last executing test programs: 18.588262598s ago: executing program 1 (id=439): syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000dc0)={0x2c, &(0x7f0000000ac0)={0x0, 0x9, 0x1, "af"}, 0x0, 0x0, 0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000240)={0x14, &(0x7f0000000100)={0x20, 0xa, 0x2, {0x2}}, &(0x7f0000000200)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = userfaultfd(0x80801) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100}) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) syz_io_uring_submit(r6, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8924, 0x0) mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x1c, &(0x7f0000000280)={0x40, 0x3}, 0x0, 0x0}) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x44, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000005c0)={0x34, &(0x7f00000002c0)={0x0, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000b40)={0x34, &(0x7f0000000840)={0x20, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x1c, &(0x7f00000006c0)={0x20}, 0x0, 0x0}) 18.553988253s ago: executing program 2 (id=440): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$F2FS_IOC_ABORT_ATOMIC_WRITE(r1, 0xf505, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r3, 0xae60) ioctl$KVM_CREATE_PIT2(r3, 0x4040ae77, &(0x7f0000000180)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x12, 0x0, 0x0) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r4, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7fffffff], 0x80a0000}) ioctl$KVM_RUN(r4, 0xae80, 0x40000000) 17.400157892s ago: executing program 3 (id=443): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) shutdown(r0, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r0, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f00000000c0)=[@in={0x2, 0x4e22, @loopback}]}, &(0x7f0000000180)=0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0xd, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_PEER_ADDR_THLDS(r0, 0x84, 0x85, &(0x7f00000001c0)={r2, @in6={{0xa, 0x4e20, 0xffffffff, @empty, 0xffffffff}}}, 0x90) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) syz_clone(0xd000, 0x0, 0x0, &(0x7f0000000040), 0x0, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, 0xffffffffffffffff, {0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x2}}, 0x2, 0x0, 0x0, 0x2}}, 0x2e) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000780)={0x0, 0x0, &(0x7f0000000740)={&(0x7f0000000500)=ANY=[@ANYBLOB="2800000011000100"/20, @ANYRES32=0x0, @ANYBLOB="0000010000000092877af9dff7ddf32db41d64001bde743774dae088764766f7c83f761ac163ee878fa8c84ba11589beb5ba5c32ed92d108a418db568849d0155de67467ee5759dd416edd4facabc1e75e97da9de003369b1b0b220807eafad2a4bdffe50000"], 0x28}}, 0x0) syz_open_dev$dri(&(0x7f0000000000), 0x1, 0xa80) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000001c0)="3c75c2015e", 0x5) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r5 = ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) r6 = syz_open_dev$dri(&(0x7f0000000000), 0x1f, 0x0) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r6, 0xc04064a0, &(0x7f0000000200)={0x0, &(0x7f0000000140)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_SETCRTC(r6, 0xc06864a2, &(0x7f00000002c0)={0x0, 0x0, r7, 0x0, 0x80, 0x5, 0x9, 0x0, {0x9, 0xd6, 0x1c, 0xd, 0x5, 0x401, 0xfff5, 0xa, 0x0, 0x52, 0x8000, 0x7e9, 0x401, 0x9aa1, "cb630dab3a0338057401a192419598961f50dc45c87d55a52a28b8f01c0e0e7a"}}) ioctl$DRM_IOCTL_MODE_GETCRTC(r6, 0xc06864a1, &(0x7f0000000340)={0x0, 0x0, r7}) r8 = ioctl$KVM_CREATE_VCPU(r5, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r5, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) getsockopt$inet_sctp_SCTP_SOCKOPT_CONNECTX3(r1, 0x84, 0x6f, &(0x7f0000000080)={r2, 0xac, &(0x7f0000000640)=[@in6={0xa, 0x4e22, 0x2, @remote, 0xc7}, @in={0x2, 0x4e24, @multicast2}, @in={0x2, 0x4e22, @empty}, @in6={0xa, 0x4e20, 0x0, @private2={0xfc, 0x2, '\x00', 0x1}, 0x3}, @in6={0xa, 0x4e24, 0xb, @private2={0xfc, 0x2, '\x00', 0x1}, 0xfff}, @in6={0xa, 0x4e23, 0x4, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}, 0xb}, @in6={0xa, 0x4e20, 0x5, @loopback, 0x4}]}, &(0x7f0000000280)=0x10) ioctl$KVM_NMI(r8, 0xae9a) ioctl$KVM_SET_REGS(r8, 0x4090ae82, &(0x7f0000000380)={[0x0, 0x100000000, 0x0, 0x0, 0x0, 0x0, 0x2004c8, 0x48000000, 0x0, 0x10000000, 0xfffffffffffffffe, 0x100, 0x3193, 0x0, 0x5, 0x400000000000000], 0x0, 0x4}) ioctl$KVM_RUN(r8, 0xae80, 0x0) r9 = socket$inet_sctp(0x2, 0x5, 0x84) setsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r9, 0x84, 0xa, &(0x7f0000000600)={0x9, 0x8, 0x203, 0x0, 0x10, 0x0, 0xfffffffe}, 0x20) sendto$inet(r9, &(0x7f00000001c0)="ab", 0xffe0, 0x4000855, &(0x7f0000000100)={0x2, 0x4e24, @local}, 0x10) 17.187319662s ago: executing program 1 (id=444): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) timer_settime(0x0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, &(0x7f0000000100)) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close(0xffffffffffffffff) 16.940210726s ago: executing program 1 (id=445): r0 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000200), 0x40082, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) signalfd4(0xffffffffffffffff, &(0x7f0000000180)={[0xfffffffffffffe00]}, 0x8, 0xc0800) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0x9}, 0x0) r4 = openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) ioctl$KVM_CHECK_EXTENSION(r4, 0xae03, 0xe9) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r5 = openat$vicodec0(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) r6 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r6, 0x4b72, &(0x7f0000000100)={0x1, 0x1, 0xa, 0x20, 0x1cb, &(0x7f0000000480)}) ioctl$VIDIOC_TRY_FMT(r5, 0xc0d05640, &(0x7f00000000c0)={0xa, @pix={0x0, 0x0, 0x34565348, 0x0, 0x0, 0x0, 0x25}}) pread64(0xffffffffffffffff, 0x0, 0x0, 0xc2a) mmap(&(0x7f0000002000/0x3000)=nil, 0x3000, 0x2000000, 0x12, 0xffffffffffffffff, 0x0) openat$nullb(0xffffffffffffff9c, &(0x7f0000000040), 0x84042, 0x0) r7 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_SET_BLOCK_SIZE(r7, 0x4c09, 0x4) write$binfmt_register(0xffffffffffffffff, &(0x7f00000000c0)={0x3a, 'syz1', 0x3a, 'M', 0x3a, 0x1000, 0x3a, '/dev/bus/usb/00#/00\\\x00', 0x3a, '/dev/bus/usb/00#/00#\x00', 0x3a, './file0'}, 0x51) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) move_pages(0x0, 0x2, &(0x7f0000000500)=[&(0x7f0000454000/0x4000)=nil, &(0x7f0000ffc000/0x1000)=nil], 0x0, 0x0, 0x2) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000000c0)=ANY=[@ANYBLOB="98000000100001002abd7000ffdbdf2500000000", @ANYRES32=0x0, @ANYBLOB="a009000000000000140003006e657464657673696d3000000000000008002800babc00005c0016805800018054000c801400"], 0x98}}, 0x40000) syz_io_uring_submit(0x0, 0x0, &(0x7f00000003c0)=@IORING_OP_PROVIDE_BUFFERS={0x1f, 0x58, 0x0, 0x6, 0x0, &(0x7f00000002c0)="f722cb41346e4799f4316950fb766fecc6406339a9493f8a7026690f6e1e0bf78a44ded2bb9d01fc6e0c2b3e05ca2a4ad24d89b9f0fdf41322ce6ba0343d0d384e3c21b9c045ce63cee5f87e67bdcc33477599a3041da57fcae3c01d34ab9ab73e7f45ebe462b8f6db9d8f28e0384dc378896018da52f56972218ef3bd921aa8f5d7eab3d0a13b8b03eb82974a0dfd51efb02e124f6f6932ae73399401cf39f3302769ed7a300a0d8b31e78af503d329878dc49710f800dbea51cd5db1233f9b20df4000fd1f659a3788b3cc0462", 0x7fffffff, 0x0, 0x1, {0x1}}) socket(0x1e, 0x4, 0xffffffff) ioctl$PPPIOCNEWUNIT(r0, 0xc004743e, &(0x7f0000000140)) 16.23530283s ago: executing program 0 (id=447): r0 = openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x727000, 0x44) socket(0x25, 0x1, 0xffffff81) r1 = syz_open_procfs$userns(0xffffffffffffffff, &(0x7f0000000180)) mount_setattr(r0, &(0x7f0000000140)='./file0\x00', 0xb00, &(0x7f00000001c0)={0x1000f0, 0xa, 0x0, {r1}}, 0x20) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r4 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000180)={'wlan1\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f00000007c0)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000001540)=@newqdisc={0x40, 0x24, 0xf0b, 0x0, 0x0, {0x0, 0x0, 0x0, r5, {}, {0xffff, 0xffff}, {0x9}}, [@qdisc_kind_options=@q_etf={{0x8}, {0x14, 0x2, @TCA_ETF_PARMS={0x6, 0x1, {0xf1ffffff, 0x7, 0x2}}}}]}, 0x40}}, 0x0) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, 0x0, 0x0, 0x23, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r6 = socket$inet_udp(0x2, 0x2, 0x0) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000840)=@updpolicy={0xfc, 0x19, 0x1, 0x0, 0x25dfdbfc, {{@in, @in6=@remote, 0x0, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x4, 0x0, 0x0, 0x0, 0x2}, {0x0, 0x0, 0x200000000000}, 0x0, 0x0, 0x1}, [@tmpl={0x44, 0x5, [{{@in6=@empty, 0x2, 0x2b}, 0xa, @in6=@local, 0x0, 0x4}]}]}, 0xfc}, 0x1, 0x0, 0x0, 0x20008000}, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) bind$inet(r6, &(0x7f0000000100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0xb}}, 0x10) setsockopt$sock_int(r6, 0x1, 0x6, &(0x7f0000000000)=0x4, 0x4) connect$inet(r6, &(0x7f0000000280)={0x2, 0x0, @broadcast}, 0x10) sendmmsg$inet(r6, &(0x7f0000004d00)=[{{0x0, 0x6000, 0x0, 0x11, 0x0, 0x0, 0x30000}}], 0x300, 0xf00) 15.985442166s ago: executing program 3 (id=448): r0 = socket$inet_tcp(0x2, 0x1, 0x0) bind$inet(r0, &(0x7f0000000000)={0x2, 0x4e1d, @multicast2}, 0x10) setsockopt$sock_int(r0, 0x1, 0x1, &(0x7f0000000040)=0x1, 0x4) connect$inet(0xffffffffffffffff, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000300)=@abs, 0x6e) socket$nl_audit(0x10, 0x3, 0x9) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r2, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) setsockopt$inet_sctp6_SCTP_PR_SUPPORTED(0xffffffffffffffff, 0x84, 0x71, &(0x7f0000000140), 0x8) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb47, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000240)={0x1, &(0x7f00000000c0)=[{0x5e, 0x2, 0xfe, 0x43}]}) r3 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x401) ioctl$BLKTRACESETUP(r3, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x530, 0xc, 0xfffffffffffffffd, 0x59c}) ioctl$SG_BLKTRACETEARDOWN(r3, 0x1276, 0x20000000) r4 = socket$kcm(0x10, 0x2, 0x0) sched_setaffinity(0x0, 0x0, 0x0) sendmsg$kcm(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)="d800000019007b29e00212ba0d8105040a601100fe02040b067c55a1bc001400090006990600000015000500fe800000000000000300014002000c0901ac04000bd67f6f94007100a007a290457f0189b316277ce06bbace8017cbec4c2ee5a7cef4090000001fb791643a5ee4b11602b2a10c11ce1b14d6d930dfe1d9d322fe04fb95cae8c9010000730d7a5025ccca262f3d40fad95667e04adcdf634c1f215ce3bb9ad8ffd5e1cace81ed0b7fece0b42a9ecbee5de6ccd40dd601edef3d93452a92307f00000e97031e9f05e9f16e9cb5000000000000", 0xd8}], 0x1, 0x0, 0x0, 0x2663}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, 0x0, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r5) socket$netlink(0x10, 0x3, 0xe) socket$nl_generic(0x10, 0x3, 0x10) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000640)=ANY=[@ANYBLOB=' \x00\x00\x00', @ANYRES16=r6, @ANYBLOB="01000000080000000000070000000c000180050002002c"], 0x20}, 0x1, 0x0, 0x0, 0x4001c000}, 0x0) listen(0xffffffffffffffff, 0x8) accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) 15.963482333s ago: executing program 2 (id=449): r0 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_EDITDEST(r0, 0x84000000, 0x489, &(0x7f0000000380)={{0x84, @multicast1, 0x4e20, 0x3, 'sh\x00', 0x0, 0x60000000, 0xc}, {@rand_addr=0x64010102, 0x4e26, 0x12002, 0x3, 0x8001, 0x1}}, 0x44) 15.732356227s ago: executing program 2 (id=450): r0 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000080), 0xffffffffffffffff) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYRESHEX=r1], 0xc8}}, 0x0) r2 = syz_usb_connect(0x2, 0x3f, &(0x7f00000007c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f000200000009050502000000001009058b1e20"], 0x0) syz_usb_control_io$hid(r2, 0x0, &(0x7f00000002c0)={0x2c, &(0x7f0000000300)=ANY=[], 0x0, 0x0, 0x0, 0x0}) (async) r3 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) (async) r4 = syz_io_uring_setup(0x14d9, &(0x7f0000000480)={0x0, 0x5121, 0x0, 0x0, 0x2cf}, &(0x7f0000000040)=0x0, &(0x7f0000000600)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r5, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r7 = socket$inet_smc(0x2b, 0x1, 0x0) syz_io_uring_submit(r5, r6, &(0x7f0000000200)=@IORING_OP_CONNECT={0x10, 0x0, 0x0, r7, 0x0, 0x0}) (async) io_uring_enter(r4, 0x47ba, 0x0, 0x0, 0x0, 0x0) ioctl$FS_IOC_GETVERSION(r3, 0x40025b0c, &(0x7f0000000000)) (async) r8 = socket$nl_generic(0x10, 0x3, 0x10) (async) r9 = socket$alg(0x26, 0x5, 0x0) bind$alg(r9, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'xchacha20-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r9, 0x117, 0x1, &(0x7f0000000300)="c99b57381801238c09d0ff0f1d0dbd301e5a47b2f3caa73dcd2a6a370554375a", 0x20) r10 = accept4(r9, 0x0, 0x0, 0x0) sendmsg$nl_route_sched(r10, &(0x7f0000013a40)={0x0, 0x0, &(0x7f0000013a00)={&(0x7f00000158c0), 0x10b8c}}, 0x0) recvmmsg$unix(r10, &(0x7f0000006180)=[{{0x0, 0x0, &(0x7f0000000040)=[{&(0x7f0000000940)=""/208, 0xd0}, {&(0x7f0000000000)=""/58, 0x3a}], 0x2}}], 0x1, 0x0, 0x0) sendmsg$WG_CMD_SET_DEVICE(r8, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000cc0)={&(0x7f0000000300)=ANY=[@ANYRES64=r8, @ANYRES16=r0, @ANYBLOB="01000000000000000000010000001400020077673100000000000000000000000000f4010880700000804800098028a25880060001000a00000014000200fe8000000000000000000000000000aa05000300000000001c000080060001000200000008000200e0000001050003000000000024000100000000000000000000000000000000000000000000000000000000000000000080010080200004000a004e2000000005200100000000000000000000000000000800000006000500b01f00000800030006000000060005000500000008000a000100000024000100dbffffffffffffffffffffffffffffffffffffffffffffffffffffffffffffff200004000a004e200000040100000000000000000000ffffac14142a06000000240001000000000000000000000000000000000000000000000000000000000000000000d4"], 0x21c}}, 0x0) 15.214871987s ago: executing program 0 (id=452): socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000004c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f0000000240)=0x2, 0x4) r3 = syz_clone(0x80880, &(0x7f00000002c0)="e14670610aa603c4f61a3e692f9f24fa70aa261554faf71390db5831cb7a5055576dc14ab2b1f3dac002ab3840c4c71d195598c0bbb32106f143c12ae3e662d01a0d259a711e86362e192610e5ce5f01dbacc43ddec8605b75ce0018ef41bb376838510c6e8ec827642497228f0640fe5dd1f56db56349481478a65d78727495cb0f9a0dce758913968f03be1be103ead7fd9832aeed892b4abff60d2dd7ea8de02cee79c68c3541439833e72ca3a170e5a36031b0e1666aa37bac19e0879c09041ccb", 0xc3, &(0x7f0000000040), &(0x7f0000000140), &(0x7f00000003c0)="9dce43fcf62839cc3ee7d011860ce90c881bf1a64918fc7da91c14f6cb08abc3b4b3baff026f56de96f3118baf4b9736869a6e209bf60b5e7b86f662f20f479d5c37aa3ca2e80514f92bc475367a653b9ffba2f49042227862cd7afd9e92f5871eb060b04ff3c0527fb7784844c05f3539884024422fa5071f19802eaae75fa5bdf1") prctl$PR_SCHED_CORE(0x3e, 0x1, r3, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffffffffffe, 0x0, 0xffffffff}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_batadv_mesh(r4, 0x8933, &(0x7f00000000c0)) syz_genetlink_get_family_id$batadv(&(0x7f0000000080), r4) sendmsg$BATADV_CMD_GET_DAT_CACHE(r4, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) ioctl$ifreq_SIOCGIFINDEX_batadv_hard(r1, 0x8933, 0x0) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_STRSET_GET(r5, 0x0, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) openat$audio(0xffffffffffffff9c, &(0x7f00000005c0), 0x40000000008d82, 0x0) r6 = syz_io_uring_setup(0xbdc, &(0x7f0000000640)={0x0, 0xec25, 0x8, 0x1, 0x40000333}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r8 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000280)=ANY=[@ANYBLOB="440000003e000701feffffff00000000017c0000040042800c00018006000600800a000020000280"], 0x44}, 0x1, 0x0, 0x0, 0x40040c0}, 0xc000) io_uring_enter(r6, 0x847ba, 0x0, 0xe, 0x0, 0x0) socket$unix(0x1, 0x1, 0x0) 14.256304987s ago: executing program 4 (id=454): syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000dc0)={0x2c, &(0x7f0000000ac0)={0x0, 0x9, 0x1, "af"}, 0x0, 0x0, 0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000240)={0x14, &(0x7f0000000100)={0x20, 0xa, 0x2, {0x2}}, &(0x7f0000000200)={0x0, 0x3, 0x1a, {0x1a}}}, 0x0) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, &(0x7f0000000040)=@IORING_OP_POLL_ADD={0x6, 0x2, 0x0, @fd=r0, 0x0, 0x0, 0x0, {}, 0x1}) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = userfaultfd(0x80801) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100}) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) syz_io_uring_submit(r6, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8924, 0x0) mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x1c, &(0x7f0000000280)={0x40, 0x3}, 0x0, 0x0}) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x44, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000005c0)={0x34, &(0x7f00000002c0)={0x0, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000b40)={0x34, &(0x7f0000000840)={0x20, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x1c, &(0x7f00000006c0)={0x20}, 0x0, 0x0}) 14.097622204s ago: executing program 2 (id=455): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11}, &(0x7f0000000000)=0x0) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, &(0x7f0000000100)) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close(0xffffffffffffffff) 13.335490185s ago: executing program 4 (id=456): syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000dc0)={0x2c, &(0x7f0000000ac0)={0x0, 0x9, 0x1, "af"}, 0x0, 0x0, 0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000240)={0x14, &(0x7f0000000100)={0x20, 0xa, 0x2, {0x2}}, &(0x7f0000000200)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000004c0)={0x1c, &(0x7f0000000300)={0x0, 0x10, 0x1b, "1ec9d4910416b7acc45bf5b2689467f9d68554a179ffa82419012a"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x6}}) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, 0x0) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = userfaultfd(0x80801) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100}) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) syz_io_uring_submit(r6, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8924, 0x0) mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x1c, &(0x7f0000000280)={0x40, 0x3}, 0x0, 0x0}) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x44, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x34, &(0x7f0000001800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000005c0)={0x34, &(0x7f00000002c0)={0x0, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000580)={0x34, &(0x7f0000000180)={0x20, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000b40)={0x34, &(0x7f0000000840)={0x20, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x1c, &(0x7f00000006c0)={0x20}, 0x0, 0x0}) 12.52820292s ago: executing program 1 (id=457): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000002c0), 0x8400, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f00000000c0)={0xc, 0x0, 0x0}) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r0, 0x3ba0, &(0x7f0000000100)={0x48, 0x2, r1, 0x0, 0x0, 0x0, 0x0}) (async) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f0000000180)={0x28, 0x2, r1, 0x0, &(0x7f0000ffa000/0x3000)=nil, 0x3000, 0x100000000}) (async) r3 = socket$inet(0x2, 0x4000000000000001, 0x0) (async) ioctl$IOMMU_OPTION$IOMMU_OPTION_RLIMIT_MODE(r0, 0x3b87, &(0x7f0000000200)={0x18, 0x0, 0x1}) setsockopt$inet_tcp_int(r3, 0x6, 0x80000000000002, &(0x7f00000000c0)=0x8, 0x4) (async, rerun: 32) r4 = socket(0x10, 0x803, 0x0) (rerun: 32) sendmsg$nl_route(r4, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000080)=ANY=[@ANYBLOB="540000001400b59500000000000000000a000000", @ANYRES32=r4, @ANYBLOB="140001"], 0x54}, 0x1, 0x0, 0x0, 0x800}, 0x80) (async) ioctl$IOMMU_HWPT_ALLOC$NONE(r0, 0x3b89, &(0x7f0000000000)={0x28, 0x2, r2, r1, 0x0, 0x0, 0x0, 0x0, 0x0}) r5 = syz_usb_connect(0x0, 0x24, &(0x7f00000007c0)=ANY=[@ANYBLOB="12010000ed3ec908cd0cb300ea2d010203010902120001000000000904"], 0x0) syz_usb_control_io$hid(r5, 0x0, 0x0) (async) syz_usb_control_io$cdc_ecm(r5, 0x0, 0x0) (async) fsetxattr$trusted_overlay_upper(r3, &(0x7f00000001c0), &(0x7f0000000480)={0x0, 0xfb, 0xf2, 0x1, 0xff, "f001832e68cd7ba2a027eaace229d7df", "c87fd783423625bc2131f3872680a6f66fae62f8034391e152a624725bf5effd7ff3060a08f87d0dac44503a72ad00f1b05fd44dc12c3b3c4135302ab87d7b91339c69aaa3e1914abd92915ed296fd014a34c432a383d74a67c3af1657f148daa409f65493775fb41a23c5e519a20657842225c1d5caa6e73feb62e942e80a51ed2feb8e52861bf08ceabe4c4cb72ab6432e1264d1ca8f7d9660195e629870cd8d6fe71afcc092d28a60ef1709a94082d9bf34218b6d02fa6a4a92720e1876fdca055b5ccc9d782d6b82031ea9c3c3bad7cf456e8a589dd6427b943285"}, 0xf2, 0x0) (async) syz_usb_control_io$cdc_ncm(r5, 0x0, &(0x7f00000003c0)={0x44, &(0x7f0000000000)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$IOMMU_IOAS_UNMAP$ALL(r0, 0x3b86, &(0x7f0000000040)={0x18, r1}) 11.970106269s ago: executing program 4 (id=458): syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r0 = syz_open_dev$sndctrl(&(0x7f0000000000), 0x84, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f0000000180)) syz_open_dev$sndmidi(&(0x7f0000000100), 0x2, 0xa8e81) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000180)=ANY=[@ANYBLOB="6c0000001000030400000000fbdbdf2500000400", @ANYRES32=0x0, @ANYBLOB="00030000028000004400128009000100766c616e00000000340002800600010002000000280003800c00010000000000050000000c00010070000000018000000c000100000000000800000008000500", @ANYRES32=0x0, @ANYBLOB="11b26a766ca8aa29a13c9ba0787daa8c0dbcc644983dc9d0738010b0417e48101b34520822c524a80606bc92"], 0x6c}}, 0x0) r2 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/fs/cgroup', 0x0, 0x0) fchmodat(r2, &(0x7f0000000300)='./file0\x00', 0x6af3a594efbd1362) ioctl$KVM_CAP_PMU_CAPABILITY(r2, 0x4068aea3, &(0x7f0000000380)) r3 = syz_mount_image$fuse(&(0x7f0000000100), &(0x7f0000000240)='./file1/file0\x00', 0x400000, &(0x7f0000000280)={{}, 0x2c, {'rootmode', 0x3d, 0x2000}, 0x2c, {'user_id', 0x3d, 0xee01}, 0x2c, {'group_id', 0x3d, 0xffffffffffffffff}, 0x2c, {[{@blksize={'blksize', 0x3d, 0x1400}}, {@default_permissions}, {@default_permissions}, {@blksize={'blksize', 0x3d, 0x1000}}]}}, 0x1, 0x0, &(0x7f0000000480)="1f79d684d5f19fcb2ee7f3d5b922a48ad2b33b43096bc052aa523da8871cd41ce052484c6705b479661557a974addb87233f6c1358c7381dd8c0778fdebc7548f77782") r4 = openat(r3, &(0x7f0000000400)='./file1/file0\x00', 0x224000, 0x0) read$FUSE(r4, &(0x7f00000005c0)={0x2020, 0x0, 0x0}, 0x2020) write$FUSE_STATFS(r4, &(0x7f0000000080)={0x60, 0xb, r5, {{0x6, 0x8, 0x8001, 0x5, 0x2, 0x5, 0x2, 0x6c3}}}, 0x60) ftruncate(r4, 0x8800000) r6 = openat$null(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) sendfile(r6, r4, 0x0, 0x558410e9) socket$nl_netfilter(0x10, 0x3, 0xc) ioctl$PTP_PIN_GETFUNC(r4, 0xc0603d06, &(0x7f0000000000)={'\x00', 0x6, 0x3, 0x33}) 11.955376063s ago: executing program 1 (id=459): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = openat$null(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) bpf$BPF_GET_PROG_INFO(0xf, &(0x7f00000003c0)={0xffffffffffffffff, 0xe0, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, &(0x7f0000000000)=[0x0, 0x0], ""/16, 0x0, 0x0, 0x0, 0x0, 0x7, 0x0, &(0x7f0000000480)=[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0], 0x0, 0x0, 0xb, 0x0, 0x0, 0x10, &(0x7f00000000c0), &(0x7f0000000140), 0x8, 0x46, 0x8, 0x8, &(0x7f0000000280)}}, 0x10) sendmsg$nl_route(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000240)=ANY=[@ANYRES32=r0, @ANYRESOCT, @ANYRESOCT=r0], 0x50}}, 0x0) r2 = syz_open_dev$radio(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_STREAMOFF(r2, 0x40045613, &(0x7f00000000c0)=0x5) mbind(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x1, &(0x7f00000001c0), 0xfffffffffffffffe, 0xa) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000014c0)={'pimreg\x00'}) openat$audio(0xffffffffffffff9c, 0x0, 0x109842, 0x0) socketpair$unix(0x1, 0x3, 0x0, 0x0) connect$unix(0xffffffffffffffff, 0x0, 0x0) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) ioctl$TUNSETGROUP(0xffffffffffffffff, 0x400454ce, 0x0) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, 0x0) syz_open_dev$tty20(0xc, 0x4, 0x0) r3 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1adb23610000000109022d0001100000000904000003fe03010009cd8d1f00020000000905050200de7e001009058b1e20"], 0x0) syz_usb_control_io(r3, 0x0, &(0x7f0000000300)={0x84, &(0x7f0000000540)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r4 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) ioctl$FS_IOC_GETVERSION(r4, 0xc0145b0d, &(0x7f0000000040)) 11.836481828s ago: executing program 3 (id=460): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_TID_CONFIG(r0, &(0x7f0000000340)={0x0, 0xffffffffffffff8e, &(0x7f0000000480)={&(0x7f0000000b40)={0x24, r1, 0xc4fc9e906872338b, 0x20, 0x0, {{0x15}, {@void, @void}}, [@NL80211_ATTR_TID_CONFIG={0x10, 0x11d, 0x0, 0x1, [{0xc, 0x0, 0x0, 0x1, [@NL80211_TID_CONFIG_ATTR_TX_RATE={0x8}]}]}]}, 0x14}}, 0x0) 11.708212743s ago: executing program 2 (id=461): openat$kvm(0xffffffffffffff9c, &(0x7f0000000a40), 0x40400, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f00000000c0)='/proc/partitions\x00', 0x0, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) socket(0x400000000010, 0x3, 0x0) socket$unix(0x1, 0x5, 0x0) socket$packet(0x11, 0x3, 0x300) openat$nullb(0xffffff9c, &(0x7f0000000040), 0x800, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) socket$xdp(0x2c, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$netlink(0x10, 0x3, 0x0) socket$kcm(0x2d, 0x2, 0x0) socket(0x10, 0x3, 0x0) syz_usb_connect$hid(0x2, 0x36, &(0x7f0000000480)=ANY=[@ANYBLOB="1201000300000008ac054e024000010203010902"], 0x0) socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0xefff, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32, @ANYBLOB="0a000100000070"], 0x64}}, 0x0) 11.695523946s ago: executing program 4 (id=462): r0 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000140)={0x0, 0x4101, &(0x7f0000000240)={&(0x7f00000003c0)=ANY=[@ANYBLOB="380000001300f5d100"/20, @ANYRES32, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\r\x00\x00\x00\x00\x00\b\x00(\x00\x00\x00\x00\x00\b\x00)'], 0x38}}, 0x0) 11.553735722s ago: executing program 3 (id=463): r0 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000440), 0x800) ioctl$SNDRV_TIMER_IOCTL_SELECT(r0, 0x40345410, &(0x7f00000083c0)={{0x1, 0x0, 0x0, 0x3}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r0, 0x40505412, &(0x7f00000000c0)={0x1, 0x0, 0x400, 0x0, 0xf}) (fail_nth: 2) 11.552641561s ago: executing program 0 (id=464): r0 = gettid() r1 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000280), 0x90000) ioctl$SNDRV_TIMER_IOCTL_TREAD(r1, 0x40045402, &(0x7f0000000040)=0x1) (async) ioctl$SNDRV_TIMER_IOCTL_SELECT(r1, 0x40345410, &(0x7f00000083c0)={{0x3, 0x0, 0x0, 0x3, 0x9}}) ioctl$int_in(r1, 0x5452, 0x0) (async) r2 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000180), 0x0) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r1, 0x40505412, &(0x7f00000000c0)={0x0, 0x9, 0x0, 0x0, 0xf}) (async) ioctl$SNDRV_TIMER_IOCTL_CONTINUE(r1, 0x54a2) r3 = dup3(r2, r1, 0x80000) ioctl$VHOST_SET_MEM_TABLE(r3, 0x4008af03, &(0x7f0000000140)={0x1, 0x0, [{0x80a0000, 0x40, &(0x7f0000000080)=""/64}]}) ioctl$VIDIOC_G_DV_TIMINGS(r3, 0xc0845658, &(0x7f0000000240)={0x0, @reserved}) r4 = socket$rds(0x15, 0x5, 0x0) setsockopt$SO_RDS_MSG_RXPATH_LATENCY(r4, 0x114, 0xa, &(0x7f0000000000)=ANY=[@ANYBLOB="03000088"], 0x4) rt_sigaction(0x16, &(0x7f0000000080)={&(0x7f0000000440)="c4a23d0643b9f0430fc079fff3460f1ec9f081035c000000f30faed446a900000000660f7ed238c461915492db8876efa1efa12eb22d233333f30fa7d0", 0x90000000, 0x0}, 0x0, 0x8, &(0x7f0000000200)) (async) rt_sigsuspend(&(0x7f0000000000), 0x8) (async) tkill(r0, 0x16) r5 = socket$inet_udp(0x2, 0x2, 0x0) (async) r6 = syz_open_dev$media(&(0x7f0000001a80), 0x3, 0x0) ioctl$MEDIA_IOC_ENUM_LINKS(r6, 0xc0287c02, &(0x7f0000000500)={0x80000000, 0x0, &(0x7f0000001740)=[{{0x80000000, 0x0}, {0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r6, 0xc0287c02, &(0x7f0000000480)={r8, &(0x7f00000004c0)=[{}, {0x80000000}], &(0x7f00000016c0)=[{{}, {0x80000000}}, {{0x80000000}}]}) ioctl$MEDIA_IOC_ENUM_LINKS(r6, 0xc0287c02, &(0x7f0000000280)={r10, 0x0, &(0x7f0000000200)=[{{0x80000000, 0x0}}]}) ioctl$MEDIA_IOC_SETUP_LINK(r6, 0xc0347c03, &(0x7f0000000400)={{r9, r13}, {r12, r13}, 0x5}) (async) setsockopt$inet_int(r5, 0x0, 0x7, &(0x7f0000000140)=0x6, 0x4) (async) r14 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r14, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000340)=ANY=[@ANYBLOB="440000001a00010000000000000000000a000000000000000000000006001d000000000006001c0000000000080019", @ANYRESHEX=r8, @ANYRES16=r11, @ANYRES32=0x0, @ANYRESOCT=r1, @ANYRES16=r7], 0x44}, 0x1, 0x0, 0x0, 0x40000}, 0x8000) 11.419055879s ago: executing program 4 (id=465): r0 = syz_open_dev$video(&(0x7f0000000000), 0x75, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$kcm(0x29, 0x2, 0x0) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x1, 0x5, &(0x7f0000001dc0)=ANY=[@ANYBLOB="bf16000000000000b70700000100f0ff5070000000000000300000000000c00095000000000000002ba728041598d6fbd30cb599e83d24bd8137a3aa81e0ed139a85d36bb3019d13bd2321af3c2bd67ce68f15c0ec71d0e6adfefcf1d8f7faf75e0f226bd917060000007142fa9ea4318123751c0a0e168c1886d0d4d35379bd223ec839bc16ee988e6e0dc8cedf3ceb9fbfbf9b0a49ef23d430f6296b32a83438810720a159cda90363db3d221e152dfca64057ff3c4744aeaccd3641110bec4e9027a0c8055bbfc3a96d2e8910c2c39e4babe802f5ab3e89cf6c662ed4048d3b3e22278d00031e5388ee5c867ddd58211d6ece1ccb0cd2b6d3cffd962867a3a2f624f992daa94a0c556f3218ce740068725c37074e468ee207d2f73902ebcfcf49822775985bf31b715f5888b24efa190000000000000000000000000000ddffffff730d00000000000000ddffffff0000b27cf3d1848a54d7132be1bfb0adf9deab3323aa9fdfb52faf9cb09c3bfd09000000b91ab219ef00bb7b3de8f67ffcad3f6c3c2b1f03550000000000001cf41ab11f12fb1e0a494034007de7c6592df1a6c64d8f20a67745409eaa988dbc2fee9d313d34889f40159e800ea2474b540500a30b23bcee46762e2093bcc9eae5ee3e980026c96f80ee1a00000000740750fa4d9aaa705989b8e673e3296e52d337c56abf112874ec51d6fe048ba6866adebab53168770a71ad901ace383e41d277b103923a9d961f7a2591dbe4a912ffaf6f658f3f9cd16286744f83a83f138f8f92efd92239eafcc5c1b3f97a297c9e49a0c3300ef7b7fb5f09e0c8a868a353409e34d3e82279637599f35ad3f7ffffff3cac394c7bbdcd0e0eb52162e0c410ade7a36b26a4e70f03cc4146a77af02c1d4cefd4a2b94c0aed8477dfa8ceefb467f05c6977c78cdbf37704ec73754910fe050038ec9e47de89298b7bf4d769ccc18eede0068ca1457870eb30d211e23ccc8e06dddeb61799257ab5000013c86ba9affb12ec757c7234c270246c878d01160e6c07bf6cf8809c3a0d062357ba2515567230a6f8b2ad0e0e2b45d14ee446b840edaa1e1f4933545fc3c741374211663f6b63b1dd044dd0a2768e825972fc4300001467c89fa0f82e8440105051e5510a33dcda5e4e202bd622549c4cffffff501d3a5dd7143fbf221fff161c12ca389cbe0000000000000fff75067d2a214f8c9d9b2ecf631c6c5fd9c26a54d43fa050b88d1d43a8645bd9109b7e07869bba7131421c0f397073943330baafd243c0c6ffe673bab4113be7664e08bdd7115c61afcb718cf3c4680b2f6c7a8400e378a9b15bc20f49e298727340e87cdefb40e56e9cfad9931b8c552b2c7c503f3d0e7ab0e958adb862822e40009995ae166deb9856291a43a6f7eb2e32cefbf463789eaf79b8d4c22be89f44b032dad13007b82e6044f643fc8cd07ae636a5dbe9864a117d27326850a7c3b570863f532c218b10af13d7be94987005088a83880ccab9c9920c2d2af8c50ce6a8e9f65de13d52c83ac3fa7c3ae6c08384865b66d2204c2e4f3ae20bf279b512b4dcb5dd9cba16b62040bf8702ae12c77e6e34991af603e3856a346cf708feeb708ab22b560cf8a4a6f31ba6d9b8cb0908000000000000001a342c010000000000e667a7592b33406f1f71c739b55db91d2309dc7ae401005f52053a39e7307c09ff3ac3e820b01c57dd74d4aafc4c383a17bc1de5347bb71ca16dcbbbaa2935ae662082b56cf666e63a759e0ef3ea7af6881513be94b362e15ffca8ec453b3a2a67be70c17b0f9c2eac765816c30c2e7133dca1c7669522f7dff8bc570a93fbdb688c3aef810000007a6ea6b11163392a19d87915ed063f608dddb03a95b51cb6febd5f24a34998d2010fd5facf68c4f84e2f66e27c81a149d7b331983d3b74444953fc1216dfec10b724be3733c26f12538376e177ffef6fd2020000000000000008e4919a463d5332a2546032a3c06b94f168e8fc4bda0c294723fe306f26c477af4b926644672985fab7cc67bc5b5f5d38cdd8df95147ebe1cd88b0a4c6cde9951be42827dfddfefb238fac2303cc8982f1e55b005afcfea5eb037248fefad6bb02c162ce92ab17744c8ec3d2e80cf3205d36699fd381bc81231fb5e12e45f3059f361d08d6a6d019ebf105eaf43083c29512bcedd79ca9bf24e063d0c273ed70a2b70be521ea27dc8cf3c9bdf83b93405db07e82e2ddf4c4d26f1cdd8c3c9736cf5e5082de3b484f8673e0e97dd7e8a872148613c3a04f3d67f4375ba5c7f1b0033f8dfe0fd9bb2a70801f763524e1d79d812ced782646b5f79c8fc08bb5c11020108d702edd2ea9c96cfcb9066668627820d2d48aa5fc0a7bf1b51afd85350ad00b78c598fa8701b000884de790b54e5ab2e8ff0c7ae23e0b6eeac95c4c2eef2e5eb1d019d52099fbd404e8ece970f67736ba7e960bd8b1e4105ce7e31f7c9c3e3fa61aaa967b90087e91d703e98535b107b8f4653be4c46a3a1adb07d226952b8573b417018316fa96e942e35c4baa16d4122c863709b08d4639a19a46ac90ac48a13ee9bcaa875fc700000000000003b40dc5c745fe2491e8425e600000000000000000000000000000000000000000000000000c3d51d9a161446b4373e06a9e07f8a000000000000250318a44ad31baac0520a913301e630ae540f3289aebde8633f6f450c0738e16df6c7f1e0832a2a16fe6e39959735758248032cdf7320c6dc87b01e3f9a7811b200000000ae189de4b9b25f7c7a9c070000002af1c06315270de4a6605e4b4b58bef76fac54f11b84bd7bcd6b6a485edfb7684c770a39b38b08e18a51a4d4e66ca21c06a4b4198e1bc2ef990c9ba911efed626e5ee341a17bf8132b5b1dfa9fd31df213c88b4047979379dc15c9056fd3baa8b2d6cb134437cba0193ba4360bdcc98aad2560aa48291c4eb9d4e08ad7a9c5f04be1ab597124d84dfc7bd8cca8f68154a0ed356e773a797ca6d66748857b4abbf8830abeea2a46342e6a7378173cb29d5cdcd698a0203f78116b710008000000000000007c2d86b94472807c10eb9a8e2fb8bd79fe3a8316deff3ee641c9a080a2173642e673a672279bae4e7e28055da9497d7edb53be6e80482bd4d9a74b8dd4221f05e6ca8c705d7257ff7f76c78ba0b44ec0bdfa0d32d7042059b13a079639f14f9032b856d892ad6af5124c9c3130485e9682ff1f3c54e475d5bb496aef4bb537d7e191dfdeba109fdcf7864763f87a6d711cf52e520a6ce30e134c55e0caac037209d2f12fcddd00000000000000000000000000000000e609893bdce015e8ccfb36399844db61f6171b0b0e845e48728450c6ba4f7098f8e000676b59ab9f851f3ab77847ce05c89411277ec69c409b7ec50a3337a78675f38a568612aa25d61ce4e2c235ab5f2cd6d035d5f5f6a693c381adbbf7b37e37292783b2c7efe7d3a067906552f76d419e0300000000000000000000008435f39381c2a77c001caae53db7316fa6d48d032ab6831ebb813c85855c7a9ad8140a4b29422fc20d4e75c848984a2e217ec9c2833b8fa9106ee1be2c05103a36fc1126f1aa5284ba7179843b08ecadc199b9038cf6b9ee4e1f321a6a32e03bd987ddfada1f69756651b73a7ed0f7e467081193b2844869"], &(0x7f0000000140)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x48) r4 = socket$kcm(0x2, 0x1, 0x0) sendmsg$inet(r4, &(0x7f0000000fc0)={&(0x7f0000000000)={0x2, 0x4001, @remote}, 0x10, 0x0}, 0x20000811) ioctl$sock_kcm_SIOCKCMATTACH(r2, 0x89e0, &(0x7f0000000040)={r4, r3}) r5 = syz_open_procfs(0x0, &(0x7f0000000180)='net/kcm\x00') preadv(r5, &(0x7f0000000140)=[{&(0x7f0000000000)=""/151, 0x97}], 0x1, 0xd, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000009c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=@newtaction={0x14, 0x1e, 0x109, 0x0, 0x25dfdbfe}, 0x14}, 0x1, 0x2b1e}, 0x58) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r1, 0x8008f512, &(0x7f0000000080)) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0xe7, 0x35315258, 0x280, 0x168, 0x0, @stepwise={{0x6, 0x5}, {0x6, 0xc}, {0x1, 0x8}}}) ioctl$EVIOCGREP(r5, 0x80084503, &(0x7f00000001c0)=""/185) 11.021307947s ago: executing program 0 (id=466): mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x40, 0x2) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SG_IO(r1, 0x2285, 0x0) r2 = fcntl$dupfd(r1, 0x0, r1) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, 0x0, 0x0) listen(0xffffffffffffffff, 0x8) r5 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x0) setsockopt$inet_sctp6_SCTP_DEFAULT_SNDINFO(r5, 0x84, 0x22, &(0x7f0000000000)={0x2, 0x0, 0x6, 0xffffffff}, 0x10) r6 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000000)='hugetlb.1GB.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_script(r6, &(0x7f00000004c0), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x200000a, 0x28011, r6, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) listen(r5, 0x4f593a45) syz_usb_connect(0x0, 0x36, &(0x7f0000000f00)=ANY=[@ANYBLOB="d0010000cceec810450c4062ae86010203010902247cb91b7900"], 0x0) r7 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x102) ioctl$DRM_IOCTL_MODE_GETRESOURCES(r7, 0xc04064a0, &(0x7f00000001c0)={0x0, &(0x7f0000000040)=[0x0], 0x0, 0x0, 0x0, 0x1}) ioctl$DRM_IOCTL_MODE_GETCRTC(r7, 0xc06864a1, &(0x7f0000000600)={0x0, 0xfffffffffffffe57, r8, 0x0}) r10 = socket$qrtr(0x2a, 0x2, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(r2, 0xc0189379, &(0x7f0000000200)={{0x1, 0x1, 0x18, r10}, './file0\x00'}) ioctl$DRM_IOCTL_MODE_GETFB(r7, 0xc01c64ad, &(0x7f0000000000)={r9}) write$sndseq(r2, &(0x7f0000000180)=[{0x0, 0x47, 0x0, 0x0, @tick, {0x40, 0xff}, {0x0, 0x9}, @queue={0xee, {0x7, 0xc9a}}}, {0x0, 0x0, 0x0, 0x0, @time={0x367f, 0xfffffffd}, {}, {0x80}, @time=@time={0x9, 0x1}}], 0x38) write$sndseq(r2, 0x0, 0x0) 10.915653686s ago: executing program 3 (id=467): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r0, 0xc0502120, &(0x7f0000000340)) timer_settime(0x0, 0x0, &(0x7f0000000180)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) 4.65949186s ago: executing program 0 (id=468): syz_usb_control_io$hid(0xffffffffffffffff, 0x0, &(0x7f0000000dc0)={0x2c, &(0x7f0000000ac0)={0x0, 0x9, 0x1, "af"}, 0x0, 0x0, 0x0, 0x0}) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) r1 = dup(r0) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, &(0x7f0000000240)={0x14, &(0x7f0000000100)={0x20, 0xa, 0x2, {0x2}}, &(0x7f0000000200)={0x0, 0x3, 0x1a, {0x1a}}}, &(0x7f00000004c0)={0x1c, &(0x7f0000000300)={0x0, 0x10, 0x1b, "1ec9d4910416b7acc45bf5b2689467f9d68554a179ffa82419012a"}, &(0x7f0000000380)={0x0, 0xa, 0x1, 0x4}, &(0x7f0000000440)={0x0, 0x8, 0x1, 0x6}}) write$6lowpan_enable(r1, &(0x7f0000000000)='0', 0xfffffd2c) r2 = syz_io_uring_setup(0x239, &(0x7f0000000740)={0x0, 0x1c2a, 0x10100, 0x0, 0x0, 0x0, r1}, &(0x7f0000000180)=0x0, &(0x7f00000001c0)=0x0) syz_io_uring_submit(r3, r4, 0x0) io_uring_enter(r2, 0x2ded, 0x4000, 0x0, 0x0, 0x0) r5 = userfaultfd(0x80801) r6 = mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) ioctl$UFFDIO_API(r5, 0xc018aa3f, &(0x7f0000000080)={0xaa, 0x100}) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x0, 0xf0ffffff) ioctl$UFFDIO_REGISTER(r5, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x4}) ioctl$UFFDIO_COPY(r5, 0xc028aa03, &(0x7f0000000000)={&(0x7f0000800000/0x800000)=nil, &(0x7f0000199000/0x800000)=nil, 0x800000}) syz_io_uring_submit(r6, 0x0, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_inet_SIOCSIFFLAGS(r7, 0x8924, 0x0) mlock(&(0x7f0000ffb000/0x4000)=nil, 0x4000) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000340)={0x1c, &(0x7f0000000280)={0x40, 0x3}, 0x0, 0x0}) syz_usb_control_io$uac1(0xffffffffffffffff, 0x0, &(0x7f0000000000)={0x44, &(0x7f0000000640)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000003c0)={0x34, &(0x7f0000001800)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f00000005c0)={0x34, &(0x7f00000002c0)={0x0, 0x16}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000580)={0x34, &(0x7f0000000180)={0x20, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000480)={0x34, &(0x7f0000000240)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(0xffffffffffffffff, 0x0, &(0x7f0000000b40)={0x34, &(0x7f0000000840)={0x20, 0xc}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(0xffffffffffffffff, 0x0, &(0x7f0000000400)={0x1c, &(0x7f00000006c0)={0x20}, 0x0, 0x0}) 4.253502892s ago: executing program 3 (id=469): r0 = io_uring_setup(0x74f8, &(0x7f00000005c0)) write$FUSE_INTERRUPT(0xffffffffffffffff, 0x0, 0x0) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) ioctl$UI_DEV_SETUP(r1, 0x405c5503, &(0x7f0000000280)={{0x0, 0x4, 0x0, 0x9}, 'syz1\x00', 0x3f}) ioctl$UI_SET_FFBIT(r1, 0x4004556b, 0x51) ioctl$UI_DEV_CREATE(r1, 0x5501) r2 = syz_open_dev$evdev(&(0x7f0000000100), 0x72, 0x0) ioctl$EVIOCSFF(r2, 0x40304580, &(0x7f00000000c0)={0x51, 0x8009, 0xd, {0x2, 0x2}, {0x6, 0x8}, @cond=[{0xeeb, 0x405, 0x4, 0x3, 0x8, 0x2}, {0x2, 0x5, 0x5, 0x6, 0x6, 0x3b7e}]}) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000140)={0x0, 0x4, &(0x7f0000000200)=ANY=[@ANYBLOB="180000000000000000000000000000007112370000000000950000000000000089e2d90aa1795cc26efb1dacf01150510936875c66d6a7d6eb12d4cdbc5c0ce0d29df91940d8ca08008e7aa5b3c9a10909d6e18b263131bf965f55746df5189a2e23905ae4dc5340e0eb74eb523d5b77a763cccb768b4453c8b1b1dd0a71983b5c2cfe11f3d30228772b0b798ebaf5abde2ce3ec34f8c6f13ee1f181ac563ba7a7edc9be94452da6d7eb67ae3243cb393245efd0dd21de9553cbd1a8516282de458c44d1ddae97af584de743d44ed18d20dd3b2c42cf1e8b27788dfc562367d46197198cd19fda89a6feca6c738b1d4b2522"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x24, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r3 = syz_usb_connect(0x0, 0x36, &(0x7f00000002c0)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f010400000009058303"], 0x0) ioctl$EVIOCSCLOCKID(0xffffffffffffffff, 0x400445a0, &(0x7f0000000080)=0xb309) syz_usb_ep_write$ath9k_ep2(r3, 0x83, 0x8, &(0x7f0000000080)=ANY=[]) r4 = syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) ioctl$EVIOCSFF(r4, 0x40304580, &(0x7f0000000300)={0x50, 0xffff, 0x0, {0x0, 0x68bd}, {}, @cond=[{0x0, 0x0, 0x0, 0x0, 0x0, 0x2}]}) syz_open_dev$evdev(&(0x7f00000000c0), 0x40, 0x0) close_range(r0, 0xffffffffffffffff, 0x0) 4.148892343s ago: executing program 4 (id=470): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$int_in(r0, 0x40000000af01, 0x0) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x8901, 0x0) ioctl$TUNSETOFFLOAD(r1, 0xc004743e, 0x110c23003f) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x4c842, 0x0) r3 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) ioctl$VHOST_SET_FEATURES(r3, 0x4008af00, &(0x7f0000000440)=0x8000) r4 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CREATE_PIT2(r4, 0xc048aec8, &(0x7f0000000000)={0x40004}) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110c230000) syz_usb_connect(0x5, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010003001f66088f05106605480102030109ff02fbdb2eee37a4bf509ec7ad3f8b4d7e7ed1f848cc3c23abcde1807a00df6d4486eebed59e48a76e700bcbb6f492bcfd8ff12e52270f9d0e0b5fb200709cc41b2fd2bd4ba8b5bcb8b18503bc247773305b2d78e568a4531798e6bbd2fe95de30eab71231d25b97a9d3f355a8483a4bdb8989d62cb4772810faec4b9a75b6be69c309b1b0992c8e7df515b713bb4f5165f7"], &(0x7f0000001700)={0xffffffa0, 0x0, 0x0, 0x0, 0x23}) ioctl$TUNSETOFFLOAD(0xffffffffffffffff, 0xc004743e, 0x110c230041) r5 = socket$igmp6(0xa, 0x3, 0x2) setsockopt$inet6_MCAST_MSFILTER(r5, 0x29, 0x30, &(0x7f00000001c0)={0x5, {{0xa, 0x4e21, 0x7ff, @empty, 0x1}}, 0x1, 0x3, [{{0xa, 0x4e24, 0xfffffffb, @private1, 0x7}}, {{0xa, 0x4e21, 0x9, @private0={0xfc, 0x0, '\x00', 0x1}}}, {{0xa, 0x4e21, 0x60000000, @dev={0xfe, 0x80, '\x00', 0x2c}, 0x401}}]}, 0x210) ioctl$DRM_IOCTL_GET_CLIENT(0xffffffffffffffff, 0xc0286405, &(0x7f0000000480)={0x401, 0x9, {0x0}, {}, 0x400, 0x2}) sched_setattr(r6, &(0x7f00000004c0)={0x38, 0x0, 0x1000005b, 0x7, 0x0, 0x6, 0x3, 0x1, 0xff, 0x6}, 0x0) close(0xffffffffffffffff) ioctl$VHOST_GET_VRING_ENDIAN(r0, 0x4008af14, 0x0) 3.495636685s ago: executing program 1 (id=471): socket$inet_tcp(0x2, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r5, 0x0, r3, 0x0, 0xf3a, 0x0) ioctl$sock_inet_tcp_SIOCINQ(r2, 0x5760, 0x0) write$binfmt_elf64(r4, &(0x7f0000003380)=ANY=[], 0x18c6) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0x0, 0xf, 0xfffffffffffffffe}, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f0000000080), 0xffffffffffffffff) r6 = openat$kvm(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) r7 = ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r7, 0x4020ae46, &(0x7f0000000400)={0x10002, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r8 = ioctl$KVM_CREATE_VCPU(r7, 0xae41, 0x0) r9 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) r10 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r10, &(0x7f00000002c0)={0x0, 0x0, 0x0}, 0x0) r11 = openat$audio1(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$SNDCTL_DSP_NONBLOCK(r11, 0x500e, 0x0) r12 = fcntl$dupfd(r9, 0x406, r9) ioctl$SG_IO(r12, 0x2285, &(0x7f0000000040)={0x53, 0x0, 0x6, 0x0, @buffer={0x17, 0x0, 0x0}, &(0x7f0000000380)="3e9374c96ee3", 0x0, 0x0, 0x0, 0x0, 0x0}) openat(r12, &(0x7f0000000000)='./file0\x00', 0x40002, 0x121) ioctl$KVM_SET_SREGS(r8, 0x4138ae84, &(0x7f0000000100)={{0x7000, 0xdddd1000, 0x0, 0x0, 0x8, 0x8, 0x0, 0x2, 0x0, 0x6, 0x9, 0x10}, {0x8080000, 0x0, 0x3, 0x8, 0x0, 0x0, 0x0, 0x0, 0x7, 0x7, 0x0, 0xff}, {0x3000, 0x5000, 0xc, 0x0, 0x7, 0x4, 0x0, 0x0, 0x3, 0x0, 0x0, 0xfc}, {0x100000, 0xd000, 0x0, 0x0, 0x0, 0x0, 0xff, 0x0, 0x0, 0x0, 0x4}, {0xeeee8000, 0x3000, 0x9, 0x0, 0xff, 0x4, 0x0, 0xe, 0x0, 0x3c}, {0x0, 0x0, 0xd, 0x8, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x80}, {0x8080000, 0x0, 0xa, 0x6, 0x5, 0x0, 0x3}, {0x80a0000, 0xdddd0000, 0x0, 0x0, 0x0, 0x1, 0x0, 0xa, 0x26}, {0x80a0000}, {0xeeef0000}, 0xfdfcffdb, 0x0, 0x0, 0x28, 0xb, 0xf801, 0x0, [0x0, 0x1000000000000, 0x1]}) ioctl$KVM_RUN(r8, 0xae80, 0x0) ioctl$KVM_TRANSLATE(r8, 0xc018ae85, &(0x7f00000000c0)={0x40000}) 2.365947511s ago: executing program 2 (id=472): timer_create(0x0, &(0x7f0000000080)={0x0, 0x11}, &(0x7f0000000000)=0x0) timer_settime(r0, 0x1, &(0x7f0000000040)={{0x0, 0x3938700}}, &(0x7f0000000100)) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000240)={{0x0, 0x8}, {0x0, 0x9}}, 0x0) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000380)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) close(0xffffffffffffffff) 0s ago: executing program 0 (id=473): r0 = syz_open_dev$video4linux(&(0x7f00000007c0), 0x100000000008, 0x20c40) ioctl$VIDIOC_SUBDEV_S_FMT(r0, 0xc0585605, &(0x7f00000000c0)={0x1, 0x0, {0x1, 0x0, 0x100a, 0x4, 0x0, 0x0, 0x5, 0x4}}) r1 = socket$inet_sctp(0x2, 0x1, 0x84) setsockopt$IP_VS_SO_SET_EDITDEST(r1, 0x0, 0x489, &(0x7f0000000380)={{0x84, @multicast1, 0x4e20, 0x3, 'sh\x00', 0x0, 0x60000000, 0xc}, {@rand_addr=0x64010102, 0x4e26, 0x12002, 0x3, 0x8001, 0x1}}, 0x44) kernel console output (not intermixed with test programs): der: 6475:6478 ioctl c0306201 200000000240 returned -11 [ 142.427320][ T1170] usb 5-1: USB disconnect, device number 12 [ 142.442799][ T980] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 142.626224][ T6495] netlink: 8 bytes leftover after parsing attributes in process `syz.1.162'. [ 142.718864][ T980] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 142.758262][ T980] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 142.808456][ T980] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 142.881052][ T980] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 142.900921][ T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 142.937764][ T980] usb 3-1: Product: syz [ 142.941940][ T980] usb 3-1: Manufacturer: syz [ 142.952193][ T1170] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 142.952791][ T980] usb 3-1: SerialNumber: syz [ 143.098160][ T6508] netlink: 12 bytes leftover after parsing attributes in process `syz.3.165'. [ 143.132131][ T1170] usb 5-1: Using ep0 maxpacket: 16 [ 143.200451][ T1170] usb 5-1: config 2 has an invalid interface number: 142 but max is 0 [ 143.227689][ T1170] usb 5-1: config 2 has no interface number 0 [ 143.278421][ T1170] usb 5-1: config 2 interface 142 altsetting 0 has an endpoint descriptor with address 0xEA, changing to 0x8A [ 143.367150][ T1170] usb 5-1: config 2 interface 142 altsetting 0 endpoint 0x8A has an invalid bInterval 0, changing to 7 [ 143.439783][ T1170] usb 5-1: config 2 interface 142 altsetting 0 endpoint 0x82 has invalid wMaxPacketSize 0 [ 143.509333][ T1170] usb 5-1: config 2 interface 142 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 0 [ 143.579384][ T1170] usb 5-1: New USB device found, idVendor=1286, idProduct=2046, bcdDevice=c6.6e [ 143.588828][ T1170] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 143.723867][ T1170] usb 5-1: Product: syz [ 143.733821][ T1170] usb 5-1: Manufacturer: syz [ 143.752127][ T1170] usb 5-1: SerialNumber: syz [ 143.863116][ T1170] usb 5-1: NFC: intf ffff8880212fd000 id ffffffff8eb529e0 [ 144.101136][ T1170] usb 5-1: USB disconnect, device number 13 [ 145.041059][ T980] usb 3-1: 0:2 : does not exist [ 145.192722][ T980] usb 3-1: USB disconnect, device number 7 [ 145.275261][ T5851] udevd[5851]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 145.809301][ T6514] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 145.815756][ T6514] Bluetooth: hci1: Opcode 0x0c1a failed: -4 [ 145.822014][ T6514] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 145.828720][ T6514] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 145.836650][ T6514] Bluetooth: hci4: Opcode 0x0c1a failed: -4 [ 146.102205][ T1170] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 146.295185][ T1170] usb 5-1: Using ep0 maxpacket: 32 [ 146.327336][ T1170] usb 5-1: config 0 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 146.346310][ T1170] usb 5-1: config 0 interface 0 has no altsetting 0 [ 146.367120][ T1170] usb 5-1: New USB device found, idVendor=0bc7, idProduct=0004, bcdDevice= e.74 [ 146.387454][ T1170] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 146.398085][ T1170] usb 5-1: Product: syz [ 146.404724][ T1170] usb 5-1: Manufacturer: syz [ 146.409319][ T1170] usb 5-1: SerialNumber: syz [ 146.422197][ T10] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 146.431186][ T1170] usb 5-1: config 0 descriptor?? [ 146.436264][ T5844] Bluetooth: hci0: command 0x0c1a tx timeout [ 146.455869][ T1170] ati_remote 5-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints [ 146.508990][ T6548] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 146.543937][ T6553] netlink: 12 bytes leftover after parsing attributes in process `syz.0.178'. [ 146.562521][ T10] usb 4-1: device descriptor read/64, error -71 [ 146.671673][ T6527] gtp0: entered promiscuous mode [ 146.677693][ T6527] gtp0: entered allmulticast mode [ 146.706030][ T980] usb 5-1: USB disconnect, device number 14 [ 146.724789][ T6557] netlink: 'syz.2.179': attribute type 21 has an invalid length. [ 146.732811][ T6557] netlink: 128 bytes leftover after parsing attributes in process `syz.2.179'. [ 146.741848][ T6557] netlink: 'syz.2.179': attribute type 5 has an invalid length. [ 146.769945][ T6557] netlink: 'syz.2.179': attribute type 6 has an invalid length. [ 146.787475][ T6557] netlink: 3 bytes leftover after parsing attributes in process `syz.2.179'. [ 146.814579][ T10] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 146.955887][ T10] usb 4-1: device descriptor read/64, error -71 [ 147.083796][ T10] usb usb4-port1: attempt power cycle [ 147.119573][ T6562] netlink: 4 bytes leftover after parsing attributes in process `syz.0.180'. [ 147.172454][ T6562] erspan0: entered promiscuous mode [ 147.180159][ T6562] macvtap1: entered promiscuous mode [ 147.189495][ T6562] macvtap1: entered allmulticast mode [ 147.195276][ T6562] erspan0: entered allmulticast mode [ 147.266020][ T6564] FAULT_INJECTION: forcing a failure. [ 147.266020][ T6564] name failslab, interval 1, probability 0, space 0, times 0 [ 147.365951][ T6564] CPU: 1 UID: 0 PID: 6564 Comm: syz.0.181 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 147.365969][ T6564] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 147.365977][ T6564] Call Trace: [ 147.365982][ T6564] [ 147.365988][ T6564] dump_stack_lvl+0x189/0x250 [ 147.366013][ T6564] ? __pfx____ratelimit+0x10/0x10 [ 147.366032][ T6564] ? __pfx_dump_stack_lvl+0x10/0x10 [ 147.366051][ T6564] ? __pfx__printk+0x10/0x10 [ 147.366074][ T6564] should_fail_ex+0x414/0x560 [ 147.366120][ T6564] should_failslab+0xa8/0x100 [ 147.366137][ T6564] __kmalloc_cache_noprof+0x70/0x3d0 [ 147.366152][ T6564] ? sctp_add_bind_addr+0x8c/0x370 [ 147.366167][ T6564] sctp_add_bind_addr+0x8c/0x370 [ 147.366183][ T6564] sctp_copy_local_addr_list+0x30b/0x4e0 [ 147.366218][ T6564] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 147.366239][ T6564] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 147.366262][ T6564] ? sctp_v4_is_any+0x35/0x60 [ 147.366274][ T6564] ? sctp_copy_one_addr+0x93/0x360 [ 147.366288][ T6564] sctp_bind_addr_copy+0xb3/0x3c0 [ 147.366310][ T6564] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 147.366330][ T6564] sctp_connect_new_asoc+0x2e0/0x690 [ 147.366348][ T6564] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 147.366365][ T6564] ? __local_bh_enable_ip+0x12d/0x1c0 [ 147.366389][ T6564] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 147.366426][ T6564] ? security_sctp_bind_connect+0x7e/0x2e0 [ 147.366446][ T6564] sctp_sendmsg+0x155c/0x2810 [ 147.366471][ T6564] ? __pfx_sctp_sendmsg+0x10/0x10 [ 147.366489][ T6564] ? aa_sk_perm+0x81e/0x950 [ 147.366511][ T6564] ? __pfx_aa_sk_perm+0x10/0x10 [ 147.366532][ T6564] ? sock_rps_record_flow+0x19/0x410 [ 147.366555][ T6564] ? inet_sendmsg+0x2f4/0x370 [ 147.366590][ T6564] __sock_sendmsg+0x19c/0x270 [ 147.366612][ T6564] __sys_sendto+0x3bd/0x520 [ 147.366628][ T6564] ? __pfx___sys_sendto+0x10/0x10 [ 147.366639][ T6564] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 147.366667][ T6564] ? __fget_files+0x3a0/0x420 [ 147.366689][ T6564] ? ksys_write+0x22a/0x250 [ 147.366703][ T6564] ? __pfx_ksys_write+0x10/0x10 [ 147.366713][ T6564] ? rcu_is_watching+0x15/0xb0 [ 147.366728][ T6564] __x64_sys_sendto+0xde/0x100 [ 147.366743][ T6564] do_syscall_64+0xfa/0x3b0 [ 147.366762][ T6564] ? lockdep_hardirqs_on+0x9c/0x150 [ 147.366779][ T6564] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.366791][ T6564] ? clear_bhb_loop+0x60/0xb0 [ 147.366806][ T6564] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 147.366818][ T6564] RIP: 0033:0x7f7e27b8e929 [ 147.366829][ T6564] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 147.366839][ T6564] RSP: 002b:00007f7e28964038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 147.366852][ T6564] RAX: ffffffffffffffda RBX: 00007f7e27db5fa0 RCX: 00007f7e27b8e929 [ 147.366861][ T6564] RDX: 0000000000000001 RSI: 00002000000001c0 RDI: 0000000000000003 [ 147.366868][ T6564] RBP: 00007f7e28964090 R08: 0000200000000100 R09: 0000000000000010 [ 147.366876][ T6564] R10: 0000000004000855 R11: 0000000000000246 R12: 0000000000000002 [ 147.366883][ T6564] R13: 0000000000000000 R14: 00007f7e27db5fa0 R15: 00007f7e27edfa28 [ 147.366906][ T6564] [ 147.762514][ T10] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 147.952433][ T5844] Bluetooth: hci4: command 0x0405 tx timeout [ 147.953140][ T5842] Bluetooth: hci3: command 0x0c1a tx timeout [ 147.958475][ T5844] Bluetooth: hci2: command 0x0c1a tx timeout [ 147.964530][ T5842] Bluetooth: hci1: command 0x0c1a tx timeout [ 148.022268][ T10] usb 4-1: device descriptor read/8, error -71 [ 148.080123][ T6570] netlink: 76 bytes leftover after parsing attributes in process `syz.2.184'. [ 148.322150][ T10] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 148.372690][ T10] usb 4-1: device descriptor read/8, error -71 [ 148.495684][ T10] usb usb4-port1: unable to enumerate USB device [ 148.532277][ T980] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 148.642181][ T10] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 148.701951][ T980] usb 1-1: Using ep0 maxpacket: 16 [ 148.709090][ T980] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 148.718904][ T980] usb 1-1: config 0 has no interface number 0 [ 148.735269][ T980] usb 1-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 148.751389][ T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 148.760766][ T980] usb 1-1: Product: syz [ 148.769948][ T980] usb 1-1: Manufacturer: syz [ 148.785071][ T980] usb 1-1: SerialNumber: syz [ 148.793769][ T980] usb 1-1: config 0 descriptor?? [ 148.804736][ T10] usb 3-1: New USB device found, idVendor=17e9, idProduct=8b4e, bcdDevice=9c.08 [ 148.817820][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 148.829158][ T980] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 148.850659][ T10] usb 3-1: config 0 descriptor?? [ 148.959676][ T6588] syz.4.185 uses obsolete (PF_INET,SOCK_PACKET) [ 149.076103][ T6580] binder: 6579:6580 ioctl c0306201 200000000080 returned -14 [ 149.084702][ T6580] binder: 6579:6580 ioctl c0306201 2000000003c0 returned -14 [ 149.173888][ T980] gspca_spca1528: reg_w err -71 [ 149.203053][ T980] spca1528 1-1:0.1: probe with driver spca1528 failed with error -71 [ 149.267551][ T10] udl 3-1:0.0: [drm] Unrecognized vendor firmware descriptor [ 149.290563][ T980] usb 1-1: USB disconnect, device number 13 [ 149.317756][ T10] [drm:udl_init] *ERROR* Selecting channel failed [ 149.326119][ T6596] netlink: 12 bytes leftover after parsing attributes in process `syz.1.190'. [ 149.416270][ T10] [drm] Initialized udl 0.0.1 for 3-1:0.0 on minor 2 [ 149.475785][ T10] [drm] Initialized udl on minor 2 [ 149.502430][ T10] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 149.552040][ T10] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 149.560849][ T977] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 149.587099][ T977] udl 3-1:0.0: [drm] *ERROR* Read EDID byte 0 failed err ffffffb9 [ 149.588650][ T10] usb 3-1: USB disconnect, device number 8 [ 149.606665][ T977] udl 3-1:0.0: [drm] Cannot find any crtc or sizes [ 149.872551][ T977] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 149.961019][ T6608] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 150.043528][ T6612] capability: warning: `syz.2.194' uses deprecated v2 capabilities in a way that may be insecure [ 150.132606][ T977] usb 4-1: Using ep0 maxpacket: 32 [ 150.147201][ T977] usb 4-1: config 0 interface 0 altsetting 6 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 150.211234][ T977] usb 4-1: config 0 interface 0 has no altsetting 0 [ 150.248069][ T977] usb 4-1: New USB device found, idVendor=0bc7, idProduct=0004, bcdDevice= e.74 [ 150.267589][ T977] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 150.370358][ T977] usb 4-1: Product: syz [ 150.384909][ T977] usb 4-1: Manufacturer: syz [ 150.397647][ T977] usb 4-1: SerialNumber: syz [ 150.401001][ T6618] FAULT_INJECTION: forcing a failure. [ 150.401001][ T6618] name failslab, interval 1, probability 0, space 0, times 0 [ 150.418777][ T6618] CPU: 1 UID: 0 PID: 6618 Comm: syz.2.197 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 150.418802][ T6618] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 150.418814][ T6618] Call Trace: [ 150.418822][ T6618] [ 150.418831][ T6618] dump_stack_lvl+0x189/0x250 [ 150.418867][ T6618] ? __pfx____ratelimit+0x10/0x10 [ 150.418896][ T6618] ? __pfx_dump_stack_lvl+0x10/0x10 [ 150.418928][ T6618] ? __pfx__printk+0x10/0x10 [ 150.418956][ T6618] ? __pfx___might_resched+0x10/0x10 [ 150.418974][ T6618] ? fs_reclaim_acquire+0x7d/0x100 [ 150.419004][ T6618] should_fail_ex+0x414/0x560 [ 150.419047][ T6618] should_failslab+0xa8/0x100 [ 150.419090][ T6618] __kmalloc_noprof+0xcb/0x4f0 [ 150.419109][ T6618] ? kfree+0x4d/0x440 [ 150.419124][ T6618] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 150.419152][ T6618] tomoyo_realpath_from_path+0xe3/0x5d0 [ 150.419175][ T6618] ? tomoyo_domain+0xd9/0x130 [ 150.419203][ T6618] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 150.419233][ T6618] tomoyo_path_number_perm+0x1e8/0x5a0 [ 150.419265][ T6618] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 150.419314][ T6618] ? __lock_acquire+0xab9/0xd20 [ 150.419366][ T6618] ? __fget_files+0x2a/0x420 [ 150.419393][ T6618] ? __fget_files+0x2a/0x420 [ 150.419415][ T6618] ? __fget_files+0x3a0/0x420 [ 150.419438][ T6618] ? __fget_files+0x2a/0x420 [ 150.419467][ T6618] security_file_ioctl+0xcb/0x2d0 [ 150.419496][ T6618] __se_sys_ioctl+0x47/0x170 [ 150.419531][ T6618] do_syscall_64+0xfa/0x3b0 [ 150.419561][ T6618] ? lockdep_hardirqs_on+0x9c/0x150 [ 150.419590][ T6618] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.419610][ T6618] ? clear_bhb_loop+0x60/0xb0 [ 150.419635][ T6618] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 150.419659][ T6618] RIP: 0033:0x7f853078e929 [ 150.419677][ T6618] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 150.419694][ T6618] RSP: 002b:00007f8531573038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 150.419715][ T6618] RAX: ffffffffffffffda RBX: 00007f85309b5fa0 RCX: 00007f853078e929 [ 150.419730][ T6618] RDX: 0000200000000000 RSI: 00000000c028aa03 RDI: 0000000000000003 [ 150.419743][ T6618] RBP: 00007f8531573090 R08: 0000000000000000 R09: 0000000000000000 [ 150.419756][ T6618] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 150.419767][ T6618] R13: 0000000000000000 R14: 00007f85309b5fa0 R15: 00007f8530adfa28 [ 150.419799][ T6618] [ 150.419892][ T6618] ERROR: Out of memory at tomoyo_realpath_from_path. [ 150.423619][ T977] usb 4-1: config 0 descriptor?? [ 150.686615][ T977] ati_remote 4-1:0.0: ati_remote_probe: Unexpected desc.bNumEndpoints [ 150.722190][ T24] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 151.132160][ T24] usb 2-1: config 0 has no interfaces? [ 151.156155][ T24] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 151.186149][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 151.215601][ T24] usb 2-1: Product: syz [ 151.219787][ T24] usb 2-1: Manufacturer: syz [ 151.286371][ T24] usb 2-1: SerialNumber: syz [ 151.315120][ T24] usb 2-1: config 0 descriptor?? [ 151.326521][ T6628] bond2: entered promiscuous mode [ 151.354331][ T6604] gtp0: entered promiscuous mode [ 151.382304][ T6604] gtp0: entered allmulticast mode [ 151.415928][ T977] usb 4-1: USB disconnect, device number 17 [ 151.542311][ T1170] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 151.702232][ T1170] usb 3-1: device descriptor read/64, error -71 [ 151.859380][ T6639] netlink: 8 bytes leftover after parsing attributes in process `syz.0.203'. [ 151.870366][ T6639] netlink: 4 bytes leftover after parsing attributes in process `syz.0.203'. [ 151.915842][ T6639] netdevsim netdevsim0 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 151.924846][ T6639] netdevsim netdevsim0 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 151.934097][ T6639] netdevsim netdevsim0 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 151.943258][ T6639] netdevsim netdevsim0 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 151.971729][ T1170] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 152.066256][ T6641] FAULT_INJECTION: forcing a failure. [ 152.066256][ T6641] name failslab, interval 1, probability 0, space 0, times 0 [ 152.082731][ T6641] CPU: 1 UID: 0 PID: 6641 Comm: syz.3.204 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 152.082749][ T6641] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 152.082757][ T6641] Call Trace: [ 152.082762][ T6641] [ 152.082768][ T6641] dump_stack_lvl+0x189/0x250 [ 152.082794][ T6641] ? __pfx____ratelimit+0x10/0x10 [ 152.082814][ T6641] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.082835][ T6641] ? __pfx__printk+0x10/0x10 [ 152.082851][ T6641] ? __pfx___might_resched+0x10/0x10 [ 152.082872][ T6641] ? fs_reclaim_acquire+0x7d/0x100 [ 152.082892][ T6641] should_fail_ex+0x414/0x560 [ 152.082917][ T6641] should_failslab+0xa8/0x100 [ 152.082933][ T6641] __kmalloc_noprof+0xcb/0x4f0 [ 152.082945][ T6641] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 152.082964][ T6641] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 152.082989][ T6641] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 152.083014][ T6641] genl_family_rcv_msg_doit+0xb8/0x300 [ 152.083037][ T6641] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 152.083062][ T6641] ? rcu_is_watching+0x15/0xb0 [ 152.083076][ T6641] ? apparmor_capable+0x137/0x1b0 [ 152.083093][ T6641] ? bpf_lsm_capable+0x9/0x20 [ 152.083106][ T6641] ? security_capable+0x7e/0x2e0 [ 152.083129][ T6641] genl_rcv_msg+0x60e/0x790 [ 152.083153][ T6641] ? __pfx_genl_rcv_msg+0x10/0x10 [ 152.083169][ T6641] ? ref_tracker_free+0x63a/0x7d0 [ 152.083180][ T6641] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 152.083197][ T6641] ? __pfx_nl80211_set_qos_map+0x10/0x10 [ 152.083212][ T6641] ? __pfx_nl80211_post_doit+0x10/0x10 [ 152.083230][ T6641] ? __pfx_ref_tracker_free+0x10/0x10 [ 152.083250][ T6641] netlink_rcv_skb+0x208/0x470 [ 152.083265][ T6641] ? __pfx_genl_rcv_msg+0x10/0x10 [ 152.083284][ T6641] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 152.083310][ T6641] ? down_read+0x1ad/0x2e0 [ 152.083325][ T6641] genl_rcv+0x28/0x40 [ 152.083342][ T6641] netlink_unicast+0x75b/0x8d0 [ 152.083362][ T6641] netlink_sendmsg+0x805/0xb30 [ 152.083383][ T6641] ? __pfx_netlink_sendmsg+0x10/0x10 [ 152.083401][ T6641] ? aa_sock_msg_perm+0x94/0x160 [ 152.083422][ T6641] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 152.083439][ T6641] ? __pfx_netlink_sendmsg+0x10/0x10 [ 152.083454][ T6641] __sock_sendmsg+0x219/0x270 [ 152.083476][ T6641] ____sys_sendmsg+0x505/0x830 [ 152.083496][ T6641] ? __pfx_____sys_sendmsg+0x10/0x10 [ 152.083518][ T6641] ? import_iovec+0x74/0xa0 [ 152.083537][ T6641] ___sys_sendmsg+0x21f/0x2a0 [ 152.083554][ T6641] ? __pfx____sys_sendmsg+0x10/0x10 [ 152.083595][ T6641] ? __fget_files+0x2a/0x420 [ 152.083611][ T6641] ? __fget_files+0x3a0/0x420 [ 152.083634][ T6641] __x64_sys_sendmsg+0x19b/0x260 [ 152.083652][ T6641] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 152.083676][ T6641] ? __pfx_ksys_write+0x10/0x10 [ 152.083687][ T6641] ? rcu_is_watching+0x15/0xb0 [ 152.083702][ T6641] ? do_syscall_64+0xbe/0x3b0 [ 152.083726][ T6641] do_syscall_64+0xfa/0x3b0 [ 152.083745][ T6641] ? lockdep_hardirqs_on+0x9c/0x150 [ 152.083764][ T6641] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.083777][ T6641] ? clear_bhb_loop+0x60/0xb0 [ 152.083793][ T6641] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.083806][ T6641] RIP: 0033:0x7f250798e929 [ 152.083818][ T6641] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.083829][ T6641] RSP: 002b:00007f2508820038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 152.083843][ T6641] RAX: ffffffffffffffda RBX: 00007f2507bb5fa0 RCX: 00007f250798e929 [ 152.083853][ T6641] RDX: 0000000020084004 RSI: 0000200000001400 RDI: 0000000000000003 [ 152.083866][ T6641] RBP: 00007f2508820090 R08: 0000000000000000 R09: 0000000000000000 [ 152.083874][ T6641] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.083882][ T6641] R13: 0000000000000000 R14: 00007f2507bb5fa0 R15: 00007f2507cdfa28 [ 152.083902][ T6641] [ 152.468362][ T1170] usb 3-1: device descriptor read/64, error -71 [ 152.582572][ T1170] usb usb3-port1: attempt power cycle [ 152.650640][ T6647] FAULT_INJECTION: forcing a failure. [ 152.650640][ T6647] name failslab, interval 1, probability 0, space 0, times 0 [ 152.705979][ T6648] netlink: 12 bytes leftover after parsing attributes in process `syz.0.206'. [ 152.765724][ T6647] CPU: 0 UID: 0 PID: 6647 Comm: syz.3.205 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 152.765741][ T6647] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 152.765748][ T6647] Call Trace: [ 152.765754][ T6647] [ 152.765759][ T6647] dump_stack_lvl+0x189/0x250 [ 152.765783][ T6647] ? __pfx____ratelimit+0x10/0x10 [ 152.765812][ T6647] ? __pfx_dump_stack_lvl+0x10/0x10 [ 152.765833][ T6647] ? __pfx__printk+0x10/0x10 [ 152.765848][ T6647] ? __pfx___might_resched+0x10/0x10 [ 152.765860][ T6647] ? fs_reclaim_acquire+0x7d/0x100 [ 152.765878][ T6647] should_fail_ex+0x414/0x560 [ 152.765900][ T6647] should_failslab+0xa8/0x100 [ 152.765915][ T6647] kmem_cache_alloc_noprof+0x73/0x3c0 [ 152.765927][ T6647] ? getname_flags+0xb8/0x540 [ 152.765946][ T6647] getname_flags+0xb8/0x540 [ 152.765963][ T6647] __x64_sys_rename+0x6a/0x90 [ 152.765978][ T6647] do_syscall_64+0xfa/0x3b0 [ 152.765997][ T6647] ? lockdep_hardirqs_on+0x9c/0x150 [ 152.766015][ T6647] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.766027][ T6647] ? clear_bhb_loop+0x60/0xb0 [ 152.766043][ T6647] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 152.766055][ T6647] RIP: 0033:0x7f250798e929 [ 152.766066][ T6647] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 152.766076][ T6647] RSP: 002b:00007f25087de038 EFLAGS: 00000246 ORIG_RAX: 0000000000000052 [ 152.766089][ T6647] RAX: ffffffffffffffda RBX: 00007f2507bb6160 RCX: 00007f250798e929 [ 152.766099][ T6647] RDX: 0000000000000000 RSI: 00002000000005c0 RDI: 0000200000000100 [ 152.766107][ T6647] RBP: 00007f25087de090 R08: 0000000000000000 R09: 0000000000000000 [ 152.766114][ T6647] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 152.766122][ T6647] R13: 0000000000000000 R14: 00007f2507bb6160 R15: 00007f2507cdfa28 [ 152.766140][ T6647] [ 153.012146][ T1170] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 153.060143][ T1170] usb 3-1: device descriptor read/8, error -71 [ 153.153654][ T6650] netlink: 8 bytes leftover after parsing attributes in process `syz.4.207'. [ 153.322446][ T1170] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 153.365747][ T1170] usb 3-1: device descriptor read/8, error -71 [ 153.422622][ T5900] usb 2-1: USB disconnect, device number 11 [ 153.505848][ T1170] usb usb3-port1: unable to enumerate USB device [ 153.790658][ T6660] bond1: entered promiscuous mode [ 154.027707][ T6676] netlink: 60 bytes leftover after parsing attributes in process `syz.1.216'. [ 154.052772][ T5900] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 154.057053][ T6673] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 154.222169][ T5900] usb 4-1: Using ep0 maxpacket: 8 [ 154.235818][ T5900] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1023 [ 154.277055][ T5900] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 154.305797][ T5900] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 154.372170][ T43] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 154.379992][ T5900] usb 4-1: Product: 嗴࡚蔢喌洆돜≐೘矎ꊜ怽辦类晳잋ꕏ鼪嬧햡ᐅ㦢飦⨅埴耙㑽ࠬ舟徦ꈦⓜᘿ뺻鰎园捿ꌁᑝ騲쨭埃㰂離筂C逰㑓뻜❯唽켵裳棻뉝Oᴧꬼ䆤๬爥 [ 154.999383][ T43] usb 5-1: config 0 has no interfaces? [ 155.050900][ T43] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 155.072203][ T5900] usb 4-1: Manufacturer: ఁ [ 155.076859][ T5900] usb 4-1: SerialNumber: 䐓 [ 155.147171][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 155.191269][ T43] usb 5-1: Product: syz [ 155.208473][ T43] usb 5-1: Manufacturer: syz [ 155.299177][ T43] usb 5-1: SerialNumber: syz [ 155.345666][ T43] usb 5-1: config 0 descriptor?? [ 155.372001][ T6692] netlink: 12 bytes leftover after parsing attributes in process `syz.1.221'. [ 155.605064][ T6678] netlink: 134 bytes leftover after parsing attributes in process `syz.4.217'. [ 155.617824][ T6678] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 155.627885][ T6678] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 155.657061][ T5900] cdc_ncm 4-1:1.0: bind() failure [ 155.698044][ T5900] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 155.770314][ T5900] cdc_ncm 4-1:1.1: bind() failure [ 155.894749][ T5900] usb 4-1: USB disconnect, device number 18 [ 156.820280][ T6715] netlink: 8 bytes leftover after parsing attributes in process `syz.2.229'. [ 156.850109][ T6716] vlan2: entered promiscuous mode [ 156.855846][ T6716] erspan0: entered promiscuous mode [ 156.861444][ T6716] vlan2: entered allmulticast mode [ 156.868651][ T6716] erspan0: entered allmulticast mode [ 157.241169][ T5900] usb 5-1: USB disconnect, device number 15 [ 157.365955][ T6719] netlink: 100 bytes leftover after parsing attributes in process `syz.0.231'. [ 157.513112][ T24] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 157.682221][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 157.696937][ T24] usb 4-1: New USB device found, idVendor=17ef, idProduct=721e, bcdDevice=de.06 [ 157.707637][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 157.882220][ T24] usb 4-1: Product: syz [ 158.022390][ T24] usb 4-1: Manufacturer: syz [ 158.069496][ T6738] netlink: 8 bytes leftover after parsing attributes in process `syz.4.238'. [ 158.086627][ T24] usb 4-1: SerialNumber: syz [ 158.136301][ T30] kauditd_printk_skb: 250 callbacks suppressed [ 158.136316][ T30] audit: type=1326 audit(1749077008.486:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6740 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef098e929 code=0x7ffc0000 [ 158.230484][ T30] audit: type=1326 audit(1749077008.516:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6740 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fcef098e929 code=0x7ffc0000 [ 158.236757][ T24] r8152-cfgselector 4-1: Unknown version 0x0000 [ 158.280137][ T6747] netlink: 4 bytes leftover after parsing attributes in process `syz.2.241'. [ 158.302525][ T24] r8152-cfgselector 4-1: config 0 descriptor?? [ 158.350949][ T30] audit: type=1326 audit(1749077008.516:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6740 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef098e929 code=0x7ffc0000 [ 158.449745][ T977] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 158.470203][ T30] audit: type=1326 audit(1749077008.516:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6740 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef098e929 code=0x7ffc0000 [ 158.497698][ T30] audit: type=1326 audit(1749077008.516:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6740 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcef098d290 code=0x7ffc0000 [ 158.530726][ T30] audit: type=1326 audit(1749077008.516:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6740 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcef098e52b code=0x7ffc0000 [ 158.619300][ T30] audit: type=1326 audit(1749077008.516:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6740 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcef098e52b code=0x7ffc0000 [ 158.644538][ T977] usb 5-1: Using ep0 maxpacket: 8 [ 158.682265][ T977] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 158.696728][ T977] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 158.730347][ T977] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 158.754602][ T30] audit: type=1326 audit(1749077008.516:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6740 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcef098e52b code=0x7ffc0000 [ 158.773544][ T6756] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 158.785508][ T6756] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 158.817213][ T977] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 158.828572][ T977] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 158.841859][ T30] audit: type=1326 audit(1749077008.526:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6740 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcef098e52b code=0x7ffc0000 [ 158.883105][ T977] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 158.903049][ T977] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 158.919417][ T30] audit: type=1326 audit(1749077008.636:272): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6740 comm="syz.4.240" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcef098e52b code=0x7ffc0000 [ 159.180039][ T977] usb 5-1: GET_CAPABILITIES returned 0 [ 159.202458][ T977] usbtmc 5-1:16.0: can't read capabilities [ 159.662407][ T977] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 159.852735][ T977] usb 3-1: Using ep0 maxpacket: 16 [ 159.885766][ T977] usb 3-1: unable to get BOS descriptor or descriptor too short [ 159.932209][ T977] usb 3-1: config 1 has an invalid interface number: 26 but max is 1 [ 159.957346][ T977] usb 3-1: config 1 has an invalid interface number: 89 but max is 1 [ 159.998978][ T977] usb 3-1: config 1 has an invalid descriptor of length 11, skipping remainder of the config [ 160.052240][ T977] usb 3-1: config 1 has no interface number 0 [ 160.084516][ T977] usb 3-1: config 1 has no interface number 1 [ 160.112276][ T977] usb 3-1: config 1 interface 26 altsetting 213 bulk endpoint 0xC has invalid maxpacket 1023 [ 160.185862][ T977] usb 3-1: config 1 interface 26 altsetting 213 endpoint 0x7 has invalid maxpacket 1024, setting to 64 [ 160.203531][ T24] r8152-cfgselector 4-1: Unknown version 0x0000 [ 160.230616][ T24] r8152-cfgselector 4-1: bad CDC descriptors [ 160.263623][ T977] usb 3-1: config 1 interface 26 altsetting 213 bulk endpoint 0xD has invalid maxpacket 8 [ 160.288163][ T24] r8152-cfgselector 4-1: USB disconnect, device number 19 [ 160.356580][ T977] usb 3-1: config 1 interface 26 altsetting 213 endpoint 0x8 has invalid maxpacket 1023, setting to 64 [ 160.408443][ T977] usb 3-1: config 1 interface 26 altsetting 213 has 4 endpoint descriptors, different from the interface descriptor's value: 6 [ 160.447157][ T977] usb 3-1: config 1 interface 89 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 160.461712][ T977] usb 3-1: config 1 interface 26 has no altsetting 0 [ 160.468963][ T977] usb 3-1: config 1 interface 89 has no altsetting 0 [ 160.609361][ T977] usb 3-1: New USB device found, idVendor=1f38, idProduct=0001, bcdDevice=29.ec [ 160.639929][ T977] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 160.648629][ T977] usb 3-1: Product: syz [ 160.657887][ T977] usb 3-1: Manufacturer: syz [ 160.663044][ T977] usb 3-1: SerialNumber: syz [ 160.672590][ T10] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 160.680943][ T6763] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 160.711247][ T6763] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 160.812149][ T24] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 160.823540][ T10] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 160.834164][ T10] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 160.864690][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 160.937910][ T10] usb 2-1: config 0 descriptor?? [ 160.970793][ T10] pwc: Askey VC010 type 2 USB webcam detected. [ 161.014353][ T977] usb 3-1: unknown interface protocol 0x7d, assuming v1 [ 161.021389][ T977] usb 3-1: 26:2 : does not exist [ 161.049037][ T977] usb 3-1: unknown interface protocol 0x13, assuming v1 [ 161.087244][ T24] usb 4-1: config 0 has no interfaces? [ 161.092751][ T977] usb 3-1: 89:2 : does not exist [ 161.097186][ T6779] netlink: 8 bytes leftover after parsing attributes in process `syz.0.250'. [ 161.139299][ T977] usb 3-1: USB disconnect, device number 13 [ 161.315973][ T5851] udevd[5851]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.26/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 161.367459][ T24] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 161.371419][ T10] pwc: recv_control_msg error -32 req 02 val 2b00 [ 161.391958][ T6771] netlink: 8 bytes leftover after parsing attributes in process `syz.1.247'. [ 161.400990][ T10] pwc: recv_control_msg error -32 req 02 val 2700 [ 161.409709][ T6771] netlink: 8 bytes leftover after parsing attributes in process `syz.1.247'. [ 161.419685][ T6771] netlink: 6 bytes leftover after parsing attributes in process `syz.1.247'. [ 161.429483][ T6771] netlink: 8 bytes leftover after parsing attributes in process `syz.1.247'. [ 161.556501][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 161.633793][ T24] usb 4-1: Product: syz [ 161.642423][ T24] usb 4-1: Manufacturer: syz [ 161.647208][ T24] usb 4-1: SerialNumber: syz [ 162.203176][ T24] usb 4-1: config 0 descriptor?? [ 162.224252][ T6771] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.235307][ T6771] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 162.628568][ T6794] netlink: 134 bytes leftover after parsing attributes in process `syz.3.246'. [ 162.643313][ T6794] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 162.664764][ T6794] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 164.011644][ T43] usb 4-1: USB disconnect, device number 20 [ 164.164195][ T6810] netlink: 14 bytes leftover after parsing attributes in process `syz.3.258'. [ 164.319718][ T6810] bond0 (unregistering): left promiscuous mode [ 164.333909][ T6810] bond_slave_0: left promiscuous mode [ 164.339822][ T6810] bond_slave_1: left promiscuous mode [ 164.354189][ T6810] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 164.378706][ T6810] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 164.412422][ T24] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 164.427817][ T6810] bond0 (unregistering): Released all slaves [ 164.434912][ T6741] usbtmc 5-1:16.0: usb_control_msg returned -110 [ 164.487720][ T10] pwc: recv_control_msg error -71 req 02 val 2c00 [ 164.576843][ T10] pwc: recv_control_msg error -71 req 04 val 1000 [ 164.604848][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 164.625870][ T43] usb 5-1: USB disconnect, device number 16 [ 164.648789][ T24] usb 3-1: config 6 has an invalid interface number: 2 but max is 0 [ 164.662410][ T10] pwc: recv_control_msg error -71 req 04 val 1300 [ 164.670908][ T24] usb 3-1: config 6 has an invalid descriptor of length 0, skipping remainder of the config [ 164.703959][ T10] pwc: recv_control_msg error -71 req 04 val 1400 [ 164.713553][ T10] pwc: recv_control_msg error -71 req 02 val 2000 [ 164.716744][ T24] usb 3-1: config 6 has no interface number 0 [ 164.767954][ T24] usb 3-1: config 6 interface 2 altsetting 0 has an endpoint descriptor with address 0xAA, changing to 0x8A [ 164.782226][ T10] pwc: recv_control_msg error -71 req 02 val 2100 [ 164.815207][ T24] usb 3-1: config 6 interface 2 altsetting 0 endpoint 0x8A has invalid wMaxPacketSize 0 [ 164.815964][ T10] pwc: recv_control_msg error -71 req 04 val 1500 [ 164.894467][ T24] usb 3-1: config 6 interface 2 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 164.920261][ T24] usb 3-1: New USB device found, idVendor=0af0, idProduct=7271, bcdDevice=88.91 [ 164.941977][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 164.965095][ T24] usb 3-1: Product: syz [ 164.969348][ T24] usb 3-1: Manufacturer: syz [ 164.972219][ T10] pwc: recv_control_msg error -71 req 02 val 2500 [ 164.985468][ T24] usb 3-1: SerialNumber: syz [ 165.011234][ T24] hso 3-1:6.2: Failed to find INT IN ep [ 165.036785][ T10] pwc: recv_control_msg error -71 req 02 val 2400 [ 165.115332][ T10] pwc: recv_control_msg error -71 req 02 val 2600 [ 165.271158][ T5900] usb 3-1: USB disconnect, device number 14 [ 165.297915][ T43] IPVS: starting estimator thread 0... [ 165.340998][ T10] pwc: recv_control_msg error -71 req 02 val 2900 [ 165.365890][ T10] pwc: recv_control_msg error -71 req 02 val 2800 [ 165.408716][ T10] pwc: recv_control_msg error -71 req 04 val 1100 [ 165.432229][ T6821] IPVS: using max 39 ests per chain, 93600 per kthread [ 165.453192][ T43] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 165.455777][ T10] pwc: recv_control_msg error -71 req 04 val 1200 [ 165.516433][ T10] pwc: Registered as video103. [ 165.560367][ T10] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input9 [ 165.636272][ T10] usb 2-1: USB disconnect, device number 12 [ 165.646503][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 165.688875][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 165.715977][ T43] usb 4-1: New USB device found, idVendor=0c70, idProduct=f00d, bcdDevice= 0.00 [ 165.741910][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 165.781388][ T43] usb 4-1: config 0 descriptor?? [ 166.022166][ T10] usb 2-1: new full-speed USB device number 13 using dummy_hcd [ 166.183814][ T10] usb 2-1: config 0 has no interfaces? [ 166.191703][ T10] usb 2-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=22.7e [ 166.201222][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.222194][ T980] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 166.239375][ T10] usb 2-1: Product: syz [ 166.239604][ T43] aquacomputer_d5next 0003:0C70:F00D.0002: unknown main item tag 0x0 [ 166.243934][ T10] usb 2-1: Manufacturer: syz [ 166.256683][ T10] usb 2-1: SerialNumber: syz [ 166.346294][ T10] usb 2-1: config 0 descriptor?? [ 166.632212][ T24] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 166.654373][ T43] aquacomputer_d5next 0003:0C70:F00D.0002: unknown main item tag 0x0 [ 166.662311][ T980] usb 5-1: Using ep0 maxpacket: 16 [ 166.663385][ T43] aquacomputer_d5next 0003:0C70:F00D.0002: unknown main item tag 0x0 [ 166.675971][ T43] aquacomputer_d5next 0003:0C70:F00D.0002: unknown main item tag 0x0 [ 166.686009][ T43] aquacomputer_d5next 0003:0C70:F00D.0002: unknown main item tag 0x0 [ 166.691964][ T980] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 9.00 [ 166.704249][ T43] aquacomputer_d5next 0003:0C70:F00D.0002: hidraw0: USB HID v0.00 Device [HID 0c70:f00d] on usb-dummy_hcd.3-1/input0 [ 166.756840][ T980] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 166.768154][ T980] usb 5-1: Product: syz [ 166.775216][ T980] usb 5-1: Manufacturer: syz [ 166.779843][ T980] usb 5-1: SerialNumber: syz [ 166.806833][ T980] usb 5-1: config 0 descriptor?? [ 166.822540][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 166.831850][ T980] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 166.866612][ T24] usb 1-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 166.873658][ T980] usb 5-1: Detected FT232H [ 166.902606][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 166.912710][ T43] usb 2-1: USB disconnect, device number 13 [ 166.942840][ T24] usb 1-1: config 0 descriptor?? [ 166.991038][ T24] as10x_usb: device has been detected [ 167.007791][ T24] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 167.095838][ T980] ftdi_sio ttyUSB0: Unable to read latency timer: -32 [ 167.136650][ T24] usb 1-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 167.203066][ T6833] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 167.226580][ T6833] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 167.259708][ T24] as10x_usb: error during firmware upload part1 [ 167.267145][ T24] Registered device nBox DVB-T Dongle [ 167.269134][ T24] usb 1-1: USB disconnect, device number 14 [ 167.296446][ T24] Unregistered device nBox DVB-T Dongle [ 167.299728][ T24] as10x_usb: device has been disconnected [ 167.317730][ T6840] netlink: 4 bytes leftover after parsing attributes in process `syz.2.266'. [ 167.330211][ T980] ftdi_sio 5-1:0.0: GPIO initialisation failed: -5 [ 167.340359][ T980] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 167.852680][ T24] usb 4-1: reset high-speed USB device number 21 using dummy_hcd [ 167.900379][ T30] kauditd_printk_skb: 28 callbacks suppressed [ 167.900394][ T30] audit: type=1326 audit(1749077018.246:301): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6823 comm="syz.4.262" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fcef098e929 code=0x0 [ 167.931796][ T980] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 168.082611][ T980] usb 2-1: Using ep0 maxpacket: 8 [ 168.111829][ T980] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 168.158151][ T6848] netlink: 32 bytes leftover after parsing attributes in process `syz.4.262'. [ 168.173370][ T980] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 168.267243][ T980] usb 2-1: Product: syz [ 168.290604][ T980] usb 2-1: Manufacturer: syz [ 168.309785][ T980] usb 2-1: SerialNumber: syz [ 168.338389][ T980] usb 2-1: config 0 descriptor?? [ 168.549253][ T6858] netlink: 24 bytes leftover after parsing attributes in process `syz.3.269'. [ 168.630353][ T6842] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 168.671164][ T6842] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 168.749542][ T980] usb 2-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 169.037246][ T43] usb 4-1: USB disconnect, device number 21 [ 169.296238][ T10] usb 5-1: USB disconnect, device number 17 [ 169.384782][ T10] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 169.416752][ T10] ftdi_sio 5-1:0.0: device disconnected [ 170.012221][ T5891] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 170.252215][ T980] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 170.263293][ T5891] usb 5-1: config 0 has no interfaces? [ 170.295821][ T980] usb 2-1: USB disconnect, device number 14 [ 170.302726][ T5891] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 170.330658][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.343008][ T5891] usb 5-1: Product: syz [ 170.347574][ T5891] usb 5-1: Manufacturer: syz [ 170.361078][ T5891] usb 5-1: SerialNumber: syz [ 170.398646][ T5891] usb 5-1: config 0 descriptor?? [ 170.662342][ T5891] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 170.835754][ T5891] usb 4-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad [ 170.855584][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 171.300618][ T5891] usb 4-1: config 0 descriptor?? [ 171.317383][ T6884] netlink: 12 bytes leftover after parsing attributes in process `syz.0.277'. [ 171.404270][ T6883] netlink: 134 bytes leftover after parsing attributes in process `syz.4.272'. [ 171.430143][ T6883] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 171.467447][ T6883] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 171.552721][ T5891] snd-usb-hiface 4-1:0.0: probe with driver snd-usb-hiface failed with error -22 [ 172.172291][ T43] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 172.528832][ T43] usb 3-1: Using ep0 maxpacket: 32 [ 172.550386][ T43] usb 3-1: config 0 has an invalid interface number: 133 but max is 0 [ 172.562020][ T43] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 172.646983][ T43] usb 3-1: config 0 has no interface number 0 [ 172.653351][ T43] usb 3-1: config 0 interface 133 altsetting 0 bulk endpoint 0xB has invalid maxpacket 1024 [ 172.669317][ T43] usb 3-1: config 0 interface 133 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 172.687312][ T43] usb 3-1: config 0 interface 133 altsetting 0 bulk endpoint 0xF has invalid maxpacket 0 [ 172.710435][ T43] usb 3-1: config 0 interface 133 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 172.726728][ T5893] usb 5-1: USB disconnect, device number 18 [ 172.767014][ T43] usb 3-1: New USB device found, idVendor=0424, idProduct=012c, bcdDevice=71.1e [ 172.777046][ T43] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 172.786027][ T43] usb 3-1: Product: syz [ 172.790366][ T43] usb 3-1: Manufacturer: syz [ 172.802318][ T43] usb 3-1: SerialNumber: syz [ 172.842532][ T43] usb 3-1: config 0 descriptor?? [ 172.848437][ T6892] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 173.507719][ T43] usb 3-1: probing VID:PID(0424:012C) [ 173.523831][ T43] usb 3-1: vub300 testing BULK OUT EndPoint(0) 0B [ 173.595030][ T43] usb 3-1: vub300 testing BULK OUT EndPoint(1) 0F [ 173.609527][ T43] usb 3-1: Could not find two sets of bulk-in/out endpoint pairs [ 173.667052][ T43] vub300 3-1:0.133: probe with driver vub300 failed with error -22 [ 173.705633][ T43] usb 3-1: USB disconnect, device number 15 [ 173.801849][ T5900] usb 4-1: USB disconnect, device number 22 [ 174.075628][ T6925] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 174.115596][ T6928] FAULT_INJECTION: forcing a failure. [ 174.115596][ T6928] name failslab, interval 1, probability 0, space 0, times 0 [ 174.135827][ T6928] CPU: 0 UID: 0 PID: 6928 Comm: syz.3.288 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 174.135852][ T6928] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 174.135865][ T6928] Call Trace: [ 174.135872][ T6928] [ 174.135881][ T6928] dump_stack_lvl+0x189/0x250 [ 174.135916][ T6928] ? __pfx____ratelimit+0x10/0x10 [ 174.135945][ T6928] ? __pfx_dump_stack_lvl+0x10/0x10 [ 174.135974][ T6928] ? __pfx__printk+0x10/0x10 [ 174.135999][ T6928] ? __pfx___might_resched+0x10/0x10 [ 174.136017][ T6928] ? fs_reclaim_acquire+0x7d/0x100 [ 174.136046][ T6928] should_fail_ex+0x414/0x560 [ 174.136079][ T6928] should_failslab+0xa8/0x100 [ 174.136102][ T6928] __kmalloc_noprof+0xcb/0x4f0 [ 174.136121][ T6928] ? video_usercopy+0x18f/0x14f0 [ 174.136148][ T6928] video_usercopy+0x18f/0x14f0 [ 174.136177][ T6928] ? __pfx___video_do_ioctl+0x10/0x10 [ 174.136197][ T6928] ? __pfx_video_usercopy+0x10/0x10 [ 174.136235][ T6928] ? __fget_files+0x2a/0x420 [ 174.136260][ T6928] ? __fget_files+0x2a/0x420 [ 174.136281][ T6928] ? __fget_files+0x3a0/0x420 [ 174.136307][ T6928] v4l2_ioctl+0x18d/0x1e0 [ 174.136327][ T6928] ? __pfx_v4l2_ioctl+0x10/0x10 [ 174.136347][ T6928] __se_sys_ioctl+0xf9/0x170 [ 174.136380][ T6928] do_syscall_64+0xfa/0x3b0 [ 174.136417][ T6928] ? lockdep_hardirqs_on+0x9c/0x150 [ 174.136444][ T6928] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.136464][ T6928] ? clear_bhb_loop+0x60/0xb0 [ 174.136487][ T6928] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 174.136506][ T6928] RIP: 0033:0x7f250798e929 [ 174.136522][ T6928] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 174.136539][ T6928] RSP: 002b:00007f2508820038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 174.136559][ T6928] RAX: ffffffffffffffda RBX: 00007f2507bb5fa0 RCX: 00007f250798e929 [ 174.136573][ T6928] RDX: 0000200000000600 RSI: 00000000c0d05605 RDI: 0000000000000003 [ 174.136596][ T6928] RBP: 00007f2508820090 R08: 0000000000000000 R09: 0000000000000000 [ 174.136608][ T6928] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 174.136618][ T6928] R13: 0000000000000000 R14: 00007f2507bb5fa0 R15: 00007f2507cdfa28 [ 174.136643][ T6928] [ 174.364598][ T43] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 174.558258][ T6933] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 174.622694][ T5900] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 174.642178][ T43] usb 3-1: Invalid ep0 maxpacket: 9 [ 174.777977][ T43] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 174.785859][ T5900] usb 1-1: Using ep0 maxpacket: 32 [ 174.803910][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has an invalid bInterval 0, changing to 7 [ 174.817045][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 174.878116][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has an invalid bInterval 0, changing to 7 [ 174.952184][ T43] usb 3-1: Invalid ep0 maxpacket: 9 [ 174.971352][ T43] usb usb3-port1: attempt power cycle [ 174.976855][ T5900] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 175.327533][ T5900] usb 1-1: New USB device found, idVendor=17dd, idProduct=5500, bcdDevice=f3.5e [ 175.337197][ T43] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 175.362344][ T5900] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 175.370531][ T5900] usb 1-1: Product: syz [ 175.375338][ T5900] usb 1-1: Manufacturer: syz [ 175.380352][ T43] usb 3-1: Invalid ep0 maxpacket: 9 [ 175.386986][ T5900] usb 1-1: SerialNumber: syz [ 175.401579][ T5900] usb 1-1: config 0 descriptor?? [ 175.420834][ T5900] cypress_m8 1-1:0.0: HID->COM RS232 Adapter converter detected [ 175.439008][ T5900] cyphidcom ttyUSB0: required endpoint is missing [ 175.522736][ T43] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 175.573431][ T30] audit: type=1326 audit(1749077025.926:302): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef098e929 code=0x7ffc0000 [ 175.573569][ T43] usb 3-1: Invalid ep0 maxpacket: 9 [ 175.595622][ C1] vkms_vblank_simulate: vblank timer overrun [ 175.628481][ T5930] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 175.633064][ T43] usb usb3-port1: unable to enumerate USB device [ 175.656635][ T30] audit: type=1326 audit(1749077025.956:303): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef098e929 code=0x7ffc0000 [ 175.690853][ T30] audit: type=1326 audit(1749077025.956:304): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=222 compat=0 ip=0x7fcef098e929 code=0x7ffc0000 [ 175.723313][ T30] audit: type=1326 audit(1749077025.956:305): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef098e929 code=0x7ffc0000 [ 175.745521][ C1] vkms_vblank_simulate: vblank timer overrun [ 175.752588][ T30] audit: type=1326 audit(1749077025.956:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fcef098e929 code=0x7ffc0000 [ 175.778628][ T30] audit: type=1326 audit(1749077025.956:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fcef098d290 code=0x7ffc0000 [ 175.812197][ T30] audit: type=1326 audit(1749077025.956:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcef098e52b code=0x7ffc0000 [ 175.841227][ T30] audit: type=1326 audit(1749077025.956:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcef098e52b code=0x7ffc0000 [ 175.852134][ T5930] usb 4-1: Using ep0 maxpacket: 16 [ 175.863458][ C1] vkms_vblank_simulate: vblank timer overrun [ 175.876729][ T5900] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 175.894817][ T30] audit: type=1326 audit(1749077025.966:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcef098e52b code=0x7ffc0000 [ 175.919043][ T5930] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xD7, changing to 0x87 [ 175.931012][ T5930] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 0, changing to 7 [ 175.943195][ T30] audit: type=1326 audit(1749077025.966:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=6942 comm="syz.4.292" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fcef098e52b code=0x7ffc0000 [ 175.954553][ T5930] usb 4-1: New USB device found, idVendor=05ac, idProduct=9226, bcdDevice=b2.89 [ 175.965328][ C1] vkms_vblank_simulate: vblank timer overrun [ 175.990821][ T5930] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.000649][ T5930] usb 4-1: Product: syz [ 176.005352][ T5930] usb 4-1: Manufacturer: syz [ 176.010920][ T5930] usb 4-1: SerialNumber: syz [ 176.026376][ T5930] usb 4-1: config 0 descriptor?? [ 176.042256][ T5900] usb 5-1: Using ep0 maxpacket: 8 [ 176.054675][ T5900] usb 5-1: config index 0 descriptor too short (expected 301, got 45) [ 176.065919][ T5900] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 176.082530][ T5900] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 176.116477][ T5900] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 176.127736][ T5900] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 176.141099][ T5900] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 176.150495][ T5900] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 176.344978][ T5930] appledisplay 4-1:0.0: Error while getting initial brightness: -110 [ 176.365620][ T5930] appledisplay 4-1:0.0: probe with driver appledisplay failed with error -110 [ 176.379692][ T6944] kvm: vcpu 2: requested 128 ns lapic timer period limited to 200000 ns [ 176.388814][ T6944] kvm: vcpu 2: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 176.412401][ T5900] usb 5-1: GET_CAPABILITIES returned 0 [ 176.445262][ T5900] usbtmc 5-1:16.0: can't read capabilities [ 177.063528][ T6948] binder: 6947:6948 ioctl c0306201 200000000240 returned -11 [ 177.531834][ T5900] usb 1-1: USB disconnect, device number 15 [ 177.616010][ T5900] cypress_m8 1-1:0.0: device disconnected [ 177.712528][ T980] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 177.877462][ T980] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 177.897383][ T980] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 177.932442][ T980] usb 3-1: Product: syz [ 177.955683][ T980] usb 3-1: Manufacturer: syz [ 177.979386][ T980] usb 3-1: SerialNumber: syz [ 178.007825][ T980] usb 3-1: config 0 descriptor?? [ 178.202244][ T5900] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 178.379633][ T5900] usb 2-1: config 0 has no interfaces? [ 178.401263][ T5891] usb 4-1: USB disconnect, device number 23 [ 178.442699][ T6954] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 178.472753][ T6954] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 178.489704][ T5900] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 178.503338][ T980] usb 3-1: Firmware: major: 130, minor: 102, hardware type: HULUSB (4) [ 178.524029][ T5900] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.545602][ T5900] usb 2-1: Product: syz [ 178.559298][ T5900] usb 2-1: Manufacturer: syz [ 178.571221][ T5900] usb 2-1: SerialNumber: syz [ 178.597874][ T5900] usb 2-1: config 0 descriptor?? [ 178.721643][ T980] usb 3-1: failed to fetch extended address, random address set [ 178.844433][ T6964] netlink: 44 bytes leftover after parsing attributes in process `syz.1.297'. [ 178.853612][ T6964] openvswitch: netlink: Flow key attr not present in new flow. [ 178.984658][ T980] usb 3-1: USB disconnect, device number 20 [ 179.234308][ T6974] netlink: 4 bytes leftover after parsing attributes in process `syz.0.300'. [ 179.581639][ T980] usb 5-1: USB disconnect, device number 19 [ 179.757882][ T6983] batman_adv: batadv0: Adding interface: dummy0 [ 179.774697][ T6983] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 179.799909][ C1] vkms_vblank_simulate: vblank timer overrun [ 179.857851][ T6983] batman_adv: batadv0: Interface activated: dummy0 [ 179.934864][ T6987] batadv0: mtu less than device minimum [ 179.953822][ T6987] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 179.965718][ T6987] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 179.976947][ T6987] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 179.988411][ T6987] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 179.999917][ T6987] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 180.011517][ T6987] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 180.023122][ T6987] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 180.034554][ T6987] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 180.678555][ T6995] binder: 6994:6995 ioctl c0306201 200000000240 returned -11 [ 180.925510][ T7000] netlink: 168 bytes leftover after parsing attributes in process `syz.2.307'. [ 181.173363][ T30] kauditd_printk_skb: 1362 callbacks suppressed [ 181.173382][ T30] audit: type=1326 audit(1749077031.526:1674): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7005 comm="syz.2.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 181.225559][ T30] audit: type=1326 audit(1749077031.566:1675): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7005 comm="syz.2.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 181.252280][ T30] audit: type=1326 audit(1749077031.576:1676): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7005 comm="syz.2.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=11 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 181.276197][ T30] audit: type=1326 audit(1749077031.576:1677): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7005 comm="syz.2.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 181.302164][ T30] audit: type=1326 audit(1749077031.586:1678): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7005 comm="syz.2.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 181.335062][ T30] audit: type=1326 audit(1749077031.586:1679): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7005 comm="syz.2.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 181.352176][ T24] usb 5-1: new full-speed USB device number 20 using dummy_hcd [ 181.447574][ T30] audit: type=1326 audit(1749077031.606:1680): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7005 comm="syz.2.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 181.535673][ T30] audit: type=1326 audit(1749077031.606:1681): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7005 comm="syz.2.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 181.592291][ T5891] usb 3-1: new high-speed USB device number 21 using dummy_hcd [ 181.631045][ T30] audit: type=1326 audit(1749077031.616:1682): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7005 comm="syz.2.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 181.696659][ T24] usb 5-1: not running at top speed; connect to a high speed hub [ 181.731304][ T30] audit: type=1326 audit(1749077031.616:1683): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7005 comm="syz.2.309" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 181.755530][ T1170] usb 2-1: USB disconnect, device number 15 [ 181.764057][ T24] usb 5-1: config 1 interface 0 altsetting 6 endpoint 0x82 has invalid maxpacket 512, setting to 64 [ 181.787172][ T6997] macvlan0: entered promiscuous mode [ 181.793107][ T5891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8A has invalid maxpacket 13045, setting to 1024 [ 181.820877][ T5891] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8A has invalid maxpacket 1024 [ 181.834249][ T6997] macvlan0: entered allmulticast mode [ 181.845203][ T24] usb 5-1: config 1 interface 0 altsetting 6 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 181.882365][ T24] usb 5-1: config 1 interface 0 has no altsetting 0 [ 181.894930][ T5891] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 181.927731][ T5891] usb 3-1: New USB device found, idVendor=057f, idProduct=2200, bcdDevice= 0.00 [ 181.943485][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.960017][ T24] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 181.980288][ T5891] usb 3-1: config 0 descriptor?? [ 181.997054][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 182.004411][ T7007] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 182.038158][ T24] usb 5-1: Product: ꚵけ橒푛滒잶嶗誒鯄샮ᳯ∋ⱺ⣀ﶽ륄䶋毁뽙㛎ኇ믒艁ꪐ⼒崛뻘棚줉匴钘嬙햷犺㋫͈憚卖ᡱ揦녍폧쀣妀⭮蘉⚿诎醗轼ី⣳諰蕶卶䕰俕䲬 챽품뺋Ρ辂瞲軷 [ 182.061067][ C1] vkms_vblank_simulate: vblank timer overrun [ 182.126801][ T24] usb 5-1: Manufacturer: 闣緊䝚ꡣ낿鹥Ꚁ츶㦿㧟孊쿸⬉箑ꌸ췳Չ挵毾Ƥ絧졝⸫닯㓏暠雛捦셒죂印ザ惒鼐丐桜ᩰꙩ䂫汹ퟨ੍籑콜祐겛狖ǯ⢕䚹ꨦ봻颻篔嗩볌糼㠢፯ꈏ퐩䰇妸沕宩而
与ᮨ锆ﴗ⛪祪Շ쮩渥Ễ䫻澶爉欄뀆⠎∝览灸舤희ឞퟤ㲋څ즑 [ 182.158624][ C1] vkms_vblank_simulate: vblank timer overrun [ 182.248733][ T24] usb 5-1: SerialNumber: syz [ 182.271608][ T7003] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 182.306777][ T7003] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 182.556333][ T24] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -22 [ 182.783163][ T5930] usb 5-1: USB disconnect, device number 20 [ 183.362708][ T5930] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 183.582148][ T5930] usb 4-1: Using ep0 maxpacket: 16 [ 183.592428][ T5930] usb 4-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 183.615469][ T5930] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 183.624992][ T5930] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 183.634637][ T5930] usb 4-1: Product: syz [ 183.639083][ T5930] usb 4-1: Manufacturer: syz [ 183.652326][ T5930] usb 4-1: SerialNumber: syz [ 183.895160][ T5930] usb 4-1: config 0 descriptor?? [ 183.909230][ T5930] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 183.918088][ T5930] usb 4-1: Detected FT232R [ 184.142578][ T5930] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 184.232962][ T5930] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 184.333466][ T5930] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 184.347346][ T5891] usb 3-1: string descriptor 0 read error: -71 [ 184.396135][ T5930] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 184.406333][ T5891] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 184.492368][ T1170] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 184.508886][ T7056] netlink: 4 bytes leftover after parsing attributes in process `syz.4.322'. [ 184.542997][ T5930] usb 4-1: USB disconnect, device number 24 [ 184.565172][ T5891] usb 3-1: USB disconnect, device number 21 [ 184.614447][ T5930] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 184.679958][ T5930] ftdi_sio 4-1:0.0: device disconnected [ 184.701916][ T1170] usb 2-1: config 0 has no interfaces? [ 184.727156][ T1170] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 184.788359][ T1170] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 184.875066][ T1170] usb 2-1: Product: syz [ 184.920995][ T1170] usb 2-1: Manufacturer: syz [ 184.925865][ T24] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 184.982877][ T1170] usb 2-1: SerialNumber: syz [ 185.114916][ T1170] usb 2-1: config 0 descriptor?? [ 185.193703][ T24] usb 5-1: config 220 has an invalid interface number: 76 but max is 2 [ 185.212499][ T24] usb 5-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 185.221402][ T24] usb 5-1: config 220 has an invalid descriptor of length 219, skipping remainder of the config [ 185.239415][ T24] usb 5-1: config 220 has no interface number 2 [ 185.256237][ T24] usb 5-1: config 220 interface 1 altsetting 5 has 0 endpoint descriptors, different from the interface descriptor's value: 12 [ 185.269945][ T24] usb 5-1: config 220 interface 0 has no altsetting 0 [ 185.280309][ T24] usb 5-1: config 220 interface 76 has no altsetting 0 [ 185.293775][ T24] usb 5-1: config 220 interface 1 has no altsetting 0 [ 185.404085][ T24] usb 5-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 185.413281][ T24] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 185.463446][ T24] usb 5-1: Product: syz [ 185.513342][ T7072] netlink: 44 bytes leftover after parsing attributes in process `syz.1.321'. [ 185.523364][ T7072] net_ratelimit: 11 callbacks suppressed [ 185.523435][ T7072] openvswitch: netlink: Flow key attr not present in new flow. [ 185.541342][ T24] usb 5-1: Manufacturer: syz [ 185.549606][ T24] usb 5-1: SerialNumber: syz [ 185.788692][ T24] usb 5-1: selecting invalid altsetting 0 [ 185.799020][ T24] usb 5-1: Found UVC 7.01 device syz (8086:0b07) [ 185.813957][ T24] usb 5-1: No valid video chain found. [ 185.827679][ T24] usb 5-1: selecting invalid altsetting 0 [ 185.838838][ T24] usbtest 5-1:220.1: probe with driver usbtest failed with error -22 [ 185.848163][ T1170] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 185.886812][ T24] usb 5-1: USB disconnect, device number 21 [ 186.022303][ T1170] usb 4-1: Using ep0 maxpacket: 32 [ 186.029290][ T1170] usb 4-1: config 0 has an invalid interface number: 12 but max is 0 [ 186.037752][ T1170] usb 4-1: config 0 has no interface number 0 [ 186.044090][ T1170] usb 4-1: config 0 interface 12 has no altsetting 0 [ 186.053396][ T1170] usb 4-1: New USB device found, idVendor=2c42, idProduct=1202, bcdDevice=85.40 [ 186.063066][ T1170] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.084250][ T1170] usb 4-1: Product: syz [ 186.095189][ T1170] usb 4-1: Manufacturer: syz [ 186.108176][ T1170] usb 4-1: SerialNumber: syz [ 186.132674][ T1170] usb 4-1: config 0 descriptor?? [ 186.582229][ T24] usb 3-1: new high-speed USB device number 22 using dummy_hcd [ 186.734854][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 186.745203][ T24] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 186.756315][ T24] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 186.775813][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 186.819765][ T24] usb 3-1: config 0 descriptor?? [ 187.075375][ T5891] usb 3-1: USB disconnect, device number 22 [ 187.476207][ T1170] f81534 4-1:0.12: f81534_set_register: reg: 1003 data: 20 failed: -71 [ 187.486542][ T1170] f81534 4-1:0.12: f81534_find_config_idx: read failed: -71 [ 187.498051][ T1170] f81534 4-1:0.12: f81534_calc_num_ports: find idx failed: -71 [ 187.759909][ T1170] f81534 4-1:0.12: probe with driver f81534 failed with error -71 [ 187.794608][ T1170] usb 4-1: USB disconnect, device number 25 [ 187.962670][ T5891] usb 3-1: new high-speed USB device number 23 using dummy_hcd [ 188.058128][ T5930] usb 2-1: USB disconnect, device number 16 [ 188.097338][ T7100] fuse: Bad value for 'group_id' [ 188.105957][ T7094] FAULT_INJECTION: forcing a failure. [ 188.105957][ T7094] name failslab, interval 1, probability 0, space 0, times 0 [ 188.108105][ T7100] fuse: Bad value for 'group_id' [ 188.129965][ T7103] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 188.138586][ T7094] CPU: 0 UID: 0 PID: 7094 Comm: syz.3.334 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 188.138612][ T7094] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 188.138624][ T7094] Call Trace: [ 188.138633][ T7094] [ 188.138641][ T7094] dump_stack_lvl+0x189/0x250 [ 188.138688][ T7094] ? __pfx____ratelimit+0x10/0x10 [ 188.138717][ T7094] ? __pfx_dump_stack_lvl+0x10/0x10 [ 188.138748][ T7094] ? __pfx__printk+0x10/0x10 [ 188.138794][ T7094] ? __pfx___might_resched+0x10/0x10 [ 188.138814][ T7094] ? fs_reclaim_acquire+0x7d/0x100 [ 188.138846][ T7094] should_fail_ex+0x414/0x560 [ 188.138885][ T7094] should_failslab+0xa8/0x100 [ 188.138911][ T7094] __kmalloc_noprof+0xcb/0x4f0 [ 188.138933][ T7094] ? fuse_direct_io+0xa12/0x2a70 [ 188.138978][ T7094] fuse_direct_io+0xa12/0x2a70 [ 188.139048][ T7094] ? __pfx_fuse_direct_io+0x10/0x10 [ 188.139085][ T7094] ? __kasan_kmalloc+0x93/0xb0 [ 188.139114][ T7094] ? __raw_spin_lock_init+0x45/0x100 [ 188.139147][ T7094] fuse_direct_IO+0x8a8/0x1210 [ 188.139207][ T7094] ? __pfx_fuse_direct_IO+0x10/0x10 [ 188.139234][ T7094] ? cap_inode_need_killpriv+0x51/0x60 [ 188.139268][ T7094] ? bpf_lsm_inode_need_killpriv+0x9/0x20 [ 188.139304][ T7094] ? security_inode_need_killpriv+0x71/0x270 [ 188.139338][ T7094] ? file_remove_privs_flags+0x483/0x5f0 [ 188.139382][ T7094] ? __pfx_file_remove_privs_flags+0x10/0x10 [ 188.139428][ T7094] generic_file_direct_write+0x1d8/0x3e0 [ 188.139465][ T7094] ? file_update_time+0x115/0x490 [ 188.139503][ T7094] __generic_file_write_iter+0x11d/0x230 [ 188.139537][ T7094] ? generic_file_write_iter+0xfb/0x540 [ 188.139574][ T7094] generic_file_write_iter+0x10f/0x540 [ 188.139612][ T7094] ? __pfx_generic_file_write_iter+0x10/0x10 [ 188.139655][ T7094] ? __lock_acquire+0xab9/0xd20 [ 188.139713][ T7094] ? aa_file_perm+0x11f/0xed0 [ 188.139738][ T7094] ? aa_file_perm+0x11f/0xed0 [ 188.139761][ T7094] ? unwind_get_return_address+0x4d/0x90 [ 188.139799][ T7094] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 188.139841][ T7094] fuse_file_write_iter+0xd98/0x10a0 [ 188.139887][ T7094] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 188.139924][ T7094] ? __lock_acquire+0xab9/0xd20 [ 188.140020][ T7094] ? aio_write+0x4c4/0x7a0 [ 188.140052][ T7094] aio_write+0x532/0x7a0 [ 188.140082][ T7094] ? __pfx_aio_write+0x10/0x10 [ 188.140123][ T7094] ? __might_fault+0xb0/0x130 [ 188.140166][ T7094] io_submit_one+0x78b/0x1310 [ 188.140226][ T7094] ? __pfx_io_submit_one+0x10/0x10 [ 188.140253][ T7094] ? __might_fault+0xb0/0x130 [ 188.140290][ T7094] ? __might_fault+0xb0/0x130 [ 188.140329][ T7094] __se_sys_io_submit+0x185/0x2f0 [ 188.140354][ T7094] ? __pfx___se_sys_io_submit+0x10/0x10 [ 188.140374][ T7094] ? ksys_write+0x22a/0x250 [ 188.140407][ T7094] ? do_syscall_64+0xbe/0x3b0 [ 188.140443][ T7094] do_syscall_64+0xfa/0x3b0 [ 188.140475][ T7094] ? lockdep_hardirqs_on+0x9c/0x150 [ 188.140506][ T7094] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.140529][ T7094] ? clear_bhb_loop+0x60/0xb0 [ 188.140555][ T7094] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 188.140577][ T7094] RIP: 0033:0x7f250798e929 [ 188.140603][ T7094] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 188.140623][ T7094] RSP: 002b:00007f2508820038 EFLAGS: 00000246 ORIG_RAX: 00000000000000d1 [ 188.140654][ T7094] RAX: ffffffffffffffda RBX: 00007f2507bb5fa0 RCX: 00007f250798e929 [ 188.140670][ T7094] RDX: 0000200000000700 RSI: 000000000000140b RDI: 00007f25087bd000 [ 188.140685][ T7094] RBP: 00007f2508820090 R08: 0000000000000000 R09: 0000000000000000 [ 188.140697][ T7094] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 188.140711][ T7094] R13: 0000000000000000 R14: 00007f2507bb5fa0 R15: 00007f2507cdfa28 [ 188.140744][ T7094] [ 188.212189][ T5891] usb 3-1: Using ep0 maxpacket: 32 [ 188.222768][ T7103] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 188.521755][ C1] vkms_vblank_simulate: vblank timer overrun [ 188.612867][ T1170] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 188.667766][ T7108] netlink: 156 bytes leftover after parsing attributes in process `syz.1.338'. [ 188.796646][ T1170] usb 5-1: config 4 has an invalid interface number: 39 but max is 1 [ 188.804828][ T1170] usb 5-1: config 4 has an invalid interface number: 49 but max is 1 [ 188.821733][ T1170] usb 5-1: config 4 has no interface number 0 [ 188.827918][ T1170] usb 5-1: config 4 has no interface number 1 [ 188.844184][ T1170] usb 5-1: config 4 interface 39 has no altsetting 0 [ 188.858528][ T1170] usb 5-1: config 4 interface 49 has no altsetting 0 [ 188.871609][ T1170] usb 5-1: New USB device found, idVendor=05e3, idProduct=0503, bcdDevice=25.79 [ 188.885588][ T1170] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.893635][ T1170] usb 5-1: Product: syz [ 188.897953][ T1170] usb 5-1: Manufacturer: syz [ 188.909254][ T1170] usb 5-1: SerialNumber: syz [ 189.002475][ T5900] usb 2-1: new high-speed USB device number 17 using dummy_hcd [ 189.036294][ T7113] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 189.208608][ T5891] usb 3-1: unable to get BOS descriptor or descriptor too short [ 189.218349][ T5891] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 189.222345][ T5900] usb 2-1: device descriptor read/64, error -71 [ 189.234365][ T5891] usb 3-1: can't read configurations, error -71 [ 189.268131][ T1170] usb 5-1: USB disconnect, device number 22 [ 189.552969][ T5900] usb 2-1: new high-speed USB device number 18 using dummy_hcd [ 189.692314][ T5900] usb 2-1: device descriptor read/64, error -71 [ 189.832376][ T5900] usb usb2-port1: attempt power cycle [ 190.177418][ T7127] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 190.232305][ T5900] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 190.262976][ T5900] usb 2-1: device descriptor read/8, error -71 [ 190.542419][ T5900] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 190.598403][ T5900] usb 2-1: device descriptor read/8, error -71 [ 190.723980][ T5900] usb usb2-port1: unable to enumerate USB device [ 190.945275][ T7138] netlink: 8 bytes leftover after parsing attributes in process `syz.0.347'. [ 191.262852][ T5891] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 191.293728][ T7140] fuse: Bad value for 'group_id' [ 191.320687][ T7140] fuse: Bad value for 'group_id' [ 191.331379][ T7143] netlink: 24 bytes leftover after parsing attributes in process `syz.3.349'. [ 191.458761][ T5891] usb 5-1: config 0 has no interfaces? [ 191.478818][ T5891] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 191.618736][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 191.666617][ T5891] usb 5-1: Product: syz [ 191.675432][ T5891] usb 5-1: Manufacturer: syz [ 191.680085][ T5891] usb 5-1: SerialNumber: syz [ 191.800987][ T5891] usb 5-1: config 0 descriptor?? [ 192.068592][ T30] kauditd_printk_skb: 27 callbacks suppressed [ 192.068610][ T30] audit: type=1326 audit(1749077042.416:1711): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7154 comm="syz.2.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 192.102255][ T5900] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 192.174953][ T7161] netlink: 32 bytes leftover after parsing attributes in process `syz.4.346'. [ 192.184215][ T7161] openvswitch: netlink: Flow actions attr not present in new flow. [ 192.216344][ T30] audit: type=1326 audit(1749077042.416:1712): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7154 comm="syz.2.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 192.283788][ T5900] usb 2-1: New USB device found, idVendor=249c, idProduct=9002, bcdDevice=de.ad [ 192.344918][ T5900] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.396109][ T30] audit: type=1326 audit(1749077042.416:1713): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7154 comm="syz.2.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=114 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 192.453435][ T30] audit: type=1326 audit(1749077042.416:1714): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7154 comm="syz.2.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 192.558143][ T5900] usb 2-1: config 0 descriptor?? [ 192.726509][ T30] audit: type=1326 audit(1749077042.416:1715): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7154 comm="syz.2.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 192.796682][ T5900] snd-usb-hiface 2-1:0.0: probe with driver snd-usb-hiface failed with error -22 [ 192.817728][ T30] audit: type=1326 audit(1749077042.416:1716): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7154 comm="syz.2.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 192.849429][ T30] audit: type=1326 audit(1749077042.416:1717): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7154 comm="syz.2.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=314 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 192.919564][ T30] audit: type=1326 audit(1749077042.416:1718): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7154 comm="syz.2.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 193.023152][ T30] audit: type=1326 audit(1749077042.416:1719): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7154 comm="syz.2.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=323 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 193.050936][ T30] audit: type=1326 audit(1749077042.416:1720): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7154 comm="syz.2.354" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f853078e929 code=0x7ffc0000 [ 193.346750][ T7174] fuse: Bad value for 'group_id' [ 193.450946][ T7174] fuse: Bad value for 'group_id' [ 193.748298][ T5891] usb 5-1: USB disconnect, device number 23 [ 193.834631][ T7183] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 193.932551][ T7183] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 193.983689][ T7186] FAULT_INJECTION: forcing a failure. [ 193.983689][ T7186] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 194.089748][ T7186] CPU: 0 UID: 0 PID: 7186 Comm: syz.4.364 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 194.089772][ T7186] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 194.089781][ T7186] Call Trace: [ 194.089788][ T7186] [ 194.089794][ T7186] dump_stack_lvl+0x189/0x250 [ 194.089823][ T7186] ? __pfx____ratelimit+0x10/0x10 [ 194.089846][ T7186] ? __pfx_dump_stack_lvl+0x10/0x10 [ 194.089870][ T7186] ? __pfx__printk+0x10/0x10 [ 194.089886][ T7186] ? __might_fault+0xb0/0x130 [ 194.089910][ T7186] should_fail_ex+0x414/0x560 [ 194.089940][ T7186] _copy_from_user+0x2d/0xb0 [ 194.089971][ T7186] do_ipv6_getsockopt+0x2b0/0x2300 [ 194.090009][ T7186] ? __pfx_do_ipv6_getsockopt+0x10/0x10 [ 194.090030][ T7186] ? aa_label_sk_perm+0x413/0x560 [ 194.090052][ T7186] ? __pfx_aa_label_sk_perm+0x10/0x10 [ 194.090087][ T7186] ? __lock_acquire+0xab9/0xd20 [ 194.090115][ T7186] ipv6_getsockopt+0xbd/0x290 [ 194.090136][ T7186] ? __pfx_ipv6_getsockopt+0x10/0x10 [ 194.090161][ T7186] do_sock_getsockopt+0x35d/0x650 [ 194.090179][ T7186] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 194.090198][ T7186] ? __pfx_do_syscall_64+0x10/0x10 [ 194.090217][ T7186] ? __fget_files+0x3a0/0x420 [ 194.090231][ T7186] ? __fget_files+0x2a/0x420 [ 194.090250][ T7186] __x64_sys_getsockopt+0x1a5/0x250 [ 194.090265][ T7186] ? __pfx_do_syscall_64+0x10/0x10 [ 194.090286][ T7186] ? __pfx_do_syscall_64+0x10/0x10 [ 194.090307][ T7186] do_syscall_64+0xfa/0x3b0 [ 194.090326][ T7186] ? lockdep_hardirqs_on+0x9c/0x150 [ 194.090344][ T7186] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.090356][ T7186] ? clear_bhb_loop+0x60/0xb0 [ 194.090389][ T7186] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 194.090418][ T7186] RIP: 0033:0x7fcef098e929 [ 194.090430][ T7186] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 194.090442][ T7186] RSP: 002b:00007fceee7f6038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 194.090456][ T7186] RAX: ffffffffffffffda RBX: 00007fcef0bb5fa0 RCX: 00007fcef098e929 [ 194.090467][ T7186] RDX: 0000000000000030 RSI: 0000000000000029 RDI: 0000000000000003 [ 194.090475][ T7186] RBP: 00007fceee7f6090 R08: 0000200000001000 R09: 0000000000000000 [ 194.090484][ T7186] R10: 0000200000000000 R11: 0000000000000246 R12: 0000000000000001 [ 194.090493][ T7186] R13: 0000000000000000 R14: 00007fcef0bb5fa0 R15: 00007fcef0cdfa28 [ 194.090512][ T7186] [ 194.611679][ T1304] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.618375][ T1304] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.744577][ T7166] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 194.816348][ T10] usb 2-1: USB disconnect, device number 21 [ 195.106018][ T7189] usb usb9: Requested nonsensical USBDEVFS_URB_ZERO_PACKET. [ 195.588146][ T5930] usb 2-1: new high-speed USB device number 22 using dummy_hcd [ 195.784539][ T5930] usb 2-1: Using ep0 maxpacket: 16 [ 195.808757][ T5930] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 195.880215][ T5930] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 195.914630][ T7203] FAULT_INJECTION: forcing a failure. [ 195.914630][ T7203] name failslab, interval 1, probability 0, space 0, times 0 [ 195.937751][ T5930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.944617][ T7203] CPU: 1 UID: 0 PID: 7203 Comm: syz.2.370 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 195.944648][ T7203] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 195.944662][ T7203] Call Trace: [ 195.944671][ T7203] [ 195.944680][ T7203] dump_stack_lvl+0x189/0x250 [ 195.944721][ T7203] ? __pfx____ratelimit+0x10/0x10 [ 195.944754][ T7203] ? __pfx_dump_stack_lvl+0x10/0x10 [ 195.944789][ T7203] ? __pfx__printk+0x10/0x10 [ 195.944829][ T7203] should_fail_ex+0x414/0x560 [ 195.944869][ T7203] should_failslab+0xa8/0x100 [ 195.944898][ T7203] __kmalloc_cache_noprof+0x70/0x3d0 [ 195.944920][ T7203] ? sctp_add_bind_addr+0x8c/0x370 [ 195.944948][ T7203] sctp_add_bind_addr+0x8c/0x370 [ 195.944973][ T7203] sctp_copy_local_addr_list+0x30b/0x4e0 [ 195.945013][ T7203] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 195.945048][ T7203] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 195.945088][ T7203] ? sctp_v4_is_any+0x35/0x60 [ 195.945110][ T7203] ? sctp_copy_one_addr+0x93/0x360 [ 195.945135][ T7203] sctp_bind_addr_copy+0xb3/0x3c0 [ 195.945172][ T7203] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 195.945206][ T7203] sctp_connect_new_asoc+0x2e0/0x690 [ 195.945237][ T7203] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 195.945263][ T7203] ? __local_bh_enable_ip+0x12d/0x1c0 [ 195.945306][ T7203] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 195.945339][ T7203] ? security_sctp_bind_connect+0x7e/0x2e0 [ 195.945371][ T7203] sctp_sendmsg+0x155c/0x2810 [ 195.945410][ T7203] ? __pfx_sctp_sendmsg+0x10/0x10 [ 195.945448][ T7203] ? aa_sk_perm+0x81e/0x950 [ 195.945485][ T7203] ? __pfx_aa_sk_perm+0x10/0x10 [ 195.945529][ T7203] ? sock_rps_record_flow+0x19/0x410 [ 195.945563][ T7203] ? inet_sendmsg+0x2f4/0x370 [ 195.945600][ T7203] __sock_sendmsg+0x19c/0x270 [ 195.945636][ T7203] __sys_sendto+0x3bd/0x520 [ 195.945663][ T7203] ? __pfx___sys_sendto+0x10/0x10 [ 195.945684][ T7203] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 195.945748][ T7203] ? __fget_files+0x3a0/0x420 [ 195.945787][ T7203] ? ksys_write+0x22a/0x250 [ 195.945811][ T7203] ? __pfx_ksys_write+0x10/0x10 [ 195.945829][ T7203] ? rcu_is_watching+0x15/0xb0 [ 195.945853][ T7203] __x64_sys_sendto+0xde/0x100 [ 195.945877][ T7203] do_syscall_64+0xfa/0x3b0 [ 195.945906][ T7203] ? lockdep_hardirqs_on+0x9c/0x150 [ 195.945932][ T7203] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.945951][ T7203] ? clear_bhb_loop+0x60/0xb0 [ 195.945974][ T7203] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 195.945994][ T7203] RIP: 0033:0x7f853078e929 [ 195.946011][ T7203] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 195.946028][ T7203] RSP: 002b:00007f8531573038 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 195.946048][ T7203] RAX: ffffffffffffffda RBX: 00007f85309b5fa0 RCX: 00007f853078e929 [ 195.946063][ T7203] RDX: 000000000000ffe0 RSI: 00002000000001c0 RDI: 0000000000000003 [ 195.946076][ T7203] RBP: 00007f8531573090 R08: 0000200000000100 R09: 0000000000000010 [ 195.946089][ T7203] R10: 0000000004000855 R11: 0000000000000246 R12: 0000000000000002 [ 195.946104][ T7203] R13: 0000000000000000 R14: 00007f85309b5fa0 R15: 00007f8530adfa28 [ 195.946139][ T7203] [ 196.506509][ T5930] usb 2-1: Product: syz [ 196.510740][ T5930] usb 2-1: Manufacturer: syz [ 196.516772][ T5842] Bluetooth: hci0: unexpected event 0x03 length: 1 < 11 [ 196.627355][ T5930] usb 2-1: SerialNumber: syz [ 196.647679][ T5930] usb 2-1: config 0 descriptor?? [ 196.661942][ T5930] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 196.752816][ T5930] usb 2-1: Detected FT232R [ 196.860491][ T5930] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 197.192829][ T5930] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 197.204170][ T5930] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 197.213708][ T5930] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 197.235708][ T5930] usb 2-1: USB disconnect, device number 22 [ 197.255252][ T5930] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 197.284013][ T5930] ftdi_sio 2-1:0.0: device disconnected [ 197.373522][ T7214] netlink: 'syz.2.374': attribute type 5 has an invalid length. [ 197.459143][ T7214] netlink: 4 bytes leftover after parsing attributes in process `syz.2.374'. [ 197.542388][ T7224] usb usb1: usbfs: interface 0 claimed by hub while 'syz.3.378' sets config #262151 [ 197.810753][ T7232] FAULT_INJECTION: forcing a failure. [ 197.810753][ T7232] name failslab, interval 1, probability 0, space 0, times 0 [ 197.842168][ T7232] CPU: 0 UID: 0 PID: 7232 Comm: syz.4.381 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 197.842195][ T7232] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 197.842207][ T7232] Call Trace: [ 197.842215][ T7232] [ 197.842223][ T7232] dump_stack_lvl+0x189/0x250 [ 197.842259][ T7232] ? __pfx____ratelimit+0x10/0x10 [ 197.842289][ T7232] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.842320][ T7232] ? __pfx__printk+0x10/0x10 [ 197.842345][ T7232] ? __pfx___might_resched+0x10/0x10 [ 197.842364][ T7232] ? fs_reclaim_acquire+0x7d/0x100 [ 197.842408][ T7232] should_fail_ex+0x414/0x560 [ 197.842440][ T7232] ? nf_hook_entries_grow+0x27c/0x710 [ 197.842475][ T7232] should_failslab+0xa8/0x100 [ 197.842499][ T7232] __kvmalloc_node_noprof+0x161/0x5f0 [ 197.842521][ T7232] ? nf_hook_entries_grow+0x27c/0x710 [ 197.842552][ T7232] ? __pfx___mutex_lock+0x10/0x10 [ 197.842601][ T7232] nf_hook_entries_grow+0x27c/0x710 [ 197.842638][ T7232] __nf_register_net_hook+0x2c9/0x930 [ 197.842671][ T7232] nf_register_net_hook+0xb2/0x190 [ 197.842705][ T7232] nf_register_net_hooks+0x44/0x1b0 [ 197.842729][ T7232] nf_defrag_ipv4_enable+0x87/0x120 [ 197.842761][ T7232] nf_ct_netns_do_get+0x18c/0x5a0 [ 197.842784][ T7232] ? __pfx_nf_ct_netns_do_get+0x10/0x10 [ 197.842803][ T7232] ? synproxy_pernet+0x45/0x270 [ 197.842835][ T7232] ? synproxy_pernet+0x45/0x270 [ 197.842864][ T7232] nf_ct_netns_inet_get+0x1f/0x150 [ 197.842888][ T7232] nft_synproxy_do_init+0x1d1/0x4c0 [ 197.842919][ T7232] nf_tables_newrule+0x178f/0x2890 [ 197.842960][ T7232] ? __pfx_nf_tables_newrule+0x10/0x10 [ 197.842986][ T7232] ? nfnl_pernet+0x23/0x240 [ 197.843027][ T7232] ? __nla_parse+0x40/0x60 [ 197.843052][ T7232] nfnetlink_rcv+0x112f/0x2520 [ 197.843110][ T7232] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 197.843154][ T7232] ? ref_tracker_free+0x63a/0x7d0 [ 197.843202][ T7232] ? __netlink_deliver_tap+0x807/0x850 [ 197.843233][ T7232] ? netlink_deliver_tap+0x2e/0x1b0 [ 197.843258][ T7232] ? netlink_deliver_tap+0x2e/0x1b0 [ 197.843284][ T7232] netlink_unicast+0x75b/0x8d0 [ 197.843315][ T7232] netlink_sendmsg+0x805/0xb30 [ 197.843346][ T7232] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.843371][ T7232] ? aa_sock_msg_perm+0x94/0x160 [ 197.843400][ T7232] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 197.843425][ T7232] ? __pfx_netlink_sendmsg+0x10/0x10 [ 197.843448][ T7232] __sock_sendmsg+0x219/0x270 [ 197.843479][ T7232] ____sys_sendmsg+0x505/0x830 [ 197.843508][ T7232] ? __pfx_____sys_sendmsg+0x10/0x10 [ 197.843540][ T7232] ? import_iovec+0x74/0xa0 [ 197.843567][ T7232] ___sys_sendmsg+0x21f/0x2a0 [ 197.843592][ T7232] ? __pfx____sys_sendmsg+0x10/0x10 [ 197.843653][ T7232] ? __fget_files+0x2a/0x420 [ 197.843673][ T7232] ? __fget_files+0x3a0/0x420 [ 197.843706][ T7232] __x64_sys_sendmsg+0x19b/0x260 [ 197.843731][ T7232] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 197.843764][ T7232] ? __pfx_ksys_write+0x10/0x10 [ 197.843780][ T7232] ? rcu_is_watching+0x15/0xb0 [ 197.843802][ T7232] ? do_syscall_64+0xbe/0x3b0 [ 197.843833][ T7232] do_syscall_64+0xfa/0x3b0 [ 197.843860][ T7232] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.843886][ T7232] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.843904][ T7232] ? clear_bhb_loop+0x60/0xb0 [ 197.843927][ T7232] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.843944][ T7232] RIP: 0033:0x7fcef098e929 [ 197.843961][ T7232] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.843976][ T7232] RSP: 002b:00007fceee7f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 197.843996][ T7232] RAX: ffffffffffffffda RBX: 00007fcef0bb5fa0 RCX: 00007fcef098e929 [ 197.844010][ T7232] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 197.844027][ T7232] RBP: 00007fceee7f6090 R08: 0000000000000000 R09: 0000000000000000 [ 197.844039][ T7232] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 197.844049][ T7232] R13: 0000000000000000 R14: 00007fcef0bb5fa0 R15: 00007fcef0cdfa28 [ 197.844079][ T7232] [ 198.423232][ T7233] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 198.922419][ T43] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 198.976947][ T7246] netlink: 8 bytes leftover after parsing attributes in process `syz.4.386'. [ 199.126896][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 199.189672][ T43] usb 4-1: too many configurations: 79, using maximum allowed: 8 [ 199.244934][ T43] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 199.298260][ T43] usb 4-1: can't read configurations, error -61 [ 199.322150][ T5900] usb 5-1: new high-speed USB device number 24 using dummy_hcd [ 199.400420][ T7257] FAULT_INJECTION: forcing a failure. [ 199.400420][ T7257] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 199.417666][ T7257] CPU: 0 UID: 0 PID: 7257 Comm: syz.1.389 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 199.417690][ T7257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 199.417701][ T7257] Call Trace: [ 199.417708][ T7257] [ 199.417716][ T7257] dump_stack_lvl+0x189/0x250 [ 199.417749][ T7257] ? __pfx____ratelimit+0x10/0x10 [ 199.417796][ T7257] ? __pfx_dump_stack_lvl+0x10/0x10 [ 199.417827][ T7257] ? __pfx__printk+0x10/0x10 [ 199.417858][ T7257] ? __might_fault+0xb0/0x130 [ 199.417887][ T7257] should_fail_ex+0x414/0x560 [ 199.417914][ T7257] _copy_from_iter+0x575/0x16f0 [ 199.417937][ T7257] ? __pfx__copy_from_iter+0x10/0x10 [ 199.417951][ T7257] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 199.417973][ T7257] ? kasan_save_track+0x4f/0x80 [ 199.417994][ T7257] ? kasan_save_track+0x3e/0x80 [ 199.418013][ T7257] ? __kasan_kmalloc+0x93/0xb0 [ 199.418036][ T7257] ? ip_setup_cork+0x299/0x9a0 [ 199.418054][ T7257] ? ip_append_data+0x13b/0x190 [ 199.418070][ T7257] ? udp_sendmsg+0x3f5/0x2300 [ 199.418084][ T7257] udplite_getfrag+0x42/0xb0 [ 199.418096][ T7257] __ip_append_data+0x3b3d/0x40f0 [ 199.418128][ T7257] ? __pfx_udplite_getfrag+0x10/0x10 [ 199.418150][ T7257] ? __kasan_kmalloc+0x93/0xb0 [ 199.418163][ T7257] ? __pfx___ip_append_data+0x10/0x10 [ 199.418180][ T7257] ? ip_setup_cork+0x322/0x9a0 [ 199.418202][ T7257] ? ip_setup_cork+0x577/0x9a0 [ 199.418221][ T7257] ip_append_data+0x10e/0x190 [ 199.418242][ T7257] ? __pfx_udplite_getfrag+0x10/0x10 [ 199.418256][ T7257] udp_sendmsg+0x3f5/0x2300 [ 199.418278][ T7257] ? __pfx_udplite_getfrag+0x10/0x10 [ 199.418290][ T7257] ? __pfx_udp_sendmsg+0x10/0x10 [ 199.418320][ T7257] ? __local_bh_enable_ip+0x12d/0x1c0 [ 199.418343][ T7257] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 199.418364][ T7257] ? do_raw_spin_unlock+0x122/0x240 [ 199.418381][ T7257] ? inet_sendmsg+0x14f/0x370 [ 199.418402][ T7257] ? inet_sendmsg+0x29c/0x370 [ 199.418424][ T7257] __sock_sendmsg+0x19c/0x270 [ 199.418446][ T7257] ____sys_sendmsg+0x52d/0x830 [ 199.418465][ T7257] ? __pfx_____sys_sendmsg+0x10/0x10 [ 199.418486][ T7257] ? import_iovec+0x74/0xa0 [ 199.418504][ T7257] ___sys_sendmsg+0x21f/0x2a0 [ 199.418522][ T7257] ? __pfx____sys_sendmsg+0x10/0x10 [ 199.418560][ T7257] ? __fget_files+0x2a/0x420 [ 199.418574][ T7257] ? __fget_files+0x3a0/0x420 [ 199.418596][ T7257] __sys_sendmmsg+0x227/0x430 [ 199.418615][ T7257] ? __pfx___sys_sendmmsg+0x10/0x10 [ 199.418629][ T7257] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 199.418666][ T7257] ? ksys_write+0x22a/0x250 [ 199.418679][ T7257] ? __pfx_ksys_write+0x10/0x10 [ 199.418690][ T7257] ? rcu_is_watching+0x15/0xb0 [ 199.418706][ T7257] __x64_sys_sendmmsg+0xa0/0xc0 [ 199.418741][ T7257] do_syscall_64+0xfa/0x3b0 [ 199.418761][ T7257] ? lockdep_hardirqs_on+0x9c/0x150 [ 199.418781][ T7257] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.418795][ T7257] ? clear_bhb_loop+0x60/0xb0 [ 199.418811][ T7257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 199.418825][ T7257] RIP: 0033:0x7ff8fb38e929 [ 199.418843][ T7257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 199.418873][ T7257] RSP: 002b:00007ff8fc1f2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 199.418889][ T7257] RAX: ffffffffffffffda RBX: 00007ff8fb5b5fa0 RCX: 00007ff8fb38e929 [ 199.418900][ T7257] RDX: 0000000000000004 RSI: 0000200000005b40 RDI: 0000000000000003 [ 199.418910][ T7257] RBP: 00007ff8fc1f2090 R08: 0000000000000000 R09: 0000000000000000 [ 199.418919][ T7257] R10: 000000000000c080 R11: 0000000000000246 R12: 0000000000000002 [ 199.418928][ T7257] R13: 0000000000000000 R14: 00007ff8fb5b5fa0 R15: 00007ff8fb6dfa28 [ 199.418951][ T7257] [ 199.472384][ T43] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 199.612159][ T5891] usb 3-1: new high-speed USB device number 25 using dummy_hcd [ 199.817081][ T5900] usb 5-1: config 12 has an invalid interface number: 26 but max is 0 [ 199.832247][ T5900] usb 5-1: config 12 has no interface number 0 [ 199.856138][ T5900] usb 5-1: config 12 interface 26 has no altsetting 0 [ 199.876543][ T5900] usb 5-1: New USB device found, idVendor=0bfd, idProduct=0003, bcdDevice=3c.82 [ 199.892143][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 199.917394][ T5900] usb 5-1: Product: syz [ 199.931823][ T5900] usb 5-1: Manufacturer: syz [ 199.944146][ T5900] usb 5-1: SerialNumber: syz [ 200.116565][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 200.134065][ T43] usb 4-1: too many configurations: 79, using maximum allowed: 8 [ 200.162172][ T43] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 200.170170][ T43] usb 4-1: can't read configurations, error -61 [ 200.177070][ T43] usb usb4-port1: attempt power cycle [ 200.182481][ T5891] usb 3-1: Using ep0 maxpacket: 16 [ 200.192620][ T5891] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 241, using maximum allowed: 30 [ 200.208203][ T5891] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 200.221415][ T5891] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 64 [ 200.247959][ T5891] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 241 [ 200.272866][ T5891] usb 3-1: New USB device found, idVendor=1189, idProduct=0893, bcdDevice=f4.95 [ 200.285095][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.293756][ T5891] usb 3-1: Product: syz [ 200.298092][ T5891] usb 3-1: Manufacturer: syz [ 200.305873][ T5891] usb 3-1: SerialNumber: syz [ 200.328480][ T5891] usb 3-1: config 0 descriptor?? [ 200.340466][ T7255] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 200.350416][ T7255] raw-gadget.2 gadget.2: fail, usb_ep_enable returned -22 [ 200.392211][ T10] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 200.542195][ T43] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 200.546340][ T10] usb 2-1: Using ep0 maxpacket: 16 [ 200.557008][ T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 200.571259][ T5891] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 200.582440][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 200.591158][ T43] usb 4-1: too many configurations: 79, using maximum allowed: 8 [ 200.592551][ T10] usb 2-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 200.611313][ T5891] asix 3-1:0.0: probe with driver asix failed with error -71 [ 200.613917][ T43] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 200.618931][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 200.640397][ T43] usb 4-1: can't read configurations, error -61 [ 200.647687][ T5891] usb 3-1: USB disconnect, device number 25 [ 200.660546][ T10] usb 2-1: Product: syz [ 200.665333][ T10] usb 2-1: Manufacturer: syz [ 200.683220][ T10] usb 2-1: SerialNumber: syz [ 200.698665][ T10] usb 2-1: config 0 descriptor?? [ 200.711009][ T10] ftdi_sio 2-1:0.0: FTDI USB Serial Device converter detected [ 200.726159][ T10] usb 2-1: Detected FT232R [ 200.740680][ T5900] kvaser_usb 5-1:12.26: error -ENODEV: Cannot get usb endpoint(s) [ 200.764200][ T5900] usb 5-1: USB disconnect, device number 24 [ 200.782670][ T43] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 200.827209][ T43] usb 4-1: Using ep0 maxpacket: 16 [ 200.838523][ T43] usb 4-1: too many configurations: 79, using maximum allowed: 8 [ 200.857910][ T43] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 200.866680][ T43] usb 4-1: can't read configurations, error -61 [ 200.873751][ T43] usb usb4-port1: unable to enumerate USB device [ 200.918300][ T10] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 200.938479][ T10] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 200.953372][ T10] ftdi_sio 2-1:0.0: GPIO initialisation failed: -71 [ 200.968450][ T10] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 200.990296][ T10] usb 2-1: USB disconnect, device number 23 [ 200.999648][ T10] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 201.012809][ T10] ftdi_sio 2-1:0.0: device disconnected [ 201.214371][ T7277] FAULT_INJECTION: forcing a failure. [ 201.214371][ T7277] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 201.229305][ T7277] CPU: 1 UID: 0 PID: 7277 Comm: syz.2.397 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 201.229334][ T7277] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 201.229343][ T7277] Call Trace: [ 201.229350][ T7277] [ 201.229356][ T7277] dump_stack_lvl+0x189/0x250 [ 201.229384][ T7277] ? __pfx____ratelimit+0x10/0x10 [ 201.229406][ T7277] ? __pfx_dump_stack_lvl+0x10/0x10 [ 201.229431][ T7277] ? __pfx__printk+0x10/0x10 [ 201.229448][ T7277] ? fs_reclaim_acquire+0x7d/0x100 [ 201.229474][ T7277] should_fail_ex+0x414/0x560 [ 201.229501][ T7277] prepare_alloc_pages+0x213/0x610 [ 201.229526][ T7277] __alloc_frozen_pages_noprof+0x123/0x370 [ 201.229549][ T7277] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 201.229568][ T7277] ? register_lock_class+0x51/0x320 [ 201.229602][ T7277] alloc_pages_mpol+0x232/0x4a0 [ 201.229623][ T7277] alloc_pages_noprof+0xa9/0x190 [ 201.229652][ T7277] pte_alloc_one+0x21/0x170 [ 201.229678][ T7277] __pte_alloc+0x25/0x1a0 [ 201.229695][ T7277] ? mm_alloc_pmd+0x246/0x410 [ 201.229717][ T7277] mfill_atomic_zeropage+0x5ed/0xaf0 [ 201.229748][ T7277] ? __pfx_mfill_atomic_zeropage+0x10/0x10 [ 201.229775][ T7277] userfaultfd_ioctl+0x2697/0x4bc0 [ 201.229804][ T7277] ? do_syscall_64+0xfa/0x3b0 [ 201.229826][ T7277] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.229849][ T7277] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 201.229881][ T7277] ? do_vfs_ioctl+0x12ba/0x1990 [ 201.229912][ T7277] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 201.229940][ T7277] ? kasan_quarantine_put+0xdd/0x220 [ 201.229985][ T7277] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 201.230006][ T7277] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 201.230037][ T7277] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 201.230057][ T7277] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 201.230087][ T7277] ? __lock_acquire+0xab9/0xd20 [ 201.230120][ T7277] ? __fget_files+0x2a/0x420 [ 201.230138][ T7277] ? __fget_files+0x2a/0x420 [ 201.230153][ T7277] ? __fget_files+0x3a0/0x420 [ 201.230167][ T7277] ? __fget_files+0x2a/0x420 [ 201.230185][ T7277] ? bpf_lsm_file_ioctl+0x9/0x20 [ 201.230206][ T7277] ? __pfx_userfaultfd_ioctl+0x10/0x10 [ 201.230228][ T7277] __se_sys_ioctl+0xf9/0x170 [ 201.230250][ T7277] do_syscall_64+0xfa/0x3b0 [ 201.230270][ T7277] ? lockdep_hardirqs_on+0x9c/0x150 [ 201.230289][ T7277] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.230302][ T7277] ? clear_bhb_loop+0x60/0xb0 [ 201.230318][ T7277] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 201.230331][ T7277] RIP: 0033:0x7f853078e929 [ 201.230342][ T7277] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 201.230366][ T7277] RSP: 002b:00007f8531573038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 201.230380][ T7277] RAX: ffffffffffffffda RBX: 00007f85309b5fa0 RCX: 00007f853078e929 [ 201.230389][ T7277] RDX: 0000200000000080 RSI: 00000000c020aa04 RDI: 0000000000000009 [ 201.230398][ T7277] RBP: 00007f8531573090 R08: 0000000000000000 R09: 0000000000000000 [ 201.230406][ T7277] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 201.230413][ T7277] R13: 0000000000000000 R14: 00007f85309b5fa0 R15: 00007f8530adfa28 [ 201.230432][ T7277] [ 201.230696][ T7277] netlink: 4 bytes leftover after parsing attributes in process `syz.2.397'. [ 201.622354][ T5900] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 201.782456][ T5900] usb 5-1: Using ep0 maxpacket: 16 [ 201.809911][ T5900] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 201.833207][ T5900] usb 5-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 201.858633][ T5900] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.873049][ T7282] netlink: 8 bytes leftover after parsing attributes in process `syz.2.399'. [ 201.897566][ T5900] usb 5-1: Product: syz [ 201.927547][ T5900] usb 5-1: Manufacturer: syz [ 201.934937][ T5900] usb 5-1: SerialNumber: syz [ 201.942821][ T5900] usb 5-1: config 0 descriptor?? [ 201.956090][ T5900] ftdi_sio 5-1:0.0: FTDI USB Serial Device converter detected [ 201.968895][ T5900] usb 5-1: Detected FT232R [ 202.113587][ T7291] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 202.230310][ T10] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 202.862211][ T10] usb 1-1: Using ep0 maxpacket: 8 [ 202.868087][ T5900] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 202.912428][ T5900] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 202.919909][ T5900] ftdi_sio 5-1:0.0: GPIO initialisation failed: -71 [ 202.937064][ T10] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 202.975896][ T10] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.980743][ T5900] usb 5-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 202.994817][ T10] usb 1-1: Product: syz [ 203.002502][ T10] usb 1-1: Manufacturer: syz [ 203.016684][ T10] usb 1-1: SerialNumber: syz [ 203.028190][ T5900] usb 5-1: USB disconnect, device number 25 [ 203.051033][ T5900] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 203.065614][ T5900] ftdi_sio 5-1:0.0: device disconnected [ 203.247691][ T10] usb 1-1: config 0 descriptor?? [ 203.492211][ T10] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 203.852161][ T5891] usb 3-1: new high-speed USB device number 26 using dummy_hcd [ 204.122608][ T5891] usb 3-1: config 0 has no interfaces? [ 204.295793][ T5891] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 204.312295][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 204.327697][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 204.327715][ T30] audit: type=1326 audit(1749077054.646:1735): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7284 comm="syz.0.400" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f7e27b8e929 code=0x0 [ 204.355802][ T5891] usb 3-1: Product: syz [ 204.355823][ T5891] usb 3-1: Manufacturer: syz [ 204.355840][ T5891] usb 3-1: SerialNumber: syz [ 204.359779][ T5891] usb 3-1: config 0 descriptor?? [ 204.753925][ T7304] netlink: 32 bytes leftover after parsing attributes in process `syz.2.404'. [ 204.766119][ T7304] openvswitch: netlink: Flow actions attr not present in new flow. [ 204.951723][ T10] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 205.872362][ T10] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 206.045424][ T10] usb 4-1: config 16 interface 0 has no altsetting 0 [ 206.055900][ T10] usb 4-1: New USB device found, idVendor=046d, idProduct=0a0e, bcdDevice=94.75 [ 206.092213][ T980] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 206.130675][ T10] usb 4-1: New USB device strings: Mfr=1, Product=0, SerialNumber=0 [ 206.214953][ T10] usb 4-1: Manufacturer: syz [ 206.261212][ T5930] usb 1-1: USB disconnect, device number 16 [ 206.296807][ T980] usb 2-1: New USB device found, idVendor=0eb1, idProduct=7007, bcdDevice= 2.04 [ 206.365696][ T980] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 206.454498][ T10] (null): keene_cmd_main failed (-71) [ 206.476441][ T980] usb 2-1: config 0 descriptor?? [ 206.495713][ T10] video4linux radio48: keene_cmd_main failed (-71) [ 206.527030][ T980] go7007 2-1:0.0: probe with driver go7007 failed with error -12 [ 206.549507][ T10] radio-keene 4-1:16.0: V4L2 device registered as radio48 [ 206.610206][ T10] usb 4-1: USB disconnect, device number 30 [ 206.727925][ T980] usb 2-1: USB disconnect, device number 24 [ 206.795166][ T7336] netlink: 'syz.0.411': attribute type 21 has an invalid length. [ 206.803190][ T7336] netlink: 128 bytes leftover after parsing attributes in process `syz.0.411'. [ 206.814590][ T7336] netlink: 'syz.0.411': attribute type 4 has an invalid length. [ 206.822386][ T7336] netlink: 3 bytes leftover after parsing attributes in process `syz.0.411'. [ 207.202334][ T5900] usb 3-1: USB disconnect, device number 26 [ 208.338356][ T7361] netlink: 'syz.4.419': attribute type 2 has an invalid length. [ 208.383874][ T7361] netlink: 268 bytes leftover after parsing attributes in process `syz.4.419'. [ 208.422136][ T980] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 208.602193][ T980] usb 1-1: Using ep0 maxpacket: 16 [ 208.620303][ T980] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 8 [ 208.640627][ T980] usb 1-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice= 6.00 [ 208.660229][ T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 208.678949][ T980] usb 1-1: Product: syz [ 208.689066][ T980] usb 1-1: Manufacturer: syz [ 208.706207][ T980] usb 1-1: SerialNumber: syz [ 208.725594][ T980] usb 1-1: config 0 descriptor?? [ 208.744286][ T980] ftdi_sio 1-1:0.0: FTDI USB Serial Device converter detected [ 208.881681][ T980] usb 1-1: Detected FT232R [ 208.962864][ T980] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 208.972908][ T980] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 208.980521][ T980] ftdi_sio 1-1:0.0: GPIO initialisation failed: -71 [ 208.990686][ T980] usb 1-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 209.007155][ T980] usb 1-1: USB disconnect, device number 17 [ 209.035809][ T980] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 209.076253][ T980] ftdi_sio 1-1:0.0: device disconnected [ 209.128232][ T7378] bond3: entered promiscuous mode [ 209.232197][ T5930] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 209.414962][ T5930] usb 4-1: config 0 has no interfaces? [ 209.447914][ T5930] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 209.503105][ T5930] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 209.539032][ T5930] usb 4-1: Product: syz [ 209.591569][ T5930] usb 4-1: Manufacturer: syz [ 209.612270][ T5930] usb 4-1: SerialNumber: syz [ 209.757574][ T5930] usb 4-1: config 0 descriptor?? [ 209.953055][ T7386] raw_sendmsg: syz.0.429 forgot to set AF_INET. Fix it! [ 210.095342][ T7373] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 210.139347][ T7389] input: syz0 as /devices/virtual/input/input10 [ 210.852605][ T24] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 211.012842][ T24] usb 1-1: Using ep0 maxpacket: 16 [ 211.021998][ T24] usb 1-1: config 5 has an invalid interface number: 123 but max is 0 [ 211.034278][ T24] usb 1-1: config 5 has no interface number 0 [ 211.051559][ T24] usb 1-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xEB, changing to 0x8B [ 211.094325][ T24] usb 1-1: config 5 interface 123 altsetting 7 bulk endpoint 0x8B has invalid maxpacket 32 [ 211.121205][ T24] usb 1-1: config 5 interface 123 altsetting 7 has an endpoint descriptor with address 0xE6, changing to 0x86 [ 211.137515][ T24] usb 1-1: config 5 interface 123 altsetting 7 endpoint 0x86 has an invalid bInterval 0, changing to 7 [ 211.149117][ T24] usb 1-1: config 5 interface 123 altsetting 7 endpoint 0x86 has invalid wMaxPacketSize 0 [ 211.173119][ T24] usb 1-1: config 5 interface 123 has no altsetting 0 [ 211.183493][ T24] usb 1-1: New USB device found, idVendor=3923, idProduct=718a, bcdDevice=d8.d7 [ 211.192950][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.201113][ T24] usb 1-1: Product: syz [ 211.205878][ T24] usb 1-1: Manufacturer: syz [ 211.210557][ T24] usb 1-1: SerialNumber: syz [ 211.229619][ T7396] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 212.005789][ T5891] usb 4-1: USB disconnect, device number 31 [ 212.210493][ T7428] sctp: [Deprecated]: syz.3.442 (pid 7428) Use of int in maxseg socket option. [ 212.210493][ T7428] Use struct sctp_assoc_value instead [ 212.750552][ T30] audit: type=1326 audit(1749077063.096:1736): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fb38e929 code=0x7ffc0000 [ 212.916156][ T30] audit: type=1326 audit(1749077063.126:1737): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fb38e929 code=0x7ffc0000 [ 212.976272][ T7435] netlink: 8 bytes leftover after parsing attributes in process `syz.3.443'. [ 213.018505][ T30] audit: type=1326 audit(1749077063.136:1738): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7ff8fb38e929 code=0x7ffc0000 [ 213.111358][ T30] audit: type=1326 audit(1749077063.136:1739): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fb38e929 code=0x7ffc0000 [ 213.210067][ T30] audit: type=1326 audit(1749077063.136:1740): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fb38e929 code=0x7ffc0000 [ 213.415006][ T24] ni6501 1-1:5.123: driver 'ni6501' failed to auto-configure device. [ 213.505288][ T24] usb 1-1: USB disconnect, device number 18 [ 213.537454][ T1170] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 213.591611][ T30] audit: type=1326 audit(1749077063.136:1741): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7ff8fb38e929 code=0x7ffc0000 [ 213.752233][ T30] audit: type=1326 audit(1749077063.136:1742): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fb38e929 code=0x7ffc0000 [ 213.818138][ T30] audit: type=1326 audit(1749077063.136:1743): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fb38e929 code=0x7ffc0000 [ 213.886480][ T30] audit: type=1326 audit(1749077063.146:1744): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=223 compat=0 ip=0x7ff8fb38e929 code=0x7ffc0000 [ 213.912455][ T30] audit: type=1326 audit(1749077063.146:1745): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=7433 comm="syz.1.444" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff8fb38e929 code=0x7ffc0000 [ 213.950670][ T1170] usb 2-1: config 0 has no interfaces? [ 214.026269][ T1170] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 214.110959][ T1170] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.303295][ T1170] usb 2-1: Product: syz [ 214.318330][ T1170] usb 2-1: Manufacturer: syz [ 214.330992][ T1170] usb 2-1: SerialNumber: syz [ 214.352303][ T5891] usb 3-1: new full-speed USB device number 27 using dummy_hcd [ 214.377204][ T1170] usb 2-1: config 0 descriptor?? [ 214.508895][ T7457] netlink: 'syz.3.448': attribute type 20 has an invalid length. [ 214.537654][ T5891] usb 3-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 214.571863][ T5891] usb 3-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 214.605284][ T5891] usb 3-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 214.706380][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.794624][ T7464] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 214.802484][ T7464] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 214.990107][ T5891] usb 3-1: GET_CAPABILITIES returned 0 [ 214.997517][ T5891] usbtmc 3-1:16.0: can't read capabilities [ 215.182193][ T980] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 215.660006][ T5891] usb 3-1: USB disconnect, device number 27 [ 215.924723][ T980] usb 1-1: config 0 has no interfaces? [ 215.934448][ T980] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 215.943630][ T980] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 215.952675][ T980] usb 1-1: Product: syz [ 215.958039][ T980] usb 1-1: Manufacturer: syz [ 215.964350][ T980] usb 1-1: SerialNumber: syz [ 216.040698][ T980] usb 1-1: config 0 descriptor?? [ 216.328743][ T7467] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 217.202314][ T24] usb 2-1: USB disconnect, device number 25 [ 218.245739][ T5891] usb 1-1: USB disconnect, device number 19 [ 218.332573][ T24] usb 2-1: new high-speed USB device number 26 using dummy_hcd [ 218.388894][ T7501] FAULT_INJECTION: forcing a failure. [ 218.388894][ T7501] name failslab, interval 1, probability 0, space 0, times 0 [ 218.431949][ T7501] CPU: 1 UID: 0 PID: 7501 Comm: syz.3.463 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 218.431973][ T7501] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 218.431985][ T7501] Call Trace: [ 218.431992][ T7501] [ 218.432000][ T7501] dump_stack_lvl+0x189/0x250 [ 218.432037][ T7501] ? __pfx____ratelimit+0x10/0x10 [ 218.432064][ T7501] ? __pfx_dump_stack_lvl+0x10/0x10 [ 218.432093][ T7501] ? __pfx__printk+0x10/0x10 [ 218.432116][ T7501] ? __pfx___might_resched+0x10/0x10 [ 218.432134][ T7501] ? fs_reclaim_acquire+0x7d/0x100 [ 218.432160][ T7501] should_fail_ex+0x414/0x560 [ 218.432193][ T7501] should_failslab+0xa8/0x100 [ 218.432216][ T7501] __kmalloc_noprof+0xcb/0x4f0 [ 218.432234][ T7501] ? tomoyo_encode+0x28b/0x550 [ 218.432256][ T7501] tomoyo_encode+0x28b/0x550 [ 218.432279][ T7501] tomoyo_realpath_from_path+0x58d/0x5d0 [ 218.432308][ T7501] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 218.432334][ T7501] tomoyo_path_number_perm+0x1e8/0x5a0 [ 218.432362][ T7501] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 218.432404][ T7501] ? __lock_acquire+0xab9/0xd20 [ 218.432449][ T7501] ? __fget_files+0x2a/0x420 [ 218.432473][ T7501] ? __fget_files+0x2a/0x420 [ 218.432493][ T7501] ? __fget_files+0x3a0/0x420 [ 218.432513][ T7501] ? __fget_files+0x2a/0x420 [ 218.432538][ T7501] security_file_ioctl+0xcb/0x2d0 [ 218.432564][ T7501] __se_sys_ioctl+0x47/0x170 [ 218.432594][ T7501] do_syscall_64+0xfa/0x3b0 [ 218.432620][ T7501] ? lockdep_hardirqs_on+0x9c/0x150 [ 218.432646][ T7501] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.432664][ T7501] ? clear_bhb_loop+0x60/0xb0 [ 218.432686][ T7501] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 218.432704][ T7501] RIP: 0033:0x7f250798e929 [ 218.432719][ T7501] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 218.432735][ T7501] RSP: 002b:00007f2508820038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 218.432754][ T7501] RAX: ffffffffffffffda RBX: 00007f2507bb5fa0 RCX: 00007f250798e929 [ 218.432767][ T7501] RDX: 00002000000000c0 RSI: 0000000040505412 RDI: 0000000000000003 [ 218.432780][ T7501] RBP: 00007f2508820090 R08: 0000000000000000 R09: 0000000000000000 [ 218.432790][ T7501] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 218.432801][ T7501] R13: 0000000000000000 R14: 00007f2507bb5fa0 R15: 00007f2507cdfa28 [ 218.432829][ T7501] [ 218.680681][ T7501] ERROR: Out of memory at tomoyo_realpath_from_path. [ 218.729926][ T5893] usb 3-1: new full-speed USB device number 28 using dummy_hcd [ 218.832384][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 218.925039][ T7496] batadv0: entered promiscuous mode [ 218.930716][ T7496] vlan0: entered promiscuous mode [ 223.178051][ T7495] sched: DL replenish lagged too much [ 223.952334][ T5893] usb 3-1: unable to get BOS descriptor or descriptor too short [ 225.180870][ T5893] usb 3-1: unable to read config index 0 descriptor/start: -32 [ 225.520252][ T24] usb 2-1: unable to read config index 0 descriptor/start: -71 [ 225.562144][ T5893] usb 3-1: chopping to 0 config(s) [ 225.567353][ T5893] usb 3-1: can't read configurations, error -32 [ 225.639409][ T24] usb 2-1: can't read configurations, error -71 [ 226.372354][ T5893] usb 3-1: new full-speed USB device number 29 using dummy_hcd [ 227.574517][ T7522] input: syz1 as /devices/virtual/input/input11 [ 227.902339][ T43] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 228.022152][ T5900] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 228.081404][ T7532] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 228.142547][ T43] usb 4-1: Using ep0 maxpacket: 8 [ 228.155206][ T43] usb 4-1: config 179 has an invalid interface number: 65 but max is 0 [ 228.177516][ T43] usb 4-1: config 179 has no interface number 0 [ 228.215960][ T43] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 228.607211][ T5900] usb 5-1: Using ep0 maxpacket: 8 [ 228.628632][ T43] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 228.973792][ T43] usb 4-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 228.989425][ T5900] usb 5-1: unable to get BOS descriptor or descriptor too short [ 229.325543][ T43] usb 4-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 229.773296][ T5900] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 229.801371][ T43] usb 4-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 229.811472][ T5900] usb 5-1: can't read configurations, error -61 [ 229.829635][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.860903][ T7522] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 229.962582][ T5900] usb 5-1: new high-speed USB device number 27 using dummy_hcd [ 230.192397][ T5900] usb 5-1: Using ep0 maxpacket: 8 [ 230.201525][ T43] input: Generic X-Box pad as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:179.65/input/input12 [ 230.215762][ T5900] usb 5-1: unable to get BOS descriptor or descriptor too short [ 230.444673][ T7522] [ 230.447058][ T7522] ====================================================== [ 230.454096][ T7522] WARNING: possible circular locking dependency detected [ 230.461137][ T7522] 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 Not tainted [ 230.467926][ T7522] ------------------------------------------------------ [ 230.474963][ T7522] syz.3.469/7522 is trying to acquire lock: [ 230.480872][ T7522] ffff888029502870 (&newdev->mutex){+.+.}-{4:4}, at: uinput_request_submit+0x188/0x6f0 [ 230.490596][ T7522] [ 230.490596][ T7522] but task is already holding lock: [ 230.497988][ T7522] ffff8880295008b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x398/0xae0 [ 230.506842][ T7522] [ 230.506842][ T7522] which lock already depends on the new lock. [ 230.506842][ T7522] [ 230.517266][ T7522] [ 230.517266][ T7522] the existing dependency chain (in reverse order) is: [ 230.526297][ T7522] [ 230.526297][ T7522] -> #3 (&ff->mutex){+.+.}-{4:4}: [ 230.533549][ T7522] lock_acquire+0x120/0x360 [ 230.538617][ T7522] __mutex_lock+0x182/0xe80 [ 230.543686][ T7522] input_ff_flush+0x5e/0x140 [ 230.548847][ T7522] input_flush_device+0xa6/0xd0 [ 230.554251][ T7522] evdev_release+0xe1/0x800 [ 230.559309][ T7522] __fput+0x44c/0xa70 [ 230.563847][ T7522] fput_close_sync+0x119/0x200 [ 230.569166][ T7522] __x64_sys_close+0x7f/0x110 [ 230.574412][ T7522] do_syscall_64+0xfa/0x3b0 [ 230.579474][ T7522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.585916][ T7522] [ 230.585916][ T7522] -> #2 (&dev->mutex#2){+.+.}-{4:4}: [ 230.593448][ T7522] lock_acquire+0x120/0x360 [ 230.598510][ T7522] __mutex_lock+0x182/0xe80 [ 230.603567][ T7522] input_register_handle+0x18f/0x4c0 [ 230.609403][ T7522] kbd_connect+0xc3/0x140 [ 230.614289][ T7522] input_register_device+0xcee/0x10b0 [ 230.620206][ T7522] acpi_button_add+0x6b1/0xb50 [ 230.625510][ T7522] acpi_device_probe+0xa8/0x2d0 [ 230.630896][ T7522] really_probe+0x26a/0x9a0 [ 230.635959][ T7522] __driver_probe_device+0x18c/0x2f0 [ 230.641788][ T7522] driver_probe_device+0x4f/0x430 [ 230.647378][ T7522] __driver_attach+0x452/0x700 [ 230.652693][ T7522] bus_for_each_dev+0x230/0x2b0 [ 230.658090][ T7522] bus_add_driver+0x345/0x640 [ 230.663315][ T7522] driver_register+0x23a/0x320 [ 230.668633][ T7522] do_one_initcall+0x233/0x820 [ 230.673941][ T7522] do_initcall_level+0x137/0x1f0 [ 230.679444][ T7522] do_initcalls+0x69/0xd0 [ 230.684338][ T7522] kernel_init_freeable+0x3d9/0x570 [ 230.690087][ T7522] kernel_init+0x1d/0x1d0 [ 230.694964][ T7522] ret_from_fork+0x3f9/0x770 [ 230.700110][ T7522] ret_from_fork_asm+0x1a/0x30 [ 230.705421][ T7522] [ 230.705421][ T7522] -> #1 (input_mutex){+.+.}-{4:4}: [ 230.712765][ T7522] lock_acquire+0x120/0x360 [ 230.717830][ T7522] __mutex_lock+0x182/0xe80 [ 230.722894][ T7522] input_register_device+0xa74/0x10b0 [ 230.728832][ T7522] uinput_create_device+0x422/0x670 [ 230.734593][ T7522] uinput_ioctl_handler+0x3f0/0x1570 [ 230.740432][ T7522] __se_sys_ioctl+0xf9/0x170 [ 230.745576][ T7522] do_syscall_64+0xfa/0x3b0 [ 230.750632][ T7522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.757086][ T7522] [ 230.757086][ T7522] -> #0 (&newdev->mutex){+.+.}-{4:4}: [ 230.764691][ T7522] validate_chain+0xb9b/0x2140 [ 230.770018][ T7522] __lock_acquire+0xab9/0xd20 [ 230.775251][ T7522] lock_acquire+0x120/0x360 [ 230.780306][ T7522] __mutex_lock+0x182/0xe80 [ 230.785367][ T7522] uinput_request_submit+0x188/0x6f0 [ 230.791212][ T7522] uinput_dev_upload_effect+0x150/0x1e0 [ 230.797324][ T7522] input_ff_upload+0x5fc/0xae0 [ 230.802644][ T7522] evdev_ioctl_handler+0x1644/0x1f10 [ 230.808483][ T7522] __se_sys_ioctl+0xf9/0x170 [ 230.813631][ T7522] do_syscall_64+0xfa/0x3b0 [ 230.818691][ T7522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.825126][ T7522] [ 230.825126][ T7522] other info that might help us debug this: [ 230.825126][ T7522] [ 230.835371][ T7522] Chain exists of: [ 230.835371][ T7522] &newdev->mutex --> &dev->mutex#2 --> &ff->mutex [ 230.835371][ T7522] [ 230.847769][ T7522] Possible unsafe locking scenario: [ 230.847769][ T7522] [ 230.855235][ T7522] CPU0 CPU1 [ 230.860618][ T7522] ---- ---- [ 230.866008][ T7522] lock(&ff->mutex); [ 230.870029][ T7522] lock(&dev->mutex#2); [ 230.876838][ T7522] lock(&ff->mutex); [ 230.883425][ T7522] lock(&newdev->mutex); [ 230.887785][ T7522] [ 230.887785][ T7522] *** DEADLOCK *** [ 230.887785][ T7522] [ 230.895947][ T7522] 2 locks held by syz.3.469/7522: [ 230.900998][ T7522] #0: ffff888055f28118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_ioctl_handler+0x121/0x1f10 [ 230.910987][ T7522] #1: ffff8880295008b0 (&ff->mutex){+.+.}-{4:4}, at: input_ff_upload+0x398/0xae0 [ 230.920278][ T7522] [ 230.920278][ T7522] stack backtrace: [ 230.926186][ T7522] CPU: 1 UID: 0 PID: 7522 Comm: syz.3.469 Not tainted 6.15.0-syzkaller-11802-g1af80d00e1e0 #0 PREEMPT(full) [ 230.926213][ T7522] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 230.926228][ T7522] Call Trace: [ 230.926236][ T7522] [ 230.926245][ T7522] dump_stack_lvl+0x189/0x250 [ 230.926283][ T7522] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.926315][ T7522] ? __pfx__printk+0x10/0x10 [ 230.926339][ T7522] ? print_lock_name+0xde/0x100 [ 230.926361][ T7522] print_circular_bug+0x2ee/0x310 [ 230.926386][ T7522] check_noncircular+0x134/0x160 [ 230.926410][ T7522] validate_chain+0xb9b/0x2140 [ 230.926433][ T7522] ? stack_trace_save+0x9c/0xe0 [ 230.926456][ T7522] ? __pfx_stack_trace_save+0x10/0x10 [ 230.926478][ T7522] ? __pfx_hlock_conflict+0x10/0x10 [ 230.926503][ T7522] __lock_acquire+0xab9/0xd20 [ 230.926536][ T7522] ? uinput_request_submit+0x188/0x6f0 [ 230.926568][ T7522] lock_acquire+0x120/0x360 [ 230.926596][ T7522] ? uinput_request_submit+0x188/0x6f0 [ 230.926657][ T7522] __mutex_lock+0x182/0xe80 [ 230.926706][ T7522] ? uinput_request_submit+0x188/0x6f0 [ 230.926738][ T7522] ? __lock_acquire+0xab9/0xd20 [ 230.926768][ T7522] ? uinput_request_submit+0x188/0x6f0 [ 230.926801][ T7522] ? __pfx___mutex_lock+0x10/0x10 [ 230.926837][ T7522] ? do_raw_spin_unlock+0x122/0x240 [ 230.926881][ T7522] ? _raw_spin_unlock+0x28/0x50 [ 230.926908][ T7522] ? uinput_request_alloc_id+0x3cf/0x400 [ 230.926942][ T7522] uinput_request_submit+0x188/0x6f0 [ 230.926975][ T7522] ? __mutex_trylock_common+0x153/0x260 [ 230.927009][ T7522] ? __pfx_uinput_request_submit+0x10/0x10 [ 230.927044][ T7522] ? rcu_is_watching+0x15/0xb0 [ 230.927064][ T7522] ? trace_contention_end+0x39/0x120 [ 230.927086][ T7522] ? __mutex_lock+0x330/0xe80 [ 230.927122][ T7522] uinput_dev_upload_effect+0x150/0x1e0 [ 230.927167][ T7522] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 230.927205][ T7522] ? __pfx_uinput_dev_upload_effect+0x10/0x10 [ 230.927242][ T7522] input_ff_upload+0x5fc/0xae0 [ 230.927277][ T7522] evdev_ioctl_handler+0x1644/0x1f10 [ 230.927307][ T7522] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 230.927337][ T7522] ? __pfx_evdev_ioctl_handler+0x10/0x10 [ 230.927365][ T7522] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 230.927396][ T7522] ? __lock_acquire+0xab9/0xd20 [ 230.927439][ T7522] ? __fget_files+0x2a/0x420 [ 230.927465][ T7522] ? bpf_lsm_file_ioctl+0x9/0x20 [ 230.927497][ T7522] ? __pfx_evdev_ioctl+0x10/0x10 [ 230.927521][ T7522] __se_sys_ioctl+0xf9/0x170 [ 230.927554][ T7522] do_syscall_64+0xfa/0x3b0 [ 230.927588][ T7522] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.927608][ T7522] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 230.927631][ T7522] ? clear_bhb_loop+0x60/0xb0 [ 230.927654][ T7522] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.927675][ T7522] RIP: 0033:0x7f250798e929 [ 230.927695][ T7522] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.927714][ T7522] RSP: 002b:00007f2508820038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 230.927736][ T7522] RAX: ffffffffffffffda RBX: 00007f2507bb5fa0 RCX: 00007f250798e929 [ 230.927753][ T7522] RDX: 0000200000000300 RSI: 0000000040304580 RDI: 0000000000000007 [ 230.927767][ T7522] RBP: 00007f2507a10ab1 R08: 0000000000000000 R09: 0000000000000000 [ 230.927780][ T7522] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 230.927793][ T7522] R13: 0000000000000000 R14: 00007f2507bb5fa0 R15: 00007f2507cdfa28 [ 230.927814][ T7522] [ 231.544187][ T5900] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 231.552098][ T5900] usb 5-1: can't read configurations, error -71 [ 231.584510][ T5900] usb usb5-port1: attempt power cycle [ 231.751393][ T1170] usb 4-1: USB disconnect, device number 32 [ 231.757452][ C1] xpad 4-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 231.757493][ C1] xpad 4-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 234.822358][ T1170] xpad 4-1:179.65: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -19