last executing test programs: 8.711509929s ago: executing program 0 (id=1416): r0 = syz_usb_connect(0x5, 0x36, &(0x7f0000002d00)={{0x12, 0x1, 0x201, 0xf, 0x4f, 0x7, 0x40, 0x67b, 0x2303, 0x53f5, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x3, 0x4, 0xe0, 0x3, [{{0x9, 0x4, 0x13, 0x9, 0x2, 0xba, 0x95, 0xd2, 0x3, [], [{{0x9, 0x5, 0x8e, 0x2, 0x20, 0xc, 0x8, 0xff}}, {{0x9, 0x5, 0xc, 0x12, 0x40, 0x0, 0x9, 0x9}}]}}]}}]}}, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x0}) syz_usb_disconnect(r0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r1, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r1, &(0x7f0000001240)="8f", 0x1, 0x0, &(0x7f0000001200)={0xa, 0x4e23, 0x1, @loopback}, 0x1c) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000300)={0x0, 0x200002, 0x30}, 0xc) sendmsg$inet6(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000180)='h', 0x1}], 0x1}, 0x4004010) setsockopt$inet_sctp6_SCTP_DEFAULT_PRINFO(r1, 0x84, 0x72, &(0x7f0000000140)={0x0, 0x1, 0x20}, 0xc) writev(r1, &(0x7f0000000100)=[{&(0x7f0000000040)=',', 0x34000}], 0x1) setsockopt$inet_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) 5.329486462s ago: executing program 0 (id=1430): r0 = socket$inet6(0xa, 0x6, 0xff) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) ioctl$UI_DEV_CREATE(r1, 0xc06855c8) connect$inet6(r0, &(0x7f0000000200)={0xa, 0x0, 0x0, @empty}, 0x1c) socketpair$tipc(0x1e, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) setsockopt$sock_int(r2, 0x1, 0x29, &(0x7f0000000080)=0x6, 0x4) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x41, &(0x7f0000000100)=0x100, 0x4) write$binfmt_script(r0, &(0x7f00000000c0), 0x28) 4.689788023s ago: executing program 0 (id=1435): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x1000000, &(0x7f0000006680)) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000880)={0x1fe, 0x2, 0x1, 0x1000, &(0x7f0000203000/0x1000)=nil}) pipe2(&(0x7f0000000040)={0x0, 0x0}, 0x0) pipe2(&(0x7f0000000940)={0x0, 0x0}, 0x80800) fsopen(&(0x7f0000000240)='gfs2meta\x00', 0x0) tee(r1, r0, 0xff, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) prctl$PR_SET_VMA(0x3c, 0x0, &(0x7f0000bda000/0x4000)=nil, 0x4000, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502100, &(0x7f00000008c0)={0x0, 0x0}) move_pages(r2, 0x3, &(0x7f0000000100)=[&(0x7f0000772000/0x2000)=nil, &(0x7f0000588000/0x3000)=nil, &(0x7f0000b34000/0x1000)=nil], 0x0, &(0x7f0000000140)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x6) request_key(&(0x7f0000000080)='ceph\x00', &(0x7f00000004c0)={'syz', 0x0}, &(0x7f00000000c0)='\x8e\x00\x9e\xbb\x1e\x1av\xb7 H\x0e\\\xcd\xde\x82\x00\x00\x00\x00\t<\xe5u\xedA\xa7\nT\xdd\xd1{\xff\xcb\xdb\xb1\xfc\xf4\xbc\xc3\x83\xdd31\xc2s\xcb\xbd\xcc\x00\x00\x00<\xfe\xf9\f\xe6E\b\x00\xd7\x85q\xc4\xab\xbd&\x92\x89(\xf3\"\xceJ\x14\x185\xa6- \xe6uK\xe1D\xa9\x9f\x92\xca\x93#\xf5E\xc2\x91Yl\x17\x06\x02\t\x17o\xc4\xde\x04\x9b\x89#\xf6&[\xd81\xb3\xdc\x00\x04\x15\x03\x17Zf9\xcc\xdcR\xd24\xeb\xb5\xc2\xff\x1bnF\x8e\xe4\'\x18\xba9.\xd4\xd9\xc6\x98\x8f\xc6D!p\xbeV\xb7x\r@', 0xffffffffffffffff) r3 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000000)='/proc/keys\x00', 0x0, 0x0) read$FUSE(r3, &(0x7f0000002a80)={0x2020}, 0x2020) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x160) r4 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000200)='/proc/bus/input/devices\x00', 0x0, 0x0) r5 = epoll_create(0x9) epoll_ctl$EPOLL_CTL_ADD(r5, 0x1, r4, &(0x7f0000000080)) r6 = epoll_create(0x8) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000400)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r4, &(0x7f0000000040)={0xc0002001}) ustat(0x0, &(0x7f00000007c0)) ioctl$VIDIOC_S_INPUT(r4, 0xc0045627, &(0x7f0000000040)=0x2) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r4, 0x8933, &(0x7f0000000300)={'batadv_slave_1\x00', 0x0}) socket$pptp(0x18, 0x1, 0x2) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f0000000680)={r4, 0xe0, &(0x7f0000000580)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, &(0x7f00000003c0)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x3, 0x4, &(0x7f0000000400)=[0x0, 0x0, 0x0], &(0x7f0000000440)=[0x0, 0x0, 0x0, 0x0], 0x0, 0xeb, &(0x7f0000000480)=[{}, {}, {}, {}, {}, {}], 0x30, 0x10, &(0x7f00000004c0), &(0x7f0000000500), 0x8, 0x87, 0x8, 0x8, &(0x7f0000000540)}}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000700)={0x5, 0x7, &(0x7f0000000800)=ANY=[@ANYBLOB="c0cdb909030000008520000004000000186b000010387b1275f41d11c26f000000000000f9000000000000000010000000045a030004ff65ca8cf79b0fa2164e2d"], &(0x7f00000001c0)='GPL\x00', 0xfff, 0xaf, &(0x7f0000000240)=""/175, 0x41000, 0x10, '\x00', r7, @fallback=0x28, r4, 0x8, &(0x7f0000000340)={0x3, 0x1}, 0x8, 0x10, &(0x7f0000000380)={0x4, 0x6, 0xae42, 0x4}, 0x10, r8, 0xffffffffffffffff, 0x0, &(0x7f00000006c0)=[r4, r4], 0x0, 0x10, 0x6, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x8, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="1800000000000000000000000000000071126f0000000000"], &(0x7f0000000040)='syzkaller\x00', 0x9, 0x0, 0x0, 0x0, 0x40, '\x00', 0x0, @cgroup_skb=0x1, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, r8, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_usb_connect(0x4, 0x24, &(0x7f00000000c0)=ANY=[@ANYRESDEC=0x0], 0x0) 4.208543243s ago: executing program 4 (id=1440): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) readv(r0, &(0x7f0000000300)=[{&(0x7f0000000380)=""/4096, 0x1000}], 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0) rt_sigaction(0xc, &(0x7f0000001400)={&(0x7f0000001380)="c4e2a9a768022626f00fbba9ca0000006466adc4e1c5f4b600000100f7ad0b000000c4c2b1be1dc4000000c4e3714bd6a5f2afd2490b8fc98895f9", 0x28000002, &(0x7f00000013c0)="36f20f585300c4e221b6c8c4c1f910ba059b04f4c4c2718e203e1b3ce6c4e2059d8b0080000065806ffc6e660f1c06dd8f000000808fc9b099b79984dda1", {[0x40, 0x80000000]}}, &(0x7f00000014c0)={&(0x7f0000001440)="c4e33d48f1d236f3abc4e1fc522af2a4660f38df3d05000000c4e21507c0556766a736f30fb83a8fc998987e58", 0x0, &(0x7f0000001480)="8fc90893d436660f5ce7c4c12dead22e1ddb0000000f12ca0ffe8100080000c4e369494f23fec4e17de74f536636ddb826c67392660f3801615f"}, 0x8, &(0x7f0000001500)) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) capset(&(0x7f0000000000)={0x20080522, r1}, &(0x7f0000000280)={0x0, 0xffffffff, 0x5, 0x81, 0xfffffdff, 0x400}) writev(0xffffffffffffffff, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff810000400e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r4, r2, &(0x7f00000000c0)=0x58, 0xa) 3.778196105s ago: executing program 0 (id=1441): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000540)={0x29c, r1, 0x1, 0x0, 0x0, {}, [@WGDEVICE_A_PEERS={0x274, 0x8, 0x0, 0x1, [{0xd8, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x8c, 0x9, 0x0, 0x1, [{0x88, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @loopback}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast1}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x1}}, @ipv6={{0x6}, {0x14, 0x2, @empty}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24, 0x1, @a_g}, @WGPEER_A_PRESHARED_KEY={0x24, 0x2, "eff93d58460ea431f2cb4a6894ddb2834088d7445bf5afdd0619ce173f1db717"}]}, {0x198, 0x0, 0x0, 0x1, [@WGPEER_A_ALLOWEDIPS={0x130, 0x9, 0x0, 0x1, [{0x4}, {0x88, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @private=0xa010100}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x1, 0x0}}}, {0x5, 0x3, 0x2}}, @ipv6={{0x6}, {0x14, 0x2, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, {0x5}}, @ipv6={{0x6}, {0x14, 0x2, @loopback={0x300}}, {0x5, 0x3, 0x2}}]}, {0xa0, 0x0, 0x0, 0x1, [@ipv4={{0x6}, {0x8, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @local}, {0x5, 0x3, 0x1}}, @ipv4={{0x6}, {0x8, 0x2, @private=0xa010101}, {0x5, 0x3, 0x2}}, @ipv4={{0x6}, {0x8, 0x2, @multicast2}, {0x5, 0x3, 0x3}}, @ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5}}, @ipv4={{0x6}, {0x8, 0x2, @initdev={0xac, 0x1e, 0x0, 0x0}}, {0x5, 0x3, 0x1}}]}]}, @WGPEER_A_PERSISTENT_KEEPALIVE_INTERVAL={0x6, 0x5, 0xc54}, @WGPEER_A_ALLOWEDIPS={0xc, 0x9, 0x0, 0x1, [{0x4}, {0x4}]}, @WGPEER_A_ALLOWEDIPS={0x2c, 0x9, 0x0, 0x1, [{0x28, 0x0, 0x0, 0x1, [@ipv6={{0x6}, {0x14, 0x2, @remote}, {0x5, 0x3, 0x2}}]}]}, @WGPEER_A_PUBLIC_KEY={0x24}]}]}, @WGDEVICE_A_IFNAME={0x14, 0x2, 'wg0\x00'}]}, 0x29c}, 0x1, 0x0, 0x0, 0x4004840}, 0x40000) 3.617537699s ago: executing program 0 (id=1442): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r1, &(0x7f00000bd000), 0x0, 0x4800) renameat2(0xffffffffffffffff, 0x0, 0xffffffffffffffff, 0x0, 0x9f93a01936cca86c) r2 = open_tree(0xffffffffffffffff, &(0x7f0000000000)='./file0\x00', 0x80801) mknodat(r2, &(0x7f0000000040)='./file0\x00', 0x1000, 0x8) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000080)={'vcan0\x00', 0x0}) r5 = syz_open_dev$evdev(&(0x7f0000000b80), 0x0, 0x0) ioctl$EVIOCSMASK(r5, 0x40104593, &(0x7f0000000140)={0x4, 0xfffffe00, 0x0}) bind$can_raw(r3, &(0x7f00000005c0), 0x10) setsockopt$SO_TIMESTAMP(r3, 0x1, 0x3f, &(0x7f0000001880)=0xd1, 0x4) r6 = socket(0x2c, 0x803, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r6, 0x89f1, &(0x7f0000000500)={'sit0\x00', &(0x7f0000000000)={'syztnl1\x00', 0x0, 0x8000, 0x0, 0x0, 0x3, {{0x5, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x29, 0x0, @multicast1, @private=0xa010101}}}}) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) socket$alg(0x26, 0x5, 0x0) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r6, 0x89f2, &(0x7f0000000500)={'syztnl1\x00', 0x0}) read(r3, &(0x7f00000027c0)=""/4073, 0xfe9) setsockopt$CAN_RAW_RECV_OWN_MSGS(r3, 0x65, 0x4, &(0x7f0000000580)=0x1, 0x4) sendmsg$can_raw(r3, &(0x7f0000000240)={&(0x7f0000000780)={0x1d, r4}, 0x10, &(0x7f0000000200)={&(0x7f00000007c0)=@can={{0x2, 0x0, 0x1, 0x1}, 0x1, 0x2, 0x0, 0x0, "f97003b8750e5566"}, 0x10}}, 0x10) 3.613350317s ago: executing program 1 (id=1443): r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x8002, 0x0) ppoll(&(0x7f0000000240)=[{r0, 0x2280}], 0x1, 0x0, 0x0, 0x0) r1 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000280), 0x8402, 0x0) r2 = epoll_create(0x8) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000740)={0x30000000}) close(r1) r3 = socket$caif_stream(0x25, 0x1, 0x5) shutdown(r3, 0x0) socket$kcm(0x10, 0x2, 0x0) r4 = io_uring_setup(0x5e0c, &(0x7f0000000140)={0x0, 0x2002, 0x100, 0x2, 0x1d0}) io_uring_register$IORING_UNREGISTER_RING_FDS(r4, 0x15, &(0x7f0000000000), 0x0) r5 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) r6 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001700)=ANY=[@ANYBLOB="1800000024000103000000000000000001"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r6, &(0x7f0000004ec0), 0x0, 0x2000, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), r7) sendmsg$NL80211_CMD_START_AP(r7, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="80000000", @ANYRES16=r8, @ANYBLOB="050000000000000000000200000008000300", @ANYRES32, @ANYBLOB="2d000e0080000000ffffffffffff08021100000008021100000000000000000000000000640000002503000000000000080026"], 0x80}}, 0x0) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_pr_hmac_sha256\x00'}, 0x58) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r10 = accept4(r9, 0x0, 0x0, 0x800) sendmmsg$alg(r10, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0x10}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048", 0x4d}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10", 0x48}], 0x3, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r10, &(0x7f00000002c0)={0x0, 0x0, &(0x7f00000015c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000001640)=""/83, 0x53}], 0x2}, 0x40002060) r11 = socket$inet(0x2, 0x2, 0x0) setsockopt$sock_int(r11, 0x1, 0xf, 0x0, 0x0) bind$inet(r11, &(0x7f0000000280)={0x2, 0x5e21, @local}, 0x10) r12 = socket$inet(0x2, 0x2, 0x0) bind$inet(r12, &(0x7f0000000280)={0x2, 0x5e21, @empty}, 0x10) ioctl$IOCTL_VMCI_VERSION2(r5, 0x7a7, &(0x7f0000000040)=0xb0000) 3.530606507s ago: executing program 2 (id=1444): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000680)=@newsa={0x16c, 0x10, 0x713, 0x0, 0x25dfdbfc, {{@in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x4e21, 0x2, 0x2, 0x0, 0x0, 0x3b, 0x0, 0xee00}, {@in6=@private1={0xfc, 0x1, '\x00', 0x1}, 0xfe, 0x32}, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, {0x0, 0x0, 0x0, 0x8, 0x0, 0x8000000, 0x0, 0x543}, {0x4, 0x7fffffffffffffff}, {}, 0x70bd28, 0x3500, 0x2, 0x4}, [@algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "217d66d38547aa140db8a200000000c538c7cb7a"}}, @encap={0x1c, 0x4, {0x19, 0x4e24, 0x4e24, @in6=@dev={0xfe, 0x80, '\x00', 0x2e}}}]}, 0x16c}, 0x1, 0x0, 0x0, 0x880}, 0x0) 3.447203945s ago: executing program 4 (id=1445): getdents(0xffffffffffffffff, 0x0, 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = openat$fb0(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x7, 0x2) io_setup(0x8, &(0x7f0000004200)=0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') io_submit(r1, 0x1, &(0x7f0000004540)=[&(0x7f0000004280)={0x0, 0x0, 0x0, 0x5, 0x0, r2, 0x0, 0x0, 0x0, 0x0, 0x2}]) read(r0, 0x0, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000000300), 0x1, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_READ(r3, 0xc2c45512, &(0x7f0000000340)={{0x7}, 0x0, [0x0, 0x800000, 0x0, 0x0, 0x0, 0x100000, 0x0, 0x4000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x6, 0x0, 0x1000000, 0x0, 0x0, 0x400000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xc13, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x8, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000]}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x19) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x8) madvise(&(0x7f000006b000/0x3000)=nil, 0x3000, 0x14) r4 = openat$apparmor_thread_current(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000680), r5) sendmsg$L2TP_CMD_TUNNEL_CREATE(r5, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)=ANY=[@ANYBLOB='X\x00', @ANYRES16=r6, @ANYBLOB="170900000000000000000100000005000700000000000800090000000000060002000000000008000a000000000008001800ac1414aa08001900ffffffff14001b00fe"], 0x58}, 0x1, 0x0, 0x0, 0x44000}, 0x0) ppoll(&(0x7f0000000080)=[{r4, 0x2020}, {r5, 0x1000}], 0x2, &(0x7f00000000c0), &(0x7f0000000100)={[0x6bd9, 0x3be6dd5]}, 0x8) socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_open_dev$vcsu(&(0x7f0000000140), 0x4, 0x40040) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f00000006c0)="34460a6889099df1f5dfae0df8674c6b4a6b5fcced4b363cc147eb8db18e70029c890177e433280d46a44635bbd24314cd70b2788f5a437523226ae65ab7504a690e88917b282a512015c2f15d404d02dd2efa7401d607352a16cde50de2ec51675ec2f73dd742cf66eabf61f598f61a0f0e3ee0b0ccc69201415d8e8663a95b60ca4ef29fc69a4171052711f714206b2734e20e97ba3a62e67ce1ee314dd7bcb80c816cd4600d98210d73b0dd51699e54996b51dd1c07474d36f9020f5e211a138064a2200776621d9256e8", 0xcc) ioctl$sock_SIOCSIFVLAN_SET_VLAN_NAME_TYPE_CMD(r7, 0x8983, &(0x7f0000000180)={0x6, 'team0\x00', {0xfffffffb}, 0x4}) syz_usb_connect$uac1(0x0, 0x94, &(0x7f0000000480)=ANY=[@ANYBLOB="12010000000000106b1d01014000010203010902820003010000000904000000010100000a24010000000201020c24020000000000000000000904010000010200000904010101010200000724010000000009050109000000000007250101000000090402000001020000090402010101ff0f0009240202000000000007240100000110090582"], 0x0) 3.266222205s ago: executing program 2 (id=1446): socket$netlink(0x10, 0x3, 0x10) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x4a2000, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$sock_int(0xffffffffffffffff, 0x1, 0xf, 0x0, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f00000001c0)={0x0, 0x0, 0x0}, 0x80) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x4, 0x8001, 0x0, 0xb49, 0x200000000002, 0x7, 0x8, 0x3}, 0x0) socket$kcm(0x2d, 0x2, 0x0) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x12) mlock2(&(0x7f00005c2000/0x1000)=nil, 0x1000, 0x1) pipe2$watch_queue(&(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x80) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = openat$cgroup_int(r3, &(0x7f0000001180)='hugetlb.2MB.rsvd.limit_in_bytes\x00', 0x2, 0x0) write$cgroup_subtree(r4, 0x0, 0x27) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) close_range(r5, 0xffffffffffffffff, 0x0) r6 = add_key(&(0x7f0000000140)='pkcs7_test\x00', &(0x7f0000000180)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffc) keyctl$KEYCTL_WATCH_KEY(0x20, r6, r2, 0x71) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000001880)=ANY=[@ANYBLOB="b700000000000000bfa30000000000000703000020feffff720af0fff8ffffff71a4f0ff0000000035040000500000001d400200000000000700000000000000b4030000000000001d440000000000007a0a00fe000000000f03000000000000b5000000000000009500000000000000033bc065b78111c6dfa041b63af4a3912435f1a864a7aad58db6a693002e7f3be361917adef6ee1c8a2a4f8ef1e50becb19bc461e91a7168e5181554a090f300020000fe275daf51efd601b6bf01c8e8b1b526375ee4dd6fcd82e4fee5bef7af9aa0d7d600c095199fe3ff3128e599b0eaebbdbd732c9cc00eec363e4a8f6456e2cc21557c0afc646cb7798b3e6440c2fbdb00a3e35208b0bb0d2cd829e65440000000000000000028610643a98d9ec21ead2ed51b104d4d91af2542ecbf28bf7076c15b463bebc72f526dd702529e9166d858fcd0e06dd31af9612fa402d0b1100886475923906f88b53987ad0c33d39000d06a59ff616236fd9aa58f0177184b6a89adaf17b0a6041bdef728d236619074d6ebdfd1f5089048ddff6da40f9411fe7226a40409d6e37c4f46756d31cb467600ade70063e5291569b33d21dae356e1c51f03a801be8189679a16da18ec0ae564162a27afea62d84f3a10076443d64364f56e24e6d2128c7e0ec82770c8204a1ddeed4155617572652d950ad31928b0b0c3dc2869f478341d02d0f5ad94b081fcd507acb4b9c65fee7dfcb59b854e9d5a17f48a7382f13d000000225d85ae49cee383dc5049076b98fb6853ab39a21514da60d2ae20cfb91d6a49964757cdf538f9ce2bdbb9893a5de817101ab062cd54e67051d3490dd97adab638cca595e487efbb2d71cde2c10f0bc6980fe78683ac5c0c31032599ddd71063be9261eee52216d009f4c52048ef8c126aeef5f510a8f1aded94a129e4aec6e8d9ab06faffc3a15d96c2ea3e2e04cfe031b287539d0540059fe6c7fe7cd8c83c3d8cbfedc038395342846e1b207974e425da5e7f009602a9f61d3804b3e0a1053abdc31282dfb15eb6841bb64a1b3045024a982f3c48153baae244e7bf573eac34b781337ad5905c6bbf1137548c7f1a4cad2422ee965a38f7defbd2960242b104e20dc2d9b0c35608d402ccdd9069bd50b994fda7a9de44022a579dfcd7ad0229cc0dc98816106dec28eaeb883418f562ae00003ea96d10f172c0374d6eed826416050000000bfe9b4a9c5a90ff59d54d1f9212c55318294270a1ad10c80fef7c24d47afce829ba0f85da6d888f18ea40ab959f6074ab2a40d85d1501783a7ab51380d7b4ead35a385e0000cf70a91c76e8b14de02b884114f244a9bf93f04bf072f0861f5c0b000000000000eedcf2ba1a9508f9d6aba582a896a9f1ffa968eacea75caf822a7a63ba34015ea52acb1188883ad2a3b1832371fe5bc621426d1ed0a4a99702cc1b6912a1e717d29135753208165b9cdbae2ed9dc7358f0ebadde0b727f27feeb7464dcc536cbae315c7d951680f6f2f9a6a8346962a350845ffa0d82884f79adc287906943408e6df3c391e97ba48db0a5adbfd03aac93df8866fb010ae20e92bed1fe39af169d2a466f0db6f3d9436a7d55fc30511d00000000c95265b2bd83d64a532869d701723fedcbad8508f7550cad7ec93af7fb1b50c75ba1ee7baa19faf67256b56a355b6a686ba99d0a8950f0937f778af083e055f5138a757ebd0ed91124a6b244f9acf41ac5d73a008364e0606a594817031fc2f52c8785fe0721719b3d654026c6ea08b83b123145ab5703dad844ceb201efeb6dc5f6a9037d2283c42efc54fa84323afc4c10eff462c8843187f1dd48ef0900000000000000ff0f40b10ca94f6feeb2893c17888e1cdba94a6ea80c33ead5722c3293a493f1479531dd88261458f40d31fe8df15efaaeea831555877f9538c6ee6ba65893ff1f908ba7554ba583ec7932f5954f31a878e2fae6691d1aee1da02ba516467df3e7d1daac43738612e4fee18a22da19fcdb4c2811e32f808890205f3a6da2819d2f9e77c7c64affa54fec0136cbafa5f62e96753b639a924599c1f69219927ea5301fff0a6063d427180d61542c2571f983e96735600000554f327a3535e7c7542799493c31ac05a7b57f03ca91a01ba2a30ca99e969d6fd09dc28ebc15ecb4d91675767999d146aef7799738b292fd64bbca48568325b2969e2b15f36b788bce5ccdbaf75c94cb93499f6947a967a7bce14c6de4e7c0660d80010f5c653d22d49030a8c2a4ab595bf4238f18ca428dafc7ac96d404607a0000000051a2104f22e6db5a62b5089c1b45282d38864daa3ae81d6b0968d1d2867b91b7d12096833d6864da40b54783a17aaeb6737c323f9f98e354cc98dcfe23ad01bd1c61563e69ffe1c2c73e1661261173f359e93d2c5e424c17998809ec8f0232b3955e052a4cecd89008f70314a0bdd491ec86a4555d89fe0120f64c62e8e3ed8bcb45202c204bbec8d722824c0ebca8db1ea4a003ebfbdc1f9be78537756ab5bbe4fe7ff5d785d0128171c90d9900ca2532b0f9d01c4b45294fbba468df3e1b393cb4e62e753b4172ba7ac1f2b51c94bc5d047899fd219f448bf9189c65c9d91eda6b52a373803a9efe44f86909bc90addb7b9aee813df534aac4b3093c91b8068cd849904568916694d461b76a58d88cf0f520310a1e9fdc18cde98d662eee077515d0a881192292ffff5392ab3d1311b82432662806add87047f601fa888400000000000000000000000000006acc19808d7cf29bc974b0ea92499a419aa095e203c1bafbb9b9a7c2bca311a28ee4952f2d325a56390578f12205db653a536f0100e0eda300a43a13bd1b9f3322405d1e1979e578dc6b3fb84f3738a4b6caa800000087efa51c5d95ecba4e50e529d1e8c89600e809dc3d0a2f65579e23457949a508460f2d0455cf79a43746979f99f60037e84fb478199dc1020f4beb98b8074bf7df8b5e783637da7418fd3aa81cff202c5afeb06e2f9115558ea12f92d7ae633d44086b3f03b20d546fa66a72e38207c9d20035ab63de71a30f1240de52536941242d23896ab74a3c6670fdc49c14f34fc4eadd6db8d80eba439772bf60a1db18c472dafc5569adc282928d2a1ffe29f1a57d3f18f4edaeb5d37918e6fddcd821da67a0785585a4443440dc65600e64a6a274000000000000000000000000000000000000000000000009dd14b38f2f4426d7cf5075047c31f6ce6adde305ac649c0643c8bfbeb14ba1fd7a485aa893915cf81e29aaf375e904bbe52691a4120260ffcd8f1d04166d291ebcef893e1b9ccb6797d0646fe0d0274434f28efb43e06e64f0698caca42f4e6018a455736c482a017e2b13dac4a90faa109f0e87cc94e3efb649692456463ca74aa6ad4bf50c1acb3928143be1c1023a375e528285544d0064b98646f3109e9a4942ce42c6e7ec84b664f6c2770803f10baa804a707f0a1fcbfc37f1eb7ceeffb3c0547ac6571603adbfde4c8b5f8d7f4b854441613633b48865b65bdc415e1e0dcf672d68cf4cebf04f4bc1ecbf560a26d3b332240d450fdb0a9a69f432e277f3a0386eb2bd1305c821c64757f786b79fef54dbe64c67d73934bc80b2133fb3c04cc7ea48bf97a6243c9f95dcbddecf45f008f1822c7868e1ff5a3cbf5d6b6898335792747588d49df7b1f51e91f8c1c3b1b93b33aaa3fab69cef08a9f6f6cf39dea3d878b2ed42545421970cc426e644332bc956d1c6adefdf0ede2c5c94aa632646ae225accdf031f611d01622921f1b922a5ac887cca3136133dce8d9f5f4da7bed2ea5d943622000000000000000000000000000000000000000000000000000000000000000000000000000000000000f112fc8a4942d7453cf29cbbef3a567ea0a2a8a0561dfb6cfe7f1812405e1a092b382adc0698c377b0a1f49afb6ba26f8e28cf68b0065857b36276931c318cb84f748a26c4d81a0322ce21e7d9c002006cf8ac6402e036cf9344a1cb1b8603276000144268a0aa584a92188f55318dde1d1b09319c00d0de3471ab4243ac0f49516a690c514ba6449f0a804fcac3f30bf4a933d32c889283aa092cca9aa349b624c5ed2b66fa0439f54f83c9ff8be083221609c8696433da46c91ac52e5b1d159daed1af0cda0ee05ae770a7ea467d5602b441e748b7f22496f8453fb6b7cc2dd3a8ce15fd76387fc02d4e2b7b4502a80000000000000000000000000000000000000000e046c0756c0955a81165e4212a1a58334fe51269f228ad32fba2bdae0172278d3bb48c370f6b59c0c7ba9b0aaae317d3f8104fd696bc76268923c396b017003ddcd205c05311dcae277e5b8be55040075ded0b1354ad4d297e75df75f997a67b5ba49a4cb3c0d762931ba9bb3384da0f4bfd9d6c34e1aeb5cc9ae6e1e8cee5de912162069ab837b775977c775c5182e4f8d812b7028ce54345f16c18d32e35be92f288ed45aa8f61d08198a467fbb680a6076f7e049bd51c2493ffaddc2fbae6ce72d09d0fe958c4738d15505d8cf1898272503afe6164bbda60998a50481661f3db"], &(0x7f00000001c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x0, 0x10, &(0x7f0000000000), 0xfffffffffffffd00, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYRESDEC], 0x50}}, 0x4000850) socket(0x10, 0x3, 0x0) socket$rds(0x15, 0x5, 0x0) mkdir(&(0x7f00000001c0)='./file0\x00', 0x7c) 2.72216131s ago: executing program 0 (id=1447): mmap(&(0x7f00002f9000/0x4000)=nil, 0x4000, 0x2, 0x31, 0xffffffffffffffff, 0x0) syz_open_dev$video4linux(&(0x7f00000010c0), 0x4, 0x40000) r0 = syz_open_dev$sg(&(0x7f00000002c0), 0x0, 0x9840) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, 0x0, 0x0) connect$inet(r1, &(0x7f0000000480)={0x2, 0x4e20, @multicast2}, 0x10) sendmmsg(r1, &(0x7f0000007fc0), 0x800001d, 0x0) syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000840)=ANY=[@ANYBLOB="1201000000000040c50f80b000000200000109022400010000200009040000010300662f092100000001220300090581690000000800513dbe2ee11700e440377c27f77d13170ab70ef5898de3433ff17612608c04e1810678df1c56b6d8e290ffa8cd1a207a3a78b50f6beee1fef8dac3205c5cec685009708b3b1f9ced495f295f8146392d17ee64cb1d677ea6e277e7c1fd30ae251224483d5d086765eef0810cffbddaad931028dfd551bde8acef444ff0c14f80ab28e441f9a29ffa190400b63ad5dadc"], 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) unshare(0x2040400) fcntl$setlease(r3, 0x400, 0x2) sendmsg$nl_route_sched(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000007c0)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0x9}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x0, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x8c0}, 0x0) ioctl$SG_IO(r0, 0x2285, &(0x7f0000000040)={0x0, 0xfffffffffffffffc, 0x6, 0x1, @buffer={0x300, 0x0, 0x0}, &(0x7f0000000380)="379374c96ee3", 0x0, 0x2, 0x14, 0x0, 0x0}) r4 = fsopen(&(0x7f00000029c0)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r4, 0x1, &(0x7f0000000ac0)='gid', &(0x7f0000000440)='0\x00#\x00\xd0\x00 \x00\x00qS\x00\x00\x00\x00\x00\x00\x00\x00$\xf6_\xbdI\x1c\xf2\xa9]\xcc\xe0*\xef\x01\x8d\x15\xd2h\x93\xc9\xb57\xc3\xea\\Eb\xf8\xe6,\xdf\xd4\xfae\x84\xcc\xd5\"d\xf0D-\x98\x9f\x81{\xfc$\xc4\xbcF\xf8\xc8\x8d\xcb\xb8\xf2\x1e\xe4\'U\xb3\xb8\xd3\xe6\xd7\x80Y\xc2\xeb\n\xb8_\xe8\x96YY\xe3\xc7\xe6\xf28\x19\xa6\xa7\xfa\xdb\x1ce\xc1\x03\x86J\xb2fh\x19\xee#\xcc\x0f\xed\xfea\xdc\x88\xcb%bW\xd35\xda=\xac\x1d\xae\x93\xfd\'T6\x94\n\xa4\x9cU\xc4\fA~[\xbf\x8b\x90\xfe\x04\xe7U\xf3h\x81\x14l7u\x95\x96t\\\x0f\xef;\x03\xa4C\xbc(Vc!a\xc1\xe39\xc6b\x905\xf8\xc9@h\x01\xf5\xcb\x88\xdf9\xaf5\xc8a:z\xe4\xcbag&67\x814\xf6}\xe10v6l\xd6,\x1e\xa0\xcc\xbf\xfdkm\b?\x839\x85N\x1c\xc1\xcb\xfc\x85\xd2\n\x02\"\xf2\x81g\x90\x01n%\x7f_\xe1.f>>\xa5\xfb\"\xab\xdb\x06\x12e\x14\x11~\x9a\bR-\x85\xc3\xa9\xe6\xf6R\x11\"\xc3\xc9\xfc\x14s X\xec\xdd\xc2qB\x85\xf0\xd7\x04\xdd<\x9a\x84\'\xa3\xf1\xd9<\xb9k', 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) truncate(&(0x7f0000000700)='./file0\x00', 0xffff3c1b) syz_clone(0x640c7400, 0x0, 0x0, 0x0, 0x0, 0x0) socket$inet6_udplite(0xa, 0x2, 0x88) mmap(&(0x7f0000000000/0x95c000)=nil, 0x95c000, 0x2000007, 0x8c4b815a5465c2b1, 0xffffffffffffffff, 0x0) set_mempolicy(0x2002, &(0x7f0000000000)=0xc, 0x9) inotify_init() socket$isdn(0x22, 0x3, 0x24) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000580)=ANY=[@ANYBLOB="3c000000100001002dbd7000fedbdf2500000000", @ANYRES32=0x0, @ANYBLOB="1843010000000000140003007866726d30000000000000000000000008001a8004000a802620bef8bc7fe2b8bf94e5ba77ee57a2d978bac96dbc5df95028f1ddcbc49053bdb2df293720571f5fcc59fe46d810b0002e8b900b0f4bb99924c8094976a9b4f3e820e160639dae8c7bd8fd7924f7416c2588899b5600692c1f3e8f2be36c1c8da1a161657ad0"], 0x3c}, 0x1, 0x0, 0x0, 0x4000884}, 0x0) r6 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'veth1_macvtap\x00', 0x0}) r8 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000100)=ANY=[@ANYBLOB='p\x00[\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00g\x00\x00\x00\x00\x00', @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800b0001006d616373656300000400028008000500", @ANYRES32=r7, @ANYBLOB="08001f0005"], 0x70}}, 0x20000400) 2.657185951s ago: executing program 1 (id=1448): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$IP6T_SO_SET_REPLACE(r0, 0x29, 0x40, &(0x7f0000000440)=@raw={'raw\x00', 0x3c1, 0x3, 0x340, 0x140, 0x111, 0x4b4, 0x140, 0xd4feffff, 0x278, 0x20a, 0x278, 0x278, 0x278, 0x3, 0x0, {[{{@ipv6={@dev={0xfe, 0x80, '\x00', 0x24}, @mcast2, [0xffffffff, 0xffffffff, 0xffffffff, 0xff], [0xff000000, 0xffffff00, 0xff], 'bond_slave_0\x00', 'veth1_to_bridge\x00', {}, {0xff}, 0x33, 0x2, 0x4, 0x2}, 0x0, 0x10c, 0x140, 0x111, {}, [@inet=@rpfilter={{0x24}}, @common=@unspec=@helper={{0x44}, {0x0, 'irc-20000\x00'}}]}, @common=@inet=@SET3={0x34, 'SET\x00', 0x3, {{0xffffffffffffffff, 0x1}, {0x0, 0x1, 0x4}, {0x2, 0x0, 0x7}, 0x4b5, 0xd}}}, {{@uncond, 0x0, 0xd0, 0x138, 0x0, {}, [@common=@inet=@ipcomp={{0x2c}, {[0x4d6, 0x4d2]}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x3, 0x7, 0x7, 0xf2e5, 'snmp\x00', 'syz0\x00', {0x2}}}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x39c) 2.562361967s ago: executing program 4 (id=1449): mlock2(&(0x7f0000ffc000/0x3000)=nil, 0x3000, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000280)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a30000000003c000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a30000000000800054000000004440000001e0a05020000000000000000010000000900020073797a32000000001800038014000080100001800400028008000180000000000904010073797a30000000001400000010000100000000000000000000000a0a64171cdebfae02f54056be404e17f8e3afa468c6e998425c5bcc3ed4a20e5640e7674fb0b2a7"], 0xc8}}, 0x0) r1 = epoll_create1(0x80000) r2 = socket$unix(0x1, 0x1, 0x0) close(r2) socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$sock_int(r0, 0x1, 0x2, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETTABLE(r3, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000003c0)=ANY=[@ANYRES16=0x0], 0x20}, 0x1, 0x0, 0x0, 0x8094}, 0x2c008001) read$FUSE(0xffffffffffffffff, 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000000), 0x20001, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f00000001c0), 0x2000, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) openat$binfmt_register(0xffffff9c, &(0x7f0000000380), 0x1, 0x0) syz_open_dev$sndctrl(&(0x7f0000000040), 0xfffffffc, 0x208100) openat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x42, 0x1ff) openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x80882) openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x161042, 0x0) openat(0xffffffffffffffff, &(0x7f0000000100)='./file0\x00', 0x40200, 0x100) openat(0xffffffffffffffff, 0x0, 0x7e9380, 0xa1) creat(&(0x7f00000001c0)='./file0\x00', 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x49, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x40880) r4 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000140)=ANY=[@ANYBLOB="1201000000000020961b0800000000000001090224000100004020090400000103000000092107000001220500090581030002060000a4dceecfdb1c8e112c79e110ef264ebedb4bfd18bd4cf84923cd73"], 0x0) syz_usb_control_io(r4, 0x0, 0x0) mbind(&(0x7f0000ffb000/0x3000)=nil, 0x3000, 0x4003, &(0x7f0000000000)=0x6, 0x5, 0x2) 2.498216959s ago: executing program 1 (id=1450): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r0) sendmsg$TIPC_NL_BEARER_ENABLE(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000440)=ANY=[@ANYBLOB='l\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="01000000002200000000030000005800018044000400200001000a000000000000002d3a000000000000405f000000002e2d00000000200002000a00000000000000fc010000000000000000000000000000000000000d0001007564703a73bc"], 0x6c}}, 0x0) 2.154471764s ago: executing program 1 (id=1452): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) prlimit64(r0, 0xe, &(0x7f0000000140)={0x3, 0x32}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) syz_usb_connect(0x3, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x61, 0xf2, 0xbf, 0x10, 0x1199, 0x6821, 0xf7f7, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x6, 0x0, 0x0, 0x10, 0xa6, 0xa0}}]}}]}}, 0x0) 2.088406678s ago: executing program 3 (id=1453): unshare(0x68040200) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3, 0x8031, 0xffffffffffffffff, 0xfffff000) syz_genetlink_get_family_id$l2tp(0x0, 0xffffffffffffffff) r0 = socket(0x10, 0x80002, 0x0) sendmsg(r0, &(0x7f0000001180)={0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000040)="24000000180003041dfffd946f610500020100000005fe060c10880008000f00fff3c00e", 0x24}], 0x1}, 0x0) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000700)=@newsa={0x144, 0x10, 0x1, 0x8000000, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@empty}, {@in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x33}, @in=@local, {0x4000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x5680000000}, {0x10, 0x9}, 0x0, 0x0, 0x2, 0x1}, [@offload={0xc, 0x1c, {0x0, 0x1}}, @algo_auth={0x48, 0x1, {{'sha256\x00'}}}]}, 0x144}}, 0x0) 1.914722459s ago: executing program 2 (id=1454): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000380)=0x1f40) r2 = socket$unix(0x1, 0x5, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10) sendmsg$can_bcm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRESDEC=r2, @ANYRES64=0x0, @ANYRES64=r2], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff11}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x88}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x74}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r5, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r7 = accept4(r5, 0x0, 0x0, 0x0) getpeername$packet(r7, &(0x7f0000000280), &(0x7f00000003c0)=0x14) 1.74968231s ago: executing program 2 (id=1455): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000000140)) timer_settime(0x0, 0x0, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) readv(r0, &(0x7f0000000300)=[{&(0x7f0000000380)=""/4096, 0x1000}], 0x1) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) r2 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000080)='/proc/partitions\x00', 0x0, 0x0) rt_sigaction(0xc, &(0x7f0000001400)={&(0x7f0000001380)="c4e2a9a768022626f00fbba9ca0000006466adc4e1c5f4b600000100f7ad0b000000c4c2b1be1dc4000000c4e3714bd6a5f2afd2490b8fc98895f9", 0x28000002, &(0x7f00000013c0)="36f20f585300c4e221b6c8c4c1f910ba059b04f4c4c2718e203e1b3ce6c4e2059d8b0080000065806ffc6e660f1c06dd8f000000808fc9b099b79984dda1", {[0x40, 0x80000000]}}, &(0x7f00000014c0)={&(0x7f0000001440)="c4e33d48f1d236f3abc4e1fc522af2a4660f38df3d05000000c4e21507c0556766a736f30fb83a8fc998987e58", 0x0, &(0x7f0000001480)="8fc90893d436660f5ce7c4c12dead22e1ddb0000000f12ca0ffe8100080000c4e369494f23fec4e17de74f536636ddb826c67392660f3801615f"}, 0x8, &(0x7f0000001500)) r3 = socket$inet6(0xa, 0x2, 0x0) bind$inet6(r3, &(0x7f0000000040)={0xa, 0xe22}, 0x1c) capset(&(0x7f0000000000)={0x20080522, r1}, &(0x7f0000000280)={0x0, 0xffffffff, 0x5, 0x81, 0xfffffdff, 0x400}) writev(0xffffffffffffffff, &(0x7f0000001200)=[{&(0x7f0000000080)="580000001400add427323b472545b45602117fffffff810000400e227f000001925aa80020007b00090080007f000006e809000000ff0000f03ac71002000000ffffffffffffffffffe7ee00000000000000000200000000", 0x58}], 0x1) r4 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) sendfile(r4, r2, &(0x7f00000000c0)=0x58, 0xa) 1.646694505s ago: executing program 4 (id=1456): r0 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_tx_ring(r0, 0x107, 0xd, &(0x7f0000000040)=@req3={0x10000, 0x100000001, 0x10000, 0x3}, 0x1c) fsync(r0) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) r2 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$inet_sctp6_SCTP_PRIMARY_ADDR(r1, 0x84, 0x6, &(0x7f0000000500)={0x0, @in={{0x2, 0x4e24, @rand_addr=0x64010101}}}, &(0x7f0000000180)=0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f00000001c0)={r3, 0xb0, &(0x7f00000005c0)=[@in6={0xa, 0x4e22, 0x1, @private0, 0x5}, @in6={0xa, 0x4e21, 0x0, @mcast1, 0x800}, @in={0x2, 0x4e21, @rand_addr=0x64010102}, @in6={0xa, 0x4e22, 0x55, @private0={0xfc, 0x0, '\x00', 0x1}, 0x2354}, @in={0x2, 0x4e24, @multicast1}, @in6={0xa, 0x4e22, 0x2, @private0, 0x1}, @in={0x2, 0x4e20, @local}, @in={0x2, 0x4e22, @private=0xa010102}]}, &(0x7f0000000680)=0xc) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x8, 0x4, &(0x7f0000000100)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1ff}, [@call={0x85, 0x0, 0x0, 0xd1}]}, &(0x7f0000000500)='GPL\x00', 0x4, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) r5 = socket(0x28, 0x5, 0x0) r6 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r6, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r6, 0x107, 0x5, &(0x7f0000000040)=@req3={0x1000, 0x3a, 0x1800, 0x3a, 0xfffffffc, 0xff, 0x80000000}, 0x1c) connect$pppl2tp(r5, &(0x7f0000000280)=@pppol2tpin6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x3, 0x4, 0x3, 0x0, {0xa, 0x4e22, 0x8, @mcast1, 0x8}}}, 0x32) mbind(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x8000, &(0x7f0000000140)=0x8000000000000001, 0x2, 0x3) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000002c0)=ANY=[@ANYBLOB="38000000e232110fb5d8eaae9220d70e7378fba5f6473ebb9ee8acc6287fbd28e3a4e32ae575702fdfbbe66736721076ec6e88774771387f856d03b421cdb9c9ca1723e258fa78d56ec8d42a3f9876d7c8ba78c40f034ab4018131d10a159a72973cb173c5af0cd9fc05cb0b7e95b493ede3110350f71a17578c2464fd398ece4132c52471c3f57dfeff0eefa66fef672c74a8713a7a4ef48f3fdbfeb734686ff98438cedeb2efb1de86f0d3cc000800003d5823ffffffffffffffff5263b11bd815686cc0d537b1948c1efec0171f21dbea000c1e956cfcc29128617420557f5e61cc226ddf5abbeef3b19ed3a062ed18c76888e5ba2460e4310825f9ec785b2d0b922753abf45ef6091ae26e746383082d853506dd75e07c59fca767799364059998d8e2cb125917bb1932c17df35b8ef9081508d2392d027d78ae3410b0aa544c54a938ec005bdd95d4659ff73aa90050dcdcd3fd62e645afbfa20122557c883482aaed6354b3a739d94c37b742ec554be21db18f01a036bfafc821e84f08786a462ae8ff356ba51ff50fe8df4d81e2a95a537b14814915d0b1c1096f3a815c047daed85b0f38dde1d8cbcdb651f63f36050000009a5c5f0b813d72deeef85743758de0df453bdb48bd6b89dbc555ea6becc527c67782d93dd76deb2a8a20b80479388cc65795fc1d28b91d0a4c4201", @ANYRES16=r0, @ANYBLOB="010000000000000000003900000008000300", @ANYRES32=r4, @ANYBLOB="1c005a801800018014000300090001040001fcff010000f800000080"], 0x38}, 0x1, 0x0, 0x0, 0x4000801}, 0x40010) getsockopt$inet_sctp6_SCTP_RESET_STREAMS(r1, 0x84, 0x77, 0x0, &(0x7f0000001200)) sendmmsg$sock(r0, &(0x7f0000000740)=[{{&(0x7f0000000080)=@phonet={0x23, 0xfd, 0x0, 0x7}, 0x80, 0x0, 0x0, &(0x7f0000000240)=[@txtime={{0x18}}], 0x18}}], 0x1, 0x0) r7 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r7, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x30000, 0x4) r8 = syz_open_dev$usbfs(&(0x7f0000000100), 0x77, 0x101301) openat$snapshot(0xffffffffffffff9c, &(0x7f0000000000), 0x481, 0x0) ioctl$USBDEVFS_CONTROL(r8, 0xc0105500, &(0x7f0000000040)={0x0, 0x3, 0x1, 0x3, 0x0, 0x20007, 0x0}) 1.083336602s ago: executing program 4 (id=1457): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000280)=@newsa={0x160, 0x10, 0x1, 0x8000000, 0x0, {{@in=@initdev={0xac, 0x1e, 0x0, 0x0}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x0, 0x20}, {@in=@broadcast, 0x0, 0x33}, @in=@local, {0x2000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff}, {0x5680000000}, {0x10, 0x9, 0x2}, 0x0, 0x0, 0x2, 0x1}, [@algo_auth={0x48, 0x1, {{'sha256\x00'}}}, @XFRMA_SET_MARK={0x8, 0x1d, 0xfffffffe}, @replay_esn_val={0x20, 0x17, {0x1, 0x70bd2b, 0x70bd25, 0x70bd2d, 0x70bd2d, 0x6, [0x57054dd1]}}]}, 0x160}}, 0x0) 1.024248973s ago: executing program 2 (id=1458): ioprio_set$uid(0x3, 0x0, 0x0) (async) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5}, 0x0) (async) r0 = openat$nullb(0xffffffffffffff9c, &(0x7f00000000c0), 0xc102, 0x0) (async) r1 = socket$alg(0x26, 0x5, 0x0) ioctl$KVM_SET_GSI_ROUTING(0xffffffffffffffff, 0x4008ae6a, &(0x7f0000000300)=ANY=[@ANYBLOB="080000000000000001000100030000000000000000000000030000009349000003000000000024000000000000000000000000000000000000ffffff04000000000000000000000000000000000000000000000000000000ef0000000000000006000000f5ffffffeed300000500000001000000000000000b0000000101000000000000000000000000000000000000000000000000000007000000040000000000000000000000090000000000000004000000000000000600000000000000ff000000ff7f0000010001000100000000000000000000000000000000000000171f0000000000000500000000000000100000000001000000000a00030000000000000000000000000100ffff010000000000000000000000000000000000000000040000020000000000000000000000080000000004000000000000000000000000000000000000000000000000000001000000050000000100000000000000feffffff50000000000000800200"/392]) (async) bind$alg(r1, &(0x7f0000000740)={0x26, 'hash\x00', 0x0, 0x0, 'xxhash64-generic\x00'}, 0x58) (async) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x9) mkdir(&(0x7f00000020c0)='./file0\x00', 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) (async) timer_create(0x0, &(0x7f0000000080)={0x0, 0x11, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000000)) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) (async) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) (async, rerun: 64) alarm(0x81) (async, rerun: 64) alarm(0x8) (async, rerun: 64) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x3, 0x200000005c832, 0xffffffffffffffff, 0x0) (async, rerun: 64) r2 = userfaultfd(0x801) ioctl$UFFDIO_API(r2, 0xc018aa3f, &(0x7f00000000c0)) (async) ioctl$UFFDIO_REGISTER(r2, 0xc020aa00, &(0x7f0000000380)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r2, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f00008c1000/0x4000)=nil, 0x800000}) (async, rerun: 64) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) (rerun: 64) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r3, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) (async) lgetxattr(&(0x7f0000000180)='./file0\x00', &(0x7f00000001c0)=@known='system.posix_acl_default\x00', 0x0, 0x0) (async) r4 = accept4(r1, 0x0, 0x0, 0x0) sendto$packet(r4, &(0x7f00000002c0)='H5', 0x2, 0x20000001, 0x0, 0x0) (async) sendfile(r0, r0, 0x0, 0x40008) getsockopt$sock_cred(0xffffffffffffffff, 0x1, 0x11, &(0x7f0000000000)={0x0}, &(0x7f0000000040)=0xc) sched_setattr(r5, &(0x7f0000000080)={0x38, 0x6, 0x10000000, 0x2, 0x2, 0x53, 0x70b, 0xfff, 0x9, 0x6}, 0x0) 818.210377ms ago: executing program 4 (id=1459): r0 = io_uring_setup(0xd1b, &(0x7f0000000300)={0x0, 0xa06c, 0x0, 0x5, 0x28b}) io_uring_register$IORING_REGISTER_FILES(r0, 0x20, 0x0, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = eventfd(0x5) ioctl$KVM_IOEVENTFD(0xffffffffffffffff, 0x4040ae79, &(0x7f0000000100)={0x1, 0x80a0000, 0xa, r3, 0x3}) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r2, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000004c0)={0x30, r4, 0x1, 0x70bd29, 0x0, {{}, {@val={0x8, 0x3, r5}, @void}}, [@NL80211_ATTR_TX_RATES={0x14, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x10, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HT={0x6, 0x2, [{0x5}, {0x5, 0x7}]}, @NL80211_TXRATE_LEGACY={0x4}]}]}]}, 0x30}, 0x1, 0x0, 0x0, 0x4000801}, 0x0) r6 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$inet_int(r6, 0x0, 0x6, &(0x7f0000000040)=0xf, 0x4) sendto$inet(r6, &(0x7f0000000000)="f461c5bbd7000083", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x4e23, @empty}, 0x10) recvmmsg(r6, &(0x7f0000000180)=[{{0x0, 0x0, 0x0}, 0x8005}, {{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f00000001c0)=""/72, 0x48}, {&(0x7f00000003c0)=""/135, 0x87}], 0x2}, 0x9}], 0x2, 0x0, 0x0) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000340)=ANY=[@ANYBLOB="6000000002060502000000000000000000000000140007800800114000000000050015000c00000005000100060000e0050005000200000005000400000000000900020073797a310000000011000300686173683a69702c706f7274"], 0x60}}, 0x0) 791.307007ms ago: executing program 2 (id=1460): syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0x82, 0x2a, 0x32, 0x10, 0xac8, 0x321, 0xf189, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xf1, 0x5, 0x1, 0x71, 0xc0, 0x27, 0x0, [], [{{0x9, 0x5, 0x8, 0x2, 0x3ff}}]}}]}}]}}, 0x0) 762.904522ms ago: executing program 3 (id=1461): r0 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) r1 = syz_open_dev$vim2m(&(0x7f0000000040), 0x7, 0x2) ioctl$vim2m_VIDIOC_G_FMT(r1, 0xc0cc5604, &(0x7f0000000240)={0x3, @pix={0xae, 0x4, 0x32314247, 0x6, 0xee, 0x9, 0xc, 0x6, 0x0, 0x3, 0x2, 0x4}}) ftruncate(r0, 0x8979) r2 = socket$packet(0x11, 0x2, 0x300) setsockopt$packet_int(r2, 0x107, 0x12, &(0x7f0000000100)=0x80, 0x4) getsockopt$packet_int(r2, 0x107, 0x12, 0x0, &(0x7f0000001600)) 705.9772ms ago: executing program 1 (id=1462): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$usbmon(&(0x7f0000000280), 0x800, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000c80)=@newlink={0x38, 0x10, 0x439, 0x0, 0xffffffff, {0x0, 0x0, 0xe403, 0x0, 0x0, 0x610c3}, [@IFLA_LINKINFO={0x18, 0x12, 0x0, 0x1, @sit={{0x8}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPTUN_PROTO={0x5}]}}}]}, 0x38}}, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_FASTOPEN_KEY(r4, 0x6, 0x21, &(0x7f0000000240)="f75e3ea3f0072df381aa8b03d3a6cce5", 0x10) syz_genetlink_get_family_id$team(&(0x7f0000000200), r3) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=ANY=[@ANYBLOB="5000000010000104000000050000000000000000", @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800e00010069703665727370616e000000100002800400120005001600010000000a000100ff"], 0x50}, 0x1, 0x0, 0x0, 0x8000}, 0x4000000) mknod(&(0x7f0000000180)='./file0\x00', 0x40, 0x80000000) sendmsg$ETHTOOL_MSG_DEBUG_GET(0xffffffffffffffff, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000000)={0x2c, 0x0, 0x1, 0x70bd25, 0x25dfdbfe, {}, [@HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'syz_tun\x00'}]}]}, 0x2c}}, 0x40) ioctl$ifreq_SIOCGIFINDEX_team(r3, 0x8933, &(0x7f0000000340)={'team0\x00', 0x0}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000380)={'syztnl2\x00', &(0x7f0000000400)={'erspan0\x00', 0x0, 0x700, 0x20, 0xa92, 0x0, {{0x2f, 0x4, 0x3, 0x12, 0xbc, 0x64, 0x0, 0x2b, 0x4, 0x0, @loopback, @dev={0xac, 0x14, 0x14, 0x32}, {[@ssrr={0x89, 0x7, 0xed, [@multicast2]}, @ra={0x94, 0x4, 0x1}, @rr={0x7, 0x2b, 0xcf, [@initdev={0xac, 0x1e, 0x0, 0x0}, @multicast1, @local, @multicast2, @multicast1, @loopback, @loopback, @remote, @remote, @remote]}, @end, @lsrr={0x83, 0xf, 0x98, [@multicast2, @remote, @remote]}, @timestamp_prespec={0x44, 0xc, 0x28, 0x3, 0x0, [{@dev={0xac, 0x14, 0x14, 0x1e}, 0x9}]}, @cipso={0x86, 0x50, 0x3, [{0x6, 0x2}, {0x0, 0x9, "8206b55f77f25c"}, {0x0, 0xd, "d0849bbc64b360b98d1505"}, {0x5, 0xe, "45a8989697d6935cdd57fdf1"}, {0x0, 0x11, "10fac25f6c31ee4657c2281adf23a9"}, {0x1, 0x3, "14"}, {0x2, 0x10, "50d1c24cddaee1c0d596420a35d2"}]}, @generic={0x94, 0x5, "c2dd28"}]}}}}}) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(0xffffffffffffffff, 0x89f2, &(0x7f0000000600)={'sit0\x00', &(0x7f0000000540)={'syztnl2\x00', 0x0, 0x10, 0x700, 0x6, 0x9, {{0x1f, 0x4, 0x2, 0x0, 0x7c, 0x64, 0x0, 0x8, 0x29, 0x0, @rand_addr=0x64010100, @private=0xa010101, {[@rr={0x7, 0x1b, 0xc4, [@rand_addr=0x64010100, @private=0x1, @rand_addr=0x64010102, @remote, @empty, @broadcast]}, @generic={0x88, 0x6, "5b07fc40"}, @timestamp_prespec={0x44, 0x44, 0xcb, 0x3, 0x9, [{@loopback, 0x7}, {@rand_addr=0x64010102, 0x3}, {@empty, 0x2}, {@remote, 0x1}, {@empty, 0x6}, {@dev={0xac, 0x14, 0x14, 0x10}, 0x1}, {@private=0xa010100, 0x5}, {@multicast2, 0x6}]}]}}}}}) getsockopt$inet6_mreq(r0, 0x29, 0x15, &(0x7f0000000640)={@local, 0x0}, &(0x7f0000000680)=0x14) r9 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r9, 0x8933, &(0x7f0000000240)={'syz_tun\x00', 0x0}) bind$packet(r9, &(0x7f0000000300)={0x11, 0x0, r10, 0x1, 0x0, 0x6, @remote}, 0x14) r11 = socket$packet(0x11, 0x3, 0x300) bind$packet(r11, &(0x7f0000000000)={0x11, 0x0, r10, 0x1, 0x10, 0x6, @link_local}, 0x14) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) r13 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r12, 0x8933, &(0x7f0000000380)={'vcan0\x00', 0x0}) connect$can_bcm(r13, &(0x7f0000000040)={0x1d, r14}, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_GET(r3, &(0x7f0000000780)={&(0x7f0000000300)={0x10, 0x0, 0x0, 0x2000}, 0xc, &(0x7f0000000740)={&(0x7f00000006c0)={0x74, 0x0, 0x400, 0x70bd25, 0x25dfdbfd, {}, [@HEADER={0x44, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r5}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r6}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x2}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r7}, @ETHTOOL_A_HEADER_FLAGS={0x8, 0x3, 0x3}]}, @HEADER={0x1c, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r8}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r10}, @ETHTOOL_A_HEADER_DEV_INDEX={0x8, 0x1, r14}]}]}, 0x74}, 0x1, 0x0, 0x0, 0x40}, 0x40041) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) prctl$PR_SCHED_CORE(0x3e, 0x0, 0x0, 0x0, &(0x7f00000000c0)) openat$snapshot(0xffffff9c, &(0x7f00000001c0), 0x200100, 0x0) sendmsg$nl_generic(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=ANY=[@ANYBLOB="140000003800010326bd7002fadbdf2505e2345d0296db596f1c45d716ae96700907ac6b7f36e6a14d2114f608de1071590f575055eb9336963d8a5ad35045b45cf2ad1b5cf119dbb773a5d6994963665765e12626f1b6cc4a836f49a09569ae110b99213c4e5875b7eb8a62400b79e95c6abf1ae5b5ba4edbc04c647daf0982dafc148598a5365c62d74db18748ab62660e1bd31f"], 0x14}}, 0x0) 522.646689ms ago: executing program 3 (id=1463): r0 = socket$inet6(0xa, 0x80002, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0x10000000004e20, 0x0, @mcast2, 0x6}, 0x1c) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, 0x0, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f0000001380)=0x57, 0x4) syz_emit_ethernet(0x83, &(0x7f0000000040)=ANY=[@ANYBLOB="aaaaaaaaaaaaaaaaf9ff030486dd601b8b97004d88c19e9ace00000000000000002100000002ff02000000030000000000000000000104004e200023b0"], 0x0) 496.66984ms ago: executing program 1 (id=1464): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) syz_open_dev$ndb(&(0x7f0000000000), 0x0, 0x40100) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x201, 0x0, 0x0, 0x0, 0x10, 0x4f3, 0x74d, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x3, 0x30, 0x5, [{{0x9, 0x4, 0x0, 0x8, 0x1, 0x3, 0x1, 0x1, 0x0, {0x9, 0x21, 0xff, 0x1, 0x1, {0x22, 0xbb0}}, {{{0x9, 0x5, 0x81, 0x3, 0x10, 0x2, 0xba, 0x7}}}}}]}}]}}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="200000001e00010d000000ffa600000007000000"], 0x20}, 0x1, 0x0, 0x0, 0x8000}, 0x0) 330.515124ms ago: executing program 3 (id=1465): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$audio(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$SNDCTL_DSP_SPEED(r1, 0xc0045002, &(0x7f0000000380)=0x1f40) r2 = socket$unix(0x1, 0x5, 0x0) r3 = socket$can_bcm(0x1d, 0x2, 0x2) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r4}, 0x10) sendmsg$can_bcm(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000140)=ANY=[@ANYBLOB="0100000003ece1e40ad8871461ab0800", @ANYRES64=0x0, @ANYRESDEC=r2, @ANYRES64=0x0, @ANYRES64=r2], 0x20000600}, 0x1, 0x0, 0x0, 0x40000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000680)={{0x14}, [@NFT_MSG_NEWSET={0x4c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0xc}, @NFTA_SET_DATA_TYPE={0x8, 0x6, 0x1, 0x0, 0xffffff11}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x88}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x74}}, 0x0) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) r5 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r5, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) r6 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r6, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) r7 = accept4(r5, 0x0, 0x0, 0x0) getpeername$packet(r7, &(0x7f0000000280), &(0x7f00000003c0)=0x14) 174.185535ms ago: executing program 3 (id=1466): r0 = socket$inet6(0xa, 0x3, 0x7) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in6=@dev, @in6=@initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, 0x0, 0x0, 0x0, 0x0, 0xa}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@private=0xa010101, 0x0, 0x33}, 0x0, @in=@dev, 0x200, 0x0, 0x0, 0x7}}, 0xe8) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000340)={{{@in=@dev, @in=@initdev={0xac, 0x1e, 0x0, 0x0}, 0x500, 0x0, 0x0, 0x0, 0xa}, {0x0, 0x0, 0x0, 0x700000000000000}, {}, 0x0, 0x0, 0x1}, {{@in6=@mcast1, 0x4d3, 0x33}, 0x0, @in=@dev, 0xfffffffe}}, 0xe8) 0s ago: executing program 3 (id=1467): mkdirat(0xffffffffffffff9c, 0x0, 0x0) removexattr(0x0, 0x0) r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) writev(r0, 0x0, 0x0) getsockname(r0, 0x0, 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, 0x0) bpf$MAP_CREATE(0x2000000000000000, &(0x7f0000000a00)=@base={0x6, 0x4, 0x70be, 0x5c, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x2, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r1 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000ec0)=@raw={'raw\x00', 0x3c1, 0x3, 0x438, 0x0, 0x150, 0x150, 0x0, 0xf8010000, 0x370, 0x238, 0x238, 0x370, 0x238, 0x3, 0x0, {[{{@ipv6={@mcast1, @ipv4={'\x00', '\xff\xff', @initdev={0xac, 0x1e, 0x0, 0x0}}, [], [0x84000000], 'team_slave_0\x00', 'hsr0\x00', {}, {}, 0x84}, 0x0, 0x240, 0x2a8, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'batadv0\x00', {0x0, 0x0, 0x4, 0x0, 0x0, 0xffff725c, 0x4}}}, @common=@inet=@sctp={{0x144}}]}, @unspec=@CT1={0x68, 'CT\x00', 0x1, {0x0, 0x0, 0x0, 0x0, 'syz0\x00', 'syz0\x00'}}}, {{@ipv6={@empty, @local, [], [], 'batadv_slave_0\x00', 'gre0\x00'}, 0x0, 0xa4, 0xc8}, @common=@inet=@SYNPROXY={0x24}}], {{'\x00', 0x0, 0xa4, 0xc8}, {0x24}}}}, 0x494) kernel console output (not intermixed with test programs): orcing a failure. [ 253.045769][ T8835] name failslab, interval 1, probability 0, space 0, times 0 [ 253.264217][ T8835] CPU: 1 UID: 0 PID: 8835 Comm: syz.4.935 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 253.264252][ T8835] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 253.264259][ T8835] Call Trace: [ 253.264266][ T8835] [ 253.264272][ T8835] dump_stack_lvl+0x189/0x250 [ 253.264293][ T8835] ? __pfx____ratelimit+0x10/0x10 [ 253.264330][ T8835] ? __pfx_dump_stack_lvl+0x10/0x10 [ 253.264356][ T8835] ? __pfx__printk+0x10/0x10 [ 253.264379][ T8835] ? __pfx___might_resched+0x10/0x10 [ 253.264410][ T8835] should_fail_ex+0x414/0x560 [ 253.264436][ T8835] should_failslab+0xa8/0x100 [ 253.264476][ T8835] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 253.264489][ T8835] ? __alloc_skb+0x112/0x2d0 [ 253.264502][ T8835] __alloc_skb+0x112/0x2d0 [ 253.264515][ T8835] netlink_sendmsg+0x5c6/0xb30 [ 253.264532][ T8835] ? __pfx_netlink_sendmsg+0x10/0x10 [ 253.264546][ T8835] ? __import_iovec+0x5d4/0x7f0 [ 253.264554][ T8835] ? aa_sock_msg_perm+0x94/0x160 [ 253.264568][ T8835] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 253.264581][ T8835] ? __pfx_netlink_sendmsg+0x10/0x10 [ 253.264594][ T8835] __sock_sendmsg+0x21c/0x270 [ 253.264611][ T8835] ____sys_sendmsg+0x505/0x830 [ 253.264628][ T8835] ? __pfx_____sys_sendmsg+0x10/0x10 [ 253.264651][ T8835] ___sys_sendmsg+0x21f/0x2a0 [ 253.264665][ T8835] ? __pfx____sys_sendmsg+0x10/0x10 [ 253.264695][ T8835] ? __fget_files+0x2a/0x420 [ 253.264705][ T8835] ? __fget_files+0x3a0/0x420 [ 253.264721][ T8835] __sys_sendmsg+0x164/0x220 [ 253.264735][ T8835] ? __pfx___sys_sendmsg+0x10/0x10 [ 253.264754][ T8835] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 253.264770][ T8835] ? lockdep_hardirqs_on+0x9c/0x150 [ 253.264785][ T8835] __do_fast_syscall_32+0xb6/0x2b0 [ 253.264795][ T8835] ? lockdep_hardirqs_on+0x9c/0x150 [ 253.264811][ T8835] do_fast_syscall_32+0x34/0x80 [ 253.264821][ T8835] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 253.264834][ T8835] RIP: 0023:0xf7f53539 [ 253.264844][ T8835] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 253.264853][ T8835] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 253.264865][ T8835] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 253.264872][ T8835] RDX: 0000000020050800 RSI: 0000000000000000 RDI: 0000000000000000 [ 253.264879][ T8835] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 253.264885][ T8835] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 253.264890][ T8835] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 253.264905][ T8835] [ 253.278566][ T8826] netlink: 16 bytes leftover after parsing attributes in process `syz.3.931'. [ 253.727354][ T8838] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 253.813879][ T8838] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 254.246281][ T8845] input: syz0 as /devices/virtual/input/input18 [ 254.264754][ T8847] netlink: 8 bytes leftover after parsing attributes in process `syz.0.940'. [ 254.498567][ T8851] 8021q: adding VLAN 0 to HW filter on device macvlan0 [ 254.537292][ T980] usb 3-1: USB disconnect, device number 39 [ 255.761428][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.768011][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.783553][ T55] usb 4-1: USB disconnect, device number 41 [ 255.792093][ T980] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 255.950915][ T980] usb 3-1: Using ep0 maxpacket: 16 [ 255.979143][ T980] usb 3-1: config 8 has an invalid interface number: 206 but max is 0 [ 255.999080][ T980] usb 3-1: config 8 has no interface number 0 [ 256.022958][ T980] usb 3-1: config 8 interface 206 altsetting 1 has an endpoint descriptor with address 0xF7, changing to 0x87 [ 256.104188][ T980] usb 3-1: config 8 interface 206 altsetting 1 endpoint 0x87 has invalid maxpacket 33058, setting to 1024 [ 256.196747][ T980] usb 3-1: config 8 interface 206 has no altsetting 0 [ 256.223514][ T980] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=35.bb [ 256.242958][ T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.260881][ T980] usb 3-1: Product: syz [ 256.271147][ T980] usb 3-1: Manufacturer: syz [ 256.288646][ T980] usb 3-1: SerialNumber: syz [ 256.472250][ T8877] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 256.486197][ T8877] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 256.525736][ T8880] netlink: 4 bytes leftover after parsing attributes in process `syz.1.950'. [ 256.537632][ T980] garmin_gps 3-1:8.206: Garmin GPS usb/tty converter detected [ 256.562378][ T980] usb 3-1: Garmin GPS usb/tty converter now attached to ttyUSB0 [ 256.568050][ T8880] netlink: 44 bytes leftover after parsing attributes in process `syz.1.950'. [ 256.750957][ T5899] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 256.908402][ T8861] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 256.911196][ T5899] usb 4-1: Using ep0 maxpacket: 16 [ 256.922663][ T5891] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 256.932883][ T5899] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 256.945172][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 256.956590][ T5899] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 256.966526][ T5899] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 256.976647][ T5899] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 256.990914][ T5899] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 257.003735][ T5899] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 257.010121][ T980] usb 3-1: USB disconnect, device number 40 [ 257.015537][ T5899] usb 4-1: Manufacturer: syz [ 257.046520][ T5899] usb 4-1: config 0 descriptor?? [ 257.056399][ T980] garmin_gps ttyUSB0: Garmin GPS usb/tty converter now disconnected from ttyUSB0 [ 257.068501][ T980] garmin_gps 3-1:8.206: device disconnected [ 257.092857][ T5891] usb 1-1: Using ep0 maxpacket: 32 [ 257.104826][ T5891] usb 1-1: config 9 has an invalid interface number: 1 but max is 0 [ 257.115964][ T5891] usb 1-1: config 9 has no interface number 0 [ 257.123717][ T5891] usb 1-1: config 9 interface 1 altsetting 3 endpoint 0xE has invalid maxpacket 512, setting to 64 [ 257.135291][ T5891] usb 1-1: config 9 interface 1 has no altsetting 0 [ 257.146547][ T5891] usb 1-1: string descriptor 0 read error: -22 [ 257.166554][ T5891] usb 1-1: New USB device found, idVendor=0c45, idProduct=60a8, bcdDevice=49.59 [ 257.176482][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 257.213881][ T5891] gspca_main: sonixb-2.14.0 probing 0c45:60a8 [ 257.260764][ T8879] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 257.282022][ T8879] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 257.494301][ T5891] sonixb 1-1:9.1: Error reading register 00: -71 [ 257.521085][ T5891] usb 1-1: USB disconnect, device number 36 [ 258.615679][ T8911] unsupported nla_type 256 [ 258.890904][ T5899] rc_core: IR keymap rc-hauppauge not found [ 258.896883][ T5899] Registered IR keymap rc-empty [ 258.916057][ T5899] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 258.962413][ T5899] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 258.988569][ T5899] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 259.020995][ T55] usb 1-1: new high-speed USB device number 37 using dummy_hcd [ 259.109994][ T5899] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input19 [ 259.157550][ T5899] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.184397][ T5899] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.190600][ T8924] netlink: 20 bytes leftover after parsing attributes in process `syz.4.963'. [ 259.221094][ T55] usb 1-1: device descriptor read/64, error -71 [ 259.311409][ T5899] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.340975][ T5899] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.385082][ T5899] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.423264][ T5899] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.463449][ T5899] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.471399][ T55] usb 1-1: new high-speed USB device number 38 using dummy_hcd [ 259.516860][ T5899] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.551222][ T5899] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.585462][ T5899] mceusb 4-1:0.0: Error: mce write submit urb error = -90 [ 259.610937][ T55] usb 1-1: device descriptor read/64, error -71 [ 259.615225][ T5899] mceusb 4-1:0.0: Registered with mce emulator interface version 1 [ 259.669416][ T5899] mceusb 4-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 259.730437][ T5899] usb 4-1: USB disconnect, device number 42 [ 259.731364][ T55] usb usb1-port1: attempt power cycle [ 260.090926][ T55] usb 1-1: new high-speed USB device number 39 using dummy_hcd [ 260.121674][ T55] usb 1-1: device descriptor read/8, error -71 [ 260.381160][ T55] usb 1-1: new high-speed USB device number 40 using dummy_hcd [ 260.421746][ T55] usb 1-1: device descriptor read/8, error -71 [ 260.513919][ T8944] netlink: 4 bytes leftover after parsing attributes in process `syz.2.971'. [ 260.533036][ T55] usb usb1-port1: unable to enumerate USB device [ 261.303938][ T5891] usb 2-1: new high-speed USB device number 41 using dummy_hcd [ 261.400688][ T8964] random: crng reseeded on system resumption [ 261.655398][ T5891] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 261.670888][ T5891] usb 2-1: can't read configurations, error -61 [ 261.855976][ T5891] usb 2-1: new high-speed USB device number 42 using dummy_hcd [ 262.155963][ T5891] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 262.163714][ T5891] usb 2-1: can't read configurations, error -61 [ 262.172693][ T5891] usb usb2-port1: attempt power cycle [ 262.421304][ T8975] netlink: 16 bytes leftover after parsing attributes in process `syz.0.980'. [ 262.530932][ T5891] usb 2-1: new high-speed USB device number 43 using dummy_hcd [ 262.571766][ T5891] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 262.580526][ T5891] usb 2-1: can't read configurations, error -61 [ 262.741274][ T5891] usb 2-1: new high-speed USB device number 44 using dummy_hcd [ 262.762084][ T5933] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 262.876295][ T5891] usb 2-1: unable to read config index 0 descriptor/start: -61 [ 262.884222][ T5891] usb 2-1: can't read configurations, error -61 [ 262.909419][ T5891] usb usb2-port1: unable to enumerate USB device [ 262.962796][ T5933] usb 1-1: Using ep0 maxpacket: 16 [ 263.008378][ T5933] usb 1-1: config 3 has an invalid interface number: 155 but max is 0 [ 263.035939][ T5933] usb 1-1: config 3 has an invalid interface association descriptor of length 3, skipping [ 263.080089][ T5933] usb 1-1: config 3 has an invalid descriptor of length 101, skipping remainder of the config [ 263.156689][ T5933] usb 1-1: config 3 has no interface number 0 [ 263.162026][ T8987] x_tables: ip6_tables: TCPOPTSTRIP target: only valid for protocol 6 [ 263.209003][ T5933] usb 1-1: config 3 interface 155 has no altsetting 0 [ 263.293853][ T5933] usb 1-1: New USB device found, idVendor=05a9, idProduct=264a, bcdDevice=e5.4c [ 263.325522][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 263.376394][ T5933] usb 1-1: Product: syz [ 263.382649][ T5933] usb 1-1: Manufacturer: syz [ 263.387360][ T5933] usb 1-1: SerialNumber: syz [ 263.637838][ T8975] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 263.664049][ T8975] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 263.759924][ T5933] usb 1-1: USB disconnect, device number 41 [ 263.823071][ T9002] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 263.882794][ T9002] netlink: 'syz.4.989': attribute type 10 has an invalid length. [ 263.931804][ T9008] team0: Device gtp0 is of different type [ 264.401106][ T9] usb 2-1: new high-speed USB device number 45 using dummy_hcd [ 264.550949][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 264.563578][ T9] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 264.573385][ T9] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 264.586916][ T9] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 264.607333][ T9] usb 2-1: config 1 has no interface number 1 [ 264.629171][ T9] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 264.654989][ T9] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 264.699431][ T9] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 264.716517][ T9] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 264.732699][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 264.741365][ T9] usb 2-1: Product: syz [ 264.746496][ T9] usb 2-1: Manufacturer: syz [ 264.751818][ T9] usb 2-1: SerialNumber: syz [ 264.899273][ T9026] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 264.910247][ T9026] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 264.951028][ T5899] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 264.992770][ T9] usb 2-1: USB disconnect, device number 45 [ 265.119226][ T5845] udevd[5845]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 265.140943][ T5899] usb 1-1: device descriptor read/64, error -71 [ 265.284978][ T9030] netlink: 20 bytes leftover after parsing attributes in process `syz.3.997'. [ 265.381034][ T5899] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 265.521243][ T5899] usb 1-1: device descriptor read/64, error -71 [ 265.631308][ T5899] usb usb1-port1: attempt power cycle [ 265.676917][ T9036] FAULT_INJECTION: forcing a failure. [ 265.676917][ T9036] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 265.703522][ T9036] CPU: 1 UID: 0 PID: 9036 Comm: syz.1.1000 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 265.703552][ T9036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 265.703565][ T9036] Call Trace: [ 265.703572][ T9036] [ 265.703581][ T9036] dump_stack_lvl+0x189/0x250 [ 265.703615][ T9036] ? __pfx____ratelimit+0x10/0x10 [ 265.703645][ T9036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.703674][ T9036] ? __pfx__printk+0x10/0x10 [ 265.703707][ T9036] should_fail_ex+0x414/0x560 [ 265.703736][ T9036] _copy_to_user+0x31/0xb0 [ 265.703758][ T9036] simple_read_from_buffer+0xe1/0x170 [ 265.703783][ T9036] proc_fail_nth_read+0x1df/0x250 [ 265.703810][ T9036] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 265.703837][ T9036] ? rw_verify_area+0x258/0x650 [ 265.703865][ T9036] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 265.703889][ T9036] vfs_read+0x200/0x980 [ 265.703923][ T9036] ? __pfx___mutex_lock+0x10/0x10 [ 265.703943][ T9036] ? __pfx_vfs_read+0x10/0x10 [ 265.703970][ T9036] ? __fget_files+0x2a/0x420 [ 265.703995][ T9036] ? __fget_files+0x3a0/0x420 [ 265.704013][ T9036] ? __fget_files+0x2a/0x420 [ 265.704041][ T9036] ksys_read+0x145/0x250 [ 265.704061][ T9036] ? __pfx_ksys_read+0x10/0x10 [ 265.704099][ T9036] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 265.704129][ T9036] ? lockdep_hardirqs_on+0x9c/0x150 [ 265.704157][ T9036] __do_fast_syscall_32+0xb6/0x2b0 [ 265.704176][ T9036] ? lockdep_hardirqs_on+0x9c/0x150 [ 265.704206][ T9036] do_fast_syscall_32+0x34/0x80 [ 265.704224][ T9036] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 265.704247][ T9036] RIP: 0023:0xf7f36539 [ 265.704264][ T9036] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 265.704280][ T9036] RSP: 002b:00000000f5056590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 265.704301][ T9036] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5056620 [ 265.704315][ T9036] RDX: 000000000000000f RSI: 00000000f73c2ff4 RDI: 0000000000000000 [ 265.704327][ T9036] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 265.704337][ T9036] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 265.704349][ T9036] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 265.704377][ T9036] [ 265.941815][ T980] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 266.102326][ T980] usb 3-1: Using ep0 maxpacket: 32 [ 266.111693][ T980] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 266.120973][ T980] usb 3-1: config 0 has no interface number 0 [ 266.131883][ T980] usb 3-1: config 0 interface 1 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 266.142795][ T980] usb 3-1: config 0 interface 1 has no altsetting 0 [ 266.159980][ T980] usb 3-1: New USB device found, idVendor=0572, idProduct=58a5, bcdDevice=27.0a [ 266.169295][ T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.177661][ T980] usb 3-1: Product: syz [ 266.181946][ T980] usb 3-1: Manufacturer: syz [ 266.186594][ T980] usb 3-1: SerialNumber: syz [ 266.194627][ T980] usb 3-1: config 0 descriptor?? [ 266.241424][ T5899] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 266.283038][ T5899] usb 1-1: device descriptor read/8, error -71 [ 266.511902][ T9034] netlink: 40 bytes leftover after parsing attributes in process `syz.2.999'. [ 266.531878][ T980] cx231xx 3-1:0.1: New device syz syz @ 480 Mbps (0572:58a5) with 1 interfaces [ 266.592913][ T5933] IPVS: starting estimator thread 0... [ 266.608419][ T980] cx231xx 3-1:0.1: Failed to read PCB config [ 266.616901][ T980] cx231xx 3-1:0.1: probe with driver cx231xx failed with error -71 [ 266.691392][ T9044] IPVS: using max 31 ests per chain, 74400 per kthread [ 266.696233][ T980] usb 3-1: USB disconnect, device number 41 [ 266.742268][ T5899] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 266.783840][ T5899] usb 1-1: device descriptor read/8, error -71 [ 266.905035][ T5899] usb usb1-port1: unable to enumerate USB device [ 267.210955][ T980] usb 4-1: new high-speed USB device number 43 using dummy_hcd [ 267.365532][ T980] usb 4-1: device descriptor read/64, error -71 [ 267.659021][ T980] usb 4-1: new high-speed USB device number 44 using dummy_hcd [ 267.764190][ T9054] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1005'. [ 267.840989][ T980] usb 4-1: device descriptor read/64, error -71 [ 267.969323][ T980] usb usb4-port1: attempt power cycle [ 268.027731][ T9060] netlink: 36 bytes leftover after parsing attributes in process `syz.0.1007'. [ 268.135595][ T9062] xt_CT: No such helper "syz0" [ 268.322411][ T9074] syzkaller1: entered promiscuous mode [ 268.322436][ T9074] syzkaller1: entered allmulticast mode [ 268.351224][ T980] usb 4-1: new high-speed USB device number 45 using dummy_hcd [ 268.382120][ T980] usb 4-1: device descriptor read/8, error -71 [ 268.650921][ T980] usb 4-1: new high-speed USB device number 46 using dummy_hcd [ 268.657542][ T9079] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1014'. [ 268.685033][ T980] usb 4-1: device descriptor read/8, error -71 [ 268.791305][ T980] usb usb4-port1: unable to enumerate USB device [ 269.467808][ T9095] IPv6: RTM_NEWROUTE with no NLM_F_CREATE or NLM_F_REPLACE [ 269.475190][ T9095] IPv6: NLM_F_CREATE should be set when creating new route [ 269.871327][ T9100] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1020'. [ 270.280013][ T9110] FAULT_INJECTION: forcing a failure. [ 270.280013][ T9110] name failslab, interval 1, probability 0, space 0, times 0 [ 270.307026][ T9110] CPU: 0 UID: 0 PID: 9110 Comm: syz.0.1024 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 270.307054][ T9110] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 270.307065][ T9110] Call Trace: [ 270.307072][ T9110] [ 270.307080][ T9110] dump_stack_lvl+0x189/0x250 [ 270.307114][ T9110] ? __pfx____ratelimit+0x10/0x10 [ 270.307143][ T9110] ? __pfx_dump_stack_lvl+0x10/0x10 [ 270.307172][ T9110] ? __pfx__printk+0x10/0x10 [ 270.307194][ T9110] ? __mutex_trylock_common+0x153/0x260 [ 270.307219][ T9110] ? ref_tracker_alloc+0x318/0x460 [ 270.307249][ T9110] should_fail_ex+0x414/0x560 [ 270.307278][ T9110] should_failslab+0xa8/0x100 [ 270.307301][ T9110] kmem_cache_alloc_noprof+0x73/0x3c0 [ 270.307330][ T9110] ? skb_clone+0x212/0x3a0 [ 270.307359][ T9110] skb_clone+0x212/0x3a0 [ 270.307388][ T9110] __netlink_deliver_tap+0x404/0x850 [ 270.307425][ T9110] ? netlink_deliver_tap+0x2e/0x1b0 [ 270.307448][ T9110] netlink_deliver_tap+0x19c/0x1b0 [ 270.307472][ T9110] __netlink_sendskb+0x47/0x90 [ 270.307493][ T9110] netlink_dump+0xa12/0xe20 [ 270.307527][ T9110] ? __pfx_netlink_dump+0x10/0x10 [ 270.307562][ T9110] ? genl_start+0x499/0x6c0 [ 270.307598][ T9110] __netlink_dump_start+0x5cb/0x7e0 [ 270.307628][ T9110] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 270.307703][ T9110] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 270.307730][ T9110] ? genl_get_cmd+0x67f/0x910 [ 270.307759][ T9110] ? __pfx___mutex_lock+0x10/0x10 [ 270.307777][ T9110] ? __pfx_genl_start+0x10/0x10 [ 270.307801][ T9110] ? __pfx_genl_dumpit+0x10/0x10 [ 270.307825][ T9110] ? __pfx_genl_done+0x10/0x10 [ 270.307867][ T9110] genl_rcv_msg+0x5da/0x790 [ 270.307900][ T9110] ? __pfx_genl_rcv_msg+0x10/0x10 [ 270.307919][ T9110] ? ref_tracker_free+0x63a/0x7d0 [ 270.307939][ T9110] ? __pfx_smcd_nl_get_device+0x10/0x10 [ 270.307962][ T9110] ? __pfx_ref_tracker_free+0x10/0x10 [ 270.307999][ T9110] netlink_rcv_skb+0x208/0x470 [ 270.308025][ T9110] ? __pfx_genl_rcv_msg+0x10/0x10 [ 270.308054][ T9110] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 270.308095][ T9110] ? down_read+0x1ad/0x2e0 [ 270.308117][ T9110] genl_rcv+0x28/0x40 [ 270.308141][ T9110] netlink_unicast+0x75b/0x8d0 [ 270.308172][ T9110] netlink_sendmsg+0x805/0xb30 [ 270.308205][ T9110] ? __pfx_netlink_sendmsg+0x10/0x10 [ 270.308230][ T9110] ? __import_iovec+0x5d4/0x7f0 [ 270.308247][ T9110] ? aa_sock_msg_perm+0x94/0x160 [ 270.308274][ T9110] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 270.308298][ T9110] ? __pfx_netlink_sendmsg+0x10/0x10 [ 270.308322][ T9110] __sock_sendmsg+0x21c/0x270 [ 270.308354][ T9110] ____sys_sendmsg+0x505/0x830 [ 270.308384][ T9110] ? __pfx_____sys_sendmsg+0x10/0x10 [ 270.308425][ T9110] ___sys_sendmsg+0x21f/0x2a0 [ 270.308452][ T9110] ? __pfx____sys_sendmsg+0x10/0x10 [ 270.308515][ T9110] ? __fget_files+0x2a/0x420 [ 270.308535][ T9110] ? __fget_files+0x3a0/0x420 [ 270.308567][ T9110] __sys_sendmsg+0x164/0x220 [ 270.308593][ T9110] ? __pfx___sys_sendmsg+0x10/0x10 [ 270.308633][ T9110] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 270.308668][ T9110] ? lockdep_hardirqs_on+0x9c/0x150 [ 270.308699][ T9110] __do_fast_syscall_32+0xb6/0x2b0 [ 270.308718][ T9110] ? lockdep_hardirqs_on+0x9c/0x150 [ 270.308749][ T9110] do_fast_syscall_32+0x34/0x80 [ 270.308765][ T9110] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 270.308788][ T9110] RIP: 0023:0xf70fe539 [ 270.308805][ T9110] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 270.308822][ T9110] RSP: 002b:00000000f50ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 270.308842][ T9110] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800003c0 [ 270.308855][ T9110] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 270.308866][ T9110] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 270.308877][ T9110] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 270.308889][ T9110] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 270.308918][ T9110] [ 271.238297][ T9107] netlink: 140 bytes leftover after parsing attributes in process `syz.3.1023'. [ 271.247676][ T980] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 271.448416][ T980] usb 3-1: config 0 has no interfaces? [ 271.460527][ T980] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 271.470403][ T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 271.479231][ T980] usb 3-1: Product: syz [ 271.488591][ T980] usb 3-1: Manufacturer: syz [ 271.509419][ T980] usb 3-1: SerialNumber: syz [ 271.538294][ T980] usb 3-1: config 0 descriptor?? [ 271.559756][ T9120] lo: entered promiscuous mode [ 271.576146][ T9120] tunl0: entered promiscuous mode [ 271.583699][ T9120] gre0: entered promiscuous mode [ 271.590104][ T9120] gretap0: entered promiscuous mode [ 271.600140][ T9120] erspan0: entered promiscuous mode [ 271.607727][ T9120] ip_vti0: entered promiscuous mode [ 272.229543][ T30] kauditd_printk_skb: 5023 callbacks suppressed [ 272.229561][ T30] audit: type=1800 audit(1750621204.236:5101): pid=9128 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.3.1031" name="file1" dev="tmpfs" ino=1063 res=0 errno=0 [ 272.661309][ T5899] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 272.818919][ T9138] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1035'. [ 272.851087][ T5899] usb 1-1: Using ep0 maxpacket: 32 [ 272.870512][ T5899] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 272.897977][ T5899] usb 1-1: config 0 has no interface number 0 [ 272.904427][ T9142] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 272.915198][ T9142] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 272.938451][ T5899] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 272.954420][ T5899] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 272.957719][ T9142] IPv6: sit1: Disabled Multicast RS [ 272.963535][ T5899] usb 1-1: Product: syz [ 272.987823][ T5899] usb 1-1: Manufacturer: syz [ 272.996576][ T5899] usb 1-1: SerialNumber: syz [ 273.006663][ T5899] usb 1-1: config 0 descriptor?? [ 273.026632][ T5899] smsc95xx v2.0.0 [ 273.210951][ T980] usb 4-1: new high-speed USB device number 47 using dummy_hcd [ 273.241103][ T5933] usb 2-1: new high-speed USB device number 46 using dummy_hcd [ 273.360952][ T980] usb 4-1: Using ep0 maxpacket: 16 [ 273.368395][ T980] usb 4-1: config 3 has an invalid interface number: 155 but max is 0 [ 273.377005][ T980] usb 4-1: config 3 has an invalid interface association descriptor of length 3, skipping [ 273.389488][ T980] usb 4-1: config 3 has an invalid descriptor of length 101, skipping remainder of the config [ 273.400070][ T980] usb 4-1: config 3 has no interface number 0 [ 273.407179][ T5933] usb 2-1: Using ep0 maxpacket: 8 [ 273.412412][ T980] usb 4-1: config 3 interface 155 has no altsetting 0 [ 273.422558][ T5899] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 273.423913][ T980] usb 4-1: New USB device found, idVendor=05a9, idProduct=264a, bcdDevice=e5.4c [ 273.433996][ T5899] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 273.443070][ T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.460519][ T5933] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 273.471725][ T5933] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 273.507108][ T980] usb 4-1: Product: syz [ 273.511425][ T5891] usb 3-1: USB disconnect, device number 42 [ 273.546362][ T5933] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 273.566377][ T980] usb 4-1: Manufacturer: syz [ 273.582814][ T5933] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 273.596727][ T980] usb 4-1: SerialNumber: syz [ 273.605276][ T5933] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 273.629188][ T5933] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 273.639786][ T5933] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 273.658785][ T5933] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 273.677510][ T5933] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 273.689130][ T5933] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 273.720027][ T5933] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 273.727750][ T5933] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 273.740644][ T5933] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 273.752650][ T5933] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 273.765020][ T5933] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 273.792261][ T5933] usb 2-1: string descriptor 0 read error: -22 [ 273.800249][ T5933] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 273.821104][ T5933] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 273.851586][ T9138] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 273.881340][ T5933] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 273.914520][ T9138] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 273.973215][ T980] usb 4-1: USB disconnect, device number 47 [ 274.058233][ T9158] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1041'. [ 274.200944][ T980] usb 2-1: USB disconnect, device number 46 [ 274.202003][ T9146] usb 2-1: Couldn't submit interrupt_out_urb -19 [ 274.741006][ T5891] usb 2-1: new high-speed USB device number 47 using dummy_hcd [ 274.911061][ T5891] usb 2-1: Using ep0 maxpacket: 8 [ 274.930619][ T5891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 274.973066][ T5891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 275.011080][ T5891] usb 2-1: New USB device found, idVendor=046d, idProduct=c20e, bcdDevice= 0.00 [ 275.046391][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 275.067737][ T5891] usb 2-1: config 0 descriptor?? [ 275.109800][ T9170] kvm: kvm [9169]: vcpu0, guest rIP: 0x1a3 Unhandled WRMSR(0x186) = 0x8000 [ 275.201899][ T9170] input: syz0 as /devices/virtual/input/input20 [ 275.506883][ T5899] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000006c: -71 [ 275.518393][ T5899] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 275.532343][ T5899] usb 1-1: USB disconnect, device number 46 [ 275.568887][ T9178] FAULT_INJECTION: forcing a failure. [ 275.568887][ T9178] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 275.667076][ T9178] CPU: 0 UID: 0 PID: 9178 Comm: syz.4.1049 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 275.667107][ T9178] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 275.667119][ T9178] Call Trace: [ 275.667127][ T9178] [ 275.667135][ T9178] dump_stack_lvl+0x189/0x250 [ 275.667173][ T9178] ? __pfx____ratelimit+0x10/0x10 [ 275.667202][ T9178] ? __pfx_dump_stack_lvl+0x10/0x10 [ 275.667232][ T9178] ? __pfx__printk+0x10/0x10 [ 275.667253][ T9178] ? __might_fault+0xb0/0x130 [ 275.667283][ T9178] should_fail_ex+0x414/0x560 [ 275.667319][ T9178] _copy_from_user+0x2d/0xb0 [ 275.667339][ T9178] ia32_restore_sigcontext+0xe5/0x5b0 [ 275.667371][ T9178] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 275.667401][ T9178] ? _raw_spin_lock_irq+0xae/0xf0 [ 275.667426][ T9178] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 275.667463][ T9178] ? _raw_spin_unlock_irq+0x23/0x50 [ 275.667488][ T9178] ? lockdep_hardirqs_on+0x9c/0x150 [ 275.667518][ T9178] __ia32_compat_sys_sigreturn+0x1b4/0x210 [ 275.667550][ T9178] ? __pfx___ia32_compat_sys_sigreturn+0x10/0x10 [ 275.667583][ T9178] ? do_int80_emulation+0xec/0x390 [ 275.667603][ T9178] ? asm_int80_emulation+0x1a/0x20 [ 275.667622][ T9178] do_int80_emulation+0x126/0x390 [ 275.667640][ T9178] ? clear_bhb_loop+0x60/0xb0 [ 275.667659][ T9178] ? clear_bhb_loop+0x60/0xb0 [ 275.667683][ T9178] asm_int80_emulation+0x1a/0x20 [ 275.667701][ T9178] RIP: 0023:0xf7f53558 [ 275.667717][ T9178] Code: 00 00 51 52 55 89 e5 0f 34 cd 80 5d 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 58 b8 77 00 00 00 cd 80 <90> 90 90 90 90 90 90 90 b8 ad 00 00 00 cd 80 90 90 90 90 90 90 90 [ 275.667734][ T9178] RSP: 002b:00000000f5075eb4 EFLAGS: 00000206 ORIG_RAX: 0000000000000077 [ 275.667754][ T9178] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000000000000 [ 275.667768][ T9178] RDX: 0000000000000000 RSI: 00000000558410e9 RDI: 0000000000000000 [ 275.667780][ T9178] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 275.667791][ T9178] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 275.667803][ T9178] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 275.667831][ T9178] [ 276.392223][ T5891] usbhid 2-1:0.0: can't add hid device: -71 [ 276.398364][ T5891] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 276.465970][ T5891] usb 2-1: USB disconnect, device number 47 [ 276.655777][ T9191] xt_SECMARK: invalid mode: 0 [ 276.712565][ T9194] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1054'. [ 277.133562][ T9208] TCP: request_sock_TCPv6: Possible SYN flooding on port [::]:20002. Sending cookies. [ 277.272915][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805641bc00: rx timeout, send abort [ 277.473910][ T9211] i2c i2c-0: Invalid block write size 43 [ 277.774154][ C0] vcan0: j1939_tp_rxtimer: 0xffff888030ae8000: rx timeout, send abort [ 277.783859][ C0] vcan0: j1939_tp_rxtimer: 0xffff88805641bc00: abort rx timeout. Force session deactivation [ 278.185705][ T9222] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1063'. [ 278.196531][ T9221] netlink: 60 bytes leftover after parsing attributes in process `syz.2.1063'. [ 278.282519][ C0] vcan0: j1939_tp_rxtimer: 0xffff888030ae8000: abort rx timeout. Force session deactivation [ 279.535560][ T9245] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1074'. [ 279.647600][ T9245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 279.671991][ T9245] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.728744][ T9245] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 279.742570][ T9252] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1073'. [ 279.744923][ T9245] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 279.847744][ T9255] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1073'. [ 279.959042][ T9257] vlan0: entered promiscuous mode [ 279.964525][ T9257] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 279.972381][ T9257] vlan0: entered allmulticast mode [ 279.979112][ T9257] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 280.588522][ T9266] sctp: [Deprecated]: syz.2.1079 (pid 9266) Use of int in max_burst socket option deprecated. [ 280.588522][ T9266] Use struct sctp_assoc_value instead [ 280.685171][ T9266] block device autoloading is deprecated and will be removed. [ 280.711855][ T9266] syz.2.1079: attempt to access beyond end of device [ 280.711855][ T9266] md4: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 281.219866][ T9284] bond1: entered allmulticast mode [ 281.306690][ T9284] 8021q: adding VLAN 0 to HW filter on device bond1 [ 282.213893][ T5891] usb 2-1: new high-speed USB device number 48 using dummy_hcd [ 282.240928][ T5899] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 282.359796][ T9314] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 282.403090][ T5891] usb 2-1: Using ep0 maxpacket: 8 [ 282.413508][ T5899] usb 3-1: Using ep0 maxpacket: 16 [ 282.424047][ T5891] usb 2-1: config 0 has no interfaces? [ 282.433003][ T5891] usb 2-1: config 0 has no interfaces? [ 282.441151][ T5899] usb 3-1: config 5 has an invalid interface number: 168 but max is 0 [ 282.450878][ T9314] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 282.461588][ T5899] usb 3-1: config 5 has no interface number 0 [ 282.469122][ T5891] usb 2-1: config 0 has no interfaces? [ 282.485157][ T5899] usb 3-1: config 5 interface 168 has no altsetting 0 [ 282.492990][ T5891] usb 2-1: config 0 has no interfaces? [ 282.502825][ T5891] usb 2-1: New USB device found, idVendor=046d, idProduct=08b1, bcdDevice=6d.2a [ 282.522490][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 282.532632][ T5899] usb 3-1: New USB device found, idVendor=04cc, idProduct=2533, bcdDevice=fc.58 [ 282.544915][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.553774][ T5891] usb 2-1: config 0 descriptor?? [ 282.583986][ T5899] usb 3-1: Product: syz [ 282.588408][ T5899] usb 3-1: Manufacturer: syz [ 282.614805][ T5899] usb 3-1: SerialNumber: syz [ 282.850531][ T5899] pn533_usb 3-1:5.168: NFC: Could not find bulk-in or bulk-out endpoint [ 282.901209][ T5899] usb 3-1: USB disconnect, device number 43 [ 282.920927][ T980] usb 4-1: new full-speed USB device number 48 using dummy_hcd [ 283.002387][ T9327] bond1: left allmulticast mode [ 283.182975][ T980] usb 4-1: unable to get BOS descriptor or descriptor too short [ 283.208583][ T980] usb 4-1: not running at top speed; connect to a high speed hub [ 283.240776][ T980] usb 4-1: config 4 has an invalid interface number: 116 but max is 0 [ 283.251019][ T980] usb 4-1: config 4 has no interface number 0 [ 283.270775][ T980] usb 4-1: config 4 interface 116 has no altsetting 0 [ 283.294900][ T980] usb 4-1: New USB device found, idVendor=0499, idProduct=101e, bcdDevice=ec.47 [ 283.304837][ T9333] loop6: detected capacity change from 0 to 7 [ 283.305103][ T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 283.316639][ T5845] Dev loop6: unable to read RDB block 7 [ 283.329559][ T5845] loop6: AHDI p4 [ 283.335032][ T5845] loop6: partition table partially beyond EOD, truncated [ 283.349245][ T980] usb 4-1: Product: syz [ 283.355478][ T980] usb 4-1: Manufacturer: syz [ 283.356015][ T9333] Dev loop6: unable to read RDB block 7 [ 283.360307][ T980] usb 4-1: SerialNumber: syz [ 283.369896][ T9333] loop6: AHDI p4 [ 283.398611][ T9333] loop6: partition table partially beyond EOD, truncated [ 283.406474][ T5891] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 283.565830][ T5891] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 283.573846][ T5891] usb 1-1: can't read configurations, error -61 [ 283.678512][ T980] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 283.683276][ T9337] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 283.711016][ T5891] usb 1-1: new high-speed USB device number 48 using dummy_hcd [ 283.756185][ T9337] netlink: 'syz.2.1105': attribute type 10 has an invalid length. [ 283.785290][ T980] usb 4-1: USB disconnect, device number 48 [ 283.790420][ T9337] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 283.886633][ T5891] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 283.895165][ T5891] usb 1-1: can't read configurations, error -61 [ 283.902488][ T5891] usb usb1-port1: attempt power cycle [ 284.008582][ T6320] udevd[6320]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:4.116/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 284.271358][ T5891] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 284.297173][ T5891] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 284.305321][ T5891] usb 1-1: can't read configurations, error -61 [ 284.440931][ T5891] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 284.470003][ T5891] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 284.477862][ T5891] usb 1-1: can't read configurations, error -61 [ 284.487461][ T5891] usb usb1-port1: unable to enumerate USB device [ 285.022687][ T9347] openvswitch: netlink: Tunnel attr 4104 out of range max 16 [ 285.053855][ T5899] usb 2-1: USB disconnect, device number 48 [ 285.388471][ T9349] loop8: detected capacity change from 0 to 8 [ 285.461087][ T9349] Dev loop8: unable to read RDB block 8 [ 285.494497][ T9349] loop8: unable to read partition table [ 285.525402][ T9349] loop8: partition table beyond EOD, truncated [ 285.532539][ T9349] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 285.738647][ T9352] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1120'. [ 285.834850][ T9353] netlink: 'syz.4.1111': attribute type 7 has an invalid length. [ 285.886281][ T9353] netlink: 'syz.4.1111': attribute type 7 has an invalid length. [ 285.937378][ T9353] netlink: 'syz.4.1111': attribute type 7 has an invalid length. [ 285.978925][ T9353] netlink: 'syz.4.1111': attribute type 7 has an invalid length. [ 286.015427][ T9353] netlink: 'syz.4.1111': attribute type 7 has an invalid length. [ 286.024105][ T9353] netlink: 'syz.4.1111': attribute type 7 has an invalid length. [ 286.033984][ T9353] netlink: 'syz.4.1111': attribute type 7 has an invalid length. [ 286.042870][ T9353] netlink: 'syz.4.1111': attribute type 7 has an invalid length. [ 286.064458][ T9353] netlink: 'syz.4.1111': attribute type 7 has an invalid length. [ 286.190910][ T980] usb 1-1: new high-speed USB device number 51 using dummy_hcd [ 286.260892][ T5933] usb 2-1: new high-speed USB device number 49 using dummy_hcd [ 286.352526][ T980] usb 1-1: Using ep0 maxpacket: 16 [ 286.362734][ T980] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 286.380873][ T980] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 286.430620][ T980] usb 1-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 286.457411][ T5933] usb 2-1: device descriptor read/64, error -71 [ 286.480738][ T980] usb 1-1: config 1 has no interface number 1 [ 286.502265][ T980] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 286.550405][ T980] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 286.595117][ T980] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 286.644872][ T980] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 286.659039][ T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 286.800933][ T5933] usb 2-1: new high-speed USB device number 50 using dummy_hcd [ 286.808906][ T980] usb 1-1: Product: syz [ 286.814091][ T980] usb 1-1: Manufacturer: syz [ 286.818721][ T980] usb 1-1: SerialNumber: syz [ 286.946086][ T5933] usb 2-1: device descriptor read/64, error -71 [ 286.949673][ T9376] xt_CT: No such helper "syz0" [ 287.072663][ T5933] usb usb2-port1: attempt power cycle [ 287.119083][ T980] usb 1-1: USB disconnect, device number 51 [ 287.236810][ T5845] udevd[5845]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 287.432899][ T5933] usb 2-1: new high-speed USB device number 51 using dummy_hcd [ 287.483808][ T5933] usb 2-1: device descriptor read/8, error -71 [ 287.648667][ T9390] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1123'. [ 287.731040][ T5933] usb 2-1: new high-speed USB device number 52 using dummy_hcd [ 287.766985][ T5933] usb 2-1: device descriptor read/8, error -71 [ 287.882978][ T5933] usb usb2-port1: unable to enumerate USB device [ 287.931149][ T9403] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1127'. [ 288.080951][ T5899] usb 3-1: new high-speed USB device number 44 using dummy_hcd [ 288.239383][ T5899] usb 3-1: Using ep0 maxpacket: 16 [ 288.252029][ T5899] usb 3-1: config 3 has an invalid interface number: 155 but max is 0 [ 288.262063][ T5899] usb 3-1: config 3 has an invalid interface association descriptor of length 3, skipping [ 288.280752][ T5899] usb 3-1: config 3 has an invalid descriptor of length 101, skipping remainder of the config [ 288.295529][ T5899] usb 3-1: config 3 has no interface number 0 [ 288.302128][ T5899] usb 3-1: config 3 interface 155 has no altsetting 0 [ 288.313660][ T5899] usb 3-1: New USB device found, idVendor=05a9, idProduct=264a, bcdDevice=e5.4c [ 288.329024][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.338364][ T5899] usb 3-1: Product: syz [ 288.343422][ T5899] usb 3-1: Manufacturer: syz [ 288.348293][ T5899] usb 3-1: SerialNumber: syz [ 288.565463][ T9390] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 288.581565][ T9390] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 288.636276][ T9406] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1128'. [ 288.708591][ T5899] usb 3-1: USB disconnect, device number 44 [ 289.254497][ T5933] IPVS: starting estimator thread 0... [ 289.391141][ T9425] IPVS: using max 36 ests per chain, 86400 per kthread [ 289.498840][ T9433] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1137'. [ 289.553487][ T5933] usb 1-1: new full-speed USB device number 52 using dummy_hcd [ 289.784321][ T5933] usb 1-1: config 7 has an invalid interface number: 101 but max is 0 [ 289.802845][ T5933] usb 1-1: config 7 has no interface number 0 [ 289.822276][ T5933] usb 1-1: New USB device found, idVendor=0fd9, idProduct=002c, bcdDevice= 6.6b [ 289.831812][ T5933] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.840567][ T5933] usb 1-1: Product: syz [ 289.847190][ T5933] usb 1-1: Manufacturer: syz [ 289.866299][ T5933] usb 1-1: SerialNumber: syz [ 289.875274][ T9437] lo: entered promiscuous mode [ 289.944176][ T9437] lo: entered allmulticast mode [ 289.950247][ T9437] tunl0: entered promiscuous mode [ 289.955865][ T9437] tunl0: entered allmulticast mode [ 289.962660][ T9437] gre0: entered promiscuous mode [ 289.972437][ T9437] gre0: entered allmulticast mode [ 289.979741][ T9437] gretap0: entered promiscuous mode [ 289.988905][ T9437] gretap0: entered allmulticast mode [ 290.055442][ T9437] erspan0: entered promiscuous mode [ 290.070247][ T9437] erspan0: entered allmulticast mode [ 290.083179][ T9437] ip_vti0: entered promiscuous mode [ 290.098599][ T9437] ip_vti0: entered allmulticast mode [ 290.198668][ T9441] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1140'. [ 290.905821][ T9420] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 290.931838][ T9420] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 290.958777][ T9420] trusted_key: syz.0.1131 sent an empty control message without MSG_MORE. [ 291.321228][ T5899] usb 3-1: new high-speed USB device number 45 using dummy_hcd [ 291.542706][ T5899] usb 3-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 291.561205][ T5899] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x4 has invalid wMaxPacketSize 0 [ 291.618582][ T5899] usb 3-1: config 4 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 0 [ 291.656764][ T5899] usb 3-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0xDC, changing to 0x8C [ 291.682366][ T5899] usb 3-1: config 4 interface 0 altsetting 0 bulk endpoint 0x8C has invalid maxpacket 243 [ 291.759911][ T5899] usb 3-1: New USB device found, idVendor=2294, idProduct=425a, bcdDevice=d1.41 [ 291.815837][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 291.850293][ T5899] usb 3-1: Product: syz [ 291.860264][ T5899] usb 3-1: Manufacturer: syz [ 291.912370][ T5899] usb 3-1: SerialNumber: syz [ 292.011383][ T9456] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 292.089993][ T5899] usb 3-1: ucan: probing device on interface #0 [ 292.157064][ T5899] usb 3-1: ucan: invalid out_ep MaxPacketSize [ 292.171737][ T5899] usb 3-1: ucan: probe failed; try to update the device firmware [ 292.368301][ T5933] as10x_usb: device has been detected [ 292.418784][ T5933] dvbdev: DVB: registering new adapter (Elgato EyeTV DTT Deluxe) [ 292.539301][ T30] audit: type=1326 audit(1750621224.546:5102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9473 comm="syz.3.1150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 292.601218][ T5933] usb 1-1: DVB: registering adapter 1 frontend 0 (Elgato EyeTV DTT Deluxe)... [ 292.615720][ T5891] usb 3-1: USB disconnect, device number 45 [ 292.636063][ T30] audit: type=1326 audit(1750621224.546:5103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9473 comm="syz.3.1150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 292.669793][ T30] audit: type=1326 audit(1750621224.546:5104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9473 comm="syz.3.1150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=428 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 292.697607][ T30] audit: type=1326 audit(1750621224.546:5105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9473 comm="syz.3.1150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 292.757037][ T30] audit: type=1326 audit(1750621224.546:5106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9473 comm="syz.3.1150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 292.792614][ T9478] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.826492][ T30] audit: type=1326 audit(1750621224.586:5107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9473 comm="syz.3.1150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 292.857851][ T980] usb 4-1: new high-speed USB device number 49 using dummy_hcd [ 292.875957][ T9478] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.891486][ T5933] as10x_usb: error during firmware upload part1 [ 292.935260][ T5933] Registered device Elgato EyeTV DTT Deluxe [ 292.944584][ T5933] usb 1-1: USB disconnect, device number 52 [ 293.005781][ T30] audit: type=1326 audit(1750621224.586:5108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9473 comm="syz.3.1150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 293.063104][ T30] audit: type=1326 audit(1750621224.586:5109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9473 comm="syz.3.1150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 293.096150][ T30] audit: type=1326 audit(1750621224.596:5110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9473 comm="syz.3.1150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 293.098590][ T5933] Unregistered device Elgato EyeTV DTT Deluxe [ 293.121041][ T980] usb 4-1: Using ep0 maxpacket: 8 [ 293.139969][ T5933] as10x_usb: device has been disconnected [ 293.154515][ T980] usb 4-1: New USB device found, idVendor=0763, idProduct=2081, bcdDevice=d0.ab [ 293.164208][ T980] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 293.177797][ T980] usb 4-1: Product: syz [ 293.205588][ T980] usb 4-1: Manufacturer: syz [ 293.213729][ T980] usb 4-1: SerialNumber: syz [ 293.233203][ T980] usb 4-1: config 0 descriptor?? [ 293.264507][ T30] audit: type=1326 audit(1750621224.596:5111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9473 comm="syz.3.1150" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf712e539 code=0x7ffc0000 [ 293.725751][ T9493] netlink: 156 bytes leftover after parsing attributes in process `syz.2.1157'. [ 293.738065][ T980] usb 4-1: USB disconnect, device number 49 [ 293.881767][ T5845] udevd[5845]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 293.944596][ C1] vkms_vblank_simulate: vblank timer overrun [ 294.425086][ T5891] usb 3-1: new high-speed USB device number 46 using dummy_hcd [ 294.561017][ T5899] usb 4-1: new high-speed USB device number 50 using dummy_hcd [ 294.596581][ T5891] usb 3-1: Using ep0 maxpacket: 16 [ 294.607700][ T5891] usb 3-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 294.617459][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.626910][ T5891] usb 3-1: Product: syz [ 294.637727][ T5891] usb 3-1: Manufacturer: syz [ 294.646722][ T5891] usb 3-1: SerialNumber: syz [ 294.670880][ T5891] r8152-cfgselector 3-1: Unknown version 0x0000 [ 294.678091][ T5891] r8152-cfgselector 3-1: config 0 descriptor?? [ 294.710885][ T5899] usb 4-1: Using ep0 maxpacket: 16 [ 294.728710][ T5899] usb 4-1: unable to get BOS descriptor or descriptor too short [ 294.737777][ T5899] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 294.762145][ T5899] usb 4-1: can't read configurations, error -71 [ 294.812450][ T9513] loop8: detected capacity change from 0 to 8 [ 294.824889][ T5845] Dev loop8: unable to read RDB block 8 [ 294.830761][ T5845] loop8: unable to read partition table [ 294.837433][ T5845] loop8: partition table beyond EOD, truncated [ 294.852324][ T9513] Dev loop8: unable to read RDB block 8 [ 294.858401][ T9513] loop8: unable to read partition table [ 294.870240][ T9513] loop8: partition table beyond EOD, truncated [ 294.877524][ T9513] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 295.106119][ T5891] r8152-cfgselector 3-1: Unknown version 0x0000 [ 295.131118][ T5891] r8152-cfgselector 3-1: bad CDC descriptors [ 295.137597][ T9515] FAULT_INJECTION: forcing a failure. [ 295.137597][ T9515] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 295.162054][ T5891] r8152-cfgselector 3-1: USB disconnect, device number 46 [ 295.178684][ T9515] CPU: 1 UID: 0 PID: 9515 Comm: syz.0.1166 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 295.178712][ T9515] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 295.178723][ T9515] Call Trace: [ 295.178731][ T9515] [ 295.178739][ T9515] dump_stack_lvl+0x189/0x250 [ 295.178773][ T9515] ? __pfx____ratelimit+0x10/0x10 [ 295.178800][ T9515] ? __pfx_dump_stack_lvl+0x10/0x10 [ 295.178829][ T9515] ? __pfx__printk+0x10/0x10 [ 295.178848][ T9515] ? __might_fault+0xb0/0x130 [ 295.178875][ T9515] should_fail_ex+0x414/0x560 [ 295.178899][ T9515] fpu__restore_sig+0x1bb/0x1100 [ 295.178925][ T9515] ? __lock_acquire+0xab9/0xd20 [ 295.178954][ T9515] ? __pfx_fpu__restore_sig+0x10/0x10 [ 295.179001][ T9515] ia32_restore_sigcontext+0x449/0x5b0 [ 295.179032][ T9515] ? __pfx_ia32_restore_sigcontext+0x10/0x10 [ 295.179061][ T9515] ? _raw_spin_lock_irq+0xae/0xf0 [ 295.179085][ T9515] ? __pfx__raw_spin_lock_irq+0x10/0x10 [ 295.179122][ T9515] ? _raw_spin_unlock_irq+0x23/0x50 [ 295.179146][ T9515] ? lockdep_hardirqs_on+0x9c/0x150 [ 295.179175][ T9515] __ia32_compat_sys_sigreturn+0x1b4/0x210 [ 295.179206][ T9515] ? __pfx___ia32_compat_sys_sigreturn+0x10/0x10 [ 295.179236][ T9515] ? do_int80_emulation+0xec/0x390 [ 295.179254][ T9515] ? asm_int80_emulation+0x1a/0x20 [ 295.179273][ T9515] do_int80_emulation+0x126/0x390 [ 295.179291][ T9515] ? clear_bhb_loop+0x60/0xb0 [ 295.179309][ T9515] ? clear_bhb_loop+0x60/0xb0 [ 295.179332][ T9515] asm_int80_emulation+0x1a/0x20 [ 295.179351][ T9515] RIP: 0023:0xf70fe539 [ 295.179367][ T9515] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 295.179383][ T9515] RSP: 002b:00000000f50ee55c EFLAGS: 00000206 [ 295.179400][ T9515] RAX: 0000000000006000 RBX: 0000000000000004 RCX: 0000000000000003 [ 295.179412][ T9515] RDX: 0000000000000000 RSI: 00000000558410e9 RDI: 0000000000000000 [ 295.179423][ T9515] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 295.179434][ T9515] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 295.179444][ T9515] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 295.179470][ T9515] [ 295.399734][ C1] vkms_vblank_simulate: vblank timer overrun [ 295.490280][ T9520] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1169'. [ 295.887217][ T5899] usb 4-1: new high-speed USB device number 51 using dummy_hcd [ 295.933093][ T9534] xt_SECMARK: invalid mode: 0 [ 295.986052][ T5891] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 296.004676][ T9537] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1173'. [ 296.061054][ T5899] usb 4-1: Using ep0 maxpacket: 16 [ 296.072564][ T5899] usb 4-1: config 3 has an invalid interface number: 155 but max is 0 [ 296.135348][ T5899] usb 4-1: config 3 has an invalid interface association descriptor of length 3, skipping [ 296.158822][ T5899] usb 4-1: config 3 has an invalid descriptor of length 101, skipping remainder of the config [ 296.163851][ T9539] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 296.200450][ T5899] usb 4-1: config 3 has no interface number 0 [ 296.207083][ T5891] usb 1-1: Using ep0 maxpacket: 8 [ 296.245448][ T5899] usb 4-1: config 3 interface 155 has no altsetting 0 [ 296.261804][ T5891] usb 1-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 296.270369][ T9539] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 296.272601][ T5891] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 296.301716][ T5899] usb 4-1: New USB device found, idVendor=05a9, idProduct=264a, bcdDevice=e5.4c [ 296.313149][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 296.365276][ T5899] usb 4-1: Product: syz [ 296.373832][ T5891] usb 1-1: config 0 descriptor?? [ 296.389224][ T5899] usb 4-1: Manufacturer: syz [ 296.419349][ T5899] usb 4-1: SerialNumber: syz [ 296.754983][ T9520] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 296.768727][ T9520] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 296.836905][ T5899] usb 4-1: USB disconnect, device number 51 [ 297.442911][ T9550] 8021q: adding VLAN 0 to HW filter on device batadv2 [ 297.491694][ T9550] batadv2: entered promiscuous mode [ 297.498303][ T9550] team0: Port device batadv2 added [ 299.164217][ T9576] i2c i2c-0: Invalid block write size 43 [ 299.320983][ T5898] usb 3-1: new high-speed USB device number 47 using dummy_hcd [ 299.530936][ T5898] usb 3-1: Using ep0 maxpacket: 8 [ 299.555790][ T5898] usb 3-1: config 0 has no interfaces? [ 299.599143][ T5898] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ee [ 299.654167][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 299.849646][ T5898] usb 3-1: Product: syz [ 299.948421][ T5898] usb 3-1: Manufacturer: syz [ 299.975469][ T5898] usb 3-1: SerialNumber: syz [ 300.063591][ T5898] usb 3-1: config 0 descriptor?? [ 300.529133][ T9588] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1188'. [ 300.576819][ T5891] asix 1-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0012: -71 [ 300.605385][ T5891] asix 1-1:0.0: probe with driver asix failed with error -71 [ 300.647179][ T5891] usb 1-1: USB disconnect, device number 53 [ 300.817890][ T9597] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1191'. [ 300.860978][ T5898] usb 4-1: new high-speed USB device number 52 using dummy_hcd [ 300.990981][ T5898] usb 4-1: device descriptor read/64, error -71 [ 301.104146][ T980] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 301.118259][ T9606] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1192'. [ 301.129394][ T9606] netlink: 44 bytes leftover after parsing attributes in process `syz.4.1192'. [ 301.340873][ T980] usb 1-1: Using ep0 maxpacket: 16 [ 301.421439][ T5898] usb 4-1: new high-speed USB device number 53 using dummy_hcd [ 301.507191][ T980] usb 1-1: config 3 has an invalid interface number: 155 but max is 0 [ 301.518632][ T980] usb 1-1: config 3 has an invalid interface association descriptor of length 3, skipping [ 301.528839][ T980] usb 1-1: config 3 has an invalid descriptor of length 101, skipping remainder of the config [ 301.540579][ T980] usb 1-1: config 3 has no interface number 0 [ 301.547242][ T980] usb 1-1: config 3 interface 155 has no altsetting 0 [ 301.557673][ T980] usb 1-1: New USB device found, idVendor=05a9, idProduct=264a, bcdDevice=e5.4c [ 301.570351][ T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 301.571174][ T5898] usb 4-1: device descriptor read/64, error -71 [ 301.578661][ T980] usb 1-1: Product: syz [ 301.589588][ T980] usb 1-1: Manufacturer: syz [ 301.594264][ T980] usb 1-1: SerialNumber: syz [ 301.721865][ T5898] usb usb4-port1: attempt power cycle [ 301.810242][ T9597] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 301.822254][ T9597] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 301.854111][ T980] usb 1-1: USB disconnect, device number 54 [ 301.921106][ T5933] usb 2-1: new high-speed USB device number 53 using dummy_hcd [ 301.928761][ T9614] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1195'. [ 302.013129][ T9616] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 302.022599][ T9616] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 302.037146][ T9616] vlan2: entered promiscuous mode [ 302.062180][ T5898] usb 4-1: new high-speed USB device number 54 using dummy_hcd [ 302.093403][ T5898] usb 4-1: device descriptor read/8, error -71 [ 302.104673][ T5933] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 302.114087][ T5933] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 302.130672][ T5933] usb 2-1: config 0 descriptor?? [ 302.331204][ T5898] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 302.347999][ T9610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 302.359543][ T5898] usb 4-1: device descriptor read/8, error -71 [ 302.367647][ T9610] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 302.481706][ T5898] usb usb4-port1: unable to enumerate USB device [ 302.526145][ T980] usb 3-1: USB disconnect, device number 47 [ 303.421052][ T5933] usb 2-1: Cannot set autoneg [ 303.425977][ T5933] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 303.518786][ T5933] usb 2-1: USB disconnect, device number 53 [ 303.696591][ T9631] xt_NFQUEUE: number of queues (65533) out of range (got 73728) [ 304.301060][ T5933] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 304.402171][ T55] usb 2-1: new full-speed USB device number 54 using dummy_hcd [ 304.451994][ T5933] usb 4-1: Using ep0 maxpacket: 32 [ 304.459471][ T5933] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 304.471095][ T5933] usb 4-1: New USB device found, idVendor=0525, idProduct=2888, bcdDevice=d0.43 [ 304.480474][ T5933] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.508822][ T5933] usb 4-1: config 0 descriptor?? [ 304.527766][ T9655] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 304.540083][ T9655] validate_nla: 56 callbacks suppressed [ 304.540103][ T9655] netlink: 'syz.2.1208': attribute type 10 has an invalid length. [ 304.565206][ T55] usb 2-1: config 0 has no interfaces? [ 304.571200][ T55] usb 2-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00 [ 304.583823][ T55] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 304.731326][ T55] usb 2-1: config 0 descriptor?? [ 304.772637][ T5933] cdc_subset 4-1:0.0: probe with driver cdc_subset failed with error -71 [ 304.834128][ T5933] usb 4-1: USB disconnect, device number 56 [ 304.969843][ T9659] netlink: 'syz.4.1209': attribute type 4 has an invalid length. [ 304.973810][ T9650] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1207'. [ 304.993379][ T9650] vlan2: entered promiscuous mode [ 305.070681][ T5933] usb 2-1: USB disconnect, device number 54 [ 305.208484][ T9661] loop8: detected capacity change from 0 to 8 [ 305.242524][ T9661] Dev loop8: unable to read RDB block 8 [ 305.283954][ T9661] loop8: unable to read partition table [ 305.292476][ T9661] loop8: partition table beyond EOD, truncated [ 305.299256][ T9661] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 305.355539][ T9667] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1212'. [ 305.752615][ T9676] team0: Device gtp0 is up. Set it down before adding it as a team port [ 305.849597][ T9683] FAULT_INJECTION: forcing a failure. [ 305.849597][ T9683] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 305.867025][ T9683] CPU: 0 UID: 0 PID: 9683 Comm: syz.4.1217 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 305.867043][ T9683] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 305.867059][ T9683] Call Trace: [ 305.867066][ T9683] [ 305.867072][ T9683] dump_stack_lvl+0x189/0x250 [ 305.867093][ T9683] ? __pfx____ratelimit+0x10/0x10 [ 305.867109][ T9683] ? __pfx_dump_stack_lvl+0x10/0x10 [ 305.867125][ T9683] ? __pfx__printk+0x10/0x10 [ 305.867143][ T9683] should_fail_ex+0x414/0x560 [ 305.867159][ T9683] _copy_to_user+0x31/0xb0 [ 305.867171][ T9683] simple_read_from_buffer+0xe1/0x170 [ 305.867185][ T9683] proc_fail_nth_read+0x1df/0x250 [ 305.867199][ T9683] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 305.867212][ T9683] ? rw_verify_area+0x258/0x650 [ 305.867227][ T9683] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 305.867242][ T9683] vfs_read+0x200/0x980 [ 305.867260][ T9683] ? __pfx___mutex_lock+0x10/0x10 [ 305.867270][ T9683] ? __pfx_vfs_read+0x10/0x10 [ 305.867287][ T9683] ? __fget_files+0x2a/0x420 [ 305.867301][ T9683] ? __fget_files+0x3a0/0x420 [ 305.867311][ T9683] ? __fget_files+0x2a/0x420 [ 305.867327][ T9683] ksys_read+0x145/0x250 [ 305.867337][ T9683] ? __pfx_ksys_read+0x10/0x10 [ 305.867353][ T9683] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 305.867369][ T9683] ? lockdep_hardirqs_on+0x9c/0x150 [ 305.867384][ T9683] __do_fast_syscall_32+0xb6/0x2b0 [ 305.867394][ T9683] ? lockdep_hardirqs_on+0x9c/0x150 [ 305.867411][ T9683] do_fast_syscall_32+0x34/0x80 [ 305.867420][ T9683] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 305.867432][ T9683] RIP: 0023:0xf7f53539 [ 305.867442][ T9683] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 305.867451][ T9683] RSP: 002b:00000000f5076590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 305.867463][ T9683] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5076620 [ 305.867470][ T9683] RDX: 000000000000000f RSI: 00000000f73e2ff4 RDI: 0000000000000000 [ 305.867476][ T9683] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 305.867482][ T9683] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 305.867487][ T9683] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 305.867502][ T9683] [ 306.420919][ T5898] usb 3-1: new high-speed USB device number 48 using dummy_hcd [ 306.471314][ T5899] usb 2-1: new full-speed USB device number 55 using dummy_hcd [ 306.531773][ T9693] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1221'. [ 306.581256][ T5898] usb 3-1: Using ep0 maxpacket: 16 [ 306.626272][ T5898] usb 3-1: config 8 has an invalid interface number: 198 but max is 0 [ 306.641042][ T5899] usb 2-1: config 0 has no interfaces? [ 306.662642][ T5899] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 306.675240][ T5899] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.687109][ T5898] usb 3-1: config 8 has an invalid descriptor of length 36, skipping remainder of the config [ 306.698053][ T5899] usb 2-1: Product: syz [ 306.702714][ T5899] usb 2-1: Manufacturer: syz [ 306.708195][ T5898] usb 3-1: config 8 has no interface number 0 [ 306.714442][ T5899] usb 2-1: SerialNumber: syz [ 306.721719][ T5899] usb 2-1: config 0 descriptor?? [ 306.726822][ T5898] usb 3-1: config 8 interface 198 has no altsetting 0 [ 306.813188][ T9695] delete_channel: no stack [ 306.880626][ T5898] usb 3-1: New USB device found, idVendor=0d49, idProduct=7000, bcdDevice=6c.67 [ 306.900510][ T5898] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.917868][ T5898] usb 3-1: Product: syz [ 306.928800][ T5898] usb 3-1: Manufacturer: syz [ 306.955305][ T5898] usb 3-1: SerialNumber: syz [ 306.956467][ T9699] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 306.958039][ T9699] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 306.967123][ T9699] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1223'. [ 307.182511][ T9678] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 307.193288][ T9678] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 307.221249][ T9678] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 307.329764][ T9678] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1215'. [ 307.371451][ T30] kauditd_printk_skb: 29 callbacks suppressed [ 307.371466][ T30] audit: type=1326 audit(1750621239.356:5141): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9671 comm="syz.2.1215" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 307.527833][ T30] audit: type=1326 audit(1750621239.356:5142): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9671 comm="syz.2.1215" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 307.639158][ T30] audit: type=1326 audit(1750621239.356:5143): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9671 comm="syz.2.1215" exe="/root/syz-executor" sig=0 arch=40000003 syscall=80 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 307.662501][ T30] audit: type=1326 audit(1750621239.356:5144): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9671 comm="syz.2.1215" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 307.766620][ T30] audit: type=1326 audit(1750621239.356:5145): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9671 comm="syz.2.1215" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 307.814895][ T9709] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1225'. [ 307.931299][ T30] audit: type=1326 audit(1750621239.356:5146): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9671 comm="syz.2.1215" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 307.983299][ T30] audit: type=1326 audit(1750621239.356:5147): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9671 comm="syz.2.1215" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 308.180501][ T30] audit: type=1326 audit(1750621239.356:5148): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9671 comm="syz.2.1215" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 308.273261][ T55] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 308.288824][ T30] audit: type=1326 audit(1750621239.356:5149): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9671 comm="syz.2.1215" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf705e539 code=0x7ffc0000 [ 308.464947][ T55] usb 4-1: config 0 has an invalid interface number: 199 but max is 1 [ 308.480920][ T55] usb 4-1: config 0 has no interface number 1 [ 308.487652][ T55] usb 4-1: config 0 interface 199 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 308.498503][ T55] usb 4-1: config 0 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 308.671534][ T55] usb 4-1: New USB device found, idVendor=0002, idProduct=0000, bcdDevice= 0.00 [ 308.681024][ T55] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 308.804511][ T55] usb 4-1: SerialNumber: syz [ 308.850337][ T55] usb 4-1: config 0 descriptor?? [ 308.865513][ T5899] usb 2-1: USB disconnect, device number 55 [ 308.868213][ T55] usb 4-1: Found UVC 0.00 device (0002:0000) [ 309.064563][ T9708] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 309.091567][ T9708] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 309.225187][ T55] usb 4-1: No valid video chain found. [ 309.262190][ T55] usb 4-1: USB disconnect, device number 57 [ 310.870895][ T5891] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 311.897023][ T9757] lo: entered allmulticast mode [ 311.917872][ T9757] tunl0: entered allmulticast mode [ 311.938096][ T9757] gre0: entered allmulticast mode [ 311.966875][ T9757] gretap0: entered allmulticast mode [ 311.977430][ T5898] ums-onetouch 3-1:8.198: USB Mass Storage device detected [ 312.061384][ T9757] erspan0: entered allmulticast mode [ 312.087914][ T9757] ip_vti0: entered allmulticast mode [ 312.985640][ T9774] xt_cluster: you have exceeded the maximum number of cluster nodes (47856 > 32) [ 313.103760][ T9777] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 313.247166][ T9777] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 313.700928][ T55] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 313.802391][ T9779] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1242'. [ 313.853878][ T55] usb 1-1: config 220 has an invalid interface number: 76 but max is 2 [ 313.862500][ T55] usb 1-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 313.896918][ T55] usb 1-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 313.946522][ T55] usb 1-1: config 220 has no interface number 2 [ 313.983532][ T55] usb 1-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 314.029912][ T55] usb 1-1: config 220 interface 0 has no altsetting 0 [ 314.046439][ T55] usb 1-1: config 220 interface 76 has no altsetting 0 [ 314.069967][ T55] usb 1-1: config 220 interface 1 has no altsetting 0 [ 314.123621][ T55] usb 1-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 314.175060][ T55] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 314.221895][ T55] usb 1-1: Product: syz [ 314.232551][ T55] usb 1-1: Manufacturer: syz [ 314.245533][ T55] usb 1-1: SerialNumber: syz [ 314.499812][ T9784] dlm: no locking on control device [ 314.571139][ T5891] usb 2-1: new high-speed USB device number 56 using dummy_hcd [ 314.736153][ T5891] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 314.759698][ T5891] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 314.798919][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 314.838624][ T5891] usb 2-1: config 0 descriptor?? [ 314.871324][ T55] usb 1-1: Found UVC 7.01 device syz (8086:0b07) [ 314.880530][ T5891] pwc: Askey VC010 type 2 USB webcam detected. [ 314.921463][ T55] usb 1-1: No valid video chain found. [ 314.927067][ T55] usb 1-1: selecting invalid altsetting 0 [ 315.009319][ T55] usb 1-1: selecting invalid altsetting 0 [ 315.029815][ T55] usbtest 1-1:220.1: probe with driver usbtest failed with error -22 [ 315.071194][ T55] usb 1-1: USB disconnect, device number 56 [ 315.242708][ T9799] loop8: detected capacity change from 0 to 8 [ 315.257710][ T5845] Dev loop8: unable to read RDB block 8 [ 315.270657][ T5845] loop8: unable to read partition table [ 315.287176][ T5891] pwc: recv_control_msg error -32 req 02 val 2b00 [ 315.298489][ T5845] loop8: partition table beyond EOD, truncated [ 315.307404][ T5891] pwc: recv_control_msg error -32 req 02 val 2700 [ 315.315177][ T9799] Dev loop8: unable to read RDB block 8 [ 315.328938][ T9799] loop8: unable to read partition table [ 315.351105][ T9799] loop8: partition table beyond EOD, truncated [ 315.357373][ T9799] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 315.547866][ T5891] pwc: recv_control_msg error -71 req 04 val 1000 [ 315.576045][ T5891] pwc: recv_control_msg error -71 req 04 val 1300 [ 315.601064][ T5891] pwc: recv_control_msg error -71 req 04 val 1400 [ 315.614220][ T5891] pwc: recv_control_msg error -71 req 02 val 2000 [ 315.629960][ T55] usb 3-1: USB disconnect, device number 48 [ 315.643277][ T5891] pwc: recv_control_msg error -71 req 02 val 2100 [ 315.691932][ T5891] pwc: recv_control_msg error -71 req 04 val 1500 [ 315.712055][ T5891] pwc: recv_control_msg error -71 req 02 val 2500 [ 315.746884][ T5891] pwc: recv_control_msg error -71 req 02 val 2400 [ 315.784943][ T5891] pwc: recv_control_msg error -71 req 02 val 2600 [ 315.805783][ T5891] pwc: recv_control_msg error -71 req 02 val 2900 [ 315.844207][ T5891] pwc: recv_control_msg error -71 req 02 val 2800 [ 315.872437][ T5891] pwc: recv_control_msg error -71 req 04 val 1100 [ 315.897597][ T5891] pwc: recv_control_msg error -71 req 04 val 1200 [ 315.918514][ T5891] pwc: Registered as video103. [ 315.983151][ T5891] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input21 [ 316.038036][ T5891] usb 2-1: USB disconnect, device number 56 [ 316.404351][ T9823] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 316.446900][ T9823] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 316.643001][ T5891] usb 2-1: new high-speed USB device number 57 using dummy_hcd [ 316.803275][ T5891] usb 2-1: config 0 has an invalid interface number: 117 but max is 0 [ 316.812259][ T5891] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 316.860986][ T5891] usb 2-1: config 0 has no interface number 0 [ 316.915520][ T5891] usb 2-1: config 0 interface 117 altsetting 0 endpoint 0x88 has invalid wMaxPacketSize 0 [ 316.980667][ T5891] usb 2-1: config 0 interface 117 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 317.073784][ T5891] usb 2-1: New USB device found, idVendor=0afa, idProduct=03e8, bcdDevice=99.d0 [ 317.084636][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 317.099294][ T5891] usb 2-1: Product: syz [ 317.136959][ T5891] usb 2-1: Manufacturer: syz [ 317.160987][ T5891] usb 2-1: SerialNumber: syz [ 317.188683][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.192111][ T5891] usb 2-1: config 0 descriptor?? [ 317.196101][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.272074][ T9830] FAULT_INJECTION: forcing a failure. [ 317.272074][ T9830] name failslab, interval 1, probability 0, space 0, times 0 [ 317.285106][ T9830] CPU: 0 UID: 0 PID: 9830 Comm: syz.4.1259 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 317.285133][ T9830] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 317.285154][ T9830] Call Trace: [ 317.285163][ T9830] [ 317.285173][ T9830] dump_stack_lvl+0x189/0x250 [ 317.285209][ T9830] ? __pfx____ratelimit+0x10/0x10 [ 317.285238][ T9830] ? __pfx_dump_stack_lvl+0x10/0x10 [ 317.285268][ T9830] ? __pfx__printk+0x10/0x10 [ 317.285294][ T9830] ? __lock_acquire+0xab9/0xd20 [ 317.285329][ T9830] should_fail_ex+0x414/0x560 [ 317.285359][ T9830] should_failslab+0xa8/0x100 [ 317.285383][ T9830] kmem_cache_alloc_noprof+0x73/0x3c0 [ 317.285412][ T9830] ? skb_clone+0x212/0x3a0 [ 317.285436][ T9830] ? __pfx_skb_network_protocol+0x10/0x10 [ 317.285466][ T9830] skb_clone+0x212/0x3a0 [ 317.285490][ T9830] ? dev_queue_xmit_nit+0x25a/0xcc0 [ 317.285516][ T9830] dev_queue_xmit_nit+0x416/0xcc0 [ 317.285538][ T9830] ? dev_queue_xmit_nit+0x2d/0xcc0 [ 317.285573][ T9830] dev_hard_start_xmit+0x1be/0x830 [ 317.285617][ T9830] __dev_queue_xmit+0x1adf/0x3a70 [ 317.285650][ T9830] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 317.285684][ T9830] ? __dev_queue_xmit+0x27e/0x3a70 [ 317.285711][ T9830] ? do_fast_syscall_32+0x34/0x80 [ 317.285743][ T9830] ? __pfx___dev_queue_xmit+0x10/0x10 [ 317.285786][ T9830] ? __copy_skb_header+0xa7/0x550 [ 317.285812][ T9830] ? __asan_memcpy+0x40/0x70 [ 317.285837][ T9830] ? __skb_clone+0x63/0x7a0 [ 317.285867][ T9830] ? __skb_clone+0x483/0x7a0 [ 317.285899][ T9830] ? skb_clone+0x246/0x3a0 [ 317.285928][ T9830] __netlink_deliver_tap+0x5ad/0x850 [ 317.285964][ T9830] ? netlink_deliver_tap+0x2e/0x1b0 [ 317.285989][ T9830] netlink_deliver_tap+0x19c/0x1b0 [ 317.286013][ T9830] netlink_unicast+0x72f/0x8d0 [ 317.286045][ T9830] netlink_sendmsg+0x805/0xb30 [ 317.286078][ T9830] ? __pfx_netlink_sendmsg+0x10/0x10 [ 317.286104][ T9830] ? __import_iovec+0x5d4/0x7f0 [ 317.286122][ T9830] ? aa_sock_msg_perm+0x94/0x160 [ 317.286154][ T9830] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 317.286179][ T9830] ? __pfx_netlink_sendmsg+0x10/0x10 [ 317.286204][ T9830] __sock_sendmsg+0x21c/0x270 [ 317.286237][ T9830] ____sys_sendmsg+0x505/0x830 [ 317.286268][ T9830] ? __pfx_____sys_sendmsg+0x10/0x10 [ 317.286310][ T9830] ___sys_sendmsg+0x21f/0x2a0 [ 317.286337][ T9830] ? __pfx____sys_sendmsg+0x10/0x10 [ 317.286401][ T9830] ? __fget_files+0x2a/0x420 [ 317.286422][ T9830] ? __fget_files+0x3a0/0x420 [ 317.286455][ T9830] __sys_sendmsg+0x164/0x220 [ 317.286482][ T9830] ? __pfx___sys_sendmsg+0x10/0x10 [ 317.286522][ T9830] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 317.286553][ T9830] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.286583][ T9830] __do_fast_syscall_32+0xb6/0x2b0 [ 317.286603][ T9830] ? lockdep_hardirqs_on+0x9c/0x150 [ 317.286635][ T9830] do_fast_syscall_32+0x34/0x80 [ 317.286653][ T9830] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 317.286677][ T9830] RIP: 0023:0xf7f53539 [ 317.286695][ T9830] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 317.286712][ T9830] RSP: 002b:00000000f507655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 317.286733][ T9830] RAX: ffffffffffffffda RBX: 0000000000000013 RCX: 0000000080000540 [ 317.286748][ T9830] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 317.286759][ T9830] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 317.286770][ T9830] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 317.286782][ T9830] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 317.286812][ T9830] [ 317.715389][ T55] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 317.917577][ T55] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 317.931151][ T55] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 318.038754][ T5933] usb 2-1: USB disconnect, device number 57 [ 318.055234][ T55] usb 4-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 318.061224][ T9836] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 318.083381][ T55] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 318.132170][ T9836] batadv1: entered promiscuous mode [ 318.142291][ T55] usb 4-1: config 0 descriptor?? [ 318.180028][ T9836] team0: Port device batadv1 added [ 318.582726][ T55] cp2112 0003:10C4:EA90.0007: unknown main item tag 0x0 [ 318.648215][ T55] cp2112 0003:10C4:EA90.0007: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.3-1/input0 [ 318.740955][ T5933] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 318.770219][ T9828] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 318.802813][ T9828] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 318.883020][ T5933] usb 1-1: device descriptor read/64, error -71 [ 319.108767][ T9858] input: syz0 as /devices/virtual/input/input23 [ 319.131111][ T5933] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 319.231155][ T55] cp2112 0003:10C4:EA90.0007: error requesting version [ 319.261314][ T55] cp2112 0003:10C4:EA90.0007: probe with driver cp2112 failed with error -71 [ 319.281410][ T5933] usb 1-1: device descriptor read/64, error -71 [ 319.320400][ T55] usb 4-1: USB disconnect, device number 58 [ 319.402674][ T5933] usb usb1-port1: attempt power cycle [ 319.466588][ T30] audit: type=1804 audit(1750621251.476:5150): pid=9867 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=open_writers comm="syz.2.1272" name="/newroot/263/file0" dev="tmpfs" ino=1370 res=1 errno=0 [ 319.518248][ T30] audit: type=1804 audit(1750621251.526:5151): pid=9867 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=invalid_pcr cause=ToMToU comm="syz.2.1272" name="/newroot/263/file0" dev="tmpfs" ino=1370 res=1 errno=0 [ 319.690892][ T5891] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 319.781145][ T5933] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 319.808481][ T5933] usb 1-1: device descriptor read/8, error -71 [ 319.844460][ T5891] usb 2-1: config 1 interface 0 has no altsetting 0 [ 319.892105][ T5891] usb 2-1: New USB device found, idVendor=05ac, idProduct=0262, bcdDevice= 0.40 [ 319.921355][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 320.017030][ T5891] usb 2-1: Product: syz [ 320.037157][ T5891] usb 2-1: Manufacturer: syz [ 320.050455][ T5891] usb 2-1: SerialNumber: syz [ 320.080942][ T5933] usb 1-1: new high-speed USB device number 60 using dummy_hcd [ 320.133629][ T5933] usb 1-1: device descriptor read/8, error -71 [ 320.562592][ T5933] usb usb1-port1: unable to enumerate USB device [ 320.748003][ T5891] input: bcm5974 as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/input/input24 [ 320.802440][ T5187] bcm5974 2-1:1.0: could not read from device [ 320.846527][ T5187] bcm5974 2-1:1.0: could not read from device [ 320.874911][ T5187] bcm5974 2-1:1.0: could not read from device [ 320.900365][ T5187] bcm5974 2-1:1.0: could not read from device [ 321.004672][ T5891] usb 2-1: USB disconnect, device number 58 [ 321.136517][ T9891] ALSA: mixer_oss: invalid OSS volume 'OVAIN' [ 321.143372][ T9891] netlink: 44 bytes leftover after parsing attributes in process `syz.2.1281'. [ 321.181185][ T9] hid-generic 0000:0000:0000.0008: hidraw0: HID v0.00 Device [syz1] on syz1 [ 321.309281][ T9892] fido_id[9892]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 321.391605][ T30] audit: type=1326 audit(1750621253.406:5152): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9893 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 321.419220][ T9894] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 321.463045][ T9894] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 321.510897][ T30] audit: type=1326 audit(1750621253.426:5153): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9893 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 321.656635][ T30] audit: type=1326 audit(1750621253.516:5154): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9893 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 321.746353][ T30] audit: type=1326 audit(1750621253.516:5155): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9893 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 321.770404][ T30] audit: type=1326 audit(1750621253.516:5156): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9893 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 321.792454][ C0] vkms_vblank_simulate: vblank timer overrun [ 321.817646][ T30] audit: type=1326 audit(1750621253.516:5157): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9893 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 321.839626][ C0] vkms_vblank_simulate: vblank timer overrun [ 321.933965][ T30] audit: type=1326 audit(1750621253.516:5158): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9893 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 321.955993][ C0] vkms_vblank_simulate: vblank timer overrun [ 322.038557][ T30] audit: type=1326 audit(1750621253.516:5159): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9893 comm="syz.4.1282" exe="/root/syz-executor" sig=0 arch=40000003 syscall=345 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 322.060551][ C0] vkms_vblank_simulate: vblank timer overrun [ 322.388878][ T9924] loop8: detected capacity change from 0 to 8 [ 322.399781][ T9924] loop8: [POWERTEC] p1 p2 p3 p4 p5 p6 p7 p8 p9 p10 p11 p12 [ 322.411086][ T9924] loop8: p1 start 1509949440 is beyond EOD, truncated [ 322.418115][ T9924] loop8: p2 start 1313166792 is beyond EOD, truncated [ 322.429657][ T9924] loop8: p3 start 2792198821 is beyond EOD, truncated [ 322.440384][ T9924] loop8: p4 start 3450133329 is beyond EOD, truncated [ 322.455722][ T9924] loop8: p5 start 209017359 is beyond EOD, truncated [ 322.462943][ T9] usb 4-1: new full-speed USB device number 59 using dummy_hcd [ 322.473395][ T9924] loop8: p6 start 472078083 is beyond EOD, truncated [ 322.488227][ T9924] loop8: p7 start 655360 is beyond EOD, truncated [ 322.507292][ T9924] loop8: p8 start 4159373312 is beyond EOD, truncated [ 322.556926][ T9924] loop8: p9 start 2556692023 is beyond EOD, truncated [ 322.573013][ T9924] loop8: p10 start 163359550 is beyond EOD, truncated [ 322.587306][ T9924] loop8: p11 start 2808365989 is beyond EOD, truncated [ 322.595663][ T9924] loop8: p12 start 954928250 is beyond EOD, truncated [ 322.629457][ T9] usb 4-1: config 0 has no interfaces? [ 322.636451][ T9] usb 4-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00 [ 322.664267][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 322.698768][ T9] usb 4-1: config 0 descriptor?? [ 322.922780][ T9920] 8021q: VLANs not supported on team0 [ 322.931074][ T9] usb 4-1: USB disconnect, device number 59 [ 323.010022][ T9928] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 324.234710][ T9950] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1300'. [ 324.425579][ T9955] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 324.460161][ T9955] netlink: 'syz.0.1302': attribute type 10 has an invalid length. [ 324.519023][ T9961] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1304'. [ 324.600607][ T9961] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1304'. [ 325.006638][ T9974] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1309'. [ 325.314483][ T9987] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1314'. [ 325.744703][ T55] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 325.839186][ T9993] IPVS: ovf: UDP 224.0.0.2:0 - no destination available [ 325.950868][ T55] usb 2-1: Using ep0 maxpacket: 16 [ 326.001843][ T55] usb 2-1: config 3 has an invalid interface number: 155 but max is 0 [ 326.220568][ T55] usb 2-1: config 3 has an invalid interface association descriptor of length 3, skipping [ 326.252541][ T55] usb 2-1: config 3 has an invalid descriptor of length 101, skipping remainder of the config [ 326.270088][ T55] usb 2-1: config 3 has no interface number 0 [ 326.279196][ T55] usb 2-1: config 3 interface 155 has no altsetting 0 [ 326.297567][ T55] usb 2-1: New USB device found, idVendor=05a9, idProduct=264a, bcdDevice=e5.4c [ 326.310214][ T55] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.321199][ T55] usb 2-1: Product: syz [ 326.325837][ T55] usb 2-1: Manufacturer: syz [ 326.331283][ T55] usb 2-1: SerialNumber: syz [ 326.555237][ T9987] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 326.555820][ T9987] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 326.594217][ T55] usb 2-1: USB disconnect, device number 59 [ 326.880259][T10015] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1322'. [ 327.105583][ T30] kauditd_printk_skb: 2 callbacks suppressed [ 327.105600][ T30] audit: type=1326 audit(1750621259.116:5162): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10021 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 327.169448][ T30] audit: type=1326 audit(1750621259.116:5163): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10021 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 327.180955][T10024] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1324'. [ 327.207253][ T30] audit: type=1326 audit(1750621259.146:5164): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10021 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 327.280240][ T30] audit: type=1326 audit(1750621259.146:5165): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10021 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 327.308034][ T30] audit: type=1326 audit(1750621259.146:5166): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10021 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 327.332113][ T30] audit: type=1326 audit(1750621259.146:5167): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10021 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 327.355874][ T30] audit: type=1326 audit(1750621259.146:5168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10021 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 327.391971][ T55] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 327.401693][ T30] audit: type=1326 audit(1750621259.146:5169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10021 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 327.423819][ C0] vkms_vblank_simulate: vblank timer overrun [ 327.562503][ T55] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 327.565156][ T30] audit: type=1326 audit(1750621259.146:5170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10021 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 327.596092][ T55] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 327.619507][ T55] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 0 [ 327.709353][ T30] audit: type=1326 audit(1750621259.146:5171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10021 comm="syz.4.1326" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 327.778528][ T55] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 327.797039][ T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.808850][ T55] usb 4-1: Product: syz [ 327.826859][ T55] usb 4-1: Manufacturer: syz [ 327.838736][ T55] usb 4-1: SerialNumber: syz [ 328.953342][T10020] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 328.968065][ T55] cdc_ncm 4-1:1.0: bind() failure [ 328.984334][ T55] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 328.992105][ T55] cdc_ncm 4-1:1.1: bind() failure [ 329.011345][T10020] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 329.176994][ T55] usb 4-1: USB disconnect, device number 60 [ 329.525970][T10055] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1335'. [ 329.641375][T10059] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1337'. [ 329.710400][T10059] netlink: 'syz.3.1337': attribute type 5 has an invalid length. [ 329.772961][T10059] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1337'. [ 329.789672][T10059] netdevsim netdevsim3 netdevsim0: set [1, 1] type 2 family 0 port 256 - 0 [ 329.819007][T10059] netdevsim netdevsim3 netdevsim1: set [1, 1] type 2 family 0 port 256 - 0 [ 329.867935][T10059] netdevsim netdevsim3 netdevsim2: set [1, 1] type 2 family 0 port 256 - 0 [ 329.891167][T10059] netdevsim netdevsim3 netdevsim3: set [1, 1] type 2 family 0 port 256 - 0 [ 329.981219][T10059] geneve2: entered promiscuous mode [ 329.986485][T10059] geneve2: entered allmulticast mode [ 330.348688][T10079] ipvlan2: entered promiscuous mode [ 330.571141][ T55] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 330.781437][ T55] usb 3-1: Using ep0 maxpacket: 32 [ 330.791368][ T55] usb 3-1: config 0 has an invalid interface number: 188 but max is 0 [ 330.822502][ T55] usb 3-1: config 0 has no interface number 0 [ 330.856758][ T55] usb 3-1: config 0 interface 188 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 330.887504][ T55] usb 3-1: config 0 interface 188 altsetting 0 has an endpoint descriptor with address 0xBD, changing to 0x8D [ 330.918808][ T55] usb 3-1: config 0 interface 188 altsetting 0 endpoint 0x8D has an invalid bInterval 129, changing to 11 [ 331.011378][ T55] usb 3-1: config 0 interface 188 altsetting 0 endpoint 0x8D has invalid maxpacket 10062, setting to 1024 [ 331.074354][ T55] usb 3-1: config 0 interface 188 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 331.110619][ T55] usb 3-1: New USB device found, idVendor=2c7c, idProduct=6002, bcdDevice=42.9b [ 331.137167][ T55] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.188195][ T55] usb 3-1: Product: syz [ 331.200504][ T55] usb 3-1: Manufacturer: syz [ 331.221252][ T55] usb 3-1: SerialNumber: syz [ 331.255264][ T55] usb 3-1: config 0 descriptor?? [ 331.425507][T10081] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 331.435915][ T55] option 3-1:0.188: GSM modem (1-port) converter detected [ 331.642822][ T5891] usb 3-1: USB disconnect, device number 49 [ 331.658462][ T5891] option 3-1:0.188: device disconnected [ 332.019956][T10101] --map-set only usable from mangle table [ 332.565960][T10115] netlink: 156 bytes leftover after parsing attributes in process `syz.0.1355'. [ 332.718039][T10110] xt_CONNSECMARK: only valid in 'mangle' or 'security' table, not 'syz0' [ 332.786719][T10105] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1351'. [ 332.932434][T10121] FAULT_INJECTION: forcing a failure. [ 332.932434][T10121] name failslab, interval 1, probability 0, space 0, times 0 [ 332.996344][T10121] CPU: 0 UID: 0 PID: 10121 Comm: syz.0.1357 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 332.996373][T10121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 332.996385][T10121] Call Trace: [ 332.996393][T10121] [ 332.996401][T10121] dump_stack_lvl+0x189/0x250 [ 332.996433][T10121] ? __pfx____ratelimit+0x10/0x10 [ 332.996458][T10121] ? __pfx_dump_stack_lvl+0x10/0x10 [ 332.996485][T10121] ? __pfx__printk+0x10/0x10 [ 332.996511][T10121] ? ref_tracker_alloc+0x318/0x460 [ 332.996538][T10121] should_fail_ex+0x414/0x560 [ 332.996565][T10121] should_failslab+0xa8/0x100 [ 332.996585][T10121] kmem_cache_alloc_noprof+0x73/0x3c0 [ 332.996614][T10121] ? skb_clone+0x212/0x3a0 [ 332.996642][T10121] skb_clone+0x212/0x3a0 [ 332.996670][T10121] __netlink_deliver_tap+0x404/0x850 [ 332.996702][T10121] ? netlink_deliver_tap+0x2e/0x1b0 [ 332.996725][T10121] netlink_deliver_tap+0x19c/0x1b0 [ 332.996746][T10121] netlink_unicast+0x72f/0x8d0 [ 332.996784][T10121] netlink_sendmsg+0x805/0xb30 [ 332.996813][T10121] ? __pfx_netlink_sendmsg+0x10/0x10 [ 332.996835][T10121] ? __import_iovec+0x5d4/0x7f0 [ 332.996852][T10121] ? aa_sock_msg_perm+0x94/0x160 [ 332.996875][T10121] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 332.996897][T10121] ? __pfx_netlink_sendmsg+0x10/0x10 [ 332.996926][T10121] __sock_sendmsg+0x21c/0x270 [ 332.996957][T10121] ____sys_sendmsg+0x505/0x830 [ 332.996987][T10121] ? __pfx_____sys_sendmsg+0x10/0x10 [ 332.997025][T10121] ___sys_sendmsg+0x21f/0x2a0 [ 332.997052][T10121] ? __pfx____sys_sendmsg+0x10/0x10 [ 332.997112][T10121] ? __fget_files+0x2a/0x420 [ 332.997132][T10121] ? __fget_files+0x3a0/0x420 [ 332.997163][T10121] __sys_sendmsg+0x164/0x220 [ 332.997189][T10121] ? __pfx___sys_sendmsg+0x10/0x10 [ 332.997227][T10121] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 332.997257][T10121] ? lockdep_hardirqs_on+0x9c/0x150 [ 332.997286][T10121] __do_fast_syscall_32+0xb6/0x2b0 [ 332.997305][T10121] ? lockdep_hardirqs_on+0x9c/0x150 [ 332.997336][T10121] do_fast_syscall_32+0x34/0x80 [ 332.997354][T10121] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 332.997377][T10121] RIP: 0023:0xf70fe539 [ 332.997393][T10121] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 332.997410][T10121] RSP: 002b:00000000f50ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 332.997430][T10121] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 332.997444][T10121] RDX: 0000000020050800 RSI: 0000000000000000 RDI: 0000000000000000 [ 332.997456][T10121] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 332.997467][T10121] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 332.997478][T10121] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 332.997505][T10121] [ 333.872476][ T55] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 334.180918][ T980] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 334.194206][ T55] usb 4-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 334.205615][ T55] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.223533][ T55] usb 4-1: Product: syz [ 334.243113][ T55] usb 4-1: Manufacturer: syz [ 334.248073][ T55] usb 4-1: SerialNumber: syz [ 334.274563][ T55] usb 4-1: config 0 descriptor?? [ 334.330900][ T980] usb 2-1: Using ep0 maxpacket: 16 [ 334.337760][ T980] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 334.347165][ T980] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 334.389528][ T980] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 334.399954][ T980] usb 2-1: config 1 has no interface number 1 [ 334.428447][ T980] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 334.442110][ T980] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 334.457739][ T980] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has invalid wMaxPacketSize 0 [ 334.469940][ T980] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 334.486152][ T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.504905][ T980] usb 2-1: Product: syz [ 334.525842][T10126] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 334.537467][ T980] usb 2-1: Manufacturer: syz [ 334.550893][ T980] usb 2-1: SerialNumber: syz [ 334.571469][T10126] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 334.626141][ T55] hso 4-1:0.0: Failed to find BULK IN ep [ 334.638461][ T55] usb-storage 4-1:0.0: USB Mass Storage device detected [ 334.680753][T10139] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 334.834063][ T55] usb 4-1: USB disconnect, device number 61 [ 335.030529][ T980] usb 2-1: USB disconnect, device number 60 [ 335.196100][ T5845] udevd[5845]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 335.772524][T10141] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 336.817548][T10173] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1370'. [ 337.250924][ T980] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 337.582333][ T980] usb 3-1: Using ep0 maxpacket: 16 [ 337.671475][ T980] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 337.682430][ T980] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 337.709705][ T980] usb 3-1: New USB device found, idVendor=1044, idProduct=7a4d, bcdDevice= 0.00 [ 337.751125][ T980] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.839516][ T980] usb 3-1: config 0 descriptor?? [ 338.646147][T10187] FAULT_INJECTION: forcing a failure. [ 338.646147][T10187] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 338.662707][T10187] CPU: 1 UID: 0 PID: 10187 Comm: syz.3.1377 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 338.662724][T10187] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 338.662731][T10187] Call Trace: [ 338.662736][T10187] [ 338.662741][T10187] dump_stack_lvl+0x189/0x250 [ 338.662762][T10187] ? __pfx____ratelimit+0x10/0x10 [ 338.662778][T10187] ? __pfx_dump_stack_lvl+0x10/0x10 [ 338.662794][T10187] ? __pfx__printk+0x10/0x10 [ 338.662805][T10187] ? __might_fault+0xb0/0x130 [ 338.662820][T10187] should_fail_ex+0x414/0x560 [ 338.662835][T10187] _copy_from_user+0x2d/0xb0 [ 338.662846][T10187] get_compat_msghdr+0xad/0x4a0 [ 338.662862][T10187] ? __pfx_get_compat_msghdr+0x10/0x10 [ 338.662881][T10187] ___sys_sendmsg+0x193/0x2a0 [ 338.662895][T10187] ? __pfx____sys_sendmsg+0x10/0x10 [ 338.662925][T10187] ? __fget_files+0x2a/0x420 [ 338.662935][T10187] ? __fget_files+0x3a0/0x420 [ 338.662951][T10187] __sys_sendmsg+0x164/0x220 [ 338.662964][T10187] ? __pfx___sys_sendmsg+0x10/0x10 [ 338.662984][T10187] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 338.662999][T10187] ? lockdep_hardirqs_on+0x9c/0x150 [ 338.663015][T10187] __do_fast_syscall_32+0xb6/0x2b0 [ 338.663024][T10187] ? lockdep_hardirqs_on+0x9c/0x150 [ 338.663040][T10187] do_fast_syscall_32+0x34/0x80 [ 338.663049][T10187] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 338.663062][T10187] RIP: 0023:0xf712e539 [ 338.663072][T10187] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 338.663081][T10187] RSP: 002b:00000000f511e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 338.663093][T10187] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 338.663100][T10187] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 338.663106][T10187] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 338.663112][T10187] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 338.663117][T10187] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 338.663131][T10187] [ 338.872643][ C1] vkms_vblank_simulate: vblank timer overrun [ 339.136003][T10190] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1378'. [ 339.279620][T10193] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1376'. [ 339.691838][T10205] vlan0: entered promiscuous mode [ 339.703599][T10205] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 339.720409][T10205] vlan0: entered allmulticast mode [ 339.749383][T10205] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 339.769726][T10205] team0: Device vlan0 is up. Set it down before adding it as a team port [ 340.001906][T10210] input: syz1 as /devices/virtual/input/input26 [ 340.314184][ T5891] usb 3-1: USB disconnect, device number 50 [ 341.045152][T10221] fuse: Bad value for 'user_id' [ 341.066351][T10221] fuse: Bad value for 'user_id' [ 341.142379][T10221] fuse: Unknown parameter 'ÿÿÿÿÿÿÿÿ0x0000000000000008' [ 341.270904][ T980] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 341.490941][ T980] usb 1-1: Using ep0 maxpacket: 32 [ 341.501777][ T980] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 341.520992][ T980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.532316][ T980] usb 1-1: config 0 descriptor?? [ 341.744090][ T980] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 341.791949][ T980] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 342.252295][T10224] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 342.321944][ T980] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 342.349136][T10224] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 342.351075][ T980] usb 1-1: media controller created [ 342.398637][ T980] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 342.570520][T10224] loop8: detected capacity change from 0 to 7 [ 342.591042][ T55] usb 4-1: new high-speed USB device number 62 using dummy_hcd [ 342.633320][T10224] Dev loop8: unable to read RDB block 7 [ 342.667236][T10224] loop8: unable to read partition table [ 342.677445][T10224] loop8: partition table beyond EOD, truncated [ 342.688688][ T980] az6027: usb out operation failed. (-71) [ 342.700969][T10224] loop_reread_partitions: partition scan of loop8 (þ被x) failed (rc=-5) [ 342.709869][ T980] az6027: usb out operation failed. (-71) [ 342.728083][ T980] stb0899_attach: Driver disabled by Kconfig [ 342.752538][ T980] az6027: no front-end attached [ 342.752538][ T980] [ 342.761534][ T55] usb 4-1: Using ep0 maxpacket: 16 [ 342.797076][ T55] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 2.00 [ 342.828726][ T980] az6027: usb out operation failed. (-71) [ 342.842670][ T55] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.865611][ T980] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 342.885790][ T55] usb 4-1: config 0 descriptor?? [ 342.894214][ T980] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input27 [ 342.933854][ T55] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 342.960868][ T980] dvb-usb: schedule remote query interval to 400 msecs. [ 342.980015][ T980] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 343.001549][ T980] usb 1-1: USB disconnect, device number 61 [ 343.136677][ T55] usb 4-1: Detected FT232B [ 343.160957][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 343.160974][ T30] audit: type=1326 audit(1750621275.166:5188): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10249 comm="syz.4.1398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 343.247381][ T30] audit: type=1326 audit(1750621275.166:5189): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10249 comm="syz.4.1398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 343.278972][ T980] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 343.307371][ T30] audit: type=1326 audit(1750621275.166:5190): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10249 comm="syz.4.1398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 343.337081][ T55] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 343.379433][T10254] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1399'. [ 343.405779][ T55] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 343.415539][T10255] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1399'. [ 343.460984][ T55] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 343.478765][ T30] audit: type=1326 audit(1750621275.166:5191): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10249 comm="syz.4.1398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 343.513636][ T55] usb 4-1: USB disconnect, device number 62 [ 343.583458][ T55] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 343.597990][ T30] audit: type=1326 audit(1750621275.166:5192): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10249 comm="syz.4.1398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 343.621826][ T30] audit: type=1326 audit(1750621275.176:5193): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10249 comm="syz.4.1398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 343.656854][ T55] ftdi_sio 4-1:0.0: device disconnected [ 343.708602][T10258] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1400'. [ 343.740721][ T30] audit: type=1326 audit(1750621275.176:5194): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10249 comm="syz.4.1398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 343.794266][ T30] audit: type=1326 audit(1750621275.176:5195): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10249 comm="syz.4.1398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 343.860959][ T30] audit: type=1326 audit(1750621275.176:5196): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10249 comm="syz.4.1398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 343.891524][ T30] audit: type=1326 audit(1750621275.176:5197): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10249 comm="syz.4.1398" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 344.094794][T10269] netlink: 'syz.4.1402': attribute type 1 has an invalid length. [ 344.107387][T10269] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1402'. [ 344.154860][T10272] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 344.234562][T10272] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 345.341812][T10281] i2c i2c-0: Invalid block write size 43 [ 346.328160][T10292] netlink: 'syz.2.1409': attribute type 4 has an invalid length. [ 346.435333][T10294] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 346.453417][T10294] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 346.541982][T10294] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 346.806068][T10300] bond1: entered promiscuous mode [ 346.822001][T10300] bond1: entered allmulticast mode [ 346.827993][T10300] 8021q: adding VLAN 0 to HW filter on device bond1 [ 347.226332][ T55] usb 1-1: new high-speed USB device number 62 using dummy_hcd [ 347.276913][T10315] loop8: detected capacity change from 0 to 8 [ 347.283599][ T980] usb 2-1: new low-speed USB device number 61 using dummy_hcd [ 347.321134][ T5828] Dev loop8: unable to read RDB block 8 [ 347.331558][ T5828] loop8: unable to read partition table [ 347.337437][ T5828] loop8: partition table beyond EOD, truncated [ 347.387323][T10315] Dev loop8: unable to read RDB block 8 [ 347.393019][T10315] loop8: unable to read partition table [ 347.411448][T10315] loop8: partition table beyond EOD, truncated [ 347.417869][T10315] loop_reread_partitions: partition scan of loop8 (þ被xü^>Ñà– ) failed (rc=-5) [ 347.452073][ T55] usb 1-1: unable to get BOS descriptor or descriptor too short [ 347.463323][ T55] usb 1-1: config 3 has an invalid interface number: 19 but max is 0 [ 347.471868][ T980] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 347.484005][ T55] usb 1-1: config 3 has no interface number 0 [ 347.490240][ T980] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 347.503273][ T55] usb 1-1: config 3 interface 19 altsetting 9 bulk endpoint 0x8E has invalid maxpacket 32 [ 347.759095][ T980] usb 2-1: New USB device found, idVendor=258a, idProduct=0036, bcdDevice= 0.00 [ 347.781228][ T55] usb 1-1: config 3 interface 19 altsetting 9 bulk endpoint 0xC has invalid maxpacket 64 [ 347.840890][ T980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 347.872833][ T55] usb 1-1: config 3 interface 19 has no altsetting 0 [ 347.911795][ T980] usb 2-1: config 0 descriptor?? [ 347.919242][ T55] usb 1-1: New USB device found, idVendor=067b, idProduct=2303, bcdDevice=53.f5 [ 347.941383][ T55] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 347.949426][ T55] usb 1-1: Product: syz [ 347.994196][ T55] usb 1-1: Manufacturer: syz [ 348.020944][ T55] usb 1-1: SerialNumber: syz [ 348.068803][T10308] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 348.100984][T10308] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 348.362521][ T55] pl2303 1-1:3.19: required interrupt-in endpoint missing [ 348.409623][ T55] usb 1-1: USB disconnect, device number 62 [ 348.454843][ T980] glorious 0003:258A:0036.0009: unknown main item tag 0x1 [ 348.491284][ T980] glorious 0003:258A:0036.0009: hidraw0: USB HID v0.00 Device [Glorious Model O] on usb-dummy_hcd.1-1/input0 [ 349.217937][T10340] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1427'. [ 349.594092][T10346] team0: Device gtp0 is up. Set it down before adding it as a team port [ 350.001295][ T9] usb 2-1: USB disconnect, device number 61 [ 350.750595][ T30] kauditd_printk_skb: 39 callbacks suppressed [ 350.750612][ T30] audit: type=1326 audit(1750621282.756:5237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10363 comm="syz.4.1432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 350.835005][ T30] audit: type=1326 audit(1750621282.796:5238): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10363 comm="syz.4.1432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 350.958619][ T30] audit: type=1326 audit(1750621282.796:5239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10363 comm="syz.4.1432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 351.056258][ T30] audit: type=1326 audit(1750621282.796:5240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10363 comm="syz.4.1432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=146 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 351.168486][ T30] audit: type=1326 audit(1750621282.796:5241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10363 comm="syz.4.1432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 351.232774][T10374] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1437'. [ 351.286493][T10378] vcan0: tx drop: invalid da for name 0x0000000000000002 [ 351.309626][ T30] audit: type=1326 audit(1750621282.796:5242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10363 comm="syz.4.1432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 351.371053][ T30] audit: type=1326 audit(1750621282.796:5243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10363 comm="syz.4.1432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 351.401618][ T30] audit: type=1326 audit(1750621282.796:5244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10363 comm="syz.4.1432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 351.432798][ T30] audit: type=1326 audit(1750621282.796:5245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10363 comm="syz.4.1432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 351.475543][ T30] audit: type=1326 audit(1750621282.796:5246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10363 comm="syz.4.1432" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf7f53539 code=0x7ffc0000 [ 351.583256][T10374] team_slave_0: left promiscuous mode [ 351.608409][T10374] team0 (unregistering): Port device team_slave_0 removed [ 351.631557][T10374] team_slave_1: left promiscuous mode [ 351.652509][T10374] team0 (unregistering): Port device team_slave_1 removed [ 351.662925][T10387] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 351.668984][T10374] batadv1: left promiscuous mode [ 351.685951][T10387] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 351.693703][T10374] team0 (unregistering): Port device batadv1 removed [ 351.711193][T10374] batadv2: left promiscuous mode [ 351.737401][T10374] team0 (unregistering): Port device batadv2 removed [ 352.187479][T10396] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1444'. [ 352.341557][T10400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 352.350377][T10400] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 352.474073][T10398] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1443'. [ 352.518270][T10398] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1443'. [ 353.075469][T10412] --map-set only usable from mangle table [ 353.283227][T10414] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1449'. [ 353.289310][T10416] tipc: Enabling of bearer rejected, failed to enable media [ 353.305100][ T5891] usb 1-1: new high-speed USB device number 63 using dummy_hcd [ 353.326712][T10414] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 353.341608][T10414] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 353.472604][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 353.489187][ T5891] usb 1-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 353.503067][ T5891] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 353.552368][ T5891] usb 1-1: Manufacturer: syz [ 353.621558][ T5891] usb 1-1: config 0 descriptor?? [ 353.748471][ T55] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 353.854802][T10410] netlink: 'syz.0.1447': attribute type 13 has an invalid length. [ 353.901117][ T55] usb 2-1: Using ep0 maxpacket: 16 [ 353.908333][ T55] usb 2-1: config 0 has an invalid interface number: 6 but max is 0 [ 353.917189][ T55] usb 2-1: config 0 has no interface number 0 [ 353.933644][ T55] usb 2-1: New USB device found, idVendor=1199, idProduct=6821, bcdDevice=f7.f7 [ 353.951295][ T55] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.968860][ T55] usb 2-1: Product: syz [ 353.980914][ T55] usb 2-1: Manufacturer: syz [ 353.985790][ T55] usb 2-1: SerialNumber: syz [ 353.998253][ T55] usb 2-1: config 0 descriptor?? [ 354.013781][ T55] sierra 2-1:0.6: Sierra USB modem converter detected [ 354.141338][T10433] random: crng reseeded on system resumption [ 354.180073][T10410] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 354.228959][ T55] usb 2-1: Sierra USB modem converter now attached to ttyUSB0 [ 354.277352][ T55] usb 2-1: USB disconnect, device number 62 [ 354.334495][ T55] sierra ttyUSB0: Sierra USB modem converter now disconnected from ttyUSB0 [ 354.348334][T10422] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1453'. [ 354.375932][ T55] sierra 2-1:0.6: device disconnected [ 354.665846][T10438] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1457'. [ 355.171315][ T55] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 355.362029][ T55] usb 3-1: Using ep0 maxpacket: 16 [ 355.375480][ T55] usb 3-1: config 0 has an invalid interface number: 241 but max is 0 [ 355.385168][ T55] usb 3-1: config 0 has no interface number 0 [ 355.400342][ T55] usb 3-1: config 0 interface 241 altsetting 5 bulk endpoint 0x8 has invalid maxpacket 1023 [ 355.432824][ T55] usb 3-1: config 0 interface 241 has no altsetting 0 [ 355.515035][ T55] usb 3-1: New USB device found, idVendor=0ac8, idProduct=0321, bcdDevice=f1.89 [ 355.559554][ T55] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 355.571049][ T31] INFO: task kworker/0:1:10 blocked for more than 143 seconds. [ 355.584598][ T31] Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 [ 355.601147][ T55] usb 3-1: Product: syz [ 355.601212][ T5898] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 355.611611][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 355.632204][ T5891] usbhid 1-1:0.0: couldn't find an input interrupt endpoint [ 355.632383][ T55] usb 3-1: Manufacturer: syz [ 355.663396][ T5891] usb 1-1: USB disconnect, device number 63 [ 355.686946][ T31] task:kworker/0:1 state:D stack:20856 pid:10 tgid:10 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 355.712075][ T55] usb 3-1: SerialNumber: syz [ 355.750633][ T55] usb 3-1: config 0 descriptor?? [ 355.757451][ T31] Workqueue: usb_hub_wq hub_event [ 355.782693][T10447] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 355.806110][ T55] gspca_main: vc032x-2.14.0 probing 0ac8:0321 [ 355.814596][ T31] Call Trace: [ 355.821666][ T5898] usb 2-1: Using ep0 maxpacket: 16 [ 355.829170][ T31] [ 355.837182][ T31] __schedule+0x16f5/0x4d00 [ 355.843651][ T31] ? schedule+0x165/0x360 [ 355.903704][ T31] ? __lock_acquire+0xab9/0xd20 [ 355.924387][ T31] ? __pfx___schedule+0x10/0x10 [ 355.953333][ T31] ? schedule+0x91/0x360 [ 355.968298][ T31] schedule+0x165/0x360 [ 355.985277][ T31] schedule_timeout+0x9a/0x270 [ 355.990431][ T31] ? __pfx_schedule_timeout+0x10/0x10 [ 355.996777][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 356.007091][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 356.016031][ T55] gspca_vc032x: reg_r err -71 [ 356.025267][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.032043][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.038072][ T31] ? wait_for_completion+0x267/0x5d0 [ 356.044082][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.049618][ T31] wait_for_completion+0x2bf/0x5d0 [ 356.056152][T10466] xt_CT: No such helper "syz0" [ 356.057183][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.074189][ T31] ? __pfx_wait_for_completion+0x10/0x10 [ 356.087956][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.095942][ T31] i2c_del_adapter+0x581/0x6e0 [ 356.104001][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.109330][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.130954][ T31] ? __pfx_i2c_del_adapter+0x10/0x10 [ 356.149410][ T31] ? rcu_is_watching+0x15/0xb0 [ 356.166089][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.166141][ T31] ? dvb_usb_adapter_exit+0xd7/0x240 [ 356.178013][ T31] dvb_usb_i2c_exit+0x64/0xb0 [ 356.183548][ T31] dvb_usb_device_exit+0x1be/0x350 [ 356.188927][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.188990][ T31] ? __pfx_dvb_usb_device_exit+0x10/0x10 [ 356.204516][ T31] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 356.210693][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.210938][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 356.219320][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.222026][ T31] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 356.233861][ T31] cxusb_probe+0x603/0x700 [ 356.238516][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.238568][ T31] ? __pfx_cxusb_probe+0x10/0x10 [ 356.249504][ T31] ? __pm_runtime_set_status+0x785/0xa50 [ 356.258186][ T31] usb_probe_interface+0x641/0xbc0 [ 356.263816][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.265891][ T31] ? __pfx_usb_probe_interface+0x10/0x10 [ 356.269238][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.278446][ T31] really_probe+0x26a/0x9a0 [ 356.288535][ T31] __driver_probe_device+0x18c/0x2f0 [ 356.294129][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.297911][ T31] driver_probe_device+0x4f/0x430 [ 356.305015][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.310720][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.316715][ T31] __device_attach_driver+0x2ce/0x530 [ 356.322588][ T55] gspca_vc032x: I2c Bus Busy Wait 00 [ 356.328555][ T55] gspca_vc032x: Unknown sensor... [ 356.332853][ T31] bus_for_each_drv+0x251/0x2e0 [ 356.333851][ T55] vc032x 3-1:0.241: probe with driver vc032x failed with error -22 [ 356.339507][ T31] ? __pfx___device_attach_driver+0x10/0x10 [ 356.359321][ T31] ? __pfx_bus_for_each_drv+0x10/0x10 [ 356.395766][ T55] usb 3-1: USB disconnect, device number 51 [ 356.429547][ T31] __device_attach+0x2b8/0x400 [ 356.455757][ T31] ? __pfx___device_attach+0x10/0x10 [ 356.476685][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 356.488538][ T31] bus_probe_device+0x185/0x260 [ 356.500709][ T31] device_add+0x7b6/0xb50 [ 356.509912][ T31] usb_set_configuration+0x1a87/0x20e0 [ 356.539108][ T31] usb_generic_driver_probe+0x8d/0x150 [ 356.567565][ T31] usb_probe_device+0x1c1/0x390 [ 356.585178][ T31] ? __pfx_usb_probe_device+0x10/0x10 [ 356.617220][ T31] really_probe+0x26a/0x9a0 [ 356.631272][ T31] __driver_probe_device+0x18c/0x2f0 [ 356.646906][ T31] driver_probe_device+0x4f/0x430 [ 356.657528][ T31] __device_attach_driver+0x2ce/0x530 [ 356.674728][ T31] bus_for_each_drv+0x251/0x2e0 [ 356.690737][ T31] ? __pfx___device_attach_driver+0x10/0x10 [ 356.717308][ T31] ? __pfx_bus_for_each_drv+0x10/0x10 [ 356.724163][ T31] __device_attach+0x2b8/0x400 [ 356.729395][ T31] ? __pfx___device_attach+0x10/0x10 [ 356.735536][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 356.745519][ T31] bus_probe_device+0x185/0x260 [ 356.750475][ T31] device_add+0x7b6/0xb50 [ 356.756774][ T31] usb_new_device+0xa39/0x16c0 [ 356.768660][ T31] ? __pfx_usb_new_device+0x10/0x10 [ 356.777380][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 356.787091][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 356.795230][ T31] hub_event+0x2941/0x4a00 [ 356.799788][ T31] ? do_raw_spin_unlock+0x122/0x240 [ 356.810137][ T31] ? __pfx_hub_event+0x10/0x10 [ 356.819305][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 356.829762][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 356.836705][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 356.847525][ T31] ? process_scheduled_works+0x9ef/0x17b0 [ 356.854792][ T31] process_scheduled_works+0xae1/0x17b0 [ 356.860858][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 356.867193][ T31] worker_thread+0x8a0/0xda0 [ 356.896197][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 356.907068][ T31] ? __kthread_parkme+0x7b/0x200 [ 356.919956][ T31] kthread+0x70e/0x8a0 [ 356.927853][ T31] ? __pfx_worker_thread+0x10/0x10 [ 356.937586][ T31] ? __pfx_kthread+0x10/0x10 [ 356.948542][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 356.958816][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 356.970121][ T31] ? __pfx_kthread+0x10/0x10 [ 356.980704][ T31] ret_from_fork+0x3f9/0x770 [ 356.985429][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 356.990922][ T31] ? __switch_to_asm+0x39/0x70 [ 356.995806][ T31] ? __switch_to_asm+0x33/0x70 [ 357.000646][ T31] ? __pfx_kthread+0x10/0x10 [ 357.005363][ T31] ret_from_fork_asm+0x1a/0x30 [ 357.010174][ T31] [ 357.013701][ T31] [ 357.013701][ T31] Showing all locks held in the system: [ 357.035460][ T31] 5 locks held by kworker/0:1/10: [ 357.040572][ T31] #0: ffff888021ea9d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 357.066829][ T31] #1: ffffc900000f7bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 357.079118][ T31] #2: ffff888144739198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 357.088427][ T31] #3: ffff88802745e198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 357.097807][ T31] #4: ffff88803040f160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 357.107168][ T31] 2 locks held by kworker/u8:1/13: [ 357.112371][ T31] #0: ffff888146acc948 ((wq_completion)iou_exit){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 357.123872][ T31] #1: ffffc90000127bc0 ((work_completion)(&ctx->exit_work)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 357.136270][ T31] 1 lock held by khungtaskd/31: [ 357.141277][ T31] #0: ffffffff8e13eda0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 357.152721][ T31] 5 locks held by kworker/u8:4/60: [ 357.157905][ T31] 3 locks held by kworker/u8:8/3453: [ 357.163326][ T31] #0: ffff88801b2fe148 ((wq_completion)netns){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 357.174833][ T31] #1: ffffc9000cc37bc0 (net_cleanup_work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 357.185519][ T31] #2: ffffffff8e144780 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 357.195609][ T31] 2 locks held by getty/5592: [ 357.200323][ T31] #0: ffff88814d8680a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 357.210189][ T31] #1: ffffc90002fde2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 357.220474][ T31] 5 locks held by kworker/0:5/5898: [ 357.225741][ T31] #0: ffff888021ea9d48 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 357.237184][ T31] #1: ffffc900044ffbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 357.249369][ T31] #2: ffff8881443c9198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 357.265635][ T31] #3: ffff8881443cc510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21a3/0x4a00 [ 357.276531][ T31] #4: ffff888143b62a68 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21cb/0x4a00 [ 357.287615][ T31] 3 locks held by kworker/1:7/5933: [ 357.292964][ T31] #0: ffff88801a480d48 ((wq_completion)events){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 357.304345][ T31] #1: ffffc900047ffbc0 ((fqdir_free_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 357.315526][ T31] #2: ffffffff8e144780 (rcu_state.barrier_mutex){+.+.}-{4:4}, at: rcu_barrier+0x4c/0x570 [ 357.325579][ T31] 4 locks held by udevd/6088: [ 357.330309][ T31] #0: ffff888059ab52f0 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 [ 357.339252][ T31] #1: ffff88803441e888 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0 [ 357.348970][ T31] #2: ffff8880322c62d8 (kn->active#25){++++}-{0:0}, at: kernfs_seq_start+0x75/0x3c0 [ 357.359389][ T31] #3: ffff88802745e198 (&dev->mutex){....}-{4:4}, at: manufacturer_show+0x26/0xa0 [ 357.369991][ T31] [ 357.375138][ T31] ============================================= [ 357.375138][ T31] [ 357.390472][ T31] NMI backtrace for cpu 0 [ 357.390485][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 357.390501][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 357.390508][ T31] Call Trace: [ 357.390513][ T31] [ 357.390518][ T31] dump_stack_lvl+0x189/0x250 [ 357.390538][ T31] ? __wake_up_klogd+0xd9/0x110 [ 357.390552][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 357.390567][ T31] ? __pfx__printk+0x10/0x10 [ 357.390584][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 357.390599][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 357.390610][ T31] ? _printk+0xcf/0x120 [ 357.390624][ T31] ? __pfx__printk+0x10/0x10 [ 357.390636][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 357.390651][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 357.390665][ T31] watchdog+0xfee/0x1030 [ 357.390680][ T31] ? watchdog+0x1de/0x1030 [ 357.390696][ T31] kthread+0x70e/0x8a0 [ 357.390709][ T31] ? __pfx_watchdog+0x10/0x10 [ 357.390721][ T31] ? __pfx_kthread+0x10/0x10 [ 357.390733][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 357.390747][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 357.390765][ T31] ? __pfx_kthread+0x10/0x10 [ 357.390785][ T31] ret_from_fork+0x3f9/0x770 [ 357.390812][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 357.390838][ T31] ? __switch_to_asm+0x39/0x70 [ 357.390855][ T31] ? __switch_to_asm+0x33/0x70 [ 357.390864][ T31] ? __pfx_kthread+0x10/0x10 [ 357.390876][ T31] ret_from_fork_asm+0x1a/0x30 [ 357.390906][ T31] [ 357.544251][ T31] Sending NMI from CPU 0 to CPUs 1: [ 357.549505][ C1] NMI backtrace for cpu 1 [ 357.549521][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 357.549542][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 357.549552][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 357.549582][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 23 d6 21 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 357.549596][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 357.549611][ C1] RAX: 3c678dd9cc053300 RBX: ffffffff81975d58 RCX: 3c678dd9cc053300 [ 357.549625][ C1] RDX: 0000000000000001 RSI: ffffffff8d981f7e RDI: ffffffff8be28ac0 [ 357.549637][ C1] RBP: ffffc90000197f20 R08: ffff8880b8732f5b R09: 1ffff110170e65eb [ 357.549650][ C1] R10: dffffc0000000000 R11: ffffed10170e65ec R12: ffffffff8fa108f0 [ 357.549690][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff11003a58b40 [ 357.549702][ C1] FS: 0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000 [ 357.549716][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 357.549728][ C1] CR2: 0000000080202018 CR3: 00000000314ec000 CR4: 00000000003526f0 [ 357.549742][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 357.549752][ C1] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 357.549763][ C1] Call Trace: [ 357.549771][ C1] [ 357.549777][ C1] default_idle+0x13/0x20 [ 357.549795][ C1] default_idle_call+0x74/0xb0 [ 357.549813][ C1] do_idle+0x1e8/0x510 [ 357.549831][ C1] ? __pfx_do_idle+0x10/0x10 [ 357.549845][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 357.549875][ C1] cpu_startup_entry+0x44/0x60 [ 357.549891][ C1] start_secondary+0x101/0x110 [ 357.549912][ C1] common_startup_64+0x13e/0x147 [ 357.549937][ C1] [ 357.747267][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 357.754179][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.16.0-rc2-syzkaller-00318-g739a6c93cc75 #0 PREEMPT(full) [ 357.766000][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 357.776060][ T31] Call Trace: [ 357.779337][ T31] [ 357.782265][ T31] dump_stack_lvl+0x99/0x250 [ 357.786861][ T31] ? __asan_memcpy+0x40/0x70 [ 357.791455][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 357.796663][ T31] ? __pfx__printk+0x10/0x10 [ 357.801258][ T31] panic+0x2db/0x790 [ 357.805159][ T31] ? __pfx_panic+0x10/0x10 [ 357.809585][ T31] ? watchdog+0x101c/0x1030 [ 357.814096][ T31] watchdog+0x102d/0x1030 [ 357.818426][ T31] ? watchdog+0x1de/0x1030 [ 357.822848][ T31] kthread+0x70e/0x8a0 [ 357.826934][ T31] ? __pfx_watchdog+0x10/0x10 [ 357.831612][ T31] ? __pfx_kthread+0x10/0x10 [ 357.836214][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 357.841423][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 357.846622][ T31] ? __pfx_kthread+0x10/0x10 [ 357.851225][ T31] ret_from_fork+0x3f9/0x770 [ 357.855817][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 357.861024][ T31] ? __switch_to_asm+0x39/0x70 [ 357.865784][ T31] ? __switch_to_asm+0x33/0x70 [ 357.870552][ T31] ? __pfx_kthread+0x10/0x10 [ 357.875154][ T31] ret_from_fork_asm+0x1a/0x30 [ 357.879925][ T31] [ 357.883202][ T31] Kernel Offset: disabled [ 357.887526][ T31] Rebooting in 86400 seconds..