last executing test programs: 9.226359708s ago: executing program 0 (id=3958): bpf$MAP_UPDATE_BATCH(0x1a, 0x0, 0x0) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, 0x0, 0x0) r1 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000001840), 0x2982, 0x0) sendfile(r1, 0xffffffffffffffff, 0x0, 0x20000023896) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) preadv(r2, 0x0, 0x0, 0x0, 0x0) io_submit(0x0, 0x0, &(0x7f0000000640)) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0x0, &(0x7f0000000080)=0x7fffffff, 0x4) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x34, 0x0, 0x0) setsockopt$sock_attach_bpf(0xffffffffffffffff, 0x1, 0x31, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r3, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x0, 0x3000, 0x0, 0x0, 0x0, {}, {}, {}, {}, 0x0, 0x3f0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x13}) 8.939095902s ago: executing program 0 (id=3961): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000380)={{{@in=@dev, @in, 0x0, 0x0, 0x0, 0xfffe, 0xa}}, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x2b}, 0x0, @in=@initdev={0xac, 0x1e, 0x0, 0x0}}}, 0xe8) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace20000000002000002100000002ff02000000000000000000000000000104004e200023b0"], 0x0) 8.756176181s ago: executing program 0 (id=3962): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="0d01000009000008250592d20700006a3b010902241700fa0074980904e4ff11070103000905010200ffe0000009058202"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000003180)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) capset(&(0x7f0000000000), 0x0) r2 = getpid() r3 = socket$nl_generic(0x10, 0x3, 0x10) ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r2, 0x3, 0x4002) sendmsg$NL80211_CMD_JOIN_IBSS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000cc0)={0x44, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x10, 0x51, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0xff}]}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}]]}, 0x44}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)={0x48, 0x2, 0x6, 0x0, 0x0, 0x0, {0x1, 0x0, 0xa}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xb8}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc0000000}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x80}, @IPSET_ATTR_CIDR={0x5, 0x3, 0xa7}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008004}, 0x1) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)={0x2c, 0x0, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5}]}, 0x2c}}, 0x0) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f0000000100), 0xc, &(0x7f0000000b00)={&(0x7f0000000900)={0x1d0, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x8850}, 0x10) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_RANGE_SREG={0x8}, @NFTA_RANGE_OP={0x8}, @NFTA_RANGE_TO_DATA={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "a8"}]}, @NFTA_RANGE_FROM_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "8d"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) keyctl$read(0xf, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'netdevsim0\x00', 0x0}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15eaffffffffffff130012800b0001006d61637365630000040002800800", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}, 0x1, 0x0, 0x0, 0x40081}, 0x828) syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 5.641301271s ago: executing program 0 (id=3976): socket$inet_tcp(0x2, 0x1, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, &(0x7f0000000100)={'vcan0\x00'}) r0 = syz_clone(0x8000, &(0x7f00000003c0)="ba3c0b4b4d271c319b56a58eda707bee02484e967a81137068efc3e4a2834fb298b7036e1fe3a7b6f5fc8ff8d07216912b7dac6f1675b39d0c0d46eece19db2bcd5ae98643d6036e0fdc8a556eb1", 0x4e, &(0x7f00000002c0), &(0x7f0000000440), &(0x7f000001aa80)="f99f70f5fc17f0b5d52036d82ab11a66f73e84974e5c2a5f7bfc2e01bf22d57e9a1c6508f499563906953ecdb76702163c4c2272d35a959118007ffe7c139d015859de83109999cf74b14ace0a71686491a3639bcaf8942e01e7892e4eee042325e23d7a96905e359ab6469a40932aae1fad5766e910eee447cbe1b90baea2a0ca728572a4f0d08cddc938d45b5522380b8df431f0b63e2f52a960fde4430cc27562844ae9fc4ff4b009d430162f217d0bc5d641ff9320930f4853609a86da20ebe071b92f7e8eddbc5be573facf627029aac29ae68bd3133d59bd3230fcd2339533b4239e640e626acffed5d6652125fc71b56cfdc49aadae664661cbe4c4b6a4fd776d677a7ea87327abefb6911a2aea99e706eb31b7b33b655f0d053856f94df70b942d83cb2a34de5be11e03de83947517cfe85e512345446a01ad3cf15974e62595855fec6f315d6d66d6f8a531cc93a5681c250aac8c2ee7255681369fca9a63dc13a7bfced9f5fde48b636e0678d5d2f048f10938c8aa932bfb20f9954e2a6cf55b89ad579bae9e7f1f927a6243a6e9a2c16d9b1d963577ed4dc587f637ad6bb245e15f52f60ab173a6c3242ee7922ccc97ea992be3262c47bc6e27c5163c3bd8b0b06a85cdbf43ff1ec754d87cea076a23227ae8c29761e173780756689a24b64e7fcb1e286dedc083e5a2f24bdccdd19ac6749f7bc9dbe837353b1a77621f31ba72448b320e6aae8524327ef2b048c59483ac19fe19b5855f31801d73382f6288fea21fa3ff4a019054ebefb150652a77d53ac027c4d72c5334940a0140e42e459bfc5e318b33391a8968bfb45e6d686c89cefc4bbcb3db188b2f9ed03d89a27f0cdae0ccc30612d770e82ede4f31b1393d073bca08f7bc0760e10822dddec6899f2b0fcd06784b93fe3635e1719d3f50f11ac5581bac1b92bd94d3bc2129f93b5a3c10cee003815eb529189a9b4836aada0f603a80380061aae64a10250cc25df52033e22ac06ddae71d46726ea225e89e94b150ae784eadc1681f4b015cab5bf3af58b1fb6cbc3695b012e45dcc156d8daf1ec7886ad10390a71754cf26b7ceeabb24a94ff9f11758b246e04da41fc5da0654d4856e053560441e5e636a784323616975e48db055c1a2a9c735d315ed5c11df7960317afe628880226573048f8638a490269aad917459917bb6ace2f3e049aac478ecfe1ddf3f0dbc2bcbd4e3eb324223f7ab6a6d32b61937b74474d437c015452cd00b4a2e6a3525eae35f3404683c1a26e915c0e5e3767e3aadc625dbc27054380726878557ab1c0707229f3d604c23c581831337ee6066618a461e4507c93eb6065a039555f4b3fd785bde6aa8e9563764c363cfb15e1fe21555b4672de8de7656bc8dd47c6c71df63fdae96f53060ee2d98e02724acc634a31e18f710458d29e9b981be8ce8c04f0f12f6ccdfa62879fb119528be8faa809cbda167159f4bd697b5603f1ec9831c2654cf305fd31317848dcd8938c00866ce8d9abe0c2400d6c500295c180a44ecec2295b97a3a4d6621b45fa054d45cf0370ecb0325b36d6c0ed1e3cd8fd1f39be86755386b7bb82e2672224f5d32bd04f060588f04305bd97d0a9bed502952671acc73765663148f2e6160351d1b868b155b346fc58f01f1533c4a55efe5b76369f2622139f4fb877122afef440b098a7074ac6d39ac08d7a19a0e43d5be9ef0030a52f826d38c45c8ddcbecc33444e5afb199e5a673f14df46b2345d8d33cfea99ff4df77fbef57c1e9bac3095ddd0e1eb4eec95c4d4c0d0ac05575fae0cdef2dde795507df2591ab476fabd726840885b9ec062d1a26607a5dbc7b72ceb4b643fab3c29bf8c90b43729c7e85913725410ff264e1b0828b66314e35a983c2651129804916be1f6c92fc96da6ffc67100159af45d742c3b737254507b8a9a483a705f88628cf03665e252a95146f1f98baae425b8c400027345bd2676dbc96277c3484b9f97915e88ad2cc3e96175f267d08288556cfc4460a2cc4e9b64080fa8fa4e16d1355b59b9fe4b1a4e66b9c64465cd2acccfd6ce8868f01eefc0037d45e535fdeaf5da3b3410ecdc55c0d76e265d741130e6b005d51130c3522e91e2744e3b60222c09ada63b45107bc570eeac5cf7ab74fcb33f77d496f126f2665e531bdf14f158013ce901df743d5614158354c24801f46962bebaeddc4a08a23fc64632495ef83518a23dd2d6dda92b0ca0cf761e1ab796e1fc8d14618ebf7709b23f0a5e894429fb024475973e16fb865832a20918ea4e7082614ba22c22f4b7622f7268febffbcbfc9cd4d039662294141496c0e2673a59a1bbf64485f978b46ec89dea22f9f5885b401e50b28762364b417f290def950dbe9b32fe549da044c4813c1a3bfa335e5fb69cd19bd1331b7085ba8072080c1c36c82b14076da0684cb9b943e27842c925aa9df5f21ba052735b7e3630f0b3721beddfb1defae7490afd84e987722fb2ebeb2492a50a875348379537b9123b1ed17ae0a40ec74ba77dc28f0b3ac4b53a51a2c38b31e78b0d559dd2b2bfc1d58b4689f60cd017352456388444a54ab8c5e09b79ba1f9e470d2adfe49cb09e1d146f64623064017905a6900d6d9dd9ad02f0983955076c9058e4f12b90236e04fa97079bc5453af5ee644fc7f2871b435925095c092484738d1300ffe53a91260361d8548bfd14b196d3cf50b0706ef7fe90db83deada96bdcd55dfedc052b12bbeb703368e8feadb348e3560094efd66e3d77f8d9ee2b1eb05a6f85898e6835b6d0a407186c26296d8bc01e2d0d623e620e99718c6b09572c1330df7207f28ab61ee2d114d1cb7e2815bb971dcdd25f3c1f38a1b92354ed4f299d75da4683b68055b839cff6ad1a305d864e666d147bf51d2c952f0ac88d800d4afd4bdb11834da351b1b35b4554c0f28b8bcda889fd199c23564bddb7856b71ca49c53b65409dd7116ecbd8b180cb4b664006b8ba3bb34fa474de05e4f015629e3b826a410924e7878950476dbae364c4062cf8249aedfc767bd92b694079432687d9e6e07e021412e5a611c6c439d3455a5edd7fb9d83144af22352821525649dd6b681740e48ba53d028e24a32e1bdfbc78202f1614f06107618fd47505e5fafc6efad36068df792a14fce2d270efdcc884498a342243b574308e9eca3d822290f08447cbe02df4ee0775d3bdc5f4a12b026c0d7ad6062d33939c33f1c96994e4a4fd62d00dd742270646d399a1d055a7b1d489e21636f299c5a129b89ab60816c07e6930b2cd3830ac8cbb30ca49c69edfb41deab8f84147b3cf0b97c81c60c1ccbe5c0c18f77be52536b4f0905906b3d1475b283c890bb403d66004c8f2e09df928f3d90d3e20588395418c7dd7e1a976472f8b6ac7ab12bb47c26b00714776b5eecdbfd167e2835bf0608d96b1d77b3d14afa66e9d9ddcf53458c3ef19b7e20aecea84193ca3851333ae3dc7f263b77b35151a417cb4fa347f1e7d981f377fefe62519ad1c9c265c9c75c2d945bded838a4e3c95622b824ea9607ff581efc1f3256f8d95fa9841714530359dfcd2d3016f7c465cbba1c39ba0e1b08313f38d202d8eb9664649961c8249f74abccfa57994c3d10d85d01c15215583f41165df361a0a30c2ca4e1af5fbca97446ad4252422acdb3f4c3ec4aba5e3e7440b2948a6c24ed4099bc956198f3d23bd83b37e8f9f0d981b41a935187a24041a2dded0fa550deb7de4b2dbaab0e0a0525f41570b1da4f8e629d35f535c22d199c8c52d7497da6d2ebc896e7df09c936d9c0d052f4febe74c04ce2e510375cc0f610baca6a2654d8d8ffc59b5b6b5241f5559ceaac528add3cdb1818af823c390662df621bc4e49f1c9061531a23a01e26c1564680471130623986551c5ecff160fdd97d463f84050b847c194156daa434aec3e9f62df37ceeaa9ba76a976928be7da4e4b18a060c1f1f8b451b0440fdc62d07bad5f3393a9c75dbb25f1074fed35a93ea04cf53ca086aff5190803d673c0d9ea18b05e2c74784e7e9994b5f81966fbc4a96bfe9d09242a363a8f63a9ebe5262bb4a44d14ea26df6cf25d71069d4268586bf27f1b6f6d78af8bec13d5e47fc580b574471422707e887cd4798b565a6601c5644e57b62e6a7fec1e8ced2b6057a4e19282835560044d3d799864bfce5dc9b37b4bf4eec7f9e365160406251614dce401ca91c69934003015bb8e270ff352f79e9e35ebf4163526dc84a19b820fa44d4147b901acdbb15d040d3a7329d2db4335b4528af8a6e465b24383a0fd7b0aac841a56edee854d05fce94cb40b2cf72b89f6f874627fccee24d74e84ff9f45836032e1ed76fc3d33703dec1f13e2b051c268e0b035fdba579bb3e085ab232cb8ee799a9edc08fe9e8977f9685382dd1f884df4270cb9bfc3c9ca53f4fc4a0d2425a24b58aaf7c5d72c3ff6cddf625659336da36b23ccfbff3c44cbb35ce7d1ed3fc37c914f899dc0e17007e75a4efbaabfb509de608b7474377bbde63a8f8a34724f7d93e4e31625cff5c0f844a90e6720668c2f2ec62dcc6aad45f8634ced68c113673687fd026d892a2e23f3f71f31e1ed48768964deb120b61ddd6856fe609c97845fcf53798149ae1e6a60af844c17be66658b1b49b1f9976ad6802ef21b2f2d0067492707f7db8e52e4ac9a21ad01c1a7d6ea384af3cb2108a21dc9c7bc4437cac625e3fab511e877a4b2f5c101d1aa34bae38c3ddf6d72104834785ac4d2e57f0448ab4f70349ac9e05332f790b13eca52e69dad13fc33bb345492224feec00cded0c730693a6c563bcf3a9525d486644d416f49762b2c0c599e5b1fa58cc7077ac8dee2ecf67c31f15c8b882ee27c74033134a295c4c7e3d8b13467bbf8ec29821cef25093a3f8524d1ff28f6230f4891ce2b2d958979e1b61e705db2a44540b2fe9bb87b4d713a9860cbb8efd7dc82c4bf3788fe716f0e9df984ac8378f61fc8f501d1b32aac1c78336a1c62aee44da2ca3f3f981e36d97ec2059116ce9b13d669d848c34a6e57393449e27d67140bd8613c8c1dfbe1a36909898e23779388310aea7860bf4948089560c1665a7a23bedc6b0ad739b383f9b4573302498aabe186a4e931dca7e53a1b1fbb9089356067bb3d00f1b3c84bb76b6def7bbb181ca8e833a3a9fd48e7b6514bcdbc36e7346f4e9db5553078e155db14cdf568c673eb397e92b9b4074b104c5ebcd21e7d874d6873368e90e701dd24894476987d0b401c3fc32c0dbe30476b8e53fff9fd13363bdca2fed38e24816eef234ea87e67f399840249d57047c12874c9811057a0748fea8af4c00924977042a8e8b3546dc25e4cf86a6e794668ecf53f5c4882d470547976192ee88246f7cdae8ea22c783295d0650f8ddf2f2e27c07cb17d5aba429c8794b3609066ba7621a2b380de5a93d5639a15382a15976018cb6010b01a01a5e99b9916cd16a05f83d15dfdeed9e30255ec5485582de4a938935ac0aff0370cd056e2d9477e65591d3adabd999cb99eb334ec8016ace8518d1ae13d52eef6e123376ecb05eaf580190801f3f1ad5a534942d74db81d944b9c169f9f9d715777774df03bc44f8f98a7138fc78d81cfe8b7e37b196ac765001c29f5a562cff1edb943bf5fc8f284e99dde32b006cbe40d7c35dd5b29c9e3cbf40507d51ccbb952d30a2d75e1d9e61c381a565827c2695362c77161020a812308618b652757aef6f0d2cd22525207ad54b138486204f15f7972a048b40d644610b3c19dface465db375fe797f9") fcntl$setown(0xffffffffffffffff, 0x8, r0) syz_usb_connect(0x0, 0x24, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000abbe6740e9174e8b089c000000010902120001000000000904000000ff"], 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000b80)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a01020000000000000000010000000900010073797a30000000006c000000160a01000000000000000000010000000900010073797a30000000000900020073797a30000000004000038008000140000000002c0003801400010076657468310000000000000000000000140001007665746a9a5f746f5f68737200000000080002"], 0xfc}}, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000880)={'netdevsim0\x00'}) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000002140)={0x26, 'aead\x00', 0x0, 0x0, 'authencesn(michael_mic-generic,xchacha20-generic)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000680), 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000001c0)=0x5) preadv(r4, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f00008a5ff0)={0x2, 0x0, @loopback}, 0x10) sendmmsg$inet(0xffffffffffffffff, 0x0, 0x0, 0x4000000) r5 = userfaultfd(0x801) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xc, &(0x7f0000000580)=ANY=[], &(0x7f0000000200)='GPL\x00', 0x80000, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f00000000c0)) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000300)={0x1, 0x1, &(0x7f0000000240)=""/127, &(0x7f0000000180)=""/22, &(0x7f00000004c0)=""/229, 0x3000}) bpf$BPF_PROG_DETACH(0x9, &(0x7f0000000340)={@cgroup, 0xffffffffffffffff, 0x34, 0x0, 0x0, @prog_id}, 0x20) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) ioctl$UFFDIO_COPY(r5, 0xc028aa05, &(0x7f0000000000)={&(0x7f00002b9000/0x400000)=nil, &(0x7f0000779000/0x1000)=nil, 0x400000, 0x3, 0x2}) r6 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r6, 0x0, 0x0) 4.696433582s ago: executing program 1 (id=3978): recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}], 0x1}}], 0x1, 0x0, 0x0) (async) r0 = socket(0x2, 0x80805, 0x0) (async) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='net_prio.prioidx\x00', 0x275a, 0x0) (async) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000280)={@ifindex, 0xffffffffffffffff, 0x1}, 0x20) write$binfmt_script(r1, &(0x7f0000000040), 0x55af) (async) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1, 0x10012, r1, 0x0) getsockopt$inet_sctp6_SCTP_GET_LOCAL_ADDRS(r0, 0x84, 0x25, &(0x7f0000000080), &(0x7f0000000340)=0x1b) (async) fstat(r0, &(0x7f00000001c0)) 4.679583103s ago: executing program 1 (id=3979): r0 = socket(0x1e, 0x5, 0x0) connect$tipc(r0, &(0x7f0000000040)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) sendmmsg$unix(r0, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f0000003c40)=[{{0x0, 0x0, &(0x7f0000001780)=[{&(0x7f0000000540)=""/228, 0xe4}], 0x1}}], 0x1, 0x0, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) pipe(&(0x7f0000000080)={0xffffffffffffffff}) r4 = socket$inet_udp(0x2, 0x2, 0x0) close(r4) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$sock_int(r5, 0x1, 0x3c, 0x0, 0x0) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000000c0)=0x1, 0x4) connect$inet(r5, &(0x7f0000000080)={0x2, 0x0, @loopback}, 0x10) setsockopt$inet_tcp_TCP_REPAIR(r5, 0x6, 0x13, &(0x7f00000001c0)=0xffffffffffffffff, 0x4) sendmmsg$inet(r5, &(0x7f0000001180)=[{{0x0, 0x0, &(0x7f00000003c0)=[{&(0x7f0000000480)="1f", 0x1}], 0x1}}], 0x1, 0x4004845) splice(r3, 0x0, r4, 0x0, 0x5, 0x0) ioctl$TCSETS(r2, 0x40045431, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, 0x0, "810000cc2b000000000000fa25ffff00ffffff"}) r6 = syz_open_dev$usbfs(&(0x7f0000000100), 0x203, 0x8401) r7 = fcntl$dupfd(r6, 0x0, r6) ioctl$USBDEVFS_CONTROL(r7, 0xc0185500, &(0x7f0000000340)={0x82, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0}) r8 = syz_open_pts(r7, 0x662600) ioctl$TIOCSETD(r8, 0x5423, &(0x7f0000000040)=0xe) getsockopt$IP_VS_SO_GET_INFO(r1, 0x0, 0x481, &(0x7f0000000000), &(0x7f0000000080)=0xc) 4.38833412s ago: executing program 2 (id=3980): r0 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x0) ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, 0x0) (async) ioctl$SG_SET_FORCE_PACK_ID(r1, 0x227b, 0x0) syz_usb_connect(0x4, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="128ce31c5f010003b1fe9208151403005d6501020301f702120001000000000904000000"], &(0x7f0000000240)={0xffffffffffffffa0, 0x0, 0x5, &(0x7f0000000bc0)={0x5, 0xf, 0x5, 0x0, [@ss_cap={0x0, 0x10, 0x3, 0x0, 0x0, 0x50, 0x5d, 0x7}, @ssp_cap={0x0, 0x10, 0xa, 0x5, 0x0, 0x10, 0xf000, 0x0, [0x0, 0xff0000, 0x30, 0x3f30, 0xc0, 0xc0]}, @generic={0x0, 0x10, 0x2, "ff089b044d06695d1fab4517b74598781af673e1d9d3c203fe28fcde9ae6dce19cb8b0e25efc66af123fa64540ccaea2b996ddad143375e471359dadb7e0f0ccb08c08cbc6066b54fe40addbafeb1f1de91650e91e0d821780b4ad409fad0382c5a13a15271ecaa228bd56fc69fcc463c1ed897a6ca50e037641e3c72703ca8a608b9d114892c0ed8ce9d37e16ae292999d01415818f9ab692ec469e1bb69ac903bf8718ffe6f6022adbd849a798e143ac05b9bdafa9e9788d62738e911feb5788f1169efd818a69350f8bd5d12961efcea7d7a49e7d521d47045a67c683bb"}, @ext_cap={0x0, 0x10, 0x2, 0xc, 0x2, 0x2, 0x3a27}, @generic={0x0, 0x10, 0x1, "e49eb15af1fa0bf75f107a09acc1e3a698ac869f03e55914611cbd5157a7f94d5e314fd461af7141238c03ef18ccb9f0722010e17440899063770116e861855c63f5d8ca11410991e428168582e0dd1251cb47f5eea59d6be39251787a21b56520f564ce4caa0a841fbb4450b39d0b1ef750fefa2962abcec9f716d49745aabf6ed49cf0ae209beefddd9f1e9805f533635d8be921ef3e66969dd738a10522b4392f38925992d6fa13dfa80d3a8d7bf2644c12fd9360a410af611674a11a5d3672"}]}, 0x1, [{0x0, 0x0}]}) (async) syz_usb_connect(0x4, 0x24, &(0x7f00000002c0)=ANY=[@ANYBLOB="128ce31c5f010003b1fe9208151403005d6501020301f702120001000000000904000000"], &(0x7f0000000240)={0xffffffffffffffa0, 0x0, 0x5, &(0x7f0000000bc0)={0x5, 0xf, 0x5, 0x0, [@ss_cap={0x0, 0x10, 0x3, 0x0, 0x0, 0x50, 0x5d, 0x7}, @ssp_cap={0x0, 0x10, 0xa, 0x5, 0x0, 0x10, 0xf000, 0x0, [0x0, 0xff0000, 0x30, 0x3f30, 0xc0, 0xc0]}, @generic={0x0, 0x10, 0x2, "ff089b044d06695d1fab4517b74598781af673e1d9d3c203fe28fcde9ae6dce19cb8b0e25efc66af123fa64540ccaea2b996ddad143375e471359dadb7e0f0ccb08c08cbc6066b54fe40addbafeb1f1de91650e91e0d821780b4ad409fad0382c5a13a15271ecaa228bd56fc69fcc463c1ed897a6ca50e037641e3c72703ca8a608b9d114892c0ed8ce9d37e16ae292999d01415818f9ab692ec469e1bb69ac903bf8718ffe6f6022adbd849a798e143ac05b9bdafa9e9788d62738e911feb5788f1169efd818a69350f8bd5d12961efcea7d7a49e7d521d47045a67c683bb"}, @ext_cap={0x0, 0x10, 0x2, 0xc, 0x2, 0x2, 0x3a27}, @generic={0x0, 0x10, 0x1, "e49eb15af1fa0bf75f107a09acc1e3a698ac869f03e55914611cbd5157a7f94d5e314fd461af7141238c03ef18ccb9f0722010e17440899063770116e861855c63f5d8ca11410991e428168582e0dd1251cb47f5eea59d6be39251787a21b56520f564ce4caa0a841fbb4450b39d0b1ef750fefa2962abcec9f716d49745aabf6ed49cf0ae209beefddd9f1e9805f533635d8be921ef3e66969dd738a10522b4392f38925992d6fa13dfa80d3a8d7bf2644c12fd9360a410af611674a11a5d3672"}]}, 0x1, [{0x0, 0x0}]}) r2 = syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYRES8=r2, @ANYBLOB, @ANYRES32=r2, @ANYRESDEC=r1], 0x1c}}, 0x0) (async) sendmsg$WG_CMD_GET_DEVICE(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYRES8=r2, @ANYBLOB, @ANYRES32=r2, @ANYRESDEC=r1], 0x1c}}, 0x0) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x9, 0x4, 0x8, 0xb}, 0x48) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000400)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000001c0012800b00010062726964676500000c0002800500a3bac30efc260001000000"], 0x3c}, 0x1, 0xba01}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xc, 0x14, &(0x7f00000006c0)=ANY=[@ANYRES64=r3, @ANYRES32=r3, @ANYBLOB="00fb000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffbfb703000008000000b704000000000000850000000300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x90) (async) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0xc, 0x14, &(0x7f00000006c0)=ANY=[@ANYRES64=r3, @ANYRES32=r3, @ANYBLOB="00fb000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffbfb703000008000000b704000000000000850000000300000095"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x13, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc}, 0x90) r4 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r4, &(0x7f0000000000)={0x0, 0x5, &(0x7f0000000280)=[{&(0x7f0000000300)="d8000000180081054e81f782db4cb904021d080406037c09e8fe55a10a0015400400142603600e122f00160006000400a8000600200003400700027c035c0461c1d67f6f94007134cf6efb8000a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4ce1b14d6d930dfe1d9d322fe7c9f8775730d16a4683f5aeb4edbb57a5025ccca9e00360db798262f3d40fad95667e006dcdf63951f215ce3bb9ad809d5e1cace81ed0bffece0b42a9ecbee5de6ccd40dd6e4edef3d93452a92954b43370e9703920723f9a941", 0xd8}], 0x1, 0x0, 0x0, 0x4a0f0000}, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c00000002010108dd6900000000edffffff01000000084000000042"], 0x1c}}, 0x0) (async) sendmsg$IPCTNL_MSG_CT_DELETE(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000400)=ANY=[@ANYBLOB="1c00000002010108dd6900000000edffffff01000000084000000042"], 0x1c}}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000004c0)={&(0x7f0000000200)='vm_unmapped_area\x00', r0}, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r6 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r6, &(0x7f0000000240), 0x0, 0xfffffffe, 0x0) (async) preadv(r6, &(0x7f0000000240), 0x0, 0xfffffffe, 0x0) ioctl$SG_SET_KEEP_ORPHAN(0xffffffffffffffff, 0x2287, &(0x7f0000000500)=0xc) ioctl$ifreq_SIOCGIFINDEX_vcan(0xffffffffffffffff, 0x8933, 0x0) bind$can_j1939(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) (async) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) ioctl$SG_GET_KEEP_ORPHAN(r6, 0x2288, &(0x7f0000000180)) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) setsockopt$inet6_IPV6_RTHDRDSTOPTS(0xffffffffffffffff, 0x29, 0x37, &(0x7f00000005c0)=ANY=[@ANYBLOB="3a77733b1500959095113dd3213c68ade34789b66eb112de780c73227e2e053346487322fee3f2751f7670b02daa413393242eade2c79064de3933f1a2a37447d552952c2bb39a8798134fa8516251c7a82650e35f74738405f20d09795c6603059a7abc73cc712573aeec1e1f52ab7e5b45d30fa3485d34ae34b9a75013787727d33bdad81545de40ca8b746f117c51feb161c4043d97bc66ba607baadf6b2f475897d462d45d60298df9586fdca6f8e66ea8e51bf2bbf703fc8bd204cd2c9498c2a5d7b3"], 0x8) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000480)="0000000000000005b89e14f088a847", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80000000}, 0x50) (async) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={0xffffffffffffffff, 0x18000000000002a0, 0xf, 0x0, &(0x7f0000000480)="0000000000000005b89e14f088a847", 0x0, 0xfe, 0x60000009, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x80000000}, 0x50) syz_io_uring_setup(0xd79, &(0x7f00000035c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000040)) (async) syz_io_uring_setup(0xd79, &(0x7f00000035c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000040)) r7 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt(r7, 0x84, 0x65, 0x0, 0x0) 4.081442016s ago: executing program 2 (id=3982): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$sg(0x0, 0x0, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f00000000c0)) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x0) preadv(r1, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) socket$inet(0x2, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000040)='net/hci\x00') writev(0xffffffffffffffff, &(0x7f00000002c0)=[{&(0x7f0000000280)='0', 0x1}], 0x1) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000080), 0x4) bpf$PROG_LOAD(0x5, 0x0, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r2 = dup(0xffffffffffffffff) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x13, r2, 0x0) process_vm_writev(0x0, &(0x7f0000000000)=[{&(0x7f00008f9f09)=""/247, 0xf7}], 0x1, &(0x7f0000121000)=[{&(0x7f0000217f28)=""/215, 0xd7}], 0x1, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000000240)={0x80000, 0x1000000}) syz_emit_ethernet(0x92, &(0x7f0000000340)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "e400ff", 0x5c, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x1, 0x0, @local, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', [@hopopts={0x4, 0x0, '\x00', [@ra={0x5, 0x2, 0x9}]}, @hopopts={0x2c, 0x0, '\x00', [@enc_lim={0x4, 0x1, 0x1}]}], "17c17f079171000700880000"}}}}}}}, 0x0) r3 = socket$key(0xf, 0x3, 0x2) recvmmsg(r3, &(0x7f0000000440), 0x0, 0x2000000022, &(0x7f0000000480)={0x77359400}) syz_usb_connect(0x1, 0x24, &(0x7f0000000300)={{0x12, 0x1, 0x0, 0x46, 0x36, 0x56, 0x8, 0x4b4, 0x8613, 0x958f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xd1, 0x6e, 0xa5}}]}}]}}, &(0x7f0000000bc0)={0x0, 0x0, 0x0, 0x0, 0x1, [{0x0, 0x0}]}) sendmsg$key(r3, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000002c0)=ANY=[@ANYBLOB="0216000002"], 0x10}}, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 3.684601307s ago: executing program 1 (id=3984): r0 = socket$kcm(0x2, 0x3, 0x84) sendmsg$inet(r0, &(0x7f0000000a00)={&(0x7f00000000c0)={0x2, 0x0, @empty=0x1000000}, 0x10, &(0x7f0000000080)=[{&(0x7f0000000280)="c1000000c0000000001d1e010571261c", 0x10}], 0x1}, 0x0) 3.561093556s ago: executing program 1 (id=3985): r0 = syz_open_dev$sndpcmp(&(0x7f0000000b00), 0x0, 0x0) ioctl$SNDRV_PCM_IOCTL_HW_REFINE(r0, 0xc2604110, &(0x7f0000000040)={0x0, [[0x9ef8, 0x0, 0x0, 0x8000000], [0x4], [0x4]], '\x00', [{}, {}, {}, {0x0, 0x0, 0x0, 0x1, 0x1}, {0x2, 0x800000}], '\x00', 0x1000}) 3.476177912s ago: executing program 0 (id=3986): prctl$PR_GET_SPECULATION_CTRL(0x35, 0x0, 0xa) socket$nl_route(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000540)=ANY=[@ANYBLOB="1400000010000100000000000000000000000000020000002800048024000180090001056d65746100000000140002800800014000000000080002400000001a0900010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000a"], 0x7c}}, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f00000001c0), 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) socket$nl_generic(0x10, 0x3, 0x10) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x70}}, 0x0) accept4$inet(0xffffffffffffffff, &(0x7f0000000140)={0x2, 0x0, @remote}, &(0x7f0000000300)=0x10, 0xc00) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0xffffff73, &(0x7f0000000040)=0x1) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r1, &(0x7f0000000580)=[{&(0x7f0000000640)=""/102396, 0x18ffc}, {0x0}], 0x2, 0x0, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, &(0x7f0000000280)={0x4000}, 0x10) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0xc, &(0x7f0000000400)=0x4, 0x4) r2 = openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000001800)}) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000080)) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r4, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000240)=[@acquire], 0x0, 0x0, 0x0}) r5 = dup3(r4, r3, 0x0) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_user\x00', 0x275a, 0x0) write$UHID_CREATE2(r6, &(0x7f0000000200)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r3, 0x2000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000100)) ioctl$BINDER_GET_NODE_INFO_FOR_REF(r5, 0xc018620c, &(0x7f0000000000)) mmap(&(0x7f0000941000/0x4000)=nil, 0x4000, 0x0, 0x10, 0xffffffffffffffff, 0x0) 3.432174343s ago: executing program 1 (id=3987): r0 = syz_usb_connect$printer(0x0, 0x36, &(0x7f00000001c0)=ANY=[@ANYBLOB="0d01000009000008250592d20700006a3b010902241700fa0074980904e4ff11070103000905010200ffe0000009058202"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_connect$uac1(0x0, 0x71, &(0x7f0000003180)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x5f, 0x3, 0x1, 0x0, 0x0, 0x0, {{}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x82, 0x9, 0x0, 0x0, 0x0, 0x0, {0x7}}}}}}}]}}, 0x0) r1 = socket$igmp6(0xa, 0x3, 0x2) capset(&(0x7f0000000000), 0x0) r2 = getpid() r3 = socket$nl_generic(0x10, 0x3, 0x10) ptrace$ARCH_ENABLE_TAGGED_ADDR(0x1e, r2, 0x3, 0x4002) sendmsg$NL80211_CMD_JOIN_IBSS(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000cc0)={0x44, 0x0, 0x0, 0x0, 0x0, {{}, {@val={0x8}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_KEYS={0x10, 0x51, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_KEY_MODE={0x5, 0x9, 0xff}]}]}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8, 0x26, @random=0x994}]]}, 0x44}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000040)=0x10001) r4 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000440)={&(0x7f00000001c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f00000002c0)={&(0x7f0000000340)={0x48, 0x2, 0x6, 0x0, 0x0, 0x0, {0x0, 0x0, 0xa}, [@IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0xb8}, @IPSET_ATTR_HASHSIZE={0x8, 0x12, 0x1, 0x0, 0xc0000000}, @IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_CADT_FLAGS={0x8, 0x8, 0x1, 0x0, 0x80}, @IPSET_ATTR_CIDR={0x5, 0x3, 0xa7}]}]}, 0x48}, 0x1, 0x0, 0x0, 0x20008004}, 0x1) preadv(r4, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$BATADV_CMD_SET_HARDIF(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)={0x2c, 0x0, 0x1, 0x0, 0x0, {}, [@BATADV_ATTR_HARD_IFINDEX={0x8}, @BATADV_ATTR_MESH_IFINDEX={0x8}, @BATADV_ATTR_HOP_PENALTY={0x5}]}, 0x2c}}, 0x0) sendmsg$ETHTOOL_MSG_PRIVFLAGS_GET(0xffffffffffffffff, &(0x7f0000000b40)={&(0x7f0000000100), 0xc, &(0x7f0000000b00)={&(0x7f0000000900)={0x1d0, 0x0, 0x100, 0x70bd27, 0x25dfdbfd, {}, [@HEADER={0x30, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ipvlan1\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x64, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'team_slave_0\x00'}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'dvmrp0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'macvlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'veth1_to_hsr\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8}]}, @HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}, @HEADER={0x48, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pimreg1\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}, @HEADER={0x34, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'vlan0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'ip6erspan0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}]}, @HEADER={0x58, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'erspan0\x00'}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'pim6reg0\x00'}, @ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'geneve0\x00'}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x1}]}]}, 0x1d0}, 0x1, 0x0, 0x0, 0x8850}, 0x10) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)={{0x14}, [@NFT_MSG_NEWRULE={0x6c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x40, 0x4, 0x0, 0x1, [{0x3c, 0x1, 0x0, 0x1, @range={{0xa}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_RANGE_SREG={0x8}, @NFTA_RANGE_OP={0x8}, @NFTA_RANGE_TO_DATA={0xc, 0x4, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "a8"}]}, @NFTA_RANGE_FROM_DATA={0xc, 0x3, 0x0, 0x1, [@NFTA_DATA_VALUE={0x5, 0x1, "8d"}]}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x94}}, 0x0) keyctl$read(0xf, 0x0, &(0x7f0000000240)=""/112, 0x349b7f55) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'netdevsim0\x00', 0x0}) r7 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r7, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000040)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="15eaffffffffffff130012800b0001006d61637365630000040002800800", @ANYRES32=r6, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x44}, 0x1, 0x0, 0x0, 0x40081}, 0x828) syz_usb_connect(0x0, 0x2d, &(0x7f0000000200)=ANY=[], 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) 2.320485414s ago: executing program 4 (id=3990): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendto$inet6(r0, &(0x7f0000000000)="c0", 0x1, 0x0, &(0x7f00000000c0)={0xa, 0x0, 0x0, @dev, 0x15}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000000), 0x4) 2.102980483s ago: executing program 0 (id=3991): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x8, 0x46a, 0x27, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x45}}}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000040)={0x2c, &(0x7f00000001c0)={0x0, 0xf, 0x7e, {0x7e, 0x0, "3b651763da0333ddbb3c8e9187148f258ce1c51708e13e0962e15c69cc465ec4c94d51a60f84a4bfa30c43ce1055c03a0000000000000000d7129a6ccb2addb0dc04459790380bcaa2e7ba6b6de7670358c3c9781d8ebb08883b416d94ee4b095437d1dd804f5a84cfc2b08570b23aae3e4a81000000000000000000"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 1.9792344s ago: executing program 3 (id=3992): r0 = socket$inet6_sctp(0xa, 0x801, 0x84) sendmmsg$inet6(r0, &(0x7f0000002300)=[{{&(0x7f0000000000)={0xa, 0x0, 0x0, @ipv4={'\x00', '\xff\xff', @rand_addr=0x64010100}}, 0x1c, &(0x7f0000000080)=[{&(0x7f00000022c0)='`', 0x1}], 0x1}}, {{&(0x7f0000000900)={0xa, 0x0, 0x0, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02'}, 0x1c, &(0x7f0000003580)=[{&(0x7f0000000940)='z', 0x1}], 0x1}}], 0x2, 0x0) shutdown(r0, 0x1) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x121301, 0x0) ioctl$TCSETS(r1, 0x5402, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x7, 0x0, "1241b72d7fffff5b000f000000462200"}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000580)={0x26, 'hash\x00', 0x0, 0x0, 'crct10dif-generic\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r4, 0x6, 0x4, 0x0, 0x0) ioctl$int_in(r4, 0x5452, &(0x7f0000000300)=0x208) bind$inet6(r4, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) r5 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000000), 0x2) r6 = memfd_create(&(0x7f0000000340)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea_\x8cZ7\xe7a\x9b\x11x\x0e\xa1\xcf\x1a\x98S7\xc9\x00\x00\x00\x00\x00\x00\a\x00\x00\x00\x00\x00\x00\x04\x879\xa24\xa9am\xde\xb2\xd3\xcbZJoa\xc4\x1acB\xaa\xc1\xfb Q\xd4\xf4\x01\xa52\xe2DG\xd4\xbd{\x9f\xa9\x97\x9b@\xdb\x00b\xe1br\xb6\x008\xe3\x10\xff\xc2\x9d\r2\x9e\x8e\x04sW\x1b\xb7\xb3\xa2\xc9&@\xca\xda\xdc\xe2/\x97X\xac\b\xb0\xc2<\x80E\x1a\xbc\xc7W\xda9VsA\xaf\xc6\xcf\xe1\xa1\xb5M\xa2\x85\xa6y\xc4J\xf1\xf7\xfcD\x95\xe3\xeb\xc7\xbc\x91\xb0\xa8\x9eo\xebF(\x9dL\x01vRk\xaacB\x04\xa7I\v\x86EZ\x96\xd5\x14OD\\\xe8R\xe4\xcd\xec\xcc\xd1\x0fre\xe86\xcd\xeb\xc4$\x98\x06J\xd6dD\x8d_U`ji{\xab\x97\xaf;l\x1f\xaf\xb38U\xcb\xfa\xb3j\x92\f\x81\xa0\xa2-g\b\x99\x0e\x8d\x8d\x16\xd9w\\\xf8\xce\xb0j\x9d\'\x93\xef\x1d\xa0H\xd9\xbd\xd9\xaf\x12$\x8d\x16%\x8b\x00', 0x3) ftruncate(r6, 0xffff) r7 = socket$packet(0x11, 0x3, 0x300) r8 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000000)={'macsec0\x00', 0x0}) setsockopt$packet_add_memb(r7, 0x107, 0x1, &(0x7f0000000140)={r9, 0x3, 0x6, @dev}, 0x10) setsockopt$inet6_mreq(r3, 0x29, 0x15, &(0x7f00000057c0)={@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, r9}, 0x14) fcntl$addseals(r6, 0x409, 0x7) ioctl$UDMABUF_CREATE(r5, 0x40187542, &(0x7f0000000100)={r6, 0x0, 0x0, 0x4000}) r10 = dup2(r6, r5) lseek(r10, 0x0, 0x4) bind$inet6(r10, &(0x7f0000000040)={0xa, 0x4e24, 0x3d7a, @local, 0x6}, 0x1c) setsockopt$sock_int(r4, 0x1, 0x12, &(0x7f0000000180)=0x4000000, 0x4) sendto$inet6(r4, 0x0, 0x1e, 0x2200c851, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) sendto$inet6(r4, &(0x7f0000000080)="44f9b108b1cdc885c9c533d21f474bec8bfef1df1e2da71e578dc6b91d09f7ab15378571d8e27546090011006e75436914ab717528ee4b7a9beaf908d11137c11903064e83b4951f4d433a5404970c85d92d7083fd38844cbb0c6c5eb508ddc2dc7a590aa7941b1e9eeb5a688138dea09b776cbfa784cbf550bf3074fb0d775da4df5a3f48bbdf452eeb6b923da9d0e25b80f76a873664b5753444fe05f33e5f91045540836c3cd6af10f0cd018f0c6f57f926ac959a5628c45088fbe0c87fbe6cbcda4662d2a12f6d00"/215, 0xd0d0c2ac, 0x1, 0x0, 0x0) shutdown(r4, 0x1) ioctl$BTRFS_IOC_BALANCE_PROGRESS(0xffffffffffffffff, 0x84009422, &(0x7f0000001100)={0x0, 0x0, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}, {0x0, @usage, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @struct}}) 1.600598271s ago: executing program 3 (id=3993): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x3c, 0x10, 0xffffff1f, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x3000000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_GSO_MAX_SIZE={0x8, 0x29, 0x5d29f}]}, 0x3c}}, 0x0) 1.521474188s ago: executing program 3 (id=3994): sendmsg$IPCTNL_MSG_CT_GET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x4403, &(0x7f00000002c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="4400000001010101000000000000000002000000040001801800028014000180080001007f00000108000200ac1414aa140019800800010004000000080002"], 0x44}}, 0x0) (async) sendmsg$IPSET_CMD_CREATE(0xffffffffffffffff, &(0x7f0000001080)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000380)=ANY=[@ANYBLOB="7ed3dbea9ec6e7b0845919f8807bbc1ae2bd0206"], 0x14}}, 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) (async) r1 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r1, &(0x7f0000001880)=[{&(0x7f0000001a80)=""/102400, 0x19000}], 0x1, 0x0, 0x0) (async) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000ffc000/0x4000)=nil, 0x4000}, 0x4}) (async) write$binfmt_elf32(r0, &(0x7f0000000040)=ANY=[@ANYBLOB="7f454c46000000000000000000000000030006000000000000000000380000000000000000191bda000020000100006b5e0200000000000003"], 0x69) close(r0) (async) execve(&(0x7f0000000180)='./file0\x00', 0x0, 0x0) 1.358136994s ago: executing program 4 (id=3995): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f00000020c0)=@delchain={0x3c, 0x65, 0x0, 0x0, 0x0, {}, [@TCA_CHAIN={0x8}, @TCA_RATE={0x6}, @TCA_CHAIN={0x8}]}, 0x3c}}, 0x0) r0 = socket(0x10, 0x803, 0x0) sendto(r0, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(r0, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0xfdf4, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x365}, {&(0x7f0000000280)=""/85, 0x7c}, {&(0x7f0000000fc0)=""/4096, 0x197}, {&(0x7f0000000400)=""/106, 0x645}, {&(0x7f0000000980)=""/73, 0x1b}, {&(0x7f0000000200)=""/77, 0xf0}, {&(0x7f00000007c0)=""/154, 0x8}, {&(0x7f00000001c0)=""/17, 0x1d8}], 0x21, &(0x7f0000000600)=""/191, 0x41}}], 0x4000000000003b4, 0x1008, &(0x7f0000003700)={0x77359400}) 1.184484855s ago: executing program 4 (id=3996): r0 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) ioctl$vim2m_VIDIOC_ENUM_FMT(r0, 0xc0405602, &(0x7f0000000140)={0x1f, 0x1, 0x0, "1c13ebdaf2f20d55806b26b1d750185fd75a206da058e85b2197edb1439b1cc2"}) pipe2$watch_queue(&(0x7f00000000c0), 0x80) bind$vsock_stream(0xffffffffffffffff, &(0x7f0000000040)={0x28, 0x0, 0x2710, @host}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f00000002c0)={'erspan0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="5000000010000100"/20, @ANYRES32=r3, @ANYBLOB="0000000000000000300012800b00010065727370616e000020000280040012000500160002000000060018"], 0x50}}, 0x81) 1.184148834s ago: executing program 3 (id=3997): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)) openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x101042, 0x0) r0 = socket$kcm(0xa, 0x2, 0x0) sendmsg$inet(r0, &(0x7f00000033c0)={&(0x7f0000000c80)={0x2, 0x4e20, @multicast2}, 0x10, 0x0, 0x0, &(0x7f0000000000)=ANY=[@ANYBLOB="3000000000000000290000000700000001441411", @ANYRES32], 0x30}, 0x0) 1.086758413s ago: executing program 4 (id=3998): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x3c1, 0x3, 0x510, 0x0, 0x18c, 0x203, 0x328, 0x19030600, 0x440, 0x2e0, 0x2e0, 0x440, 0x2e0, 0x3, 0x0, {[{{@uncond, 0x300, 0x300, 0x328, 0x0, {}, [@common=@unspec=@bpf0={{0x230}, {0x13, [{}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {}, {0x16}]}}, @common=@hl={{0x28}}]}, @common=@unspec=@NFQUEUE3={0x28, 'NFQUEUE\x00', 0x3, {0x0, 0x4}}}, {{@uncond, 0x0, 0xd0, 0x118, 0x0, {}, [@inet=@rpfilter={{0x28}}]}, @common=@unspec=@LED={0x48, 'LED\x00', 0x0, {'syz1\x00'}}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x5a5) 1.013485284s ago: executing program 3 (id=3999): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace20000088ff0000002100000002ff02000000000000000000000000000104004e200023b0"], 0x0) 920.255684ms ago: executing program 4 (id=4000): socket$vsock_stream(0x28, 0x1, 0x0) r0 = userfaultfd(0x801) ioctl$UFFDIO_API(r0, 0xc018aa3f, &(0x7f0000000140)) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f00000000c0)={{&(0x7f0000bcc000/0x4000)=nil, 0x4000}}) ioctl$UFFDIO_REGISTER(r0, 0xc020aa00, &(0x7f0000000100)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) syz_io_uring_setup(0x1f87, &(0x7f0000000080)={0x0, 0x0, 0x13550}, &(0x7f0000000040), &(0x7f0000000280)) r1 = syz_io_uring_setup(0x2ddd, &(0x7f00000006c0)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000140)=0x0) syz_io_uring_setup(0x991, &(0x7f0000000080), &(0x7f0000000180)=0x0, &(0x7f0000000380)) syz_io_uring_submit(r3, r2, &(0x7f00000001c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x4}) io_uring_enter(r1, 0x381b, 0x0, 0x0, 0x0, 0x0) 904.727479ms ago: executing program 2 (id=4001): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$PTRACE_SETSIGMASK(0x420b, r0, 0x0, 0x0) 811.54878ms ago: executing program 3 (id=4002): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000001c0)=ANY=[@ANYBLOB="12010000091c2f20c81403006c050102030109021b00010000000009040000018ea44300090585da24"], 0x0) pipe(&(0x7f0000000040)={0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@bloom_filter={0x1e, 0x1, 0xccb4, 0x9585, 0x122, r1, 0xfffffff9, '\x00', 0x0, 0xffffffffffffffff, 0x1, 0x1}, 0x48) (async) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.current\x00', 0x275a, 0x0) syz_usb_ep_write(r0, 0xfc, 0x0, 0x0) (async) syz_usb_connect(0x1, 0x24, &(0x7f0000000300)=ANY=[], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) (async) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) (async) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x2, 0x0) (async) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x10001) (async) quotactl_fd$Q_SETINFO(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0) (async) syz_usb_control_io$hid(0xffffffffffffffff, 0x0, 0x0) (async) syz_emit_ethernet(0xe2, 0x0, 0x0) (async) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) (async) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz1\x00', 0x1ff) (async) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) (async) fchdir(0xffffffffffffffff) socket$nl_route(0x10, 0x3, 0x0) (async) syz_open_dev$I2C(0x0, 0x0, 0x0) (async) socket(0x0, 0x0, 0x0) (async) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, 0x0, 0x0) writev(r2, &(0x7f0000000040)=[{&(0x7f00000000c0)='X', 0x1}], 0x1) (async) recvmmsg(r2, &(0x7f0000001540)=[{{0x0, 0x0, &(0x7f0000003bc0)=[{&(0x7f0000000200)=""/217, 0xd9}], 0x1}}], 0x1, 0x40000163, 0x0) (async) r3 = openat$hwrng(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) preadv(r3, &(0x7f0000000240), 0x0, 0x0, 0x0) (async) r4 = socket(0x10, 0x3, 0x0) sendto$inet6(r4, &(0x7f0000000080)="7800000018002507b9409b14ffff00000202be040205fe056403040c5c000900580020010a0000000d0085a168216b46d32345653600648d270015000a00000049935ade4a460c89b6ec0cff3959547f509058ba86c902007a00004a32000402160012000a0024a40423e000e218d1ddf66ed538f2523250", 0x78, 0x0, 0x0, 0x0) 737.854293ms ago: executing program 2 (id=4003): r0 = bpf$MAP_CREATE(0x1900000000000000, &(0x7f0000000040)=@base={0x1b, 0x0, 0x0, 0x2000}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000007c0)={0x8, 0x10, &(0x7f0000000240)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}, {}, {}, {0x85, 0x0, 0x64, 0x5}}, {}, [@exit]}, &(0x7f0000000200)='syzkaller\x00', 0xa, 0x100b, &(0x7f0000001e40)=""/4107}, 0x90) 402.308594ms ago: executing program 1 (id=4004): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000180)=0xfffd) r0 = openat$hwrng(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) preadv(r0, &(0x7f0000000240)=[{&(0x7f0000033a80)=""/102386, 0xfffffd6e}], 0x1, 0x0, 0x0) creat(0x0, 0x0) r1 = add_key$user(&(0x7f0000000640), &(0x7f0000000540), &(0x7f00000000c0), 0xc6, 0xfffffffffffffffd) r2 = add_key$user(&(0x7f0000000640), &(0x7f0000000540), &(0x7f00000000c0), 0xc6, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000080)={r2, r1, r1}, 0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000100)={'sha384-generic\x00'}}) r3 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(0xffffffffffffffff, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000140)) ioctl$VHOST_SET_FEATURES(0xffffffffffffffff, 0x4008af00, 0x0) r4 = dup2(0xffffffffffffffff, 0xffffffffffffffff) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, 0x0) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f0000000000)) 401.923703ms ago: executing program 2 (id=4005): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000003c0)={'netdevsim0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000140)=ANY=[@ANYBLOB="4000000010000100"/20, @ANYRES32=r2, @ANYBLOB="0000feffff7f000014001680100001800c0003"], 0x40}}, 0x0) 240.924389ms ago: executing program 2 (id=4006): ioctl$sock_ipv4_tunnel_SIOCCHGTUNNEL(0xffffffffffffffff, 0x89f3, &(0x7f0000000000)={'sit0\x00', &(0x7f00000002c0)={'syztnl1\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x1d, 0x4, 0x0, 0x0, 0x74, 0x0, 0x0, 0x0, 0x0, 0x0, @broadcast, @remote, {[@timestamp={0x44, 0x1c, 0x0, 0x0, 0x0, [0x401, 0x1000, 0x0, 0x0, 0x0, 0x0]}, @timestamp_prespec={0x44, 0x34, 0x0, 0x3, 0x0, [{@multicast2}, {@dev, 0x659}, {@broadcast}, {@empty}, {@multicast1}, {@private}]}, @noop, @noop, @lsrr={0x83, 0xb, 0x0, [@private, @rand_addr]}]}}}}}) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='hugetlb.2MB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000240), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x280000b, 0x28011, r2, 0x0) r3 = dup(r1) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x0, 0x2, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000300)=[@text64={0x40, 0x0}], 0xffff, 0x0, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_REGISTER_COALESCED_MMIO(r1, 0x4010ae67, &(0x7f00000001c0)={0x0, 0xd000}) ioctl$KVM_NMI(r4, 0xae9a) ioctl$KVM_RUN(r4, 0xae80, 0x0) 0s ago: executing program 4 (id=4007): socket$nl_route(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000380)='memory.events\x00', 0x275a, 0x0) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) r1 = epoll_create1(0x0) sendmsg$IPVS_CMD_SET_DEST(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000cc0)=ANY=[@ANYRES8=r1, @ANYRESHEX=r0, @ANYBLOB="01002abd7000fddbdf250600000014000380060004000100000008000100010000a07da635106f9da30038000280"], 0xae}}, 0x0) bpf$MAP_LOOKUP_BATCH(0x18, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000a00)="27e7", 0x0}, 0x38) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000640), 0xffffffffffffffff) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000340)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r2, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000980)=ANY=[@ANYBLOB="98030000", @ANYRES16=r3, @ANYBLOB="010028057000fcdbdf253b00000008000300", @ANYRES32=r5, @ANYBLOB="04008e00080057001b0a000004006c000500190107000000080026006c0900005603330080b0c000ffffffffffff"], 0x398}}, 0x0) kernel console output (not intermixed with test programs): 18 using dummy_hcd [ 1033.293266][T22393] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1033.303760][T22393] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1033.335836][T22393] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1033.371064][T22393] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1033.385323][T22393] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1033.413457][T22393] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1033.436376][T11707] usb 3-1: Using ep0 maxpacket: 8 [ 1033.449612][T11707] usb 3-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 1033.461797][T11707] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1033.476137][T11707] usb 3-1: Product: syz [ 1033.480501][T11707] usb 3-1: Manufacturer: syz [ 1033.485332][T11707] usb 3-1: SerialNumber: syz [ 1033.509085][T11707] usb 3-1: config 0 descriptor?? [ 1033.533151][T11707] gspca_main: sq905-2.14.0 probing 2770:9120 [ 1033.564640][T22393] hsr_slave_0: entered promiscuous mode [ 1033.583508][T12846] usb 2-1: USB disconnect, device number 26 [ 1033.583512][T22393] hsr_slave_1: entered promiscuous mode [ 1033.636208][T16300] Bluetooth: hci3: command tx timeout [ 1033.880002][T22263] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1033.939025][T22263] 8021q: adding VLAN 0 to HW filter on device team0 [ 1033.965152][ T25] bridge0: port 1(bridge_slave_0) entered blocking state [ 1033.972378][ T25] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1034.010888][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 1034.018180][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1034.096520][T12846] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 1034.227231][T22503] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3766'. [ 1034.236629][T11707] gspca_sq905: sq905_command: usb_control_msg failed 2 (-110) [ 1034.244205][T11707] sq905 3-1:0.0: probe with driver sq905 failed with error -110 [ 1034.316156][T12846] usb 2-1: Using ep0 maxpacket: 8 [ 1034.329875][T12846] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 1034.348573][T12846] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 1034.381055][T12846] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1034.400574][T12846] usb 2-1: config 250 has no interface number 0 [ 1034.416292][T12846] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1034.457102][T12846] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1034.481357][T12846] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1034.488662][T22263] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1034.534807][T12846] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1034.580876][T12846] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1034.616370][T12846] usb 2-1: config 250 interface 228 has no altsetting 0 [ 1034.636827][T12846] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1034.645909][T12846] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1034.673985][T22263] veth0_vlan: entered promiscuous mode [ 1034.679979][T12846] usb 2-1: Product: syz [ 1034.684186][T12846] usb 2-1: SerialNumber: syz [ 1034.709794][T12846] hub 2-1:250.228: bad descriptor, ignoring hub [ 1034.717366][T12846] hub 2-1:250.228: probe with driver hub failed with error -5 [ 1034.762566][T22263] veth1_vlan: entered promiscuous mode [ 1034.821972][T22393] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1034.854290][T22521] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3770'. [ 1034.869731][T22393] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1034.894771][T22393] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1034.924272][T22393] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1034.925471][T22497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1034.951299][T12846] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 27 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1034.974435][T22497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1035.060201][T22263] veth0_macvtap: entered promiscuous mode [ 1035.098730][T22263] veth1_macvtap: entered promiscuous mode [ 1035.175648][T22526] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3765'. [ 1035.191274][T22526] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3765'. [ 1035.221787][T22526] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1035.234953][T22526] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1035.249217][T22263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1035.263780][T22263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1035.282979][T22263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1035.309704][T22263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1035.333797][T22263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1035.349758][T22263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1035.389442][T22263] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1035.462608][T22263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1035.475363][T22263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1035.486348][T22263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1035.497804][T22263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1035.507810][T22263] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1035.528821][T22263] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1035.550084][T22263] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1035.600981][T22263] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1035.621051][T22263] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1035.646060][T22263] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1035.654807][T22263] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1035.729618][T22393] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1035.874199][T22393] 8021q: adding VLAN 0 to HW filter on device team0 [ 1035.937563][T12846] bridge0: port 1(bridge_slave_0) entered blocking state [ 1035.944705][T12846] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1036.041711][T12846] bridge0: port 2(bridge_slave_1) entered blocking state [ 1036.048931][T12846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1036.111132][ T5290] usb 3-1: USB disconnect, device number 18 [ 1036.249822][ T2973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1036.292911][ T2973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1036.460511][T22393] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1036.461308][T13001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1036.542833][T13001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1036.587591][T22393] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1036.698345][T22393] veth0_vlan: entered promiscuous mode [ 1036.743199][T22393] veth1_vlan: entered promiscuous mode [ 1036.756864][ T25] usb 5-1: new low-speed USB device number 17 using dummy_hcd [ 1036.936942][T22393] veth0_macvtap: entered promiscuous mode [ 1036.951815][T22393] veth1_macvtap: entered promiscuous mode [ 1036.959681][T12846] usb 2-1: USB disconnect, device number 27 [ 1036.978488][T12846] usblp0: removed [ 1037.011364][ T25] usb 5-1: string descriptor 0 read error: -22 [ 1037.036251][T11707] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 1037.039744][ T25] usb 5-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 1037.067206][T22393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1037.091966][T22393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1037.102132][ T25] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1037.113587][T22393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1037.124921][ T25] usb 5-1: config 0 descriptor?? [ 1037.139832][T22393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1037.152654][ T25] usbtest 5-1:0.0: FX2 device [ 1037.161904][T22393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1037.173491][ T25] usbtest 5-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 1037.211570][T22393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1037.226275][T11707] usb 4-1: Using ep0 maxpacket: 8 [ 1037.236384][T22393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1037.252577][T22393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1037.264296][T22393] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1037.282613][T22393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1037.293246][T22393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1037.314654][T22393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1037.322352][T11707] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1037.344082][T22393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1037.350451][T11707] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1037.355601][T22393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1037.394811][T11707] usb 4-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00 [ 1037.421956][T11707] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1037.441207][T22393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1037.446686][T11707] usb 4-1: config 0 descriptor?? [ 1037.473742][T22393] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1037.501111][T22393] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1037.535511][T22393] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1037.614926][T22393] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1037.655102][T22393] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1037.698156][T22393] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1037.726965][T22393] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1037.772620][T22587] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3780'. [ 1037.894857][T11707] usbhid 4-1:0.0: can't add hid device: -71 [ 1037.922041][T11707] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1037.958346][T22588] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1038.010596][T11707] usb 4-1: USB disconnect, device number 15 [ 1038.179223][ T4579] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1038.200072][ T4579] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1038.288963][ T4579] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1038.302797][ T4579] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1038.526430][ T9] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 1038.736110][ T9] usb 3-1: Using ep0 maxpacket: 8 [ 1038.784571][ T9] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1038.834382][ T9] usb 3-1: config 1 has no interface number 1 [ 1038.861593][ T9] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1038.909162][ T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1038.942097][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1038.976153][ T9] usb 3-1: Product: syz [ 1038.986901][ T9] usb 3-1: Manufacturer: syz [ 1039.008494][ T9] usb 3-1: SerialNumber: syz [ 1039.177862][T11707] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 1039.253413][T22598] netlink: 'syz.2.3781': attribute type 11 has an invalid length. [ 1039.299909][T12846] usb 5-1: USB disconnect, device number 17 [ 1039.309987][ T9] usb 3-1: 2:1 : unsupported format bits 0x8000000 [ 1039.386551][ T9] usb 3-1: USB disconnect, device number 19 [ 1039.392585][T11707] usb 4-1: Using ep0 maxpacket: 8 [ 1039.434316][T11707] usb 4-1: config index 0 descriptor too short (expected 5924, got 36) [ 1039.476278][T11707] usb 4-1: config 250 has an invalid interface number: 228 but max is -1 [ 1039.484802][T11707] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1039.526983][T11707] usb 4-1: config 250 has no interface number 0 [ 1039.535316][T11707] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1039.586097][T11707] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1039.606368][T11707] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1039.626028][T11707] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1039.650443][T11707] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1039.681051][T11707] usb 4-1: config 250 interface 228 has no altsetting 0 [ 1039.703658][T11707] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1039.714614][T19518] udevd[19518]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1039.723859][T11707] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1039.767887][T11707] usb 4-1: Product: syz [ 1039.772109][T11707] usb 4-1: SerialNumber: syz [ 1039.804216][T22647] netlink: 104 bytes leftover after parsing attributes in process `syz.0.3789'. [ 1039.811290][T11707] hub 4-1:250.228: bad descriptor, ignoring hub [ 1039.830192][T11707] hub 4-1:250.228: probe with driver hub failed with error -5 [ 1040.028384][T22620] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1040.049735][T11707] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 16 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1040.072517][T22620] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1040.249056][T22665] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3786'. [ 1040.262351][T22665] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3786'. [ 1040.289840][T22665] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1040.301574][T19531] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 1040.315262][T22665] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1040.486338][T19531] usb 3-1: Using ep0 maxpacket: 8 [ 1040.529351][T19531] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1040.566159][T19531] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1040.608632][T19531] usb 3-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00 [ 1040.642679][T19531] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1040.679702][T19531] usb 3-1: config 0 descriptor?? [ 1041.146656][T19531] usbhid 3-1:0.0: can't add hid device: -71 [ 1041.183457][T19531] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1041.222822][T19531] usb 3-1: USB disconnect, device number 20 [ 1042.086277][T12846] usb 4-1: USB disconnect, device number 16 [ 1042.120009][T12846] usblp0: removed [ 1042.416363][ T8] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 1042.426334][T12846] usb 3-1: new low-speed USB device number 21 using dummy_hcd [ 1042.648268][T12846] usb 3-1: string descriptor 0 read error: -22 [ 1042.665720][T12846] usb 3-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 1042.676387][ T8] usb 1-1: Using ep0 maxpacket: 16 [ 1042.682446][T12846] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1042.684241][ T8] usb 1-1: config 0 has an invalid interface number: 238 but max is 0 [ 1042.699610][T12846] usb 3-1: config 0 descriptor?? [ 1042.714485][T12846] usbtest 3-1:0.0: FX2 device [ 1042.723811][T12846] usbtest 3-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 1042.730301][ T8] usb 1-1: config 0 has no interface number 0 [ 1042.742522][ T8] usb 1-1: config 0 interface 238 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1042.855813][ T8] usb 1-1: New USB device found, idVendor=12d1, idProduct=70b9, bcdDevice=c4.7f [ 1042.922249][ T8] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1042.966411][ T8] usb 1-1: Product: syz [ 1042.978370][ T8] usb 1-1: Manufacturer: syz [ 1042.979146][T12846] usb 3-1: USB disconnect, device number 21 [ 1043.015825][ T8] usb 1-1: SerialNumber: syz [ 1043.051825][ T8] usb 1-1: config 0 descriptor?? [ 1043.081987][ T2973] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1043.083843][ T8] option 1-1:0.238: GSM modem (1-port) converter detected [ 1043.273821][ T8] usb 1-1: USB disconnect, device number 18 [ 1043.300275][ T8] option 1-1:0.238: device disconnected [ 1043.374959][ T2973] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1043.543763][ T2973] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1043.654302][ T2973] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1043.956966][ T2973] bridge_slave_1: left allmulticast mode [ 1043.975118][ T2973] bridge_slave_1: left promiscuous mode [ 1044.017273][ T2973] bridge0: port 2(bridge_slave_1) entered disabled state [ 1044.048499][T22744] FAULT_INJECTION: forcing a failure. [ 1044.048499][T22744] name failslab, interval 1, probability 0, space 0, times 0 [ 1044.072295][ T5228] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1044.143108][T22744] CPU: 1 UID: 0 PID: 22744 Comm: syz.0.3810 Not tainted 6.11.0-rc2-syzkaller-00013-gd4560686726f #0 [ 1044.144153][ T5228] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1044.153898][T22744] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1044.153917][T22744] Call Trace: [ 1044.153927][T22744] [ 1044.153936][T22744] dump_stack_lvl+0x241/0x360 [ 1044.153970][T22744] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1044.153995][T22744] ? __pfx__printk+0x10/0x10 [ 1044.154022][T22744] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 1044.154044][T22744] ? __pfx___might_resched+0x10/0x10 [ 1044.154074][T22744] should_fail_ex+0x3b0/0x4e0 [ 1044.154100][T22744] should_failslab+0xac/0x100 [ 1044.154128][T22744] ? __request_module+0x2b9/0x650 [ 1044.154154][T22744] __kmalloc_cache_noprof+0x6c/0x2c0 [ 1044.154181][T22744] __request_module+0x2b9/0x650 [ 1044.154209][T22744] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1044.154232][T22744] ? mark_lock+0x9a/0x350 [ 1044.237434][T22744] ? __pfx___request_module+0x10/0x10 [ 1044.242854][T22744] ? kfree+0x149/0x360 [ 1044.246953][T22744] nvmf_dev_write+0x20a2/0x2f80 [ 1044.251883][T22744] ? __pfx_nvmf_dev_write+0x10/0x10 [ 1044.257157][T22744] ? bpf_lsm_file_permission+0x9/0x10 [ 1044.262550][T22744] ? security_file_permission+0x7f/0xa0 [ 1044.268113][T22744] ? rw_verify_area+0x1d2/0x6b0 [ 1044.272986][T22744] vfs_writev+0x5af/0xbb0 [ 1044.277347][T22744] ? __pfx_nvmf_dev_write+0x10/0x10 [ 1044.279596][ T5228] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1044.282549][T22744] ? __pfx_vfs_writev+0x10/0x10 [ 1044.282573][T22744] ? vfs_write+0x7c4/0xc90 [ 1044.282605][T22744] ? __fget_files+0x29/0x470 [ 1044.282643][T22744] do_writev+0x1b1/0x350 [ 1044.282664][T22744] ? __pfx_do_writev+0x10/0x10 [ 1044.282682][T22744] ? do_syscall_64+0x100/0x230 [ 1044.282708][T22744] ? do_syscall_64+0xb6/0x230 [ 1044.282734][T22744] do_syscall_64+0xf3/0x230 [ 1044.282759][T22744] ? clear_bhb_loop+0x35/0x90 [ 1044.282816][T22744] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1044.282834][T22744] RIP: 0033:0x7f4f139779f9 [ 1044.282853][T22744] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1044.282868][T22744] RSP: 002b:00007f4f1473f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 1044.282890][T22744] RAX: ffffffffffffffda RBX: 00007f4f13b05f80 RCX: 00007f4f139779f9 [ 1044.282905][T22744] RDX: 0000000000000001 RSI: 0000000020005740 RDI: 0000000000000003 [ 1044.282919][T22744] RBP: 00007f4f1473f090 R08: 0000000000000000 R09: 0000000000000000 [ 1044.282933][T22744] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1044.282944][T22744] R13: 0000000000000000 R14: 00007f4f13b05f80 R15: 00007f4f13c2fa38 [ 1044.282971][T22744] [ 1044.506494][ T2973] bridge_slave_0: left allmulticast mode [ 1044.512152][ T2973] bridge_slave_0: left promiscuous mode [ 1044.528646][ T5228] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1044.529110][T22744] nvme_fabrics: missing parameter 'transport=%s' [ 1044.538311][ T5228] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 1044.542678][T22744] nvme_fabrics: missing parameter 'nqn=%s' [ 1044.560720][ T5228] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1044.568353][ T2973] bridge0: port 1(bridge_slave_0) entered disabled state [ 1044.586183][ T944] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 1044.796673][ T944] usb 4-1: Using ep0 maxpacket: 8 [ 1044.870244][ T944] usb 4-1: config index 0 descriptor too short (expected 5924, got 36) [ 1044.903181][ T944] usb 4-1: config 250 has an invalid interface number: 228 but max is -1 [ 1044.943269][ T944] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1044.976158][ T944] usb 4-1: config 250 has no interface number 0 [ 1044.982545][ T944] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1045.014056][ T944] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1045.036024][ T944] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1045.067083][ T944] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1045.077939][ T944] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1045.135000][ T944] usb 4-1: config 250 interface 228 has no altsetting 0 [ 1045.170761][ T944] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1045.204185][ T944] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1045.302607][ T944] usb 4-1: Product: syz [ 1045.329766][ T944] usb 4-1: SerialNumber: syz [ 1045.359067][ T944] hub 4-1:250.228: bad descriptor, ignoring hub [ 1045.376984][ T944] hub 4-1:250.228: probe with driver hub failed with error -5 [ 1045.612645][ T944] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 17 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1045.613135][T22752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1045.640987][T22752] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1045.763563][T16300] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1045.778597][T22781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1045.791295][T16300] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1045.816353][T16300] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1045.827636][T22781] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1045.839205][T16300] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1045.846987][T16300] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1045.855591][T16300] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1045.896055][T12846] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 1046.087768][T12846] usb 1-1: Using ep0 maxpacket: 8 [ 1046.094700][T12846] usb 1-1: config index 0 descriptor too short (expected 5924, got 36) [ 1046.106401][T12846] usb 1-1: config 250 has an invalid interface number: 228 but max is -1 [ 1046.115771][ T2973] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1046.124748][T12846] usb 1-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1046.137100][T12846] usb 1-1: config 250 has no interface number 0 [ 1046.143689][ T2973] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1046.157507][ T2973] bond0 (unregistering): Released all slaves [ 1046.163767][T12846] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1046.191435][T12846] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1046.211219][T12846] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1046.226158][T12846] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1046.254696][T12846] usb 1-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1046.319950][T12846] usb 1-1: config 250 interface 228 has no altsetting 0 [ 1046.344325][T12846] usb 1-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1046.360675][T12846] usb 1-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1046.371259][T12846] usb 1-1: Product: syz [ 1046.375502][T12846] usb 1-1: SerialNumber: syz [ 1046.393090][T12846] hub 1-1:250.228: bad descriptor, ignoring hub [ 1046.399737][T12846] hub 1-1:250.228: probe with driver hub failed with error -5 [ 1046.411144][T22779] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3812'. [ 1046.420207][T22779] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3812'. [ 1046.634428][T12846] usblp 1-1:250.228: usblp1: USB Bidirectional printer dev 19 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1046.652429][T22778] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1046.673750][T22778] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1046.681823][ T5228] Bluetooth: hci2: command tx timeout [ 1046.841517][T22788] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3817'. [ 1046.867456][T22788] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3817'. [ 1046.909321][T22791] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1046.935094][T22791] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1046.952148][ T2973] hsr_slave_0: left promiscuous mode [ 1046.981305][ T2973] hsr_slave_1: left promiscuous mode [ 1047.011159][ T2973] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1047.024340][ T2973] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1047.034107][ T2973] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1047.044381][ T2973] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1047.092427][ T2973] veth1_macvtap: left promiscuous mode [ 1047.099500][ T2973] veth0_macvtap: left promiscuous mode [ 1047.115034][ T2973] veth1_vlan: left promiscuous mode [ 1047.130023][ T2973] veth0_vlan: left promiscuous mode [ 1047.637572][T12901] usb 4-1: USB disconnect, device number 17 [ 1047.653952][T12901] usblp0: removed [ 1047.965513][ T5228] Bluetooth: hci1: command tx timeout [ 1048.484656][ T2973] team0 (unregistering): Port device team_slave_1 removed [ 1048.556210][ T944] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 1048.567150][ T2973] team0 (unregistering): Port device team_slave_0 removed [ 1048.748537][ T46] usb 1-1: USB disconnect, device number 19 [ 1048.756474][ T5228] Bluetooth: hci2: command tx timeout [ 1048.767008][ T944] usb 3-1: Using ep0 maxpacket: 8 [ 1048.790038][ T46] usblp1: removed [ 1048.791866][ T944] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 1048.831401][ T944] usb 3-1: New USB device found, idVendor=0763, idProduct=2080, bcdDevice=d9.40 [ 1048.852511][ T944] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1048.860689][ T944] usb 3-1: Product: syz [ 1048.874333][ T944] usb 3-1: Manufacturer: syz [ 1048.879971][ T944] usb 3-1: SerialNumber: syz [ 1048.886951][ T944] usb 3-1: config 0 descriptor?? [ 1049.146486][ T46] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 1049.192465][ T944] usb 3-1: USB disconnect, device number 22 [ 1049.343610][ T46] usb 1-1: Using ep0 maxpacket: 16 [ 1049.385291][ T46] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1049.395676][ T46] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1049.419646][ T46] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 1049.428884][ T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1049.462631][ T46] usb 1-1: config 0 descriptor?? [ 1049.479993][ T46] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1049.502151][T19518] udevd[19518]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1049.929269][T22826] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1049.955566][T22826] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1050.045177][ T5228] Bluetooth: hci1: command tx timeout [ 1050.134131][T22757] chnl_net:caif_netlink_parms(): no params data found [ 1050.148488][T22782] chnl_net:caif_netlink_parms(): no params data found [ 1050.196030][T12846] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 1050.256115][T12901] usb 4-1: new low-speed USB device number 18 using dummy_hcd [ 1050.376095][T12846] usb 3-1: device descriptor read/64, error -71 [ 1050.475124][T12901] usb 4-1: string descriptor 0 read error: -22 [ 1050.487321][T12901] usb 4-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 1050.497041][T12901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1050.515059][T12901] usb 4-1: config 0 descriptor?? [ 1050.526469][T12901] usbtest 4-1:0.0: FX2 device [ 1050.534156][T12901] usbtest 4-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 1050.686467][T12846] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 1050.708007][T22757] bridge0: port 1(bridge_slave_0) entered blocking state [ 1050.726463][T22757] bridge0: port 1(bridge_slave_0) entered disabled state [ 1050.742313][T22757] bridge_slave_0: entered allmulticast mode [ 1050.752047][ T46] usb 4-1: USB disconnect, device number 18 [ 1050.757676][T22757] bridge_slave_0: entered promiscuous mode [ 1050.796746][T22757] bridge0: port 2(bridge_slave_1) entered blocking state [ 1050.812094][T22757] bridge0: port 2(bridge_slave_1) entered disabled state [ 1050.824366][T22757] bridge_slave_1: entered allmulticast mode [ 1050.840548][ T5228] Bluetooth: hci2: command tx timeout [ 1050.840617][T22757] bridge_slave_1: entered promiscuous mode [ 1050.853175][T12846] usb 3-1: device descriptor read/64, error -71 [ 1050.856110][T22782] bridge0: port 1(bridge_slave_0) entered blocking state [ 1050.889726][T22782] bridge0: port 1(bridge_slave_0) entered disabled state [ 1050.897890][T22782] bridge_slave_0: entered allmulticast mode [ 1050.910123][T22782] bridge_slave_0: entered promiscuous mode [ 1050.971612][T22782] bridge0: port 2(bridge_slave_1) entered blocking state [ 1050.988059][T22782] bridge0: port 2(bridge_slave_1) entered disabled state [ 1051.000234][T12846] usb usb3-port1: attempt power cycle [ 1051.006644][T22782] bridge_slave_1: entered allmulticast mode [ 1051.018912][T22782] bridge_slave_1: entered promiscuous mode [ 1051.051904][T22757] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1051.065880][T22757] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1051.161199][T22782] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1051.185191][T22757] team0: Port device team_slave_0 added [ 1051.213927][T22782] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1051.254176][T22757] team0: Port device team_slave_1 added [ 1051.355738][T22782] team0: Port device team_slave_0 added [ 1051.373965][T22757] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1051.382887][T22757] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1051.429519][T12846] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 1051.451096][T22757] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1051.471833][T22757] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1051.482856][T12846] usb 3-1: device descriptor read/8, error -71 [ 1051.490929][T22757] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1051.529972][T22757] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1051.564915][T22782] team0: Port device team_slave_1 added [ 1051.723792][T22782] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1051.735787][T22782] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1051.763045][T12846] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 1051.778146][T22782] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1051.799113][T12846] usb 3-1: device descriptor read/8, error -71 [ 1051.861219][ T5290] usb 1-1: USB disconnect, device number 20 [ 1051.889193][T22757] hsr_slave_0: entered promiscuous mode [ 1051.918939][T12846] usb usb3-port1: unable to enumerate USB device [ 1051.954106][T22757] hsr_slave_1: entered promiscuous mode [ 1051.979157][T22757] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1051.994752][T22757] Cannot create hsr debugfs directory [ 1052.015797][T22782] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1052.068321][T22782] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1052.116296][ T5228] Bluetooth: hci1: command tx timeout [ 1052.163179][T22782] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1052.293690][T22782] hsr_slave_0: entered promiscuous mode [ 1052.301265][T22782] hsr_slave_1: entered promiscuous mode [ 1052.311021][T22782] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1052.318900][T22782] Cannot create hsr debugfs directory [ 1052.406521][T12846] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 1052.607701][T12846] usb 1-1: descriptor type invalid, skip [ 1052.620603][T12846] usb 1-1: descriptor type invalid, skip [ 1052.629796][T12846] usb 1-1: descriptor type invalid, skip [ 1052.636357][T12846] usb 1-1: descriptor type invalid, skip [ 1052.643445][T12846] usb 1-1: descriptor type invalid, skip [ 1052.668044][T12846] usb 1-1: config 1 interface 0 altsetting 231 bulk endpoint 0x1 has invalid maxpacket 32 [ 1052.680565][T12846] usb 1-1: config 1 interface 0 has no altsetting 0 [ 1052.696200][T12846] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 1052.706694][T12846] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1052.714907][T12846] usb 1-1: Product: ࠌ [ 1052.728414][T12846] usb 1-1: Manufacturer: ȗ⩪㞄밽屠莅㩁齟୾ᗞ洫뜠ඓ睗ǽ馊䚭讇㕁㣸ꗌ㓛Ὃ楄銹ꋥ껗⊻矤ك琮褟ᄆ言晔飧쳾慧핀匥忋呑듄쯮ဈ톉薓䆻翳켊ﹰ杈 [ 1052.754020][T12846] usb 1-1: SerialNumber: ц [ 1052.791679][T22871] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1052.829672][T22757] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1052.917448][ T5228] Bluetooth: hci2: command tx timeout [ 1052.950639][T22878] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3828'. [ 1052.997654][T22757] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1053.039839][T12846] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 21 if 0 alt 231 proto 1 vid 0x0525 pid 0xA4A8 [ 1053.067615][T12846] usb 1-1: USB disconnect, device number 21 [ 1053.086158][T19531] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 1053.114751][T12846] usblp0: removed [ 1053.193052][T22757] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1053.304176][ T29] audit: type=1326 audit(1723072215.697:1064): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22876 comm="syz.2.3828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0e49779f9 code=0x7ffc0000 [ 1053.306300][T19531] usb 4-1: Using ep0 maxpacket: 8 [ 1053.378411][ T29] audit: type=1326 audit(1723072215.727:1065): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22876 comm="syz.2.3828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0e49779f9 code=0x7ffc0000 [ 1053.380742][T19531] usb 4-1: config index 0 descriptor too short (expected 5924, got 36) [ 1053.410428][T19531] usb 4-1: config 250 has an invalid interface number: 228 but max is -1 [ 1053.420720][T22757] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1053.435013][T19531] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1053.444935][T19531] usb 4-1: config 250 has no interface number 0 [ 1053.452835][T19531] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1053.467215][T19531] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1053.487351][ T29] audit: type=1326 audit(1723072215.747:1066): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22876 comm="syz.2.3828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=448 compat=0 ip=0x7fb0e49779f9 code=0x7ffc0000 [ 1053.489451][T19531] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1053.563415][ T29] audit: type=1326 audit(1723072215.747:1067): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22876 comm="syz.2.3828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0e49779f9 code=0x7ffc0000 [ 1053.607976][ T29] audit: type=1326 audit(1723072215.747:1068): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22876 comm="syz.2.3828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0e49779f9 code=0x7ffc0000 [ 1053.630241][T19531] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1053.687144][T19531] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1053.707654][ T29] audit: type=1326 audit(1723072215.747:1069): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22876 comm="syz.2.3828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb0e49779f9 code=0x7ffc0000 [ 1053.786131][T19531] usb 4-1: config 250 interface 228 has no altsetting 0 [ 1053.816548][T19531] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1053.826247][T19531] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1053.833999][ T29] audit: type=1326 audit(1723072215.747:1070): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22876 comm="syz.2.3828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0e49779f9 code=0x7ffc0000 [ 1053.834511][T19531] usb 4-1: Product: syz [ 1053.860212][ T29] audit: type=1326 audit(1723072215.747:1071): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22876 comm="syz.2.3828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0e49779f9 code=0x7ffc0000 [ 1053.896944][T19531] usb 4-1: SerialNumber: syz [ 1053.903417][ T29] audit: type=1326 audit(1723072215.747:1072): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22876 comm="syz.2.3828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb0e49779f9 code=0x7ffc0000 [ 1053.931420][ T29] audit: type=1326 audit(1723072215.747:1073): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22876 comm="syz.2.3828" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb0e49779f9 code=0x7ffc0000 [ 1053.998334][T19531] hub 4-1:250.228: bad descriptor, ignoring hub [ 1054.014593][T22757] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 1054.022094][T19531] hub 4-1:250.228: probe with driver hub failed with error -5 [ 1054.035830][T22757] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 1054.167116][ T944] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 1054.188684][T22757] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 1054.201295][ T5228] Bluetooth: hci1: command tx timeout [ 1054.212967][T22875] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1054.222077][T19531] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 19 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1054.248679][T22757] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 1054.279214][T22875] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1054.376944][ T944] usb 3-1: Using ep0 maxpacket: 8 [ 1054.387391][ T944] usb 3-1: config index 0 descriptor too short (expected 5924, got 36) [ 1054.410279][ T944] usb 3-1: config 250 has an invalid interface number: 228 but max is -1 [ 1054.443187][ T944] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1054.470557][T22904] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3827'. [ 1054.486815][T22904] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3827'. [ 1054.486901][ T944] usb 3-1: config 250 has no interface number 0 [ 1054.506228][ T944] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1054.508349][T22904] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1054.527114][T22904] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1054.579528][ T944] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1054.637507][ T944] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1054.665318][ T944] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1054.685654][ T944] usb 3-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1054.705748][ T944] usb 3-1: config 250 interface 228 has no altsetting 0 [ 1054.729181][ T944] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1054.744863][ T944] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1054.758124][ T944] usb 3-1: Product: syz [ 1054.782366][ T944] usb 3-1: SerialNumber: syz [ 1054.849264][ T1261] ieee802154 phy0 wpan0: encryption failed: -22 [ 1054.863330][ T1261] ieee802154 phy1 wpan1: encryption failed: -22 [ 1054.882985][ T944] hub 3-1:250.228: bad descriptor, ignoring hub [ 1054.941593][ T944] hub 3-1:250.228: probe with driver hub failed with error -5 [ 1054.999187][T22910] input: syz0 as /devices/virtual/input/input56 [ 1055.095900][T22901] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1055.105774][T22913] FAULT_INJECTION: forcing a failure. [ 1055.105774][T22913] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1055.135590][ T944] usblp 3-1:250.228: usblp1: USB Bidirectional printer dev 27 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1055.145845][T22913] CPU: 1 UID: 0 PID: 22913 Comm: syz.0.3833 Not tainted 6.11.0-rc2-syzkaller-00013-gd4560686726f #0 [ 1055.157775][T22913] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1055.167832][T22913] Call Trace: [ 1055.171110][T22913] [ 1055.174035][T22913] dump_stack_lvl+0x241/0x360 [ 1055.178718][T22913] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1055.183912][T22913] ? __pfx__printk+0x10/0x10 [ 1055.188499][T22913] ? __pfx_lock_release+0x10/0x10 [ 1055.193524][T22913] should_fail_ex+0x3b0/0x4e0 [ 1055.198203][T22913] _copy_from_user+0x2f/0xe0 [ 1055.202846][T22913] input_event_from_user+0x1e2/0x4a0 [ 1055.208131][T22913] ? __pfx_input_event_from_user+0x10/0x10 [ 1055.213936][T22913] ? input_event+0xa4/0xd0 [ 1055.218343][T22913] uinput_write+0x47e/0x12a0 [ 1055.222939][T22913] ? __pfx_uinput_write+0x10/0x10 [ 1055.227960][T22913] ? bpf_lsm_file_permission+0x9/0x10 [ 1055.233330][T22913] ? security_file_permission+0x7f/0xa0 [ 1055.238874][T22913] ? rw_verify_area+0x1d2/0x6b0 [ 1055.243723][T22913] ? __pfx_uinput_write+0x10/0x10 [ 1055.248751][T22913] vfs_write+0x2a2/0xc90 [ 1055.253000][T22913] ? __pfx_vfs_write+0x10/0x10 [ 1055.257759][T22913] ? __fget_files+0x29/0x470 [ 1055.262344][T22913] ? __fget_files+0x3f6/0x470 [ 1055.267014][T22913] ? __fget_files+0x29/0x470 [ 1055.271606][T22913] ksys_write+0x1a0/0x2c0 [ 1055.275935][T22913] ? __pfx_ksys_write+0x10/0x10 [ 1055.280781][T22913] ? do_syscall_64+0x100/0x230 [ 1055.285538][T22913] ? do_syscall_64+0xb6/0x230 [ 1055.290210][T22913] do_syscall_64+0xf3/0x230 [ 1055.294709][T22913] ? clear_bhb_loop+0x35/0x90 [ 1055.299383][T22913] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1055.305268][T22913] RIP: 0033:0x7f4f139779f9 [ 1055.309679][T22913] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1055.329287][T22913] RSP: 002b:00007f4f1471e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1055.337696][T22913] RAX: ffffffffffffffda RBX: 00007f4f13b06058 RCX: 00007f4f139779f9 [ 1055.345663][T22913] RDX: 000000000000045c RSI: 00000000200021c0 RDI: 0000000000000003 [ 1055.353625][T22913] RBP: 00007f4f1471e090 R08: 0000000000000000 R09: 0000000000000000 [ 1055.361586][T22913] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1055.369547][T22913] R13: 0000000000000001 R14: 00007f4f13b06058 R15: 00007f4f13c2fa38 [ 1055.377520][T22913] [ 1055.395715][T22782] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1055.431227][T22901] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1055.498173][T22782] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1055.570443][T22916] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3831'. [ 1055.594332][T22916] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3831'. [ 1055.598675][T22919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1055.621701][T22919] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1055.636742][T22782] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1055.703456][T22782] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1055.800291][T22757] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1055.943776][T22757] 8021q: adding VLAN 0 to HW filter on device team0 [ 1055.983236][T11707] bridge0: port 1(bridge_slave_0) entered blocking state [ 1055.990446][T11707] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1056.009005][T12901] usb 4-1: USB disconnect, device number 19 [ 1056.046343][ T5228] Bluetooth: hci3: command tx timeout [ 1056.086714][ T8] bridge0: port 2(bridge_slave_1) entered blocking state [ 1056.093810][ T8] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1056.171575][T12901] usblp0: removed [ 1056.366863][T22782] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1056.457682][T22782] 8021q: adding VLAN 0 to HW filter on device team0 [ 1056.476318][T19531] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 1056.520338][ T8] bridge0: port 1(bridge_slave_0) entered blocking state [ 1056.527525][ T8] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1056.580615][ T46] bridge0: port 2(bridge_slave_1) entered blocking state [ 1056.587761][ T46] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1056.611095][T12901] usb 4-1: new low-speed USB device number 20 using dummy_hcd [ 1056.696107][T19531] usb 1-1: Using ep0 maxpacket: 16 [ 1056.705139][T22757] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1056.714282][T19531] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1056.748880][T19531] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 1056.764821][T19531] usb 1-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 1056.779626][T19531] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1056.793445][T19531] usb 1-1: config 0 descriptor?? [ 1056.813892][T12901] usb 4-1: string descriptor 0 read error: -22 [ 1056.846367][T12901] usb 4-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 1056.858028][T19531] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1056.908793][T12901] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1056.991158][T12901] usb 4-1: config 0 descriptor?? [ 1057.021829][T22757] veth0_vlan: entered promiscuous mode [ 1057.033437][T12901] usbtest 4-1:0.0: FX2 device [ 1057.052380][T22782] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1057.061127][T12901] usbtest 4-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 1057.086735][T19531] usb 3-1: USB disconnect, device number 27 [ 1057.115208][T19531] usblp1: removed [ 1057.184659][T22757] veth1_vlan: entered promiscuous mode [ 1057.260132][T12901] usb 4-1: USB disconnect, device number 20 [ 1057.351471][T22757] veth0_macvtap: entered promiscuous mode [ 1057.390204][T22782] veth0_vlan: entered promiscuous mode [ 1057.403265][T22757] veth1_macvtap: entered promiscuous mode [ 1057.479657][T22782] veth1_vlan: entered promiscuous mode [ 1057.488472][T19531] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1057.500243][T22757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1057.514963][T22757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1057.528107][T22757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1057.541565][T22757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1057.562482][T22757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1057.580588][T22757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1057.595704][T22757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1057.610132][T22757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1057.654945][T22757] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1057.696393][T19531] usb 3-1: device descriptor read/64, error -71 [ 1057.729553][T22757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1057.743712][T22757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1057.764454][T22757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1057.776979][T22757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1057.796249][T22757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1057.815600][T22757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1057.834006][T22757] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1057.845140][T22757] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1057.888675][T22757] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1057.918445][T22757] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1057.943704][T22757] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1057.952721][T22757] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1057.966000][T22757] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1057.986365][T19531] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 1058.132629][T22782] veth0_macvtap: entered promiscuous mode [ 1058.147409][T19531] usb 3-1: device descriptor read/64, error -71 [ 1058.223095][T22782] veth1_macvtap: entered promiscuous mode [ 1058.270766][ T2973] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1058.286809][T19531] usb usb3-port1: attempt power cycle [ 1058.294207][ T2973] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1058.373582][T13001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1058.381222][T22782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1058.382872][T13001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1058.407978][T22782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1058.423617][T22782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1058.439277][T22782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1058.454198][T22782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1058.465986][T22782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1058.480652][T22782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1058.492173][T22782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1058.508101][T22782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1058.523355][T22782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1058.565793][T22782] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1058.645556][T22782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1058.681844][T22782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1058.712973][T22782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1058.734812][ T29] kauditd_printk_skb: 1 callbacks suppressed [ 1058.734832][ T29] audit: type=1326 audit(1723072221.127:1075): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.3809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcfd09779f9 code=0x7ffc0000 [ 1058.735582][T22782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1058.746212][T19531] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 1058.790463][ T29] audit: type=1326 audit(1723072221.167:1076): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.3809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcfd09779f9 code=0x7ffc0000 [ 1058.816396][ T29] audit: type=1326 audit(1723072221.167:1077): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.3809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcfd09779f9 code=0x7ffc0000 [ 1058.840460][ T29] audit: type=1326 audit(1723072221.167:1078): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.3809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcfd09779f9 code=0x7ffc0000 [ 1058.863285][T22782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1058.876665][ T29] audit: type=1326 audit(1723072221.167:1079): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.3809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcfd09779f9 code=0x7ffc0000 [ 1058.902415][T19531] usb 3-1: device descriptor read/8, error -71 [ 1058.910148][T22782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1058.923570][T22782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1058.934731][T22782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1058.949080][ T29] audit: type=1326 audit(1723072221.167:1080): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.3809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcfd09779f9 code=0x7ffc0000 [ 1058.983014][T22782] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1058.995458][T22782] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1059.006229][ T29] audit: type=1326 audit(1723072221.167:1081): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.3809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcfd09779f9 code=0x7ffc0000 [ 1059.033326][T22782] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1059.047720][T22782] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1059.057886][ T29] audit: type=1326 audit(1723072221.167:1082): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.3809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcfd09779f9 code=0x7ffc0000 [ 1059.080984][T22782] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1059.101309][T22782] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1059.112689][ T29] audit: type=1326 audit(1723072221.167:1083): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.3809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcfd09779f9 code=0x7ffc0000 [ 1059.143094][T22782] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1059.176136][T19531] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 1059.222107][ T29] audit: type=1326 audit(1723072221.167:1084): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=22967 comm="syz.4.3809" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcfd09779f9 code=0x7ffc0000 [ 1059.274663][T19531] usb 3-1: device descriptor read/8, error -71 [ 1059.315588][ T8] usb 1-1: USB disconnect, device number 22 [ 1059.400945][T19531] usb usb3-port1: unable to enumerate USB device [ 1059.489907][T10849] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1059.517794][T10849] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1059.619993][T13001] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1059.630324][T13001] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1059.727314][T11707] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 1059.839033][T22992] vlan2: entered promiscuous mode [ 1059.850672][T22992] bond0: entered promiscuous mode [ 1059.862101][T22992] bond_slave_0: entered promiscuous mode [ 1059.881998][T22992] bond_slave_1: entered promiscuous mode [ 1059.896382][ T8] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 1059.910810][T22992] bond0: left promiscuous mode [ 1059.918744][T22992] bond_slave_0: left promiscuous mode [ 1059.929117][T22992] bond_slave_1: left promiscuous mode [ 1059.937025][T11707] usb 5-1: Using ep0 maxpacket: 16 [ 1059.948997][T11707] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 31551, setting to 1024 [ 1059.986295][T11707] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1060.019441][T11707] usb 5-1: New USB device found, idVendor=061d, idProduct=c160, bcdDevice=8f.9a [ 1060.046208][T11707] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1060.076396][T11707] usb 5-1: Product: syz [ 1060.080618][T11707] usb 5-1: Manufacturer: syz [ 1060.085226][T11707] usb 5-1: SerialNumber: syz [ 1060.106445][ T8] usb 1-1: Using ep0 maxpacket: 8 [ 1060.129969][ T8] usb 1-1: New USB device found, idVendor=0fe9, idProduct=db51, bcdDevice=79.b0 [ 1060.176132][T11707] usb 5-1: config 0 descriptor?? [ 1060.181522][ T8] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1060.190020][T22982] raw-gadget.1 gadget.4: fail, usb_ep_enable returned -22 [ 1060.211238][ T8] usb 1-1: config 0 descriptor?? [ 1060.244583][ T8] dvb-usb: found a 'DViCO FusionHDTV DVB-T Dual USB' in warm state. [ 1060.273187][ T8] dvb-usb: bulk message failed: -22 (2/0) [ 1060.298252][ T8] dvb-usb: DViCO FusionHDTV DVB-T Dual USB error while loading driver (-22) [ 1060.338029][ T8] dvb_usb_cxusb 1-1:0.0: probe with driver dvb_usb_cxusb failed with error -22 [ 1060.412263][T11707] quatech2 5-1:0.0: Quatech 2nd gen USB to Serial Driver converter detected [ 1060.429893][T12904] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 1060.488589][T22983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1060.528398][T22983] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1060.562312][T22983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1060.587213][T22983] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1060.612528][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1060.626820][T12901] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 1060.634949][T11707] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1060.656182][T12904] usb 4-1: Using ep0 maxpacket: 8 [ 1060.673026][T11707] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1060.674510][T12904] usb 4-1: config index 0 descriptor too short (expected 5924, got 36) [ 1060.703813][T11707] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB2 [ 1060.721859][T12904] usb 4-1: config 250 has an invalid interface number: 228 but max is -1 [ 1060.750194][T12904] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1060.755882][T11707] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB3 [ 1060.781340][T12904] usb 4-1: config 250 has no interface number 0 [ 1060.796369][T12904] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1060.838783][T12901] usb 2-1: Using ep0 maxpacket: 8 [ 1060.846124][T12901] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 1060.857922][T12901] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 1060.862808][T11707] usb 1-1: USB disconnect, device number 23 [ 1060.876058][T12904] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1060.919210][T12901] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1060.945985][T12904] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1060.981789][T12901] usb 2-1: config 250 has no interface number 0 [ 1060.996143][T12904] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1061.016337][T12901] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1061.053520][T12904] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1061.086025][T12901] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1061.106227][T12904] usb 4-1: config 250 interface 228 has no altsetting 0 [ 1061.113534][T12901] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1061.144950][T12901] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1061.176778][T12904] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1061.185876][T12904] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1061.204796][T12901] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1061.226044][T12904] usb 4-1: Product: syz [ 1061.238658][T12904] usb 4-1: SerialNumber: syz [ 1061.243609][T12901] usb 2-1: config 250 interface 228 has no altsetting 0 [ 1061.259397][T12904] hub 4-1:250.228: bad descriptor, ignoring hub [ 1061.276457][T12904] hub 4-1:250.228: probe with driver hub failed with error -5 [ 1061.285733][T12901] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1061.296431][ T5276] usb 3-1: new low-speed USB device number 32 using dummy_hcd [ 1061.305194][T12901] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1061.323952][T12901] usb 2-1: Product: syz [ 1061.328510][T12901] usb 2-1: SerialNumber: syz [ 1061.360183][T12901] hub 2-1:250.228: bad descriptor, ignoring hub [ 1061.380565][T12901] hub 2-1:250.228: probe with driver hub failed with error -5 [ 1061.468994][T12904] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 21 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1061.482929][T23007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1061.501729][ T5276] usb 3-1: string descriptor 0 read error: -22 [ 1061.532973][T23007] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1061.534409][ T5276] usb 3-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 1061.565377][T23013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1061.596513][T12901] usblp 2-1:250.228: usblp1: USB Bidirectional printer dev 28 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1061.600957][ T5276] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1061.629445][T23013] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1061.700358][ T5276] usb 3-1: config 0 descriptor?? [ 1061.734515][ T5276] usbtest 3-1:0.0: FX2 device [ 1061.761100][ T5276] usbtest 3-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 1061.824856][T23045] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3843'. [ 1061.840586][T23045] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3843'. [ 1061.862774][T23048] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3845'. [ 1061.916309][T23048] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3845'. [ 1061.918184][T23051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1061.964884][ T944] usb 3-1: USB disconnect, device number 32 [ 1062.005546][T23052] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1062.028404][T23051] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1062.054853][T23052] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1062.256681][T12904] usb 1-1: new low-speed USB device number 24 using dummy_hcd [ 1062.326879][ T944] usb 5-1: USB disconnect, device number 18 [ 1062.352743][ T944] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1062.430427][ T944] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1062.478330][T12904] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 1062.484123][ T944] quatech-serial ttyUSB2: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB2 [ 1062.507720][T23062] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3851'. [ 1062.551205][T12904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 1062.556651][ T944] quatech-serial ttyUSB3: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB3 [ 1062.629652][ T944] quatech2 5-1:0.0: device disconnected [ 1062.631508][T12904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1062.680450][T12904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1062.736486][T12904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1062.782965][T12904] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 1062.802266][T12904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 1062.832874][T12904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1062.855789][T12904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1062.880201][T12904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1062.908024][T12904] usb 1-1: config 168 descriptor has 1 excess byte, ignoring [ 1062.928195][T12904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 is Bulk; changing to Interrupt [ 1062.973189][T12904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1063.021739][T12904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 10 [ 1063.069246][T12904] usb 1-1: config 168 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1063.121320][T12904] usb 1-1: string descriptor 0 read error: -22 [ 1063.133977][T12904] usb 1-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1063.170302][T12904] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1063.199817][T12904] adutux 1-1:168.0: ADU100 now attached to /dev/usb/adutux2 [ 1063.494303][T23078] netlink: 'syz.1.3854': attribute type 4 has an invalid length. [ 1063.522250][ T944] usb 2-1: USB disconnect, device number 28 [ 1063.622417][T23078] netlink: 'syz.1.3854': attribute type 17 has an invalid length. [ 1064.178947][T23102] fuse: Unknown parameter '0x0000000000000005' [ 1064.227095][T23102] netlink: 28 bytes leftover after parsing attributes in process `syz.1.3861'. [ 1064.798280][T12901] usb 3-1: new full-speed USB device number 33 using dummy_hcd [ 1064.988578][T12901] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 1064.996980][T12901] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1065.012435][T23043] usb 4-1: reset high-speed USB device number 21 using dummy_hcd [ 1065.025993][T12901] usb 3-1: config 0 has no interface number 0 [ 1065.032178][T12901] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 1065.046419][T12901] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1065.056425][T12901] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1065.072163][T12901] usb 3-1: config 0 interface 52 has no altsetting 0 [ 1065.108175][T12901] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 1065.123046][T12901] usb 3-1: New USB device strings: Mfr=22, Product=149, SerialNumber=35 [ 1065.147579][T12901] usb 3-1: Product: syz [ 1065.151808][T12901] usb 3-1: Manufacturer: syz [ 1065.169649][T12901] usb 3-1: SerialNumber: syz [ 1065.178971][T12901] usb 3-1: config 0 descriptor?? [ 1065.453280][T12901] synaptics_usb 3-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 1065.486989][T12901] synaptics_usb 3-1:0.52: probe with driver synaptics_usb failed with error -5 [ 1065.515225][ T944] usblp1: removed [ 1065.594547][ T8] usb 1-1: USB disconnect, device number 24 [ 1065.706390][T23118] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1065.739391][T23118] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1065.777042][T19531] usb 5-1: new low-speed USB device number 19 using dummy_hcd [ 1065.855494][T23155] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3865'. [ 1065.876999][T23155] netlink: 3 bytes leftover after parsing attributes in process `syz.3.3865'. [ 1065.907593][T23155] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1065.921479][T23155] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1065.936085][ T944] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 1065.975616][ T8] usb 3-1: USB disconnect, device number 33 [ 1066.043064][T19531] usb 5-1: string descriptor 0 read error: -22 [ 1066.054161][T19531] usb 5-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 1066.084668][T19531] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1066.116170][ T5228] Bluetooth: hci2: command tx timeout [ 1066.128407][T19531] usb 5-1: config 0 descriptor?? [ 1066.137725][T19531] usbtest 5-1:0.0: FX2 device [ 1066.142627][T19531] usbtest 5-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 1066.166492][ T944] usb 2-1: Using ep0 maxpacket: 8 [ 1066.192402][ T944] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 1066.235064][ T944] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 1066.275404][ T944] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1066.298401][ T944] usb 2-1: config 250 has no interface number 0 [ 1066.308580][ T944] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1066.343202][ T8] usb 5-1: USB disconnect, device number 19 [ 1066.388586][ T944] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1066.461714][ T944] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1066.484353][ T944] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1066.537936][ T944] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1066.583477][ T944] usb 2-1: config 250 interface 228 has no altsetting 0 [ 1066.624840][ T944] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1066.681075][ T944] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1066.702203][ T944] usb 2-1: Product: syz [ 1066.708682][ T944] usb 2-1: SerialNumber: syz [ 1066.732285][ T944] hub 2-1:250.228: bad descriptor, ignoring hub [ 1066.755278][ T944] hub 2-1:250.228: probe with driver hub failed with error -5 [ 1066.948983][T23122] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1066.963280][ T944] usblp 2-1:250.228: usblp1: USB Bidirectional printer dev 29 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1067.008904][T23122] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1067.155755][T23183] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3866'. [ 1067.166849][T23183] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3866'. [ 1067.190012][T23183] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1067.203375][T23183] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1067.720907][T23201] FAULT_INJECTION: forcing a failure. [ 1067.720907][T23201] name failslab, interval 1, probability 0, space 0, times 0 [ 1067.735025][T23201] CPU: 1 UID: 0 PID: 23201 Comm: syz.2.3878 Not tainted 6.11.0-rc2-syzkaller-00013-gd4560686726f #0 [ 1067.746015][T23201] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1067.756095][T23201] Call Trace: [ 1067.759398][T23201] [ 1067.762335][T23201] dump_stack_lvl+0x241/0x360 [ 1067.767303][T23201] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1067.772560][T23201] ? __pfx__printk+0x10/0x10 [ 1067.777192][T23201] ? __kmalloc_cache_noprof+0x44/0x2c0 [ 1067.782690][T23201] ? __pfx___might_resched+0x10/0x10 [ 1067.788012][T23201] should_fail_ex+0x3b0/0x4e0 [ 1067.792720][T23201] should_failslab+0xac/0x100 [ 1067.797613][T23201] ? sctp_association_new+0x8a/0x23f0 [ 1067.803026][T23201] __kmalloc_cache_noprof+0x6c/0x2c0 [ 1067.808347][T23201] sctp_association_new+0x8a/0x23f0 [ 1067.813668][T23201] ? sctp_has_association+0x1d4/0x1f0 [ 1067.819071][T23201] ? sctp_has_association+0x2f/0x1f0 [ 1067.824360][T23201] sctp_connect_new_asoc+0x2d8/0x6c0 [ 1067.829657][T23201] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 1067.832228][T23206] netlink: 'syz.0.3880': attribute type 2 has an invalid length. [ 1067.835565][T23201] ? sctp_sendmsg+0xbb9/0x3520 [ 1067.848262][T23201] ? bpf_lsm_sctp_bind_connect+0x9/0x10 [ 1067.853915][T23201] ? security_sctp_bind_connect+0x90/0xb0 [ 1067.859716][T23201] sctp_sendmsg+0x219a/0x3520 [ 1067.864490][T23201] ? __pfx_sctp_sendmsg+0x10/0x10 [ 1067.869536][T23201] ? __pfx_aa_sk_perm+0x10/0x10 [ 1067.874392][T23201] ? inet_sendmsg+0x330/0x390 [ 1067.879073][T23201] ? bpf_lsm_socket_sendmsg+0x9/0x10 [ 1067.884366][T23201] ? security_socket_sendmsg+0x87/0xb0 [ 1067.889848][T23201] __sock_sendmsg+0x1a6/0x270 [ 1067.894574][T23201] ____sys_sendmsg+0x525/0x7d0 [ 1067.899380][T23201] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1067.904795][T23201] __sys_sendmmsg+0x3b2/0x740 [ 1067.909510][T23201] ? __pfx___sys_sendmmsg+0x10/0x10 [ 1067.914776][T23201] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 1067.920703][T23201] ? ksys_write+0x23e/0x2c0 [ 1067.925238][T23201] ? __pfx_lock_release+0x10/0x10 [ 1067.930304][T23201] ? vfs_write+0x7c4/0xc90 [ 1067.934755][T23201] ? __mutex_unlock_slowpath+0x21d/0x750 [ 1067.940418][T23201] ? __pfx_vfs_write+0x10/0x10 [ 1067.945226][T23201] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1067.951233][T23201] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1067.957682][T23201] ? do_syscall_64+0x100/0x230 [ 1067.962498][T23201] __x64_sys_sendmmsg+0xa0/0xb0 [ 1067.967373][T23201] do_syscall_64+0xf3/0x230 [ 1067.971900][T23201] ? clear_bhb_loop+0x35/0x90 [ 1067.976576][T23201] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1067.982471][T23201] RIP: 0033:0x7fb0e49779f9 [ 1067.986884][T23201] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 1068.006508][T23201] RSP: 002b:00007fb0e5771038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 1068.014911][T23201] RAX: ffffffffffffffda RBX: 00007fb0e4b05f80 RCX: 00007fb0e49779f9 [ 1068.022878][T23201] RDX: 0000000000000002 RSI: 0000000020000e40 RDI: 0000000000000003 [ 1068.030856][T23201] RBP: 00007fb0e5771090 R08: 0000000000000000 R09: 0000000000000000 [ 1068.038861][T23201] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1068.046940][T23201] R13: 0000000000000000 R14: 00007fb0e4b05f80 R15: 00007fb0e4c2fa38 [ 1068.054952][T23201] [ 1068.150273][T23210] netlink: 'syz.2.3883': attribute type 11 has an invalid length. [ 1068.246563][T19531] usb 4-1: reset high-speed USB device number 21 using dummy_hcd [ 1068.255298][T19531] usb 4-1: device reset changed ep0 maxpacket size! [ 1068.293563][T19531] usb 4-1: USB disconnect, device number 21 [ 1068.342954][T19531] usblp0: removed [ 1068.388361][T23218] xt_time: invalid argument - start or stop time greater than 23:59:59 [ 1068.576349][T12901] usb 2-1: USB disconnect, device number 29 [ 1068.584654][T12901] usblp1: removed [ 1068.716517][T19531] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 1068.906013][T19531] usb 4-1: Using ep0 maxpacket: 16 [ 1068.928646][T12901] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 1068.937129][T19531] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1068.951861][T19531] usb 4-1: New USB device found, idVendor=1b96, idProduct=000c, bcdDevice= 0.00 [ 1068.968451][T19531] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1068.988662][T19531] usb 4-1: config 0 descriptor?? [ 1069.126037][T12901] usb 1-1: Using ep0 maxpacket: 8 [ 1069.150627][T12901] usb 1-1: config index 0 descriptor too short (expected 5924, got 36) [ 1069.172962][T12901] usb 1-1: config 250 has an invalid interface number: 228 but max is -1 [ 1069.200014][T12901] usb 1-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1069.209545][T12901] usb 1-1: config 250 has no interface number 0 [ 1069.226263][T12901] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1069.243052][T12901] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1069.256155][T12901] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1069.312036][T12901] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1069.354446][T12901] usb 1-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1069.364474][T23233] netlink: 'syz.3.3879': attribute type 11 has an invalid length. [ 1069.410693][T12901] usb 1-1: config 250 interface 228 has no altsetting 0 [ 1069.424791][T12901] usb 1-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1069.435119][T12901] usb 1-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1069.452431][T12901] usb 1-1: Product: syz [ 1069.457031][T12901] usb 1-1: SerialNumber: syz [ 1069.467780][T23233] netlink: 'syz.3.3879': attribute type 11 has an invalid length. [ 1069.486089][T19531] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 1069.494213][T12901] hub 1-1:250.228: bad descriptor, ignoring hub [ 1069.506393][T12901] hub 1-1:250.228: probe with driver hub failed with error -5 [ 1069.585224][T23240] netlink: 20 bytes leftover after parsing attributes in process `syz.4.3891'. [ 1069.696180][T23229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1069.705104][T12901] usblp 1-1:250.228: usblp0: USB Bidirectional printer dev 25 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1069.726320][T19531] usb 3-1: Using ep0 maxpacket: 16 [ 1069.726623][T23229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1069.767062][T19531] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1069.792210][T19531] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1069.842959][T19531] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1069.873190][T19531] usb 3-1: Product: syz [ 1069.895544][T19531] usb 3-1: Manufacturer: syz [ 1069.913997][T19531] usb 3-1: SerialNumber: syz [ 1069.939280][T23249] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3889'. [ 1069.965592][T23249] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3889'. [ 1069.996560][T23249] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1070.019427][T19531] usb 3-1: config 0 descriptor?? [ 1070.029155][T23249] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1070.058939][T19531] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1070.079494][T19531] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 1070.395246][ T8] usb 4-1: USB disconnect, device number 22 [ 1070.682479][T19531] em28xx 3-1:0.0: unknown em28xx chip ID (161) [ 1070.769316][T13001] netdevsim netdevsim1 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1070.816290][T11707] usb 5-1: new low-speed USB device number 20 using dummy_hcd [ 1071.017843][T13001] netdevsim netdevsim1 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.061496][T11707] usb 5-1: string descriptor 0 read error: -22 [ 1071.105108][T11707] usb 5-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 1071.165191][T11707] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1071.207116][T19531] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1071.220071][T11707] usb 5-1: config 0 descriptor?? [ 1071.246691][T19531] em28xx 3-1:0.0: board has no eeprom [ 1071.263646][T11707] usbtest 5-1:0.0: FX2 device [ 1071.290634][T11707] usbtest 5-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 1071.336461][T19531] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1071.355044][T19531] em28xx 3-1:0.0: dvb set to bulk mode. [ 1071.386479][T12846] em28xx 3-1:0.0: Binding DVB extension [ 1071.413849][T19531] usb 3-1: USB disconnect, device number 34 [ 1071.428320][T13001] netdevsim netdevsim1 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.447809][T19531] em28xx 3-1:0.0: Disconnecting em28xx [ 1071.499151][T12904] usb 5-1: USB disconnect, device number 20 [ 1071.667782][T12846] em28xx 3-1:0.0: Registering input extension [ 1071.695392][T19531] em28xx 3-1:0.0: Closing input extension [ 1071.700355][T13001] netdevsim netdevsim1 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1071.803490][T23266] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 1071.867195][T19531] em28xx 3-1:0.0: Freeing device [ 1071.868521][T23268] netlink: 'syz.3.3901': attribute type 1 has an invalid length. [ 1071.872977][T12901] usb 1-1: USB disconnect, device number 25 [ 1071.939620][T12901] usblp0: removed [ 1072.028241][T16300] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 1072.042543][T16300] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 1072.051886][T16300] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 1072.086308][T16300] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 1072.096337][T16300] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 1072.106391][T16300] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 1072.423906][T13001] bridge_slave_1: left allmulticast mode [ 1072.451241][T13001] bridge_slave_1: left promiscuous mode [ 1072.465839][T13001] bridge0: port 2(bridge_slave_1) entered disabled state [ 1072.490152][T13001] bridge_slave_0: left allmulticast mode [ 1072.507546][T13001] bridge_slave_0: left promiscuous mode [ 1072.529392][T13001] bridge0: port 1(bridge_slave_0) entered disabled state [ 1072.907866][T12846] usb 1-1: new full-speed USB device number 26 using dummy_hcd [ 1072.945705][T19531] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 1073.126116][T12846] usb 1-1: not running at top speed; connect to a high speed hub [ 1073.135373][T12846] usb 1-1: config 1 interface 0 altsetting 63 endpoint 0x81 has invalid maxpacket 927, setting to 64 [ 1073.149548][T19531] usb 4-1: Using ep0 maxpacket: 16 [ 1073.172577][T12846] usb 1-1: config 1 interface 0 has no altsetting 0 [ 1073.190413][T19531] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 1073.205363][T19531] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1073.221816][T12846] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.40 [ 1073.235303][T19531] usb 4-1: Product: syz [ 1073.244023][T12846] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1073.253148][T19531] usb 4-1: Manufacturer: syz [ 1073.258237][T19531] usb 4-1: SerialNumber: syz [ 1073.263192][T12846] usb 1-1: Product: syz [ 1073.270922][T12846] usb 1-1: Manufacturer: ᐌ [ 1073.275877][T12846] usb 1-1: SerialNumber: syz [ 1073.283793][T19531] r8152-cfgselector 4-1: Unknown version 0x0000 [ 1073.292109][T23300] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 1073.303649][T19531] r8152-cfgselector 4-1: config 0 descriptor?? [ 1073.541507][T13001] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1073.559901][ T361] tipc: Subscription rejected, illegal request [ 1073.572991][T13001] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1073.590013][T13001] bond0 (unregistering): Released all slaves [ 1073.806742][T12846] usbhid 1-1:1.0: can't add hid device: -71 [ 1073.812833][T12846] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 1073.866453][T12846] usb 1-1: USB disconnect, device number 26 [ 1073.961233][ T8] r8152-cfgselector 4-1: USB disconnect, device number 23 [ 1074.166627][ T46] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 1074.200304][T16300] Bluetooth: hci1: command tx timeout [ 1074.213671][T13001] hsr_slave_0: left promiscuous mode [ 1074.229769][T13001] hsr_slave_1: left promiscuous mode [ 1074.236783][T13001] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1074.253762][T13001] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1074.262869][T13001] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1074.277236][T13001] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1074.344903][T13001] veth1_macvtap: left promiscuous mode [ 1074.353102][T13001] veth0_macvtap: left promiscuous mode [ 1074.359135][T13001] veth1_vlan: left promiscuous mode [ 1074.364483][T13001] veth0_vlan: left promiscuous mode [ 1074.396028][ T46] usb 3-1: Using ep0 maxpacket: 8 [ 1074.413387][ T46] usb 3-1: config index 0 descriptor too short (expected 5924, got 36) [ 1074.447626][ T46] usb 3-1: config 250 has an invalid interface number: 228 but max is -1 [ 1074.495635][ T46] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1074.522613][ T46] usb 3-1: config 250 has no interface number 0 [ 1074.546699][ T46] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1074.593054][ T46] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1074.636062][ T46] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1074.676811][ T46] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1074.713578][ T46] usb 3-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1074.745244][ T46] usb 3-1: config 250 interface 228 has no altsetting 0 [ 1074.761948][ T46] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1074.771430][ T46] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1074.805103][ T46] usb 3-1: Product: syz [ 1074.832623][ T46] usb 3-1: SerialNumber: syz [ 1074.864158][ T46] hub 3-1:250.228: bad descriptor, ignoring hub [ 1074.904363][ T46] hub 3-1:250.228: probe with driver hub failed with error -5 [ 1075.070309][T23328] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1075.091219][ T46] usblp 3-1:250.228: usblp0: USB Bidirectional printer dev 35 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1075.111735][T23328] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1075.357388][T23359] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1075.388722][T23359] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1076.154611][T13001] team0 (unregistering): Port device team_slave_1 removed [ 1076.263524][T13001] team0 (unregistering): Port device team_slave_0 removed [ 1076.276353][T16300] Bluetooth: hci1: command tx timeout [ 1076.488888][T12846] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 1076.689782][T12846] usb 4-1: New USB device found, idVendor=1d50, idProduct=6089, bcdDevice=d0.1d [ 1076.712153][T12846] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1076.741899][T12846] usb 4-1: config 0 descriptor?? [ 1076.967084][T23364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1076.978667][T23364] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1076.988807][T23364] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3918'. [ 1076.999332][T23364] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3918'. [ 1077.196366][T23281] chnl_net:caif_netlink_parms(): no params data found [ 1077.218539][T23345] bridge0: port 3(gretap0) entered blocking state [ 1077.225217][T23345] bridge0: port 3(gretap0) entered disabled state [ 1077.243353][T23345] gretap0: entered allmulticast mode [ 1077.269194][T23345] gretap0: entered promiscuous mode [ 1077.278402][T23345] bridge0: port 3(gretap0) entered blocking state [ 1077.284939][T23345] bridge0: port 3(gretap0) entered forwarding state [ 1077.322942][T23352] netlink: 40 bytes leftover after parsing attributes in process `syz.4.3915'. [ 1077.340782][T23358] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3912'. [ 1077.365443][T23358] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3912'. [ 1077.599472][ T5276] usb 3-1: USB disconnect, device number 35 [ 1077.652004][ T5276] usblp0: removed [ 1077.796566][T12846] hackrf 4-1:0.0: usb_control_msg() failed -110 request 0e [ 1077.814713][T12846] hackrf 4-1:0.0: Could not detect board [ 1077.821531][T12846] hackrf 4-1:0.0: probe with driver hackrf failed with error -110 [ 1078.102263][T23281] bridge0: port 1(bridge_slave_0) entered blocking state [ 1078.123229][T23281] bridge0: port 1(bridge_slave_0) entered disabled state [ 1078.186667][T23281] bridge_slave_0: entered allmulticast mode [ 1078.199464][T23281] bridge_slave_0: entered promiscuous mode [ 1078.208665][T23376] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3921'. [ 1078.223334][T23281] bridge0: port 2(bridge_slave_1) entered blocking state [ 1078.257880][T23281] bridge0: port 2(bridge_slave_1) entered disabled state [ 1078.302403][T23281] bridge_slave_1: entered allmulticast mode [ 1078.339793][T23281] bridge_slave_1: entered promiscuous mode [ 1078.358430][T16300] Bluetooth: hci1: command tx timeout [ 1078.366441][T11707] usb 3-1: new low-speed USB device number 36 using dummy_hcd [ 1078.483329][T23281] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1078.538525][T23281] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1078.703295][T11707] usb 3-1: string descriptor 0 read error: -22 [ 1078.723356][T11707] usb 3-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 1078.772053][T11707] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1078.776415][T23281] team0: Port device team_slave_0 added [ 1078.831129][T11707] usb 3-1: config 0 descriptor?? [ 1078.839756][T23281] team0: Port device team_slave_1 added [ 1078.856330][ T5276] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 1078.881129][T11707] usbtest 3-1:0.0: FX2 device [ 1078.904813][T11707] usbtest 3-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 1079.063490][T23281] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1079.089500][T23281] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1079.125719][T23281] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1079.153512][T19531] usb 3-1: USB disconnect, device number 36 [ 1079.179700][T23281] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1079.200871][T23281] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 1079.323400][T23281] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1079.383283][T12901] usb 4-1: USB disconnect, device number 24 [ 1079.576133][T19531] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 1079.635760][T23417] netlink: 40 bytes leftover after parsing attributes in process `syz.3.3928'. [ 1079.689278][T23281] hsr_slave_0: entered promiscuous mode [ 1079.696118][T23281] hsr_slave_1: entered promiscuous mode [ 1079.704742][T23281] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 1079.747317][T23281] Cannot create hsr debugfs directory [ 1079.786054][T19531] usb 5-1: Using ep0 maxpacket: 16 [ 1079.797278][T19531] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1079.807196][T19531] usb 5-1: New USB device found, idVendor=1b1c, idProduct=1b02, bcdDevice= 0.00 [ 1079.826301][T19531] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1079.839729][T23418] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1079.882753][T23418] team0: Port device batadv0 added [ 1079.885161][T19531] usb 5-1: config 0 descriptor?? [ 1079.907734][T19531] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1080.436480][T16300] Bluetooth: hci1: command tx timeout [ 1080.624847][T23424] netlink: 56 bytes leftover after parsing attributes in process `syz.0.3929'. [ 1080.796085][T19531] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 1080.926527][T23436] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 1081.006036][T19531] usb 4-1: Using ep0 maxpacket: 8 [ 1081.018779][T19531] usb 4-1: config index 0 descriptor too short (expected 5924, got 36) [ 1081.034664][T19531] usb 4-1: config 250 has an invalid interface number: 228 but max is -1 [ 1081.086491][T19531] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1081.097719][T19531] usb 4-1: config 250 has no interface number 0 [ 1081.104219][T19531] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1081.128449][T19531] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1081.146056][T19531] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1081.161138][T19531] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1081.179785][T19531] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1081.214210][T19531] usb 4-1: config 250 interface 228 has no altsetting 0 [ 1081.230684][T19531] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1081.251134][T19531] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1081.276984][T19531] usb 4-1: Product: syz [ 1081.281201][T19531] usb 4-1: SerialNumber: syz [ 1081.316532][T19531] hub 4-1:250.228: bad descriptor, ignoring hub [ 1081.333938][T19531] hub 4-1:250.228: probe with driver hub failed with error -5 [ 1081.448820][T23281] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 1081.468371][T23281] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 1081.478434][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 1081.489936][T23281] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 1081.501433][T23455] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3935'. [ 1081.512708][T23455] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3935'. [ 1081.515457][T23281] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 1081.534293][T23426] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1081.547962][T19531] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 25 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1081.557871][T23426] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1081.737741][T23458] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1081.758230][T23458] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1081.875100][T23281] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1081.961441][T23281] 8021q: adding VLAN 0 to HW filter on device team0 [ 1082.001579][T12901] bridge0: port 1(bridge_slave_0) entered blocking state [ 1082.008886][T12901] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1082.062597][T12846] bridge0: port 2(bridge_slave_1) entered blocking state [ 1082.069843][T12846] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1082.226442][ T46] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1082.278178][T23281] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1082.322022][T19531] usb 5-1: USB disconnect, device number 21 [ 1082.426674][ T46] usb 3-1: Using ep0 maxpacket: 32 [ 1082.438311][ T46] usb 3-1: config 0 has no interfaces? [ 1082.451002][T23476] __nla_validate_parse: 2 callbacks suppressed [ 1082.451024][T23476] netlink: 40 bytes leftover after parsing attributes in process `syz.0.3939'. [ 1082.487244][ T46] usb 3-1: New USB device found, idVendor=1b96, idProduct=000a, bcdDevice= 0.00 [ 1082.510729][ T46] usb 3-1: New USB device strings: Mfr=0, Product=59, SerialNumber=0 [ 1082.548248][ T46] usb 3-1: Product: syz [ 1082.572631][T23281] veth0_vlan: entered promiscuous mode [ 1082.590811][ T46] usb 3-1: config 0 descriptor?? [ 1082.665752][T23281] veth1_vlan: entered promiscuous mode [ 1082.759894][T23281] veth0_macvtap: entered promiscuous mode [ 1082.809914][T23281] veth1_macvtap: entered promiscuous mode [ 1082.905064][T23281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1082.945605][T12901] usb 3-1: USB disconnect, device number 37 [ 1082.956153][ T46] usb 5-1: new low-speed USB device number 22 using dummy_hcd [ 1082.990702][T23281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1083.061731][T23281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1083.116005][T23281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1083.175550][T23281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1083.180913][ T46] usb 5-1: string descriptor 0 read error: -22 [ 1083.199011][T23281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1083.249235][ T46] usb 5-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 1083.259398][T23281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1083.323386][T23281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1083.339883][ T46] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1083.377245][T23281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 1083.422622][ T46] usb 5-1: config 0 descriptor?? [ 1083.432922][T23281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1083.448948][T23281] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1083.464796][ T46] usbtest 5-1:0.0: FX2 device [ 1083.480582][ T46] usbtest 5-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 1083.508737][T23281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1083.535484][T23281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1083.551933][T23281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1083.586236][T23281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1083.630942][T23281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1083.647139][ T46] usb 4-1: USB disconnect, device number 25 [ 1083.670923][T23281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1083.682043][ T46] usblp0: removed [ 1083.682710][T23281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1083.701670][T23281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1083.719666][T23281] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 1083.741353][T23281] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 1083.774220][ T5276] usb 5-1: USB disconnect, device number 22 [ 1083.775091][T23281] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1083.812787][T23281] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1083.840937][T23281] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1083.893007][T23281] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1083.942533][T23281] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1083.993032][T23496] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3942'. [ 1084.253979][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1084.301980][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1084.426248][ T4579] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1084.452267][ T4579] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1084.836289][ T5276] usb 3-1: new high-speed USB device number 38 using dummy_hcd [ 1084.946713][T19531] usb 2-1: new high-speed USB device number 30 using dummy_hcd [ 1085.041347][ T5276] usb 3-1: Using ep0 maxpacket: 8 [ 1085.074557][ T5276] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 1085.138057][ T5276] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1085.146071][T19531] usb 2-1: Using ep0 maxpacket: 8 [ 1085.177796][T19531] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 1085.200475][T19531] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 1085.201052][ T5276] usb 3-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1085.222465][T19531] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1085.246613][T19531] usb 2-1: config 250 has no interface number 0 [ 1085.268941][T19531] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1085.295749][ T5276] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 1085.299841][T19531] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1085.323856][T19531] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1085.341504][T19531] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1085.342652][ T5276] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1085.352618][T19531] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1085.376200][T19531] usb 2-1: config 250 interface 228 has no altsetting 0 [ 1085.384784][T19531] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1085.394102][T19531] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1085.397283][ T5276] usb 3-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1085.414384][T19531] usb 2-1: Product: syz [ 1085.432426][T19531] usb 2-1: SerialNumber: syz [ 1085.478241][ T5276] usb 3-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 1085.478902][T19531] hub 2-1:250.228: bad descriptor, ignoring hub [ 1085.504651][ T5276] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 1085.509566][T19531] hub 2-1:250.228: probe with driver hub failed with error -5 [ 1085.531383][ T5276] usb 3-1: config 168 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1085.560605][ T5276] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 1085.575352][ T5276] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1085.586452][ T5276] usb 3-1: Product: syz [ 1085.609765][ T5276] usb 3-1: Manufacturer: syz [ 1085.620590][ T5276] usb 3-1: SerialNumber: syz [ 1085.685128][T23513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1085.699998][T19531] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 30 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1085.720612][T23513] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1085.869918][T23508] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1085.934775][T23508] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1085.974095][T23539] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3899'. [ 1085.993477][T23539] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3899'. [ 1086.030014][T23539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1086.040220][T23539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1086.270665][ T5276] adutux 3-1:168.0: interrupt endpoints not found [ 1086.337818][ T5276] usb 3-1: USB disconnect, device number 38 [ 1086.376019][T11707] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 1086.376093][T19531] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 1086.597851][T11707] usb 4-1: device descriptor read/64, error -71 [ 1086.599485][T19531] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 1086.709314][T19531] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 1086.731463][T19531] usb 1-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 1086.758487][T19531] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1086.896177][T11707] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 1087.076385][T11707] usb 4-1: device descriptor read/64, error -71 [ 1087.077663][T23545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3950'. [ 1087.116194][T23545] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3950'. [ 1087.206314][T11707] usb usb4-port1: attempt power cycle [ 1087.277943][T12901] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 1087.381204][T19531] usb 1-1: string descriptor 0 read error: -71 [ 1087.407890][T19531] usb 1-1: USB disconnect, device number 28 [ 1087.466038][T12901] usb 3-1: Using ep0 maxpacket: 8 [ 1087.473611][T12901] usb 3-1: config index 0 descriptor too short (expected 5924, got 36) [ 1087.507764][T12901] usb 3-1: config 250 has an invalid interface number: 228 but max is -1 [ 1087.553993][T12901] usb 3-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1087.594853][T12901] usb 3-1: config 250 has no interface number 0 [ 1087.621970][T12901] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1087.637830][T11707] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 1087.686021][T12901] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1087.706798][T11707] usb 4-1: device descriptor read/8, error -71 [ 1087.750114][T12901] usb 3-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1087.774049][T12901] usb 3-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1087.789540][T12901] usb 3-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1087.821710][T12901] usb 3-1: config 250 interface 228 has no altsetting 0 [ 1087.864862][T12901] usb 3-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1087.884342][T12901] usb 3-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1087.910033][ T5276] usb 2-1: USB disconnect, device number 30 [ 1087.926804][T12901] usb 3-1: Product: syz [ 1087.938514][T12901] usb 3-1: SerialNumber: syz [ 1087.953631][ T5276] usblp0: removed [ 1087.972456][T12901] hub 3-1:250.228: bad descriptor, ignoring hub [ 1087.992646][T12901] hub 3-1:250.228: probe with driver hub failed with error -5 [ 1088.006168][T11707] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 1088.081849][T11707] usb 4-1: device descriptor read/8, error -71 [ 1088.199635][T23559] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1088.219316][T12901] usblp 3-1:250.228: usblp0: USB Bidirectional printer dev 39 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1088.227085][T11707] usb usb4-port1: unable to enumerate USB device [ 1088.251345][T23559] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1088.428051][T23585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3951'. [ 1088.449904][T23585] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3951'. [ 1088.472440][T23585] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1088.547457][T23585] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1089.058249][T23606] xt_l2tp: invalid flags combination: 0 [ 1089.666145][T19531] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 1089.886009][T19531] usb 1-1: Using ep0 maxpacket: 8 [ 1089.901912][T19531] usb 1-1: config index 0 descriptor too short (expected 5924, got 36) [ 1089.914062][T19531] usb 1-1: config 250 has an invalid interface number: 228 but max is -1 [ 1089.940411][T19531] usb 1-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1089.953275][T19531] usb 1-1: config 250 has no interface number 0 [ 1089.966213][T19531] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1089.979729][T19531] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1089.992309][T19531] usb 1-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1090.007620][T19531] usb 1-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1090.022578][T19531] usb 1-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1090.042648][T19531] usb 1-1: config 250 interface 228 has no altsetting 0 [ 1090.072491][T19531] usb 1-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1090.124280][T19531] usb 1-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1090.143256][T19531] usb 1-1: Product: syz [ 1090.153317][T19531] usb 1-1: SerialNumber: syz [ 1090.171524][T19531] hub 1-1:250.228: bad descriptor, ignoring hub [ 1090.203923][T19531] hub 1-1:250.228: probe with driver hub failed with error -5 [ 1090.222366][ T5276] usb 3-1: USB disconnect, device number 39 [ 1090.244290][T23635] (unnamed net_device) (uninitialized): option packets_per_slave: mode dependency failed, not supported in mode balance-alb(6) [ 1090.264437][ T5276] usblp0: removed [ 1090.388665][T23617] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1090.395014][T19531] usblp 1-1:250.228: usblp0: USB Bidirectional printer dev 29 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1090.426674][T23617] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1090.583444][T23643] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3962'. [ 1090.606699][T23643] netlink: 3 bytes leftover after parsing attributes in process `syz.0.3962'. [ 1090.631696][T23643] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1090.656689][T23643] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1092.157788][T23663] netlink: 'syz.1.3973': attribute type 1 has an invalid length. [ 1092.197485][T23663] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3973'. [ 1092.306053][ T8] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 1092.516474][ T8] usb 5-1: Using ep0 maxpacket: 16 [ 1092.536986][ T8] usb 5-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1092.566045][ T8] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1092.588128][ T8] usb 5-1: Product: syz [ 1092.616050][ T8] usb 5-1: Manufacturer: syz [ 1092.620725][ T8] usb 5-1: SerialNumber: syz [ 1092.647818][ T8] usb 5-1: config 0 descriptor?? [ 1092.657948][ T8] visor 5-1:0.0: Sony Clie 3.5 converter detected [ 1092.756853][ T5276] usb 1-1: reset high-speed USB device number 29 using dummy_hcd [ 1092.766369][ T5276] usb 1-1: device reset changed ep0 maxpacket size! [ 1092.782003][ T5276] usb 1-1: USB disconnect, device number 29 [ 1092.809454][ T5276] usblp0: removed [ 1093.067569][ T8] usb 5-1: clie_3_5_startup: get interface number bad return length: 0 [ 1093.085163][ T8] visor 5-1:0.0: probe with driver visor failed with error -5 [ 1093.187298][ T5276] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 1093.274750][ T8] usb 5-1: USB disconnect, device number 23 [ 1093.286520][T12901] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1093.398498][ T5276] usb 1-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 1093.425981][ T5276] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1093.448275][ T5276] usb 1-1: config 0 descriptor?? [ 1093.497876][T12901] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1093.514360][T12901] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1093.530273][T12901] usb 4-1: New USB device found, idVendor=0d8c, idProduct=0022, bcdDevice= 0.00 [ 1093.545700][T12901] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1093.574209][T12901] usb 4-1: config 0 descriptor?? [ 1093.747799][T23685] netlink: 'syz.2.3980': attribute type 21 has an invalid length. [ 1093.771302][T23685] netlink: 128 bytes leftover after parsing attributes in process `syz.2.3980'. [ 1093.787441][T23685] netlink: 'syz.2.3980': attribute type 4 has an invalid length. [ 1093.799766][T23674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1093.823396][T23684] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3980'. [ 1093.836766][T23674] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1093.849398][T23685] netlink: 3 bytes leftover after parsing attributes in process `syz.2.3980'. [ 1093.871335][T23686] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3980'. [ 1093.927676][ T5276] [drm] vendor descriptor length:b9 data:00 00 00 00 00 00 00 00 00 00 00 [ 1093.953515][ T5276] [drm:udl_init] *ERROR* Unrecognized vendor firmware descriptor [ 1093.977163][ T5276] [drm:udl_init] *ERROR* Selecting channel failed [ 1094.002540][ T5276] [drm] Initialized udl 0.0.1 for 1-1:0.0 on minor 2 [ 1094.014683][ T5276] [drm] Initialized udl on minor 2 [ 1094.026802][ T5276] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1094.050801][ T5276] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 1094.067902][ T8] udl 1-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 1094.068430][T12901] cm6533_jd 0003:0D8C:0022.0044: unknown main item tag 0x0 [ 1094.100612][ T5276] usb 1-1: USB disconnect, device number 30 [ 1094.115435][ T8] udl 1-1:0.0: [drm] Cannot find any crtc or sizes [ 1094.123077][T12901] cm6533_jd 0003:0D8C:0022.0044: unknown main item tag 0x0 [ 1094.158105][T12901] input: HID 0d8c:0022 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0D8C:0022.0044/input/input59 [ 1094.203865][T12901] cm6533_jd 0003:0D8C:0022.0044: input,hiddev0,hidraw0: USB HID v0.00 Device [HID 0d8c:0022] on usb-dummy_hcd.3-1/input0 [ 1094.269332][T23674] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1094.287842][T23674] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1094.476181][T23702] syz.4.3983 (23702): attempted to duplicate a private mapping with mremap. This is not supported. [ 1094.522556][T16300] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 1094.668040][ T8] usb 3-1: new low-speed USB device number 40 using dummy_hcd [ 1094.907031][ T8] usb 3-1: string descriptor 0 read error: -22 [ 1094.923327][ T8] usb 3-1: New USB device found, idVendor=04b4, idProduct=8613, bcdDevice=95.8f [ 1094.935392][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1094.965342][ T8] usb 3-1: config 0 descriptor?? [ 1094.975341][ T8] usbtest 3-1:0.0: FX2 device [ 1094.980747][ T8] usbtest 3-1:0.0: low-speed {control intr-in intr-out} tests (+alt) [ 1094.988982][ T46] usb 2-1: new high-speed USB device number 31 using dummy_hcd [ 1095.187124][ T8] usb 3-1: USB disconnect, device number 40 [ 1095.196884][ T46] usb 2-1: Using ep0 maxpacket: 8 [ 1095.236162][ T46] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 1095.244537][ T46] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 1095.284491][ T46] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 1095.304056][ T46] usb 2-1: config 250 has no interface number 0 [ 1095.314644][ T46] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 1095.345368][ T46] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 1095.384051][ T46] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1095.404268][ T46] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 1095.415771][ T46] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 1095.436020][T12901] usb 4-1: reset high-speed USB device number 30 using dummy_hcd [ 1095.454395][ T46] usb 2-1: config 250 interface 228 has no altsetting 0 [ 1095.480364][ T46] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 1095.498405][ T46] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 1095.508139][ T46] usb 2-1: Product: syz [ 1095.514070][ T46] usb 2-1: SerialNumber: syz [ 1095.533690][ T46] hub 2-1:250.228: bad descriptor, ignoring hub [ 1095.540892][ T46] hub 2-1:250.228: probe with driver hub failed with error -5 [ 1095.748601][ T46] usblp 2-1:250.228: usblp1: USB Bidirectional printer dev 31 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 1095.756231][T23707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1095.781959][T23707] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1095.994000][T23721] netlink: 8 bytes leftover after parsing attributes in process `syz.1.3987'. [ 1096.006816][T23721] netlink: 3 bytes leftover after parsing attributes in process `syz.1.3987'. [ 1096.050180][T23721] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1096.092777][T23721] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1096.182151][T23725] macsec0: entered promiscuous mode [ 1096.356877][T16300] Bluetooth: hci2: command tx timeout [ 1096.396047][ T46] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 1096.588120][ T46] usb 1-1: Using ep0 maxpacket: 8 [ 1096.602298][ T46] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 1096.633006][ T46] usb 1-1: New USB device found, idVendor=046a, idProduct=0027, bcdDevice= 0.00 [ 1096.644516][ T46] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1096.692922][ T46] usb 1-1: config 0 descriptor?? [ 1096.721442][ T46] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 1096.908339][T12846] usb 4-1: USB disconnect, device number 30 [ 1097.576020][T12846] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1097.703809][T23756] netlink: 12 bytes leftover after parsing attributes in process `syz.2.4005'. [ 1097.756098][T12846] usb 4-1: Using ep0 maxpacket: 32 [ 1097.802182][ T46] usb 2-1: USB disconnect, device number 31 [ 1097.815336][T12846] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 1097.835480][ T46] usblp1: removed [ 1097.845139][T12846] usb 4-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 1097.866205][T12846] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1097.875141][T12846] usb 4-1: Product: syz [ 1097.888556][T16300] Bluetooth: hci0: command 0x0406 tx timeout [ 1097.907978][T12846] usb 4-1: Manufacturer: syz [ 1097.912835][T12846] usb 4-1: SerialNumber: syz [ 1097.926860][T12846] usb 4-1: config 0 descriptor?? [ 1097.935274][T23752] raw-gadget.1 gadget.3: fail, usb_ep_enable returned -22 [ 1097.946616][T12846] hub 4-1:0.0: bad descriptor, ignoring hub [ 1097.959442][T12846] hub 4-1:0.0: probe with driver hub failed with error -5 [ 1097.975091][T12846] input: syz syz as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input60 [ 1098.173121][T23752] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1098.226390][T23752] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1098.245790][T23766] netlink: 4 bytes leftover after parsing attributes in process `syz.4.4007'. [ 1098.291510][ C1] ------------[ cut here ]------------ [ 1098.297845][ C1] WARNING: CPU: 1 PID: 13001 at kernel/kcov.c:871 kcov_remote_start+0x5a2/0x7e0 [ 1098.306934][ C1] Modules linked in: [ 1098.310877][ C1] CPU: 1 UID: 0 PID: 13001 Comm: kworker/u8:6 Not tainted 6.11.0-rc2-syzkaller-00013-gd4560686726f #0 [ 1098.321852][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1098.331948][ C1] Workqueue: events_unbound cfg80211_wiphy_work SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 1098.338256][ C1] RIP: 0010:kcov_remote_start+0x5a2/0x7e0 [ 1098.344125][ C1] Code: 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 0f 85 a6 01 00 00 41 f7 c6 00 02 00 00 0f 84 93 fa ff ff fb e9 8d fa ff ff 90 <0f> 0b 90 e8 f6 61 22 0a 89 c0 48 c7 c7 c8 d4 02 00 48 03 3c c5 40 [ 1098.363779][ C1] RSP: 0018:ffffc90000a17370 EFLAGS: 00010002 [ 1098.369901][ C1] RAX: 0000000080010303 RBX: ffff88801c36bc00 RCX: 0000000000000002 [ 1098.377918][ C1] RDX: dffffc0000000000 RSI: ffffffff8c0ae6e0 RDI: ffffffff8c605d00 [ 1098.385925][ C1] RBP: 0100000000000004 R08: ffffffff9372c877 R09: 1ffffffff26e590e [ 1098.394023][ C1] R10: dffffc0000000000 R11: fffffbfff26e590f R12: ffffffff8193809e [ 1098.402045][ C1] R13: ffff88807d79ce00 R14: 0000000000000006 R15: ffff8880b932d4c8 [ 1098.410041][ C1] FS: 0000000000000000(0000) GS:ffff8880b9300000(0000) knlGS:0000000000000000 [ 1098.418975][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 1098.425556][ C1] CR2: 00007ff5341c7d58 CR3: 0000000022626000 CR4: 00000000003526f0 [ 1098.433615][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 1098.441580][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 1098.449549][ C1] Call Trace: [ 1098.452826][ C1] [ 1098.455670][ C1] ? __warn+0x163/0x4e0 [ 1098.459827][ C1] ? kcov_remote_start+0x5a2/0x7e0 [ 1098.464945][ C1] ? report_bug+0x2b3/0x500 [ 1098.469449][ C1] ? kcov_remote_start+0x5a2/0x7e0 [ 1098.474650][ C1] ? handle_bug+0x3e/0x70 [ 1098.478975][ C1] ? exc_invalid_op+0x1a/0x50 [ 1098.483651][ C1] ? asm_exc_invalid_op+0x1a/0x20 [ 1098.488675][ C1] ? kcov_remote_start+0x9e/0x7e0 [ 1098.493712][ C1] ? kcov_remote_start+0x5a2/0x7e0 [ 1098.498916][ C1] ? usb_unanchor_urb+0xa3/0xc0 [ 1098.503766][ C1] ? usb_anchor_suspend_wakeups+0x3a/0x40 [ 1098.509488][ C1] __usb_hcd_giveback_urb+0x405/0x6e0 [ 1098.514869][ C1] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 1098.520777][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1098.525984][ C1] dummy_timer+0x830/0x45a0 [ 1098.530582][ C1] ? __pfx_lock_release+0x10/0x10 [ 1098.535623][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1098.541954][ C1] ? __hrtimer_run_queues+0x477/0xd50 [ 1098.547427][ C1] ? __pfx_lock_release+0x10/0x10 [ 1098.552467][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1098.557671][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 1098.562621][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 1098.567560][ C1] __hrtimer_run_queues+0x59b/0xd50 [ 1098.572842][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 1098.578844][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1098.584571][ C1] hrtimer_interrupt+0x396/0x990 [ 1098.589528][ C1] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 1098.595514][ C1] sysvec_apic_timer_interrupt+0x52/0xc0 [ 1098.601157][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1098.607146][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x18/0x70 [ 1098.613316][ C1] Code: 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 40 d7 03 00 65 8b 15 40 60 70 7e c2 00 01 ff 00 74 11 f7 c2 00 01 00 00 74 35 83 b9 1c 16 00 00 [ 1098.632927][ C1] RSP: 0018:ffffc90000a17b00 EFLAGS: 00000246 [ 1098.638999][ C1] RAX: ffffffff81412026 RBX: ffffc90000a17c18 RCX: ffff88801c36bc00 [ 1098.646968][ C1] RDX: 0000000080000303 RSI: ffffffff8e7a3d60 RDI: 0000000000000005 [ 1098.654938][ C1] RBP: 0000000000000005 R08: 0000000000000005 R09: ffffffff81411f0e [ 1098.662999][ C1] R10: 0000000000000008 R11: ffff88801c36bc00 R12: ffffffff908c2f44 [ 1098.670968][ C1] R13: dffffc0000000000 R14: ffffc90000a17c30 R15: 1ffff92000142f7c [ 1098.678974][ C1] ? unwind_next_frame+0x7be/0x2a00 [ 1098.684202][ C1] ? unwind_next_frame+0x8d6/0x2a00 [ 1098.689421][ C1] unwind_next_frame+0x8d6/0x2a00 [ 1098.694459][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1098.700011][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1098.705559][ C1] ? __kernel_text_address+0xd/0x40 [ 1098.710754][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1098.716337][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1098.722528][ C1] arch_stack_walk+0x151/0x1b0 [ 1098.727302][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1098.732860][ C1] stack_trace_save+0x118/0x1d0 [ 1098.737711][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 1098.742686][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 1098.748125][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1098.754312][ C1] ? arch_stack_walk+0x17b/0x1b0 [ 1098.759283][ C1] kasan_save_track+0x3f/0x80 [ 1098.763966][ C1] ? kasan_save_track+0x3f/0x80 [ 1098.768818][ C1] ? __kasan_kmalloc+0x98/0xb0 [ 1098.773582][ C1] ? __kmalloc_noprof+0x1fc/0x400 [ 1098.778633][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1098.784242][ C1] __kasan_kmalloc+0x98/0xb0 [ 1098.788855][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1098.794407][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1098.799964][ C1] __kmalloc_noprof+0x1fc/0x400 [ 1098.804911][ C1] __cfg80211_bss_update+0x1a5/0x2170 [ 1098.810294][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 1098.815329][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 1098.821142][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1098.826531][ C1] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 1098.832999][ C1] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 1098.839462][ C1] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 1098.845900][ C1] ? cfg80211_inform_single_bss_data+0xd3d/0x2030 [ 1098.852338][ C1] cfg80211_inform_single_bss_data+0xd51/0x2030 [ 1098.858603][ C1] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 1098.865301][ C1] ? __pfx_validate_chain+0x10/0x10 [ 1098.870523][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 1098.875501][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 1098.880456][ C1] ? cfg80211_inform_bss_data+0x3c5/0x5a70 [ 1098.886283][ C1] cfg80211_inform_bss_data+0x3dd/0x5a70 [ 1098.891952][ C1] ? __pfx_validate_chain+0x10/0x10 [ 1098.897335][ C1] ? validate_chain+0x11e/0x5900 [ 1098.902291][ C1] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 1098.908369][ C1] ? __pfx_validate_chain+0x10/0x10 [ 1098.913565][ C1] ? mark_lock+0x9a/0x350 [ 1098.917900][ C1] ? mark_lock+0x9a/0x350 [ 1098.922238][ C1] ? __lock_acquire+0x137a/0x2040 [ 1098.927293][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1098.932331][ C1] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 1098.938143][ C1] cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 1098.944249][ C1] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 1098.950057][ C1] ieee80211_bss_info_update+0x8a7/0xbc0 [ 1098.955785][ C1] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 1098.961969][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1098.968334][ C1] ? ieee80211_get_channel_khz+0x173/0x920 [ 1098.974163][ C1] ieee80211_scan_rx+0x526/0x9c0 [ 1098.979120][ C1] ieee80211_rx_list+0x2b02/0x3780 [ 1098.984256][ C1] ? __lock_acquire+0x137a/0x2040 [ 1098.989293][ C1] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 1098.994766][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1098.999803][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1099.005792][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1099.012131][ C1] ? ieee80211_rx_napi+0xd6/0x3c0 [ 1099.017162][ C1] ieee80211_rx_napi+0x18a/0x3c0 [ 1099.022115][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1099.028475][ C1] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 1099.033952][ C1] ? skb_dequeue+0x113/0x150 [ 1099.038553][ C1] ieee80211_handle_queued_frames+0xe7/0x1e0 [ 1099.044542][ C1] tasklet_action_common+0x321/0x4d0 [ 1099.049837][ C1] ? __pfx_tasklet_action_common+0x10/0x10 [ 1099.055646][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1099.061984][ C1] ? workqueue_softirq_action+0xce/0x140 [ 1099.067621][ C1] handle_softirqs+0x2c4/0x970 [ 1099.072388][ C1] ? do_softirq+0x11b/0x1e0 [ 1099.076892][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 1099.082184][ C1] do_softirq+0x11b/0x1e0 [ 1099.086514][ C1] [ 1099.089438][ C1] [ 1099.092362][ C1] ? __pfx_do_softirq+0x10/0x10 [ 1099.097216][ C1] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 1099.102854][ C1] ? rcu_is_watching+0x15/0xb0 [ 1099.107622][ C1] __local_bh_enable_ip+0x1bb/0x200 [ 1099.112819][ C1] ? ieee80211_xmit+0x30f/0x3f0 [ 1099.117673][ C1] ? __ieee80211_tx_skb_tid_band+0x49e/0x610 [ 1099.123685][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1099.129434][ C1] ? __ieee80211_tx_skb_tid_band+0x49e/0x610 [ 1099.135423][ C1] ? __ieee80211_tx_skb_tid_band+0x4e2/0x610 [ 1099.141412][ C1] ieee80211_handle_roc_started+0x267/0x440 [ 1099.147316][ C1] ? ieee80211_handle_roc_started+0x14f/0x440 [ 1099.153391][ C1] _ieee80211_start_next_roc+0x7a1/0xb00 [ 1099.159032][ C1] cfg80211_wiphy_work+0x2db/0x490 [ 1099.164149][ C1] ? process_scheduled_works+0x945/0x1830 [ 1099.169869][ C1] process_scheduled_works+0xa2c/0x1830 [ 1099.175435][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 1099.181430][ C1] ? assign_work+0x364/0x3d0 [ 1099.186115][ C1] worker_thread+0x86d/0xd40 [ 1099.190712][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1099.196621][ C1] ? __kthread_parkme+0x169/0x1d0 [ 1099.201655][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1099.206769][ C1] kthread+0x2f0/0x390 [ 1099.210839][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1099.215952][ C1] ? __pfx_kthread+0x10/0x10 [ 1099.220546][ C1] ret_from_fork+0x4b/0x80 [ 1099.224966][ C1] ? __pfx_kthread+0x10/0x10 [ 1099.229566][ C1] ret_from_fork_asm+0x1a/0x30 [ 1099.234342][ C1] [ 1099.237369][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 1099.244645][ C1] CPU: 1 UID: 0 PID: 13001 Comm: kworker/u8:6 Not tainted 6.11.0-rc2-syzkaller-00013-gd4560686726f #0 [ 1099.255575][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 06/27/2024 [ 1099.265716][ C1] Workqueue: events_unbound cfg80211_wiphy_work [ 1099.271984][ C1] Call Trace: [ 1099.275260][ C1] [ 1099.278097][ C1] dump_stack_lvl+0x241/0x360 [ 1099.282780][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 1099.287979][ C1] ? __pfx__printk+0x10/0x10 [ 1099.292571][ C1] ? _printk+0xd5/0x120 [ 1099.296733][ C1] ? vscnprintf+0x5d/0x90 [ 1099.301061][ C1] panic+0x349/0x860 [ 1099.304959][ C1] ? __warn+0x172/0x4e0 [ 1099.309109][ C1] ? __pfx_panic+0x10/0x10 [ 1099.313523][ C1] ? show_trace_log_lvl+0x4e6/0x520 [ 1099.318731][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 1099.323673][ C1] __warn+0x346/0x4e0 [ 1099.327652][ C1] ? kcov_remote_start+0x5a2/0x7e0 [ 1099.332774][ C1] report_bug+0x2b3/0x500 [ 1099.337108][ C1] ? kcov_remote_start+0x5a2/0x7e0 [ 1099.342224][ C1] handle_bug+0x3e/0x70 [ 1099.346374][ C1] exc_invalid_op+0x1a/0x50 [ 1099.350873][ C1] asm_exc_invalid_op+0x1a/0x20 [ 1099.355717][ C1] RIP: 0010:kcov_remote_start+0x5a2/0x7e0 [ 1099.361443][ C1] Code: 24 00 00 00 00 9c 8f 04 24 f7 04 24 00 02 00 00 0f 85 a6 01 00 00 41 f7 c6 00 02 00 00 0f 84 93 fa ff ff fb e9 8d fa ff ff 90 <0f> 0b 90 e8 f6 61 22 0a 89 c0 48 c7 c7 c8 d4 02 00 48 03 3c c5 40 [ 1099.381050][ C1] RSP: 0018:ffffc90000a17370 EFLAGS: 00010002 [ 1099.387115][ C1] RAX: 0000000080010303 RBX: ffff88801c36bc00 RCX: 0000000000000002 [ 1099.395081][ C1] RDX: dffffc0000000000 RSI: ffffffff8c0ae6e0 RDI: ffffffff8c605d00 [ 1099.403048][ C1] RBP: 0100000000000004 R08: ffffffff9372c877 R09: 1ffffffff26e590e [ 1099.411015][ C1] R10: dffffc0000000000 R11: fffffbfff26e590f R12: ffffffff8193809e [ 1099.418985][ C1] R13: ffff88807d79ce00 R14: 0000000000000006 R15: ffff8880b932d4c8 [ 1099.427041][ C1] ? kcov_remote_start+0x9e/0x7e0 [ 1099.432100][ C1] ? usb_unanchor_urb+0xa3/0xc0 [ 1099.436970][ C1] ? usb_anchor_suspend_wakeups+0x3a/0x40 [ 1099.442693][ C1] __usb_hcd_giveback_urb+0x405/0x6e0 [ 1099.448073][ C1] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 1099.453970][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1099.459177][ C1] dummy_timer+0x830/0x45a0 [ 1099.463684][ C1] ? __pfx_lock_release+0x10/0x10 [ 1099.468720][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1099.475049][ C1] ? __hrtimer_run_queues+0x477/0xd50 [ 1099.480418][ C1] ? __pfx_lock_release+0x10/0x10 [ 1099.485444][ C1] ? do_raw_spin_unlock+0x13c/0x8b0 [ 1099.490646][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 1099.495587][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 1099.500532][ C1] __hrtimer_run_queues+0x59b/0xd50 [ 1099.506509][ C1] ? ktime_get_update_offsets_now+0x3c/0x250 [ 1099.512501][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1099.518221][ C1] hrtimer_interrupt+0x396/0x990 [ 1099.523177][ C1] __sysvec_apic_timer_interrupt+0x110/0x3f0 [ 1099.529165][ C1] sysvec_apic_timer_interrupt+0x52/0xc0 [ 1099.534809][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1099.541341][ C1] RIP: 0010:__sanitizer_cov_trace_pc+0x18/0x70 [ 1099.547504][ C1] Code: 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 40 d7 03 00 65 8b 15 40 60 70 7e c2 00 01 ff 00 74 11 f7 c2 00 01 00 00 74 35 83 b9 1c 16 00 00 [ 1099.567105][ C1] RSP: 0018:ffffc90000a17b00 EFLAGS: 00000246 [ 1099.573281][ C1] RAX: ffffffff81412026 RBX: ffffc90000a17c18 RCX: ffff88801c36bc00 [ 1099.581276][ C1] RDX: 0000000080000303 RSI: ffffffff8e7a3d60 RDI: 0000000000000005 [ 1099.589252][ C1] RBP: 0000000000000005 R08: 0000000000000005 R09: ffffffff81411f0e [ 1099.597231][ C1] R10: 0000000000000008 R11: ffff88801c36bc00 R12: ffffffff908c2f44 [ 1099.605207][ C1] R13: dffffc0000000000 R14: ffffc90000a17c30 R15: 1ffff92000142f7c [ 1099.613182][ C1] ? unwind_next_frame+0x7be/0x2a00 [ 1099.618387][ C1] ? unwind_next_frame+0x8d6/0x2a00 [ 1099.623591][ C1] unwind_next_frame+0x8d6/0x2a00 [ 1099.628625][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1099.634173][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1099.639720][ C1] ? __kernel_text_address+0xd/0x40 [ 1099.644915][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1099.650466][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1099.656623][ C1] arch_stack_walk+0x151/0x1b0 [ 1099.661385][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1099.666935][ C1] stack_trace_save+0x118/0x1d0 [ 1099.671786][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 1099.676728][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 1099.682095][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1099.688246][ C1] ? arch_stack_walk+0x17b/0x1b0 [ 1099.693185][ C1] kasan_save_track+0x3f/0x80 [ 1099.697863][ C1] ? kasan_save_track+0x3f/0x80 [ 1099.702709][ C1] ? __kasan_kmalloc+0x98/0xb0 [ 1099.707469][ C1] ? __kmalloc_noprof+0x1fc/0x400 [ 1099.712498][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1099.718082][ C1] __kasan_kmalloc+0x98/0xb0 [ 1099.722668][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1099.728210][ C1] ? __cfg80211_bss_update+0x1a5/0x2170 [ 1099.733755][ C1] __kmalloc_noprof+0x1fc/0x400 [ 1099.738620][ C1] __cfg80211_bss_update+0x1a5/0x2170 [ 1099.744106][ C1] ? do_raw_spin_lock+0x14f/0x370 [ 1099.749133][ C1] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 1099.754942][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1099.760312][ C1] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 1099.766755][ C1] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 1099.773190][ C1] ? cfg80211_inform_single_bss_data+0xaff/0x2030 [ 1099.779649][ C1] ? cfg80211_inform_single_bss_data+0xd3d/0x2030 [ 1099.786079][ C1] cfg80211_inform_single_bss_data+0xd51/0x2030 [ 1099.792344][ C1] ? __pfx_cfg80211_inform_single_bss_data+0x10/0x10 [ 1099.799045][ C1] ? __pfx_validate_chain+0x10/0x10 [ 1099.804246][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 1099.809185][ C1] ? ret_from_fork_asm+0x1a/0x30 [ 1099.814121][ C1] ? cfg80211_inform_bss_data+0x3c5/0x5a70 [ 1099.819932][ C1] cfg80211_inform_bss_data+0x3dd/0x5a70 [ 1099.825600][ C1] ? __pfx_validate_chain+0x10/0x10 [ 1099.830825][ C1] ? validate_chain+0x11e/0x5900 [ 1099.835797][ C1] ? __pfx_cfg80211_inform_bss_data+0x10/0x10 [ 1099.841890][ C1] ? __pfx_validate_chain+0x10/0x10 [ 1099.847110][ C1] ? mark_lock+0x9a/0x350 [ 1099.851449][ C1] ? mark_lock+0x9a/0x350 [ 1099.855783][ C1] ? __lock_acquire+0x137a/0x2040 [ 1099.860829][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1099.865861][ C1] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 1099.871672][ C1] cfg80211_inform_bss_frame_data+0x3b8/0x720 [ 1099.877836][ C1] ? ieee80211_bss_info_update+0x3d9/0xbc0 [ 1099.883639][ C1] ieee80211_bss_info_update+0x8a7/0xbc0 [ 1099.889274][ C1] ? __pfx_ieee80211_bss_info_update+0x10/0x10 [ 1099.895434][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1099.901760][ C1] ? ieee80211_get_channel_khz+0x173/0x920 [ 1099.907570][ C1] ieee80211_scan_rx+0x526/0x9c0 [ 1099.912512][ C1] ieee80211_rx_list+0x2b02/0x3780 [ 1099.917622][ C1] ? __lock_acquire+0x137a/0x2040 [ 1099.922656][ C1] ? __pfx_ieee80211_rx_list+0x10/0x10 [ 1099.928122][ C1] ? __pfx_lock_acquire+0x10/0x10 [ 1099.933164][ C1] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 1099.939148][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1099.945484][ C1] ? ieee80211_rx_napi+0xd6/0x3c0 [ 1099.950509][ C1] ieee80211_rx_napi+0x18a/0x3c0 [ 1099.955445][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 1099.961774][ C1] ? __pfx_ieee80211_rx_napi+0x10/0x10 [ 1099.967235][ C1] ? skb_dequeue+0x113/0x150 [ 1099.971829][ C1] ieee80211_handle_queued_frames+0xe7/0x1e0 [ 1099.977908][ C1] tasklet_action_common+0x321/0x4d0 [ 1099.983197][ C1] ? __pfx_tasklet_action_common+0x10/0x10 [ 1099.989001][ C1] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 1099.995336][ C1] ? workqueue_softirq_action+0xce/0x140 [ 1100.000973][ C1] handle_softirqs+0x2c4/0x970 [ 1100.005739][ C1] ? do_softirq+0x11b/0x1e0 [ 1100.010241][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 1100.015532][ C1] do_softirq+0x11b/0x1e0 [ 1100.019859][ C1] [ 1100.022782][ C1] [ 1100.025706][ C1] ? __pfx_do_softirq+0x10/0x10 [ 1100.030554][ C1] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 1100.036216][ C1] ? rcu_is_watching+0x15/0xb0 [ 1100.040984][ C1] __local_bh_enable_ip+0x1bb/0x200 [ 1100.046200][ C1] ? ieee80211_xmit+0x30f/0x3f0 [ 1100.051081][ C1] ? __ieee80211_tx_skb_tid_band+0x49e/0x610 [ 1100.057069][ C1] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 1100.062794][ C1] ? __ieee80211_tx_skb_tid_band+0x49e/0x610 [ 1100.068773][ C1] ? __ieee80211_tx_skb_tid_band+0x4e2/0x610 [ 1100.074755][ C1] ieee80211_handle_roc_started+0x267/0x440 [ 1100.080653][ C1] ? ieee80211_handle_roc_started+0x14f/0x440 [ 1100.086725][ C1] _ieee80211_start_next_roc+0x7a1/0xb00 [ 1100.092365][ C1] cfg80211_wiphy_work+0x2db/0x490 [ 1100.097479][ C1] ? process_scheduled_works+0x945/0x1830 [ 1100.103196][ C1] process_scheduled_works+0xa2c/0x1830 [ 1100.108762][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 1100.114749][ C1] ? assign_work+0x364/0x3d0 [ 1100.119345][ C1] worker_thread+0x86d/0xd40 [ 1100.123941][ C1] ? _raw_spin_unlock_irqrestore+0xdd/0x140 [ 1100.129835][ C1] ? __kthread_parkme+0x169/0x1d0 [ 1100.134863][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1100.139972][ C1] kthread+0x2f0/0x390 [ 1100.144045][ C1] ? __pfx_worker_thread+0x10/0x10 [ 1100.149168][ C1] ? __pfx_kthread+0x10/0x10 [ 1100.153785][ C1] ret_from_fork+0x4b/0x80 [ 1100.158210][ C1] ? __pfx_kthread+0x10/0x10 [ 1100.162809][ C1] ret_from_fork_asm+0x1a/0x30 [ 1100.167587][ C1] [ 1100.170858][ C1] Kernel Offset: disabled [ 1100.175287][ C1] Rebooting in 86400 seconds..