last executing test programs: 11.222640107s ago: executing program 0 (id=292): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4e, &(0x7f0000000100)=0x8, 0x4) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @private1={0xfc, 0x1, '\x00', 0x1}, 0x2}, 0x1c) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r2) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r4, 0x89a0, &(0x7f00000001c0)={'veth0_to_bond\x00'}) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000000)={'syzkaller0\x00', 0x0}) setsockopt$packet_add_memb(r4, 0x107, 0x1, &(0x7f0000000100)={r5, 0x2, 0x6}, 0x10) r6 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x89a1, &(0x7f0000000040)={'syzkaller0\x00'}) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f00000000c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r3, 0x1, 0x70bd2d, 0x0, {{}, {@val={0x8, 0x3, r7}, @void}}, [@NL80211_ATTR_IFTYPE={0x8, 0x5, 0xc}]}, 0x24}, 0x1, 0x0, 0x0, 0x24004084}, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r8, 0x8933, &(0x7f0000000780)={'netdevsim0\x00', 0x0}) r11 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r11, 0xae03, 0xaf) sendmsg$nl_route_sched(r9, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r10, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) sendmsg$nl_route(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x137b}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @geneve={{0xb}, {0x10, 0x2, 0x0, 0x1, [@IFLA_GENEVE_PORT={0x6, 0x5, 0x4e20}, @IFLA_GENEVE_COLLECT_METADATA={0x4}]}}}]}, 0x40}}, 0x40800) 10.594965418s ago: executing program 0 (id=296): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = gettid() prctl$PR_SCHED_CORE(0x3e, 0x1, r2, 0x3, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) io_setup(0xffff, &(0x7f0000000100)) syz_emit_ethernet(0x4a, &(0x7f0000000140)=ANY=[], 0x0) r3 = openat2(0xffffffffffffff9c, &(0x7f0000000140)='./file0\x00', &(0x7f0000000180)={0x22580, 0x44, 0x3}, 0x18) r4 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000080)={'netdevsim0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x25dfdbfd, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x1}}, [@qdisc_kind_options=@q_cbs={{0x8}, {0x1c, 0x2, @TCA_CBS_PARMS={0x18, 0x1, {0xc7, '\x00', 0x86dc, 0x3, 0x100, 0xc}}}}]}, 0x48}}, 0x4000010) sendmsg$kcm(r3, &(0x7f0000001540)={&(0x7f00000001c0)=@xdp={0x2c, 0x8, r5, 0x1e}, 0x80, &(0x7f00000014c0)=[{0xffffffffffffffff}, {&(0x7f0000000240)="44abf3661100d2763b4d0a610d62dae66a348bf01622d93b9b5c0f6e38b656ed5081382bcf9e8e17a78ffd4c6d54b1087b83cdfd3abf6d97ecfccf37e04dec098f5aad189487f1bd0318cc10ce18f4ee00ab22959b03811d6f2bb02b01ad01256dc0b7a0953a6500bdad958d54e3271c8d3ed0941da9a944e8443a6f2670bd16572ef01b214d0d3b6c88cf4e1ac8a85339b724ce3d029f37baf59e60ccdc643a09534847d30ebf74fa06abbe3f6085e9eb31a66f18fcc32f93935679fa3a8fc00214be49f0b61ea142141bdafd4631eed68ff18622bf8ed24bfba9119e9f5612b806a8411d201f7703a4a795a972e71048683af74ae6ae79db7d5dffd7c82213db1892b0e6aff630ac5c2cacfbc79371f18378a1bf50afcd233ba1559389b77b4221172af33bcfdc4d5e29f177c5c11db0833765ffee5be2d89ab2e820666a10cec886934cb7bf9f047b69b6d77e7f4ef0916e55ac7bd7106359e2dab4b58974c0594355f12bd52e6d4f0f5de62a99c31fb60e6d87c808e53fd46bfdc01a52fd348e3ea9d9ebee7ef87729ff8f658b387451ac56a5d75eb9b324c8cf46c0260430f6ec148971dd1c31c705f251e416eeb0797cd7c21531187cff9f03d827d7e3a9d53d43a8d2bc2ea552a9e7d2dd311caf979af2f737c82bf1d28949fc87eb0c5d3c88673baf115fbe391f4672cb60a2ed24f47a1be500dedef73de82372a92f7dba7efc1b071d83e4cc5603396cd3942b37ebf7f25bd73efd8c3e5af0f0d6cf2184c90a9783e026d2abd238007bc3b6a6399063ca7d1c23910d2fd8da7062f7ec2fd4dc43b4a4bc371b73490430c31b2809413550aa7591f25f6bd70fe5efc3fae4f77f557ef2135e6ebbef3d8f9cf3a94c4a5977ca66708a7cbe48133d17e94558e1dd0c15dfaf743c20d8517223ce81028c78684683da7ac8ae0a4c7c6f1a92216940dd969561d27f3497e83aae27b0538b87170b8e4d47e1f307a0520a84ae671911112815eec6118df4e7ff43642279695bed5216a473e0c2d0578ff4894aa0b2bc40057335b4c121a311a4da24c4820bc669dae7cb545d99eb23d60669f5356bc788db5afbe58ab67c48a85b9561232a97f8df36b0163b46513dc82cd6a9e981dbae11fd195318673ba022deac5f130aebc925552c227bbd71d7578d7bbc4f7aad84e9f41fc739a2d84ac181ab6027271ec2f12e7f39951b4b1226439e33bbba28e547da21ed1f0c679fa356e0477285b7d0054b154fffc34f79f50bde14c1763d9546a7b3cfb46e350ed55bc86d7dbde1cb67f7b84a2724403fbc82f1970895d83028e68855e37e8689ccca5fab017715bcb5a6f9bbb45ae94d71af6f80f3a87db3ed39fb9c573fda313915293abdd5a1d91a0d54c3310e4e0f39fd78f260234346dcd00f1b9cdf5236e3c868daf6f657949fbf265a7d91686438a90a1bb096953747f718935a4fead039c4b6e3720c2edcbaf3d6fa848d8fa4208c046a9f67d269b50ddc03c022182f6fe4dc6e43dc7813773defecdc6264c28b2e3ce9e77a459adb84146541c12f3c37f97a9fb0c9969385c8d2170521c64af4f1fe66de234225df75134c909954b8e6ba6ed61fb2ad83bc85d8ae2c79fd5775727764107c1c3bb02b1dc12137c4ca3dabb118a52541bab16a39c1fe8c48a670cd48f74159009670232fd4be71297102d7abfbd83ee683a5b9d9e7c1bb8d6b7890c443a380cc94aec9056776a49879e96459bbca4d1f47195dc4785aa0531749235a821b9be1b6b9c98290e40a60c032087e7a7ed88b89cab74ad7caa72ccea5fd5a8a4436d4ee290091a68f1579a3125f5a5da738aea0c6953ffa8761f03cdabd731efc831e56f1a9bae88878748ee884ae7ed4fa5424805981bcc5907aa823f82f7c21001c7e86acf2b00d8073099db0f3bff4aee42082a7d971ff2de40542a1efaf0b785271ed80ad5dcd816a6ea589522190761c225c8f8c4f93e1d71de4bd645757fa61be80d6d8f115671a1f3622d18a6efb464291dd4d987e920f1b57b868009353a92bafd1327264d7d709271c2d6f1e601bf2c4f05cc5f00a844fb4a00b66b600232e5ec7a7f8f3295a30c159d737c95a51d2dfc418042bc61d8d84c8791a3207e266eecd2d79e690ae28731190d83ffd6749ae7214a9b524491c43249f87105709b470520d2e565031f89905a95b0159f38a9522bc45007962ea5282df4e0624eb9bdac132963962932a5204f730f49e5d3863466cebf7d687ae8c60770fa1174131f490751e9c17c65d708bd325737994bb3dac07704175e4abb3a7cba4558ae62c179a3a33c1eafd1ecaf98461bb3a540d65c47b31eb5c268afbaaf4f18863dfd13039924c71ac104602c02ba734d00ed8fc6fc2b553792aa54e720bb905b49621c6a5438f5aadcf4715d25819ca29e62ff382e837932a21cbfb25820c926186fb67d83dec5e44c26a0a23762a196384dfb33675d372f080d0a339bee7b4e69502fefc853a3cef905a3935e01e3f74c294d0278e2b062e371ff6bb09d2313f93d76cde46d21bde964bf4ee2078c5f7daae6d493acfeae4bbaa885d494cdcceeea1539a8933e999f24b4fac3ea99b266c05f99f398d378c79dc4dad8613ccd5541602e5d650f65796bab70bdbf6e82da10be83f673fc5c8e66c5bcb16175c4867bebcce529685bb18f70a0d0573dc032aacc15795c295b126d8db3d1781e5da9046b61fad03a960eb0e0fa928c9ecdd87602bb1f658ddec54343f313d4da7504e9485ee20cf35c682c75541310067e9d518c89f1642bc3fb311e8058164911d9bd4afa0dfb6b9fe99c7554e471382af84e28bf427d0ce3562a6286e7bce257a2205b68c278a3b8c10b6f274c32de3fa2826df4b9503cc4c0be813a2367472e99f71650299f302de385e3b242a28324c3258c8c9a336dc9f2e4aecff55d679e825387615422ef845147d045f9512a72da1cd656b9fb5f907277713c9c671b17e8c5ad226181f1ee5b5edeede85c611331e0389168f8c754074dade5692ec4df1e1125ef56ebe90f7c17f72052718714fd2fce17814530fe7a56b79e95b0c97c89f046df3eece2428dc79ddd36e0b204212f48c230ba4da310e786f87b9c9e02d0e7cf0a0cf9270a44ac5c01357b1c63c0c8c418c5e62451972366f21e6878a4e15edb303d3d72cba5d7d0a6d663d9ee62a00992bd2ca13df8894724a40d0766280b41b1e40997ddf7c64675316af9e33531e7578417b0465315e29fe2dc8e2791ceecc22dbefb19b9320ba6bbb019e581893f44d3a2d1d24a93484bd30bd8ab848993105b6017b9e0a386d62296e39fdc8d96febe9b41f7815b7b6c24749f83d2f9fcaeaa6dba4896161adf4e805e574125d8261521f4e5504aba8f7b1b605a40a8be1cfe9aa6b0b8b68c8fece57e328a04f5c98c458a24ca14addbb5204e75ff126976babfded0233f517b893f73203cd98a3a780255b9e052a2664e73ae1745914da637401fc71ebc5834b7da1f78238f6bc57e0955b5711a591d62ab3f92dfac95b9423e41d5e107d437495c38bb5fbd64448c66889539239bb22ef4c172e2de11f462e7c2afeee983e9a132cadfdc2ab6511761e85d113bc95a4a1be00edc7d80d95487742872d87a05bff95b2b792e58ee265972f65ad7b263ccf4d1e392dc734d304f32bb6ecff82ccd0b36c0e9bd38d58d68537dd4532a7e8304ee95c037e66967624412f2f082c7aef2a4420640fea60ee7228af717503e3685aef85e577601c5455fd87b43fd0d21fe30338fdd3548506c54a995678671dd4473f096016649ec6bc9eb6c9a5a972cdf931882c56913620a505147946bede294475bf5e9fbebcc79e0a108bf308ac2af86e0078e22b69f0e941704bca1c1537ca92d89497ec2a16708c1cd683abb8ef9c03cc2adb426fe732cbc3c98a679f802d8b2aba69ca3217ea9166cc6f0c2a2e0f8e2a23ba042aea09ad39765d1ff764f359bc7ab24c34a4e7c2d097d3cfec5567fa0c7908656cf88d90b4bd9ca986e38ae4c7a445e962ba92518ce3b8e98c796e334939c6f2079d17d3b44b5e49c29c4616edc2b7f1cef25364b341ac86bd98cf813c7b78f6a8117b8a738d59075943d1a3610f3032c550a00ebbd02ce0bfe407b20719dac59a4a727aa6bb38fd0090a99c4bd22ed90b86816454d2c4da918c0e4508e2cf024e53e535b46e8067f1bbc6366127f7413812c42e6775263ba6e30fb9871de10111db15f40fbc33ebb962309d788b5ab214145bf5cdd913c9eb6d1bf23227f02fb082b8bc2d67b33efdbdd6fbf5f2c146ed6dd534ffb8e143fa96b33158c25e104b5772899790f3d4f465", 0xc00}, {&(0x7f0000001240)="e2c9cbd97096393d4678030613e6fd82b94002b84a7e94c4566c3ebcdd44b195656f1e8f2139e52f7210cdd1d050c0105526b818da4ee2670c5ae7352b1bd1efbe679d6f968e26b4a145c878b1de28d0f2c16d2b5fd825e49197d27444de53da735082", 0x63}, {&(0x7f00000012c0)="a272e325f95acbd5479f206f681d7d46da82f62648553d4fc4c298e3a1b0615869435c2312a4c9a249cb5daa398f08000f6c6fff660062a221635598ffccac7f8704ed659a3bee00fa24537ba3c59f1ef8681169817250142a3bf44c0789b3d5160a09ed97d86311ab0ec37d2796574efacdb05ca044e694fdd7eb44aaf242110e796d8b821030684ef579b862c0757903483b471c8b4925b63bec4f2a86652a6163cc62847189af04891d5ce5bd03de79b1e47b2ae09dbead6c517650cfaeff816537224f716ed2ec4774a0a4446797662164e055bfbe63fabd37e3cd770a2173784d279d7ba19eed6c4094e3c2087dc86772ccf7fc90721b775ab6", 0xfc}, {&(0x7f00000013c0)}, {&(0x7f0000001400)="e524b5b42f0da0eb5131b7c64abdb27a500942706c6267550e706937a70406a8d17717b1ec63e83ff9cd3b7c1006d9dc4e285c3cc576493056ad683dd6e757a45c1015f4ce1d88b5dbd43122104ae1905acb37ddf31c27d697831a785fd89eccae381c849bbb2f8f603b5624c11d0533a0b15ddcc7331605647a2ca421fb28da95402da956c8d190255e010de8b08fe0dc64dc55affc62142727338c7e", 0x9d}], 0x6}, 0x4000040) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) sendmsg$NFQNL_MSG_CONFIG(0xffffffffffffffff, 0x0, 0x0) openat(r3, &(0x7f00000013c0)='./file1\x00', 0x680602, 0x10) bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) keyctl$dh_compute(0x17, 0x0, &(0x7f00000000c0)=""/51, 0x33, 0x0) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x180300, 0x0) ioctl$FBIOPUT_VSCREENINFO(r6, 0x4601, &(0x7f0000000040)={0x191, 0x258, 0x1e0, 0x3f, 0x32, 0x1, 0x0, 0x0, {0x3e000000}, {}, {}, {}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x4}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, 0x0) r7 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r7, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x3e}, @in6=@loopback, 0x0, 0x0, 0xffff, 0x200, 0xa}, {0x2, 0x0, 0x0, 0x0, 0x5, 0x0, 0xffffffffffffffff, 0x100000}, {0x0, 0xfff, 0x3}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in=@initdev={0xac, 0x1e, 0x1, 0x0}, 0x3506, 0x0, 0x2, 0x3}}, 0xe8) connect$inet6(r7, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback}, 0x1c) 8.11575632s ago: executing program 1 (id=312): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000380)=ANY=[@ANYBLOB="6400000002060103000000000a00000000000000050001000700000016000300686173683a6e65742c706f72742c6e65740000000900020073797a30000000000500040000000000050005000a00000014000780050015000200000008001240"], 0x64}}, 0x0) 7.799769227s ago: executing program 1 (id=313): r0 = socket$nl_route(0x10, 0x3, 0x0) (async) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0xfffffffe, @ipv4={'\x00', '\xff\xff', @empty}}, 0x1c) listen(r1, 0xf) (async) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) (async) r3 = socket(0x10, 0x803, 0x0) (async, rerun: 64) r4 = socket$unix(0x1, 0x5, 0x0) (rerun: 64) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000006040)={0x0, 0x2f00, &(0x7f0000000300)={&(0x7f0000003500)=@newtfilter={0x74, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r5, {0xc, 0x4}, {}, {0x5, 0xf}}, [@filter_kind_options=@f_flow={{0x9}, {0x44, 0x2, [@TCA_FLOW_EMATCHES={0x40, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x34, 0x2, 0x0, 0x1, [@TCF_EM_CANID={0x14, 0x1, 0x0, 0x0, {{0x7, 0x7, 0x2}, {{0x0, 0x1, 0x0, 0x1}, {0x0, 0x1, 0x1, 0x1}}}}, @TCF_EM_META={0x1c, 0x2, 0x0, 0x0, {{0xfffb, 0x4, 0x2}, [@TCA_EM_META_HDR={0x32a, 0x1, {{0x5, 0xe, 0x2}, {0x0, 0x7, 0x2}}}, @TCA_EM_META_LVALUE={0x4}]}}]}]}]}}]}, 0x74}}, 0x20040054) (async) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000180)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x200000}, 0xc, &(0x7f0000000140)={&(0x7f0000000200)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x1}}, [@NFT_MSG_DELCHAIN={0x28, 0x5, 0xa, 0x5, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFTA_CHAIN_TYPE={0xb, 0x7, 'filter\x00'}, @NFTA_CHAIN_POLICY={0x8, 0x5, 0x1, 0x0, 0xfffffffffffffffc}]}, @NFT_MSG_NEWOBJ={0x20, 0x12, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0xa}, @NFT_OBJECT_CONNLIMIT=@NFTA_OBJ_NAME={0x9, 0x2, 'syz2\x00'}}, @NFT_MSG_DELFLOWTABLE={0x1c, 0x18, 0xa, 0x201, 0x0, 0x0, {0x6, 0x0, 0xa}, [@NFTA_FLOWTABLE_FLAGS={0x8, 0x7, 0x1, 0x0, 0x3}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x6}}}, 0x8c}, 0x1, 0x0, 0x0, 0x800}, 0x4000800) (async) setsockopt$sock_int(r1, 0x1, 0xf, &(0x7f0000000000)=0x8, 0x4) (async, rerun: 32) r7 = socket$igmp6(0xa, 0x3, 0x2) (rerun: 32) setsockopt$inet6_opts(r7, 0x29, 0x48, &(0x7f0000000540)=@dstopts={0x3c}, 0x8) (async) syz_emit_ethernet(0x36, &(0x7f00000001c0)={@local, @random="1a0e2c5ffd4d", @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @empty, @broadcast}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x11}}}}}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000e00)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000000c0)=ANY=[@ANYBLOB="30000000190001002abd70000000000080"], 0x30}}, 0x0) (async, rerun: 32) syz_usb_connect(0x5, 0x51, &(0x7f0000002d00)=ANY=[@ANYBLOB="120101020f4f07407b060323f5130102030109023f00010304e0030904130904ba95d287090508fb000306065709050610100406080709040483af0cf67b3f09058e0220000c08ff09050c12"], &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}) (rerun: 32) 7.512898061s ago: executing program 3 (id=314): r0 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$EBT_SO_SET_ENTRIES(r0, 0x0, 0x80, &(0x7f0000000b80)=@nat={'nat\x00', 0x19, 0x2, 0x27e, [0x200000000780, 0x0, 0x0, 0x2000000007b0, 0x2000000007e0, 0x8e01000000000000], 0x0, 0x0, &(0x7f0000000780)=[{0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xfffffffffffffffc}, {0x0, '\x00', 0x0, 0xffffffffffffffff, 0x1, [{0x0, 0x5, 0x18, 'veth1_virt_wifi\x00', 'veth0\x00', 'veth0\x00', 'ip_vti0\x00', @remote, [0x7f, 0x0, 0xff, 0xff, 0x0, 0xff], @dev={'\xaa\xaa\xaa\xaa\xaa', 0x43}, [0x0, 0xff, 0xff, 0x0, 0xff], 0xbe, 0xbe, 0x1ee, [@ipvs={{'ipvs\x00', 0x0, 0x28}, {{@ipv4=@loopback, [0xffffffff, 0xffffff00, 0xffffff00, 0xf06d13e53c527b98], 0x4e21, 0x6, 0x0, 0x4e23, 0x8, 0x4}}}], [], @common=@SECMARK={'SECMARK\x00', 0x108, {{0x1, 0x6, 'system_u:object_r:scanner_device_t:s0\x00'}}}}]}]}, 0x2f6) 7.420486101s ago: executing program 0 (id=315): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = socket$inet_dccp(0x2, 0x6, 0x0) getsockopt$inet_int(r1, 0x10d, 0xcb, &(0x7f0000000040), &(0x7f0000000080)=0x4) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r2, 0x0, &(0x7f0000000040)) r3 = syz_genetlink_get_family_id$devlink(&(0x7f0000000140), 0xffffffffffffffff) sendmsg$DEVLINK_CMD_TRAP_GROUP_SET(r2, &(0x7f00000001c0)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x100000}, 0xc, &(0x7f0000000180)={&(0x7f0000000280)={0x124, r3, 0x10, 0x70bd27, 0x25dfdbfe, {}, [{@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5, 0x83, 0x1}}, {@pci={{0x8}, {0x11}}, {0xd}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0xd}, {0x5}}]}, 0x124}, 0x1, 0x0, 0x0, 0x8000}, 0x20004000) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000040)={{0x14}, [@NFT_MSG_NEWRULE={0x88, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2, 0x0, 0x5}, [@NFTA_RULE_EXPRESSIONS={0x5c, 0x4, 0x0, 0x1, [{0x38, 0x1, 0x0, 0x1, @log={{0x8}, @val={0x2c, 0x2, 0x0, 0x1, [@NFTA_LOG_QTHRESHOLD={0x6}, @NFTA_LOG_QTHRESHOLD={0x6, 0x4, 0x1, 0x0, 0x5}, @NFTA_LOG_PREFIX={0x8, 0x2, 0x1, 0x0, 'osf\x00'}, @NFTA_LOG_PREFIX={0x6, 0x2, 0x1, 0x0, '\xfb\x00'}, @NFTA_LOG_PREFIX={0x8, 0x2, 0x1, 0x0, 'nat\x00'}]}}}, {0x20, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}, @NFTA_NAT_REG_PROTO_MIN={0x8, 0x5, 0x1, 0x0, 0x17}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0xb0}, 0x1, 0x0, 0x0, 0x850}, 0x0) openat$ptp0(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) syz_emit_ethernet(0xbe, &(0x7f0000000800)={@local, @remote, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x3f, 0xb0, 0x64, 0x0, 0x0, 0x11, 0x0, @empty, @broadcast}, {0x0, 0x4e22, 0x23, 0x0, @wg=@initiation={0x1, 0xffffffff, "c63585e7526aab9d42a8b6769138c30a26cd9a7a0950c019b7a55e8a8bfb3e7f", "b87b7a3b656030ba78a7fe3fc60f0232ad2ea02820b11bc983859cfd0f5885df6fe0994fe153a52dcd2c9a84cf7c7741", "874427be29c95b93303cd1be9716d01efc0c9ca574199dd700", {"45227a29c5acbb706c8d97cd14ba0aa2", "2984e0aeafde90bd933b89b3a4beac08"}}}}}}}, 0x0) 7.375597009s ago: executing program 0 (id=316): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, &(0x7f0000000180)={{0x80}, 'port0\x00', 0x7e, 0xa1c07, 0x6, 0xb97, 0x100000}) r2 = epoll_create(0x101) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x40000014}) r3 = syz_open_dev$video(&(0x7f0000000000), 0x7, 0x0) ioctl$VIDIOC_S_PARM(r3, 0xc0cc5616, &(0x7f00000000c0)={0x9, @output={0x0, 0x0, {0x6, 0x9}, 0x6, 0xed5c}}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) socket$inet(0x2, 0x6, 0x3) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) r4 = syz_open_dev$usbfs(&(0x7f0000000100), 0x75, 0x40082) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000200), 0xffffffffffffffff) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r7, 0x8933, &(0x7f0000000280)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_TRIGGER_SCAN(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r6, @ANYBLOB="050000000000000000002100000008000300", @ANYRES32=r8, @ANYBLOB="08009e00e512"], 0x24}}, 0x0) ioctl$USBDEVFS_CLAIM_PORT(r4, 0x80045518, &(0x7f0000000000)=0x1) mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) r9 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000300), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB, @ANYRESHEX=r9, @ANYRESDEC=0x0, @ANYBLOB=',group_i', @ANYRESDEC=0x0]) r10 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r10, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x7a000}], 0x300, 0x33000, 0x0, 0x3) write$P9_RXATTRWALK(r10, &(0x7f0000000240)={0xf, 0x1f, 0x2, 0x3}, 0xf) 7.355175259s ago: executing program 3 (id=317): r0 = socket$inet6_udplite(0xa, 0x2, 0x88) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000000)=@raw={'raw\x00', 0x3c1, 0x3, 0x2b8, 0x120, 0x111, 0x4b4, 0x120, 0xd4feffff, 0x1e8, 0x20a, 0x278, 0x1e8, 0x278, 0x3, 0x0, {[{{@ipv6={@empty, @empty, [0x0, 0x0, 0xffffffff], [], 'ipvlan0\x00', 'team_slave_0\x00', {}, {0xff}, 0x6}, 0x0, 0xf8, 0x120, 0x0, {0x4000000000000}, [@common=@ipv6header={{0x28}, {0x34, 0x6a}}, @inet=@rpfilter={{0x28}, {0x2}}]}, @common=@inet=@TCPMSS={0x28}}, {{@ipv6={@private1, @private1={0xfc, 0x1, '\x00', 0x1}, [0x0, 0x0, 0x0, 0xffffffff], [], 'xfrm0\x00', 'veth0_to_bond\x00', {}, {}, 0x0, 0xff, 0x0, 0x8}, 0x0, 0xa8, 0xc8}, @unspec=@NOTRACK={0x20}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x318) 7.220598955s ago: executing program 1 (id=318): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000ac0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a78000000060a09040000000000000000020000004c000480300001800e000100696d6d6564696174650000001c000280100002800c00028008000180000000000800014000000000180001800d00010073796e70726f787900000000040002800900010073797a30000000000900020073797a320000000014000000110001"], 0xa0}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000a40)=ANY=[@ANYBLOB="140000001000010000000000000000000700000a14000000010aff010000000000000000020000011400000011000100"], 0x3c}, 0x1, 0x0, 0x0, 0x4011}, 0x4000094) 7.192910037s ago: executing program 1 (id=319): r0 = ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x1) ioctl$KVM_RUN(r0, 0xae80, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$ARPT_SO_SET_ADD_COUNTERS(r1, 0x0, 0x61, &(0x7f0000000440)={'filter\x00', 0x4}, 0x64) unshare(0x10010600) ioctl$SOUND_MIXER_READ_DEVMASK(0xffffffffffffffff, 0x80044dfe, &(0x7f00000000c0)) syz_usb_connect(0x0, 0x24, &(0x7f0000002e80)=ANY=[@ANYBLOB="120100004d0900207d07681b55b70102030120020500"], 0x0) ioctl$KVM_CAP_X86_DISABLE_EXITS(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000000)={0x8f, 0x0, 0xa}) setsockopt$inet_tcp_int(r1, 0x6, 0x17, &(0x7f0000000080)=0x7, 0x4) 7.191836426s ago: executing program 3 (id=320): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) write$uinput_user_dev(r1, &(0x7f0000000800)={'syz1\x00', {0x0, 0x0, 0x1}, 0x0, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x296, 0x970, 0x0, 0x0, 0x10, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x6], [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfffffffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x80000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffff], [0x4, 0xfc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x200, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x74e2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x930, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x2, 0xbd, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffe900, 0x0, 0x0, 0x101, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe]}, 0x45c) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x15) r2 = socket$kcm(0x10, 0x2, 0x0) r3 = openat$kvm(0xffffff9c, &(0x7f0000000140), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_MSRS(r5, 0x4008ae89, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000b10000400008000007"]) sendmsg$kcm(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000440)=[{&(0x7f0000000200)="cb000000150081054e81f782db44b904021f08010a000000040000a118000200ac141414ffff0d1208000f0100810401880016ea1f0006ea7f400303000803600cfab94dcf5c046181d67f6f94007134cf6ee080005c4ab0f45312b3429fa0e408f456211bef32d4760000000000cb090000001fb791643a5ee4001b146218a07445d6d930dfe1d9d322fe7c9fd60100730d16a4683f5aeb4edbb57a5025ccca9e00360db70100000040fad95667e0060000000000000080bb9ad809d5e1cace81ed0bffece0b42a9ecbee", 0xcb}], 0x1, 0x0, 0x0, 0x7400}, 0x44804) ioctl$UI_DEV_CREATE(r1, 0x5501) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)=ANY=[@ANYBLOB="600000000206050000000000000000000000000005000100070000000900020073797a3000000000140007800800124040000000080013400000000014000300686173683a69702c706f72742c6970000500050002000000050004"], 0x60}}, 0x0) 7.031269646s ago: executing program 4 (id=321): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)={0x5c, 0x2, 0x6, 0x5, 0xa, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x10, 0x3, 'bitmap:port\x00'}, @IPSET_ATTR_REVISION={0x5, 0x4, 0x1}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz0\x00'}, @IPSET_ATTR_FAMILY={0x5}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6}, @IPSET_ATTR_PORT_TO={0x6}]}]}, 0x5c}}, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000001240)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000002440)=ANY=[@ANYBLOB="34000000090605000a0000000000f9ef000000000900020073797a300000000005000100060000000c00078006000440"], 0x34}}, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_ALLOC(r0, 0x7a8, 0x0) 6.908506475s ago: executing program 4 (id=322): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000680)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_attach_bpf(r1, 0x1, 0x4c, &(0x7f0000000000), 0x4) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$batadv(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$BATADV_CMD_GET_BLA_BACKBONE(r2, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r3, @ANYBLOB="030328bd7000000000000a000000040003"], 0x1c}, 0x1, 0x0, 0x0, 0x40}, 0x0) r4 = socket$inet6_dccp(0xa, 0x6, 0x0) bind$inet6(r4, &(0x7f00000000c0)={0xa, 0x4e24, 0xb0, @ipv4={'\x00', '\xff\xff', @private=0xa010102}, 0x8}, 0x1c) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0}, 0x0) recvmsg$unix(r1, &(0x7f0000000080)={0x0, 0x0, 0x0, 0x0, &(0x7f00000001c0)=[@rights={{0x14, 0x1, 0x1, [0xffffffffffffffff]}}], 0x18}, 0x0) ioctl$SIOCSIFHWADDR(r5, 0xff09, 0x0) 6.835301104s ago: executing program 4 (id=323): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000000000000000000400000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x8040) sendmsg$NFT_BATCH(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000007c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000ac4010000060a0b040000000000000000020000004c000480340001800b000100746172676574000024000280090001004d41524b000000000c00030002b51112d439c5920800024024000002140001800b0001006c6f6f6b75700000040002800900010073797a30000000000900020073797a3200000000f70007404884b24b02a8a7758a688958ed60ecfd057e10926ba77e5596b13e43cd4488e4aa68a75f7236ec205b6e4cac2a0d86c336bf07dbe861f4f57bcef92dcf818d532d4475b5daa4dadc1690f228e860bba5a0b5d9bde86862e8f7fc08f0debd4974c6fae7d737a0007ec948ac4d8714ebff6b25648fb910e0d6d07f023cf5fa4051627b9c5b69e265538f9ba683bf172a5ff815afa543c12e550a1bcc9287080c7c12cc89d216c56febb0b06134672ea6b0077c846396169475f271319988f49ec94f2996e5d0e1cb151fb223e556f10fb681d068e055eb34e5f8fc7a524ffe5f4632a6c74ad0fe0b1542497d76a5a4416c47805e001c0005800800014000000008080002"], 0x1ec}, 0x1, 0x0, 0x0, 0x4000840}, 0x0) 6.740732453s ago: executing program 4 (id=324): r0 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$swradio(&(0x7f0000000000), 0x1, 0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x0, 0x5d031, 0xffffffffffffffff, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$devlink(&(0x7f00000001c0), r3) sendmsg$DEVLINK_CMD_RATE_SET(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000040)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="010000000000000000002a00000008005800000000000e0001006e657464657673696d0000000f0102006e657464657673696d300000080003b885001000"], 0x44}, 0x1, 0x0, 0x0, 0x4001}, 0x0) r5 = socket$inet6_sctp(0xa, 0x1, 0x84) syz_io_uring_setup(0x5169, &(0x7f0000000200)={0x0, 0x0, 0x10100}, &(0x7f0000000100), &(0x7f0000000000)=0x0) setsockopt$inet_sctp6_SCTP_EVENTS(r5, 0x84, 0xb, &(0x7f0000000180)={0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x93}, 0xe) syz_io_uring_setup(0x43d4, &(0x7f0000000340), &(0x7f00000002c0)=0x0, &(0x7f0000000140)) syz_io_uring_submit(r7, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0xfffffffffffffe54}) ioctl$int_in(r5, 0x5452, &(0x7f0000000280)=0xffffffffffffffff) sendto$inet6(r5, &(0x7f0000000300)="8b", 0x34000, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @private1}, 0x1c) shutdown(r5, 0x1) close_range(r0, 0xffffffffffffffff, 0x0) 6.68855538s ago: executing program 3 (id=325): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x3, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x200) ioctl$KVM_SET_IRQCHIP(r1, 0x8208ae63, &(0x7f0000000780)={0x2, 0x0, @ioapic={0x10000, 0x0, 0x18000000, 0xeffffdff, 0x0, [{0x2, 0x0, 0xfc, '\x00', 0xff}, {0x0, 0x9, 0x80, '\x00', 0x7c}, {0xfc, 0x12, 0x4, '\x00', 0xb9}, {0x11, 0xb}, {}, {0x0, 0x0, 0x4, '\x00', 0x2}, {0xfd, 0x0, 0x6}, {}, {0x0, 0x8f, 0xf7, '\x00', 0xfc}, {0xa8, 0x6, 0x0, '\x00', 0x1}, {0xb}, {0x5, 0x99, 0x2, '\x00', 0xff}, {0x0, 0x0, 0x2, '\x00', 0x3}, {0x2, 0x0, 0x6}, {0xc3, 0x0, 0x0, '\x00', 0x49}, {0x0, 0x21, 0x80, '\x00', 0x5}, {0x3}, {0x0, 0x2, 0x6, '\x00', 0x10}, {0x48, 0x0, 0xd}, {0x0, 0x80}, {0x0, 0x2, 0x0, '\x00', 0x37}, {0xfd, 0x9, 0x0, '\x00', 0x5}, {0x0, 0x2, 0x9}, {0x80, 0xff, 0x3, '\x00', 0x7}]}}) 6.399333785s ago: executing program 3 (id=326): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000040)={0x2c, r1, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_TX_RATES={0x10, 0x5a, 0x0, 0x1, [@NL80211_BAND_5GHZ={0xc, 0x1, 0x0, 0x1, [@NL80211_TXRATE_GI={0x5, 0x4, 0x37c0836dd0f14cf8}]}]}]}, 0x2c}}, 0x4041) 6.168940248s ago: executing program 3 (id=327): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[], 0xe8}}, 0x0) socket$pppoe(0x18, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) r3 = socket(0x22, 0x2, 0x4) recvmsg$kcm(r3, &(0x7f0000000400)={0x0, 0xffffffffffffff0b, 0x0}, 0x2141) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = gettid() ioctl$VIDIOC_S_FREQUENCY(0xffffffffffffffff, 0x402c5639, &(0x7f00000000c0)={0x0, 0x4, 0xfffffffe}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) pipe2(&(0x7f0000001400)={0xffffffffffffffff, 0xffffffffffffffff}, 0x400) vmsplice(r7, &(0x7f0000000140), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0xfffffffffffffffb) ioctl$KVM_GET_VCPU_EVENTS(r8, 0x4048aecb, &(0x7f0000000000)) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r4}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) syz_usbip_server_init(0x4) syz_usbip_server_init(0x1) syz_usbip_server_init(0x0) syz_usbip_server_init(0x4) syz_usbip_server_init(0x2) syz_usbip_server_init(0x2) syz_usbip_server_init(0x0) syz_usbip_server_init(0x6) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='freezer.state\x00', 0x275a, 0x0) 5.529966704s ago: executing program 2 (id=329): syz_usb_connect$hid(0x3, 0x36, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001ac0)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8000}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @veth={{0x9}, {0x4, 0x2, 0x0, 0x1, @void}}}, @IFLA_NUM_RX_QUEUES={0x8, 0x20, 0x334}]}, 0x3c}}, 0x0) (fail_nth: 60) 4.512967707s ago: executing program 4 (id=330): prctl$PR_SET_NO_NEW_PRIVS(0x43, 0x1) r0 = syz_io_uring_setup(0x34df, &(0x7f0000000d00)={0x0, 0x8d70, 0x1, 0x0, 0x106}, &(0x7f00000001c0), &(0x7f0000000d80)) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_TYPE(r1, &(0x7f0000000180)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x4000cd}, 0xc, &(0x7f0000000100)={&(0x7f0000000040)={0x44, 0xd, 0x6, 0x101, 0x0, 0x0, {0x1, 0x0, 0x6}, [@IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_TYPENAME={0xd, 0x3, 'hash:net\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x44}, 0x1, 0x0, 0x0, 0x804}, 0x4) r2 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x141542, 0x0) ioctl$IOMMU_IOAS_COPY$syz(r2, 0x3b83, &(0x7f0000000140)={0x28, 0x10002, 0x0, 0x0, 0x200, 0x8, 0x0, 0x30182e}) close_range(r2, r0, 0x0) 4.420099404s ago: executing program 2 (id=331): r0 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r0, 0x0, 0xd1, &(0x7f0000000000)=0x3, 0x4) setsockopt$MRT_ADD_VIF(r0, 0x20, 0xca, &(0x7f0000000080)={0x1, 0x4, 0x3f, 0x3202, @vifc_lcl_addr=@private=0xa010101, @private=0xa010101}, 0x10) 4.419333289s ago: executing program 0 (id=332): socket$nl_netfilter(0x10, 0x3, 0xc) syz_emit_ethernet(0x72, &(0x7f0000000680)={@local, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "e400ff", 0x3c, 0x3a, 0x0, @private2, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x0, {0x0, 0x6, '\x00', 0x0, 0x11, 0x0, @empty, @ipv4={'\x00', '\xff\xff', @multicast1}, [], "17c17f070000000000880000"}}}}}}}, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r0 = openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x105042, 0x84) mmap$IORING_OFF_SQ_RING(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x2000005, 0x10010, r0, 0x0) r1 = userfaultfd(0x80001) socket$can_bcm(0x1d, 0x2, 0x2) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$netlink(r2, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f00000003c0)=ANY=[@ANYBLOB="1c0000002d000100000000070000000004000080050011802f"], 0x1c}], 0x1, 0x0, 0x0, 0x4000045}, 0x300) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x111}) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000140)={{&(0x7f000067f000/0x4000)=nil, 0x4000}, 0x1}) ioctl$UFFDIO_COPY(r1, 0xc028aa03, &(0x7f00000000c0)={&(0x7f0000ff9000/0x4000)=nil, &(0x7f0000ffc000/0x4000)=nil, 0x4000, 0xa9963175c511cd1}) socket$pppl2tp(0x18, 0x1, 0x1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, 0x0, 0x0) syz_io_uring_setup(0x74a8, &(0x7f00000009c0)={0x0, 0x2efc, 0x1, 0x3, 0x127}, 0x0, 0x0) syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') sendmmsg$unix(r4, &(0x7f0000004200)=[{{0x0, 0x0, &(0x7f0000000640)=[{&(0x7f0000000540)}, {&(0x7f0000000600)="5e7994ba0352a79eb511298bcec0167b89e29500c73bf0b9a5c66a23b279", 0x1e}], 0x2, 0x0, 0x0, 0x4008010}}], 0x1, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'lo\x00'}) sched_setattr(0x0, 0x0, 0x0) r6 = syz_io_uring_setup(0x82e, &(0x7f0000000300)={0x0, 0xcd1b, 0x1000, 0x1, 0xfffffffd, 0x0, r0}, &(0x7f0000000000)=0x0, 0x0) io_uring_register$IORING_REGISTER_PBUF_RING(r6, 0x16, &(0x7f0000000380)={&(0x7f0000001000)}, 0x1) syz_io_uring_submit(r7, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r8 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r8, 0x8933, &(0x7f0000000100)={'batadv_slave_1\x00'}) 4.300596433s ago: executing program 4 (id=333): r0 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) (async) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) r3 = socket$inet_sctp(0x2, 0x5, 0x84) r4 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000040)={0x0, 0x10, &(0x7f0000000000)=[@in={0x2, 0x0, @private=0xa010101}]}, &(0x7f0000000080)=0x10) (async) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r4, 0x84, 0x1d, &(0x7f0000000140)={0x1, [0x0]}, &(0x7f0000000240)=0x8) getsockopt$inet_sctp_SCTP_GET_LOCAL_ADDRS(r3, 0x84, 0x6d, &(0x7f0000000140)={r5}, &(0x7f0000000280)=0x8) (async) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, 0x0, 0x0) (async) socket$inet6_tcp(0xa, 0x1, 0x0) (async) socket$packet(0x11, 0x3, 0x300) (async) openat$cuse(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mmap$IORING_OFF_SQ_RING(&(0x7f0000ac1000/0x3000)=nil, 0x3000, 0x2000000, 0x5d031, 0xffffffffffffffff, 0x0) syz_open_dev$dri(0x0, 0x0, 0x0) (async) socket$vsock_stream(0x28, 0x1, 0x0) (async) recvfrom$inet(0xffffffffffffffff, &(0x7f0000000140)=""/98, 0x62, 0x2003, &(0x7f00000000c0)={0x2, 0x4e23, @initdev={0xac, 0x1e, 0x1, 0x0}}, 0x10) (async) r7 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r7, &(0x7f0000000640)={0x28, 0x0, 0x2710}, 0x10) (async) socket$nl_xfrm(0x10, 0x3, 0x6) (async) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000018c0)=@newlink={0x50, 0x10, 0x403, 0x40000, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88adf9a5}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @ip6gre={{0xb}, {0x18, 0x2, 0x0, 0x1, [@IFLA_GRE_REMOTE={0x14, 0x7, @private2={0xfc, 0x2, '\x00', 0x1}}]}}}, @IFLA_MTU={0x8, 0x4, 0xffe1}]}, 0x50}}, 0x0) 4.30046631s ago: executing program 2 (id=334): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000780)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a38000000160a01020000000000000000050000060900010073797a31000000000c00054000000000200000030900010073797a3100000000140000000e0a0104000000000000000001000000280000000e0a02010000000000000000020000090900020073797a310000000008000440000000015c000000000a010800000000000000000300000508000240000000030900010073797a3100000000080002400000000308000240000000000c00044000000000000000030900010073797a31000000000900010073797a31000000009c020000000a010106000000000000000a0000050900010073797a30000000000900010073797a3000000000da000600c07279be0e56ac616e7f286afd0ecce08ff7e82d37146c2ba784d89f9c632f94068fa710e11fffa1afe18542c89dfa9f7f4c70cb1271f3c87d55aba3077b477b92ecac4905592e8ac951502a434c38a7a15e1e189bdd4848918185a64c8049807a07b9ac6d77943dbaa332d88c3a1e377f62d28a6b04081da06772c0bbec20a0ab1d80bc3759599483f45c3db8461a0a6f0d6db87311ee7efa2f63860ff6cf6d0b014fdf034f2d1b7e6c01b2be46c402887af8bbe797f4f82171850e5a36953968003e876461a9b1065ff1a8eb230723a0013ce26dfa00000d000600d061e2b31f71393dc9000000740006004832c359576e5a1bc153bccd7c740aeb41b9b733fad32adb0f0833a76dc3acd09697800043cc1b9f6f57e90d9dd529e89941fc33b9a3ceac2e97052eb898f23865943f427c47684b093be81a9c415e8bcb8a22ca63dde00f59d52d3ea1cb10065a48893e440de7a61e88814ea7b6d0620c0004400000000000000003f00006008959ad765d050f550ea982a95a2d3aae97b7c9dd8f108da3668ddfb685daec226890d01432fcbb71d59f1a74b572d952b440cf31e2388a110f85db43c62b38b2cc9500281d078ae59efe40d4b981cf6b3d6d1afb968717dc731ee2a2d68cd2d23c9529172bb2532d816a68ab2eeff90d6183f54bc3cfd76c51a4d8a1e9d09f58674d0260e7b5a369bc7216c3c6e752b3c5e514624f3e2a2177ab1d04821838c5d4588e949e3de7869e86fa0bebbfe4e52d7895db966e7b626f0cfb0d2313e0876140dd89b2554925fa7d359924499b65cfd6939c7f5131ca8d5207ee2954470d147f725d0829226e8c3cd51a08000240000000020900010073797a300000000008010000020a0108000000000000000000000005f2000600bafb0882dc4f83d80af91131e732cc567f0e14dad66d608685c225ca5ec0ed1a7bb1d3586b0e2a811b93942b27c30fabb2b965426d9fb1444488d0d7cc0fd7b94ece0ff885ff9ea5b844e6de9d8ff72c7df0bc5160708546d721dda820f249f9681bcf3c685cb14dd29cb52ae898b83eaa59b62d06af15d122d5bd25d4098beadb2ebea1fbfa43364b92fdb9783a1852a0c513dff3f648eeede58f2fe62ff3e385e6695b03d63cf60be6bd28c6de84f693a6d2791b5369ba29d9b3f65be1570cf4bc3e31af5dd30dff47025df230e20c7a07e8a94d6c105dcadb4fe8a6b029976e4cc8d3a28b953c8e94d6a0fa4d000028000000080a01080000000000000000070000010900020073797a310000000008000b400000000420000000030a01030000000000200000030000070900010073797a31"], 0x4e4}, 0x1, 0x0, 0x0, 0x4040}, 0x0) 4.15538148s ago: executing program 2 (id=335): r0 = socket$netlink(0x10, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) r3 = openat$nci(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) read$nci(r3, &(0x7f0000000240)=""/225, 0xe1) ioctl$F2FS_IOC_MOVE_RANGE(r2, 0xc020f509, &(0x7f0000000080)={r1, 0x0, 0x5, 0x2}) writev(r2, &(0x7f0000000200)=[{&(0x7f0000000080), 0xfffffebe}, {&(0x7f0000000380)="34a5ea7277562a408996a04fa58670841e84dc09fb763c54bb7986d9b1862391b2f6a00a17de056628a1be8df7af10226be8e8f6b183345a38b3266ddfaa503aef6b2e3ff2660201d5f5701991b9c60330cb5fedf537a39d403b2b510b1d994ee90f052d562ae81febef6aedea9398188c532c16de4d"}, {&(0x7f0000000540)="1909a122fdd4e2623dbe4e3327ed827a3224eebbb4a1506e10016b333ce1333b9ef241d73d44f315686b2ce40ae4cff403a060a30cd2fd77b59b8680cffd04d8f7213befc458e4112121377d3d3aefd8fa5a484e14f9558e205bb9e1a4823e59b5b61b1cf889cef4a2fc56e09ac9802116a9aae1136a88aa6acd3c68ce615fd842995e24d5403af1199bdf99c02a3c3c68c198edfa26d4c5cb94b108531cb55d0000ac04c9ae7c711e6194ed41a684d3727a621cf8088aca"}, {&(0x7f0000000600)="da58f1c703f3518227c313039a340258eb65389cb36386e9955169481251067f1df14489a00801cf4c8754498568f355eee92407b5e560c11d688071233dcbca8c48fb29009ef503bf5779e259a73a32657b2b822031d276dabc0dac646df78cf75086b30d5e81f7c5166019dca8466389de8037fd1be9988030194b831df5802e60a020647d"}], 0x100000000000000d) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000200)=ANY=[@ANYBLOB="1b0000001d0001000000000004086aa42d"], 0x30}}, 0x0) 3.952755465s ago: executing program 1 (id=336): sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000001c0)=@gettclass={0x24, 0x2a, 0x129, 0x70bd2d, 0x4, {0x0, 0x0, 0x0, 0x0, {0xe, 0x3}, {0x6, 0xd}, {0x4, 0xb}}}, 0x24}, 0x1, 0x0, 0x0, 0x4080}, 0x40004) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000900000000000008000003000000040004001c000180180010"], 0x34}, 0x1, 0x2000}, 0x84) 3.776547934s ago: executing program 0 (id=337): r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x1, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r1) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r1, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x1}, 0x1c) listen(r2, 0x0) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @empty}, 0x10) r4 = accept(r1, 0x0, 0x0) sendmsg$TEAM_CMD_OPTIONS_SET(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000100)=ANY=[], 0xfffffdef}}, 0x1) syz_genetlink_get_family_id$ethtool(&(0x7f0000000140), r4) unshare(0x62040200) r5 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r5, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r5, @ANYBLOB="140001"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x5, 0x0, 0x0, {0x1}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWCHAIN={0x2c, 0x3, 0xa, 0x201, 0x0, 0x0, {0x1}, [@NFTA_CHAIN_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_CHAIN_NAME={0x9, 0x3, 'syz1\x00'}]}, @NFT_MSG_NEWRULE={0x4c, 0x6, 0xa, 0x401, 0x0, 0x0, {0x1}, [@NFTA_RULE_CHAIN_ID={0x8}, @NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @osf={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_OSF_DREG={0x8, 0x1, 0x1, 0x0, 0x13}, @NFTA_OSF_TTL={0x5, 0x2, 0xe}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0xc0}}, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r0, 0xc4c85512, &(0x7f00000000c0)={{0x7, 0x0, 0x0, 0x200000, 'syz0\x00'}, 0x0, [0x0, 0x0, 0x3, 0xfffffffffffffffe, 0xfffffffff7fffffe, 0x0, 0x5, 0x0, 0x10000, 0x4, 0x4, 0x0, 0x0, 0x2, 0x7, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x4, 0x0, 0x6, 0x0, 0x0, 0x6, 0xae4f, 0x0, 0x0, 0x1, 0x0, 0x8, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x7fffffffffffffff, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x2, 0x0, 0xfff, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfa0, 0x0, 0xfffffffffffffffb, 0xea4d, 0x377, 0xffffffffffffffff, 0xffffffff, 0x0, 0x0, 0x0, 0x4000, 0x1, 0x3, 0xfffffffffffffffd, 0x0, 0x0, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xc, 0x0, 0x0, 0x9, 0x4000000000000, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x3, 0x0, 0x4, 0xd30, 0x0, 0x4, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x31, 0x0, 0x0, 0x0, 0x0, 0x0, 0x71]}) 3.693901014s ago: executing program 2 (id=338): bpf$TOKEN_CREATE(0x24, 0x0, 0x0) socket$packet(0x11, 0x3, 0x300) accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800) r0 = socket$kcm(0xa, 0x3, 0x3a) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) sendmsg$kcm(r0, &(0x7f0000000080)={&(0x7f0000000000)=@l2tp6={0xa, 0x0, 0x0, @loopback={0xff00000000000000, 0xac14140c}, 0xff000000}, 0x80, &(0x7f00000000c0)=[{&(0x7f0000000140)="8bcd", 0xffe3}], 0x1, 0x0, 0x0, 0x900}, 0x60) 2.263561683s ago: executing program 1 (id=339): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x0, &(0x7f00000000c0)={{0x0, 0x3938700}, {0x0, 0x989680}}, 0x0) r2 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000e40), 0x2, 0x0) ioctl$VIDIOC_S_FMT(r2, 0xc0d05605, &(0x7f0000000080)={0xa, @pix_mp={0x0, 0x0, 0x33565348, 0x7, 0x2, [{0x0, 0x1ff}, {0x9}, {}, {0x10000000, 0x894a}, {0x0, 0xffffff82}, {0x400000}, {0xffffffff}], 0x6, 0x0, 0x0, 0x2, 0x7}}) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000240), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_REGISTER_FRAME(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="1c000000", @ANYRES16=r4, @ANYBLOB="010000000000000000013affff0008000300", @ANYRES32=r5, @ANYBLOB], 0x1c}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r7 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/pids.max\x00', 0x101002, 0x142) write$cgroup_pid(r7, &(0x7f0000000000), 0x12) r8 = syz_io_uring_setup(0x44f, &(0x7f0000000280)={0x0, 0x0, 0x8, 0x0, 0x0, 0x0, r7}, &(0x7f0000000000)=0x0, &(0x7f0000000140)=0x0) keyctl$clear(0x3, 0xfffffffffffffffc) keyctl$session_to_parent(0x12) syz_io_uring_submit(r9, r10, &(0x7f0000000100)=@IORING_OP_RENAMEAT={0x23, 0x4, 0x0, 0xffffffffffffffff, &(0x7f0000000080)='./cgroup/pids.max\x00', &(0x7f0000000240)='./cgroup/pids.max/../file0\x00', r7}) clock_gettime(0x0, &(0x7f0000000180)={0x0, 0x0}) clock_gettime(0x6, &(0x7f00000001c0)={0x0, 0x0}) timerfd_settime(r7, 0x2, &(0x7f0000000200)={{r11, r12+60000000}, {r13, r14+60000000}}, &(0x7f0000000300)) io_uring_enter(r8, 0x2dbe, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 2 (id=340): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt(r0, 0xff, 0x5, 0x0, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000000)={'wlan1\x00'}) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000280)=ANY=[], 0x34}}, 0x40040) r2 = socket$pptp(0x18, 0x1, 0x2) bind$pptp(r2, &(0x7f00000000c0)={0x18, 0x2, {0x3, @local}}, 0x1e) r3 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r1, 0x8933, &(0x7f0000000040)={'vcan0\x00'}) kernel console output (not intermixed with test programs): g 1 has an invalid descriptor of length 0, skipping remainder of the config [ 86.522251][ T975] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 86.532442][ T5890] usb 5-1: config 220 interface 0 has no altsetting 0 [ 86.533456][ T975] usb 4-1: New USB device found, idVendor=08b7, idProduct=ed00, bcdDevice= 0.00 [ 86.554659][ T975] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 86.566801][ T975] usb 4-1: SerialNumber: syz [ 86.583639][ T5890] usb 5-1: config 220 interface 76 has no altsetting 0 [ 86.644768][ T5890] usb 5-1: config 220 interface 1 has no altsetting 0 [ 86.686109][ T5890] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 86.704775][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 86.763510][ T5890] usb 5-1: Product: syz [ 86.775178][ T5890] usb 5-1: Manufacturer: syz [ 86.796423][ T975] usb 4-1: 0:2 : does not exist [ 86.814479][ T5890] usb 5-1: SerialNumber: syz [ 86.874091][ T10] cfg80211: failed to load regulatory.db [ 86.898058][ T975] usb 4-1: USB disconnect, device number 3 [ 87.020764][ T3544] usb 2-1: USB disconnect, device number 3 [ 87.108325][ T10] IPVS: starting estimator thread 0... [ 87.123349][ T5836] udevd[5836]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 87.128626][ T6005] IPVS: fo: SCTP 172.20.20.187:0 - no destination available [ 87.234949][ T6006] IPVS: using max 30 ests per chain, 72000 per kthread [ 87.522920][ T6015] netlink: 'syz.2.23': attribute type 4 has an invalid length. [ 87.836686][ T6019] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 88.438810][ T5890] usb 5-1: selecting invalid altsetting 0 [ 88.484392][ T5890] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 88.504384][ T5890] usb 5-1: No valid video chain found. [ 88.543456][ T5890] usb 5-1: selecting invalid altsetting 0 [ 88.564809][ T975] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 88.572593][ C0] raw-gadget.1 gadget.0: ignoring, device is not running [ 88.579013][ T5890] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 88.611769][ T5890] usb 5-1: USB disconnect, device number 2 [ 88.704688][ T975] usb 1-1: device descriptor read/64, error -32 [ 88.944724][ T975] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 89.162594][ T975] usb 1-1: config 0 has no interfaces? [ 89.182513][ T975] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 89.309836][ T975] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 89.490821][ T975] usb 1-1: Product: syz [ 89.501422][ T975] usb 1-1: Manufacturer: syz [ 89.509229][ T975] usb 1-1: SerialNumber: syz [ 89.537376][ T975] usb 1-1: config 0 descriptor?? [ 89.567744][ T6036] netlink: 32 bytes leftover after parsing attributes in process `syz.1.29'. [ 89.775352][ T30] audit: type=1326 audit(1744330791.918:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6031 comm="syz.4.28" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f4f1b58d169 code=0x0 [ 90.134748][ T975] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 90.304778][ T975] usb 5-1: Using ep0 maxpacket: 16 [ 90.333293][ T975] usb 5-1: config 4 has an invalid interface number: 9 but max is 0 [ 90.344652][ T5883] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 90.411877][ T975] usb 5-1: config 4 has no interface number 0 [ 90.419741][ T975] usb 5-1: config 4 interface 9 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 90.433578][ T975] usb 5-1: config 4 interface 9 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 90.454907][ T975] usb 5-1: config 4 interface 9 has no altsetting 0 [ 90.486314][ T975] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=76.fe [ 90.496358][ T975] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 90.514750][ T975] usb 5-1: Product: syz [ 90.519034][ T975] usb 5-1: Manufacturer: syz [ 90.523746][ T975] usb 5-1: SerialNumber: syz [ 90.538539][ T6043] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 90.564742][ T5883] usb 2-1: Using ep0 maxpacket: 8 [ 90.576952][ T5883] usb 2-1: too many configurations: 249, using maximum allowed: 8 [ 90.596517][ T975] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 90.672748][ T5883] usb 2-1: New USB device found, idVendor=055f, idProduct=a800, bcdDevice=b3.ff [ 90.721323][ T6052] macvlan0: entered promiscuous mode [ 90.724890][ T5883] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=2 [ 90.732119][ T6052] netlink: 'syz.3.31': attribute type 1 has an invalid length. [ 90.742684][ T6052] netlink: 'syz.3.31': attribute type 2 has an invalid length. [ 90.810913][ T6052] input: syz0 as /devices/virtual/input/input6 [ 90.821424][ T5883] usb 2-1: Product: syz [ 90.835454][ T5883] usb 2-1: Manufacturer: syz [ 90.847507][ T5883] usb 2-1: SerialNumber: syz [ 90.886275][ T5883] usb 2-1: config 0 descriptor?? [ 90.939142][ T6043] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 90.964458][ T6043] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 91.215400][ T6058] netlink: 52 bytes leftover after parsing attributes in process `syz.3.32'. [ 91.453399][ T5888] usb 1-1: USB disconnect, device number 4 [ 91.462204][ T5883] mdc800 2-1:0.0: probe fails -> wrong Number of Configuration [ 91.520697][ T5883] usb 2-1: USB disconnect, device number 4 [ 91.629281][ T6063] usb usb8: usbfs: process 6063 (syz.0.34) did not claim interface 0 before use [ 91.639694][ T6061] mmap: syz.2.35 (6061) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 91.653988][ T2912] usb 5-1: Failed to submit usb control message: -110 [ 91.683660][ T2912] usb 5-1: unable to send the bmi data to the device: -110 [ 91.695736][ T2912] usb 5-1: unable to get target info from device [ 91.702112][ T2912] usb 5-1: could not get target info (-110) [ 91.721134][ T2912] usb 5-1: could not probe fw (-110) [ 91.734073][ T6065] FAULT_INJECTION: forcing a failure. [ 91.734073][ T6065] name failslab, interval 1, probability 0, space 0, times 1 [ 91.774737][ T6065] CPU: 0 UID: 0 PID: 6065 Comm: syz.3.36 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) [ 91.774763][ T6065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 91.774776][ T6065] Call Trace: [ 91.774783][ T6065] [ 91.774790][ T6065] dump_stack_lvl+0x241/0x360 [ 91.774823][ T6065] ? __pfx_dump_stack_lvl+0x10/0x10 [ 91.774847][ T6065] ? __pfx__printk+0x10/0x10 [ 91.774872][ T6065] ? __pfx___might_resched+0x10/0x10 [ 91.774897][ T6065] should_fail_ex+0x424/0x570 [ 91.774918][ T6065] should_failslab+0xac/0x100 [ 91.774944][ T6065] kmem_cache_alloc_noprof+0x78/0x390 [ 91.774966][ T6065] ? __kernfs_new_node+0xdf/0x890 [ 91.774986][ T6065] __kernfs_new_node+0xdf/0x890 [ 91.775003][ T6065] ? __lock_acquire+0xad5/0xd80 [ 91.775027][ T6065] ? __pfx___kernfs_new_node+0x10/0x10 [ 91.775055][ T6065] ? kernfs_root+0x1c/0x230 [ 91.775073][ T6065] ? kernfs_root+0x1c/0x230 [ 91.775093][ T6065] kernfs_new_node+0x114/0x220 [ 91.775115][ T6065] __kernfs_create_file+0x49/0x2e0 [ 91.775144][ T6065] sysfs_add_file_mode_ns+0x24a/0x310 [ 91.775176][ T6065] internal_create_group+0x7ea/0x1320 [ 91.775205][ T6065] ? up_write+0x1ab/0x590 [ 91.775229][ T6065] ? __pfx_internal_create_group+0x10/0x10 [ 91.775259][ T6065] sysfs_create_groups+0x56/0x120 [ 91.775279][ T6065] device_add_attrs+0x14c/0x670 [ 91.775308][ T6065] ? kernfs_put+0x3fe/0x460 [ 91.775326][ T6065] ? __pfx_device_add_attrs+0x10/0x10 [ 91.775356][ T6065] device_add+0x576/0xbf0 [ 91.775383][ T6065] input_register_device+0x9ed/0x10c0 [ 91.775417][ T6065] uinput_create_device+0x40e/0x630 [ 91.775447][ T6065] uinput_ioctl_handler+0x496/0x17f0 [ 91.775471][ T6065] ? __pfx_uinput_ioctl_handler+0x10/0x10 [ 91.775513][ T6065] ? __pfx_uinput_ioctl+0x10/0x10 [ 91.775534][ T6065] __se_sys_ioctl+0xf1/0x160 [ 91.775557][ T6065] do_syscall_64+0xf3/0x230 [ 91.775577][ T6065] ? clear_bhb_loop+0x45/0xa0 [ 91.775598][ T6065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 91.775617][ T6065] RIP: 0033:0x7f2a92d8d169 [ 91.775636][ T6065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 91.775648][ T6065] RSP: 002b:00007f2a90bf6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 91.775667][ T6065] RAX: ffffffffffffffda RBX: 00007f2a92fa5fa0 RCX: 00007f2a92d8d169 [ 91.775679][ T6065] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004 [ 91.775689][ T6065] RBP: 00007f2a90bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 91.775698][ T6065] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 91.775708][ T6065] R13: 0000000000000000 R14: 00007f2a92fa5fa0 R15: 00007f2a930cfa28 [ 91.775736][ T6065] [ 92.052545][ T5890] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 92.204717][ T5890] usb 1-1: Using ep0 maxpacket: 16 [ 92.239562][ T5890] usb 1-1: New USB device found, idVendor=0483, idProduct=1234, bcdDevice=ff.76 [ 92.279817][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 92.340803][ T5890] usb 1-1: Product: syz [ 92.378794][ T5890] usb 1-1: Manufacturer: syz [ 92.401045][ T5890] usb 1-1: SerialNumber: syz [ 92.429033][ T6077] geneve1: entered promiscuous mode [ 92.430016][ T5890] usb 1-1: config 0 descriptor?? [ 92.474766][ T6077] geneve1: entered allmulticast mode [ 92.691780][ T6062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.705144][ T5883] usb 5-1: USB disconnect, device number 3 [ 92.715013][ T6062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.723549][ T6062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.773230][ T6062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.827942][ T6062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.888346][ T6062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.889244][ T6062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.889577][ T6062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.901568][ T6062] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 92.901908][ T6062] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 92.908457][ T6085] netlink: 452 bytes leftover after parsing attributes in process `syz.1.43'. [ 92.943842][ T10] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 92.957212][ T5890] usb_8dev 1-1:0.0 can0: sending command message failed [ 92.957363][ T5890] usb_8dev 1-1:0.0 can0: can't get firmware version [ 93.041766][ T5890] usb_8dev 1-1:0.0: probe with driver usb_8dev failed with error -22 [ 93.047768][ T5890] usb 1-1: USB disconnect, device number 5 [ 93.114831][ T10] usb 4-1: Using ep0 maxpacket: 16 [ 93.176565][ T10] usb 4-1: config 0 has an invalid interface number: 8 but max is 0 [ 93.225973][ T10] usb 4-1: config 0 has no interface number 0 [ 93.232125][ T10] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 93.263270][ T10] usb 4-1: config 0 interface 8 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 93.289082][ T10] usb 4-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 93.328355][ T10] usb 4-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 93.343910][ T6092] netlink: 8 bytes leftover after parsing attributes in process `syz.1.48'. [ 93.356071][ T6090] netlink: 'syz.2.47': attribute type 10 has an invalid length. [ 93.365445][ T10] usb 4-1: Product: syz [ 93.369632][ T10] usb 4-1: SerialNumber: syz [ 93.381664][ T10] usb 4-1: config 0 descriptor?? [ 93.386685][ T6092] netlink: 20 bytes leftover after parsing attributes in process `syz.1.48'. [ 93.403690][ T10] cm109 4-1:0.8: invalid payload size 0, expected 4 [ 93.406136][ T6090] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 93.413815][ T10] input: CM109 USB driver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.8/input/input8 [ 93.635972][ T6097] netlink: 20 bytes leftover after parsing attributes in process `syz.0.50'. [ 93.645897][ C0] cm109 4-1:0.8: cm109_urb_ctl_callback: usb_submit_urb (urb_irq) failed -90 [ 93.864856][ T5890] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 93.898931][ C1] cm109 4-1:0.8: cm109_urb_ctl_callback: urb status -71 [ 93.899931][ T5883] usb 4-1: USB disconnect, device number 4 [ 93.905940][ C1] cm109 4-1:0.8: cm109_submit_buzz_toggle: usb_submit_urb (urb_ctl) failed -19 [ 93.928262][ T6102] input: syz1 as /devices/virtual/input/input9 [ 93.936367][ T6105] batadv0: entered promiscuous mode [ 93.940725][ T5883] cm109 4-1:0.8: cm109_toggle_buzzer_sync: usb_control_msg() failed -19 [ 93.952172][ T6105] batadv_slave_0: entered promiscuous mode [ 93.963040][ T6105] batadv_slave_0: left promiscuous mode [ 93.981259][ T6105] batadv0: left promiscuous mode [ 94.055638][ T5890] usb 3-1: Using ep0 maxpacket: 8 [ 94.066566][ T5890] usb 3-1: config 0 has an invalid interface number: 186 but max is 0 [ 94.089139][ T5890] usb 3-1: config 0 has no interface number 0 [ 94.111649][ T5890] usb 3-1: config 0 interface 186 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 94.129704][ T5890] usb 3-1: config 0 interface 186 altsetting 0 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 94.148726][ T5890] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 94.164207][ T5890] usb 3-1: config 0 interface 186 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 94.184684][ T47] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 94.215147][ T5890] usb 3-1: config 0 interface 186 altsetting 0 has 4 endpoint descriptors, different from the interface descriptor's value: 3 [ 94.231895][ T5890] usb 3-1: New USB device found, idVendor=07c0, idProduct=1505, bcdDevice=b8.c5 [ 94.241414][ T5890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.249650][ T5890] usb 3-1: Product: syz [ 94.254073][ T5890] usb 3-1: Manufacturer: syz [ 94.260360][ T5890] usb 3-1: SerialNumber: syz [ 94.280357][ T5890] usb 3-1: config 0 descriptor?? [ 94.382425][ T47] usb 2-1: New USB device found, idVendor=13d8, idProduct=0011, bcdDevice=d0.62 [ 94.417599][ T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 94.437614][ T47] usb 2-1: Product: syz [ 94.442428][ T47] usb 2-1: Manufacturer: syz [ 94.476556][ T47] usb 2-1: SerialNumber: syz [ 94.546872][ T47] usb 2-1: config 0 descriptor?? [ 94.632826][ T47] comedi comedi0: This driver needs USB 2.0 to operate. Aborting... [ 94.666993][ T47] usbduxfast 2-1:0.0: driver 'usbduxfast' failed to auto-configure device. [ 94.829097][ T6123] netlink: 16 bytes leftover after parsing attributes in process `syz.3.59'. [ 94.964202][ T6095] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 94.968708][ T6123] erspan0: entered promiscuous mode [ 95.002977][ T6123] erspan0: left promiscuous mode [ 95.013787][ T6095] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 95.172586][ T6095] bond_slave_0: entered promiscuous mode [ 95.178485][ T6095] bond_slave_1: entered promiscuous mode [ 95.190039][ T6095] bond_slave_0: left promiscuous mode [ 95.195661][ T6095] bond_slave_1: left promiscuous mode [ 95.385000][ T30] audit: type=1800 audit(1744330797.528:3): pid=6136 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.62" name="file1" dev="tmpfs" ino=83 res=0 errno=0 [ 95.506192][ T5883] usb 2-1: USB disconnect, device number 5 [ 95.629391][ T6136] debugfs: Directory '!' with parent 'ieee80211' already present! [ 95.774477][ T6145] xt_nfacct: accounting object `syz1' does not exists [ 95.908185][ T6149] Zero length message leads to an empty skb [ 96.098687][ T6151] xt_socket: unknown flags 0xd0 [ 96.292516][ T6158] FAULT_INJECTION: forcing a failure. [ 96.292516][ T6158] name failslab, interval 1, probability 0, space 0, times 0 [ 96.334789][ T6158] CPU: 0 UID: 0 PID: 6158 Comm: syz.3.71 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) [ 96.334815][ T6158] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 96.334824][ T6158] Call Trace: [ 96.334831][ T6158] [ 96.334838][ T6158] dump_stack_lvl+0x241/0x360 [ 96.334879][ T6158] ? __pfx_dump_stack_lvl+0x10/0x10 [ 96.334903][ T6158] ? __pfx__printk+0x10/0x10 [ 96.334930][ T6158] ? __pfx___might_resched+0x10/0x10 [ 96.334956][ T6158] should_fail_ex+0x424/0x570 [ 96.334980][ T6158] should_failslab+0xac/0x100 [ 96.335003][ T6158] kmem_cache_alloc_noprof+0x78/0x390 [ 96.335024][ T6158] ? __kernfs_new_node+0xdf/0x890 [ 96.335046][ T6158] __kernfs_new_node+0xdf/0x890 [ 96.335063][ T6158] ? __lock_acquire+0xad5/0xd80 [ 96.335084][ T6158] ? __pfx___kernfs_new_node+0x10/0x10 [ 96.335110][ T6158] ? kernfs_root+0x1c/0x230 [ 96.335128][ T6158] ? kernfs_root+0x1c/0x230 [ 96.335146][ T6158] kernfs_new_node+0x114/0x220 [ 96.335169][ T6158] __kernfs_create_file+0x49/0x2e0 [ 96.335193][ T6158] sysfs_add_file_mode_ns+0x24a/0x310 [ 96.335223][ T6158] internal_create_group+0x7ea/0x1320 [ 96.335240][ T6158] ? kernfs_add_one+0xf8/0x530 [ 96.335270][ T6158] ? __pfx_internal_create_group+0x10/0x10 [ 96.335299][ T6158] sysfs_create_groups+0x56/0x120 [ 96.335319][ T6158] device_add_attrs+0xef/0x670 [ 96.335342][ T6158] ? __pfx_device_add_attrs+0x10/0x10 [ 96.335371][ T6158] device_add+0x576/0xbf0 [ 96.335392][ T6158] ? device_initialize+0x266/0x460 [ 96.335414][ T6158] netdev_register_kobject+0x157/0x2f0 [ 96.335437][ T6158] register_netdevice+0x12b0/0x1b80 [ 96.335457][ T6158] ? rcu_is_watching+0x15/0xb0 [ 96.335493][ T6158] ? __pfx_register_netdevice+0x10/0x10 [ 96.335511][ T6158] ? dev_addr_mod+0xf4/0x430 [ 96.335529][ T6158] ? __asan_memset+0x23/0x50 [ 96.335550][ T6158] ? netif_inherit_tso_max+0x1f3/0x340 [ 96.335568][ T6158] veth_newlink+0x4c3/0xb80 [ 96.335596][ T6158] ? __pfx_veth_newlink+0x10/0x10 [ 96.335685][ T6158] ? rtnl_create_link+0xb36/0xea0 [ 96.335708][ T6158] ? __pfx_veth_newlink+0x10/0x10 [ 96.335730][ T6158] rtnl_newlink_create+0x39b/0xcb0 [ 96.335756][ T6158] ? __mutex_lock+0x380/0x10c0 [ 96.335780][ T6158] ? __pfx_aa_get_newest_label+0x10/0x10 [ 96.335804][ T6158] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 96.335831][ T6158] ? __pfx___mutex_lock+0x10/0x10 [ 96.335866][ T6158] ? ns_capable+0x8a/0xf0 [ 96.335887][ T6158] rtnl_newlink+0x18b0/0x1fe0 [ 96.335910][ T6158] ? stack_depot_save_flags+0x44/0x940 [ 96.335942][ T6158] ? __pfx_rtnl_newlink+0x10/0x10 [ 96.335959][ T6158] ? __netlink_deliver_tap+0x561/0x7f0 [ 96.335979][ T6158] ? netlink_deliver_tap+0x19d/0x1b0 [ 96.335997][ T6158] ? netlink_unicast+0x7c6/0x9a0 [ 96.336014][ T6158] ? netlink_sendmsg+0x8c3/0xcd0 [ 96.336035][ T6158] ? __sock_sendmsg+0x221/0x270 [ 96.336053][ T6158] ? ____sys_sendmsg+0x523/0x860 [ 96.336068][ T6158] ? __sys_sendmsg+0x271/0x360 [ 96.336081][ T6158] ? do_syscall_64+0xf3/0x230 [ 96.336095][ T6158] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.336145][ T6158] ? aa_get_newest_label+0x101/0x6f0 [ 96.336170][ T6158] ? __lock_acquire+0xad5/0xd80 [ 96.336209][ T6158] ? __pfx_rtnl_newlink+0x10/0x10 [ 96.336233][ T6158] rtnetlink_rcv_msg+0x80f/0xd70 [ 96.336250][ T6158] ? rtnetlink_rcv_msg+0x1ba/0xd70 [ 96.336265][ T6158] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 96.336282][ T6158] ? ref_tracker_free+0x63e/0x7e0 [ 96.336296][ T6158] netlink_rcv_skb+0x208/0x480 [ 96.336315][ T6158] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 96.336339][ T6158] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 96.336380][ T6158] ? netlink_deliver_tap+0x2e/0x1b0 [ 96.336400][ T6158] ? netlink_deliver_tap+0x2e/0x1b0 [ 96.336414][ T6158] netlink_unicast+0x7f8/0x9a0 [ 96.336431][ T6158] ? __pfx_netlink_unicast+0x10/0x10 [ 96.336443][ T6158] ? skb_put+0x114/0x1f0 [ 96.336457][ T6158] netlink_sendmsg+0x8c3/0xcd0 [ 96.336493][ T6158] ? __pfx_netlink_sendmsg+0x10/0x10 [ 96.336520][ T6158] ? aa_sock_msg_perm+0x91/0x160 [ 96.336545][ T6158] ? __pfx_netlink_sendmsg+0x10/0x10 [ 96.336557][ T6158] __sock_sendmsg+0x221/0x270 [ 96.336571][ T6158] ____sys_sendmsg+0x523/0x860 [ 96.336585][ T6158] ? __pfx_____sys_sendmsg+0x10/0x10 [ 96.336594][ T6158] ? __fget_files+0x2a/0x420 [ 96.336607][ T6158] ? __fget_files+0x2a/0x420 [ 96.336631][ T6158] __sys_sendmsg+0x271/0x360 [ 96.336655][ T6158] ? __pfx___sys_sendmsg+0x10/0x10 [ 96.336709][ T6158] ? do_syscall_64+0xb6/0x230 [ 96.336722][ T6158] do_syscall_64+0xf3/0x230 [ 96.336734][ T6158] ? clear_bhb_loop+0x45/0xa0 [ 96.336745][ T6158] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 96.336757][ T6158] RIP: 0033:0x7f2a92d8d169 [ 96.336772][ T6158] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 96.336784][ T6158] RSP: 002b:00007f2a90bf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 96.336803][ T6158] RAX: ffffffffffffffda RBX: 00007f2a92fa5fa0 RCX: 00007f2a92d8d169 [ 96.336814][ T6158] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 96.336824][ T6158] RBP: 00007f2a90bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 96.336834][ T6158] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 96.336841][ T6158] R13: 0000000000000000 R14: 00007f2a92fa5fa0 R15: 00007f2a930cfa28 [ 96.336861][ T6158] [ 96.970375][ T5890] iowarrior 3-1:0.186: IOWarrior product=0x1505, serial= interface=186 now attached to iowarrior0 [ 97.064677][ T5890] usb 3-1: USB disconnect, device number 2 [ 97.440599][ T6169] netlink: 56 bytes leftover after parsing attributes in process `syz.0.76'. [ 97.476646][ T5883] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 97.498504][ T6169] netlink: 8 bytes leftover after parsing attributes in process `syz.0.76'. [ 97.702964][ T5883] usb 5-1: unable to get BOS descriptor or descriptor too short [ 97.726028][ T5883] usb 5-1: config 3 has an invalid interface number: 19 but max is 0 [ 97.813592][ T5883] usb 5-1: config 3 has an invalid interface number: 4 but max is 0 [ 97.932282][ T5883] usb 5-1: config 3 has 2 interfaces, different from the descriptor's value: 1 [ 98.086659][ T5883] usb 5-1: config 3 has no interface number 0 [ 98.098371][ T5883] usb 5-1: config 3 has no interface number 1 [ 98.104975][ T5883] usb 5-1: config 3 interface 19 altsetting 9 has 4 endpoint descriptors, different from the interface descriptor's value: 6 [ 98.130851][ T5883] usb 5-1: too many endpoints for config 3 interface 4 altsetting 131: 175, using maximum allowed: 30 [ 98.244666][ T5888] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 98.495709][ T5883] usb 5-1: config 3 interface 4 altsetting 131 bulk endpoint 0x8E has invalid maxpacket 32 [ 98.516415][ T5883] usb 5-1: config 3 interface 4 altsetting 131 endpoint 0xC has invalid wMaxPacketSize 0 [ 98.527740][ T5883] usb 5-1: config 3 interface 4 altsetting 131 bulk endpoint 0xC has invalid maxpacket 0 [ 98.540744][ T5883] usb 5-1: config 3 interface 4 altsetting 131 has 2 endpoint descriptors, different from the interface descriptor's value: 175 [ 98.593722][ T5883] usb 5-1: config 3 interface 19 has no altsetting 0 [ 98.605233][ T5883] usb 5-1: config 3 interface 4 has no altsetting 0 [ 98.613448][ T6187] FAULT_INJECTION: forcing a failure. [ 98.613448][ T6187] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 98.630472][ T6187] CPU: 0 UID: 0 PID: 6187 Comm: syz.0.81 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) [ 98.630492][ T6187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 98.630498][ T6187] Call Trace: [ 98.630504][ T6187] [ 98.630509][ T6187] dump_stack_lvl+0x241/0x360 [ 98.630529][ T6187] ? __pfx_dump_stack_lvl+0x10/0x10 [ 98.630542][ T6187] ? __pfx__printk+0x10/0x10 [ 98.630562][ T6187] should_fail_ex+0x424/0x570 [ 98.630575][ T6187] _copy_from_user+0x2d/0xb0 [ 98.630589][ T6187] copy_from_sockptr+0x57/0xb0 [ 98.630604][ T6187] ip_mroute_setsockopt+0x6cb/0x11f0 [ 98.630624][ T6187] ? __pfx_ip_mroute_setsockopt+0x10/0x10 [ 98.630654][ T6187] do_ip_setsockopt+0x1114/0x39c0 [ 98.630671][ T6187] ? __pfx_do_ip_setsockopt+0x10/0x10 [ 98.630684][ T6187] ? aa_sk_perm+0x96f/0xac0 [ 98.630699][ T6187] ? ksys_write+0x24e/0x2d0 [ 98.630710][ T6187] ? __pfx_aa_sk_perm+0x10/0x10 [ 98.630725][ T6187] ip_setsockopt+0x63/0x100 [ 98.630737][ T6187] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 98.630751][ T6187] do_sock_setsockopt+0x3b1/0x710 [ 98.630764][ T6187] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 98.630772][ T6187] ? __fget_files+0x2a/0x420 [ 98.630783][ T6187] ? __fget_files+0x39d/0x420 [ 98.630790][ T6187] ? __fget_files+0x2a/0x420 [ 98.630803][ T6187] __x64_sys_setsockopt+0x1ee/0x280 [ 98.630818][ T6187] do_syscall_64+0xf3/0x230 [ 98.630830][ T6187] ? clear_bhb_loop+0x45/0xa0 [ 98.630842][ T6187] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 98.630851][ T6187] RIP: 0033:0x7fcd0dd8d169 [ 98.630860][ T6187] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 98.630868][ T6187] RSP: 002b:00007fcd0eb5c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 98.630879][ T6187] RAX: ffffffffffffffda RBX: 00007fcd0dfa6080 RCX: 00007fcd0dd8d169 [ 98.630885][ T6187] RDX: 00000000000000ca RSI: 0000000000000000 RDI: 0000000000000003 [ 98.630891][ T6187] RBP: 00007fcd0eb5c090 R08: 0000000000000010 R09: 0000000000000000 [ 98.630902][ T6187] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 98.630908][ T6187] R13: 0000000000000001 R14: 00007fcd0dfa6080 R15: 00007fcd0e0cfa28 [ 98.630923][ T6187] [ 98.864916][ T5883] usb 5-1: New USB device found, idVendor=067b, idProduct=2303, bcdDevice=53.f5 [ 98.874741][ T5883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 98.882741][ T5883] usb 5-1: Product: syz [ 98.888389][ T5883] usb 5-1: Manufacturer: syz [ 98.893014][ T5883] usb 5-1: SerialNumber: syz [ 98.924739][ T5888] usb 4-1: Using ep0 maxpacket: 16 [ 98.952292][ T5888] usb 4-1: config 1 has an invalid descriptor of length 196, skipping remainder of the config [ 98.962634][ T5888] usb 4-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 98.975946][ T5888] usb 4-1: config 1 interface 0 has no altsetting 0 [ 98.994345][ T5888] usb 4-1: string descriptor 0 read error: -22 [ 99.000979][ T5888] usb 4-1: New USB device found, idVendor=04f3, idProduct=074d, bcdDevice= 0.40 [ 99.010181][ T5888] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.036069][ T5888] usbhid 4-1:1.0: couldn't find an input interrupt endpoint [ 99.121610][ T5883] pl2303 5-1:3.19: required endpoints missing [ 99.185987][ T5883] pl2303 5-1:3.4: required interrupt-in endpoint missing [ 99.222116][ T5883] usb 5-1: USB disconnect, device number 4 [ 99.282379][ T6200] pimreg3: entered allmulticast mode [ 99.295426][ T6205] netlink: 12 bytes leftover after parsing attributes in process `syz.2.85'. [ 99.390959][ T6207] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 99.514712][ T975] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 99.754204][ T975] usb 2-1: config 0 has no interfaces? [ 99.804683][ T5890] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 99.824719][ T5891] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 99.834335][ T6214] FAULT_INJECTION: forcing a failure. [ 99.834335][ T6214] name failslab, interval 1, probability 0, space 0, times 0 [ 99.854082][ T975] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 99.863826][ T975] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 99.874160][ T975] usb 2-1: Product: syz [ 99.878522][ T975] usb 2-1: Manufacturer: syz [ 99.883872][ T6214] CPU: 0 UID: 0 PID: 6214 Comm: syz.4.89 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) [ 99.883898][ T6214] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 99.883908][ T6214] Call Trace: [ 99.883915][ T6214] [ 99.883922][ T6214] dump_stack_lvl+0x241/0x360 [ 99.883954][ T6214] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.883978][ T6214] ? __pfx__printk+0x10/0x10 [ 99.884006][ T6214] ? ref_tracker_alloc+0x316/0x4c0 [ 99.884029][ T6214] should_fail_ex+0x424/0x570 [ 99.884051][ T6214] should_failslab+0xac/0x100 [ 99.884076][ T6214] kmem_cache_alloc_noprof+0x78/0x390 [ 99.884098][ T6214] ? skb_clone+0x20c/0x390 [ 99.884121][ T6214] skb_clone+0x20c/0x390 [ 99.884141][ T6214] __netlink_deliver_tap+0x3c4/0x7f0 [ 99.884177][ T6214] ? netlink_deliver_tap+0x2e/0x1b0 [ 99.884198][ T6214] netlink_deliver_tap+0x19d/0x1b0 [ 99.884223][ T6214] netlink_sendskb+0x68/0x140 [ 99.884245][ T6214] netlink_unicast+0x39f/0x9a0 [ 99.884264][ T6214] ? __asan_memcpy+0x40/0x70 [ 99.884290][ T6214] ? __pfx_netlink_unicast+0x10/0x10 [ 99.884321][ T6214] netlink_rcv_skb+0x296/0x480 [ 99.884345][ T6214] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 99.884365][ T6214] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 99.884402][ T6214] ? apparmor_capable+0x13b/0x1b0 [ 99.884422][ T6214] ? bpf_lsm_capable+0x9/0x10 [ 99.884441][ T6214] ? security_capable+0x7e/0x2d0 [ 99.884468][ T6214] nfnetlink_rcv+0x296/0x28f0 [ 99.884489][ T6214] ? __dev_queue_xmit+0x2f9/0x3f60 [ 99.884508][ T6214] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 99.884530][ T6214] ? __dev_queue_xmit+0x2f9/0x3f60 [ 99.884559][ T6214] ? __dev_queue_xmit+0x2f9/0x3f60 [ 99.884577][ T6214] ? __dev_queue_xmit+0x1780/0x3f60 [ 99.884591][ T6214] ? kasan_save_track+0x3f/0x80 [ 99.884606][ T6214] ? __kasan_slab_alloc+0x66/0x80 [ 99.884628][ T6214] ? do_syscall_64+0xf3/0x230 [ 99.884655][ T6214] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 99.884671][ T6214] ? __dev_queue_xmit+0x2f9/0x3f60 [ 99.884691][ T6214] ? __pfx___dev_queue_xmit+0x10/0x10 [ 99.884727][ T6214] ? ref_tracker_free+0x63e/0x7e0 [ 99.884747][ T6214] ? __asan_memcpy+0x40/0x70 [ 99.884764][ T6214] ? __pfx_ref_tracker_free+0x10/0x10 [ 99.884780][ T6214] ? __skb_clone+0x5c/0x6d0 [ 99.884815][ T6214] ? skb_clone+0x240/0x390 [ 99.884845][ T6214] ? netlink_deliver_tap+0x2e/0x1b0 [ 99.884870][ T6214] ? netlink_deliver_tap+0x2e/0x1b0 [ 99.884895][ T6214] netlink_unicast+0x7f8/0x9a0 [ 99.884924][ T6214] ? __pfx_netlink_unicast+0x10/0x10 [ 99.884946][ T6214] ? skb_put+0x114/0x1f0 [ 99.884966][ T6214] netlink_sendmsg+0x8c3/0xcd0 [ 99.885002][ T6214] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.885029][ T6214] ? aa_sock_msg_perm+0x91/0x160 [ 99.885058][ T6214] ? __pfx_netlink_sendmsg+0x10/0x10 [ 99.885078][ T6214] __sock_sendmsg+0x221/0x270 [ 99.885104][ T6214] ____sys_sendmsg+0x523/0x860 [ 99.885132][ T6214] ? __pfx_____sys_sendmsg+0x10/0x10 [ 99.885147][ T6214] ? __fget_files+0x2a/0x420 [ 99.885166][ T6214] ? __fget_files+0x2a/0x420 [ 99.885191][ T6214] __sys_sendmsg+0x271/0x360 [ 99.885215][ T6214] ? __pfx___sys_sendmsg+0x10/0x10 [ 99.885285][ T6214] ? do_syscall_64+0xb6/0x230 [ 99.885308][ T6214] do_syscall_64+0xf3/0x230 [ 99.885328][ T6214] ? clear_bhb_loop+0x45/0xa0 [ 99.885349][ T6214] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.885365][ T6214] RIP: 0033:0x7f4f1b58d169 [ 99.885380][ T6214] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.885393][ T6214] RSP: 002b:00007f4f1c32e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 99.885411][ T6214] RAX: ffffffffffffffda RBX: 00007f4f1b7a5fa0 RCX: 00007f4f1b58d169 [ 99.885423][ T6214] RDX: 0000000000000000 RSI: 0000200000000100 RDI: 0000000000000003 [ 99.885434][ T6214] RBP: 00007f4f1c32e090 R08: 0000000000000000 R09: 0000000000000000 [ 99.885444][ T6214] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 99.885453][ T6214] R13: 0000000000000000 R14: 00007f4f1b7a5fa0 R15: 00007f4f1b8cfa28 [ 99.885481][ T6214] [ 100.283273][ T975] usb 2-1: SerialNumber: syz [ 100.294667][ T5890] usb 1-1: Using ep0 maxpacket: 16 [ 100.299919][ T5891] usb 3-1: Using ep0 maxpacket: 16 [ 100.308905][ T5891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 100.318771][ T5890] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC6, changing to 0x86 [ 100.330941][ T5890] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid wMaxPacketSize 0 [ 100.343845][ T5890] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x86 has invalid maxpacket 0 [ 100.363404][ T5891] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 100.372758][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.713130][ T975] usb 2-1: config 0 descriptor?? [ 100.722429][ T5891] usb 3-1: Product: syz [ 100.726969][ T5890] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid maxpacket 14129, setting to 64 [ 100.744550][ T5891] usb 3-1: Manufacturer: syz [ 100.750775][ T5891] usb 3-1: SerialNumber: syz [ 100.758885][ T5891] usb 3-1: config 0 descriptor?? [ 100.769870][ T5891] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 100.779396][ T5890] usb 1-1: New USB device found, idVendor=054c, idProduct=06c1, bcdDevice=c2.87 [ 100.813494][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 100.821638][ T5883] usb 4-1: USB disconnect, device number 5 [ 100.878677][ T5891] em28xx 3-1:0.0: DVB interface 0 found: bulk [ 100.919791][ T5890] usb 1-1: Product: syz [ 100.934217][ T5890] usb 1-1: Manufacturer: syz [ 100.959169][ T5890] usb 1-1: SerialNumber: syz [ 100.971393][ T5890] usb 1-1: config 0 descriptor?? [ 100.986775][ T5890] port100 1-1:0.0: NFC: Could not find bulk-in or bulk-out endpoint [ 101.109581][ T6221] input: syz1 as /devices/virtual/input/input12 [ 101.131116][ T6221] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 101.140909][ T6221] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 101.195506][ T3544] usb 1-1: USB disconnect, device number 6 [ 101.261017][ T6221] bond_slave_0: entered promiscuous mode [ 101.266786][ T6221] bond_slave_1: entered promiscuous mode [ 101.331767][ T5883] hid (null): usage index exceeded [ 101.348503][ T6221] bond_slave_0: left promiscuous mode [ 101.353988][ T6221] bond_slave_1: left promiscuous mode [ 101.370036][ T5890] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 101.380316][ T5883] hid (null): usage index exceeded [ 101.392558][ T5883] hid (null): unknown global tag 0xe0 [ 101.404115][ T5883] hid (null): unknown global tag 0xd [ 101.430260][ T5883] hid (null): report_id 0 is invalid [ 101.442478][ T5891] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 101.455166][ T5883] hid (null): unknown global tag 0xc [ 101.460785][ T5883] hid (null): unknown global tag 0xd [ 101.469990][ T5883] hid (null): unknown global tag 0xe [ 101.475692][ T5883] hid (null): unknown global tag 0xe [ 101.481912][ T5883] hid (null): unknown global tag 0xc [ 101.492276][ T5883] hid (null): unknown global tag 0xd [ 101.498228][ T5883] hid (null): invalid report_size -1829046083 [ 101.517819][ T5883] hid (null): unknown global tag 0xe [ 101.541567][ T5883] hid (null): unknown global tag 0xe [ 101.569164][ T5883] hid (null): unknown global tag 0xc [ 101.584266][ T5883] hid (null): unknown global tag 0xc [ 101.600680][ T5883] hid (null): invalid report_size 1535371181 [ 101.609948][ T5883] hid (null): unknown global tag 0xb7 [ 101.620468][ T5883] hid (null): bogus close delimiter [ 101.633421][ T5883] hid (null): unknown global tag 0xc [ 101.643744][ T5883] hid (null): unknown global tag 0xc [ 101.651141][ T5883] hid (null): invalid report_size 1415038264 [ 101.662815][ T5883] hid (null): unknown global tag 0xd [ 101.672122][ T5883] hid (null): unknown global tag 0xc [ 101.681362][ T5883] hid (null): usage index exceeded [ 101.689458][ T5883] hid (null): unknown global tag 0xe [ 101.697936][ T5883] hid (null): unknown global tag 0xe [ 101.707456][ T5883] hid (null): unknown global tag 0xe [ 101.730185][ T5883] hid-generic FFF4:0002:A4D1.0002: unknown main item tag 0x1 [ 101.771506][ T5883] hid-generic FFF4:0002:A4D1.0002: ignoring exceeding usage max [ 101.794264][ T5883] hid-generic FFF4:0002:A4D1.0002: unexpected long global item [ 101.818751][ T5883] hid-generic FFF4:0002:A4D1.0002: probe with driver hid-generic failed with error -22 [ 101.985412][ T5847] cgroup: fork rejected by pids controller in /syz0 [ 102.378215][ T6177] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.663905][ T6177] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.679971][ T5891] em28xx 3-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 102.692404][ T5891] em28xx 3-1:0.0: board has no eeprom [ 102.704737][ T5889] usb 2-1: USB disconnect, device number 6 [ 102.823387][ T5891] em28xx 3-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 102.865273][ T5891] em28xx 3-1:0.0: dvb set to bulk mode. [ 102.872079][ T5890] em28xx 3-1:0.0: Binding DVB extension [ 102.877752][ T6177] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 102.895814][ T5891] usb 3-1: USB disconnect, device number 3 [ 102.903009][ T5891] em28xx 3-1:0.0: Disconnecting em28xx [ 103.023781][ T5890] em28xx 3-1:0.0: Registering input extension [ 103.044730][ T6253] sd 0:0:1:0: ioctl_internal_command: ILLEGAL REQUEST asc=0x20 ascq=0x0 [ 103.060689][ T5891] em28xx 3-1:0.0: Closing input extension [ 103.141643][ T5891] em28xx 3-1:0.0: Freeing device [ 103.202418][ T6177] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 103.280662][ T6262] openvswitch: netlink: Missing key (keys=40, expected=80) [ 103.714798][ T5891] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 103.960252][ T5891] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 104.058776][ T5891] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 104.083910][ T6177] bridge_slave_1: left allmulticast mode [ 104.136825][ T6177] bridge_slave_1: left promiscuous mode [ 104.166974][ T5891] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.03 [ 104.197497][ T6177] bridge0: port 2(bridge_slave_1) entered disabled state [ 104.238691][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 104.277474][ T6177] bridge_slave_0: left allmulticast mode [ 104.278563][ T5891] usb 2-1: SerialNumber: syz [ 104.322754][ T6177] bridge_slave_0: left promiscuous mode [ 104.338848][ T5837] Bluetooth: hci1: unexpected cc 0x0c03 length: 249 > 1 [ 104.359650][ T5837] Bluetooth: hci1: unexpected cc 0x1003 length: 249 > 9 [ 104.374929][ T6177] bridge0: port 1(bridge_slave_0) entered disabled state [ 104.384097][ T5837] Bluetooth: hci1: unexpected cc 0x1001 length: 249 > 9 [ 104.401487][ T5837] Bluetooth: hci1: unexpected cc 0x0c23 length: 249 > 4 [ 104.414954][ T5837] Bluetooth: hci1: unexpected cc 0x0c38 length: 249 > 2 [ 104.530817][ T5891] usb 2-1: 0:2 : does not exist [ 104.613221][ T5891] usb 2-1: USB disconnect, device number 7 [ 104.856367][ T5836] udevd[5836]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 104.885668][ T5889] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 105.063414][ T5889] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 105.107747][ T5889] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 105.128062][ T5889] usb 4-1: Product: syz [ 105.140578][ T5889] usb 4-1: Manufacturer: syz [ 105.154639][ T5889] usb 4-1: SerialNumber: syz [ 105.199954][ T5889] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 105.247697][ T6296] netlink: 8 bytes leftover after parsing attributes in process `syz.1.111'. [ 105.265143][ T5890] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 105.605175][ T6177] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 105.644503][ T6177] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 105.713721][ T6287] netlink: 28 bytes leftover after parsing attributes in process `syz.3.110'. [ 105.736744][ T6177] bond0 (unregistering): Released all slaves [ 105.781971][ T6302] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 105.895139][ T6302] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 105.937417][ T3544] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 106.073567][ T5897] usb 4-1: USB disconnect, device number 7 [ 106.115041][ T3544] usb 2-1: config 0 has no interfaces? [ 106.322621][ T3544] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 106.338921][ T3544] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.364705][ T5890] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 106.371740][ T3544] usb 2-1: Product: syz [ 106.377661][ T3544] usb 2-1: Manufacturer: syz [ 106.385234][ T5890] ath9k_htc: Failed to initialize the device [ 106.394653][ T3544] usb 2-1: SerialNumber: syz [ 106.415809][ T3544] usb 2-1: config 0 descriptor?? [ 106.420924][ T5897] usb 4-1: ath9k_htc: USB layer deinitialized [ 106.529004][ T5835] Bluetooth: hci1: command tx timeout [ 106.564715][ T5891] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 106.727317][ T5891] usb 5-1: config 0 has no interfaces? [ 106.844844][ T5891] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 106.880339][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 106.922227][ T5891] usb 5-1: Product: syz [ 106.962258][ T5891] usb 5-1: Manufacturer: syz [ 106.985448][ T5891] usb 5-1: SerialNumber: syz [ 107.035312][ T5891] usb 5-1: config 0 descriptor?? [ 107.387243][ T10] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 107.448044][ T6328] vlan2: entered allmulticast mode [ 107.464091][ T6328] mac80211_hwsim hwsim6 wlan1: entered allmulticast mode [ 107.575172][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 107.582277][ T10] usb 4-1: config 0 has an invalid interface number: 1 but max is 0 [ 107.601001][ T10] usb 4-1: config 0 has no interface number 0 [ 107.620058][ T10] usb 4-1: New USB device found, idVendor=8086, idProduct=9500, bcdDevice=b6.d8 [ 107.630909][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.657250][ T10] usb 4-1: Product: syz [ 107.674111][ T10] usb 4-1: Manufacturer: syz [ 107.696295][ T10] usb 4-1: SerialNumber: syz [ 107.717252][ T10] usb 4-1: config 0 descriptor?? [ 107.731774][ T10] usb 4-1: dvb_usb_v2: found a 'Intel CE9500 reference design' in warm state [ 107.749475][ T10] usb 4-1: selecting invalid altsetting 1 [ 107.762448][ T10] usb 4-1: dvb_usb_ce6230: usb_set_interface() failed=-22 [ 107.797185][ T10] usb 4-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 107.821051][ T10] dvbdev: DVB: registering new adapter (Intel CE9500 reference design) [ 107.830353][ T10] usb 4-1: media controller created [ 107.839991][ T6177] hsr_slave_0: left promiscuous mode [ 107.859689][ T6177] hsr_slave_1: left promiscuous mode [ 107.866495][ T6177] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 107.871028][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 107.873951][ T6177] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 107.916154][ T6177] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 107.923884][ T6177] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 107.991061][ T6177] veth1_macvtap: left promiscuous mode [ 107.998408][ T6177] veth0_macvtap: left promiscuous mode [ 108.029990][ T6177] veth1_vlan: left promiscuous mode [ 108.050904][ T6177] veth0_vlan: left promiscuous mode [ 108.258973][ T6177] pimreg3 (unregistering): left allmulticast mode [ 108.570011][ T5897] usb 2-1: USB disconnect, device number 8 [ 108.596457][ T5835] Bluetooth: hci1: command tx timeout [ 108.947761][ T5883] usb 5-1: USB disconnect, device number 5 [ 108.957355][ T6177] team0 (unregistering): Port device team_slave_1 removed [ 108.998447][ T10] usb 4-1: dvb_usb_ce6230: usb_control_msg() failed=-110 [ 109.012344][ T10] zl10353_read_register: readreg error (reg=127, ret==-110) [ 109.092367][ T6350] netlink: 452 bytes leftover after parsing attributes in process `syz.4.122'. [ 109.106682][ T6177] team0 (unregistering): Port device team_slave_0 removed [ 109.225471][ T6355] netlink: 8 bytes leftover after parsing attributes in process `syz.4.123'. [ 109.236833][ T6355] netlink: 20 bytes leftover after parsing attributes in process `syz.4.123'. [ 109.543442][ T6346] geneve1: entered promiscuous mode [ 109.549334][ T6346] geneve1: entered allmulticast mode [ 109.653256][ T6358] netlink: 'syz.4.124': attribute type 10 has an invalid length. [ 109.703702][ T6358] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 109.807642][ T6361] netlink: 4 bytes leftover after parsing attributes in process `syz.1.125'. [ 109.828589][ T6283] chnl_net:caif_netlink_parms(): no params data found [ 109.880079][ T6361] bridge_slave_1: left allmulticast mode [ 109.892675][ T6361] bridge_slave_1: left promiscuous mode [ 109.911408][ T6361] bridge0: port 2(bridge_slave_1) entered disabled state [ 109.963280][ T6361] bridge_slave_0: left allmulticast mode [ 109.970258][ T6361] bridge_slave_0: left promiscuous mode [ 109.989909][ T6361] bridge0: port 1(bridge_slave_0) entered disabled state [ 110.184511][ T6340] syz.3.116 (6340) used greatest stack depth: 17992 bytes left [ 110.206060][ T5883] usb 4-1: USB disconnect, device number 8 [ 110.284718][ T10] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 110.395395][ T6393] xt_nfacct: accounting object `syz1' does not exists [ 110.495267][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 110.525898][ T10] usb 2-1: config 0 has no interfaces? [ 110.543348][ T10] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 110.559726][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 110.572823][ T10] usb 2-1: Product: syz [ 110.577900][ T10] usb 2-1: Manufacturer: syz [ 110.582531][ T10] usb 2-1: SerialNumber: syz [ 110.611578][ T10] usb 2-1: config 0 descriptor?? [ 110.674931][ T5835] Bluetooth: hci1: command tx timeout [ 110.784695][ T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 110.816113][ T6411] netlink: 8 bytes leftover after parsing attributes in process `syz.2.136'. [ 110.874870][ T6411] netlink: 4 bytes leftover after parsing attributes in process `syz.2.136'. [ 110.889247][ T6411] netlink: 'syz.2.136': attribute type 15 has an invalid length. [ 110.921991][ T6413] xt_socket: unknown flags 0xd0 [ 110.938234][ T10] usb 4-1: device descriptor read/64, error -71 [ 111.012245][ T6283] bridge0: port 1(bridge_slave_0) entered blocking state [ 111.032292][ T6283] bridge0: port 1(bridge_slave_0) entered disabled state [ 111.055844][ T6283] bridge_slave_0: entered allmulticast mode [ 111.084496][ T6283] bridge_slave_0: entered promiscuous mode [ 111.098834][ T6283] bridge0: port 2(bridge_slave_1) entered blocking state [ 111.108573][ T6283] bridge0: port 2(bridge_slave_1) entered disabled state [ 111.135004][ T6283] bridge_slave_1: entered allmulticast mode [ 111.161429][ T6283] bridge_slave_1: entered promiscuous mode [ 111.204677][ T10] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 111.253853][ T6283] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 111.293997][ T6283] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 111.355284][ T10] usb 4-1: device descriptor read/64, error -71 [ 111.441787][ T6283] team0: Port device team_slave_0 added [ 111.467225][ T6283] team0: Port device team_slave_1 added [ 111.488835][ T10] usb usb4-port1: attempt power cycle [ 111.609373][ T6438] FAULT_INJECTION: forcing a failure. [ 111.609373][ T6438] name failslab, interval 1, probability 0, space 0, times 0 [ 111.624320][ T6438] CPU: 0 UID: 0 PID: 6438 Comm: syz.2.144 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) [ 111.624344][ T6438] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 111.624353][ T6438] Call Trace: [ 111.624359][ T6438] [ 111.624366][ T6438] dump_stack_lvl+0x241/0x360 [ 111.624396][ T6438] ? __pfx_dump_stack_lvl+0x10/0x10 [ 111.624419][ T6438] ? __pfx__printk+0x10/0x10 [ 111.624446][ T6438] ? __pfx___might_resched+0x10/0x10 [ 111.624471][ T6438] should_fail_ex+0x424/0x570 [ 111.624493][ T6438] should_failslab+0xac/0x100 [ 111.624515][ T6438] kmem_cache_alloc_noprof+0x78/0x390 [ 111.624543][ T6438] ? __kernfs_new_node+0xdf/0x890 [ 111.624568][ T6438] __kernfs_new_node+0xdf/0x890 [ 111.624585][ T6438] ? __lock_acquire+0xad5/0xd80 [ 111.624606][ T6438] ? __pfx___kernfs_new_node+0x10/0x10 [ 111.624631][ T6438] ? kernfs_root+0x1c/0x230 [ 111.624649][ T6438] ? kernfs_root+0x1c/0x230 [ 111.624669][ T6438] kernfs_new_node+0x114/0x220 [ 111.624691][ T6438] __kernfs_create_file+0x49/0x2e0 [ 111.624714][ T6438] sysfs_add_file_mode_ns+0x24a/0x310 [ 111.624745][ T6438] internal_create_group+0x7ea/0x1320 [ 111.624764][ T6438] ? kernfs_add_one+0xf8/0x530 [ 111.624794][ T6438] ? __pfx_internal_create_group+0x10/0x10 [ 111.624822][ T6438] sysfs_create_groups+0x56/0x120 [ 111.624840][ T6438] device_add_attrs+0xef/0x670 [ 111.624862][ T6438] ? __pfx_device_add_attrs+0x10/0x10 [ 111.624889][ T6438] device_add+0x576/0xbf0 [ 111.624908][ T6438] ? device_initialize+0x266/0x460 [ 111.624930][ T6438] netdev_register_kobject+0x157/0x2f0 [ 111.624953][ T6438] register_netdevice+0x12b0/0x1b80 [ 111.624972][ T6438] ? rcu_is_watching+0x15/0xb0 [ 111.625007][ T6438] ? __pfx_register_netdevice+0x10/0x10 [ 111.625024][ T6438] ? dev_addr_mod+0xf4/0x430 [ 111.625042][ T6438] ? __asan_memset+0x23/0x50 [ 111.625061][ T6438] ? netif_inherit_tso_max+0x1f3/0x340 [ 111.625081][ T6438] veth_newlink+0x4c3/0xb80 [ 111.625107][ T6438] ? __pfx_veth_newlink+0x10/0x10 [ 111.625204][ T6438] ? rtnl_create_link+0xb36/0xea0 [ 111.625226][ T6438] ? __pfx_veth_newlink+0x10/0x10 [ 111.625248][ T6438] rtnl_newlink_create+0x39b/0xcb0 [ 111.625274][ T6438] ? __mutex_lock+0xbe3/0x10c0 [ 111.625303][ T6438] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 111.625329][ T6438] ? __pfx___mutex_lock+0x10/0x10 [ 111.625359][ T6438] ? ns_capable+0x8a/0xf0 [ 111.625380][ T6438] rtnl_newlink+0x18b0/0x1fe0 [ 111.625405][ T6438] ? stack_depot_save_flags+0x44/0x940 [ 111.625439][ T6438] ? __pfx_rtnl_newlink+0x10/0x10 [ 111.625458][ T6438] ? __netlink_deliver_tap+0x561/0x7f0 [ 111.625480][ T6438] ? netlink_deliver_tap+0x19d/0x1b0 [ 111.625499][ T6438] ? netlink_unicast+0x7c6/0x9a0 [ 111.625516][ T6438] ? netlink_sendmsg+0x8c3/0xcd0 [ 111.625544][ T6438] ? __sock_sendmsg+0x221/0x270 [ 111.625563][ T6438] ? ____sys_sendmsg+0x523/0x860 [ 111.625578][ T6438] ? __sys_sendmsg+0x271/0x360 [ 111.625592][ T6438] ? do_syscall_64+0xf3/0x230 [ 111.625611][ T6438] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.625690][ T6438] ? aa_get_newest_label+0x101/0x6f0 [ 111.625721][ T6438] ? __lock_acquire+0xad5/0xd80 [ 111.625760][ T6438] ? __pfx_rtnl_newlink+0x10/0x10 [ 111.625783][ T6438] rtnetlink_rcv_msg+0x80f/0xd70 [ 111.625804][ T6438] ? rtnetlink_rcv_msg+0x1ba/0xd70 [ 111.625831][ T6438] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 111.625862][ T6438] ? ref_tracker_free+0x63e/0x7e0 [ 111.625886][ T6438] netlink_rcv_skb+0x208/0x480 [ 111.625910][ T6438] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 111.625934][ T6438] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 111.625975][ T6438] ? netlink_deliver_tap+0x2e/0x1b0 [ 111.626000][ T6438] ? netlink_deliver_tap+0x2e/0x1b0 [ 111.626025][ T6438] netlink_unicast+0x7f8/0x9a0 [ 111.626055][ T6438] ? __pfx_netlink_unicast+0x10/0x10 [ 111.626078][ T6438] ? skb_put+0x114/0x1f0 [ 111.626099][ T6438] netlink_sendmsg+0x8c3/0xcd0 [ 111.626135][ T6438] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.626162][ T6438] ? aa_sock_msg_perm+0x91/0x160 [ 111.626191][ T6438] ? __pfx_netlink_sendmsg+0x10/0x10 [ 111.626211][ T6438] __sock_sendmsg+0x221/0x270 [ 111.626236][ T6438] ____sys_sendmsg+0x523/0x860 [ 111.626263][ T6438] ? __pfx_____sys_sendmsg+0x10/0x10 [ 111.626279][ T6438] ? __fget_files+0x2a/0x420 [ 111.626297][ T6438] ? __fget_files+0x2a/0x420 [ 111.626321][ T6438] __sys_sendmsg+0x271/0x360 [ 111.626344][ T6438] ? __pfx___sys_sendmsg+0x10/0x10 [ 111.626411][ T6438] ? do_syscall_64+0xb6/0x230 [ 111.626434][ T6438] do_syscall_64+0xf3/0x230 [ 111.626453][ T6438] ? clear_bhb_loop+0x45/0xa0 [ 111.626473][ T6438] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 111.626489][ T6438] RIP: 0033:0x7f07bf38d169 [ 111.626505][ T6438] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 111.626517][ T6438] RSP: 002b:00007f07c0283038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 111.626542][ T6438] RAX: ffffffffffffffda RBX: 00007f07bf5a5fa0 RCX: 00007f07bf38d169 [ 111.626554][ T6438] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 111.626564][ T6438] RBP: 00007f07c0283090 R08: 0000000000000000 R09: 0000000000000000 [ 111.626574][ T6438] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 111.626582][ T6438] R13: 0000000000000000 R14: 00007f07bf5a5fa0 R15: 00007f07bf6cfa28 [ 111.626608][ T6438] [ 112.167657][ T6283] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 112.205291][ T6283] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.245071][ T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 112.259884][ T6283] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 112.275838][ T10] usb 4-1: device descriptor read/8, error -71 [ 112.286890][ T6283] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 112.293998][ T6283] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 112.294795][ T5897] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 112.321680][ T6283] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 112.401618][ T6283] hsr_slave_0: entered promiscuous mode [ 112.417275][ T6283] hsr_slave_1: entered promiscuous mode [ 112.423834][ T6283] debugfs: Directory 'hsr0' with parent 'hsr' already present! [ 112.432694][ T6283] Cannot create hsr debugfs directory [ 112.475929][ T5897] usb 5-1: device descriptor read/64, error -71 [ 112.520391][ T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 112.558641][ T10] usb 4-1: device descriptor read/8, error -71 [ 112.675197][ T10] usb usb4-port1: unable to enumerate USB device [ 112.716601][ T5897] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 112.759574][ T5835] Bluetooth: hci1: command tx timeout [ 112.804354][ T10] usb 2-1: USB disconnect, device number 9 [ 112.856912][ T5897] usb 5-1: device descriptor read/64, error -71 [ 112.896523][ T6452] netlink: 56 bytes leftover after parsing attributes in process `syz.2.145'. [ 112.967931][ T5897] usb usb5-port1: attempt power cycle [ 113.247421][ T10] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 113.274295][ T30] audit: type=1800 audit(1744330815.418:4): pid=6465 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.148" name="file1" dev="tmpfs" ino=215 res=0 errno=0 [ 113.317270][ T6465] debugfs: Directory '!' with parent 'ieee80211' already present! [ 113.326767][ T5897] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 113.359886][ T5897] usb 5-1: device descriptor read/8, error -71 [ 113.425085][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 113.426296][ T6283] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 113.444680][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 113.469665][ T6283] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 113.493001][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 113.518676][ T6283] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 113.524639][ T10] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 113.568271][ T10] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 113.592853][ T6283] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 113.600060][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.619750][ T5897] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 113.629049][ T10] usb 2-1: config 0 descriptor?? [ 113.669168][ T5897] usb 5-1: device descriptor read/8, error -71 [ 113.796856][ T5897] usb usb5-port1: unable to enumerate USB device [ 113.822689][ T6283] 8021q: adding VLAN 0 to HW filter on device bond0 [ 113.854937][ T5888] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 113.879550][ T6283] 8021q: adding VLAN 0 to HW filter on device team0 [ 113.912399][ T81] bridge0: port 1(bridge_slave_0) entered blocking state [ 113.919648][ T81] bridge0: port 1(bridge_slave_0) entered forwarding state [ 113.957592][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 113.964784][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 114.010702][ T6485] pimreg3: entered allmulticast mode [ 114.027721][ T5888] usb 3-1: config index 0 descriptor too short (expected 36, got 20) [ 114.044745][ T5888] usb 3-1: config 0 has an invalid descriptor of length 9, skipping remainder of the config [ 114.072587][ T5888] usb 3-1: config 0 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 114.080300][ T10] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 114.116375][ T5888] usb 3-1: config 0 interface 0 has no altsetting 0 [ 114.123052][ T5888] usb 3-1: New USB device found, idVendor=056a, idProduct=00ba, bcdDevice= 0.00 [ 114.137361][ T5888] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 114.147726][ T10] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 114.155601][ T10] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 114.164468][ T10] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 114.175825][ T5888] usb 3-1: config 0 descriptor?? [ 114.190545][ T6488] FAULT_INJECTION: forcing a failure. [ 114.190545][ T6488] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 114.204877][ T10] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 114.212354][ T10] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 114.220539][ T10] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 114.224347][ T6283] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 114.228186][ T6488] CPU: 0 UID: 0 PID: 6488 Comm: syz.3.153 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) [ 114.228210][ T6488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 114.228220][ T6488] Call Trace: [ 114.228226][ T6488] [ 114.228237][ T6488] dump_stack_lvl+0x241/0x360 [ 114.228269][ T6488] ? __pfx_dump_stack_lvl+0x10/0x10 [ 114.228291][ T6488] ? __pfx__printk+0x10/0x10 [ 114.228320][ T6488] should_fail_ex+0x424/0x570 [ 114.228342][ T6488] _copy_to_user+0x31/0xb0 [ 114.228367][ T6488] simple_read_from_buffer+0xc4/0x170 [ 114.228395][ T6488] proc_fail_nth_read+0x1ef/0x260 [ 114.228416][ T6488] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 114.228434][ T6488] ? rw_verify_area+0x246/0x630 [ 114.228450][ T6488] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 114.228469][ T6488] vfs_read+0x21f/0xb90 [ 114.228492][ T6488] ? __pfx___mutex_lock+0x10/0x10 [ 114.228514][ T6488] ? __pfx_vfs_read+0x10/0x10 [ 114.228534][ T6488] ? __fget_files+0x2a/0x420 [ 114.228557][ T6488] ? __fget_files+0x39d/0x420 [ 114.228570][ T6488] ? __fget_files+0x2a/0x420 [ 114.228594][ T6488] ksys_read+0x19d/0x2d0 [ 114.228614][ T6488] ? __pfx_ksys_read+0x10/0x10 [ 114.228638][ T6488] ? do_syscall_64+0xb6/0x230 [ 114.228660][ T6488] do_syscall_64+0xf3/0x230 [ 114.228680][ T6488] ? clear_bhb_loop+0x45/0xa0 [ 114.228700][ T6488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 114.228715][ T6488] RIP: 0033:0x7f2a92d8bb7c [ 114.228730][ T6488] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 114.228742][ T6488] RSP: 002b:00007f2a90bf6030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 114.228760][ T6488] RAX: ffffffffffffffda RBX: 00007f2a92fa5fa0 RCX: 00007f2a92d8bb7c [ 114.228772][ T6488] RDX: 000000000000000f RSI: 00007f2a90bf60a0 RDI: 0000000000000004 [ 114.228781][ T6488] RBP: 00007f2a90bf6090 R08: 0000000000000000 R09: 0000000000000000 [ 114.228791][ T6488] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 114.228801][ T6488] R13: 0000000000000000 R14: 00007f2a92fa5fa0 R15: 00007f2a930cfa28 [ 114.228827][ T6488] [ 114.240679][ T10] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 114.422588][ T6283] veth0_vlan: entered promiscuous mode [ 114.433972][ T10] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 114.507784][ T5888] usb 3-1: string descriptor 0 read error: -71 [ 114.517040][ T5888] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 114.548559][ T6283] veth1_vlan: entered promiscuous mode [ 114.619410][ T10] microsoft 0003:045E:07DA.0003: unknown main item tag 0x0 [ 114.645350][ T5888] usb 3-1: USB disconnect, device number 4 [ 114.727041][ T10] input: HID 045e:07da as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/0003:045E:07DA.0003/input/input14 [ 114.727077][ T5897] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 114.750120][ T6283] veth0_macvtap: entered promiscuous mode [ 114.783815][ T6283] veth1_macvtap: entered promiscuous mode [ 114.802226][ T6496] netlink: 4 bytes leftover after parsing attributes in process `syz.4.155'. [ 114.832191][ T10] microsoft 0003:045E:07DA.0003: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.1-1/input0 [ 114.840750][ T6283] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 114.862548][ T6283] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.873324][ T6283] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 114.889879][ T6283] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.892394][ T10] usb 2-1: USB disconnect, device number 10 [ 114.910115][ T6283] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 114.931768][ T6283] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 114.952235][ T6283] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3e) already exists on: batadv_slave_0 [ 114.969499][ T5897] usb 4-1: Using ep0 maxpacket: 8 [ 114.984532][ T5897] usb 4-1: config 0 has too many interfaces: 65, using maximum allowed: 32 [ 114.995790][ T6283] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.006367][ T5897] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 115.024075][ T5897] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 65 [ 115.031573][ T6283] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 115.071553][ T5897] usb 4-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 115.081660][ T6496] bridge_slave_1: left allmulticast mode [ 115.097895][ T6496] bridge_slave_1: left promiscuous mode [ 115.119036][ T5897] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 115.121910][ T6496] bridge0: port 2(bridge_slave_1) entered disabled state [ 115.147892][ T6496] bridge_slave_0: left allmulticast mode [ 115.158302][ T5897] usb 4-1: config 0 descriptor?? [ 115.166568][ T6496] bridge_slave_0: left promiscuous mode [ 115.191146][ T6496] bridge0: port 1(bridge_slave_0) entered disabled state [ 115.225148][ T5887] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 115.376363][ T5891] usb 4-1: USB disconnect, device number 13 [ 115.390895][ T5887] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 115.426477][ T5887] usb 5-1: config 0 has no interfaces? [ 115.467453][ T5887] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 115.489556][ T6283] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.503271][ T5887] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 115.518686][ T6283] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.531316][ T5887] usb 5-1: Product: syz [ 115.540054][ T5887] usb 5-1: Manufacturer: syz [ 115.549962][ T5887] usb 5-1: SerialNumber: syz [ 115.557038][ T6283] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.572836][ T5887] usb 5-1: config 0 descriptor?? [ 115.582060][ T6283] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.604347][ T6283] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.623551][ T6283] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.661979][ T6283] batman_adv: The newly added mac address (aa:aa:aa:aa:aa:3f) already exists on: batadv_slave_1 [ 115.677167][ T6283] batman_adv: It is strongly recommended to keep mac addresses unique to avoid problems! [ 115.692252][ T6283] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 115.762384][ T6283] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.794452][ T6283] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.828439][ T6283] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 115.870287][ T6283] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 116.076414][ T6538] netlink: 64 bytes leftover after parsing attributes in process `syz.3.161'. [ 116.338163][ T12] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.377746][ T12] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 116.503291][ T81] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 116.623969][ T81] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 117.664831][ T5887] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 117.691446][ T5888] usb 5-1: USB disconnect, device number 10 [ 117.814661][ T5891] usb 1-1: new full-speed USB device number 7 using dummy_hcd [ 117.929656][ T5887] usb 2-1: config 0 has no interfaces? [ 117.949834][ T5887] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 117.980111][ T5887] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.021357][ T5887] usb 2-1: Product: syz [ 118.092477][ T6576] process 'syz.4.166' launched './file1' with NULL argv: empty string added [ 118.108937][ T5891] usb 1-1: unable to get BOS descriptor or descriptor too short [ 118.118857][ T30] audit: type=1326 audit(1744330820.238:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.4.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f1b58d169 code=0x7ffc0000 [ 118.149088][ T5891] usb 1-1: not running at top speed; connect to a high speed hub [ 118.167197][ T5887] usb 2-1: Manufacturer: syz [ 118.193893][ T5887] usb 2-1: SerialNumber: syz [ 118.198230][ T5891] usb 1-1: config 1 interface 0 altsetting 5 endpoint 0x81 has invalid maxpacket 655, setting to 64 [ 118.216100][ T6579] netlink: 20 bytes leftover after parsing attributes in process `syz.2.167'. [ 118.228311][ T5891] usb 1-1: config 1 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 118.244730][ T30] audit: type=1326 audit(1744330820.238:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.4.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f1b58d169 code=0x7ffc0000 [ 118.276305][ T5887] usb 2-1: config 0 descriptor?? [ 118.315700][ T5891] usb 1-1: config 1 interface 0 has no altsetting 0 [ 118.344695][ T5891] usb 1-1: New USB device found, idVendor=05ac, idProduct=025a, bcdDevice= 0.40 [ 118.374113][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 118.382806][ T30] audit: type=1326 audit(1744330820.238:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.4.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=447 compat=0 ip=0x7f4f1b58d169 code=0x7ffc0000 [ 118.435075][ T5891] usb 1-1: Product: syz [ 118.439291][ T5891] usb 1-1: Manufacturer: syz [ 118.468073][ T5891] usb 1-1: SerialNumber: syz [ 118.516526][ T6567] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 118.525226][ T30] audit: type=1326 audit(1744330820.238:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.4.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f1b58d169 code=0x7ffc0000 [ 118.583146][ T6562] @: renamed from vlan0 (while UP) [ 118.623382][ T6562] input: syz0 as /devices/virtual/input/input15 [ 118.661297][ T30] audit: type=1326 audit(1744330820.238:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.4.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=261 compat=0 ip=0x7f4f1b58d169 code=0x7ffc0000 [ 118.724700][ T30] audit: type=1326 audit(1744330820.238:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.4.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f1b58d169 code=0x7ffc0000 [ 118.765083][ T5890] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 118.781265][ T5883] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 118.793183][ T5891] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input16 [ 118.820201][ T30] audit: type=1326 audit(1744330820.238:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.4.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f1b58d169 code=0x7ffc0000 [ 118.869185][ T5194] bcm5974 1-1:1.0: could not read from device [ 118.883146][ T5194] bcm5974 1-1:1.0: could not read from device [ 118.892115][ T5891] usb 1-1: USB disconnect, device number 7 [ 118.916544][ T30] audit: type=1326 audit(1744330820.238:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.4.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4f1b58d169 code=0x7ffc0000 [ 118.956386][ T5883] usb 5-1: Using ep0 maxpacket: 16 [ 119.012180][ T5890] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 119.023159][ T5890] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 119.068454][ T5883] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 119.089116][ T5883] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 119.104624][ T5883] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.113627][ T30] audit: type=1326 audit(1744330820.238:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.4.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f1b58d169 code=0x7ffc0000 [ 119.125467][ T5890] usb 3-1: New USB device found, idVendor=054c, idProduct=1000, bcdDevice= 0.00 [ 119.157873][ T5883] usb 5-1: Product: syz [ 119.167039][ T5883] usb 5-1: Manufacturer: syz [ 119.171672][ T5883] usb 5-1: SerialNumber: syz [ 119.191160][ T30] audit: type=1326 audit(1744330820.238:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.4.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=301 compat=0 ip=0x7f4f1b58d169 code=0x7ffc0000 [ 119.262340][ T5890] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 119.271307][ T5883] usb 5-1: config 0 descriptor?? [ 119.340827][ T5883] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 119.361044][ T5890] usb 3-1: config 0 descriptor?? [ 119.397240][ T5883] em28xx 5-1:0.0: DVB interface 0 found: bulk [ 119.421947][ T5890] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 119.443168][ T30] audit: type=1326 audit(1744330820.238:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.4.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4f1b58d169 code=0x7ffc0000 [ 119.555158][ T5891] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 119.658560][ T30] audit: type=1326 audit(1744330820.238:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6575 comm="syz.4.166" exe="/root/syz-executor" sig=0 arch=c000003e syscall=322 compat=0 ip=0x7f4f1b58d169 code=0x7ffc0000 [ 119.789656][ T5891] usb 4-1: config index 0 descriptor too short (expected 12336, got 77) [ 119.801843][ T5891] usb 4-1: config 48 has too many interfaces: 48, using maximum allowed: 32 [ 119.824294][ T5891] usb 4-1: config 48 has an invalid descriptor of length 0, skipping remainder of the config [ 119.895614][ T5891] usb 4-1: config 48 has 0 interfaces, different from the descriptor's value: 48 [ 119.928204][ T5883] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 119.957532][ T5891] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 119.970421][ T5891] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 119.986699][ T5891] usb 4-1: Product: syz [ 119.992187][ T5891] usb 4-1: Manufacturer: syz [ 119.998574][ T5891] usb 4-1: SerialNumber: syz [ 120.022583][ T5883] em28xx 5-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 120.045976][ T5883] em28xx 5-1:0.0: board has no eeprom [ 120.213008][ T5883] em28xx 5-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 120.285709][ T5883] em28xx 5-1:0.0: dvb set to bulk mode. [ 120.309300][ T5887] em28xx 5-1:0.0: Binding DVB extension [ 120.362018][ T5883] usb 5-1: USB disconnect, device number 11 [ 120.396814][ T6614] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 120.422504][ T5883] em28xx 5-1:0.0: Disconnecting em28xx [ 120.434181][ T6614] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 120.578967][ T3544] usb 2-1: USB disconnect, device number 11 [ 120.611771][ T5887] em28xx 5-1:0.0: Registering input extension [ 120.644135][ T5883] em28xx 5-1:0.0: Closing input extension [ 120.722875][ T5883] em28xx 5-1:0.0: Freeing device [ 121.114483][ T5891] usb 4-1: USB disconnect, device number 14 [ 121.406327][ T6636] netlink: 24 bytes leftover after parsing attributes in process `syz.1.175'. [ 121.489366][ T6639] fuse: Unknown parameter '0x000000000000000c00000000000000000000' [ 122.049243][ T5891] usb 3-1: USB disconnect, device number 5 [ 122.495314][ T5891] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 122.707236][ T5891] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 122.722042][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 122.860774][ T5891] usb 3-1: config 0 descriptor?? [ 123.239019][ T6677] netlink: 8 bytes leftover after parsing attributes in process `syz.4.184'. [ 123.272694][ T6679] netlink: 40 bytes leftover after parsing attributes in process `syz.1.185'. [ 123.293181][ T5891] usb 3-1: Cannot set MAC address [ 123.298945][ T5891] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 123.330439][ T5887] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 123.361827][ T5891] usb 3-1: USB disconnect, device number 6 [ 123.506242][ T5887] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 123.530923][ T5887] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 123.552056][ T5887] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.05 [ 123.562769][ T5887] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 123.575538][ T5887] usb 4-1: SerialNumber: syz [ 123.754691][ T3544] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 123.813698][ T5887] usb 4-1: 0:2 : does not exist [ 123.885907][ T5887] usb 4-1: USB disconnect, device number 15 [ 123.924900][ T3544] usb 2-1: Using ep0 maxpacket: 16 [ 123.949016][ T3544] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 123.972364][ T3544] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 124.004859][ T3544] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 124.044268][ T3544] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 124.087892][ T3544] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 124.117833][ T3544] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 124.161828][ T3544] usb 2-1: Product: syz [ 124.169230][ T5836] udevd[5836]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 124.174624][ T3544] usb 2-1: Manufacturer: syz [ 124.239021][ T3544] usb 2-1: SerialNumber: syz [ 124.658155][ T6733] netlink: 24 bytes leftover after parsing attributes in process `syz.4.195'. [ 124.973148][ T6746] loop2: detected capacity change from 0 to 7 [ 124.981859][ T6745] fuse: Unknown parameter '0x000000000000000c00000000000000000000' [ 125.076452][ T6746] Dev loop2: unable to read RDB block 7 [ 125.076522][ T6746] loop2: unable to read partition table [ 125.076767][ T6746] loop2: partition table beyond EOD, truncated [ 125.076800][ T6746] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 125.969433][ T6763] netlink: 'syz.3.201': attribute type 16 has an invalid length. [ 126.014737][ T6763] netlink: 8 bytes leftover after parsing attributes in process `syz.3.201'. [ 126.244956][ T5887] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 126.776478][ T5887] usb 1-1: config 0 has no interfaces? [ 126.784235][ T5887] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 126.812921][ T5887] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 126.888676][ T5887] usb 1-1: Product: syz [ 126.912442][ T5887] usb 1-1: Manufacturer: syz [ 126.939416][ T5887] usb 1-1: SerialNumber: syz [ 127.025554][ T5887] usb 1-1: config 0 descriptor?? [ 127.194892][ T5897] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 127.321051][ T6779] netlink: 452 bytes leftover after parsing attributes in process `syz.2.203'. [ 127.341199][ T3544] usb 2-1: USB disconnect, device number 12 [ 127.356986][ T5897] usb 4-1: config 221 has an invalid descriptor of length 173, skipping remainder of the config [ 127.394791][ T5897] usb 4-1: config 221 has 0 interfaces, different from the descriptor's value: 1 [ 127.453651][ T5897] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 127.477647][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 127.499885][ T5897] usb 4-1: Product: syz [ 127.504150][ T5897] usb 4-1: Manufacturer: syz [ 127.514677][ T5887] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 127.521488][ T5897] usb 4-1: SerialNumber: syz [ 127.541688][ T6786] netlink: 8 bytes leftover after parsing attributes in process `syz.2.206'. [ 127.552006][ T5897] usb 4-1: rejected 1 configuration due to insufficient available bus power [ 127.568351][ T5897] usb 4-1: no configuration chosen from 1 choice [ 127.576283][ T6786] netlink: 20 bytes leftover after parsing attributes in process `syz.2.206'. [ 127.618631][ T5836] udevd[5836]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 127.735380][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 127.762473][ T5887] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 127.781348][ T6792] geneve1: entered promiscuous mode [ 127.788170][ T6792] geneve1: entered allmulticast mode [ 127.800592][ T5887] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 127.842194][ T5887] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 127.864255][ T5887] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 127.899866][ T5887] usb 5-1: config 0 descriptor?? [ 127.934854][ T6796] netlink: 'syz.2.209': attribute type 10 has an invalid length. [ 128.057055][ T6800] netlink: 'syz.2.212': attribute type 16 has an invalid length. [ 128.065277][ T6800] netlink: 8 bytes leftover after parsing attributes in process `syz.2.212'. [ 128.331819][ T6811] netlink: 24 bytes leftover after parsing attributes in process `syz.1.215'. [ 128.345804][ T6777] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.355427][ T6777] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 128.375154][ T6777] vlan2: entered allmulticast mode [ 128.381242][ T6777] hsr0: entered allmulticast mode [ 128.393532][ T6777] hsr_slave_0: entered allmulticast mode [ 128.399408][ T6777] hsr_slave_1: entered allmulticast mode [ 128.638225][ T6816] fuse: Unknown parameter '0x000000000000000b00000000000000000000' [ 128.712014][ T5887] usbhid 5-1:0.0: can't add hid device: -71 [ 128.718872][ T5887] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 128.730156][ T5887] usb 5-1: USB disconnect, device number 12 [ 128.920256][ T5883] usb 1-1: USB disconnect, device number 8 [ 129.222153][ T6819] xt_nfacct: accounting object `syz1' does not exists [ 129.582988][ T6824] capability: warning: `syz.4.217' uses deprecated v2 capabilities in a way that may be insecure [ 129.648000][ T6825] xt_TCPMSS: Only works on TCP SYN packets [ 129.684689][ T3544] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 129.834671][ T3544] usb 1-1: Using ep0 maxpacket: 8 [ 129.844236][ T3544] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 129.869981][ T3544] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.871696][ T6832] netlink: 8 bytes leftover after parsing attributes in process `syz.1.221'. [ 129.885118][ T3544] usb 1-1: Product: syz [ 129.891409][ T3544] usb 1-1: Manufacturer: syz [ 129.939423][ T6834] xt_socket: unknown flags 0xd0 [ 129.944848][ T3544] usb 1-1: SerialNumber: syz [ 129.956310][ T5888] usb 4-1: USB disconnect, device number 16 [ 129.981024][ T3544] usb 1-1: config 0 descriptor?? [ 130.070536][ T6839] netlink: 'syz.3.224': attribute type 16 has an invalid length. [ 130.125160][ T6839] netlink: 8 bytes leftover after parsing attributes in process `syz.3.224'. [ 130.210318][ T3544] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 130.624961][ T5883] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 130.651610][ T6865] netlink: 24 bytes leftover after parsing attributes in process `syz.2.231'. [ 130.781567][ T5883] usb 5-1: device descriptor read/64, error -71 [ 130.979684][ T6866] fuse: Unknown parameter '0x000000000000000b00000000000000000000' [ 131.045214][ T5883] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 131.184834][ T5883] usb 5-1: device descriptor read/64, error -71 [ 131.414125][ T5883] usb usb5-port1: attempt power cycle [ 131.542213][ T6878] xt_TCPMSS: Only works on TCP SYN packets [ 131.765023][ T5883] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 131.795539][ T5883] usb 5-1: device descriptor read/8, error -71 [ 131.915279][ T6881] FAULT_INJECTION: forcing a failure. [ 131.915279][ T6881] name failslab, interval 1, probability 0, space 0, times 0 [ 131.952646][ T6881] CPU: 0 UID: 0 PID: 6881 Comm: syz.1.235 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) [ 131.952673][ T6881] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 131.952683][ T6881] Call Trace: [ 131.952690][ T6881] [ 131.952698][ T6881] dump_stack_lvl+0x241/0x360 [ 131.952739][ T6881] ? __pfx_dump_stack_lvl+0x10/0x10 [ 131.952767][ T6881] ? __pfx__printk+0x10/0x10 [ 131.952795][ T6881] ? __pfx___might_resched+0x10/0x10 [ 131.952821][ T6881] should_fail_ex+0x424/0x570 [ 131.952844][ T6881] should_failslab+0xac/0x100 [ 131.952869][ T6881] kmem_cache_alloc_noprof+0x78/0x390 [ 131.952891][ T6881] ? __kernfs_new_node+0xdf/0x890 [ 131.952914][ T6881] __kernfs_new_node+0xdf/0x890 [ 131.952932][ T6881] ? __lock_acquire+0xad5/0xd80 [ 131.952956][ T6881] ? __pfx___kernfs_new_node+0x10/0x10 [ 131.952984][ T6881] ? kernfs_root+0x1c/0x230 [ 131.953002][ T6881] ? kernfs_root+0x1c/0x230 [ 131.953021][ T6881] kernfs_new_node+0x114/0x220 [ 131.953044][ T6881] __kernfs_create_file+0x49/0x2e0 [ 131.953070][ T6881] sysfs_add_file_mode_ns+0x24a/0x310 [ 131.953102][ T6881] internal_create_group+0x7ea/0x1320 [ 131.953120][ T6881] ? kernfs_add_one+0xf8/0x530 [ 131.953151][ T6881] ? __pfx_internal_create_group+0x10/0x10 [ 131.953181][ T6881] sysfs_create_groups+0x56/0x120 [ 131.953201][ T6881] device_add_attrs+0xef/0x670 [ 131.953225][ T6881] ? __pfx_device_add_attrs+0x10/0x10 [ 131.953256][ T6881] device_add+0x576/0xbf0 [ 131.953276][ T6881] ? device_initialize+0x266/0x460 [ 131.953298][ T6881] netdev_register_kobject+0x157/0x2f0 [ 131.953322][ T6881] register_netdevice+0x12b0/0x1b80 [ 131.953342][ T6881] ? rcu_is_watching+0x15/0xb0 [ 131.953376][ T6881] ? __pfx_register_netdevice+0x10/0x10 [ 131.953394][ T6881] ? dev_addr_mod+0xf4/0x430 [ 131.953412][ T6881] ? __asan_memset+0x23/0x50 [ 131.953433][ T6881] ? netif_inherit_tso_max+0x1f3/0x340 [ 131.953453][ T6881] veth_newlink+0x4c3/0xb80 [ 131.953482][ T6881] ? __pfx_veth_newlink+0x10/0x10 [ 131.953578][ T6881] ? rtnl_create_link+0xb36/0xea0 [ 131.953601][ T6881] ? __pfx_veth_newlink+0x10/0x10 [ 131.953627][ T6881] rtnl_newlink_create+0x39b/0xcb0 [ 131.953653][ T6881] ? __mutex_lock+0x380/0x10c0 [ 131.953677][ T6881] ? __pfx_aa_get_newest_label+0x10/0x10 [ 131.953704][ T6881] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 131.953732][ T6881] ? __pfx___mutex_lock+0x10/0x10 [ 131.953775][ T6881] ? ns_capable+0x8a/0xf0 [ 131.953796][ T6881] rtnl_newlink+0x18b0/0x1fe0 [ 131.953821][ T6881] ? stack_depot_save_flags+0x44/0x940 [ 131.953854][ T6881] ? __pfx_rtnl_newlink+0x10/0x10 [ 131.953872][ T6881] ? __netlink_deliver_tap+0x561/0x7f0 [ 131.953893][ T6881] ? netlink_deliver_tap+0x19d/0x1b0 [ 131.953913][ T6881] ? netlink_unicast+0x7c6/0x9a0 [ 131.953931][ T6881] ? netlink_sendmsg+0x8c3/0xcd0 [ 131.953951][ T6881] ? __sock_sendmsg+0x221/0x270 [ 131.953970][ T6881] ? ____sys_sendmsg+0x523/0x860 [ 131.953985][ T6881] ? __sys_sendmsg+0x271/0x360 [ 131.953999][ T6881] ? do_syscall_64+0xf3/0x230 [ 131.954017][ T6881] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.954107][ T6881] ? aa_get_newest_label+0x101/0x6f0 [ 131.954136][ T6881] ? __lock_acquire+0xad5/0xd80 [ 131.954174][ T6881] ? __pfx_rtnl_newlink+0x10/0x10 [ 131.954198][ T6881] rtnetlink_rcv_msg+0x80f/0xd70 [ 131.954219][ T6881] ? rtnetlink_rcv_msg+0x1ba/0xd70 [ 131.954246][ T6881] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 131.954277][ T6881] ? ref_tracker_free+0x63e/0x7e0 [ 131.954302][ T6881] netlink_rcv_skb+0x208/0x480 [ 131.954326][ T6881] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 131.954350][ T6881] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 131.954391][ T6881] ? netlink_deliver_tap+0x2e/0x1b0 [ 131.954416][ T6881] ? netlink_deliver_tap+0x2e/0x1b0 [ 131.954441][ T6881] netlink_unicast+0x7f8/0x9a0 [ 131.954471][ T6881] ? __pfx_netlink_unicast+0x10/0x10 [ 131.954493][ T6881] ? skb_put+0x114/0x1f0 [ 131.954514][ T6881] netlink_sendmsg+0x8c3/0xcd0 [ 131.954549][ T6881] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.954572][ T6881] ? aa_sock_msg_perm+0x91/0x160 [ 131.954597][ T6881] ? __pfx_netlink_sendmsg+0x10/0x10 [ 131.954616][ T6881] __sock_sendmsg+0x221/0x270 [ 131.954638][ T6881] ____sys_sendmsg+0x523/0x860 [ 131.954663][ T6881] ? __pfx_____sys_sendmsg+0x10/0x10 [ 131.954676][ T6881] ? __fget_files+0x2a/0x420 [ 131.954695][ T6881] ? __fget_files+0x2a/0x420 [ 131.954718][ T6881] __sys_sendmsg+0x271/0x360 [ 131.954740][ T6881] ? __pfx___sys_sendmsg+0x10/0x10 [ 131.954815][ T6881] ? do_syscall_64+0xb6/0x230 [ 131.954838][ T6881] do_syscall_64+0xf3/0x230 [ 131.954857][ T6881] ? clear_bhb_loop+0x45/0xa0 [ 131.954875][ T6881] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 131.954890][ T6881] RIP: 0033:0x7faa6978d169 [ 131.954912][ T6881] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 131.954924][ T6881] RSP: 002b:00007faa6a65d038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 131.954942][ T6881] RAX: ffffffffffffffda RBX: 00007faa699a5fa0 RCX: 00007faa6978d169 [ 131.954954][ T6881] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 131.954964][ T6881] RBP: 00007faa6a65d090 R08: 0000000000000000 R09: 0000000000000000 [ 131.954972][ T6881] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 131.954981][ T6881] R13: 0000000000000000 R14: 00007faa699a5fa0 R15: 00007faa69acfa28 [ 131.955009][ T6881] [ 132.483441][ T3544] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 132.614696][ T5883] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 132.683345][ T5883] usb 5-1: device descriptor read/8, error -71 [ 132.710930][ T3544] usb 1-1: USB disconnect, device number 9 [ 132.787660][ T6886] netlink: 56 bytes leftover after parsing attributes in process `syz.0.238'. [ 132.804734][ T5883] usb usb5-port1: unable to enumerate USB device [ 132.830116][ T6888] netlink: 8 bytes leftover after parsing attributes in process `syz.3.237'. [ 132.921533][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.930883][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.996728][ T30] audit: type=1800 audit(1744330835.148:17): pid=6895 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.241" name="file1" dev="tmpfs" ino=335 res=0 errno=0 [ 133.018571][ T6895] sysfs: cannot create duplicate filename '/class/ieee80211/!' [ 133.026363][ T6895] CPU: 0 UID: 0 PID: 6895 Comm: syz.2.241 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) [ 133.026387][ T6895] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 133.026398][ T6895] Call Trace: [ 133.026406][ T6895] [ 133.026413][ T6895] dump_stack_lvl+0x241/0x360 [ 133.026445][ T6895] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.026472][ T6895] ? __pfx__printk+0x10/0x10 [ 133.026496][ T6895] ? kernfs_path_from_node+0x2b/0x250 [ 133.026519][ T6895] ? kernfs_path_from_node+0x217/0x250 [ 133.026538][ T6895] sysfs_warn_dup+0x8e/0xa0 [ 133.026555][ T6895] sysfs_do_create_link_sd+0xbe/0x110 [ 133.026577][ T6895] device_add_class_symlinks+0x1c5/0x250 [ 133.026601][ T6895] device_add+0x553/0xbf0 [ 133.026626][ T6895] wiphy_register+0x193c/0x2660 [ 133.026659][ T6895] ? __pfx_wiphy_register+0x10/0x10 [ 133.026677][ T6895] ? minstrel_ht_alloc+0x85a/0x950 [ 133.026704][ T6895] ? ieee80211_init_rate_ctrl_alg+0x5a2/0x620 [ 133.026730][ T6895] ieee80211_register_hw+0x35e9/0x42d0 [ 133.026757][ T6895] ? ieee80211_register_hw+0x1611/0x42d0 [ 133.026777][ T6895] ? __pfx_ieee80211_register_hw+0x10/0x10 [ 133.026802][ T6895] ? __hrtimer_setup+0x17f/0x200 [ 133.026819][ T6895] ? __pfx_mac80211_hwsim_beacon+0x10/0x10 [ 133.026839][ T6895] mac80211_hwsim_new_radio+0x2adc/0x4a60 [ 133.026877][ T6895] ? __pfx_mac80211_hwsim_new_radio+0x10/0x10 [ 133.026891][ T6895] ? trace_kmalloc+0x1f/0xd0 [ 133.026908][ T6895] ? __kmalloc_node_track_caller_noprof+0x2b2/0x4d0 [ 133.026928][ T6895] ? kstrndup+0xbb/0x150 [ 133.026952][ T6895] hwsim_new_radio_nl+0xed0/0x2290 [ 133.026986][ T6895] ? __pfx___nla_validate_parse+0x10/0x10 [ 133.027007][ T6895] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 133.027049][ T6895] ? genl_family_rcv_msg_attrs_parse+0x1d4/0x290 [ 133.027072][ T6895] genl_rcv_msg+0xb38/0xf00 [ 133.027094][ T6895] ? __pfx_genl_rcv_msg+0x10/0x10 [ 133.027106][ T6895] ? __dev_queue_xmit+0x1780/0x3f60 [ 133.027121][ T6895] ? kasan_save_track+0x3f/0x80 [ 133.027135][ T6895] ? __kasan_slab_alloc+0x66/0x80 [ 133.027156][ T6895] ? do_syscall_64+0xf3/0x230 [ 133.027187][ T6895] ? __lock_acquire+0xad5/0xd80 [ 133.027204][ T6895] ? __pfx_hwsim_new_radio_nl+0x10/0x10 [ 133.027230][ T6895] netlink_rcv_skb+0x208/0x480 [ 133.027251][ T6895] ? __pfx_genl_rcv_msg+0x10/0x10 [ 133.027270][ T6895] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 133.027310][ T6895] ? netlink_deliver_tap+0x2e/0x1b0 [ 133.027334][ T6895] genl_rcv+0x28/0x40 [ 133.027347][ T6895] netlink_unicast+0x7f8/0x9a0 [ 133.027371][ T6895] ? __pfx_netlink_unicast+0x10/0x10 [ 133.027390][ T6895] ? skb_put+0x114/0x1f0 [ 133.027407][ T6895] netlink_sendmsg+0x8c3/0xcd0 [ 133.027436][ T6895] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.027459][ T6895] ? aa_sock_msg_perm+0x91/0x160 [ 133.027483][ T6895] ? __pfx_netlink_sendmsg+0x10/0x10 [ 133.027500][ T6895] __sock_sendmsg+0x221/0x270 [ 133.027522][ T6895] ____sys_sendmsg+0x523/0x860 [ 133.027543][ T6895] ? __pfx_____sys_sendmsg+0x10/0x10 [ 133.027556][ T6895] ? __fget_files+0x2a/0x420 [ 133.027571][ T6895] ? __fget_files+0x2a/0x420 [ 133.027591][ T6895] __sys_sendmsg+0x271/0x360 [ 133.027609][ T6895] ? __pfx___sys_sendmsg+0x10/0x10 [ 133.027667][ T6895] ? do_syscall_64+0xb6/0x230 [ 133.027686][ T6895] do_syscall_64+0xf3/0x230 [ 133.027702][ T6895] ? clear_bhb_loop+0x45/0xa0 [ 133.027719][ T6895] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.027733][ T6895] RIP: 0033:0x7f07bf38d169 [ 133.027747][ T6895] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.027758][ T6895] RSP: 002b:00007f07c0283038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 133.027774][ T6895] RAX: ffffffffffffffda RBX: 00007f07bf5a5fa0 RCX: 00007f07bf38d169 [ 133.027784][ T6895] RDX: 0000000000000300 RSI: 0000200000000040 RDI: 0000000000000007 [ 133.027793][ T6895] RBP: 00007f07bf40e990 R08: 0000000000000000 R09: 0000000000000000 [ 133.027802][ T6895] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 133.027809][ T6895] R13: 0000000000000000 R14: 00007f07bf5a5fa0 R15: 00007f07bf6cfa28 [ 133.027832][ T6895] [ 133.055444][ T6896] netlink: 'syz.3.240': attribute type 29 has an invalid length. [ 133.574663][ T3544] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 133.755763][ T3544] usb 1-1: Using ep0 maxpacket: 16 [ 133.768470][ T3544] usb 1-1: config 0 descriptor has 1 excess byte, ignoring [ 133.776089][ T3544] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 65516, setting to 1024 [ 133.816461][ T3544] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 1024 [ 133.846366][ T3544] usb 1-1: New USB device found, idVendor=04d8, idProduct=0a30, bcdDevice=ce.47 [ 133.878566][ T3544] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 133.918162][ T3544] usb 1-1: Product: syz [ 133.922371][ T3544] usb 1-1: Manufacturer: syz [ 133.941665][ T3544] usb 1-1: SerialNumber: syz [ 133.971260][ T3544] usb 1-1: config 0 descriptor?? [ 133.990794][ T6925] netlink: 8 bytes leftover after parsing attributes in process `syz.3.250'. [ 134.103371][ T6890] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 134.160545][ T6930] fuse: Unknown parameter '0x000000000000000b00000000000000000000' [ 134.253426][ T6920] netlink: 24 bytes leftover after parsing attributes in process `syz.1.246'. [ 134.457267][ C1] mcba_usb 1-1:0.0 can0: Tx URB aborted (-71) [ 134.463532][ T3544] mcba_usb 1-1:0.0: Microchip CAN BUS Analyzer connected [ 134.470917][ C1] mcba_usb 1-1:0.0 can0: Tx URB aborted (-71) [ 134.534685][ T3544] usb 1-1: USB disconnect, device number 10 [ 134.581566][ T3544] mcba_usb 1-1:0.0 can0: device disconnected [ 134.894830][ T5897] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 135.046859][ T5890] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 135.078694][ T5897] usb 4-1: Using ep0 maxpacket: 8 [ 135.087860][ T5897] usb 4-1: config 0 has too many interfaces: 65, using maximum allowed: 32 [ 135.114897][ T5897] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 135.144170][ T5897] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 65 [ 135.162092][ T6938] delete_channel: no stack [ 135.178337][ T5897] usb 4-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 135.211810][ T5897] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.224765][ T5890] usb 5-1: Using ep0 maxpacket: 32 [ 135.232466][ T5890] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 135.261984][ T5897] usb 4-1: config 0 descriptor?? [ 135.267169][ T5890] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 135.302874][ T5890] usb 5-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 135.312574][ T5890] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.326288][ T5890] usb 5-1: config 0 descriptor?? [ 135.360276][ T5890] hub 5-1:0.0: USB hub found [ 135.488046][ T3544] usb 4-1: USB disconnect, device number 17 [ 135.542193][ T5890] hub 5-1:0.0: 1 port detected [ 135.694732][ T5891] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 135.702327][ T5897] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 135.777781][ T6957] netlink: 20 bytes leftover after parsing attributes in process `syz.0.259'. [ 135.867297][ T5891] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 135.879807][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 135.901455][ T5891] usb 3-1: Product: syz [ 135.917790][ T5891] usb 3-1: Manufacturer: syz [ 135.922492][ T5891] usb 3-1: SerialNumber: syz [ 135.923625][ T6962] netlink: 8 bytes leftover after parsing attributes in process `syz.0.261'. [ 135.940743][ T5897] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 135.972828][ T5897] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 135.997732][ T5897] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 136.010740][ T5897] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.031477][ T6938] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 136.146001][ T5897] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 136.166387][ T3544] hub 5-1:0.0: activate --> -90 [ 136.352499][ T6973] netlink: 24 bytes leftover after parsing attributes in process `syz.3.263'. [ 136.659884][ T5883] usb 2-1: USB disconnect, device number 13 [ 136.661927][ T3544] hub 5-1:0.0: hub_ext_port_status failed (err = -71) [ 136.674335][ T5897] usb 5-1: USB disconnect, device number 17 [ 136.680761][ T3544] usb 5-1-port1: connect-debounce failed [ 136.816511][ T6979] fuse: Unknown parameter '0x000000000000000c00000000000000000000' [ 137.105774][ T5891] cdc_ncm 3-1:1.0: MAC-Address: 42:42:42:42:42:42 [ 137.112281][ T5891] cdc_ncm 3-1:1.0: dwNtbInMaxSize=8 is too small. Using 2048 [ 137.123054][ T5891] cdc_ncm 3-1:1.0: setting rx_max = 2048 [ 138.366183][ T5891] cdc_ncm 3-1:1.0: setting tx_max = 16384 [ 138.495897][ T5891] cdc_ncm 3-1:1.0 usb0: register 'cdc_ncm' at usb-dummy_hcd.2-1, CDC NCM (NO ZLP), 42:42:42:42:42:42 [ 138.565321][ T6999] netlink: 36 bytes leftover after parsing attributes in process `syz.4.270'. [ 138.618264][ T5891] usb 3-1: USB disconnect, device number 7 [ 138.619892][ T6999] netlink: 16 bytes leftover after parsing attributes in process `syz.4.270'. [ 138.657921][ T5891] cdc_ncm 3-1:1.0 usb0: unregister 'cdc_ncm' usb-dummy_hcd.2-1, CDC NCM (NO ZLP) [ 138.678107][ T6999] netlink: 36 bytes leftover after parsing attributes in process `syz.4.270'. [ 138.742510][ T6999] netlink: 36 bytes leftover after parsing attributes in process `syz.4.270'. [ 138.837383][ T7010] netlink: 12 bytes leftover after parsing attributes in process `syz.0.272'. [ 139.194826][ T5891] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 139.234709][ T5883] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 139.324737][ T5897] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 139.366313][ T5891] usb 3-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 139.377583][ T5891] usb 3-1: config 0 interface 0 altsetting 32 endpoint 0x81 has invalid wMaxPacketSize 0 [ 139.387750][ T5891] usb 3-1: config 0 interface 0 has no altsetting 0 [ 139.394383][ T5891] usb 3-1: New USB device found, idVendor=0b05, idProduct=1822, bcdDevice= 0.00 [ 139.405776][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.411901][ T5883] usb 4-1: Using ep0 maxpacket: 8 [ 139.417499][ T5891] usb 3-1: config 0 descriptor?? [ 139.422144][ T5883] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 139.433344][ T5883] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 139.445178][ T5883] usb 4-1: config 0 descriptor?? [ 139.464931][ T3544] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 139.487278][ T5897] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 139.497671][ T5897] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 139.509921][ T5897] usb 5-1: New USB device found, idVendor=08b7, idProduct=0200, bcdDevice= 0.05 [ 139.519842][ T5897] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 139.528095][ T5897] usb 5-1: SerialNumber: syz [ 139.617845][ T3544] usb 2-1: config 0 has no interfaces? [ 139.632070][ T3544] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 139.641425][ T3544] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 139.650631][ T3544] usb 2-1: Product: syz [ 139.654948][ T3544] usb 2-1: Manufacturer: syz [ 139.659592][ T3544] usb 2-1: SerialNumber: syz [ 139.668948][ T3544] usb 2-1: config 0 descriptor?? [ 139.753856][ T5897] usb 5-1: 0:2 : does not exist [ 139.780904][ T5897] usb 5-1: USB disconnect, device number 18 [ 139.805338][ T5885] udevd[5885]: setting owner of /dev/bus/usb/005/018 to uid=0, gid=0 failed: No such file or directory [ 139.862940][ T7014] netlink: 32 bytes leftover after parsing attributes in process `syz.3.278'. [ 139.896642][ T7027] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 139.909164][ T7027] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 139.985226][ T5885] udevd[5885]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 140.131300][ T7040] fuse: Unknown parameter '0x000000000000000c00000000000000000000' [ 140.168455][ T5883] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 140.178826][ T5883] asix 4-1:0.0: probe with driver asix failed with error -32 [ 140.820093][ T7047] netlink: 452 bytes leftover after parsing attributes in process `syz.4.285'. [ 140.951338][ T7049] netlink: 12 bytes leftover after parsing attributes in process `syz.4.286'. [ 141.222796][ T7054] netlink: 24 bytes leftover after parsing attributes in process `syz.4.287'. [ 141.297382][ T7056] FAULT_INJECTION: forcing a failure. [ 141.297382][ T7056] name failslab, interval 1, probability 0, space 0, times 0 [ 141.311357][ T7056] CPU: 0 UID: 0 PID: 7056 Comm: syz.0.288 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) [ 141.311381][ T7056] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 141.311392][ T7056] Call Trace: [ 141.311400][ T7056] [ 141.311407][ T7056] dump_stack_lvl+0x241/0x360 [ 141.311432][ T7056] ? __pfx_dump_stack_lvl+0x10/0x10 [ 141.311445][ T7056] ? __pfx__printk+0x10/0x10 [ 141.311461][ T7056] ? __pfx___might_resched+0x10/0x10 [ 141.311481][ T7056] should_fail_ex+0x424/0x570 [ 141.311504][ T7056] should_failslab+0xac/0x100 [ 141.311530][ T7056] __kmalloc_cache_noprof+0x73/0x370 [ 141.311552][ T7056] ? kobject_uevent_env+0x28b/0x8e0 [ 141.311571][ T7056] ? device_add_attrs+0x532/0x670 [ 141.311584][ T7056] ? __pfx_dev_uevent_name+0x10/0x10 [ 141.311592][ T7056] kobject_uevent_env+0x28b/0x8e0 [ 141.311605][ T7056] ? device_pm_add+0x62/0x320 [ 141.311622][ T7056] device_add+0x63b/0xbf0 [ 141.311645][ T7056] input_register_device+0x9ed/0x10c0 [ 141.311680][ T7056] uinput_create_device+0x40e/0x630 [ 141.311710][ T7056] uinput_ioctl_handler+0x496/0x17f0 [ 141.311726][ T7056] ? __pfx_uinput_ioctl_handler+0x10/0x10 [ 141.311749][ T7056] ? __pfx_uinput_ioctl+0x10/0x10 [ 141.311760][ T7056] __se_sys_ioctl+0xf1/0x160 [ 141.311773][ T7056] do_syscall_64+0xf3/0x230 [ 141.311794][ T7056] ? clear_bhb_loop+0x45/0xa0 [ 141.311814][ T7056] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 141.311831][ T7056] RIP: 0033:0x7fa334f8d169 [ 141.311846][ T7056] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 141.311859][ T7056] RSP: 002b:00007fa335d02038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 141.311872][ T7056] RAX: ffffffffffffffda RBX: 00007fa3351a5fa0 RCX: 00007fa334f8d169 [ 141.311879][ T7056] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000004 [ 141.311884][ T7056] RBP: 00007fa335d02090 R08: 0000000000000000 R09: 0000000000000000 [ 141.311891][ T7056] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 141.311896][ T7056] R13: 0000000000000000 R14: 00007fa3351a5fa0 R15: 00007fa3352cfa28 [ 141.311911][ T7056] [ 141.311939][ T7056] input: syz1 as /devices/virtual/input/input21 [ 141.870055][ T5891] usbhid 3-1:0.0: can't add hid device: -71 [ 141.896097][ T5891] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 141.949686][ T5891] usb 3-1: USB disconnect, device number 8 [ 141.960073][ T7060] netlink: 8 bytes leftover after parsing attributes in process `syz.2.290'. [ 141.990442][ T7062] gtp0: entered promiscuous mode [ 142.153256][ T5888] usb 2-1: USB disconnect, device number 14 [ 142.360849][ T7069] netdevsim netdevsim0 netdevsim0: set [1, 1] type 2 family 0 port 20000 - 0 [ 142.419390][ T7069] netdevsim netdevsim0 netdevsim1: set [1, 1] type 2 family 0 port 20000 - 0 [ 142.450628][ T7069] netdevsim netdevsim0 netdevsim2: set [1, 1] type 2 family 0 port 20000 - 0 [ 142.474665][ T7069] netdevsim netdevsim0 netdevsim3: set [1, 1] type 2 family 0 port 20000 - 0 [ 142.531770][ T7069] geneve2: entered promiscuous mode [ 142.554825][ T7069] geneve2: entered allmulticast mode [ 142.607990][ T7079] vlan0: entered allmulticast mode [ 142.620210][ T7079] mac80211_hwsim hwsim8 wlan1: entered allmulticast mode [ 142.821907][ T5897] usb 4-1: USB disconnect, device number 18 [ 143.274661][ T3544] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 143.456702][ T3544] usb 1-1: config 0 has no interfaces? [ 143.495758][ T3544] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 143.625420][ T7096] fuse: Unknown parameter '0x000000000000000c00000000000000000000' [ 143.697197][ T3544] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.754015][ T3544] usb 1-1: Product: syz [ 143.767176][ T3544] usb 1-1: Manufacturer: syz [ 143.809558][ T3544] usb 1-1: SerialNumber: syz [ 143.868073][ T3544] usb 1-1: config 0 descriptor?? [ 143.985132][ T5890] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 144.173616][ T7103] netlink: 'syz.2.303': attribute type 1 has an invalid length. [ 144.199540][ T5890] usb 5-1: too many configurations: 11, using maximum allowed: 8 [ 144.236181][ T5890] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 144.348923][ T5890] usb 5-1: can't read configurations, error -61 [ 144.406379][ T7103] bond1: entered promiscuous mode [ 144.411909][ T7103] 8021q: adding VLAN 0 to HW filter on device bond1 [ 144.547705][ T7112] xt_socket: unknown flags 0xd0 [ 144.594788][ T5890] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 144.756494][ T5890] usb 5-1: too many configurations: 11, using maximum allowed: 8 [ 144.770723][ T5890] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 144.789841][ T7122] __nla_validate_parse: 2 callbacks suppressed [ 144.789860][ T7122] netlink: 24 bytes leftover after parsing attributes in process `syz.3.308'. [ 144.820204][ T5890] usb 5-1: can't read configurations, error -61 [ 144.835400][ T5890] usb usb5-port1: attempt power cycle [ 144.964681][ T5888] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 145.125289][ T5888] usb 3-1: Using ep0 maxpacket: 32 [ 145.143915][ T5888] usb 3-1: config 5 has an invalid interface number: 204 but max is 1 [ 145.152489][ T5888] usb 3-1: config 5 contains an unexpected descriptor of type 0x2, skipping [ 145.176670][ T5888] usb 3-1: config 5 has an invalid interface number: 87 but max is 1 [ 145.194724][ T5890] usb 5-1: new full-speed USB device number 21 using dummy_hcd [ 145.202467][ T5888] usb 3-1: config 5 has an invalid interface number: 93 but max is 1 [ 145.216878][ T5890] usb 5-1: too many configurations: 11, using maximum allowed: 8 [ 145.225104][ T5888] usb 3-1: config 5 has 3 interfaces, different from the descriptor's value: 2 [ 145.234724][ T5890] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 145.242474][ T5888] usb 3-1: config 5 has no interface number 0 [ 145.249512][ T5890] usb 5-1: can't read configurations, error -61 [ 145.256520][ T5888] usb 3-1: config 5 has no interface number 1 [ 145.262866][ T5888] usb 3-1: config 5 has no interface number 2 [ 145.278114][ T5888] usb 3-1: config 5 interface 204 altsetting 3 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 145.448373][ T5888] usb 3-1: config 5 interface 204 altsetting 3 has an invalid descriptor for endpoint zero, skipping [ 145.454780][ T5890] usb 5-1: new full-speed USB device number 22 using dummy_hcd [ 145.477124][ T5888] usb 3-1: config 5 interface 87 altsetting 7 has 2 endpoint descriptors, different from the interface descriptor's value: 9 [ 145.497036][ T5890] usb 5-1: too many configurations: 11, using maximum allowed: 8 [ 145.528494][ T5890] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 145.534640][ T5888] usb 3-1: config 5 interface 93 altsetting 24 has a duplicate endpoint with address 0xF, skipping [ 145.559850][ T5888] usb 3-1: config 5 interface 93 altsetting 24 has a duplicate endpoint with address 0x7, skipping [ 145.586447][ T5890] usb 5-1: can't read configurations, error -61 [ 145.591949][ T5888] usb 3-1: config 5 interface 93 altsetting 24 has a duplicate endpoint with address 0x8, skipping [ 145.620331][ T5890] usb usb5-port1: unable to enumerate USB device [ 145.624874][ T5888] usb 3-1: config 5 interface 93 altsetting 24 has a duplicate endpoint with address 0x7, skipping [ 145.646336][ T7130] netlink: 16 bytes leftover after parsing attributes in process `syz.1.313'. [ 145.665630][ T5888] usb 3-1: config 5 interface 93 altsetting 24 has 7 endpoint descriptors, different from the interface descriptor's value: 9 [ 145.739856][ T5888] usb 3-1: config 5 interface 204 has no altsetting 0 [ 145.759931][ T5888] usb 3-1: config 5 interface 87 has no altsetting 0 [ 145.779303][ T5888] usb 3-1: config 5 interface 93 has no altsetting 0 [ 145.845674][ T5883] usb 1-1: USB disconnect, device number 11 [ 145.892428][ T5888] usb 3-1: New USB device found, idVendor=17a8, idProduct=0102, bcdDevice=46.1a [ 145.915939][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 145.932387][ T5888] usb 3-1: Product: 뗬ᇑ䪾Ȣ䴍晠읢掌豍腁ꂒ꜈䁦ﶾᶿ៪撫룂ȑ鑸췮꓄ʄ뽁䉓桟섣ㅌ繩逼፻愒 [ 145.946992][ T5888] usb 3-1: Manufacturer: 爓悪뚁蒫ꂓ䘬틆鞻့垧鰬뗰䔄炑匌独왔㿵欝꿘玕祕绫粜ⶭ艖軺ஃ处配櫃犼ܷ껛豤˄뗹樨ⶌ책픬吁᭘ऻ顷䮘郠㶧磌좀翽友≭㏖㮲絲폈ꋣ랸鬴걎虔縄鍺叏岚ߩ꼭﹣鶞ㅧ㷩ㄤ팩㛇 [ 145.974673][ T5888] usb 3-1: SerialNumber: 呭诶ش߀඀䞵K忥销Ѓ但麚᪰䏊뫪ዊ쎗벹⡞葜⦑鯑Ⰵ䊂詢ﰌ譶骙㕘傏ꎸソ簤铑퇊㗐슦﬐隿➈戃螦뇘ᒯ쟀稉᧡鴳뿺∗ึ♻酱ꖣ⍲⦿﷞횤밌䮺〧컒쿧袀䍰㗡漌﨣퓅괅꬚䐎ᶏ傍ⲍ﹥楳᫛㞅ꇷѷॠꝤ讷樚ꎏ뉩慫䀂ɒ哬끇帻඘꿶 [ 146.327619][ T7149] netlink: 'syz.3.320': attribute type 2 has an invalid length. [ 146.355929][ T7149] netlink: 119 bytes leftover after parsing attributes in process `syz.3.320'. [ 146.440500][ T7153] fuse: Unknown parameter '0x000000000000000b00000000000000000000' [ 146.448510][ T5897] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 146.485868][ T5888] cp210x 3-1:5.204: cp210x converter detected [ 146.524373][ T7159] netlink: 56 bytes leftover after parsing attributes in process `syz.4.323'. [ 146.606667][ T5897] usb 2-1: Using ep0 maxpacket: 32 [ 146.617497][ T5897] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 32 [ 146.634030][ T5897] usb 2-1: can't read configurations, error -22 [ 146.693955][ T5888] cp210x 3-1:5.204: failed to get vendor val 0x370b size 1: -71 [ 146.705190][ T5888] cp210x 3-1:5.204: querying part number failed [ 146.743968][ T5888] usb 3-1: cp210x converter now attached to ttyUSB0 [ 146.777981][ T7166] netlink: 24 bytes leftover after parsing attributes in process `syz.4.324'. [ 146.806922][ T5897] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 146.820888][ T5888] cp210x 3-1:5.87: cp210x converter detected [ 146.828394][ T5888] cp210x 3-1:5.87: failed to get vendor val 0x370b size 1: -71 [ 146.838159][ T5888] cp210x 3-1:5.87: querying part number failed [ 146.846989][ T5888] usb 3-1: cp210x converter now attached to ttyUSB1 [ 146.858716][ T5888] cp210x 3-1:5.93: cp210x converter detected [ 146.979271][ T5897] usb 2-1: Using ep0 maxpacket: 32 [ 146.986478][ T5897] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 32 [ 146.993956][ T5888] cp210x 3-1:5.93: failed to get vendor val 0x370b size 1: -71 [ 146.996175][ T5897] usb 2-1: can't read configurations, error -22 [ 147.022260][ T5888] cp210x 3-1:5.93: querying part number failed [ 147.142185][ T5888] usb 3-1: cp210x converter now attached to ttyUSB2 [ 147.147326][ T5897] usb usb2-port1: attempt power cycle [ 147.191768][ T5888] usb 3-1: USB disconnect, device number 9 [ 147.202011][ T5888] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 147.211624][ T5888] cp210x 3-1:5.204: device disconnected [ 147.252772][ T5888] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1 [ 147.352051][ T5888] cp210x 3-1:5.87: device disconnected [ 147.396536][ T5888] cp210x ttyUSB2: cp210x converter now disconnected from ttyUSB2 [ 147.414363][ T5888] cp210x 3-1:5.93: device disconnected [ 147.514697][ T5897] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 147.624721][ T5897] usb 2-1: Using ep0 maxpacket: 32 [ 147.641189][ T5897] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 32 [ 147.694617][ T5897] usb 2-1: can't read configurations, error -22 [ 147.722871][ T7177] vhci_hcd vhci_hcd.0: pdev(3) rhport(1) sockfd(14) [ 147.729675][ T7177] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 147.825471][ T7175] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(11) [ 147.832119][ T7175] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 147.885343][ T5897] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 147.914151][ T7182] FAULT_INJECTION: forcing a failure. [ 147.914151][ T7182] name failslab, interval 1, probability 0, space 0, times 0 [ 147.915775][ T7177] vhci_hcd vhci_hcd.0: Device attached [ 147.969088][ T7175] vhci_hcd vhci_hcd.0: Device attached [ 147.984739][ T7182] CPU: 0 UID: 0 PID: 7182 Comm: syz.2.329 Not tainted 6.15.0-rc1-syzkaller-00139-gab59a8605604 #0 PREEMPT(full) [ 147.984764][ T7182] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 147.984774][ T7182] Call Trace: [ 147.984781][ T7182] [ 147.984788][ T7182] dump_stack_lvl+0x241/0x360 [ 147.984818][ T7182] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.984840][ T7182] ? __pfx__printk+0x10/0x10 [ 147.984866][ T7182] ? __pfx___might_resched+0x10/0x10 [ 147.984891][ T7182] should_fail_ex+0x424/0x570 [ 147.984912][ T7182] should_failslab+0xac/0x100 [ 147.984935][ T7182] kmem_cache_alloc_noprof+0x78/0x390 [ 147.984956][ T7182] ? __kernfs_new_node+0xdf/0x890 [ 147.984977][ T7182] __kernfs_new_node+0xdf/0x890 [ 147.984995][ T7182] ? __lock_acquire+0xad5/0xd80 [ 147.985018][ T7182] ? __pfx___kernfs_new_node+0x10/0x10 [ 147.985044][ T7182] ? kernfs_root+0x1c/0x230 [ 147.985062][ T7182] ? kernfs_root+0x1c/0x230 [ 147.985080][ T7182] kernfs_new_node+0x114/0x220 [ 147.985103][ T7182] __kernfs_create_file+0x49/0x2e0 [ 147.985130][ T7182] sysfs_add_file_mode_ns+0x24a/0x310 [ 147.985162][ T7182] internal_create_group+0x7ea/0x1320 [ 147.985188][ T7182] ? kernfs_add_one+0xf8/0x530 [ 147.985219][ T7182] ? __pfx_internal_create_group+0x10/0x10 [ 147.985250][ T7182] sysfs_create_groups+0x56/0x120 [ 147.985270][ T7182] device_add_attrs+0xef/0x670 [ 147.985294][ T7182] ? __pfx_device_add_attrs+0x10/0x10 [ 147.985324][ T7182] device_add+0x576/0xbf0 [ 147.985345][ T7182] ? device_initialize+0x266/0x460 [ 147.985366][ T7182] netdev_register_kobject+0x157/0x2f0 [ 147.985391][ T7182] register_netdevice+0x12b0/0x1b80 [ 147.985410][ T7182] ? rcu_is_watching+0x15/0xb0 [ 147.985444][ T7182] ? __pfx_register_netdevice+0x10/0x10 [ 147.985463][ T7182] ? dev_addr_mod+0xf4/0x430 [ 147.985481][ T7182] ? __asan_memset+0x23/0x50 [ 147.985502][ T7182] ? netif_inherit_tso_max+0x1f3/0x340 [ 147.985522][ T7182] veth_newlink+0x4c3/0xb80 [ 147.985551][ T7182] ? __pfx_veth_newlink+0x10/0x10 [ 147.985652][ T7182] ? rtnl_create_link+0xb36/0xea0 [ 147.985676][ T7182] ? __pfx_veth_newlink+0x10/0x10 [ 147.985699][ T7182] rtnl_newlink_create+0x39b/0xcb0 [ 147.985724][ T7182] ? __mutex_lock+0x380/0x10c0 [ 147.985749][ T7182] ? __pfx_aa_get_newest_label+0x10/0x10 [ 147.985774][ T7182] ? __pfx_rtnl_newlink_create+0x10/0x10 [ 147.985804][ T7182] ? __pfx___mutex_lock+0x10/0x10 [ 147.985834][ T7182] ? ns_capable+0x8a/0xf0 [ 147.985855][ T7182] rtnl_newlink+0x18b0/0x1fe0 [ 147.985880][ T7182] ? stack_depot_save_flags+0x44/0x940 [ 147.985912][ T7182] ? __pfx_rtnl_newlink+0x10/0x10 [ 147.985933][ T7182] ? __netlink_deliver_tap+0x561/0x7f0 [ 147.985954][ T7182] ? netlink_deliver_tap+0x19d/0x1b0 [ 147.985974][ T7182] ? netlink_unicast+0x7c6/0x9a0 [ 147.985991][ T7182] ? netlink_sendmsg+0x8c3/0xcd0 [ 147.986011][ T7182] ? __sock_sendmsg+0x221/0x270 [ 147.986030][ T7182] ? ____sys_sendmsg+0x523/0x860 [ 147.986045][ T7182] ? __sys_sendmsg+0x271/0x360 [ 147.986059][ T7182] ? do_syscall_64+0xf3/0x230 [ 147.986078][ T7182] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.986162][ T7182] ? aa_get_newest_label+0x101/0x6f0 [ 147.986191][ T7182] ? __lock_acquire+0xad5/0xd80 [ 147.986228][ T7182] ? __pfx_rtnl_newlink+0x10/0x10 [ 147.986252][ T7182] rtnetlink_rcv_msg+0x80f/0xd70 [ 147.986273][ T7182] ? rtnetlink_rcv_msg+0x1ba/0xd70 [ 147.986301][ T7182] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 147.986330][ T7182] ? ref_tracker_free+0x63e/0x7e0 [ 147.986357][ T7182] netlink_rcv_skb+0x208/0x480 [ 147.986381][ T7182] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 147.986405][ T7182] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 147.986446][ T7182] ? netlink_deliver_tap+0x2e/0x1b0 [ 147.986472][ T7182] ? netlink_deliver_tap+0x2e/0x1b0 [ 147.986497][ T7182] netlink_unicast+0x7f8/0x9a0 [ 147.986527][ T7182] ? __pfx_netlink_unicast+0x10/0x10 [ 147.986550][ T7182] ? skb_put+0x114/0x1f0 [ 147.986572][ T7182] netlink_sendmsg+0x8c3/0xcd0 [ 147.986607][ T7182] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.986641][ T7182] ? aa_sock_msg_perm+0x91/0x160 [ 147.986669][ T7182] ? __pfx_netlink_sendmsg+0x10/0x10 [ 147.986690][ T7182] __sock_sendmsg+0x221/0x270 [ 147.986716][ T7182] ____sys_sendmsg+0x523/0x860 [ 147.986742][ T7182] ? __pfx_____sys_sendmsg+0x10/0x10 [ 147.986758][ T7182] ? __fget_files+0x2a/0x420 [ 147.986777][ T7182] ? __fget_files+0x2a/0x420 [ 147.986802][ T7182] __sys_sendmsg+0x271/0x360 [ 147.986826][ T7182] ? __pfx___sys_sendmsg+0x10/0x10 [ 147.986897][ T7182] ? do_syscall_64+0xb6/0x230 [ 147.986920][ T7182] do_syscall_64+0xf3/0x230 [ 147.986941][ T7182] ? clear_bhb_loop+0x45/0xa0 [ 147.986961][ T7182] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.986977][ T7182] RIP: 0033:0x7f07bf38d169 [ 147.986993][ T7182] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.987007][ T7182] RSP: 002b:00007f07c0283038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 147.987027][ T7182] RAX: ffffffffffffffda RBX: 00007f07bf5a5fa0 RCX: 00007f07bf38d169 [ 147.987039][ T7182] RDX: 0000000000000000 RSI: 0000200000000280 RDI: 0000000000000003 [ 147.987050][ T7182] RBP: 00007f07c0283090 R08: 0000000000000000 R09: 0000000000000000 [ 147.987060][ T7182] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 147.987070][ T7182] R13: 0000000000000000 R14: 00007f07bf5a5fa0 R15: 00007f07bf6cfa28 [ 147.987098][ T7182] [ 147.990501][ T5897] usb 2-1: Using ep0 maxpacket: 32 [ 148.336197][ T7183] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 148.619204][ T5897] usb 2-1: invalid descriptor for config index 0: type = 0x2, length = 32 [ 148.630658][ T5897] usb 2-1: can't read configurations, error -22 [ 148.637277][ T7177] vhci_hcd vhci_hcd.0: pdev(3) rhport(3) sockfd(18) [ 148.643885][ T7177] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 148.657505][ T5897] usb usb2-port1: unable to enumerate USB device [ 148.677749][ T7177] vhci_hcd vhci_hcd.0: Device attached [ 148.693899][ T7177] vhci_hcd vhci_hcd.0: pdev(3) rhport(5) sockfd(20) [ 148.700553][ T7177] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 148.744650][ T5890] usb 39-2: new low-speed USB device number 2 using vhci_hcd [ 148.753022][ T7175] vhci_hcd vhci_hcd.0: pdev(3) rhport(4) sockfd(21) [ 148.759627][ T7175] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 148.928043][ T7175] vhci_hcd vhci_hcd.0: Device attached [ 148.944255][ T7177] vhci_hcd vhci_hcd.0: Device attached [ 148.950278][ T7175] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 149.048820][ T7177] vhci_hcd vhci_hcd.0: pdev(3) rhport(7) sockfd(26) [ 149.055457][ T7177] vhci_hcd vhci_hcd.0: devid(0) speed(6) speed_str(super-speed-plus) [ 149.075110][ T30] audit: type=1800 audit(1744330851.228:18): pid=7200 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.0.332" name="file1" dev="tmpfs" ino=212 res=0 errno=0 [ 149.102291][ T7177] vhci_hcd vhci_hcd.0: Device attached [ 149.166587][ T7200] debugfs: Directory '!' with parent 'ieee80211' already present! [ 149.380072][ T7188] vhci_hcd: connection closed [ 149.399948][ T7186] vhci_hcd: connection closed [ 149.404589][ T7179] vhci_hcd: connection reset by peer [ 149.414964][ T7176] vhci_hcd: connection closed [ 149.424380][ T7184] vhci_hcd: connection closed [ 149.436759][ T7198] vhci_hcd: connection closed [ 149.497367][ T1161] vhci_hcd: stop threads [ 149.556478][ T1161] vhci_hcd: release socket [ 149.567844][ T7213] openvswitch: netlink: IP tunnel attribute has 16 unknown bytes. [ 149.583334][ T1161] vhci_hcd: disconnect device [ 149.968306][ T1161] vhci_hcd: stop threads [ 149.972618][ T1161] vhci_hcd: release socket [ 150.023923][ T1161] vhci_hcd: disconnect device [ 150.199233][ T1161] vhci_hcd: stop threads [ 150.203529][ T1161] vhci_hcd: release socket [ 150.440548][ T1161] vhci_hcd: disconnect device [ 150.647589][ T1161] vhci_hcd: stop threads [ 151.083382][ T1161] vhci_hcd: release socket [ 151.299245][ T1161] vhci_hcd: disconnect device [ 151.534793][ T1161] vhci_hcd: stop threads [ 151.539188][ T1161] vhci_hcd: release socket [ 151.543647][ T1161] vhci_hcd: disconnect device [ 154.737948][ T5890] vhci_hcd: vhci_device speed not set [ 155.220984][ T1161] vhci_hcd: stop threads [ 157.024561][ C1] sched: DL replenish lagged too much [ 194.465472][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.477030][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 195.259943][ T1161] vhci_hcd: release socket [ 195.264449][ T1161] vhci_hcd: disconnect device [ 199.886374][ T5842] Bluetooth: hci3: command 0x0406 tx timeout [ 199.892040][ T5833] Bluetooth: hci2: command 0x0406 tx timeout [ 199.892469][ T5842] Bluetooth: hci0: command 0x0406 tx timeout [ 199.907166][ T5833] Bluetooth: hci4: command 0x0406 tx timeout [ 310.804484][ C0] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 310.811487][ C0] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P7214/1:b..l [ 310.819694][ C0] rcu: (detected by 0, t=10503 jiffies, g=18497, q=985 ncpus=2) [ 310.827455][ C0] task:syz.0.337 state:R running task stack:23624 pid:7214 tgid:7214 ppid:6283 task_flags:0x400040 flags:0x00000000 [ 310.841855][ C0] Call Trace: [ 310.845152][ C0] [ 310.848106][ C0] __schedule+0x1b88/0x5240 [ 310.852643][ C0] ? preempt_schedule_irq+0xfe/0x1c0 [ 310.857939][ C0] ? __kernel_text_address+0xd/0x40 [ 310.863148][ C0] ? __pfx___schedule+0x10/0x10 [ 310.867993][ C0] ? preempt_schedule_irq+0xf3/0x1c0 [ 310.873256][ C0] preempt_schedule_irq+0xfe/0x1c0 [ 310.878344][ C0] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 310.884060][ C0] ? __lock_acquire+0xad5/0xd80 [ 310.888895][ C0] irqentry_exit+0x5e/0x90 [ 310.893290][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 310.899258][ C0] RIP: 0010:lock_acquire+0x167/0x2f0 [ 310.904527][ C0] Code: c7 44 24 10 00 00 00 00 9c 8f 44 24 10 f7 44 24 10 00 02 00 00 0f 85 fd 00 00 00 41 f7 c6 00 02 00 00 74 01 fb 65 48 8b 45 00 <48> 3b 44 24 38 0f 85 72 01 00 00 48 83 c4 40 5b 41 5c 41 5d 41 5e [ 310.924130][ C0] RSP: 0018:ffffc900057d6e48 EFLAGS: 00000206 [ 310.930174][ C0] RAX: 7f03fae4387f5a00 RBX: ffffffff8ed3dfe0 RCX: 7f03fae4387f5a00 [ 310.938123][ C0] RDX: 0000000000000000 RSI: ffffffff8e4fd5a1 RDI: ffffffff8ca1b6a0 [ 310.946069][ C0] RBP: ffffffff9368a020 R08: 0000000000000000 R09: 0000000000000000 [ 310.954019][ C0] R10: 0000000000000000 R11: 0000000000000000 R12: 0000000000000000 [ 310.961967][ C0] R13: 0000000000000002 R14: 0000000000000246 R15: 0000000000000000 [ 310.969930][ C0] ? unwind_next_frame+0xb8/0x23b0 [ 310.975039][ C0] ? __kasan_slab_alloc+0x23/0x80 [ 310.980040][ C0] ? unwind_next_frame+0xb8/0x23b0 [ 310.985145][ C0] unwind_next_frame+0xd5/0x23b0 [ 310.990057][ C0] ? unwind_next_frame+0xb8/0x23b0 [ 310.995167][ C0] ? unwind_next_frame+0xb8/0x23b0 [ 311.000274][ C0] ? __kasan_slab_alloc+0x23/0x80 [ 311.005315][ C0] ? __kasan_slab_alloc+0x23/0x80 [ 311.010328][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 311.016481][ C0] arch_stack_walk+0x11e/0x150 [ 311.021229][ C0] ? __kasan_slab_alloc+0x23/0x80 [ 311.026237][ C0] stack_trace_save+0x11a/0x1d0 [ 311.031088][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 311.036438][ C0] ? _raw_spin_unlock_irqrestore+0xde/0x140 [ 311.042310][ C0] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 311.048622][ C0] save_stack+0xfc/0x1f0 [ 311.052851][ C0] ? __pfx_save_stack+0x10/0x10 [ 311.057685][ C0] ? __free_frozen_pages+0xde8/0x10a0 [ 311.063033][ C0] ? __put_partials+0x160/0x1c0 [ 311.067889][ C0] ? put_cpu_partial+0x17e/0x250 [ 311.072808][ C0] ? __slab_free+0x294/0x390 [ 311.077397][ C0] ? qlist_free_all+0x9a/0x140 [ 311.082154][ C0] ? kasan_quarantine_reduce+0x14f/0x170 [ 311.087771][ C0] ? __kasan_slab_alloc+0x23/0x80 [ 311.092787][ C0] ? page_ext_put+0x97/0xc0 [ 311.097275][ C0] __reset_page_owner+0x76/0x1e0 [ 311.102206][ C0] __free_frozen_pages+0xde8/0x10a0 [ 311.107394][ C0] __put_partials+0x160/0x1c0 [ 311.112093][ C0] put_cpu_partial+0x17e/0x250 [ 311.116836][ C0] ? put_cpu_partial+0x72/0x250 [ 311.121682][ C0] __slab_free+0x294/0x390 [ 311.126086][ C0] ? __phys_addr+0xba/0x170 [ 311.130573][ C0] qlist_free_all+0x9a/0x140 [ 311.135144][ C0] kasan_quarantine_reduce+0x14f/0x170 [ 311.140583][ C0] __kasan_slab_alloc+0x23/0x80 [ 311.145413][ C0] kmem_cache_alloc_noprof+0x1e1/0x390 [ 311.150853][ C0] ? mas_alloc_nodes+0x267/0x7e0 [ 311.155774][ C0] mas_alloc_nodes+0x267/0x7e0 [ 311.160526][ C0] mas_preallocate+0x5ea/0x950 [ 311.165299][ C0] ? __pfx_mas_preallocate+0x10/0x10 [ 311.170566][ C0] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 311.176007][ C0] ? kmem_cache_alloc_noprof+0x237/0x390 [ 311.181623][ C0] ? __mas_set_range+0x133/0x3c0 [ 311.186545][ C0] mmap_region+0x1ccd/0x2ea0 [ 311.191220][ C0] ? __pfx_mmap_region+0x10/0x10 [ 311.196176][ C0] ? rcu_is_watching+0x15/0xb0 [ 311.200919][ C0] ? vm_unmapped_area+0xe9/0x260 [ 311.205844][ C0] ? __pfx_arch_get_unmapped_area_topdown+0x10/0x10 [ 311.212420][ C0] ? cap_mmap_addr+0xaa/0xf0 [ 311.216986][ C0] ? bpf_lsm_mmap_addr+0x9/0x10 [ 311.221931][ C0] ? security_mmap_addr+0x6f/0x250 [ 311.227029][ C0] do_mmap+0xd42/0x1420 [ 311.231181][ C0] ? __pfx_do_mmap+0x10/0x10 [ 311.235751][ C0] ? down_write_killable+0x1a0/0x260 [ 311.241016][ C0] ? vm_mmap_pgoff+0x214/0x530 [ 311.245768][ C0] ? __pfx_down_write_killable+0x10/0x10 [ 311.251379][ C0] ? apparmor_mmap_file+0xc3/0xe0 [ 311.256385][ C0] vm_mmap_pgoff+0x2a2/0x530 [ 311.260958][ C0] ? __pfx_vm_mmap_pgoff+0x10/0x10 [ 311.266062][ C0] ? ksys_mmap_pgoff+0xdf/0x720 [ 311.270895][ C0] ? __x64_sys_mmap+0x7f/0x140 [ 311.275640][ C0] do_syscall_64+0xf3/0x230 [ 311.280128][ C0] ? clear_bhb_loop+0x45/0xa0 [ 311.284785][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 311.290657][ C0] RIP: 0033:0x7fa334f8d1a3 [ 311.295063][ C0] RSP: 002b:00007fa3352cf9c8 EFLAGS: 00000246 ORIG_RAX: 0000000000000009 [ 311.303480][ C0] RAX: ffffffffffffffda RBX: 00007fa3335f76c0 RCX: 00007fa334f8d1a3 [ 311.311454][ C0] RDX: 0000000000000000 RSI: 0000000000021000 RDI: 0000000000000000 [ 311.319405][ C0] RBP: 0000000000000000 R08: 00000000ffffffff R09: 0000000000000000 [ 311.327373][ C0] R10: 0000000000020022 R11: 0000000000000246 R12: 00007fa3352cfb20 [ 311.335349][ C0] R13: ffffffffffffffc0 R14: 0000000000001000 R15: 0000000000000000 [ 311.343309][ C0]