last executing test programs: 13.34582184s ago: executing program 2 (id=1011): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)={{0x12, 0x1, 0x0, 0x6e, 0x40, 0xb7, 0x40, 0x9e1, 0x5121, 0x40c1, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0x3c, 0xac, 0x24}}]}}]}}, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x20, 0x0) syz_usb_control_io$cdc_ncm(r0, &(0x7f0000000080)={0x14, 0x0, &(0x7f0000000040)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) 9.960257981s ago: executing program 2 (id=1026): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$EVIOCGRAB(0xffffffffffffffff, 0x40044590, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = openat$vimc1(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$inet6_udp(0xa, 0x2, 0x0) ioctl$VHOST_VDPA_SET_GROUP_ASID(0xffffffffffffffff, 0x4008af7c, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) fcntl$lock(r2, 0x24, &(0x7f0000000280)={0x2, 0x1, 0x0, 0x2}) sendmsg$can_bcm(0xffffffffffffffff, 0x0, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000300)=ANY=[@ANYRES32=0x0, @ANYBLOB="101193578480"], 0x20}, 0x1, 0x0, 0x0, 0x20000084}, 0x2c008095) r4 = syz_io_uring_setup(0xd86, &(0x7f0000000140)={0x0, 0x2c32, 0x400, 0x1, 0x89}, &(0x7f00000001c0)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r5, r6, &(0x7f00000002c0)=@IORING_OP_OPENAT={0x12, 0x0, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f0000000380)='./cgroup\x00', 0x2, 0x298f82}) io_uring_enter(r4, 0x3516, 0xaddf, 0x2, 0x0, 0x1517f) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) 8.099739767s ago: executing program 0 (id=1032): ioctl$BLKBSZSET(0xffffffffffffffff, 0x40081271, &(0x7f0000000100)=0x10000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000001080)='./binderfs/binder1\x00', 0x0, 0x0) ioctl$BINDER_SET_MAX_THREADS(r1, 0x40046205, &(0x7f00000010c0)=0x4) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000440)={0x48, 0x0, &(0x7f0000000300)=[@enter_looper, @transaction={0x40406300, {0x1, 0x0, 0x0, 0x0, 0x21, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}}], 0x5, 0x0, &(0x7f00000003c0)="d24bd14953"}) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000001200)={0x0, 0x0, 0x0, 0x2, 0x0, &(0x7f00000011c0)="f6d7"}) syz_clone(0x80001000, 0x0, 0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000004c0)={0x18, 0x4, &(0x7f00000001c0)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x8, '\x00', 0x0, 0x2}, 0x94) openat$vhost_vsock(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r4 = openat$nullb(0xffffffffffffff9c, &(0x7f0000001000), 0x169802, 0x0) r5 = dup(r4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, &(0x7f0000000100)={0x5}, 0x8}, 0x90) r6 = bpf$MAP_CREATE(0x0, &(0x7f0000000540)=ANY=[@ANYBLOB="0b00000000010000000100000900000001"], 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000640)={0x0, 0x0, &(0x7f0000000000), &(0x7f00000002c0), 0x8, r6}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000100), 0x0, 0x3, r6}, 0x38) ioctl$BLKRRPART(r5, 0x125f, 0x0) r7 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_MSG_GETOBJ(r7, &(0x7f00000001c0)={&(0x7f0000000040)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000000c0)={&(0x7f0000000080)={0x30, 0x13, 0xa, 0x200, 0x0, 0x0, {0x3, 0x0, 0x1}, [@NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x9}, @NFTA_OBJ_TYPE={0x8, 0x3, 0x1, 0x0, 0x4}, @NFTA_OBJ_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x30}, 0x1, 0x0, 0x0, 0x24000014}, 0x2004c031) kexec_load(0x0, 0x2, &(0x7f00000002c0)=[{0x0, 0x0, 0x1000000, 0x10000}, {0x0, 0x0, 0x3e0000}], 0x0) 7.918451847s ago: executing program 1 (id=1035): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, &(0x7f0000000040)=ANY=[@ANYBLOB="18000000000000060000000000000000850000000700000045000000a000020095"], &(0x7f0000000e00)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x3}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000040)='netlink_extack\x00', r0, 0x0, 0x9}, 0x18) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, &(0x7f0000000200)={'batadv_slave_0\x00', 0x0}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000180)={'vlan0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000100)=@newlink={0x48, 0x10, 0x503, 0x0, 0x1, {0x0, 0x0, 0x0, 0x0, 0x0, 0x8084}, [@IFLA_LINKINFO={0x28, 0x12, 0x0, 0x1, @hsr={{0x8}, {0x1c, 0x2, 0x0, 0x1, [@IFLA_HSR_SLAVE2={0x8, 0x2, r2}, @IFLA_HSR_SLAVE1={0x8, 0x1, r3}, @IFLA_HSR_PROTOCOL={0x5, 0x7, 0x2}]}}}]}, 0x48}}, 0x0) 7.651752069s ago: executing program 1 (id=1036): syz_emit_ethernet(0xc2, &(0x7f0000000240)={@broadcast, @random="01fd47497b17", @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0xb4, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @dest_unreach={0xc, 0x0, 0x0, 0x0, 0x0, 0x0, {0x26, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1, 0x0, @dev={0xac, 0x14, 0x14, 0x3}, @local, {[@rr={0x7, 0xf, 0x0, [@empty, @empty, @private]}, @timestamp={0x44, 0x18, 0x9a, 0x0, 0x5, [0x2, 0xb26, 0x3, 0x6, 0x4]}, @ssrr={0x89, 0xf, 0x0, [@private, @broadcast, @broadcast]}, @timestamp_addr={0x44, 0x4c, 0x0, 0x1, 0x0, [{@initdev={0xac, 0x1e, 0x0, 0x0}}, {@private}, {}, {@local}, {@loopback}, {@private}, {@multicast2}, {@remote}, {@broadcast}]}]}}}}}}}, 0x0) 7.503366883s ago: executing program 1 (id=1037): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_io_uring_setup(0x837, &(0x7f0000000540)={0x0, 0x2b94, 0x80, 0x7, 0x3cf}, &(0x7f0000000040)=0x0, &(0x7f0000000000)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000100)=@IORING_OP_TIMEOUT={0xb, 0x41, 0x0, 0x0, 0x9, &(0x7f00000000c0), 0x1, 0x4}) r5 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r6 = ioctl$KVM_CREATE_VM(r5, 0xae01, 0x0) r7 = ioctl$KVM_CREATE_VCPU(r6, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r7, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_SET_VCPU_EVENTS(0xffffffffffffffff, 0x4040aea0, 0x0) 6.950833037s ago: executing program 2 (id=1038): sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xc, 0x0, 0xfffffffffffffffe, 0x0, 0xffdfffff}, 0x0) writev(0xffffffffffffffff, 0x0, 0x0) r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x183822, 0x0) r1 = syz_io_uring_setup(0xd1, &(0x7f0000000480)={0x0, 0x0, 0x100, 0x0, 0x333}, &(0x7f0000000000)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd=r0, 0x0, &(0x7f0000000100)=[{0x0}, {0x0}], 0x2}) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x0, 0xc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x26, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_enter(r1, 0x47ba, 0x0, 0x0, 0x0, 0x0) 6.431974023s ago: executing program 2 (id=1039): getsockopt$inet_int(0xffffffffffffffff, 0x10d, 0x15, &(0x7f0000000000), 0x0) socket$isdn(0x22, 0x3, 0x25) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000000000000000000000850000"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x100}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r3, 0x8946, &(0x7f0000000140)={'veth0_to_team\x00', &(0x7f0000000280)=@ethtool_channels={0x3d, 0x100, 0x0, 0x0, 0x4, 0x2, 0x1}}) close(0xffffffffffffffff) r4 = syz_open_dev$dri(&(0x7f0000000000), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r4, 0xc04064a0, &(0x7f0000000140)={0x0, &(0x7f0000000380), 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_GETCRTC(0xffffffffffffffff, 0xc06864a1, 0x0) sendmsg$TIPC_CMD_GET_MEDIA_NAMES(r3, 0x0, 0x20005040) r5 = syz_open_dev$vbi(&(0x7f0000000000), 0x1, 0x2) ioctl$VIDIOC_S_FMT(r5, 0xc0d05605, &(0x7f0000000200)={0x5, @win={{}, 0x0, 0x0, 0x0, 0x0, 0x0}}) ioctl$DRM_IOCTL_MODE_GETFB2(0xffffffffffffffff, 0xc06864ce, &(0x7f0000000600)={0x0, 0x0, 0x0, 0x0, 0x3, [], [0x800000, 0x0, 0x0, 0x2000000], [0x0, 0x1001000, 0xfffffa45], [0x0, 0x0, 0xe8a6]}) ioctl$DRM_IOCTL_MODE_ADDFB2(0xffffffffffffffff, 0xc06864b8, 0x0) 5.044085812s ago: executing program 3 (id=1042): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) sendmsg$L2TP_CMD_TUNNEL_MODIFY(r0, &(0x7f0000000a40)={0x0, 0x0, &(0x7f0000000a00)={&(0x7f00000009c0)={0x14, r1, 0x1, 0x70bd27, 0x25dfdbfc}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x4000) 4.950356806s ago: executing program 3 (id=1043): r0 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000009c0)={0x1b, 0x0, 0x0, 0x40000, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0}, 0x48) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x11, 0xf, &(0x7f0000000340)=@ringbuf={{}, {{0x18, 0x1, 0x1, 0x0, r0}}, {}, [], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x1}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='percpu_alloc_percpu\x00', r1}, 0x10) r2 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000100), 0x800, 0x0) ioctl$TIOCSETD(r2, 0x5423, &(0x7f0000000040)=0x14) 4.648366125s ago: executing program 1 (id=1044): add_key(&(0x7f00000013c0)='big_key\x00', 0x0, 0x0, 0x0, 0xffffffffffffffff) newfstatat(0xffffffffffffff9c, &(0x7f00000000c0)='.\x00', &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0, 0x0}, 0x0) setresuid(0xee01, r0, r0) 4.555928706s ago: executing program 0 (id=1045): syz_open_dev$vim2m(&(0x7f0000000040), 0x3, 0x2) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, 0x0, 0x0) r1 = syz_io_uring_setup(0x88f, &(0x7f0000000140)={0x0, 0xaee2, 0x100, 0x402, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_POLL_ADD={0x6, 0x0, 0x0, @fd_index=0x3}) io_uring_enter(r1, 0x75fa, 0xe475, 0x0, 0x0, 0x0) 4.484238516s ago: executing program 3 (id=1046): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$kcm(0x10, 0x2, 0x0) r1 = bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="18000000003f000000000000000000f195"], &(0x7f0000000140)='GPL\x00'}, 0x80) bpf$BPF_PROG_TEST_RUN(0x1c, &(0x7f0000000240)={r1, 0xf, 0x25, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x40) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000200)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x4, [@enum={0x2, 0x0, 0x0, 0xf}]}, {0x0, [0x0, 0x5f]}}, 0x0, 0x28}, 0x20) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, &(0x7f00000003c0)=ANY=[], &(0x7f0000000580)='syzkaller\x00'}, 0x94) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_xfrm(0x10, 0x3, 0x6) socket(0x2a, 0x2, 0x0) socket$netlink(0x10, 0x3, 0x0) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000003c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34664c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbcebddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e802a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cfd7c3a1d37a6ab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ed8dba2f23b01a9aeb980aff9fa3a64709270c701db801f44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af4c0eb97fca585ec6bf58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef3b7cda42013d53046da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea2a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f76062adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b441233151122b41a8d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225c380fac12f8205d182f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd1f539bd43007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711d7219ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a26c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29754f928c59306ce105ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc05bea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efdb36b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800000000000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351ba332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d96ee1b84bb64b14aebc6b5194c55dd6890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b07838a3ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a139d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fcc49a729f11ab377f7132c543d29646a9378eea0761b7ed9d2172e33ed87c6513c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828bf209d0ed9829dec16ab67a4f59a504e09f55ab82bbd405087a17a229a149c53ee9145500db213cb36489a10957739e481a756e65bde579bbbfb404213f661eeaaffacbcfbfd60b1a715c366da2b37ac7e9e3033f8ec04db1c2412e02ccd0617d9fb646c4897750d068c936c3558a94b05d7c65c0d458c0d70d0aa864bc1e324d3f69b1b4061627da875a4b5c2668ab0990623fe6f3b54cd1c79da4baf256f88750c18486330589473e267fa44e220cf40db662b570c2a2fbba9a34a3dd7bbd8368fe506daa62b45797d4b397905a69e58eb436c08cc78963197adb1b16ad83a1a9b4"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000000)={@cgroup=r2, r2, 0x2e}, 0x20) sendmsg$kcm(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2e00000011008b88040f80ee59acbc04130800480f0000005e2900421803001825800000000000000280000c0012", 0x2e}], 0x1}, 0x0) 4.441484564s ago: executing program 1 (id=1047): syz_usb_connect$hid(0x5, 0x0, 0x0, 0x0) setsockopt$inet6_int(0xffffffffffffffff, 0x29, 0x18, 0x0, 0x500) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_tcp(0xa, 0x1, 0x0) lsm_set_self_attr(0x68, &(0x7f0000000800)=ANY=[@ANYBLOB='h\x00\x00\x00\x00\x00\x00\x00K\x00\x00\x00\x00\x00\x00\x00 \x00\x00\x00\x00'], 0x20, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xfffffffffffffffb, 0x9, 0x6, 0x0, 0x7}, 0x0) syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) openat$audio(0xffffffffffffff9c, &(0x7f0000000400), 0x0, 0x0) syz_open_dev$vim2m(&(0x7f0000000000), 0x3, 0x2) r2 = socket$netlink(0x10, 0x3, 0x10) sendmsg$nl_generic(r2, &(0x7f0000001780)={&(0x7f0000000280)={0x10, 0x0, 0x0, 0x8000000}, 0xc, &(0x7f0000001740)={&(0x7f00000002c0)={0x14, 0x28, 0x1, 0x70bd2d, 0x25dfdbff, {0x3}}, 0x14}, 0x1, 0x0, 0x0, 0x4051}, 0x20000800) 3.607753205s ago: executing program 0 (id=1048): socket$alg(0x26, 0x5, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r0, 0x0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) writev(r3, &(0x7f00000002c0)=[{&(0x7f0000000080)="02", 0x1}], 0x20) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x8, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "244cb303"}, 0x0, 0x1, {0x0}}) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x1) r4 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd) r5 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='4', 0xba, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000080)={r5, r4, r5}, 0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={'blake2b-384-generic\x00'}}) 2.967532655s ago: executing program 3 (id=1050): timer_create(0x0, &(0x7f0000000240)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) r1 = msgget(0x0, 0x30c) socket(0xa, 0x2, 0x0) getpgid(0xffffffffffffffff) msgctl$IPC_SET(r1, 0x1, 0x0) setitimer(0x3f, 0x0, 0x0) timer_create(0x6, 0x0, 0x0) 2.644245655s ago: executing program 2 (id=1051): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000500)=ANY=[@ANYBLOB="3801000010000100feffffff0001000000000000000000000000ffffe0000002fc0100000000000000000000000000010001071c4e230005000000003a000000", @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ff020000000000000000000000000001000004d46c000000ac14142500000000000000000000000000000000000000009201000000000000a39b000000000000ffff0000000000001c250800000000000500000000000000fcffffffffffffff0000000000000000ffffffffffffffff00000000000000001f00000000000000fefffffffffffffffafffffffcffffff000000008000000000350000020001002000000000000000480003"], 0x138}, 0x1, 0x0, 0x0, 0x8801}, 0x0) 2.569423696s ago: executing program 2 (id=1052): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000280)={0x26, 'hash\x00', 0x0, 0x0, 'sha384-generic\x00'}, 0x58) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, 0x0) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) sched_setaffinity(r1, 0x0, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) accept4(r0, 0x0, 0x0, 0x80800) r4 = syz_open_dev$vim2m(&(0x7f0000000680), 0x8, 0x2) writev(r4, &(0x7f00000002c0)=[{&(0x7f0000000080)="02", 0x1}], 0x20) ioctl$vim2m_VIDIOC_QBUF(0xffffffffffffffff, 0xc058565d, &(0x7f00000002c0)=@multiplanar_mmap={0x0, 0x8, 0x4, 0x0, 0x0, {}, {0x0, 0x0, 0x0, 0x0, 0x0, 0x0, "244cb303"}, 0x0, 0x1, {0x0}}) r5 = add_key$user(&(0x7f0000000200), &(0x7f0000000440), &(0x7f00000000c0), 0x14b, 0xfffffffffffffffd) r6 = add_key(&(0x7f0000000200)='user\x00', &(0x7f0000000240)={'syz', 0x0}, &(0x7f00000002c0)='4', 0xba, 0xfffffffffffffffe) keyctl$dh_compute(0x17, &(0x7f0000000080)={r6, r5, r6}, 0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000040)={'blake2b-384-generic\x00'}}) 2.471651672s ago: executing program 4 (id=1053): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000780)={&(0x7f00000002c0)=@newqdisc={0x68, 0x24, 0xd0f, 0x70bd2d, 0xffffffff, {0x60, 0x0, 0x0, r2, {0x0, 0xa}, {0xffff, 0xffff}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_tbf={{0x8}, {0x34, 0x2, [@TCA_TBF_PARMS={0x28, 0x1, {{0x1, 0x2, 0x3, 0x0, 0x9, 0x5}, {0x12, 0x2, 0x0, 0x401, 0x8001, 0x1400}, 0xa5, 0x5, 0xffffffe}}, @TCA_TBF_BURST={0x8, 0x6, 0x8057}]}}, @TCA_RATE={0x6, 0x5, {0x1, 0xe}}]}, 0x68}, 0x1, 0x0, 0x0, 0x40000}, 0x44080) 1.948937481s ago: executing program 4 (id=1054): r0 = openat$uinput(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) ioctl$UI_SET_PROPBIT(r0, 0x4004556e, 0x6) 1.616085471s ago: executing program 4 (id=1055): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB="4800000010000d0428bd7000fcdbff2500008000", @ANYRES32=0x0, @ANYBLOB="1000000000000000280012800b00010062726964676500"], 0x48}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[], 0x50}, 0x1, 0x0, 0x0, 0x13d33d22cca23c94}, 0x4008044) sendmmsg(r0, &(0x7f0000000000), 0x4000000000001f2, 0x0) 1.292317412s ago: executing program 4 (id=1056): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), 0xffffffffffffffff) r2 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000d40)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_BSS(r2, &(0x7f0000000e40)={0x0, 0x0, &(0x7f0000000e00)={&(0x7f0000000d80)={0x2c, r1, 0x1, 0x70bd2b, 0x25dfdbfc, {{}, {@val={0x8, 0x3, r3}, @void}}, [@NL80211_ATTR_BSS_HT_OPMODE={0x6, 0x6d, 0xfff9}, @NL80211_ATTR_BSS_SHORT_SLOT_TIME={0x5, 0x1e, 0x5}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4004}, 0x2000c884) 1.078192573s ago: executing program 4 (id=1057): futex(&(0x7f000000cffc), 0x4, 0x1, 0x0, &(0x7f0000048000)=0x1, 0x0) 792.18041ms ago: executing program 4 (id=1058): r0 = syz_open_dev$tty1(0xc, 0x4, 0x3) r1 = syz_usb_connect(0x0, 0x2d, &(0x7f0000000000)=ANY=[@ANYBLOB="120100007516b7108c0d0e008f8e0018030109021b0001000000000904080001030000000905", @ANYBLOB="8fcf", @ANYRES64=r0], 0x0) syz_usb_control_io$cdc_ecm(r1, 0x0, 0x0) r2 = dup(r0) write$UHID_INPUT(r2, &(0x7f0000002080)={0xf, {"a2e3ad21e08eeb661b5d350987f70e06d038e7ff7fc6e5539b0d650e8b089b3f313b6c090890e0878f0e1ac6e7049b3b46959b649a240d5b67f3988f7ef319520100ffe8d178708c523c921b1b5b31070d07410936cd3b78130daa61d8e8040000005802b77f07227227b7ba67e0e78657a6f5c2a874e62a9ccdc0d31a0c9f318c0da1993bd160e233df4a62179c6f30e065cd5b91cd0ae193973735b36d5b1b63dd1c00305d3f46635eb016d5b1dda98e2d749be7bd1df1fb3b231fdcdb5075a9aaa1b469c3090000000000000075271b286329d169934288fd789aa37d6e98b224fd44b65b31334ffc55cc82cd3ac32ecdb08ced6f9081b4dd0d8b38f3cd4498bee800490841bdb114f6b76383709d8f5c554336909fda039aec54a1236e80f6a8abadea7662496bddbb42be6bfb2f17959d1f416e56c71b1931870262f5e801119242ca026bfc821e7e7daf2451138e645bb80c617669314e2fbe70de98ec76a9e40dad47f36fd9f7d0d42a4b5f1185ccdcf16ff46295d8a0fa17713c5802630933a9a34af674f3f39fe23491237c08822dec110911e893d0a8c4f6777478bc360934b82910ff85bfd995083bba2987a67399eac427d145d546a40b9f6ff14ac488ec130fb3850a27af9544ae15ffffffffffffffff1243513f000000000000000a3621c56cea8d20fa911a0c41db6ebe8cac64f17679141d54b34bbc9963ac4f4bb3309603f1d4ab966203861b5b15a841f2b575a8bd0d78248ebe4d9a80002695104f674c2431dca141fae269cab70e9a66f3c3a9a63e9639e1f59c0ede26c6b5d74b078a5e15c31634e5ae098ce9ee70771aaa18119a867e14ffd9f9db2a7869d85864056526f889af43a6056080572286522449df466c632b3570243f989cce7cd9f465e41e610c20d80421d653a5520000008213b704c7fb082ff27590678ef9f190bae97909507041d860420c5664b27921b14dc1db8892fd32d0ad7bc946813591ad8deff4b05f60cea0da7710ac0000000000008000bea37ce0d0d4aa202f928f28381aab144a5dc29a04a6a2b83c7068ae949ed06e288e810bac9c76600025e19c907f6435f7590000008271a1f5f8528f227e79c1389dbdfffe492f21579d2c15b8c70cdb1c332d86d87341432750861ec2bc3451edca194b221cfec4603d276bbaa1dfa6d4fb8a48a76eafc9a9a0270e4c10d64cd5a62427264f2377fe763c43470833ac96c45f357cbbaba8f1b1fdcc7cbb61a7cdb9744ed7f9129aede2be21ccfdc4e9134f8684b3a4f354da9a795e96334e207dff70f1988037b2ed3aaf575c0b88d8f146684078416d59fdee5325928974d12dad99dac44c3f0008047096a44002bebc2420aed92fa9b6578b4779415d4ac01b75d5495c118045651cf41c2fc48b778efa5ea5677747430af4162b987b80c3e001cd34e5c92f76cc4c24eeb8bc4e9ac2aed9a53803ed0ca4ae3a9737d214060005ea6f1783e287b3bee96e3a726eafe2fdfaa78d1f48c13b64df07847754b8400daaa69bf5c8f4350aeae9ca1207e78283cd0b20ceb360c7e658828163e2d25c4aa348561f927e88f63aa70e73a5e69b3df3495903f06572e1e007fa55a2999f596d067312f5779e8dbfdcf3427138f3d444d2639a10477f9bec4b0bbb6e3c04be68981f392203dd0ee3ef478e16dacfc5e3e03cf7ab8e3902f1b0ff034ef655b253ca509383815b1b6fc6522d4e4fdc11a48cf42d48604675fde2b94cf00500a2690891abf8ab9c015073014d9e08d4338b8780bdecd436cf0541359bafffa45237f104b96210403b2de9efed496f423500c7872c827467cfa5c4e72730d56bd068ed211cf847535edecb7b373f78b095b68441a34cb51682a8ae4d24ad0465f3927f889b813076a882e8020f06c4c2ba1dd5cac7c18876da865d258734dd73583df292892448039ef799cf0630becdcce04579b5561dc825ab829827945e020c1f67ee615feb6243378e0610060f02da93aec92a5de203717aa49c2d284acfabe262fccfcbb2b75a2183c46eb65ca8104e1b4da7fbb77ab2fc043aead87c32ab875ee7c2e7b7019c982cd3b43eaeb1a5fb135c0c7dcee8fe6516a328032f88c042891824659e9e94265c803b35ee5f83a2b210520106b8a358b50ab7a1fa89af9c251fe5294b3d1802d5676d95f160ec97b1ad94872cb2044642c37b4a6cc6c04effc1672db7e4b68d787d9a7a508ae54b3cd7369dde50e8c77d95a3d361c040babb171607caac2a3559ad4f75465f49c0d0ae3716db6e00cb11db4a5fade2a57c10238e204a67737c3b42aae501b20f7694a00f16e2d0174035a2c22656dc29880acebdbe8ddbd75c2f998d8ac2dfad2ba3a504767b6b45a45957f24d758ed024b3849c11d412a2a03b4047497022d9c30e23ef4df5c89644f48bb536f7945b59d7bcddff754413d135273ea8e75f22f216c6b9990ae71806f2c00b4025c48b75c0f73cdb9a7b8fa367b50028067e7f16f4dd569d462f4f19eacdb3ed70eeebb4e8b40427db6fe29068c0ca3d2414442e8f3a154704b0e51bc664a137b26be719f4f7c9a5678a674dfc95df80b9ce375dd649c8c704e509bd88c8e63d8c7dd67071115c8982ba46af4d6adcc9f68a75b9397b035153faf46366e7205dd8d6f37525c1a0e94610dd94323f6c15d085197149bfd6655548cfd9c52c9711937f79abb1a124f1210465483cd3b2d78378cfb85ed82e7da0f6eb6d279f2ae455925d0f6f1ba571eba281f2a654fb39ddff3b484439ff158e7c5419e037f3e3ad038f2211f1033195563c7f93cd54b9094f226e783271e1e5a2a2c10712eab625d64931cd4ffe6738d97b9b5ef828ee9fb059fc01af0e79c1e14b1d25988c69a399567c1d93768f7971d31488b8658a20878b7c1dd7ba02fc42939dde3d4a3339a65d507dc59c51097b40517705da56e9ebf0afa53282bf86dbb58c548069ff6eb95aade7cc66d7bbef724779ca1f731b3346ff177050373d79ff7b3e7f9bc0c1b4b266a8878b90baaa039d3e3b63979ac3df6e6f4859afd50238c7547a39b60810938044ae185d2ba3e00a4e73676864ae090d0300000000000000b378dd4dd891e937c2ea5410e0513005000000000000003911fab964c271550027697b52160687461602f88df165d884b36ec2b6c25a2f33c715687e9d4afb96d6861aca47da73d6f3144345f48843dd014e5c5ad8fe995754bd9cf32fce1e31919c4b2082fb0a30b9deae84bed4b28045634073c9c58c89d9e99c81769177c6d594f88a4facfd4c735a20307c737afa2d60399473296b831dbd933d93994ba3064279b10ea0c5833f41f157ea2302993dbe433b1aa3a3766d5439020484f4113c4c859465c3b415c3432f81db8719539d5bf372aaaea1cc43a6c5cbe59758bfee2916580dac4b008e595f437491d87abed02cefcd9db53d94d02daee67918e5d678746383074c6bc1050000002f7809959bc048850613d17ca51055f2f416a44fe180d2d50c312cca7cb14a2bdc331f57a9817139a206fc76957227ffff2de20a4b8e3737fbb42913777c06376f799eba367e21f94ca598705f5dcb767d6f0900d6b0f6095e53c4c4234d0c1fbe434f6ab8f43c0013ee93b83946ee7759e89d7bdd1a32d7b311711b757fe43c06d21a35810d8fe98b27faea8aa12bc8716eefc5c97c45ac33eeec964c5214bc3a9359bdea1cccab94f15e36319cb34ebcacedb82c2ed3de5a8a8f0011e8f74e82d7f96093530e76692839d7961939adfdeeeaff19d11efcafb6d546fef271e89d6cc2389e81ff58cefcce3fbf4625a7e7de40e42e07b3c7340002000000000000f288a4510de03dab19d26285eda89156d50dd385a60333ba5bbf5d77cd7007ad1519ad5470de3dd6d6080cafccf8a97406bb6b68a1f0c4549820a73c880f475f732ae00398e8bd1f4108b7807fb33b72685ec37a2d3f766413a60459516246e5a1d998a2017aef0948a68cf255315ab80dd349e891aef595dc4d470e8ac32a308e15fc37d06aeac289c0523f483e1ff7408c6087f1ab652f2ef91d4f2b01987b0f46da034e5c3f745a7ee8101a3934c54e24b48ec0275e2d0687dc746b0827cbf652f406c6b95f2722e58c05f752ce2126596e1cd7655b904801784c416b22f73d324678e2724f43f1fe687c7e8a60c28b82b6528341b648cdd56fed7cdcbb1575912d5ecd36dea3bca0b7427d8392c6289455e8f8d2ab2242729251ae033a9e02210e62df0546a74b333a1c48f95fd54acb5741259e8c5488efeee327415cc19451432c6f14c27693102a3cd84857cd6586fc5ca9a93eb0145fac0662ff86107f998a8ef7df8aa14046c55b03d3d47f88a8d60f7774a2ee08758897fb411a94b3c2fc5d5f0da42c0456ec015f08e5247d33ae2d35603ff8454c16f8342856935125102bb784ed7148b6ce431b63ee356b0c785f2f47b90e29389f22fc5b59a70efaea2bd40195af4486220d702e30bfc43c10ec23ea6283994a7dde4dcb61fea6b651fb1d62458d0741a12830052fcc460db043afe525629b40d7cee458e4cb5e930ed624806c43a006e39336d07c2b8081c128ad2706f48261f7897484c297a1a6613bc18f5a38d442768af38041efe03d152ef95ff569e76db2391f4509d7f339d92fdb4a89364949da398000000000000000d80a4fe654578376e599aff3565b1d531f30912b9945030b81ea9935fd46edb44a78f615255490a4b621501f2a9e4d24624c4dac9274118c67584f5d374755534d7f68f679c4ff516a9cc8036cbd65868fcb2bf1cb9aea4e05df72279fdb0d2b9e935c5af3cf474bed79dfc248c1f5aea4b8b32c5d295e57079d0fe662a46b7f71cd47744db86c50b704c971d90295c7b2c7439a2d78ccfa79b5fc2bff6bbf840262bf89394b3e0691953264d2700c838fa2c7b3425260f59554e502dcea39cb313b0000000000004ca7c12f45858d6284ca6270d6b2f0e58fded8a7b4a302a97bc641df07720ba2b26bbfcc807ca0abb1b44322269c21c5ec68cb068ea88067d905ea917bb03eefdaebdeabf2d0dce80997c915c8949de992587c2cb5fe36d7d3e5db21b094b8b77940b5f07722e47a08d367e5f84c96ec664b72934b99b3109af65d77e86abd6859cddf4bbae1f0930462df15fddbc48562ea3511a8065ef028cf12f14dcf6ebecd8d884836174faf1aa609e5f1ee1162dfa13bdc1fa7cfaadba85c72e9758f03a755d0be53f8d2a1dfb1c68cc164b0a0780d971a96ea2c4d4ca0398c2235980a9307b3d5bd3b01faffd0a5dbed2881a9700af561ac8c6b00000000000000f96f06817fb903729a7db6ff957697c9ede7885d94ffb0969be0daf60af93109eb1dee72e4363f51af62af6fb2a6df3bec89822a7a0b678058fa3fef86faec216eb6992162f8dcbf719c148cd2f9c55f4901203a9a8a2c3e90f3943dbc10360a1a49700d1dfbf66d69f6fbaf506c8bcce8bb0d872a02238926407a4eddd5d0fc5a752f90000000000000000000000000000020000000000000000000000000000000000000000000000000000000000000000000000000000400", 0x1000}}, 0x1006) 747.735925ms ago: executing program 1 (id=1059): r0 = syz_usb_connect$hid(0x5, 0x36, &(0x7f0000000200)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x40, 0x4f2, 0x1421, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x2, 0x3, 0x0, 0x2, 0x0, {0x9, 0x21, 0x0, 0x0, 0x1, {0x22, 0x5}}, {{{0x9, 0x5, 0x81, 0x3, 0x0, 0x0, 0xfc}}}}}]}}]}}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000040)={0x24, 0x0, 0x0, &(0x7f0000000000)={0x0, 0x22, 0x5, {[@main=@item_4={0x3, 0x0, 0x8, "9da18211"}]}}, 0x0}, 0x0) 470.14966ms ago: executing program 0 (id=1060): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000300)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000b703000000000000850000001b000000b70000000000000095", @ANYRESDEC, @ANYRESDEC, @ANYBLOB="c02d61428d741a1fefaa2af03ba033083f3af5c9400e622fdd861e2039a3b77458f1e7a1509bedb59041cc"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xa4}, 0x1, 0x0, 0x0, 0x24000154}, 0x20000050) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000002c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a20000000000a01080000000000000000010000090900010073797a3100000000d0000000030a030000000000000000000100000a0900010073797a31000000000900030073797a3000000000a40003"], 0x118}, 0x1, 0x0, 0x0, 0x24000144}, 0x20000050) mprotect(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x1) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_GET(r0, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x2400c000}, 0x20008800) 304.86604ms ago: executing program 0 (id=1061): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) close_range(r0, 0xffffffffffffffff, 0x0) 219.851255ms ago: executing program 3 (id=1062): r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f0000000300), 0x2) ioctl$UDMABUF_CREATE_LIST(r0, 0x40087543, &(0x7f0000000080)={0x1, 0x1, [{0xffffffffffffffff, 0x0, 0x1000000, 0x8dfce6e03c88a067}]}) 196.773224ms ago: executing program 0 (id=1063): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000000040)={0x2, 0x4e20, @empty}, 0x10) setsockopt$inet_int(r0, 0x0, 0x7, &(0x7f0000000080)=0x7, 0x4) syz_emit_ethernet(0x2a, &(0x7f00000000c0)={@local, @random="fad1e0480100", @void, {@ipv4={0x800, @udp={{0x5, 0x4, 0x0, 0x0, 0x1c, 0x0, 0x0, 0x0, 0x11, 0x0, @empty, @empty}, {0x0, 0x4e20, 0x8}}}}}, 0x0) setsockopt$inet_int(r0, 0x0, 0x17, &(0x7f0000000000)=0x3f7, 0x4) recvmmsg(r0, &(0x7f00000036c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x2, 0x0) 0s ago: executing program 3 (id=1064): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) ioctl$SG_SET_DEBUG(0xffffffffffffffff, 0x227e, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb, 0x13, r1, 0x2000) r2 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x400, 0x0, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f0000000240)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r3, r4, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, &(0x7f0000000600)=[{&(0x7f0000001800)=""/216, 0xfffffe62}], 0x1}) io_uring_enter(r2, 0x847ba, 0x0, 0xe, 0x0, 0x0) kernel console output (not intermixed with test programs): 7987] RSP: 002b:00007fe5ec5ee038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 268.470443][ T7987] RAX: ffffffffffffffda RBX: 00007fe5eb9b5fa0 RCX: 00007fe5eb78ebe9 [ 268.470458][ T7987] RDX: 0000000000008080 RSI: 00002000000001c0 RDI: 0000000000000003 [ 268.470472][ T7987] RBP: 00007fe5ec5ee090 R08: 0000000000000000 R09: 0000000000000000 [ 268.470483][ T7987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 268.470492][ T7987] R13: 00007fe5eb9b6038 R14: 00007fe5eb9b5fa0 R15: 00007fe5ebadfa28 [ 268.470518][ T7987] [ 269.307791][ T848] usb 4-1: USB disconnect, device number 19 [ 269.870452][ T8008] atomic_op ffff88807e6c6198 conn xmit_atomic 0000000000000000 [ 270.479611][ T8026] netlink: 72 bytes leftover after parsing attributes in process `syz.2.540'. [ 270.902185][ T8036] FAULT_INJECTION: forcing a failure. [ 270.902185][ T8036] name failslab, interval 1, probability 0, space 0, times 0 [ 270.952441][ T8036] CPU: 0 UID: 0 PID: 8036 Comm: syz.2.542 Not tainted syzkaller #0 PREEMPT(full) [ 270.952470][ T8036] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 270.952482][ T8036] Call Trace: [ 270.952491][ T8036] [ 270.952500][ T8036] dump_stack_lvl+0x189/0x250 [ 270.952528][ T8036] ? __pfx____ratelimit+0x10/0x10 [ 270.952556][ T8036] ? __pfx_dump_stack_lvl+0x10/0x10 [ 270.952588][ T8036] ? __pfx__printk+0x10/0x10 [ 270.952622][ T8036] ? __ip_vs_conn_in_get+0xa3e/0xaa0 [ 270.952651][ T8036] should_fail_ex+0x414/0x560 [ 270.952681][ T8036] should_failslab+0xa8/0x100 [ 270.952712][ T8036] kmem_cache_alloc_noprof+0x73/0x3c0 [ 270.952739][ T8036] ? skb_clone+0x212/0x3a0 [ 270.952767][ T8036] skb_clone+0x212/0x3a0 [ 270.952787][ T8036] ? __skb_tstamp_tx+0x519/0xee0 [ 270.952818][ T8036] __skb_tstamp_tx+0x526/0xee0 [ 270.952857][ T8036] __dev_queue_xmit+0x1fed/0x3b50 [ 270.952889][ T8036] ? __pfx_udp_conn_schedule+0x10/0x10 [ 270.952928][ T8036] ? ip_vs_in_hook+0xc09/0x1be0 [ 270.952953][ T8036] ? ip_vs_in_hook+0x15b6/0x1be0 [ 270.952983][ T8036] ? __pfx___dev_queue_xmit+0x10/0x10 [ 270.953012][ T8036] ? ip_vs_out_hook+0x9b5/0xef0 [ 270.953038][ T8036] ? __pfx_ip_vs_in_hook+0x10/0x10 [ 270.953071][ T8036] ? __lock_acquire+0xab9/0xd20 [ 270.953112][ T8036] ? ip_output+0x2a1/0x3c0 [ 270.953140][ T8036] ? ip_finish_output2+0xae7/0x1160 [ 270.953171][ T8036] ip_finish_output2+0xd03/0x1160 [ 270.953205][ T8036] ? ip_finish_output2+0x452/0x1160 [ 270.953232][ T8036] ? __pfx_ip_finish_output2+0x10/0x10 [ 270.953254][ T8036] ? ip_skb_dst_mtu+0x1a5/0xab0 [ 270.953275][ T8036] ? ip_skb_dst_mtu+0x866/0xab0 [ 270.953301][ T8036] ? ip_finish_output+0x33a/0x3f0 [ 270.953326][ T8036] ip_output+0x2a1/0x3c0 [ 270.953348][ T8036] ? ip_output+0x60/0x3c0 [ 270.953372][ T8036] ip_send_skb+0x74/0x100 [ 270.953397][ T8036] udp_send_skb+0xaf1/0x14c0 [ 270.953446][ T8036] udp_sendmsg+0x195a/0x2170 [ 270.953487][ T8036] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 270.953513][ T8036] ? __pfx_udp_sendmsg+0x10/0x10 [ 270.953582][ T8036] ? __local_bh_enable_ip+0x12d/0x1c0 [ 270.953614][ T8036] ? inet_sendmsg+0x14f/0x370 [ 270.953641][ T8036] ? inet_sendmsg+0x29c/0x370 [ 270.953671][ T8036] __sock_sendmsg+0x19c/0x270 [ 270.953699][ T8036] ____sys_sendmsg+0x52d/0x830 [ 270.953729][ T8036] ? __pfx_____sys_sendmsg+0x10/0x10 [ 270.953759][ T8036] ? import_iovec+0x74/0xa0 [ 270.953788][ T8036] ___sys_sendmsg+0x21f/0x2a0 [ 270.953813][ T8036] ? __pfx____sys_sendmsg+0x10/0x10 [ 270.953875][ T8036] ? __fget_files+0x2a/0x420 [ 270.953905][ T8036] ? __fget_files+0x3a0/0x420 [ 270.953948][ T8036] __sys_sendmmsg+0x227/0x430 [ 270.953975][ T8036] ? __pfx___sys_sendmmsg+0x10/0x10 [ 270.953994][ T8036] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 270.954051][ T8036] ? ksys_write+0x22a/0x250 [ 270.954081][ T8036] ? __pfx_ksys_write+0x10/0x10 [ 270.954104][ T8036] ? rcu_is_watching+0x15/0xb0 [ 270.954134][ T8036] __x64_sys_sendmmsg+0xa0/0xc0 [ 270.954158][ T8036] do_syscall_64+0xfa/0x3b0 [ 270.954184][ T8036] ? lockdep_hardirqs_on+0x9c/0x150 [ 270.954211][ T8036] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.954231][ T8036] ? clear_bhb_loop+0x60/0xb0 [ 270.954256][ T8036] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 270.954275][ T8036] RIP: 0033:0x7fb53838ebe9 [ 270.954304][ T8036] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 270.954321][ T8036] RSP: 002b:00007fb5392c0038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 270.954344][ T8036] RAX: ffffffffffffffda RBX: 00007fb5385b5fa0 RCX: 00007fb53838ebe9 [ 270.954358][ T8036] RDX: 0000000000000001 RSI: 0000200000003240 RDI: 0000000000000003 [ 270.954371][ T8036] RBP: 00007fb5392c0090 R08: 0000000000000000 R09: 0000000000000000 [ 270.954384][ T8036] R10: 0000000004000800 R11: 0000000000000246 R12: 0000000000000001 [ 270.954396][ T8036] R13: 00007fb5385b6038 R14: 00007fb5385b5fa0 R15: 00007fb5386dfa28 [ 270.954431][ T8036] [ 270.969395][ T8030] bridge3: entered promiscuous mode [ 271.706024][ T8040] syzkaller0: entered promiscuous mode [ 271.732016][ T8040] syzkaller0: entered allmulticast mode [ 273.608426][ T8066] netlink: 'syz.1.551': attribute type 12 has an invalid length. [ 273.646517][ T8063] netlink: 23 bytes leftover after parsing attributes in process `syz.0.550'. [ 273.799398][ T8066] netlink: 12 bytes leftover after parsing attributes in process `syz.1.551'. [ 273.869299][ T8066] netlink: 8 bytes leftover after parsing attributes in process `syz.1.551'. [ 274.579315][ T8079] gre0: entered allmulticast mode [ 275.405944][ T8089] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1485552263 (190150689664 ns) > initial count (51627284480 ns). Using initial count to start timer. [ 275.454341][ T8089] netdevsim netdevsim3 netdevsim0: entered allmulticast mode [ 275.468432][ T8089] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 275.619169][ T5183] Bluetooth: hci4: command 0x0c1a tx timeout [ 276.523380][ T8103] netlink: 4 bytes leftover after parsing attributes in process `syz.3.563'. [ 276.990640][ T8113] bridge2: entered promiscuous mode [ 279.270132][ T8134] netlink: 'syz.2.569': attribute type 33 has an invalid length. [ 279.278107][ T8134] netlink: 152 bytes leftover after parsing attributes in process `syz.2.569'. [ 279.298220][ T8134] `: renamed from team0 (while UP) [ 279.550696][ T8135] bridge4: entered promiscuous mode [ 280.762583][ T8152] random: crng reseeded on system resumption [ 280.912452][ T8153] trusted_key: encrypted_key: master key parameter 'ç5;%Âi©¤' is invalid [ 281.580392][ T8159] netlink: 4 bytes leftover after parsing attributes in process `syz.3.575'. [ 281.690927][ T8162] netlink: 12 bytes leftover after parsing attributes in process `syz.3.575'. [ 282.068689][ T848] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 282.221187][ T848] usb 4-1: Using ep0 maxpacket: 32 [ 282.233983][ T848] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 282.243411][ T848] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 282.254550][ T848] usb 4-1: Product: п [ 282.258887][ T848] usb 4-1: Manufacturer: Э [ 282.263388][ T848] usb 4-1: SerialNumber: Ъ [ 282.562692][ T8162] netlink: 24 bytes leftover after parsing attributes in process `syz.3.575'. [ 282.589105][ T8162] netlink: 4 bytes leftover after parsing attributes in process `syz.3.575'. [ 283.898783][ T24] usb 1-1: new high-speed USB device number 22 using dummy_hcd [ 284.103907][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 284.138299][ T24] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 284.166582][ T24] usb 1-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 284.196404][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 284.239523][ T24] usb 1-1: config 0 descriptor?? [ 284.286645][ T8183] netlink: 4 bytes leftover after parsing attributes in process `syz.2.584'. [ 284.692423][ T848] cdc_ncm 4-1:1.0: bind() failure [ 284.719545][ T848] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 284.726551][ T848] cdc_ncm 4-1:1.1: bind() failure [ 284.754794][ T848] usb 4-1: USB disconnect, device number 20 [ 285.276045][ T8190] block nbd0: Attempted send on invalid socket [ 285.283282][ T8190] I/O error, dev nbd0, sector 0 op 0x0:(READ) flags 0x800 phys_seg 1 prio class 2 [ 285.510322][ T8201] bridge_slave_0: left allmulticast mode [ 285.516085][ T8201] bridge_slave_0: left promiscuous mode [ 285.522308][ T8201] bridge0: port 1(bridge_slave_0) entered disabled state [ 285.731752][ T8201] bridge_slave_1: left allmulticast mode [ 285.737653][ T8201] bridge_slave_1: left promiscuous mode [ 285.743827][ T8201] bridge0: port 2(bridge_slave_1) entered disabled state [ 285.839798][ T8201] bond0: (slave bond_slave_0): Releasing backup interface [ 286.050309][ T8201] bond0: (slave bond_slave_1): Releasing backup interface [ 286.439248][ T8213] random: crng reseeded on system resumption [ 286.468689][ T8201] `: Port device team_slave_0 removed [ 286.478461][ T24] usbhid 1-1:0.0: can't add hid device: -71 [ 286.484443][ T24] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 286.637768][ T8201] `: Port device team_slave_1 removed [ 286.681767][ T8216] netlink: 144 bytes leftover after parsing attributes in process `syz.4.593'. [ 286.711357][ T8201] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 286.723663][ T8201] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 286.736276][ T8201] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 286.748630][ T24] usb 1-1: USB disconnect, device number 22 [ 286.750445][ T8201] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 286.951082][ T8212] syzkaller0: entered promiscuous mode [ 286.956583][ T8212] syzkaller0: entered allmulticast mode [ 287.006991][ T8218] netlink: 48 bytes leftover after parsing attributes in process `syz.4.593'. [ 287.534250][ T8231] netlink: 4 bytes leftover after parsing attributes in process `syz.2.596'. [ 287.623104][ T8229] bridge_slave_0: left allmulticast mode [ 287.631484][ T8229] bridge_slave_0: left promiscuous mode [ 287.639996][ T8229] bridge0: port 1(bridge_slave_0) entered disabled state [ 287.656743][ T8235] netlink: 12 bytes leftover after parsing attributes in process `syz.2.596'. [ 287.753901][ T8229] bridge_slave_1: left allmulticast mode [ 287.760247][ T8229] bridge_slave_1: left promiscuous mode [ 287.766807][ T8229] bridge0: port 2(bridge_slave_1) entered disabled state [ 287.785703][ T8229] bond0: (slave bond_slave_0): Releasing backup interface [ 287.801820][ T8229] bond0: (slave bond_slave_1): Releasing backup interface [ 287.830895][ T8229] team0: Port device team_slave_0 removed [ 287.853456][ T8229] team0: Port device team_slave_1 removed [ 287.863969][ T8229] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 287.871675][ T8229] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 287.882456][ T8229] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 287.898280][ T8229] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 288.388399][ T5855] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 288.628649][ T5855] usb 3-1: Using ep0 maxpacket: 32 [ 288.658948][ T5855] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 288.672246][ T5855] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 288.702902][ T5855] usb 3-1: Product: п [ 288.710074][ T5855] usb 3-1: Manufacturer: Э [ 288.725957][ T5855] usb 3-1: SerialNumber: Ъ [ 288.976541][ T8235] netlink: 24 bytes leftover after parsing attributes in process `syz.2.596'. [ 289.037225][ T8235] netlink: 4 bytes leftover after parsing attributes in process `syz.2.596'. [ 289.302910][ T8252] netlink: 'syz.3.601': attribute type 33 has an invalid length. [ 289.313644][ T8250] tipc: Enabled bearer , priority 0 [ 289.322860][ T8250] syzkaller0: entered promiscuous mode [ 289.331318][ T8250] syzkaller0: entered allmulticast mode [ 289.347542][ T8252] netlink: 152 bytes leftover after parsing attributes in process `syz.3.601'. [ 289.378926][ T8252] `: renamed from team0 (while UP) [ 289.429692][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 289.429712][ T30] audit: type=1326 audit(1755884776.515:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8249 comm="syz.4.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 289.492430][ T8249] tipc: Resetting bearer [ 289.594658][ T8249] tipc: Disabling bearer [ 289.625808][ T30] audit: type=1326 audit(1755884776.535:20): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8249 comm="syz.4.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 289.757864][ T30] audit: type=1326 audit(1755884776.545:21): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8249 comm="syz.4.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 289.816699][ T30] audit: type=1326 audit(1755884776.545:22): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8249 comm="syz.4.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 290.286294][ T30] audit: type=1326 audit(1755884776.545:23): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8249 comm="syz.4.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 290.313203][ T30] audit: type=1326 audit(1755884776.545:24): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8249 comm="syz.4.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 290.353088][ T30] audit: type=1326 audit(1755884776.545:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8249 comm="syz.4.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 290.403194][ T30] audit: type=1326 audit(1755884776.545:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8249 comm="syz.4.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 290.456572][ T5855] cdc_ncm 3-1:1.0: bind() failure [ 290.579262][ T5855] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 290.588327][ T30] audit: type=1326 audit(1755884776.545:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8249 comm="syz.4.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 290.632331][ T8263] netlink: 8 bytes leftover after parsing attributes in process `syz.2.604'. [ 290.634690][ T5855] cdc_ncm 3-1:1.1: bind() failure [ 290.685532][ T5855] usb 3-1: USB disconnect, device number 18 [ 290.692392][ T30] audit: type=1326 audit(1755884776.545:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8249 comm="syz.4.600" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 290.858334][ T24] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 290.938034][ T8265] netlink: 144 bytes leftover after parsing attributes in process `syz.1.605'. [ 291.033529][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 291.061066][ T24] usb 5-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 291.088708][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 291.103126][ T8267] syzkaller0: entered promiscuous mode [ 291.118676][ T8267] syzkaller0: entered allmulticast mode [ 291.147819][ T24] usb 5-1: config 0 descriptor?? [ 291.449304][ T24] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 291.479703][ T24] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 291.559341][ T24] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 291.618376][ T24] usb 5-1: media controller created [ 291.732620][ T8262] 8021q: VLANs not supported on caif0 [ 291.791719][ T24] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 291.908200][ T8284] random: crng reseeded on system resumption [ 292.054386][ T24] az6027: usb out operation failed. (-71) [ 292.127355][ T24] az6027: usb out operation failed. (-71) [ 292.147269][ T24] stb0899_attach: Driver disabled by Kconfig [ 292.167532][ T24] az6027: no front-end attached [ 292.167532][ T24] [ 292.187822][ T24] az6027: usb out operation failed. (-71) [ 292.201763][ T24] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 292.237091][ T24] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.4/usb5/5-1/input/input12 [ 292.311541][ T24] dvb-usb: schedule remote query interval to 400 msecs. [ 292.328874][ T24] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 292.404249][ T24] usb 5-1: USB disconnect, device number 19 [ 292.462356][ T24] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 293.018935][ T8294] tipc: Enabled bearer , priority 0 [ 293.041104][ T8294] syzkaller0: entered promiscuous mode [ 293.063750][ T8294] syzkaller0: entered allmulticast mode [ 293.180221][ T8293] tipc: Resetting bearer [ 293.352398][ T8293] tipc: Disabling bearer [ 293.520904][ T8301] netlink: 8 bytes leftover after parsing attributes in process `syz.3.616'. [ 293.695252][ T8308] netlink: 144 bytes leftover after parsing attributes in process `syz.0.618'. [ 294.127332][ T8321] bridge2: entered promiscuous mode [ 296.613431][ T8347] tipc: Enabled bearer , priority 0 [ 296.743811][ T8352] random: crng reseeded on system resumption [ 296.770301][ T8349] syzkaller0: entered promiscuous mode [ 296.776604][ T8349] syzkaller0: entered allmulticast mode [ 296.814826][ T8347] tipc: Resetting bearer [ 296.834345][ T30] kauditd_printk_skb: 25 callbacks suppressed [ 296.834364][ T30] audit: type=1326 audit(1755884783.915:54): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 296.872868][ T8345] tipc: Resetting bearer [ 296.896216][ T8345] tipc: Disabling bearer [ 296.912362][ T30] audit: type=1326 audit(1755884783.955:55): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 297.028434][ T30] audit: type=1326 audit(1755884783.955:56): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 297.058963][ T30] audit: type=1326 audit(1755884783.955:57): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 297.081746][ T30] audit: type=1326 audit(1755884783.955:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 297.300619][ T30] audit: type=1326 audit(1755884783.955:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 297.410139][ T30] audit: type=1326 audit(1755884783.955:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 297.454532][ T30] audit: type=1326 audit(1755884783.955:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 297.543839][ T30] audit: type=1326 audit(1755884783.955:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 297.643431][ T30] audit: type=1326 audit(1755884783.955:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8345 comm="syz.3.627" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 297.955066][ T8360] netlink: 28 bytes leftover after parsing attributes in process `syz.1.629'. [ 298.172479][ T8362] netlink: 28 bytes leftover after parsing attributes in process `syz.1.629'. [ 298.414816][ T8366] netlink: 8 bytes leftover after parsing attributes in process `syz.3.630'. [ 298.852162][ T8372] syzkaller0: entered promiscuous mode [ 298.865530][ T8372] syzkaller0: entered allmulticast mode [ 299.495007][ T8387] tipc: Enabled bearer , priority 0 [ 299.667470][ T8391] syzkaller0: entered promiscuous mode [ 299.750992][ T8391] syzkaller0: entered allmulticast mode [ 299.796375][ T8387] tipc: Resetting bearer [ 299.826027][ T8386] tipc: Resetting bearer [ 299.914921][ T8386] tipc: Disabling bearer [ 300.440910][ T959] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 300.628810][ T959] usb 3-1: Using ep0 maxpacket: 32 [ 300.640256][ T959] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 300.668404][ T959] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 300.681694][ T959] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 300.698418][ T959] usb 3-1: config 1 has no interface number 0 [ 300.713614][ T959] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 300.758317][ T959] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 300.879764][ T959] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 300.908898][ T959] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 300.944840][ T959] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 301.307243][ T8407] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 302.256556][ T8414] Invalid logical block size (34) [ 304.935422][ T8429] netlink: 144 bytes leftover after parsing attributes in process `syz.3.647'. [ 305.525918][ T8436] netlink: 4 bytes leftover after parsing attributes in process `syz.3.649'. [ 305.605514][ T959] snd_usb_pod 3-1:1.1: set_interface failed [ 305.611982][ T959] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 305.638416][ T959] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 305.677142][ T959] usb 3-1: USB disconnect, device number 19 [ 306.388465][ T959] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 306.579697][ T959] usb 3-1: config 0 has no interfaces? [ 306.592868][ T959] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 306.623416][ T959] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 306.655195][ T959] usb 3-1: Product: syz [ 306.691825][ T959] usb 3-1: Manufacturer: syz [ 306.787315][ T959] usb 3-1: SerialNumber: syz [ 306.829935][ T959] usb 3-1: config 0 descriptor?? [ 307.416593][ T8467] netlink: 144 bytes leftover after parsing attributes in process `syz.4.659'. [ 307.772136][ T8471] netlink: 12 bytes leftover after parsing attributes in process `syz.4.661'. [ 308.026956][ T8474] netlink: 12 bytes leftover after parsing attributes in process `syz.0.662'. [ 308.078477][ T8474] 8021q: adding VLAN 0 to HW filter on device bond1 [ 308.103824][ T8475] macvlan2: entered promiscuous mode [ 308.110810][ T8475] macvlan2: entered allmulticast mode [ 308.117209][ T8475] bond1: (slave macvlan2): Opening slave failed [ 308.198383][ T24] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 308.349433][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 308.363564][ T24] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 308.373814][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.382381][ T24] usb 5-1: Product: п [ 308.386752][ T24] usb 5-1: Manufacturer: Э [ 308.392010][ T24] usb 5-1: SerialNumber: Ъ [ 308.412333][ T8480] netlink: 4 bytes leftover after parsing attributes in process `syz.3.663'. [ 308.615538][ T8472] netlink: 24 bytes leftover after parsing attributes in process `syz.4.661'. [ 308.625537][ T8472] netlink: 4 bytes leftover after parsing attributes in process `syz.4.661'. [ 309.206429][ T5950] usb 3-1: USB disconnect, device number 20 [ 309.248603][ T5855] usb 1-1: new high-speed USB device number 23 using dummy_hcd [ 309.425653][ T5855] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 309.438922][ T5855] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 309.544466][ T5855] usb 1-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 309.544502][ T5855] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 309.560550][ T5855] usb 1-1: config 0 descriptor?? [ 309.578417][ T959] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 309.693842][ T8491] netlink: 'syz.2.666': attribute type 10 has an invalid length. [ 309.730823][ T959] usb 4-1: config 0 has no interfaces? [ 309.742782][ T959] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 309.800097][ T8496] use of bytesused == 0 is deprecated and will be removed in the future, [ 309.814938][ T8491] `: Failed to send port change of device netdevsim0 via netlink (err -105) [ 309.815106][ T8496] use the actual size instead. [ 309.834524][ T959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 309.859873][ T959] usb 4-1: Product: syz [ 309.868649][ T8491] `: Failed to send options change via netlink (err -105) [ 309.876419][ T8491] `: Port device netdevsim0 added [ 309.885855][ T959] usb 4-1: Manufacturer: syz [ 309.896875][ T959] usb 4-1: SerialNumber: syz [ 309.930743][ T959] usb 4-1: config 0 descriptor?? [ 310.347306][ T8500] netlink: 48 bytes leftover after parsing attributes in process `syz.2.670'. [ 310.761665][ T8505] fuse: Unknown parameter 'user_id00000000000000000000' [ 310.837236][ T24] cdc_ncm 5-1:1.0: bind() failure [ 310.866543][ T24] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 311.140608][ T24] cdc_ncm 5-1:1.1: bind() failure [ 311.396006][ T24] usb 5-1: USB disconnect, device number 20 [ 311.743755][ T5855] usbhid 1-1:0.0: can't add hid device: -71 [ 311.750954][ T5855] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 311.783038][ T5855] usb 1-1: USB disconnect, device number 23 [ 311.878288][ T24] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 311.958289][ T959] usb 3-1: new full-speed USB device number 21 using dummy_hcd [ 312.038494][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 312.046756][ T24] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 312.056444][ T24] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 312.075723][ T24] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 312.112952][ T24] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 81 [ 312.126155][ T959] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 27750, setting to 64 [ 312.137892][ T24] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 312.149707][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 312.159216][ T959] usb 3-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 312.170186][ T959] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 312.178499][ T959] usb 3-1: Product: syz [ 312.184394][ T959] usb 3-1: Manufacturer: syz [ 312.190204][ T24] usb 5-1: config 0 descriptor?? [ 312.203053][ T959] usb 3-1: SerialNumber: syz [ 312.222825][ T959] usb 3-1: config 0 descriptor?? [ 312.223552][ T8518] netlink: 4 bytes leftover after parsing attributes in process `syz.0.675'. [ 312.256040][ T5855] usb 4-1: USB disconnect, device number 21 [ 312.610087][ T8523] netlink: 44 bytes leftover after parsing attributes in process `syz.4.672'. [ 312.620047][ T8523] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 312.778389][ T5855] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 312.941633][ T5855] usb 4-1: config 0 has no interfaces? [ 312.951133][ T5855] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 312.966356][ T5855] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.006197][ T5855] usb 4-1: Product: syz [ 313.036270][ T5855] usb 4-1: Manufacturer: syz [ 313.051656][ T5855] usb 4-1: SerialNumber: syz [ 313.102731][ T5855] usb 4-1: config 0 descriptor?? [ 314.460972][ T5855] usb 3-1: USB disconnect, device number 21 [ 314.806565][ T5855] usb 5-1: USB disconnect, device number 21 [ 314.973521][ T8542] netlink: 12 bytes leftover after parsing attributes in process `syz.0.682'. [ 315.167834][ T8545] fuse: Unknown parameter 'user_id00000000000000000000' [ 315.318337][ T24] usb 1-1: new high-speed USB device number 24 using dummy_hcd [ 315.376809][ T959] usb 4-1: USB disconnect, device number 22 [ 315.477321][ T8550] tipc: Enabled bearer , priority 0 [ 315.539147][ T8555] syzkaller0: entered promiscuous mode [ 315.539974][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 315.551992][ T8555] syzkaller0: entered allmulticast mode [ 315.589228][ T8550] tipc: Resetting bearer [ 315.607697][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 315.607716][ T30] audit: type=1326 audit(1755884802.685:85): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.4.685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 315.636338][ C0] vkms_vblank_simulate: vblank timer overrun [ 315.667060][ T24] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 315.714707][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 315.733324][ T24] usb 1-1: Product: п [ 315.784889][ T8549] tipc: Resetting bearer [ 315.800628][ T24] usb 1-1: Manufacturer: Э [ 315.820388][ T24] usb 1-1: SerialNumber: Ъ [ 315.829130][ T30] audit: type=1326 audit(1755884802.745:86): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.4.685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 315.879605][ T30] audit: type=1326 audit(1755884802.815:87): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.4.685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 315.934426][ T8549] tipc: Disabling bearer [ 316.055234][ T30] audit: type=1326 audit(1755884802.815:88): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.4.685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 316.167825][ T30] audit: type=1326 audit(1755884802.815:89): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.4.685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 316.203625][ T8543] netlink: 24 bytes leftover after parsing attributes in process `syz.0.682'. [ 316.218975][ T8569] FAULT_INJECTION: forcing a failure. [ 316.218975][ T8569] name failslab, interval 1, probability 0, space 0, times 0 [ 316.233090][ T8543] netlink: 4 bytes leftover after parsing attributes in process `syz.0.682'. [ 316.260751][ T8569] CPU: 1 UID: 0 PID: 8569 Comm: syz.1.690 Not tainted syzkaller #0 PREEMPT(full) [ 316.260780][ T8569] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 316.260793][ T8569] Call Trace: [ 316.260803][ T8569] [ 316.260811][ T8569] dump_stack_lvl+0x189/0x250 [ 316.260849][ T8569] ? __pfx____ratelimit+0x10/0x10 [ 316.260879][ T8569] ? __pfx_dump_stack_lvl+0x10/0x10 [ 316.260904][ T8569] ? __pfx__printk+0x10/0x10 [ 316.260929][ T8569] ? genl_rcv+0x28/0x40 [ 316.260952][ T8569] ? ____sys_sendmsg+0x505/0x830 [ 316.260973][ T8569] ? __x64_sys_sendmsg+0x19b/0x260 [ 316.261007][ T8569] should_fail_ex+0x414/0x560 [ 316.261040][ T8569] should_failslab+0xa8/0x100 [ 316.261070][ T8569] kmem_cache_alloc_noprof+0x73/0x3c0 [ 316.261098][ T8569] ? skb_clone+0x212/0x3a0 [ 316.261127][ T8569] skb_clone+0x212/0x3a0 [ 316.261155][ T8569] __netlink_deliver_tap+0x404/0x850 [ 316.261201][ T8569] ? netlink_deliver_tap+0x2e/0x1b0 [ 316.261233][ T8569] netlink_deliver_tap+0x19c/0x1b0 [ 316.261265][ T8569] netlink_sendskb+0x68/0x140 [ 316.261295][ T8569] netlink_unicast+0x397/0x9e0 [ 316.261318][ T8569] ? __asan_memcpy+0x40/0x70 [ 316.261350][ T8569] ? __pfx_netlink_unicast+0x10/0x10 [ 316.261391][ T8569] netlink_rcv_skb+0x28c/0x470 [ 316.261417][ T8569] ? __lock_acquire+0xab9/0xd20 [ 316.261447][ T8569] ? __pfx_genl_rcv_msg+0x10/0x10 [ 316.261472][ T8569] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 316.261525][ T8569] ? down_read+0x1ad/0x2e0 [ 316.261549][ T8569] genl_rcv+0x28/0x40 [ 316.261579][ T8569] netlink_unicast+0x82f/0x9e0 [ 316.261618][ T8569] ? __pfx_netlink_unicast+0x10/0x10 [ 316.261648][ T8569] ? netlink_sendmsg+0x642/0xb30 [ 316.261675][ T8569] ? skb_put+0x11b/0x210 [ 316.261700][ T8569] netlink_sendmsg+0x805/0xb30 [ 316.261742][ T8569] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.261776][ T8569] ? aa_sock_msg_perm+0xf1/0x1d0 [ 316.261798][ T8569] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 316.261821][ T8569] ? __pfx_netlink_sendmsg+0x10/0x10 [ 316.261852][ T8569] __sock_sendmsg+0x21c/0x270 [ 316.261883][ T8569] ____sys_sendmsg+0x505/0x830 [ 316.261913][ T8569] ? __pfx_____sys_sendmsg+0x10/0x10 [ 316.261960][ T8569] ? import_iovec+0x74/0xa0 [ 316.261990][ T8569] ___sys_sendmsg+0x21f/0x2a0 [ 316.262015][ T8569] ? __pfx____sys_sendmsg+0x10/0x10 [ 316.262083][ T8569] ? __fget_files+0x2a/0x420 [ 316.262112][ T8569] ? __fget_files+0x3a0/0x420 [ 316.262155][ T8569] __x64_sys_sendmsg+0x19b/0x260 [ 316.262181][ T8569] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 316.262213][ T8569] ? __pfx_ksys_write+0x10/0x10 [ 316.262236][ T8569] ? rcu_is_watching+0x15/0xb0 [ 316.262263][ T8569] ? do_syscall_64+0xbe/0x3b0 [ 316.262299][ T8569] do_syscall_64+0xfa/0x3b0 [ 316.262324][ T8569] ? lockdep_hardirqs_on+0x9c/0x150 [ 316.262351][ T8569] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.262372][ T8569] ? clear_bhb_loop+0x60/0xb0 [ 316.262398][ T8569] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 316.262417][ T8569] RIP: 0033:0x7f36a5f8ebe9 [ 316.262437][ T8569] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 316.262456][ T8569] RSP: 002b:00007f36a6d7e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 316.262479][ T8569] RAX: ffffffffffffffda RBX: 00007f36a61b5fa0 RCX: 00007f36a5f8ebe9 [ 316.262494][ T8569] RDX: 0000000000000000 RSI: 00002000000006c0 RDI: 0000000000000003 [ 316.262507][ T8569] RBP: 00007f36a6d7e090 R08: 0000000000000000 R09: 0000000000000000 [ 316.262520][ T8569] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 316.262532][ T8569] R13: 00007f36a61b6038 R14: 00007f36a61b5fa0 R15: 00007f36a62dfa28 [ 316.262576][ T8569] [ 316.664320][ T30] audit: type=1326 audit(1755884802.825:90): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.4.685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 316.687118][ T30] audit: type=1326 audit(1755884802.825:91): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.4.685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 316.709558][ T30] audit: type=1326 audit(1755884802.825:92): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.4.685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 316.739496][ T30] audit: type=1326 audit(1755884802.835:93): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.4.685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 316.766981][ T30] audit: type=1326 audit(1755884802.835:94): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8549 comm="syz.4.685" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2171b8ebe9 code=0x7ffc0000 [ 316.938451][ T5855] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 317.128609][ T5855] usb 5-1: Using ep0 maxpacket: 32 [ 317.136677][ T5855] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 317.145836][ T5855] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 317.156844][ T5855] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 317.226498][ T5855] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 81 [ 317.244099][ T5855] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 317.261610][ T5855] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 317.274839][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.274969][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.315289][ T5855] usb 5-1: config 0 descriptor?? [ 317.825301][ T8584] netlink: 44 bytes leftover after parsing attributes in process `syz.4.691'. [ 317.835467][ T8584] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 318.112923][ T24] cdc_ncm 1-1:1.0: bind() failure [ 318.168244][ T24] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 318.257023][ T8590] fuse: Unknown parameter 'user_id00000000000000000000' [ 318.425075][ T24] cdc_ncm 1-1:1.1: bind() failure [ 318.440438][ T24] usb 1-1: USB disconnect, device number 24 [ 318.938834][ T24] usb 1-1: new high-speed USB device number 25 using dummy_hcd [ 319.162186][ T24] usb 1-1: config 0 has no interfaces? [ 319.170889][ T24] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 319.198689][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.218908][ T24] usb 1-1: Product: syz [ 319.223351][ T24] usb 1-1: Manufacturer: syz [ 319.230631][ T24] usb 1-1: SerialNumber: syz [ 319.244296][ T24] usb 1-1: config 0 descriptor?? [ 319.545342][ T8604] FAULT_INJECTION: forcing a failure. [ 319.545342][ T8604] name failslab, interval 1, probability 0, space 0, times 0 [ 319.579122][ T24] usb 5-1: USB disconnect, device number 22 [ 319.645022][ T8604] CPU: 0 UID: 0 PID: 8604 Comm: syz.3.699 Not tainted syzkaller #0 PREEMPT(full) [ 319.645051][ T8604] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 319.645064][ T8604] Call Trace: [ 319.645072][ T8604] [ 319.645080][ T8604] dump_stack_lvl+0x189/0x250 [ 319.645111][ T8604] ? __pfx____ratelimit+0x10/0x10 [ 319.645138][ T8604] ? __pfx_dump_stack_lvl+0x10/0x10 [ 319.645161][ T8604] ? __pfx__printk+0x10/0x10 [ 319.645195][ T8604] ? __pfx___might_resched+0x10/0x10 [ 319.645213][ T8604] ? fs_reclaim_acquire+0x7d/0x100 [ 319.645248][ T8604] should_fail_ex+0x414/0x560 [ 319.645282][ T8604] should_failslab+0xa8/0x100 [ 319.645324][ T8604] __kmalloc_cache_noprof+0x70/0x3d0 [ 319.645350][ T8604] ? nfnetlink_rcv+0xeff/0x2520 [ 319.645381][ T8604] nfnetlink_rcv+0xeff/0x2520 [ 319.645444][ T8604] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 319.645489][ T8604] ? ref_tracker_free+0x63a/0x7d0 [ 319.645549][ T8604] ? __netlink_deliver_tap+0x807/0x850 [ 319.645578][ T8604] ? netlink_deliver_tap+0x2e/0x1b0 [ 319.645628][ T8604] netlink_unicast+0x82f/0x9e0 [ 319.645666][ T8604] ? __pfx_netlink_unicast+0x10/0x10 [ 319.645695][ T8604] ? netlink_sendmsg+0x642/0xb30 [ 319.645720][ T8604] ? skb_put+0x11b/0x210 [ 319.645745][ T8604] netlink_sendmsg+0x805/0xb30 [ 319.645791][ T8604] ? __pfx_netlink_sendmsg+0x10/0x10 [ 319.645826][ T8604] ? aa_sock_msg_perm+0xf1/0x1d0 [ 319.645848][ T8604] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 319.645870][ T8604] ? __pfx_netlink_sendmsg+0x10/0x10 [ 319.645901][ T8604] __sock_sendmsg+0x21c/0x270 [ 319.645931][ T8604] ____sys_sendmsg+0x505/0x830 [ 319.645959][ T8604] ? __pfx_____sys_sendmsg+0x10/0x10 [ 319.645992][ T8604] ? import_iovec+0x74/0xa0 [ 319.646021][ T8604] ___sys_sendmsg+0x21f/0x2a0 [ 319.646046][ T8604] ? __pfx____sys_sendmsg+0x10/0x10 [ 319.646111][ T8604] ? __fget_files+0x2a/0x420 [ 319.646139][ T8604] ? __fget_files+0x3a0/0x420 [ 319.646180][ T8604] __x64_sys_sendmsg+0x19b/0x260 [ 319.646206][ T8604] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 319.646241][ T8604] ? __pfx_ksys_write+0x10/0x10 [ 319.646264][ T8604] ? rcu_is_watching+0x15/0xb0 [ 319.646292][ T8604] ? do_syscall_64+0xbe/0x3b0 [ 319.646337][ T8604] do_syscall_64+0xfa/0x3b0 [ 319.646364][ T8604] ? lockdep_hardirqs_on+0x9c/0x150 [ 319.646391][ T8604] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.646410][ T8604] ? clear_bhb_loop+0x60/0xb0 [ 319.646435][ T8604] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 319.646454][ T8604] RIP: 0033:0x7fea6dd8ebe9 [ 319.646473][ T8604] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 319.646491][ T8604] RSP: 002b:00007fea6ebc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 319.646514][ T8604] RAX: ffffffffffffffda RBX: 00007fea6dfb5fa0 RCX: 00007fea6dd8ebe9 [ 319.646529][ T8604] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 319.646541][ T8604] RBP: 00007fea6ebc6090 R08: 0000000000000000 R09: 0000000000000000 [ 319.646553][ T8604] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 319.646564][ T8604] R13: 00007fea6dfb6038 R14: 00007fea6dfb5fa0 R15: 00007fea6e0dfa28 [ 319.646599][ T8604] [ 319.958635][ C0] vkms_vblank_simulate: vblank timer overrun [ 320.640408][ T30] kauditd_printk_skb: 7 callbacks suppressed [ 320.640428][ T30] audit: type=1326 audit(1755884807.725:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8607 comm="syz.3.702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 320.672537][ T8611] loop2: detected capacity change from 0 to 7 [ 320.690066][ T30] audit: type=1326 audit(1755884807.755:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8607 comm="syz.3.702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 320.748621][ T30] audit: type=1326 audit(1755884807.755:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8607 comm="syz.3.702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=125 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 320.822274][ T30] audit: type=1326 audit(1755884807.755:105): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8607 comm="syz.3.702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 320.934844][ T30] audit: type=1326 audit(1755884807.755:106): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8607 comm="syz.3.702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 321.024910][ T8611] Dev loop2: unable to read RDB block 7 [ 321.075730][ T30] audit: type=1326 audit(1755884807.755:107): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8607 comm="syz.3.702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 321.082493][ T8611] loop2: unable to read partition table [ 321.141485][ T8611] loop2: partition table beyond EOD, truncated [ 321.173439][ T8611] loop_reread_partitions: partition scan of loop2 (þ被xü—ŸÑà– ) failed (rc=-5) [ 321.184532][ T30] audit: type=1326 audit(1755884807.755:108): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8607 comm="syz.3.702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 321.236458][ T30] audit: type=1326 audit(1755884807.755:109): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8607 comm="syz.3.702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 321.431880][ T30] audit: type=1326 audit(1755884807.755:110): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8607 comm="syz.3.702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 321.618512][ T5855] usb 1-1: USB disconnect, device number 25 [ 321.663109][ T8621] netlink: 72 bytes leftover after parsing attributes in process `syz.4.701'. [ 321.733416][ T30] audit: type=1326 audit(1755884808.365:111): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=8607 comm="syz.3.702" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fea6dd8ebe9 code=0x7ffc0000 [ 321.912228][ T8627] netlink: 12 bytes leftover after parsing attributes in process `syz.3.705'. [ 322.089637][ T8630] fuse: Bad value for 'fd' [ 322.403452][ T5967] dvb-usb: did not find the firmware file 'dvb-usb-bluebird-01.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 322.461393][ T959] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 322.565321][ T5967] dvb_usb_cxusb 2-1:0.116: probe with driver dvb_usb_cxusb failed with error -22 [ 322.638228][ T959] usb 4-1: Using ep0 maxpacket: 32 [ 322.693262][ T8639] bridge3: entered promiscuous mode [ 322.736487][ T959] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 322.745947][ T959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 322.806034][ T959] usb 4-1: Product: п [ 322.814471][ T5967] dvb-usb: found a 'DViCO FusionHDTV DVB-T Dual USB' in cold state, will try to load a firmware [ 322.828545][ T5967] usb 2-1: Direct firmware load for dvb-usb-bluebird-01.fw failed with error -2 [ 322.837931][ T959] usb 4-1: Manufacturer: Э [ 322.842937][ T959] usb 4-1: SerialNumber: Ъ [ 322.855655][ T5967] usb 2-1: Falling back to sysfs fallback for: dvb-usb-bluebird-01.fw [ 323.097039][ T8627] netlink: 24 bytes leftover after parsing attributes in process `syz.3.705'. [ 323.107106][ T8627] netlink: 4 bytes leftover after parsing attributes in process `syz.3.705'. [ 324.569028][ T43] usb 1-1: new high-speed USB device number 26 using dummy_hcd [ 324.742200][ T43] usb 1-1: config 0 has no interfaces? [ 324.757527][ T43] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 324.782832][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 324.803965][ T43] usb 1-1: Product: syz [ 324.815060][ T43] usb 1-1: Manufacturer: syz [ 324.827033][ T43] usb 1-1: SerialNumber: syz [ 324.850332][ T43] usb 1-1: config 0 descriptor?? [ 324.876785][ T959] cdc_ncm 4-1:1.0: bind() failure [ 324.970702][ T959] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 324.998010][ T959] cdc_ncm 4-1:1.1: bind() failure [ 325.042334][ T959] usb 4-1: USB disconnect, device number 23 [ 325.581489][ T8665] netlink: 28 bytes leftover after parsing attributes in process `syz.3.715'. [ 325.725280][ T8666] random: crng reseeded on system resumption [ 325.856590][ T8667] netlink: 28 bytes leftover after parsing attributes in process `syz.3.715'. [ 326.105354][ T8673] fuse: Bad value for 'fd' [ 327.486454][ T5855] usb 1-1: USB disconnect, device number 26 [ 328.485834][ T8703] netlink: 12 bytes leftover after parsing attributes in process `syz.3.725'. [ 328.840564][ T5950] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 329.044761][ T5950] usb 4-1: Using ep0 maxpacket: 32 [ 329.078249][ T5950] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 329.097515][ T5950] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 329.128278][ T5950] usb 4-1: Product: п [ 329.142617][ T5950] usb 4-1: Manufacturer: Э [ 329.147144][ T5950] usb 4-1: SerialNumber: Ъ [ 329.403425][ T8705] netlink: 24 bytes leftover after parsing attributes in process `syz.3.725'. [ 329.427614][ T8705] netlink: 4 bytes leftover after parsing attributes in process `syz.3.725'. [ 329.711277][ T8715] fuse: Bad value for 'fd' [ 330.188420][ T43] usb 1-1: new high-speed USB device number 27 using dummy_hcd [ 330.268218][ T24] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 330.458313][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 330.471446][ T43] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 330.484378][ T43] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 330.516044][ T43] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 330.564640][ T43] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 330.612669][ T43] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 330.653279][ T43] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 330.702489][ T43] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 330.730318][ T43] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 330.744893][ T24] usb 3-1: config 0 has no interfaces? [ 330.761128][ T24] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 330.771379][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 330.786400][ T24] usb 3-1: Product: syz [ 330.795340][ T24] usb 3-1: Manufacturer: syz [ 330.810632][ T24] usb 3-1: SerialNumber: syz [ 330.823161][ T43] usb 1-1: config 0 descriptor?? [ 330.849421][ T24] usb 3-1: config 0 descriptor?? [ 331.501421][ T8726] netlink: 44 bytes leftover after parsing attributes in process `syz.0.729'. [ 331.523722][ T8726] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 331.916314][ T5950] cdc_ncm 4-1:1.0: bind() failure [ 332.054288][ T5950] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 332.108564][ T5950] cdc_ncm 4-1:1.1: bind() failure [ 332.157272][ T5950] usb 4-1: USB disconnect, device number 24 [ 332.690202][ T9] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 332.717284][ T8743] netlink: 28 bytes leftover after parsing attributes in process `syz.3.735'. [ 332.976697][ T8745] netlink: 28 bytes leftover after parsing attributes in process `syz.3.735'. [ 333.300542][ T24] usb 1-1: USB disconnect, device number 27 [ 333.447064][ T9] usb 5-1: config 0 has no interfaces? [ 333.466230][ T9] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 333.496424][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.539574][ T9] usb 5-1: Product: syz [ 333.549648][ T9] usb 5-1: Manufacturer: syz [ 333.565450][ T9] usb 5-1: SerialNumber: syz [ 333.598184][ T9] usb 5-1: config 0 descriptor?? [ 333.683436][ T24] usb 3-1: USB disconnect, device number 22 [ 334.648353][ T5855] usb 1-1: new high-speed USB device number 28 using dummy_hcd [ 334.832089][ T5855] usb 1-1: Using ep0 maxpacket: 16 [ 334.886232][ T5855] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 334.897452][ T5855] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 334.926418][ T5855] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 335.069497][ T5855] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 335.127560][ T5855] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.195848][ T5855] usb 1-1: Product: syz [ 335.212040][ T5855] usb 1-1: Manufacturer: syz [ 335.274169][ T5855] usb 1-1: SerialNumber: syz [ 335.397081][ T8767] netlink: 4 bytes leftover after parsing attributes in process `syz.1.742'. [ 335.472080][ T8769] fuse: Unknown parameter '0x0000000000000003' [ 336.154488][ T8751] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 336.322765][ T8751] binfmt_misc: register: failed to install interpreter file ./cgroup.cpu/cpuset.cpus [ 336.668514][ T43] usb 5-1: USB disconnect, device number 23 [ 336.786812][ T8781] FAULT_INJECTION: forcing a failure. [ 336.786812][ T8781] name failslab, interval 1, probability 0, space 0, times 0 [ 336.805004][ T8781] CPU: 1 UID: 0 PID: 8781 Comm: syz.4.747 Not tainted syzkaller #0 PREEMPT(full) [ 336.805032][ T8781] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 336.805045][ T8781] Call Trace: [ 336.805053][ T8781] [ 336.805062][ T8781] dump_stack_lvl+0x189/0x250 [ 336.805091][ T8781] ? __pfx____ratelimit+0x10/0x10 [ 336.805117][ T8781] ? __pfx_dump_stack_lvl+0x10/0x10 [ 336.805139][ T8781] ? __pfx__printk+0x10/0x10 [ 336.805173][ T8781] ? __pfx___might_resched+0x10/0x10 [ 336.805192][ T8781] ? fs_reclaim_acquire+0x7d/0x100 [ 336.805227][ T8781] should_fail_ex+0x414/0x560 [ 336.805259][ T8781] should_failslab+0xa8/0x100 [ 336.805290][ T8781] __kmalloc_cache_noprof+0x70/0x3d0 [ 336.805315][ T8781] ? ethnl_tsinfo_start+0xcd/0x2c0 [ 336.805350][ T8781] ethnl_tsinfo_start+0xcd/0x2c0 [ 336.805378][ T8781] ? genl_start+0x4a3/0x6c0 [ 336.805403][ T8781] genl_start+0x4c3/0x6c0 [ 336.805434][ T8781] __netlink_dump_start+0x469/0x7e0 [ 336.805473][ T8781] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 336.805512][ T8781] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 336.805534][ T8781] ? genl_get_cmd+0x67f/0x910 [ 336.805563][ T8781] ? __pfx_genl_start+0x10/0x10 [ 336.805582][ T8781] ? __pfx_genl_dumpit+0x10/0x10 [ 336.805601][ T8781] ? __pfx_genl_done+0x10/0x10 [ 336.805640][ T8781] genl_rcv_msg+0x5da/0x790 [ 336.805672][ T8781] ? __pfx_genl_rcv_msg+0x10/0x10 [ 336.805694][ T8781] ? __pfx_ethnl_tsinfo_start+0x10/0x10 [ 336.805720][ T8781] ? __pfx_ethnl_tsinfo_dumpit+0x10/0x10 [ 336.805746][ T8781] ? __pfx_ethnl_tsinfo_done+0x10/0x10 [ 336.805777][ T8781] ? __asan_memcpy+0x40/0x70 [ 336.805800][ T8781] ? __pfx_ref_tracker_free+0x10/0x10 [ 336.805838][ T8781] netlink_rcv_skb+0x205/0x470 [ 336.805863][ T8781] ? __lock_acquire+0xab9/0xd20 [ 336.805898][ T8781] ? __pfx_genl_rcv_msg+0x10/0x10 [ 336.805923][ T8781] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 336.805975][ T8781] ? down_read+0x1ad/0x2e0 [ 336.805997][ T8781] genl_rcv+0x28/0x40 [ 336.806016][ T8781] netlink_unicast+0x82f/0x9e0 [ 336.806054][ T8781] ? __pfx_netlink_unicast+0x10/0x10 [ 336.806083][ T8781] ? netlink_sendmsg+0x642/0xb30 [ 336.806110][ T8781] ? skb_put+0x11b/0x210 [ 336.806135][ T8781] netlink_sendmsg+0x805/0xb30 [ 336.806174][ T8781] ? __pfx_netlink_sendmsg+0x10/0x10 [ 336.806208][ T8781] ? aa_sock_msg_perm+0xf1/0x1d0 [ 336.806231][ T8781] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 336.806252][ T8781] ? __pfx_netlink_sendmsg+0x10/0x10 [ 336.806281][ T8781] __sock_sendmsg+0x21c/0x270 [ 336.806310][ T8781] ____sys_sendmsg+0x505/0x830 [ 336.806339][ T8781] ? __pfx_____sys_sendmsg+0x10/0x10 [ 336.806372][ T8781] ? import_iovec+0x74/0xa0 [ 336.806402][ T8781] ___sys_sendmsg+0x21f/0x2a0 [ 336.806426][ T8781] ? __pfx____sys_sendmsg+0x10/0x10 [ 336.806488][ T8781] ? __fget_files+0x2a/0x420 [ 336.806525][ T8781] ? __fget_files+0x3a0/0x420 [ 336.806568][ T8781] __x64_sys_sendmsg+0x19b/0x260 [ 336.806592][ T8781] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 336.806626][ T8781] ? __pfx_ksys_write+0x10/0x10 [ 336.806649][ T8781] ? rcu_is_watching+0x15/0xb0 [ 336.806676][ T8781] ? do_syscall_64+0xbe/0x3b0 [ 336.806711][ T8781] do_syscall_64+0xfa/0x3b0 [ 336.806736][ T8781] ? lockdep_hardirqs_on+0x9c/0x150 [ 336.806763][ T8781] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.806783][ T8781] ? clear_bhb_loop+0x60/0xb0 [ 336.806809][ T8781] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 336.806828][ T8781] RIP: 0033:0x7f2171b8ebe9 [ 336.806847][ T8781] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 336.806863][ T8781] RSP: 002b:00007f216fdf6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 336.806885][ T8781] RAX: ffffffffffffffda RBX: 00007f2171db5fa0 RCX: 00007f2171b8ebe9 [ 336.806900][ T8781] RDX: 0000000000000000 RSI: 0000200000000240 RDI: 0000000000000003 [ 336.806913][ T8781] RBP: 00007f216fdf6090 R08: 0000000000000000 R09: 0000000000000000 [ 336.806926][ T8781] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 336.806938][ T8781] R13: 00007f2171db6038 R14: 00007f2171db5fa0 R15: 00007f2171edfa28 [ 336.806972][ T8781] [ 337.208187][ C1] vkms_vblank_simulate: vblank timer overrun [ 337.258512][ T24] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 337.428344][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 337.436249][ T24] usb 3-1: config index 0 descriptor too short (expected 29220, got 36) [ 337.444913][ T24] usb 3-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 337.453790][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 337.463941][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 337.473285][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 337.483088][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 337.496103][ T24] usb 3-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 337.505197][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 337.516011][ T24] usb 3-1: config 0 descriptor?? [ 338.017843][ T8791] netlink: 44 bytes leftover after parsing attributes in process `syz.2.746'. [ 338.027628][ T8791] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 339.173272][ T8801] netlink: 28 bytes leftover after parsing attributes in process `syz.1.750'. [ 339.429348][ T8803] netlink: 28 bytes leftover after parsing attributes in process `syz.1.750'. [ 339.847652][ T5855] usb 1-1: 0:2 : does not exist [ 339.939763][ T9] usb 3-1: USB disconnect, device number 23 [ 340.164266][ T5855] usb 1-1: USB disconnect, device number 28 [ 340.502723][ T5855] usb 1-1: new high-speed USB device number 29 using dummy_hcd [ 340.568295][ T5950] usb 3-1: new high-speed USB device number 24 using dummy_hcd [ 340.998974][ T5950] usb 3-1: Using ep0 maxpacket: 32 [ 341.013918][ T5855] usb 1-1: config 0 has no interfaces? [ 341.019618][ T848] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 341.063394][ T5950] usb 3-1: config index 0 descriptor too short (expected 35577, got 27) [ 341.076779][ T5855] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 341.089235][ T5950] usb 3-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 341.110765][ T5855] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.121424][ T5950] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 341.136475][ T5855] usb 1-1: Product: syz [ 341.142761][ T5950] usb 3-1: config 1 has no interface number 0 [ 341.149886][ T5855] usb 1-1: Manufacturer: syz [ 341.154884][ T5950] usb 3-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 341.166748][ T5855] usb 1-1: SerialNumber: syz [ 341.205707][ T5950] usb 3-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 341.221977][ T5855] usb 1-1: config 0 descriptor?? [ 341.268463][ T848] usb 4-1: Using ep0 maxpacket: 8 [ 341.285124][ T848] usb 4-1: config 1 has an invalid descriptor of length 207, skipping remainder of the config [ 341.406665][ T848] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 51264, setting to 1024 [ 341.438581][ T5950] usb 3-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 341.484858][ T848] usb 4-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 1024 [ 341.517326][ T5950] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.556809][ T848] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 341.599915][ T5950] snd_usb_pod 3-1:1.1: Line 6 Pocket POD found [ 341.622009][ T848] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 341.684244][ T848] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 341.695844][ T848] usb 4-1: Product: syz [ 341.703906][ T848] usb 4-1: Manufacturer: syz [ 341.709008][ T848] usb 4-1: SerialNumber: syz [ 341.722619][ T8818] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 341.748498][ T848] cdc_ether 4-1:1.0: probe with driver cdc_ether failed with error -22 [ 341.764616][ T848] usbtest 4-1:1.0: couldn't get endpoints, -22 [ 341.773058][ T848] usbtest 4-1:1.0: probe with driver usbtest failed with error -22 [ 341.818425][ T10] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 341.994002][ T8816] netlink: 4 bytes leftover after parsing attributes in process `syz.3.753'. [ 342.004701][ T8816] usb usb8: usbfs: interface 0 claimed by hub while 'syz.3.753' resets device [ 342.015522][ T8816] loop2: detected capacity change from 0 to 7 [ 342.067512][ T848] usb 4-1: USB disconnect, device number 25 [ 342.111825][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 342.142537][ T10] usb 5-1: config index 0 descriptor too short (expected 35577, got 27) [ 342.164644][ T10] usb 5-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 342.193280][ T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 342.367368][ T10] usb 5-1: config 1 has no interface number 0 [ 342.421118][ T10] usb 5-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 342.462340][ T10] usb 5-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 342.512770][ T10] usb 5-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 342.532961][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 342.622894][ T10] snd_usb_pod 5-1:1.1: Line 6 Pocket POD found [ 342.938762][ T5949] usb 1-1: USB disconnect, device number 29 [ 343.053803][ T8836] FAULT_INJECTION: forcing a failure. [ 343.053803][ T8836] name failslab, interval 1, probability 0, space 0, times 0 [ 343.132342][ T8836] CPU: 0 UID: 0 PID: 8836 Comm: syz.0.758 Not tainted syzkaller #0 PREEMPT(full) [ 343.132382][ T8836] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 343.132394][ T8836] Call Trace: [ 343.132403][ T8836] [ 343.132412][ T8836] dump_stack_lvl+0x189/0x250 [ 343.132447][ T8836] ? __pfx____ratelimit+0x10/0x10 [ 343.132474][ T8836] ? __pfx_dump_stack_lvl+0x10/0x10 [ 343.132497][ T8836] ? __pfx__printk+0x10/0x10 [ 343.132526][ T8836] ? __pfx___might_resched+0x10/0x10 [ 343.132545][ T8836] ? fs_reclaim_acquire+0x7d/0x100 [ 343.132581][ T8836] should_fail_ex+0x414/0x560 [ 343.132613][ T8836] should_failslab+0xa8/0x100 [ 343.132642][ T8836] __kmalloc_noprof+0xcb/0x4f0 [ 343.132668][ T8836] ? tomoyo_encode+0x28b/0x550 [ 343.132694][ T8836] tomoyo_encode+0x28b/0x550 [ 343.132720][ T8836] tomoyo_realpath_from_path+0x58d/0x5d0 [ 343.132754][ T8836] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 343.132782][ T8836] tomoyo_path_number_perm+0x1e8/0x5a0 [ 343.132813][ T8836] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 343.132859][ T8836] ? __lock_acquire+0xab9/0xd20 [ 343.132912][ T8836] ? __fget_files+0x2a/0x420 [ 343.132945][ T8836] ? __fget_files+0x2a/0x420 [ 343.132973][ T8836] ? __fget_files+0x3a0/0x420 [ 343.133000][ T8836] ? __fget_files+0x2a/0x420 [ 343.133034][ T8836] security_file_ioctl+0xcb/0x2d0 [ 343.133063][ T8836] __se_sys_ioctl+0x47/0x170 [ 343.133090][ T8836] do_syscall_64+0xfa/0x3b0 [ 343.133117][ T8836] ? lockdep_hardirqs_on+0x9c/0x150 [ 343.133145][ T8836] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.133165][ T8836] ? clear_bhb_loop+0x60/0xb0 [ 343.133191][ T8836] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 343.133210][ T8836] RIP: 0033:0x7fe5eb78ebe9 [ 343.133230][ T8836] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 343.133247][ T8836] RSP: 002b:00007fe5ec5ee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 343.133269][ T8836] RAX: ffffffffffffffda RBX: 00007fe5eb9b5fa0 RCX: 00007fe5eb78ebe9 [ 343.133284][ T8836] RDX: 0000200000000040 RSI: 00000000c0b45545 RDI: 0000000000000003 [ 343.133297][ T8836] RBP: 00007fe5ec5ee090 R08: 0000000000000000 R09: 0000000000000000 [ 343.133309][ T8836] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 343.133321][ T8836] R13: 00007fe5eb9b6038 R14: 00007fe5eb9b5fa0 R15: 00007fe5ebadfa28 [ 343.133355][ T8836] [ 343.133496][ T8836] ERROR: Out of memory at tomoyo_realpath_from_path. [ 343.442130][ T8842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.759'. [ 343.788429][ T24] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 343.948516][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 343.963947][ T24] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 343.973571][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 343.987251][ T24] usb 4-1: Product: п [ 344.001606][ T24] usb 4-1: Manufacturer: Э [ 344.017024][ T24] usb 4-1: SerialNumber: Ъ [ 344.259971][ T8842] netlink: 24 bytes leftover after parsing attributes in process `syz.3.759'. [ 344.276901][ T8842] netlink: 4 bytes leftover after parsing attributes in process `syz.3.759'. [ 345.078720][ T848] usb 1-1: new high-speed USB device number 30 using dummy_hcd [ 345.248585][ T848] usb 1-1: Using ep0 maxpacket: 8 [ 345.371486][ T848] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 345.382847][ T848] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid maxpacket 57300, setting to 1024 [ 345.409529][ T848] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x3 has invalid maxpacket 1024 [ 345.462143][ T848] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 345.500112][ T5950] snd_usb_pod 3-1:1.1: set_interface failed [ 345.606221][ T5950] snd_usb_pod 3-1:1.1: Line 6 Pocket POD now disconnected [ 345.714551][ T5950] snd_usb_pod 3-1:1.1: probe with driver snd_usb_pod failed with error -71 [ 345.747630][ T848] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a3, bcdDevice= 0.40 [ 345.883559][ T848] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 345.960451][ T5950] usb 3-1: USB disconnect, device number 24 [ 345.968199][ T848] usb 1-1: Product: syz [ 345.972464][ T848] usb 1-1: Manufacturer: syz [ 345.977121][ T848] usb 1-1: SerialNumber: syz [ 346.209436][ T8858] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 346.223520][ T8858] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 346.554070][ T8858] netlink: 4 bytes leftover after parsing attributes in process `syz.0.764'. [ 346.564821][ T8858] usb usb8: usbfs: interface 0 claimed by hub while 'syz.0.764' resets device [ 346.577465][ T8858] loop2: detected capacity change from 0 to 7 [ 347.159091][ T848] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71 [ 347.177467][ T848] usbtest 1-1:1.0: Linux user mode ISO test driver [ 347.352512][ T848] usbtest 1-1:1.0: high-speed {control bulk-in bulk-out} tests (+alt) [ 347.632342][ T848] usb 1-1: USB disconnect, device number 30 [ 347.751445][ T10] snd_usb_pod 5-1:1.1: set_interface failed [ 347.793783][ T10] snd_usb_pod 5-1:1.1: Line 6 Pocket POD now disconnected [ 347.838597][ T10] snd_usb_pod 5-1:1.1: probe with driver snd_usb_pod failed with error -110 [ 348.318297][ T24] cdc_ncm 4-1:1.0: bind() failure [ 348.379059][ T24] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 348.432626][ T24] cdc_ncm 4-1:1.1: bind() failure [ 348.488237][ T24] usb 4-1: USB disconnect, device number 26 [ 348.680530][ T848] usb 5-1: USB disconnect, device number 24 [ 348.842089][ T8879] [U] vÔ3¸Âfù¾"SçÁ/Éê4:ÃXTz“W¡t‘’lWµ«= [ 348.858332][ T8879] [U] J"—e:ÀÆ" [ 348.893478][ T8878] loop7: detected capacity change from 0 to 7 [ 348.946717][ T7131] Dev loop7: unable to read RDB block 7 [ 348.973285][ T7131] loop7: unable to read partition table [ 348.994630][ T7131] loop7: partition table beyond EOD, truncated [ 349.068502][ T8883] netlink: 40 bytes leftover after parsing attributes in process `syz.0.771'. [ 349.129898][ T8883] netlink: 12 bytes leftover after parsing attributes in process `syz.0.771'. [ 349.148967][ T8878] Dev loop7: unable to read RDB block 7 [ 349.208313][ T8878] loop7: unable to read partition table [ 349.258594][ T8878] loop7: partition table beyond EOD, truncated [ 349.345398][ T8878] loop_reread_partitions: partition scan of loop7 (þ被xü—ŸÑà– ) failed (rc=-5) [ 349.770998][ T8896] `: Port device netdevsim0 removed [ 349.979832][ T8898] netlink: 'syz.0.775': attribute type 10 has an invalid length. [ 350.188341][ T848] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 350.197888][ T8898] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 350.243651][ T8898] team0: Failed to send options change via netlink (err -105) [ 350.253070][ T8898] team0: Port device netdevsim0 added [ 350.284315][ T49] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 350.458287][ T848] usb 4-1: Using ep0 maxpacket: 32 [ 350.478438][ T848] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 350.488252][ T848] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 350.501806][ T848] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 350.539149][ T848] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 350.568294][ T848] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 350.598011][ T848] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 350.642725][ T848] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 350.686478][ T848] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 350.702956][ T8911] netlink: 4 bytes leftover after parsing attributes in process `syz.4.778'. [ 350.843235][ T848] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 350.880125][ T848] usb 4-1: config 0 descriptor?? [ 351.120989][ T8917] netlink: 'syz.0.780': attribute type 10 has an invalid length. [ 351.138344][ T43] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 351.359243][ T43] usb 5-1: Using ep0 maxpacket: 32 [ 351.386908][ T43] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 351.409015][ T8919] netlink: 44 bytes leftover after parsing attributes in process `syz.3.777'. [ 351.419386][ T8919] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 351.445569][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 351.467569][ T43] usb 5-1: Product: п [ 351.480991][ T43] usb 5-1: Manufacturer: Э [ 351.497035][ T43] usb 5-1: SerialNumber: Ъ [ 351.737605][ T8914] netlink: 24 bytes leftover after parsing attributes in process `syz.4.778'. [ 351.847721][ T8914] netlink: 4 bytes leftover after parsing attributes in process `syz.4.778'. [ 353.742759][ T43] cdc_ncm 5-1:1.0: bind() failure [ 353.822141][ T43] cdc_ncm 5-1:1.1: CDC Union missing and no IAD found [ 353.876889][ T24] usb 4-1: USB disconnect, device number 27 [ 353.887171][ T43] cdc_ncm 5-1:1.1: bind() failure [ 353.953817][ T43] usb 5-1: USB disconnect, device number 25 [ 354.325760][ T8947] netlink: 28 bytes leftover after parsing attributes in process `syz.3.786'. [ 354.521486][ T43] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 354.600928][ T8949] netlink: 28 bytes leftover after parsing attributes in process `syz.3.786'. [ 354.709072][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 354.727417][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 354.781040][ T43] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 354.848980][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 354.966138][ T43] usb 5-1: config 0 descriptor?? [ 355.496826][ T43] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 355.512623][ T43] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 355.529643][ T43] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 355.548307][ T43] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 355.569801][ T43] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 355.592835][ T43] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 355.613918][ T43] cp2112 0003:10C4:EA90.0008: unknown main item tag 0x0 [ 355.656682][ T43] cp2112 0003:10C4:EA90.0008: hidraw0: USB HID v0.00 Device [HID 10c4:ea90] on usb-dummy_hcd.4-1/input0 [ 355.752545][ T43] cp2112 0003:10C4:EA90.0008: Part Number: 0x00 Device Version: 0x00 [ 356.357522][ T8941] cp2112 0003:10C4:EA90.0008: Error starting transaction: -38 [ 356.370269][ T43] cp2112 0003:10C4:EA90.0008: error reading lock byte: -71 [ 356.394742][ T43] usb 5-1: USB disconnect, device number 26 [ 357.770846][ T8984] netlink: 4 bytes leftover after parsing attributes in process `syz.0.795'. [ 357.782713][ T8984] netlink: 12 bytes leftover after parsing attributes in process `syz.0.795'. [ 358.122356][ T9] usb 1-1: new high-speed USB device number 31 using dummy_hcd [ 358.282329][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 358.314566][ T10] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 358.330658][ T9] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 358.402285][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 358.412395][ T9] usb 1-1: Product: п [ 358.416660][ T9] usb 1-1: Manufacturer: Э [ 358.424172][ T9] usb 1-1: SerialNumber: Ъ [ 359.005339][ T8999] netlink: 'syz.2.799': attribute type 10 has an invalid length. [ 359.030728][ T8999] `: Failed to send options change via netlink (err -105) [ 359.031536][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 359.045573][ T10] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 359.056501][ T10] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 359.078339][ T8999] `: Port device netdevsim0 added [ 359.115459][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 359.138185][ T10] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 359.156339][ T10] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 359.166444][ T10] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 359.196627][ T10] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 359.238555][ T10] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 359.258661][ T10] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 359.299368][ T10] usb 4-1: config 0 descriptor?? [ 359.352525][ T8986] netlink: 24 bytes leftover after parsing attributes in process `syz.0.795'. [ 359.644962][ T9003] netlink: 44 bytes leftover after parsing attributes in process `syz.3.796'. [ 359.655163][ T9003] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 360.794042][ T9] cdc_ncm 1-1:1.0: bind() failure [ 361.193176][ T9] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 361.222617][ T9] cdc_ncm 1-1:1.1: bind() failure [ 361.250041][ T9] usb 1-1: USB disconnect, device number 31 [ 361.408300][ T5949] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 361.815514][ T9025] syzkaller0: entered promiscuous mode [ 361.821165][ T9025] syzkaller0: entered allmulticast mode [ 361.920374][ T5949] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 361.944712][ T5949] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 362.047166][ T5949] usb 5-1: New USB device found, idVendor=04b4, idProduct=de61, bcdDevice= 0.00 [ 362.109872][ T5949] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.318604][ T5949] usb 5-1: config 0 descriptor?? [ 363.103190][ T5855] usb 4-1: USB disconnect, device number 28 [ 363.891855][ T5949] usbhid 5-1:0.0: can't add hid device: -71 [ 363.918662][ T5949] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 363.963404][ T5949] usb 5-1: USB disconnect, device number 27 [ 364.169479][ T9045] team0: Port device netdevsim0 removed [ 364.346579][ T9048] FAULT_INJECTION: forcing a failure. [ 364.346579][ T9048] name failslab, interval 1, probability 0, space 0, times 0 [ 364.362569][ T9048] CPU: 1 UID: 0 PID: 9048 Comm: syz.3.811 Not tainted syzkaller #0 PREEMPT(full) [ 364.362599][ T9048] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 364.362607][ T9048] Call Trace: [ 364.362613][ T9048] [ 364.362618][ T9048] dump_stack_lvl+0x189/0x250 [ 364.362638][ T9048] ? __pfx____ratelimit+0x10/0x10 [ 364.362656][ T9048] ? __pfx_dump_stack_lvl+0x10/0x10 [ 364.362671][ T9048] ? __pfx__printk+0x10/0x10 [ 364.362691][ T9048] ? __pfx___might_resched+0x10/0x10 [ 364.362706][ T9048] should_fail_ex+0x414/0x560 [ 364.362725][ T9048] should_failslab+0xa8/0x100 [ 364.362743][ T9048] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 364.362760][ T9048] ? __alloc_skb+0x112/0x2d0 [ 364.362781][ T9048] __alloc_skb+0x112/0x2d0 [ 364.362802][ T9048] netlink_sendmsg+0x5c6/0xb30 [ 364.362825][ T9048] ? __pfx_netlink_sendmsg+0x10/0x10 [ 364.362854][ T9048] ? aa_sock_msg_perm+0xf1/0x1d0 [ 364.362866][ T9048] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 364.362879][ T9048] ? __pfx_netlink_sendmsg+0x10/0x10 [ 364.362898][ T9048] __sock_sendmsg+0x21c/0x270 [ 364.362916][ T9048] ____sys_sendmsg+0x505/0x830 [ 364.362932][ T9048] ? __pfx_____sys_sendmsg+0x10/0x10 [ 364.362950][ T9048] ? import_iovec+0x74/0xa0 [ 364.362965][ T9048] ___sys_sendmsg+0x21f/0x2a0 [ 364.362980][ T9048] ? __pfx____sys_sendmsg+0x10/0x10 [ 364.363018][ T9048] ? __fget_files+0x2a/0x420 [ 364.363036][ T9048] ? __fget_files+0x3a0/0x420 [ 364.363059][ T9048] __x64_sys_sendmsg+0x19b/0x260 [ 364.363074][ T9048] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 364.363092][ T9048] ? __pfx_ksys_write+0x10/0x10 [ 364.363106][ T9048] ? rcu_is_watching+0x15/0xb0 [ 364.363121][ T9048] ? do_syscall_64+0xbe/0x3b0 [ 364.363141][ T9048] do_syscall_64+0xfa/0x3b0 [ 364.363158][ T9048] ? lockdep_hardirqs_on+0x9c/0x150 [ 364.363174][ T9048] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.363186][ T9048] ? clear_bhb_loop+0x60/0xb0 [ 364.363200][ T9048] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 364.363212][ T9048] RIP: 0033:0x7fea6dd8ebe9 [ 364.363224][ T9048] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 364.363235][ T9048] RSP: 002b:00007fea6ebc6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 364.363249][ T9048] RAX: ffffffffffffffda RBX: 00007fea6dfb5fa0 RCX: 00007fea6dd8ebe9 [ 364.363260][ T9048] RDX: 0000000000008004 RSI: 0000200000000180 RDI: 0000000000000006 [ 364.363270][ T9048] RBP: 00007fea6ebc6090 R08: 0000000000000000 R09: 0000000000000000 [ 364.363278][ T9048] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 364.363285][ T9048] R13: 00007fea6dfb6038 R14: 00007fea6dfb5fa0 R15: 00007fea6e0dfa28 [ 364.363303][ T9048] [ 365.292936][ T9057] netlink: 4 bytes leftover after parsing attributes in process `syz.2.813'. [ 365.354008][ T9057] netlink: 12 bytes leftover after parsing attributes in process `syz.2.813'. [ 365.719282][ T9] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 365.888325][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 365.905161][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 365.926865][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 365.976345][ T9] usb 3-1: Product: п [ 366.162661][ T9] usb 3-1: Manufacturer: Э [ 366.274384][ T9] usb 3-1: SerialNumber: Ъ [ 366.501265][ T9057] netlink: 24 bytes leftover after parsing attributes in process `syz.2.813'. [ 366.708415][ T10] usb 1-1: new high-speed USB device number 32 using dummy_hcd [ 366.878348][ T10] usb 1-1: Using ep0 maxpacket: 32 [ 366.886121][ T10] usb 1-1: config index 0 descriptor too short (expected 29220, got 36) [ 366.993783][ T10] usb 1-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 367.026247][ T10] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 367.045004][ T10] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 367.067641][ T10] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 367.080250][ T10] usb 1-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 367.103881][ T10] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 18 [ 367.140265][ T10] usb 1-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 367.168397][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 367.219074][ T10] usb 1-1: config 0 descriptor?? [ 367.854478][ T9091] netlink: 44 bytes leftover after parsing attributes in process `syz.0.818'. [ 367.869321][ T9091] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 367.902254][ T9093] syzkaller0: entered promiscuous mode [ 367.925821][ T9093] syzkaller0: entered allmulticast mode [ 368.140428][ T9] cdc_ncm 3-1:1.0: bind() failure [ 368.336594][ T9] cdc_ncm 3-1:1.1: CDC Union missing and no IAD found [ 368.352122][ T9] cdc_ncm 3-1:1.1: bind() failure [ 368.402925][ T9] usb 3-1: USB disconnect, device number 25 [ 369.063895][ T9121] netlink: 32 bytes leftover after parsing attributes in process `syz.1.833'. [ 369.598424][ T5949] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 369.718756][ T43] usb 1-1: USB disconnect, device number 32 [ 369.768315][ T5949] usb 3-1: Using ep0 maxpacket: 32 [ 369.793755][ T5949] usb 3-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 369.813252][ T5949] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 369.841505][ T5949] usb 3-1: config 0 descriptor?? [ 370.061824][ T5949] dvb-usb: found a 'Elgato EyeTV Sat' in cold state, will try to load a firmware [ 370.479972][ T5949] usb 3-1: Direct firmware load for dvb-usb-az6027-03.fw failed with error -2 [ 370.489247][ T5949] usb 3-1: Falling back to sysfs fallback for: dvb-usb-az6027-03.fw [ 370.546549][ T9142] netlink: 4 bytes leftover after parsing attributes in process `syz.0.839'. [ 370.597359][ T9142] netlink: 12 bytes leftover after parsing attributes in process `syz.0.839'. [ 370.847032][ T9145] netlink: 'syz.4.840': attribute type 10 has an invalid length. [ 370.974232][ T9145] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 370.998867][ T9145] team0: Failed to send options change via netlink (err -105) [ 371.006568][ T9145] team0: Port device netdevsim0 added [ 371.028921][ T43] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 371.205308][ T43] usb 1-1: Using ep0 maxpacket: 32 [ 371.348477][ T43] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 371.392432][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.408166][ T43] usb 1-1: Product: п [ 371.412296][ T43] usb 1-1: Manufacturer: Э [ 371.417618][ T43] usb 1-1: SerialNumber: Ъ [ 371.646435][ T9142] netlink: 24 bytes leftover after parsing attributes in process `syz.0.839'. [ 371.938315][ T9166] tipc: Enabled bearer , priority 0 [ 371.985468][ T9166] syzkaller0: entered promiscuous mode [ 371.993328][ T9166] syzkaller0: entered allmulticast mode [ 372.016205][ T9170] netlink: 'syz.1.848': attribute type 10 has an invalid length. [ 372.051919][ T9170] `: Failed to send port change of device netdevsim0 via netlink (err -105) [ 372.066609][ T9170] `: Failed to send options change via netlink (err -105) [ 372.078652][ T9170] `: Port device netdevsim0 added [ 372.109995][ T30] kauditd_printk_skb: 1 callbacks suppressed [ 372.110016][ T30] audit: type=1326 audit(1755884859.195:113): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53838ebe9 code=0x7ffc0000 [ 372.154658][ T9165] tipc: Resetting bearer [ 372.164713][ T30] audit: type=1326 audit(1755884859.235:114): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb53838ebe9 code=0x7ffc0000 [ 372.234419][ T30] audit: type=1326 audit(1755884859.235:115): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53838ebe9 code=0x7ffc0000 [ 372.238317][ T24] usb 5-1: new high-speed USB device number 28 using dummy_hcd [ 372.280917][ T9165] tipc: Disabling bearer [ 372.327527][ T30] audit: type=1326 audit(1755884859.235:116): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=118 compat=0 ip=0x7fb53838ebe9 code=0x7ffc0000 [ 372.444756][ T30] audit: type=1326 audit(1755884859.235:117): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53838ebe9 code=0x7ffc0000 [ 372.467590][ T24] usb 5-1: Using ep0 maxpacket: 32 [ 372.492879][ T24] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 372.515712][ T30] audit: type=1326 audit(1755884859.235:118): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fb53838ebe9 code=0x7ffc0000 [ 372.554115][ T24] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 372.582803][ T24] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 372.603395][ T30] audit: type=1326 audit(1755884859.235:119): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53838ebe9 code=0x7ffc0000 [ 372.605895][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 372.749021][ T24] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 372.759507][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 372.780509][ T24] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 372.894796][ T24] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 372.915665][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.974951][ T24] usb 5-1: config 0 descriptor?? [ 373.097848][ T9181] `: Port device netdevsim0 removed [ 373.143379][ T30] audit: type=1326 audit(1755884859.235:120): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fb53838ebe9 code=0x7ffc0000 [ 373.172361][ T30] audit: type=1326 audit(1755884859.235:121): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fb53838ebe9 code=0x7ffc0000 [ 373.213586][ T30] audit: type=1326 audit(1755884859.235:122): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9165 comm="syz.2.846" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fb53838ebe9 code=0x7ffc0000 [ 373.597855][ T43] cdc_ncm 1-1:1.0: bind() failure [ 373.709650][ T43] cdc_ncm 1-1:1.1: CDC Union missing and no IAD found [ 373.929716][ T9189] netlink: 44 bytes leftover after parsing attributes in process `syz.4.847'. [ 373.950482][ T9189] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 374.012195][ T43] cdc_ncm 1-1:1.1: bind() failure [ 374.121325][ T43] usb 1-1: USB disconnect, device number 33 [ 375.007422][ T9197] netlink: 'syz.2.853': attribute type 33 has an invalid length. [ 375.075930][ T9197] netlink: 152 bytes leftover after parsing attributes in process `syz.2.853'. [ 375.359987][ T9203] netlink: 24 bytes leftover after parsing attributes in process `syz.2.855'. [ 375.960514][ T9209] netlink: 16 bytes leftover after parsing attributes in process `syz.2.856'. [ 376.517945][ T24] usb 5-1: USB disconnect, device number 28 [ 378.210419][ T9226] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=io+mem,decodes=none:owns=io+mem [ 378.522047][ T24] usb 5-1: new high-speed USB device number 29 using dummy_hcd [ 378.699956][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 378.707548][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 198, changing to 7 [ 378.726809][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x83 has invalid maxpacket 9653, setting to 1024 [ 378.741701][ T1303] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.748186][ T1303] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.840884][ T24] usb 5-1: New USB device found, idVendor=134c, idProduct=0002, bcdDevice=ec.7e [ 378.850383][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.001991][ T24] usb 5-1: Product: syz [ 379.006214][ T24] usb 5-1: Manufacturer: syz [ 379.094461][ T24] usb 5-1: SerialNumber: syz [ 379.233882][ T24] usb 5-1: config 0 descriptor?? [ 379.306094][ T24] hub 5-1:0.0: bad descriptor, ignoring hub [ 379.316023][ T24] hub 5-1:0.0: probe with driver hub failed with error -5 [ 379.344067][ T24] input: syz syz as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/input/input14 [ 380.005035][ T9152] Set syz1 is full, maxelem 65536 reached [ 380.226621][ T9242] netlink: 'syz.0.865': attribute type 33 has an invalid length. [ 380.260623][ T9242] netlink: 152 bytes leftover after parsing attributes in process `syz.0.865'. [ 380.399023][ T9242] `: renamed from team0 (while UP) [ 380.701909][ T9249] netlink: 16 bytes leftover after parsing attributes in process `syz.4.866'. [ 381.659967][ T5218] usb 5-1: reset high-speed USB device number 29 using dummy_hcd [ 381.703026][ T5218] usb 5-1: device reset changed ep0 maxpacket size! [ 381.803117][ T959] usb 5-1: USB disconnect, device number 29 [ 381.950697][ T9265] netlink: 4 bytes leftover after parsing attributes in process `syz.2.872'. [ 382.179175][ T959] usb 5-1: new high-speed USB device number 30 using dummy_hcd [ 382.348305][ T959] usb 5-1: Using ep0 maxpacket: 32 [ 382.355136][ T959] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 382.370939][ T959] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 382.425397][ T959] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 382.436930][ T959] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 382.461982][ T959] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 382.475550][ T959] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 382.487630][ T959] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 382.519304][ T959] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 382.594155][ T959] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.664846][ T9285] netlink: 'syz.2.876': attribute type 10 has an invalid length. [ 382.681774][ T959] usb 5-1: config 0 descriptor?? [ 383.134509][ T9289] netlink: 44 bytes leftover after parsing attributes in process `syz.4.868'. [ 383.144473][ T9289] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 383.834092][ T9292] netlink: 16 bytes leftover after parsing attributes in process `syz.0.878'. [ 383.944555][ T5967] dvb-usb: did not find the firmware file 'dvb-usb-bluebird-01.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 384.085421][ T9297] capability: warning: `syz.0.880' uses deprecated v2 capabilities in a way that may be insecure [ 384.116727][ T5967] dvb_usb_cxusb 2-1:0.230: probe with driver dvb_usb_cxusb failed with error -22 [ 384.164495][ T5967] dvb-usb: found a 'DViCO FusionHDTV DVB-T Dual USB' in cold state, will try to load a firmware [ 384.282737][ T5967] usb 2-1: Direct firmware load for dvb-usb-bluebird-01.fw failed with error -2 [ 384.292039][ T5967] usb 2-1: Falling back to sysfs fallback for: dvb-usb-bluebird-01.fw [ 385.651612][ T959] usb 5-1: USB disconnect, device number 30 [ 386.236318][ T9328] random: crng reseeded on system resumption [ 386.662722][ T9333] netlink: 16 bytes leftover after parsing attributes in process `syz.0.890'. [ 387.358351][ T43] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 387.528481][ T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has an invalid bInterval 86, changing to 10 [ 387.998683][ T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x81 has invalid wMaxPacketSize 0 [ 388.054671][ T43] usb 4-1: config 0 interface 0 altsetting 2 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 388.095332][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 388.135047][ T43] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2c24, bcdDevice= 0.00 [ 388.222159][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 388.279181][ T43] usb 4-1: config 0 descriptor?? [ 388.686049][ T9347] netlink: 'syz.4.895': attribute type 33 has an invalid length. [ 388.716832][ T43] pyra 0003:1E7D:2C24.0009: reserved main item tag 0xd [ 388.755967][ T9347] netlink: 152 bytes leftover after parsing attributes in process `syz.4.895'. [ 388.776192][ T43] pyra 0003:1E7D:2C24.0009: hidraw0: USB HID v0.01 Device [HID 1e7d:2c24] on usb-dummy_hcd.3-1/input0 [ 388.840479][ T9347] `: renamed from team0 (while UP) [ 388.906822][ T43] usb 4-1: USB disconnect, device number 29 [ 389.124182][ T9355] fuse: Unknown parameter 'grou00000000000000000000' [ 389.340425][ T959] usb 5-1: new high-speed USB device number 31 using dummy_hcd [ 389.662869][ T959] usb 5-1: Using ep0 maxpacket: 32 [ 389.714734][ T959] usb 5-1: config index 0 descriptor too short (expected 29220, got 36) [ 389.733104][ T959] usb 5-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 389.747937][ T9369] netlink: 28 bytes leftover after parsing attributes in process `syz.2.899'. [ 389.767630][ T959] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 389.778580][ T959] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 389.792714][ T959] usb 5-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 390.207335][ T959] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 390.270502][ T959] usb 5-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 390.524930][ T959] usb 5-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 390.600608][ T9373] netlink: 28 bytes leftover after parsing attributes in process `syz.2.899'. [ 390.618808][ T959] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.848548][ T959] usb 5-1: config 0 descriptor?? [ 391.323677][ T9389] netlink: 44 bytes leftover after parsing attributes in process `syz.4.898'. [ 391.333598][ T9389] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 393.961227][ T24] usb 5-1: USB disconnect, device number 31 [ 394.255512][ T9414] netlink: 8 bytes leftover after parsing attributes in process `syz.4.908'. [ 394.264509][ T9414] netlink: 'syz.4.908': attribute type 5 has an invalid length. [ 394.276548][ T9414] netlink: 20 bytes leftover after parsing attributes in process `syz.4.908'. [ 394.328602][ T9414] geneve4: entered promiscuous mode [ 394.334896][ T9414] geneve4: entered allmulticast mode [ 394.455620][ T13] netdevsim netdevsim4 netdevsim0: set [1, 2] type 2 family 0 port 256 - 0 [ 394.550881][ T9150] netdevsim netdevsim4 netdevsim1: set [1, 2] type 2 family 0 port 256 - 0 [ 394.646655][ T9150] netdevsim netdevsim4 netdevsim2: set [1, 2] type 2 family 0 port 256 - 0 [ 394.730699][ T9150] netdevsim netdevsim4 netdevsim3: set [1, 2] type 2 family 0 port 256 - 0 [ 394.848450][ T9418] fuse: Unknown parameter 'grou00000000000000000000' [ 396.448363][ T848] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 396.911890][ T848] usb 1-1: New USB device found, idVendor=09e1, idProduct=5121, bcdDevice=40.c1 [ 396.938260][ T848] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 397.002977][ T848] usb 1-1: Product: syz [ 397.013083][ T848] usb 1-1: Manufacturer: syz [ 397.026613][ T848] usb 1-1: SerialNumber: syz [ 397.066861][ T848] usb 1-1: config 0 descriptor?? [ 397.359212][ T848] int51x1 1-1:0.0: probe with driver int51x1 failed with error -71 [ 397.408588][ T848] usb 1-1: USB disconnect, device number 34 [ 398.928527][ T9] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 399.088332][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 399.105017][ T9] usb 4-1: config 0 has an invalid interface number: 145 but max is 1 [ 399.145477][ T9] usb 4-1: config 0 has an invalid interface number: 43 but max is 1 [ 399.174389][ T9] usb 4-1: config 0 has no interface number 0 [ 399.202094][ T9] usb 4-1: config 0 has no interface number 1 [ 399.219638][ T9] usb 4-1: config 0 interface 43 altsetting 250 bulk endpoint 0xF has invalid maxpacket 1023 [ 399.233022][ T9472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 399.254601][ T9] usb 4-1: config 0 interface 43 altsetting 250 has a duplicate endpoint with address 0x2, skipping [ 399.276895][ T9472] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 399.290574][ T9] usb 4-1: config 0 interface 43 altsetting 250 has an endpoint descriptor with address 0xCE, changing to 0x8E [ 399.335575][ T9] usb 4-1: config 0 interface 43 altsetting 250 endpoint 0x8E has an invalid bInterval 180, changing to 11 [ 399.355241][ T9] usb 4-1: config 0 interface 43 altsetting 250 endpoint 0x8E has invalid maxpacket 16902, setting to 1024 [ 399.365179][ T9472] input: syz1 as /devices/virtual/input/input15 [ 399.379408][ T9] usb 4-1: config 0 interface 43 altsetting 250 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 399.395828][ T9] usb 4-1: config 0 interface 145 has no altsetting 0 [ 399.421851][ T9] usb 4-1: config 0 interface 43 has no altsetting 0 [ 399.457585][ T9] usb 4-1: New USB device found, idVendor=06cd, idProduct=0104, bcdDevice=c8.6a [ 399.473471][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 399.488282][ T9] usb 4-1: Product: syz [ 399.492487][ T9] usb 4-1: Manufacturer: syz [ 399.502761][ T9] usb 4-1: SerialNumber: syz [ 399.518865][ T9] usb 4-1: config 0 descriptor?? [ 399.735269][ T9] keyspan_pda 4-1:0.145: required endpoints missing [ 399.759418][ T9] keyspan_pda 4-1:0.43: Keyspan PDA converter detected [ 399.774405][ T9] usb 4-1: Keyspan PDA converter now attached to ttyUSB0 [ 399.782637][ T10] usb 5-1: new high-speed USB device number 32 using dummy_hcd [ 399.829754][ T9] usb 4-1: USB disconnect, device number 30 [ 399.870094][ T9] keyspan_pda ttyUSB0: Keyspan PDA converter now disconnected from ttyUSB0 [ 399.905949][ T9] keyspan_pda 4-1:0.43: device disconnected [ 399.950157][ T10] usb 5-1: config 0 has no interfaces? [ 399.959639][ T10] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 399.970006][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 399.985051][ T10] usb 5-1: Product: syz [ 399.991550][ T10] usb 5-1: Manufacturer: syz [ 399.996424][ T10] usb 5-1: SerialNumber: syz [ 400.012838][ T10] usb 5-1: config 0 descriptor?? [ 400.405561][ T24] hid-generic 0000:0000:0000.000A: unknown main item tag 0x0 [ 400.425874][ T24] hid-generic 0000:0000:0000.000A: hidraw0: HID v0.00 Device [syz1] on syz0 [ 402.578943][ T24] usb 5-1: USB disconnect, device number 32 [ 403.458242][ T9520] netlink: 'syz.3.939': attribute type 10 has an invalid length. [ 403.497014][ T9520] netdevsim netdevsim3 netdevsim0: left allmulticast mode [ 403.511336][ T9520] `: Failed to send options change via netlink (err -105) [ 403.527703][ T9520] `: Port device netdevsim0 added [ 403.631427][ T9522] FAULT_INJECTION: forcing a failure. [ 403.631427][ T9522] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 403.652159][ T9522] CPU: 1 UID: 0 PID: 9522 Comm: syz.2.933 Not tainted syzkaller #0 PREEMPT(full) [ 403.652189][ T9522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 403.652202][ T9522] Call Trace: [ 403.652211][ T9522] [ 403.652220][ T9522] dump_stack_lvl+0x189/0x250 [ 403.652251][ T9522] ? __pfx____ratelimit+0x10/0x10 [ 403.652281][ T9522] ? __pfx_dump_stack_lvl+0x10/0x10 [ 403.652306][ T9522] ? __pfx__printk+0x10/0x10 [ 403.652334][ T9522] ? __might_fault+0xb0/0x130 [ 403.652375][ T9522] should_fail_ex+0x414/0x560 [ 403.652407][ T9522] _copy_from_user+0x2d/0xb0 [ 403.652433][ T9522] ___sys_sendmsg+0x158/0x2a0 [ 403.652459][ T9522] ? __pfx____sys_sendmsg+0x10/0x10 [ 403.652528][ T9522] ? __fget_files+0x2a/0x420 [ 403.652558][ T9522] ? __fget_files+0x3a0/0x420 [ 403.652600][ T9522] __sys_sendmmsg+0x227/0x430 [ 403.652629][ T9522] ? __pfx___sys_sendmmsg+0x10/0x10 [ 403.652649][ T9522] ? __mutex_unlock_slowpath+0x1a1/0x740 [ 403.652709][ T9522] ? ksys_write+0x22a/0x250 [ 403.652738][ T9522] ? __pfx_ksys_write+0x10/0x10 [ 403.652762][ T9522] ? rcu_is_watching+0x15/0xb0 [ 403.652791][ T9522] __x64_sys_sendmmsg+0xa0/0xc0 [ 403.652816][ T9522] do_syscall_64+0xfa/0x3b0 [ 403.652843][ T9522] ? lockdep_hardirqs_on+0x9c/0x150 [ 403.652871][ T9522] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.652891][ T9522] ? clear_bhb_loop+0x60/0xb0 [ 403.652917][ T9522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 403.652936][ T9522] RIP: 0033:0x7fb53838ebe9 [ 403.652956][ T9522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 403.652974][ T9522] RSP: 002b:00007fb53927e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 403.652998][ T9522] RAX: ffffffffffffffda RBX: 00007fb5385b6180 RCX: 00007fb53838ebe9 [ 403.653013][ T9522] RDX: 0400000000000172 RSI: 0000200000003cc0 RDI: 0000000000000007 [ 403.653027][ T9522] RBP: 00007fb53927e090 R08: 0000000000000000 R09: 0000000000000000 [ 403.653040][ T9522] R10: 0000000004001c00 R11: 0000000000000246 R12: 0000000000000001 [ 403.653053][ T9522] R13: 00007fb5385b6218 R14: 00007fb5385b6180 R15: 00007fb5386dfa28 [ 403.653095][ T9522] [ 404.408316][ T9] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 404.568739][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 404.590270][ T9] usb 4-1: config index 0 descriptor too short (expected 29220, got 36) [ 404.622941][ T9] usb 4-1: config 0 has too many interfaces: 81, using maximum allowed: 32 [ 404.656761][ T9] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 81 [ 404.672067][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 404.684042][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 404.698544][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 404.714943][ T9] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 404.724911][ T9] usb 4-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 18 [ 404.740369][ T9] usb 4-1: New USB device found, idVendor=03f0, idProduct=6c17, bcdDevice= 0.40 [ 404.751146][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 404.771315][ T9] usb 4-1: config 0 descriptor?? [ 405.130422][ T9535] netlink: 44 bytes leftover after parsing attributes in process `syz.3.940'. [ 405.140607][ T9535] A link change request failed with some changes committed already. Interface lo may have been left with an inconsistent configuration, please check. [ 405.269057][ T9] usblp 4-1:0.0: usblp0: USB Bidirectional printer dev 31 if 0 alt 0 proto 3 vid 0x03F0 pid 0x6C17 [ 406.061749][ T9547] usb usb8: usbfs: process 9547 (syz.1.949) did not claim interface 0 before use [ 406.278916][ T9552] netlink: 'syz.1.951': attribute type 4 has an invalid length. [ 406.409165][ T9556] netlink: 'syz.1.951': attribute type 4 has an invalid length. [ 406.472879][ T9549] ªªªªª$: renamed from bridge_slave_0 (while UP) [ 407.405747][ T959] usb 4-1: USB disconnect, device number 31 [ 407.446960][ T959] usblp0: removed [ 407.733289][ T9593] usb usb1: usbfs: interface 0 claimed by hub while 'syz.0.965' sets config #65 [ 407.878334][ T959] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 408.068344][ T959] usb 4-1: Using ep0 maxpacket: 32 [ 408.081629][ T959] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 408.093640][ T959] usb 4-1: config 0 has no interface number 0 [ 408.114737][ T959] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 408.129387][ T959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.147951][ T959] usb 4-1: Product: syz [ 408.158561][ T959] usb 4-1: Manufacturer: syz [ 408.163211][ T959] usb 4-1: SerialNumber: syz [ 408.178210][ T959] usb 4-1: config 0 descriptor?? [ 408.191755][ T959] smsc95xx v2.0.0 [ 408.597829][ T959] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 408.615877][ T959] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 408.858485][ T43] usb 5-1: new high-speed USB device number 33 using dummy_hcd [ 409.023053][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 409.034159][ T43] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 409.044736][ T959] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 409.055620][ T43] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 409.070177][ T959] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 409.079108][ T43] usb 5-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 409.079827][ T848] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 409.091950][ T959] usb 4-1: USB disconnect, device number 32 [ 409.102400][ T43] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.132260][ T43] usb 5-1: config 0 descriptor?? [ 409.142561][ T43] hub 5-1:0.0: USB hub found [ 409.268418][ T848] usb 1-1: Using ep0 maxpacket: 16 [ 409.275550][ T848] usb 1-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 409.285848][ T848] usb 1-1: config 7 interface 0 altsetting 5 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 409.297218][ T848] usb 1-1: config 7 interface 0 altsetting 5 endpoint 0x81 has invalid wMaxPacketSize 0 [ 409.307400][ T848] usb 1-1: config 7 interface 0 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 409.320771][ T848] usb 1-1: config 7 interface 0 has no altsetting 0 [ 409.327487][ T848] usb 1-1: New USB device found, idVendor=0458, idProduct=5010, bcdDevice= 0.00 [ 409.336814][ T848] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 409.354297][ T43] hub 5-1:0.0: 14 ports detected [ 409.364988][ T43] hub 5-1:0.0: insufficient power available to use all downstream ports [ 409.561907][ T43] hub 5-1:0.0: hub_hub_status failed (err = -71) [ 409.580708][ T43] hub 5-1:0.0: config failed, can't get hub status (err -71) [ 409.611850][ T43] usb 5-1: USB disconnect, device number 33 [ 409.739502][ T9627] tipc: Started in network mode [ 409.744782][ T9627] tipc: Node identity 4, cluster identity 4711 [ 409.751121][ T9627] tipc: Node number set to 4 [ 409.815864][ T848] input: HID 0458:5010 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:7.0/0003:0458:5010.000B/input/input16 [ 409.959308][ T848] kye 0003:0458:5010.000B: input,hiddev0,hidraw0: USB HID v2.00 Device [HID 0458:5010] on usb-dummy_hcd.0-1/input0 [ 410.015024][ T9632] netlink: 'syz.1.983': attribute type 3 has an invalid length. [ 410.028491][ T848] usb 1-1: USB disconnect, device number 35 [ 410.051597][ T9632] netlink: 944 bytes leftover after parsing attributes in process `syz.1.983'. [ 410.173871][ T9633] fido_id[9633]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.0/usb1/report_descriptor': No such file or directory [ 410.439147][ T43] usb 5-1: new high-speed USB device number 34 using dummy_hcd [ 410.625782][ T43] usb 5-1: unable to get BOS descriptor or descriptor too short [ 410.638917][ T30] kauditd_printk_skb: 4 callbacks suppressed [ 410.638938][ T30] audit: type=1326 audit(1755884897.695:127): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9639 comm="syz.1.986" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f36a5f8ebe9 code=0x0 [ 410.650677][ T43] usb 5-1: config 7 has an invalid interface number: 188 but max is 0 [ 410.725543][ T43] usb 5-1: config 7 has no interface number 0 [ 410.745328][ T43] usb 5-1: config 7 interface 188 has no altsetting 0 [ 410.756321][ T43] usb 5-1: New USB device found, idVendor=054c, idProduct=0010, bcdDevice= 5.06 [ 410.771402][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 410.779756][ T959] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 410.797423][ T43] usb 5-1: Product: syz [ 410.811155][ T43] usb 5-1: Manufacturer: syz [ 410.815964][ T43] usb 5-1: SerialNumber: syz [ 410.948505][ T959] usb 4-1: Using ep0 maxpacket: 32 [ 410.956572][ T959] usb 4-1: config 0 has an invalid interface number: 67 but max is 0 [ 410.975257][ T959] usb 4-1: config 0 has no interface number 0 [ 410.984652][ T959] usb 4-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 411.008369][ T959] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 411.016556][ T959] usb 4-1: Product: syz [ 411.024883][ T959] usb 4-1: Manufacturer: syz [ 411.046643][ T43] usb-storage 5-1:7.188: USB Mass Storage device detected [ 411.055323][ T959] usb 4-1: SerialNumber: syz [ 411.073771][ T959] usb 4-1: config 0 descriptor?? [ 411.091691][ T959] smsc95xx v2.0.0 [ 411.109561][ T43] usb-storage 5-1:7.188: Quirks match for vid 054c pid 0010: 1 [ 411.215493][ T43] usb 5-1: USB disconnect, device number 34 [ 411.512412][ T959] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 411.538177][ T959] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 411.850520][ T9667] sit0: entered promiscuous mode [ 411.883227][ T9667] netlink: 'syz.2.995': attribute type 1 has an invalid length. [ 411.908113][ T9667] netlink: 1 bytes leftover after parsing attributes in process `syz.2.995'. [ 412.162524][ T959] smsc95xx 4-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000104: -71 [ 412.183784][ T959] smsc95xx 4-1:0.67: probe with driver smsc95xx failed with error -71 [ 412.214555][ T959] usb 4-1: USB disconnect, device number 33 [ 413.058767][ T959] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 413.228215][ T959] usb 4-1: Using ep0 maxpacket: 32 [ 413.240591][ T959] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 413.272271][ T959] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 413.298208][ T959] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 413.314917][ T959] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.339303][ T959] usb 4-1: config 0 descriptor?? [ 413.360872][ T959] hub 4-1:0.0: USB hub found [ 413.595473][ T959] hub 4-1:0.0: config failed, can't read hub descriptor (err -22) [ 413.876324][ T959] hid-generic 0003:046D:C31C.000C: hidraw0: USB HID v8.00 Device [HID 046d:c31c] on usb-dummy_hcd.3-1/input0 [ 414.138964][ T43] usb 4-1: USB disconnect, device number 34 [ 414.273804][ T9699] input: syz1 as /devices/virtual/input/input17 [ 415.788246][ T848] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 415.951933][ T848] usb 1-1: config 0 interface 0 has no altsetting 0 [ 415.962077][ T848] usb 1-1: New USB device found, idVendor=13d3, idProduct=3219, bcdDevice=7a.67 [ 415.991860][ T848] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 416.052579][ T848] usb 1-1: Product: syz [ 416.056771][ T848] usb 1-1: Manufacturer: syz [ 416.078793][ T848] usb 1-1: SerialNumber: syz [ 416.102044][ T848] usb 1-1: config 0 descriptor?? [ 416.146989][ T848] dvb-usb: found a 'DTV-DVB UDTT7049' in warm state. [ 416.199957][ T848] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 416.220545][ T848] dvbdev: DVB: registering new adapter (DTV-DVB UDTT7049) [ 416.243515][ T848] usb 1-1: media controller created [ 416.314982][ T848] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 416.385230][ T848] dvb-usb: no frontend was attached by 'DTV-DVB UDTT7049' [ 416.556090][ T848] rc_core: IR keymap rc-twinhan1027 not found [ 416.581835][ T848] Registered IR keymap rc-empty [ 416.610396][ T848] rc rc0: DTV-DVB UDTT7049 as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0 [ 416.686164][ T848] input: DTV-DVB UDTT7049 as /devices/platform/dummy_hcd.0/usb1/1-1/rc/rc0/input18 [ 416.697803][ T9728] binder: 9727:9728 ioctl c0306201 0 returned -14 [ 416.755507][ T9728] netlink: 'syz.4.1015': attribute type 4 has an invalid length. [ 416.758985][ T848] dvb-usb: schedule remote query interval to 150 msecs. [ 416.808609][ T848] dvb-usb: DTV-DVB UDTT7049 successfully initialized and connected. [ 416.844209][ T848] dvb_usb_m920x 1-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 416.861556][ T9733] pci 0000:00:05.0: vgaarb: VGA decodes changed: olddecodes=none,decodes=none:owns=io+mem [ 416.902806][ T848] usb 1-1: USB disconnect, device number 36 [ 416.970898][ T9] m920x_read = error: -19 [ 416.975474][ T9] dvb-usb: error -19 while querying for an remote control event. [ 417.158772][ T9] m920x_read = error: -19 [ 417.168290][ T9] dvb-usb: error -19 while querying for an remote control event. [ 417.222468][ T9745] netlink: 'syz.4.1019': attribute type 1 has an invalid length. [ 417.403324][ T9] m920x_read = error: -19 [ 417.414142][ T9] dvb-usb: error -19 while querying for an remote control event. [ 417.723899][ T9745] 8021q: adding VLAN 0 to HW filter on device bond2 [ 417.823307][ T9] m920x_read = error: -19 [ 417.827738][ T9] dvb-usb: error -19 while querying for an remote control event. [ 417.998507][ T848] m920x_read = error: -19 [ 418.003391][ T848] dvb-usb: error -19 while querying for an remote control event. [ 418.208272][ T848] m920x_read = error: -19 [ 418.212803][ T848] dvb-usb: error -19 while querying for an remote control event. [ 418.408268][ T848] m920x_read = error: -19 [ 418.414208][ T848] dvb-usb: error -19 while querying for an remote control event. [ 418.628334][ T848] m920x_read = error: -19 [ 418.928152][ T848] dvb-usb: error -19 while querying for an remote control event. [ 419.088305][ T9] m920x_read = error: -19 [ 419.092698][ T9] dvb-usb: error -19 while querying for an remote control event. [ 419.285504][ T9] m920x_read = error: -19 [ 419.291755][ T9] dvb-usb: error -19 while querying for an remote control event. [ 419.528028][ T9] m920x_read = error: -19 [ 419.564639][ T9] dvb-usb: error -19 while querying for an remote control event. [ 419.748314][ T9] m920x_read = error: -19 [ 419.772943][ T9] dvb-usb: error -19 while querying for an remote control event. [ 420.061944][ T9] m920x_read = error: -19 [ 420.066404][ T9] dvb-usb: error -19 while querying for an remote control event. [ 420.258295][ T9] m920x_read = error: -19 [ 420.262859][ T9] dvb-usb: error -19 while querying for an remote control event. [ 420.443179][ T9] m920x_read = error: -19 [ 420.463296][ T9] dvb-usb: error -19 while querying for an remote control event. [ 420.764019][ T9] m920x_read = error: -19 [ 420.778264][ T9] dvb-usb: error -19 while querying for an remote control event. [ 420.938310][ T848] m920x_read = error: -19 [ 420.953405][ T848] dvb-usb: error -19 while querying for an remote control event. [ 421.166821][ T10] m920x_read = error: -19 [ 421.171522][ T9] usb 5-1: new high-speed USB device number 35 using dummy_hcd [ 421.181424][ T10] dvb-usb: error -19 while querying for an remote control event. [ 421.368230][ T9] usb 5-1: Using ep0 maxpacket: 8 [ 421.375017][ T9] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 421.396793][ T9] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 421.407003][ T10] m920x_read = error: -19 [ 421.419832][ T10] dvb-usb: error -19 while querying for an remote control event. [ 421.457033][ T9] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 421.502048][ T9] usb 5-1: config 16 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 421.564344][ T9] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 421.613124][ T10] m920x_read = error: -19 [ 421.624784][ T10] dvb-usb: error -19 while querying for an remote control event. [ 421.635609][ T9] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 421.659946][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.723256][ T9] usbtmc 5-1:16.0: bulk endpoints not found [ 421.838650][ T10] m920x_read = error: -19 [ 421.848292][ T10] dvb-usb: error -19 while querying for an remote control event. [ 422.068230][ T10] m920x_read = error: -19 [ 422.073214][ T10] dvb-usb: error -19 while querying for an remote control event. [ 422.263538][ T848] m920x_read = error: -19 [ 422.270418][ T848] dvb-usb: error -19 while querying for an remote control event. [ 422.548305][ T848] m920x_read = error: -19 [ 422.552707][ T848] dvb-usb: error -19 while querying for an remote control event. [ 422.758297][ T848] m920x_read = error: -19 [ 422.762733][ T848] dvb-usb: error -19 while querying for an remote control event. [ 422.978820][ T848] m920x_read = error: -19 [ 422.983229][ T848] dvb-usb: error -19 while querying for an remote control event. [ 423.178538][ T848] m920x_read = error: -19 [ 423.182937][ T848] dvb-usb: error -19 while querying for an remote control event. [ 423.408433][ T848] m920x_read = error: -19 [ 423.418319][ T848] dvb-usb: error -19 while querying for an remote control event. [ 423.608306][ T848] m920x_read = error: -19 [ 423.612828][ T848] dvb-usb: error -19 while querying for an remote control event. [ 423.778255][ T10] m920x_read = error: -19 [ 423.945452][ T10] dvb-usb: error -19 while querying for an remote control event. [ 424.254608][ T10] m920x_read = error: -19 [ 424.262335][ T10] dvb-usb: error -19 while querying for an remote control event. [ 424.428249][ T10] m920x_read = error: -19 [ 424.432777][ T10] dvb-usb: error -19 while querying for an remote control event. [ 424.628391][ T10] m920x_read = error: -19 [ 424.632753][ T10] dvb-usb: error -19 while querying for an remote control event. [ 424.692262][ T9837] netlink: 14 bytes leftover after parsing attributes in process `syz.3.1046'. [ 424.851105][ T10] m920x_read = error: -19 [ 424.855494][ T10] dvb-usb: error -19 while querying for an remote control event. [ 424.911550][ T9840] ksmbd: Unknown IPC event: 3, ignore. [ 425.029077][ T10] usb 5-1: USB disconnect, device number 35 [ 425.059094][ T9] m920x_read = error: -19 [ 425.066020][ T9] dvb-usb: error -19 while querying for an remote control event. [ 425.228209][ T10] m920x_read = error: -19 [ 425.232721][ T10] dvb-usb: error -19 while querying for an remote control event. [ 425.442731][ T10] m920x_read = error: -19 [ 425.448705][ T10] dvb-usb: error -19 while querying for an remote control event. [ 425.588436][ T9837] bond0 (unregistering): Released all slaves [ 425.638745][ T10] m920x_read = error: -19 [ 425.644167][ T10] dvb-usb: error -19 while querying for an remote control event. [ 425.853439][ T10] m920x_read = error: -19 [ 425.998350][ T10] dvb-usb: error -19 while querying for an remote control event. [ 426.158316][ T10] m920x_read = error: -19 [ 426.162887][ T10] dvb-usb: error -19 while querying for an remote control event. [ 426.334077][ T10] m920x_read = error: -19 [ 426.378754][ T10] dvb-usb: error -19 while querying for an remote control event. [ 426.583013][ T10] m920x_read = error: -19 [ 426.597420][ T10] dvb-usb: error -19 while querying for an remote control event. [ 426.789207][ T848] m920x_read = error: -19 [ 426.804304][ T848] dvb-usb: error -19 while querying for an remote control event. [ 427.022942][ T848] m920x_read = error: -19 [ 427.027374][ T848] dvb-usb: error -19 while querying for an remote control event. [ 427.278591][ T848] m920x_read = error: -19 [ 427.284925][ T848] dvb-usb: error -19 while querying for an remote control event. [ 427.469302][ T848] m920x_read = error: -19 [ 427.485093][ T848] dvb-usb: error -19 while querying for an remote control event. [ 427.508455][ T9864] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1055'. [ 427.678937][ T848] m920x_read = error: -19 [ 427.683507][ T848] dvb-usb: error -19 while querying for an remote control event. [ 427.848471][ T848] m920x_read = error: -19 [ 427.852891][ T848] dvb-usb: error -19 while querying for an remote control event. [ 428.066263][ T10] m920x_read = error: -19 [ 428.071503][ T10] dvb-usb: error -19 while querying for an remote control event. [ 428.251482][ T10] m920x_read = error: -19 [ 428.255972][ T10] dvb-usb: error -19 while querying for an remote control event. [ 428.458399][ T10] m920x_read = error: -19 [ 428.463028][ T10] dvb-usb: error -19 while querying for an remote control event. [ 428.476804][ T9847] syz.3.1050 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 428.518176][ T959] usb 5-1: new high-speed USB device number 36 using dummy_hcd [ 428.628310][ T10] m920x_read = error: -19 [ 428.632842][ T10] dvb-usb: error -19 while querying for an remote control event. [ 428.678737][ T959] usb 5-1: Using ep0 maxpacket: 16 [ 428.695818][ T959] usb 5-1: config 0 has an invalid interface number: 8 but max is 0 [ 428.716259][ T959] usb 5-1: config 0 has no interface number 0 [ 428.729861][ T959] usb 5-1: config 0 interface 8 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 428.763535][ T959] usb 5-1: New USB device found, idVendor=0d8c, idProduct=000e, bcdDevice=8e.8f [ 428.783290][ T959] usb 5-1: New USB device strings: Mfr=0, Product=24, SerialNumber=3 [ 428.808009][ T959] usb 5-1: Product: syz [ 428.813896][ T959] usb 5-1: SerialNumber: syz [ 428.818592][ T10] m920x_read = error: -19 [ 428.818648][ T10] dvb-usb: error -19 while querying for an remote control event. [ 428.865058][ T959] usb 5-1: config 0 descriptor?? [ 428.887041][ T959] cm109 5-1:0.8: invalid payload size 3, expected 4 [ 428.901861][ T959] input: CM109 USB driver as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.8/input/input20 [ 428.979025][ T10] m920x_read = error: -19 [ 428.988840][ T10] dvb-usb: error -19 while querying for an remote control event. [ 429.178686][ T10] m920x_read = error: -19 [ 429.183201][ T10] dvb-usb: error -19 while querying for an remote control event. [ 429.334268][ C1] cm109 5-1:0.8: cm109_urb_irq_callback: urb status -71 [ 429.341274][ C1] ------------[ cut here ]------------ [ 429.346752][ C1] URB ffff88805c318100 submitted while active [ 429.353740][ C1] WARNING: CPU: 1 PID: 23 at drivers/usb/core/urb.c:379 usb_submit_urb+0xfc1/0x1830 [ 429.363166][ C1] Modules linked in: [ 429.367290][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) [ 429.376519][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 429.382118][ T10] m920x_read = error: -19 [ 429.386596][ C1] RIP: 0010:usb_submit_urb+0xfc1/0x1830 [ 429.386655][ C1] Code: 44 89 f2 e8 81 c7 00 fa e9 13 fc ff ff e8 87 de 93 fa c6 05 2c af 61 08 01 90 48 c7 c7 80 fb 34 8c 48 89 de e8 20 7d 57 fa 90 <0f> 0b 90 90 e9 b7 f0 ff ff e8 61 de 93 fa eb 11 e8 5a de 93 fa bd [ 429.386677][ C1] RSP: 0018:ffffc900001d74d8 EFLAGS: 00010046 [ 429.386701][ C1] RAX: 3e7560513fd1f300 RBX: ffff88805c318100 RCX: 0000000000040000 [ 429.386718][ C1] RDX: ffffc90002362000 RSI: 000000000000461d RDI: 000000000000461e [ 429.386734][ C1] RBP: 000000000000000f R08: ffff8880b8724253 R09: 1ffff110170e484a [ 429.386751][ C1] R10: dffffc0000000000 R11: ffffed10170e484b R12: dffffc0000000000 [ 429.386766][ C1] R13: ffff88803224c830 R14: ffff88805c318108 R15: 0000000000000820 [ 429.386782][ C1] FS: 0000000000000000(0000) GS:ffff888125d1b000(0000) knlGS:0000000000000000 [ 429.386801][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 429.386818][ C1] CR2: 0000200000003000 CR3: 000000007e13c000 CR4: 00000000003526f0 [ 429.391267][ T10] dvb-usb: error -19 while querying for an remote control event. [ 429.396703][ C1] Call Trace: [ 429.396715][ C1] [ 429.396733][ C1] ? kcov_remote_start+0x97/0x7f0 [ 429.505136][ C1] cm109_urb_irq_callback+0x709/0xca0 [ 429.510736][ C1] __usb_hcd_giveback_urb+0x41a/0x690 [ 429.516153][ C1] ? usb_hcd_unlink_urb_from_ep+0x2c/0x110 [ 429.522011][ C1] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 429.528137][ C1] ? usb_hcd_giveback_urb+0x10e/0x420 [ 429.533561][ C1] dummy_timer+0x862/0x4550 [ 429.538140][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 429.543556][ C1] ? __pfx_pwq_dec_nr_in_flight+0x10/0x10 [ 429.549363][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 429.554345][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 429.559319][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 429.564291][ C1] __hrtimer_run_queues+0x52c/0xc60 [ 429.569584][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 429.575425][ C1] ? read_tsc+0x9/0x20 [ 429.579545][ C1] ? __pfx_tasklet_action_common+0x10/0x10 [ 429.585396][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 429.590555][ C1] handle_softirqs+0x283/0x870 [ 429.595443][ C1] ? run_ksoftirqd+0x9b/0x100 [ 429.600248][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 429.605626][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 429.610690][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 429.615825][ C1] run_ksoftirqd+0x9b/0x100 [ 429.620444][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 429.625598][ C1] smpboot_thread_fn+0x53f/0xa60 [ 429.630583][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 429.635665][ C1] kthread+0x70e/0x8a0 [ 429.638966][ T10] m920x_read = error: -19 [ 429.640288][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 429.640316][ C1] ? __pfx_kthread+0x10/0x10 [ 429.644921][ T10] dvb-usb: error -19 while querying for an remote control event. [ 429.650281][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 429.650314][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 429.650343][ C1] ? __pfx_kthread+0x10/0x10 [ 429.678003][ C1] ret_from_fork+0x3f9/0x770 [ 429.682633][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 429.687787][ C1] ? __switch_to_asm+0x39/0x70 [ 429.692584][ C1] ? __switch_to_asm+0x33/0x70 [ 429.697567][ C1] ? __pfx_kthread+0x10/0x10 [ 429.702211][ C1] ret_from_fork_asm+0x1a/0x30 [ 429.707122][ C1] [ 429.710197][ C1] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 429.717500][ C1] CPU: 1 UID: 0 PID: 23 Comm: ksoftirqd/1 Not tainted syzkaller #0 PREEMPT(full) [ 429.726816][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 429.736898][ C1] Call Trace: [ 429.740221][ C1] [ 429.743185][ C1] dump_stack_lvl+0x99/0x250 [ 429.747814][ C1] ? __asan_memcpy+0x40/0x70 [ 429.752450][ C1] ? __pfx_dump_stack_lvl+0x10/0x10 [ 429.757680][ C1] ? __pfx__printk+0x10/0x10 [ 429.762320][ C1] vpanic+0x281/0x750 [ 429.766333][ C1] ? __pfx__printk+0x10/0x10 [ 429.770968][ C1] ? __pfx_vpanic+0x10/0x10 [ 429.775603][ C1] ? is_bpf_text_address+0x292/0x2b0 [ 429.780952][ C1] panic+0xb9/0xc0 [ 429.784710][ C1] ? __pfx_panic+0x10/0x10 [ 429.789184][ C1] __warn+0x31b/0x4b0 [ 429.793199][ C1] ? usb_submit_urb+0xfc1/0x1830 [ 429.798256][ C1] ? usb_submit_urb+0xfc1/0x1830 [ 429.803224][ C1] report_bug+0x2be/0x4f0 [ 429.807604][ C1] ? usb_submit_urb+0xfc1/0x1830 [ 429.812580][ C1] ? usb_submit_urb+0xfc1/0x1830 [ 429.817646][ C1] ? usb_submit_urb+0xfc3/0x1830 [ 429.822702][ C1] handle_bug+0x84/0x160 [ 429.826978][ C1] exc_invalid_op+0x1a/0x50 [ 429.831508][ C1] asm_exc_invalid_op+0x1a/0x20 [ 429.836384][ C1] RIP: 0010:usb_submit_urb+0xfc1/0x1830 [ 429.841963][ C1] Code: 44 89 f2 e8 81 c7 00 fa e9 13 fc ff ff e8 87 de 93 fa c6 05 2c af 61 08 01 90 48 c7 c7 80 fb 34 8c 48 89 de e8 20 7d 57 fa 90 <0f> 0b 90 90 e9 b7 f0 ff ff e8 61 de 93 fa eb 11 e8 5a de 93 fa bd [ 429.861598][ C1] RSP: 0018:ffffc900001d74d8 EFLAGS: 00010046 [ 429.867688][ C1] RAX: 3e7560513fd1f300 RBX: ffff88805c318100 RCX: 0000000000040000 [ 429.875683][ C1] RDX: ffffc90002362000 RSI: 000000000000461d RDI: 000000000000461e [ 429.883946][ C1] RBP: 000000000000000f R08: ffff8880b8724253 R09: 1ffff110170e484a [ 429.891928][ C1] R10: dffffc0000000000 R11: ffffed10170e484b R12: dffffc0000000000 [ 429.899912][ C1] R13: ffff88803224c830 R14: ffff88805c318108 R15: 0000000000000820 [ 429.907996][ C1] ? usb_submit_urb+0xfc0/0x1830 [ 429.912962][ C1] ? kcov_remote_start+0x97/0x7f0 [ 429.917999][ C1] cm109_urb_irq_callback+0x709/0xca0 [ 429.923389][ C1] __usb_hcd_giveback_urb+0x41a/0x690 [ 429.928796][ C1] ? usb_hcd_unlink_urb_from_ep+0x2c/0x110 [ 429.934615][ C1] ? __pfx___usb_hcd_giveback_urb+0x10/0x10 [ 429.940529][ C1] ? usb_hcd_giveback_urb+0x10e/0x420 [ 429.945915][ C1] dummy_timer+0x862/0x4550 [ 429.950630][ C1] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 429.956031][ C1] ? __pfx_pwq_dec_nr_in_flight+0x10/0x10 [ 429.961779][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 429.966816][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 429.971762][ C1] ? __pfx_dummy_timer+0x10/0x10 [ 429.976707][ C1] __hrtimer_run_queues+0x52c/0xc60 [ 429.981941][ C1] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 429.987664][ C1] ? read_tsc+0x9/0x20 [ 429.991748][ C1] ? __pfx_tasklet_action_common+0x10/0x10 [ 429.997565][ C1] hrtimer_run_softirq+0x187/0x2b0 [ 430.002686][ C1] handle_softirqs+0x283/0x870 [ 430.007455][ C1] ? run_ksoftirqd+0x9b/0x100 [ 430.012145][ C1] ? __pfx_handle_softirqs+0x10/0x10 [ 430.017438][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 430.022465][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 430.027515][ C1] run_ksoftirqd+0x9b/0x100 [ 430.032032][ C1] ? __pfx_run_ksoftirqd+0x10/0x10 [ 430.037158][ C1] smpboot_thread_fn+0x53f/0xa60 [ 430.042104][ C1] ? smpboot_thread_fn+0x4d/0xa60 [ 430.047139][ C1] kthread+0x70e/0x8a0 [ 430.051221][ C1] ? __pfx_smpboot_thread_fn+0x10/0x10 [ 430.056693][ C1] ? __pfx_kthread+0x10/0x10 [ 430.061289][ C1] ? _raw_spin_unlock_irq+0x23/0x50 [ 430.066499][ C1] ? lockdep_hardirqs_on+0x9c/0x150 [ 430.071705][ C1] ? __pfx_kthread+0x10/0x10 [ 430.076389][ C1] ret_from_fork+0x3f9/0x770 [ 430.080985][ C1] ? __pfx_ret_from_fork+0x10/0x10 [ 430.086192][ C1] ? __switch_to_asm+0x39/0x70 [ 430.091049][ C1] ? __switch_to_asm+0x33/0x70 [ 430.095820][ C1] ? __pfx_kthread+0x10/0x10 [ 430.100429][ C1] ret_from_fork_asm+0x1a/0x30 [ 430.105218][ C1] [ 430.108545][ C1] Kernel Offset: disabled [ 430.112983][ C1] Rebooting in 86400 seconds..