last executing test programs: 3.818817805s ago: executing program 3 (id=563): openat2$dir(0xffffffffffffff9c, &(0x7f0000001680)='.\x00', &(0x7f0000000040), 0x58) 3.716071437s ago: executing program 3 (id=565): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r4 = getpid() sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x4) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) 3.040734491s ago: executing program 1 (id=569): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_CTHELPER_NEW(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000040)={0x5c, 0x0, 0x9, 0x101, 0x0, 0x0, {0x1}, [@NFCTH_TUPLE={0x3c, 0x2, [@CTA_TUPLE_IP={0x2c, 0x1, 0x0, 0x1, @ipv6={{0x14, 0x3, @mcast2}, {0x14, 0x4, @loopback}}}, @CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x2f}}]}, @NFCTH_NAME={0x9, 0x1, 'syz0\x00'}]}, 0x5c}, 0x1, 0x0, 0x0, 0x4}, 0x20000000) 2.918722135s ago: executing program 1 (id=571): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0/file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) listen(0xffffffffffffffff, 0x4) r4 = dup(r0) write$UHID_INPUT(r4, &(0x7f0000001040)={0x7, {"a2e3ad21ed0d52f91b48090987f70e06d038e7ff7fc6e5539b0d46078b089b37073b6d090890e0878f0e1ac6e7049b334d959b669a240d5d67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d074b0936cd3b78130daa61d8e809ea88008000000000000027b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1dbdb230ae1fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b3804000000bee800490841bdb114f6b76383709d8f5c55432a909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f6e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f677747abc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15a7e454dea05918b41243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e1088334975e9f73483b6a62fa678ca14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce3803f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5d429a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f8ea2e2010000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f000800080000000000002420aed92fa9b6578b4779415d97b9a6d6d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9e53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b25361b665a8c97447a3c6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f304b96210403b2de9efed496f42355bc7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076038e79a7962fb385a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02cca4e91b2f001edb3d78fb4b55668dda93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8cf7d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad15a3a504767b6b45a45957f24d758ed024b3849c1137e2a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4483f8fd777d443e8b40426db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eb81f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe7b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a39988b8658a20878b7c1dd7ba02fc42939dde7d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d81eaee5ee6cf1d0ab378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88d0466d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afae5136651b1b9bd522d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02dae17b118e5d6787463183b4b87c1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b34449e15e065cc7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4908b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0db42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a028ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9c861a0e7e65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7bac7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068eb38067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c7e36bb2fc4c40e9cf96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3f0600faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f9000", 0x1000}}, 0x1006) 2.518640462s ago: executing program 2 (id=576): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x5}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_xfrm(r0, 0x0, 0x0) 2.38003834s ago: executing program 0 (id=577): socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r0 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) openat$cgroup_type(r0, &(0x7f0000000200), 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000029c0)) socket$caif_stream(0x25, 0x1, 0x0) syz_io_uring_setup(0x239, &(0x7f0000000080)={0x0, 0x0, 0x11900, 0x1}, 0x0, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)) socket$inet6(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)) openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)) openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) socketpair(0x0, 0x0, 0x0, &(0x7f0000000000)) ioctl$TUNSETCARRIER(0xffffffffffffffff, 0x400454e2, &(0x7f0000000000)=0x4b) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r1, 0x8946, &(0x7f0000000900)={'veth1_virt_wifi\x00', @random='\x00\x00\x00 \x00'}) 2.354785087s ago: executing program 2 (id=578): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_PORT_GET(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[@ANYBLOB="20000000101401"], 0x20}}, 0x0) 2.182010504s ago: executing program 2 (id=579): syz_emit_ethernet(0x32, &(0x7f0000000000)={@random="e90c630faca2", @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x24, 0x0, 0xe000, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x10, 0x0, @gue={{0x2, 0x1, 0x3, 0x2, 0x0, @val=0x80}}}}}}}, 0x0) syz_emit_ethernet(0x2a, &(0x7f0000000280)={@local, @multicast, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x2, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x0, 0x8}}}}}, 0x0) 2.12964197s ago: executing program 0 (id=580): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x3) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000400)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$sock_SIOCGIFCONF(r2, 0x8912, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000200)={0xc, 0xe, &(0x7f0000001900)=ANY=[@ANYBLOB="b702000003000000bfa30000000000000703000000feffff7a0af0fff8ffffff79a4f0ff00000000b7060000ffffffff2d6405000000000065040400010000000404000001007d60b7030000000000006a0a00fe00010000850000000d000000b7000000000000009500000000000000496cf2827fb43a431ca711fcc9cdfa146ec56175037958e271f60d25b7937f02c8695e5a1b2cdf41dc10d1e8bf076d83923dd29c034055b67dafe6c8dc3d5d78c07fa1f7e4d5b318e2ec0e0700897a74a0091ff110026e6d2ef831ab7ea0c34f17e3ad6ef3bb622003b538dfd8e012e79578e51bc53099e90fbdb2ca8eeb9c15ab3a14817ac61e4dd11183a13477bf7e060e3670ef0e789f93781965f1328d6704902cbe7bc0476619f28d99cd0aa7b73340cc2160a1fe3c184b751c51160fbce841f8a97be6148ba532e6ea09c346dfebd31a08b32808b80200000000009dd27080e71113610e10d859e8327ef03fb6c86adac12233f9a1fb9c2aec61ce63a3462fd50117b89a9ab759b4eeb8cb000067d42b4e54861d0227dbfd2ed8576a3f7f3deadd7130856f756436303767d2e24f29e5dad9796edb697a6ea0180aabc18cae2ed4b4390af9a9ceafd07ed0030000002cab154ad029a119ca3c972780870014605c83d7d11c3c975d5aec84222fff0d7216fdb0d3a0ec4bfae563112f4b391aafe234870072858dc06e7c337642d3e5a815212f5e16c1b30c3a2a71bc85018e5ff2c910496f18afc9ffc2cc788bee1b47683db01a46939868d75211bbae0e7313bff5d4c391ddece00fc772dd6b4d4d0a917b239fe12280fc92c88c5b8dcdcc22ee1747790a8992533ac2a9f5a699593f084419cae0b4183fb01c73f99857399537f5dc2acb72c7eae993fc9eb22d130665b6341da114f08cd0509d380578673fffffff8c23877a6b24db0e067345560942fa629fbef2461c96a08707671215c302fae29187d4f5c06a960fd37c10223fdae7ed04935c3c90d3add8eebc8619d73415e6adcda2130f5011e42e50adab988dd8e12baf5cc9398c88607a08009c2977aab37d9a44cfc1c7b4000000000000fa47742f6c5b9c4b11e7d7262a1457c39495c826b956ba859adfe38f77b91bd7d5ca1664fe2f3ced8468911806e8916dc15e21644db60c2499d5d16d7d915836ab26c169482008ef069dc42749289f854797f2f900c2a12d8c38a967c1bbe09315c29877a331bcc87dc3addb08141bdee5d27874b2f663ddeef0005b3d96c7aae73835d5a3cda9e90d76c1993e0799d4894ee7f8249dc1e3428d2129369ee1b85afa1a5be5f6eb2eea0d0df414b315f65112412392191fa83ee830548f11e1038debd64cbe359454a3f2239cfe35f81b7aded448859968ff0e90500d0b07c0dd00490f167e6d5c1109681739dc33f75b20428d6474a0a91ee90b8de802c6b538622e6bbcb80f87b415263c401e64ed69a2f75409000000000000001d695c4559b82cabac3cccadc1e1c19af4e03020abf5ff0433d660f20898d2a045d209a0ffb20a77c9af2b80c05184a66d30bbea2ca45a4d6d6d1e6e79aef42355a500587b603306a5af8d867d80a07f10d82eafb03062e95196d5e3ff010000000000000be959096ea948cfa8e7194123e918914a71ad5a8521fb9553bc60f7d9719b55b3abb6bba3d113a680a8d46fe074c83fbe378a3889e8145b2eaceab05ef932c6e4f8ef0ed0d818a7b76d839cf3c63ebb4380b168c38fa32e49563cfee3a7f0fc18bfa32c418cef875fb49e2989177a1bcd1e30280bc586e79a5dd8076c248e7d6e97b3ce267dd4e27b6ef206660090bb2164474cef378f97ca33fc03000000000000001547053453d0c9aec91a24079b21d52fb5516bf0c28ef37aa76442f6083dc99cd61afaf62545d7b00d3639f2f10ac2d5c759c3e5468f5874c24411d415b6b085fb73a2c7c3852e0e658ffeb4e863428a792bee94f6cd895424360e0464f9d7ea425f2fa6aac029d15af607ad83532ff181c985f54b39370c06e63055b4d6a36fa98a44e379d28307c9912fb097601f3f88a2ca6fd1f9320cfe7fc8e9f7f15f02e177ce23f43a154b42e26f037e8a01377cbd3f509e6e540c9ba9c2a589ac5d8ad67a65e9a44c576dc24452eaa9d819e2b04bdd1c000000070000000000000000000000005333c6199c12dcd926891927a7267c47cf897853d160100b39b613faefe16bed1fc105dddd77ab929b837d54aa17eb9fbdc2bdc0e98ae2c3f23a6131e2879f04ff01000030b92dd493be66c2242f8184733b80ba28e8ffffff7f00000000bb2f89049c5f6d63d56995747639964217aacfe548bc869098aa8e07e51dbc9e2d4db3c5f79fd355222ec2a00cf7f2ccd6dd6d2dc2a815d8314221a5472f1318a9dfbec5a759579caf3262129b14e99040b5d91398e17df85c25ccae973eecc7d187168d5c9cd848d566cc17587641ed01889c927da38d83314480b15e23138c5b877a72bd4cf74a299df4fbfc8e6ea96939f15d254d9033c5a45706bda78ab60200000000000000000000000000000000000000706f78f0a2ea9667fb5b951808545a46830970c2dfae01adbda7d29bf1f7abdaf52e0de6f9d7150808e9086642e64ebf98762b34338b80e41b704c3eefaf0bb5f7d895de17a10b0a0ea15ccc0d7a830b6eb33b6b61675511d693ef5e3c44bbf71cabc5175d879e7499f8baae2a1a09cf38da73297764fbc0e723e1cc3abb12e3076982ed32c94a2ce3e6f37c47e983da4ca5c96187db5a2a2e1742bc93a65d7187126126b3a80f17dd2f7dbbe82d104ede9ba6925afc2ee6cb94f56f1363cad635abf8f983292c49c0ebf5005154c7b58a3a2a2e5a00d2f953a86d2fd92b8661264f781e3fb02d05a28f3f17b64d0258853d45cb5ebde10cd3d82eeed2f1ed925b7cf400304932c5ed0a362b235ce37e1f17700f7d1fecf8be8a2c5d25a9c60657560d05441387ff158a018d19a286c56d0886eb59d509ee89cc2df52881d005b2e5c27563ba54e4153c132d0366a9660000000000000009c1aaec93ec0f925921fb2e9eb202a29bef28224dbabe723de5c584bc398a8792e493048c87f60a51a391e95921218149403558fd13c649f90b0911d57eeb298b590581eba1ce383b539ab80fd15445987b1bb4eb512545e1ab65fef310e10b1ee362b51c72f82edf2f502ddf52567775e34a56d1be892f1e62b08950d517fa6fb1b0ef2edf1b67f8644786116b037d4a36fdd30b000063e58c856ec44cbbc2d370553f832af9480215e09aaa3843fe360b1c293a14627f2cfbe278f31d0abc0f5aaa10926dbbfe8a4b131c13a73d4e6d065c2c0fed3ab8442520ce0e0ad7d2d177377ab197ace3ef8b1c24ceb0bdee84bd6e6317633938dd19dc42de7f8f860eca6d9c74525fcd3497526df4c13e3ba5f0d75365a4542ae9440d2fede416d618cdaaf7e038879c5d177b3876fda4121e15a00adb976064a93e8d000000000000903350932d3eef7fdada20c19807066e2c72d0d816eb9fa50be213bf6bbb7ccb9f2e8a153e6ced68f192ebed6e86af0f2cec7335fa8039fd6eb025440bc2a34d071f0a0e6774308a2c5986aa9200a1306ffa5a71ca69e89a6980612b35fc858f37c2c398515a910a35e22ab0573c10b85df4c2972a2fb8b9c080fbb41a753791df727fdeadc5cf218a6eda31312256191c620cce34d1e3bf40a4a207ab1575b399eb8155781bfc7cb5920b49c039935a888d77041814f60fbbcafa487ee96b368e8769da90b44190e569fe8b1d155d0765baaca5c5548b5a78bb43e5d9e47a1d5809bb178184b5672d08e29aecf1f572ac1e6cab7e820751e95999b7532603494d37a2bff335c880d8c6868e6889cf63a861898149495a3590bd2bd4a006a910f490a69bd25af8564b8b95f480fd85220b7c98bf086e53f052076ad22ebc872a6f4e7ffe3bbd813fd84aec29530ec71e5cead7f33aab38b9f4d434515ccedcc2b5130bdd74683d9531ce6b104ab602daf383442f505c562d247df84451ae73ee2d89752aaa3ac782122148cc71e56a12155912a129b79a6c839326b1fc8bf444ca2f73432d7354362391952896f08dac6dbf3f6bc7702583c84d770a9f7fb903bcaf86699783ddbac94adbe6cf62617b16d580a7ead3894a389772599068bb1d22af"], &(0x7f0000000340)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000080)={r3, 0x18000000000002a0, 0xe40, 0x0, &(0x7f0000000100)="b9ff030f6044238cb89e14f089061bff88a8e0ff4000632f77fbac14142ce934a0a662079f4b4d2f87e5feca6aab845013f2325f1a3901050b038da1880525181aa59d943be3f4aed50ea5a6b8686731cb89ef77123c899b699eeaa8eaa0073461119663906400f30c0600000000000059b6d3296e8ca31bce1d8392078b72f24996ae17dffc2e43c8174b54b620636894aaacf28ff62616363c70a440aec4014caf28c0adc043084617d7ecf41e9d134589d46e5dfc4ca5780d38cae870b9a1df48b238190da450296b0ac01496ace23eefc9d4246dd14afbf79a2283a0bb7e1d235f3df126c3acc240d75a058f6efa6d1f5f7ff4000000000000000000", 0x0, 0xfe, 0x60000000}, 0x2c) 1.976616607s ago: executing program 2 (id=582): socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="040e05003e20"], 0x8) bind$alg(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000100)) sendmsg$nl_route_sched(r0, 0x0, 0x0) memfd_secret(0x0) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x3, 0x300) socket$rxrpc(0x21, 0x2, 0xa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_io_uring_setup(0x145c, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x2000}, &(0x7f0000000240), 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}}, 0x4000) r1 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) write$UHID_CREATE2(r1, &(0x7f0000000180)=ANY=[], 0x118) 1.785704427s ago: executing program 2 (id=585): r0 = syz_open_dev$vim2m(&(0x7f00000000c0), 0x8a, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r0, 0xc0d05604, &(0x7f0000000100)={0x3, @sliced={0x0, [0xffe9, 0x3, 0xf993, 0xfffb, 0x1, 0x8, 0x4, 0x9, 0x1ff, 0x2000, 0x2, 0xcd0, 0x84, 0x8, 0xfff, 0xe, 0x8, 0x4769, 0x200, 0x401, 0x1, 0x8, 0x8, 0xf, 0x3, 0x3, 0x6, 0x9, 0x8, 0x6, 0x3, 0x5, 0xc3e9, 0x101, 0x80, 0x1, 0x7, 0x3, 0x40, 0xa771, 0x0, 0xfff8, 0x1, 0x7fff, 0x8, 0x4d, 0x58, 0x8000], 0xf6}}) 1.615222392s ago: executing program 2 (id=587): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000005c0)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)) syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket(0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x4c, 0x0, &(0x7f0000000800)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x70, 0x18, &(0x7f0000000600)={@ptr={0x73622a85, 0x0, 0x0, 0x6000}, @ptr={0x70742a85, 0x0, 0x0}, @fda}, &(0x7f0000000240)={0x0, 0x28, 0x50}}}], 0x0, 0x0, 0x0}) 1.52630907s ago: executing program 4 (id=588): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x5}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_xfrm(r0, 0x0, 0x0) 1.392203406s ago: executing program 3 (id=589): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='blkio.bfq.io_wait_time\x00', 0x26e1, 0x0) close(r0) socket(0x28, 0x1, 0x0) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000000)={0x2, 0x4, 0x8, 0x1, 0x80, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x1, 0x0, 0x0, @void, @value, @void, @value}, 0x48) ioctl$SECCOMP_IOCTL_NOTIF_RECV(0xffffffffffffffff, 0xc0502100, 0x0) ioctl$SIOCSIFHWADDR(r0, 0x8b14, &(0x7f0000000000)={'virt_wifi0\x00', @random="0100"}) 1.38215251s ago: executing program 4 (id=590): syz_mount_image$fuse(0x0, &(0x7f0000000140)='./file0\x00', 0x0, 0x0, 0x0, 0x0, 0x0) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000055d000/0x2000)=nil, 0x2000, 0x2000, 0x7, &(0x7f0000899000/0x2000)=nil) mbind(&(0x7f00007ff000/0x4000)=nil, 0x4000, 0x0, 0x0, 0x0, 0x2) 1.218019015s ago: executing program 3 (id=591): r0 = bpf$MAP_CREATE_TAIL_CALL(0x0, &(0x7f0000000000)={0x3, 0x4, 0x4, 0xa, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000100)={0x10, 0x6, &(0x7f0000000c80)=@raw=[@tail_call={{0x18, 0x2, 0x1, 0x0, r0}, {0x4}}, @exit], &(0x7f0000000180)='syzkaller\x00', 0x2, 0xe3, &(0x7f0000000240)=""/227, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) 1.040613208s ago: executing program 3 (id=592): setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x13, &(0x7f0000000000)=0x100000001, 0x4) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r2, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc) r3 = socket$inet_sctp(0x2, 0x5, 0x84) r4 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r4, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x54) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r3, 0x84, 0x71, &(0x7f00000000c0)={r5}, 0x8) 802.221121ms ago: executing program 4 (id=593): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000002340)=[@in6={0xa, 0x4e20, 0x0, @loopback}], 0x1c) listen(r0, 0xfffffffc) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000280)={0x0, 0x2c, &(0x7f0000000100)=[@in6={0xa, 0x4e20, 0x0, @loopback}, @in={0x2, 0x4e20, @private=0xa010101}]}, &(0x7f00000002c0)=0x10) 544.786186ms ago: executing program 0 (id=594): r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000340)='/proc/sys/net/ipv4/tcp_mtu_probing\x00', 0x1, 0x0) pwritev2(r0, &(0x7f00000001c0)=[{&(0x7f0000000040)='4', 0x1}], 0xb, 0x0, 0x0, 0x0) setsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x2, &(0x7f00000001c0)=0x7ff, 0x4) bind$inet6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x8000002}, 0x1c) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x22004001, &(0x7f0000b63fe4)={0xa, 0x2, 0x0, @loopback}, 0x1c) 476.690867ms ago: executing program 4 (id=595): socket$netlink(0x10, 0x3, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000340)=ANY=[@ANYBLOB="040e05003e20"], 0x8) bind$alg(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, &(0x7f0000000100)) sendmsg$nl_route_sched(r0, 0x0, 0x0) memfd_secret(0x0) socket$packet(0x11, 0x2, 0x300) socket$packet(0x11, 0x3, 0x300) socket$rxrpc(0x21, 0x2, 0xa) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) syz_io_uring_setup(0x145c, &(0x7f0000000080)={0x0, 0x0, 0x10100, 0x2000}, &(0x7f0000000240), 0x0) sendmsg$IPSET_CMD_TYPE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)=ANY=[@ANYBLOB='9'], 0x38}}, 0x4000) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) 452.176212ms ago: executing program 1 (id=596): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x11, 0x5, &(0x7f0000000000)=ANY=[@ANYBLOB="1800000000800000000000000100006a070000000fad412ec50000000f00000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = syz_open_dev$ttys(0xc, 0x2, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) bind$xdp(0xffffffffffffffff, &(0x7f0000000000)={0x2}, 0x10) ioctl$TCFLSH(r0, 0x404c4701, 0x20000000) 405.636307ms ago: executing program 0 (id=597): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_SET_FLAGS(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000540)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0f050000000000000000070000002400018008000300e0000001060005"], 0x38}}, 0x0) 304.208131ms ago: executing program 0 (id=598): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) openat2$dir(0xffffffffffffff9c, &(0x7f0000001680)='.\x00', &(0x7f0000000040), 0x58) 303.669473ms ago: executing program 4 (id=599): openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) socketpair(0x1, 0x80001, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0x19, 0x4, 0x4, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_GET_NEXT_KEY(0x2, &(0x7f0000000180)={r1, &(0x7f00000000c0), &(0x7f0000000000)=""/8, 0x2}, 0x20) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r0, 0x89f1, &(0x7f00000005c0)={'ip_vti0\x00', &(0x7f0000000240)={'syztnl0\x00', 0x0, 0x0, 0x0, 0x0, 0x0, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x4, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @private}}}}) ioctl$sock_ipv6_tunnel_SIOCDELTUNNEL(r0, 0x89f2, &(0x7f0000000180)={'syztnl0\x00', &(0x7f0000000100)={'syztnl2\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @empty, @dev}}) 233.494793ms ago: executing program 1 (id=600): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, &(0x7f00000004c0)={0x5}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) sendmsg$nl_xfrm(r0, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20040000}, 0x0) 201.740196ms ago: executing program 0 (id=601): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$IP_VS_SO_GET_TIMEOUT(r3, 0x0, 0x486, &(0x7f0000000000), &(0x7f0000000040)=0xc) r4 = socket$inet_sctp(0x2, 0x5, 0x84) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) getsockopt$inet_sctp6_SCTP_MAX_BURST(r5, 0x84, 0x83, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x54) setsockopt$inet_sctp_SCTP_PR_SUPPORTED(r4, 0x84, 0x71, &(0x7f00000000c0)={r6}, 0x8) 108.760128ms ago: executing program 1 (id=602): landlock_create_ruleset(&(0x7f0000000140)={0x1847, 0x2}, 0x49, 0x0) 108.595174ms ago: executing program 3 (id=603): socket$inet6_tcp(0xa, 0x1, 0x0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, 0x0) ioctl$BTRFS_IOC_QUOTA_RESCAN_STATUS(0xffffffffffffffff, 0x8040942d, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bridge_slave_0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000100)=ANY=[@ANYBLOB="280000001c0001000800ff000000000007000000", @ANYRES32=r2, @ANYBLOB="800094000a000200aaaaaaaaaa1c"], 0x28}}, 0x0) openat$ttyS3(0xffffff9c, &(0x7f0000000200), 0x8000, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCSIFFLAGS(r3, 0x8914, &(0x7f00000003c0)={'bridge0\x00'}) 9.007936ms ago: executing program 4 (id=604): socket$netlink(0x10, 0x3, 0x10) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r1, 0x4) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r2, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) writev(r2, &(0x7f0000000c80)=[{&(0x7f0000000440)="4bb2d656d5b87de223a9b3a1c6fad9a56d98331b18bbc963154082d7a61a005ad9c835df3efee2c29090d728f0f84acbde87a032354291", 0x37}, {&(0x7f0000000340)="f1dce151ba5676451cb6a1d5f96c2ebcd51fbcea754ad02e9cb2bd53d91540d43c72af706fdff19f48b924c2e295b911a5f25090a2a44789e81f53", 0xfffffe89}, {&(0x7f0000000c40)="a561e86d99c8428c40c665b34ce0a21e640ed1a093266551d8d6d032a757742e577a19c4891cb0c952", 0x29}], 0x3) socket$kcm(0xa, 0x6, 0x0) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000240)) socket$can_raw(0x1d, 0x3, 0x1) pselect6(0x40, &(0x7f00000001c0), 0x0, &(0x7f00000002c0)={0x3ff}, &(0x7f0000000300)={0x0, 0x3938700}, 0x0) 0s ago: executing program 1 (id=605): r0 = socket$inet_tcp(0x2, 0x1, 0x0) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000023c0)={0x6, 0x4, &(0x7f0000002180)=@framed={{0x18, 0x2}, [@call={0x85, 0x0, 0x0, 0x7}]}, &(0x7f0000000040)='syzkaller\x00', 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000180)={'syz_tun\x00', 0x0}) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f0000000000)={r1, r2}, 0x10) syz_emit_ethernet(0xfdef, &(0x7f0000000280)=ANY=[], 0x0) kernel console output (not intermixed with test programs): octl+0xc6/0x2a0 [ 112.972737][ T6050] __se_sys_ioctl+0x47/0x170 [ 112.977333][ T6050] do_syscall_64+0xf3/0x230 [ 112.981837][ T6050] ? clear_bhb_loop+0x35/0x90 [ 112.986534][ T6050] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 112.992470][ T6050] RIP: 0033:0x7fabb937dff9 [ 112.996883][ T6050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 113.016490][ T6050] RSP: 002b:00007fabba166038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 113.024920][ T6050] RAX: ffffffffffffffda RBX: 00007fabb9535f80 RCX: 00007fabb937dff9 [ 113.032886][ T6050] RDX: 0000000020000140 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 113.040855][ T6050] RBP: 00007fabba166090 R08: 0000000000000000 R09: 0000000000000000 [ 113.048826][ T6050] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 113.056792][ T6050] R13: 0000000000000000 R14: 00007fabb9535f80 R15: 00007fabb965fa28 [ 113.064774][ T6050] [ 113.069815][ T5298] usb 5-1: Using ep0 maxpacket: 8 [ 113.081170][ T6050] ERROR: Out of memory at tomoyo_realpath_from_path. [ 113.102384][ T5298] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 113.132106][ T5298] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.157507][ T5298] usb 5-1: Product: syz [ 113.165159][ T5298] usb 5-1: Manufacturer: syz [ 113.181423][ T5298] usb 5-1: SerialNumber: syz [ 113.200840][ T5298] usb 5-1: config 0 descriptor?? [ 113.206019][ T8] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 113.386246][ T8] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 113.397536][ T8] usb 3-1: config 0 has no interfaces? [ 113.406107][ T8] usb 3-1: New USB device found, idVendor=0a46, idProduct=9621, bcdDevice=4f.32 [ 113.415392][ T8] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 113.423460][ T8] usb 3-1: Product: syz [ 113.432788][ T8] usb 3-1: Manufacturer: syz [ 113.446223][ T8] usb 3-1: SerialNumber: syz [ 113.462583][ T8] usb 3-1: config 0 descriptor?? [ 113.468966][ T5298] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 113.594325][ T5328] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 113.671556][ T8] usb 3-1: USB disconnect, device number 10 [ 113.684489][ T5298] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 113.786730][ T5298] usb 5-1: USB disconnect, device number 17 [ 113.796201][ T5328] usb 1-1: Using ep0 maxpacket: 8 [ 113.872576][ T5328] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 114.021413][ T5328] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 114.056221][ T5328] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 114.088888][ T5328] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 114.120155][ T5328] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 114.150463][ T5328] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.315555][ T6068] input: syz1 as /devices/virtual/input/input14 [ 114.410995][ T5328] usb 1-1: GET_CAPABILITIES returned 0 [ 114.424609][ T5328] usbtmc 1-1:16.0: can't read capabilities [ 114.724376][ T5298] usb 2-1: new full-speed USB device number 16 using dummy_hcd [ 114.776962][ T5328] usb 5-1: new low-speed USB device number 18 using dummy_hcd [ 114.906757][ T5298] usb 2-1: unable to get BOS descriptor or descriptor too short [ 114.915184][ T5298] usb 2-1: not running at top speed; connect to a high speed hub [ 114.923878][ T5298] usb 2-1: config 0 interface 0 has no altsetting 0 [ 114.939603][ T5298] usb 2-1: string descriptor 0 read error: -22 [ 114.946211][ T5298] usb 2-1: New USB device found, idVendor=0497, idProduct=c001, bcdDevice= 2.73 [ 114.955576][ T5298] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 114.967176][ T5328] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 114.975358][ T5298] usb 2-1: config 0 descriptor?? [ 114.981659][ T5328] usb 5-1: config 0 has no interface number 0 [ 114.988077][ T5328] usb 5-1: config 0 interface 1 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10 [ 114.999100][ T5328] usb 5-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 115.010254][ T5298] gspca_main: spca501-2.14.0 probing 0497:c001 [ 115.017469][ T5328] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.028898][ T5328] usb 5-1: config 0 descriptor?? [ 115.037719][ T5328] iowarrior 5-1:0.1: no interrupt-in endpoint found [ 115.158960][ T5281] usb 1-1: USB disconnect, device number 18 [ 115.239328][ T6079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 115.270247][ T5286] usb 5-1: USB disconnect, device number 18 [ 115.278986][ T6079] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.526332][ T6079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 115.545275][ T5298] gspca_spca501: reg write: error -110 [ 115.550790][ T5298] spca501 2-1:0.0: Reg write failed for 0x02,0x07,0x05 [ 115.562287][ T5298] spca501 2-1:0.0: probe with driver spca501 failed with error -22 [ 115.562359][ T6079] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.580367][ T6079] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 115.595580][ T6079] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 115.671618][ T6079] AppArmor: change_hat: Invalid input, NULL hat and NULL magic [ 115.688305][ T29] kauditd_printk_skb: 16 callbacks suppressed [ 115.688326][ T29] audit: type=1800 audit(1728177925.101:30): pid=6090 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.228" name="/" dev="fuse" ino=1 res=0 errno=0 [ 115.747784][ T6090] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 115.766251][ T29] audit: type=1800 audit(1728177925.141:31): pid=6093 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.0.228" name="/" dev="fuse" ino=1 res=0 errno=0 [ 116.055730][ T6079] hsr_slave_1 (unregistering): left promiscuous mode [ 116.163707][ T5328] usb 2-1: USB disconnect, device number 16 [ 116.164696][ T5281] usb 3-1: new low-speed USB device number 11 using dummy_hcd [ 116.334312][ T5281] usb 3-1: Invalid ep0 maxpacket: 64 [ 116.424338][ T5286] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 116.494759][ T5281] usb 3-1: new low-speed USB device number 12 using dummy_hcd [ 116.520882][ T6109] netlink: 40 bytes leftover after parsing attributes in process `syz.3.235'. [ 116.594405][ T5286] usb 5-1: Using ep0 maxpacket: 8 [ 116.630341][ T5286] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 116.651158][ T5286] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 116.661682][ T5286] usb 5-1: Product: syz [ 116.669647][ T5286] usb 5-1: Manufacturer: syz [ 116.677276][ T5286] usb 5-1: SerialNumber: syz [ 116.684422][ T5281] usb 3-1: Invalid ep0 maxpacket: 64 [ 116.691799][ T5281] usb usb3-port1: attempt power cycle [ 116.708462][ T5286] usb 5-1: config 0 descriptor?? [ 116.735004][ T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 116.754508][ T6111] netlink: 24 bytes leftover after parsing attributes in process `syz.3.236'. [ 116.799300][ T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 1] type 2 family 0 port 46698 - 0 [ 116.844438][ T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 2] type 2 family 0 port 52084 - 0 [ 116.942226][ T5286] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 116.994792][ T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.043666][ T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 1] type 2 family 0 port 46698 - 0 [ 117.064363][ T5281] usb 3-1: new low-speed USB device number 13 using dummy_hcd [ 117.092869][ T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 2] type 2 family 0 port 52084 - 0 [ 117.126740][ T5281] usb 3-1: Invalid ep0 maxpacket: 64 [ 117.144676][ T5286] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 117.180774][ T5286] usb 5-1: USB disconnect, device number 19 [ 117.294397][ T5281] usb 3-1: new low-speed USB device number 14 using dummy_hcd [ 117.333077][ T5281] usb 3-1: Invalid ep0 maxpacket: 64 [ 117.338748][ T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.338807][ T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 1] type 2 family 0 port 46698 - 0 [ 117.338834][ T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 2] type 2 family 0 port 52084 - 0 [ 117.420486][ T5281] usb usb3-port1: unable to enumerate USB device [ 117.615620][ T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 117.627314][ T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 1] type 2 family 0 port 46698 - 0 [ 117.651496][ T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 2] type 2 family 0 port 52084 - 0 [ 117.683894][ T5242] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 117.698455][ T5242] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 117.709514][ T5242] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 117.717703][ T5242] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 117.727225][ T5242] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 117.738645][ T5242] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 117.825132][ T5281] usb 4-1: new low-speed USB device number 22 using dummy_hcd [ 117.996147][ T5281] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 118.004446][ T5281] usb 4-1: config 0 has no interface number 0 [ 118.012680][ T5281] usb 4-1: config 0 interface 1 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 10 [ 118.024427][ T5281] usb 4-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 118.046561][ T5281] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 118.109519][ T53] bridge_slave_1: left allmulticast mode [ 118.115080][ T5281] usb 4-1: config 0 descriptor?? [ 118.133799][ T5281] iowarrior 4-1:0.1: no interrupt-in endpoint found [ 118.134411][ T53] bridge_slave_1: left promiscuous mode [ 118.174512][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 118.222500][ T53] bridge_slave_0: left allmulticast mode [ 118.239423][ T53] bridge_slave_0: left promiscuous mode [ 118.247268][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 118.335757][ T5281] usb 4-1: USB disconnect, device number 22 [ 118.510171][ T53] batman_adv: batadv0: Removing interface: ip6gretap1 [ 119.069442][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 119.095427][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 119.107018][ T53] bond0 (unregistering): Released all slaves [ 119.117623][ T6125] chnl_net:caif_netlink_parms(): no params data found [ 119.611298][ T6125] bridge0: port 1(bridge_slave_0) entered blocking state [ 119.665089][ T6125] bridge0: port 1(bridge_slave_0) entered disabled state [ 119.672291][ T6125] bridge_slave_0: entered allmulticast mode [ 119.695124][ T5311] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 119.708436][ T6125] bridge_slave_0: entered promiscuous mode [ 119.733220][ T6125] bridge0: port 2(bridge_slave_1) entered blocking state [ 119.753182][ T6125] bridge0: port 2(bridge_slave_1) entered disabled state [ 119.775921][ T6125] bridge_slave_1: entered allmulticast mode [ 119.787812][ T6125] bridge_slave_1: entered promiscuous mode [ 119.814493][ T5230] Bluetooth: hci4: command tx timeout [ 119.865740][ T5311] usb 2-1: Using ep0 maxpacket: 8 [ 119.874567][ T5311] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 119.886226][ T5311] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.904812][ T5311] usb 2-1: Product: syz [ 119.915064][ T5311] usb 2-1: Manufacturer: syz [ 119.927920][ T5311] usb 2-1: SerialNumber: syz [ 119.941880][ T5311] usb 2-1: config 0 descriptor?? [ 119.954171][ T53] hsr_slave_0: left promiscuous mode [ 119.964807][ T53] hsr_slave_1: left promiscuous mode [ 119.972004][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 119.991937][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 120.007853][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 120.025547][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 120.069912][ T53] veth1_macvtap: left promiscuous mode [ 120.077151][ T53] veth0_macvtap: left promiscuous mode [ 120.082722][ T53] veth1_vlan: left promiscuous mode [ 120.090029][ T53] veth0_vlan: left promiscuous mode [ 120.167731][ T5311] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 120.376887][ T5311] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 120.404783][ T5311] usb 2-1: USB disconnect, device number 17 [ 120.554334][ T4646] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 120.618000][ T53] team0 (unregistering): Port device team_slave_1 removed [ 120.658017][ T53] team0 (unregistering): Port device team_slave_0 removed [ 120.710572][ T4646] usb 4-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 120.729047][ T4646] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 120.739127][ T4646] usb 4-1: config 0 descriptor?? [ 120.749384][ T4646] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 121.027491][ T6199] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 121.042756][ T6199] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 121.285863][ T6125] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 121.332730][ T6125] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 121.404639][ T6125] team0: Port device team_slave_0 added [ 121.434099][ T6125] team0: Port device team_slave_1 added [ 121.455745][ T6213] FAULT_INJECTION: forcing a failure. [ 121.455745][ T6213] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 121.470868][ T6213] CPU: 1 UID: 0 PID: 6213 Comm: syz.1.261 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 121.481494][ T6213] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 121.491551][ T6213] Call Trace: [ 121.494828][ T6213] [ 121.497757][ T6213] dump_stack_lvl+0x241/0x360 [ 121.502440][ T6213] ? __pfx_dump_stack_lvl+0x10/0x10 [ 121.507630][ T6213] ? __pfx__printk+0x10/0x10 [ 121.512221][ T6213] ? __pfx_lock_release+0x10/0x10 [ 121.517251][ T6213] should_fail_ex+0x3b0/0x4e0 [ 121.522195][ T6213] _copy_from_user+0x2f/0xe0 [ 121.526790][ T6213] sctp_getsockopt_default_send_param+0xc4/0x940 [ 121.533119][ T6213] ? __local_bh_enable_ip+0x168/0x200 [ 121.538496][ T6213] ? lockdep_hardirqs_on+0x99/0x150 [ 121.543705][ T6213] ? __pfx_sctp_getsockopt_default_send_param+0x10/0x10 [ 121.550638][ T6213] ? sctp_getsockopt+0x13a/0xbb0 [ 121.555583][ T6213] sctp_getsockopt+0x59f/0xbb0 [ 121.560344][ T6213] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 121.566240][ T6213] do_sock_getsockopt+0x3c4/0x7e0 [ 121.571263][ T6213] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 121.576803][ T6213] ? __fget_files+0x3f3/0x470 [ 121.581476][ T6213] ? __fget_files+0x29/0x470 [ 121.586065][ T6213] __sys_getsockopt+0x267/0x330 [ 121.590912][ T6213] ? __pfx___sys_getsockopt+0x10/0x10 [ 121.596365][ T6213] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 121.602704][ T6213] ? do_syscall_64+0x100/0x230 [ 121.607463][ T6213] __x64_sys_getsockopt+0xb5/0xd0 [ 121.612568][ T6213] do_syscall_64+0xf3/0x230 [ 121.617064][ T6213] ? clear_bhb_loop+0x35/0x90 [ 121.621737][ T6213] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 121.627632][ T6213] RIP: 0033:0x7f2216f7dff9 [ 121.632042][ T6213] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 121.651650][ T6213] RSP: 002b:00007f2217cae038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 121.660077][ T6213] RAX: ffffffffffffffda RBX: 00007f2217135f80 RCX: 00007f2216f7dff9 [ 121.668046][ T6213] RDX: 000000000000000a RSI: 0000000000000084 RDI: 0000000000000003 [ 121.676013][ T6213] RBP: 00007f2217cae090 R08: 0000000020000100 R09: 0000000000000000 [ 121.683977][ T6213] R10: 0000000020000040 R11: 0000000000000246 R12: 0000000000000001 [ 121.692049][ T6213] R13: 0000000000000000 R14: 00007f2217135f80 R15: 00007f221725fa28 [ 121.700047][ T6213] [ 121.706817][ T6212] netlink: 4 bytes leftover after parsing attributes in process `syz.4.260'. [ 121.793898][ T6125] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 121.851309][ T6125] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 121.894402][ T5230] Bluetooth: hci4: command tx timeout [ 121.941174][ T6125] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 121.956897][ T6125] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 121.963945][ T6125] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 122.032135][ T6125] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 122.236333][ T4646] gspca_stv06xx: I2C: Read error writing address: -71 [ 122.269877][ T4646] usb 4-1: USB disconnect, device number 23 [ 122.480838][ T6125] hsr_slave_0: entered promiscuous mode [ 122.525374][ T6125] hsr_slave_1: entered promiscuous mode [ 122.569737][ T6125] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 122.593344][ T6125] Cannot create hsr debugfs directory [ 122.794395][ T5311] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 122.969728][ T5311] usb 2-1: Using ep0 maxpacket: 8 [ 123.040747][ T53] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.043330][ T5311] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 123.062106][ T5311] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 123.070511][ T5311] usb 2-1: Product: syz [ 123.075020][ T5311] usb 2-1: Manufacturer: syz [ 123.079648][ T5311] usb 2-1: SerialNumber: syz [ 123.098681][ T5311] usb 2-1: config 0 descriptor?? [ 123.284581][ T53] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 123.529905][ T5242] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 123.543483][ T5242] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 123.587416][ T5242] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 123.643581][ T5242] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 123.651300][ T5242] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 123.745502][ T5242] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 124.016079][ T5242] Bluetooth: hci4: command tx timeout [ 124.074417][ T5311] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 124.145172][ T5311] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 124.202739][ T5311] usb 2-1: USB disconnect, device number 18 [ 124.230324][ T6280] loop2: detected capacity change from 0 to 7 [ 124.264540][ T6280] Dev loop2: unable to read RDB block 7 [ 124.270162][ T6280] loop2: AHDI p1 p3 [ 124.281354][ T6280] loop2: partition table partially beyond EOD, truncated [ 124.290340][ T6280] loop2: p1 start 2048 is beyond EOD, truncated [ 124.342184][ T53] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.484080][ T6283] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 124.642729][ T53] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 124.754507][ T5311] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 124.895901][ T5311] usb 5-1: device descriptor read/64, error -71 [ 125.134369][ T5311] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 125.163669][ T6296] program syz.3.279 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 125.195262][ T53] bridge_slave_1: left allmulticast mode [ 125.202065][ T53] bridge_slave_1: left promiscuous mode [ 125.211309][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 125.226394][ T53] bridge_slave_0: left allmulticast mode [ 125.232282][ T53] bridge_slave_0: left promiscuous mode [ 125.238597][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 125.274358][ T5311] usb 5-1: device descriptor read/64, error -71 [ 125.387471][ T5311] usb usb5-port1: attempt power cycle [ 125.604409][ T5281] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 125.631596][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 125.645851][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 125.660088][ T53] bond0 (unregistering): Released all slaves [ 125.686350][ T47] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 125.709094][ T6268] chnl_net:caif_netlink_parms(): no params data found [ 125.745499][ T5311] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 125.754420][ T5281] usb 2-1: Using ep0 maxpacket: 32 [ 125.766242][ T5281] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 125.774418][ T5311] usb 5-1: device descriptor read/8, error -71 [ 125.780658][ T5281] usb 2-1: can't read configurations, error -61 [ 125.871208][ T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 125.891046][ T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 125.911295][ T5230] Bluetooth: hci1: command tx timeout [ 125.921431][ T5281] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 125.930091][ T47] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 125.940365][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 125.951895][ T47] usb 4-1: config 0 descriptor?? [ 126.037857][ T6268] bridge0: port 1(bridge_slave_0) entered blocking state [ 126.054466][ T5311] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 126.064732][ T5230] Bluetooth: hci4: command tx timeout [ 126.065479][ T6268] bridge0: port 1(bridge_slave_0) entered disabled state [ 126.084459][ T6268] bridge_slave_0: entered allmulticast mode [ 126.088848][ T5311] usb 5-1: device descriptor read/8, error -71 [ 126.095267][ T6268] bridge_slave_0: entered promiscuous mode [ 126.096769][ T5281] usb 2-1: Using ep0 maxpacket: 32 [ 126.114335][ T5281] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 126.119593][ T6268] bridge0: port 2(bridge_slave_1) entered blocking state [ 126.130270][ T5281] usb 2-1: can't read configurations, error -61 [ 126.135679][ T6268] bridge0: port 2(bridge_slave_1) entered disabled state [ 126.145179][ T5281] usb usb2-port1: attempt power cycle [ 126.159704][ T6268] bridge_slave_1: entered allmulticast mode [ 126.167542][ T6300] loop0: detected capacity change from 0 to 7 [ 126.184071][ T6268] bridge_slave_1: entered promiscuous mode [ 126.191839][ T6300] Dev loop0: unable to read RDB block 7 [ 126.216763][ T5311] usb usb5-port1: unable to enumerate USB device [ 126.227275][ T6300] loop0: unable to read partition table [ 126.233106][ T6300] loop0: partition table beyond EOD, truncated [ 126.251278][ T53] hsr_slave_0: left promiscuous mode [ 126.258982][ T6300] loop_reread_partitions: partition scan of loop0 (被xڬdƤݡ [ 126.258982][ T6300] ) failed (rc=-5) [ 126.275091][ T53] hsr_slave_1: left promiscuous mode [ 126.286969][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 126.296614][ T47] usbhid 4-1:0.0: can't add hid device: -71 [ 126.305977][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 126.308261][ T47] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 126.321730][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 126.325371][ T47] usb 4-1: USB disconnect, device number 24 [ 126.348500][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 126.388815][ T53] veth1_macvtap: left promiscuous mode [ 126.396566][ T53] veth0_macvtap: left promiscuous mode [ 126.404449][ T53] veth1_vlan: left promiscuous mode [ 126.409857][ T53] veth0_vlan: left promiscuous mode [ 126.497425][ T5281] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 126.524948][ T5281] usb 2-1: Using ep0 maxpacket: 32 [ 126.545600][ T5281] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 126.553858][ T5281] usb 2-1: can't read configurations, error -61 [ 126.684471][ T5281] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 126.714842][ T5281] usb 2-1: Using ep0 maxpacket: 32 [ 126.724121][ T5281] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 126.733368][ T5281] usb 2-1: can't read configurations, error -61 [ 126.740397][ T5281] usb usb2-port1: unable to enumerate USB device [ 126.831525][ T53] team0 (unregistering): Port device team_slave_1 removed [ 126.894707][ T53] team0 (unregistering): Port device team_slave_0 removed [ 127.381259][ T6125] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 127.413866][ T6125] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 127.461278][ T6268] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 127.471043][ T6125] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 127.476978][ T8] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 127.511470][ T6125] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 127.538109][ T6268] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 127.596780][ T6268] team0: Port device team_slave_0 added [ 127.607715][ T6268] team0: Port device team_slave_1 added [ 127.637285][ T6268] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 127.644492][ T8] usb 4-1: device descriptor read/64, error -71 [ 127.650922][ T6268] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.676855][ C0] vkms_vblank_simulate: vblank timer overrun [ 127.690115][ T6268] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 127.720159][ T6268] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 127.727346][ T6268] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 127.753786][ T6268] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 127.823145][ T6268] hsr_slave_0: entered promiscuous mode [ 127.830055][ T6268] hsr_slave_1: entered promiscuous mode [ 127.836835][ T6268] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 127.845046][ T6268] Cannot create hsr debugfs directory [ 127.934489][ T8] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 127.975071][ T5230] Bluetooth: hci1: command tx timeout [ 128.084923][ T8] usb 4-1: device descriptor read/64, error -71 [ 128.211312][ T6125] 8021q: adding VLAN 0 to HW filter on device bond0 [ 128.216489][ T8] usb usb4-port1: attempt power cycle [ 128.342916][ T6125] 8021q: adding VLAN 0 to HW filter on device team0 [ 128.360344][ T35] bridge0: port 1(bridge_slave_0) entered blocking state [ 128.367509][ T35] bridge0: port 1(bridge_slave_0) entered forwarding state [ 128.402427][ T35] bridge0: port 2(bridge_slave_1) entered blocking state [ 128.409636][ T35] bridge0: port 2(bridge_slave_1) entered forwarding state [ 128.432312][ T5281] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 128.571749][ T6125] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 128.594306][ T5281] usb 5-1: Using ep0 maxpacket: 8 [ 128.600013][ T8] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 128.608766][ T5281] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 128.626080][ T8] usb 4-1: device descriptor read/8, error -71 [ 128.628794][ T5281] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.647962][ T5281] usb 5-1: Product: syz [ 128.653869][ T5281] usb 5-1: Manufacturer: syz [ 128.663752][ T5281] usb 5-1: SerialNumber: syz [ 128.678248][ T5281] usb 5-1: config 0 descriptor?? [ 128.709300][ T6125] veth0_vlan: entered promiscuous mode [ 128.745329][ T6125] veth1_vlan: entered promiscuous mode [ 128.832405][ T6125] veth0_macvtap: entered promiscuous mode [ 128.857779][ T6125] veth1_macvtap: entered promiscuous mode [ 128.874921][ T8] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 128.885213][ T6268] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 128.890066][ T5281] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 128.909103][ T8] usb 4-1: device descriptor read/8, error -71 [ 128.919360][ T6268] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 128.931151][ T6125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.952516][ T6125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.963358][ T6125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 128.980198][ T6125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 128.990543][ T6125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 129.007438][ T6125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.034018][ T6125] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 129.042155][ T8] usb usb4-port1: unable to enumerate USB device [ 129.053105][ T6125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.068697][ T6125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.080691][ T6125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.097818][ T6125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.099286][ T5281] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 129.108017][ T6125] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 129.122308][ T5281] usb 5-1: USB disconnect, device number 24 [ 129.135376][ T6125] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 129.153776][ T6125] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 129.166978][ T6268] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 129.210220][ T6125] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.231101][ T6125] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.244448][ T6125] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.253273][ T6125] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 129.284932][ T6268] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 129.430328][ T1308] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.453350][ T1308] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.551880][ T35] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 129.566417][ T35] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 129.579051][ T6268] 8021q: adding VLAN 0 to HW filter on device bond0 [ 129.610632][ T6268] 8021q: adding VLAN 0 to HW filter on device team0 [ 129.651605][ T11] bridge0: port 1(bridge_slave_0) entered blocking state [ 129.658880][ T11] bridge0: port 1(bridge_slave_0) entered forwarding state [ 129.729891][ T11] bridge0: port 2(bridge_slave_1) entered blocking state [ 129.737057][ T11] bridge0: port 2(bridge_slave_1) entered forwarding state [ 129.767823][ T5311] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 129.943392][ T5311] usb 2-1: New USB device found, idVendor=1a86, idProduct=7522, bcdDevice=35.36 [ 129.975272][ T5311] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 130.009492][ T5311] usb 2-1: Product: syz [ 130.013853][ T5311] usb 2-1: Manufacturer: syz [ 130.031028][ T5311] usb 2-1: SerialNumber: syz [ 130.047826][ T6268] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 130.051687][ T5311] usb 2-1: config 0 descriptor?? [ 130.054848][ T5230] Bluetooth: hci1: command tx timeout [ 130.086762][ T5311] ch341 2-1:0.0: ch341-uart converter detected [ 130.204171][ T6268] veth0_vlan: entered promiscuous mode [ 130.273149][ T6268] veth1_vlan: entered promiscuous mode [ 130.425748][ T6268] veth0_macvtap: entered promiscuous mode [ 130.489927][ T6268] veth1_macvtap: entered promiscuous mode [ 130.525392][ T5311] usb 2-1: failed to send control message: -71 [ 130.565620][ T5311] ch341-uart ttyUSB0: probe with driver ch341-uart failed with error -71 [ 130.577529][ T5311] usb 2-1: USB disconnect, device number 23 [ 130.578427][ T5311] ch341 2-1:0.0: device disconnected [ 130.616429][ T6268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.656604][ T6268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.666776][ T6268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.677295][ T6268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.687201][ T6268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.697760][ T6268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.707696][ T6268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 130.718380][ T6268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.729835][ T6268] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 130.739414][ T6268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.755816][ T6268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.785351][ T6268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.801901][ T6268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.812073][ T6268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.822666][ T6268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.832553][ T6268] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 130.843082][ T6268] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 130.856059][ T6268] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 130.868206][ T6268] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.876986][ T6268] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.885786][ T6268] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 130.894675][ T6268] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 131.041250][ T1308] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.052120][ T1308] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.075699][ T8] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 131.114149][ T1308] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 131.163657][ T1308] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 131.258589][ T8] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 131.315537][ T8] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 131.365573][ T8] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 131.380776][ T8] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 131.382640][ T6427] netlink: 'syz.1.298': attribute type 12 has an invalid length. [ 131.411570][ T8] usb 5-1: SerialNumber: syz [ 131.444332][ T5328] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 131.624553][ T5328] usb 4-1: Using ep0 maxpacket: 8 [ 131.646719][ T5328] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 131.658400][ T8] usb 5-1: 0:2 : does not exist [ 131.677236][ T5328] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.705469][ T8] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 131.709705][ T6439] FAULT_INJECTION: forcing a failure. [ 131.709705][ T6439] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 131.726454][ T6439] CPU: 1 UID: 0 PID: 6439 Comm: syz.2.299 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 131.737053][ T6439] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 131.747100][ T6439] Call Trace: [ 131.750366][ T6439] [ 131.753292][ T6439] dump_stack_lvl+0x241/0x360 [ 131.757956][ T6439] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.763135][ T6439] ? __pfx__printk+0x10/0x10 [ 131.767713][ T6439] ? tomoyo_path_number_perm+0x71a/0x880 [ 131.773356][ T6439] ? __pfx_lock_release+0x10/0x10 [ 131.778390][ T6439] should_fail_ex+0x3b0/0x4e0 [ 131.783060][ T6439] _copy_from_user+0x2f/0xe0 [ 131.787645][ T6439] video_usercopy+0x378/0x1180 [ 131.792415][ T6439] ? __pfx___video_do_ioctl+0x10/0x10 [ 131.797789][ T6439] ? __pfx_video_usercopy+0x10/0x10 [ 131.802991][ T6439] ? __fget_files+0x29/0x470 [ 131.807576][ T6439] ? __fget_files+0x3f3/0x470 [ 131.812249][ T6439] v4l2_ioctl+0x189/0x1e0 [ 131.816574][ T6439] ? __pfx_v4l2_ioctl+0x10/0x10 [ 131.821594][ T6439] __se_sys_ioctl+0xf9/0x170 [ 131.826183][ T6439] do_syscall_64+0xf3/0x230 [ 131.830676][ T6439] ? clear_bhb_loop+0x35/0x90 [ 131.835347][ T6439] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.841236][ T6439] RIP: 0033:0x7fcb3ed7dff9 [ 131.845645][ T6439] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.865241][ T6439] RSP: 002b:00007fcb3fbca038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 131.873649][ T6439] RAX: ffffffffffffffda RBX: 00007fcb3ef36058 RCX: 00007fcb3ed7dff9 [ 131.881612][ T6439] RDX: 0000000020000040 RSI: 00000000c02c564a RDI: 000000000000000a [ 131.889580][ T6439] RBP: 00007fcb3fbca090 R08: 0000000000000000 R09: 0000000000000000 [ 131.897557][ T6439] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 131.905526][ T6439] R13: 0000000000000000 R14: 00007fcb3ef36058 R15: 00007fcb3f05fa28 [ 131.913525][ T6439] [ 131.916665][ C1] vkms_vblank_simulate: vblank timer overrun [ 131.944329][ T5328] usb 4-1: Product: syz [ 131.948622][ T5328] usb 4-1: Manufacturer: syz [ 131.953227][ T5328] usb 4-1: SerialNumber: syz [ 131.970905][ T8] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5) [ 131.984159][ T8] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5) [ 132.003875][ T5328] usb 4-1: config 0 descriptor?? [ 132.039842][ T8] usb 5-1: 5:0: cannot get min/max values for control 3 (id 5) [ 132.104826][ T8] usb 5-1: USB disconnect, device number 25 [ 132.216253][ T5230] Bluetooth: hci1: command tx timeout [ 132.334438][ T5328] dvb_usb_rtl28xxu 4-1:0.0: chip type detection failed -71 [ 132.342217][ T5328] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 132.363487][ T5246] udevd[5246]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 132.374715][ T4646] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 132.400805][ T5328] usb 4-1: USB disconnect, device number 29 [ 132.564368][ T4646] usb 3-1: Using ep0 maxpacket: 8 [ 132.571768][ T4646] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 132.582773][ T4646] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 132.594675][ T4646] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 132.605132][ T4646] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 132.636199][ T4646] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 132.657038][ T4646] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 132.734739][ T5298] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 132.914862][ T4646] usb 3-1: GET_CAPABILITIES returned 0 [ 132.920403][ T4646] usbtmc 3-1:16.0: can't read capabilities [ 133.020653][ T1267] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.027060][ T1267] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.091867][ T5298] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 133.111873][ T5298] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.222755][ T5298] usb 2-1: config 0 descriptor?? [ 133.444061][ T5298] cp210x 2-1:0.0: cp210x converter detected [ 133.729504][ T6471] netlink: 'syz.1.300': attribute type 21 has an invalid length. [ 133.768610][ T6471] netlink: 'syz.1.300': attribute type 1 has an invalid length. [ 133.876768][ T6471] fuse: Bad value for 'user_id' [ 133.922676][ T6471] fuse: Bad value for 'user_id' [ 134.156077][ T6447] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 134.174563][ T5298] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 134.234462][ T6447] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 134.264336][ T5328] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 134.444794][ T5328] usb 1-1: Using ep0 maxpacket: 16 [ 134.461398][ T5328] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid maxpacket 1064, setting to 1024 [ 134.503733][ T5328] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0xA has invalid maxpacket 1024 [ 134.569420][ T5328] usb 1-1: New USB device found, idVendor=12d1, idProduct=5a95, bcdDevice=21.27 [ 134.599687][ T5328] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 134.647660][ T5328] usb 1-1: Product: syz [ 134.728843][ T5328] usb 1-1: Manufacturer: syz [ 134.751758][ T5328] usb 1-1: SerialNumber: syz [ 134.759348][ T5298] cp210x 2-1:0.0: failed to get vendor val 0x000e size 678: -71 [ 134.817723][ T5328] usb 1-1: config 0 descriptor?? [ 134.828735][ T5298] cp210x 2-1:0.0: GPIO initialisation failed: -71 [ 134.838495][ T6474] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 134.848609][ T5298] usb 2-1: cp210x converter now attached to ttyUSB0 [ 134.871727][ T5328] option 1-1:0.0: GSM modem (1-port) converter detected [ 134.886046][ T5298] usb 2-1: USB disconnect, device number 24 [ 134.913558][ T5328] usb 1-1: GSM modem (1-port) converter now attached to ttyUSB1 [ 134.925275][ T5298] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 135.004856][ T5298] cp210x 2-1:0.0: device disconnected [ 135.023095][ T4646] usb 3-1: USB disconnect, device number 15 [ 135.158506][ T5328] usb 1-1: USB disconnect, device number 19 [ 135.208342][ T5328] option1 ttyUSB1: GSM modem (1-port) converter now disconnected from ttyUSB1 [ 135.248242][ T5328] option 1-1:0.0: device disconnected [ 135.485006][ T6511] loop8: detected capacity change from 0 to 7 [ 135.518005][ T6511] Dev loop8: unable to read RDB block 7 [ 135.524452][ T5298] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 135.531999][ T6511] loop8: unable to read partition table [ 135.563695][ T6511] loop8: partition table beyond EOD, truncated [ 135.597890][ T6511] loop_reread_partitions: partition scan of loop8 (被xڬdƤݡ [ 135.597890][ T6511] ) failed (rc=-5) [ 135.704318][ T5298] usb 2-1: Using ep0 maxpacket: 32 [ 135.720322][ T6522] netlink: 'syz.4.314': attribute type 10 has an invalid length. [ 135.757437][ T5298] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 36 [ 135.795437][ T5298] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 135.798006][ T6522] team0: Device netdevsim0 failed to register rx_handler [ 135.821521][ T5298] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.833158][ T5298] usb 2-1: Product: syz [ 135.839920][ T5298] usb 2-1: Manufacturer: syz [ 135.850041][ T5298] usb 2-1: SerialNumber: syz [ 135.859180][ T5298] usb 2-1: config 0 descriptor?? [ 135.865668][ T6509] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 135.877108][ T5298] hub 2-1:0.0: bad descriptor, ignoring hub [ 135.883113][ T5298] hub 2-1:0.0: probe with driver hub failed with error -5 [ 135.890926][ T6529] netlink: 'syz.4.314': attribute type 10 has an invalid length. [ 135.905579][ T5298] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input17 [ 136.053470][ T6535] netlink: 4 bytes leftover after parsing attributes in process `syz.0.317'. [ 136.132205][ T6509] x_tables: duplicate underflow at hook 2 [ 136.174345][ T4646] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 136.212607][ T6538] netlink: 60 bytes leftover after parsing attributes in process `syz.4.319'. [ 136.261222][ T5281] usb 2-1: USB disconnect, device number 25 [ 136.261316][ C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 136.340812][ T4646] usb 4-1: Using ep0 maxpacket: 32 [ 136.370870][ T4646] usb 4-1: New USB device found, idVendor=0644, idProduct=8020, bcdDevice=30.b6 [ 136.383338][ T4646] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.391761][ T4646] usb 4-1: Product: syz [ 136.396312][ T4646] usb 4-1: Manufacturer: syz [ 136.400906][ T4646] usb 4-1: SerialNumber: syz [ 136.412886][ T4646] usb 4-1: config 0 descriptor?? [ 136.422150][ T4646] usb 4-1: disable ehci-hcd to run US-144 [ 136.525675][ T6545] FAULT_INJECTION: forcing a failure. [ 136.525675][ T6545] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 136.542548][ T6545] CPU: 1 UID: 0 PID: 6545 Comm: syz.2.321 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 136.553179][ T6545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 136.563259][ T6545] Call Trace: [ 136.566550][ T6545] [ 136.569497][ T6545] dump_stack_lvl+0x241/0x360 [ 136.574197][ T6545] ? __pfx_dump_stack_lvl+0x10/0x10 [ 136.579409][ T6545] ? __pfx__printk+0x10/0x10 [ 136.584032][ T6545] ? snprintf+0xda/0x120 [ 136.588323][ T6545] should_fail_ex+0x3b0/0x4e0 [ 136.593013][ T6545] _copy_to_user+0x2f/0xb0 [ 136.597422][ T6545] simple_read_from_buffer+0xca/0x150 [ 136.602784][ T6545] proc_fail_nth_read+0x1e9/0x250 [ 136.607795][ T6545] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 136.613331][ T6545] ? rw_verify_area+0x55e/0x6f0 [ 136.618170][ T6545] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 136.623707][ T6545] vfs_read+0x201/0xbc0 [ 136.627850][ T6545] ? __pfx_lock_release+0x10/0x10 [ 136.632875][ T6545] ? __pfx_vfs_read+0x10/0x10 [ 136.637539][ T6545] ? __fget_files+0x3f3/0x470 [ 136.642209][ T6545] ? fdget_pos+0x24e/0x320 [ 136.646613][ T6545] ksys_read+0x183/0x2b0 [ 136.650838][ T6545] ? __pfx_ksys_read+0x10/0x10 [ 136.655586][ T6545] ? do_syscall_64+0x100/0x230 [ 136.660334][ T6545] ? do_syscall_64+0xb6/0x230 [ 136.665014][ T6545] do_syscall_64+0xf3/0x230 [ 136.669508][ T6545] ? clear_bhb_loop+0x35/0x90 [ 136.674171][ T6545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 136.680064][ T6545] RIP: 0033:0x7fcb3ed7ca3c [ 136.684473][ T6545] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 69 8e 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 bf 8e 02 00 48 [ 136.704079][ T6545] RSP: 002b:00007fcb3fbeb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 136.712503][ T6545] RAX: ffffffffffffffda RBX: 00007fcb3ef35f80 RCX: 00007fcb3ed7ca3c [ 136.720475][ T6545] RDX: 000000000000000f RSI: 00007fcb3fbeb0a0 RDI: 0000000000000004 [ 136.728427][ T6545] RBP: 00007fcb3fbeb090 R08: 0000000000000000 R09: 0000000000000000 [ 136.736381][ T6545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 136.744343][ T6545] R13: 0000000000000000 R14: 00007fcb3ef35f80 R15: 00007fcb3f05fa28 [ 136.752334][ T6545] [ 136.755456][ C1] vkms_vblank_simulate: vblank timer overrun [ 136.781488][ T5286] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 136.817633][ T5281] usb 4-1: USB disconnect, device number 30 [ 136.936463][ T6548] netlink: 20 bytes leftover after parsing attributes in process `syz.2.322'. [ 136.964324][ T5286] usb 5-1: Using ep0 maxpacket: 16 [ 136.967608][ T6548] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 136.973097][ T5286] usb 5-1: New USB device found, idVendor=0572, idProduct=0041, bcdDevice=d5.24 [ 137.001309][ T5286] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.033722][ T5286] usb 5-1: Product: syz [ 137.039602][ T5286] usb 5-1: Manufacturer: syz [ 137.049853][ T5286] usb 5-1: SerialNumber: syz [ 137.065797][ T5286] usb 5-1: config 0 descriptor?? [ 137.080277][ T5286] gspca_main: conex-2.14.0 probing 0572:0041 [ 137.283242][ T6543] netlink: 68 bytes leftover after parsing attributes in process `syz.4.320'. [ 137.450354][ T5286] usb 5-1: USB disconnect, device number 26 [ 137.584951][ T5298] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 137.781760][ T5298] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1855, setting to 1024 [ 137.799306][ T5298] usb 1-1: New USB device found, idVendor=056a, idProduct=0059, bcdDevice= 0.00 [ 137.814848][ T5298] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.856345][ T5298] usb 1-1: config 0 descriptor?? [ 137.873400][ T6562] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 138.232261][ T6562] [U] [ 138.234527][ T5281] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 138.235535][ T6562] [U] iZ,6}ʜI+DKKʿ)^&Oƽ8EKw &ceޑT [ 138.251945][ T6562] [U] A:ɾUCo}C6m< ‚ [ 138.256932][ T6562] [U] [ 138.259628][ T6562] [U] [ 138.263776][ T6562] [U] [ 138.266501][ T6562] [U] [ 138.269212][ T6562] [U] [ 138.271927][ T6562] [U] [ 138.275278][ T6562] [U] [ 138.277990][ T6562] [U] [ 138.280697][ T6562] [U] [ 138.432640][ T6561] [U] [ 138.456408][ T5281] usb 3-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 138.476067][ T5281] usb 3-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 138.503405][ T5281] usb 3-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 138.524287][ T5281] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 138.549425][ T6586] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 138.553625][ T5298] usbhid 1-1:0.0: can't add hid device: -71 [ 138.561876][ T5281] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 138.576281][ T6614] netlink: 4 bytes leftover after parsing attributes in process `syz.4.334'. [ 138.583540][ T5298] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 138.612223][ T5298] usb 1-1: USB disconnect, device number 20 [ 138.772063][ T6583] xt_CT: You must specify a L4 protocol and not use inversions on it [ 138.786284][ T5281] usb 3-1: USB disconnect, device number 16 [ 138.883976][ T6614] team0 (unregistering): Failed to send port change of device team_slave_0 via netlink (err -105) [ 138.895813][ T6614] team0 (unregistering): Port device team_slave_0 removed [ 138.906810][ T6614] team0 (unregistering): Failed to send options change via netlink (err -105) [ 138.916408][ T6614] team0 (unregistering): Failed to send port change of device team_slave_1 via netlink (err -105) [ 138.928962][ T6614] team0 (unregistering): Port device team_slave_1 removed [ 138.951337][ T6618] netlink: 24 bytes leftover after parsing attributes in process `syz.3.337'. [ 139.167494][ T6623] binder_alloc: 6622: binder_install_single_page failed to insert page at offset 1000 with -14 [ 139.283584][ T6629] misc userio: No port type given on /dev/userio [ 139.291346][ T6629] misc userio: The device must be registered before sending interrupts [ 139.324399][ T6629] netlink: 12 bytes leftover after parsing attributes in process `syz.4.341'. [ 139.373197][ T6631] netlink: 8 bytes leftover after parsing attributes in process `syz.3.342'. [ 139.444638][ T5281] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 139.471695][ T6633] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 139.512070][ T6633] iommufd_mock iommufd_mock1: Adding to iommu group 1 [ 139.530890][ T6633] iommufd_mock iommufd_mock2: Adding to iommu group 2 [ 139.612668][ T5281] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid maxpacket 8192, setting to 1024 [ 139.623937][ T5281] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8E has invalid maxpacket 1024 [ 139.634123][ T5281] usb 1-1: New USB device found, idVendor=0499, idProduct=1035, bcdDevice=56.12 [ 139.643340][ T5281] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.656551][ T5281] usb 1-1: config 0 descriptor?? [ 139.669872][ T5281] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 139.864660][ T5298] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 139.929255][ T6623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.938203][ T6623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 140.026838][ T5298] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 140.036207][ T5298] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 140.049046][ T5298] usb 4-1: config 0 descriptor?? [ 140.098662][ T5285] usb 1-1: USB disconnect, device number 21 [ 140.203187][ T6652] netlink: 'syz.4.349': attribute type 10 has an invalid length. [ 140.212903][ T6652] netlink: 'syz.4.349': attribute type 10 has an invalid length. [ 140.461374][ T5298] ath6kl: Unsupported hardware version: 0x0 [ 140.469788][ T5298] ath6kl: Failed to init ath6kl core: -22 [ 140.493685][ T5298] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 140.582346][ T6658] netlink: 20 bytes leftover after parsing attributes in process `syz.0.351'. [ 140.826882][ T6660] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 140.860742][ T6660] macsec2: entered promiscuous mode [ 141.254380][ T5311] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 141.274419][ T5298] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 141.414537][ T5311] usb 1-1: Using ep0 maxpacket: 16 [ 141.425523][ T5311] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 141.435033][ T5311] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 141.443055][ T5311] usb 1-1: Product: syz [ 141.448225][ T5311] usb 1-1: Manufacturer: syz [ 141.452910][ T5311] usb 1-1: SerialNumber: syz [ 141.454587][ T5298] usb 3-1: Using ep0 maxpacket: 8 [ 141.459909][ T5311] usb 1-1: config 0 descriptor?? [ 141.472407][ T5298] usb 3-1: config 179 has an invalid interface number: 65 but max is 0 [ 141.481472][ T5298] usb 3-1: config 179 has an invalid descriptor of length 0, skipping remainder of the config [ 141.482573][ T5311] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 141.492698][ T5298] usb 3-1: config 179 has no interface number 0 [ 141.509227][ T5298] usb 3-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 141.521246][ T5298] usb 3-1: config 179 interface 65 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 23 [ 141.534869][ T5298] usb 3-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 141.544046][ T5298] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.644459][ T5281] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 141.696550][ T5311] ssu100 1-1:0.0: probe with driver ssu100 failed with error -71 [ 141.731997][ T5311] usb 1-1: USB disconnect, device number 22 [ 141.807316][ T5281] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 141.813546][ T6663] netlink: 4 bytes leftover after parsing attributes in process `syz.2.353'. [ 141.838713][ T5281] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 141.860709][ T5286] usb 3-1: USB disconnect, device number 17 [ 141.871103][ T5281] usb 5-1: config 0 descriptor?? [ 141.904162][ T5281] cp210x 5-1:0.0: cp210x converter detected [ 142.110247][ T29] audit: type=1326 audit(1728177951.521:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6668 comm="syz.4.355" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f1f19d7dff9 code=0x0 [ 142.549209][ T5286] usb 4-1: USB disconnect, device number 31 [ 142.582910][ T6683] misc userio: No port type given on /dev/userio [ 142.611333][ T6683] misc userio: The device must be registered before sending interrupts [ 142.712894][ T6683] netlink: 12 bytes leftover after parsing attributes in process `syz.2.359'. [ 143.134740][ T6697] netlink: 'syz.0.365': attribute type 9 has an invalid length. [ 143.144113][ T6697] netlink: 134660 bytes leftover after parsing attributes in process `syz.0.365'. [ 143.229763][ T6699] netlink: 'syz.0.365': attribute type 9 has an invalid length. [ 143.237811][ T6699] netlink: 134660 bytes leftover after parsing attributes in process `syz.0.365'. [ 143.716667][ T6710] FAULT_INJECTION: forcing a failure. [ 143.716667][ T6710] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 143.729992][ T6710] CPU: 1 UID: 0 PID: 6710 Comm: syz.1.370 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 143.740610][ T6710] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 143.750685][ T6710] Call Trace: [ 143.753982][ T6710] [ 143.756929][ T6710] dump_stack_lvl+0x241/0x360 [ 143.761634][ T6710] ? __pfx_dump_stack_lvl+0x10/0x10 [ 143.766855][ T6710] ? __pfx__printk+0x10/0x10 [ 143.771473][ T6710] ? __pfx_lock_release+0x10/0x10 [ 143.776526][ T6710] should_fail_ex+0x3b0/0x4e0 [ 143.781231][ T6710] _copy_from_user+0x2f/0xe0 [ 143.785843][ T6710] copy_msghdr_from_user+0xae/0x680 [ 143.789028][ T5298] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 143.791047][ T6710] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 143.791090][ T6710] __sys_sendmsg+0x22d/0x380 [ 143.809015][ T6710] ? __pfx___sys_sendmsg+0x10/0x10 [ 143.814156][ T6710] ? __pfx_vfs_write+0x10/0x10 [ 143.818956][ T6710] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 143.825316][ T6710] ? do_syscall_64+0x100/0x230 [ 143.830102][ T6710] ? do_syscall_64+0xb6/0x230 [ 143.834798][ T6710] do_syscall_64+0xf3/0x230 [ 143.839315][ T6710] ? clear_bhb_loop+0x35/0x90 [ 143.844011][ T6710] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 143.849928][ T6710] RIP: 0033:0x7f2216f7dff9 [ 143.854363][ T6710] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 143.873990][ T6710] RSP: 002b:00007f2217cae038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 143.882434][ T6710] RAX: ffffffffffffffda RBX: 00007f2217135f80 RCX: 00007f2216f7dff9 [ 143.890426][ T6710] RDX: 0000000000000000 RSI: 0000000020000140 RDI: 0000000000000003 [ 143.898421][ T6710] RBP: 00007f2217cae090 R08: 0000000000000000 R09: 0000000000000000 [ 143.906500][ T6710] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 143.914498][ T6710] R13: 0000000000000000 R14: 00007f2217135f80 R15: 00007f221725fa28 [ 143.922504][ T6710] [ 143.925635][ C1] vkms_vblank_simulate: vblank timer overrun [ 143.977185][ T5298] usb 3-1: Using ep0 maxpacket: 8 [ 143.980193][ T53] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.010044][ T5298] usb 3-1: config 1 interface 0 altsetting 11 endpoint 0x2 has an invalid bInterval 43, changing to 9 [ 144.039923][ T5298] usb 3-1: config 1 interface 0 altsetting 11 endpoint 0x2 has invalid maxpacket 57856, setting to 1024 [ 144.104423][ T5298] usb 3-1: config 1 interface 0 has no altsetting 0 [ 144.118399][ T5298] usb 3-1: New USB device found, idVendor=0b0e, idProduct=ffff, bcdDevice= 0.40 [ 144.154378][ T5298] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.171768][ T5298] usb 3-1: Product: 戂糚橖럕뿤䕕ύ馸餵蓶ه쩉ៃቄ恁틠ᴞ⫚᳏Ꭓ謦噲㻇䗉纉䑵ࡇ䑳⅟阚蔁갱颩뭨͙视끍鴼ﰥ㻰않䙰ꑼ頢쉝䈎㙓곞撄崅ྊ쬺뒋쭎놤◳㻯⋨낌빢萪諗ભ꣯碄颌㴸蒄轖冔ブ섛﮿뺥씣蹳녯䣾्켜몾抝忬茐ࣛ苖矊쏫똗ᴓ帕姯訂넼拥砣猽慨 [ 144.182620][ T53] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.203747][ C1] vkms_vblank_simulate: vblank timer overrun [ 144.240813][ T5298] usb 3-1: Manufacturer: 볫찪ᄭ㳢ᡆ颥驚䶍✮쬚뵵⏖ተﻲ䧳负ৣ氵ш䎾㠤䰃駚휣ϒ昪感ɋ젅쉰ᣛ⠇軭鴵㗽䵦謎於⁦褜憫둴㹣ඐ┆㯦묇롸倪ꩠ並鉒槃춿䑵䋜℥桟놅Ꜣ姴聢徹 [ 144.302664][ T5298] usb 3-1: SerialNumber: 趀摾鞄ᚷᓀﺧ噧⾆꧑菛搔㙒煭ޱ엿頯丁឴똫戅ꎘᙏ뭧麖䶹蚬㞘쩍⸎죢䈛泓댒逑璪䥥倀胟㏸﴿차뉸ꢑ郚䟷鮙虋捾昽껯냯ꁙヹ↉깰꯭藊㤊陠噏ꯈﱺ밆頚聐蔒랇쥾螙䫝⋬摓뼬筝觪壴爋ᶚ셥㳲祹ᑽ쌵䏃ᚤ攡쒇糃뮖Տ⓫䕂覟䳡菲օ牢췼 [ 144.353657][ T5242] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 144.365388][ T5242] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 144.374170][ T5242] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 144.389745][ T5242] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 144.397482][ T5242] Bluetooth: hci3: unexpected cc 0x0c25 length: 249 > 3 [ 144.407497][ T5242] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 144.512123][ T53] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.552172][ T5281] cp210x 5-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 144.560722][ T5281] cp210x 5-1:0.0: querying part number failed [ 144.569043][ T5281] usb 5-1: cp210x converter now attached to ttyUSB0 [ 144.580387][ T5281] usb 5-1: USB disconnect, device number 27 [ 144.593294][ T5281] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 144.643513][ T5281] cp210x 5-1:0.0: device disconnected [ 144.669832][ T6724] misc userio: No port type given on /dev/userio [ 144.681326][ T6724] misc userio: The device must be registered before sending interrupts [ 144.706959][ T6726] netlink: 8 bytes leftover after parsing attributes in process `syz.4.378'. [ 144.721430][ T6726] netlink: 8 bytes leftover after parsing attributes in process `syz.4.378'. [ 144.796941][ T53] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 144.818010][ T6724] netlink: 12 bytes leftover after parsing attributes in process `syz.1.377'. [ 144.989723][ T53] bridge_slave_1: left allmulticast mode [ 144.998374][ T53] bridge_slave_1: left promiscuous mode [ 145.004157][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 145.021206][ T53] bridge_slave_0: left allmulticast mode [ 145.028095][ T53] bridge_slave_0: left promiscuous mode [ 145.033825][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 145.074419][ T5311] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 145.082203][ T5281] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 145.273031][ T5311] usb 1-1: Using ep0 maxpacket: 16 [ 145.280614][ T5281] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 145.308741][ T5281] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 145.329768][ T5311] usb 1-1: unable to get BOS descriptor or descriptor too short [ 145.338273][ T5281] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 145.352097][ T5281] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 145.360467][ T5281] usb 5-1: SerialNumber: syz [ 145.367863][ T5311] usb 1-1: config 0 has no interfaces? [ 145.379075][ T5311] usb 1-1: New USB device found, idVendor=0af0, idProduct=7031, bcdDevice=78.43 [ 145.388713][ T5311] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.397754][ T5311] usb 1-1: Product: syz [ 145.402050][ T5311] usb 1-1: Manufacturer: syz [ 145.406887][ T5311] usb 1-1: SerialNumber: syz [ 145.426043][ T5311] usb 1-1: config 0 descriptor?? [ 145.580664][ T5281] usb 5-1: 0:2 : does not exist [ 145.593566][ T5281] usb 5-1: unit 5: unexpected type 0x0d [ 145.621812][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 145.624102][ T6736] program syz.1.381 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 145.643834][ T5281] usb 5-1: USB disconnect, device number 28 [ 145.677989][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 145.695817][ T53] bond0 (unregistering): Released all slaves [ 145.698082][ T5246] udevd[5246]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 145.813883][ T6722] chnl_net:caif_netlink_parms(): no params data found [ 145.894417][ T5311] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 146.041386][ T6722] bridge0: port 1(bridge_slave_0) entered blocking state [ 146.056714][ T6722] bridge0: port 1(bridge_slave_0) entered disabled state [ 146.065465][ T6722] bridge_slave_0: entered allmulticast mode [ 146.073298][ T6722] bridge_slave_0: entered promiscuous mode [ 146.089253][ T5311] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 146.112784][ T5311] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 146.148732][ T5311] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 146.169211][ T5311] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 146.196371][ T53] hsr_slave_0: left promiscuous mode [ 146.203188][ T5311] usb 2-1: SerialNumber: syz [ 146.213188][ T53] hsr_slave_1: left promiscuous mode [ 146.251396][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 146.266718][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 146.283458][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 146.295683][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 146.338942][ T53] veth1_macvtap: left promiscuous mode [ 146.351452][ T53] veth0_macvtap: left promiscuous mode [ 146.368486][ T53] veth1_vlan: left promiscuous mode [ 146.379487][ T53] veth0_vlan: left promiscuous mode [ 146.443997][ T5311] usb 2-1: 0:2 : does not exist [ 146.454432][ T5242] Bluetooth: hci3: command tx timeout [ 146.498960][ T5311] usb 2-1: USB disconnect, device number 26 [ 146.517300][ T5298] usbhid 3-1:1.0: can't add hid device: -71 [ 146.531533][ T5246] udevd[5246]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 146.546576][ T5298] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 146.593117][ T5298] usb 3-1: USB disconnect, device number 18 [ 146.677402][ T6763] loop0: detected capacity change from 0 to 7 [ 146.687642][ T6763] Dev loop0: unable to read RDB block 7 [ 146.695267][ T6763] loop0: AHDI p2 [ 146.699168][ T6763] loop0: partition table partially beyond EOD, truncated [ 147.040607][ T53] team0 (unregistering): Port device team_slave_1 removed [ 147.106816][ T53] team0 (unregistering): Port device team_slave_0 removed [ 147.354551][ T5311] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 147.511235][ T6722] bridge0: port 2(bridge_slave_1) entered blocking state [ 147.514421][ T5311] usb 2-1: Using ep0 maxpacket: 32 [ 147.518549][ T6722] bridge0: port 2(bridge_slave_1) entered disabled state [ 147.531859][ T5311] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 16 [ 147.551782][ T6722] bridge_slave_1: entered allmulticast mode [ 147.552658][ T5311] usb 2-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 147.559164][ T6722] bridge_slave_1: entered promiscuous mode [ 147.567099][ T5311] usb 2-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 147.581238][ T5311] usb 2-1: Product: syz [ 147.587348][ T5311] usb 2-1: Manufacturer: syz [ 147.592206][ T5311] usb 2-1: SerialNumber: syz [ 147.612268][ T5311] usb 2-1: config 0 descriptor?? [ 147.620756][ T6722] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 147.634798][ T6766] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 147.668242][ T6722] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 147.844777][ T6722] team0: Port device team_slave_0 added [ 147.864034][ T5281] usb 1-1: USB disconnect, device number 23 [ 147.879681][ T6722] team0: Port device team_slave_1 added [ 148.047793][ T5311] usb 2-1: USB disconnect, device number 27 [ 148.121465][ T6783] misc userio: No port type given on /dev/userio [ 148.126511][ T6722] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 148.134708][ T6783] misc userio: The device must be registered before sending interrupts [ 148.162050][ T6722] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.188090][ C1] vkms_vblank_simulate: vblank timer overrun [ 148.240415][ T6722] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 148.268895][ T6783] netlink: 12 bytes leftover after parsing attributes in process `syz.0.389'. [ 148.303517][ T6722] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 148.341762][ T6722] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 148.367998][ C1] vkms_vblank_simulate: vblank timer overrun [ 148.442346][ T6722] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 148.535014][ T5242] Bluetooth: hci3: command tx timeout [ 148.547082][ T6722] hsr_slave_0: entered promiscuous mode [ 148.553613][ T6722] hsr_slave_1: entered promiscuous mode [ 148.559383][ T5311] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 148.568978][ T6722] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 148.576780][ T6722] Cannot create hsr debugfs directory [ 148.725341][ T5311] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 148.725391][ T5285] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 148.738743][ T5311] usb 5-1: config 1 has no interface number 0 [ 148.760903][ T5311] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 148.780866][ T5311] usb 5-1: Duplicate descriptor for config 1 interface 1 altsetting 0, skipping [ 148.790524][ T5311] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x8 has invalid wMaxPacketSize 0 [ 148.800472][ T5311] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x3 has invalid maxpacket 10007, setting to 1024 [ 148.812762][ T5311] usb 5-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 1024 [ 148.816337][ T6811] netlink: 16 bytes leftover after parsing attributes in process `syz.1.394'. [ 148.827241][ T5311] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 148.879818][ T5311] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.909921][ T5311] usb 5-1: Product: syz [ 148.914138][ T5311] usb 5-1: Manufacturer: syz [ 148.933456][ T5311] usb 5-1: SerialNumber: syz [ 148.934056][ T5285] usb 3-1: config 0 has an invalid interface number: 154 but max is 0 [ 148.953966][ T5285] usb 3-1: config 0 has no interface number 0 [ 149.025232][ T5285] usb 3-1: New USB device found, idVendor=0af7, idProduct=0101, bcdDevice=61.d8 [ 149.034685][ T5285] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.042702][ T5285] usb 3-1: Product: syz [ 149.047127][ T5285] usb 3-1: Manufacturer: syz [ 149.051751][ T5285] usb 3-1: SerialNumber: syz [ 149.062199][ T5285] usb 3-1: config 0 descriptor?? [ 149.081900][ T5285] flexcop_usb: set interface failed. [ 149.087325][ T5285] b2c2_flexcop_usb 3-1:0.154: probe with driver b2c2_flexcop_usb failed with error -22 [ 149.119319][ T53] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.185145][ T6794] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 149.203217][ T6818] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 149.214733][ T6818] macsec1: entered promiscuous mode [ 149.296526][ T53] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.308207][ T5298] usb 3-1: USB disconnect, device number 19 [ 149.494338][ T5285] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 149.519847][ T53] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.644542][ T5285] usb 2-1: Using ep0 maxpacket: 16 [ 149.654450][ T5285] usb 2-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 149.663526][ T5285] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 149.692892][ T5285] usb 2-1: Product: syz [ 149.710698][ T5285] usb 2-1: Manufacturer: syz [ 149.718947][ T5230] Bluetooth: hci4: unexpected cc 0x0c03 length: 249 > 1 [ 149.719922][ T5285] usb 2-1: SerialNumber: syz [ 149.731393][ T5230] Bluetooth: hci4: unexpected cc 0x1003 length: 249 > 9 [ 149.742460][ T5230] Bluetooth: hci4: unexpected cc 0x1001 length: 249 > 9 [ 149.761302][ T5285] usb 2-1: config 0 descriptor?? [ 149.775047][ T5230] Bluetooth: hci4: unexpected cc 0x0c23 length: 249 > 4 [ 149.779395][ T5285] ssu100 2-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 149.791944][ T5230] Bluetooth: hci4: unexpected cc 0x0c25 length: 249 > 3 [ 149.800061][ T5230] Bluetooth: hci4: unexpected cc 0x0c38 length: 249 > 2 [ 149.813972][ T6794] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 149.823588][ T5311] cdc_ncm 5-1:1.1: bind() failure [ 149.823635][ T53] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 149.987192][ T5285] ssu100 2-1:0.0: probe with driver ssu100 failed with error -71 [ 150.014104][ T5285] usb 2-1: USB disconnect, device number 28 [ 150.069932][ T5284] usb 5-1: USB disconnect, device number 29 [ 150.094575][ T53] bridge_slave_1: left allmulticast mode [ 150.124451][ T53] bridge_slave_1: left promiscuous mode [ 150.155381][ T53] bridge0: port 2(bridge_slave_1) entered disabled state [ 150.168588][ T53] bridge_slave_0: left allmulticast mode [ 150.178660][ T6835] FAULT_INJECTION: forcing a failure. [ 150.178660][ T6835] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 150.198069][ T6835] CPU: 1 UID: 0 PID: 6835 Comm: syz.2.398 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 150.208696][ T6835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 150.218775][ T6835] Call Trace: [ 150.222063][ T6835] [ 150.225003][ T6835] dump_stack_lvl+0x241/0x360 [ 150.229783][ T6835] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.235005][ T6835] ? __pfx__printk+0x10/0x10 [ 150.239646][ T6835] ? __pfx_lock_release+0x10/0x10 [ 150.244708][ T6835] should_fail_ex+0x3b0/0x4e0 [ 150.249690][ T6835] _copy_to_user+0x2f/0xb0 [ 150.254141][ T6835] video_usercopy+0xe5e/0x1180 [ 150.258936][ T6835] ? __pfx___video_do_ioctl+0x10/0x10 [ 150.264502][ T6835] ? __pfx_video_usercopy+0x10/0x10 [ 150.269735][ T6835] ? __fget_files+0x29/0x470 [ 150.274358][ T6835] ? __fget_files+0x3f3/0x470 [ 150.279062][ T6835] v4l2_ioctl+0x189/0x1e0 [ 150.283413][ T6835] ? __pfx_v4l2_ioctl+0x10/0x10 [ 150.288295][ T6835] __se_sys_ioctl+0xf9/0x170 [ 150.292909][ T6835] do_syscall_64+0xf3/0x230 [ 150.297429][ T6835] ? clear_bhb_loop+0x35/0x90 [ 150.302124][ T6835] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.308045][ T6835] RIP: 0033:0x7fcb3ed7dff9 [ 150.312477][ T6835] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.332104][ T6835] RSP: 002b:00007fcb3fbeb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 150.340540][ T6835] RAX: ffffffffffffffda RBX: 00007fcb3ef35f80 RCX: 00007fcb3ed7dff9 [ 150.348530][ T6835] RDX: 0000000020000040 RSI: 00000000c02c564a RDI: 000000000000000a [ 150.356519][ T6835] RBP: 00007fcb3fbeb090 R08: 0000000000000000 R09: 0000000000000000 [ 150.364502][ T6835] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 150.372487][ T6835] R13: 0000000000000000 R14: 00007fcb3ef35f80 R15: 00007fcb3f05fa28 [ 150.380575][ T6835] [ 150.384930][ T53] bridge_slave_0: left promiscuous mode [ 150.390572][ T53] bridge0: port 1(bridge_slave_0) entered disabled state [ 150.615713][ T5242] Bluetooth: hci3: command tx timeout [ 150.728449][ T5298] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 150.742148][ T53] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 150.883706][ T53] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 150.908336][ T53] bond0 (unregistering): Released all slaves [ 150.914737][ T5298] usb 3-1: Using ep0 maxpacket: 8 [ 150.925303][ T5298] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 150.935978][ T5298] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 150.948053][ T6843] misc userio: No port type given on /dev/userio [ 150.949262][ T5298] usb 3-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 150.960215][ T6843] misc userio: The device must be registered before sending interrupts [ 150.965185][ T5298] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 150.986714][ T5298] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 150.998857][ T5298] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.089790][ T6843] netlink: 12 bytes leftover after parsing attributes in process `syz.1.400'. [ 151.210879][ T5298] usb 3-1: GET_CAPABILITIES returned 0 [ 151.224334][ T5298] usbtmc 3-1:16.0: can't read capabilities [ 151.329507][ T6722] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 151.341559][ T6722] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 151.359589][ T6722] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 151.398206][ T6722] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 151.447030][ T53] hsr_slave_0: left promiscuous mode [ 151.460136][ T53] hsr_slave_1: left promiscuous mode [ 151.469029][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 151.481937][ T53] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 151.490556][ T53] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 151.508733][ T53] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 151.546164][ T53] veth1_macvtap: left promiscuous mode [ 151.551850][ T53] veth0_macvtap: left promiscuous mode [ 151.558598][ T53] veth1_vlan: left promiscuous mode [ 151.564048][ T53] veth0_vlan: left promiscuous mode [ 151.599664][ T5298] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 151.767161][ T5298] usb 5-1: Using ep0 maxpacket: 16 [ 151.785584][ T5298] usb 5-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 151.795680][ T5298] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.803733][ T5298] usb 5-1: Product: syz [ 151.808319][ T5298] usb 5-1: Manufacturer: syz [ 151.812948][ T5298] usb 5-1: SerialNumber: syz [ 151.822576][ T5298] usb 5-1: config 0 descriptor?? [ 151.841002][ T5298] ssu100 5-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 151.897721][ T5242] Bluetooth: hci4: command tx timeout [ 151.937533][ T5281] usb 3-1: USB disconnect, device number 20 [ 151.983328][ T6868] fuse: Bad value for 'user_id' [ 152.002330][ T6868] fuse: Bad value for 'user_id' [ 152.051063][ T5298] ssu100 5-1:0.0: probe with driver ssu100 failed with error -71 [ 152.095592][ T5298] usb 5-1: USB disconnect, device number 30 [ 152.384283][ T5281] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 152.385967][ T53] team0 (unregistering): Port device team_slave_1 removed [ 152.453672][ T53] team0 (unregistering): Port device team_slave_0 removed [ 152.554310][ T5281] usb 3-1: Using ep0 maxpacket: 16 [ 152.570416][ T5281] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 152.585473][ T5281] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 152.614030][ T5281] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 152.642066][ T5281] usb 3-1: New USB device found, idVendor=17ef, idProduct=60ee, bcdDevice= 0.00 [ 152.679020][ T5281] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 152.696148][ T5242] Bluetooth: hci3: command tx timeout [ 152.705454][ T5281] usb 3-1: config 0 descriptor?? [ 153.077312][ T6833] chnl_net:caif_netlink_parms(): no params data found [ 153.137550][ T5281] hid (null): unknown global tag 0xc [ 153.166689][ T5281] lenovo 0003:17EF:60EE.0003: unknown global tag 0xc [ 153.194597][ T5281] lenovo 0003:17EF:60EE.0003: item 0 4 1 12 parsing failed [ 153.203845][ T5281] lenovo 0003:17EF:60EE.0003: hid_parse failed [ 153.211362][ T5281] lenovo 0003:17EF:60EE.0003: probe with driver lenovo failed with error -22 [ 153.247055][ T6881] @: renamed from vlan0 (while UP) [ 153.344794][ T6871] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 153.353813][ T6833] bridge0: port 1(bridge_slave_0) entered blocking state [ 153.376966][ T6833] bridge0: port 1(bridge_slave_0) entered disabled state [ 153.377578][ T6871] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 153.400427][ T6833] bridge_slave_0: entered allmulticast mode [ 153.410449][ T6833] bridge_slave_0: entered promiscuous mode [ 153.434334][ T6833] bridge0: port 2(bridge_slave_1) entered blocking state [ 153.443537][ T6833] bridge0: port 2(bridge_slave_1) entered disabled state [ 153.457477][ T6833] bridge_slave_1: entered allmulticast mode [ 153.467116][ T6833] bridge_slave_1: entered promiscuous mode [ 153.561236][ T6833] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 153.607810][ T6833] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 153.681298][ T6833] team0: Port device team_slave_0 added [ 153.694045][ T6833] team0: Port device team_slave_1 added [ 153.753336][ T6833] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 153.762842][ T6833] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.797042][ T6833] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 153.815139][ T6722] 8021q: adding VLAN 0 to HW filter on device bond0 [ 153.822678][ T6833] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 153.838799][ T6833] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 153.864669][ C1] vkms_vblank_simulate: vblank timer overrun [ 153.874245][ T6833] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 153.937593][ T6833] hsr_slave_0: entered promiscuous mode [ 153.946017][ T6833] hsr_slave_1: entered promiscuous mode [ 153.952445][ T6833] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 153.960377][ T6833] Cannot create hsr debugfs directory [ 153.974433][ T5242] Bluetooth: hci4: command tx timeout [ 153.984720][ T5298] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 153.992879][ T6722] 8021q: adding VLAN 0 to HW filter on device team0 [ 154.058036][ T53] bridge0: port 1(bridge_slave_0) entered blocking state [ 154.065232][ T53] bridge0: port 1(bridge_slave_0) entered forwarding state [ 154.091024][ T53] bridge0: port 2(bridge_slave_1) entered blocking state [ 154.098261][ T53] bridge0: port 2(bridge_slave_1) entered forwarding state [ 154.155864][ T5298] usb 5-1: Using ep0 maxpacket: 16 [ 154.170365][ T5298] usb 5-1: config 0 has an invalid interface number: 249 but max is 0 [ 154.182851][ T5298] usb 5-1: config 0 has no interface number 0 [ 154.201653][ T5298] usb 5-1: config 0 interface 249 has no altsetting 0 [ 154.218421][ T5298] usb 5-1: New USB device found, idVendor=8086, idProduct=0b63, bcdDevice=a5.06 [ 154.237497][ T5298] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.261634][ T5298] usb 5-1: Product: syz [ 154.269103][ T5298] usb 5-1: Manufacturer: syz [ 154.273957][ T5298] usb 5-1: SerialNumber: syz [ 154.315201][ T5298] usb 5-1: config 0 descriptor?? [ 154.533954][ T6722] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 154.613609][ T6922] netlink: 104 bytes leftover after parsing attributes in process `syz.4.407'. [ 154.702539][ T6722] veth0_vlan: entered promiscuous mode [ 154.727676][ T6722] veth1_vlan: entered promiscuous mode [ 154.920614][ T6833] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 154.934909][ T6722] veth0_macvtap: entered promiscuous mode [ 154.955159][ T6833] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 154.981736][ T6722] veth1_macvtap: entered promiscuous mode [ 155.004067][ T6833] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 155.033745][ T6833] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 155.072937][ T6722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.116233][ T6722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.164407][ T6722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.183099][ T29] audit: type=1326 audit(1728177964.591:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6932 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2216f7dff9 code=0x7ffc0000 [ 155.189880][ T5284] usb 3-1: USB disconnect, device number 21 [ 155.212109][ T6722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.233309][ T5298] ljca 5-1:0.249: bulk endpoints not found [ 155.244599][ T6722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 155.257319][ T6722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.278314][ T5298] usb 5-1: USB disconnect, device number 31 [ 155.282158][ T29] audit: type=1326 audit(1728177964.621:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6932 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f2216f7dff9 code=0x7ffc0000 [ 155.306471][ C1] vkms_vblank_simulate: vblank timer overrun [ 155.323730][ T6722] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 155.363828][ T6722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.403077][ T6722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.407779][ T29] audit: type=1326 audit(1728177964.621:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6932 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2216f7dff9 code=0x7ffc0000 [ 155.425348][ T6722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.459470][ T29] audit: type=1326 audit(1728177964.621:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6932 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2216f7dff9 code=0x7ffc0000 [ 155.483346][ T29] audit: type=1326 audit(1728177964.631:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6932 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=226 compat=0 ip=0x7f2216f7dff9 code=0x7ffc0000 [ 155.486870][ T6722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.524321][ T29] audit: type=1326 audit(1728177964.631:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6932 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2216f7dff9 code=0x7ffc0000 [ 155.554339][ T6941] misc userio: No port type given on /dev/userio [ 155.554896][ T6722] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 155.570964][ T29] audit: type=1326 audit(1728177964.631:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6932 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2216f7dff9 code=0x7ffc0000 [ 155.584226][ T6722] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 155.593190][ C1] vkms_vblank_simulate: vblank timer overrun [ 155.609585][ T6941] misc userio: The device must be registered before sending interrupts [ 155.620401][ T6722] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 155.636069][ T29] audit: type=1326 audit(1728177964.631:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6932 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2216f7dff9 code=0x7ffc0000 [ 155.658236][ C1] vkms_vblank_simulate: vblank timer overrun [ 155.695133][ T47] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 155.703145][ T29] audit: type=1326 audit(1728177964.631:41): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6932 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2216f7dff9 code=0x7ffc0000 [ 155.725321][ C1] vkms_vblank_simulate: vblank timer overrun [ 155.740014][ T6936] netlink: 12 bytes leftover after parsing attributes in process `syz.4.411'. [ 155.753391][ T6722] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.762523][ T29] audit: type=1326 audit(1728177964.631:42): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6932 comm="syz.1.410" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2216f7dff9 code=0x7ffc0000 [ 155.778209][ T6722] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.795211][ T6722] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.804045][ T6722] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 155.887549][ T47] usb 3-1: New USB device found, idVendor=59cc, idProduct=980d, bcdDevice=b4.8e [ 155.897328][ T47] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 155.911058][ T47] usb 3-1: config 0 descriptor?? [ 155.921907][ T47] usb-storage 3-1:0.0: USB Mass Storage device detected [ 155.970109][ T6833] 8021q: adding VLAN 0 to HW filter on device bond0 [ 156.001497][ T6833] 8021q: adding VLAN 0 to HW filter on device team0 [ 156.096736][ T2519] bridge0: port 1(bridge_slave_0) entered blocking state [ 156.103870][ T2519] bridge0: port 1(bridge_slave_0) entered forwarding state [ 156.114952][ T5242] Bluetooth: hci4: command tx timeout [ 156.119706][ T2519] bridge0: port 2(bridge_slave_1) entered blocking state [ 156.127483][ T2519] bridge0: port 2(bridge_slave_1) entered forwarding state [ 156.205595][ T6833] hsr0: Slave A (hsr_slave_0) is not up; please bring it up to get a fully working HSR network [ 156.239942][ T6833] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 156.311292][ T6947] netlink: 12 bytes leftover after parsing attributes in process `syz.1.413'. [ 156.322552][ T149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.331216][ T149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.371423][ T6950] netlink: 8 bytes leftover after parsing attributes in process `syz.1.413'. [ 156.431233][ T6950] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 156.438952][ T5284] usb 3-1: USB disconnect, device number 22 [ 156.441926][ T6950] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 156.500806][ T6947] bond1 (unregistering): (slave batadv1): Releasing backup interface [ 156.522696][ T6947] bond1 (unregistering): Released all slaves [ 156.542134][ T149] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 156.582172][ T149] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 156.651230][ T6833] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 156.690461][ T6833] veth0_vlan: entered promiscuous mode [ 156.712458][ T6833] veth1_vlan: entered promiscuous mode [ 156.748443][ T6833] veth0_macvtap: entered promiscuous mode [ 156.773353][ T6833] veth1_macvtap: entered promiscuous mode [ 156.799653][ T6833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.826909][ T6833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.831467][ T6957] FAULT_INJECTION: forcing a failure. [ 156.831467][ T6957] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 156.848614][ T6833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.857591][ T6957] CPU: 1 UID: 0 PID: 6957 Comm: syz.3.372 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 156.867997][ T6833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.870806][ T6957] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 156.890696][ T6957] Call Trace: [ 156.893992][ T6957] [ 156.894240][ T6833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.897004][ T6957] dump_stack_lvl+0x241/0x360 [ 156.912262][ T6957] ? __pfx_dump_stack_lvl+0x10/0x10 [ 156.917352][ T6833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 156.917460][ T6957] ? __pfx__printk+0x10/0x10 [ 156.931852][ T6957] ? __pfx_lock_release+0x10/0x10 [ 156.936915][ T6957] should_fail_ex+0x3b0/0x4e0 [ 156.941619][ T6957] _copy_to_user+0x2f/0xb0 [ 156.944235][ T6833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 156.946037][ T6957] video_usercopy+0xe5e/0x1180 [ 156.961439][ T6957] ? __pfx___video_do_ioctl+0x10/0x10 [ 156.966825][ T6957] ? __pfx_video_usercopy+0x10/0x10 [ 156.972129][ T6957] ? __fget_files+0x29/0x470 [ 156.976723][ T6957] ? __fget_files+0x3f3/0x470 [ 156.981405][ T6957] v4l2_ioctl+0x189/0x1e0 [ 156.985739][ T6957] ? __pfx_v4l2_ioctl+0x10/0x10 [ 156.990588][ T6957] __se_sys_ioctl+0xf9/0x170 [ 156.995184][ T6957] do_syscall_64+0xf3/0x230 [ 156.999678][ T6957] ? clear_bhb_loop+0x35/0x90 [ 157.004355][ T6957] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 157.010285][ T6957] RIP: 0033:0x7f06b897dff9 [ 157.014710][ T6957] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 157.034326][ T6957] RSP: 002b:00007f06b96aa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 157.042737][ T6957] RAX: ffffffffffffffda RBX: 00007f06b8b35f80 RCX: 00007f06b897dff9 [ 157.050703][ T6957] RDX: 0000000020000000 RSI: 00000000c008561c RDI: 0000000000000005 [ 157.058671][ T6957] RBP: 00007f06b96aa090 R08: 0000000000000000 R09: 0000000000000000 [ 157.066639][ T6957] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 157.074613][ T6957] R13: 0000000000000000 R14: 00007f06b8b35f80 R15: 00007f06b8c5fa28 [ 157.082686][ T6957] [ 157.085866][ C1] vkms_vblank_simulate: vblank timer overrun [ 157.093352][ T6833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.105178][ T6833] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 157.122311][ T6833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.136687][ T6833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.146621][ T6833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.157286][ T6833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.174501][ T4646] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 157.182256][ T6833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.201179][ T6833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.212495][ T6833] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 157.226852][ T6833] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 157.239589][ T6833] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 157.251326][ T6833] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.264923][ T6833] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.279803][ T6833] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.290514][ T6833] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 157.349798][ T4646] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.353202][ T6965] program syz.2.418 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 157.371831][ T4646] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 157.386794][ T4646] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.395917][ T4646] usb 5-1: Product: syz [ 157.400122][ T4646] usb 5-1: Manufacturer: syz [ 157.424650][ T5285] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 157.437792][ T4646] usb 5-1: SerialNumber: syz [ 157.449228][ T149] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.471694][ T149] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.500751][ T53] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 157.520992][ T53] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 157.545588][ T47] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 157.585306][ T5285] usb 2-1: Using ep0 maxpacket: 16 [ 157.593123][ T5285] usb 2-1: unable to get BOS descriptor or descriptor too short [ 157.619774][ T5285] usb 2-1: config 0 has no interfaces? [ 157.640316][ T5285] usb 2-1: New USB device found, idVendor=0af0, idProduct=7031, bcdDevice=78.43 [ 157.670079][ T5285] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.704319][ T5285] usb 2-1: Product: syz [ 157.708536][ T5285] usb 2-1: Manufacturer: syz [ 157.714427][ T47] usb 4-1: Using ep0 maxpacket: 16 [ 157.720606][ T5285] usb 2-1: SerialNumber: syz [ 157.730373][ T5285] usb 2-1: config 0 descriptor?? [ 157.761073][ T47] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 157.772543][ T47] usb 4-1: config 0 interface 0 altsetting 1 endpoint 0x81 has invalid wMaxPacketSize 0 [ 157.782700][ T47] usb 4-1: config 0 interface 0 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 157.796135][ T47] usb 4-1: config 0 interface 0 has no altsetting 0 [ 157.802781][ T47] usb 4-1: New USB device found, idVendor=045e, idProduct=05da, bcdDevice= 0.00 [ 157.816329][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 157.828173][ T47] usb 4-1: config 0 descriptor?? [ 157.935708][ T6971] netlink: 4 bytes leftover after parsing attributes in process `syz.0.419'. [ 157.945520][ T6971] netlink: 4 bytes leftover after parsing attributes in process `syz.0.419'. [ 158.214916][ T5242] Bluetooth: hci4: command tx timeout [ 158.282151][ T47] hid (null): no more usage index available [ 158.310050][ T47] hid-generic 0003:045E:05DA.0004: ignoring exceeding usage max [ 158.351626][ T47] hid-generic 0003:045E:05DA.0004: ignoring exceeding usage max [ 158.395720][ T47] hid-generic 0003:045E:05DA.0004: no more usage index available [ 158.424440][ T47] hid-generic 0003:045E:05DA.0004: item 0 4 2 2 parsing failed [ 158.443029][ T47] hid-generic 0003:045E:05DA.0004: probe with driver hid-generic failed with error -22 [ 158.535046][ T6975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.561964][ T6975] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.649149][ T5311] usb 4-1: USB disconnect, device number 32 [ 159.095002][ T5311] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 159.255863][ T5311] usb 4-1: device descriptor read/64, error -71 [ 159.281671][ T4646] cdc_ncm 5-1:1.0: failed to get mac address [ 159.292293][ T4646] cdc_ncm 5-1:1.0: bind() failure [ 159.313828][ T4646] cdc_ncm 5-1:1.1: probe with driver cdc_ncm failed with error -71 [ 159.333227][ T4646] cdc_mbim 5-1:1.1: probe with driver cdc_mbim failed with error -71 [ 159.364847][ T4646] usbtest 5-1:1.1: probe with driver usbtest failed with error -71 [ 159.403331][ T4646] usb 5-1: USB disconnect, device number 32 [ 159.434445][ T5298] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 159.514412][ T5311] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 159.614332][ T5298] usb 3-1: Using ep0 maxpacket: 32 [ 159.627272][ T5298] usb 3-1: unable to get BOS descriptor or descriptor too short [ 159.645235][ T5298] usb 3-1: config 127 has an invalid interface number: 179 but max is 0 [ 159.653801][ T5298] usb 3-1: config 127 has an invalid descriptor of length 85, skipping remainder of the config [ 159.654593][ T5311] usb 4-1: device descriptor read/64, error -71 [ 159.698980][ T5298] usb 3-1: config 127 has no interface number 0 [ 159.711081][ T5298] usb 3-1: config 127 interface 179 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 159.744421][ T5298] usb 3-1: config 127 interface 179 has no altsetting 0 [ 159.790673][ T5298] usb 3-1: New USB device found, idVendor=07c0, idProduct=158b, bcdDevice=d0.96 [ 159.812737][ T5298] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 159.850001][ T5311] usb usb4-port1: attempt power cycle [ 159.862008][ T5298] usb 3-1: Product: syz [ 159.884710][ T8] usb 2-1: USB disconnect, device number 29 [ 159.902979][ T5298] usb 3-1: Manufacturer: syz [ 159.928228][ T5298] usb 3-1: SerialNumber: syz [ 160.194334][ T5311] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 160.217875][ T5311] usb 4-1: device descriptor read/8, error -71 [ 160.236348][ T7001] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 160.305165][ T7001] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 160.429446][ T5298] iowarrior 3-1:127.179: no interrupt-in endpoint found [ 160.473416][ T5298] usb 3-1: USB disconnect, device number 23 [ 160.477093][ T5311] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 160.545433][ T5311] usb 4-1: device descriptor read/8, error -71 [ 160.684066][ T5311] usb usb4-port1: unable to enumerate USB device [ 161.424751][ T5311] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 161.614270][ T5311] usb 1-1: Using ep0 maxpacket: 16 [ 161.622498][ T5311] usb 1-1: config 1 has an invalid interface descriptor of length 5, skipping [ 161.637296][ T5311] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 161.674386][ T5311] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 161.705526][ T5311] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 161.729523][ T5311] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.741400][ T5311] usb 1-1: Product: syz [ 161.756841][ T5311] usb 1-1: Manufacturer: syz [ 161.761489][ T5311] usb 1-1: SerialNumber: syz [ 161.958914][ T149] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.003210][ T5311] usb 1-1: 0:2 : does not exist [ 162.053056][ T5311] usb 1-1: USB disconnect, device number 24 [ 162.323351][ T149] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.496137][ T149] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 162.579097][ T5230] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 162.591804][ T5230] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 162.601738][ T5230] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 162.616237][ T5230] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 162.644610][ T5230] Bluetooth: hci1: unexpected cc 0x0c25 length: 249 > 3 [ 162.652036][ T5230] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 162.805780][ C1] TCP: request_sock_subflow_v4: Possible SYN flooding on port [::]:20002. Sending cookies. [ 162.836383][ T149] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 163.355247][ T149] bridge_slave_1: left allmulticast mode [ 163.360949][ T149] bridge_slave_1: left promiscuous mode [ 163.398831][ T149] bridge0: port 2(bridge_slave_1) entered disabled state [ 163.429291][ T149] bridge_slave_0: left allmulticast mode [ 163.446062][ T149] bridge_slave_0: left promiscuous mode [ 163.451841][ T149] bridge0: port 1(bridge_slave_0) entered disabled state [ 164.701608][ T5230] Bluetooth: hci1: command tx timeout [ 164.728035][ T149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.769967][ T149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.806414][ T149] bond0 (unregistering): Released all slaves [ 164.829056][ T7048] chnl_net:caif_netlink_parms(): no params data found [ 165.483936][ T7048] bridge0: port 1(bridge_slave_0) entered blocking state [ 165.511839][ T7048] bridge0: port 1(bridge_slave_0) entered disabled state [ 165.523112][ T7048] bridge_slave_0: entered allmulticast mode [ 165.541780][ T7048] bridge_slave_0: entered promiscuous mode [ 165.640085][ T7048] bridge0: port 2(bridge_slave_1) entered blocking state [ 165.665711][ T7048] bridge0: port 2(bridge_slave_1) entered disabled state [ 165.673391][ T7048] bridge_slave_1: entered allmulticast mode [ 165.735576][ T7048] bridge_slave_1: entered promiscuous mode [ 165.747207][ T7146] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 165.901271][ T149] hsr_slave_0: left promiscuous mode [ 165.921614][ T149] hsr_slave_1: left promiscuous mode [ 165.939539][ T149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 165.957537][ T149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 165.985785][ T149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 166.009148][ T149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 166.073274][ T149] veth1_macvtap: left promiscuous mode [ 166.093352][ T149] veth0_macvtap: left promiscuous mode [ 166.109887][ T149] veth1_vlan: left promiscuous mode [ 166.131426][ T149] veth0_vlan: left promiscuous mode [ 166.774371][ T5230] Bluetooth: hci1: command tx timeout [ 167.720875][ T149] team0 (unregistering): Port device team_slave_1 removed [ 167.855079][ T149] team0 (unregistering): Port device team_slave_0 removed [ 167.916122][ C1] TCP: request_sock_TCP: Possible SYN flooding on port [::]:20002. Sending cookies. [ 168.870858][ T5230] Bluetooth: hci1: command tx timeout [ 168.910278][ T7191] netlink: 8 bytes leftover after parsing attributes in process `syz.0.490'. [ 168.914758][ T7221] netlink: 36 bytes leftover after parsing attributes in process `syz.3.499'. [ 169.030980][ T7048] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 169.078854][ T7048] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 169.161926][ T7227] capability: warning: `syz.0.502' uses 32-bit capabilities (legacy support in use) [ 169.229566][ T7231] netlink: 8 bytes leftover after parsing attributes in process `syz.1.503'. [ 169.273876][ T7231] netlink: 8 bytes leftover after parsing attributes in process `syz.1.503'. [ 169.285906][ T7048] team0: Port device team_slave_0 added [ 169.326493][ T7048] team0: Port device team_slave_1 added [ 169.489890][ T7048] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 169.534263][ T7048] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.647930][ T7048] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 169.677447][ T7048] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 169.694324][ T7048] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 169.777735][ T7048] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 169.953951][ T7048] hsr_slave_0: entered promiscuous mode [ 169.981182][ T7048] hsr_slave_1: entered promiscuous mode [ 170.001127][ T7048] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 170.020754][ T7048] Cannot create hsr debugfs directory [ 170.079375][ T5242] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 170.089470][ T5242] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 170.177022][ T5242] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 170.262345][ T5242] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 170.272346][ T5242] Bluetooth: hci2: unexpected cc 0x0c25 length: 249 > 3 [ 170.305580][ T5242] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 170.608039][ T149] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.866794][ T149] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 170.937601][ T5230] Bluetooth: hci1: command tx timeout [ 171.187205][ T149] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.722169][ T149] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 171.890434][ T7292] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(3) [ 171.897216][ T7292] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 171.946028][ T7292] vhci_hcd vhci_hcd.0: Device attached [ 171.965159][ T7293] vhci_hcd: connection closed [ 171.974979][ T2545] vhci_hcd: stop threads [ 171.985267][ T2545] vhci_hcd: release socket [ 171.989792][ T2545] vhci_hcd: disconnect device [ 172.149646][ T5242] Bluetooth: hci4: unexpected cc 0x203e length: 2 > 1 [ 172.161719][ T149] bridge_slave_1: left allmulticast mode [ 172.167878][ T149] bridge_slave_1: left promiscuous mode [ 172.175259][ T149] bridge0: port 2(bridge_slave_1) entered disabled state [ 172.189479][ T149] bridge_slave_0: left allmulticast mode [ 172.197531][ T149] bridge_slave_0: left promiscuous mode [ 172.203268][ T149] bridge0: port 1(bridge_slave_0) entered disabled state [ 172.374477][ T5242] Bluetooth: hci2: command tx timeout [ 172.810953][ T149] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 172.833997][ T149] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 172.857670][ T149] bond0 (unregistering): Released all slaves [ 172.879153][ T7260] chnl_net:caif_netlink_parms(): no params data found [ 173.158475][ T7260] bridge0: port 1(bridge_slave_0) entered blocking state [ 173.174392][ T7260] bridge0: port 1(bridge_slave_0) entered disabled state [ 173.181663][ T7260] bridge_slave_0: entered allmulticast mode [ 173.196542][ T7260] bridge_slave_0: entered promiscuous mode [ 173.242465][ T7260] bridge0: port 2(bridge_slave_1) entered blocking state [ 173.263561][ T7260] bridge0: port 2(bridge_slave_1) entered disabled state [ 173.279457][ T7260] bridge_slave_1: entered allmulticast mode [ 173.290331][ T7260] bridge_slave_1: entered promiscuous mode [ 173.486943][ T7260] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 173.535912][ T7048] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 173.576444][ T7048] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 173.610327][ T7260] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 173.630435][ T7048] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 173.728956][ T7260] team0: Port device team_slave_0 added [ 173.761689][ T149] hsr_slave_0: left promiscuous mode [ 173.768582][ T149] hsr_slave_1: left promiscuous mode [ 173.775409][ T149] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 173.786317][ T149] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 173.799369][ T149] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 173.811520][ T149] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 173.815192][ T5242] Bluetooth: hci3: command tx timeout [ 173.840208][ T149] veth1_macvtap: left promiscuous mode [ 173.864470][ T149] veth0_macvtap: left promiscuous mode [ 173.877089][ T149] veth1_vlan: left promiscuous mode [ 173.882420][ T149] veth0_vlan: left promiscuous mode [ 174.454392][ T5230] Bluetooth: hci2: command tx timeout [ 175.325588][ T7048] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 175.345574][ T7260] team0: Port device team_slave_1 added [ 175.894562][ T5230] Bluetooth: hci3: command 0x0406 tx timeout [ 176.056987][ T7345] netlink: 4 bytes leftover after parsing attributes in process `syz.3.531'. [ 176.097994][ T7260] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 176.132865][ T7260] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.189873][ T7260] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 176.216592][ T5242] Bluetooth: hci4: Controller not accepting commands anymore: ncmd = 0 [ 176.225404][ T5242] Bluetooth: hci4: Injecting HCI hardware error event [ 176.235922][ T5230] Bluetooth: hci4: hardware error 0x00 [ 176.295667][ T7260] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 176.352124][ T7260] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 176.458888][ T7260] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 176.538017][ T5242] Bluetooth: hci2: command tx timeout [ 176.859805][ T7260] hsr_slave_0: entered promiscuous mode [ 176.874994][ T7260] hsr_slave_1: entered promiscuous mode [ 176.910617][ T7260] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 176.924722][ T7260] Cannot create hsr debugfs directory [ 176.967964][ T7382] ALSA: mixer_oss: invalid OSS volume '#!' [ 176.973998][ T7382] ALSA: mixer_oss: invalid OSS volume '' [ 176.980234][ T7382] ALSA: mixer_oss: invalid OSS volume '#Ǟ)-trK*JtT>x' [ 176.990110][ T7382] ALSA: mixer_oss: invalid OSS volume 'Q-baWѥ5ms߽' [ 176.998857][ T7382] ALSA: mixer_oss: invalid OSS volume 'rrFӁ}%^SO|i670' [ 177.007692][ T7382] ALSA: mixer_oss: invalid OSS volume 'M~vŪ>7?RxXJƒ΀B4OCA' [ 177.062369][ T7382] ALSA: mixer_oss: invalid OSS volume 'Wؾm7JVNv]2Q3H' [ 177.065433][ T7048] 8021q: adding VLAN 0 to HW filter on device bond0 [ 177.071554][ T7382] ALSA: mixer_oss: invalid OSS volume '082<@ID'.m' [ 177.084962][ T7382] ALSA: mixer_oss: invalid OSS volume 'k.z8gBwd!q, priority 10 [ 181.476944][ T7260] veth1_vlan: entered promiscuous mode [ 181.606941][ T7260] veth0_macvtap: entered promiscuous mode [ 181.650080][ T7260] veth1_macvtap: entered promiscuous mode [ 181.715647][ T7520] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 181.740778][ T7260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 181.773253][ T7260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.784514][ T7260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 181.795263][ T7260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.805391][ T7260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 181.816100][ T7260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.826380][ T7260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 181.837057][ T7260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.848941][ T7260] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 181.858890][ T7260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 181.869463][ T7260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.879344][ T7260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 181.889830][ T7260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.899837][ T7260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 181.910335][ T7260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.920409][ T7260] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 181.930947][ T7260] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 181.942039][ T7260] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 182.006211][ T7260] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.034654][ T7260] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.043403][ T7260] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.068037][ T7260] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 182.269299][ T35] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.289348][ T35] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.337526][ T1308] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 182.367596][ T1308] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 182.545820][ T5286] tipc: Node number set to 2886997162 [ 182.658847][ T7540] vlan2: entered promiscuous mode [ 182.686541][ T7540] bond0: entered promiscuous mode [ 182.697485][ T7540] bond_slave_0: entered promiscuous mode [ 182.703399][ T7540] bond_slave_1: entered promiscuous mode [ 182.747341][ T7540] bond0: left promiscuous mode [ 182.752225][ T7540] bond_slave_0: left promiscuous mode [ 182.800973][ T7540] bond_slave_1: left promiscuous mode [ 183.305207][ T5230] Bluetooth: hci1: unexpected cc 0x203e length: 2 > 1 [ 184.751804][ T5230] Bluetooth: hci2: unexpected cc 0x203e length: 2 > 1 [ 184.812423][ T7602] netlink: 16 bytes leftover after parsing attributes in process `syz.0.597'. [ 184.822648][ T7602] netlink: 16 bytes leftover after parsing attributes in process `syz.0.597'. [ 185.364052][ C0] ------------[ cut here ]------------ [ 185.370219][ C0] WARNING: CPU: 0 PID: 7621 at net/mptcp/protocol.c:695 __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 [ 185.381233][ C0] Modules linked in: [ 185.385198][ C0] CPU: 0 UID: 0 PID: 7621 Comm: syz.4.604 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 185.395853][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 185.405971][ C0] RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 [ 185.413059][ C0] Code: 0f b6 dc 31 ff 89 de e8 d5 d8 e7 f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 b8 d5 e7 f5 90 <0f> 0b 90 e9 47 ff ff ff e8 aa d5 e7 f5 90 0f 0b 90 e9 99 e0 ff ff [ 185.432776][ C0] RSP: 0018:ffffc90000006db8 EFLAGS: 00010246 [ 185.438930][ C0] RAX: ffffffff8bad00b8 RBX: 00000000000055f0 RCX: ffff888063259e00 [ 185.446986][ C0] RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0 [ 185.455112][ C0] RBP: 1ffff1100b88c01e R08: ffffffff8bacf0b2 R09: 1ffff1100b88c028 [ 185.463119][ C0] R10: dffffc0000000000 R11: ffffed100b88c029 R12: 0000000000000000 [ 185.471175][ C0] R13: dffffc0000000000 R14: 0000000024f35a58 R15: 00000000000081e5 [ 185.479223][ C0] FS: 00007efc1f1436c0(0000) GS:ffff8880b8600000(0000) knlGS:0000000000000000 [ 185.488250][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 185.494891][ C0] CR2: 0000000020287000 CR3: 0000000061682000 CR4: 00000000003526f0 [ 185.502896][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 185.510941][ C0] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 185.518975][ C0] Call Trace: [ 185.522283][ C0] [ 185.525208][ C0] ? __warn+0x168/0x4e0 [ 185.529409][ C0] ? __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 [ 185.535920][ C0] ? report_bug+0x2b3/0x500 [ 185.540469][ C0] ? __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 [ 185.546989][ C0] ? handle_bug+0x60/0x90 [ 185.551437][ C0] ? exc_invalid_op+0x1a/0x50 [ 185.556205][ C0] ? asm_exc_invalid_op+0x1a/0x20 [ 185.561274][ C0] ? __mptcp_move_skbs_from_subflow+0x10a2/0x21f0 [ 185.567776][ C0] ? __mptcp_move_skbs_from_subflow+0x20a8/0x21f0 [ 185.574250][ C0] ? __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 [ 185.580785][ C0] ? __mptcp_move_skbs_from_subflow+0x20a8/0x21f0 [ 185.587320][ C0] mptcp_data_ready+0x29c/0xa90 [ 185.592212][ C0] ? __sk_mem_raise_allocated+0x2be/0x1140 [ 185.598137][ C0] ? __pfx_mptcp_data_ready+0x10/0x10 [ 185.603568][ C0] subflow_data_ready+0x34a/0x920 [ 185.608687][ C0] ? __pfx_subflow_data_ready+0x10/0x10 [ 185.614305][ C0] ? tcp_grow_window+0x1a1/0xb00 [ 185.619288][ C0] ? tcp_data_ready+0x15b/0x4e0 [ 185.624242][ C0] tcp_data_queue+0x20fd/0x76c0 [ 185.629156][ C0] ? tcp_urg+0x100/0x450 [ 185.633535][ C0] ? __pfx_tcp_data_queue+0x10/0x10 [ 185.638846][ C0] ? __pfx_tcp_urg+0x10/0x10 [ 185.643483][ C0] ? ktime_get+0x9b/0xb0 [ 185.647818][ C0] tcp_rcv_established+0xfba/0x2020 [ 185.653085][ C0] ? __pfx_tcp_rcv_established+0x10/0x10 [ 185.658900][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 185.663972][ C0] tcp_v4_do_rcv+0x96d/0xc70 [ 185.668656][ C0] tcp_v4_rcv+0x2dc0/0x37f0 [ 185.673244][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 185.678201][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 185.683084][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 185.688021][ C0] ip_protocol_deliver_rcu+0x22e/0x440 [ 185.693524][ C0] ? ip_local_deliver_finish+0x230/0x5f0 [ 185.699301][ C0] ip_local_deliver_finish+0x341/0x5f0 [ 185.704843][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 185.710856][ C0] NF_HOOK+0x3a4/0x450 [ 185.715003][ C0] ? NF_HOOK+0x9a/0x450 [ 185.719189][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 185.723808][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 185.729876][ C0] ? ip_rcv_finish+0x406/0x560 [ 185.734699][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 185.739836][ C0] NF_HOOK+0x3a4/0x450 [ 185.743935][ C0] ? __lock_acquire+0x1384/0x2050 [ 185.749047][ C0] ? NF_HOOK+0x9a/0x450 [ 185.753227][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 185.757902][ C0] ? ip_rcv_core+0x801/0xd10 [ 185.762521][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 185.767734][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 185.772273][ C0] __netif_receive_skb+0x2bf/0x650 [ 185.777473][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 185.782539][ C0] ? __pfx___netif_receive_skb+0x10/0x10 [ 185.788255][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 185.794307][ C0] ? __pfx_lock_release+0x10/0x10 [ 185.799373][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 185.804592][ C0] process_backlog+0x662/0x15b0 [ 185.809477][ C0] ? process_backlog+0x33b/0x15b0 [ 185.814590][ C0] ? __pfx_process_backlog+0x10/0x10 [ 185.819905][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 185.825978][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 185.832365][ C0] __napi_poll+0xcb/0x490 [ 185.836783][ C0] net_rx_action+0x89b/0x1240 [ 185.841519][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 185.846725][ C0] ? sched_clock+0x4a/0x70 [ 185.851194][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 185.857598][ C0] handle_softirqs+0x2c5/0x980 [ 185.862403][ C0] ? do_softirq+0x11b/0x1e0 [ 185.866975][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 185.872310][ C0] do_softirq+0x11b/0x1e0 [ 185.876707][ C0] [ 185.879662][ C0] [ 185.882610][ C0] ? __pfx_do_softirq+0x10/0x10 [ 185.887529][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 185.893295][ C0] ? rcu_is_watching+0x15/0xb0 [ 185.898123][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 185.903360][ C0] ? dev_hard_start_xmit+0x773/0x7e0 [ 185.908703][ C0] ? __dev_queue_xmit+0x2da/0x3ed0 [ 185.913847][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 185.919640][ C0] ? __dev_queue_xmit+0x2da/0x3ed0 [ 185.924821][ C0] __dev_queue_xmit+0x171d/0x3ed0 [ 185.929892][ C0] ? __dev_queue_xmit+0x2da/0x3ed0 [ 185.935069][ C0] ? __lock_acquire+0x1384/0x2050 [ 185.940144][ C0] ? __pfx___dev_queue_xmit+0x10/0x10 [ 185.945601][ C0] ? mark_lock+0x9a/0x360 [ 185.949972][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 185.956027][ C0] ? ip_finish_output2+0xa14/0x1390 [ 185.961270][ C0] ? ip_finish_output2+0x45f/0x1390 [ 185.966531][ C0] ip_finish_output2+0xd41/0x1390 [ 185.971589][ C0] ? ip_finish_output2+0x45f/0x1390 [ 185.976859][ C0] ? __pfx_ip_finish_output2+0x10/0x10 [ 185.982357][ C0] ? ip_skb_dst_mtu+0x6ba/0x9b0 [ 185.987275][ C0] ? __ip_finish_output+0x349/0x400 [ 185.992517][ C0] __ip_queue_xmit+0x118c/0x1b80 [ 185.997519][ C0] ? __pfx_mptcp_write_options+0x10/0x10 [ 186.003190][ C0] ? __ip_queue_xmit+0x5f/0x1b80 [ 186.008204][ C0] ? __pfx_ip_queue_xmit+0x10/0x10 [ 186.013354][ C0] __tcp_transmit_skb+0x2544/0x3b30 [ 186.018646][ C0] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 186.024265][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 186.030298][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 186.036718][ C0] ? tcp_init_tso_segs+0xde/0x1a0 [ 186.041789][ C0] tcp_write_xmit+0x641d/0x6bf0 [ 186.046734][ C0] ? ipv4_mtu+0x2bc/0x3d0 [ 186.051106][ C0] ? tcp_current_mss+0x29b/0x4d0 [ 186.056130][ C0] ? __pfx_tcp_current_mss+0x10/0x10 [ 186.061458][ C0] ? __pfx_tcp_data_queue+0x10/0x10 [ 186.066733][ C0] __tcp_push_pending_frames+0x9b/0x360 [ 186.072316][ C0] ? ktime_get+0x9b/0xb0 [ 186.076626][ C0] tcp_rcv_established+0x1026/0x2020 [ 186.081952][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 186.088352][ C0] ? __pfx_tcp_rcv_established+0x10/0x10 [ 186.094040][ C0] tcp_v4_do_rcv+0x96d/0xc70 [ 186.098699][ C0] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 186.103834][ C0] __release_sock+0x214/0x350 [ 186.108583][ C0] release_sock+0x61/0x1f0 [ 186.113035][ C0] __mptcp_push_pending+0x6b5/0x9f0 [ 186.118296][ C0] ? __mptcp_push_pending+0x341/0x9f0 [ 186.123701][ C0] ? __pfx___mptcp_push_pending+0x10/0x10 [ 186.129493][ C0] ? __virt_addr_valid+0x183/0x530 [ 186.134663][ C0] ? __virt_addr_valid+0x183/0x530 [ 186.139878][ C0] ? __virt_addr_valid+0x45f/0x530 [ 186.145054][ C0] ? __check_object_size+0x48e/0x900 [ 186.150387][ C0] mptcp_sendmsg+0x10bb/0x1b10 [ 186.155266][ C0] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 186.160425][ C0] ? sock_rps_record_flow+0x1a/0x400 [ 186.165872][ C0] ? inet_sendmsg+0x330/0x390 [ 186.170587][ C0] __sock_sendmsg+0x1a6/0x270 [ 186.175338][ C0] sock_write_iter+0x2d7/0x3f0 [ 186.180141][ C0] ? __pfx_sock_write_iter+0x10/0x10 [ 186.185495][ C0] ? futex_wait_queue+0x14e/0x1d0 [ 186.190557][ C0] ? futex_unqueue+0xcb/0xf0 [ 186.195240][ C0] do_iter_readv_writev+0x600/0x880 [ 186.200476][ C0] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 186.206279][ C0] ? bpf_lsm_file_permission+0x9/0x10 [ 186.211685][ C0] ? security_file_permission+0x74/0x280 [ 186.217400][ C0] ? rw_verify_area+0x1c3/0x6f0 [ 186.222291][ C0] vfs_writev+0x376/0xba0 [ 186.226700][ C0] ? __pfx_vfs_writev+0x10/0x10 [ 186.231587][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 186.237069][ C0] ? fdget_pos+0x19a/0x320 [ 186.241533][ C0] do_writev+0x1b1/0x350 [ 186.245857][ C0] ? __pfx_do_writev+0x10/0x10 [ 186.250666][ C0] ? do_syscall_64+0x100/0x230 [ 186.255530][ C0] ? do_syscall_64+0xb6/0x230 [ 186.260244][ C0] do_syscall_64+0xf3/0x230 [ 186.264814][ C0] ? clear_bhb_loop+0x35/0x90 [ 186.269533][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 186.275506][ C0] RIP: 0033:0x7efc1e37dff9 [ 186.279954][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 186.299745][ C0] RSP: 002b:00007efc1f143038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 186.308250][ C0] RAX: ffffffffffffffda RBX: 00007efc1e535f80 RCX: 00007efc1e37dff9 [ 186.316299][ C0] RDX: 0000000000000003 RSI: 0000000020000c80 RDI: 0000000000000005 [ 186.324322][ C0] RBP: 00007efc1e3f0296 R08: 0000000000000000 R09: 0000000000000000 [ 186.332320][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 186.341408][ C0] R13: 0000000000000000 R14: 00007efc1e535f80 R15: 00007efc1e65fa28 [ 186.349471][ C0] [ 186.352520][ C0] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 186.359819][ C0] CPU: 0 UID: 0 PID: 7621 Comm: syz.4.604 Not tainted 6.12.0-rc1-syzkaller-00330-gfc20a3e57247 #0 [ 186.370425][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 09/13/2024 [ 186.380763][ C0] Call Trace: [ 186.384061][ C0] [ 186.386927][ C0] dump_stack_lvl+0x241/0x360 [ 186.391639][ C0] ? __pfx_dump_stack_lvl+0x10/0x10 [ 186.396865][ C0] ? __pfx__printk+0x10/0x10 [ 186.401571][ C0] ? _printk+0xd5/0x120 [ 186.405759][ C0] ? __init_begin+0x41000/0x41000 [ 186.410807][ C0] ? vscnprintf+0x5d/0x90 [ 186.415167][ C0] panic+0x349/0x880 [ 186.419096][ C0] ? __warn+0x177/0x4e0 [ 186.423317][ C0] ? __pfx_panic+0x10/0x10 [ 186.427762][ C0] ? show_trace_log_lvl+0x3b2/0x410 [ 186.433004][ C0] __warn+0x34b/0x4e0 [ 186.437020][ C0] ? __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 [ 186.443475][ C0] report_bug+0x2b3/0x500 [ 186.447837][ C0] ? __mptcp_move_skbs_from_subflow+0x20a9/0x21f0 [ 186.454297][ C0] handle_bug+0x60/0x90 [ 186.458489][ C0] exc_invalid_op+0x1a/0x50 [ 186.463020][ C0] asm_exc_invalid_op+0x1a/0x20 [ 186.467906][ C0] RIP: 0010:__mptcp_move_skbs_from_subflow+0x20a9/0x21f0 [ 186.474962][ C0] Code: 0f b6 dc 31 ff 89 de e8 d5 d8 e7 f5 89 d8 48 81 c4 50 01 00 00 5b 41 5c 41 5d 41 5e 41 5f 5d c3 cc cc cc cc e8 b8 d5 e7 f5 90 <0f> 0b 90 e9 47 ff ff ff e8 aa d5 e7 f5 90 0f 0b 90 e9 99 e0 ff ff [ 186.494595][ C0] RSP: 0018:ffffc90000006db8 EFLAGS: 00010246 [ 186.500693][ C0] RAX: ffffffff8bad00b8 RBX: 00000000000055f0 RCX: ffff888063259e00 [ 186.508698][ C0] RDX: 0000000000000100 RSI: 00000000000081e5 RDI: 00000000000055f0 [ 186.516693][ C0] RBP: 1ffff1100b88c01e R08: ffffffff8bacf0b2 R09: 1ffff1100b88c028 [ 186.524692][ C0] R10: dffffc0000000000 R11: ffffed100b88c029 R12: 0000000000000000 [ 186.532692][ C0] R13: dffffc0000000000 R14: 0000000024f35a58 R15: 00000000000081e5 [ 186.540699][ C0] ? __mptcp_move_skbs_from_subflow+0x10a2/0x21f0 [ 186.547152][ C0] ? __mptcp_move_skbs_from_subflow+0x20a8/0x21f0 [ 186.553604][ C0] ? __mptcp_move_skbs_from_subflow+0x20a8/0x21f0 [ 186.560092][ C0] mptcp_data_ready+0x29c/0xa90 [ 186.564973][ C0] ? __sk_mem_raise_allocated+0x2be/0x1140 [ 186.570812][ C0] ? __pfx_mptcp_data_ready+0x10/0x10 [ 186.576233][ C0] subflow_data_ready+0x34a/0x920 [ 186.581286][ C0] ? __pfx_subflow_data_ready+0x10/0x10 [ 186.586861][ C0] ? tcp_grow_window+0x1a1/0xb00 [ 186.591832][ C0] ? tcp_data_ready+0x15b/0x4e0 [ 186.596714][ C0] tcp_data_queue+0x20fd/0x76c0 [ 186.601615][ C0] ? tcp_urg+0x100/0x450 [ 186.605894][ C0] ? __pfx_tcp_data_queue+0x10/0x10 [ 186.611142][ C0] ? __pfx_tcp_urg+0x10/0x10 [ 186.615770][ C0] ? ktime_get+0x9b/0xb0 [ 186.620046][ C0] tcp_rcv_established+0xfba/0x2020 [ 186.625473][ C0] ? __pfx_tcp_rcv_established+0x10/0x10 [ 186.631137][ C0] ? do_raw_spin_lock+0x14f/0x370 [ 186.636219][ C0] tcp_v4_do_rcv+0x96d/0xc70 [ 186.640861][ C0] tcp_v4_rcv+0x2dc0/0x37f0 [ 186.645444][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 186.650336][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 186.655230][ C0] ? __pfx_tcp_v4_rcv+0x10/0x10 [ 186.660107][ C0] ip_protocol_deliver_rcu+0x22e/0x440 [ 186.665598][ C0] ? ip_local_deliver_finish+0x230/0x5f0 [ 186.671437][ C0] ip_local_deliver_finish+0x341/0x5f0 [ 186.676937][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 186.682948][ C0] NF_HOOK+0x3a4/0x450 [ 186.687068][ C0] ? NF_HOOK+0x9a/0x450 [ 186.691253][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 186.695890][ C0] ? __pfx_ip_local_deliver_finish+0x10/0x10 [ 186.701912][ C0] ? ip_rcv_finish+0x406/0x560 [ 186.706720][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 186.711870][ C0] NF_HOOK+0x3a4/0x450 [ 186.715982][ C0] ? __lock_acquire+0x1384/0x2050 [ 186.721052][ C0] ? NF_HOOK+0x9a/0x450 [ 186.725245][ C0] ? __pfx_NF_HOOK+0x10/0x10 [ 186.729866][ C0] ? ip_rcv_core+0x801/0xd10 [ 186.734487][ C0] ? __pfx_ip_rcv_finish+0x10/0x10 [ 186.739633][ C0] ? __pfx_ip_rcv+0x10/0x10 [ 186.744164][ C0] __netif_receive_skb+0x2bf/0x650 [ 186.749403][ C0] ? __pfx_lock_acquire+0x10/0x10 [ 186.754469][ C0] ? __pfx___netif_receive_skb+0x10/0x10 [ 186.760138][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 186.766167][ C0] ? __pfx_lock_release+0x10/0x10 [ 186.771229][ C0] ? _raw_spin_lock_irq+0xdf/0x120 [ 186.776391][ C0] process_backlog+0x662/0x15b0 [ 186.781285][ C0] ? process_backlog+0x33b/0x15b0 [ 186.786365][ C0] ? __pfx_process_backlog+0x10/0x10 [ 186.791686][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 186.797707][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 186.804075][ C0] __napi_poll+0xcb/0x490 [ 186.808440][ C0] net_rx_action+0x89b/0x1240 [ 186.813172][ C0] ? __pfx_net_rx_action+0x10/0x10 [ 186.818318][ C0] ? sched_clock+0x4a/0x70 [ 186.822789][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 186.829164][ C0] handle_softirqs+0x2c5/0x980 [ 186.833970][ C0] ? do_softirq+0x11b/0x1e0 [ 186.838508][ C0] ? __pfx_handle_softirqs+0x10/0x10 [ 186.843858][ C0] do_softirq+0x11b/0x1e0 [ 186.848218][ C0] [ 186.851169][ C0] [ 186.854116][ C0] ? __pfx_do_softirq+0x10/0x10 [ 186.858995][ C0] ? __pfx_lockdep_softirqs_on+0x10/0x10 [ 186.864663][ C0] ? rcu_is_watching+0x15/0xb0 [ 186.869454][ C0] __local_bh_enable_ip+0x1bb/0x200 [ 186.874693][ C0] ? dev_hard_start_xmit+0x773/0x7e0 [ 186.880008][ C0] ? __dev_queue_xmit+0x2da/0x3ed0 [ 186.885158][ C0] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 186.891010][ C0] ? __dev_queue_xmit+0x2da/0x3ed0 [ 186.896157][ C0] __dev_queue_xmit+0x171d/0x3ed0 [ 186.901225][ C0] ? __dev_queue_xmit+0x2da/0x3ed0 [ 186.906366][ C0] ? __lock_acquire+0x1384/0x2050 [ 186.911463][ C0] ? __pfx___dev_queue_xmit+0x10/0x10 [ 186.916892][ C0] ? mark_lock+0x9a/0x360 [ 186.921253][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 186.927281][ C0] ? ip_finish_output2+0xa14/0x1390 [ 186.932522][ C0] ? ip_finish_output2+0x45f/0x1390 [ 186.937752][ C0] ip_finish_output2+0xd41/0x1390 [ 186.942817][ C0] ? ip_finish_output2+0x45f/0x1390 [ 186.948055][ C0] ? __pfx_ip_finish_output2+0x10/0x10 [ 186.953627][ C0] ? ip_skb_dst_mtu+0x6ba/0x9b0 [ 186.958499][ C0] ? __ip_finish_output+0x349/0x400 [ 186.963726][ C0] __ip_queue_xmit+0x118c/0x1b80 [ 186.968677][ C0] ? __pfx_mptcp_write_options+0x10/0x10 [ 186.974322][ C0] ? __ip_queue_xmit+0x5f/0x1b80 [ 186.979309][ C0] ? __pfx_ip_queue_xmit+0x10/0x10 [ 186.984461][ C0] __tcp_transmit_skb+0x2544/0x3b30 [ 186.989714][ C0] ? __pfx___tcp_transmit_skb+0x10/0x10 [ 186.995316][ C0] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 187.001334][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 187.007715][ C0] ? tcp_init_tso_segs+0xde/0x1a0 [ 187.012778][ C0] tcp_write_xmit+0x641d/0x6bf0 [ 187.017677][ C0] ? ipv4_mtu+0x2bc/0x3d0 [ 187.022061][ C0] ? tcp_current_mss+0x29b/0x4d0 [ 187.027035][ C0] ? __pfx_tcp_current_mss+0x10/0x10 [ 187.032365][ C0] ? __pfx_tcp_data_queue+0x10/0x10 [ 187.037619][ C0] __tcp_push_pending_frames+0x9b/0x360 [ 187.043205][ C0] ? ktime_get+0x9b/0xb0 [ 187.047486][ C0] tcp_rcv_established+0x1026/0x2020 [ 187.052814][ C0] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 187.059189][ C0] ? __pfx_tcp_rcv_established+0x10/0x10 [ 187.065045][ C0] tcp_v4_do_rcv+0x96d/0xc70 [ 187.069666][ C0] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 187.074800][ C0] __release_sock+0x214/0x350 [ 187.079515][ C0] release_sock+0x61/0x1f0 [ 187.084059][ C0] __mptcp_push_pending+0x6b5/0x9f0 [ 187.089303][ C0] ? __mptcp_push_pending+0x341/0x9f0 [ 187.094714][ C0] ? __pfx___mptcp_push_pending+0x10/0x10 [ 187.100465][ C0] ? __virt_addr_valid+0x183/0x530 [ 187.105606][ C0] ? __virt_addr_valid+0x183/0x530 [ 187.110745][ C0] ? __virt_addr_valid+0x45f/0x530 [ 187.115895][ C0] ? __check_object_size+0x48e/0x900 [ 187.121222][ C0] mptcp_sendmsg+0x10bb/0x1b10 [ 187.126072][ C0] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 187.131222][ C0] ? sock_rps_record_flow+0x1a/0x400 [ 187.136640][ C0] ? inet_sendmsg+0x330/0x390 [ 187.141361][ C0] __sock_sendmsg+0x1a6/0x270 [ 187.146077][ C0] sock_write_iter+0x2d7/0x3f0 [ 187.150882][ C0] ? __pfx_sock_write_iter+0x10/0x10 [ 187.156388][ C0] ? futex_wait_queue+0x14e/0x1d0 [ 187.161447][ C0] ? futex_unqueue+0xcb/0xf0 [ 187.166091][ C0] do_iter_readv_writev+0x600/0x880 [ 187.171332][ C0] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 187.177183][ C0] ? bpf_lsm_file_permission+0x9/0x10 [ 187.182668][ C0] ? security_file_permission+0x74/0x280 [ 187.188341][ C0] ? rw_verify_area+0x1c3/0x6f0 [ 187.193232][ C0] vfs_writev+0x376/0xba0 [ 187.197605][ C0] ? __pfx_vfs_writev+0x10/0x10 [ 187.202482][ C0] ? __local_bh_enable_ip+0x168/0x200 [ 187.207912][ C0] ? fdget_pos+0x19a/0x320 [ 187.212360][ C0] do_writev+0x1b1/0x350 [ 187.216642][ C0] ? __pfx_do_writev+0x10/0x10 [ 187.221426][ C0] ? do_syscall_64+0x100/0x230 [ 187.226188][ C0] ? do_syscall_64+0xb6/0x230 [ 187.230863][ C0] do_syscall_64+0xf3/0x230 [ 187.235364][ C0] ? clear_bhb_loop+0x35/0x90 [ 187.240042][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.245942][ C0] RIP: 0033:0x7efc1e37dff9 [ 187.250355][ C0] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.269980][ C0] RSP: 002b:00007efc1f143038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 187.278456][ C0] RAX: ffffffffffffffda RBX: 00007efc1e535f80 RCX: 00007efc1e37dff9 [ 187.286470][ C0] RDX: 0000000000000003 RSI: 0000000020000c80 RDI: 0000000000000005 [ 187.294481][ C0] RBP: 00007efc1e3f0296 R08: 0000000000000000 R09: 0000000000000000 [ 187.302568][ C0] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 187.310568][ C0] R13: 0000000000000000 R14: 00007efc1e535f80 R15: 00007efc1e65fa28 [ 187.318587][ C0] [ 187.321866][ C0] Kernel Offset: disabled [ 187.326308][ C0] Rebooting in 86400 seconds..