leftover after parsing attributes in process `syz.2.2841'. [ 515.367193][T14832] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 515.386340][T12838] wlan1: authenticate with 08:02:11:00:00:00 (local address=08:02:11:00:00:01) [ 515.416711][T12838] wlan1: send auth to 08:02:11:00:00:00 (try 1/3) [ 515.439031][T14832] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 515.448057][ T974] wlan1: authenticated [ 515.482408][ T1338] wlan1: associate with 08:02:11:00:00:00 (try 1/3) [ 515.585031][T14832] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 515.603712][T12459] wlan1: RX AssocResp from 08:02:11:00:00:00 (capab=0x1 status=0 aid=1) [ 515.685688][T12459] wlan1: associated [ 515.828472][T14828] bond0 (unregistering): Released all slaves [ 515.944480][ T76] tipc: Subscription rejected, illegal request [ 516.233678][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 516.233703][ T30] audit: type=1326 audit(1744302104.261:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14835 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 516.342011][ T5895] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 516.352053][T12838] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 516.365902][ T30] audit: type=1326 audit(1744302104.261:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14835 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf747d5a7 code=0x7ffc0000 [ 516.525437][ T30] audit: type=1326 audit(1744302104.261:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14835 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 516.547359][ C1] vkms_vblank_simulate: vblank timer overrun [ 516.562286][T12838] usb 3-1: device descriptor read/64, error -71 [ 516.800436][ T30] audit: type=1326 audit(1744302104.261:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14835 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf747d5a7 code=0x7ffc0000 [ 516.849926][T14837] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 516.858674][T14837] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 516.941697][ T30] audit: type=1326 audit(1744302104.271:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14835 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 517.021978][T12838] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 517.062104][ T2153] usb 4-1: new full-speed USB device number 58 using dummy_hcd [ 517.105119][T14849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 517.114837][ T30] audit: type=1326 audit(1744302104.271:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14835 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf747d5a7 code=0x7ffc0000 [ 517.145106][T14849] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 517.159841][ T30] audit: type=1326 audit(1744302104.271:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14835 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 517.214782][ T30] audit: type=1326 audit(1744302104.271:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14835 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf747d5a7 code=0x7ffc0000 [ 517.248189][ T30] audit: type=1326 audit(1744302104.271:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14835 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=40000003 syscall=20 compat=1 ip=0xf747d579 code=0x7ffc0000 [ 517.394679][ T30] audit: type=1326 audit(1744302104.271:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14835 comm="syz.1.2843" exe="/root/syz-executor" sig=0 arch=40000003 syscall=173 compat=1 ip=0xf747d5a7 code=0x7ffc0000 [ 517.542908][T12838] usb 3-1: device descriptor read/64, error -71 [ 517.656567][T12838] usb usb3-port1: attempt power cycle [ 518.021978][T12838] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 518.058171][T12838] usb 3-1: device descriptor read/8, error -71 [ 518.110151][T14865] netdevsim netdevsim1 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 518.119407][T14865] netdevsim netdevsim1 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 518.128376][T14865] netdevsim netdevsim1 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 518.137156][T14865] netdevsim netdevsim1 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 518.202600][ T2153] usb 4-1: device descriptor read/64, error -71 [ 518.313906][T12838] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 518.342619][T12838] usb 3-1: device descriptor read/8, error -71 [ 518.442855][ T5895] usb 2-1: device descriptor read/64, error -71 [ 518.462776][ T2153] usb 4-1: new full-speed USB device number 59 using dummy_hcd [ 518.471494][T12838] usb usb3-port1: unable to enumerate USB device [ 518.643968][ T2153] usb 4-1: config 54 has an invalid interface number: 154 but max is 0 [ 518.652502][ T2153] usb 4-1: config 54 has no interface number 0 [ 518.660502][ T2153] usb 4-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice= 0.ec [ 518.669664][ T2153] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 518.677735][ T2153] usb 4-1: Product: syz [ 518.681936][ T2153] usb 4-1: Manufacturer: syz [ 518.682012][ T5895] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 518.686521][ T2153] usb 4-1: SerialNumber: syz [ 518.852013][ T5895] usb 2-1: Using ep0 maxpacket: 16 [ 518.858585][ T5895] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 518.869958][ T5895] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 518.883439][ T5895] usb 2-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 518.892612][ T5895] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 518.904744][ T5895] usb 2-1: config 0 descriptor?? [ 518.924989][ T5895] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 518.969834][T14852] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 518.980571][T14852] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 519.288279][T14875] xt_CT: No such helper "syz0" [ 519.310468][T14879] misc userio: The device must be registered before sending interrupts [ 519.692097][ T2153] usb 4-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 519.705044][T12459] usb 4-1: Failed to submit usb control message: -71 [ 519.706348][ T2153] usb 4-1: USB disconnect, device number 59 [ 519.725325][T12459] usb 4-1: unable to send the bmi data to the device: -71 [ 519.780388][T12459] usb 4-1: unable to get target info from device [ 519.861981][T12459] usb 4-1: could not get target info (-71) [ 519.880148][T12459] usb 4-1: could not probe fw (-71) [ 520.266319][ T2153] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 520.443828][ T2153] usb 4-1: config 0 has no interfaces? [ 520.449455][ T2153] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 520.465612][ T2153] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 520.473839][T12838] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 520.491120][ T2153] usb 4-1: config 0 descriptor?? [ 520.631926][T12838] usb 3-1: Using ep0 maxpacket: 16 [ 520.641977][T12838] usb 3-1: config 0 has an invalid interface number: 105 but max is 0 [ 520.659678][T12838] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 520.678639][T12838] usb 3-1: config 0 has no interface number 0 [ 520.690910][T12838] usb 3-1: New USB device found, idVendor=046d, idProduct=08f3, bcdDevice= b.28 [ 520.705988][T14882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 520.719897][T14882] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 520.720777][T14893] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 520.745178][T12838] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 520.762192][T14893] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 520.773639][T12838] usb 3-1: Product: syz [ 520.777491][T14882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 520.787003][T12838] usb 3-1: Manufacturer: syz [ 520.791249][T14893] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 520.793264][T12838] usb 3-1: SerialNumber: syz [ 520.808534][T14882] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 520.824756][T14893] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 520.833250][T14882] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 520.851110][T14882] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 520.867550][T12838] usb 3-1: config 0 descriptor?? [ 520.896777][ T976] usb 4-1: USB disconnect, device number 60 [ 521.105840][T12838] usb 2-1: USB disconnect, device number 49 [ 521.236257][T14901] FAULT_INJECTION: forcing a failure. [ 521.236257][T14901] name failslab, interval 1, probability 0, space 0, times 0 [ 521.261114][T14901] CPU: 1 UID: 0 PID: 14901 Comm: syz.3.2859 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 521.261138][T14901] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 521.261148][T14901] Call Trace: [ 521.261155][T14901] [ 521.261162][T14901] dump_stack_lvl+0x241/0x360 [ 521.261191][T14901] ? __pfx_dump_stack_lvl+0x10/0x10 [ 521.261215][T14901] ? __pfx__printk+0x10/0x10 [ 521.261236][T14901] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 521.261260][T14901] ? __pfx___might_resched+0x10/0x10 [ 521.261284][T14901] should_fail_ex+0x424/0x570 [ 521.261306][T14901] should_failslab+0xac/0x100 [ 521.261329][T14901] ? bdi_alloc+0x4f/0x140 [ 521.261347][T14901] __kmalloc_cache_node_noprof+0x74/0x3c0 [ 521.261377][T14901] bdi_alloc+0x4f/0x140 [ 521.261397][T14901] super_setup_bdi_name+0xb2/0x200 [ 521.261425][T14901] ? __pfx_super_setup_bdi_name+0x10/0x10 [ 521.261449][T14901] ? do_raw_spin_unlock+0x13c/0x8b0 [ 521.261482][T14901] fuse_fill_super_common+0x665/0x1210 [ 521.261513][T14901] ? __pfx_fuse_fill_super_common+0x10/0x10 [ 521.261536][T14901] ? __init_swait_queue_head+0xae/0x150 [ 521.261564][T14901] ? shrinker_register+0x160/0x230 [ 521.261588][T14901] ? sget_fc+0x960/0xa50 [ 521.261607][T14901] fuse_fill_super+0x173/0x1e0 [ 521.261627][T14901] ? __pfx_fuse_fill_super+0x10/0x10 [ 521.261651][T14901] get_tree_nodev+0xb7/0x140 [ 521.261672][T14901] fuse_get_tree+0x347/0x4b0 [ 521.261699][T14901] vfs_get_tree+0x90/0x2b0 [ 521.261722][T14901] do_new_mount+0x2cf/0xb70 [ 521.261752][T14901] ? __pfx_do_new_mount+0x10/0x10 [ 521.261783][T14901] __se_sys_mount+0x38c/0x400 [ 521.261813][T14901] ? __pfx___se_sys_mount+0x10/0x10 [ 521.261839][T14901] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 521.261862][T14901] ? lockdep_hardirqs_on+0x9d/0x150 [ 521.261877][T14901] ? __ia32_sys_mount+0x20/0xc0 [ 521.261903][T14901] __do_fast_syscall_32+0xb4/0x110 [ 521.261922][T14901] ? exc_page_fault+0x5f8/0x920 [ 521.261945][T14901] do_fast_syscall_32+0x34/0x80 [ 521.261966][T14901] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 521.261985][T14901] RIP: 0023:0xf7f77579 [ 521.261999][T14901] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 521.262012][T14901] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 0000000000000015 [ 521.262051][T14901] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00000000800042c0 [ 521.262065][T14901] RDX: 0000000080002100 RSI: 0000000000000000 RDI: 0000000080000000 [ 521.262081][T14901] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 521.262090][T14901] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 521.262100][T14901] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 521.262124][T14901] [ 522.883127][ T976] usb 2-1: new low-speed USB device number 50 using dummy_hcd [ 522.911976][ T5895] usb 4-1: new full-speed USB device number 61 using dummy_hcd [ 522.947487][T14919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 522.958943][T14919] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 523.221742][ T976] usb 2-1: New USB device found, idVendor=046d, idProduct=08b1, bcdDevice=6d.2a [ 523.230989][ T976] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 523.245505][ T976] usb 2-1: config 0 descriptor?? [ 523.256514][ T976] pwc: Logitech QuickCam Notebook Pro USB webcam detected. [ 523.297755][T14928] A link change request failed with some changes committed already. Interface ipvlan1 may have been left with an inconsistent configuration, please check. [ 523.333484][T14887] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 523.347586][ T9] usb 3-1: USB disconnect, device number 71 [ 523.439071][T14928] qrtr: Invalid version 0 [ 523.619744][T14936] netlink: 'syz.4.2868': attribute type 10 has an invalid length. [ 523.627998][T14936] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2868'. [ 525.431967][T14057] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 525.612024][T14057] usb 3-1: Using ep0 maxpacket: 8 [ 525.628969][T14057] usb 3-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 525.650480][T14057] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 525.659095][T14057] usb 3-1: Product: syz [ 525.664013][T14057] usb 3-1: Manufacturer: syz [ 525.668626][T14057] usb 3-1: SerialNumber: syz [ 525.699627][T14057] usb 3-1: config 0 descriptor?? [ 525.916692][T14967] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2878'. [ 525.944690][T14057] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 525.958856][T14057] gspca_sunplus: reg_w_riv err -71 [ 525.965804][T14057] sunplus 3-1:0.0: probe with driver sunplus failed with error -71 [ 525.978385][T14057] usb 3-1: USB disconnect, device number 72 [ 526.159985][ T976] pwc: Failed to set LED on/off time (-71) [ 526.174016][ T976] pwc: send_video_command error -71 [ 526.180208][ T976] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 526.189943][ T976] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71 [ 526.213460][ T976] usb 2-1: USB disconnect, device number 50 [ 526.232578][ T30] kauditd_printk_skb: 107 callbacks suppressed [ 526.232592][ T30] audit: type=1326 audit(1744302114.291:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14988 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 526.298022][ T30] audit: type=1326 audit(1744302114.291:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14988 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 526.321312][ T30] audit: type=1326 audit(1744302114.321:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14988 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 526.346159][ T30] audit: type=1326 audit(1744302114.321:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14988 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 526.368949][ T30] audit: type=1326 audit(1744302114.321:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14988 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 526.391162][ T30] audit: type=1326 audit(1744302114.321:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14988 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 526.435867][ T30] audit: type=1326 audit(1744302114.321:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14988 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 526.458806][ T30] audit: type=1326 audit(1744302114.321:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14988 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 526.506648][ T30] audit: type=1326 audit(1744302114.321:224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14988 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f77579 code=0x7ffc0000 [ 526.557582][ T30] audit: type=1326 audit(1744302114.321:225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=14988 comm="syz.3.2886" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7f77598 code=0x7ffc0000 [ 527.110639][T15009] xt_CT: No such helper "syz0" [ 527.735689][T15001] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 528.322130][T12838] usb 4-1: new full-speed USB device number 62 using dummy_hcd [ 528.852265][T14057] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 529.054091][T14057] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 64, changing to 10 [ 529.065325][T14057] usb 2-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00 [ 529.081891][T14057] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 529.118232][T14057] usb 2-1: config 0 descriptor?? [ 529.564776][T14057] aquacomputer_d5next 0003:0C70:F011.000D: hidraw0: USB HID v0.00 Device [HID 0c70:f011] on usb-dummy_hcd.1-1/input0 [ 529.686791][T15046] xt_CT: No such helper "syz0" [ 529.871812][T14057] usb 2-1: USB disconnect, device number 51 [ 530.001491][T15049] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 530.011168][T15049] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 530.026033][T15049] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 530.040118][T15049] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 530.048270][T15049] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 530.646356][T15060] RDS: rds_bind could not find a transport for ::ffff:0.0.224.255, load rds_tcp or rds_rdma? [ 530.731081][ T1338] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 530.741539][ T1338] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.938951][ T1338] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 530.949482][ T1338] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 530.978208][T15063] IPVS: set_ctl: invalid protocol: 115 224.0.0.2:20001 [ 531.138481][T15068] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2905'. [ 531.266476][ T1338] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 531.282315][ T1338] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 531.769348][ T1338] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 531.894833][ T1338] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 532.098674][T15049] Bluetooth: hci2: command tx timeout [ 532.143307][T15051] chnl_net:caif_netlink_parms(): no params data found [ 532.559084][T15058] syz.4.2902 (15058): drop_caches: 2 [ 532.816578][T15051] bridge0: port 1(bridge_slave_0) entered blocking state [ 532.832071][T15051] bridge0: port 1(bridge_slave_0) entered disabled state [ 532.842587][T15051] bridge_slave_0: entered allmulticast mode [ 532.865916][T15051] bridge_slave_0: entered promiscuous mode [ 532.879461][T15086] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2909'. [ 532.902105][T15086] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2909'. [ 532.977005][T15090] FAULT_INJECTION: forcing a failure. [ 532.977005][T15090] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 532.995861][T15090] CPU: 0 UID: 0 PID: 15090 Comm: syz.1.2909 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 532.995884][T15090] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 532.995894][T15090] Call Trace: [ 532.995902][T15090] [ 532.995909][T15090] dump_stack_lvl+0x241/0x360 [ 532.995940][T15090] ? __pfx_dump_stack_lvl+0x10/0x10 [ 532.995964][T15090] ? __pfx__printk+0x10/0x10 [ 532.996000][T15090] should_fail_ex+0x424/0x570 [ 532.996022][T15090] _copy_from_user+0x2d/0xb0 [ 532.996047][T15090] __sys_bpf+0x1c5/0x8b0 [ 532.996067][T15090] ? __pfx___sys_bpf+0x10/0x10 [ 532.996104][T15090] ? ksys_write+0x275/0x2d0 [ 532.996136][T15090] __ia32_sys_bpf+0x7c/0x90 [ 532.996162][T15090] __do_fast_syscall_32+0xb4/0x110 [ 532.996182][T15090] ? exc_page_fault+0x5f8/0x920 [ 532.996206][T15090] do_fast_syscall_32+0x34/0x80 [ 532.996226][T15090] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 532.996246][T15090] RIP: 0023:0xf747d579 [ 532.996259][T15090] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 532.996272][T15090] RSP: 002b:00000000f50e555c EFLAGS: 00000206 ORIG_RAX: 0000000000000165 [ 532.996288][T15090] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 0000000080000880 [ 532.996301][T15090] RDX: 0000000000000094 RSI: 0000000000000000 RDI: 0000000000000000 [ 532.996311][T15090] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 532.996321][T15090] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 532.996330][T15090] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 532.996355][T15090] [ 532.997220][T15090] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2909'. [ 533.114352][ C0] vkms_vblank_simulate: vblank timer overrun [ 533.140846][T15092] vivid-003: kernel_thread() failed [ 533.446636][T15100] FAULT_INJECTION: forcing a failure. [ 533.446636][T15100] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 533.461923][T15100] CPU: 0 UID: 0 PID: 15100 Comm: syz.0.2913 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 533.461947][T15100] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 533.461957][T15100] Call Trace: [ 533.461964][T15100] [ 533.461971][T15100] dump_stack_lvl+0x241/0x360 [ 533.462003][T15100] ? __pfx_dump_stack_lvl+0x10/0x10 [ 533.462026][T15100] ? __pfx__printk+0x10/0x10 [ 533.462067][T15100] should_fail_ex+0x424/0x570 [ 533.462089][T15100] prepare_alloc_pages+0x220/0x610 [ 533.462116][T15100] __alloc_frozen_pages_noprof+0x162/0x5b0 [ 533.462139][T15100] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 533.462158][T15100] ? process_measurement+0x1b33/0x1fe0 [ 533.462200][T15100] alloc_pages_mpol+0x339/0x690 [ 533.462228][T15100] ? __pfx_alloc_pages_mpol+0x10/0x10 [ 533.462260][T15100] alloc_pages_noprof+0x121/0x190 [ 533.462285][T15100] pte_alloc_one+0x1e/0x160 [ 533.462307][T15100] handle_pte_fault+0x2ac2/0x61c0 [ 533.462345][T15100] ? __pfx_handle_pte_fault+0x10/0x10 [ 533.462367][T15100] ? is_bpf_text_address+0x26/0x2a0 [ 533.462391][T15100] ? is_bpf_text_address+0x288/0x2a0 [ 533.462408][T15100] ? is_bpf_text_address+0x26/0x2a0 [ 533.462427][T15100] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 533.462452][T15100] ? kernel_text_address+0xa7/0xe0 [ 533.462469][T15100] ? _parse_integer_limit+0x1b4/0x200 [ 533.462500][T15100] ? __thp_vma_allowable_orders+0x8f9/0x9b0 [ 533.462524][T15100] ? mtree_range_walk+0x700/0x8e0 [ 533.462552][T15100] handle_mm_fault+0x1129/0x1bf0 [ 533.462574][T15100] ? mt_find+0x28a/0x8f0 [ 533.462619][T15100] ? __pfx_handle_mm_fault+0x10/0x10 [ 533.462665][T15100] ? lock_mm_and_find_vma+0x9c/0x2f0 [ 533.462691][T15100] exc_page_fault+0x2bb/0x920 [ 533.462719][T15100] asm_exc_page_fault+0x26/0x30 [ 533.462734][T15100] RIP: 0010:__get_user_4+0x14/0x20 [ 533.462751][T15100] Code: 00 0f 1f 44 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 ba 00 f0 ff ff ff 7f 00 00 48 39 d0 48 0f 47 c2 0f 01 cb <8b> 10 31 c0 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 533.462764][T15100] RSP: 0018:ffffc9000336fd98 EFLAGS: 00050287 [ 533.462780][T15100] RAX: 00000000f4f8c000 RBX: ffff88805302df58 RCX: 0000000000000000 [ 533.462792][T15100] RDX: 00007ffffffff000 RSI: ffffffff8e4fd50c RDI: ffffffff8ca1b6a0 [ 533.462805][T15100] RBP: ffffc9000336fed0 R08: 0000000000000001 R09: 0000000000000000 [ 533.462815][T15100] R10: 0000000000000000 R11: 0000000000000000 R12: 00000000f4f8c000 [ 533.462825][T15100] R13: ffff88807b10d000 R14: 0000000000000002 R15: dffffc0000000000 [ 533.462854][T15100] lookup_ioctx+0x5f/0x6a0 [ 533.462874][T15100] __se_compat_sys_io_submit+0xad/0x2f0 [ 533.462901][T15100] ? __pfx___se_compat_sys_io_submit+0x10/0x10 [ 533.462922][T15100] ? ksys_write+0x266/0x2d0 [ 533.462950][T15100] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 533.462969][T15100] ? lockdep_hardirqs_on+0x9d/0x150 [ 533.462991][T15100] __do_fast_syscall_32+0xb4/0x110 [ 533.463011][T15100] ? exc_page_fault+0x5f8/0x920 [ 533.463035][T15100] do_fast_syscall_32+0x34/0x80 [ 533.463060][T15100] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 533.463080][T15100] RIP: 0023:0xf7f15579 [ 533.463093][T15100] Code: b8 01 10 06 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 533.463106][T15100] RSP: 002b:00000000f503655c EFLAGS: 00000206 ORIG_RAX: 00000000000000f8 [ 533.463121][T15100] RAX: ffffffffffffffda RBX: 00000000f4f8c000 RCX: 0000000000000002 [ 533.463131][T15100] RDX: 0000000080000140 RSI: 0000000000000000 RDI: 0000000000000000 [ 533.463141][T15100] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 533.463150][T15100] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 533.463160][T15100] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 533.463187][T15100] [ 533.842219][ C0] vkms_vblank_simulate: vblank timer overrun [ 534.120978][ T1338] bond0 (unregistering): (slave batadv0): Releasing backup interface [ 534.130596][ T1338] bond0 (unregistering): Released all slaves [ 534.143772][T15051] bridge0: port 2(bridge_slave_1) entered blocking state [ 534.150920][T15051] bridge0: port 2(bridge_slave_1) entered disabled state [ 534.158416][T15051] bridge_slave_1: entered allmulticast mode [ 534.166202][T15051] bridge_slave_1: entered promiscuous mode [ 534.172139][T15049] Bluetooth: hci2: command tx timeout [ 534.263912][T15051] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 534.287488][T15051] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 534.539846][T15051] team0: Port device team_slave_0 added [ 534.555449][T15051] team0: Port device team_slave_1 added [ 534.885971][ T1338] hsr_slave_0: left promiscuous mode [ 534.968690][T15128] xt_CT: No such helper "syz0" [ 535.093440][ T1338] hsr_slave_1: left promiscuous mode [ 535.126809][ T1338] [ 535.129159][ T1338] ============================================ [ 535.135310][ T1338] WARNING: possible recursive locking detected [ 535.141461][ T1338] 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 Not tainted [ 535.148566][ T1338] -------------------------------------------- [ 535.154709][ T1338] kworker/u8:7/1338 is trying to acquire lock: [ 535.160841][ T1338] ffff8880320eed30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: dev_set_allmulti+0x11c/0x270 [ 535.170927][ T1338] [ 535.170927][ T1338] but task is already holding lock: [ 535.178272][ T1338] ffff8880320eed30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2510 [ 535.189830][ T1338] and the lock comparison function returns 0: [ 535.195876][ T1338] [ 535.195876][ T1338] other info that might help us debug this: [ 535.203940][ T1338] Possible unsafe locking scenario: [ 535.203940][ T1338] [ 535.211377][ T1338] CPU0 [ 535.214640][ T1338] ---- [ 535.217908][ T1338] lock(&dev_instance_lock_key#3); [ 535.223103][ T1338] lock(&dev_instance_lock_key#3); [ 535.228295][ T1338] [ 535.228295][ T1338] *** DEADLOCK *** [ 535.228295][ T1338] [ 535.236419][ T1338] May be due to missing lock nesting notation [ 535.236419][ T1338] [ 535.244720][ T1338] 5 locks held by kworker/u8:7/1338: [ 535.249996][ T1338] #0: ffff88801bef6148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x990/0x18e0 [ 535.260868][ T1338] #1: ffffc900043a7c60 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9cb/0x18e0 [ 535.271391][ T1338] #2: ffffffff900f0890 (pernet_ops_rwsem){++++}-{4:4}, at: cleanup_net+0x17c/0xd60 [ 535.280783][ T1338] #3: ffffffff900fd3c8 (rtnl_mutex){+.+.}-{4:4}, at: default_device_exit_batch+0xde/0x880 [ 535.290789][ T1338] #4: ffff8880320eed30 (&dev_instance_lock_key#3){+.+.}-{4:4}, at: unregister_netdevice_many_notify+0x5a1/0x2510 [ 535.302793][ T1338] [ 535.302793][ T1338] stack backtrace: [ 535.308663][ T1338] CPU: 1 UID: 0 PID: 1338 Comm: kworker/u8:7 Not tainted 6.15.0-rc1-syzkaller-00065-g3b07108ada81 #0 PREEMPT(full) [ 535.308679][ T1338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 535.308688][ T1338] Workqueue: netns cleanup_net [ 535.308708][ T1338] Call Trace: [ 535.308713][ T1338] [ 535.308718][ T1338] dump_stack_lvl+0x241/0x360 [ 535.308739][ T1338] ? __pfx_dump_stack_lvl+0x10/0x10 [ 535.308755][ T1338] ? __pfx__printk+0x10/0x10 [ 535.308771][ T1338] ? print_lock+0x171/0x1a0 [ 535.308787][ T1338] print_deadlock_bug+0x2be/0x2d0 [ 535.308803][ T1338] validate_chain+0x928/0x24e0 [ 535.308819][ T1338] ? check_noncircular+0xee/0x160 [ 535.308835][ T1338] ? lockdep_unlock+0x8d/0x120 [ 535.308846][ T1338] ? validate_chain+0x8a7/0x24e0 [ 535.308863][ T1338] __lock_acquire+0xad5/0xd80 [ 535.308878][ T1338] lock_acquire+0x116/0x2f0 [ 535.308889][ T1338] ? dev_set_allmulti+0x11c/0x270 [ 535.308910][ T1338] __mutex_lock+0x1a5/0x10c0 [ 535.308925][ T1338] ? dev_set_allmulti+0x11c/0x270 [ 535.308939][ T1338] ? dev_set_allmulti+0x11c/0x270 [ 535.308950][ T1338] ? __pfx___mutex_lock+0x10/0x10 [ 535.308966][ T1338] ? lockdep_hardirqs_on+0x9d/0x150 [ 535.308980][ T1338] ? __local_bh_enable_ip+0x168/0x200 [ 535.308993][ T1338] ? macsec_dev_stop+0x264/0x440 [ 535.309005][ T1338] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 535.309018][ T1338] dev_set_allmulti+0x11c/0x270 [ 535.309030][ T1338] macsec_dev_stop+0x2b8/0x440 [ 535.309042][ T1338] ? __pfx_macsec_dev_stop+0x10/0x10 [ 535.309057][ T1338] ? dev_deactivate_many+0xc09/0xca0 [ 535.309076][ T1338] ? __pfx_dev_deactivate_many+0x10/0x10 [ 535.309094][ T1338] ? notifier_call_chain+0x3cc/0x3f0 [ 535.309110][ T1338] ? __pfx_macsec_dev_stop+0x10/0x10 [ 535.309122][ T1338] __dev_close_many+0x3d7/0x760 [ 535.309139][ T1338] ? __pfx___dev_close_many+0x10/0x10 [ 535.309159][ T1338] dev_close_many+0x250/0x4c0 [ 535.309177][ T1338] ? __pfx_dev_close_many+0x10/0x10 [ 535.309192][ T1338] ? __lock_acquire+0xad5/0xd80 [ 535.309206][ T1338] unregister_netdevice_many_notify+0x628/0x2510 [ 535.309224][ T1338] ? lockdep_hardirqs_on+0x9d/0x150 [ 535.309237][ T1338] ? __local_bh_enable_ip+0x168/0x200 [ 535.309249][ T1338] ? batadv_tt_local_remove+0x119/0x230 [ 535.309261][ T1338] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 535.309273][ T1338] ? batadv_tt_local_remove+0x119/0x230 [ 535.309284][ T1338] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 535.309303][ T1338] ? unregister_netdevice_queue+0x2c4/0x400 [ 535.309319][ T1338] ? batadv_meshif_destroy_netlink+0x1e6/0x270 [ 535.309336][ T1338] default_device_exit_batch+0x7ff/0x880 [ 535.309356][ T1338] ? __pfx_default_device_exit_batch+0x10/0x10 [ 535.309374][ T1338] ? __pfx_rdma_dev_exit_net+0x10/0x10 [ 535.309391][ T1338] ? cfg802154_pernet_exit+0xc3/0xe0 [ 535.309402][ T1338] ? __pfx_default_device_exit_batch+0x10/0x10 [ 535.309420][ T1338] cleanup_net+0x8af/0xd60 [ 535.309439][ T1338] ? __pfx_cleanup_net+0x10/0x10 [ 535.309459][ T1338] ? process_scheduled_works+0x9cb/0x18e0 [ 535.309472][ T1338] process_scheduled_works+0xac3/0x18e0 [ 535.309494][ T1338] ? __pfx_process_scheduled_works+0x10/0x10 [ 535.309510][ T1338] ? assign_work+0x367/0x3d0 [ 535.309524][ T1338] worker_thread+0x870/0xd50 [ 535.309542][ T1338] ? __kthread_parkme+0x1a8/0x200 [ 535.309558][ T1338] ? __pfx_worker_thread+0x10/0x10 [ 535.309571][ T1338] kthread+0x7b7/0x940 [ 535.309588][ T1338] ? __pfx_worker_thread+0x10/0x10 [ 535.309602][ T1338] ? __pfx_kthread+0x10/0x10 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 535.309617][ T1338] ? __pfx_kthread+0x10/0x10 [ 535.309633][ T1338] ? __pfx_kthread+0x10/0x10 [ 535.309648][ T1338] ? __pfx_kthread+0x10/0x10 [ 535.309664][ T1338] ? _raw_spin_unlock_irq+0x23/0x50 [ 535.309675][ T1338] ? lockdep_hardirqs_on+0x9d/0x150 [ 535.309688][ T1338] ? __pfx_kthread+0x10/0x10 [ 535.309704][ T1338] ret_from_fork+0x4b/0x80 [ 535.309717][ T1338] ? __pfx_kthread+0x10/0x10 [ 535.309733][ T1338] ret_from_fork_asm+0x1a/0x30 [ 535.309749][ T1338] [ 535.694956][T15135] netlink: 108 bytes leftover after parsing attributes in process `syz.2.2920'. [ 535.738310][T15135] netlink: 20 bytes leftover after parsing attributes in process `syz.2.2920'. [ 536.253142][T15049] Bluetooth: hci2: command tx timeout [ 538.322013][T15049] Bluetooth: hci2: command tx timeout