last executing test programs: 5.470748013s ago: executing program 0 (id=510): syz_open_procfs(0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$USBDEVFS_RESET(0xffffffffffffffff, 0x5514) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = open$dir(&(0x7f0000000040)='./cgroup.cpu/cgroup.procs\x00', 0x400, 0x7b) writev(0xffffffffffffffff, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(r0, 0x8008f512, &(0x7f0000000100)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aa0010000000a050000000000000000000000000a4f000600224a8b97667ada60f074b657a0a6852f21fa19ab9ca2af68e03a8243cecebc349a55cceaa41a8de9505e1ce8af02f668f51a459219750b54ace15b52c6a7b21fce4315c21fae0ad632816e000900010073797a30000000000900010073797a3000000000150006002668f346770cb7d5d34d26358210148cd80000000800024000000000240006005f862c73da8badeb239b0501b42fca60d13f230a778b03b2270587adce1394350c0004400000000000000005d4000620a69f1185cbe064a38a03154258b1e1669c6cab0de829d23cc6546668c2ce1171511817c565b3d423a2362ba8300cd38d6dbf308fffdc85fa0b05ea3cd7c282c737e7c6416bba8e13b951a45d2f1eb1bb60b788774bc3effaa5d0dd07b40285f538998b8427c1a530ef72f87a3cfa070c1349f541219ca975fd7628b76e6e20a8ba57b2447092b55c1651d3371165291b694ad032780f9de792b5e781a770e783aff17305cfd760589a9a20c6b95d367358bf100919559cc1cc715754cb7b6396042d5c5c9edc0d8d11a585e888dbb645140000001100010000000000000000000000000a"], 0x1c8}}, 0x4048080) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x28}}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001000)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x17) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f00000000c0)={0x41, 0x16}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100)={0x41}, 0x1be) sendmsg$tipc(r4, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x0) 5.140346989s ago: executing program 3 (id=511): socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\v'], 0x48) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000"], 0x0}, 0x94) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={0x0, 0x0}) close(r4) setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) r6 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r6, 0x10f, 0x87, 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=ANY=[], 0x1458}, 0x10) 4.901946526s ago: executing program 3 (id=516): socketpair$unix(0x1, 0x2, 0x0, 0x0) syz_usb_connect(0x0, 0x5f, 0x0, 0x0) r0 = socket$inet_udp(0x2, 0x2, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) bind$inet(r0, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r0, &(0x7f0000000480)={0x2, 0x4e23, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r0, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@dev={0xfe, 0x80, '\x00', 0x4}, @in6=@empty, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x0, 0x0, 0x0, 0x4, 0x0, 0xfffffffffffffffc, 0x0, 0x6}, {0x0, 0x0, 0x400000000}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x3}, {{@in6=@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010101}, 0x0, 0x32}, 0x0, @in=@private=0xa010101, 0x0, 0x0, 0x0, 0xb7, 0x2, 0xfffffffe}}, 0xe8) sendmmsg(r0, &(0x7f0000007fc0), 0x800001d, 0x1c) (fail_nth: 7) 4.843862193s ago: executing program 4 (id=519): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000540)={{0x14}, [@NFT_MSG_NEWRULE={0x50, 0x6, 0xa, 0x160b, 0x0, 0x0, {0x2, 0x0, 0x8}, [@NFTA_RULE_EXPRESSIONS={0x24, 0x4, 0x0, 0x1, [{0x20, 0x1, 0x0, 0x1, @nat={{0x8}, @val={0x14, 0x2, 0x0, 0x1, [@NFTA_NAT_TYPE={0x8}, @NFTA_NAT_REG_ADDR_MIN={0x8, 0x3, 0x1, 0x0, 0x14}]}}}]}, @NFTA_RULE_TABLE={0x9, 0x1, 'syz0\x00'}, @NFTA_RULE_CHAIN={0x9, 0x2, 'syz2\x00'}]}], {0x14}}, 0x78}, 0x1, 0x0, 0x0, 0x850}, 0x4040080) 4.452125091s ago: executing program 0 (id=522): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000007c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc(sm4)\x00'}, 0x58) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000001280)="b7f2288a911993f08d3aaea2bc0000de", 0x10) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000440)={0xffffffffffffffff, 0x5, 0x8, 0x0, &(0x7f0000000000)="259a53003e4c6588", 0x0, 0xd01, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) r1 = socket$inet6_sctp(0xa, 0x5, 0x84) r2 = syz_open_dev$vbi(&(0x7f0000000000), 0x0, 0x2) ioctl$VIDIOC_S_FREQUENCY(r2, 0x402c5639, &(0x7f0000001080)={0x4000000, 0x2, 0xada}) getsockopt$inet_sctp6_SCTP_GET_ASSOC_ID_LIST(r1, 0x84, 0x1d, &(0x7f0000000000)={0x1, [0x0]}, &(0x7f0000000080)=0x8) socket$nl_netfilter(0x10, 0x3, 0xc) socket$caif_stream(0x25, 0x1, 0x4) r3 = syz_init_net_socket$llc(0x1a, 0x801, 0x0) r4 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r4, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000240)={0x0}, 0x1, 0x0, 0x0, 0x10}, 0x0) socket$inet(0x2, 0x801, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r5 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r5, &(0x7f0000002000)=""/102400, 0x19000) openat$iommufd(0xffffffffffffff9c, 0x0, 0x452280, 0x0) syz_emit_vhci(&(0x7f00000001c0)=@HCI_VENDOR_PKT, 0x2) sendto$inet(0xffffffffffffffff, 0x0, 0x0, 0x200007fd, &(0x7f0000e68000)={0x2, 0x4e23, @local}, 0x10) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER(0xffffffffffffffff, 0x84, 0x7b, &(0x7f0000000080)={0x0, 0x808000}, 0x8) getsockopt$bt_hci(0xffffffffffffffff, 0x84, 0x7f, 0x0, 0x0) r6 = gettid() rt_tgsigqueueinfo(r6, r6, 0x4, &(0x7f0000000080)={0x8, 0x0, 0x4}) openat$adsp1(0xffffffffffffff9c, 0x0, 0x0, 0x0) bind$llc(r3, &(0x7f0000000000)={0x1a, 0x0, 0x0, 0x80, 0x89, 0x42, @random="fc16b12ec7c6"}, 0x10) mkdir(&(0x7f0000000000)='./cgroup/../file0\x00', 0x0) 3.377788414s ago: executing program 4 (id=525): r0 = socket$inet_smc(0x2b, 0x1, 0x0) r1 = epoll_create1(0x80000) rseq(&(0x7f0000000080)={0x0, 0x0, 0x0, 0x1}, 0x20, 0x0, 0x0) epoll_ctl$EPOLL_CTL_ADD(r1, 0x1, r0, &(0x7f0000000080)={0x10000010}) syz_usb_connect$uac1(0x8bf078b18fd7af74, 0xb2, &(0x7f0000000000)=ANY=[@ANYRESDEC=0x0], &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0}) 3.278404299s ago: executing program 0 (id=526): socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\v'], 0x48) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000"], 0x0}, 0x94) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={0x0, 0x0}) close(r4) setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) r6 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r6, 0x10f, 0x87, 0x0, 0x0) sendmsg$kcm(r6, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000900)=ANY=[], 0x1458}, 0x10) 3.082135575s ago: executing program 0 (id=529): r0 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x1) bind$bt_hci(r0, &(0x7f0000000000)={0x1f, 0xffffffffffffffff, 0x3}, 0x6) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000240)={0x1, &(0x7f0000000000)=[{0x6, 0x85, 0x7, 0x7ffc0001}]}) r2 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r2, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="02030609100000000000004c9e000000020013000200000000000000ff0800ed05000600200000000a0006000000000026b900000000000000001ffeff0001000003f1dc7f7c6e7c0200010000000000004000020000000005000500000000000a"], 0x80}}, 0x0) sendmsg$key(r2, &(0x7f00000001c0)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="02030609100000000000004c9e0000000200130002eb0e00000000000000000105000600200000000a00000040010000000500e50000070000001f00001a000000030000a95a6e870200010000e9ff070040000200000000050005000000cc580a"], 0x80}}, 0x24000000) r3 = openat(0xffffffffffffff9c, &(0x7f0000000580)='./file0\x00', 0x2c41, 0x0) flock(r3, 0x5) sendmsg$NLBL_CIPSOV4_C_ADD(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000100)=ANY=[@ANYBLOB=',', @ANYRES8=r1], 0x44}}, 0x0) write$bt_hci(r0, &(0x7f0000000080)=ANY=[], 0x6) 2.555952821s ago: executing program 4 (id=534): socket$nl_audit(0x10, 0x3, 0x9) r0 = socket$tipc(0x1e, 0x5, 0x0) r1 = socket(0x10, 0x2, 0x6) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000540)='./file5\x00', 0x82c0, 0x0) r3 = fanotify_init(0xf00, 0x0) fanotify_mark(r3, 0x105, 0x5000003a, r2, 0x0) fanotify_mark(r3, 0x451, 0x8, r2, 0x0) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="700200001300290a00000000000000", @ANYRES64=r3, @ANYBLOB="000000000000000010010c8013000c800ca3488008000000000000000800038064001d80050006000000000014000500714abbd2547de97cbbf6efb226f19bf90d0002003a288e5e5b5b5a40000000006000078014000400293a02149f3b75a67093c28fd6f55a2314000400e48f01e49713f0c2d839f940d9f088d8050006000000003bd00002006272696467655f736c6176655f30000007000200293a000005"], 0x270}, 0x1, 0x0, 0x0, 0x20008014}, 0x4) bind$tipc(r0, &(0x7f0000000340)=@nameseq={0x1e, 0x1, 0x3, {0x43}}, 0x10) r4 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000100)={0x43, 0x4, 0x3, 0x3}, 0x10) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = signalfd4(r5, &(0x7f0000000080)={[0x9]}, 0x8, 0x800) r7 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000180), 0xffffffffffffffff) sendmsg$TIPC_NL_BEARER_DISABLE(r6, &(0x7f0000000580)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x80}, 0xc, &(0x7f0000000300)={&(0x7f0000000380)={0x190, r7, 0x4, 0x70bd29, 0x25dfdbff, {}, [@TIPC_NLA_MON={0x34, 0x9, 0x0, 0x1, [@TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0xfffffff1}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x6}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x2}, @TIPC_NLA_MON_ACTIVATION_THRESHOLD={0x8, 0x1, 0x6}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x2}, @TIPC_NLA_MON_REF={0x8, 0x2, 0x8}]}, @TIPC_NLA_PUBL={0xc, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x10001}]}, @TIPC_NLA_SOCK={0x54, 0x2, 0x0, 0x1, [@TIPC_NLA_SOCK_REF={0x8}, @TIPC_NLA_SOCK_CON={0x44, 0x3, 0x0, 0x1, [@TIPC_NLA_CON_FLAG={0x8, 0x1, 0x100}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0x1}, @TIPC_NLA_CON_FLAG={0x8, 0x1, 0xfffffff7}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x401}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0xff}, @TIPC_NLA_CON_NODE={0x8}, @TIPC_NLA_CON_NODE={0x8, 0x2, 0x8}]}, @TIPC_NLA_SOCK_HAS_PUBL={0x4}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x90}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x8}, @TIPC_NLA_PUBL_TYPE={0x8, 0x1, 0x1}]}, @TIPC_NLA_PUBL={0x1c, 0x3, 0x0, 0x1, [@TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0xe3b}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x1}, @TIPC_NLA_PUBL_UPPER={0x8, 0x3, 0x9}]}, @TIPC_NLA_NODE={0xb0, 0x6, 0x0, 0x1, [@TIPC_NLA_NODE_KEY={0x44, 0x4, {'gcm(aes)\x00', 0x1c, "0ea529c3743618830af7faec2b304196bafd64b3500f6cab373ce83a"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}, @TIPC_NLA_NODE_ID={0x1b, 0x3, "a35f9dbd91642246a20fa1d98249611f182a3f0b8030d4"}, @TIPC_NLA_NODE_KEY={0x41, 0x4, {'gcm(aes)\x00', 0x19, "6f534b20b5cb64ae18c1b1bc374bd2339f9fb1c5b0f4e53a32"}}, @TIPC_NLA_NODE_KEY_MASTER={0x4}]}]}, 0x190}, 0x1, 0x0, 0x0, 0x40040}, 0x40891) r8 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_NET_SET(r5, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000140)=ANY=[@ANYBLOB='\x00\x00\x00\x00', @ANYRES16=r8, @ANYBLOB="010027bd7000fcdbdf250f0000000c00078008000200faffffff"], 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x0) 2.419748005s ago: executing program 4 (id=537): r0 = socket$netlink(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) sendmsg$BATADV_CMD_GET_MESH(r1, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={0x0, 0x32}}, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000000)=ANY=[@ANYBLOB="3800000010000507000000000004000000000000", @ANYRES32=r2, @ANYBLOB="00000016010000001800120008000100736974000c0002000800030036"], 0x38}}, 0x0) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000280)=ANY=[@ANYBLOB="38000000100039042cbd7000eaffffff000003e4b3d81becb27d35f58029a27948878dae82385b3d1379106e1d94367cd79d542b3903b4bd5d41be879dbf08abad7dd0f3d79aea0d3ce0cf8552594e1f2927ce23a05bf5d7e1e422828ca5cce768", @ANYRES32=r2, @ANYBLOB="830004002a6000001800128008000100736974000c0002800800140005000000"], 0x38}, 0x1, 0x0, 0x0, 0x48084}, 0x4040) 2.187714572s ago: executing program 4 (id=540): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x4, 0x0, 0x0) write$nci(0xffffffffffffffff, 0x0, 0xfffffeea) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r2, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000480)=ANY=[@ANYBLOB="4c00000002060108000034e40000000000000000050001000600000005000400000000000900020073797a3100000000050005000200000c12000300686173683a6e65742c706f7274"], 0x4c}}, 0x2) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r3, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r4, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000070601080000001e000000000a0000040500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000040961b090000000000000109022400010000"], 0x0) close_range(r1, 0xffffffffffffffff, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000380)={&(0x7f0000002200)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a440000000c0a010100000000000000000a0000040900010073797a31000000000900"], 0x6c}, 0x1, 0x0, 0x0, 0x20000000}, 0x40000000) 1.649547094s ago: executing program 0 (id=547): prlimit64(0x0, 0xe, &(0x7f0000000600)={0x9, 0x20000008b}, 0x0) r0 = getpid() socket$packet(0x11, 0x2, 0x300) r1 = socket$inet6(0xa, 0x3, 0xaddc) sendto$inet6(r1, 0x0, 0x0, 0x4c881, &(0x7f0000000540)={0xa, 0x4e24, 0x0, @mcast2}, 0x1c) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) r2 = syz_init_net_socket$llc(0x1a, 0x1, 0x0) connect$llc(r2, &(0x7f0000000180)={0x1a, 0x0, 0x1, 0x8, 0x0, 0x0, @remote}, 0x10) recvmmsg(r2, &(0x7f00000001c0)=[{{0x0, 0x0, &(0x7f0000000100)=[{&(0x7f0000000440)=""/209, 0xd1}], 0x1}, 0x828}], 0x1, 0x2000, 0x0) sendmmsg(r2, &(0x7f0000001380), 0x3fffffffffffeed, 0x0) 1.644435861s ago: executing program 3 (id=548): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000000), 0xffffffffffffffff) setresuid(0x0, 0xee01, 0xee00) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000580)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r2, 0x8923, &(0x7f00000000c0)={'pimreg1\x00', @random="0134014030d9"}) mount$9p_fd(0x0, &(0x7f0000000040)='./file0\x00', &(0x7f0000000080), 0x80, &(0x7f00000000c0)={'trans=fd,', {}, 0x2c, {'wfdno', 0x3d, r0}, 0x2c, {[{@msize={'msize', 0x3d, 0x7}}, {@fscache}], [{@measure}]}}) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r0, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)={0x30, r1, 0x1, 0x0, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x1c, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_PORT={0x6, 0x5, 0x4e23}, @MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @multicast1=0xac1414aa}]}]}, 0x30}}, 0x0) 924.042773ms ago: executing program 3 (id=553): syz_open_procfs(0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$USBDEVFS_RESET(0xffffffffffffffff, 0x5514) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000100)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aa0010000000a050000000000000000000000000a4f000600224a8b97667ada60f074b657a0a6852f21fa19ab9ca2af68e03a8243cecebc349a55cceaa41a8de9505e1ce8af02f668f51a459219750b54ace15b52c6a7b21fce4315c21fae0ad632816e000900010073797a30000000000900010073797a3000000000150006002668f346770cb7d5d34d26358210148cd80000000800024000000000240006005f862c73da8badeb239b0501b42fca60d13f230a778b03b2270587adce1394350c0004400000000000000005d4000620a69f1185cbe064a38a03154258b1e1669c6cab0de829d23cc6546668c2ce1171511817c565b3d423a2362ba8300cd38d6dbf308fffdc85fa0b05ea3cd7c282c737e7c6416bba8e13b951a45d2f1eb1bb60b788774bc3effaa5d0dd07b40285f538998b8427c1a530ef72f87a3cfa070c1349f541219ca975fd7628b76e6e20a8ba57b2447092b55c1651d3371165291b694ad032780f9de792b5e781a770e783aff17305cfd760589a9a20c6b95d367358bf100919559cc1cc715754cb7b6396042d5c5c9edc0d8d11a585e888dbb645140000001100010000000000000000000000000a"], 0x1c8}}, 0x4048080) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x28}}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001000)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x17) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f00000000c0)={0x41, 0x16}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100)={0x41}, 0x1be) sendmsg$tipc(r4, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x0) 813.674606ms ago: executing program 2 (id=556): pwrite64(0xffffffffffffffff, 0x0, 0x0, 0x8000c61) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000080)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) timer_create(0x0, 0x0, &(0x7f0000bbdffc)=0x0) timer_delete(r0) fallocate(0xffffffffffffffff, 0x3, 0x8000000, 0x8000c62) bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x28, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x7}, 0x94) r1 = syz_open_procfs(0x0, &(0x7f00000000c0)='net/vlan/config\x00') read$qrtrtun(r1, &(0x7f00000004c0)=""/57, 0x39) socket$unix(0x1, 0x1, 0x0) sendmsg$nl_route_sched(0xffffffffffffffff, 0x0, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r2, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000300)=ANY=[@ANYBLOB="50000000090601020000000000000000020000840900020073797a31000000000500010007000000280007800c00018008000140fffffff70500070088000000060004404e22000006000540"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x90) 616.578177ms ago: executing program 3 (id=557): r0 = fanotify_init(0xf00, 0x0) r1 = openat$dir(0xffffffffffffff9c, &(0x7f0000000340)='.\x00', 0x0, 0x124) fanotify_mark(r0, 0x541, 0x4000101b, r1, 0x0) pipe2(&(0x7f0000000000)={0x0, 0x0}, 0x0) write$P9_RLERROR(r3, &(0x7f0000000300)={0x14, 0x7, 0x1, {0xb, 'syzkaller1\x00'}}, 0x14) r4 = openat(0xffffffffffffff9c, &(0x7f0000000440)='./file1\x00', 0x42, 0x0) splice(r2, 0x0, r4, 0x0, 0x1, 0xb) r5 = socket$netlink(0x10, 0x3, 0x0) sendmsg$IPVS_CMD_SET_INFO(0xffffffffffffffff, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) r6 = bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000300)={&(0x7f0000000380)=ANY=[@ANYBLOB="9feb010018000000000000000c0000000c00000002000000000000000000f16e4d0389f74eb8"], 0x0, 0x26, 0x0, 0x1}, 0x28) bpf$BPF_GET_BTF_INFO(0xf, &(0x7f0000000340)={r6, 0x20, &(0x7f0000000100)={0x0, 0x0, 0x0, 0x0}}, 0x10) bpf$BPF_BTF_GET_FD_BY_ID(0x13, &(0x7f0000000000)=r7, 0x4) r8 = socket$nl_route(0x10, 0x3, 0x0) r9 = socket(0x10, 0x803, 0x2) mkdir(&(0x7f0000000440)='./file1\x00', 0x12) mount(0x0, &(0x7f0000000200)='./file1\x00', &(0x7f0000000000)='tmpfs\x00', 0x8, &(0x7f0000000300)='usrquota') chdir(&(0x7f0000000280)='./file1\x00') r10 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) write$UHID_CREATE2(r10, 0x0, 0x118) quotactl_fd$Q_SETQUOTA(0xffffffffffffffff, 0xffffffff80000800, 0x0, &(0x7f00000000c0)={0x0, 0x1, 0x2000200000a95c, 0x9, 0x4000000201, 0x80000001, 0x48cd, 0xfffffffffffffffc, 0x800000df}) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpu.stat\x00', 0x275a, 0x0) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r9) getsockname$packet(r9, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000003c0)=0x14) r12 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$IOCTL_VMCI_INIT_CONTEXT(r12, 0x7a0, &(0x7f0000000180)={@any, 0x1}) sendmsg$nl_route(r8, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r11, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) getsockname$packet(0xffffffffffffffff, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r5, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="3c00000010001fff000000000100000000000000", @ANYRES32=0x0, @ANYBLOB="ffffffffffffffff140012800900010076657468000000000400028008000a00", @ANYRES32=r13], 0x3c}, 0x1, 0x0, 0x0, 0x40000}, 0x0) syz_usb_connect$hid(0x3, 0x36, &(0x7f00000001c0)={{0x12, 0x1, 0x200, 0x0, 0x0, 0x0, 0x8, 0x54c, 0x1000, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x5, 0xe0, 0x65, [{{0x9, 0x4, 0x0, 0xa, 0x2, 0x3, 0x1, 0x0, 0x5, {0x9, 0x21, 0x2718, 0x9, 0x1, {0x22, 0xcf5}}, {{{0x9, 0x5, 0x81, 0x3, 0x200, 0x0, 0x6, 0x2}}}}}]}}]}}, &(0x7f00000007c0)={0xa, &(0x7f0000000240)={0xa, 0x6, 0x200, 0x3b, 0x0, 0xe, 0x8, 0x6}, 0xb3, &(0x7f0000000480)={0x5, 0xf, 0xb3, 0x3, [@ss_cap={0xa, 0x10, 0x3, 0x2, 0x5, 0x6, 0x2, 0x8000}, @generic={0x90, 0x10, 0x1, "0646e4d2b032622fbac9a09b5cc37cce202a9c1f0c91c4ffdb9e3d6f459e29b2d27af330b31ea6f488977cceba570e80997539f6060a82084bd93210dd006657f367b3a911e011322d3a924269d9261a54890db9a92cd4660a4c79081ffd512adf435a751d369b6d50f038b1bdefee6e670343cefecfaac3a691fcf90774da37729300c2c7827d988c888caeec"}, @ss_container_id={0x14, 0x10, 0x4, 0x9, "8e119c5e2b6b3eb15ed359f3e13b2f07"}]}, 0x7, [{0x3e, &(0x7f00000002c0)=@string={0x3e, 0x3, "1bd2037f7faa9bbcb8b6551c6d5fc3a685fc63aaa033c2111eb9431c2b18d3ac7f32757375e63c7ddcdb21164ccf7df1bafc9b0ad11e0510448e0871"}}, {0x4, &(0x7f0000000400)=@lang_id={0x4, 0x3, 0x3c17659e7c0af955}}, {0x82, &(0x7f0000000540)=@string={0x82, 0x3, "a09bfb6f2fb03ace03de6a473bcf6998c0728ad30366ff2f51dc3907f956d126a765db5069f155ebc8e83b9cf64f8c53132696b3cf218b9ed8c9b622421713b695ee1dfd34c33474bca74e2e8e4c39d756ee17daec0ce48025ea1e1ec6673d7ec4928335d06b9ac1aa45ec0ced9105356dedb4d758284cee12392053ea909e7a"}}, {0x4, &(0x7f0000000600)=@lang_id={0x4, 0x3, 0x3401}}, {0xd5, &(0x7f0000000640)=@string={0xd5, 0x3, "e67fb8370e401c16d395838fbcc11c739b12abb91d9951e70f196872ca61df0d3d94203430287b14777c1e9eb87f03f935fbc77998482f0229db161326cee3c167d31c262e5157532367969ce02ac1ef5b3950344b464c88091ae13d4b51bf9a994006fa9fbe05b739cd76655946450004460254b86111fb429a364e57e18e15270cff73d5a3a5ab0cb28fcc0ac573089ebcca459d66df981a453f6baf7fcda0f9353c0fdae1fc37c1693c7253fbb6cb7a1934863708c6e7661563ee8a4babb6b81a62f943e35a05c95c846eb7831961ede87f"}}, {0x4, &(0x7f0000000740)=@lang_id={0x4, 0x3, 0x860}}, {0x34, &(0x7f0000000780)=@string={0x34, 0x3, "69b68c37406e84629642b5970026646146a1b089bbb230d18cf9469c5804eb2b827fbf7c9d62196e047fe44cb83fc391b46d"}}]}) 615.675776ms ago: executing program 2 (id=559): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000000)=ANY=[@ANYBLOB="5800000010000d04000700"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000240012800c0001006d6163766c616e00140002800800010004000000080003006d"], 0x58}}, 0x8000) 578.032669ms ago: executing program 0 (id=560): r0 = syz_usb_connect$cdc_ecm(0x0, 0x5a, &(0x7f00000000c0)=ANY=[@ANYBLOB="12010000020000402505a1a4400001020301090248000101570040090400000002060000052406000005240000000d240f0100080000000000000004240200090581031000000000090582"], 0x0) r1 = syz_usb_connect(0x0, 0x3f, &(0x7f00000000c0)=ANY=[@ANYBLOB="11010000733336088dee1edb23610000000109022d0101100000000904000003fe03010009cd8d1f0002000000090505020000fcffff09058b1e"], 0x0) syz_usb_disconnect(r0) r2 = syz_usb_connect(0x0, 0x4a, &(0x7f0000000040)=ANY=[], 0x0) syz_usb_control_io(r2, 0x0, 0x0) syz_usb_control_io$uac1(r1, &(0x7f0000000000)={0x14, &(0x7f0000000140)=ANY=[@ANYBLOB='@\t\v\x00\x00\x00\v\r]vu'], 0x0}, 0x0) syz_usb_ep_write$ath9k_ep1(r2, 0x82, 0xc38, &(0x7f0000000080)=ANY=[]) r3 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x0, 0x0) r4 = ioctl$KVM_CREATE_VM(r3, 0xae01, 0x0) ioctl$AUTOFS_DEV_IOCTL_CATATONIC(0xffffffffffffffff, 0xc0189379, &(0x7f00000000c0)={{0x1, 0x1, 0x18, r3}, './file0\x00'}) ioctl$KVM_MEMORY_ENCRYPT_UNREG_REGION(r5, 0x8010aebc, &(0x7f0000000100)={0x2000, 0x102000}) ioctl$KVM_CREATE_IRQCHIP(r4, 0xae60) ioctl$KVM_CREATE_PIT2(r4, 0x4040ae77, &(0x7f0000000040)) ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000000)={[0x35, 0x7, 0x2, 0x180, 0x4, 0x10, 0xf1, 0x50, 0x12, 0x5, 0x0, 0x29, 0x7, 0x6, 0x0, 0xbdb], 0xffff1001, 0x43100}) r6 = ioctl$KVM_CREATE_VCPU(r4, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r4, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) r7 = syz_init_net_socket$ax25(0x3, 0x2, 0xcd) shutdown(r7, 0x1) ioctl$KVM_SET_REGS(r6, 0x4090ae82, &(0x7f00000003c0)={[0x60000000002, 0x1000000000, 0x0, 0x43, 0x2000005, 0x0, 0x2004cb, 0x0, 0x1000000, 0x68ff, 0x5, 0x9, 0x3], 0xeeee8000, 0x202}) syz_memcpy_off$IO_URING_METADATA_GENERIC(0x0, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) ioctl$KVM_SET_SREGS(0xffffffffffffffff, 0x4138ae84, &(0x7f00000001c0)={{0x8080000, 0xeeee0000, 0x8, 0x8, 0xb, 0xe4, 0x40, 0x0, 0x0, 0x2e, 0x80}, {0x5000, 0x4000, 0x3, 0x0, 0x42, 0x5, 0x7d, 0x6, 0x15, 0x3, 0x2, 0x87}, {0x6000, 0xdddd0000, 0xe, 0x5, 0x3, 0x7, 0x0, 0x9, 0x1, 0xa4, 0x5, 0x5}, {0x1, 0xeeee0000, 0xd, 0x6, 0x4, 0x42, 0xb, 0xff, 0x8, 0x7, 0xe}, {0x2000, 0xd000, 0xf, 0x3, 0x15, 0x7, 0xab, 0x8, 0x9, 0x83, 0xf7, 0x83}, {0x1000, 0x3909e40c33606d9c, 0xe, 0xa0, 0xb1, 0x8, 0x1, 0xa0, 0x82, 0xf, 0x1, 0x7}, {0x3000, 0x3000, 0x4, 0x5, 0x7, 0x5, 0x7, 0x3, 0x8, 0x81, 0x40, 0x70}, {0xd000, 0x4000, 0xe, 0x5, 0xcd, 0x7, 0x1, 0x9, 0x3, 0xc, 0xb0, 0x9}, {0xeeef0000, 0x30}, {0x8000000, 0x7}, 0x80000031, 0x0, 0x0, 0x24, 0x2, 0x8d00, 0x3000, [0x6800000000000000, 0x4, 0x5e, 0x8]}) ioctl$KVM_RUN(r6, 0xae80, 0x0) 524.192601ms ago: executing program 1 (id=561): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000080), 0x101302, 0x0) ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) socket$inet_udp(0x2, 0x2, 0x0) getpid() syz_usb_connect(0x0, 0x24, &(0x7f0000000340)=ANY=[@ANYBLOB="12010000abd1a0407b0726228bca000000010902120001000000000904"], 0x0) syz_usb_connect(0x1, 0x625, &(0x7f0000000400)={{0x12, 0x1, 0x201, 0x18, 0xcc, 0x7f, 0x8, 0x12d1, 0x4601, 0x5788, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x613, 0x2, 0xff, 0xcc, 0x40, 0x4, [{{0x9, 0x4, 0x2a, 0x5, 0xe, 0xff, 0x6, 0x74, 0x2, [@uac_as={[@format_type_i_continuous={0x9, 0x24, 0x2, 0x1, 0x3, 0x3, 0x7, 0x3, '('}, @as_header={0x7, 0x24, 0x1, 0xa, 0x6, 0x6}]}], [{{0x9, 0x5, 0x80, 0x0, 0x20, 0x7, 0x0, 0x40, [@uac_iso={0x7, 0x25, 0x1, 0x80, 0x7, 0x1000}, @uac_iso={0x7, 0x25, 0x1, 0x81, 0x9, 0x8}]}}, {{0x9, 0x5, 0x4, 0x0, 0x20, 0x80, 0xe, 0x7f, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x80, 0x6ab6}]}}, {{0x9, 0x5, 0x3, 0x2, 0x8, 0xe6, 0x5f, 0x6, [@generic={0x4c, 0x4, "d90580054646f13515219047c383d5c8aa330ddc2da3f544f408fd57d02e55518b2a6eb07e8affdc0c65f42529257787e17415db71405c3a67ca2464c0abffb4edc9cd616456e622cc8f"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x80, 0x400}]}}, {{0x9, 0x5, 0xa, 0x0, 0x400, 0x3, 0x0, 0x5, [@generic={0xc5, 0xa, "9eed03361b634e8e7bd8587998b3954b0d2df3fed92f3533d50bd4336ec17b51b9f840572710fbe914c65dc262dc13a142b34e04fcbf46a02f06594680a2d1d2f7b7cb054937500cc9ae7e55923b077237850315bb3803f3fbc77f114b0192d7c23f8962ffbb8f4c84787808b0c43b10b1286f6086b5e47e97d375b3a5a39795a258abd6a6ea86064462a157bbd59871ed5a2dbf91376fa89ceaf141a36d6093b5182bdad41d8e0264fb9c734bb664d650a4d5912d1d35728bcfa776badef1a32ef777"}]}}, {{0x9, 0x5, 0x8, 0x0, 0x20, 0xf, 0x1, 0x4, [@generic={0x92, 0x6, "e3bf4f53d43985b5efff2b45f4abaea2758df098ccdf771bb1ec7dd4184af1a192808fb20bef1e6bb55e79c2891cd505dcc6cb3a165f415369c31d36648c7b0215a80d0ce6b311d562a3f55a3380b537a8b07ee6da4fbefacb22462efe7dc54ac487e2dfed4b0529c75210d5a91065616d2df3016c3614be740513bc6fe3c904200cb2f48bd26008cb5df6c887f4fc70"}, @generic={0xa8, 0x0, "5178c032f2b6170f86e38f9b82b1ac6a7d0133d703dfa8f27ab4fb05e1c7c976a92491c2958a5c7bfbdd9a22428afae15be5de1a2a4ed1d7e44212d73d0add1397631312a44df8b81ba3cf6d3fc81d8bfa364a191bf3357a1366b1a1bbfde512db537957abb0dea1d57ea3ee0a36876d572e8925cf724f3c0c2aa7ecbca724038ed741196edcc47fab8bafdb8216c2f257fefc2602584559a62b085ca5f372b7eed3587e2cda"}]}}, {{0x9, 0x5, 0xe, 0x4, 0x200, 0x7f, 0x79, 0x1}}, {{0x9, 0x5, 0x7, 0x0, 0x200, 0x7d, 0x1, 0x4, [@generic={0x3, 0x23, "b2"}]}}, {{0x9, 0x5, 0x0, 0x0, 0x8, 0x0, 0x2, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x81, 0x1, 0x87}]}}, {{0x9, 0x5, 0xa, 0x10, 0x40, 0x0, 0x4, 0x8}}, {{0x9, 0x5, 0xf, 0x3, 0x8, 0x9, 0x40, 0x10}}, {{0x9, 0x5, 0x9, 0x3, 0x10, 0x4, 0x81, 0x1}}, {{0x9, 0x5, 0xe, 0xc, 0x10, 0x8, 0x68, 0xf7, [@uac_iso={0x7, 0x25, 0x1, 0x0, 0x7, 0x5784}]}}, {{0x9, 0x5, 0x6, 0xb, 0x3ff, 0x80, 0xc, 0x6, [@generic={0xe, 0xf, "98f8b4c61f96311926b6a985"}]}}, {{0x9, 0x5, 0x3, 0x10, 0x40, 0x5, 0x6b, 0xbf, [@uac_iso={0x7, 0x25, 0x1, 0x2, 0x9, 0x5}]}}]}}, {{0x9, 0x4, 0x68, 0xf4, 0x9, 0x65, 0x62, 0xa9, 0xe, [@generic={0x46, 0x3, "d3cd0552dfb6fb88956c4e3d04c9b586b21c61be1e52f390c7942e950bd976afc0d198aab4f42893ee12be7cf7b8de42be9b3340b2b29f15e17aa992534eaa3a78262bd9"}], [{{0x9, 0x5, 0x5, 0x10, 0x10, 0x6, 0x5, 0x1, [@generic={0xe9, 0x22, "a933da9cbd02234d50c66d0294371888b86d4da8007ab71d2d5ca4bca7a2d4708ee71984eeccb1e5da1a1f8d4af9a5c6056eb5965ddc01c79bf8ee0c3be2f70cfd54ff4381fe0142247fdb24a8e9b041ff916854ca230bb16f28d8a933a1eb898faca59bcca49e10dceec9209ceba73667f201e6bc3c81111a2c49988df79eb20de410502553afda2886ae5b417df39126096a1e08502c6519bfc0ce592ca03de165a5f504c22229534484479241668d356a88b7d390f2808de4187d0ad385e92d582b358a32f35f7a5d2384384a83246300d7165297786fe3b9fa80da713bffd6faaf0f8690eb"}]}}, {{0x9, 0x5, 0xc, 0x3, 0x20, 0xe, 0x5, 0x38, [@generic={0x7d, 0x4, "5cee740ede62d3de42f89a203f8b2a22552a2163bf126e10d49eba04af378dea13c9bc6ab4f9e1ce261384344cc6b06c5ed9718b0f127e3d3b63ab27eec8a579fea41bacff7bd3484b608244794bba0f99cc2045ea3f1f58f9132ba35e76584d735a7aa56d4e44517fced066b6c685554d5bcbaa0f7001eb7b8d2f"}, @uac_iso={0x7, 0x25, 0x1, 0x3, 0xf4, 0x9}]}}, {{0x9, 0x5, 0x3, 0x0, 0x0, 0x3, 0x6, 0x80}}, {{0x9, 0x5, 0x9, 0xc, 0x400, 0x5, 0x5, 0x80, [@uac_iso={0x7, 0x25, 0x1, 0x42, 0x5, 0x7}]}}, {{0x9, 0x5, 0xe, 0x4, 0x200, 0x9, 0xe, 0x8, [@uac_iso={0x7, 0x25, 0x1, 0x1, 0xc, 0x1}]}}, {{0x9, 0x5, 0x9, 0x0, 0x200, 0x81, 0x9, 0xc}}, {{0x9, 0x5, 0x1, 0x0, 0x40, 0xaf, 0x1, 0x4, [@generic={0x80, 0xa, "7c22f26c736c7d688063e93ab1c6f3ba8951e94ea18ffcc7fbcd83ba8b77fa4719253f55c08cdc8f4a2594d5d46c5de2324e2266a3fd7c3ccd739a2dd1fca5fd07062e97c5e766554eb50933026297a799ad4335ea3912a1ad6d4c9df58fbe57f37c870374587a7a745644fc7cc37e245fdefd973ec3ead479ea8afb223f"}, @uac_iso={0x7, 0x25, 0x1, 0x80, 0x4, 0x7}]}}, {{0x9, 0x5, 0x5, 0xc, 0x3ff, 0x2, 0x1c, 0xfd, [@generic={0xf, 0x23, "69e288a92562be44b69cba0c72"}]}}, {{0x9, 0x5, 0x6, 0x0, 0x3097a065894f65fa, 0x6, 0x9f, 0x7, [@generic={0x2e, 0x7, "78213bb7a0799b88f67776a3a223b32d129830b1b6d1f9827fbc713073baf22e750a920bb4d811aa134edd32"}, @uac_iso={0x7, 0x25, 0x1, 0x0, 0x5, 0x5}]}}]}}]}}]}}, &(0x7f0000000ec0)={0xa, &(0x7f0000000100)={0xa, 0x6, 0x250, 0x8, 0x7, 0x9, 0x10, 0x15}, 0x12, &(0x7f00000001c0)={0x5, 0xf, 0x12, 0x2, [@ss_cap={0xa, 0x10, 0x3, 0x0, 0x0, 0x4, 0xfb, 0x40}, @ptm_cap={0x3}]}, 0x8, [{0xbc, &(0x7f0000000ac0)=@string={0xbc, 0x3, "5396b27af17e472ef4f12e23dba0276bbc7fd8f5213c249d70469bc496057e7f198a3efb6825be9c08ac2abaf837cb63fed78c2220144924a84ab933f0a34d258c1fc234c785c88d1fa94d4fbee842d810083fabe466219a21de14f743826dcb4e6ab50b56ba49ccaf9ef25e7753e19aa98a99be06b1ae7f27a0c778750a75636fdb1bc538c4de2dd3a0d58561de5d5ba4f3fc53cff6515adaf3c6958f279a9001b0159f0baa487376fb825d0893bd71d18dd938929c220e95f6"}}, {0x80, &(0x7f0000000b80)=@string={0x80, 0x3, "2f49f41fde1a906820e34b1aa2912b0a837b7dd9fcd73a84029c4f1af7283e15d051bf54e83e45175a670a1e5189591efe25bbb1dca44b1f4556188d6a0f98ae7ff6a2df1804e5abeb10f5355cb04955c034cd803c7614be550b1225504a29acc183935193750336f318fef41d47ab08404c1297e35edcfbf107ec49f163"}}, {0x102, &(0x7f0000000c00)=@string={0x102, 0x3, "b7b2f7a48644974343d0b7097596ff18d211bf3daf347343bd9037534ae286ac50ec1e0e98e6187b1fd78150cf8aa2c7c4a98c8ba07959133e0a97a81e3f8e2c91c3c58b4ef2a1645db1facadd66c04885a25669f26797b5297eaac39ca11241ae08c63d55671b2ce3f7655d6ee55061cc99c7d18631bc5ba6370669a35d423743ab6b83b5841ca7cce8e51184dd32ecc479bfb71541dc9feff5d40a4d453b1bf67485cdb1fba63f73ce253bd7468108904d6bbe02898adbc4107ffe63b00ada93c387b899fc770886af60615257793fe79c14c7e7c3b78f20bd69b78905269676e8c4d4b30669d4a39e7fb4251d60639e954838c3a76426526301342f1684dc"}}, {0x28, &(0x7f0000000d40)=@string={0x28, 0x3, "2002eaf86d476811082ffc7c219a638f1b9bf65c4e628d69c82cb293c390066ca426a2669831"}}, {0x4, &(0x7f0000000d80)=@lang_id={0x4, 0x3, 0x80a}}, {0x4, &(0x7f0000000dc0)=@lang_id={0x4, 0x3, 0x40d}}, {0x49, &(0x7f0000000f40)=ANY=[@ANYBLOB="4903d0e814e1c22dce4b27a82583cd3742620b1d171a4eb2d80eaff63c5a974e5547ef6985827c4d281ef61211e404e866ec9bada951ed936ee7d7764530242679d328bc4f056c2354c56ad7278cee6cd402f5bfccd8f797a89cf7b33179840c38cda43d70353ee312265fa9c72ff2cff94a91e2919c4c981d022d7de7ca0fd232b1e9733b0582ff934d2248d7505683c8ccdd948477dcb44cdddb5f922ab18377dbbc1f3254d236"]}, {0x21, &(0x7f0000000e80)=@string={0x21, 0x3, "ba1d8ae8044de7dcf54a5c1a03dd25e32042f25b75f3b94eb1fc3e9ee4e8e2"}}]}) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r1, &(0x7f0000000180)={0x0, 0x60, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="60000000020601020000000000000000000000000900020073797a31000000000500010007000000050005000a00000014000780080013400000040008001240fffffffa11000300686173683a6e65742c6e657400000000050004"], 0x60}, 0x1, 0x0, 0x0, 0x4000}, 0x0) 418.935609ms ago: executing program 2 (id=562): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000040)=ANY=[@ANYBLOB="120100005938d74010973077339600000001090212000100001e000904"], 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000d00)={0x2c, &(0x7f0000000a40)={0x0, 0x30, 0x6, "b095594ef163"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000d40)={0x2c, &(0x7f0000000b00)={0x40, 0x1, 0x2, "8856"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000001000)={0x1c, &(0x7f0000000e80)={0x20, 0x0, 0x2, "367f"}, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000800)={0x84, &(0x7f0000000240)={0x20, 0x9, 0x1, '6'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, &(0x7f00000011c0)={0x2c, &(0x7f0000000f80)={0x40, 0x8, 0x2, "bc47"}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) 354.618935ms ago: executing program 1 (id=563): r0 = syz_clone(0x0, 0x0, 0x0, 0x0, 0x0, 0x0) ptrace(0x10, r0) ptrace$setregs(0xd, r0, 0xfffffffffffffffc, &(0x7f00000003c0)="18607651149d7b10b4024fbbdc08899b8f589df2dbb5d7a8d1b36cfab675cb3976ee8100e2878c9cfa178cac130eb046eda93df39ed4b41924dc225ad4028dd63defb87d698be5c749450b350a789dcfc6b2d6a696b5026d1e52f19274566d1da0f353dd65e330ebf71c5e823f2753c5fd76724828ef31b353e71805205c3dceb44cc4c7b3664e29fb") socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$netlink_NETLINK_TX_RING(0xffffffffffffffff, 0x10e, 0xc, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, 0x0}, 0x0) ptrace$getregset(0x4205, r0, 0x2, &(0x7f0000000080)={&(0x7f0000000000)=""/120, 0x78}) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) ptrace$getregset(0x4204, r0, 0x2, &(0x7f0000000740)={0x0}) 339.87719ms ago: executing program 2 (id=564): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000740), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000140)=0xa0000) r1 = openat$vnet(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) ioctl$VHOST_NET_SET_BACKEND(r1, 0x4008af30, &(0x7f0000000040)={0x1}) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000000)={@my=0x0}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000280)={&(0x7f0000001100)={{@my=0x0}, {@hyper, 0x800000}, 0x400, "884fbe2726aa0a32f3e65f909acda971a093228292456e0332e6c11577b514f0bb8db731789d860e9589c4cbdd60b7a851a8a3c55ada2f90c51a69bf4a5c3e32296535dc838ef00dc18a32a79118dc858628f741f107552021e5a81d38e4374a8a717a7ca9015083cfff5d16156ef9cabf4f60c0da46870a10bf520cc5abcf9e3a437761ea75776763139fadd55c46daf5338870951822f6a803ccfbab9c3f507672d7c39ea9ccf81d9bc2b4649e7b44ed9fd7cb9bd389240cd41c415113d1caac4536f05c07e596d6addad2a4d27ba21a3b655753c508caedcc812ca235a7cd1686426b208bdecf8a4265ba8f6824aa60306e2d623481eed301b6dc21041fa8b6592be00bb74de1989a45a5aa32c189e9f5a5bb878281d0129afcfb8410cd1fa5acd080993d2d084213130a9b8d517d13251e6605a03d9b8faf507e820205a1f471af7b261419e79e09c547f7c10fd3f1ad876f59fdcc5e07d0ff4dee6ea2e3856616a352d648b9b5261b6263020fc3ae8eb404bc25703b3d3b83172d07ff22907d6631d226c8247c92c1826ff814590dfe8c7fc54dfb265e906f756846546316b20e0105e2a5355a210b2b7f5db61d8f90bb783b41ce368233bd08044e9283531fffe49e3d305ecfb16075a047557f57bb7baf8babfc02975ad0d60ed8de9cb8adc9f667bc6826cbea8e260e4bff28a5ec19d38d1fc019db3cfaf310e764d78619cb27fb17af05a0e8ae831ce8413721e71138e62cc4ad8e7974d1506b4fb581c549a3dd7b7ef44ac37201aa3bce6f37f648d781bcb4f329fd45ffa640f1b04efb38a36e0ed0e2abcb07e4ad88ae3edfb6d840d75340204243d0e1c1c3139823b0d5ad196430bf4566619a1a97df4376a7e9a9e9c1d97b9f773c921778f2cb5165c02da1423305c502076177e4af50cb3343c10b01b78e3fe5520bdfae2b3dbe42db0f0eb55bbcb19038018d45ccdb8b0df400085a02c61b033f430fb6a7408e090c65798bc49d35e049d276fd1952d2b3dfd92a2548411e21be26216fe68fc3cf1c6625031260153708a53255b3d3d0411d5f0e8ab2102a97e539c34e9c769a7dafb87c5918deb59ef05e928c2c52775de467fa843cbcdabc290097eeb2ee7c58d86e3fccc39a5b694c18a4cc0d6af1e61d9c69e6466bc0cbef15365109e4f67a6268625f8c3f358fb7d567cbea52e1bc289bd8effda4e362a729e8cd3064970b97e3f72535d9ba88e97a14834cfd8dc86b5d2f9b35425a4162e6abe8b785ef462883e716c91b8eb281d81f68f606f16fcbc5cddfdec3b515818a647d86a4c17bae6ad525e95598052c49cdee821ceb45b2350dda13628db0dd266f30285241a2b147d65113b8ed3665a3451f7a56cf430ec98aeac702d9b9f776d97520a9d039e5b2fff34ac4d4e0a32e1f35c8f38e4f4fe1b3212a70f185ad71ec86b8c9"}, 0x418}) 290.314262ms ago: executing program 1 (id=565): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={0x0, 0x84}, 0x1, 0x0, 0x0, 0x4000850}, 0x40) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, 0x0, 0x0, 0x4, 0x0, 0x0) write$nci(0xffffffffffffffff, 0x0, 0xfffffeea) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000100)=[{0x6, 0x0, 0x0, 0x7fff0026}]}) socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000240)={&(0x7f00000001c0)=ANY=[@ANYBLOB="50000000090601020000000000000000020000000900020073797a31000000000500010007000000280007800c00018008000140ffffffff0500070084000000060004"], 0x50}, 0x1, 0x0, 0x0, 0x10000082}, 0x80) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_LIST(r2, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000005c0)=ANY=[@ANYBLOB="1c000000070601080000001e000000000a0000040500010007"], 0x1c}, 0x1, 0x0, 0x0, 0x20000005}, 0x80) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000040)=ANY=[@ANYBLOB="1201000000000040961b090000000000000109022400010000"], 0x0) close_range(r1, 0xffffffffffffffff, 0x0) 227.986511ms ago: executing program 2 (id=566): socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r0) bpf$BPF_TASK_FD_QUERY(0x14, &(0x7f0000000180)={0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0}, 0x30) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000040)={0x0, 0x0}) close(r2) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[@ANYBLOB='\x00\x00\x00\x00\v'], 0x48) setsockopt$sock_attach_bpf(r1, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x11, 0x3, &(0x7f0000000180)=ANY=[@ANYBLOB="1800000000"], 0x0}, 0x94) socketpair(0x1e, 0x1, 0x0, &(0x7f0000000080)={0x0, 0x0}) close(r4) setsockopt$sock_attach_bpf(r5, 0x10f, 0x87, &(0x7f0000000180), 0x4bd) r6 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r6, 0x10f, 0x87, &(0x7f00000008c0), 0x43) sendmsg$kcm(r6, 0x0, 0x10) 211.616601ms ago: executing program 1 (id=567): syz_open_procfs(0xffffffffffffffff, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) ioctl$USBDEVFS_RESET(0xffffffffffffffff, 0x5514) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) syz_usb_connect$hid(0x6, 0x36, 0x0, 0x0) r1 = socket$inet6(0xa, 0x1, 0x8010000000000084) bind$inet6(r1, &(0x7f00000000c0)={0xa, 0x4e21, 0x0, @empty}, 0x1c) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) ioctl$F2FS_IOC_RELEASE_COMPRESS_BLOCKS(0xffffffffffffffff, 0x8008f512, &(0x7f0000000100)) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000880)=ANY=[@ANYBLOB="140000001000010000000000000000000000000aa0010000000a050000000000000000000000000a4f000600224a8b97667ada60f074b657a0a6852f21fa19ab9ca2af68e03a8243cecebc349a55cceaa41a8de9505e1ce8af02f668f51a459219750b54ace15b52c6a7b21fce4315c21fae0ad632816e000900010073797a30000000000900010073797a3000000000150006002668f346770cb7d5d34d26358210148cd80000000800024000000000240006005f862c73da8badeb239b0501b42fca60d13f230a778b03b2270587adce1394350c0004400000000000000005d4000620a69f1185cbe064a38a03154258b1e1669c6cab0de829d23cc6546668c2ce1171511817c565b3d423a2362ba8300cd38d6dbf308fffdc85fa0b05ea3cd7c282c737e7c6416bba8e13b951a45d2f1eb1bb60b788774bc3effaa5d0dd07b40285f538998b8427c1a530ef72f87a3cfa070c1349f541219ca975fd7628b76e6e20a8ba57b2447092b55c1651d3371165291b694ad032780f9de792b5e781a770e783aff17305cfd760589a9a20c6b95d367358bf100919559cc1cc715754cb7b6396042d5c5c9edc0d8d11a585e888dbb645140000001100010000000000000000000000000a"], 0x1c8}}, 0x4048080) connect$inet6(r1, &(0x7f0000000000)={0xa, 0x4e21, 0x0, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x14}}}, 0x1c) setsockopt$inet_sctp6_SCTP_PEER_ADDR_PARAMS(r1, 0x84, 0x9, &(0x7f0000000300)={0x0, @in={{0x2, 0x4e24, @dev={0xac, 0x14, 0x14, 0x28}}}, 0x0, 0x0, 0x318, 0x1, 0x24}, 0x9c) r2 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xb, &(0x7f0000000180)=ANY=[@ANYBLOB="18000000000000000000000000000000180100002020702500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000000000000b703000000000000850000000400000095"], &(0x7f0000000040)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x2, '\x00', 0x0, @fallback=0x1d, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x80000000}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000001000)={&(0x7f0000000140)='kmem_cache_free\x00', r2}, 0x17) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f00000000c0)={0x41, 0x16}, 0x10) setsockopt$TIPC_GROUP_JOIN(0xffffffffffffffff, 0x10f, 0x87, &(0x7f0000000040)={0x41}, 0x10) r4 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r4, 0x10f, 0x87, &(0x7f0000000280)={0x41}, 0x10) r5 = socket$tipc(0x1e, 0x5, 0x0) setsockopt$TIPC_GROUP_JOIN(r5, 0x10f, 0x87, &(0x7f0000000100)={0x41}, 0x1be) sendmsg$tipc(r4, &(0x7f0000000240)={&(0x7f0000000080), 0x10, 0x0}, 0x0) 137.967242ms ago: executing program 2 (id=568): capset(&(0x7f0000000380)={0x20080522}, &(0x7f0000000040)={0x200000, 0x40200003, 0x0, 0x6, 0x7}) r0 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$sock_int(r0, 0x1, 0xc, &(0x7f0000000000)=0x56, 0x4) r1 = bpf$MAP_CREATE(0x0, &(0x7f00000000c0)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000002e00)={0xc, 0x1b, &(0x7f0000000140)=@ringbuf={{0x18, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000}, {{0x18, 0x1, 0x1, 0x0, r1}}, {}, [@ringbuf_query={{0x18, 0x1, 0x1, 0x0, r1}, {}, {0x85, 0x0, 0x0, 0x17}}, @printk={@ld, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0x7}}], {{}, {0x7, 0x0, 0xb, 0x2, 0x0, 0x0, 0x2}, {0x85, 0x0, 0x0, 0x85}}}, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x36, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r2, 0xfca804a0, 0x10, 0x38, &(0x7f00000002c0)="b800000500000000", &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) syz_emit_ethernet(0x3e, &(0x7f0000000240)=ANY=[], 0x0) write$binfmt_register(0xffffffffffffffff, &(0x7f0000000000)={0x3a, 'syz3', 0x3a, 'M', 0x3a, 0x7, 0x3a, '\x97AR:', 0x3a, '/devw\xa9ullb0\x00X\x95F\xa57rZ/\x1c\x9f8\a\x00\x00\x00\x81\xc1\xb6\x81e\xdc\xd9\x94\xf1\x9d\xfc9\xac,\xc0\xb3\xdeS\xf9\xf9!M\xaa\x90\x89a\xfaK$r\xcbvb7t\x1a\xd3\x06NX\x99m\x9f\x10(\x92\xe1_\xeb\x00!\x19\xcfcQ#\x96\xda\xd4\xa9\xf4\x17\xb7$Dm\xd8\x11\xdf\xc7\xa7\xf4#\x06Q2\n\"\x94\xa3\xe2F{2\xbe@\x8e\x16-\xc3\x1b3bU\xb1\xebx?\x99\"b', 0x3a, './file0/file0/file0'}, 0xb7) sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000007880)=[{{0x0, 0x0, &(0x7f0000000740)=[{&(0x7f0000000040)="af0ac9", 0x3}], 0x1}}], 0x1, 0x4000000) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000440)={0x8, 0xf, &(0x7f0000000200)=ANY=[@ANYRESDEC, @ANYRES32, @ANYBLOB="0000000000000000b702000014000000b7020000000000008500000051000000bf0900000000000055"], 0x0, 0x7, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x6}, 0x94) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) epoll_wait(0xffffffffffffffff, 0x0, 0x0, 0x0) r3 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x2001) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000200)='blkio.bfq.io_service_bytes_recursive\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r3, 0x4c0a, &(0x7f00000002c0)={r4, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0xb, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "f4bd000000801900", [0x0, 0xffffffff9673e35d]}}) 103.01787ms ago: executing program 4 (id=569): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) r1 = openat$rtc(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) ioctl$RTC_WKALM_SET(r1, 0x4028700f, &(0x7f0000000140)={0x1, 0xfc, {0x1a, 0x20000039, 0x2010, 0x20007, 0x0, 0x3ff, 0x0, 0x10000}}) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000300)={0x54, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0x1}, @IPSET_ATTR_BUCKETSIZE={0x5}]}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x11, 0x3, 'hash:ip,port\x00'}]}, 0x54}}, 0x0) 102.628622ms ago: executing program 1 (id=570): mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) timerfd_create(0x0, 0x80000) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x7, 0x4, 0x9, 0xfffa}, 0x1d, [0x7ffe, 0xc95a, 0xfffffff3, 0x9, 0x80, 0x2, 0x3, 0x7f, 0x7, 0x81, 0x39cc191a, 0x10005f, 0x9, 0x5, 0xffff2d37, 0xffffff01, 0x6, 0x3, 0x0, 0x5, 0x4, 0x8, 0x4, 0x3c5e, 0x1, 0x3, 0x5, 0x1, 0x1f461e2c, 0x0, 0xe661, 0x4, 0x7, 0x101, 0x7fff, 0x4c75, 0x800, 0x242, 0x1003, 0xe, 0x0, 0x71, 0xfffffff8, 0x7, 0x0, 0x0, 0xd, 0x3e, 0x8f, 0x6, 0x10000006, 0x0, 0x5, 0x4, 0x8, 0x7, 0x80, 0x0, 0x5, 0x6, 0x8, 0x4, 0x1, 0x40], [0x10000007, 0xffff, 0x131, 0x8000, 0x10, 0xfffffff3, 0x129432e6, 0xcb, 0xf9, 0xd, 0x2bf, 0x6c9, 0x8, 0x2, 0x3, 0x0, 0x7, 0x5, 0x4800, 0xe, 0x312, 0x78, 0xea4, 0x0, 0x4, 0x0, 0x8000, 0x9, 0x400, 0x5, 0x6, 0x7, 0xff, 0x5, 0x5, 0x5f31, 0x4, 0x0, 0x2, 0x2, 0xa, 0x3, 0x9, 0xc, 0x800, 0x6, 0x7, 0x8000, 0x1, 0xfe000000, 0xff7f, 0x2, 0x7f, 0x9, 0x3010, 0x3, 0x9, 0x1, 0x7, 0x3, 0xa, 0x7, 0x42, 0x2], [0x7, 0x4, 0x0, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x7f, 0x3, 0x7fff, 0x0, 0x5, 0xb, 0x4, 0x5, 0x5, 0x0, 0x1ef, 0x5, 0x8, 0x86, 0x7, 0xa, 0x3e7, 0x9, 0x5, 0x2, 0x102, 0x3, 0x800, 0x4, 0x6d01, 0x5, 0x38, 0x800003, 0x200, 0x80, 0xf, 0xd, 0x2950bfaf, 0x1000, 0xa4, 0x7, 0x53cf697b, 0x5, 0x6, 0xac8, 0xbf, 0x2, 0x3, 0x7ff, 0xfffffff9, 0x1, 0x1, 0xffff, 0x0, 0x1a, 0x1c, 0x120000, 0x3, 0x6, 0xaaed, 0x4, 0x65], [0x9, 0xbb31, 0x3, 0xb, 0x1, 0x938, 0x7, 0x6, 0x0, 0x5, 0xce7, 0x1ff, 0x2, 0xf58, 0x5, 0x3, 0x101, 0x10000, 0x6, 0x7ffe, 0x0, 0x200a620, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0xe, 0x6, 0xffffffff, 0x80000000, 0x5, 0x8, 0xc8, 0xee1, 0xfffff000, 0xffff, 0x3, 0x7f, 0x100, 0x9602, 0x4, 0x2, 0x4, 0x6, 0x1, 0x10080, 0x5, 0x8, 0x30b1d693, 0xa1f, 0x8, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x5, 0xb1c, 0x1, 0x1fd, 0xffbf2441, 0xfff]}, 0x45c) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x3, r1, {0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x20}}, 0x2}}, 0x2e) r2 = syz_genetlink_get_family_id$l2tp(&(0x7f00000008c0), 0xffffffffffffffff) r3 = socket$nl_generic(0x10, 0x3, 0x10) setsockopt$inet_tcp_int(0xffffffffffffffff, 0x6, 0x17, &(0x7f0000000200)=0xfffffffe, 0x4) sendmsg$L2TP_CMD_SESSION_DELETE(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000005c0)=ANY=[@ANYBLOB='D\x00\x00\x00', @ANYRES16=r2, @ANYBLOB="01002cbd701004000000050000000600010005000000080009000200000008000b000000000008000c00a80a0000050013000800000005000500ce"], 0x44}, 0x1, 0x0, 0x0, 0x20008802}, 0x30) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r4, 0x8933, &(0x7f00000001c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_SET_INTERFACE(r4, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=ANY=[@ANYBLOB='$\x00\x00\x00', @ANYRES16=r5, @ANYBLOB="050000000000000300", @ANYRES32=r6, @ANYBLOB="0800050009000000"], 0x24}}, 0x0) syz_80211_join_ibss(&(0x7f0000000040)='wlan1\x00', 0x0, 0x0, 0x0) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) 101.644569ms ago: executing program 3 (id=571): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) r1 = dup(r0) sendmsg$inet(r1, &(0x7f0000000780)={&(0x7f0000000100)={0x2, 0x0, @multicast1}, 0x10, 0x0, 0x0, &(0x7f00000001c0)=ANY=[], 0x40}, 0x0) syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x707c, 0x400, 0x3, 0x288}, &(0x7f0000000340)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f00000002c0)=@IORING_OP_WRITEV={0x2, 0x0, 0x0, @fd_index=0x4, 0x0, 0x0}) syz_io_uring_setup(0x10e, &(0x7f0000000140)={0x0, 0x334e, 0x10, 0x4, 0x312}, &(0x7f0000000200)=0x0, &(0x7f0000000300)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r5, &(0x7f0000000040)=@IORING_OP_OPENAT={0x12, 0x30, 0x0, r1, 0x0, 0x0, 0x60, 0x200501, 0x12345}) r6 = syz_io_uring_setup(0x497, &(0x7f0000002180)={0x0, 0x787f, 0x100, 0x4, 0x1b0}, &(0x7f00000000c0)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r7, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) r9 = io_uring_register$IORING_REGISTER_PERSONALITY(r6, 0x9, 0x0, 0x0) syz_io_uring_submit(r7, r8, &(0x7f00000002c0)=@IORING_OP_RECV=@pass_buffer={0x1b, 0x5, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x10001, 0x1, {0x0, r9}}) syz_io_uring_submit(r2, r5, &(0x7f0000000000)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x0, 0x2, r1, 0x0, 0x0, 0x0, 0x2001, 0x1, {0x2, r9}}) 0s ago: executing program 1 (id=572): syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x2000) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) socket(0x10, 0x803, 0x4) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00', r0, 0x0, 0xffffffffffffffff}, 0x18) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x20000c, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r1 = getpid() sched_setscheduler(r1, 0x1, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, r0, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) creat(0x0, 0x0) chown(&(0x7f00000003c0)='./file0\x00', 0x0, 0xee01) preadv(0xffffffffffffffff, &(0x7f00000004c0)=[{0x0}], 0x1, 0xa3, 0xd) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz1\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000100), 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f00000002c0)='blkio.throttle.write_iops_device\x00', 0x2, 0x0) write$cgroup_subtree(r5, &(0x7f00000000c0)=ANY=[], 0x6a) syz_open_dev$tty1(0xc, 0x4, 0x1) request_key(0x0, 0x0, 0x0, 0xfffffffffffffffe) prlimit64(0x0, 0xe, &(0x7f0000000480)={0x7, 0xfd}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000240)=0x7) r6 = getpid() sched_setscheduler(r6, 0x1, &(0x7f00000000c0)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r7, &(0x7f0000000180)=@abs={0x1}, 0x6e) kernel console output (not intermixed with test programs): oduct: 鮠濻뀯츺䝪켻顩狀펊昃⿿ܹ囹⛑斧僛鰻俶厌☓뎖⇏麋짘⊶ᝂ똓ﴝ쌴琴Ꞽ⹎䲎휹೬胤Ḟ柆總鋄㖃毐솚䖪೬釭㔅ힴ⡘㤒匠郪窞 [ 120.694625][ T9] usb 2-1: Manufacturer: 凌 [ 120.694638][ T9] usb 2-1: SerialNumber: 㐁 [ 120.715201][ T6017] usb 1-1: USB disconnect, device number 3 [ 121.000611][ T5890] usb 5-1: new full-speed USB device number 2 using dummy_hcd [ 121.153979][ T10] usb 4-1: new high-speed USB device number 2 using dummy_hcd [ 121.156267][ T5890] usb 5-1: config 0 has an invalid interface number: 45 but max is 0 [ 121.156294][ T5890] usb 5-1: config 0 has no interface number 0 [ 121.156379][ T5890] usb 5-1: config 0 interface 45 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 121.159259][ T5890] usb 5-1: New USB device found, idVendor=0ab4, idProduct=0011, bcdDevice=60.16 [ 121.159287][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 121.159306][ T5890] usb 5-1: Product: syz [ 121.159318][ T5890] usb 5-1: Manufacturer: syz [ 121.159332][ T5890] usb 5-1: SerialNumber: syz [ 121.289503][ T5890] usb 5-1: config 0 descriptor?? [ 121.984518][ T9] usbhid 2-1:1.0: can't add hid device: -71 [ 122.109474][ T9] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 123.476326][ T5890] esd_usb 5-1:0.45: sending version message failed [ 123.476574][ T5890] esd_usb 5-1:0.45: probe with driver esd_usb failed with error -8 [ 124.024604][ T5890] usb 5-1: USB disconnect, device number 2 [ 125.032878][ T10] usb 4-1: unable to read config index 0 descriptor/all [ 125.032938][ T10] usb 4-1: can't read configurations, error -71 [ 125.608900][ T9] usb 2-1: USB disconnect, device number 4 [ 127.146469][ T6052] kvm_intel: L1TF CPU bug present and SMT on, data leak possible. See CVE-2018-3646 and https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/l1tf.html for details. [ 127.479713][ T5889] usb 3-1: new high-speed USB device number 3 using dummy_hcd [ 127.626390][ T5889] usb 3-1: device descriptor read/64, error -71 [ 127.870583][ T5889] usb 3-1: new high-speed USB device number 4 using dummy_hcd [ 127.880598][ T5804] usb 5-1: new high-speed USB device number 3 using dummy_hcd [ 127.961939][ T6066] veth3: entered promiscuous mode [ 127.961966][ T6066] veth3: entered allmulticast mode [ 128.000999][ T5889] usb 3-1: device descriptor read/64, error -71 [ 128.031849][ T5804] usb 5-1: Using ep0 maxpacket: 16 [ 128.035263][ T5804] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.035297][ T5804] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 128.035320][ T5804] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 128.035365][ T5804] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 128.035388][ T5804] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 128.046808][ T5804] usb 5-1: config 0 descriptor?? [ 128.110995][ T5889] usb usb3-port1: attempt power cycle [ 128.239879][ T31] usb 1-1: new high-speed USB device number 4 using dummy_hcd [ 128.400734][ T31] usb 1-1: Using ep0 maxpacket: 8 [ 128.454261][ T31] usb 1-1: config 1 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 128.454294][ T31] usb 1-1: config 1 interface 0 altsetting 10 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 128.454312][ T31] usb 1-1: config 1 interface 0 has no altsetting 0 [ 128.464287][ T31] usb 1-1: New USB device found, idVendor=054c, idProduct=1000, bcdDevice= 0.40 [ 128.464318][ T31] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 128.464338][ T31] usb 1-1: Product: 鮠濻뀯츺䝪켻顩狀펊昃⿿ܹ囹⛑斧僛鰻俶厌☓뎖⇏麋짘⊶ᝂ똓ﴝ쌴琴Ꞽ⹎䲎휹೬胤Ḟ柆總鋄㖃毐솚䖪೬釭㔅ힴ⡘㤒匠郪窞 [ 128.464359][ T31] usb 1-1: Manufacturer: 凌 [ 128.464371][ T31] usb 1-1: SerialNumber: 㐁 [ 128.480816][ T5889] usb 3-1: new high-speed USB device number 5 using dummy_hcd [ 128.501424][ T5889] usb 3-1: device descriptor read/8, error -71 [ 128.557003][ T5804] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 128.557042][ T5804] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 128.557064][ T5804] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 128.557086][ T5804] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 128.557108][ T5804] shield 0003:0955:7214.0001: unknown main item tag 0x0 [ 128.651985][ T5804] input: HID 0955:7214 Haptics as /devices/virtual/input/input5 [ 128.740792][ T5889] usb 3-1: new high-speed USB device number 6 using dummy_hcd [ 128.761984][ T5889] usb 3-1: device descriptor read/8, error -71 [ 128.776083][ T6064] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 128.813872][ T6064] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 128.825386][ T6064] binder: 6061:6064 ioctl 4018620d 0 returned -22 [ 128.833210][ T6064] binder: 6061:6064 ioctl c0306201 0 returned -14 [ 128.844812][ T6064] binder: 6061:6064 ioctl 40044591 0 returned -22 [ 128.872965][ T5889] usb usb3-port1: unable to enumerate USB device [ 128.911342][ T5789] usb 4-1: new high-speed USB device number 4 using dummy_hcd [ 128.932024][ T31] usbhid 1-1:1.0: can't add hid device: -71 [ 128.932194][ T31] usbhid 1-1:1.0: probe with driver usbhid failed with error -71 [ 128.939113][ T6075] netlink: 512 bytes leftover after parsing attributes in process `syz.4.38'. [ 128.991712][ T31] usb 1-1: USB disconnect, device number 4 [ 129.081322][ T5789] usb 4-1: Using ep0 maxpacket: 32 [ 129.097024][ T5789] usb 4-1: unable to get BOS descriptor or descriptor too short [ 129.123717][ T5789] usb 4-1: config 7 has an invalid descriptor of length 0, skipping remainder of the config [ 129.141435][ T5789] usb 4-1: New USB device found, idVendor=18d1, idProduct=1eaf, bcdDevice=5a.bb [ 129.141466][ T5789] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 129.141487][ T5789] usb 4-1: Product: syz [ 129.141501][ T5789] usb 4-1: Manufacturer: syz [ 129.141515][ T5789] usb 4-1: SerialNumber: syz [ 129.227536][ T5804] shield 0003:0955:7214.0001: Registered Thunderstrike controller [ 129.229258][ T5804] shield 0003:0955:7214.0001: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 129.262883][ T1230] usb 2-1: new high-speed USB device number 5 using dummy_hcd [ 129.421100][ T1230] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 129.421127][ T1230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 129.451233][ T5789] usb 4-1: Limiting number of CPorts to U8_MAX [ 129.473026][ T1230] usb 2-1: config 0 descriptor?? [ 129.478176][ T5789] usb 4-1: Not enough endpoints found in device, aborting! [ 130.366800][ T5869] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ESHUTDOWN [ 130.367675][ T5869] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -ENOENT [ 130.368986][ T5869] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -EPIPE [ 130.372513][ T5869] shield 0003:0955:7214.0001: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 131.547511][ T5895] usb 5-1: reset high-speed USB device number 3 using dummy_hcd [ 131.630676][ T1230] usb 2-1: Cannot set autoneg [ 131.630992][ T1230] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -61 [ 131.810659][ T49] usb 3-1: new full-speed USB device number 7 using dummy_hcd [ 131.933273][ T6017] usb 2-1: USB disconnect, device number 5 [ 131.964455][ T49] usb 3-1: config 0 has an invalid interface number: 45 but max is 0 [ 131.964480][ T49] usb 3-1: config 0 has no interface number 0 [ 131.964532][ T49] usb 3-1: config 0 interface 45 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 131.967984][ T49] usb 3-1: New USB device found, idVendor=0ab4, idProduct=0011, bcdDevice=60.16 [ 131.968012][ T49] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 131.968030][ T49] usb 3-1: Product: syz [ 131.968044][ T49] usb 3-1: Manufacturer: syz [ 131.968055][ T49] usb 3-1: SerialNumber: syz [ 133.086497][ T49] usb 3-1: config 0 descriptor?? [ 133.154112][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 133.154241][ T1322] ieee802154 phy1 wpan1: encryption failed: -22 [ 133.160716][ T6092] warning: `syz.4.44' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 133.237983][ T49] esd_usb 3-1:0.45: sending version message failed [ 133.238082][ T49] esd_usb 3-1:0.45: probe with driver esd_usb failed with error -8 [ 133.350721][ T49] usb 3-1: USB disconnect, device number 7 [ 133.397482][ T5869] usb 5-1: USB disconnect, device number 3 [ 133.677443][ T6106] syzkaller0: entered promiscuous mode [ 133.677472][ T6106] syzkaller0: entered allmulticast mode [ 134.551691][ T37] audit: type=1326 audit(1761814974.659:2): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6108 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 134.551748][ T37] audit: type=1326 audit(1761814974.659:3): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6108 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 134.551795][ T37] audit: type=1326 audit(1761814974.659:4): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6108 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 134.551840][ T37] audit: type=1326 audit(1761814974.659:5): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6108 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 134.551884][ T37] audit: type=1326 audit(1761814974.669:6): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6108 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 134.551940][ T37] audit: type=1326 audit(1761814974.669:7): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6108 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 134.727274][ T37] audit: type=1326 audit(1761814974.829:8): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6108 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 134.727626][ T37] audit: type=1326 audit(1761814974.849:9): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6108 comm="syz.0.48" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 134.801558][ T5895] usb 4-1: USB disconnect, device number 4 [ 135.323069][ T6123] netlink: 12 bytes leftover after parsing attributes in process `syz.1.52'. [ 135.490519][ T5895] usb 5-1: new high-speed USB device number 4 using dummy_hcd [ 135.537296][ T6123] veth3: entered promiscuous mode [ 135.537324][ T6123] veth3: entered allmulticast mode [ 135.572034][ T6124] vcan0: tx drop: invalid sa for name 0x0000000000000001 [ 135.696123][ T5895] usb 5-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 135.696165][ T5895] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 135.722832][ T5895] usb 5-1: config 0 descriptor?? [ 135.740528][ T1230] usb 2-1: new high-speed USB device number 6 using dummy_hcd [ 135.927968][ T6118] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 135.928548][ T6118] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 136.201106][ T1230] usb 2-1: Using ep0 maxpacket: 8 [ 136.220209][ T5895] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 136.229421][ T5895] asix 5-1:0.0: probe with driver asix failed with error -71 [ 136.236973][ T1230] usb 2-1: config 1 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 136.237006][ T1230] usb 2-1: config 1 interface 0 altsetting 10 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 136.237029][ T1230] usb 2-1: config 1 interface 0 has no altsetting 0 [ 136.260709][ T1230] usb 2-1: New USB device found, idVendor=054c, idProduct=1000, bcdDevice= 0.40 [ 136.260740][ T1230] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 136.260760][ T1230] usb 2-1: Product: 鮠濻뀯츺䝪켻顩狀펊昃⿿ܹ囹⛑斧僛鰻俶厌☓뎖⇏麋짘⊶ᝂ똓ﴝ쌴琴Ꞽ⹎䲎휹೬胤Ḟ柆總鋄㖃毐솚䖪೬釭㔅ힴ⡘㤒匠郪窞 [ 136.260782][ T1230] usb 2-1: Manufacturer: 凌 [ 136.260796][ T1230] usb 2-1: SerialNumber: 㐁 [ 136.371579][ T5895] usb 5-1: USB disconnect, device number 4 [ 136.386438][ T49] usb 3-1: new high-speed USB device number 8 using dummy_hcd [ 136.521440][ T49] usb 3-1: device descriptor read/64, error -71 [ 136.611059][ C1] vkms_vblank_simulate: vblank timer overrun [ 136.810802][ T49] usb 3-1: new high-speed USB device number 9 using dummy_hcd [ 136.891570][ C1] vkms_vblank_simulate: vblank timer overrun [ 137.021922][ C1] vkms_vblank_simulate: vblank timer overrun [ 137.023243][ T49] usb 3-1: device descriptor read/64, error -71 [ 137.135094][ T49] usb usb3-port1: attempt power cycle [ 137.424357][ C1] vkms_vblank_simulate: vblank timer overrun [ 137.511310][ T5882] usb 1-1: new high-speed USB device number 5 using dummy_hcd [ 137.515826][ T49] usb 3-1: new high-speed USB device number 10 using dummy_hcd [ 137.536599][ T1230] usbhid 2-1:1.0: can't add hid device: -71 [ 137.536733][ T1230] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 137.556280][ T49] usb 3-1: device descriptor read/8, error -71 [ 137.562815][ T1230] usb 2-1: USB disconnect, device number 6 [ 137.589882][ T6137] netlink: 'syz.3.57': attribute type 1 has an invalid length. [ 137.599454][ T6137] capability: warning: `syz.3.57' uses deprecated v2 capabilities in a way that may be insecure [ 137.681160][ T5882] usb 1-1: Using ep0 maxpacket: 16 [ 137.683819][ T5882] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 137.683852][ T5882] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 137.683874][ T5882] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 137.683917][ T5882] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 137.683940][ T5882] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 137.768048][ T5882] usb 1-1: config 0 descriptor?? [ 137.820606][ T49] usb 3-1: new high-speed USB device number 11 using dummy_hcd [ 137.841520][ T49] usb 3-1: device descriptor read/8, error -71 [ 137.951110][ T49] usb usb3-port1: unable to enumerate USB device [ 138.244333][ T5882] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 138.244381][ T5882] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 138.244406][ T5882] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 138.244430][ T5882] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 138.244454][ T5882] shield 0003:0955:7214.0002: unknown main item tag 0x0 [ 138.290906][ T5882] input: HID 0955:7214 Haptics as /devices/virtual/input/input6 [ 138.388195][ T5882] shield 0003:0955:7214.0002: Registered Thunderstrike controller [ 138.388593][ T5882] shield 0003:0955:7214.0002: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 138.428804][ T6135] binder: 6134:6135 ioctl 4018620d 0 returned -22 [ 138.446302][ T6135] netlink: 504 bytes leftover after parsing attributes in process `syz.0.56'. [ 138.511814][ T49] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 138.512241][ T49] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 138.512894][ T49] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 138.513352][ T49] shield 0003:0955:7214.0002: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 138.589501][ T5882] usb 1-1: USB disconnect, device number 5 [ 138.660913][ T6152] netlink: 64 bytes leftover after parsing attributes in process `syz.3.62'. [ 138.820123][ T6154] netlink: 256 bytes leftover after parsing attributes in process `syz.1.65'. [ 139.149985][ C1] vkms_vblank_simulate: vblank timer overrun [ 139.489336][ C1] vkms_vblank_simulate: vblank timer overrun [ 139.809944][ C1] vkms_vblank_simulate: vblank timer overrun [ 139.921146][ T5789] usb 5-1: new high-speed USB device number 5 using dummy_hcd [ 140.180534][ T5789] usb 5-1: Using ep0 maxpacket: 32 [ 140.183191][ T5789] usb 5-1: config 0 has an invalid interface number: 196 but max is 0 [ 140.183219][ T5789] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 140.183239][ T5789] usb 5-1: config 0 has no interface number 0 [ 140.183294][ T5789] usb 5-1: config 0 interface 196 altsetting 1 endpoint 0x2 has invalid wMaxPacketSize 0 [ 140.183316][ T5789] usb 5-1: config 0 interface 196 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 140.183343][ T5789] usb 5-1: config 0 interface 196 has no altsetting 0 [ 140.186635][ T5789] usb 5-1: New USB device found, idVendor=05ac, idProduct=77c2, bcdDevice=eb.3a [ 140.186664][ T5789] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 140.186683][ T5789] usb 5-1: Product: syz [ 140.186698][ T5789] usb 5-1: Manufacturer: syz [ 140.186712][ T5789] usb 5-1: SerialNumber: syz [ 140.303006][ T5789] usb 5-1: config 0 descriptor?? [ 140.779575][ C1] vkms_vblank_simulate: vblank timer overrun [ 141.124367][ C1] vkms_vblank_simulate: vblank timer overrun [ 141.801246][ T6160] ptrace attach of "./syz-executor exec"[5798] was attempted by "./syz-executor exec"[6160] [ 142.411387][ T5789] ipheth 5-1:0.196: Unable to find endpoints [ 142.441641][ T5789] usb 5-1: USB disconnect, device number 5 [ 142.852104][ T6173] ======================================================= [ 142.852104][ T6173] WARNING: The mand mount option has been deprecated and [ 142.852104][ T6173] and is ignored by this kernel. Remove the mand [ 142.852104][ T6173] option from the mount to silence this warning. [ 142.852104][ T6173] ======================================================= [ 143.030706][ T44] usb 2-1: new high-speed USB device number 7 using dummy_hcd [ 143.203302][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.203337][ T44] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.203358][ T44] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 143.203402][ T44] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 143.203425][ T44] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.210120][ T44] usb 2-1: config 0 descriptor?? [ 143.220526][ T5789] usb 5-1: new high-speed USB device number 6 using dummy_hcd [ 143.390590][ T5789] usb 5-1: Using ep0 maxpacket: 16 [ 143.394906][ T5789] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 143.394941][ T5789] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 143.394964][ T5789] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 143.395060][ T5789] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 143.395082][ T5789] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 143.459128][ T6177] netlink: 12 bytes leftover after parsing attributes in process `syz.3.72'. [ 143.493093][ T5789] usb 5-1: config 0 descriptor?? [ 143.673216][ T6177] veth3: entered promiscuous mode [ 143.673244][ T6177] veth3: entered allmulticast mode [ 143.755453][ T44] usbhid 2-1:0.0: can't add hid device: -71 [ 143.755830][ T44] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 143.804588][ T1230] usb 4-1: new high-speed USB device number 5 using dummy_hcd [ 143.807639][ T44] usb 2-1: USB disconnect, device number 7 [ 143.970098][ T5789] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 143.970139][ T5789] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 143.970174][ T5789] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 143.970195][ T5789] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 143.970209][ T5789] shield 0003:0955:7214.0003: unknown main item tag 0x0 [ 144.021085][ T5789] input: HID 0955:7214 Haptics as /devices/virtual/input/input7 [ 144.102765][ T5789] shield 0003:0955:7214.0003: Registered Thunderstrike controller [ 144.104727][ T5789] shield 0003:0955:7214.0003: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 144.161807][ T6169] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 144.162108][ T6169] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 144.162824][ T6169] binder: 6168:6169 ioctl 4018620d 0 returned -22 [ 144.163379][ T6169] binder: 6168:6169 ioctl c0306201 0 returned -14 [ 144.163496][ T6169] binder: 6168:6169 ioctl 40044591 0 returned -22 [ 144.212204][ T1230] usb 4-1: Using ep0 maxpacket: 8 [ 144.259003][ T1230] usb 4-1: config 1 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 144.259049][ T1230] usb 4-1: config 1 interface 0 altsetting 10 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 144.259077][ T1230] usb 4-1: config 1 interface 0 has no altsetting 0 [ 144.356821][ T1230] usb 4-1: New USB device found, idVendor=054c, idProduct=1000, bcdDevice= 0.40 [ 144.356861][ T1230] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 144.356889][ T1230] usb 4-1: Product: 鮠濻뀯츺䝪켻顩狀펊昃⿿ܹ囹⛑斧僛鰻俶厌☓뎖⇏麋짘⊶ᝂ똓ﴝ쌴琴Ꞽ⹎䲎휹೬胤Ḟ柆總鋄㖃毐솚䖪೬釭㔅ힴ⡘㤒匠郪窞 [ 144.356913][ T1230] usb 4-1: Manufacturer: 凌 [ 144.356927][ T1230] usb 4-1: SerialNumber: 㐁 [ 149.390512][ T5789] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -ETIMEDOUT [ 149.451279][ T5789] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -EPIPE [ 149.451671][ T5789] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -EPIPE [ 149.452143][ T5789] shield 0003:0955:7214.0003: Failed to output Thunderstrike HOSTCMD request HID report due to -EPIPE [ 149.591148][ T5789] usb 5-1: reset high-speed USB device number 6 using dummy_hcd [ 149.723468][ T1230] usbhid 4-1:1.0: can't add hid device: -71 [ 149.723616][ T1230] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 149.733015][ T1230] usb 4-1: USB disconnect, device number 5 [ 151.006377][ T5804] hid-generic 0101:000A:0003.0004: unknown main item tag 0x0 [ 151.006415][ T5804] hid-generic 0101:000A:0003.0004: unknown main item tag 0x0 [ 151.006441][ T5804] hid-generic 0101:000A:0003.0004: unknown main item tag 0x0 [ 151.006465][ T5804] hid-generic 0101:000A:0003.0004: unknown main item tag 0x0 [ 151.006496][ T5804] hid-generic 0101:000A:0003.0004: unknown main item tag 0x0 [ 151.006519][ T5804] hid-generic 0101:000A:0003.0004: unknown main item tag 0x0 [ 151.006542][ T5804] hid-generic 0101:000A:0003.0004: unknown main item tag 0x0 [ 151.006565][ T5804] hid-generic 0101:000A:0003.0004: unknown main item tag 0x0 [ 151.006588][ T5804] hid-generic 0101:000A:0003.0004: unknown main item tag 0x0 [ 151.006611][ T5804] hid-generic 0101:000A:0003.0004: unknown main item tag 0x0 [ 151.177669][ T5804] hid-generic 0101:000A:0003.0004: hidraw0: HID v0.07 Device [syz0] on syz1 [ 151.381521][ T49] usb 5-1: USB disconnect, device number 6 [ 151.610773][ T37] audit: type=1326 audit(1761814991.709:10): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6213 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 151.610833][ T37] audit: type=1326 audit(1761814991.709:11): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6213 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=437 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 151.610960][ T37] audit: type=1326 audit(1761814991.719:12): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6213 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 151.610999][ T37] audit: type=1326 audit(1761814991.719:13): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6213 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 151.611035][ T37] audit: type=1326 audit(1761814991.719:14): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6213 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 151.611071][ T37] audit: type=1326 audit(1761814991.719:15): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6213 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 151.611107][ T37] audit: type=1326 audit(1761814991.719:16): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6213 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 151.611182][ T37] audit: type=1326 audit(1761814991.719:17): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6213 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 151.611230][ T37] audit: type=1326 audit(1761814991.719:18): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6213 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 151.611276][ T37] audit: type=1326 audit(1761814991.719:19): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6213 comm="syz.2.80" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 152.562568][ T49] usb 5-1: new full-speed USB device number 7 using dummy_hcd [ 152.759747][ T49] usb 5-1: config 0 has an invalid interface number: 45 but max is 0 [ 152.759787][ T49] usb 5-1: config 0 has no interface number 0 [ 152.759841][ T49] usb 5-1: config 0 interface 45 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 152.789759][ T49] usb 5-1: New USB device found, idVendor=0ab4, idProduct=0011, bcdDevice=60.16 [ 152.789801][ T49] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 152.789821][ T49] usb 5-1: Product: syz [ 152.789835][ T49] usb 5-1: Manufacturer: syz [ 152.789849][ T49] usb 5-1: SerialNumber: syz [ 152.839321][ T6231] fido_id[6231]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 152.854940][ T49] usb 5-1: config 0 descriptor?? [ 152.934027][ T6237] netlink: 16 bytes leftover after parsing attributes in process `syz.2.85'. [ 153.108211][ T49] esd_usb 5-1:0.45: sending version message failed [ 153.108313][ T49] esd_usb 5-1:0.45: probe with driver esd_usb failed with error -8 [ 153.133736][ T49] usb 5-1: USB disconnect, device number 7 [ 153.589727][ T6244] input input8: cannot allocate more than FF_MAX_EFFECTS effects [ 153.762995][ T6247] FAULT_INJECTION: forcing a failure. [ 153.762995][ T6247] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 153.774508][ T6247] CPU: 0 UID: 0 PID: 6247 Comm: syz.0.93 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 153.774537][ T6247] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 153.774549][ T6247] Call Trace: [ 153.774557][ T6247] [ 153.774566][ T6247] dump_stack_lvl+0x189/0x250 [ 153.774602][ T6247] ? __pfx____ratelimit+0x10/0x10 [ 153.774628][ T6247] ? __pfx_dump_stack_lvl+0x10/0x10 [ 153.774658][ T6247] ? __pfx__printk+0x10/0x10 [ 153.774683][ T6247] ? __might_fault+0xb0/0x130 [ 153.774724][ T6247] should_fail_ex+0x46c/0x600 [ 153.774758][ T6247] copy_fpstate_to_sigframe+0xa7d/0xce0 [ 153.774794][ T6247] ? __pfx_copy_fpstate_to_sigframe+0x10/0x10 [ 153.774825][ T6247] ? do_raw_spin_lock+0x121/0x290 [ 153.774861][ T6247] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 153.774890][ T6247] ? fpu__alloc_mathframe+0xad/0x130 [ 153.774914][ T6247] get_sigframe+0x58d/0x7d0 [ 153.774942][ T6247] ? __pfx_get_sigframe+0x10/0x10 [ 153.774964][ T6247] ? rt_mutex_slowunlock+0x493/0x8a0 [ 153.774984][ T6247] ? rt_spin_lock+0x1c1/0x3e0 [ 153.775013][ T6247] x64_setup_rt_frame+0x15c/0xd40 [ 153.775032][ T6247] ? rt_spin_unlock+0x150/0x200 [ 153.775068][ T6247] ? rt_spin_unlock+0x161/0x200 [ 153.775092][ T6247] ? get_signal+0x1121/0x1310 [ 153.775126][ T6247] ? __pfx_x64_setup_rt_frame+0x10/0x10 [ 153.775152][ T6247] ? arch_do_signal_or_restart+0x38a/0x790 [ 153.775178][ T6247] arch_do_signal_or_restart+0x3f6/0x790 [ 153.775204][ T6247] ? __pfx_arch_do_signal_or_restart+0x10/0x10 [ 153.775246][ T6247] ? exit_to_user_mode_loop+0x40/0x130 [ 153.775277][ T6247] exit_to_user_mode_loop+0x72/0x130 [ 153.775305][ T6247] do_syscall_64+0x2bd/0xfa0 [ 153.775330][ T6247] ? lockdep_hardirqs_on+0x9c/0x150 [ 153.775355][ T6247] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.775376][ T6247] ? clear_bhb_loop+0x60/0xb0 [ 153.775401][ T6247] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 153.775420][ T6247] RIP: 0033:0x7efe483aefc7 [ 153.775439][ T6247] Code: ff ff ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 <0f> 05 48 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 [ 153.775455][ T6247] RSP: 002b:00007efe4660e038 EFLAGS: 00000246 [ 153.775474][ T6247] RAX: 000000000000002f RBX: 00007efe48605fa0 RCX: 00007efe483aefc9 [ 153.775488][ T6247] RDX: 0000000000001f00 RSI: 0000200000000500 RDI: 0000000000000003 [ 153.775501][ T6247] RBP: 00007efe4660e090 R08: 0000000000000000 R09: 0000000000000000 [ 153.775513][ T6247] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 153.775525][ T6247] R13: 00007efe48606038 R14: 00007efe48605fa0 R15: 00007ffd17018188 [ 153.775560][ T6247] [ 154.171517][ T6252] FAULT_INJECTION: forcing a failure. [ 154.171517][ T6252] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 154.171553][ T6252] CPU: 1 UID: 0 PID: 6252 Comm: syz.4.94 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 154.171575][ T6252] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 154.171586][ T6252] Call Trace: [ 154.171594][ T6252] [ 154.171603][ T6252] dump_stack_lvl+0x189/0x250 [ 154.171638][ T6252] ? __pfx____ratelimit+0x10/0x10 [ 154.171662][ T6252] ? __pfx_dump_stack_lvl+0x10/0x10 [ 154.171693][ T6252] ? __pfx__printk+0x10/0x10 [ 154.171735][ T6252] should_fail_ex+0x46c/0x600 [ 154.171769][ T6252] _copy_to_user+0x31/0xb0 [ 154.171794][ T6252] iommufd_ucmd_respond+0x88/0xf0 [ 154.171844][ T6252] iommufd_test+0x4408/0x51a0 [ 154.171889][ T6252] ? __pfx_iommufd_test+0x10/0x10 [ 154.171923][ T6252] ? __lock_acquire+0xab9/0xd20 [ 154.171964][ T6252] ? __might_fault+0xb0/0x130 [ 154.172020][ T6252] iommufd_fops_ioctl+0x461/0x580 [ 154.172052][ T6252] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 154.172092][ T6252] ? __fget_files+0x3a6/0x420 [ 154.172118][ T6252] ? __fget_files+0x2a/0x420 [ 154.172149][ T6252] ? bpf_lsm_file_ioctl+0x9/0x20 [ 154.172168][ T6252] ? __pfx_iommufd_fops_ioctl+0x10/0x10 [ 154.172193][ T6252] __se_sys_ioctl+0xff/0x170 [ 154.172219][ T6252] do_syscall_64+0xfa/0xfa0 [ 154.172243][ T6252] ? lockdep_hardirqs_on+0x9c/0x150 [ 154.172268][ T6252] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.172288][ T6252] ? clear_bhb_loop+0x60/0xb0 [ 154.172313][ T6252] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 154.172332][ T6252] RIP: 0033:0x7f09849eefc9 [ 154.172351][ T6252] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 154.172367][ T6252] RSP: 002b:00007f0982c4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 154.172389][ T6252] RAX: ffffffffffffffda RBX: 00007f0984c45fa0 RCX: 00007f09849eefc9 [ 154.172404][ T6252] RDX: 0000200000000180 RSI: 0000000000003ba0 RDI: 0000000000000005 [ 154.172417][ T6252] RBP: 00007f0982c4e090 R08: 0000000000000000 R09: 0000000000000000 [ 154.172428][ T6252] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 154.172440][ T6252] R13: 00007f0984c46038 R14: 00007f0984c45fa0 R15: 00007ffd68a7bb38 [ 154.172482][ T6252] [ 154.184547][ T6253] netlink: 4 bytes leftover after parsing attributes in process `syz.1.90'. [ 154.361040][ T6254] dummy0: entered allmulticast mode [ 154.366446][ T6254] netlink: 4 bytes leftover after parsing attributes in process `syz.2.92'. [ 155.672878][ T5800] Bluetooth: hci4: command 0x0405 tx timeout [ 156.594428][ T6251] dummy0: left allmulticast mode [ 157.989515][ T6302] QAT: failed to copy from user. [ 158.420542][ T5889] usb 2-1: new high-speed USB device number 8 using dummy_hcd [ 158.570570][ T5889] usb 2-1: Using ep0 maxpacket: 32 [ 158.575115][ T5889] usb 2-1: config 0 has an invalid interface number: 83 but max is 0 [ 158.575143][ T5889] usb 2-1: config 0 has no interface number 0 [ 158.579849][ T5889] usb 2-1: New USB device found, idVendor=112a, idProduct=0001, bcdDevice=d8.11 [ 158.579878][ T5889] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 158.579897][ T5889] usb 2-1: Product: syz [ 158.579911][ T5889] usb 2-1: Manufacturer: syz [ 158.579925][ T5889] usb 2-1: SerialNumber: syz [ 158.643128][ T5889] usb 2-1: config 0 descriptor?? [ 158.657110][ T5889] redrat3 2-1:0.83: Couldn't find all endpoints [ 158.893765][ T5804] usb 2-1: USB disconnect, device number 8 [ 160.034388][ T49] usb 2-1: new high-speed USB device number 9 using dummy_hcd [ 160.360769][ T49] usb 2-1: device descriptor read/64, error -71 [ 160.600823][ T49] usb 2-1: new high-speed USB device number 10 using dummy_hcd [ 163.816457][ T6332] netlink: 12 bytes leftover after parsing attributes in process `syz.4.120'. [ 164.070503][ T49] usb 2-1: device descriptor read/64, error -71 [ 164.150631][ T5804] usb 5-1: new high-speed USB device number 8 using dummy_hcd [ 164.180829][ T49] usb usb2-port1: attempt power cycle [ 164.302128][ T5804] usb 5-1: Using ep0 maxpacket: 8 [ 164.305347][ T5804] usb 5-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 164.305416][ T5804] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 164.305440][ T5804] usb 5-1: config 16 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 164.305483][ T5804] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 164.305506][ T5804] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.321723][ T5804] usbtmc 5-1:16.0: bulk endpoints not found [ 164.545409][ T49] usb 2-1: new high-speed USB device number 11 using dummy_hcd [ 164.561445][ T49] usb 2-1: Using ep0 maxpacket: 16 [ 164.564024][ T49] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 164.564055][ T49] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 164.564076][ T49] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 164.564120][ T49] usb 2-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 164.564143][ T49] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 164.635636][ T49] usb 2-1: config 0 descriptor?? [ 165.148881][ T49] hid_parser_main: 189 callbacks suppressed [ 165.148907][ T49] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 165.148938][ T49] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 165.148963][ T49] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 165.148997][ T49] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 165.149022][ T49] shield 0003:0955:7214.0005: unknown main item tag 0x0 [ 165.204127][ T49] input: HID 0955:7214 Haptics as /devices/virtual/input/input9 [ 165.235198][ T49] shield 0003:0955:7214.0005: Registered Thunderstrike controller [ 165.235608][ T49] shield 0003:0955:7214.0005: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.1-1/input0 [ 165.380516][ T6331] binder: 6330:6331 ioctl 4018620d 0 returned -22 [ 169.178694][ T6359] syz_tun: entered promiscuous mode [ 169.227942][ T6359] syz_tun: left promiscuous mode [ 169.425547][ T5789] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -ESHUTDOWN [ 169.430152][ T5789] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 169.435920][ T5789] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 169.441748][ T5789] shield 0003:0955:7214.0005: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 169.631518][ T6366] FAULT_INJECTION: forcing a failure. [ 169.631518][ T6366] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 169.631590][ T6366] CPU: 0 UID: 0 PID: 6366 Comm: syz.0.132 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 169.631614][ T6366] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 169.631626][ T6366] Call Trace: [ 169.631634][ T6366] [ 169.631643][ T6366] dump_stack_lvl+0x189/0x250 [ 169.631689][ T6366] ? __pfx____ratelimit+0x10/0x10 [ 169.631715][ T6366] ? __pfx_dump_stack_lvl+0x10/0x10 [ 169.631746][ T6366] ? __pfx__printk+0x10/0x10 [ 169.631789][ T6366] should_fail_ex+0x46c/0x600 [ 169.631824][ T6366] _copy_to_user+0x31/0xb0 [ 169.631849][ T6366] simple_read_from_buffer+0xe1/0x170 [ 169.631889][ T6366] proc_fail_nth_read+0x1b6/0x220 [ 169.631915][ T6366] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 169.631941][ T6366] ? rw_verify_area+0x2ac/0x4e0 [ 169.631965][ T6366] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 169.631989][ T6366] vfs_read+0x206/0xa30 [ 169.632023][ T6366] ? __pfx_vfs_read+0x10/0x10 [ 169.632044][ T6366] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 169.632076][ T6366] ? mutex_lock_nested+0x154/0x1d0 [ 169.632095][ T6366] ? fdget_pos+0x253/0x320 [ 169.632135][ T6366] ksys_read+0x14b/0x260 [ 169.632163][ T6366] ? __pfx_ksys_read+0x10/0x10 [ 169.632192][ T6366] ? do_syscall_64+0xbe/0xfa0 [ 169.632223][ T6366] do_syscall_64+0xfa/0xfa0 [ 169.632250][ T6366] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.632269][ T6366] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 169.632288][ T6366] ? clear_bhb_loop+0x60/0xb0 [ 169.632314][ T6366] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 169.632333][ T6366] RIP: 0033:0x7efe483ad9dc [ 169.632352][ T6366] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 169.632369][ T6366] RSP: 002b:00007efe4660e030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 169.632391][ T6366] RAX: ffffffffffffffda RBX: 00007efe48605fa0 RCX: 00007efe483ad9dc [ 169.632405][ T6366] RDX: 000000000000000f RSI: 00007efe4660e0a0 RDI: 0000000000000006 [ 169.632416][ T6366] RBP: 00007efe4660e090 R08: 0000000000000000 R09: 0000000000000000 [ 169.632428][ T6366] R10: 0000000000000016 R11: 0000000000000246 R12: 0000000000000001 [ 169.632439][ T6366] R13: 00007efe48606038 R14: 00007efe48605fa0 R15: 00007ffd17018188 [ 169.632476][ T6366] [ 169.841996][ T6370] netlink: 12 bytes leftover after parsing attributes in process `syz.2.131'. [ 170.139790][ C0] vkms_vblank_simulate: vblank timer overrun [ 170.190597][ T44] usb 3-1: new high-speed USB device number 12 using dummy_hcd [ 170.220215][ T5895] usb 5-1: USB disconnect, device number 8 [ 170.251253][ T6367] veth1: entered promiscuous mode [ 170.251271][ T6367] veth1: entered allmulticast mode [ 170.358348][ T44] usb 3-1: Using ep0 maxpacket: 8 [ 170.371490][ T44] usb 3-1: config 1 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 170.371525][ T44] usb 3-1: config 1 interface 0 altsetting 10 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 170.371551][ T44] usb 3-1: config 1 interface 0 has no altsetting 0 [ 170.385346][ T44] usb 3-1: New USB device found, idVendor=054c, idProduct=1000, bcdDevice= 0.40 [ 170.385372][ T44] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 170.385390][ T44] usb 3-1: Product: 鮠濻뀯츺䝪켻顩狀펊昃⿿ܹ囹⛑斧僛鰻俶厌☓뎖⇏麋짘⊶ᝂ똓ﴝ쌴琴Ꞽ⹎䲎휹೬胤Ḟ柆總鋄㖃毐솚䖪೬釭㔅ힴ⡘㤒匠郪窞 [ 170.385410][ T44] usb 3-1: Manufacturer: 凌 [ 170.385423][ T44] usb 3-1: SerialNumber: 㐁 [ 170.472188][ T6390] nbd: must specify at least one socket [ 170.473071][ T6390] netlink: 64 bytes leftover after parsing attributes in process `syz.1.141'. [ 170.502647][ T6390] block nbd0: not configured, cannot reconfigure [ 170.526794][ T5789] usb 2-1: USB disconnect, device number 11 [ 170.650742][ T5895] usb 5-1: new high-speed USB device number 9 using dummy_hcd [ 170.781740][ T44] usbhid 3-1:1.0: can't add hid device: -71 [ 170.781878][ T44] usbhid 3-1:1.0: probe with driver usbhid failed with error -71 [ 170.795867][ T44] usb 3-1: USB disconnect, device number 12 [ 170.813831][ T5895] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 170.813858][ T5895] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 170.813896][ T5895] usb 5-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 170.813918][ T5895] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 170.858568][ T5895] usb 5-1: config 0 descriptor?? [ 171.280577][ T5889] usb 4-1: new high-speed USB device number 6 using dummy_hcd [ 171.456970][ T5789] usb 2-1: new high-speed USB device number 12 using dummy_hcd [ 174.238358][ T5895] usb 5-1: USB disconnect, device number 9 [ 175.443738][ T6431] UDPLite6: UDP-Lite is deprecated and scheduled to be removed in 2025, please contact the netdev mailing list [ 180.093511][ T44] usb 4-1: new high-speed USB device number 7 using dummy_hcd [ 180.596643][ T5869] usb 1-1: new high-speed USB device number 6 using dummy_hcd [ 181.221759][ T44] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 181.221787][ T44] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 181.221826][ T44] usb 4-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 181.221859][ T44] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.287332][ T44] usb 4-1: config 0 descriptor?? [ 181.343843][ T5869] usb 1-1: New USB device found, idVendor=0471, idProduct=0329, bcdDevice=db.da [ 181.343875][ T5869] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 181.354013][ T5869] usb 1-1: config 0 descriptor?? [ 181.366197][ T5869] pwc: Philips SPC 900NC USB webcam detected. [ 181.508934][ T5895] usb 4-1: USB disconnect, device number 7 [ 181.533633][ T6472] netlink: 104 bytes leftover after parsing attributes in process `syz.4.171'. [ 181.533663][ T6472] netlink: 104 bytes leftover after parsing attributes in process `syz.4.171'. [ 181.533678][ T6472] netlink: 81 bytes leftover after parsing attributes in process `syz.4.171'. [ 181.558435][ T5869] pwc: Failed to set LED on/off time (-71) [ 181.574926][ T5869] pwc: send_video_command error -71 [ 181.574942][ T5869] pwc: Failed to set video mode VGA@30 fps; return code = -71 [ 181.575252][ T5869] Philips webcam 1-1:0.0: probe with driver Philips webcam failed with error -71 [ 181.579092][ T6467] delete_channel: no stack [ 181.591332][ T5869] usb 1-1: USB disconnect, device number 6 [ 185.295613][ T5789] usb 5-1: new high-speed USB device number 10 using dummy_hcd [ 187.447776][ T6498] netlink: 12 bytes leftover after parsing attributes in process `syz.3.175'. [ 187.527856][ T5789] usb 5-1: device descriptor read/all, error -71 [ 187.660528][ T5895] usb 1-1: new high-speed USB device number 7 using dummy_hcd [ 187.693338][ T6498] veth3: entered promiscuous mode [ 187.693365][ T6498] veth3: entered allmulticast mode [ 187.755628][ T6505] input: syz0 as /devices/virtual/input/input10 [ 187.820532][ T5895] usb 1-1: Using ep0 maxpacket: 16 [ 187.823191][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 187.823223][ T5895] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 187.823383][ T5895] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 187.823449][ T5895] usb 1-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 187.823472][ T5895] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 187.836172][ T5895] usb 1-1: config 0 descriptor?? [ 187.846774][ T5869] usb 4-1: new high-speed USB device number 8 using dummy_hcd [ 188.075722][ T5869] usb 4-1: Using ep0 maxpacket: 8 [ 188.106864][ T5869] usb 4-1: config 1 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 188.106998][ T5869] usb 4-1: config 1 interface 0 altsetting 10 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 188.107025][ T5869] usb 4-1: config 1 interface 0 has no altsetting 0 [ 188.124706][ T5869] usb 4-1: New USB device found, idVendor=054c, idProduct=1000, bcdDevice= 0.40 [ 188.124737][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 188.124755][ T5869] usb 4-1: Product: 鮠濻뀯츺䝪켻顩狀펊昃⿿ܹ囹⛑斧僛鰻俶厌☓뎖⇏麋짘⊶ᝂ똓ﴝ쌴琴Ꞽ⹎䲎휹೬胤Ḟ柆總鋄㖃毐솚䖪೬釭㔅ힴ⡘㤒匠郪窞 [ 188.124902][ T5869] usb 4-1: Manufacturer: 凌 [ 188.124917][ T5869] usb 4-1: SerialNumber: 㐁 [ 188.482653][ T5895] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 188.482694][ T5895] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 188.482717][ T5895] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 188.482738][ T5895] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 188.482760][ T5895] shield 0003:0955:7214.0006: unknown main item tag 0x0 [ 188.491762][ T5869] usbhid 4-1:1.0: can't add hid device: -71 [ 188.491890][ T5869] usbhid 4-1:1.0: probe with driver usbhid failed with error -71 [ 188.502807][ T5895] input: HID 0955:7214 Haptics as /devices/virtual/input/input11 [ 188.505864][ T5869] usb 4-1: USB disconnect, device number 8 [ 188.537462][ T6501] delete_channel: no stack [ 188.978317][ T6497] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 189.015354][ T6497] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 189.072202][ T5895] shield 0003:0955:7214.0006: Registered Thunderstrike controller [ 189.072377][ T5895] shield 0003:0955:7214.0006: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.0-1/input0 [ 189.076602][ T6497] binder: 6494:6497 ioctl 4018620d 0 returned -22 [ 189.078581][ T6497] binder: 6494:6497 ioctl c0306201 0 returned -14 [ 189.078975][ T6497] binder: 6494:6497 ioctl 40044591 0 returned -22 [ 189.132296][ T6524] netlink: 512 bytes leftover after parsing attributes in process `syz.0.176'. [ 189.411175][ T44] usb 5-1: new high-speed USB device number 12 using dummy_hcd [ 189.760872][ T44] usb 5-1: Using ep0 maxpacket: 16 [ 189.917687][ T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 189.917735][ T44] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 189.917757][ T44] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 189.917810][ T44] usb 5-1: New USB device found, idVendor=0955, idProduct=7214, bcdDevice=ed.00 [ 189.917831][ T44] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 189.933985][ T44] usb 5-1: config 0 descriptor?? [ 190.491984][ T6536] netlink: 4 bytes leftover after parsing attributes in process `syz.1.186'. [ 190.741301][ T5895] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -ESHUTDOWN [ 190.744554][ T5895] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 190.746490][ T5895] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 190.748653][ T5895] shield 0003:0955:7214.0006: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 190.845448][ T6528] netlink: 4 bytes leftover after parsing attributes in process `syz.2.184'. [ 190.860509][ T1230] usb 1-1: reset high-speed USB device number 7 using dummy_hcd [ 191.285459][ T44] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 191.285479][ T44] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 191.285490][ T44] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 191.285500][ T44] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 191.285511][ T44] shield 0003:0955:7214.0007: unknown main item tag 0x0 [ 191.287834][ T44] input: HID 0955:7214 Haptics as /devices/virtual/input/input12 [ 193.269859][ T5804] usb 1-1: USB disconnect, device number 7 [ 195.004840][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 195.194696][ T44] shield 0003:0955:7214.0007: Registered Thunderstrike controller [ 195.195164][ T44] shield 0003:0955:7214.0007: : USB HID v0.00 Device [HID 0955:7214] on usb-dummy_hcd.4-1/input0 [ 195.251693][ T5882] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 195.252063][ T5882] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 195.252417][ T5882] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 195.252828][ T5882] shield 0003:0955:7214.0007: Failed to output Thunderstrike HOSTCMD request HID report due to -EPROTO [ 195.500639][ T1230] usb 2-1: new high-speed USB device number 13 using dummy_hcd [ 195.633490][ T44] usb 5-1: USB disconnect, device number 12 [ 195.663051][ T1230] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 195.663079][ T1230] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 195.663118][ T1230] usb 2-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 195.663141][ T1230] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 195.702161][ T6568] netlink: 40 bytes leftover after parsing attributes in process `syz.0.194'. [ 195.723677][ T1230] usb 2-1: config 0 descriptor?? [ 195.728809][ T6554] netlink: 'syz.4.191': attribute type 12 has an invalid length. [ 195.728831][ T6554] netlink: 'syz.4.191': attribute type 29 has an invalid length. [ 195.728844][ T6554] netlink: 148 bytes leftover after parsing attributes in process `syz.4.191'. [ 195.728866][ T6554] netlink: 'syz.4.191': attribute type 1 has an invalid length. [ 195.728876][ T6554] netlink: 'syz.4.191': attribute type 1 has an invalid length. [ 195.756338][ T6571] ucma_write: process 121 (syz.0.194) changed security contexts after opening file descriptor, this is not allowed. [ 195.880172][ T6570] netlink: 12 bytes leftover after parsing attributes in process `syz.3.195'. [ 195.940953][ T5890] usb 2-1: USB disconnect, device number 13 [ 196.890270][ T6586] netlink: 4 bytes leftover after parsing attributes in process `syz.0.199'. [ 196.970511][ T5890] usb 4-1: new high-speed USB device number 9 using dummy_hcd [ 197.155071][ T5890] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 197.155092][ T5890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 197.336038][ T5890] usb 4-1: config 0 descriptor?? [ 197.950740][ T6590] FAULT_INJECTION: forcing a failure. [ 197.950740][ T6590] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 197.950770][ T6590] CPU: 0 UID: 0 PID: 6590 Comm: syz.4.201 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 197.950787][ T6590] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 197.950795][ T6590] Call Trace: [ 197.950802][ T6590] [ 197.950809][ T6590] dump_stack_lvl+0x189/0x250 [ 197.950835][ T6590] ? __pfx____ratelimit+0x10/0x10 [ 197.950852][ T6590] ? __pfx_dump_stack_lvl+0x10/0x10 [ 197.950865][ T6590] ? __pfx__printk+0x10/0x10 [ 197.950876][ T6590] ? __might_fault+0xb0/0x130 [ 197.950893][ T6590] should_fail_ex+0x46c/0x600 [ 197.950908][ T6590] _copy_from_user+0x2d/0xb0 [ 197.950918][ T6590] snd_pcm_oss_write+0x855/0x11a0 [ 197.950932][ T6590] ? get_pid_task+0x20/0x1f0 [ 197.950953][ T6590] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 197.950965][ T6590] ? do_raw_spin_lock+0x121/0x290 [ 197.950978][ T6590] ? rw_verify_area+0x25b/0x4e0 [ 197.950988][ T6590] ? __lock_acquire+0xab9/0xd20 [ 197.950998][ T6590] ? __pfx_snd_pcm_oss_write+0x10/0x10 [ 197.951012][ T6590] vfs_write+0x287/0xb40 [ 197.951027][ T6590] ? __pfx_vfs_write+0x10/0x10 [ 197.951038][ T6590] ? __fget_files+0x2a/0x420 [ 197.951053][ T6590] ? __fget_files+0x2a/0x420 [ 197.951063][ T6590] ? __fget_files+0x3a6/0x420 [ 197.951074][ T6590] ? __fget_files+0x2a/0x420 [ 197.951090][ T6590] ksys_write+0x14b/0x260 [ 197.951102][ T6590] ? __pfx_ksys_write+0x10/0x10 [ 197.951115][ T6590] ? do_syscall_64+0xbe/0xfa0 [ 197.951128][ T6590] do_syscall_64+0xfa/0xfa0 [ 197.951138][ T6590] ? lockdep_hardirqs_on+0x9c/0x150 [ 197.951149][ T6590] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.951157][ T6590] ? clear_bhb_loop+0x60/0xb0 [ 197.951168][ T6590] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 197.951176][ T6590] RIP: 0033:0x7f09849eefc9 [ 197.951186][ T6590] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 197.951193][ T6590] RSP: 002b:00007f0982c4e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 197.951204][ T6590] RAX: ffffffffffffffda RBX: 00007f0984c45fa0 RCX: 00007f09849eefc9 [ 197.951210][ T6590] RDX: 0000000000004000 RSI: 00002000000012c0 RDI: 0000000000000005 [ 197.951215][ T6590] RBP: 00007f0982c4e090 R08: 0000000000000000 R09: 0000000000000000 [ 197.951221][ T6590] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 197.951226][ T6590] R13: 00007f0984c46038 R14: 00007f0984c45fa0 R15: 00007ffd68a7bb38 [ 197.951241][ T6590] [ 198.996296][ T5890] usb 4-1: Cannot set autoneg [ 198.996624][ T5890] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -61 [ 199.745179][ T1230] usb 4-1: USB disconnect, device number 9 [ 199.794869][ T6613] netlink: 12 bytes leftover after parsing attributes in process `syz.1.207'. [ 200.045276][ T6620] input: syz1 as /devices/virtual/input/input13 [ 201.065396][ T6613] veth3: entered promiscuous mode [ 201.065425][ T6613] veth3: entered allmulticast mode [ 201.150608][ T5890] usb 2-1: new high-speed USB device number 14 using dummy_hcd [ 201.300609][ T5890] usb 2-1: Using ep0 maxpacket: 8 [ 201.303409][ T5890] usb 2-1: config 1 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 201.303445][ T5890] usb 2-1: config 1 interface 0 altsetting 10 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 201.303471][ T5890] usb 2-1: config 1 interface 0 has no altsetting 0 [ 201.306749][ T5890] usb 2-1: New USB device found, idVendor=054c, idProduct=1000, bcdDevice= 0.40 [ 201.306779][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.306798][ T5890] usb 2-1: Product: 鮠濻뀯츺䝪켻顩狀펊昃⿿ܹ囹⛑斧僛鰻俶厌☓뎖⇏麋짘⊶ᝂ똓ﴝ쌴琴Ꞽ⹎䲎휹೬胤Ḟ柆總鋄㖃毐솚䖪೬釭㔅ힴ⡘㤒匠郪窞 [ 201.306822][ T5890] usb 2-1: Manufacturer: 凌 [ 201.306836][ T5890] usb 2-1: SerialNumber: 㐁 [ 201.650012][ T5890] usbhid 2-1:1.0: can't add hid device: -71 [ 201.650084][ T5890] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 201.669393][ T5890] usb 2-1: USB disconnect, device number 14 [ 201.681720][ T1230] usb 4-1: new high-speed USB device number 10 using dummy_hcd [ 201.830556][ T1230] usb 4-1: Using ep0 maxpacket: 16 [ 201.834188][ T1230] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 201.836679][ T1230] usb 4-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 201.836699][ T1230] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 201.836710][ T1230] usb 4-1: Product: syz [ 201.836718][ T1230] usb 4-1: Manufacturer: syz [ 201.836726][ T1230] usb 4-1: SerialNumber: syz [ 201.886562][ T5869] usb 3-1: new high-speed USB device number 13 using dummy_hcd [ 201.889467][ T1230] usb 4-1: config 0 descriptor?? [ 201.893973][ T1230] dm9601 4-1:0.0: probe with driver dm9601 failed with error -22 [ 201.894704][ T1230] sr9700 4-1:0.0: probe with driver sr9700 failed with error -22 [ 202.032711][ T5869] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 202.032738][ T5869] usb 3-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 202.032761][ T5869] usb 3-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 202.032774][ T5869] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.035727][ T5869] usb 3-1: config 0 descriptor?? [ 202.095433][ T37] kauditd_printk_skb: 5 callbacks suppressed [ 202.095443][ T37] audit: type=1326 audit(1761815042.219:25): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6627 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f222389efc9 code=0x7ffc0000 [ 202.095661][ T37] audit: type=1326 audit(1761815042.219:26): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6627 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f222389efc9 code=0x7ffc0000 [ 202.095817][ T37] audit: type=1326 audit(1761815042.219:27): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6627 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f222389efc9 code=0x7ffc0000 [ 202.096156][ T37] audit: type=1326 audit(1761815042.219:28): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6627 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f222389efc9 code=0x7ffc0000 [ 202.096344][ T37] audit: type=1326 audit(1761815042.219:29): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6627 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f222389efc9 code=0x7ffc0000 [ 202.096486][ T37] audit: type=1326 audit(1761815042.219:30): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6627 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f222389d810 code=0x7ffc0000 [ 202.096785][ T37] audit: type=1326 audit(1761815042.219:31): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6627 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f222389efc9 code=0x7ffc0000 [ 202.096970][ T37] audit: type=1326 audit(1761815042.219:32): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6627 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f222389efc9 code=0x7ffc0000 [ 202.097093][ T37] audit: type=1326 audit(1761815042.219:33): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6627 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f222389efc9 code=0x7ffc0000 [ 202.097271][ T37] audit: type=1326 audit(1761815042.219:34): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=6627 comm="syz.3.212" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f222389efc9 code=0x7ffc0000 [ 202.243944][ T5890] usb 3-1: USB disconnect, device number 13 [ 202.286512][ T5789] usb 4-1: USB disconnect, device number 10 [ 202.700533][ T5804] usb 1-1: new high-speed USB device number 8 using dummy_hcd [ 202.740819][ T5789] usb 4-1: new high-speed USB device number 11 using dummy_hcd [ 202.824629][ T5890] usb 2-1: new full-speed USB device number 15 using dummy_hcd [ 202.873743][ T5804] usb 1-1: Using ep0 maxpacket: 8 [ 202.879220][ T5804] usb 1-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 202.879250][ T5804] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 202.879270][ T5804] usb 1-1: Product: syz [ 202.879284][ T5804] usb 1-1: Manufacturer: syz [ 202.879298][ T5804] usb 1-1: SerialNumber: syz [ 202.915693][ T5789] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 202.915722][ T5789] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 202.948892][ T5804] usb 1-1: config 0 descriptor?? [ 202.981364][ T5804] gspca_main: sonixj-2.14.0 probing 0c45:613e [ 202.988128][ T5890] usb 2-1: no configurations [ 202.988149][ T5890] usb 2-1: can't read configurations, error -22 [ 202.995090][ T5789] usb 4-1: config 0 descriptor?? [ 203.123557][ T5890] usb 2-1: new full-speed USB device number 16 using dummy_hcd [ 203.282190][ T5890] usb 2-1: no configurations [ 203.282212][ T5890] usb 2-1: can't read configurations, error -22 [ 203.288327][ T5890] usb usb2-port1: attempt power cycle [ 204.765696][ T5890] usb 2-1: new full-speed USB device number 17 using dummy_hcd [ 204.838472][ T5789] usb 4-1: Cannot set autoneg [ 204.838796][ T5789] MOSCHIP usb-ethernet driver 4-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 204.873066][ T5811] Bluetooth: hci4: command 0x0405 tx timeout [ 204.884610][ T5890] usb 2-1: no configurations [ 204.884632][ T5890] usb 2-1: can't read configurations, error -22 [ 204.905918][ T5789] usb 4-1: USB disconnect, device number 11 [ 205.032633][ T5890] usb 2-1: new full-speed USB device number 18 using dummy_hcd [ 205.052757][ T5890] usb 2-1: no configurations [ 205.052788][ T5890] usb 2-1: can't read configurations, error -22 [ 205.053219][ T5890] usb usb2-port1: unable to enumerate USB device [ 205.545081][ T6674] netlink: 12 bytes leftover after parsing attributes in process `syz.3.229'. [ 205.912227][ T5804] gspca_sonixj: reg_w1 err -71 [ 205.912344][ T5804] sonixj 1-1:0.0: probe with driver sonixj failed with error -71 [ 205.926532][ T5804] usb 1-1: USB disconnect, device number 8 [ 205.964029][ T6674] veth3: entered promiscuous mode [ 205.964058][ T6674] veth3: entered allmulticast mode [ 206.564433][ T6680] netlink: 12 bytes leftover after parsing attributes in process `syz.1.231'. [ 207.272122][ T5804] usb 1-1: new high-speed USB device number 9 using dummy_hcd [ 207.408690][ T6698] netlink: 4 bytes leftover after parsing attributes in process `syz.2.234'. [ 207.412814][ T5804] usb 1-1: device descriptor read/64, error -71 [ 208.222053][ T5804] usb 1-1: new high-speed USB device number 10 using dummy_hcd [ 209.266044][ T5804] usb 1-1: device descriptor read/64, error -71 [ 209.316771][ T6700] netlink: 4 bytes leftover after parsing attributes in process `syz.1.236'. [ 209.388301][ T5804] usb usb1-port1: attempt power cycle [ 209.680582][ T5869] usb 3-1: new high-speed USB device number 14 using dummy_hcd [ 209.846052][ T5869] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 209.846085][ T5869] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 209.854166][ T5869] usb 3-1: config 0 descriptor?? [ 209.931799][ T5804] usb usb1-port1: Cannot enable. Maybe the USB cable is bad? [ 210.096536][ T5804] usb 1-1: new full-speed USB device number 12 using dummy_hcd [ 210.128944][ T5804] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 210.128974][ T5804] usb 1-1: config 0 has no interfaces? [ 210.138541][ T5804] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 210.138624][ T5804] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 210.138643][ T5804] usb 1-1: Product: syz [ 210.138655][ T5804] usb 1-1: Manufacturer: syz [ 210.138667][ T5804] usb 1-1: SerialNumber: syz [ 210.671266][ T5804] usb 1-1: config 0 descriptor?? [ 211.252187][ T6720] netlink: 12 bytes leftover after parsing attributes in process `syz.1.243'. [ 211.401490][ T6720] veth3: entered promiscuous mode [ 211.401521][ T6720] veth3: entered allmulticast mode [ 211.420546][ T31] usb 5-1: new high-speed USB device number 13 using dummy_hcd [ 211.580685][ T5890] usb 2-1: new high-speed USB device number 19 using dummy_hcd [ 211.592566][ T6710] Bluetooth: hci3: command 0x0406 tx timeout [ 211.593399][ T5805] Bluetooth: hci0: command 0x0406 tx timeout [ 211.593432][ T5805] Bluetooth: hci2: command 0x0406 tx timeout [ 211.595088][ T5805] Bluetooth: hci1: command 0x0406 tx timeout [ 211.634042][ T31] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 211.634093][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 211.634120][ T31] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 211.634141][ T31] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 211.635701][ T31] usb 5-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 211.635729][ T31] usb 5-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 211.635749][ T31] usb 5-1: Manufacturer: syz [ 211.715719][ T31] usb 5-1: config 0 descriptor?? [ 211.810637][ T5890] usb 2-1: Using ep0 maxpacket: 8 [ 211.819073][ T5890] usb 2-1: config 1 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 211.819340][ T5890] usb 2-1: config 1 interface 0 altsetting 10 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 211.819358][ T5890] usb 2-1: config 1 interface 0 has no altsetting 0 [ 211.898583][ T5890] usb 2-1: New USB device found, idVendor=054c, idProduct=1000, bcdDevice= 0.40 [ 211.898676][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 211.898698][ T5890] usb 2-1: Product: 鮠濻뀯츺䝪켻顩狀펊昃⿿ܹ囹⛑斧僛鰻俶厌☓뎖⇏麋짘⊶ᝂ똓ﴝ쌴琴Ꞽ⹎䲎휹೬胤Ḟ柆總鋄㖃毐솚䖪೬釭㔅ힴ⡘㤒匠郪窞 [ 211.898720][ T5890] usb 2-1: Manufacturer: 凌 [ 211.898734][ T5890] usb 2-1: SerialNumber: 㐁 [ 211.924561][ T5869] usb 3-1: Cannot set autoneg [ 211.924859][ T5869] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -61 [ 212.273403][ T5890] usbhid 2-1:1.0: can't add hid device: -71 [ 212.274136][ T5890] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 212.305573][ T5890] usb 2-1: USB disconnect, device number 19 [ 212.418543][ T31] usbhid 5-1:0.0: can't add hid device: -71 [ 212.418684][ T31] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 212.437791][ T31] usb 5-1: USB disconnect, device number 13 [ 212.737682][ T31] usb 1-1: USB disconnect, device number 12 [ 212.916861][ T6735] 9pnet_fd: Insufficient options for proto=fd [ 213.087603][ T6741] netlink: 112 bytes leftover after parsing attributes in process `syz.1.247'. [ 213.596893][ T5804] usb 3-1: USB disconnect, device number 14 [ 213.809528][ T6750] FAULT_INJECTION: forcing a failure. [ 213.809528][ T6750] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 213.809563][ T6750] CPU: 0 UID: 0 PID: 6750 Comm: syz.3.249 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 213.809585][ T6750] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 213.809597][ T6750] Call Trace: [ 213.809605][ T6750] [ 213.809613][ T6750] dump_stack_lvl+0x189/0x250 [ 213.809649][ T6750] ? __pfx____ratelimit+0x10/0x10 [ 213.809674][ T6750] ? __pfx_dump_stack_lvl+0x10/0x10 [ 213.809704][ T6750] ? __pfx__printk+0x10/0x10 [ 213.809752][ T6750] should_fail_ex+0x46c/0x600 [ 213.809786][ T6750] _copy_to_user+0x31/0xb0 [ 213.809811][ T6750] drm_ioctl+0x6aa/0xb20 [ 213.809839][ T6750] ? __pfx_drm_mode_addfb2_ioctl+0x10/0x10 [ 213.809874][ T6750] ? __pfx_drm_ioctl+0x10/0x10 [ 213.809913][ T6750] ? __fget_files+0x3a6/0x420 [ 213.809939][ T6750] ? __fget_files+0x2a/0x420 [ 213.809971][ T6750] ? bpf_lsm_file_ioctl+0x9/0x20 [ 213.809991][ T6750] ? __pfx_drm_ioctl+0x10/0x10 [ 213.810013][ T6750] __se_sys_ioctl+0xff/0x170 [ 213.810040][ T6750] do_syscall_64+0xfa/0xfa0 [ 213.810067][ T6750] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.810087][ T6750] ? asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 213.810106][ T6750] ? clear_bhb_loop+0x60/0xb0 [ 213.810131][ T6750] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 213.810151][ T6750] RIP: 0033:0x7f222389efc9 [ 213.810169][ T6750] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 213.810185][ T6750] RSP: 002b:00007f2221b06038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 213.810207][ T6750] RAX: ffffffffffffffda RBX: 00007f2223af5fa0 RCX: 00007f222389efc9 [ 213.810221][ T6750] RDX: 00002000000001c0 RSI: 00000000c06864b8 RDI: 0000000000000003 [ 213.810234][ T6750] RBP: 00007f2221b06090 R08: 0000000000000000 R09: 0000000000000000 [ 213.810246][ T6750] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 213.810258][ T6750] R13: 00007f2223af6038 R14: 00007f2223af5fa0 R15: 00007fffcbd43088 [ 213.810293][ T6750] [ 213.829148][ T6751] mac80211_hwsim hwsim2 wlan0: entered promiscuous mode [ 213.829254][ T6751] mac80211_hwsim hwsim2 wlan0: entered allmulticast mode [ 213.958640][ T6752] binder: 6748:6752 ioctl c0306201 200000000080 returned -14 [ 214.120555][ T5804] usb 3-1: new high-speed USB device number 15 using dummy_hcd [ 214.265193][ T5804] usb 3-1: device descriptor read/64, error -71 [ 214.450651][ T5890] usb 2-1: new high-speed USB device number 20 using dummy_hcd [ 214.488029][ T6762] netlink: 36 bytes leftover after parsing attributes in process `syz.4.255'. [ 214.516861][ T5804] usb 3-1: new high-speed USB device number 16 using dummy_hcd [ 214.623655][ T5890] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 214.623686][ T5890] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 214.623725][ T5890] usb 2-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 214.623748][ T5890] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 214.630302][ T5890] usb 2-1: config 0 descriptor?? [ 214.651851][ T5804] usb 3-1: device descriptor read/64, error -71 [ 214.725084][ T5869] usb 4-1: new full-speed USB device number 12 using dummy_hcd [ 214.761156][ T5804] usb usb3-port1: attempt power cycle [ 214.889540][ T31] usb 2-1: USB disconnect, device number 20 [ 214.970584][ C0] vkms_vblank_simulate: vblank timer overrun [ 214.993328][ T5869] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 214.993346][ T5869] usb 4-1: config 0 has no interfaces? [ 214.995612][ T5869] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 214.995635][ T5869] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 214.995651][ T5869] usb 4-1: Product: syz [ 214.995660][ T5869] usb 4-1: Manufacturer: syz [ 214.995668][ T5869] usb 4-1: SerialNumber: syz [ 214.998497][ T5869] usb 4-1: config 0 descriptor?? [ 215.053656][ T5890] usb 5-1: new high-speed USB device number 14 using dummy_hcd [ 215.500390][ C0] vkms_vblank_simulate: vblank timer overrun [ 215.760587][ T5804] usb 3-1: new high-speed USB device number 17 using dummy_hcd [ 215.781350][ T5804] usb 3-1: device descriptor read/8, error -71 [ 216.026952][ T5804] usb 3-1: new high-speed USB device number 18 using dummy_hcd [ 216.036515][ T5890] usb 5-1: New USB device found, idVendor=0af0, idProduct=7a05, bcdDevice=f6.00 [ 216.036544][ T5890] usb 5-1: New USB device strings: Mfr=0, Product=2, SerialNumber=3 [ 216.036561][ T5890] usb 5-1: Product: syz [ 216.036574][ T5890] usb 5-1: SerialNumber: syz [ 216.055885][ T5890] usb 5-1: config 0 descriptor?? [ 216.057349][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.057361][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.057554][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.057563][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.057656][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.057664][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.057791][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.057799][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.069391][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.069405][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.069580][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.069594][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.072277][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.072286][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.072447][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.072456][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.072769][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.072777][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.073252][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.073260][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.074385][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.074394][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.074741][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.074749][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.075866][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.075874][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.076512][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.076521][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.077156][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.077164][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.077971][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.077980][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.078598][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.078607][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.079814][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.079823][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.080809][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.080818][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.081931][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.081940][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.083243][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.083252][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.085914][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.085923][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.087601][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.087612][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.088093][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.088101][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.088898][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.088907][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.091867][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.092961][ T5804] usb 3-1: device descriptor read/8, error -71 [ 216.093229][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.094359][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.094367][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.095881][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.095897][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.096722][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.096730][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.098755][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.098765][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.100202][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.100211][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.101496][ T6779] binder: BINDER_SET_CONTEXT_MGR already set [ 216.101505][ T6779] binder: 6778:6779 ioctl 4018620d 2000000000c0 returned -16 [ 216.124278][ T5789] usb 4-1: USB disconnect, device number 12 [ 216.140548][ T6782] binder: BINDER_SET_CONTEXT_MGR already set [ 216.140562][ T6782] binder: 6778:6782 ioctl 4018620d 200000000040 returned -16 [ 216.210549][ T5804] usb usb3-port1: unable to enumerate USB device [ 216.287176][ T5890] hso 5-1:0.0: Failed to find BULK IN ep [ 217.090834][ T5869] usb 4-1: new high-speed USB device number 13 using dummy_hcd [ 217.127053][ T6817] netlink: 36 bytes leftover after parsing attributes in process `syz.0.278'. [ 217.221275][ T5804] usb 3-1: new high-speed USB device number 19 using dummy_hcd [ 217.227051][ T6823] netlink: 4 bytes leftover after parsing attributes in process `syz.0.281'. [ 217.254858][ T6823] netlink: 4 bytes leftover after parsing attributes in process `syz.0.281'. [ 217.255646][ T5869] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 217.255671][ T5869] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 217.255710][ T5869] usb 4-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 217.255741][ T5869] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.307852][ T5869] usb 4-1: config 0 descriptor?? [ 217.392689][ T5804] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 217.392722][ T5804] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 217.399530][ T5804] usb 3-1: config 0 descriptor?? [ 217.440560][ T5869] usb 2-1: new high-speed USB device number 21 using dummy_hcd [ 217.521318][ T6017] usb 4-1: USB disconnect, device number 13 [ 217.590660][ T5869] usb 2-1: Using ep0 maxpacket: 32 [ 217.594486][ T5869] usb 2-1: config 0 has an invalid interface number: 67 but max is 0 [ 217.594515][ T5869] usb 2-1: config 0 has no interface number 0 [ 217.686280][ C0] vkms_vblank_simulate: vblank timer overrun [ 217.698519][ T5869] usb 2-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 217.698583][ T5869] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 217.698595][ T5869] usb 2-1: Product: syz [ 217.698603][ T5869] usb 2-1: Manufacturer: syz [ 217.698611][ T5869] usb 2-1: SerialNumber: syz [ 217.737573][ T5869] usb 2-1: config 0 descriptor?? [ 218.495091][ C0] vkms_vblank_simulate: vblank timer overrun [ 218.692122][ T5869] smsc95xx v2.0.0 [ 218.768833][ C0] vkms_vblank_simulate: vblank timer overrun [ 218.772126][ T5869] smsc95xx 2-1:0.67 (unnamed net_device) (uninitialized): usbnet_get_endpoints failed: -71 [ 218.772377][ T5869] smsc95xx 2-1:0.67: probe with driver smsc95xx failed with error -71 [ 218.786285][ T5869] usb 2-1: USB disconnect, device number 21 [ 218.807231][ T5789] usb 5-1: USB disconnect, device number 14 [ 218.830590][ C0] vkms_vblank_simulate: vblank timer overrun [ 219.970611][ T6017] usb 4-1: new high-speed USB device number 14 using dummy_hcd [ 220.158199][ T6017] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 220.158229][ T6017] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 220.158331][ T6017] usb 4-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 220.158365][ T6017] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 220.240910][ T6017] usb 4-1: config 0 descriptor?? [ 220.482829][ T6017] usb 4-1: USB disconnect, device number 14 [ 220.611256][ T5119] Bluetooth: hci1: unexpected event for opcode 0x0c6d [ 221.083145][ T5804] usb 3-1: Cannot set autoneg [ 221.083476][ T5804] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -32 [ 221.119422][ T6885] netlink: 68 bytes leftover after parsing attributes in process `syz.3.304'. [ 222.410596][ T5804] usb 1-1: new high-speed USB device number 13 using dummy_hcd [ 222.423026][ T6017] usb 3-1: USB disconnect, device number 19 [ 222.550006][ T5804] usb 1-1: device descriptor read/64, error -71 [ 222.792167][ T5804] usb 1-1: new high-speed USB device number 14 using dummy_hcd [ 222.922913][ T5804] usb 1-1: device descriptor read/64, error -71 [ 223.033786][ T5804] usb usb1-port1: attempt power cycle [ 223.290514][ T5890] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 223.290526][ T6017] usb 3-1: new high-speed USB device number 20 using dummy_hcd [ 223.373139][ T5804] usb 1-1: new high-speed USB device number 15 using dummy_hcd [ 223.401379][ T5804] usb 1-1: device descriptor read/8, error -71 [ 223.443048][ T5890] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 223.443076][ T5890] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 223.443265][ T5890] usb 4-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 223.443290][ T5890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.455666][ T6017] usb 3-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 223.455694][ T6017] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 223.527207][ T5890] usb 4-1: config 0 descriptor?? [ 223.534236][ T6017] usb 3-1: config 0 descriptor?? [ 223.660625][ T5804] usb 1-1: new high-speed USB device number 16 using dummy_hcd [ 223.683849][ T5804] usb 1-1: device descriptor read/8, error -71 [ 223.732505][ T5890] usb 4-1: USB disconnect, device number 15 [ 223.791482][ T5804] usb usb1-port1: unable to enumerate USB device [ 224.660978][ T5804] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 224.822704][ T5804] usb 4-1: Using ep0 maxpacket: 32 [ 224.823959][ T5804] usb 4-1: no configurations [ 224.823975][ T5804] usb 4-1: can't read configurations, error -22 [ 224.950680][ T5804] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 225.114882][ T5804] usb 4-1: Using ep0 maxpacket: 32 [ 225.118460][ T5804] usb 4-1: no configurations [ 225.118480][ T5804] usb 4-1: can't read configurations, error -22 [ 225.119069][ T5804] usb usb4-port1: attempt power cycle [ 225.650571][ T5804] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 225.674949][ T5804] usb 4-1: Using ep0 maxpacket: 32 [ 225.676711][ T5804] usb 4-1: no configurations [ 225.676728][ T5804] usb 4-1: can't read configurations, error -22 [ 225.830750][ T5804] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 225.853722][ T5804] usb 4-1: Using ep0 maxpacket: 32 [ 225.855434][ T5804] usb 4-1: no configurations [ 225.855450][ T5804] usb 4-1: can't read configurations, error -22 [ 225.857682][ T5804] usb usb4-port1: unable to enumerate USB device [ 225.943400][ T6017] usb 3-1: Cannot set autoneg [ 225.943716][ T6017] MOSCHIP usb-ethernet driver 3-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -32 [ 226.280551][ T5804] usb 5-1: new high-speed USB device number 15 using dummy_hcd [ 226.434765][ T5804] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 226.434794][ T5804] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 226.434834][ T5804] usb 5-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 226.434856][ T5804] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 226.451970][ T5804] usb 5-1: config 0 descriptor?? [ 226.658297][ T5789] usb 5-1: USB disconnect, device number 15 [ 226.997547][ T10] usb 3-1: USB disconnect, device number 20 [ 227.107978][ T7040] netlink: 36 bytes leftover after parsing attributes in process `syz.2.376'. [ 227.112353][ T7040] netlink: 8 bytes leftover after parsing attributes in process `syz.2.376'. [ 227.264602][ T7045] netlink: 60 bytes leftover after parsing attributes in process `syz.2.379'. [ 227.359829][ C0] vkms_vblank_simulate: vblank timer overrun [ 227.920599][ T10] usb 1-1: new high-speed USB device number 17 using dummy_hcd [ 228.150567][ T5890] usb 5-1: new low-speed USB device number 16 using dummy_hcd [ 228.261696][ T10] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 228.261728][ T10] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.289380][ T10] usb 1-1: config 0 descriptor?? [ 228.454452][ T5890] usb 5-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 228.454485][ T5890] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.463338][ T5890] usb 5-1: config 0 descriptor?? [ 228.740563][ T31] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 228.913701][ T31] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 228.913804][ T31] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 228.913843][ T31] usb 4-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 228.913857][ T31] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 228.924776][ T31] usb 4-1: config 0 descriptor?? [ 229.105361][ T5890] asix 5-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 229.105641][ T5890] asix 5-1:0.0: probe with driver asix failed with error -32 [ 229.113255][ T5890] usb 5-1: USB disconnect, device number 16 [ 229.137977][ T31] usb 4-1: USB disconnect, device number 20 [ 230.782236][ T10] usb 1-1: Cannot set autoneg [ 230.782496][ T10] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -32 [ 230.997851][ C0] vkms_vblank_simulate: vblank timer overrun [ 231.108059][ C0] vkms_vblank_simulate: vblank timer overrun [ 231.543295][ T7109] netlink: 4 bytes leftover after parsing attributes in process `syz.4.402'. [ 231.732977][ T7111] netlink: 12 bytes leftover after parsing attributes in process `syz.4.404'. [ 231.957992][ T5804] usb 1-1: USB disconnect, device number 17 [ 231.982241][ T7111] veth3: entered promiscuous mode [ 231.982270][ T7111] veth3: entered allmulticast mode [ 232.050504][ T31] usb 5-1: new high-speed USB device number 17 using dummy_hcd [ 232.150532][ T10] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 232.310800][ T6017] usb 3-1: new low-speed USB device number 21 using dummy_hcd [ 232.313608][ T10] usb 4-1: Using ep0 maxpacket: 32 [ 232.316116][ T10] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 232.316141][ T10] usb 4-1: config 0 has no interfaces? [ 232.319856][ T10] usb 4-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 232.319884][ T10] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 232.319903][ T10] usb 4-1: Product: syz [ 232.319918][ T10] usb 4-1: Manufacturer: syz [ 232.319932][ T10] usb 4-1: SerialNumber: syz [ 232.479381][ T31] usb 5-1: Using ep0 maxpacket: 8 [ 232.571048][ T7125] FAULT_INJECTION: forcing a failure. [ 232.571048][ T7125] name failslab, interval 1, probability 0, space 0, times 0 [ 232.571123][ T7125] CPU: 1 UID: 0 PID: 7125 Comm: syz.1.407 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 232.571146][ T7125] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 232.571157][ T7125] Call Trace: [ 232.571165][ T7125] [ 232.571174][ T7125] dump_stack_lvl+0x189/0x250 [ 232.571211][ T7125] ? __pfx____ratelimit+0x10/0x10 [ 232.571237][ T7125] ? __pfx_dump_stack_lvl+0x10/0x10 [ 232.571266][ T7125] ? __pfx__printk+0x10/0x10 [ 232.571290][ T7125] ? irqentry_exit+0x74/0x90 [ 232.571315][ T7125] ? lockdep_hardirqs_on+0x9c/0x150 [ 232.571341][ T7125] ? __pfx___might_resched+0x10/0x10 [ 232.571369][ T7125] should_fail_ex+0x46c/0x600 [ 232.571403][ T7125] should_failslab+0xa8/0x100 [ 232.571434][ T7125] __kmalloc_noprof+0xcc/0x7d0 [ 232.571459][ T7125] ? lockdep_hardirqs_on+0x9c/0x150 [ 232.571482][ T7125] ? kobject_get_path+0xc5/0x2d0 [ 232.571516][ T7125] kobject_get_path+0xc5/0x2d0 [ 232.571541][ T7125] ? input_devices_seq_show+0x58a/0x640 [ 232.571650][ T7125] input_devices_seq_show+0x38/0x640 [ 232.571685][ T7125] traverse+0x1ee/0x580 [ 232.571726][ T7125] seq_read_iter+0xd09/0xe20 [ 232.571748][ T7125] ? __pfx___schedule+0x10/0x10 [ 232.571782][ T7125] ? __asan_memset+0x22/0x50 [ 232.571813][ T7125] seq_read+0x36c/0x480 [ 232.571832][ T7125] ? rcu_is_watching+0x15/0xb0 [ 232.571862][ T7125] ? __pfx_seq_read+0x10/0x10 [ 232.571907][ T7125] ? __pfx_seq_read+0x10/0x10 [ 232.571926][ T7125] proc_reg_read+0x1f6/0x2f0 [ 232.571957][ T7125] vfs_readv+0x5b3/0x850 [ 232.571988][ T7125] ? __pfx_proc_reg_read+0x10/0x10 [ 232.572016][ T7125] ? __pfx_vfs_readv+0x10/0x10 [ 232.572064][ T7125] ? __fget_files+0x2a/0x420 [ 232.572098][ T7125] ? __fget_files+0x3a6/0x420 [ 232.572123][ T7125] ? __fget_files+0x2a/0x420 [ 232.572162][ T7125] __x64_sys_preadv+0x19a/0x2a0 [ 232.572192][ T7125] ? __pfx___x64_sys_preadv+0x10/0x10 [ 232.572232][ T7125] do_syscall_64+0xfa/0xfa0 [ 232.572260][ T7125] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.572279][ T7125] ? asm_sysvec_reschedule_ipi+0x1a/0x20 [ 232.572298][ T7125] ? clear_bhb_loop+0x60/0xb0 [ 232.572322][ T7125] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 232.572342][ T7125] RIP: 0033:0x7f9c0b0defc9 [ 232.572360][ T7125] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 232.572377][ T7125] RSP: 002b:00007f9c092fc038 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 232.572400][ T7125] RAX: ffffffffffffffda RBX: 00007f9c0b336180 RCX: 00007f9c0b0defc9 [ 232.572414][ T7125] RDX: 0000000000000001 RSI: 0000200000003780 RDI: 0000000000000006 [ 232.572427][ T7125] RBP: 00007f9c092fc090 R08: 0000000000000000 R09: 0000000000000000 [ 232.572439][ T7125] R10: 000000000000ffff R11: 0000000000000246 R12: 0000000000000001 [ 232.572451][ T7125] R13: 00007f9c0b336218 R14: 00007f9c0b336180 R15: 00007ffcda038388 [ 232.572489][ T7125] [ 232.992992][ T31] usb 5-1: config 1 interface 0 altsetting 10 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 232.993027][ T31] usb 5-1: config 1 interface 0 altsetting 10 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 232.993053][ T31] usb 5-1: config 1 interface 0 has no altsetting 0 [ 233.001030][ T31] usb 5-1: New USB device found, idVendor=054c, idProduct=1000, bcdDevice= 0.40 [ 233.001062][ T31] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 233.001082][ T31] usb 5-1: Product: 鮠濻뀯츺䝪켻顩狀펊昃⿿ܹ囹⛑斧僛鰻俶厌☓뎖⇏麋짘⊶ᝂ똓ﴝ쌴琴Ꞽ⹎䲎휹೬胤Ḟ柆總鋄㖃毐솚䖪೬釭㔅ힴ⡘㤒匠郪窞 [ 233.001105][ T31] usb 5-1: Manufacturer: 凌 [ 233.001120][ T31] usb 5-1: SerialNumber: 㐁 [ 233.378334][ T5804] usb 1-1: new high-speed USB device number 18 using dummy_hcd [ 233.381797][ T10] usb 4-1: config 0 descriptor?? [ 233.392922][ T6017] usb 3-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 233.392953][ T6017] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.401869][ T6017] usb 3-1: config 0 descriptor?? [ 233.557932][ T5804] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 233.557958][ T5804] usb 1-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 233.558071][ T5804] usb 1-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 233.558095][ T5804] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 233.720291][ T5804] usb 1-1: config 0 descriptor?? [ 233.979203][ T5804] usb 1-1: USB disconnect, device number 18 [ 234.124268][ T6017] asix 3-1:0.0 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 234.124560][ T6017] asix 3-1:0.0: probe with driver asix failed with error -32 [ 234.212459][ T6017] usb 3-1: USB disconnect, device number 21 [ 234.385135][ T5804] usb 4-1: USB disconnect, device number 21 [ 234.619888][ T31] usbhid 5-1:1.0: can't add hid device: -71 [ 234.620029][ T31] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 234.645818][ T31] usb 5-1: USB disconnect, device number 17 [ 234.720247][ T7136] fuse: Bad value for 'rootmode' [ 235.098042][ T37] kauditd_printk_skb: 23 callbacks suppressed [ 235.098063][ T37] audit: type=1326 audit(1761815075.219:58): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7152 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 235.098117][ T37] audit: type=1326 audit(1761815075.219:59): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7152 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=13 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 235.098164][ T37] audit: type=1326 audit(1761815075.219:60): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7152 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 235.098211][ T37] audit: type=1326 audit(1761815075.219:61): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7152 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 235.098256][ T37] audit: type=1326 audit(1761815075.219:62): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7152 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 235.098302][ T37] audit: type=1326 audit(1761815075.219:63): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7152 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=157 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 235.098346][ T37] audit: type=1326 audit(1761815075.219:64): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7152 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 235.098389][ T37] audit: type=1326 audit(1761815075.219:65): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7152 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=288 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 235.098433][ T37] audit: type=1326 audit(1761815075.219:66): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7152 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 235.098478][ T37] audit: type=1326 audit(1761815075.219:67): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7152 comm="syz.2.421" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7f9b0335efc9 code=0x7ffc0000 [ 235.104431][ T7154] netlink: 36 bytes leftover after parsing attributes in process `syz.2.421'. [ 235.970596][ T5804] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 236.104914][ T10] usb 5-1: new high-speed USB device number 18 using dummy_hcd [ 237.286052][ T5804] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 237.286082][ T5804] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 237.286122][ T5804] usb 4-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 237.286146][ T5804] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.346540][ T5804] usb 4-1: config 0 descriptor?? [ 237.444374][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 237.444412][ T10] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 237.444453][ T10] usb 5-1: New USB device found, idVendor=10c4, idProduct=ea90, bcdDevice= 0.00 [ 237.444478][ T10] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 237.490908][ T10] usb 5-1: config 0 descriptor?? [ 237.500599][ T5804] usb 3-1: new full-speed USB device number 22 using dummy_hcd [ 237.566432][ T31] usb 4-1: USB disconnect, device number 22 [ 237.654443][ T5804] usb 3-1: config 0 has an invalid interface number: 45 but max is 0 [ 237.654475][ T5804] usb 3-1: config 0 has no interface number 0 [ 237.655119][ T5804] usb 3-1: config 0 interface 45 altsetting 0 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 237.660099][ T5804] usb 3-1: New USB device found, idVendor=0ab4, idProduct=0011, bcdDevice=60.16 [ 237.696690][ T5804] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 237.696718][ T5804] usb 3-1: Product: syz [ 237.696841][ T5804] usb 3-1: Manufacturer: syz [ 237.696858][ T5804] usb 3-1: SerialNumber: syz [ 237.739334][ T5804] usb 3-1: config 0 descriptor?? [ 237.914506][ T10] cp2112 0003:10C4:EA90.0008: item fetching failed at offset 5/7 [ 237.917661][ T10] cp2112 0003:10C4:EA90.0008: parse failed [ 237.917897][ T10] cp2112 0003:10C4:EA90.0008: probe with driver cp2112 failed with error -22 [ 238.010592][ T6017] usb 1-1: new high-speed USB device number 19 using dummy_hcd [ 238.116677][ T10] usb 5-1: USB disconnect, device number 18 [ 238.174038][ T6017] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 238.174139][ T6017] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 238.211922][ T6017] usb 1-1: config 0 descriptor?? [ 239.216831][ T5804] esd_usb 3-1:0.45: sending version message failed [ 239.217005][ T5804] esd_usb 3-1:0.45: probe with driver esd_usb failed with error -8 [ 239.529310][ T5804] usb 3-1: USB disconnect, device number 22 [ 240.832379][ T6017] usb 1-1: Cannot set autoneg [ 240.832711][ T6017] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 241.331174][ T6017] usb 1-1: USB disconnect, device number 19 [ 241.354172][ T7223] netlink: 4 bytes leftover after parsing attributes in process `syz.4.445'. [ 241.555243][ T7234] FAULT_INJECTION: forcing a failure. [ 241.555243][ T7234] name failslab, interval 1, probability 0, space 0, times 0 [ 241.555283][ T7234] CPU: 0 UID: 0 PID: 7234 Comm: syz.1.451 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 241.555307][ T7234] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 241.555330][ T7234] Call Trace: [ 241.555339][ T7234] [ 241.555348][ T7234] dump_stack_lvl+0x189/0x250 [ 241.555383][ T7234] ? __pfx____ratelimit+0x10/0x10 [ 241.555409][ T7234] ? __pfx_dump_stack_lvl+0x10/0x10 [ 241.555440][ T7234] ? __pfx__printk+0x10/0x10 [ 241.555474][ T7234] ? __pfx___might_resched+0x10/0x10 [ 241.555499][ T7234] ? fs_reclaim_acquire+0x7d/0x100 [ 241.555535][ T7234] should_fail_ex+0x46c/0x600 [ 241.555570][ T7234] should_failslab+0xa8/0x100 [ 241.555601][ T7234] __kmalloc_noprof+0xcc/0x7d0 [ 241.555628][ T7234] ? rcu_is_watching+0x15/0xb0 [ 241.555646][ T7234] ? security_sk_alloc+0x52/0x390 [ 241.555676][ T7234] ? sk_prot_alloc+0x57/0x220 [ 241.555703][ T7234] security_sk_alloc+0x52/0x390 [ 241.555739][ T7234] sk_prot_alloc+0x101/0x220 [ 241.555767][ T7234] sk_alloc+0x3a/0x370 [ 241.555797][ T7234] inet_create+0x7a0/0x1010 [ 241.555830][ T7234] ? inet_create+0x9c/0x1010 [ 241.555866][ T7234] __sock_create+0x4b3/0x9f0 [ 241.555910][ T7234] udp_sock_create4+0xbe/0x4b0 [ 241.555943][ T7234] ? __pfx_udp_sock_create4+0x10/0x10 [ 241.555990][ T7234] rxrpc_lookup_local+0xd4e/0x14d0 [ 241.556032][ T7234] ? __pfx_rxrpc_lookup_local+0x10/0x10 [ 241.556060][ T7234] ? __local_bh_enable_ip+0x1f4/0x2e0 [ 241.556095][ T7234] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 241.556131][ T7234] ? rt_spin_unlock+0x161/0x200 [ 241.556154][ T7234] ? lock_sock_nested+0x5f/0x130 [ 241.556183][ T7234] ? lock_sock_nested+0xdd/0x130 [ 241.556216][ T7234] rxrpc_sendmsg+0x399/0x710 [ 241.556249][ T7234] ? __pfx_rxrpc_sendmsg+0x10/0x10 [ 241.556278][ T7234] __sock_sendmsg+0x21c/0x270 [ 241.556312][ T7234] sock_write_iter+0x27f/0x370 [ 241.556352][ T7234] ? __pfx_sock_write_iter+0x10/0x10 [ 241.556394][ T7234] ? io_rw_init_file+0x7ad/0xb80 [ 241.556427][ T7234] ? rw_verify_area+0x25b/0x4e0 [ 241.556453][ T7234] ? __pfx_sock_write_iter+0x10/0x10 [ 241.556479][ T7234] io_write+0xb42/0x1710 [ 241.556523][ T7234] ? __pfx_io_write+0x10/0x10 [ 241.556556][ T7234] ? __fget_files+0x2a/0x420 [ 241.556581][ T7234] ? __fget_files+0x3a6/0x420 [ 241.556615][ T7234] __io_issue_sqe+0x181/0x4b0 [ 241.556643][ T7234] ? io_file_get_normal+0x104/0x300 [ 241.556674][ T7234] io_issue_sqe+0x165/0x1060 [ 241.556703][ T7234] ? __asan_memset+0x22/0x50 [ 241.556733][ T7234] io_submit_sqes+0xa54/0x1e60 [ 241.556801][ T7234] __se_sys_io_uring_enter+0x2db/0x2b70 [ 241.556844][ T7234] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 241.556872][ T7234] ? lockdep_hardirqs_on+0x9c/0x150 [ 241.556899][ T7234] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 241.556926][ T7234] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 241.556959][ T7234] ? __pfx___se_sys_io_uring_enter+0x10/0x10 [ 241.556985][ T7234] ? try_to_take_rt_mutex+0x7fd/0xac0 [ 241.557011][ T7234] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 241.557034][ T7234] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 241.557069][ T7234] ? fput+0xa0/0xd0 [ 241.557089][ T7234] ? ksys_write+0x230/0x260 [ 241.557116][ T7234] ? __pfx_ksys_write+0x10/0x10 [ 241.557147][ T7234] ? __x64_sys_io_uring_enter+0x21/0xf0 [ 241.557179][ T7234] do_syscall_64+0xfa/0xfa0 [ 241.557204][ T7234] ? lockdep_hardirqs_on+0x9c/0x150 [ 241.557230][ T7234] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.557252][ T7234] ? clear_bhb_loop+0x60/0xb0 [ 241.557278][ T7234] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 241.557298][ T7234] RIP: 0033:0x7f9c0b0defc9 [ 241.557326][ T7234] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 241.557345][ T7234] RSP: 002b:00007f9c0933e038 EFLAGS: 00000246 ORIG_RAX: 00000000000001aa [ 241.557369][ T7234] RAX: ffffffffffffffda RBX: 00007f9c0b335fa0 RCX: 00007f9c0b0defc9 [ 241.557384][ T7234] RDX: 0000000000000000 RSI: 0000000080003519 RDI: 0000000000000004 [ 241.557397][ T7234] RBP: 00007f9c0933e090 R08: 0000000000000000 R09: 0000000000000000 [ 241.557410][ T7234] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 241.557422][ T7234] R13: 00007f9c0b336038 R14: 00007f9c0b335fa0 R15: 00007ffcda038388 [ 241.557461][ T7234] [ 241.625022][ T7235] tipc: Enabling of bearer rejected, failed to enable media [ 241.626028][ T7233] tipc: Enabling of bearer rejected, failed to enable media [ 241.682054][ T7232] netlink: 16 bytes leftover after parsing attributes in process `syz.2.449'. [ 243.044048][ T7262] FAULT_INJECTION: forcing a failure. [ 243.044048][ T7262] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 243.044086][ T7262] CPU: 1 UID: 0 PID: 7262 Comm: syz.1.461 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 243.044109][ T7262] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 243.044122][ T7262] Call Trace: [ 243.044130][ T7262] [ 243.044138][ T7262] dump_stack_lvl+0x189/0x250 [ 243.044174][ T7262] ? __pfx____ratelimit+0x10/0x10 [ 243.044201][ T7262] ? __pfx_dump_stack_lvl+0x10/0x10 [ 243.044232][ T7262] ? __pfx__printk+0x10/0x10 [ 243.044257][ T7262] ? __might_fault+0xb0/0x130 [ 243.044310][ T7262] should_fail_ex+0x46c/0x600 [ 243.044344][ T7262] _copy_from_user+0x2d/0xb0 [ 243.044369][ T7262] drm_mode_atomic_ioctl+0x6bd/0xcb0 [ 243.044420][ T7262] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 243.044473][ T7262] ? rt_spin_unlock+0x150/0x200 [ 243.044501][ T7262] ? rt_spin_unlock+0x161/0x200 [ 243.044524][ T7262] ? drm_is_current_master+0x1a2/0x210 [ 243.044559][ T7262] drm_ioctl_kernel+0x2d2/0x3a0 [ 243.044584][ T7262] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 243.044615][ T7262] ? __pfx_drm_ioctl_kernel+0x10/0x10 [ 243.044651][ T7262] drm_ioctl+0x685/0xb20 [ 243.044688][ T7262] ? __pfx_drm_mode_atomic_ioctl+0x10/0x10 [ 243.044726][ T7262] ? __pfx_drm_ioctl+0x10/0x10 [ 243.044766][ T7262] ? __fget_files+0x3a6/0x420 [ 243.044793][ T7262] ? __fget_files+0x2a/0x420 [ 243.044825][ T7262] ? bpf_lsm_file_ioctl+0x9/0x20 [ 243.044846][ T7262] ? __pfx_drm_ioctl+0x10/0x10 [ 243.044868][ T7262] __se_sys_ioctl+0xff/0x170 [ 243.044896][ T7262] do_syscall_64+0xfa/0xfa0 [ 243.044920][ T7262] ? lockdep_hardirqs_on+0x9c/0x150 [ 243.044945][ T7262] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.044966][ T7262] ? clear_bhb_loop+0x60/0xb0 [ 243.044992][ T7262] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 243.045012][ T7262] RIP: 0033:0x7f9c0b0defc9 [ 243.045032][ T7262] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 243.045050][ T7262] RSP: 002b:00007f9c0933e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 243.045073][ T7262] RAX: ffffffffffffffda RBX: 00007f9c0b335fa0 RCX: 00007f9c0b0defc9 [ 243.045088][ T7262] RDX: 0000200000000180 RSI: 00000000c03864bc RDI: 000000000000000c [ 243.045102][ T7262] RBP: 00007f9c0933e090 R08: 0000000000000000 R09: 0000000000000000 [ 243.045115][ T7262] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 243.045127][ T7262] R13: 00007f9c0b336038 R14: 00007f9c0b335fa0 R15: 00007ffcda038388 [ 243.045165][ T7262] [ 243.160541][ T5789] usb 5-1: new high-speed USB device number 19 using dummy_hcd [ 243.313268][ T5789] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 243.313294][ T5789] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 243.313329][ T5789] usb 5-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 243.313350][ T5789] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 243.382916][ T5789] usb 5-1: config 0 descriptor?? [ 243.511370][ T37] kauditd_printk_skb: 26 callbacks suppressed [ 243.511393][ T37] audit: type=1800 audit(1761815083.629:94): pid=7270 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed(directio) comm="syz.0.465" name="file1" dev="overlay" ino=426 res=0 errno=0 [ 243.545989][ T7270] syz.0.465 uses obsolete (PF_INET,SOCK_PACKET) [ 243.669958][ T31] usb 5-1: USB disconnect, device number 19 [ 244.151076][ C1] vkms_vblank_simulate: vblank timer overrun [ 244.227182][ T7283] netlink: 20 bytes leftover after parsing attributes in process `syz.2.469'. [ 244.680029][ T7288] netlink: 20 bytes leftover after parsing attributes in process `syz.2.469'. [ 244.680062][ T7288] nbd: device at index 64 is going down [ 245.627409][ C1] vkms_vblank_simulate: vblank timer overrun [ 246.671777][ T7323] netlink: 8 bytes leftover after parsing attributes in process `syz.3.482'. [ 246.671810][ T7323] netlink: 8 bytes leftover after parsing attributes in process `syz.3.482'. [ 246.808418][ C1] vkms_vblank_simulate: vblank timer overrun [ 246.834166][ C1] vkms_vblank_simulate: vblank timer overrun [ 247.030556][ T5890] usb 1-1: new high-speed USB device number 20 using dummy_hcd [ 247.184326][ T5890] usb 1-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 247.184360][ T5890] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.212157][ T5890] usb 1-1: config 0 descriptor?? [ 247.310870][ T49] usb 4-1: new high-speed USB device number 23 using dummy_hcd [ 247.484283][ T49] usb 4-1: New USB device found, idVendor=077b, idProduct=2226, bcdDevice=ca.8b [ 247.484416][ T49] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 247.517011][ T49] usb 4-1: config 0 descriptor?? [ 247.720826][ T7329] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 247.721320][ T7329] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 247.927713][ T49] asix 4-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 247.929660][ T49] asix 4-1:0.0: probe with driver asix failed with error -71 [ 247.996686][ T49] usb 4-1: USB disconnect, device number 23 [ 248.281158][ T7352] pimreg: entered allmulticast mode [ 248.289972][ T7352] pimreg: left allmulticast mode [ 248.512878][ T7361] netlink: 36 bytes leftover after parsing attributes in process `syz.2.499'. [ 248.550263][ T7357] netlink: 8 bytes leftover after parsing attributes in process `syz.2.499'. [ 248.965433][ T7370] netlink: 4 bytes leftover after parsing attributes in process `syz.4.504'. [ 249.619315][ T7375] netlink: 4 bytes leftover after parsing attributes in process `syz.2.505'. [ 250.211226][ T7378] FAULT_INJECTION: forcing a failure. [ 250.211226][ T7378] name failslab, interval 1, probability 0, space 0, times 0 [ 250.211252][ T7378] CPU: 1 UID: 0 PID: 7378 Comm: syz.1.506 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 250.211269][ T7378] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 250.211276][ T7378] Call Trace: [ 250.211281][ T7378] [ 250.211290][ T7378] dump_stack_lvl+0x189/0x250 [ 250.211312][ T7378] ? __pfx____ratelimit+0x10/0x10 [ 250.211328][ T7378] ? __pfx_dump_stack_lvl+0x10/0x10 [ 250.211345][ T7378] ? __pfx__printk+0x10/0x10 [ 250.211363][ T7378] ? __pfx___might_resched+0x10/0x10 [ 250.211377][ T7378] ? fs_reclaim_acquire+0x7d/0x100 [ 250.211396][ T7378] should_fail_ex+0x46c/0x600 [ 250.211420][ T7378] should_failslab+0xa8/0x100 [ 250.211437][ T7378] __kmalloc_cache_noprof+0x6f/0x6c0 [ 250.211452][ T7378] ? drv_sta_state+0xe0a/0x1840 [ 250.211464][ T7378] ? __sta_info_destroy_part2+0x2e9/0x450 [ 250.211482][ T7378] __sta_info_destroy_part2+0x2e9/0x450 [ 250.211499][ T7378] __sta_info_flush+0x5e4/0x710 [ 250.211528][ T7378] ? __pfx___sta_info_flush+0x10/0x10 [ 250.211544][ T7378] ? __cfg80211_get_bss+0x113/0x800 [ 250.211557][ T7378] ieee80211_ibss_disconnect+0x2c6/0x800 [ 250.211568][ T7378] ? preempt_schedule_notrace_thunk+0x16/0x30 [ 250.211583][ T7378] ieee80211_ibss_leave+0x47/0x150 [ 250.211593][ T7378] cfg80211_leave_ibss+0x1e7/0x410 [ 250.211607][ T7378] cfg80211_netdev_notifier_call+0x1aa/0x1440 [ 250.211623][ T7378] ? __pfx_cfg80211_netdev_notifier_call+0x10/0x10 [ 250.211641][ T7378] ? rtlock_slowlock_locked+0xd8/0x4010 [ 250.211650][ T7378] ? rcu_is_watching+0x15/0xb0 [ 250.211661][ T7378] ? __lock_acquire+0xab9/0xd20 [ 250.211677][ T7378] ? do_raw_spin_lock+0x121/0x290 [ 250.211692][ T7378] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 250.211704][ T7378] ? lockdep_hardirqs_on+0x9c/0x150 [ 250.211716][ T7378] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 250.211727][ T7378] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 250.211740][ T7378] ? __lock_acquire+0xab9/0xd20 [ 250.211763][ T7378] ? inetdev_event+0x464/0x15b0 [ 250.211779][ T7378] ? igmp_netdev_event+0x7c/0x770 [ 250.211795][ T7378] notifier_call_chain+0x1b6/0x3e0 [ 250.211812][ T7378] __dev_close_many+0x106/0x6f0 [ 250.211826][ T7378] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 250.211839][ T7378] ? __pfx___dev_close_many+0x10/0x10 [ 250.211850][ T7378] ? rt_spin_unlock+0x161/0x200 [ 250.211860][ T7378] ? dev_set_rx_mode+0x4d/0x300 [ 250.211870][ T7378] ? dev_set_rx_mode+0x244/0x300 [ 250.211877][ T7378] ? __lock_acquire+0xab9/0xd20 [ 250.211890][ T7378] __dev_change_flags+0x2c7/0x6d0 [ 250.211903][ T7378] ? __pfx___dev_change_flags+0x10/0x10 [ 250.211915][ T7378] ? is_bpf_text_address+0x26/0x2b0 [ 250.211931][ T7378] netif_change_flags+0x88/0x1a0 [ 250.211943][ T7378] do_setlink+0xc55/0x41c0 [ 250.211954][ T7378] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 250.211970][ T7378] ? __pfx_do_setlink+0x10/0x10 [ 250.211979][ T7378] ? stack_trace_save+0x9c/0xe0 [ 250.211988][ T7378] ? __pfx_stack_trace_save+0x10/0x10 [ 250.211999][ T7378] ? stack_depot_save_flags+0x40/0x860 [ 250.212019][ T7378] ? __nla_validate_parse+0x2400/0x2d40 [ 250.212031][ T7378] ? ___sys_sendmsg+0x21f/0x2a0 [ 250.212040][ T7378] ? __x64_sys_sendmsg+0x1a1/0x260 [ 250.212054][ T7378] ? __lock_acquire+0xab9/0xd20 [ 250.212069][ T7378] ? do_raw_spin_lock+0x121/0x290 [ 250.212085][ T7378] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 250.212096][ T7378] ? lockdep_hardirqs_on+0x9c/0x150 [ 250.212108][ T7378] ? _raw_spin_unlock_irqrestore+0xad/0x110 [ 250.212119][ T7378] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 250.212131][ T7378] ? bpf_lsm_capable+0x9/0x20 [ 250.212140][ T7378] ? security_capable+0x7e/0x2e0 [ 250.212153][ T7378] ? mutex_lock_nested+0x154/0x1d0 [ 250.212161][ T7378] ? rtnl_newlink+0x8e9/0x1c80 [ 250.212176][ T7378] rtnl_newlink+0x1619/0x1c80 [ 250.212188][ T7378] ? netlink_deliver_tap+0x19c/0x1b0 [ 250.212204][ T7378] ? __pfx_rtnl_newlink+0x10/0x10 [ 250.212226][ T7378] ? __local_bh_enable+0x27b/0x410 [ 250.212246][ T7378] ? __local_bh_enable+0x28c/0x410 [ 250.212261][ T7378] ? reacquire_held_locks+0x127/0x1d0 [ 250.212284][ T7378] ? __pfx___local_bh_enable+0x10/0x10 [ 250.212308][ T7378] ? __local_bh_enable_ip+0x1c0/0x2e0 [ 250.212324][ T7378] ? lockdep_hardirqs_on+0x9c/0x150 [ 250.212347][ T7378] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 250.212364][ T7378] ? dev_hard_start_xmit+0x7f5/0x870 [ 250.212381][ T7378] ? __dev_queue_xmit+0x26f/0x3b70 [ 250.212406][ T7378] ? __dev_queue_xmit+0x26f/0x3b70 [ 250.212423][ T7378] ? __dev_queue_xmit+0x26f/0x3b70 [ 250.212443][ T7378] ? __dev_queue_xmit+0x1d3d/0x3b70 [ 250.212466][ T7378] ? __lock_acquire+0xab9/0xd20 [ 250.212507][ T7378] ? __pfx_rtnl_newlink+0x10/0x10 [ 250.212534][ T7378] rtnetlink_rcv_msg+0x7cf/0xb70 [ 250.212560][ T7378] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 250.212581][ T7378] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 250.212610][ T7378] ? __pfx_rcu_preempt_deferred_qs_irqrestore+0x10/0x10 [ 250.212639][ T7378] netlink_rcv_skb+0x208/0x470 [ 250.212652][ T7378] ? rcu_is_watching+0x15/0xb0 [ 250.212666][ T7378] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 250.212690][ T7378] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 250.212716][ T7378] ? netlink_deliver_tap+0x2e/0x1b0 [ 250.212738][ T7378] netlink_unicast+0x846/0xa10 [ 250.212770][ T7378] ? __pfx_netlink_unicast+0x10/0x10 [ 250.212800][ T7378] ? netlink_sendmsg+0x642/0xb30 [ 250.212817][ T7378] ? skb_put+0x11b/0x210 [ 250.212841][ T7378] netlink_sendmsg+0x805/0xb30 [ 250.212861][ T7378] ? __pfx___schedule+0x10/0x10 [ 250.212892][ T7378] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.212921][ T7378] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 250.212948][ T7378] ? __pfx_netlink_sendmsg+0x10/0x10 [ 250.212969][ T7378] __sock_sendmsg+0x21c/0x270 [ 250.213000][ T7378] ____sys_sendmsg+0x508/0x820 [ 250.213029][ T7378] ? __pfx_____sys_sendmsg+0x10/0x10 [ 250.213063][ T7378] ? import_iovec+0x74/0xa0 [ 250.213088][ T7378] ___sys_sendmsg+0x21f/0x2a0 [ 250.213113][ T7378] ? __pfx____sys_sendmsg+0x10/0x10 [ 250.213179][ T7378] ? __fget_files+0x2a/0x420 [ 250.213205][ T7378] ? __fget_files+0x3a6/0x420 [ 250.213245][ T7378] __x64_sys_sendmsg+0x1a1/0x260 [ 250.213269][ T7378] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 250.213297][ T7378] ? __pfx_ksys_write+0x10/0x10 [ 250.213321][ T7378] ? do_syscall_64+0xbe/0xfa0 [ 250.213349][ T7378] do_syscall_64+0xfa/0xfa0 [ 250.213372][ T7378] ? lockdep_hardirqs_on+0x9c/0x150 [ 250.213395][ T7378] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.213413][ T7378] ? clear_bhb_loop+0x60/0xb0 [ 250.213437][ T7378] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 250.213455][ T7378] RIP: 0033:0x7f9c0b0defc9 [ 250.213473][ T7378] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 250.213490][ T7378] RSP: 002b:00007f9c0933e038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 250.213640][ T7378] RAX: ffffffffffffffda RBX: 00007f9c0b335fa0 RCX: 00007f9c0b0defc9 [ 250.213658][ T7378] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 000000000000000c [ 250.213667][ T7378] RBP: 00007f9c0933e090 R08: 0000000000000000 R09: 0000000000000000 [ 250.213676][ T7378] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 250.213685][ T7378] R13: 00007f9c0b336038 R14: 00007f9c0b335fa0 R15: 00007ffcda038388 [ 250.213715][ T7378] [ 250.376384][ T5890] usb 1-1: Cannot set autoneg [ 250.376541][ T5890] MOSCHIP usb-ethernet driver 1-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -61 [ 251.070562][ T6017] usb 1-1: USB disconnect, device number 20 [ 251.465597][ T7378] netlink: 136 bytes leftover after parsing attributes in process `syz.1.506'. [ 251.487062][ T7382] netlink: 32 bytes leftover after parsing attributes in process `syz.4.508'. [ 251.822972][ T7415] FAULT_INJECTION: forcing a failure. [ 251.822972][ T7415] name failslab, interval 1, probability 0, space 0, times 0 [ 251.823010][ T7415] CPU: 0 UID: 0 PID: 7415 Comm: syz.3.516 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 251.823032][ T7415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 251.823044][ T7415] Call Trace: [ 251.823072][ T7415] [ 251.823081][ T7415] dump_stack_lvl+0x189/0x250 [ 251.823117][ T7415] ? __pfx____ratelimit+0x10/0x10 [ 251.823142][ T7415] ? __pfx_dump_stack_lvl+0x10/0x10 [ 251.823173][ T7415] ? __pfx__printk+0x10/0x10 [ 251.823199][ T7415] ? copy_to_user_tmpl+0x656/0x700 [ 251.823246][ T7415] should_fail_ex+0x46c/0x600 [ 251.823277][ T7415] ? __alloc_skb+0x112/0x2d0 [ 251.823296][ T7415] should_failslab+0xa8/0x100 [ 251.823327][ T7415] ? __alloc_skb+0x112/0x2d0 [ 251.823344][ T7415] kmem_cache_alloc_node_noprof+0x78/0x6e0 [ 251.823381][ T7415] __alloc_skb+0x112/0x2d0 [ 251.823406][ T7415] xfrm_alloc_compat+0x1a6/0x16f0 [ 251.823432][ T7415] ? xfrm_get_translator+0x1b/0x240 [ 251.823463][ T7415] ? __pfx_xfrm_alloc_compat+0x10/0x10 [ 251.823483][ T7415] xfrm_nlmsg_multicast+0xda/0x1f0 [ 251.823513][ T7415] xfrm_send_acquire+0x99d/0xee0 [ 251.823550][ T7415] ? __pfx_xfrm_send_acquire+0x10/0x10 [ 251.823578][ T7415] ? xfrm_init_tempstate+0xab6/0x1290 [ 251.823601][ T7415] ? km_query+0x2e/0x210 [ 251.823625][ T7415] km_query+0x11c/0x210 [ 251.823646][ T7415] ? km_query+0x2e/0x210 [ 251.823673][ T7415] xfrm_state_find+0x3b89/0x53e0 [ 251.823694][ T7415] ? __lock_acquire+0xab9/0xd20 [ 251.823733][ T7415] ? rtlock_slowlock_locked+0xd8/0x4010 [ 251.823767][ T7415] ? xfrm_state_find+0x2bf/0x53e0 [ 251.823801][ T7415] ? __pfx_xfrm_state_find+0x10/0x10 [ 251.823822][ T7415] ? try_to_take_rt_mutex+0x840/0xb00 [ 251.823858][ T7415] ? rtlock_slowlock_locked+0xd8/0x4010 [ 251.823886][ T7415] xfrm_resolve_and_create_bundle+0x768/0x2f80 [ 251.823946][ T7415] ? reacquire_held_locks+0x127/0x1d0 [ 251.823981][ T7415] ? __pfx_xfrm_resolve_and_create_bundle+0x10/0x10 [ 251.824009][ T7415] ? __lock_acquire+0xab9/0xd20 [ 251.824060][ T7415] ? xfrm_sk_policy_lookup+0x9d/0x750 [ 251.824094][ T7415] ? rt_set_nexthop+0x1c8/0xa80 [ 251.824129][ T7415] ? xfrm_sk_policy_lookup+0x9d/0x750 [ 251.824163][ T7415] ? xfrm_expand_policies+0x41f/0x6a0 [ 251.824198][ T7415] xfrm_lookup_with_ifid+0x2a7/0x1a90 [ 251.824246][ T7415] ? __pfx_xfrm_lookup_with_ifid+0x10/0x10 [ 251.824292][ T7415] xfrm_lookup_route+0x3c/0x1c0 [ 251.824324][ T7415] udp_sendmsg+0x142e/0x2170 [ 251.824369][ T7415] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 251.824399][ T7415] ? __pfx_udp_sendmsg+0x10/0x10 [ 251.824436][ T7415] ? smack_socket_sendmsg+0x1a7/0x520 [ 251.824487][ T7415] ? tomoyo_socket_sendmsg_permission+0x1e1/0x300 [ 251.824516][ T7415] ? sock_rps_record_flow+0x19/0x410 [ 251.824549][ T7415] ? inet_sendmsg+0x29c/0x370 [ 251.824575][ T7415] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 251.824609][ T7415] __sock_sendmsg+0x19c/0x270 [ 251.824641][ T7415] ____sys_sendmsg+0x534/0x820 [ 251.824672][ T7415] ? __pfx_____sys_sendmsg+0x10/0x10 [ 251.824707][ T7415] ? import_iovec+0x74/0xa0 [ 251.824734][ T7415] ___sys_sendmsg+0x21f/0x2a0 [ 251.824761][ T7415] ? __pfx____sys_sendmsg+0x10/0x10 [ 251.824831][ T7415] ? __fget_files+0x2a/0x420 [ 251.824854][ T7415] ? __fget_files+0x3a6/0x420 [ 251.824893][ T7415] __sys_sendmmsg+0x22d/0x430 [ 251.824922][ T7415] ? __pfx___sys_sendmmsg+0x10/0x10 [ 251.824959][ T7415] ? rt_mutex_slowunlock+0x1be/0x2e0 [ 251.825001][ T7415] ? ksys_write+0x230/0x260 [ 251.825030][ T7415] ? __pfx_ksys_write+0x10/0x10 [ 251.825061][ T7415] __x64_sys_sendmmsg+0xa0/0xc0 [ 251.825087][ T7415] do_syscall_64+0xfa/0xfa0 [ 251.825111][ T7415] ? lockdep_hardirqs_on+0x9c/0x150 [ 251.825137][ T7415] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.825156][ T7415] ? clear_bhb_loop+0x60/0xb0 [ 251.825180][ T7415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 251.825200][ T7415] RIP: 0033:0x7f222389efc9 [ 251.825397][ T7415] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 251.825415][ T7415] RSP: 002b:00007f2221ae5038 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 251.825438][ T7415] RAX: ffffffffffffffda RBX: 00007f2223af6090 RCX: 00007f222389efc9 [ 251.825452][ T7415] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000003 [ 251.825466][ T7415] RBP: 00007f2221ae5090 R08: 0000000000000000 R09: 0000000000000000 [ 251.825476][ T7415] R10: 000000000000001c R11: 0000000000000246 R12: 0000000000000001 [ 251.825489][ T7415] R13: 00007f2223af6128 R14: 00007f2223af6090 R15: 00007fffcbd43088 [ 251.825526][ T7415] [ 253.643779][ T37] audit: type=1326 audit(1761815093.769:96): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7450 comm="syz.0.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 253.643961][ T37] audit: type=1326 audit(1761815093.769:97): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7450 comm="syz.0.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 253.644118][ T37] audit: type=1326 audit(1761815093.769:98): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7450 comm="syz.0.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 253.657086][ T37] audit: type=1326 audit(1761815093.769:95): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7450 comm="syz.0.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 253.657477][ T37] audit: type=1326 audit(1761815093.779:99): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7450 comm="syz.0.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 253.657795][ T37] audit: type=1326 audit(1761815093.779:100): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7450 comm="syz.0.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 253.695621][ T37] audit: type=1326 audit(1761815093.819:101): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7450 comm="syz.0.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7efe483aefc9 code=0x7ffc0000 [ 253.695894][ T37] audit: type=1326 audit(1761815093.819:102): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7450 comm="syz.0.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=9 compat=0 ip=0x7efe483af003 code=0x7ffc0000 [ 253.698776][ T37] audit: type=1326 audit(1761815093.819:103): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7450 comm="syz.0.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=10 compat=0 ip=0x7efe483af087 code=0x7ffc0000 [ 253.700322][ T37] audit: type=1326 audit(1761815093.819:104): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=7450 comm="syz.0.529" exe="/root/syz-executor" sig=0 arch=c000003e syscall=14 compat=0 ip=0x7efe4836644d code=0x7ffc0000 [ 254.057167][ T7465] netlink: 440 bytes leftover after parsing attributes in process `syz.4.534'. [ 254.273167][ T7470] netlink: 24 bytes leftover after parsing attributes in process `syz.4.537'. [ 254.800626][ T6017] usb 5-1: new high-speed USB device number 20 using dummy_hcd [ 254.973221][ T6017] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 254.973251][ T6017] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 254.973290][ T6017] usb 5-1: New USB device found, idVendor=1b96, idProduct=0009, bcdDevice= 0.00 [ 254.973313][ T6017] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 255.052838][ T6017] usb 5-1: config 0 descriptor?? [ 255.268512][ T6017] usb 5-1: USB disconnect, device number 20 [ 255.610262][ T1322] ieee802154 phy0 wpan0: encryption failed: -22 [ 256.104981][ T7535] netlink: 12 bytes leftover after parsing attributes in process `syz.3.557'. [ 256.410526][ T6017] usb 1-1: new high-speed USB device number 21 using dummy_hcd [ 256.565106][ T6017] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 256.565157][ T6017] usb 1-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 256.570268][ T6017] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 256.570296][ T6017] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 256.570313][ T6017] usb 1-1: Product: syz [ 256.570327][ T6017] usb 1-1: Manufacturer: syz [ 256.620507][ T6017] usb 1-1: SerialNumber: syz [ 256.852229][ T7544] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 256.852791][ T7544] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 256.857731][ T6017] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -22 [ 256.895962][ T6017] ================================================================== [ 256.895980][ T6017] BUG: KASAN: vmalloc-out-of-bounds in __list_add_valid_or_report+0x4e/0x130 [ 256.896013][ T6017] Read of size 8 at addr ffffc9000e60d008 by task kworker/0:6/6017 [ 256.896031][ T6017] [ 256.896043][ T6017] CPU: 0 UID: 0 PID: 6017 Comm: kworker/0:6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 256.896066][ T6017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 256.896079][ T6017] Workqueue: usb_hub_wq hub_event [ 256.896103][ T6017] Call Trace: [ 256.896111][ T6017] [ 256.896120][ T6017] dump_stack_lvl+0x189/0x250 [ 256.896154][ T6017] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.896184][ T6017] ? __pfx__printk+0x10/0x10 [ 256.896207][ T6017] ? _raw_spin_lock_irqsave+0xb3/0xf0 [ 256.896235][ T6017] ? __virt_addr_valid+0xdc/0x5c0 [ 256.896263][ T6017] ? __virt_addr_valid+0xdc/0x5c0 [ 256.896292][ T6017] print_report+0xca/0x240 [ 256.896319][ T6017] ? __list_add_valid_or_report+0x4e/0x130 [ 256.896342][ T6017] kasan_report+0x118/0x150 [ 256.896371][ T6017] ? __list_add_valid_or_report+0x4e/0x130 [ 256.896400][ T6017] __list_add_valid_or_report+0x4e/0x130 [ 256.896426][ T6017] kcov_remote_stop+0x52d/0x660 [ 256.896457][ T6017] hub_event+0x45d2/0x4a20 [ 256.896501][ T6017] ? __pfx_hub_event+0x10/0x10 [ 256.896531][ T6017] ? process_scheduled_works+0x9ef/0x17b0 [ 256.896559][ T6017] ? _raw_spin_unlock_irq+0x23/0x50 [ 256.896583][ T6017] ? process_scheduled_works+0x9ef/0x17b0 [ 256.896617][ T6017] ? process_scheduled_works+0x9ef/0x17b0 [ 256.896641][ T6017] process_scheduled_works+0xae1/0x17b0 [ 256.896678][ T6017] ? __pfx_process_scheduled_works+0x10/0x10 [ 256.896711][ T6017] worker_thread+0x8a0/0xda0 [ 256.896737][ T6017] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 256.896767][ T6017] ? __kthread_parkme+0x7b/0x200 [ 256.896798][ T6017] kthread+0x711/0x8a0 [ 256.896828][ T6017] ? __pfx_worker_thread+0x10/0x10 [ 256.896852][ T6017] ? __pfx_kthread+0x10/0x10 [ 256.896879][ T6017] ? rt_spin_unlock+0x150/0x200 [ 256.896900][ T6017] ? rt_spin_unlock+0x161/0x200 [ 256.896918][ T6017] ? __pfx_kthread+0x10/0x10 [ 256.896948][ T6017] ret_from_fork+0x4bc/0x870 [ 256.896973][ T6017] ? __pfx_ret_from_fork+0x10/0x10 [ 256.897000][ T6017] ? __switch_to_asm+0x39/0x70 [ 256.897019][ T6017] ? __switch_to_asm+0x33/0x70 [ 256.897038][ T6017] ? __pfx_kthread+0x10/0x10 [ 256.897067][ T6017] ret_from_fork_asm+0x1a/0x30 [ 256.897095][ T6017] [ 256.897103][ T6017] [ 256.897109][ T6017] The buggy address belongs to a vmalloc virtual mapping [ 256.897127][ T6017] Memory state around the buggy address: [ 256.897139][ T6017] ffffc9000e60cf00: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 256.897153][ T6017] ffffc9000e60cf80: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 256.897165][ T6017] >ffffc9000e60d000: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 256.897175][ T6017] ^ [ 256.897186][ T6017] ffffc9000e60d080: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 256.897199][ T6017] ffffc9000e60d100: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 256.897208][ T6017] ================================================================== [ 256.897221][ T6017] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 256.897236][ T6017] CPU: 0 UID: 0 PID: 6017 Comm: kworker/0:6 Not tainted syzkaller #0 PREEMPT_{RT,(full)} [ 256.897258][ T6017] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 10/02/2025 [ 256.897269][ T6017] Workqueue: usb_hub_wq hub_event [ 256.897288][ T6017] Call Trace: [ 256.897296][ T6017] [ 256.897303][ T6017] dump_stack_lvl+0x99/0x250 [ 256.897333][ T6017] ? __asan_memcpy+0x40/0x70 [ 256.897356][ T6017] ? __pfx_dump_stack_lvl+0x10/0x10 [ 256.897386][ T6017] ? __pfx__printk+0x10/0x10 [ 256.897415][ T6017] vpanic+0x237/0x6d0 [ 256.897434][ T6017] ? __pfx_vpanic+0x10/0x10 [ 256.897458][ T6017] panic+0xb9/0xc0 [ 256.897477][ T6017] ? __pfx_panic+0x10/0x10 [ 256.897496][ T6017] ? _raw_spin_unlock_irqrestore+0x85/0x110 [ 256.897530][ T6017] ? lockdep_hardirqs_on+0x9c/0x150 [ 256.897557][ T6017] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 256.897586][ T6017] ? __list_add_valid_or_report+0x4e/0x130 [ 256.897610][ T6017] check_panic_on_warn+0x89/0xb0 [ 256.897630][ T6017] ? __list_add_valid_or_report+0x4e/0x130 [ 256.897654][ T6017] end_report+0x78/0x160 [ 256.897681][ T6017] kasan_report+0x129/0x150 [ 256.897709][ T6017] ? __list_add_valid_or_report+0x4e/0x130 [ 256.897737][ T6017] __list_add_valid_or_report+0x4e/0x130 [ 256.897763][ T6017] kcov_remote_stop+0x52d/0x660 [ 256.897793][ T6017] hub_event+0x45d2/0x4a20 [ 256.897837][ T6017] ? __pfx_hub_event+0x10/0x10 [ 256.897868][ T6017] ? process_scheduled_works+0x9ef/0x17b0 [ 256.897895][ T6017] ? _raw_spin_unlock_irq+0x23/0x50 [ 256.897920][ T6017] ? process_scheduled_works+0x9ef/0x17b0 [ 256.897943][ T6017] ? process_scheduled_works+0x9ef/0x17b0 [ 256.897968][ T6017] process_scheduled_works+0xae1/0x17b0 [ 256.898005][ T6017] ? __pfx_process_scheduled_works+0x10/0x10 [ 256.898045][ T6017] worker_thread+0x8a0/0xda0 [ 256.898070][ T6017] ? __pfx__raw_spin_unlock_irqrestore+0x10/0x10 [ 256.898100][ T6017] ? __kthread_parkme+0x7b/0x200 [ 256.898138][ T6017] kthread+0x711/0x8a0 [ 256.898168][ T6017] ? __pfx_worker_thread+0x10/0x10 [ 256.898192][ T6017] ? __pfx_kthread+0x10/0x10 [ 256.898219][ T6017] ? rt_spin_unlock+0x150/0x200 [ 256.898242][ T6017] ? rt_spin_unlock+0x161/0x200 [ 256.898261][ T6017] ? __pfx_kthread+0x10/0x10 [ 256.898285][ T6017] ret_from_fork+0x4bc/0x870 [ 256.898304][ T6017] ? __pfx_ret_from_fork+0x10/0x10 [ 256.898327][ T6017] ? __switch_to_asm+0x39/0x70 [ 256.898347][ T6017] ? __switch_to_asm+0x33/0x70 [ 256.898366][ T6017] ? __pfx_kthread+0x10/0x10 [ 256.898396][ T6017] ret_from_fork_asm+0x1a/0x30 [ 256.898425][ T6017] [ 256.898607][ T6017] Kernel Offset: disabled