last executing test programs: 9.506475966s ago: executing program 1 (id=1962): r0 = socket$kcm(0x2, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) r4 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r4, 0xc0045516, &(0x7f00000000c0)=0x81) readv(r4, &(0x7f00000006c0)=[{&(0x7f0000001480)=""/4082, 0x48}], 0x1) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r4, 0xc1105517, &(0x7f0000000340)={{0xffffffff, 0x5, 0x0, 0xfffffffc, 'syz0\x00'}, 0x2, 0x2, 0x5, 0x0, 0x0, 0xff, 'syz0\x00', 0x0}) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r5 = socket(0x2, 0x2, 0x6) getsockopt$inet_int(r5, 0x0, 0x15, 0x0, &(0x7f00000000c0)) sendmmsg$inet(r0, &(0x7f0000000c40)=[{{&(0x7f0000000000)={0x2, 0x4e22, @multicast1}, 0x10, 0x0, 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="1000000000000000070005000000"], 0x10}}], 0x1, 0x4000) r6 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x402, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000006, 0x38011, r6, 0x0) mremap(&(0x7f00005ab000/0x1000)=nil, 0x1000, 0x2000, 0x4, &(0x7f00007f1000/0x2000)=nil) r7 = userfaultfd(0x1) ioctl$UFFDIO_API(r7, 0xc018aa3f, &(0x7f00000004c0)) ioctl$UFFDIO_UNREGISTER(r7, 0x8010aa01, &(0x7f0000000000)={&(0x7f0000ffd000/0x2000)=nil, 0x2000}) socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)=@newlink={0x40, 0x10, 0x401, 0x70bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, 0x0, 0xb2b, 0xa49c}, [@IFLA_LINKINFO={0x20, 0x12, 0x0, 0x1, @gtp={{0x8}, {0x14, 0x2, 0x0, 0x1, [@IFLA_GTP_FD0={0x8}, @IFLA_GTP_FD1={0x8}]}}}]}, 0x40}}, 0x0) 8.181651575s ago: executing program 1 (id=1967): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = openat$rdma_cm(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) write$RDMA_USER_CM_CMD_RESOLVE_IP(r1, &(0x7f00000004c0)={0x14, 0x40, 0xfa00, {{0xa, 0x4e21, 0x9, @private0={0xfc, 0x0, '\x00', 0x4}}, {0xa, 0x4e21, 0xd84, @local, 0x3ff}, 0xffffffffffffffff, 0x1}}, 0x48) ioctl$SNDCTL_DSP_SETTRIGGER(r0, 0x40045010, &(0x7f00000002c0)=0x3) syz_emit_ethernet(0x46, &(0x7f0000000000)={@local, @dev, @void, {@ipv4={0x800, @tcp={{0x9, 0x4, 0x0, 0x0, 0x38, 0x400, 0x0, 0x0, 0x6, 0x0, @private=0xa210104, @local, {[@timestamp_addr={0x44, 0x4, 0x24}, @generic={0x7, 0xb, "04b09f4ef516965125"}]}}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x6, 0x5, 0x0, 0x4}}}}}}, 0x0) read$dsp(r0, &(0x7f0000000340)=""/100, 0x64) r2 = syz_open_dev$usbfs(&(0x7f0000003f00), 0x200, 0xa401) ioctl$USBDEVFS_GETDRIVER(r2, 0x41045508, &(0x7f0000000540)={0x3, "7fbeb87371254ef987e55335b2c465928c5a297820e0a4e391c6ebfbe1b55500dc113eda2167afbd0467b2e01e47dcc38174227e7ead629a73b5eb3363aeef140157a1036b756a4cf6e1fbe18b7315721f3eacbaf287ed02b9bdae4e838053300953f629e08cbdf4f34db1a19f6503000000000000003c8da757aba9bf6422ad6208f4763c1556518d3f73f244950a10200a5f5cd04694b8837f77d611e831680440f2e02aa01badbba2b4cc4dfdad27116b15303bacdd21de560b439a924dae139fdf1f1af529eed4028e1da794031d2a303461adab7a9745d8d12a8cdfd05ddcd20ed9bb8273bfa124384a07747e80ce371b466e992a5622861245b15c55ca"}) 7.483517585s ago: executing program 1 (id=1970): r0 = openat$vcs(0xffffff9c, 0x0, 0x408500, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000100)={0x0}, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000180)={0xfd5, 0x0, 0x4, 0x400, 0x6, 0xbf3d, 0x9, 0x7, r1}, &(0x7f0000000200)=0x20) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r3 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5865, 0x10, 0x2, 0x24d}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x100847c0, 0x0, 0x1, 0x0, 0x0) preadv(r2, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/249, 0xf9}], 0x1, 0x5, 0x5) r6 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) modify_ldt$write(0x1, &(0x7f0000000000)={0x80, 0x0, 0x400}, 0x10) ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000000)=0x1) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f0000000300)) sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x14, 0x1, 0x8, 0x5, 0x0, 0x0, {0x2, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x40440c1}, 0x20008040) 7.298487712s ago: executing program 0 (id=1972): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000100)={0xa, 0x4e22}, 0x1c) listen(r0, 0xfff) syz_emit_ethernet(0x4a, &(0x7f0000000440)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x14, 0x6, 0x0, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x2}}}}}}}, 0x0) syz_emit_ethernet(0x4e, &(0x7f00000002c0)={@local, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "0a8435", 0x18, 0x6, 0x1, @remote, @local, {[], {{0x0, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x7b01, 0x0, 0x0, {[@eol]}}}}}}}}, 0x0) 7.217531862s ago: executing program 0 (id=1973): r0 = syz_usb_connect$uac1(0x3, 0x9d, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8b, 0x3, 0x1, 0x8, 0x0, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1000, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x4, 0x7, 0x9, {0x7, 0x25, 0x1, 0x1, 0x2, 0x3}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x2, 0x40, 0x6, 0x9, "", "7be0"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x40, 0x4, 0xae, 0x9, "041905f022307589"}, @as_header={0x7, 0x24, 0x1, 0x8, 0x4, 0x1001}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x3, 0x4, 0x2, 0x7, '\rED'}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x40, 0x80, 0x98, {0x7, 0x25, 0x1, 0x82, 0x8, 0xf}}}}}}}]}}, &(0x7f00000006c0)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x200, 0xf, 0xf9, 0x9, 0xff, 0x5}, 0xec, &(0x7f00000002c0)={0x5, 0xf, 0xec, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xf, 0x8, 0x3, 0x3d3}, @wireless={0xb, 0x10, 0x1, 0x2, 0x28, 0x2, 0x92, 0x4d20, 0x6}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "7a4dc8be386d07c39c73afbb3db20dbb"}, @generic={0xbe, 0x10, 0xa, "aa5f9f1998dc9b9bdb921ea388b39d78a40fcfc5514fd5ea8b80a80c33a93711b6d2698677732bb1d345aef1b2742239a4af0dbd18ff113825c576602dbb7029e647b26b24c26b0c5f0b26a0eedc3625dd41c7a9ffc1f99db8d700f324ecfda4b3948c60f4546c9112a725ce3fba00e1eb9622651741e207e15953ee6c6b7f4e73119e5a2d1d30cc6b2fa7a674bf9d73846366981640d85ec73446adeef0682b9f5255a1e42632b1b1c0d000547964f4e8f2b2d1ffb25bffe74e70"}]}, 0x7, [{0x85, &(0x7f00000003c0)=@string={0x85, 0x3, "d91c6b47b5fac45de1ac98faa769359aec7fda49a4771b4f87ff3abc982f2b5cbf43717918946701052e42368f21288788867e0e447017a4c1070826f4648093d31780630fd655bd5b59a1467e61cdc9fa8261631d5bbc77c23b3cfe5d0493106b1db75337d47b31618b394e0f886fc3814681f891798a95a1b88c1f80b78d272ac6df"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x81a}}, {0x26, &(0x7f00000004c0)=@string={0x26, 0x3, "54822b06c076e071d4a875560d96a0c0f4df02bc6e128c38968802b978bce44538cb196a"}}, {0xf1, &(0x7f0000000500)=@string={0xf1, 0x3, "9294180c908bfbcefc3400a58cbfaa82539df94de8f4e019144819b2cfed818a76079b571647350a3e37d216a644f23034fece62ff1ac4bb35d68c57ff02ea0ecd8efa4e7d604e30254c1eae77bd1584a5326aad10a84ce90b9bf48fcec4bcf9356fe8b86bee677b41bd59bcf323f399522bb1cd3cd2eab886f82d44825dc8f4476c1ba741f5d53013c93e730004910f319ac4bb16fc709b462cf2084236517abcec61408789913928dbebeedb7844b7bf5858b39d209030daa0dc8ff4ed806d1f2086874a5f3d0906716aa64b7b332ade02df05e36a76c48d887a2a9bd9821d3554b0611543400f3ad3e7d5656090"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x7c51}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0xc09}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x810}}]}) syz_usb_control_io(r0, &(0x7f0000000880)={0x18, &(0x7f0000000740)={0x20, 0x1e, 0x27, {0x27, 0x11, "23e6745caf576deef1f22d9b863aff0ee8a8337a40eb8c62de6339200df6a32e8eea252d09"}}, &(0x7f0000000780)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x140a}}, &(0x7f00000007c0)={0x0, 0xf, 0x20, {0x5, 0xf, 0x20, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x1, 0x3, 0x3}, @ssp_cap={0x14, 0x10, 0xa, 0x7, 0x2, 0x3, 0xf00, 0x101, [0xc03f, 0xf]}]}}, &(0x7f0000000800)={0x20, 0x29, 0xf, {0xf, 0x29, 0xff, 0x4, 0x9, 0x2, "2fdaa7e0", "285f06fd"}}, &(0x7f0000000840)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x2, 0x1b, 0xc, 0x10, 0xff, 0x10}}}, &(0x7f0000000d40)={0x44, &(0x7f00000008c0)={0x0, 0x31, 0xb8, "09e7068c242a962e06a3c2c383920fb2039cd419736fd7a05e335f15be26b6749452e7a4de5ffe65d046976b341cc4b7229fce7a5949a98fff8b3376dbf32d4ec237219003fddd02e930cac2e4a6847af5e713421f4546b4c19d3ede6e23f4737b45b198f1712bc2ebcbbac9ef1d76cabfd42240e77eab006e3eb95421f795f1b1bd529b1d1cd3130df5d621128af007a88d8893c63eb6af354623cf80e7cb3b16c89b2db6411b76c82536e47b387cc32c3aaa5455709347"}, &(0x7f0000000980)={0x0, 0xa, 0x1, 0x4}, &(0x7f00000009c0)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000000a00)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000a40)={0x20, 0x0, 0x4, {0x200, 0x8}}, &(0x7f0000000a80)={0x40, 0x7, 0x2, 0xff98}, &(0x7f0000000ac0)={0x40, 0x9, 0x1}, &(0x7f0000000b00)={0x40, 0xb, 0x2, "115f"}, &(0x7f0000000b40)={0x40, 0xf, 0x2, 0x1e7}, &(0x7f0000000b80)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, &(0x7f0000000bc0)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, &(0x7f0000000c00)={0x40, 0x19, 0x2, "f578"}, &(0x7f0000000c40)={0x40, 0x1a, 0x2, 0x200}, &(0x7f0000000c80)={0x40, 0x1c, 0x1}, &(0x7f0000000cc0)={0x40, 0x1e, 0x1, 0x5}, &(0x7f0000000d00)={0x40, 0x21, 0x1, 0x39}}) openat$proc_mixer(0xffffff9c, &(0x7f00000011c0)='/proc/asound/card3/oss_mixer\x00', 0x20000, 0x0) 5.813746375s ago: executing program 3 (id=1986): r0 = openat$6lowpan_enable(0xffffff9c, &(0x7f0000000080), 0x2, 0x0) r1 = openat$vmci(0xffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$IOCTL_VMCI_QUEUEPAIR_DETACH(r1, 0x7aa, &(0x7f00000000c0)={{@my=0x1, 0x66}, 0x521, 0x7}) readv(r0, &(0x7f0000000000)=[{&(0x7f0000000100)=""/175, 0xaf}, {&(0x7f00000001c0)=""/237, 0xed}, {&(0x7f00000002c0)=""/238, 0xee}], 0x3) 5.775560116s ago: executing program 3 (id=1987): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)={{0x14, 0x10, 0x1, 0x0, 0x3400}, [@NFT_MSG_NEWRULE={0x20, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x10) 5.689787689s ago: executing program 3 (id=1988): ioctl$sock_SIOCSIFVLAN_ADD_VLAN_CMD(0xffffffffffffffff, 0x8983, &(0x7f0000000000)={0x0, 'vlan1\x00', {0x2}, 0x4006}) syz_usb_control_io(0xffffffffffffffff, 0x0, &(0x7f0000000780)={0x44, &(0x7f0000000000)=ANY=[@ANYBLOB="00300b00000000004720000040f400bec0"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)={{0x12, 0x1, 0x0, 0x1d, 0x12, 0x26, 0x10, 0x18d1, 0x1eaf, 0x779, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xe1, 0x15, 0x3d}}]}}]}}, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000800)={0x10, &(0x7f0000000200)=ANY=[@ANYBLOB="000402000000215ab148"], 0x0, 0x0}) r1 = syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) ioctl$SCSI_IOCTL_GET_PCI(r1, 0x5393, &(0x7f0000000000)) 4.283864165s ago: executing program 1 (id=1990): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x1f, &(0x7f0000000240)={0x1, &(0x7f00000001c0)=[{0x64, 0x8, 0x8, 0x3}]}) 4.224283563s ago: executing program 3 (id=1991): r0 = socket$kcm(0x2, 0x5, 0x84) sendmsg$inet(r0, &(0x7f0000002980)={&(0x7f0000000180)={0x2, 0x0, @dev}, 0x10, &(0x7f0000001400)=[{&(0x7f00000004c0)="5f74a8", 0x3}], 0x1}, 0x4000000) setsockopt$sock_attach_bpf(r0, 0x84, 0x1e, &(0x7f0000000000), 0x10) r1 = socket$kcm(0x2, 0x3, 0x2) r2 = socket$kcm(0x2, 0x3, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x40046602, &(0x7f0000000040)={'wg1\x00', @random="0200ac7f7f00"}) ioctl$SIOCSIFHWADDR(r1, 0x8916, &(0x7f0000000080)={'veth1_macvtap\x00', @random="0200ac7f7f00"}) 4.116928472s ago: executing program 0 (id=1992): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000280)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x458, 0x5013, 0x0, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x2, 0x1, 0x3, 0x0, 0x0, 0x0, {0x9, 0x21, 0x0, 0x64, 0x1, {0x22, 0x4f8}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0x4, 0xbc}}}}}]}}]}}, 0x0) syz_usb_connect(0x3, 0x47d, &(0x7f0000000380)={{0x12, 0x1, 0x110, 0xfe, 0x4f, 0x25, 0x40, 0xcaa, 0x3001, 0x53ed, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x46b, 0x3, 0x0, 0xe6, 0x70, 0x5, [{{0x9, 0x4, 0x5f, 0x5, 0x6, 0x30, 0xc9, 0x7f, 0x3, [@uac_control={{0xa, 0x24, 0x1, 0x8, 0x9}, [@extension_unit={0x7, 0x24, 0x8, 0x2, 0x4, 0x1}, @selector_unit={0xb, 0x24, 0x5, 0x6, 0x2, "596d5fa2cc8a"}, @extension_unit={0xb, 0x24, 0x8, 0x4, 0x1000, 0x5, "ac747e13"}, @selector_unit={0xb, 0x24, 0x5, 0x4, 0xf6, "64a04b1a84fd"}]}], [{{0x9, 0x5, 0x0, 0x10, 0x3ff, 0x7, 0x5, 0x1}}, {{0x9, 0x5, 0x80, 0x10, 0x200, 0xa8, 0x8, 0x8, [@generic={0x20, 0x22, "73414a60dfad54e0184c5c751b2d401a0920e884ca203bda17977cc04676"}, @generic={0x94, 0x2, "19b3d9e1a4461ef984ec86d4cf2a3d944170515a5c2f1d01d75a9ada4264c690ae40b35fc9ae8cc8feace38d0da634e2ed017ddfab06a63d03d459db83303b95bb66333bfb8c3f7822f76350d67723932f4f17d1582c8caa6e21411cbcf50998a74b92ed46752553c74ee1f253ee08acea1c6c05202de82020e3e716e9f77ae1dac8bb38f9521aa4e8ad6b19e14a6d9d91f9"}]}}, {{0x9, 0x5, 0xf, 0x8, 0x3ff, 0x5, 0x8, 0xff}}, {{0x9, 0x5, 0x6, 0x8, 0x8, 0x6, 0x4, 0x6, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x3}]}}, {{0x9, 0x5, 0xb, 0x0, 0x10, 0x7, 0x6, 0x2}}, {{0x9, 0x5, 0xb, 0x10, 0x210, 0x1, 0x4, 0x2}}]}}, {{0x9, 0x4, 0x6b, 0xe0, 0x10, 0xcb, 0x25, 0xdc, 0x1, [], [{{0x9, 0x5, 0x6, 0xc, 0x10, 0x1, 0x3, 0x8}}, {{0x9, 0x5, 0x6, 0xc, 0x10, 0x2, 0x78, 0x5, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xb8, 0x41}]}}, {{0x9, 0x5, 0x2, 0x1, 0x200, 0xb, 0x40, 0x64, [@generic={0x4a, 0x21, "25fab4d635d6f30db5a42310619d9d40ba362132c8f751cb5d779e2b85e6b3c03eb073126764a0b2d8081454eae133fdde8b18f9f0959e70d098552f11e4147b697f4a49594175d7"}]}}, {{0x9, 0x5, 0x5, 0x0, 0x40, 0x4, 0x6, 0x2}}, {{0x9, 0x5, 0xf, 0x10, 0x400, 0x9, 0x2, 0x56}}, {{0x9, 0x5, 0x3, 0x2, 0x10, 0x22, 0x4, 0x3, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0x2, 0xa}]}}, {{0x9, 0x5, 0xc, 0x8, 0x10, 0x4, 0x40, 0x3}}, {{0x9, 0x5, 0xd, 0x10, 0x10, 0x5, 0x1, 0x7}}, {{0x9, 0x5, 0xa, 0x10, 0x8, 0xd7, 0x9, 0x2}}, {{0x9, 0x5, 0x6, 0xc, 0x3ff, 0x7, 0x80, 0x3, [@generic={0x44, 0x11, "c003c27d6a7c1d128cfe7248ce460df88cbe3e89c348062b7ab49c8fda0097bbc25eb2343468a6d9ccd71ca3710e4f60301cf27946b2aa9bb7fb10255acf4147a71a"}]}}, {{0x9, 0x5, 0x5, 0x4, 0x20, 0x7d, 0x0, 0x1, [@generic={0x97, 0x8, "092d8bcf304f07a55ec224a1377f93376cc1b1f70089b866ae86cc55e92e1c9896c9f66358d8e7d1e798af335462de39597c3d952bafb8902298f588fe8ca39c455574ce3123e364f11ffde6fd7512490def38a2b310ba47d2f8d0bd840510d803760b6a43f052ceb8b4052a72f856d9f153e54fff88b53de644b021b0626d5355ab442dc567dce8042ff525d567ebd94ee3868b5a"}, @uac_iso={0x7, 0x25, 0x1, 0x2, 0x0, 0x8c1}]}}, {{0x9, 0x5, 0x2, 0x8, 0x400, 0x91, 0xb, 0x4, [@generic={0x17, 0x21, "559a6ed01da37a1a1039d446e4dd3029b9c511ff57"}, @generic={0x91, 0xe, "172b143d1b28c70786d747bc2f8814c62dd3f1026fae2785c9b6340b6abf9370e008b88e1d246b26e89c1c24294de15e20f6d4a1be98c0c59fb112624c309002ebb5faa4501826d83f453e267a90535754f3b4a6c46eeb3436a1cd1d490578e310a39c11e85618c214a61afd496207d1bc714f7bf9e2e9b8417e8cba23b5bd8868aff97ccd6b1d543748840c1e0db6"}]}}, {{0x9, 0x5, 0x4, 0xc, 0x200, 0xec, 0x7, 0x1}}, {{0x9, 0x5, 0x2, 0x3, 0x3ff, 0xbc, 0x9c, 0xbb}}, {{0x9, 0x5, 0xd, 0x8, 0x20, 0x85, 0x9, 0x6f, [@uac_iso={0x7, 0x25, 0x1, 0x83, 0xd, 0x100}]}}, {{0x9, 0x5, 0xc, 0x10, 0x400, 0x5, 0xfb, 0x95, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x7833}, @generic={0x2a, 0x21, "45b5562b42bdc90c19098cd460cd2c558a89eba376ca5463d8551a16e1e7f363adbf5b0c86a9083b"}]}}]}}, {{0x9, 0x4, 0x82, 0x7f, 0x2, 0xff, 0x24, 0x65, 0x6, [@cdc_ecm={{0x7, 0x24, 0x6, 0x0, 0x0, "81ad"}, {0x5, 0x24, 0x0, 0x80}, {0xd, 0x24, 0xf, 0x1, 0x464, 0xfff9, 0x1, 0x2}, [@obex={0x5}, @mbim={0xc, 0x24, 0x1b, 0x3f6, 0x8001, 0x1, 0xac, 0xfff7, 0x48}, @obex={0x5, 0x24, 0x15, 0x578}, @acm={0x4, 0x24, 0x2, 0xc}, @ncm={0x6, 0x24, 0x1a, 0x1, 0xa}]}, @hid_hid={0x9, 0x21, 0x0, 0x7, 0x1, {0x22, 0x117}}], [{{0x9, 0x5, 0x8, 0x4, 0x400, 0x6, 0x9, 0x81, [@generic={0x19, 0x30, "a47fd3cd6107a04cf35a9ec1b504ce62743e6bf26f91ba"}, @uac_iso={0x7, 0x25, 0x1, 0x1, 0x5, 0x9}]}}, {{0x9, 0x5, 0xe, 0x7c6af9dcd63abf60, 0x8, 0x18, 0x8, 0x7, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x34, 0x7}]}}]}}]}}]}}, &(0x7f00000002c0)={0xa, &(0x7f0000000000)={0xa, 0x6, 0x250, 0x4, 0x2, 0x6, 0x40, 0xff}, 0xf, &(0x7f0000000080)={0x5, 0xf, 0xf, 0x1, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0xb, 0x5, 0xe, 0x2}]}, 0x6, [{0x4, &(0x7f00000000c0)=@lang_id={0x4, 0x3, 0x457}}, {0x7c, &(0x7f0000000100)=@string={0x7c, 0x3, "0546e7ce79a0556921cc6a93165e0357e96012a213cd15185d6ea1621b522e01dfeed6fce0c4924e301a6fe812ca116b79a4879efc440b22a4f7f998fd2fb0e0cd5f55b61402429b17bd1f399788adbf26e4aed29c9b81d7110a2223173085be4260aeb23c741b786ece3a2d282266c5ba6a436c5adf760d0824"}}, {0x7d, &(0x7f0000000180)=@string={0x7d, 0x3, "10410d495b1b39b4786b2c131fd7756dd6397ca19e13d6d966f7480ca18dd52804d71df7a48ad4bc74d4e0c6beeaf29bfa1ee33843c6037e66be88892b49fd84062da188ce7af15d09f00eb267a97859edb38be0bdc5e41e27c88e8755e26fa9444deed08900ec4d51a2efcb4ad949279b86cfc66c24b1211b968b"}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x180c}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x1407}}, {0xfb, &(0x7f0000000800)=@string={0xfb, 0x3, "4168a32c71c73bc6375640e764e504654a37eb013b40cde3f55513ab8db4ea83e10dff79907b7de44a7903911d336eedb28cb1c2838bcd7734797304d465a420e1fce504884f1689ba664531c7f4bfb4e02f7887e2c8064a84be17f59177af85fe114fd4eb7416c8eae66ccd418eb77002f24ab02278ccd44e3a94e6160eed8f11bbd66ebe15432db8eb5806f7328494b79eab43cfded9c995f9b1978f6bc6aa81e0f8c79895922c805c3f2de7f83541bb076907f1cd2cd52dbd4c4049eace0f603786682ba70a7f4bee2371909bbc3c358aa225c5b720c8fc68fe54c0eeb4c4303b297dba21e8ecd1e5a794d88cd7ed1a6f0a13a6fa737bb3"}}]}) (async) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) (async) mincore(&(0x7f0000156000/0xc00000)=nil, 0xc00000, &(0x7f0000001640)=""/4096) (async) syz_usb_control_io(r0, 0x0, 0x0) (async) syz_usb_control_io$hid(r0, &(0x7f0000000340)={0x24, 0x0, 0x0, &(0x7f0000000040)=ANY=[@ANYBLOB="00220508"], 0x0}, 0x0) 4.116379383s ago: executing program 1 (id=1993): sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[], 0xec}}, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) getrusage(0x0, 0x0) mprotect(&(0x7f0000000000/0x4000)=nil, 0x4000, 0x1) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x0, 0x0}) 3.525502701s ago: executing program 1 (id=2000): r0 = syz_usb_connect(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000459bb2405804035000000000000109021b000111000000090400000195699b0009", @ANYRES32], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x44, &(0x7f0000000180)={0x0, 0x0, 0x3, 'Yf\''}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000001e40)={0x2c, 0x0, 0x0, 0x0, &(0x7f0000001dc0)={0x20, 0x1, 0x34, "712bab"}, 0x0}) openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = userfaultfd(0x1) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f00000000c0)) sendmsg$key(0xffffffffffffffff, &(0x7f00005f5000)={0x1000000, 0x0, 0x0}, 0x0) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000080)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x2}) r2 = socket(0x40000000015, 0x5, 0x0) ioctl$TIOCGSID(0xffffffffffffffff, 0x5429, &(0x7f0000000100)) sendmsg$AUDIT_SET(r2, 0x0, 0x10) setsockopt$SO_RDS_TRANSPORT(r2, 0x114, 0x8, &(0x7f00000008c0), 0x4) r3 = bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x5, 0x81, 0x20, 0x9, 0x0, 0x1, 0x0, '\x00', 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, @void, @value, @void, @value}, 0x48) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000), &(0x7f0000000000), 0x402, r3}, 0x38) bind$inet(r2, &(0x7f0000000340)={0x2, 0x4e24, @loopback}, 0x10) ioctl$UFFDIO_COPY(r1, 0xc028aa05, &(0x7f0000000180)={&(0x7f00002b9000/0x400000)=nil, &(0x7f00003ab000/0x2000)=nil, 0x400000, 0x2, 0x2}) io_setup(0x2, &(0x7f0000000000)=0x0) r5 = eventfd(0x0) io_submit(r4, 0x2, &(0x7f00000002c0)=[&(0x7f00000001c0)={0x0, 0x0, 0x0, 0x5, 0x2, r2, &(0x7f0000000140)="f39cf3d63282d3fe98403e31d7f811ae3c8484ee49744e594a06f0a79cb8d7c8a6891ebf6fa2d79a41f95fb426c89b", 0x2f, 0x7, 0x0, 0x4, r5}, &(0x7f0000000280)={0x0, 0x0, 0x0, 0x5, 0x200, r1, &(0x7f0000000200)="b1aad2ef71060a6a0720c77da0ce5e6f50f600c7bcca464e0040c9cf4ea075aba70ec5f1c327315be5ada79091e923cb83aaee223d4468953898686def9c4deb38c7782400fcf258431e8dd99ea968fe181764bb6c8bbead91eca357374734d834fd4f31961ce0ee97b08521bd8f", 0xc9, 0x5, 0x0, 0x2}]) 3.305210027s ago: executing program 3 (id=2001): r0 = openat$vcs(0xffffff9c, 0x0, 0x408500, 0x0) getsockopt$inet_sctp_SCTP_SOCKOPT_PEELOFF(0xffffffffffffffff, 0x84, 0x66, &(0x7f0000000100)={0x0}, 0x0) getsockopt$inet_sctp_SCTP_DEFAULT_SEND_PARAM(r0, 0x84, 0xa, &(0x7f0000000180)={0xfd5, 0x0, 0x4, 0x400, 0x6, 0xbf3d, 0x9, 0x7, r1}, &(0x7f0000000200)=0x20) syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) r2 = syz_open_dev$char_usb(0xc, 0xb4, 0x0) r3 = syz_io_uring_setup(0x9e, &(0x7f0000000640)={0x0, 0x5865, 0x10, 0x2, 0x24d}, &(0x7f00000006c0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f00000002c0)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f0000000200)=@IORING_OP_READV=@pass_iovec={0x1, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r3, 0x100847c0, 0x0, 0x1, 0x0, 0x0) preadv(r2, &(0x7f00000001c0)=[{&(0x7f0000000080)=""/249, 0xf9}], 0x1, 0x5, 0x5) r6 = syz_open_dev$vim2m(&(0x7f00000001c0), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r6, 0xc0145608, &(0x7f00000000c0)={0x2, 0x1, 0x1}) modify_ldt$write(0x1, &(0x7f0000000000)={0x80, 0x0, 0x400}, 0x10) ioctl$vim2m_VIDIOC_STREAMOFF(r6, 0x40045612, &(0x7f0000000000)=0x1) r7 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r7}, 0x0) timer_settime(0x0, 0x0, &(0x7f0000000040)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ioctl$KVM_GET_CLOCK(r0, 0x8030ae7c, &(0x7f0000000300)) sendmsg$IPCTNL_MSG_TIMEOUT_GET(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000280)={0x14, 0x1, 0x8, 0x5, 0x0, 0x0, {0x2, 0x0, 0x1}}, 0x14}, 0x1, 0x0, 0x0, 0x40440c1}, 0x20008040) 2.456993655s ago: executing program 2 (id=2004): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_RINGS_SET(r0, &(0x7f0000000680)={0x0, 0x0, &(0x7f0000000640)={&(0x7f0000000200)={0x34, r1, 0x1, 0x0, 0xf00, {}, [@ETHTOOL_A_RINGS_TX={0x8}, @ETHTOOL_A_RINGS_HEADER={0x18, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_NAME={0x14, 0x2, 'wlan1\x00'}]}]}, 0x34}}, 0x0) 2.390334042s ago: executing program 2 (id=2005): r0 = socket$inet6(0xa, 0x2, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) r4 = userfaultfd(0x80001) ioctl$UFFDIO_API(r4, 0xc018aa3f, &(0x7f00000000c0)) ioctl$UFFDIO_REGISTER(r4, 0xc020aa00, &(0x7f0000000080)={{&(0x7f0000ffd000/0x3000)=nil, 0x3000}, 0x1}) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0x19) r5 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r5, 0x11b, 0x4, &(0x7f0000000340)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) ioctl$UFFDIO_COPY(r4, 0xc028aa05, &(0x7f0000000040)={&(0x7f0000ffd000/0x3000)=nil, &(0x7f0000000000/0x3000)=nil, 0x3000}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_RUN(r3, 0xae80, 0x0) bind$inet6(r0, &(0x7f0000f5dfe4)={0xa, 0x4e20, 0x0, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000007800)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f00000016c0)=""/181, 0xb5}, 0xffffffff}], 0x1, 0x832b, 0x0) setsockopt$inet6_int(r0, 0x29, 0x4a, &(0x7f0000000040)=0x7, 0x4) sendto$inet6(r0, 0x0, 0x0, 0x0, &(0x7f0000000300)={0xa, 0x4e20, 0x0, @mcast1}, 0x1c) 2.120971644s ago: executing program 4 (id=2006): openat$ppp(0xffffffffffffff9c, 0x0, 0x161042, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f0000000280)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000100)={0x1d, r1}, 0x18) fcntl$dupfd(r0, 0x406, r0) r2 = syz_io_uring_setup(0x497, &(0x7f0000000200)={0x0, 0x7279, 0x0, 0x4, 0x18e}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r5 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000700)={0x0, 0x18, 0xfa00, {0x0, &(0x7f00000006c0), 0x2}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000280)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000900), 0x111, 0x5}}, 0x20) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000100), 0x2, 0x6}}, 0x20) writev(r5, &(0x7f0000000000)=[{&(0x7f0000000080), 0x62}, {&(0x7f0000000100)="06010000246837f73199aee6fdb9291b3091ec1a2d41d2271b00d8ec030f5919f397867997f9c0efa9c9092a31cdbb98ea272787afda0af59a320709c3a59ef05c6f40ceafec53f48d6186e7d8409e35306221caf67b370d875eff3191932728e5ab6c9a3acf6ccee3e352c898f5744abaedfb53f92c37acb126bd143f3e9cdfcf25a8d6129fcc3a141c3f5ab6db772f87c787817a9b699dd60732d952716b103bc1e91ac5b1ed92f35389580994bb0df9bce07e7a80921888f984139f488d256a67fec0cbb5c4e93d5c151d97f676ab93b1efbd46f600dc964231e3257bf358448fddf894c0cdfa9115adbe5b19bc912fcbc8aac7719b649b1ff1267491da", 0x682c}, {&(0x7f0000001480)="d1ffacd516de50ac9d15bc75316da4defa1e72f65a65cdd26dcc389aacf7856da9aecf3765d4c032e1960faf25bad906b7d3440b6e71a82f1d8f8b8db35b6091f3af94c6b46b9ab10fe3923f268771078d2668be7bd3eb941d4bb5baa8547e36283a065ce5766cbff3a8fc37fc4507643d3786bbf231d3ed88cb8b01eab14e4372cf4f89bd1b853caa5d9f07f523b9dfa8cc09053ff36fde08e96fb6b3acc196b1bd1e2d3a6c65f585df7e2b8b17439a7ab29a7dfe642c2f0ac7a81eca8073b559663f2daf7a0832b2b09557794a21bf114831f8e6db3922d0cd169e5a8b4adc95d7322ee75944de15f57780b88fef7f3d9b256705ccfa2125b43ce8e3aacaead963cdd7f792f14c9b24493f9f830f6de8da93bbd4357095631adec14224dd9bb049e826f3a49624393e6a031103faff0902ba88ae30af4a61caa77ff956214196fcf3c5536d823284306f367afcb46fb43231911cc53091671e7d853ebf015241b18e9fb6ac6d9a7a1b05dfd6d9e56a51567cd8837dd045abf6b85550f0dd8dded43147ab9bfadc18b9984699d5d875cb21a95a7f584d8c466d033df75193f9ae58b85cfacc54f6c6e12a0debe40ee361a839563bc2cb64271672a55370c2b035b482074ce2487ef8a3bc1c68856e6e09539276d961a0c647f1ee3237496fc99623e8fd33faf7797d86a88dcee152d15e10739bcbbd6077b76867e291f350d999024c12faf81f83792f48f7f6dd66aa6854e460ef7f8c755f3a6dd76509ea0d2db39057a5129185b2fb11546cd5d6cc59f640e9028ae6c7075fba5e5b5593d7f79ec387833f465d09bde464112821eaec5e6e8f2aee8d7358f9c14afe2018856f610848706c71cda62493aef2e39efb71b4a8e804847eda66b2b5b1d75b478f19208ee1ac43afb2dbbba5dd0f29f6946022e09fb853cb176ca3474ba2fa67cb245fe85ec61a095d6fd9ac2ac5685920201617342fe56072427b9bd3626a1a371e67041fcda781be0c234d6feb5ad500e8bc7074381fd0d04983a4a6cdb6c8e03d59dc50925e9e4b24e6f8e455f02818959f2927f0a2d9ff62ec3c5c399077048f7d3dad0830b2e6563693f2f9d48eca8c34804a7626282a4a214d13786993c011a88194dbf7b23e25f592e62186c9fb565fac7632de356153c89a6be0b6b26ba48c2427424769fcbd7ee072ed4bd4d0731d06c8537d616b1145a6c70edb13fb4dba3565221b3a2897a23861cd0e8e0060021cdd7de002d5e785e5d6d3d07f4e445ada9c8d9ba8b819d0b5c7b5d15a5192d3a83c125c8e117c823a9e33316b8c9154e7330d3a865048dbd9c14757691bfe56f10423f6ab717bec5eebeac6ba9ad1aeb6cde09d7fda8e475a71ac48d46b8d9a40879c9dec2db5c4799e5fc8e8b3d419031c1033fce88ae2c93d7ca62c9302e6b45ca8dfebe5b92724f035e8e9d7704efb23f445999fe08cfa28404874d8acc8d37870d394d9fcc8dbe763bc85c37f0f3bcc2cbea420cd073db598e7d89c14a31e5bf57cbefa301427c93091505f1f3e5cdf712958b2e8fc56684d3388107c1728f0e5a3be2164246071653e256ed3bf3000c17301da9a5a3d9ca475867c4f311a24e5ae909a62047a9e6bb71cbcb4f159c2ef0f66b4d0f9da51aba99cd9448443dd277362af18d32f111c48a952ef555b2c7c58b997ce61e74cc7551b57eaffe411219baddf490926d8e260dcd87c069e617195c352950f9b51ce88c12c4f7997ba515f77e68d44f831cdf4d7ee8b1b7cedcb4c4fc7e85ba288c8555d49d5b4b9bb70dc4b688bd12e6b38e37150f3ea457a76b23d5abe6551ea598e090aed87822b0954b8db1a7c605c925b7f9240b0e7a020f292a1fd4a37c74139bc6e7ff08373ebfc8feea371ae0b6c61c715f6f1f4b0b994c7e2e129f87db959aae6ff48664d824b29ba9f255890f9c537178db9c5302097891557f8175a46f308b1a2530aa726ea9d4cfce76db50637369724d0c5f51c97edb58ff5eb9b2434b3721b61688ba12471b97c6a65ba085e15406568ac852590701f2ef8451c5cf1191d70f51eaea9ddc4cbdd7428f627db5069111f65062d5cc34581826af3e670613dda99e31c42736aabd87be56e214ed606862a152455f91891b7430bae03284569c234588f495a5ecc4a23fad6ba34e2ee9ebde8c7f5f62c9344659375c2a1fe6fa6e4ef68712223b9471c513bb11429dbb8a45463c8882f462275ee0da567c60c2d8038843e0c20486676e9978f2aec9187820c94a6e7e519d06daf2ab198f5cafcab4d9c90a479800906192d66a3301a34fa6c5a931cea0a479a4d98d86d9de3e061323504b57186dd33df7a16ccb688c0de203666cb0a6b543a9d069dded44a3b432cbb71da921dcab6be1c2d7494d3b07841d9b4f9d659b5d3d3b2ed916f91588d589128e4b2d4448e6aab5a8160eddca0f6e022abb85e251a11cd6bae57a09b2c434ab5bdf6264afb20d5ab022d152e345bd32ba9283aa5b3cd9118bd271a8ac9083c98b8a83064e65428f7ad7b35bf1d60d4e703f22d2d316fc12bd68bcced82cf0962a3d5769c6a3d75d59f7a7b76454661fd3574b8c8e26d20c372407854505ea6c2406fbd8a1ba7bb017c565228aa6d03d18ed309a308ffb1ecec73c246413e7c70f25070eafed9e70d22e9e8b44125c44eceff37e65bf073bc6fad1ea2b72675af4bf70586a8f7e0f35700de94c802522897576ed115fa21b3d23a367844520b33f5b9aedc0245096765f4cb3b2ff4e54f39bd7346c2347875d75a931b17c6c424ddb4767e0e63cc7725a8fc4b1dbe7929b2f909cc5be8b09e63330341e6471dcac0f8b44693d01805a1467b71612260e2a273861b3697440a5f75497796bffcf79d62a4a50a6ed5ef2efe8c83374f2ecd08d8d628aa03b01a11caeb2bdecc0ab2abcecfa15627979d7c3f9dec5389fc6625e957f8075e23e636dd5514596189d568e14d33ae518e6e9978c6a36a74b49fdbd1260095c9abe447e618878039b75e305b1d2c9ddeb9e5cedb11802e0833739d8595d57d749c890c9290cca4aa96e6718747543796a187e54a66c2f71beefddf911a7a74b59c48ba642d5ecd4d415f48dfbde5baac8a4ba063c1b985d9f9f3180e8a1c8b2cf6a25c2ff17688cc858ac8b9c67960f09a1ca5f28f8e877159e00fe7fb10cca73b391508895e7e52c22f9b38d73dabd6ff7c55ebf4e1611daee8d52b4ceee49a6df7daeb81bf9d1c943a74c03d3dda52c5b99f3225c1b87074f5cef6187878bc5b665ec0561adcc9781280dd1c6592555d327afea78b21beeeb66a0af3eab3249245f41cdbca309d3fba5d4b345319dd0a26134c0c896f2c8d32fda28600013f6a4c95b4038faba70d6c480b360c55bdc0595f7ca636e85521ba505d894f9c5f0a90719bc9944f386ad7491422ff12f34a3c048708d51305a8cc5b2a502ac1575a14c75e9fb7219ede2f6d9c1b362230b6189e0d8cd8ccd11fd0325182c6e46c9977bf63aa02f7024aeb4389f989f5733a198b45e4329c4c1a538a009f216ad3ac09cac39547b4fd21a5d7146ea307ad9b9339f39d5161d17b59860a0aed38cd89d1b68c6438346d51a3a283074e34ee01d2eca527b1b3836ccdf7e807007152c79d14324e3d887c9551a9447527db4434810f5b0b73d855f32a0c89aa784e43f4c1657d408dd33f88aeae1e5186bbcc2a348b708e3cec9080e12ee3676beb5ee86a9b5cc4a3496c242b95a248906ed62f984b22373bdfd97515441f34e01006d8d1244aa88403f207cd8820ffe07634fc86d00f871c1e4c9e8fc1a00d295e36d98119599b62379cda10ada85efe7b50c5f38d8d010a2cd53db900939db1ffce14feffb7940d12842f4f2b507e1fa49e526752d1e3d80a0c2a75e870d85f77fd91fc46ac1b1288dd33338cdad154d6b80b5a925431868d62a3fb0036f28fe259a3f555f767526a9ea230c33843efc49ac3182a357845ea122d606ab22c9f937b2b905e02dd1cb07d380e3486be6167f00b6e6d90a3c1d6aee15da439a55542ce177e498998ba8ac69a848e63e4c7564e4dc04aad595fa1ab81275edafa0d352029c304200d2f2c5881cbf5a26b2141bdb117879cc11e7c13bd62f221ae1ac04dca3d8d58a13c130557ecf5f36184c7366d3852d0cbd6ca42f2a971d87c0bb204097af1a3abdab7b95d07fcdbf5f42607695dedcd26e30b8fc5cfd7b333a95f3ee69d5ba7911dadb1394285c437a0f26fc027737ba5ee7d63333f80acb59f1a7faf2ec3031c6533107502bffc92d8726a48ce00cdb5f1258d85ff8eb72bfb162e122022f1f3e8a72b41d2689d5228b1130fbc946384401f3bbe726314bb09d430333ad78de07b3cec5c18a4f4abb69507b6451ca4e610b8fc988c983426e0cc3b9d15393026eb75d3d08634b8a7495cef69aab83d27ea1b5b41f40b996dd10023d81f77d61192930ffc25cae1e149412322fcb0aa47bee3afc44ec3dda96c9294854e2cbaebfea6f9a90f0b3797d5f505824b4de964151569f881f87f9dd9d30a2a2f9ed01059a909cba157902903c77f2f3d056231e7c7483a3f35e04360e084f0d3f94a92c92c77b3f06479fbc417366d7fe87ddfcdfd86274f87a5f817b0f947924cbe2329f16f6b00c8a0ab96164f7b35fed38a388380af05c3600abc37a944c9e75a691728c26896ac3615297766f406aeb0f2fd147d68fad3fb3b032880280ebb4bf89252a36b0d9eb393daae72829b8da870b886676244897d5322b32703fcf138b66eedeb3024666a88fd99d8962f696ab7b34e19ced1bd27488aa2ffe5bfa11f8f9289bd8c052d4e88316cc33b0255ef1bfca4c17067d7f78175c56db481fe8dc6f73b1cbdf9d5823f115c9e03f2dfd07bc1ad88564d48b18cd9a30d83cbd5e6a3eedcb0ee86e5dd47f32820cb74dcf730b2052b31297b529e5e24f042335d13915e4048132fe1a101841e919c7870bb680eddead9a6111394bc12e274fbd88abaf2d254721c42e82abf4d1e319a631794ed6ce319ddd844ac5e9b1fc96dd9aaad42f2e087abe1b85430c4a00631970e3e74a6ed923f49e0df75685e044fae3fcea0af4dbfeebe0a9c2e73e8a89b89603a75f585e3ebba5453ae595da1469ea90ea3c9fb6a22411c56c58dfbf504caa629dbfc73ebbedc91669f2babf8b8215c525edf8feb366f104ffa9eb2bb79232660aece4730ef1ae8585c629ffe1390356a58e900da145b83ad177c7bb2d125e59d7ff4d3a8562efc620b4cf9b33c2305bbf1957e0f8b06f0fbe9c80db73b08fdd0be4a1ea4f91f52af47160040424aed8ac3c10251fb0b5d9be08247edf3dda5d1750d0597d60c8a0d9418a4e0c9325bb90f0886f9e5dda9e88ac1942ec1e53da0cf5ccad66b9cdfc2fdca784dd06a73713ef73785706d024873ddca5ccfcf0b91748a2c1fbd8c241934b5b473007b29d76aec5addf7b945a5f7abd6ddeccc8d0ccb26d69d4793b7224c27ba7bf45aac8a2be56086ab8c65ea69fdd593a01a29e2912378002d824bd98e6ed1c5dd5f33be529e640997f5f1bbde051fb2a669145966db4889bf32aa13777ac6c077c51bb8b2523954cea3adc307cfe53b8cbb00edf0c04c456392aea6613e8078a309dc538a6a24f80fc1b7f9fce3e3291ca6dab8090a634fcdb24e7a9de8aecd595b988f597cd623d148a8841b0a5203953166ea2e85316928f28dd2604d37c9ec80a49c0d91cbfe6d584b9b6a321b97bf99ae1d67985fd441976a828c97456003a7892c7c7f4a51bb49e3d3ea1e95ec29c89a2676", 0x1001}], 0x3) syz_io_uring_submit(r3, r4, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) io_uring_enter(r2, 0x3516, 0x0, 0x0, 0x0, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) r6 = socket(0x2b, 0x80801, 0x1) setsockopt$IPT_SO_SET_ADD_COUNTERS(r6, 0x0, 0x41, &(0x7f0000000180)={'filter\x00', 0x4, [{}, {}, {}, {}]}, 0x64) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r7 = syz_io_uring_setup(0x10d, &(0x7f0000000380)={0x0, 0x0, 0x80, 0xffffffff}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r8, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r8, r9, &(0x7f00000002c0)=@IORING_OP_SHUTDOWN={0x22, 0x9}) io_uring_enter(r7, 0x3516, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(0xffffffffffffffff, 0x4068aea3, 0x0) r10 = msgget$private(0x0, 0x100) msgsnd(r10, &(0x7f0000002900)={0x0, "2c5b92fe53d0a8d45c8df77b3a5b24f5b5f47fb21e984f7cd98be58672f21c05d89a28dd30d16695fd88872467e730c5c5b07c0baad7f374dbe55481983863b91989f7f9e702207af9ed03c1ce4f6eb9b24a840cf9e71f78cba191462144280a2866a9e564cdf705a0dcf7833ebd4d2f23d396cbe8ffa41ecb67a470e3bb3037a146b21a2af740178582259f87014c3647901b3c888b71cb87bcb145a83f4429394c319164566ac0c8821c5827f7c81d9a289c18b0808e9046145a3890f5273bab59211376b73224dc2cfc9a99c36c8266430e1877aa8fb26ccbdee4c77a0de31deb8729c07d000f3714455c7db1999b623eee354be50ae48db0bc57b0d663aeabe13198305efa3c242b6b1745acf3aaf07f57727548163f83393600bc81201c2792b82cc5cdaa5ba4ae7ecdb2db7defa75da39bfbcdc1c139ac6f945758e6f536796ee758ebc486b289244942a2db4721deede70ef5b975e2ef6f72e7530e2a48d4cbb74ce7a376939ddd77cdc6aab076c17bba11ad81fb16f55aec0a603d71da0c53bb4b10c369308e8d397bd797b54a9fbb2f8b96b982a5775124bd1a73d659d8ec88148e5c9ee4f6156071adb66ee79e19cc753724cc31b5883b7a8c0d2921aff7103de65c90b97e4acd5e18bb3f373b9cd32f6a03476d6324645fcc44adad16f2bf3935232b2d33e68f16882e264d01064d9d74bdd36d1a43a6157875309e8ca7d23e87d44ae57f8db8a005f6833f75016ee942f226686cd342e11cc3b035d815c3935d0104783cb3d4bc70c2f1a377ef865b1ae7f1f8da4bd85a748b24a592b020891acd6f1bd1f6462e0fa5bd704dd94e254a60f7da2794abd16fa208a2b3dd40b8b6c91502da6aa9ce0b49c30dc886e94f9c637d0279234f69e9cc824a9f9eab8b78437f839d19c2d33b26f3a4aee997de0a3a9f4e850f2672de91b03e4199a231ac11b370a8381f742bd42521dde5e5703306273f763c36a499b7dfd591847d9a037761fb6b5fe63259896d3cc5a92839c7f8c7bc30fdb87bdf10e20528f85eee2e898e505d85ea55c7ca6f8188c99203ac65ab028c3ec8537a4bab01abe8df789fce5bb267737e936ba40834855589736b9ddd9610593ba55853cc171a5f40b81dadc741a2dd608977251c67cf5265066c064d9f29f444f08d6e220f930856207a4fc954dfdc2aa0af045c2a1e053e37c88af310ed6394c7fb0593ff5b20d729a71c91bd509ea2e50aad1f878523463eda57c4199287f9265289cef64c4e38da47adee287055d8f54bb6f9f7082b8046d62be6d974dfee3b99784d3a7c2bf332711bba305d6d13954282a390ec2872ce52c84d25b38f2c29a797eb21f3a2df1b207382561df9ec9432cc14a99ac51ded0afd4e4a2ea0504c9500100000000000002726bbed0eeabf92a5d44b36b686976a0521439afd"}, 0x3ff, 0x0) msgctl$MSG_STAT(r10, 0xb, &(0x7f00000010c0)=""/125) ioctl$DRM_IOCTL_SET_CLIENT_CAP(0xffffffffffffffff, 0x4010640d, &(0x7f0000001080)={0x2, 0x2}) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) socketpair$tipc(0x1e, 0x2, 0x0, &(0x7f0000001040)) 1.829451048s ago: executing program 4 (id=2007): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000240)={0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000000c0)={'gretap0\x00', 0x0}) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) getgroups(0x0, 0x0) r3 = landlock_create_ruleset(&(0x7f0000000000)={0x903, 0x3, 0x2}, 0x18, 0x0) landlock_restrict_self(r3, 0x0) r4 = landlock_create_ruleset(&(0x7f0000000040)={0x8802, 0x0, 0x2}, 0x18, 0x0) landlock_restrict_self(r4, 0x0) r5 = socket$inet6(0xa, 0x3, 0xff) connect$inet6(r5, &(0x7f0000000000)={0xa, 0x4c21, 0x84, @mcast1, 0x5}, 0x1c) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000440)=@newqdisc={0x78, 0x24, 0xf0b, 0x70bd29, 0x0, {0x60, 0x0, 0x0, r2, {}, {0xffff, 0xffff}, {0xb}}, [@qdisc_kind_options=@q_sfq={{0x8}, {0x4c, 0x2, {{0x1000, 0x30000, 0xe, 0x4, 0x4}, 0x3, 0x1, 0x0, 0x7, 0x8153, 0x5b, 0x7, 0xf, 0x5, 0x7, {0x0, 0x100, 0x9, 0x53, 0x3, 0x3}}}}]}, 0x78}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) r6 = bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b0000000000000000000000000004"], 0x48) bpf$PROG_LOAD(0x5, &(0x7f0000000840)={0x8, 0xf, &(0x7f00000006c0)=ANY=[@ANYBLOB="1808000000010000000000000000000018110000", @ANYRES32=r6, @ANYBLOB="0000000000000000b702000014000000b7030000000000008500000005000000bf0900000000000055090100000000009500000000000000be98000000000000b5080000000000008500000007000000b70000000000000095"], &(0x7f0000000980)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @cgroup_skb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r7 = openat(0xffffffffffffff9c, &(0x7f00000002c0)='./file1\x00', 0x8042, 0x0) fcntl$setlease(r7, 0x400, 0x1) fcntl$setlease(r7, 0x400, 0x1) r8 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='blkio.bfq.avg_queue_size\x00', 0x275a, 0x0) write$binfmt_script(r8, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x28011, r8, 0x0) mmap(&(0x7f0000001000/0xa000)=nil, 0xa000, 0x800003, 0x11, r8, 0x0) r9 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r9, 0x11b, 0x4, &(0x7f00000000c0)={&(0x7f0000000000)=""/74, 0x328000, 0x1000}, 0x1c) r10 = socket$nl_crypto(0x10, 0x3, 0x15) openat$nullb(0xffffff9c, &(0x7f0000000100), 0x8342, 0x0) ioctl$sock_SIOCETHTOOL(r10, 0x8946, &(0x7f0000000040)={'nicvf0\x00', &(0x7f0000000000)=@ethtool_channels={0x3c, 0x6, 0x4, 0x1, 0x80, 0x7, 0x4, 0x8, 0x1}}) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000240)={0x1, &(0x7f00000001c0)=[{0x64, 0x8, 0x8, 0x3}]}) 1.394063843s ago: executing program 4 (id=2008): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) mmap(&(0x7f0000200000/0x4000)=nil, 0x4000, 0x4, 0x50172, 0xffffffffffffffff, 0x0) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000900)=[@in={0x2, 0x4e23, @loopback}, @in6={0xa, 0x0, 0x0, @loopback}], 0x2c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r0, 0x84, 0x9, &(0x7f0000000140)={0x0, @in={{0x2, 0x0, @empty}}, 0x0, 0x0, 0x3f8, 0x0, 0x32}, 0x9c) setsockopt$inet_sctp6_SCTP_PARTIAL_DELIVERY_POINT(r0, 0x84, 0x13, &(0x7f0000000080)=0x4, 0x4) sendto$inet6(r0, &(0x7f0000847fff)='X', 0xfee4, 0x0, &(0x7f000005ffe4)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) 1.327921772s ago: executing program 2 (id=2009): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) (async) io_pgetevents(0x0, 0x493a, 0x0, 0x0, 0x0, 0x0) r0 = socket$can_j1939(0x1d, 0x2, 0x7) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) (async) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) (async) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r3 = syz_io_uring_setup(0x497, &(0x7f0000000240)={0x0, 0xf846, 0x1000, 0x2, 0x1f6}, &(0x7f00000007c0)=0x0, &(0x7f0000000200)) r5 = openat$sw_sync(0xffffff9c, &(0x7f0000000100), 0x20, 0x0) ioctl$BTRFS_IOC_GET_DEV_STATS(r5, 0x40045701, 0x0) (async) bind$alg(0xffffffffffffffff, &(0x7f0000000080)={0x26, 'skcipher\x00', 0x0, 0x0, 'lrw(ecb-aes-aesni)\x00'}, 0x58) (async) setsockopt$ALG_SET_KEY(0xffffffffffffffff, 0x117, 0x1, &(0x7f00000002c0)="11dd3cf44b1a993d8a39ccbd6300"/26, 0x1a) (async) r6 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r6, 0x1, 0x25, &(0x7f0000000080)=0x5fef, 0x4) connect$inet(r6, &(0x7f0000000480)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x1c}}, 0x10) (async) sendmmsg(r6, &(0x7f0000007fc0), 0x800001d, 0x0) (async) close(0x3) (async) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) (async) r7 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_proto_private(r7, 0x8920, &(0x7f0000000200)) (async) io_uring_enter(r3, 0x3516, 0x0, 0x0, 0x0, 0x0) (async) r8 = socket(0x10, 0x2, 0x0) write(r8, &(0x7f0000000040)="1c0000001a009b8a140000003b9b301f00"/28, 0x1c) recvmmsg(r8, &(0x7f0000000b40)=[{{&(0x7f0000000640)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @link_local}, 0x80, &(0x7f0000000a00)=[{&(0x7f00000006c0)=""/81, 0x51}, {&(0x7f0000000740)=""/105, 0x69}, {&(0x7f0000000800)=""/125, 0x7d}, {0xfffffffffffffffe}, {&(0x7f0000000880)=""/221, 0xdd}, {&(0x7f0000000980)=""/28, 0x1c}, {&(0x7f00000009c0)=""/34, 0x22}], 0x7, &(0x7f0000000a40)=""/222, 0xde}, 0x6}], 0x1, 0x2, &(0x7f00000001c0)={0x77359400}) (async) syz_open_procfs(0x0, &(0x7f0000002180)='net/mcfilter\x00') (async) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r8, 0x84, 0x64, &(0x7f0000000140)=[@in6={0xa, 0x4e21, 0x5, @loopback, 0x6}, @in6={0xa, 0x4e21, 0x4, @empty, 0x282}, @in={0x2, 0x4e24, @multicast1}, @in={0x2, 0x4e23, @rand_addr=0x64010101}], 0x58) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x18) recvmsg$can_j1939(r0, &(0x7f00000000c0)={&(0x7f0000000380)=@ll={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, 0x80, &(0x7f0000000000)=[{&(0x7f0000000400)=""/143, 0x8f}], 0x1, &(0x7f00000004c0)=""/66, 0x42}, 0x0) (async) memfd_create(&(0x7f0000000540)=':\x91!/\x00', 0x1) 969.684423ms ago: executing program 0 (id=2010): openat$nullb(0xffffff9c, &(0x7f0000000040), 0x800, 0x0) socket$nl_route(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000000)) socket$xdp(0x2c, 0x3, 0x0) socket(0x10, 0x3, 0x0) socket(0x10, 0x3, 0x0) r0 = socket$inet_udplite(0x2, 0x2, 0x88) r1 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000013c0)=ANY=[@ANYBLOB="640020001000030400"/20, @ANYRES32=0x0, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000180002800c0002001c0000001f000000060001000000000008000500", @ANYRES32=r0, @ANYBLOB='\b\x00\n\x00', @ANYRES32], 0x64}}, 0x0) 853.768997ms ago: executing program 0 (id=2011): socket$inet6(0xa, 0x2, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x0) r0 = syz_open_procfs(0x0, &(0x7f0000000240)='net/sctp\x00') open_tree(r0, &(0x7f0000000640)='\x00', 0x89901) syz_open_procfs(0x0, &(0x7f0000000040)='net/sctp\x00') r1 = openat$fuse(0xffffffffffffff9c, &(0x7f0000002080), 0x42, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000002100), 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r1, @ANYBLOB=',rootmode=00000000000000000100000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) socket$vsock_stream(0x28, 0x1, 0x0) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x141101) pselect6(0x40, &(0x7f0000000600)={0x11, 0xff7ffffffffffffc, 0x2, 0xffffffffffffffff, 0xfffffffffffffffe, 0x9, 0x2, 0x8}, 0x0, &(0x7f0000000400)={0x7fc, 0x2, 0x800000, 0x300, 0x0, 0xc3ad}, 0x0, 0x0) 779.653148ms ago: executing program 2 (id=2012): r0 = socket$vsock_stream(0x28, 0x1, 0x0) bind$vsock_stream(r0, &(0x7f0000000440)={0x28, 0x0, 0x2710, @host}, 0x10) syz_io_uring_setup(0x6829, &(0x7f0000000380)={0x0, 0x2b48, 0x1000, 0x2, 0x7a}, &(0x7f0000000040), &(0x7f0000000280)) (async) listen(r0, 0x0) r1 = socket$vsock_stream(0x28, 0x1, 0x0) (async) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_CAP_PMU_CAPABILITY(r3, 0x4068aea3, &(0x7f0000000100)={0xd4, 0x0, 0x3}) connect$vsock_stream(r1, &(0x7f0000000080)={0x28, 0x0, 0x2710}, 0x10) (async) r4 = accept4(r0, 0x0, 0x0, 0x0) sendmmsg(r1, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000240)="e9a4ea8d246a02fb3d7b6d068c4bd0e238a86b018e04", 0x16}], 0x1}}, {{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f00000002c0)="2ebb203023d89132c1980796d3480bf302680bb6d94cc2ddc4b641c81144696a15b4d88e56d04ec393bf39b3774c70aa01f9aee0fc51897c613f9ed201e53a48b093ea3325ebab77c2d8afcdd9e30fec85fdb932aa067d0f6e891750cd952158d3288fc4cb3a551e6d8f828c6e02ef0e295cbf30390c4566dba8ff971c6d212f4b", 0x81}], 0x1}}], 0x2, 0x4008) (async) recvmsg$kcm(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000140)=""/150, 0x96}], 0x5}, 0x0) (async) recvmsg$kcm(r4, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000480)=""/213, 0xd5}], 0x1}, 0x42) 637.369014ms ago: executing program 0 (id=2013): ioctl$SIOCSIFMTU(0xffffffffffffffff, 0x8949, &(0x7f0000000040)={'bond0\x00', 0x1000}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) r2 = add_key$user(&(0x7f0000000200), &(0x7f0000000000)={'syz', 0x2}, &(0x7f0000000240)="f2", 0x1, 0xfffffffffffffffe) keyctl$revoke(0x3, r2) keyctl$read(0xb, r2, &(0x7f0000000700)=""/4096, 0x1000) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x7, 0xfa11, 0xffffffff}, 0x0) fsetxattr$security_capability(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x1) socket$l2tp6(0xa, 0x2, 0x73) r3 = syz_open_procfs(0x0, 0x0) writev(r3, &(0x7f0000000540)=[{&(0x7f0000000180)="3144ed0827fd2f7297b9a1bb526da4985b526dd6d4361d0f09", 0x19}, {&(0x7f00000003c0)="d6d8081121e1053f7aebbbb3136f7c57085158cb7cdcab55a6c30710ce1146f5b36bb2bd43f9c4a108aff7c4a1fde87a81352555ff21c95dda10535aaa68d0d938be5f2efeadd1a8c23c38ecc37f3d116f52334ad14686e636d38b4f17413c0f4f2165455d664029e508533552d5654372cc985d0f88ccd02f6efcb47d677f8577936c7c1fa6568aedec4bf009858fa147a557dacac92ceb25f57d2a90a2899d3a6ba9bbd4497970c6ad2e5986a2a120db1a49d48c0d25eadfa61e093a7cb2da0cb75706e38da96bdc0d93135b8f9dac2e23dd096dba0757619b8a24bfaa04e893bcfca48d359e2a2d7335d6e7030df68c632f6ae5", 0xf5}, {&(0x7f00000002c0)="d54d6fbe26736798440659cbed8f23db", 0x10}, {&(0x7f00000004c0)="2e06415af3a6939ef514cac17b9125ecd386055d996c5fc566a9da629d419327596899a7e2109062869d20360ca66b833ebee019a13a2a45be656b083b0ee52f1243bf4bc8e88efda171e4447ceba556d8acb7d9393739a329276d08be7234fb8eefb694c272208b6c98a5", 0x6b}, {&(0x7f0000000640)="29b7ea457f8c98ab612f2a90ba7dedbd81c81f365811fc3729d893fa7fa11b8ef21b4a22ad72e6dbf234249a50f15f70b5a8dfb7de3da2f2d472a6b0572a9fb2cac270634a96e2aabaf18a521a2bb21eba924bbe0695d21bc4553aaa396e75e542d7af7a8d19f202ca5866dd625c56a7d8c8969567", 0x75}, {&(0x7f0000001700)="cf78879ac3257042005988539988e950ed2676fac9b3aa988ff8ca4b5d5e27eaed5adae440d9462f0bdbbf3322f7e896aec26ad9dcae028d0c04196721fb4807359de6942f3cd0c5f11960b3fdefea90f86272738fe6fcb2cf6c61206227ca749e22bc448eddb522a0f1a01f827723be67a7596a47290ee28a8f052006d2c3ae817a44c9a036ab482d25ddcf655c46b1da3f2c2c961fb9d6aa4e0cea6648e973bbb48ad5f88b56267be1f71ee32ababe7462c45779bdb38be125651c6933581dae7e833cdb8d01ae911bed3d1e1e6787fa27a7f985bc6e117e631f7fec17661118b7a607ba99b12ab1260e6a65", 0xed}, {&(0x7f0000001800)="080f464430c810bd8b9ab17944ba0417f84882f780ebfa901381836adfe06cbc9afed20d3c65454b5c492e1460be73c8f70b30b1767c8db650e7ffadd907c904f7816d3574dd867452e9e52dee294f493139e62a84e096964a09a8a69dc026757a6b74cd973d335c282183462ceaffc0dd682199e7f77e40b828384faf86024d651150c386e9d05bb53fe6b4e944f3b4e4537bdf70a5c37a4250f6aefa69700442a9d3ad624718bcd890ab7bef9c69ec1d5d7deb0cb0c1f400f00d72566f84f8", 0xc0}, {&(0x7f00000018c0)="ce9544533eb47982680228a6a663cb3a710e53f6eac5854f8d8971f2cb52a90c73f2705074cf1d8885e2c749afef85c0df39d93297c869a89f0c84c2c74143476185a85732f2d15d677c619449989b0ac5e64c5702d8d5bc5eeb2a95f74b1ce3d3e9df5baf38f33961a881d2402f41ae2a38dc17100dccac79aa43682dba815e4adc299a47489ba50542ac238e59322ca6a4e9c3c94b02637246e02c1aa298164886da886f5ee09f0fa293aef5ee010537f2087f33b6b0741dcf163aede75462ea4d918f0e3983", 0xc7}], 0x8) mlock(&(0x7f0000000000/0x800000)=nil, 0x800000) mremap(&(0x7f000054e000/0x1000)=nil, 0x1000, 0x3000, 0x3, &(0x7f000022c000/0x3000)=nil) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_tables_matches\x00') r5 = socket$nl_netfilter(0x10, 0x3, 0xc) connect$pppoe(0xffffffffffffffff, &(0x7f0000000080)={0x18, 0x0, {0xfffe, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, 'geneve1\x00'}}, 0x1e) sendto$inet6(0xffffffffffffffff, &(0x7f00000001c0)='\x00W', 0x5ea, 0x8040, 0x0, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r5, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="14000000100001fffffff500000000000000000a6c000000060a0b040000000000000000020000004000048018000180080001006f7366000c000280080001400000000424000180090001006d6574610000000014000280080002400000000e08000340000000040900010073797a30000000020900020073797a320000000014000000110001"], 0x94}}, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) bpf$BPF_BTF_LOAD(0x12, 0x0, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x1000002, 0x200000005c831, 0xffffffffffffffff, 0x0) ioctl$VIDIOC_S_OUTPUT(0xffffffffffffffff, 0xc004562f, &(0x7f00000000c0)=0x1) ioctl$VIDIOC_S_DV_TIMINGS(0xffffffffffffffff, 0xc0845657, &(0x7f0000000580)={0x0, @bt={0x13, 0x7c5, 0x1, 0x2800, 0xd59f82, 0x2, 0x5, 0xb, 0x8, 0x0, 0x722, 0x1, 0x7, 0x9, 0x2b, 0x0, {0xffff945a, 0x1}, 0x9, 0xf1}}) bpf$PROG_LOAD(0x5, 0x0, 0x0) sendmsg$inet(0xffffffffffffffff, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f00000001c0)="630700b2463609e4", 0x8}], 0x1, &(0x7f0000000340)=ANY=[@ANYBLOB="10000000000009000100000008000000100000000000000007000000000000000d0000000000000001000000fe00000095a98c9c83ab370d00000000000000010000000500000000000000010000006a0500000c0000000000000007000000523d9caba3f034d998c26dc02ea36f63dd502900"/127], 0x5c}, 0x0) 588.940514ms ago: executing program 2 (id=2014): r0 = openat$cgroup_root(0xffffff9c, &(0x7f0000000040)='./cgroup.net/syz0\x00', 0x200002, 0x0) r1 = socket$inet(0x2, 0x1, 0x0) setsockopt$inet_tcp_TCP_MD5SIG(r1, 0x6, 0xe, &(0x7f0000000000)={@in={{0x2, 0x4e21, @private=0xa010102}}, 0x0, 0x2, 0x4b, 0x0, "00000000000000000000000000000000000000f300000000000000000000000000000000350d0000000000000000000083c0d5ff60b2d13d000c00cbcd00800000000000000000080000008000"}, 0xd8) close(r1) r2 = getpid() fcntl$setownex(r0, 0xf, &(0x7f00000000c0)={0x1, r2}) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) r5 = dup(r4) ioctl$FICLONERANGE(r5, 0x4020940d, &(0x7f00000019c0)={{r3}, 0x9, 0x1b, 0x1}) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(0xffffffffffffffff, 0x89f0, &(0x7f0000000180)={'ip6_vti0\x00', &(0x7f0000000100)={'ip6gre0\x00', 0x0, 0x4, 0x3, 0x4, 0x3, 0x42, @private2, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x7, 0x7, 0x7, 0xfffffe00}}) sendmsg$can_raw(r5, &(0x7f0000000280)={&(0x7f00000001c0)={0x1d, r6}, 0x10, &(0x7f0000000240)={&(0x7f0000000200)=@can={{0x2, 0x1}, 0x6, 0x2, 0x0, 0x0, "98e259a4fe0c6ab5"}, 0x10}}, 0x4010) r7 = socket$inet(0x2b, 0x801, 0x0) connect$inet(r7, &(0x7f0000000080)={0x2, 0x4e20, @remote}, 0x10) 483.362689ms ago: executing program 4 (id=2015): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000040), r0) r2 = openat$nvme_fabrics(0xffffffffffffff9c, &(0x7f0000000000), 0x8c00, 0x0) sendmsg$NL80211_CMD_SET_WIPHY(r2, &(0x7f0000000280)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000000140)={&(0x7f0000002480)=ANY=[@ANYBLOB='P\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="010025bd7000fcdbdf25020000000800610008000000080061000400983921003f000400000005003e00010000000800610002000000080026006c0900000c0025800500050f4000000088fce57012864b3f1f1cd3d6685ef317e83f72033a433c7932d8236d89d08bcfbd9568c291b7cb08505378"], 0x50}, 0x1, 0x0, 0x0, 0x4}, 0x0) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(r2, 0xc018937d, &(0x7f00000000c0)={{0x1, 0x1, 0x18, 0xffffffffffffffff, {0x4}}, './file0\x00'}) r3 = socket$inet6(0x10, 0x3, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000005c0)={&(0x7f0000000040)=ANY=[@ANYBLOB="5000000010000100"/20, @ANYRES64=r3, @ANYBLOB="0000000000000000300012800b00010065727370616e00002000028004001200050016"], 0x50}}, 0x0) sendto$inet6(r3, &(0x7f0000000000)='s', 0x10a73, 0x800, 0x0, 0x4b6ae4f95a5de35b) syz_emit_ethernet(0x4e, &(0x7f0000000280)={@local, @broadcast, @void, {@ipv6={0x86dd, @tcp={0x0, 0x6, "4dd318", 0x18, 0x6, 0x0, @local, @local, {[], {{0x0, 0x4001, 0x41424344, 0x41424344, 0x0, 0x0, 0x6, 0x2, 0x0, 0x0, 0x0, {[@sack={0x5, 0x2}, @mptcp=@generic={0x4, 0x2}]}}}}}}}}, 0x0) 189.404527ms ago: executing program 2 (id=2016): r0 = syz_usb_connect$uac1(0x3, 0x9d, &(0x7f0000000180)={{0x12, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8b, 0x3, 0x1, 0x8, 0x0, 0x3, {{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x1000, 0x5}}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {}, {{0x9, 0x5, 0x1, 0x9, 0x10, 0x4, 0x7, 0x9, {0x7, 0x25, 0x1, 0x1, 0x2, 0x3}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_continuous={0xa, 0x24, 0x2, 0x1, 0x2, 0x40, 0x6, 0x9, "", "7be0"}, @format_type_i_discrete={0x10, 0x24, 0x2, 0x1, 0x40, 0x4, 0xae, 0x9, "041905f022307589"}, @as_header={0x7, 0x24, 0x1, 0x8, 0x4, 0x1001}, @format_type_i_continuous={0xb, 0x24, 0x2, 0x1, 0x3, 0x4, 0x2, 0x7, '\rED'}]}, {{0x9, 0x5, 0x82, 0x9, 0x40, 0x40, 0x80, 0x98, {0x7, 0x25, 0x1, 0x82, 0x8, 0xf}}}}}}}]}}, &(0x7f00000006c0)={0xa, &(0x7f0000000280)={0xa, 0x6, 0x200, 0xf, 0xf9, 0x9, 0xff, 0x5}, 0xec, &(0x7f00000002c0)={0x5, 0xf, 0xec, 0x4, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0xf, 0x8, 0x3, 0x3d3}, @wireless={0xb, 0x10, 0x1, 0x2, 0x28, 0x2, 0x92, 0x4d20, 0x6}, @ss_container_id={0x14, 0x10, 0x4, 0x7, "7a4dc8be386d07c39c73afbb3db20dbb"}, @generic={0xbe, 0x10, 0xa, "aa5f9f1998dc9b9bdb921ea388b39d78a40fcfc5514fd5ea8b80a80c33a93711b6d2698677732bb1d345aef1b2742239a4af0dbd18ff113825c576602dbb7029e647b26b24c26b0c5f0b26a0eedc3625dd41c7a9ffc1f99db8d700f324ecfda4b3948c60f4546c9112a725ce3fba00e1eb9622651741e207e15953ee6c6b7f4e73119e5a2d1d30cc6b2fa7a674bf9d73846366981640d85ec73446adeef0682b9f5255a1e42632b1b1c0d000547964f4e8f2b2d1ffb25bffe74e70"}]}, 0x7, [{0x85, &(0x7f00000003c0)=@string={0x85, 0x3, "d91c6b47b5fac45de1ac98faa769359aec7fda49a4771b4f87ff3abc982f2b5cbf43717918946701052e42368f21288788867e0e447017a4c1070826f4648093d31780630fd655bd5b59a1467e61cdc9fa8261631d5bbc77c23b3cfe5d0493106b1db75337d47b31618b394e0f886fc3814681f891798a95a1b88c1f80b78d272ac6df"}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x81a}}, {0x26, &(0x7f00000004c0)=@string={0x26, 0x3, "54822b06c076e071d4a875560d96a0c0f4df02bc6e128c38968802b978bce44538cb196a"}}, {0xf1, &(0x7f0000000500)=@string={0xf1, 0x3, "9294180c908bfbcefc3400a58cbfaa82539df94de8f4e019144819b2cfed818a76079b571647350a3e37d216a644f23034fece62ff1ac4bb35d68c57ff02ea0ecd8efa4e7d604e30254c1eae77bd1584a5326aad10a84ce90b9bf48fcec4bcf9356fe8b86bee677b41bd59bcf323f399522bb1cd3cd2eab886f82d44825dc8f4476c1ba741f5d53013c93e730004910f319ac4bb16fc709b462cf2084236517abcec61408789913928dbebeedb7844b7bf5858b39d209030daa0dc8ff4ed806d1f2086874a5f3d0906716aa64b7b332ade02df05e36a76c48d887a2a9bd9821d3554b0611543400f3ad3e7d5656090"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x7c51}}, {0x4, &(0x7f0000000640)=@lang_id={0x4, 0x3, 0xc09}}, {0x4, &(0x7f0000000680)=@lang_id={0x4, 0x3, 0x810}}]}) syz_usb_control_io(r0, &(0x7f0000000880)={0x18, &(0x7f0000000740)={0x20, 0x1e, 0x27, {0x27, 0x11, "23e6745caf576deef1f22d9b863aff0ee8a8337a40eb8c62de6339200df6a32e8eea252d09"}}, &(0x7f0000000780)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x140a}}, &(0x7f00000007c0)={0x0, 0xf, 0x20, {0x5, 0xf, 0x20, 0x2, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x1, 0x3, 0x3}, @ssp_cap={0x14, 0x10, 0xa, 0x7, 0x2, 0x3, 0xf00, 0x101, [0xc03f, 0xf]}]}}, &(0x7f0000000800)={0x20, 0x29, 0xf, {0xf, 0x29, 0xff, 0x4, 0x9, 0x2, "2fdaa7e0", "285f06fd"}}, &(0x7f0000000840)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0x7, 0x2, 0x1b, 0xc, 0x10, 0xff, 0x10}}}, &(0x7f0000000d40)={0x44, &(0x7f00000008c0)={0x0, 0x31, 0xb8, "09e7068c242a962e06a3c2c383920fb2039cd419736fd7a05e335f15be26b6749452e7a4de5ffe65d046976b341cc4b7229fce7a5949a98fff8b3376dbf32d4ec237219003fddd02e930cac2e4a6847af5e713421f4546b4c19d3ede6e23f4737b45b198f1712bc2ebcbbac9ef1d76cabfd42240e77eab006e3eb95421f795f1b1bd529b1d1cd3130df5d621128af007a88d8893c63eb6af354623cf80e7cb3b16c89b2db6411b76c82536e47b387cc32c3aaa5455709347"}, &(0x7f0000000980)={0x0, 0xa, 0x1, 0x4}, &(0x7f00000009c0)={0x0, 0x8, 0x1, 0x80}, &(0x7f0000000a00)={0x20, 0x0, 0x4, {0x2, 0x1}}, &(0x7f0000000a40)={0x20, 0x0, 0x4, {0x200, 0x8}}, &(0x7f0000000a80)={0x40, 0x7, 0x2, 0xff98}, &(0x7f0000000ac0)={0x40, 0x9, 0x1}, &(0x7f0000000b00)={0x40, 0xb, 0x2, "115f"}, &(0x7f0000000b40)={0x40, 0xf, 0x2, 0x1e7}, &(0x7f0000000b80)={0x40, 0x13, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}}, &(0x7f0000000bc0)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}}, &(0x7f0000000c00)={0x40, 0x19, 0x2, "f578"}, &(0x7f0000000c40)={0x40, 0x1a, 0x2, 0x200}, &(0x7f0000000c80)={0x40, 0x1c, 0x1}, &(0x7f0000000cc0)={0x40, 0x1e, 0x1, 0x5}, &(0x7f0000000d00)={0x40, 0x21, 0x1, 0x39}}) openat$proc_mixer(0xffffff9c, &(0x7f00000011c0)='/proc/asound/card3/oss_mixer\x00', 0x20000, 0x0) 169.661945ms ago: executing program 4 (id=2017): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)={{0x14, 0x10, 0x1, 0x0, 0x3400}, [@NFT_MSG_DELRULE={0x20, 0x8, 0xa, 0x5, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14}}, 0x48}}, 0x0) 48.062951ms ago: executing program 4 (id=2018): r0 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r0, &(0x7f0000002100)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x2a}}, 0x10) sendmmsg$inet(r0, &(0x7f0000000600), 0x0, 0x240080a0) sendmmsg$inet(r0, &(0x7f00000036c0)=[{{0x0, 0x0, 0x0}}], 0x1, 0x12) r1 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) connect$inet6(r1, &(0x7f0000000100)={0xa, 0xfffd, 0xffffff7b, @mcast2, 0x80000000}, 0x1c) sendto$inet6(r1, &(0x7f0000000300), 0x5aa, 0x0, 0x0, 0xfffffffffffffdfd) 0s ago: executing program 3 (id=2019): mkdirat(0xffffffffffffff9c, &(0x7f00000001c0)='./file0\x00', 0x10) setxattr$system_posix_acl(&(0x7f0000000000)='./file0\x00', &(0x7f0000000140)='system.posix_acl_access\x00', &(0x7f00000002c0)=ANY=[@ANYBLOB="0200000001000000", @ANYRES32=0x0, @ANYBLOB="040000000000000008000000", @ANYRES32=0x0, @ANYBLOB="1000000000000000200000009d14400008"], 0x34, 0x0) socket$nl_generic(0x10, 0x3, 0x10) socket$l2tp6(0xa, 0x2, 0x73) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) bind$netlink(r0, &(0x7f00000000c0)={0x10, 0x0, 0x0, 0x8822d55593a2179}, 0xc) syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x101000) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xe7, 0xcc, 0x61, 0x20, 0x10c4, 0x818a, 0x7d8f, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0xc0, 0x5, [{{0x9, 0x4, 0x23, 0x0, 0x0, 0x3}}]}}]}}, 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, &(0x7f0000000dc0)={0x44, &(0x7f0000000bc0)={0x0, 0x15, 0x3, "c3b437"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) r2 = openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000340), 0xc901, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r3 = openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$TUNSETIFF(r3, 0x400454ca, 0x0) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x1) ioctl$TUNSETPERSIST(r3, 0x400454cb, 0x1) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f00000001c0)={0x0, 0x0}) set_mempolicy(0x1, &(0x7f0000000000)=0x80000001, 0xfffffffe) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000000c0)='blkio.bfq.time_recursive\x00', 0x275a, 0x0) copy_file_range(r4, &(0x7f0000000080), 0xffffffffffffffff, &(0x7f0000000100), 0xfffffffffffffff8, 0x0) syz_clone(0x41000000, 0x0, 0x0, 0x0, 0x0, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x6) poll(&(0x7f0000000000)=[{r2, 0x110}], 0x1, 0x0) r5 = socket$inet6_sctp(0xa, 0x801, 0x84) sendto$inet6(r5, &(0x7f0000000740)='|', 0x1, 0x0, &(0x7f00000007c0)={0xa, 0x4e23, 0x5, @rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01', 0x4}, 0x1c) shutdown(r5, 0x1) setsockopt$inet_sctp6_SCTP_AUTH_KEY(r5, 0x84, 0x17, &(0x7f00000003c0)=ANY=[], 0xa) socket$key(0xf, 0x3, 0x2) r6 = socket$inet6(0xa, 0x3, 0x2f) setsockopt$inet6_IPV6_XFRM_POLICY(r6, 0x29, 0x23, &(0x7f00000003c0)={{{@in6=@ipv4={'\x00', '\xff\xff', @multicast2}, @in6=@local, 0x0, 0x8000, 0x0, 0x0, 0xa, 0x20}, {}, {0x0, 0x0, 0x0, 0xfffffffffffffffe}, 0x0, 0x0, 0x1}, {{@in=@empty, 0x0, 0x6c}, 0x0, @in6=@empty, 0x0, 0x0, 0x0, 0x2, 0xfffffffd, 0x0, 0x7f}}, 0xe4) kernel console output (not intermixed with test programs): config 1 interface 1 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 331.891031][ T5879] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 331.914461][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 331.928115][ T5879] usb 4-1: Product: syz [ 331.932740][ T5879] usb 4-1: Manufacturer: syz [ 331.940604][ T5879] usb 4-1: SerialNumber: syz [ 331.952541][T10716] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 332.089449][ T5875] usb 1-1: USB disconnect, device number 73 [ 332.189751][T10725] FAULT_INJECTION: forcing a failure. [ 332.189751][T10725] name failslab, interval 1, probability 0, space 0, times 0 [ 332.206864][T10725] CPU: 1 UID: 0 PID: 10725 Comm: syz.1.1659 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 332.206888][T10725] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 332.206898][T10725] Call Trace: [ 332.206905][T10725] [ 332.206913][T10725] dump_stack_lvl+0x189/0x250 [ 332.206942][T10725] ? __pfx_dump_stack_lvl+0x10/0x10 [ 332.206964][T10725] ? __pfx__printk+0x10/0x10 [ 332.206990][T10725] ? __pfx___might_resched+0x10/0x10 [ 332.207020][T10725] should_fail_ex+0x414/0x560 [ 332.207048][T10725] should_failslab+0xa8/0x100 [ 332.207077][T10725] kmem_cache_alloc_noprof+0x73/0x3c0 [ 332.207097][T10725] ? fuse_get_req+0x7b9/0x10b0 [ 332.207121][T10725] fuse_get_req+0x7b9/0x10b0 [ 332.207152][T10725] ? __pfx_fuse_get_req+0x10/0x10 [ 332.207181][T10725] ? __lock_acquire+0xaac/0xd20 [ 332.207207][T10725] __fuse_simple_request+0x2aa/0x18d0 [ 332.207234][T10725] ? __pfx___fuse_simple_request+0x10/0x10 [ 332.207253][T10725] ? is_bpf_text_address+0x26/0x2b0 [ 332.207278][T10725] ? is_bpf_text_address+0x292/0x2b0 [ 332.207297][T10725] ? is_bpf_text_address+0x26/0x2b0 [ 332.207320][T10725] ? kernel_text_address+0xa5/0xe0 [ 332.207341][T10725] ? __kernel_text_address+0xd/0x40 [ 332.207360][T10725] ? unwind_get_return_address+0x4d/0x90 [ 332.207380][T10725] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 332.207398][T10725] ? arch_stack_walk+0xfc/0x150 [ 332.207427][T10725] fuse_getxattr+0x2d7/0x470 [ 332.207451][T10725] ? __pfx_fuse_getxattr+0x10/0x10 [ 332.207482][T10725] ? rcu_is_watching+0x15/0xb0 [ 332.207524][T10725] fuse_xattr_get+0x80/0xa0 [ 332.207541][T10725] ? __pfx_fuse_xattr_get+0x10/0x10 [ 332.207561][T10725] __vfs_getxattr+0x3f1/0x430 [ 332.207591][T10725] cap_inode_need_killpriv+0x45/0x60 [ 332.207613][T10725] security_inode_need_killpriv+0x89/0x270 [ 332.207636][T10725] file_remove_privs_flags+0x297/0x5f0 [ 332.207669][T10725] ? __pfx_file_remove_privs_flags+0x10/0x10 [ 332.207699][T10725] ? aa_file_perm+0x11f/0xed0 [ 332.207720][T10725] ? generic_write_checks_count+0x43e/0x540 [ 332.207746][T10725] file_modified_flags+0x4c/0x560 [ 332.207767][T10725] ? generic_write_checks+0xc8/0x110 [ 332.207792][T10725] fuse_file_write_iter+0x39d/0x10a0 [ 332.207819][T10725] ? __pfx_fuse_file_write_iter+0x10/0x10 [ 332.207841][T10725] ? __lock_acquire+0xaac/0xd20 [ 332.207879][T10725] ? aio_write+0x4c4/0x790 [ 332.207903][T10725] aio_write+0x532/0x790 [ 332.207926][T10725] ? __pfx_aio_write+0x10/0x10 [ 332.207956][T10725] ? __might_fault+0xb0/0x130 [ 332.207996][T10725] io_submit_one+0x70a/0x1240 [ 332.208022][T10725] ? __lock_acquire+0xaac/0xd20 [ 332.208047][T10725] ? __pfx_io_submit_one+0x10/0x10 [ 332.208066][T10725] ? __might_fault+0xb0/0x130 [ 332.208106][T10725] ? __might_fault+0xb0/0x130 [ 332.208128][T10725] __ia32_compat_sys_io_submit+0x1c7/0x330 [ 332.208149][T10725] ? __pfx___ia32_compat_sys_io_submit+0x10/0x10 [ 332.208164][T10725] ? ksys_write+0x1f0/0x250 [ 332.208188][T10725] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 332.208206][T10725] ? lockdep_hardirqs_on+0x9c/0x150 [ 332.208232][T10725] __do_fast_syscall_32+0xb4/0x110 [ 332.208250][T10725] ? lockdep_hardirqs_on+0x9c/0x150 [ 332.208278][T10725] do_fast_syscall_32+0x34/0x80 [ 332.208295][T10725] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 332.208313][T10725] RIP: 0023:0xf70fe539 [ 332.208328][T10725] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 332.208341][T10725] RSP: 002b:00000000f50cd55c EFLAGS: 00000206 ORIG_RAX: 00000000000000f8 [ 332.208358][T10725] RAX: ffffffffffffffda RBX: 00000000f5084000 RCX: 0000000000000002 [ 332.208369][T10725] RDX: 0000000080000780 RSI: 0000000000000000 RDI: 0000000000000000 [ 332.208379][T10725] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 332.208389][T10725] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 332.208399][T10725] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 332.208426][T10725] [ 333.076976][T10732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 333.092818][T10732] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 333.106565][ T5875] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 333.111638][T10732] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 333.123918][T10732] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 333.221683][T10735] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 333.230429][T10735] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 333.264011][ T5879] cdc_ncm 4-1:1.0: bind() failure [ 333.276850][ T5879] cdc_ncm 4-1:1.1: probe with driver cdc_ncm failed with error -71 [ 333.287784][ T5879] cdc_mbim 4-1:1.1: probe with driver cdc_mbim failed with error -71 [ 333.296019][ T5875] usb 1-1: Using ep0 maxpacket: 32 [ 333.303266][ T5879] usbtest 4-1:1.1: probe with driver usbtest failed with error -71 [ 333.314417][ T5879] usb 4-1: USB disconnect, device number 54 [ 333.321020][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 333.341871][ T5875] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 333.359595][ T5875] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 333.369481][ T5875] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 333.389020][ T5875] usb 1-1: config 0 descriptor?? [ 333.398810][ T5875] hub 1-1:0.0: USB hub found [ 333.422928][ T24] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 333.572934][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 333.580589][ T24] usb 2-1: config 0 has an invalid interface number: 194 but max is 0 [ 333.589106][ T24] usb 2-1: config 0 has no interface number 0 [ 333.598212][ T24] usb 2-1: New USB device found, idVendor=0a2c, idProduct=0008, bcdDevice=b4.25 [ 333.607661][ T5875] hub 1-1:0.0: 26 ports detected [ 333.612796][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 333.621000][ T5875] hub 1-1:0.0: insufficient power available to use all downstream ports [ 333.629430][ T24] usb 2-1: Product: syz [ 333.634091][ T24] usb 2-1: Manufacturer: syz [ 333.638693][ T24] usb 2-1: SerialNumber: syz [ 333.647750][ T24] usb 2-1: config 0 descriptor?? [ 333.655622][ T24] cypress_cy7c63 2-1:0.194: Cypress CY7C63xxx device now attached [ 333.833777][T10728] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 333.842505][T10728] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 333.867525][ T5875] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 333.880269][ T24] usb 2-1: USB disconnect, device number 63 [ 333.889192][ T5875] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 333.897762][ T24] cypress_cy7c63 2-1:0.194: Cypress CY7C63xxx device now disconnected [ 333.902141][T10738] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1663'. [ 333.913663][ T5875] usbhid 1-1:0.0: can't add hid device: -71 [ 333.928944][ T5875] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 333.955284][ T5875] usb 1-1: USB disconnect, device number 74 [ 334.835763][T10759] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 334.860451][T10759] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 335.105260][T10772] FAULT_INJECTION: forcing a failure. [ 335.105260][T10772] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 335.127825][T10772] CPU: 1 UID: 0 PID: 10772 Comm: syz.0.1675 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 335.127850][T10772] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 335.127861][T10772] Call Trace: [ 335.127868][T10772] [ 335.127876][T10772] dump_stack_lvl+0x189/0x250 [ 335.127903][T10772] ? __lock_acquire+0xaac/0xd20 [ 335.127928][T10772] ? __pfx_dump_stack_lvl+0x10/0x10 [ 335.127951][T10772] ? __pfx__printk+0x10/0x10 [ 335.127968][T10772] ? __might_fault+0xb0/0x130 [ 335.128000][T10772] should_fail_ex+0x414/0x560 [ 335.128028][T10772] _copy_from_iter+0x1db/0x15a0 [ 335.128054][T10772] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 335.128071][T10772] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 335.128092][T10772] ? __pfx__copy_from_iter+0x10/0x10 [ 335.128113][T10772] ? __build_skb_around+0x257/0x3e0 [ 335.128133][T10772] ? netlink_sendmsg+0x642/0xb30 [ 335.128155][T10772] ? skb_put+0x11b/0x210 [ 335.128174][T10772] netlink_sendmsg+0x6b2/0xb30 [ 335.128206][T10772] ? __pfx_netlink_sendmsg+0x10/0x10 [ 335.128232][T10772] ? __import_iovec+0x5d4/0x7f0 [ 335.128250][T10772] ? aa_sock_msg_perm+0x94/0x160 [ 335.128268][T10772] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 335.128287][T10772] ? __pfx_netlink_sendmsg+0x10/0x10 [ 335.128311][T10772] __sock_sendmsg+0x219/0x270 [ 335.128336][T10772] ____sys_sendmsg+0x505/0x830 [ 335.128360][T10772] ? __pfx_____sys_sendmsg+0x10/0x10 [ 335.128393][T10772] ___sys_sendmsg+0x21f/0x2a0 [ 335.128414][T10772] ? __pfx____sys_sendmsg+0x10/0x10 [ 335.128465][T10772] ? __fget_files+0x2a/0x420 [ 335.128486][T10772] ? __fget_files+0x3a0/0x420 [ 335.128516][T10772] __sys_sendmsg+0x164/0x220 [ 335.128535][T10772] ? __pfx___sys_sendmsg+0x10/0x10 [ 335.128566][T10772] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 335.128584][T10772] ? lockdep_hardirqs_on+0x9c/0x150 [ 335.128610][T10772] __do_fast_syscall_32+0xb4/0x110 [ 335.128629][T10772] ? lockdep_hardirqs_on+0x9c/0x150 [ 335.128656][T10772] do_fast_syscall_32+0x34/0x80 [ 335.128674][T10772] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 335.128693][T10772] RIP: 0023:0xf706e539 [ 335.128708][T10772] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 335.128722][T10772] RSP: 002b:00000000f505e55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 335.128741][T10772] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000000 [ 335.128753][T10772] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 335.128762][T10772] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 335.128773][T10772] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 335.128789][T10772] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 335.128816][T10772] [ 335.425527][T10776] program syz.3.1677 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 335.435184][T10776] FAULT_INJECTION: forcing a failure. [ 335.435184][T10776] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 335.448693][T10776] CPU: 0 UID: 0 PID: 10776 Comm: syz.3.1677 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 335.448716][T10776] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 335.448726][T10776] Call Trace: [ 335.448734][T10776] [ 335.448741][T10776] dump_stack_lvl+0x189/0x250 [ 335.448767][T10776] ? __lock_acquire+0xaac/0xd20 [ 335.448792][T10776] ? __pfx_dump_stack_lvl+0x10/0x10 [ 335.448818][T10776] ? __pfx__printk+0x10/0x10 [ 335.448834][T10776] ? __might_fault+0xb0/0x130 [ 335.448864][T10776] should_fail_ex+0x414/0x560 [ 335.448893][T10776] _copy_from_user+0x2d/0xb0 [ 335.448914][T10776] scsi_ioctl+0x1693/0x2000 [ 335.448930][T10776] ? __kasan_slab_free+0x62/0x70 [ 335.448947][T10776] ? kfree+0x193/0x440 [ 335.448962][T10776] ? tomoyo_path_number_perm+0x47a/0x5a0 [ 335.448993][T10776] ? __pfx_scsi_ioctl+0x10/0x10 [ 335.449039][T10776] ? kasan_quarantine_put+0xdd/0x220 [ 335.449066][T10776] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 335.449090][T10776] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 335.449113][T10776] ? tomoyo_path_number_perm+0x4e2/0x5a0 [ 335.449135][T10776] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 335.449158][T10776] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 335.449202][T10776] sg_ioctl+0x158e/0x2230 [ 335.449234][T10776] ? __pfx_sg_ioctl+0x10/0x10 [ 335.449259][T10776] ? __fget_files+0x2a/0x420 [ 335.449283][T10776] ? __fget_files+0x3a0/0x420 [ 335.449302][T10776] ? __fget_files+0x2a/0x420 [ 335.449325][T10776] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 335.449349][T10776] __ia32_compat_sys_ioctl+0x551/0x840 [ 335.449370][T10776] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 335.449388][T10776] ? __fget_files+0x3a0/0x420 [ 335.449414][T10776] ? fput+0xa0/0xd0 [ 335.449436][T10776] ? ksys_write+0x1f0/0x250 [ 335.449461][T10776] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 335.449479][T10776] ? lockdep_hardirqs_on+0x9c/0x150 [ 335.449524][T10776] __do_fast_syscall_32+0xb4/0x110 [ 335.449541][T10776] ? lockdep_hardirqs_on+0x9c/0x150 [ 335.449569][T10776] do_fast_syscall_32+0x34/0x80 [ 335.449586][T10776] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 335.449606][T10776] RIP: 0023:0xf7ff1539 [ 335.449620][T10776] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 335.449635][T10776] RSP: 002b:00000000f511655c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 335.449652][T10776] RAX: ffffffffffffffda RBX: 0000000000000012 RCX: 0000000000000001 [ 335.449664][T10776] RDX: 0000000080000200 RSI: 0000000000000000 RDI: 0000000000000000 [ 335.449674][T10776] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 335.449684][T10776] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 335.449694][T10776] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 335.449720][T10776] [ 335.751158][ T5902] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 335.912977][ T5902] usb 1-1: Using ep0 maxpacket: 16 [ 335.925496][ T5902] usb 1-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 335.944167][ T5902] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 335.987506][ T5902] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 335.998122][T10785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 336.011908][T10785] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 336.021385][ T5902] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 336.038885][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 336.063604][T10788] batman_adv: batadv0: Adding interface: dummy0 [ 336.069974][T10788] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 336.096218][ T5902] usb 1-1: Product: 艔ث盀燠꣔噵阍삠밂ቮ㢌袖뤂뱸䗤쬸標 [ 336.098320][T10785] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 336.113662][ T5902] usb 1-1: Manufacturer: ࠚ [ 336.118342][ T5902] usb 1-1: SerialNumber: 钒ఘ讐컻㓼ꔀ뾌芪鵓䷹᧠䠔눙誁ݶ垛䜖ਵ㜾ᛒ䒦ヲ︴拎᫿믄혵垌˿໪軍仺恽ぎ䰥긞뵷萕㊥굪ꠐ鬋迴쓎寮漵루筧뵁뱙⏳駳⭒춱툼룪䐭嶂汇ꜛフ줓猾Ѐྑ騱믄ﰖ魰ⱆࣲ㙂穑䁡覇㦑磛띄墿던₝ゐꃚ远涀‟螆彊ऽ焆Ꙫ筋⨳˞ן櫣쑶袍⩺ᶂ吵憰䌕ཀ팺헧恥 [ 336.131225][T10785] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 336.155420][T10788] batman_adv: batadv0: Interface activated: dummy0 [ 336.180744][T10792] batadv0: mtu less than device minimum [ 336.188250][T10792] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 336.200123][T10792] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 336.211978][T10792] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 336.223851][T10792] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 336.235685][T10792] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 336.247463][T10792] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 336.259235][T10792] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 336.270940][T10792] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 336.282125][T10792] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 336.414932][ T5902] usb 1-1: 0:2 : does not exist [ 336.469141][ T5902] usb 1-1: USB disconnect, device number 75 [ 336.765345][ T5835] udevd[5835]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 337.559079][ T58] usb 3-1: dvb_usb_v2: Did not find the firmware file 'dvb-usb-terratec-h7-az6007.fw' (status -110). You can use /scripts/get_dvb_firmware to get the firmware [ 337.579569][ T58] dvb_usb_az6007 3-1:0.0: probe with driver dvb_usb_az6007 failed with error -110 [ 337.645231][ T58] usb 3-1: USB disconnect, device number 48 [ 337.668330][ T5902] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 337.835918][ T5902] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 337.846501][ T5902] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 337.859102][ T5902] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 337.868410][ T5902] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 337.879628][ T5902] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 337.892713][ T5902] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 337.901871][ T5902] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 337.910084][ T5902] usb 2-1: Product: syz [ 337.914378][ T5902] usb 2-1: Manufacturer: syz [ 337.923473][ T5902] cdc_wdm 2-1:1.0: skipping garbage [ 337.928730][ T5902] cdc_wdm 2-1:1.0: skipping garbage [ 337.936225][ T5902] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 337.942154][ T5902] cdc_wdm 2-1:1.0: Unknown control protocol [ 337.983547][ T58] usb 3-1: new high-speed USB device number 49 using dummy_hcd [ 338.142920][ T58] usb 3-1: Using ep0 maxpacket: 32 [ 338.149949][ T58] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 338.163414][ T58] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 338.178751][ T58] usb 3-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 338.188040][ T58] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 338.207421][ T58] usb 3-1: config 0 descriptor?? [ 338.584986][T10837] loop9: detected capacity change from 0 to 8 [ 338.613166][T10837] Dev loop9: unable to read RDB block 8 [ 338.629065][T10837] loop9: unable to read partition table [ 338.638356][T10837] loop9: partition table beyond EOD, truncated [ 338.653220][T10837] loop_reread_partitions: partition scan of loop9 (被x ) failed (rc=-5) [ 338.780134][T10781] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 338.820341][T10781] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 338.833528][ T5902] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 338.996348][ T5902] usb 1-1: config index 0 descriptor too short (expected 65134, got 72) [ 339.014048][ T5902] usb 1-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 339.031070][ T5902] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.043334][ T5887] usb 4-1: new high-speed USB device number 55 using dummy_hcd [ 339.056244][ T5902] usb 1-1: Product: syz [ 339.066080][ T5902] usb 1-1: Manufacturer: syz [ 339.077799][ T5902] usb 1-1: SerialNumber: syz [ 339.098667][ T5902] usb 1-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 339.110135][T10849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 339.139249][T10849] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 339.172574][T10781] usb 1-1: USB disconnect, device number 76 [ 339.186885][ T5880] usb 1-1: ath9k_htc: Firmware - ath9k_htc/htc_9271-1.4.0.fw download failed [ 339.204757][T10781] usb 1-1: ath9k_htc: USB layer deinitialized [ 339.213150][ T5887] usb 4-1: Using ep0 maxpacket: 16 [ 339.220737][ T5887] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 339.231152][ T5887] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 339.266611][ T5887] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 339.309719][ T58] usbhid 3-1:0.0: can't add hid device: -71 [ 339.321040][ T58] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 339.324832][ T5887] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 339.353797][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 339.360064][ T58] usb 3-1: USB disconnect, device number 49 [ 339.389240][ T5887] usb 4-1: Product: 艔ث盀燠꣔噵阍삠밂ቮ㢌袖뤂뱸䗤쬸標 [ 339.409393][ T5887] usb 4-1: Manufacturer: ࠚ [ 339.414144][ T5887] usb 4-1: SerialNumber: 钒ఘ讐컻㓼ꔀ뾌芪鵓䷹᧠䠔눙誁ݶ垛䜖ਵ㜾ᛒ䒦ヲ︴拎᫿믄혵垌˿໪軍仺恽ぎ䰥긞뵷萕㊥굪ꠐ鬋迴쓎寮漵루筧뵁뱙⏳駳⭒춱툼룪䐭嶂汇ꜛフ줓猾Ѐྑ騱믄ﰖ魰ⱆࣲ㙂穑䁡覇㦑磛띄墿던₝ゐꃚ远涀‟螆彊ऽ焆Ꙫ筋⨳˞ן櫣쑶袍⩺ᶂ吵憰䌕ཀ팺헧恥 [ 339.720831][ T5887] usb 4-1: 0:2 : does not exist [ 339.752578][ T5887] usb 4-1: USB disconnect, device number 55 [ 339.788225][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 340.314507][ T5887] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 340.428733][ C1] wdm_int_callback: 36 callbacks suppressed [ 340.428758][ C1] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 340.441270][ C1] wdm_int_callback: 36 callbacks suppressed [ 340.441289][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 340.453310][ C1] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 340.465099][ T58] usb 2-1: USB disconnect, device number 64 [ 340.475078][ T5887] usb 3-1: Using ep0 maxpacket: 32 [ 340.514810][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 340.529746][ T5887] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 340.540774][ T5887] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 340.554146][ T5887] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 340.567706][ T5887] usb 3-1: config 0 descriptor?? [ 340.577608][ T5887] hub 3-1:0.0: USB hub found [ 340.593237][ T24] usb 4-1: new full-speed USB device number 56 using dummy_hcd [ 340.614281][T10867] FAULT_INJECTION: forcing a failure. [ 340.614281][T10867] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 340.627877][T10867] CPU: 0 UID: 0 PID: 10867 Comm: syz.1.1708 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 340.627899][T10867] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 340.627913][T10867] Call Trace: [ 340.627920][T10867] [ 340.627928][T10867] dump_stack_lvl+0x189/0x250 [ 340.627958][T10867] ? __pfx_dump_stack_lvl+0x10/0x10 [ 340.627981][T10867] ? __pfx__printk+0x10/0x10 [ 340.628001][T10867] ? fs_reclaim_acquire+0x7d/0x100 [ 340.628032][T10867] should_fail_ex+0x414/0x560 [ 340.628061][T10867] prepare_alloc_pages+0x213/0x610 [ 340.628092][T10867] __alloc_frozen_pages_noprof+0x123/0x370 [ 340.628126][T10867] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 340.628155][T10867] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 340.628182][T10867] ? policy_nodemask+0x27c/0x720 [ 340.628202][T10867] ? __lock_acquire+0xaac/0xd20 [ 340.628228][T10867] alloc_pages_mpol+0x232/0x4a0 [ 340.628254][T10867] vma_alloc_folio_noprof+0xe4/0x200 [ 340.628274][T10867] ? kasan_save_track+0x3e/0x80 [ 340.628290][T10867] ? __kasan_kmalloc+0x93/0xb0 [ 340.628307][T10867] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 340.628328][T10867] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 340.628361][T10867] folio_prealloc+0x30/0x180 [ 340.628384][T10867] __handle_mm_fault+0x2b28/0x5380 [ 340.628423][T10867] ? __pfx___handle_mm_fault+0x10/0x10 [ 340.628457][T10867] ? follow_page_pte+0x888/0x13c0 [ 340.628487][T10867] handle_mm_fault+0x3f6/0x8c0 [ 340.628517][T10867] __get_user_pages+0x16f0/0x2a40 [ 340.628568][T10867] ? __pfx___get_user_pages+0x10/0x10 [ 340.628586][T10867] ? __gup_longterm_locked+0xbf7/0x15b0 [ 340.628606][T10867] ? down_read_killable+0x1d1/0x350 [ 340.628623][T10867] ? try_get_folio+0x633/0x660 [ 340.628646][T10867] __gup_longterm_locked+0xd66/0x15b0 [ 340.628679][T10867] ? sanity_check_pinned_pages+0x119b/0x1290 [ 340.628706][T10867] gup_fast_fallback+0x1843/0x1d60 [ 340.628725][T10867] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 340.628777][T10867] ? __pfx_gup_fast_fallback+0x10/0x10 [ 340.628794][T10867] ? __do_fast_syscall_32+0xb4/0x110 [ 340.628823][T10867] ? pin_user_pages_fast+0x4d/0xb0 [ 340.628845][T10867] iov_iter_extract_pages+0x35a/0x5e0 [ 340.628875][T10867] bio_iov_iter_get_pages+0x49e/0x11e0 [ 340.628902][T10867] ? bio_associate_blkg+0x6d/0x230 [ 340.628926][T10867] ? bio_associate_blkg+0x6d/0x230 [ 340.628942][T10867] ? bio_associate_blkg+0x6d/0x230 [ 340.628961][T10867] ? __pfx_bio_iov_iter_get_pages+0x10/0x10 [ 340.628980][T10867] ? bio_alloc_bioset+0x6c0/0x1110 [ 340.629012][T10867] blkdev_direct_IO+0x9a4/0x1450 [ 340.629044][T10867] ? __pfx_blkdev_direct_IO+0x10/0x10 [ 340.629067][T10867] ? current_time+0x222/0x370 [ 340.629093][T10867] ? __pfx_current_time+0x10/0x10 [ 340.629123][T10867] ? stack_trace_save+0x9c/0xe0 [ 340.629141][T10867] ? __pfx_aa_file_perm+0x10/0x10 [ 340.629163][T10867] ? atime_needs_update+0x575/0x6d0 [ 340.629191][T10867] ? touch_atime+0xf1/0x6d0 [ 340.629216][T10867] ? kiocb_write_and_wait+0xad/0x1b0 [ 340.629236][T10867] blkdev_read_iter+0x21e/0x400 [ 340.629265][T10867] aio_read+0x30e/0x470 [ 340.629291][T10867] ? __pfx_aio_read+0x10/0x10 [ 340.629325][T10867] ? __might_fault+0xb0/0x130 [ 340.629363][T10867] io_submit_one+0x6ec/0x1240 [ 340.629391][T10867] ? __lock_acquire+0xaac/0xd20 [ 340.629418][T10867] ? __pfx_io_submit_one+0x10/0x10 [ 340.629438][T10867] ? __might_fault+0xb0/0x130 [ 340.629470][T10867] ? __might_fault+0xb0/0x130 [ 340.629494][T10867] __ia32_compat_sys_io_submit+0x1c7/0x330 [ 340.629516][T10867] ? __pfx___ia32_compat_sys_io_submit+0x10/0x10 [ 340.629534][T10867] ? ksys_write+0x1f0/0x250 [ 340.629560][T10867] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 340.629579][T10867] ? lockdep_hardirqs_on+0x9c/0x150 [ 340.629605][T10867] __do_fast_syscall_32+0xb4/0x110 [ 340.629623][T10867] ? lockdep_hardirqs_on+0x9c/0x150 [ 340.629651][T10867] do_fast_syscall_32+0x34/0x80 [ 340.629669][T10867] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 340.629689][T10867] RIP: 0023:0xf70fe539 [ 340.629703][T10867] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 340.629718][T10867] RSP: 002b:00000000f50ee55c EFLAGS: 00000206 ORIG_RAX: 00000000000000f8 [ 340.629736][T10867] RAX: ffffffffffffffda RBX: 00000000f50c5000 RCX: 0000000000000004 [ 340.629748][T10867] RDX: 00000000800000c0 RSI: 0000000000000000 RDI: 0000000000000000 [ 340.629759][T10867] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 340.629769][T10867] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 340.629779][T10867] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 340.629806][T10867] [ 340.783209][ T24] usb 4-1: device descriptor read/64, error -71 [ 340.841516][ T5887] hub 3-1:0.0: 26 ports detected [ 341.057531][T10854] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 341.066748][ T5887] hub 3-1:0.0: insufficient power available to use all downstream ports [ 341.081358][T10854] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 341.136477][ T24] usb 4-1: new full-speed USB device number 57 using dummy_hcd [ 341.233033][ T5887] hub 3-1:0.0: hub_hub_status failed (err = -71) [ 341.256420][ T5887] hub 3-1:0.0: config failed, can't get hub status (err -71) [ 341.295167][ T24] usb 4-1: device descriptor read/64, error -71 [ 341.297472][ T5887] usbhid 3-1:0.0: can't add hid device: -71 [ 341.323030][ T5887] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 341.368259][ T5887] usb 3-1: USB disconnect, device number 50 [ 341.403450][ T24] usb usb4-port1: attempt power cycle [ 341.673446][ T5880] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 341.783232][ T24] usb 4-1: new full-speed USB device number 58 using dummy_hcd [ 341.815633][ T24] usb 4-1: device descriptor read/8, error -71 [ 341.833073][ T5880] usb 2-1: Using ep0 maxpacket: 32 [ 341.839737][ T5880] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 341.849988][ T5880] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 341.864013][ T5880] usb 2-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 341.873141][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 341.883286][ T5880] usb 2-1: config 0 descriptor?? [ 342.055580][ T24] usb 4-1: new full-speed USB device number 59 using dummy_hcd [ 342.083641][ T24] usb 4-1: device descriptor read/8, error -71 [ 342.203271][ T24] usb usb4-port1: unable to enumerate USB device [ 342.297216][T10879] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 342.307214][ T58] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 342.317531][T10879] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 342.464593][ T58] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 342.473322][ T58] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 342.483604][ T58] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 342.492581][ T58] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 342.503859][ T58] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 342.516720][ T58] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 342.525878][ T58] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 342.534003][ T58] usb 3-1: Product: syz [ 342.534636][T10879] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 342.540281][ T58] usb 3-1: Manufacturer: syz [ 342.567204][T10879] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 342.578476][ T58] cdc_wdm 3-1:1.0: skipping garbage [ 342.584219][ T58] cdc_wdm 3-1:1.0: skipping garbage [ 342.591373][ T58] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 342.598118][ T58] cdc_wdm 3-1:1.0: Unknown control protocol [ 342.703689][ T5880] usbhid 2-1:0.0: can't add hid device: -71 [ 342.709865][ T5880] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 342.742767][ T5880] usb 2-1: USB disconnect, device number 65 [ 342.983009][T10909] FAULT_INJECTION: forcing a failure. [ 342.983009][T10909] name failslab, interval 1, probability 0, space 0, times 0 [ 342.997452][T10909] CPU: 1 UID: 0 PID: 10909 Comm: syz.4.1723 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 342.997468][T10909] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 342.997477][T10909] Call Trace: [ 342.997485][T10909] [ 342.997492][T10909] dump_stack_lvl+0x189/0x250 [ 342.997524][T10909] ? __pfx_dump_stack_lvl+0x10/0x10 [ 342.997548][T10909] ? __pfx__printk+0x10/0x10 [ 342.997569][T10909] ? __pfx___might_resched+0x10/0x10 [ 342.997582][T10909] ? fs_reclaim_acquire+0x7d/0x100 [ 342.997598][T10909] should_fail_ex+0x414/0x560 [ 342.997615][T10909] should_failslab+0xa8/0x100 [ 342.997634][T10909] kmem_cache_alloc_noprof+0x73/0x3c0 [ 342.997653][T10909] ? security_inode_alloc+0x39/0x330 [ 342.997677][T10909] security_inode_alloc+0x39/0x330 [ 342.997698][T10909] inode_init_always_gfp+0x9ed/0xdc0 [ 342.997718][T10909] ? __pfx_proc_alloc_inode+0x10/0x10 [ 342.997731][T10909] alloc_inode+0x82/0x1b0 [ 342.997742][T10909] new_inode+0x22/0x170 [ 342.997755][T10909] proc_pid_make_inode+0x21/0x130 [ 342.997766][T10909] proc_pident_instantiate+0x6d/0x2b0 [ 342.997786][T10909] proc_fill_cache+0x2cd/0x3d0 [ 342.997802][T10909] ? __lock_acquire+0xaac/0xd20 [ 342.997825][T10909] ? __pfx_proc_pident_instantiate+0x10/0x10 [ 342.997844][T10909] ? __pfx_proc_fill_cache+0x10/0x10 [ 342.997871][T10909] ? compat_filldir+0x4b2/0x710 [ 342.997887][T10909] proc_pident_readdir+0x370/0x4b0 [ 342.997902][T10909] iterate_dir+0x5ac/0x770 [ 342.997915][T10909] __ia32_compat_sys_getdents+0x133/0x290 [ 342.997934][T10909] ? __pfx___ia32_compat_sys_getdents+0x10/0x10 [ 342.997951][T10909] ? ksys_write+0x1f0/0x250 [ 342.997967][T10909] ? __pfx_compat_filldir+0x10/0x10 [ 342.997993][T10909] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 342.998011][T10909] ? lockdep_hardirqs_on+0x9c/0x150 [ 342.998026][T10909] __do_fast_syscall_32+0xb4/0x110 [ 342.998037][T10909] ? lockdep_hardirqs_on+0x9c/0x150 [ 342.998051][T10909] do_fast_syscall_32+0x34/0x80 [ 342.998061][T10909] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 342.998075][T10909] RIP: 0023:0xf7f15539 [ 342.998089][T10909] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 342.998103][T10909] RSP: 002b:00000000f503655c EFLAGS: 00000206 ORIG_RAX: 000000000000008d [ 342.998120][T10909] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000a00 [ 342.998131][T10909] RDX: 0000000000000099 RSI: 0000000000000000 RDI: 0000000000000000 [ 342.998141][T10909] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 342.998150][T10909] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 342.998160][T10909] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 342.998186][T10909] [ 343.384695][T10911] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1724'. [ 344.385536][T10929] net_ratelimit: 12 callbacks suppressed [ 344.385553][T10929] openvswitch: netlink: Message has 16 unknown bytes. [ 344.413572][T10929] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 344.539291][T10937] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 344.816544][T10949] tipc: Started in network mode [ 344.821624][T10949] tipc: Node identity ffffff7f0000000009, cluster identity 4711 [ 344.853013][ T5887] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 344.972928][ T24] usb 4-1: new high-speed USB device number 60 using dummy_hcd [ 345.012992][ T5887] usb 2-1: Using ep0 maxpacket: 8 [ 345.020289][ T5887] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 345.030381][ T5887] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 345.040176][ T5887] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 345.050383][ T5887] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 345.063592][ T5887] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 345.072655][ T5887] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.116864][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 345.123492][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 345.129810][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 345.136415][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 345.142513][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -1 [ 345.153707][ T24] usb 4-1: Using ep0 maxpacket: 32 [ 345.169855][ T58] usb 3-1: USB disconnect, device number 51 [ 345.177377][ T24] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 345.203264][ T24] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 345.231050][ T24] usb 4-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 345.242165][ T24] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 345.252679][ T24] usb 4-1: config 0 descriptor?? [ 345.288681][ T5887] usb 2-1: GET_CAPABILITIES returned 0 [ 345.294671][ T5887] usbtmc 2-1:16.0: can't read capabilities [ 345.507462][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.520229][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.529340][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.544249][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.553344][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.562425][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.574254][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.583365][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.592450][ C1] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.601828][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.610917][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.619996][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.635562][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.644662][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.653742][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.662817][ C0] usbtmc 2-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 345.673661][T10947] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 345.688877][T10947] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 345.699477][ T5887] usb 2-1: USB disconnect, device number 66 [ 345.939984][T10947] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 345.953810][T10947] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 345.982391][ T24] usbhid 4-1:0.0: can't add hid device: -71 [ 345.998946][ T24] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 346.039507][ T24] usb 4-1: USB disconnect, device number 60 [ 346.422916][ T9] usb 3-1: new high-speed USB device number 52 using dummy_hcd [ 346.592951][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 346.604869][ T9] usb 3-1: config 0 has an invalid descriptor of length 202, skipping remainder of the config [ 346.623005][ T9] usb 3-1: config 0 interface 0 altsetting 254 has 0 endpoint descriptors, different from the interface descriptor's value: 4 [ 346.652957][ T9] usb 3-1: config 0 interface 0 has no altsetting 0 [ 346.682192][ T9] usb 3-1: New USB device found, idVendor=04d8, idProduct=f002, bcdDevice= 0.00 [ 346.735759][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 346.768208][ T9] usb 3-1: config 0 descriptor?? [ 346.791482][ T9] usbhid 3-1:0.0: couldn't find an input interrupt endpoint [ 347.024320][ T9] usb 3-1: USB disconnect, device number 52 [ 347.798064][ T9] usb 4-1: new high-speed USB device number 61 using dummy_hcd [ 347.888377][T11010] FAULT_INJECTION: forcing a failure. [ 347.888377][T11010] name failslab, interval 1, probability 0, space 0, times 0 [ 347.930056][T11010] CPU: 1 UID: 0 PID: 11010 Comm: syz.2.1762 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 347.930081][T11010] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 347.930092][T11010] Call Trace: [ 347.930099][T11010] [ 347.930107][T11010] dump_stack_lvl+0x189/0x250 [ 347.930138][T11010] ? __pfx_dump_stack_lvl+0x10/0x10 [ 347.930161][T11010] ? __pfx__printk+0x10/0x10 [ 347.930183][T11010] ? __pfx___might_resched+0x10/0x10 [ 347.930211][T11010] should_fail_ex+0x414/0x560 [ 347.930240][T11010] should_failslab+0xa8/0x100 [ 347.930263][T11010] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 347.930284][T11010] ? __alloc_skb+0x112/0x2d0 [ 347.930304][T11010] __alloc_skb+0x112/0x2d0 [ 347.930323][T11010] netlink_sendmsg+0x5c6/0xb30 [ 347.930355][T11010] ? __pfx_netlink_sendmsg+0x10/0x10 [ 347.930381][T11010] ? __import_iovec+0x5d4/0x7f0 [ 347.930399][T11010] ? aa_sock_msg_perm+0x94/0x160 [ 347.930424][T11010] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 347.930442][T11010] ? __pfx_netlink_sendmsg+0x10/0x10 [ 347.930466][T11010] __sock_sendmsg+0x219/0x270 [ 347.930490][T11010] ____sys_sendmsg+0x505/0x830 [ 347.930513][T11010] ? __pfx_____sys_sendmsg+0x10/0x10 [ 347.930545][T11010] ___sys_sendmsg+0x21f/0x2a0 [ 347.930566][T11010] ? __pfx____sys_sendmsg+0x10/0x10 [ 347.930616][T11010] ? __fget_files+0x2a/0x420 [ 347.930635][T11010] ? __fget_files+0x3a0/0x420 [ 347.930664][T11010] __sys_sendmsg+0x164/0x220 [ 347.930683][T11010] ? __pfx___sys_sendmsg+0x10/0x10 [ 347.930714][T11010] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 347.930732][T11010] ? lockdep_hardirqs_on+0x9c/0x150 [ 347.930758][T11010] __do_fast_syscall_32+0xb4/0x110 [ 347.930776][T11010] ? lockdep_hardirqs_on+0x9c/0x150 [ 347.930803][T11010] do_fast_syscall_32+0x34/0x80 [ 347.930820][T11010] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 347.930839][T11010] RIP: 0023:0xf70be539 [ 347.930854][T11010] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 347.930868][T11010] RSP: 002b:00000000f50ae55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 347.930886][T11010] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 347.930898][T11010] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 347.930908][T11010] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 347.930917][T11010] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 347.930927][T11010] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 347.930953][T11010] [ 347.952926][ T9] usb 4-1: Using ep0 maxpacket: 16 [ 348.196973][ T9] usb 4-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 348.205912][ T9] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 348.216436][ T9] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 348.245357][ T9] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 348.283018][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 348.301298][ T9] usb 4-1: Product: 艔ث盀燠꣔噵阍삠밂ቮ㢌袖뤂뱸䗤쬸標 [ 348.320093][ T9] usb 4-1: Manufacturer: ࠚ [ 348.337360][ T9] usb 4-1: SerialNumber: 钒ఘ讐컻㓼ꔀ뾌芪鵓䷹᧠䠔눙誁ݶ垛䜖ਵ㜾ᛒ䒦ヲ︴拎᫿믄혵垌˿໪軍仺恽ぎ䰥긞뵷萕㊥굪ꠐ鬋迴쓎寮漵루筧뵁뱙⏳駳⭒춱툼룪䐭嶂汇ꜛフ줓猾Ѐྑ騱믄ﰖ魰ⱆࣲ㙂穑䁡覇㦑磛띄墿던₝ゐꃚ远涀‟螆彊ऽ焆Ꙫ筋⨳˞ן櫣쑶袍⩺ᶂ吵憰䌕ཀ팺헧恥 [ 348.385794][T11014] FAULT_INJECTION: forcing a failure. [ 348.385794][T11014] name failslab, interval 1, probability 0, space 0, times 0 [ 348.398464][T11014] CPU: 1 UID: 0 PID: 11014 Comm: syz.4.1760 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 348.398487][T11014] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 348.398497][T11014] Call Trace: [ 348.398505][T11014] [ 348.398512][T11014] dump_stack_lvl+0x189/0x250 [ 348.398542][T11014] ? __pfx_dump_stack_lvl+0x10/0x10 [ 348.398566][T11014] ? __pfx__printk+0x10/0x10 [ 348.398598][T11014] should_fail_ex+0x414/0x560 [ 348.398633][T11014] should_failslab+0xa8/0x100 [ 348.398657][T11014] __kmalloc_noprof+0xcb/0x4f0 [ 348.398676][T11014] ? ___neigh_create+0x6d5/0x2260 [ 348.398703][T11014] ___neigh_create+0x6d5/0x2260 [ 348.398730][T11014] ? neigh_lookup+0xb6/0x5e0 [ 348.398753][T11014] ? __pfx_neigh_lookup+0x10/0x10 [ 348.398785][T11014] ndisc_router_discovery+0x616/0x35f0 [ 348.398825][T11014] ? __pfx_ndisc_router_discovery+0x10/0x10 [ 348.398864][T11014] ? __skb_checksum+0x8e4/0x9f0 [ 348.398883][T11014] ? __lock_acquire+0xaac/0xd20 [ 348.398917][T11014] ? ndisc_rcv+0x4aa/0x730 [ 348.398941][T11014] icmpv6_rcv+0x139a/0x1c80 [ 348.398965][T11014] ? ipv6_chk_mcast_addr+0x77f/0x860 [ 348.398992][T11014] ? __pfx_icmpv6_rcv+0x10/0x10 [ 348.399011][T11014] ip6_protocol_deliver_rcu+0xe08/0x15c0 [ 348.399057][T11014] ip6_input_finish+0xde/0x190 [ 348.399079][T11014] NF_HOOK+0x309/0x3a0 [ 348.399097][T11014] ? __pfx_ip6_input_finish+0x10/0x10 [ 348.399114][T11014] ? NF_HOOK+0x9a/0x3a0 [ 348.399129][T11014] ? __pfx_NF_HOOK+0x10/0x10 [ 348.399148][T11014] ? __pfx_ip6_input_finish+0x10/0x10 [ 348.399176][T11014] ip6_input+0x16a/0x270 [ 348.399191][T11014] ? ip6_input+0x23/0x270 [ 348.399210][T11014] ip6_mc_input+0x79a/0xbe0 [ 348.399233][T11014] ? __pfx_ip6_mc_input+0x10/0x10 [ 348.399251][T11014] ? skb_dst+0x71/0xd0 [ 348.399269][T11014] ? ip6_rcv_finish+0x29a/0x2d0 [ 348.399288][T11014] NF_HOOK+0x309/0x3a0 [ 348.399302][T11014] ? skb_orphan+0x4c/0xd0 [ 348.399320][T11014] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 348.399335][T11014] ? NF_HOOK+0x9a/0x3a0 [ 348.399351][T11014] ? __pfx_NF_HOOK+0x10/0x10 [ 348.399368][T11014] ? __pfx_ip6_rcv_finish+0x10/0x10 [ 348.399396][T11014] __netif_receive_skb+0xd3/0x380 [ 348.399424][T11014] ? netif_receive_skb+0x115/0x790 [ 348.399444][T11014] netif_receive_skb+0x1cb/0x790 [ 348.399465][T11014] ? __pfx___local_bh_disable_ip+0x10/0x10 [ 348.399491][T11014] ? __pfx_netif_receive_skb+0x10/0x10 [ 348.399517][T11014] ? tun_rx_batched+0x160/0x730 [ 348.399541][T11014] tun_rx_batched+0x1b9/0x730 [ 348.399569][T11014] ? __pfx_tun_rx_batched+0x10/0x10 [ 348.399594][T11014] ? tun_get_user+0x2444/0x3c20 [ 348.399627][T11014] ? tun_get_user+0x2444/0x3c20 [ 348.399647][T11014] ? tun_get_user+0x2444/0x3c20 [ 348.399667][T11014] tun_get_user+0x2879/0x3c20 [ 348.399692][T11014] ? tun_get_user+0x687/0x3c20 [ 348.399728][T11014] ? __pfx_tun_get_user+0x10/0x10 [ 348.399749][T11014] ? aa_file_perm+0x3e7/0xed0 [ 348.399781][T11014] ? ref_tracker_alloc+0x318/0x460 [ 348.399801][T11014] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 348.399824][T11014] ? tun_get+0x1c/0x2f0 [ 348.399850][T11014] ? tun_get+0x1c/0x2f0 [ 348.399869][T11014] ? tun_get+0x1c/0x2f0 [ 348.399894][T11014] tun_chr_write_iter+0x113/0x200 [ 348.399916][T11014] vfs_write+0x548/0xa90 [ 348.399940][T11014] ? __pfx_tun_chr_write_iter+0x10/0x10 [ 348.399961][T11014] ? __pfx_vfs_write+0x10/0x10 [ 348.399990][T11014] ? __fget_files+0x2a/0x420 [ 348.400020][T11014] ksys_write+0x145/0x250 [ 348.400042][T11014] ? __pfx_ksys_write+0x10/0x10 [ 348.400062][T11014] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 348.400081][T11014] ? lockdep_hardirqs_on+0x9c/0x150 [ 348.400108][T11014] __do_fast_syscall_32+0xb4/0x110 [ 348.400125][T11014] ? lockdep_hardirqs_on+0x9c/0x150 [ 348.400154][T11014] do_fast_syscall_32+0x34/0x80 [ 348.400171][T11014] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 348.400191][T11014] RIP: 0023:0xf7f15539 [ 348.400206][T11014] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 348.400222][T11014] RSP: 002b:00000000f5036520 EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 348.400240][T11014] RAX: ffffffffffffffda RBX: 00000000000000c8 RCX: 00000000800000c0 [ 348.400252][T11014] RDX: 0000000000000079 RSI: 00000000f73a2ff4 RDI: 0000000000000000 [ 348.400263][T11014] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 348.400274][T11014] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 348.400284][T11014] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 348.400311][T11014] [ 349.074102][T11012] (unnamed net_device) (uninitialized): invalid ARP target 0.0.0.0 specified for addition [ 349.120186][T11012] (unnamed net_device) (uninitialized): option arp_ip_target: invalid value (0) [ 349.311135][ T9] usb 4-1: 0:2 : does not exist [ 349.354224][ T9] usb 4-1: USB disconnect, device number 61 [ 349.380521][T11029] capability: warning: `syz.2.1763' uses 32-bit capabilities (legacy support in use) [ 349.600419][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 349.805549][T11039] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1769'. [ 350.552331][T11058] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 350.562066][T11058] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 350.913383][ T24] usb 3-1: new high-speed USB device number 53 using dummy_hcd [ 351.094404][T11074] netlink: 'syz.3.1781': attribute type 10 has an invalid length. [ 351.102443][T11074] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1781'. [ 351.112279][T11074] batadv0: entered promiscuous mode [ 351.118352][T11074] batadv0: entered allmulticast mode [ 351.126618][T11074] A link change request failed with some changes committed already. Interface batadv0 may have been left with an inconsistent configuration, please check. [ 351.199076][ T24] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 351.209392][ T24] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 351.220317][ T24] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 351.258647][ T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 351.274497][ T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 351.289209][ T24] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 351.306285][ T24] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 351.320874][ T24] usb 3-1: Product: syz [ 351.327596][ T24] usb 3-1: Manufacturer: syz [ 351.341438][ T24] cdc_wdm 3-1:1.0: skipping garbage [ 351.347024][ T24] cdc_wdm 3-1:1.0: skipping garbage [ 351.357279][ T24] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 351.363749][ T24] cdc_wdm 3-1:1.0: Unknown control protocol [ 352.148510][T11089] FAULT_INJECTION: forcing a failure. [ 352.148510][T11089] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 352.162080][T11089] CPU: 1 UID: 0 PID: 11089 Comm: syz.3.1784 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 352.162102][T11089] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 352.162113][T11089] Call Trace: [ 352.162120][T11089] [ 352.162127][T11089] dump_stack_lvl+0x189/0x250 [ 352.162157][T11089] ? __pfx_dump_stack_lvl+0x10/0x10 [ 352.162179][T11089] ? __pfx__printk+0x10/0x10 [ 352.162197][T11089] ? shmem_alloc_and_add_folio+0xcb3/0xf60 [ 352.162222][T11089] ? filemap_get_entry+0xad/0x2f0 [ 352.162245][T11089] ? filemap_get_entry+0xad/0x2f0 [ 352.162268][T11089] should_fail_ex+0x414/0x560 [ 352.162303][T11089] copy_page_from_iter_atomic+0x2bc/0x18a0 [ 352.162322][T11089] ? shmem_allowable_huge_orders+0x1f8/0x420 [ 352.162358][T11089] ? __pfx_copy_page_from_iter_atomic+0x10/0x10 [ 352.162386][T11089] ? shmem_write_begin+0x15f/0x2b0 [ 352.162410][T11089] generic_perform_write+0x5f1/0x910 [ 352.162438][T11089] ? __pfx_generic_perform_write+0x10/0x10 [ 352.162455][T11089] ? do_raw_spin_unlock+0x122/0x240 [ 352.162476][T11089] ? mnt_put_write_access_file+0xc0/0x100 [ 352.162502][T11089] ? file_update_time+0x416/0x490 [ 352.162526][T11089] shmem_file_write_iter+0xf8/0x120 [ 352.162548][T11089] aio_write+0x532/0x790 [ 352.162571][T11089] ? __pfx_aio_write+0x10/0x10 [ 352.162600][T11089] ? __might_fault+0xb0/0x130 [ 352.162636][T11089] io_submit_one+0x70a/0x1240 [ 352.162661][T11089] ? __lock_acquire+0xaac/0xd20 [ 352.162684][T11089] ? __pfx_io_submit_one+0x10/0x10 [ 352.162705][T11089] ? __might_fault+0xb0/0x130 [ 352.162733][T11089] ? __might_fault+0xb0/0x130 [ 352.162757][T11089] __ia32_compat_sys_io_submit+0x1c7/0x330 [ 352.162779][T11089] ? __pfx___ia32_compat_sys_io_submit+0x10/0x10 [ 352.162796][T11089] ? ksys_write+0x1f0/0x250 [ 352.162821][T11089] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 352.162838][T11089] ? lockdep_hardirqs_on+0x9c/0x150 [ 352.162863][T11089] __do_fast_syscall_32+0xb4/0x110 [ 352.162880][T11089] ? lockdep_hardirqs_on+0x9c/0x150 [ 352.162905][T11089] do_fast_syscall_32+0x34/0x80 [ 352.162922][T11089] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 352.162941][T11089] RIP: 0023:0xf7ff1539 [ 352.162955][T11089] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 352.162970][T11089] RSP: 002b:00000000f50d455c EFLAGS: 00000206 ORIG_RAX: 00000000000000f8 [ 352.162987][T11089] RAX: ffffffffffffffda RBX: 00000000f50ab000 RCX: 0000000000000012 [ 352.162998][T11089] RDX: 0000000080000780 RSI: 0000000000000000 RDI: 0000000000000000 [ 352.163009][T11089] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 352.163019][T11089] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 352.163028][T11089] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 352.163050][T11089] [ 353.473116][ T9] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 353.533098][ T24] usb 4-1: new full-speed USB device number 62 using dummy_hcd [ 353.635140][ T9] usb 2-1: config 0 has an invalid interface number: 228 but max is 0 [ 353.652466][ T9] usb 2-1: config 0 has no interface number 0 [ 353.665483][ T9] usb 2-1: config 0 interface 228 altsetting 0 endpoint 0xF has invalid wMaxPacketSize 0 [ 353.704377][ C1] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 353.711004][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 353.716148][ T5880] usb 3-1: USB disconnect, device number 53 [ 353.717068][ C1] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 353.795442][ T9] usb 2-1: New USB device found, idVendor=057c, idProduct=2200, bcdDevice=34.b1 [ 353.807691][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 353.822227][ T9] usb 2-1: Product: syz [ 353.842758][ T9] usb 2-1: Manufacturer: syz [ 353.848132][ T9] usb 2-1: SerialNumber: syz [ 353.881056][ T9] usb 2-1: config 0 descriptor?? [ 353.892179][ T9] bfusb 2-1:0.228: probe with driver bfusb failed with error -5 [ 354.035074][T11109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 354.054848][T11109] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 354.076002][T11109] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 354.096349][ T9] usb 2-1: USB disconnect, device number 67 [ 354.143721][T11109] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 354.232940][ T5880] usb 3-1: new full-speed USB device number 54 using dummy_hcd [ 354.292407][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 354.309368][ T24] usb 4-1: not running at top speed; connect to a high speed hub [ 354.325707][ T24] usb 4-1: config 17 has an invalid interface number: 8 but max is 1 [ 354.334026][ T24] usb 4-1: config 17 has an invalid descriptor of length 0, skipping remainder of the config [ 354.347639][ T24] usb 4-1: config 17 has 1 interface, different from the descriptor's value: 2 [ 354.356832][ T24] usb 4-1: config 17 has no interface number 0 [ 354.370999][ T24] usb 4-1: config 17 interface 8 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 354.387386][ T24] usb 4-1: config 17 interface 8 has no altsetting 0 [ 354.405012][ T5880] usb 3-1: config 0 has an invalid interface number: 133 but max is 0 [ 354.413555][ T5880] usb 3-1: config 0 has no interface number 0 [ 354.426879][ T5880] usb 3-1: New USB device found, idVendor=06cd, idProduct=0121, bcdDevice=dd.3d [ 354.437297][ T24] usb 4-1: New USB device found, idVendor=0763, idProduct=2001, bcdDevice=2c.ff [ 354.447195][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.455844][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.458664][ T24] usb 4-1: Product: syz [ 354.463903][ T5880] usb 3-1: Product: syz [ 354.468084][ T24] usb 4-1: Manufacturer: syz [ 354.472193][ T5880] usb 3-1: Manufacturer: syz [ 354.472209][ T5880] usb 3-1: SerialNumber: syz [ 354.493913][ T24] usb 4-1: SerialNumber: syz [ 354.535044][ T5880] usb 3-1: config 0 descriptor?? [ 354.950076][ T5880] keyspan 3-1:0.133: Keyspan 1 port adapter converter detected [ 354.965027][ T5880] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 81 [ 354.973909][ T5880] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 1 [ 354.985756][ T5880] keyspan 3-1:0.133: found no endpoint descriptor for endpoint 2 [ 355.001474][ T5880] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 356.107179][ T24] usb 4-1: selecting invalid altsetting 0 [ 356.143965][ T24] usb 4-1: USB disconnect, device number 62 [ 356.181916][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:17.8/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 356.642897][ T5879] usb 4-1: new high-speed USB device number 63 using dummy_hcd [ 356.804356][ T5880] usb 3-1: USB disconnect, device number 54 [ 356.853534][ T5880] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 356.952901][ T5879] usb 4-1: config 0 has no interfaces? [ 356.988761][T11151] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 356.997931][T11151] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 357.084067][ T5880] keyspan 3-1:0.133: device disconnected [ 357.141187][ T5879] usb 4-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 357.176162][ T5879] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 357.208094][ T5879] usb 4-1: Product: syz [ 357.212278][ T5879] usb 4-1: Manufacturer: syz [ 357.296324][ T5879] usb 4-1: SerialNumber: syz [ 357.321223][ T5879] usb 4-1: config 0 descriptor?? [ 358.194054][ T58] usb 2-1: new low-speed USB device number 68 using dummy_hcd [ 358.322925][ T58] usb 2-1: device descriptor read/64, error -71 [ 358.482935][ T9] usb 3-1: new full-speed USB device number 55 using dummy_hcd [ 358.562894][ T58] usb 2-1: new low-speed USB device number 69 using dummy_hcd [ 358.646494][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 358.660250][ T9] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 358.672686][ T9] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a5, bcdDevice= 0.40 [ 358.685270][ T9] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 358.693367][ T9] usb 3-1: SerialNumber: syz [ 358.702804][ T9] cdc_ether 3-1:1.0: probe with driver cdc_ether failed with error -22 [ 358.705550][ T58] usb 2-1: device descriptor read/64, error -71 [ 358.714250][ T9] usb-storage 3-1:1.0: USB Mass Storage device detected [ 358.732391][ T9] usb-storage 3-1:1.0: Quirks match for vid 0525 pid a4a5: 10000 [ 358.741372][ T9] scsi host2: usb-storage 3-1:1.0 [ 358.823797][ T58] usb usb2-port1: attempt power cycle [ 358.920963][ T5879] usb 3-1: USB disconnect, device number 55 [ 359.038625][T11169] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1815'. [ 359.058666][T11169] vlan2: entered promiscuous mode [ 359.063881][T11169] dummy0: entered promiscuous mode [ 359.163568][ T58] usb 2-1: new low-speed USB device number 70 using dummy_hcd [ 359.196862][ T58] usb 2-1: device descriptor read/8, error -71 [ 359.354709][ T9] usb 4-1: USB disconnect, device number 63 [ 359.453417][ T58] usb 2-1: new low-speed USB device number 71 using dummy_hcd [ 359.474510][ T58] usb 2-1: device descriptor read/8, error -71 [ 359.577364][T11179] FAULT_INJECTION: forcing a failure. [ 359.577364][T11179] name failslab, interval 1, probability 0, space 0, times 0 [ 359.591137][T11179] CPU: 1 UID: 0 PID: 11179 Comm: syz.2.1819 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 359.591160][T11179] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 359.591171][T11179] Call Trace: [ 359.591178][T11179] [ 359.591185][T11179] dump_stack_lvl+0x189/0x250 [ 359.591213][T11179] ? __pfx_dump_stack_lvl+0x10/0x10 [ 359.591235][T11179] ? __pfx__printk+0x10/0x10 [ 359.591257][T11179] ? __pfx___might_resched+0x10/0x10 [ 359.591286][T11179] should_fail_ex+0x414/0x560 [ 359.591314][T11179] should_failslab+0xa8/0x100 [ 359.591335][T11179] __kmalloc_cache_noprof+0x70/0x3d0 [ 359.591355][T11179] ? device_add+0xbe/0xb50 [ 359.591375][T11179] device_add+0xbe/0xb50 [ 359.591405][T11179] device_create+0x25b/0x2f0 [ 359.591426][T11179] ? format_decode+0x5ee/0xe30 [ 359.591446][T11179] ? string+0x279/0x2b0 [ 359.591462][T11179] ? widen_string+0x3b/0x2a0 [ 359.591482][T11179] ? __pfx_device_create+0x10/0x10 [ 359.591513][T11179] bdi_register_va+0x9c/0x740 [ 359.591535][T11179] super_setup_bdi_name+0xe6/0x200 [ 359.591552][T11179] ? fuse_dev_install+0x8d/0x1a0 [ 359.591573][T11179] ? __pfx_super_setup_bdi_name+0x10/0x10 [ 359.591599][T11179] ? do_raw_spin_unlock+0x122/0x240 [ 359.591621][T11179] fuse_fill_super_common+0x64a/0x1150 [ 359.591645][T11179] ? __pfx_fuse_fill_super_common+0x10/0x10 [ 359.591662][T11179] ? __init_swait_queue_head+0xa9/0x150 [ 359.591685][T11179] ? shrinker_register+0x16b/0x230 [ 359.591703][T11179] ? sget_fc+0x962/0xa40 [ 359.591721][T11179] fuse_fill_super+0x176/0x1f0 [ 359.591738][T11179] ? __pfx_fuse_fill_super+0x10/0x10 [ 359.591757][T11179] get_tree_nodev+0xb8/0x150 [ 359.591778][T11179] fuse_get_tree+0x2eb/0x4e0 [ 359.591800][T11179] vfs_get_tree+0x8f/0x2b0 [ 359.591821][T11179] do_new_mount+0x249/0xa50 [ 359.591850][T11179] __se_sys_mount+0x317/0x410 [ 359.591876][T11179] ? __pfx___se_sys_mount+0x10/0x10 [ 359.591899][T11179] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 359.591917][T11179] ? __ia32_sys_mount+0x20/0xc0 [ 359.591940][T11179] __do_fast_syscall_32+0xb4/0x110 [ 359.591958][T11179] ? lockdep_hardirqs_on+0x9c/0x150 [ 359.591986][T11179] do_fast_syscall_32+0x34/0x80 [ 359.592003][T11179] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 359.592022][T11179] RIP: 0023:0xf70be539 [ 359.592037][T11179] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 359.592052][T11179] RSP: 002b:00000000f50ae55c EFLAGS: 00000206 ORIG_RAX: 0000000000000015 [ 359.592069][T11179] RAX: ffffffffffffffda RBX: 0000000000000000 RCX: 0000000080000000 [ 359.592081][T11179] RDX: 0000000080002100 RSI: 0000000000000000 RDI: 0000000080002140 [ 359.592091][T11179] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 359.592101][T11179] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 359.592111][T11179] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 359.592137][T11179] [ 359.985631][ T58] usb usb2-port1: unable to enumerate USB device [ 360.279621][T11195] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 360.292709][T11195] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 360.395528][ T9] usb 4-1: new high-speed USB device number 64 using dummy_hcd [ 360.455410][ T58] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 360.552892][ T9] usb 4-1: Using ep0 maxpacket: 32 [ 360.560150][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 360.573382][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 360.584505][ T9] usb 4-1: New USB device found, idVendor=0403, idProduct=6030, bcdDevice= 0.00 [ 360.594248][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 360.604880][ T9] usb 4-1: config 0 descriptor?? [ 360.624644][ T58] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 360.633479][ T58] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 360.644122][ T58] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 360.653238][ T58] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 360.666419][ T58] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 360.679413][ T58] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 360.688617][ T58] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 360.696654][ T58] usb 3-1: Product: syz [ 360.700887][ T58] usb 3-1: Manufacturer: syz [ 360.710466][ T58] cdc_wdm 3-1:1.0: skipping garbage [ 360.715761][ T58] cdc_wdm 3-1:1.0: skipping garbage [ 360.722315][ T58] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 360.728287][ T58] cdc_wdm 3-1:1.0: Unknown control protocol [ 361.025550][ T9] ft260 0003:0403:6030.0010: item fetching failed at offset 0/2 [ 361.042613][ T9] ft260 0003:0403:6030.0010: failed to parse HID [ 361.049405][ T9] ft260 0003:0403:6030.0010: probe with driver ft260 failed with error -22 [ 361.215532][T11187] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 361.229882][T11187] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 361.805457][T11223] netlink: 'syz.4.1837': attribute type 13 has an invalid length. [ 361.940794][T11223] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 361.957970][T11223] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 362.105204][T11223] netdevsim netdevsim4 netdevsim0: unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.117262][T11223] netdevsim netdevsim4 netdevsim1: unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.132445][T11223] netdevsim netdevsim4 netdevsim2: unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.155963][T11223] netdevsim netdevsim4 netdevsim3: unset [1, 0] type 2 family 0 port 6081 - 0 [ 362.191254][T11223] hsr0: left allmulticast mode [ 362.201403][T11223] hsr_slave_0: left allmulticast mode [ 362.208699][T11223] hsr_slave_1: left allmulticast mode [ 362.340860][ T5879] usb 4-1: USB disconnect, device number 64 [ 362.418026][T11240] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1842'. [ 362.469933][ T30] audit: type=1326 audit(1745654328.366:1168): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11235 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 362.549011][ T30] audit: type=1326 audit(1745654328.366:1169): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11235 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 362.590764][T11243] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1843'. [ 362.604995][ T30] audit: type=1326 audit(1745654328.366:1170): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11235 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe558 code=0x7ffc0000 [ 362.699056][ T30] audit: type=1326 audit(1745654328.366:1171): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11235 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe558 code=0x7ffc0000 [ 362.812709][ T30] audit: type=1326 audit(1745654328.366:1172): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11235 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe558 code=0x7ffc0000 [ 362.837505][ T30] audit: type=1326 audit(1745654328.366:1173): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11235 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe558 code=0x7ffc0000 [ 362.869987][ T30] audit: type=1326 audit(1745654328.366:1174): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11235 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe558 code=0x7ffc0000 [ 362.905384][ T30] audit: type=1326 audit(1745654328.366:1175): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11235 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe558 code=0x7ffc0000 [ 362.939151][ T30] audit: type=1326 audit(1745654328.366:1176): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11235 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe558 code=0x7ffc0000 [ 362.977178][T11249] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1844'. [ 362.986626][T11249] netlink: 36 bytes leftover after parsing attributes in process `syz.3.1844'. [ 363.003033][ T30] audit: type=1326 audit(1745654328.366:1177): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11235 comm="syz.1.1841" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70fe558 code=0x7ffc0000 [ 363.041585][T11238] program syz.1.1841 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 363.308667][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 363.315324][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 363.322180][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 363.328805][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 363.340910][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 363.347525][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 363.353929][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 363.360539][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 363.366846][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 363.373462][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 363.383362][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 363.389979][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 363.397182][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 363.403791][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 363.446514][ T5880] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 363.454339][ T9] usb 3-1: USB disconnect, device number 56 [ 363.475942][ T5880] hid-generic 0000:0000:0000.0011: hidraw0: HID v0.00 Device [syz1] on syz0 [ 364.130975][T11282] input: syz0 as /devices/virtual/input/input28 [ 364.133122][ T58] usb 4-1: new high-speed USB device number 65 using dummy_hcd [ 364.305079][ T58] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 364.326718][ T58] usb 4-1: New USB device found, idVendor=0bda, idProduct=0129, bcdDevice=d4.45 [ 364.358727][ T58] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.372521][ T58] usb 4-1: Product: syz [ 364.379635][ T58] usb 4-1: Manufacturer: syz [ 364.384931][ T58] usb 4-1: SerialNumber: syz [ 364.400790][ T58] usb 4-1: config 0 descriptor?? [ 364.472982][ T24] usb 2-1: new full-speed USB device number 72 using dummy_hcd [ 364.513778][ T58] rtsx_usb 4-1:0.0: probe with driver rtsx_usb failed with error -22 [ 364.595714][ T9] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 364.617792][T11272] (unnamed net_device) (uninitialized): Unable to set down delay as MII monitoring is disabled [ 364.631318][T11272] input: syz0 as /devices/virtual/input/input27 [ 364.641366][T11272] input: failed to attach handler leds to device input27, error: -6 [ 364.651338][ T24] usb 2-1: unable to get BOS descriptor or descriptor too short [ 364.664659][ T24] usb 2-1: not running at top speed; connect to a high speed hub [ 364.680321][ T24] usb 2-1: config 12 has an invalid interface number: 187 but max is 0 [ 364.689290][ T24] usb 2-1: config 12 has no interface number 0 [ 364.697731][ T24] usb 2-1: config 12 interface 187 altsetting 64 endpoint 0xA has invalid maxpacket 1024, setting to 64 [ 364.709673][ T24] usb 2-1: config 12 interface 187 has no altsetting 0 [ 364.720682][ T24] usb 2-1: New USB device found, idVendor=110a, idProduct=1130, bcdDevice=4e.fa [ 364.730570][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.740778][ T24] usb 2-1: Product: syz [ 364.745070][ T24] usb 2-1: Manufacturer: syz [ 364.749679][ T24] usb 2-1: SerialNumber: syz [ 364.758058][T11283] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 364.762932][ T9] usb 3-1: Using ep0 maxpacket: 16 [ 364.772490][ T9] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 364.786527][ T9] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 364.797691][ T9] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 364.811456][ T9] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 364.821102][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 364.829490][ T9] usb 3-1: Product: 艔ث盀燠꣔噵阍삠밂ቮ㢌袖뤂뱸䗤쬸標 [ 364.839200][ T9] usb 3-1: Manufacturer: ࠚ [ 364.844049][ T9] usb 3-1: SerialNumber: 钒ఘ讐컻㓼ꔀ뾌芪鵓䷹᧠䠔눙誁ݶ垛䜖ਵ㜾ᛒ䒦ヲ︴拎᫿믄혵垌˿໪軍仺恽ぎ䰥긞뵷萕㊥굪ꠐ鬋迴쓎寮漵루筧뵁뱙⏳駳⭒춱툼룪䐭嶂汇ꜛフ줓猾Ѐྑ騱믄ﰖ魰ⱆࣲ㙂穑䁡覇㦑磛띄墿던₝ゐꃚ远涀‟螆彊ऽ焆Ꙫ筋⨳˞ן櫣쑶袍⩺ᶂ吵憰䌕ཀ팺헧恥 [ 364.968102][T11283] netlink: 5776 bytes leftover after parsing attributes in process `syz.1.1857'. [ 365.296572][ T9] usb 3-1: 0:2 : does not exist [ 365.314564][ T9] usb 3-1: USB disconnect, device number 57 [ 365.509420][ T5835] udevd[5835]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 366.732286][T11298] FAULT_INJECTION: forcing a failure. [ 366.732286][T11298] name failslab, interval 1, probability 0, space 0, times 0 [ 366.748733][T11298] CPU: 1 UID: 0 PID: 11298 Comm: syz.4.1863 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 366.748756][T11298] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 366.748767][T11298] Call Trace: [ 366.748776][T11298] [ 366.748784][T11298] dump_stack_lvl+0x189/0x250 [ 366.748811][T11298] ? __pfx_dump_stack_lvl+0x10/0x10 [ 366.748825][T11298] ? __pfx__printk+0x10/0x10 [ 366.748836][T11298] ? __pfx___might_resched+0x10/0x10 [ 366.748852][T11298] ? fs_reclaim_acquire+0x7d/0x100 [ 366.748874][T11298] should_fail_ex+0x414/0x560 [ 366.748904][T11298] should_failslab+0xa8/0x100 [ 366.748928][T11298] __kmalloc_noprof+0xcb/0x4f0 [ 366.748947][T11298] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 366.748962][T11298] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 366.748976][T11298] genl_family_rcv_msg_doit+0xb8/0x300 [ 366.748997][T11298] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 366.749011][T11298] ? rcu_is_watching+0x15/0xb0 [ 366.749037][T11298] ? apparmor_capable+0x137/0x1b0 [ 366.749060][T11298] ? bpf_lsm_capable+0x9/0x20 [ 366.749081][T11298] ? security_capable+0x7e/0x2e0 [ 366.749099][T11298] genl_rcv_msg+0x60e/0x790 [ 366.749113][T11298] ? __pfx_genl_rcv_msg+0x10/0x10 [ 366.749123][T11298] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 366.749135][T11298] ? __pfx_nl80211_set_bss+0x10/0x10 [ 366.749144][T11298] ? __pfx_nl80211_post_doit+0x10/0x10 [ 366.749171][T11298] netlink_rcv_skb+0x219/0x490 [ 366.749196][T11298] ? __pfx_genl_rcv_msg+0x10/0x10 [ 366.749216][T11298] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 366.749252][T11298] ? down_read+0x1ad/0x2e0 [ 366.749265][T11298] genl_rcv+0x28/0x40 [ 366.749274][T11298] netlink_unicast+0x758/0x8d0 [ 366.749291][T11298] netlink_sendmsg+0x805/0xb30 [ 366.749315][T11298] ? __pfx_netlink_sendmsg+0x10/0x10 [ 366.749340][T11298] ? __import_iovec+0x5d4/0x7f0 [ 366.749358][T11298] ? aa_sock_msg_perm+0x94/0x160 [ 366.749376][T11298] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 366.749394][T11298] ? __pfx_netlink_sendmsg+0x10/0x10 [ 366.749418][T11298] __sock_sendmsg+0x219/0x270 [ 366.749443][T11298] ____sys_sendmsg+0x505/0x830 [ 366.749466][T11298] ? __pfx_____sys_sendmsg+0x10/0x10 [ 366.749499][T11298] ___sys_sendmsg+0x21f/0x2a0 [ 366.749520][T11298] ? __pfx____sys_sendmsg+0x10/0x10 [ 366.749564][T11298] ? __fget_files+0x2a/0x420 [ 366.749575][T11298] ? __fget_files+0x3a0/0x420 [ 366.749591][T11298] __sys_sendmsg+0x164/0x220 [ 366.749602][T11298] ? __pfx___sys_sendmsg+0x10/0x10 [ 366.749626][T11298] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 366.749644][T11298] ? lockdep_hardirqs_on+0x9c/0x150 [ 366.749671][T11298] __do_fast_syscall_32+0xb4/0x110 [ 366.749696][T11298] do_fast_syscall_32+0x34/0x80 [ 366.749707][T11298] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 366.749719][T11298] RIP: 0023:0xf7f15539 [ 366.749728][T11298] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 366.749737][T11298] RSP: 002b:00000000f503655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 366.749749][T11298] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000340 [ 366.749756][T11298] RDX: 00000000040420d0 RSI: 0000000000000000 RDI: 0000000000000000 [ 366.749764][T11298] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 366.749774][T11298] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 366.749784][T11298] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 366.749811][T11298] [ 367.163110][ T5880] usb 4-1: USB disconnect, device number 65 [ 367.249838][ T24] ti_usb_3410_5052 2-1:12.187: TI USB 3410 1 port adapter converter detected [ 367.253370][T11300] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1864'. [ 367.259484][ T24] ti_usb_3410_5052 2-1:12.187: missing endpoints [ 367.280004][ T24] usb 2-1: USB disconnect, device number 72 [ 367.463751][T11309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 367.474653][T11309] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 367.491887][T11309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 367.502618][T11309] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 367.537515][T11309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 367.548686][T11309] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 368.140156][T11319] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1870'. [ 368.320594][T11321] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 368.342043][T11321] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 368.349900][ T24] usb 4-1: new high-speed USB device number 66 using dummy_hcd [ 368.364400][T11322] netlink: 'syz.4.1872': attribute type 5 has an invalid length. [ 368.522886][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 368.534289][ T24] usb 4-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 368.543095][ T24] usb 4-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 368.578656][T11329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 368.587222][ T24] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 368.600239][T11329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 368.614773][ T24] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 368.625827][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.651263][ T24] usb 4-1: Product: 艔ث盀燠꣔噵阍삠밂ቮ㢌袖뤂뱸䗤쬸標 [ 368.659766][ T24] usb 4-1: Manufacturer: ࠚ [ 368.664466][ T24] usb 4-1: SerialNumber: 钒ఘ讐컻㓼ꔀ뾌芪鵓䷹᧠䠔눙誁ݶ垛䜖ਵ㜾ᛒ䒦ヲ︴拎᫿믄혵垌˿໪軍仺恽ぎ䰥긞뵷萕㊥굪ꠐ鬋迴쓎寮漵루筧뵁뱙⏳駳⭒춱툼룪䐭嶂汇ꜛフ줓猾Ѐྑ騱믄ﰖ魰ⱆࣲ㙂穑䁡覇㦑磛띄墿던₝ゐꃚ远涀‟螆彊ऽ焆Ꙫ筋⨳˞ן櫣쑶袍⩺ᶂ吵憰䌕ཀ팺헧恥 [ 369.150362][ T24] usb 4-1: 0:2 : does not exist [ 369.181597][ T24] usb 4-1: USB disconnect, device number 66 [ 369.267258][T11316] syz.1.1870 (11316): drop_caches: 2 [ 369.396209][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 369.590438][T11335] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 369.615638][T11335] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 369.902641][T11335] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 370.031124][T11335] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 370.217818][T11353] FAULT_INJECTION: forcing a failure. [ 370.217818][T11353] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 370.253095][T11353] CPU: 0 UID: 0 PID: 11353 Comm: syz.3.1881 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 370.253122][T11353] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 370.253133][T11353] Call Trace: [ 370.253140][T11353] [ 370.253148][T11353] dump_stack_lvl+0x189/0x250 [ 370.253178][T11353] ? __pfx_dump_stack_lvl+0x10/0x10 [ 370.253201][T11353] ? __pfx__printk+0x10/0x10 [ 370.253231][T11353] should_fail_ex+0x414/0x560 [ 370.253260][T11353] _copy_to_user+0x31/0xb0 [ 370.253283][T11353] simple_read_from_buffer+0xe1/0x170 [ 370.253309][T11353] proc_fail_nth_read+0x1df/0x250 [ 370.253335][T11353] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 370.253360][T11353] ? rw_verify_area+0x258/0x650 [ 370.253378][T11353] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 370.253402][T11353] vfs_read+0x1fd/0x980 [ 370.253425][T11353] ? __pfx___mutex_lock+0x10/0x10 [ 370.253444][T11353] ? __pfx_vfs_read+0x10/0x10 [ 370.253464][T11353] ? __fget_files+0x2a/0x420 [ 370.253489][T11353] ? __fget_files+0x3a0/0x420 [ 370.253508][T11353] ? __fget_files+0x2a/0x420 [ 370.253536][T11353] ksys_read+0x145/0x250 [ 370.253557][T11353] ? __pfx_ksys_read+0x10/0x10 [ 370.253586][T11353] __do_fast_syscall_32+0xb4/0x110 [ 370.253605][T11353] ? lockdep_hardirqs_on+0x9c/0x150 [ 370.253633][T11353] do_fast_syscall_32+0x34/0x80 [ 370.253651][T11353] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 370.253671][T11353] RIP: 0023:0xf7ff1539 [ 370.253686][T11353] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 370.253700][T11353] RSP: 002b:00000000f50f5590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 370.253718][T11353] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f50f5620 [ 370.253730][T11353] RDX: 000000000000000f RSI: 00000000f7482ff4 RDI: 0000000000000000 [ 370.253745][T11353] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 370.253755][T11353] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 370.253770][T11353] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 370.253797][T11353] [ 370.939131][T11376] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1887'. [ 371.272932][ T5880] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 371.416186][T11389] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 371.428869][ T5880] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 371.437801][ T5880] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 371.452118][ T5880] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 371.454030][T11389] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 371.461807][ T5880] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 371.480759][ T5880] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 371.502489][ T5880] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 371.512047][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 371.520811][ T5880] usb 3-1: Product: syz [ 371.525798][ T5880] usb 3-1: Manufacturer: syz [ 371.553789][ T5880] cdc_wdm 3-1:1.0: skipping garbage [ 371.562582][ T5880] cdc_wdm 3-1:1.0: skipping garbage [ 371.590265][ T5880] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 371.597255][ T5880] cdc_wdm 3-1:1.0: Unknown control protocol [ 372.062989][ T5879] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 372.216282][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.227597][ T5879] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 372.237649][ T5879] usb 4-1: New USB device found, idVendor=0c70, idProduct=f010, bcdDevice= 0.00 [ 372.247464][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.262247][ T5879] usb 4-1: config 0 descriptor?? [ 372.893019][ T5880] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 372.902180][T11394] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1893'. [ 372.922187][ T5879] usbhid 4-1:0.0: can't add hid device: -71 [ 372.932934][ T5879] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 372.946750][ T5879] usb 4-1: USB disconnect, device number 67 [ 373.082420][ T5880] usb 2-1: Using ep0 maxpacket: 32 [ 373.095540][ T5880] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 373.099051][T11411] RDS: rds_bind could not find a transport for fe80::1a, load rds_tcp or rds_rdma? [ 373.110311][ T5880] usb 2-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.00 [ 373.130846][T11411] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 373.134654][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.144040][T11411] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 373.172400][ T5880] usb 2-1: config 0 descriptor?? [ 373.588172][ T5880] steelseries 0003:1038:1410.0012: not enough fields in HID_OUTPUT_REPORT 0 [ 373.707821][T11417] netlink: 56 bytes leftover after parsing attributes in process `syz.4.1904'. [ 373.798196][T11405] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1899'. [ 373.831083][ T5880] usb 2-1: USB disconnect, device number 73 [ 373.842940][ T58] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 373.892277][T11421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 373.905896][T11421] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 374.008195][ T58] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 374.018325][ T58] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.029232][ T58] usb 4-1: config 0 descriptor?? [ 374.039331][ T58] cp210x 4-1:0.0: cp210x converter detected [ 374.089454][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 374.089877][ T5879] usb 3-1: USB disconnect, device number 58 [ 374.096060][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 374.096081][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 374.244010][T11415] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 374.252799][T11415] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 374.278031][ T58] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 374.289458][ T58] cp210x 4-1:0.0: querying part number failed [ 374.298744][ T58] usb 4-1: cp210x converter now attached to ttyUSB0 [ 374.313262][ T58] usb 4-1: USB disconnect, device number 68 [ 374.336241][T11425] xt_SECMARK: invalid mode: 0 [ 374.339020][ T58] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 374.370339][ T58] cp210x 4-1:0.0: device disconnected [ 374.471302][T11431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 374.483730][T11431] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 374.497133][T11431] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 374.510227][T11431] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 374.523227][ T5879] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 374.661994][T11435] FAULT_INJECTION: forcing a failure. [ 374.661994][T11435] name failslab, interval 1, probability 0, space 0, times 0 [ 374.704512][T11435] CPU: 1 UID: 0 PID: 11435 Comm: syz.1.1913 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 374.704535][T11435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 374.704545][T11435] Call Trace: [ 374.704552][T11435] [ 374.704560][T11435] dump_stack_lvl+0x189/0x250 [ 374.704593][T11435] ? __pfx_dump_stack_lvl+0x10/0x10 [ 374.704616][T11435] ? __pfx__printk+0x10/0x10 [ 374.704646][T11435] should_fail_ex+0x414/0x560 [ 374.704675][T11435] should_failslab+0xa8/0x100 [ 374.704698][T11435] __kmalloc_cache_noprof+0x70/0x3d0 [ 374.704717][T11435] ? sctp_add_bind_addr+0x8c/0x370 [ 374.704739][T11435] sctp_add_bind_addr+0x8c/0x370 [ 374.704760][T11435] sctp_copy_local_addr_list+0x30b/0x4e0 [ 374.704787][T11435] ? sctp_copy_local_addr_list+0x9b/0x4e0 [ 374.704809][T11435] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 374.704831][T11435] ? sctp_v4_is_any+0x35/0x60 [ 374.704848][T11435] ? sctp_copy_one_addr+0x93/0x360 [ 374.704866][T11435] sctp_bind_addr_copy+0xb3/0x3c0 [ 374.704877][T11435] ? sctp_assoc_set_bind_addr_from_ep+0xa5/0x1a0 [ 374.704892][T11435] sctp_connect_new_asoc+0x2e0/0x690 [ 374.704906][T11435] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 374.704918][T11435] ? __local_bh_enable_ip+0x12d/0x1c0 [ 374.704948][T11435] ? bpf_lsm_sctp_bind_connect+0x9/0x20 [ 374.704967][T11435] ? security_sctp_bind_connect+0x7e/0x2e0 [ 374.704994][T11435] sctp_sendmsg+0x155c/0x2810 [ 374.705019][T11435] ? __pfx_sctp_sendmsg+0x10/0x10 [ 374.705038][T11435] ? aa_sk_perm+0x81e/0x950 [ 374.705064][T11435] ? __pfx_aa_sk_perm+0x10/0x10 [ 374.705083][T11435] ? sock_rps_record_flow+0x19/0x400 [ 374.705106][T11435] ? inet_sendmsg+0x2f4/0x370 [ 374.705129][T11435] __sock_sendmsg+0x19c/0x270 [ 374.705155][T11435] ____sys_sendmsg+0x505/0x830 [ 374.705172][T11435] ? __pfx_____sys_sendmsg+0x10/0x10 [ 374.705190][T11435] ___sys_sendmsg+0x21f/0x2a0 [ 374.705201][T11435] ? __pfx____sys_sendmsg+0x10/0x10 [ 374.705237][T11435] ? __fget_files+0x2a/0x420 [ 374.705258][T11435] ? __fget_files+0x3a0/0x420 [ 374.705289][T11435] __sys_sendmsg+0x164/0x220 [ 374.705308][T11435] ? __pfx___sys_sendmsg+0x10/0x10 [ 374.705327][T11435] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 374.705337][T11435] ? lockdep_hardirqs_on+0x9c/0x150 [ 374.705352][T11435] __do_fast_syscall_32+0xb4/0x110 [ 374.705362][T11435] ? lockdep_hardirqs_on+0x9c/0x150 [ 374.705382][T11435] do_fast_syscall_32+0x34/0x80 [ 374.705399][T11435] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 374.705420][T11435] RIP: 0023:0xf70fe539 [ 374.705435][T11435] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 374.705449][T11435] RSP: 002b:00000000f50ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 374.705464][T11435] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080002980 [ 374.705471][T11435] RDX: 0000000004000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 374.705476][T11435] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 374.705482][T11435] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 374.705487][T11435] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 374.705502][T11435] [ 374.707974][ T5879] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 375.036231][ T5879] usb 3-1: New USB device found, idVendor=03da, idProduct=2820, bcdDevice=52.3c [ 375.045386][ T5879] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 375.062469][ T5879] usb 3-1: config 0 descriptor?? [ 375.148672][ T5879] usb 3-1: bad CDC descriptors [ 375.205536][T11447] bond0: (slave bond_slave_0): Releasing backup interface [ 375.216792][T11447] bond0: (slave bond_slave_1): Releasing backup interface [ 375.226244][T11447] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 375.235329][T11447] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 375.253710][T11447] bond0: (slave macvlan0): Releasing backup interface [ 375.313830][T11447] bond2: (slave gretap1): Releasing active interface [ 375.340940][T11447] bond2: (slave gretap1): the permanent HWaddr of slave - ee:fb:8e:f3:aa:49 - is still in use by bond - set the HWaddr of slave to a different address to avoid conflicts [ 375.372365][T11447] bond2: (slave bridge0): Releasing active interface [ 375.411428][ T58] usb 3-1: USB disconnect, device number 59 [ 375.699885][T11460] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 376.011927][T11462] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1919'. [ 376.335477][T11466] FAULT_INJECTION: forcing a failure. [ 376.335477][T11466] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 376.350898][T11467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 376.382894][T11467] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 376.403008][T11466] CPU: 0 UID: 0 PID: 11466 Comm: syz.2.1920 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 376.403031][T11466] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 376.403041][T11466] Call Trace: [ 376.403049][T11466] [ 376.403056][T11466] dump_stack_lvl+0x189/0x250 [ 376.403084][T11466] ? __pfx_dump_stack_lvl+0x10/0x10 [ 376.403097][T11466] ? __pfx__printk+0x10/0x10 [ 376.403113][T11466] should_fail_ex+0x414/0x560 [ 376.403129][T11466] _copy_to_user+0x31/0xb0 [ 376.403143][T11466] __htab_map_lookup_and_delete_batch+0x103e/0x13a0 [ 376.403173][T11466] ? __pfx___htab_map_lookup_and_delete_batch+0x10/0x10 [ 376.403189][T11466] ? __pfx_htab_percpu_map_lookup_and_delete_batch+0x10/0x10 [ 376.403201][T11466] bpf_map_do_batch+0x412/0x5f0 [ 376.403221][T11466] __sys_bpf+0x666/0x860 [ 376.403233][T11466] ? __pfx___sys_bpf+0x10/0x10 [ 376.403251][T11466] ? ksys_write+0x1f0/0x250 [ 376.403267][T11466] __ia32_sys_bpf+0x7c/0x90 [ 376.403278][T11466] __do_fast_syscall_32+0xb4/0x110 [ 376.403289][T11466] ? lockdep_hardirqs_on+0x9c/0x150 [ 376.403304][T11466] do_fast_syscall_32+0x34/0x80 [ 376.403314][T11466] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 376.403325][T11466] RIP: 0023:0xf70be539 [ 376.403334][T11466] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 376.403343][T11466] RSP: 002b:00000000f508d55c EFLAGS: 00000206 ORIG_RAX: 0000000000000165 [ 376.403354][T11466] RAX: ffffffffffffffda RBX: 0000000000000019 RCX: 0000000080000800 [ 376.403361][T11466] RDX: 0000000000000038 RSI: 0000000000000000 RDI: 0000000000000000 [ 376.403367][T11466] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 376.403373][T11466] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 376.403378][T11466] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 376.403392][T11466] [ 376.604427][ C0] vkms_vblank_simulate: vblank timer overrun [ 376.869587][T11475] netlink: 'syz.1.1925': attribute type 16 has an invalid length. [ 376.877849][T11476] netlink: 'syz.1.1925': attribute type 16 has an invalid length. [ 376.943141][ T5880] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 376.953562][T11478] FAULT_INJECTION: forcing a failure. [ 376.953562][T11478] name failslab, interval 1, probability 0, space 0, times 0 [ 376.966824][T11478] CPU: 0 UID: 0 PID: 11478 Comm: syz.1.1926 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 376.966846][T11478] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 376.966855][T11478] Call Trace: [ 376.966860][T11478] [ 376.966865][T11478] dump_stack_lvl+0x189/0x250 [ 376.966884][T11478] ? __pfx_dump_stack_lvl+0x10/0x10 [ 376.966897][T11478] ? __pfx__printk+0x10/0x10 [ 376.966909][T11478] ? __mutex_trylock_common+0x153/0x260 [ 376.966925][T11478] should_fail_ex+0x414/0x560 [ 376.966942][T11478] should_failslab+0xa8/0x100 [ 376.966955][T11478] __kmalloc_cache_noprof+0x70/0x3d0 [ 376.966967][T11478] ? __hw_addr_add_ex+0x1f4/0x770 [ 376.966979][T11478] __hw_addr_add_ex+0x1f4/0x770 [ 376.966993][T11478] dev_addr_init+0x14f/0x230 [ 376.967004][T11478] ? __pfx_dev_addr_init+0x10/0x10 [ 376.967020][T11478] alloc_netdev_mqs+0x2f3/0x11e0 [ 376.967031][T11478] ? __pfx_ip6_tnl_dev_setup+0x10/0x10 [ 376.967046][T11478] ip6_tnl_locate+0x658/0x810 [ 376.967064][T11478] ? __pfx_ip6_tnl_locate+0x10/0x10 [ 376.967077][T11478] ? ip6_tnl_siocdevprivate+0x60c/0xad0 [ 376.967091][T11478] ip6_tnl_siocdevprivate+0x630/0xad0 [ 376.967106][T11478] ? __pfx_ip6_tnl_siocdevprivate+0x10/0x10 [ 376.967117][T11478] ? rcu_is_watching+0x15/0xb0 [ 376.967140][T11478] ? full_name_hash+0x92/0xe0 [ 376.967155][T11478] ? netdev_name_node_lookup+0xdf/0x120 [ 376.967173][T11478] dev_ifsioc+0xb54/0xf00 [ 376.967191][T11478] dev_ioctl+0x84c/0x1150 [ 376.967205][T11478] sock_ioctl+0x719/0x790 [ 376.967218][T11478] ? __pfx_sock_ioctl+0x10/0x10 [ 376.967237][T11478] compat_sock_ioctl+0x285/0xc80 [ 376.967253][T11478] ? __pfx_compat_sock_ioctl+0x10/0x10 [ 376.967275][T11478] ? __fget_files+0x3a0/0x420 [ 376.967294][T11478] ? __fget_files+0x2a/0x420 [ 376.967316][T11478] ? bpf_lsm_file_ioctl_compat+0x9/0x20 [ 376.967339][T11478] __ia32_compat_sys_ioctl+0x551/0x840 [ 376.967352][T11478] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 376.967362][T11478] ? __fget_files+0x3a0/0x420 [ 376.967376][T11478] ? fput+0xa0/0xd0 [ 376.967389][T11478] ? ksys_write+0x1f0/0x250 [ 376.967403][T11478] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 376.967414][T11478] ? lockdep_hardirqs_on+0x9c/0x150 [ 376.967429][T11478] __do_fast_syscall_32+0xb4/0x110 [ 376.967439][T11478] ? lockdep_hardirqs_on+0x9c/0x150 [ 376.967454][T11478] do_fast_syscall_32+0x34/0x80 [ 376.967464][T11478] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 376.967475][T11478] RIP: 0023:0xf70fe539 [ 376.967484][T11478] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 376.967492][T11478] RSP: 002b:00000000f50ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 376.967503][T11478] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000000089f1 [ 376.967509][T11478] RDX: 0000000080000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 376.967515][T11478] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 376.967520][T11478] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 376.967526][T11478] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 376.967540][T11478] [ 377.281831][ C0] vkms_vblank_simulate: vblank timer overrun [ 377.367637][ T5880] usb 3-1: no configurations [ 377.372295][ T5880] usb 3-1: can't read configurations, error -22 [ 377.509690][ T5880] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 377.608911][T11491] FAULT_INJECTION: forcing a failure. [ 377.608911][T11491] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 377.622503][T11491] CPU: 1 UID: 0 PID: 11491 Comm: syz.4.1932 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 377.622526][T11491] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 377.622537][T11491] Call Trace: [ 377.622544][T11491] [ 377.622551][T11491] dump_stack_lvl+0x189/0x250 [ 377.622568][T11491] ? __lock_acquire+0xaac/0xd20 [ 377.622583][T11491] ? __pfx_dump_stack_lvl+0x10/0x10 [ 377.622595][T11491] ? __pfx__printk+0x10/0x10 [ 377.622605][T11491] ? __might_fault+0xb0/0x130 [ 377.622635][T11491] should_fail_ex+0x414/0x560 [ 377.622665][T11491] _copy_from_user+0x2d/0xb0 [ 377.622687][T11491] kstrtouint_from_user+0xc4/0x170 [ 377.622703][T11491] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 377.622721][T11491] proc_fail_nth_write+0x88/0x240 [ 377.622734][T11491] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 377.622749][T11491] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 377.622765][T11491] vfs_write+0x27b/0xa90 [ 377.622793][T11491] ? __pfx_vfs_write+0x10/0x10 [ 377.622822][T11491] ? __fget_files+0x2a/0x420 [ 377.622845][T11491] ? __fget_files+0x3a0/0x420 [ 377.622863][T11491] ? __fget_files+0x2a/0x420 [ 377.622889][T11491] ksys_write+0x145/0x250 [ 377.622909][T11491] ? __pfx_ksys_write+0x10/0x10 [ 377.622929][T11491] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 377.622947][T11491] ? lockdep_hardirqs_on+0x9c/0x150 [ 377.622973][T11491] __do_fast_syscall_32+0xb4/0x110 [ 377.622991][T11491] ? lockdep_hardirqs_on+0x9c/0x150 [ 377.623018][T11491] do_fast_syscall_32+0x34/0x80 [ 377.623035][T11491] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 377.623055][T11491] RIP: 0023:0xf7f15539 [ 377.623070][T11491] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 377.623085][T11491] RSP: 002b:00000000f5036590 EFLAGS: 00000206 ORIG_RAX: 0000000000000004 [ 377.623103][T11491] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000f5036620 [ 377.623116][T11491] RDX: 0000000000000001 RSI: 00000000f73a2ff4 RDI: 0000000000000000 [ 377.623126][T11491] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 377.623136][T11491] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 377.623147][T11491] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 377.623174][T11491] [ 377.883057][ T5880] usb 3-1: no configurations [ 377.887737][ T5880] usb 3-1: can't read configurations, error -22 [ 377.907151][ T5880] usb usb3-port1: attempt power cycle [ 377.994246][T11498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 378.034406][T11498] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 378.062726][T11498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 378.081048][T11498] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 378.099980][T11498] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 378.111660][T11498] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 378.262923][ T5880] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 378.283156][ T5902] usb 4-1: new high-speed USB device number 69 using dummy_hcd [ 378.297597][ T5880] usb 3-1: no configurations [ 378.302595][ T5880] usb 3-1: can't read configurations, error -22 [ 378.439189][ T5880] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 378.463174][ T5902] usb 4-1: device descriptor read/64, error -71 [ 378.505117][ T5880] usb 3-1: no configurations [ 378.512918][ T5880] usb 3-1: can't read configurations, error -22 [ 378.517194][ T1297] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.525671][ T1297] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.529471][ T5880] usb usb3-port1: unable to enumerate USB device [ 378.610854][T11501] bond0: (slave bond_slave_0): Releasing backup interface [ 378.661227][T11501] bond0: (slave bond_slave_1): Releasing backup interface [ 378.680112][T11501] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 378.687623][T11501] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 378.697458][T11501] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 378.705454][T11501] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 378.723155][ T5902] usb 4-1: new high-speed USB device number 70 using dummy_hcd [ 378.863514][ T5902] usb 4-1: device descriptor read/64, error -71 [ 378.945299][T11518] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 378.954334][T11518] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 379.004522][ T5902] usb usb4-port1: attempt power cycle [ 379.163035][ T24] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 379.313106][ T24] usb 2-1: Using ep0 maxpacket: 32 [ 379.323828][ T24] usb 2-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 379.333044][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.341030][ T24] usb 2-1: Product: syz [ 379.345543][ T24] usb 2-1: Manufacturer: syz [ 379.350158][ T24] usb 2-1: SerialNumber: syz [ 379.357472][ T24] usb 2-1: config 0 descriptor?? [ 379.365875][ T24] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 379.366798][ T5902] usb 4-1: new high-speed USB device number 71 using dummy_hcd [ 379.427124][ T5902] usb 4-1: device descriptor read/8, error -71 [ 379.525558][T11522] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1941'. [ 379.624906][T11525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 379.639028][T11525] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 379.650415][T11525] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 379.665054][T11525] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 379.683020][ T5902] usb 4-1: new high-speed USB device number 72 using dummy_hcd [ 379.715647][ T5902] usb 4-1: device descriptor read/8, error -71 [ 379.823512][ T5902] usb usb4-port1: unable to enumerate USB device [ 380.002294][ T24] gspca_ov534_9: reg_w failed -71 [ 380.225622][T11533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 380.238265][T11533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 380.250869][T11533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 380.261225][T11533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 380.273225][ T5879] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 380.303233][ T24] gspca_ov534_9: Unknown sensor 0000 [ 380.303334][ T24] ov534_9 2-1:0.0: probe with driver ov534_9 failed with error -22 [ 380.326305][ T24] usb 2-1: USB disconnect, device number 74 [ 380.424999][ T5879] usb 3-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 380.434394][ T5879] usb 3-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 380.444814][ T5879] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 380.453925][ T5879] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 380.465258][ T5879] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 380.478302][ T5879] usb 3-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 380.487499][ T5879] usb 3-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 380.495538][ T5879] usb 3-1: Product: syz [ 380.499803][ T5879] usb 3-1: Manufacturer: syz [ 380.509761][ T5879] cdc_wdm 3-1:1.0: skipping garbage [ 380.515177][ T5879] cdc_wdm 3-1:1.0: skipping garbage [ 380.521706][ T5879] cdc_wdm 3-1:1.0: cdc-wdm0: USB WDM device [ 380.527795][ T5879] cdc_wdm 3-1:1.0: Unknown control protocol [ 380.720481][T11538] QAT: Invalid ioctl -2145626081 [ 381.164156][T11547] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 381.182565][T11547] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 382.002982][ T24] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 382.137162][T11562] netlink: 'syz.3.1956': attribute type 1 has an invalid length. [ 382.163160][ T24] usb 2-1: Using ep0 maxpacket: 16 [ 382.178086][ T24] usb 2-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 382.197113][ T24] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 382.224555][ T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 382.245617][ T24] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 382.256000][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.272071][ T24] usb 2-1: Product: 艔ث盀燠꣔噵阍삠밂ቮ㢌袖뤂뱸䗤쬸標 [ 382.292036][ T24] usb 2-1: Manufacturer: ࠚ [ 382.296772][ T24] usb 2-1: SerialNumber: 钒ఘ讐컻㓼ꔀ뾌芪鵓䷹᧠䠔눙誁ݶ垛䜖ਵ㜾ᛒ䒦ヲ︴拎᫿믄혵垌˿໪軍仺恽ぎ䰥긞뵷萕㊥굪ꠐ鬋迴쓎寮漵루筧뵁뱙⏳駳⭒춱툼룪䐭嶂汇ꜛフ줓猾Ѐྑ騱믄ﰖ魰ⱆࣲ㙂穑䁡覇㦑磛띄墿던₝ゐꃚ远涀‟螆彊ऽ焆Ꙫ筋⨳˞ן櫣쑶袍⩺ᶂ吵憰䌕ཀ팺헧恥 [ 382.413216][ T5879] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 382.451697][T11566] ip6tnl0: entered promiscuous mode [ 382.578426][T11565] ip6tnl0: left promiscuous mode [ 382.585632][ T5879] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 382.609501][ T5879] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 382.629606][ T5879] usb 4-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 382.643070][ T5879] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 382.662937][ T5879] usb 4-1: SerialNumber: syz [ 382.690176][T11571] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 382.699011][T11571] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 382.804118][ T24] usb 2-1: 0:2 : does not exist [ 382.826499][ T24] usb 2-1: USB disconnect, device number 75 [ 382.896654][ T5879] usb 4-1: 0:2 : does not exist [ 382.929162][ T5879] usb 4-1: USB disconnect, device number 73 [ 383.026199][ T5821] udevd[5821]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 383.082400][ C0] cdc_wdm 3-1:1.0: nonzero urb status received: -71 [ 383.082760][ T24] usb 3-1: USB disconnect, device number 64 [ 383.089011][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - 0 bytes [ 383.089032][ C0] cdc_wdm 3-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 383.117639][ T5835] udevd[5835]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 383.199719][T11573] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1960'. [ 383.330135][T11576] FAULT_INJECTION: forcing a failure. [ 383.330135][T11576] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 383.344673][T11576] CPU: 1 UID: 0 PID: 11576 Comm: syz.4.1961 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 383.344697][T11576] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 383.344708][T11576] Call Trace: [ 383.344715][T11576] [ 383.344723][T11576] dump_stack_lvl+0x189/0x250 [ 383.344749][T11576] ? __lock_acquire+0xaac/0xd20 [ 383.344774][T11576] ? __pfx_dump_stack_lvl+0x10/0x10 [ 383.344796][T11576] ? __pfx__printk+0x10/0x10 [ 383.344822][T11576] ? __might_fault+0xb0/0x130 [ 383.344853][T11576] should_fail_ex+0x414/0x560 [ 383.344882][T11576] _copy_from_user+0x2d/0xb0 [ 383.344903][T11576] get_compat_msghdr+0xad/0x4a0 [ 383.344926][T11576] ? __pfx_get_compat_msghdr+0x10/0x10 [ 383.344952][T11576] ? rcu_is_watching+0x15/0xb0 [ 383.344975][T11576] ? ___sys_recvmsg+0x1c4/0x510 [ 383.345000][T11576] ___sys_recvmsg+0x17f/0x510 [ 383.345024][T11576] ? __pfx____sys_recvmsg+0x10/0x10 [ 383.345066][T11576] ? __fget_files+0x3a0/0x420 [ 383.345096][T11576] do_recvmmsg+0x36a/0x760 [ 383.345124][T11576] ? __pfx_do_recvmmsg+0x10/0x10 [ 383.345155][T11576] ? __pfx_vfs_write+0x10/0x10 [ 383.345188][T11576] __sys_recvmmsg+0x19d/0x280 [ 383.345209][T11576] ? __pfx___sys_recvmmsg+0x10/0x10 [ 383.345226][T11576] ? ksys_write+0x1f0/0x250 [ 383.345253][T11576] __ia32_compat_sys_recvmmsg_time32+0xbf/0xe0 [ 383.345275][T11576] __do_fast_syscall_32+0xb4/0x110 [ 383.345301][T11576] ? lockdep_hardirqs_on+0x9c/0x150 [ 383.345328][T11576] do_fast_syscall_32+0x34/0x80 [ 383.345345][T11576] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 383.345363][T11576] RIP: 0023:0xf7f15539 [ 383.345377][T11576] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 383.345392][T11576] RSP: 002b:00000000f501555c EFLAGS: 00000206 ORIG_RAX: 0000000000000151 [ 383.345408][T11576] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800000c0 [ 383.345420][T11576] RDX: 0000000000010106 RSI: 0000000000000002 RDI: 0000000000000000 [ 383.345429][T11576] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 383.345438][T11576] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 383.345447][T11576] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 383.345471][T11576] [ 383.968371][T11584] netlink: 'syz.3.1963': attribute type 11 has an invalid length. [ 384.252550][ T24] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 384.868926][T11590] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1965'. [ 384.878268][ T24] usb 3-1: config 0 has no interfaces? [ 384.886386][T11594] netlink: 428 bytes leftover after parsing attributes in process `syz.4.1966'. [ 385.007045][ T24] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 385.016279][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.036530][ T24] usb 3-1: Product: syz [ 385.043000][ T24] usb 3-1: Manufacturer: syz [ 385.050848][ T24] usb 3-1: SerialNumber: syz [ 385.068809][ T24] usb 3-1: config 0 descriptor?? [ 385.150011][T11594] netlink: 32 bytes leftover after parsing attributes in process `syz.4.1966'. [ 385.322485][T11573] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 385.390965][T11605] xt_SECMARK: invalid mode: 0 [ 385.472023][ T58] usb 3-1: USB disconnect, device number 65 [ 385.513622][ T5902] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 385.663002][ T5902] usb 4-1: Using ep0 maxpacket: 16 [ 385.669651][ T5902] usb 4-1: New USB device found, idVendor=0471, idProduct=0327, bcdDevice=61.a4 [ 385.679230][ T5902] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 385.690158][ T5902] usb 4-1: config 0 descriptor?? [ 385.698668][ T5902] gspca_main: sonixj-2.14.0 probing 0471:0327 [ 385.769787][T11610] IPVS: set_ctl: invalid protocol: 0 0.0.0.0:2 [ 385.853158][ T24] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 386.005721][ T24] usb 2-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 386.023780][ T24] usb 2-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 386.037434][ T24] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 386.048653][ T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 386.061560][ T24] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 386.076038][ T24] usb 2-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 386.085302][ T24] usb 2-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 386.093509][ T24] usb 2-1: Product: syz [ 386.097811][ T24] usb 2-1: Manufacturer: syz [ 386.103016][ T5902] gspca_sonixj: reg_r err -71 [ 386.112100][ T5902] sonixj 4-1:0.0: probe with driver sonixj failed with error -71 [ 386.113904][ T24] cdc_wdm 2-1:1.0: skipping garbage [ 386.128075][ T24] cdc_wdm 2-1:1.0: skipping garbage [ 386.137127][ T24] cdc_wdm 2-1:1.0: cdc-wdm0: USB WDM device [ 386.142304][ T5902] usb 4-1: USB disconnect, device number 74 [ 386.143276][ T24] cdc_wdm 2-1:1.0: Unknown control protocol [ 386.156501][ T5821] udevd[5821]: setting mode of /dev/bus/usb/004/074 to 020664 failed: No such file or directory [ 386.167226][ T5821] udevd[5821]: setting owner of /dev/bus/usb/004/074 to uid=0, gid=0 failed: No such file or directory [ 386.293077][ T5880] usb 3-1: new full-speed USB device number 66 using dummy_hcd [ 386.444321][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 386.455543][ T5880] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 386.465787][ T5880] usb 3-1: New USB device found, idVendor=054c, idProduct=0268, bcdDevice= 0.00 [ 386.476192][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 386.486994][ T5880] usb 3-1: config 0 descriptor?? [ 386.818538][T11616] sch_tbf: burst 0 is lower than device lo mtu (65550) ! [ 386.902754][T11633] loop8: detected capacity change from 0 to 8 [ 386.916561][T11633] Dev loop8: unable to read RDB block 8 [ 386.922159][T11633] loop8: unable to read partition table [ 386.931242][T11633] loop8: partition table beyond EOD, truncated [ 386.938179][T11633] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 387.018189][T11637] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1981'. [ 387.032365][ T5880] sony 0003:054C:0268.0013: invalid report_size 941435860 [ 387.042179][ T5880] sony 0003:054C:0268.0013: item 0 4 1 7 parsing failed [ 387.051242][ T5880] sony 0003:054C:0268.0013: parse failed [ 387.060571][ T5880] sony 0003:054C:0268.0013: probe with driver sony failed with error -22 [ 387.238736][T11645] raw_sendmsg: syz.3.1985 forgot to set AF_INET. Fix it! [ 387.246673][T11645] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1985'. [ 387.615619][ T24] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 387.783126][ T24] usb 4-1: Using ep0 maxpacket: 16 [ 387.797629][ T24] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice= 7.79 [ 387.807012][ T24] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 387.818650][ T24] usb 4-1: Product: syz [ 387.823557][ T24] usb 4-1: Manufacturer: syz [ 387.828190][ T24] usb 4-1: SerialNumber: syz [ 387.835809][ T24] usb 4-1: config 0 descriptor?? [ 388.044274][ T24] usb 4-1: Limiting number of CPorts to U8_MAX [ 388.054058][ T24] usb 4-1: Not enough endpoints found in device, aborting! [ 388.258673][ T24] usb 4-1: USB disconnect, device number 75 [ 388.689278][ C0] cdc_wdm 2-1:1.0: nonzero urb status received: -71 [ 388.693464][ T24] usb 2-1: USB disconnect, device number 76 [ 388.695910][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - 0 bytes [ 388.707861][ C0] cdc_wdm 2-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 389.184455][ T5887] usb 3-1: USB disconnect, device number 66 [ 389.883817][ T58] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 390.045871][ T58] usb 2-1: config 17 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 390.061019][ T58] usb 2-1: New USB device found, idVendor=0458, idProduct=5003, bcdDevice= 0.00 [ 390.073001][ T58] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 390.075614][ T5887] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 390.092143][ T58] aiptek 2-1:17.0: interface has no int in endpoints, but must have minimum 1 [ 390.256408][ T5887] usb 4-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 390.271945][ T5887] usb 4-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 390.294217][ T5887] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 390.303795][ T5887] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 390.315637][ T5887] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 390.329495][ T5887] usb 4-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 390.364636][T11691] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 390.374889][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 390.383647][T11691] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 390.428578][ T5887] usb 4-1: Product: syz [ 390.436482][ T5887] usb 4-1: Manufacturer: syz [ 390.450604][ T5887] cdc_wdm 4-1:1.0: skipping garbage [ 390.456149][ T5887] cdc_wdm 4-1:1.0: skipping garbage [ 390.462627][ T5887] cdc_wdm 4-1:1.0: cdc-wdm0: USB WDM device [ 390.469113][ T5887] cdc_wdm 4-1:1.0: Unknown control protocol [ 391.328409][ T30] kauditd_printk_skb: 155 callbacks suppressed [ 391.328426][ T30] audit: type=1326 audit(1745654357.226:1333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11709 comm="syz.4.2007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 391.416796][ T30] audit: type=1326 audit(1745654357.266:1334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11709 comm="syz.4.2007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 391.443197][ T30] audit: type=1326 audit(1745654357.266:1335): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11709 comm="syz.4.2007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=80 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 391.469356][ T30] audit: type=1326 audit(1745654357.266:1336): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11709 comm="syz.4.2007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 391.502366][ T30] audit: type=1326 audit(1745654357.266:1337): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11709 comm="syz.4.2007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 391.567146][ T30] audit: type=1326 audit(1745654357.266:1338): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11709 comm="syz.4.2007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=444 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 391.617494][ T30] audit: type=1326 audit(1745654357.266:1339): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11709 comm="syz.4.2007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 391.645063][ T30] audit: type=1326 audit(1745654357.266:1340): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11709 comm="syz.4.2007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 391.674691][ T30] audit: type=1326 audit(1745654357.266:1341): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11709 comm="syz.4.2007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=446 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 391.701031][ T30] audit: type=1326 audit(1745654357.266:1342): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11709 comm="syz.4.2007" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7f15539 code=0x7ffc0000 [ 393.054348][ C1] cdc_wdm 4-1:1.0: nonzero urb status received: -71 [ 393.060995][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - 0 bytes [ 393.063398][ T5887] usb 4-1: USB disconnect, device number 76 [ 393.067067][ C1] cdc_wdm 4-1:1.0: wdm_int_callback - usb_submit_urb failed with result -19 [ 393.183100][ T5880] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 393.235126][ T31] INFO: task udevd:5841 blocked for more than 143 seconds. [ 393.242992][ T31] Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 [ 393.250883][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 393.316602][ T31] task:udevd state:D stack:25624 pid:5841 tgid:5841 ppid:5199 task_flags:0x400140 flags:0x00004002 [ 393.328718][ T31] Call Trace: [ 393.332084][ T31] [ 393.335131][ T31] __schedule+0x16e2/0x4cd0 [ 393.339791][ T31] ? schedule+0x165/0x360 [ 393.344285][ T31] ? __pfx___schedule+0x10/0x10 [ 393.349245][ T31] ? schedule+0x91/0x360 [ 393.353638][ T31] schedule+0x165/0x360 [ 393.357900][ T31] schedule_preempt_disabled+0x13/0x30 [ 393.364650][ T31] __mutex_lock+0x724/0xe80 [ 393.369255][ T31] ? __mutex_lock+0x51b/0xe80 [ 393.376099][ T31] ? uevent_show+0x174/0x330 [ 393.380803][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 393.384404][ T5880] usb 3-1: Using ep0 maxpacket: 16 [ 393.385957][ T31] ? __kasan_kmalloc+0x93/0xb0 [ 393.396058][ T31] ? __kmalloc_cache_noprof+0x230/0x3d0 [ 393.401995][ T31] ? uevent_show+0x15a/0x330 [ 393.406887][ T31] uevent_show+0x174/0x330 [ 393.407279][ T5880] usb 3-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 393.411539][ T31] dev_attr_show+0x55/0xc0 [ 393.430401][ T31] ? __pfx_dev_attr_show+0x10/0x10 [ 393.435794][ T31] sysfs_kf_seq_show+0x30d/0x490 [ 393.440864][ T31] seq_read_iter+0x4e7/0xe10 [ 393.449409][ T5880] usb 3-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 393.449434][ T31] vfs_read+0x4cd/0x980 [ 393.469692][ T31] ? __pfx_vfs_read+0x10/0x10 [ 393.477517][ T5880] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 393.477547][ T31] ? __rseq_handle_notify_resume+0x37e/0x11f0 [ 393.497266][ T31] ksys_read+0x145/0x250 [ 393.501615][ T31] ? rcu_is_watching+0x15/0xb0 [ 393.502935][ T5887] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 393.506745][ T31] ? __pfx_ksys_read+0x10/0x10 [ 393.518957][ T31] ? do_syscall_64+0xba/0x210 [ 393.527548][ T31] do_syscall_64+0xf6/0x210 [ 393.534128][ T31] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 393.542598][ T31] ? clear_bhb_loop+0x45/0xa0 [ 393.550380][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 393.557877][ T31] RIP: 0033:0x7f13bd516b6a [ 393.562744][ T31] RSP: 002b:00007ffc8c2e76f8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 393.576134][ T31] RAX: ffffffffffffffda RBX: 000055973aa69b50 RCX: 00007f13bd516b6a [ 393.576196][ T5880] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 393.586553][ T31] RDX: 0000000000001000 RSI: 000055973aa6c700 RDI: 0000000000000008 [ 393.601488][ T31] RBP: 000055973aa69b50 R08: 0000000000000008 R09: 0000000000000008 [ 393.612871][ T5880] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.621028][ T5880] usb 3-1: Product: 艔ث盀燠꣔噵阍삠밂ቮ㢌袖뤂뱸䗤쬸標 [ 393.632115][ T5880] usb 3-1: Manufacturer: ࠚ [ 393.637700][ T5880] usb 3-1: SerialNumber: 钒ఘ讐컻㓼ꔀ뾌芪鵓䷹᧠䠔눙誁ݶ垛䜖ਵ㜾ᛒ䒦ヲ︴拎᫿믄혵垌˿໪軍仺恽ぎ䰥긞뵷萕㊥굪ꠐ鬋迴쓎寮漵루筧뵁뱙⏳駳⭒춱툼룪䐭嶂汇ꜛフ줓猾Ѐྑ騱믄ﰖ魰ⱆࣲ㙂穑䁡覇㦑磛띄墿던₝ゐꃚ远涀‟螆彊ऽ焆Ꙫ筋⨳˞ן櫣쑶袍⩺ᶂ吵憰䌕ཀ팺헧恥 [ 393.647019][ T31] R10: 000000000000010f R11: 0000000000000246 R12: 0000000000000000 [ 393.683777][ T31] R13: 0000000000003fff R14: 00007ffc8c2e7bd8 R15: 000000000000000a [ 393.691804][ T31] [ 393.697237][ T31] [ 393.697237][ T31] Showing all locks held in the system: [ 393.706819][ T31] 5 locks held by kworker/0:1/10: [ 393.711862][ T31] #0: ffff8881452ee548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 393.715647][ T5887] usb 4-1: Using ep0 maxpacket: 32 [ 393.731069][ T5887] usb 4-1: config 0 has an invalid interface number: 35 but max is 0 [ 393.739711][ T5887] usb 4-1: config 0 has no interface number 0 [ 393.745830][ T31] #1: ffffc900000f7c60 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 393.745893][ T31] #2: ffff88802766b198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 393.745944][ T31] #3: ffff88805cf6c198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 393.745992][ T31] #4: ffff888059ad1160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 393.764807][ T5887] usb 4-1: New USB device found, idVendor=10c4, idProduct=818a, bcdDevice=7d.8f [ 393.771816][ T5879] usb 2-1: USB disconnect, device number 77 [ 393.780181][ T5887] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.813149][ T5887] usb 4-1: Product: syz [ 393.817441][ T5887] usb 4-1: Manufacturer: syz [ 393.822134][ T5887] usb 4-1: SerialNumber: syz [ 393.830779][ T31] 3 locks held by kworker/u8:1/13: [ 393.835269][ T5887] usb 4-1: config 0 descriptor?? [ 393.855253][ T31] #0: ffff8880b8839b58 (&rq->__lock){-.-.}-{2:2}, at: raw_spin_rq_lock_nested+0xad/0x140 [ 393.855381][ T5887] radio-si470x 4-1:0.35: could not find interrupt in endpoint [ 393.867957][ T31] #1: ffff8880b8923b08 (&per_cpu_ptr(group->pcpu, cpu)->seq){-.-.}-{0:0}, at: psi_task_switch+0x39e/0x6d0 [ 393.877197][ T5887] radio-si470x 4-1:0.35: probe with driver radio-si470x failed with error -5 [ 393.886903][ T31] #2: ffffffff8df3b8c0 (rcu_read_lock_bh){....}-{1:3}, at: mod_peer_timer+0x21/0x260 [ 393.904225][ T31] 1 lock held by khungtaskd/31: [ 393.909371][ T31] #0: ffffffff8df3b860 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x2e/0x180 [ 393.919419][ T31] 7 locks held by kworker/u8:6/3450: [ 393.925799][ T31] 2 locks held by getty/5577: [ 393.930608][ T31] #0: ffff8880325480a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x25/0x70 [ 393.940564][ T31] #1: ffffc9000333b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x43e/0x1400 [ 393.951020][ T31] 4 locks held by udevd/5821: [ 393.955788][ T31] #0: ffff88805904ac30 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 [ 393.964954][ T31] #1: ffff888058d43888 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0 [ 393.974435][ T31] #2: ffff888026e99968 (kn->active#5){++++}-{0:0}, at: kernfs_seq_start+0x75/0x3c0 [ 393.984045][ T31] #3: ffff888011ccc198 (&dev->mutex){....}-{4:4}, at: uevent_show+0x174/0x330 [ 393.993094][ T31] 4 locks held by udevd/5841: [ 393.997852][ T31] #0: ffff88802cb39c30 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 [ 394.007537][ T31] #1: ffff888028397488 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0 [ 394.017012][ T31] #2: ffff88802fa334b8 (kn->active#5){++++}-{0:0}, at: kernfs_seq_start+0x75/0x3c0 [ 394.026542][ T31] #3: ffff88805cf6c198 (&dev->mutex){....}-{4:4}, at: uevent_show+0x174/0x330 [ 394.039680][ T31] 6 locks held by kworker/0:4/5880: [ 394.046744][ T31] #0: ffff8881452ee548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 394.047823][ T5887] radio-raremono 4-1:0.35: Thanko's Raremono connected: (10C4:818A) [ 394.058125][ T31] #1: ffffc9000489fc60 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 394.058184][ T31] #2: ffff888145f1b198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 394.089373][ T31] #3: ffff888011ccc198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 394.098961][ T31] #4: ffff888056de0160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 394.108417][ T31] #5: ffffffff8f2814a8 (register_mutex#6){+.+.}-{4:4}, at: usb_audio_probe+0x390/0x1dc0 [ 394.118854][ T31] 5 locks held by kworker/0:5/5887: [ 394.124412][ T31] #0: ffff8881452ee548 ((wq_completion)usb_hub_wq){+.+.}-{0:0}, at: process_scheduled_works+0x9b1/0x17a0 [ 394.136531][ T31] #1: ffffc900048ffc60 ((work_completion)(&hub->events)){+.+.}-{0:0}, at: process_scheduled_works+0x9ec/0x17a0 [ 394.148754][ T5880] usb 3-1: 0:2 : does not exist [ 394.156546][ T31] #2: ffff88802760b198 (&dev->mutex){....}-{4:4}, at: hub_event+0x184/0x4a00 [ 394.172311][ T5880] usb 3-1: USB disconnect, device number 67 [ 394.184219][ T31] #3: ffff88805a941198 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 394.203353][ T31] #4: ffff88805894f160 (&dev->mutex){....}-{4:4}, at: __device_attach+0x88/0x400 [ 394.212753][ T31] 4 locks held by udevd/7005: [ 394.219617][ T31] #0: ffff888053fdd540 (&p->lock){+.+.}-{4:4}, at: seq_read_iter+0xb7/0xe10 [ 394.229295][ T31] #1: ffff8880203f3488 (&of->mutex#2){+.+.}-{4:4}, at: kernfs_seq_start+0x55/0x3c0 [ 394.238907][ T31] #2: ffff88805cc63b48 (kn->active#5){++++}-{0:0}, at: kernfs_seq_start+0x75/0x3c0 [ 394.248451][ T31] #3: ffff88805a941198 (&dev->mutex){....}-{4:4}, at: uevent_show+0x174/0x330 [ 394.257539][ T31] [ 394.259890][ T31] ============================================= [ 394.259890][ T31] [ 394.268882][ T31] NMI backtrace for cpu 0 [ 394.268896][ T31] CPU: 0 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 394.268916][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 394.268926][ T31] Call Trace: [ 394.268936][ T31] [ 394.268944][ T31] dump_stack_lvl+0x189/0x250 [ 394.268968][ T31] ? __wake_up_klogd+0xd9/0x110 [ 394.268988][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 394.269010][ T31] ? __pfx__printk+0x10/0x10 [ 394.269039][ T31] nmi_cpu_backtrace+0x39e/0x3d0 [ 394.269064][ T31] ? __pfx_nmi_cpu_backtrace+0x10/0x10 [ 394.269082][ T31] ? _printk+0xcf/0x120 [ 394.269103][ T31] ? __pfx__printk+0x10/0x10 [ 394.269120][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 394.269140][ T31] nmi_trigger_cpumask_backtrace+0x17a/0x300 [ 394.269164][ T31] watchdog+0xfee/0x1030 [ 394.269187][ T31] ? watchdog+0x1de/0x1030 [ 394.269214][ T31] kthread+0x70e/0x8a0 [ 394.269237][ T31] ? __pfx_watchdog+0x10/0x10 [ 394.269256][ T31] ? __pfx_kthread+0x10/0x10 [ 394.269275][ T31] ? __pfx_kthread+0x10/0x10 [ 394.269293][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 394.269315][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 394.269347][ T31] ? __pfx_kthread+0x10/0x10 [ 394.269364][ T31] ret_from_fork+0x4b/0x80 [ 394.269380][ T31] ? __pfx_kthread+0x10/0x10 [ 394.269398][ T31] ret_from_fork_asm+0x1a/0x30 [ 394.269427][ T31] [ 394.269457][ T31] Sending NMI from CPU 0 to CPUs 1: [ 394.417924][ C1] NMI backtrace for cpu 1 [ 394.417940][ C1] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 394.417960][ C1] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 394.417970][ C1] RIP: 0010:pv_native_safe_halt+0x13/0x20 [ 394.418001][ C1] Code: cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d 43 cb 12 00 f3 0f 1e fa fb f4 cc cc cc cc cc cc cc cc cc cc cc cc 90 90 90 90 90 90 90 90 90 [ 394.418016][ C1] RSP: 0018:ffffc90000197de0 EFLAGS: 000002c6 [ 394.418032][ C1] RAX: 9907c89b6028cb00 RBX: ffffffff81973d78 RCX: 9907c89b6028cb00 [ 394.418045][ C1] RDX: 0000000000000001 RSI: ffffffff8d748227 RDI: ffffffff8bc1c820 [ 394.418057][ C1] RBP: ffffc90000197f20 R08: ffff8880b8932b5b R09: 1ffff1101712656b [ 394.418069][ C1] R10: dffffc0000000000 R11: ffffed101712656c R12: ffffffff8f7ebf70 [ 394.418082][ C1] R13: 0000000000000001 R14: 0000000000000001 R15: 1ffff110038dbb40 [ 394.418093][ C1] FS: 0000000000000000(0000) GS:ffff8881261cf000(0000) knlGS:0000000000000000 [ 394.418106][ C1] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 394.418118][ C1] CR2: 000000000c408c89 CR3: 0000000079e4c000 CR4: 00000000003526f0 [ 394.418133][ C1] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 394.418143][ C1] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 394.418154][ C1] Call Trace: [ 394.418160][ C1] [ 394.418167][ C1] default_idle+0x13/0x20 [ 394.418183][ C1] default_idle_call+0x74/0xb0 [ 394.418201][ C1] do_idle+0x1e8/0x510 [ 394.418219][ C1] ? __pfx_do_idle+0x10/0x10 [ 394.418239][ C1] ? do_idle+0xa/0x510 [ 394.418253][ C1] cpu_startup_entry+0x44/0x60 [ 394.418267][ C1] start_secondary+0x101/0x110 [ 394.418282][ C1] common_startup_64+0x13e/0x147 [ 394.418312][ C1] [ 394.418967][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 394.607434][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Not tainted 6.15.0-rc3-syzkaller-00094-g02ddfb981de8 #0 PREEMPT(full) [ 394.619247][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 04/19/2025 [ 394.629301][ T31] Call Trace: [ 394.632573][ T31] [ 394.635496][ T31] dump_stack_lvl+0x99/0x250 [ 394.640103][ T31] ? __asan_memcpy+0x40/0x70 [ 394.644687][ T31] ? __pfx_dump_stack_lvl+0x10/0x10 [ 394.649880][ T31] ? __pfx__printk+0x10/0x10 [ 394.654474][ T31] panic+0x2db/0x790 [ 394.658377][ T31] ? __pfx_panic+0x10/0x10 [ 394.662790][ T31] ? nmi_backtrace_stall_check+0x433/0x440 [ 394.668600][ T31] ? preempt_schedule_thunk+0x16/0x30 [ 394.673966][ T31] ? nmi_trigger_cpumask_backtrace+0x2b6/0x300 [ 394.680117][ T31] watchdog+0x102d/0x1030 [ 394.684455][ T31] ? watchdog+0x1de/0x1030 [ 394.688875][ T31] kthread+0x70e/0x8a0 [ 394.692942][ T31] ? __pfx_watchdog+0x10/0x10 [ 394.697611][ T31] ? __pfx_kthread+0x10/0x10 [ 394.702197][ T31] ? __pfx_kthread+0x10/0x10 [ 394.706779][ T31] ? _raw_spin_unlock_irq+0x23/0x50 [ 394.711973][ T31] ? lockdep_hardirqs_on+0x9c/0x150 [ 394.717171][ T31] ? __pfx_kthread+0x10/0x10 [ 394.721756][ T31] ret_from_fork+0x4b/0x80 [ 394.726168][ T31] ? __pfx_kthread+0x10/0x10 [ 394.730749][ T31] ret_from_fork_asm+0x1a/0x30 [ 394.735522][ T31] [ 394.738772][ T31] Kernel Offset: disabled [ 394.743098][ T31] Rebooting in 86400 seconds..