last executing test programs: 12.181756432s ago: executing program 0 (id=677): socket$nl_route(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) r2 = syz_open_procfs(0x0, &(0x7f0000000000)='gid_map\x00') syz_io_uring_setup(0xf04, &(0x7f0000000180)={0x0, 0xdb0d, 0x3f, 0xfffffffe, 0x24000}, 0x0, 0x0) preadv(r2, 0x0, 0x0, 0x8, 0x0) r3 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_MAP$PAGES(r3, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, 0x0, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) r4 = syz_open_dev$dri(&(0x7f0000000080), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GET_LEASE(r4, 0xc01064c8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)}) syz_open_dev$cec(&(0x7f00000000c0), 0x0, 0xa41) r5 = shmget$private(0x0, 0x4000, 0xa4, &(0x7f0000ff9000/0x4000)=nil) shmat(r5, &(0x7f0000ffe000/0x2000)=nil, 0x5000) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000010000000900010073797a3000000000440000001a0a010400000000000000000100000008000a40000000000900020073797a32000000000900010073797a3000000000080005400000000208000840000000013c0000000e0a01020000000000000000010000000900020073797a3200000000100003802f00008008000180040002800900010073797a300000"], 0xc8}}, 0x0) shmctl$IPC_STAT(r5, 0x2, &(0x7f0000002a80)=""/42) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r3, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r3, 0x3ba0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x10000000000000) r7 = getpid() r8 = syz_pidfd_open(r7, 0x0) setns(r8, 0x24020000) socketpair$unix(0x1, 0x2, 0x0, 0x0) r9 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x2200, 0x0) ioctl$KVM_CHECK_EXTENSION(r9, 0xae03, 0xc3) 8.952298618s ago: executing program 3 (id=692): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000340)={&(0x7f00000005c0)='sys_enter\x00'}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000d26a871dba07e83f34c6e27805b682"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[], 0xd0}}, 0x0) (async) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000340)=ANY=[], 0xd0}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) (async) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000580)=[@text64={0x40, 0x0}], 0x1, 0x53, 0x0, 0x0) (async) syz_kvm_setup_cpu$x86(r1, r2, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000580)=[@text64={0x40, 0x0}], 0x1, 0x53, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xf, 0x9, '\x00', 0x5}) r3 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) (async) ioctl$VHOST_SET_VRING_BASE(r3, 0xaf01, 0x0) r4 = eventfd(0xc) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000040)={0x1, r4}) ioctl$VHOST_SET_VRING_KICK(r3, 0x4008af20, &(0x7f0000000080)={0x0, r4}) r5 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5865, 0x10, 0x2, 0x24d}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r6, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r6, r7, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xd8}], 0x1}) io_uring_enter(r5, 0x100847c0, 0x0, 0x1, 0x0, 0x0) (async) io_uring_enter(r5, 0x100847c0, 0x0, 0x1, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) (async) ioctl$KVM_RUN(r2, 0xae80, 0x0) 8.094775368s ago: executing program 3 (id=696): r0 = syz_open_dev$usbfs(&(0x7f00000000c0), 0x1400000000201, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x1000002, 0x11012, r0, 0x0) ioctl$USBDEVFS_IOCTL(r0, 0xc0105512, &(0x7f0000000100)=@usbdevfs_connect={0xa}) timer_create(0xfffffffffffffffc, 0x0, &(0x7f0000001400)) timer_create(0xfffffffc, 0x0, &(0x7f0000000040)=0x0) socketpair$unix(0x1, 0x5, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = landlock_create_ruleset(&(0x7f0000000080)={0x8601, 0x2}, 0x18, 0x0) io_setup(0x6, 0x0) socket$caif_stream(0x25, 0x1, 0x4) landlock_restrict_self(r4, 0x0) r5 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r6 = syz_io_uring_setup(0x1237, &(0x7f0000000380)={0x0, 0x80fd, 0x80, 0x3, 0x2b9}, &(0x7f0000000040)=0x0, &(0x7f0000000200)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r7, r8, &(0x7f00000001c0)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r5, 0x80, &(0x7f0000000080)=@l2tp={0x2, 0x0, @local, 0x3}}) io_uring_enter(r6, 0x47bc, 0x0, 0x0, 0x0, 0x0) bind$inet6(0xffffffffffffffff, &(0x7f0000000080)={0xa, 0x4e22, 0x0, @mcast2, 0x400000}, 0x1c) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, 0x0, 0x0) syz_usb_connect(0x2, 0x5f, 0x0, 0x0) timer_settime(r1, 0x0, &(0x7f0000000000)={{0x0, 0x989680}, {0x77359400}}, 0x0) timer_settime(0x0, 0x0, &(0x7f000006b000)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) timer_settime(r1, 0x1, &(0x7f0000001980)={{0x0, 0x989680}}, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a20000000000a03000000000000000000070000000900010073797a30000000004c000000090a010400000000000000000700000008000a40000000000900020073797a31110000000900010073797a3000000000080005400000001c08000640ffffff000800034000000008606600000c0a01010000000000000000070000000900020073797a31000000000900010073797a3000000000080004400000000220660380"], 0x66f4}}, 0x0) syz_clone(0x410c2000, 0x0, 0x0, 0x0, 0x0, 0x0) openat$rtc(0xffffffffffffff9c, &(0x7f0000002600), 0x101840, 0x0) 7.507149903s ago: executing program 0 (id=699): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x3, 0x2, 0x1, 0xfffa}, 0x38, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x4640, 0x7, 0x5, 0x8006, 0x0, 0x7, 0x3c5b, 0x1, 0x1db, 0x10, 0x5, 0x0, 0xfffffffb, 0xe661, 0x4, 0x7, 0x20003, 0x8, 0x4c74, 0x6, 0x242, 0x3, 0x11, 0x4, 0x80008071, 0x9, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x9, 0x6, 0x454f, 0x6, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x7, 0x8000012f, 0x8001, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0x8, 0x5, 0xfffff575, 0x5f31, 0x100d, 0x4e0, 0x381, 0x8, 0xb, 0x4, 0x9, 0x8, 0x5, 0x6, 0x47, 0x4, 0x1, 0xfe000000, 0x8, 0x2, 0x1, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0xfffffff8, 0xbc45, 0x48c93690, 0x42, 0x3], [0x4, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x9, 0xb, 0x4, 0x33c9, 0x5, 0x0, 0x1ec, 0x5, 0x8, 0x8001, 0x3, 0x303c, 0xfffffffa, 0x8000000b, 0x5, 0x2, 0x2, 0x400003, 0x20000004, 0x4, 0x40006d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x0, 0x2950bfaf, 0x1000, 0xa1, 0x4, 0xa9, 0x5, 0x0, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x2, 0x120000, 0x807ff, 0x2006, 0x80a2ef, 0x1, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x1938, 0x6, 0x6, 0x0, 0xb9, 0x0, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x3, 0x60a7, 0x106, 0x7, 0xffffffff, 0x80000000, 0x0, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x3, 0x7e, 0x100, 0x9622, 0x107, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x803, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0) read$FUSE(r5, &(0x7f0000006380)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r9 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x24c01, 0x0) write$FUSE_ENTRY(r9, &(0x7f0000000340)={0x90, 0x0, r6, {0x2, 0x1000000, 0xa, 0x0, 0x800, 0x7, {0x6, 0x3, 0x7ff, 0x5, 0x51b5, 0x100, 0x0, 0x7fffffff, 0xf5, 0x0, 0x9, r7, r8, 0x6, 0x3e}}}, 0x90) sendmsg$nl_xfrm(r3, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYBLOB="300200001c00210125bd7000fddbdf252be400060064010102000000000000000000000000fe8000000000000000000000000000aa4e2100004e2135380a00008032000000", @ANYRES32=r4, @ANYRES32=r7, @ANYRES8=r8, @ANYRES32=0x0, @ANYBLOB="0200000028001a00ff020000000000000000000000000001ac1e01010000000000000000000000001400fb80c600120063636d2d6165732d6365000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d0030000a0000000b45a057a2d64c6a1c385f640c0e7136009b878142e5f64b6a7da9c5f74f432325e0693e22c97382c3c0a920b9dbebf4dde0605368df90b2bc0ac31fb340830a65edbd06368cea6c5ef2aae316d45e82ac91ec4f431f085acb97e600e0bc7bd50ea76089037af2174785382ac958fd05238ccbb6ccedfa886c4e300002c001300ac14142e000000000000000000000000ac1414aa000000000000000000000000000000000a0000000800180000000000000000"], 0x230}, 0x1, 0x0, 0x0, 0x884}, 0x4008882) sendmsg$nl_route(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=@ipv6_deladdrlabel={0x40, 0x49, 0x800, 0x70bd25, 0x25dfdbfd, {0xa, 0x0, 0x18, 0x0, r4, 0x6}, [@IFAL_LABEL={0x8}, @IFAL_LABEL={0x8, 0x2, 0x1}, @IFAL_ADDRESS={0x14, 0x1, @remote}]}, 0x40}, 0x1, 0x0, 0x0, 0x11}, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}, 0x2}}, 0x26) r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000980)=[@textreal={0x8, 0x0}], 0x1, 0x51, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r10, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xf, 0x9, '\x00', 0x9}) ioctl$KVM_RUN(r10, 0xae80, 0x0) 6.27657071s ago: executing program 0 (id=702): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f0000000000)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d260101100000000904000003fe03010009cd1f0002000000090505020000fcffff09058b1e2000"], 0x0) r1 = getpid() mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) (async) process_vm_readv(r1, &(0x7f0000008400)=[{&(0x7f0000000300)=""/54, 0x36}], 0x1, &(0x7f0000008640)=[{&(0x7f0000008480)=""/95, 0x5f}], 0x1, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000040)=ANY=[@ANYRESHEX=r1], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 5.141868669s ago: executing program 2 (id=707): socket$nl_generic(0x10, 0x3, 0x10) socket$inet6_mptcp(0xa, 0x1, 0x106) openat$random(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r0 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000040), 0x42, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', &(0x7f00000001c0), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r0, @ANYBLOB=',rootmode=0000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) read$FUSE(r0, &(0x7f000000e280)={0x2020}, 0x2020) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) dup(r1) pselect6(0x40, &(0x7f00000000c0)={0x0, 0x0, 0x0, 0x8, 0x400000, 0x0, 0x2}, 0x0, &(0x7f0000000140)={0x1ff, 0x0, 0x0, 0x0, 0x0, 0x80, 0x0, 0xffffffffffffffff}, 0x0, 0x0) 4.567563188s ago: executing program 1 (id=708): r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) ioctl$FBIOPUT_VSCREENINFO(r0, 0x4601, &(0x7f0000000100)={0x400, 0x300, 0x0, 0x4b0, 0xbbba, 0x2, 0x0, 0x20000000, {}, {0x0, 0x2}, {0x4000000}, {0x0, 0x8}, 0x0, 0x3f0, 0x0, 0xd613, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) 4.367012367s ago: executing program 0 (id=709): unshare(0x2c020400) syz_io_uring_setup(0x80000f04, &(0x7f0000000180)={0x0, 0xd96d, 0x4, 0xfffffffe, 0x24000, 0x0, 0x0}, 0x0, 0x0) syz_usb_connect(0x6, 0x11e, &(0x7f0000002040)={{0x12, 0x1, 0x201, 0xcc, 0xf4, 0x59, 0xff, 0x56e, 0x5004, 0x1921, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x10c, 0x2, 0xff, 0x3, 0x50, 0x2, [{{0x9, 0x4, 0x16, 0x0, 0x2, 0xb2, 0xe8, 0x73, 0x1, [@cdc_ecm={{0x5}, {0x5, 0x24, 0x0, 0x200}, {0xd, 0x24, 0xf, 0x1, 0x3, 0x1, 0x5, 0x5}}], [{{0x9, 0x5, 0x6, 0x0, 0x0, 0x7, 0x4, 0x9, [@generic={0x2, 0x23}]}}, {{0x9, 0x5, 0xd, 0x0, 0x200, 0x6, 0x7c, 0x1, [@generic={0x3d, 0xb, "00d236169b5f51b704f8ffa100662cffceaa59c2c6d8589e88e6b098233995644383417ce07142f24416db33d6536d42f0a7c8c48c100e21e22110"}]}}]}}, {{0x9, 0x4, 0x1d, 0x4, 0x1, 0xff, 0xff, 0xff, 0x4, [@uac_control={{0xa, 0x24, 0x1, 0x3, 0x9}, [@extension_unit={0x8, 0x24, 0x8, 0x5, 0x1, 0x7, "da"}, @output_terminal={0x9, 0x24, 0x3, 0x5, 0x305, 0x1, 0x3, 0x6}, @input_terminal={0xc, 0x24, 0x2, 0x1, 0x1ff, 0x3, 0xa6, 0x200, 0xb9, 0xf2}]}, @cdc_ecm={{0x6, 0x24, 0x6, 0x0, 0x0, "f5"}, {0x5, 0x24, 0x0, 0x401}, {0xd, 0x24, 0xf, 0x1, 0xfffffff7, 0x6, 0x19, 0xa4}, [@mdlm={0x15, 0x24, 0x12, 0x4}, @mbim={0xc, 0x24, 0x1b, 0x2, 0xdac8, 0xc3, 0x8, 0xcd6, 0x9a}, @network_terminal={0x7, 0x24, 0xa, 0xff, 0x4, 0x0, 0x3}, @network_terminal={0x7, 0x24, 0xa, 0x2, 0x1, 0x59, 0xb1}, @network_terminal={0x7, 0x24, 0xa, 0x2, 0xab, 0x8, 0x5}]}], [{{0x9, 0x5, 0xc, 0xc, 0x8, 0x4, 0x73, 0x4, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x0, 0x7}, @generic={0x5, 0xc, "f7b43d"}]}}]}}]}}]}}, &(0x7f0000002400)={0xa, &(0x7f00000021c0)={0xa, 0x6, 0x100, 0x1, 0x2, 0xf, 0xff, 0xc}, 0x5, &(0x7f0000002200)={0x5, 0xf, 0x5}, 0x2, [{0x87, &(0x7f0000002240)=@string={0x87, 0x3, "372518001567a6c5dfd4c7245c71e204d7a9786d59ad52a2dc386afe0756c08944402ea003c55a44d9d680f36dbff8cf186b94e78146afe16bb8fbd9dd3d445f9d8f51698b52b9095293be12095ab6a08e5ebbfaacc9a1c1ccfad943daedec4a4b18047d7cfd99745434b5af26174b59a33aade6a0ff44bffd1e355cec1a8eb0cb809b4649"}}, {0x9b, &(0x7f0000002300)=@string={0x9b, 0x3, "ce52199f544bbed5eb6d0353cbc1a269cdfc7db3aeac10717e3c1d153c2ff974e13b6a7e8a3eacbd1eb47e853ada12019d4af9effea8caff9bf67485798eb2d712ac1d2367ba3828fff128436c62b7ad2b4b3bb9f684ec527f4602ab1b22d2feaf45bf5c90577affe7807c6caf2c1204934a8cc9bb3d40c7a8811b2e29abfcf73a00c38b29e79dffc1cb62e0b8187226addd2380126ff98ebd"}}]}) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udplite(0x2, 0x2, 0x88) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r2, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r3 = socket(0x400000000010, 0x3, 0x0) r4 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xffffffff, {0x0, 0x0, 0x0, r5, {0x0, 0xfff1}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000015c0)=@newtfilter={0x41c, 0x2c, 0xd27, 0x70bd2a, 0x2, {0x0, 0x0, 0x0, r5, {0x0, 0x1}, {}, {0x8}}, [@filter_kind_options=@f_matchall={{0xd}, {0x3e0, 0x2, [@TCA_MATCHALL_FLAGS={0x8, 0x3, 0x4}, @TCA_MATCHALL_ACT={0x394, 0x2, [@m_skbedit={0x14c, 0x1f, 0x0, 0x0, {{0xc}, {0x34, 0x2, 0x0, 0x1, [@TCA_SKBEDIT_PARMS={0x18, 0x2, {0x8, 0x6, 0x20000000, 0xaf000000, 0x1}}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x3}, @TCA_SKBEDIT_QUEUE_MAPPING={0x6, 0x4, 0x3ff}, @TCA_SKBEDIT_PTYPE={0x6, 0x7, 0x7}]}, {0xef, 0x6, "4c0b2d056d27d61bf9caa7638256403e0a873ca84f9e23b21c8b50af1caf8445094c77efc7a906cc51927cae63f5582b9cd772754ad95975f8cd15a7eaf94d6407b559f7e03319122770e276d047f4e861875f58f1f09c50ed6055b988b88edb58dbe1b4964af4b889e66d3e316861be06762ece4361114a00bf7934b73b2fcfcc13476192158ee9e4eb6ac960884827b73b0070d251dfb26c40ee090cf9d8b117e148b8bf73557fc7200d34a97ba8fdfb6822477f55185368e5735891cf0e8306674740bbb34c5274c454ba6a9f17fe9ac26abf476434507f12237fdafb132634a52843c93aa663f4dac1"}, {0xc, 0x7, {0x0, 0x1}}, {0xc, 0x8, {0x3, 0x2}}}}, @m_nat={0x130, 0x16, 0x0, 0x0, {{0x8}, {0xa4, 0x2, 0x0, 0x1, [@TCA_NAT_PARMS={0x28, 0x1, {{0x4, 0x2, 0x9, 0xbde, 0x4}, @broadcast, @broadcast, 0xff}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x0, 0x5, 0x0, 0x400, 0xffff7fff}, @multicast1, @multicast2, 0xff000000}}, @TCA_NAT_PARMS={0x28, 0x1, {{0x40000009, 0x8, 0x3, 0x1, 0x7}, @broadcast, @empty, 0xff000000}}, @TCA_NAT_PARMS={0x28, 0x1, {{0xffffffff, 0x43, 0x0, 0x9, 0x200}, @multicast1, @loopback, 0xffffffff, 0x1}}]}, {0x68, 0x6, "efb1ceb9e1fd5c3140979a820830591412b3a1e51ff01430b993e9513caeae48b445fc37a3632c283671b57dd18d62cc84acc268c7342a5de3348ec761f3af57144f222391ee893e8205a4803bb4aa896c4072f30729be7dd8940468da8e00213347348f"}, {0xc}, {0xc, 0x8, {0x1}}}}, @m_ct={0x114, 0x1a, 0x0, 0x0, {{0x7}, {0x2c, 0x2, 0x0, 0x1, [@TCA_CT_LABELS={0x14, 0x7, "a15a1126ed2dbc77499eb26844a4b31b"}, @TCA_CT_LABELS={0x14, 0x7, "bf91b338555d4b4d82637cd8f81d8678"}]}, {0xc2, 0x6, "c527675bf7f4646ae31c844a33598eff03ceaabbf6272a809016b3f45d79c400b539c7a4d14eaae83644f301ed04c18bf42d5c76a75e8a581d9a3557c255c6295de63eb3da7d415bef4d1f78361360ce6fe6411cab60fa0a5057105013247436fea28171a79df64b155fc529fcfebcabf8e2f34843a55ef8798b5d34a7f442bde0879242568c20977076b5be5c90ddd6de40fd02d6c00f1f52b2454bd700ba583c7a3e90fc14df63eeb534c65c8bfdca7233e81f51f78cc2c2ccc2f16679"}, {0xc, 0x7, {0x1}}, {0xc, 0x8, {0x0, 0x6}}}}]}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x3}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x5}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0x7, 0xe}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x7}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x3}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xa, 0xf}}, @TCA_MATCHALL_CLASSID={0x8, 0x1, {0xfff3, 0xb}}, @TCA_MATCHALL_FLAGS={0x8, 0x3, 0x1}]}}, @TCA_RATE={0x6, 0x5, {0xff, 0x5}}]}, 0x41c}, 0x1, 0x0, 0x0, 0x240080d0}, 0x0) r6 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) unshare(0x20020000) open_tree(r6, &(0x7f0000000640)='\x00', 0x89901) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'bond0\x00', 0x0}) sendmmsg(0xffffffffffffffff, &(0x7f0000000180)=[{{0x0, 0x0, 0x0, 0x0, 0x0, 0x18, 0xe000}, 0x5}], 0x1, 0x0) rt_tgsigqueueinfo(0x0, 0x0, 0x21, &(0x7f0000000180)={0x0, 0x0, 0x1e}) r8 = syz_open_dev$vim2m(&(0x7f0000000080), 0x8, 0x2) ioctl$vim2m_VIDIOC_S_FMT(r8, 0xc0d05605, &(0x7f0000000140)={0x2, @pix={0x1, 0x3ff, 0x32315559, 0x8, 0x203, 0x2, 0x7, 0x6, 0x1, 0x2, 0x1, 0x1}}) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000100)={'wg0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f00000009c0)=ANY=[@ANYBLOB="4c00000010003b15000800"/20, @ANYRES32=0x0, @ANYBLOB="0000000000b401002400128009000100626f6e6400000000140002800500010006000000080003000000000008000a00", @ANYRES32=r7], 0x4c}}, 0x0) r9 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f0000000800)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000700000b44000000090a05000000000000000000030000040900010073797a31000000000888e2a3f6459defa5fb48f40005400000003808000a40000000010900020073797a300000000008000c4000ff00011417585b9d660dc2c0130000001100010000000048f38dbfef320403612b68386c370cacaefbe85dacc8f0a2a1c769101fbada02f5620fdc83bcf7e6d42f2d8c4a1a7f"], 0x6c}, 0x1, 0x0, 0x0, 0x800}, 0x44000800) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r1, 0x8933, &(0x7f00000000c0)) r10 = syz_open_procfs(0x0, &(0x7f00000023c0)='net/tcp\x00') read$FUSE(r10, &(0x7f0000000000)={0x2020}, 0x96) read$FUSE(r10, &(0x7f0000004440)={0x2020}, 0x2020) r11 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r11, 0x7a0, &(0x7f0000000040)={@local}) 4.355761426s ago: executing program 4 (id=710): r0 = memfd_create(&(0x7f00000000c0)='[\v\xdbX\xae[\x1a\xa9\xfd\xfa\xad\xd1md\xc8\x85HX\xa9%\f\x1ae\xe0\x00\x00\x00\x00\xfb\xff\x00\x00\x81\x9eG\xd9,\xe2\xc6a\x9f\xe8\xf1\xb3\x86\xe2+Op\xd0\xa2\x82\x1eb;(\xb5\xe1jS\xd6\x91%||\xa0\x8ez\xadT\xc8\f\xe5\x89\xbf3:\x99\x1e\xac`\xc3\xcf\xd3\xae\xd2\a\x11\xa9\xa5^\xff\xf5\x95\xd2q#\xc6\xca\x97\x9d\xcb\x1e\x80\xd6\xd5%N&\xf8#\x80z8Z\xd2}\xf5\xe4\x9f5\x9b\x01\xf9t\xbb\x1er\x14\xdb\xd3\xcd\xfd\xbdnC\xec', 0x0) write$binfmt_script(r0, 0x0, 0x0) r1 = socket$inet_tcp(0x2, 0x1, 0x0) getsockopt$inet_tcp_int(r1, 0x6, 0x4, &(0x7f00000000c0), &(0x7f0000000400)=0x4) r2 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440), &(0x7f00000000c0), 0xc9, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000000)={r2, r2, r2}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'sha1-ssse3\x00'}}) syz_usb_connect$uac1(0x2, 0xdf, &(0x7f0000000100)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xcd, 0x3, 0x1, 0x0, 0x0, 0xf, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x0, 0x6}, [@feature_unit={0xd, 0x24, 0x6, 0x0, 0x0, 0x3, [0x8, 0x0, 0x8], 0xfb}, @input_terminal={0xc, 0x24, 0x2, 0x3, 0x202, 0x2, 0x5, 0x900, 0x9, 0x5}, @input_terminal={0xc, 0x24, 0x2, 0x0, 0x203, 0xfc, 0x0, 0x0, 0x0, 0xe}, @processing_unit={0x9, 0x24, 0x7, 0x6, 0x6, 0xa, "d883"}, @processing_unit={0xd, 0x24, 0x7, 0x1, 0x3, 0x80, "e58c86e8729c"}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x28, 0x0, 0x0, 0x0, {0x7, 0x25, 0x1, 0x0, 0x0, 0x5}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xf, 0x24, 0x2, 0x2, 0x1, 0x7, 0xfd, "cdd14602ee41"}, @format_type_i_discrete={0xd, 0x24, 0x2, 0x1, 0x1, 0x3, 0x2, 0x0, "bc38e6e134"}, @format_type_i_continuous={0xd, 0x24, 0x2, 0x1, 0x0, 0x3, 0x5, 0x4, "f83d", "d888a0"}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x4, 0x2, 0x46, 0x2, "a318"}]}, {{0x9, 0x5, 0x82, 0x9, 0x8, 0x0, 0x1, 0x20, {0x7}}}}}}}]}}, 0x0) 4.125822152s ago: executing program 1 (id=711): socket$nl_route(0x10, 0x3, 0x0) r0 = io_uring_setup(0x70c3, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1}) socket$kcm(0x29, 0x5, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$OBJ_GET_PROG(0x7, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) timerfd_create(0x0, 0x0) syz_open_dev$loop(0x0, 0x8, 0x128000) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, 0x0, 0x0) sendmmsg$inet(0xffffffffffffffff, &(0x7f0000001fc0)=[{{0x0, 0x0, &(0x7f0000000880)=[{&(0x7f0000000180)='\"', 0x1}], 0x1}}], 0x1, 0x41) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) setsockopt$inet_sctp_SCTP_AUTH_DEACTIVATE_KEY(0xffffffffffffffff, 0x84, 0x23, &(0x7f0000001280), 0x8) syz_open_procfs(0xffffffffffffffff, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x0, 0x0, 0x3, 0xfffffffffffffffd, 0x0, 0x80, 0x0, 0x47}, 0x0, &(0x7f00000002c0)={0x3ff, 0x7, 0x0, 0x9, 0x0, 0x0, 0x7fffffff}, 0x0, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) syz_open_procfs(0x0, 0x0) 4.125358688s ago: executing program 2 (id=712): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x3, 0x2, 0x1, 0xfffa}, 0x38, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x4640, 0x7, 0x5, 0x8006, 0x0, 0x7, 0x3c5b, 0x1, 0x1db, 0x10, 0x5, 0x0, 0xfffffffb, 0xe661, 0x4, 0x7, 0x20003, 0x8, 0x4c74, 0x6, 0x242, 0x3, 0x11, 0x4, 0x80008071, 0x9, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x9, 0x6, 0x454f, 0x6, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x7, 0x8000012f, 0x8001, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0x8, 0x5, 0xfffff575, 0x5f31, 0x100d, 0x4e0, 0x381, 0x8, 0xb, 0x4, 0x9, 0x8, 0x5, 0x6, 0x47, 0x4, 0x1, 0xfe000000, 0x8, 0x2, 0x1, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0xfffffff8, 0xbc45, 0x48c93690, 0x42, 0x3], [0x4, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x9, 0xb, 0x4, 0x33c9, 0x5, 0x0, 0x1ec, 0x5, 0x8, 0x8001, 0x3, 0x303c, 0xfffffffa, 0x8000000b, 0x5, 0x2, 0x2, 0x400003, 0x20000004, 0x4, 0x40006d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x0, 0x2950bfaf, 0x1000, 0xa1, 0x4, 0xa9, 0x5, 0x0, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x2, 0x120000, 0x807ff, 0x2006, 0x80a2ef, 0x1, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x1938, 0x6, 0x6, 0x0, 0xb9, 0x0, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x3, 0x60a7, 0x106, 0x7, 0xffffffff, 0x80000000, 0x0, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x3, 0x7e, 0x100, 0x9622, 0x107, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x803, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0) read$FUSE(r5, &(0x7f0000006380)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r9 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x24c01, 0x0) write$FUSE_ENTRY(r9, &(0x7f0000000340)={0x90, 0x0, r6, {0x2, 0x1000000, 0xa, 0x0, 0x800, 0x7, {0x6, 0x3, 0x7ff, 0x5, 0x51b5, 0x100, 0x0, 0x7fffffff, 0xf5, 0x0, 0x9, r7, r8, 0x6, 0x3e}}}, 0x90) sendmsg$nl_xfrm(r3, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYBLOB="300200001c00210125bd7000fddbdf252be400060064010102000000000000000000000000fe8000000000000000000000000000aa4e2100004e2135380a00008032000000", @ANYRES32=r4, @ANYRES32=r7, @ANYRES8=r8, @ANYRES32=0x0, @ANYBLOB="0200000028001a00ff020000000000000000000000000001ac1e01010000000000000000000000001400fb80c600120063636d2d6165732d6365000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d0030000a0000000b45a057a2d64c6a1c385f640c0e7136009b878142e5f64b6a7da9c5f74f432325e0693e22c97382c3c0a920b9dbebf4dde0605368df90b2bc0ac31fb340830a65edbd06368cea6c5ef2aae316d45e82ac91ec4f431f085acb97e600e0bc7bd50ea76089037af2174785382ac958fd05238ccbb6ccedfa886c4e300002c001300ac14142e000000000000000000000000ac1414aa000000000000000000000000000000000a0000000800180000000000000000"], 0x230}, 0x1, 0x0, 0x0, 0x884}, 0x4008882) sendmsg$nl_route(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=@ipv6_deladdrlabel={0x40, 0x49, 0x800, 0x70bd25, 0x25dfdbfd, {0xa, 0x0, 0x18, 0x0, r4, 0x6}, [@IFAL_LABEL={0x8}, @IFAL_LABEL={0x8, 0x2, 0x1}, @IFAL_ADDRESS={0x14, 0x1, @remote}]}, 0x40}, 0x1, 0x0, 0x0, 0x11}, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}, 0x2}}, 0x26) r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000980)=[@textreal={0x8, 0x0}], 0x1, 0x51, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r10, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xf, 0x9, '\x00', 0x9}) ioctl$KVM_RUN(r10, 0xae80, 0x0) 4.100499435s ago: executing program 3 (id=713): unshare(0x24060400) r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000080)=0xb0000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) r1 = socket$nl_xfrm(0x10, 0x3, 0x6) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000500)={0x0, 0x0, 0x0, &(0x7f0000000240), 0x1000}, 0x38) sendmsg$nl_xfrm(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f00000001c0)=ANY=[@ANYBLOB="44010000100033060000000000000000e0000002000000000000000000000000fe8000000000000000000000000000aa00000000000000000200000000000000ac11b1b762bd2188", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000001fffffffd32000000ac1414aa00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000050000000000000000000000000000000000000002000000000000000a000400000000000000000048000200656362286369706865725f6e756c6c29000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000c001500590735000a000000"], 0x144}}, 0x0) r2 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000000)=ANY=[@ANYBLOB="380100"], 0x138}}, 0x0) poll(&(0x7f0000000140)=[{r0, 0xa042}], 0x1, 0x3) 3.389097788s ago: executing program 2 (id=714): r0 = syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) r1 = add_key(&(0x7f00000002c0)='keyring\x00', &(0x7f0000000300)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffe) ioctl$DRM_IOCTL_AGP_ALLOC(r0, 0xc0206434, &(0x7f00000000c0)={0x1}) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r1, 0x0, &(0x7f0000000480)) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={0x0}}, 0x20000050) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r4, &(0x7f0000fe5000/0x18000)=nil, &(0x7f0000000180)=[@text16={0x10, 0x0}], 0x1, 0x12, 0x0, 0x0) ioctl$KVM_SET_MSRS(r4, 0x4008ae89, &(0x7f0000000000)=ANY=[@ANYBLOB="01000000000000008004"]) add_key$keyring(0x0, &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, r1) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(r0, 0xc02064b2, &(0x7f0000000040)={0x3, 0x206576, 0x6}) mmap(&(0x7f0000001000/0x4000)=nil, 0x4000, 0x4, 0x11, r0, 0x100000000) openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x103080, 0x0) prctl$PR_GET_NAME(0x10, 0x0) r5 = fsopen(&(0x7f00000000c0)='ramfs\x00', 0x0) r6 = socket$inet(0x2, 0x4000000000000001, 0x0) r7 = fsopen(&(0x7f00000001c0)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r7, 0x6, 0x0, 0x0, 0x0) r8 = fsmount(r7, 0x0, 0x0) fchdir(r8) r9 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='blkio.bfq.io_wait_time\x00', 0x275a, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000004, 0x28011, r9, 0x0) ftruncate(r9, 0x796c) setsockopt$inet_tcp_TCP_CONGESTION(r6, 0x6, 0xd, &(0x7f0000000100)='bbr\x00', 0x4) fsconfig$FSCONFIG_CMD_CREATE(r5, 0x6, 0x0, 0x0, 0x0) ioctl$KVM_CAP_DIRTY_LOG_RING(0xffffffffffffffff, 0x4068aea3, &(0x7f0000000040)={0xc0, 0x0, 0x12000}) mmap(&(0x7f0000000000/0xa000)=nil, 0xa000, 0x1000006, 0x4132, 0xffffffffffffffff, 0x0) 3.173914214s ago: executing program 3 (id=715): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000002382, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x28011, r1, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) ioctl$KVM_GET_MSR_INDEX_LIST(r2, 0xc004ae02, 0x0) 3.091816387s ago: executing program 1 (id=716): r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r0, 0x8933, &(0x7f0000000040)={'batadv_slave_1\x00', 0x0}) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000500)=ANY=[@ANYBLOB="380000001800010000000000000000020a000000000000000000000008000400", @ANYRES32=r1, @ANYBLOB="06001500050000000c0016"], 0x38}}, 0x40004) (fail_nth: 6) 2.885338106s ago: executing program 4 (id=717): syz_emit_ethernet(0x56, &(0x7f0000000540)={@multicast, @empty, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f4adf7", 0x20, 0x2c, 0x0, @dev, @mcast2, {[@hopopts={0x3c, 0x0, '\x00', [@ra={0x5, 0x2, 0x6}, @padn]}], @echo_reply={0x81, 0x0, 0x0, 0x0, 0x0, "f902b2bd07fff693"}}}}}}, 0x0) (fail_nth: 9) 2.121729988s ago: executing program 1 (id=718): socket$pppl2tp(0x18, 0x1, 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6(0xa, 0x1, 0x0) r0 = syz_io_uring_setup(0x10d2, &(0x7f0000000480)={0x0, 0x7734, 0x80, 0x0, 0x34f}, &(0x7f00000000c0)=0x0, &(0x7f0000000080)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x4}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_POLL_REMOVE={0x7, 0x15523ea56aa22b9a, 0x0, 0x0, 0x0, 0x12345}) io_uring_enter(r0, 0x47bc, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x2, 0xc3072, 0xffffffffffffffff, 0x200000) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$netlink(r5, &(0x7f0000001e00)={0x0, 0x0, &(0x7f0000001d80)=[{&(0x7f0000000600)={0x30, 0x2e, 0x503, 0x0, 0x0, "", [@nested={0x20, 0x0, 0x0, 0x1, [@typed={0x8, 0x0, 0x0, 0x0, @u32}, @typed={0x8, 0x0, 0x0, 0x0, @fd}, @typed={0xc, 0xf, 0x0, 0x0, @u64}]}]}, 0x30}], 0x1}, 0x0) r6 = socket$packet(0x11, 0x2, 0x300) ioctl$sock_SIOCGIFINDEX(r6, 0x8933, &(0x7f0000000000)={'syz_tun\x00', 0x0}) bind$packet(0xffffffffffffffff, &(0x7f00000000c0)={0x11, 0x1b, r7, 0x1, 0x0, 0x6, @local}, 0x14) bind$packet(r6, &(0x7f0000000100)={0x11, 0x4, r7}, 0x14) syz_emit_ethernet(0x11, &(0x7f0000000180)={@local, @link_local, @void, {@llc={0x4, {@llc={0x0, 0x4, 'p'}}}}}, 0x0) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-cipher_null\x00'}, 0x58) r8 = accept4$alg(0xffffffffffffffff, 0x0, 0x0, 0x0) io_setup(0x883, &(0x7f0000000380)=0x0) sendmmsg$alg(r8, &(0x7f0000000000), 0x4f, 0x4000850) ioctl$F2FS_IOC_RESIZE_FS(r3, 0x4008f510, &(0x7f0000000000)=0x3) io_submit(r9, 0x27f, &(0x7f0000001440)=[&(0x7f0000000200)={0x1000000, 0x0, 0x700000000000000, 0x0, 0x0, r8, &(0x7f0000000340), 0xfdef}]) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) 2.121379567s ago: executing program 4 (id=719): setsockopt$XDP_RX_RING(0xffffffffffffffff, 0x11b, 0x2, &(0x7f0000000040)=0x20, 0x4) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000440)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000080)={'ip6gre0\x00'}) syz_emit_ethernet(0x46, &(0x7f0000000000)=ANY=[@ANYBLOB="aaaaaaaaaaaaffffffffffff86dd6016000000102b00fc0100000000000000e2ff0000000000fe8000000000000000000400000000aa"], 0x0) connect$l2tp6(0xffffffffffffffff, &(0x7f0000000000)={0xa, 0x0, 0x0, @dev={0xfe, 0x80, '\x00', 0x1d}, 0xa}, 0x20) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000180)="66b80e010f00d0b0060f21a20f01c40f009b2700000066b80c008ee00f3235008000000f30b80e0000000f23d80f21f835800000a00f23f8c9b9490300000f60b932c00a00b9730200000f32328fe858b660002fb90d090000b800680000ba000000000f30", 0x65}], 0x1, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.882086928s ago: executing program 3 (id=720): bpf$PROG_LOAD(0x5, &(0x7f0000000480)={0x8, 0x4, &(0x7f0000000040)=@framed={{}, [@ldst={0x3, 0x2, 0x3, 0x1, 0x0, 0x3a}]}, &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000001100)={0x84, &(0x7f00000001c0)={0x0, 0x1, 0x6, "00005c1ce21e"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000080)={0x9, "110a79270ebc6685df95bb67bd4b819f75e3319a3e08c09f881ec1c9ea9f2b14"}) 1.690995701s ago: executing program 2 (id=721): r0 = socket$inet6_udp(0xa, 0x2, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000280)=ANY=[@ANYBLOB="b00000000002010400000000000000000700000608000940ffffffff080004400000008108000840000000032000018006"], 0xb0}, 0x1, 0x0, 0x0, 0x8004}, 0x10) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a0000200002801c00178018"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) getsockopt$IP6T_SO_GET_ENTRIES(r0, 0x29, 0x41, 0x0, &(0x7f0000000000)=0x24) r2 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="18000000240001030000000000000000010000000400ae"], 0x18}, 0x1, 0x0, 0x0, 0x8001}, 0x4000) syz_emit_ethernet(0x5a, &(0x7f0000000240)={@local, @link_local, @void, {@ipv4={0x800, @tcp={{0xe, 0x4, 0x0, 0x0, 0x4c, 0x0, 0x0, 0x0, 0x5, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @private=0xa010100, {[@timestamp_addr={0x44, 0x14, 0x7, 0x3, 0x0, [{@empty}, {@dev={0xac, 0x14, 0x14, 0x26}, 0x4000}]}, @ssrr={0x89, 0xb, 0xce, [@multicast2, @multicast1]}, @generic={0x83, 0x2}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5}}}}}}, 0x0) recvmmsg(r2, &(0x7f00000086c0)=[{{0x0, 0x0, 0x0}, 0x8101}, {{0x0, 0x0, 0x0}, 0x10000}, {{0x0, 0x0, 0x0}, 0x1}, {{0x0, 0x0, &(0x7f00000007c0)=[{&(0x7f0000000380)=""/188, 0xbc}, {&(0x7f0000000000)=""/258, 0x102}, {&(0x7f0000000940)=""/4096, 0x1000}, {&(0x7f0000000440)=""/89, 0x59}, {&(0x7f00000006c0)=""/243, 0xf3}], 0x5}, 0x80000000}], 0x4, 0x20, 0x0) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=ANY=[@ANYRES32=r3], 0x24}, 0x1, 0x0, 0x0, 0x94}, 0xc040) 1.465880952s ago: executing program 2 (id=722): socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_route(0x10, 0x3, 0x0) syz_open_dev$media(&(0x7f0000000040), 0x4c6c, 0x200) openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/kernel/address_bits', 0x0, 0x0) r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x448}}, 0x0) r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000140), 0x2, 0x0) mount$fuse(0x0, &(0x7f0000002880)='.\x00', &(0x7f00000028c0), 0x4001, &(0x7f0000000180)={{'fd', 0x3d, r1}, 0x2c, {'rootmode', 0x3d, 0x4000}}) write$FUSE_NOTIFY_STORE(r1, &(0x7f0000000000)={0x29, 0x4, 0x0, {0x1, 0x400000000000000, 0x1, 0x0, [0x0]}}, 0x29) sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) 1.390912016s ago: executing program 2 (id=723): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001", @ANYRESOCT=r0, @ANYRES8=r0, @ANYRESDEC=r0, @ANYRES64=r0], 0x7c}}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(0xffffffffffffffff, 0x8933, &(0x7f00000000c0)) socket$unix(0x1, 0x1, 0x0) r1 = openat$vcs(0xffffffffffffff9c, &(0x7f0000000080), 0x2801, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(r1, 0x0, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) bind$unix(r2, &(0x7f0000000040)=@file={0x8d10a9aa815b923, './file2\x00'}, 0x6e) listen(r2, 0x0) r3 = syz_usb_connect(0x4, 0x2d, &(0x7f0000000180)=ANY=[@ANYBLOB="1201fb0009030320d812010079de01ec020109021b0001000003000904000001785ecc00090585020004"], 0x0) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) read$char_usb(r4, &(0x7f0000000000)=""/188, 0xbc) syz_usb_connect(0x0, 0x24, &(0x7f0000000140)=ANY=[@ANYBLOB="12018000e215ba40d11248670b49010200ff024600"], 0x0) syz_usb_disconnect(0xffffffffffffffff) syz_usb_disconnect(0xffffffffffffffff) syz_usb_disconnect(0xffffffffffffffff) syz_usb_disconnect(r3) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000040)={'dvmrp1\x00', 0x200}) socket(0x10, 0x803, 0x0) socket$unix(0x1, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) mknodat(0xffffffffffffff9c, &(0x7f0000000000)='./file2\x00', 0x81c0, 0x0) syz_clone(0x86000, &(0x7f0000000580)="58074cb9000000000054d828b071bbb1a2c0d76da24eee23974fc7c40baf86ec2358505ab65d092928bbf86331c8f08115ca901e59568aa1010e10330f02026687e408133f0086a735020000000000003ee9136293b4fb0189ba0c846a4ec9e2046566adec1a84f2253bdf0e281a87e2e8ed72f71c612e636f707f001ea14362672a76e9ddda7665139da7ddddd01fd09b82a7136466221028bccc0dbd6e5f07232cf281bacf662cf0186043736e5d7f180775916ca13ede76d9da106bc58f81932f029b9b0beee914713cda06368c1408966405c532009fab269002fbffc9beeae8c4546ff7e26ba93142f962cbec000000000000000000000000007e318192589ac39426af517afb9174e2c460960e69aee2133a65ed57998d590d35357d818f5fe5a5d1c34e86bd34fec6e436e0bbcb3ea2a4df8bc7812c1d083f4730d22f4ad5d35ed860ae2066f747ded04573bcaa188543c16ede97a7f17b32faeaacd6aaf59a06ccf14d55393f471de8617b76768a633905fad70e32e389a7ffe325670caee237fa369698efb52845bfde7d82b84107ee5809a73147ea86aa638d9a686a1c2fd5373ceeeead8896f3340985b982a2cb9097d5276aefb835aec7d87f6304d7902cb91f42e2a3a094202ff13bc4aef4ff28e0", 0x1d5, &(0x7f0000000200), &(0x7f0000000240), &(0x7f0000000500)="48a989b015acf71f66a60392b1516e3fd13e9455187984729501336e3ad9f5e45573a862a1cb83ed3d8effea00"/55) execve(&(0x7f0000000140)='./file2\x00', 0x0, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) 1.144449515s ago: executing program 4 (id=724): write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz1\x00', {0x3, 0x2, 0x1, 0xfffa}, 0x38, [0x8000, 0xc95a, 0xf, 0x8, 0x83, 0x2, 0x3, 0x7f, 0xa9, 0x4d, 0x6, 0x5f, 0x9, 0x15, 0xffff2d37, 0xff7fff01, 0x6, 0x4640, 0x7, 0x5, 0x8006, 0x0, 0x7, 0x3c5b, 0x1, 0x1db, 0x10, 0x5, 0x0, 0xfffffffb, 0xe661, 0x4, 0x7, 0x20003, 0x8, 0x4c74, 0x6, 0x242, 0x3, 0x11, 0x4, 0x80008071, 0x9, 0x17, 0x1, 0x7, 0x5, 0x3e, 0x18e, 0x9, 0x6, 0x454f, 0x6, 0x4, 0x8, 0x3ff, 0x80, 0x0, 0x5, 0x6, 0x8, 0x8000, 0x1, 0x40], [0x10000007, 0x7, 0x8000012f, 0x8001, 0x5, 0xfffffff3, 0x129432f6, 0xc8, 0xf1, 0xe, 0x2bf, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x2f, 0xe, 0x312, 0x66abcbd2, 0xea4, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x400, 0x401, 0x6, 0x1, 0x8, 0x5, 0xfffff575, 0x5f31, 0x100d, 0x4e0, 0x381, 0x8, 0xb, 0x4, 0x9, 0x8, 0x5, 0x6, 0x47, 0x4, 0x1, 0xfe000000, 0x8, 0x2, 0x1, 0x9, 0x3, 0x3, 0x4000009, 0x6, 0x0, 0xfffffff8, 0xbc45, 0x48c93690, 0x42, 0x3], [0x4, 0x408, 0x4, 0x5, 0xfffffffd, 0x100, 0x4, 0x9, 0x5, 0x7fff, 0x0, 0x9, 0xb, 0x4, 0x33c9, 0x5, 0x0, 0x1ec, 0x5, 0x8, 0x8001, 0x3, 0x303c, 0xfffffffa, 0x8000000b, 0x5, 0x2, 0x2, 0x400003, 0x20000004, 0x4, 0x40006d01, 0x6, 0x38, 0x800003, 0x200, 0x80, 0x3, 0x0, 0x2950bfaf, 0x1000, 0xa1, 0x4, 0xa9, 0x5, 0x0, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0xa, 0xffffffff, 0x5, 0x2, 0x120000, 0x807ff, 0x2006, 0x80a2ef, 0x1, 0x25], [0x9, 0xbb33, 0x7, 0xb, 0x5, 0x1938, 0x6, 0x6, 0x0, 0xb9, 0x0, 0x1ff, 0x2, 0x57, 0x5, 0x3, 0x2, 0x10000, 0x4, 0x7fff, 0xffff, 0xa620, 0x1, 0x5, 0x1, 0x2000002, 0x3, 0x60a7, 0x106, 0x7, 0xffffffff, 0x80000000, 0x0, 0x5, 0xc8, 0x1, 0xfffff000, 0xffff, 0x3, 0x7e, 0x100, 0x9622, 0x107, 0xaf, 0x20000008, 0x5, 0x226, 0x2, 0x5, 0x0, 0x30b1d693, 0xa1f, 0xf40, 0x7, 0x530e, 0x6c1b, 0x0, 0x4, 0x5, 0x803, 0xd7, 0x200, 0xb, 0xfff]}, 0x45c) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_xfrm(0x10, 0x3, 0x6) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r3, 0x8933, &(0x7f00000000c0)={'batadv_slave_1\x00', 0x0}) r5 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000240), 0x42, 0x0) read$FUSE(r5, &(0x7f0000006380)={0x2020, 0x0, 0x0, 0x0, 0x0}, 0x2020) r9 = openat(0xffffffffffffff9c, &(0x7f0000000280)='./file0\x00', 0x24c01, 0x0) write$FUSE_ENTRY(r9, &(0x7f0000000340)={0x90, 0x0, r6, {0x2, 0x1000000, 0xa, 0x0, 0x800, 0x7, {0x6, 0x3, 0x7ff, 0x5, 0x51b5, 0x100, 0x0, 0x7fffffff, 0xf5, 0x0, 0x9, r7, r8, 0x6, 0x3e}}}, 0x90) sendmsg$nl_xfrm(r3, &(0x7f00000002c0)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000280)={&(0x7f0000000740)=ANY=[@ANYBLOB="300200001c00210125bd7000fddbdf252be400060064010102000000000000000000000000fe8000000000000000000000000000aa4e2100004e2135380a00008032000000", @ANYRES32=r4, @ANYRES32=r7, @ANYRES8=r8, @ANYRES32=0x0, @ANYBLOB="0200000028001a00ff020000000000000000000000000001ac1e01010000000000000000000000001400fb80c600120063636d2d6165732d6365000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000d0030000a0000000b45a057a2d64c6a1c385f640c0e7136009b878142e5f64b6a7da9c5f74f432325e0693e22c97382c3c0a920b9dbebf4dde0605368df90b2bc0ac31fb340830a65edbd06368cea6c5ef2aae316d45e82ac91ec4f431f085acb97e600e0bc7bd50ea76089037af2174785382ac958fd05238ccbb6ccedfa886c4e300002c001300ac14142e000000000000000000000000ac1414aa000000000000000000000000000000000a0000000800180000000000000000"], 0x230}, 0x1, 0x0, 0x0, 0x884}, 0x4008882) sendmsg$nl_route(r2, &(0x7f0000000280)={&(0x7f0000000080)={0x10, 0x0, 0x0, 0x800000}, 0xc, &(0x7f00000001c0)={&(0x7f00000000c0)=@ipv6_deladdrlabel={0x40, 0x49, 0x800, 0x70bd25, 0x25dfdbfd, {0xa, 0x0, 0x18, 0x0, r4, 0x6}, [@IFAL_LABEL={0x8}, @IFAL_LABEL={0x8, 0x2, 0x1}, @IFAL_ADDRESS={0x14, 0x1, @remote}]}, 0x40}, 0x1, 0x0, 0x0, 0x11}, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000040)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @local}, 0x2}}, 0x26) r10 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r10, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000100)=[@text64={0x40, &(0x7f0000000200)="f7790066baa00066b86b4276ef66ba420266b8e20066ef0f29902cbb0000c4e2b1ba8c88d9000000666666440f38826b410f7842280f07b8010000000f01d9c4033921820f47a753fd", 0x49}], 0x1, 0x43, 0x0, 0x0) syz_kvm_setup_cpu$x86(r1, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000980)=[@textreal={0x8, 0x0}], 0x1, 0x51, 0x0, 0x0) ioctl$KVM_RUN(r10, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r10, 0x4400ae8f, &(0x7f0000000140)=@arm64={0x7, 0xf, 0x9, '\x00', 0x9}) ioctl$KVM_RUN(r10, 0xae80, 0x0) 1.061947142s ago: executing program 0 (id=725): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f00000000c0), 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000200)={'caif0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000400)=@newqdisc={0x50, 0x24, 0x4ee4e6a52ff56541, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_netem={{0xa}, {0x20, 0x2, {{}, [@TCA_NETEM_LOSS={0x4}]}}}]}, 0x50}}, 0x0) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r0], 0x448}}, 0x0) sendmmsg$inet(r0, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) 1.00238972s ago: executing program 1 (id=726): r0 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(r0, 0xc0a85320, &(0x7f00000005c0)={{0x80}, 'port0\x00', 0xf2, 0x114fa, 0x2000, 0x8000008, 0x3, 0x4, 0x1, 0x0, 0x6}) r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000100), 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_CLIENT_POOL(r1, 0x40505330, &(0x7f00000001c0)={0x800100, 0xfffffffd, 0x2, 0x6, 0x1101, 0x1}) (fail_nth: 3) 858.997076ms ago: executing program 0 (id=727): syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1269060f2601000000000010d42203150000000000010902240001000000000904000001030000005be05fe45ddc6513f71e09210000"], 0x0) syz_open_dev$swradio(&(0x7f00000046c0), 0x1, 0x2) socket$inet6_udp(0xa, 0x2, 0x0) openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x802, 0x0) socket$nl_route(0x10, 0x3, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x20000000000001f4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) socket$nl_generic(0x10, 0x3, 0x10) r0 = syz_io_uring_setup(0x24fa, &(0x7f00000006c0)={0x0, 0x91f6, 0x10100, 0x0, 0x1c5}, &(0x7f0000000100)=0x0, &(0x7f0000000180)=0x0) r3 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) r4 = syz_open_procfs(0x0, &(0x7f0000000280)='timers\x00') syz_genetlink_get_family_id$l2tp(&(0x7f00000001c0), r4) sendmsg$L2TP_CMD_SESSION_GET(r4, &(0x7f0000000300)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x40}, 0xc, 0x0}, 0x10) pread64(r4, &(0x7f0000000040)=""/44, 0x2c, 0x40) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r4, 0xc0502100, &(0x7f0000000480)) ioctl$IOMMU_IOAS_ALLOC(r4, 0x3b81, &(0x7f0000000140)={0xc}) write$UHID_CREATE2(r3, &(0x7f0000000040)=ANY=[@ANYRES64=r0], 0x118) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x11, r3, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000000)=@IORING_OP_SEND={0x1a, 0x4, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x24844}) io_uring_enter(r0, 0x2d3e, 0x0, 0x0, 0x0, 0x0) 473.732657ms ago: executing program 1 (id=728): r0 = syz_usb_connect(0x0, 0x0, 0x0, 0x0) bpf$MAP_CREATE(0xb00000000000000, &(0x7f0000004080)=@base={0x8, 0x4, 0x4, 0xbf22, 0x0, 0xffffffffffffffff, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0xfffffffd, 0x4, 0x0, 0x0, @void, @value, @void, @value}, 0x50) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_usb_connect(0x5, 0x2d, &(0x7f0000000400)={{0x12, 0x1, 0x0, 0xce, 0xf8, 0xbd, 0x8, 0xe41, 0x4142, 0xbc76, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x6a, 0x2f, 0xf6, 0x0, [], [{{0x9, 0x5, 0x1, 0x8, 0x200, 0xb, 0x8, 0x64}}]}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r3, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f00000003c0)={0x24, 0x0, &(0x7f0000000300)=ANY=[@ANYBLOB="00000403071000000000"], &(0x7f0000000340)={0x0, 0x22, 0x10, {[@local=@item_012={0x0, 0x2, 0x3}, @local=@item_4={0x3, 0x2, 0xa, "aaacaff6"}, @local=@item_012={0x1, 0x2, 0x8, "9e"}, @local=@item_012={0x2, 0x2, 0x1, 'b^'}, @main=@item_4={0x3, 0x0, 0x8, "2e08cd0f"}]}}, &(0x7f0000000380)={0x0, 0x21, 0x9, {0x9, 0x21, 0x0, 0x3, 0x1, {0x22, 0x15a}}}}, &(0x7f00000006c0)={0x2c, &(0x7f0000000440)={0x20, 0xd}, &(0x7f0000000500)={0x0, 0xa, 0x1, 0x9}, &(0x7f0000000540)={0x0, 0x8, 0x1, 0x2}, &(0x7f0000000580)={0x20, 0x1, 0xdd, "0bae53d45bd7953bf95a8d77cae003940ea2d9345d04e7abffe074ec0391c5ba428c8535aac0bd5ed99e4e00e68b6f3dacc2751b1392d7108ffaa74b03d9b409c22b88f75180e4665f413938a48f34c27cb62b7a9f904eeeef606c087bf7e673b6f56501ed210321744989abf6f2c4ebd7c12f3b8222283c88497e7354a65a6aa3778f1eb2479a557c044353ebaf3e50b9024fa2773057cff0c1687058ef1f7a35098b751eadbde5270246b8ff1b3a01e3c2b0aa09564bf7fb79ec06ab6fa3f8cfd72e490d4b3cf10f7684d480919c48ce61a21edf402a45b52da15bd5"}, &(0x7f0000000680)={0x20, 0x3, 0x1, 0x5}}) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$DRM_IOCTL_SYNCOBJ_FD_TO_HANDLE_SYNC_FILE(0xffffffffffffffff, 0xc01064c2, &(0x7f00000001c0)) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r6, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x1) r8 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r9 = dup(r8) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r9, 0x2000) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) open_by_handle_at(r6, &(0x7f0000000240)=ANY=[], 0x10000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) ioctl$TIOCSERGETLSR(0xffffffffffffffff, 0x5459, &(0x7f0000000000)) ioctl$KVM_PRE_FAULT_MEMORY(r7, 0xc040aed5, &(0x7f00000000c0)={0x1000, 0x118000}) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=@ipv4_newrule={0x28, 0x20, 0x1, 0x0, 0x0, {}, [@FRA_TUN_ID={0xc, 0x14}]}, 0x28}}, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) 100.344665ms ago: executing program 3 (id=729): syz_usb_connect(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="130100002add1e20ef050a023691010203010902240001000000000904000002ea1998000905a6a7f5ecf56c00090507", @ANYRES32], 0x0) r0 = syz_usb_connect$uac1(0x3, 0xe9, &(0x7f0000000180)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0xd7, 0x3, 0x1, 0xf, 0x3923839ffe3b13b, 0xe, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x7fff, 0x8}, [@output_terminal={0x9, 0x24, 0x3, 0x3, 0x303, 0x4, 0x1, 0x1}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0xe7, 0x3, 0x5}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x9, 0x3, 0x5, 0x7, "9a", "e1"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x6, 0x2, 0x6, 0x3, "68af6949e0234f9e"}, @as_header={0x7, 0x24, 0x1, 0xd1, 0x80}, @format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0x40, 0x8, 0x4, "9796b34c4b"}]}, {{0x9, 0x5, 0x1, 0x9, 0x200, 0x8, 0x2, 0xfa, {0x7, 0x25, 0x1, 0x0, 0xb9, 0x4}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@as_header={0x7, 0x24, 0x1, 0x9f, 0x0, 0x4}, @format_type_i_discrete={0xa, 0x24, 0x2, 0x1, 0x4d, 0x2, 0x81, 0xbf, "1b2c"}, @format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x52, 0x2, 0x1, 0x8d, "a073"}, @format_type_i_discrete={0xc, 0x24, 0x2, 0x1, 0x1, 0x9, 0x5, 0xe, "9dd810aa"}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x0, 0x2, 0xfd, 0xc, '@', "f8d7"}, @as_header={0x7, 0x24, 0x1, 0x2}]}, {{0x9, 0x5, 0x82, 0x9, 0x10, 0x4, 0xf, 0x9, {0x7, 0x25, 0x1, 0x82, 0xfb, 0x4}}}}}}}]}}, &(0x7f0000000340)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x201, 0x6, 0x7, 0xa0, 0x10, 0x8}, 0xf, &(0x7f0000000280)={0x5, 0xf, 0xf, 0x1, [@generic={0xa, 0x10, 0xa, "c8f4c26b6f7a6c"}]}, 0x2, [{0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x3001}}, {0x4, &(0x7f0000000300)=@lang_id={0x4, 0x3, 0x3409}}]}) syz_usb_control_io(r0, 0x0, &(0x7f0000000780)={0x84, &(0x7f0000000000)={0x0, 0x16, 0x1, "13"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r1 = socket(0x10, 0x803, 0x2) r2 = getpgid(0x0) process_vm_writev(r2, &(0x7f0000002040)=[{&(0x7f0000000ec0)=""/233, 0xe9}], 0x1, &(0x7f0000003600)=[{&(0x7f0000002080)=""/19, 0x13}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}, {0x0}], 0x9, 0x0) connect$netlink(r1, &(0x7f0000000080)=@kern={0x10, 0x0, 0x0, 0x20000000}, 0xc) connect$netlink(r1, &(0x7f0000000000)=@kern={0x10, 0x0, 0x0, 0x11200000}, 0xc) r3 = syz_usbip_server_init(0x2) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@abs, 0x6e) r6 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$TUNGETVNETLE(r6, 0xc0189436, &(0x7f0000001940)) sendmmsg$unix(r5, &(0x7f00000bd000), 0x318, 0x0) set_mempolicy(0x3, &(0x7f00000000c0)=0x3, 0x5) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000080), 0x129202, 0x0) ioctl$SNDCTL_DSP_SETFMT(r7, 0xc0045005, &(0x7f0000000140)=0x2000) syz_emit_ethernet(0x0, 0x0, 0x0) fallocate(r3, 0x80, 0xffffffffffffffff, 0x6) 63.798075ms ago: executing program 4 (id=730): pipe(0x0) r0 = socket$inet6(0xa, 0x3, 0x7) r1 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_IPV6_FLOWLABEL_MGR(r1, 0x29, 0x20, &(0x7f00000000c0)={@mcast1, 0x800, 0x0, 0x103, 0x1}, 0x20) setsockopt$inet6_int(r1, 0x29, 0x1000000000021, &(0x7f00000005c0)=0x1, 0x4) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x0, 0x2, r0}, 0x2) sendmsg$inet6(r1, &(0x7f0000000600)={&(0x7f0000000080)={0xa, 0x4e20, 0x1000000080000, @dev={0xfe, 0x80, '\x00', 0x3f}}, 0x1c, 0x0, 0x0, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000029000000040000002b00000000000007140000000000000029"], 0x30}, 0x0) 0s ago: executing program 4 (id=731): socket$inet_udp(0x2, 0x2, 0x0) nanosleep(0x0, 0x0) syz_usb_connect$uac1(0x0, 0xac, &(0x7f0000000240)=ANY=[@ANYBLOB="12010000000000106b1d010140000102030109029a0003010000000904000000010100000a24010000000201020c24020000000000000800000524050000082407000000009e0c240700000000a3e82f07070d240701060000fd80000000e80924030000000001"], 0x0) r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x1000, 0x2}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x8, 0x0, &(0x7f0000000340)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000780)={0x44, 0x0, &(0x7f0000000900)=[@transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000180)={0x4c, 0x0, &(0x7f0000000100)=[@transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x30, 0x0, 0x2000000, 0x0, 0x0, 0x0, 0x0}, 0x1000}], 0x0, 0x0, 0x0}) kernel console output (not intermixed with test programs): 161.044463][ T6745] dvb-usb: bulk message failed: -22 (4/0) [ 161.071957][ T6745] cxusb: i2c read failed [ 161.085081][ T9] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 161.110720][ T9] usb 3-1: selecting invalid altsetting 6 [ 161.117580][ T9] usb 3-1: digital interface selection failed (-22) [ 161.125461][ T9] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 161.136644][ T9] usb 3-1: setting power OFF [ 161.141473][ T9] dvb-usb: bulk message failed: -22 (2/0) [ 161.147613][ T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 161.156970][ T9] (NULL device *): no alternate interface [ 161.168668][ T6776] netlink: 'syz.4.247': attribute type 4 has an invalid length. [ 161.185197][ T10] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 161.212125][ T9] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 161.227706][ T9] usb 3-1: USB disconnect, device number 14 [ 161.253993][ T5941] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 161.343955][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 161.351289][ T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 161.363153][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 161.377401][ T10] usb 2-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 161.389028][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.399408][ T10] usb 2-1: Product: syz [ 161.403621][ T10] usb 2-1: Manufacturer: syz [ 161.410024][ T10] usb 2-1: SerialNumber: syz [ 161.418087][ T5941] usb 1-1: config index 0 descriptor too short (expected 23569, got 27) [ 161.427996][ T5941] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 161.438534][ T10] usb 2-1: config 0 descriptor?? [ 161.447783][ T10] em28xx 2-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 161.457324][ T10] em28xx 2-1:0.0: Audio interface 0 found (Vendor Class) [ 161.465725][ T5941] usb 1-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 161.475367][ T5941] usb 1-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 161.486194][ T5941] usb 1-1: Manufacturer: syz [ 161.493725][ T5941] usb 1-1: config 0 descriptor?? [ 161.593997][ T5941] rc_core: IR keymap rc-hauppauge not found [ 161.600322][ T5941] Registered IR keymap rc-empty [ 161.612874][ T5941] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0 [ 161.643785][ T5941] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/rc/rc0/input11 [ 161.675878][ T6768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 161.695513][ T6768] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 161.720105][ T6779] FAULT_INJECTION: forcing a failure. [ 161.720105][ T6779] name failslab, interval 1, probability 0, space 0, times 0 [ 161.754895][ T6779] CPU: 1 UID: 0 PID: 6779 Comm: syz.2.248 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 161.754923][ T6779] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 161.754935][ T6779] Call Trace: [ 161.754943][ T6779] [ 161.754951][ T6779] dump_stack_lvl+0x189/0x250 [ 161.755001][ T6779] ? __pfx____ratelimit+0x10/0x10 [ 161.755081][ T6779] ? __pfx_dump_stack_lvl+0x10/0x10 [ 161.755112][ T6779] ? __pfx__printk+0x10/0x10 [ 161.755138][ T6779] ? __pfx___might_resched+0x10/0x10 [ 161.755171][ T6779] should_fail_ex+0x414/0x560 [ 161.755203][ T6779] should_failslab+0xa8/0x100 [ 161.755232][ T6779] kmem_cache_alloc_noprof+0x73/0x3c0 [ 161.755255][ T6779] ? getname_flags+0xb8/0x540 [ 161.755286][ T6779] getname_flags+0xb8/0x540 [ 161.755317][ T6779] __x64_sys_renameat2+0xad/0xe0 [ 161.755345][ T6779] do_syscall_64+0xfa/0x3b0 [ 161.755370][ T6779] ? lockdep_hardirqs_on+0x9c/0x150 [ 161.755394][ T6779] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.755414][ T6779] ? clear_bhb_loop+0x60/0xb0 [ 161.755439][ T6779] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 161.755458][ T6779] RIP: 0033:0x7f8bc718e969 [ 161.755477][ T6779] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 161.755495][ T6779] RSP: 002b:00007f8bc7f84038 EFLAGS: 00000246 ORIG_RAX: 000000000000013c [ 161.755516][ T6779] RAX: ffffffffffffffda RBX: 00007f8bc73b5fa0 RCX: 00007f8bc718e969 [ 161.755529][ T6779] RDX: ffffffffffffff9c RSI: 0000200000000480 RDI: ffffffffffffff9c [ 161.755546][ T6779] RBP: 00007f8bc7f84090 R08: 0000000000000002 R09: 0000000000000000 [ 161.755556][ T6779] R10: 00002000000004c0 R11: 0000000000000246 R12: 0000000000000001 [ 161.755565][ T6779] R13: 0000000000000000 R14: 00007f8bc73b5fa0 R15: 00007f8bc74dfa28 [ 161.755587][ T6779] [ 161.990266][ T5941] usb 1-1: USB disconnect, device number 12 [ 162.176091][ T10] em28xx 2-1:0.0: unknown em28xx chip ID (0) [ 162.186041][ T10] em28xx 2-1:0.0: Config register raw data: 0xfffffffb [ 162.527946][ T6794] FAULT_INJECTION: forcing a failure. [ 162.527946][ T6794] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 162.556898][ T6794] CPU: 1 UID: 0 PID: 6794 Comm: syz.3.254 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 162.556926][ T6794] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 162.556938][ T6794] Call Trace: [ 162.556945][ T6794] [ 162.556961][ T6794] dump_stack_lvl+0x189/0x250 [ 162.557005][ T6794] ? __pfx____ratelimit+0x10/0x10 [ 162.557026][ T6794] ? __pfx_dump_stack_lvl+0x10/0x10 [ 162.557052][ T6794] ? __pfx__printk+0x10/0x10 [ 162.557080][ T6794] should_fail_ex+0x414/0x560 [ 162.557108][ T6794] _copy_from_user+0x2d/0xb0 [ 162.557127][ T6794] get_user_ifreq+0x6c/0x180 [ 162.557156][ T6794] sock_ioctl+0x6dd/0x790 [ 162.557185][ T6794] ? __pfx_sock_ioctl+0x10/0x10 [ 162.557213][ T6794] ? __fget_files+0x3a0/0x420 [ 162.557235][ T6794] ? __fget_files+0x2a/0x420 [ 162.557259][ T6794] ? bpf_lsm_file_ioctl+0x9/0x20 [ 162.557279][ T6794] ? __pfx_sock_ioctl+0x10/0x10 [ 162.557305][ T6794] __se_sys_ioctl+0xf9/0x170 [ 162.557325][ T6794] do_syscall_64+0xfa/0x3b0 [ 162.557346][ T6794] ? lockdep_hardirqs_on+0x9c/0x150 [ 162.557367][ T6794] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.557384][ T6794] ? clear_bhb_loop+0x60/0xb0 [ 162.557404][ T6794] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 162.557422][ T6794] RIP: 0033:0x7ff54cb8e969 [ 162.557437][ T6794] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 162.557452][ T6794] RSP: 002b:00007ff54daaf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 162.557471][ T6794] RAX: ffffffffffffffda RBX: 00007ff54cdb5fa0 RCX: 00007ff54cb8e969 [ 162.557484][ T6794] RDX: 0000200000000000 RSI: 00000000000089f3 RDI: 0000000000000003 [ 162.557495][ T6794] RBP: 00007ff54daaf090 R08: 0000000000000000 R09: 0000000000000000 [ 162.557506][ T6794] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 162.557516][ T6794] R13: 0000000000000000 R14: 00007ff54cdb5fa0 R15: 00007ff54cedfa28 [ 162.557543][ T6794] [ 162.724076][ T5946] usb 5-1: new low-speed USB device number 13 using dummy_hcd [ 162.810264][ T10] em28xx 2-1:0.0: Unknown AC97 audio processor detected! [ 162.924397][ T5946] usb 5-1: Invalid ep0 maxpacket: 64 [ 163.029659][ T10] em28xx 2-1:0.0: couldn't setup AC97 register 2 [ 163.039623][ T10] em28xx 2-1:0.0: couldn't setup AC97 register 4 [ 163.048322][ T10] em28xx 2-1:0.0: couldn't setup AC97 register 6 [ 163.056389][ T10] em28xx 2-1:0.0: couldn't setup AC97 register 54 [ 163.063330][ T10] em28xx 2-1:0.0: couldn't setup AC97 register 56 [ 163.075435][ T10] usb 2-1: USB disconnect, device number 15 [ 163.172872][ T5946] usb 5-1: new low-speed USB device number 14 using dummy_hcd [ 163.374082][ T5946] usb 5-1: Invalid ep0 maxpacket: 64 [ 163.391044][ T5946] usb usb5-port1: attempt power cycle [ 163.396584][ T5941] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 163.591920][ T5941] usb 4-1: config index 0 descriptor too short (expected 60401, got 77) [ 163.605297][ T5941] usb 4-1: config 118 has too many interfaces: 244, using maximum allowed: 32 [ 163.614072][ T24] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 163.649839][ T5941] usb 4-1: config 118 has an invalid descriptor of length 138, skipping remainder of the config [ 163.700606][ T5941] usb 4-1: config 118 has 0 interfaces, different from the descriptor's value: 244 [ 163.723356][ T5941] usb 4-1: New USB device found, idVendor=08fe, idProduct=0003, bcdDevice=d7.3b [ 163.742706][ T6804] netlink: 'syz.1.257': attribute type 11 has an invalid length. [ 163.772005][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 163.781521][ T5946] usb 5-1: new low-speed USB device number 15 using dummy_hcd [ 163.786050][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 163.816572][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 163.834226][ T5941] usb 4-1: Product: syz [ 163.861233][ T5941] usb 4-1: Manufacturer: syz [ 163.866924][ T5941] usb 4-1: SerialNumber: syz [ 163.872307][ T5946] usb 5-1: Invalid ep0 maxpacket: 64 [ 163.947522][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 163.990779][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.006715][ T5946] usb 5-1: new low-speed USB device number 16 using dummy_hcd [ 164.038456][ T24] usb 3-1: config 0 descriptor?? [ 164.046735][ T6806] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 164.052917][ T5946] usb 5-1: Invalid ep0 maxpacket: 64 [ 164.062574][ T5946] usb usb5-port1: unable to enumerate USB device [ 164.066630][ T24] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 164.547565][ T5956] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 164.738247][ T5956] usb 1-1: config 255 has an invalid interface number: 57 but max is 1 [ 164.748816][ T5956] usb 1-1: config 255 has an invalid descriptor of length 148, skipping remainder of the config [ 164.775160][ T5956] usb 1-1: config 255 has 1 interface, different from the descriptor's value: 2 [ 164.791296][ T5956] usb 1-1: config 255 has no interface number 0 [ 164.802934][ T5956] usb 1-1: config 255 interface 57 altsetting 103 has an invalid endpoint descriptor of length 5, skipping [ 164.897683][ T5956] usb 1-1: config 255 interface 57 altsetting 103 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 164.923378][ T5956] usb 1-1: config 255 interface 57 has no altsetting 0 [ 164.957114][ T5956] usb 1-1: New USB device found, idVendor=10b8, idProduct=1e14, bcdDevice=a1.7a [ 164.967020][ T5956] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.975475][ T5956] usb 1-1: Product: 礪쇶񂕿ힱ뮌閆퀸↶ꚿ虜响㕭獻녌摼闝䦻ꖟĦ㸊岊氿𿾓梄ਲ㿁ᲇ䥁ᣦ䗂齍笗♌킅㪋 [ 164.998071][ T5956] usb 1-1: Manufacturer: 걘롆옾罫䊼ꠄ撡嗞ꦅ⳿柋诋新㫆퀻䄧蕯彃쩕ᝰ횂銤數⭖ෙẈ搠낅眡㽀쥚밀깭ᦠ䤇綿俒誁憞ᤶ컼ቼ岇鈡錅꽙ﬗ୭뭓棄帕୒縶접⭘䠟ﺹ푅 [ 165.019069][ T5956] usb 1-1: SerialNumber: syz [ 165.132244][ T5946] usb 3-1: USB disconnect, device number 15 [ 165.309525][ T5956] dvb-usb: found a 'DiBcom STK7700P reference design' in cold state, will try to load a firmware [ 165.448538][ T5956] dvb-usb: downloading firmware from file 'dvb-usb-dib0700-1.20.fw' [ 165.492457][ T5956] dib0700: firmware download failed at 7 with -22 [ 165.557240][ T5956] usb 1-1: USB disconnect, device number 13 [ 165.761322][ T6822] netlink: 76 bytes leftover after parsing attributes in process `syz.2.262'. [ 165.762237][ T6821] xt_CHECKSUM: CHECKSUM should be avoided. If really needed, restrict with "-p udp" and only use in OUTPUT [ 166.054102][ T979] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 166.074324][ T5956] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 166.152445][ T5941] usb 4-1: USB disconnect, device number 16 [ 166.233530][ T979] usb 3-1: device descriptor read/64, error -71 [ 166.267061][ T5956] usb 2-1: Using ep0 maxpacket: 16 [ 166.279653][ T5956] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 166.300886][ T5956] usb 2-1: New USB device found, idVendor=1781, idProduct=0898, bcdDevice= 0.00 [ 166.313183][ T5956] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.329760][ T5956] usb 2-1: config 0 descriptor?? [ 166.343292][ T5956] pxrc 2-1:0.0: Could not find endpoint [ 166.494028][ T979] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 166.551150][ T6836] netlink: 8 bytes leftover after parsing attributes in process `syz.3.268'. [ 166.596257][ T30] audit: type=1326 audit(1748404431.234:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6835 comm="syz.3.268" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7ff54cb8e969 code=0x0 [ 166.617823][ C1] vkms_vblank_simulate: vblank timer overrun [ 166.642145][ T979] usb 3-1: device descriptor read/64, error -71 [ 166.774208][ T979] usb usb3-port1: attempt power cycle [ 166.799368][ T5941] usb 2-1: USB disconnect, device number 16 [ 166.831895][ T6840] netlink: 'syz.0.269': attribute type 29 has an invalid length. [ 166.843917][ T6840] netlink: 'syz.0.269': attribute type 29 has an invalid length. [ 166.943984][ T10] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 167.011143][ T6844] bridge_slave_0: left allmulticast mode [ 167.029686][ T6844] bridge_slave_0: left promiscuous mode [ 167.036001][ T6844] bridge0: port 1(bridge_slave_0) entered disabled state [ 167.054717][ T6844] bridge_slave_1: left allmulticast mode [ 167.060408][ T6844] bridge_slave_1: left promiscuous mode [ 167.067891][ T6844] bridge0: port 2(bridge_slave_1) entered disabled state [ 167.080331][ T6844] bond0: (slave bond_slave_0): Releasing backup interface [ 167.091566][ T6844] bond0: (slave bond_slave_1): Releasing backup interface [ 167.109890][ T6844] team0: Port device team_slave_0 removed [ 167.127041][ T10] usb 4-1: config index 0 descriptor too short (expected 23569, got 27) [ 167.130265][ T6844] team0: Port device team_slave_1 removed [ 167.141283][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 167.141750][ T979] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 167.163069][ T10] usb 4-1: New USB device found, idVendor=03eb, idProduct=0002, bcdDevice=ba.c0 [ 167.164275][ T6844] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 167.172779][ T10] usb 4-1: New USB device strings: Mfr=5, Product=0, SerialNumber=0 [ 167.180006][ T6844] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 167.191163][ T10] usb 4-1: Manufacturer: syz [ 167.201325][ T6844] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 167.202949][ T10] usb 4-1: config 0 descriptor?? [ 167.208824][ T6844] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 167.229217][ T979] usb 3-1: device descriptor read/8, error -71 [ 167.283951][ T5941] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 167.343942][ T10] rc_core: IR keymap rc-hauppauge not found [ 167.349894][ T10] Registered IR keymap rc-empty [ 167.379817][ T10] rc rc0: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0 [ 167.406426][ T10] input: IgorPlug-USB IR Receiver as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/rc/rc0/input12 [ 167.449366][ T5941] usb 5-1: Using ep0 maxpacket: 16 [ 167.456881][ T5941] usb 5-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 167.470344][ T5941] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 167.484061][ T979] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 167.493031][ T5941] usb 5-1: config 0 descriptor?? [ 167.508411][ T5941] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 167.517984][ T979] usb 3-1: device descriptor read/8, error -71 [ 167.650564][ T5955] usb 4-1: USB disconnect, device number 17 [ 167.660022][ T979] usb usb3-port1: unable to enumerate USB device [ 167.833955][ T30] audit: type=1800 audit(1748404432.454:293): pid=6860 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed comm="syz.1.274" name="SYSV00000000" dev="hugetlbfs" ino=0 res=0 errno=0 [ 168.309462][ T6846] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.318381][ T6846] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.327650][ T6865] netlink: 'syz.0.276': attribute type 4 has an invalid length. [ 168.614294][ T5941] gspca_sonixj: reg_r err -110 [ 168.619212][ T5941] sonixj 5-1:0.0: probe with driver sonixj failed with error -110 [ 168.848934][ T979] usb 5-1: USB disconnect, device number 17 [ 169.373971][ T5955] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 169.414367][ T979] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 169.583971][ T5955] usb 2-1: Using ep0 maxpacket: 8 [ 169.601780][ T5955] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 169.644080][ T979] usb 5-1: Using ep0 maxpacket: 8 [ 169.737515][ T5955] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 169.772846][ T5955] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 169.809481][ T5955] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 169.824669][ T979] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 169.849381][ T979] usb 5-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 169.861483][ T5955] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 169.874429][ T979] usb 5-1: config 1 has no interface number 1 [ 169.894199][ T5955] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 169.902303][ T979] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 170.159841][ T6876] netlink: 4 bytes leftover after parsing attributes in process `syz.1.281'. [ 170.169857][ T5955] usb 2-1: GET_CAPABILITIES returned 0 [ 170.175867][ T5955] usbtmc 2-1:16.0: can't read capabilities [ 170.223827][ T979] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 170.248936][ T979] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.277455][ T979] usb 5-1: Manufacturer: ೵侻ਙȯﺨ╹沛ꁋ [ 170.590335][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 172.136221][ T5955] usb 2-1: USB disconnect, device number 17 [ 172.406137][ T979] usb 5-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 172.464551][ T6914] misc userio: The device must be registered before sending interrupts [ 172.624071][ T979] usb 5-1: USB disconnect, device number 18 [ 172.746112][ T6925] netlink: 'syz.3.293': attribute type 4 has an invalid length. [ 172.781181][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 172.854205][ T5955] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 173.024138][ T5955] usb 2-1: Using ep0 maxpacket: 32 [ 173.046888][ T5955] usb 2-1: unable to get BOS descriptor or descriptor too short [ 173.082253][ T5955] usb 2-1: config 253 has an invalid interface number: 202 but max is 0 [ 173.125567][ T5955] usb 2-1: config 253 has no interface number 0 [ 173.160387][ T5955] usb 2-1: New USB device found, idVendor=13b1, idProduct=0000, bcdDevice= 0.00 [ 173.184658][ T5955] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 173.210243][ T5955] usb 2-1: Product: syz [ 173.230040][ T5955] usb 2-1: Manufacturer: syz [ 173.236860][ T5955] usb 2-1: SerialNumber: syz [ 173.550647][ T6944] loop2: detected capacity change from 0 to 7 [ 173.575360][ T5832] Dev loop2: unable to read RDB block 7 [ 173.581151][ T5832] loop2: unable to read partition table [ 173.587801][ T5832] loop2: partition table beyond EOD, truncated [ 173.603021][ T24] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 173.687128][ T6944] Dev loop2: unable to read RDB block 7 [ 173.708061][ T6944] loop2: unable to read partition table [ 173.734254][ T6944] loop2: partition table beyond EOD, truncated [ 173.740484][ T6944] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 173.804134][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 173.937126][ T24] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 174.095717][ T5955] usb 2-1: USB disconnect, device number 18 [ 174.154187][ T24] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 174.299697][ T24] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 174.311878][ T982] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 174.342500][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.383642][ T24] usb 5-1: Product: syz [ 174.403358][ T24] usb 5-1: Manufacturer: syz [ 174.423341][ T24] usb 5-1: SerialNumber: syz [ 174.534041][ T982] usb 1-1: Using ep0 maxpacket: 8 [ 174.547775][ T982] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 174.563376][ T982] usb 1-1: config 0 interface 0 has no altsetting 0 [ 174.606521][ T982] usb 1-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76 [ 174.619706][ T982] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 174.654917][ T982] usb 1-1: Product: syz [ 174.668489][ T982] usb 1-1: Manufacturer: syz [ 174.684846][ T982] usb 1-1: SerialNumber: syz [ 174.702684][ T6964] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 174.711485][ T6964] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 174.752589][ T982] usb 1-1: config 0 descriptor?? [ 174.910967][ T6966] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 174.937325][ T6966] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 175.041916][ T982] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 found [ 175.241820][ T982] snd_usb_toneport 1-1:0.0: cannot get proper max packet size [ 175.261441][ T982] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 now disconnected [ 175.298921][ T982] snd_usb_toneport 1-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 175.807295][ T982] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 176.046532][ T982] usb 3-1: Using ep0 maxpacket: 16 [ 176.057596][ T982] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.077234][ T982] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 176.090584][ T982] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 176.107717][ T982] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.135649][ T982] usb 3-1: config 0 descriptor?? [ 176.179689][ T6980] netlink: 8 bytes leftover after parsing attributes in process `syz.1.312'. [ 176.427673][ T6985] Cannot find del_set index 0 as target [ 176.438033][ T6985] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 176.447093][ T6985] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 176.518944][ T24] usb 5-1: 0:2 : does not exist [ 176.551311][ T24] usb 5-1: 5:0: failed to get current value for ch 0 (-22) [ 176.625997][ T24] usb 5-1: USB disconnect, device number 19 [ 176.705965][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 176.714698][ T5882] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 176.914390][ T5882] usb 2-1: Using ep0 maxpacket: 16 [ 176.923032][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 176.936927][ T5882] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 176.948594][ T5882] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.961534][ T5882] usb 2-1: config 0 descriptor?? [ 177.124052][ T5941] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 177.276994][ T24] usb 1-1: USB disconnect, device number 14 [ 177.295405][ T5941] usb 4-1: Using ep0 maxpacket: 16 [ 177.312009][ T5941] usb 4-1: too many configurations: 15, using maximum allowed: 8 [ 177.333250][ T5941] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.366217][ T5941] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.409027][ T5941] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.494674][ T5941] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.520032][ T5941] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.553388][ T5941] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.585503][ T5941] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.599793][ T5882] usbhid 2-1:0.0: can't add hid device: -71 [ 177.619049][ T5882] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 177.627070][ T6999] kvm: user requested TSC rate below hardware speed [ 177.637426][ T5941] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.652875][ T6999] kvm: user requested TSC rate below hardware speed [ 177.671561][ T5941] usb 4-1: New USB device found, idVendor=05ac, idProduct=0244, bcdDevice= 0.00 [ 177.683053][ T5882] usb 2-1: USB disconnect, device number 19 [ 177.705777][ T5941] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 177.743472][ T5941] usb 4-1: config 0 descriptor?? [ 177.772415][ T5941] usbhid 4-1:0.0: couldn't find an input interrupt endpoint [ 177.980061][ T6992] input: syz0 as /devices/virtual/input/input13 [ 178.133719][ T7007] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.215124][ T7007] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 178.439977][ T982] usbhid 3-1:0.0: can't add hid device: -71 [ 178.484010][ T982] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 178.518335][ T982] usb 3-1: USB disconnect, device number 20 [ 178.573391][ T7016] netlink: 8 bytes leftover after parsing attributes in process `syz.0.325'. [ 178.599758][ T7017] netlink: 87 bytes leftover after parsing attributes in process `syz.2.326'. [ 178.621458][ T7016] openvswitch: netlink: push_nsh: missing base or metadata attributes [ 178.632005][ T7017] FAULT_INJECTION: forcing a failure. [ 178.632005][ T7017] name failslab, interval 1, probability 0, space 0, times 0 [ 178.653566][ T7016] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 178.681531][ T7017] CPU: 0 UID: 0 PID: 7017 Comm: syz.2.326 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 178.681560][ T7017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 178.681573][ T7017] Call Trace: [ 178.681581][ T7017] [ 178.681591][ T7017] dump_stack_lvl+0x189/0x250 [ 178.681627][ T7017] ? __pfx____ratelimit+0x10/0x10 [ 178.681652][ T7017] ? __pfx_dump_stack_lvl+0x10/0x10 [ 178.681682][ T7017] ? __pfx__printk+0x10/0x10 [ 178.681709][ T7017] ? __pfx___might_resched+0x10/0x10 [ 178.681736][ T7017] ? fs_reclaim_acquire+0x7d/0x100 [ 178.681769][ T7017] should_fail_ex+0x414/0x560 [ 178.681801][ T7017] should_failslab+0xa8/0x100 [ 178.681828][ T7017] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 178.681853][ T7017] ? __alloc_skb+0x112/0x2d0 [ 178.681882][ T7017] __alloc_skb+0x112/0x2d0 [ 178.681912][ T7017] netlink_ack+0x146/0xa50 [ 178.681933][ T7017] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 178.681961][ T7017] ? ref_tracker_free+0x63a/0x7d0 [ 178.681993][ T7017] ? __copy_skb_header+0xa7/0x550 [ 178.682030][ T7017] netlink_rcv_skb+0x2a0/0x490 [ 178.682055][ T7017] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 178.682079][ T7017] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 178.682122][ T7017] ? netlink_deliver_tap+0x2e/0x1b0 [ 178.682144][ T7017] ? netlink_deliver_tap+0x2e/0x1b0 [ 178.682174][ T7017] netlink_unicast+0x758/0x8d0 [ 178.682206][ T7017] netlink_sendmsg+0x805/0xb30 [ 178.682239][ T7017] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.682268][ T7017] ? aa_sock_msg_perm+0x94/0x160 [ 178.682297][ T7017] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 178.682316][ T7017] ? __pfx_netlink_sendmsg+0x10/0x10 [ 178.682341][ T7017] __sock_sendmsg+0x219/0x270 [ 178.682366][ T7017] __sys_sendto+0x3bd/0x520 [ 178.682393][ T7017] ? __pfx___sys_sendto+0x10/0x10 [ 178.682415][ T7017] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 178.682455][ T7017] ? __fget_files+0x3a0/0x420 [ 178.682491][ T7017] ? ksys_write+0x22a/0x250 [ 178.682529][ T7017] ? __pfx_ksys_write+0x10/0x10 [ 178.682548][ T7017] ? rcu_is_watching+0x15/0xb0 [ 178.682581][ T7017] __x64_sys_sendto+0xde/0x100 [ 178.682611][ T7017] do_syscall_64+0xfa/0x3b0 [ 178.682635][ T7017] ? lockdep_hardirqs_on+0x9c/0x150 [ 178.682659][ T7017] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.682679][ T7017] ? clear_bhb_loop+0x60/0xb0 [ 178.682704][ T7017] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 178.682724][ T7017] RIP: 0033:0x7f8bc718e969 [ 178.682743][ T7017] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 178.682761][ T7017] RSP: 002b:00007f8bc7f84038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 178.682783][ T7017] RAX: ffffffffffffffda RBX: 00007f8bc73b5fa0 RCX: 00007f8bc718e969 [ 178.682798][ T7017] RDX: 0000000000010a73 RSI: 0000200000000000 RDI: 0000000000000003 [ 178.682812][ T7017] RBP: 00007f8bc7f84090 R08: 0000000000000000 R09: 4b6ae4f95a5de35b [ 178.682825][ T7017] R10: 0000000000000800 R11: 0000000000000246 R12: 0000000000000001 [ 178.682837][ T7017] R13: 0000000000000000 R14: 00007f8bc73b5fa0 R15: 00007f8bc74dfa28 [ 178.682869][ T7017] [ 178.700537][ T7018] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 178.813928][ T5882] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 179.431066][ T5882] usb 2-1: New USB device found, idVendor=0f11, idProduct=1000, bcdDevice= 0.02 [ 179.465931][ T5882] usb 2-1: New USB device strings: Mfr=0, Product=232, SerialNumber=255 [ 179.476282][ T7027] loop2: detected capacity change from 0 to 7 [ 179.485294][ T7027] Dev loop2: unable to read RDB block 7 [ 179.491587][ T7027] loop2: AHDI p1 p2 [ 179.498750][ T7027] loop2: partition table partially beyond EOD, truncated [ 179.522017][ T5882] usb 2-1: Product: syz [ 179.537349][ T5882] usb 2-1: SerialNumber: syz [ 179.548221][ T7027] loop2: p1 size 4227858431 extends beyond EOD, truncated [ 179.584766][ T5882] usb 2-1: config 0 descriptor?? [ 179.765144][ T5844] udevd[5844]: inotify_add_watch(7, /dev/loop2p1, 10) failed: No such file or directory [ 179.827988][ T5882] ldusb 2-1:0.0: Interrupt in endpoint not found [ 180.089567][ T5882] usb 2-1: USB disconnect, device number 20 [ 180.192921][ T5956] usb 4-1: USB disconnect, device number 18 [ 180.518095][ T7037] usb usb8: usbfs: process 7037 (syz.3.331) did not claim interface 0 before use [ 181.405354][ T7055] netlink: 32 bytes leftover after parsing attributes in process `syz.3.338'. [ 181.439039][ T7055] netlink: 32 bytes leftover after parsing attributes in process `syz.3.338'. [ 181.608141][ T7062] netlink: 'syz.1.337': attribute type 2 has an invalid length. [ 181.662327][ T7066] FAULT_INJECTION: forcing a failure. [ 181.662327][ T7066] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 181.684116][ T7066] CPU: 0 UID: 0 PID: 7066 Comm: syz.4.341 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 181.684146][ T7066] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 181.684162][ T7066] Call Trace: [ 181.684170][ T7066] [ 181.684179][ T7066] dump_stack_lvl+0x189/0x250 [ 181.684223][ T7066] ? __pfx____ratelimit+0x10/0x10 [ 181.684248][ T7066] ? __pfx_dump_stack_lvl+0x10/0x10 [ 181.684284][ T7066] ? __pfx__printk+0x10/0x10 [ 181.684322][ T7066] ? __might_fault+0xb0/0x130 [ 181.684358][ T7066] should_fail_ex+0x414/0x560 [ 181.684390][ T7066] _copy_from_user+0x2d/0xb0 [ 181.684413][ T7066] ___sys_recvmsg+0x12e/0x510 [ 181.684447][ T7066] ? __pfx____sys_recvmsg+0x10/0x10 [ 181.684510][ T7066] ? __might_fault+0xb0/0x130 [ 181.684538][ T7066] do_recvmmsg+0x307/0x770 [ 181.684574][ T7066] ? __pfx_do_recvmmsg+0x10/0x10 [ 181.684616][ T7066] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 181.684661][ T7066] __x64_sys_recvmmsg+0x190/0x240 [ 181.684694][ T7066] ? __pfx___x64_sys_recvmmsg+0x10/0x10 [ 181.684719][ T7066] ? rcu_is_watching+0x15/0xb0 [ 181.684751][ T7066] ? do_syscall_64+0xbe/0x3b0 [ 181.684780][ T7066] do_syscall_64+0xfa/0x3b0 [ 181.684803][ T7066] ? lockdep_hardirqs_on+0x9c/0x150 [ 181.684827][ T7066] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.684847][ T7066] ? clear_bhb_loop+0x60/0xb0 [ 181.684871][ T7066] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 181.684891][ T7066] RIP: 0033:0x7f5657d8e969 [ 181.684915][ T7066] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 181.684933][ T7066] RSP: 002b:00007f5658c23038 EFLAGS: 00000246 ORIG_RAX: 000000000000012b [ 181.684955][ T7066] RAX: ffffffffffffffda RBX: 00007f5657fb5fa0 RCX: 00007f5657d8e969 [ 181.684970][ T7066] RDX: 0000000000000a0d RSI: 00002000000066c0 RDI: 0000000000000003 [ 181.684982][ T7066] RBP: 00007f5658c23090 R08: 0000000000000000 R09: 0000000000000000 [ 181.684995][ T7066] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 181.685006][ T7066] R13: 0000000000000000 R14: 00007f5657fb5fa0 R15: 00007f56580dfa28 [ 181.685038][ T7066] [ 181.906570][ C0] vkms_vblank_simulate: vblank timer overrun [ 181.946561][ T7062] : entered promiscuous mode [ 182.015246][ T30] audit: type=1326 audit(1748404446.654:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7067 comm="syz.3.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff54cb8e969 code=0x7ffc0000 [ 182.079222][ T30] audit: type=1326 audit(1748404446.684:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7067 comm="syz.3.342" exe="/root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7ff54cb8e969 code=0x7ffc0000 [ 183.715602][ T7091] syzkaller1: entered promiscuous mode [ 183.721326][ T7091] syzkaller1: entered allmulticast mode [ 184.224136][ T982] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 184.454314][ T982] usb 5-1: config 0 has no interfaces? [ 184.497934][ T982] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 184.517388][ T982] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.620695][ T982] usb 5-1: Product: syz [ 184.631628][ T982] usb 5-1: Manufacturer: syz [ 184.638968][ T7106] openvswitch: netlink: Duplicate or invalid key (type 0). [ 184.817733][ T982] usb 5-1: SerialNumber: syz [ 184.823023][ T7106] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 184.847230][ T982] usb 5-1: config 0 descriptor?? [ 185.172501][ T7111] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 185.200467][ T7111] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 185.530405][ T7118] netlink: 84 bytes leftover after parsing attributes in process `syz.3.355'. [ 186.303572][ T7134] xt_l2tp: invalid flags combination: 4 [ 186.631583][ T30] audit: type=1326 audit(1748404451.274:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.3.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff54cb8e969 code=0x7ffc0000 [ 186.736842][ T30] audit: type=1326 audit(1748404451.274:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.3.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff54cb8e969 code=0x7ffc0000 [ 186.957164][ T7152] netlink: 'syz.0.363': attribute type 1 has an invalid length. [ 186.978692][ T30] audit: type=1326 audit(1748404451.334:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7138 comm="syz.3.359" exe="/root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7ff54cb8e969 code=0x7ffc0000 [ 187.047906][ T7152] 8021q: adding VLAN 0 to HW filter on device bond1 [ 187.079574][ T5882] usb 5-1: USB disconnect, device number 20 [ 187.224539][ T7152] netlink: 'syz.0.363': attribute type 15 has an invalid length. [ 187.504882][ T7152] syz_tun: entered allmulticast mode [ 187.588687][ T7152] bond1: (slave syz_tun): making interface the new active one [ 187.643500][ T7152] bond1: (slave syz_tun): Enslaving as an active interface with an up link [ 188.296771][ T7179] netlink: 'syz.2.370': attribute type 1 has an invalid length. [ 188.474464][ T7183] bond1: entered promiscuous mode [ 188.499581][ T7183] bond1: entered allmulticast mode [ 188.508477][ T7183] 8021q: adding VLAN 0 to HW filter on device bond1 [ 188.680687][ T7179] netlink: 'syz.2.370': attribute type 2 has an invalid length. [ 188.714347][ T7187] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 188.733076][ T7187] batadv1: entered promiscuous mode [ 188.746054][ T7191] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 188.805435][ T49] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 188.830718][ T7187] batadv1: entered allmulticast mode [ 188.843263][ T7187] bond1: (slave batadv1): Enslaving as an active interface with an up link [ 188.858957][ T7186] netlink: 'syz.3.371': attribute type 12 has an invalid length. [ 188.924538][ T7179] : entered promiscuous mode [ 188.945209][ T5979] bond1: Warning: No 802.3ad response from the link partner for any adapters in the bond [ 189.290451][ T30] audit: type=1326 audit(1748404453.854:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.2.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bc718e969 code=0x7ffc0000 [ 189.312796][ C1] vkms_vblank_simulate: vblank timer overrun [ 189.403571][ T30] audit: type=1326 audit(1748404453.864:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.2.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bc718e969 code=0x7ffc0000 [ 189.563933][ T30] audit: type=1326 audit(1748404453.864:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7204 comm="syz.2.378" exe="/root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7f8bc718e969 code=0x7ffc0000 [ 189.740449][ T5941] usb 4-1: new full-speed USB device number 19 using dummy_hcd [ 190.102492][ T5941] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 4 [ 190.156536][ T5941] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 190.203868][ T5941] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 190.216245][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 190.243191][ T5941] usb 4-1: Product: syz [ 190.249613][ T7222] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 190.276326][ T5941] usb 4-1: Manufacturer: syz [ 190.291724][ T5941] usb 4-1: SerialNumber: syz [ 190.624472][ T5941] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 190.757504][ T5941] usb 4-1: USB disconnect, device number 19 [ 190.887043][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 191.754028][ T5955] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 192.022899][ T5955] usb 5-1: Using ep0 maxpacket: 8 [ 192.088711][ T5955] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 192.286921][ T5955] usb 5-1: config 0 interface 0 has no altsetting 0 [ 192.379520][ T5955] usb 5-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76 [ 192.423901][ T5955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 192.474046][ T5955] usb 5-1: Product: syz [ 192.497911][ T5955] usb 5-1: Manufacturer: syz [ 192.502580][ T5955] usb 5-1: SerialNumber: syz [ 192.602649][ T5955] usb 5-1: config 0 descriptor?? [ 192.736350][ T5955] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 found [ 192.889212][ T5955] snd_usb_toneport 5-1:0.0: cannot get proper max packet size [ 192.958025][ T5955] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 now disconnected [ 193.002411][ T5955] snd_usb_toneport 5-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 194.033973][ T24] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 194.194023][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 194.202757][ T24] usb 1-1: config 0 has an invalid interface number: 136 but max is 0 [ 194.244461][ T24] usb 1-1: config 0 has no interface number 0 [ 194.250914][ T24] usb 1-1: config 0 interface 136 altsetting 0 has an endpoint descriptor with address 0xAD, changing to 0x8D [ 194.295750][ T24] usb 1-1: config 0 interface 136 altsetting 0 endpoint 0x8D has invalid wMaxPacketSize 0 [ 194.373103][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.381412][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.425688][ T24] usb 1-1: config 0 interface 136 altsetting 0 bulk endpoint 0x8D has invalid maxpacket 0 [ 194.438828][ T24] usb 1-1: config 0 interface 136 altsetting 0 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 194.623481][ T24] usb 1-1: config 0 interface 136 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 194.879739][ T24] usb 1-1: New USB device found, idVendor=0763, idProduct=1021, bcdDevice=8e.c0 [ 194.956297][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 194.990031][ T24] usb 1-1: config 0 descriptor?? [ 195.060617][ T24] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 195.404791][ T5826] udevd[5826]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.136/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 196.041079][ T982] usb 1-1: USB disconnect, device number 15 [ 196.234582][ T5882] usb 5-1: USB disconnect, device number 21 [ 196.378286][ T7297] JFS: charset not found [ 196.631554][ T7307] netlink: 8 bytes leftover after parsing attributes in process `syz.4.406'. [ 197.910755][ T7322] netlink: 64 bytes leftover after parsing attributes in process `syz.0.411'. [ 197.925833][ T7322] netlink: 64 bytes leftover after parsing attributes in process `syz.0.411'. [ 198.997841][ T7316] vhci_hcd vhci_hcd.0: pdev(1) rhport(0) sockfd(6) [ 199.004417][ T7316] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 199.011299][ T7324] netlink: 540 bytes leftover after parsing attributes in process `syz.4.412'. [ 199.039779][ T7324] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967291 (274877906624 ns) > initial count (30400 ns). Using initial count to start timer. [ 199.043071][ T7316] vhci_hcd vhci_hcd.0: Device attached [ 199.096290][ T7327] vhci_hcd: connection closed [ 199.112920][ T152] vhci_hcd: stop threads [ 199.128650][ T152] vhci_hcd: release socket [ 199.143461][ T152] vhci_hcd: disconnect device [ 199.410169][ T7334] FAULT_INJECTION: forcing a failure. [ 199.410169][ T7334] name failslab, interval 1, probability 0, space 0, times 0 [ 199.423371][ T7334] CPU: 0 UID: 0 PID: 7334 Comm: syz.4.414 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 199.423392][ T7334] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 199.423401][ T7334] Call Trace: [ 199.423407][ T7334] [ 199.423413][ T7334] dump_stack_lvl+0x189/0x250 [ 199.423440][ T7334] ? __pfx____ratelimit+0x10/0x10 [ 199.423458][ T7334] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.423480][ T7334] ? __pfx__printk+0x10/0x10 [ 199.423498][ T7334] ? __pfx___might_resched+0x10/0x10 [ 199.423530][ T7334] ? fs_reclaim_acquire+0x7d/0x100 [ 199.423553][ T7334] should_fail_ex+0x414/0x560 [ 199.423575][ T7334] should_failslab+0xa8/0x100 [ 199.423593][ T7334] kmem_cache_alloc_noprof+0x73/0x3c0 [ 199.423609][ T7334] ? vm_area_alloc+0x24/0x140 [ 199.423643][ T7334] vm_area_alloc+0x24/0x140 [ 199.423660][ T7334] alloc_bprm+0x49a/0xbc0 [ 199.423680][ T7334] do_execveat_common+0x1b3/0x6a0 [ 199.423702][ T7334] __x64_sys_execveat+0xc4/0xe0 [ 199.423719][ T7334] do_syscall_64+0xfa/0x3b0 [ 199.423735][ T7334] ? lockdep_hardirqs_on+0x9c/0x150 [ 199.423750][ T7334] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.423763][ T7334] ? clear_bhb_loop+0x60/0xb0 [ 199.423779][ T7334] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.423792][ T7334] RIP: 0033:0x7f5657d8e969 [ 199.423804][ T7334] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.423815][ T7334] RSP: 002b:00007f5658c23038 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 199.423835][ T7334] RAX: ffffffffffffffda RBX: 00007f5657fb5fa0 RCX: 00007f5657d8e969 [ 199.423852][ T7334] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 199.423864][ T7334] RBP: 00007f5658c23090 R08: 0000000000000000 R09: 0000000000000000 [ 199.423875][ T7334] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 199.423886][ T7334] R13: 0000000000000000 R14: 00007f5657fb5fa0 R15: 00007f56580dfa28 [ 199.423915][ T7334] [ 200.104571][ T7349] openvswitch: netlink: IP tunnel attribute has 8 unknown bytes. [ 200.253957][ T982] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 200.307234][ T5882] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 200.469633][ T5882] usb 4-1: device descriptor read/64, error -71 [ 200.483980][ T982] usb 2-1: Using ep0 maxpacket: 16 [ 200.794350][ T5882] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 200.950639][ T5882] usb 4-1: device descriptor read/64, error -71 [ 201.024230][ T10] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 201.094136][ T5882] usb usb4-port1: attempt power cycle [ 201.356412][ T5955] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 201.503920][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 201.557499][ T10] usb 5-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 201.569315][ T10] usb 5-1: config 0 interface 0 has no altsetting 0 [ 201.579821][ T10] usb 5-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76 [ 201.611643][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.624023][ T5882] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 201.642808][ T10] usb 5-1: Product: syz [ 201.655872][ T5882] usb 4-1: device descriptor read/8, error -71 [ 201.665910][ T10] usb 5-1: Manufacturer: syz [ 201.683538][ T10] usb 5-1: SerialNumber: syz [ 201.766768][ T10] usb 5-1: config 0 descriptor?? [ 201.814045][ T5955] usb 1-1: Using ep0 maxpacket: 8 [ 201.828182][ T10] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 found [ 201.867226][ T5955] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 201.913976][ T5882] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 201.935222][ T5882] usb 4-1: device descriptor read/8, error -71 [ 202.008633][ T5955] usb 1-1: config 0 interface 0 has no altsetting 0 [ 202.011538][ T10] snd_usb_toneport 5-1:0.0: cannot get proper max packet size [ 202.041528][ T10] snd_usb_toneport 5-1:0.0: Line 6 TonePort UX2 now disconnected [ 202.058178][ T10] snd_usb_toneport 5-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 202.068330][ T5882] usb usb4-port1: unable to enumerate USB device [ 202.170839][ T5955] usb 1-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76 [ 202.214649][ T5955] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.420063][ T5955] usb 1-1: Product: syz [ 202.447649][ T5955] usb 1-1: Manufacturer: syz [ 202.452466][ T5955] usb 1-1: SerialNumber: syz [ 202.468408][ T5955] usb 1-1: config 0 descriptor?? [ 202.721922][ T5955] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 found [ 202.992822][ T5955] snd_usb_toneport 1-1:0.0: cannot get proper max packet size [ 203.091258][ T5955] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 now disconnected [ 203.128552][ T5955] snd_usb_toneport 1-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 204.390501][ T982] usb 2-1: unable to get BOS descriptor or descriptor too short [ 204.441302][ T982] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 204.476781][ T982] usb 2-1: can't read configurations, error -71 [ 204.640592][ T5955] usb 5-1: USB disconnect, device number 22 [ 205.614118][ T982] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 205.804103][ T982] usb 2-1: Using ep0 maxpacket: 8 [ 205.893475][ T982] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 205.909463][ T5955] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 206.060793][ T982] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 206.084240][ T982] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 206.109770][ T982] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 206.161422][ T982] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 206.194594][ T982] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.243493][ T5955] usb 5-1: Using ep0 maxpacket: 16 [ 206.260897][ T5955] usb 5-1: config 3 has an invalid interface number: 70 but max is 0 [ 206.270852][ T5955] usb 5-1: config 3 has no interface number 0 [ 206.279722][ T5955] usb 5-1: New USB device found, idVendor=1964, idProduct=0001, bcdDevice=17.33 [ 206.289133][ T5955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 206.305245][ T5955] usb 5-1: Product: syz [ 206.310449][ T5955] usb 5-1: Manufacturer: syz [ 206.319573][ T5955] usb 5-1: SerialNumber: syz [ 206.529101][ T7400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 206.538454][ T7400] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 206.553290][ T5955] RobotFuzz Open Source InterFace, OSIF 5-1:3.70: failure sending bit rate [ 206.565646][ T5955] RobotFuzz Open Source InterFace, OSIF 5-1:3.70: probe with driver RobotFuzz Open Source InterFace, OSIF failed with error -71 [ 206.586844][ T5955] usb 5-1: USB disconnect, device number 23 [ 206.671193][ T982] usb 2-1: GET_CAPABILITIES returned 0 [ 206.708486][ T982] usbtmc 2-1:16.0: can't read capabilities [ 206.886476][ T7400] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 206.923010][ T10] usb 1-1: USB disconnect, device number 16 [ 206.931226][ T7400] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.000999][ T5882] usb 2-1: USB disconnect, device number 22 [ 207.523927][ T10] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 207.632923][ T7437] netlink: 16 bytes leftover after parsing attributes in process `syz.0.443'. [ 207.656531][ T7437] netlink: 20 bytes leftover after parsing attributes in process `syz.0.443'. [ 207.724167][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 207.735559][ T30] audit: type=1326 audit(1748404472.384:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 207.737636][ T10] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 207.757809][ C1] vkms_vblank_simulate: vblank timer overrun [ 207.762512][ T30] audit: type=1326 audit(1748404472.384:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=318 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 207.790697][ T10] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 207.795696][ C1] vkms_vblank_simulate: vblank timer overrun [ 207.813037][ T10] usb 5-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 207.822909][ T10] usb 5-1: Duplicate descriptor for config 1 interface 0 altsetting 0, skipping [ 207.846059][ T30] audit: type=1326 audit(1748404472.384:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 207.877066][ T10] usb 5-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 207.891538][ T10] usb 5-1: config 1 interface 2 has no altsetting 0 [ 207.902896][ T7444] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 207.918261][ T10] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 207.922917][ T30] audit: type=1326 audit(1748404472.384:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 207.931979][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 207.958937][ T7444] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 207.976186][ T10] usb 5-1: Product: syz [ 207.980478][ T10] usb 5-1: Manufacturer: syz [ 207.986629][ T10] usb 5-1: SerialNumber: syz [ 207.993415][ T30] audit: type=1326 audit(1748404472.424:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 208.037751][ T30] audit: type=1326 audit(1748404472.424:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=55 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 208.060892][ T30] audit: type=1326 audit(1748404472.424:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 208.096348][ T30] audit: type=1326 audit(1748404472.424:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 208.119627][ T30] audit: type=1326 audit(1748404472.424:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 208.142267][ T30] audit: type=1326 audit(1748404472.424:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.446" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 208.164625][ T5882] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 208.242717][ T7427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 208.253717][ T7427] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 208.326097][ T5882] usb 4-1: config 36 interface 0 altsetting 0 endpoint 0x6 has an invalid bInterval 192, changing to 11 [ 208.339775][ T5882] usb 4-1: New USB device found, idVendor=6993, idProduct=b001, bcdDevice=3d.29 [ 208.381263][ T5882] usb 4-1: New USB device strings: Mfr=244, Product=0, SerialNumber=16 [ 208.397556][ T5882] usb 4-1: Manufacturer: syz [ 208.408628][ T5882] usb 4-1: SerialNumber: syz [ 208.497008][ T10] usb 5-1: 2:1 : format type 0 is detected, processed as PCM [ 208.510137][ T10] usb 5-1: 2:1 : invalid channels 0 [ 208.523534][ T10] usb 5-1: selecting invalid altsetting 0 [ 208.629502][ T7453] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 208.655093][ T5882] usbhid 4-1:36.0: couldn't find an input interrupt endpoint [ 208.679951][ T10] usb 5-1: USB disconnect, device number 24 [ 208.694313][ T5882] usb 4-1: USB disconnect, device number 24 [ 208.715489][ T7459] netlink: 8 bytes leftover after parsing attributes in process `syz.0.452'. [ 208.778357][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 209.096582][ T7466] x_tables: duplicate underflow at hook 1 [ 209.154409][ T5955] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 209.327792][ T5955] usb 3-1: config 0 has no interfaces? [ 209.347735][ T5955] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 209.359707][ T5955] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.374751][ T5955] usb 3-1: Product: syz [ 209.379217][ T5955] usb 3-1: Manufacturer: syz [ 209.384137][ T5955] usb 3-1: SerialNumber: syz [ 209.391561][ T5955] usb 3-1: config 0 descriptor?? [ 209.475494][ T7473] ip6tnl1: entered promiscuous mode [ 209.480849][ T7473] ip6tnl1: entered allmulticast mode [ 209.755289][ T7481] FAULT_INJECTION: forcing a failure. [ 209.755289][ T7481] name failslab, interval 1, probability 0, space 0, times 0 [ 209.794483][ T7481] CPU: 0 UID: 0 PID: 7481 Comm: syz.3.460 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 209.794514][ T7481] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 209.794527][ T7481] Call Trace: [ 209.794536][ T7481] [ 209.794545][ T7481] dump_stack_lvl+0x189/0x250 [ 209.794592][ T7481] ? __pfx____ratelimit+0x10/0x10 [ 209.794617][ T7481] ? __pfx_dump_stack_lvl+0x10/0x10 [ 209.794646][ T7481] ? __pfx__printk+0x10/0x10 [ 209.794668][ T7481] ? __pfx___might_resched+0x10/0x10 [ 209.794696][ T7481] ? fs_reclaim_acquire+0x7d/0x100 [ 209.794728][ T7481] should_fail_ex+0x414/0x560 [ 209.794768][ T7481] should_failslab+0xa8/0x100 [ 209.794794][ T7481] __kmalloc_noprof+0xcb/0x4f0 [ 209.794816][ T7481] ? tomoyo_encode+0x28b/0x550 [ 209.794849][ T7481] tomoyo_encode+0x28b/0x550 [ 209.794881][ T7481] tomoyo_realpath_from_path+0x58d/0x5d0 [ 209.794912][ T7481] ? tomoyo_domain+0xda/0x130 [ 209.794947][ T7481] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 209.794971][ T7481] tomoyo_path_number_perm+0x1e8/0x5a0 [ 209.794998][ T7481] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 209.795040][ T7481] ? __lock_acquire+0xab9/0xd20 [ 209.795085][ T7481] ? __fget_files+0x2a/0x420 [ 209.795113][ T7481] ? __fget_files+0x2a/0x420 [ 209.795134][ T7481] ? __fget_files+0x3a0/0x420 [ 209.795157][ T7481] ? __fget_files+0x2a/0x420 [ 209.795185][ T7481] security_file_ioctl+0xcb/0x2d0 [ 209.795210][ T7481] __se_sys_ioctl+0x47/0x170 [ 209.795232][ T7481] do_syscall_64+0xfa/0x3b0 [ 209.795256][ T7481] ? lockdep_hardirqs_on+0x9c/0x150 [ 209.795279][ T7481] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.795298][ T7481] ? clear_bhb_loop+0x60/0xb0 [ 209.795326][ T7481] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 209.795344][ T7481] RIP: 0033:0x7ff54cb8e969 [ 209.795363][ T7481] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 209.795377][ T7481] RSP: 002b:00007ff54daaf038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 209.795393][ T7481] RAX: ffffffffffffffda RBX: 00007ff54cdb5fa0 RCX: 00007ff54cb8e969 [ 209.795403][ T7481] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000005 [ 209.795411][ T7481] RBP: 00007ff54daaf090 R08: 0000000000000000 R09: 0000000000000000 [ 209.795424][ T7481] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 209.795433][ T7481] R13: 0000000000000000 R14: 00007ff54cdb5fa0 R15: 00007ff54cedfa28 [ 209.795454][ T7481] [ 209.795495][ T7481] ERROR: Out of memory at tomoyo_realpath_from_path. [ 211.246725][ T7502] netlink: 8 bytes leftover after parsing attributes in process `syz.3.464'. [ 211.306681][ T7502] bond0: option use_carrier: invalid value (47) [ 211.559700][ T10] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 211.733894][ T10] usb 2-1: Using ep0 maxpacket: 8 [ 211.773940][ T5833] Bluetooth: hci1: command 0x0406 tx timeout [ 211.785016][ T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 15 [ 211.795351][ T10] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 211.853974][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 211.873865][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 211.887635][ T10] usb 2-1: New USB device found, idVendor=077d, idProduct=04aa, bcdDevice=5b.d8 [ 211.896955][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.905100][ T10] usb 2-1: Product: syz [ 211.909320][ T10] usb 2-1: Manufacturer: syz [ 211.917119][ T10] usb 2-1: SerialNumber: syz [ 211.927654][ T10] usb 2-1: config 0 descriptor?? [ 211.934660][ T7503] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 212.194272][ T10] powermate: Expected payload of 3--6 bytes, found 1024 bytes! [ 212.227091][ T10] input: Griffin SoundKnob as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input14 [ 212.381647][ C0] powermate: config urb returned -71 [ 212.388808][ C0] powermate: config urb returned -71 [ 212.394267][ C0] powermate: config urb returned -71 [ 212.400050][ C0] powermate: config urb returned -71 [ 212.408971][ C0] powermate 2-1:0.0: powermate_irq - usb_submit_urb failed with result: -19 [ 212.417817][ T10] usb 2-1: USB disconnect, device number 23 [ 212.769536][ T5882] usb 3-1: USB disconnect, device number 21 [ 212.795068][ T7523] capability: warning: `syz.3.472' uses 32-bit capabilities (legacy support in use) [ 213.818849][ T5882] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 214.004358][ T5882] usb 2-1: Using ep0 maxpacket: 8 [ 214.013273][ T5882] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 214.070336][ T5882] usb 2-1: config 0 interface 0 has no altsetting 0 [ 214.123044][ T5882] usb 2-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76 [ 214.144193][ T5882] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.241666][ T5882] usb 2-1: Product: syz [ 214.267231][ T5882] usb 2-1: Manufacturer: syz [ 214.332996][ T5882] usb 2-1: SerialNumber: syz [ 214.401337][ T5882] usb 2-1: config 0 descriptor?? [ 214.435512][ T5882] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 found [ 214.594096][ T5941] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 214.620760][ T5882] snd_usb_toneport 2-1:0.0: cannot get proper max packet size [ 214.779785][ T5882] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 now disconnected [ 214.826318][ T5955] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 214.832977][ T5941] usb 4-1: Using ep0 maxpacket: 8 [ 214.840191][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 214.840207][ T30] audit: type=1326 audit(1748404479.464:319): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.2.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bc718e969 code=0x7ffc0000 [ 214.931225][ T30] audit: type=1326 audit(1748404479.464:320): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.2.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8bc718e969 code=0x7ffc0000 [ 214.955001][ T5882] snd_usb_toneport 2-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 214.974214][ T24] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 214.992007][ T5941] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 215.010045][ T5955] usb 5-1: config 0 has no interfaces? [ 215.022800][ T5955] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 215.040926][ T5955] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.054395][ T30] audit: type=1326 audit(1748404479.564:321): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7562 comm="syz.2.486" exe="/root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7f8bc718e969 code=0x7ffc0000 [ 215.090131][ T5941] usb 4-1: config 0 interface 0 has no altsetting 0 [ 215.094651][ T5955] usb 5-1: Product: syz [ 215.119694][ T5955] usb 5-1: Manufacturer: syz [ 215.270721][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 215.296409][ T5955] usb 5-1: SerialNumber: syz [ 215.301271][ T5941] usb 4-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76 [ 215.354337][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.358146][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 215.381687][ T5941] usb 4-1: Product: syz [ 215.396879][ T5941] usb 4-1: Manufacturer: syz [ 215.411774][ T5941] usb 4-1: SerialNumber: syz [ 215.419511][ T5955] usb 5-1: config 0 descriptor?? [ 215.884483][ T5941] usb 4-1: config 0 descriptor?? [ 215.921498][ T5941] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 found [ 216.098007][ T24] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 216.109159][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 216.117237][ T24] usb 1-1: Product: syz [ 216.122102][ T24] usb 1-1: Manufacturer: syz [ 216.129986][ T24] usb 1-1: SerialNumber: syz [ 216.152159][ T24] usb 1-1: config 0 descriptor?? [ 216.170131][ T24] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 216.184124][ T24] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 216.525638][ T5941] snd_usb_toneport 4-1:0.0: cannot get proper max packet size [ 216.580582][ T5941] snd_usb_toneport 4-1:0.0: Line 6 TonePort UX2 now disconnected [ 216.616706][ T5941] snd_usb_toneport 4-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 216.892003][ T5831] Bluetooth: hci2: command 0x0406 tx timeout [ 216.893015][ T5829] Bluetooth: hci3: command 0x0406 tx timeout [ 216.899343][ T5831] Bluetooth: hci4: command 0x0406 tx timeout [ 216.971672][ T24] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 217.175463][ T7579] futex_wake_op: syz.2.489 tries to shift op by 32; fix this program [ 217.565001][ T7581] netlink: 24 bytes leftover after parsing attributes in process `syz.2.489'. [ 218.033993][ T24] em28xx 1-1:0.0: write to i2c device at 0xa0 failed with unknown error (status=1) [ 218.045864][ T24] em28xx 1-1:0.0: failed to read eeprom (err=-5) [ 218.079093][ T24] em28xx 1-1:0.0: em28xx_i2c_register: em28xx_i2_eeprom failed! retval [-5] [ 218.120179][ T5882] usb 5-1: USB disconnect, device number 25 [ 218.275323][ T24] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 218.291446][ T7587] FAULT_INJECTION: forcing a failure. [ 218.291446][ T7587] name failslab, interval 1, probability 0, space 0, times 0 [ 218.317821][ T24] em28xx 1-1:0.0: dvb set to bulk mode. [ 218.328435][ T7587] CPU: 0 UID: 0 PID: 7587 Comm: syz.2.491 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 218.328458][ T7587] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 218.328466][ T7587] Call Trace: [ 218.328471][ T7587] [ 218.328477][ T7587] dump_stack_lvl+0x189/0x250 [ 218.328500][ T7587] ? __pfx____ratelimit+0x10/0x10 [ 218.328516][ T7587] ? __pfx_dump_stack_lvl+0x10/0x10 [ 218.328533][ T7587] ? __pfx__printk+0x10/0x10 [ 218.328550][ T7587] ? ref_tracker_alloc+0x318/0x460 [ 218.328570][ T7587] should_fail_ex+0x414/0x560 [ 218.328589][ T7587] should_failslab+0xa8/0x100 [ 218.328605][ T7587] kmem_cache_alloc_noprof+0x73/0x3c0 [ 218.328620][ T7587] ? skb_clone+0x212/0x3a0 [ 218.328640][ T7587] skb_clone+0x212/0x3a0 [ 218.328659][ T7587] __netlink_deliver_tap+0x404/0x850 [ 218.328699][ T7587] ? netlink_deliver_tap+0x2e/0x1b0 [ 218.328715][ T7587] netlink_deliver_tap+0x19c/0x1b0 [ 218.328731][ T7587] netlink_unicast+0x72f/0x8d0 [ 218.328752][ T7587] netlink_sendmsg+0x805/0xb30 [ 218.328773][ T7587] ? __pfx_netlink_sendmsg+0x10/0x10 [ 218.328791][ T7587] ? aa_sock_msg_perm+0x94/0x160 [ 218.328809][ T7587] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 218.328822][ T7587] ? __pfx_netlink_sendmsg+0x10/0x10 [ 218.328839][ T7587] __sock_sendmsg+0x219/0x270 [ 218.328854][ T7587] ____sys_sendmsg+0x505/0x830 [ 218.328875][ T7587] ? __pfx_____sys_sendmsg+0x10/0x10 [ 218.328899][ T7587] ? import_iovec+0x74/0xa0 [ 218.328916][ T7587] ___sys_sendmsg+0x21f/0x2a0 [ 218.328937][ T7587] ? __pfx____sys_sendmsg+0x10/0x10 [ 218.328998][ T7587] ? __fget_files+0x2a/0x420 [ 218.329028][ T7587] ? __fget_files+0x3a0/0x420 [ 218.329064][ T7587] __x64_sys_sendmsg+0x19b/0x260 [ 218.329092][ T7587] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 218.329128][ T7587] ? __pfx_ksys_write+0x10/0x10 [ 218.329145][ T7587] ? rcu_is_watching+0x15/0xb0 [ 218.329176][ T7587] ? do_syscall_64+0xbe/0x3b0 [ 218.329203][ T7587] do_syscall_64+0xfa/0x3b0 [ 218.329225][ T7587] ? lockdep_hardirqs_on+0x9c/0x150 [ 218.329246][ T7587] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.329265][ T7587] ? clear_bhb_loop+0x60/0xb0 [ 218.329288][ T7587] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.329306][ T7587] RIP: 0033:0x7f8bc718e969 [ 218.329322][ T7587] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.329339][ T7587] RSP: 002b:00007f8bc7f84038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 218.329358][ T7587] RAX: ffffffffffffffda RBX: 00007f8bc73b5fa0 RCX: 00007f8bc718e969 [ 218.329372][ T7587] RDX: 0000000000000098 RSI: 0000200000000000 RDI: 0000000000000003 [ 218.329384][ T7587] RBP: 00007f8bc7f84090 R08: 0000000000000000 R09: 0000000000000000 [ 218.329395][ T7587] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.329406][ T7587] R13: 0000000000000000 R14: 00007f8bc73b5fa0 R15: 00007f8bc74dfa28 [ 218.329436][ T7587] [ 218.331310][ T5955] em28xx 1-1:0.0: Binding DVB extension [ 218.676455][ T24] usb 1-1: USB disconnect, device number 17 [ 218.685422][ T24] em28xx 1-1:0.0: Disconnecting em28xx [ 218.737536][ T5955] em28xx 1-1:0.0: Registering input extension [ 218.745290][ T24] em28xx 1-1:0.0: Closing input extension [ 218.828398][ T24] em28xx 1-1:0.0: Freeing device [ 219.068574][ T7590] vivid-000: disconnect [ 219.274444][ T24] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 219.302318][ T7588] vivid-000: reconnect [ 219.445644][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 219.458641][ T24] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 219.524009][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 219.555785][ T5955] usb 4-1: USB disconnect, device number 25 [ 219.607675][ T24] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 219.644016][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 219.673271][ T24] usb 1-1: Product: syz [ 219.683376][ T24] usb 1-1: Manufacturer: syz [ 219.693490][ T24] usb 1-1: SerialNumber: syz [ 219.734672][ T24] usb 1-1: config 0 descriptor?? [ 219.768302][ T24] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 219.799342][ T24] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 219.976088][ T5882] usb 2-1: USB disconnect, device number 24 [ 220.054417][ T5941] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 220.263893][ T5941] usb 4-1: Using ep0 maxpacket: 16 [ 220.289662][ T5941] usb 4-1: New USB device found, idVendor=05ac, idProduct=0263, bcdDevice=6f.9e [ 220.299196][ T5941] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.313936][ T5941] usb 4-1: Product: syz [ 220.318147][ T5941] usb 4-1: Manufacturer: syz [ 220.333312][ T5941] usb 4-1: SerialNumber: syz [ 220.345171][ T5941] usb 4-1: config 0 descriptor?? [ 220.379254][ T24] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 220.385675][ T5941] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/input/input16 [ 220.463369][ T7621] fuse: Unknown parameter '0x0000000000000005' [ 220.871523][ T7620] kvm: pic: non byte read [ 220.878441][ T7620] kvm: pic: level sensitive irq not supported [ 220.878539][ T7620] kvm: pic: non byte read [ 220.911209][ T5183] bcm5974 4-1:0.0: could not read from device [ 220.918674][ T7620] kvm: pic: level sensitive irq not supported [ 220.918882][ T7620] kvm: pic: non byte read [ 220.930716][ T7620] kvm: pic: level sensitive irq not supported [ 220.930789][ T7620] kvm: pic: non byte read [ 221.297544][ T5183] bcm5974 4-1:0.0: could not read from device [ 221.367498][ T5941] usb 4-1: USB disconnect, device number 26 [ 221.425511][ T7631] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 221.444196][ T24] em28xx 1-1:0.0: Config register raw data: 0xfffffffb [ 221.474481][ T24] em28xx 1-1:0.0: AC97 chip type couldn't be determined [ 221.525625][ T24] em28xx 1-1:0.0: No AC97 audio processor [ 222.312508][ T24] usb 1-1: USB disconnect, device number 18 [ 222.320588][ T24] em28xx 1-1:0.0: Disconnecting em28xx [ 222.411122][ T24] em28xx 1-1:0.0: Freeing device [ 223.182078][ T7652] netlink: 20 bytes leftover after parsing attributes in process `syz.0.511'. [ 223.584515][ T7667] netlink: 'syz.2.517': attribute type 21 has an invalid length. [ 223.592731][ T7667] netlink: 'syz.2.517': attribute type 20 has an invalid length. [ 223.943619][ T7676] netlink: 36 bytes leftover after parsing attributes in process `syz.3.519'. [ 224.181692][ T7679] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967291 (274877906624 ns) > initial count (30400 ns). Using initial count to start timer. [ 224.652454][ T7687] netlink: 'syz.4.522': attribute type 4 has an invalid length. [ 225.204390][ T24] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 225.384033][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 225.410169][ T24] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 225.438836][ T24] usb 4-1: config 0 has no interface number 0 [ 225.456859][ T24] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 225.467073][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 225.479374][ T24] usb 4-1: Product: syz [ 225.496362][ T24] usb 4-1: Manufacturer: syz [ 225.643335][ T24] usb 4-1: SerialNumber: syz [ 225.655900][ T24] usb 4-1: config 0 descriptor?? [ 225.662956][ T24] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 226.961640][ T7715] batman_adv: batadv0: Adding interface: dummy0 [ 226.969121][ T24] usb 4-1: qt2_attach - failed to power on unit: -71 [ 226.976054][ T24] quatech2 4-1:0.51: probe with driver quatech2 failed with error -71 [ 226.993999][ T7715] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 227.027304][ T24] usb 4-1: USB disconnect, device number 27 [ 227.154931][ T7715] batman_adv: batadv0: Interface activated: dummy0 [ 227.228633][ T5882] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 227.464382][ T5882] usb 1-1: Using ep0 maxpacket: 8 [ 227.493330][ T5882] usb 1-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 227.534152][ T5882] usb 1-1: config 0 interface 0 has no altsetting 0 [ 227.586281][ T5882] usb 1-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76 [ 227.614329][ T5882] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.622507][ T5882] usb 1-1: Product: syz [ 227.639451][ T30] audit: type=1326 audit(1748404492.284:322): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7716 comm="syz.1.531" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f9b78e969 code=0x0 [ 227.681429][ T5882] usb 1-1: Manufacturer: syz [ 227.715302][ T5882] usb 1-1: SerialNumber: syz [ 227.859350][ T5882] usb 1-1: config 0 descriptor?? [ 227.879716][ T5882] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 found [ 228.033988][ T24] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 228.083178][ T5882] snd_usb_toneport 1-1:0.0: cannot get proper max packet size [ 228.100919][ T5882] snd_usb_toneport 1-1:0.0: Line 6 TonePort UX2 now disconnected [ 228.119062][ T5882] snd_usb_toneport 1-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 228.198857][ T24] usb 3-1: config 169 has too many interfaces: 96, using maximum allowed: 32 [ 228.282707][ T24] usb 3-1: config 169 has 1 interface, different from the descriptor's value: 96 [ 228.301595][ T7741] netlink: 8 bytes leftover after parsing attributes in process `syz.3.538'. [ 228.326986][ T7741] netlink: 24 bytes leftover after parsing attributes in process `syz.3.538'. [ 228.327045][ T24] usb 3-1: config 169 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 228.436840][ T24] usb 3-1: config 169 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 512, setting to 64 [ 228.451465][ T24] usb 3-1: New USB device found, idVendor=041e, idProduct=3100, bcdDevice= 0.00 [ 228.461595][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.479941][ T7728] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 229.162564][ T7753] xt_ecn: cannot match TCP bits for non-tcp packets [ 229.761277][ T7763] netlink: 12 bytes leftover after parsing attributes in process `syz.4.545'. [ 229.811544][ T7763] 8021q: adding VLAN 0 to HW filter on device bond1 [ 229.862061][ T7766] 8021q: adding VLAN 0 to HW filter on device bond1 [ 229.871265][ T7766] bond1: (slave ip6tnl1): The slave device specified does not support setting the MAC address [ 229.888206][ T7766] bond1: (slave ip6tnl1): Error -95 calling set_mac_address [ 229.919514][ T24] usb 3-1: string descriptor 0 read error: -71 [ 229.942321][ T24] usbhid 3-1:169.0: can't add hid device: -71 [ 229.961811][ T24] usbhid 3-1:169.0: probe with driver usbhid failed with error -71 [ 229.993462][ T24] usb 3-1: USB disconnect, device number 22 [ 230.090517][ T7770] netlink: 'syz.4.547': attribute type 10 has an invalid length. [ 230.101441][ T7770] netlink: 40 bytes leftover after parsing attributes in process `syz.4.547'. [ 230.110868][ T7770] dummy0: entered promiscuous mode [ 230.118259][ T7770] batman_adv: batadv0: Interface deactivated: dummy0 [ 230.125157][ T7770] batman_adv: batadv0: Removing interface: dummy0 [ 230.132819][ T7770] bridge0: port 3(dummy0) entered blocking state [ 230.139453][ T7770] bridge0: port 3(dummy0) entered disabled state [ 230.148010][ T7770] dummy0: entered allmulticast mode [ 230.156749][ T7770] bridge0: port 3(dummy0) entered blocking state [ 230.164020][ T7770] bridge0: port 3(dummy0) entered forwarding state [ 230.186411][ T7771] netlink: 8 bytes leftover after parsing attributes in process `syz.4.547'. [ 230.217131][ T7770] netlink: 8 bytes leftover after parsing attributes in process `syz.4.547'. [ 230.273927][ T5946] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 230.435820][ T5946] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 230.451891][ T5946] usb 2-1: New USB device found, idVendor=0471, idProduct=0303, bcdDevice=e5.df [ 230.461846][ T5946] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 230.474733][ T5946] usb 2-1: config 0 descriptor?? [ 230.496301][ T5946] pwc: Philips PCA646VC USB webcam detected. [ 230.710532][ T7768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 230.719970][ T7768] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 230.779918][ T5946] pwc: send_video_command error -71 [ 230.806663][ T7776] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 230.818472][ T5946] pwc: Failed to set video mode CIF@30 fps; return code = -71 [ 230.855131][ T5946] Philips webcam 2-1:0.0: probe with driver Philips webcam failed with error -71 [ 230.864781][ T7776] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 230.924671][ T7776] kAFS: unparsable volume name [ 230.929929][ T5946] usb 2-1: USB disconnect, device number 25 [ 231.014878][ T9] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 231.233961][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 231.257621][ T9] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 231.287629][ T7785] netlink: 28 bytes leftover after parsing attributes in process `syz.3.552'. [ 231.288288][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 231.297996][ T7785] netlink: 28 bytes leftover after parsing attributes in process `syz.3.552'. [ 231.333097][ T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 231.353725][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 231.362873][ T9] usb 3-1: Product: syz [ 231.370666][ T9] usb 3-1: Manufacturer: syz [ 231.375962][ T9] usb 3-1: SerialNumber: syz [ 231.406450][ T7785] batadv0: entered promiscuous mode [ 231.449291][ T7785] batadv0: left promiscuous mode [ 231.594296][ T9] usb 3-1: cannot find UAC_HEADER [ 231.691364][ T9] snd-usb-audio 3-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 231.741480][ T9] usb 3-1: USB disconnect, device number 23 [ 231.810812][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 231.902157][ T24] usb 1-1: USB disconnect, device number 19 [ 232.339473][ T7803] binder: 7802:7803 ioctl c018aec0 200000000040 returned -22 [ 232.359104][ T7805] netlink: 'syz.4.558': attribute type 2 has an invalid length. [ 232.812217][ T30] audit: type=1326 audit(1748404497.434:323): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7819 comm="syz.1.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 232.971408][ T7825] netlink: 24 bytes leftover after parsing attributes in process `syz.4.563'. [ 233.006756][ T30] audit: type=1326 audit(1748404497.434:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7819 comm="syz.1.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=276 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 233.028964][ C1] vkms_vblank_simulate: vblank timer overrun [ 233.081757][ T30] audit: type=1326 audit(1748404497.434:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7819 comm="syz.1.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 233.107586][ T30] audit: type=1326 audit(1748404497.434:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7819 comm="syz.1.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 233.129677][ C1] vkms_vblank_simulate: vblank timer overrun [ 233.136063][ T24] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 233.771721][ T30] audit: type=1326 audit(1748404497.434:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7819 comm="syz.1.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 233.793936][ C1] vkms_vblank_simulate: vblank timer overrun [ 233.814432][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 233.867089][ T24] usb 2-1: New USB device found, idVendor=0b49, idProduct=064f, bcdDevice=ac.b4 [ 233.897960][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.909353][ T7830] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 233.939878][ T24] usb 2-1: Product: syz [ 233.967454][ T24] usb 2-1: Manufacturer: syz [ 233.972381][ T30] audit: type=1326 audit(1748404497.434:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7819 comm="syz.1.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f8f9b78d2d0 code=0x7ffc0000 [ 233.994582][ C1] vkms_vblank_simulate: vblank timer overrun [ 234.019135][ T24] usb 2-1: SerialNumber: syz [ 234.072932][ T24] usb 2-1: config 0 descriptor?? [ 234.110486][ T30] audit: type=1326 audit(1748404497.444:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7819 comm="syz.1.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8f9b78e56b code=0x7ffc0000 [ 234.186709][ T30] audit: type=1326 audit(1748404497.444:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7819 comm="syz.1.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8f9b78e56b code=0x7ffc0000 [ 234.275891][ T30] audit: type=1326 audit(1748404497.444:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7819 comm="syz.1.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8f9b78e56b code=0x7ffc0000 [ 234.283967][ T5882] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 234.297980][ C1] vkms_vblank_simulate: vblank timer overrun [ 234.395859][ T30] audit: type=1326 audit(1748404497.444:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7819 comm="syz.1.564" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f8f9b78e56b code=0x7ffc0000 [ 234.544076][ T5882] usb 3-1: Using ep0 maxpacket: 8 [ 234.556656][ T5882] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 234.582113][ T5882] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 234.617955][ T5882] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 234.633129][ T7846] x_tables: ip_tables: osf match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT/FORWARD [ 234.654156][ T5882] usb 3-1: Product: syz [ 234.658656][ T5882] usb 3-1: Manufacturer: syz [ 234.669261][ T5882] usb 3-1: SerialNumber: syz [ 234.678922][ T5882] usb 3-1: config 0 descriptor?? [ 234.679859][ T7847] x_tables: ip_tables: osf match: used from hooks OUTPUT, but only valid from PREROUTING/INPUT/FORWARD [ 234.691914][ T5882] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 234.753041][ T5882] usb 3-1: setting power ON [ 234.777389][ T5882] dvb-usb: bulk message failed: -22 (2/0) [ 234.827614][ T5882] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 234.867815][ T5882] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 234.895860][ T7836] dvb-usb: bulk message failed: -22 (3/0) [ 234.901758][ T7836] usb 3-1: gpio_write failed. [ 234.918413][ T5882] usb 3-1: media controller created [ 234.939178][ T7836] dvb-usb: bulk message failed: -22 (4/0) [ 234.954105][ T7836] cxusb: i2c read failed [ 234.989308][ T5882] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 235.041867][ T5882] usb 3-1: selecting invalid altsetting 6 [ 235.047951][ T5882] usb 3-1: digital interface selection failed (-22) [ 235.055313][ T5882] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 235.086701][ T5882] usb 3-1: setting power OFF [ 235.091441][ T5882] dvb-usb: bulk message failed: -22 (2/0) [ 235.111370][ T5882] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 235.164408][ T5882] (NULL device *): no alternate interface [ 235.223448][ T5882] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 235.266684][ T5882] usb 3-1: USB disconnect, device number 24 [ 235.323631][ T7861] xt_hashlimit: size too large, truncated to 1048576 [ 235.380823][ T7863] xt_hashlimit: size too large, truncated to 1048576 [ 235.397404][ T7862] netlink: 540 bytes leftover after parsing attributes in process `syz.0.578'. [ 235.549167][ T7867] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967291 (274877906624 ns) > initial count (30400 ns). Using initial count to start timer. [ 235.823261][ T979] usb 2-1: USB disconnect, device number 26 [ 236.556992][ T7888] x_tables: duplicate underflow at hook 1 [ 236.732511][ T7891] netlink: 24 bytes leftover after parsing attributes in process `syz.0.585'. [ 237.480075][ T7907] misc userio: The device must be registered before sending interrupts [ 237.746187][ T979] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 237.906447][ T979] usb 1-1: Using ep0 maxpacket: 32 [ 237.920586][ T979] usb 1-1: unable to get BOS descriptor or descriptor too short [ 237.939975][ T979] usb 1-1: config 253 has an invalid interface number: 202 but max is 0 [ 237.951117][ T979] usb 1-1: config 253 has no interface number 0 [ 237.963776][ T979] usb 1-1: New USB device found, idVendor=13b1, idProduct=0000, bcdDevice= 0.00 [ 237.981621][ T979] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.990181][ T979] usb 1-1: Product: syz [ 237.998553][ T979] usb 1-1: Manufacturer: syz [ 238.007738][ T979] usb 1-1: SerialNumber: syz [ 238.365186][ T7927] loop2: detected capacity change from 0 to 7 [ 238.380924][ T7927] Dev loop2: unable to read RDB block 7 [ 238.389438][ T7927] loop2: unable to read partition table [ 238.396338][ T7927] loop2: partition table beyond EOD, truncated [ 238.405989][ T7927] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 238.423995][ T5955] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 238.599611][ T5955] usb 3-1: Using ep0 maxpacket: 8 [ 238.633071][ T5955] usb 3-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 238.663456][ T5955] usb 3-1: config 0 interface 0 has no altsetting 0 [ 238.691333][ T5955] usb 3-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76 [ 238.701849][ T5955] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 238.710318][ T5955] usb 3-1: Product: syz [ 238.719588][ T5955] usb 3-1: Manufacturer: syz [ 238.755133][ T979] usb 1-1: USB disconnect, device number 20 [ 238.762683][ T5955] usb 3-1: SerialNumber: syz [ 238.798243][ T5955] usb 3-1: config 0 descriptor?? [ 238.852255][ T5955] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 found [ 239.047907][ T24] usb 2-1: new high-speed USB device number 27 using dummy_hcd [ 239.061078][ T5955] snd_usb_toneport 3-1:0.0: cannot get proper max packet size [ 239.073854][ T5955] snd_usb_toneport 3-1:0.0: Line 6 TonePort UX2 now disconnected [ 239.085300][ T5955] snd_usb_toneport 3-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 239.219371][ T7941] x_tables: duplicate underflow at hook 1 [ 239.239568][ T24] usb 2-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 239.257069][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 239.278247][ T24] usb 2-1: config 0 descriptor?? [ 239.289972][ T24] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 239.486986][ T7934] netlink: 'syz.1.600': attribute type 2 has an invalid length. [ 239.538518][ T7934] : entered promiscuous mode [ 239.813957][ T24] gspca_sunplus: reg_w_riv err -71 [ 239.820668][ T24] sunplus 2-1:0.0: probe with driver sunplus failed with error -71 [ 239.871002][ T24] usb 2-1: USB disconnect, device number 27 [ 240.164231][ T5955] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 240.396504][ T5955] usb 1-1: Using ep0 maxpacket: 16 [ 240.432891][ T5955] usb 1-1: config 0 has an invalid interface number: 214 but max is 0 [ 240.449310][ T5955] usb 1-1: config 0 has no interface number 0 [ 240.473947][ T5955] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has an invalid bInterval 255, changing to 11 [ 240.529058][ T5955] usb 1-1: config 0 interface 214 altsetting 0 endpoint 0x83 has invalid maxpacket 59391, setting to 1024 [ 240.555685][ T5955] usb 1-1: New USB device found, idVendor=0596, idProduct=0001, bcdDevice= 5.f5 [ 240.584999][ T5955] usb 1-1: New USB device strings: Mfr=1, Product=0, SerialNumber=3 [ 240.598903][ T5955] usb 1-1: Manufacturer: syz [ 240.616411][ T5955] usb 1-1: SerialNumber: syz [ 240.690717][ T5955] usb 1-1: config 0 descriptor?? [ 240.713490][ T7954] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 240.869473][ T7970] netlink: 80 bytes leftover after parsing attributes in process `syz.1.614'. [ 240.881666][ T7972] netlink: 540 bytes leftover after parsing attributes in process `syz.3.615'. [ 241.000867][ T7974] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967291 (274877906624 ns) > initial count (30400 ns). Using initial count to start timer. [ 241.178169][ T7979] netlink: 8 bytes leftover after parsing attributes in process `syz.4.617'. [ 241.365440][ T7988] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 241.376513][ T7988] binder: 7980:7988 ioctl c0306201 200000000640 returned -22 [ 241.693971][ T5882] usb 2-1: new high-speed USB device number 28 using dummy_hcd [ 241.864055][ T5882] usb 2-1: Using ep0 maxpacket: 8 [ 241.880251][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid wMaxPacketSize 0 [ 241.894466][ T5882] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 241.919705][ T5882] usb 2-1: New USB device found, idVendor=0af0, idProduct=6751, bcdDevice=75.8b [ 241.957368][ T5882] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 242.126988][ T5882] usb 2-1: config 0 descriptor?? [ 242.211248][ T7997] netlink: 4 bytes leftover after parsing attributes in process `syz.3.622'. [ 242.229120][ T5882] hso 2-1:0.0: Can't find BULK IN endpoint [ 242.278866][ T979] usb 3-1: USB disconnect, device number 25 [ 242.944146][ T979] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 242.952248][ T5955] usbtouchscreen 1-1:0.214: probe with driver usbtouchscreen failed with error -71 [ 243.008012][ T5955] usb 1-1: USB disconnect, device number 21 [ 243.033206][ T8005] binder: 8004:8005 ioctl c018620c 200000000000 returned -1 [ 243.141397][ T979] usb 3-1: config 0 has an invalid interface number: 5 but max is 1 [ 243.188086][ T979] usb 3-1: config 0 has an invalid interface number: 177 but max is 1 [ 243.208962][ T979] usb 3-1: config 0 has an invalid interface number: 215 but max is 1 [ 243.296705][ T979] usb 3-1: config 0 has 3 interfaces, different from the descriptor's value: 2 [ 243.490215][ T979] usb 3-1: config 0 has no interface number 0 [ 243.528222][ T979] usb 3-1: config 0 has no interface number 1 [ 243.593905][ T5882] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 243.641263][ T979] usb 3-1: config 0 has no interface number 2 [ 243.655420][ T979] usb 3-1: config 0 interface 5 altsetting 7 endpoint 0x9 has invalid maxpacket 1023, setting to 64 [ 243.691058][ T979] usb 3-1: config 0 interface 5 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 243.723849][ T979] usb 3-1: config 0 interface 5 altsetting 7 has an endpoint descriptor with address 0xC4, changing to 0x84 [ 243.763915][ T5882] usb 5-1: Using ep0 maxpacket: 8 [ 243.793464][ T5882] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 243.827454][ T5882] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 243.852672][ T979] usb 3-1: config 0 interface 5 altsetting 7 endpoint 0x84 has an invalid bInterval 21, changing to 8 [ 243.898837][ T5882] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 243.930429][ T5882] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 243.953064][ T979] usb 3-1: config 0 interface 5 altsetting 7 endpoint 0x84 has invalid maxpacket 1669, setting to 1024 [ 243.996251][ T979] usb 3-1: config 0 interface 5 altsetting 7 endpoint 0x7 has invalid maxpacket 512, setting to 64 [ 244.015011][ T5882] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 244.086861][ T5882] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 244.249577][ T979] usb 3-1: config 0 interface 5 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 244.299963][ T979] usb 3-1: config 0 interface 5 altsetting 7 has an invalid descriptor for endpoint zero, skipping [ 244.332569][ T979] usb 3-1: config 0 interface 5 altsetting 7 has 7 endpoint descriptors, different from the interface descriptor's value: 6 [ 244.356226][ T979] usb 3-1: config 0 interface 177 altsetting 6 endpoint 0xF has invalid maxpacket 1023, setting to 64 [ 244.371501][ T979] usb 3-1: config 0 interface 177 altsetting 6 has an invalid descriptor for endpoint zero, skipping [ 244.394588][ T979] usb 3-1: config 0 interface 177 altsetting 6 has a duplicate endpoint with address 0x3, skipping [ 244.436419][ T5882] usb 5-1: GET_CAPABILITIES returned 0 [ 244.454178][ T979] usb 3-1: config 0 interface 177 altsetting 6 has a duplicate endpoint with address 0x7, skipping [ 244.463974][ T5882] usbtmc 5-1:16.0: can't read capabilities [ 244.522019][ T979] usb 3-1: config 0 interface 177 altsetting 6 has a duplicate endpoint with address 0x7, skipping [ 244.559212][ T979] usb 3-1: too many endpoints for config 0 interface 215 altsetting 195: 41, using maximum allowed: 30 [ 244.589677][ T979] usb 3-1: config 0 interface 215 altsetting 195 has 0 endpoint descriptors, different from the interface descriptor's value: 41 [ 244.646806][ T5882] usb 5-1: USB disconnect, device number 26 [ 244.649173][ T979] usb 3-1: config 0 interface 5 has no altsetting 0 [ 244.712246][ T979] usb 3-1: config 0 interface 177 has no altsetting 0 [ 244.761300][ T5946] usb 2-1: USB disconnect, device number 28 [ 244.771195][ T979] usb 3-1: config 0 interface 215 has no altsetting 0 [ 244.819372][ T979] usb 3-1: New USB device found, idVendor=19d2, idProduct=0113, bcdDevice=2b.dd [ 244.841508][ T979] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 244.883416][ T979] usb 3-1: Product: syz [ 244.898924][ T979] usb 3-1: Manufacturer: syz [ 244.903683][ T979] usb 3-1: SerialNumber: syz [ 244.924070][ T979] usb 3-1: config 0 descriptor?? [ 244.930960][ T7999] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 245.091704][ T8029] batman_adv: batadv0: Adding interface: dummy0 [ 245.101594][ T8029] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 245.170422][ T8029] batman_adv: batadv0: Interface activated: dummy0 [ 245.202615][ T30] kauditd_printk_skb: 29 callbacks suppressed [ 245.202642][ T30] audit: type=1326 audit(1748404509.844:362): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.1.638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 245.259112][ T979] usb 3-1: USB disconnect, device number 26 [ 245.294934][ T30] audit: type=1326 audit(1748404509.884:363): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.1.638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 245.374807][ T30] audit: type=1326 audit(1748404509.884:364): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8032 comm="syz.1.638" exe="/root/syz-executor" sig=0 arch=c000003e syscall=23 compat=0 ip=0x7f8f9b78e969 code=0x7ffc0000 [ 246.717386][ T8058] netlink: 20 bytes leftover after parsing attributes in process `syz.4.645'. [ 246.993963][ T979] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 247.080142][ T8069] netlink: 540 bytes leftover after parsing attributes in process `syz.1.648'. [ 247.143943][ T979] usb 4-1: Using ep0 maxpacket: 16 [ 247.159410][ T979] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 247.172255][ T979] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 247.187588][ T979] usb 4-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 247.206512][ T979] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 247.225017][ T979] usb 4-1: Product: syz [ 247.233700][ T979] usb 4-1: Manufacturer: syz [ 247.243856][ T979] usb 4-1: SerialNumber: syz [ 247.261423][ T979] usb 4-1: config 0 descriptor?? [ 247.301932][ T979] em28xx 4-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 247.355121][ T979] em28xx 4-1:0.0: Audio interface 0 found (Vendor Class) [ 247.787111][ T8076] dummy0: left allmulticast mode [ 247.792471][ T8076] bridge0: port 3(dummy0) entered disabled state [ 248.006661][ T8076] batman_adv: batadv0: Adding interface: dummy0 [ 248.009216][ T979] em28xx 4-1:0.0: unknown em28xx chip ID (0) [ 248.015480][ T8076] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 248.244506][ T8076] batman_adv: batadv0: Interface activated: dummy0 [ 248.330094][ T979] em28xx 4-1:0.0: Config register raw data: 0xfffffffb [ 248.344007][ T979] em28xx 4-1:0.0: AC97 chip type couldn't be determined [ 248.351019][ T979] em28xx 4-1:0.0: No AC97 audio processor [ 248.394556][ T979] usb 4-1: USB disconnect, device number 28 [ 248.451086][ T979] em28xx 4-1:0.0: Disconnecting em28xx [ 248.467988][ T979] em28xx 4-1:0.0: Freeing device [ 249.261393][ T8100] netlink: 540 bytes leftover after parsing attributes in process `syz.2.659'. [ 249.277629][ T8102] netlink: 24 bytes leftover after parsing attributes in process `syz.0.658'. [ 250.120320][ T8108] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967291 (274877906624 ns) > initial count (30400 ns). Using initial count to start timer. [ 250.854032][ T5941] usb 3-1: new high-speed USB device number 27 using dummy_hcd [ 251.033534][ T5941] usb 3-1: unable to get BOS descriptor or descriptor too short [ 251.075336][ T5941] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 251.101571][ T5941] usb 3-1: can't read configurations, error -71 [ 251.536793][ T8138] netlink: 'syz.1.668': attribute type 10 has an invalid length. [ 251.574405][ T5946] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 251.597538][ T8140] netlink: 40 bytes leftover after parsing attributes in process `syz.1.668'. [ 251.649653][ T8138] bond0: (slave wlan1): Enslaving as an active interface with an up link [ 251.730185][ T8137] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 251.764261][ T5946] usb 5-1: Using ep0 maxpacket: 16 [ 251.772919][ T5946] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 251.788109][ T5946] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 251.847245][ T5946] usb 5-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 251.872265][ T5946] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 251.910465][ T5946] usb 5-1: Product: syz [ 252.082743][ T5946] usb 5-1: Manufacturer: syz [ 252.115032][ T5946] usb 5-1: SerialNumber: syz [ 252.136242][ T5946] usb 5-1: config 0 descriptor?? [ 252.146260][ T5946] em28xx 5-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 252.369346][ T5946] em28xx 5-1:0.0: Audio interface 0 found (Vendor Class) [ 252.494628][ T982] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 252.544599][ T8153] netlink: 540 bytes leftover after parsing attributes in process `syz.2.672'. [ 252.855434][ T982] usb 4-1: config 0 has no interfaces? [ 252.866889][ T982] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 252.898929][ T982] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 252.907530][ T5946] em28xx 5-1:0.0: unknown em28xx chip ID (0) [ 252.934008][ T982] usb 4-1: Product: syz [ 252.938504][ T982] usb 4-1: Manufacturer: syz [ 252.943159][ T982] usb 4-1: SerialNumber: syz [ 252.971076][ T982] usb 4-1: config 0 descriptor?? [ 253.580846][ T5946] em28xx 5-1:0.0: Config register raw data: 0xfffffffb [ 253.636049][ T5946] em28xx 5-1:0.0: AC97 chip type couldn't be determined [ 253.651255][ T5946] em28xx 5-1:0.0: No AC97 audio processor [ 253.723428][ T5946] usb 5-1: USB disconnect, device number 27 [ 253.763319][ T5946] em28xx 5-1:0.0: Disconnecting em28xx [ 253.791341][ T5946] em28xx 5-1:0.0: Freeing device [ 254.554098][ T5946] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 255.023282][ T5946] usb 1-1: config 0 has no interfaces? [ 255.042723][ T5946] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 255.056950][ T5946] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 255.145843][ T5946] usb 1-1: Product: syz [ 255.150059][ T5946] usb 1-1: Manufacturer: syz [ 255.172496][ T5946] usb 1-1: SerialNumber: syz [ 255.305419][ T5946] usb 1-1: config 0 descriptor?? [ 255.354714][ T5956] usb 3-1: new high-speed USB device number 29 using dummy_hcd [ 255.465669][ T8194] netlink: 540 bytes leftover after parsing attributes in process `syz.1.684'. [ 255.483247][ T5946] usb 4-1: USB disconnect, device number 29 [ 255.533905][ T5956] usb 3-1: Using ep0 maxpacket: 8 [ 255.535263][ T8194] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967291 (274877906624 ns) > initial count (30400 ns). Using initial count to start timer. [ 255.613616][ T5956] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 255.643905][ T8173] netlink: 'syz.0.677': attribute type 2 has an invalid length. [ 255.701567][ T5956] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 255.721105][ T5956] usb 3-1: config 1 has no interface number 1 [ 255.737758][ T5956] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 255.777265][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.796667][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 255.933754][ T5956] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 255.966467][ T5956] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.006952][ T5956] usb 3-1: Manufacturer: ೵侻ਙȯﺨ╹沛ꁋ [ 257.649507][ T8220] kvm: vcpu 0: requested 1664 ns lapic timer period limited to 200000 ns [ 258.815704][ T5946] usb 1-1: USB disconnect, device number 22 [ 258.879950][ T8237] netlink: 24 bytes leftover after parsing attributes in process `syz.3.696'. [ 258.890732][ T8237] netlink: 12 bytes leftover after parsing attributes in process `syz.3.696'. [ 258.990350][ T8243] input: syz1 as /devices/virtual/input/input18 [ 259.037403][ T8243] FAULT_INJECTION: forcing a failure. [ 259.037403][ T8243] name failslab, interval 1, probability 0, space 0, times 0 [ 259.143940][ T8243] CPU: 0 UID: 0 PID: 8243 Comm: syz.1.697 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 259.143968][ T8243] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 259.143989][ T8243] Call Trace: [ 259.143997][ T8243] [ 259.144005][ T8243] dump_stack_lvl+0x189/0x250 [ 259.144038][ T8243] ? __pfx____ratelimit+0x10/0x10 [ 259.144060][ T8243] ? __pfx_dump_stack_lvl+0x10/0x10 [ 259.144086][ T8243] ? __pfx__printk+0x10/0x10 [ 259.144110][ T8243] ? __pfx___might_resched+0x10/0x10 [ 259.144134][ T8243] ? fs_reclaim_acquire+0x7d/0x100 [ 259.144164][ T8243] should_fail_ex+0x414/0x560 [ 259.144193][ T8243] should_failslab+0xa8/0x100 [ 259.144217][ T8243] kmem_cache_alloc_noprof+0x73/0x3c0 [ 259.144237][ T8243] ? __kernfs_new_node+0xd7/0x7f0 [ 259.144267][ T8243] __kernfs_new_node+0xd7/0x7f0 [ 259.144293][ T8243] ? __lock_acquire+0xab9/0xd20 [ 259.144322][ T8243] ? __pfx___kernfs_new_node+0x10/0x10 [ 259.144349][ T8243] ? kernfs_root+0x1c/0x230 [ 259.144380][ T8243] ? kernfs_root+0x1c/0x230 [ 259.144404][ T8243] ? kernfs_root+0x1c/0x230 [ 259.144426][ T8243] ? kernfs_root+0x1c/0x230 [ 259.144455][ T8243] kernfs_new_node+0x102/0x210 [ 259.144486][ T8243] kernfs_create_link+0xa7/0x200 [ 259.144511][ T8243] sysfs_do_create_link_sd+0x83/0x110 [ 259.144538][ T8243] device_add_class_symlinks+0xb6/0x240 [ 259.144563][ T8243] device_add+0x475/0xb50 [ 259.144586][ T8243] cdev_device_add+0x1d6/0x390 [ 259.144617][ T8243] mousedev_create+0x547/0x680 [ 259.144646][ T8243] ? __bitmap_subset+0x170/0x190 [ 259.144672][ T8243] mousedev_connect+0x26/0x3a0 [ 259.144698][ T8243] input_register_device+0xcee/0x10b0 [ 259.144732][ T8243] uinput_create_device+0x422/0x670 [ 259.144751][ T8243] ? __lock_acquire+0xab9/0xd20 [ 259.144779][ T8243] uinput_ioctl_handler+0x3f0/0x1570 [ 259.144802][ T8243] ? __pfx_uinput_ioctl_handler+0x10/0x10 [ 259.144832][ T8243] ? __fget_files+0x2a/0x420 [ 259.144854][ T8243] ? __fget_files+0x3a0/0x420 [ 259.144881][ T8243] ? bpf_lsm_file_ioctl+0x9/0x20 [ 259.144902][ T8243] ? __pfx_uinput_ioctl+0x10/0x10 [ 259.144918][ T8243] __se_sys_ioctl+0xf9/0x170 [ 259.144939][ T8243] do_syscall_64+0xfa/0x3b0 [ 259.144961][ T8243] ? lockdep_hardirqs_on+0x9c/0x150 [ 259.144982][ T8243] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.145001][ T8243] ? clear_bhb_loop+0x60/0xb0 [ 259.145023][ T8243] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 259.145040][ T8243] RIP: 0033:0x7f8f9b78e969 [ 259.145057][ T8243] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 259.145073][ T8243] RSP: 002b:00007f8f995f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 259.145109][ T8243] RAX: ffffffffffffffda RBX: 00007f8f9b9b5fa0 RCX: 00007f8f9b78e969 [ 259.145123][ T8243] RDX: 0000000000000000 RSI: 0000000000005501 RDI: 0000000000000003 [ 259.145135][ T8243] RBP: 00007f8f995f6090 R08: 0000000000000000 R09: 0000000000000000 [ 259.145147][ T8243] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 259.145159][ T8243] R13: 0000000000000000 R14: 00007f8f9b9b5fa0 R15: 00007f8f9badfa28 [ 259.145189][ T8243] [ 259.151511][ T8242] netlink: 540 bytes leftover after parsing attributes in process `syz.0.699'. [ 259.415192][ C0] vkms_vblank_simulate: vblank timer overrun [ 259.605457][ T8243] input: failed to attach handler mousedev to device input18, error: -12 [ 260.153731][ T5956] usb 3-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 260.235895][ T5956] usb 3-1: USB disconnect, device number 29 [ 260.468779][ T5955] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 260.962002][ T5844] udevd[5844]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 261.054005][ T5955] usb 1-1: Using ep0 maxpacket: 8 [ 261.061045][ T5955] usb 1-1: config index 0 descriptor too short (expected 9773, got 45) [ 261.069987][ T5955] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 261.080230][ T5955] usb 1-1: config 1 has 0 interfaces, different from the descriptor's value: 1 [ 261.158351][ T5955] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 261.193689][ T5955] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 261.453976][ T5955] usb 1-1: string descriptor 0 read error: -71 [ 261.468048][ T5955] usb 1-1: USB disconnect, device number 23 [ 262.526277][ T8288] netlink: 540 bytes leftover after parsing attributes in process `syz.2.712'. [ 262.534047][ T5946] usb 5-1: new full-speed USB device number 28 using dummy_hcd [ 262.701933][ T8287] netlink: 84 bytes leftover after parsing attributes in process `syz.3.713'. [ 262.837031][ T5946] usb 5-1: unable to get BOS descriptor or descriptor too short [ 262.872592][ T5946] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 262.895950][ T5946] usb 5-1: can't read configurations, error -71 [ 263.461739][ T8294] FAULT_INJECTION: forcing a failure. [ 263.461739][ T8294] name failslab, interval 1, probability 0, space 0, times 0 [ 263.490931][ T8294] CPU: 1 UID: 0 PID: 8294 Comm: syz.1.716 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 263.490960][ T8294] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 263.490971][ T8294] Call Trace: [ 263.490978][ T8294] [ 263.490986][ T8294] dump_stack_lvl+0x189/0x250 [ 263.491031][ T8294] ? __pfx____ratelimit+0x10/0x10 [ 263.491054][ T8294] ? __pfx_dump_stack_lvl+0x10/0x10 [ 263.491081][ T8294] ? __pfx__printk+0x10/0x10 [ 263.491105][ T8294] ? __pfx___might_resched+0x10/0x10 [ 263.491129][ T8294] ? fs_reclaim_acquire+0x7d/0x100 [ 263.491159][ T8294] should_fail_ex+0x414/0x560 [ 263.491189][ T8294] should_failslab+0xa8/0x100 [ 263.491213][ T8294] __kmalloc_noprof+0xcb/0x4f0 [ 263.491234][ T8294] ? fib6_info_alloc+0x30/0xf0 [ 263.491249][ T8294] ? fib6_get_table+0x39/0x270 [ 263.491271][ T8294] fib6_info_alloc+0x30/0xf0 [ 263.491290][ T8294] ip6_route_info_create+0x4b3/0x1360 [ 263.491327][ T8294] ip6_route_add+0x28/0x160 [ 263.491351][ T8294] inet6_rtm_newroute+0x222/0x1bf0 [ 263.491378][ T8294] ? __lock_acquire+0xab9/0xd20 [ 263.491422][ T8294] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 263.491443][ T8294] ? __mutex_trylock_common+0x153/0x260 [ 263.491474][ T8294] ? __pfx___mutex_trylock_common+0x10/0x10 [ 263.491501][ T8294] ? __local_bh_enable_ip+0x12d/0x1c0 [ 263.491533][ T8294] ? rcu_is_watching+0x15/0xb0 [ 263.491560][ T8294] ? trace_contention_end+0x39/0x120 [ 263.491589][ T8294] ? __mutex_lock+0x330/0xe80 [ 263.491652][ T8294] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 263.491671][ T8294] rtnetlink_rcv_msg+0x779/0xb70 [ 263.491698][ T8294] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 263.491717][ T8294] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 263.491747][ T8294] ? ref_tracker_free+0x63a/0x7d0 [ 263.491773][ T8294] ? __copy_skb_header+0xa7/0x550 [ 263.491810][ T8294] netlink_rcv_skb+0x21c/0x490 [ 263.491833][ T8294] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 263.491857][ T8294] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 263.491901][ T8294] ? netlink_deliver_tap+0x2e/0x1b0 [ 263.491923][ T8294] ? netlink_deliver_tap+0x2e/0x1b0 [ 263.491951][ T8294] netlink_unicast+0x758/0x8d0 [ 263.491984][ T8294] netlink_sendmsg+0x805/0xb30 [ 263.492022][ T8294] ? __pfx_netlink_sendmsg+0x10/0x10 [ 263.492050][ T8294] ? aa_sock_msg_perm+0x94/0x160 [ 263.492077][ T8294] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 263.492096][ T8294] ? __pfx_netlink_sendmsg+0x10/0x10 [ 263.492121][ T8294] __sock_sendmsg+0x219/0x270 [ 263.492144][ T8294] ____sys_sendmsg+0x505/0x830 [ 263.492178][ T8294] ? __pfx_____sys_sendmsg+0x10/0x10 [ 263.492214][ T8294] ? import_iovec+0x74/0xa0 [ 263.492239][ T8294] ___sys_sendmsg+0x21f/0x2a0 [ 263.492268][ T8294] ? __pfx____sys_sendmsg+0x10/0x10 [ 263.492334][ T8294] ? __fget_files+0x2a/0x420 [ 263.492362][ T8294] ? __fget_files+0x3a0/0x420 [ 263.492397][ T8294] __x64_sys_sendmsg+0x19b/0x260 [ 263.492445][ T8294] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 263.492483][ T8294] ? __pfx_ksys_write+0x10/0x10 [ 263.492503][ T8294] ? rcu_is_watching+0x15/0xb0 [ 263.492536][ T8294] ? do_syscall_64+0xbe/0x3b0 [ 263.492566][ T8294] do_syscall_64+0xfa/0x3b0 [ 263.492589][ T8294] ? lockdep_hardirqs_on+0x9c/0x150 [ 263.492612][ T8294] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.492632][ T8294] ? clear_bhb_loop+0x60/0xb0 [ 263.492657][ T8294] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 263.492677][ T8294] RIP: 0033:0x7f8f9b78e969 [ 263.492695][ T8294] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 263.492712][ T8294] RSP: 002b:00007f8f995f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 263.492734][ T8294] RAX: ffffffffffffffda RBX: 00007f8f9b9b5fa0 RCX: 00007f8f9b78e969 [ 263.492749][ T8294] RDX: 0000000000040004 RSI: 0000200000000680 RDI: 0000000000000004 [ 263.492762][ T8294] RBP: 00007f8f995f6090 R08: 0000000000000000 R09: 0000000000000000 [ 263.492775][ T8294] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 263.492787][ T8294] R13: 0000000000000000 R14: 00007f8f9b9b5fa0 R15: 00007f8f9badfa28 [ 263.492818][ T8294] [ 264.710521][ T8312] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 264.798168][ T5955] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 264.986449][ T5955] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 265.006989][ T5955] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 265.059839][ T5955] usb 4-1: config 0 descriptor?? [ 265.301648][ T8319] netlink: 540 bytes leftover after parsing attributes in process `syz.4.724'. [ 265.343926][ T5878] usb 3-1: new high-speed USB device number 30 using dummy_hcd [ 265.429888][ T8318] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=4294967291 (274877906624 ns) > initial count (30400 ns). Using initial count to start timer. [ 265.442162][ T8324] FAULT_INJECTION: forcing a failure. [ 265.442162][ T8324] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 265.470456][ T8324] CPU: 1 UID: 0 PID: 8324 Comm: syz.1.726 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 265.470488][ T8324] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 265.470502][ T8324] Call Trace: [ 265.470510][ T8324] [ 265.470518][ T8324] dump_stack_lvl+0x189/0x250 [ 265.470553][ T8324] ? __pfx____ratelimit+0x10/0x10 [ 265.470579][ T8324] ? __pfx_dump_stack_lvl+0x10/0x10 [ 265.470608][ T8324] ? __pfx__printk+0x10/0x10 [ 265.470629][ T8324] ? __might_fault+0xb0/0x130 [ 265.470665][ T8324] should_fail_ex+0x414/0x560 [ 265.470697][ T8324] _copy_from_user+0x2d/0xb0 [ 265.470719][ T8324] snd_seq_ioctl+0x1d8/0x420 [ 265.470746][ T8324] ? __pfx_snd_seq_ioctl+0x10/0x10 [ 265.470786][ T8324] ? __fget_files+0x3a0/0x420 [ 265.470810][ T8324] ? __fget_files+0x2a/0x420 [ 265.470847][ T8324] ? bpf_lsm_file_ioctl+0x9/0x20 [ 265.470871][ T8324] ? __pfx_snd_seq_ioctl+0x10/0x10 [ 265.470892][ T8324] __se_sys_ioctl+0xf9/0x170 [ 265.470915][ T8324] do_syscall_64+0xfa/0x3b0 [ 265.470940][ T8324] ? lockdep_hardirqs_on+0x9c/0x150 [ 265.470963][ T8324] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.470984][ T8324] ? clear_bhb_loop+0x60/0xb0 [ 265.471009][ T8324] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 265.471028][ T8324] RIP: 0033:0x7f8f9b78e969 [ 265.471046][ T8324] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 265.471064][ T8324] RSP: 002b:00007f8f995f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 265.471086][ T8324] RAX: ffffffffffffffda RBX: 00007f8f9b9b5fa0 RCX: 00007f8f9b78e969 [ 265.471100][ T8324] RDX: 00002000000001c0 RSI: 0000000040505330 RDI: 0000000000000004 [ 265.471114][ T8324] RBP: 00007f8f995f6090 R08: 0000000000000000 R09: 0000000000000000 [ 265.471126][ T8324] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 265.471137][ T8324] R13: 0000000000000000 R14: 00007f8f9b9b5fa0 R15: 00007f8f9badfa28 [ 265.471168][ T8324] [ 265.686842][ T5955] usb 4-1: Cannot set MAC address [ 265.692168][ T5955] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 265.706961][ T5955] usb 4-1: USB disconnect, device number 30 [ 265.732150][ T5878] usb 3-1: too many configurations: 255, using maximum allowed: 8 [ 265.743340][ T5878] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 265.751213][ T5878] usb 3-1: can't read configurations, error -61 [ 265.883933][ T5878] usb 3-1: new high-speed USB device number 31 using dummy_hcd [ 265.953866][ T5946] usb 1-1: new full-speed USB device number 24 using dummy_hcd [ 266.055327][ T5878] usb 3-1: too many configurations: 255, using maximum allowed: 8 [ 266.079714][ T5878] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 266.103775][ T5878] usb 3-1: can't read configurations, error -61 [ 266.117077][ T5946] usb 1-1: device descriptor read/64, error -71 [ 266.123681][ T5878] usb usb3-port1: attempt power cycle [ 266.353955][ T5955] usb 2-1: new high-speed USB device number 29 using dummy_hcd [ 266.363878][ T5946] usb 1-1: new full-speed USB device number 25 using dummy_hcd [ 266.496419][ T5878] usb 3-1: new high-speed USB device number 32 using dummy_hcd [ 266.504300][ T982] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 266.513974][ T5946] usb 1-1: device descriptor read/64, error -71 [ 266.537220][ T5878] usb 3-1: too many configurations: 255, using maximum allowed: 8 [ 266.552143][ T5878] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 266.560369][ T5878] usb 3-1: can't read configurations, error -61 [ 266.584100][ T5955] usb 2-1: Using ep0 maxpacket: 8 [ 266.597956][ T5955] usb 2-1: config 0 interface 0 altsetting 2 endpoint 0x1 has invalid maxpacket 512, setting to 64 [ 266.623106][ T5955] usb 2-1: config 0 interface 0 has no altsetting 0 [ 266.635967][ T5955] usb 2-1: New USB device found, idVendor=0e41, idProduct=4142, bcdDevice=bc.76 [ 266.636035][ T5946] usb usb1-port1: attempt power cycle [ 266.665308][ T5955] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.673339][ T5955] usb 2-1: Product: syz [ 266.677739][ T982] usb 4-1: Using ep0 maxpacket: 32 [ 266.689610][ T982] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xA6, changing to 0x86 [ 266.704620][ T5955] usb 2-1: Manufacturer: syz [ 266.712679][ T5955] usb 2-1: SerialNumber: syz [ 266.718957][ T982] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has an invalid bInterval 245, changing to 11 [ 266.734972][ T5955] usb 2-1: config 0 descriptor?? [ 266.739949][ T982] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x86 has invalid maxpacket 58613, setting to 1024 [ 266.752301][ T5878] usb 3-1: new high-speed USB device number 33 using dummy_hcd [ 266.765381][ T982] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has an invalid bInterval 255, changing to 11 [ 266.766168][ T9] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 266.785509][ T982] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 59391, setting to 1024 [ 266.800637][ T5878] usb 3-1: too many configurations: 255, using maximum allowed: 8 [ 266.809211][ T5955] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 found [ 266.826293][ T982] usb 4-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 266.836163][ T982] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 266.846504][ T5878] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 266.856252][ T982] usb 4-1: Product: syz [ 266.860652][ T5878] usb 3-1: can't read configurations, error -61 [ 266.867213][ T982] usb 4-1: Manufacturer: syz [ 266.873538][ T5878] usb usb3-port1: unable to enumerate USB device [ 266.880162][ T982] usb 4-1: SerialNumber: syz [ 266.904585][ T982] usb 4-1: config 0 descriptor?? [ 266.977065][ T5955] snd_usb_toneport 2-1:0.0: cannot get proper max packet size [ 266.994203][ T5955] snd_usb_toneport 2-1:0.0: Line 6 TonePort UX2 now disconnected [ 266.999237][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 267.005510][ T5955] snd_usb_toneport 2-1:0.0: probe with driver snd_usb_toneport failed with error -22 [ 267.021998][ T9] usb 5-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 267.041127][ T5946] usb 1-1: new full-speed USB device number 26 using dummy_hcd [ 267.048959][ T9] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 267.073302][ T9] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 267.087305][ T5946] usb 1-1: device descriptor read/8, error -71 [ 267.097593][ T9] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 267.110975][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 267.131733][ T9] usb 5-1: Product: syz [ 267.133308][ T8332] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 267.151518][ T8332] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 267.163544][ T9] usb 5-1: Manufacturer: syz [ 267.179803][ T8332] vhci_hcd vhci_hcd.0: pdev(3) rhport(0) sockfd(6) [ 267.186343][ T8332] vhci_hcd vhci_hcd.0: devid(0) speed(2) speed_str(full-speed) [ 267.208902][ T9] usb 5-1: SerialNumber: syz [ 267.225646][ T8332] vhci_hcd vhci_hcd.0: Device attached [ 267.325803][ T5946] usb 1-1: new full-speed USB device number 27 using dummy_hcd [ 267.396687][ T5946] usb 1-1: device descriptor read/8, error -71 [ 267.423969][ T5955] vhci_hcd: vhci_device speed not set [ 267.504869][ T8336] binder: BINDER_SET_CONTEXT_MGR already set [ 267.511226][ T8336] binder: 8335:8336 ioctl 4018620d 200000000040 returned -16 [ 267.520239][ T5946] usb usb1-port1: unable to enumerate USB device [ 267.544991][ T9] usb 5-1: 0:2 : does not exist [ 267.564063][ T5955] usb 39-1: new full-speed USB device number 2 using vhci_hcd [ 267.566172][ T9] usb 5-1: 1:0: cannot get min/max values for control 4 (id 1) [ 267.637130][ T9] usb 5-1: USB disconnect, device number 30 [ 267.924295][ T31] INFO: task kworker/1:5:5895 blocked for more than 143 seconds. [ 267.932391][ T982] iforce 4-1:0.0: usb_submit_urb failed: -110 [ 267.939501][ T31] Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 [ 267.947219][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 267.953460][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 267.978953][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 267.994401][ T31] task:kworker/1:5 state:D stack:24968 pid:5895 tgid:5895 ppid:2 task_flags:0x4208060 flags:0x00004000 [ 268.007069][ T31] Workqueue: usb_hub_wq hub_event [ 268.012317][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.018731][ T31] Call Trace: [ 268.022173][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.032850][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.034043][ T31] [ 268.039395][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.044069][ T31] __schedule+0x16f5/0x4d00 [ 268.048471][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.064394][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.070800][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.077432][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.084905][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.099883][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.110025][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.120363][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.130021][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.131981][ T31] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 268.150001][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.163314][ T31] ? schedule+0x165/0x360 [ 268.165518][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.170344][ T31] ? __pfx___schedule+0x10/0x10 [ 268.186948][ T31] ? schedule+0x91/0x360 [ 268.201667][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.206281][ T31] schedule+0x165/0x360 [ 268.214638][ T31] schedule_preempt_disabled+0x13/0x30 [ 268.220260][ T31] __mutex_lock+0x724/0xe80 [ 268.249208][ T31] ? __mutex_lock+0x51b/0xe80 [ 268.258630][ T31] ? hub_event+0x21cb/0x4a00 [ 268.266481][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 268.273732][ T31] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 268.285724][ T31] hub_event+0x21cb/0x4a00 [ 268.292012][ T982] iforce 4-1:0.0: usb_submit_urb failed: -32 [ 268.305996][ T31] ? do_raw_spin_lock+0x121/0x290 [ 268.308096][ T982] input input19: Timeout waiting for response from device. [ 268.321542][ T31] ? __pfx_hub_event+0x10/0x10 [ 268.333396][ T31] ? process_scheduled_works+0x9ec/0x17a0 [ 268.362778][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 268.380889][ T31] ? process_scheduled_works+0x9ec/0x17a0 [ 268.398792][ T31] ? process_scheduled_works+0x9ec/0x17a0 [ 268.410330][ T31] process_scheduled_works+0xadb/0x17a0 [ 268.416062][ T31] ? __pfx_process_scheduled_works+0x10/0x10 [ 268.422164][ T31] worker_thread+0x8a0/0xda0 [ 268.426973][ T31] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 268.433334][ T31] ? __kthread_parkme+0x7b/0x200 [ 268.438390][ T31] kthread+0x711/0x8a0 [ 268.442504][ T31] ? __pfx_worker_thread+0x10/0x10 [ 268.447784][ T31] ? __pfx_kthread+0x10/0x10 [ 268.452488][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 268.457863][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 268.463117][ T31] ? __pfx_kthread+0x10/0x10 [ 268.467787][ T31] ret_from_fork+0x3fc/0x770 [ 268.472395][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 268.477631][ T31] ? __switch_to_asm+0x39/0x70 [ 268.482431][ T31] ? __switch_to_asm+0x33/0x70 [ 268.487298][ T31] ? __pfx_kthread+0x10/0x10 [ 268.492570][ T31] ret_from_fork_asm+0x1a/0x30 [ 268.497470][ T31] [ 268.500633][ T31] [ 268.500633][ T31] Showing all locks held in the system: [ 268.516948][ T31] 2 locks held by kworker/u8:0/12: [ 268.522488][ T31] 1 lock held by khungtaskd/31: [ 268.527413][ T31] #0: ffffffff8e13cb40 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 268.539918][ T31] 5 locks held by kworker/1:1/45: [ 268.570954][ T31] #0: ffff8880216b9948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 268.590122][ T31] #1: ffffc90000b57bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 268.603322][ T31] #2: ffff888029039198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 268.612772][ T31] #3: ffff88802903d510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21a3/0x4a00 [ 268.622859][ T31] #4: ffff888027d8d968 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21cb/0x4a00 [ 268.632777][ T31] 5 locks held by kworker/u8:3/49: [ 268.640614][ T31] #0: ffff8880b8639f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140 [ 268.650737][ T31] #1: ffff8880b8623f08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x318/0x6d0 [ 268.662369][ T31] #2: ffffffff99cae360 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_deactivate+0x9a/0x250 [ 268.673082][ T31] #3: ffffffff99c9f2e8 (&obj_hash[i].lock){-.-.}-{2:2}, at: debug_object_activate+0xbb/0x420 [ 268.683954][ T31] #4: ffffe8ffffc86448 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x16a/0x6d0 [ 268.695569][ T31] 1 lock held by klogd/5187: [ 268.700725][ T31] #0: ffff8880b8639f58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140 [ 268.710778][ T31] 2 locks held by getty/5591: [ 268.715479][ T31] #0: ffff8880308d80a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 268.725683][ T31] #1: ffffc900036bb2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 268.736112][ T31] 5 locks held by kworker/1:5/5895: [ 268.741371][ T31] #0: ffff8880216b9948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 268.753100][ T31] #1: ffffc90004897bc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 268.766673][ T31] #2: ffff88823bea8998 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 268.775869][ T31] #3: ffff888144bff510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21a3/0x4a00 [ 268.786264][ T31] #4: ffff888027d8d968 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21cb/0x4a00 [ 268.796398][ T31] 5 locks held by kworker/1:6/5955: [ 268.802330][ T31] #0: ffff8880216b9948 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 268.814145][ T31] #1: ffffc9000aa4fbc0 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 268.826309][ T31] #2: ffff88802919b198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 268.835535][ T31] #3: ffff88802919e510 (&port_dev->status_lock){+.+.}-{4:4}, at: hub_event+0x21a3/0x4a00 [ 268.845841][ T31] #4: ffff888028e90f68 (hcd->address0_mutex){+.+.}-{4:4}, at: hub_event+0x21cb/0x4a00 [ 268.855844][ T31] [ 268.858247][ T31] ============================================= [ 268.858247][ T31] [ 268.870454][ T31] NMI backtrace for cpu 1 [ 268.870472][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 268.870494][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 268.870506][ T31] Call Trace: [ 268.870513][ T31] [ 268.870529][ T31] dump_stack_lvl+0x189/0x250 [ 268.870559][ T31] ? __wake_up_klogd+0xd9/0x110 [ 268.870579][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 268.870606][ T31] ? __pfx__printk+0x10/0x10 [ 268.870634][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 268.870649][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 268.870660][ T31] ? _printk+0xcf/0x120 [ 268.870676][ T31] ? __pfx__printk+0x10/0x10 [ 268.870690][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 268.870708][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 268.870734][ T31] watchdog+0xfee/0x1030 [ 268.870749][ T31] ? watchdog+0x1de/0x1030 [ 268.870768][ T31] kthread+0x711/0x8a0 [ 268.870784][ T31] ? __pfx_watchdog+0x10/0x10 [ 268.870797][ T31] ? __pfx_kthread+0x10/0x10 [ 268.870810][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 268.870823][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 268.870836][ T31] ? __pfx_kthread+0x10/0x10 [ 268.870849][ T31] ret_from_fork+0x3fc/0x770 [ 268.870866][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 268.870885][ T31] ? __switch_to_asm+0x39/0x70 [ 268.870896][ T31] ? __switch_to_asm+0x33/0x70 [ 268.870906][ T31] ? __pfx_kthread+0x10/0x10 [ 268.870918][ T31] ret_from_fork_asm+0x1a/0x30 [ 268.870940][ T31] [ 268.870945][ T31] Sending NMI from CPU 1 to CPUs 0: [ 269.030652][ C0] NMI backtrace for cpu 0 [ 269.030667][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 269.030685][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 269.030695][ C0] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 269.030718][ C0] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d c3 36 2a 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 269.030732][ C0] RSP: 0018:ffffffff8de07d80 EFLAGS: 000002c2 [ 269.030746][ C0] RAX: af267c41fa75a000 RBX: ffffffff81971088 RCX: af267c41fa75a000 [ 269.030764][ C0] RDX: 0000000000000001 RSI: ffffffff8d95acbf RDI: ffffffff8be24cc0 [ 269.030775][ C0] RBP: ffffffff8de07ea8 R08: ffff8880b8632f5b R09: 1ffff110170c65eb [ 269.030787][ C0] R10: dffffc0000000000 R11: ffffed10170c65ec R12: ffffffff8f9fc4b0 [ 269.030798][ C0] R13: 0000000000000000 R14: 0000000000000000 R15: 1ffffffff1bd2a48 [ 269.030809][ C0] FS: 0000000000000000(0000) GS:ffff888125c91000(0000) knlGS:0000000000000000 [ 269.030821][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 269.030831][ C0] CR2: 00007f9a2eb80178 CR3: 0000000062a9c000 CR4: 00000000003526f0 [ 269.030845][ C0] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 269.030854][ C0] DR3: 000000000000000e DR6: 00000000ffff0ff0 DR7: 0000000000000400 [ 269.030864][ C0] Call Trace: [ 269.030870][ C0] [ 269.030876][ C0] default_idle+0x13/0x20 [ 269.030896][ C0] default_idle_call+0x74/0xb0 [ 269.030918][ C0] do_idle+0x1e8/0x510 [ 269.030941][ C0] ? __pfx_do_idle+0x10/0x10 [ 269.030968][ C0] cpu_startup_entry+0x44/0x60 [ 269.030989][ C0] rest_init+0x2de/0x300 [ 269.031010][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 269.031028][ C0] start_kernel+0x478/0x500 [ 269.031051][ C0] x86_64_start_reservations+0x24/0x30 [ 269.031066][ C0] x86_64_start_kernel+0x143/0x1c0 [ 269.031081][ C0] common_startup_64+0x13e/0x147 [ 269.031104][ C0] [ 269.032630][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 269.237113][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-syzkaller-02443-g015a99fa7665 #0 PREEMPT(full) [ 269.248575][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 269.258628][ T31] Call Trace: [ 269.261987][ T31] [ 269.264924][ T31] dump_stack_lvl+0x99/0x250 [ 269.269540][ T31] ? __asan_memcpy+0x40/0x70 [ 269.274125][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 269.279326][ T31] ? __pfx__printk+0x10/0x10 [ 269.283921][ T31] panic+0x2db/0x790 [ 269.287821][ T31] ? __pfx_panic+0x10/0x10 [ 269.292264][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 269.298079][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 269.303457][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 269.309621][ T31] watchdog+0x102d/0x1030 [ 269.313974][ T31] ? watchdog+0x1de/0x1030 [ 269.318406][ T31] kthread+0x711/0x8a0 [ 269.322516][ T31] ? __pfx_watchdog+0x10/0x10 [ 269.327196][ T31] ? __pfx_kthread+0x10/0x10 [ 269.331781][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 269.336977][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 269.342171][ T31] ? __pfx_kthread+0x10/0x10 [ 269.346755][ T31] ret_from_fork+0x3fc/0x770 [ 269.351343][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 269.356461][ T31] ? __switch_to_asm+0x39/0x70 [ 269.361237][ T31] ? __switch_to_asm+0x33/0x70 [ 269.366000][ T31] ? __pfx_kthread+0x10/0x10 [ 269.370594][ T31] ret_from_fork_asm+0x1a/0x30 [ 269.375375][ T31] [ 269.378747][ T31] Kernel Offset: disabled [ 269.383075][ T31] Rebooting in 86400 seconds..