last executing test programs: 11.442981512s ago: executing program 3 (id=565): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x5) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000340)=@base={0x6, 0x4, 0xfff, 0x7, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x3, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r5) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11feffffff000000", @ANYRES32=r6, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) r7 = syz_open_dev$sg(&(0x7f0000000080), 0x0, 0x1a3c82) ioctl$SCSI_IOCTL_SEND_COMMAND(r7, 0x1, &(0x7f0000000440)=ANY=[@ANYBLOB="000000000300000054"]) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000005840)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000001240)=@newqdisc={0x78, 0x24, 0x5820a61ca228651, 0x0, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, {0x0, 0x0, 0x4}}}}]}, 0x78}}, 0x0) sendmsg$nl_route_sched(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000400)=@newtfilter={0x54, 0x2c, 0xd27, 0x60bd2d, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xfff3}, {0xd}}, [@filter_kind_options=@f_basic={{0xa}, {0x24, 0x2, [@TCA_BASIC_EMATCHES={0x20, 0x2, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xffff}}, @TCA_EMATCH_TREE_LIST={0x14, 0x2, 0x0, 0x1, [@TCF_EM_NBYTE={0x10, 0x1}]}]}]}}]}, 0x54}, 0x1, 0x0, 0x0, 0x854}, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) r8 = fsopen(0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) fsopen(&(0x7f0000000580)='overlay\x00', 0x0) r9 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) ioctl$PPPIOCNEWUNIT(r9, 0xc004743e, &(0x7f0000000000)=0x3) socket$inet6_tcp(0xa, 0x1, 0x0) 8.350782633s ago: executing program 4 (id=572): r0 = syz_open_dev$swradio(&(0x7f0000000040), 0x1, 0x2) ioctl$VIDIOC_S_FMT(r0, 0xc0d05605, &(0x7f0000000080)={0xb, @sliced={0xa35, [0x0, 0x9, 0x1, 0x1, 0x6, 0x8, 0xe1, 0xfff7, 0xc, 0x7fff, 0xa7, 0x0, 0x0, 0x2, 0x3, 0x4, 0x10, 0x6, 0x4, 0x56, 0x8003, 0x3ff, 0x27, 0xffff, 0x0, 0x5, 0x1, 0x3ff, 0x3, 0x4, 0x6b, 0x8, 0x1f79, 0x7, 0x1000, 0x4, 0x1000, 0x4, 0x4, 0x4, 0xd6, 0xfffc, 0x80, 0x21, 0x8, 0x1, 0x9, 0x8001], 0x3}}) socket$inet_icmp_raw(0x2, 0x3, 0x1) (async) r1 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$IPT_SO_SET_REPLACE(r1, 0x0, 0x40, &(0x7f0000000100)=@security={'security\x00', 0xe, 0x4, 0x2b8, 0xffffffff, 0xf0, 0x0, 0x188, 0xffffffff, 0xffffffff, 0x220, 0x280, 0x280, 0xffffffff, 0x4, 0x0, {[{{@ip={@remote, @multicast2, 0x0, 0x0, 'syzkaller0\x00', 'veth0_vlan\x00'}, 0x0, 0xc8, 0xf0, 0x0, {}, [@common=@icmp={{0x28}, {0x0, "8de4"}}, @common=@unspec=@connmark={{0x30}}]}, @common=@unspec=@STANDARD={0x28, '\x00', 0x0, 0xfffffffffffffffe}}, {{@ip={@dev, @private, 0x0, 0x0, 'pimreg1\x00', 'bridge0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@MARK={0x28}}, {{@ip={@local, @initdev={0xac, 0x1e, 0x0, 0x0}, 0x0, 0x0, 'veth1_to_hsr\x00', 'batadv0\x00'}, 0x0, 0x70, 0x98}, @common=@unspec=@AUDIT={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x318) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, &(0x7f0000000000)=0xffffffffffffffff) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000440)=@mmap={0x9, 0x2, 0x4, 0x29000, 0xe, {}, {0x1, 0x8, 0x7, 0x1, 0x1, 0xff, "a3926efe"}, 0x0, 0x1, {}, 0x2, 0x0, r2}) (async) ioctl$VIDIOC_QBUF(r0, 0xc058560f, &(0x7f0000000440)=@mmap={0x9, 0x2, 0x4, 0x29000, 0xe, {}, {0x1, 0x8, 0x7, 0x1, 0x1, 0xff, "a3926efe"}, 0x0, 0x1, {}, 0x2, 0x0, r2}) 8.180042776s ago: executing program 3 (id=573): socket$inet6_mptcp(0xa, 0x1, 0x106) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f00000000c0)=0x4004, 0x1, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000010000000a28000000000a0101000000005e1affd5020000000900010073797a300000000308000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68000000060a01040000000000000000020000003c000480380001800e000100696d6d65646961746500000024000280180002801400028008000340ebffffff07000180fffffffd08000140000000000900010073797a30000000000900020073797a32"], 0x90}}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000180)=""/66, 0x42}], 0x1, 0xe1, 0x3) 7.607981861s ago: executing program 4 (id=576): openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x8000) syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="6800000013000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006772653000000000000000000000000034001a8010"], 0x68}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000)) 6.780216628s ago: executing program 4 (id=581): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x18, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140) 6.46370314s ago: executing program 4 (id=582): ioctl$AUTOFS_DEV_IOCTL_VERSION(0xffffffffffffffff, 0xc0189371, &(0x7f0000000000)={{0x1, 0x1, 0x18, 0xffffffffffffffff}, './file0\x00'}) ioctl$SNDRV_PCM_IOCTL_INFO(r0, 0x81204101, &(0x7f0000000040)) r1 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000240)={0x2, 0x4, 0x8, 0x1, 0x80, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) r2 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x1, 0x1c, &(0x7f0000000d80)=@ringbuf={{0x18, 0x8, 0x0, 0x0, 0x12, 0x0, 0x0, 0x0, 0xfffffffb}, {{0x18, 0x1, 0x1, 0x0, r2}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x3}, {0x85, 0x0, 0x0, 0x5}}, {}, [@snprintf={{0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1200}, {0x3, 0x3, 0x3, 0xa, 0x2, 0xfff0}, {0x6, 0x0, 0xd, 0x9, 0x0, 0x8, 0x80000001}, {0x3, 0x3, 0x6, 0xa, 0x9, 0xfff0, 0xf1}, {0x7, 0x1, 0xb, 0x6, 0x8}, {0x7, 0x0, 0x0, 0x8}, {}, {}, {}, {0x18, 0x8, 0x2, 0x0, r1}, {}, {0x15, 0x0, 0x0, 0x76}}], {{0x7, 0x1, 0xb, 0x8}, {0x6, 0x0, 0x5, 0x8, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x7}}}, &(0x7f00000002c0)='GPL\x00', 0x9, 0x0, 0x0, 0x0, 0x46, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 6.312007383s ago: executing program 4 (id=583): openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) socket$packet(0x11, 0x2, 0x300) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x218, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0xfff, 0xfffffffd, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) openat$vga_arbiter(0xffffffffffffff9c, &(0x7f0000000240), 0x408100, 0x0) add_key(&(0x7f0000000080)='rxrpc\x00', 0x0, &(0x7f0000000280), 0x0, 0xfffffffffffffffe) openat$sequencer2(0xffffffffffffff9c, 0x0, 0xc2882, 0x0) sendmsg$MPTCP_PM_CMD_SET_FLAGS(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={0x0}, 0x1, 0x0, 0x0, 0xebff5d0857818f7f}, 0x4000) lseek(0xffffffffffffffff, 0xffffeffffffffffe, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(0xffffffffffffffff, 0x8933, 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000440)='projid_map\x00') write$tcp_mem(r2, &(0x7f0000000180)={0x0, 0x20, 0x0, 0x20, 0x0, 0x2}, 0x48) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={0x0, 0xd0}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) timer_create(0x0, 0x0, &(0x7f00000000c0)) socket$inet6(0xa, 0x1, 0x0) sendmsg$key(0xffffffffffffffff, &(0x7f0000000000)={0x500, 0x0, &(0x7f0000000040)={0x0, 0x50}}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000200)={{0x0, 0x3938700}}, 0x0) timer_create(0x0, 0x0, &(0x7f0000000140)) sendmsg$nl_generic(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="140000003800010329bd7000fadbdb2504"], 0x14}}, 0x0) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="12013f00000000407f04ffff000000000001090224000100000000090400001503000000092140000001220f00090581d7"], 0x0) syz_usb_control_io$hid(r4, 0x0, 0x0) syz_usb_control_io$hid(r4, &(0x7f0000000180)={0x24, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="00220f000000560900a1004daf25cee2d5d1c1"], 0x0}, 0x0) syz_usb_connect(0x0, 0x36, &(0x7f0000000100)={{0x12, 0x1, 0x310, 0x7c, 0x83, 0xd1, 0x8, 0xbfd, 0x123, 0x128b, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x7f, 0x3, 0x10, 0x0, [{{0x9, 0x4, 0xb5, 0xf9, 0x2, 0x50, 0xa2, 0x65, 0xe6, [], [{{0x9, 0x5, 0xc, 0x12, 0x40, 0xe, 0xd, 0x3}}, {{0x9, 0x5, 0x6, 0x2, 0x40, 0x6, 0x4, 0x1}}]}}]}}]}}, &(0x7f0000000780)={0x0, 0x0, 0x0, 0x0}) syz_open_dev$hiddev(&(0x7f0000000080), 0x0, 0x0) 6.155875423s ago: executing program 3 (id=584): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) syz_usb_connect(0x6, 0x7a, &(0x7f00000000c0)=ANY=[], 0x0) syz_open_dev$sndpcmc(0x0, 0x2, 0x200080) unshare(0x6a040000) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x50) openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) fcntl$getflags(0xffffffffffffffff, 0x3) r2 = syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0x141121) r3 = dup(r2) write$6lowpan_enable(r3, &(0x7f0000000000)='0', 0xfffffd2c) syz_io_uring_setup(0x38fe, &(0x7f0000000300)={0x0, 0x1fffff, 0x10100}, 0x0, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000003c0)='/sys/power/pm_wakeup_irq', 0x149282, 0x10) write$cgroup_int(r4, &(0x7f0000000040)=0x902, 0x12) io_uring_register$IORING_REGISTER_PERSONALITY(r4, 0x9, 0x0, 0x0) modify_ldt$write(0x1, &(0x7f0000000000)={0xfff}, 0x10) modify_ldt$write(0x1, &(0x7f0000000000)={0x80, 0x0, 0x400}, 0x10) r5 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002000000000000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b7030000deab44f4850000002d00000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x1, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000000)='kfree\x00', r5}, 0x10) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_KEY_SET(r6, &(0x7f0000000100)={0x0, 0x2800, &(0x7f0000000080)={&(0x7f00000001c0)={0x54, r7, 0x1, 0x0, 0x0, {0x3}, [@TIPC_NLA_BEARER={0x40, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_UDP_OPTS={0x2c, 0x4, {{0x14, 0x1, @in={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xf}}}, {0x14, 0x2, @in={0x2, 0x0, @broadcast}}}}, @TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x54}}, 0x0) sendmsg$TIPC_NL_BEARER_SET(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x34, r7, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x20, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}, @TIPC_NLA_BEARER_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0x43ef}]}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140) r8 = dup(0xffffffffffffffff) connect$netlink(r8, 0x0, 0x0) syz_io_uring_setup(0x6387, &(0x7f0000000280)={0x0, 0x2566, 0x200, 0x3, 0x25d}, &(0x7f0000000300), 0x0) sendmsg$ETHTOOL_MSG_DEBUG_SET(r0, &(0x7f0000001540)={0x0, 0x0, &(0x7f0000001500)={&(0x7f0000000080)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="0100000000000000000008000000180001801400020073797a5f74756e000000000000000000180002801400038010000180080001"], 0x44}}, 0x0) 4.371796605s ago: executing program 0 (id=590): r0 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) socket$inet6_sctp(0xa, 0x801, 0x84) getsockopt$inet_sctp_SCTP_GET_ASSOC_STATS(0xffffffffffffffff, 0x84, 0x70, &(0x7f0000000180)={0x0, @in6={{0xa, 0x4e24, 0x5216, @private0, 0xac4}}, [0x6, 0x6, 0xffffffffffffff7f, 0x400, 0x0, 0xd, 0x0, 0x0, 0x8000001, 0x1, 0x200000000, 0x6, 0x452, 0x194, 0x6]}, &(0x7f00000000c0)=0x100) r3 = openat$pidfd(0xffffffffffffff9c, &(0x7f0000000040), 0x40000, 0x0) pidfd_send_signal(r3, 0x3b, 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, 0x0) r4 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNATTACHFILTER(r4, 0x401054d5, &(0x7f0000000040)={0x4, &(0x7f0000000100)=[{0x1}, {}, {0x4}, {0x6, 0x9}]}) ioctl$TUNDETACHFILTER(r4, 0x401054d6, 0x0) r5 = openat(0xffffffffffffff9c, 0x0, 0x42, 0x1ff) close(r5) execveat(0xffffffffffffff9c, &(0x7f0000000140)='./file1\x00', 0x0, 0x0, 0x1000) link(&(0x7f0000001240)='./file1\x00', &(0x7f0000000bc0)='./file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa\x00') 4.203960512s ago: executing program 2 (id=591): openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x8000) syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="6800000013000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006772653000000000000000000000000034001a8010"], 0x68}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000)) 3.535307776s ago: executing program 1 (id=593): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="5c0000000206030000000000000000000200000705000100070000000900020073797a31000000000c00078008011300000080000500050002000000050004000100000016000300686173683a6e65742c706f72742c6e6574"], 0x5c}, 0x1, 0x0, 0x0, 0x4000}, 0x20004000) (async) openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) (async) ioctl$KVM_CREATE_IRQCHIP(0xffffffffffffffff, 0xae60) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x8000000000000001) (async) syz_usb_connect(0x5, 0x21, 0x0, 0x0) (async) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) (async) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) (async) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) (async) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r3}, &(0x7f0000bbdffc)) (async) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) (async) r4 = dup(0xffffffffffffffff) ioctl$SNDCTL_DSP_SPEED(r4, 0xc0045002, &(0x7f0000000140)=0x8) r5 = socket$tipc(0x1e, 0x5, 0x0) bind$tipc(r5, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) (async) r6 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r6, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) (async) r7 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r7, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x1}, 0x10) (async) sendmsg$tipc(r7, &(0x7f0000000000)={&(0x7f00000001c0)=@name={0x1e, 0x2, 0x1, {{0x41, 0x4}, 0x3}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x800}, 0x10) (async) sendmsg(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) (async) socket$nl_route(0x10, 0x3, 0x0) (async) openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) 3.164137454s ago: executing program 1 (id=594): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x28, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x14, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_NAME={0xd, 0x1, @udp='udp:syz2\x00'}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140) 3.083251744s ago: executing program 2 (id=595): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x1c, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140) 2.977654113s ago: executing program 1 (id=596): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) r0 = socket$kcm(0x11, 0xa, 0x300) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000003a00)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x9}}, 0x10, &(0x7f0000000b40)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001a00), 0x101d0}], 0x4}, 0x0) recvmsg(r0, &(0x7f0000000280)={0x0, 0xd5e, &(0x7f0000000180)=[{&(0x7f0000002400)=""/4098, 0xd5e}], 0x3a}, 0x0) 2.83059359s ago: executing program 2 (id=597): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000003c0)=ANY=[@ANYBLOB="fc010000190001000000000033000000fc020000000000000000000000000000200100000000000000000000000000010000000300000000020000005e000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="0000000000000000000000000000000000000000000000000100000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000044010500fe8000000000000000000000000000aa000000003200000000000000ac1414aa000000000000000000000000000000000000ff00000000000000000001000000fc0200010000000000000000000000000000000032"], 0x1fc}}, 0x50) 2.63174294s ago: executing program 1 (id=598): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = openat$sndseq(0xffffffffffffff9c, 0x0, 0x60240) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r2, 0xc0a85320, &(0x7f0000000180)={{0x80}, 'port0\x00', 0x7e, 0xa1c07, 0x6, 0x0, 0x100000}) epoll_create(0x101) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000680)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x0) mount$fuse(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="5befeec59a9101b7064bf93ee1dc00b4fd2800fdd0b740b56e90e6e944ff39d56d1ef0b1363c8e275ce8639f09bd410400000000", @ANYRESHEX, @ANYRESOCT, @ANYRESHEX=r3, @ANYRES8]) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x1, 0x4, &(0x7f0000000640)=ANY=[@ANYBLOB="1800000001dbffff30cc0000000000002f00000004000000d31d00"/45], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r5 = socket$alg(0x26, 0x5, 0x0) bind$alg(r5, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) 2.534899551s ago: executing program 4 (id=599): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x30, &(0x7f0000000180)={&(0x7f00000008c0)=ANY=[@ANYBLOB="24000000190001000000000000c3b2000a0000000003c8000000000008000600ffffffff"], 0x24}, 0x1, 0x0, 0x0, 0x40080}, 0x0) r0 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/tty/drivers\x00', 0x0, 0x0) read$rfkill(r0, &(0x7f0000000040), 0x8) (async) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) (async, rerun: 64) syz_usb_connect(0x0, 0x2d2, &(0x7f0000000340)=ANY=[@ANYBLOB="120100008b216740420709204661010203010902c002010000000009047500efd08de70009050201ff030c0207cb10407a382b84ff1b34cd2ee206df4454f2529eb325760bada00a71f67aefe45f30eb1a82ea2568d765ddf9c4f6cf9d15cdf7897994aae055d3f4654ab18eec5d2ff8f276191defe778db9f063699e57d00e9bd9aa03da6c10d298998004b93eaf6ca5c2a57018daf8e85392ce15baa386cfdf692b68fac0ede1e5313b09c9e13e40b67973376e559125fe4d64c2c3e4927f4ad48743ed8f5fca66abf95b6da7af76b89333470ad9808c6e3f64e87ff6ca2fdd8f9fbd5df7edf83dc9a106f39d89d5f70b43047081a08a86e0a6ccee3d0114be47cd02772f9397c837398d537d76775a2ea84aca894132f89411455354c7d32ca5e23ac1fdf7e052b486de0e97574ca0a751214c8689a25a573a50cdca9552447a34ad28c74cb934f2798a646ac694c7cef3f3ce57358391db8199bd3159141280736ce85bf09050501"], 0x0) (rerun: 64) 2.482684024s ago: executing program 2 (id=600): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = landlock_create_ruleset(&(0x7f0000000100)={0x30b}, 0x18, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x200000, 0x0) landlock_add_rule$LANDLOCK_RULE_PATH_BENEATH(r0, 0x1, &(0x7f0000000200)={0x100, r1}, 0x0) close(r0) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000002280)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) lsetxattr$system_posix_acl(&(0x7f0000000040)='./file0\x00', &(0x7f00000000c0)='system.posix_acl_access\x00', &(0x7f0000000380)=ANY=[@ANYBLOB="02000000000000100004000079efcc00000020000000000000000000000000000071faad8b5e1538cebdee8c438ebae74c9a5314d6ef47d1e9837c3dc98115a75ea802c997705125646d17a9066cb9a77e26d491bc3807a12b75faff9d6711dd3ac033d442627b5345ff622d238de7a4e0cf4f1da3f524788c20e73cb72ed8906f466aec0ac2c85ee05d890e1a530b71f1766ba4b95aff02d6076f79327dbbe08f5ae62491bf53a6f7368329f35d0f39f510caf35d13a0d14824ae45da780663edcbc76975cb0446e9050000000000000000"], 0x24, 0x2) 2.40819277s ago: executing program 3 (id=601): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000640)=ANY=[@ANYBLOB="4401000010000100000000000000000000000000000000000000ffff7f000001ac1414000000000000000000000700"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="fc010000000000000000000000000000000000006c000000ffffffff0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000480003006465666c617465000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001c", @ANYRES32=0x0, @ANYRES8, @ANYRES16=r0], 0x144}, 0x1, 0x0, 0x0, 0x1}, 0x0) 2.147990694s ago: executing program 3 (id=602): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x400, 0x0) syz_usb_disconnect(0xffffffffffffffff) r1 = socket(0x28, 0x803, 0x0) ioctl$MEDIA_IOC_REQUEST_ALLOC(0xffffffffffffffff, 0x80047c05, 0x0) r2 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r2, &(0x7f0000000340)={0xa, 0x10000000004e20, 0xfffffffd, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r2, 0x1, 0x19, 0x0, 0x0) syz_emit_ethernet(0x83, &(0x7f0000000240)=ANY=[@ANYRES16=r0], 0x0) r3 = socket$inet6_udplite(0xa, 0x2, 0x88) sendmmsg$inet6(r3, &(0x7f0000001800)=[{{&(0x7f0000000000)={0xa, 0x4e20, 0x0, @mcast2}, 0x1c, 0x0}}], 0x1, 0x0) r4 = add_key(&(0x7f0000000000)='big_key\x00', &(0x7f0000000040)={'syz', 0x1}, &(0x7f00000020c0)="ae", 0x1, 0xffffffffffffffff) keyctl$read(0x2, r4, &(0x7f00000000c0)=""/4096, 0x1000) keyctl$read(0xb, r4, &(0x7f00000010c0)=""/4096, 0xffef) r5 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, 0x0) ptrace$setregs(0xd, r5, 0x0, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") ptrace$getregset(0x4205, r5, 0x200, &(0x7f0000000080)={&(0x7f00000000c0)=""/112, 0x70}) ptrace$ARCH_SET_CPUID(0x1e, r5, 0x1, 0x1012) recvmmsg(r2, &(0x7f0000001180)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0, 0x0) getsockopt$packet_int(r1, 0x107, 0xe, 0x0, 0x0) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) getsockopt$inet_sctp_SCTP_HMAC_IDENT(0xffffffffffffffff, 0x84, 0x16, 0x0, &(0x7f00000001c0)) r8 = syz_open_procfs(0x0, &(0x7f00000000c0)='mountinfo\x00') sendfile(r8, r8, &(0x7f0000000040)=0x2eb4, 0x2000007ff) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x16) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) openat$qrtrtun(0xffffffffffffff9c, 0x0, 0x800) ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x2) 2.103736622s ago: executing program 0 (id=603): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x18, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140) 1.872759956s ago: executing program 0 (id=604): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x356}, &(0x7f00000008c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd_index=0x4, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x70a, 0x41e3, 0x0, 0x0, 0x0) r5 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r5, &(0x7f0000000580)='1\x00', 0x2) prctl$PR_GET_TSC(0x43, &(0x7f0000000040)) write$sysctl(r5, &(0x7f0000000000)='2\x00', 0x2) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000740)=@newlink={0x40, 0x10, 0x44b, 0x0, 0x0, {0x7a}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @bridge={{0xb}, {0x4}}}, @IFLA_ADDRESS={0xa, 0x1, @random="66403ef93480"}]}, 0x40}}, 0x4) 1.176019036s ago: executing program 2 (id=605): openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x8000) syz_genetlink_get_family_id$tipc(&(0x7f0000000000), 0xffffffffffffffff) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) sendmsg$TIPC_CMD_SET_LINK_PRI(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={0x0}, 0x1, 0x0, 0x0, 0x800}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="6800000013000100000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000140003006772653000000000000000000000000034001a8010"], 0x68}}, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) r3 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r3, 0x5393, &(0x7f0000000000)) 862.591236ms ago: executing program 0 (id=606): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000080)={0xc, 0x0, 0x0}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f00000000c0)={0xc, r1}) ioctl$IOMMU_VFIO_IOAS$GET(r0, 0x3b88, &(0x7f0000000100)={0xc}) ioctl$IOMMU_VFIO_IOAS$CLEAR(r0, 0x3b88, &(0x7f0000000140)={0xc}) ioctl$IOMMU_IOAS_ALLOW_IOVAS(r0, 0x3b82, &(0x7f0000000180)={0x20, r1, 0x0, 0x0, &(0x7f00000001c0)}) ioctl$IOMMU_VFIO_IOAS$SET(r0, 0x3b88, &(0x7f0000000200)={0xc, r1}) ioctl$IOMMU_VFIO_GET_API_VERSION(r0, 0x3b64) ioctl$IOMMU_VFIO_SET_IOMMU(r0, 0x3b66, 0x3) ioctl$IOMMU_VFIO_CHECK_EXTENSION(r0, 0x3b65, 0x9) ioctl$IOMMU_VFIO_IOMMU_GET_INFO(r0, 0x3b70, &(0x7f0000000240)={0x70, 0x0, 0x0, 0x0, {}, {{}, 0x0, 0x0, [{}]}}) ioctl$IOMMU_VFIO_IOMMU_MAP_DMA(r0, 0x3b71, &(0x7f0000000280)={0x20, 0x0, &(0x7f00000002c0)='LLLLLLLLLLLLLLLLLLLLLLLLLLLL', 0x1c, 0x1c}) ioctl$IOMMU_VFIO_IOMMU_UNMAP_DMA(r0, 0x3b72, &(0x7f0000000300)={0x18, 0x0, 0x1c, 0x1c}) ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000340)={0x18, r1}) ioctl$IOMMU_DESTROY$ioas(r0, 0x3b80, &(0x7f0000000380)={0x8, r1}) r2 = fsopen(&(0x7f0000000100)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000180)='user\x00N\xac]\x86\x8a\xa3\x7f\x00', &(0x7f0000000140)='/\x9b\xc2\xd0a@\xf7', 0x0) fsconfig$FSCONFIG_SET_STRING(r2, 0x1, &(0x7f0000000040)='user\x00N\xac]\x86\x8a\xa3\x7f\x00', &(0x7f0000000080)='\x00', 0x0) close(r0) 737.525188ms ago: executing program 0 (id=607): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_SET(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000880)={0x1c, r1, 0x1, 0x70bd28, 0x25dfdbfb, {}, [@TIPC_NLA_BEARER={0x8, 0x1, 0x0, 0x1, [@TIPC_NLA_BEARER_PROP={0x4}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0x48c05}, 0x4040140) 652.688756ms ago: executing program 0 (id=608): socket$inet6_mptcp(0xa, 0x1, 0x106) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) futex(&(0x7f000000cffc), 0x0, 0x0, 0x0, 0x0, 0x0) futex(&(0x7f00000000c0)=0x4004, 0x1, 0x0, 0x0, 0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_mreq(r2, 0x29, 0x1b, &(0x7f0000000200)={@dev}, 0x14) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r3, 0x29, 0x1b, &(0x7f0000000000)={@remote}, 0x20) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r4, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000010000000a28000000000a0101000000005e1affd5020000000900010073797a300000000508000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r4, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000002780)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a68000000060a01040000000000000000020000003c000480380001800e000100696d6d65646961746500000024000280180002801400028008000340ebffffff07000180fffffffd08000140000000000900010073797a30000000000900020073797a32"], 0x90}}, 0x0) r5 = syz_open_procfs(0x0, &(0x7f0000000080)='net/anycast6\x00') preadv(r5, &(0x7f0000000040)=[{&(0x7f0000000180)=""/66, 0x42}], 0x1, 0xe1, 0x3) 615.061681ms ago: executing program 1 (id=609): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000480)={0x11, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x9, @void, @value}, 0x94) r0 = socket$kcm(0x11, 0xa, 0x300) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) sendmsg$tipc(r1, &(0x7f0000003a00)={&(0x7f0000000080)=@nameseq={0x1e, 0x1, 0x0, {0x1, 0x0, 0x9}}, 0x10, &(0x7f0000000b40)=[{0x0}, {0x0}, {0x0}, {&(0x7f0000001a00), 0x101d0}], 0x4}, 0x0) r2 = dup(0xffffffffffffffff) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x28801, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x42280, 0x0) close(r4) ioctl$KVM_CHECK_EXTENSION(r5, 0xae01, 0x1) r6 = syz_kvm_setup_syzos_vm$x86(r4, &(0x7f0000bfe000/0x400000)=nil) r7 = socket$rds(0x15, 0x5, 0x0) bind$rds(r7, &(0x7f0000000040)={0x2, 0xfffc, @loopback}, 0x10) sendmsg$rds(r7, &(0x7f0000001600)={&(0x7f0000000000)={0x2, 0x0, @remote}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=[@rdma_args={0x48, 0x114, 0x1, {{}, {0x0, 0xffffffffffffff7c}, &(0x7f00000006c0)=[{&(0x7f0000000100)=""/44, 0x2c}], 0x1}}, @mask_cswp={0x58, 0x114, 0x9, {{0x9, 0xd}, &(0x7f0000000080)=0x4, &(0x7f00000000c0)=0x2, 0x6, 0x6, 0xc, 0x0, 0x0, 0xa}}, @mask_cswp={0x58, 0x114, 0x9, {{0x508428bd, 0xf7}, &(0x7f0000000140)=0x8, &(0x7f0000000180)=0xfffffffffffffffb, 0x101, 0x61, 0x7ffffffffffffffd, 0x3ff, 0x40, 0x66f}}], 0xf8}, 0x0) r8 = syz_kvm_add_vcpu$x86(r6, &(0x7f0000000000)={0x0, 0x0}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_SET_MEMORY_ATTRIBUTES(r4, 0x4020aed2, &(0x7f0000000080)={0x0, 0x28c000, 0x8}) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(0xffffffffffffffff, 0x84, 0x85, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) dup(0xffffffffffffffff) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000000000)={0x26, 'hash\x00', 0x0, 0x0, 'sha256-generic\x00'}, 0x58) r10 = accept4(r9, 0x0, 0x0, 0x0) ioctl$TIOCGSID(r10, 0x5429, &(0x7f00000000c0)=0x0) getsockopt$inet_IP_IPSEC_POLICY(r2, 0x0, 0x10, &(0x7f00000002c0)={{{@in6=@private0, @in6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}, {{@in6=@loopback}, 0x0, @in=@dev}}, &(0x7f00000001c0)=0xe8) ioctl$DRM_IOCTL_GET_CLIENT(r2, 0xc0286405, &(0x7f0000000140)={0x6, 0x9, {r11}, {r12}, 0x5, 0x8}) recvmmsg$unix(r10, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x500}}], 0x600, 0x0, 0x0) recvmsg(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000180)=[{&(0x7f0000002400)=""/4098, 0xd5e}], 0x3a}, 0x0) 205.193089ms ago: executing program 3 (id=610): bpf$PROG_LOAD_XDP(0x5, &(0x7f00000000c0)={0x12, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41000, 0x13, '\x00', 0x0, 0xf, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = bpf$MAP_CREATE(0x0, &(0x7f0000000180)=@base={0x1, 0x1, 0x4, 0x8, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1, 0xd, &(0x7f0000000300)=ANY=[@ANYBLOB="18000000000000000000000000000000850000007a00000018110000", @ANYRES32=r1, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b70400000000000085000000c300000095"], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r2 = socket(0x1, 0x803, 0x0) bpf$MAP_LOOKUP_ELEM(0x1, &(0x7f0000000040)={r1, &(0x7f0000000380)="0a92b28188a7d08df19c9a7a2ca6a8c7d3de2550ff78245f6026e457839228c435d3ceb5a8cd184f011a7724ee68542e6fbcbc885ae8a65f369e4525d0d6354d8b2dce23a975212615100a8543cf977855114317f41be069459b70d5e6ee8d73c7875989b39e6166ab2521917afd6d19b647a08236acbf5c673e9fe5413c26932831b2de55e2a071f4f36b96d6d1ccd0fcd0afe8b4d1004f5e1733be1a8943159302a3970e411920f63613a39aff087dd33eda089b2e3c4aebab7e7c15281d543e54281076c3dce585cd629b41802e43717bb7453b65cc59ba316812", &(0x7f0000000480)=""/173, 0x4}, 0x20) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0xf11, 0x0, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x104}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @vti={{0x8}, {0xc, 0x2, 0x0, 0x1, [@vti_common_policy=[@IFLA_VTI_LINK={0x8, 0x1, r3}]]}}}, @IFLA_MASTER={0x8, 0xa, r3}]}, 0x40}}, 0x4) syz_usb_connect(0x5, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0x4a, 0x7, 0x11, 0x8, 0x2357, 0x201, 0x5031, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x9, 0x4, 0xb0, 0x6, [{{0x9, 0x4, 0x40, 0x0, 0x0, 0xc6, 0xe1, 0xaa, 0x3}}]}}]}}, 0x0) 153.184313ms ago: executing program 2 (id=611): arch_prctl$ARCH_FORCE_TAGGED_SVA(0x4004) r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000c80)=@mangle={'mangle\x00', 0x2, 0x6, 0x508, 0x360, 0x188, 0x290, 0x0, 0x290, 0x568, 0x568, 0x568, 0x568, 0x568, 0x6, 0x0, {[{{@ipv6={@mcast2, @private1, [], [], 'macvlan1\x00', 'erspan0\x00', {}, {}, 0x0, 0x0, 0x0, 0x48}, 0x0, 0xa8, 0xd0, 0x0, {0x7a00000000000000}}, @HL={0x28}}, {{@uncond, 0x0, 0xa8, 0xe0}, @common=@inet=@SET3={0x38, 'SET\x00', 0x3, {{0xffffffffffffffff}, {0xffffffffffffffff}, {}, 0x203}}}, {{@ipv6={@ipv4={'\x00', '\xff\xff', @multicast2}, @remote, [], [], '\x00', 'bond_slave_0\x00'}, 0x0, 0xa8, 0xd0, 0x48000000}, @unspec=@CHECKSUM={0x28}}, {{@uncond, 0x0, 0xa8, 0xe8}, @common=@inet=@TCPOPTSTRIP={0x40}}, {{@uncond, 0x0, 0xa8, 0xd0}, @unspec=@CHECKSUM={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x568) r1 = socket$kcm(0xa, 0x922000000003, 0x11) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = socket$inet(0x2, 0x80001, 0x84) r4 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r4, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000380)=[@in={0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}]}, &(0x7f0000000180)=0x10) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000180)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x58, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x21}, @NFTA_SET_EXPR={0x1c, 0x11, 0x0, 0x1, @limit={{0xa}, @val={0xc, 0x2, 0x0, 0x1, [@NFTA_LIMIT_TYPE={0x8}]}}}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0xa0}}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) getsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r2, 0x84, 0x84, &(0x7f0000000440)={r6, @in6={{0xa, 0x0, 0x6, @empty}}, 0x0, 0x80}, &(0x7f0000000500)=0x90) sendmsg$sock(r1, &(0x7f0000000740)={&(0x7f0000000100)=@nl=@unspec, 0x80, 0x0, 0x0, &(0x7f0000000700)=[@timestamping={{0x18, 0x1, 0x4f, 0x1}}], 0x18}, 0x0) r7 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r7, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040), 0x2, 0x6}}, 0x20) r8 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x2, 0x4, 0xc00000, 0x2000001, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r9 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000080)=ANY=[@ANYBLOB="120100000cb768405e0483020b9901e4020109021b000100000000090400fb015c291d00090509"], 0x0) syz_usb_disconnect(r9) syz_usb_control_io$cdc_ncm(r9, &(0x7f0000000280)={0x14, &(0x7f0000000540)={0x40, 0x31, 0xff, {0xff, 0x23, "6b62c7285551e4359b0edb256de20a0ff5229b98378ccd6960180d802f5aba5fafc566c4d55b5b048f5f71f5d028458e4ebc9f8ef0152d6b2fe74d8ea3eb85098e9520311d7537f8da1661c49a6ec526f9032282a14a0fc27be618769860f0202b15e75a82ca5459f3c491600cf725d6bd1e049fb81f1c0fd062b5d56abae940dd0b57799d2c53f9be9d541e13bc6758dca19fcfbfffb2fe3f4ebde8a77944a76fc61ce43917c8718cf6c1e5def986216f18ba0dfea8cd9f6063a5f28d4552af0210e98f0c96d76486a0e912a0fabfb2ee77770b96f4db5fba3b72638c7588c61e923763995b62cf9966006942efd4168e5bc6d0b5890f5abb7a424ea6"}}, &(0x7f0000000240)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000840)={0x44, &(0x7f00000002c0)={0x0, 0x16, 0x33, "0bc429fecc858cabd317fc2c36cf9d780ae29774328e9d55bcaa92d22eee4085b2045208ca3a5af9556d3901e1c2b213c6ca57"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0xeb}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000680)={0x20, 0x80, 0x1c, {0xdcb, 0x1, 0xfffff609, 0xaf06, 0x7ff, 0x2b, 0xe3bc, 0x3, 0x4, 0xa0a3, 0x101, 0x1000}}, &(0x7f00000006c0)={0x20, 0x85, 0x4, 0x9}, &(0x7f0000000780)={0x20, 0x83, 0x2}, &(0x7f00000007c0)={0x20, 0x87, 0x2, 0x7}, &(0x7f0000000800)={0x20, 0x89, 0x2}}) fallocate(r8, 0x44, 0x9, 0x2) 0s ago: executing program 1 (id=612): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x2d0b, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) socket$inet_sctp(0x2, 0x5, 0x84) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='memory.events\x00', 0x26e1, 0x0) pipe(&(0x7f0000000000)={0xffffffffffffffff}) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000140)='memory.events\x00', 0x7a05, 0x1700) splice(r5, 0x0, r6, 0x0, 0x88000cc, 0x0) syz_emit_ethernet(0x36, &(0x7f00000000c0)={@broadcast, @local, @void, {@ipv6={0x86dd, @generic={0x0, 0x6, "87fb89", 0x0, 0x0, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @private2}}}}, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r7, &(0x7f0000000200)={0xa, 0x0, 0x0, @loopback}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r7, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r7, 0x11a, 0x1, &(0x7f0000000040)=@gcm_256={{0x304, 0x36}, "000000003f9d0080", "a5fdeb69a751e94df53ad7e900de4c164e071a0000000000007b443803cf578f"}, 0x38) setsockopt$inet6_tcp_int(r7, 0x11a, 0x1, &(0x7f0000000100)=0xfffffffe, 0x4) r8 = socket$nl_generic(0x10, 0x3, 0x10) vmsplice(0xffffffffffffffff, 0x0, 0x0, 0x18) sendmsg$nl_generic(r8, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000940)=ANY=[@ANYBLOB="1c0000002d00090027bd7000000000000400000008001a80"], 0x1c}}, 0x84) kernel console output (not intermixed with test programs): renamed from eth3 [ 94.993278][ T5849] netdevsim netdevsim4 netdevsim0: renamed from eth0 [ 95.005426][ T5849] netdevsim netdevsim4 netdevsim1: renamed from eth1 [ 95.017137][ T5849] netdevsim netdevsim4 netdevsim2: renamed from eth2 [ 95.033388][ T5849] netdevsim netdevsim4 netdevsim3: renamed from eth3 [ 95.053173][ T5156] Bluetooth: hci3: command tx timeout [ 95.133122][ T5156] Bluetooth: hci4: command tx timeout [ 95.195812][ T5840] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 95.211538][ T5840] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 95.228718][ T5840] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 95.240355][ T5840] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 95.320504][ T5844] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.382366][ T5843] netdevsim netdevsim1 netdevsim0: renamed from eth0 [ 95.405069][ T5843] netdevsim netdevsim1 netdevsim1: renamed from eth1 [ 95.421951][ T5843] netdevsim netdevsim1 netdevsim2: renamed from eth2 [ 95.442457][ T5843] netdevsim netdevsim1 netdevsim3: renamed from eth3 [ 95.506675][ T5844] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.570057][ T5846] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.582695][ T5849] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.603155][ T36] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.610437][ T36] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.637441][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.644672][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.716104][ T5846] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.747958][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.755202][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.767880][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.775069][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.808265][ T5849] 8021q: adding VLAN 0 to HW filter on device team0 [ 95.834919][ T5844] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 95.889338][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 95.896648][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 95.918586][ T5840] 8021q: adding VLAN 0 to HW filter on device bond0 [ 95.956931][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 95.964157][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 95.998273][ T5846] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 96.027504][ T5840] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.052842][ T13] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.060089][ T13] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.078741][ T5844] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.115012][ T13] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.122193][ T13] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.168186][ T5843] 8021q: adding VLAN 0 to HW filter on device bond0 [ 96.250049][ T5846] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.271791][ T5844] veth0_vlan: entered promiscuous mode [ 96.297459][ T5843] 8021q: adding VLAN 0 to HW filter on device team0 [ 96.325634][ T1333] bridge0: port 1(bridge_slave_0) entered blocking state [ 96.332783][ T1333] bridge0: port 1(bridge_slave_0) entered forwarding state [ 96.345874][ T1333] bridge0: port 2(bridge_slave_1) entered blocking state [ 96.353155][ T1333] bridge0: port 2(bridge_slave_1) entered forwarding state [ 96.362733][ T5844] veth1_vlan: entered promiscuous mode [ 96.472112][ T5840] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.487163][ T5844] veth0_macvtap: entered promiscuous mode [ 96.506821][ T5849] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.570040][ T5844] veth1_macvtap: entered promiscuous mode [ 96.602724][ T5846] veth0_vlan: entered promiscuous mode [ 96.642709][ T5846] veth1_vlan: entered promiscuous mode [ 96.651040][ T5849] veth0_vlan: entered promiscuous mode [ 96.686497][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 96.697142][ T5849] veth1_vlan: entered promiscuous mode [ 96.735725][ T5844] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 96.752689][ T5844] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.765017][ T5844] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.773940][ T5844] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.782672][ T5844] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 96.799297][ T5840] veth0_vlan: entered promiscuous mode [ 96.813622][ T5156] Bluetooth: hci0: command tx timeout [ 96.882509][ T5846] veth0_macvtap: entered promiscuous mode [ 96.894519][ T5156] Bluetooth: hci1: command tx timeout [ 96.904753][ T5849] veth0_macvtap: entered promiscuous mode [ 96.922494][ T5846] veth1_macvtap: entered promiscuous mode [ 96.930791][ T5840] veth1_vlan: entered promiscuous mode [ 96.946223][ T5843] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 96.973271][ T5156] Bluetooth: hci2: command tx timeout [ 96.980271][ T5849] veth1_macvtap: entered promiscuous mode [ 97.017482][ T1333] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.030936][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.041189][ T1333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.069193][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.100052][ T5849] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.134129][ T5156] Bluetooth: hci3: command tx timeout [ 97.145070][ T5846] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.156126][ T5849] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.166055][ T5849] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.175318][ T5849] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.185111][ T5849] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.209577][ T5846] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.219048][ T5846] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.224021][ T5156] Bluetooth: hci4: command tx timeout [ 97.233947][ T5846] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.242697][ T5846] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.267575][ T3428] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.277833][ T3428] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.325617][ T5840] veth0_macvtap: entered promiscuous mode [ 97.339188][ T5840] veth1_macvtap: entered promiscuous mode [ 97.370951][ T5844] soft_limit_in_bytes is deprecated and will be removed. Please report your usecase to linux-mm@kvack.org if you depend on this functionality. [ 97.377015][ T10] cfg80211: failed to load regulatory.db [ 97.417604][ T5843] veth0_vlan: entered promiscuous mode [ 97.490898][ T3428] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.506022][ T3428] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.519905][ T5843] veth1_vlan: entered promiscuous mode [ 97.552227][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 97.596219][ T5840] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 97.618846][ T5840] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.627995][ T5840] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.639272][ T5840] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.649511][ T5840] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 97.713709][ T3428] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.721638][ T3428] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.777625][ T3428] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 97.799966][ T3428] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 97.843828][ T5925] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 97.885619][ T5843] veth0_macvtap: entered promiscuous mode [ 97.993994][ T5843] veth1_macvtap: entered promiscuous mode [ 98.008876][ T3505] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.053403][ T3505] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.112161][ T3428] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.130834][ T3428] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.145860][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 98.180169][ T5843] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 98.403037][ T30] audit: type=1326 audit(1749990736.847:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 98.447710][ T5843] netdevsim netdevsim1 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.457355][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.463202][ T30] audit: type=1326 audit(1749990736.847:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=238 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 98.481799][ T5843] netdevsim netdevsim1 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.533029][ T30] audit: type=1326 audit(1749990736.847:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 98.535998][ T5843] netdevsim netdevsim1 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.566827][ T5843] netdevsim netdevsim1 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 98.621799][ T30] audit: type=1326 audit(1749990736.847:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 98.663154][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 98.704655][ T30] audit: type=1326 audit(1749990736.847:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 98.727385][ T3466] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 98.728244][ T30] audit: type=1326 audit(1749990736.847:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 98.763420][ T30] audit: type=1326 audit(1749990736.847:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 98.797535][ T3466] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 98.816260][ T30] audit: type=1326 audit(1749990736.847:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 98.841973][ T30] audit: type=1326 audit(1749990736.847:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 98.872644][ T30] audit: type=1326 audit(1749990736.847:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=5927 comm="syz.4.5" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 98.894709][ C0] vkms_vblank_simulate: vblank timer overrun [ 98.913112][ T0] NOHZ tick-stop error: local softirq work is pending, handler #100!!! [ 98.922568][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 98.945769][ T5156] Bluetooth: hci0: command tx timeout [ 98.975359][ T5156] Bluetooth: hci1: command tx timeout [ 99.053835][ T5156] Bluetooth: hci2: command tx timeout [ 99.213620][ T5156] Bluetooth: hci3: command tx timeout [ 99.287728][ T5948] FAULT_INJECTION: forcing a failure. [ 99.287728][ T5948] name failslab, interval 1, probability 0, space 0, times 1 [ 99.300743][ T5156] Bluetooth: hci4: command tx timeout [ 99.378916][ T5948] CPU: 1 UID: 0 PID: 5948 Comm: syz.3.10 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 99.378945][ T5948] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 99.378963][ T5948] Call Trace: [ 99.378975][ T5948] [ 99.378983][ T5948] dump_stack_lvl+0x189/0x250 [ 99.379026][ T5948] ? __pfx____ratelimit+0x10/0x10 [ 99.379054][ T5948] ? __pfx_dump_stack_lvl+0x10/0x10 [ 99.379082][ T5948] ? __pfx__printk+0x10/0x10 [ 99.379108][ T5948] ? __pfx___might_resched+0x10/0x10 [ 99.379134][ T5948] ? fs_reclaim_acquire+0x7d/0x100 [ 99.379161][ T5948] should_fail_ex+0x414/0x560 [ 99.379191][ T5948] should_failslab+0xa8/0x100 [ 99.379211][ T5948] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 99.379230][ T5948] ? rcu_is_watching+0x15/0xb0 [ 99.379258][ T5948] ? key_alloc+0x34d/0x1030 [ 99.379300][ T5948] kmemdup_noprof+0x2b/0x70 [ 99.379331][ T5948] key_alloc+0x34d/0x1030 [ 99.379374][ T5948] keyring_alloc+0x45/0xb0 [ 99.379410][ T5948] look_up_user_keyrings+0x216/0x620 [ 99.379446][ T5948] ? __pfx_look_up_user_keyrings+0x10/0x10 [ 99.379470][ T5948] ? __might_fault+0xb0/0x130 [ 99.379491][ T5948] ? _parse_integer_limit+0x1ae/0x1f0 [ 99.379520][ T5948] ? lookup_user_key+0xa2/0x1090 [ 99.379552][ T5948] lookup_user_key+0x329/0x1090 [ 99.379576][ T5948] ? __lock_acquire+0xab9/0xd20 [ 99.379617][ T5948] ? __pfx_lookup_user_key+0x10/0x10 [ 99.379648][ T5948] ? __pfx_lookup_user_key_possessed+0x10/0x10 [ 99.379690][ T5948] ? rcu_read_lock_any_held+0xb3/0x120 [ 99.379721][ T5948] keyctl_restrict_keyring+0x81/0x210 [ 99.379747][ T5948] ? __pfx_keyctl_restrict_keyring+0x10/0x10 [ 99.379789][ T5948] __se_sys_keyctl+0x314/0x910 [ 99.379818][ T5948] ? __pfx___se_sys_keyctl+0x10/0x10 [ 99.379848][ T5948] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 99.379874][ T5948] ? __fget_files+0x3a0/0x420 [ 99.379907][ T5948] ? fput+0xa0/0xd0 [ 99.379935][ T5948] ? ksys_write+0x22a/0x250 [ 99.379958][ T5948] ? __pfx_ksys_write+0x10/0x10 [ 99.379976][ T5948] ? rcu_is_watching+0x15/0xb0 [ 99.380016][ T5948] ? do_syscall_64+0xbe/0x3b0 [ 99.380035][ T5948] ? __x64_sys_keyctl+0x20/0xc0 [ 99.380062][ T5948] do_syscall_64+0xfa/0x3b0 [ 99.380081][ T5948] ? lockdep_hardirqs_on+0x9c/0x150 [ 99.380113][ T5948] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.380135][ T5948] ? clear_bhb_loop+0x60/0xb0 [ 99.380162][ T5948] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 99.380183][ T5948] RIP: 0033:0x7f45dd18e929 [ 99.380211][ T5948] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 99.380230][ T5948] RSP: 002b:00007f45de01f038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 99.380286][ T5948] RAX: ffffffffffffffda RBX: 00007f45dd3b5fa0 RCX: 00007f45dd18e929 [ 99.380302][ T5948] RDX: 0000200000000000 RSI: fffffffffffffffd RDI: 000000000000001d [ 99.380317][ T5948] RBP: 00007f45de01f090 R08: 0000000000000000 R09: 0000000000000000 [ 99.380331][ T5948] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000001 [ 99.380345][ T5948] R13: 0000000000000000 R14: 00007f45dd3b5fa0 R15: 00007f45dd4dfa28 [ 99.380379][ T5948] [ 99.733003][ T0] NOHZ tick-stop error: local softirq work is pending, handler #42!!! [ 99.810501][ T5950] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 99.835369][ T0] NOHZ tick-stop error: local softirq work is pending, handler #40!!! [ 99.882215][ T5950] netlink: 16 bytes leftover after parsing attributes in process `syz.3.11'. [ 100.016241][ T36] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.024601][ T12] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 100.032460][ T12] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.085392][ T36] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 100.802385][ T5959] tipc: Started in network mode [ 100.914843][ T5959] tipc: Node identity , cluster identity 4711 [ 101.150366][ T5962] process 'syz.2.12' launched './file1' with NULL argv: empty string added [ 101.294843][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.343273][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 101.833526][ T9] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 102.004973][ T9] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 102.037596][ T9] usb 2-1: config 0 has no interface number 0 [ 102.092059][ T9] usb 2-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 102.092100][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 102.092116][ T9] usb 2-1: Product: syz [ 102.092127][ T9] usb 2-1: Manufacturer: syz [ 102.092139][ T9] usb 2-1: SerialNumber: syz [ 102.122689][ T9] usb 2-1: config 0 descriptor?? [ 102.445190][ T9] usb 2-1: dvb_usb_v2: found a 'E3C EC168 reference design' in warm state [ 102.507466][ T9] usb 2-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 102.537557][ T9] dvbdev: DVB: registering new adapter (E3C EC168 reference design) [ 102.552268][ T9] usb 2-1: media controller created [ 102.563824][ T3082] usb 4-1: new full-speed USB device number 2 using dummy_hcd [ 102.573248][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 102.583833][ T0] NOHZ tick-stop error: local softirq work is pending, handler #02!!! [ 102.700002][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 102.779042][ T3082] usb 4-1: config index 0 descriptor too short (expected 31, got 27) [ 102.795572][ T5994] netlink: 'syz.4.22': attribute type 1 has an invalid length. [ 102.823101][ T3082] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 102.826729][ T9] i2c i2c-1: ec100: i2c rd failed=-71 reg=33 [ 102.845517][ T3082] usb 4-1: config 1 interface 0 has no altsetting 0 [ 102.865396][ T3082] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 102.888709][ T3082] usb 4-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 102.898306][ T3082] usb 4-1: Product: syz [ 102.906100][ T5997] netlink: 1144 bytes leftover after parsing attributes in process `syz.2.23'. [ 102.928450][ T5994] team0: Port device ip6erspan0 added [ 102.938847][ T3082] usb 4-1: Manufacturer: syz [ 102.946130][ T3082] usb 4-1: SerialNumber: syz [ 102.980638][ T9] usb 2-1: USB disconnect, device number 2 [ 103.281027][ T6004] netlink: 'syz.2.25': attribute type 1 has an invalid length. [ 103.480672][ T6009] openvswitch: netlink: IP tunnel dst address not specified [ 103.593071][ T9] usb 5-1: new high-speed USB device number 2 using dummy_hcd [ 103.752991][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 103.766028][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 103.778427][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8347, setting to 1024 [ 103.887562][ T9] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 103.918143][ T6022] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 103.930138][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 103.952458][ T6022] netlink: 60 bytes leftover after parsing attributes in process `syz.0.29'. [ 103.962472][ T6022] unsupported nlmsg_type 40 [ 104.000098][ T9] usb 5-1: config 0 descriptor?? [ 104.586293][ T9] savu 0003:1E7D:2D5A.0001: hiddev0,hidraw0: USB HID v0.00 Device [HID 1e7d:2d5a] on usb-dummy_hcd.4-1/input0 [ 104.693256][ T5838] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 104.776798][ T44] usb 5-1: USB disconnect, device number 2 [ 104.885686][ T5838] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 104.931476][ T5838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 104.979906][ T5838] usb 3-1: config 0 descriptor?? [ 105.000341][ T6032] fido_id[6032]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 105.316621][ T44] usb 4-1: USB disconnect, device number 2 [ 105.323401][ T5838] usb 3-1: Cannot set autoneg [ 105.333524][ T5838] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 105.451493][ T5838] usb 3-1: USB disconnect, device number 2 [ 106.413970][ T3082] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 106.818180][ T3082] usb 5-1: config 0 has no interfaces? [ 106.832680][ T3082] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 106.878943][ T3082] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 107.071806][ T3082] usb 5-1: Product: syz [ 107.113029][ T3082] usb 5-1: Manufacturer: syz [ 107.117698][ T3082] usb 5-1: SerialNumber: syz [ 107.142434][ T6069] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 107.229408][ T3082] usb 5-1: config 0 descriptor?? [ 107.940491][ T6074] netlink: 'syz.0.42': attribute type 2 has an invalid length. [ 107.948341][ T6074] netlink: 12 bytes leftover after parsing attributes in process `syz.0.42'. [ 108.995680][ T5897] usb 2-1: new full-speed USB device number 3 using dummy_hcd [ 109.035556][ T6079] netlink: 'syz.2.45': attribute type 39 has an invalid length. [ 109.161653][ T5897] usb 2-1: config index 0 descriptor too short (expected 31, got 27) [ 109.177251][ T5897] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 109.210954][ T5897] usb 2-1: config 1 interface 0 altsetting 253 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 109.286614][ T5897] usb 2-1: config 1 interface 0 has no altsetting 0 [ 109.320302][ T5897] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 109.344858][ T5897] usb 2-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 109.392319][ T5897] usb 2-1: Product: syz [ 109.415799][ T5897] usb 2-1: Manufacturer: syz [ 109.436875][ T5897] usb 2-1: SerialNumber: syz [ 109.857949][ T44] usb 5-1: USB disconnect, device number 3 [ 110.193259][ T6093] fuse: Bad value for 'fd' [ 110.219776][ T5897] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 110.363033][ T5897] usb 1-1: Using ep0 maxpacket: 16 [ 110.378025][ T5897] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 110.411685][ T5897] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 110.424496][ T6099] netlink: 60 bytes leftover after parsing attributes in process `syz.4.47'. [ 110.441520][ T5897] usb 1-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 110.458744][ T5897] usb 1-1: Manufacturer: syz [ 110.468334][ T5897] usb 1-1: SerialNumber: syz [ 110.492545][ T5897] usb 1-1: config 0 descriptor?? [ 110.531290][ T5897] em28xx 1-1:0.0: New device syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 110.545355][ T5897] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 110.844245][ T6107] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 110.947374][ T6107] netlink: 16 bytes leftover after parsing attributes in process `syz.3.51'. [ 111.026013][ T6108] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 111.082657][ T6108] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 111.216100][ T6086] Zero length message leads to an empty skb [ 111.705293][ T5838] usb 3-1: new full-speed USB device number 3 using dummy_hcd [ 111.753883][ T5897] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 111.870578][ T5897] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 111.916074][ T5897] em28xx 1-1:0.0: board has no eeprom [ 112.086163][ T6125] netlink: 'syz.3.53': attribute type 25 has an invalid length. [ 112.125427][ T3082] usb 2-1: USB disconnect, device number 3 [ 112.141214][ T5838] usb 3-1: New USB device found, idVendor=0644, idProduct=800f, bcdDevice=c5.77 [ 112.152697][ T5838] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 112.218442][ T5897] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 112.240443][ T5838] usb 3-1: Product: syz [ 112.393591][ T5897] em28xx 1-1:0.0: dvb set to bulk mode. [ 112.400332][ T5838] usb 3-1: Manufacturer: syz [ 112.405332][ T5838] usb 3-1: SerialNumber: syz [ 112.414191][ T9] em28xx 1-1:0.0: Binding DVB extension [ 112.432762][ T5838] usb 3-1: config 0 descriptor?? [ 112.457664][ T5838] usb 1-1: USB disconnect, device number 2 [ 112.467691][ T5838] em28xx 1-1:0.0: Disconnecting em28xx [ 112.674595][ T30] kauditd_printk_skb: 140 callbacks suppressed [ 112.674609][ T30] audit: type=1326 audit(1749990751.167:152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6131 comm="syz.4.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 112.741204][ T9] em28xx 1-1:0.0: Registering input extension [ 112.831880][ T5838] em28xx 1-1:0.0: Closing input extension [ 112.988049][ T30] audit: type=1326 audit(1749990751.197:153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6131 comm="syz.4.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 113.013077][ T24] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 113.111543][ T30] audit: type=1326 audit(1749990751.207:154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6131 comm="syz.4.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=304 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 113.153923][ T5838] em28xx 1-1:0.0: Freeing device [ 113.181626][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 113.193049][ T24] usb 5-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid maxpacket 1040, setting to 1024 [ 113.213618][ T24] usb 5-1: config 0 interface 0 has no altsetting 0 [ 113.230311][ T24] usb 5-1: New USB device found, idVendor=0458, idProduct=5014, bcdDevice= 0.00 [ 113.260449][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 113.282256][ T30] audit: type=1326 audit(1749990751.207:155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6131 comm="syz.4.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f3024d8e929 code=0x7ffc0000 [ 113.309924][ T24] usb 5-1: config 0 descriptor?? [ 113.339892][ T6132] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 113.496573][ T30] audit: type=1326 audit(1749990751.227:156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6131 comm="syz.4.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f3024d8d290 code=0x7ffc0000 [ 113.616245][ T30] audit: type=1326 audit(1749990751.227:157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6131 comm="syz.4.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3024d8e52b code=0x7ffc0000 [ 113.700929][ T30] audit: type=1326 audit(1749990751.227:158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6131 comm="syz.4.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3024d8e52b code=0x7ffc0000 [ 113.830885][ T30] audit: type=1326 audit(1749990751.317:159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6131 comm="syz.4.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3024d8e52b code=0x7ffc0000 [ 113.882043][ T6137] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 113.916890][ T6137] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 113.940162][ T30] audit: type=1326 audit(1749990751.317:160): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6131 comm="syz.4.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3024d8e52b code=0x7ffc0000 [ 114.006088][ T6137] syz.4.55 uses obsolete (PF_INET,SOCK_PACKET) [ 114.052646][ T24] kye 0003:0458:5014.0002: tablet report size too small, or kye_tablet_rdesc unexpectedly large [ 114.076770][ T30] audit: type=1326 audit(1749990751.347:161): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6131 comm="syz.4.55" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f3024d8e52b code=0x7ffc0000 [ 114.160199][ T24] kye 0003:0458:5014.0002: hidraw0: USB HID v0.01 Device [HID 0458:5014] on usb-dummy_hcd.4-1/input0 [ 114.239493][ T24] kye 0003:0458:5014.0002: tablet-enabling feature report not found [ 114.300203][ T5920] usb 3-1: USB disconnect, device number 3 [ 114.416435][ T24] kye 0003:0458:5014.0002: tablet enabling failed [ 115.917009][ T5920] usb 5-1: USB disconnect, device number 4 [ 116.204471][ T24] usb 1-1: new full-speed USB device number 3 using dummy_hcd [ 116.434848][ T24] usb 1-1: config index 0 descriptor too short (expected 31, got 27) [ 116.466741][ T24] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 116.497918][ T24] usb 1-1: config 1 interface 0 altsetting 253 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 116.544344][ T24] usb 1-1: config 1 interface 0 has no altsetting 0 [ 116.605964][ T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 116.633078][ T24] usb 1-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 116.672995][ T24] usb 1-1: Product: syz [ 116.677261][ T24] usb 1-1: Manufacturer: syz [ 116.681907][ T24] usb 1-1: SerialNumber: syz [ 116.998869][ T6182] netlink: 'syz.2.71': attribute type 1 has an invalid length. [ 117.298931][ T6191] FAULT_INJECTION: forcing a failure. [ 117.298931][ T6191] name failslab, interval 1, probability 0, space 0, times 0 [ 117.350388][ T6191] CPU: 1 UID: 0 PID: 6191 Comm: syz.3.72 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 117.350423][ T6191] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 117.350437][ T6191] Call Trace: [ 117.350445][ T6191] [ 117.350455][ T6191] dump_stack_lvl+0x189/0x250 [ 117.350497][ T6191] ? __pfx____ratelimit+0x10/0x10 [ 117.350532][ T6191] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.350568][ T6191] ? __pfx__printk+0x10/0x10 [ 117.350609][ T6191] should_fail_ex+0x414/0x560 [ 117.350644][ T6191] should_failslab+0xa8/0x100 [ 117.350671][ T6191] __kmalloc_cache_noprof+0x70/0x3d0 [ 117.350694][ T6191] ? sctp_add_bind_addr+0x8c/0x370 [ 117.350722][ T6191] sctp_add_bind_addr+0x8c/0x370 [ 117.350750][ T6191] sctp_copy_local_addr_list+0x30b/0x4e0 [ 117.350778][ T6191] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 117.350801][ T6191] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 117.350829][ T6191] ? sctp_v4_is_any+0x35/0x60 [ 117.350852][ T6191] ? sctp_copy_one_addr+0x93/0x360 [ 117.350879][ T6191] sctp_bind_addr_copy+0xb3/0x3c0 [ 117.350903][ T6191] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 117.350941][ T6191] sctp_connect_new_asoc+0x2e0/0x690 [ 117.350975][ T6191] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 117.351002][ T6191] ? __local_bh_enable_ip+0x12d/0x1c0 [ 117.351044][ T6191] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 117.351076][ T6191] ? security_sctp_bind_connect+0x7e/0x2e0 [ 117.351105][ T6191] sctp_sendmsg+0x155c/0x2810 [ 117.351147][ T6191] ? __pfx_sctp_sendmsg+0x10/0x10 [ 117.351179][ T6191] ? aa_sk_perm+0x81e/0x950 [ 117.351212][ T6191] ? __pfx_aa_sk_perm+0x10/0x10 [ 117.351242][ T6191] ? sock_rps_record_flow+0x19/0x410 [ 117.351268][ T6191] ? inet_sendmsg+0x2f4/0x370 [ 117.351294][ T6191] __sock_sendmsg+0x19c/0x270 [ 117.351346][ T6191] __sys_sendto+0x3bd/0x520 [ 117.351376][ T6191] ? __pfx___sys_sendto+0x10/0x10 [ 117.351398][ T6191] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 117.351435][ T6191] ? __fget_files+0x3a0/0x420 [ 117.351474][ T6191] ? ksys_write+0x22a/0x250 [ 117.351498][ T6191] ? __pfx_ksys_write+0x10/0x10 [ 117.351516][ T6191] ? rcu_is_watching+0x15/0xb0 [ 117.351557][ T6191] __x64_sys_sendto+0xde/0x100 [ 117.351587][ T6191] do_syscall_64+0xfa/0x3b0 [ 117.351606][ T6191] ? lockdep_hardirqs_on+0x9c/0x150 [ 117.351639][ T6191] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.351661][ T6191] ? clear_bhb_loop+0x60/0xb0 [ 117.351688][ T6191] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.351710][ T6191] RIP: 0033:0x7f45dd18e929 [ 117.351730][ T6191] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.351748][ T6191] RSP: 002b:00007f45de01f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 117.351773][ T6191] RAX: ffffffffffffffda RBX: 00007f45dd3b5fa0 RCX: 00007f45dd18e929 [ 117.351789][ T6191] RDX: 000000000000ffe0 RSI: 0000200000000100 RDI: 0000000000000003 [ 117.351803][ T6191] RBP: 00007f45de01f090 R08: 00002000000000c0 R09: 0000000000000010 [ 117.351818][ T6191] R10: 00000000040048c4 R11: 0000000000000246 R12: 0000000000000002 [ 117.351831][ T6191] R13: 0000000000000000 R14: 00007f45dd3b5fa0 R15: 00007f45dd4dfa28 [ 117.351866][ T6191] [ 117.666814][ C1] vkms_vblank_simulate: vblank timer overrun [ 119.134049][ T24] usb 1-1: USB disconnect, device number 3 [ 119.672967][ T24] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 119.876625][ T24] usb 1-1: device descriptor read/64, error -71 [ 120.124722][ T24] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 120.283136][ T24] usb 1-1: device descriptor read/64, error -71 [ 120.335099][ T6236] lo: entered promiscuous mode [ 120.349802][ T6236] tunl0: entered promiscuous mode [ 120.360099][ T6236] gre0: entered promiscuous mode [ 120.371834][ T6236] gretap0: entered promiscuous mode [ 120.378823][ T6236] erspan0: entered promiscuous mode [ 120.388976][ T6236] ip_vti0: entered promiscuous mode [ 120.395179][ T6236] ip6_vti0: entered promiscuous mode [ 120.401250][ T6236] sit0: entered promiscuous mode [ 120.433919][ T6236] ip6tnl0: entered promiscuous mode [ 120.440000][ T6236] ip6gre0: entered promiscuous mode [ 120.445432][ T24] usb usb1-port1: attempt power cycle [ 120.517485][ T6236] ip6gretap0: entered promiscuous mode [ 120.564079][ T6236] bridge0: entered promiscuous mode [ 120.611762][ T6236] vcan0: entered promiscuous mode [ 120.675625][ T6236] bond0: entered promiscuous mode [ 120.680746][ T6236] bond_slave_0: entered promiscuous mode [ 120.774074][ T6236] bond_slave_1: entered promiscuous mode [ 120.804351][ T6236] team0: entered promiscuous mode [ 120.809492][ T6236] team_slave_0: entered promiscuous mode [ 120.825095][ T6236] team_slave_1: entered promiscuous mode [ 120.835043][ T24] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 120.859402][ T6236] dummy0: entered promiscuous mode [ 120.879979][ T6236] nlmon0: entered promiscuous mode [ 120.887721][ T24] usb 1-1: device descriptor read/8, error -71 [ 120.904739][ T6236] caif0: entered promiscuous mode [ 120.910018][ T6236] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 121.023029][ T9] usb 2-1: new full-speed USB device number 4 using dummy_hcd [ 121.153200][ T24] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 121.197656][ T24] usb 1-1: device descriptor read/8, error -71 [ 121.235738][ T9] usb 2-1: config index 0 descriptor too short (expected 31, got 27) [ 121.245614][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 121.277102][ T9] usb 2-1: config 1 interface 0 altsetting 253 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 121.331296][ T9] usb 2-1: config 1 interface 0 has no altsetting 0 [ 121.342081][ T9] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 121.358413][ T24] usb usb1-port1: unable to enumerate USB device [ 121.379545][ T9] usb 2-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 121.390192][ T9] usb 2-1: Product: syz [ 121.395579][ T9] usb 2-1: Manufacturer: syz [ 121.400324][ T9] usb 2-1: SerialNumber: syz [ 121.849431][ T6261] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 121.900112][ T6261] netlink: 16 bytes leftover after parsing attributes in process `syz.2.90'. [ 122.556825][ T6272] ======================================================= [ 122.556825][ T6272] WARNING: The mand mount option has been deprecated and [ 122.556825][ T6272] and is ignored by this kernel. Remove the mand [ 122.556825][ T6272] option from the mount to silence this warning. [ 122.556825][ T6272] ======================================================= [ 122.647365][ T6274] netlink: 72 bytes leftover after parsing attributes in process `syz.3.94'. [ 122.797844][ T6279] netlink: 56 bytes leftover after parsing attributes in process `syz.4.97'. [ 122.807942][ T6280] Cannot find set identified by id 0 to match [ 122.934197][ T5920] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 123.073012][ T5920] usb 4-1: device descriptor read/64, error -71 [ 123.393152][ T5920] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 123.533161][ T5920] usb 4-1: device descriptor read/64, error -71 [ 123.655666][ T5920] usb usb4-port1: attempt power cycle [ 124.083139][ T5920] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 124.085049][ T24] usb 2-1: USB disconnect, device number 4 [ 124.134997][ T5920] usb 4-1: device descriptor read/8, error -71 [ 124.242725][ T6296] xt_CT: You must specify a L4 protocol and not use inversions on it [ 124.404491][ T5920] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 124.464049][ T5920] usb 4-1: device descriptor read/8, error -71 [ 124.617370][ T5920] usb usb4-port1: unable to enumerate USB device [ 124.919035][ T6305] xt_CT: No such helper "snmp" [ 125.036521][ T6313] netlink: 44 bytes leftover after parsing attributes in process `syz.2.105'. [ 125.418419][ T9] usb 3-1: new full-speed USB device number 4 using dummy_hcd [ 125.582989][ T9] usb 3-1: device descriptor read/64, error -71 [ 125.893343][ T9] usb 3-1: new full-speed USB device number 5 using dummy_hcd [ 126.062986][ T9] usb 3-1: device descriptor read/64, error -71 [ 126.186800][ T9] usb usb3-port1: attempt power cycle [ 126.553107][ T9] usb 3-1: new full-speed USB device number 6 using dummy_hcd [ 126.571965][ T44] usb 4-1: new full-speed USB device number 7 using dummy_hcd [ 126.593804][ T9] usb 3-1: device descriptor read/8, error -71 [ 126.774717][ T44] usb 4-1: config index 0 descriptor too short (expected 31, got 27) [ 126.783389][ T44] usb 4-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid wMaxPacketSize 0 [ 126.802047][ T6329] tipc: Started in network mode [ 126.807167][ T6329] tipc: Node identity ac14140f, cluster identity 4711 [ 126.816955][ T6329] tipc: New replicast peer: 255.255.255.255 [ 126.832138][ T6329] tipc: Enabled bearer , priority 10 [ 126.849148][ T6329] netlink: 4 bytes leftover after parsing attributes in process `syz.1.108'. [ 126.852475][ T44] usb 4-1: config 1 interface 0 has no altsetting 0 [ 126.873904][ T44] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 126.883885][ T9] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 126.901879][ T44] usb 4-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 126.910876][ T44] usb 4-1: Product: syz [ 126.915447][ T44] usb 4-1: Manufacturer: syz [ 126.920188][ T44] usb 4-1: SerialNumber: syz [ 126.942771][ T9] usb 3-1: device descriptor read/8, error -71 [ 127.077834][ T9] usb usb3-port1: unable to enumerate USB device [ 127.188330][ T6341] netlink: 16 bytes leftover after parsing attributes in process `syz.4.113'. [ 127.945076][ T9] tipc: Node number set to 2886997007 [ 128.519131][ T6367] PKCS7: Unknown OID: [5] (bad) [ 128.525293][ T6367] PKCS7: Only support pkcs7_signedData type [ 128.692339][ T6367] xt_l2tp: v2 doesn't support IP mode [ 129.830671][ T44] usb 4-1: USB disconnect, device number 7 [ 130.284698][ T6383] netlink: 16 bytes leftover after parsing attributes in process `syz.4.126'. [ 130.443775][ T6383] team0: entered promiscuous mode [ 130.632552][ T6383] team_slave_0: entered promiscuous mode [ 130.659963][ T6383] team_slave_1: entered promiscuous mode [ 130.669678][ T6383] ip6erspan0: entered promiscuous mode [ 130.770861][ T6383] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 130.804734][ T6383] team0: left promiscuous mode [ 130.817337][ T6383] team_slave_0: left promiscuous mode [ 130.863828][ T6383] team_slave_1: left promiscuous mode [ 130.897389][ T6383] ip6erspan0: left promiscuous mode [ 131.082542][ T6395] (unnamed net_device) (uninitialized): option primary: mode dependency failed, not supported in mode balance-rr(0) [ 131.652603][ T6407] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 132.225462][ T6407] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 132.493091][ T44] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 133.153076][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 133.171369][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 133.186400][ T44] usb 3-1: New USB device found, idVendor=18b1, idProduct=0037, bcdDevice= 0.00 [ 133.197445][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 133.223304][ T3082] usb 2-1: new full-speed USB device number 5 using dummy_hcd [ 133.264829][ T44] usb 3-1: config 0 descriptor?? [ 133.408002][ T3082] usb 2-1: config index 0 descriptor too short (expected 31, got 27) [ 133.431032][ T3082] usb 2-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid wMaxPacketSize 0 [ 133.465065][ T3082] usb 2-1: config 1 interface 0 has no altsetting 0 [ 133.496834][ T3082] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 133.555682][ T3082] usb 2-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 133.620537][ T3082] usb 2-1: Product: syz [ 133.646165][ T3082] usb 2-1: Manufacturer: syz [ 133.704216][ T44] usbhid 3-1:0.0: can't add hid device: -71 [ 133.726022][ T3082] usb 2-1: SerialNumber: syz [ 133.734945][ T44] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 133.782518][ T44] usb 3-1: USB disconnect, device number 8 [ 134.823060][ T3082] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 134.883148][ T9] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 134.963094][ T3082] usb 4-1: device descriptor read/64, error -71 [ 135.075510][ T9] usb 3-1: device descriptor read/64, error -71 [ 135.167115][ T6449] netlink: 'syz.4.145': attribute type 1 has an invalid length. [ 135.202970][ T3082] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 135.226034][ T6449] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 135.343050][ T3082] usb 4-1: device descriptor read/64, error -71 [ 135.423049][ T9] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 135.473995][ T3082] usb usb4-port1: attempt power cycle [ 135.563059][ T9] usb 3-1: device descriptor read/64, error -71 [ 135.679610][ T9] usb usb3-port1: attempt power cycle [ 135.832986][ T3082] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 135.854454][ T3082] usb 4-1: device descriptor read/8, error -71 [ 136.097990][ T9] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 136.133795][ T9] usb 3-1: device descriptor read/8, error -71 [ 136.153390][ T3082] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 136.180054][ T5920] usb 2-1: USB disconnect, device number 5 [ 136.254788][ T3082] usb 4-1: device descriptor read/8, error -71 [ 136.263167][ T6462] netlink: 12 bytes leftover after parsing attributes in process `syz.0.148'. [ 136.286881][ T6461] netlink: 8 bytes leftover after parsing attributes in process `syz.1.149'. [ 136.374693][ T9] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 136.383453][ T3082] usb usb4-port1: unable to enumerate USB device [ 136.425692][ T9] usb 3-1: device descriptor read/8, error -71 [ 136.554235][ T9] usb usb3-port1: unable to enumerate USB device [ 136.943096][ T9] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 137.101763][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 137.114957][ T9] usb 1-1: config 0 has an invalid interface number: 231 but max is 0 [ 137.128859][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 137.139698][ T9] usb 1-1: config 0 has no interface number 0 [ 137.151730][ T9] usb 1-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 137.162290][ T9] usb 1-1: config 0 interface 231 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 137.179706][ T6471] netlink: 4 bytes leftover after parsing attributes in process `syz.4.152'. [ 137.190270][ T9] usb 1-1: New USB device found, idVendor=d024, idProduct=5e5a, bcdDevice=16.a9 [ 137.206347][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 137.216574][ T9] usb 1-1: Product: syz [ 137.220810][ T9] usb 1-1: Manufacturer: syz [ 137.225581][ T9] usb 1-1: SerialNumber: syz [ 137.244587][ T9] usb 1-1: config 0 descriptor?? [ 137.250398][ T6466] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 137.260933][ T9] usb-storage 1-1:0.231: USB Mass Storage device detected [ 137.434602][ T24] usb 5-1: new full-speed USB device number 5 using dummy_hcd [ 137.573925][ T24] usb 5-1: device descriptor read/64, error -71 [ 137.943021][ T24] usb 5-1: new full-speed USB device number 6 using dummy_hcd [ 137.981612][ T6485] netlink: 96 bytes leftover after parsing attributes in process `syz.2.156'. [ 138.002464][ T6485] tipc: Started in network mode [ 138.009417][ T6485] tipc: Node identity ac141442, cluster identity 4711 [ 138.027527][ T6485] tipc: New replicast peer: 0.0.0.0 [ 138.038805][ T6485] tipc: Enabled bearer , priority 10 [ 138.086630][ T24] usb 5-1: device descriptor read/64, error -71 [ 138.209354][ T24] usb usb5-port1: attempt power cycle [ 138.250633][ T6493] tipc: Cannot configure node identity twice [ 138.384182][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 138.391071][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 138.573212][ T24] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 138.625325][ T24] usb 5-1: device descriptor read/8, error -71 [ 138.783057][ T5838] usb 3-1: new full-speed USB device number 13 using dummy_hcd [ 138.883186][ T24] usb 5-1: new full-speed USB device number 8 using dummy_hcd [ 138.924495][ T24] usb 5-1: device descriptor read/8, error -71 [ 138.957138][ T5838] usb 3-1: config index 0 descriptor too short (expected 31, got 27) [ 138.982339][ T5838] usb 3-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid wMaxPacketSize 0 [ 139.030585][ T5838] usb 3-1: config 1 interface 0 has no altsetting 0 [ 139.061785][ T5838] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 139.075166][ T24] usb usb5-port1: unable to enumerate USB device [ 139.090183][ T5838] usb 3-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 139.114207][ T5838] usb 3-1: Product: syz [ 139.125504][ T5838] usb 3-1: Manufacturer: syz [ 139.140491][ T5838] usb 3-1: SerialNumber: syz [ 139.153073][ T5920] tipc: Node number set to 2886997058 [ 139.450971][ T9] usb 1-1: USB disconnect, device number 8 [ 140.760409][ T6533] netlink: 'syz.1.167': attribute type 1 has an invalid length. [ 142.131045][ T9] usb 3-1: USB disconnect, device number 13 [ 144.574251][ T6565] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 144.613142][ T6565] netlink: 16 bytes leftover after parsing attributes in process `syz.3.176'. [ 145.773269][ T1210] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 145.935908][ T1210] usb 4-1: config index 0 descriptor too short (expected 31, got 27) [ 145.956788][ T1210] usb 4-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid wMaxPacketSize 0 [ 146.127884][ T1210] usb 4-1: config 1 interface 0 has no altsetting 0 [ 146.183591][ T1210] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 146.218495][ T1210] usb 4-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 146.229057][ T1210] usb 4-1: Product: syz [ 146.234770][ T1210] usb 4-1: Manufacturer: syz [ 146.241903][ T1210] usb 4-1: SerialNumber: syz [ 146.924911][ T1210] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 147.195828][ T24] usb 4-1: USB disconnect, device number 12 [ 147.201678][ T24] usblp0: removed [ 150.358295][ T6621] syz.2.190 (6621): drop_caches: 2 [ 152.213627][ T5923] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 152.739039][ T5923] usb 4-1: config index 0 descriptor too short (expected 31, got 27) [ 152.902288][ T5923] usb 4-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid wMaxPacketSize 0 [ 152.978267][ T5923] usb 4-1: config 1 interface 0 has no altsetting 0 [ 153.004769][ T5923] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 153.017748][ T5923] usb 4-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 153.033890][ T5923] usb 4-1: Product: syz [ 153.038411][ T5923] usb 4-1: Manufacturer: syz [ 153.044330][ T5923] usb 4-1: SerialNumber: syz [ 153.686581][ T5923] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 153.913550][ T5923] usb 4-1: USB disconnect, device number 13 [ 153.955805][ T5923] usblp0: removed [ 155.172970][ T5838] usb 1-1: new full-speed USB device number 9 using dummy_hcd [ 155.405553][ T5838] usb 1-1: not running at top speed; connect to a high speed hub [ 155.444488][ T5838] usb 1-1: config 1 interface 0 has no altsetting 0 [ 155.505074][ T5838] usb 1-1: New USB device found, idVendor=0c16, idProduct=0002, bcdDevice= 0.40 [ 155.526617][ T5838] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.576139][ T5838] usb 1-1: Product: 段鲴♼䬃든斾㬘鯟온蕷醤엛ì­å¾©äž¬ì”µæ£Ÿâ·¯áŽ­é±¯ë¸æ›‘æ“Žá”쮗謻࢕ᅺ榰棠೿牠ୣã¥Ä‚赵ࠢ巃巹죒㲑ä³å…¸î•—秦î©èµá¾®ìƒ°æ®²ç›Žá‹‰â»³æµ®â‰†æ¶«á¨”ℾ䊥嚉凂㛆鿧䉔≾仔ҋé¼æ¬¤èˆ¿ê‚²æ’¬ç–¥à²«ë‰ä¦ë§¼é‹¼ì‹±ì”çˆç¦¤é“„â½ [ 155.852546][ T5838] usb 1-1: Manufacturer: Ñ• [ 155.867501][ T5838] usb 1-1: SerialNumber: á„«çžï„‚é’§ë¢ [ 156.720781][ T5838] usbhid 1-1:1.0: can't add hid device: -71 [ 156.771530][ T5838] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 156.830126][ T5838] usb 1-1: USB disconnect, device number 9 [ 156.874678][ T6686] tipc: Started in network mode [ 156.880030][ T6686] tipc: Node identity ac14140f, cluster identity 4711 [ 156.898971][ T6686] tipc: New replicast peer: 255.255.255.255 [ 156.915714][ T6686] tipc: Enabled bearer , priority 10 [ 156.924431][ T6688] netlink: 4 bytes leftover after parsing attributes in process `syz.3.204'. [ 157.082203][ T6692] vxcan1: entered promiscuous mode [ 157.754462][ T5838] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 157.992953][ T5838] usb 2-1: Using ep0 maxpacket: 8 [ 158.004890][ T5838] usb 2-1: unable to get BOS descriptor or descriptor too short [ 158.024743][ T5838] usb 2-1: config 5 has an invalid interface number: 215 but max is 0 [ 158.055979][ T5838] usb 2-1: config 5 has no interface number 0 [ 158.062200][ T5838] usb 2-1: config 5 interface 215 has no altsetting 0 [ 158.069385][ T9] tipc: Node number set to 2886997007 [ 158.099316][ T5838] usb 2-1: New USB device found, idVendor=1163, idProduct=0100, bcdDevice=dc.ba [ 158.113268][ T5838] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.121979][ T5838] usb 2-1: Product: syz [ 158.126691][ T5838] usb 2-1: Manufacturer: syz [ 158.131522][ T5838] usb 2-1: SerialNumber: syz [ 158.470481][ T6699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.481052][ T6699] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.496780][ T6699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.512805][ T6699] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.532434][ T6699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.545456][ T6699] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.557419][ T6699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.569819][ T6699] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.591973][ T6699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.605982][ T6699] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.755929][ T5838] cypress_m8 2-1:5.215: DeLorme Earthmate USB converter detected [ 158.800324][ T5838] earthmate ttyUSB0: required endpoint is missing [ 158.982998][ T9] usb 1-1: new full-speed USB device number 10 using dummy_hcd [ 159.067588][ T5838] usb 2-1: USB disconnect, device number 6 [ 159.093495][ T5838] cypress_m8 2-1:5.215: device disconnected [ 159.269888][ T9] usb 1-1: config index 0 descriptor too short (expected 31, got 27) [ 159.278625][ T9] usb 1-1: config 1 interface 0 altsetting 253 endpoint 0x1 has invalid wMaxPacketSize 0 [ 159.303154][ T9] usb 1-1: config 1 interface 0 has no altsetting 0 [ 159.322504][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 159.333692][ T9] usb 1-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 159.341974][ T9] usb 1-1: Product: syz [ 159.372595][ T9] usb 1-1: Manufacturer: syz [ 159.396695][ T9] usb 1-1: SerialNumber: syz [ 160.298196][ T9] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 10 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 160.386305][ T6736] netlink: 96 bytes leftover after parsing attributes in process `syz.3.220'. [ 160.451759][ T6736] tipc: Enabling of bearer rejected, failed to enable media [ 160.482227][ T9] usb 1-1: USB disconnect, device number 10 [ 160.498344][ T9] usblp0: removed [ 160.690675][ T6739] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 160.698063][ T6739] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 160.720643][ T6739] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 160.775132][ T6739] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 160.788013][ T6739] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 160.809448][ T6739] Bluetooth: hci1: Opcode 0x0406 failed: -4 [ 160.822689][ T6739] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 160.841410][ T6739] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 160.903800][ T6739] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 160.971216][ T6739] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 160.978654][ T6739] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 161.049985][ T6739] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 161.178716][ T6739] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 161.203531][ T6739] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 161.296686][ T6739] Bluetooth: hci4: Opcode 0x0406 failed: -4 [ 161.668183][ T6748] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 161.772570][ T6748] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 161.784753][ T6748] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 161.794334][ T6748] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 161.801514][ T6748] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 162.942989][ T24] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 163.074303][ T6768] tipc: Started in network mode [ 163.079230][ T6768] tipc: Node identity ac14140f, cluster identity 4711 [ 163.153059][ T24] usb 5-1: device descriptor read/64, error -71 [ 163.168125][ T6768] tipc: New replicast peer: 255.255.255.255 [ 163.180304][ T6768] tipc: Enabled bearer , priority 10 [ 163.268163][ T6768] netlink: 4 bytes leftover after parsing attributes in process `syz.0.225'. [ 163.432990][ T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 163.477849][ T6778] netlink: 60 bytes leftover after parsing attributes in process `syz.1.232'. [ 163.563022][ T24] usb 5-1: device descriptor read/64, error -71 [ 163.684617][ T24] usb usb5-port1: attempt power cycle [ 163.693575][ T51] Bluetooth: hci0: command 0x0c1a tx timeout [ 163.853899][ T51] Bluetooth: hci4: command 0x0c1a tx timeout [ 163.853919][ T5156] Bluetooth: hci3: command 0x0c1a tx timeout [ 163.860059][ T51] Bluetooth: hci2: command 0x0c1a tx timeout [ 163.866814][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout [ 164.063136][ T24] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 164.073094][ T5923] usb 4-1: new full-speed USB device number 14 using dummy_hcd [ 164.101650][ T24] usb 5-1: device descriptor read/8, error -71 [ 164.265895][ T5923] usb 4-1: config index 0 descriptor too short (expected 31, got 27) [ 164.285988][ T5923] usb 4-1: config 1 interface 0 has no altsetting 0 [ 164.293280][ T9] tipc: Node number set to 2886997007 [ 164.296066][ T5923] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 164.309453][ T5923] usb 4-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 164.373249][ T24] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 164.432243][ T5923] usb 4-1: Product: syz [ 164.447396][ T24] usb 5-1: device descriptor read/8, error -71 [ 164.454864][ T5923] usb 4-1: Manufacturer: syz [ 164.460810][ T5923] usb 4-1: SerialNumber: syz [ 164.575252][ T24] usb usb5-port1: unable to enumerate USB device [ 165.034890][ T5923] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 165.081373][ T5923] usb 4-1: USB disconnect, device number 14 [ 165.139054][ T5923] usblp0: removed [ 165.318142][ T1210] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 165.504830][ T1210] usb 1-1: config 0 has an invalid interface number: 117 but max is 0 [ 165.513524][ T1210] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 165.524351][ T1210] usb 1-1: config 0 has no interface number 0 [ 165.530632][ T1210] usb 1-1: too many endpoints for config 0 interface 117 altsetting 0: 239, using maximum allowed: 30 [ 165.552576][ T1210] usb 1-1: config 0 interface 117 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 165.567943][ T1210] usb 1-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 239 [ 165.587447][ T1210] usb 1-1: New USB device found, idVendor=0742, idProduct=2009, bcdDevice=61.46 [ 165.603365][ T1210] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 165.613760][ T1210] usb 1-1: Product: syz [ 165.623325][ T1210] usb 1-1: Manufacturer: syz [ 165.634116][ T1210] usb 1-1: SerialNumber: syz [ 165.652751][ T1210] usb 1-1: config 0 descriptor?? [ 165.672767][ T1210] HFC-S_USB 1-1:0.117: probe with driver HFC-S_USB failed with error -5 [ 165.774134][ T6785] Bluetooth: hci0: command 0x0c1a tx timeout [ 165.873914][ T6797] netlink: 60 bytes leftover after parsing attributes in process `syz.0.240'. [ 165.889052][ T9] usb 1-1: USB disconnect, device number 11 [ 165.933142][ T6785] Bluetooth: hci2: command 0x0c1a tx timeout [ 165.939980][ T5836] Bluetooth: hci3: command 0x0c1a tx timeout [ 165.940057][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout [ 165.956809][ T5156] Bluetooth: hci4: command 0x0c1a tx timeout [ 166.302487][ T6817] netlink: 16 bytes leftover after parsing attributes in process `syz.3.245'. [ 166.334716][ T6819] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(9) [ 166.341397][ T6819] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 166.352685][ T6819] vhci_hcd vhci_hcd.0: Device attached [ 166.364600][ T6819] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 166.386563][ T6819] vhci_hcd vhci_hcd.0: pdev(4) rhport(2) sockfd(13) [ 166.393228][ T6819] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 166.407573][ T6819] vhci_hcd vhci_hcd.0: Device attached [ 166.416926][ T6819] vhci_hcd vhci_hcd.0: pdev(4) rhport(3) sockfd(15) [ 166.423575][ T6819] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 166.435772][ T6819] vhci_hcd vhci_hcd.0: Device attached [ 166.458610][ T6819] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 166.475635][ T6817] team0: entered promiscuous mode [ 166.481422][ T6819] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 166.494004][ T5923] usb 2-1: new full-speed USB device number 7 using dummy_hcd [ 166.523876][ T1210] vhci_hcd: vhci_device speed not set [ 166.531672][ T6819] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 166.545968][ T6817] team_slave_0: entered promiscuous mode [ 166.564869][ T6819] vhci_hcd vhci_hcd.0: pdev(4) rhport(7) sockfd(23) [ 166.571572][ T6819] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 166.579818][ T6817] team_slave_1: entered promiscuous mode [ 166.584264][ T1210] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 166.624595][ T6817] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 166.627193][ T6819] vhci_hcd vhci_hcd.0: Device attached [ 166.695884][ T5923] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 166.713985][ T6817] team0: left promiscuous mode [ 166.718848][ T6817] team_slave_0: left promiscuous mode [ 166.738234][ T6817] team_slave_1: left promiscuous mode [ 166.744254][ T5923] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 166.801541][ T5923] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 166.883506][ T5923] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 166.892642][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.977571][ T5923] usb 2-1: Product: syz [ 166.981923][ T5923] usb 2-1: Manufacturer: syz [ 167.022053][ T5923] usb 2-1: SerialNumber: syz [ 167.259415][ T6815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.303622][ T6815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.338277][ T6815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.365540][ T6815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.375417][ T6815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.384509][ T6815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.393969][ T6815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.403467][ T6815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.413846][ T6815] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.425907][ T6815] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.455336][ T5923] usb 2-1: 2:1 : no or invalid class specific endpoint descriptor [ 167.466505][ T5923] usb 2-1: 2:1 : unknown format tag 0x0 is detected. processed as MPEG. [ 167.475384][ T5923] usb 2-1: found format II with max.bitrate = 128, frame size=0 [ 167.486514][ T5923] usb 2-1: 2:1: All rates were zero [ 167.609681][ T5923] usb 2-1: USB disconnect, device number 7 [ 167.691721][ T5998] udevd[5998]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 167.855276][ T5156] Bluetooth: hci0: command 0x0c1a tx timeout [ 167.916909][ T6831] tipc: Enabling of bearer rejected, already enabled [ 167.933486][ T6831] netlink: 4 bytes leftover after parsing attributes in process `syz.0.248'. [ 168.013042][ T5156] Bluetooth: hci4: command 0x0c1a tx timeout [ 168.019174][ T5842] Bluetooth: hci2: command 0x0c1a tx timeout [ 168.019220][ T6785] Bluetooth: hci1: command 0x0c1a tx timeout [ 168.025453][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout [ 168.087510][ T6846] netlink: 96 bytes leftover after parsing attributes in process `syz.1.254'. [ 168.098317][ T6846] tipc: Enabling of bearer rejected, failed to enable media [ 168.172752][ T6848] netlink: 16 bytes leftover after parsing attributes in process `syz.1.255'. [ 168.189956][ T6848] team0: entered promiscuous mode [ 168.196692][ T6848] team_slave_0: entered promiscuous mode [ 168.209964][ T6848] team_slave_1: entered promiscuous mode [ 168.218656][ T6848] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 168.225843][ T5923] usb 4-1: new full-speed USB device number 15 using dummy_hcd [ 168.258414][ T6848] team0: left promiscuous mode [ 168.264210][ T6848] team_slave_0: left promiscuous mode [ 168.270161][ T6848] team_slave_1: left promiscuous mode [ 168.427342][ T5923] usb 4-1: config index 0 descriptor too short (expected 31, got 27) [ 168.453988][ T5923] usb 4-1: config 1 interface 0 has no altsetting 0 [ 168.487631][ T5923] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 168.557539][ T5923] usb 4-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 168.595258][ T5923] usb 4-1: Product: syz [ 168.599879][ T5923] usb 4-1: Manufacturer: syz [ 168.607779][ T5923] usb 4-1: SerialNumber: syz [ 169.156955][ T5923] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 15 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 169.248983][ T5923] usb 4-1: USB disconnect, device number 15 [ 169.300650][ T6826] vhci_hcd: connection closed [ 169.301951][ T6824] vhci_hcd: connection closed [ 169.306801][ T6820] vhci_hcd: connection reset by peer [ 169.316826][ T6822] vhci_hcd: connection closed [ 169.321382][ T12] vhci_hcd: stop threads [ 169.374035][ T5923] usblp0: removed [ 169.397709][ T12] vhci_hcd: release socket [ 169.430652][ T12] vhci_hcd: disconnect device [ 169.437665][ T12] vhci_hcd: stop threads [ 169.445447][ T12] vhci_hcd: release socket [ 169.451719][ T12] vhci_hcd: disconnect device [ 169.458784][ T12] vhci_hcd: stop threads [ 169.465773][ T12] vhci_hcd: release socket [ 169.476927][ T12] vhci_hcd: disconnect device [ 169.493235][ T12] vhci_hcd: stop threads [ 169.498428][ T12] vhci_hcd: release socket [ 169.520029][ T12] vhci_hcd: disconnect device [ 170.000810][ T6876] xt_CT: You must specify a L4 protocol and not use inversions on it [ 170.850399][ T44] usb 3-1: new full-speed USB device number 14 using dummy_hcd [ 171.014571][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 171.033158][ T44] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 171.070359][ T44] usb 3-1: New USB device found, idVendor=04f3, idProduct=0754, bcdDevice= 0.00 [ 171.107359][ T44] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.117561][ T5838] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 171.146442][ T44] usb 3-1: config 0 descriptor?? [ 171.294046][ T5838] usb 4-1: device descriptor read/64, error -71 [ 171.546258][ T5838] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 171.578215][ T44] hid-generic 0003:04F3:0754.0003: failed to start in urb: -90 [ 171.626908][ T44] hid-generic 0003:04F3:0754.0003: hidraw0: USB HID v1.01 Device [HID 04f3:0754] on usb-dummy_hcd.2-1/input0 [ 171.683139][ T1210] vhci_hcd: vhci_device speed not set [ 171.714456][ T5838] usb 4-1: device descriptor read/64, error -71 [ 171.811737][ T6901] netlink: 16 bytes leftover after parsing attributes in process `syz.1.272'. [ 171.853509][ T5838] usb usb4-port1: attempt power cycle [ 172.133277][ T44] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 172.233248][ T5838] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 172.263899][ T5838] usb 4-1: device descriptor read/8, error -71 [ 172.304256][ T5923] usb 3-1: USB disconnect, device number 14 [ 172.311348][ T44] usb 1-1: config index 0 descriptor too short (expected 31, got 27) [ 172.326205][ T44] usb 1-1: config 1 interface 0 has no altsetting 0 [ 172.347965][ T44] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 172.368564][ T44] usb 1-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 172.393670][ T44] usb 1-1: Product: syz [ 172.401197][ T44] usb 1-1: Manufacturer: syz [ 172.407374][ T44] usb 1-1: SerialNumber: syz [ 172.513249][ T5838] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 172.554503][ T5838] usb 4-1: device descriptor read/8, error -71 [ 172.673519][ T5838] usb usb4-port1: unable to enumerate USB device [ 172.873213][ T44] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 12 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 172.919049][ T44] usb 1-1: USB disconnect, device number 12 [ 172.939281][ T44] usblp0: removed [ 173.038785][ T6917] tipc: Started in network mode [ 173.043945][ T6917] tipc: Node identity ac14140f, cluster identity 4711 [ 173.052581][ T6917] tipc: New replicast peer: 255.255.255.255 [ 173.059831][ T6917] tipc: Enabled bearer , priority 10 [ 173.082092][ T6917] netlink: 4 bytes leftover after parsing attributes in process `syz.4.276'. [ 173.095371][ T6926] netlink: 'syz.2.279': attribute type 1 has an invalid length. [ 173.136150][ T6926] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 174.217395][ T5838] tipc: Node number set to 2886997007 [ 174.644763][ T6957] netlink: 'syz.4.288': attribute type 1 has an invalid length. [ 175.243416][ T5838] usb 2-1: new full-speed USB device number 8 using dummy_hcd [ 175.446189][ T5838] usb 2-1: config index 0 descriptor too short (expected 31, got 27) [ 175.455311][ T5838] usb 2-1: config 1 interface 0 has no altsetting 0 [ 175.485537][ T5838] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 175.539355][ T5838] usb 2-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 175.604090][ T5838] usb 2-1: Product: syz [ 175.673295][ T5838] usb 2-1: Manufacturer: syz [ 175.808317][ T5838] usb 2-1: SerialNumber: syz [ 176.455919][ T5838] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 8 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 176.488225][ T5838] usb 2-1: USB disconnect, device number 8 [ 176.543086][ T5838] usblp0: removed [ 176.594332][ T6975] netlink: 8 bytes leftover after parsing attributes in process `syz.0.291'. [ 177.663238][ T1210] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 177.883118][ T5838] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 177.925443][ T1210] usb 5-1: Using ep0 maxpacket: 16 [ 177.942646][ T1210] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 177.951930][ T1210] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 177.962917][ T1210] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 177.982991][ T1210] usb 5-1: config 1 has no interface number 1 [ 177.983049][ T1210] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 178.032600][ T1210] usb 5-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 178.069204][ T1210] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 178.083192][ T5838] usb 2-1: device descriptor read/64, error -71 [ 178.093111][ T1210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.127324][ T1210] usb 5-1: Product: syz [ 178.131592][ T1210] usb 5-1: Manufacturer: syz [ 178.160608][ T1210] usb 5-1: SerialNumber: syz [ 178.299683][ T7009] bridge0: port 1(bridge_slave_0) entered disabled state [ 178.314710][ T7009] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 178.353158][ T5838] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 178.485087][ T1210] usb 5-1: USB disconnect, device number 13 [ 178.553131][ T5838] usb 2-1: device descriptor read/64, error -71 [ 178.674391][ T5838] usb usb2-port1: attempt power cycle [ 178.763765][ T7000] tipc: New replicast peer: 255.255.255.255 [ 178.772460][ T7000] tipc: Enabled bearer , priority 10 [ 179.032979][ T5838] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 179.073703][ T5838] usb 2-1: device descriptor read/8, error -71 [ 179.394134][ T5838] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 179.434515][ T5838] usb 2-1: device descriptor read/8, error -71 [ 179.644037][ T5838] usb usb2-port1: unable to enumerate USB device [ 180.718802][ T7048] netlink: 'syz.4.303': attribute type 1 has an invalid length. [ 180.732993][ T44] usb 1-1: new full-speed USB device number 13 using dummy_hcd [ 180.967982][ T44] usb 1-1: config index 0 descriptor too short (expected 31, got 27) [ 180.996351][ T44] usb 1-1: config 1 interface 0 has no altsetting 0 [ 181.011453][ T44] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 181.048916][ T44] usb 1-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 181.186376][ T44] usb 1-1: Product: syz [ 181.196621][ T44] usb 1-1: Manufacturer: syz [ 181.213074][ T44] usb 1-1: SerialNumber: syz [ 181.846407][ T44] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 181.925206][ T44] usb 1-1: USB disconnect, device number 13 [ 181.934441][ T44] usblp0: removed [ 182.209389][ T7072] xfrm0: entered promiscuous mode [ 182.253918][ T7072] xfrm0: entered allmulticast mode [ 182.641836][ T7084] netlink: 8 bytes leftover after parsing attributes in process `syz.1.315'. [ 183.481671][ T7107] netlink: 16 bytes leftover after parsing attributes in process `syz.4.322'. [ 183.733800][ T7116] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 184.283077][ T30] kauditd_printk_skb: 24 callbacks suppressed [ 184.283099][ T30] audit: type=1326 audit(1749990822.747:186): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.2.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7fc00000 [ 184.548215][ T30] audit: type=1326 audit(1749990822.747:187): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.2.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1eb478e929 code=0x7fc00000 [ 184.733171][ T5954] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 184.780773][ T30] audit: type=1326 audit(1749990822.747:188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.2.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7fc00000 [ 184.893645][ T30] audit: type=1326 audit(1749990822.747:189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7101 comm="syz.2.320" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7fc00000 [ 184.955065][ T5954] usb 2-1: config index 0 descriptor too short (expected 31, got 27) [ 184.993592][ T5954] usb 2-1: config 1 interface 0 has no altsetting 0 [ 185.021751][ T5954] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 185.047393][ T5954] usb 2-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 185.062140][ T7141] FAULT_INJECTION: forcing a failure. [ 185.062140][ T7141] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 185.093102][ T5954] usb 2-1: Product: syz [ 185.103331][ T5954] usb 2-1: Manufacturer: syz [ 185.111469][ T5954] usb 2-1: SerialNumber: syz [ 185.170842][ T7141] CPU: 1 UID: 0 PID: 7141 Comm: syz.2.328 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 185.170901][ T7141] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 185.170919][ T7141] Call Trace: [ 185.170928][ T7141] [ 185.170938][ T7141] dump_stack_lvl+0x189/0x250 [ 185.170991][ T7141] ? __pfx____ratelimit+0x10/0x10 [ 185.171033][ T7141] ? __pfx_dump_stack_lvl+0x10/0x10 [ 185.171067][ T7141] ? __pfx__printk+0x10/0x10 [ 185.171091][ T7141] ? __might_fault+0xb0/0x130 [ 185.171124][ T7141] should_fail_ex+0x414/0x560 [ 185.171157][ T7141] _copy_from_user+0x2d/0xb0 [ 185.171181][ T7141] __sys_bpf+0x1ed/0x860 [ 185.171212][ T7141] ? __pfx___sys_bpf+0x10/0x10 [ 185.171254][ T7141] ? ksys_write+0x22a/0x250 [ 185.171278][ T7141] ? __pfx_ksys_write+0x10/0x10 [ 185.171295][ T7141] ? rcu_is_watching+0x15/0xb0 [ 185.171337][ T7141] __x64_sys_bpf+0x7c/0x90 [ 185.171364][ T7141] do_syscall_64+0xfa/0x3b0 [ 185.171382][ T7141] ? lockdep_hardirqs_on+0x9c/0x150 [ 185.171413][ T7141] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.171435][ T7141] ? clear_bhb_loop+0x60/0xb0 [ 185.171461][ T7141] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 185.171482][ T7141] RIP: 0033:0x7f1eb478e929 [ 185.171508][ T7141] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 185.171527][ T7141] RSP: 002b:00007f1eb5564038 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 185.171554][ T7141] RAX: ffffffffffffffda RBX: 00007f1eb49b6160 RCX: 00007f1eb478e929 [ 185.171570][ T7141] RDX: 0000000000000050 RSI: 0000200000000140 RDI: 2000000000000000 [ 185.171585][ T7141] RBP: 00007f1eb5564090 R08: 0000000000000000 R09: 0000000000000000 [ 185.171598][ T7141] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 185.171610][ T7141] R13: 0000000000000000 R14: 00007f1eb49b6160 R15: 00007f1eb4adfa28 [ 185.171641][ T7141] [ 185.799545][ T5954] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 13 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 185.832604][ T5954] usb 2-1: USB disconnect, device number 13 [ 185.855726][ T5954] usblp0: removed [ 187.149539][ T7186] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 187.217096][ T7186] netlink: 16 bytes leftover after parsing attributes in process `syz.2.337'. [ 187.677663][ T7198] FAULT_INJECTION: forcing a failure. [ 187.677663][ T7198] name failslab, interval 1, probability 0, space 0, times 0 [ 187.773767][ T7198] CPU: 1 UID: 0 PID: 7198 Comm: syz.0.340 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 187.773790][ T7198] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 187.773800][ T7198] Call Trace: [ 187.773806][ T7198] [ 187.773813][ T7198] dump_stack_lvl+0x189/0x250 [ 187.773843][ T7198] ? __pfx____ratelimit+0x10/0x10 [ 187.773867][ T7198] ? __pfx_dump_stack_lvl+0x10/0x10 [ 187.773891][ T7198] ? __pfx__printk+0x10/0x10 [ 187.773927][ T7198] should_fail_ex+0x414/0x560 [ 187.773952][ T7198] should_failslab+0xa8/0x100 [ 187.773970][ T7198] __kmalloc_cache_noprof+0x70/0x3d0 [ 187.773986][ T7198] ? sctp_add_bind_addr+0x8c/0x370 [ 187.774005][ T7198] sctp_add_bind_addr+0x8c/0x370 [ 187.774024][ T7198] sctp_copy_local_addr_list+0x30b/0x4e0 [ 187.774043][ T7198] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 187.774058][ T7198] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 187.774077][ T7198] ? sctp_v4_is_any+0x35/0x60 [ 187.774092][ T7198] ? sctp_copy_one_addr+0x93/0x360 [ 187.774109][ T7198] sctp_bind_addr_copy+0xb3/0x3c0 [ 187.774125][ T7198] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 187.774151][ T7198] sctp_connect_new_asoc+0x2e0/0x690 [ 187.774174][ T7198] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 187.774192][ T7198] ? __local_bh_enable_ip+0x12d/0x1c0 [ 187.774221][ T7198] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 187.774243][ T7198] ? security_sctp_bind_connect+0x7e/0x2e0 [ 187.774262][ T7198] sctp_sendmsg+0x155c/0x2810 [ 187.774291][ T7198] ? __pfx_sctp_sendmsg+0x10/0x10 [ 187.774312][ T7198] ? aa_sk_perm+0x81e/0x950 [ 187.774334][ T7198] ? __pfx_aa_sk_perm+0x10/0x10 [ 187.774355][ T7198] ? sock_rps_record_flow+0x19/0x410 [ 187.774372][ T7198] ? inet_sendmsg+0x2f4/0x370 [ 187.774389][ T7198] __sock_sendmsg+0x19c/0x270 [ 187.774417][ T7198] __sys_sendto+0x3bd/0x520 [ 187.774437][ T7198] ? __pfx___sys_sendto+0x10/0x10 [ 187.774452][ T7198] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 187.774477][ T7198] ? __fget_files+0x3a0/0x420 [ 187.774503][ T7198] ? ksys_write+0x22a/0x250 [ 187.774519][ T7198] ? __pfx_ksys_write+0x10/0x10 [ 187.774531][ T7198] ? rcu_is_watching+0x15/0xb0 [ 187.774560][ T7198] __x64_sys_sendto+0xde/0x100 [ 187.774580][ T7198] do_syscall_64+0xfa/0x3b0 [ 187.774594][ T7198] ? lockdep_hardirqs_on+0x9c/0x150 [ 187.774617][ T7198] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.774631][ T7198] ? clear_bhb_loop+0x60/0xb0 [ 187.774650][ T7198] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 187.774665][ T7198] RIP: 0033:0x7f84edf8e929 [ 187.774678][ T7198] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 187.774691][ T7198] RSP: 002b:00007f84eed59038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 187.774707][ T7198] RAX: ffffffffffffffda RBX: 00007f84ee1b5fa0 RCX: 00007f84edf8e929 [ 187.774718][ T7198] RDX: 000000000000ffe0 RSI: 0000200000000100 RDI: 0000000000000003 [ 187.774728][ T7198] RBP: 00007f84eed59090 R08: 00002000000000c0 R09: 0000000000000010 [ 187.774738][ T7198] R10: 00000000040048c4 R11: 0000000000000246 R12: 0000000000000002 [ 187.774748][ T7198] R13: 0000000000000000 R14: 00007f84ee1b5fa0 R15: 00007f84ee2dfa28 [ 187.774774][ T7198] [ 188.789517][ T7215] netlink: 60 bytes leftover after parsing attributes in process `syz.4.342'. [ 189.123657][ T44] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 189.713997][ T44] usb 2-1: config index 0 descriptor too short (expected 31, got 27) [ 189.722162][ T44] usb 2-1: config 1 interface 0 has no altsetting 0 [ 189.730993][ T44] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 189.752573][ T44] usb 2-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 189.763024][ T5954] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 189.793244][ T44] usb 2-1: Product: syz [ 189.833011][ T44] usb 2-1: Manufacturer: syz [ 189.837706][ T44] usb 2-1: SerialNumber: syz [ 189.932990][ T5954] usb 1-1: Using ep0 maxpacket: 8 [ 190.025420][ T5954] usb 1-1: config 59 has too many interfaces: 252, using maximum allowed: 32 [ 190.042957][ T5954] usb 1-1: config 59 has an invalid descriptor of length 182, skipping remainder of the config [ 190.115281][ T5954] usb 1-1: config 59 has 0 interfaces, different from the descriptor's value: 252 [ 190.610408][ T5954] usb 1-1: New USB device found, idVendor=13d8, idProduct=0001, bcdDevice=30.62 [ 190.630182][ T5954] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.666543][ T44] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 14 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 190.681643][ T5954] usb 1-1: Product: syz [ 190.728926][ T5954] usb 1-1: Manufacturer: syz [ 190.850744][ T5954] usb 1-1: SerialNumber: syz [ 190.910731][ T44] usb 2-1: USB disconnect, device number 14 [ 191.020479][ T44] usblp0: removed [ 191.806583][ T7260] netlink: 'syz.4.351': attribute type 1 has an invalid length. [ 192.760818][ T7273] netlink: 12 bytes leftover after parsing attributes in process `syz.4.358'. [ 193.068772][ T7273] 8021q: VLANs not supported on caif0 [ 193.784650][ T5954] usb 1-1: USB disconnect, device number 14 [ 194.090518][ T7272] tipc: Enabling of bearer rejected, already enabled [ 194.137139][ T7272] netlink: 4 bytes leftover after parsing attributes in process `syz.1.357'. [ 194.694966][ T7291] FAULT_INJECTION: forcing a failure. [ 194.694966][ T7291] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 194.782047][ T7291] CPU: 1 UID: 0 PID: 7291 Comm: syz.2.363 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 194.782071][ T7291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 194.782080][ T7291] Call Trace: [ 194.782086][ T7291] [ 194.782093][ T7291] dump_stack_lvl+0x189/0x250 [ 194.782123][ T7291] ? __pfx____ratelimit+0x10/0x10 [ 194.782149][ T7291] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.782173][ T7291] ? __pfx__printk+0x10/0x10 [ 194.782190][ T7291] ? __might_fault+0xb0/0x130 [ 194.782216][ T7291] should_fail_ex+0x414/0x560 [ 194.782240][ T7291] _copy_from_user+0x2d/0xb0 [ 194.782257][ T7291] scsi_ioctl+0x489/0x1fb0 [ 194.782285][ T7291] ? __pfx_scsi_ioctl+0x10/0x10 [ 194.782325][ T7291] ? kasan_quarantine_put+0xdd/0x220 [ 194.782349][ T7291] ? __pfx___might_resched+0x10/0x10 [ 194.782379][ T7291] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 194.782403][ T7291] ? scsi_block_when_processing_errors+0x390/0x470 [ 194.782424][ T7291] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 194.782442][ T7291] ? __pfx_scsi_block_when_processing_errors+0x10/0x10 [ 194.782478][ T7291] sg_ioctl+0x1886/0x2230 [ 194.782499][ T7291] ? __pfx_sg_ioctl+0x10/0x10 [ 194.782514][ T7291] ? __fget_files+0x2a/0x420 [ 194.782534][ T7291] ? __fget_files+0x2a/0x420 [ 194.782549][ T7291] ? __fget_files+0x3a0/0x420 [ 194.782565][ T7291] ? __fget_files+0x2a/0x420 [ 194.782584][ T7291] ? bpf_lsm_file_ioctl+0x9/0x20 [ 194.782607][ T7291] ? __pfx_sg_ioctl+0x10/0x10 [ 194.782621][ T7291] __se_sys_ioctl+0xf9/0x170 [ 194.782645][ T7291] do_syscall_64+0xfa/0x3b0 [ 194.782659][ T7291] ? lockdep_hardirqs_on+0x9c/0x150 [ 194.782681][ T7291] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.782696][ T7291] ? clear_bhb_loop+0x60/0xb0 [ 194.782714][ T7291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.782729][ T7291] RIP: 0033:0x7f1eb478e929 [ 194.782742][ T7291] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.782755][ T7291] RSP: 002b:00007f1eb55a6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 194.782771][ T7291] RAX: ffffffffffffffda RBX: 00007f1eb49b5fa0 RCX: 00007f1eb478e929 [ 194.782782][ T7291] RDX: 0000200000000000 RSI: 0000000000005393 RDI: 000000000000000a [ 194.782792][ T7291] RBP: 00007f1eb55a6090 R08: 0000000000000000 R09: 0000000000000000 [ 194.782801][ T7291] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 194.782810][ T7291] R13: 0000000000000000 R14: 00007f1eb49b5fa0 R15: 00007f1eb4adfa28 [ 194.782840][ T7291] [ 195.032778][ C1] vkms_vblank_simulate: vblank timer overrun [ 195.821474][ T7310] netlink: 16 bytes leftover after parsing attributes in process `syz.2.372'. [ 195.857636][ T7310] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 196.163397][ T5838] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 196.338592][ T5923] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 196.439915][ T5838] usb 1-1: config 0 has no interfaces? [ 196.487104][ T5838] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 196.503073][ T5838] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.525527][ T5923] usb 2-1: Using ep0 maxpacket: 8 [ 196.542527][ T5923] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 196.575569][ T5838] usb 1-1: Product: syz [ 196.579956][ T5923] usb 2-1: config 168 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 196.586866][ T5838] usb 1-1: Manufacturer: syz [ 196.615395][ T5838] usb 1-1: SerialNumber: syz [ 196.625152][ T5838] usb 1-1: config 0 descriptor?? [ 196.639001][ T5923] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 196.665146][ T7329] delete_channel: no stack [ 196.788843][ T5923] usb 2-1: config 168 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 196.867809][ T7312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 196.887079][ T7312] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 196.894981][ T5923] usb 2-1: config 168 has an invalid descriptor of length 0, skipping remainder of the config [ 196.931205][ T5923] usb 2-1: config 168 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 196.968522][ T5923] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 196.979376][ T5923] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 196.988165][ T5923] usb 2-1: Product: syz [ 196.992386][ T5923] usb 2-1: Manufacturer: syz [ 196.998490][ T5923] usb 2-1: SerialNumber: syz [ 197.093737][ T7338] netlink: 'syz.4.379': attribute type 39 has an invalid length. [ 197.589904][ T7318] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.599864][ T7318] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.697425][ T5923] adutux 2-1:168.0: interrupt endpoints not found [ 197.721572][ T5923] usb 2-1: USB disconnect, device number 15 [ 197.982318][ T7346] netlink: 16 bytes leftover after parsing attributes in process `syz.4.382'. [ 198.351940][ T7350] netlink: 96 bytes leftover after parsing attributes in process `syz.4.383'. [ 198.367557][ T7350] tipc: Enabling of bearer rejected, failed to enable media [ 198.604067][ T7344] tipc: Enabling of bearer rejected, already enabled [ 198.716090][ T7348] netlink: 4 bytes leftover after parsing attributes in process `syz.3.381'. [ 198.794582][ T7354] netlink: 132 bytes leftover after parsing attributes in process `syz.1.385'. [ 198.919411][ T5954] usb 1-1: USB disconnect, device number 15 [ 199.003369][ T7356] netlink: 'syz.4.384': attribute type 1 has an invalid length. [ 199.492695][ T7362] netlink: 72 bytes leftover after parsing attributes in process `syz.1.388'. [ 199.694885][ T7362] netem: invalid attributes len -7 [ 199.742562][ T7362] netem: change failed [ 199.777899][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 199.784397][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 200.179804][ T7375] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 200.835933][ T7384] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 200.862482][ T7384] netlink: 16 bytes leftover after parsing attributes in process `syz.1.396'. [ 201.743606][ T5920] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 201.947404][ T5920] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 529 [ 201.982360][ T5920] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 201.996440][ T5920] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.005881][ T5920] usb 4-1: Product: syz [ 202.010435][ T5920] usb 4-1: Manufacturer: syz [ 202.019007][ T5920] usb 4-1: SerialNumber: syz [ 202.029334][ T7394] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 202.077017][ T5920] usb 4-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 202.171572][ T1210] usb 4-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 202.172240][ T7407] netlink: 32 bytes leftover after parsing attributes in process `syz.4.404'. [ 202.938372][ T5954] usb 4-1: USB disconnect, device number 20 [ 202.993981][ T7421] netlink: 28 bytes leftover after parsing attributes in process `syz.0.409'. [ 203.003350][ T7421] netlink: 28 bytes leftover after parsing attributes in process `syz.0.409'. [ 203.020585][ T7421] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 203.157378][ T7421] ip6gretap0: entered promiscuous mode [ 203.401390][ T1210] ath9k_htc 4-1:1.0: ath9k_htc: Target is unresponsive [ 203.500509][ T1210] ath9k_htc: Failed to initialize the device [ 203.524437][ T5954] usb 4-1: ath9k_htc: USB layer deinitialized [ 203.599234][ T7432] loop6: detected capacity change from 0 to 7 [ 203.609641][ T7432] Dev loop6: unable to read RDB block 7 [ 203.625351][ T7432] loop6: unable to read partition table [ 203.666138][ T7432] loop6: partition table beyond EOD, truncated [ 203.720899][ T7432] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 204.590944][ T7435] bond1: (slave ip6gretap1): Enslaving as an active interface with an up link [ 204.797238][ T7444] xt_CT: You must specify a L4 protocol and not use inversions on it [ 204.839274][ T7439] 8021q: adding VLAN 0 to HW filter on device bond1 [ 205.460431][ T7452] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 205.882943][ T1210] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 206.041519][ T7464] FAULT_INJECTION: forcing a failure. [ 206.041519][ T7464] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 206.101200][ T7464] CPU: 0 UID: 0 PID: 7464 Comm: syz.2.422 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 206.101231][ T7464] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 206.101243][ T7464] Call Trace: [ 206.101251][ T7464] [ 206.101259][ T7464] dump_stack_lvl+0x189/0x250 [ 206.101299][ T7464] ? __pfx____ratelimit+0x10/0x10 [ 206.101331][ T7464] ? __pfx_dump_stack_lvl+0x10/0x10 [ 206.101365][ T7464] ? __pfx__printk+0x10/0x10 [ 206.101389][ T7464] ? __might_fault+0xb0/0x130 [ 206.101421][ T7464] should_fail_ex+0x414/0x560 [ 206.101454][ T7464] _copy_from_user+0x2d/0xb0 [ 206.101477][ T7464] __ia32_sys_rt_sigreturn+0x228/0x7b0 [ 206.101513][ T7464] ? __pfx___ia32_sys_rt_sigreturn+0x10/0x10 [ 206.101540][ T7464] ? _raw_spin_unlock_irq+0x2e/0x50 [ 206.101601][ T7464] ? __task_pid_nr_ns+0x28/0x470 [ 206.101632][ T7464] ? do_syscall_64+0xbe/0x3b0 [ 206.101665][ T7464] do_syscall_64+0xfa/0x3b0 [ 206.101683][ T7464] ? lockdep_hardirqs_on+0x9c/0x150 [ 206.101715][ T7464] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.101736][ T7464] ? clear_bhb_loop+0x60/0xb0 [ 206.101762][ T7464] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 206.101782][ T7464] RIP: 0033:0x7f1eb472ab19 [ 206.101801][ T7464] Code: 64 c7 00 16 00 00 00 b8 ff ff ff ff c3 0f 1f 40 00 90 66 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 c7 c0 0f 00 00 00 0f 05 <0f> 1f 80 00 00 00 00 48 81 ec 48 01 00 00 49 89 d0 64 48 8b 04 25 [ 206.101819][ T7464] RSP: 002b:00007f1eb55a5a80 EFLAGS: 00000202 ORIG_RAX: 000000000000000f [ 206.101841][ T7464] RAX: ffffffffffffffda RBX: 00007f1eb49b5fa0 RCX: 00007f1eb472ab19 [ 206.101857][ T7464] RDX: 00007f1eb55a5a80 RSI: 00007f1eb55a5bb0 RDI: 0000000000000021 [ 206.101871][ T7464] RBP: 00007f1eb55a6090 R08: 0000000000000000 R09: 0000000000000000 [ 206.101884][ T7464] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 206.101896][ T7464] R13: 0000000000000000 R14: 00007f1eb49b5fa0 R15: 00007f1eb4adfa28 [ 206.101928][ T7464] [ 206.463473][ T1210] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 206.471130][ T1210] usb 4-1: can't read configurations, error -61 [ 206.603359][ T1210] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 206.766102][ T1210] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 206.785716][ T1210] usb 4-1: can't read configurations, error -61 [ 206.792523][ T1210] usb usb4-port1: attempt power cycle [ 206.902971][ T5954] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 207.092982][ T5954] usb 2-1: Using ep0 maxpacket: 8 [ 207.100616][ T5954] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 207.108779][ T5954] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 207.151437][ T5954] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 207.186077][ T5954] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 207.193000][ T1210] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 207.210169][ T5954] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 207.237163][ T5954] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 207.245515][ T5954] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 207.275937][ T1210] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 207.290307][ T5954] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 207.307037][ T1210] usb 4-1: can't read configurations, error -61 [ 207.330037][ T5954] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 207.372022][ T5954] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 207.399645][ T5954] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 207.407644][ T5954] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 207.419582][ T5954] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 207.432007][ T5954] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 207.443839][ T5954] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 207.463275][ T1210] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 207.485736][ T5954] usb 2-1: string descriptor 0 read error: -22 [ 207.492404][ T5954] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 207.511974][ T5954] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.527133][ T1210] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 207.554363][ T1210] usb 4-1: can't read configurations, error -61 [ 207.613231][ T1210] usb usb4-port1: unable to enumerate USB device [ 207.638818][ T5954] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 207.656634][ T7504] fuse: Bad value for 'fd' [ 208.132933][ T9] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 208.354233][ T9] usb 1-1: device descriptor read/64, error -71 [ 208.611903][ T9] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 208.752955][ T9] usb 1-1: device descriptor read/64, error -71 [ 208.863574][ T9] usb usb1-port1: attempt power cycle [ 209.012933][ T5954] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 209.052135][ T7526] netlink: 'syz.3.443': attribute type 2 has an invalid length. [ 209.403103][ T9] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 209.412958][ T5954] usb 5-1: Using ep0 maxpacket: 32 [ 209.421634][ T5954] usb 5-1: New USB device found, idVendor=2040, idProduct=c602, bcdDevice= 1.8e [ 209.432021][ T5954] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.491015][ T9] usb 1-1: device descriptor read/8, error -71 [ 209.527588][ T5954] usb 5-1: config 0 descriptor?? [ 209.752546][ T5954] usb 5-1: string descriptor 0 read error: -71 [ 209.763316][ T9] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 209.856720][ T5954] usb 5-1: dvb_usb_v2: found a 'HCW 126xxx' in warm state [ 209.858230][ T9] usb 1-1: device descriptor read/8, error -71 [ 209.913104][ T5954] usb 5-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 209.971178][ T5954] dvbdev: DVB: registering new adapter (HCW 126xxx) [ 209.988209][ T5954] usb 5-1: media controller created [ 210.003411][ T9] usb usb1-port1: unable to enumerate USB device [ 210.044457][ T5954] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 210.078749][ T7532] netlink: 56 bytes leftover after parsing attributes in process `syz.3.447'. [ 210.097957][ T5954] usb 5-1: selecting invalid altsetting 1 [ 210.104006][ T5954] set interface failed [ 210.104488][ T5954] usb 5-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 210.126498][ T5954] error writing reg: 0xff, val: 0x00 [ 210.189130][ T5954] dvb_usb_mxl111sf 5-1:0.0: probe with driver dvb_usb_mxl111sf failed with error -22 [ 210.233660][ T5954] usb 5-1: USB disconnect, device number 14 [ 210.255899][ T7536] fuse: Bad value for 'fd' [ 210.455057][ T7541] netlink: 'syz.4.451': attribute type 39 has an invalid length. [ 210.525892][ T7543] netlink: 96 bytes leftover after parsing attributes in process `syz.2.452'. [ 210.546307][ T7543] tipc: Enabling of bearer rejected, already enabled [ 211.616667][ T1210] usb 2-1: USB disconnect, device number 16 [ 212.024931][ T7569] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 212.097124][ T7569] netlink: 16 bytes leftover after parsing attributes in process `syz.2.461'. [ 213.604204][ T5954] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 213.784906][ T5954] usb 3-1: config 0 has an invalid descriptor of length 191, skipping remainder of the config [ 213.795922][ T5954] usb 3-1: config 0 interface 0 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 22 [ 213.891969][ T5954] usb 3-1: config 0 interface 0 has no altsetting 0 [ 213.931246][ T5954] usb 3-1: New USB device found, idVendor=10fd, idProduct=1413, bcdDevice=7e.ce [ 213.940808][ T5954] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 213.975972][ T5954] usb 3-1: Product: syz [ 213.986053][ T5954] usb 3-1: Manufacturer: syz [ 213.992007][ T5954] usb 3-1: SerialNumber: syz [ 214.015435][ T5954] usb 3-1: config 0 descriptor?? [ 214.280159][ T5954] usb 3-1: USB disconnect, device number 15 [ 214.437113][ T7610] netlink: 'syz.3.474': attribute type 1 has an invalid length. [ 214.661553][ T7612] bond1: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 214.726581][ T7614] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 215.008529][ T7619] netlink: 8 bytes leftover after parsing attributes in process `syz.4.477'. [ 215.089262][ T7623] xfrm0: entered promiscuous mode [ 215.343029][ T7623] xfrm0: entered allmulticast mode [ 215.668605][ T30] audit: type=1326 audit(1749990854.157:190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 215.912231][ T30] audit: type=1326 audit(1749990854.157:191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 215.934516][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.991790][ T30] audit: type=1326 audit(1749990854.397:192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=83 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 216.142910][ T30] audit: type=1326 audit(1749990854.397:193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 216.306848][ T30] audit: type=1326 audit(1749990854.397:194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 216.414657][ T30] audit: type=1326 audit(1749990854.437:195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 216.436869][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.506168][ T30] audit: type=1326 audit(1749990854.437:196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 216.565814][ T30] audit: type=1326 audit(1749990854.437:197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 216.587990][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.673009][ T30] audit: type=1326 audit(1749990854.437:198): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 216.772945][ T5954] usb 3-1: new full-speed USB device number 16 using dummy_hcd [ 216.796012][ T30] audit: type=1326 audit(1749990854.437:199): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7633 comm="syz.2.481" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 216.818225][ C0] vkms_vblank_simulate: vblank timer overrun [ 216.958484][ T5954] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 216.973355][ T5954] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 217.027536][ T5954] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 217.040063][ T5954] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 217.049242][ T5954] usb 3-1: SerialNumber: syz [ 217.065953][ T5954] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 217.079701][ T5954] usb-storage 3-1:1.0: USB Mass Storage device detected [ 217.104821][ T5954] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 217.116003][ T5954] scsi host1: usb-storage 3-1:1.0 [ 217.919219][ T7675] netlink: 4 bytes leftover after parsing attributes in process `syz.1.492'. [ 218.149093][ T7681] xt_bpf: check failed: parse error [ 218.637977][ T7688] netlink: 4 bytes leftover after parsing attributes in process `syz.4.495'. [ 219.222795][ T7675] team0 (unregistering): Port device team_slave_0 removed [ 219.305596][ T7675] team0 (unregistering): Port device team_slave_1 removed [ 219.486032][ T7695] x_tables: arp_tables: CLASSIFY target: used from hooks INPUT, but only usable from FORWARD/OUTPUT [ 219.506067][ T7695] netlink: 16 bytes leftover after parsing attributes in process `syz.4.497'. [ 220.485705][ T1210] usb 3-1: USB disconnect, device number 16 [ 222.981177][ T7751] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 223.326452][ T7757] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 223.373578][ T7757] macsec1: entered allmulticast mode [ 223.379062][ T7757] netdevsim netdevsim2 netdevsim0: entered allmulticast mode [ 223.396947][ T7757] netdevsim netdevsim2 netdevsim0: left allmulticast mode [ 223.446400][ T7757] netdevsim netdevsim2 netdevsim0: left promiscuous mode [ 225.083652][ T7779] 8021q: adding VLAN 0 to HW filter on device bond2 [ 225.843123][ T5838] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 225.913018][ T44] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 226.034382][ T5838] usb 3-1: Using ep0 maxpacket: 32 [ 226.048549][ T5838] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 226.067416][ T5838] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 226.084758][ T5838] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 226.088787][ T44] usb 2-1: Using ep0 maxpacket: 16 [ 226.110394][ T5838] usb 3-1: config 1 has no interface number 0 [ 226.119328][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 226.127250][ T5838] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 226.153035][ T44] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 226.163928][ T5838] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has invalid maxpacket 58431, setting to 1024 [ 226.178903][ T5838] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 226.210607][ T5838] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 226.220045][ T44] usb 2-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 226.220556][ T5838] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.242499][ T7787] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 226.250319][ T44] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 226.271332][ T5838] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 226.300369][ T44] usb 2-1: Product: syz [ 226.312986][ T44] usb 2-1: Manufacturer: syz [ 226.317690][ T44] usb 2-1: SerialNumber: syz [ 226.344583][ T44] usb 2-1: config 0 descriptor?? [ 226.363793][ T7789] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 226.380664][ T44] hub 2-1:0.0: bad descriptor, ignoring hub [ 226.390047][ T44] hub 2-1:0.0: probe with driver hub failed with error -5 [ 226.465078][ T30] kauditd_printk_skb: 10 callbacks suppressed [ 226.465097][ T30] audit: type=1326 audit(1749990864.947:210): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7786 comm="syz.2.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 226.496229][ T7787] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 226.520209][ T30] audit: type=1326 audit(1749990864.957:211): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7786 comm="syz.2.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 226.542716][ T30] audit: type=1326 audit(1749990864.957:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7786 comm="syz.2.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=317 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 226.555844][ T5838] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now attached [ 226.565489][ T30] audit: type=1326 audit(1749990864.957:213): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7786 comm="syz.2.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 226.603643][ T44] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input6 [ 226.728981][ T30] audit: type=1326 audit(1749990864.957:214): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7786 comm="syz.2.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f1eb478e929 code=0x7ffc0000 [ 226.816848][ T7805] netlink: 20 bytes leftover after parsing attributes in process `syz.1.523'. [ 226.942563][ T30] audit: type=1326 audit(1749990864.987:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7786 comm="syz.2.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1eb478e52b code=0x7ffc0000 [ 227.063767][ T5954] usb 3-1: USB disconnect, device number 17 [ 227.082140][ T5954] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 227.097683][ T30] audit: type=1326 audit(1749990864.987:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7786 comm="syz.2.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1eb478e52b code=0x7ffc0000 [ 227.208123][ C1] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1 [ 227.248323][ T30] audit: type=1326 audit(1749990864.987:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7786 comm="syz.2.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1eb478e52b code=0x7ffc0000 [ 227.391947][ T30] audit: type=1326 audit(1749990865.007:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7786 comm="syz.2.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f1eb478e52b code=0x7ffc0000 [ 227.587443][ T30] audit: type=1326 audit(1749990865.007:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7786 comm="syz.2.524" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7f1eb47c11e5 code=0x7ffc0000 [ 228.348089][ T7832] netlink: 4 bytes leftover after parsing attributes in process `syz.0.534'. [ 228.683286][ T5838] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 228.810040][ T7838] netlink: 28 bytes leftover after parsing attributes in process `syz.3.537'. [ 228.840631][ T7838] netlink: 28 bytes leftover after parsing attributes in process `syz.3.537'. [ 228.843775][ T44] usb 2-1: USB disconnect, device number 17 [ 228.859902][ T7838] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 228.879190][ T5838] usb 5-1: New USB device found, idVendor=0bda, idProduct=8153, bcdDevice=e2.3d [ 228.892352][ T5838] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 228.910213][ T7838] ip6gretap0: entered promiscuous mode [ 228.917292][ T5838] usb 5-1: Product: syz [ 228.922423][ T7838] debugfs: Directory 'hsr1' with parent 'hsr' already present! [ 228.936627][ T5838] usb 5-1: Manufacturer: syz [ 228.941651][ T7838] Cannot create hsr debugfs directory [ 228.955626][ T5838] usb 5-1: SerialNumber: syz [ 228.986903][ T5838] r8152-cfgselector 5-1: Unknown version 0x0000 [ 228.996045][ T5838] r8152-cfgselector 5-1: config 0 descriptor?? [ 229.182939][ T44] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 229.372951][ T44] usb 2-1: Using ep0 maxpacket: 32 [ 229.380115][ T44] usb 2-1: config 0 contains an unexpected descriptor of type 0x1, skipping [ 229.483104][ T44] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 229.497825][ T7851] netlink: 'syz.3.540': attribute type 25 has an invalid length. [ 229.533359][ T44] usb 2-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 229.572948][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.690106][ T44] usb 2-1: config 0 descriptor?? [ 229.756245][ T7858] input: syz1 as /devices/virtual/input/input7 [ 230.482447][ T5954] usb 2-1: USB disconnect, device number 18 [ 230.632542][ T7850] tipc: Enabling of bearer rejected, already enabled [ 231.181076][ T7873] usb usb8: usbfs: process 7873 (syz.3.546) did not claim interface 7 before use [ 231.302965][ T7877] usb usb8: usbfs: process 7877 (syz.3.546) did not claim interface 0 before use [ 231.503448][ T5954] usb 2-1: new full-speed USB device number 19 using dummy_hcd [ 231.520656][ T44] r8152-cfgselector 5-1: USB disconnect, device number 15 [ 231.716352][ T7876] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 231.733543][ T7876] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 231.802746][ T5954] usb 2-1: unable to get BOS descriptor or descriptor too short [ 231.845972][ T5954] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 231.854315][ T5954] usb 2-1: can't read configurations, error -71 [ 231.882927][ T9] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 232.036941][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 232.052295][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 232.087774][ T9] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 232.106585][ T1210] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 232.147817][ T9] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 232.166646][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.190147][ T9] usb 1-1: Product: syz [ 232.199141][ T9] usb 1-1: Manufacturer: syz [ 232.210196][ T9] usb 1-1: SerialNumber: syz [ 232.247003][ T9] usb 1-1: config 0 descriptor?? [ 232.258215][ T7880] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 232.268001][ T9] hub 1-1:0.0: bad descriptor, ignoring hub [ 232.288451][ T9] hub 1-1:0.0: probe with driver hub failed with error -5 [ 232.301055][ T1210] usb 5-1: Using ep0 maxpacket: 16 [ 232.415777][ T1210] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 232.434096][ T9] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input8 [ 232.453211][ T1210] usb 5-1: config 0 interface 0 has no altsetting 0 [ 232.488679][ T1210] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=9d.3d [ 232.500019][ T1210] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.553701][ T7889] netlink: 20 bytes leftover after parsing attributes in process `syz.0.548'. [ 232.572517][ T1210] usb 5-1: Product: syz [ 232.581182][ T1210] usb 5-1: Manufacturer: syz [ 232.593515][ T1210] usb 5-1: SerialNumber: syz [ 232.602717][ T1210] usb 5-1: config 0 descriptor?? [ 232.673002][ T1210] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 232.750317][ T7894] netlink: 20 bytes leftover after parsing attributes in process `syz.0.548'. [ 232.814312][ T7897] netlink: 12 bytes leftover after parsing attributes in process `syz.2.552'. [ 232.914520][ T7897] vlan2: entered promiscuous mode [ 232.938443][ T7897] batadv0: entered promiscuous mode [ 232.991249][ T44] usb 5-1: USB disconnect, device number 16 [ 233.011715][ T37] usb 5-1: Failed to submit usb control message: -71 [ 233.049307][ T37] usb 5-1: unable to send the bmi data to the device: -71 [ 233.120108][ T37] usb 5-1: unable to get target info from device [ 233.146200][ T37] usb 5-1: could not get target info (-71) [ 233.170900][ T37] usb 5-1: could not probe fw (-71) [ 233.847332][ T7906] bridge_slave_0: left allmulticast mode [ 233.902781][ T7906] bridge_slave_0: left promiscuous mode [ 233.914948][ T7906] bridge0: port 1(bridge_slave_0) entered disabled state [ 233.947371][ T7913] netlink: 4400 bytes leftover after parsing attributes in process `syz.1.555'. [ 233.975226][ T7906] bridge_slave_1: left allmulticast mode [ 233.981016][ T7906] bridge_slave_1: left promiscuous mode [ 233.988258][ T7906] bridge0: port 2(bridge_slave_1) entered disabled state [ 234.111233][ T7906] bond0: (slave bond_slave_0): Releasing backup interface [ 234.169869][ T7906] bond0: (slave bond_slave_1): Releasing backup interface [ 234.230459][ T7906] team0: Port device team_slave_0 removed [ 234.252000][ T7906] team0: Port device team_slave_1 removed [ 234.261267][ T7906] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 234.287660][ T7906] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 234.336647][ T7906] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 234.369192][ T7906] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 234.551043][ T7906] bond1: (slave ip6gretap1): Releasing backup interface [ 234.604957][ T7906] syz.3.554 (7906) used greatest stack depth: 19928 bytes left [ 234.793226][ T44] usb 1-1: USB disconnect, device number 20 [ 235.203047][ T44] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 235.606234][ T7943] netlink: 4 bytes leftover after parsing attributes in process `syz.3.565'. [ 235.625643][ T44] usb 5-1: Using ep0 maxpacket: 16 [ 235.641523][ T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 235.666205][ T7943] netlink: 12 bytes leftover after parsing attributes in process `syz.3.565'. [ 235.684317][ T44] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 235.721017][ T7944] program syz.3.565 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 235.818352][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 236.008321][ T44] usb 5-1: config 0 descriptor?? [ 236.114214][ T7947] netlink: 'syz.0.566': attribute type 10 has an invalid length. [ 236.122764][ T7947] bridge0: port 2(bridge_slave_1) entered disabled state [ 236.222888][ T7947] bridge0: port 2(bridge_slave_1) entered blocking state [ 236.230187][ T7947] bridge0: port 2(bridge_slave_1) entered forwarding state [ 236.270567][ T7947] bond0: (slave bridge0): Enslaving as an active interface with an up link [ 236.446811][ T44] mcp2221 0003:04D8:00DD.0004: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.4-1/input0 [ 236.481449][ T7935] tipc: Enabling of bearer rejected, already enabled [ 236.645799][ T5954] usb 5-1: USB disconnect, device number 17 [ 236.943086][ T44] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 237.125193][ T44] usb 1-1: Using ep0 maxpacket: 16 [ 237.336077][ T44] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 62320, setting to 1024 [ 237.466398][ T44] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x83 has invalid maxpacket 1024 [ 237.514815][ T44] usb 1-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 237.550134][ T44] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.577845][ T44] usb 1-1: Product: syz [ 237.582457][ T44] usb 1-1: Manufacturer: syz [ 237.583689][ T7964] fuse: Bad value for 'fd' [ 237.591550][ T44] usb 1-1: SerialNumber: syz [ 237.649458][ T44] usb 1-1: config 0 descriptor?? [ 237.664367][ T7952] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 237.673494][ T44] hub 1-1:0.0: bad descriptor, ignoring hub [ 237.683133][ T44] hub 1-1:0.0: probe with driver hub failed with error -5 [ 237.711691][ T44] input: syz syz as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input9 [ 237.949676][ T7954] netlink: 20 bytes leftover after parsing attributes in process `syz.0.568'. [ 237.961702][ T7954] netlink: 20 bytes leftover after parsing attributes in process `syz.0.568'. [ 238.340324][ C0] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1 [ 238.735553][ C0] usbtouchscreen 1-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -1 [ 238.978490][ T7972] netlink: 'syz.3.573': attribute type 1 has an invalid length. [ 239.753216][ T9] usb 1-1: USB disconnect, device number 21 [ 239.782970][ T1210] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 239.933848][ T1210] usb 3-1: device descriptor read/64, error -71 [ 240.293155][ T1210] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 240.433170][ T1210] usb 3-1: device descriptor read/64, error -71 [ 240.571017][ T1210] usb usb3-port1: attempt power cycle [ 240.872996][ T9] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 240.962938][ T1210] usb 3-1: new full-speed USB device number 20 using dummy_hcd [ 240.996459][ T1210] usb 3-1: device descriptor read/8, error -71 [ 241.035523][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 241.047137][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 241.074918][ T8009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 241.087163][ T9] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 241.114364][ T8009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 241.159052][ T9] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 241.192157][ T8009] netlink: 44 bytes leftover after parsing attributes in process `syz.1.585'. [ 241.220566][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.263092][ T1210] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 241.283428][ T9] usb 5-1: config 0 descriptor?? [ 241.293157][ T5838] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 241.357995][ T1210] usb 3-1: device descriptor read/8, error -71 [ 241.688703][ T1210] usb usb3-port1: unable to enumerate USB device [ 241.731113][ T8006] tipc: Enabling of bearer rejected, already enabled [ 241.749569][ T8013] netlink: 4 bytes leftover after parsing attributes in process `syz.3.584'. [ 241.808729][ T9] plantronics 0003:047F:FFFF.0005: reserved main item tag 0xe [ 241.959873][ T9] plantronics 0003:047F:FFFF.0005: unknown main item tag 0x0 [ 242.005519][ T9] plantronics 0003:047F:FFFF.0005: No inputs registered, leaving [ 242.007905][ T8003] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 242.023203][ T8003] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 242.093110][ T8018] netlink: 'syz.1.587': attribute type 1 has an invalid length. [ 242.110060][ T9] plantronics 0003:047F:FFFF.0005: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.4-1/input0 [ 242.197051][ T8018] 8021q: adding VLAN 0 to HW filter on device bond1 [ 242.233826][ T8020] bond1: (slave ip6erspan0): making interface the new active one [ 242.275319][ T8020] bond1: (slave ip6erspan0): Enslaving as an active interface with an up link [ 243.482129][ T8042] netlink: 8 bytes leftover after parsing attributes in process `syz.1.593'. [ 243.971143][ T1210] usb 5-1: USB disconnect, device number 18 [ 244.593323][ T3082] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 244.784866][ T3082] usb 5-1: device descriptor read/64, error -71 [ 245.032941][ T3082] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 245.177974][ T3082] usb 5-1: device descriptor read/64, error -71 [ 245.294465][ T3082] usb usb5-port1: attempt power cycle [ 245.713471][ T3082] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 245.859749][ T3082] usb 5-1: device descriptor read/8, error -71 [ 246.103031][ T3082] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 246.135003][ T3082] usb 5-1: device descriptor read/8, error -71 [ 246.261690][ T3082] usb usb5-port1: unable to enumerate USB device [ 246.695507][ T8095] vti0: entered promiscuous mode [ 246.771817][ T8095] team0: Port device vti0 added [ 252.882985][ T15] sched: DL replenish lagged too much [ 261.219414][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 261.225925][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 351.902798][ C1] rcu: INFO: rcu_preempt detected stalls on CPUs/tasks: [ 351.909827][ C1] rcu: Tasks blocked on level-0 rcu_node (CPUs 0-1): P5206/1:b..l [ 351.918070][ C1] rcu: (detected by 1, t=10502 jiffies, g=30033, q=736 ncpus=2) [ 351.925816][ C1] task:udevd state:R running task stack:22952 pid:5206 tgid:5206 ppid:1 task_flags:0x400140 flags:0x00004002 [ 351.940019][ C1] Call Trace: [ 351.943334][ C1] [ 351.946287][ C1] __schedule+0x16f5/0x4d00 [ 351.950825][ C1] ? preempt_schedule_irq+0xb5/0x150 [ 351.956153][ C1] ? __pfx___schedule+0x10/0x10 [ 351.961047][ C1] ? __lock_acquire+0xab9/0xd20 [ 351.965930][ C1] ? preempt_schedule_irq+0xaa/0x150 [ 351.971240][ C1] preempt_schedule_irq+0xb5/0x150 [ 351.976380][ C1] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 351.982130][ C1] ? rcu_irq_exit_check_preempt+0xdf/0x210 [ 351.987962][ C1] irqentry_exit+0x6f/0x90 [ 351.992451][ C1] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 351.998449][ C1] RIP: 0010:lock_release+0x2b5/0x3e0 [ 352.003768][ C1] Code: 51 48 c7 44 24 20 00 00 00 00 9c 8f 44 24 20 f7 44 24 20 00 02 00 00 75 56 f7 c3 00 02 00 00 74 01 fb 65 48 8b 05 cb aa fe 10 <48> 3b 44 24 28 0f 85 8b 00 00 00 48 83 c4 30 5b 41 5c 41 5d 41 5e [ 352.023485][ C1] RSP: 0018:ffffc900033a6fb0 EFLAGS: 00000206 [ 352.029567][ C1] RAX: dab6c326d1f7fd00 RBX: 0000000000000202 RCX: dab6c326d1f7fd00 [ 352.037556][ C1] RDX: 0000000000000001 RSI: ffffffff8db6ecc6 RDI: ffffffff8be28a80 [ 352.045543][ C1] RBP: ffff88807ec74718 R08: ffffc900033a71d0 R09: 0000000000000000 [ 352.053532][ C1] R10: ffffc900033a7198 R11: fffff52000674e35 R12: 0000000000000001 [ 352.061526][ C1] R13: 0000000000000001 R14: ffffffff8e13ed60 R15: ffff88807ec73c00 [ 352.069535][ C1] ? unwind_next_frame+0xa5/0x2390 [ 352.074681][ C1] ? unwind_next_frame+0xa5/0x2390 [ 352.079841][ C1] unwind_next_frame+0x19a9/0x2390 [ 352.084982][ C1] ? unwind_next_frame+0xa5/0x2390 [ 352.090113][ C1] ? arch_stack_walk+0xe4/0x150 [ 352.094982][ C1] __unwind_start+0x5b9/0x760 [ 352.099689][ C1] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 352.105865][ C1] arch_stack_walk+0xe4/0x150 [ 352.110562][ C1] ? stack_trace_save+0x9c/0xe0 [ 352.115430][ C1] stack_trace_save+0x9c/0xe0 [ 352.120126][ C1] ? __pfx_stack_trace_save+0x10/0x10 [ 352.125520][ C1] ? stack_depot_save_flags+0x40/0x900 [ 352.131002][ C1] kasan_save_track+0x3e/0x80 [ 352.135751][ C1] __kasan_kmalloc+0x93/0xb0 [ 352.140357][ C1] __kmalloc_noprof+0x27a/0x4f0 [ 352.145222][ C1] ? tomoyo_encode+0x28b/0x550 [ 352.150014][ C1] tomoyo_encode+0x28b/0x550 [ 352.154636][ C1] tomoyo_realpath_from_path+0x58d/0x5d0 [ 352.160305][ C1] tomoyo_check_open_permission+0x1c1/0x3b0 [ 352.166259][ C1] ? tomoyo_check_open_permission+0x16a/0x3b0 [ 352.172349][ C1] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 352.178878][ C1] ? seqcount_lockdep_reader_access+0x122/0x1c0 [ 352.185163][ C1] ? mnt_get_write_access+0x68/0x2a0 [ 352.190474][ C1] ? tomoyo_file_open+0x165/0x220 [ 352.195527][ C1] security_file_open+0xb1/0x270 [ 352.200482][ C1] do_dentry_open+0x35e/0x1970 [ 352.205279][ C1] vfs_open+0x3b/0x340 [ 352.209367][ C1] ? path_openat+0x2ecd/0x3830 [ 352.214155][ C1] path_openat+0x2ee5/0x3830 [ 352.218768][ C1] ? arch_stack_walk+0xfc/0x150 [ 352.223660][ C1] ? __pfx_path_openat+0x10/0x10 [ 352.228636][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.234764][ C1] do_filp_open+0x1fa/0x410 [ 352.239296][ C1] ? __lock_acquire+0xab9/0xd20 [ 352.244164][ C1] ? __pfx_do_filp_open+0x10/0x10 [ 352.249223][ C1] ? _raw_spin_unlock+0x28/0x50 [ 352.254097][ C1] ? alloc_fd+0x64c/0x6c0 [ 352.258453][ C1] do_sys_openat2+0x121/0x1c0 [ 352.263151][ C1] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 352.268628][ C1] ? __pfx_do_sys_openat2+0x10/0x10 [ 352.273860][ C1] __x64_sys_openat+0x138/0x170 [ 352.278747][ C1] do_syscall_64+0xfa/0x3b0 [ 352.283264][ C1] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.289346][ C1] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 352.294989][ C1] ? clear_bhb_loop+0x60/0xb0 [ 352.299682][ C1] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 352.305592][ C1] RIP: 0033:0x7f5ecc4a7407 [ 352.310022][ C1] RSP: 002b:00007fff48915c60 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 352.318453][ C1] RAX: ffffffffffffffda RBX: 00007f5eccc97880 RCX: 00007f5ecc4a7407 [ 352.326438][ C1] RDX: 0000000000080141 RSI: 0000557d46ec602e RDI: ffffffffffffff9c [ 352.334510][ C1] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 352.342496][ C1] R10: 00000000000001a4 R11: 0000000000000202 R12: 00000000ffffffff [ 352.350480][ C1] R13: 00000000ffffffff R14: ffffffffffffffff R15: 0000000000000000 [ 352.358484][ C1] [ 352.361515][ C1] rcu: rcu_preempt kthread timer wakeup didn't happen for 10546 jiffies! g30033 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 [ 352.373852][ C1] rcu: Possible timer handling issue on cpu=1 timer-softirq=11239 [ 352.381751][ C1] rcu: rcu_preempt kthread starved for 10547 jiffies! g30033 f0x0 RCU_GP_WAIT_FQS(5) ->state=0x402 ->cpu=1 [ 352.393162][ C1] rcu: Unless rcu_preempt kthread gets sufficient CPU time, OOM is now expected behavior. [ 352.403149][ C1] rcu: RCU grace-period kthread stack dump: [ 352.409050][ C1] task:rcu_preempt state:I stack:27320 pid:16 tgid:16 ppid:2 task_flags:0x208040 flags:0x00004000 [ 352.420989][ C1] Call Trace: [ 352.424281][ C1] [ 352.427229][ C1] __schedule+0x16f5/0x4d00 [ 352.431777][ C1] ? schedule+0x165/0x360 [ 352.436150][ C1] ? __pfx___schedule+0x10/0x10 [ 352.441040][ C1] ? schedule+0x91/0x360 [ 352.445311][ C1] schedule+0x165/0x360 [ 352.449494][ C1] schedule_timeout+0x12b/0x270 [ 352.454370][ C1] ? __pfx_schedule_timeout+0x10/0x10 [ 352.459763][ C1] ? __pfx_process_timeout+0x10/0x10 [ 352.465069][ C1] ? prepare_to_swait_event+0x341/0x380 [ 352.470642][ C1] rcu_gp_fqs_loop+0x301/0x1540 [ 352.475523][ C1] ? __pfx_rcu_gp_init+0x10/0x10 [ 352.480483][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 352.485716][ C1] ? __pfx_rcu_gp_fqs_loop+0x10/0x10 [ 352.491063][ C1] ? _raw_spin_unlock_irq+0x2e/0x50 [ 352.496285][ C1] ? finish_swait+0xcd/0x1f0 [ 352.500891][ C1] rcu_gp_kthread+0x99/0x390 [ 352.505504][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 352.510732][ C1] ? __kthread_parkme+0x7b/0x200 [ 352.515688][ C1] ? __kthread_parkme+0x1a1/0x200 [ 352.520741][ C1] kthread+0x70e/0x8a0 [ 352.524829][ C1] ? __pfx_rcu_gp_kthread+0x10/0x10 [ 352.530045][ C1] ? __pfx_kthread+0x10/0x10 [ 352.534653][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 352.539876][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 352.545093][ C1] ? __pfx_kthread+0x10/0x10 [ 352.549705][ C1] ret_from_fork+0x3fc/0x770 [ 352.554319][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 352.559453][ C1] ? __switch_to_asm+0x39/0x70 [ 352.564234][ C1] ? __switch_to_asm+0x33/0x70 [ 352.569011][ C1] ? __pfx_kthread+0x10/0x10 [ 352.573621][ C1] ret_from_fork_asm+0x1a/0x30 [ 352.578414][ C1] [ 352.581442][ C1] rcu: Stack dump where RCU GP kthread last ran: [ 352.587779][ C1] CPU: 1 UID: 0 PID: 3082 Comm: kworker/1:2 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 352.599853][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 352.609923][ C1] Workqueue: mld mld_ifc_work [ 352.614625][ C1] RIP: 0010:__sanitizer_cov_trace_cmp8+0x11/0x90 [ 352.620968][ C1] Code: 09 cc 0f 1f 80 00 00 00 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 48 8b 04 24 65 48 8b 0c 25 08 f0 9c 92 <65> 8b 15 78 91 dc 10 81 e2 00 01 ff 00 74 11 81 fa 00 01 00 00 75 [ 352.640587][ C1] RSP: 0018:ffffc9000b3c70d8 EFLAGS: 00000202 [ 352.646671][ C1] RAX: ffffffff8985d0d5 RBX: ffff888024c76d58 RCX: ffff88802f758000 [ 352.654661][ C1] RDX: 0000000000000000 RSI: 18496c2aa7f86190 RDI: 18496c2aa7f90d8f [ 352.662649][ C1] RBP: ffffc9000b3c7250 R08: ffff888034aa12e7 R09: 1ffff1100695425c [ 352.670637][ C1] R10: dffffc0000000000 R11: ffffed100695425d R12: 18496c2aa7f86190 [ 352.678633][ C1] R13: 18496c2aa7f90d8f R14: 18496c2aa7f7e18f R15: 1ffff1100498edab [ 352.686622][ C1] FS: 0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000 [ 352.695567][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 352.702162][ C1] CR2: 00007f1eb55a5f98 CR3: 00000000683ae000 CR4: 00000000003526f0 [ 352.710152][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 352.718142][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 352.726122][ C1] Call Trace: [ 352.729414][ C1] [ 352.732353][ C1] taprio_enqueue_one+0xae5/0x1650 [ 352.737490][ C1] ? taprio_enqueue_one+0x5f8/0x1650 [ 352.742812][ C1] ? __pfx_taprio_enqueue_one+0x10/0x10 [ 352.748380][ C1] ? taprio_skb_exceeds_queue_max_sdu+0x2c6/0x3a0 [ 352.754831][ C1] ? taprio_enqueue+0x234/0x680 [ 352.759719][ C1] ? __dev_queue_xmit+0xcf8/0x3a70 [ 352.764864][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 352.770273][ C1] dev_qdisc_enqueue+0x4e/0x260 [ 352.775160][ C1] __dev_queue_xmit+0xe0e/0x3a70 [ 352.780129][ C1] ? __dev_queue_xmit+0x27e/0x3a70 [ 352.785279][ C1] ? __pfx___dev_queue_xmit+0x10/0x10 [ 352.790686][ C1] ? read_seqbegin+0x122/0x250 [ 352.795480][ C1] ? neigh_connected_output+0x1ea/0x460 [ 352.801054][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 352.806281][ C1] ? read_seqbegin+0x1ac/0x250 [ 352.811058][ C1] ? __pfx_read_seqbegin+0x10/0x10 [ 352.816188][ C1] ? __lock_acquire+0xab9/0xd20 [ 352.821071][ C1] ? neigh_connected_output+0x3b6/0x460 [ 352.826648][ C1] ip6_finish_output2+0x11fb/0x16a0 [ 352.831870][ C1] ? ip6_finish_output2+0x701/0x16a0 [ 352.837184][ C1] ? __pfx_ip6_finish_output2+0x10/0x10 [ 352.842766][ C1] ? ip6_mtu+0x7d/0x3f0 [ 352.846962][ C1] ? ip6_mtu+0x7d/0x3f0 [ 352.851139][ C1] ip6_finish_output+0x234/0x7d0 [ 352.856105][ C1] NF_HOOK+0x9e/0x380 [ 352.860107][ C1] ? NF_HOOK+0x101/0x380 [ 352.864370][ C1] ? __pfx_NF_HOOK+0x10/0x10 [ 352.868976][ C1] ? __pfx_dst_output+0x10/0x10 [ 352.873858][ C1] ? icmp6_dst_alloc+0x3a5/0x420 [ 352.878815][ C1] ? icmp6_dst_alloc+0x3a5/0x420 [ 352.883775][ C1] mld_sendpack+0x800/0xd80 [ 352.888311][ C1] ? mld_sendpack+0x1de/0xd80 [ 352.893012][ C1] ? __pfx_mld_sendpack+0x10/0x10 [ 352.898073][ C1] mld_ifc_work+0x835/0xde0 [ 352.902599][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 352.907824][ C1] ? process_scheduled_works+0x9ef/0x17b0 [ 352.913582][ C1] process_scheduled_works+0xae1/0x17b0 [ 352.919196][ C1] ? __pfx_process_scheduled_works+0x10/0x10 [ 352.925228][ C1] worker_thread+0x8a0/0xda0 [ 352.929842][ C1] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 352.936206][ C1] ? __kthread_parkme+0x7b/0x200 [ 352.941170][ C1] kthread+0x70e/0x8a0 [ 352.945261][ C1] ? __pfx_worker_thread+0x10/0x10 [ 352.950486][ C1] ? __pfx_kthread+0x10/0x10 [ 352.955099][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 352.960321][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 352.965543][ C1] ? __pfx_kthread+0x10/0x10 [ 352.970152][ C1] ret_from_fork+0x3fc/0x770 [ 352.974781][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 352.979924][ C1] ? __switch_to_asm+0x39/0x70 [ 352.984700][ C1] ? __switch_to_asm+0x33/0x70 [ 352.989476][ C1] ? __pfx_kthread+0x10/0x10 [ 352.994082][ C1] ret_from_fork_asm+0x1a/0x30 [ 352.998870][ C1]