last executing test programs: 12.543933179s ago: executing program 2 (id=1247): openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/image_size', 0x0, 0x100) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000094ae94405f0520c4336a000000010902120001000000000904"], 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0), 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = socket(0x10, 0x3, 0x6) r2 = socket(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_team(r1, 0x8933, &(0x7f0000000040)={'team0\x00', 0x0}) sendmsg$nl_route_sched(r2, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=@newqdisc={0x3c, 0x24, 0xf0b, 0x20, 0x0, {0x0, 0x0, 0x0, r3, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0xc, 0x2, [@TCA_TAPRIO_ATTR_FLAGS={0x8, 0xa, 0xe}]}}]}, 0x3c}}, 0x20000000) prlimit64(0x0, 0x0, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r6 = socket$inet6(0xa, 0x80003, 0x6) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) socket(0x28, 0x5, 0x0) sendmmsg(r6, &(0x7f0000000480), 0x2e9, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) 11.763468365s ago: executing program 0 (id=1249): mknod(&(0x7f0000000040)='./file0\x00', 0x8001420, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) munmap(&(0x7f00003fe000/0xc00000)=nil, 0xc00000) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x2000, 0x3, &(0x7f00007fe000/0x800000)=nil) open$dir(&(0x7f0000000100)='./file0\x00', 0x149800, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000004280)='./file0\x00', 0x0, 0x0) openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000200)='./cgroup/syz0\x00', 0x200002, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000340), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) getsockopt$inet_sctp6_SCTP_SOCKOPT_PEELOFF(r1, 0x84, 0x66, &(0x7f0000000280)={0x0, 0xb11}, &(0x7f00000002c0)=0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r1, 0x84, 0x75, &(0x7f0000000300)={r4, 0x8}, 0x8) ioctl$KVM_XEN_HVM_CONFIG(r3, 0x4038ae7a, &(0x7f0000000180)={0x2, 0x262, &(0x7f0000000040), 0x0}) r5 = syz_io_uring_setup(0x112, &(0x7f0000000140)={0x0, 0x24089, 0x80, 0x3}, &(0x7f0000000240)=0x0, &(0x7f0000000040)=0x0) r8 = socket(0xa, 0x3, 0x1) r9 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xa, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fc00100}]}) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r9, 0xc0502100, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r9, 0xc0502100, &(0x7f00000003c0)={0x0}) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r9, 0x40182103, &(0x7f0000000240)={r10, 0x0, r9}) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='svc_unregister\x00', r1, 0x0, 0x2}, 0x18) getsockopt(r8, 0xff, 0x0, 0x0, &(0x7f0000000040)) r11 = socket$rds(0x15, 0x5, 0x0) getsockopt$sock_int(r11, 0x1, 0x2c, 0x0, &(0x7f0000000e40)) syz_io_uring_submit(r6, r7, &(0x7f00000000c0)=@IORING_OP_OPENAT={0x12, 0x8, 0x0, 0xffffffffffffff9c, 0x0, &(0x7f00000001c0)='./file0\x00', 0x83, 0x4882, 0x23456}) io_uring_enter(r5, 0x615b, 0xfd0b, 0x0, 0x0, 0x0) 9.979857191s ago: executing program 0 (id=1255): openat$sysfs(0xffffffffffffff9c, &(0x7f0000000000)='/sys/power/image_size', 0x0, 0x100) syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000094ae94405f0520c4336a000000010902120001000000000904"], 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r0, 0x84, 0x81, &(0x7f0000000280)="1a00000002000000", 0x8) setsockopt$inet_sctp6_SCTP_AUTH_CHUNK(r0, 0x84, 0x15, &(0x7f00000000c0), 0x1) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, 0x0, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) socket$inet6(0xa, 0x80003, 0x6) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$l2tp(&(0x7f0000000440), 0xffffffffffffffff) r3 = socket(0x28, 0x5, 0x0) getsockopt$kcm_KCM_RECV_DISABLE(r3, 0x28, 0x1, 0x0, 0x20000009) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000000)=[@in6={0xa, 0x4e23, 0x401, @loopback}], 0x1c) sendto$inet6(r0, &(0x7f0000000080)="b1", 0x1, 0x400c0d4, &(0x7f0000000140)={0xa, 0x4e23, 0x0, @loopback, 0xffffffff}, 0x1c) writev(r0, &(0x7f0000000100)=[{&(0x7f0000000180)="c2", 0x1}], 0x1) write$UHID_SET_REPORT_REPLY(r0, &(0x7f00000007c0)=ANY=[], 0xffe0) (fail_nth: 2) 8.723793668s ago: executing program 2 (id=1261): openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa0001, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) syz_io_uring_setup(0x1f85, &(0x7f0000000240)={0x0, 0x7a80, 0x80, 0x2, 0x3b, 0x0, r0}, 0x0, 0x0) socket$inet6(0xa, 0x3, 0x7) syz_open_dev$video4linux(&(0x7f0000000340), 0x92e5, 0x80) socket$netlink(0x10, 0x3, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x60c002, 0x0) openat$uinput(0xffffff9c, &(0x7f0000000100), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x143842, 0x0) socket$nl_generic(0x10, 0x3, 0x10) landlock_create_ruleset(&(0x7f00000000c0)={0x4102}, 0x18, 0x0) openat$yama_ptrace_scope(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0) r1 = syz_io_uring_setup(0x162d, &(0x7f0000000200)={0x0, 0x707b, 0x0, 0x3, 0x288}, 0x0, 0x0) io_uring_setup(0x3ca9, &(0x7f00000000c0)={0x0, 0xc63b, 0x2, 0xfffffffc, 0x40003, 0x0, r1}) openat$khugepaged_scan(0xffffff9c, &(0x7f00000002c0), 0x1, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x8a080, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64, @ANYRES64=0x0, @ANYRESHEX], 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32=r2], 0x20) 7.970876236s ago: executing program 1 (id=1264): socket$inet_smc(0x2b, 0x1, 0x0) socket$nl_xfrm(0x10, 0x3, 0x6) socket$inet(0xa, 0x801, 0x100) socket$inet_smc(0x2b, 0x1, 0x0) socket$nl_route(0x10, 0x3, 0x0) fsopen(&(0x7f0000000000)='jfs\x00', 0x0) socket$nl_route(0x10, 0x3, 0x0) socket(0x1, 0x803, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) unshare(0x6a040000) mmap(&(0x7f00002ad000/0xc00000)=nil, 0xc00000, 0x3, 0x8031, 0xffffffffffffffff, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = gettid() sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000005f00)=ANY=[@ANYBLOB="2800000010000100000000f0ffffff0000000000", @ANYRES32=r0, @ANYBLOB="6d3082610000000008001300", @ANYRES32=r2], 0x28}, 0x1, 0x0, 0x0, 0x4000004}, 0x0) 6.29136945s ago: executing program 1 (id=1266): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = syz_usb_connect(0x0, 0x24, &(0x7f0000000300)=ANY=[@ANYBLOB="120100001517ee40f00a057a0000010203010902120001000000000904000000ff"], 0x0) syz_usb_control_io$uac1(r1, 0x0, &(0x7f0000000cc0)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="400f1100000007"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) sendmsg$nl_route(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000340)=ANY=[@ANYBLOB="5c01000013000100000000000000030000000000", @ANYRES32=0x0, @ANYBLOB='\x00\x00\x00\x00\x00\x00\x00\x00\b\x00\n\x00', @ANYRES32=0x0, @ANYBLOB="050027000000000008008500", @ANYRES32=0x0, @ANYBLOB="140003006d6163766c616e31000000000000000008000a00", @ANYRES32=0x0, @ANYBLOB="e8001a8048000a8014000700ff"], 0x15c}}, 0x0) 5.583006514s ago: executing program 4 (id=1270): unshare(0x24060400) r0 = fsopen(&(0x7f0000000180)='ramfs\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x1, 0x18) symlinkat(&(0x7f0000000000)='.\x00', r1, &(0x7f0000000140)='./file0\x00') openat2(r1, &(0x7f00000003c0)='./file0/../file0\x00', &(0x7f0000000380)={0x100, 0x0, 0x8}, 0x18) (fail_nth: 4) 5.289588736s ago: executing program 4 (id=1271): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000015c0), 0x2, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r3 = mq_open(&(0x7f0000000a00)='eth0\x00#\x13\xaeu\xe0\xfbu0*\xf3\x11i\xdd\xd9\xc6\x87\xde\xbf_\xa0\xf1\xff\xff\xff.\"\xa6\xc0#p\xcd\x1c/\xa6\xf2\xbcyL\x85a\xb5\xbb~+>\xbc\x93\xf8\xab\x9a3\x85l\x1d\x15\x11\x1a{@!2\xb6!\xae\xf79k\x90\x88\v8I$\xfdQ\x1d\x90=r\xd8\xc0\xd8\t/\x8dv\xd3\xa7\xd8J\xfd\x94#KT$A=z\xee\xbd/X\xbemOX)s\x94\xde\xbe_\x88N\xb8\xde\xeb)\xcd\xc56m\n\v\x01\xbe\xeb\xbb\x91\x11z\xc2|d\x1b\x04\xd2\xf9yx\xb2\x1b\bLTrw\x88|0\t\xc6\xe2\x9c\xed\\\xd8[\xc8\x04 \xf3\xac]V\x1d:\xfc\xc3\x9e\x02\ax\xef\xfe\x1c.TT\xcf\xbf\xf5\x80a%\xdcQ\xb3CuT\xcc\x02\xea\x91\xe8y\xe6!\x89\x9c\xd1\xa6\x167\x8avs\xb2\a\xfe\xc1j*\xad\x18I\xcc\xe9\xaa{]\xef\xb7\xf2\xee*\xf95\bJt\xd0s\xc4\xaa\xc8\x13~\xb2\xf20\xbdf\xdb\xaeG\xe3\xfb\xef\x94\xef:Q\x1b\xe3\xa3\xa4}\xef`e\xcdL\xab\xd2\xcb\xd5_\xdc\x05c\x10\xbcnf\x89\x1cj\xdb\r\xf2y\x9fg1\xf4\t\x18i/!\x13\xf1,\x8cu\xaa\xbf~)\x94\x1b2\x93\x86\xe7\x9a\xf2j\xa8\x96\xa6\xa2\xfcN\x81\xafTh\xb3\x1bo:\xe8\vp7S\xe4H\xf3L\xa0\x9c\xa7B\x12\x10\x9d\xaa\x7fq\x06\xb9(\xd1\xb0\x83\xb1[\x84\x10aF\x9b\xda\xeb\xc4*\x02q\xb2\x92\x00\x8cv\xac AN\xb9\xaa\xe0\x9d\x97Te\x81\x98L\xfe\x97+u\xd3^\xb1\xf0\xe0\x1f\xbd\a\xbb\xe5\x18\x9ds\x12ha\x00\xeb\x84\x99\xc6\x0f\xf1\xd5LD\xa87\xa0DQ\x8a2\x16!8,\xbc%$\xf1\xf2\xd6\x9cy\xecK\xda\xc5\xdc\xfa\xdd\xf6\b\xc6\xb4\x14\x16\x9c\x7f\x92\x85\xb0\xa2%:\xf0\xf4\x150\xf0\xb3\xa6d\xb4\xe4L\x19W\xd5\x90\xf7l\x1b\xfe\xde\vh\x97=m\x82.\xac\vh\xfe\x84Q}\x838/\x83\xebP\xbe\xd6+:\xceE\\\x95\xd4\xac\x92\x87\xd7\x98\x97\xe3\xec\xad\xd5\xac\x80C\x84R\x88r^g\xbaQ(\x9a>\xe2\xba\xa8=\x17\f04\x8f\x1f\xf2\x88*@v\xe7\xd1\xee\xb3\x02\x00\x00\x00\x00\x00\x00\x00:hzW6s)x\x06\xae\x11\xf2\x1e\xcd\v\xe5L\x19\x96s\xbc\x9e\xf4\x10$\r\xa4\xd8\xa2\xa2\xfcM\xc5R3~$\xc0\xa5f\x9a W\xb1e\xcc<$\xdf\x15\f]\x15\xf5#G\xce\xaf\x88U\xfa\x80\xf24\xf6\xb5\xef\xe2z\xcf\x9eN\x92\xac\x81{\xe6\xbd\xd7\x16\xe6F\xe2\x9e\x91%\x94\v\xb9\xdc\xd6\x87\x8f\xcd\xc1\xb05\x81\x81\xf8\xe9X\xe8Kt9@\xf4\xe1\xa6=\xc9\xe1:p4\nP[f\x1d\xfd\xfa\x839\x8d\x0e\xd1\xf9\xa0\xd2^E\xe5\xedo.\xaa\xf2\xb4\xcdn\x14\f\xcd\x83_yk\xda\xc5\x89\xf0Z\xea\x1d\xbd\xc00\v\xa3\xb3\xbe\xe6\x8b\x18/\xa8\xaaY\xf2\x89\x0f\x9enOOr\x00\xb2\x01\x1f:Z\xb8\xee;\xe3;\x8aPV\xce\xee\xf8[\x16\n\xe6:z\xb8\x1dvk\a{\xc1\x14\xd9+\xdb\t\x11\x90y\xe8\\\xe6\xfc\xca\xb4\xcbC\xd6\xd0\xbeC\xce\xc0L\xdb\xcd\xb3\x907c\xb4\xa6\xce\xdb[\xce\x122N\xa3\xc7Q<\x1a\xa5\xb3)\xc5\x98\x84\x8a\x82\x19\xb0\t\xac\x10\\\x8c\xbe\xcb\raIYe[\xa8\xc4\xac\x0e\xbb\x0f\b^\xdag\xe2\xa9\"\xf5h\'\xcf\xd9\x1b\xef\xe3\xe7y\x82\x1e\xca\x7f\x02 \xcf\x9e\xe0\xd9TM\xb9\n\xa9\xad3\x91\xa5\xe6!\xcd\xa2\xa4\x14\x12\xf9\xbf\xa8b\xcec:\xd7\'\f\f\x957\xc9}\r\xa6\xaa\x0f\xca\x96\xeb\x00\x00\x00\x00\x00\x00\xcb\x1b\xf1\xe6\xe2]\xac;\x01\xa7 Z\xc5\x15\x92\a\xc9M\x1eY\x87\xde\xb8\x86\x98\xc4+\xb4\xde\xc8*\x00\xa5\x1a\xbf\xefk3\xe8\xc5\xc1\xe92\x04\xbds\xc9|\x8eT\xf4\xdf[\xb3\xc1\x13\xdey\xcee8\xb0\xbd\xf4K\x82c\xbdh\t', 0x40, 0x1f0, 0x0) mq_timedsend(r3, 0x0, 0x17, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) ioctl$KVM_GET_NESTED_STATE(r2, 0xc080aebe, &(0x7f0000001600)={{0x0, 0x0, 0x80}}) 5.22994325s ago: executing program 2 (id=1272): select(0x0, 0x0, 0x0, &(0x7f0000000180)={0xfffffffffffffffe, 0x0, 0x0, 0x40000000000}, &(0x7f00000001c0)) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, &(0x7f0000000b00)=@raw={'raw\x00', 0x8, 0x3, 0x428, 0xd0, 0xffffffff, 0xffffffff, 0x0, 0xffffffff, 0x358, 0xffffffff, 0xffffffff, 0x358, 0xffffffff, 0x3, 0x0, {[{{@ipv6={@private0, @mcast2, [], [], 'veth0_macvtap\x00', 'dvmrp1\x00'}, 0x0, 0xa8, 0xd0}, @common=@unspec=@NFQUEUE0={0x28}}, {{@ipv6={@remote, @ipv4={'\x00', '\xff\xff', @dev}, [], [], 'wg1\x00', 'gre0\x00'}, 0x0, 0x258, 0x288, 0x0, {}, [@common=@inet=@hashlimit1={{0x58}, {'pim6reg\x00', {0x0, 0x0, 0x5, 0x0, 0x0, 0x7, 0x3ff}}}, @common=@inet=@hashlimit3={{0x158}, {'wg1\x00', {0x3, 0x0, 0x41, 0x0, 0x0, 0x1000, 0x6, 0x3}}}]}, @common=@unspec=@CONNMARK={0x30}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28, '\x00', 0x7}}}}, 0x488) r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r0, &(0x7f0000000080)="b3019c28", 0x4, 0x0, &(0x7f0000000000)={0xa, 0x0, 0x0, @mcast2}, 0x1c) setsockopt$inet6_int(r0, 0x29, 0x31, &(0x7f0000000140)=0x6, 0x4) recvmmsg(r0, &(0x7f0000000d80)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000001400)=""/239, 0xef}, 0x2}], 0xa, 0x10162, 0x0) r1 = socket$inet6_tcp(0xa, 0x1, 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$KVM_CHECK_EXTENSION(r2, 0xae03, 0xa8) r3 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) read$FUSE(r3, &(0x7f00000010c0)={0x2020}, 0x2020) r4 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) r5 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000ac0), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r5, 0xc0285700, &(0x7f0000000200)={0x4, "abacd211119ca94c63377526aeb5ab2c7b9ca5fa07558139ede6dc06270ee042", 0xffffffffffffffff}) ioctl$SW_SYNC_IOC_CREATE_FENCE(r4, 0xc0285700, &(0x7f0000000f40)={0x8, "b546baa5cc590d3033de259c2996817bb959ebab028deda525e19bdeffafde25", 0xffffffffffffffff}) ioctl$SYNC_IOC_MERGE(r6, 0xc0303e03, &(0x7f00000001c0)={"0080bced01eb0100000000000000000700000000000000c900", r7, 0xffffffffffffffff}) poll(&(0x7f0000000100)=[{r8, 0x73be}], 0x1, 0xe446) ioctl$SYNC_IOC_FILE_INFO(r8, 0xc0383e04, &(0x7f00000000c0)={""/32, 0x0, 0x0, 0x0, 0x0, 0x0}) setsockopt$IP6T_SO_SET_REPLACE(r1, 0x29, 0x40, &(0x7f0000000d40)=@raw={'raw\x00', 0x3c1, 0x3, 0x2e8, 0x120, 0x111, 0x4b4, 0x0, 0xd4feffff, 0x218, 0x20a, 0x278, 0x218, 0x278, 0x3, 0x0, {[{{@ipv6={@private2, @empty, [], [], 'veth1\x00', 'team_slave_0\x00', {}, {}, 0x6, 0x0, 0x0, 0x22}, 0x0, 0xf8, 0x120, 0x0, {}, [@inet=@rpfilter={{0x28}}, @common=@inet=@socket2={{0x28}, 0x6}]}, @common=@inet=@TCPMSS={0x28, 'TCPMSS\x00', 0x0, {0xffff}}}, {{@uncond, 0x0, 0xd0, 0xf8, 0x0, {}, [@inet=@rpfilter={{0x28}, {0x4}}]}, @common=@inet=@SYNPROXY={0x28}}], {{'\x00', 0x0, 0xa8, 0xd0}, {0x28}}}}, 0x348) 5.012047549s ago: executing program 0 (id=1273): r0 = syz_open_dev$char_usb(0xc, 0xb4, 0x70) write$char_usb(r0, &(0x7f0000000100)="f7ccc272d701c8e75760e9b88f09e86f60637e9b6da42e3b47e19af4ac2423b7f023ecf8616111b5c81c58eb91a917ab5039b42cb444310807a8d00ed8ca92c62f36f127db54f8b31e0a166ddc5c6d01e2d64335b1103025cb8da8205ba5ac40115bb5d1ae9359f0892002cdf52ad186a8458980fdfd1b", 0x77) r1 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000009e602206d0414c340000000000109022400010400a000090480000103010100093700086ce82201000905815f"], 0x0) syz_usb_control_io$hid(r1, &(0x7f00000001c0)={0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="00020c0000000c0002", @ANYBLOB="4c69414f55033cd673c685411647fd7e"], 0x0, 0x0, 0x0}, 0x0) 4.954932351s ago: executing program 4 (id=1274): r0 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$vhost_msg_v2(r0, &(0x7f0000000140)={0x2, 0x0, {&(0x7f0000000040)=""/79, 0x4f, &(0x7f00000000c0)=""/102, 0x1, 0x2}}, 0x48) r1 = socket$inet_dccp(0x2, 0x6, 0x0) setsockopt$inet_dccp_buf(r1, 0x21, 0xc0, &(0x7f00000001c0), 0x0) timer_create(0x1, &(0x7f0000000200)={0x0, 0x8, 0x4}, &(0x7f0000000240)=0x0) clock_gettime(0x2, &(0x7f0000000280)={0x0, 0x0}) timer_settime(r2, 0x1, &(0x7f00000002c0)={{r3, r4+10000000}, {0x0, 0x3938700}}, &(0x7f0000000300)) fchmod(r0, 0xc2) write$vhost_msg_v2(r0, &(0x7f0000000500)={0x2, 0x0, {&(0x7f0000000340)=""/136, 0x88, &(0x7f0000000400)=""/243, 0x1, 0x2}}, 0x48) r5 = openat$adsp1(0xffffffffffffff9c, &(0x7f0000000580), 0x2, 0x0) ioctl$SOUND_MIXER_READ_DEVMASK(r5, 0x80044dfe, &(0x7f00000005c0)) write$vhost_msg_v2(r0, &(0x7f0000000700)={0x2, 0x0, {&(0x7f0000000600)=""/119, 0x77, &(0x7f0000000680)=""/90, 0x2, 0x1}}, 0x48) r6 = syz_open_dev$sg(&(0x7f0000000780), 0x1, 0x8800) ioctl$SCSI_IOCTL_DOORLOCK(r6, 0x5380) r7 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r7, &(0x7f00000035c0)={0x0, 0x0, &(0x7f0000003580)={&(0x7f0000000540)=ANY=[@ANYBLOB="38010000100001000000000000000000ac1414bb000000000000000000000000fc0200000000000000000000000000014e2400"/64, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="ac1414bb000000000000000009000000000000002b000000e000000100000000000000000000000000000000000000000600000000000000000000000000000004000000000000000000000000000000080000000000000000000000000000000000000000000000030000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000200000010000000000000004800010078786861736836342d67656e6572696300"/240], 0x138}, 0x1, 0x0, 0x0, 0x8010}, 0x0) r8 = openat$vicodec0(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) mmap(&(0x7f0000ffc000/0x1000)=nil, 0x1000, 0x1000001, 0x4010, r8, 0x20df9000) r9 = socket$inet6_tcp(0xa, 0x1, 0x0) timer_create(0x1, &(0x7f0000001ac0)={0x0, 0x29, 0x2, @thr={&(0x7f0000001980)="824be3f52441214552f40a66841c03a6074cdbfa1addb80326e34a28fe9b6d518a8206f2dd8a0bf26e288e71f30fa1daa25c1208fe87c6bcecdc57ade2bec0fd0ec8a9c506e0345f24f92dcd65d023dcb34ba7f82ec51386aead0e7010185a10621bf8d1b009fbc97e14c551ce9419054baa7e3270bc3c71bfbd59dbef0170b19cc222027e6aa5798744738fc31880553b82f763124a918585d1b9047484c3", &(0x7f0000001a40)}}, &(0x7f0000001b00)) ioctl$BLKZEROOUT(0xffffffffffffffff, 0x127f, &(0x7f0000001b40)={0x9, 0x2}) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f0000001c80)=@nat={'nat\x00', 0x19, 0x0, 0x90, [0x200000001bc0, 0x0, 0x0, 0x200000001bf0, 0x200000001c20], 0x0, &(0x7f0000001b80), &(0x7f0000001bc0)=ANY=[@ANYBLOB="000000000000000000000000000000000000000000000000000000000000000000000000000000002c6f000000000000000000000000000000000000000000d4000000000000000000000000000000000000000000000000feffffff00000000000000000000000000000000000000000000000000000000000000000000000000e5ff00"/144]}, 0x108) r10 = signalfd4(r9, &(0x7f0000001d00)={[0x3]}, 0x8, 0x800) mq_notify(r10, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) r11 = syz_open_dev$video4linux(&(0x7f0000001f00), 0x80000001, 0x2c0282) ppoll(&(0x7f0000001f40)=[{r0, 0x8001}, {r9, 0x8}, {r0, 0xb019}, {r1, 0x280}, {r6, 0xc584}, {r5, 0x10}, {r10, 0x1000}, {r11, 0x4080}], 0x8, &(0x7f0000001f80), &(0x7f0000001fc0), 0x8) ioctl$VHOST_SET_VRING_ADDR(r10, 0x4028af11, &(0x7f0000002280)={0x3, 0x1, &(0x7f0000002000)=""/86, &(0x7f0000002080)=""/202, &(0x7f0000002180)=""/252, 0xeeee8000}) io_uring_register$IORING_REGISTER_PERSONALITY(r10, 0x9, 0x0, 0x0) socket$nl_generic(0x10, 0x3, 0x10) 4.822798755s ago: executing program 4 (id=1275): r0 = openat$audio1(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r1}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) ppoll(&(0x7f00000001c0)=[{r0, 0x40}], 0x1, &(0x7f0000000280), &(0x7f00000002c0)={[0x4]}, 0x8) (fail_nth: 22) 4.176012957s ago: executing program 2 (id=1276): r0 = add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, &(0x7f0000000080)="3d8c", 0x2, 0xfffffffffffffffe) r1 = add_key$keyring(&(0x7f0000000400), &(0x7f0000000440)={'syz', 0x1}, 0x0, 0x0, 0xfffffffffffffffd) keyctl$dh_compute(0x17, &(0x7f0000000540)={0x0, r0, r1}, 0x0, 0x0, 0x0) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000000c0)) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x80080, 0x0) setsockopt$inet_tcp_TCP_CONGESTION(r2, 0x6, 0xd, &(0x7f0000000080)='cubic\x00', 0x29) 4.103266637s ago: executing program 2 (id=1277): syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8040) r0 = syz_open_dev$video4linux(&(0x7f00000002c0), 0x6, 0x11b540) r1 = socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e24}, 0x6e) write$P9_RSTATFS(0xffffffffffffffff, &(0x7f0000000140)={0x43, 0x9, 0x1, {0x7, 0x8, 0x0, 0xfffffffffffffffc, 0x91d7, 0x40000000006, 0x6, 0x2, 0x4}}, 0x43) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000000c0), 0x0, 0x4000840) recvmmsg(r2, &(0x7f0000000980)=[{{&(0x7f00000007c0)=@ethernet, 0x80, &(0x7f0000000840)=[{&(0x7f0000000b80)=""/4096, 0x1000}], 0x1, &(0x7f0000000880)=""/224, 0xe0}, 0x91}, {{&(0x7f0000000300)=@nfc_llcp, 0x80, &(0x7f00000006c0)=[{&(0x7f00000000c0)=""/26, 0x1a}, {&(0x7f0000000a00)=""/72, 0x48}, {&(0x7f0000000400)=""/2, 0x2}, {&(0x7f0000000440)=""/36, 0x24}, {&(0x7f0000000480)}, {&(0x7f00000004c0)=""/253, 0xfd}, {&(0x7f00000005c0)=""/249, 0xf9}], 0x7, &(0x7f0000000740)=""/67, 0x43}, 0x4}], 0x2, 0x20002, 0x0) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, &(0x7f0000000b40)="b2", 0x1) socket$netlink(0x10, 0x3, 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r3, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), 0xffffffffffffffff) sendmsg$NL80211_CMD_SET_CQM(r4, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000a80)=ANY=[@ANYRES16=r4], 0x30}, 0x1, 0x0, 0x0, 0x20008844}, 0x4040001) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000380)) socket$inet6(0xa, 0x1, 0x8) creat(0x0, 0x0) sendmsg$nl_route(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x96}}, 0x0) ioctl$VIDIOC_SUBDEV_S_SELECTION(r0, 0xc040563e, 0x0) r6 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000003040), 0x2, 0x0) write$6lowpan_control(r6, &(0x7f0000003080)='connect aa:aa:aa:aa:aa:11 0', 0x1b) setsockopt$SO_BINDTODEVICE_wg(0xffffffffffffffff, 0x1, 0x19, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x6, 0x34, &(0x7f0000000040)=ANY=[@ANYRESDEC=r5, @ANYRESOCT=r5], 0x0) r7 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000000), 0x40000, 0x0) ioctl$FBIOBLANK(r7, 0x4611, 0x0) 3.811061334s ago: executing program 1 (id=1278): r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f0000000000), 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000500)=[@in={0x2, 0x4e23, @local}], 0x10) sendmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="38000000000000001801009be4773593429398d0ffc7e8f123e954eed124b4c1138791b3fe330a322fdff59a74c9f817ee44e703cc4cb5cf"], 0x38}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$netlink(0x10, 0x3, 0xc) bind$netlink(r2, &(0x7f0000514ff4)={0x10, 0x0, 0x0, 0x2ffffffff}, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x301}], {0x14}}, 0x68}}, 0x40000a0) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f00000000c0), 0xf00) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0x0) 3.671877853s ago: executing program 4 (id=1279): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000400)={0x38, 0x5, 0x20, 0x20000, 0xfffffffc, 0x0, 0xfffffffffffffffc, 0xab9, 0x6}, 0x0) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000000)={0x26, 'aead\x00', 0x0, 0x0, 'ccm(aes)\x00'}, 0x58) setsockopt$ALG_SET_AEAD_AUTHSIZE(r2, 0x117, 0x5, 0x0, 0x3) syz_usb_connect(0x0, 0x5f, &(0x7f0000000000)=ANY=[@ANYBLOB="12010000b1f203401e0903003bd7010203010902"], 0x0) openat$cuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000180)={0x0}, 0x18) r3 = gettid() sched_setattr(r3, &(0x7f0000000040)={0x38, 0x5, 0x6, 0x2ca, 0x1, 0x0, 0x205, 0x8, 0xd, 0x85b3}, 0x0) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x22) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) unshare(0x2a020480) r5 = openat$cgroup_subtree(r4, &(0x7f0000000040), 0x2, 0x0) rmdir(&(0x7f0000000140)='./cgroup/../file0\x00') lseek(r5, 0x7, 0x4) r6 = add_key$keyring(&(0x7f0000000340), 0x0, 0x0, 0x0, 0xffffffffffffffff) r7 = add_key(&(0x7f0000000240)='dns_resolver\x00', 0x0, &(0x7f0000000280)="dee7030022cf5c6c7bc31bd2599759fafa9e5e1dbac27b041bfc026dc41fb9b9761a1b44dac894f365ae68edf335abf35ebc3d", 0x33, r6) keyctl$revoke(0x3, r7) add_key$keyring(&(0x7f0000000100), &(0x7f0000000200)={'syz', 0x3}, 0x0, 0x0, 0xfffffffffffffffd) r8 = add_key$user(&(0x7f00000003c0), &(0x7f0000000440)={'syz', 0x3}, &(0x7f0000000480)="29a0781268f3073272c0bbaf800f0da0eb53f9dfd75369205a6f905d6862bbf6a17b2c437dbd55fe008f1b114c0d95b9329d766788ec119b2b10cd04fbcbffffbaada8a2b2403ab74b69450e3305cf94e7cc2ff31a4907a6a6832658a8fdb487859fcf0b458bad10525f44a7a6e0dc75a0371c005343d9fd7c4cc8836d358c21d662f8e0509b65d82c9ef57c516a4d922be452c879582b7c83f4795747708a9007b325ed20d7f7b81e69d82d03ca13a7581a803737778bf155964dab503b637c2020e4c99276b5fab882d5abf77b638771cf05180bdee048f3dc34c8572d18a2065bd614d002e04d66eb3f6c8994bb5afab9cb84b3dd9e5c6fee77812d66092fd9e5311fa632f09fee772c933fea261082209ce52abff90daadd9eb0057d771f486e6b59f475d636ec5284565c88b61d64", 0x131, 0x0) keyctl$dh_compute(0x17, &(0x7f0000000000)={r8, r8, r8}, 0x0, 0x0, &(0x7f0000000280)={&(0x7f00000000c0)={'poly1305-simd\x00'}}) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r9 = openat$tun(0xffffffffffffff9c, 0x0, 0x40, 0x0) openat$pfkey(0xffffffffffffff9c, &(0x7f00000002c0), 0x0, 0x0) ioctl$TUNSETQUEUE(r9, 0x400454d9, &(0x7f0000000600)={'veth1_vlan\x00', 0xe00}) 3.561367938s ago: executing program 1 (id=1280): r0 = socket$nl_generic(0x10, 0x3, 0x10) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x0, 0x0, &(0x7f0000006680)) syz_clone(0x11, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$sock_SIOCGPGRP(r0, 0x8904, &(0x7f0000000000)=0x0) waitid(0x0, r1, 0x0, 0x4, &(0x7f0000000200)) r2 = socket(0x1e, 0x5, 0x0) bind$vsock_stream(r2, &(0x7f0000000040)={0x28, 0x0, 0x0, @host}, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00'}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=@newnexthop={0x2c, 0x68, 0x1, 0x3, 0x80000004, {}, [@NHA_GROUP={0x4}, @NHA_FDB={0x4}, @NHA_ID={0x8}, @NHA_BLACKHOLE={0x4}]}, 0x2c}, 0x1, 0x0, 0x0, 0x840}, 0x4000) r4 = socket(0x10, 0x3, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) getsockopt$sock_timeval(r0, 0x1, 0x15, &(0x7f00000000c0), &(0x7f0000000100)=0x10) mmap(&(0x7f0000ffd000/0x2000)=nil, 0x2000, 0x2000001, 0x20010, r4, 0xdf209000) setsockopt$netlink_NETLINK_TX_RING(r4, 0x10e, 0xc, &(0x7f0000000040)={0x20004, 0x1000, 0x1}, 0x10) sendmsg$nl_route(r4, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)=ANY=[@ANYBLOB="200000005f0005"], 0x20}}, 0x0) 3.013164843s ago: executing program 1 (id=1281): r0 = socket(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000800)=ANY=[@ANYBLOB="180000005600230d000000000000ffa607"], 0x18}}, 0x0) 2.843891008s ago: executing program 1 (id=1282): openat$udambuf(0xffffffffffffff9c, &(0x7f0000000040), 0x2) memfd_create(&(0x7f0000000080)='y\x105\xfb\xf7u\x83%:r\xc2\xb9x\xa4q\xc1\xea\x7f\x8cZ7`_4t\xcda\x9b\x11\x11\x0e\xa1\xcf\x00'/51, 0x2) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0xa0001, 0x0) r0 = open(&(0x7f00000000c0)='.\x00', 0x0, 0x0) syz_io_uring_setup(0x1f85, &(0x7f0000000240)={0x0, 0x7a80, 0x80, 0x2, 0x3b, 0x0, r0}, 0x0, 0x0) socket$inet6(0xa, 0x3, 0x7) syz_open_dev$video4linux(&(0x7f0000000340), 0x92e5, 0x80) socket$netlink(0x10, 0x3, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f00000001c0), 0x2, 0x0) openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000080), 0x60c002, 0x0) openat$uinput(0xffffff9c, &(0x7f0000000100), 0x2, 0x0) socket$nl_generic(0x10, 0x3, 0x10) openat$tun(0xffffffffffffff9c, &(0x7f0000000140), 0x143842, 0x0) socket$nl_generic(0x10, 0x3, 0x10) landlock_create_ruleset(&(0x7f00000000c0)={0x4102}, 0x18, 0x0) openat$yama_ptrace_scope(0xffffff9c, &(0x7f0000000000), 0x2, 0x0) syz_usb_connect$cdc_ecm(0x0, 0x4d, &(0x7f0000000000)=ANY=[@ANYBLOB], 0x0) r1 = syz_io_uring_setup(0x162d, &(0x7f0000000200)={0x0, 0x707b, 0x0, 0x3, 0x288}, 0x0, 0x0) io_uring_setup(0x3ca9, &(0x7f00000000c0)={0x0, 0xc63b, 0x2, 0xfffffffc, 0x40003, 0x0, r1}) openat$khugepaged_scan(0xffffff9c, &(0x7f00000002c0), 0x1, 0x0) socketpair(0x1, 0x20000000000001, 0x0, &(0x7f0000000100)) r2 = openat$tun(0xffffffffffffff9c, &(0x7f0000000380), 0x8a080, 0x0) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32, @ANYRES64, @ANYRES64=0x0, @ANYRESHEX], 0x20) bpf$BPF_PROG_DETACH(0x9, &(0x7f00000001c0)=ANY=[@ANYRES32, @ANYRES32=r2], 0x20) 2.816550301s ago: executing program 0 (id=1283): openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) getsockname$packet(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @random}, &(0x7f0000000300)=0x1c) syz_usb_connect(0x2, 0x2d, &(0x7f0000000000)={{0x12, 0x1, 0x0, 0xe3, 0x16, 0x60, 0x40, 0x586, 0x102, 0x140a, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x10, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0xa8, 0x0, 0x1, 0x5f, 0xb9, 0x4d, 0x0, [], [{{0x9, 0x5, 0x1c277d69f7841ba1, 0x3, 0x400, 0x5, 0x2, 0x8}}]}}]}}]}}, 0x0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x1d0) mknodat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x1, 0xfffffffc) r0 = getpid() r1 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(r0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000280), 0x0, 0x0) r2 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r2, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) ioctl$IOMMU_IOAS_ALLOC(r1, 0x3b81, 0x0) ioctl$IOMMU_TEST_OP_MOCK_DOMAIN(r1, 0x3ba0, &(0x7f00000007c0)={0x52}) r3 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000200), 0x84042, 0x0) socket(0xa, 0x3, 0x3a) r4 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$KVM_CREATE_VM(r4, 0xae01, 0x0) keyctl$setperm(0x5, 0x0, 0x4100) r5 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r6 = dup(r5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x3000007, 0x38011, r6, 0x0) syz_usb_connect$hid(0x0, 0x3f, &(0x7f0000000040)=ANY=[@ANYBLOB="120101f6ffffff1f6d0401c140000102030109022d0001010010020904e2a50001010301010609210101090122920d09058103000203090409050203000005"], &(0x7f0000000340)={0xa, &(0x7f00000001c0)={0xa, 0x6, 0x310, 0x4, 0x80, 0x7, 0x40, 0x3}, 0x5, &(0x7f0000000440)=ANY=[@ANYBLOB="050f05b41eafbff67dd290fd10cd154f6ae0007a031292e7526e95be00"], 0x3, [{0x4, &(0x7f0000000380)=@lang_id={0x4, 0x3, 0x81a}}, {0x4, &(0x7f00000003c0)=@lang_id={0x4, 0x3, 0x41a}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0xfcff}}]}) write$binfmt_misc(0xffffffffffffffff, 0x0, 0x0) r7 = syz_open_dev$loop(&(0x7f0000000080), 0x47ffffa, 0x122c42) ioctl$LOOP_CONFIGURE(r7, 0x4c0a, &(0x7f0000001ac0)={r3, 0x0, {0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x3, 0x1c, "ff9f0b0bbe82b398bbc4369d03740250ceaac594b1b3d741dd17c1ac0d38ef2a565ef1e8336300", "a9103939c787a16c1ca43f80026d1f3c4da06963dd89d130e04d528539f3d3289737f0374c72a964a02447a75df8a69ea917deb7ba193b7e7772fd29f35239d2", "24431a1e77a68e174f000000000000000010e200", [0xfffffffffffffffe, 0x882]}}) landlock_create_ruleset(&(0x7f0000000140)={0x2536, 0x0, 0x2}, 0x18, 0x0) 2.293643431s ago: executing program 3 (id=1286): socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000300)=ANY=[@ANYBLOB="48000000100001047fff00"/20, @ANYRES32=r2, @ANYBLOB="000000000000000028001280090001007665746800000000180002801400010000000000", @ANYRES32=r0], 0x48}, 0x1, 0x0, 0x0, 0x1}, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(0xffffffffffffffff, &(0x7f00000bd000), 0x318, 0x0) syz_usb_connect(0x0, 0x2d, &(0x7f0000000a80)={{0x12, 0x1, 0x0, 0xa6, 0xdc, 0x34, 0x40, 0x61d, 0xc020, 0xa2bf, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x1b, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x1, 0x93, 0xb2, 0x81, 0x0, [], [{{0x9, 0x5, 0x5, 0x390998da063e1313}}]}}]}}]}}, 0x0) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000180)) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000002000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, &(0x7f0000000040)="0f01cb650f741065666765f36f0f330f09660f3a0cb9000000752066b9800000c00f326635004000000f300f01d7ba4100ed", 0x32}], 0x1, 0x12, 0x0, 0x0) r5 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_PIT(r4, 0x8048ae66, &(0x7f0000000080)={[{0x5, 0x0, 0x0, 0x0, 0x0, 0x5f, 0xff, 0x0, 0xa6, 0x0, 0x5, 0x0, 0xfffffffffffffdfc}, {0xfffffffc, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, 0x4, 0xff, 0x2, 0x0, 0x800000000000000}, {0x2, 0x33, 0x0, 0x0, 0x4, 0x5, 0x4, 0x0, 0x5}]}) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000000)={0x1, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r5, 0x4090ae82, &(0x7f00000003c0)={[0x0, 0x0, 0x8000, 0x40, 0x0, 0x0, 0x2004cb, 0x0, 0xfffffffffffffffe, 0x3, 0x0, 0x4, 0x0, 0x0, 0x0, 0x7fffffff], 0x80a0000}) ioctl$KVM_RUN(r5, 0xae80, 0x0) 1.016200651s ago: executing program 3 (id=1287): r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_STAT_DEL(r0, &(0x7f00000017c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000040)={0x10, 0x1412, 0x204, 0x70bd2a, 0x25dfdbfc}, 0x10}, 0x1, 0x0, 0x0, 0x48044}, 0x2c04c040) r1 = socket$kcm(0x11, 0x3, 0x0) sendmsg$kcm(r1, &(0x7f0000000080)={&(0x7f0000000100)=@ieee802154={0x24, @long={0x3, 0x1, {0xaaaaaaaaaaaa0302}}}, 0x80, &(0x7f0000000040)=[{&(0x7f0000000280)="27031c00160014000000002f1eafacf706e105000000894f", 0x18}], 0x1}, 0x20008884) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="240000001800010600000000000000001c140000fe00000100000000050013"], 0x24}, 0x1, 0x0, 0x0, 0x880}, 0x0) r4 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000180), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000001c0)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_EXTERNAL_AUTH(r2, &(0x7f00000002c0)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x2008112}, 0xc, &(0x7f0000000240)={&(0x7f0000000200)={0x34, r4, 0x1, 0x70bd25, 0x25dfdbfd, {{}, {@val={0x8, 0x3, r5}, @val={0xc, 0x99, {0x74, 0x75}}}}, [@NL80211_ATTR_BSSID={0xa, 0xf5, @from_mac=@device_b}]}, 0x34}, 0x1, 0x0, 0x0, 0x405c800}, 0x20000001) 906.145499ms ago: executing program 3 (id=1288): r0 = fsopen(&(0x7f0000000000)='cifs\x00', 0x0) fsconfig$FSCONFIG_SET_STRING(r0, 0x1, &(0x7f0000000080)='source', &(0x7f0000000240)='//\xf2/\x06\b\xa30\\o/\xea\x95\x9a\x82\x10\x97W\x8f7\x98\x9b\\/\\\xf9\rmD\x94)U\xdb\x15X.I\n}\xf3\x9d\xe4_\x05\x9cqf4I^#b?9\xde\xafu\'\x83L\xe0\x97\xe1n_\xa4%\xb1\x97\x93\xafv\xce/\\\xb4L\xf2_\xa7\xfb\xf4\x84\x1fA\xeas\x9d\x14\xe3\v\xa3!\xfb\x93\xd7R\xab2\x1eW\xe9h\x9b\xf7Gl\xf9D\xd4\x82X5\x13\xaa\x87\xf9\xba\xa9m\x14\x14R_\x9a\\>4\xce\x8e_#\xf8D\xb1\xdep\x01\xcc:\xa6\xc5n\xeb\xab\xf70\x99\xef\x8b0xffffffffffffffff}, 0x0) vmsplice(r6, &(0x7f0000000140)=[{&(0x7f0000000100)="eb", 0x20000101}], 0x1, 0x0) fcntl$setpipe(r6, 0x407, 0x10005) sendmsg$IPSET_CMD_TYPE(r6, &(0x7f0000000240)={&(0x7f0000000140)={0x10, 0x0, 0x0, 0x80000}, 0xc, &(0x7f0000000200)={&(0x7f0000000280)=ANY=[@ANYBLOB="3c0000000d06010204000000000000000300000516000300686173683a6e65742c706f9ae94dfa68ad31ab0f72742c6e657400000005000500010000000500010007000000"], 0x3c}, 0x1, 0x0, 0x0, 0x24000800}, 0x800) r7 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r8 = ioctl$KVM_CREATE_VM(r7, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r8, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r9 = ioctl$KVM_CREATE_VCPU(r8, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r9, &(0x7f0000000000/0x18000)=nil, 0x0, 0x0, 0x74, 0x0, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) ioctl$KVM_RUN(r9, 0xae80, 0x0) sendmmsg$unix(r5, &(0x7f0000003580)=[{{0x0, 0x0, &(0x7f0000001600), 0x0, 0x0, 0x0, 0x20004001}}], 0x1, 0x8000) 602.677643ms ago: executing program 3 (id=1290): r0 = socket$can_raw(0x1d, 0x3, 0x1) bind$can_raw(r0, &(0x7f0000000000), 0x10) setsockopt$inet_sctp6_SCTP_SOCKOPT_BINDX_ADD(0xffffffffffffffff, 0x84, 0x64, &(0x7f0000000500)=[@in={0x2, 0x4e23, @local}], 0x10) sendmsg(r0, &(0x7f0000000300)={0x0, 0x0, 0x0, 0x0, &(0x7f00000004c0)=ANY=[@ANYBLOB="38000000000000001801009be4773593429398d0ffc7e8f123e954eed124b4c1138791b3fe330a322fdff59a74c9f817ee44e703cc4cb5cf"], 0x38}, 0x40) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) socket$netlink(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r1, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000940)={{0x14}, [@NFT_MSG_NEWRULE={0x2c, 0x6, 0xa, 0x409, 0x0, 0x0, {0x2}, [@NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}, @NFT_MSG_DELTABLE={0x14, 0x2, 0xa, 0x301}], {0x14}}, 0x68}}, 0x40000a0) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, &(0x7f00000000c0), 0xf00) setsockopt$CAN_RAW_FILTER(r0, 0x65, 0x1, 0x0, 0x0) 540.190047ms ago: executing program 0 (id=1291): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000100)={0x0, 0x24}}, 0x0) getsockname$packet(r1, &(0x7f0000000080)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000100)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000008c0)=ANY=[@ANYBLOB="4800000010000507000000000000", @ANYRES32=r2, @ANYBLOB="0000000200000000280012000c00010076657468"], 0x48}}, 0x0) sendmsg$nl_route_sched(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000140)=@newqdisc={0x30, 0x24, 0xf1d, 0x0, 0x0, {0x0, 0x0, 0x0, r2, {}, {0xfff1, 0xffff}}, [@qdisc_kind_options=@q_clsact={0xb}]}, 0x30}}, 0x0) syz_io_uring_setup(0x88f, &(0x7f00000001c0)={0x0, 0xaee2, 0x20, 0x200002, 0xbfdffffc}, &(0x7f0000000000)=0x0, &(0x7f00000000c0)) r4 = syz_open_procfs(0x0, &(0x7f0000000240)='clear_refs\x00') writev(r4, &(0x7f0000000100)=[{&(0x7f00000004c0)='4', 0x1}], 0x9) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000080)=0xc12, 0x0, 0x4) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket(0x10, 0x803, 0x4) r7 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r7) ptrace(0x10, r7) ptrace(0x420e, r7) fcntl$lock(r5, 0x25, &(0x7f0000000580)={0x1, 0x4, 0x1, 0x81, r7}) r8 = socket$netlink(0x10, 0x3, 0x0) writev(r8, &(0x7f0000000300)=[{&(0x7f00000001c0)}], 0x1) r9 = syz_genetlink_get_family_id$l2tp(&(0x7f0000000040), 0xffffffffffffffff) r10 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$L2TP_CMD_SESSION_DELETE(r10, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000500)=ANY=[@ANYBLOB, @ANYRES16=r9, @ANYBLOB="01002bbd7000fedbdf250500a4b81b887a1fe6023d125df1631d44e60000081309000200000008000c00aa0a0008000001000500000008000b00020000000500120001000000"], 0x3c}, 0x1, 0x0, 0x0, 0x2000c181}, 0x0) sendmsg$L2TP_CMD_TUNNEL_CREATE(r8, &(0x7f0000000340)={&(0x7f0000000200)={0x10, 0x0, 0x0, 0x80000020}, 0xc, &(0x7f0000000240)={&(0x7f00000005c0)=ANY=[@ANYRESOCT=r4, @ANYBLOB="200028bd7000fbdbdf2501000000050006000900000014001f00fe8000000000000000000000000000aa0500070003000000140020002001000000000000000000000000000108001700", @ANYRES32=r6], 0x88}, 0x1, 0x0, 0x0, 0x10}, 0x20044044) syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r6) r11 = getpid() kcmp(r11, r11, 0x3, 0xffffffffffffffff, 0xffffffffffffffff) getsockname$packet(r6, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000001c0)=0x14) sendmsg$nl_route_sched(r5, &(0x7f0000000280)={0x0, 0x11, &(0x7f0000000300)={&(0x7f00000003c0)=@delchain={0x3c, 0x2c, 0xf31, 0x0, 0x2000, {0x0, 0x0, 0x0, r12, {}, {0xfff2, 0xffff}, {0xffff, 0x1}}, [@filter_kind_options=@f_flower={{0xb}, {0xc, 0x2, [@TCA_FLOWER_FLAGS={0x8, 0x16, 0x2}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x4008844}, 0x4010) 333.735069ms ago: executing program 3 (id=1292): mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x3000002, 0x5d031, 0xffffffffffffffff, 0x0) futex(0x0, 0x3, 0x0, &(0x7f0000fd7ff0)={0x77359400}, 0x0, 0xfffffffd) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x0, 0x600, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600002, 0x9) fsmount(0xffffffffffffffff, 0x1, 0xc) remap_file_pages(&(0x7f0000800000/0x800000)=nil, 0x800000, 0x700000000000000, 0x0, 0x0) 58.866741ms ago: executing program 0 (id=1293): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r0 = landlock_create_ruleset(&(0x7f0000000040)={0x0, 0x3}, 0x10, 0x0) landlock_restrict_self(r0, 0x0) (fail_nth: 5) 319.31µs ago: executing program 4 (id=1294): r0 = socket$inet6(0xa, 0x3, 0x8000000003c) r1 = syz_usb_connect$cdc_ncm(0x0, 0x72, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000002000040257d15a4400001040001090260004201000000090400000102090000052406000105240000000d240f01000004eaffffff1e0006031a00000804800200090581", @ANYBLOB="f7", @ANYRESDEC], 0x0) syz_usb_control_io$cdc_ncm(r1, 0x0, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) openat$audio(0xffffff9c, 0x0, 0x402, 0x0) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) syz_emit_ethernet(0x16, &(0x7f0000000000)={@random="a7dcf670d5d9", @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0xe}, @void, {@llc={0x4, {@snap={0xaa, 0x1, "87", "b989d1", 0x886c}}}}}, 0x0) fsconfig$FSCONFIG_SET_BINARY(0xffffffffffffffff, 0x2, 0x0, 0x0, 0x0) recvmmsg(r3, &(0x7f0000000e40)=[{{&(0x7f0000000200)=@x25, 0x80, &(0x7f0000000440)=[{&(0x7f00000002c0)=""/135, 0x87}, {&(0x7f0000000380)=""/128, 0x80}, {&(0x7f0000000400)=""/10, 0xa}], 0x3, &(0x7f0000000480)=""/20, 0x14}, 0x400}, {{&(0x7f00000004c0)=@in6={0xa, 0x0, 0x0, @dev}, 0x80, &(0x7f0000000600)=[{&(0x7f0000000840)=""/153, 0x99}], 0x1, &(0x7f0000000640)=""/128, 0x80}, 0x401}, {{0x0, 0x0, &(0x7f0000000900)=[{&(0x7f00000006c0)=""/6, 0x6}, {&(0x7f0000001040)=""/83, 0x53}, {&(0x7f0000000780)=""/137, 0x89}, {&(0x7f0000000d80)=""/180, 0xb4}, {&(0x7f00000018c0)=""/4096, 0x1000}], 0x5, &(0x7f0000000980)=""/137, 0x89}, 0x7ffc}, {{&(0x7f0000000a40)=@l2tp={0x2, 0x0, @empty}, 0x80, &(0x7f0000000d40)=[{&(0x7f0000000bc0)=""/196, 0xc4}, {&(0x7f0000000ac0)=""/78, 0x4e}, {&(0x7f0000000cc0)=""/66, 0x42}, {&(0x7f00000038c0)=""/4096, 0x1000}], 0x57, &(0x7f00000010c0)=""/187, 0xbb}, 0x2}], 0x4, 0x100, 0x0) syz_emit_ethernet(0x7e, &(0x7f0000000380)={@broadcast, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x70, 0x0, 0x0, 0x0, 0x1, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}, @local}, @time_exceeded={0x3, 0x1, 0x0, 0x3, 0x24, 0x0, {0x15, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x33, 0x0, @local, @dev, {[@ra={0x94, 0x4, 0x1}, @timestamp_addr={0x44, 0xc, 0x71, 0x1, 0x0, [{@local, 0xa}]}, @timestamp_prespec={0x44, 0x14, 0xf8, 0x3, 0x2, [{@empty}, {@private=0xa010100, 0xff}]}, @rr={0x7, 0x3, 0x5f}, @ssrr={0x89, 0x17, 0xf2, [@dev={0xac, 0x14, 0x14, 0x2d}, @broadcast, @private=0xa010100, @remote, @empty]}]}}}}}}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) socket$inet6(0x10, 0x80000, 0x3) sendmsg(r3, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) sched_setattr(0x0, &(0x7f0000000100)={0x38, 0x5, 0x0, 0x0, 0x0, 0xb49, 0x9, 0x8, 0x0, 0x3}, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$ifreq_SIOCGIFINDEX_wireguard(r5, 0x8933, &(0x7f0000001880)={'wg1\x00', 0x0}) r7 = syz_genetlink_get_family_id$wireguard(&(0x7f0000000fc0), 0xffffffffffffffff) sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f0000000b80)={0x0, 0x0, &(0x7f0000000b40)={&(0x7f0000000280)={0x40, r7, 0xa29, 0x0, 0x2000, {}, [@WGDEVICE_A_IFINDEX={0x8, 0x1, r6}, @WGDEVICE_A_PRIVATE_KEY={0x24, 0x3, @c}]}, 0x40}}, 0x0) sendmsg$WG_CMD_SET_DEVICE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000540)=ANY=[@ANYBLOB="30000000a2c07ddb80343678b767497f125b093d85b8365452d60c6a506e5a55d81654b1d497df70dbbf0b18c0cfac25bf328ad74b3683eb0601e5670b31a51143c11d52491deb4f7035575bafc59dcd617a97e357ca0bc14bda95f870903bb868a8b7e78600d08510dd5cbe6169caa9e122d46b61015937cafef77bde328ab17006", @ANYRES16=r7, @ANYBLOB="0100000000000000000001000000140002007767320000000000000000000000000008000100", @ANYRES32=r6, @ANYBLOB], 0x30}}, 0x0) open_tree(0xffffffffffffff9c, 0x0, 0x89901) fsopen(&(0x7f00000000c0)='nilfs2\x00', 0x0) syz_open_dev$char_usb(0xc, 0xb4, 0x0) r8 = accept4$unix(r3, &(0x7f0000000f40), &(0x7f0000001000)=0x6e, 0x80800) shutdown(r8, 0x0) syz_usb_ep_write(r1, 0x81, 0x8, &(0x7f0000000080)="00012c615bc20000") close_range(r0, 0xffffffffffffffff, 0x0) 0s ago: executing program 3 (id=1295): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) r1 = socket(0x2b, 0x1, 0x0) getsockopt$kcm_KCM_RECV_DISABLE(r1, 0x11e, 0x1, 0x0, 0x20000000) setsockopt$EBT_SO_SET_ENTRIES(r1, 0x0, 0x80, &(0x7f00000000c0)=@nat={'nat\x00', 0x19, 0x6, 0x8c4, [0x200000000580, 0x0, 0x0, 0x2000000008bc, 0x200000000a62], 0x0, &(0x7f0000000000), &(0x7f0000000580)=[{0x0, '\x00', 0x0, 0xfffffffffffffffc, 0x2, [{0x5, 0x26, 0x8906, 'veth1_virt_wifi\x00', 'ip6gretap0\x00', 'batadv0\x00', 'pim6reg0\x00', @link_local, [0x0, 0xff, 0xff, 0xff, 0xff, 0xff], @broadcast, [0x0, 0x0, 0x0, 0xff], 0xa6, 0x116, 0x14e, [@mac={{'mac\x00', 0x0, 0x10}, {{@multicast}}}], [@snat={'snat\x00', 0x10, {{@dev={'\xaa\xaa\xaa\xaa\xaa', 0x24}, 0xffffffffffffffff}}}, @arpreply={'arpreply\x00', 0x10, {{@random="1c03dd9cf4e4", 0xfffffffffffffffd}}}], @arpreply={'arpreply\x00', 0x10, {{@local, 0xffffffffffffffff}}}}, {0x3, 0x45, 0xf8, 'geneve1\x00', 'ip_vti0\x00', 'bond_slave_0\x00', 'geneve0\x00', @multicast, [0x0, 0xff, 0x0, 0xff], @multicast, [0xff, 0x0, 0xff, 0x54615dcf269bfc58, 0xff, 0xff], 0xfe, 0x186, 0x1be, [@arp={{'arp\x00', 0x0, 0x38}, {{0x302, 0x201, 0x4, @multicast2, 0xffffff00, @multicast2, 0xff, @empty, [0xff, 0xff, 0x0, 0xff, 0x0, 0xff], @empty, [0x0, 0xff, 0x0, 0xff, 0xff], 0x90, 0x4}}}, @cpu={{'cpu\x00', 0x0, 0x8}, {{0x10, 0x1}}}], [@common=@IDLETIMER={'IDLETIMER\x00', 0x28, {{0x4, 'syz0\x00', {0xb}}}}, @snat={'snat\x00', 0x10, {{@random="be35925d5896", 0xfffffffffffffffd}}}], @arpreply={'arpreply\x00', 0x10, {{@broadcast}}}}]}, {0x0, '\x00', 0x2, 0xfffffffffffffffc, 0x1, [{0x9, 0x0, 0x800, 'wg0\x00', 'veth1_virt_wifi\x00', 'pim6reg0\x00', 'virt_wifi0\x00', @random="7073c2b22181", [0x0, 0x0, 0xff], @local, [0x0, 0xff, 0x0, 0x0, 0xff], 0xce, 0x13e, 0x176, [@state={{'state\x00', 0x0, 0x8}, {{0x71b1e733}}}, @pkttype={{'pkttype\x00', 0x0, 0x8}, {{0x0, 0x1}}}], [@arpreply={'arpreply\x00', 0x10, {{@dev={'\xaa\xaa\xaa\xaa\xaa', 0x15}, 0xffffffffffffffff}}}, @snat={'snat\x00', 0x10, {{@multicast, 0xfffffffffffffffd}}}], @snat={'snat\x00', 0x10, {{@dev={'\xaa\xaa\xaa\xaa\xaa', 0x23}, 0xfffffffffffffffe}}}}]}, {0x0, '\x00', 0x3, 0xfffffffffffffffc, 0x2, [{0x9, 0x68, 0x884c, 'ip6tnl0\x00', 'veth1_to_team\x00', 'dummy0\x00', 'pim6reg\x00', @remote, [0xff, 0xff, 0x0, 0xff, 0xff], @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, [0xff, 0xff, 0x0, 0x0, 0xff, 0xff], 0x11e, 0x11e, 0x156, [@physdev={{'physdev\x00', 0x0, 0x48}, {{'veth0_to_bond\x00', {0xff}, 'geneve1\x00', {0xff}, 0x1, 0x1}}}, @quota={{'quota\x00', 0x0, 0x18}, {{0x1, 0x0, 0x44, {0x10}}}}], [], @snat={'snat\x00', 0x10, {{@local, 0xffffffffffffffff}}}}, {0x11, 0x1, 0x88a8, 'geneve1\x00', 'bond_slave_1\x00', 'tunl0\x00', 'wg0\x00', @broadcast, [0x0, 0xff, 0x0, 0xff, 0x0, 0xff], @local, [0x0, 0xff, 0x0, 0xff, 0xff], 0x9e, 0x9e, 0x116, [@state={{'state\x00', 0x0, 0x8}, {{0xd5}}}], [], @common=@NFLOG={'NFLOG\x00', 0x50, {{0x9, 0x0, 0x6a, 0x0, 0x0, "e9983276147fdcaf5cf4859482d382a55011e49c2ae468dceda67f9d2e49dd9cfd4dd8e0500e38833c0354db7c7187c3f64af9b19a9a0a1bf5b16f69d3ae4b88"}}}}]}, {0x0, '\x00', 0x5, 0xffffffffffffffff, 0x1, [{0x3, 0x0, 0x9300, 'veth0_to_hsr\x00', 'bond0\x00', 'rose0\x00', 'veth0_to_bond\x00', @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x2}, [0x80, 0xff], @broadcast, [0xff, 0xff, 0x0, 0xff], 0xa6, 0xde, 0x116, [@cluster={{'cluster\x00', 0x0, 0x10}, {{0x40, 0x0, 0x101}}}], [@common=@dnat={'dnat\x00', 0x10, {{@empty, 0xfffffffffffffffd}}}], @arpreply={'arpreply\x00', 0x10, {{@link_local, 0xfffffffffffffffe}}}}]}]}, 0x93c) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000040)={0xa, 0x0, 0x0, @loopback, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) sendmsg$ETHTOOL_MSG_WOL_GET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000200)={0x20, 0x0, 0x401, 0x70bd25, 0x25dfdbff, {}, [@HEADER={0xc, 0x1, 0x0, 0x1, [@ETHTOOL_A_HEADER_DEV_INDEX={0x8}]}]}, 0x20}, 0x1, 0x0, 0x0, 0x4001}, 0x20000080) r2 = socket$inet_mptcp(0x2, 0x1, 0x106) setsockopt$inet_tcp_int(r2, 0x6, 0x3, &(0x7f00000001c0)=0x1, 0x4) bind$inet(r2, &(0x7f0000000200)={0x2, 0x4e24, @multicast2}, 0x10) sendmmsg$inet(r2, &(0x7f0000002f00)=[{{&(0x7f0000000000)={0x2, 0x4e24, @local}, 0x10, &(0x7f0000000600)=[{&(0x7f0000000040)="86", 0x1}], 0x1}}], 0x1, 0x20004000) r3 = socket$nl_generic(0x10, 0x3, 0x10) r4 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r3, &(0x7f0000000140)={0x0, 0x2000, &(0x7f0000000100)={&(0x7f0000000080)=ANY=[@ANYBLOB='4\x00\x00\x00', @ANYRES16=r4, @ANYBLOB="0700000040008100000002000000200001801400040000000000000000000000ffffac1414aa060001000a"], 0x34}, 0x1, 0x0, 0x0, 0x8081}, 0x24000800) kernel console output (not intermixed with test programs): 9] CPU: 1 UID: 0 PID: 9129 Comm: syz.3.985 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 362.202628][ T9129] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 362.202639][ T9129] Call Trace: [ 362.202652][ T9129] [ 362.202659][ T9129] dump_stack_lvl+0x241/0x360 [ 362.202688][ T9129] ? __pfx_dump_stack_lvl+0x10/0x10 [ 362.202710][ T9129] ? __pfx__printk+0x10/0x10 [ 362.202731][ T9129] ? __lock_acquire+0xad5/0xd80 [ 362.202760][ T9129] should_fail_ex+0x424/0x570 [ 362.202786][ T9129] should_failslab+0xac/0x100 [ 362.202803][ T9129] kmem_cache_alloc_noprof+0x78/0x390 [ 362.202818][ T9129] ? skb_clone+0x20c/0x390 [ 362.202837][ T9129] skb_clone+0x20c/0x390 [ 362.202854][ T9129] __netlink_deliver_tap+0x3c4/0x7f0 [ 362.202882][ T9129] ? netlink_deliver_tap+0x2e/0x1b0 [ 362.202901][ T9129] netlink_deliver_tap+0x19d/0x1b0 [ 362.202921][ T9129] netlink_unicast+0x7c6/0x9a0 [ 362.202943][ T9129] ? __pfx_netlink_unicast+0x10/0x10 [ 362.202961][ T9129] ? skb_put+0x114/0x1f0 [ 362.202986][ T9129] netlink_sendmsg+0x8c3/0xcd0 [ 362.203017][ T9129] ? __pfx_netlink_sendmsg+0x10/0x10 [ 362.203039][ T9129] ? aa_sock_msg_perm+0x91/0x160 [ 362.203062][ T9129] ? __pfx_netlink_sendmsg+0x10/0x10 [ 362.203079][ T9129] __sock_sendmsg+0x221/0x270 [ 362.203100][ T9129] ____sys_sendmsg+0x523/0x860 [ 362.203130][ T9129] ? __pfx_____sys_sendmsg+0x10/0x10 [ 362.203152][ T9129] ? __fget_files+0x2a/0x420 [ 362.203168][ T9129] ? __fget_files+0x2a/0x420 [ 362.203189][ T9129] __sys_sendmsg+0x271/0x360 [ 362.203216][ T9129] ? __pfx___sys_sendmsg+0x10/0x10 [ 362.203278][ T9129] ? do_syscall_64+0xb6/0x210 [ 362.203296][ T9129] do_syscall_64+0xf3/0x210 [ 362.203312][ T9129] ? clear_bhb_loop+0x45/0xa0 [ 362.203330][ T9129] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 362.203345][ T9129] RIP: 0033:0x7f2bb3b8e169 [ 362.203358][ T9129] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 362.203371][ T9129] RSP: 002b:00007f2bb49ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 362.203387][ T9129] RAX: ffffffffffffffda RBX: 00007f2bb3db5fa0 RCX: 00007f2bb3b8e169 [ 362.203398][ T9129] RDX: 0000000000000000 RSI: 00002000000003c0 RDI: 0000000000000004 [ 362.203408][ T9129] RBP: 00007f2bb49ce090 R08: 0000000000000000 R09: 0000000000000000 [ 362.203417][ T9129] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 362.203426][ T9129] R13: 0000000000000000 R14: 00007f2bb3db5fa0 R15: 00007f2bb3edfa28 [ 362.203448][ T9129] [ 362.203779][ T9129] netlink: 8 bytes leftover after parsing attributes in process `syz.3.985'. [ 362.296436][ T9] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 362.810277][ T9] usb 5-1: New USB device found, idVendor=0813, idProduct=0001, bcdDevice=3a.08 [ 362.824739][ T9] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 362.843978][ T9138] netlink: 36 bytes leftover after parsing attributes in process `syz.2.988'. [ 362.854238][ T9] usb 5-1: config 0 descriptor?? [ 362.864764][ T9] gspca_main: cpia1-2.14.0 probing 0813:0001 [ 363.927969][ T9] gspca_cpia1: usb_control_msg 05, error -110 [ 363.957805][ T9] gspca_cpia1: usb_control_msg 01, error -32 [ 363.994261][ T9] gspca_cpia1: usb_control_msg 01, error -32 [ 364.001132][ T9] gspca_cpia1: usb_control_msg 01, error -32 [ 364.031020][ T9] gspca_cpia1: usb_control_msg 01, error -32 [ 364.113970][ T9] cpia1 5-1:0.0: only firmware version 1 is supported (got: 0) [ 364.149409][ T9160] ptrace attach of "./syz-executor exec"[5856] was attempted by "./syz-executor exec"[9160] [ 364.966612][ T9] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 365.031206][ T24] usb 5-1: USB disconnect, device number 70 [ 365.096350][ T9] usb 1-1: device descriptor read/64, error -71 [ 365.336607][ T9] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 365.476391][ T5915] usb 3-1: new high-speed USB device number 50 using dummy_hcd [ 365.484228][ T9] usb 1-1: device descriptor read/64, error -71 [ 365.614635][ T9] usb usb1-port1: attempt power cycle [ 365.693165][ T5915] usb 3-1: Using ep0 maxpacket: 16 [ 365.712856][ T5915] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 365.733457][ T5915] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 365.777109][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 365.802428][ T5915] usb 3-1: config 0 descriptor?? [ 365.827112][ T10] usb 5-1: new full-speed USB device number 71 using dummy_hcd [ 365.976335][ T9] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 365.996897][ T9] usb 1-1: device descriptor read/8, error -71 [ 366.017432][ T10] usb 5-1: config 16 has an invalid interface number: 168 but max is 0 [ 366.033605][ T10] usb 5-1: config 16 has no interface number 0 [ 366.049263][ T10] usb 5-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 366.063904][ T10] usb 5-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 366.075560][ T10] usb 5-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a [ 366.084929][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 366.104833][ T9182] raw-gadget.3 gadget.4: fail, usb_ep_enable returned -22 [ 366.141465][ T10] HFC-S_USB 5-1:16.168: probe with driver HFC-S_USB failed with error -5 [ 366.233967][ T5915] usbhid 3-1:0.0: can't add hid device: -71 [ 366.246026][ T9] usb 1-1: new high-speed USB device number 77 using dummy_hcd [ 366.259413][ T5915] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 366.292233][ T5915] usb 3-1: USB disconnect, device number 50 [ 366.300989][ T9] usb 1-1: device descriptor read/8, error -71 [ 366.429774][ T9] usb usb1-port1: unable to enumerate USB device [ 366.491869][ T9188] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 366.590005][ T9182] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 366.633379][ T9182] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 366.698125][ T9182] loop6: detected capacity change from 0 to 524287999 [ 366.859288][ T24] usb 5-1: USB disconnect, device number 71 [ 366.881539][ T9193] tipc: Enabling of bearer rejected, failed to enable media [ 366.905513][ T9193] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1005'. [ 366.939786][ T9193] netlink: 'syz.2.1005': attribute type 10 has an invalid length. [ 366.956439][ T9193] netlink: 40 bytes leftover after parsing attributes in process `syz.2.1005'. [ 366.977451][ T9193] batadv0: entered promiscuous mode [ 366.983033][ T9193] batadv0: entered allmulticast mode [ 366.994711][ T9193] bridge0: port 1(batadv0) entered blocking state [ 367.004240][ T9193] bridge0: port 1(batadv0) entered disabled state [ 367.021163][ T9198] ptrace attach of "./syz-executor exec"[5856] was attempted by "./syz-executor exec"[9198] [ 367.031783][ T9193] bridge0: port 1(batadv0) entered blocking state [ 367.038419][ T9193] bridge0: port 1(batadv0) entered forwarding state [ 367.056831][ T9199] batman_adv: batadv0: Adding interface: dummy0 [ 367.063198][ T9199] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 367.088435][ C0] vkms_vblank_simulate: vblank timer overrun [ 367.097346][ T9199] batman_adv: batadv0: Interface activated: dummy0 [ 367.150461][ T9193] batadv0: mtu less than device minimum [ 367.163386][ T9193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.175518][ T9193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.187063][ T9193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.198581][ T9193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.210137][ T9193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.221633][ T9193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.233662][ T9193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.245733][ T9193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.257748][ T9193] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 367.338479][ T13] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 367.348429][ T13] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 367.569765][ T9210] Cannot find del_set index 2 as target [ 367.634080][ T9212] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 367.736478][ T24] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 368.148129][ T24] usb 2-1: config 0 has no interfaces? [ 368.157013][ T24] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 368.166669][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 368.174685][ T24] usb 2-1: Product: syz [ 368.178966][ T24] usb 2-1: Manufacturer: syz [ 368.183624][ T24] usb 2-1: SerialNumber: syz [ 368.192749][ T24] usb 2-1: config 0 descriptor?? [ 368.459884][ T5892] usb 3-1: new high-speed USB device number 51 using dummy_hcd [ 368.696321][ T5890] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 368.700667][ T5892] usb 3-1: Using ep0 maxpacket: 16 [ 368.729931][ T5892] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 368.751611][ T5892] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 368.848751][ T5892] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 368.870888][ T5890] usb 1-1: Using ep0 maxpacket: 32 [ 368.889359][ T5892] usb 3-1: config 0 descriptor?? [ 369.116924][ T5890] usb 1-1: New USB device found, idVendor=1ba6, idProduct=0001, bcdDevice=49.88 [ 369.134519][ T5890] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 369.157144][ T5890] usb 1-1: Product: syz [ 369.161386][ T5890] usb 1-1: Manufacturer: syz [ 369.166017][ T5890] usb 1-1: SerialNumber: syz [ 369.313178][ T30] kauditd_printk_skb: 189 callbacks suppressed [ 369.313199][ T30] audit: type=1326 audit(1745192968.154:701): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.1017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 369.600259][ T5890] usb 1-1: config 0 descriptor?? [ 369.604370][ T5892] usbhid 3-1:0.0: can't add hid device: -71 [ 369.616932][ T5890] as10x_usb: device has been detected [ 369.627016][ T5890] dvbdev: DVB: registering new adapter (Abilis Systems DVB-Titan) [ 369.663063][ T5890] usb 1-1: DVB: registering adapter 1 frontend 0 (Abilis Systems DVB-Titan)... [ 369.686572][ T5892] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 369.703003][ T30] audit: type=1326 audit(1745192968.154:702): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.1017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 369.761769][ T5890] as10x_usb: error during firmware upload part1 [ 369.820776][ T5890] Registered device Abilis Systems DVB-Titan [ 369.881711][ T5892] usb 3-1: USB disconnect, device number 51 [ 369.977229][ T30] audit: type=1326 audit(1745192968.204:703): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.1017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 370.062048][ T30] audit: type=1326 audit(1745192968.204:704): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.1017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 370.214520][ T30] audit: type=1326 audit(1745192968.204:705): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.1017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 370.237058][ C0] vkms_vblank_simulate: vblank timer overrun [ 370.280211][ T30] audit: type=1326 audit(1745192968.204:706): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.1017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 370.310051][ T30] audit: type=1326 audit(1745192968.204:707): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.1017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 370.333986][ T30] audit: type=1326 audit(1745192968.204:708): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.1017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 370.356894][ T30] audit: type=1326 audit(1745192968.204:709): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.1017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f2bb3b8cad0 code=0x7ffc0000 [ 370.382840][ T30] audit: type=1326 audit(1745192968.204:710): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9233 comm="syz.3.1017" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 371.104181][ T5892] usb 2-1: USB disconnect, device number 67 [ 371.158962][ T5915] usb 1-1: USB disconnect, device number 78 [ 371.273583][ T5915] Unregistered device Abilis Systems DVB-Titan [ 371.283085][ T5915] as10x_usb: device has been disconnected [ 371.454643][ T9267] ptrace attach of "./syz-executor exec"[5856] was attempted by "./syz-executor exec"[9267] [ 371.626346][ T5915] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 371.666426][ T5892] usb 2-1: new full-speed USB device number 68 using dummy_hcd [ 371.759273][ T9278] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1026'. [ 371.768988][ T5915] usb 1-1: device descriptor read/64, error -71 [ 371.859287][ T5892] usb 2-1: config 16 has an invalid interface number: 168 but max is 0 [ 371.876300][ T5892] usb 2-1: config 16 has no interface number 0 [ 371.884905][ T5892] usb 2-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 371.925059][ T5892] usb 2-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 371.959994][ T5892] usb 2-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a [ 371.979305][ T5892] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.004797][ T9262] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 372.036435][ T5915] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 372.044074][ T5892] HFC-S_USB 2-1:16.168: probe with driver HFC-S_USB failed with error -5 [ 372.186792][ T5915] usb 1-1: device descriptor read/64, error -71 [ 372.344364][ T5915] usb usb1-port1: attempt power cycle [ 372.397485][ T9280] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 372.562646][ T9280] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 372.692328][ T9280] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 372.716291][ T5915] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 372.753848][ T5915] usb 1-1: device descriptor read/8, error -71 [ 372.763148][ T9262] loop6: detected capacity change from 0 to 524287999 [ 372.939277][ T9] usb 2-1: USB disconnect, device number 68 [ 373.026325][ T5915] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 373.067117][ T5915] usb 1-1: device descriptor read/8, error -71 [ 373.093157][ T9285] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 373.141988][ T9285] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 373.197600][ T5915] usb usb1-port1: unable to enumerate USB device [ 373.607577][ T9296] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1031'. [ 373.784962][ T5888] hid-generic 0000:0000:0000.000C: unknown main item tag 0x0 [ 373.797480][ T5888] hid-generic 0000:0000:0000.000C: hidraw0: HID v0.00 Device [syz1] on syz0 [ 373.969697][ T5892] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 374.116079][ T9301] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 374.138214][ T9301] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 374.146522][ T5892] usb 2-1: Using ep0 maxpacket: 32 [ 374.171802][ T5892] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 9 [ 374.202626][ T5892] usb 2-1: New USB device found, idVendor=14c8, idProduct=0003, bcdDevice= 5.6c [ 374.215169][ T5892] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 374.236186][ T5892] usb 2-1: Product: syz [ 374.271235][ T5892] usb 2-1: Manufacturer: syz [ 374.276361][ T5892] usb 2-1: SerialNumber: syz [ 374.285793][ T5892] usb 2-1: config 0 descriptor?? [ 374.321285][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 374.321304][ T30] audit: type=1326 audit(1745192973.164:770): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9297 comm="syz.1.1032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe26c38dd6b code=0x7ffc0000 [ 374.340616][ T9298] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 374.349729][ C1] vkms_vblank_simulate: vblank timer overrun [ 374.415057][ T30] audit: type=1326 audit(1745192973.184:771): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9297 comm="syz.1.1032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe26c38dd6b code=0x7ffc0000 [ 374.450732][ T5892] input: syz syz as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/input/input10 [ 374.468736][ T30] audit: type=1326 audit(1745192973.184:772): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9297 comm="syz.1.1032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe26c38dd6b code=0x7ffc0000 [ 374.546805][ T30] audit: type=1326 audit(1745192973.284:773): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9297 comm="syz.1.1032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7fe26c38dd6b code=0x7ffc0000 [ 374.569065][ C1] vkms_vblank_simulate: vblank timer overrun [ 374.644623][ T30] audit: type=1326 audit(1745192973.284:774): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9297 comm="syz.1.1032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=230 compat=0 ip=0x7fe26c3c0a25 code=0x7ffc0000 [ 374.666954][ C1] vkms_vblank_simulate: vblank timer overrun [ 374.745995][ T30] audit: type=1326 audit(1745192973.544:775): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9297 comm="syz.1.1032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe26c38e169 code=0x7ffc0000 [ 374.768409][ C1] vkms_vblank_simulate: vblank timer overrun [ 374.816871][ T30] audit: type=1326 audit(1745192973.544:776): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9297 comm="syz.1.1032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe26c38e169 code=0x7ffc0000 [ 374.839479][ T24] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 374.925227][ T9298] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 374.931096][ T30] audit: type=1326 audit(1745192973.714:777): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9297 comm="syz.1.1032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fe26c38e169 code=0x7ffc0000 [ 374.964862][ T30] audit: type=1326 audit(1745192973.714:778): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9297 comm="syz.1.1032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe26c38e169 code=0x7ffc0000 [ 374.980995][ T9298] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 374.991884][ T30] audit: type=1326 audit(1745192973.714:779): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9297 comm="syz.1.1032" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fe26c38e169 code=0x7ffc0000 [ 375.017220][ C1] vkms_vblank_simulate: vblank timer overrun [ 375.036311][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 375.045207][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 375.057073][ T24] usb 1-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 375.080823][ T24] usb 1-1: New USB device found, idVendor=05ef, idProduct=020a, bcdDevice=91.36 [ 375.090969][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.120053][ T24] usb 1-1: Product: syz [ 375.124437][ T24] usb 1-1: Manufacturer: syz [ 375.131076][ T24] usb 1-1: SerialNumber: syz [ 375.158607][ T24] usb 1-1: config 0 descriptor?? [ 375.333444][ T9298] loop6: detected capacity change from 0 to 524287999 [ 375.357229][ T5892] usb 3-1: new full-speed USB device number 52 using dummy_hcd [ 375.425482][ T24] usb 1-1: USB disconnect, device number 83 [ 375.599165][ T5892] usb 3-1: config 0 has an invalid interface number: 113 but max is 0 [ 375.636528][ T5892] usb 3-1: config 0 has no interface number 0 [ 375.653306][ T5892] usb 3-1: config 0 interface 113 has no altsetting 0 [ 375.703066][ T5892] usb 3-1: New USB device found, idVendor=054c, idProduct=02e1, bcdDevice=e2.c8 [ 375.765859][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.776096][ T5892] usb 3-1: Product: syz [ 375.782541][ T5892] usb 3-1: Manufacturer: syz [ 375.788100][ T5892] usb 3-1: SerialNumber: syz [ 375.804807][ T5892] usb 3-1: config 0 descriptor?? [ 375.867618][ T9318] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 375.885343][ T9318] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 376.027189][ C1] usb 3-1: NFC: Urb failure (status -71) [ 376.049711][ C1] usb 3-1: NFC: Urb failure (status -71) [ 376.095441][ T5892] usb 3-1: NFC: Unable to get FW version [ 376.119545][ T5892] pn533_usb 3-1:0.113: probe with driver pn533_usb failed with error -71 [ 376.163819][ T9322] netlink: 112 bytes leftover after parsing attributes in process `syz.4.1042'. [ 376.185846][ T5892] usb 3-1: USB disconnect, device number 52 [ 376.306279][ T10] usb 1-1: new full-speed USB device number 84 using dummy_hcd [ 376.458034][ T10] usb 1-1: config 16 has an invalid interface number: 168 but max is 0 [ 376.476602][ T10] usb 1-1: config 16 has no interface number 0 [ 376.482943][ T10] usb 1-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 376.495057][ T10] usb 1-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 376.507082][ T10] usb 1-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a [ 376.516738][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.529546][ T9320] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 376.563461][ T10] HFC-S_USB 1-1:16.168: probe with driver HFC-S_USB failed with error -5 [ 376.666313][ T24] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 376.839847][ T24] usb 5-1: Using ep0 maxpacket: 16 [ 376.890276][ T9332] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 376.934912][ T24] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 376.946328][ T24] usb 5-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 376.956570][ T24] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 376.993779][ T24] usb 5-1: config 0 descriptor?? [ 377.072260][ T9320] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 377.236968][ T9320] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 377.244966][ T9331] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 377.268727][ T10] usb 2-1: USB disconnect, device number 69 [ 377.268762][ C1] usbtouchscreen 2-1:0.0: usbtouch_irq - usb_submit_urb failed with result: -19 [ 377.295512][ T9320] loop6: detected capacity change from 0 to 524287999 [ 377.340536][ T9331] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 377.370738][ T9331] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1044'. [ 377.495432][ T9] usb 1-1: USB disconnect, device number 84 [ 377.599548][ T9330] syzkaller0: default qdisc (pfifo_fast) fail, fallback to noqueue [ 377.665737][ T9330] syzkaller0: entered promiscuous mode [ 377.671797][ T9330] syzkaller0: entered allmulticast mode [ 377.707422][ T24] usbhid 5-1:0.0: can't add hid device: -71 [ 377.716405][ T24] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 377.799183][ T24] usb 5-1: USB disconnect, device number 72 [ 378.557365][ T47] usb 1-1: new high-speed USB device number 85 using dummy_hcd [ 378.578902][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.585463][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.977029][ T47] usb 1-1: config 0 has no interfaces? [ 378.988940][ T47] usb 1-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 379.000429][ T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 379.010565][ T47] usb 1-1: Product: syz [ 379.015734][ T47] usb 1-1: Manufacturer: syz [ 379.023740][ T47] usb 1-1: SerialNumber: syz [ 379.051321][ T47] usb 1-1: config 0 descriptor?? [ 380.057430][ T9354] vivid-003: ================= START STATUS ================= [ 380.071051][ T9354] vivid-003: Radio HW Seek Mode: Bounded [ 380.082387][ T9354] vivid-003: Radio Programmable HW Seek: false [ 380.098775][ T9354] vivid-003: RDS Rx I/O Mode: Block I/O [ 380.112333][ T9354] vivid-003: Generate RBDS Instead of RDS: false [ 380.124744][ T9354] vivid-003: RDS Reception: true [ 380.137702][ T9354] vivid-003: RDS Program Type: 0 inactive [ 380.151681][ T9354] vivid-003: RDS PS Name: inactive [ 380.220975][ T9354] vivid-003: RDS Radio Text: inactive [ 380.323111][ T9354] vivid-003: RDS Traffic Announcement: false inactive [ 380.353622][ T9354] vivid-003: RDS Traffic Program: false inactive [ 380.398483][ T9354] vivid-003: RDS Music: false inactive [ 380.419887][ T9354] vivid-003: ================== END STATUS ================== [ 381.258637][ T9366] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 381.282597][ T9366] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 381.582328][ T9368] netlink: 112 bytes leftover after parsing attributes in process `syz.1.1053'. [ 381.736872][ T9374] 8021q: adding VLAN 0 to HW filter on device bond1 [ 381.748200][ T9374] team0: Port device bond1 added [ 381.826317][ T5915] usb 3-1: new low-speed USB device number 53 using dummy_hcd [ 381.859423][ T9380] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 381.878718][ T9380] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 381.931490][ T9380] netlink: 'syz.3.1058': attribute type 3 has an invalid length. [ 381.947254][ T47] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 381.990416][ T5915] usb 3-1: config 252 has an invalid interface number: 101 but max is 0 [ 382.024271][ T9382] net_ratelimit: 10 callbacks suppressed [ 382.024310][ T9382] IPVS: rr: UDP 224.0.0.2:0 - no destination available [ 382.030771][ T5915] usb 3-1: config 252 has no interface number 0 [ 382.048789][ T5915] usb 3-1: New USB device found, idVendor=0ccd, idProduct=0039, bcdDevice=90.7b [ 382.061155][ T5915] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.110191][ T5915] pvrusb2: Hardware description: Terratec Grabster AV400 [ 382.120785][ T9380] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1058'. [ 382.134923][ T5915] pvrusb2: ********** [ 382.136496][ T47] usb 5-1: Using ep0 maxpacket: 16 [ 382.141613][ T5915] pvrusb2: ***WARNING*** Support for this device (Terratec Grabster AV400) is experimental. [ 382.151324][ T47] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 382.157006][ T5915] pvrusb2: Important functionality might not be entirely working. [ 382.235889][ T9386] misc userio: The device must be registered before sending interrupts [ 382.265837][ T5915] pvrusb2: Please consider contacting the driver author to help with further stabilization of the driver. [ 382.270125][ T47] usb 5-1: config 0 has no interface number 0 [ 382.279089][ T5915] pvrusb2: ********** [ 382.294786][ T47] usb 5-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 382.302322][ T9370] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 382.313945][ T9370] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 382.336198][ T2342] pvrusb2: Invalid write control endpoint [ 382.345835][ T47] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.376998][ T47] usb 5-1: Product: syz [ 382.381933][ T47] usb 5-1: Manufacturer: syz [ 382.390031][ T47] usb 5-1: SerialNumber: syz [ 382.512461][ T47] usb 5-1: config 0 descriptor?? [ 382.541951][ T5915] usb 3-1: USB disconnect, device number 53 [ 382.545265][ T47] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 382.712102][ T2342] pvrusb2: Invalid write control endpoint [ 382.784923][ T2342] pvrusb2: ***WARNING*** Detected a wedged cx25840 chip; the device will not work. [ 382.808838][ T2342] pvrusb2: ***WARNING*** Try power cycling the pvrusb2 device. [ 382.824778][ T2342] pvrusb2: ***WARNING*** Disabling further access to the device to prevent other foul-ups. [ 382.842486][ T2342] pvrusb2: Device being rendered inoperable [ 382.865763][ T2342] cx25840 1-0044: Unable to detect h/w, assuming cx23887 [ 382.883937][ T2342] cx25840 1-0044: cx23887 A/V decoder found @ 0x88 (pvrusb2_a) [ 382.952721][ T2342] pvrusb2: Attached sub-driver cx25840 [ 382.970860][ T10] usb 1-1: USB disconnect, device number 85 [ 382.985793][ T30] kauditd_printk_skb: 54 callbacks suppressed [ 382.985815][ T30] audit: type=1326 audit(1745192981.824:834): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9390 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 383.088780][ T2342] pvrusb2: ***WARNING*** pvrusb2 device hardware appears to be jammed and I can't clear it. [ 383.106232][ T30] audit: type=1326 audit(1745192981.864:835): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9390 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=22 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 383.166607][ T2342] pvrusb2: You might need to power cycle the pvrusb2 device in order to recover. [ 383.199289][ T30] audit: type=1326 audit(1745192981.864:836): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9390 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 383.281476][ T30] audit: type=1326 audit(1745192981.864:837): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9390 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 383.352192][ T30] audit: type=1326 audit(1745192981.864:838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9390 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2bb3b8e169 code=0x7ffc0000 [ 383.374476][ C1] vkms_vblank_simulate: vblank timer overrun [ 383.496566][ T9400] ptrace attach of "./syz-executor exec"[5855] was attempted by "./syz-executor exec"[9400] [ 383.677087][ T30] audit: type=1326 audit(1745192981.864:839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9390 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2bb3b8dd6b code=0x7ffc0000 [ 383.976239][ T30] audit: type=1326 audit(1745192981.864:840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9390 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2bb3b8dd6b code=0x7ffc0000 [ 384.018928][ T30] audit: type=1326 audit(1745192981.864:841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9390 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2bb3b8dd6b code=0x7ffc0000 [ 384.041152][ C1] vkms_vblank_simulate: vblank timer overrun [ 384.376279][ T47] gspca_spca1528: reg_r err -71 [ 384.455874][ T47] spca1528 5-1:0.1: probe with driver spca1528 failed with error -71 [ 384.546607][ T47] usb 5-1: USB disconnect, device number 73 [ 384.553347][ T30] audit: type=1326 audit(1745192981.864:842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9390 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2bb3b8dd6b code=0x7ffc0000 [ 384.679631][ T30] audit: type=1326 audit(1745192981.864:843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9390 comm="syz.3.1060" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f2bb3b8dd6b code=0x7ffc0000 [ 384.850971][ T9419] openvswitch: netlink: Actions may not be safe on all matching packets [ 384.933785][ T47] hid-generic 0000:0000:0000.000D: unknown main item tag 0x0 [ 384.986782][ T47] hid-generic 0000:0000:0000.000D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 385.263785][ T9428] netlink: 16 bytes leftover after parsing attributes in process `syz.2.1070'. [ 385.346489][ T47] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 385.523014][ T47] usb 2-1: config 0 has no interfaces? [ 385.535905][ T47] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 385.546093][ T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 385.554851][ T47] usb 2-1: Product: syz [ 385.562558][ T47] usb 2-1: Manufacturer: syz [ 385.567518][ T47] usb 2-1: SerialNumber: syz [ 385.640133][ T47] usb 2-1: config 0 descriptor?? [ 385.801257][ T24] usb 1-1: new high-speed USB device number 86 using dummy_hcd [ 385.876910][ T5915] usb 3-1: new high-speed USB device number 54 using dummy_hcd [ 385.997554][ T24] usb 1-1: Using ep0 maxpacket: 8 [ 386.036542][ T24] usb 1-1: config 0 has too many interfaces: 65, using maximum allowed: 32 [ 386.110654][ T5915] usb 3-1: config 0 has no interfaces? [ 386.121752][ T5915] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 386.124166][ T24] usb 1-1: config 0 has an invalid interface number: 150 but max is 64 [ 386.133829][ T5915] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 386.691682][ T5915] usb 3-1: Product: syz [ 386.704895][ T5915] usb 3-1: Manufacturer: syz [ 386.712256][ T5915] usb 3-1: SerialNumber: syz [ 386.740875][ T24] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 386.754891][ T24] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 65 [ 386.774891][ T5915] usb 3-1: config 0 descriptor?? [ 386.792019][ T24] usb 1-1: config 0 has no interface number 0 [ 386.818820][ T24] usb 1-1: config 0 interface 150 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 386.856354][ T24] usb 1-1: config 0 interface 150 has no altsetting 0 [ 386.930406][ T24] usb 1-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 387.093021][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 387.114172][ T24] usb 1-1: config 0 descriptor?? [ 387.946554][ T5892] usb 1-1: USB disconnect, device number 86 [ 388.032272][ T9460] ptrace attach of "./syz-executor exec"[5856] was attempted by "./syz-executor exec"[9460] [ 388.676494][ T9] usb 2-1: USB disconnect, device number 70 [ 388.908996][ T9467] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 388.917910][ T9467] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 388.970232][ T9473] netlink: 'syz.4.1082': attribute type 1 has an invalid length. [ 388.983403][ T9473] netlink: 48 bytes leftover after parsing attributes in process `syz.4.1082'. [ 389.390901][ T9480] vimc link validate: Scaler:src:640x480 (0x33424752, 8, 0, 0, 0) RGB/YUV Capture:snk:640x480 (0x33424752, 8, 0, 0, 0) [ 389.719394][ T9486] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 389.809996][ T10] usb 5-1: new high-speed USB device number 74 using dummy_hcd [ 389.898115][ T9486] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 389.956006][ T9] usb 3-1: USB disconnect, device number 54 [ 390.019199][ T10] usb 5-1: config 1 has too many interfaces: 66, using maximum allowed: 32 [ 390.038800][ T10] usb 5-1: config 1 has an invalid descriptor of length 55, skipping remainder of the config [ 390.076397][ T10] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 66 [ 390.093456][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 52, changing to 9 [ 390.105069][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 8241, setting to 1024 [ 390.120036][ T10] usb 5-1: New USB device found, idVendor=7d25, idProduct=a415, bcdDevice= 0.40 [ 390.130613][ T10] usb 5-1: New USB device strings: Mfr=1, Product=4, SerialNumber=0 [ 390.166175][ T10] usb 5-1: Product: syz [ 390.170478][ T10] usb 5-1: Manufacturer: syz [ 390.188519][ T10] cdc_wdm 5-1:1.0: skipping garbage [ 390.193789][ T10] cdc_wdm 5-1:1.0: skipping garbage [ 390.223355][ T10] cdc_wdm 5-1:1.0: cdc-wdm0: USB WDM device [ 390.270040][ T10] cdc_wdm 5-1:1.0: Unknown control protocol [ 390.746133][ C1] cdc_wdm 5-1:1.0: nonzero urb status received: -EPIPE [ 390.796291][ T5892] hid-generic 0000:0000:0000.000E: unknown main item tag 0x0 [ 390.806817][ T10] usb 3-1: new high-speed USB device number 55 using dummy_hcd [ 390.852516][ T5892] hid-generic 0000:0000:0000.000E: hidraw0: HID v0.00 Device [syz1] on syz0 [ 390.952199][ T9] usb 5-1: USB disconnect, device number 74 [ 390.972845][ T10] usb 3-1: config 0 has no interfaces? [ 390.983618][ T10] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 390.993446][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 391.002140][ T10] usb 3-1: Product: syz [ 391.010272][ T10] usb 3-1: Manufacturer: syz [ 391.021121][ T10] usb 3-1: SerialNumber: syz [ 391.052935][ T10] usb 3-1: config 0 descriptor?? [ 391.812525][ T9513] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 391.823285][ T9513] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 391.856266][ T47] usb 1-1: new high-speed USB device number 87 using dummy_hcd [ 392.066229][ T47] usb 1-1: device descriptor read/64, error -71 [ 392.408058][ T47] usb 1-1: new high-speed USB device number 88 using dummy_hcd [ 392.580740][ T47] usb 1-1: device descriptor read/64, error -71 [ 392.590321][ T5892] usb 5-1: new high-speed USB device number 75 using dummy_hcd [ 392.707099][ T47] usb usb1-port1: attempt power cycle [ 392.782988][ T5892] usb 5-1: config 0 has no interfaces? [ 392.958386][ T5892] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 393.156299][ T47] usb 1-1: new high-speed USB device number 89 using dummy_hcd [ 393.174276][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 393.187217][ T9538] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 393.196168][ T9538] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 393.431467][ T5892] usb 5-1: Product: syz [ 393.435692][ T5892] usb 5-1: Manufacturer: syz [ 393.441948][ T47] usb 1-1: device descriptor read/8, error -71 [ 393.466909][ T5892] usb 5-1: SerialNumber: syz [ 393.548007][ T5892] usb 5-1: config 0 descriptor?? [ 393.686315][ T47] usb 1-1: new high-speed USB device number 90 using dummy_hcd [ 393.718954][ T47] usb 1-1: device descriptor read/8, error -71 [ 393.733888][ T5892] usb 3-1: USB disconnect, device number 55 [ 393.803537][ T30] kauditd_printk_skb: 34 callbacks suppressed [ 393.803557][ T30] audit: type=1326 audit(1745192992.644:878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9539 comm="syz.2.1098" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f2858e169 code=0x0 [ 393.836650][ T47] usb usb1-port1: unable to enumerate USB device [ 393.910634][ T9543] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1098'. [ 394.256384][ T47] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 394.418941][ T47] usb 2-1: Using ep0 maxpacket: 16 [ 394.512123][ T47] usb 2-1: config 0 has an invalid interface number: 1 but max is 0 [ 394.521921][ T47] usb 2-1: config 0 has no interface number 0 [ 394.542795][ T47] usb 2-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 394.570625][ T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.593354][ T47] usb 2-1: Product: syz [ 394.661305][ T47] usb 2-1: Manufacturer: syz [ 394.862029][ T47] usb 2-1: SerialNumber: syz [ 394.883285][ T47] usb 2-1: config 0 descriptor?? [ 394.898011][ T47] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 395.673887][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 395.698221][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 395.705697][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 395.846878][ T47] gspca_spca1528: reg_w err -110 [ 395.866289][ T47] spca1528 2-1:0.1: probe with driver spca1528 failed with error -110 [ 395.884049][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 395.895208][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 395.924802][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 395.932514][ T9] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 396.020937][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.048314][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.100022][ T9] usb 3-1: config 0 has no interfaces? [ 396.112992][ T9] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 396.122179][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 396.165653][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.182275][ T9] usb 3-1: Product: syz [ 396.208757][ T9] usb 3-1: Manufacturer: syz [ 396.218512][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.255145][ T9] usb 3-1: SerialNumber: syz [ 396.275884][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.310474][ T9] usb 3-1: config 0 descriptor?? [ 396.325918][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.347445][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.423131][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.482959][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.554134][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.658256][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.733454][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.866304][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.911687][ T47] usb 5-1: USB disconnect, device number 75 [ 396.925058][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 396.978792][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.025972][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.069978][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.122395][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.159748][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.203362][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.241426][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.281463][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.323289][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.369563][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.446688][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.454230][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.518236][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.554519][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.578045][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.592655][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.649739][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.671457][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.734179][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.766699][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 397.824190][ T9568] tipc: Enabling of bearer rejected, failed to enable media [ 398.015443][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.161373][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.216517][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.271936][ T9] usb 3-1: USB disconnect, device number 56 [ 398.278704][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.286096][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.331457][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.365980][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.383805][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.416222][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.471049][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.484385][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.621329][ T9570] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1105'. [ 398.695658][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.720135][ T5892] hid-generic 0000:0000:0000.0010: unknown main item tag 0x0 [ 398.753556][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.771439][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.771527][ T5892] hid-generic 0000:0000:0000.0010: hidraw0: HID v0.00 Device [syz1] on syz0 [ 398.840758][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.887773][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.926698][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.934973][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 398.972633][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.001157][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.026284][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.044088][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.064357][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.115133][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.154953][ T9581] futex_wake_op: syz.2.1106 tries to shift op by -33; fix this program [ 399.176700][ T9581] netdevsim netdevsim2: Direct firmware load for . [ 399.176700][ T9581] failed with error -2 [ 399.188551][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.196008][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.203475][ T9581] netdevsim netdevsim2: Falling back to sysfs fallback for: . [ 399.203475][ T9581] [ 399.272514][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.293980][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.311733][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.326090][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.403318][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.410922][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.423755][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.432963][ T9584] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 399.441731][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.450084][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.458198][ T9584] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 399.466081][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.481990][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.508752][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.523252][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.536199][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.561517][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.570881][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.578654][ T5890] hid-generic 0000:0000:0000.000F: unknown main item tag 0x0 [ 399.591216][ T5890] hid-generic 0000:0000:0000.000F: hidraw1: HID v0.00 Device [syz0] on syz0 [ 399.633829][ T5890] usb 2-1: USB disconnect, device number 71 [ 399.826600][ T5892] usb 1-1: new high-speed USB device number 91 using dummy_hcd [ 400.016334][ T5892] usb 1-1: Using ep0 maxpacket: 8 [ 400.025164][ T5892] usb 1-1: config 0 has too many interfaces: 65, using maximum allowed: 32 [ 400.035084][ T5892] usb 1-1: config 0 has an invalid interface number: 150 but max is 64 [ 400.186392][ T5892] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 400.204025][ T5892] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 65 [ 400.213171][ T5892] usb 1-1: config 0 has no interface number 0 [ 400.295650][ T5892] usb 1-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 400.336330][ T5892] usb 1-1: config 0 interface 150 has no altsetting 0 [ 400.363043][ T5892] usb 1-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 400.407668][ T5892] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 400.437101][ T5892] usb 1-1: config 0 descriptor?? [ 400.557599][ T9594] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 400.566906][ T9594] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 400.896323][ T9] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 401.080475][ T9] usb 2-1: config 0 has no interfaces? [ 401.107062][ T9] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 401.134964][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.143225][ T9] usb 2-1: Product: syz [ 401.151503][ T9] usb 2-1: Manufacturer: syz [ 401.156374][ T9] usb 2-1: SerialNumber: syz [ 401.171754][ T9] usb 2-1: config 0 descriptor?? [ 401.227392][ T5892] usb 1-1: USB disconnect, device number 91 [ 401.926862][ T9] usb 2-1: USB disconnect, device number 72 [ 402.043916][ T9606] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1116'. [ 402.359517][ T9611] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1117'. [ 402.653159][ T9616] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1119'. [ 402.665697][ T9619] veth0_to_bridge: entered promiscuous mode [ 402.707082][ T9622] netlink: 16 bytes leftover after parsing attributes in process `syz.0.1119'. [ 402.716395][ T9622] netlink: 20 bytes leftover after parsing attributes in process `syz.0.1119'. [ 402.741890][ T9620] veth0_to_bridge: left promiscuous mode [ 403.334519][ T5915] hid-generic 0000:0000:0000.0011: unknown main item tag 0x0 [ 403.373420][ T5915] hid-generic 0000:0000:0000.0011: hidraw0: HID v0.00 Device [syz1] on syz0 [ 403.926462][ T5892] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 404.260906][ T5892] usb 3-1: config 0 has no interfaces? [ 404.353466][ T5892] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 404.384651][ T5892] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.436707][ T5892] usb 3-1: Product: syz [ 404.440947][ T5892] usb 3-1: Manufacturer: syz [ 404.504698][ T5892] usb 3-1: SerialNumber: syz [ 404.530297][ T9653] program syz.3.1131 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 404.539767][ T5915] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 404.597824][ T9651] FAULT_INJECTION: forcing a failure. [ 404.597824][ T9651] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 404.631684][ T9651] CPU: 0 UID: 0 PID: 9651 Comm: syz.4.1130 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 404.631715][ T9651] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 404.631728][ T9651] Call Trace: [ 404.631737][ T9651] [ 404.631745][ T9651] dump_stack_lvl+0x241/0x360 [ 404.631782][ T9651] ? __pfx_dump_stack_lvl+0x10/0x10 [ 404.631817][ T9651] ? __wake_up_klogd+0xcc/0x110 [ 404.631855][ T9651] should_fail_ex+0x424/0x570 [ 404.631892][ T9651] strncpy_from_user+0x36/0x280 [ 404.631926][ T9651] getname_flags+0xf1/0x530 [ 404.631951][ T9651] do_sys_openat2+0xbf/0x1d0 [ 404.631978][ T9651] ? __pfx_do_sys_openat2+0x10/0x10 [ 404.632015][ T9651] __se_sys_openat2+0x265/0x310 [ 404.632042][ T9651] ? __pfx___se_sys_openat2+0x10/0x10 [ 404.632075][ T9651] ? do_syscall_64+0xb6/0x210 [ 404.632101][ T9651] do_syscall_64+0xf3/0x210 [ 404.632123][ T9651] ? clear_bhb_loop+0x45/0xa0 [ 404.632147][ T9651] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 404.632167][ T9651] RIP: 0033:0x7f3db998e169 [ 404.632185][ T9651] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 404.632202][ T9651] RSP: 002b:00007f3db77f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b5 [ 404.632223][ T9651] RAX: ffffffffffffffda RBX: 00007f3db9bb5fa0 RCX: 00007f3db998e169 [ 404.632238][ T9651] RDX: 0000200000000380 RSI: 00002000000003c0 RDI: 0000000000000004 [ 404.632252][ T9651] RBP: 00007f3db77f6090 R08: 0000000000000000 R09: 0000000000000000 [ 404.632264][ T9651] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001 [ 404.632277][ T9651] R13: 0000000000000000 R14: 00007f3db9bb5fa0 R15: 00007f3db9cdfa28 [ 404.632307][ T9651] [ 404.814443][ T5892] usb 3-1: config 0 descriptor?? [ 404.860243][ T9655] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 404.868810][ T5915] usb 2-1: Using ep0 maxpacket: 8 [ 404.874786][ T9655] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 404.904981][ T5915] usb 2-1: config 0 has too many interfaces: 65, using maximum allowed: 32 [ 404.924413][ T5915] usb 2-1: config 0 has an invalid interface number: 150 but max is 64 [ 404.932853][ T5915] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 404.943187][ T5915] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 65 [ 404.952524][ T5915] usb 2-1: config 0 has no interface number 0 [ 404.958894][ T5915] usb 2-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 404.972095][ T5915] usb 2-1: config 0 interface 150 has no altsetting 0 [ 404.980001][ T5915] usb 2-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 404.989155][ T5915] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.001011][ T5915] usb 2-1: config 0 descriptor?? [ 405.509604][ T9661] syz_tun: entered allmulticast mode [ 405.555509][ T9661] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1134'. [ 405.789750][ T5888] usb 2-1: USB disconnect, device number 73 [ 406.438156][ T9660] syz_tun: left allmulticast mode [ 406.666477][ T5892] usb 3-1: USB disconnect, device number 57 [ 406.790179][ T9676] batman_adv: batadv0: Local translation table size (80) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 406.946948][ T5915] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 407.012277][ T9685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.026024][ T9685] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.102810][ T5915] usb 2-1: Using ep0 maxpacket: 8 [ 407.126496][ T47] usb 1-1: new high-speed USB device number 92 using dummy_hcd [ 407.139939][ T5915] usb 2-1: config 5 has an invalid interface number: 72 but max is 0 [ 407.148399][ T5890] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 407.176477][ T5915] usb 2-1: config 5 has no interface number 0 [ 407.182686][ T5915] usb 2-1: config 5 interface 72 has no altsetting 0 [ 407.191246][ T9686] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 407.213373][ T5915] usb 2-1: New USB device found, idVendor=1b3d, idProduct=01cd, bcdDevice= 8.00 [ 407.229632][ T5915] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.257067][ T9686] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.269195][ T5915] usb 2-1: Product: syz [ 407.270126][ T9686] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.275889][ T5915] usb 2-1: Manufacturer: syz [ 407.295089][ T9685] loop6: detected capacity change from 0 to 524287999 [ 407.304066][ T5915] usb 2-1: SerialNumber: syz [ 407.326210][ T47] usb 1-1: device descriptor read/64, error -71 [ 407.346330][ T5890] usb 5-1: Using ep0 maxpacket: 16 [ 407.355442][ T5890] usb 5-1: config 1 has an invalid descriptor of length 60, skipping remainder of the config [ 407.370784][ T5890] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 407.387457][ T5890] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= f.89 [ 407.400392][ T5890] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 407.410928][ T5890] usb 5-1: SerialNumber: syz [ 407.437807][ T5890] usb 5-1: 0:2 : does not exist [ 407.570454][ T9674] bond2: entered allmulticast mode [ 407.576329][ T47] usb 1-1: new high-speed USB device number 93 using dummy_hcd [ 407.583708][ T9674] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1137'. [ 407.623420][ T5915] ftdi_sio 2-1:5.72: FTDI USB Serial Device converter detected [ 407.633216][ T5915] usb 2-1: Detected FT4232H [ 407.642363][ T5915] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 407.650945][ T5915] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 407.661051][ T5915] usb 2-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 407.680762][ T5915] usb 2-1: USB disconnect, device number 74 [ 407.699005][ T5915] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 407.707076][ T9690] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 407.720236][ T47] usb 1-1: device descriptor read/64, error -71 [ 407.720807][ T5915] ftdi_sio 2-1:5.72: device disconnected [ 407.733116][ T9690] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 407.846512][ T47] usb usb1-port1: attempt power cycle [ 407.846544][ C0] batman_adv: batadv0: Local translation table size (80) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 408.033753][ T9694] FAULT_INJECTION: forcing a failure. [ 408.033753][ T9694] name failslab, interval 1, probability 0, space 0, times 0 [ 408.050254][ T9694] CPU: 0 UID: 0 PID: 9694 Comm: syz.3.1145 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 408.050283][ T9694] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 408.050295][ T9694] Call Trace: [ 408.050302][ T9694] [ 408.050311][ T9694] dump_stack_lvl+0x241/0x360 [ 408.050345][ T9694] ? __pfx_dump_stack_lvl+0x10/0x10 [ 408.050373][ T9694] ? __pfx__printk+0x10/0x10 [ 408.050403][ T9694] ? __pfx___might_resched+0x10/0x10 [ 408.050428][ T9694] should_fail_ex+0x424/0x570 [ 408.050462][ T9694] should_failslab+0xac/0x100 [ 408.050483][ T9694] __kmalloc_cache_noprof+0x73/0x370 [ 408.050503][ T9694] ? snd_pcm_lib_malloc_pages+0x2a5/0x760 [ 408.050537][ T9694] snd_pcm_lib_malloc_pages+0x2a5/0x760 [ 408.050573][ T9694] snd_pcm_hw_params+0x961/0x1f40 [ 408.050602][ T9694] ? kfree+0x198/0x430 [ 408.050616][ T9694] ? snd_pcm_hw_param_near+0x3e3/0x790 [ 408.050648][ T9694] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 408.050671][ T9694] ? __pfx_snd_pcm_hw_param_near+0x10/0x10 [ 408.050694][ T9694] ? __asan_memset+0x23/0x50 [ 408.050725][ T9694] snd_pcm_oss_change_params_locked+0x2366/0x4150 [ 408.050780][ T9694] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 408.050813][ T9694] ? snd_pcm_oss_make_ready+0xc2/0x350 [ 408.050835][ T9694] ? __lock_acquire+0xad5/0xd80 [ 408.050863][ T9694] ? do_raw_spin_lock+0x151/0x370 [ 408.050891][ T9694] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 408.050920][ T9694] snd_pcm_oss_make_ready+0x11d/0x350 [ 408.050949][ T9694] snd_pcm_oss_set_trigger+0x93/0x720 [ 408.050983][ T9694] snd_pcm_oss_poll+0x6e8/0x940 [ 408.051019][ T9694] ? __fget_files+0x2a/0x420 [ 408.051045][ T9694] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 408.051067][ T9694] ? __fget_files+0x2a/0x420 [ 408.051090][ T9694] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 408.051116][ T9694] do_sys_poll+0xa4a/0x13f0 [ 408.051171][ T9694] ? __pfx_do_sys_poll+0x10/0x10 [ 408.051205][ T9694] ? kstrtoull+0x1d3/0x2f0 [ 408.051311][ T9694] ? _raw_spin_unlock_irq+0x23/0x50 [ 408.051338][ T9694] ? lockdep_hardirqs_on+0x9d/0x150 [ 408.051358][ T9694] ? _raw_spin_unlock_irq+0x2e/0x50 [ 408.051412][ T9694] ? __pfx_set_user_sigmask+0x10/0x10 [ 408.051429][ T9694] ? __fget_files+0x2a/0x420 [ 408.051456][ T9694] __se_sys_ppoll+0x2a2/0x330 [ 408.051484][ T9694] ? fput+0x9b/0xd0 [ 408.051505][ T9694] ? __pfx___se_sys_ppoll+0x10/0x10 [ 408.051543][ T9694] ? __x64_sys_ppoll+0x20/0xc0 [ 408.051572][ T9694] do_syscall_64+0xf3/0x210 [ 408.051592][ T9694] ? clear_bhb_loop+0x45/0xa0 [ 408.051615][ T9694] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 408.051633][ T9694] RIP: 0033:0x7f2bb3b8e169 [ 408.051650][ T9694] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 408.051666][ T9694] RSP: 002b:00007f2bb49ce038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 408.051687][ T9694] RAX: ffffffffffffffda RBX: 00007f2bb3db5fa0 RCX: 00007f2bb3b8e169 [ 408.051701][ T9694] RDX: 0000200000000280 RSI: 0000000000000001 RDI: 00002000000001c0 [ 408.051713][ T9694] RBP: 00007f2bb49ce090 R08: 0000000000000008 R09: 0000000000000000 [ 408.051725][ T9694] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000002 [ 408.051736][ T9694] R13: 0000000000000000 R14: 00007f2bb3db5fa0 R15: 00007f2bb3edfa28 [ 408.051766][ T9694] [ 408.266516][ T47] usb 1-1: new high-speed USB device number 94 using dummy_hcd [ 408.326806][ C1] vkms_vblank_simulate: vblank timer overrun [ 408.639638][ T47] usb 1-1: device descriptor read/8, error -71 [ 408.886456][ C0] batman_adv: batadv0: Local translation table size (80) exceeds maximum packet size (-320); Ignoring new local tt entry: aa:aa:aa:aa:aa:0c [ 408.936247][ T47] usb 1-1: new high-speed USB device number 95 using dummy_hcd [ 408.969588][ T47] usb 1-1: device descriptor read/8, error -71 [ 409.006279][ T24] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 409.077199][ T47] usb usb1-port1: unable to enumerate USB device [ 409.163614][ T24] usb 2-1: config 0 has no interfaces? [ 409.176836][ T24] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 409.186618][ T24] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 409.206417][ T24] usb 2-1: Product: syz [ 409.211882][ T24] usb 2-1: Manufacturer: syz [ 409.218125][ T24] usb 2-1: SerialNumber: syz [ 409.237528][ T24] usb 2-1: config 0 descriptor?? [ 409.381575][ T9707] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 409.395158][ T9707] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 410.071478][ T9] usb 5-1: USB disconnect, device number 76 [ 410.561706][ T9724] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 410.572004][ T9724] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 410.649675][ T5890] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 410.693168][ T9723] loop8: detected capacity change from 0 to 7 [ 410.721353][ T9723] Dev loop8: unable to read RDB block 7 [ 410.760763][ T9723] loop8: unable to read partition table [ 410.768531][ T9723] loop8: partition table beyond EOD, truncated [ 410.816026][ T9723] loop_reread_partitions: partition scan of loop8 (被xڬdƤݡ [ 410.816026][ T9723] ) failed (rc=-5) [ 410.836318][ T5890] usb 3-1: device descriptor read/64, error -71 [ 411.076329][ T5890] usb 3-1: new high-speed USB device number 59 using dummy_hcd [ 411.229094][ T5890] usb 3-1: device descriptor read/64, error -71 [ 411.352153][ T5890] usb usb3-port1: attempt power cycle [ 411.696316][ T5890] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 411.739786][ T5890] usb 3-1: device descriptor read/8, error -71 [ 411.840035][ T24] usb 2-1: USB disconnect, device number 75 [ 412.106318][ T5890] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 412.143568][ T5890] usb 3-1: device descriptor read/8, error -71 [ 412.256821][ T5890] usb usb3-port1: unable to enumerate USB device [ 412.558942][ T9747] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1161'. [ 413.323249][ T9757] netlink: 36 bytes leftover after parsing attributes in process `syz.2.1165'. [ 413.966294][ T5892] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 414.173740][ T5892] usb 5-1: config 0 has no interfaces? [ 414.334957][ T5892] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 414.381667][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 414.412219][ T5892] usb 5-1: Product: syz [ 414.499807][ T5892] usb 5-1: Manufacturer: syz [ 414.539922][ T5892] usb 5-1: SerialNumber: syz [ 414.643309][ T5892] usb 5-1: config 0 descriptor?? [ 414.926331][ T10] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 415.220111][ T10] usb 2-1: config 0 has no interfaces? [ 415.260285][ T10] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 415.301949][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 415.328674][ T10] usb 2-1: Product: syz [ 415.338268][ T10] usb 2-1: Manufacturer: syz [ 415.374200][ T10] usb 2-1: SerialNumber: syz [ 415.423245][ T10] usb 2-1: config 0 descriptor?? [ 417.334108][ T9789] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 417.401238][ T24] usb 5-1: USB disconnect, device number 77 [ 417.433245][ T9789] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 418.689919][ T10] usb 2-1: USB disconnect, device number 76 [ 418.739901][ T9806] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1181'. [ 418.775532][ T9806] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1181'. [ 418.955405][ T9809] netlink: 24 bytes leftover after parsing attributes in process `syz.3.1181'. [ 419.110856][ T9814] netlink: 'syz.0.1183': attribute type 6 has an invalid length. [ 419.227256][ T9820] netlink: 224 bytes leftover after parsing attributes in process `syz.0.1183'. [ 419.386470][ T9825] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1183'. [ 419.577077][ T9830] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 419.590954][ T9830] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 419.596330][ T24] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 419.766239][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 419.784906][ T24] usb 3-1: config 1 interface 0 altsetting 0 endpoint 0x8 has invalid maxpacket 17908, setting to 1024 [ 419.816161][ T24] usb 3-1: config 1 interface 0 altsetting 0 bulk endpoint 0x8 has invalid maxpacket 1024 [ 419.850063][ T24] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 419.897902][ T24] usb 3-1: New USB device found, idVendor=044f, idProduct=b304, bcdDevice= 0.40 [ 419.921885][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.946437][ T24] usb 3-1: Product: syz [ 419.963590][ T24] usb 3-1: Manufacturer: syz [ 419.976360][ T24] usb 3-1: SerialNumber: syz [ 420.012864][ T9824] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 420.241466][ T5845] Bluetooth: hci1: unknown advertising packet type: 0x7f [ 420.241542][ T5845] Bluetooth: hci1: unknown advertising packet type: 0x64 [ 420.248983][ T5845] Bluetooth: hci1: Malformed LE Event: 0x02 [ 420.346233][ T5890] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 420.493944][ T24] usbhid 3-1:1.0: couldn't find an input interrupt endpoint [ 420.536327][ T5890] usb 2-1: config 0 has no interfaces? [ 420.552854][ T24] usb 3-1: USB disconnect, device number 62 [ 420.573292][ T5890] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 420.645479][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.678914][ T5890] usb 2-1: Product: syz [ 420.689895][ T5890] usb 2-1: Manufacturer: syz [ 420.702006][ T5890] usb 2-1: SerialNumber: syz [ 420.731559][ T5890] usb 2-1: config 0 descriptor?? [ 423.321776][ T9883] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1204'. [ 423.584006][ T9886] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1205'. [ 424.273997][ T5890] usb 2-1: USB disconnect, device number 77 [ 424.355046][ T9893] netlink: 24 bytes leftover after parsing attributes in process `syz.4.1207'. [ 424.846161][ T9906] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1210'. [ 424.982165][ T9903] tipc: Enabling of bearer rejected, failed to enable media [ 425.028866][ T9903] netlink: 'syz.3.1210': attribute type 10 has an invalid length. [ 425.068708][ T9903] netlink: 40 bytes leftover after parsing attributes in process `syz.3.1210'. [ 425.115874][ T9911] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1213'. [ 425.116227][ T9903] batadv0: entered promiscuous mode [ 425.140859][ T9903] batadv0: entered allmulticast mode [ 425.159326][ T9903] bridge0: port 3(batadv0) entered blocking state [ 425.169374][ T9903] bridge0: port 3(batadv0) entered disabled state [ 425.179952][ T9903] bridge0: port 3(batadv0) entered blocking state [ 425.186626][ T9903] bridge0: port 3(batadv0) entered forwarding state [ 425.200386][ T30] audit: type=1326 audit(1745193024.044:879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9914 comm="syz.2.1214" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8f2858e169 code=0x0 [ 425.235647][ T9907] batman_adv: batadv0: Adding interface: dummy0 [ 425.264299][ T9907] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 425.340794][ T9907] batman_adv: batadv0: Interface activated: dummy0 [ 425.688088][ T5123] batman_adv: batadv0: No IGMP Querier present - multicast optimizations disabled [ 425.697481][ T5123] batman_adv: batadv0: No MLD Querier present - multicast optimizations disabled [ 425.876832][ T5890] usb 3-1: new full-speed USB device number 63 using dummy_hcd [ 426.040876][ T5890] usb 3-1: config index 0 descriptor too short (expected 156, got 27) [ 426.104984][ T47] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 426.143306][ T10] usb 1-1: new full-speed USB device number 96 using dummy_hcd [ 426.153413][ T5890] usb 3-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 426.166435][ T5890] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 426.192437][ T5890] usb 3-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 426.216017][ T5890] usb 3-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 426.241080][ T5890] usb 3-1: config 0 interface 0 has no altsetting 0 [ 426.260073][ T5890] usb 3-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 426.269402][ T5890] usb 3-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 426.276364][ T47] usb 2-1: Using ep0 maxpacket: 16 [ 426.278905][ T5890] usb 3-1: Product: syz [ 426.286603][ T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 426.287396][ T5890] usb 3-1: Manufacturer: syz [ 426.386837][ T5890] usb 3-1: SerialNumber: syz [ 426.395666][ T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 426.427396][ T5890] usb 3-1: config 0 descriptor?? [ 426.433228][ T9928] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 426.451216][ T47] usb 2-1: New USB device found, idVendor=6161, idProduct=4d15, bcdDevice= 0.00 [ 426.451880][ T5890] ldusb 3-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 426.466218][ T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 426.531185][ T5890] ldusb 3-1:0.0: LD USB Device #0 now attached to major 180 minor 0 [ 426.567730][ T10] usb 1-1: config index 0 descriptor too short (expected 156, got 27) [ 426.609007][ T10] usb 1-1: too many endpoints for config 0 interface 0 altsetting 191: 144, using maximum allowed: 30 [ 426.632740][ T10] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has an invalid bInterval 0, changing to 10 [ 426.854947][ T47] usb 2-1: config 0 descriptor?? [ 426.887883][ T9928] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 426.901367][ T9928] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 427.059960][ T10] usb 1-1: config 0 interface 0 altsetting 191 endpoint 0x87 has invalid maxpacket 255, setting to 64 [ 427.072966][ T10] usb 1-1: config 0 interface 0 altsetting 191 has 1 endpoint descriptor, different from the interface descriptor's value: 144 [ 427.140926][ T10] usb 1-1: config 0 interface 0 has no altsetting 0 [ 427.162966][ T10] usb 1-1: New USB device found, idVendor=0f11, idProduct=1021, bcdDevice=86.66 [ 427.247094][ T10] usb 1-1: New USB device strings: Mfr=85, Product=120, SerialNumber=172 [ 427.321433][ T10] usb 1-1: Product: syz [ 427.325723][ T10] usb 1-1: Manufacturer: syz [ 427.357725][ T10] usb 1-1: SerialNumber: syz [ 427.394506][ T10] usb 1-1: config 0 descriptor?? [ 427.420590][ T9933] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 427.455898][ T10] ldusb 1-1:0.0: Interrupt out endpoint not found (using control endpoint instead) [ 427.525541][ T10] ldusb 1-1:0.0: LD USB Device #1 now attached to major 180 minor 1 [ 427.926390][ T10] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 428.159551][ T47] letsketch 0003:6161:4D15.0012: Device info: ဉ [ 428.172899][ T10] usb 5-1: config 0 has no interfaces? [ 428.185029][ T10] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 428.195493][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 428.211208][ T10] usb 5-1: Product: syz [ 428.231994][ T10] usb 5-1: Manufacturer: syz [ 428.257638][ T10] usb 5-1: SerialNumber: syz [ 428.279180][ T10] usb 5-1: config 0 descriptor?? [ 428.448014][ T47] usb 2-1: Max retries (5) exceeded reading string descriptor 201 [ 428.461650][ T47] letsketch 0003:6161:4D15.0012: probe with driver letsketch failed with error -71 [ 428.504293][ T5890] usb 3-1: USB disconnect, device number 63 [ 428.513096][ T5890] ldusb 3-1:0.0: LD USB Device #0 now disconnected [ 428.672218][ T47] usb 2-1: USB disconnect, device number 78 [ 428.783447][ T30] audit: type=1326 audit(1745193027.624:880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=9946 comm="syz.3.1221" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f2bb3b8e169 code=0x0 [ 428.998217][ T9951] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1220'. [ 429.700114][ T47] usb 1-1: USB disconnect, device number 96 [ 429.779183][ T47] ldusb 1-1:0.0: LD USB Device #1 now disconnected [ 430.336441][ T47] usb 1-1: new high-speed USB device number 97 using dummy_hcd [ 430.430976][ T9967] netlink: 20 bytes leftover after parsing attributes in process `syz.1.1225'. [ 430.568249][ T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has an invalid bInterval 0, changing to 7 [ 430.712626][ T47] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 430.794543][ T47] usb 1-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=a2.bf [ 430.824273][ T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 430.848544][ T47] usb 1-1: Product: syz [ 431.251824][ T47] usb 1-1: Manufacturer: syz [ 431.264919][ T47] usb 1-1: SerialNumber: syz [ 431.282125][ T47] usb 1-1: config 0 descriptor?? [ 431.339482][ T47] ssu100 1-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 431.379874][ T9976] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 431.427327][ T9976] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 431.714043][ T47] ssu100 1-1:0.0: probe with driver ssu100 failed with error -110 [ 431.754683][ T10] usb 5-1: USB disconnect, device number 78 [ 431.937403][ T9] usb 1-1: USB disconnect, device number 97 [ 432.015401][ T9982] FAULT_INJECTION: forcing a failure. [ 432.015401][ T9982] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 432.408871][ T9982] CPU: 1 UID: 0 PID: 9982 Comm: syz.2.1230 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 432.408901][ T9982] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 432.408913][ T9982] Call Trace: [ 432.408921][ T9982] [ 432.408929][ T9982] dump_stack_lvl+0x241/0x360 [ 432.408964][ T9982] ? __pfx_dump_stack_lvl+0x10/0x10 [ 432.408991][ T9982] ? __pfx__printk+0x10/0x10 [ 432.409028][ T9982] should_fail_ex+0x424/0x570 [ 432.409062][ T9982] _copy_to_user+0x31/0xb0 [ 432.409090][ T9982] simple_read_from_buffer+0xc4/0x170 [ 432.409122][ T9982] proc_fail_nth_read+0x1ef/0x260 [ 432.409145][ T9982] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 432.409167][ T9982] ? rw_verify_area+0x246/0x630 [ 432.409191][ T9982] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 432.409211][ T9982] vfs_read+0x21f/0xb90 [ 432.409241][ T9982] ? __pfx_call_rcu+0x10/0x10 [ 432.409261][ T9982] ? __pfx_vfs_read+0x10/0x10 [ 432.409307][ T9982] ? __phys_addr+0xba/0x170 [ 432.409336][ T9982] ? kmem_cache_free+0x312/0x410 [ 432.409357][ T9982] ? fput_close_sync+0x1ef/0x270 [ 432.409397][ T9982] ksys_read+0x19d/0x2d0 [ 432.409427][ T9982] ? __pfx_ksys_read+0x10/0x10 [ 432.409460][ T9982] ? do_syscall_64+0xb6/0x210 [ 432.409487][ T9982] do_syscall_64+0xf3/0x210 [ 432.409509][ T9982] ? clear_bhb_loop+0x45/0xa0 [ 432.409534][ T9982] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 432.409554][ T9982] RIP: 0033:0x7f8f2858cb7c [ 432.409572][ T9982] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 432.409589][ T9982] RSP: 002b:00007f8f293c5030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 432.409610][ T9982] RAX: ffffffffffffffda RBX: 00007f8f287b5fa0 RCX: 00007f8f2858cb7c [ 432.409625][ T9982] RDX: 000000000000000f RSI: 00007f8f293c50a0 RDI: 0000000000000005 [ 432.409638][ T9982] RBP: 00007f8f293c5090 R08: 0000000000000000 R09: 0000000000000000 [ 432.409650][ T9982] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 432.409661][ T9982] R13: 0000000000000000 R14: 00007f8f287b5fa0 R15: 00007f8f288dfa28 [ 432.409692][ T9982] [ 432.852550][ T5888] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 433.070536][ T9] hid-generic 0000:0000:0000.0013: unknown main item tag 0x0 [ 433.093938][ T9] hid-generic 0000:0000:0000.0013: hidraw0: HID v0.00 Device [syz1] on syz0 [ 433.230724][ T9996] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 433.253186][ T9996] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 433.271497][ T5888] usb 5-1: config 0 has no interfaces? [ 433.320172][ T5888] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 433.336155][ T5888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 433.366037][ T5888] usb 5-1: Product: syz [ 433.408953][ T5888] usb 5-1: Manufacturer: syz [ 433.430752][ T5888] usb 5-1: SerialNumber: syz [ 433.456206][ T5888] usb 5-1: config 0 descriptor?? [ 433.477570][ T9999] usb usb8: usbfs: process 9999 (syz.3.1235) did not claim interface 0 before use [ 434.056953][ T5888] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 434.254829][ T47] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 434.370292][ T5888] usb 3-1: config 0 has no interfaces? [ 434.431087][ T5888] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 434.449135][ T5888] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.522583][ T47] usb 2-1: config 0 has no interfaces? [ 434.530587][ T5888] usb 3-1: Product: syz [ 434.566277][ T47] usb 2-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 434.578753][ T5888] usb 3-1: Manufacturer: syz [ 434.592072][ T5888] usb 3-1: SerialNumber: syz [ 434.598591][ T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 434.693629][ T5888] usb 3-1: config 0 descriptor?? [ 434.698854][ T47] usb 2-1: Product: syz [ 434.706346][ T47] usb 2-1: Manufacturer: syz [ 434.714893][ T47] usb 2-1: SerialNumber: syz [ 434.731862][ T47] usb 2-1: config 0 descriptor?? [ 434.836381][ T9] usb 1-1: new high-speed USB device number 98 using dummy_hcd [ 434.973956][T10009] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 434.984449][T10009] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 435.012367][ T9] usb 1-1: Using ep0 maxpacket: 8 [ 435.042207][ T9] usb 1-1: config 0 has too many interfaces: 65, using maximum allowed: 32 [ 435.054187][ T9] usb 1-1: config 0 has an invalid interface number: 150 but max is 64 [ 435.071036][ T9] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 435.148425][ T9] usb 1-1: config 0 has 1 interface, different from the descriptor's value: 65 [ 435.203938][ T9] usb 1-1: config 0 has no interface number 0 [ 435.230036][ T9] usb 1-1: config 0 interface 150 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 435.278858][ T9] usb 1-1: config 0 interface 150 has no altsetting 0 [ 435.304346][ T9] usb 1-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 435.327753][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 435.360472][ T9] usb 1-1: config 0 descriptor?? [ 435.605944][ T5890] usb 1-1: USB disconnect, device number 98 [ 435.763520][ T5888] usb 5-1: USB disconnect, device number 79 [ 436.236215][ T5888] usb 5-1: new high-speed USB device number 80 using dummy_hcd [ 436.403741][ T5888] usb 5-1: config 0 has no interfaces? [ 436.414907][ T5888] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 436.424930][ T5888] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 436.438518][ T5888] usb 5-1: Product: syz [ 436.446413][ T5888] usb 5-1: Manufacturer: syz [ 436.462242][ T5888] usb 5-1: SerialNumber: syz [ 436.579214][T10027] netlink: 16 bytes leftover after parsing attributes in process `syz.3.1240'. [ 436.602704][T10027] bond0: entered promiscuous mode [ 436.678487][T10027] bond_slave_0: entered promiscuous mode [ 436.725129][ T5888] usb 5-1: config 0 descriptor?? [ 436.754254][ T5892] usb 2-1: USB disconnect, device number 79 [ 436.806696][T10027] bond_slave_1: entered promiscuous mode [ 436.814263][T10027] 8021q: adding VLAN 0 to HW filter on device macvlan2 [ 436.869157][ T47] usb 3-1: USB disconnect, device number 64 [ 436.964711][T10027] bond0: left promiscuous mode [ 436.994759][T10027] bond_slave_0: left promiscuous mode [ 437.001248][T10027] bond_slave_1: left promiscuous mode [ 437.163018][T10034] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1242'. [ 437.202127][T10034] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1242'. [ 437.237452][ T5892] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 437.486269][ T5892] usb 2-1: device descriptor read/64, error -71 [ 437.560963][T10044] xt_CT: You must specify a L4 protocol and not use inversions on it [ 437.576825][T10047] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 437.589553][T10047] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 437.916310][ T10] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 437.936240][ T5892] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 438.082026][ T5892] usb 2-1: device descriptor read/64, error -71 [ 438.176337][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 438.196893][ T5892] usb usb2-port1: attempt power cycle [ 438.322027][ T10] usb 3-1: unable to get BOS descriptor or descriptor too short [ 438.371657][ T10] usb 3-1: too many configurations: 106, using maximum allowed: 8 [ 438.402189][ T10] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 438.431275][ T10] usb 3-1: can't read configurations, error -71 [ 438.546317][ T5892] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 438.565514][T10057] netlink: 132 bytes leftover after parsing attributes in process `syz.0.1248'. [ 438.580805][T10057] batman_adv: batadv0: Adding interface: dummy0 [ 438.587394][T10057] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1560 would solve the problem. [ 438.616966][T10057] batman_adv: batadv0: Interface activated: dummy0 [ 438.624197][ T5892] usb 2-1: device descriptor read/8, error -71 [ 438.714688][T10057] batadv0: mtu less than device minimum [ 438.727504][T10057] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 438.739282][T10057] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 438.751001][T10057] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 438.762720][T10057] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 438.774464][T10057] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 438.786227][T10057] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 438.797911][T10057] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 438.809622][T10057] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 438.821304][T10057] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 438.851792][ T10] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 438.986213][ T5892] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 439.007171][ T5892] usb 2-1: device descriptor read/8, error -71 [ 439.038345][ T10] usb 3-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 439.048096][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 439.136802][ T5892] usb usb2-port1: unable to enumerate USB device [ 439.138037][ T10] usb 3-1: config 0 descriptor?? [ 439.192698][ T10] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 439.637235][ T5888] usb 5-1: USB disconnect, device number 80 [ 439.706985][ T10] gspca_sunplus: reg_w_riv err -110 [ 439.722552][ T10] sunplus 3-1:0.0: probe with driver sunplus failed with error -110 [ 440.010705][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.017957][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.087845][ T30] audit: type=1326 audit(1745193038.904:881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10059 comm="syz.0.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47d98e169 code=0x7fc00000 [ 440.130191][ T30] audit: type=1326 audit(1745193038.904:882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10059 comm="syz.0.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7ff47d98e169 code=0x7fc00000 [ 440.160912][ T30] audit: type=1326 audit(1745193038.904:883): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10059 comm="syz.0.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47d98e169 code=0x7fc00000 [ 440.225987][ T30] audit: type=1326 audit(1745193038.904:884): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10059 comm="syz.0.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47d98e169 code=0x7fc00000 [ 440.259525][ T30] audit: type=1326 audit(1745193038.904:885): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10059 comm="syz.0.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47d98e169 code=0x7fc00000 [ 440.283791][ T30] audit: type=1326 audit(1745193038.904:886): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10059 comm="syz.0.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47d98e169 code=0x7fc00000 [ 440.310182][ T30] audit: type=1326 audit(1745193038.904:887): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10059 comm="syz.0.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47d98e169 code=0x7fc00000 [ 440.335323][ T30] audit: type=1326 audit(1745193038.904:888): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10059 comm="syz.0.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47d98e169 code=0x7fc00000 [ 440.359613][ T30] audit: type=1326 audit(1745193038.904:889): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10059 comm="syz.0.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47d98e169 code=0x7fc00000 [ 440.459686][T10074] FAULT_INJECTION: forcing a failure. [ 440.459686][T10074] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 440.522644][ T10] usb 2-1: new full-speed USB device number 84 using dummy_hcd [ 440.585608][ T30] audit: type=1326 audit(1745193038.904:890): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=10059 comm="syz.0.1249" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff47d98e169 code=0x7fc00000 [ 440.589356][T10074] CPU: 0 UID: 0 PID: 10074 Comm: syz.4.1252 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 440.589388][T10074] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 440.589402][T10074] Call Trace: [ 440.589410][T10074] [ 440.589419][T10074] dump_stack_lvl+0x241/0x360 [ 440.589461][T10074] ? __pfx_dump_stack_lvl+0x10/0x10 [ 440.589493][T10074] ? __pfx__printk+0x10/0x10 [ 440.589537][T10074] should_fail_ex+0x424/0x570 [ 440.589575][T10074] _copy_from_user+0x2d/0xb0 [ 440.589605][T10074] copy_msghdr_from_user+0xb3/0x580 [ 440.589638][T10074] ? __pfx_copy_msghdr_from_user+0x10/0x10 [ 440.589661][T10074] ? __fget_files+0x2a/0x420 [ 440.589686][T10074] ? __fget_files+0x2a/0x420 [ 440.589717][T10074] __sys_sendmsg+0x20a/0x360 [ 440.589755][T10074] ? __pfx___sys_sendmsg+0x10/0x10 [ 440.589845][T10074] ? do_syscall_64+0xb6/0x210 [ 440.589873][T10074] do_syscall_64+0xf3/0x210 [ 440.589902][T10074] ? clear_bhb_loop+0x45/0xa0 [ 440.589930][T10074] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 440.589951][T10074] RIP: 0033:0x7f3db998e169 [ 440.589972][T10074] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 440.589991][T10074] RSP: 002b:00007f3db77f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 440.590014][T10074] RAX: ffffffffffffffda RBX: 00007f3db9bb5fa0 RCX: 00007f3db998e169 [ 440.590031][T10074] RDX: 0000000000000000 RSI: 0000200000000400 RDI: 0000000000000003 [ 440.590043][T10074] RBP: 00007f3db77f6090 R08: 0000000000000000 R09: 0000000000000000 [ 440.590057][T10074] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 440.590070][T10074] R13: 0000000000000000 R14: 00007f3db9bb5fa0 R15: 00007f3db9cdfa28 [ 440.590103][T10074] [ 440.709075][ T10] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 9 [ 440.931062][T10076] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 440.948256][T10076] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 441.029584][ T10] usb 2-1: New USB device found, idVendor=0b48, idProduct=3007, bcdDevice=4f.64 [ 441.039670][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 441.178152][ T10] usb 2-1: Product: syz [ 441.184312][ T10] usb 2-1: Manufacturer: syz [ 441.191612][ T10] usb 2-1: SerialNumber: syz [ 441.209362][ T10] usb 2-1: config 0 descriptor?? [ 441.222232][ T10] dvb-usb: found a 'Technotrend TT Connect S2-3600' in warm state. [ 441.510731][ T10] pctv452e: pctv452e_power_ctrl: 1 [ 441.510731][ T10] [ 441.526407][ T10] usb 2-1: selecting invalid altsetting 3 [ 441.558143][ T10] pctv452e: pctv452e_power_ctrl: Warning set interface returned: -22 [ 441.558143][ T10] [ 441.592370][ T10] dvb-usb: bulk message failed: -22 (5/0) [ 441.611831][ T10] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 441.622448][ T9] usb 1-1: new high-speed USB device number 99 using dummy_hcd [ 441.653149][ T10] dvb-usb: Technotrend TT Connect S2-3600 error while loading driver (-19) [ 441.676750][ T10] usb 2-1: USB disconnect, device number 84 [ 441.788003][ T9] usb 1-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 441.797646][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 441.834915][ T9] usb 1-1: config 0 descriptor?? [ 441.846827][ T9] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 441.878396][ T5892] usb 3-1: USB disconnect, device number 66 [ 442.389136][ T9] gspca_sunplus: reg_w_riv err -110 [ 442.416938][ T9] sunplus 1-1:0.0: probe with driver sunplus failed with error -110 [ 442.535936][T10099] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1262'. [ 442.626293][ T5915] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 442.637232][T10099] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1262'. [ 442.766267][ T5892] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 442.840632][ T5915] usb 5-1: config 0 has no interfaces? [ 442.850765][ T5915] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 442.860339][ T5915] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 442.879147][ T5915] usb 5-1: Product: syz [ 442.886026][ T5915] usb 5-1: Manufacturer: syz [ 442.891672][ T5915] usb 5-1: SerialNumber: syz [ 442.900386][ T5915] usb 5-1: config 0 descriptor?? [ 442.949097][ T5892] usb 3-1: device descriptor read/64, error -71 [ 443.008346][T10104] FAULT_INJECTION: forcing a failure. [ 443.008346][T10104] name failslab, interval 1, probability 0, space 0, times 0 [ 443.024353][T10104] CPU: 0 UID: 0 PID: 10104 Comm: syz.0.1255 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 443.024387][T10104] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 443.024400][T10104] Call Trace: [ 443.024410][T10104] [ 443.024419][T10104] dump_stack_lvl+0x241/0x360 [ 443.024466][T10104] ? __pfx_dump_stack_lvl+0x10/0x10 [ 443.024497][T10104] ? __pfx__printk+0x10/0x10 [ 443.024531][T10104] ? __pfx___might_resched+0x10/0x10 [ 443.024557][T10104] should_fail_ex+0x424/0x570 [ 443.024595][T10104] should_failslab+0xac/0x100 [ 443.024619][T10104] kmem_cache_alloc_node_noprof+0x7d/0x3b0 [ 443.024643][T10104] ? __alloc_skb+0x1c2/0x480 [ 443.024677][T10104] __alloc_skb+0x1c2/0x480 [ 443.024713][T10104] ? __pfx___alloc_skb+0x10/0x10 [ 443.024753][T10104] _sctp_make_chunk+0x58/0x460 [ 443.024786][T10104] sctp_make_datafrag_empty+0x156/0x2a0 [ 443.024815][T10104] ? __pfx_sctp_make_datafrag_empty+0x10/0x10 [ 443.024841][T10104] ? __kasan_kmalloc+0x9d/0xb0 [ 443.024874][T10104] ? sctp_auth_send_cid+0x1ed/0x250 [ 443.024897][T10104] ? sctp_auth_asoc_get_hmac+0x66/0x270 [ 443.024926][T10104] sctp_datamsg_from_user+0x740/0xf20 [ 443.024973][T10104] sctp_sendmsg_to_asoc+0x11b2/0x19b0 [ 443.025016][T10104] ? __lock_acquire+0xad5/0xd80 [ 443.025057][T10104] ? __pfx_sctp_sendmsg_to_asoc+0x10/0x10 [ 443.025087][T10104] ? __local_bh_enable_ip+0x168/0x200 [ 443.025120][T10104] ? sctp_sendmsg+0xf30/0x3620 [ 443.025147][T10104] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 443.025183][T10104] ? sctp_sendmsg_check_sflags+0x181/0x2c0 [ 443.025218][T10104] sctp_sendmsg+0x2512/0x3620 [ 443.025270][T10104] ? __pfx_sctp_sendmsg+0x10/0x10 [ 443.025315][T10104] ? aa_sk_perm+0x96f/0xac0 [ 443.025356][T10104] ? inet_sendmsg+0x330/0x390 [ 443.025393][T10104] __sock_sendmsg+0x1a6/0x270 [ 443.025421][T10104] sock_write_iter+0x2d9/0x3f0 [ 443.025451][T10104] ? __pfx_sock_write_iter+0x10/0x10 [ 443.025487][T10104] ? bpf_lsm_file_permission+0x9/0x10 [ 443.025524][T10104] vfs_write+0x70f/0xd10 [ 443.025559][T10104] ? __pfx_sock_write_iter+0x10/0x10 [ 443.025584][T10104] ? __pfx_vfs_write+0x10/0x10 [ 443.025615][T10104] ? __fget_files+0x2a/0x420 [ 443.025638][T10104] ? __fget_files+0x2a/0x420 [ 443.025666][T10104] ksys_write+0x19d/0x2d0 [ 443.025696][T10104] ? __pfx_ksys_write+0x10/0x10 [ 443.025731][T10104] ? do_syscall_64+0xb6/0x210 [ 443.025757][T10104] do_syscall_64+0xf3/0x210 [ 443.025778][T10104] ? clear_bhb_loop+0x45/0xa0 [ 443.025802][T10104] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 443.025822][T10104] RIP: 0033:0x7ff47d98e169 [ 443.025840][T10104] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 443.025858][T10104] RSP: 002b:00007ff47e790038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 443.025879][T10104] RAX: ffffffffffffffda RBX: 00007ff47dbb6160 RCX: 00007ff47d98e169 [ 443.025894][T10104] RDX: 000000000000ffe0 RSI: 00002000000007c0 RDI: 0000000000000005 [ 443.025907][T10104] RBP: 00007ff47e790090 R08: 0000000000000000 R09: 0000000000000000 [ 443.025920][T10104] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 443.025932][T10104] R13: 0000000000000000 R14: 00007ff47dbb6160 R15: 00007ff47dcdfa28 [ 443.025963][T10104] [ 443.596412][ T5892] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 443.896304][ T5892] usb 3-1: device descriptor read/64, error -71 [ 444.061110][ T5892] usb usb3-port1: attempt power cycle [ 444.636271][ T5892] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 444.710534][ T5892] usb 3-1: device descriptor read/8, error -71 [ 445.046335][ T5888] usb 2-1: new high-speed USB device number 85 using dummy_hcd [ 445.065878][ T5892] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 445.166591][ T5915] usb 5-1: USB disconnect, device number 81 [ 445.195821][T10119] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 445.221166][T10119] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 445.258291][T10118] program syz.4.1269 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 445.261296][ T5892] usb 3-1: device descriptor read/8, error -71 [ 445.290567][ T5888] usb 2-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice= 0.00 [ 445.331614][T10121] FAULT_INJECTION: forcing a failure. [ 445.331614][T10121] name failslab, interval 1, probability 0, space 0, times 0 [ 445.347866][ T5888] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 445.354480][T10121] CPU: 0 UID: 0 PID: 10121 Comm: syz.4.1270 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 445.354516][T10121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 445.354530][T10121] Call Trace: [ 445.354539][T10121] [ 445.354548][T10121] dump_stack_lvl+0x241/0x360 [ 445.354591][T10121] ? __pfx_dump_stack_lvl+0x10/0x10 [ 445.354625][T10121] ? __pfx__printk+0x10/0x10 [ 445.354660][T10121] ? __pfx___might_resched+0x10/0x10 [ 445.354687][T10121] should_fail_ex+0x424/0x570 [ 445.354728][T10121] should_failslab+0xac/0x100 [ 445.354753][T10121] kmem_cache_alloc_noprof+0x78/0x390 [ 445.354776][T10121] ? alloc_empty_file+0x56/0x1d0 [ 445.354805][T10121] alloc_empty_file+0x56/0x1d0 [ 445.354829][T10121] path_openat+0x10d/0x35d0 [ 445.354861][T10121] ? stack_trace_save+0x11a/0x1d0 [ 445.354887][T10121] ? __pfx_kstrtoull+0x10/0x10 [ 445.354909][T10121] ? __pfx_stack_trace_save+0x10/0x10 [ 445.354938][T10121] ? stack_depot_save_flags+0x44/0x940 [ 445.354983][T10121] ? kasan_save_track+0x51/0x80 [ 445.355013][T10121] ? kasan_save_track+0x3f/0x80 [ 445.355041][T10121] ? __kasan_slab_alloc+0x66/0x80 [ 445.355072][T10121] ? kmem_cache_alloc_noprof+0x1e1/0x390 [ 445.355093][T10121] ? getname_flags+0xb7/0x530 [ 445.355114][T10121] ? __pfx_path_openat+0x10/0x10 [ 445.355139][T10121] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 445.355184][T10121] do_filp_open+0x284/0x4e0 [ 445.355231][T10121] ? __pfx_do_filp_open+0x10/0x10 [ 445.355256][T10121] ? do_raw_spin_lock+0x151/0x370 [ 445.355331][T10121] do_sys_openat2+0x12b/0x1d0 [ 445.355360][T10121] ? __pfx_do_sys_openat2+0x10/0x10 [ 445.355400][T10121] __se_sys_openat2+0x265/0x310 [ 445.355430][T10121] ? __pfx___se_sys_openat2+0x10/0x10 [ 445.355466][T10121] ? do_syscall_64+0xb6/0x210 [ 445.355495][T10121] do_syscall_64+0xf3/0x210 [ 445.355518][T10121] ? clear_bhb_loop+0x45/0xa0 [ 445.355545][T10121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 445.355566][T10121] RIP: 0033:0x7f3db998e169 [ 445.355587][T10121] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 445.355606][T10121] RSP: 002b:00007f3db77f6038 EFLAGS: 00000246 ORIG_RAX: 00000000000001b5 [ 445.355632][T10121] RAX: ffffffffffffffda RBX: 00007f3db9bb5fa0 RCX: 00007f3db998e169 [ 445.355648][T10121] RDX: 0000200000000380 RSI: 00002000000003c0 RDI: 0000000000000004 [ 445.355664][T10121] RBP: 00007f3db77f6090 R08: 0000000000000000 R09: 0000000000000000 [ 445.355678][T10121] R10: 0000000000000018 R11: 0000000000000246 R12: 0000000000000001 [ 445.355692][T10121] R13: 0000000000000000 R14: 00007f3db9bb5fa0 R15: 00007f3db9cdfa28 [ 445.355725][T10121] [ 445.627771][ T5892] usb usb3-port1: unable to enumerate USB device [ 445.757433][ T24] usb 1-1: USB disconnect, device number 99 [ 445.770011][ T5888] usb 2-1: Product: syz [ 445.774977][ T5888] usb 2-1: Manufacturer: syz [ 445.779935][ T5888] usb 2-1: SerialNumber: syz [ 445.787056][ T5888] usb 2-1: config 0 descriptor?? [ 445.892635][T10127] xt_socket: unknown flags 0x4 [ 445.995735][ T5888] hso 2-1:0.0: Can't find BULK IN endpoint [ 446.003434][ T5888] usb-storage 2-1:0.0: USB Mass Storage device detected [ 446.151672][T10136] FAULT_INJECTION: forcing a failure. [ 446.151672][T10136] name failslab, interval 1, probability 0, space 0, times 0 [ 446.164784][T10136] CPU: 0 UID: 0 PID: 10136 Comm: syz.4.1275 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 446.164815][T10136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 446.164828][T10136] Call Trace: [ 446.164837][T10136] [ 446.164845][T10136] dump_stack_lvl+0x241/0x360 [ 446.164885][T10136] ? __pfx_dump_stack_lvl+0x10/0x10 [ 446.164915][T10136] ? __pfx__printk+0x10/0x10 [ 446.164942][T10136] ? arch_stack_walk+0xff/0x150 [ 446.164971][T10136] ? __pfx___might_resched+0x10/0x10 [ 446.164997][T10136] should_fail_ex+0x424/0x570 [ 446.165034][T10136] should_failslab+0xac/0x100 [ 446.165057][T10136] ? __get_vm_area_node+0x132/0x2d0 [ 446.165079][T10136] __kmalloc_cache_node_noprof+0x74/0x3c0 [ 446.165104][T10136] ? __lock_acquire+0xad5/0xd80 [ 446.165137][T10136] __get_vm_area_node+0x132/0x2d0 [ 446.165166][T10136] __vmalloc_node_range_noprof+0x349/0x1390 [ 446.165201][T10136] ? snd_dma_alloc_dir_pages+0x121/0x220 [ 446.165266][T10136] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 446.165294][T10136] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 446.165324][T10136] ? snd_dma_alloc_dir_pages+0x121/0x220 [ 446.165367][T10136] vmalloc_noprof+0x79/0x90 [ 446.165390][T10136] ? snd_dma_alloc_dir_pages+0x121/0x220 [ 446.165420][T10136] snd_dma_alloc_dir_pages+0x121/0x220 [ 446.165455][T10136] do_alloc_pages+0x12d/0x280 [ 446.165490][T10136] snd_pcm_lib_malloc_pages+0x33f/0x760 [ 446.165530][T10136] snd_pcm_hw_params+0x961/0x1f40 [ 446.165560][T10136] ? kfree+0x198/0x430 [ 446.165576][T10136] ? snd_pcm_hw_param_near+0x3e3/0x790 [ 446.165610][T10136] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 446.165635][T10136] ? __pfx_snd_pcm_hw_param_near+0x10/0x10 [ 446.165662][T10136] ? __asan_memset+0x23/0x50 [ 446.165695][T10136] snd_pcm_oss_change_params_locked+0x2366/0x4150 [ 446.165752][T10136] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 446.165780][T10136] ? snd_pcm_oss_make_ready+0xc2/0x350 [ 446.165803][T10136] ? __lock_acquire+0xad5/0xd80 [ 446.165834][T10136] ? do_raw_spin_lock+0x151/0x370 [ 446.165864][T10136] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 446.165896][T10136] snd_pcm_oss_make_ready+0x11d/0x350 [ 446.165928][T10136] snd_pcm_oss_set_trigger+0x93/0x720 [ 446.165964][T10136] snd_pcm_oss_poll+0x6e8/0x940 [ 446.165986][T10136] ? __fget_files+0x2a/0x420 [ 446.166011][T10136] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 446.166032][T10136] ? __fget_files+0x2a/0x420 [ 446.166056][T10136] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 446.166081][T10136] do_sys_poll+0xa4a/0x13f0 [ 446.166138][T10136] ? __pfx_do_sys_poll+0x10/0x10 [ 446.166179][T10136] ? kstrtoull+0x1d3/0x2f0 [ 446.166272][T10136] ? _raw_spin_unlock_irq+0x23/0x50 [ 446.166300][T10136] ? lockdep_hardirqs_on+0x9d/0x150 [ 446.166322][T10136] ? _raw_spin_unlock_irq+0x2e/0x50 [ 446.166380][T10136] ? __pfx_set_user_sigmask+0x10/0x10 [ 446.166397][T10136] ? __fget_files+0x2a/0x420 [ 446.166427][T10136] __se_sys_ppoll+0x2a2/0x330 [ 446.166457][T10136] ? fput+0x9b/0xd0 [ 446.166481][T10136] ? __pfx___se_sys_ppoll+0x10/0x10 [ 446.166521][T10136] ? __x64_sys_ppoll+0x20/0xc0 [ 446.166553][T10136] do_syscall_64+0xf3/0x210 [ 446.166574][T10136] ? clear_bhb_loop+0x45/0xa0 [ 446.166598][T10136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.166617][T10136] RIP: 0033:0x7f3db998e169 [ 446.166635][T10136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 446.166653][T10136] RSP: 002b:00007f3db77f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 446.166674][T10136] RAX: ffffffffffffffda RBX: 00007f3db9bb5fa0 RCX: 00007f3db998e169 [ 446.166689][T10136] RDX: 0000200000000280 RSI: 0000000000000001 RDI: 00002000000001c0 [ 446.166702][T10136] RBP: 00007f3db77f6090 R08: 0000000000000008 R09: 0000000000000000 [ 446.166714][T10136] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000002 [ 446.166727][T10136] R13: 0000000000000000 R14: 00007f3db9bb5fa0 R15: 00007f3db9cdfa28 [ 446.166758][T10136] [ 446.326411][ T24] usb 1-1: new high-speed USB device number 100 using dummy_hcd [ 446.339555][T10112] netlink: 32 bytes leftover after parsing attributes in process `syz.1.1266'. [ 446.392203][T10136] syz.4.1275: vmalloc error: size 2097152, vm_struct allocation failed, mode:0xcc0(GFP_KERNEL), nodemask=(null) [ 446.396482][T10112] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1266'. [ 446.401048][T10136] ,cpuset= [ 446.406552][T10112] netlink: 48 bytes leftover after parsing attributes in process `syz.1.1266'. [ 446.420097][ T5915] usb 2-1: USB disconnect, device number 85 [ 446.428471][T10136] /,mems_allowed=0-1 [ 446.619029][T10136] CPU: 1 UID: 0 PID: 10136 Comm: syz.4.1275 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 446.619058][T10136] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 446.619071][T10136] Call Trace: [ 446.619079][T10136] [ 446.619088][T10136] dump_stack_lvl+0x241/0x360 [ 446.619125][T10136] ? __pfx_dump_stack_lvl+0x10/0x10 [ 446.619179][T10136] ? __pfx__printk+0x10/0x10 [ 446.619207][T10136] ? cpuset_print_current_mems_allowed+0x1f/0x350 [ 446.619234][T10136] ? __rcu_read_unlock+0xa1/0x110 [ 446.619264][T10136] warn_alloc+0x27c/0x410 [ 446.619297][T10136] ? __pfx_warn_alloc+0x10/0x10 [ 446.619332][T10136] ? __get_vm_area_node+0x280/0x2d0 [ 446.619363][T10136] __vmalloc_node_range_noprof+0x36e/0x1390 [ 446.619420][T10136] ? __pfx___vmalloc_node_range_noprof+0x10/0x10 [ 446.619446][T10136] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 446.619476][T10136] ? snd_dma_alloc_dir_pages+0x121/0x220 [ 446.619507][T10136] vmalloc_noprof+0x79/0x90 [ 446.619530][T10136] ? snd_dma_alloc_dir_pages+0x121/0x220 [ 446.619560][T10136] snd_dma_alloc_dir_pages+0x121/0x220 [ 446.619592][T10136] do_alloc_pages+0x12d/0x280 [ 446.619626][T10136] snd_pcm_lib_malloc_pages+0x33f/0x760 [ 446.619662][T10136] snd_pcm_hw_params+0x961/0x1f40 [ 446.619692][T10136] ? kfree+0x198/0x430 [ 446.619708][T10136] ? snd_pcm_hw_param_near+0x3e3/0x790 [ 446.619742][T10136] ? __pfx_snd_pcm_hw_params+0x10/0x10 [ 446.619765][T10136] ? __pfx_snd_pcm_hw_param_near+0x10/0x10 [ 446.619791][T10136] ? __asan_memset+0x23/0x50 [ 446.619825][T10136] snd_pcm_oss_change_params_locked+0x2366/0x4150 [ 446.619884][T10136] ? __pfx_snd_pcm_oss_change_params_locked+0x10/0x10 [ 446.619912][T10136] ? snd_pcm_oss_make_ready+0xc2/0x350 [ 446.619936][T10136] ? __lock_acquire+0xad5/0xd80 [ 446.619967][T10136] ? do_raw_spin_lock+0x151/0x370 [ 446.619998][T10136] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 446.620029][T10136] snd_pcm_oss_make_ready+0x11d/0x350 [ 446.620060][T10136] snd_pcm_oss_set_trigger+0x93/0x720 [ 446.620096][T10136] snd_pcm_oss_poll+0x6e8/0x940 [ 446.620119][T10136] ? __fget_files+0x2a/0x420 [ 446.620144][T10136] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 446.620173][T10136] ? __fget_files+0x2a/0x420 [ 446.620197][T10136] ? __pfx_snd_pcm_oss_poll+0x10/0x10 [ 446.620222][T10136] do_sys_poll+0xa4a/0x13f0 [ 446.620277][T10136] ? __pfx_do_sys_poll+0x10/0x10 [ 446.620312][T10136] ? kstrtoull+0x1d3/0x2f0 [ 446.620406][T10136] ? _raw_spin_unlock_irq+0x23/0x50 [ 446.620435][T10136] ? lockdep_hardirqs_on+0x9d/0x150 [ 446.620457][T10136] ? _raw_spin_unlock_irq+0x2e/0x50 [ 446.620515][T10136] ? __pfx_set_user_sigmask+0x10/0x10 [ 446.620533][T10136] ? __fget_files+0x2a/0x420 [ 446.620562][T10136] __se_sys_ppoll+0x2a2/0x330 [ 446.620592][T10136] ? fput+0x9b/0xd0 [ 446.620616][T10136] ? __pfx___se_sys_ppoll+0x10/0x10 [ 446.620655][T10136] ? __x64_sys_ppoll+0x20/0xc0 [ 446.620687][T10136] do_syscall_64+0xf3/0x210 [ 446.620708][T10136] ? clear_bhb_loop+0x45/0xa0 [ 446.620732][T10136] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.620751][T10136] RIP: 0033:0x7f3db998e169 [ 446.620769][T10136] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 446.620787][T10136] RSP: 002b:00007f3db77f6038 EFLAGS: 00000246 ORIG_RAX: 000000000000010f [ 446.620808][T10136] RAX: ffffffffffffffda RBX: 00007f3db9bb5fa0 RCX: 00007f3db998e169 [ 446.620823][T10136] RDX: 0000200000000280 RSI: 0000000000000001 RDI: 00002000000001c0 [ 446.620837][T10136] RBP: 00007f3db77f6090 R08: 0000000000000008 R09: 0000000000000000 [ 446.620849][T10136] R10: 00002000000002c0 R11: 0000000000000246 R12: 0000000000000002 [ 446.620861][T10136] R13: 0000000000000000 R14: 00007f3db9bb5fa0 R15: 00007f3db9cdfa28 [ 446.620892][T10136] [ 446.620901][T10136] Mem-Info: [ 447.002390][T10136] active_anon:7789 inactive_anon:0 isolated_anon:0 [ 447.002390][T10136] active_file:14903 inactive_file:38480 isolated_file:0 [ 447.002390][T10136] unevictable:768 dirty:247 writeback:0 [ 447.002390][T10136] slab_reclaimable:10072 slab_unreclaimable:99815 [ 447.002390][T10136] mapped:30038 shmem:1441 pagetables:2154 [ 447.002390][T10136] sec_pagetables:0 bounce:0 [ 447.002390][T10136] kernel_misc_reclaimable:0 [ 447.002390][T10136] free:1319760 free_pcp:914 free_cma:0 [ 447.058129][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 447.058352][T10136] Node 0 active_anon:31056kB inactive_anon:0kB active_file:59612kB inactive_file:153840kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:120152kB dirty:988kB writeback:0kB shmem:4228kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:12496kB pagetables:8616kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 447.098775][ T24] usb 1-1: config 4 has an invalid interface number: 128 but max is 0 [ 447.109848][ T24] usb 1-1: config 4 has no interface number 0 [ 447.125131][ T24] usb 1-1: config 4 interface 128 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 447.125167][ T24] usb 1-1: config 4 interface 128 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 447.125211][ T24] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 447.125236][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 447.128594][T10136] Node 1 active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:1536kB isolated(anon):0kB isolated(file):0kB mapped:0kB dirty:0kB writeback:0kB shmem:1536kB shmem_thp:0kB shmem_pmdmapped:0kB anon_thp:0kB writeback_tmp:0kB kernel_stack:48kB pagetables:0kB sec_pagetables:0kB all_unreclaimable? no Balloon:0kB [ 447.128658][T10136] Node 0 DMA free:15360kB boost:0kB min:208kB low:260kB high:312kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:0kB unevictable:0kB writepending:0kB present:15992kB managed:15360kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 447.128719][T10136] lowmem_reserve[]: 0 2487 2487 2487 2487 [ 447.128769][T10136] Node 0 DMA32 free:1353504kB boost:0kB min:34152kB low:42688kB high:51224kB reserved_highatomic:0KB active_anon:31048kB inactive_anon:0kB active_file:59612kB inactive_file:153740kB unevictable:1536kB writepending:988kB present:3129332kB managed:2547268kB mlocked:0kB bounce:0kB free_pcp:1424kB local_pcp:752kB free_cma:0kB [ 447.128830][T10136] lowmem_reserve[]: 0 0 0 0 0 [ 447.128877][T10136] Node 0 Normal free:0kB boost:0kB min:0kB low:0kB high:0kB reserved_highatomic:0KB active_anon:8kB inactive_anon:0kB active_file:0kB inactive_file:100kB unevictable:0kB writepending:0kB present:1048580kB managed:108kB mlocked:0kB bounce:0kB free_pcp:0kB local_pcp:0kB free_cma:0kB [ 447.128933][T10136] lowmem_reserve[]: 0 0 0 0 0 [ 447.128980][T10136] Node 1 Normal free:3909876kB boost:0kB min:55748kB low:69684kB high:83620kB reserved_highatomic:0KB active_anon:0kB inactive_anon:0kB active_file:0kB inactive_file:80kB unevictable:1536kB writepending:0kB present:4194300kB managed:4111164kB mlocked:0kB bounce:0kB free_pcp:2080kB local_pcp:2080kB free_cma:0kB [ 447.129039][T10136] lowmem_reserve[]: 0 0 0 0 0 [ 447.129086][T10136] Node 0 DMA: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 1*1024kB (U) 1*2048kB (M) 3*4096kB (M) = 15360kB [ 447.129271][T10136] Node 0 DMA32: 601*4kB (UME) 703*8kB (UME) 730*16kB (UME) 415*32kB (UME) 401*64kB (UME) 132*128kB (UME) 76*256kB (UME) 22*512kB (UME) 6*1024kB (UM) 8*2048kB (UME) 299*4096kB (UM) = 1353500kB [ 447.129478][T10136] Node 0 Normal: 0*4kB 0*8kB 0*16kB 0*32kB 0*64kB 0*128kB 0*256kB 0*512kB 0*1024kB 0*2048kB 0*4096kB = 0kB [ 447.129675][T10136] Node 1 Normal: 214*4kB (UE) 54*8kB (UME) 47*16kB (UME) 200*32kB (UME) 100*64kB (UME) 32*128kB (UME) 15*256kB (UM) 8*512kB (UM) 2*1024kB (UM) 3*2048kB (UM) 946*4096kB (ME) = 3909880kB [ 447.129883][T10136] Node 0 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 447.129902][T10136] Node 0 hugepages_total=4 hugepages_free=4 hugepages_surp=0 hugepages_size=2048kB [ 447.129920][T10136] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=1048576kB [ 447.129939][T10136] Node 1 hugepages_total=0 hugepages_free=0 hugepages_surp=0 hugepages_size=2048kB [ 447.129958][T10136] 54824 total pagecache pages [ 447.129969][T10136] 0 pages in swap cache [ 447.129977][T10136] Free swap = 124996kB [ 447.129987][T10136] Total swap = 124996kB [ 447.129997][T10136] 2097051 pages RAM [ 447.130006][T10136] 0 pages HighMem/MovableOnly [ 447.130016][T10136] 428576 pages reserved [ 447.130024][T10136] 0 pages cma reserved [ 447.144993][ T24] hub 1-1:4.128: USB hub found [ 447.327481][ C1] vkms_vblank_simulate: vblank timer overrun [ 447.375496][ T24] hub 1-1:4.128: 2 ports detected [ 447.375552][ T24] hub 1-1:4.128: Using single TT (err -22) [ 447.411225][ C1] vkms_vblank_simulate: vblank timer overrun [ 447.532587][ C1] vkms_vblank_simulate: vblank timer overrun [ 447.570251][ T24] hub 1-1:4.128: hub_hub_status failed (err = -71) [ 447.570293][ T24] hub 1-1:4.128: config failed, can't get hub status (err -71) [ 447.602578][ T24] usb 1-1: USB disconnect, device number 100 [ 447.716331][ T5892] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 447.883688][ T5892] usb 5-1: config 0 has no interfaces? [ 447.907965][ T5892] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 447.908000][ T5892] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 447.908030][ T5892] usb 5-1: Product: syz [ 447.908047][ T5892] usb 5-1: Manufacturer: syz [ 447.908064][ T5892] usb 5-1: SerialNumber: syz [ 447.911449][ T5892] usb 5-1: config 0 descriptor?? [ 448.476593][ T5888] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 448.496202][ T24] usb 1-1: new full-speed USB device number 101 using dummy_hcd [ 448.636275][ T5888] usb 2-1: device descriptor read/64, error -71 [ 448.688816][ T24] usb 1-1: config 16 has an invalid interface number: 168 but max is 0 [ 448.708600][ T24] usb 1-1: config 16 has no interface number 0 [ 448.715372][ T24] usb 1-1: config 16 interface 168 altsetting 0 has an endpoint descriptor with address 0xA1, changing to 0x81 [ 448.738880][ T24] usb 1-1: config 16 interface 168 altsetting 0 endpoint 0x81 has invalid maxpacket 1024, setting to 64 [ 448.752081][ T24] usb 1-1: New USB device found, idVendor=0586, idProduct=0102, bcdDevice=14.0a [ 448.761893][ T24] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.780624][T10161] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 448.797238][T10172] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 448.810858][T10172] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 448.823416][ T24] HFC-S_USB 1-1:16.168: probe with driver HFC-S_USB failed with error -5 [ 448.896362][ T5888] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 449.077070][ T5888] usb 2-1: device descriptor read/64, error -71 [ 449.086841][T10175] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 449.186586][ T5888] usb usb2-port1: attempt power cycle [ 449.223972][ T5849] Bluetooth: hci4: command 0x0406 tx timeout [ 449.300581][T10176] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 449.340621][T10176] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 449.399797][T10161] loop6: detected capacity change from 0 to 524287999 [ 449.519067][ T47] usb 1-1: USB disconnect, device number 101 [ 449.546339][ T5888] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 449.569046][ T5888] usb 2-1: device descriptor read/8, error -71 [ 449.856289][ T5888] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 449.878117][ T5888] usb 2-1: device descriptor read/8, error -71 [ 450.001114][ T5888] usb usb2-port1: unable to enumerate USB device [ 450.008305][T10181] FAULT_INJECTION: forcing a failure. [ 450.008305][T10181] name failslab, interval 1, probability 0, space 0, times 0 [ 450.024953][T10181] CPU: 0 UID: 0 PID: 10181 Comm: syz.3.1288 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 450.024987][T10181] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 450.025000][T10181] Call Trace: [ 450.025008][T10181] [ 450.025018][T10181] dump_stack_lvl+0x241/0x360 [ 450.025057][T10181] ? __pfx_dump_stack_lvl+0x10/0x10 [ 450.025087][T10181] ? __pfx__printk+0x10/0x10 [ 450.025122][T10181] ? __pfx___might_resched+0x10/0x10 [ 450.025147][T10181] should_fail_ex+0x424/0x570 [ 450.025185][T10181] should_failslab+0xac/0x100 [ 450.025210][T10181] __kmalloc_node_track_caller_noprof+0xe2/0x4d0 [ 450.025235][T10181] ? smb3_parse_devname+0xe2/0x770 [ 450.025265][T10181] kstrndup+0x78/0x150 [ 450.025285][T10181] smb3_parse_devname+0xe2/0x770 [ 450.025321][T10181] ? smb3_fs_context_parse_param+0x4cdc/0x9300 [ 450.025354][T10181] smb3_fs_context_parse_param+0x4d2d/0x9300 [ 450.025381][T10181] ? __se_sys_fsconfig+0x9a3/0xf40 [ 450.025405][T10181] ? __pfx___mutex_lock+0x10/0x10 [ 450.025429][T10181] ? __pfx_smb3_fs_context_parse_param+0x10/0x10 [ 450.025462][T10181] ? static_key_count+0x41/0x70 [ 450.025494][T10181] vfs_parse_fs_param+0x1a5/0x420 [ 450.025530][T10181] __se_sys_fsconfig+0xc20/0xf40 [ 450.025564][T10181] ? __pfx___se_sys_fsconfig+0x10/0x10 [ 450.025586][T10181] ? ksys_write+0x275/0x2d0 [ 450.025626][T10181] ? __x64_sys_fsconfig+0x20/0xc0 [ 450.025652][T10181] do_syscall_64+0xf3/0x210 [ 450.025673][T10181] ? clear_bhb_loop+0x45/0xa0 [ 450.025697][T10181] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.025718][T10181] RIP: 0033:0x7f2bb3b8e169 [ 450.025737][T10181] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 450.025754][T10181] RSP: 002b:00007f2bb49ce038 EFLAGS: 00000246 ORIG_RAX: 00000000000001af [ 450.025776][T10181] RAX: ffffffffffffffda RBX: 00007f2bb3db5fa0 RCX: 00007f2bb3b8e169 [ 450.025790][T10181] RDX: 0000200000000080 RSI: 0000000000000001 RDI: 0000000000000003 [ 450.025809][T10181] RBP: 00007f2bb49ce090 R08: 0000000000000000 R09: 0000000000000000 [ 450.025821][T10181] R10: 0000200000000240 R11: 0000000000000246 R12: 0000000000000001 [ 450.025834][T10181] R13: 0000000000000000 R14: 00007f2bb3db5fa0 R15: 00007f2bb3edfa28 [ 450.025866][T10181] [ 450.284688][T10181] CIFS: VFS: Unable to allocate memory for devname [ 450.415112][T10187] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1291'. [ 450.900847][ T5892] usb 5-1: USB disconnect, device number 82 [ 450.963323][T10195] FAULT_INJECTION: forcing a failure. [ 450.963323][T10195] name failslab, interval 1, probability 0, space 0, times 0 [ 451.012878][T10195] CPU: 1 UID: 0 PID: 10195 Comm: syz.0.1293 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 451.012916][T10195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 451.012930][T10195] Call Trace: [ 451.012938][T10195] [ 451.012946][T10195] dump_stack_lvl+0x241/0x360 [ 451.012984][T10195] ? __pfx_dump_stack_lvl+0x10/0x10 [ 451.013013][T10195] ? __pfx__printk+0x10/0x10 [ 451.013045][T10195] ? __pfx___might_resched+0x10/0x10 [ 451.013069][T10195] should_fail_ex+0x424/0x570 [ 451.013106][T10195] should_failslab+0xac/0x100 [ 451.013128][T10195] __kmalloc_cache_noprof+0x73/0x370 [ 451.013149][T10195] ? landlock_init_hierarchy_log+0xa0/0x640 [ 451.013184][T10195] landlock_init_hierarchy_log+0xa0/0x640 [ 451.013211][T10195] ? __kmalloc_cache_noprof+0x236/0x370 [ 451.013238][T10195] landlock_merge_ruleset+0x66e/0x900 [ 451.013282][T10195] __se_sys_landlock_restrict_self+0x2ce/0x7d0 [ 451.013312][T10195] ? __secure_computing+0xea/0x2b0 [ 451.013357][T10195] do_syscall_64+0xf3/0x210 [ 451.013379][T10195] ? clear_bhb_loop+0x45/0xa0 [ 451.013403][T10195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.013422][T10195] RIP: 0033:0x7ff47d98e169 [ 451.013440][T10195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.013457][T10195] RSP: 002b:00007ff47e7d2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 451.013479][T10195] RAX: ffffffffffffffda RBX: 00007ff47dbb5fa0 RCX: 00007ff47d98e169 [ 451.013494][T10195] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 451.013505][T10195] RBP: 00007ff47e7d2090 R08: 0000000000000000 R09: 0000000000000000 [ 451.013518][T10195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 451.013529][T10195] R13: 0000000000000000 R14: 00007ff47dbb5fa0 R15: 00007ff47dcdfa28 [ 451.013560][T10195] [ 451.015407][T10195] ------------[ cut here ]------------ [ 451.214123][T10195] WARNING: CPU: 1 PID: 10195 at security/landlock/domain.h:133 free_ruleset+0x1f3/0x250 [ 451.223942][T10195] Modules linked in: [ 451.227930][T10195] CPU: 1 UID: 0 PID: 10195 Comm: syz.0.1293 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 451.240073][T10195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 451.250231][T10195] RIP: 0010:free_ruleset+0x1f3/0x250 SYZFAIL: failed to send rpc fd=3 want=15024 sent=0 n=-1 (errno 32: Broken pipe) [ 451.255562][T10195] Code: 89 ff e8 50 55 6c fd 49 8b 1f 4c 89 ff e8 15 b3 60 fd 48 85 db 74 36 e8 5b 1b 02 fd 49 89 df e9 34 ff ff ff e8 4e 1b 02 fd 90 <0f> 0b 90 eb c2 e8 43 1b 02 fd eb 1c bf 01 00 00 00 89 ee e8 75 1f [ 451.275229][ C1] vkms_vblank_simulate: vblank timer overrun [ 451.282398][T10195] RSP: 0018:ffffc9000b88fdd8 EFLAGS: 00010293 [ 451.289382][T10195] RAX: ffffffff84c0a1d2 RBX: 0000000000000000 RCX: ffff88802bd61e00 [ 451.297559][T10195] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 451.305572][T10195] RBP: 1ffff110067cf484 R08: ffffffff84c1ad6f R09: 1ffff110067cf481 [ 451.313642][T10195] R10: dffffc0000000000 R11: ffffed10067cf482 R12: ffff888033e7a420 [ 451.321708][T10195] R13: dffffc0000000000 R14: ffff888035006000 R15: ffff888033e7a400 [ 451.329815][T10195] FS: 00007ff47e7d26c0(0000) GS:ffff88812509a000(0000) knlGS:0000000000000000 [ 451.338814][T10195] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 451.345452][T10195] CR2: 0000000000000000 CR3: 0000000022baa000 CR4: 00000000003526f0 [ 451.353524][T10195] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 451.362797][T10195] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 451.371588][T10195] Call Trace: [ 451.374931][T10195] [ 451.377946][T10195] landlock_merge_ruleset+0x6d8/0x900 [ 451.383367][T10195] __se_sys_landlock_restrict_self+0x2ce/0x7d0 [ 451.389645][T10195] ? __secure_computing+0xea/0x2b0 [ 451.394843][T10195] do_syscall_64+0xf3/0x210 [ 451.399417][T10195] ? clear_bhb_loop+0x45/0xa0 [ 451.404155][T10195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.410155][T10195] RIP: 0033:0x7ff47d98e169 [ 451.414600][T10195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.434351][T10195] RSP: 002b:00007ff47e7d2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 451.442896][T10195] RAX: ffffffffffffffda RBX: 00007ff47dbb5fa0 RCX: 00007ff47d98e169 [ 451.451399][T10195] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 451.459478][T10195] RBP: 00007ff47e7d2090 R08: 0000000000000000 R09: 0000000000000000 [ 451.468426][T10195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 451.477272][T10195] R13: 0000000000000000 R14: 00007ff47dbb5fa0 R15: 00007ff47dcdfa28 [ 451.485307][T10195] [ 451.488440][T10195] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 451.495768][T10195] CPU: 1 UID: 0 PID: 10195 Comm: syz.0.1293 Not tainted 6.15.0-rc2-syzkaller-00488-g6fea5fabd332 #0 PREEMPT(full) [ 451.507861][T10195] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 451.517948][T10195] Call Trace: [ 451.521233][T10195] [ 451.524168][T10195] dump_stack_lvl+0x241/0x360 [ 451.528869][T10195] ? __pfx_dump_stack_lvl+0x10/0x10 [ 451.534081][T10195] ? __pfx__printk+0x10/0x10 [ 451.538691][T10195] ? vscnprintf+0x5d/0x90 [ 451.543036][T10195] panic+0x349/0x880 [ 451.546961][T10195] ? __warn+0x174/0x4d0 [ 451.551155][T10195] ? __pfx_panic+0x10/0x10 [ 451.555608][T10195] __warn+0x344/0x4d0 [ 451.559634][T10195] ? free_ruleset+0x1f3/0x250 [ 451.564368][T10195] report_bug+0x2b3/0x500 [ 451.568723][T10195] ? free_ruleset+0x1f3/0x250 [ 451.573440][T10195] ? free_ruleset+0x1f3/0x250 [ 451.578159][T10195] ? free_ruleset+0x1f5/0x250 [ 451.582896][T10195] handle_bug+0x89/0x170 [ 451.587184][T10195] exc_invalid_op+0x1a/0x50 [ 451.591737][T10195] asm_exc_invalid_op+0x1a/0x20 [ 451.596618][T10195] RIP: 0010:free_ruleset+0x1f3/0x250 [ 451.601946][T10195] Code: 89 ff e8 50 55 6c fd 49 8b 1f 4c 89 ff e8 15 b3 60 fd 48 85 db 74 36 e8 5b 1b 02 fd 49 89 df e9 34 ff ff ff e8 4e 1b 02 fd 90 <0f> 0b 90 eb c2 e8 43 1b 02 fd eb 1c bf 01 00 00 00 89 ee e8 75 1f [ 451.621586][T10195] RSP: 0018:ffffc9000b88fdd8 EFLAGS: 00010293 [ 451.627673][T10195] RAX: ffffffff84c0a1d2 RBX: 0000000000000000 RCX: ffff88802bd61e00 [ 451.635658][T10195] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 451.643635][T10195] RBP: 1ffff110067cf484 R08: ffffffff84c1ad6f R09: 1ffff110067cf481 [ 451.651609][T10195] R10: dffffc0000000000 R11: ffffed10067cf482 R12: ffff888033e7a420 [ 451.659588][T10195] R13: dffffc0000000000 R14: ffff888035006000 R15: ffff888033e7a400 [ 451.667571][T10195] ? landlock_log_drop_domain+0x4f/0x1b0 [ 451.673216][T10195] ? free_ruleset+0x1f2/0x250 [ 451.677923][T10195] ? free_ruleset+0x1f2/0x250 [ 451.682619][T10195] landlock_merge_ruleset+0x6d8/0x900 [ 451.688015][T10195] __se_sys_landlock_restrict_self+0x2ce/0x7d0 [ 451.694185][T10195] ? __secure_computing+0xea/0x2b0 [ 451.699319][T10195] do_syscall_64+0xf3/0x210 [ 451.703828][T10195] ? clear_bhb_loop+0x45/0xa0 [ 451.708514][T10195] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 451.714413][T10195] RIP: 0033:0x7ff47d98e169 [ 451.718834][T10195] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 451.738446][T10195] RSP: 002b:00007ff47e7d2038 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 451.746874][T10195] RAX: ffffffffffffffda RBX: 00007ff47dbb5fa0 RCX: 00007ff47d98e169 [ 451.754849][T10195] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000003 [ 451.762828][T10195] RBP: 00007ff47e7d2090 R08: 0000000000000000 R09: 0000000000000000 [ 451.770803][T10195] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 451.778782][T10195] R13: 0000000000000000 R14: 00007ff47dbb5fa0 R15: 00007ff47dcdfa28 [ 451.786777][T10195] [ 451.790167][T10195] Kernel Offset: disabled [ 451.794503][T10195] Rebooting in 86400 seconds..