last executing test programs: 8.678977189s ago: executing program 2 (id=1940): openat$full(0xffffffffffffff9c, 0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xf604, 0x108008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000002c0)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000100)='cpuacct.usage_sys\x00', 0x275a, 0x0) fcntl$lock(r2, 0x6, &(0x7f0000000000)={0x0, 0x0, 0x8}) fcntl$lock(r2, 0x26, &(0x7f0000000080)={0x1, 0x0, 0x2007, 0x1fd}) 7.954197408s ago: executing program 3 (id=1943): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)={0x4c, 0x2, 0x6, 0x801, 0xe4340000, 0x0, {0x0, 0x0, 0x8}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'hash:net,port\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_PROTOCOL={0x5}]}, 0x4c}, 0x1, 0x0, 0x0, 0x44000}, 0x8042) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r1, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)={0x54, 0x9, 0x6, 0x801, 0x0, 0x0, {0x5}, [@IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_DATA={0x2c, 0x7, 0x0, 0x1, [@IPSET_ATTR_PORT={0x6, 0x4, 0x1, 0x0, 0x4e21}, @IPSET_ATTR_PROTO={0x5, 0x7, 0xff}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @private=0xa010101}}, @IPSET_ATTR_IP_TO={0xc, 0x2, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x10004893}, 0x80) 7.666886628s ago: executing program 2 (id=1947): openat(0xffffffffffffff9c, &(0x7f0000000380)='./file0\x00', 0x40, 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f0000002980)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_INIT(r0, &(0x7f0000000040)={0x50, 0x0, r1, {0x7, 0x1f, 0x2000, 0xa68d7c519f800ff1, 0xffbc, 0x6, 0x1d45, 0x0, 0x0, 0x0, 0x40}}, 0x50) syz_fuse_handle_req(r0, &(0x7f0000008380)="00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000060000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000dc4e00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000ba045abcd5dfc67d000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000230000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000a000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000209bfd66eea210560000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000040000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001354c4b600", 0x2000, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000006340)={0x20, 0x0, 0x68cc, {0x0, 0x14}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r2 = openat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x101001, 0x0) writev(r2, &(0x7f0000000580)=[{&(0x7f0000000740)='[', 0x1}, {0x0, 0x18}], 0x2) 7.595077089s ago: executing program 3 (id=1948): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x110, 0x0, 0x0, 0x0, 0x40, 0x28bd, 0x933, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x7}}, {{{0x9, 0x5, 0x81, 0x3, 0x10}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000200)={0x24, 0x0, 0x0, &(0x7f0000000140)={0x0, 0x22, 0x7, {[@main=@item_4={0x3, 0x0, 0xa, "45448c13"}, @global=@item_012={0x1, 0x1, 0x4, '`'}]}}, 0x0}, 0x0) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$EVIOCSKEYCODE(r1, 0x40084504, 0x0) 6.782947666s ago: executing program 0 (id=1951): r0 = socket(0x1, 0x2, 0x0) bind$unix(r0, &(0x7f00000001c0)=@file={0x1, './file0\x00'}, 0x6e) sendmmsg$unix(r0, &(0x7f0000001680)=[{{&(0x7f0000000380)=@file={0x1, './file0\x00'}, 0x6e, 0x0}}], 0x1, 0x0) recvmmsg(r0, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000780)=[{&(0x7f0000000500)=""/65, 0x41}], 0x1}}], 0x1, 0x0, 0x0) 6.692725391s ago: executing program 0 (id=1953): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) setsockopt$SO_ATTACH_FILTER(r1, 0x1, 0x33, &(0x7f0000000000)={0x20, &(0x7f0000000140)=[{0x6, 0x81, 0x1}]}, 0x10) 5.624134038s ago: executing program 0 (id=1955): socket$netlink(0x10, 0x3, 0x0) socket(0x400000000010, 0x3, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r0 = openat$kvm(0x0, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_CPUID2(r2, 0x4048aecb, &(0x7f0000000080)=ANY=[@ANYRES16=r1]) 5.213315033s ago: executing program 3 (id=1956): openat$fb0(0xffffffffffffff9c, 0x0, 0xc0c01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x140, 0x82) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x90e7d000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000340)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x8, &(0x7f0000000240)=0x2) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) r4 = syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x0) read$midi(r4, 0x0, 0x14) r5 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCSIFVLAN_DEL_VLAN_CMD(r5, 0x890b, 0x0) epoll_pwait2(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) setpriority(0x2, 0x0, 0x3) close_range(r3, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_S_FMT(0xffffffffffffffff, 0xc0d05605, &(0x7f0000000080)={0x1, @pix_mp={0x8000, 0x1, 0x56555941, 0x3, 0x9, [{0x3, 0x10001}, {0x54, 0x5}, {0x4, 0x7}, {0x2, 0x3}, {0x9, 0x5}, {0x2, 0x10000}, {0x5, 0x400}, {0xc, 0x3000000}], 0xd, 0x3, 0x3, 0x1, 0x7}}) 4.907203708s ago: executing program 0 (id=1958): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000180), 0x482, 0x0) ioctl$TCSETS(r1, 0x40045431, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x83, "00000000000000000000ffff00"}) r2 = syz_open_pts(r1, 0x0) dup3(r2, r1, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.199302671s ago: executing program 1 (id=1959): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r3, 0x84, 0x15, 0x0, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r3, 0x84, 0x64, 0x0, 0x0) sendto$inet6(r3, 0x0, 0x0, 0x400c0d4, 0x0, 0x0) prlimit64(0x0, 0x3, 0x0, 0x0) syz_init_net_socket$llc(0x1a, 0x801, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000040)='net/route\x00') pread64(r4, &(0x7f0000000080)=""/102356, 0x18fd4, 0x3) 4.19880164s ago: executing program 0 (id=1960): ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x800000, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) brk(0x5fde6000) brk(0x5fde6000) socket(0x1d, 0x6, 0x6) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_NESTED_STATE(r2, 0x4048aecb, &(0x7f0000001440)={{0x2, 0x0, 0x80, {0xffffffffffffffff, 0xd000, 0x1}}, "cb31455c9ea4288a70a2a6bb8068fd95dd041cf5b177a3bffe992dfbbdf959487337b92336ce1de32e7695c411c0bf9f852d2d71192f33001fd51f5b396a55cb98699a09d21648c4cb30d9e7e3e397c7a3c041c76c72385a46c48c5302848c3696facce956952c2a85822ddf20434ccee5806294ed563ff3a972cddf6ef16ddace933d8a5adea40cd3ad40c9873c29368838e815ff59723519154856b2d5cd9cd79a97dc2fa08dada1175817886e5f9e7aa3dca783a44c667a4806826570ec6acb57d65efc313a384e11fb633dee17ee600145f2cb3103384606140021be766fcb7fa029f0513bbb466177ca1068192550bbf4e6f5694aec747a16e27688a988fa595bca1761b8e88a7dbcaeaf9758b1faf880dd6f1b6eb4c7beb0582b4007f1a67db1352407adbe1456bfe98e94fd825b9419d74f63cdeb6c6976de1890d773f0c8088d2bd48a838cf5b87f5ddf926352960fb978874b0f175acfa55ddfe84de3fc9f75b58bf7a35f33d3c43ed5e3224e92751fa1b43f94f64b681163ef1360a3f3bb7403afc67a188b2104b45c5814aaa9e218552498bf85f4b221d9acc32a331f5f8c109cc9f335ff4e418ab30b54b91fc8211fcbaf64716afdc4b6d0417e04d5723e4675d282b36bef3a3a19e855029e7a9e8b86a6df19332b63e9d8a0f22d96ac230c67657a4e7f7afab91dc0ce751b68980e5a4f6d9d6d9b98802ba9d8576640eea61b8c308a1745df61560e56108bececa3016d93246fdc8b768634e8319b1ffde103c07378f8f4927baba05e992a4b5af0958a7e495e7ce53f7917451d15a963ca14f5cdc4563775688b6533a4b97e0f84b0a33c30077b20805c1f42cc7815efada97ad59ac486bc9e0ee386b49cb97b47fbf8f919f06c75a49636795054b5ebee3e91602c90d7f4db49220affe56d56b96e4f662b2bf36dae482ffc7ba21cbc55e21b73309d6b7aa5509defcb77c236e43b579c61eae5c8d8f8fa71ad876b96069f2e4352c8aaf16e299d21edf5434c0cd9b25cdc9210fb0de759b1dd3fc7fe4c7118bbde72a5617dff21f7a5036448fba7fe41aaee0c289cd076d757e47b0713b236f6f141ba0112c9312b3ec853aabafdf1eb2cbb517d2d7352725f557214d27d9a340af0128fc960a4ea64c933b0d8dd226b6e024471aaac8a7074b2a8695ab990fabba5bf315d246fbfe4260f1fffe54814e33b6235c5b4095437298858909bcbd40a8a286d1bedb06b7b1775bce0a5bca19b0a5c2fa8dbf7b155ae0a43c5086422e5bacb94047e150451f5996420b0d4a697f59decb49900b2b9c13aade536933e14d672c21a35cb68572c3de02f8edd941bff4b8674b91f7aebf35f056a8d388f67f8ef7cfaf6b28fe745831ef41def1839791647016932c70685752851327f1837d2f1e9d8f93443eefed2317119c8152ca451a5d3aeb253fb484283f52e5db9f61f059ad3c217a860ee0571d254483501b00699208c7fa5571cf58b9715c954115bc2db0af28361938bb95ced7370c8cbb6141ef62fdbf369dfc4eccd98ab9886d79a52cbf91a27dd0f4b29940492e860fb94654dea54fad6290570760e3b59a0cf2805372a880971dc61286370aaf167810455cce7654dc4325a41d9d1944abcdc4d81378f1e96a8f94cd95b886a01f086e379601504219d57d531ba34e1ba0905785fb629c61f6b940a652cdee9dbef12b7fcde087b92816db3386a5769049ba00788e31de4ddbb8b56de1fbe3a5e671728effda7cfd0b650cf5df2faf22670812efbbb548e47cbf36c64e05a7877820f08948ceedb35e12a4a143ee0101a7bf0a00a4062b50c39020669700adf739a6f75352a45fd1373d3e85c3867170373f0c7a794d8590f4c22ae62d438ec365b0f6a15cb2ffe0fc6f57185e1760761bd4370027c01dfad0502f00b6898115df3c530d0b0b4a64e623fd580b528a733e4c881cf5843a975a97f92a7833527887c79fa8eec82b9526a15c6c5f2972083ce8aec735810580ffa4ea2cef4823aee044dd70927f7c07bba18b930006aa86ae7399ac6b4c24bc9d6a6ab0c5b428d7255d4d983eadf97e10c1b00867da29ac981acb453073a37236e7ae808e7759b2e0cffc3ec43afb1e95cd090a7d4b9225a0e3cbebfe49b93846ab603891e2da7d85a04bf42d12d16a97c965bc4911d3ba7a9ca505794d8744fef00a436089de67aa8b480070230dfb002eb91edaff428d4908a87afae418dff7ca59aefe1ad8f6935f309fe7985c2310881659c60a66a5e50242497ba1cd5d2bd79496ccd23f9fd901afc6622829cb3701caa50f96e09e3b23bfa31819caab43e49ae1d922a1a1eb3682de026323d9215fcec42c54401a1af81450830a4b784ed1c7922734bf3632409147680dd3fabcef296353705bb5c0e650e12905a05db1e7923923a96ddc783fc1ed46e2010416c37d9d149ad73e808bd6e4464f62893024a8501803b6c88fc55c8bbc1da7cbf580b5a81fb7c61455ae399aaec303fba12e0f2b51ed5e8bd31db40e8bdbd00e7b1ddd364766c974d813d86fc88a27bf82bba60c62e5f0f6af6bda3390f8e72a2811baf3d6325e70d9a3b59cab1abe95290ecb87985567e1243504c038de9d4d100ea64ffff5208cd8d2474e646f7d81eed6d59b8b0859552b6fc088d874cde3e75ee30243dc9d88ed5b577851a5bd9e2a453287025777fcac19ac33e1c94b4ad272f1055b16b842a6bd6168fb45f1f74ed2467020df5431068a5f2cbeaa6ac1841308c7c9f752aa06927f91fdf18ef9d9e942367e5ecac0abf4d3b8fc7b80238c04799bde63168becc67c5531e843336fb16ab618d37f95a91937b824bf896b044146bc3a5e264a8f23ddd00729cd9aa56d9a9a24b7ab96ae021b193d8874d43ff4b723d86b7564e550378599c3e0c7a2b3d447ad76eb4cd699733d970a5ab218429a1af81df9c8013d6d16a6bcb019f6ace4461cdaa785d20ea027cfa53d521bb91ad2c04aaa6c0f268b14924803977633280c7b7beb14c88fae542b7a13e96253259e7296e37276da88891c14664340e84ae732edbd71e67047e476735b220ca231de31a380ece372db63dec3cb3ef5ac97ec41148febd2acb15cde1ee5e990ea0aaa95c2df39e2111dd1185d14a194e22d34fda8f54e99d3a73e5a231682c726d40816e048c1d059bf3bb9ee2b5f895365d95aa28f6adbf6e16469926b4d8ee7f04c7dbafaa444df5b88596c17874f0efe35e5ada1a69634f4b430f852d33b032f823c5deb54f47a7a4adb1adf56d5440b7a917580004c13e0b36c8e0a203a2be3f8fffd9efef3af19389a12c67859d4381ac0a02da18e25931b41216b731de25e1245482c84d45de1cddbce2109322a3428bff692012573fe9efd02109dbf35c5d3a287dec105cf3f1a2e5f0b1cc08c7b4759766d25d0f7b42c3ea8bf8101e61159a2ba7602e9c7947cf936ac39bf59b24084709fd61d704bbdba7d282aac778b7ec1dcaf984527c8112d56e75ab77ff8898d9816abc77b0e693880bffffffffffffff7fb5cb6967fb0ea8e14efce120947092c3b601002f07cad22e971418092481fcad36ecf0cfd6bc3864115b8507c13554584f1f6fee5ee07eb6a091638d8e7781c1c006166e0f987f9f4de535e9f3df1db8c9328e9a19a73c76059ab4edfe9eda7f16cc6b869229bafb179d194e20ccc6af1d8183b673de8138ddab9a0907278f6eaacc55bf59a450ebc10e0b88c82d9f0deca86ff771f46509250fde94e0c94256b77616d099862ddc9b341838d634a9dc4b55a88fcc6248901135f6aa76365433e7e534e0e5ae8eec2a63df62c3e244a40481189ff54122698c7e2da2c829b2eec9efc9894ee05be04ae6dd48406eaace17827e38bf38b414059aded0343e0711a8d864ff41a8d9ed40fb2aa1a3f4014f691cd0e8af62445a021820ff03afa8a192ee255862f306851df1de96ce36cafb6a60b7069db7aa96fd1ffb2fb01e6247f770304dffe4b1c8d0eeb336dd6806d6ab5d418953b1cae7cbbf53766b61e4aad5cfce8255b78af26f9bd11283a9c7d12cd63b82cd2b506fd4061d1e16fc7c713d80763c3b0aa0faadcd9b7d676101aad80e1ca00369297e1f714003ab8d0b545c335014a522a25a767950963ef821425b79b521076166d0df3ef358c7d60d99cc85463c186e8faf16af79785680382e4cc93f6594f8c4461e0988c08717640df24a5f357db22432fcae21702dc792d201212fb3791e0164bb3d433a8268ec96df73766fdba42965e00e619246cba5d96eb853a7c22c34d2fe5e5d3f3ccf9c627d069517b743cd07f6f7b444074bb9a50269f2e03309c58930e56a9583eb00c37fbcdd391972261f41756c10c8899fcd036e2017e088ef9e6ec31f795d55b3bba214c53c98fc9318e4ade0e7e6fd259aa277fed54c27e5210787a5f6937f56fdbe1da5113f059061ca590ddf536a55cb91ac6ed41cb9c0418b115b29f5e823c1b0ee7c2b3982087763545b34e2c945d587ebce69bbe299a7f52b674f351977370fc700474bc15d7e6ef98c14258ecf401a4f3bba1a9aa76c5ab0b8819fe6efe3fba1899909e5e48554299150ee272451b56142d12ae2bb4942db430239701d494917f2c939a6fb9d98d4751a6f2c4537ec870342d223343a9bd7b8d8c99aff8cbfa298395551185f35dec120228073a1e496a58b59d9ac5986249a7c6db9398395cbf341c08ee910700e2daa042dba1846fef59c72ce872bba2046a14fcf9a47a5686d62bfba76309a9865c26e5fa41dd872fc749fdc57953105ace4978f9eb788c8d061c853ad0313e51e732c5d7bc05e752443c8e99b8e81c688befdb5b14c3cc2f96eb8ce8290303e483992fcbece1ff278d0dc036ad437b6cbc695c7741ba4556e242146d40843c73deaf8fceba40e4a4acd739b3031848b17a210a1ff0dc1908b77030094543af52e1fe2a090c8f217428d02336303f7952c3ddefa7c81850676e7f4cc3d32c3937281fa5ab279c3fe39f92ba077dadb8c2c3df17cc511bd33c41cb161d24aea154f0f5902c94b56fe072d321a983668bd9f4838878e66ec44cb233d7d0ca908a794c844ff8b3ba4c57f6c5fc2f3a54db448b013f0c4998bbc6ed0409b3368391cb28c75f4a909fff90f308ff38c758ff7d8a2920bc221236d89b3b769e44e8ce649b32f5135a0217ba9036a8edddee97d7ba15f2c21fb7d3cae3eb6ef09dd03eed650489c83b5ba5dd9daf7a86cf0544fb8a58e46b860e3e42e10cd6f1c4f81179eb2c3ba611793a32abb4c0768db90e8bdd1694efaa9c2b45c89d203fdfb8b926b6a0d666d91b93065a83184fc2065961f2308056241b66f427c0f0aabc75852c90f0624cf036d537032ca8d73325d2ae2a79a7292c240c34584bb881fe5d468a051cbc0bde061f9eddfb758cd2dfba296eef549e5c4ede097111216a0ec60f90e8d6f5dd843c82e15f505f8c74e854ba9cd386249d552978eb8135a5f8c79c3ceb8dd580800000000000000d6cf3ff2f47c276c8169ab98336582a852c1535018fb2306aca6b8c9f9e38d64c66a722762b76c69d4ca6c14bd6992549e4eec17287fce194467f972d9200c3d1ac4fd4a8f2620e2e4281d28c099946ed90789ba122705326390d3e058ceed24044e542efb36416272eadf6304f30efa0b7bc1ae5be92fe50e591ee6f725726e917ec113506920beb2aa53b39f1d76b31500", "cfb220c7d481332f3f1f8079dfe27e23185fd67a407358db7892789f96b7fa9b14daa48617a10d8a91b820ecbaa470ec0bb1f3cbce7f70ec70b19a4cad082229c2788f8611d7dc306d9a45761a97828c36ed87ebde5d4a3e1609c1422a8ae2f7cca428ebdb0dd38b90b9598a353b18a600bf35a369e6e3e5abb0a1c5c0c0e48e014e7ef1b7d768b3c5657f1adfbb7ff2985082b16c99eb83ec3660990dcf1106efa6b7f8a4798fec811c2c85faec0235c83b7093b3d02367421abc40a554e0b0d7fc1bcaece4222c594f8d20e368fe625ca433c75486fe5c94103cd17291349ee12b877602936688666f82ecd8f4f83d50bb1650e08b96cd25ad147c4c956c98649806a3736d072c8d97c6e3a46a7c18535df8d828b86662400d8e9cc861fa1dd5dc193892d3168396c499e07b279fb76c7e289f2fd955691363bc1de74536dc571817615c88b0d594a136966c129e424ccb7ef1c7c7461eac7ca5f03d72ea4c9c3d1156fb4cb1bb70e097357588b5c49f6716bbae1bd118104b42786f09a3b9f7cb80f383cadfd0c462096ff2d87c1f063fb48e7f08ad5af534c70079f12f28e8921abbd4280801cdf6101ea494768b1274afd0eea5939843d56022a83590920fe446d52dfe699c33977d5592dbf7e0e236b8175d7faae06e0c50f7402174023ce4b996564e945c416fa823f2f9c3213ac50b20bd1fd55bb8d9fe70ee31ea2f404ae0fcbf857bebcc9196c8c622059fea2e248e4058905b69fb98be312d3193ea1d8ff653173e8c4ad8c81d77a5bea45b3cd6fba19b6336f94ec04c8f86d24e9ca959874577d7ca0baf3c4ff30b554bc3ccc06df46d925373fbf7863e2cf684d3bc9603ab72b851ca4728294de87f2dec6f23ca9e43ed2e5cbba662d13137fc1ce0f6ae6aeb974f72f4b750825fafb67715e425f40c7da83b92d4249a0a4e96b789cceb7b07f38cb83f72dd093a345ab3cb8ae760fc14e40ea182a0d7fe1facc62a1ab0902349fd7e27bb0cd349fb5053f4734823abf020739b4b43bb11f5d69b61295068df31177959903c2ea1bb82d24eeaa93d0d475bd5d15b2a401e7ebe0d3cfbd45b2db2882cdb41408aaa718f8320fbb7f9da4f68d0eebeef175442e807e9908132731fe5e268582dcf6dffa4251ebb7121db8e412089fa9d8af9919799547a26b6b8eb44c28f1ce5f9a3021fe30841be204c1b4b3813dccae6baeef9b53fe413cbec46bb0cd95f3793cdc9bfe6cdd96ce0c4aa4a25e1cbbeeee6c9fa558b279048c7e31d07b125bac68d4e1f4253bd4dc7824cf3d722c94cf2b8f61bc8155731f072fd447082b181a13ffb8c08a1d568298c5de2d969fae2bea070a9e2688f294e76b8c200dfb993ec19778eb56ae3127c1116ccc85ef8806fdcb9ee0cb66ff03fbb0fa6c52b9b101b3830fc1650efa859163a264b4059092e5dc9a415ec09bfd1460f142fe5ef00beb6aa9032bd0de97aefc6f65e8cfeea761b3d8174caf528b6627682ff4d4450cb0f34251fc000ed01dd538ef13260984f44703b89dfb511bfb538d0b1c8aded964e1bcc5ca57437468b14a31ec0000a17e4d24369c40500449c37e7dccedba3eceb59d827dace246b5c48afb6a5988e64c560b3dc76c32d831f51cdbc5cfc4364ac8b25372b87c92bacfedc6bc8feb44098dbebc89cda03c59e4c58a31372bd574704b9e788834b9f83c6703f6709efad97c4ce499ea580dae1de282a019247cb3dce5c1906322e6d3ca5157ea6428bc42416936fac194efe136089c07faf7adf1e923003f1dc63fcbc634b389a4f351a6acee785e23c6bb04ca2f265be1e634362b87c6f9fd369bbe62a1db6b286c7ffde6370bb4d6e9e0cc3ec451e1a99d134726c9075e71319d3a683e91e4b900061c0e6d086481069cd32f4cde7816f8e3a0ac6428a7488f31f06ee0da10df3ed0c150d29085879d064f914407f60018bb588735663647bfeda930407d69abef3f72fd461c2b85b00988b412a180fd267fc646a86d297e7e40912607157b6fa873df6442579b1523d8117f0c06c87adf75843b8bff30a5bfb4fe1e9846b7fdd58774641f9cc9c4e38e53ed24a9d9e9dbc7657aa9b220a8545852b0409f5c0812e953823e841967bf55059acc7a4600818134359e72cfae0d04a0738ac8acca133d6395a455b22cdd6f901d4cdea1cf17415f7d7895a4b65f80d2f7c5c60a0dc04b40c9ae5ffc922e074a82afd704673e1766d19db9f60eab0238fb4a3169a08aded607847e5d752d4e24c4914b95bac3892bcfc2076f16a7f07583f0d418b9dec03afdb2e93335a392e1b1ef2910eb2a4b6a63fe61641f3c02bef73cd7e4a77a6f30ae821598c3160511603541bea89022b54f321c2a55cdeeb19335d78a821ab6ca0f36588a9a79a41e2123905a491d658c2a1caeee998c995bb0f816c92c5dc2b862183f80b9f9786c9c5524723c944d11f6894c7f008ab8194f577e22c03631d2a33201f508ea49653e7600639242dbaba704f700ac227f32dc575c559a0a1f4fe0cf6c22fbf7e1ca2ab4b1e4724e8379021e3c9a7c1509c6a413bd7d9c98938e440762eda2546d636597defa86c1ad31126a1182d365f858927d140fb0a97f80adcc5f4ed5efe11ac503453917a263f1d64692348d30f382e85e464ef7616067a42df5de1a1b622fabefe2ca4ceffa4801f7a02fdef40644cd1d079590d900727628d54b44db7ac700d8d664f7eea12837fcf347360d8e43a354fe51b4c49d2b800b5cc06e22c72af2a67ee7bc8ae894e841f2cf2b0a7e381caf944bf4e91ded63b6f82f7474e4f81e986fff7e5339b8e9f60103a1af81833e120f0c88893ecabac044a4a2867cda4fdcb084459a00507aa9e5a8e761a72df3322a1ae8cd918b4994c23bdb1e459b4f21651bd7fa067a00e2a2877bf6b29f289ed8018e0a78f6fb4ded9749640e0e37f6381b320ab72da404f3d70d60152f6fa6738932387b83250cb3148141edb52f109bfd4bda8054959db01f4c550609a63c08cf01ecd110cfc6f0055638c0dde039d2ac2daafe59e561f9f08a8830c3f661e4325de63e98f4a4216ec3b83fd200201ed3f647147611424286ffc6c4a8aca64a6874743242d4feeaa9153de06e51c512d9cab7ae712c6424069f3e5db4ddebe9b48b5f6caa741162edf97674d2368e03a387f798151a4b9b9fa9e3a5838a34313315836bb7291764b9a3c464c0c54a4c64ca774ad200925ac6bf59508c10a8574afde9b821741af43ec64cedc13aa220b39772195283506dfe899dd6a7b37eb21f154056a2df3564ef2bb918a928651de88c3613b84e7960bddd7b46b1304deb30f57b6fe5a3b4788629e91bcc245e748b3387f52da4bb094782326dcfde0827e2d674e41bb375247d349cade9c704e5431785009b0e53f1b45c70b237c9432e07e4c7a8464ed11608a3d2184338dd9e6f6ef4b3d751e979667b6a3953c89aff4eead7a978071a912b3de21a85a5849c57933cf53cd74a610f3e60f699766fbc7e0bb8a891a429c77bb6f3b6f9f8eb0b1bd9588ef2ce98fdf0a0838e4b0bed807d8b673093c717feec8d697e32542274887d039db7a2dbed5d52c8e9767443229f8003c5d67e907376ea2f393484fa70deee159cb56f8d097b8fe2736e95f540137e20725f0940a8d049068ead4c46bb3771a671bb00de88931e03445a55868de0c220db05cbda9f996d5fe7c1070efe5e718fed4d4cb4ecacad3d6b643bc0ffe9a71b720ba7b5adbbdefe29106ef6a6ffe4547f5d02bec312147df0abe80efb2d5e598fc7c8b268e58b59e0d75728e9a18126f013c963ddc92d251405f857fe3a5cbacf443be7772975b7bf4f6d7ed6f80dfcc47a88c6d19120942adb5385be6ef3c0d7e396bcac5affc8f9276d6cd1a0b069aed72a98cde8ea7aabe6cc091b19efcfaf9368dfeb3087a05a42e3b893dae5ffeb72e6ac06e995a2a75ea0b5f7876247bb4c38cf3f0153f1f7473b522f1c440b632270e2b1d654d3ad34ca79c8951b29c628e21029715683a3e6f8f77c5d89ecdae37e0190f79c4c1dbc9d0160e359cd6c94d6662ed53bb01a83374ff593c823acc59241b11f020902069fc0054a9b26cb320bef4fb1f8cc5bd8ae76eb029afab731b9876bc4e8708a8315512823cff1f9375d284ce66e53d4efad6c76d17bb532fc938b8f80c13ce86b5ba3e540164bc5a5d47cd321c241d8740f453ef95bd3878d578561ad6ce20877ffbd44062dce8df1d048d8d5e4045be647886108cbb1f0b26a8b74b66858afedb830a161bb02bde4c46a688a0ea3a7018ce24666aab0f422ede2f78ea29f77e28d87c744cba0285ce33dff5ac45774829699de6d725a9b6db6e7d03ad4ec9d075c386e68ca0bcd9e9911d741ed0168cbddb87a7918a964d206629da4e887277b0ef7d3f9c7082f3f15f29a0dfb39f3b0877a5ec3ac4343e0d808f5aee8f1869923aab6dfc1016821c013109f34aece6183994b853d0e9561375c02cdd26b1b55194757341929a8038864cedd6b5a3b8b51ade44637044c4ebddb190f173969a0ca4cf5d42153763a0b91da0110ae7a25204850927d81b00176d4568a3d444d8029bd010df784e3f673fe855601ec4f1b26b2df58841e6a65f0db66373f63cc14a8b07dfc52ac9957eb542d05ed687c79519609de96df18b63cb294b534ddf7d2e8f41bcc1e5a006191c4db057b6709f0a96f18e02000000be2a19c015b9c4b0b3f42e4de366b71f8da8888809473c3c7a02a1158e375f29997a43bc7118ca4d1abb8f8f21972fc589aaa3d73a4d40a1e1705e169ac6e56cff50d89fc45b6863c8fc67bb2b5939a7f33072539ba4c24077be5711ba368bf7efd4897931531d388eb5c2e56bef337777150dd59518652145c9594e110e41d2615196c6b197916c88cc2814e13a3a922b4ecb044bf31cc90e0bfe0ce07de29188bbcb0ec1a12b509f52582fbb948c3cbe0c6964f46991cec0704bfac08aec6ad8ddfc36dc68c7f547c5ee6af4a8d55c79e3dc1c49b045379811f81e9a185a92cd37ae4ee32c5d3c82d36d6202a6c84fd231fe467071d42072827fd77afa5d757e6f37247f783ef09bdfd7536b666e84bc4bb878005b7829293a04ba090272dec844f4ef0e934617c0851800c6b915ac6f3f03e4a6ab88e21c3f21f93b31d95ea3b9228e0031cb69795de5abd19c4cb4a0cf2984e53ca391cc66e33ee0d510151670331fa264753704fea5e400000f74890c49a74a47e0da13155c5470013d53dea0f05b5e088f1511c209f5be940232318af2757951d399e32eb862d915784713baa8ba93645caf04ba78fa3cf600ff92b9c5be58ad87438a340bac00a5ea9fb17e39478ba61fe36335e48d8c5a0b25f024cbd2ec7f217d0f260951da396dc13a2a74cd90df4b52db686e3b34d27cfa4cebd7bf59cbcfaf4007dc943a1da6e0bd1799a21ab449d7bb42935e50c839c5b567c59742436af15bc8d46095520dcd9273ae2b6f3c1cc2b4311ac9e5d297f0940b1552c5955adb302022022bb7457978998b56328629b7725dfbe3dedb37f37af0697a4471d1d6ff6bec633a38540adeba903f3eaaec5785fbb3c6a598f49dbd9ff93c67dea1ef39a614331b119fa8efccc8bac01595fb95a2a57eec9fc6c6fe82782aa89ea971866fd9a3bca4010182092ab6d1e2b49b964be9e3bb13bd6b77850e435f55a5d46e5bcb3330c7edefd31c33f61275e51600"}) sendmmsg(0xffffffffffffffff, &(0x7f00000004c0)=[{{&(0x7f0000000180)=@nfc_llcp={0x2d, 0x0, 0x0, 0x7, 0x4, 0x7, "47af57ce8c8e5af84d109ee7a1488bd8c3df97e87f7e771f69ced4c5de6ddeb44ee59bdfb62866129f1338dba84b5d82a121c369a6837123e849c909c16b53", 0x17}, 0x6a, 0x0}}], 0x1, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) getitimer(0x2, &(0x7f00000000c0)) r3 = syz_clone(0x202000, 0x0, 0x0, 0x0, 0x0, 0x0) process_vm_readv(r3, &(0x7f0000000440)=[{0x0}], 0x1, &(0x7f0000000480)=[{&(0x7f0000000500)=""/145, 0x91}], 0x1, 0x0) capset(0x0, &(0x7f0000000040)={0x1000, 0x7, 0x6, 0x0, 0x1, 0xffffff80}) r4 = openat$audio(0xffffffffffffff9c, &(0x7f0000003800), 0x0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)) r5 = socket$netlink(0x10, 0x3, 0x4) write(r5, &(0x7f00000001c0)="2900000014000594ff00000004eabdeb0101b6ff02c0da6ec9a3f986394c0fc75520756b1933b49db9", 0x29) readv(r4, &(0x7f0000000b00)=[{&(0x7f0000000100)=""/138, 0x8a}, {&(0x7f00000009c0)=""/131, 0x83}], 0x2) r6 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_int(r6, 0x0, 0x13, &(0x7f0000000140)=0x80000000, 0x4) 4.082931529s ago: executing program 3 (id=1961): syz_usb_connect(0x0, 0x3d, &(0x7f0000000040)=ANY=[@ANYBLOB="12010102ae299820fc0d0100ac240102030109022b0001fffa"], 0x0) r0 = socket$inet(0x2, 0x5, 0x0) shutdown(r0, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r2 = dup(r1) write$6lowpan_enable(r2, &(0x7f0000000000)='0', 0xfffffd2c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) recvmmsg(r0, &(0x7f00000066c0), 0xa0d, 0x0, 0x0) 3.981930816s ago: executing program 2 (id=1962): connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000b40)={0x0, 0x0, &(0x7f0000000b00)={&(0x7f00000005c0)=ANY=[@ANYBLOB="14000000100001ff00000000000000000000000a2c000000050a01020000000000000000020000000900030073797a32000000000900010073797a300000000014000000020a031747d214"], 0x68}}, 0x0) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000540)=ANY=[@ANYBLOB="14000000100001000b000000000000000000000a20000000000a03000000000000000000010000000900010073797a300000000044000000090a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000001f08000340000000045c0000000c0a01020000000000000000010000000900020073797a32000000000900010073797a3000000000300003802c00008028000180230001"], 0xe8}}, 0x0) 3.888767445s ago: executing program 2 (id=1963): prlimit64(0x0, 0xe, &(0x7f0000000040)={0x8, 0x8b}, 0x0) sched_setscheduler(0xffffffffffffffff, 0x2, &(0x7f0000000180)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x1) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400010bce) r0 = syz_open_dev$MSR(&(0x7f0000000380), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) ioctl$USBDEVFS_SUBMITURB(0xffffffffffffffff, 0x8038550a, &(0x7f00000004c0)=@urb_type_iso={0x0, {0x7}, 0xaa, 0x6, &(0x7f00000003c0), 0x0, 0x8000, 0x5, 0x26, 0x5, 0x6, &(0x7f00000007c0), [{0x400, 0x2, 0x7fff}, {0x7fffffff, 0x466f, 0x3ad}, {0x80000001, 0x5, 0x7839e4bc}, {0xfff, 0x5, 0x8}, {0x80000001, 0xfffffffc, 0xd}, {0x0, 0xff, 0xfffffffe}, {0x0, 0x8, 0x2}, {0xe35, 0x101, 0x6}, {0x2, 0x7, 0x5}, {0x2, 0x500, 0x2}, {0x4, 0x7, 0xfffffffd}, {0x5c, 0x9, 0xfffffff7}, {0x2, 0x4, 0x2}, {0x3, 0x97a6, 0x2}, {0xb, 0x0, 0xdfb}, {0x2, 0x11c3104f}, {0xd5bd, 0x3, 0x5}, {0x8, 0x4, 0x6}, {0x7, 0x1, 0x7fff}, {0xb94, 0x3, 0x800000}, {0x5, 0x7fffffff, 0x6}, {0x80000000, 0x301, 0xf}, {0xc, 0x3, 0x40}, {0xfffffffe, 0xa7, 0x80000000}, {0x101, 0xa, 0x5}, {0x0, 0x5, 0x9}, {0x8000, 0x2, 0x7fffffff}, {0x8001, 0x957, 0x9}, {0x446a, 0xfffffff7, 0x47b12441}, {0x1ff, 0x4, 0x3}, {0x0, 0x0, 0x7}, {0x10000, 0x8, 0x9}, {0xc, 0x1, 0x1}, {0x703, 0x3, 0x1}, {0x0, 0x13a, 0xfffffff9}, {0x8, 0x100, 0xc3f}, {0x4, 0x1, 0xad}, {0x100, 0x1}]}) r1 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='mountinfo\x00') lseek(r1, 0x10001, 0x0) 3.123018932s ago: executing program 1 (id=1964): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) sendmsg$ETHTOOL_MSG_CHANNELS_SET(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000380)={0x14, 0x0, 0x1, 0x10000}, 0x14}}, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0xd, 0x0, 0x10, 0xfd, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0xffffffff, 0x0, 0xff, 0xff}) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.603029024s ago: executing program 2 (id=1965): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x1ff) 2.332317987s ago: executing program 1 (id=1966): openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000200)='./file1/file4/file5\x00', 0x81c0, 0x0) prlimit64(0x0, 0xc, &(0x7f00000000c0)={0x1000, 0x7}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, &(0x7f0000000180)="420fc7bc4898580000640f01c50f01c566baf80cb864c95782ef66bafc0cec67670f1b0166b8fb008ec046d9c3c442b90a2c81c442812852fcc744240012000000c74424020b000000ff1c24", 0x4c}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000240)={[0x5836, 0x8, 0x7, 0x4000000000000e51, 0x1, 0x5479, 0x103d, 0x200000000006, 0x0, 0x32a, 0xfffffffffffffffe, 0xffffffff, 0x1, 0x40000000009, 0x8000000000005, 0x800000068], 0x2000, 0x80cd4}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.546998246s ago: executing program 2 (id=1967): socket$packet(0x11, 0x2, 0x300) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000080), 0x1c9741, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f00000000c0)={'syzkaller0\x00', 0x84aebfbd6349b7f2}) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000400), 0x2082, 0x0) close(r1) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$tipc(&(0x7f0000000200), 0xffffffffffffffff) sendmsg$TIPC_CMD_ENABLE_BEARER(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000680)=ANY=[@ANYBLOB='8\x00\x00\x00', @ANYRES16=r3, @ANYBLOB="010000000d0000000000010000000000000001410000001c001700000000000000006574683a73797a6b616c6c"], 0x38}}, 0x2040) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000002280)={'syzkaller0\x00', @multicast}) writev(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="89edee2c78daddb4b473fec988ca", 0xe}], 0x1) 1.499058269s ago: executing program 0 (id=1968): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000600)={{0x12, 0x1, 0x0, 0x1d, 0x91, 0x67, 0x20, 0x174f, 0x6a31, 0x263f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x83, 0x3c, 0x8f}}]}}]}}, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) 1.424955669s ago: executing program 1 (id=1969): r0 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/compact_memory\x00', 0x1, 0x0) pwritev(r0, &(0x7f0000001480)=[{&(0x7f0000000140)="ec", 0x1}], 0x1, 0x9, 0x26d0d5f1) ppoll(0x0, 0x0, 0x0, 0x0, 0x0) 1.206916437s ago: executing program 3 (id=1970): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) syz_io_uring_submit(0x0, 0x0, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3, 0x0, 0x0, 0x0, {0x4404}}) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_CREATE_PIT2(r1, 0x4040ae77, &(0x7f00000001c0)={0x5}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$SNDRV_TIMER_IOCTL_GSTATUS(0xffffffffffffffff, 0xc0505405, &(0x7f0000000000)={{0xffffffffffffffff, 0x0, 0x9}, 0x3}) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text16={0x10, &(0x7f00000000c0)="af3e64f08189ef001601ba6100ec0f2264ba4100b80600ef660f38351d0f212666b94006000066b80000010066ba000000000f300f211a2e0f013c", 0x3b}], 0x1, 0xe, 0x0, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000500)="b8010000000f01c10f22a10f20e035800000000f22e066ba610066b80a0066ef66b832000f00d0b8010000000f01c166ba4300b0beee0f793c1e2e643e2e3e650f79288fc878c15b0e3f", 0x4a}], 0x1, 0x21, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 985.639822ms ago: executing program 3 (id=1971): r0 = syz_usb_connect(0x2, 0x4a, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005520f010402038b1420104000001090238000100000000090400000544fb2f00090582eb1000000001020009050276"], 0x0) setsockopt$inet6_tcp_TCP_MD5SIG(0xffffffffffffffff, 0x6, 0xe, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, &(0x7f0000000180)={0x14, 0x0, &(0x7f0000000000)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) syz_usb_ep_write$ath9k_ep1(r0, 0x82, 0xc38, &(0x7f00000000c0)=ANY=[]) r1 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f0000000080)=[0x3, 0x10]) ioctl$EVIOCSKEYCODE(r1, 0x40084504, &(0x7f00000001c0)=[0x9, 0x34]) 513.272915ms ago: executing program 1 (id=1972): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000000c0)={0x26, 'hash\x00', 0x0, 0x0, 'hmac(sha1)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, 0x0, 0x0) r1 = accept4(r0, 0x0, 0x0, 0x0) sendmsg$TIPC_CMD_ENABLE_BEARER(r1, &(0x7f0000010280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)=ANY=[], 0x34}, 0x1, 0x0, 0x0, 0x800c0}, 0x4048010) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f0000000000), 0x651, 0x0) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) accept4(r1, 0x0, 0x0, 0x0) 0s ago: executing program 1 (id=1973): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x34, r1, 0x431, 0x70bd2b, 0xfffffffd, {}, [@ETHTOOL_A_PAUSE_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'netdevsim0\x00'}]}, @ETHTOOL_A_PAUSE_TX={0x5}]}, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x40) kernel console output (not intermixed with test programs): 09] ? __pfx__printk+0x10/0x10 [ 448.481703][T10209] ? __pfx___might_resched+0x10/0x10 [ 448.481726][T10209] ? fs_reclaim_acquire+0x7d/0x100 [ 448.481756][T10209] should_fail_ex+0x414/0x560 [ 448.481797][T10209] should_failslab+0xa8/0x100 [ 448.481825][T10209] __kmalloc_cache_noprof+0x70/0x3d0 [ 448.481847][T10209] ? percpu_ref_init+0xc5/0x360 [ 448.481881][T10209] ? __pfx_io_ring_ctx_ref_free+0x10/0x10 [ 448.481903][T10209] percpu_ref_init+0xc5/0x360 [ 448.481938][T10209] io_ring_ctx_alloc+0x28c/0xae0 [ 448.481960][T10209] ? io_uring_fill_params+0x3f9/0x7e0 [ 448.481993][T10209] io_uring_create+0x130/0xb60 [ 448.482025][T10209] __se_sys_io_uring_setup+0x264/0x270 [ 448.482055][T10209] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 448.482107][T10209] ? rcu_is_watching+0x15/0xb0 [ 448.482133][T10209] ? do_syscall_64+0xbe/0x3b0 [ 448.482162][T10209] do_syscall_64+0xfa/0x3b0 [ 448.482186][T10209] ? lockdep_hardirqs_on+0x9c/0x150 [ 448.482208][T10209] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.482228][T10209] ? clear_bhb_loop+0x60/0xb0 [ 448.482254][T10209] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.482275][T10209] RIP: 0033:0x7fc26d38e929 [ 448.482295][T10209] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 448.482313][T10209] RSP: 002b:00007fc26b1d4fc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 448.482335][T10209] RAX: ffffffffffffffda RBX: 00007fc26d5b6080 RCX: 00007fc26d38e929 [ 448.482351][T10209] RDX: 0000200000ffe000 RSI: 0000200000000040 RDI: 00000000000018d7 [ 448.482366][T10209] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000200000ffe000 [ 448.482381][T10209] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 448.482394][T10209] R13: 0000200000ffe000 R14: 00000000000018d7 R15: 0000200000ffe000 [ 448.482426][T10209] [ 448.483413][T10211] FAULT_INJECTION: forcing a failure. [ 448.483413][T10211] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 448.728611][T10211] CPU: 1 UID: 0 PID: 10211 Comm: syz.2.1585 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 448.728642][T10211] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 448.728657][T10211] Call Trace: [ 448.728667][T10211] [ 448.728677][T10211] dump_stack_lvl+0x189/0x250 [ 448.728708][T10211] ? __pfx____ratelimit+0x10/0x10 [ 448.728733][T10211] ? __pfx_dump_stack_lvl+0x10/0x10 [ 448.728758][T10211] ? __pfx__printk+0x10/0x10 [ 448.728784][T10211] ? __might_fault+0xb0/0x130 [ 448.728817][T10211] should_fail_ex+0x414/0x560 [ 448.728857][T10211] _copy_from_iter+0x1db/0x16f0 [ 448.728894][T10211] ? rcu_is_watching+0x15/0xb0 [ 448.728917][T10211] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 448.728942][T10211] ? __pfx__copy_from_iter+0x10/0x10 [ 448.728976][T10211] ? __build_skb_around+0x257/0x3e0 [ 448.729007][T10211] ? netlink_sendmsg+0x642/0xb30 [ 448.729032][T10211] ? skb_put+0x11b/0x210 [ 448.729063][T10211] netlink_sendmsg+0x6b2/0xb30 [ 448.729098][T10211] ? __pfx_netlink_sendmsg+0x10/0x10 [ 448.729127][T10211] ? aa_sock_msg_perm+0xf1/0x1d0 [ 448.729155][T10211] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 448.729183][T10211] ? __pfx_netlink_sendmsg+0x10/0x10 [ 448.729211][T10211] __sock_sendmsg+0x219/0x270 [ 448.729246][T10211] ____sys_sendmsg+0x505/0x830 [ 448.729283][T10211] ? __pfx_____sys_sendmsg+0x10/0x10 [ 448.729324][T10211] ? import_iovec+0x74/0xa0 [ 448.729350][T10211] ___sys_sendmsg+0x21f/0x2a0 [ 448.729382][T10211] ? __pfx____sys_sendmsg+0x10/0x10 [ 448.729452][T10211] ? __fget_files+0x2a/0x420 [ 448.729481][T10211] ? __fget_files+0x3a0/0x420 [ 448.729519][T10211] __x64_sys_sendmsg+0x19b/0x260 [ 448.729554][T10211] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 448.729596][T10211] ? __pfx_ksys_write+0x10/0x10 [ 448.729617][T10211] ? rcu_is_watching+0x15/0xb0 [ 448.729643][T10211] ? do_syscall_64+0xbe/0x3b0 [ 448.729674][T10211] do_syscall_64+0xfa/0x3b0 [ 448.729698][T10211] ? lockdep_hardirqs_on+0x9c/0x150 [ 448.729721][T10211] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.729744][T10211] ? clear_bhb_loop+0x60/0xb0 [ 448.729771][T10211] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 448.729793][T10211] RIP: 0033:0x7f2380d8e929 [ 448.729812][T10211] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 448.729832][T10211] RSP: 002b:00007f2381c33038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 448.729856][T10211] RAX: ffffffffffffffda RBX: 00007f2380fb5fa0 RCX: 00007f2380d8e929 [ 448.729872][T10211] RDX: 0000000000000000 RSI: 0000200000000140 RDI: 0000000000000003 [ 448.729885][T10211] RBP: 00007f2381c33090 R08: 0000000000000000 R09: 0000000000000000 [ 448.729899][T10211] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 448.729913][T10211] R13: 0000000000000000 R14: 00007f2380fb5fa0 R15: 00007fff9039e078 [ 448.729946][T10211] [ 449.314583][T10229] FAULT_INJECTION: forcing a failure. [ 449.314583][T10229] name failslab, interval 1, probability 0, space 0, times 0 [ 449.327425][T10229] CPU: 1 UID: 0 PID: 10229 Comm: syz.2.1593 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 449.327457][T10229] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 449.327471][T10229] Call Trace: [ 449.327480][T10229] [ 449.327490][T10229] dump_stack_lvl+0x189/0x250 [ 449.327523][T10229] ? __pfx____ratelimit+0x10/0x10 [ 449.327549][T10229] ? __pfx_dump_stack_lvl+0x10/0x10 [ 449.327574][T10229] ? __pfx__printk+0x10/0x10 [ 449.327606][T10229] ? __pfx___might_resched+0x10/0x10 [ 449.327628][T10229] ? fs_reclaim_acquire+0x7d/0x100 [ 449.327660][T10229] should_fail_ex+0x414/0x560 [ 449.327701][T10229] should_failslab+0xa8/0x100 [ 449.327728][T10229] __kmalloc_noprof+0xcb/0x4f0 [ 449.327748][T10229] ? iter_file_splice_write+0x1cb/0x1000 [ 449.327780][T10229] iter_file_splice_write+0x1cb/0x1000 [ 449.327838][T10229] ? __pfx_iter_file_splice_write+0x10/0x10 [ 449.327873][T10229] ? rcu_read_lock_any_held+0xb3/0x120 [ 449.327898][T10229] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 449.327923][T10229] ? ovl_real_file_path+0x145/0x310 [ 449.327955][T10229] backing_file_splice_write+0x3be/0x5e0 [ 449.328000][T10229] ovl_splice_write+0x3b7/0x4e0 [ 449.328021][T10229] ? __lock_acquire+0xab9/0xd20 [ 449.328060][T10229] ? __pfx_ovl_splice_write+0x10/0x10 [ 449.328084][T10229] ? __pfx_ovl_file_end_write+0x10/0x10 [ 449.328110][T10229] ? rcu_read_lock_any_held+0xb3/0x120 [ 449.328149][T10229] ? __pfx_ovl_splice_write+0x10/0x10 [ 449.328174][T10229] direct_splice_actor+0xfe/0x160 [ 449.328211][T10229] splice_direct_to_actor+0x5a8/0xcc0 [ 449.328263][T10229] ? __pfx_direct_splice_actor+0x10/0x10 [ 449.328290][T10229] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 449.328331][T10229] do_splice_direct+0x181/0x270 [ 449.328361][T10229] ? __pfx_do_splice_direct+0x10/0x10 [ 449.328389][T10229] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 449.328427][T10229] ? rw_verify_area+0x258/0x650 [ 449.328455][T10229] do_sendfile+0x4da/0x7e0 [ 449.328497][T10229] ? __pfx_do_sendfile+0x10/0x10 [ 449.328543][T10229] __se_sys_sendfile64+0xd9/0x190 [ 449.328576][T10229] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 449.328603][T10229] ? rcu_is_watching+0x15/0xb0 [ 449.328631][T10229] ? do_syscall_64+0xbe/0x3b0 [ 449.328662][T10229] do_syscall_64+0xfa/0x3b0 [ 449.328686][T10229] ? lockdep_hardirqs_on+0x9c/0x150 [ 449.328710][T10229] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.328732][T10229] ? clear_bhb_loop+0x60/0xb0 [ 449.328761][T10229] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 449.328782][T10229] RIP: 0033:0x7f2380d8e929 [ 449.328803][T10229] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 449.328822][T10229] RSP: 002b:00007f2381c33038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 449.328845][T10229] RAX: ffffffffffffffda RBX: 00007f2380fb5fa0 RCX: 00007f2380d8e929 [ 449.328862][T10229] RDX: 0000200000000080 RSI: 0000000000000003 RDI: 0000000000000003 [ 449.328877][T10229] RBP: 00007f2381c33090 R08: 0000000000000000 R09: 0000000000000000 [ 449.328891][T10229] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000002 [ 449.328905][T10229] R13: 0000000000000000 R14: 00007f2380fb5fa0 R15: 00007fff9039e078 [ 449.328941][T10229] [ 450.049571][ T5897] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 450.126933][T10071] usb 1-1: new high-speed USB device number 127 using dummy_hcd [ 450.209723][ T5897] usb 3-1: Using ep0 maxpacket: 16 [ 450.217134][ T5897] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 450.227619][ T5897] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 450.241164][ T5897] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 450.251099][ T5897] usb 3-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 450.264501][ T5897] usb 3-1: config 7 interface 0 has no altsetting 0 [ 450.271579][ T5897] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 450.276727][T10071] usb 1-1: device descriptor read/64, error -71 [ 450.281956][ T5897] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 450.547008][T10071] usb 1-1: new high-speed USB device number 2 using dummy_hcd [ 450.697330][T10071] usb 1-1: device descriptor read/64, error -71 [ 450.710581][T10240] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 450.724266][T10240] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 450.767381][ T5897] input: HID 0458:5010 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:7.0/0003:0458:5010.002B/input/input36 [ 450.815076][ T5897] kye 0003:0458:5010.002B: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.2-1/input0 [ 450.819978][T10071] usb usb1-port1: attempt power cycle [ 451.119204][ T5897] usb 3-1: USB disconnect, device number 21 [ 451.197882][T10071] usb 1-1: new high-speed USB device number 3 using dummy_hcd [ 451.229440][T10071] usb 1-1: device descriptor read/8, error -71 [ 451.346379][T10276] overlayfs: missing 'lowerdir' [ 451.476785][T10071] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 451.487412][T10070] gspca_stk1135: reg_w 0x353 err -71 [ 451.493766][T10070] gspca_stk1135: serial bus timeout: status=0x00 [ 451.506678][T10070] gspca_stk1135: Sensor write failed [ 451.516729][T10070] gspca_stk1135: serial bus timeout: status=0x00 [ 451.523092][T10070] gspca_stk1135: Sensor write failed [ 451.536952][T10071] usb 1-1: device descriptor read/8, error -71 [ 451.546714][T10070] gspca_stk1135: serial bus timeout: status=0x00 [ 451.553071][T10070] gspca_stk1135: Sensor read failed [ 451.558400][T10070] gspca_stk1135: serial bus timeout: status=0x00 [ 451.564752][T10070] gspca_stk1135: Sensor read failed [ 451.570008][T10070] gspca_stk1135: Detected sensor type unknown (0x0) [ 451.576698][T10070] gspca_stk1135: serial bus timeout: status=0x00 [ 451.583040][T10070] gspca_stk1135: Sensor read failed [ 451.588381][T10070] gspca_stk1135: serial bus timeout: status=0x00 [ 451.594726][T10070] gspca_stk1135: Sensor read failed [ 451.606747][T10070] gspca_stk1135: serial bus timeout: status=0x00 [ 451.613105][T10070] gspca_stk1135: Sensor write failed [ 451.619486][T10070] gspca_stk1135: serial bus timeout: status=0x00 [ 451.625844][T10070] gspca_stk1135: Sensor write failed [ 451.632004][T10070] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71 [ 451.673369][T10071] usb usb1-port1: unable to enumerate USB device [ 451.683196][T10070] usb 4-1: USB disconnect, device number 127 [ 451.800932][T10285] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1612'. [ 451.831730][T10287] FAULT_INJECTION: forcing a failure. [ 451.831730][T10287] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 451.848550][T10287] CPU: 1 UID: 0 PID: 10287 Comm: syz.2.1613 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 451.848582][T10287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 451.848596][T10287] Call Trace: [ 451.848605][T10287] [ 451.848615][T10287] dump_stack_lvl+0x189/0x250 [ 451.848645][T10287] ? __pfx____ratelimit+0x10/0x10 [ 451.848670][T10287] ? __pfx_dump_stack_lvl+0x10/0x10 [ 451.848695][T10287] ? __pfx__printk+0x10/0x10 [ 451.848720][T10287] ? __might_fault+0xb0/0x130 [ 451.848754][T10287] should_fail_ex+0x414/0x560 [ 451.848795][T10287] _copy_from_user+0x2d/0xb0 [ 451.848818][T10287] ___sys_sendmsg+0x158/0x2a0 [ 451.848853][T10287] ? __pfx____sys_sendmsg+0x10/0x10 [ 451.848923][T10287] ? __fget_files+0x2a/0x420 [ 451.848951][T10287] ? __fget_files+0x3a0/0x420 [ 451.848998][T10287] __x64_sys_sendmsg+0x19b/0x260 [ 451.849033][T10287] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 451.849075][T10287] ? __pfx_ksys_write+0x10/0x10 [ 451.849096][T10287] ? rcu_is_watching+0x15/0xb0 [ 451.849124][T10287] ? do_syscall_64+0xbe/0x3b0 [ 451.849154][T10287] do_syscall_64+0xfa/0x3b0 [ 451.849178][T10287] ? lockdep_hardirqs_on+0x9c/0x150 [ 451.849201][T10287] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.849223][T10287] ? clear_bhb_loop+0x60/0xb0 [ 451.849251][T10287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.849273][T10287] RIP: 0033:0x7f2380d8e929 [ 451.849293][T10287] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.849313][T10287] RSP: 002b:00007f2381c33038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 451.849336][T10287] RAX: ffffffffffffffda RBX: 00007f2380fb5fa0 RCX: 00007f2380d8e929 [ 451.849353][T10287] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003 [ 451.849367][T10287] RBP: 00007f2381c33090 R08: 0000000000000000 R09: 0000000000000000 [ 451.849381][T10287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 451.849395][T10287] R13: 0000000000000000 R14: 00007f2380fb5fa0 R15: 00007fff9039e078 [ 451.849428][T10287] [ 452.124558][T10289] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1615'. [ 452.280921][T10291] netdevsim netdevsim1: Firmware load for '../file0/file0' refused, path contains '..' component [ 452.364214][T10294] usb usb8: usbfs: process 10294 (syz.3.1617) did not claim interface 0 before use [ 452.413951][T10294] vxfs: WRONG superblock magic 00000000 at 1 [ 452.423296][T10294] vxfs: WRONG superblock magic 00000000 at 8 [ 452.430502][T10294] vxfs: can't find superblock. [ 452.437958][T10298] overlayfs: missing 'lowerdir' [ 452.659850][T10307] syzkaller1: entered promiscuous mode [ 452.665374][T10307] syzkaller1: entered allmulticast mode [ 452.896906][ T5897] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 452.985605][T10320] overlayfs: missing 'lowerdir' [ 453.083151][ T5897] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 453.098438][ T5897] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 453.104666][T10327] usb usb1: usbfs: process 10327 (syz.0.1632) did not claim interface 0 before use [ 453.124626][ T5897] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 453.141587][ T5897] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 453.162292][ T5897] usb 4-1: Product: syz [ 453.169116][ T5897] usb 4-1: Manufacturer: syz [ 453.173755][ T5897] usb 4-1: SerialNumber: syz [ 453.222359][T10331] NILFS (rnullb0): couldn't find nilfs on the device [ 453.258593][T10334] syzkaller1: entered promiscuous mode [ 453.264278][T10334] syzkaller1: entered allmulticast mode [ 453.415667][T10309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 453.442463][T10309] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 453.486845][T10309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 453.495752][T10309] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 453.900338][T10347] overlayfs: missing 'lowerdir' [ 453.937350][ T5897] cdc_ncm 4-1:1.0: failed GET_NTB_PARAMETERS [ 453.950794][ T5897] cdc_ncm 4-1:1.0: bind() failure [ 453.965795][ T5897] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 453.986857][ T5897] cdc_ncm 4-1:1.1: bind() failure [ 454.001086][ T5897] usb 4-1: USB disconnect, device number 2 [ 454.251005][T10357] fuse: Unknown parameter './file0' [ 454.582556][T10369] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1650'. [ 454.726352][T10373] overlayfs: missing 'lowerdir' [ 455.094420][T10382] fuse: Unknown parameter './file0' [ 455.439839][T10387] kvm: kvm [10386]: vcpu1, guest rIP: 0xfff0 Unhandled WRMSR(0xc0010015) = 0xbe00 [ 455.668805][T10389] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1659'. [ 455.696185][T10389] x_tables: (null)_tables: SNAT target: only valid in nat table, not syz0 [ 455.751470][T10389] netlink: 'syz.3.1659': attribute type 8 has an invalid length. [ 456.012558][T10394] overlayfs: missing 'lowerdir' [ 456.480515][T10403] fuse: Unknown parameter './file0' [ 456.739281][T10417] overlayfs: missing 'workdir' [ 456.826976][ T5897] usb 4-1: new high-speed USB device number 3 using dummy_hcd [ 456.916487][T10425] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 456.928099][T10425] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 457.010886][ T5897] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 457.021149][ T5897] usb 4-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 457.030282][ T5897] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.041369][ T5897] usb 4-1: config 0 descriptor?? [ 457.051016][ T5897] pwc: Askey VC010 type 2 USB webcam detected. [ 457.076764][T10062] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 457.126808][T10070] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 457.240806][T10062] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 457.251369][T10062] usb 3-1: New USB device found, idVendor=17ef, idProduct=6047, bcdDevice= 0.00 [ 457.260791][T10062] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.272075][T10062] usb 3-1: config 0 descriptor?? [ 457.279785][T10070] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 457.291363][T10070] usb 1-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 457.301128][T10070] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 457.316480][T10070] usb 1-1: config 0 descriptor?? [ 457.461636][ T5897] pwc: recv_control_msg error -32 req 02 val 2b00 [ 457.469481][ T5897] pwc: recv_control_msg error -32 req 02 val 2700 [ 457.477580][ T5897] pwc: recv_control_msg error -32 req 02 val 2c00 [ 457.485471][ T5897] pwc: recv_control_msg error -32 req 04 val 1000 [ 457.494792][ T5897] pwc: recv_control_msg error -32 req 04 val 1300 [ 457.503899][ T5897] pwc: recv_control_msg error -32 req 04 val 1400 [ 457.511601][ T5897] pwc: recv_control_msg error -32 req 02 val 2000 [ 457.519251][ T5897] pwc: recv_control_msg error -32 req 02 val 2100 [ 457.526881][ T5897] pwc: recv_control_msg error -32 req 04 val 1500 [ 457.531243][T10070] usbhid 1-1:0.0: can't add hid device: -71 [ 457.534863][ T5897] pwc: recv_control_msg error -32 req 02 val 2500 [ 457.539969][T10070] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 457.554936][ T5897] pwc: recv_control_msg error -32 req 02 val 2400 [ 457.569758][T10070] usb 1-1: USB disconnect, device number 5 [ 457.708799][T10062] lenovo 0003:17EF:6047.002C: unknown main item tag 0x0 [ 457.716154][T10062] lenovo 0003:17EF:6047.002C: unknown main item tag 0x0 [ 457.723220][T10062] lenovo 0003:17EF:6047.002C: unknown main item tag 0x0 [ 457.730294][T10062] lenovo 0003:17EF:6047.002C: unknown main item tag 0x0 [ 457.737331][T10062] lenovo 0003:17EF:6047.002C: unknown main item tag 0x0 [ 457.746888][T10062] lenovo 0003:17EF:6047.002C: hidraw0: USB HID v0.00 Device [HID 17ef:6047] on usb-dummy_hcd.2-1/input0 [ 457.760717][ T5897] pwc: recv_control_msg error -71 req 02 val 2900 [ 457.768140][ T5897] pwc: recv_control_msg error -71 req 02 val 2800 [ 457.781093][ T5897] pwc: recv_control_msg error -71 req 04 val 1100 [ 457.789928][ T5897] pwc: recv_control_msg error -71 req 04 val 1200 [ 457.804089][ T5897] pwc: Registered as video103. [ 457.824691][ T5897] input: PWC snapshot button as /devices/platform/dummy_hcd.3/usb4/4-1/input/input37 [ 457.853547][ T5897] usb 4-1: USB disconnect, device number 3 [ 458.006867][ T5874] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 458.156714][ T5874] usb 1-1: Using ep0 maxpacket: 32 [ 458.164277][ T5874] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 458.175294][ T5874] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 458.184450][ T5874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.195389][ T5874] usb 1-1: config 0 descriptor?? [ 458.204921][ T5874] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 458.216061][ T5874] ldusb 1-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 458.307643][T10421] trusted_key: encrypted_key: master key parameter 'user:' is invalid [ 458.357549][T10431] syzkaller1: entered promiscuous mode [ 458.363485][T10431] syzkaller1: entered allmulticast mode [ 458.407744][T10070] usb 1-1: USB disconnect, device number 6 [ 458.420144][T10070] ldusb 1-1:0.0: LD USB Device #0 now disconnected [ 458.463891][T10436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 458.476035][T10436] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 458.492868][T10436] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 458.511656][T10436] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 458.542143][T10438] fuse: Bad value for 'group_id' [ 458.547397][T10438] fuse: Bad value for 'group_id' [ 458.838758][ T5874] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 458.899393][T10441] FAT-fs (rnullb0): bogus number of reserved sectors [ 458.906132][T10441] FAT-fs (rnullb0): Can't find a valid FAT filesystem [ 458.979283][T10445] binder: 10444:10445 ioctl c018620c 200000000140 returned -22 [ 459.016872][ T5874] usb 4-1: Using ep0 maxpacket: 32 [ 459.024167][ T5874] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 459.040123][ T5874] usb 4-1: config 0 has no interface number 0 [ 459.078023][ T5874] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 459.089796][ T5874] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 459.103752][ T5874] usb 4-1: Product: syz [ 459.115045][ T5874] usb 4-1: Manufacturer: syz [ 459.128012][ T5874] usb 4-1: SerialNumber: syz [ 459.144792][T10448] overlayfs: missing 'workdir' [ 459.145900][ T5874] usb 4-1: config 0 descriptor?? [ 459.160311][ T5874] smsc95xx v2.0.0 [ 459.429823][T10458] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 459.460823][T10460] FAULT_INJECTION: forcing a failure. [ 459.460823][T10460] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 459.469620][T10458] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 459.475295][T10460] CPU: 1 UID: 0 PID: 10460 Comm: syz.0.1687 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 459.475330][T10460] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 459.475346][T10460] Call Trace: [ 459.475356][T10460] [ 459.475366][T10460] dump_stack_lvl+0x189/0x250 [ 459.475400][T10460] ? __pfx____ratelimit+0x10/0x10 [ 459.475430][T10460] ? __pfx_dump_stack_lvl+0x10/0x10 [ 459.475457][T10460] ? __pfx__printk+0x10/0x10 [ 459.475488][T10460] ? __might_fault+0xb0/0x130 [ 459.475526][T10460] should_fail_ex+0x414/0x560 [ 459.475571][T10460] _copy_from_user+0x2d/0xb0 [ 459.475597][T10460] ___sys_sendmsg+0x158/0x2a0 [ 459.475644][T10460] ? __pfx____sys_sendmsg+0x10/0x10 [ 459.475721][T10460] ? __fget_files+0x2a/0x420 [ 459.475754][T10460] ? __fget_files+0x3a0/0x420 [ 459.475796][T10460] __x64_sys_sendmsg+0x19b/0x260 [ 459.475834][T10460] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 459.475881][T10460] ? __pfx_ksys_write+0x10/0x10 [ 459.475904][T10460] ? rcu_is_watching+0x15/0xb0 [ 459.475935][T10460] ? do_syscall_64+0xbe/0x3b0 [ 459.475969][T10460] do_syscall_64+0xfa/0x3b0 [ 459.475995][T10460] ? lockdep_hardirqs_on+0x9c/0x150 [ 459.476021][T10460] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.476044][T10460] ? clear_bhb_loop+0x60/0xb0 [ 459.476076][T10460] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 459.476099][T10460] RIP: 0033:0x7f197738e929 [ 459.476122][T10460] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 459.476143][T10460] RSP: 002b:00007f1978265038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 459.476170][T10460] RAX: ffffffffffffffda RBX: 00007f19775b5fa0 RCX: 00007f197738e929 [ 459.476188][T10460] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003 [ 459.476205][T10460] RBP: 00007f1978265090 R08: 0000000000000000 R09: 0000000000000000 [ 459.476222][T10460] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 459.476236][T10460] R13: 0000000000000000 R14: 00007f19775b5fa0 R15: 00007ffcb8556868 [ 459.476273][T10460] [ 459.561991][T10462] fuse: Bad value for 'group_id' [ 459.578825][T10440] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1679'. [ 459.597617][T10462] fuse: Bad value for 'group_id' [ 459.602248][T10440] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1679'. [ 459.758667][T10463] netlink: 60 bytes leftover after parsing attributes in process `syz.3.1679'. [ 460.018112][T10474] dummy0: left allmulticast mode [ 460.024347][T10474] dummy0: left promiscuous mode [ 460.038254][T10474] bridge0: port 3(dummy0) entered disabled state [ 460.061655][T10069] usb 3-1: USB disconnect, device number 22 [ 460.114742][T10474] bridge_slave_1: left allmulticast mode [ 460.121179][T10474] bridge_slave_1: left promiscuous mode [ 460.135311][T10474] bridge0: port 2(bridge_slave_1) entered disabled state [ 460.161199][T10474] bridge_slave_0: left allmulticast mode [ 460.169683][T10474] bridge_slave_0: left promiscuous mode [ 460.175979][T10474] bridge0: port 1(bridge_slave_0) entered disabled state [ 460.448646][ T5874] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -71 [ 460.478238][ T5874] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 460.499254][ T5874] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 460.538795][ T5874] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 460.557026][T10069] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 460.577315][ T5874] usb 4-1: USB disconnect, device number 4 [ 460.741583][T10069] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 460.755008][T10069] usb 3-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 460.771259][T10069] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 460.785881][T10069] usb 3-1: config 0 descriptor?? [ 460.803108][T10069] pwc: Askey VC010 type 2 USB webcam detected. [ 460.836921][T10070] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 460.990742][T10070] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 461.026038][T10070] usb 1-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 461.072099][T10070] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.103300][T10070] usb 1-1: config 0 descriptor?? [ 461.127481][T10070] pwc: Askey VC010 type 2 USB webcam detected. [ 461.292538][T10069] pwc: recv_control_msg error -32 req 02 val 2b00 [ 461.300963][T10069] pwc: recv_control_msg error -32 req 02 val 2700 [ 461.315047][T10069] pwc: recv_control_msg error -32 req 02 val 2c00 [ 461.328009][T10069] pwc: recv_control_msg error -32 req 04 val 1000 [ 461.335343][T10069] pwc: recv_control_msg error -32 req 04 val 1300 [ 461.343051][T10069] pwc: recv_control_msg error -32 req 04 val 1400 [ 461.350500][T10069] pwc: recv_control_msg error -32 req 02 val 2000 [ 461.357725][T10069] pwc: recv_control_msg error -32 req 02 val 2100 [ 461.365006][T10069] pwc: recv_control_msg error -32 req 04 val 1500 [ 461.373068][T10069] pwc: recv_control_msg error -32 req 02 val 2500 [ 461.496759][T10073] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 461.525872][T10070] pwc: recv_control_msg error -32 req 02 val 2b00 [ 461.533738][T10070] pwc: recv_control_msg error -32 req 02 val 2700 [ 461.593734][T10070] pwc: recv_control_msg error -32 req 02 val 2c00 [ 461.603460][T10070] pwc: recv_control_msg error -32 req 04 val 1000 [ 461.610701][T10070] pwc: recv_control_msg error -32 req 04 val 1300 [ 461.618204][T10070] pwc: recv_control_msg error -32 req 04 val 1400 [ 461.625363][T10070] pwc: recv_control_msg error -32 req 02 val 2000 [ 461.633260][T10070] pwc: recv_control_msg error -32 req 02 val 2100 [ 461.641442][T10069] pwc: recv_control_msg error -71 req 02 val 2600 [ 461.650615][T10070] pwc: recv_control_msg error -32 req 04 val 1500 [ 461.658071][T10069] pwc: recv_control_msg error -71 req 02 val 2900 [ 461.665277][T10073] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 461.676652][T10070] pwc: recv_control_msg error -32 req 02 val 2500 [ 461.683266][T10069] pwc: recv_control_msg error -71 req 02 val 2800 [ 461.690736][T10070] pwc: recv_control_msg error -32 req 02 val 2400 [ 461.697327][T10073] usb 4-1: New USB device found, idVendor=0926, idProduct=3333, bcdDevice= 0.40 [ 461.706387][T10073] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 461.714527][T10069] pwc: recv_control_msg error -71 req 04 val 1100 [ 461.725385][T10069] pwc: recv_control_msg error -71 req 04 val 1200 [ 461.731972][T10070] pwc: recv_control_msg error -32 req 02 val 2600 [ 461.741601][T10069] pwc: Registered as video103. [ 461.757987][T10073] usb 4-1: config 0 descriptor?? [ 461.766375][T10069] input: PWC snapshot button as /devices/platform/dummy_hcd.2/usb3/3-1/input/input39 [ 461.808361][T10069] usb 3-1: USB disconnect, device number 23 [ 461.966138][T10073] usbhid 4-1:0.0: can't add hid device: -71 [ 461.977821][T10073] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 462.007123][T10073] usb 4-1: USB disconnect, device number 5 [ 462.247285][T10501] fuse: Bad value for 'group_id' [ 462.252449][T10501] fuse: Bad value for 'group_id' [ 462.411967][T10506] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 462.428947][T10506] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 462.486779][T10073] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 462.646894][T10073] usb 4-1: Using ep0 maxpacket: 32 [ 462.655587][T10073] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.668697][T10073] usb 4-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice= 0.40 [ 462.678524][T10073] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.719588][T10073] usb 4-1: config 0 descriptor?? [ 462.736431][T10073] ldusb 4-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 462.785031][T10073] ldusb 4-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 462.941496][T10497] FAULT_INJECTION: forcing a failure. [ 462.941496][T10497] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 462.963404][T10497] CPU: 0 UID: 0 PID: 10497 Comm: syz.3.1695 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 462.963443][T10497] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 462.963458][T10497] Call Trace: [ 462.963467][T10497] [ 462.963478][T10497] dump_stack_lvl+0x189/0x250 [ 462.963508][T10497] ? __pfx____ratelimit+0x10/0x10 [ 462.963533][T10497] ? __pfx_dump_stack_lvl+0x10/0x10 [ 462.963559][T10497] ? __pfx__printk+0x10/0x10 [ 462.963586][T10497] ? fs_reclaim_acquire+0x7d/0x100 [ 462.963623][T10497] should_fail_ex+0x414/0x560 [ 462.963665][T10497] prepare_alloc_pages+0x213/0x610 [ 462.963702][T10497] __alloc_frozen_pages_noprof+0x123/0x370 [ 462.963736][T10497] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 462.963763][T10497] ? do_raw_spin_lock+0x121/0x290 [ 462.963794][T10497] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 462.963825][T10497] ? policy_nodemask+0x27c/0x720 [ 462.963855][T10497] alloc_pages_mpol+0x232/0x4a0 [ 462.963885][T10497] alloc_pages_noprof+0xa9/0x190 [ 462.963912][T10497] get_free_pages_noprof+0xf/0x80 [ 462.963940][T10497] __pollwait+0x27b/0x460 [ 462.963968][T10497] ? __pfx___pollwait+0x10/0x10 [ 462.963992][T10497] n_tty_poll+0x9d/0x740 [ 462.964026][T10497] ? __pfx_n_tty_poll+0x10/0x10 [ 462.964056][T10497] tty_poll+0xbe/0x160 [ 462.964083][T10497] ? __pfx_tty_poll+0x10/0x10 [ 462.964122][T10497] do_select+0x105b/0x17e0 [ 462.964146][T10497] ? __pfx_tomoyo_check_open_permission+0x10/0x10 [ 462.964207][T10497] ? __pfx_do_select+0x10/0x10 [ 462.964232][T10497] ? __lock_acquire+0xab9/0xd20 [ 462.964271][T10497] ? __pfx___pollwait+0x10/0x10 [ 462.964309][T10497] ? __pfx_pollwake+0x10/0x10 [ 462.964338][T10497] ? __pfx_pollwake+0x10/0x10 [ 462.964370][T10497] ? __pfx_pollwake+0x10/0x10 [ 462.964400][T10497] ? __pfx_pollwake+0x10/0x10 [ 462.964430][T10497] ? __pfx_pollwake+0x10/0x10 [ 462.964460][T10497] ? __pfx_pollwake+0x10/0x10 [ 462.964490][T10497] ? __pfx_pollwake+0x10/0x10 [ 462.964521][T10497] ? __pfx_pollwake+0x10/0x10 [ 462.964551][T10497] ? __pfx_pollwake+0x10/0x10 [ 462.964604][T10497] core_sys_select+0x6dd/0xa20 [ 462.964643][T10497] ? __pfx_core_sys_select+0x10/0x10 [ 462.964697][T10497] ? __pfx_set_user_sigmask+0x10/0x10 [ 462.964731][T10497] __se_sys_pselect6+0x27a/0x300 [ 462.964764][T10497] ? __pfx___se_sys_pselect6+0x10/0x10 [ 462.964791][T10497] ? __pfx_ksys_write+0x10/0x10 [ 462.964813][T10497] ? rcu_is_watching+0x15/0xb0 [ 462.964841][T10497] ? __x64_sys_pselect6+0x21/0xf0 [ 462.964870][T10497] do_syscall_64+0xfa/0x3b0 [ 462.964897][T10497] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.964919][T10497] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 462.964953][T10497] ? clear_bhb_loop+0x60/0xb0 [ 462.964980][T10497] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 462.965021][T10497] RIP: 0033:0x7fcf8478e929 [ 462.965054][T10497] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 462.965073][T10497] RSP: 002b:00007fcf85602038 EFLAGS: 00000246 ORIG_RAX: 000000000000010e [ 462.965095][T10497] RAX: ffffffffffffffda RBX: 00007fcf849b5fa0 RCX: 00007fcf8478e929 [ 462.965137][T10497] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000040 [ 462.965152][T10497] RBP: 00007fcf85602090 R08: 0000200000000300 R09: 0000000000000000 [ 462.965167][T10497] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000001 [ 462.965183][T10497] R13: 0000000000000000 R14: 00007fcf849b5fa0 R15: 00007ffe99591ee8 [ 462.965217][T10497] [ 463.386015][ T5874] usb 4-1: USB disconnect, device number 6 [ 463.394814][ T5874] ldusb 4-1:0.0: LD USB Device #0 now disconnected [ 463.574851][T10070] pwc: recv_control_msg error -71 req 02 val 2800 [ 463.588382][T10070] pwc: recv_control_msg error -71 req 04 val 1100 [ 463.638228][T10070] pwc: recv_control_msg error -71 req 04 val 1200 [ 463.687143][T10070] pwc: Registered as video103. [ 463.694141][T10070] input: PWC snapshot button as /devices/platform/dummy_hcd.0/usb1/1-1/input/input40 [ 463.822989][T10070] usb 1-1: USB disconnect, device number 7 [ 464.185368][T10528] binder: 10526:10528 ioctl c0306201 200000001040 returned -14 [ 464.406830][T10070] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 464.427771][T10536] FAULT_INJECTION: forcing a failure. [ 464.427771][T10536] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 464.476562][T10536] CPU: 0 UID: 0 PID: 10536 Comm: syz.1.1709 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 464.476593][T10536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 464.476612][T10536] Call Trace: [ 464.476622][T10536] [ 464.476632][T10536] dump_stack_lvl+0x189/0x250 [ 464.476662][T10536] ? __pfx____ratelimit+0x10/0x10 [ 464.476686][T10536] ? __pfx_dump_stack_lvl+0x10/0x10 [ 464.476711][T10536] ? __pfx__printk+0x10/0x10 [ 464.476735][T10536] ? __might_fault+0xb0/0x130 [ 464.476768][T10536] should_fail_ex+0x414/0x560 [ 464.476810][T10536] _copy_from_user+0x2d/0xb0 [ 464.476833][T10536] ___sys_sendmsg+0x158/0x2a0 [ 464.476868][T10536] ? __pfx____sys_sendmsg+0x10/0x10 [ 464.476937][T10536] ? __fget_files+0x2a/0x420 [ 464.476964][T10536] ? __fget_files+0x3a0/0x420 [ 464.477003][T10536] __x64_sys_sendmsg+0x19b/0x260 [ 464.477046][T10536] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 464.477100][T10536] ? __pfx_ksys_write+0x10/0x10 [ 464.477121][T10536] ? rcu_is_watching+0x15/0xb0 [ 464.477148][T10536] ? do_syscall_64+0xbe/0x3b0 [ 464.477177][T10536] do_syscall_64+0xfa/0x3b0 [ 464.477201][T10536] ? lockdep_hardirqs_on+0x9c/0x150 [ 464.477223][T10536] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.477245][T10536] ? clear_bhb_loop+0x60/0xb0 [ 464.477272][T10536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 464.477311][T10536] RIP: 0033:0x7fc26d38e929 [ 464.477331][T10536] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 464.477350][T10536] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 464.477374][T10536] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929 [ 464.477391][T10536] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003 [ 464.477405][T10536] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 464.477419][T10536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 464.477433][T10536] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378 [ 464.477466][T10536] [ 464.789629][T10070] usb 3-1: Using ep0 maxpacket: 32 [ 464.796749][T10070] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 464.804867][T10070] usb 3-1: config 0 has no interface number 0 [ 464.826484][T10546] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 464.849056][T10546] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 464.859792][T10070] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 464.875932][T10070] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 464.875963][T10070] usb 3-1: Product: syz [ 464.875981][T10070] usb 3-1: Manufacturer: syz [ 464.875998][T10070] usb 3-1: SerialNumber: syz [ 464.889303][T10070] usb 3-1: config 0 descriptor?? [ 464.949517][T10070] smsc95xx v2.0.0 [ 465.003726][T10554] syzkaller1: entered promiscuous mode [ 465.003774][T10554] syzkaller1: entered allmulticast mode [ 465.366150][T10070] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -61 [ 465.377396][T10070] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 465.571185][T10527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 465.580288][T10527] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 465.665697][T10073] hid-generic 0000:0000:0000.002D: unknown main item tag 0x0 [ 465.710686][T10073] hid-generic 0000:0000:0000.002D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 465.873463][T10062] hid-generic 0000:0000:0000.002E: unknown main item tag 0x0 [ 465.907248][T10062] hid-generic 0000:0000:0000.002E: hidraw1: HID v0.00 Device [syz1] on syz0 [ 465.991625][T10070] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000108: -71 [ 466.027440][T10070] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 466.065346][T10070] usb 3-1: USB disconnect, device number 24 [ 466.696566][T10580] snd_dummy snd_dummy.0: control 3:2:0:syz0:211 is already present [ 466.806285][ T30] audit: type=1326 audit(1750977056.774:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000 [ 466.829828][ T30] audit: type=1326 audit(1750977056.774:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000 [ 466.855622][ T30] audit: type=1326 audit(1750977056.774:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=234 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000 [ 466.881143][ T30] audit: type=1326 audit(1750977056.804:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000 [ 466.903946][T10062] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 466.917557][ T30] audit: type=1326 audit(1750977056.804:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000 [ 466.943156][ T30] audit: type=1326 audit(1750977056.824:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000 [ 466.970873][ T30] audit: type=1326 audit(1750977056.824:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000 [ 466.999364][ T30] audit: type=1326 audit(1750977056.854:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcf8478d290 code=0x7ffc0000 [ 467.025210][ T30] audit: type=1326 audit(1750977056.854:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=308 compat=0 ip=0x7fcf84790157 code=0x7ffc0000 [ 467.060391][T10070] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 467.068140][ T30] audit: type=1326 audit(1750977056.854:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10582 comm="syz.3.1725" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fcf8478e929 code=0x7ffc0000 [ 467.098379][T10062] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 467.110649][T10062] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 467.126192][T10062] usb 3-1: New USB device found, idVendor=054c, idProduct=0df2, bcdDevice=d6.af [ 467.141725][T10062] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 467.155526][T10062] usb 3-1: config 0 descriptor?? [ 467.227331][T10070] usb 1-1: Using ep0 maxpacket: 32 [ 467.234830][T10070] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 467.253622][T10070] usb 1-1: config 0 has no interface number 0 [ 467.271354][T10070] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 467.290445][T10070] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 467.300445][T10070] usb 1-1: Product: syz [ 467.304643][T10070] usb 1-1: Manufacturer: syz [ 467.312228][T10070] usb 1-1: SerialNumber: syz [ 467.322133][T10070] usb 1-1: config 0 descriptor?? [ 467.334779][T10070] smsc95xx v2.0.0 [ 467.736147][T10070] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 467.748740][T10070] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 467.800224][T10578] fuse: Unknown parameter '000000000000000000000060xffffffffffffffffn仮E{iEHP@I@-' [ 467.815659][T10062] usbhid 3-1:0.0: can't add hid device: -71 [ 467.822944][T10062] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 467.843810][T10062] usb 3-1: USB disconnect, device number 25 [ 467.954228][T10598] netlink: 76 bytes leftover after parsing attributes in process `syz.3.1731'. [ 468.216223][T10608] syzkaller1: entered promiscuous mode [ 468.222338][T10608] syzkaller1: entered allmulticast mode [ 468.270442][T10610] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 468.279316][T10610] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 468.291633][T10610] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 468.299013][T10610] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 468.492489][T10616] dlm: plock device version mismatch: kernel (1.2.0), user (1.6.16) [ 468.736839][T10062] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 468.793287][T10070] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 468.807594][T10070] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 468.836823][T10070] usb 1-1: USB disconnect, device number 8 [ 468.898153][T10062] usb 3-1: Using ep0 maxpacket: 8 [ 468.918317][T10062] usb 3-1: config 0 has an invalid interface number: 130 but max is 0 [ 468.936047][T10062] usb 3-1: config 0 has no interface number 0 [ 468.944000][T10062] usb 3-1: New USB device found, idVendor=0403, idProduct=fa78, bcdDevice=71.1b [ 468.957516][T10062] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 468.974291][T10620] syz.3.1740: attempt to access beyond end of device [ 468.974291][T10620] loop3: rw=0, sector=0, nr_sectors = 1 limit=0 [ 468.978169][T10062] usb 3-1: config 0 descriptor?? [ 468.995725][T10620] efs: cannot read volume header [ 469.008086][T10062] ftdi_sio 3-1:0.130: FTDI USB Serial Device converter detected [ 469.024187][T10062] ftdi_sio ttyUSB0: unknown device type: 0x711b [ 469.089527][T10622] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 469.103070][T10622] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 469.116099][T10622] netlink: 76 bytes leftover after parsing attributes in process `syz.1.1741'. [ 469.129308][T10624] EXT4-fs (rnullb0): VFS: Can't find ext4 filesystem [ 469.172593][T10626] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 469.189573][T10626] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 469.231240][T10062] usb 3-1: USB disconnect, device number 26 [ 469.253650][T10062] ftdi_sio 3-1:0.130: device disconnected [ 469.657137][T10644] ceph: Path missing in source [ 469.820766][T10650] snd_dummy snd_dummy.0: control 3:2:0:syz0:211 is already present [ 469.976826][T10062] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 470.016960][ T5897] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 470.111482][T10062] usb 4-1: device descriptor read/64, error -71 [ 470.118025][ T5874] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 470.157999][T10660] overlayfs: option "workdir=./bus" is useless in a non-upper mount, ignore [ 470.166938][T10660] overlayfs: at least 2 lowerdir are needed while upperdir nonexistent [ 470.176703][ T5897] usb 1-1: Using ep0 maxpacket: 32 [ 470.199098][ T5897] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 470.208841][ T5897] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 470.220944][ T5897] usb 1-1: Product: syz [ 470.225138][ T5897] usb 1-1: Manufacturer: syz [ 470.230519][ T5897] usb 1-1: SerialNumber: syz [ 470.241335][ T5897] usb 1-1: config 0 descriptor?? [ 470.261350][ T5897] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 470.286901][ T5874] usb 3-1: Using ep0 maxpacket: 32 [ 470.295360][ T5874] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 470.308279][ T5874] usb 3-1: config 0 has no interface number 0 [ 470.319957][ T5874] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 470.331441][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 470.339739][ T5874] usb 3-1: Product: syz [ 470.344046][ T5874] usb 3-1: Manufacturer: syz [ 470.347235][T10664] binder_alloc: 10663: binder_alloc_buf size 65816 failed, no address space [ 470.349636][ T5874] usb 3-1: SerialNumber: syz [ 470.361929][T10664] binder_alloc: allocated: 0 (num: 0 largest: 0), free: 12288 (num: 1 largest: 12288) [ 470.362150][T10062] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 470.382981][ T5874] usb 3-1: config 0 descriptor?? [ 470.393379][ T5874] smsc95xx v2.0.0 [ 470.516907][T10062] usb 4-1: device descriptor read/64, error -71 [ 470.543755][T10668] netlink: 'syz.1.1761': attribute type 10 has an invalid length. [ 470.551823][T10668] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1761'. [ 470.631426][T10062] usb usb4-port1: attempt power cycle [ 470.798069][ T5874] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 470.812192][ T5874] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 470.976821][T10062] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 470.997646][T10062] usb 4-1: device descriptor read/8, error -71 [ 471.236871][T10062] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 471.260159][T10062] usb 4-1: device descriptor read/8, error -71 [ 471.387430][T10062] usb usb4-port1: unable to enumerate USB device [ 471.618831][T10672] FAULT_INJECTION: forcing a failure. [ 471.618831][T10672] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 471.633369][T10672] CPU: 1 UID: 0 PID: 10672 Comm: syz.1.1763 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 471.633402][T10672] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 471.633418][T10672] Call Trace: [ 471.633427][T10672] [ 471.633437][T10672] dump_stack_lvl+0x189/0x250 [ 471.633469][T10672] ? __pfx____ratelimit+0x10/0x10 [ 471.633493][T10672] ? __pfx_dump_stack_lvl+0x10/0x10 [ 471.633526][T10672] ? __pfx__printk+0x10/0x10 [ 471.633552][T10672] ? __might_fault+0xb0/0x130 [ 471.633587][T10672] should_fail_ex+0x414/0x560 [ 471.633627][T10672] _copy_from_user+0x2d/0xb0 [ 471.633650][T10672] ___sys_sendmsg+0x158/0x2a0 [ 471.633687][T10672] ? __pfx____sys_sendmsg+0x10/0x10 [ 471.633759][T10672] ? __fget_files+0x2a/0x420 [ 471.633787][T10672] ? __fget_files+0x3a0/0x420 [ 471.633829][T10672] __x64_sys_sendmsg+0x19b/0x260 [ 471.633864][T10672] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 471.633907][T10672] ? __pfx_ksys_write+0x10/0x10 [ 471.633939][T10672] ? do_syscall_64+0xbe/0x3b0 [ 471.633970][T10672] do_syscall_64+0xfa/0x3b0 [ 471.633995][T10672] ? lockdep_hardirqs_on+0x9c/0x150 [ 471.634018][T10672] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.634040][T10672] ? clear_bhb_loop+0x60/0xb0 [ 471.634066][T10672] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 471.634088][T10672] RIP: 0033:0x7fc26d38e929 [ 471.634108][T10672] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 471.634128][T10672] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 471.634151][T10672] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929 [ 471.634168][T10672] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 471.634182][T10672] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 471.634197][T10672] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 471.634210][T10672] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378 [ 471.634244][T10672] [ 471.862317][ T5874] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 471.875903][ T5874] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 471.898541][ T5874] usb 3-1: USB disconnect, device number 27 [ 471.981491][T10676] netlink: 60 bytes leftover after parsing attributes in process `syz.1.1764'. [ 472.410651][T10678] syz.2.1765: attempt to access beyond end of device [ 472.410651][T10678] loop2: rw=6144, sector=128, nr_sectors = 8 limit=0 [ 472.424039][T10678] gfs2: error -5 reading superblock [ 472.884285][T10690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 472.895301][T10690] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 472.993150][T10693] netlink: 312 bytes leftover after parsing attributes in process `syz.2.1772'. [ 473.095023][T10696] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1775'. [ 473.103377][T10698] snd_dummy snd_dummy.0: control 3:2:0:syz0:211 is already present [ 473.436740][ T5874] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 473.525622][T10709] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1780'. [ 473.549512][ T1151] Bluetooth: hci4: Frame reassembly failed (-84) [ 473.557427][T10709] Bluetooth: hci4: Frame reassembly failed (-84) [ 473.558563][T10073] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 473.564414][T10709] Bluetooth: hci4: Frame reassembly failed (-84) [ 473.596725][ T5874] usb 3-1: Using ep0 maxpacket: 32 [ 473.603493][ T5874] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 473.612154][ T5874] usb 3-1: config 0 has no interface number 0 [ 473.621172][ T5874] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 473.631113][ T5874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 473.639396][ T5874] usb 3-1: Product: syz [ 473.643653][ T5874] usb 3-1: Manufacturer: syz [ 473.648562][ T5874] usb 3-1: SerialNumber: syz [ 473.656878][ T5874] usb 3-1: config 0 descriptor?? [ 473.662935][ T5897] gspca_stk1135: reg_w 0x353 err -71 [ 473.672997][ T5874] smsc95xx v2.0.0 [ 473.677773][ T5897] gspca_stk1135: serial bus timeout: status=0x00 [ 473.684274][ T5897] gspca_stk1135: Sensor write failed [ 473.689975][ T5897] gspca_stk1135: serial bus timeout: status=0x00 [ 473.696389][ T5897] gspca_stk1135: Sensor write failed [ 473.701967][ T5897] gspca_stk1135: serial bus timeout: status=0x00 [ 473.709213][ T5897] gspca_stk1135: Sensor read failed [ 473.714471][ T5897] gspca_stk1135: serial bus timeout: status=0x00 [ 473.720271][T10073] usb 4-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 473.721201][ T5897] gspca_stk1135: Sensor read failed [ 473.737081][ T5897] gspca_stk1135: Detected sensor type unknown (0x0) [ 473.740246][T10073] usb 4-1: config 0 interface 0 has no altsetting 0 [ 473.743767][ T5897] gspca_stk1135: serial bus timeout: status=0x00 [ 473.755309][T10073] usb 4-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 473.756783][ T5897] gspca_stk1135: Sensor read failed [ 473.756823][ T5897] gspca_stk1135: serial bus timeout: status=0x00 [ 473.756837][ T5897] gspca_stk1135: Sensor read failed [ 473.756873][ T5897] gspca_stk1135: serial bus timeout: status=0x00 [ 473.770491][T10073] usb 4-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 473.771195][ T5897] gspca_stk1135: Sensor write failed [ 473.777892][T10073] usb 4-1: Product: syz [ 473.782897][ T5897] gspca_stk1135: serial bus timeout: status=0x00 [ 473.793132][T10073] usb 4-1: Manufacturer: syz [ 473.797516][ T5897] gspca_stk1135: Sensor write failed [ 473.803261][T10073] usb 4-1: SerialNumber: syz [ 473.807436][ T5897] stk1135 1-1:0.0: probe with driver stk1135 failed with error -71 [ 473.832422][T10073] usb 4-1: config 0 descriptor?? [ 473.848487][T10073] usb 4-1: selecting invalid altsetting 0 [ 473.852107][ T5897] usb 1-1: USB disconnect, device number 9 [ 474.053688][T10076] usb 4-1: USB disconnect, device number 11 [ 474.076318][ T5874] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 474.089715][ T5874] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 474.921449][T10715] FAULT_INJECTION: forcing a failure. [ 474.921449][T10715] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 474.936788][T10715] CPU: 1 UID: 0 PID: 10715 Comm: syz.0.1782 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 474.936819][T10715] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 474.936833][T10715] Call Trace: [ 474.936844][T10715] [ 474.936853][T10715] dump_stack_lvl+0x189/0x250 [ 474.936884][T10715] ? __pfx____ratelimit+0x10/0x10 [ 474.936911][T10715] ? __pfx_dump_stack_lvl+0x10/0x10 [ 474.936936][T10715] ? __pfx__printk+0x10/0x10 [ 474.936961][T10715] ? __might_fault+0xb0/0x130 [ 474.936996][T10715] should_fail_ex+0x414/0x560 [ 474.937038][T10715] _copy_from_user+0x2d/0xb0 [ 474.937061][T10715] futex_parse_waitv+0xf4/0x410 [ 474.937092][T10715] ? __pfx_futex_wake_mark+0x10/0x10 [ 474.937125][T10715] ? __pfx_futex_parse_waitv+0x10/0x10 [ 474.937155][T10715] ? rcu_is_watching+0x15/0xb0 [ 474.937177][T10715] ? trace_kmalloc+0x1f/0xd0 [ 474.937206][T10715] ? __se_sys_futex_waitv+0x17d/0x280 [ 474.937239][T10715] __se_sys_futex_waitv+0x19f/0x280 [ 474.937272][T10715] ? __pfx___se_sys_futex_waitv+0x10/0x10 [ 474.937308][T10715] ? __task_pid_nr_ns+0x28/0x470 [ 474.937342][T10715] ? do_syscall_64+0xbe/0x3b0 [ 474.937366][T10715] ? __x64_sys_futex_waitv+0x20/0xc0 [ 474.937397][T10715] do_syscall_64+0xfa/0x3b0 [ 474.937422][T10715] ? lockdep_hardirqs_on+0x9c/0x150 [ 474.937446][T10715] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.937468][T10715] ? clear_bhb_loop+0x60/0xb0 [ 474.937496][T10715] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 474.937518][T10715] RIP: 0033:0x7f197738e929 [ 474.937538][T10715] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 474.937559][T10715] RSP: 002b:00007f1978265038 EFLAGS: 00000246 ORIG_RAX: 00000000000001c1 [ 474.937583][T10715] RAX: ffffffffffffffda RBX: 00007f19775b5fa0 RCX: 00007f197738e929 [ 474.937600][T10715] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000200000001080 [ 474.937615][T10715] RBP: 00007f1978265090 R08: 0000000000000001 R09: 0000000000000000 [ 474.937629][T10715] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 474.937643][T10715] R13: 0000000000000000 R14: 00007f19775b5fa0 R15: 00007ffcb8556868 [ 474.937676][T10715] [ 475.228697][T10721] FAULT_INJECTION: forcing a failure. [ 475.228697][T10721] name failslab, interval 1, probability 0, space 0, times 0 [ 475.242134][T10721] CPU: 1 UID: 0 PID: 10721 Comm: syz.3.1785 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 475.242167][T10721] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 475.242181][T10721] Call Trace: [ 475.242189][T10721] [ 475.242199][T10721] dump_stack_lvl+0x189/0x250 [ 475.242229][T10721] ? __pfx____ratelimit+0x10/0x10 [ 475.242254][T10721] ? __pfx_dump_stack_lvl+0x10/0x10 [ 475.242277][T10721] ? __pfx__printk+0x10/0x10 [ 475.242307][T10721] ? __pfx___might_resched+0x10/0x10 [ 475.242334][T10721] should_fail_ex+0x414/0x560 [ 475.242375][T10721] should_failslab+0xa8/0x100 [ 475.242402][T10721] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 475.242425][T10721] ? __alloc_skb+0x112/0x2d0 [ 475.242464][T10721] __alloc_skb+0x112/0x2d0 [ 475.242496][T10721] netlink_sendmsg+0x5c6/0xb30 [ 475.242534][T10721] ? __pfx_netlink_sendmsg+0x10/0x10 [ 475.242566][T10721] ? aa_sock_msg_perm+0xf1/0x1d0 [ 475.242594][T10721] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 475.242624][T10721] ? __pfx_netlink_sendmsg+0x10/0x10 [ 475.242652][T10721] __sock_sendmsg+0x219/0x270 [ 475.242678][T10721] ____sys_sendmsg+0x505/0x830 [ 475.242716][T10721] ? __pfx_____sys_sendmsg+0x10/0x10 [ 475.242757][T10721] ? import_iovec+0x74/0xa0 [ 475.242782][T10721] ___sys_sendmsg+0x21f/0x2a0 [ 475.242817][T10721] ? __pfx____sys_sendmsg+0x10/0x10 [ 475.242888][T10721] ? __fget_files+0x2a/0x420 [ 475.242915][T10721] ? __fget_files+0x3a0/0x420 [ 475.242954][T10721] __x64_sys_sendmsg+0x19b/0x260 [ 475.242988][T10721] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 475.243030][T10721] ? __pfx_ksys_write+0x10/0x10 [ 475.243051][T10721] ? rcu_is_watching+0x15/0xb0 [ 475.243078][T10721] ? do_syscall_64+0xbe/0x3b0 [ 475.243109][T10721] do_syscall_64+0xfa/0x3b0 [ 475.243132][T10721] ? lockdep_hardirqs_on+0x9c/0x150 [ 475.243156][T10721] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.243179][T10721] ? clear_bhb_loop+0x60/0xb0 [ 475.243206][T10721] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 475.243228][T10721] RIP: 0033:0x7fcf8478e929 [ 475.243248][T10721] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 475.243268][T10721] RSP: 002b:00007fcf85602038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 475.243292][T10721] RAX: ffffffffffffffda RBX: 00007fcf849b5fa0 RCX: 00007fcf8478e929 [ 475.243309][T10721] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000003 [ 475.243323][T10721] RBP: 00007fcf85602090 R08: 0000000000000000 R09: 0000000000000000 [ 475.243337][T10721] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 475.243351][T10721] R13: 0000000000000000 R14: 00007fcf849b5fa0 R15: 00007ffe99591ee8 [ 475.243385][T10721] [ 475.549830][ T5153] Bluetooth: hci4: Opcode 0x1003 failed: -110 [ 475.608174][ T5874] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 475.628224][T10723] Failed to get privilege flags for destination (handle=0x2:0x0) [ 475.668946][ T5874] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 475.696307][ T5874] usb 3-1: USB disconnect, device number 28 [ 475.722671][T10723] XFS (rnullb0): Invalid superblock magic number [ 475.919344][T10073] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 476.079855][T10073] usb 1-1: config 1 has an invalid interface number: 228 but max is 2 [ 476.088258][T10073] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 476.097027][T10073] usb 1-1: config 1 has an invalid interface number: 146 but max is 2 [ 476.105336][T10073] usb 1-1: config 1 has an invalid interface number: 246 but max is 2 [ 476.110162][T10076] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 476.113815][T10073] usb 1-1: config 1 has no interface number 0 [ 476.127575][T10073] usb 1-1: config 1 has no interface number 1 [ 476.133680][T10073] usb 1-1: config 1 has no interface number 2 [ 476.145059][T10073] usb 1-1: config 1 interface 228 altsetting 4 bulk endpoint 0x8 has invalid maxpacket 32 [ 476.155480][T10073] usb 1-1: config 1 interface 228 altsetting 4 has a duplicate endpoint with address 0x7, skipping [ 476.167292][T10073] usb 1-1: config 1 interface 228 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 476.179252][T10073] usb 1-1: config 1 interface 228 altsetting 4 has a duplicate endpoint with address 0x4, skipping [ 476.188418][T10741] FAULT_INJECTION: forcing a failure. [ 476.188418][T10741] name failslab, interval 1, probability 0, space 0, times 0 [ 476.193967][T10073] usb 1-1: config 1 interface 228 altsetting 4 endpoint 0xD has invalid maxpacket 1023, setting to 64 [ 476.208713][T10741] CPU: 0 UID: 0 PID: 10741 Comm: syz.2.1791 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 476.208747][T10741] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 476.208763][T10741] Call Trace: [ 476.208773][T10741] [ 476.208784][T10741] dump_stack_lvl+0x189/0x250 [ 476.208817][T10741] ? __pfx____ratelimit+0x10/0x10 [ 476.208844][T10741] ? __pfx_dump_stack_lvl+0x10/0x10 [ 476.208871][T10741] ? __pfx__printk+0x10/0x10 [ 476.208901][T10741] ? __pfx___might_resched+0x10/0x10 [ 476.208926][T10741] ? fs_reclaim_acquire+0x7d/0x100 [ 476.208961][T10741] should_fail_ex+0x414/0x560 [ 476.209005][T10741] should_failslab+0xa8/0x100 [ 476.209033][T10741] __kmalloc_noprof+0xcb/0x4f0 [ 476.209057][T10741] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 476.209100][T10741] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 476.209146][T10741] genl_family_rcv_msg_doit+0xb8/0x300 [ 476.209190][T10741] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 476.209228][T10741] ? rcu_is_watching+0x15/0xb0 [ 476.209256][T10741] ? apparmor_capable+0x137/0x1b0 [ 476.209294][T10741] ? bpf_lsm_capable+0x9/0x20 [ 476.209317][T10741] ? security_capable+0x7e/0x2e0 [ 476.209360][T10741] genl_rcv_msg+0x60e/0x790 [ 476.209403][T10741] ? __pfx_genl_rcv_msg+0x10/0x10 [ 476.209435][T10741] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 476.209469][T10741] ? __pfx_nl80211_start_ap+0x10/0x10 [ 476.209488][T10741] ? __pfx_nl80211_post_doit+0x10/0x10 [ 476.209540][T10741] netlink_rcv_skb+0x205/0x470 [ 476.209569][T10741] ? __pfx_genl_rcv_msg+0x10/0x10 [ 476.209605][T10741] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 476.209654][T10741] ? down_read+0x1ad/0x2e0 [ 476.209687][T10741] genl_rcv+0x28/0x40 [ 476.209720][T10741] netlink_unicast+0x758/0x8d0 [ 476.209759][T10741] netlink_sendmsg+0x805/0xb30 [ 476.209802][T10741] ? __pfx_netlink_sendmsg+0x10/0x10 [ 476.209835][T10741] ? aa_sock_msg_perm+0xf1/0x1d0 [ 476.209865][T10741] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 476.209896][T10741] ? __pfx_netlink_sendmsg+0x10/0x10 [ 476.209927][T10741] __sock_sendmsg+0x219/0x270 [ 476.209955][T10741] ____sys_sendmsg+0x505/0x830 [ 476.209995][T10741] ? __pfx_____sys_sendmsg+0x10/0x10 [ 476.210040][T10741] ? import_iovec+0x74/0xa0 [ 476.210067][T10741] ___sys_sendmsg+0x21f/0x2a0 [ 476.210103][T10741] ? __pfx____sys_sendmsg+0x10/0x10 [ 476.210178][T10741] ? __fget_files+0x2a/0x420 [ 476.210206][T10741] ? __fget_files+0x3a0/0x420 [ 476.210269][T10741] __x64_sys_sendmsg+0x19b/0x260 [ 476.210306][T10741] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 476.210360][T10741] ? __pfx_ksys_write+0x10/0x10 [ 476.210383][T10741] ? rcu_is_watching+0x15/0xb0 [ 476.210415][T10741] ? do_syscall_64+0xbe/0x3b0 [ 476.210449][T10741] do_syscall_64+0xfa/0x3b0 [ 476.210474][T10741] ? lockdep_hardirqs_on+0x9c/0x150 [ 476.210498][T10741] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.210523][T10741] ? clear_bhb_loop+0x60/0xb0 [ 476.210553][T10741] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.210578][T10741] RIP: 0033:0x7f2380d8e929 [ 476.210600][T10741] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 476.210623][T10741] RSP: 002b:00007f2381c33038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 476.210648][T10741] RAX: ffffffffffffffda RBX: 00007f2380fb5fa0 RCX: 00007f2380d8e929 [ 476.210668][T10741] RDX: 0000000000000000 RSI: 00002000000001c0 RDI: 0000000000000003 [ 476.210683][T10741] RBP: 00007f2381c33090 R08: 0000000000000000 R09: 0000000000000000 [ 476.210699][T10741] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 476.210715][T10741] R13: 0000000000000000 R14: 00007f2380fb5fa0 R15: 00007fff9039e078 [ 476.210753][T10741] [ 476.302453][T10076] usb 4-1: Using ep0 maxpacket: 32 [ 476.305028][T10073] usb 1-1: config 1 interface 228 altsetting 4 has a duplicate endpoint with address 0x9, skipping [ 476.321184][T10076] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 476.325648][T10073] usb 1-1: config 1 interface 228 altsetting 4 endpoint 0x1 has invalid wMaxPacketSize 0 [ 476.325678][T10073] usb 1-1: config 1 interface 228 altsetting 4 has an invalid descriptor for endpoint zero, skipping [ 476.337850][T10076] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.340335][T10073] usb 1-1: config 1 interface 228 altsetting 4 has a duplicate endpoint with address 0x8, skipping [ 476.350514][T10076] usb 4-1: Product: syz [ 476.352094][T10073] usb 1-1: config 1 interface 228 altsetting 4 has a duplicate endpoint with address 0xC, skipping [ 476.363629][T10076] usb 4-1: Manufacturer: syz [ 476.370008][T10073] usb 1-1: config 1 interface 146 altsetting 8 has a duplicate endpoint with address 0x8, skipping [ 476.385178][T10076] usb 4-1: SerialNumber: syz [ 476.393903][T10073] usb 1-1: config 1 interface 146 altsetting 8 has a duplicate endpoint with address 0x9, skipping [ 476.413013][T10743] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1792'. [ 476.419534][T10073] usb 1-1: config 1 interface 146 altsetting 8 has a duplicate endpoint with address 0x7, skipping [ 476.422302][T10076] usb 4-1: config 0 descriptor?? [ 476.425987][T10073] usb 1-1: config 1 interface 146 altsetting 8 has a duplicate endpoint with address 0x4, skipping [ 476.445964][T10076] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 476.460027][T10073] usb 1-1: config 1 interface 246 altsetting 4 has a duplicate endpoint with address 0x8, skipping [ 476.670126][ T5842] Bluetooth: hci1: unexpected event for opcode 0x0403 [ 476.681362][T10073] usb 1-1: config 1 interface 228 has no altsetting 0 [ 476.775330][T10073] usb 1-1: config 1 interface 146 has no altsetting 0 [ 476.782772][T10073] usb 1-1: config 1 interface 246 has no altsetting 0 [ 476.795954][T10073] usb 1-1: New USB device found, idVendor=0c45, idProduct=624e, bcdDevice= 8.71 [ 476.831416][T10073] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 476.841071][T10073] usb 1-1: Product: syz [ 476.856010][T10753] FAULT_INJECTION: forcing a failure. [ 476.856010][T10753] name failslab, interval 1, probability 0, space 0, times 0 [ 476.871978][T10753] CPU: 1 UID: 0 PID: 10753 Comm: syz.1.1796 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 476.872008][T10753] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 476.872023][T10753] Call Trace: [ 476.872032][T10753] [ 476.872042][T10753] dump_stack_lvl+0x189/0x250 [ 476.872071][T10753] ? __pfx____ratelimit+0x10/0x10 [ 476.872098][T10753] ? __pfx_dump_stack_lvl+0x10/0x10 [ 476.872122][T10753] ? __pfx__printk+0x10/0x10 [ 476.872151][T10753] ? __pfx___might_resched+0x10/0x10 [ 476.872172][T10753] ? fs_reclaim_acquire+0x7d/0x100 [ 476.872201][T10753] should_fail_ex+0x414/0x560 [ 476.872240][T10753] should_failslab+0xa8/0x100 [ 476.872266][T10753] __kmalloc_noprof+0xcb/0x4f0 [ 476.872285][T10753] ? iter_file_splice_write+0x1cb/0x1000 [ 476.872315][T10753] iter_file_splice_write+0x1cb/0x1000 [ 476.872363][T10753] ? __pfx_iter_file_splice_write+0x10/0x10 [ 476.872397][T10753] ? rcu_read_lock_any_held+0xb3/0x120 [ 476.872421][T10753] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 476.872445][T10753] ? ovl_real_file_path+0x145/0x310 [ 476.872475][T10753] backing_file_splice_write+0x3be/0x5e0 [ 476.872508][T10753] ovl_splice_write+0x3b7/0x4e0 [ 476.872522][T10753] ? __lock_acquire+0xab9/0xd20 [ 476.872557][T10753] ? __pfx_ovl_splice_write+0x10/0x10 [ 476.872580][T10753] ? __pfx_ovl_file_end_write+0x10/0x10 [ 476.872604][T10753] ? rcu_read_lock_any_held+0xb3/0x120 [ 476.872639][T10753] ? __pfx_ovl_splice_write+0x10/0x10 [ 476.872656][T10753] direct_splice_actor+0xfe/0x160 [ 476.872677][T10753] splice_direct_to_actor+0x5a8/0xcc0 [ 476.872723][T10753] ? __pfx_direct_splice_actor+0x10/0x10 [ 476.872749][T10753] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 476.872787][T10753] do_splice_direct+0x181/0x270 [ 476.872809][T10753] ? __pfx_do_splice_direct+0x10/0x10 [ 476.872828][T10753] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 476.872882][T10753] ? rw_verify_area+0x258/0x650 [ 476.872910][T10753] do_sendfile+0x4da/0x7e0 [ 476.872951][T10753] ? __pfx_do_sendfile+0x10/0x10 [ 476.872983][T10753] __se_sys_sendfile64+0xd9/0x190 [ 476.873006][T10753] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 476.873035][T10753] ? rcu_is_watching+0x15/0xb0 [ 476.873063][T10753] ? do_syscall_64+0xbe/0x3b0 [ 476.873091][T10753] do_syscall_64+0xfa/0x3b0 [ 476.873114][T10753] ? lockdep_hardirqs_on+0x9c/0x150 [ 476.873131][T10753] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.873146][T10753] ? clear_bhb_loop+0x60/0xb0 [ 476.873169][T10753] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 476.873191][T10753] RIP: 0033:0x7fc26d38e929 [ 476.873211][T10753] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 476.873229][T10753] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 476.873252][T10753] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929 [ 476.873306][T10753] RDX: 0000200000000080 RSI: 0000000000000003 RDI: 0000000000000003 [ 476.873318][T10753] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 476.873334][T10753] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000002 [ 476.873355][T10753] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378 [ 476.873390][T10753] [ 476.873560][T10073] usb 1-1: Manufacturer: 칺ᐰ탴冇䑋㉸勵ẊᲴ頻ꆶ厒맥痆膃ጬ䧫ᢼ [ 477.106866][ T5897] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 477.111428][T10073] usb 1-1: SerialNumber: syz [ 477.116957][T10727] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 477.226308][T10727] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 477.270165][T10757] ntfs3(rnullb0): Primary boot signature is not NTFS. [ 477.277900][T10757] ntfs3(rnullb0): Alternative boot signature is not NTFS. [ 477.344967][T10759] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 477.356578][T10759] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 477.374532][ T5897] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 477.384356][ T5897] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 477.392537][ T5897] usb 3-1: Product: syz [ 477.396807][ T5897] usb 3-1: Manufacturer: syz [ 477.401445][ T5897] usb 3-1: SerialNumber: syz [ 477.415648][ T5897] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 477.472302][ T5874] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 477.504747][T10073] usb 1-1: USB disconnect, device number 10 [ 478.035058][T10761] snd_dummy snd_dummy.0: control 3:2:0:syz0:211 is already present [ 478.336764][T10073] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 478.486709][T10073] usb 1-1: Using ep0 maxpacket: 32 [ 478.494073][T10073] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 478.502405][T10073] usb 1-1: config 0 has no interface number 0 [ 478.511474][T10073] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 478.517731][ T5874] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 478.521206][T10073] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 478.536223][T10073] usb 1-1: Product: syz [ 478.540805][T10073] usb 1-1: Manufacturer: syz [ 478.545520][T10073] usb 1-1: SerialNumber: syz [ 478.545996][ T5874] ath9k_htc: Failed to initialize the device [ 478.558527][T10073] usb 1-1: config 0 descriptor?? [ 478.571883][T10073] smsc95xx v2.0.0 [ 478.593834][ T5874] usb 3-1: ath9k_htc: USB layer deinitialized [ 478.812941][ T5874] usb 3-1: USB disconnect, device number 29 [ 478.970581][T10073] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 478.981555][T10073] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 479.636893][T10069] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 479.745953][T10076] gspca_stk1135: reg_w 0x353 err -71 [ 479.752602][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 479.763904][T10076] gspca_stk1135: Sensor write failed [ 479.769346][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 479.776873][T10076] gspca_stk1135: Sensor write failed [ 479.783505][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 479.790960][T10076] gspca_stk1135: Sensor read failed [ 479.796218][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 479.804719][T10076] gspca_stk1135: Sensor read failed [ 479.809998][T10069] usb 3-1: Using ep0 maxpacket: 16 [ 479.815323][T10076] gspca_stk1135: Detected sensor type unknown (0x0) [ 479.818762][T10069] usb 3-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 479.825268][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 479.836149][T10069] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 479.841781][T10076] gspca_stk1135: Sensor read failed [ 479.849555][T10069] usb 3-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 479.856361][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 479.864688][T10069] usb 3-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 479.864725][T10069] usb 3-1: config 7 interface 0 has no altsetting 0 [ 479.864796][T10069] usb 3-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 479.876760][T10076] gspca_stk1135: Sensor read failed [ 479.884231][T10069] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 479.895985][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 479.923309][T10076] gspca_stk1135: Sensor write failed [ 479.929210][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 479.935762][T10076] gspca_stk1135: Sensor write failed [ 479.944332][T10076] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71 [ 479.964686][T10076] usb 4-1: USB disconnect, device number 12 [ 480.022422][T10073] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 480.033812][T10073] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 480.051077][T10073] usb 1-1: USB disconnect, device number 11 [ 480.367695][T10069] input: HID 0458:5010 as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:7.0/0003:0458:5010.002F/input/input41 [ 480.549193][T10069] kye 0003:0458:5010.002F: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.2-1/input0 [ 481.095372][T10783] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 481.119432][T10783] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 481.216752][T10069] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 481.399238][T10069] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 481.411900][T10069] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 481.429748][T10069] usb 1-1: config 0 descriptor?? [ 481.800756][T10789] FAULT_INJECTION: forcing a failure. [ 481.800756][T10789] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 481.815127][T10789] CPU: 0 UID: 0 PID: 10789 Comm: syz.3.1808 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 481.815158][T10789] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 481.815173][T10789] Call Trace: [ 481.815182][T10789] [ 481.815192][T10789] dump_stack_lvl+0x189/0x250 [ 481.815222][T10789] ? __pfx____ratelimit+0x10/0x10 [ 481.815247][T10789] ? __pfx_dump_stack_lvl+0x10/0x10 [ 481.815273][T10789] ? __pfx__printk+0x10/0x10 [ 481.815299][T10789] ? __might_fault+0xb0/0x130 [ 481.815332][T10789] should_fail_ex+0x414/0x560 [ 481.815374][T10789] _copy_from_user+0x2d/0xb0 [ 481.815397][T10789] snd_seq_oss_write+0x515/0x930 [ 481.815461][T10789] ? __pfx_snd_seq_oss_write+0x10/0x10 [ 481.815497][T10789] ? common_file_perm+0x199/0x200 [ 481.815527][T10789] ? security_file_permission+0x75/0x290 [ 481.815565][T10789] odev_write+0x5a/0x80 [ 481.815592][T10789] ? __pfx_odev_write+0x10/0x10 [ 481.815621][T10789] vfs_write+0x27b/0xa90 [ 481.815653][T10789] ? __pfx_vfs_write+0x10/0x10 [ 481.815677][T10789] ? __fget_files+0x2a/0x420 [ 481.815707][T10789] ? __fget_files+0x2a/0x420 [ 481.815733][T10789] ? __fget_files+0x3a0/0x420 [ 481.815766][T10789] ? __fget_files+0x2a/0x420 [ 481.815803][T10789] ksys_write+0x145/0x250 [ 481.815828][T10789] ? __pfx_ksys_write+0x10/0x10 [ 481.815857][T10789] ? do_syscall_64+0xbe/0x3b0 [ 481.815886][T10789] do_syscall_64+0xfa/0x3b0 [ 481.815909][T10789] ? lockdep_hardirqs_on+0x9c/0x150 [ 481.815931][T10789] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 481.815952][T10789] ? clear_bhb_loop+0x60/0xb0 [ 481.815979][T10789] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 481.816000][T10789] RIP: 0033:0x7fcf8478e929 [ 481.816020][T10789] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 481.816038][T10789] RSP: 002b:00007fcf85602038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 481.816060][T10789] RAX: ffffffffffffffda RBX: 00007fcf849b5fa0 RCX: 00007fcf8478e929 [ 481.816076][T10789] RDX: 0000000000000232 RSI: 0000200000000840 RDI: 0000000000000003 [ 481.816090][T10789] RBP: 00007fcf85602090 R08: 0000000000000000 R09: 0000000000000000 [ 481.816104][T10789] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 481.816117][T10789] R13: 0000000000000000 R14: 00007fcf849b5fa0 R15: 00007ffe99591ee8 [ 481.816150][T10789] [ 482.208721][T10793] QAT: Invalid ioctl 21531 [ 482.215719][T10793] omfs: Invalid superblock (0) [ 482.335981][T10796] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 482.346247][T10796] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 482.356971][T10071] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 482.395574][T10076] usb 3-1: USB disconnect, device number 30 [ 482.536755][T10071] usb 4-1: Using ep0 maxpacket: 32 [ 482.546586][T10071] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 482.555960][T10071] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 482.564051][T10071] usb 4-1: Product: syz [ 482.568301][T10071] usb 4-1: Manufacturer: syz [ 482.572941][T10071] usb 4-1: SerialNumber: syz [ 482.580757][T10071] usb 4-1: config 0 descriptor?? [ 482.589914][T10071] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 482.776842][T10076] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 482.869757][T10781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 482.878677][T10781] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 482.890270][T10069] usb 1-1: Cannot set autoneg [ 482.899939][T10069] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 482.920565][T10069] usb 1-1: USB disconnect, device number 12 [ 482.930879][T10076] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 482.955106][T10076] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 482.969044][T10076] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid wMaxPacketSize 0 [ 482.979642][T10076] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 482.994371][T10076] usb 3-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 483.006566][T10076] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 483.026033][T10076] usb 3-1: config 0 descriptor?? [ 483.453408][T10076] plantronics 0003:047F:FFFF.0030: ignoring exceeding usage max [ 483.486046][T10076] plantronics 0003:047F:FFFF.0030: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.2-1/input0 [ 483.647867][T10799] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 483.669023][T10799] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 483.764746][T10069] usb 3-1: USB disconnect, device number 31 [ 484.103442][T10821] hfs: can't find a HFS filesystem on dev rnullb0 [ 484.426796][T10069] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 484.598873][T10069] usb 1-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 484.609362][T10069] usb 1-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 484.616741][T10076] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 484.621096][T10069] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 484.636766][T10069] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 484.647855][T10069] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 484.668185][T10069] usb 1-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 484.677584][T10069] usb 1-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 484.685643][T10069] usb 1-1: Product: syz [ 484.690676][T10069] usb 1-1: Manufacturer: syz [ 484.713417][T10069] cdc_wdm 1-1:1.0: skipping garbage [ 484.723868][T10069] cdc_wdm 1-1:1.0: skipping garbage [ 484.734228][T10069] cdc_wdm 1-1:1.0: cdc-wdm0: USB WDM device [ 484.741556][T10069] cdc_wdm 1-1:1.0: Unknown control protocol [ 484.778234][T10076] usb 3-1: Using ep0 maxpacket: 32 [ 484.791934][T10076] usb 3-1: config 0 has an invalid interface number: 67 but max is 0 [ 484.803735][T10076] usb 3-1: config 0 has no interface number 0 [ 484.816005][T10076] usb 3-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 484.826590][T10076] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 484.836177][T10076] usb 3-1: Product: syz [ 484.841783][T10076] usb 3-1: Manufacturer: syz [ 484.846427][T10076] usb 3-1: SerialNumber: syz [ 484.855586][T10076] usb 3-1: config 0 descriptor?? [ 484.866323][T10076] smsc95xx v2.0.0 [ 485.267402][T10076] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 485.278478][T10076] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 485.814699][T10071] gspca_stk1135: reg_w 0x353 err -71 [ 485.838138][T10071] gspca_stk1135: serial bus timeout: status=0x00 [ 485.844535][T10071] gspca_stk1135: Sensor write failed [ 485.854200][T10071] gspca_stk1135: serial bus timeout: status=0x00 [ 485.876742][T10071] gspca_stk1135: Sensor write failed [ 485.882126][T10071] gspca_stk1135: serial bus timeout: status=0x00 [ 485.889036][T10071] gspca_stk1135: Sensor read failed [ 485.894321][T10071] gspca_stk1135: serial bus timeout: status=0x00 [ 485.901910][T10071] gspca_stk1135: Sensor read failed [ 485.907532][T10071] gspca_stk1135: Detected sensor type unknown (0x0) [ 485.914254][T10071] gspca_stk1135: serial bus timeout: status=0x00 [ 485.921282][T10071] gspca_stk1135: Sensor read failed [ 485.926573][T10071] gspca_stk1135: serial bus timeout: status=0x00 [ 485.933511][T10071] gspca_stk1135: Sensor read failed [ 485.939124][T10071] gspca_stk1135: serial bus timeout: status=0x00 [ 485.945683][T10071] gspca_stk1135: Sensor write failed [ 485.951733][T10071] gspca_stk1135: serial bus timeout: status=0x00 [ 485.958499][T10071] gspca_stk1135: Sensor write failed [ 485.963998][T10071] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71 [ 485.975390][T10071] usb 4-1: USB disconnect, device number 13 [ 486.310580][T10076] smsc95xx 3-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 486.331303][T10076] smsc95xx 3-1:0.67: probe with driver smsc95xx failed with error -71 [ 486.346147][T10076] usb 3-1: USB disconnect, device number 32 [ 486.564356][T10841] tc_dump_action: action bad kind [ 486.651969][T10843] FAULT_INJECTION: forcing a failure. [ 486.651969][T10843] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 486.688287][T10843] CPU: 0 UID: 0 PID: 10843 Comm: syz.3.1828 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 486.688328][T10843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 486.688342][T10843] Call Trace: [ 486.688351][T10843] [ 486.688361][T10843] dump_stack_lvl+0x189/0x250 [ 486.688391][T10843] ? __pfx____ratelimit+0x10/0x10 [ 486.688417][T10843] ? __pfx_dump_stack_lvl+0x10/0x10 [ 486.688442][T10843] ? __pfx__printk+0x10/0x10 [ 486.688481][T10843] should_fail_ex+0x414/0x560 [ 486.688521][T10843] _copy_to_user+0x31/0xb0 [ 486.688546][T10843] msr_read+0x177/0x250 [ 486.688580][T10843] ? __pfx_msr_read+0x10/0x10 [ 486.688604][T10843] ? security_file_permission+0x75/0x290 [ 486.688641][T10843] ? rw_verify_area+0x258/0x650 [ 486.688663][T10843] ? __pfx_msr_read+0x10/0x10 [ 486.688690][T10843] vfs_read+0x1fd/0x980 [ 486.688723][T10843] ? __pfx_vfs_read+0x10/0x10 [ 486.688747][T10843] ? __fget_files+0x2a/0x420 [ 486.688778][T10843] ? __fget_files+0x2a/0x420 [ 486.688804][T10843] ? __fget_files+0x3a0/0x420 [ 486.688831][T10843] ? __fget_files+0x2a/0x420 [ 486.688869][T10843] ksys_read+0x145/0x250 [ 486.688894][T10843] ? __pfx_ksys_read+0x10/0x10 [ 486.688915][T10843] ? rcu_is_watching+0x15/0xb0 [ 486.688942][T10843] ? do_syscall_64+0xbe/0x3b0 [ 486.688972][T10843] do_syscall_64+0xfa/0x3b0 [ 486.688996][T10843] ? lockdep_hardirqs_on+0x9c/0x150 [ 486.689020][T10843] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.689041][T10843] ? clear_bhb_loop+0x60/0xb0 [ 486.689068][T10843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.689090][T10843] RIP: 0033:0x7fcf8478e929 [ 486.689110][T10843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 486.689131][T10843] RSP: 002b:00007fcf85602038 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 486.689154][T10843] RAX: ffffffffffffffda RBX: 00007fcf849b5fa0 RCX: 00007fcf8478e929 [ 486.689171][T10843] RDX: 0000000000018ff8 RSI: 0000200000019680 RDI: 0000000000000003 [ 486.689186][T10843] RBP: 00007fcf85602090 R08: 0000000000000000 R09: 0000000000000000 [ 486.689200][T10843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 486.689214][T10843] R13: 0000000000000000 R14: 00007fcf849b5fa0 R15: 00007ffe99591ee8 [ 486.689246][T10843] [ 486.722421][T10845] FAULT_INJECTION: forcing a failure. [ 486.722421][T10845] name failslab, interval 1, probability 0, space 0, times 0 [ 486.938489][T10845] CPU: 1 UID: 0 PID: 10845 Comm: syz.1.1829 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 486.938519][T10845] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 486.938533][T10845] Call Trace: [ 486.938542][T10845] [ 486.938551][T10845] dump_stack_lvl+0x189/0x250 [ 486.938580][T10845] ? __pfx____ratelimit+0x10/0x10 [ 486.938605][T10845] ? __pfx_dump_stack_lvl+0x10/0x10 [ 486.938629][T10845] ? __pfx__printk+0x10/0x10 [ 486.938669][T10845] should_fail_ex+0x414/0x560 [ 486.938711][T10845] should_failslab+0xa8/0x100 [ 486.938737][T10845] kmem_cache_alloc_noprof+0x73/0x3c0 [ 486.938772][T10845] ? __nf_conntrack_alloc+0x99/0x380 [ 486.938808][T10845] __nf_conntrack_alloc+0x99/0x380 [ 486.938846][T10845] init_conntrack+0x155/0xef0 [ 486.938886][T10845] ? __pfx_init_conntrack+0x10/0x10 [ 486.938922][T10845] ? __pfx___nf_conntrack_find_get+0x10/0x10 [ 486.938953][T10845] ? __siphash_unaligned+0x232/0x3b0 [ 486.938985][T10845] nf_conntrack_in+0xbf2/0x1600 [ 486.939040][T10845] ? __pfx_nf_conntrack_in+0x10/0x10 [ 486.939075][T10845] ? ip6t_do_table+0x1db/0x1560 [ 486.939108][T10845] ? __pfx_ip6t_do_table+0x10/0x10 [ 486.939143][T10845] ? NF_HOOK+0x9a/0x3a0 [ 486.939188][T10845] ? ipv6_defrag+0x2d6/0x3b0 [ 486.939220][T10845] ? __pfx_ipv6_conntrack_in+0x10/0x10 [ 486.939249][T10845] nf_hook_slow+0xc5/0x220 [ 486.939280][T10845] NF_HOOK+0x206/0x3a0 [ 486.939308][T10845] ? skb_orphan+0x4c/0xd0 [ 486.939351][T10845] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 486.939380][T10845] ? NF_HOOK+0x9a/0x3a0 [ 486.939409][T10845] ? __pfx_NF_HOOK+0x10/0x10 [ 486.939442][T10845] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 486.939485][T10845] __netif_receive_skb+0xd3/0x380 [ 486.939514][T10845] ? netif_receive_skb+0x115/0x790 [ 486.939536][T10845] netif_receive_skb+0x1cb/0x790 [ 486.939557][T10845] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 486.939593][T10845] ? __pfx_netif_receive_skb+0x10/0x10 [ 486.939621][T10845] ? tun_rx_batched+0x160/0x730 [ 486.939656][T10845] tun_rx_batched+0x1b9/0x730 [ 486.939705][T10845] ? __lock_acquire+0xab9/0xd20 [ 486.939743][T10845] ? __pfx_tun_rx_batched+0x10/0x10 [ 486.939791][T10845] ? tun_get_user+0x2549/0x3ce0 [ 486.939837][T10845] tun_get_user+0x298e/0x3ce0 [ 486.939869][T10845] ? tun_get_user+0x693/0x3ce0 [ 486.939899][T10845] ? tun_get_user+0x2549/0x3ce0 [ 486.939944][T10845] ? __pfx_tun_get_user+0x10/0x10 [ 486.939982][T10845] ? __lock_acquire+0xab9/0xd20 [ 486.940019][T10845] ? ref_tracker_alloc+0x318/0x460 [ 486.940039][T10845] ? __lock_acquire+0xab9/0xd20 [ 486.940072][T10845] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 486.940101][T10845] ? tun_get+0x1c/0x2f0 [ 486.940154][T10845] ? tun_get+0x1c/0x2f0 [ 486.940185][T10845] ? tun_get+0x1c/0x2f0 [ 486.940221][T10845] tun_chr_write_iter+0x113/0x200 [ 486.940256][T10845] vfs_write+0x548/0xa90 [ 486.940285][T10845] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 486.940317][T10845] ? __pfx_vfs_write+0x10/0x10 [ 486.940361][T10845] ? __fget_files+0x2a/0x420 [ 486.940401][T10845] ksys_write+0x145/0x250 [ 486.940429][T10845] ? __pfx_ksys_write+0x10/0x10 [ 486.940449][T10845] ? rcu_is_watching+0x15/0xb0 [ 486.940478][T10845] ? do_syscall_64+0xbe/0x3b0 [ 486.940508][T10845] do_syscall_64+0xfa/0x3b0 [ 486.940533][T10845] ? lockdep_hardirqs_on+0x9c/0x150 [ 486.940556][T10845] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.940578][T10845] ? clear_bhb_loop+0x60/0xb0 [ 486.940606][T10845] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 486.940628][T10845] RIP: 0033:0x7fc26d38e929 [ 486.940647][T10845] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 486.940668][T10845] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 486.940692][T10845] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929 [ 486.940709][T10845] RDX: 0000000000000082 RSI: 00002000000001c0 RDI: 0000000000000004 [ 486.940735][T10845] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 486.940748][T10845] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 486.940761][T10845] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378 [ 486.940795][T10845] [ 487.412839][T10071] usb 1-1: USB disconnect, device number 13 [ 487.801773][T10864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 487.826341][T10864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 487.838778][T10864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 487.840475][T10866] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 487.850419][T10864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 487.870232][T10864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 487.881580][T10866] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 487.892609][T10864] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 487.899032][T10866] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 487.947385][T10076] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 488.116816][T10076] usb 3-1: Using ep0 maxpacket: 32 [ 488.134288][T10076] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 488.146661][T10076] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 488.154757][T10076] usb 3-1: Product: syz [ 488.159219][T10076] usb 3-1: Manufacturer: syz [ 488.163996][T10076] usb 3-1: SerialNumber: syz [ 488.187262][T10076] usb 3-1: config 0 descriptor?? [ 488.209482][T10076] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 488.551047][T10886] FAULT_INJECTION: forcing a failure. [ 488.551047][T10886] name failslab, interval 1, probability 0, space 0, times 0 [ 488.584260][T10886] CPU: 0 UID: 0 PID: 10886 Comm: syz.1.1845 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 488.584293][T10886] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 488.584308][T10886] Call Trace: [ 488.584320][T10886] [ 488.584331][T10886] dump_stack_lvl+0x189/0x250 [ 488.584361][T10886] ? __pfx____ratelimit+0x10/0x10 [ 488.584386][T10886] ? __pfx_dump_stack_lvl+0x10/0x10 [ 488.584419][T10886] ? __pfx__printk+0x10/0x10 [ 488.584453][T10886] ? ref_tracker_alloc+0x318/0x460 [ 488.584480][T10886] should_fail_ex+0x414/0x560 [ 488.584521][T10886] should_failslab+0xa8/0x100 [ 488.584548][T10886] kmem_cache_alloc_noprof+0x73/0x3c0 [ 488.584584][T10886] ? skb_clone+0x212/0x3a0 [ 488.584622][T10886] skb_clone+0x212/0x3a0 [ 488.584659][T10886] __netlink_deliver_tap+0x404/0x850 [ 488.584700][T10886] ? netlink_deliver_tap+0x2e/0x1b0 [ 488.584728][T10886] netlink_deliver_tap+0x19c/0x1b0 [ 488.584757][T10886] netlink_unicast+0x72f/0x8d0 [ 488.584793][T10886] netlink_sendmsg+0x805/0xb30 [ 488.584831][T10886] ? __pfx_netlink_sendmsg+0x10/0x10 [ 488.584862][T10886] ? aa_sock_msg_perm+0xf1/0x1d0 [ 488.584891][T10886] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 488.584921][T10886] ? __pfx_netlink_sendmsg+0x10/0x10 [ 488.584949][T10886] __sock_sendmsg+0x219/0x270 [ 488.584977][T10886] ____sys_sendmsg+0x505/0x830 [ 488.585015][T10886] ? __pfx_____sys_sendmsg+0x10/0x10 [ 488.585057][T10886] ? import_iovec+0x74/0xa0 [ 488.585084][T10886] ___sys_sendmsg+0x21f/0x2a0 [ 488.585118][T10886] ? __pfx____sys_sendmsg+0x10/0x10 [ 488.585191][T10886] ? __fget_files+0x2a/0x420 [ 488.585219][T10886] ? __fget_files+0x3a0/0x420 [ 488.585259][T10886] __x64_sys_sendmsg+0x19b/0x260 [ 488.585294][T10886] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 488.585349][T10886] ? __pfx_ksys_write+0x10/0x10 [ 488.585370][T10886] ? rcu_is_watching+0x15/0xb0 [ 488.585398][T10886] ? do_syscall_64+0xbe/0x3b0 [ 488.585442][T10886] do_syscall_64+0xfa/0x3b0 [ 488.585465][T10886] ? lockdep_hardirqs_on+0x9c/0x150 [ 488.585488][T10886] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.585509][T10886] ? clear_bhb_loop+0x60/0xb0 [ 488.585536][T10886] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 488.585556][T10886] RIP: 0033:0x7fc26d38e929 [ 488.585575][T10886] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 488.585595][T10886] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 488.585618][T10886] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929 [ 488.585634][T10886] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 488.585648][T10886] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 488.585662][T10886] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 488.585675][T10886] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378 [ 488.585708][T10886] [ 488.952727][T10888] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 489.010672][T10888] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 489.027137][T10888] netlink: 104 bytes leftover after parsing attributes in process `syz.1.1847'. [ 489.501776][T10905] /dev/rnullb0: Can't open blockdev [ 489.701037][T10071] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 489.859296][T10071] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 489.870228][T10071] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 489.883141][T10071] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 489.892259][T10071] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 489.903851][T10071] usb 1-1: config 0 descriptor?? [ 489.957596][T10069] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 490.086875][T10069] usb 4-1: device descriptor read/64, error -71 [ 490.318627][T10071] kovaplus 0003:1E7D:2D50.0031: report_id 1654844164 is invalid [ 490.331043][T10071] kovaplus 0003:1E7D:2D50.0031: item 0 4 1 8 parsing failed [ 490.339554][T10071] kovaplus 0003:1E7D:2D50.0031: parse failed [ 490.345790][T10069] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 490.355228][T10071] kovaplus 0003:1E7D:2D50.0031: probe with driver kovaplus failed with error -22 [ 490.486949][T10069] usb 4-1: device descriptor read/64, error -71 [ 490.517781][T10924] overlay: ./file0 is not a directory [ 490.598034][T10069] usb usb4-port1: attempt power cycle [ 490.946802][T10069] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 490.977537][T10069] usb 4-1: device descriptor read/8, error -71 [ 491.216815][T10069] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 491.238694][T10069] usb 4-1: device descriptor read/8, error -71 [ 491.260783][T10929] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 491.271064][T10929] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 491.349466][T10069] usb usb4-port1: unable to enumerate USB device [ 491.385899][T10935] /dev/rnullb0: Can't open blockdev [ 491.400928][T10935] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 491.410656][T10935] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 491.597093][T10076] gspca_stk1135: reg_w 0x353 err -71 [ 491.603530][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 491.610014][T10076] gspca_stk1135: Sensor write failed [ 491.615439][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 491.621897][T10076] gspca_stk1135: Sensor write failed [ 491.627274][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 491.633635][T10076] gspca_stk1135: Sensor read failed [ 491.639018][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 491.645381][T10076] gspca_stk1135: Sensor read failed [ 491.651509][T10076] gspca_stk1135: Detected sensor type unknown (0x0) [ 491.658293][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 491.664639][T10076] gspca_stk1135: Sensor read failed [ 491.670360][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 491.676780][T10076] gspca_stk1135: Sensor read failed [ 491.682022][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 491.688597][T10076] gspca_stk1135: Sensor write failed [ 491.693942][T10076] gspca_stk1135: serial bus timeout: status=0x00 [ 491.700437][T10076] gspca_stk1135: Sensor write failed [ 491.705824][T10076] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71 [ 491.720183][T10076] usb 3-1: USB disconnect, device number 33 [ 491.959822][T10937] FAULT_INJECTION: forcing a failure. [ 491.959822][T10937] name failslab, interval 1, probability 0, space 0, times 0 [ 491.974045][T10937] CPU: 1 UID: 0 PID: 10937 Comm: syz.1.1860 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 491.974077][T10937] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 491.974105][T10937] Call Trace: [ 491.974114][T10937] [ 491.974123][T10937] dump_stack_lvl+0x189/0x250 [ 491.974153][T10937] ? __pfx____ratelimit+0x10/0x10 [ 491.974177][T10937] ? __pfx_dump_stack_lvl+0x10/0x10 [ 491.974202][T10937] ? __pfx__printk+0x10/0x10 [ 491.974233][T10937] ? ref_tracker_alloc+0x318/0x460 [ 491.974260][T10937] should_fail_ex+0x414/0x560 [ 491.974298][T10937] should_failslab+0xa8/0x100 [ 491.974324][T10937] kmem_cache_alloc_noprof+0x73/0x3c0 [ 491.974358][T10937] ? skb_clone+0x212/0x3a0 [ 491.974395][T10937] skb_clone+0x212/0x3a0 [ 491.974430][T10937] __netlink_deliver_tap+0x404/0x850 [ 491.974469][T10937] ? netlink_deliver_tap+0x2e/0x1b0 [ 491.974497][T10937] netlink_deliver_tap+0x19c/0x1b0 [ 491.974524][T10937] netlink_unicast+0x72f/0x8d0 [ 491.974558][T10937] netlink_sendmsg+0x805/0xb30 [ 491.974594][T10937] ? __pfx_netlink_sendmsg+0x10/0x10 [ 491.974623][T10937] ? aa_sock_msg_perm+0xf1/0x1d0 [ 491.974650][T10937] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 491.974679][T10937] ? __pfx_netlink_sendmsg+0x10/0x10 [ 491.974705][T10937] __sock_sendmsg+0x219/0x270 [ 491.974730][T10937] ____sys_sendmsg+0x505/0x830 [ 491.974767][T10937] ? __pfx_____sys_sendmsg+0x10/0x10 [ 491.974795][T10937] ? import_iovec+0x74/0xa0 [ 491.974812][T10937] ___sys_sendmsg+0x21f/0x2a0 [ 491.974835][T10937] ? __pfx____sys_sendmsg+0x10/0x10 [ 491.974882][T10937] ? __fget_files+0x2a/0x420 [ 491.974909][T10937] ? __fget_files+0x3a0/0x420 [ 491.974935][T10937] __x64_sys_sendmsg+0x19b/0x260 [ 491.974958][T10937] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 491.974987][T10937] ? __pfx_ksys_write+0x10/0x10 [ 491.975001][T10937] ? rcu_is_watching+0x15/0xb0 [ 491.975020][T10937] ? do_syscall_64+0xbe/0x3b0 [ 491.975040][T10937] do_syscall_64+0xfa/0x3b0 [ 491.975056][T10937] ? lockdep_hardirqs_on+0x9c/0x150 [ 491.975072][T10937] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.975087][T10937] ? clear_bhb_loop+0x60/0xb0 [ 491.975106][T10937] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 491.975121][T10937] RIP: 0033:0x7fc26d38e929 [ 491.975134][T10937] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 491.975149][T10937] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 491.975165][T10937] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929 [ 491.975177][T10937] RDX: 0000000000000000 RSI: 0000200000000580 RDI: 0000000000000004 [ 491.975187][T10937] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 491.975196][T10937] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 491.975205][T10937] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378 [ 491.975227][T10937] [ 492.262458][ C1] vkms_vblank_simulate: vblank timer overrun [ 492.442161][ T30] kauditd_printk_skb: 16 callbacks suppressed [ 492.442181][ T30] audit: type=1326 audit(1750977082.414:35): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10943 comm="syz.1.1863" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7fc26d38e929 code=0x0 [ 492.987712][T10959] overlayfs: failed to get inode (-116) [ 492.994373][T10959] overlayfs: failed to get inode (-116) [ 493.084408][T10961] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1869'. [ 493.107294][T10961] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1869'. [ 493.216278][T10967] /dev/rnullb0: Can't open blockdev [ 493.392340][T10073] usb 1-1: USB disconnect, device number 14 [ 493.506959][T10069] usb 3-1: new high-speed USB device number 34 using dummy_hcd [ 493.666827][T10069] usb 3-1: Using ep0 maxpacket: 32 [ 493.679995][T10986] binder: BINDER_SET_CONTEXT_MGR already set [ 493.686087][T10069] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 493.686258][T10986] binder: 10983:10986 ioctl 4018620d 200000000040 returned -16 [ 493.704886][T10069] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 493.718249][T10069] usb 3-1: Product: syz [ 493.723948][T10069] usb 3-1: Manufacturer: syz [ 493.736786][T10069] usb 3-1: SerialNumber: syz [ 493.744456][T10069] usb 3-1: config 0 descriptor?? [ 493.757260][T10069] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 493.810188][T10988] /dev/rnullb0: Can't open blockdev [ 493.874501][T10991] netlink: 'syz.0.1882': attribute type 27 has an invalid length. [ 493.887279][T10076] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 493.973570][T10991] CUSE: info not properly terminated [ 494.016778][T10076] usb 4-1: device descriptor read/64, error -71 [ 494.256732][T10076] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 494.296842][T10073] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 494.356550][T10999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 494.365537][T10999] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 494.381868][T10999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 494.392203][T10999] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 494.400160][T10076] usb 4-1: device descriptor read/64, error -71 [ 494.404037][T10999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 494.417456][T10999] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 494.428678][T10999] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 494.438097][T10999] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 494.480331][T10073] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 494.491396][T10073] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 494.501239][T10073] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 494.514433][T10076] usb usb4-port1: attempt power cycle [ 494.514476][T10073] usb 1-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 494.529191][T10073] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 494.540484][T10073] usb 1-1: config 0 descriptor?? [ 494.866741][T10076] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 494.887548][T10076] usb 4-1: device descriptor read/8, error -71 [ 494.971151][T10073] plantronics 0003:047F:FFFF.0032: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.0-1/input0 [ 495.126892][T10076] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 495.147991][T10076] usb 4-1: device descriptor read/8, error -71 [ 495.194572][T11006] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 495.206403][T11006] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 495.257051][T10076] usb usb4-port1: unable to enumerate USB device [ 495.952590][T11013] syzkaller1: entered promiscuous mode [ 495.958308][T11013] syzkaller1: entered allmulticast mode [ 496.166946][ C1] plantronics 0003:047F:FFFF.0032: usb_submit_urb(ctrl) failed: -1 [ 496.862148][T11024] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1895'. [ 496.862472][T11025] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1895'. [ 496.864227][T11024] netlink: 60 bytes leftover after parsing attributes in process `syz.0.1895'. [ 496.959625][T10076] usb 1-1: USB disconnect, device number 15 [ 496.997413][T10069] gspca_stk1135: reg_w 0x353 err -71 [ 497.011523][T10069] gspca_stk1135: serial bus timeout: status=0x00 [ 497.019066][T10069] gspca_stk1135: Sensor write failed [ 497.024965][T10069] gspca_stk1135: serial bus timeout: status=0x00 [ 497.024984][T10069] gspca_stk1135: Sensor write failed [ 497.025021][T10069] gspca_stk1135: serial bus timeout: status=0x00 [ 497.025033][T10069] gspca_stk1135: Sensor read failed [ 497.025069][T10069] gspca_stk1135: serial bus timeout: status=0x00 [ 497.025081][T10069] gspca_stk1135: Sensor read failed [ 497.025091][T10069] gspca_stk1135: Detected sensor type unknown (0x0) [ 497.025132][T10069] gspca_stk1135: serial bus timeout: status=0x00 [ 497.025144][T10069] gspca_stk1135: Sensor read failed [ 497.025179][T10069] gspca_stk1135: serial bus timeout: status=0x00 [ 497.025191][T10069] gspca_stk1135: Sensor read failed [ 497.025227][T10069] gspca_stk1135: serial bus timeout: status=0x00 [ 497.025239][T10069] gspca_stk1135: Sensor write failed [ 497.025275][T10069] gspca_stk1135: serial bus timeout: status=0x00 [ 497.025287][T10069] gspca_stk1135: Sensor write failed [ 497.025369][T10069] stk1135 3-1:0.0: probe with driver stk1135 failed with error -71 [ 497.038011][T10069] usb 3-1: USB disconnect, device number 34 [ 497.586700][T10073] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 497.698954][T11044] /dev/rnullb0: Can't open blockdev [ 497.736729][T10073] usb 4-1: device descriptor read/64, error -71 [ 498.026726][T10073] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 498.176699][T10073] usb 4-1: device descriptor read/64, error -71 [ 498.216880][T10076] usb 3-1: new high-speed USB device number 35 using dummy_hcd [ 498.287343][T10073] usb usb4-port1: attempt power cycle [ 498.306547][T11050] FAULT_INJECTION: forcing a failure. [ 498.306547][T11050] name failslab, interval 1, probability 0, space 0, times 0 [ 498.337421][T11050] CPU: 1 UID: 0 PID: 11050 Comm: syz.1.1903 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 498.337452][T11050] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 498.337466][T11050] Call Trace: [ 498.337474][T11050] [ 498.337484][T11050] dump_stack_lvl+0x189/0x250 [ 498.337513][T11050] ? __pfx____ratelimit+0x10/0x10 [ 498.337538][T11050] ? __pfx_dump_stack_lvl+0x10/0x10 [ 498.337561][T11050] ? __pfx__printk+0x10/0x10 [ 498.337592][T11050] ? __pfx___might_resched+0x10/0x10 [ 498.337618][T11050] should_fail_ex+0x414/0x560 [ 498.337656][T11050] ? io_alloc_cache_init+0x3d/0x140 [ 498.337676][T11050] should_failslab+0xa8/0x100 [ 498.337701][T11050] __kvmalloc_node_noprof+0x161/0x5f0 [ 498.337733][T11050] ? io_alloc_cache_init+0x3d/0x140 [ 498.337754][T11050] ? __raw_spin_lock_init+0x45/0x100 [ 498.337784][T11050] io_alloc_cache_init+0x3d/0x140 [ 498.337809][T11050] io_ring_ctx_alloc+0x3f5/0xae0 [ 498.337840][T11050] io_uring_create+0x130/0xb60 [ 498.337871][T11050] __se_sys_io_uring_setup+0x264/0x270 [ 498.337900][T11050] ? __pfx___se_sys_io_uring_setup+0x10/0x10 [ 498.337939][T11050] ? rcu_is_watching+0x15/0xb0 [ 498.337966][T11050] ? do_syscall_64+0xbe/0x3b0 [ 498.337995][T11050] do_syscall_64+0xfa/0x3b0 [ 498.338018][T11050] ? lockdep_hardirqs_on+0x9c/0x150 [ 498.338041][T11050] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.338062][T11050] ? clear_bhb_loop+0x60/0xb0 [ 498.338089][T11050] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 498.338109][T11050] RIP: 0033:0x7fc26d38e929 [ 498.338128][T11050] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 498.338148][T11050] RSP: 002b:00007fc26b1d4fc8 EFLAGS: 00000202 ORIG_RAX: 00000000000001a9 [ 498.338171][T11050] RAX: ffffffffffffffda RBX: 00007fc26d5b6080 RCX: 00007fc26d38e929 [ 498.338188][T11050] RDX: 0000200000ffe000 RSI: 0000200000000040 RDI: 00000000000018d7 [ 498.338202][T11050] RBP: 0000200000000040 R08: 0000000000000000 R09: 0000200000ffe000 [ 498.338216][T11050] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000001 [ 498.338229][T11050] R13: 0000200000ffe000 R14: 00000000000018d7 R15: 0000200000ffe000 [ 498.338261][T11050] [ 498.581880][T10076] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 498.591660][T10076] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 498.601453][T10076] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 498.665397][T10076] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 498.674928][T10076] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 498.691510][T10076] usb 3-1: Product: syz [ 498.695721][T10076] usb 3-1: Manufacturer: syz [ 498.714717][T10076] usb 3-1: SerialNumber: syz [ 498.745262][T10076] hub 3-1:1.0: bad descriptor, ignoring hub [ 498.754165][T10076] hub 3-1:1.0: probe with driver hub failed with error -5 [ 498.846925][T10073] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 498.867629][T10073] usb 4-1: device descriptor read/8, error -71 [ 498.957859][T10076] usblp 3-1:1.0: usblp0: USB Unidirectional printer dev 35 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 499.116950][T10073] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 499.147530][T10073] usb 4-1: device descriptor read/8, error -71 [ 499.193031][T11065] FAULT_INJECTION: forcing a failure. [ 499.193031][T11065] name failslab, interval 1, probability 0, space 0, times 0 [ 499.207173][T11065] CPU: 0 UID: 0 PID: 11065 Comm: syz.1.1909 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 499.207203][T11065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 499.207216][T11065] Call Trace: [ 499.207225][T11065] [ 499.207234][T11065] dump_stack_lvl+0x189/0x250 [ 499.207263][T11065] ? __pfx____ratelimit+0x10/0x10 [ 499.207286][T11065] ? __pfx_dump_stack_lvl+0x10/0x10 [ 499.207311][T11065] ? __pfx__printk+0x10/0x10 [ 499.207342][T11065] ? __pfx___might_resched+0x10/0x10 [ 499.207362][T11065] ? fs_reclaim_acquire+0x7d/0x100 [ 499.207393][T11065] should_fail_ex+0x414/0x560 [ 499.207432][T11065] should_failslab+0xa8/0x100 [ 499.207458][T11065] __kmalloc_noprof+0xcb/0x4f0 [ 499.207478][T11065] ? iter_file_splice_write+0x1cb/0x1000 [ 499.207510][T11065] iter_file_splice_write+0x1cb/0x1000 [ 499.207564][T11065] ? __pfx_iter_file_splice_write+0x10/0x10 [ 499.207608][T11065] ? rcu_read_lock_any_held+0xb3/0x120 [ 499.207632][T11065] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 499.207656][T11065] ? ovl_real_file_path+0x145/0x310 [ 499.207688][T11065] backing_file_splice_write+0x3be/0x5e0 [ 499.207730][T11065] ovl_splice_write+0x3b7/0x4e0 [ 499.207750][T11065] ? __lock_acquire+0xab9/0xd20 [ 499.207788][T11065] ? __pfx_ovl_splice_write+0x10/0x10 [ 499.207810][T11065] ? __pfx_ovl_file_end_write+0x10/0x10 [ 499.207834][T11065] ? rcu_read_lock_any_held+0xb3/0x120 [ 499.207872][T11065] ? __pfx_ovl_splice_write+0x10/0x10 [ 499.207895][T11065] direct_splice_actor+0xfe/0x160 [ 499.207925][T11065] splice_direct_to_actor+0x5a8/0xcc0 [ 499.207973][T11065] ? __pfx_direct_splice_actor+0x10/0x10 [ 499.207999][T11065] ? __pfx_splice_direct_to_actor+0x10/0x10 [ 499.208038][T11065] do_splice_direct+0x181/0x270 [ 499.208066][T11065] ? __pfx_do_splice_direct+0x10/0x10 [ 499.208093][T11065] ? __pfx_direct_file_splice_eof+0x10/0x10 [ 499.208128][T11065] ? rw_verify_area+0x258/0x650 [ 499.208155][T11065] do_sendfile+0x4da/0x7e0 [ 499.208194][T11065] ? __pfx_do_sendfile+0x10/0x10 [ 499.208239][T11065] __se_sys_sendfile64+0xd9/0x190 [ 499.208270][T11065] ? __pfx___se_sys_sendfile64+0x10/0x10 [ 499.208296][T11065] ? rcu_is_watching+0x15/0xb0 [ 499.208323][T11065] ? do_syscall_64+0xbe/0x3b0 [ 499.208351][T11065] do_syscall_64+0xfa/0x3b0 [ 499.208372][T11065] ? lockdep_hardirqs_on+0x9c/0x150 [ 499.208394][T11065] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.208415][T11065] ? clear_bhb_loop+0x60/0xb0 [ 499.208442][T11065] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 499.208462][T11065] RIP: 0033:0x7fc26d38e929 [ 499.208481][T11065] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 499.208500][T11065] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000028 [ 499.208523][T11065] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929 [ 499.208540][T11065] RDX: 0000200000000080 RSI: 0000000000000003 RDI: 0000000000000003 [ 499.208554][T11065] RBP: 00007fc26b1f6090 R08: 0000000000000000 R09: 0000000000000000 [ 499.208568][T11065] R10: 0000000000007f03 R11: 0000000000000246 R12: 0000000000000002 [ 499.208581][T11065] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378 [ 499.208621][T11065] [ 499.532633][ C0] vkms_vblank_simulate: vblank timer overrun [ 499.540153][T10073] usb usb4-port1: unable to enumerate USB device [ 499.546899][T10076] usb 3-1: USB disconnect, device number 35 [ 499.556484][T10076] usblp0: removed [ 499.624560][T11067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 499.633736][T11067] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 499.656132][T11067] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 499.667089][T11067] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 499.679958][T11069] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1911'. [ 499.846274][T11067] /dev/rnullb0: Can't open blockdev [ 500.246737][T10076] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 500.396713][T10076] usb 1-1: Using ep0 maxpacket: 32 [ 500.419940][T10076] usb 1-1: unable to get BOS descriptor or descriptor too short [ 500.433970][T10076] usb 1-1: config 128 has an invalid interface number: 127 but max is 3 [ 500.442826][T10076] usb 1-1: config 128 has an invalid descriptor of length 0, skipping remainder of the config [ 500.458504][T10076] usb 1-1: config 128 has 1 interface, different from the descriptor's value: 4 [ 500.469487][T10076] usb 1-1: config 128 has no interface number 0 [ 500.475795][T10076] usb 1-1: config 128 interface 127 altsetting 14 has an invalid descriptor for endpoint zero, skipping [ 500.491185][T10076] usb 1-1: config 128 interface 127 has no altsetting 0 [ 500.513416][T10076] usb 1-1: New USB device found, idVendor=0582, idProduct=295c, bcdDevice=d4.55 [ 500.535932][T10076] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 500.559348][T10076] usb 1-1: Product: syz [ 500.563550][T10076] usb 1-1: Manufacturer: Ї [ 500.572498][T10076] usb 1-1: SerialNumber: syz [ 500.605990][T11084] netdevsim netdevsim1: Direct firmware load for .. failed with error -2 [ 500.620328][T11084] netdevsim netdevsim1: Falling back to sysfs fallback for: .. [ 501.422340][T11086] syz.1.1916 (11086) used greatest stack depth: 16184 bytes left [ 501.552381][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 501.566715][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 504.303944][T10076] usb 1-1: USB disconnect, device number 16 [ 504.519596][T10710] udevd[10710]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:128.127/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 508.515332][T11162] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 509.947263][T10072] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 510.253899][T10072] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 510.383513][T10072] usb 4-1: New USB device found, idVendor=28bd, idProduct=0933, bcdDevice= 0.00 [ 510.403949][T10072] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 510.476346][T10072] usb 4-1: config 0 descriptor?? [ 510.929010][T10072] input: HID 28bd:0933 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:28BD:0933.0033/input/input42 [ 511.023263][T10072] uclogic 0003:28BD:0933.0033: input,hidraw0: USB HID v0.00 Mouse [HID 28bd:0933] on usb-dummy_hcd.3-1/input0 [ 511.133145][T10072] usb 4-1: USB disconnect, device number 26 [ 511.167727][T11206] fido_id[11206]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/4-1/report_descriptor': No such file or directory [ 511.697459][T11210] sctp: [Deprecated]: syz.1.1954 (pid 11210) Use of int in max_burst socket option deprecated. [ 511.697459][T11210] Use struct sctp_assoc_value instead [ 512.215525][T11216] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 512.224607][T11216] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 514.135980][T10072] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 514.368643][T10072] usb 4-1: Using ep0 maxpacket: 32 [ 514.761234][T10072] usb 4-1: unable to get BOS descriptor or descriptor too short [ 514.774955][T10072] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 514.938853][T10072] usb 4-1: can't read configurations, error -71 [ 515.763013][T11252] tipc: Enabling of bearer rejected, failed to enable media [ 515.821297][T11252] syzkaller0: entered promiscuous mode [ 515.840126][T11252] syzkaller0: entered allmulticast mode [ 516.097304][ T5874] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 516.275035][ T5874] usb 1-1: Using ep0 maxpacket: 32 [ 516.291349][ T5874] usb 1-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 516.318246][ T5874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 516.348157][ T5874] usb 1-1: Product: syz [ 516.358889][ T5874] usb 1-1: Manufacturer: syz [ 516.363500][ T5874] usb 1-1: SerialNumber: syz [ 516.411918][ T5874] usb 1-1: config 0 descriptor?? [ 516.427673][ T5874] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 516.676962][T10072] usb 4-1: new full-speed USB device number 29 using dummy_hcd [ 516.852142][T10072] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 516.863280][T10072] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 517.075256][T10072] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 517.085532][T10072] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 5 [ 517.099701][T10072] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 517.109524][T10072] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 517.118273][T10072] usb 4-1: Manufacturer: syz [ 517.125887][T10072] usb 4-1: config 0 descriptor?? [ 517.345300][T11267] ================================================================== [ 517.353422][T11267] BUG: KASAN: slab-out-of-bounds in pause_parse_request+0x40/0x160 [ 517.361436][T11267] Read of size 8 at addr ffff88802740e030 by task syz.1.1973/11267 [ 517.369352][T11267] [ 517.371696][T11267] CPU: 1 UID: 0 PID: 11267 Comm: syz.1.1973 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 517.371725][T11267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 517.371740][T11267] Call Trace: [ 517.371750][T11267] [ 517.371759][T11267] dump_stack_lvl+0x189/0x250 [ 517.371787][T11267] ? __virt_addr_valid+0x1c8/0x5c0 [ 517.371814][T11267] ? rcu_is_watching+0x15/0xb0 [ 517.371834][T11267] ? __kasan_check_byte+0x12/0x40 [ 517.371858][T11267] ? __pfx_dump_stack_lvl+0x10/0x10 [ 517.371881][T11267] ? rcu_is_watching+0x15/0xb0 [ 517.371902][T11267] ? lock_release+0x4b/0x3e0 [ 517.371935][T11267] ? __virt_addr_valid+0x1c8/0x5c0 [ 517.371961][T11267] ? __virt_addr_valid+0x4a5/0x5c0 [ 517.371987][T11267] print_report+0xd2/0x2b0 [ 517.372016][T11267] ? pause_parse_request+0x40/0x160 [ 517.372038][T11267] kasan_report+0x118/0x150 [ 517.372062][T11267] ? pause_parse_request+0x40/0x160 [ 517.372088][T11267] ? __pfx_pause_parse_request+0x10/0x10 [ 517.372111][T11267] pause_parse_request+0x40/0x160 [ 517.372135][T11267] ? __pfx_pause_parse_request+0x10/0x10 [ 517.372159][T11267] ethnl_default_set_doit+0x2be/0xa40 [ 517.372188][T11267] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 517.372233][T11267] genl_family_rcv_msg_doit+0x212/0x300 [ 517.372270][T11267] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 517.372310][T11267] ? bpf_lsm_capable+0x9/0x20 [ 517.372332][T11267] ? security_capable+0x7e/0x2e0 [ 517.372360][T11267] genl_rcv_msg+0x60e/0x790 [ 517.372394][T11267] ? __pfx_genl_rcv_msg+0x10/0x10 [ 517.372425][T11267] ? ref_tracker_free+0x63a/0x7d0 [ 517.372447][T11267] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 517.372476][T11267] ? __pfx_ref_tracker_free+0x10/0x10 [ 517.372505][T11267] netlink_rcv_skb+0x205/0x470 [ 517.372530][T11267] ? __pfx_genl_rcv_msg+0x10/0x10 [ 517.372562][T11267] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 517.372596][T11267] ? down_read+0x1ad/0x2e0 [ 517.372624][T11267] genl_rcv+0x28/0x40 [ 517.372654][T11267] netlink_unicast+0x758/0x8d0 [ 517.372682][T11267] netlink_sendmsg+0x805/0xb30 [ 517.372712][T11267] ? __pfx_netlink_sendmsg+0x10/0x10 [ 517.372740][T11267] ? aa_sock_msg_perm+0xf1/0x1d0 [ 517.372765][T11267] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 517.372795][T11267] ? __pfx_netlink_sendmsg+0x10/0x10 [ 517.372821][T11267] __sock_sendmsg+0x219/0x270 [ 517.372845][T11267] ____sys_sendmsg+0x505/0x830 [ 517.372896][T11267] ? __pfx_____sys_sendmsg+0x10/0x10 [ 517.372939][T11267] ? import_iovec+0x74/0xa0 [ 517.372962][T11267] ___sys_sendmsg+0x21f/0x2a0 [ 517.372995][T11267] ? __pfx____sys_sendmsg+0x10/0x10 [ 517.373045][T11267] ? __fget_files+0x2a/0x420 [ 517.373073][T11267] ? __fget_files+0x3a0/0x420 [ 517.373107][T11267] __x64_sys_sendmsg+0x19b/0x260 [ 517.373140][T11267] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 517.373177][T11267] ? rcu_is_watching+0x15/0xb0 [ 517.373201][T11267] ? do_syscall_64+0xbe/0x3b0 [ 517.373236][T11267] do_syscall_64+0xfa/0x3b0 [ 517.373260][T11267] ? lockdep_hardirqs_on+0x9c/0x150 [ 517.373284][T11267] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.373306][T11267] ? clear_bhb_loop+0x60/0xb0 [ 517.373332][T11267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.373354][T11267] RIP: 0033:0x7fc26d38e929 [ 517.373375][T11267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 517.373396][T11267] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 517.373420][T11267] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929 [ 517.373439][T11267] RDX: 0000000000000040 RSI: 0000200000000000 RDI: 0000000000000003 [ 517.373454][T11267] RBP: 00007fc26d410b39 R08: 0000000000000000 R09: 0000000000000000 [ 517.373469][T11267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 517.373484][T11267] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378 [ 517.373509][T11267] [ 517.373518][T11267] [ 517.755734][T11267] Allocated by task 11267: [ 517.760178][T11267] kasan_save_track+0x3e/0x80 [ 517.764893][T11267] __kasan_kmalloc+0x93/0xb0 [ 517.769503][T11267] __kmalloc_noprof+0x27a/0x4f0 [ 517.774371][T11267] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 517.780482][T11267] genl_family_rcv_msg_doit+0xb8/0x300 [ 517.785968][T11267] genl_rcv_msg+0x60e/0x790 [ 517.790501][T11267] netlink_rcv_skb+0x205/0x470 [ 517.795285][T11267] genl_rcv+0x28/0x40 [ 517.799289][T11267] netlink_unicast+0x758/0x8d0 [ 517.804087][T11267] netlink_sendmsg+0x805/0xb30 [ 517.808868][T11267] __sock_sendmsg+0x219/0x270 [ 517.813564][T11267] ____sys_sendmsg+0x505/0x830 [ 517.818345][T11267] ___sys_sendmsg+0x21f/0x2a0 [ 517.823056][T11267] __x64_sys_sendmsg+0x19b/0x260 [ 517.828022][T11267] do_syscall_64+0xfa/0x3b0 [ 517.832547][T11267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 517.838459][T11267] [ 517.840795][T11267] The buggy address belongs to the object at ffff88802740e000 [ 517.840795][T11267] which belongs to the cache kmalloc-64 of size 64 [ 517.854687][T11267] The buggy address is located 8 bytes to the right of [ 517.854687][T11267] allocated 40-byte region [ffff88802740e000, ffff88802740e028) [ 517.869121][T11267] [ 517.871471][T11267] The buggy address belongs to the physical page: [ 517.878526][T11267] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2740e [ 517.887312][T11267] anon flags: 0xfff00000000000(node=0|zone=1|lastcpupid=0x7ff) [ 517.894871][T11267] page_type: f5(slab) [ 517.898884][T11267] raw: 00fff00000000000 ffff88801a8418c0 0000000000000000 dead000000000001 [ 517.907493][T11267] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 517.916077][T11267] page dumped because: kasan: bad access detected [ 517.922535][T11267] page_owner tracks the page as allocated [ 517.928265][T11267] page last allocated via order 0, migratetype Unmovable, gfp_mask 0x52cc0(GFP_KERNEL|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP), pid 1136, tgid 1136 (kworker/u8:5), ts 14671875122, free_ts 10749944756 [ 517.947566][T11267] post_alloc_hook+0x240/0x2a0 [ 517.952352][T11267] get_page_from_freelist+0x21e4/0x22c0 [ 517.957922][T11267] __alloc_frozen_pages_noprof+0x181/0x370 [ 517.963756][T11267] alloc_pages_mpol+0x232/0x4a0 [ 517.968629][T11267] allocate_slab+0x8a/0x370 [ 517.973142][T11267] ___slab_alloc+0xbeb/0x1410 [ 517.977828][T11267] __kmalloc_noprof+0x305/0x4f0 [ 517.982684][T11267] security_task_alloc+0x4d/0x360 [ 517.987735][T11267] copy_process+0x1530/0x3c00 [ 517.992439][T11267] kernel_clone+0x21e/0x870 [ 517.996952][T11267] user_mode_thread+0xdd/0x140 [ 518.001727][T11267] call_usermodehelper_exec_work+0x5c/0x230 [ 518.007673][T11267] process_scheduled_works+0xade/0x17b0 [ 518.013254][T11267] worker_thread+0x8a0/0xda0 [ 518.017859][T11267] kthread+0x711/0x8a0 [ 518.021940][T11267] ret_from_fork+0x3fc/0x770 [ 518.026557][T11267] page last free pid 979 tgid 979 stack trace: [ 518.032721][T11267] __free_frozen_pages+0xb80/0xd80 [ 518.037850][T11267] vfree+0x25a/0x400 [ 518.041746][T11267] delayed_vfree_work+0x55/0x80 [ 518.046605][T11267] process_scheduled_works+0xade/0x17b0 [ 518.052177][T11267] worker_thread+0x8a0/0xda0 [ 518.056774][T11267] kthread+0x711/0x8a0 [ 518.060856][T11267] ret_from_fork+0x3fc/0x770 [ 518.065487][T11267] ret_from_fork_asm+0x1a/0x30 [ 518.070287][T11267] [ 518.072625][T11267] Memory state around the buggy address: [ 518.078272][T11267] ffff88802740df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 518.086349][T11267] ffff88802740df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 518.094417][T11267] >ffff88802740e000: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 518.102586][T11267] ^ [ 518.108237][T11267] ffff88802740e080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 518.116313][T11267] ffff88802740e100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 518.124374][T11267] ================================================================== [ 518.140805][T11267] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 518.148130][T11267] CPU: 1 UID: 0 PID: 11267 Comm: syz.1.1973 Not tainted 6.16.0-rc3-next-20250626-syzkaller #0 PREEMPT(full) [ 518.159682][T11267] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 518.169764][T11267] Call Trace: [ 518.173051][T11267] [ 518.176009][T11267] dump_stack_lvl+0x99/0x250 [ 518.180617][T11267] ? __asan_memcpy+0x40/0x70 [ 518.185220][T11267] ? __pfx_dump_stack_lvl+0x10/0x10 [ 518.190430][T11267] ? __pfx__printk+0x10/0x10 [ 518.195039][T11267] panic+0x2db/0x790 [ 518.198953][T11267] ? __pfx_panic+0x10/0x10 [ 518.203471][T11267] ? _raw_spin_unlock_irqrestore+0xfd/0x110 [ 518.209375][T11267] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 518.215717][T11267] ? print_memory_metadata+0x314/0x400 [ 518.221196][T11267] ? pause_parse_request+0x40/0x160 [ 518.226416][T11267] check_panic_on_warn+0x89/0xb0 [ 518.231375][T11267] ? pause_parse_request+0x40/0x160 [ 518.236590][T11267] end_report+0x78/0x160 [ 518.240857][T11267] kasan_report+0x129/0x150 [ 518.245375][T11267] ? pause_parse_request+0x40/0x160 [ 518.250589][T11267] ? __pfx_pause_parse_request+0x10/0x10 [ 518.256319][T11267] pause_parse_request+0x40/0x160 [ 518.261360][T11267] ? __pfx_pause_parse_request+0x10/0x10 [ 518.267008][T11267] ethnl_default_set_doit+0x2be/0xa40 [ 518.272393][T11267] ? genl_family_rcv_msg_attrs_parse+0x1c9/0x2a0 [ 518.278831][T11267] genl_family_rcv_msg_doit+0x212/0x300 [ 518.284402][T11267] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 518.290489][T11267] ? bpf_lsm_capable+0x9/0x20 [ 518.295192][T11267] ? security_capable+0x7e/0x2e0 [ 518.300143][T11267] genl_rcv_msg+0x60e/0x790 [ 518.304667][T11267] ? __pfx_genl_rcv_msg+0x10/0x10 [ 518.309701][T11267] ? ref_tracker_free+0x63a/0x7d0 [ 518.314731][T11267] ? __pfx_ethnl_default_set_doit+0x10/0x10 [ 518.320639][T11267] ? __pfx_ref_tracker_free+0x10/0x10 [ 518.326027][T11267] netlink_rcv_skb+0x205/0x470 [ 518.330810][T11267] ? __pfx_genl_rcv_msg+0x10/0x10 [ 518.335855][T11267] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 518.341160][T11267] ? down_read+0x1ad/0x2e0 [ 518.345590][T11267] genl_rcv+0x28/0x40 [ 518.349586][T11267] netlink_unicast+0x758/0x8d0 [ 518.354366][T11267] netlink_sendmsg+0x805/0xb30 [ 518.359147][T11267] ? __pfx_netlink_sendmsg+0x10/0x10 [ 518.364449][T11267] ? aa_sock_msg_perm+0xf1/0x1d0 [ 518.369401][T11267] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 518.374698][T11267] ? __pfx_netlink_sendmsg+0x10/0x10 [ 518.380005][T11267] __sock_sendmsg+0x219/0x270 [ 518.384699][T11267] ____sys_sendmsg+0x505/0x830 [ 518.389478][T11267] ? __pfx_____sys_sendmsg+0x10/0x10 [ 518.394775][T11267] ? import_iovec+0x74/0xa0 [ 518.399287][T11267] ___sys_sendmsg+0x21f/0x2a0 [ 518.404005][T11267] ? __pfx____sys_sendmsg+0x10/0x10 [ 518.409235][T11267] ? __fget_files+0x2a/0x420 [ 518.413843][T11267] ? __fget_files+0x3a0/0x420 [ 518.418550][T11267] __x64_sys_sendmsg+0x19b/0x260 [ 518.423506][T11267] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 518.428990][T11267] ? rcu_is_watching+0x15/0xb0 [ 518.433770][T11267] ? do_syscall_64+0xbe/0x3b0 [ 518.438466][T11267] do_syscall_64+0xfa/0x3b0 [ 518.442984][T11267] ? lockdep_hardirqs_on+0x9c/0x150 [ 518.448198][T11267] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.454285][T11267] ? clear_bhb_loop+0x60/0xb0 [ 518.458979][T11267] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 518.464883][T11267] RIP: 0033:0x7fc26d38e929 [ 518.469305][T11267] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 518.489012][T11267] RSP: 002b:00007fc26b1f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 518.497433][T11267] RAX: ffffffffffffffda RBX: 00007fc26d5b5fa0 RCX: 00007fc26d38e929 [ 518.505441][T11267] RDX: 0000000000000040 RSI: 0000200000000000 RDI: 0000000000000003 [ 518.513423][T11267] RBP: 00007fc26d410b39 R08: 0000000000000000 R09: 0000000000000000 [ 518.521407][T11267] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 518.529384][T11267] R13: 0000000000000000 R14: 00007fc26d5b5fa0 R15: 00007fffba0c6378 [ 518.537366][T11267] [ 518.540752][T11267] Kernel Offset: disabled [ 518.545094][T11267] Rebooting in 86400 seconds..