last executing test programs: 16.632540871s ago: executing program 0 (id=707): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000d00)=ANY=[@ANYBLOB="120100021982302013042360e5ec0102030109021b0001000060020904840001ee48b100090582"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000700)={0x84, &(0x7f0000000240)={0x0, 0x7, 0x3, "2c3387"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 14.320194955s ago: executing program 0 (id=712): sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x2000c845) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) openat$binfmt_format(0xffffffffffffff9c, &(0x7f0000001580)='/proc/sys/fs/binfmt_misc/syz0\x00', 0x2, 0x0) setxattr$incfs_metadata(&(0x7f0000000800)='./cgroup\x00', 0x0, &(0x7f0000000880), 0x0, 0x1) openat$ttyS3(0xffffffffffffff9c, 0x0, 0x0, 0x0) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x4, 0x0, 0x0) syz_open_dev$vim2m(0x0, 0x7c34, 0x2) ioctl$vim2m_VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, 0x0) syz_open_dev$evdev(&(0x7f0000000240), 0x20000, 0x0) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) r3 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000200)={'vxcan1\x00', 0x0}) bind$can_j1939(r3, &(0x7f0000000100)={0x1d, r4}, 0x18) 12.904469482s ago: executing program 0 (id=715): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) bind$alg(r3, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 12.528780615s ago: executing program 3 (id=716): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x14}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xac}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 11.612507985s ago: executing program 0 (id=718): socket(0x10, 0x3, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x189802) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket(0x10, 0x3, 0x0) write(r3, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r4 = syz_io_uring_setup(0x498, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x0, 0x272}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r0, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) io_uring_enter(r4, 0x627, 0x4c1, 0x43, 0x0, 0x0) semctl$IPC_RMID(0x0, 0x0, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000280)={0x2, 0x0, @local}, 0x10) connect$inet(0xffffffffffffffff, 0x0, 0x0) setsockopt$IP_VS_SO_SET_ADD(0xffffffffffffffff, 0x0, 0x482, 0x0, 0x0) 11.294088582s ago: executing program 3 (id=720): io_uring_setup(0x194e, &(0x7f0000000a80)={0x0, 0x30bd, 0x2, 0x3, 0x197}) syz_open_dev$dri(0x0, 0x1ff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000200), 0x100, 0x0) openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000940), 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x161141) r1 = dup(r0) write$6lowpan_enable(r1, 0x0, 0x0) syz_io_uring_setup(0x239, &(0x7f0000000380)={0x0, 0xf691, 0x10100, 0x0, 0x1f9}, &(0x7f00000008c0)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r2, r3, 0x0) r4 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r5 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_INIT(r5, 0x0, 0xc8, &(0x7f0000003d40), 0x4) setsockopt$MRT_ADD_VIF(r5, 0x0, 0xca, &(0x7f0000003d80)={0x1, 0x0, 0x0, 0x0, @vifc_lcl_addr=@local, @dev}, 0x10) setsockopt$inet_mreq(r4, 0x0, 0x23, &(0x7f0000000000)={@multicast1=0xe0000300, @local}, 0x8) syz_emit_ethernet(0x2a, &(0x7f0000000080)={@local, @remote, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x2, 0x0, @empty, @multicast1=0xe0000300}, @address_request}}}}, 0x0) syz_emit_ethernet(0x66, &(0x7f0000000340)={@multicast, @link_local, @void, {@ipv4={0x800, @gre={{0x5, 0x4, 0x0, 0x0, 0x58, 0x0, 0x0, 0x0, 0x2f, 0x0, @private=0xe0, @multicast1=0xe000c800}, {{0x0, 0x0, 0x1, 0x0, 0xb, 0x0, 0x0, 0x4, 0x6558}, {0x0, 0x0, 0x0, 0x0, 0x11}, {}, {0x8, 0x88be, 0x0, {{}, 0xfffff788}}}}}}}, 0x0) r6 = socket$igmp(0x2, 0x3, 0x2) setsockopt$MRT_FLUSH(r6, 0x0, 0xd4, &(0x7f0000000040)=0x9, 0x4) 9.939478426s ago: executing program 3 (id=722): setfsgid(0xee00) r0 = syz_clone(0x80000000, 0x0, 0x0, 0x0, 0x0, 0x0) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r1) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(0xffffffffffffffff, 0x0, 0x0) syz_open_dev$sndpcmc(&(0x7f0000000000), 0x0, 0x0) mount(0x0, &(0x7f0000000080)='.\x00', &(0x7f0000000000)='proc\x00', 0x800000, 0x0) r5 = syz_open_procfs(r0, &(0x7f0000000100)='stack\x00') pread64(r5, &(0x7f0000000280)=""/3, 0x3, 0xfffffffa) 8.492934255s ago: executing program 3 (id=726): bpf$MAP_CREATE(0x0, 0x0, 0x48) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socketpair$unix(0x1, 0x1, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(r5, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r5, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) splice(r5, 0x0, r4, 0x0, 0xfea8, 0xa) 6.471641242s ago: executing program 1 (id=728): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x6000, {0x5}}, [@NFT_MSG_NEWSET={0x3c, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}]}, @NFT_MSG_NEWSETELEM={0x3c, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x10, 0x3, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_FLAGS={0x8, 0x3, 0x1, 0x0, 0x2}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xa0}}, 0x40) close(0x3) 6.160953784s ago: executing program 1 (id=731): r0 = syz_open_dev$mouse(&(0x7f00000000c0), 0x0, 0x2042) read$FUSE(r0, 0x0, 0x0) write$FUSE_DIRENTPLUS(r0, &(0x7f0000000400)=ANY=[], 0xb0) 5.401399025s ago: executing program 4 (id=732): prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x1000000008c}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xfec8d000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000400)=@abs={0x0, 0x0, 0x4e24}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000040)={0x11, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000820004000000000000000c00850000000f00000095"], &(0x7f0000000180)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x80) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) r4 = getpid() r5 = syz_pidfd_open(r4, 0x0) r6 = pidfd_getfd(r5, r5, 0x0) setns(r6, 0x66020000) mount$9p_fd(0x0, &(0x7f0000000980)='.\x00', 0x0, 0x104000, 0x0) 5.327957184s ago: executing program 2 (id=733): openat$sysfs(0xffffffffffffff9c, &(0x7f0000002180)='/sys/power/sync_on_suspend', 0xa82, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = fsopen(&(0x7f0000000040)='binfmt_misc\x00', 0x1) fsconfig$FSCONFIG_SET_FLAG(r1, 0x0, 0x0, 0x0, 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) fsmount(r1, 0x1, 0x3) bpf$BPF_PROG_DETACH(0x9, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000001440), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_COALESCE_SET(r2, &(0x7f0000000380)={0x0, 0x0, 0x0}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f00000000c0), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000100)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_SET_TX_BITRATE_MASK(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000001a40)={0x38, r3, 0x1, 0x0, 0x0, {{}, {@val={0x8, 0x3, r4}, @void}}, [@NL80211_ATTR_TX_RATES={0x1c, 0x5a, 0x0, 0x1, [@NL80211_BAND_2GHZ={0x18, 0x0, 0x0, 0x1, [@NL80211_TXRATE_HE={0x14, 0x5, {[0x6, 0x5, 0x800, 0xfff, 0xe83d, 0x8, 0x723, 0x5]}}]}]}]}, 0x38}}, 0x4000) 5.100252076s ago: executing program 1 (id=734): r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x4, 0x0, 0x0, r1}, &(0x7f0000000200)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x612a, 0x17e, 0x0, 0x0, 0x0) r5 = fanotify_init(0x200, 0x101000) readv(r5, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/136, 0x88}], 0x1) 5.033123878s ago: executing program 2 (id=735): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00'}, 0x10) ioctl$KDSKBENT(0xffffffffffffffff, 0x4b47, &(0x7f0000000380)={0x0, 0x7f, 0x708}) 4.688609902s ago: executing program 3 (id=736): syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESOCT], 0x0) r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ppoll(&(0x7f0000002a80)=[{r0, 0x2242}, {r1, 0x200}], 0x2, 0x0, 0x0, 0x0) 4.245207167s ago: executing program 4 (id=737): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) fcntl$lock(r0, 0x25, 0x0) prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd) getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8) ioctl$VIDIOC_ENUM_FMT(0xffffffffffffffff, 0xc0405602, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x801, 0x70bd26, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048050}, 0x0) 4.241017017s ago: executing program 0 (id=738): pipe2$9p(0x0, 0x0) write$P9_RVERSION(0xffffffffffffffff, &(0x7f0000000080)=ANY=[@ANYBLOB="1500000065ffff018000000800395032"], 0x15) dup(0xffffffffffffffff) r0 = socket$nl_route(0x10, 0x3, 0x0) dup2(0xffffffffffffffff, r0) syz_usb_connect(0x0, 0x5e, &(0x7f0000000140)=ANY=[@ANYBLOB="120100006b36a2207b06a1279bb00102030109024c0001000010000904e7000229feac000b2402010302057ff49bfd052406000105240002000d240f0105000000090007000806241a7f000109050602ff0300000009058202"], 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) ioctl$vim2m_VIDIOC_STREAMOFF(0xffffffffffffffff, 0x40045612, &(0x7f0000000000)=0x1) read$msr(r1, &(0x7f0000032680)=""/102392, 0x18ff8) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="c02600004100070100000000ff000000017c00000400fc80a72601"], 0x26c0}}, 0x4c000) 3.920309969s ago: executing program 2 (id=739): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}) writev(r0, &(0x7f0000000500)=[{&(0x7f0000000080)="2e9b5b0007e03dd65193dfb6c575963f86dd6067", 0x14}, {&(0x7f0000000200)="b700000006000000000000f1dd0fccd5de059d36", 0x14}, {&(0x7f0000000540)="37a8a6c41ef711513a5554633f6ecf2512425af281e45325101699c31d746d9751dcb943b8375ff630e2d7a9", 0x2c}], 0x3) 3.452749626s ago: executing program 4 (id=740): getsockopt$inet6_tcp_int(0xffffffffffffffff, 0x6, 0x10, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x88e, &(0x7f0000000140)={0x0, 0xaef2, 0x400, 0x2, 0xbfcffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xffffbffc, 0x0, 0x4) open$dir(&(0x7f00000003c0)='./file0\x00', 0x8000, 0x8) io_uring_enter(r2, 0x47f6, 0x0, 0x2, 0x0, 0x0) 3.386857096s ago: executing program 1 (id=741): r0 = socket$inet(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) r2 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000000c0)=@newqdisc={0xbc, 0x24, 0xf0b, 0x70bd2a, 0x0, {0x0, 0x0, 0x12, r1, {}, {0xffff, 0xffff}, {0x2}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x8c, 0x2, [@TCA_TAPRIO_ATTR_PRIOMAP={0x56, 0x1, {0x2, [0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1], 0x0, [0x5, 0x4, 0x2, 0x0, 0x8, 0x9c, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3], [0x0, 0x8, 0x0, 0x0, 0x2]}}, @TCA_TAPRIO_ATTR_SCHED_ENTRY_LIST={0x28, 0x2, 0x0, 0x1, [{0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x4000000}]}, {0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x80000001}]}, {0xc, 0x1, 0x0, 0x1, [@TCA_TAPRIO_SCHED_ENTRY_INTERVAL={0x8, 0x4, 0x400}]}]}, @TCA_TAPRIO_ATTR_SCHED_CLOCKID={0x8, 0x5, 0x7}]}}]}, 0xbc}, 0x1, 0x0, 0x0, 0x20000040}, 0x0) 3.117026975s ago: executing program 1 (id=742): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x2a, 0xa9}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$alg(0x26, 0x5, 0x0) setsockopt$ALG_SET_KEY(r3, 0x117, 0x1, &(0x7f00000004c0)="2c385a7af3", 0x5) r4 = accept4(r3, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) 3.116762455s ago: executing program 2 (id=743): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x5, &(0x7f0000000480)=ANY=[@ANYBLOB], &(0x7f0000000040)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x44, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000040)={&(0x7f0000000080)='kfree\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000380)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x5}}, [@NFT_MSG_NEWSET={0x44, 0x9, 0xa, 0x401, 0x0, 0x0, {0xa, 0x0, 0x4}, [@NFTA_SET_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_KEY_LEN={0x8, 0x5, 0x1, 0x0, 0x2}, @NFTA_SET_NAME={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ID={0x8, 0xa, 0x1, 0x0, 0xfffffffc}, @NFTA_SET_FLAGS={0x8, 0x3, 0x1, 0x0, 0x14}]}, @NFT_MSG_NEWSETELEM={0x40, 0xc, 0xa, 0x101, 0x0, 0x0, {0xa, 0x0, 0x6}, [@NFTA_SET_ELEM_LIST_SET={0x9, 0x2, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz1\x00'}, @NFTA_SET_ELEM_LIST_ELEMENTS={0x14, 0x3, 0x0, 0x1, [{0x10, 0x0, 0x0, 0x1, [@NFTA_SET_ELEM_KEY={0xc, 0x1, 0x0, 0x1, [@NFTA_DATA_VALUE={0x6, 0x1, "d103"}]}]}]}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x1}}}, 0xac}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 3.024651923s ago: executing program 2 (id=744): r0 = bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000280)=ANY=[@ANYBLOB="120000000400000004000000f961eeec473b2f1200795d06f9ef9d18cefa000000000300d3c943ac1b663d3bd3277ef2506cb96000", @ANYRES32, @ANYBLOB='\x00\x00\x00\x00', @ANYRES32=0x0, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00'], 0x50) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2000c0c1}, 0x0) msgget$private(0x0, 0x100) r1 = syz_open_dev$vim2m(&(0x7f0000000000), 0x7f, 0x2) syz_emit_ethernet(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f0000000680)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r2, &(0x7f0000019680)=""/102392, 0x18ff8) mount(0x0, 0x0, 0x0, 0x0, 0x0) ioctl$vim2m_VIDIOC_S_FMT(r1, 0xc0d05605, &(0x7f0000000040)={0x1, @raw_data="dfab4d85d47fab3f5852323481422e0f382a7fff4f2f6544e6018dbd8ab7448ced0cb6d971aa93e8b234fd2ceb6c160545bc47d95cb6f68a98ee9ea4686093a60d1e90430c08857fd0c428cdd40ea133631f9993733758d144b78ac24b59a54138ada8c18089c1250c7de9ef6ad3b2f7f28322211b5313b263f34c07a174f7d1d0f000f2bd2a60f9e4f18a82318f990d85778a2b77c73764d2d187c87800f0905ca84dbdd9002b572b0928a92da591fbaa566464e5cb6dbaf6a6945d91b66259944c62c5090ca50c"}) close(r0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000040)=@base={0xc, 0x4, 0x4, 0x8001}, 0x50) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, 0x0) 2.007262355s ago: executing program 1 (id=745): socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000fd9e1a40f30c74933bbc0000000109021b000104000000090400004fd4695e00090532825b"], 0x0) 1.549018156s ago: executing program 2 (id=746): bpf$MAP_CREATE(0x0, 0x0, 0x48) dup3(0xffffffffffffffff, 0xffffffffffffffff, 0x80000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000ac0)=ANY=[@ANYBLOB="1800000000000000000000000000000018010000786c6c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000fdffffff850000002d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0xa, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000080)='sched_switch\x00', r3}, 0x10) socketpair$unix(0x1, 0x1, 0x0, 0x0) pipe(&(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r5, 0x6, 0x10000000013, &(0x7f0000000180)=0x1, 0x4) setsockopt$inet_tcp_int(r5, 0x6, 0x14, &(0x7f00000000c0)=0x100000001, 0x4) connect$inet(r5, &(0x7f0000000300)={0x2, 0x0, @remote}, 0x10) splice(r5, 0x0, r4, 0x0, 0xfea8, 0xa) 515.080036ms ago: executing program 4 (id=747): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_EVENTS(r0, 0x84, 0xb, &(0x7f0000000040)={0x0, 0x4, 0x0, 0x0, 0x14, 0x0, 0x0, 0x0, 0x5}, 0xe) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000002c0)=[@in={0x2, 0x0, @local}]}, &(0x7f0000000440)=0x10) getsockopt$inet_sctp6_SCTP_AUTH_ACTIVE_KEY(r0, 0x84, 0x18, &(0x7f0000000140)={r1}, &(0x7f0000000180)=0x8) 499.325734ms ago: executing program 3 (id=748): r0 = openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi4\x00', 0x400, 0x0) ppoll(&(0x7f0000000100)=[{0xffffffffffffffff, 0x1002}, {0xffffffffffffffff, 0x400}, {r0}], 0x3, 0x0, &(0x7f0000000280)={[0xfffffffffffffff8]}, 0x8) ioctl$COMEDI_DEVCONFIG(r0, 0x40946400, 0x0) 293.176741ms ago: executing program 4 (id=749): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDSKBENT(r0, 0x4b47, &(0x7f0000000380)={0x0, 0x7f, 0x708}) 185.15909ms ago: executing program 4 (id=750): r0 = openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) fcntl$lock(r0, 0x25, 0x0) prctl$PR_SET_IO_FLUSHER(0x43, 0xfffffffffffffffd) getpid() prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x4) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000300)=""/102392, 0x18ff8) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=@newlink={0x34, 0x10, 0x801, 0x70bd26, 0x0, {}, [@IFLA_XDP={0xc, 0x2b, 0x0, 0x1, [@IFLA_XDP_FD={0x8}]}, @IFLA_GROUP={0x8}]}, 0x34}, 0x1, 0x0, 0x0, 0x20048050}, 0x0) 0s ago: executing program 0 (id=751): r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x0, 0x189802) r1 = syz_io_uring_setup(0x498, &(0x7f00000000c0)={0x0, 0x79af, 0x3180, 0x0, 0x272}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x4007, @fd=r0, 0x6, &(0x7f0000000580)=""/207, 0xcf, 0x2, 0x1}) io_uring_enter(r1, 0x627, 0x4c1, 0x43, 0x0, 0x0) kernel console output (not intermixed with test programs): set [1, 0] type 2 family 0 port 6081 - 0 [ 84.269117][ T5839] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.337643][ T1110] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.370181][ T1110] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.377522][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 84.458667][ T5847] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 84.508508][ T5847] netdevsim netdevsim4 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.529145][ T5847] netdevsim netdevsim4 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.539134][ T5847] netdevsim netdevsim4 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.552768][ T5847] netdevsim netdevsim4 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 84.600015][ T3578] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.630614][ T3578] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.691148][ T1333] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.714378][ T1333] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.839319][ T65] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 84.880247][ T65] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 84.959749][ T65] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.003063][ T65] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.081619][ T976] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 85.094948][ T1333] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 85.115151][ T5973] netlink: 40 bytes leftover after parsing attributes in process `syz.1.10'. [ 85.121464][ T1333] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 85.153460][ T5973] netlink: 3 bytes leftover after parsing attributes in process `syz.1.10'. [ 85.188343][ T5973] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 85.270582][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.300597][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 85.309512][ T976] usb 1-1: Using ep0 maxpacket: 8 [ 85.327111][ T976] usb 1-1: unable to get BOS descriptor or descriptor too short [ 85.336759][ T976] usb 1-1: config 1 has an invalid descriptor of length 72, skipping remainder of the config [ 85.348160][ T976] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 23 [ 85.370050][ T976] usb 1-1: config 1 interface 0 altsetting 8 has 0 endpoint descriptors, different from the interface descriptor's value: 3 [ 85.386683][ T976] usb 1-1: config 1 interface 0 has no altsetting 0 [ 85.393611][ T51] Bluetooth: hci1: command tx timeout [ 85.402482][ T51] Bluetooth: hci0: command tx timeout [ 85.520780][ T976] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 85.561430][ T51] Bluetooth: hci3: command tx timeout [ 85.566896][ T51] Bluetooth: hci4: command tx timeout [ 85.572886][ T5846] Bluetooth: hci2: command tx timeout [ 85.670217][ T976] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 85.678247][ T976] usb 1-1: Product: syz [ 85.682916][ T976] usb 1-1: Manufacturer: syz [ 85.687596][ T976] usb 1-1: SerialNumber: syz [ 86.004864][ T5968] Zero length message leads to an empty skb [ 86.028674][ T976] cdc_ether 1-1:1.0: invalid descriptor buffer length [ 86.076965][ T976] usb 1-1: bad CDC descriptors [ 86.253971][ T976] usb 1-1: USB disconnect, device number 2 [ 86.677257][ T9] cfg80211: failed to load regulatory.db [ 86.838300][ T5906] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 86.891184][ T6002] JFS: discard option not supported on device [ 86.899025][ T6002] Mount JFS Failure: -22 [ 86.903352][ T6002] jfs_mount failed w/return code = -22 [ 86.950534][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.004368][ T5906] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 87.025105][ T5906] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 87.040663][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 87.058159][ T5906] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 87.070717][ T5906] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 87.080015][ T5906] usb 5-1: Product: syz [ 87.092856][ T5906] usb 5-1: Manufacturer: syz [ 87.098032][ T5906] usb 5-1: SerialNumber: syz [ 87.122217][ T0] NOHZ tick-stop error: local softirq work is pending, handler #140!!! [ 87.591850][ T5906] usb 5-1: cannot find UAC_HEADER [ 87.630929][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 87.706195][ T5906] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 87.878785][ T5906] usb 5-1: USB disconnect, device number 2 [ 88.554400][ T5992] udevd[5992]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 88.751946][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 88.761997][ T0] NOHZ tick-stop error: local softirq work is pending, handler #48!!! [ 88.980504][ T0] NOHZ tick-stop error: local softirq work is pending, handler #200!!! [ 88.991637][ T0] NOHZ tick-stop error: local softirq work is pending, handler #08!!! [ 91.780476][ T5921] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 91.960224][ T5921] usb 5-1: Using ep0 maxpacket: 32 [ 92.107203][ T5921] usb 5-1: config 4 has an invalid interface number: 128 but max is 0 [ 92.185732][ T5921] usb 5-1: config 4 has no interface number 0 [ 92.192889][ T5921] usb 5-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 92.204200][ T5921] usb 5-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 92.223002][ T5921] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 92.258624][ T5921] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 92.300742][ T5921] hub 5-1:4.128: USB hub found [ 92.579707][ T5921] hub 5-1:4.128: 2 ports detected [ 92.585404][ T5921] hub 5-1:4.128: Using single TT (err -22) [ 92.654493][ T6048] JFS: discard option not supported on device [ 92.666505][ T6048] Mount JFS Failure: -22 [ 92.670981][ T6048] jfs_mount failed w/return code = -22 [ 93.903430][ T5921] hub 5-1:4.128: hub_hub_status failed (err = -32) [ 93.921004][ T5921] hub 5-1:4.128: config failed, can't get hub status (err -32) [ 94.384010][ T6063] UDPLite: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 95.302307][ T43] usb 5-1: USB disconnect, device number 3 [ 97.560547][ T6088] netlink: 'syz.2.39': attribute type 14 has an invalid length. [ 97.868427][ T6092] JFS: discard option not supported on device [ 97.876335][ T6092] Mount JFS Failure: -22 [ 97.880679][ T6092] jfs_mount failed w/return code = -22 [ 99.021096][ T5842] usb 3-1: new high-speed USB device number 2 using dummy_hcd [ 99.080839][ T6098] netlink: 116 bytes leftover after parsing attributes in process `syz.1.44'. [ 99.510317][ T5921] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 99.917537][ T5921] usb 1-1: Using ep0 maxpacket: 8 [ 99.929939][ T5921] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 99.941416][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 100.035551][ T5921] pvrusb2: Hardware description: Terratec Grabster AV400 [ 100.050684][ T5921] pvrusb2: ********** [ 100.058960][ T5921] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 100.095376][ T5842] usb 3-1: device not accepting address 2, error -71 [ 100.095399][ T5921] pvrusb2: Important functionality might not be entirely working. [ 100.336898][ T6111] bridge0: port 2(bridge_slave_1) entered disabled state [ 100.345195][ T6111] bridge0: port 1(bridge_slave_0) entered disabled state [ 100.370203][ T5921] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 100.384802][ T5921] pvrusb2: ********** [ 100.539051][ T6117] warning: `syz.0.46' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 100.683683][ T6119] netlink: 'syz.0.46': attribute type 3 has an invalid length. [ 100.770603][ T5842] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 101.251876][ T5842] usb 3-1: Using ep0 maxpacket: 8 [ 101.310616][ T2343] pvrusb2: Invalid write control endpoint [ 101.326270][ T5842] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 101.346411][ T5842] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 101.372905][ T5842] usb 3-1: Product: syz [ 101.387933][ T5842] usb 3-1: Manufacturer: syz [ 101.406019][ T5842] usb 3-1: SerialNumber: syz [ 101.425503][ T5842] usb 3-1: config 0 descriptor?? [ 101.462484][ T2343] pvrusb2: Invalid write control endpoint [ 101.488840][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 101.510056][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 101.525605][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 101.555703][ T2343] pvrusb2: Device being rendered inoperable [ 101.573256][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 101.594246][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 101.621897][ T2343] pvrusb2: Attached sub-driver cx25840 [ 101.642655][ T5842] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 101.654022][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 101.667340][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 102.469297][ T5926] usb 1-1: USB disconnect, device number 3 [ 102.670390][ T6130] overlayfs: missing 'lowerdir' [ 102.714017][ T6130] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 103.948095][ T6135] netlink: 'syz.3.54': attribute type 14 has an invalid length. [ 104.168198][ T6139] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 104.178955][ T6139] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 104.708096][ T6144] netlink: 'syz.4.55': attribute type 14 has an invalid length. [ 105.045646][ T5842] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 105.165817][ T6143] JFS: discard option not supported on device [ 105.172339][ T6143] Mount JFS Failure: -22 [ 105.176593][ T6143] jfs_mount failed w/return code = -22 [ 105.190484][ T5892] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 105.199421][ T6149] openvswitch: netlink: nsh attribute has 65533 unknown bytes. [ 105.209239][ T6149] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 105.244257][ T6149] overlayfs: conflicting options: nfs_export=on,metacopy=on [ 105.267657][ T5842] usb 3-1: USB disconnect, device number 3 [ 105.420441][ T5892] usb 5-1: Using ep0 maxpacket: 16 [ 105.429512][ T5892] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 105.450235][ T5892] usb 5-1: config 0 has no interfaces? [ 105.467283][ T5892] usb 5-1: New USB device found, idVendor=0c70, idProduct=f014, bcdDevice= 0.00 [ 105.480185][ T5892] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.491519][ T5892] usb 5-1: config 0 descriptor?? [ 105.530309][ T43] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 105.690261][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 105.713046][ T43] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 105.733297][ T43] usb 4-1: config 0 has no interfaces? [ 105.744502][ T43] usb 4-1: New USB device found, idVendor=0c70, idProduct=f014, bcdDevice= 0.00 [ 105.765061][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 105.786789][ T43] usb 4-1: config 0 descriptor?? [ 107.071641][ T5921] usb 4-1: USB disconnect, device number 2 [ 107.143472][ T5978] usb 5-1: USB disconnect, device number 4 [ 107.180464][ T5892] usb 2-1: new high-speed USB device number 2 using dummy_hcd [ 107.251249][ T6168] ieee802154 phy0 wpan0: encryption failed: -22 [ 107.291434][ T6170] program syz.4.64 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 107.381633][ T5892] usb 2-1: Using ep0 maxpacket: 8 [ 107.401453][ T5892] usb 2-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 107.424836][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 107.494398][ T5892] pvrusb2: Hardware description: Terratec Grabster AV400 [ 107.524347][ T5892] pvrusb2: ********** [ 107.528377][ T5892] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 107.547266][ T5892] pvrusb2: Important functionality might not be entirely working. [ 107.560253][ T5892] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 107.576388][ T5892] pvrusb2: ********** [ 107.586077][ T6173] geneve1: entered allmulticast mode [ 108.049345][ T6182] netlink: 'syz.1.61': attribute type 3 has an invalid length. [ 108.640460][ T2343] pvrusb2: Invalid write control endpoint [ 111.634078][ T5921] usb 2-1: USB disconnect, device number 2 [ 111.802107][ T2343] pvrusb2: Invalid write control endpoint [ 112.466912][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 112.600645][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 112.709265][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 112.840407][ T2343] pvrusb2: Device being rendered inoperable [ 112.846384][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 112.856490][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 112.894279][ T2343] pvrusb2: Attached sub-driver cx25840 [ 112.899872][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 113.150283][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 114.390794][ T6204] ubi31: attaching mtd0 [ 114.397848][ T6204] ubi31: scanning is finished [ 114.402850][ T6204] ubi31: empty MTD device detected [ 115.287426][ T43] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 115.392648][ T6212] fuse: blksize only supported for fuseblk [ 115.410234][ T6204] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 115.417864][ T6204] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 115.425249][ T6204] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 115.432354][ T6204] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 115.439834][ T6204] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 115.446743][ T6204] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 115.454972][ T6204] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 1954089206 [ 115.465112][ T6204] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 115.478099][ T6215] ubi31: background thread "ubi_bgt31d" started, PID 6215 [ 115.525712][ T43] usb 4-1: device descriptor read/64, error -71 [ 115.685508][ T6223] FAULT_INJECTION: forcing a failure. [ 115.685508][ T6223] name failslab, interval 1, probability 0, space 0, times 1 [ 115.706581][ T6223] CPU: 0 UID: 0 PID: 6223 Comm: syz.2.76 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 115.706606][ T6223] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 115.706625][ T6223] Call Trace: [ 115.706636][ T6223] [ 115.706645][ T6223] dump_stack_lvl+0x189/0x250 [ 115.706680][ T6223] ? __pfx____ratelimit+0x10/0x10 [ 115.706700][ T6223] ? __pfx_dump_stack_lvl+0x10/0x10 [ 115.706722][ T6223] ? __pfx__printk+0x10/0x10 [ 115.706752][ T6223] ? __pfx___might_resched+0x10/0x10 [ 115.706779][ T6223] should_fail_ex+0x414/0x560 [ 115.706806][ T6223] should_failslab+0xa8/0x100 [ 115.706829][ T6223] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 115.706847][ T6223] ? __x64_sys_sendmsg+0x19b/0x260 [ 115.706875][ T6223] ? __alloc_skb+0x112/0x2d0 [ 115.706898][ T6223] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.706922][ T6223] __alloc_skb+0x112/0x2d0 [ 115.706957][ T6223] tipc_nl_compat_doit+0x15d/0x5f0 [ 115.706993][ T6223] ? __pfx_tipc_nl_compat_doit+0x10/0x10 [ 115.707023][ T6223] ? rcu_is_watching+0x15/0xb0 [ 115.707044][ T6223] ? cap_capable+0x11f/0x460 [ 115.707064][ T6223] ? safesetid_security_capable+0xa9/0x1a0 [ 115.707093][ T6223] ? bpf_lsm_capable+0x9/0x20 [ 115.707117][ T6223] ? security_capable+0x7e/0x2e0 [ 115.707149][ T6223] tipc_nl_compat_recv+0x83c/0xbe0 [ 115.707180][ T6223] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 115.707209][ T6223] ? __mutex_trylock_common+0x153/0x260 [ 115.707233][ T6223] ? __pfx___tipc_nl_bearer_enable+0x10/0x10 [ 115.707254][ T6223] ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10 [ 115.707281][ T6223] ? __pfx___mutex_trylock_common+0x10/0x10 [ 115.707302][ T6223] ? __local_bh_enable_ip+0x12d/0x1c0 [ 115.707327][ T6223] ? rcu_is_watching+0x15/0xb0 [ 115.707359][ T6223] genl_family_rcv_msg_doit+0x215/0x300 [ 115.707388][ T6223] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 115.707435][ T6223] genl_rcv_msg+0x60e/0x790 [ 115.707464][ T6223] ? __pfx_genl_rcv_msg+0x10/0x10 [ 115.707481][ T6223] ? ref_tracker_free+0x63a/0x7d0 [ 115.707501][ T6223] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 115.707530][ T6223] ? __pfx_ref_tracker_free+0x10/0x10 [ 115.707563][ T6223] netlink_rcv_skb+0x205/0x470 [ 115.707591][ T6223] ? __pfx_genl_rcv_msg+0x10/0x10 [ 115.707612][ T6223] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 115.707658][ T6223] ? down_read+0x1ad/0x2e0 [ 115.707684][ T6223] genl_rcv+0x28/0x40 [ 115.707701][ T6223] netlink_unicast+0x75c/0x8e0 [ 115.707738][ T6223] netlink_sendmsg+0x805/0xb30 [ 115.707775][ T6223] ? __pfx_netlink_sendmsg+0x10/0x10 [ 115.707811][ T6223] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 115.707829][ T6223] ? __pfx_netlink_sendmsg+0x10/0x10 [ 115.707856][ T6223] __sock_sendmsg+0x21c/0x270 [ 115.707883][ T6223] ____sys_sendmsg+0x505/0x830 [ 115.707917][ T6223] ? __pfx_____sys_sendmsg+0x10/0x10 [ 115.707957][ T6223] ? import_iovec+0x74/0xa0 [ 115.707987][ T6223] ___sys_sendmsg+0x21f/0x2a0 [ 115.708019][ T6223] ? __pfx____sys_sendmsg+0x10/0x10 [ 115.708094][ T6223] ? __fget_files+0x2a/0x420 [ 115.708115][ T6223] ? __fget_files+0x3a0/0x420 [ 115.708148][ T6223] __x64_sys_sendmsg+0x19b/0x260 [ 115.708180][ T6223] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 115.708220][ T6223] ? __pfx_ksys_write+0x10/0x10 [ 115.708236][ T6223] ? rcu_is_watching+0x15/0xb0 [ 115.708261][ T6223] ? do_syscall_64+0xbe/0x3b0 [ 115.708287][ T6223] do_syscall_64+0xfa/0x3b0 [ 115.708307][ T6223] ? lockdep_hardirqs_on+0x9c/0x150 [ 115.708327][ T6223] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.708345][ T6223] ? clear_bhb_loop+0x60/0xb0 [ 115.708369][ T6223] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 115.708387][ T6223] RIP: 0033:0x7f8abdf8ebe9 [ 115.708409][ T6223] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 115.708425][ T6223] RSP: 002b:00007f8abee55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 115.708445][ T6223] RAX: ffffffffffffffda RBX: 00007f8abe1b5fa0 RCX: 00007f8abdf8ebe9 [ 115.708459][ T6223] RDX: 0000000000000000 RSI: 0000200000000440 RDI: 0000000000000003 [ 115.708471][ T6223] RBP: 00007f8abee55090 R08: 0000000000000000 R09: 0000000000000000 [ 115.708483][ T6223] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 115.708494][ T6223] R13: 00007f8abe1b6038 R14: 00007f8abe1b5fa0 R15: 00007ffe6bda90b8 [ 115.708526][ T6223] [ 115.880264][ T43] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 116.175143][ T6227] program syz.2.77 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 117.103879][ T6236] syzkaller1: entered promiscuous mode [ 117.180302][ T6236] syzkaller1: entered allmulticast mode [ 117.212443][ T6240] FAULT_INJECTION: forcing a failure. [ 117.212443][ T6240] name failslab, interval 1, probability 0, space 0, times 0 [ 117.225301][ T6240] CPU: 1 UID: 0 PID: 6240 Comm: syz.2.80 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 117.225315][ T6240] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 117.225321][ T6240] Call Trace: [ 117.225326][ T6240] [ 117.225330][ T6240] dump_stack_lvl+0x189/0x250 [ 117.225347][ T6240] ? __pfx____ratelimit+0x10/0x10 [ 117.225358][ T6240] ? __pfx_dump_stack_lvl+0x10/0x10 [ 117.225369][ T6240] ? __pfx__printk+0x10/0x10 [ 117.225384][ T6240] ? trace_fib_table_lookup+0x85/0x200 [ 117.225401][ T6240] ? fib_table_lookup+0x11ba/0x16e0 [ 117.225417][ T6240] should_fail_ex+0x414/0x560 [ 117.225430][ T6240] should_failslab+0xa8/0x100 [ 117.225442][ T6240] kmem_cache_alloc_noprof+0x73/0x3c0 [ 117.225452][ T6240] ? dst_alloc+0x105/0x170 [ 117.225461][ T6240] ? fib_lookup+0x76/0x440 [ 117.225472][ T6240] dst_alloc+0x105/0x170 [ 117.225484][ T6240] ip_route_input_rcu+0x1ed5/0x2ff0 [ 117.225499][ T6240] ? lockdep_hardirqs_on+0x9c/0x150 [ 117.225510][ T6240] ? __pfx_ip_route_input_rcu+0x10/0x10 [ 117.225533][ T6240] ? ipt_do_table+0x13dd/0x1630 [ 117.225549][ T6240] ? ip_route_input_noref+0x98/0x250 [ 117.225560][ T6240] ip_route_input_noref+0x167/0x250 [ 117.225572][ T6240] ? __pfx_ip_route_input_noref+0x10/0x10 [ 117.225584][ T6240] ? __pfx_udp_v4_early_demux+0x10/0x10 [ 117.225598][ T6240] ? ipt_do_table+0x2a3/0x1630 [ 117.225610][ T6240] ? __pfx_ipt_do_table+0x10/0x10 [ 117.225625][ T6240] ip_rcv_finish_core+0x5af/0x1c00 [ 117.225645][ T6240] ip_rcv_finish+0x14c/0x2f0 [ 117.225660][ T6240] NF_HOOK+0x30c/0x3a0 [ 117.225674][ T6240] ? __pfx_ip_rcv_finish+0x10/0x10 [ 117.225687][ T6240] ? NF_HOOK+0x9a/0x3a0 [ 117.225706][ T6240] ? __pfx_NF_HOOK+0x10/0x10 [ 117.225717][ T6240] ? ip_rcv_core+0x7f7/0xd00 [ 117.225731][ T6240] ? __pfx_ip_rcv_finish+0x10/0x10 [ 117.225749][ T6240] ? __pfx_ip_rcv+0x10/0x10 [ 117.225761][ T6240] __netif_receive_skb+0x143/0x380 [ 117.225776][ T6240] ? netif_receive_skb+0x115/0x790 [ 117.225788][ T6240] netif_receive_skb+0x1cb/0x790 [ 117.225798][ T6240] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 117.225809][ T6240] ? _copy_from_iter+0x24c/0x16f0 [ 117.225821][ T6240] ? __pfx_netif_receive_skb+0x10/0x10 [ 117.225832][ T6240] ? skb_partial_csum_set+0x107/0x360 [ 117.225848][ T6240] ? tun_rx_batched+0x160/0x730 [ 117.225862][ T6240] tun_rx_batched+0x1b9/0x730 [ 117.225874][ T6240] ? __lock_acquire+0xab9/0xd20 [ 117.225886][ T6240] ? __pfx_tun_rx_batched+0x10/0x10 [ 117.225900][ T6240] ? tun_get_user+0x2549/0x3ce0 [ 117.225920][ T6240] tun_get_user+0x298e/0x3ce0 [ 117.225934][ T6240] ? tun_get_user+0x2549/0x3ce0 [ 117.225954][ T6240] ? __might_fault+0xb0/0x130 [ 117.225965][ T6240] ? __pfx_tun_get_user+0x10/0x10 [ 117.225982][ T6240] ? __lock_acquire+0xab9/0xd20 [ 117.225994][ T6240] ? ref_tracker_alloc+0x318/0x460 [ 117.226004][ T6240] ? __lock_acquire+0xab9/0xd20 [ 117.226014][ T6240] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 117.226028][ T6240] ? tun_get+0x1c/0x2f0 [ 117.226043][ T6240] ? tun_get+0x1c/0x2f0 [ 117.226055][ T6240] ? tun_get+0x1c/0x2f0 [ 117.226070][ T6240] tun_chr_write_iter+0x113/0x200 [ 117.226083][ T6240] vfs_write+0x54b/0xa90 [ 117.226095][ T6240] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 117.226108][ T6240] ? __pfx_vfs_write+0x10/0x10 [ 117.226123][ T6240] ? __fget_files+0x2a/0x420 [ 117.226139][ T6240] ksys_write+0x145/0x250 [ 117.226149][ T6240] ? __pfx_ksys_write+0x10/0x10 [ 117.226161][ T6240] ? do_syscall_64+0xbe/0x3b0 [ 117.226174][ T6240] do_syscall_64+0xfa/0x3b0 [ 117.226184][ T6240] ? lockdep_hardirqs_on+0x9c/0x150 [ 117.226194][ T6240] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.226204][ T6240] ? clear_bhb_loop+0x60/0xb0 [ 117.226216][ T6240] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 117.226225][ T6240] RIP: 0033:0x7f8abdf8ebe9 [ 117.226236][ T6240] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 117.226244][ T6240] RSP: 002b:00007f8abee34038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 117.226255][ T6240] RAX: ffffffffffffffda RBX: 00007f8abe1b6090 RCX: 00007f8abdf8ebe9 [ 117.226262][ T6240] RDX: 0000000000000073 RSI: 0000200000001240 RDI: 0000000000000003 [ 117.226269][ T6240] RBP: 00007f8abee34090 R08: 0000000000000000 R09: 0000000000000000 [ 117.226275][ T6240] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 117.226280][ T6240] R13: 00007f8abe1b6128 R14: 00007f8abe1b6090 R15: 00007ffe6bda90b8 [ 117.226296][ T6240] [ 118.382506][ T6247] Bluetooth: MGMT ver 1.23 [ 119.010624][ T6260] netlink: 780 bytes leftover after parsing attributes in process `syz.4.87'. [ 119.154219][ T6260] loop9: detected capacity change from 0 to 524288000 [ 120.967012][ T5892] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 121.188030][ T5892] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 121.208932][ T5892] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 121.252848][ T5892] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 121.282906][ T5892] usb 3-1: config 1 has no interface number 1 [ 121.289058][ T5892] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 121.335735][ T5892] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 121.349069][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.367293][ T5892] usb 3-1: Product: syz [ 121.378220][ T5892] usb 3-1: Manufacturer: syz [ 121.430927][ T5892] usb 3-1: SerialNumber: syz [ 121.720984][ T6271] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 121.748175][ T6271] netlink: 104 bytes leftover after parsing attributes in process `syz.2.91'. [ 122.560071][ T5892] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 122.599874][ T5892] usb 3-1: MIDIStreaming interface descriptor not found [ 122.730458][ T5978] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 122.776657][ T5892] usb 3-1: USB disconnect, device number 4 [ 122.891053][ T5978] usb 5-1: Using ep0 maxpacket: 8 [ 122.950259][ T976] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 122.998744][ T5978] usb 5-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 123.621799][ T5978] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 123.638108][ T5978] pvrusb2: Hardware description: Terratec Grabster AV400 [ 123.717777][ T6308] udevd[6308]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 123.740486][ T976] usb 1-1: device descriptor read/64, error -71 [ 123.788824][ T5978] pvrusb2: ********** [ 123.807221][ T5978] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 123.981338][ T5978] pvrusb2: Important functionality might not be entirely working. [ 124.037391][ T5978] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 124.120480][ T976] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 124.194593][ T6318] netlink: 'syz.4.99': attribute type 3 has an invalid length. [ 124.260075][ T5978] pvrusb2: ********** [ 124.295247][ T2343] pvrusb2: Invalid write control endpoint [ 124.400431][ T976] usb 1-1: device descriptor read/64, error -71 [ 124.650663][ T976] usb usb1-port1: attempt power cycle [ 124.715696][ T2343] pvrusb2: Invalid write control endpoint [ 124.723083][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 124.745447][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 124.766877][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 124.778289][ T2343] pvrusb2: Device being rendered inoperable [ 124.788036][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 124.795181][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_b) [ 124.812801][ T2343] pvrusb2: Attached sub-driver cx25840 [ 124.818301][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 124.853196][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 125.020437][ T976] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 125.074788][ T976] usb 1-1: device descriptor read/8, error -71 [ 125.880388][ T5892] usb 5-1: USB disconnect, device number 5 [ 125.930569][ T976] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 126.086043][ T6333] netlink: 12 bytes leftover after parsing attributes in process `syz.2.108'. [ 126.185311][ T976] usb 1-1: device descriptor read/8, error -71 [ 126.571283][ T976] usb usb1-port1: unable to enumerate USB device [ 129.618463][ T5954] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 130.110408][ T5954] usb 3-1: Using ep0 maxpacket: 16 [ 130.207016][ T6372] FAULT_INJECTION: forcing a failure. [ 130.207016][ T6372] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 130.220557][ T6372] CPU: 1 UID: 0 PID: 6372 Comm: syz.3.118 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 130.220581][ T6372] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 130.220593][ T6372] Call Trace: [ 130.220606][ T6372] [ 130.220614][ T6372] dump_stack_lvl+0x189/0x250 [ 130.220641][ T6372] ? __pfx____ratelimit+0x10/0x10 [ 130.220662][ T6372] ? __pfx_dump_stack_lvl+0x10/0x10 [ 130.220684][ T6372] ? __pfx__printk+0x10/0x10 [ 130.220709][ T6372] ? __might_fault+0xb0/0x130 [ 130.220740][ T6372] should_fail_ex+0x414/0x560 [ 130.220765][ T6372] _copy_from_user+0x2d/0xb0 [ 130.220793][ T6372] sctp_getsockopt_scheduler+0xb5/0x4c0 [ 130.220823][ T6372] ? __pfx_sctp_getsockopt_scheduler+0x10/0x10 [ 130.220861][ T6372] sctp_getsockopt+0xa81/0xb60 [ 130.220886][ T6372] ? __pfx_sock_common_getsockopt+0x10/0x10 [ 130.220913][ T6372] do_sock_getsockopt+0x36f/0x450 [ 130.220945][ T6372] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 130.220972][ T6372] ? do_syscall_64+0x20/0x3b0 [ 130.220993][ T6372] ? __fget_files+0x3a0/0x420 [ 130.221013][ T6372] ? __fget_files+0x2a/0x420 [ 130.221042][ T6372] __x64_sys_getsockopt+0x1a5/0x250 [ 130.221069][ T6372] ? do_syscall_64+0x20/0x3b0 [ 130.221092][ T6372] ? do_syscall_64+0x20/0x3b0 [ 130.221117][ T6372] do_syscall_64+0xfa/0x3b0 [ 130.221139][ T6372] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.221157][ T6372] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 130.221175][ T6372] ? clear_bhb_loop+0x60/0xb0 [ 130.221199][ T6372] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 130.221217][ T6372] RIP: 0033:0x7f68d8f8ebe9 [ 130.221235][ T6372] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 130.221251][ T6372] RSP: 002b:00007f68d9daa038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 130.221271][ T6372] RAX: ffffffffffffffda RBX: 00007f68d91b6180 RCX: 00007f68d8f8ebe9 [ 130.221285][ T6372] RDX: 000000000000007b RSI: 0000000000000084 RDI: 0000000000000006 [ 130.221296][ T6372] RBP: 00007f68d9daa090 R08: 0000200000002b00 R09: 0000000000000000 [ 130.221309][ T6372] R10: 0000200000002ac0 R11: 0000000000000246 R12: 0000000000000001 [ 130.221321][ T6372] R13: 00007f68d91b6218 R14: 00007f68d91b6180 R15: 00007fff134f5918 [ 130.221352][ T6372] [ 130.547103][ T5954] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 130.602071][ T5954] usb 3-1: config 0 has no interfaces? [ 130.630411][ T5954] usb 3-1: New USB device found, idVendor=0c70, idProduct=f014, bcdDevice= 0.00 [ 130.666365][ T5954] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 130.706760][ T5954] usb 3-1: config 0 descriptor?? [ 130.911342][ T976] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 131.006913][ T6382] mmap: syz.3.121 (6382) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 131.170399][ T976] usb 1-1: Using ep0 maxpacket: 8 [ 131.251214][ T976] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 131.291239][ T976] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 131.343600][ T976] pvrusb2: Hardware description: Terratec Grabster AV400 [ 131.351937][ T6386] netlink: 'syz.3.123': attribute type 2 has an invalid length. [ 131.364093][ T976] pvrusb2: ********** [ 131.374374][ T6386] netlink: 'syz.3.123': attribute type 1 has an invalid length. [ 131.382518][ T976] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 131.399311][ T6386] netlink: 8 bytes leftover after parsing attributes in process `syz.3.123'. [ 131.408726][ T976] pvrusb2: Important functionality might not be entirely working. [ 131.421643][ T976] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 131.435687][ T976] pvrusb2: ********** [ 131.804850][ T6395] netlink: 'syz.0.120': attribute type 3 has an invalid length. [ 131.841138][ T2343] pvrusb2: Invalid write control endpoint [ 132.765467][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 132.771832][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 132.849478][ T976] usb 3-1: USB disconnect, device number 5 [ 133.387689][ T2343] pvrusb2: Invalid write control endpoint [ 133.438712][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 133.449122][ T6403] FAULT_INJECTION: forcing a failure. [ 133.449122][ T6403] name failslab, interval 1, probability 0, space 0, times 0 [ 133.462673][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 133.482746][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 133.500432][ T6403] CPU: 0 UID: 0 PID: 6403 Comm: syz.2.127 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 133.500449][ T6403] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 133.500455][ T6403] Call Trace: [ 133.500461][ T6403] [ 133.500465][ T6403] dump_stack_lvl+0x189/0x250 [ 133.500482][ T6403] ? __pfx____ratelimit+0x10/0x10 [ 133.500497][ T6403] ? __pfx_dump_stack_lvl+0x10/0x10 [ 133.500508][ T6403] ? __pfx__printk+0x10/0x10 [ 133.500524][ T6403] ? __pfx___might_resched+0x10/0x10 [ 133.500535][ T6403] ? fs_reclaim_acquire+0x7d/0x100 [ 133.500550][ T6403] should_fail_ex+0x414/0x560 [ 133.500564][ T6403] should_failslab+0xa8/0x100 [ 133.500576][ T6403] __kmalloc_noprof+0xcb/0x4f0 [ 133.500586][ T6403] ? security_sk_alloc+0x52/0x390 [ 133.500599][ T6403] security_sk_alloc+0x52/0x390 [ 133.500610][ T6403] sk_prot_alloc+0x101/0x220 [ 133.500628][ T6403] sk_alloc+0x3a/0x370 [ 133.500646][ T6403] inet_create+0x7a0/0x1000 [ 133.500659][ T6403] ? inet_create+0x9c/0x1000 [ 133.500673][ T6403] __sock_create+0x4b0/0x9f0 [ 133.500691][ T6403] mptcp_subflow_create_socket+0xfd/0xb40 [ 133.500706][ T6403] ? look_up_lock_class+0x74/0x170 [ 133.500718][ T6403] ? register_lock_class+0x51/0x320 [ 133.500735][ T6403] ? __pfx_mptcp_subflow_create_socket+0x10/0x10 [ 133.500749][ T6403] ? __lock_acquire+0xab9/0xd20 [ 133.500762][ T6403] __mptcp_nmpc_sk+0x148/0x750 [ 133.500778][ T6403] ? __pfx___mptcp_nmpc_sk+0x10/0x10 [ 133.500790][ T6403] ? __local_bh_enable_ip+0x12d/0x1c0 [ 133.500801][ T6403] ? lockdep_hardirqs_on+0x9c/0x150 [ 133.500812][ T6403] ? __local_bh_enable_ip+0x12d/0x1c0 [ 133.500823][ T6403] mptcp_sendmsg_fastopen+0xd4/0x580 [ 133.500840][ T6403] mptcp_sendmsg+0x176c/0x1970 [ 133.500854][ T6403] ? smack_socket_sendmsg+0x438/0x520 [ 133.500868][ T6403] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 133.500887][ T6403] ? is_bpf_text_address+0x26/0x2b0 [ 133.500900][ T6403] ? __pfx_mptcp_sendmsg+0x10/0x10 [ 133.500911][ T6403] ? sock_rps_record_flow+0x19/0x410 [ 133.500924][ T6403] ? inet_sendmsg+0x2f4/0x370 [ 133.500937][ T6403] __sock_sendmsg+0x19c/0x270 [ 133.500951][ T6403] ____sys_sendmsg+0x505/0x830 [ 133.500970][ T6403] ? __pfx_____sys_sendmsg+0x10/0x10 [ 133.500990][ T6403] ? import_iovec+0x74/0xa0 [ 133.501007][ T6403] ___sys_sendmsg+0x21f/0x2a0 [ 133.501030][ T6403] ? __pfx____sys_sendmsg+0x10/0x10 [ 133.501065][ T6403] ? __fget_files+0x2a/0x420 [ 133.501076][ T6403] ? __fget_files+0x3a0/0x420 [ 133.501093][ T6403] __x64_sys_sendmsg+0x19b/0x260 [ 133.501110][ T6403] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 133.501131][ T6403] ? __pfx_ksys_write+0x10/0x10 [ 133.501139][ T6403] ? rcu_is_watching+0x15/0xb0 [ 133.501153][ T6403] ? do_syscall_64+0xbe/0x3b0 [ 133.501166][ T6403] do_syscall_64+0xfa/0x3b0 [ 133.501177][ T6403] ? lockdep_hardirqs_on+0x9c/0x150 [ 133.501187][ T6403] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.501196][ T6403] ? clear_bhb_loop+0x60/0xb0 [ 133.501208][ T6403] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 133.501218][ T6403] RIP: 0033:0x7f8abdf8ebe9 [ 133.501228][ T6403] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 133.501236][ T6403] RSP: 002b:00007f8abee55038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 133.501247][ T6403] RAX: ffffffffffffffda RBX: 00007f8abe1b5fa0 RCX: 00007f8abdf8ebe9 [ 133.501255][ T6403] RDX: 00000000300060c1 RSI: 0000200000000240 RDI: 0000000000000004 [ 133.501261][ T6403] RBP: 00007f8abee55090 R08: 0000000000000000 R09: 0000000000000000 [ 133.501267][ T6403] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 133.501273][ T6403] R13: 00007f8abe1b6038 R14: 00007f8abe1b5fa0 R15: 00007ffe6bda90b8 [ 133.501290][ T6403] [ 133.530219][ T2343] pvrusb2: Device being rendered inoperable [ 134.070250][ T30] audit: type=1326 audit(1755660157.661:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.3.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68d8f8ebe9 code=0x7ffc0000 [ 134.091720][ T5921] usb 1-1: USB disconnect, device number 8 [ 134.251280][ T6415] netlink: 100 bytes leftover after parsing attributes in process `syz.4.132'. [ 134.380222][ T30] audit: type=1326 audit(1755660157.711:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.3.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68d8f8ebe9 code=0x7ffc0000 [ 134.410774][ T30] audit: type=1326 audit(1755660157.711:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.3.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=111 compat=0 ip=0x7f68d8f8ebe9 code=0x7ffc0000 [ 135.002919][ T30] audit: type=1326 audit(1755660157.711:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.3.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68d8f8ebe9 code=0x7ffc0000 [ 135.078421][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 135.105406][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 135.135722][ T30] audit: type=1326 audit(1755660157.711:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.3.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68d8f8ebe9 code=0x7ffc0000 [ 135.161680][ T30] audit: type=1326 audit(1755660157.711:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.3.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7f68d8f8ebe9 code=0x7ffc0000 [ 135.201476][ T2343] pvrusb2: Attached sub-driver cx25840 [ 135.207073][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 135.257364][ T30] audit: type=1326 audit(1755660157.721:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.3.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68d8f8ebe9 code=0x7ffc0000 [ 135.278717][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 135.336077][ T30] audit: type=1326 audit(1755660157.721:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.3.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=165 compat=0 ip=0x7f68d8f8ebe9 code=0x7ffc0000 [ 135.363317][ T30] audit: type=1326 audit(1755660157.721:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.3.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68d8f8ebe9 code=0x7ffc0000 [ 135.395509][ T30] audit: type=1326 audit(1755660157.721:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6406 comm="syz.3.129" exe="/root/syz-executor" sig=0 arch=c000003e syscall=0 compat=0 ip=0x7f68d8f8ebe9 code=0x7ffc0000 [ 135.569591][ T6433] syz.2.131: attempt to access beyond end of device [ 135.569591][ T6433] nbd2: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 135.582913][ T6433] EXT4-fs (nbd2): unable to read superblock [ 135.627500][ T6434] No control pipe specified [ 135.747170][ T5978] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 135.993719][ T5921] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 135.995624][ T5978] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 136.037242][ T5978] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 136.057253][ T5978] usb 4-1: config 0 descriptor?? [ 136.073932][ T5978] cp210x 4-1:0.0: cp210x converter detected [ 136.293908][ T5921] usb 1-1: New USB device found, idVendor=055f, idProduct=c230, bcdDevice=b6.ac [ 136.676745][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.826230][ T5921] usb 1-1: Product: syz [ 137.020221][ T5921] usb 1-1: Manufacturer: syz [ 137.024998][ T5921] usb 1-1: SerialNumber: syz [ 137.045003][ T5921] usb 1-1: config 0 descriptor?? [ 137.205295][ T5921] gspca_main: sunplus-2.14.0 probing 055f:c230 [ 137.623070][ T6453] netlink: 8 bytes leftover after parsing attributes in process `syz.1.141'. [ 137.800869][ T6453] macvtap1: entered allmulticast mode [ 137.806379][ T6453] veth0_macvtap: entered allmulticast mode [ 138.477056][ T5978] cp210x 4-1:0.0: failed to get vendor val 0x000e size 3: -32 [ 138.535423][ T5978] cp210x 4-1:0.0: failed to get vendor val 0x370c size 73: -71 [ 138.557297][ T5978] cp210x 4-1:0.0: GPIO initialisation failed: -71 [ 138.574826][ T6457] netlink: 'syz.1.142': attribute type 3 has an invalid length. [ 138.587890][ T6457] netlink: 'syz.1.142': attribute type 2 has an invalid length. [ 138.589108][ T5978] usb 4-1: cp210x converter now attached to ttyUSB0 [ 138.626803][ T5978] usb 4-1: USB disconnect, device number 5 [ 138.839609][ T5978] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 138.848996][ T5978] cp210x 4-1:0.0: device disconnected [ 138.981045][ T5921] gspca_sunplus: reg_r err -110 [ 138.989087][ T6461] comedi comedi4: bad chanlist[1]=0x00000008 chan=8 range length=2 [ 138.994788][ T5921] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 141.998050][ T6474] ubi: mtd0 is already attached to ubi31 [ 144.850766][ T6492] syz.4.150: attempt to access beyond end of device [ 144.850766][ T6492] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 144.960442][ T6492] EXT4-fs (nbd4): unable to read superblock [ 145.014661][ T5978] usb 1-1: USB disconnect, device number 9 [ 145.034617][ T6494] No control pipe specified [ 146.781183][ T6505] FAULT_INJECTION: forcing a failure. [ 146.781183][ T6505] name failslab, interval 1, probability 0, space 0, times 0 [ 146.810320][ T6505] CPU: 0 UID: 0 PID: 6505 Comm: syz.0.155 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 146.810347][ T6505] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 146.810359][ T6505] Call Trace: [ 146.810367][ T6505] [ 146.810375][ T6505] dump_stack_lvl+0x189/0x250 [ 146.810402][ T6505] ? __pfx____ratelimit+0x10/0x10 [ 146.810423][ T6505] ? __pfx_dump_stack_lvl+0x10/0x10 [ 146.810444][ T6505] ? __pfx__printk+0x10/0x10 [ 146.810473][ T6505] ? __pfx___might_resched+0x10/0x10 [ 146.810500][ T6505] should_fail_ex+0x414/0x560 [ 146.810524][ T6505] ? translate_table+0x198/0x2000 [ 146.810547][ T6505] should_failslab+0xa8/0x100 [ 146.810574][ T6505] __kvmalloc_node_noprof+0x161/0x5f0 [ 146.810595][ T6505] ? translate_table+0x198/0x2000 [ 146.810624][ T6505] translate_table+0x198/0x2000 [ 146.810672][ T6505] ? __lock_acquire+0xab9/0xd20 [ 146.810696][ T6505] ? __pfx_translate_table+0x10/0x10 [ 146.810723][ T6505] ? __might_fault+0xb0/0x130 [ 146.810761][ T6505] ? _copy_from_user+0x94/0xb0 [ 146.810792][ T6505] do_ipt_set_ctl+0x967/0xcd0 [ 146.810824][ T6505] ? rcu_is_watching+0x15/0xb0 [ 146.810844][ T6505] ? __pfx_do_ipt_set_ctl+0x10/0x10 [ 146.810888][ T6505] ? __pfx___mutex_lock+0x10/0x10 [ 146.810910][ T6505] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 146.810949][ T6505] nf_setsockopt+0x26c/0x290 [ 146.810981][ T6505] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 146.811007][ T6505] do_sock_setsockopt+0x179/0x1b0 [ 146.811040][ T6505] __x64_sys_setsockopt+0x13f/0x1b0 [ 146.811073][ T6505] do_syscall_64+0xfa/0x3b0 [ 146.811093][ T6505] ? lockdep_hardirqs_on+0x9c/0x150 [ 146.811113][ T6505] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.811131][ T6505] ? clear_bhb_loop+0x60/0xb0 [ 146.811154][ T6505] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 146.811173][ T6505] RIP: 0033:0x7ffb8c38ebe9 [ 146.811189][ T6505] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 146.811205][ T6505] RSP: 002b:00007ffb8d144038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 146.811225][ T6505] RAX: ffffffffffffffda RBX: 00007ffb8c5b5fa0 RCX: 00007ffb8c38ebe9 [ 146.811240][ T6505] RDX: 0000000000000040 RSI: 0000000000000000 RDI: 0000000000000003 [ 146.811251][ T6505] RBP: 00007ffb8d144090 R08: 0000000000000330 R09: 0000000000000000 [ 146.811263][ T6505] R10: 0000200000000880 R11: 0000000000000246 R12: 0000000000000001 [ 146.811275][ T6505] R13: 00007ffb8c5b6038 R14: 00007ffb8c5b5fa0 R15: 00007ffc1dcc1958 [ 146.811306][ T6505] [ 147.268978][ T6509] (unnamed net_device) (uninitialized): Removing last arp target with arp_interval on [ 147.374706][ T6509] bond1: entered promiscuous mode [ 147.379771][ T6509] bond1: entered allmulticast mode [ 147.385385][ T6509] 8021q: adding VLAN 0 to HW filter on device bond1 [ 148.618088][ T5892] usb 4-1: new full-speed USB device number 6 using dummy_hcd [ 149.264366][ T6515] netlink: 8 bytes leftover after parsing attributes in process `syz.1.157'. [ 149.369596][ T6515] macvtap2: entered allmulticast mode [ 150.780910][ T5954] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 151.060264][ T5954] usb 3-1: Using ep0 maxpacket: 16 [ 151.078706][ T5954] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 151.105530][ T5954] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 151.140358][ T5954] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 151.170025][ T5954] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 151.239891][ T5954] usb 3-1: config 0 descriptor?? [ 151.351207][ T6543] netlink: 8 bytes leftover after parsing attributes in process `syz.4.162'. [ 151.399080][ T6543] macvtap1: entered allmulticast mode [ 151.404656][ T6543] veth0_macvtap: entered allmulticast mode [ 152.592873][ T5954] usbhid 3-1:0.0: can't add hid device: -71 [ 152.598861][ T5954] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 152.671704][ T5954] usb 3-1: USB disconnect, device number 6 [ 153.240281][ T6556] process 'syz.4.165' launched './file0' with NULL argv: empty string added [ 153.281615][ T6556] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 153.315354][ T6556] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 153.829555][ T6554] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 154.115276][ T6558] FAULT_INJECTION: forcing a failure. [ 154.115276][ T6558] name failslab, interval 1, probability 0, space 0, times 0 [ 154.334341][ T6558] CPU: 1 UID: 0 PID: 6558 Comm: syz.1.167 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 154.334369][ T6558] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 154.334380][ T6558] Call Trace: [ 154.334388][ T6558] [ 154.334397][ T6558] dump_stack_lvl+0x189/0x250 [ 154.334424][ T6558] ? __pfx____ratelimit+0x10/0x10 [ 154.334445][ T6558] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.334466][ T6558] ? __pfx__printk+0x10/0x10 [ 154.334497][ T6558] ? __pfx___might_resched+0x10/0x10 [ 154.334525][ T6558] should_fail_ex+0x414/0x560 [ 154.334551][ T6558] should_failslab+0xa8/0x100 [ 154.334574][ T6558] __kmalloc_cache_noprof+0x70/0x3d0 [ 154.334593][ T6558] ? snd_seq_port_connect+0x6b/0x430 [ 154.334618][ T6558] snd_seq_port_connect+0x6b/0x430 [ 154.334636][ T6558] ? do_raw_read_unlock+0x3d/0x80 [ 154.334661][ T6558] ? _raw_read_unlock+0x28/0x50 [ 154.334684][ T6558] snd_seq_ioctl_subscribe_port+0x339/0x710 [ 154.334713][ T6558] ? __pfx_snd_seq_ioctl_subscribe_port+0x10/0x10 [ 154.334750][ T6558] snd_seq_oss_midi_open+0x4b9/0x7b0 [ 154.334782][ T6558] ? __pfx_snd_seq_oss_midi_open+0x10/0x10 [ 154.334830][ T6558] snd_seq_oss_synth_reset+0x3c4/0x880 [ 154.334863][ T6558] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 154.334895][ T6558] ? __pfx_snd_seq_oss_synth_reset+0x10/0x10 [ 154.334920][ T6558] ? kasan_quarantine_put+0xdd/0x220 [ 154.334959][ T6558] snd_seq_oss_reset+0x5a/0x240 [ 154.334984][ T6558] snd_seq_oss_ioctl+0x6c8/0x1090 [ 154.335007][ T6558] ? __mutex_trylock_common+0x153/0x260 [ 154.335030][ T6558] ? __pfx_snd_seq_oss_ioctl+0x10/0x10 [ 154.335053][ T6558] ? __pfx___mutex_trylock_common+0x10/0x10 [ 154.335081][ T6558] ? rcu_is_watching+0x15/0xb0 [ 154.335101][ T6558] ? trace_contention_end+0x39/0x120 [ 154.335125][ T6558] ? __mutex_lock+0x330/0xe80 [ 154.335147][ T6558] ? __lock_acquire+0xab9/0xd20 [ 154.335169][ T6558] ? __asan_memset+0x22/0x50 [ 154.335195][ T6558] ? odev_ioctl+0x81/0xf0 [ 154.335217][ T6558] ? __pfx___mutex_lock+0x10/0x10 [ 154.335250][ T6558] ? __fget_files+0x2a/0x420 [ 154.335271][ T6558] ? __fget_files+0x3a0/0x420 [ 154.335290][ T6558] ? __fget_files+0x2a/0x420 [ 154.335314][ T6558] ? __pfx_odev_ioctl+0x10/0x10 [ 154.335336][ T6558] odev_ioctl+0xb2/0xf0 [ 154.335357][ T6558] __se_sys_ioctl+0xfc/0x170 [ 154.335388][ T6558] do_syscall_64+0xfa/0x3b0 [ 154.335407][ T6558] ? lockdep_hardirqs_on+0x9c/0x150 [ 154.335427][ T6558] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.335446][ T6558] ? clear_bhb_loop+0x60/0xb0 [ 154.335469][ T6558] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.335487][ T6558] RIP: 0033:0x7f3396f8ebe9 [ 154.335504][ T6558] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.335519][ T6558] RSP: 002b:00007f3397de0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 154.335539][ T6558] RAX: ffffffffffffffda RBX: 00007f33971b5fa0 RCX: 00007f3396f8ebe9 [ 154.335554][ T6558] RDX: 0000000000000000 RSI: 0000000000005100 RDI: 0000000000000005 [ 154.335565][ T6558] RBP: 00007f3397de0090 R08: 0000000000000000 R09: 0000000000000000 [ 154.335577][ T6558] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.335588][ T6558] R13: 00007f33971b6038 R14: 00007f33971b5fa0 R15: 00007ffddbeb8c88 [ 154.335621][ T6558] [ 155.560255][ T5954] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 156.585907][ T5954] usb 4-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=40.1f [ 156.595166][ T5954] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 156.606417][ T5954] usb 4-1: Product: syz [ 156.620081][ T5954] usb 4-1: Manufacturer: syz [ 156.640970][ T5954] usb 4-1: SerialNumber: syz [ 156.700836][ T5954] usb 4-1: config 0 descriptor?? [ 156.854759][ T5954] cypress_m8 4-1:0.0: Nokia CA-42 V2 Adapter converter detected [ 156.880334][ T5978] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 157.486659][ T5954] nokiaca42v2 ttyUSB0: required endpoint is missing [ 157.638797][ T5978] usb 1-1: Using ep0 maxpacket: 8 [ 157.755020][ T5978] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 158.121113][ T5978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.167494][ T5157] Bluetooth: hci4: link tx timeout [ 158.173048][ T5157] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 158.182949][ T5157] Bluetooth: hci4: link tx timeout [ 158.189465][ T5157] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 158.197625][ T5157] Bluetooth: hci4: link tx timeout [ 158.202819][ T5157] Bluetooth: hci4: killing stalled connection 10:aa:aa:aa:aa:aa [ 158.210759][ T5157] Bluetooth: hci4: link tx timeout [ 158.215884][ T5157] Bluetooth: hci4: killing stalled connection 11:aa:aa:aa:aa:aa [ 158.387839][ T5978] pvrusb2: Hardware description: Terratec Grabster AV400 [ 158.456864][ T6590] netlink: 'syz.2.175': attribute type 14 has an invalid length. [ 158.661419][ T5978] pvrusb2: ********** [ 158.756050][ T5978] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 158.884174][ T5978] pvrusb2: Important functionality might not be entirely working. [ 158.892193][ T5978] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 158.906296][ T5978] pvrusb2: ********** [ 158.919088][ T5892] usb 4-1: USB disconnect, device number 7 [ 158.951917][ T6593] netlink: 'syz.0.173': attribute type 3 has an invalid length. [ 158.966611][ T5892] cypress_m8 4-1:0.0: device disconnected [ 158.988479][ T2343] pvrusb2: Invalid write control endpoint [ 159.120235][ T5954] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 159.138665][ T2343] pvrusb2: Invalid write control endpoint [ 159.149178][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 159.173772][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 159.193020][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 159.220211][ T2343] pvrusb2: Device being rendered inoperable [ 159.227315][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 159.235443][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 159.244525][ T2343] pvrusb2: Attached sub-driver cx25840 [ 159.250210][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 159.263094][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 159.290491][ T5954] usb 3-1: Using ep0 maxpacket: 16 [ 159.304659][ T5954] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 159.319272][ T5954] usb 3-1: config 0 has no interfaces? [ 159.325240][ T5954] usb 3-1: New USB device found, idVendor=0c70, idProduct=f014, bcdDevice= 0.00 [ 159.335961][ T5954] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 159.344125][ T5978] usb 2-1: new high-speed USB device number 3 using dummy_hcd [ 159.361235][ T5954] usb 3-1: config 0 descriptor?? [ 159.608417][ T5978] usb 2-1: config 0 has an invalid interface number: 237 but max is 0 [ 159.860311][ T5978] usb 2-1: config 0 has no interface number 0 [ 160.416502][ T5978] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 160.427590][ T5978] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 160.442840][ T5978] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 160.454035][ T5978] usb 2-1: config 0 interface 237 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 160.472762][ T5157] Bluetooth: hci4: command 0x0406 tx timeout [ 160.476146][ T5978] usb 2-1: New USB device found, idVendor=045e, idProduct=84bd, bcdDevice=89.b6 [ 160.492990][ T5978] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.567475][ T5926] usb 1-1: USB disconnect, device number 10 [ 160.597549][ T5978] usb 2-1: Product: syz [ 160.619889][ T5978] usb 2-1: Manufacturer: syz [ 160.653250][ T5978] usb 2-1: SerialNumber: syz [ 160.811848][ T5978] usb 2-1: config 0 descriptor?? [ 160.834107][ T5978] xpad 2-1:0.237: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 160.860990][ T5978] input: Generic X-Box pad as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.237/input/input6 [ 161.521275][ T5926] usb 3-1: USB disconnect, device number 7 [ 161.594531][ T5978] usb 2-1: USB disconnect, device number 3 [ 162.491934][ T3094] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 162.512394][ T51] Bluetooth: hci4: command 0x0406 tx timeout [ 162.665676][ T6629] netlink: 12 bytes leftover after parsing attributes in process `syz.2.185'. [ 162.702147][ T3094] usb 1-1: Using ep0 maxpacket: 32 [ 162.732691][ T3094] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 162.750644][ T3094] usb 1-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 162.760243][ T5978] usb 2-1: new high-speed USB device number 4 using dummy_hcd [ 162.768679][ T3094] usb 1-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 162.777147][ T3094] usb 1-1: Product: syz [ 162.785109][ T3094] usb 1-1: Manufacturer: syz [ 162.789828][ T3094] usb 1-1: SerialNumber: syz [ 162.978147][ T3094] usb 1-1: config 0 descriptor?? [ 162.980225][ T5978] usb 2-1: Using ep0 maxpacket: 32 [ 163.037823][ T6621] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 163.207990][ T5978] usb 2-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 163.327661][ T5978] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 163.330081][ T3094] usb 1-1: USB disconnect, device number 11 [ 163.356061][ T5978] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 163.394644][ T5978] usb 2-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 8 [ 163.436889][ T5978] usb 2-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 255 [ 163.623111][ T5978] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 163.640214][ T5978] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 163.651033][ T5978] usb 2-1: SerialNumber: syz [ 163.690031][ T6623] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 163.738734][ T5978] cdc_acm 2-1:1.0: Control and data interfaces are not separated! [ 163.756779][ T5978] cdc_acm 2-1:1.0: This needs exactly 3 endpoints [ 163.777760][ T5978] cdc_acm 2-1:1.0: probe with driver cdc_acm failed with error -22 [ 163.935574][ T6623] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 163.945327][ T6623] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 163.956345][ T5978] usb 2-1: USB disconnect, device number 4 [ 164.030431][ T3094] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 164.054705][ T6647] netlink: 8 bytes leftover after parsing attributes in process `syz.2.191'. [ 164.114149][ T6647] macvtap1: entered allmulticast mode [ 164.119696][ T6647] veth0_macvtap: entered allmulticast mode [ 164.600300][ T3094] usb 4-1: Using ep0 maxpacket: 8 [ 164.721640][ T3094] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 164.737724][ T3094] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.754870][ T3094] pvrusb2: Hardware description: Terratec Grabster AV400 [ 164.761987][ T3094] pvrusb2: ********** [ 164.765991][ T3094] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 164.778358][ T3094] pvrusb2: Important functionality might not be entirely working. [ 164.786241][ T3094] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 164.999634][ T3094] pvrusb2: ********** [ 165.357535][ T6662] netlink: 'syz.3.190': attribute type 3 has an invalid length. [ 165.861083][ T2343] pvrusb2: Invalid write control endpoint [ 166.933297][ T6671] netlink: 4 bytes leftover after parsing attributes in process `syz.2.198'. [ 166.992705][ T5921] usb 4-1: USB disconnect, device number 8 [ 167.677494][ T2343] pvrusb2: Invalid write control endpoint [ 167.718331][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 167.788473][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 167.830661][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 167.934818][ T2343] pvrusb2: Device being rendered inoperable [ 168.071236][ T6681] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 168.102541][ T6681] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 168.162533][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 168.524598][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 168.594544][ T2343] pvrusb2: Attached sub-driver cx25840 [ 168.631517][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 168.722417][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 170.843531][ T5978] IPVS: starting estimator thread 0... [ 171.000415][ T6705] IPVS: using max 28 ests per chain, 67200 per kthread [ 171.250975][ T6707] syz.3.207: attempt to access beyond end of device [ 171.250975][ T6707] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 171.264493][ T6707] EXT4-fs (nbd3): unable to read superblock [ 171.282637][ T6707] No control pipe specified [ 173.432546][ T5157] Bluetooth: hci4: command 0x0406 tx timeout [ 173.623536][ T6719] netlink: 68 bytes leftover after parsing attributes in process `syz.0.210'. [ 173.646236][ T6721] netlink: 'syz.2.211': attribute type 29 has an invalid length. [ 173.725713][ T6721] netlink: 8 bytes leftover after parsing attributes in process `syz.2.211'. [ 174.629362][ T6738] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 174.640002][ T6738] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 180.443938][ T6773] syzkaller1: entered promiscuous mode [ 180.456646][ T6773] syzkaller1: entered allmulticast mode [ 180.474581][ T6776] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 180.488954][ T6776] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 180.674013][ T5954] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 182.734747][ T5954] usb 3-1: device descriptor read/64, error -71 [ 183.000885][ T5954] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 183.170232][ T5954] usb 3-1: Using ep0 maxpacket: 16 [ 183.188874][ T5954] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 183.312438][ T5954] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 183.934118][ T5954] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 183.943267][ T5954] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 184.044237][ T5954] usb 3-1: config 0 descriptor?? [ 184.309232][ T6822] syz.0.238: attempt to access beyond end of device [ 184.309232][ T6822] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 184.322453][ T6822] EXT4-fs (nbd0): unable to read superblock [ 184.366446][ T6823] No control pipe specified [ 185.284657][ T6833] netlink: 8 bytes leftover after parsing attributes in process `syz.0.241'. [ 185.371137][ T6838] program syz.1.243 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 185.482926][ T5954] usbhid 3-1:0.0: can't add hid device: -71 [ 185.488988][ T5954] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 185.527319][ T5954] usb 3-1: USB disconnect, device number 9 [ 188.642700][ T5921] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 188.986673][ T5921] usb 1-1: Using ep0 maxpacket: 8 [ 190.204856][ T5921] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 190.241299][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.249939][ T5921] usb 1-1: Product: syz [ 190.260286][ T5921] usb 1-1: Manufacturer: syz [ 190.265026][ T5921] usb 1-1: SerialNumber: syz [ 190.308656][ T5921] usb 1-1: config 0 descriptor?? [ 190.612441][ T5921] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 190.637620][ T6885] FAULT_INJECTION: forcing a failure. [ 190.637620][ T6885] name failslab, interval 1, probability 0, space 0, times 0 [ 190.660979][ T6885] CPU: 0 UID: 0 PID: 6885 Comm: syz.1.256 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 190.661004][ T6885] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 190.661015][ T6885] Call Trace: [ 190.661022][ T6885] [ 190.661030][ T6885] dump_stack_lvl+0x189/0x250 [ 190.661083][ T6885] ? __pfx____ratelimit+0x10/0x10 [ 190.661103][ T6885] ? __pfx_dump_stack_lvl+0x10/0x10 [ 190.661132][ T6885] ? __pfx__printk+0x10/0x10 [ 190.661159][ T6885] ? __pfx___might_resched+0x10/0x10 [ 190.661179][ T6885] ? fs_reclaim_acquire+0x7d/0x100 [ 190.661206][ T6885] should_fail_ex+0x414/0x560 [ 190.661230][ T6885] should_failslab+0xa8/0x100 [ 190.661251][ T6885] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 190.661271][ T6885] ? __alloc_skb+0x112/0x2d0 [ 190.661301][ T6885] __alloc_skb+0x112/0x2d0 [ 190.661330][ T6885] netlink_ack+0x146/0xa50 [ 190.661353][ T6885] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 190.661374][ T6885] ? ref_tracker_free+0x63a/0x7d0 [ 190.661393][ T6885] ? __copy_skb_header+0xa7/0x550 [ 190.661413][ T6885] ? __pfx_ref_tracker_free+0x10/0x10 [ 190.661433][ T6885] ? __skb_clone+0x63/0x7a0 [ 190.661459][ T6885] netlink_rcv_skb+0x28c/0x470 [ 190.661484][ T6885] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 190.661510][ T6885] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 190.661549][ T6885] ? netlink_deliver_tap+0x2e/0x1b0 [ 190.661573][ T6885] ? netlink_deliver_tap+0x2e/0x1b0 [ 190.661605][ T6885] netlink_unicast+0x75c/0x8e0 [ 190.661638][ T6885] netlink_sendmsg+0x805/0xb30 [ 190.661674][ T6885] ? __pfx_netlink_sendmsg+0x10/0x10 [ 190.661708][ T6885] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 190.661727][ T6885] ? __pfx_netlink_sendmsg+0x10/0x10 [ 190.661754][ T6885] __sock_sendmsg+0x21c/0x270 [ 190.661779][ T6885] ____sys_sendmsg+0x505/0x830 [ 190.661814][ T6885] ? __pfx_____sys_sendmsg+0x10/0x10 [ 190.661852][ T6885] ? import_iovec+0x74/0xa0 [ 190.661886][ T6885] ___sys_sendmsg+0x21f/0x2a0 [ 190.661918][ T6885] ? __pfx____sys_sendmsg+0x10/0x10 [ 190.661989][ T6885] ? __fget_files+0x2a/0x420 [ 190.662007][ T6885] ? __fget_files+0x3a0/0x420 [ 190.662040][ T6885] __x64_sys_sendmsg+0x19b/0x260 [ 190.662070][ T6885] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 190.662109][ T6885] ? __pfx_ksys_write+0x10/0x10 [ 190.662131][ T6885] ? rcu_is_watching+0x15/0xb0 [ 190.662157][ T6885] ? do_syscall_64+0xbe/0x3b0 [ 190.662183][ T6885] do_syscall_64+0xfa/0x3b0 [ 190.662202][ T6885] ? lockdep_hardirqs_on+0x9c/0x150 [ 190.662222][ T6885] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.662241][ T6885] ? clear_bhb_loop+0x60/0xb0 [ 190.662264][ T6885] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 190.662282][ T6885] RIP: 0033:0x7f3396f8ebe9 [ 190.662304][ T6885] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 190.662320][ T6885] RSP: 002b:00007f3397de0038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 190.662347][ T6885] RAX: ffffffffffffffda RBX: 00007f33971b5fa0 RCX: 00007f3396f8ebe9 [ 190.662361][ T6885] RDX: 0000000020008810 RSI: 0000200000000580 RDI: 0000000000000004 [ 190.662373][ T6885] RBP: 00007f3397de0090 R08: 0000000000000000 R09: 0000000000000000 [ 190.662384][ T6885] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 190.662395][ T6885] R13: 00007f33971b6038 R14: 00007f33971b5fa0 R15: 00007ffddbeb8c88 [ 190.662426][ T6885] [ 191.270576][ T6868] syz.0.252 uses obsolete (PF_INET,SOCK_PACKET) [ 191.609369][ T6892] macvtap1: entered allmulticast mode [ 191.614885][ T6892] veth0_macvtap: entered allmulticast mode [ 193.203432][ T5921] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 193.345812][ T5921] usb 1-1: USB disconnect, device number 12 [ 193.674436][ T6911] netlink: 28 bytes leftover after parsing attributes in process `syz.0.264'. [ 193.985020][ T6924] fuse: Unknown parameter 'gpoup_id' [ 194.197240][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.203791][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.801151][ T6930] macvtap3: entered allmulticast mode [ 195.950302][ T5954] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 195.971710][ T6947] netlink: 'syz.4.273': attribute type 12 has an invalid length. [ 196.277892][ T5954] usb 3-1: Using ep0 maxpacket: 8 [ 196.316049][ T5954] usb 3-1: config 2 has an invalid interface number: 38 but max is 0 [ 196.340325][ T5954] usb 3-1: config 2 has no interface number 0 [ 196.377819][ T5954] usb 3-1: New USB device found, idVendor=198b, idProduct=1000, bcdDevice= 0.7e [ 196.410318][ T5926] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 196.413775][ T5954] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.601909][ T6954] macvtap1: entered allmulticast mode [ 196.607378][ T6954] veth0_macvtap: entered allmulticast mode [ 196.693568][ T5926] usb 5-1: Using ep0 maxpacket: 32 [ 196.826536][ T5926] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 197.011262][ T5926] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 197.145492][ T5926] usb 5-1: New USB device found, idVendor=054c, idProduct=024b, bcdDevice= 0.00 [ 197.163052][ T5926] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.174835][ T5926] usb 5-1: config 0 descriptor?? [ 197.276411][ T6940] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 197.307423][ T6940] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 197.359307][ T5954] usb 3-1: string descriptor 0 read error: -71 [ 197.722041][ T5954] usb 3-1: USB disconnect, device number 10 [ 197.731559][ T6961] syz.3.276: attempt to access beyond end of device [ 197.731559][ T6961] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 197.744729][ T6961] EXT4-fs (nbd3): unable to read superblock [ 197.783427][ T6964] No control pipe specified [ 198.008865][ T5926] usbhid 5-1:0.0: can't add hid device: -71 [ 198.268088][ T5926] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 198.324268][ T5926] usb 5-1: USB disconnect, device number 6 [ 199.011352][ T6971] FAULT_INJECTION: forcing a failure. [ 199.011352][ T6971] name failslab, interval 1, probability 0, space 0, times 0 [ 199.102330][ T6971] CPU: 1 UID: 0 PID: 6971 Comm: syz.3.281 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 199.102355][ T6971] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 199.102366][ T6971] Call Trace: [ 199.102373][ T6971] [ 199.102380][ T6971] dump_stack_lvl+0x189/0x250 [ 199.102405][ T6971] ? __pfx____ratelimit+0x10/0x10 [ 199.102425][ T6971] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.102446][ T6971] ? __pfx__printk+0x10/0x10 [ 199.102476][ T6971] ? __pfx___might_resched+0x10/0x10 [ 199.102510][ T6971] should_fail_ex+0x414/0x560 [ 199.102535][ T6971] should_failslab+0xa8/0x100 [ 199.102556][ T6971] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 199.102576][ T6971] ? __alloc_skb+0x112/0x2d0 [ 199.102606][ T6971] __alloc_skb+0x112/0x2d0 [ 199.102634][ T6971] netlink_dump+0x1b1/0xe60 [ 199.102668][ T6971] ? __pfx_netlink_dump+0x10/0x10 [ 199.102708][ T6971] ? kmem_cache_free+0x18f/0x400 [ 199.102732][ T6971] netlink_recvmsg+0x676/0xa30 [ 199.102767][ T6971] ? __pfx_netlink_recvmsg+0x10/0x10 [ 199.102796][ T6971] ? __lock_acquire+0xab9/0xd20 [ 199.102817][ T6971] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 199.102838][ T6971] ? __pfx_netlink_recvmsg+0x10/0x10 [ 199.102864][ T6971] sock_recvmsg_nosec+0x183/0x1c0 [ 199.102890][ T6971] ____sys_recvmsg+0x3aa/0x460 [ 199.102916][ T6971] ? __pfx_____sys_recvmsg+0x10/0x10 [ 199.102952][ T6971] ? import_iovec+0x74/0xa0 [ 199.102982][ T6971] ___sys_recvmsg+0x1b5/0x510 [ 199.103007][ T6971] ? __pfx____sys_recvmsg+0x10/0x10 [ 199.103056][ T6971] ? __might_fault+0xb0/0x130 [ 199.103079][ T6971] do_recvmmsg+0x307/0x770 [ 199.103107][ T6971] ? __pfx_do_recvmmsg+0x10/0x10 [ 199.103138][ T6971] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 199.103178][ T6971] __x64_sys_recvmmsg+0x190/0x240 [ 199.103200][ T6971] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 199.103215][ T6971] ? rcu_is_watching+0x15/0xb0 [ 199.103238][ T6971] ? do_syscall_64+0xbe/0x3b0 [ 199.103261][ T6971] do_syscall_64+0xfa/0x3b0 [ 199.103278][ T6971] ? lockdep_hardirqs_on+0x9c/0x150 [ 199.103295][ T6971] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.103312][ T6971] ? clear_bhb_loop+0x60/0xb0 [ 199.103338][ T6971] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.103355][ T6971] RIP: 0033:0x7f68d8f8ebe9 [ 199.103372][ T6971] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.103387][ T6971] RSP: 002b:00007f68d9dec038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 199.103408][ T6971] RAX: ffffffffffffffda RBX: 00007f68d91b5fa0 RCX: 00007f68d8f8ebe9 [ 199.103421][ T6971] RDX: 0000000000000004 RSI: 0000200000003240 RDI: 0000000000000003 [ 199.103431][ T6971] RBP: 00007f68d9dec090 R08: 0000000000000000 R09: 0000000000000000 [ 199.103443][ T6971] R10: 0000000040010020 R11: 0000000000000246 R12: 0000000000000001 [ 199.103453][ T6971] R13: 00007f68d91b6038 R14: 00007f68d91b5fa0 R15: 00007fff134f5918 [ 199.103485][ T6971] [ 199.524538][ T6983] netlink: 36 bytes leftover after parsing attributes in process `syz.3.284'. [ 199.653036][ T6973] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 200.944352][ T6998] netlink: 'syz.2.287': attribute type 1 has an invalid length. [ 201.030286][ T5978] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 201.316473][ T7006] syz.3.289: attempt to access beyond end of device [ 201.316473][ T7006] nbd3: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 201.330264][ T7006] EXT4-fs (nbd3): unable to read superblock [ 201.336929][ T5978] usb 1-1: Using ep0 maxpacket: 16 [ 201.343306][ T7006] No control pipe specified [ 201.351678][ T5978] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 201.370242][ T5978] usb 1-1: config 0 has no interface number 0 [ 201.378660][ T5978] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.397790][ T5978] usb 1-1: config 0 interface 1 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 201.410032][ T5978] usb 1-1: New USB device found, idVendor=28bd, idProduct=0071, bcdDevice= 0.00 [ 201.425860][ T5978] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 201.456502][ T5978] usb 1-1: config 0 descriptor?? [ 201.473688][ T5848] Bluetooth: hci1: command 0x0406 tx timeout [ 201.479791][ T5838] Bluetooth: hci0: command 0x0406 tx timeout [ 201.484919][ T5843] Bluetooth: hci3: command 0x0406 tx timeout [ 201.485865][ T5838] Bluetooth: hci2: command 0x0406 tx timeout [ 201.577515][ T7012] No control pipe specified [ 202.003441][ T7022] Invalid source name [ 202.007517][ T7022] UBIFS error (pid: 7022): cannot open "ubifs", error -22 [ 202.163206][ T5954] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 202.236917][ T5978] usbhid 1-1:0.1: can't add hid device: -71 [ 202.255412][ T5978] usbhid 1-1:0.1: probe with driver usbhid failed with error -71 [ 202.276951][ T5978] usb 1-1: USB disconnect, device number 13 [ 202.560293][ T5954] usb 2-1: Using ep0 maxpacket: 8 [ 202.567679][ T5954] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 202.681551][ T5954] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 202.702468][ T5954] usb 2-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 202.716428][ T5954] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 202.730289][ T5954] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 202.741922][ T5954] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 203.246052][ T5954] usbtmc 2-1:16.0: bulk endpoints not found [ 206.807723][ T7057] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 206.830303][ T43] usb 2-1: USB disconnect, device number 5 [ 207.260286][ T5926] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 207.271045][ T7074] syz.0.305: attempt to access beyond end of device [ 207.271045][ T7074] nbd0: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 207.284122][ T7074] EXT4-fs (nbd0): unable to read superblock [ 207.313204][ T7074] No control pipe specified [ 207.369777][ T7057] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.460799][ T5926] usb 4-1: Using ep0 maxpacket: 8 [ 207.489456][ T5926] usb 4-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 207.514785][ T5926] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 207.559894][ T7079] ptrace attach of "./syz-executor exec"[5847] was attempted by "./syz-executor exec"[7079] [ 207.582830][ T5926] pvrusb2: Hardware description: Terratec Grabster AV400 [ 207.602433][ T5926] pvrusb2: ********** [ 207.616320][ T5926] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 207.692845][ T5926] pvrusb2: Important functionality might not be entirely working. [ 207.707123][ T7057] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 207.742825][ T5926] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 207.762478][ T5926] pvrusb2: ********** [ 208.397822][ T7086] netlink: 'syz.3.306': attribute type 3 has an invalid length. [ 208.651983][ T2343] pvrusb2: Invalid write control endpoint [ 209.049963][ T7057] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 209.063920][ T2343] pvrusb2: Invalid write control endpoint [ 209.085364][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 209.105395][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 209.116784][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 209.127988][ T2343] pvrusb2: Device being rendered inoperable [ 209.147035][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 209.158980][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 209.175395][ T2343] pvrusb2: Attached sub-driver cx25840 [ 209.196160][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 209.234270][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 209.313118][ T7057] netdevsim netdevsim2 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.345445][ T7057] netdevsim netdevsim2 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.372408][ T7057] netdevsim netdevsim2 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 209.446342][ T7057] netdevsim netdevsim2 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 210.248592][ T5842] usb 4-1: USB disconnect, device number 9 [ 211.481175][ T7112] tipc: Enabling of bearer rejected, failed to enable media [ 213.357910][ T7135] kAFS: No cell specified [ 214.149228][ T7139] netlink: 'syz.2.324': attribute type 14 has an invalid length. [ 214.401407][ T5906] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 214.540286][ T43] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 214.615391][ T5906] usb 1-1: Using ep0 maxpacket: 8 [ 214.750351][ T43] usb 3-1: Using ep0 maxpacket: 16 [ 214.774511][ T5906] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 214.788963][ T5906] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.810315][ T43] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 214.829643][ T43] usb 3-1: config 0 has no interfaces? [ 214.836681][ T43] usb 3-1: New USB device found, idVendor=0c70, idProduct=f014, bcdDevice= 0.00 [ 214.850448][ T43] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.864641][ T5906] pvrusb2: Hardware description: Terratec Grabster AV400 [ 214.871816][ T5906] pvrusb2: ********** [ 214.881312][ T43] usb 3-1: config 0 descriptor?? [ 214.910249][ T5906] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 214.923925][ T5906] pvrusb2: Important functionality might not be entirely working. [ 214.940455][ T5906] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 214.966559][ T5906] pvrusb2: ********** [ 215.657826][ T7158] netlink: 'syz.0.325': attribute type 3 has an invalid length. [ 215.988765][ T2343] pvrusb2: Invalid write control endpoint [ 216.955095][ T2343] pvrusb2: Invalid write control endpoint [ 217.051069][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 217.081892][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 217.089714][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 217.104426][ T2343] pvrusb2: Device being rendered inoperable [ 217.117110][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 217.129881][ T43] usb 3-1: USB disconnect, device number 11 [ 217.240564][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 217.290520][ T2343] pvrusb2: Attached sub-driver cx25840 [ 217.305762][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 217.377372][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 217.805240][ T7177] tipc: Enabling of bearer rejected, failed to enable media [ 218.600555][ T5926] usb 1-1: USB disconnect, device number 14 [ 218.702899][ T7175] netlink: 5 bytes leftover after parsing attributes in process `syz.3.330'. [ 218.714166][ T7175] 0ªX¹¦D: renamed from macvtap0 (while UP) [ 218.803608][ T7175] 0ªX¹¦D: entered allmulticast mode [ 218.854720][ T7175] A link change request failed with some changes committed already. Interface 30ªX¹¦D may have been left with an inconsistent configuration, please check. [ 219.737745][ T7180] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.330' sets config #1 [ 220.423356][ T7204] syz.4.337: attempt to access beyond end of device [ 220.423356][ T7204] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 220.437793][ T7204] EXT4-fs (nbd4): unable to read superblock [ 220.449070][ T7204] No control pipe specified [ 220.480621][ T30] kauditd_printk_skb: 18 callbacks suppressed [ 220.480639][ T30] audit: type=1400 audit(1755660244.091:30): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=7205 comm="syz.1.339" [ 220.766807][ T7211] netlink: 68 bytes leftover after parsing attributes in process `syz.2.340'. [ 222.340285][ T7225] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 222.422746][ T7231] tipc: Enabling of bearer rejected, failed to enable media [ 224.070292][ T7225] usb 1-1: Using ep0 maxpacket: 8 [ 224.122853][ T7225] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 224.152571][ T7225] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 224.266210][ T7225] pvrusb2: Hardware description: Terratec Grabster AV400 [ 224.298325][ T7225] pvrusb2: ********** [ 224.417324][ T7225] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 224.449248][ T7225] pvrusb2: Important functionality might not be entirely working. [ 225.016870][ T7225] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 225.028814][ T7225] pvrusb2: ********** [ 225.709576][ T7250] netlink: 'syz.0.345': attribute type 3 has an invalid length. [ 225.759727][ T2343] pvrusb2: Invalid write control endpoint [ 226.058282][ T2343] pvrusb2: Invalid write control endpoint [ 226.126015][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 226.145058][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 226.154436][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 226.165526][ T2343] pvrusb2: Device being rendered inoperable [ 226.172332][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 226.180308][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 226.191462][ T2343] pvrusb2: Attached sub-driver cx25840 [ 226.196960][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 226.240572][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 226.591743][ T7262] syz.4.353: attempt to access beyond end of device [ 226.591743][ T7262] nbd4: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 226.605630][ T7262] EXT4-fs (nbd4): unable to read superblock [ 226.750811][ T7263] No control pipe specified [ 228.309507][ T7225] usb 1-1: USB disconnect, device number 15 [ 229.504949][ T7268] netlink: 68 bytes leftover after parsing attributes in process `syz.0.354'. [ 229.679572][ T7277] capability: warning: `syz.4.359' uses 32-bit capabilities (legacy support in use) [ 229.824802][ T7280] tipc: Enabling of bearer rejected, failed to enable media [ 230.608878][ T7288] comedi comedi4: bad chanlist[1]=0x00000008 chan=8 range length=2 [ 232.326600][ T7300] syz.1.366: attempt to access beyond end of device [ 232.326600][ T7300] nbd1: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 232.327555][ T7300] EXT4-fs (nbd1): unable to read superblock [ 232.426116][ T7304] No control pipe specified [ 233.739645][ T30] audit: type=1400 audit(1755660257.321:31): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=7305 comm="syz.4.367" daddr=fe80::aa [ 233.844791][ T7315] netlink: 68 bytes leftover after parsing attributes in process `syz.3.369'. [ 233.887867][ T30] audit: type=1400 audit(1755660257.501:32): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=7316 comm="syz.1.368" daddr=fe80::aa [ 235.439050][ T7326] sch_tbf: peakrate 8 is lower than or equals to rate 12 ! [ 235.870448][ T5926] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 236.473516][ T7335] tipc: Enabling of bearer rejected, failed to enable media [ 237.029658][ T7338] netlink: 360 bytes leftover after parsing attributes in process `syz.4.375'. [ 237.030367][ T5926] usb 3-1: device descriptor read/64, error -71 [ 237.102114][ T10] IPVS: starting estimator thread 0... [ 237.308194][ T7346] comedi comedi4: bad chanlist[1]=0x00000008 chan=8 range length=2 [ 237.310540][ T5926] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 237.328078][ T7339] IPVS: using max 33 ests per chain, 79200 per kthread [ 237.830340][ T5926] usb 3-1: device descriptor read/64, error -71 [ 238.647174][ T7355] syz.1.379: attempt to access beyond end of device [ 238.647174][ T7355] nbd1: rw=4096, sector=2, nr_sectors = 2 limit=0 [ 238.660294][ T7355] EXT4-fs (nbd1): unable to read superblock [ 238.668580][ T5926] usb usb3-port1: attempt power cycle [ 238.697426][ T7351] No control pipe specified [ 239.989779][ T7347] delete_channel: no stack [ 240.358916][ T5921] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 240.734510][ T5921] usb 1-1: Using ep0 maxpacket: 8 [ 240.742528][ T5921] usb 1-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 240.763895][ T5921] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 241.419340][ T5921] pvrusb2: Hardware description: Terratec Grabster AV400 [ 241.427265][ T5921] pvrusb2: ********** [ 241.434973][ T5921] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 241.458258][ T5921] pvrusb2: Important functionality might not be entirely working. [ 241.478186][ T7380] program syz.3.386 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 241.531830][ T5921] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 241.568409][ T5921] pvrusb2: ********** [ 242.196261][ T7394] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 242.424571][ T7395] netlink: 'syz.0.384': attribute type 3 has an invalid length. [ 242.698741][ T2343] pvrusb2: Invalid write control endpoint [ 243.230296][ C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 244.069723][ T2343] pvrusb2: Invalid write control endpoint [ 244.077887][ T2343] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 244.087785][ T2343] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 244.095911][ T2343] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 244.137808][ T2343] pvrusb2: Device being rendered inoperable [ 244.210278][ T2343] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 244.343391][ T10] usb 1-1: USB disconnect, device number 16 [ 244.470279][ T2343] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_c) [ 244.488234][ T2343] pvrusb2: Attached sub-driver cx25840 [ 244.493920][ T2343] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 244.506960][ T2343] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 246.952877][ T7423] comedi comedi4: bad chanlist[1]=0x00000008 chan=8 range length=2 [ 249.359062][ T30] audit: type=1400 audit(1755660272.961:33): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=7446 comm="syz.3.403" daddr=::ffff:172.20.20.32 dest=20003 [ 250.638909][ T7465] netlink: 8 bytes leftover after parsing attributes in process `syz.4.410'. [ 250.642382][ T30] audit: type=1326 audit(1755660274.251:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7462 comm="syz.1.408" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f3396f8ebe9 code=0x0 [ 250.648136][ T7465] netlink: 8 bytes leftover after parsing attributes in process `syz.4.410'. [ 250.690787][ T5921] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 250.698509][ T7465] netlink: 8 bytes leftover after parsing attributes in process `syz.4.410'. [ 250.707432][ T7465] netlink: 8 bytes leftover after parsing attributes in process `syz.4.410'. [ 250.926672][ T5921] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 250.950218][ T5921] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 251.284728][ T5921] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 251.313332][ T5921] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 251.414812][ T5921] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 251.494195][ T5921] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 251.523277][ T5921] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 251.838955][ T5921] usb 3-1: Product: syz [ 251.912511][ T5921] usb 3-1: Manufacturer: syz [ 252.179152][ T5921] cdc_wdm 3-1:1.0: skipping garbage [ 252.198249][ T5921] cdc_wdm 3-1:1.0: skipping garbage [ 252.322147][ T5921] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 252.330264][ T5921] cdc_wdm 3-1:1.0: Unknown control protocol [ 252.435587][ T7483] ubi: mtd0 is already attached to ubi31 [ 253.087062][ T5921] usb 3-1: USB disconnect, device number 15 [ 253.107875][ T7487] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 253.176453][ T7487] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 253.196720][ T7487] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 253.204193][ T7487] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 253.214214][ T7487] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 253.270776][ T7487] bridge: RTM_NEWNEIGH with invalid state 0x0 [ 254.095593][ T7493] netlink: 20 bytes leftover after parsing attributes in process `syz.1.413'. [ 255.634052][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.645589][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.822927][ T7518] program syz.4.421 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 256.440252][ T10] usb 5-1: new high-speed USB device number 7 using dummy_hcd [ 256.870263][ T10] usb 5-1: Using ep0 maxpacket: 16 [ 256.903998][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 256.935966][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 257.053913][ T10] usb 5-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 257.067426][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 257.104373][ T10] usb 5-1: config 0 descriptor?? [ 257.389362][ T7543] netlink: 'syz.0.428': attribute type 14 has an invalid length. [ 258.504023][ T7552] netlink: 4 bytes leftover after parsing attributes in process `syz.2.430'. [ 258.880014][ T10] hid-multitouch 0003:1FD2:6007.0001: unknown main item tag 0x0 [ 258.890431][ T10] hid-multitouch 0003:1FD2:6007.0001: unknown main item tag 0x0 [ 258.930336][ T10] hid-multitouch 0003:1FD2:6007.0001: item fetching failed at offset 3/5 [ 258.953942][ T10] hid-multitouch 0003:1FD2:6007.0001: probe with driver hid-multitouch failed with error -22 [ 259.799506][ T30] audit: type=1400 audit(1755660283.411:35): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=7579 comm="syz.0.442" dest=2 [ 260.148973][ T7588] netlink: 'syz.1.445': attribute type 4 has an invalid length. [ 260.180298][ T5906] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 260.199678][ T7588] netlink: 'syz.1.445': attribute type 4 has an invalid length. [ 260.232168][ T7225] usb 5-1: USB disconnect, device number 7 [ 260.392402][ T5906] usb 1-1: config 0 has an invalid interface number: 197 but max is 0 [ 260.412650][ T5906] usb 1-1: config 0 has no interface number 0 [ 260.446771][ T5906] usb 1-1: New USB device found, idVendor=1608, idProduct=030b, bcdDevice=1f.8b [ 260.479437][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 260.509437][ T5906] usb 1-1: Product: syz [ 260.526580][ T5906] usb 1-1: Manufacturer: syz [ 260.750268][ T5906] usb 1-1: SerialNumber: syz [ 261.278320][ T5906] usb 1-1: config 0 descriptor?? [ 262.363426][ T5906] io_ti 1-1:0.197: required endpoints missing [ 262.657783][ T5906] usb 1-1: USB disconnect, device number 17 [ 262.917045][ T7609] netlink: 36 bytes leftover after parsing attributes in process `syz.0.451'. [ 264.818549][ T7621] netlink: 12 bytes leftover after parsing attributes in process `syz.1.455'. [ 264.844946][ T7621] netlink: 12 bytes leftover after parsing attributes in process `syz.1.455'. [ 265.343805][ T7631] random: crng reseeded on system resumption [ 267.573383][ T7616] tipc: Started in network mode [ 267.578387][ T7616] tipc: Node identity fe80000000000000000000000000001, cluster identity 4711 [ 267.589449][ T7616] tipc: Enabled bearer , priority 10 [ 268.303902][ T7653] netlink: 300 bytes leftover after parsing attributes in process `syz.0.461'. [ 268.999916][ T5906] tipc: Node number set to 4269801488 [ 269.898085][ T7646] netlink: 24 bytes leftover after parsing attributes in process `syz.3.462'. [ 271.183815][ T7660] block device autoloading is deprecated and will be removed. [ 272.347888][ T7680] NILFS (nullb0): couldn't find nilfs on the device [ 274.160320][ T30] audit: type=1326 audit(1755660297.771:36): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.0.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb8c38ebe9 code=0x7ffc0000 [ 274.403381][ T30] audit: type=1326 audit(1755660297.771:37): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.0.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb8c38ebe9 code=0x7ffc0000 [ 274.485042][ T30] audit: type=1326 audit(1755660297.771:38): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.0.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=220 compat=0 ip=0x7ffb8c38ebe9 code=0x7ffc0000 [ 275.239240][ T30] audit: type=1326 audit(1755660297.771:39): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.0.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb8c38ebe9 code=0x7ffc0000 [ 275.495180][ T30] audit: type=1326 audit(1755660297.771:40): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7687 comm="syz.0.475" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb8c38ebe9 code=0x7ffc0000 [ 276.388565][ T7710] loop9: detected capacity change from 0 to 7 [ 276.489700][ T7710] Dev loop9: unable to read RDB block 7 [ 276.621523][ T7710] loop9: unable to read partition table [ 277.025059][ T7710] loop9: partition table beyond EOD, truncated [ 277.147289][ T7710] loop_reread_partitions: partition scan of loop9 (þ被xü—ŸÑà– ) failed (rc=-5) [ 278.447853][ T7728] netlink: 4 bytes leftover after parsing attributes in process `syz.3.487'. [ 279.233666][ T30] audit: type=1400 audit(1755660302.081:41): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=7723 comm="syz.3.487" daddr=::ffff:172.20.20.20 dest=20001 [ 280.883301][ T30] audit: type=1400 audit(1755660304.501:42): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=7737 comm="syz.4.492" [ 281.070403][ T5921] usb 1-1: new full-speed USB device number 18 using dummy_hcd [ 281.243260][ T5921] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 281.266409][ T5921] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 281.279297][ T5921] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 281.344981][ T5921] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 281.354305][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 281.362398][ T5921] usb 1-1: Product: syz [ 281.367168][ T5921] usb 1-1: Manufacturer: syz [ 281.372092][ T5921] usb 1-1: SerialNumber: syz [ 281.557961][ T7742] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 281.743336][ T7758] netlink: 4388 bytes leftover after parsing attributes in process `syz.2.493'. [ 282.607230][ T5921] cdc_ncm 1-1:1.0: bind() failure [ 282.887623][ T5906] usb 1-1: USB disconnect, device number 18 [ 284.317491][ T30] audit: type=1400 audit(1755660307.771:43): lsm=SMACK fn=smack_socket_sock_rcv_skb action=denied subject="B" object="_" requested=w pid=7780 comm="syz.4.501" saddr=2001::1 daddr=fe80::aa dest=16385 netif=wpan0 [ 285.078945][ T7785] geneve2: entered promiscuous mode [ 286.254625][ T7790] team0: Port device team_slave_0 removed [ 288.275331][ T7830] SET target dimension over the limit! [ 288.556674][ T30] audit: type=1326 audit(1755660312.171:44): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7836 comm="syz.0.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb8c38ebe9 code=0x7ffc0000 [ 288.990316][ T30] audit: type=1326 audit(1755660312.171:45): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7836 comm="syz.0.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ffb8c38ebe9 code=0x7ffc0000 [ 289.030929][ T30] audit: type=1326 audit(1755660312.171:46): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7836 comm="syz.0.514" exe="/root/syz-executor" sig=0 arch=c000003e syscall=272 compat=0 ip=0x7ffb8c38ebe9 code=0x7ffc0000 [ 290.325289][ T7832] syz.3.513 (7832): drop_caches: 2 [ 290.407682][ T7851] tipc: Started in network mode [ 290.456424][ T7851] tipc: Node identity 0a6ddc15a38a, cluster identity 4711 [ 290.504033][ T7851] tipc: Enabled bearer , priority 0 [ 290.579495][ T7852] syzkaller0: entered promiscuous mode [ 290.620257][ T7852] syzkaller0: entered allmulticast mode [ 290.670668][ T7858] syz_tun: entered allmulticast mode [ 290.724181][ T7863] netlink: 4 bytes leftover after parsing attributes in process `syz.1.518'. [ 290.754863][ T7851] tipc: Resetting bearer [ 290.824166][ T7863] syz_tun (unregistering): left allmulticast mode [ 290.998941][ T7850] tipc: Resetting bearer [ 291.596350][ T10] tipc: Node number set to 2850544661 [ 291.628000][ T7850] tipc: Disabling bearer [ 292.744405][ T7877] netlink: 'syz.3.522': attribute type 1 has an invalid length. [ 292.954934][ T7877] 8021q: adding VLAN 0 to HW filter on device bond2 [ 293.146717][ T7882] bond2: (slave geneve2): making interface the new active one [ 293.166268][ T7882] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 293.250212][ T7882] syz.3.522 (7882) used greatest stack depth: 19160 bytes left [ 293.330472][ T5921] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 293.531195][ T5921] usb 1-1: Using ep0 maxpacket: 32 [ 293.873659][ T5921] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 293.900242][ T5921] usb 1-1: config 0 has no interface number 0 [ 293.936092][ T5921] usb 1-1: config 0 interface 184 has no altsetting 0 [ 294.076510][ T5921] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 294.148408][ T5921] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 294.244384][ T7896] syz.3.528 (7896) used greatest stack depth: 16656 bytes left [ 294.280295][ T5921] usb 1-1: Product: syz [ 294.372211][ T5921] usb 1-1: Manufacturer: syz [ 294.378429][ T5921] usb 1-1: SerialNumber: syz [ 294.459804][ T5921] usb 1-1: config 0 descriptor?? [ 294.489292][ T5921] smsc75xx v1.0.0 [ 294.608972][ T5921] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -22 [ 294.623332][ T5921] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -22 [ 295.730626][ T7224] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 296.874099][ T7224] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 296.893083][ T7224] usb 3-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 297.501750][ T7224] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 297.531735][ T7224] usb 3-1: config 0 descriptor?? [ 297.706075][ T7224] usbhid 3-1:0.0: can't add hid device: -71 [ 297.766607][ T7224] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 297.949804][ T7224] usb 3-1: USB disconnect, device number 16 [ 298.267747][ T7935] netlink: 4 bytes leftover after parsing attributes in process `syz.4.539'. [ 298.291387][ T7935] sg_write: data in/out 124/1 bytes for SCSI command 0x1c-- guessing data in; [ 298.291387][ T7935] program syz.4.539 not setting count and/or reply_len properly [ 298.874753][ T7936] lo speed is unknown, defaulting to 1000 [ 298.881264][ T7936] lo speed is unknown, defaulting to 1000 [ 298.897933][ T7936] lo speed is unknown, defaulting to 1000 [ 299.003751][ T7936] iwpm_register_pid: Unable to send a nlmsg (client = 2) [ 299.113653][ T7936] infiniband syz0: RDMA CMA: cma_listen_on_dev, error -98 [ 299.239644][ T7936] lo speed is unknown, defaulting to 1000 [ 299.247402][ T7936] lo speed is unknown, defaulting to 1000 [ 299.256471][ T7936] lo speed is unknown, defaulting to 1000 [ 299.769471][ T7936] lo speed is unknown, defaulting to 1000 [ 299.776449][ T7936] lo speed is unknown, defaulting to 1000 [ 300.099444][ T30] audit: type=1400 audit(1755660323.711:47): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=7943 comm="syz.1.542" daddr=::ffff:172.20.20.20 dest=20001 [ 301.618410][ T5926] usb 1-1: USB disconnect, device number 19 [ 302.765012][ T7965] netlink: 'syz.0.549': attribute type 1 has an invalid length. [ 303.337594][ T7968] bond1: (slave vxcan3): The slave device specified does not support setting the MAC address [ 303.381999][ T7968] bond1: (slave vxcan3): Error -95 calling set_mac_address [ 304.375357][ T7978] xt_l2tp: wrong L2TP version: 0 [ 304.766919][ T7970] gretap1: entered promiscuous mode [ 304.792400][ T7970] bond1: (slave gretap1): making interface the new active one [ 305.430684][ T7970] bond1: (slave gretap1): Enslaving as an active interface with an up link [ 306.260329][ T7224] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 306.423352][ T7224] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 306.626545][ T7224] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 306.637066][ T7224] usb 3-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 306.678158][ T7224] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 306.711938][ T7224] usb 3-1: config 0 descriptor?? [ 307.116625][ T8020] netlink: 'syz.1.563': attribute type 4 has an invalid length. [ 307.140256][ T7224] cp2112 0003:10C4:EA90.0002: unknown main item tag 0x0 [ 307.198064][ T7224] cp2112 0003:10C4:EA90.0002: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.2-1/input0 [ 307.333657][ T7224] cp2112 0003:10C4:EA90.0002: Part Number: 0x82 Device Version: 0xFE [ 307.589636][ T10] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 308.222231][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 308.229309][ T7224] cp2112 0003:10C4:EA90.0002: error reading lock byte: -71 [ 308.504262][ T7224] usb 3-1: USB disconnect, device number 17 [ 308.522329][ T10] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 308.542755][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.607377][ T10] usb 2-1: Product: syz [ 308.633196][ T10] usb 2-1: Manufacturer: syz [ 308.668392][ T10] usb 2-1: SerialNumber: syz [ 308.699831][ T10] usb 2-1: config 0 descriptor?? [ 309.198532][ T10] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 309.212336][ T8045] netlink: 28 bytes leftover after parsing attributes in process `syz.0.568'. [ 311.660307][ T10] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 311.690499][ T10] usb 2-1: USB disconnect, device number 6 [ 312.839657][ T8050] syz.4.569 (8050): drop_caches: 2 [ 313.055024][ T8084] random: crng reseeded on system resumption [ 313.080490][ T8083] netlink: 4 bytes leftover after parsing attributes in process `syz.2.578'. [ 313.172547][ T30] audit: type=1400 audit(1755660336.781:48): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=8078 comm="syz.2.578" daddr=::ffff:172.20.20.20 dest=20001 [ 314.109048][ T8089] NILFS (nullb0): couldn't find nilfs on the device [ 315.144734][ T8091] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 316.764524][ T30] audit: type=1326 audit(1755660340.321:49): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8094 comm="syz.3.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68d8f8ebe9 code=0x7ffc0000 [ 316.791492][ T30] audit: type=1326 audit(1755660340.321:50): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8094 comm="syz.3.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=430 compat=0 ip=0x7f68d8f8ebe9 code=0x7ffc0000 [ 316.830308][ C0] IPVS: Schedule: port zero only supported in persistent services, check your ipvs configuration [ 316.966235][ T30] audit: type=1326 audit(1755660340.321:51): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8094 comm="syz.3.583" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f68d8f8ebe9 code=0x7ffc0000 [ 316.998094][ T8099] netdevsim netdevsim3 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.075695][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.082144][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.128488][ T8099] netdevsim netdevsim3 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.284950][ T8099] netdevsim netdevsim3 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 317.516001][ T8099] netdevsim netdevsim3 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 318.488080][ T30] audit: type=1400 audit(1755660342.081:52): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=8114 comm="syz.0.589" daddr=fe88::101 [ 319.313657][ T8099] netdevsim netdevsim3 eth0: set [1, 0] type 2 family 0 port 6081 - 0 [ 319.832732][ T8099] netdevsim netdevsim3 eth1: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.624164][ T8099] netdevsim netdevsim3 eth2: set [1, 0] type 2 family 0 port 6081 - 0 [ 320.767169][ T8099] netdevsim netdevsim3 eth3: set [1, 0] type 2 family 0 port 6081 - 0 [ 327.347851][ T8193] netlink: 'syz.2.615': attribute type 1 has an invalid length. [ 328.300134][ T8193] 8021q: adding VLAN 0 to HW filter on device bond2 [ 329.466598][ T8201] bond2: (slave geneve2): making interface the new active one [ 329.510996][ T8201] bond2: (slave geneve2): Enslaving as an active interface with an up link [ 329.700172][ T30] audit: type=1400 audit(1755660353.291:53): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=8222 comm="syz.1.620" daddr=::ffff:172.20.20.20 dest=20001 [ 329.720258][ T10] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 331.190364][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 331.212985][ T10] usb 5-1: config 0 has an invalid interface number: 55 but max is 0 [ 331.231077][ T10] usb 5-1: config 0 has no interface number 0 [ 331.245569][ T10] usb 5-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 331.268020][ T10] usb 5-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 331.395773][ T10] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 62, changing to 9 [ 331.415147][ T10] usb 5-1: config 0 interface 55 altsetting 0 endpoint 0x8B has invalid maxpacket 42665, setting to 1024 [ 331.428833][ T10] usb 5-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 332.049802][ T10] usb 5-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 332.059136][ T5906] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 332.161041][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.230267][ T5906] usb 4-1: Using ep0 maxpacket: 32 [ 332.254320][ T5906] usb 4-1: config 0 has no interfaces? [ 332.254521][ T10] usb 5-1: config 0 descriptor?? [ 332.259829][ T5906] usb 4-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 332.304046][ T5906] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 332.359071][ T5906] usb 4-1: config 0 descriptor?? [ 332.392246][ T10] usb 5-1: can't set config #0, error -71 [ 332.414572][ T10] usb 5-1: USB disconnect, device number 8 [ 334.137766][ T8247] lo speed is unknown, defaulting to 1000 [ 334.204972][ T8253] workqueue: name exceeds WQ_NAME_LEN. Truncating to: žÀ^–>º>ùMv^µâ侦¸ÑKc'A¥»– [ 334.839446][ T10] usb 4-1: USB disconnect, device number 10 [ 335.391148][ T8275] overlayfs: failed to resolve './file0': -2 [ 337.293786][ T8288] tipc: Started in network mode [ 337.325638][ T8288] tipc: Node identity c60c0d0e6a1b, cluster identity 4711 [ 337.351455][ T8288] tipc: Enabled bearer , priority 0 [ 337.378521][ T8293] syzkaller0: entered promiscuous mode [ 337.417649][ T8293] syzkaller0: entered allmulticast mode [ 337.619958][ T8288] tipc: Resetting bearer [ 337.681973][ T8286] tipc: Resetting bearer [ 337.685067][ T8303] input: syz0 as /devices/virtual/input/input7 [ 337.813699][ T8286] tipc: Disabling bearer [ 338.511689][ T8295] ptm ptm0: ldisc open failed (-12), clearing slot 0 [ 340.378008][ T8336] netlink: 'syz.3.650': attribute type 10 has an invalid length. [ 340.957288][ T8336] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 340.988323][ T8336] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 341.003761][ T8336] bond0 (unregistering): Released all slaves [ 341.644830][ T8361] netlink: 4 bytes leftover after parsing attributes in process `syz.3.655'. [ 341.810766][ T8363] netlink: 4 bytes leftover after parsing attributes in process `syz.3.655'. [ 341.903178][ T8361] dummy0: entered promiscuous mode [ 341.914723][ T8361] macvtap0: entered promiscuous mode [ 341.929145][ T8361] macvtap0: entered allmulticast mode [ 341.953847][ T8361] dummy0: entered allmulticast mode [ 342.004829][ T8363] dummy0: left allmulticast mode [ 342.041342][ T8363] dummy0: left promiscuous mode [ 342.750905][ T12] wlan1: Trigger new scan to find an IBSS to join [ 342.841114][ T8371] ptrace attach of "./syz-executor exec"[5839] was attempted by " [ 343.573986][ T8380] netlink: 8 bytes leftover after parsing attributes in process `syz.2.658'. [ 345.130565][ T7223] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 345.454252][ T7223] usb 5-1: Using ep0 maxpacket: 32 [ 345.463980][ T7223] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 345.474155][ T7223] usb 5-1: config 0 has no interface number 0 [ 345.486096][ T7223] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 345.495576][ T7223] usb 5-1: New USB device strings: Mfr=1, Product=229, SerialNumber=2 [ 345.503951][ T7223] usb 5-1: Product: syz [ 345.510315][ T7223] usb 5-1: Manufacturer: syz [ 345.514929][ T7223] usb 5-1: SerialNumber: syz [ 345.551903][ T7223] usb 5-1: config 0 descriptor?? [ 346.126204][ T7223] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 346.366085][ T7223] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 346.396893][ T7223] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 346.651129][ C0] quatech-serial ttyUSB0: qt2_process_read_urb - status message too short [ 346.831311][ T49] wlan1: Trigger new scan to find an IBSS to join [ 346.867037][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 346.876352][ T7223] usb 5-1: USB disconnect, device number 9 [ 346.892636][ T7223] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 346.938449][ T7223] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 347.050463][ T7223] quatech2 5-1:0.51: device disconnected [ 348.129579][ T8424] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 348.159426][ T8424] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 348.203789][ T8424] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 348.353626][ T7023] wlan1: Creating new IBSS network, BSSID 00:00:00:8d:00:00 [ 348.895390][ T8429] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 348.895390][ T8429] The task syz.3.674 (8429) triggered the difference, watch for misbehavior. [ 349.089995][ T8433] netlink: 'syz.2.676': attribute type 1 has an invalid length. [ 350.033558][ T8320] Set syz1 is full, maxelem 65536 reached [ 354.378081][ T8465] netlink: 12 bytes leftover after parsing attributes in process `syz.1.685'. [ 358.396965][ T30] audit: type=1400 audit(1755660382.011:54): lsm=SMACK fn=smk_ipv6_check action=denied subject="_" object="B" requested=w pid=8500 comm="syz.0.695" daddr=fe80::1c dest=16385 [ 359.382948][ T8513] NILFS (nullb0): couldn't find nilfs on the device [ 363.465115][ T8546] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(4) [ 363.472186][ T8546] vhci_hcd vhci_hcd.0: devid(0) speed(4) speed_str(wireless) [ 363.488847][ T8546] vhci_hcd vhci_hcd.0: Device attached [ 363.498943][ T8549] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 363.566494][ T8546] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 363.643501][ T8549] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 363.658628][ T8546] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 363.676823][ T5921] vhci_hcd: vhci_device speed not set [ 363.794450][ T5921] usb 41-1: new full-speed USB device number 2 using vhci_hcd [ 363.844389][ T8546] vhci_hcd vhci_hcd.0: pdev(4) rhport(5) sockfd(16) [ 363.851050][ T8546] vhci_hcd vhci_hcd.0: devid(0) speed(3) speed_str(high-speed) [ 363.875265][ T8546] vhci_hcd vhci_hcd.0: Device attached [ 363.888701][ T8549] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 363.905754][ T8546] vhci_hcd: Failed attach request for unsupported USB speed: UNKNOWN [ 363.929432][ T8546] vhci_hcd vhci_hcd.0: port 0 already used [ 363.954831][ T8551] vhci_hcd: connection closed [ 363.957181][ T3516] vhci_hcd: stop threads [ 363.977605][ T3516] vhci_hcd: release socket [ 363.985392][ T8547] vhci_hcd: connection reset by peer [ 363.996395][ T3516] vhci_hcd: disconnect device [ 364.003945][ T3516] vhci_hcd: stop threads [ 364.008308][ T3516] vhci_hcd: release socket [ 364.014156][ T3516] vhci_hcd: disconnect device [ 365.370455][ T5906] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 365.522646][ T5906] usb 1-1: Using ep0 maxpacket: 32 [ 365.529311][ T5906] usb 1-1: config 0 has an invalid interface number: 132 but max is 0 [ 365.537785][ T5906] usb 1-1: config 0 has no interface number 0 [ 365.544200][ T5906] usb 1-1: config 0 interface 132 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 365.598711][ T5906] usb 1-1: New USB device found, idVendor=0413, idProduct=6023, bcdDevice=ec.e5 [ 365.608124][ T5906] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.616341][ T5906] usb 1-1: Product: syz [ 365.630639][ T5906] usb 1-1: Manufacturer: syz [ 365.650992][ T5906] usb 1-1: SerialNumber: syz [ 365.668038][ T5906] usb 1-1: config 0 descriptor?? [ 365.701664][ T5906] em28xx 1-1:0.132: New device syz syz @ 480 Mbps (0413:6023, interface 132, class 132) [ 365.730317][ T5906] em28xx 1-1:0.132: Video interface 132 found: [ 366.112551][ T5906] em28xx 1-1:0.132: unknown em28xx chip ID (0) [ 366.724743][ T5906] em28xx 1-1:0.132: failed to trigger write to i2c address 0xa0 (error=-5) [ 366.749904][ T5906] em28xx 1-1:0.132: failed to read eeprom (err=-5) [ 367.252102][ T5906] em28xx 1-1:0.132: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 367.373898][ T5906] em28xx 1-1:0.132: Identified as Leadtek Winfast USB II (card=7) [ 367.398011][ T8578] syzkaller1: entered promiscuous mode [ 367.404040][ T8578] syzkaller1: entered allmulticast mode [ 369.073211][ T5906] em28xx 1-1:0.132: analog set to bulk mode. [ 369.085106][ T5926] em28xx 1-1:0.132: Registering V4L2 extension [ 369.104049][ T5906] usb 1-1: USB disconnect, device number 20 [ 369.140256][ T5921] vhci_hcd: vhci_device speed not set [ 369.159892][ T5906] em28xx 1-1:0.132: Disconnecting em28xx [ 369.959120][ T8601] netlink: 'syz.1.717': attribute type 4 has an invalid length. [ 370.969893][ T5926] em28xx 1-1:0.132: Config register raw data: 0xffffffed [ 371.110031][ T5926] em28xx 1-1:0.132: AC97 chip type couldn't be determined [ 371.143968][ T5926] em28xx 1-1:0.132: No AC97 audio processor [ 371.176038][ T5926] usb 1-1: Decoder not found [ 371.194497][ T8615] syz_tun: entered allmulticast mode [ 371.212305][ T5926] em28xx 1-1:0.132: failed to create media graph [ 371.250517][ T5926] em28xx 1-1:0.132: V4L2 device video103 deregistered [ 371.259453][ T8614] syz_tun: left allmulticast mode [ 371.708735][ T5926] em28xx 1-1:0.132: Remote control support is not available for this card. [ 371.739336][ T5906] em28xx 1-1:0.132: Closing input extension [ 371.893928][ T5906] em28xx 1-1:0.132: Freeing device [ 372.281495][ T8632] Driver unsupported XDP return value 0 on prog (id 167) dev N/A, expect packet loss! [ 378.170322][ T5921] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 378.342157][ T5921] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 378.352819][ T49] wlan1: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 378.470238][ T5926] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 378.524066][ T5921] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 378.540445][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.547152][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.561225][ T5921] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 378.571404][ T5921] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 55, changing to 9 [ 378.597682][ T5921] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8496, setting to 1024 [ 378.617354][ T5921] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 378.627367][ T5921] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 378.640430][ T5926] usb 1-1: Using ep0 maxpacket: 32 [ 378.649961][ T5921] usb 4-1: Product: syz [ 378.663153][ T5926] usb 1-1: config 0 has an invalid interface number: 231 but max is 0 [ 378.853509][ T5921] usb 4-1: Manufacturer: syz [ 379.428059][ T5926] usb 1-1: config 0 has no interface number 0 [ 379.442250][ T5926] usb 1-1: config 0 interface 231 altsetting 0 bulk endpoint 0x6 has invalid maxpacket 1023 [ 379.453414][ T5921] cdc_wdm 4-1:1.0: skipping garbage [ 379.459770][ T5921] cdc_wdm 4-1:1.0: skipping garbage [ 379.465726][ T5926] usb 1-1: config 0 interface 231 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 379.480298][ T5921] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 379.486535][ T5921] cdc_wdm 4-1:1.0: Unknown control protocol [ 379.602605][ T5926] usb 1-1: config 0 interface 231 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 379.682210][ T5926] usb 1-1: New USB device found, idVendor=067b, idProduct=27a1, bcdDevice=b0.9b [ 379.972839][ T5926] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.990438][ T5926] usb 1-1: Product: syz [ 379.994728][ T5926] usb 1-1: Manufacturer: syz [ 379.999349][ T5926] usb 1-1: SerialNumber: syz [ 380.037342][ T5921] usb 4-1: USB disconnect, device number 11 [ 380.058550][ T5926] usb 1-1: config 0 descriptor?? [ 380.099468][ T8684] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 380.116731][ T5926] plusb 1-1:0.231: probe with driver plusb failed with error -22 [ 380.300253][ T10] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 380.950781][ T8712] netlink: zone id is out of range [ 380.956058][ T8712] netlink: zone id is out of range [ 380.961361][ T8712] netlink: zone id is out of range [ 380.966588][ T8712] netlink: zone id is out of range [ 380.971910][ T8712] netlink: zone id is out of range [ 380.977269][ T8712] netlink: zone id is out of range [ 381.062759][ T10] usb 2-1: too many endpoints for config 4 interface 0 altsetting 0: 79, using maximum allowed: 30 [ 381.075591][ T10] usb 2-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x32, changing to 0x2 [ 381.091522][ T8712] netlink: set zone limit has 4 unknown bytes [ 381.122605][ T5926] usb 1-1: USB disconnect, device number 21 [ 381.166596][ T10] usb 2-1: config 4 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 91 [ 381.210375][ T10] usb 2-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 79 [ 381.259721][ T10] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 381.276684][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 381.292978][ T8707] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 381.517235][ T10] ath6kl: Failed to submit usb control message: -71 [ 381.557838][ T10] ath6kl: unable to send the bmi data to the device: -71 [ 381.566813][ T10] ath6kl: Unable to send get target info: -71 [ 381.579469][ T10] ath6kl: Failed to init ath6kl core: -71 [ 381.728887][ T10] ath6kl_usb 2-1:4.0: probe with driver ath6kl_usb failed with error -71 [ 382.104611][ T8715] ================================================================== [ 382.110710][ T10] usb 2-1: USB disconnect, device number 7 [ 382.112712][ T8715] BUG: KASAN: slab-use-after-free in _raw_spin_lock_irqsave+0xa7/0xf0 [ 382.126704][ T8715] Read of size 1 at addr ffff88814b7f62b0 by task syz.3.748/8715 [ 382.134438][ T8715] [ 382.136820][ T8715] CPU: 1 UID: 0 PID: 8715 Comm: syz.3.748 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 382.136837][ T8715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 382.136850][ T8715] Call Trace: [ 382.136857][ T8715] [ 382.136862][ T8715] dump_stack_lvl+0x189/0x250 [ 382.136881][ T8715] ? rcu_is_watching+0x15/0xb0 [ 382.136899][ T8715] ? __kasan_check_byte+0x12/0x40 [ 382.136920][ T8715] ? __pfx_dump_stack_lvl+0x10/0x10 [ 382.136938][ T8715] ? rcu_is_watching+0x15/0xb0 [ 382.136956][ T8715] ? lock_release+0x4b/0x3e0 [ 382.136975][ T8715] ? __virt_addr_valid+0x1c8/0x5c0 [ 382.136997][ T8715] ? __virt_addr_valid+0x4a5/0x5c0 [ 382.137012][ T8715] print_report+0xca/0x240 [ 382.137028][ T8715] ? _raw_spin_lock_irqsave+0xa7/0xf0 [ 382.137043][ T8715] kasan_report+0x118/0x150 [ 382.137054][ T8715] ? _raw_spin_lock_irqsave+0xa7/0xf0 [ 382.137071][ T8715] ? remove_wait_queue+0x24/0x120 [ 382.137084][ T8715] __kasan_check_byte+0x2a/0x40 [ 382.137095][ T8715] lock_acquire+0x8d/0x360 [ 382.137106][ T8715] _raw_spin_lock_irqsave+0xa7/0xf0 [ 382.137121][ T8715] ? remove_wait_queue+0x24/0x120 [ 382.137134][ T8715] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 382.137151][ T8715] remove_wait_queue+0x24/0x120 [ 382.137166][ T8715] poll_freewait+0xb1/0x240 [ 382.137176][ T8715] do_sys_poll+0xda4/0x1070 [ 382.137188][ T8715] ? do_sys_poll+0x661/0x1070 [ 382.137200][ T8715] ? __pfx_do_sys_poll+0x10/0x10 [ 382.137211][ T8715] ? futex_unqueue+0x22/0x240 [ 382.137225][ T8715] ? __pfx_pollwake+0x10/0x10 [ 382.137235][ T8715] ? __pfx_pollwake+0x10/0x10 [ 382.137255][ T8715] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 382.137277][ T8715] ? set_user_sigmask+0x15b/0x1b0 [ 382.137287][ T8715] ? __pfx_set_user_sigmask+0x10/0x10 [ 382.137300][ T8715] __se_sys_ppoll+0x1ff/0x260 [ 382.137311][ T8715] ? __pfx___se_sys_ppoll+0x10/0x10 [ 382.137321][ T8715] ? rcu_is_watching+0x15/0xb0 [ 382.137345][ T8715] ? do_syscall_64+0xbe/0x3b0 [ 382.137356][ T8715] ? __x64_sys_ppoll+0x20/0xc0 [ 382.137367][ T8715] do_syscall_64+0xfa/0x3b0 [ 382.137379][ T8715] ? lockdep_hardirqs_on+0x9c/0x150 [ 382.137390][ T8715] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.137400][ T8715] ? clear_bhb_loop+0x60/0xb0 [ 382.137411][ T8715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.137422][ T8715] RIP: 0033:0x7f68d8f8ebe9 [ 382.137433][ T8715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 382.137442][ T8715] RSP: 002b:00007f68d9dec038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 382.137454][ T8715] RAX: ffffffffffffffda RBX: 00007f68d91b5fa0 RCX: 00007f68d8f8ebe9 [ 382.137463][ T8715] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000200000000100 [ 382.137469][ T8715] RBP: 00007f68d9011e19 R08: 0000000000000008 R09: 0000000000000000 [ 382.137476][ T8715] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000000 [ 382.137483][ T8715] R13: 00007f68d91b6038 R14: 00007f68d91b5fa0 R15: 00007fff134f5918 [ 382.137495][ T8715] [ 382.137499][ T8715] [ 382.433199][ T8715] Allocated by task 1: [ 382.437254][ T8715] kasan_save_track+0x3e/0x80 [ 382.441918][ T8715] __kasan_kmalloc+0x93/0xb0 [ 382.446488][ T8715] __kmalloc_cache_noprof+0x230/0x3d0 [ 382.451839][ T8715] comedi_device_postconfig+0x4a8/0xc90 [ 382.457365][ T8715] comedi_auto_config+0x267/0x380 [ 382.462368][ T8715] comedi_test_init+0x8e/0x110 [ 382.467106][ T8715] do_one_initcall+0x233/0x820 [ 382.471849][ T8715] do_initcall_level+0x137/0x1f0 [ 382.476779][ T8715] do_initcalls+0x69/0xd0 [ 382.481108][ T8715] kernel_init_freeable+0x3d9/0x570 [ 382.486302][ T8715] kernel_init+0x1d/0x1d0 [ 382.490618][ T8715] ret_from_fork+0x3fc/0x770 [ 382.495199][ T8715] ret_from_fork_asm+0x1a/0x30 [ 382.499949][ T8715] [ 382.502257][ T8715] Freed by task 8718: [ 382.506214][ T8715] kasan_save_track+0x3e/0x80 [ 382.510877][ T8715] kasan_save_free_info+0x46/0x50 [ 382.515883][ T8715] __kasan_slab_free+0x62/0x70 [ 382.520641][ T8715] kfree+0x18e/0x440 [ 382.524519][ T8715] comedi_device_detach+0x372/0x720 [ 382.529715][ T8715] comedi_unlocked_ioctl+0xbd2/0xfc0 [ 382.534983][ T8715] __se_sys_ioctl+0xfc/0x170 [ 382.539553][ T8715] do_syscall_64+0xfa/0x3b0 [ 382.544035][ T8715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 382.549909][ T8715] [ 382.552214][ T8715] The buggy address belongs to the object at ffff88814b7f6200 [ 382.552214][ T8715] which belongs to the cache kmalloc-256 of size 256 [ 382.566246][ T8715] The buggy address is located 176 bytes inside of [ 382.566246][ T8715] freed 256-byte region [ffff88814b7f6200, ffff88814b7f6300) [ 382.580019][ T8715] [ 382.582326][ T8715] The buggy address belongs to the physical page: [ 382.588736][ T8715] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x14b7f6 [ 382.597557][ T8715] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 382.606033][ T8715] flags: 0x57ff00000000040(head|node=1|zone=2|lastcpupid=0x7ff) [ 382.613668][ T8715] page_type: f5(slab) [ 382.617639][ T8715] raw: 057ff00000000040 ffff88801a441b40 dead000000000122 0000000000000000 [ 382.626201][ T8715] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 382.634762][ T8715] head: 057ff00000000040 ffff88801a441b40 dead000000000122 0000000000000000 [ 382.643409][ T8715] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 382.652059][ T8715] head: 057ff00000000001 ffffea00052dfd81 00000000ffffffff 00000000ffffffff [ 382.660708][ T8715] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 382.669366][ T8715] page dumped because: kasan: bad access detected [ 382.675782][ T8715] page_owner tracks the page as allocated [ 382.681480][ T8715] page last allocated via order 1, migratetype Unmovable, gfp_mask 0xd20c0(__GFP_IO|__GFP_FS|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1, tgid 1 (swapper/0), ts 17946702950, free_ts 0 [ 382.701181][ T8715] post_alloc_hook+0x240/0x2a0 [ 382.705944][ T8715] get_page_from_freelist+0x21d5/0x22b0 [ 382.711475][ T8715] __alloc_frozen_pages_noprof+0x181/0x370 [ 382.717259][ T8715] alloc_pages_mpol+0x232/0x4a0 [ 382.722087][ T8715] allocate_slab+0x8a/0x3b0 [ 382.726570][ T8715] ___slab_alloc+0xbfc/0x1480 [ 382.731254][ T8715] __kmalloc_noprof+0x305/0x4f0 [ 382.736088][ T8715] comedi_alloc_devpriv+0x1f/0x60 [ 382.741103][ T8715] waveform_common_attach+0x27/0x800 [ 382.746383][ T8715] comedi_auto_config+0x248/0x380 [ 382.751493][ T8715] comedi_test_init+0x8e/0x110 [ 382.756249][ T8715] do_one_initcall+0x233/0x820 [ 382.761000][ T8715] do_initcall_level+0x137/0x1f0 [ 382.765926][ T8715] do_initcalls+0x69/0xd0 [ 382.770258][ T8715] kernel_init_freeable+0x3d9/0x570 [ 382.775440][ T8715] kernel_init+0x1d/0x1d0 [ 382.779753][ T8715] page_owner free stack trace missing [ 382.785102][ T8715] [ 382.787407][ T8715] Memory state around the buggy address: [ 382.793017][ T8715] ffff88814b7f6180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 382.801144][ T8715] ffff88814b7f6200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 382.809196][ T8715] >ffff88814b7f6280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 382.817238][ T8715] ^ [ 382.822850][ T8715] ffff88814b7f6300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 382.830899][ T8715] ffff88814b7f6380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 382.838947][ T8715] ================================================================== [ 382.847011][ T8715] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 382.854205][ T8715] CPU: 1 UID: 0 PID: 8715 Comm: syz.3.748 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 382.864001][ T8715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 382.874042][ T8715] Call Trace: [ 382.877308][ T8715] [ 382.880228][ T8715] dump_stack_lvl+0x99/0x250 [ 382.884811][ T8715] ? __asan_memcpy+0x40/0x70 [ 382.889390][ T8715] ? __pfx_dump_stack_lvl+0x10/0x10 [ 382.894569][ T8715] ? __pfx__printk+0x10/0x10 [ 382.899145][ T8715] panic+0x2db/0x790 [ 382.903041][ T8715] ? __pfx_panic+0x10/0x10 [ 382.907457][ T8715] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 382.913365][ T8715] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 382.919678][ T8715] ? print_memory_metadata+0x314/0x400 [ 382.925137][ T8715] ? _raw_spin_lock_irqsave+0xa7/0xf0 [ 382.930505][ T8715] check_panic_on_warn+0x89/0xb0 [ 382.935433][ T8715] ? _raw_spin_lock_irqsave+0xa7/0xf0 [ 382.940788][ T8715] end_report+0x78/0x160 [ 382.945014][ T8715] kasan_report+0x129/0x150 [ 382.949494][ T8715] ? _raw_spin_lock_irqsave+0xa7/0xf0 [ 382.954856][ T8715] ? remove_wait_queue+0x24/0x120 [ 382.959872][ T8715] __kasan_check_byte+0x2a/0x40 [ 382.964715][ T8715] lock_acquire+0x8d/0x360 [ 382.969125][ T8715] _raw_spin_lock_irqsave+0xa7/0xf0 [ 382.974319][ T8715] ? remove_wait_queue+0x24/0x120 [ 382.979333][ T8715] ? __pfx__raw_spin_lock_irqsave+0x10/0x10 [ 382.985233][ T8715] remove_wait_queue+0x24/0x120 [ 382.990077][ T8715] poll_freewait+0xb1/0x240 [ 382.994575][ T8715] do_sys_poll+0xda4/0x1070 [ 382.999072][ T8715] ? do_sys_poll+0x661/0x1070 [ 383.003736][ T8715] ? __pfx_do_sys_poll+0x10/0x10 [ 383.008655][ T8715] ? futex_unqueue+0x22/0x240 [ 383.013319][ T8715] ? __pfx_pollwake+0x10/0x10 [ 383.017975][ T8715] ? __pfx_pollwake+0x10/0x10 [ 383.022642][ T8715] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 383.028018][ T8715] ? set_user_sigmask+0x15b/0x1b0 [ 383.033038][ T8715] ? __pfx_set_user_sigmask+0x10/0x10 [ 383.038401][ T8715] __se_sys_ppoll+0x1ff/0x260 [ 383.043067][ T8715] ? __pfx___se_sys_ppoll+0x10/0x10 [ 383.048248][ T8715] ? rcu_is_watching+0x15/0xb0 [ 383.052998][ T8715] ? do_syscall_64+0xbe/0x3b0 [ 383.057679][ T8715] ? __x64_sys_ppoll+0x20/0xc0 [ 383.062452][ T8715] do_syscall_64+0xfa/0x3b0 [ 383.066958][ T8715] ? lockdep_hardirqs_on+0x9c/0x150 [ 383.072150][ T8715] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.078214][ T8715] ? clear_bhb_loop+0x60/0xb0 [ 383.082890][ T8715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.088770][ T8715] RIP: 0033:0x7f68d8f8ebe9 [ 383.093173][ T8715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 383.112795][ T8715] RSP: 002b:00007f68d9dec038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 383.121194][ T8715] RAX: ffffffffffffffda RBX: 00007f68d91b5fa0 RCX: 00007f68d8f8ebe9 [ 383.129166][ T8715] RDX: 0000000000000000 RSI: 0000000000000003 RDI: 0000200000000100 [ 383.137138][ T8715] RBP: 00007f68d9011e19 R08: 0000000000000008 R09: 0000000000000000 [ 383.145101][ T8715] R10: 0000200000000280 R11: 0000000000000246 R12: 0000000000000000 [ 383.153073][ T8715] R13: 00007f68d91b6038 R14: 00007f68d91b5fa0 R15: 00007fff134f5918 [ 383.161042][ T8715] [ 383.164317][ T8715] Kernel Offset: disabled [ 383.168630][ T8715] Rebooting in 86400 seconds..