last executing test programs: 3.007685428s ago: executing program 2 (id=833): r0 = socket$inet_sctp(0x2, 0x5, 0x84) getsockopt$inet_sctp_SCTP_RECVNXTINFO(r0, 0x84, 0x21, &(0x7f0000000140), &(0x7f00000004c0)=0x4) 2.820067679s ago: executing program 2 (id=834): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)=0x0) timer_settime(r1, 0x1, &(0x7f0000000340)={{0x0, 0x989680}, {0x0, 0x3938700}}, 0x0) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000000)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) write$uinput_user_dev(0xffffffffffffffff, 0x0, 0x0) 2.0607003s ago: executing program 1 (id=843): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f0000000080)={0xa, 0x2, 0x200, @loopback, 0x7}, 0x1c) setsockopt$inet6_tcp_int(r0, 0x6, 0x2000000000000022, &(0x7f0000000200)=0x1, 0x4) sendto$inet6(r0, &(0x7f0000000280)="32780f64398323756224d03ac5cb3838e854cf6fe7e38c09daa0e76828c158699b396cff6b5ef9b454e678333fb7c00b", 0x30, 0x20000045, &(0x7f00000001c0)={0xa, 0x2, 0xffff, @loopback, 0x3}, 0x1c) setsockopt$inet6_tcp_TCP_CONGESTION(r0, 0x6, 0xd, &(0x7f00000000c0)='bbr\x00', 0x4) shutdown(r0, 0x1) 1.860106631s ago: executing program 0 (id=845): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000000), 0x181341, 0x0) ioctl$TIOCCONS(r0, 0x541d) 1.859885405s ago: executing program 1 (id=846): r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000000), 0x40, 0x0) fcntl$lock(r0, 0x11, &(0x7f0000003c80)={0x0, 0x0, 0x0, 0x8}) 1.853079488s ago: executing program 4 (id=847): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) pipe(&(0x7f0000000000)) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x4) setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(r0, 0x6, 0x14, &(0x7f00000013c0)=0x80000000001, 0x4) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFNL_MSG_COMPAT_GET(r1, &(0x7f0000002680)={&(0x7f00000025c0)={0x10, 0x0, 0x0, 0x20000}, 0xc, &(0x7f0000002640)={&(0x7f00000003c0)=ANY=[@ANYBLOB="24000000000b0500000000293a000800024000e000005a6a48b77c2050138cf06ecd5eb270207e1f7c36c211bab80dbed8a65efd5e95c95bd7350500f028f9c75c80d54a41b3e86c6835394343e238feeb046300"/94], 0x24}}, 0x4004004) 1.766400593s ago: executing program 3 (id=848): socket$nl_generic(0x10, 0x3, 0x10) socket$qrtr(0x2a, 0x2, 0x0) syz_open_dev$vim2m(0x0, 0x800, 0x2) socket$nl_netfilter(0x10, 0x3, 0xc) socket$nl_netfilter(0x10, 0x3, 0xc) io_submit(0x0, 0x0, 0x0) writev(0xffffffffffffffff, &(0x7f0000000940), 0x0) openat$6lowpan_enable(0xffffffffffffff9c, 0x0, 0x2, 0x0) socket$inet_mptcp(0x2, 0x1, 0x106) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$netlink(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route_sched(r2, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={0x0, 0x24}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x2ba) sendmsg$nl_route(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c0000001000850619fbb7c75150926b00000000", @ANYRES32=r3, @ANYBLOB="fe000000000000001c0012000c000100626f6e64000000000c0002000800010004"], 0x3c}}, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket(0x1, 0x803, 0x0) getsockname$packet(r5, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r4, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000480)=ANY=[@ANYBLOB="540000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="00000000000000002c0012800e0001006970366772657461700000001800028014000700fc00000000000000000000000000000008000a00", @ANYRES32=r6], 0x54}}, 0x0) socket$netlink(0x10, 0x3, 0x4) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f00000000c0)=@dellink={0x20, 0x11, 0x1, 0x70bd2d, 0x25dfdbfb, {0x0, 0x0, 0x0, r6, 0x8010, 0x602a1}}, 0x20}, 0x1, 0x0, 0x0, 0x40000}, 0x0) 1.646464917s ago: executing program 1 (id=849): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)={{0x14}, [@NFT_MSG_NEWRULE={0x54, 0x6, 0xa, 0x40b, 0x0, 0x0, {0x2}, [@NFTA_RULE_EXPRESSIONS={0x28, 0x4, 0x0, 0x1, [{0x24, 0x1, 0x0, 0x1, @exthdr={{0xb}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_EXTHDR_LEN={0x8, 0x4, 0x1, 0x0, 0x2}, @NFTA_EXTHDR_OP={0x8, 0x6, 0x1, 0x0, 0x1}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x7c}}, 0x0) 1.646133994s ago: executing program 0 (id=850): r0 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000000)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) r1 = epoll_create1(0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) write$cgroup_int(0xffffffffffffffff, 0x0, 0x0) r3 = socket$inet6_udp(0x2d, 0x2, 0x0) madvise(&(0x7f0000bdc000/0x4000)=nil, 0x86ac726dff2f4713, 0xa) r4 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./cgroup/cgroup.procs\x00', 0x2, 0x0) write$sysctl(r4, &(0x7f0000000000)='5\x00', 0x2) syz_clone3(&(0x7f00000003c0)={0x385200080, 0x0, 0x0, 0x0, {}, 0x0, 0x0, 0x0, 0x0, 0x0, {r4}}, 0x58) r5 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_RECV(r5, 0xc0502100, 0x0) ioctl$SECCOMP_IOCTL_NOTIF_ADDFD(r5, 0x40182103, 0x0) setsockopt$inet6_MCAST_MSFILTER(r3, 0x11d, 0x30, 0x0, 0x0) r6 = epoll_create1(0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r2, 0x0) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x26e1, 0x0) r7 = syz_open_dev$cec(&(0x7f0000000280), 0x0, 0x80200) ioctl$CEC_ADAP_S_LOG_ADDRS(r7, 0xc05c6104, &(0x7f00000001c0)={"f2efe21e", 0x0, 0x5, 0x4a, 0x0, 0x1ff, "2179d46fd08e3c0ced34c7d0c7e6d7", '\x00', "0400", "a2d1d4a2", ["1af0b1ba1cb8fd54c9c9b587", "bed0f3d6ce7a5f7389827f04", "33af343c60abc64f2fdc9ddf", "9b3842fc56849f6236eb1c3c"]}) r8 = syz_open_dev$cec(&(0x7f0000000000), 0x0, 0x40b80) ioctl$CEC_TRANSMIT(r8, 0xc0386105, &(0x7f0000000d40)={0x2, 0x3, 0x3, 0xfffffffc, 0x0, 0x4063, "57c1169b6664e261326ac71ae7213059", 0x0, 0x0, 0x0, 0xfd, 0x5, 0x1}) ioctl$CEC_ADAP_S_LOG_ADDRS(r7, 0xc05c6104, &(0x7f0000000340)={"8171f879", 0x7, 0xb0, 0x0, 0x9, 0x5, "0080000000000080ffffffffffffff", "0c598b00", "0200", "01000800", ["dc001000", "0000000000ffe700005a00", "4a218302000000215c384d00", "790000a5a16706008c00edbf"]}) mkdirat(0xffffffffffffff9c, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r6, 0x1, r1, &(0x7f0000000000)={0xa0000001}) openat$binfmt_register(0xffffffffffffff9c, &(0x7f0000000000), 0x1, 0x0) madvise(&(0x7f0000c00000/0x400000)=nil, 0x400000, 0xe) mremap(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x3000, 0x3, &(0x7f0000ff5000/0x3000)=nil) close_range(r0, 0xffffffffffffffff, 0x0) 1.582919418s ago: executing program 4 (id=851): r0 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0xc81) ioctl$BLKTRACESETUP(r0, 0xc0481273, &(0x7f0000000b40)={'\x00', 0x8, 0x530, 0xc, 0xfffffffffffffffd, 0x59c}) ioctl$SG_BLKTRACETEARDOWN(r0, 0x1276, 0x20000000) 1.43254234s ago: executing program 2 (id=852): r0 = openat$rtc(0xffffffffffffff9c, &(0x7f0000000200), 0x140, 0x0) ioctl$RTC_AIE_ON(r0, 0x7001) 1.33209643s ago: executing program 1 (id=853): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="18010000000000080000000000000004850000006d00000095"], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) bpf$ENABLE_STATS(0x20, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r2, {}, {}, {0xfff3}}}, 0x24}}, 0x40000) 1.33182725s ago: executing program 2 (id=854): r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$SO_TIMESTAMPING(r0, 0x1, 0x25, &(0x7f0000000200)=0x474c, 0x4) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x10) connect$inet(r0, &(0x7f0000000480)={0x2, 0x0, @multicast1}, 0x10) bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x8, &(0x7f0000000080)=ANY=[@ANYBLOB="18000000bb00551a000000000000000018"], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x2d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x0) setsockopt$inet_int(r0, 0x0, 0x8, &(0x7f0000000180)=0x8, 0x4) recvmmsg(r0, &(0x7f0000000040), 0x291962b, 0x45833af92e4b39ff, 0x0) 1.29992254s ago: executing program 0 (id=855): mount$nfs(&(0x7f00000001c0)='\xb2\x83\x87J9I\xc3i\xe4\x81\xc5:\xccLD\x9d\xd8\xc7\x90v\x8b\x82\x90\xa4\xdd\x98\xb8\rQh#\xfacl\x01\x8cC\x1f|\xa5\xcb\x8f\xe5WJ\x00>\xf2\xd6\t\xf4IE\xcb\x15A\xb5\xbbG\xa0\xea\xc4\x03\xf2\xf5\xf4\xa1\x98', &(0x7f0000000240)='./file0\x00', 0x0, 0x201008, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x101100, 0x0) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x3) syz_io_uring_setup(0x234, 0x0, 0x0, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) timer_create(0x0, &(0x7f0000000380)={0x0, 0x9d, 0x4}, &(0x7f0000000300)=0x0) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0xff5000)=nil, 0xff5000, 0x2, 0x4c831, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x18) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) socket(0x10, 0x3, 0x0) openat$zero(0xffffffffffffff9c, &(0x7f0000000040), 0x200400, 0x0) 1.293739579s ago: executing program 4 (id=856): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x6, &(0x7f0000000180)=0x100000001, 0x4) 1.052014178s ago: executing program 0 (id=857): socket$unix(0x1, 0x2, 0x0) syz_genetlink_get_family_id$ipvs(&(0x7f00000000c0), 0xffffffffffffffff) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) r0 = gettid() sched_setaffinity(r0, 0x8, &(0x7f0000000080)=0x6) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$UFFDIO_API(0xffffffffffffffff, 0xc018aa3f, 0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, 0x0, 0x0, 0x4) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000002800)={{&(0x7f0000ffa000/0x3000)=nil, 0x3000}, 0x1}) socket$key(0xf, 0x3, 0x2) preadv(0xffffffffffffffff, 0x0, 0x0, 0x7fff, 0x0) sendmsg$IPVS_CMD_NEW_DAEMON(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8004}, 0x4048040) mmap$IORING_OFF_SQ_RING(&(0x7f0000400000/0xc00000)=nil, 0xc00000, 0x1000000, 0x5d032, 0xffffffffffffffff, 0x0) r1 = userfaultfd(0x80801) ioctl$UFFDIO_API(r1, 0xc018aa3f, &(0x7f0000000100)) ioctl$UFFDIO_REGISTER(r1, 0xc020aa00, &(0x7f0000000040)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}, 0x5}) ioctl$UFFDIO_CONTINUE(r1, 0xc020aa08, &(0x7f0000000080)={{&(0x7f0000400000/0xc00000)=nil, 0xc00000}}) syz_clone3(&(0x7f0000000480)={0x100000, 0x0, 0x0, 0x0, {0x3}, 0x0, 0x0, 0x0, 0x0}, 0x58) 1.051810262s ago: executing program 4 (id=858): r0 = socket$inet6_sctp(0xa, 0x5, 0x84) sendmmsg$inet6(r0, &(0x7f0000005900)=[{{&(0x7f0000000040)={0xa, 0x4e23, 0x40, @loopback, 0x837}, 0x1c, &(0x7f00000003c0)=[{&(0x7f0000000080)=';', 0x1}], 0x1}}], 0x1, 0x0) getsockopt$inet6_buf(r0, 0x29, 0x3d, &(0x7f0000000340)=""/60, &(0x7f0000000380)=0x3c) 962.584392ms ago: executing program 3 (id=859): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000900)={{0x14}, [@NFT_MSG_NEWSETELEM={0x20, 0xb, 0xa, 0x201, 0x0, 0x0, {0x7}, [@NFTA_SET_ELEM_LIST_TABLE={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x10, 0x1, 0x0, 0x0, {0x0, 0x84}}}, 0x48}}, 0x0) 904.05001ms ago: executing program 4 (id=860): socket$nl_netfilter(0x10, 0x3, 0xc) socket$unix(0x1, 0x1, 0x0) socket$netlink(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt$inet_sctp6_SCTP_ENABLE_STREAM_RESET(r0, 0x84, 0x76, &(0x7f0000000200)={0x0, 0x7}, 0x8) setsockopt$inet_sctp6_SCTP_RECONFIG_SUPPORTED(r0, 0x84, 0x75, &(0x7f0000000340)={0x0, 0xcc}, 0x8) ptrace$setsig(0x4203, 0x0, 0x2, &(0x7f0000000040)={0x2, 0xa, 0x1e0000}) r1 = socket$inet6(0xa, 0x802, 0x0) setsockopt$inet_sctp_SCTP_SOCKOPT_BINDX_ADD(r0, 0x84, 0x64, &(0x7f0000000280)=[@in6={0xa, 0x4e23, 0x0, @loopback, 0x7}], 0x1c) sendmmsg$inet6(r0, &(0x7f0000000640)=[{{&(0x7f0000000080)={0xa, 0x4e23, 0x2, @loopback, 0x3}, 0x1c, &(0x7f0000000500)=[{&(0x7f0000000300)="06", 0x1}], 0x1}}], 0x1, 0x3404c8d4) setsockopt$inet_sctp6_SCTP_RESET_STREAMS(r0, 0x84, 0x77, &(0x7f0000000040)=ANY=[@ANYRES32, @ANYRES16=r0, @ANYRES16=r1], 0x1000f) 800.03835ms ago: executing program 0 (id=861): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r0, 0xfffffffc) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), 0xffffffffffffffff) r4 = socket$nl_route(0x10, 0x3, 0x0) r5 = socket$inet6_udp(0xa, 0x2, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000c80)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000001200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=@newqdisc={0x40, 0x24, 0x4ee4e6a52ff56541, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r6, {}, {0xffff, 0xffff}, {0xd}}, [@qdisc_kind_options=@q_fq={{0x7}, {0x14, 0x2, [@TCA_FQ_FLOW_MAX_RATE={0x8, 0x7, 0x9}, @TCA_FQ_CE_THRESHOLD={0x8, 0xc, 0x9}]}}]}, 0x40}}, 0x0) ioctl$TIOCSETD(0xffffffffffffffff, 0x5423, 0x0) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r3, 0x7, 0x70bd25, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x0) 791.587679ms ago: executing program 1 (id=862): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendmsg$NL80211_CMD_JOIN_OCB(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000380)=ANY=[@ANYBLOB="240000005f304433b3c4d403b4c4ddca0e3cf4c122da00a646d2f5d832c05d66d0"], 0x24}, 0x1, 0x0, 0x0, 0x810}, 0x4000000) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4400ae8f, &(0x7f0000000140)=@x86={0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0xff, 0xff}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 737.404536ms ago: executing program 3 (id=863): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f0000000480)={{{@in=@rand_addr=0x64010101, @in6=@rand_addr=' \x01\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x02', 0x0, 0x2, 0x4e21, 0x4b, 0x2}, {0x0, 0x0, 0x4, 0x34a, 0x0, 0x0, 0x9c0, 0x6}, {0xffffbffffffffffc, 0x0, 0x0, 0x1}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in6=@mcast1, 0x4d3, 0x3c}, 0xa, @in6=@remote, 0x3507, 0x4, 0x3, 0x0, 0x0, 0x4000000, 0x1}}, 0xe8) r1 = socket$kcm(0x10, 0x2, 0x0) r2 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_int(r2, 0x1, 0x8, &(0x7f00000001c0), 0x4) sendmsg$key(r2, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000005c0)=ANY=[@ANYBLOB="020b000102"], 0x10}}, 0x0) sendmsg$key(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000000240)=ANY=[@ANYBLOB="0212000002"], 0x10}}, 0x158) sendmsg$kcm(r1, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000000700)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73772cc9f1ba1f848430000005e140602000000000e000a00100000000280", 0x2a}, {&(0x7f0000000400)="6a6f8e5e", 0x4}], 0x2}, 0x0) 584.072515ms ago: executing program 4 (id=864): socket$nl_route(0x10, 0x3, 0x0) socket$can_raw(0x1d, 0x3, 0x1) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet_tcp(0x2, 0x1, 0x0) socket$inet6_sctp(0xa, 0x1, 0x84) r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f0000000200)={0x26, 'aead\x00', 0x0, 0x0, 'aegis128-generic\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000140)="2c385aa3d491009b3426c8928f3d97cb", 0x10) r1 = accept4(r0, 0x0, 0x0, 0x0) pselect6(0x40, &(0x7f00000001c0)={0x1, 0x0, 0x3, 0xfffffffffffffffd}, 0x0, &(0x7f0000000000)={0x3ff, 0x0, 0x0, 0x9, 0x0, 0x1, 0x7fffffff}, 0x0, 0x0) sendmsg$alg(r1, &(0x7f0000002a00)={0x0, 0x0, &(0x7f0000002980)=[{&(0x7f0000002800)='a', 0x1}], 0x1, 0x0, 0x0, 0x20000044}, 0x24040011) 463.523922ms ago: executing program 0 (id=865): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000000)={{0x12, 0x1, 0x300, 0x0, 0x0, 0x0, 0x8, 0x1038, 0x1410, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0x80, 0x3, [{{0x9, 0x4, 0x0, 0xa, 0x2, 0x3, 0x1, 0x0, 0x1d, {0x9, 0x21, 0xf800, 0xdf, 0x1, {0x22, 0xb3}}, {{{0x9, 0x5, 0x81, 0x3, 0x9a24824d8b6ef257, 0x0, 0x0, 0xe}}}}}]}}]}}, &(0x7f0000000480)={0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, &(0x7f00000006c0)={0x2c, 0x0, &(0x7f0000000540)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x404}}, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000ec0)={0x24, 0x0, &(0x7f0000000d40)={0x0, 0x3, 0x2, @string={0x2}}, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000001940)={0x24, 0x0, &(0x7f0000001880)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x42a}}, 0x0, 0x0}, 0x0) 386.907417ms ago: executing program 3 (id=866): ioctl$KVM_SET_MSRS(0xffffffffffffffff, 0xc008ae88, &(0x7f0000000000)=ANY=[@ANYBLOB="1e0000000026b4080f478ef8ed"]) r0 = openat$kvm(0xffffff9c, &(0x7f00000000c0), 0x800, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000080)={0x1, 0x1, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000200)={[0x2, 0x9, 0xfffffffffffffffd, 0x0, 0x2, 0x0, 0x4002004c4, 0x1004, 0x45c5, 0xc595, 0x7, 0x2, 0xffffffffffffffff, 0x2000000000000000, 0x80000004000000, 0xc], 0x8000000, 0x2010d3}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 300.116398ms ago: executing program 1 (id=867): r0 = syz_usb_connect$rtl8150(0x3, 0x3f, &(0x7f0000000000)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xbda, 0x8150, 0x0, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x2d}}]}}, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, 0x0) syz_usb_control_io$rtl8150(r0, 0x0, &(0x7f0000000800)={0x18, 0x0, 0x0, 0x0, 0x0, &(0x7f00000007c0)}) 231.798642ms ago: executing program 2 (id=868): r0 = socket$inet6_sctp(0xa, 0x1, 0x84) bind$inet6(r0, &(0x7f0000000280)={0xa, 0x4e23, 0x0, @loopback}, 0x1c) sendto$inet6(r0, &(0x7f00000002c0)="9e", 0x1, 0x41, &(0x7f0000000200)={0xa, 0x4e23, 0x10001, @loopback, 0xe}, 0x1c) socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = socket$netlink(0x10, 0x3, 0x0) writev(r1, &(0x7f00000003c0)=[{&(0x7f0000000380)="390000001300034700bb65e1c3e4ffff01000000010000005600000025000000190004000400000007fdd411efc40800040000000000000000", 0x39}], 0x1) sendto$inet6(r0, &(0x7f0000000700)="00120b", 0x3, 0x4090, 0x0, 0x0) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000340)=',', 0x34000}], 0x1) 88.014561ms ago: executing program 3 (id=869): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000001100)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)=ANY=[@ANYBLOB="380000002000010329bd700010000000020000040300000702"], 0x38}, 0x1, 0x0, 0x0, 0x240480c4}, 0x0) syz_emit_ethernet(0x36, &(0x7f0000000380)={@local, @broadcast, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x0, 0x0, 0x0, 0x6, 0x0, @private=0xa010100, @local}, {{0x0, 0x4e29, 0x41424344, 0x41424344, 0x0, 0x0, 0x5, 0x4, 0x1}}}}}}, 0x0) 6.774545ms ago: executing program 2 (id=870): r0 = syz_usb_connect(0x2, 0x24, &(0x7f0000000640)=ANY=[@ANYBLOB="12010000d972a440b72040155ab7010203010902120001000000000904800000ff"], 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000500)={0x34, &(0x7f0000000340)={0x0, 0x31, 0x1, 'w'}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f00000006c0)={0x44, &(0x7f0000000400)={0x20, 0x8, 0x1, "11"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000b40)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000b00)={0x40, 0x21, 0x1, 0x8}}) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000004c0)={0x1c, &(0x7f0000000200)={0x0, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0}) 0s ago: executing program 3 (id=871): read$watch_queue(0xffffffffffffffff, 0x0, 0x0) keyctl$revoke(0x3, 0x0) syz_emit_vhci(&(0x7f0000000780)=ANY=[@ANYBLOB="02c9200c"], 0x11) r0 = syz_open_dev$sg(0x0, 0x0, 0x0) ioctl$SCSI_IOCTL_SEND_COMMAND(r0, 0x1, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x4000000) openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, 0x0, 0x0) getsockname$packet(r1, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$PTP_SYS_OFFSET(0xffffffffffffffff, 0x43403d05, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, 0x0) sendmsg$nl_route_sched(r1, 0x0, 0x2008c014) poll(0x0, 0x0, 0x40) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) openat$kvm(0xffffffffffffff9c, 0x0, 0x22300, 0x0) kernel console output (not intermixed with test programs): tor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f870b58ebe9 code=0x7ffc0000 [ 169.766252][ C0] vkms_vblank_simulate: vblank timer overrun [ 169.879149][ T6899] ptm ptm2: ldisc open failed (-12), clearing slot 2 [ 170.097815][ T6916] netlink: 36 bytes leftover after parsing attributes in process `syz.4.244'. [ 170.300257][ T5955] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 170.400357][ T5891] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 170.475856][ T5955] usb 1-1: Using ep0 maxpacket: 32 [ 170.509982][ T5955] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.554867][ T5955] usb 1-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 170.583282][ T5955] usb 1-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 170.583523][ T5891] usb 2-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 170.600065][ T5955] usb 1-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 170.630368][ T6931] netlink: 104 bytes leftover after parsing attributes in process `syz.4.248'. [ 170.634127][ T5955] usb 1-1: Product: syz [ 170.650330][ T5955] usb 1-1: Manufacturer: syz [ 170.655285][ T5891] usb 2-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 170.685501][ T5891] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 170.708787][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.717151][ T5955] hub 1-1:4.0: USB hub found [ 170.739349][ T6921] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 170.782345][ T5891] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 170.996059][ T5955] hub 1-1:4.0: 2 ports detected [ 171.032443][ T6921] netlink: 'syz.1.246': attribute type 11 has an invalid length. [ 171.627583][ T6937] genirq: Flags mismatch irq 4. 00200000 (pcl812) vs. 00200080 (ttyS0) [ 171.848827][ T5891] usb 2-1: USB disconnect, device number 11 [ 172.771367][ T6917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 172.812307][ T6917] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 173.153809][ T6917] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 173.169969][ T6917] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 173.216462][ T24] hub 1-1:4.0: activate --> -90 [ 173.821966][ T43] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 173.842043][ T24] hub 1-1:4.0: hub_ext_port_status failed (err = -71) [ 173.855813][ T24] usb 1-1: Failed to suspend device, error -71 [ 173.862501][ T5899] usb 1-1: USB disconnect, device number 7 [ 174.133867][ T6962] overlayfs: missing 'lowerdir' [ 174.140544][ T43] usb 2-1: Using ep0 maxpacket: 8 [ 174.151325][ T43] usb 2-1: config 0 has an invalid interface number: 213 but max is 2 [ 174.176367][ T43] usb 2-1: config 0 has an invalid interface number: 222 but max is 2 [ 174.210953][ T43] usb 2-1: config 0 contains an unexpected descriptor of type 0x1, skipping [ 174.219696][ T43] usb 2-1: config 0 has an invalid interface number: 221 but max is 2 [ 174.259493][ T43] usb 2-1: config 0 has an invalid interface number: 182 but max is 2 [ 174.280415][ T43] usb 2-1: config 0 has an invalid interface number: 35 but max is 2 [ 174.289595][ T43] usb 2-1: config 0 contains an unexpected descriptor of type 0x2, skipping [ 174.311518][ T43] usb 2-1: config 0 has an invalid descriptor of length 225, skipping remainder of the config [ 174.342662][ T43] usb 2-1: config 0 has 5 interfaces, different from the descriptor's value: 3 [ 174.360534][ T43] usb 2-1: config 0 has no interface number 0 [ 174.366984][ T43] usb 2-1: config 0 has no interface number 1 [ 174.375507][ T43] usb 2-1: config 0 has no interface number 2 [ 174.393034][ T43] usb 2-1: config 0 has no interface number 3 [ 174.399155][ T43] usb 2-1: config 0 has no interface number 4 [ 174.420811][ T43] usb 2-1: config 0 interface 213 altsetting 4 endpoint 0x4 has invalid maxpacket 1023, setting to 64 [ 174.494204][ T43] usb 2-1: config 0 interface 213 altsetting 4 endpoint 0x9 has an invalid bInterval 247, changing to 11 [ 174.548722][ T6963] netlink: 20 bytes leftover after parsing attributes in process `syz.3.256'. [ 174.551752][ T43] usb 2-1: config 0 interface 213 altsetting 4 has 2 endpoint descriptors, different from the interface descriptor's value: 14 [ 174.571267][ T43] usb 2-1: too many endpoints for config 0 interface 222 altsetting 148: 182, using maximum allowed: 30 [ 174.584708][ T43] usb 2-1: config 0 interface 222 altsetting 148 has an endpoint descriptor with address 0x39, changing to 0x9 [ 174.702187][ T43] usb 2-1: config 0 interface 222 altsetting 148 has a duplicate endpoint with address 0x9, skipping [ 174.728764][ T30] kauditd_printk_skb: 59 callbacks suppressed [ 174.728780][ T30] audit: type=1326 audit(1755891147.677:212): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6974 comm="syz.0.260" exe="/root/syz-executor" sig=9 arch=c000003e syscall=231 compat=0 ip=0x7f52fb18ebe9 code=0x0 [ 174.787992][ T43] usb 2-1: config 0 interface 222 altsetting 148 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 174.837151][ T43] usb 2-1: config 0 interface 222 altsetting 148 has an invalid descriptor for endpoint zero, skipping [ 174.876624][ T43] usb 2-1: config 0 interface 222 altsetting 148 has an invalid descriptor for endpoint zero, skipping [ 174.906166][ T43] usb 2-1: config 0 interface 222 altsetting 148 has an invalid descriptor for endpoint zero, skipping [ 174.937491][ T43] usb 2-1: config 0 interface 222 altsetting 148 has a duplicate endpoint with address 0x9, skipping [ 174.987981][ T43] usb 2-1: config 0 interface 222 altsetting 148 has an invalid descriptor for endpoint zero, skipping [ 175.042133][ T43] usb 2-1: config 0 interface 222 altsetting 148 endpoint 0x1 has invalid maxpacket 1024, setting to 64 [ 175.083716][ T43] usb 2-1: config 0 interface 222 altsetting 148 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 175.128060][ T43] usb 2-1: config 0 interface 222 altsetting 148 has 12 endpoint descriptors, different from the interface descriptor's value: 182 [ 175.184613][ T43] usb 2-1: too many endpoints for config 0 interface 221 altsetting 240: 35, using maximum allowed: 30 [ 175.242960][ T43] usb 2-1: config 0 interface 221 altsetting 240 has 0 endpoint descriptors, different from the interface descriptor's value: 35 [ 175.343108][ T43] usb 2-1: config 0 interface 182 altsetting 2 has a duplicate endpoint with address 0x2, skipping [ 175.451639][ T6989] kernel read not supported for file /blkio.throttle.io_service_bytes_recursive (pid: 6989 comm: syz.3.262) [ 176.270182][ T30] audit: type=1800 audit(1755891148.417:213): pid=6989 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.3.262" name="blkio.throttle.io_service_bytes_recursive" dev="mqueue" ino=12078 res=0 errno=0 [ 176.310124][ T43] usb 2-1: config 0 interface 182 altsetting 2 endpoint 0x8 has invalid wMaxPacketSize 0 [ 176.334005][ T43] usb 2-1: config 0 interface 182 altsetting 2 has an invalid descriptor for endpoint zero, skipping [ 176.372066][ T43] usb 2-1: config 0 interface 182 altsetting 2 has a duplicate endpoint with address 0x8, skipping [ 176.414714][ T43] usb 2-1: config 0 interface 35 altsetting 3 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 176.451722][ T6988] net_ratelimit: 5 callbacks suppressed [ 176.451735][ T6988] sctp: failed to load transform for md5: -2 [ 176.490823][ T43] usb 2-1: config 0 interface 213 has no altsetting 0 [ 176.497651][ T43] usb 2-1: config 0 interface 222 has no altsetting 0 [ 176.529203][ T43] usb 2-1: config 0 interface 221 has no altsetting 0 [ 176.545217][ T43] usb 2-1: config 0 interface 182 has no altsetting 0 [ 176.566334][ T43] usb 2-1: config 0 interface 35 has no altsetting 0 [ 176.580687][ T43] usb 2-1: string descriptor 0 read error: -71 [ 176.587214][ T43] usb 2-1: New USB device found, idVendor=07c0, idProduct=1503, bcdDevice=fc.c8 [ 176.598586][ T43] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 176.608675][ T43] usb 2-1: config 0 descriptor?? [ 176.660072][ T43] usb 2-1: can't set config #0, error -71 [ 176.689544][ T43] usb 2-1: USB disconnect, device number 12 [ 176.870143][ T24] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 177.036930][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 177.055563][ T24] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 177.823197][ T24] usb 3-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 178.051153][ T24] usb 3-1: New USB device found, idVendor=0733, idProduct=0402, bcdDevice=ef.67 [ 178.068499][ T24] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 178.109576][ T24] usb 3-1: Product: syz [ 178.159404][ T24] usb 3-1: Manufacturer: syz [ 178.179048][ T24] usb 3-1: SerialNumber: syz [ 178.233546][ T24] usb 3-1: config 0 descriptor?? [ 178.248621][ T7014] sp0: Synchronizing with TNC [ 178.262040][ T24] gspca_main: spca501-2.14.0 probing 0733:0402 [ 178.648603][ T7019] overlayfs: missing 'lowerdir' [ 179.391530][ T24] gspca_spca501: reg write: error -110 [ 179.412692][ T24] spca501 3-1:0.0: Reg write failed for 0x00,0x02,0x03 [ 179.419680][ T24] spca501 3-1:0.0: probe with driver spca501 failed with error -22 [ 181.063498][ T5884] usb 3-1: USB disconnect, device number 6 [ 183.102913][ T7073] netlink: 12 bytes leftover after parsing attributes in process `syz.2.281'. [ 183.500970][ T7075] trusted_key: syz.3.283 sent an empty control message without MSG_MORE. [ 183.667636][ T30] audit: type=1804 audit(1755891156.617:214): pid=7078 uid=0 auid=4294967295 ses=4294967295 subj=_ op=invalid_pcr cause=open_writers comm="syz.4.282" name="/newroot/66/file0" dev="tmpfs" ino=372 res=1 errno=0 [ 183.683359][ T7078] netlink: 44 bytes leftover after parsing attributes in process `syz.4.282'. [ 184.490827][ T7087] (syz.3.286,7087,0):ocfs2_fill_super:989 ERROR: superblock probe failed! [ 184.499448][ T7087] (syz.3.286,7087,0):ocfs2_fill_super:1177 ERROR: status = -22 [ 184.741602][ T7093] netlink: 'syz.3.288': attribute type 1 has an invalid length. [ 184.790441][ T7092] overlayfs: missing 'lowerdir' [ 184.829083][ T7093] 8021q: adding VLAN 0 to HW filter on device bond1 [ 184.951247][ T7093] capability: warning: `syz.3.288' uses 32-bit capabilities (legacy support in use) [ 185.059835][ T7094] bond1: (slave veth3): Enslaving as an active interface with a down link [ 185.356695][ T7103] @: renamed from vlan0 (while UP) [ 185.459246][ T7113] netlink: 24 bytes leftover after parsing attributes in process `syz.1.291'. [ 185.798799][ T7121] netlink: 12 bytes leftover after parsing attributes in process `syz.3.294'. [ 186.040141][ T5955] usb 2-1: new low-speed USB device number 13 using dummy_hcd [ 186.253410][ T5955] usb 2-1: config index 0 descriptor too short (expected 1307, got 27) [ 186.264060][ T5955] usb 2-1: config 0 has an invalid interface number: 0 but max is -1 [ 186.277468][ T5955] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 0 [ 186.370492][ T5955] usb 2-1: too many endpoints for config 0 interface 0 altsetting 0: 246, using maximum allowed: 30 [ 186.430335][ T5955] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 186.442196][ T5955] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 246 [ 186.589603][ T5955] usb 2-1: string descriptor 0 read error: -22 [ 186.596358][ T5955] usb 2-1: New USB device found, idVendor=0460, idProduct=0008, bcdDevice=e2.de [ 186.605978][ T5955] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 186.647462][ T5955] usb 2-1: config 0 descriptor?? [ 186.868891][ T5955] hub 2-1:0.0: bad descriptor, ignoring hub [ 186.894346][ T5955] hub 2-1:0.0: probe with driver hub failed with error -5 [ 187.129653][ T7137] 8021q: VLANs not supported on lo [ 187.150259][ T30] audit: type=1326 audit(1755891160.087:215): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7133 comm="syz.4.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 187.230149][ T30] audit: type=1326 audit(1755891160.087:216): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7133 comm="syz.4.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 187.453014][ T7140] netlink: 104 bytes leftover after parsing attributes in process `syz.3.299'. [ 187.510389][ T30] audit: type=1326 audit(1755891160.087:217): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7133 comm="syz.4.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 187.510669][ T5955] usb 2-1: USB disconnect, device number 13 [ 187.790225][ T30] audit: type=1326 audit(1755891160.087:218): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7133 comm="syz.4.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 188.100510][ T30] audit: type=1326 audit(1755891160.087:219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7133 comm="syz.4.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 188.232933][ T30] audit: type=1326 audit(1755891160.087:220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7133 comm="syz.4.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fefb7b8d550 code=0x7ffc0000 [ 188.320280][ T30] audit: type=1326 audit(1755891160.087:221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7133 comm="syz.4.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 188.376246][ T30] audit: type=1326 audit(1755891160.087:222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7133 comm="syz.4.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 188.463874][ T30] audit: type=1326 audit(1755891160.087:223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7133 comm="syz.4.297" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 188.627738][ T7160] netlink: 24 bytes leftover after parsing attributes in process `syz.1.303'. [ 189.767883][ T7170] netlink: 12 bytes leftover after parsing attributes in process `syz.3.306'. [ 190.973232][ T7180] netlink: 36 bytes leftover after parsing attributes in process `syz.2.310'. [ 190.982325][ T5884] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 191.064450][ T7180] netlink: 16 bytes leftover after parsing attributes in process `syz.2.310'. [ 191.197936][ T7180] netlink: 36 bytes leftover after parsing attributes in process `syz.2.310'. [ 191.220971][ T5884] usb 4-1: Using ep0 maxpacket: 32 [ 191.266922][ T5884] usb 4-1: config index 0 descriptor too short (expected 35577, got 27) [ 191.338575][ T5884] usb 4-1: config 1 has too many interfaces: 92, using maximum allowed: 32 [ 191.338743][ T7180] netlink: 36 bytes leftover after parsing attributes in process `syz.2.310'. [ 191.389245][ T5884] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 92 [ 191.566476][ T5884] usb 4-1: config 1 has no interface number 0 [ 191.573267][ T5884] usb 4-1: config 1 interface 1 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 191.584480][ T5884] usb 4-1: config 1 interface 1 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 17 [ 191.597796][ T5884] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 192.311403][ T5884] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 192.371564][ T5884] snd_usb_pod 4-1:1.1: Line 6 Pocket POD found [ 192.581335][ T5884] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now attached [ 193.073938][ T5899] usb 4-1: USB disconnect, device number 6 [ 193.465102][ T5899] snd_usb_pod 4-1:1.1: Line 6 Pocket POD now disconnected [ 193.706574][ T7209] netlink: 12 bytes leftover after parsing attributes in process `syz.0.318'. [ 193.801439][ T5919] usb 3-1: new high-speed USB device number 7 using dummy_hcd [ 193.860287][ T5884] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 194.035181][ T5919] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 194.115449][ T5919] usb 3-1: config 0 interface 0 has no altsetting 0 [ 194.122431][ T5884] usb 5-1: unable to get BOS descriptor or descriptor too short [ 194.123874][ T5884] usb 5-1: config 3 has an invalid descriptor of length 0, skipping remainder of the config [ 194.174537][ T5884] usb 5-1: string descriptor 0 read error: -22 [ 194.183995][ T5884] usb 5-1: New USB device found, idVendor=0cf3, idProduct=1010, bcdDevice=26.db [ 194.203296][ T5919] usb 3-1: New USB device found, idVendor=10fd, idProduct=1513, bcdDevice=7e.ce [ 194.214010][ T5919] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.222354][ T5884] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 194.230049][ T5919] usb 3-1: Product: syz [ 194.234616][ T5919] usb 3-1: Manufacturer: syz [ 194.239223][ T5919] usb 3-1: SerialNumber: syz [ 194.363438][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 194.381500][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 194.420969][ T43] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 194.421545][ T5919] usb 3-1: config 0 descriptor?? [ 194.455500][ T5919] dvb-usb: found a 'MSI DIGI VOX mini II DVB-T USB2.0' in warm state. [ 194.815526][ T5919] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 194.857208][ T5919] dvbdev: DVB: registering new adapter (MSI DIGI VOX mini II DVB-T USB2.0) [ 194.871364][ T5884] usb 5-1: reset high-speed USB device number 9 using dummy_hcd [ 194.877915][ T5919] usb 3-1: media controller created [ 194.880981][ T43] usb 4-1: Using ep0 maxpacket: 32 [ 194.919351][ T43] usb 4-1: config 0 interface 0 altsetting 2 endpoint 0x82 has invalid wMaxPacketSize 0 [ 194.960154][ T43] usb 4-1: config 0 interface 0 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 0 [ 194.962091][ T5919] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 194.969915][ T43] usb 4-1: config 0 interface 0 has no altsetting 0 [ 194.975916][ T43] usb 4-1: New USB device found, idVendor=16d0, idProduct=10b8, bcdDevice=dc.8e [ 195.174484][ T43] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 195.316831][ T43] usb 4-1: Product: syz [ 195.325348][ T43] usb 4-1: Manufacturer: syz [ 195.361159][ T5884] usb 5-1: device descriptor read/64, error -71 [ 195.373957][ T43] usb 4-1: SerialNumber: syz [ 195.552328][ T43] usb 4-1: config 0 descriptor?? [ 195.696897][ T5919] DVB: Unable to find symbol tda10046_attach() [ 195.703656][ T5919] dvb-usb: no frontend was attached by 'MSI DIGI VOX mini II DVB-T USB2.0' [ 195.728608][ T5919] dvb-usb: MSI DIGI VOX mini II DVB-T USB2.0 successfully initialized and connected. [ 195.748732][ T7230] netlink: 76 bytes leftover after parsing attributes in process `syz.1.324'. [ 195.870314][ T5884] usb 5-1: reset high-speed USB device number 9 using dummy_hcd [ 195.951527][ T43] gs_usb 4-1:0.0: Couldn't get device config: (err=-71) [ 195.980803][ T43] gs_usb 4-1:0.0: probe with driver gs_usb failed with error -71 [ 196.013933][ T5919] dvb_usb_m920x 3-1:0.0: probe with driver dvb_usb_m920x failed with error -71 [ 196.038906][ T43] usb 4-1: USB disconnect, device number 7 [ 196.057577][ T5919] usb 3-1: USB disconnect, device number 7 [ 196.260153][ T5884] usb 5-1: device descriptor read/64, error -71 [ 196.470360][ T7251] netlink: 12 bytes leftover after parsing attributes in process `syz.1.330'. [ 196.560242][ T43] usb 4-1: new low-speed USB device number 8 using dummy_hcd [ 196.902261][ T43] usb 4-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 196.911734][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 196.924738][ T43] usb 4-1: config 0 descriptor?? [ 197.565670][ T5884] usb 5-1: USB disconnect, device number 9 [ 199.066085][ T43] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 199.109459][ T43] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write GPIO value 0x0080: ffffffb9 [ 199.771374][ T43] asix 4-1:0.0: probe with driver asix failed with error -71 [ 199.830540][ T43] usb 4-1: USB disconnect, device number 8 [ 201.827045][ T7274] Bluetooth: hci3: command 0x0406 tx timeout [ 201.833550][ T7274] Bluetooth: hci2: command 0x0406 tx timeout [ 201.839905][ T7274] Bluetooth: hci1: command 0x0406 tx timeout [ 201.846436][ T7274] Bluetooth: hci0: command 0x0406 tx timeout [ 201.855650][ T7274] Bluetooth: hci4: command 0x0406 tx timeout [ 206.210157][ T24] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 206.324298][ T7331] 8021q: VLANs not supported on lo [ 206.356200][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 206.356216][ T30] audit: type=1326 audit(1755891179.287:239): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 206.697926][ T30] audit: type=1326 audit(1755891179.287:240): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 208.074266][ T30] audit: type=1326 audit(1755891179.287:241): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 208.645206][ T30] audit: type=1326 audit(1755891179.287:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 208.860110][ T30] audit: type=1326 audit(1755891179.287:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 208.910085][ T30] audit: type=1326 audit(1755891179.287:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f300fb8d550 code=0x7ffc0000 [ 209.860082][ T30] audit: type=1326 audit(1755891179.287:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 210.002561][ T30] audit: type=1326 audit(1755891179.287:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 210.076869][ T30] audit: type=1326 audit(1755891179.287:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 211.250658][ T30] audit: type=1326 audit(1755891179.287:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7323 comm="syz.2.347" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 213.339370][ T7414] netlink: 104 bytes leftover after parsing attributes in process `syz.3.366'. [ 214.264727][ T5837] Bluetooth: hci1: unexpected event 0x14 length: 20 > 6 [ 215.359161][ T7432] syz.2.367: attempt to access beyond end of device [ 215.359161][ T7432] nbd2: rw=0, sector=6, nr_sectors = 2 limit=0 [ 215.379856][ T7432] ADFS-fs (nbd2): error: unable to read block 3, try 0 [ 215.690229][ T5899] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 215.870629][ T5899] usb 4-1: Using ep0 maxpacket: 16 [ 215.878750][ T5899] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 216.020276][ T5899] usb 4-1: can't read configurations, error -61 [ 216.113928][ T7444] netlink: 12 bytes leftover after parsing attributes in process `syz.1.373'. [ 216.501539][ T5899] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 217.027063][ T5899] usb 4-1: Using ep0 maxpacket: 16 [ 217.090305][ T5899] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 217.102574][ T5899] usb 4-1: can't read configurations, error -61 [ 217.143424][ T5899] usb usb4-port1: attempt power cycle [ 217.181556][ T7452] FAULT_INJECTION: forcing a failure. [ 217.181556][ T7452] name failslab, interval 1, probability 0, space 0, times 1 [ 217.207788][ T7452] CPU: 0 UID: 0 PID: 7452 Comm: syz.1.374 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 217.207815][ T7452] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 217.207833][ T7452] Call Trace: [ 217.207844][ T7452] [ 217.207852][ T7452] dump_stack_lvl+0x189/0x250 [ 217.207887][ T7452] ? __pfx____ratelimit+0x10/0x10 [ 217.207908][ T7452] ? __pfx_dump_stack_lvl+0x10/0x10 [ 217.207927][ T7452] ? __pfx__printk+0x10/0x10 [ 217.207955][ T7452] ? __pfx___might_resched+0x10/0x10 [ 217.207981][ T7452] should_fail_ex+0x414/0x560 [ 217.208006][ T7452] should_failslab+0xa8/0x100 [ 217.208029][ T7452] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 217.208049][ T7452] ? __alloc_skb+0x112/0x2d0 [ 217.208079][ T7452] __alloc_skb+0x112/0x2d0 [ 217.208108][ T7452] netlink_sendmsg+0x5c6/0xb30 [ 217.208144][ T7452] ? __pfx_netlink_sendmsg+0x10/0x10 [ 217.208177][ T7452] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 217.208196][ T7452] ? __pfx_netlink_sendmsg+0x10/0x10 [ 217.208222][ T7452] __sock_sendmsg+0x21c/0x270 [ 217.208248][ T7452] ____sys_sendmsg+0x52d/0x830 [ 217.208290][ T7452] ? __pfx_____sys_sendmsg+0x10/0x10 [ 217.208327][ T7452] ? import_iovec+0x74/0xa0 [ 217.208357][ T7452] ___sys_sendmsg+0x21f/0x2a0 [ 217.208389][ T7452] ? __pfx____sys_sendmsg+0x10/0x10 [ 217.208450][ T7452] ? __fget_files+0x2a/0x420 [ 217.208471][ T7452] ? __fget_files+0x3a0/0x420 [ 217.208502][ T7452] __sys_sendmmsg+0x227/0x430 [ 217.208535][ T7452] ? __pfx___sys_sendmmsg+0x10/0x10 [ 217.208560][ T7452] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 217.208611][ T7452] ? ksys_write+0x22a/0x250 [ 217.208631][ T7452] ? __pfx_ksys_write+0x10/0x10 [ 217.208646][ T7452] ? rcu_is_watching+0x15/0xb0 [ 217.208674][ T7452] __x64_sys_sendmmsg+0xa0/0xc0 [ 217.208704][ T7452] do_syscall_64+0xfa/0x3b0 [ 217.208723][ T7452] ? lockdep_hardirqs_on+0x9c/0x150 [ 217.208741][ T7452] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.208759][ T7452] ? clear_bhb_loop+0x60/0xb0 [ 217.208779][ T7452] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 217.208795][ T7452] RIP: 0033:0x7f4815b8ebe9 [ 217.208818][ T7452] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 217.208838][ T7452] RSP: 002b:00007f4816abb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 217.208865][ T7452] RAX: ffffffffffffffda RBX: 00007f4815db5fa0 RCX: 00007f4815b8ebe9 [ 217.208878][ T7452] RDX: 0000000004924b68 RSI: 0000200000000140 RDI: 0000000000000003 [ 217.208890][ T7452] RBP: 00007f4816abb090 R08: 0000000000000000 R09: 0000000000000000 [ 217.208902][ T7452] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 217.208913][ T7452] R13: 00007f4815db6038 R14: 00007f4815db5fa0 R15: 00007fffbf74e0e8 [ 217.208945][ T7452] [ 217.713818][ T7458] netlink: 104 bytes leftover after parsing attributes in process `syz.4.377'. [ 219.287213][ T7482] overlayfs: missing 'lowerdir' [ 219.288633][ T7484] loop2: detected capacity change from 0 to 231 [ 219.432454][ T7488] netlink: 12 bytes leftover after parsing attributes in process `syz.1.386'. [ 219.470886][ T5899] usb 4-1: new high-speed USB device number 12 using dummy_hcd [ 219.516849][ T7484] loop2: unable to read partition table [ 219.526493][ T7484] loop_reread_partitions: partition scan of loop2 (被x ) failed (rc=-5) [ 220.073742][ T7493] netlink: 24 bytes leftover after parsing attributes in process `syz.1.387'. [ 220.129330][ T5899] usb 4-1: New USB device found, idVendor=0d81, idProduct=1900, bcdDevice=eb.c6 [ 220.142178][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 220.176161][ T5899] usb 4-1: Product: syz [ 220.186718][ T5899] usb 4-1: Manufacturer: syz [ 220.191904][ T5899] usb 4-1: SerialNumber: syz [ 220.601536][ T5899] pwc: Visionite VCS-UC300 USB webcam detected. [ 220.837348][ T5899] pwc: Failed to set LED on/off time (-71) [ 220.853056][ T5899] pwc: send_video_command error -71 [ 220.872447][ T5899] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 221.049442][ T5899] Philips webcam 4-1:5.0: probe with driver Philips webcam failed with error -71 [ 221.101391][ T5899] usb 4-1: USB disconnect, device number 12 [ 221.179925][ T7502] overlayfs: failed to resolve './file0': -2 [ 226.070214][ T5899] usb 4-1: new full-speed USB device number 13 using dummy_hcd [ 226.073113][ T5952] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 226.200934][ T7545] FAULT_INJECTION: forcing a failure. [ 226.200934][ T7545] name fail_usercopy, interval 1, probability 0, space 0, times 1 [ 226.224459][ T7545] CPU: 1 UID: 0 PID: 7545 Comm: syz.2.402 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 226.224484][ T7545] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 226.224494][ T7545] Call Trace: [ 226.224502][ T7545] [ 226.224510][ T7545] dump_stack_lvl+0x189/0x250 [ 226.224536][ T7545] ? __pfx____ratelimit+0x10/0x10 [ 226.224555][ T7545] ? __pfx_dump_stack_lvl+0x10/0x10 [ 226.224576][ T7545] ? __pfx__printk+0x10/0x10 [ 226.224599][ T7545] ? __might_fault+0xb0/0x130 [ 226.224639][ T7545] should_fail_ex+0x414/0x560 [ 226.224664][ T7545] _copy_from_iter+0x1db/0x16f0 [ 226.224691][ T7545] ? rcu_is_watching+0x15/0xb0 [ 226.224709][ T7545] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 226.224733][ T7545] ? __pfx__copy_from_iter+0x10/0x10 [ 226.224757][ T7545] ? __build_skb_around+0x257/0x3e0 [ 226.224786][ T7545] ? netlink_sendmsg+0x642/0xb30 [ 226.224810][ T7545] ? skb_put+0x11b/0x210 [ 226.224841][ T7545] netlink_sendmsg+0x6b2/0xb30 [ 226.224878][ T7545] ? __pfx_netlink_sendmsg+0x10/0x10 [ 226.224913][ T7545] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 226.224931][ T7545] ? __pfx_netlink_sendmsg+0x10/0x10 [ 226.224959][ T7545] __sock_sendmsg+0x21c/0x270 [ 226.224985][ T7545] ____sys_sendmsg+0x52d/0x830 [ 226.225019][ T7545] ? __pfx_____sys_sendmsg+0x10/0x10 [ 226.225053][ T7545] ? import_iovec+0x74/0xa0 [ 226.225082][ T7545] ___sys_sendmsg+0x21f/0x2a0 [ 226.225111][ T7545] ? __pfx____sys_sendmsg+0x10/0x10 [ 226.225178][ T7545] ? __fget_files+0x2a/0x420 [ 226.225198][ T7545] ? __fget_files+0x3a0/0x420 [ 226.225231][ T7545] __sys_sendmmsg+0x227/0x430 [ 226.225266][ T7545] ? __pfx___sys_sendmmsg+0x10/0x10 [ 226.225292][ T7545] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 226.225343][ T7545] ? ksys_write+0x22a/0x250 [ 226.225364][ T7545] ? __pfx_ksys_write+0x10/0x10 [ 226.225379][ T7545] ? rcu_is_watching+0x15/0xb0 [ 226.225407][ T7545] __x64_sys_sendmmsg+0xa0/0xc0 [ 226.225438][ T7545] do_syscall_64+0xfa/0x3b0 [ 226.225458][ T7545] ? lockdep_hardirqs_on+0x9c/0x150 [ 226.225479][ T7545] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.225498][ T7545] ? clear_bhb_loop+0x60/0xb0 [ 226.225522][ T7545] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 226.225540][ T7545] RIP: 0033:0x7f300fb8ebe9 [ 226.225557][ T7545] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 226.225573][ T7545] RSP: 002b:00007f3010a95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 226.225594][ T7545] RAX: ffffffffffffffda RBX: 00007f300fdb5fa0 RCX: 00007f300fb8ebe9 [ 226.225616][ T7545] RDX: 0000000004924b68 RSI: 0000200000000140 RDI: 0000000000000003 [ 226.225629][ T7545] RBP: 00007f3010a95090 R08: 0000000000000000 R09: 0000000000000000 [ 226.225641][ T7545] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 226.225652][ T7545] R13: 00007f300fdb6038 R14: 00007f300fdb5fa0 R15: 00007ffc6cd7efc8 [ 226.225684][ T7545] [ 226.580312][ T5899] usb 4-1: config 0 has an invalid interface number: 197 but max is 0 [ 226.590335][ T5899] usb 4-1: config 0 has no interface number 0 [ 226.596485][ T5899] usb 4-1: config 0 interface 197 has no altsetting 0 [ 226.641736][ T7543] batman_adv: batadv0: adding TT local entry aa:aa:aa:aa:aa:2a to non-existent VLAN 1303 [ 226.669743][ T5899] usb 4-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=86.12 [ 226.705134][ T5952] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x4 has invalid maxpacket 245, setting to 64 [ 226.717340][ T5952] usb 2-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 226.726491][ T5952] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.737679][ T7551] openvswitch: netlink: Geneve opt len 126 is not a multiple of 4. [ 226.746585][ T5837] sysfs: cannot create duplicate filename '/devices/virtual/bluetooth/hci1/hci1:201' [ 226.747261][ T5952] usb 2-1: config 0 descriptor?? [ 226.760103][ T5837] CPU: 0 UID: 0 PID: 5837 Comm: kworker/u9:2 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 226.760129][ T5837] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 226.760141][ T5837] Workqueue: hci1 hci_rx_work [ 226.760165][ T5837] Call Trace: [ 226.760172][ T5837] [ 226.760180][ T5837] dump_stack_lvl+0x189/0x250 [ 226.760204][ T5837] ? kernfs_path_from_node+0x2c/0x260 [ 226.760229][ T5837] ? __pfx_dump_stack_lvl+0x10/0x10 [ 226.760250][ T5837] ? __pfx__printk+0x10/0x10 [ 226.760277][ T5837] ? kernfs_path_from_node+0x2c/0x260 [ 226.760297][ T5837] ? kernfs_path_from_node+0x2c/0x260 [ 226.760321][ T5837] ? kernfs_path_from_node+0x22c/0x260 [ 226.760342][ T5837] ? kernfs_path_from_node+0x2c/0x260 [ 226.760368][ T5837] sysfs_create_dir_ns+0x259/0x280 [ 226.760394][ T5837] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 226.760418][ T5837] ? do_raw_spin_unlock+0x122/0x240 [ 226.760448][ T5837] kobject_add_internal+0x59f/0xb40 [ 226.760482][ T5837] kobject_add+0x155/0x220 [ 226.760510][ T5837] ? __pfx_kobject_add+0x10/0x10 [ 226.760540][ T5837] ? _raw_spin_unlock+0x28/0x50 [ 226.760574][ T5837] ? get_device_parent+0x366/0x3a0 [ 226.760608][ T5837] device_add+0x408/0xb50 [ 226.760640][ T5837] hci_conn_add_sysfs+0xd5/0x1e0 [ 226.760674][ T5837] le_conn_complete_evt+0xc3a/0x1220 [ 226.760714][ T5837] ? __pfx_le_conn_complete_evt+0x10/0x10 [ 226.760740][ T5837] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 226.760760][ T5837] ? __asan_memcpy+0x40/0x70 [ 226.760787][ T5837] ? __pfx___mutex_lock+0x10/0x10 [ 226.760809][ T5837] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 226.760829][ T5837] ? skb_pull_data+0xfb/0x200 [ 226.760855][ T5837] hci_le_conn_complete_evt+0x187/0x450 [ 226.760887][ T5837] hci_event_packet+0x78c/0x1200 [ 226.760912][ T5837] ? __pfx_hci_le_meta_evt+0x10/0x10 [ 226.760938][ T5837] ? __pfx_hci_event_packet+0x10/0x10 [ 226.760960][ T5837] ? kcov_remote_start+0x4d3/0x7f0 [ 226.760987][ T5837] ? lockdep_hardirqs_on+0x90/0x150 [ 226.761010][ T5837] ? hci_send_to_monitor+0xe2/0x570 [ 226.761038][ T5837] hci_rx_work+0x46a/0xe80 [ 226.761068][ T5837] ? process_scheduled_works+0x9ef/0x17b0 [ 226.761091][ T5837] process_scheduled_works+0xade/0x17b0 [ 226.761143][ T5837] ? __pfx_process_scheduled_works+0x10/0x10 [ 226.761183][ T5837] worker_thread+0x8a0/0xda0 [ 226.761233][ T5837] kthread+0x70e/0x8a0 [ 226.761261][ T5837] ? __pfx_worker_thread+0x10/0x10 [ 226.761282][ T5837] ? __pfx_kthread+0x10/0x10 [ 226.761308][ T5837] ? _raw_spin_unlock_irq+0x23/0x50 [ 226.761325][ T5837] ? lockdep_hardirqs_on+0x9c/0x150 [ 226.761342][ T5837] ? __pfx_kthread+0x10/0x10 [ 226.761368][ T5837] ret_from_fork+0x3fc/0x770 [ 226.761390][ T5837] ? __pfx_ret_from_fork+0x10/0x10 [ 226.761416][ T5837] ? __switch_to_asm+0x39/0x70 [ 226.761437][ T5837] ? __switch_to_asm+0x33/0x70 [ 226.761458][ T5837] ? __pfx_kthread+0x10/0x10 [ 226.761483][ T5837] ret_from_fork_asm+0x1a/0x30 [ 226.761571][ T5837] [ 226.761600][ T5837] kobject: kobject_add_internal failed for hci1:201 with -EEXIST, don't try to register things with the same name in the same directory. [ 226.974241][ T5952] ath6kl: Failed to submit usb control message: -71 [ 226.979782][ T5837] Bluetooth: hci1: failed to register connection device [ 227.031490][ T5952] ath6kl: unable to send the bmi data to the device: -71 [ 227.037938][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 227.110097][ T5899] usb 4-1: Product: syz [ 227.118473][ T5899] usb 4-1: Manufacturer: syz [ 227.136173][ T5952] ath6kl: Unable to send get target info: -71 [ 227.152971][ T5899] usb 4-1: SerialNumber: syz [ 227.236600][ T5899] usb 4-1: config 0 descriptor?? [ 227.246577][ T5899] usb 4-1: can't set config #0, error -71 [ 227.264076][ T5952] ath6kl: Failed to init ath6kl core: -71 [ 227.280423][ T5899] usb 4-1: USB disconnect, device number 13 [ 227.376644][ T5952] ath6kl_usb 2-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 227.735553][ T5952] usb 2-1: USB disconnect, device number 14 [ 227.890593][ T7561] process 'syz.1.405' launched './file0' with NULL argv: empty string added [ 227.969082][ T30] kauditd_printk_skb: 12 callbacks suppressed [ 227.969099][ T30] audit: type=1326 audit(1755891200.917:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7562 comm="syz.2.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 228.047186][ T30] audit: type=1326 audit(1755891200.917:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7562 comm="syz.2.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=319 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 228.085873][ T30] audit: type=1326 audit(1755891200.917:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7562 comm="syz.2.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 228.114613][ T30] audit: type=1326 audit(1755891200.917:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7562 comm="syz.2.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=77 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 228.160982][ T30] audit: type=1326 audit(1755891200.917:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7562 comm="syz.2.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 228.297434][ T30] audit: type=1326 audit(1755891200.917:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7562 comm="syz.2.406" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 228.420200][ T5952] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 228.680333][ T5952] usb 4-1: Using ep0 maxpacket: 16 [ 229.001352][ T5952] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 11 [ 229.010466][ T5952] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0xB has invalid wMaxPacketSize 0 [ 229.026908][ T5952] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0xB has invalid maxpacket 0 [ 229.049407][ T7575] 8021q: VLANs not supported on lo [ 229.292098][ T5952] usb 4-1: config 1 interface 0 altsetting 3 endpoint 0x8A has invalid wMaxPacketSize 0 [ 229.309799][ T30] audit: type=1326 audit(1755891202.007:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7569 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 229.340309][ T5952] usb 4-1: config 1 interface 0 altsetting 3 bulk endpoint 0x8A has invalid maxpacket 0 [ 229.364171][ T5952] usb 4-1: config 1 interface 0 has no altsetting 0 [ 229.376975][ T30] audit: type=1326 audit(1755891202.007:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7569 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 229.399687][ T5952] usb 4-1: New USB device found, idVendor=04e6, idProduct=0003, bcdDevice= 1.77 [ 229.412884][ T5952] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 229.453161][ T30] audit: type=1326 audit(1755891202.007:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7569 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 229.500149][ T5952] ums-sddr09 4-1:1.0: USB Mass Storage device detected [ 229.562151][ T30] audit: type=1326 audit(1755891202.007:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7569 comm="syz.4.409" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 229.632414][ T7586] netlink: 12 bytes leftover after parsing attributes in process `syz.1.412'. [ 230.077589][ T7565] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 230.100662][ T7589] FAULT_INJECTION: forcing a failure. [ 230.100662][ T7589] name failslab, interval 1, probability 0, space 0, times 0 [ 230.142196][ T7565] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 230.150675][ T7589] CPU: 1 UID: 0 PID: 7589 Comm: syz.0.413 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 230.150699][ T7589] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 230.150711][ T7589] Call Trace: [ 230.150718][ T7589] [ 230.150725][ T7589] dump_stack_lvl+0x189/0x250 [ 230.150751][ T7589] ? __pfx____ratelimit+0x10/0x10 [ 230.150771][ T7589] ? __pfx_dump_stack_lvl+0x10/0x10 [ 230.150795][ T7589] ? __pfx__printk+0x10/0x10 [ 230.150825][ T7589] ? ref_tracker_alloc+0x318/0x460 [ 230.150847][ T7589] should_fail_ex+0x414/0x560 [ 230.150870][ T7589] should_failslab+0xa8/0x100 [ 230.150890][ T7589] kmem_cache_alloc_noprof+0x73/0x3c0 [ 230.150906][ T7589] ? skb_clone+0x212/0x3a0 [ 230.150928][ T7589] skb_clone+0x212/0x3a0 [ 230.150948][ T7589] __netlink_deliver_tap+0x404/0x850 [ 230.150985][ T7589] ? netlink_deliver_tap+0x2e/0x1b0 [ 230.151011][ T7589] netlink_deliver_tap+0x19c/0x1b0 [ 230.151037][ T7589] netlink_unicast+0x730/0x8e0 [ 230.151072][ T7589] netlink_sendmsg+0x805/0xb30 [ 230.151107][ T7589] ? __pfx_netlink_sendmsg+0x10/0x10 [ 230.151140][ T7589] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 230.151157][ T7589] ? __pfx_netlink_sendmsg+0x10/0x10 [ 230.151184][ T7589] __sock_sendmsg+0x21c/0x270 [ 230.151208][ T7589] ____sys_sendmsg+0x52d/0x830 [ 230.151242][ T7589] ? __pfx_____sys_sendmsg+0x10/0x10 [ 230.151275][ T7589] ? import_iovec+0x74/0xa0 [ 230.151297][ T7589] ___sys_sendmsg+0x21f/0x2a0 [ 230.151315][ T7589] ? __pfx____sys_sendmsg+0x10/0x10 [ 230.151351][ T7589] ? __fget_files+0x2a/0x420 [ 230.151362][ T7589] ? __fget_files+0x3a0/0x420 [ 230.151379][ T7589] __sys_sendmmsg+0x227/0x430 [ 230.151398][ T7589] ? __pfx___sys_sendmmsg+0x10/0x10 [ 230.151412][ T7589] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 230.151438][ T7589] ? ksys_write+0x22a/0x250 [ 230.151449][ T7589] ? __pfx_ksys_write+0x10/0x10 [ 230.151457][ T7589] ? rcu_is_watching+0x15/0xb0 [ 230.151472][ T7589] __x64_sys_sendmmsg+0xa0/0xc0 [ 230.151489][ T7589] do_syscall_64+0xfa/0x3b0 [ 230.151500][ T7589] ? lockdep_hardirqs_on+0x9c/0x150 [ 230.151510][ T7589] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.151520][ T7589] ? clear_bhb_loop+0x60/0xb0 [ 230.151539][ T7589] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 230.151549][ T7589] RIP: 0033:0x7f52fb18ebe9 [ 230.151559][ T7589] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 230.151567][ T7589] RSP: 002b:00007f52fbff2038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 230.151579][ T7589] RAX: ffffffffffffffda RBX: 00007f52fb3b5fa0 RCX: 00007f52fb18ebe9 [ 230.151586][ T7589] RDX: 0000000004924b68 RSI: 0000200000000140 RDI: 0000000000000003 [ 230.151592][ T7589] RBP: 00007f52fbff2090 R08: 0000000000000000 R09: 0000000000000000 [ 230.151599][ T7589] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 230.151604][ T7589] R13: 00007f52fb3b6038 R14: 00007f52fb3b5fa0 R15: 00007ffe8a8b23a8 [ 230.151620][ T7589] [ 230.450019][ C1] vkms_vblank_simulate: vblank timer overrun [ 231.405755][ T5952] scsi host1: usb-storage 4-1:1.0 [ 231.686121][ T5952] usb 4-1: USB disconnect, device number 14 [ 231.710232][ T7593] usb usb7: usbfs: process 7593 (syz.1.415) did not claim interface 0 before use [ 232.658652][ T7618] bpq0: entered allmulticast mode [ 233.293934][ T5844] Bluetooth: hci1: command 0x0406 tx timeout [ 235.402759][ T7638] overlayfs: missing 'lowerdir' [ 236.541553][ T7644] netlink: 104 bytes leftover after parsing attributes in process `syz.0.427'. [ 238.962392][ T7674] Illegal XDP return value 2706670308 on prog (id 160) dev N/A, expect packet loss! [ 239.103330][ T5919] usb 5-1: new high-speed USB device number 11 using dummy_hcd [ 239.480826][ T5919] usb 5-1: device descriptor read/64, error -71 [ 239.959352][ T5919] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 240.113338][ T5919] usb 5-1: device descriptor read/64, error -71 [ 240.134889][ T7686] syzkaller0: entered promiscuous mode [ 240.140992][ T7686] syzkaller0: entered allmulticast mode [ 240.251546][ T5919] usb usb5-port1: attempt power cycle [ 240.289767][ T7686] af_packet: tpacket_rcv: packet too big, clamped from 5384 to 3952. macoff=96 [ 240.443747][ T7686] tipc: Enabled bearer , priority 0 [ 240.451712][ T5891] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 240.515034][ T7685] tipc: Resetting bearer [ 240.802210][ T5919] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 240.834336][ T5891] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 240.844265][ T5919] usb 5-1: device descriptor read/8, error -71 [ 240.856523][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 240.918957][ T5891] usb 4-1: config 0 descriptor?? [ 241.120206][ T5919] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 241.165252][ T5919] usb 5-1: device descriptor read/8, error -71 [ 241.288902][ T5919] usb usb5-port1: unable to enumerate USB device [ 241.370133][ T5952] usb 2-1: new high-speed USB device number 15 using dummy_hcd [ 241.485658][ T24] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 241.530168][ T5952] usb 2-1: Using ep0 maxpacket: 16 [ 241.549293][ T5952] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 241.551926][ T5891] ath6kl: mismatched byte count 0 vs. expected 12 [ 241.564567][ T5952] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 241.586415][ T5952] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 241.643851][ T5952] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 241.657018][ T5952] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.677555][ T24] usb 1-1: Using ep0 maxpacket: 32 [ 241.687231][ T5952] usb 2-1: Product: syz [ 241.705425][ T5952] usb 2-1: Manufacturer: syz [ 241.715086][ T24] usb 1-1: config 0 has an invalid interface number: 67 but max is 0 [ 241.724146][ T5952] usb 2-1: SerialNumber: syz [ 241.738949][ T24] usb 1-1: config 0 has no interface number 0 [ 241.820277][ T5891] ath6kl: Failed to init ath6kl core: -22 [ 241.823056][ T24] usb 1-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 241.826511][ T5891] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -22 [ 241.853581][ T24] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 241.864544][ T24] usb 1-1: Product: syz [ 241.881861][ T24] usb 1-1: Manufacturer: syz [ 241.943934][ T24] usb 1-1: SerialNumber: syz [ 242.344216][ T5891] usb 4-1: USB disconnect, device number 15 [ 242.382817][ T24] usb 1-1: config 0 descriptor?? [ 242.419424][ T24] smsc95xx v2.0.0 [ 242.496725][ T5952] usb 2-1: USB disconnect, device number 15 [ 242.634034][ T7536] udevd[7536]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 243.847385][ T7746] netlink: 8 bytes leftover after parsing attributes in process `syz.1.449'. [ 244.177617][ T30] kauditd_printk_skb: 20 callbacks suppressed [ 244.268099][ T30] audit: type=1326 audit(1755891216.867:291): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7740 comm="syz.4.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 244.300507][ T30] audit: type=1326 audit(1755891216.867:292): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7740 comm="syz.4.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 244.322207][ T24] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000030: -71 [ 244.334163][ T24] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Error writing E2P_CMD [ 244.344489][ T24] smsc95xx 1-1:0.67 (unnamed net_device) (uninitialized): Failed to write reg index 0x00000014: -71 [ 244.368182][ T24] smsc95xx 1-1:0.67: probe with driver smsc95xx failed with error -71 [ 244.384912][ T24] usb 1-1: USB disconnect, device number 8 [ 244.399705][ T30] audit: type=1326 audit(1755891216.867:293): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7740 comm="syz.4.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 244.616430][ T30] audit: type=1326 audit(1755891216.867:294): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7740 comm="syz.4.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 244.640018][ T30] audit: type=1326 audit(1755891216.867:295): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7740 comm="syz.4.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 244.726549][ T30] audit: type=1326 audit(1755891216.867:296): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7740 comm="syz.4.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 245.040207][ T30] audit: type=1326 audit(1755891216.867:297): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7740 comm="syz.4.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 245.143158][ T30] audit: type=1326 audit(1755891216.867:298): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7740 comm="syz.4.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 245.235535][ T30] audit: type=1326 audit(1755891216.867:299): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7740 comm="syz.4.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7fefb7b8d550 code=0x7ffc0000 [ 245.305715][ T30] audit: type=1326 audit(1755891216.867:300): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7740 comm="syz.4.447" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fefb7b8ebe9 code=0x7ffc0000 [ 246.401705][ T7685] tipc: Disabling bearer [ 246.425379][ T7745] 8021q: VLANs not supported on lo [ 246.697061][ T7769] FAULT_INJECTION: forcing a failure. [ 246.697061][ T7769] name failslab, interval 1, probability 0, space 0, times 0 [ 246.711270][ T7769] CPU: 0 UID: 0 PID: 7769 Comm: syz.1.452 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 246.711295][ T7769] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 246.711307][ T7769] Call Trace: [ 246.711322][ T7769] [ 246.711331][ T7769] dump_stack_lvl+0x189/0x250 [ 246.711359][ T7769] ? __pfx____ratelimit+0x10/0x10 [ 246.711380][ T7769] ? __pfx_dump_stack_lvl+0x10/0x10 [ 246.711402][ T7769] ? __pfx__printk+0x10/0x10 [ 246.711430][ T7769] ? __pfx___might_resched+0x10/0x10 [ 246.711451][ T7769] ? fs_reclaim_acquire+0x7d/0x100 [ 246.711480][ T7769] should_fail_ex+0x414/0x560 [ 246.711506][ T7769] should_failslab+0xa8/0x100 [ 246.711529][ T7769] __kmalloc_noprof+0xcb/0x4f0 [ 246.711547][ T7769] ? tomoyo_encode+0x28b/0x550 [ 246.711576][ T7769] tomoyo_encode+0x28b/0x550 [ 246.711607][ T7769] tomoyo_realpath_from_path+0x58d/0x5d0 [ 246.711644][ T7769] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 246.711665][ T7769] tomoyo_path_number_perm+0x1e8/0x5a0 [ 246.711688][ T7769] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 246.711718][ T7769] ? rcu_is_watching+0x15/0xb0 [ 246.711746][ T7769] ? __lock_acquire+0xab9/0xd20 [ 246.711787][ T7769] ? __fget_files+0x2a/0x420 [ 246.711812][ T7769] ? __fget_files+0x2a/0x420 [ 246.711831][ T7769] ? __fget_files+0x3a0/0x420 [ 246.711851][ T7769] ? __fget_files+0x2a/0x420 [ 246.711877][ T7769] security_file_ioctl+0xcb/0x2d0 [ 246.711902][ T7769] __se_sys_ioctl+0x47/0x170 [ 246.711932][ T7769] do_syscall_64+0xfa/0x3b0 [ 246.711955][ T7769] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.711973][ T7769] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 246.711989][ T7769] ? clear_bhb_loop+0x60/0xb0 [ 246.712012][ T7769] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 246.712031][ T7769] RIP: 0033:0x7f4815b8ebe9 [ 246.712048][ T7769] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 246.712065][ T7769] RSP: 002b:00007f4816a9a038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 246.712084][ T7769] RAX: ffffffffffffffda RBX: 00007f4815db6090 RCX: 00007f4815b8ebe9 [ 246.712099][ T7769] RDX: 0000200000003f00 RSI: 00000000c0145401 RDI: 000000000000000a [ 246.712111][ T7769] RBP: 00007f4816a9a090 R08: 0000000000000000 R09: 0000000000000000 [ 246.712123][ T7769] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 246.712135][ T7769] R13: 00007f4815db6128 R14: 00007f4815db6090 R15: 00007fffbf74e0e8 [ 246.712167][ T7769] [ 246.712283][ T7769] ERROR: Out of memory at tomoyo_realpath_from_path. [ 248.570271][ T5919] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 249.806195][ T5919] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 249.836784][ T5919] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 249.958816][ T5919] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 250.060529][ T5919] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.40 [ 250.080431][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 250.100032][ T5919] usb 5-1: Product: syz [ 250.120382][ T5919] usb 5-1: Manufacturer: syz [ 250.125038][ T5919] usb 5-1: SerialNumber: syz [ 250.171230][ T5919] hub 5-1:1.0: bad descriptor, ignoring hub [ 250.190499][ T5919] hub 5-1:1.0: probe with driver hub failed with error -5 [ 250.811662][ T5919] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 15 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 253.335623][ T7830] syzkaller0: entered promiscuous mode [ 253.350450][ T5891] usb 5-1: USB disconnect, device number 15 [ 253.378868][ T5952] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 253.387864][ T5891] usblp0: removed [ 253.427637][ T7830] syzkaller0: entered allmulticast mode [ 254.238750][ T5952] usb 3-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 254.267543][ T7843] FAULT_INJECTION: forcing a failure. [ 254.267543][ T7843] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 254.281844][ T7843] CPU: 1 UID: 0 PID: 7843 Comm: syz.3.470 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 254.281870][ T7843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 254.281882][ T7843] Call Trace: [ 254.281890][ T7843] [ 254.281898][ T7843] dump_stack_lvl+0x189/0x250 [ 254.281925][ T7843] ? __pfx____ratelimit+0x10/0x10 [ 254.281946][ T7843] ? __pfx_dump_stack_lvl+0x10/0x10 [ 254.281967][ T7843] ? __pfx__printk+0x10/0x10 [ 254.281992][ T7843] ? __might_fault+0xb0/0x130 [ 254.282024][ T7843] should_fail_ex+0x414/0x560 [ 254.282050][ T7843] _copy_from_user+0x2d/0xb0 [ 254.282077][ T7843] __snd_timer_user_ioctl+0x158/0x3ff0 [ 254.282101][ T7843] ? lockdep_hardirqs_on+0x9c/0x150 [ 254.282127][ T7843] ? register_lock_class+0x51/0x320 [ 254.282160][ T7843] ? __pfx___snd_timer_user_ioctl+0x10/0x10 [ 254.282184][ T7843] ? __lock_acquire+0xab9/0xd20 [ 254.282210][ T7843] ? __mutex_trylock_common+0x153/0x260 [ 254.282238][ T7843] ? __pfx___mutex_trylock_common+0x10/0x10 [ 254.282266][ T7843] ? rcu_is_watching+0x15/0xb0 [ 254.282288][ T7843] ? trace_contention_end+0x39/0x120 [ 254.282312][ T7843] ? __mutex_lock+0x330/0xe80 [ 254.282334][ T7843] ? smk_tskacc+0x2fc/0x370 [ 254.282367][ T7843] ? snd_timer_user_ioctl+0x4b/0x80 [ 254.282393][ T7843] ? __pfx___mutex_lock+0x10/0x10 [ 254.282426][ T7843] ? __fget_files+0x2a/0x420 [ 254.282447][ T7843] ? __fget_files+0x3a0/0x420 [ 254.282467][ T7843] ? __fget_files+0x2a/0x420 [ 254.282490][ T7843] ? __pfx_snd_timer_user_ioctl+0x10/0x10 [ 254.282513][ T7843] snd_timer_user_ioctl+0x5a/0x80 [ 254.282537][ T7843] __se_sys_ioctl+0xfc/0x170 [ 254.282568][ T7843] do_syscall_64+0xfa/0x3b0 [ 254.282590][ T7843] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.282608][ T7843] ? asm_sysvec_call_function_single+0x1a/0x20 [ 254.282627][ T7843] ? clear_bhb_loop+0x60/0xb0 [ 254.282651][ T7843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 254.282670][ T7843] RIP: 0033:0x7f870b58ebe9 [ 254.282686][ T7843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 254.282702][ T7843] RSP: 002b:00007f870c433038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 254.282720][ T7843] RAX: ffffffffffffffda RBX: 00007f870b7b6090 RCX: 00007f870b58ebe9 [ 254.282734][ T7843] RDX: 0000200000003f00 RSI: 00000000c0145401 RDI: 000000000000000a [ 254.282745][ T7843] RBP: 00007f870c433090 R08: 0000000000000000 R09: 0000000000000000 [ 254.282757][ T7843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 254.282767][ T7843] R13: 00007f870b7b6128 R14: 00007f870b7b6090 R15: 00007ffebf7ff0a8 [ 254.282804][ T7843] [ 254.661061][ T7837] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 254.699559][ T5952] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 254.709748][ T5952] usb 3-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 254.718789][ T5952] usb 3-1: config 1 has no interface number 1 [ 254.724999][ T5952] usb 3-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 254.824908][ T5952] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 254.834804][ T5952] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 254.842891][ T5952] usb 3-1: Product: syz [ 254.847067][ T5952] usb 3-1: Manufacturer: syz [ 254.851723][ T5952] usb 3-1: SerialNumber: syz [ 255.109684][ T5952] usb 3-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0 [ 255.130061][ T5952] usb 3-1: MIDIStreaming interface descriptor not found [ 255.283081][ T7848] syzkaller0: mtu less than device minimum [ 255.751924][ T5952] usb 3-1: USB disconnect, device number 8 [ 255.770449][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 255.777291][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 255.783830][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 256.073971][ T7861] sp0: Synchronizing with TNC [ 257.683975][ T7541] udevd[7541]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 257.919293][ T7870] FAULT_INJECTION: forcing a failure. [ 257.919293][ T7870] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 257.966879][ T7870] CPU: 1 UID: 0 PID: 7870 Comm: syz.1.479 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 257.966907][ T7870] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 257.966920][ T7870] Call Trace: [ 257.966927][ T7870] [ 257.966935][ T7870] dump_stack_lvl+0x189/0x250 [ 257.966963][ T7870] ? __pfx____ratelimit+0x10/0x10 [ 257.966984][ T7870] ? __pfx_dump_stack_lvl+0x10/0x10 [ 257.967004][ T7870] ? __pfx__printk+0x10/0x10 [ 257.967027][ T7870] ? __might_fault+0xb0/0x130 [ 257.967056][ T7870] should_fail_ex+0x414/0x560 [ 257.967082][ T7870] _copy_from_user+0x2d/0xb0 [ 257.967110][ T7870] do_sock_getsockopt+0x17d/0x450 [ 257.967143][ T7870] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 257.967171][ T7870] ? do_syscall_64+0x20/0x3b0 [ 257.967191][ T7870] ? __fget_files+0x3a0/0x420 [ 257.967211][ T7870] ? __fget_files+0x2a/0x420 [ 257.967237][ T7870] __x64_sys_getsockopt+0x1a5/0x250 [ 257.967271][ T7870] ? do_syscall_64+0x20/0x3b0 [ 257.967293][ T7870] ? do_syscall_64+0x20/0x3b0 [ 257.967318][ T7870] do_syscall_64+0xfa/0x3b0 [ 257.967343][ T7870] ? lockdep_hardirqs_on+0x9c/0x150 [ 257.967367][ T7870] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.967384][ T7870] ? clear_bhb_loop+0x60/0xb0 [ 257.967406][ T7870] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 257.967424][ T7870] RIP: 0033:0x7f4815b8ebe9 [ 257.967439][ T7870] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 257.967456][ T7870] RSP: 002b:00007f4816abb038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 257.967477][ T7870] RAX: ffffffffffffffda RBX: 00007f4815db5fa0 RCX: 00007f4815b8ebe9 [ 257.967491][ T7870] RDX: 000000000000001c RSI: 0000000000000001 RDI: 0000000000000003 [ 257.967500][ T7870] RBP: 00007f4816abb090 R08: 00002000000006c0 R09: 0000000000000000 [ 257.967512][ T7870] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 257.967524][ T7870] R13: 00007f4815db6038 R14: 00007f4815db5fa0 R15: 00007fffbf74e0e8 [ 257.967554][ T7870] [ 258.455017][ T7887] FAULT_INJECTION: forcing a failure. [ 258.455017][ T7887] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 258.590260][ T7887] CPU: 1 UID: 0 PID: 7887 Comm: syz.4.484 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 258.590288][ T7887] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 258.590301][ T7887] Call Trace: [ 258.590310][ T7887] [ 258.590319][ T7887] dump_stack_lvl+0x189/0x250 [ 258.590345][ T7887] ? __pfx____ratelimit+0x10/0x10 [ 258.590366][ T7887] ? __pfx_dump_stack_lvl+0x10/0x10 [ 258.590388][ T7887] ? __pfx__printk+0x10/0x10 [ 258.590413][ T7887] ? __might_fault+0xb0/0x130 [ 258.590444][ T7887] should_fail_ex+0x414/0x560 [ 258.590475][ T7887] _copy_from_user+0x2d/0xb0 [ 258.590503][ T7887] ___sys_sendmsg+0x158/0x2a0 [ 258.590536][ T7887] ? __pfx____sys_sendmsg+0x10/0x10 [ 258.590612][ T7887] ? __might_fault+0xb0/0x130 [ 258.590634][ T7887] __sys_sendmmsg+0x227/0x430 [ 258.590665][ T7887] ? __pfx___sys_sendmmsg+0x10/0x10 [ 258.590691][ T7887] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 258.590741][ T7887] ? ksys_write+0x22a/0x250 [ 258.590762][ T7887] ? __pfx_ksys_write+0x10/0x10 [ 258.590777][ T7887] ? rcu_is_watching+0x15/0xb0 [ 258.590805][ T7887] __x64_sys_sendmmsg+0xa0/0xc0 [ 258.590836][ T7887] do_syscall_64+0xfa/0x3b0 [ 258.590857][ T7887] ? lockdep_hardirqs_on+0x9c/0x150 [ 258.590876][ T7887] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.590895][ T7887] ? clear_bhb_loop+0x60/0xb0 [ 258.590918][ T7887] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 258.590937][ T7887] RIP: 0033:0x7fefb7b8ebe9 [ 258.590953][ T7887] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 258.590971][ T7887] RSP: 002b:00007fefb8984038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 258.590991][ T7887] RAX: ffffffffffffffda RBX: 00007fefb7db5fa0 RCX: 00007fefb7b8ebe9 [ 258.591005][ T7887] RDX: 0000000004924b68 RSI: 0000200000000140 RDI: 0000000000000003 [ 258.591019][ T7887] RBP: 00007fefb8984090 R08: 0000000000000000 R09: 0000000000000000 [ 258.591031][ T7887] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 258.591042][ T7887] R13: 00007fefb7db6038 R14: 00007fefb7db5fa0 R15: 00007fff483d40e8 [ 258.591074][ T7887] [ 259.264314][ T7889] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 259.367145][ T5884] usb 2-1: new high-speed USB device number 16 using dummy_hcd [ 259.840023][ T5884] usb 2-1: Using ep0 maxpacket: 8 [ 260.877553][ T5884] usb 2-1: device descriptor read/all, error -71 [ 261.150345][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 263.450188][ T5884] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 264.073878][ T7937] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 264.413151][ T5884] usb 2-1: config 0 has no interfaces? [ 264.467151][ T5884] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 264.689118][ T5884] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 264.762458][ T7947] FAULT_INJECTION: forcing a failure. [ 264.762458][ T7947] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 264.809276][ T5884] usb 2-1: config 0 descriptor?? [ 264.836127][ T7947] CPU: 0 UID: 0 PID: 7947 Comm: syz.2.499 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 264.836156][ T7947] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 264.836168][ T7947] Call Trace: [ 264.836176][ T7947] [ 264.836185][ T7947] dump_stack_lvl+0x189/0x250 [ 264.836211][ T7947] ? __pfx____ratelimit+0x10/0x10 [ 264.836232][ T7947] ? __pfx_dump_stack_lvl+0x10/0x10 [ 264.836255][ T7947] ? __pfx__printk+0x10/0x10 [ 264.836279][ T7947] ? __might_fault+0xb0/0x130 [ 264.836311][ T7947] should_fail_ex+0x414/0x560 [ 264.836337][ T7947] _copy_from_user+0x2d/0xb0 [ 264.836365][ T7947] sk_getsockopt+0x197/0x2530 [ 264.836397][ T7947] ? __pfx_sk_getsockopt+0x10/0x10 [ 264.836421][ T7947] ? do_syscall_64+0x20/0x3b0 [ 264.836452][ T7947] ? __lock_acquire+0xab9/0xd20 [ 264.836481][ T7947] ? __might_fault+0xb0/0x130 [ 264.836521][ T7947] do_sock_getsockopt+0x237/0x450 [ 264.836549][ T7947] ? do_syscall_64+0x20/0x3b0 [ 264.836574][ T7947] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 264.836598][ T7947] ? do_syscall_64+0x20/0x3b0 [ 264.836618][ T7947] ? __fget_files+0x3a0/0x420 [ 264.836636][ T7947] ? __fget_files+0x2a/0x420 [ 264.836664][ T7947] __x64_sys_getsockopt+0x1a5/0x250 [ 264.836690][ T7947] ? do_syscall_64+0x20/0x3b0 [ 264.836711][ T7947] ? do_syscall_64+0x20/0x3b0 [ 264.836736][ T7947] do_syscall_64+0xfa/0x3b0 [ 264.836765][ T7947] ? lockdep_hardirqs_on+0x9c/0x150 [ 264.836786][ T7947] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.836806][ T7947] ? clear_bhb_loop+0x60/0xb0 [ 264.836830][ T7947] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 264.836848][ T7947] RIP: 0033:0x7f300fb8ebe9 [ 264.836865][ T7947] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 264.836883][ T7947] RSP: 002b:00007f3010a95038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 264.836904][ T7947] RAX: ffffffffffffffda RBX: 00007f300fdb5fa0 RCX: 00007f300fb8ebe9 [ 264.836919][ T7947] RDX: 000000000000001c RSI: 0000000000000001 RDI: 0000000000000003 [ 264.836930][ T7947] RBP: 00007f3010a95090 R08: 00002000000006c0 R09: 0000000000000000 [ 264.836944][ T7947] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 264.836955][ T7947] R13: 00007f300fdb6038 R14: 00007f300fdb5fa0 R15: 00007ffc6cd7efc8 [ 264.836987][ T7947] [ 265.183131][ T7954] netlink: 12 bytes leftover after parsing attributes in process `syz.0.501'. [ 265.513010][ T7957] netlink: 12 bytes leftover after parsing attributes in process `syz.1.493'. [ 265.722589][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 268.690282][ T24] usb 2-1: USB disconnect, device number 18 [ 268.817918][ T30] kauditd_printk_skb: 23 callbacks suppressed [ 268.817936][ T30] audit: type=1326 audit(1755891241.767:324): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7980 comm="syz.2.510" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x0 [ 269.588104][ T7993] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 271.332711][ T5844] Bluetooth: hci0: command 0x0406 tx timeout [ 273.291852][ T5898] usb 5-1: new high-speed USB device number 16 using dummy_hcd [ 273.703390][ T8000] netlink: 36 bytes leftover after parsing attributes in process `syz.1.514'. [ 274.760422][ T8008] netlink: 12 bytes leftover after parsing attributes in process `syz.1.518'. [ 275.373171][ T8012] FAULT_INJECTION: forcing a failure. [ 275.373171][ T8012] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 275.425424][ T8012] CPU: 1 UID: 0 PID: 8012 Comm: syz.4.519 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 275.425452][ T8012] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 275.425464][ T8012] Call Trace: [ 275.425471][ T8012] [ 275.425479][ T8012] dump_stack_lvl+0x189/0x250 [ 275.425505][ T8012] ? __pfx____ratelimit+0x10/0x10 [ 275.425527][ T8012] ? __pfx_dump_stack_lvl+0x10/0x10 [ 275.425547][ T8012] ? __pfx__printk+0x10/0x10 [ 275.425581][ T8012] should_fail_ex+0x414/0x560 [ 275.425605][ T8012] _copy_to_user+0x31/0xb0 [ 275.425632][ T8012] copy_to_sockptr+0x5e/0xa0 [ 275.425661][ T8012] sk_getsockopt+0x1fe2/0x2530 [ 275.425693][ T8012] ? __pfx_sk_getsockopt+0x10/0x10 [ 275.425719][ T8012] ? do_syscall_64+0x20/0x3b0 [ 275.425752][ T8012] ? __lock_acquire+0xab9/0xd20 [ 275.425807][ T8012] do_sock_getsockopt+0x237/0x450 [ 275.425834][ T8012] ? do_syscall_64+0x20/0x3b0 [ 275.425859][ T8012] ? __pfx_do_sock_getsockopt+0x10/0x10 [ 275.425887][ T8012] ? do_syscall_64+0x20/0x3b0 [ 275.425906][ T8012] ? __fget_files+0x3a0/0x420 [ 275.425926][ T8012] ? __fget_files+0x2a/0x420 [ 275.425955][ T8012] __x64_sys_getsockopt+0x1a5/0x250 [ 275.425982][ T8012] ? do_syscall_64+0x20/0x3b0 [ 275.426005][ T8012] ? do_syscall_64+0x20/0x3b0 [ 275.426030][ T8012] do_syscall_64+0xfa/0x3b0 [ 275.426047][ T8012] ? lockdep_hardirqs_on+0x9c/0x150 [ 275.426067][ T8012] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.426086][ T8012] ? clear_bhb_loop+0x60/0xb0 [ 275.426109][ T8012] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 275.426128][ T8012] RIP: 0033:0x7fefb7b8ebe9 [ 275.426144][ T8012] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 275.426162][ T8012] RSP: 002b:00007fefb8984038 EFLAGS: 00000246 ORIG_RAX: 0000000000000037 [ 275.426183][ T8012] RAX: ffffffffffffffda RBX: 00007fefb7db5fa0 RCX: 00007fefb7b8ebe9 [ 275.426197][ T8012] RDX: 000000000000001c RSI: 0000000000000001 RDI: 0000000000000003 [ 275.426208][ T8012] RBP: 00007fefb8984090 R08: 00002000000006c0 R09: 0000000000000000 [ 275.426221][ T8012] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 275.426233][ T8012] R13: 00007fefb7db6038 R14: 00007fefb7db5fa0 R15: 00007fff483d40e8 [ 275.426265][ T8012] [ 275.782620][ T8018] 9p: Unknown access argument 18446744073709551615: -34 [ 276.491334][ T8038] 8021q: VLANs not supported on lo [ 276.915681][ T30] audit: type=1326 audit(1755891249.447:325): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8032 comm="syz.0.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 276.960172][ T30] audit: type=1326 audit(1755891249.447:326): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8032 comm="syz.0.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 276.990180][ T30] audit: type=1326 audit(1755891249.447:327): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8032 comm="syz.0.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 277.011992][ T30] audit: type=1326 audit(1755891249.447:328): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8032 comm="syz.0.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 277.034652][ T30] audit: type=1326 audit(1755891249.447:329): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8032 comm="syz.0.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 277.058737][ T30] audit: type=1326 audit(1755891249.447:330): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8032 comm="syz.0.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f52fb18d550 code=0x7ffc0000 [ 277.082222][ T30] audit: type=1326 audit(1755891249.457:331): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8032 comm="syz.0.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 277.273152][ T30] audit: type=1326 audit(1755891249.457:332): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8032 comm="syz.0.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 277.296517][ T30] audit: type=1326 audit(1755891249.457:333): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8032 comm="syz.0.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 278.064785][ T30] audit: type=1326 audit(1755891249.457:334): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8032 comm="syz.0.525" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 278.100089][ T8043] overlayfs: missing 'lowerdir' [ 278.546262][ T5898] Process accounting resumed [ 280.058159][ T8070] nfs: Unknown parameter './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' [ 283.155301][ T8097] overlayfs: missing 'lowerdir' [ 286.360165][ T8127] nfs: Unknown parameter './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' [ 288.092218][ T8150] overlayfs: missing 'lowerdir' [ 288.100086][ T5899] usb 5-1: new low-speed USB device number 17 using dummy_hcd [ 289.315180][ T8165] netlink: 12 bytes leftover after parsing attributes in process `syz.0.561'. [ 290.394093][ T5899] usb 5-1: device descriptor read/64, error -71 [ 290.940020][ T5919] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 291.575613][ T8176] nfs: Unknown parameter './file0aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa' [ 292.346279][ T8184] netlink: 12 bytes leftover after parsing attributes in process `syz.3.566'. [ 292.554669][ T8189] tipc: Enabling of bearer rejected, failed to enable media [ 292.906768][ T8192] cifs: Unknown parameter 'no'aN[Gzob,er;%j [ 292.906768][ T8192] z,@qJ#"h/.W1ȱnNC"C<+`#k' [ 293.075440][ T5919] IPVS: starting estimator thread 0... [ 293.171249][ T8204] IPVS: using max 49 ests per chain, 117600 per kthread [ 293.390773][ T5899] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 293.590123][ T5899] usb 5-1: Using ep0 maxpacket: 32 [ 293.607128][ T5899] usb 5-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xC4, changing to 0x84 [ 293.629576][ T5899] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x84 has an invalid bInterval 0, changing to 7 [ 293.671609][ T5899] usb 5-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=51.16 [ 293.686566][ T5899] usb 5-1: New USB device strings: Mfr=154, Product=2, SerialNumber=3 [ 293.717807][ T5899] usb 5-1: Product: syz [ 293.730219][ T5899] usb 5-1: Manufacturer: syz [ 293.736890][ T5899] usb 5-1: SerialNumber: syz [ 293.776532][ T5899] usb 5-1: config 0 descriptor?? [ 293.960922][ T5899] usb 5-1: Warning: ath10k USB support is incomplete, don't expect anything to work! [ 294.019891][ T7706] usb 5-1: Failed to submit usb control message: -71 [ 294.038910][ T7706] usb 5-1: unable to send the bmi data to the device: -71 [ 294.054826][ T5899] usb 5-1: USB disconnect, device number 18 [ 294.069230][ T7706] usb 5-1: unable to get target info from device [ 294.097097][ T7706] usb 5-1: could not get target info (-71) [ 294.125212][ T7706] usb 5-1: could not probe fw (-71) [ 295.910652][ T8229] netlink: 12 bytes leftover after parsing attributes in process `syz.2.575'. [ 297.037092][ T8240] tmpfs: Unknown parameter 'usrquotauencer' [ 303.355831][ T8289] veth1_to_bridge: entered promiscuous mode [ 303.483924][ T8293] veth1_to_bridge: left promiscuous mode [ 304.464592][ T8311] 8021q: VLANs not supported on lo [ 304.484829][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 304.484846][ T30] audit: type=1326 audit(1755891277.437:348): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8306 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4815b8ebe9 code=0x7ffc0000 [ 304.811209][ T30] audit: type=1326 audit(1755891277.467:349): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8306 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f4815b8ebe9 code=0x7ffc0000 [ 304.912099][ T30] audit: type=1326 audit(1755891277.467:350): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8306 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4815b8ebe9 code=0x7ffc0000 [ 305.022765][ T30] audit: type=1326 audit(1755891277.467:351): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8306 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f4815b8ebe9 code=0x7ffc0000 [ 305.080040][ T30] audit: type=1326 audit(1755891277.467:352): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8306 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4815b8ebe9 code=0x7ffc0000 [ 305.162489][ T30] audit: type=1326 audit(1755891277.467:353): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8306 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4815b8d550 code=0x7ffc0000 [ 305.253444][ T30] audit: type=1326 audit(1755891277.467:354): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8306 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4815b8ebe9 code=0x7ffc0000 [ 306.037660][ T30] audit: type=1326 audit(1755891277.467:355): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8306 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f4815b8ebe9 code=0x7ffc0000 [ 306.337463][ T8325] Bluetooth: MGMT ver 1.23 [ 306.342755][ T8325] Bluetooth: hci0: load_link_keys: too big key_count value 2816 [ 306.640031][ T30] audit: type=1326 audit(1755891277.467:356): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8306 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f4815b8ebe9 code=0x7ffc0000 [ 306.785824][ T30] audit: type=1326 audit(1755891277.467:357): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8306 comm="syz.1.595" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f4815b8ebe9 code=0x7ffc0000 [ 307.902973][ T8338] netlink: 36 bytes leftover after parsing attributes in process `syz.4.602'. [ 307.950434][ T8338] bridge_slave_1: left allmulticast mode [ 307.984557][ T8341] netlink: 6 bytes leftover after parsing attributes in process `syz.4.602'. [ 308.019335][ T8338] bridge_slave_1: left promiscuous mode [ 308.037770][ T8341] netlink: 6 bytes leftover after parsing attributes in process `syz.4.602'. [ 308.083047][ T8346] EXT4-fs: Value of option "test_dummy_encryption" is unrecognized [ 308.091601][ T8338] bridge0: port 2(bridge_slave_1) entered disabled state [ 308.099654][ T5899] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 308.114850][ T8338] bridge_slave_0: left allmulticast mode [ 308.125366][ T8338] bridge_slave_0: left promiscuous mode [ 308.177024][ T8338] bridge0: port 1(bridge_slave_0) entered disabled state [ 308.290059][ T5899] usb 3-1: Using ep0 maxpacket: 32 [ 308.297917][ T5899] usb 3-1: config 0 has an invalid interface number: 42 but max is 0 [ 308.332409][ T5899] usb 3-1: config 0 has no interface number 0 [ 308.357099][ T5899] usb 3-1: New USB device found, idVendor=1bcf, idProduct=0b40, bcdDevice=42.27 [ 308.367760][ T5899] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 308.378386][ T5899] usb 3-1: Product: syz [ 308.383045][ T5899] usb 3-1: Manufacturer: syz [ 308.387820][ T5899] usb 3-1: SerialNumber: syz [ 308.400720][ T5899] usb 3-1: config 0 descriptor?? [ 308.888725][ T8340] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 308.999678][ T8340] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 309.083558][ T5899] usb 3-1: Found UVC 0.00 device syz (1bcf:0b40) [ 309.095418][ T5899] usb 3-1: Forcing UVC version to 1.0a [ 309.101170][ T5899] usb 3-1: No valid video chain found. [ 309.109300][ T5899] usb 3-1: USB disconnect, device number 10 [ 309.347382][ T8366] overlayfs: missing 'lowerdir' [ 310.579882][ T8378] 8021q: VLANs not supported on lo [ 310.720191][ T30] kauditd_printk_skb: 13 callbacks suppressed [ 310.720210][ T30] audit: type=1326 audit(1755891283.537:371): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.0.610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 310.982626][ T30] audit: type=1326 audit(1755891283.537:372): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.0.610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 311.073213][ T30] audit: type=1326 audit(1755891283.537:373): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.0.610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 311.101062][ T30] audit: type=1326 audit(1755891283.537:374): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.0.610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 311.173065][ T30] audit: type=1326 audit(1755891283.537:375): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.0.610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 311.392069][ T30] audit: type=1326 audit(1755891283.537:376): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.0.610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f52fb18d550 code=0x7ffc0000 [ 311.973125][ T30] audit: type=1326 audit(1755891283.537:377): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.0.610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 312.392405][ T30] audit: type=1326 audit(1755891283.537:378): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.0.610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 312.644930][ T30] audit: type=1326 audit(1755891283.537:379): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.0.610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 312.738831][ T30] audit: type=1326 audit(1755891283.537:380): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8370 comm="syz.0.610" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 313.350110][ T43] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 313.514513][ T43] usb 5-1: Using ep0 maxpacket: 16 [ 313.670773][ T43] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 313.690468][ T43] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 313.712179][ T43] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 313.721695][ T43] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 313.800656][ T43] usb 5-1: Product: syz [ 313.804874][ T43] usb 5-1: Manufacturer: syz [ 313.809489][ T43] usb 5-1: SerialNumber: syz [ 314.701444][ T8421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 314.759698][ T8421] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 315.342534][ T8433] overlayfs: missing 'lowerdir' [ 315.862827][ T43] usb 5-1: cannot find UAC_HEADER [ 316.309342][ T43] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 316.432365][ T8437] Invalid source name [ 316.513842][ T43] usb 5-1: USB disconnect, device number 19 [ 316.566772][ T7536] udevd[7536]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 317.482849][ T5837] Bluetooth: hci4: command 0x0406 tx timeout [ 317.490776][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 317.498472][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 317.654762][ T8457] 8021q: VLANs not supported on lo [ 317.860830][ T30] kauditd_printk_skb: 14 callbacks suppressed [ 317.860847][ T30] audit: type=1326 audit(1755891290.637:395): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 317.926009][ T30] audit: type=1326 audit(1755891290.637:396): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 317.948961][ T8458] netlink: 8 bytes leftover after parsing attributes in process `syz.3.631'. [ 317.993107][ T30] audit: type=1326 audit(1755891290.637:397): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 318.014969][ T43] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 318.526268][ T30] audit: type=1326 audit(1755891290.637:398): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 318.551152][ T30] audit: type=1326 audit(1755891290.637:399): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 318.580578][ T43] usb 1-1: device descriptor read/64, error -71 [ 318.603033][ T30] audit: type=1326 audit(1755891290.637:400): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f300fb8d550 code=0x7ffc0000 [ 318.701112][ T30] audit: type=1326 audit(1755891290.637:401): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 318.727091][ T30] audit: type=1326 audit(1755891290.637:402): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 318.750483][ T30] audit: type=1326 audit(1755891290.647:403): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 318.783068][ T5898] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 318.897877][ T30] audit: type=1326 audit(1755891290.647:404): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8448 comm="syz.2.630" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f300fb8ebe9 code=0x7ffc0000 [ 318.950093][ T43] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 319.080793][ T5898] usb 5-1: Using ep0 maxpacket: 8 [ 319.088637][ T43] usb 1-1: device descriptor read/64, error -71 [ 319.094327][ T5898] usb 5-1: New USB device found, idVendor=05dc, idProduct=0001, bcdDevice= 0.01 [ 319.112868][ T5898] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 319.159009][ T5898] usb 5-1: config 0 descriptor?? [ 319.181229][ T5898] ums-jumpshot 5-1:0.0: USB Mass Storage device detected [ 319.211970][ T43] usb usb1-port1: attempt power cycle [ 319.212652][ T5898] ums-jumpshot 5-1:0.0: Quirks match for vid 05dc pid 0001: 2 [ 319.250018][ T5884] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 319.428488][ T5884] usb 4-1: Using ep0 maxpacket: 16 [ 319.448668][ T5884] usb 4-1: New USB device found, idVendor=05d1, idProduct=2001, bcdDevice=10.00 [ 319.460777][ T5884] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 319.479092][ T5884] usb 4-1: Product: syz [ 319.499355][ T5884] usb 4-1: Manufacturer: syz [ 319.504268][ T5884] usb 4-1: SerialNumber: syz [ 319.549135][ T5884] usb 4-1: config 0 descriptor?? [ 319.557864][ T5884] ftdi_sio 4-1:0.0: FTDI USB Serial Device converter detected [ 319.765368][ T43] usb 1-1: new high-speed USB device number 11 using dummy_hcd [ 319.786177][ T8473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 319.794955][ T5884] usb 4-1: Detected FT-X [ 319.821228][ T43] usb 1-1: device descriptor read/8, error -71 [ 319.869906][ T8473] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 319.915407][ T8473] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 319.946459][ T8487] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 319.973555][ T8473] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 319.995004][ T8485] netlink: 28 bytes leftover after parsing attributes in process `syz.1.638'. [ 320.004708][ T8487] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 320.031440][ T8485] netlink: 28 bytes leftover after parsing attributes in process `syz.1.638'. [ 320.072050][ T5884] ftdi_sio ttyUSB0: Unable to read latency timer: -71 [ 320.085872][ T43] usb 1-1: new high-speed USB device number 12 using dummy_hcd [ 320.107428][ T5884] ftdi_sio ttyUSB0: Unable to write latency timer: -71 [ 320.126118][ T5884] ftdi_sio 4-1:0.0: GPIO initialisation failed: -71 [ 320.140828][ T43] usb 1-1: device descriptor read/8, error -71 [ 320.149332][ T5884] usb 4-1: FTDI USB Serial Device converter now attached to ttyUSB0 [ 320.173100][ T5884] usb 4-1: USB disconnect, device number 16 [ 320.200552][ T5884] ftdi_sio ttyUSB0: FTDI USB Serial Device converter now disconnected from ttyUSB0 [ 320.225959][ T5884] ftdi_sio 4-1:0.0: device disconnected [ 320.255578][ T43] usb usb1-port1: unable to enumerate USB device [ 320.276407][ T8493] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 320.343747][ T8493] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 320.439346][ T8499] overlayfs: missing 'lowerdir' [ 322.043074][ T5955] usb 5-1: USB disconnect, device number 20 [ 322.149079][ T8512] syzkaller1: entered promiscuous mode [ 322.163701][ T8512] syzkaller1: entered allmulticast mode [ 322.219837][ T8516] netlink: 'syz.4.647': attribute type 10 has an invalid length. [ 322.258117][ T8516] syz_tun: entered promiscuous mode [ 322.279281][ T8521] ptrace attach of "./syz-executor exec"[5849] was attempted by ""[8521] [ 322.397647][ T8516] bond0: (slave syz_tun): Enslaving as an active interface with an up link [ 323.170014][ T5898] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 323.352374][ T5898] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 323.386088][ T5898] usb 2-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 323.411166][ T5898] usb 2-1: New USB device found, idVendor=13e5, idProduct=0001, bcdDevice=4e.53 [ 323.420753][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 323.433523][ T5898] usb 2-1: config 0 descriptor?? [ 323.472296][ T8538] netlink: 12 bytes leftover after parsing attributes in process `syz.3.651'. [ 323.481475][ T8538] netlink: 16 bytes leftover after parsing attributes in process `syz.3.651'. [ 323.512701][ T8538] input: syz0 as /devices/virtual/input/input18 [ 323.765293][ T8543] netlink: 'syz.2.653': attribute type 10 has an invalid length. [ 324.971222][ T8543] 8021q: adding VLAN 0 to HW filter on device bond0 [ 325.092526][ T8543] team0: Port device bond0 added [ 325.192206][ T5898] usb 2-1: USB disconnect, device number 19 [ 325.340329][ T5955] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 325.700217][ T5955] usb 4-1: Using ep0 maxpacket: 16 [ 325.854326][ T5955] usb 4-1: New USB device found, idVendor=061d, idProduct=c020, bcdDevice=9c.15 [ 325.943703][ T5955] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 326.046517][ T5955] usb 4-1: Product: syz [ 326.114569][ T5955] usb 4-1: Manufacturer: syz [ 326.139444][ T7555] udevd[7555]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 326.170187][ T5955] usb 4-1: SerialNumber: syz [ 326.178464][ T8561] overlayfs: missing 'lowerdir' [ 326.213190][ T5955] usb 4-1: config 0 descriptor?? [ 326.243076][ T5955] ssu100 4-1:0.0: Quatech SSU-100 USB to Serial Driver converter detected [ 326.442476][ T5955] ssu100 4-1:0.0: probe with driver ssu100 failed with error -5 [ 327.000446][ T5955] usb 5-1: new high-speed USB device number 21 using dummy_hcd [ 327.390097][ T5955] usb 5-1: device descriptor read/64, error -71 [ 329.783551][ T8580] @: renamed from vlan0 (while UP) [ 330.191522][ T8578] netlink: 'syz.1.662': attribute type 39 has an invalid length. [ 330.740047][ T5955] usb 5-1: new high-speed USB device number 22 using dummy_hcd [ 330.777060][ T8579] netlink: 14601 bytes leftover after parsing attributes in process `syz.1.662'. [ 330.901872][ T5955] usb 5-1: device descriptor read/64, error -71 [ 331.021496][ T5955] usb usb5-port1: attempt power cycle [ 331.051572][ T43] usb 4-1: USB disconnect, device number 17 [ 332.010073][ T5955] usb 5-1: new high-speed USB device number 23 using dummy_hcd [ 332.074922][ T5955] usb 5-1: device descriptor read/8, error -71 [ 333.852666][ T8625] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 333.881360][ T8625] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 334.090186][ T5898] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 334.791382][ T5898] usb 2-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 334.812238][ T5898] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 335.036177][ T5898] usb 2-1: Product: syz [ 335.043896][ T5898] usb 2-1: Manufacturer: syz [ 335.048770][ T5898] usb 2-1: SerialNumber: syz [ 335.529542][ T5898] usb 2-1: config 0 descriptor?? [ 335.547085][ T5898] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 336.230924][ T5898] gspca_sunplus: reg_r err -71 [ 336.296554][ T5898] usb 2-1: USB disconnect, device number 20 [ 337.046450][ T8654] netlink: 24 bytes leftover after parsing attributes in process `syz.0.680'. [ 338.138205][ T8665] overlayfs: missing 'lowerdir' [ 338.312846][ T5884] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 338.996635][ T5884] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 339.012309][ T5884] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 339.026500][ T5884] usb 2-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 339.036343][ T5884] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 339.084303][ T5884] usb 2-1: config 0 descriptor?? [ 339.781837][ T8685] netlink: 8 bytes leftover after parsing attributes in process `syz.4.687'. [ 339.791462][ T8685] netlink: 48 bytes leftover after parsing attributes in process `syz.4.687'. [ 339.858422][ T5884] lg-g15 0003:046D:C222.0004: unknown main item tag 0x0 [ 340.040369][ T5955] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 340.157895][ T5884] lg-g15 0003:046D:C222.0004: hidraw0: USB HID v0.00 Device [HID 046d:c222] on usb-dummy_hcd.1-1/input0 [ 340.618252][ T8692] netlink: 'syz.4.689': attribute type 1 has an invalid length. [ 340.830105][ T5955] usb 1-1: Using ep0 maxpacket: 8 [ 341.003847][ T5884] usb 2-1: USB disconnect, device number 21 [ 341.010205][ T5955] usb 1-1: unable to read config index 0 descriptor/start: -71 [ 341.018462][ T5955] usb 1-1: can't read configurations, error -71 [ 341.107362][ T8698] fido_id[8698]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 341.618587][ T8705] netlink: 24 bytes leftover after parsing attributes in process `syz.1.694'. [ 341.688272][ T8705] netlink: 4 bytes leftover after parsing attributes in process `syz.1.694'. [ 342.599583][ T8720] netlink: 132 bytes leftover after parsing attributes in process `syz.4.697'. [ 345.113143][ T8742] xt_SECMARK: only valid in 'mangle' or 'security' table, not 'filter' [ 345.656964][ T8746] overlayfs: failed to resolve './file0': -2 [ 345.770284][ T5952] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 346.124693][ T5952] usb 3-1: config 0 has an invalid interface number: 156 but max is 0 [ 347.196895][ T5952] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 348.084617][ T8775] overlayfs: fs on './file0' does not support file handles, falling back to index=off,nfs_export=off. [ 348.113795][ T8775] overlayfs: "xino" feature enabled using 2 upper inode bits. [ 348.616215][ T5952] usb 3-1: config 0 has no interface number 0 [ 348.667910][ T5952] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has an invalid bInterval 0, changing to 7 [ 348.680359][ T5952] usb 3-1: config 0 interface 156 altsetting 0 endpoint 0x3 has invalid wMaxPacketSize 0 [ 348.704011][ T5952] usb 3-1: config 0 interface 156 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 348.776529][ T5952] usb 3-1: New USB device found, idVendor=abcd, idProduct=cdee, bcdDevice= 5.b9 [ 348.793503][ T5952] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 348.859299][ T5952] usb 3-1: config 0 descriptor?? [ 348.869362][ T5952] usb 3-1: can't set config #0, error -71 [ 348.946445][ T5952] usb 3-1: USB disconnect, device number 11 [ 348.971679][ T8781] overlayfs: failed to resolve './file0': -2 [ 352.812291][ T5884] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 353.524756][ T5884] usb 1-1: Using ep0 maxpacket: 8 [ 353.541789][ T5884] usb 1-1: unable to get BOS descriptor or descriptor too short [ 353.558476][ T5884] usb 1-1: config 4 interface 0 has no altsetting 0 [ 353.583415][ T5884] usb 1-1: string descriptor 0 read error: -22 [ 353.613732][ T5884] usb 1-1: New USB device found, idVendor=058f, idProduct=6610, bcdDevice=48.05 [ 353.630093][ T5884] usb 1-1: New USB device strings: Mfr=2, Product=0, SerialNumber=3 [ 353.672293][ T5884] usb 1-1: dvb_usb_v2: found a 'Sigmatek DVB-110' in warm state [ 353.729020][ T5884] usb 1-1: dvb_usb_v2: will pass the complete MPEG2 transport stream to the software demuxer [ 353.791012][ T5884] dvbdev: DVB: registering new adapter (Sigmatek DVB-110) [ 353.804924][ T5884] usb 1-1: media controller created [ 353.902626][ T5884] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 354.233138][ T8823] netlink: 'syz.0.722': attribute type 11 has an invalid length. [ 354.248123][ T8823] netlink: 28 bytes leftover after parsing attributes in process `syz.0.722'. [ 354.402348][ T5884] usb 1-1: USB disconnect, device number 15 [ 354.430270][ T5899] usb 4-1: new full-speed USB device number 18 using dummy_hcd [ 354.670186][ T5898] usb 2-1: new full-speed USB device number 22 using dummy_hcd [ 354.836249][ T5899] usb 4-1: unable to get BOS descriptor or descriptor too short [ 354.847362][ T5899] usb 4-1: not running at top speed; connect to a high speed hub [ 354.861569][ T5899] usb 4-1: config 1 interface 0 has no altsetting 0 [ 354.870842][ T5899] usb 4-1: New USB device found, idVendor=05ac, idProduct=0252, bcdDevice= 0.40 [ 354.880079][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 354.890591][ T5899] usb 4-1: Product: syz [ 354.906610][ T5899] usb 4-1: Manufacturer: syz [ 354.914040][ T5899] usb 4-1: SerialNumber: syz [ 354.997862][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 355.020236][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 355.050057][ T5898] usb 2-1: New USB device found, idVendor=05ac, idProduct=0246, bcdDevice= 0.00 [ 355.070037][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 355.107529][ T5898] usb 2-1: config 0 descriptor?? [ 355.151623][ T5899] input: bcm5974 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input24 [ 355.183675][ T5192] bcm5974 4-1:1.0: could not read from device [ 355.291889][ T5899] usb 4-1: USB disconnect, device number 18 [ 355.316631][ T5192] bcm5974 4-1:1.0: could not read from device [ 355.364188][ T8849] 8021q: VLANs not supported on lo [ 355.412210][ T30] kauditd_printk_skb: 11 callbacks suppressed [ 355.412229][ T30] audit: type=1326 audit(1755891328.357:416): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8846 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 355.592113][ T8852] semctl(GETNCNT/GETZCNT) is since 3.16 Single Unix Specification compliant. [ 355.592113][ T8852] The task syz.1.727 (8852) triggered the difference, watch for misbehavior. [ 356.040210][ T5898] apple 0003:05AC:0246.0005: unknown global tag 0xc [ 356.063333][ T5898] apple 0003:05AC:0246.0005: item 0 2 1 12 parsing failed [ 356.122690][ T5898] apple 0003:05AC:0246.0005: parse failed [ 356.162434][ T5898] apple 0003:05AC:0246.0005: probe with driver apple failed with error -22 [ 356.249897][ T8867] netlink: set zone limit has 4 unknown bytes [ 356.509812][ T8871] netlink: 'syz.3.734': attribute type 1 has an invalid length. [ 356.532622][ T8871] netlink: 144 bytes leftover after parsing attributes in process `syz.3.734'. [ 356.574067][ T8871] netlink: 28 bytes leftover after parsing attributes in process `syz.3.734'. [ 356.677150][ T30] audit: type=1326 audit(1755891328.367:417): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8846 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=206 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 356.775664][ T30] audit: type=1326 audit(1755891328.367:418): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8846 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 356.865279][ T30] audit: type=1326 audit(1755891328.367:419): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8846 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=46 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 357.023577][ T30] audit: type=1326 audit(1755891328.367:420): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8846 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 357.550018][ T30] audit: type=1326 audit(1755891328.367:421): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8846 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f52fb18d550 code=0x7ffc0000 [ 357.691606][ T5898] usb 2-1: USB disconnect, device number 22 [ 357.724445][ T30] audit: type=1326 audit(1755891328.367:422): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8846 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 357.949973][ T30] audit: type=1326 audit(1755891328.367:423): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8846 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 358.981859][ T30] audit: type=1326 audit(1755891328.367:424): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8846 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 359.003269][ C1] vkms_vblank_simulate: vblank timer overrun [ 359.098966][ T8892] random: crng reseeded on system resumption [ 359.166222][ T30] audit: type=1326 audit(1755891328.367:425): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=8846 comm="syz.0.729" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f52fb18ebe9 code=0x7ffc0000 [ 359.243998][ T8898] FAULT_INJECTION: forcing a failure. [ 359.243998][ T8898] name failslab, interval 1, probability 0, space 0, times 0 [ 359.320288][ T8898] CPU: 1 UID: 0 PID: 8898 Comm: syz.1.743 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 359.320315][ T8898] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 359.320336][ T8898] Call Trace: [ 359.320344][ T8898] [ 359.320351][ T8898] dump_stack_lvl+0x189/0x250 [ 359.320378][ T8898] ? __pfx____ratelimit+0x10/0x10 [ 359.320397][ T8898] ? __pfx_dump_stack_lvl+0x10/0x10 [ 359.320417][ T8898] ? __pfx__printk+0x10/0x10 [ 359.320443][ T8898] ? __pfx___might_resched+0x10/0x10 [ 359.320461][ T8898] ? fs_reclaim_acquire+0x7d/0x100 [ 359.320488][ T8898] should_fail_ex+0x414/0x560 [ 359.320513][ T8898] should_failslab+0xa8/0x100 [ 359.320535][ T8898] __kmalloc_noprof+0xcb/0x4f0 [ 359.320550][ T8898] ? kfree+0x4d/0x440 [ 359.320572][ T8898] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 359.320600][ T8898] tomoyo_realpath_from_path+0xe3/0x5d0 [ 359.320625][ T8898] ? tomoyo_domain+0xda/0x130 [ 359.320656][ T8898] ? tomoyo_path_number_perm+0x1bc/0x5a0 [ 359.320675][ T8898] tomoyo_path_number_perm+0x1e8/0x5a0 [ 359.320697][ T8898] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 359.320733][ T8898] ? __lock_acquire+0xab9/0xd20 [ 359.320773][ T8898] ? __fget_files+0x2a/0x420 [ 359.320796][ T8898] ? __fget_files+0x2a/0x420 [ 359.320816][ T8898] ? __fget_files+0x3a0/0x420 [ 359.320835][ T8898] ? __fget_files+0x2a/0x420 [ 359.320860][ T8898] security_file_ioctl+0xcb/0x2d0 [ 359.320883][ T8898] __se_sys_ioctl+0x47/0x170 [ 359.320913][ T8898] do_syscall_64+0xfa/0x3b0 [ 359.320932][ T8898] ? lockdep_hardirqs_on+0x9c/0x150 [ 359.320952][ T8898] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.320971][ T8898] ? clear_bhb_loop+0x60/0xb0 [ 359.320995][ T8898] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 359.321012][ T8898] RIP: 0033:0x7f4815b8ebe9 [ 359.321027][ T8898] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 359.321041][ T8898] RSP: 002b:00007f4816a79038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 359.321059][ T8898] RAX: ffffffffffffffda RBX: 00007f4815db6180 RCX: 00007f4815b8ebe9 [ 359.321073][ T8898] RDX: 0000200000000300 RSI: 0000000040045010 RDI: 0000000000000003 [ 359.321084][ T8898] RBP: 00007f4816a79090 R08: 0000000000000000 R09: 0000000000000000 [ 359.321095][ T8898] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 359.321105][ T8898] R13: 00007f4815db6218 R14: 00007f4815db6180 R15: 00007fffbf74e0e8 [ 359.321133][ T8898] [ 359.321140][ T8898] ERROR: Out of memory at tomoyo_realpath_from_path. [ 360.750028][ T5898] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 360.944631][ T5898] usb 3-1: Using ep0 maxpacket: 32 [ 360.965210][ T5898] usb 3-1: config 0 interface 0 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 360.992633][ T5898] usb 3-1: config 0 interface 0 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 361.070926][ T5898] usb 3-1: config 0 interface 0 has no altsetting 0 [ 361.089775][ T5898] usb 3-1: New USB device found, idVendor=056a, idProduct=0094, bcdDevice= 0.00 [ 361.120177][ T5891] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 361.148234][ T5898] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 361.204970][ T5898] usb 3-1: config 0 descriptor?? [ 361.284841][ T5891] usb 1-1: Using ep0 maxpacket: 16 [ 361.304223][ T5891] usb 1-1: unable to get BOS descriptor or descriptor too short [ 361.323907][ T5891] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 361.411740][ T5891] usb 1-1: config 1 interface 0 altsetting 127 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 361.450284][ T5891] usb 1-1: config 1 interface 0 has no altsetting 0 [ 361.460378][ T5891] usb 1-1: New USB device found, idVendor=05ac, idProduct=0242, bcdDevice= 0.40 [ 361.470256][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 361.478374][ T5891] usb 1-1: Product: syz [ 361.499873][ T5891] usb 1-1: Manufacturer: syz [ 361.507986][ T5891] usb 1-1: SerialNumber: syz [ 361.547604][ T5891] input: bcm5974 as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/input/input25 [ 361.663466][ T5898] wacom 0003:056A:0094.0006: Using device in hidraw-only mode [ 361.705067][ T5898] wacom 0003:056A:0094.0006: hidraw0: USB HID v0.05 Device [HID 056a:0094] on usb-dummy_hcd.2-1/input0 [ 361.764749][ T5192] bcm5974 1-1:1.0: could not read from device [ 361.933945][ T5192] bcm5974 1-1:1.0: could not read from device [ 361.952695][ T5192] bcm5974 1-1:1.0: could not read from device [ 361.986589][ T5898] usb 3-1: USB disconnect, device number 12 [ 361.992662][ T5891] usb 1-1: USB disconnect, device number 16 [ 362.023937][ T5192] bcm5974 1-1:1.0: could not read from device [ 362.730044][ T5899] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 362.895568][ T5899] usb 4-1: Using ep0 maxpacket: 32 [ 363.018557][ T5899] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 363.121767][ T5899] usb 4-1: can't read configurations, error -61 [ 363.452216][ T5899] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 364.700072][ T5899] usb 4-1: Using ep0 maxpacket: 32 [ 364.712248][ T5899] usb 4-1: unable to read config index 0 descriptor/start: -61 [ 364.719875][ T5899] usb 4-1: can't read configurations, error -61 [ 364.731106][ T5899] usb usb4-port1: attempt power cycle [ 365.016248][ T8966] netlink: 12 bytes leftover after parsing attributes in process `syz.2.763'. [ 365.120248][ T5899] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 365.168478][ T5899] usb 4-1: Using ep0 maxpacket: 32 [ 366.860040][ T5899] usb 4-1: device descriptor read/all, error -71 [ 370.680152][ T5899] usb 5-1: new high-speed USB device number 25 using dummy_hcd [ 370.883263][ T5899] usb 5-1: Using ep0 maxpacket: 32 [ 370.904874][ T5899] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 2 [ 370.926344][ T5899] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x6 has invalid maxpacket 16384, setting to 64 [ 370.949934][ T9045] IPv6: Can't replace route, no match found [ 370.959338][ T5899] usb 5-1: config 0 interface 0 has no altsetting 1 [ 370.983722][ T5899] usb 5-1: New USB device found, idVendor=1199, idProduct=9004, bcdDevice= f.8c [ 370.993135][ T5899] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.004299][ T5899] usb 5-1: Product: syz [ 371.008643][ T5899] usb 5-1: Manufacturer: syz [ 371.015247][ T5899] usb 5-1: SerialNumber: syz [ 371.055463][ T5899] usb 5-1: config 0 descriptor?? [ 371.088855][ T5899] qmi_wwan 5-1:0.0: probe with driver qmi_wwan failed with error -22 [ 371.390278][ T5899] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 371.479986][ T5955] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 371.602986][ T5899] usb 4-1: Using ep0 maxpacket: 32 [ 371.624687][ T5899] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 371.642564][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 371.655708][ T5899] usb 4-1: Product: syz [ 371.661071][ T5899] usb 4-1: Manufacturer: syz [ 371.663146][ T5955] usb 3-1: Using ep0 maxpacket: 16 [ 371.667233][ T5899] usb 4-1: SerialNumber: syz [ 371.672901][ T5955] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 371.688084][ T5899] usb 4-1: config 0 descriptor?? [ 371.689248][ T5955] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 371.704663][ T5899] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 371.709726][ T5955] usb 3-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.00 [ 371.724314][ T5955] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.736067][ T5955] usb 3-1: config 0 descriptor?? [ 372.040088][ T5898] usb 2-1: new high-speed USB device number 23 using dummy_hcd [ 372.185766][ T5955] mcp2221 0003:04D8:00DD.0007: USB HID v0.05 Device [HID 04d8:00dd] on usb-dummy_hcd.2-1/input0 [ 372.205472][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 372.217306][ T5898] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 372.228907][ T5898] usb 2-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 372.238215][ T5898] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.251566][ T5898] usb 2-1: config 0 descriptor?? [ 372.380087][ T5884] usb 1-1: new full-speed USB device number 17 using dummy_hcd [ 372.384936][ T5919] usb 3-1: USB disconnect, device number 13 [ 372.532823][ T5884] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 1023, setting to 64 [ 372.544021][ T5884] usb 1-1: New USB device found, idVendor=04f3, idProduct=0755, bcdDevice= 0.00 [ 372.553837][ T5884] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 372.566237][ T5884] usb 1-1: config 0 descriptor?? [ 372.572744][ T9067] raw-gadget.4 gadget.0: fail, usb_ep_enable returned -22 [ 372.884866][ T5898] usb 2-1: string descriptor 0 read error: -71 [ 372.893711][ T5898] uclogic 0003:256C:006D.0008: failed retrieving string descriptor #200: -71 [ 372.907173][ T5898] uclogic 0003:256C:006D.0008: failed retrieving pen parameters: -71 [ 372.917113][ T5898] uclogic 0003:256C:006D.0008: failed probing pen v2 parameters: -71 [ 372.929617][ T5898] uclogic 0003:256C:006D.0008: failed probing parameters: -71 [ 372.940214][ T5898] uclogic 0003:256C:006D.0008: probe with driver uclogic failed with error -71 [ 372.970528][ T5898] usb 2-1: USB disconnect, device number 23 [ 373.024252][ T5884] elan 0003:04F3:0755.0009: hidraw0: USB HID v1.01 Device [HID 04f3:0755] on usb-dummy_hcd.0-1/input0 [ 373.467368][ T5884] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 373.564715][ T5955] usb 5-1: USB disconnect, device number 25 [ 373.630282][ T5884] usb 3-1: Using ep0 maxpacket: 32 [ 373.639168][ T5884] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 373.652147][ T5884] usb 3-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 373.673710][ T5884] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 373.688675][ T5884] usb 3-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 373.708361][ T5884] usb 3-1: Product: syz [ 373.713131][ T5884] usb 3-1: Manufacturer: syz [ 373.723135][ T5899] gspca_stk1135: reg_w 0x203 err -71 [ 373.727227][ T5884] hub 3-1:4.0: USB hub found [ 373.742955][ T5899] gspca_stk1135: serial bus timeout: status=0x00 [ 373.749410][ T5899] gspca_stk1135: Sensor write failed [ 373.763218][ T5899] gspca_stk1135: serial bus timeout: status=0x00 [ 373.765210][ T43] usb 1-1: USB disconnect, device number 17 [ 373.769571][ T5899] gspca_stk1135: Sensor write failed [ 373.769601][ T5899] gspca_stk1135: serial bus timeout: status=0x00 [ 373.769613][ T5899] gspca_stk1135: Sensor read failed [ 373.769639][ T5899] gspca_stk1135: serial bus timeout: status=0x00 [ 373.769650][ T5899] gspca_stk1135: Sensor read failed [ 373.769658][ T5899] gspca_stk1135: Detected sensor type unknown (0x0) [ 373.769696][ T5899] gspca_stk1135: serial bus timeout: status=0x00 [ 373.832394][ T9083] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 373.844624][ T9083] F2FS-fs (loop9): Can't find valid F2FS filesystem in 1th superblock [ 373.857809][ T9083] F2FS-fs (loop9): Magic Mismatch, valid(0xf2f52010) - read(0x0) [ 373.867177][ T9083] F2FS-fs (loop9): Can't find valid F2FS filesystem in 2th superblock [ 373.879152][ T5899] gspca_stk1135: Sensor read failed [ 373.908037][ T5899] gspca_stk1135: serial bus timeout: status=0x00 [ 373.918776][ T5899] gspca_stk1135: Sensor read failed [ 373.924149][ T5899] gspca_stk1135: serial bus timeout: status=0x00 [ 373.938025][ T5899] gspca_stk1135: Sensor write failed [ 373.938533][ T5884] hub 3-1:4.0: 2 ports detected [ 373.976684][ T5899] gspca_stk1135: serial bus timeout: status=0x00 [ 373.983162][ T5899] gspca_stk1135: Sensor write failed [ 373.998472][ T5899] stk1135 4-1:0.0: probe with driver stk1135 failed with error -71 [ 374.020791][ T5899] usb 4-1: USB disconnect, device number 23 [ 374.360361][ T5884] hub 3-1:4.0: set hub depth failed [ 374.378840][ T5884] usb 3-1: USB disconnect, device number 14 [ 374.720003][ T5919] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 374.870248][ T5919] usb 1-1: Using ep0 maxpacket: 32 [ 374.882075][ T5899] usb 4-1: new full-speed USB device number 24 using dummy_hcd [ 374.926623][ T5919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 374.945092][ T5919] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 374.956181][ T5919] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 374.969351][ T5919] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 374.992080][ T5919] usb 1-1: config 0 descriptor?? [ 375.004986][ T5919] hub 1-1:0.0: USB hub found [ 375.037148][ T9107] netlink: 8 bytes leftover after parsing attributes in process `syz.2.808'. [ 375.095289][ T5899] usb 4-1: config 0 has an invalid interface number: 41 but max is 0 [ 375.121439][ T5899] usb 4-1: config 0 has no interface number 0 [ 375.152993][ T5899] usb 4-1: config 0 interface 41 has no altsetting 0 [ 375.175973][ T5899] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9800, bcdDevice=d1.9a [ 375.196703][ T5899] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 375.211129][ T5899] usb 4-1: Product: syz [ 375.225478][ T5899] usb 4-1: Manufacturer: syz [ 375.225684][ T5919] hub 1-1:0.0: 1 port detected [ 375.236831][ T5899] usb 4-1: SerialNumber: syz [ 375.244987][ T5899] usb 4-1: config 0 descriptor?? [ 375.391874][ T5884] usb 2-1: new high-speed USB device number 24 using dummy_hcd [ 375.432405][ T5919] hub 1-1:0.0: hub_hub_status failed (err = -71) [ 375.439186][ T5919] hub 1-1:0.0: config failed, can't get hub status (err -71) [ 375.454207][ T5919] usbhid 1-1:0.0: can't add hid device: -71 [ 375.474380][ T5919] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 375.512519][ T5919] usb 1-1: USB disconnect, device number 18 [ 375.551921][ T5884] usb 2-1: Using ep0 maxpacket: 16 [ 375.583111][ T5884] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 375.604865][ T5884] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 375.645407][ T5884] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x2 has invalid wMaxPacketSize 0 [ 375.668968][ T5884] usb 2-1: config 0 interface 0 altsetting 0 bulk endpoint 0x2 has invalid maxpacket 0 [ 375.694598][ T5884] usb 2-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 375.715923][ T5884] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 375.728355][ T5884] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 375.752300][ T5884] usb 2-1: Manufacturer: syz [ 375.780456][ T5884] usb 2-1: config 0 descriptor?? [ 375.883240][ T5899] CoreChips 4-1:0.41: probe with driver CoreChips failed with error -71 [ 375.907019][ T5899] usb 4-1: USB disconnect, device number 24 [ 375.930928][ T9120] netlink: 12 bytes leftover after parsing attributes in process `syz.2.814'. [ 375.980058][ T9120] bridge1: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 376.150044][ T5884] rc_core: IR keymap rc-hauppauge not found [ 376.169723][ T5884] Registered IR keymap rc-empty [ 376.186894][ T5884] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 376.220141][ T5884] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 376.254704][ T5884] rc rc0: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 376.302874][ T5884] input: Conexant Hybrid TV (cx231xx) MCE IR no TX as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input28 [ 376.333504][ T5884] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 376.390350][ T5884] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 376.450177][ T5884] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 376.481375][ T5884] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 376.520140][ T5884] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 376.570221][ T5884] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 376.603592][ T9134] netlink: 8 bytes leftover after parsing attributes in process `syz.3.819'. [ 376.612877][ T5884] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 376.643262][ T9134] netlink: 16 bytes leftover after parsing attributes in process `syz.3.819'. [ 376.664498][ T5884] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 376.691190][ T5884] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 376.730147][ T5884] mceusb 2-1:0.0: Error: mce write submit urb error = -90 [ 376.756979][ T5884] mceusb 2-1:0.0: Registered 424242424242 with mce emulator interface version 1 [ 376.768448][ T5884] mceusb 2-1:0.0: 2 tx ports (0x0 cabled) and 2 rx sensors (0x0 active) [ 376.796799][ T5884] usb 2-1: USB disconnect, device number 24 [ 377.130205][ T43] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 377.200092][ T5952] usb 1-1: new full-speed USB device number 19 using dummy_hcd [ 377.231694][ T5919] usb 5-1: new high-speed USB device number 26 using dummy_hcd [ 377.302950][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 377.315447][ T43] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 377.327690][ T43] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 377.336956][ T43] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.348325][ T43] usb 4-1: config 0 descriptor?? [ 377.383120][ T5952] usb 1-1: config 0 has an invalid interface number: 128 but max is 0 [ 377.404504][ T5952] usb 1-1: config 0 has no interface number 0 [ 377.407022][ T5919] usb 5-1: Using ep0 maxpacket: 8 [ 377.418544][ T5952] usb 1-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 377.422493][ T5919] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 377.427978][ T5952] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.442654][ T5919] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 377.445411][ T5952] usb 1-1: Product: syz [ 377.454513][ T5919] usb 5-1: Product: syz [ 377.457723][ T5952] usb 1-1: Manufacturer: syz [ 377.466021][ T5919] usb 5-1: Manufacturer: syz [ 377.466196][ T5952] usb 1-1: SerialNumber: syz [ 377.474334][ T5919] usb 5-1: SerialNumber: syz [ 377.479685][ T5952] usb 1-1: config 0 descriptor?? [ 377.500662][ T5919] usb 5-1: config 0 descriptor?? [ 377.711716][ T5919] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 377.925989][ T5919] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 377.960559][ T5919] usb 5-1: USB disconnect, device number 26 [ 378.095909][ T5952] usb 1-1: Firmware version (0.0) predates our first public release. [ 378.120131][ T5952] usb 1-1: Please update to version 0.2 or newer [ 378.177174][ T43] uclogic 0003:256C:006D.000A: failed retrieving Huion firmware version: -71 [ 378.204096][ T5952] usb 1-1: USB disconnect, device number 19 [ 378.222765][ T43] uclogic 0003:256C:006D.000A: failed probing parameters: -71 [ 378.247058][ T43] uclogic 0003:256C:006D.000A: probe with driver uclogic failed with error -71 [ 378.298575][ T43] usb 4-1: USB disconnect, device number 25 [ 378.656491][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 378.659756][ T5837] Bluetooth: hci0: Controller not accepting commands anymore: ncmd = 0 [ 378.663036][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 378.672030][ T5837] Bluetooth: hci0: Injecting HCI hardware error event [ 378.686208][ T5837] Bluetooth: hci0: hardware error 0x00 [ 378.954749][ T9181] Bluetooth: hci0: invalid length 0, exp 2 for type 0 [ 379.602548][ T9201] netlink: 16 bytes leftover after parsing attributes in process `syz.4.847'. [ 379.677751][ T9203] netlink: 'syz.3.848': attribute type 1 has an invalid length. [ 379.873452][ T9171] syz.2.834 (9171): drop_caches: 2 [ 380.054501][ T9210] bond2: (slave ip6gretap1): Enslaving as a backup interface with an up link [ 380.138619][ T9215] bond2 (unregistering): (slave ip6gretap1): Releasing backup interface [ 380.154549][ T9215] bond2 (unregistering): Released all slaves [ 380.161921][ T9220] netlink: 4 bytes leftover after parsing attributes in process `syz.1.853'. [ 380.729418][ T9242] netlink: 'syz.3.863': attribute type 10 has an invalid length. [ 380.805939][ T9242] team0: Port device netdevsim0 added [ 380.820443][ T5837] Bluetooth: hci0: Opcode 0x0c03 failed: -110 [ 381.188566][ T9256] netlink: 'syz.2.868': attribute type 4 has an invalid length. [ 381.210969][ T43] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 381.310078][ T5919] usb 2-1: new high-speed USB device number 25 using dummy_hcd [ 381.380464][ T43] usb 1-1: Using ep0 maxpacket: 8 [ 381.385957][ T13] [ 381.388318][ T13] ====================================================== [ 381.390233][ T43] usb 1-1: unable to get BOS descriptor or descriptor too short [ 381.395498][ T13] WARNING: possible circular locking dependency detected [ 381.395520][ T13] 6.16.0-syzkaller #0 Not tainted [ 381.395531][ T13] ------------------------------------------------------ [ 381.405603][ T5837] Bluetooth: Frame is too long (len 12, expected len 4) [ 381.410135][ T13] kworker/u8:1/13 is trying to acquire lock: [ 381.410149][ T13] ffff888078644e00 (team->team_lock_key#5){+.+.}-{4:4}, at: team_device_event+0x544/0xa20 [ 381.420608][ T43] usb 1-1: config 1 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 381.422180][ T13] [ 381.422180][ T13] but task is already holding lock: [ 381.422190][ T13] ffff88805928cd30 [ 381.429268][ T43] usb 1-1: config 1 interface 0 altsetting 10 endpoint 0x81 has invalid maxpacket 57943, setting to 1024 [ 381.435050][ T13] (&dev_instance_lock_key#20){+.+.}-{4:4}, at: __linkwatch_run_queue+0x4a0/0x7e0 [ 381.435097][ T13] [ 381.435097][ T13] which lock already depends on the new lock. [ 381.435097][ T13] [ 381.435104][ T13] [ 381.435104][ T13] the existing dependency chain (in reverse order) is: [ 381.435117][ T13] [ 381.435117][ T13] -> #1 [ 381.445982][ T43] usb 1-1: config 1 interface 0 altsetting 10 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 381.455881][ T13] (&dev_instance_lock_key#20){+.+.}-{4:4}: [ 381.455916][ T13] lock_acquire+0x120/0x360 [ 381.455935][ T13] __mutex_lock+0x182/0xe80 [ 381.455952][ T13] dev_set_mtu+0x10e/0x260 [ 381.455974][ T13] team_add_slave+0x8b8/0x2840 [ 381.464380][ T43] usb 1-1: config 1 interface 0 has no altsetting 0 [ 381.467012][ T13] do_set_master+0x530/0x6d0 [ 381.467040][ T13] do_setlink+0xcf0/0x41c0 [ 381.481791][ T43] usb 1-1: New USB device found, idVendor=1038, idProduct=1410, bcdDevice= 0.40 [ 381.487463][ T13] rtnl_newlink+0x160b/0x1c70 [ 381.487493][ T13] rtnetlink_rcv_msg+0x7cc/0xb70 [ 381.498910][ T43] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.506876][ T13] netlink_rcv_skb+0x205/0x470 [ 381.506904][ T13] netlink_unicast+0x75c/0x8e0 [ 381.506924][ T13] netlink_sendmsg+0x805/0xb30 [ 381.512584][ T43] usb 1-1: Product: syz [ 381.524746][ T13] __sock_sendmsg+0x21c/0x270 [ 381.524770][ T13] ____sys_sendmsg+0x505/0x830 [ 381.524793][ T13] ___sys_sendmsg+0x21f/0x2a0 [ 381.524815][ T13] __x64_sys_sendmsg+0x19b/0x260 [ 381.531424][ T43] usb 1-1: Manufacturer: syz [ 381.535695][ T13] do_syscall_64+0xfa/0x3b0 [ 381.535720][ T13] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 381.541395][ T43] usb 1-1: SerialNumber: syz [ 381.545661][ T13] [ 381.545661][ T13] -> #0 (team->team_lock_key#5){+.+.}-{4:4}: [ 381.665158][ T13] validate_chain+0xb9b/0x2140 [ 381.670464][ T13] __lock_acquire+0xab9/0xd20 [ 381.675677][ T13] lock_acquire+0x120/0x360 [ 381.680710][ T13] __mutex_lock+0x182/0xe80 [ 381.685748][ T13] team_device_event+0x544/0xa20 [ 381.690248][ T5479] usb 3-1: new full-speed USB device number 15 using dummy_hcd [ 381.691206][ T13] notifier_call_chain+0x1b3/0x3e0 [ 381.691231][ T13] netif_state_change+0x284/0x3a0 [ 381.709917][ T13] linkwatch_do_dev+0x117/0x170 [ 381.715310][ T13] __linkwatch_run_queue+0x56d/0x7e0 [ 381.721332][ T13] linkwatch_event+0x4c/0x60 [ 381.726438][ T13] process_scheduled_works+0xade/0x17b0 [ 381.732519][ T13] worker_thread+0x8a0/0xda0 [ 381.737655][ T13] kthread+0x70e/0x8a0 [ 381.742268][ T13] ret_from_fork+0x3fc/0x770 [ 381.747421][ T13] ret_from_fork_asm+0x1a/0x30 [ 381.752731][ T13] [ 381.752731][ T13] other info that might help us debug this: [ 381.752731][ T13] [ 381.762965][ T13] Possible unsafe locking scenario: [ 381.762965][ T13] [ 381.770509][ T13] CPU0 CPU1 [ 381.775892][ T13] ---- ---- [ 381.781266][ T13] lock(&dev_instance_lock_key#20); [ 381.786611][ T13] lock(team->team_lock_key#5); [ 381.794098][ T13] lock(&dev_instance_lock_key#20); [ 381.802023][ T13] lock(team->team_lock_key#5); [ 381.807162][ T13] [ 381.807162][ T13] *** DEADLOCK *** [ 381.807162][ T13] [ 381.815316][ T13] 4 locks held by kworker/u8:1/13: [ 381.820435][ T13] #0: ffff88801a489148 ((wq_completion)events_unbound){+.+.}-{0:0}, at: process_scheduled_works+0x9b4/0x17b0 [ 381.832125][ T13] #1: ffffc90000127bc0 ((linkwatch_work).work){+.+.}-{0:0}, at: process_scheduled_works+0x9ef/0x17b0 [ 381.843219][ T13] #2: ffffffff8f509f08 (rtnl_mutex){+.+.}-{4:4}, at: linkwatch_event+0xe/0x60 [ 381.852218][ T13] #3: ffff88805928cd30 (&dev_instance_lock_key#20){+.+.}-{4:4}, at: __linkwatch_run_queue+0x4a0/0x7e0 [ 381.863309][ T13] [ 381.863309][ T13] stack backtrace: [ 381.869219][ T13] CPU: 0 UID: 0 PID: 13 Comm: kworker/u8:1 Not tainted 6.16.0-syzkaller #0 PREEMPT(full) [ 381.869243][ T13] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 07/12/2025 [ 381.869256][ T13] Workqueue: events_unbound linkwatch_event [ 381.869283][ T13] Call Trace: [ 381.869293][ T13] [ 381.869300][ T13] dump_stack_lvl+0x189/0x250 [ 381.869324][ T13] ? __pfx_dump_stack_lvl+0x10/0x10 [ 381.869344][ T13] ? __pfx__printk+0x10/0x10 [ 381.869368][ T13] ? print_lock_name+0xde/0x100 [ 381.869392][ T13] print_circular_bug+0x2ee/0x310 [ 381.869424][ T13] check_noncircular+0x134/0x160 [ 381.869449][ T13] validate_chain+0xb9b/0x2140 [ 381.869480][ T13] __lock_acquire+0xab9/0xd20 [ 381.869500][ T13] ? team_device_event+0x544/0xa20 [ 381.869517][ T13] lock_acquire+0x120/0x360 [ 381.869533][ T13] ? team_device_event+0x544/0xa20 [ 381.869553][ T13] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 381.869585][ T13] __mutex_lock+0x182/0xe80 [ 381.869604][ T13] ? team_device_event+0x544/0xa20 [ 381.869623][ T13] ? __try_to_del_timer_sync+0x34a/0x3a0 [ 381.869646][ T13] ? team_device_event+0x544/0xa20 [ 381.869663][ T13] ? __pfx___mutex_lock+0x10/0x10 [ 381.869685][ T13] ? fib_sync_down_dev+0x66/0x7b0 [ 381.869715][ T13] team_device_event+0x544/0xa20 [ 381.869733][ T13] notifier_call_chain+0x1b3/0x3e0 [ 381.869756][ T13] netif_state_change+0x284/0x3a0 [ 381.869778][ T13] ? __pfx_netif_state_change+0x10/0x10 [ 381.869799][ T13] ? dev_deactivate+0x129/0x1b0 [ 381.869823][ T13] ? nsim_get_iflink+0x20/0x280 [ 381.869851][ T13] ? rfc2863_policy+0x1c6/0x3e0 [ 381.869869][ T13] linkwatch_do_dev+0x117/0x170 [ 381.869888][ T13] __linkwatch_run_queue+0x56d/0x7e0 [ 381.869906][ T13] ? __pfx___linkwatch_run_queue+0x10/0x10 [ 381.869925][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 381.869941][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 381.869961][ T13] ? process_scheduled_works+0x9ef/0x17b0 [ 381.869981][ T13] linkwatch_event+0x4c/0x60 [ 381.869998][ T13] process_scheduled_works+0xade/0x17b0 [ 381.870031][ T13] ? __pfx_process_scheduled_works+0x10/0x10 [ 381.870058][ T13] worker_thread+0x8a0/0xda0 [ 381.870090][ T13] kthread+0x70e/0x8a0 [ 381.870115][ T13] ? __pfx_worker_thread+0x10/0x10 [ 381.870135][ T13] ? __pfx_kthread+0x10/0x10 [ 381.870159][ T13] ? _raw_spin_unlock_irq+0x23/0x50 [ 381.870176][ T13] ? lockdep_hardirqs_on+0x9c/0x150 [ 381.870194][ T13] ? __pfx_kthread+0x10/0x10 [ 381.870218][ T13] ret_from_fork+0x3fc/0x770 [ 381.870238][ T13] ? __pfx_ret_from_fork+0x10/0x10 [ 381.870259][ T13] ? __switch_to_asm+0x39/0x70 [ 381.870281][ T13] ? __switch_to_asm+0x33/0x70 [ 381.870303][ T13] ? __pfx_kthread+0x10/0x10 [ 381.870327][ T13] ret_from_fork_asm+0x1a/0x30 [ 381.870354][ T13] [ 381.932081][ T5479] usb 3-1: config 0 has an invalid interface number: 128 but max is 0 [ 382.044380][ T5919] usb 2-1: New USB device found, idVendor=0bda, idProduct=8150, bcdDevice= 0.00 [ 382.088035][ T5479] usb 3-1: config 0 has no interface number 0 [ 382.101653][ T5919] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.137372][ T5479] usb 3-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 382.137400][ T5479] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 382.142262][ T5919] usb 2-1: Product: syz [ 382.146802][ T5479] usb 3-1: Product: syz [ 382.153582][ T5919] usb 2-1: Manufacturer: syz [ 382.164166][ T5479] usb 3-1: Manufacturer: syz [ 382.169108][ T5919] usb 2-1: SerialNumber: syz [ 382.180535][ T5479] usb 3-1: SerialNumber: syz [ 382.230220][ T5479] usb 3-1: config 0 descriptor?? [ 382.472534][ T43] usbhid 1-1:1.0: can't add hid device: -71 [ 382.478597][ T43] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 382.494284][ T43] usb 1-1: USB disconnect, device number 20 [ 382.659427][ T5919] rtl8150 2-1:1.0: couldn't reset the device [ 382.668119][ T5919] rtl8150 2-1:1.0: probe with driver rtl8150 failed with error -5 [ 382.682247][ T5919] usb 2-1: USB disconnect, device number 25 [ 383.443556][ T5479] usb 3-1: Firmware version (0.0) predates our first public release. [ 383.451911][ T5479] usb 3-1: Please update to version 0.2 or newer [ 383.487723][ T5479] usb 3-1: USB disconnect, device number 15