last executing test programs: 10.607638287s ago: executing program 2 (id=2228): r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, &(0x7f0000000c40)={{0x0, 0x0, 0x4000, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x429, 0x0, 0xfffffffffffffffc, 0x0, 0x80000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5, 0x2, 0x7, 0x2000000000000000, 0x7, 0x7ff, 0xfffffffe, 0x0, 0x40, 0x0, 0x0, 0x100000001, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffff9, 0x0, 0x6, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffd, 0x50b, 0x0, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffe, 0x2080000000000000, 0x0, 0x4, 0x20000, 0x0, 0x40, 0xfffffffffffffffc, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffa, 0x5, 0x401, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x400000000000, 0x3, 0x1, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x40000000000000, 0x1, 0x0, 0x0, 0x3, 0x0, 0x10, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0xfffffffffffffffc, 0xffffffff, 0x3, 0x6, 0x0, 0xfffffffffffffffc, 0x80000000000000, 0xfffffffc, 0x1, 0x8, 0x200, 0x5, 0x3, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x4, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0xde4, 0xffffffffffffff77, 0x0, 0x100000003]}) 10.430471979s ago: executing program 2 (id=2229): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a0000070900010073797a31000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000000e0a010100000000000000000a0000060900020073797a31000000000900010073797a31ff"], 0x70}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) 8.897202867s ago: executing program 2 (id=2231): r0 = syz_open_dev$I2C(&(0x7f0000000180), 0x0, 0x0) r1 = syz_usb_connect(0x3, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201410117512920570509201ec70102030109022400010200100009045807028ab53800090506020001000006090582020002"], 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$uac1(r1, 0x0, 0x0) syz_usb_control_io$rtl8150(r1, 0x0, 0x0) r2 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) getsockopt$inet6_int(r2, 0x29, 0xcf, 0x0, &(0x7f0000002080)=0xffffffffffffffa2) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) r3 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000240)='clear_refs\x00') writev(r3, &(0x7f0000000140)=[{&(0x7f00000000c0)='2', 0x1}], 0x1) ioctl$I2C_SMBUS(r0, 0x720, &(0x7f0000000100)={0x0, 0x0, 0x8, &(0x7f00000000c0)={0x22, "d69a00000000001c028f7e453b653a1478005a31589cff42e82e58b2b3b9de670d"}}) r4 = socket$inet6(0xa, 0x80003, 0x6) connect$inet6(r4, &(0x7f00000000c0)={0xa, 0x0, 0x0, @loopback}, 0x1c) socket$nl_netfilter(0x10, 0x3, 0xc) socket$igmp6(0xa, 0x3, 0x2) sendmsg$unix(0xffffffffffffffff, &(0x7f0000000880)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2ac3c2d5fa4423c5ad1ddee97879c38b", 0x10}], 0x1}, 0x840) r5 = socket$inet(0x2, 0x2, 0x0) setsockopt$inet_msfilter(r5, 0x0, 0x29, &(0x7f0000000000)=ANY=[], 0x57) r6 = socket(0x10, 0x3, 0x0) r7 = socket$alg(0x26, 0x5, 0x0) bind$alg(r7, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r7, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d49100dc6626c892b6bc436a", 0x10) r8 = accept4(r7, 0x0, 0x0, 0x0) poll(&(0x7f00000000c0)=[{r8}], 0x1, 0x70) sendmsg$alg(r8, &(0x7f0000000100)={0x0, 0x0, 0x0}, 0x8001) setsockopt$netlink_NETLINK_TX_RING(r6, 0x10e, 0xc, &(0x7f0000000040)={0x10000802, 0x80, 0x0, 0x40000}, 0x10) sendmsg$nl_generic(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000003c0)=ANY=[@ANYBLOB="280000005200010004000000000000001c0000001400", @ANYRES16=r6], 0x28}}, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f0000001100)=[{{0x0, 0x0, &(0x7f0000000b80)=[{&(0x7f0000000280)=""/24, 0x18}], 0x1}, 0x9}], 0x1, 0x400000a0, 0x0) sendmmsg(r4, &(0x7f0000000480), 0x2e9, 0x0) 7.190434741s ago: executing program 0 (id=2242): socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$IPVS_CMD_GET_INFO(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000000c0)={0x14, r2, 0x1, 0x70bd2b, 0x25dfdbfd}, 0x14}, 0x1, 0x0, 0x0, 0x1}, 0x10) sendmsg$NL80211_CMD_STOP_SCHED_SCAN(r1, &(0x7f0000000100)={&(0x7f0000000000)={0x10, 0x0, 0x0, 0x8}, 0xc, &(0x7f00000000c0)={&(0x7f0000000200)=ANY=[@ANYRES64=r2, @ANYBLOB="8a5540658b20cb59f37c21e0ae444c84abc769900f640d0bc4f91c5049a9db3d2179d5f26016d9b7627109446756e7e670185382aa3fd3a4ceca41710e3906e1be", @ANYRESOCT=r0, @ANYRES32=r2, @ANYBLOB="0c009900080000002e0000000c0058006b000000000000000c0058000200000000000000"], 0x40}, 0x1, 0x0, 0x0, 0x8040}, 0x40000) 7.166229011s ago: executing program 0 (id=2243): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000140)=ANY=[@ANYBLOB="12010000413f5f201d0650c16fce0102030109021b00010000100009043300011870f500090582020002"], 0x0) syz_usb_control_io$hid(r1, 0x0, 0x0) r2 = syz_open_dev$usbfs(&(0x7f0000000000), 0x77, 0x101101) ioctl$USBDEVFS_ALLOC_STREAMS(r2, 0x8008551c, &(0x7f0000000040)=ANY=[@ANYBLOB="62da20000b"]) ioctl$TCSETS(0xffffffffffffffff, 0x404c4701, &(0x7f0000000040)={0x1, 0x0, 0xe, 0x400000, 0x14, "3eccd8000000000000000110000000040100"}) r3 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) sendmmsg$inet(r3, &(0x7f0000002e00)=[{{0x0, 0x0, 0x0}}, {{0x0, 0x0, &(0x7f00000021c0)=[{&(0x7f0000000f80)="274cabed10a102e5ee7958396cb5d9ca5281effc27fc038e99b5ed2b276ce00a2e", 0x21}, {&(0x7f0000001000)="73592bcbd77f8c5d32ace86682ca6b41fa5775f6a2c615af3e32938769f77ce40b6de2b7fd459f0663d856dc1d756f24608ed70a3748e63d5eb037ed9feba1c2d399b77c2cf264ca25afaba04f1daf2395b6a24399770672b53e9f83b3a63d", 0x5f}], 0x2}}], 0x2, 0x0) sendmsg$IPSET_CMD_GET_BYINDEX(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000040)=ANY=[@ANYBLOB="240000000f060101"], 0x24}, 0x1, 0x0, 0x0, 0x44000}, 0x4000000) r4 = syz_clone(0x32008211, 0x0, 0xfd69, 0x0, 0x0, 0x0) ptrace(0x10, r4) ptrace$setregs(0xd, r4, 0x1, &(0x7f0000000140)="1f0bd3802e5a60643477bdfc11ec6c6307cda15c68416c38285a2616e824ede0e2a7a816754f472d3e1f8cf7a5cc47411d6a305ea91cd2433d48edf7e7491c3d7f2e8733109429b32b35a2e36dbafde4b28710a94d77796adb81139397a04719ea1d7f1885ec5bdd65a980063961ff949320c533d47bf7b16552b5fa83a073566ad64e816d00b34cc7") ptrace$getregset(0x4204, r4, 0x1, &(0x7f0000001180)={&(0x7f0000000080)=""/68, 0x44}) syz_usb_ep_write$ath9k_ep1(r1, 0x82, 0xa8, &(0x7f0000000040)=ANY=[@ANYBLOB="6b0ee0b3d41b1b"]) syz_usb_control_io$lan78xx(r1, &(0x7f00000002c0)={0x14, &(0x7f00000000c0)={0x0, 0x22, 0x75, {0x75, 0x31, "b96b5c24ea6aef437288a1bcad8015399cb54aff3e242e2fccff73f4c1370c504d25f94d2c17087fdb47ff858e322301334cfdf3f6aeda944b8fe8c6a03919eb82e89b9e2bc28d83023d40fb67ac33414fd4f2cb6ecf89d9e48470429303f388d1d4a5cc7305189a23cff7181e50228efccda7"}}, &(0x7f0000000200)={0x0, 0x3, 0xa3, @string={0xa3, 0x3, "d192a6bdf99b12dcced611a6c615fd59fae8814006ce43cece6eb8ce5193039794f7a0dc02347f19c408c326422aab5dbb728f5c7c08bc6344ebd55fa50709ce76a24bab6c7262b67e06a6f65ebf7b7e515258cdc733d87c2e9531b5c4e96517cf8a07eccf38c49d6212580c31bdeb595bd360050ce4baba572072eae316273a573b4c3c027fd9655ccf988fa19787f7e439a0cdecbd70f6f5c2e50629dedda9ea"}}}, &(0x7f0000000500)={0x34, &(0x7f0000000300)={0x40, 0x16, 0xa2, "95044b0f873a1dca8b9d646c12ecc9d3289bd528c6aa63d00ca6a7d9003d98559392d139d569e5f563572a5d764a3dc2c94f15b5b202f47b879d1bc9d94984c16dc6f13491739b1b5d1e3e9c8b8e8e63e969561a5e753acc4d4100c7e6c6c437b19a662cda14dc30e362f12318db6d764d9a9331900061cfa56711438194e33c8c30a95acee408c951f4e7863d2513025dfe5a88096b18431db3a09d0e8dfaa4eebc"}, &(0x7f00000003c0)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000400)={0x0, 0x8, 0x1, 0x8}, &(0x7f0000000440)={0xc0, 0xa1, 0x4, 0x84}, &(0x7f0000000480)={0x40, 0xa0, 0x4, 0xfffffff7}, &(0x7f00000004c0)={0xc0, 0xa2, 0x2f, "26fd56c85dcb27ecfe7c033b8577f86604710c355129cf9632c2fc19cbe67a803f6c5d90149791d126a481f339dc29"}}) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f0000000080)) 6.79464163s ago: executing program 2 (id=2245): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001000000000904", @ANYRES64], 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) r1 = socket$inet6_mptcp(0xa, 0x1, 0x106) shutdown(r1, 0x3) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0xfffffffffffffffe) 4.651854046s ago: executing program 2 (id=2254): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000002c0)={'wlan0\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000100), r0) sendmsg$NL80211_CMD_AUTHENTICATE(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f00000001c0)={0x50, r2, 0x1, 0x20000002, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @key_params=[@NL80211_ATTR_MAC={0xa}], @NL80211_ATTR_AUTH_TYPE={0x8}, @NL80211_ATTR_SSID={0xa, 0x34, @default_ap_ssid}, @key_params=[@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_DEFAULT={0x4}, @NL80211_KEY_DEFAULT_MGMT={0x4}]}]]}, 0x50}, 0x1, 0x0, 0x0, 0x40000}, 0x0) r3 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001000000000904", @ANYRES64], 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$printer(r3, 0x0, 0x0) r4 = openat$vcsa(0xffffffffffffff9c, &(0x7f0000000000), 0x230180, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000040)={0x1, 0x2, 0xf000, 0x1000, &(0x7f0000ffc000/0x1000)=nil}) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$hid(r3, 0x0, 0x0) syz_usb_control_io(r3, 0x0, 0x0) syz_usb_control_io$printer(r3, 0x0, 0x0) r5 = socket$nl_xfrm(0x10, 0x3, 0x6) io_setup(0x202, &(0x7f0000000480)=0x0) io_submit(r6, 0x1, &(0x7f0000000540)=[&(0x7f00000000c0)={0x25, 0xe7030003, 0x8, 0x1, 0x0, r5, 0x0}]) syz_usb_control_io$uac1(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r3, 0x0, 0xfffffffffffffffe) syz_usb_control_io$cdc_ncm(r3, &(0x7f0000000100)={0x14, &(0x7f0000000400)=ANY=[@ANYBLOB="2030b9000000b909bfc1a48bf1c13a5688ef2738f72da4a4d3d04c8e75ed6cf78366f0745fa9686761456f4f60f27647d69c1b875f144ebd76827a34557ec5bba41aefca98ce7832dc31185f028f8b7e4906d67299994cecebb55ae49ebc90789470ca5d860973b4988506945be18c3389ba76f9a25a3606a51ee338dfc784ae675ba1e122ea8e184e525108921b8ccad53e81018f59263a1700da8aa276581f19998eca998ec6c47683331efc6760192ad8c8f2963b5a5690b9b5f33fa5f06ad87ae2e0a8de14ab9f7e35f53ff4ef4b76230c3c4a2be3c804c5abb7ec8f7be86114a166f7ac3bee4cdb721b7ed4b2146706cae8525a4b35e00a25166a6ca02156c921f8ffd95036a10b8bc2bb738d863efd1d5becc84ed160e2999064f490f81cbadad7c29cc67e099a0d27078d38e015760324ccad44eb2b63cfcc825b7decf976e90c6469fa064224051f4a2e1e9c1af74d056d"], &(0x7f00000000c0)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f0000000380)={0x44, &(0x7f0000000140)={0x40, 0x13, 0x22, "161ec4dc0fe8fa68b5413e1d2c0773860fb4456715032817ed788e4405cc57bffd72"}, &(0x7f0000000180)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000200)={0x0, 0x8, 0x1, 0x3}, &(0x7f0000000240)={0x20, 0x80, 0x1c, {0x0, 0x4, 0x80, 0x81, 0xfc01, 0x7, 0x9, 0x10000, 0xb, 0xfff, 0xf, 0xf9}}, &(0x7f0000000280)={0x20, 0x85, 0x4, 0x3}, &(0x7f00000002c0)={0x20, 0x83, 0x2, 0x1}, &(0x7f0000000300)={0x20, 0x87, 0x2, 0xc}, &(0x7f0000000340)={0x20, 0x89, 0x2}}) 3.936841162s ago: executing program 0 (id=2255): r0 = socket$netlink(0x10, 0x3, 0xa) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000000)={'wlan0\x00', 0x0}) r2 = syz_init_net_socket$802154_dgram(0x24, 0x2, 0x0) bind$802154_dgram(r2, 0x0, 0x0) sendmsg$NL80211_CMD_PEER_MEASUREMENT_START(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000140)=ANY=[@ANYBLOB="51030000", @ANYRES32=r1, @ANYRESHEX=r2, @ANYRES32=r0, @ANYRES8=r0], 0x1544}, 0x1, 0x0, 0x0, 0x800}, 0x48000) r3 = socket$phonet_pipe(0x23, 0x5, 0x2) ioctl$sock_SIOCINQ(r3, 0x541b, &(0x7f0000000100)) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000080)={0x2, 0xcf70, {0x0}, {0xee00}, 0x80000000, 0x2}) r5 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCSETD(r5, 0x5423, &(0x7f0000000040)=0x1) ioctl$TIOCSETD(r5, 0x5423, &(0x7f00000001c0)=0x7) r6 = getpid() r7 = getpgid(0x0) kcmp$KCMP_EPOLL_TFD(r6, r7, 0x7, 0xffffffffffffffff, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff, 0xc}) r8 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x0) getsockopt$IP_VS_SO_GET_SERVICE(r8, 0x0, 0x483, 0x0, 0x0) kcmp(r4, r7, 0x0, r8, r3) ioctl$sock_inet_SIOCGIFDSTADDR(r0, 0x8917, &(0x7f0000000040)={'pim6reg\x00', {0x2, 0x0, @local}}) 3.470499771s ago: executing program 0 (id=2258): capset(0x0, &(0x7f0000000040)={0x81, 0x21fff8, 0xc, 0x0, 0x3fffff, 0xfffffffe}) (async) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000080)={0x8, 0x2, {0x0}, {}, 0x0, 0xfffffffffffffff9}) capget(&(0x7f00000000c0)={0x20071026, r0}, &(0x7f0000000140)={0x3, 0x7fffffff, 0x4, 0x2, 0x4b5, 0x8}) (async) r1 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) (async) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) write$binfmt_misc(r2, &(0x7f0000000040), 0xe09) (async) ioctl$LOOP_CONFIGURE(r1, 0x4c0a, &(0x7f00000002c0)={r2, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0xffffffff9673e35d]}}) 3.069993513s ago: executing program 0 (id=2263): syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="1201000000000010ac0544020000000000010902240001000000000904000000030002c2aa45f037401ca2d91500092100000001220000090581030000000000"], 0x0) (async) r0 = openat$drirender128(0xffffffffffffff9c, &(0x7f0000000000), 0x8000, 0x0) ioctl$DRM_IOCTL_DROP_MASTER(r0, 0x641f) (async) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r2 = syz_open_procfs$pagemap(0xffffffffffffffff, &(0x7f0000000000)) ioctl$PAGEMAP_SCAN(r2, 0xc0606610, &(0x7f00000000c0)={0x60, 0x3, &(0x7f0000ffa000/0x3000)=nil, &(0x7f0000ffb000/0x5000)=nil, 0x20000d728, 0x0, 0x3b, 0x7, 0x0, 0x58, 0x4c}) (async) ioctl$UI_DEV_SETUP(r1, 0x5501, 0x0) (async) r3 = open(&(0x7f00009e1000)='./file0\x00', 0x60840, 0x0) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r1, 0x40189429, 0x0) (async) fcntl$setsig(r3, 0xa, 0x13) (async) fcntl$setlease(r3, 0x400, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x12, 0x0, @thr={0x0, 0x0}}, &(0x7f0000000280)) (async) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x1c9c380}}, 0x0) truncate(&(0x7f0000000140)='./file0\x00', 0x0) (async) r4 = socket(0x10, 0x3, 0x0) (async) r5 = socket$tipc(0x1e, 0x2, 0x0) sendmsg$inet(r5, &(0x7f00000019c0)={&(0x7f00000015c0)={0x1e, 0x4e21, @broadcast}, 0x10, 0x0}, 0x4000014) r6 = openat$nvram(0xffffffffffffff9c, &(0x7f0000000200), 0x40, 0x0) socket(0x2c, 0x806, 0x0) (async) lseek(r6, 0xfff, 0x3) (async) write(r4, &(0x7f0000000580)="240000001e005f031400ff01000000f80700b3586ff606c2e553797c080008e467dc0000", 0x24) (async) r7 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r7, 0x84, 0x64, &(0x7f0000000080)=[@in={0x2, 0x4e21, @local}], 0x10) sendmsg$inet_sctp(r7, &(0x7f0000000700)={&(0x7f0000000340)=@in={0x2, 0x4e21, @local}, 0x10, &(0x7f00000002c0)=[{&(0x7f0000000640)='\x00', 0x1}], 0x1, 0x0, 0x0, 0x804c040}, 0x0) (async) write$FUSE_DIRENTPLUS(r2, &(0x7f00000008c0)={0x3f8, 0xfffffffffffffffc, 0x0, [{{0x5, 0x0, 0x2, 0x80, 0x2, 0x4, {0x5, 0xfffffffffffffffe, 0x100, 0x8, 0x9, 0xe9, 0x4, 0x7fffffff, 0x7fffffff, 0x2000, 0x4, 0x0, 0xee01, 0x6, 0x1000}}, {0x4, 0x1, 0x18, 0x3, '/dev/infiniband/rdma_cm\x00'}}, {{0x0, 0x2, 0x0, 0x80000000, 0x9e, 0x1ff, {0x3, 0x80000001, 0x156, 0x4, 0x0, 0x7, 0x6, 0x1, 0x3ff, 0x2000, 0x9, 0x0, 0x0, 0x6, 0x6}}, {0x5, 0x5, 0x2, 0x1, ')^'}}, {{0x6, 0x2, 0x7, 0x7, 0x9, 0xb, {0x4, 0x4, 0x3, 0x7fffffff, 0xfffffffffffffff9, 0x3, 0x5, 0x9, 0xef49, 0x1000, 0x1000, 0xee00, 0x0, 0x8, 0x6}}, {0x4, 0x4, 0x9, 0x5, '/dev/kvm\x00'}}, {{0x2, 0x0, 0x3, 0x18906804, 0xbbd, 0x1, {0x1, 0x3, 0x8, 0x1, 0x4, 0x40, 0x80000001, 0x7, 0x9, 0x8000, 0x1, 0x0, 0x0, 0xe, 0xf}}, {0x6, 0x5, 0x18, 0x200, '/dev/infiniband/rdma_cm\x00'}}, {{0x5, 0x0, 0x9, 0x7, 0x8, 0xb53, {0x4, 0xff, 0x1628, 0x6, 0x3, 0x2, 0x9, 0x5, 0x3, 0x6000, 0x54123ef9, 0x0, 0x0, 0x7f, 0x8}}, {0x5, 0x8, 0x3, 0x5, '+@)'}}, {{0x3, 0x1, 0xfffffffffffffffd, 0x9, 0x8, 0x7fffffff, {0x2, 0x6, 0x80, 0x0, 0xf, 0x9, 0x7fffffff, 0x8, 0x80, 0x8000, 0x68, 0xee01, 0x0, 0x2, 0x8}}, {0x0, 0x100000000, 0x2, 0xd3, '*)'}}]}, 0x3f8) (async) read(r7, &(0x7f0000000380)=""/238, 0xee) r8 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r8, 0xae01, 0x0) r9 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000004c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_QUERY_ROUTE(r9, &(0x7f0000000400)={0x5, 0x10, 0xc7, {0x0}}, 0x18) 2.929895534s ago: executing program 0 (id=2264): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000001c0)=ANY=[@ANYBLOB="120100001d9167204f17316a3f26010203010902120001000000000904", @ANYRES64], 0x0) syz_usb_control_io$rtl8150(r0, &(0x7f00000007c0)={0x14, 0x0, &(0x7f0000000740)={0x0, 0x3, 0x2, @string={0x2}}}, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$sierra_net(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, &(0x7f0000000100)={0x14, &(0x7f0000000000)={0x20, 0x6, 0xb3, {0xb3, 0xc, "7380ebe8de5cf00dba33869e93e776780e741528f2630f8fbc1e78fd4038b42d99d814caea9fdf051edc66b89f5494c82618a6ed8931fee5e1f77c24fa2b7f4f24f8be86c80b595f8809533e132b983c470869e9eb0de2ed48cdbe9c88c62a21c33f99c8aec0bf26e08bbe64d13d8c0c252391d66b5e7f927f97f4389e6e84e7afff084298c237f0ecfbbad055d71350d5049b5550a952ca9a2af492047922db3fce8433c08ef3bbc78398df2e5b59255e"}}, &(0x7f00000000c0)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x412}}}, &(0x7f0000000340)={0x2c, &(0x7f0000000200)={0x40, 0x11, 0xb4, "5a560b8fe034087c0665ee9b6b8fa47e5cc2ede73deb78fe54761db1a5ef4736e82b2e2a47534c1f97e05583addc84da74b7dbdd0efecbd3a8bb5c1b57bc7a34d5c470441a82a9e32f3d8c158388a6071f22ec04829b8b5c12cbb70e5fffc6d7f98fb065958dd59636d8dfca9f593ac1c669c8330a609b11e2e9ec8e50fa05e6c042074da0e47e746f841aaabb64008a54aac2fae96bd9be91911c5d7f08a6f8870fece6227693831559674c53898e4265cc8faf"}, &(0x7f0000000140)={0x0, 0xa, 0x1, 0x5}, &(0x7f0000000180)={0x0, 0x8, 0x1, 0x3}, &(0x7f00000002c0)={0xc0, 0x5, 0x6, "eef5fe5a59d0"}, &(0x7f0000000300)={0x40, 0x5, 0x4, "f576b962"}}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r1, 0x4018620d, &(0x7f0000000100)) r2 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000180)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000280)=[@increfs], 0x0, 0x0, 0x0}) r3 = dup3(r2, r1, 0x0) r4 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r4, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r4, 0x4018620d, &(0x7f00000002c0)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000e00)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f0000000300)={0x4c, 0x0, &(0x7f0000000540)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x11, 0x0, 0x0, 0x48, 0x0, &(0x7f00000005c0)={@flat=@weak_binder={0x77622a85, 0x1000}, @flat=@binder={0x73622a85, 0x18a, 0x3}, @flat=@weak_handle={0x77682a85, 0x1001}}, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r3, 0xc0306201, &(0x7f0000000240)={0x0, 0x0, 0x0, 0x2, 0x1000000, &(0x7f00000006c0)="e101"}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 1.99642114s ago: executing program 2 (id=2272): r0 = syz_usb_connect(0x0, 0x36, &(0x7f0000000080)={{0x12, 0x1, 0x141, 0x48, 0x13, 0x44, 0x20, 0x424, 0x7500, 0x69ee, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x10, 0x0, [{{0x9, 0x4, 0xb8, 0x7, 0x2, 0x96, 0xd1, 0xca, 0x0, [], [{{0x9, 0x5, 0x6, 0x2, 0x200, 0xd, 0x0, 0x6}}, {{0x9, 0x5, 0x82, 0x2, 0x200, 0x0, 0x1, 0x10}}]}}]}}]}}, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000900)={0x84, &(0x7f00000003c0)={0x0, 0x17, 0x4, "abe763a8"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000013c0)={0x44, &(0x7f0000000540)={0x0, 0x9, 0x4, "fd980000"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000fc0)={0x84, &(0x7f0000000300)={0x40, 0xb, 0x4, "ecae0aac"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000009c0)={0x44, &(0x7f0000000480)=ANY=[@ANYBLOB="00000002"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000d80)={0x2c, &(0x7f0000000b40)={0x40, 0x16, 0x4, "50db0822"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000800)={0x44, &(0x7f0000000600)={0x40, 0x8, 0x5, "9367a047ec"}, 0x0, &(0x7f0000000680)={0x0, 0x8, 0x1, 0x8}, &(0x7f00000006c0)={0x20, 0x81, 0x2, "caf8"}, &(0x7f0000000700)={0x20, 0x82, 0x2, "aecc"}, &(0x7f0000000740)={0x20, 0x83, 0x1, "b0"}, &(0x7f0000000780)={0x20, 0x84, 0x2, '%l'}, &(0x7f00000007c0)={0x20, 0x85, 0x3, "2e5cf0"}}) 1.767904225s ago: executing program 3 (id=2275): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000540)=[{&(0x7f0000000680)="d8000000180081054e81f782db4cb904021d0800fe00fe05e8fe55a10a0015000600142603600e1208000f007f370301f5021600a40002400f000100035c0461c1d67f6f94007134cf6edb8018a007a290457f0189b31627d1c76bbace8017cbec4c2ee5a7cef4090014d653d276b5f995b6cca0c0b42adfdf76f8b8ec4eb126791c2ce768a1e5ef377572c01f22e75575321de7dcfa2f2212b62b8bbd9bdb98aeaa5539f9722c01acbc0bf614f24a82335575f15374b59a55e3ec67bf3d7d8dae70b19db5c425cdca22d56f5ed3816a822cc67bee0dceb3", 0xd8}], 0x1}, 0x200000d4) close(r0) r2 = socket(0x2b, 0x1, 0x1) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e21, 0x8, @dev={0xfe, 0x80, '\x00', 0x31}}, 0xfffffe5e) listen(r0, 0x5) r3 = socket$inet_mptcp(0x2, 0x1, 0x106) accept$packet(r2, &(0x7f0000004ec0)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @dev}, 0x0) r4 = socket(0x2, 0x80805, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r4, 0x84, 0x14, &(0x7f0000000080)=@assoc_value, &(0x7f0000000040)=0x8) r5 = syz_open_dev$sg(&(0x7f00000004c0), 0x0, 0x20c02) writev(r5, &(0x7f0000000000)=[{&(0x7f00000002c0)="aefdda9d240303005a90f57f07703aeff0f64eb9ee07962c220a2e11b44e65d76641cb010852f426072a", 0x2a}], 0x1) read(r5, 0x0, 0x0) connect$inet(r3, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x72) 974.307039ms ago: executing program 1 (id=2279): r0 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$inet_tcp_int(r0, 0x6, 0x210000000013, &(0x7f00000000c0)=0x100000001, 0x4) rt_sigaction(0xd, &(0x7f0000000180)={&(0x7f0000000000)="ca00d1c441ef196ec866400fe2de0fae4e0afaf2466ff00fc01ec422e10399c5c1202063df", 0xdc000006, 0x0, {[0x2]}}, 0x0, 0x8, &(0x7f0000000300)) poll(&(0x7f0000000040)=[{0xffffffffffffffff, 0x80cd}], 0x1, 0x4) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000280)='cpuacct.usage_percpu\x00', 0x275a, 0x0) write$UHID_CREATE2(r2, &(0x7f0000000040)=ANY=[], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x88fd537e5c114b6e, 0x12, r2, 0x0) getsockopt$inet6_tcp_buf(r2, 0x6, 0x1a, &(0x7f0000000340)=""/187, &(0x7f0000000080)=0xbb) ioctl$KVM_X86_SETUP_MCE(0xffffffffffffffff, 0x4008ae9c, &(0x7f0000000000)={0x1c, 0x7b52e4aff0f1e2e5, 0x4}) sendmmsg$inet6(r1, &(0x7f0000003c00)=[{{0x0, 0x0, 0x0}}], 0x1, 0x0) connect$inet(r0, &(0x7f0000000180)={0x2, 0x4e21, @local}, 0x10) setsockopt$inet_tcp_TCP_REPAIR_OPTIONS(r0, 0x6, 0x16, &(0x7f0000000000)=[@mss, @sack_perm, @window={0x3, 0x7}, @mss={0x2, 0xfff}], 0x4) r3 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$BTRFS_IOC_QGROUP_ASSIGN(r3, 0x40189429, &(0x7f0000000040)={0xffff, 0x3, 0x9}) ioctl$FS_IOC_FSGETXATTR(r3, 0x801c581f, &(0x7f0000000000)={0x9a7, 0xfd, 0x5, 0x101, 0x5}) syz_usb_connect(0x0, 0x24, &(0x7f0000000600)=ANY=[@ANYBLOB="1201000047ff4f40d3131132677a010203010902120001760fb30f09040001"], 0x0) r4 = syz_open_procfs$userns(0x0, &(0x7f00000001c0)) open_by_handle_at(r4, &(0x7f0000000900)=ANY=[@ANYBLOB="10000000f10000000b"], 0x400040) 876.996746ms ago: executing program 3 (id=2280): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_int(r1, 0x107, 0xa, &(0x7f0000000080)=0xe, 0x4) ioctl$VT_OPENQRY(r0, 0x5600, &(0x7f0000000080)) 778.273765ms ago: executing program 3 (id=2281): openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r0 = creat(&(0x7f0000000100)='./file0\x00', 0xd931d3864d39dcca) (async) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)) r1 = socket$packet(0x11, 0x2, 0x300) (async) r2 = creat(&(0x7f0000000240)='./file0\x00', 0x7) r3 = userfaultfd(0x80001) ioctl$UFFDIO_API(r3, 0xc018aa3f, &(0x7f0000000140)={0xaa, 0x281}) (async) ioctl$UFFDIO_REGISTER(r3, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) (async) r4 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r4, 0x11b, 0x4, &(0x7f0000000280)={&(0x7f0000000000)=""/59, 0x11000, 0x800, 0x0, 0x3}, 0x20) (async, rerun: 32) ioctl$UFFDIO_COPY(r3, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) (rerun: 32) r5 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r5, 0x0, 0x40) (async) r6 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)=[{&(0x7f0000000000)=ANY=[@ANYBLOB="28000000120001000300000000000000100000000c000000040000000000000005003580f8000000"], 0x28}], 0x1, 0x0, 0x0, 0x40801}, 0x4000800) (async) timer_delete(0x0) (async) timer_settime(0x0, 0x1, 0x0, 0x0) (async, rerun: 32) r7 = syz_init_net_socket$bt_l2cap(0x1f, 0x1, 0x3) (rerun: 32) recvmsg(r7, &(0x7f0000001a40)={0x0, 0x0, &(0x7f0000001880)}, 0x2) (async) connect$packet(r7, &(0x7f0000000200)={0x1f, 0x2, 0x0, 0x1, 0x82, 0x6, @random="a6a636d74bf9"}, 0x14) (async) shutdown(r7, 0x1) (async, rerun: 32) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb80393884d01a507, 0x4008032, 0xffffffffffffffff, 0x0) (async, rerun: 32) ioctl$UFFDIO_API(r0, 0xc018aa3f, 0x0) (async) socket$inet_udp(0x2, 0x2, 0x0) (async, rerun: 64) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x1}) (async, rerun: 64) fgetxattr(r3, &(0x7f00000002c0)=@random={'trusted.', '\x00'}, &(0x7f0000000300)=""/48, 0x30) (async) mremap(&(0x7f0000b77000/0x4000)=nil, 0x4000, 0x800000, 0x3, &(0x7f0000130000/0x800000)=nil) (async) fanotify_init(0x40, 0x40000) (async) syz_usb_connect$uac1(0x0, 0xa4, &(0x7f0000000180)=ANY=[@ANYRESHEX, @ANYRES8=r2, @ANYRESDEC=r1], 0x0) 746.82951ms ago: executing program 3 (id=2282): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=@newsa={0x16c, 0x10, 0x713, 0x0, 0x24dfdbfe, {{@in=@rand_addr=0x64010101, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x0, 0x0, 0x4e21, 0x2, 0x2, 0x0, 0x0, 0x1d}, {@in6=@private1, 0xfe, 0x32}, @in6=@empty, {0x0, 0x0, 0xfffffffffffffffd, 0x8, 0x0, 0x9, 0x0, 0x543}, {0x4, 0x7fffffffffffffff}, {0x2}, 0x70bd2c, 0x34fe, 0xa, 0x4, 0x0, 0x50}, [@encap={0x1c, 0x4, {0x0, 0x4e24, 0x4e20, @in6=@dev={0xfe, 0x80, '\x00', 0x2d}}}, @algo_aead={0x60, 0x12, {{'rfc4106(gcm(aes))\x00'}, 0xa0, 0x60, "210466d38547aa140db9a200000000c538c7cb7a"}}]}, 0x16c}, 0x1, 0x11000000, 0x0, 0x880}, 0x0) 687.049882ms ago: executing program 3 (id=2283): r0 = socket(0x2, 0x80805, 0x0) sendmmsg$inet(r0, &(0x7f00000054c0)=[{{&(0x7f00000000c0)={0x2, 0x4e22, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x10, &(0x7f0000000440)=[{&(0x7f0000000180)="fd", 0x1}], 0x1}}, {{&(0x7f0000001180)={0x2, 0x4e24, @rand_addr=0x64010100}, 0x10, &(0x7f0000000940)=[{&(0x7f0000000280)="81", 0x1}], 0x1}, 0xdc050000}, {{&(0x7f0000000040)={0x2, 0x4e22, @remote}, 0x10, &(0x7f00000022c0)=[{&(0x7f0000000ac0)="83", 0x1}], 0x1}}], 0x3, 0x4000001) 586.527152ms ago: executing program 3 (id=2284): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000080)=ANY=[], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000001a80)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = syz_open_dev$char_usb(0xc, 0xb4, 0x10000000000) ioctl$FS_IOC_GETVERSION(r1, 0x40045b17, 0x0) 385.137931ms ago: executing program 1 (id=2285): r0 = socket$netlink(0x10, 0x3, 0x8000000004) writev(r0, &(0x7f0000000280)=[{&(0x7f00000005c0)="580000001400192340834b80040d8c560a06ffffff7f000000010000000058000b480400945f64009400050038925a01000000800000008004000000ff0109000ffffff5dd0000000800030006010000418e01400004fcff", 0x58}], 0x1) 325.730565ms ago: executing program 1 (id=2286): r0 = syz_open_dev$sndctrl(&(0x7f0000000080), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r0, 0xc0045516, &(0x7f0000000000)=0x3) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r0, 0xc1105517, &(0x7f0000000340)={{0xfffffffe, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x6, 0x2, 0x4, 0x0, 0x0, 0x0, 'syz1\x00', 0x0}) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r0, 0xc1105518, &(0x7f0000000c40)={{0x0, 0x0, 0x0, 0x0, 'syz0\x00'}, 0x0, [0x0, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x429, 0x0, 0xfffffffffffffffc, 0x0, 0x80000, 0x0, 0x4, 0x0, 0x0, 0x0, 0x5, 0x2, 0x7, 0x2000000000000000, 0x7, 0x7ff, 0xfffffffe, 0x0, 0x40, 0x0, 0x0, 0x100000001, 0x0, 0xfffffffffffffffc, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffff9, 0x100000000000000, 0x6, 0x0, 0x2, 0x0, 0x0, 0xfffffffffffffffd, 0x50b, 0x0, 0x0, 0x3, 0x0, 0x3, 0x0, 0x0, 0xfffffffffffffffe, 0x2080000000000000, 0x0, 0x4, 0x20000, 0x0, 0x40, 0xfffffffffffffffc, 0x0, 0x0, 0xffffffffffffffff, 0xfffffffffffffffa, 0x5, 0x401, 0x0, 0x8000000000000000, 0x0, 0x0, 0x0, 0x400000000000, 0x3, 0x1, 0xfffffffffffffffc, 0x0, 0x0, 0x0, 0x0, 0x2000000, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3, 0x0, 0x10, 0x0, 0x0, 0x0, 0xfffffffffffffff9, 0xfffffffffffffffc, 0xffffffff, 0x3, 0x6, 0x0, 0xfffffffffffffffc, 0x80000000000000, 0xfffffffc, 0x1, 0x8, 0x200, 0x5, 0x3, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0xfffffffffffffffd, 0x4, 0x0, 0x0, 0x0, 0x80000000, 0x0, 0x0, 0x0, 0xde4, 0xffffffffffffff77, 0x0, 0x100000003]}) 221.58108ms ago: executing program 1 (id=2287): r0 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r0) (async) r1 = syz_genetlink_get_family_id$tipc(&(0x7f0000000140), r0) r2 = msgget(0x3, 0x240) msgrcv(r2, 0x0, 0x0, 0x3, 0x1000) msgsnd(0x0, &(0x7f0000000880)={0x3}, 0x8, 0x800) msgrcv(r2, 0x0, 0x0, 0x0, 0x3000) (async) msgrcv(r2, 0x0, 0x0, 0x0, 0x3000) msgsnd(r2, &(0x7f00000008c0)={0x2}, 0x8, 0x800) (async) msgsnd(r2, &(0x7f00000008c0)={0x2}, 0x8, 0x800) r3 = socket$tipc(0x1e, 0x2, 0x0) bind$tipc(r3, &(0x7f0000000100)=@name={0x1e, 0x2, 0x0, {{0x42}}}, 0x10) socket$tipc(0x1e, 0x2, 0x0) (async) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) sendmsg$TIPC_CMD_SHOW_NAME_TABLE(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000040)={0x30, r1, 0x1, 0xfffffffc, 0x40000000, {{}, {}, {0x14, 0x19, {0x1, 0x1, 0x0, 0x6472333b}}}}, 0x30}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000040) 121.080948ms ago: executing program 1 (id=2288): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000001d40)=[{&(0x7f0000000100)=ANY=[@ANYBLOB="2c00000010008100000000000080000000ffffff", @ANYRES32=0x0, @ANYBLOB="1f043cbf", @ANYRES32, @ANYBLOB="0a001b"], 0x2c}], 0x1, 0x0, 0x0, 0x4}, 0x0) 0s ago: executing program 1 (id=2289): r0 = openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r3, 0x8933, &(0x7f00000003c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_CHANNEL_SWITCH(r3, &(0x7f0000000200)={0x0, 0x300, &(0x7f00000001c0)={&(0x7f0000000400)=ANY=[@ANYBLOB=',\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="010008020000001800006600000008000300", @ANYRES32=r4, @ANYBLOB="08002600940900000800b7"], 0x2c}, 0x1, 0x0, 0x0, 0x4000000}, 0x0) r5 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) r7 = dup2(r6, r0) read$FUSE(r7, 0x0, 0x0) syz_emit_vhci(&(0x7f00000000c0)=ANY=[@ANYBLOB="0413a6c9"], 0x14) kernel console output (not intermixed with test programs): r write failed [ 525.945792][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 525.952158][ T9] gspca_stk1135: Sensor read failed [ 525.957818][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 525.964337][ T9] gspca_stk1135: Sensor read failed [ 525.969846][ T9] gspca_stk1135: Detected sensor type unknown (0x0) [ 525.976554][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 525.983477][ T9] gspca_stk1135: Sensor read failed [ 525.989217][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 526.001096][ T9] gspca_stk1135: Sensor read failed [ 526.006837][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 526.013246][ T9] gspca_stk1135: Sensor write failed [ 526.020499][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 526.027243][ T9] gspca_stk1135: Sensor write failed [ 526.032707][ T9] stk1135 3-1:0.255: probe with driver stk1135 failed with error -71 [ 526.044102][ T9] usb 3-1: USB disconnect, device number 62 [ 526.045196][ T980] usb 1-1: new high-speed USB device number 94 using dummy_hcd [ 526.185218][ T980] usb 1-1: device descriptor read/64, error -71 [ 526.295570][ T980] usb usb1-port1: attempt power cycle [ 526.334171][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 526.345345][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 526.536632][T11358] netlink: 'syz.2.1981': attribute type 27 has an invalid length. [ 526.556937][T11358] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 526.635413][ T980] usb 1-1: new high-speed USB device number 95 using dummy_hcd [ 526.666300][ T980] usb 1-1: device descriptor read/8, error -71 [ 526.917305][ T980] usb 1-1: new high-speed USB device number 96 using dummy_hcd [ 526.931402][ T5831] Bluetooth: hci2: Malformed Event: 0x13 [ 526.945880][ T980] usb 1-1: device descriptor read/8, error -71 [ 527.055791][ T980] usb usb1-port1: unable to enumerate USB device [ 527.187781][T11389] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1991'. [ 527.577145][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 527.588098][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -32 [ 527.599663][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32 [ 527.609695][ T5939] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -32 [ 527.621605][ T5939] usb 2-1: USB disconnect, device number 79 [ 528.163840][T11399] hpfs: Bad magic ... probably not HPFS [ 528.165255][ T980] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 528.347316][ T980] usb 3-1: Using ep0 maxpacket: 8 [ 528.358992][ T980] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 528.369160][ T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 528.378699][ T980] usb 3-1: Product: syz [ 528.383004][ T980] usb 3-1: Manufacturer: syz [ 528.387714][ T980] usb 3-1: SerialNumber: syz [ 528.407736][ T980] usb 3-1: config 0 descriptor?? [ 528.630880][ T980] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 528.640979][T11395] loop0: Can't mount, would change RO state [ 528.685215][ T5939] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 528.836804][ T5939] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 528.846705][ T5939] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 528.860737][ T5939] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 528.869959][ T5939] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 528.875443][ T9839] usb 1-1: new high-speed USB device number 97 using dummy_hcd [ 528.884838][ T5939] usb 2-1: config 0 descriptor?? [ 529.055162][ T9839] usb 1-1: Using ep0 maxpacket: 16 [ 529.062762][ T9839] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 529.073285][ T9839] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 529.084279][ T9839] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 529.095131][ T9839] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 529.104855][ T9839] usb 1-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 529.109876][ T5939] kovaplus 0003:1E7D:2D50.0018: unknown main item tag 0x0 [ 529.129241][ T9839] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 529.132047][ T5939] kovaplus 0003:1E7D:2D50.0018: unknown main item tag 0x0 [ 529.139189][ T9839] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 529.145989][ T5939] kovaplus 0003:1E7D:2D50.0018: unknown main item tag 0x0 [ 529.154104][ T9839] usb 1-1: Manufacturer: syz [ 529.161497][ T5939] kovaplus 0003:1E7D:2D50.0018: unknown main item tag 0x0 [ 529.173609][ T5939] kovaplus 0003:1E7D:2D50.0018: unknown main item tag 0x0 [ 529.180921][ T9839] usb 1-1: config 0 descriptor?? [ 529.184120][ T5939] kovaplus 0003:1E7D:2D50.0018: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.1-1/input0 [ 529.295639][T11410] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 529.305004][T11410] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 529.369560][T11411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 529.378775][T11411] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 529.414124][ T5939] kovaplus 0003:1E7D:2D50.0018: couldn't init struct kovaplus_device [ 529.435911][ T5939] kovaplus 0003:1E7D:2D50.0018: couldn't install mouse [ 529.450041][ T5939] kovaplus 0003:1E7D:2D50.0018: probe with driver kovaplus failed with error -71 [ 529.485738][ T5939] usb 2-1: USB disconnect, device number 80 [ 529.494662][ T980] usb 3-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 529.510458][ T980] dvbdev: DVB: registering new adapter (TerraTec NOXON DAB Stick) [ 529.522267][ T9839] rc_core: IR keymap rc-hauppauge not found [ 529.533146][ T9839] Registered IR keymap rc-empty [ 529.538908][ T980] usb 3-1: media controller created [ 529.544703][ T9839] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 529.563090][ T980] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 529.585461][ T9839] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 529.606562][ T9839] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 529.629179][ T9839] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input28 [ 529.643467][ T980] i2c i2c-1: Added multiplexed i2c bus 2 [ 529.649411][ T980] rtl2830 1-0010: Realtek RTL2830 successfully attached [ 529.660555][ T980] usb 3-1: DVB: registering adapter 1 frontend 0 (Realtek RTL2830 (DVB-T))... [ 529.670789][ T9839] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 529.679626][ T980] dvbdev: dvb_create_media_entity: media entity 'Realtek RTL2830 (DVB-T)' registered. [ 529.695354][ T9839] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 529.725437][ T9839] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 529.732792][ T980] DVB: Unable to find symbol mxl5005s_attach() [ 529.765562][ T9839] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 529.784385][ T980] usb 3-1: USB disconnect, device number 63 [ 529.795190][ T9839] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 529.835682][ T9839] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 529.836073][ T5939] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 529.857259][ T9839] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 529.875521][ T9839] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 529.895395][ T9839] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 529.925864][ T9839] mceusb 1-1:0.0: Error: mce write submit urb error = -90 [ 529.947056][ T9839] mceusb 1-1:0.0: Registered 鵣뙊쑡 with mce emulator interface version 1 [ 529.956857][ T9839] mceusb 1-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 529.972619][ T9839] usb 1-1: USB disconnect, device number 97 [ 530.005281][ T5939] usb 2-1: Using ep0 maxpacket: 32 [ 530.026989][ T5939] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 530.040988][ T5939] usb 2-1: config 0 has no interface number 0 [ 530.064624][ T5939] usb 2-1: config 0 interface 184 has no altsetting 0 [ 530.075324][ T5939] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 530.084743][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.093377][ T5939] usb 2-1: Product: syz [ 530.099743][ T5939] usb 2-1: Manufacturer: syz [ 530.104492][ T5939] usb 2-1: SerialNumber: syz [ 530.116841][ T5939] usb 2-1: config 0 descriptor?? [ 530.126599][ T5939] smsc75xx v1.0.0 [ 530.190909][T11430] netlink: 9 bytes leftover after parsing attributes in process `syz.2.2007'. [ 530.200325][T11430] 0: renamed from hsr0 (while UP) [ 530.211296][T11430] 0: entered allmulticast mode [ 530.218154][T11430] hsr_slave_0: entered allmulticast mode [ 530.223965][T11430] hsr_slave_1: entered allmulticast mode [ 530.230210][T11430] A link change request failed with some changes committed already. Interface 70 may have been left with an inconsistent configuration, please check. [ 530.740383][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 530.745140][ T9839] usb 1-1: new high-speed USB device number 98 using dummy_hcd [ 530.751505][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 530.905147][ T9839] usb 1-1: Using ep0 maxpacket: 32 [ 530.912148][ T9839] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 530.920690][ T9839] usb 1-1: config 0 has no interface number 0 [ 530.927380][ T9839] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 530.940388][ T9839] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 530.954144][ T9839] usb 1-1: config 0 interface 255 has no altsetting 0 [ 530.963702][ T9839] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 530.972905][ T9839] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 530.981480][ T9839] usb 1-1: Product: syz [ 530.985824][ T9839] usb 1-1: Manufacturer: syz [ 530.990555][ T9839] usb 1-1: SerialNumber: syz [ 530.998591][ T9839] usb 1-1: config 0 descriptor?? [ 531.217909][ T9839] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 531.628411][ T9839] gspca_stk1135: reg_w 0x3 err -71 [ 531.646173][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 531.654249][ T9839] gspca_stk1135: Sensor write failed [ 531.659798][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 531.666289][ T9839] gspca_stk1135: Sensor write failed [ 531.671624][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 531.679247][ T9839] gspca_stk1135: Sensor read failed [ 531.684676][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 531.695107][ T9839] gspca_stk1135: Sensor read failed [ 531.700697][ T9839] gspca_stk1135: Detected sensor type unknown (0x0) [ 531.722769][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 531.729275][ T9839] gspca_stk1135: Sensor read failed [ 531.734520][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 531.741022][ T9839] gspca_stk1135: Sensor read failed [ 531.749143][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 531.757386][ T9839] gspca_stk1135: Sensor write failed [ 531.762822][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 531.769314][ T9839] gspca_stk1135: Sensor write failed [ 531.777242][ T9839] stk1135 1-1:0.255: probe with driver stk1135 failed with error -71 [ 531.788933][ T9839] usb 1-1: USB disconnect, device number 98 [ 531.917158][T11451] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2014'. [ 531.979618][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -61 [ 531.990712][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -61 [ 532.002738][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 532.012733][ T5939] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -61 [ 532.175172][ T9839] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 532.197217][ T1284] Bluetooth: Error in BCSP hdr checksum [ 532.204310][ T5939] usb 2-1: USB disconnect, device number 81 [ 532.315268][ T9839] usb 3-1: device descriptor read/64, error -71 [ 532.455450][ T1284] Bluetooth: Error in BCSP hdr checksum [ 532.565134][ T9839] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 532.705111][ T9839] usb 3-1: device descriptor read/64, error -71 [ 532.717323][ T50] Bluetooth: Error in BCSP hdr checksum [ 532.811303][T11461] Bluetooth: MGMT ver 1.23 [ 532.817236][ T9839] usb usb3-port1: attempt power cycle [ 532.975802][ T1284] Bluetooth: Error in BCSP hdr checksum [ 533.025140][ T5939] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 533.155194][ T9839] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 533.175161][ T5939] usb 2-1: Using ep0 maxpacket: 32 [ 533.175894][ T9839] usb 3-1: device descriptor read/8, error -71 [ 533.182256][ T5939] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 533.196640][ T5939] usb 2-1: config 0 has no interface number 0 [ 533.203040][ T5939] usb 2-1: config 0 interface 184 has no altsetting 0 [ 533.205177][ T980] usb 1-1: new high-speed USB device number 99 using dummy_hcd [ 533.212888][ T5939] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 533.227011][ T5939] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 533.235162][ T5939] usb 2-1: Product: syz [ 533.241094][ T5939] usb 2-1: Manufacturer: syz [ 533.241113][ T36] Bluetooth: Error in BCSP hdr checksum [ 533.245882][ T5939] usb 2-1: SerialNumber: syz [ 533.257552][ T5939] usb 2-1: config 0 descriptor?? [ 533.265485][ T5939] smsc75xx v1.0.0 [ 533.365200][ T980] usb 1-1: Using ep0 maxpacket: 32 [ 533.386620][ T980] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 533.398885][ T980] usb 1-1: config 0 has no interface number 0 [ 533.405419][ T980] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 533.416711][ T980] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 533.430220][ T980] usb 1-1: config 0 interface 255 has no altsetting 0 [ 533.437270][ T9839] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 533.457576][ T980] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 533.467528][ T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 533.475853][ T9839] usb 3-1: device descriptor read/8, error -71 [ 533.482072][ T980] usb 1-1: Product: syz [ 533.486582][ T980] usb 1-1: Manufacturer: syz [ 533.493185][ T980] usb 1-1: SerialNumber: syz [ 533.505610][ T36] Bluetooth: Error in BCSP hdr checksum [ 533.511901][ T980] usb 1-1: config 0 descriptor?? [ 533.581066][T11473] netlink: 4356 bytes leftover after parsing attributes in process `syz.3.2024'. [ 533.585693][ T9839] usb usb3-port1: unable to enumerate USB device [ 533.590569][T11473] netlink: 4356 bytes leftover after parsing attributes in process `syz.3.2024'. [ 533.619262][ T5829] Bluetooth: hci2: SCO packet for unknown connection handle 200 [ 533.741095][ T980] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 533.779256][ T36] Bluetooth: Error in BCSP hdr checksum [ 533.874131][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 533.885640][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 534.005205][ T5831] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 534.005449][ T5829] Bluetooth: hci4: command 0x1003 tx timeout [ 534.046616][ T6111] Bluetooth: Error in BCSP hdr checksum [ 534.140241][T11490] FAULT_INJECTION: forcing a failure. [ 534.140241][T11490] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 534.154132][T11490] CPU: 1 UID: 0 PID: 11490 Comm: syz.3.2026 Not tainted syzkaller #0 PREEMPT(full) [ 534.154158][T11490] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 534.154169][T11490] Call Trace: [ 534.154179][T11490] [ 534.154187][T11490] dump_stack_lvl+0x189/0x250 [ 534.154218][T11490] ? __pfx____ratelimit+0x10/0x10 [ 534.154241][T11490] ? __pfx_dump_stack_lvl+0x10/0x10 [ 534.154260][T11490] ? __pfx__printk+0x10/0x10 [ 534.154273][T11490] ? fs_reclaim_acquire+0x7d/0x100 [ 534.154291][T11490] should_fail_ex+0x414/0x560 [ 534.154309][T11490] prepare_alloc_pages+0x22b/0x650 [ 534.154334][T11490] __alloc_frozen_pages_noprof+0x123/0x370 [ 534.154356][T11490] ? is_bpf_text_address+0x26/0x2b0 [ 534.154379][T11490] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 534.154408][T11490] ? policy_nodemask+0x27c/0x720 [ 534.154427][T11490] alloc_pages_mpol+0x232/0x4a0 [ 534.154444][T11490] alloc_pages_noprof+0xa9/0x190 [ 534.154458][T11490] __pud_alloc+0x3a/0x470 [ 534.154483][T11490] handle_mm_fault+0x1f5a/0x32a0 [ 534.154509][T11490] ? __pfx_mt_find+0x10/0x10 [ 534.154525][T11490] ? handle_mm_fault+0xdb/0x32a0 [ 534.154550][T11490] ? __pfx_handle_mm_fault+0x10/0x10 [ 534.154577][T11490] ? lock_mm_and_find_vma+0x9c/0x300 [ 534.154592][T11490] do_user_addr_fault+0x764/0x1380 [ 534.154610][T11490] exc_page_fault+0x82/0x100 [ 534.154628][T11490] asm_exc_page_fault+0x26/0x30 [ 534.154648][T11490] RIP: 0010:__put_user_4+0xd/0x20 [ 534.154663][T11490] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 534.154677][T11490] RSP: 0018:ffffc90003bdfcb8 EFLAGS: 00050202 [ 534.154693][T11490] RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000200000000080 [ 534.154705][T11490] RDX: 0000000000000000 RSI: ffffffff8dc71e5c RDI: ffffffff8be111e0 [ 534.154715][T11490] RBP: ffffc90003bdfe58 R08: 0000000000000000 R09: ffffffff820eec00 [ 534.154724][T11490] R10: dffffc0000000000 R11: fffffbfff1c3a744 R12: fffffbfff33f47c6 [ 534.154733][T11490] R13: 0000000000000050 R14: 0000200000000080 R15: 0000000000000001 [ 534.154743][T11490] ? __might_fault+0xb0/0x130 [ 534.154758][T11490] vt_ioctl+0x181b/0x1f20 [ 534.154775][T11490] ? __pfx_vt_ioctl+0x10/0x10 [ 534.154805][T11490] ? __fget_files+0x2a/0x420 [ 534.154826][T11490] ? tty_jobctrl_ioctl+0x369/0xb70 [ 534.154844][T11490] ? __fget_files+0x3a0/0x420 [ 534.154859][T11490] ? __fget_files+0x2a/0x420 [ 534.154875][T11490] tty_ioctl+0x929/0xde0 [ 534.154890][T11490] ? __pfx_tty_ioctl+0x10/0x10 [ 534.154903][T11490] __se_sys_ioctl+0xfc/0x170 [ 534.154918][T11490] do_syscall_64+0xfa/0xfa0 [ 534.154929][T11490] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 534.154943][T11490] ? clear_bhb_loop+0x60/0xb0 [ 534.154962][T11490] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 534.154977][T11490] RIP: 0033:0x7f5dfcf8f6c9 [ 534.154990][T11490] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 534.155002][T11490] RSP: 002b:00007f5dfddc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 534.155017][T11490] RAX: ffffffffffffffda RBX: 00007f5dfd1e5fa0 RCX: 00007f5dfcf8f6c9 [ 534.155028][T11490] RDX: 0000200000000080 RSI: 0000000000005600 RDI: 0000000000000003 [ 534.155038][T11490] RBP: 00007f5dfddc1090 R08: 0000000000000000 R09: 0000000000000000 [ 534.155048][T11490] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 534.155056][T11490] R13: 00007f5dfd1e6038 R14: 00007f5dfd1e5fa0 R15: 00007ffdd14554b8 [ 534.155080][T11490] [ 534.521240][ T6111] Bluetooth: Error in BCSP hdr checksum [ 534.537314][ T980] gspca_stk1135: reg_w 0x3 err -110 [ 534.543836][ T980] gspca_stk1135: serial bus timeout: status=0x00 [ 534.551754][ T980] gspca_stk1135: Sensor write failed [ 534.557545][ T980] gspca_stk1135: serial bus timeout: status=0x00 [ 534.564130][ T980] gspca_stk1135: Sensor write failed [ 534.570562][ T980] gspca_stk1135: serial bus timeout: status=0x00 [ 534.577404][ T980] gspca_stk1135: Sensor read failed [ 534.582662][ T980] gspca_stk1135: serial bus timeout: status=0x00 [ 534.589698][ T980] gspca_stk1135: Sensor read failed [ 534.595540][ T980] gspca_stk1135: Detected sensor type unknown (0x0) [ 534.595582][ T980] gspca_stk1135: serial bus timeout: status=0x00 [ 534.595900][ T980] gspca_stk1135: Sensor read failed [ 534.595929][ T980] gspca_stk1135: serial bus timeout: status=0x00 [ 534.595942][ T980] gspca_stk1135: Sensor read failed [ 534.595970][ T980] gspca_stk1135: serial bus timeout: status=0x00 [ 534.595981][ T980] gspca_stk1135: Sensor write failed [ 534.596008][ T980] gspca_stk1135: serial bus timeout: status=0x00 [ 534.596020][ T980] gspca_stk1135: Sensor write failed [ 534.596101][ T980] stk1135 1-1:0.255: probe with driver stk1135 failed with error -110 [ 534.738483][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -32 [ 534.753808][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -32 [ 534.764679][ T5939] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -32 [ 534.776474][ T5939] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -32 [ 534.794235][ T50] Bluetooth: Error in BCSP hdr checksum [ 535.066659][T11515] netlink: 40 bytes leftover after parsing attributes in process `syz.3.2033'. [ 535.144034][T11519] netlink: 16 bytes leftover after parsing attributes in process `syz.3.2035'. [ 535.153864][T11519] netlink: 'syz.3.2035': attribute type 10 has an invalid length. [ 535.162248][T11519] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 535.182677][T11519] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 535.196457][T11519] bond0: (slave batadv_slave_0): Enslaving as an active interface with an up link [ 535.295253][ T5939] usb 3-1: new full-speed USB device number 68 using dummy_hcd [ 535.456986][ T5939] usb 3-1: config 0 has an invalid interface number: 2 but max is 0 [ 535.465374][ T5939] usb 3-1: config 0 has no interface number 0 [ 535.472040][ T5939] usb 3-1: config 0 interface 2 altsetting 2 endpoint 0x6 has invalid maxpacket 512, setting to 64 [ 535.482897][ T5939] usb 3-1: config 0 interface 2 altsetting 2 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 535.494340][ T5939] usb 3-1: config 0 interface 2 altsetting 2 endpoint 0x82 has invalid maxpacket 192, setting to 64 [ 535.505580][ T5939] usb 3-1: config 0 interface 2 has no altsetting 0 [ 535.514892][ T5939] usb 3-1: New USB device found, idVendor=086a, idProduct=0003, bcdDevice=f7.3f [ 535.524844][ T5939] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 535.533133][ T5939] usb 3-1: Product: syz [ 535.537433][ T5939] usb 3-1: Manufacturer: syz [ 535.543816][ T5939] usb 3-1: SerialNumber: syz [ 535.553407][ T5939] usb 3-1: config 0 descriptor?? [ 535.565421][T11513] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 535.573046][T11513] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 535.783558][ T5939] usb 3-1: Quirk or no altset; falling back to MIDI 1.0 [ 535.822444][T10888] Bluetooth: hci2: Malformed Event: 0x13 [ 535.847012][ T980] usb 2-1: USB disconnect, device number 82 [ 536.045820][ T45] usb 1-1: USB disconnect, device number 99 [ 536.113231][T11533] netlink: 'syz.0.2040': attribute type 27 has an invalid length. [ 536.166296][T11533] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 536.299865][T11542] FAULT_INJECTION: forcing a failure. [ 536.299865][T11542] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 536.313600][T11542] CPU: 0 UID: 0 PID: 11542 Comm: syz.0.2043 Not tainted syzkaller #0 PREEMPT(full) [ 536.313630][T11542] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 536.313643][T11542] Call Trace: [ 536.313653][T11542] [ 536.313663][T11542] dump_stack_lvl+0x189/0x250 [ 536.313695][T11542] ? __pfx____ratelimit+0x10/0x10 [ 536.313727][T11542] ? __pfx_dump_stack_lvl+0x10/0x10 [ 536.313753][T11542] ? __pfx__printk+0x10/0x10 [ 536.313790][T11542] ? fs_reclaim_acquire+0x7d/0x100 [ 536.313829][T11542] should_fail_ex+0x414/0x560 [ 536.313866][T11542] prepare_alloc_pages+0x22b/0x650 [ 536.313906][T11542] __alloc_frozen_pages_noprof+0x123/0x370 [ 536.313942][T11542] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 536.313972][T11542] ? __lock_acquire+0xab9/0xd20 [ 536.314014][T11542] alloc_pages_mpol+0x232/0x4a0 [ 536.314053][T11542] alloc_pages_noprof+0xa9/0x190 [ 536.314086][T11542] __pmd_alloc+0x3a/0x5d0 [ 536.314119][T11542] handle_mm_fault+0xe54/0x32a0 [ 536.314160][T11542] ? handle_mm_fault+0xdb/0x32a0 [ 536.314195][T11542] ? __pfx_handle_mm_fault+0x10/0x10 [ 536.314245][T11542] ? lock_mm_and_find_vma+0x9c/0x300 [ 536.314277][T11542] do_user_addr_fault+0x764/0x1380 [ 536.314317][T11542] exc_page_fault+0x82/0x100 [ 536.314354][T11542] asm_exc_page_fault+0x26/0x30 [ 536.314374][T11542] RIP: 0010:__put_user_4+0xd/0x20 [ 536.314394][T11542] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 536.314413][T11542] RSP: 0018:ffffc90003577cb8 EFLAGS: 00050202 [ 536.314434][T11542] RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000200000000080 [ 536.314449][T11542] RDX: 0000000000000000 RSI: ffffffff8dc71e5c RDI: ffffffff8be111e0 [ 536.314463][T11542] RBP: ffffc90003577e58 R08: 0000000000000000 R09: ffffffff820eec00 [ 536.314478][T11542] R10: dffffc0000000000 R11: fffffbfff1c3a744 R12: fffffbfff33f47c6 [ 536.314493][T11542] R13: 0000000000000050 R14: 0000200000000080 R15: 0000000000000001 [ 536.314520][T11542] ? __might_fault+0xb0/0x130 [ 536.314556][T11542] vt_ioctl+0x181b/0x1f20 [ 536.314591][T11542] ? __pfx_vt_ioctl+0x10/0x10 [ 536.314637][T11542] ? __fget_files+0x2a/0x420 [ 536.314665][T11542] ? tty_jobctrl_ioctl+0x369/0xb70 [ 536.314690][T11542] ? __fget_files+0x3a0/0x420 [ 536.314712][T11542] ? __fget_files+0x2a/0x420 [ 536.314739][T11542] tty_ioctl+0x929/0xde0 [ 536.314784][T11542] ? __pfx_tty_ioctl+0x10/0x10 [ 536.314814][T11542] __se_sys_ioctl+0xfc/0x170 [ 536.314849][T11542] do_syscall_64+0xfa/0xfa0 [ 536.314871][T11542] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.314891][T11542] ? clear_bhb_loop+0x60/0xb0 [ 536.314917][T11542] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 536.314938][T11542] RIP: 0033:0x7f034d18f6c9 [ 536.314956][T11542] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 536.314974][T11542] RSP: 002b:00007f034df65038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 536.314995][T11542] RAX: ffffffffffffffda RBX: 00007f034d3e5fa0 RCX: 00007f034d18f6c9 [ 536.315010][T11542] RDX: 0000200000000080 RSI: 0000000000005600 RDI: 0000000000000003 [ 536.315022][T11542] RBP: 00007f034df65090 R08: 0000000000000000 R09: 0000000000000000 [ 536.315034][T11542] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 536.315046][T11542] R13: 00007f034d3e6038 R14: 00007f034d3e5fa0 R15: 00007ffd79741a48 [ 536.315079][T11542] [ 537.896876][T11564] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2051'. [ 537.906815][T11564] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2051'. [ 537.918669][T11564] netlink: 28 bytes leftover after parsing attributes in process `syz.0.2051'. [ 538.079818][ T45] usb 3-1: USB disconnect, device number 68 [ 538.293108][T11574] virt_wifi0 speed is unknown, defaulting to 1000 [ 538.675269][ T45] usb 1-1: new high-speed USB device number 100 using dummy_hcd [ 538.765241][ T9839] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 538.835162][ T45] usb 1-1: Using ep0 maxpacket: 32 [ 538.842262][ T45] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 538.850686][ T45] usb 1-1: config 0 has no interface number 0 [ 538.856907][ T45] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 538.868274][ T45] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 538.881791][ T45] usb 1-1: config 0 interface 255 has no altsetting 0 [ 538.891855][ T45] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 538.901348][ T45] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 538.909688][ T45] usb 1-1: Product: syz [ 538.914041][ T45] usb 1-1: Manufacturer: syz [ 538.920182][ T45] usb 1-1: SerialNumber: syz [ 538.926908][ T9839] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 538.937828][ T9839] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 538.951986][ T45] usb 1-1: config 0 descriptor?? [ 538.957615][T11486] Bluetooth: hci4: command 0x1003 tx timeout [ 538.957882][T10888] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 538.971507][ T9839] usb 3-1: New USB device found, idVendor=0810, idProduct=0002, bcdDevice= 0.00 [ 538.988683][ T9839] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 539.010068][ T9839] usb 3-1: config 0 descriptor?? [ 539.028006][ T9839] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 539.050038][T11586] netlink: 4356 bytes leftover after parsing attributes in process `syz.1.2059'. [ 539.059705][T11586] netlink: 4356 bytes leftover after parsing attributes in process `syz.1.2059'. [ 539.176195][T11582] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 539.186782][T11582] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 539.199906][ T45] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 539.243621][T11589] FAULT_INJECTION: forcing a failure. [ 539.243621][T11589] name failslab, interval 1, probability 0, space 0, times 0 [ 539.258186][T11589] CPU: 0 UID: 0 PID: 11589 Comm: syz.1.2060 Not tainted syzkaller #0 PREEMPT(full) [ 539.258210][T11589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 539.258219][T11589] Call Trace: [ 539.258226][T11589] [ 539.258232][T11589] dump_stack_lvl+0x189/0x250 [ 539.258255][T11589] ? __pfx____ratelimit+0x10/0x10 [ 539.258269][T11589] ? __pfx_dump_stack_lvl+0x10/0x10 [ 539.258281][T11589] ? __pfx__printk+0x10/0x10 [ 539.258295][T11589] ? __pfx___might_resched+0x10/0x10 [ 539.258307][T11589] ? fs_reclaim_acquire+0x7d/0x100 [ 539.258332][T11589] should_fail_ex+0x414/0x560 [ 539.258358][T11589] should_failslab+0xa8/0x100 [ 539.258382][T11589] kmem_cache_alloc_noprof+0x88/0x700 [ 539.258399][T11589] ? set_page_refcounted+0xa0/0x1e0 [ 539.258420][T11589] ? __pmd_alloc+0xc2/0x5d0 [ 539.258433][T11589] __pmd_alloc+0xc2/0x5d0 [ 539.258446][T11589] handle_mm_fault+0xe54/0x32a0 [ 539.258467][T11589] ? handle_mm_fault+0xdb/0x32a0 [ 539.258493][T11589] ? __pfx_handle_mm_fault+0x10/0x10 [ 539.258528][T11589] ? lock_mm_and_find_vma+0x9c/0x300 [ 539.258549][T11589] do_user_addr_fault+0x764/0x1380 [ 539.258569][T11589] exc_page_fault+0x82/0x100 [ 539.258585][T11589] asm_exc_page_fault+0x26/0x30 [ 539.258594][T11589] RIP: 0010:__put_user_4+0xd/0x20 [ 539.258604][T11589] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 539.258614][T11589] RSP: 0018:ffffc90003c5fcb8 EFLAGS: 00050202 [ 539.258629][T11589] RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000200000000080 [ 539.258641][T11589] RDX: 0000000000000000 RSI: ffffffff8dc71e5c RDI: ffffffff8be111e0 [ 539.258652][T11589] RBP: ffffc90003c5fe58 R08: 0000000000000000 R09: ffffffff820eec00 [ 539.258662][T11589] R10: dffffc0000000000 R11: fffffbfff1c3a744 R12: fffffbfff33f47c6 [ 539.258672][T11589] R13: 0000000000000050 R14: 0000200000000080 R15: 0000000000000001 [ 539.258688][T11589] ? __might_fault+0xb0/0x130 [ 539.258709][T11589] vt_ioctl+0x181b/0x1f20 [ 539.258724][T11589] ? __pfx_vt_ioctl+0x10/0x10 [ 539.258743][T11589] ? __fget_files+0x2a/0x420 [ 539.258755][T11589] ? tty_jobctrl_ioctl+0x369/0xb70 [ 539.258771][T11589] ? __fget_files+0x3a0/0x420 [ 539.258787][T11589] ? __fget_files+0x2a/0x420 [ 539.258805][T11589] tty_ioctl+0x929/0xde0 [ 539.258827][T11589] ? __pfx_tty_ioctl+0x10/0x10 [ 539.258848][T11589] __se_sys_ioctl+0xfc/0x170 [ 539.258866][T11589] do_syscall_64+0xfa/0xfa0 [ 539.258876][T11589] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.258885][T11589] ? clear_bhb_loop+0x60/0xb0 [ 539.258897][T11589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 539.258905][T11589] RIP: 0033:0x7fdb3158f6c9 [ 539.258916][T11589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 539.258928][T11589] RSP: 002b:00007fdb3237e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 539.258943][T11589] RAX: ffffffffffffffda RBX: 00007fdb317e5fa0 RCX: 00007fdb3158f6c9 [ 539.258954][T11589] RDX: 0000200000000080 RSI: 0000000000005600 RDI: 0000000000000003 [ 539.258964][T11589] RBP: 00007fdb3237e090 R08: 0000000000000000 R09: 0000000000000000 [ 539.258973][T11589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 539.258983][T11589] R13: 00007fdb317e6038 R14: 00007fdb317e5fa0 R15: 00007fffa4c49348 [ 539.259007][T11589] [ 539.702490][T11594] syzkaller1: entered promiscuous mode [ 539.708293][T11594] syzkaller1: entered allmulticast mode [ 539.931959][T11602] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2067'. [ 540.019092][ T45] gspca_stk1135: reg_w 0x7 err -71 [ 540.029709][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 540.036701][ T45] gspca_stk1135: Sensor write failed [ 540.043805][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 540.054981][ T45] gspca_stk1135: Sensor write failed [ 540.060601][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 540.067722][ T45] gspca_stk1135: Sensor read failed [ 540.072962][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 540.079610][ T45] gspca_stk1135: Sensor read failed [ 540.085285][ T45] gspca_stk1135: Detected sensor type unknown (0x0) [ 540.092070][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 540.098960][ T45] gspca_stk1135: Sensor read failed [ 540.104194][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 540.110593][ T45] gspca_stk1135: Sensor read failed [ 540.116107][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 540.122416][ T45] gspca_stk1135: Sensor write failed [ 540.127811][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 540.134152][ T45] gspca_stk1135: Sensor write failed [ 540.139651][ T45] stk1135 1-1:0.255: probe with driver stk1135 failed with error -71 [ 540.151706][ T45] usb 1-1: USB disconnect, device number 100 [ 540.275142][ T9] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 540.425149][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 540.432501][ T9] usb 2-1: config 0 has an invalid interface number: 255 but max is 0 [ 540.440864][ T9] usb 2-1: config 0 has no interface number 0 [ 540.447029][ T9] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 540.460094][ T9] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 540.473688][ T9] usb 2-1: config 0 interface 255 has no altsetting 0 [ 540.482782][ T9] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 540.492318][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 540.500415][ T9] usb 2-1: Product: syz [ 540.504662][ T9] usb 2-1: Manufacturer: syz [ 540.509296][ T9] usb 2-1: SerialNumber: syz [ 540.516128][ T9] usb 2-1: config 0 descriptor?? [ 540.726389][ T9] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 540.845191][ T5939] usb 1-1: new high-speed USB device number 101 using dummy_hcd [ 541.005186][ T5939] usb 1-1: Using ep0 maxpacket: 32 [ 541.012021][ T5939] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 541.020606][ T5939] usb 1-1: config 0 has no interface number 0 [ 541.026984][ T5939] usb 1-1: config 0 interface 184 has no altsetting 0 [ 541.037312][ T5939] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 541.046497][ T5939] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 541.055155][ T5939] usb 1-1: Product: syz [ 541.059348][ T5939] usb 1-1: Manufacturer: syz [ 541.063982][ T5939] usb 1-1: SerialNumber: syz [ 541.073324][ T5939] usb 1-1: config 0 descriptor?? [ 541.083347][ T5939] smsc75xx v1.0.0 [ 541.587673][ T45] usb 3-1: USB disconnect, device number 69 [ 541.670322][T11618] netlink: 'syz.2.2073': attribute type 27 has an invalid length. [ 541.687278][ T5939] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 541.698361][ T5939] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 541.710349][T11618] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 541.821328][T11622] misc userio: Invalid payload size [ 541.960658][T11625] FAULT_INJECTION: forcing a failure. [ 541.960658][T11625] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 541.974516][T11625] CPU: 1 UID: 0 PID: 11625 Comm: syz.2.2076 Not tainted syzkaller #0 PREEMPT(full) [ 541.974545][T11625] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 541.974557][T11625] Call Trace: [ 541.974566][T11625] [ 541.974575][T11625] dump_stack_lvl+0x189/0x250 [ 541.974608][T11625] ? __pfx____ratelimit+0x10/0x10 [ 541.974638][T11625] ? __pfx_dump_stack_lvl+0x10/0x10 [ 541.974663][T11625] ? __pfx__printk+0x10/0x10 [ 541.974689][T11625] ? fs_reclaim_acquire+0x7d/0x100 [ 541.974727][T11625] should_fail_ex+0x414/0x560 [ 541.974764][T11625] prepare_alloc_pages+0x22b/0x650 [ 541.974802][T11625] __alloc_frozen_pages_noprof+0x123/0x370 [ 541.974831][T11625] ? handle_mm_fault+0xe54/0x32a0 [ 541.974857][T11625] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 541.974886][T11625] ? __se_sys_ioctl+0xfc/0x170 [ 541.974927][T11625] ? policy_nodemask+0x27c/0x720 [ 541.974962][T11625] alloc_pages_mpol+0x232/0x4a0 [ 541.974997][T11625] alloc_pages_noprof+0xa9/0x190 [ 541.975034][T11625] pte_alloc_one+0x23/0x370 [ 541.975057][T11625] ? __pte_alloc+0x1d/0x1a0 [ 541.975087][T11625] __pte_alloc+0x25/0x1a0 [ 541.975110][T11625] ? do_raw_spin_lock+0x121/0x290 [ 541.975143][T11625] do_pte_missing+0x2b14/0x3360 [ 541.975175][T11625] ? do_raw_spin_unlock+0x122/0x240 [ 541.975206][T11625] ? _raw_spin_unlock+0x28/0x50 [ 541.975244][T11625] handle_mm_fault+0x1b26/0x32a0 [ 541.975281][T11625] ? handle_mm_fault+0xdb/0x32a0 [ 541.975317][T11625] ? __pfx_handle_mm_fault+0x10/0x10 [ 541.975365][T11625] ? lock_mm_and_find_vma+0x9c/0x300 [ 541.975398][T11625] do_user_addr_fault+0x764/0x1380 [ 541.975437][T11625] exc_page_fault+0x82/0x100 [ 541.975481][T11625] asm_exc_page_fault+0x26/0x30 [ 541.975502][T11625] RIP: 0010:__put_user_4+0xd/0x20 [ 541.975522][T11625] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 541.975541][T11625] RSP: 0018:ffffc90003a3fcb8 EFLAGS: 00050202 [ 541.975560][T11625] RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000200000000080 [ 541.975575][T11625] RDX: 0000000000000000 RSI: ffffffff8dc71e5c RDI: ffffffff8be111e0 [ 541.975588][T11625] RBP: ffffc90003a3fe58 R08: 0000000000000000 R09: ffffffff820eec00 [ 541.975602][T11625] R10: dffffc0000000000 R11: fffffbfff1c3a744 R12: fffffbfff33f47c6 [ 541.975617][T11625] R13: 0000000000000050 R14: 0000200000000080 R15: 0000000000000001 [ 541.975639][T11625] ? __might_fault+0xb0/0x130 [ 541.975675][T11625] vt_ioctl+0x181b/0x1f20 [ 541.975708][T11625] ? __pfx_vt_ioctl+0x10/0x10 [ 541.975750][T11625] ? __fget_files+0x2a/0x420 [ 541.975779][T11625] ? tty_jobctrl_ioctl+0x369/0xb70 [ 541.975804][T11625] ? __fget_files+0x3a0/0x420 [ 541.975826][T11625] ? __fget_files+0x2a/0x420 [ 541.975852][T11625] tty_ioctl+0x929/0xde0 [ 541.975882][T11625] ? __pfx_tty_ioctl+0x10/0x10 [ 541.975912][T11625] __se_sys_ioctl+0xfc/0x170 [ 541.975946][T11625] do_syscall_64+0xfa/0xfa0 [ 541.975967][T11625] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.975987][T11625] ? clear_bhb_loop+0x60/0xb0 [ 541.976012][T11625] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 541.976031][T11625] RIP: 0033:0x7fb58fd8f6c9 [ 541.976050][T11625] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 541.976067][T11625] RSP: 002b:00007fb590ca5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 541.976089][T11625] RAX: ffffffffffffffda RBX: 00007fb58ffe5fa0 RCX: 00007fb58fd8f6c9 [ 541.976103][T11625] RDX: 0000200000000080 RSI: 0000000000005600 RDI: 0000000000000003 [ 541.976117][T11625] RBP: 00007fb590ca5090 R08: 0000000000000000 R09: 0000000000000000 [ 541.976129][T11625] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 541.976141][T11625] R13: 00007fb58ffe6038 R14: 00007fb58ffe5fa0 R15: 00007ffcc85f1d38 [ 541.976175][T11625] [ 542.327170][ T5939] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61 [ 542.376346][ T9] gspca_stk1135: reg_w 0x200 err -71 [ 542.377401][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 542.377421][ T9] gspca_stk1135: Sensor write failed [ 542.377460][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 542.377473][ T9] gspca_stk1135: Sensor write failed [ 542.377521][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 542.377538][ T9] gspca_stk1135: Sensor read failed [ 542.377577][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 542.377589][ T9] gspca_stk1135: Sensor read failed [ 542.377599][ T9] gspca_stk1135: Detected sensor type unknown (0x0) [ 542.377641][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 542.377661][ T9] gspca_stk1135: Sensor read failed [ 542.377699][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 542.377712][ T9] gspca_stk1135: Sensor read failed [ 542.377750][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 542.377763][ T9] gspca_stk1135: Sensor write failed [ 542.377791][ T9] gspca_stk1135: serial bus timeout: status=0x00 [ 542.377804][ T9] gspca_stk1135: Sensor write failed [ 542.377901][ T9] stk1135 2-1:0.255: probe with driver stk1135 failed with error -71 [ 542.383198][ T9] usb 2-1: USB disconnect, device number 83 [ 542.440397][ T5939] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61 [ 542.440433][ T5939] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 542.441006][ T5939] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -61 [ 542.719518][T11627] netlink: 32 bytes leftover after parsing attributes in process `syz.2.2077'. [ 542.874797][T11631] netlink: 'syz.2.2079': attribute type 11 has an invalid length. [ 542.887246][T11631] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2079'. [ 543.100237][T11641] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2082'. [ 543.247603][T11650] netlink: 'syz.3.2086': attribute type 27 has an invalid length. [ 543.265576][T11650] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 543.538435][T11664] FAULT_INJECTION: forcing a failure. [ 543.538435][T11664] name failslab, interval 1, probability 0, space 0, times 0 [ 543.557722][T11664] CPU: 1 UID: 0 PID: 11664 Comm: syz.1.2092 Not tainted syzkaller #0 PREEMPT(full) [ 543.557751][T11664] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 543.557763][T11664] Call Trace: [ 543.557772][T11664] [ 543.557782][T11664] dump_stack_lvl+0x189/0x250 [ 543.557813][T11664] ? __pfx____ratelimit+0x10/0x10 [ 543.557843][T11664] ? __pfx_dump_stack_lvl+0x10/0x10 [ 543.557868][T11664] ? __pfx__printk+0x10/0x10 [ 543.557898][T11664] ? __pfx___might_resched+0x10/0x10 [ 543.557925][T11664] should_fail_ex+0x414/0x560 [ 543.557960][T11664] should_failslab+0xa8/0x100 [ 543.557992][T11664] kmem_cache_alloc_noprof+0x88/0x700 [ 543.558019][T11664] ? ptlock_alloc+0x20/0x70 [ 543.558049][T11664] ptlock_alloc+0x20/0x70 [ 543.558075][T11664] pte_alloc_one+0x7a/0x370 [ 543.558098][T11664] ? __pte_alloc+0x1d/0x1a0 [ 543.558126][T11664] __pte_alloc+0x25/0x1a0 [ 543.558151][T11664] ? do_raw_spin_lock+0x121/0x290 [ 543.558182][T11664] do_pte_missing+0x2b14/0x3360 [ 543.558216][T11664] ? do_raw_spin_unlock+0x122/0x240 [ 543.558248][T11664] ? _raw_spin_unlock+0x28/0x50 [ 543.558283][T11664] handle_mm_fault+0x1b26/0x32a0 [ 543.558322][T11664] ? handle_mm_fault+0xdb/0x32a0 [ 543.558357][T11664] ? __pfx_handle_mm_fault+0x10/0x10 [ 543.558402][T11664] ? lock_mm_and_find_vma+0x9c/0x300 [ 543.558432][T11664] do_user_addr_fault+0x764/0x1380 [ 543.558473][T11664] exc_page_fault+0x82/0x100 [ 543.558505][T11664] asm_exc_page_fault+0x26/0x30 [ 543.558524][T11664] RIP: 0010:__put_user_4+0xd/0x20 [ 543.558543][T11664] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 543.558559][T11664] RSP: 0018:ffffc900037ffcb8 EFLAGS: 00050202 [ 543.558578][T11664] RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000200000000080 [ 543.558592][T11664] RDX: 0000000000000000 RSI: ffffffff8dc71e5c RDI: ffffffff8be111e0 [ 543.558606][T11664] RBP: ffffc900037ffe58 R08: 0000000000000000 R09: ffffffff820eec00 [ 543.558620][T11664] R10: dffffc0000000000 R11: fffffbfff1c3a744 R12: fffffbfff33f47c6 [ 543.558634][T11664] R13: 0000000000000050 R14: 0000200000000080 R15: 0000000000000001 [ 543.558665][T11664] ? __might_fault+0xb0/0x130 [ 543.558699][T11664] vt_ioctl+0x181b/0x1f20 [ 543.558731][T11664] ? __pfx_vt_ioctl+0x10/0x10 [ 543.558773][T11664] ? __fget_files+0x2a/0x420 [ 543.558798][T11664] ? tty_jobctrl_ioctl+0x369/0xb70 [ 543.558820][T11664] ? __fget_files+0x3a0/0x420 [ 543.558840][T11664] ? __fget_files+0x2a/0x420 [ 543.558866][T11664] tty_ioctl+0x929/0xde0 [ 543.558896][T11664] ? __pfx_tty_ioctl+0x10/0x10 [ 543.558926][T11664] __se_sys_ioctl+0xfc/0x170 [ 543.558957][T11664] do_syscall_64+0xfa/0xfa0 [ 543.558977][T11664] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.558995][T11664] ? clear_bhb_loop+0x60/0xb0 [ 543.559019][T11664] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 543.559037][T11664] RIP: 0033:0x7fdb3158f6c9 [ 543.559055][T11664] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 543.559072][T11664] RSP: 002b:00007fdb3237e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 543.559092][T11664] RAX: ffffffffffffffda RBX: 00007fdb317e5fa0 RCX: 00007fdb3158f6c9 [ 543.559106][T11664] RDX: 0000200000000080 RSI: 0000000000005600 RDI: 0000000000000003 [ 543.559119][T11664] RBP: 00007fdb3237e090 R08: 0000000000000000 R09: 0000000000000000 [ 543.559132][T11664] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 543.559146][T11664] R13: 00007fdb317e6038 R14: 00007fdb317e5fa0 R15: 00007fffa4c49348 [ 543.559183][T11664] [ 543.646211][ T5939] usb 1-1: USB disconnect, device number 101 [ 543.985558][T11670] kvm: kvm [11669]: vcpu0, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0x3030303030303030 [ 544.105290][ T45] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 544.265123][ T45] usb 2-1: Using ep0 maxpacket: 32 [ 544.272576][ T45] usb 2-1: config 0 has an invalid interface number: 255 but max is 0 [ 544.283274][ T45] usb 2-1: config 0 has no interface number 0 [ 544.293665][ T45] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 544.307093][ T45] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 544.321202][ T45] usb 2-1: config 0 interface 255 has no altsetting 0 [ 544.332479][ T45] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 544.342419][ T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.351603][ T45] usb 2-1: Product: syz [ 544.356224][ T45] usb 2-1: Manufacturer: syz [ 544.361031][ T45] usb 2-1: SerialNumber: syz [ 544.370201][ T45] usb 2-1: config 0 descriptor?? [ 544.525177][ T5878] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 544.583876][ T45] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 544.695146][ T5878] usb 3-1: Using ep0 maxpacket: 8 [ 544.705096][ T5878] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 544.714209][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 544.722470][ T5878] usb 3-1: Product: syz [ 544.726951][ T5878] usb 3-1: Manufacturer: syz [ 544.731558][ T5878] usb 3-1: SerialNumber: syz [ 544.739312][ T5878] usb 3-1: config 0 descriptor?? [ 544.795299][ T9839] usb 1-1: new high-speed USB device number 102 using dummy_hcd [ 544.948618][ T9839] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 544.971267][ T9839] usb 1-1: can't read configurations, error -61 [ 544.983712][ T5878] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 545.049565][T11690] FAULT_INJECTION: forcing a failure. [ 545.049565][T11690] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 545.064719][T11690] CPU: 0 UID: 0 PID: 11690 Comm: syz.3.2103 Not tainted syzkaller #0 PREEMPT(full) [ 545.064749][T11690] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 545.064761][T11690] Call Trace: [ 545.064770][T11690] [ 545.064780][T11690] dump_stack_lvl+0x189/0x250 [ 545.064812][T11690] ? __pfx____ratelimit+0x10/0x10 [ 545.064843][T11690] ? __pfx_dump_stack_lvl+0x10/0x10 [ 545.064869][T11690] ? __pfx__printk+0x10/0x10 [ 545.064894][T11690] ? __might_fault+0xb0/0x130 [ 545.064933][T11690] should_fail_ex+0x414/0x560 [ 545.064968][T11690] _copy_from_user+0x2d/0xb0 [ 545.064995][T11690] do_handle_open+0xd7/0x8f0 [ 545.065032][T11690] ? __pfx_do_handle_open+0x10/0x10 [ 545.065059][T11690] ? ksys_write+0x22a/0x250 [ 545.065083][T11690] ? __pfx_ksys_write+0x10/0x10 [ 545.065107][T11690] ? do_syscall_64+0xbe/0xfa0 [ 545.065132][T11690] do_syscall_64+0xfa/0xfa0 [ 545.065153][T11690] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.065173][T11690] ? clear_bhb_loop+0x60/0xb0 [ 545.065198][T11690] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 545.065218][T11690] RIP: 0033:0x7f5dfcf8f6c9 [ 545.065238][T11690] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 545.065256][T11690] RSP: 002b:00007f5dfddc1038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 545.065279][T11690] RAX: ffffffffffffffda RBX: 00007f5dfd1e5fa0 RCX: 00007f5dfcf8f6c9 [ 545.065295][T11690] RDX: 0000000000400040 RSI: 0000200000000900 RDI: 0000000000000003 [ 545.065309][T11690] RBP: 00007f5dfddc1090 R08: 0000000000000000 R09: 0000000000000000 [ 545.065323][T11690] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 545.065335][T11690] R13: 00007f5dfd1e6038 R14: 00007f5dfd1e5fa0 R15: 00007ffdd14554b8 [ 545.065369][T11690] [ 545.125315][ T9839] usb 1-1: new high-speed USB device number 103 using dummy_hcd [ 545.427396][ T9839] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 545.435229][ T9839] usb 1-1: can't read configurations, error -61 [ 545.441944][ T9839] usb usb1-port1: attempt power cycle [ 545.805227][ T9839] usb 1-1: new high-speed USB device number 104 using dummy_hcd [ 545.827394][ T9839] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 545.837084][ T9839] usb 1-1: can't read configurations, error -61 [ 545.975241][ T9839] usb 1-1: new high-speed USB device number 105 using dummy_hcd [ 545.998462][ T9839] usb 1-1: unable to read config index 0 descriptor/start: -61 [ 546.006565][ T9839] usb 1-1: can't read configurations, error -61 [ 546.013149][ T9839] usb usb1-port1: unable to enumerate USB device [ 546.020774][ T45] gspca_stk1135: reg_w 0xf err -71 [ 546.027122][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 546.033612][ T45] gspca_stk1135: Sensor write failed [ 546.039086][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 546.045525][ T45] gspca_stk1135: Sensor write failed [ 546.050882][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 546.057355][ T45] gspca_stk1135: Sensor read failed [ 546.062639][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 546.069934][ T45] gspca_stk1135: Sensor read failed [ 546.075663][ T45] gspca_stk1135: Detected sensor type unknown (0x0) [ 546.082535][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 546.090398][ T45] gspca_stk1135: Sensor read failed [ 546.095826][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 546.102229][ T45] gspca_stk1135: Sensor read failed [ 546.107543][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 546.113978][ T45] gspca_stk1135: Sensor write failed [ 546.119438][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 546.126036][ T45] gspca_stk1135: Sensor write failed [ 546.131530][ T45] stk1135 2-1:0.255: probe with driver stk1135 failed with error -71 [ 546.147675][ T45] usb 2-1: USB disconnect, device number 84 [ 546.158406][ T5878] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 546.178220][ T5878] usb 3-1: USB disconnect, device number 70 [ 546.318996][T11696] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2106'. [ 546.361399][T11698] netlink: 'syz.2.2107': attribute type 27 has an invalid length. [ 546.374580][T11698] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 547.335133][ T9] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 547.488165][ T9] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 547.498376][ T9] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 547.513416][ T9] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 547.529231][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 547.541190][ T9] usb 3-1: config 0 descriptor?? [ 547.776049][T11712] Bluetooth: hci0: Opcode 0x0c03 failed: -4 [ 547.882187][T11726] FAULT_INJECTION: forcing a failure. [ 547.882187][T11726] name failslab, interval 1, probability 0, space 0, times 0 [ 547.895178][T11726] CPU: 1 UID: 0 PID: 11726 Comm: syz.1.2119 Not tainted syzkaller #0 PREEMPT(full) [ 547.895207][T11726] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 547.895218][T11726] Call Trace: [ 547.895227][T11726] [ 547.895234][T11726] dump_stack_lvl+0x189/0x250 [ 547.895265][T11726] ? __pfx____ratelimit+0x10/0x10 [ 547.895290][T11726] ? __pfx_dump_stack_lvl+0x10/0x10 [ 547.895310][T11726] ? __pfx__printk+0x10/0x10 [ 547.895335][T11726] ? __pfx___might_resched+0x10/0x10 [ 547.895366][T11726] should_fail_ex+0x414/0x560 [ 547.895404][T11726] should_failslab+0xa8/0x100 [ 547.895431][T11726] __kmalloc_noprof+0xdf/0x800 [ 547.895452][T11726] ? do_handle_open+0x4d4/0x8f0 [ 547.895477][T11726] do_handle_open+0x4d4/0x8f0 [ 547.895502][T11726] ? __pfx_do_handle_open+0x10/0x10 [ 547.895523][T11726] ? ksys_write+0x22a/0x250 [ 547.895545][T11726] ? __pfx_ksys_write+0x10/0x10 [ 547.895565][T11726] ? do_syscall_64+0xbe/0xfa0 [ 547.895583][T11726] do_syscall_64+0xfa/0xfa0 [ 547.895600][T11726] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.895615][T11726] ? clear_bhb_loop+0x60/0xb0 [ 547.895636][T11726] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 547.895652][T11726] RIP: 0033:0x7fdb3158f6c9 [ 547.895667][T11726] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 547.895684][T11726] RSP: 002b:00007fdb3237e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 547.895705][T11726] RAX: ffffffffffffffda RBX: 00007fdb317e5fa0 RCX: 00007fdb3158f6c9 [ 547.895717][T11726] RDX: 0000000000400040 RSI: 0000200000000900 RDI: 0000000000000003 [ 547.895728][T11726] RBP: 00007fdb3237e090 R08: 0000000000000000 R09: 0000000000000000 [ 547.895738][T11726] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 547.895748][T11726] R13: 00007fdb317e6038 R14: 00007fdb317e5fa0 R15: 00007fffa4c49348 [ 547.895775][T11726] [ 548.094029][ T5878] usb 1-1: new high-speed USB device number 106 using dummy_hcd [ 548.119087][ T9] kovaplus 0003:1E7D:2D50.0019: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.2-1/input0 [ 548.245129][ T5878] usb 1-1: Using ep0 maxpacket: 32 [ 548.252825][ T5878] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 548.265204][ T5878] usb 1-1: config 0 has no interface number 0 [ 548.271352][ T5878] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 548.284752][ T5878] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 548.298977][ T5878] usb 1-1: config 0 interface 255 has no altsetting 0 [ 548.323040][ T5878] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 548.337219][ T5878] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.346595][ T5878] usb 1-1: Product: syz [ 548.351114][ T5878] usb 1-1: Manufacturer: syz [ 548.355816][ T5878] usb 1-1: SerialNumber: syz [ 548.375631][ T5878] usb 1-1: config 0 descriptor?? [ 548.381194][T10888] Bluetooth: hci2: Malformed Event: 0x13 [ 548.614690][ T5878] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 548.675191][ T45] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 548.845147][ T45] usb 2-1: Using ep0 maxpacket: 32 [ 548.853902][ T45] usb 2-1: config 0 has an invalid interface number: 184 but max is 0 [ 548.862225][ T45] usb 2-1: config 0 has no interface number 0 [ 548.868574][ T45] usb 2-1: config 0 interface 184 has no altsetting 0 [ 548.878379][ T45] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 548.887635][ T45] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.895837][ T45] usb 2-1: Product: syz [ 548.900044][ T45] usb 2-1: Manufacturer: syz [ 548.904696][ T45] usb 2-1: SerialNumber: syz [ 548.913027][ T45] usb 2-1: config 0 descriptor?? [ 548.920906][ T45] smsc75xx v1.0.0 [ 549.122267][ T9] kovaplus 0003:1E7D:2D50.0019: couldn't init struct kovaplus_device [ 549.133005][ T9] kovaplus 0003:1E7D:2D50.0019: couldn't install mouse [ 549.142089][ T9] kovaplus 0003:1E7D:2D50.0019: probe with driver kovaplus failed with error -71 [ 549.156966][ T9] usb 3-1: USB disconnect, device number 71 [ 549.533650][ T45] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 549.545442][ T45] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 549.633840][ T5878] gspca_stk1135: reg_w 0xd err -71 [ 549.644609][ T5878] gspca_stk1135: serial bus timeout: status=0x00 [ 549.653164][ T5878] gspca_stk1135: Sensor write failed [ 549.659092][ T5878] gspca_stk1135: serial bus timeout: status=0x00 [ 549.665866][ T5878] gspca_stk1135: Sensor write failed [ 549.672527][ T5878] gspca_stk1135: serial bus timeout: status=0x00 [ 549.682251][ T5878] gspca_stk1135: Sensor read failed [ 549.687971][ T5878] gspca_stk1135: serial bus timeout: status=0x00 [ 549.694527][ T5878] gspca_stk1135: Sensor read failed [ 549.697475][T11743] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2125'. [ 549.700779][ T5878] gspca_stk1135: Detected sensor type unknown (0x0) [ 549.716077][ T5878] gspca_stk1135: serial bus timeout: status=0x00 [ 549.722916][ T5878] gspca_stk1135: Sensor read failed [ 549.728520][ T5878] gspca_stk1135: serial bus timeout: status=0x00 [ 549.734966][ T5878] gspca_stk1135: Sensor read failed [ 549.740347][ T5878] gspca_stk1135: serial bus timeout: status=0x00 [ 549.747192][ T5878] gspca_stk1135: Sensor write failed [ 549.752555][ T5878] gspca_stk1135: serial bus timeout: status=0x00 [ 549.759455][ T5878] gspca_stk1135: Sensor write failed [ 549.766237][ T5878] stk1135 1-1:0.255: probe with driver stk1135 failed with error -71 [ 549.789164][ T5878] usb 1-1: USB disconnect, device number 106 [ 549.808675][T11745] netlink: 'syz.2.2126': attribute type 27 has an invalid length. [ 549.824592][T11745] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 549.902675][T11747] netlink: 132 bytes leftover after parsing attributes in process `syz.2.2127'. [ 550.287672][ T5878] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 550.455122][ T5878] usb 3-1: Using ep0 maxpacket: 32 [ 550.462058][ T5878] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 550.470453][ T5878] usb 3-1: config 0 has no interface number 0 [ 550.476775][ T5878] usb 3-1: config 0 interface 184 has no altsetting 0 [ 550.486244][ T5878] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 550.496124][ T5878] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 550.504221][ T5878] usb 3-1: Product: syz [ 550.508464][ T5878] usb 3-1: Manufacturer: syz [ 550.513120][ T5878] usb 3-1: SerialNumber: syz [ 550.520488][ T5878] usb 3-1: config 0 descriptor?? [ 550.525575][ T9] usb 1-1: new high-speed USB device number 107 using dummy_hcd [ 550.530501][ T5878] smsc75xx v1.0.0 [ 550.675290][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 550.682305][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 550.694740][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 550.706145][ T9] usb 1-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 550.716400][ T9] usb 1-1: New USB device strings: Mfr=32, Product=0, SerialNumber=0 [ 550.724531][ T9] usb 1-1: Manufacturer: syz [ 550.735419][ T9] usb 1-1: config 0 descriptor?? [ 550.969088][ T45] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 550.982201][ T45] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 550.992099][ T45] smsc75xx 2-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 551.004086][ T45] smsc75xx 2-1:0.184: probe with driver smsc75xx failed with error -71 [ 551.018315][ T45] usb 2-1: USB disconnect, device number 85 [ 551.142536][ T5878] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 551.149916][ T9] usbhid 1-1:0.0: can't add hid device: -32 [ 551.154066][ T5878] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 551.160715][ T9] usbhid 1-1:0.0: probe with driver usbhid failed with error -32 [ 551.772724][ T5878] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61 [ 551.783661][ T5878] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61 [ 551.793389][ T5878] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 551.802964][ T5878] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -61 [ 551.965127][ T5878] usb 2-1: new low-speed USB device number 86 using dummy_hcd [ 552.115141][ T5878] usb 2-1: Invalid ep0 maxpacket: 32 [ 552.245144][ T5878] usb 2-1: new low-speed USB device number 87 using dummy_hcd [ 552.415175][ T5878] usb 2-1: Invalid ep0 maxpacket: 32 [ 552.420881][ T5878] usb usb2-port1: attempt power cycle [ 552.765159][ T5878] usb 2-1: new low-speed USB device number 88 using dummy_hcd [ 552.786691][ T5878] usb 2-1: Invalid ep0 maxpacket: 32 [ 552.915148][ T5878] usb 2-1: new low-speed USB device number 89 using dummy_hcd [ 552.935566][ T5878] usb 2-1: Invalid ep0 maxpacket: 32 [ 552.941229][ T5878] usb usb2-port1: unable to enumerate USB device [ 553.067347][ T9] usb 3-1: USB disconnect, device number 72 [ 553.139348][T11773] FAULT_INJECTION: forcing a failure. [ 553.139348][T11773] name failslab, interval 1, probability 0, space 0, times 0 [ 553.153731][T11773] CPU: 0 UID: 0 PID: 11773 Comm: syz.2.2136 Not tainted syzkaller #0 PREEMPT(full) [ 553.153756][T11773] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 553.153766][T11773] Call Trace: [ 553.153773][T11773] [ 553.153780][T11773] dump_stack_lvl+0x189/0x250 [ 553.153807][T11773] ? __pfx____ratelimit+0x10/0x10 [ 553.153831][T11773] ? __pfx_dump_stack_lvl+0x10/0x10 [ 553.153857][T11773] ? __pfx__printk+0x10/0x10 [ 553.153889][T11773] ? __pfx___might_resched+0x10/0x10 [ 553.153912][T11773] ? fs_reclaim_acquire+0x7d/0x100 [ 553.153947][T11773] should_fail_ex+0x414/0x560 [ 553.153983][T11773] should_failslab+0xa8/0x100 [ 553.154015][T11773] kmem_cache_alloc_noprof+0x88/0x700 [ 553.154042][T11773] ? __anon_vma_prepare+0x117/0x4a0 [ 553.154074][T11773] __anon_vma_prepare+0x117/0x4a0 [ 553.154097][T11773] ? __pte_alloc+0x15e/0x1a0 [ 553.154118][T11773] do_pte_missing+0x2c5e/0x3360 [ 553.154138][T11773] ? do_raw_spin_unlock+0x122/0x240 [ 553.154156][T11773] ? _raw_spin_unlock+0x28/0x50 [ 553.154178][T11773] handle_mm_fault+0x1b26/0x32a0 [ 553.154199][T11773] ? handle_mm_fault+0xdb/0x32a0 [ 553.154219][T11773] ? __pfx_handle_mm_fault+0x10/0x10 [ 553.154245][T11773] ? lock_mm_and_find_vma+0x9c/0x300 [ 553.154262][T11773] do_user_addr_fault+0x764/0x1380 [ 553.154285][T11773] exc_page_fault+0x82/0x100 [ 553.154305][T11773] asm_exc_page_fault+0x26/0x30 [ 553.154316][T11773] RIP: 0010:__put_user_4+0xd/0x20 [ 553.154333][T11773] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 553.154344][T11773] RSP: 0018:ffffc9000408fcb8 EFLAGS: 00050202 [ 553.154357][T11773] RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000200000000080 [ 553.154366][T11773] RDX: 0000000000000000 RSI: ffffffff8dc71e5c RDI: ffffffff8be111e0 [ 553.154375][T11773] RBP: ffffc9000408fe58 R08: 0000000000000000 R09: ffffffff820eec00 [ 553.154383][T11773] R10: dffffc0000000000 R11: fffffbfff1c3a744 R12: fffffbfff33f47c6 [ 553.154392][T11773] R13: 0000000000000050 R14: 0000200000000080 R15: 0000000000000001 [ 553.154414][T11773] ? __might_fault+0xb0/0x130 [ 553.154434][T11773] vt_ioctl+0x181b/0x1f20 [ 553.154454][T11773] ? __pfx_vt_ioctl+0x10/0x10 [ 553.154479][T11773] ? __fget_files+0x2a/0x420 [ 553.154495][T11773] ? tty_jobctrl_ioctl+0x369/0xb70 [ 553.154510][T11773] ? __fget_files+0x3a0/0x420 [ 553.154523][T11773] ? __fget_files+0x2a/0x420 [ 553.154538][T11773] tty_ioctl+0x929/0xde0 [ 553.154557][T11773] ? __pfx_tty_ioctl+0x10/0x10 [ 553.154575][T11773] __se_sys_ioctl+0xfc/0x170 [ 553.154594][T11773] do_syscall_64+0xfa/0xfa0 [ 553.154607][T11773] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.154619][T11773] ? clear_bhb_loop+0x60/0xb0 [ 553.154634][T11773] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 553.154652][T11773] RIP: 0033:0x7fb58fd8f6c9 [ 553.154664][T11773] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 553.154674][T11773] RSP: 002b:00007fb590ca5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 553.154687][T11773] RAX: ffffffffffffffda RBX: 00007fb58ffe5fa0 RCX: 00007fb58fd8f6c9 [ 553.154696][T11773] RDX: 0000200000000080 RSI: 0000000000005600 RDI: 0000000000000003 [ 553.154704][T11773] RBP: 00007fb590ca5090 R08: 0000000000000000 R09: 0000000000000000 [ 553.154712][T11773] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 553.154719][T11773] R13: 00007fb58ffe6038 R14: 00007fb58ffe5fa0 R15: 00007ffcc85f1d38 [ 553.154739][T11773] [ 553.537578][ T5939] usb 1-1: USB disconnect, device number 107 [ 553.845202][ T9] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 553.995361][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 554.000725][ T5939] usb 1-1: new high-speed USB device number 108 using dummy_hcd [ 554.011108][ T9] usb 3-1: unable to get BOS descriptor or descriptor too short [ 554.020070][ T9] usb 3-1: config 128 has an invalid interface number: 127 but max is 3 [ 554.028679][ T9] usb 3-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 554.039118][ T9] usb 3-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 554.048365][ T9] usb 3-1: config 128 has no interface number 0 [ 554.054742][ T9] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 554.066579][ T9] usb 3-1: config 128 interface 127 altsetting 14 endpoint 0x5 has invalid wMaxPacketSize 0 [ 554.079135][ T9] usb 3-1: config 128 interface 127 has no altsetting 0 [ 554.088802][ T9] usb 3-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 554.097962][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 554.106030][ T9] usb 3-1: Product: syz [ 554.110217][ T9] usb 3-1: Manufacturer: syz [ 554.114811][ T9] usb 3-1: SerialNumber: syz [ 554.156789][ T5939] usb 1-1: too many endpoints for config 0 interface 0 altsetting 32: 129, using maximum allowed: 30 [ 554.167896][ T5939] usb 1-1: config 0 interface 0 altsetting 32 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 554.180535][ T5939] usb 1-1: config 0 interface 0 altsetting 32 has 1 endpoint descriptor, different from the interface descriptor's value: 129 [ 554.193976][ T5939] usb 1-1: config 0 interface 0 has no altsetting 0 [ 554.200885][ T5939] usb 1-1: New USB device found, idVendor=056a, idProduct=033d, bcdDevice= 0.00 [ 554.210047][ T5939] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 554.220536][ T5939] usb 1-1: config 0 descriptor?? [ 554.349847][ T9] usb 3-1: USB disconnect, device number 73 [ 554.371658][ T5925] udevd[5925]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 554.770742][T11785] FAULT_INJECTION: forcing a failure. [ 554.770742][T11785] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 554.785434][T11785] CPU: 0 UID: 0 PID: 11785 Comm: syz.1.2142 Not tainted syzkaller #0 PREEMPT(full) [ 554.785465][T11785] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 554.785478][T11785] Call Trace: [ 554.785488][T11785] [ 554.785502][T11785] dump_stack_lvl+0x189/0x250 [ 554.785535][T11785] ? __pfx____ratelimit+0x10/0x10 [ 554.785565][T11785] ? __pfx_dump_stack_lvl+0x10/0x10 [ 554.785592][T11785] ? __pfx__printk+0x10/0x10 [ 554.785617][T11785] ? __might_fault+0xb0/0x130 [ 554.785665][T11785] should_fail_ex+0x414/0x560 [ 554.785702][T11785] _copy_from_user+0x2d/0xb0 [ 554.785729][T11785] do_handle_open+0x54d/0x8f0 [ 554.785764][T11785] ? __pfx_do_handle_open+0x10/0x10 [ 554.785792][T11785] ? ksys_write+0x22a/0x250 [ 554.785815][T11785] ? __pfx_ksys_write+0x10/0x10 [ 554.785840][T11785] ? do_syscall_64+0xbe/0xfa0 [ 554.785863][T11785] do_syscall_64+0xfa/0xfa0 [ 554.785884][T11785] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.785904][T11785] ? clear_bhb_loop+0x60/0xb0 [ 554.785930][T11785] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 554.785949][T11785] RIP: 0033:0x7fdb3158f6c9 [ 554.785968][T11785] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 554.785985][T11785] RSP: 002b:00007fdb3237e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000130 [ 554.786008][T11785] RAX: ffffffffffffffda RBX: 00007fdb317e5fa0 RCX: 00007fdb3158f6c9 [ 554.786024][T11785] RDX: 0000000000400040 RSI: 0000200000000900 RDI: 0000000000000003 [ 554.786039][T11785] RBP: 00007fdb3237e090 R08: 0000000000000000 R09: 0000000000000000 [ 554.786052][T11785] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 554.786065][T11785] R13: 00007fdb317e6038 R14: 00007fdb317e5fa0 R15: 00007fffa4c49348 [ 554.786101][T11785] [ 555.009406][T11781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 555.021112][T11781] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 555.062229][ T5939] usbhid 1-1:0.0: can't add hid device: -71 [ 555.071872][ T5939] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 555.092776][ T5939] usb 1-1: USB disconnect, device number 108 [ 555.100292][T11791] trusted_key: encrypted_key: insufficient parameters specified [ 555.109186][T11791] trusted_key: encrypted_key: insufficient parameters specified [ 555.385214][ T10] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 555.535138][ T10] usb 2-1: Using ep0 maxpacket: 32 [ 555.541932][ T10] usb 2-1: config 0 has an invalid interface number: 255 but max is 0 [ 555.550451][ T10] usb 2-1: config 0 has no interface number 0 [ 555.556773][ T10] usb 2-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 555.567938][ T5878] usb 1-1: new high-speed USB device number 109 using dummy_hcd [ 555.572046][ T45] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 555.576012][ T10] usb 2-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 555.604191][ T10] usb 2-1: config 0 interface 255 has no altsetting 0 [ 555.614316][ T10] usb 2-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 555.623634][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.631740][ T10] usb 2-1: Product: syz [ 555.635972][ T10] usb 2-1: Manufacturer: syz [ 555.640611][ T10] usb 2-1: SerialNumber: syz [ 555.651155][ T10] usb 2-1: config 0 descriptor?? [ 555.725169][ T5878] usb 1-1: Using ep0 maxpacket: 8 [ 555.734347][ T5878] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 555.743771][ T5878] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.751883][ T45] usb 3-1: Using ep0 maxpacket: 32 [ 555.757147][ T5878] usb 1-1: Product: syz [ 555.761442][ T5878] usb 1-1: Manufacturer: syz [ 555.766205][ T5878] usb 1-1: SerialNumber: syz [ 555.772593][ T45] usb 3-1: config 0 has an invalid interface number: 255 but max is 0 [ 555.781648][ T45] usb 3-1: config 0 has no interface number 0 [ 555.788951][ T5878] usb 1-1: config 0 descriptor?? [ 555.793974][ T45] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 555.805825][ T45] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 555.822810][ T45] usb 3-1: config 0 interface 255 has no altsetting 0 [ 555.832609][ T45] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 555.841866][ T45] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.850054][ T45] usb 3-1: Product: syz [ 555.854484][ T45] usb 3-1: Manufacturer: syz [ 555.859587][ T45] usb 3-1: SerialNumber: syz [ 555.868192][ T10] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 555.869247][ T45] usb 3-1: config 0 descriptor?? [ 556.023052][ T5878] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 556.091181][T11804] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 556.093833][ T45] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 556.100471][T11804] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 556.303460][ T45] gspca_stk1135: reg_w 0x2 err -71 [ 556.312047][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 556.318574][ T45] gspca_stk1135: Sensor write failed [ 556.323988][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 556.331709][ T45] gspca_stk1135: Sensor write failed [ 556.337318][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 556.343787][ T45] gspca_stk1135: Sensor read failed [ 556.349186][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 556.355935][ T45] gspca_stk1135: Sensor read failed [ 556.361775][ T45] gspca_stk1135: Detected sensor type unknown (0x0) [ 556.368660][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 556.375116][ T45] gspca_stk1135: Sensor read failed [ 556.380438][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 556.386845][ T45] gspca_stk1135: Sensor read failed [ 556.392088][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 556.398526][ T45] gspca_stk1135: Sensor write failed [ 556.403862][ T45] gspca_stk1135: serial bus timeout: status=0x00 [ 556.410253][ T45] gspca_stk1135: Sensor write failed [ 556.415691][ T45] stk1135 3-1:0.255: probe with driver stk1135 failed with error -71 [ 556.429261][ T45] usb 3-1: USB disconnect, device number 74 [ 556.686830][ T10] gspca_stk1135: reg_w 0x7 err -71 [ 556.693157][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 556.699931][ T10] gspca_stk1135: Sensor write failed [ 556.705738][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 556.712099][ T10] gspca_stk1135: Sensor write failed [ 556.717487][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 556.723849][ T10] gspca_stk1135: Sensor read failed [ 556.729124][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 556.737314][ T10] gspca_stk1135: Sensor read failed [ 556.742550][ T10] gspca_stk1135: Detected sensor type unknown (0x0) [ 556.749221][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 556.756800][ T10] gspca_stk1135: Sensor read failed [ 556.762055][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 556.768490][ T10] gspca_stk1135: Sensor read failed [ 556.773730][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 556.780590][ T10] gspca_stk1135: Sensor write failed [ 556.790484][ T10] gspca_stk1135: serial bus timeout: status=0x00 [ 556.797177][ T10] gspca_stk1135: Sensor write failed [ 556.802975][ T10] stk1135 2-1:0.255: probe with driver stk1135 failed with error -71 [ 556.821407][ T10] usb 2-1: USB disconnect, device number 90 [ 556.829768][T11807] netlink: 'syz.2.2148': attribute type 5 has an invalid length. [ 556.842622][T11807] netlink: 3657 bytes leftover after parsing attributes in process `syz.2.2148'. [ 556.853756][ T5878] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 556.865543][ T5878] dvbdev: DVB: registering new adapter (TerraTec NOXON DAB Stick) [ 556.873420][ T5878] usb 1-1: media controller created [ 556.889104][ T5878] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 556.938886][ T5878] i2c i2c-1: Added multiplexed i2c bus 2 [ 556.945499][ T5878] rtl2830 1-0010: Realtek RTL2830 successfully attached [ 556.952901][ T5878] usb 1-1: DVB: registering adapter 1 frontend 0 (Realtek RTL2830 (DVB-T))... [ 556.962326][ T5878] dvbdev: dvb_create_media_entity: media entity 'Realtek RTL2830 (DVB-T)' registered. [ 556.999060][ T5878] DVB: Unable to find symbol mxl5005s_attach() [ 557.073357][ T5878] usb 1-1: USB disconnect, device number 109 [ 557.095390][ T9] usb 3-1: new low-speed USB device number 75 using dummy_hcd [ 557.235237][ T9] usb 3-1: device descriptor read/64, error -71 [ 557.323946][T11811] FAULT_INJECTION: forcing a failure. [ 557.323946][T11811] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 557.337749][T11811] CPU: 1 UID: 0 PID: 11811 Comm: syz.1.2149 Not tainted syzkaller #0 PREEMPT(full) [ 557.337779][T11811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 557.337792][T11811] Call Trace: [ 557.337804][T11811] [ 557.337814][T11811] dump_stack_lvl+0x189/0x250 [ 557.337837][T11811] ? __pfx____ratelimit+0x10/0x10 [ 557.337856][T11811] ? __pfx_dump_stack_lvl+0x10/0x10 [ 557.337871][T11811] ? __pfx__printk+0x10/0x10 [ 557.337887][T11811] ? fs_reclaim_acquire+0x7d/0x100 [ 557.337909][T11811] should_fail_ex+0x414/0x560 [ 557.337931][T11811] prepare_alloc_pages+0x22b/0x650 [ 557.337953][T11811] __alloc_frozen_pages_noprof+0x123/0x370 [ 557.337974][T11811] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 557.337998][T11811] ? policy_nodemask+0x27c/0x720 [ 557.338014][T11811] ? __lock_acquire+0xab9/0xd20 [ 557.338030][T11811] alloc_pages_mpol+0x232/0x4a0 [ 557.338051][T11811] vma_alloc_folio_noprof+0xe4/0x200 [ 557.338068][T11811] ? __anon_vma_prepare+0x3d2/0x4a0 [ 557.338085][T11811] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 557.338103][T11811] ? up_write+0x1a8/0x430 [ 557.338117][T11811] ? do_raw_spin_unlock+0x122/0x240 [ 557.338139][T11811] folio_prealloc+0x30/0x180 [ 557.338156][T11811] do_pte_missing+0x14e7/0x3360 [ 557.338179][T11811] ? _raw_spin_unlock+0x28/0x50 [ 557.338201][T11811] handle_mm_fault+0x1b26/0x32a0 [ 557.338223][T11811] ? handle_mm_fault+0xdb/0x32a0 [ 557.338242][T11811] ? __pfx_handle_mm_fault+0x10/0x10 [ 557.338268][T11811] ? lock_mm_and_find_vma+0x9c/0x300 [ 557.338286][T11811] do_user_addr_fault+0x764/0x1380 [ 557.338309][T11811] exc_page_fault+0x82/0x100 [ 557.338329][T11811] asm_exc_page_fault+0x26/0x30 [ 557.338341][T11811] RIP: 0010:__put_user_4+0xd/0x20 [ 557.338353][T11811] Code: 66 89 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 48 89 cb 48 c1 fb 3f 48 09 d9 0f 01 cb <89> 01 31 c9 0f 01 ca c3 cc cc cc cc 90 90 90 90 90 90 90 90 90 90 [ 557.338364][T11811] RSP: 0018:ffffc90004b17cb8 EFLAGS: 00050202 [ 557.338377][T11811] RAX: 0000000000000002 RBX: 0000000000000000 RCX: 0000200000000080 [ 557.338386][T11811] RDX: 0000000000000000 RSI: ffffffff8dc71e5c RDI: ffffffff8be111e0 [ 557.338395][T11811] RBP: ffffc90004b17e58 R08: 0000000000000000 R09: ffffffff820eec00 [ 557.338411][T11811] R10: dffffc0000000000 R11: fffffbfff1c3a744 R12: fffffbfff33f47c6 [ 557.338420][T11811] R13: 0000000000000050 R14: 0000200000000080 R15: 0000000000000001 [ 557.338432][T11811] ? __might_fault+0xb0/0x130 [ 557.338453][T11811] vt_ioctl+0x181b/0x1f20 [ 557.338472][T11811] ? __pfx_vt_ioctl+0x10/0x10 [ 557.338497][T11811] ? __fget_files+0x2a/0x420 [ 557.338513][T11811] ? tty_jobctrl_ioctl+0x369/0xb70 [ 557.338528][T11811] ? __fget_files+0x3a0/0x420 [ 557.338541][T11811] ? __fget_files+0x2a/0x420 [ 557.338556][T11811] tty_ioctl+0x929/0xde0 [ 557.338575][T11811] ? __pfx_tty_ioctl+0x10/0x10 [ 557.338592][T11811] __se_sys_ioctl+0xfc/0x170 [ 557.338612][T11811] do_syscall_64+0xfa/0xfa0 [ 557.338624][T11811] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.338637][T11811] ? clear_bhb_loop+0x60/0xb0 [ 557.338651][T11811] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 557.338663][T11811] RIP: 0033:0x7fdb3158f6c9 [ 557.338675][T11811] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 557.338685][T11811] RSP: 002b:00007fdb3237e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 557.338697][T11811] RAX: ffffffffffffffda RBX: 00007fdb317e5fa0 RCX: 00007fdb3158f6c9 [ 557.338706][T11811] RDX: 0000200000000080 RSI: 0000000000005600 RDI: 0000000000000003 [ 557.338714][T11811] RBP: 00007fdb3237e090 R08: 0000000000000000 R09: 0000000000000000 [ 557.338722][T11811] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 557.338730][T11811] R13: 00007fdb317e6038 R14: 00007fdb317e5fa0 R15: 00007fffa4c49348 [ 557.338749][T11811] [ 557.476563][ T9] usb 3-1: new low-speed USB device number 76 using dummy_hcd [ 557.615150][ T9] usb 3-1: device descriptor read/64, error -71 [ 557.789472][T11818] netlink: 'syz.3.2153': attribute type 27 has an invalid length. [ 557.801183][T11818] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 557.865450][ T9] usb usb3-port1: attempt power cycle [ 557.926614][ T5878] usb 1-1: new high-speed USB device number 110 using dummy_hcd [ 558.105131][ T5878] usb 1-1: Using ep0 maxpacket: 8 [ 558.114908][ T5878] usb 1-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 558.124705][ T5878] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 558.133299][ T5878] usb 1-1: Product: syz [ 558.137963][ T5878] usb 1-1: Manufacturer: syz [ 558.142689][ T5878] usb 1-1: SerialNumber: syz [ 558.154187][ T5878] usb 1-1: config 0 descriptor?? [ 558.170040][ T5878] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 558.235202][ T9] usb 3-1: new low-speed USB device number 77 using dummy_hcd [ 558.265720][ T9] usb 3-1: device descriptor read/8, error -71 [ 558.515369][ T9] usb 3-1: new low-speed USB device number 78 using dummy_hcd [ 558.535799][ T9] usb 3-1: device descriptor read/8, error -71 [ 558.647232][ T9] usb usb3-port1: unable to enumerate USB device [ 559.075149][ T9] usb 2-1: new full-speed USB device number 91 using dummy_hcd [ 559.236641][ T9] usb 2-1: config 1 interface 0 altsetting 4 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 559.251870][ T9] usb 2-1: config 1 interface 0 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 1 [ 559.264903][ T9] usb 2-1: config 1 interface 0 has no altsetting 0 [ 559.274933][ T9] usb 2-1: New USB device found, idVendor=04d9, idProduct=a067, bcdDevice= 0.40 [ 559.284506][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.292910][ T9] usb 2-1: Product: syz [ 559.298275][ T9] usb 2-1: Manufacturer: syz [ 559.303105][ T9] usb 2-1: SerialNumber: syz [ 559.312635][T11837] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 559.540869][ T9] usbhid 2-1:1.0: can't add hid device: -71 [ 559.547462][ T9] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 559.564703][ T9] usb 2-1: USB disconnect, device number 91 [ 559.870376][T11841] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2162'. [ 560.235190][ T980] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 560.375189][ T980] usb 3-1: device descriptor read/64, error -71 [ 560.387284][ T5878] gspca_sonixj: reg_w1 err -71 [ 560.392913][ T5878] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 560.407168][ T5878] usb 1-1: USB disconnect, device number 110 [ 560.615205][ T980] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 560.625130][ T9] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 560.755211][ T980] usb 3-1: device descriptor read/64, error -71 [ 560.785170][ T9] usb 2-1: Using ep0 maxpacket: 8 [ 560.793819][ T9] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 560.803190][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 560.811290][ T9] usb 2-1: Product: syz [ 560.815545][ T9] usb 2-1: Manufacturer: syz [ 560.820162][ T9] usb 2-1: SerialNumber: syz [ 560.827179][ T9] usb 2-1: config 0 descriptor?? [ 560.866331][ T980] usb usb3-port1: attempt power cycle [ 561.016724][T11860] netlink: 'syz.0.2169': attribute type 27 has an invalid length. [ 561.039735][T11860] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 561.040187][ T9] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 561.205168][ T980] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 561.225848][ T980] usb 3-1: device descriptor read/8, error -71 [ 561.268335][ T9] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 561.465135][ T980] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 561.485744][ T980] usb 3-1: device descriptor read/8, error -71 [ 561.595497][ T980] usb usb3-port1: unable to enumerate USB device [ 562.012662][T11870] fuse: Unknown parameter 'grou' [ 562.405184][ T980] usb 1-1: new high-speed USB device number 111 using dummy_hcd [ 562.565129][ T980] usb 1-1: Using ep0 maxpacket: 8 [ 562.573913][ T980] usb 1-1: config 0 interface 0 altsetting 208 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 562.585550][ T980] usb 1-1: config 0 interface 0 altsetting 208 endpoint 0x81 has invalid wMaxPacketSize 0 [ 562.595520][ T980] usb 1-1: config 0 interface 0 has no altsetting 0 [ 562.602175][ T980] usb 1-1: New USB device found, idVendor=1241, idProduct=5015, bcdDevice= 0.00 [ 562.611262][ T980] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 562.621504][ T980] usb 1-1: config 0 descriptor?? [ 563.037056][ T980] holtek 0003:1241:5015.001A: unknown main item tag 0x0 [ 563.053318][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 563.060666][ T980] holtek 0003:1241:5015.001A: hidraw0: USB HID v0.04 Device [HID 1241:5015] on usb-dummy_hcd.0-1/input0 [ 563.075862][ T980] holtek 0003:1241:5015.001A: no inputs found [ 563.196695][ T9] usb 2-1: USB disconnect, device number 92 [ 563.260902][ T935] usb 1-1: USB disconnect, device number 111 [ 563.555180][ T9] usb 2-1: new full-speed USB device number 93 using dummy_hcd [ 563.706516][ T9] usb 2-1: config 0 has an invalid interface number: 7 but max is 0 [ 563.714681][ T9] usb 2-1: config 0 has no interface number 0 [ 563.721472][ T9] usb 2-1: config 0 interface 7 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 563.732520][ T9] usb 2-1: config 0 interface 7 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 563.743511][ T9] usb 2-1: New USB device found, idVendor=5543, idProduct=0522, bcdDevice=22.00 [ 563.752879][ T9] usb 2-1: New USB device strings: Mfr=17, Product=0, SerialNumber=0 [ 563.761179][ T9] usb 2-1: Manufacturer: syz [ 563.777948][ T9] usb 2-1: config 0 descriptor?? [ 564.040136][T11894] PKCS8: Unsupported PKCS#8 version [ 564.045264][ T24] usb 1-1: new high-speed USB device number 112 using dummy_hcd [ 564.189949][ T9] uclogic 0003:5543:0522.001B: unbalanced delimiter at end of report description [ 564.200286][ T9] uclogic 0003:5543:0522.001B: parse failed [ 564.205106][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 564.206658][ T9] uclogic 0003:5543:0522.001B: probe with driver uclogic failed with error -22 [ 564.216344][ T24] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 564.237376][ T24] usb 1-1: config 0 has no interface number 0 [ 564.243893][ T24] usb 1-1: config 0 interface 184 has no altsetting 0 [ 564.253718][ T24] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 564.263153][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.271224][ T24] usb 1-1: Product: syz [ 564.275555][ T24] usb 1-1: Manufacturer: syz [ 564.280187][ T24] usb 1-1: SerialNumber: syz [ 564.287768][ T24] usb 1-1: config 0 descriptor?? [ 564.294947][ T24] smsc75xx v1.0.0 [ 564.355138][ T9839] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 564.391093][T11888] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2179'. [ 564.400356][T11888] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2179'. [ 564.429150][T11888] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2179'. [ 564.438141][T11888] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2179'. [ 564.506787][ T9839] usb 3-1: Using ep0 maxpacket: 32 [ 564.513962][ T9839] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 564.523076][ T9839] usb 3-1: config 0 has no interface number 0 [ 564.529343][ T9839] usb 3-1: config 0 interface 184 has no altsetting 0 [ 564.538746][ T9839] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 564.548035][ T9839] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 564.556182][ T9839] usb 3-1: Product: syz [ 564.560383][ T9839] usb 3-1: Manufacturer: syz [ 564.564977][ T9839] usb 3-1: SerialNumber: syz [ 564.572939][ T9839] usb 3-1: config 0 descriptor?? [ 564.581773][ T9839] smsc75xx v1.0.0 [ 564.900430][ T24] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 564.911471][ T24] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 564.998121][T11899] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 565.007750][T11899] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 565.186798][ T9839] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 565.197789][ T9839] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 565.524313][ T24] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61 [ 565.535756][ T24] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61 [ 565.547291][ T24] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 565.560307][ T24] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -61 [ 565.788137][T11909] netlink: 'syz.1.2188': attribute type 25 has an invalid length. [ 565.800239][T11909] netlink: 'syz.1.2188': attribute type 25 has an invalid length. [ 565.899030][T11917] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2191'. [ 566.004756][T11923] netlink: 'syz.3.2192': attribute type 27 has an invalid length. [ 566.011593][T11922] ieee802154 phy1 wpan1: encryption failed: -22 [ 566.021148][T11923] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 566.137945][T10888] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 566.243739][T11932] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2196'. [ 566.254939][T11932] veth1_macvtap: left promiscuous mode [ 566.618742][ T9839] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 566.629890][ T9839] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 566.639908][ T9839] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 566.649631][ T9839] smsc75xx 3-1:0.184: probe with driver smsc75xx failed with error -71 [ 566.661787][ T9839] usb 3-1: USB disconnect, device number 83 [ 566.830052][ T24] usb 1-1: USB disconnect, device number 112 [ 566.888498][T11940] FAULT_INJECTION: forcing a failure. [ 566.888498][T11940] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 566.904765][T11940] CPU: 1 UID: 0 PID: 11940 Comm: syz.0.2197 Not tainted syzkaller #0 PREEMPT(full) [ 566.904797][T11940] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 566.904810][T11940] Call Trace: [ 566.904820][T11940] [ 566.904830][T11940] dump_stack_lvl+0x189/0x250 [ 566.904863][T11940] ? __pfx____ratelimit+0x10/0x10 [ 566.904895][T11940] ? __pfx_dump_stack_lvl+0x10/0x10 [ 566.904922][T11940] ? __pfx__printk+0x10/0x10 [ 566.904962][T11940] should_fail_ex+0x414/0x560 [ 566.905005][T11940] _copy_to_user+0x31/0xb0 [ 566.905033][T11940] simple_read_from_buffer+0xe1/0x170 [ 566.905060][T11940] proc_fail_nth_read+0x1b3/0x220 [ 566.905094][T11940] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 566.905127][T11940] ? rw_verify_area+0x2a6/0x4d0 [ 566.905157][T11940] ? __lock_acquire+0xab9/0xd20 [ 566.905176][T11940] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 566.905208][T11940] vfs_read+0x200/0xa30 [ 566.905226][T11940] ? fdget_pos+0x247/0x320 [ 566.905255][T11940] ? __pfx___mutex_lock+0x10/0x10 [ 566.905278][T11940] ? __pfx_vfs_read+0x10/0x10 [ 566.905299][T11940] ? __fget_files+0x2a/0x420 [ 566.905336][T11940] ? __fget_files+0x3a0/0x420 [ 566.905359][T11940] ? __fget_files+0x2a/0x420 [ 566.905392][T11940] ksys_read+0x145/0x250 [ 566.905416][T11940] ? __pfx_ksys_read+0x10/0x10 [ 566.905440][T11940] ? do_syscall_64+0xbe/0xfa0 [ 566.905465][T11940] do_syscall_64+0xfa/0xfa0 [ 566.905486][T11940] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.905508][T11940] ? clear_bhb_loop+0x60/0xb0 [ 566.905534][T11940] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 566.905554][T11940] RIP: 0033:0x7f034d18e0dc [ 566.905573][T11940] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 566.905591][T11940] RSP: 002b:00007f034df65030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 566.905615][T11940] RAX: ffffffffffffffda RBX: 00007f034d3e5fa0 RCX: 00007f034d18e0dc [ 566.905631][T11940] RDX: 000000000000000f RSI: 00007f034df650a0 RDI: 0000000000000004 [ 566.905645][T11940] RBP: 00007f034df65090 R08: 0000000000000000 R09: 0000000000000000 [ 566.905658][T11940] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 566.905671][T11940] R13: 00007f034d3e6038 R14: 00007f034d3e5fa0 R15: 00007ffd79741a48 [ 566.905708][T11940] [ 567.213402][T11945] netlink: 'syz.0.2199': attribute type 25 has an invalid length. [ 567.223317][T11945] netlink: 'syz.0.2199': attribute type 25 has an invalid length. [ 567.418990][T11956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 567.432494][T11956] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 567.443792][T11956] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 567.452915][T11956] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 568.168231][ T5871] dvb-usb: did not find the firmware file 'dvb-usb-az6027-03.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 568.202868][ T5871] dvb_usb_az6027 4-1:0.0: probe with driver dvb_usb_az6027 failed with error -110 [ 568.246555][ T5871] usb 4-1: USB disconnect, device number 55 [ 568.283255][T11976] syzkaller1: entered promiscuous mode [ 568.289459][T11976] syzkaller1: entered allmulticast mode [ 568.442674][T11981] netlink: 'syz.2.2210': attribute type 25 has an invalid length. [ 568.452409][T11981] netlink: 'syz.2.2210': attribute type 25 has an invalid length. [ 568.475529][ T935] usb 1-1: new high-speed USB device number 113 using dummy_hcd [ 568.542231][T11983] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 568.552375][T11983] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 568.565512][ T5871] usb 4-1: new high-speed USB device number 56 using dummy_hcd [ 568.625140][ T935] usb 1-1: Using ep0 maxpacket: 32 [ 568.637359][ T935] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 568.647258][ T935] usb 1-1: config 0 has no interface number 0 [ 568.653406][ T935] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 568.665247][ T935] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 568.679071][ T935] usb 1-1: config 0 interface 255 has no altsetting 0 [ 568.689336][ T935] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 568.699217][ T935] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 568.725365][ T935] usb 1-1: Product: syz [ 568.735708][ T935] usb 1-1: Manufacturer: syz [ 568.741080][ T935] usb 1-1: SerialNumber: syz [ 568.741231][ T5871] usb 4-1: config 4 has 1 interface, different from the descriptor's value: 2 [ 568.766625][ T935] usb 1-1: config 0 descriptor?? [ 568.778679][T11991] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2215'. [ 568.780247][ T5871] usb 4-1: too many endpoints for config 4 interface 0 altsetting 0: 101, using maximum allowed: 30 [ 568.799281][ T5871] usb 4-1: config 4 interface 0 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1 [ 568.811195][ T5871] usb 4-1: config 4 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 64 [ 568.828135][ T5871] usb 4-1: config 4 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 101 [ 568.844481][ T5871] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 568.854559][ T5871] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 569.085497][ T5871] ath6kl: Failed to submit usb control message: -71 [ 569.092641][ T5871] ath6kl: unable to send the bmi data to the device: -71 [ 569.105059][ T5871] ath6kl: Unable to send get target info: -71 [ 569.129960][ T5871] ath6kl: Failed to init ath6kl core: -71 [ 569.148196][ T5871] ath6kl_usb 4-1:4.0: probe with driver ath6kl_usb failed with error -71 [ 569.167067][ T5871] usb 4-1: USB disconnect, device number 56 [ 569.174148][T11999] netlink: 'syz.2.2217': attribute type 1 has an invalid length. [ 569.180074][T11972] netlink: 56 bytes leftover after parsing attributes in process `syz.0.2208'. [ 569.191164][T11999] netlink: 'syz.2.2217': attribute type 11 has an invalid length. [ 569.204706][T11999] netlink: 224 bytes leftover after parsing attributes in process `syz.2.2217'. [ 569.232739][ T935] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 569.669803][ T935] gspca_stk1135: reg_w 0x3 err -71 [ 569.676195][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 569.682567][ T935] gspca_stk1135: Sensor write failed [ 569.691390][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 569.698357][ T935] gspca_stk1135: Sensor write failed [ 569.703832][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 569.714919][ T935] gspca_stk1135: Sensor read failed [ 569.721748][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 569.728416][ T935] gspca_stk1135: Sensor read failed [ 569.733788][ T935] gspca_stk1135: Detected sensor type unknown (0x0) [ 569.795192][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 569.802033][ T935] gspca_stk1135: Sensor read failed [ 569.807920][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 569.814511][ T935] gspca_stk1135: Sensor read failed [ 569.822169][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 569.829725][ T935] gspca_stk1135: Sensor write failed [ 569.835825][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 569.844446][ T935] gspca_stk1135: Sensor write failed [ 569.850835][ T935] stk1135 1-1:0.255: probe with driver stk1135 failed with error -71 [ 569.864390][ T935] usb 1-1: USB disconnect, device number 113 [ 569.935404][ T9839] usb 3-1: new full-speed USB device number 84 using dummy_hcd [ 570.085994][ T9839] usb 3-1: not running at top speed; connect to a high speed hub [ 570.094955][ T9839] usb 3-1: config 5 has an invalid interface number: 25 but max is 0 [ 570.103543][ T9839] usb 3-1: config 5 has no interface number 0 [ 570.109787][ T9839] usb 3-1: config 5 interface 25 has no altsetting 0 [ 570.121080][ T9839] usb 3-1: New USB device found, idVendor=10c4, idProduct=8244, bcdDevice=c2.d9 [ 570.130902][ T9839] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.139122][ T9839] usb 3-1: Product: syz [ 570.143406][ T9839] usb 3-1: Manufacturer: syz [ 570.151195][ T9839] usb 3-1: SerialNumber: syz [ 570.196668][T12013] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 570.207478][T12013] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 570.277385][ T5871] IPVS: starting estimator thread 0... [ 570.285999][T12017] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 570.297718][ T980] usb 4-1: new high-speed USB device number 57 using dummy_hcd [ 570.303528][T12017] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 570.326899][T12020] netlink: 'syz.0.2223': attribute type 27 has an invalid length. [ 570.333456][T12017] tipc: Started in network mode [ 570.341031][T12017] tipc: Node identity ac1414aa, cluster identity 4711 [ 570.351148][T12017] tipc: Enabled bearer , priority 10 [ 570.369859][T12020] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 570.395249][T12018] IPVS: using max 26 ests per chain, 62400 per kthread [ 570.468417][ T980] usb 4-1: Using ep0 maxpacket: 8 [ 570.483439][ T980] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 570.499941][ T980] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 570.511225][ T980] usb 4-1: Product: syz [ 570.515677][ T980] usb 4-1: Manufacturer: syz [ 570.520726][ T980] usb 4-1: SerialNumber: syz [ 570.530373][ T980] usb 4-1: config 0 descriptor?? [ 570.740521][ T980] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 571.366274][ C1] raw-gadget.2 gadget.3: ignoring, device is not running [ 571.374159][ C1] raw-gadget.2 gadget.3: ignoring, device is not running [ 571.385133][ T980] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 571.410707][ T980] usb 4-1: USB disconnect, device number 57 [ 571.479850][ T935] tipc: Node number set to 2886997162 [ 571.735194][ T24] usb 1-1: new high-speed USB device number 114 using dummy_hcd [ 571.746662][T12036] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2229'. [ 571.885140][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 571.900204][ T24] usb 1-1: config 0 has an invalid interface number: 184 but max is 0 [ 571.909031][ T24] usb 1-1: config 0 has no interface number 0 [ 571.918935][ T24] usb 1-1: config 0 interface 184 has no altsetting 0 [ 571.932354][ T24] usb 1-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 571.945314][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.953457][ T24] usb 1-1: Product: syz [ 571.958344][ T24] usb 1-1: Manufacturer: syz [ 571.963124][ T24] usb 1-1: SerialNumber: syz [ 571.975190][ T24] usb 1-1: config 0 descriptor?? [ 571.988269][ T24] smsc75xx v1.0.0 [ 572.480394][ T9839] radio-usb-si4713 3-1:5.25: Si4713 development board discovered: (10C4:8244) [ 572.524952][ T9839] radio-usb-si4713 3-1:5.25: probe with driver radio-usb-si4713 failed with error -71 [ 572.545917][ T9839] usbhid 3-1:5.25: couldn't find an input interrupt endpoint [ 572.565516][ T9839] usb 3-1: USB disconnect, device number 84 [ 572.593387][ T24] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 572.615182][ T24] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 573.269880][T10888] Bluetooth: hci2: ACL packet for unknown connection handle 201 [ 573.384539][T12047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 573.394020][T12047] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 573.418895][T12047] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2234'. [ 573.485146][ T9839] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 573.645348][ T9839] usb 3-1: Using ep0 maxpacket: 32 [ 573.652185][ T9839] usb 3-1: config 2 has an invalid interface number: 88 but max is 0 [ 573.660919][ T9839] usb 3-1: config 2 has no interface number 0 [ 573.667210][ T9839] usb 3-1: config 2 interface 88 altsetting 7 bulk endpoint 0x6 has invalid maxpacket 256 [ 573.677820][ T9839] usb 3-1: config 2 interface 88 has no altsetting 0 [ 573.687327][ T9839] usb 3-1: New USB device found, idVendor=0557, idProduct=2009, bcdDevice=c7.1e [ 573.696611][ T9839] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.704810][ T9839] usb 3-1: Product: syz [ 573.709167][ T5878] usb 4-1: new high-speed USB device number 58 using dummy_hcd [ 573.717288][ T9839] usb 3-1: Manufacturer: syz [ 573.722099][ T9839] usb 3-1: SerialNumber: syz [ 573.730622][T12039] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 573.875125][ T5878] usb 4-1: Using ep0 maxpacket: 32 [ 573.882648][ T5878] usb 4-1: config 0 has an invalid interface number: 184 but max is 0 [ 573.891294][ T5878] usb 4-1: config 0 has no interface number 0 [ 573.898057][ T5878] usb 4-1: config 0 interface 184 has no altsetting 0 [ 573.907712][ T5878] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 573.917580][ T5878] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 573.925960][ T5878] usb 4-1: Product: syz [ 573.930185][ T5878] usb 4-1: Manufacturer: syz [ 573.934889][ T5878] usb 4-1: SerialNumber: syz [ 573.944081][ T5878] usb 4-1: config 0 descriptor?? [ 573.945597][T12039] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 573.972771][ T5878] smsc75xx v1.0.0 [ 574.002672][T12051] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 574.013732][T12051] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 574.045943][ T24] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 574.057018][ T24] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): Failed to read PMT_CTL: -71 [ 574.066763][ T24] smsc75xx 1-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -71 [ 574.076844][ T24] smsc75xx 1-1:0.184: probe with driver smsc75xx failed with error -71 [ 574.093584][ T24] usb 1-1: USB disconnect, device number 114 [ 574.575972][ T5878] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 574.579135][T12039] i2c i2c-0: Invalid block write size 34 [ 574.591690][ T5878] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 574.607802][T12053] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2237'. [ 574.621560][T12053] netlink: 24 bytes leftover after parsing attributes in process `syz.1.2237'. [ 574.723867][ T9839] asix 3-1:2.88 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 574.737794][ T9839] asix 3-1:2.88: probe with driver asix failed with error -71 [ 574.768787][ T9839] usb 3-1: USB disconnect, device number 85 [ 575.044988][T12071] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 575.055693][T12071] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 575.210069][ T5878] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000010: -61 [ 575.221078][ T5878] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): Failed to read HW_CFG: -61 [ 575.230779][ T9839] usb 1-1: new high-speed USB device number 115 using dummy_hcd [ 575.238607][ T5878] smsc75xx 4-1:0.184 (unnamed net_device) (uninitialized): smsc75xx_reset error -61 [ 575.249413][ T5878] smsc75xx 4-1:0.184: probe with driver smsc75xx failed with error -61 [ 575.395115][ T9839] usb 1-1: Using ep0 maxpacket: 32 [ 575.401900][ T9839] usb 1-1: config 0 has an invalid interface number: 51 but max is 0 [ 575.410294][ T9839] usb 1-1: config 0 has no interface number 0 [ 575.421352][ T9839] usb 1-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 575.430491][ T9839] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 575.438598][ T9839] usb 1-1: Product: syz [ 575.442780][ T9839] usb 1-1: Manufacturer: syz [ 575.447512][ T9839] usb 1-1: SerialNumber: syz [ 575.454056][ T9839] usb 1-1: config 0 descriptor?? [ 575.461574][ T9839] quatech2 1-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 575.545146][ T935] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 575.668063][ T9839] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 575.688231][ T9839] usb 1-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 575.696917][ T935] usb 3-1: Using ep0 maxpacket: 32 [ 575.717495][ T935] usb 3-1: config 0 has an invalid interface number: 255 but max is 0 [ 575.735158][ T935] usb 3-1: config 0 has no interface number 0 [ 575.742641][ T935] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 575.759991][T12075] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 575.772637][T12075] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 575.781198][ T935] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 575.807867][ T935] usb 3-1: config 0 interface 255 has no altsetting 0 [ 575.827107][ T935] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 575.837091][ T935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 575.845193][ T935] usb 3-1: Product: syz [ 575.849551][ T935] usb 3-1: Manufacturer: syz [ 575.854252][ T935] usb 3-1: SerialNumber: syz [ 575.867133][ T935] usb 3-1: config 0 descriptor?? [ 576.097766][ T935] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 576.497011][ T9] usb 4-1: USB disconnect, device number 58 [ 576.584683][T12082] netlink: 'syz.3.2248': attribute type 27 has an invalid length. [ 576.599145][T12082] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 576.695956][T12086] IPVS: set_ctl: invalid protocol: 20 0.0.0.0:256 [ 576.702782][T12085] IPVS: set_ctl: invalid protocol: 20 0.0.0.0:256 [ 576.916722][ T935] gspca_stk1135: reg_w 0x7 err -71 [ 576.922946][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 576.931244][ T935] gspca_stk1135: Sensor write failed [ 576.937777][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 576.944341][ T935] gspca_stk1135: Sensor write failed [ 576.950556][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 576.956996][ T935] gspca_stk1135: Sensor read failed [ 576.962213][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 576.969623][ T935] gspca_stk1135: Sensor read failed [ 576.974857][ T935] gspca_stk1135: Detected sensor type unknown (0x0) [ 576.981965][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 576.988405][ T935] gspca_stk1135: Sensor read failed [ 576.993652][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 577.000057][ T935] gspca_stk1135: Sensor read failed [ 577.005702][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 577.016025][ T935] gspca_stk1135: Sensor write failed [ 577.021386][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 577.027973][ T935] gspca_stk1135: Sensor write failed [ 577.033350][ T935] stk1135 3-1:0.255: probe with driver stk1135 failed with error -71 [ 577.045522][ T935] usb 3-1: USB disconnect, device number 86 [ 577.175337][ T5871] usb 4-1: new high-speed USB device number 59 using dummy_hcd [ 577.325169][ T5871] usb 4-1: Using ep0 maxpacket: 16 [ 577.332943][ T5871] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 577.344605][ T5871] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 577.354486][ T5871] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 577.368413][ T5871] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 577.377589][ T5871] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 577.388630][ T5871] usb 4-1: config 0 descriptor?? [ 577.460758][T12096] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 577.472278][T12096] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 577.745502][ T935] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 577.800868][T12094] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2252'. [ 577.814617][ T5871] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 577.822187][ T5871] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 577.831310][ T5871] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 577.838917][ T5871] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 577.846509][ T5871] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 577.853771][ T5871] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 577.861072][ T5871] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 577.868520][ T5871] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 577.876681][ T5871] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 577.884012][ T5871] microsoft 0003:045E:07DA.001C: unknown main item tag 0x0 [ 577.905147][ T935] usb 3-1: Using ep0 maxpacket: 32 [ 577.925819][ T935] usb 3-1: config 0 has an invalid interface number: 255 but max is 0 [ 577.935155][ T935] usb 3-1: config 0 has no interface number 0 [ 577.941302][ T935] usb 3-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 577.953093][ T935] usb 3-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 577.968362][ T935] usb 3-1: config 0 interface 255 has no altsetting 0 [ 577.982006][ T5871] microsoft 0003:045E:07DA.001C: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.3-1/input0 [ 577.994215][ T5871] microsoft 0003:045E:07DA.001C: no inputs found [ 578.002203][ T5871] microsoft 0003:045E:07DA.001C: could not initialize ff, continuing anyway [ 578.018694][ T935] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 578.032206][ T935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 578.049287][ T5871] usb 4-1: USB disconnect, device number 59 [ 578.055744][ T935] usb 3-1: Product: syz [ 578.056172][ C1] usb 1-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 578.059926][ T935] usb 3-1: Manufacturer: syz [ 578.068096][ T5878] usb 1-1: USB disconnect, device number 115 [ 578.092763][ T5878] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 578.115884][ T935] usb 3-1: SerialNumber: syz [ 578.161324][ T5878] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 578.184186][ T935] usb 3-1: config 0 descriptor?? [ 578.206305][ T5878] quatech2 1-1:0.51: device disconnected [ 578.224230][T12101] fido_id[12101]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 578.377628][T12103] sp0: Synchronizing with TNC [ 578.418484][ T935] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 578.615931][T12113] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2257'. [ 578.711644][T12117] netlink: 'syz.3.2259': attribute type 27 has an invalid length. [ 578.725773][T12120] loop2: detected capacity change from 0 to 7 [ 578.749716][T12120] Dev loop2: unable to read RDB block 7 [ 578.765370][T12117] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 578.770263][T12120] loop2: unable to read partition table [ 578.842872][T12120] loop2: partition table beyond EOD, truncated [ 578.865184][T12120] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 579.131844][T12127] kvm: kvm [12126]: vcpu128, guest rIP: 0xfff0 Unhandled RDMSR(0x40000076) [ 579.431505][ T935] gspca_stk1135: reg_w 0xd err -71 [ 579.442821][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 579.457215][ T935] gspca_stk1135: Sensor write failed [ 579.462625][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 579.490983][ T935] gspca_stk1135: Sensor write failed [ 579.508873][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 579.522500][ T935] gspca_stk1135: Sensor read failed [ 579.537532][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 579.555109][ T935] gspca_stk1135: Sensor read failed [ 579.560469][ T935] gspca_stk1135: Detected sensor type unknown (0x0) [ 579.592977][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 579.600411][ T935] gspca_stk1135: Sensor read failed [ 579.605108][ T9839] usb 1-1: new high-speed USB device number 116 using dummy_hcd [ 579.606181][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 579.640731][ T935] gspca_stk1135: Sensor read failed [ 579.655269][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 579.665316][ T935] gspca_stk1135: Sensor write failed [ 579.670674][ T935] gspca_stk1135: serial bus timeout: status=0x00 [ 579.745077][ T935] gspca_stk1135: Sensor write failed [ 579.766480][ T935] stk1135 3-1:0.255: probe with driver stk1135 failed with error -71 [ 579.782080][ T9839] usb 1-1: Using ep0 maxpacket: 32 [ 579.797057][ T9839] usb 1-1: config 0 has an invalid interface number: 255 but max is 0 [ 579.813604][ T9839] usb 1-1: config 0 has no interface number 0 [ 579.814331][ T935] usb 3-1: USB disconnect, device number 87 [ 579.828158][ T9839] usb 1-1: too many endpoints for config 0 interface 255 altsetting 255: 255, using maximum allowed: 30 [ 579.876254][ T9839] usb 1-1: config 0 interface 255 altsetting 255 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 579.908940][ T9839] usb 1-1: config 0 interface 255 has no altsetting 0 [ 579.919120][ T9839] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 579.935563][ T9839] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.943768][ T9839] usb 1-1: Product: syz [ 579.948019][ T9839] usb 1-1: Manufacturer: syz [ 579.952647][ T9839] usb 1-1: SerialNumber: syz [ 579.963620][ T9839] usb 1-1: config 0 descriptor?? [ 580.077355][T10888] Bluetooth: hci2: Malformed Event: 0x13 [ 580.198044][ T9839] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 580.292874][T12174] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 580.323209][T12174] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 580.384813][T12177] netlink: 'syz.3.2275': attribute type 21 has an invalid length. [ 580.395938][T12177] netlink: 168 bytes leftover after parsing attributes in process `syz.3.2275'. [ 580.456040][ T935] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 580.625238][ T935] usb 3-1: Using ep0 maxpacket: 32 [ 580.632140][ T935] usb 3-1: config 0 has an invalid interface number: 184 but max is 0 [ 580.640488][ T935] usb 3-1: config 0 has no interface number 0 [ 580.646728][ T935] usb 3-1: config 0 interface 184 has no altsetting 0 [ 580.656671][ T935] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 580.666028][ T935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 580.674185][ T935] usb 3-1: Product: syz [ 580.678443][ T935] usb 3-1: Manufacturer: syz [ 580.683115][ T935] usb 3-1: SerialNumber: syz [ 580.691537][ T935] usb 3-1: config 0 descriptor?? [ 580.701377][ T935] smsc75xx v1.0.0 [ 581.180840][T12186] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 581.190444][T12186] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 581.310343][ T935] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000040: -32 [ 581.324172][ T935] smsc75xx 3-1:0.184 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 581.411126][T12140] binder: 12139:12140 ioctl c0306201 200000000240 returned -14 [ 581.765508][ T980] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 581.905188][ T980] usb 4-1: device descriptor read/64, error -71 [ 582.020953][T12210] netlink: 'syz.1.2288': attribute type 27 has an invalid length. [ 582.030149][ T9839] gspca_stk1135: reg_w 0x200 err -71 [ 582.042142][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 582.050123][T12210] A link change request failed with some changes committed already. Interface caif0 may have been left with an inconsistent configuration, please check. [ 582.050397][ T9839] gspca_stk1135: Sensor write failed [ 582.072254][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 582.080988][ T9839] gspca_stk1135: Sensor write failed [ 582.086838][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 582.093191][ T9839] gspca_stk1135: Sensor read failed [ 582.099077][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 582.106435][ T9839] gspca_stk1135: Sensor read failed [ 582.112498][ T9839] gspca_stk1135: Detected sensor type unknown (0x0) [ 582.120238][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 582.127084][ T9839] gspca_stk1135: Sensor read failed [ 582.133994][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 582.141077][ T9839] gspca_stk1135: Sensor read failed [ 582.147225][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 582.154013][ T9839] gspca_stk1135: Sensor write failed [ 582.161781][ T9839] gspca_stk1135: serial bus timeout: status=0x00 [ 582.168481][ T980] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 582.180224][ T9839] gspca_stk1135: Sensor write failed [ 582.188089][ T9839] stk1135 1-1:0.255: probe with driver stk1135 failed with error -71 [ 582.205472][ T9839] usb 1-1: USB disconnect, device number 116 [ 582.328488][ T980] usb 4-1: device descriptor read/64, error -71 [ 582.382765][T11897] ------------[ cut here ]------------ [ 582.388603][T11897] WARNING: ./include/linux/ns_common.h:255 at put_mnt_ns+0x152/0x190, CPU#0: syz.1.2179/11897 [ 582.399793][T11897] Modules linked in: [ 582.403744][T11897] CPU: 0 UID: 0 PID: 11897 Comm: syz.1.2179 Not tainted syzkaller #0 PREEMPT(full) [ 582.413823][T11897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 582.424592][T11897] RIP: 0010:put_mnt_ns+0x152/0x190 [ 582.430341][T11897] Code: 79 00 00 bf 01 00 00 00 89 ee e8 99 15 7e ff 85 ed 7e 1f e8 50 11 7e ff 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 3f 11 7e ff 90 <0f> 0b 90 e9 33 ff ff ff e8 31 11 7e ff 4c 89 f7 be 03 00 00 00 5b [ 582.451519][T11897] RSP: 0018:ffffc90004987a68 EFLAGS: 00010293 [ 582.459156][T11897] RAX: ffffffff82434e41 RBX: ffff888061596000 RCX: ffff88802e9cdb80 [ 582.459527][ T980] usb usb4-port1: attempt power cycle [ 582.467592][T11897] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 SYZFAIL: failed to recv rpc fd=3 want=4 recv=0 n=0 (errno 9: Bad file descriptor) [ 582.480978][T11897] RBP: 00000000ffffffff R08: ffff8880615960bb R09: 1ffff1100c2b2c17 [ 582.489158][T11897] R10: dffffc0000000000 R11: ffffed100c2b2c18 R12: dffffc0000000000 [ 582.497713][T11897] R13: 0000000000000009 R14: ffff8880615960b8 R15: dffffc0000000000 [ 582.505851][T11897] FS: 0000000000000000(0000) GS:ffff888125a82000(0000) knlGS:0000000000000000 [ 582.514887][T11897] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 582.521648][T11897] CR2: 0000555566b2f5c8 CR3: 0000000078cf6000 CR4: 00000000003526f0 [ 582.529839][T11897] DR0: fffffffffffffff1 DR1: 0000000000000000 DR2: 0000000000000000 [ 582.538108][T11897] DR3: 0000000000000000 DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 582.547023][T11897] Call Trace: [ 582.550917][T11897] [ 582.553925][T11897] free_nsproxy+0x46/0x560 [ 582.558593][T11897] do_exit+0x6b8/0x2300 [ 582.562929][T11897] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 582.568608][T11897] ? do_raw_spin_lock+0x121/0x290 [ 582.573730][T11897] ? __pfx_do_exit+0x10/0x10 [ 582.578606][T11897] do_group_exit+0x21c/0x2d0 [ 582.583253][T11897] ? lockdep_hardirqs_on+0x9c/0x150 [ 582.588631][T11897] get_signal+0x1285/0x1340 [ 582.593186][T11897] arch_do_signal_or_restart+0x9a/0x7a0 [ 582.598890][T11897] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 582.604154][T11897] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 582.610493][T11897] ? exit_to_user_mode_loop+0x55/0x4f0 [ 582.616161][T11897] exit_to_user_mode_loop+0x87/0x4f0 [ 582.621508][T11897] ? rcu_is_watching+0x15/0xb0 [ 582.626456][T11897] do_syscall_64+0x2e9/0xfa0 [ 582.631092][T11897] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.637297][T11897] ? clear_bhb_loop+0x60/0xb0 [ 582.643031][T11897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 582.649772][T11897] RIP: 0033:0x7fdb315c1f85 [ 582.654441][T11897] Code: Unable to access opcode bytes at 0x7fdb315c1f5b. [ 582.662409][T11897] RSP: 002b:00007fdb3237df80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 582.671078][T11897] RAX: fffffffffffffdfc RBX: 00007fdb317e5fa0 RCX: 00007fdb315c1f85 [ 582.679152][T11897] RDX: 00007fdb3237dfc0 RSI: 0000000000000000 RDI: 0000000000000000 [ 582.687267][T11897] RBP: 00007fdb31611f91 R08: 0000000000000000 R09: 0000000000000000 [ 582.695337][T11897] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 582.703342][T11897] R13: 00007fdb317e6038 R14: 00007fdb317e5fa0 R15: 00007fffa4c49348 [ 582.711455][T11897] [ 582.714510][T11897] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 582.721812][T11897] CPU: 0 UID: 0 PID: 11897 Comm: syz.1.2179 Not tainted syzkaller #0 PREEMPT(full) [ 582.731194][T11897] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 582.741296][T11897] Call Trace: [ 582.744592][T11897] [ 582.747626][T11897] dump_stack_lvl+0x99/0x250 [ 582.752229][T11897] ? __asan_memcpy+0x40/0x70 [ 582.756843][T11897] ? __pfx_dump_stack_lvl+0x10/0x10 [ 582.762056][T11897] ? __pfx__printk+0x10/0x10 [ 582.766835][T11897] vpanic+0x237/0x6d0 [ 582.770827][T11897] ? __pfx_vpanic+0x10/0x10 [ 582.775332][T11897] ? is_bpf_text_address+0x292/0x2b0 [ 582.780631][T11897] ? is_bpf_text_address+0x26/0x2b0 [ 582.785845][T11897] panic+0xb9/0xc0 [ 582.789599][T11897] ? __pfx_panic+0x10/0x10 [ 582.794053][T11897] __warn+0x318/0x4d0 [ 582.798040][T11897] ? put_mnt_ns+0x152/0x190 [ 582.802555][T11897] ? put_mnt_ns+0x152/0x190 [ 582.807070][T11897] report_bug+0x2be/0x4f0 [ 582.811414][T11897] ? put_mnt_ns+0x152/0x190 [ 582.815920][T11897] ? put_mnt_ns+0x152/0x190 [ 582.820438][T11897] ? put_mnt_ns+0x154/0x190 [ 582.824945][T11897] handle_bug+0x84/0x160 [ 582.829211][T11897] exc_invalid_op+0x1a/0x50 [ 582.833759][T11897] asm_exc_invalid_op+0x1a/0x20 [ 582.838629][T11897] RIP: 0010:put_mnt_ns+0x152/0x190 [ 582.843747][T11897] Code: 79 00 00 bf 01 00 00 00 89 ee e8 99 15 7e ff 85 ed 7e 1f e8 50 11 7e ff 5b 41 5e 41 5f 5d c3 cc cc cc cc cc e8 3f 11 7e ff 90 <0f> 0b 90 e9 33 ff ff ff e8 31 11 7e ff 4c 89 f7 be 03 00 00 00 5b [ 582.863446][T11897] RSP: 0018:ffffc90004987a68 EFLAGS: 00010293 [ 582.869529][T11897] RAX: ffffffff82434e41 RBX: ffff888061596000 RCX: ffff88802e9cdb80 [ 582.877509][T11897] RDX: 0000000000000000 RSI: 00000000ffffffff RDI: 0000000000000000 [ 582.885570][T11897] RBP: 00000000ffffffff R08: ffff8880615960bb R09: 1ffff1100c2b2c17 [ 582.893889][T11897] R10: dffffc0000000000 R11: ffffed100c2b2c18 R12: dffffc0000000000 [ 582.901867][T11897] R13: 0000000000000009 R14: ffff8880615960b8 R15: dffffc0000000000 [ 582.909849][T11897] ? put_mnt_ns+0x151/0x190 [ 582.914372][T11897] ? put_mnt_ns+0x151/0x190 [ 582.918882][T11897] free_nsproxy+0x46/0x560 [ 582.923306][T11897] do_exit+0x6b8/0x2300 [ 582.927473][T11897] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 582.932858][T11897] ? do_raw_spin_lock+0x121/0x290 [ 582.937892][T11897] ? __pfx_do_exit+0x10/0x10 [ 582.942527][T11897] do_group_exit+0x21c/0x2d0 [ 582.947126][T11897] ? lockdep_hardirqs_on+0x9c/0x150 [ 582.952332][T11897] get_signal+0x1285/0x1340 [ 582.956858][T11897] arch_do_signal_or_restart+0x9a/0x7a0 [ 582.962418][T11897] ? __pfx_hrtimer_wakeup+0x10/0x10 [ 582.967630][T11897] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 582.973896][T11897] ? exit_to_user_mode_loop+0x55/0x4f0 [ 582.979363][T11897] exit_to_user_mode_loop+0x87/0x4f0 [ 582.984654][T11897] ? rcu_is_watching+0x15/0xb0 [ 582.989430][T11897] do_syscall_64+0x2e9/0xfa0 [ 582.994025][T11897] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.000273][T11897] ? clear_bhb_loop+0x60/0xb0 [ 583.004957][T11897] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 583.010859][T11897] RIP: 0033:0x7fdb315c1f85 [ 583.015367][T11897] Code: Unable to access opcode bytes at 0x7fdb315c1f5b. [ 583.022382][T11897] RSP: 002b:00007fdb3237df80 EFLAGS: 00000293 ORIG_RAX: 00000000000000e6 [ 583.030813][T11897] RAX: fffffffffffffdfc RBX: 00007fdb317e5fa0 RCX: 00007fdb315c1f85 [ 583.038785][T11897] RDX: 00007fdb3237dfc0 RSI: 0000000000000000 RDI: 0000000000000000 [ 583.046762][T11897] RBP: 00007fdb31611f91 R08: 0000000000000000 R09: 0000000000000000 [ 583.054747][T11897] R10: 0000000000000000 R11: 0000000000000293 R12: 0000000000000000 [ 583.062810][T11897] R13: 00007fdb317e6038 R14: 00007fdb317e5fa0 R15: 00007fffa4c49348 [ 583.070803][T11897] [ 583.074545][T11897] Kernel Offset: disabled [ 583.078883][T11897] Rebooting in 86400 seconds..