last executing test programs: 2.16364948s ago: executing program 0 (id=1181): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="5800000000014f0000000000000000000200000004001880240001801400018008000100e000000108000200e00000010c00028005000100000000001c000f"], 0x58}}, 0x0) 2.053036119s ago: executing program 2 (id=1182): openat$qrtrtun(0xffffffffffffff9c, &(0x7f0000000100), 0x0) r0 = syz_io_uring_setup(0x5b6, &(0x7f0000000480)={0x0, 0xa96c, 0x400, 0x0, 0x11c}, &(0x7f00000000c0)=0x0, &(0x7f0000000140)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_READ=@pass_buffer={0x16, 0x0, 0x4000, @fd_index=0x3, 0x5, 0x0, 0x0, 0x4}) io_uring_enter(r0, 0x47ba, 0x0, 0x0, 0x0, 0x0) 2.022132006s ago: executing program 4 (id=1183): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$TCSETS(r0, 0x40045431, &(0x7f0000000dc0)={0x0, 0x0, 0x0, 0x0, 0x0, "0062ba7d82000000000000000000f7ffffff00"}) r1 = syz_open_pts(r0, 0x0) r2 = dup(r1) ioctl$TIOCSETD(r2, 0x5423, &(0x7f00000000c0)=0x3) dup3(r0, r2, 0x0) r3 = dup3(r1, r0, 0x0) ioctl$TIOCSTI(r3, 0x5412, &(0x7f0000000000)=0x13) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000840), 0x1a01, 0x0) ioctl$EVIOCGPROP(r4, 0x40047438, &(0x7f0000000180)=""/246) pwritev(r4, &(0x7f0000000080)=[{&(0x7f00000010c0)="aabf", 0x2}, {&(0x7f0000000400)="3d9c", 0x2}, {&(0x7f00000004c0)="40aa", 0x2}], 0x3, 0x0, 0x0) 1.933364271s ago: executing program 0 (id=1184): syz_emit_ethernet(0x4e, &(0x7f0000001180)={@local, @multicast, @void, {@ipv6={0x86dd, @dccp_packet={0x2, 0x6, "391f72", 0x18, 0x21, 0x1, @private0={0xfc, 0x0, '\x00', 0x1}, @local, {[@srh={0x5c, 0x0, 0x4, 0x0, 0x3, 0x40, 0x1000}], {{0x4e24, 0x4e20, 0x4, 0x1, 0x8, 0x0, 0x0, 0x0, 0x2, "e55182", 0x2, "4ef4d3"}}}}}}}, 0x0) 1.86106734s ago: executing program 4 (id=1185): keyctl$clear(0x3, 0xfffffffffffffffc) request_key(&(0x7f00000001c0)='id_legacy\x00', &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000580)=']-\x00\xad\xbdTeD\xd0\xbf:B\\5+x^\\\xa7\xb0^\r(\xef\xe9x\n\xd6\xe4\xebI\"k\x92\xb6\xc8\xc1{\xdb\')I\xb8\xb0;+G\xe8\xc4\xa7a\x9c\x85\xc50\xc1\x16\a<=\xddD\x14\x99\x8c\xfa\xfd\x1cv\xb0\x00\xf1\xfe\xd9<\xafbYM\xee\xd6\x85\"\xab_;\xd5(\xfb\xe3\x95\xa6!y1\xd0}oyD\xd3)\x89\x9aoO\xb5\x8b\xbc\\\x9f\x93\x9dp\xc6\x1b\xd6\x14:\xe5\x86\xadX\x86\x93\x86\x84\x90\x1d\x0f\x00d\xef\xa5\xa4\x80H\xcd~\xc1\x1b\x81Z\x83\xc1A\xe9\xb9\xb5\xaa\x06W\xed_', 0x0) 1.860827435s ago: executing program 0 (id=1186): mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f0000000e40)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd120000000000008500000006000000b70000000000000095000000000000003faf4f1e7f2aa3d9b18ed81c0c869b51ec6c0af4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f13905ea23c22624c9f87f9793f50bb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64f751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07a72c234664c0af9360a1f7a5e6b607130c89f18c0c1089d8b853289e01aa27ae8b09e00e79ab20b0b8e1148f49faf2ad0000000000000006fa03c6468972089b302d7bf6023cdcedb5e0125ebbc08dee510cb2364149215108333719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad2300000080006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f4ab87b1bfeda7be586602d985430cea0162ab3fcf4591c926abfb0767192302000000b0eea24492a660583eecb42cbcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c95c25a573dc2ed0300000000000000af99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80aff9fa740b5b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142ba11de6c5d50b83bae613402216b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0eb97fca585ec6bf58351d564beb6d952aab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a326eea31ae4e0f7505ebf6c9d13330ca005ace1a84521f14008c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57000000009700cf0b4b8bc2294133000000000000000000030000000000000000000000000010008bc0d9559711e6e8861c46495ba585a4b2d02edc3e28dd271c896249ed85b980680b00002b435ac15fc0288d9b2a169cdcacc413038dafb7a2c8cb482bac0ac502d9ba96ffffff7f0000100000006da21b40216e14ba2d6ad5656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff729433282830689da6b53b263339863297771429d120000003341bf4abacac95900fca0493cf29b33dcc9ffffffffffffffd39fec2271ff01589646efd1cf870cd7bb2366fde41f94290c2a5ff870ce41fd3467decb05cfd9fcb32c8ed1dbd9d10a64c1083d5e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78100788f11f76161d46ea3ab60fa4d30dc94ef241875f3b4ce0232fcea69c271d7fa29822aea68a660e717a04becff0f719197724f4fce1093b62d7e8c7123d8ec571be54c72d978cf906df0042e36acd37d7f9e119f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2ae582786105c7df8be5877050c91301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c4d75cf2458e3546c1c776da64fb5abee0acfd235f2f4632c9062ece84c99a061887a20639b41c8c12ee86c50804042b3fb5aac518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad05573af40326993947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457acf37331766e472391e358c3b377327ac9ecc34f24c9ae153ec60ac0694dc55bff9f5f45f90400000000000000d6b2c5ea1393fdf24285bf16b99c9cc0ad1857216f1a985f369191ae954febb3df464bfe0f7f3ee9afe7befb89d2777399f5874c553aeb3729cffe86e66964ae09bb6d163118e4cbe024fd4500f8ff0700000000cc9d8046c216c1f895778cb25122a2a9f9b444aeadea2a40da8daccf080842a486721737390cbf3a74cb2003016f1514216bdf57d2a40d40b51ab63e96ec8485b3b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde8a168c3f5db2fea6f26e4a4304e50c349f4f9ecee27defc93871c5f99b355b72d538ba4978ea8e4aa37014191e10096e7e60fc3541a2c905a1a95e9571bf38ae1981c4238ecaee6f75cd0a6881bd1517a8250ddc8674152f94e3a409e2a3bce109b60000000000000000d6d5210d7503000000a87a27602b81f76386f1535bef1497f92186086e29c6bc5a1fad6ec9a31137abf9a404abde7750898b1bd627e873f8703be8672d70d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e6c257a45319f18101288d139bd3da20fed05a8fe64680b0a3fc22dd70400000000946912d6c98cd1a9fbe1e7d58c08acaf30235b918a31d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69993e9960ff5f76015e6009556237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff854352cb4900000000000000000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66418d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a53f1c96e0d4b3bc19faa5449209b083dbd334b47f067bbab40743b2a42010082008df75cf43f8ecc8d3726602111b40e761fd21081920382f14d12ca3c3431ee97471c7868dcda7eaa69eb7f7f80572fdd11bb1d0d1280fbc22bf73468788df51710d7d31c632fc5ed1762eb0b428ee751c47d8e894f745a868404a0bf35f0121008b722b1eaa6aedfa1bf2e7ccb2d61d5d7226bbd9ccd628ab84875f2c50ba891cea592b0430a537a395dc73bda367bf12cb7d81691a5fe8c47be395656a297e9df0e71f96756ea5cce7daac4be290159f6bcd75f0dda9de5532e71ae9e48b0ed0254a83100000000f6fbb869604d51a36a54c832e45b2569dc0d90b075225fde44c4e0973171ad47d6b0fdf9743af932cd6db49a47613808bad959710300000000000000832d0a45fa4242e24c7e800003c9e8095e02985f28e678f66422436f949e2ab8f162d7e3f855e378f4a1f40b0c6fb2d4b205a800b6d713acebc5b014e61a543a5a194f9ac18d76b5440e3b1a569e7397f6cafa86966d7ba19e720413267a6ccea9c439671d2c680f2753ca184eeeb843450368acb4383a01d25eb3d1e23e0f2645d1cdfa9fa410632f95a5f622f851c66ee7e30393cd7a4d67ff2a49c4f93c0984b5c2d4523497e4d64f95f08493564a1df87111c9bf3194fef97dcecc467ace45feeb685c5870d05f88a0f463db88d377442e1349acaf766218b54a9d624778e1c4e064c98e494198276eb2df7766411bef0ebb5000000000006065d635b0b7a00ee767221d8af9753387e0cd8d718f54a29df6eba3bd4c440e6e2172e3fcc01b8babb757b5c59217b80d0db3ba582814a604e4ef7a803e9ca7c85b35c9b93a9e0885e238b44ae1c2e64cce3b27083b8246829e64056000302bffff15405bd5f2eba20000000000000000000000000000000000009a9823fd8fbc5aa165099c5ed032b48ea12d8e0588dc52702e4084913a06d468d0928bad76d697e1f85ab030e788d38788ee5b5428d4a971cc97db9fd231088e570735ce129e7e77fc2777692664a1488fd8d6dff4dad618fd54f529d4555c6507009ee69dd1bc55258789b24052137e9637f3efbab71720f88cf573fe0e5239c000be2733c49546f6e8a9175ec6f14dbf72cac91643b2fd99c29eca28a3c2e60d5e5b8795fae16a7c3ea57e728eca35eaf0155a39f97580e079175426c088a0208040982a0000000000000000000000000051ceaaf0159fe61f2eade7603d0a7a56fb09cd119ac06adb6597155ae47846892bb423c024d8cbe9240b71ec6dc2124d3a19e2d714b273d95d1d3aa737cb04a33615ff2a730e51067d5d675d7122361c37c61a43b5afd865b60d4cae891b73220f17d25985a7f76834995e53a93a1c7b9eef267df691ca983a0b15bda7f6c5c1ca7aa50261a3089a1ebf0734c9b07e8951ff023263ad5aed8cfb49b49e128c697724c057d22c5df5aef27ce3db11d5ad5527d149d076e1a87e2df27c0cb8a67ad026bf953e88f10447e125c2c0f1aebee1f3390a9e3ddad4e2a6e0f6e4569fdefa19e870e04acf9493b963f98e23cfc665e4f465fa3f801e1957c399e45f61d3459b1c606204368bb931345af2823c487d2fd99db6ea6e008e7ffa06ca861551189d155bd077a79fe2c7e961352e56824f727d21d41eae78bfec4a2d7a7edbc8ef958c5ea599f7c25bf71c2340558aa12fdd24a88aaad5921aee7dae6a2f3009d9cb43ab4898d0f0aa565431b6abe585d75db04d1c9ba0b9de4ae8b0d3132bc6810cc9a693979f55174a72e1df9fdef35bc470f9e6e591982757f45c52c645d891bf63bb21fb66926ebe1a8525611fc3e8bb8795c36dc2a86b5ab46ff33cc74f61751b2dae92676db85c8d0c721b7ea4544bf51c95c86fcac1f434d09d1ee4928aafe23de66fed972e0dddfb33f64e48701b049239e7f552d816441d11c4c2647c014462344359198d97c4b6e9ed31ca18987b64de079b2bed641e8a92f13ca70844c65cb423d01950b0ebf44bd28e09c05d9ae5dd689fb880fb18d042219f5ac60c3a03b085abf3e8e3efc842a8d328733461f04c99607061c65ed14c61322a5ac2d371a95b8ad867857ed13a4fa4ae033a09673866cd77f4bcdaaa05207166b19a8758d8855400d8c6a7242dc207251e8797eca24ea4f487663e60f2f5e1f1424958fd148f846830e88a42d9a0e06da200481cde8bf475bc3e1fe9c0b4a4a268921738938aa9f3cb3811ac87c54c8ebc8bcfb4613cc3a997ff1579edbd4ade8020e3ad001b072b1a751b588ac4639f35a58e00a50c0270608c7a7f10132b1c25b9ea81232fbef665f6212f875b2a00"/3576], &(0x7f0000000380)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, &(0x7f0000000000), 0x8, 0x10, &(0x7f0000000000), 0x10, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x2e) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={&(0x7f0000000540)='rcu_utilization\x00', r0}, 0x10) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={{0x14}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x3, 0x0, 0x0, {0x7}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}, @NFT_MSG_NEWSET={0x1c, 0x9, 0xa, 0x401, 0x0, 0x0, {0x7}, [@NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0x3}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x64}}, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) sendmmsg(r1, 0x0, 0x0, 0x0) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, 0x0, 0x0) sendmsg$NFT_BATCH(r2, &(0x7f0000000500)={0x0, 0x0, &(0x7f0000000000)={0x0, 0x62}, 0x1, 0x0, 0x0, 0x40010}, 0x0) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100)='./cgroup/syz1\x00', 0x200002, 0x0) r4 = openat$cgroup_type(r3, &(0x7f0000000300), 0x2, 0x0) write$cgroup_type(r4, &(0x7f0000000280), 0x9) r5 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r5, &(0x7f0000000040)={0x1f, 0xffff, 0x3}, 0x6) write(r5, &(0x7f0000000000)="0a000200010078", 0x7) r6 = openat$cgroup_procs(r3, &(0x7f00000002c0)='cgroup.threads\x00', 0x2, 0x0) write$cgroup_pid(r6, &(0x7f0000000c40), 0x12) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x7, &(0x7f0000000000)='cgroup\x00'}, 0x30) r7 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r8 = openat$cgroup_subtree(r7, &(0x7f0000000200), 0x2, 0x0) write$cgroup_subtree(r8, &(0x7f0000000080)={[{0x2b, 'cpu'}]}, 0x5) 1.802538998s ago: executing program 3 (id=1187): syz_emit_ethernet(0x7a, 0x0, 0x0) 1.768084579s ago: executing program 4 (id=1188): openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x143901, 0x0) syz_emit_vhci(&(0x7f0000001fc0)=@HCI_EVENT_PKT={0x4, @hci_ev_encrypt_change={{0x8, 0x4}, {0x6, 0xc9, 0x6}}}, 0x7) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) msgget$private(0x0, 0x400) 1.719398739s ago: executing program 2 (id=1189): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000040), 0x1c1341, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = socket(0x10, 0x803, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0x9}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x4, 0xc00}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000006040)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000340)=@newtfilter={0x70, 0x2c, 0xd27, 0xfffffffc, 0x0, {0x0, 0x0, 0x0, r3, {0xc, 0x4}, {}, {0x5, 0xfff3}}, [@filter_kind_options=@f_flow={{0x9}, {0x40, 0x2, [@TCA_FLOW_EMATCHES={0x3c, 0xb, 0x0, 0x1, [@TCA_EMATCH_TREE_HDR={0x8, 0x1, {0xfffb}}, @TCA_EMATCH_TREE_LIST={0x30, 0x2, 0x0, 0x1, [@TCF_EM_IPT={0x2c, 0x1, 0x0, 0x0, {{0x7, 0x9, 0xe1b2}, [@TCA_EM_IPT_HOOK={0x8, 0x1, 0x2}, @TCA_EM_IPT_MATCH_DATA={0x4}, @TCA_EM_IPT_MATCH_NAME={0xb}, @TCA_EM_IPT_NFPROTO={0x5, 0x4, 0xa}]}}]}]}]}}]}, 0x70}}, 0x20008050) 1.568477762s ago: executing program 3 (id=1191): futex(&(0x7f0000000000)=0x2, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x2) 1.492528111s ago: executing program 0 (id=1192): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000500)=@newlink={0x34, 0x10, 0x801, 0xfffffffd, 0x8000000, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20421}, [@IFLA_GROUP={0x8}, @IFLA_AF_SPEC={0xc, 0x1a, 0x0, 0x1, [@AF_INET={0x8, 0x2, 0x0, 0x1, {0x4}}]}]}, 0x34}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) 1.417416712s ago: executing program 1 (id=1193): r0 = syz_init_net_socket$netrom(0x6, 0x5, 0x0) connect$netrom(r0, &(0x7f0000000380)={{0x6, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x0}, 0xa}, [@rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @default, @netrom={0xbb, 0xbb, 0xbb, 0xbb, 0xbb, 0x0, 0x0}, @null, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @rose={0xbb, 0xbb, 0xbb, 0x1, 0x0}, @remote={0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0xcc, 0x1}]}, 0x48) 1.333033304s ago: executing program 3 (id=1194): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) recvmmsg(r0, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x101}, {{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f0000000240)=[{0x0}, {0x0}, {&(0x7f00000007c0)=""/227, 0xe3}], 0x3}, 0x7ffffffc}], 0x4, 0x4022, 0x0) 1.304985025s ago: executing program 1 (id=1195): write(0xffffffffffffffff, &(0x7f0000000080)="08008edf77", 0x5) r0 = socket(0x1e, 0x1, 0x0) connect$tipc(r0, &(0x7f0000000000)=@name={0x1e, 0x2, 0x0, {{0x1, 0x1}}}, 0x10) write$binfmt_misc(r0, &(0x7f0000000080), 0x2000011a) 1.262495049s ago: executing program 2 (id=1196): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_CLOCK(r1, 0x4030ae7b, &(0x7f0000000140)={0x1000, 0xe, 0x4, 0xfffffffffffffff6, 0x5}) 1.044938855s ago: executing program 1 (id=1197): socket$nl_sock_diag(0x10, 0x3, 0x4) syz_open_procfs(0x0, &(0x7f0000000580)='attr/keycreate\x00') r0 = socket$packet(0x11, 0x3, 0x300) socketpair(0x1, 0x100000005, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) getpeername$packet(r1, &(0x7f0000000000)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, &(0x7f0000000040)=0x14) sendmmsg(r0, &(0x7f0000000440)=[{{&(0x7f0000000700)=@xdp={0x2c, 0xdd86, r2}, 0x80, &(0x7f00000004c0)=[{&(0x7f0000000080)='O', 0x1}], 0x1, 0x0, 0x0, 0x2f00}}], 0x1, 0x0) 905.911614ms ago: executing program 1 (id=1198): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_EXP_DELETE(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x51}, 0x4008000) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000480)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_DEL_PMKSA(r3, &(0x7f0000000580)={0x0, 0x0, &(0x7f0000000540)={&(0x7f00000004c0)={0x44, r2, 0x1, 0x70bd2d, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_FILS_CACHE_ID={0x6, 0xfd, 0xad}, @NL80211_ATTR_MAC={0xa}, @NL80211_ATTR_PMKID={0x14, 0x55, "46fd37e5ec9141a514bc763248fefb52"}]}, 0x44}, 0x1, 0x0, 0x0, 0x24000005}, 0x20040000) 647.861138ms ago: executing program 2 (id=1199): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000340)={0x18, 0x3, &(0x7f0000000d00)=ANY=[], &(0x7f0000000000)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f00000001c0)='task_newtask\x00', r0}, 0x18) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r2 = bpf$ITER_CREATE(0xb, &(0x7f0000000100)={r1}, 0x8) r3 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=@base={0x13, 0x10, 0x8, 0x0, 0x0, 0x1, 0x3, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x50) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000a80)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r4, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055090100000000009500000000000000bf91000000000000b7020000000000008500000005000000b70000000000000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$BPF_PROG_ATTACH(0x8, &(0x7f0000000240)={@cgroup=r3, r5, 0x1, 0x0, 0xffffffffffffffff, @void, @value=r2}, 0x20) 549.037932ms ago: executing program 4 (id=1200): mkdirat(0xffffffffffffff9c, &(0x7f0000000100)='./file0\x00', 0x0) mount$tmpfs(0x0, &(0x7f0000000080)='./file0/../file0\x00', &(0x7f00000000c0), 0x0, 0x0) lsetxattr$trusted_overlay_origin(&(0x7f00000001c0)='./file0\x00', &(0x7f0000000280), 0x0, 0x0, 0x0) mount$overlay(0x0, &(0x7f0000000180)='./file0/../file0\x00', &(0x7f0000000040), 0x0, &(0x7f0000000000)={[{@lowerdir={'lowerdir', 0x3d, './file0'}, 0x3a}], [], 0x2f}) 413.904016ms ago: executing program 4 (id=1201): syz_emit_ethernet(0x7a, &(0x7f0000000000)=ANY=[], 0x0) 393.557409ms ago: executing program 2 (id=1202): bpf$MAP_CREATE(0x0, 0x0, 0x48) r0 = bpf$PROG_LOAD(0x5, &(0x7f00000003c0)={0x11, 0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={0x0, r0}, 0x18) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f00000002c0)=ANY=[@ANYBLOB="180000001800ff0f00000000001b0000850000006d0000008500000023000000"], &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) r2 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r2, 0x6, 0x0, 0x0, 0x0) r3 = fsmount(r2, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f0000000200)={r1, r3, 0x1, 0x0, @void}, 0x10) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r4, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r4, 0x3) syz_emit_ethernet(0x3a, &(0x7f0000000380)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x6, 0x4, 0x0, 0x0, 0x2c, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local, {[@ra={0x94, 0x4, 0x1}]}}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x2, 0x0, 0x0, 0x1}}}}}}, 0x0) syz_emit_ethernet(0x38, &(0x7f0000000580)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x2a, 0x0, 0x0, 0x0, 0x6, 0x0, @rand_addr=0x64010101, @local}, {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x4}, {"c516"}}}}}}, 0x0) 277.059786ms ago: executing program 3 (id=1203): r0 = inotify_init1(0x80800) readv(r0, &(0x7f00000011c0)=[{&(0x7f0000000000)=""/190, 0xbe}], 0x1) 269.990765ms ago: executing program 0 (id=1204): futex(&(0x7f0000000000)=0x2, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x2) 269.403438ms ago: executing program 1 (id=1205): r0 = io_uring_setup(0x736c, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x6}) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 120.877271ms ago: executing program 3 (id=1206): r0 = shmget$private(0x0, 0x7ffe7000, 0x0, &(0x7f0000003000/0x1000)=nil) shmctl$SHM_STAT_ANY(r0, 0xf, 0x0) 119.955902ms ago: executing program 2 (id=1207): r0 = io_uring_setup(0x1612, &(0x7f0000000200)={0x0, 0x0, 0x3040}) r1 = socket$netlink(0x10, 0x3, 0xc) mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x6) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000013c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) r3 = socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) r5 = socket$netlink(0x10, 0x3, 0x4) writev(r5, &(0x7f0000000300)=[{&(0x7f0000000000)="580000001400192340834b80040d8c560aff820fffff5bab003a0000002058000b4824ca945f6400940f6a0325010ebc000000000000008000f0fffeffe809005300fff5dd00000010000100040c100000000000224e0000", 0x58}], 0x1) syz_genetlink_get_family_id$tipc2(&(0x7f000000b500), r5) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, 0x0) r6 = syz_genetlink_get_family_id$devlink(&(0x7f0000000100), r1) sendmsg$DEVLINK_CMD_SB_OCC_MAX_CLEAR(r1, &(0x7f0000001380)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x1}, 0xc, &(0x7f0000000180)={&(0x7f0000001280)={0xd4, r6, 0x100, 0x70bd2b, 0x25dfdbff, {}, [{@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x9}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x7e}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x3c1}}, {@nsim={{0xe}, {0xf, 0x2, {'netdevsim', 0x0}}}, {0x8, 0xb, 0x95f}}, {@pci={{0x8}, {0x11}}, {0x8, 0xb, 0x6}}]}, 0xd4}, 0x1, 0x0, 0x0, 0x40000}, 0xc081) sendmsg$nl_route(r3, 0x0, 0x0) syz_open_dev$I2C(&(0x7f0000000040), 0x0, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r7, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000400)={0x28, 0x0, 0x1, 0x401, 0x0, 0x0, {0xa}, [@CTA_TUPLE_ORIG={0x4}, @CTA_TIMEOUT={0x8}, @CTA_ZONE={0x6, 0x12, 0x1, 0x0, 0x1}]}, 0x28}}, 0x0) io_uring_register$IORING_REGISTER_BUFFERS2(r0, 0xf, &(0x7f0000001580)={0x2, 0x0, 0x0, &(0x7f00000014c0)=[{&(0x7f0000000040)=""/168, 0xa8}, {&(0x7f0000000280)=""/4086, 0xff6}], &(0x7f0000001540)=[0x2]}, 0x20) io_uring_register$IORING_REGISTER_BUFFERS_UPDATE(r0, 0x10, &(0x7f0000001b00)={0x0, 0x0, &(0x7f0000001a80)=[{0x0}], 0x0, 0x1}, 0x20) socket$alg(0x26, 0x5, 0x0) socket$qrtr(0x2a, 0x2, 0x0) write$dsp(0xffffffffffffffff, 0x0, 0x0) ioctl$SNDCTL_DSP_SYNC(0xffffffffffffffff, 0x5001, 0x0) ioctl$SNDCTL_DSP_GETODELAY(0xffffffffffffffff, 0x80045017, &(0x7f0000000140)) socket$nl_xfrm(0x10, 0x3, 0x6) 100.126258ms ago: executing program 4 (id=1208): memfd_secret(0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, 0x0) sendto(0xffffffffffffffff, &(0x7f0000000740)="120000001200e7ef007b00000000000000a1", 0x12, 0x0, 0x0, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000037c0)=[{{&(0x7f00000004c0)=@ethernet={0x0, @random}, 0x80, &(0x7f0000000380)=[{&(0x7f0000000140)=""/100, 0x64}, {&(0x7f0000000fc0)=""/4096, 0x1000}, {&(0x7f0000000400)=""/106, 0x6a}, {&(0x7f0000000980)=""/70, 0x46}, {&(0x7f0000000200)=""/77, 0x4d}, {&(0x7f00000001c0)=""/17, 0x11}], 0x6, &(0x7f0000000600)=""/191, 0xbf}}], 0x1, 0x0, &(0x7f0000003700)={0x77359400}) sched_setaffinity(0x0, 0xfffffdca, &(0x7f0000000200)=0x400000bce) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYBLOB="2800000070000100000000000000000007000000", @ANYRES32, @ANYBLOB="10000180040004800800010072"], 0x28}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = fsopen(&(0x7f0000000280)='ceph\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r1, 0x1, &(0x7f0000000b40)='source', &(0x7f0000000040)='c:::\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$PIO_UNIMAPCLR(r2, 0x4b68, 0x0) ioctl$PIO_UNIMAP(r2, 0x4b67, &(0x7f0000000200)={0x1, &(0x7f00000003c0)=[{0x80, 0x5}]}) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) 24.857311ms ago: executing program 3 (id=1209): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000f5dfe4)={0xa, 0x4e20}, 0x1c) ioctl$F2FS_IOC_RESERVE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f513, &(0x7f0000000240)) syz_emit_ethernet(0xbe, &(0x7f0000000000)={@local, @link_local, @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0xb0, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x9c, 0x0, @wg=@initiation={0x1, 0x0, "7b4b143b7461fd777b1c012bd14efb9f49fcdb8f080c26a04883ad5c8c82b8af", "584cbf2649a50f2dbc43efa8698dfa871c51852e4451b57d037ad3c045942824251d7d17b5191584cdd4fbe40a27424d", "bcfd56f1373669caaa2f19935e6996c7096ffe4f3a4745a8f762b964", {"9a3bfbc1f39cb307b3472eb9cdb042d2", "643fcbb2c5a57df67d544af6e8dafe09"}}}}}}}, 0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) ioctl$sock_SIOCGIFINDEX_80211(0xffffffffffffffff, 0x8933, &(0x7f0000000040)={'wlan1\x00'}) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) recvmmsg(0xffffffffffffffff, &(0x7f00000057c0)=[{{0x0, 0x0, 0x0}, 0x3}, {{0x0, 0x0, &(0x7f0000002cc0)=[{0x0}, {&(0x7f00000017c0)=""/130, 0x94}], 0x2}, 0xa1}], 0x2, 0x0, 0x0) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) r1 = accept$inet(0xffffffffffffffff, &(0x7f00000000c0)={0x2, 0x0, @initdev}, &(0x7f0000000100)=0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_1\x00'}) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x10000, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) ioctl$KVM_X86_SETUP_MCE(r4, 0x4008ae9c, &(0x7f0000000000)={0x4, 0x5, 0xd}) r5 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r5, 0xaf01, 0x0) r6 = eventfd(0xc) ioctl$VHOST_SET_LOG_FD(r5, 0x4004af07, &(0x7f0000000240)=r6) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="f461c5bbd75c3583", 0x8, 0x0, &(0x7f0000000100)={0x2, 0x0, @empty}, 0x10) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xc, &(0x7f0000000600)=0x1b, 0x4) recvmmsg(0xffffffffffffffff, &(0x7f000000e280)=[{{0x0, 0x0, 0x0}, 0x8001}], 0x1, 0x2, 0x0) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000500)=""/67, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r5, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, 0x0, &(0x7f00000005c0)=""/91, &(0x7f0000000640)=""/74}) ioctl$VHOST_SET_VRING_ERR(r5, 0x4008af22, &(0x7f00000002c0)={0x1, r6}) 24.637512ms ago: executing program 0 (id=1210): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'rmd160-generic\x00'}, 0x58) r1 = accept4(r0, 0x0, 0x0, 0x0) recvmmsg$unix(r1, &(0x7f0000003700)=[{{0x0, 0x700, 0x0, 0x0, 0x0, 0x5f0}}], 0x600, 0x0, 0x0) 0s ago: executing program 1 (id=1211): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000380)={0x18, 0x5, &(0x7f0000000100)=ANY=[@ANYBLOB="180000000900000000000000213f0000c50000000e800000850000000e00000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r1 = bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='mmap_lock_acquire_returned\x00', r0}, 0x10) bpf$PROG_LOAD(0x5, 0x0, 0x0) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000980)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(0xffffffffffffffff, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$sock_bt_hci(0xffffffffffffffff, 0x400448c9, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000001a40)=""/102392, 0x18ff8) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x200000a, 0x5d031, 0xffffffffffffffff, 0x0) userfaultfd(0x801) setsockopt$inet_sctp6_SCTP_I_WANT_MAPPED_V4_ADDR(0xffffffffffffffff, 0x84, 0xc, &(0x7f0000000500)=0x9, 0x4) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) r3 = socket(0x21, 0x2, 0x10000000000002) connect$rxrpc(r3, &(0x7f0000000140)=@in4={0x21, 0x1, 0x2, 0x10, {0x2, 0x4e21, @multicast2}}, 0x24) sendmmsg(r3, 0x0, 0x0, 0x0) recvmmsg(r3, 0x0, 0x0, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000180)='GPL\x00', 0xfff, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x22, r1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x5a) r4 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCETHTOOL(r4, 0x8946, &(0x7f00000002c0)={'veth0_to_bond\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x2300, 0x0, 0x0, 0x0, 0x1, 0x2}}) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000280)={&(0x7f00000002c0)=@newlink={0x40, 0x10, 0x1, 0x70bd2b, 0x25dfdbf4, {0x0, 0x0, 0x0, 0x0, 0x0, 0x20008}, [@IFLA_IFNAME={0x14, 0x3, 'dummy0\x00'}, @IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x40}}, 0x0) sigaltstack(&(0x7f0000001040)={&(0x7f0000001080)=""/4125, 0x80000000, 0x101d}, 0x0) r6 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000280)=ANY=[@ANYBLOB="1801000021000000000000003b810000850000006d000000850000005000000095"], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000280)={&(0x7f0000000980)='percpu_alloc_percpu\x00', r6}, 0x10) bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000140)=@base={0xa, 0x16, 0xb3, 0x7f, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) kernel console output (not intermixed with test programs): usb_gadget_register_driver returned -16 [ 252.782781][ T5877] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.812566][ T5877] usb 5-1: Product: syz [ 252.816798][ T5877] usb 5-1: Manufacturer: syz [ 252.903555][ T5877] usb 5-1: SerialNumber: syz [ 252.933882][ T5877] usb 5-1: config 0 descriptor?? [ 252.941081][ T10] usb 2-1: USB disconnect, device number 12 [ 253.438260][ T5877] gspca_main: gspca_sn9c20x-2.14.0 probing a168:0617 [ 253.673835][ T5877] gspca_sn9c20x: Write register 1000 failed -71 [ 253.697900][ T5877] gspca_sn9c20x: Device initialization failed [ 253.705087][ T5877] gspca_sn9c20x 5-1:0.181: probe with driver gspca_sn9c20x failed with error -71 [ 253.778073][ T5877] usb 5-1: USB disconnect, device number 9 [ 254.469858][ T7462] program syz.3.414 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 254.665869][ T7468] netlink: 'syz.0.418': attribute type 11 has an invalid length. [ 254.685395][ T7470] binder: BINDER_SET_CONTEXT_MGR already set [ 254.704070][ T7470] binder: 7466:7470 ioctl 40046207 0 returned -16 [ 254.721731][ T7468] netlink: 224 bytes leftover after parsing attributes in process `syz.0.418'. [ 254.892157][ T10] libceph: connect (1)[c::]:6789 error -101 [ 254.908659][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 254.935196][ T7481] netlink: 'syz.1.421': attribute type 11 has an invalid length. [ 254.943485][ T7481] netlink: 224 bytes leftover after parsing attributes in process `syz.1.421'. [ 254.944662][ T5906] libceph: connect (1)[c::]:6789 error -101 [ 254.989418][ T5877] libceph: connect (1)[c::]:6789 error -101 [ 255.036332][ T5906] libceph: mon0 (1)[c::]:6789 connect error [ 255.101620][ T5877] libceph: mon0 (1)[c::]:6789 connect error [ 255.168625][ T10] libceph: connect (1)[c::]:6789 error -101 [ 255.451435][ T7468] ceph: No mds server is up or the cluster is laggy [ 255.509036][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 255.509053][ T7489] Unknown options in mask 5 [ 255.717889][ T5877] libceph: connect (1)[c::]:6789 error -101 [ 255.724055][ T5877] libceph: mon0 (1)[c::]:6789 connect error [ 255.765417][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.789023][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.899289][ T7481] ceph: No mds server is up or the cluster is laggy [ 256.156032][ T7476] ceph: No mds server is up or the cluster is laggy [ 256.157411][ T10] libceph: connect (1)[c::]:6789 error -101 [ 256.193769][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 256.268142][ T5877] libceph: connect (1)[c::]:6789 error -101 [ 256.311092][ T5877] libceph: mon0 (1)[c::]:6789 connect error [ 257.816284][ T7517] netlink: 8 bytes leftover after parsing attributes in process `syz.0.429'. [ 259.109278][ T7533] netlink: 56 bytes leftover after parsing attributes in process `syz.4.430'. [ 259.147310][ T7533] netlink: 56 bytes leftover after parsing attributes in process `syz.4.430'. [ 259.214970][ T7534] Unknown options in mask 5 [ 259.643227][ T7528] netlink: 'syz.4.430': attribute type 9 has an invalid length. [ 259.706839][ T7539] netlink: 'syz.1.435': attribute type 11 has an invalid length. [ 259.756379][ T7539] netlink: 224 bytes leftover after parsing attributes in process `syz.1.435'. [ 260.096400][ T7539] ceph: No mds server is up or the cluster is laggy [ 260.097534][ T5875] libceph: connect (1)[c::]:6789 error -101 [ 260.178295][ T5875] libceph: mon0 (1)[c::]:6789 connect error [ 261.476632][ T7569] netlink: 8 bytes leftover after parsing attributes in process `syz.4.441'. [ 261.856849][ T5877] libceph: connect (1)[c::]:6789 error -101 [ 261.864110][ T5877] libceph: mon0 (1)[c::]:6789 connect error [ 261.995185][ T7556] ceph: No mds server is up or the cluster is laggy [ 262.147712][ T5877] libceph: connect (1)[c::]:6789 error -101 [ 262.228180][ T7576] netlink: 8 bytes leftover after parsing attributes in process `syz.2.443'. [ 262.580088][ T5877] libceph: mon0 (1)[c::]:6789 connect error [ 264.635609][ T7591] Unknown options in mask 5 [ 264.994569][ T7595] fuse: Bad value for 'user_id' [ 265.001455][ T7595] fuse: Bad value for 'user_id' [ 265.634389][ T7597] loop6: detected capacity change from 0 to 524287999 [ 266.184890][ T7604] netlink: 8 bytes leftover after parsing attributes in process `syz.1.450'. [ 267.563864][ T7619] netlink: 8 bytes leftover after parsing attributes in process `syz.2.454'. [ 268.438891][ T7623] netlink: 32 bytes leftover after parsing attributes in process `syz.3.455'. [ 268.521878][ T1207] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 268.570021][ T5875] libceph: connect (1)[c::]:6789 error -101 [ 268.576148][ T5875] libceph: mon0 (1)[c::]:6789 connect error [ 269.027179][ T5875] libceph: connect (1)[c::]:6789 error -101 [ 269.252395][ T7634] ceph: No mds server is up or the cluster is laggy [ 269.277183][ T5875] libceph: mon0 (1)[c::]:6789 connect error [ 269.818026][ T10] libceph: connect (1)[c::]:6789 error -101 [ 269.846146][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 270.365538][ T7649] Unknown options in mask 5 [ 270.536851][ T5823] Bluetooth: hci1: command 0x0406 tx timeout [ 270.770765][ T7623] Bluetooth: hci1: Opcode 0x080f failed: -110 [ 271.674446][ T7675] netlink: 12 bytes leftover after parsing attributes in process `syz.4.464'. [ 272.214424][ T7681] netlink: 8 bytes leftover after parsing attributes in process `syz.3.467'. [ 272.677762][ T7684] netlink: 'syz.2.468': attribute type 1 has an invalid length. [ 272.821074][ T7684] 8021q: adding VLAN 0 to HW filter on device bond1 [ 274.074665][ T7698] /dev/nullb0: Can't open blockdev [ 275.399460][ T7718] netlink: 148 bytes leftover after parsing attributes in process `syz.4.474'. [ 275.432054][ T7718] net_ratelimit: 164 callbacks suppressed [ 275.432076][ T7718] A link change request failed with some changes committed already. Interface ip6_vti0 may have been left with an inconsistent configuration, please check. [ 277.849451][ T7744] netlink: 8 bytes leftover after parsing attributes in process `syz.1.481'. [ 278.223737][ T7749] tmpfs: Bad value for 'mpol' [ 280.537274][ T1207] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 280.902364][ T7761] x_tables: duplicate underflow at hook 1 [ 281.237306][ T1207] usb 4-1: device descriptor read/64, error -71 [ 281.487348][ T1207] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 283.717723][ T7787] tmpfs: Bad value for 'mpol' [ 284.012131][ T7795] Illegal XDP return value 4294967274 on prog (id 111) dev syz_tun, expect packet loss! [ 284.122516][ T7797] usb usb1: usbfs: process 7797 (syz.4.493) did not claim interface 0 before use [ 284.730859][ T7793] netlink: 8 bytes leftover after parsing attributes in process `syz.2.496'. [ 285.017600][ T5823] Bluetooth: hci4: command 0x0405 tx timeout [ 287.917926][ T7833] fuse: Bad value for 'user_id' [ 287.924858][ T7833] fuse: Bad value for 'user_id' [ 287.973586][ T7824] netdevsim netdevsim0 netdevsim1: Unsupported IPsec algorithm [ 288.527238][ T5876] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 288.709860][ T5876] usb 3-1: Using ep0 maxpacket: 32 [ 288.720803][ T7847] netlink: 8 bytes leftover after parsing attributes in process `syz.0.508'. [ 288.809040][ T5876] usb 3-1: config 0 has an invalid interface number: 9 but max is 0 [ 289.078913][ T5876] usb 3-1: config 0 has no interface number 0 [ 289.145865][ T5876] usb 3-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 289.165615][ T5876] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 289.181229][ T5876] usb 3-1: Product: syz [ 289.185624][ T5876] usb 3-1: Manufacturer: syz [ 289.206024][ T5876] usb 3-1: SerialNumber: syz [ 289.247621][ T5876] usb 3-1: config 0 descriptor?? [ 289.258157][ T5876] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 289.402341][ T7851] tmpfs: Bad value for 'mpol' [ 289.630043][ T7854] netlink: 277 bytes leftover after parsing attributes in process `syz.0.510'. [ 289.642001][ T7854] fuse: Unknown parameter 'd' [ 290.459369][ T7864] netlink: 'syz.1.512': attribute type 4 has an invalid length. [ 290.513242][ T7864] netlink: 'syz.1.512': attribute type 4 has an invalid length. [ 290.557224][ T5877] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 290.817460][ T5877] usb 4-1: Using ep0 maxpacket: 16 [ 291.324869][ T5876] gspca_topro: reg_w err -110 [ 291.387817][ T5876] gspca_topro: Sensor soi763a [ 292.044468][ T5877] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 292.057420][ T5876] usb 3-1: USB disconnect, device number 3 [ 292.094720][ T5877] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 292.155684][ T5877] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 0 [ 292.194414][ T5877] usb 4-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 22 [ 292.358797][ T5877] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 292.369200][ T5877] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 292.397554][ T5877] usb 4-1: SerialNumber: syz [ 292.435186][ T5877] cdc_acm 4-1:1.0: probe with driver cdc_acm failed with error -12 [ 292.515671][ T7874] fuse: Bad value for 'user_id' [ 292.535308][ T7874] fuse: Bad value for 'user_id' [ 292.629561][ T7860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 292.669400][ T7860] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 292.704370][ T7876] netlink: 4 bytes leftover after parsing attributes in process `syz.4.517'. [ 292.723431][ T5877] usb 4-1: USB disconnect, device number 8 [ 293.616339][ T7889] netlink: 8 bytes leftover after parsing attributes in process `syz.1.520'. [ 294.336039][ T7895] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.521'. [ 294.617244][ T7894] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.521'. [ 294.998042][ T7905] tmpfs: Bad value for 'mpol' [ 295.267460][ T7911] program syz.3.526 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 296.986282][ T7912] netlink: 12 bytes leftover after parsing attributes in process `syz.0.525'. [ 297.099972][ T7917] fuse: Bad value for 'user_id' [ 297.157317][ T7917] fuse: Bad value for 'user_id' [ 297.467803][ T7927] program syz.1.530 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 298.323629][ T7932] tmpfs: Bad value for 'mpol' [ 298.467650][ T7931] netlink: 8 bytes leftover after parsing attributes in process `syz.3.534'. [ 298.767408][ T7944] tmpfs: Bad value for 'mpol' [ 300.157114][ T7949] netlink: 4 bytes leftover after parsing attributes in process `syz.1.536'. [ 301.392457][ T7955] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 301.421438][ T7955] netlink: 24 bytes leftover after parsing attributes in process `syz.3.539'. [ 303.071853][ T7964] netlink: 'syz.3.541': attribute type 11 has an invalid length. [ 303.188234][ T7964] netlink: 224 bytes leftover after parsing attributes in process `syz.3.541'. [ 303.884586][ T7972] fuse: Bad value for 'user_id' [ 303.889875][ T7972] fuse: Bad value for 'user_id' [ 303.922296][ T7977] program syz.0.543 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 304.343180][ T5839] udevd[5839]: inotify_add_watch(7, /dev/nbd64, 10) failed: No such file or directory [ 304.367302][ T7981] CIFS: No dialect specified on mount. Default has changed to a more secure dialect, SMB2.1 or later (e.g. SMB3.1.1), from CIFS (SMB1). To use the less secure SMB1 dialect to access old servers which do not support SMB3.1.1 (or even SMB3 or SMB2.1) specify vers=1.0 on mount. [ 304.511053][ T7981] CIFS mount error: No usable UNC path provided in device string! [ 304.511053][ T7981] [ 304.639465][ T7981] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 304.686595][ T7982] capability: warning: `syz.1.545' uses deprecated v2 capabilities in a way that may be insecure [ 305.150181][ T10] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 305.374177][ T7981] debugfs: Directory 'ptm0' with parent 'caif_serial' already present! [ 305.406785][ T7996] netlink: 8 bytes leftover after parsing attributes in process `syz.4.549'. [ 305.517509][ T10] usb 4-1: device descriptor read/64, error -71 [ 305.790698][ T10] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 305.967385][ T10] usb 4-1: device descriptor read/64, error -71 [ 306.052805][ T8019] netlink: 4 bytes leftover after parsing attributes in process `syz.0.553'. [ 306.716319][ T8025] fuse: Bad value for 'user_id' [ 306.728867][ T8025] fuse: Bad value for 'user_id' [ 306.797987][ T10] usb usb4-port1: attempt power cycle [ 307.164463][ T10] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 307.201263][ T10] usb 4-1: device descriptor read/8, error -71 [ 307.481907][ T10] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 307.517880][ T10] usb 4-1: device descriptor read/8, error -71 [ 307.637253][ T10] usb usb4-port1: unable to enumerate USB device [ 307.882270][ T8046] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 307.956408][ T8047] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 307.973152][ T30] audit: type=1400 audit(1747997249.621:106): lsm=SMACK fn=smack_file_ioctl action=denied subject="y" object="_" requested=w pid=8043 comm="syz.3.561" path="/proc/351/task/352/net/ptype" dev="proc" ino=4026533246 [ 308.354715][ T30] audit: type=1400 audit(1747997249.701:107): lsm=SMACK fn=smack_inode_permission action=denied subject="y" object="_" requested=wx pid=8043 comm="syz.3.561" name="105" dev="tmpfs" ino=574 [ 309.006981][ T8054] sg_write: process 416 (syz.2.564) changed security contexts after opening file descriptor, this is not allowed. [ 309.382779][ T8060] netlink: 212 bytes leftover after parsing attributes in process `syz.3.565'. [ 309.438014][ T8060] netlink: 8 bytes leftover after parsing attributes in process `syz.3.565'. [ 309.773914][ T8061] netlink: 16 bytes leftover after parsing attributes in process `syz.0.566'. [ 309.804242][ T8061] netlink: 8 bytes leftover after parsing attributes in process `syz.0.566'. [ 311.337197][ T10] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 311.532547][ T10] usb 4-1: device descriptor read/64, error -71 [ 311.621712][ T8091] netlink: 4 bytes leftover after parsing attributes in process `syz.4.568'. [ 312.297488][ T5875] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 312.313443][ T10] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 312.737141][ T10] usb 4-1: device descriptor read/64, error -71 [ 312.769406][ T5875] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 312.786839][ T5875] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 312.796630][ T5875] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 312.806638][ T5875] usb 2-1: Manufacturer: syz [ 312.837815][ T5875] usb 2-1: config 0 descriptor?? [ 312.841532][ T8100] netlink: 8 bytes leftover after parsing attributes in process `syz.4.575'. [ 312.854746][ T8100] netlink: 200 bytes leftover after parsing attributes in process `syz.4.575'. [ 312.868358][ T10] usb usb4-port1: attempt power cycle [ 313.372877][ T8107] netlink: 8 bytes leftover after parsing attributes in process `syz.1.572'. [ 313.662070][ T10] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 313.713530][ T10] usb 4-1: device descriptor read/8, error -71 [ 314.028800][ T8113] netlink: 36 bytes leftover after parsing attributes in process `syz.4.576'. [ 314.043229][ T8111] bridge1: entered promiscuous mode [ 314.077298][ T10] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 314.100949][ T8111] netlink: 56 bytes leftover after parsing attributes in process `syz.0.577'. [ 314.167765][ T8120] netlink: 16 bytes leftover after parsing attributes in process `syz.3.579'. [ 314.179895][ T8120] netlink: 8 bytes leftover after parsing attributes in process `syz.3.579'. [ 314.307284][ T10] usb 4-1: device not accepting address 16, error -71 [ 314.330679][ T10] usb usb4-port1: unable to enumerate USB device [ 314.585108][ T8135] NILFS (nbd4): device size too small [ 314.827496][ T8128] nbd4: detected capacity change from 0 to 4294967296 [ 314.964683][ T8139] netlink: 4 bytes leftover after parsing attributes in process `syz.0.585'. [ 315.551955][ T8128] block nbd4: shutting down sockets [ 315.587036][ C0] blk_print_req_error: 141 callbacks suppressed [ 315.587059][ C0] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.602559][ C0] buffer_io_error: 138 callbacks suppressed [ 315.602578][ C0] Buffer I/O error on dev nbd4, logical block 0, async page read [ 315.616468][ C0] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.625619][ C0] Buffer I/O error on dev nbd4, logical block 1, async page read [ 315.633547][ C0] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.642698][ C0] Buffer I/O error on dev nbd4, logical block 2, async page read [ 315.650594][ C0] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.659726][ C0] Buffer I/O error on dev nbd4, logical block 3, async page read [ 315.676083][ T5839] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.687256][ T5839] Buffer I/O error on dev nbd4, logical block 0, async page read [ 315.695220][ T5839] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.778030][ T5839] Buffer I/O error on dev nbd4, logical block 1, async page read [ 315.797241][ T5839] I/O error, dev nbd4, sector 4 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 315.875795][ T8145] program syz.3.587 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 316.289241][ T5839] Buffer I/O error on dev nbd4, logical block 2, async page read [ 316.327390][ T5839] I/O error, dev nbd4, sector 6 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 316.385641][ T5839] Buffer I/O error on dev nbd4, logical block 3, async page read [ 316.394941][ T1207] usb 2-1: USB disconnect, device number 13 [ 316.419490][ T5839] I/O error, dev nbd4, sector 0 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 316.444702][ T5839] Buffer I/O error on dev nbd4, logical block 0, async page read [ 316.655674][ T5839] I/O error, dev nbd4, sector 2 op 0x0:(READ) flags 0x0 phys_seg 1 prio class 0 [ 316.655726][ T5839] Buffer I/O error on dev nbd4, logical block 1, async page read [ 316.658889][ T5839] ldm_validate_partition_table(): Disk read failed. [ 316.660934][ T5839] Dev nbd4: unable to read RDB block 0 [ 316.663138][ T5839] nbd4: unable to read partition table [ 316.683377][ T5839] ldm_validate_partition_table(): Disk read failed. [ 316.685486][ T5839] Dev nbd4: unable to read RDB block 0 [ 317.061356][ T5839] nbd4: unable to read partition table [ 317.182214][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.188685][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.448628][ T8162] netlink: 16 bytes leftover after parsing attributes in process `syz.2.594'. [ 317.477255][ T8162] netlink: 8 bytes leftover after parsing attributes in process `syz.2.594'. [ 319.482251][ T8203] tmpfs: Bad value for 'mpol' [ 320.105311][ T8208] netlink: 8 bytes leftover after parsing attributes in process `syz.2.609'. [ 320.163553][ T8208] netlink: 8 bytes leftover after parsing attributes in process `syz.2.609'. [ 320.387621][ T10] usb 2-1: new full-speed USB device number 14 using dummy_hcd [ 320.562092][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 320.612481][ T10] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 320.643360][ T10] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 320.672962][ T10] usb 2-1: Manufacturer: syz [ 320.725816][ T10] usb 2-1: config 0 descriptor?? [ 320.733603][ T8220] input: syz1 as /devices/virtual/input/input8 [ 321.379374][ T8233] netlink: 8 bytes leftover after parsing attributes in process `syz.1.608'. [ 323.268115][ T5876] usb 2-1: USB disconnect, device number 14 [ 323.280699][ T8237] wireguard0: entered promiscuous mode [ 324.737490][ T8252] netlink: 8 bytes leftover after parsing attributes in process `syz.0.622'. [ 324.746343][ T8252] netlink: 8 bytes leftover after parsing attributes in process `syz.0.622'. [ 325.274511][ T5833] Bluetooth: hci4: command 0x0405 tx timeout [ 326.149065][ T8268] syz.2.627 uses obsolete (PF_INET,SOCK_PACKET) [ 326.198628][ T8262] sp0: Synchronizing with TNC [ 326.417244][ T5876] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 326.768730][ T5876] usb 2-1: Using ep0 maxpacket: 32 [ 327.059961][ T5876] usb 2-1: config 0 has an invalid interface number: 9 but max is 0 [ 327.059993][ T5876] usb 2-1: config 0 has no interface number 0 [ 327.069097][ T5876] usb 2-1: New USB device found, idVendor=06a2, idProduct=0003, bcdDevice=b4.8c [ 327.069120][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 327.069134][ T5876] usb 2-1: Product: syz [ 327.069145][ T5876] usb 2-1: Manufacturer: syz [ 327.069156][ T5876] usb 2-1: SerialNumber: syz [ 327.071298][ T5876] usb 2-1: config 0 descriptor?? [ 327.073985][ T5876] gspca_main: gspca_topro-2.14.0 probing 06a2:0003 [ 327.102842][ T8287] netlink: 140 bytes leftover after parsing attributes in process `syz.2.635'. [ 327.424960][ T8290] FAULT_INJECTION: forcing a failure. [ 327.424960][ T8290] name failslab, interval 1, probability 0, space 0, times 0 [ 327.425141][ T8290] CPU: 0 UID: 0 PID: 8290 Comm: syz.2.635 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 327.425166][ T8290] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 327.425189][ T8290] Call Trace: [ 327.425197][ T8290] [ 327.425209][ T8290] dump_stack_lvl+0x189/0x250 [ 327.425246][ T8290] ? __pfx_dump_stack_lvl+0x10/0x10 [ 327.425274][ T8290] ? __pfx__printk+0x10/0x10 [ 327.425312][ T8290] ? __pfx___might_resched+0x10/0x10 [ 327.425342][ T8290] ? fs_reclaim_acquire+0x7d/0x100 [ 327.425370][ T8290] should_fail_ex+0x414/0x560 [ 327.425397][ T8290] should_failslab+0xa8/0x100 [ 327.425418][ T8290] kmem_cache_alloc_noprof+0x73/0x3c0 [ 327.425448][ T8290] ? vm_area_dup+0x28/0x540 [ 327.425482][ T8290] vm_area_dup+0x28/0x540 [ 327.425508][ T8290] ? __split_vma+0x18c/0x9b0 [ 327.425539][ T8290] __split_vma+0x1a0/0x9b0 [ 327.425579][ T8290] ? __pfx___split_vma+0x10/0x10 [ 327.425627][ T8290] vma_modify+0x23e/0x460 [ 327.425657][ T8290] vma_modify_flags+0x1e8/0x230 [ 327.425688][ T8290] ? __pfx_vma_modify_flags+0x10/0x10 [ 327.425730][ T8290] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 327.425756][ T8290] ? may_expand_vm+0x1af/0x2f0 [ 327.425780][ T8290] mprotect_fixup+0x400/0x9b0 [ 327.425815][ T8290] ? __pfx_mprotect_fixup+0x10/0x10 [ 327.425850][ T8290] do_mprotect_pkey+0x8cd/0xce0 [ 327.425891][ T8290] ? __pfx_do_mprotect_pkey+0x10/0x10 [ 327.425939][ T8290] ? irqentry_exit+0x74/0x90 [ 327.425985][ T8290] __x64_sys_mprotect+0x80/0x90 [ 327.426011][ T8290] do_syscall_64+0xf6/0x210 [ 327.426038][ T8290] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 327.426057][ T8290] ? clear_bhb_loop+0x60/0xb0 [ 327.426082][ T8290] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 327.426101][ T8290] RIP: 0033:0x7ff9a018e969 [ 327.426119][ T8290] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 327.426135][ T8290] RSP: 002b:00007ff9a0fb9038 EFLAGS: 00000246 ORIG_RAX: 000000000000000a [ 327.426157][ T8290] RAX: ffffffffffffffda RBX: 00007ff9a03b6160 RCX: 00007ff9a018e969 [ 327.426171][ T8290] RDX: 0000000000000006 RSI: 0000000000001000 RDI: 00002000001a7000 [ 327.426184][ T8290] RBP: 00007ff9a0fb9090 R08: 0000000000000000 R09: 0000000000000000 [ 327.426196][ T8290] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 327.426208][ T8290] R13: 0000000000000000 R14: 00007ff9a03b6160 R15: 00007ffcbafca2a8 [ 327.426240][ T8290] [ 327.800799][ T5876] gspca_topro: reg_w err -110 [ 327.827120][ T5876] gspca_topro: Sensor soi763a [ 328.213167][ T8291] netlink: 8 bytes leftover after parsing attributes in process `syz.0.634'. [ 328.213467][ T8291] openvswitch: netlink: Flow key attr not present in new flow. [ 328.870416][ T8299] 9pnet_fd: Insufficient options for proto=fd [ 328.996018][ T8296] sctp: [Deprecated]: syz.2.637 (pid 8296) Use of int in maxseg socket option. [ 328.996018][ T8296] Use struct sctp_assoc_value instead [ 329.517209][ T10] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 329.667110][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 329.675035][ T10] usb 3-1: config 21 has an invalid descriptor of length 229, skipping remainder of the config [ 329.675109][ T10] usb 3-1: config 21 has 0 interfaces, different from the descriptor's value: 2 [ 329.688695][ T10] usb 3-1: New USB device found, idVendor=0c10, idProduct=0000, bcdDevice=95.a7 [ 329.688772][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.688838][ T10] usb 3-1: Product: syz [ 329.688898][ T10] usb 3-1: Manufacturer: syz [ 329.688957][ T10] usb 3-1: SerialNumber: syz [ 330.223445][ T5906] usb 2-1: USB disconnect, device number 15 [ 330.386481][ T8310] netlink: 8 bytes leftover after parsing attributes in process `syz.1.639'. [ 330.627199][ T8310] netlink: 8 bytes leftover after parsing attributes in process `syz.1.639'. [ 331.250549][ T8325] openvswitch: netlink: Flow actions attr not present in new flow. [ 331.789976][ T10] usb 3-1: USB disconnect, device number 4 [ 332.309679][ T8334] Unknown options in mask 5 [ 332.750546][ T8336] netlink: 'syz.4.647': attribute type 7 has an invalid length. [ 332.827209][ T8336] netlink: 'syz.4.647': attribute type 8 has an invalid length. [ 333.477187][ T24] usb 5-1: new full-speed USB device number 10 using dummy_hcd [ 333.689776][ T24] usb 5-1: config 0 has an invalid interface number: 128 but max is 0 [ 333.877220][ T24] usb 5-1: config 0 has no interface number 0 [ 334.148289][ T24] usb 5-1: config 0 interface 128 has no altsetting 0 [ 334.474759][ T24] usb 5-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=95.91 [ 334.545862][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 334.624084][ T24] usb 5-1: Product: syz [ 334.633728][ T24] usb 5-1: Manufacturer: syz [ 334.644159][ T24] usb 5-1: SerialNumber: syz [ 334.674208][ T24] usb 5-1: config 0 descriptor?? [ 334.736719][ T24] radio-si470x 5-1:0.128: could not find interrupt in endpoint [ 334.775540][ T24] radio-si470x 5-1:0.128: probe with driver radio-si470x failed with error -5 [ 334.813947][ T24] usbhid 5-1:0.128: couldn't find an input interrupt endpoint [ 334.822184][ T8372] tmpfs: Bad value for 'mpol' [ 334.930920][ T24] usb 5-1: USB disconnect, device number 10 [ 335.377194][ T5906] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 335.986836][ T5906] usb 4-1: device descriptor read/64, error -71 [ 336.138780][ T8393] netlink: 4 bytes leftover after parsing attributes in process `syz.2.662'. [ 337.039162][ T8400] netlink: 8 bytes leftover after parsing attributes in process `syz.0.665'. [ 337.065677][ T8400] netlink: 200 bytes leftover after parsing attributes in process `syz.0.665'. [ 337.167356][ T5906] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 337.327260][ T5906] usb 4-1: device descriptor read/64, error -71 [ 337.617455][ T5906] usb usb4-port1: attempt power cycle [ 338.073372][ T5906] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 338.326671][ T5906] usb 4-1: device descriptor read/8, error -71 [ 339.579435][ T8437] program syz.1.675 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 341.407495][ T8447] tmpfs: Bad value for 'mpol' [ 342.206528][ T8410] delete_channel: no stack [ 342.424233][ T8459] tmpfs: Bad value for 'mpol' [ 342.527786][ T8465] netlink: 12 bytes leftover after parsing attributes in process `syz.4.685'. [ 342.769111][ T8469] Sensor B: ================= START STATUS ================= [ 342.776811][ T8469] Sensor B: Test Pattern: 75% Colorbar [ 342.789039][ T8469] Sensor B: Show Information: All [ 342.794203][ T8469] Sensor B: Vertical Flip: false [ 342.799478][ T8469] Sensor B: Horizontal Flip: false [ 342.804864][ T8469] Sensor B: Brightness: 128 [ 342.809826][ T8469] Sensor B: Contrast: 128 [ 342.814490][ T8469] Sensor B: Hue: 0 [ 342.818713][ T8469] Sensor B: Saturation: 128 [ 342.823461][ T8469] Sensor B: ================== END STATUS ================== [ 343.426625][ T8475] program syz.1.688 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 344.534140][ T8488] netlink: 32 bytes leftover after parsing attributes in process `syz.1.691'. [ 344.587180][ T8488] FAULT_INJECTION: forcing a failure. [ 344.587180][ T8488] name failslab, interval 1, probability 0, space 0, times 0 [ 344.600224][ T8488] CPU: 0 UID: 0 PID: 8488 Comm: syz.1.691 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 344.600270][ T8488] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 344.600292][ T8488] Call Trace: [ 344.600306][ T8488] [ 344.600322][ T8488] dump_stack_lvl+0x189/0x250 [ 344.600380][ T8488] ? __pfx_dump_stack_lvl+0x10/0x10 [ 344.600427][ T8488] ? __pfx__printk+0x10/0x10 [ 344.600504][ T8488] should_fail_ex+0x414/0x560 [ 344.600531][ T8488] should_failslab+0xa8/0x100 [ 344.600553][ T8488] __kmalloc_cache_noprof+0x70/0x3d0 [ 344.600584][ T8488] ? nfulnl_recv_config+0xb62/0x1290 [ 344.600611][ T8488] nfulnl_recv_config+0xb62/0x1290 [ 344.600644][ T8488] nfnetlink_rcv_msg+0xb4d/0x1130 [ 344.600674][ T8488] ? __kernel_text_address+0xd/0x40 [ 344.600699][ T8488] ? nfnetlink_rcv_msg+0x20d/0x1130 [ 344.600749][ T8488] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 344.600833][ T8488] netlink_rcv_skb+0x21c/0x490 [ 344.600859][ T8488] ? __pfx_nfnetlink_rcv_msg+0x10/0x10 [ 344.600891][ T8488] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 344.600931][ T8488] ? safesetid_security_capable+0xa9/0x1a0 [ 344.600958][ T8488] ? bpf_lsm_capable+0x9/0x20 [ 344.600984][ T8488] ? security_capable+0x7e/0x2e0 [ 344.601021][ T8488] nfnetlink_rcv+0x273/0x2530 [ 344.601052][ T8488] ? __dev_queue_xmit+0x27e/0x3a70 [ 344.601083][ T8488] ? __dev_queue_xmit+0x27e/0x3a70 [ 344.601110][ T8488] ? __dev_queue_xmit+0x27e/0x3a70 [ 344.601141][ T8488] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 344.601182][ T8488] ? __dev_queue_xmit+0x27e/0x3a70 [ 344.601212][ T8488] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.601236][ T8488] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 344.601272][ T8488] ? __pfx___dev_queue_xmit+0x10/0x10 [ 344.601318][ T8488] ? ref_tracker_free+0x63a/0x7d0 [ 344.601338][ T8488] ? __copy_skb_header+0xa7/0x550 [ 344.601370][ T8488] ? __pfx_ref_tracker_free+0x10/0x10 [ 344.601392][ T8488] ? __skb_clone+0x63/0x7a0 [ 344.601425][ T8488] ? __skb_clone+0x483/0x7a0 [ 344.601462][ T8488] ? skb_clone+0x246/0x3a0 [ 344.601502][ T8488] ? __netlink_deliver_tap+0x807/0x850 [ 344.601526][ T8488] ? netlink_deliver_tap+0x2e/0x1b0 [ 344.601557][ T8488] ? netlink_deliver_tap+0x2e/0x1b0 [ 344.601580][ T8488] ? netlink_deliver_tap+0x2e/0x1b0 [ 344.601609][ T8488] netlink_unicast+0x758/0x8d0 [ 344.601644][ T8488] netlink_sendmsg+0x805/0xb30 [ 344.601666][ T8488] ? is_bpf_text_address+0x26/0x2b0 [ 344.601704][ T8488] ? __pfx_netlink_sendmsg+0x10/0x10 [ 344.601738][ T8488] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 344.601760][ T8488] ? __pfx_netlink_sendmsg+0x10/0x10 [ 344.601785][ T8488] __sock_sendmsg+0x219/0x270 [ 344.601810][ T8488] ____sys_sendmsg+0x505/0x830 [ 344.601845][ T8488] ? __pfx_____sys_sendmsg+0x10/0x10 [ 344.601884][ T8488] ? import_iovec+0x74/0xa0 [ 344.601917][ T8488] ___sys_sendmsg+0x21f/0x2a0 [ 344.601948][ T8488] ? __pfx____sys_sendmsg+0x10/0x10 [ 344.602017][ T8488] ? __fget_files+0x2a/0x420 [ 344.602035][ T8488] ? __fget_files+0x3a0/0x420 [ 344.602066][ T8488] __x64_sys_sendmsg+0x19b/0x260 [ 344.602097][ T8488] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 344.602145][ T8488] ? do_syscall_64+0xba/0x210 [ 344.602176][ T8488] do_syscall_64+0xf6/0x210 [ 344.602202][ T8488] ? clear_bhb_loop+0x60/0xb0 [ 344.602227][ T8488] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 344.602247][ T8488] RIP: 0033:0x7fe54098e969 [ 344.602265][ T8488] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 344.602284][ T8488] RSP: 002b:00007fe54189a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 344.602306][ T8488] RAX: ffffffffffffffda RBX: 00007fe540bb5fa0 RCX: 00007fe54098e969 [ 344.602321][ T8488] RDX: 0000000000044000 RSI: 0000200000000340 RDI: 0000000000000003 [ 344.602334][ T8488] RBP: 00007fe54189a090 R08: 0000000000000000 R09: 0000000000000000 [ 344.602346][ T8488] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 344.602358][ T8488] R13: 0000000000000000 R14: 00007fe540bb5fa0 R15: 00007fff3f4f0dd8 [ 344.602391][ T8488] [ 348.811399][ T8516] bond1: entered promiscuous mode [ 348.967114][ T5926] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 349.169479][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 349.216178][ T5926] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 350.087056][ T5926] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 350.096176][ T5926] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.112542][ T5926] usb 3-1: config 0 descriptor?? [ 350.285268][ T8530] netlink: 212 bytes leftover after parsing attributes in process `syz.3.706'. [ 350.855661][ T5926] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 350.936882][ T5926] cp2112 0003:10C4:EA90.0002: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 351.367515][ T8537] RDS: rds_bind could not find a transport for 2001::2, load rds_tcp or rds_rdma? [ 351.423433][ T5926] cp2112 0003:10C4:EA90.0002: Part Number: 0x82 Device Version: 0xFE [ 352.793080][ T5926] cp2112 0003:10C4:EA90.0002: error reading lock byte: -71 [ 354.001567][ T5926] usb 3-1: USB disconnect, device number 5 [ 354.367517][ T8558] bond2: entered promiscuous mode [ 354.402353][ T8554] A link change request failed with some changes committed already. Interface bridge_slave_0 may have been left with an inconsistent configuration, please check. [ 355.573146][ T8574] (unnamed net_device) (uninitialized): option arp_validate: mode dependency failed, not supported in mode balance-tlb(5) [ 356.131112][ T8581] netlink: 56 bytes leftover after parsing attributes in process `syz.0.721'. [ 356.225225][ T8581] batman_adv: Cannot find parent device. Skipping batadv-on-batadv check for ip6gretap1 [ 356.305695][ T8581] batman_adv: batadv0: Adding interface: ip6gretap1 [ 356.391598][ T8581] batman_adv: batadv0: The MTU of interface ip6gretap1 is too small (1434) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 356.507640][ T8581] batman_adv: batadv0: Interface activated: ip6gretap1 [ 357.743684][ T8604] ceph: No mds server is up or the cluster is laggy [ 358.867813][ T8627] netlink: 4 bytes leftover after parsing attributes in process `syz.0.732'. [ 360.262722][ T8624] bond1: entered promiscuous mode [ 360.379074][ T8640] sg_write: data in/out 209152/1 bytes for SCSI command 0xf2-- guessing data in; [ 360.379074][ T8640] program syz.0.737 not setting count and/or reply_len properly [ 360.396818][ T5877] usb 4-1: new full-speed USB device number 21 using dummy_hcd [ 360.569496][ T5877] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 360.582569][ T5877] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 360.592173][ T5877] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 360.612756][ T5877] usb 4-1: Manufacturer: syz [ 360.628534][ T5877] usb 4-1: config 0 descriptor?? [ 362.221531][ T8661] fuse: Bad value for 'group_id' [ 362.226557][ T8661] fuse: Bad value for 'group_id' [ 363.837556][ T5926] usb 4-1: USB disconnect, device number 21 [ 363.928691][ T8690] netlink: 212376 bytes leftover after parsing attributes in process `syz.0.753'. [ 363.962640][ T8690] netlink: get zone limit has 8 unknown bytes [ 364.927850][ T5877] libceph: connect (1)[c::]:6789 error -101 [ 364.944378][ T8699] ceph: No mds server is up or the cluster is laggy [ 364.960313][ T5877] libceph: mon0 (1)[c::]:6789 connect error [ 366.487360][ T5926] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 367.747473][ T5926] usb 3-1: device descriptor read/64, error -71 [ 368.037239][ T5926] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 368.197126][ T5926] usb 3-1: device descriptor read/64, error -71 [ 368.314730][ T5926] usb usb3-port1: attempt power cycle [ 368.336664][ T8740] netlink: 8 bytes leftover after parsing attributes in process `syz.0.766'. [ 368.357366][ T8740] netlink: 200 bytes leftover after parsing attributes in process `syz.0.766'. [ 368.432956][ T8745] netlink: 8 bytes leftover after parsing attributes in process `syz.4.765'. [ 368.442413][ T8745] netlink: 20 bytes leftover after parsing attributes in process `syz.4.765'. [ 369.170714][ T8750] CIFS mount error: No usable UNC path provided in device string! [ 369.170714][ T8750] [ 369.182190][ T8750] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 369.994579][ T8761] netlink: 8 bytes leftover after parsing attributes in process `syz.4.773'. [ 370.852197][ T5878] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 371.155765][ T8769] overlayfs: conflicting options: userxattr,redirect_dir=on [ 371.212241][ T5878] usb 5-1: Using ep0 maxpacket: 8 [ 371.241216][ T5878] usb 5-1: New USB device found, idVendor=04a5, idProduct=3003, bcdDevice=3a.b2 [ 371.259702][ T5878] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.264346][ T8770] netlink: 76 bytes leftover after parsing attributes in process `syz.3.775'. [ 371.285762][ T5878] usb 5-1: Product: syz [ 371.293890][ T5878] usb 5-1: Manufacturer: syz [ 371.305259][ T5878] usb 5-1: SerialNumber: syz [ 371.321936][ T5878] usb 5-1: config 0 descriptor?? [ 372.673991][ T8788] netlink: 12 bytes leftover after parsing attributes in process `syz.2.777'. [ 373.501040][ T5878] gspca_main: sunplus-2.14.0 probing 04a5:3003 [ 373.508384][ T5878] gspca_sunplus: reg_w_riv err -71 [ 373.513666][ T5878] sunplus 5-1:0.0: probe with driver sunplus failed with error -71 [ 373.579776][ T8794] netlink: 8 bytes leftover after parsing attributes in process `syz.1.780'. [ 373.588980][ T8794] netlink: 20 bytes leftover after parsing attributes in process `syz.1.780'. [ 374.311304][ T5878] usb 5-1: USB disconnect, device number 11 [ 374.322190][ T8796] CIFS mount error: No usable UNC path provided in device string! [ 374.322190][ T8796] [ 374.352288][ T30] audit: type=1326 audit(1747997316.051:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8797 comm="syz.1.785" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fe54098e969 code=0x0 [ 374.384739][ T8796] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 374.452919][ T8807] netlink: 8 bytes leftover after parsing attributes in process `syz.0.782'. [ 374.610555][ T8807] netlink: 200 bytes leftover after parsing attributes in process `syz.0.782'. [ 374.652648][ T5952] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 375.486731][ T24] libceph: connect (1)[c::]:6789 error -101 [ 375.539544][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 375.630831][ T5952] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 375.805258][ T5952] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 375.855463][ T8819] program syz.4.787 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 375.891891][ T24] libceph: connect (1)[c::]:6789 error -101 [ 376.178286][ T24] libceph: mon0 (1)[c::]:6789 connect error [ 376.182159][ T5952] usb 2-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 376.225158][ T5952] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 376.679206][ T5952] usb 2-1: SerialNumber: syz [ 376.707551][ T5877] libceph: connect (1)[c::]:6789 error -101 [ 376.716674][ T5877] libceph: mon0 (1)[c::]:6789 connect error [ 376.728179][ T8801] ceph: No mds server is up or the cluster is laggy [ 377.247473][ T24] usb 4-1: new full-speed USB device number 22 using dummy_hcd [ 377.337633][ T5877] usb 5-1: new full-speed USB device number 12 using dummy_hcd [ 377.387787][ T8836] FAULT_INJECTION: forcing a failure. [ 377.387787][ T8836] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 377.404969][ T8836] CPU: 1 UID: 0 PID: 8836 Comm: syz.2.794 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 377.405000][ T8836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 377.405017][ T8836] Call Trace: [ 377.405025][ T8836] [ 377.405040][ T8836] dump_stack_lvl+0x189/0x250 [ 377.405069][ T8836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 377.405089][ T8836] ? __pfx__printk+0x10/0x10 [ 377.405134][ T8836] should_fail_ex+0x414/0x560 [ 377.405162][ T8836] _copy_to_user+0x31/0xb0 [ 377.405193][ T8836] simple_read_from_buffer+0xe1/0x170 [ 377.405222][ T8836] proc_fail_nth_read+0x1df/0x250 [ 377.405240][ T8836] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 377.405261][ T8836] ? rw_verify_area+0x258/0x650 [ 377.405289][ T8836] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 377.405312][ T8836] vfs_read+0x200/0x980 [ 377.405352][ T8836] ? __pfx___mutex_lock+0x10/0x10 [ 377.405372][ T8836] ? __pfx_vfs_read+0x10/0x10 [ 377.405393][ T8836] ? __fget_files+0x2a/0x420 [ 377.405410][ T8836] ? __fget_files+0x3a0/0x420 [ 377.405433][ T8836] ? __fget_files+0x2a/0x420 [ 377.405463][ T8836] ksys_read+0x145/0x250 [ 377.405488][ T8836] ? rcu_is_watching+0x15/0xb0 [ 377.405517][ T8836] ? __pfx_ksys_read+0x10/0x10 [ 377.405540][ T8836] ? do_syscall_64+0xba/0x210 [ 377.405563][ T8836] do_syscall_64+0xf6/0x210 [ 377.405592][ T8836] ? clear_bhb_loop+0x60/0xb0 [ 377.405618][ T8836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 377.405636][ T8836] RIP: 0033:0x7ff9a018d37c [ 377.405654][ T8836] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 377.405671][ T8836] RSP: 002b:00007ff9a0ffb030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 377.405687][ T8836] RAX: ffffffffffffffda RBX: 00007ff9a03b5fa0 RCX: 00007ff9a018d37c [ 377.405698][ T8836] RDX: 000000000000000f RSI: 00007ff9a0ffb0a0 RDI: 0000000000000003 [ 377.405707][ T8836] RBP: 00007ff9a0ffb090 R08: 0000000000000000 R09: 0000000000000000 [ 377.405716][ T8836] R10: 0000000000000008 R11: 0000000000000246 R12: 0000000000000001 [ 377.405728][ T8836] R13: 0000000000000000 R14: 00007ff9a03b5fa0 R15: 00007ffcbafca2a8 [ 377.405763][ T8836] [ 377.643973][ T24] usb 4-1: config index 0 descriptor too short (expected 31, got 27) [ 377.652452][ T24] usb 4-1: config 1 interface 0 has no altsetting 0 [ 377.668636][ T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 377.678062][ T24] usb 4-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 377.686286][ T24] usb 4-1: Product: syz [ 377.690669][ T24] usb 4-1: Manufacturer: syz [ 377.695312][ T24] usb 4-1: SerialNumber: syz [ 377.726247][ T5877] usb 5-1: unable to get BOS descriptor or descriptor too short [ 377.783730][ T5877] usb 5-1: not running at top speed; connect to a high speed hub [ 377.793503][ T5877] usb 5-1: config 7 has an invalid interface number: 67 but max is 0 [ 377.802326][ T5877] usb 5-1: config 7 has no interface number 0 [ 377.813674][ T5877] usb 5-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16 [ 377.823211][ T5877] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.831434][ T5877] usb 5-1: Product: syz [ 377.835641][ T5877] usb 5-1: Manufacturer: ⟈䐕巚爛磚╵楾﹮樴躏ﬣ᱅ꝟ⥏㯈Ꚛ귝䥊髊燖䜎뭊ፙ讌鷡⍜驘檎▋ᴚ‏ꇅ痆⧯ꌿ싟䓇핲㷟揸䠦쮰﨤껳ⰷ굈᭨饂蕻㯪齏틃明灸텯頷໪藻᪲ꆪŊ黼䴙ႜؐ喒䴝㡌ӹ㿱̊ [ 377.861773][ T5877] usb 5-1: SerialNumber: syz [ 378.084681][ T5952] usb 2-1: 0:2 : does not exist [ 378.136429][ T5952] usb 2-1: unit 5: unexpected type 0x09 [ 378.228897][ T24] usblp 4-1:1.0: usblp0: USB Unidirectional printer dev 22 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 378.242312][ T5952] usb 2-1: USB disconnect, device number 16 [ 378.315193][ T10] libceph: connect (1)[c::]:6789 error -101 [ 378.328202][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 378.329753][ T8853] CIFS mount error: No usable UNC path provided in device string! [ 378.329753][ T8853] [ 378.344684][ T8853] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 378.345802][ T8844] ceph: No mds server is up or the cluster is laggy [ 378.430663][ T24] usb 4-1: USB disconnect, device number 22 [ 378.474108][ T5839] udevd[5839]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 378.534156][ T24] usblp0: removed [ 378.621300][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.668013][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.789706][ T8874] dns_resolver: Unsupported server list version (0) [ 380.367918][ T5877] usb 5-1: USB disconnect, device number 12 [ 380.389752][ T8884] netlink: 8 bytes leftover after parsing attributes in process `syz.2.805'. [ 380.439428][ T8884] netlink: 200 bytes leftover after parsing attributes in process `syz.2.805'. [ 381.272422][ T8903] netlink: 4 bytes leftover after parsing attributes in process `syz.3.810'. [ 382.048473][ T10] libceph: connect (1)[c::]:6789 error -101 [ 382.056729][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 382.073190][ T8904] CIFS mount error: No usable UNC path provided in device string! [ 382.073190][ T8904] [ 382.107188][ T8899] ceph: No mds server is up or the cluster is laggy [ 382.229388][ T8904] CIFS: VFS: CIFS mount error: No usable UNC path provided in device string! [ 382.527149][ T10] libceph: connect (1)[c::]:6789 error -101 [ 382.531000][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 383.711023][ T8928] netlink: 5128 bytes leftover after parsing attributes in process `syz.0.819'. [ 383.748478][ T8928] netlink: 5128 bytes leftover after parsing attributes in process `syz.0.819'. [ 383.782147][ T8928] netlink: 584 bytes leftover after parsing attributes in process `syz.0.819'. [ 384.033962][ T8938] netlink: 8 bytes leftover after parsing attributes in process `syz.3.821'. [ 384.065027][ T8938] netlink: 200 bytes leftover after parsing attributes in process `syz.3.821'. [ 384.173528][ T8941] FAULT_INJECTION: forcing a failure. [ 384.173528][ T8941] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 384.213498][ T8941] CPU: 1 UID: 0 PID: 8941 Comm: syz.4.823 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 384.213521][ T8941] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 384.213531][ T8941] Call Trace: [ 384.213537][ T8941] [ 384.213544][ T8941] dump_stack_lvl+0x189/0x250 [ 384.213567][ T8941] ? __lock_acquire+0xaac/0xd20 [ 384.213590][ T8941] ? __pfx_dump_stack_lvl+0x10/0x10 [ 384.213610][ T8941] ? __pfx__printk+0x10/0x10 [ 384.213632][ T8941] ? __might_fault+0xb0/0x130 [ 384.213664][ T8941] should_fail_ex+0x414/0x560 [ 384.213683][ T8941] _copy_from_user+0x2d/0xb0 [ 384.213705][ T8941] ___sys_recvmsg+0x12e/0x510 [ 384.213731][ T8941] ? __pfx____sys_recvmsg+0x10/0x10 [ 384.213770][ T8941] ? __fget_files+0x3a0/0x420 [ 384.213793][ T8941] do_recvmmsg+0x307/0x760 [ 384.213820][ T8941] ? __pfx_do_recvmmsg+0x10/0x10 [ 384.213851][ T8941] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 384.213883][ T8941] __x64_sys_recvmmsg+0x190/0x240 [ 384.213904][ T8941] ? rcu_is_watching+0x15/0xb0 [ 384.213927][ T8941] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 384.213952][ T8941] ? do_syscall_64+0xba/0x210 [ 384.213974][ T8941] do_syscall_64+0xf6/0x210 [ 384.213993][ T8941] ? clear_bhb_loop+0x60/0xb0 [ 384.214011][ T8941] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 384.214025][ T8941] RIP: 0033:0x7fbe6498e969 [ 384.214038][ T8941] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 384.214050][ T8941] RSP: 002b:00007fbe657e1038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 384.214072][ T8941] RAX: ffffffffffffffda RBX: 00007fbe64bb5fa0 RCX: 00007fbe6498e969 [ 384.214082][ T8941] RDX: 0000000000000a0d RSI: 00002000000066c0 RDI: 0000000000000003 [ 384.214092][ T8941] RBP: 00007fbe657e1090 R08: 0000000000000000 R09: 0000000000000000 [ 384.214100][ T8941] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 384.214114][ T8941] R13: 0000000000000000 R14: 00007fbe64bb5fa0 R15: 00007ffe329fdcc8 [ 384.214137][ T8941] [ 384.419249][ C1] vkms_vblank_simulate: vblank timer overrun [ 385.310224][ T56] Bluetooth: hci1: SCO packet for unknown connection handle 201 [ 385.517301][ T8952] netlink: 4 bytes leftover after parsing attributes in process `syz.4.825'. [ 386.163446][ T8954] netlink: 8 bytes leftover after parsing attributes in process `syz.3.826'. [ 386.211069][ T8954] FAULT_INJECTION: forcing a failure. [ 386.211069][ T8954] name failslab, interval 1, probability 0, space 0, times 0 [ 386.257224][ T8954] CPU: 0 UID: 0 PID: 8954 Comm: syz.3.826 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 386.257254][ T8954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 386.257267][ T8954] Call Trace: [ 386.257275][ T8954] [ 386.257284][ T8954] dump_stack_lvl+0x189/0x250 [ 386.257321][ T8954] ? __pfx_dump_stack_lvl+0x10/0x10 [ 386.257349][ T8954] ? __pfx__printk+0x10/0x10 [ 386.257387][ T8954] ? __pfx___might_resched+0x10/0x10 [ 386.257418][ T8954] ? fs_reclaim_acquire+0x7d/0x100 [ 386.257447][ T8954] should_fail_ex+0x414/0x560 [ 386.257475][ T8954] should_failslab+0xa8/0x100 [ 386.257497][ T8954] __kmalloc_cache_noprof+0x70/0x3d0 [ 386.257527][ T8954] ? nbd_alloc_and_init_config+0x88/0x260 [ 386.257563][ T8954] nbd_alloc_and_init_config+0x88/0x260 [ 386.257593][ T8954] ? nbd_genl_connect+0x98d/0x1930 [ 386.257627][ T8954] nbd_genl_connect+0x9dd/0x1930 [ 386.257705][ T8954] ? __pfx_nbd_genl_connect+0x10/0x10 [ 386.257753][ T8954] ? __nla_parse+0x40/0x60 [ 386.257782][ T8954] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 386.257823][ T8954] genl_family_rcv_msg_doit+0x215/0x300 [ 386.257863][ T8954] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 386.257910][ T8954] ? stack_depot_save_flags+0x40/0x910 [ 386.257937][ T8954] genl_rcv_msg+0x60e/0x790 [ 386.257975][ T8954] ? __pfx_genl_rcv_msg+0x10/0x10 [ 386.258004][ T8954] ? __pfx_nbd_genl_connect+0x10/0x10 [ 386.258051][ T8954] netlink_rcv_skb+0x21c/0x490 [ 386.258076][ T8954] ? __pfx_genl_rcv_msg+0x10/0x10 [ 386.258107][ T8954] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 386.258160][ T8954] ? down_read+0x1ad/0x2e0 [ 386.258191][ T8954] genl_rcv+0x28/0x40 [ 386.258217][ T8954] netlink_unicast+0x758/0x8d0 [ 386.258252][ T8954] netlink_sendmsg+0x805/0xb30 [ 386.258275][ T8954] ? is_bpf_text_address+0x26/0x2b0 [ 386.258313][ T8954] ? __pfx_netlink_sendmsg+0x10/0x10 [ 386.258348][ T8954] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 386.258369][ T8954] ? __pfx_netlink_sendmsg+0x10/0x10 [ 386.258394][ T8954] __sock_sendmsg+0x219/0x270 [ 386.258420][ T8954] ____sys_sendmsg+0x505/0x830 [ 386.258455][ T8954] ? __pfx_____sys_sendmsg+0x10/0x10 [ 386.258495][ T8954] ? import_iovec+0x74/0xa0 [ 386.258528][ T8954] ___sys_sendmsg+0x21f/0x2a0 [ 386.258559][ T8954] ? __pfx____sys_sendmsg+0x10/0x10 [ 386.258631][ T8954] ? __fget_files+0x2a/0x420 [ 386.258649][ T8954] ? __fget_files+0x3a0/0x420 [ 386.258687][ T8954] __x64_sys_sendmsg+0x19b/0x260 [ 386.258719][ T8954] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 386.258769][ T8954] ? do_syscall_64+0xba/0x210 [ 386.258799][ T8954] do_syscall_64+0xf6/0x210 [ 386.258827][ T8954] ? clear_bhb_loop+0x60/0xb0 [ 386.258852][ T8954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 386.258872][ T8954] RIP: 0033:0x7f1a7558e969 [ 386.258890][ T8954] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 386.258908][ T8954] RSP: 002b:00007f1a763d6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 386.258930][ T8954] RAX: ffffffffffffffda RBX: 00007f1a757b5fa0 RCX: 00007f1a7558e969 [ 386.258945][ T8954] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000006 [ 386.258958][ T8954] RBP: 00007f1a763d6090 R08: 0000000000000000 R09: 0000000000000000 [ 386.258971][ T8954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 386.258982][ T8954] R13: 0000000000000000 R14: 00007f1a757b5fa0 R15: 00007ffcc2cee2b8 [ 386.259016][ T8954] [ 386.259039][ T8954] nbd: couldn't allocate config [ 386.467805][ T8957] ceph: No mds server is up or the cluster is laggy [ 386.628250][ T5926] libceph: connect (1)[c::]:6789 error -101 [ 386.634446][ T5926] libceph: mon0 (1)[c::]:6789 connect error [ 388.137229][ T5952] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 388.309204][ T5952] usb 1-1: Using ep0 maxpacket: 16 [ 388.324684][ T5952] usb 1-1: unable to get BOS descriptor or descriptor too short [ 388.359553][ T5952] usb 1-1: config 7 interface 0 has no altsetting 0 [ 388.367136][ T10] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 388.380323][ T5952] usb 1-1: New USB device found, idVendor=a257, idProduct=2013, bcdDevice=8f.26 [ 388.392751][ T5952] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 388.403868][ T5952] usb 1-1: Product: syz [ 388.408998][ T5952] usb 1-1: Manufacturer: syz [ 388.414551][ T5952] usb 1-1: SerialNumber: syz [ 388.540027][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 388.564829][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 388.607407][ T10] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 388.619157][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.665104][ T5952] usb 1-1: USB disconnect, device number 4 [ 388.700797][ T10] usb 3-1: config 0 descriptor?? [ 389.079103][ T8997] netlink: 12 bytes leftover after parsing attributes in process `syz.3.839'. [ 389.932957][ T8984] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 390.145035][ T8984] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 390.371101][ T10] usbhid 3-1:0.0: can't add hid device: -71 [ 390.395174][ T10] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 390.437660][ T10] usb 3-1: USB disconnect, device number 9 [ 390.446688][ T9010] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 392.844334][ T9036] syzkaller1: entered promiscuous mode [ 392.987830][ T9036] syzkaller1: entered allmulticast mode [ 393.124068][ T9042] netlink: 12 bytes leftover after parsing attributes in process `syz.2.852'. [ 395.231925][ T9056] netlink: 160 bytes leftover after parsing attributes in process `syz.3.857'. [ 395.241324][ T9056] A link change request failed with some changes committed already. Interface gre0 may have been left with an inconsistent configuration, please check. [ 397.833233][ T9071] Unknown options in mask 5 [ 398.953079][ T9070] netlink: 8 bytes leftover after parsing attributes in process `syz.0.860'. [ 399.224047][ T10] libceph: connect (1)[c::]:6789 error -101 [ 399.241697][ T9075] ceph: No mds server is up or the cluster is laggy [ 399.253737][ T10] libceph: mon0 (1)[c::]:6789 connect error [ 399.542356][ T5876] libceph: connect (1)[c::]:6789 error -101 [ 399.550454][ T5876] libceph: mon0 (1)[c::]:6789 connect error [ 400.185892][ T9095] netlink: 12 bytes leftover after parsing attributes in process `syz.3.864'. [ 401.229028][ T5926] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 401.454617][ T5926] usb 4-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 401.484099][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 401.598301][ T5926] usb 4-1: config 0 descriptor?? [ 401.877242][ T5876] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 402.902772][ T5876] usb 2-1: unable to get BOS descriptor or descriptor too short [ 403.157882][ T5876] usb 2-1: not running at top speed; connect to a high speed hub [ 403.170797][ T5876] usb 2-1: config 7 has an invalid interface number: 67 but max is 0 [ 403.181987][ T5876] usb 2-1: config 7 has no interface number 0 [ 403.206668][ T5876] usb 2-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16 [ 403.223410][ T5926] [drm] Initialized udl 0.0.1 for 4-1:0.0 on minor 2 [ 403.227899][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.303160][ T5926] [drm] Initialized udl on minor 2 [ 403.718783][ T5926] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 403.729924][ T5926] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 403.740877][ T5877] udl 4-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 403.744275][ T5876] usb 2-1: Product: syz [ 403.751870][ T5926] usb 4-1: USB disconnect, device number 23 [ 403.760246][ T5877] udl 4-1:0.0: [drm] Cannot find any crtc or sizes [ 403.789392][ T5876] usb 2-1: Manufacturer: ⟈䐕巚爛磚╵楾﹮樴躏ﬣ᱅ꝟ⥏㯈Ꚛ귝䥊髊燖䜎뭊ፙ讌鷡⍜驘檎▋ᴚ‏ꇅ痆⧯ꌿ싟䓇핲㷟揸䠦쮰﨤껳ⰷ굈᭨饂蕻㯪齏틃明灸텯頷໪藻᪲ꆪŊ黼䴙ႜؐ喒䴝㡌ӹ㿱̊ [ 403.897818][ T5876] usb 2-1: SerialNumber: syz [ 404.125259][ T9135] netlink: 8 bytes leftover after parsing attributes in process `syz.4.876'. [ 404.145191][ T9135] netlink: 200 bytes leftover after parsing attributes in process `syz.4.876'. [ 404.336578][ T5876] usb 2-1: USB disconnect, device number 17 [ 404.614817][ T9141] netlink: 12 bytes leftover after parsing attributes in process `syz.3.877'. [ 409.783062][ T9167] netdevsim netdevsim3 netdevsim0: entered promiscuous mode [ 410.409396][ T9185] netlink: 12 bytes leftover after parsing attributes in process `syz.3.890'. [ 411.121164][ T5906] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 411.129352][ T24] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 411.277351][ T5906] usb 3-1: device descriptor read/64, error -71 [ 411.319942][ T24] usb 2-1: unable to get BOS descriptor or descriptor too short [ 411.336352][ T24] usb 2-1: not running at top speed; connect to a high speed hub [ 411.361313][ T24] usb 2-1: config 7 has an invalid interface number: 67 but max is 0 [ 411.371690][ T24] usb 2-1: config 7 has no interface number 0 [ 411.778366][ T24] usb 2-1: New USB device found, idVendor=16c0, idProduct=05df, bcdDevice=6b.16 [ 411.792201][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 411.801016][ T24] usb 2-1: Product: syz [ 411.805410][ T24] usb 2-1: Manufacturer: ⟈䐕巚爛磚╵楾﹮樴躏ﬣ᱅ꝟ⥏㯈Ꚛ귝䥊髊燖䜎뭊ፙ讌鷡⍜驘檎▋ᴚ‏ꇅ痆⧯ꌿ싟䓇핲㷟揸䠦쮰﨤껳ⰷ굈᭨饂蕻㯪齏틃明灸텯頷໪藻᪲ꆪŊ黼䴙ႜؐ喒䴝㡌ӹ㿱̊ [ 411.837858][ T24] usb 2-1: SerialNumber: syz [ 411.874356][ T9193] IPVS: sync thread started: state = BACKUP, mcast_ifn = hsr0, syncid = 4, id = 0 [ 411.887453][ T5906] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 412.047248][ T5906] usb 3-1: device descriptor read/64, error -71 [ 412.251272][ T5906] usb usb3-port1: attempt power cycle [ 412.380549][ T9199] netlink: 4 bytes leftover after parsing attributes in process `syz.4.894'. [ 413.019183][ T5906] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 413.109538][ T5906] usb 3-1: device descriptor read/8, error -71 [ 413.233989][ T9202] netlink: 'syz.3.898': attribute type 1 has an invalid length. [ 413.323948][ T9202] netlink: 236 bytes leftover after parsing attributes in process `syz.3.898'. [ 413.485938][ T24] usb 2-1: USB disconnect, device number 18 [ 414.082482][ T9212] syz.2.897 (9212): drop_caches: 2 [ 414.870584][ T6177] tipc: Subscription rejected, illegal request [ 419.243305][ T9248] macsec1: entered allmulticast mode [ 420.216745][ T9260] netlink: 76 bytes leftover after parsing attributes in process `syz.1.912'. [ 420.242308][ T9260] sch_tbf: burst 0 is lower than device ip6gre0 mtu (1448) ! [ 420.377316][ T9262] vlan2: entered promiscuous mode [ 420.382421][ T9262] vlan0: entered promiscuous mode [ 420.388059][ T9262] erspan0: entered promiscuous mode [ 420.407092][ T5876] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 420.421079][ T9265] IPVS: set_ctl: invalid protocol: 2 0.0.0.0:16389 [ 420.589078][ T9269] FAULT_INJECTION: forcing a failure. [ 420.589078][ T9269] name failslab, interval 1, probability 0, space 0, times 0 [ 420.597995][ T5876] usb 3-1: too many configurations: 84, using maximum allowed: 8 [ 420.615989][ T5876] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 420.623803][ T5876] usb 3-1: can't read configurations, error -61 [ 420.630237][ T5878] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 420.630277][ T9269] CPU: 1 UID: 0 PID: 9269 Comm: syz.1.916 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 420.630307][ T9269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 420.630321][ T9269] Call Trace: [ 420.630331][ T9269] [ 420.630341][ T9269] dump_stack_lvl+0x189/0x250 [ 420.630380][ T9269] ? __pfx_dump_stack_lvl+0x10/0x10 [ 420.630410][ T9269] ? __pfx__printk+0x10/0x10 [ 420.630444][ T9269] ? kasan_save_track+0x4f/0x80 [ 420.630474][ T9269] ? kasan_save_free_info+0x46/0x50 [ 420.630497][ T9269] ? __kasan_slab_free+0x62/0x70 [ 420.630524][ T9269] ? kmem_cache_free+0x192/0x3f0 [ 420.630556][ T9269] ? pfkey_sendmsg+0x48a/0x1090 [ 420.630574][ T9269] ? __sock_sendmsg+0x219/0x270 [ 420.630603][ T9269] ? ____sys_sendmsg+0x505/0x830 [ 420.630629][ T9269] ? ___sys_sendmsg+0x21f/0x2a0 [ 420.630655][ T9269] ? __x64_sys_sendmsg+0x19b/0x260 [ 420.630688][ T9269] should_fail_ex+0x414/0x560 [ 420.630717][ T9269] should_failslab+0xa8/0x100 [ 420.630739][ T9269] kmem_cache_alloc_noprof+0x73/0x3c0 [ 420.630770][ T9269] ? xfrm_state_alloc+0x24/0x2f0 [ 420.630805][ T9269] xfrm_state_alloc+0x24/0x2f0 [ 420.630836][ T9269] pfkey_add+0x6e4/0x2e00 [ 420.630879][ T9269] ? __pfx_pfkey_add+0x10/0x10 [ 420.630897][ T9269] ? kmem_cache_free+0x192/0x3f0 [ 420.630946][ T9269] pfkey_sendmsg+0xbfe/0x1090 [ 420.630985][ T9269] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 420.631043][ T9269] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 420.631067][ T9269] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 420.631089][ T9269] __sock_sendmsg+0x219/0x270 [ 420.631115][ T9269] ____sys_sendmsg+0x505/0x830 [ 420.631151][ T9269] ? __pfx_____sys_sendmsg+0x10/0x10 [ 420.631192][ T9269] ? import_iovec+0x74/0xa0 [ 420.631227][ T9269] ___sys_sendmsg+0x21f/0x2a0 [ 420.631261][ T9269] ? __pfx____sys_sendmsg+0x10/0x10 [ 420.631333][ T9269] ? __fget_files+0x2a/0x420 [ 420.631353][ T9269] ? __fget_files+0x3a0/0x420 [ 420.631385][ T9269] __x64_sys_sendmsg+0x19b/0x260 [ 420.631418][ T9269] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 420.631468][ T9269] ? do_syscall_64+0xba/0x210 [ 420.631500][ T9269] do_syscall_64+0xf6/0x210 [ 420.631528][ T9269] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 420.631550][ T9269] ? clear_bhb_loop+0x60/0xb0 [ 420.631576][ T9269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 420.631605][ T9269] RIP: 0033:0x7fe54098e969 [ 420.631624][ T9269] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 420.631643][ T9269] RSP: 002b:00007fe54189a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 420.631667][ T9269] RAX: ffffffffffffffda RBX: 00007fe540bb5fa0 RCX: 00007fe54098e969 [ 420.631683][ T9269] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 420.631696][ T9269] RBP: 00007fe54189a090 R08: 0000000000000000 R09: 0000000000000000 [ 420.631710][ T9269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 420.631723][ T9269] R13: 0000000000000000 R14: 00007fe540bb5fa0 R15: 00007fff3f4f0dd8 [ 420.631758][ T9269] [ 421.067089][ T5876] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 421.628915][ T9275] FAULT_INJECTION: forcing a failure. [ 421.628915][ T9275] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 421.813992][ T9275] CPU: 0 UID: 0 PID: 9275 Comm: syz.1.918 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 421.814024][ T9275] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 421.814037][ T9275] Call Trace: [ 421.814045][ T9275] [ 421.814056][ T9275] dump_stack_lvl+0x189/0x250 [ 421.814093][ T9275] ? __pfx_dump_stack_lvl+0x10/0x10 [ 421.814122][ T9275] ? __pfx__printk+0x10/0x10 [ 421.814177][ T9275] should_fail_ex+0x414/0x560 [ 421.814205][ T9275] strncpy_from_user+0x36/0x290 [ 421.814238][ T9275] path_setxattrat+0x150/0x3a0 [ 421.814274][ T9275] ? __pfx_path_setxattrat+0x10/0x10 [ 421.814297][ T9275] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 421.814353][ T9275] ? ksys_write+0x1f0/0x250 [ 421.814380][ T9275] ? rcu_is_watching+0x15/0xb0 [ 421.814421][ T9275] __x64_sys_lsetxattr+0xbf/0xe0 [ 421.814446][ T9275] do_syscall_64+0xf6/0x210 [ 421.814473][ T9275] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 421.814493][ T9275] ? clear_bhb_loop+0x60/0xb0 [ 421.814526][ T9275] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 421.814546][ T9275] RIP: 0033:0x7fe54098e969 [ 421.814564][ T9275] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 421.814582][ T9275] RSP: 002b:00007fe54189a038 EFLAGS: 00000246 ORIG_RAX: 00000000000000bd [ 421.814604][ T9275] RAX: ffffffffffffffda RBX: 00007fe540bb5fa0 RCX: 00007fe54098e969 [ 421.814619][ T9275] RDX: 00002000000001c0 RSI: 00002000000002c0 RDI: 0000200000000140 [ 421.814633][ T9275] RBP: 00007fe54189a090 R08: 0000000000000000 R09: 0000000000000000 [ 421.814645][ T9275] R10: 0000000000000034 R11: 0000000000000246 R12: 0000000000000001 [ 421.814657][ T9275] R13: 0000000000000000 R14: 00007fe540bb5fa0 R15: 00007fff3f4f0dd8 [ 421.814690][ T9275] [ 422.058066][ T5878] usb 5-1: Using ep0 maxpacket: 8 [ 422.064085][ T5876] usb 3-1: too many configurations: 84, using maximum allowed: 8 [ 422.078029][ T5876] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 422.085825][ T5876] usb 3-1: can't read configurations, error -61 [ 422.094876][ T5876] usb usb3-port1: attempt power cycle [ 422.100668][ T5878] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 422.113008][ T5878] usb 5-1: config 0 has no interfaces? [ 422.122571][ T5878] usb 5-1: New USB device found, idVendor=046d, idProduct=08dd, bcdDevice=ff.f4 [ 422.131826][ T5878] usb 5-1: New USB device strings: Mfr=8, Product=2, SerialNumber=3 [ 422.140037][ T5878] usb 5-1: Product: syz [ 422.144244][ T5878] usb 5-1: Manufacturer: syz [ 422.149004][ T5878] usb 5-1: SerialNumber: syz [ 422.156685][ T5878] usb 5-1: config 0 descriptor?? [ 422.277501][ T24] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 422.457211][ T5876] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 422.496579][ T24] usb 4-1: config 0 has an invalid interface number: 105 but max is 0 [ 422.552114][ T24] usb 4-1: config 0 has no interface number 0 [ 422.574191][ T5877] usb 2-1: new full-speed USB device number 19 using dummy_hcd [ 422.638250][ T24] usb 4-1: New USB device found, idVendor=05ac, idProduct=0259, bcdDevice=f0.b2 [ 422.693556][ T24] usb 4-1: New USB device strings: Mfr=2, Product=0, SerialNumber=0 [ 422.806869][ T24] usb 4-1: Manufacturer: syz [ 422.828004][ T5877] usb 2-1: config 253 has an invalid interface number: 57 but max is 0 [ 422.883777][ T5877] usb 2-1: config 253 has no interface number 0 [ 422.905993][ T9287] FAULT_INJECTION: forcing a failure. [ 422.905993][ T9287] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 422.922124][ T24] usb 4-1: config 0 descriptor?? [ 422.993521][ T5877] usb 2-1: config 253 interface 57 altsetting 0 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 423.080262][ T9279] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 423.130138][ T9287] CPU: 1 UID: 0 PID: 9287 Comm: syz.4.914 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 423.130180][ T9287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 423.130193][ T9287] Call Trace: [ 423.130202][ T9287] [ 423.130215][ T9287] dump_stack_lvl+0x189/0x250 [ 423.130245][ T9287] ? __lock_acquire+0xaac/0xd20 [ 423.130276][ T9287] ? __pfx_dump_stack_lvl+0x10/0x10 [ 423.130304][ T9287] ? __pfx__printk+0x10/0x10 [ 423.130336][ T9287] ? __might_fault+0xb0/0x130 [ 423.130381][ T9287] should_fail_ex+0x414/0x560 [ 423.130409][ T9287] _copy_from_user+0x2d/0xb0 [ 423.130440][ T9287] kstrtouint_from_user+0xc4/0x170 [ 423.130467][ T9287] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 423.130511][ T9287] proc_fail_nth_write+0x88/0x240 [ 423.130533][ T9287] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 423.130562][ T9287] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 423.130585][ T9287] vfs_write+0x27e/0xa90 [ 423.130624][ T9287] ? __pfx_vfs_write+0x10/0x10 [ 423.130655][ T9287] ? __fget_files+0x2a/0x420 [ 423.130679][ T9287] ? __fget_files+0x3a0/0x420 [ 423.130697][ T9287] ? __fget_files+0x2a/0x420 [ 423.130726][ T9287] ksys_write+0x145/0x250 [ 423.130753][ T9287] ? rcu_is_watching+0x15/0xb0 [ 423.130785][ T9287] ? __pfx_ksys_write+0x10/0x10 [ 423.130817][ T9287] ? do_syscall_64+0xba/0x210 [ 423.130849][ T9287] do_syscall_64+0xf6/0x210 [ 423.130876][ T9287] ? clear_bhb_loop+0x60/0xb0 [ 423.130901][ T9287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 423.130921][ T9287] RIP: 0033:0x7fbe6498d41f [ 423.130939][ T9287] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 423.130957][ T9287] RSP: 002b:00007fbe6579f030 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 423.130978][ T9287] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 00007fbe6498d41f [ 423.130993][ T9287] RDX: 0000000000000001 RSI: 00007fbe6579f0a0 RDI: 0000000000000009 [ 423.131006][ T9287] RBP: 00007fbe6579f090 R08: 0000000000000000 R09: 0000000000000000 [ 423.131018][ T9287] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000001 [ 423.131030][ T9287] R13: 0000000000000000 R14: 00007fbe64bb6160 R15: 00007ffe329fdcc8 [ 423.131064][ T9287] [ 423.359418][ C1] vkms_vblank_simulate: vblank timer overrun [ 423.405573][ T24] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.105/input/input9 [ 423.437953][ T5877] usb 2-1: New USB device found, idVendor=1546, idProduct=1313, bcdDevice=1c.86 [ 423.448085][ T5877] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.456133][ T5877] usb 2-1: Product: syz [ 423.460461][ T5877] usb 2-1: Manufacturer: syz [ 423.465122][ T5877] usb 2-1: SerialNumber: syz [ 423.651317][ T5176] bcm5974 4-1:0.105: could not read from device [ 423.733862][ T5906] usb 5-1: USB disconnect, device number 13 [ 423.864771][ T5876] usb 3-1: device descriptor read/8, error -71 [ 423.999497][ T9292] 9pnet_fd: p9_fd_create_tcp (9292): problem connecting socket to 127.0.0.1 [ 424.473682][ T5176] bcm5974 4-1:0.105: could not read from device [ 424.481462][ T24] usb 4-1: USB disconnect, device number 24 [ 424.502761][ T5877] cdc_ether 2-1:253.57: invalid descriptor buffer length [ 424.573441][ T5877] usb 2-1: bad CDC descriptors [ 424.627404][ T5877] usb 2-1: USB disconnect, device number 19 [ 424.633705][ T9296] FAULT_INJECTION: forcing a failure. [ 424.633705][ T9296] name failslab, interval 1, probability 0, space 0, times 0 [ 424.681077][ T9296] CPU: 1 UID: 0 PID: 9296 Comm: syz.3.924 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 424.681108][ T9296] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 424.681121][ T9296] Call Trace: [ 424.681129][ T9296] [ 424.681138][ T9296] dump_stack_lvl+0x189/0x250 [ 424.681174][ T9296] ? __pfx_dump_stack_lvl+0x10/0x10 [ 424.681201][ T9296] ? __pfx__printk+0x10/0x10 [ 424.681242][ T9296] ? __pfx___might_resched+0x10/0x10 [ 424.681278][ T9296] should_fail_ex+0x414/0x560 [ 424.681312][ T9296] ? io_alloc_cache_init+0x3d/0x140 [ 424.681340][ T9296] should_failslab+0xa8/0x100 [ 424.681362][ T9296] __kvmalloc_node_noprof+0x168/0x5e0 [ 424.681382][ T9296] ? io_alloc_cache_init+0x3d/0x140 [ 424.681416][ T9296] io_alloc_cache_init+0x3d/0x140 [ 424.681449][ T9296] io_ring_ctx_alloc+0x451/0xa30 [ 424.681487][ T9296] io_uring_create+0x130/0xb60 [ 424.681525][ T9296] __se_sys_io_uring_setup+0x264/0x270 [ 424.681546][ T9296] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 424.681584][ T9296] ? do_syscall_64+0xba/0x210 [ 424.681614][ T9296] do_syscall_64+0xf6/0x210 [ 424.681641][ T9296] ? clear_bhb_loop+0x60/0xb0 [ 424.681664][ T9296] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 424.681682][ T9296] RIP: 0033:0x7f1a7558e969 [ 424.681699][ T9296] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 424.681716][ T9296] RSP: 002b:00007f1a763d5fc8 EFLAGS: 00000206 ORIG_RAX: 00000000000001a9 [ 424.681737][ T9296] RAX: ffffffffffffffda RBX: 00007f1a757b5fa0 RCX: 00007f1a7558e969 [ 424.681752][ T9296] RDX: 0000200000ff4000 RSI: 0000200000000000 RDI: 00000000000050cf [ 424.681766][ T9296] RBP: 0000200000000000 R08: 0000000000000000 R09: 0000200000ff4000 [ 424.681779][ T9296] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000001 [ 424.681791][ T9296] R13: 0000200000000080 R14: 00000000000050cf R15: 0000200000ff4000 [ 424.681824][ T9296] [ 424.882925][ C1] vkms_vblank_simulate: vblank timer overrun [ 427.502819][ T9322] program syz.3.931 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 427.863357][ T5956] udevd[5956]: Error opening device "/dev/input/event4": No such file or directory [ 427.895782][ T5956] udevd[5956]: Unable to EVIOCGABS device "/dev/input/event4" [ 427.994359][ T5956] udevd[5956]: Unable to EVIOCGABS device "/dev/input/event4" [ 428.017619][ T5956] udevd[5956]: Unable to EVIOCGABS device "/dev/input/event4" [ 428.072037][ T5956] udevd[5956]: Unable to EVIOCGABS device "/dev/input/event4" [ 428.137624][ T30] audit: type=1326 audit(1747997369.821:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9326 comm="syz.2.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9a018e969 code=0x7ffc0000 [ 428.183326][ T9330] binder: 9326:9330 ioctl 40046210 0 returned -14 [ 428.252759][ T30] audit: type=1326 audit(1747997369.821:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9326 comm="syz.2.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9a018e969 code=0x7ffc0000 [ 428.403411][ T30] audit: type=1326 audit(1747997369.821:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9326 comm="syz.2.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7ff9a018e969 code=0x7ffc0000 [ 428.549774][ T30] audit: type=1326 audit(1747997369.821:112): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9326 comm="syz.2.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9a018e969 code=0x7ffc0000 [ 428.600396][ T30] audit: type=1326 audit(1747997369.821:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9326 comm="syz.2.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9a018e969 code=0x7ffc0000 [ 428.621945][ C1] vkms_vblank_simulate: vblank timer overrun [ 428.861707][ T30] audit: type=1326 audit(1747997369.821:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9326 comm="syz.2.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7ff9a018e969 code=0x7ffc0000 [ 428.886583][ C1] vkms_vblank_simulate: vblank timer overrun [ 428.923908][ T30] audit: type=1326 audit(1747997369.821:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9326 comm="syz.2.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff9a018e9a3 code=0x7ffc0000 [ 429.143294][ T30] audit: type=1326 audit(1747997369.821:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9326 comm="syz.2.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7ff9a018e9a3 code=0x7ffc0000 [ 429.180671][ T30] audit: type=1326 audit(1747997369.831:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9326 comm="syz.2.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9a018e969 code=0x7ffc0000 [ 430.566610][ T30] audit: type=1326 audit(1747997369.831:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9326 comm="syz.2.935" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff9a018e969 code=0x7ffc0000 [ 432.940897][ T10] usb 1-1: new full-speed USB device number 5 using dummy_hcd [ 433.486608][ T9373] program syz.3.946 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 434.001873][ T10] usb 1-1: config 253 has an invalid interface number: 57 but max is 0 [ 434.017120][ T10] usb 1-1: config 253 has no interface number 0 [ 434.024543][ T10] usb 1-1: config 253 interface 57 altsetting 0 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 434.229657][ T10] usb 1-1: New USB device found, idVendor=1546, idProduct=1313, bcdDevice=1c.86 [ 434.257670][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.258185][ T5906] libceph: connect (1)[c::]:6789 error -101 [ 434.299073][ T10] usb 1-1: Product: syz [ 434.313733][ T10] usb 1-1: Manufacturer: syz [ 434.328724][ T5906] libceph: mon0 (1)[c::]:6789 connect error [ 434.377680][ T10] usb 1-1: SerialNumber: syz [ 434.466999][ T9374] ceph: No mds server is up or the cluster is laggy [ 434.510686][ T10] usb 1-1: can't set config #253, error -71 [ 434.597788][ T5906] libceph: connect (1)[c::]:6789 error -101 [ 434.630136][ T10] usb 1-1: USB disconnect, device number 5 [ 434.661256][ T9384] random: crng reseeded on system resumption [ 434.738470][ T5906] libceph: mon0 (1)[c::]:6789 connect error [ 435.733943][ T9398] overlayfs: failed to verify upper root origin [ 435.891189][ T10] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 436.527109][ T10] usb 4-1: device descriptor read/64, error -71 [ 437.019287][ T10] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 437.057041][ T5877] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 437.267338][ T5877] usb 5-1: device descriptor read/64, error -71 [ 437.857070][ T10] usb 4-1: device descriptor read/64, error -71 [ 437.887026][ T5877] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 437.970662][ T10] usb usb4-port1: attempt power cycle [ 438.026544][ T9426] netlink: 8 bytes leftover after parsing attributes in process `syz.0.958'. [ 438.048059][ T5877] usb 5-1: device descriptor read/64, error -71 [ 438.188187][ T5877] usb usb5-port1: attempt power cycle [ 438.317289][ T9427] program syz.3.957 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 438.547226][ T5877] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 438.605132][ T5877] usb 5-1: device descriptor read/8, error -71 [ 439.137328][ T5877] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 439.477483][ T5952] usb 3-1: new full-speed USB device number 18 using dummy_hcd [ 439.799979][ T5952] usb 3-1: config 253 has an invalid interface number: 57 but max is 0 [ 439.914076][ T5952] usb 3-1: config 253 has no interface number 0 [ 439.994560][ T5952] usb 3-1: config 253 interface 57 altsetting 0 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 440.069634][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.092009][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.213904][ T5952] usb 3-1: New USB device found, idVendor=1546, idProduct=1313, bcdDevice=1c.86 [ 440.334040][ T5952] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 440.497533][ T5952] usb 3-1: Product: syz [ 440.610623][ T5952] usb 3-1: Manufacturer: syz [ 440.692283][ T5952] usb 3-1: SerialNumber: syz [ 441.356989][ T5877] usb 5-1: device not accepting address 17, error -71 [ 442.004358][ T5877] usb usb5-port1: unable to enumerate USB device [ 443.170331][ T5952] cdc_ether 3-1:253.57: invalid descriptor buffer length [ 443.277143][ T5952] usb 3-1: bad CDC descriptors [ 443.334286][ T5952] usb 3-1: USB disconnect, device number 18 [ 443.571713][ T9451] ceph: No mds server is up or the cluster is laggy [ 446.308298][ T5878] usb 2-1: new full-speed USB device number 20 using dummy_hcd [ 446.799435][ T9485] program syz.4.971 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 446.887611][ T5878] usb 2-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 446.907767][ T5878] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 446.956976][ T5878] usb 2-1: Product: syz [ 446.961213][ T5878] usb 2-1: Manufacturer: syz [ 446.965850][ T5878] usb 2-1: SerialNumber: syz [ 447.023441][ T5878] usb 2-1: config 0 descriptor?? [ 447.040592][ T5878] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 447.249741][ T9475] netlink: 20 bytes leftover after parsing attributes in process `syz.1.969'. [ 447.307778][ T9475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 447.338561][ T9475] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 448.267501][ T5878] gspca_sonixj: reg_w1 err -110 [ 448.272532][ T5878] sonixj 2-1:0.0: probe with driver sonixj failed with error -110 [ 449.081615][ T5877] usb 2-1: USB disconnect, device number 20 [ 449.259991][ T9507] netlink: 'syz.4.976': attribute type 10 has an invalid length. [ 451.919314][ T9545] binder: 9544:9545 ioctl c018620c 200000000640 returned -22 [ 453.786916][ T9557] FAULT_INJECTION: forcing a failure. [ 453.786916][ T9557] name failslab, interval 1, probability 0, space 0, times 0 [ 453.897300][ T9557] CPU: 0 UID: 0 PID: 9557 Comm: syz.1.992 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 453.897337][ T9557] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 453.897349][ T9557] Call Trace: [ 453.897358][ T9557] [ 453.897367][ T9557] dump_stack_lvl+0x189/0x250 [ 453.897404][ T9557] ? __pfx_dump_stack_lvl+0x10/0x10 [ 453.897431][ T9557] ? __pfx__printk+0x10/0x10 [ 453.897465][ T9557] ? ___neigh_create+0x1c83/0x2260 [ 453.897495][ T9557] should_fail_ex+0x414/0x560 [ 453.897523][ T9557] should_failslab+0xa8/0x100 [ 453.897544][ T9557] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 453.897576][ T9557] ? __alloc_skb+0x112/0x2d0 [ 453.897605][ T9557] __alloc_skb+0x112/0x2d0 [ 453.897635][ T9557] ip6_frag_next+0x12d/0xb60 [ 453.897680][ T9557] ip6_fragment+0x1381/0x1e20 [ 453.897725][ T9557] ? __pfx_ip6_finish_output2+0x10/0x10 [ 453.897761][ T9557] ? __pfx_ip6_fragment+0x10/0x10 [ 453.897782][ T9557] ? ip6_mtu+0x7d/0x3f0 [ 453.897805][ T9557] ? ip6_mtu+0x7d/0x3f0 [ 453.897830][ T9557] ip6_finish_output+0x296/0x7d0 [ 453.897853][ T9557] ? ip6_send_skb+0x10f/0x390 [ 453.897879][ T9557] ip6_send_skb+0x1d5/0x390 [ 453.897908][ T9557] rawv6_push_pending_frames+0x6e9/0x8d0 [ 453.897945][ T9557] ? __pfx_rawv6_push_pending_frames+0x10/0x10 [ 453.897979][ T9557] ? __pfx_raw6_getfrag+0x10/0x10 [ 453.898012][ T9557] rawv6_sendmsg+0x12f9/0x17f0 [ 453.898055][ T9557] ? __pfx_rawv6_sendmsg+0x10/0x10 [ 453.898098][ T9557] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 453.898154][ T9557] ? sock_rps_record_flow+0x19/0x400 [ 453.898188][ T9557] ? inet_sendmsg+0x2f4/0x370 [ 453.898216][ T9557] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 453.898242][ T9557] __sock_sendmsg+0x19c/0x270 [ 453.898267][ T9557] ____sys_sendmsg+0x505/0x830 [ 453.898302][ T9557] ? __pfx_____sys_sendmsg+0x10/0x10 [ 453.898340][ T9557] ? import_iovec+0x74/0xa0 [ 453.898374][ T9557] ___sys_sendmsg+0x21f/0x2a0 [ 453.898404][ T9557] ? __pfx____sys_sendmsg+0x10/0x10 [ 453.898475][ T9557] ? __fget_files+0x2a/0x420 [ 453.898493][ T9557] ? __fget_files+0x3a0/0x420 [ 453.898524][ T9557] __x64_sys_sendmsg+0x19b/0x260 [ 453.898555][ T9557] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 453.898603][ T9557] ? do_syscall_64+0xba/0x210 [ 453.898633][ T9557] do_syscall_64+0xf6/0x210 [ 453.898660][ T9557] ? clear_bhb_loop+0x60/0xb0 [ 453.898685][ T9557] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 453.898704][ T9557] RIP: 0033:0x7fe54098e969 [ 453.898722][ T9557] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 453.898739][ T9557] RSP: 002b:00007fe54189a038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 453.898760][ T9557] RAX: ffffffffffffffda RBX: 00007fe540bb5fa0 RCX: 00007fe54098e969 [ 453.898774][ T9557] RDX: 0000000000000004 RSI: 00002000000000c0 RDI: 0000000000000003 [ 453.898787][ T9557] RBP: 00007fe54189a090 R08: 0000000000000000 R09: 0000000000000000 [ 453.898798][ T9557] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 453.898809][ T9557] R13: 0000000000000000 R14: 00007fe540bb5fa0 R15: 00007fff3f4f0dd8 [ 453.898842][ T9557] [ 454.214308][ C0] vkms_vblank_simulate: vblank timer overrun [ 454.839067][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 454.839087][ T30] audit: type=1326 audit(1747997396.541:130): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=9552 comm="syz.0.991" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc949d8e969 code=0x0 [ 454.866481][ C0] vkms_vblank_simulate: vblank timer overrun [ 455.913570][ T9599] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1002'. [ 455.962903][ T9600] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1003'. [ 456.351164][ T10] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 456.859678][ T10] usb 1-1: device descriptor read/64, error -71 [ 457.185047][ T9618] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1006'. [ 457.194265][ T10] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 457.326982][ T10] usb 1-1: device descriptor read/64, error -71 [ 457.437302][ T10] usb usb1-port1: attempt power cycle [ 457.807185][ T10] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 457.878981][ T9624] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1008'. [ 458.417737][ T10] usb 1-1: device descriptor read/8, error -71 [ 458.547411][ T9626] trusted_key: syz.3.1010 sent an empty control message without MSG_MORE. [ 458.697004][ T10] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 458.759848][ T10] usb 1-1: device descriptor read/8, error -71 [ 459.038084][ T10] usb usb1-port1: unable to enumerate USB device [ 459.527009][ T10] usb 3-1: new full-speed USB device number 19 using dummy_hcd [ 459.801038][ T10] usb 3-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 459.814654][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.839408][ T10] usb 3-1: Product: syz [ 459.843888][ T10] usb 3-1: Manufacturer: syz [ 459.851212][ T10] usb 3-1: SerialNumber: syz [ 459.867076][ T10] usb 3-1: config 0 descriptor?? [ 459.897786][ T10] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 460.099129][ T9639] netlink: 20 bytes leftover after parsing attributes in process `syz.2.1014'. [ 460.116226][ T9639] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 460.128921][ T9639] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 460.515458][ T10] gspca_sonixj: reg_w1 err -110 [ 460.531308][ T10] sonixj 3-1:0.0: probe with driver sonixj failed with error -110 [ 461.077766][ T5926] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 461.102136][ T5877] usb 3-1: USB disconnect, device number 19 [ 461.250257][ T5926] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 461.288513][ T5926] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 461.345748][ T5926] usb 5-1: New USB device found, idVendor=1e7d, idProduct=30d4, bcdDevice= 0.01 [ 461.384178][ T5926] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.398693][ T9665] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 461.417754][ T9665] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 461.507420][ T5877] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 461.707737][ T5877] usb 3-1: config 0 has an invalid interface number: 239 but max is 0 [ 461.747045][ T5877] usb 3-1: config 0 has no interface number 0 [ 461.779014][ T10] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 461.787401][ T5877] usb 3-1: config 0 interface 239 altsetting 0 endpoint 0x2 has invalid maxpacket 56832, setting to 1024 [ 461.990795][ T5877] usb 3-1: config 0 interface 239 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 1024 [ 462.064272][ T5926] usbhid 5-1:16.0: can't add hid device: -71 [ 462.077323][ T5926] usbhid 5-1:16.0: probe with driver usbhid failed with error -71 [ 462.088938][ T5877] usb 3-1: New USB device found, idVendor=2201, idProduct=012c, bcdDevice=60.d9 [ 462.127904][ T5877] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 462.153755][ T5926] usb 5-1: USB disconnect, device number 18 [ 462.160430][ T5877] usb 3-1: Product: syz [ 462.188794][ T5877] usb 3-1: Manufacturer: syz [ 462.193604][ T5877] usb 3-1: SerialNumber: syz [ 462.442369][ T5877] usb 3-1: config 0 descriptor?? [ 462.476031][ T9660] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 462.542792][ T9673] input: syz0 as /devices/virtual/input/input10 [ 464.490987][ T10] usb 4-1: device descriptor read/64, error -71 [ 464.737485][ T10] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 464.877159][ T10] usb 4-1: device descriptor read/64, error -71 [ 464.997947][ T10] usb usb4-port1: attempt power cycle [ 465.357248][ T10] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 465.389064][ T10] usb 4-1: device descriptor read/8, error -71 [ 465.709932][ T5877] usb 3-1: probing VID:PID(2201:012C) [ 465.718483][ T5877] usb 3-1: vub300 testing BULK OUT EndPoint(0) 02 [ 465.729328][ T5877] usb 3-1: Could not find two sets of bulk-in/out endpoint pairs [ 465.769142][ T5877] vub300 3-1:0.239: probe with driver vub300 failed with error -22 [ 465.797874][ T10] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 465.842444][ T5877] usb 3-1: USB disconnect, device number 20 [ 466.378383][ T10] usb 4-1: device not accepting address 31, error -71 [ 466.390644][ T10] usb usb4-port1: unable to enumerate USB device [ 466.580141][ T9715] vlan2: entered promiscuous mode [ 466.585531][ T9715] vlan0: entered promiscuous mode [ 466.601893][ T9715] erspan0: entered promiscuous mode [ 466.632140][ T9722] IPVS: set_ctl: invalid protocol: 2 0.0.0.0:16389 [ 466.678915][ T5878] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 466.870623][ T5878] usb 1-1: config index 0 descriptor too short (expected 45, got 36) [ 466.889466][ T5878] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 466.907412][ T5877] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 466.935772][ T5878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 466.986190][ T5878] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 467.017733][ T5878] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 467.045536][ T5878] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 467.073401][ T5878] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.087151][ T5877] usb 2-1: Using ep0 maxpacket: 16 [ 467.104047][ T5878] usb 1-1: config 0 descriptor?? [ 467.104109][ T5877] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 467.156960][ T5877] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 467.180324][ T5877] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 22 [ 467.242634][ T5877] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 467.252074][ T5877] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 467.277317][ T5877] usb 2-1: SerialNumber: syz [ 467.297027][ T5906] usb 4-1: new low-speed USB device number 32 using dummy_hcd [ 467.310361][ T5877] cdc_acm 2-1:1.0: skipping garbage [ 467.482881][ T5906] usb 4-1: config 1 has an invalid interface descriptor of length 6, skipping [ 467.527163][ T9741] Sensor B: ================= START STATUS ================= [ 467.535907][ T9741] Sensor B: Test Pattern: 75% Colorbar [ 467.542475][ T9741] Sensor B: Show Information: All [ 467.548579][ T5906] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 467.548665][ T5906] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 467.879154][ T5878] plantronics 0003:047F:FFFF.0003: reserved main item tag 0xd [ 467.913766][ T9741] Sensor B: Vertical Flip: false [ 467.924010][ T5878] plantronics 0003:047F:FFFF.0003: No inputs registered, leaving [ 467.932502][ T9741] Sensor B: Horizontal Flip: false [ 467.940318][ T5877] kernel write not supported for file /648/attr/exec (pid: 5877 comm: kworker/1:4) [ 467.958426][ T9741] Sensor B: Brightness: 128 [ 467.963581][ T9741] Sensor B: Contrast: 128 [ 467.969915][ T9741] Sensor B: Hue: 0 [ 467.981224][ T9741] Sensor B: Saturation: 128 [ 467.994924][ T5878] plantronics 0003:047F:FFFF.0003: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 468.013401][ T9741] Sensor B: ================== END STATUS ================== [ 468.013897][ T5906] usb 4-1: config 1 has no interface number 1 [ 468.061977][ T5877] usb 2-1: USB disconnect, device number 21 [ 468.101807][ T5906] usb 4-1: string descriptor 0 read error: -22 [ 468.110583][ T5906] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 468.137026][ T5906] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 468.151950][ T9713] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 468.181332][ T9713] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 468.182631][ T5906] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 468.244223][ T5906] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 468.267014][ T5906] usb 4-1: MIDIStreaming interface descriptor not found [ 468.466863][ T5956] udevd[5956]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: Read-only file system [ 468.467286][ T5906] usb 4-1: USB disconnect, device number 32 [ 468.602015][ T5877] usb 1-1: USB disconnect, device number 10 [ 468.633388][ T9753] FAULT_INJECTION: forcing a failure. [ 468.633388][ T9753] name failslab, interval 1, probability 0, space 0, times 0 [ 468.646667][ T9753] CPU: 1 UID: 0 PID: 9753 Comm: syz.2.1048 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 468.646695][ T9753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 468.646708][ T9753] Call Trace: [ 468.646717][ T9753] [ 468.646725][ T9753] dump_stack_lvl+0x189/0x250 [ 468.646756][ T9753] ? ndisc_ns_create+0x21b/0x650 [ 468.646786][ T9753] ? __neigh_event_send+0xf6d/0x1560 [ 468.646810][ T9753] ? __pfx_dump_stack_lvl+0x10/0x10 [ 468.646837][ T9753] ? __pfx__printk+0x10/0x10 [ 468.646870][ T9753] ? ip6_input_finish+0xde/0x190 [ 468.646898][ T9753] ? __netif_receive_skb+0xd3/0x380 [ 468.646930][ T9753] should_fail_ex+0x414/0x560 [ 468.646957][ T9753] should_failslab+0xa8/0x100 [ 468.646976][ T9753] ? __pfx_ip6_dst_gc+0x10/0x10 [ 468.647005][ T9753] kmem_cache_alloc_noprof+0x73/0x3c0 [ 468.647033][ T9753] ? dst_alloc+0x105/0x170 [ 468.647060][ T9753] ? __pfx_ip6_dst_gc+0x10/0x10 [ 468.647091][ T9753] dst_alloc+0x105/0x170 [ 468.647125][ T9753] icmp6_dst_alloc+0x75/0x420 [ 468.647155][ T9753] ? icmpv6_flow_init+0x62/0x120 [ 468.647190][ T9753] ndisc_send_skb+0x41f/0x1400 [ 468.647220][ T9753] ? ndisc_send_skb+0x208/0x1400 [ 468.647261][ T9753] ? __pfx_ndisc_send_skb+0x10/0x10 [ 468.647291][ T9753] ? __ndisc_fill_addr_option+0xe5/0x140 [ 468.647355][ T9753] ndisc_solicit+0x444/0x610 [ 468.647381][ T9753] ? __pfx_ndisc_solicit+0x10/0x10 [ 468.647409][ T9753] ? __neigh_event_send+0xf08/0x1560 [ 468.647435][ T9753] ? __pfx_ndisc_solicit+0x10/0x10 [ 468.647454][ T9753] __neigh_event_send+0xf6d/0x1560 [ 468.647486][ T9753] ? ___neigh_create+0x1c83/0x2260 [ 468.647512][ T9753] neigh_resolve_output+0x198/0x750 [ 468.647557][ T9753] ip6_finish_output2+0x11fe/0x16a0 [ 468.647588][ T9753] ? ip6_finish_output2+0x701/0x16a0 [ 468.647623][ T9753] ? __pfx_ip6_finish_output2+0x10/0x10 [ 468.647651][ T9753] ? ip6_mtu+0x7d/0x3f0 [ 468.647676][ T9753] ? ip6_mtu+0x7d/0x3f0 [ 468.647702][ T9753] ip6_finish_output+0x234/0x7d0 [ 468.647731][ T9753] ip6_xmit+0x107a/0x1840 [ 468.647769][ T9753] ? __pfx_ip6_xmit+0x10/0x10 [ 468.647821][ T9753] tcp_v6_send_response+0x1455/0x2180 [ 468.647842][ T9753] ? tun_rx_batched+0x1b9/0x730 [ 468.647870][ T9753] ? tun_get_user+0x2879/0x3c20 [ 468.647921][ T9753] ? __pfx_tcp_v6_send_response+0x10/0x10 [ 468.647940][ T9753] ? inet6_ehashfn+0xb3/0x570 [ 468.647976][ T9753] ? tcp_v6_send_reset+0x303/0x15c0 [ 468.648007][ T9753] ? tcp_v6_send_reset+0x303/0x15c0 [ 468.648045][ T9753] tcp_v6_send_reset+0xdd7/0x15c0 [ 468.648092][ T9753] ? tcp_v6_send_reset+0x303/0x15c0 [ 468.648123][ T9753] ? __pfx_tcp_v6_send_reset+0x10/0x10 [ 468.648172][ T9753] ? tcp_v6_fill_cb+0x260/0x4c0 [ 468.648203][ T9753] ? tcp_checksum_complete+0x152/0x200 [ 468.648237][ T9753] tcp_v6_rcv+0x1e2a/0x2be0 [ 468.648316][ T9753] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 468.648343][ T9753] ? nf_nat_ipv6_fn+0x21d/0x2d0 [ 468.648383][ T9753] ? csum_partial+0x239/0x2c0 [ 468.648413][ T9753] ? __pfx_tcp_v6_rcv+0x10/0x10 [ 468.648441][ T9753] ip6_protocol_deliver_rcu+0xcb0/0x15c0 [ 468.648502][ T9753] ip6_input_finish+0xde/0x190 [ 468.648534][ T9753] NF_HOOK+0x30c/0x3a0 [ 468.648562][ T9753] ? __pfx_ip6_input_finish+0x10/0x10 [ 468.648589][ T9753] ? NF_HOOK+0x9a/0x3a0 [ 468.648613][ T9753] ? __pfx_NF_HOOK+0x10/0x10 [ 468.648642][ T9753] ? __pfx_ip6_input_finish+0x10/0x10 [ 468.648684][ T9753] ip6_input+0x16a/0x270 [ 468.648709][ T9753] ? ip6_input+0x23/0x270 [ 468.648738][ T9753] NF_HOOK+0x30c/0x3a0 [ 468.648761][ T9753] ? skb_orphan+0x4c/0xd0 [ 468.648789][ T9753] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 468.648812][ T9753] ? NF_HOOK+0x9a/0x3a0 [ 468.648836][ T9753] ? __pfx_NF_HOOK+0x10/0x10 [ 468.648865][ T9753] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 468.648903][ T9753] __netif_receive_skb+0xd3/0x380 [ 468.648931][ T9753] ? netif_receive_skb+0x115/0x790 [ 468.648951][ T9753] netif_receive_skb+0x1cb/0x790 [ 468.648971][ T9753] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 468.649002][ T9753] ? __pfx_netif_receive_skb+0x10/0x10 [ 468.649030][ T9753] ? tun_rx_batched+0x160/0x730 [ 468.649061][ T9753] tun_rx_batched+0x1b9/0x730 [ 468.649099][ T9753] ? __pfx_tun_rx_batched+0x10/0x10 [ 468.649142][ T9753] ? tun_get_user+0x2444/0x3c20 [ 468.649182][ T9753] ? tun_get_user+0x2444/0x3c20 [ 468.649212][ T9753] ? tun_get_user+0x2444/0x3c20 [ 468.649240][ T9753] tun_get_user+0x2879/0x3c20 [ 468.649274][ T9753] ? tun_get_user+0x687/0x3c20 [ 468.649323][ T9753] ? __pfx_tun_get_user+0x10/0x10 [ 468.649365][ T9753] ? __lock_acquire+0xaac/0xd20 [ 468.649399][ T9753] ? ref_tracker_alloc+0x318/0x460 [ 468.649426][ T9753] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 468.649456][ T9753] ? tun_get+0x1c/0x2f0 [ 468.649492][ T9753] ? tun_get+0x1c/0x2f0 [ 468.649520][ T9753] ? tun_get+0x1c/0x2f0 [ 468.649556][ T9753] tun_chr_write_iter+0x113/0x200 [ 468.649589][ T9753] vfs_write+0x54b/0xa90 [ 468.649624][ T9753] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 468.649655][ T9753] ? __pfx_vfs_write+0x10/0x10 [ 468.649697][ T9753] ? __fget_files+0x2a/0x420 [ 468.649728][ T9753] ksys_write+0x145/0x250 [ 468.649756][ T9753] ? rcu_is_watching+0x15/0xb0 [ 468.649788][ T9753] ? __pfx_ksys_write+0x10/0x10 [ 468.649822][ T9753] ? do_syscall_64+0xba/0x210 [ 468.649854][ T9753] do_syscall_64+0xf6/0x210 [ 468.649880][ T9753] ? clear_bhb_loop+0x60/0xb0 [ 468.649906][ T9753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 468.649926][ T9753] RIP: 0033:0x7ff9a018d41f [ 468.649945][ T9753] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 468.649963][ T9753] RSP: 002b:00007ff9a0fda000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 468.649984][ T9753] RAX: ffffffffffffffda RBX: 00007ff9a03b6080 RCX: 00007ff9a018d41f [ 468.649999][ T9753] RDX: 000000000000004a RSI: 0000200000000600 RDI: 00000000000000c8 [ 468.650012][ T9753] RBP: 00007ff9a0fda090 R08: 0000000000000000 R09: 0000000000000000 [ 468.650025][ T9753] R10: 000000000000004a R11: 0000000000000293 R12: 0000000000000002 [ 468.650037][ T9753] R13: 0000000000000000 R14: 00007ff9a03b6080 R15: 00007ffcbafca2a8 [ 468.650072][ T9753] [ 469.286687][ T9755] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1049'. [ 470.847122][ T10] usb 5-1: new full-speed USB device number 19 using dummy_hcd [ 471.129598][ T10] usb 5-1: New USB device found, idVendor=0c45, idProduct=613a, bcdDevice=c4.6d [ 471.147445][ T9783] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1057'. [ 471.173718][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 471.198797][ T10] usb 5-1: Product: syz [ 471.203134][ T10] usb 5-1: Manufacturer: syz [ 471.215917][ T10] usb 5-1: SerialNumber: syz [ 471.225782][ T10] usb 5-1: config 0 descriptor?? [ 471.242049][ T10] gspca_main: sonixj-2.14.0 probing 0c45:613a [ 471.384769][ T9788] binder: 9787:9788 ioctl c0306201 2000000003c0 returned -14 [ 471.438899][ T9773] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1054'. [ 471.472977][ T9773] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 471.507563][ T9773] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 471.762448][ T10] gspca_sonixj: reg_w1 err -110 [ 471.780870][ T10] sonixj 5-1:0.0: probe with driver sonixj failed with error -110 [ 472.751422][ T5906] usb 5-1: USB disconnect, device number 19 [ 473.617572][ T9791] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1060'. [ 473.638065][ T9791] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1060'. [ 474.228276][ T9812] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 474.916763][ T9813] vxcan1: tx drop: invalid da for name 0x0000000000000001 [ 475.868803][ T9833] FAULT_INJECTION: forcing a failure. [ 475.868803][ T9833] name failslab, interval 1, probability 0, space 0, times 0 [ 475.882327][ T9833] CPU: 0 UID: 0 PID: 9833 Comm: syz.1.1069 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 475.882355][ T9833] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 475.882369][ T9833] Call Trace: [ 475.882377][ T9833] [ 475.882385][ T9833] dump_stack_lvl+0x189/0x250 [ 475.882422][ T9833] ? __pfx_dump_stack_lvl+0x10/0x10 [ 475.882450][ T9833] ? __pfx__printk+0x10/0x10 [ 475.882488][ T9833] ? __pfx___might_resched+0x10/0x10 [ 475.882524][ T9833] should_fail_ex+0x414/0x560 [ 475.882551][ T9833] should_failslab+0xa8/0x100 [ 475.882572][ T9833] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 475.882612][ T9833] ? __alloc_skb+0x112/0x2d0 [ 475.882643][ T9833] __alloc_skb+0x112/0x2d0 [ 475.882673][ T9833] netlink_sendmsg+0x5c6/0xb30 [ 475.882696][ T9833] ? rcu_is_watching+0x15/0xb0 [ 475.882736][ T9833] ? __pfx_netlink_sendmsg+0x10/0x10 [ 475.882770][ T9833] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 475.882792][ T9833] ? __pfx_netlink_sendmsg+0x10/0x10 [ 475.882818][ T9833] __sock_sendmsg+0x219/0x270 [ 475.882842][ T9833] ____sys_sendmsg+0x505/0x830 [ 475.882876][ T9833] ? __pfx_____sys_sendmsg+0x10/0x10 [ 475.882915][ T9833] ? import_iovec+0x74/0xa0 [ 475.882948][ T9833] ___sys_sendmsg+0x21f/0x2a0 [ 475.882979][ T9833] ? __pfx____sys_sendmsg+0x10/0x10 [ 475.883047][ T9833] ? __fget_files+0x2a/0x420 [ 475.883065][ T9833] ? __fget_files+0x3a0/0x420 [ 475.883095][ T9833] __x64_sys_sendmsg+0x19b/0x260 [ 475.883127][ T9833] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 475.883174][ T9833] ? do_syscall_64+0xba/0x210 [ 475.883205][ T9833] do_syscall_64+0xf6/0x210 [ 475.883230][ T9833] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 475.883250][ T9833] ? clear_bhb_loop+0x60/0xb0 [ 475.883275][ T9833] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.883294][ T9833] RIP: 0033:0x7fe54098e969 [ 475.883314][ T9833] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 475.883332][ T9833] RSP: 002b:00007fe541858038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 475.883353][ T9833] RAX: ffffffffffffffda RBX: 00007fe540bb6160 RCX: 00007fe54098e969 [ 475.883368][ T9833] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000008 [ 475.883381][ T9833] RBP: 00007fe541858090 R08: 0000000000000000 R09: 0000000000000000 [ 475.883394][ T9833] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 475.883406][ T9833] R13: 0000000000000000 R14: 00007fe540bb6160 R15: 00007fff3f4f0dd8 [ 475.883438][ T9833] [ 476.465682][ T9835] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1071'. [ 476.682943][ T9842] bond2: entered promiscuous mode [ 477.632661][ T9848] bridge0: port 3(gretap0) entered blocking state [ 477.639456][ T9848] bridge0: port 3(gretap0) entered disabled state [ 477.646266][ T9848] gretap0: entered allmulticast mode [ 477.655010][ T9848] gretap0: entered promiscuous mode [ 477.662465][ T9848] bridge0: port 3(gretap0) entered blocking state [ 477.669290][ T9848] bridge0: port 3(gretap0) entered forwarding state [ 477.714264][ T9847] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1074'. [ 479.627066][ T5878] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 479.871750][ T5878] usb 4-1: config 4 has an invalid descriptor of length 0, skipping remainder of the config [ 479.893544][ T5878] usb 4-1: New USB device found, idVendor=041e, idProduct=4007, bcdDevice=5d.18 [ 480.826051][ T5878] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.231980][ T5878] gspca_main: stv0680-2.14.0 probing 041e:4007 [ 481.605218][ T9887] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1085'. [ 481.913968][ T9893] netlink: 'syz.3.1081': attribute type 1 has an invalid length. [ 481.922727][ T9893] netlink: 172 bytes leftover after parsing attributes in process `syz.3.1081'. [ 482.025658][ T5906] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 482.695361][ T5878] gspca_stv0680: usb_control_msg error 0, request = 0x88, error = -32 [ 482.766970][ T5878] stv0680 4-1:4.0: STV(e): camera ping failed!! [ 482.786279][ T5878] gspca_stv0680: usb_control_msg error 0, request = 0x80, error = -71 [ 482.806398][ T5878] stv0680 4-1:4.0: last error: 0, command = 0x0 [ 482.845695][ T5878] usb 4-1: USB disconnect, device number 33 [ 483.147217][ T5906] usb 3-1: Using ep0 maxpacket: 8 [ 483.159386][ T5906] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 483.177862][ T5906] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.143510][ T5906] usb 3-1: Product: syz [ 484.155072][ T5906] usb 3-1: Manufacturer: syz [ 484.163234][ T5906] usb 3-1: SerialNumber: syz [ 484.181004][ T5906] usb 3-1: config 0 descriptor?? [ 486.190269][ T5906] dvb_usb_rtl28xxu 3-1:0.0: chip type detection failed -71 [ 486.718746][ T5906] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 486.738430][ T5906] usb 3-1: USB disconnect, device number 21 [ 487.901631][ T9919] overlayfs: missing 'lowerdir' [ 487.948338][ T9919] openvswitch: netlink: Duplicate or invalid key (type 0). [ 487.959168][ T9919] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 488.586988][ T5878] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 489.699938][ T5878] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 489.774035][ T5878] usb 4-1: config 7 has 0 interfaces, different from the descriptor's value: 2 [ 490.049803][ T9942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.223306][ T9942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.450390][ T9942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.457305][ T5876] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 490.528119][ T9942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.540176][ T9942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.706123][ T5876] usb 2-1: unable to get BOS descriptor or descriptor too short [ 490.715361][ T9942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 490.779608][ T9942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 490.798278][ T9947] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1100'. [ 491.534203][ T5876] usb 2-1: not running at top speed; connect to a high speed hub [ 491.544062][ T9942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 491.564583][ T5876] usb 2-1: config 0 has an invalid interface number: 182 but max is 0 [ 491.574867][ T5876] usb 2-1: config 0 has no interface number 0 [ 491.581927][ T5876] usb 2-1: config 0 interface 182 has no altsetting 0 [ 491.592632][ T5876] usb 2-1: New USB device found, idVendor=2040, idProduct=5590, bcdDevice=54.72 [ 491.603459][ T9942] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 491.627123][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 491.635254][ T5876] usb 2-1: Product: syz [ 491.672559][ T9942] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 491.701944][ T5876] usb 2-1: Manufacturer: syz [ 491.706646][ T5876] usb 2-1: SerialNumber: syz [ 491.781997][ T5876] usb 2-1: config 0 descriptor?? [ 492.037018][ T5926] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 492.103523][ T5876] hub 2-1:0.182: bad descriptor, ignoring hub [ 492.123355][ T5876] hub 2-1:0.182: probe with driver hub failed with error -5 [ 492.200766][ T5926] usb 1-1: Using ep0 maxpacket: 8 [ 492.219326][ T5926] usb 1-1: config 0 has no interfaces? [ 492.238189][ T5926] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 492.269621][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.301019][ T5926] usb 1-1: Product: syz [ 492.310097][ T5926] usb 1-1: Manufacturer: syz [ 492.314771][ T5926] usb 1-1: SerialNumber: syz [ 492.345918][ T5878] usb 4-1: string descriptor 0 read error: -71 [ 492.355782][ T5878] usb 4-1: New USB device found, idVendor=19d2, idProduct=1275, bcdDevice= 7.84 [ 492.365895][ T5876] smsusb:smsusb_probe: board id=8, interface number 182 [ 492.372970][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 492.375781][ T9961] netlink: 996 bytes leftover after parsing attributes in process `syz.3.1106'. [ 492.399388][ T5878] usb 4-1: can't set config #7, error -71 [ 492.402105][ T5926] usb 1-1: config 0 descriptor?? [ 492.408074][ T5876] usb 2-1: USB disconnect, device number 22 [ 493.031688][ T5878] usb 4-1: USB disconnect, device number 34 [ 493.105175][ T53] usb 1-1: USB disconnect, device number 11 [ 493.430783][ T5926] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 493.617186][ T24] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 493.673312][ T5926] usb 5-1: device descriptor read/64, error -71 [ 493.807753][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 493.861069][ T24] usb 2-1: config 0 has no interfaces? [ 493.870365][ T24] usb 2-1: New USB device found, idVendor=1d50, idProduct=60c6, bcdDevice=62.9b [ 493.880339][ T24] usb 2-1: New USB device strings: Mfr=1, Product=3, SerialNumber=0 [ 493.888815][ T24] usb 2-1: Product: syz [ 493.893547][ T24] usb 2-1: Manufacturer: syz [ 493.903027][ T24] usb 2-1: config 0 descriptor?? [ 493.957061][ T5926] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 494.022206][ T9975] FAULT_INJECTION: forcing a failure. [ 494.022206][ T9975] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 494.040082][ T9975] CPU: 0 UID: 0 PID: 9975 Comm: syz.0.1109 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 494.040113][ T9975] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 494.040126][ T9975] Call Trace: [ 494.040135][ T9975] [ 494.040145][ T9975] dump_stack_lvl+0x189/0x250 [ 494.040182][ T9975] ? __pfx_dump_stack_lvl+0x10/0x10 [ 494.040210][ T9975] ? __pfx__printk+0x10/0x10 [ 494.040258][ T9975] should_fail_ex+0x414/0x560 [ 494.040284][ T9975] _copy_to_user+0x31/0xb0 [ 494.040313][ T9975] simple_read_from_buffer+0xe1/0x170 [ 494.040381][ T9975] proc_fail_nth_read+0x1df/0x250 [ 494.040407][ T9975] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 494.040431][ T9975] ? rw_verify_area+0x258/0x650 [ 494.040458][ T9975] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 494.040481][ T9975] vfs_read+0x200/0x980 [ 494.040514][ T9975] ? __pfx___mutex_lock+0x10/0x10 [ 494.040540][ T9975] ? __pfx_vfs_read+0x10/0x10 [ 494.040569][ T9975] ? __fget_files+0x2a/0x420 [ 494.040591][ T9975] ? __fget_files+0x3a0/0x420 [ 494.040608][ T9975] ? __fget_files+0x2a/0x420 [ 494.040636][ T9975] ksys_read+0x145/0x250 [ 494.040666][ T9975] ? __pfx_ksys_read+0x10/0x10 [ 494.040705][ T9975] do_syscall_64+0xf6/0x210 [ 494.040732][ T9975] ? clear_bhb_loop+0x60/0xb0 [ 494.040757][ T9975] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 494.040776][ T9975] RIP: 0033:0x7fc949d8d37c [ 494.040797][ T9975] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 494.040814][ T9975] RSP: 002b:00007fc94acca030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 494.040837][ T9975] RAX: ffffffffffffffda RBX: 00007fc949fb5fa0 RCX: 00007fc949d8d37c [ 494.040851][ T9975] RDX: 000000000000000f RSI: 00007fc94acca0a0 RDI: 0000000000000005 [ 494.040864][ T9975] RBP: 00007fc94acca090 R08: 0000000000000000 R09: 0000000000000000 [ 494.040877][ T9975] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 494.040889][ T9975] R13: 0000000000000000 R14: 00007fc949fb5fa0 R15: 00007ffd74ce1ac8 [ 494.040922][ T9975] [ 494.111237][ T5926] usb 5-1: device descriptor read/64, error -71 [ 494.204068][ C1] vkms_vblank_simulate: vblank timer overrun [ 494.371511][ T5878] usb 2-1: USB disconnect, device number 23 [ 494.418059][ T5926] usb usb5-port1: attempt power cycle [ 494.734928][ T9982] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1111'. [ 495.481254][ T5926] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 495.672998][ T5926] usb 5-1: device descriptor read/8, error -71 [ 495.786267][ T9989] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1114'. [ 500.148046][ T5906] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 500.347146][ T5906] usb 2-1: device descriptor read/64, error -71 [ 500.609424][ T5906] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 500.624201][T10015] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1120'. [ 500.637009][ T5952] usb 4-1: new high-speed USB device number 35 using dummy_hcd [ 500.657471][T10015] netlink: 200 bytes leftover after parsing attributes in process `syz.2.1120'. [ 500.817223][ T5952] usb 4-1: Using ep0 maxpacket: 8 [ 500.843872][ T5952] usb 4-1: config 0 has no interfaces? [ 500.866832][ T5952] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 500.879265][ T5952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.891019][ T5952] usb 4-1: Product: syz [ 500.895372][ T5952] usb 4-1: Manufacturer: syz [ 500.903650][ T5952] usb 4-1: SerialNumber: syz [ 500.916523][ T5952] usb 4-1: config 0 descriptor?? [ 501.167570][ T5952] usb 4-1: USB disconnect, device number 35 [ 501.501552][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.508700][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 501.610576][ T56] Bluetooth: hci1: ACL packet for unknown connection handle 200 [ 502.158526][ T53] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 502.222670][T10054] netlink: 72 bytes leftover after parsing attributes in process `syz.2.1137'. [ 502.327144][ T53] usb 2-1: Using ep0 maxpacket: 8 [ 502.340007][ T53] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 502.359343][ T53] usb 2-1: New USB device found, idVendor=07c0, idProduct=1512, bcdDevice=30.22 [ 502.377370][ T53] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 502.387040][ T5952] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 502.402398][ T53] usb 2-1: config 0 descriptor?? [ 502.480771][T10062] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1141'. [ 502.557793][ T5952] usb 4-1: Using ep0 maxpacket: 32 [ 502.579272][ T5952] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 502.595972][ T5952] usb 4-1: config 0 has no interface number 0 [ 502.614136][ T5952] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 502.632112][ T53] iowarrior 2-1:0.0: IOWarrior product=0x1512, serial= interface=0 now attached to iowarrior0 [ 502.642718][ T5952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 502.666323][ T5952] usb 4-1: Product: syz [ 502.675952][ T5952] usb 4-1: Manufacturer: syz [ 502.683032][ T5952] usb 4-1: SerialNumber: syz [ 502.702032][ T5952] usb 4-1: config 0 descriptor?? [ 502.725380][ T5952] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 502.841362][ T53] usb 2-1: USB disconnect, device number 26 [ 502.940982][ T5952] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 502.998921][ T5952] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 503.337387][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 503.337866][ T53] usb 4-1: USB disconnect, device number 36 [ 503.391455][ T53] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 503.423720][ T53] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 503.439316][ T53] quatech2 4-1:0.51: device disconnected [ 503.524620][T10089] 9pnet_fd: Insufficient options for proto=fd [ 503.756315][T10100] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1152'. [ 503.775047][T10100] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1152'. [ 503.785455][T10100] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1152'. [ 504.176563][T10110] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1155'. [ 504.202194][ T53] kernel write not supported for file /824/coredump_filter (pid: 53 comm: kworker/1:1) [ 504.894460][T10117] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.090249][T10117] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.234273][T10117] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.263461][T10146] veth1_macvtap: left promiscuous mode [ 505.291581][ T5952] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 505.297040][T10146] macsec0: entered promiscuous mode [ 505.322361][ T56] Bluetooth: hci1: Malformed LE Event: 0x0d [ 505.341358][T10117] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 505.457266][ T5952] usb 5-1: Using ep0 maxpacket: 8 [ 505.475486][ T5952] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 505.475841][T10117] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.495908][ T5952] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 505.509696][T10117] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.527010][ T5952] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 505.533630][T10117] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.551958][ T5952] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 505.566168][ T5952] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 505.582528][T10117] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 505.602026][ T5952] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 505.610677][ T5952] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 505.625336][ T5952] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 505.641848][ T5952] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 505.653202][ T5952] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 505.673178][ T5952] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 505.680840][ T5952] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 505.693939][ T5952] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 505.706242][ T5952] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 505.717962][ T5952] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 505.732829][ T5952] usb 5-1: string descriptor 0 read error: -22 [ 505.739919][ T5952] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 505.749181][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 505.788655][ T5952] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 505.817174][ T5876] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 505.966975][ T5876] usb 2-1: Using ep0 maxpacket: 32 [ 505.975250][ T5876] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 32 [ 505.993021][ T5876] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 506.006000][ T5906] usb 5-1: USB disconnect, device number 24 [ 506.022646][ T5876] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 506.043553][ T5876] usb 2-1: Product: syz [ 506.050171][ T5876] usb 2-1: Manufacturer: syz [ 506.058965][ T5876] usb 2-1: SerialNumber: syz [ 506.105586][ T5876] usb 2-1: config 0 descriptor?? [ 506.124760][T10153] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 506.144327][ T5876] hub 2-1:0.0: bad descriptor, ignoring hub [ 506.152334][T10159] netlink: 'syz.3.1176': attribute type 2 has an invalid length. [ 506.158084][ T5876] hub 2-1:0.0: probe with driver hub failed with error -5 [ 506.163262][T10159] netlink: 16142 bytes leftover after parsing attributes in process `syz.3.1176'. [ 506.189242][ T5876] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input13 [ 506.349150][T10164] netlink: 'syz.3.1178': attribute type 4 has an invalid length. [ 506.389170][ T56] Bluetooth: hci1: unexpected event for opcode 0x0000 [ 506.389816][ T5906] usb 2-1: USB disconnect, device number 27 [ 506.396097][ C0] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 506.600072][T10169] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1181'. [ 506.921867][T10182] Bluetooth: MGMT ver 1.23 [ 507.045884][T10188] policy can only be matched on NF_INET_PRE_ROUTING [ 507.045912][T10188] unable to load match [ 507.454000][ T13] tipc: Subscription rejected, illegal request [ 507.495253][T10195] bridge0: port 2(bridge_slave_1) entered disabled state [ 507.503400][T10195] bridge0: port 1(bridge_slave_0) entered disabled state [ 507.795324][T10195] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 507.811873][T10195] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 507.920745][T10195] netdevsim netdevsim0 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.950643][T10195] netdevsim netdevsim0 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 507.967539][T10195] netdevsim netdevsim0 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.004899][T10195] netdevsim netdevsim0 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 508.225109][T10195] batman_adv: batadv0: Interface deactivated: ip6gretap1 [ 508.956947][ T56] ------------[ cut here ]------------ [ 508.962869][ T56] WARNING: CPU: 0 PID: 56 at net/bluetooth/hci_conn.c:568 hci_conn_timeout+0xff/0x290 [ 508.972754][ T56] Modules linked in: [ 508.977206][ T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/u9:0 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 508.989345][ T56] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 508.999951][ T56] Workqueue: hci3 hci_conn_timeout [ 509.005391][ T56] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 509.011202][ T56] Code: 48 89 df e8 a3 fd 08 00 eb 07 e8 6c 13 70 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 77 cf fe ff e8 52 13 70 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 509.031413][ T56] RSP: 0018:ffffc9000101faf0 EFLAGS: 00010293 [ 509.037719][ T56] RAX: ffffffff8a4fdd8e RBX: ffff88802975c000 RCX: ffff8880216c5a00 [ 509.048180][ T56] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 509.056271][ T56] RBP: 00000000ffffffff R08: ffff88802975c013 R09: 1ffff110052eb802 [ 509.064445][ T56] R10: dffffc0000000000 R11: ffffed10052eb803 R12: dffffc0000000000 [ 509.072620][ T56] R13: ffff88801eed4e18 R14: ffff88802975c948 R15: ffff88802975c010 [ 509.080804][ T56] FS: 0000000000000000(0000) GS:ffff8881260f6000(0000) knlGS:0000000000000000 [ 509.089949][ T56] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 509.096605][ T56] CR2: 00007fa3eaec99db CR3: 000000002fea8000 CR4: 00000000003526f0 [ 509.105605][ T56] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 509.113762][ T56] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 509.122001][ T56] Call Trace: [ 509.125347][ T56] [ 509.128427][ T56] ? process_scheduled_works+0x9ec/0x17a0 [ 509.134266][ T56] process_scheduled_works+0xade/0x17a0 [ 509.140244][ T56] ? __pfx_process_scheduled_works+0x10/0x10 [ 509.146387][ T56] worker_thread+0x8a0/0xda0 [ 509.153708][ T56] kthread+0x711/0x8a0 [ 509.158060][ T56] ? __pfx_worker_thread+0x10/0x10 [ 509.163249][ T56] ? __pfx_kthread+0x10/0x10 [ 509.168099][ T56] ? __pfx_kthread+0x10/0x10 [ 509.172754][ T56] ? _raw_spin_unlock_irq+0x23/0x50 [ 509.178174][ T56] ? lockdep_hardirqs_on+0x9c/0x150 [ 509.183452][ T56] ? __pfx_kthread+0x10/0x10 [ 509.188266][ T56] ret_from_fork+0x4b/0x80 [ 509.192745][ T56] ? __pfx_kthread+0x10/0x10 [ 509.197506][ T56] ret_from_fork_asm+0x1a/0x30 [ 509.202497][ T56] [ 509.205636][ T56] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 509.212982][ T56] CPU: 0 UID: 0 PID: 56 Comm: kworker/u9:0 Not tainted 6.15.0-rc7-syzkaller-00099-g94305e83eccb #0 PREEMPT(full) [ 509.224992][ T56] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 509.235054][ T56] Workqueue: hci3 hci_conn_timeout [ 509.240186][ T56] Call Trace: [ 509.243466][ T56] [ 509.246396][ T56] dump_stack_lvl+0x99/0x250 [ 509.251021][ T56] ? __asan_memcpy+0x40/0x70 [ 509.255619][ T56] ? __pfx_dump_stack_lvl+0x10/0x10 [ 509.260856][ T56] ? __pfx__printk+0x10/0x10 [ 509.265466][ T56] panic+0x2db/0x790 [ 509.269374][ T56] ? __pfx_panic+0x10/0x10 [ 509.273816][ T56] ? ret_from_fork_asm+0x1a/0x30 [ 509.278780][ T56] __warn+0x31b/0x4b0 [ 509.282772][ T56] ? hci_conn_timeout+0xff/0x290 [ 509.287716][ T56] ? hci_conn_timeout+0xff/0x290 [ 509.292656][ T56] report_bug+0x2be/0x4f0 [ 509.297007][ T56] ? hci_conn_timeout+0xff/0x290 [ 509.302067][ T56] ? hci_conn_timeout+0xff/0x290 [ 509.307093][ T56] ? hci_conn_timeout+0x101/0x290 [ 509.312207][ T56] handle_bug+0x84/0x160 [ 509.316544][ T56] exc_invalid_op+0x1a/0x50 [ 509.321052][ T56] asm_exc_invalid_op+0x1a/0x20 [ 509.325899][ T56] RIP: 0010:hci_conn_timeout+0xff/0x290 [ 509.331460][ T56] Code: 48 89 df e8 a3 fd 08 00 eb 07 e8 6c 13 70 f7 b0 13 0f b6 f0 48 89 df 5b 41 5c 41 5e 41 5f 5d e9 77 cf fe ff e8 52 13 70 f7 90 <0f> 0b 90 eb 8c 44 89 f9 80 e1 07 80 c1 03 38 c1 0f 8c 31 ff ff ff [ 509.351247][ T56] RSP: 0018:ffffc9000101faf0 EFLAGS: 00010293 [ 509.357322][ T56] RAX: ffffffff8a4fdd8e RBX: ffff88802975c000 RCX: ffff8880216c5a00 [ 509.365292][ T56] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 509.373357][ T56] RBP: 00000000ffffffff R08: ffff88802975c013 R09: 1ffff110052eb802 [ 509.381417][ T56] R10: dffffc0000000000 R11: ffffed10052eb803 R12: dffffc0000000000 [ 509.389388][ T56] R13: ffff88801eed4e18 R14: ffff88802975c948 R15: ffff88802975c010 [ 509.397381][ T56] ? hci_conn_timeout+0xfe/0x290 [ 509.402330][ T56] ? process_scheduled_works+0x9ec/0x17a0 [ 509.408057][ T56] process_scheduled_works+0xade/0x17a0 [ 509.413631][ T56] ? __pfx_process_scheduled_works+0x10/0x10 [ 509.419632][ T56] worker_thread+0x8a0/0xda0 [ 509.424586][ T56] kthread+0x711/0x8a0 [ 509.428677][ T56] ? __pfx_worker_thread+0x10/0x10 [ 509.433824][ T56] ? __pfx_kthread+0x10/0x10 [ 509.438439][ T56] ? __pfx_kthread+0x10/0x10 [ 509.443045][ T56] ? _raw_spin_unlock_irq+0x23/0x50 [ 509.448268][ T56] ? lockdep_hardirqs_on+0x9c/0x150 [ 509.453517][ T56] ? __pfx_kthread+0x10/0x10 [ 509.458652][ T56] ret_from_fork+0x4b/0x80 [ 509.463077][ T56] ? __pfx_kthread+0x10/0x10 [ 509.467669][ T56] ret_from_fork_asm+0x1a/0x30 [ 509.472453][ T56] [ 509.475787][ T56] Kernel Offset: disabled [ 509.480122][ T56] Rebooting in 86400 seconds..