last executing test programs: 4.426778109s ago: executing program 4 (id=1515): r0 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r0, &(0x7f0000000040), 0x10) sendmsg$can_bcm(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=ANY=[@ANYBLOB="0300"], 0x48}, 0x1, 0x0, 0x0, 0x4000}, 0x240400c6) 4.315708894s ago: executing program 1 (id=1517): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="120100004f92b90857152077ebb7000000010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000a80)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)={0x40, 0x13, 0x6, @multicast}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000580)={0x44, &(0x7f0000000300)={0x0, 0x31, 0x2, '\nB'}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000540)={0x34, &(0x7f00000002c0)={0x0, 0xf, 0x1, "f1"}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$cdc_ncm(r0, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, 0x0) 4.178541845s ago: executing program 4 (id=1519): prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000000)={0x1, &(0x7f00000000c0)=[{0x200000000006, 0x0, 0x0, 0x7ffc1ffb}]}) r0 = socket$nl_rdma(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000080)={0x10, 0x1403, 0x1, 0x70bd2c, 0x25dfdbfc}, 0x10}, 0x1, 0x0, 0x0, 0x44}, 0x810) 3.920515145s ago: executing program 4 (id=1522): r0 = socket(0xa, 0x3, 0x8) ioctl$sock_SIOCETHTOOL(r0, 0x8946, 0x0) r1 = socket(0x10, 0x803, 0x0) ioctl$sock_SIOCETHTOOL(r1, 0x8946, &(0x7f00000002c0)={'veth0_to_team\x00', &(0x7f0000000000)=@ethtool_channels={0x3d, 0x0, 0x0, 0x0, 0x0, 0x1, 0x2}}) 3.620092981s ago: executing program 4 (id=1526): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000003}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000000780)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000180)={@flat=@binder={0x73622a85, 0x0, 0x2}, @flat=@weak_binder={0x77622a85, 0xb, 0x3}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x33}}, &(0x7f0000000680)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r0, 0xc0306201, &(0x7f0000000640)={0x4c, 0x0, &(0x7f00000004c0)=[@reply_sg={0x40486312, {0x2, 0x0, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x440}], 0x1, 0x0, &(0x7f0000000540)="c0"}) 3.326330688s ago: executing program 4 (id=1529): r0 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="02000000040000000800000001"], 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f00000001c0)={r0, 0x0, 0x0}, 0x1c) 3.148256136s ago: executing program 4 (id=1531): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000180)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x318, 0x0) madvise(&(0x7f0000000000/0x400000)=nil, 0x400000, 0xc) r1 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000080)='/sys/kernel/mm/ksm/run\x00', 0x1, 0x0) write$sysctl(r1, &(0x7f0000000580)='1\x00', 0x2) syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000080)=ANY=[@ANYBLOB="12010000000000086d04"], 0x0) write$sysctl(r1, &(0x7f0000000000)='2\x00', 0x2) 2.642579472s ago: executing program 0 (id=1535): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) dup(r0) syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x601) dup2(0xffffffffffffffff, 0xffffffffffffffff) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r2 = dup(r1) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r2, 0x2000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) bind$unix(0xffffffffffffffff, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x17) write$binfmt_aout(r2, 0x0, 0xffffffdb) mremap(&(0x7f000020e000/0x2000)=nil, 0x2000, 0x400000, 0x3, &(0x7f000082a000/0x400000)=nil) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x9) 2.277186868s ago: executing program 2 (id=1539): socket(0x1f, 0x2, 0x9e) r0 = openat$cgroup_root(0xffffffffffffff9c, 0x0, 0x200002, 0x0) openat$cgroup_freezer_state(r0, 0x0, 0x2, 0x0) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, 0x0) ioctl$IOCTL_VMCI_NOTIFY_RESOURCE(0xffffffffffffffff, 0x7a5, &(0x7f00000000c0)={{@my=0x0, 0x31}}) bpf$MAP_CREATE(0x0, 0x0, 0x50) ioctl$IOCTL_VMCI_NOTIFICATIONS_RECEIVE(0xffffffffffffffff, 0x7a6, 0x0) syz_usb_connect(0x3, 0x48, &(0x7f0000000000)=ANY=[@ANYBLOB="1201000047482908951300037581000000010902360001000000000904960102502f7e0009050f10200001ff08090470e96808dcdad3090503101000740406090403"], 0x0) 2.143920931s ago: executing program 0 (id=1540): openat$kvm(0x0, 0x0, 0x10b500, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f00000000c0)={'vxcan1\x00', 0x0}) r4 = socket(0x1d, 0x2, 0x6) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vxcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000100)={0x1d, r5, 0x2, {0x0, 0xf0, 0x3}}, 0x18) sendmsg$nl_route_sched(r1, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000004c00)=@newtfilter={0x24, 0x11, 0xd27, 0x0, 0x0, {0x0, 0x0, 0x74, r3, {}, {0x6}, {0x0, 0xa}}}, 0x24}, 0x1, 0xf0ffffffffffff}, 0x0) close_range(r0, r4, 0x0) 1.983510287s ago: executing program 0 (id=1542): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f00000000c0), 0x121602, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000003c0)=0x14) ioctl$TIOCVHANGUP(r0, 0x5437, 0x2) capset(&(0x7f0000000000)={0x19980330}, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x0, 0x0, 0x2}) openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) 1.877548459s ago: executing program 0 (id=1544): syz_open_dev$tty1(0xc, 0x4, 0x1) syz_usb_connect(0x2, 0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="1201000011620140480b05101e8c00000001090212000100000000090401"], 0x0) r0 = syz_open_dev$I2C(&(0x7f0000000000), 0x1, 0x402) writev(r0, &(0x7f0000000400)=[{&(0x7f0000000080)="ae", 0x1}], 0x1) 942.606179ms ago: executing program 3 (id=1549): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000300)={@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @local, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x24}}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x82680027}) 848.071391ms ago: executing program 1 (id=1550): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f00000000c0)={0x73622a85, 0x110b, 0x8000000000003}) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000200)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x800, 0x0) mmap$binder(&(0x7f0000ffc000/0x4000)=nil, 0x4000, 0x1, 0x11, r3, 0x10000000000) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000000040)={0x73622a85, 0x10a}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000003c0)={0x54, 0x0, &(0x7f0000000780)=[@acquire, @transaction_sg={0x40486311, {0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x58, 0x18, &(0x7f0000000180)={@flat=@binder={0x73622a85, 0x0, 0x2}, @flat=@weak_binder={0x77622a85, 0xb, 0x3}, @ptr={0x70742a85, 0x0, 0x0, 0x0, 0x1, 0x33}}, &(0x7f0000000680)={0x0, 0x18, 0x30}}, 0x1000}], 0x0, 0x0, 0x0}) 831.375067ms ago: executing program 3 (id=1551): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x4) r1 = openat(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x0) fcntl$notify(r1, 0x402, 0xd) r2 = openat(r1, &(0x7f0000000080)='.\x00', 0x0, 0x0) fcntl$notify(r2, 0x402, 0x18) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cgroup.stat\x00', 0x275a, 0x0) 781.082611ms ago: executing program 2 (id=1552): bpf$ENABLE_STATS(0x20, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000540)={0x0, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000018120000", @ANYRES32, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000f6000000850000004300000095"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="16000000000000000400000001"], 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000300)={0x3, 0x6, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000008000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b7040000000000008500000058"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x90) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000600)={0x11, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000580)={&(0x7f0000000540)='fib6_table_lookup\x00', r1}, 0x10) syz_emit_ethernet(0x5e, &(0x7f00000003c0)={@random="e33110495bfd", @dev, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "cb653e", 0x28, 0x3a, 0xff, @dev, @mcast2, {[], @ndisc_redir={0x89, 0x0, 0x0, '\x00', @rand_addr=' \x01\x00', @private1}}}}}}, 0x0) 780.803804ms ago: executing program 1 (id=1553): r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000200)={0x18, 0x4, &(0x7f00000002c0)=ANY=[@ANYBLOB="180100001c0000000000000000000000850000006d00000095"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x78) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000007c0)={&(0x7f0000000780)='netlink_extack\x00', r0}, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f00000002c0)={'macvlan1\x00', 0x0}) r3 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f00000010c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="440000001000010400"/20, @ANYRES32=r2, @ANYBLOB="00001700000000001c0037800b0003006970768a616e00000c0002800600010000000000050027"], 0x44}}, 0x814) 632.09605ms ago: executing program 3 (id=1554): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000100)=ANY=[@ANYBLOB="640000000001010400000000141a000002000000240001801400018008000100e000000108000200e00000010c00028005000100000000002400028014000180080001000000000008000200ac1e00010c00028005000100000000000800074000000001"], 0x64}}, 0x0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPCTNL_MSG_CT_NEW(r1, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="3c0000000001ef03000000000000000002000000240002801400018008000100e000000108000200e00000010c000280050001"], 0x3c}}, 0x0) 626.450642ms ago: executing program 1 (id=1555): socket$inet6_icmp_raw(0xa, 0x3, 0x3a) socket$inet6_icmp_raw(0xa, 0x3, 0x3a) syz_emit_ethernet(0x66, &(0x7f0000000340)={@multicast, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "02adf7", 0x30, 0x3a, 0x0, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}, @mcast2, {[], @time_exceed={0x2, 0x0, 0x0, 0x0, '\x00', {0x0, 0x6, "fd9063", 0x0, 0x3a, 0xff, @loopback, @loopback}}}}}}}, 0x0) 586.472017ms ago: executing program 2 (id=1556): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)) socket(0x1d, 0x2, 0x6) openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000080)='cpuset.effective_cpus\x00', 0x275a, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket(0x40000000015, 0x5, 0x0) r0 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000380), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r0, 0xc0285700, &(0x7f0000000100)={0x1, "fa02c8098000"}) openat$tun(0xffffff9c, &(0x7f0000000440), 0x0, 0x0) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet_sctp(0x2, 0x1, 0x84) openat$ptmx(0xffffffffffffff9c, &(0x7f0000000040), 0x183081, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6(0xa, 0x800000000000002, 0x0) socket$packet(0x11, 0x2, 0x300) r1 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$ETHTOOL_MSG_COALESCE_SET(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000500)={&(0x7f0000000180)=ANY=[@ANYBLOB='\\\x00\x00\x00', @ANYRES16, @ANYBLOB="010000000000000000001400000008000a00fc00000018000180140002006e657464657673696d300000000000000800050000fcffff08001400fc000000080011000700000008000e00800000000800", @ANYRES64=r1], 0x5c}, 0x1, 0x0, 0x0, 0x20000800}, 0x0) 476.130524ms ago: executing program 3 (id=1557): timer_create(0xfffffffc, 0x0, &(0x7f0000000040)=0x0) socket(0x11, 0x800000003, 0x0) socket(0x1e, 0x4, 0x0) timer_settime(r0, 0x1, &(0x7f0000000180)={{0x0, 0x3938700}, {0x0, 0x9}}, 0x0) timer_settime(r0, 0x1, &(0x7f0000000900)={{}, {0x0, 0x3938700}}, &(0x7f00000000c0)) 453.891192ms ago: executing program 0 (id=1558): bpf$PROG_LOAD(0x5, &(0x7f0000000680)={0x11, 0x3, &(0x7f0000000740)=@framed, &(0x7f0000000780)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) mknod$loop(0x0, 0x6000, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000040), 0xffffffffffffffff) sendmsg$TIPC_NL_MEDIA_SET(r0, &(0x7f0000000440)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000c00)=ANY=[@ANYBLOB="ac020000", @ANYRES16=r1, @ANYBLOB="bf4400000000000000000c"], 0x2ac}}, 0x0) 398.564079ms ago: executing program 2 (id=1559): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f00000000c0)=0xe) ioctl$AUTOFS_DEV_IOCTL_ASKUMOUNT(0xffffffffffffffff, 0xc018937d, &(0x7f0000000180)={{0x1, 0x1, 0x18}, '\x00'}) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$PPPIOCSMRU1(r1, 0x40047452, &(0x7f0000000000)=0xfffffff7) 351.991628ms ago: executing program 1 (id=1560): sendmmsg$alg(0xffffffffffffffff, &(0x7f0000003dc0)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="3c3a17a6868beced4171e6dc4b4e1ba14e6ce70c3eef8f036ade313072dd4c5958496a7f6492fb2604205052c842de737fa1a98e9897a09a119094eac5ca4ce5", 0x40}], 0x1, 0x0, 0x0, 0x20000011}], 0x1, 0x2000040) r0 = syz_genetlink_get_family_id$nl80211(&(0x7f00000015c0), 0xffffffffffffffff) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=ANY=[@ANYBLOB="600000001000", @ANYRES32=0x0, @ANYBLOB="0000000000000000400012800e00010069703665727370616e0000002c00028014000500"/50], 0x60}}, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r1, 0x8933, &(0x7f0000000300)={'wlan0\x00', 0x0}) sendmsg$NL80211_CMD_JOIN_MESH(r1, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000080)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r0, @ANYBLOB="010000000000000000004400000008000300", @ANYRES32=r2, @ANYBLOB="08002600851600000a00180000000000000000001c005a8018000180140003"], 0x4c}}, 0x0) 351.621653ms ago: executing program 3 (id=1561): r0 = socket$inet6_mptcp(0xa, 0x1, 0x106) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, 0x0) ioctl$sock_inet6_SIOCADDRT(r0, 0x890b, &(0x7f0000000300)={@ipv4={'\x00', '\xff\xff', @rand_addr=0x64010102}, @local, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0x24}}, 0x0, 0x0, 0x1, 0x0, 0x0, 0x82680027}) 246.342749ms ago: executing program 2 (id=1562): r0 = syz_open_dev$vbi(&(0x7f0000000080), 0x1, 0x2) ioctl$VIDIOC_S_DV_TIMINGS(r0, 0xc0845657, &(0x7f0000000380)={0x0, @bt={0x2d0, 0x7c5, 0x1, 0x3, 0xd59f80, 0x4, 0x5, 0xb, 0x8, 0x5, 0x40722, 0xe72, 0xb0c, 0x8, 0x38, 0x35, {0xffff945a, 0x1}, 0x3, 0xed}}) 220.486284ms ago: executing program 0 (id=1563): bpf$PROG_LOAD(0x5, &(0x7f0000000340)={0xb, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40f00, 0x40, '\x00', 0x0, @fallback=0xd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x60000000, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = gettid() r1 = openat$sndseq(0xffffffffffffff9c, &(0x7f0000000240), 0x0) read(r1, &(0x7f0000000b80)=""/215, 0xd7) tkill(r0, 0x7) connect$inet6(0xffffffffffffffff, 0x0, 0x0) dup(0xffffffffffffffff) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x7, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x10, 0x7fff0000}]}) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) setsockopt$SO_ATTACH_FILTER(r2, 0x1, 0x1a, &(0x7f0000000440)={0x1, &(0x7f00000000c0)=[{0x20, 0x0, 0x0, 0xfffff02c}]}, 0x10) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0xb, 0x31, 0xffffffffffffffff, 0x0) syz_open_dev$vcsu(&(0x7f00000000c0), 0x0, 0x440200) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mbind(&(0x7f00001fa000/0x2000)=nil, 0x2000, 0x1, 0x0, 0x0, 0x0) r3 = socket$xdp(0x2c, 0x3, 0x0) setsockopt$XDP_UMEM_REG(r3, 0x11b, 0x4, &(0x7f0000000080)={&(0x7f0000000000)=""/59, 0x304000, 0x800, 0x0, 0x3}, 0x20) mbind(&(0x7f0000001000/0x800000)=nil, 0x800000, 0x0, 0x0, 0x0, 0x2) shmctl$SHM_INFO(0x0, 0xe, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) 215.558781ms ago: executing program 3 (id=1564): ioctl$AUTOFS_DEV_IOCTL_CLOSEMOUNT(0xffffffffffffffff, 0xc0189375, 0x0) lseek(0xffffffffffffffff, 0x3, 0x1) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) syz_open_dev$sndmidi(0x0, 0x2, 0x141102) write$dsp(0xffffffffffffffff, 0x0, 0x0) write$cgroup_pressure(0xffffffffffffffff, 0x0, 0x0) r0 = socket$kcm(0x10, 0x2, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x11, 0x80a, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000300)={'bond0\x00', 0x0}) sendmsg$nl_route(r1, &(0x7f0000000340)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000080)=@newlink={0x44, 0x10, 0x401, 0x70bd2c, 0x0, {0x0, 0x0, 0x0, r3}, [@IFLA_LINKINFO={0x24, 0x12, 0x0, 0x1, @bond={{0x9}, {0x14, 0x2, 0x0, 0x1, [@IFLA_BOND_MIIMON={0x8, 0x3, 0x4}, @IFLA_BOND_USE_CARRIER={0x5}]}}}]}, 0x44}}, 0x0) sendmsg$kcm(r0, &(0x7f0000000600)={0x0, 0xfffffffe, &(0x7f0000000080)=[{&(0x7f0000000000)="2e00000010008188040f80ec59acbc0413a1f8480d0000005e140604000000000e000a000f00000002800000121f", 0x2e}], 0x1}, 0x0) 114.712139ms ago: executing program 1 (id=1565): r0 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) r1 = dup(r0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xa, 0x13, r1, 0x2000) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0xe) bind$unix(0xffffffffffffffff, &(0x7f0000000300)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) write$binfmt_aout(r1, 0x0, 0xffffffdb) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x40080}, 0x0) 0s ago: executing program 2 (id=1566): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, 0x0) ioctl$KVM_SET_VCPU_EVENTS(r2, 0x4040aea0, &(0x7f00000003c0)=@x86={0x5, 0x9, 0x6, 0x0, 0xfffffffe, 0x5, 0x4, 0xf, 0x5, 0x6, 0x8, 0x2, 0x0, 0x3, 0x5, 0x4, 0xf4, 0x84, 0x7f, '\x00', 0x7, 0x6}) ioctl$KVM_RUN(r2, 0xae80, 0x0) kernel console output (not intermixed with test programs): 11949][T11327] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 539.111992][T11327] ? ref_tracker_free+0x63a/0x7d0 [ 539.112054][T11327] ? __netlink_deliver_tap+0x807/0x850 [ 539.112088][T11327] ? netlink_deliver_tap+0x2e/0x1b0 [ 539.112107][T11327] ? netlink_deliver_tap+0x2e/0x1b0 [ 539.112130][T11327] netlink_unicast+0x758/0x8d0 [ 539.112166][T11327] netlink_sendmsg+0x805/0xb30 [ 539.112203][T11327] ? __pfx_netlink_sendmsg+0x10/0x10 [ 539.112233][T11327] ? __import_iovec+0x5d4/0x7f0 [ 539.112248][T11327] ? aa_sock_msg_perm+0x94/0x160 [ 539.112270][T11327] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 539.112292][T11327] ? __pfx_netlink_sendmsg+0x10/0x10 [ 539.112323][T11327] __sock_sendmsg+0x21c/0x270 [ 539.112360][T11327] ____sys_sendmsg+0x505/0x830 [ 539.112393][T11327] ? __pfx_____sys_sendmsg+0x10/0x10 [ 539.112426][T11327] ___sys_sendmsg+0x21f/0x2a0 [ 539.112453][T11327] ? __pfx____sys_sendmsg+0x10/0x10 [ 539.112522][T11327] ? __fget_files+0x2a/0x420 [ 539.112546][T11327] ? __fget_files+0x3a0/0x420 [ 539.112588][T11327] __sys_sendmsg+0x164/0x220 [ 539.112618][T11327] ? __pfx___sys_sendmsg+0x10/0x10 [ 539.112663][T11327] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 539.112698][T11327] ? lockdep_hardirqs_on+0x9c/0x150 [ 539.112724][T11327] __do_fast_syscall_32+0xb6/0x2b0 [ 539.112740][T11327] ? lockdep_hardirqs_on+0x9c/0x150 [ 539.112777][T11327] do_fast_syscall_32+0x34/0x80 [ 539.112799][T11327] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 539.112824][T11327] RIP: 0023:0xf7f17539 [ 539.112843][T11327] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 539.112860][T11327] RSP: 002b:00000000f503655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 539.112877][T11327] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000140 [ 539.112888][T11327] RDX: 0000000024040880 RSI: 0000000000000000 RDI: 0000000000000000 [ 539.112898][T11327] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 539.112909][T11327] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 539.112931][T11327] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 539.112963][T11327] [ 539.458768][ C1] vkms_vblank_simulate: vblank timer overrun [ 539.565895][ T10] usb 3-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 539.875629][ T10] usb 3-1: USB disconnect, device number 63 [ 540.229805][ T5840] usb 1-1: new high-speed USB device number 73 using dummy_hcd [ 540.467992][ T5840] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 540.468016][ T5840] usb 1-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 540.468034][ T5840] usb 1-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 540.480902][ T5840] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 540.480929][ T5840] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 540.480946][ T5840] usb 1-1: Product: syz [ 540.480958][ T5840] usb 1-1: Manufacturer: syz [ 540.480970][ T5840] usb 1-1: SerialNumber: syz [ 540.708153][ T5840] usblp 1-1:1.0: usblp0: USB Unidirectional printer dev 73 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 540.978913][ T5836] usb 1-1: USB disconnect, device number 73 [ 540.987172][ T5836] usblp0: removed [ 541.392672][T11352] FAULT_INJECTION: forcing a failure. [ 541.392672][T11352] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 541.406010][T11352] CPU: 1 UID: 0 PID: 11352 Comm: syz.1.1175 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 541.406042][T11352] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 541.406056][T11352] Call Trace: [ 541.406066][T11352] [ 541.406075][T11352] dump_stack_lvl+0x189/0x250 [ 541.406115][T11352] ? __pfx____ratelimit+0x10/0x10 [ 541.406148][T11352] ? __pfx_dump_stack_lvl+0x10/0x10 [ 541.406184][T11352] ? __pfx__printk+0x10/0x10 [ 541.406208][T11352] ? __might_fault+0xb0/0x130 [ 541.406242][T11352] should_fail_ex+0x414/0x560 [ 541.406277][T11352] _copy_from_user+0x2d/0xb0 [ 541.406300][T11352] get_compat_msghdr+0xad/0x4a0 [ 541.406337][T11352] ? __pfx_get_compat_msghdr+0x10/0x10 [ 541.406381][T11352] ___sys_sendmsg+0x193/0x2a0 [ 541.406420][T11352] ? __pfx____sys_sendmsg+0x10/0x10 [ 541.406488][T11352] ? __fget_files+0x2a/0x420 [ 541.406512][T11352] ? __fget_files+0x3a0/0x420 [ 541.406547][T11352] __sys_sendmsg+0x164/0x220 [ 541.406578][T11352] ? __pfx___sys_sendmsg+0x10/0x10 [ 541.406623][T11352] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 541.406658][T11352] ? lockdep_hardirqs_on+0x9c/0x150 [ 541.406693][T11352] __do_fast_syscall_32+0xb6/0x2b0 [ 541.406716][T11352] ? lockdep_hardirqs_on+0x9c/0x150 [ 541.406753][T11352] do_fast_syscall_32+0x34/0x80 [ 541.406775][T11352] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 541.406803][T11352] RIP: 0023:0xf7f18539 [ 541.406821][T11352] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 541.406841][T11352] RSP: 002b:00000000f503655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 541.406863][T11352] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 541.406880][T11352] RDX: 0000000000000004 RSI: 0000000000000000 RDI: 0000000000000000 [ 541.406893][T11352] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 541.406906][T11352] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 541.406919][T11352] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 541.406950][T11352] [ 541.619190][ C1] vkms_vblank_simulate: vblank timer overrun [ 541.760751][ T5840] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 541.982669][ T5840] usb 3-1: New USB device found, idVendor=133e, idProduct=0815, bcdDevice=7e.66 [ 541.995914][ T5840] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 542.045970][ T5840] usb 3-1: Product: syz [ 542.058802][ T5840] usb 3-1: Manufacturer: syz [ 542.078890][ T5840] usb 3-1: SerialNumber: syz [ 542.093497][ T5840] usb 3-1: config 0 descriptor?? [ 542.175729][ T5840] snd-usb-audio 3-1:0.0: probe with driver snd-usb-audio failed with error -22 [ 542.689695][ T5840] usb 3-1: USB disconnect, device number 64 [ 543.957368][T11378] netlink: 'syz.4.1181': attribute type 10 has an invalid length. [ 543.965857][T11378] netlink: 55 bytes leftover after parsing attributes in process `syz.4.1181'. [ 544.226497][T11381] netlink: 256 bytes leftover after parsing attributes in process `syz.2.1182'. [ 544.664785][ T30] audit: type=1326 audit(1749986021.753:1930): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11384 comm="syz.3.1184" exe="/root/syz-executor" sig=9 arch=40000003 syscall=252 compat=1 ip=0xf7f17539 code=0x0 [ 544.789139][ T5836] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 544.999300][ T5836] usb 2-1: Using ep0 maxpacket: 16 [ 545.008779][ T5836] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 545.010015][ T5840] usb 4-1: new high-speed USB device number 67 using dummy_hcd [ 545.028677][ T5836] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 545.100811][ T5836] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 545.105279][T11393] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1185'. [ 545.129161][T11393] tipc: Started in network mode [ 545.140213][T11393] tipc: Node identity aaaaaaaaaaaa, cluster identity 4711 [ 545.154710][T11393] tipc: Enabled bearer , priority 10 [ 545.157962][ T5836] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 545.181996][ T5836] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.195540][ T5836] usb 2-1: Product: syz [ 545.202971][ T5836] usb 2-1: Manufacturer: syz [ 545.207620][ T5836] usb 2-1: SerialNumber: syz [ 545.217497][ T5840] usb 4-1: config 0 has no interfaces? [ 545.228917][ T5840] usb 4-1: New USB device found, idVendor=bb1e, idProduct=0003, bcdDevice=d7.3b [ 545.269225][ T5840] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.277301][ T5840] usb 4-1: Product: syz [ 545.319424][ T5840] usb 4-1: Manufacturer: syz [ 545.324117][ T5840] usb 4-1: SerialNumber: syz [ 545.350434][ T5840] usb 4-1: config 0 descriptor?? [ 545.539325][ T5935] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 545.626314][ T5836] usb 2-1: 2:1 : format type 0 is detected, processed as PCM [ 545.719607][ T5935] usb 3-1: Using ep0 maxpacket: 8 [ 545.737281][ T5935] usb 3-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 545.747705][ T5935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 545.759947][ T5935] usb 3-1: Product: syz [ 545.766549][ T5935] usb 3-1: Manufacturer: syz [ 545.773136][ T5935] usb 3-1: SerialNumber: syz [ 545.785002][ T5935] usb 3-1: config 0 descriptor?? [ 545.801143][ T5935] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 545.819928][ T5935] usb 3-1: setting power ON [ 545.825107][ T5935] dvb-usb: bulk message failed: -22 (2/0) [ 545.835946][ T5935] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 545.851300][ T5935] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 545.872535][ T5935] usb 3-1: media controller created [ 545.899734][ T10] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 545.943196][ T5935] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 545.987384][ T5935] usb 3-1: selecting invalid altsetting 6 [ 545.995840][ T5935] usb 3-1: digital interface selection failed (-22) [ 546.008562][ T5935] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 546.026473][ T5935] usb 3-1: setting power OFF [ 546.064901][ T5935] dvb-usb: bulk message failed: -22 (2/0) [ 546.079336][ T5935] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 546.089910][ T5935] (NULL device *): no alternate interface [ 546.091613][ T10] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x1 has invalid wMaxPacketSize 0 [ 546.118125][ T10] usb 5-1: config 1 interface 0 altsetting 0 bulk endpoint 0x1 has invalid maxpacket 0 [ 546.161993][ T5929] tipc: Node number set to 43690 [ 546.173435][ T10] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 546.202749][ T10] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= 0.41 [ 546.223405][ T5935] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 546.235425][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=11 [ 546.244858][ T10] usb 5-1: Product: syz [ 546.283114][ T10] usb 5-1: Manufacturer: syz [ 546.288672][ T10] usb 5-1: SerialNumber: syz [ 546.304482][ T5935] usb 3-1: USB disconnect, device number 65 [ 546.342904][ T5836] usb 2-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 546.480621][ T5836] usb 2-1: USB disconnect, device number 77 [ 546.564645][ T5986] udevd[5986]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 546.594703][ T10] usblp 5-1:1.0: usblp0: USB Unidirectional printer dev 84 if 0 alt 0 proto 1 vid 0x0525 pid 0xA4A8 [ 546.813601][T11414] gretap0: entered promiscuous mode [ 546.827948][T11414] macsec1: entered promiscuous mode [ 546.845144][T11414] gretap0: left promiscuous mode [ 546.848546][ T5929] usb 5-1: USB disconnect, device number 84 [ 546.884810][ T5929] usblp0: removed [ 548.074999][ T5836] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 548.474000][ T5840] usb 4-1: USB disconnect, device number 67 [ 548.489756][ T5836] usb 2-1: Using ep0 maxpacket: 8 [ 548.514007][ T5836] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 548.562600][ T5836] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 548.595061][ T5836] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 548.641851][ T5836] usb 2-1: Product: syz [ 548.653193][ T5836] usb 2-1: Manufacturer: syz [ 548.658117][ T5836] usb 2-1: SerialNumber: syz [ 548.696902][ T5836] usb 2-1: config 0 descriptor?? [ 548.726551][ T5836] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 548.903819][T11431] FAULT_INJECTION: forcing a failure. [ 548.903819][T11431] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 548.945137][T11421] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1195'. [ 548.954361][ T5836] usb 2-1: setting power ON [ 548.954388][ T5836] dvb-usb: bulk message failed: -22 (2/0) [ 548.973974][ T5836] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 548.980774][T11431] CPU: 0 UID: 0 PID: 11431 Comm: syz.3.1198 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 548.980818][T11431] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 548.980836][T11431] Call Trace: [ 548.980859][T11431] [ 548.980872][T11431] dump_stack_lvl+0x189/0x250 [ 548.980928][T11431] ? __pfx____ratelimit+0x10/0x10 [ 548.980966][T11431] ? __pfx_dump_stack_lvl+0x10/0x10 [ 548.981013][T11431] ? __pfx__printk+0x10/0x10 [ 548.981056][T11431] should_fail_ex+0x414/0x560 [ 548.981098][T11431] _copy_to_user+0x31/0xb0 [ 548.981127][T11431] simple_read_from_buffer+0xe1/0x170 [ 548.981162][T11431] proc_fail_nth_read+0x1df/0x250 [ 548.981197][T11431] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 548.981230][T11431] ? rw_verify_area+0x258/0x650 [ 548.981268][T11431] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 548.981300][T11431] vfs_read+0x200/0x980 [ 548.981345][T11431] ? __pfx___mutex_lock+0x10/0x10 [ 548.981371][T11431] ? __pfx_vfs_read+0x10/0x10 [ 548.981410][T11431] ? __fget_files+0x2a/0x420 [ 548.981443][T11431] ? __fget_files+0x3a0/0x420 [ 548.981470][T11431] ? __fget_files+0x2a/0x420 [ 548.981509][T11431] ksys_read+0x145/0x250 [ 548.981536][T11431] ? __pfx_ksys_read+0x10/0x10 [ 548.981562][T11431] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 548.981602][T11431] ? lockdep_hardirqs_on+0x9c/0x150 [ 548.981644][T11431] __do_fast_syscall_32+0xb6/0x2b0 [ 548.981669][T11431] ? lockdep_hardirqs_on+0x9c/0x150 [ 548.981712][T11431] do_fast_syscall_32+0x34/0x80 [ 548.981735][T11431] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 548.981766][T11431] RIP: 0023:0xf7f17539 [ 548.981787][T11431] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 548.981808][T11431] RSP: 002b:00000000f5036590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 548.981835][T11431] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000f5036620 [ 548.981853][T11431] RDX: 000000000000000f RSI: 00000000f73a2ff4 RDI: 0000000000000000 [ 548.981869][T11431] RBP: 0000000000000001 R08: 0000000000000000 R09: 0000000000000000 [ 548.981883][T11431] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 548.981899][T11431] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 548.981933][T11431] [ 549.250637][T11421] dvb-usb: bulk message failed: -22 (3/0) [ 549.256605][T11421] dvb-usb: bulk message failed: -22 (5/0) [ 549.323024][T11440] netlink: 'syz.0.1199': attribute type 63 has an invalid length. [ 549.343554][ T5836] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 549.367975][ T5836] usb 2-1: media controller created [ 549.543889][ T5836] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 549.623618][ T5836] usb 2-1: selecting invalid altsetting 6 [ 549.647207][ T5836] usb 2-1: digital interface selection failed (-22) [ 549.879897][ T5836] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 549.917061][ T5836] usb 2-1: setting power OFF [ 549.928815][ T5836] dvb-usb: bulk message failed: -22 (2/0) [ 549.943952][ T5836] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 549.963958][ T5836] (NULL device *): no alternate interface [ 550.120677][ T5836] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 550.188929][ T5836] usb 2-1: USB disconnect, device number 78 [ 550.329451][T11451] fuse: Bad value for 'fd' [ 550.680235][ T8985] usb 1-1: new high-speed USB device number 74 using dummy_hcd [ 550.813318][T11453] veth1_macvtap: left promiscuous mode [ 550.882699][ T8985] usb 1-1: Using ep0 maxpacket: 32 [ 550.969871][ T8985] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 551.036449][ T8985] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 551.074352][ T8985] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2d5a, bcdDevice= 0.00 [ 551.156220][ T8985] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 551.194368][ T8985] usb 1-1: config 0 descriptor?? [ 551.311831][T11459] syz_tun: entered promiscuous mode [ 551.320099][T11459] syz_tun: left promiscuous mode [ 551.629847][T11464] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1206'. [ 551.706118][ T5932] usb 4-1: new high-speed USB device number 68 using dummy_hcd [ 551.911171][T11471] netlink: 32 bytes leftover after parsing attributes in process `syz.2.1207'. [ 552.097864][T11448] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1201'. [ 552.349368][ T5932] usb 4-1: Using ep0 maxpacket: 16 [ 552.482872][ T5932] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 552.495960][ T5932] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 552.507575][ T5929] usb 5-1: new full-speed USB device number 85 using dummy_hcd [ 552.515947][ T5932] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 552.540126][ T5932] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 552.549876][ T5932] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 552.557912][ T5932] usb 4-1: Product: syz [ 552.564068][ T5932] usb 4-1: Manufacturer: syz [ 552.589245][T11478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1207'. [ 552.605211][T11478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1207'. [ 552.618209][T11478] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1207'. [ 552.633096][ T5932] usb 4-1: SerialNumber: syz [ 553.330406][ T5932] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 553.339657][ T5929] usb 5-1: config 0 has an invalid interface number: 1 but max is 0 [ 553.347798][ T5929] usb 5-1: config 0 has no interface number 0 [ 553.419122][ T5929] usb 5-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 553.461723][ T8985] usbhid 1-1:0.0: can't add hid device: -71 [ 553.467935][ T8985] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 553.477863][ T5929] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 553.559908][ T8985] usb 1-1: USB disconnect, device number 74 [ 553.600417][ T5929] usb 5-1: config 0 descriptor?? [ 553.640013][ T5929] usb 5-1: selecting invalid altsetting 1 [ 553.659719][ T5929] dvb_ttusb_budget: ttusb_init_controller: error [ 553.680982][ T5929] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 553.820119][T11472] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 553.829147][T11472] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 554.011353][ T5932] usb 4-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 554.044602][ T5929] DVB: Unable to find symbol cx22700_attach() [ 554.125298][ T30] audit: type=1326 audit(1749986031.213:1931): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11480 comm="syz.0.1210" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7fc00000 [ 554.230623][ T5932] usb 4-1: USB disconnect, device number 68 [ 554.261984][ T5929] DVB: Unable to find symbol tda10046_attach() [ 554.280100][ T5929] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 554.586105][ T30] audit: type=1326 audit(1749986031.673:1932): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11480 comm="syz.0.1210" exe="/root/syz-executor" sig=0 arch=40000003 syscall=54 compat=1 ip=0xf70ce539 code=0x7fc00000 [ 554.608188][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.648957][ T30] audit: type=1326 audit(1749986031.673:1933): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11480 comm="syz.0.1210" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7fc00000 [ 554.748930][ T30] audit: type=1326 audit(1749986031.673:1934): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11480 comm="syz.0.1210" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7fc00000 [ 554.819892][ T30] audit: type=1326 audit(1749986031.673:1935): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11480 comm="syz.0.1210" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7fc00000 [ 554.842089][ C0] vkms_vblank_simulate: vblank timer overrun [ 554.853201][ T30] audit: type=1326 audit(1749986031.673:1936): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11480 comm="syz.0.1210" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7fc00000 [ 554.875708][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.021124][ T30] audit: type=1326 audit(1749986031.673:1937): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11480 comm="syz.0.1210" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7fc00000 [ 555.043297][ C0] vkms_vblank_simulate: vblank timer overrun [ 555.066692][ T5932] usb 5-1: USB disconnect, device number 85 [ 555.155572][ T30] audit: type=1326 audit(1749986031.673:1938): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11480 comm="syz.0.1210" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7fc00000 [ 555.182706][ T30] audit: type=1326 audit(1749986031.673:1939): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11480 comm="syz.0.1210" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7fc00000 [ 555.206039][ T5929] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 555.302854][ T30] audit: type=1326 audit(1749986031.673:1940): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11480 comm="syz.0.1210" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ce539 code=0x7fc00000 [ 555.479171][ T5929] usb 2-1: Using ep0 maxpacket: 8 [ 555.491257][ T5929] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 555.711458][ T5929] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 555.742962][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 555.930591][ T5929] usb 2-1: Product: syz [ 555.934844][ T5929] usb 2-1: Manufacturer: syz [ 555.939775][ T5840] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 555.948797][ T5929] usb 2-1: SerialNumber: syz [ 556.136701][ T5929] usb 2-1: config 0 descriptor?? [ 556.232281][ T5929] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 556.242987][ T5840] usb 5-1: config 0 has an invalid interface number: 114 but max is 0 [ 556.252769][ T5840] usb 5-1: config 0 has no interface number 0 [ 556.262849][ T5840] usb 5-1: New USB device found, idVendor=0547, idProduct=2720, bcdDevice=13.67 [ 556.272607][ T5929] usb 2-1: setting power ON [ 556.279235][ T5840] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 556.289136][ T5840] usb 5-1: Product: syz [ 556.297451][ T5929] dvb-usb: bulk message failed: -22 (2/0) [ 556.311190][ T5840] usb 5-1: Manufacturer: syz [ 556.319942][ T5840] usb 5-1: SerialNumber: syz [ 556.360596][ T5840] usb 5-1: config 0 descriptor?? [ 556.383224][ T5929] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 556.403212][ T5929] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 556.456797][T11494] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1212'. [ 556.468699][T11494] dvb-usb: bulk message failed: -22 (3/0) [ 556.474988][T11494] dvb-usb: bulk message failed: -22 (5/0) [ 556.490641][ T5929] usb 2-1: media controller created [ 556.582812][ T5840] cdc_subset 5-1:0.114: probe with driver cdc_subset failed with error -22 [ 556.679729][ T5929] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 556.758022][ T5929] usb 2-1: selecting invalid altsetting 6 [ 556.766883][ T5929] usb 2-1: digital interface selection failed (-22) [ 556.777015][ T5929] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 556.790000][T11504] binder: 11502:11504 ioctl c0306201 80000240 returned -11 [ 556.830094][ T5840] usb 5-1: USB disconnect, device number 86 [ 556.838676][ T5929] usb 2-1: setting power OFF [ 556.843475][ T5929] dvb-usb: bulk message failed: -22 (2/0) [ 556.866167][ T5929] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 556.892626][T11511] netlink: 'syz.2.1216': attribute type 4 has an invalid length. [ 556.900851][T11511] netlink: 17 bytes leftover after parsing attributes in process `syz.2.1216'. [ 557.085569][ T5929] (NULL device *): no alternate interface [ 557.241641][ T5929] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 557.324199][ T5929] usb 2-1: USB disconnect, device number 79 [ 558.628904][ T5929] usb 4-1: new full-speed USB device number 69 using dummy_hcd [ 558.789477][ T5929] usb 4-1: device descriptor read/64, error -71 [ 559.120641][ T5929] usb 4-1: new full-speed USB device number 70 using dummy_hcd [ 559.249583][ T5840] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 559.270967][ T5929] usb 4-1: device descriptor read/64, error -71 [ 559.420047][ T5929] usb usb4-port1: attempt power cycle [ 559.439315][ T5840] usb 2-1: Using ep0 maxpacket: 16 [ 559.452699][ T5840] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 559.465454][ T5840] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 559.478033][ T5840] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 559.497735][ T5840] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 559.525950][ T5840] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 559.600955][ T5840] usb 2-1: Product: syz [ 559.605495][ T5840] usb 2-1: Manufacturer: syz [ 559.613147][ T5840] usb 2-1: SerialNumber: syz [ 559.833514][ T5929] usb 4-1: new full-speed USB device number 71 using dummy_hcd [ 559.876529][T11510] delete_channel: no stack [ 559.885048][ T5929] usb 4-1: device descriptor read/8, error -71 [ 559.946048][T11539] binder: 11512:11539 ioctl c0306201 800003c0 returned -14 [ 560.146677][ T5840] usb 2-1: 2:1 : format type 0 is detected, processed as PCM [ 560.179323][ T5929] usb 4-1: new full-speed USB device number 72 using dummy_hcd [ 560.211710][ T5929] usb 4-1: device descriptor read/8, error -71 [ 560.665169][ T5929] usb usb4-port1: unable to enumerate USB device [ 560.699799][ T5932] usb 3-1: new high-speed USB device number 66 using dummy_hcd [ 560.899446][ T5932] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 560.922958][ T5932] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 18 [ 560.952441][ T5932] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 560.970180][ T5932] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 560.984282][ T5932] usb 3-1: SerialNumber: syz [ 561.012380][ T5932] cdc_ether 3-1:1.0: skipping garbage [ 561.018469][ T5932] usb 3-1: bad CDC descriptors [ 561.453755][ T5840] usb 2-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 561.468065][ T5836] usb 3-1: USB disconnect, device number 66 [ 561.490228][ T5932] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 561.669252][ T5932] usb 5-1: Using ep0 maxpacket: 8 [ 561.680903][ T5840] usb 2-1: USB disconnect, device number 80 [ 561.699210][ T5932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 561.762250][ T5932] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 561.772653][ T5932] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 561.785710][ T5932] usb 5-1: Product: syz [ 561.795974][ T5932] usb 5-1: Manufacturer: syz [ 561.805591][ T5932] usb 5-1: SerialNumber: syz [ 561.818079][ T5932] usb 5-1: config 0 descriptor?? [ 562.010401][ T5932] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 562.053641][ T5932] usb 5-1: setting power ON [ 562.059356][ T5932] dvb-usb: bulk message failed: -22 (2/0) [ 562.086183][ T5932] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 562.107014][ T5932] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 562.134508][ T5932] usb 5-1: media controller created [ 562.203156][T11555] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1228'. [ 562.226682][T11555] dvb-usb: bulk message failed: -22 (3/0) [ 562.242379][ T5932] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 562.257138][T11555] dvb-usb: bulk message failed: -22 (5/0) [ 562.294321][ T5932] usb 5-1: selecting invalid altsetting 6 [ 562.300925][ T5932] usb 5-1: digital interface selection failed (-22) [ 562.310652][ T5932] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 562.326996][ T5932] usb 5-1: setting power OFF [ 562.336731][ T5932] dvb-usb: bulk message failed: -22 (2/0) [ 562.345801][ T5932] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 562.355683][ T5932] (NULL device *): no alternate interface [ 562.757561][T11574] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1234'. [ 562.769996][ T30] kauditd_printk_skb: 64 callbacks suppressed [ 562.770018][ T30] audit: type=1326 audit(1749986039.863:2005): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11567 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf7fc1539 code=0x7fc00000 [ 562.980303][ T5932] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 563.031141][ T5932] usb 5-1: USB disconnect, device number 87 [ 563.248512][ T30] audit: type=1326 audit(1749986040.333:2006): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=11567 comm="syz.2.1232" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf7fc1558 code=0x7fc00000 [ 563.539414][ T10] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 563.682123][T11594] tipc: Started in network mode [ 563.739430][T11594] tipc: Node identity ac14142a, cluster identity 4711 [ 563.746443][ T10] usb 5-1: New USB device found, idVendor=20b7, idProduct=1540, bcdDevice=b7.5a [ 563.759756][T11594] tipc: Enabled bearer , priority 10 [ 563.802766][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 563.844846][ T10] usb 5-1: Product: syz [ 563.882048][ T10] usb 5-1: Manufacturer: syz [ 563.959450][ T10] usb 5-1: SerialNumber: syz [ 563.972802][ T10] usb 5-1: config 0 descriptor?? [ 564.418238][ T10] usb 5-1: Firmware version (0.0) predates our first public release. [ 564.443253][ T10] usb 5-1: Please update to version 0.2 or newer [ 564.918753][ T5932] tipc: Node number set to 2886997034 [ 565.179149][ T5932] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 565.359281][ T5932] usb 3-1: Using ep0 maxpacket: 16 [ 565.366666][ T5932] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 565.497463][ T5932] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 565.526579][ T5932] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 565.546771][ T5932] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 565.561008][ T5932] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 565.584103][ T5932] usb 3-1: Product: syz [ 565.594902][ T5932] usb 3-1: Manufacturer: syz [ 565.604755][ T5932] usb 3-1: SerialNumber: syz [ 565.761297][ T5929] usb 4-1: new high-speed USB device number 73 using dummy_hcd [ 566.117019][ T5932] usb 3-1: 2:1 : format type 0 is detected, processed as PCM [ 566.130267][ T5929] usb 4-1: Using ep0 maxpacket: 32 [ 566.188532][ T5836] usb 5-1: USB disconnect, device number 88 [ 566.189787][ T5929] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 566.271418][ T5929] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 42399, setting to 1024 [ 566.339427][ T5929] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 566.430721][ T5929] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 566.581985][ T5929] usb 4-1: config 0 descriptor?? [ 566.589638][T11602] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 566.655568][ T5929] hub 4-1:0.0: USB hub found [ 566.819282][ T5929] hub 4-1:0.0: 1 port detected [ 567.017842][ T5932] usb 3-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 567.159743][ T5932] usb 3-1: USB disconnect, device number 67 [ 567.361457][ T5957] udevd[5957]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 567.865205][ T5932] usb 4-1: USB disconnect, device number 73 [ 568.026423][T11642] syzkaller1: entered promiscuous mode [ 568.037164][T11642] syzkaller1: entered allmulticast mode [ 568.072693][T11638] syz.2.1251: attempt to access beyond end of device [ 568.072693][T11638] md2: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 568.165340][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 568.172072][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 568.299587][ T5929] usb 1-1: new high-speed USB device number 75 using dummy_hcd [ 568.523933][ T5929] usb 1-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 568.633632][ T5929] usb 1-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 568.649671][ T5929] usb 1-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 568.665761][ T5929] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 568.687353][T11632] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 568.711532][ T5929] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 568.739744][ T5840] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 568.949283][ T5840] usb 5-1: Using ep0 maxpacket: 8 [ 568.998669][ T5840] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 569.017069][ T5840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 569.055968][ T5840] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 569.308599][ T5840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 569.418375][ T5840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 569.605273][T11663] FAULT_INJECTION: forcing a failure. [ 569.605273][T11663] name failslab, interval 1, probability 0, space 0, times 0 [ 569.618906][T11663] CPU: 1 UID: 0 PID: 11663 Comm: syz.2.1257 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 569.618935][T11663] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 569.618949][T11663] Call Trace: [ 569.618958][T11663] [ 569.618967][T11663] dump_stack_lvl+0x189/0x250 [ 569.619011][T11663] ? __pfx____ratelimit+0x10/0x10 [ 569.619043][T11663] ? __pfx_dump_stack_lvl+0x10/0x10 [ 569.619077][T11663] ? __pfx__printk+0x10/0x10 [ 569.619108][T11663] ? __pfx___might_resched+0x10/0x10 [ 569.619142][T11663] ? fs_reclaim_acquire+0x7d/0x100 [ 569.619174][T11663] should_fail_ex+0x414/0x560 [ 569.619215][T11663] should_failslab+0xa8/0x100 [ 569.619241][T11663] __kmalloc_cache_noprof+0x70/0x3d0 [ 569.619263][T11663] ? rtnl_newlink+0xed/0x1c70 [ 569.619285][T11663] ? kasan_save_free_info+0x46/0x50 [ 569.619318][T11663] rtnl_newlink+0xed/0x1c70 [ 569.619340][T11663] ? netlink_sendmsg+0x805/0xb30 [ 569.619366][T11663] ? __sock_sendmsg+0x21c/0x270 [ 569.619398][T11663] ? ____sys_sendmsg+0x505/0x830 [ 569.619422][T11663] ? ___sys_sendmsg+0x21f/0x2a0 [ 569.619446][T11663] ? __sys_sendmsg+0x164/0x220 [ 569.619470][T11663] ? __do_fast_syscall_32+0xb6/0x2b0 [ 569.619490][T11663] ? do_fast_syscall_32+0x34/0x80 [ 569.619508][T11663] ? entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 569.619543][T11663] ? __pfx_rtnl_newlink+0x10/0x10 [ 569.619592][T11663] ? kasan_quarantine_put+0xdd/0x220 [ 569.619625][T11663] ? lockdep_hardirqs_on+0x9c/0x150 [ 569.619665][T11663] ? nlmon_xmit+0xb0/0x100 [ 569.619697][T11663] ? kmem_cache_free+0x18f/0x400 [ 569.619726][T11663] ? __local_bh_enable_ip+0x12d/0x1c0 [ 569.619760][T11663] ? lockdep_hardirqs_on+0x9c/0x150 [ 569.619794][T11663] ? __local_bh_enable_ip+0x12d/0x1c0 [ 569.619827][T11663] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 569.619865][T11663] ? __dev_queue_xmit+0x27e/0x3a70 [ 569.619910][T11663] ? __lock_acquire+0xab9/0xd20 [ 569.619967][T11663] ? __pfx_rtnl_newlink+0x10/0x10 [ 569.619991][T11663] rtnetlink_rcv_msg+0x7cf/0xb70 [ 569.620019][T11663] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 569.620042][T11663] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 569.620064][T11663] ? ref_tracker_free+0x63a/0x7d0 [ 569.620092][T11663] ? __copy_skb_header+0xa7/0x550 [ 569.620124][T11663] ? __pfx_ref_tracker_free+0x10/0x10 [ 569.620155][T11663] ? __skb_clone+0x63/0x7a0 [ 569.620199][T11663] netlink_rcv_skb+0x205/0x470 [ 569.620226][T11663] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 569.620252][T11663] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 569.620293][T11663] ? netlink_deliver_tap+0x2e/0x1b0 [ 569.620317][T11663] ? netlink_deliver_tap+0x2e/0x1b0 [ 569.620350][T11663] netlink_unicast+0x758/0x8d0 [ 569.620385][T11663] netlink_sendmsg+0x805/0xb30 [ 569.620423][T11663] ? __pfx_netlink_sendmsg+0x10/0x10 [ 569.620452][T11663] ? __import_iovec+0x5d4/0x7f0 [ 569.620472][T11663] ? aa_sock_msg_perm+0x94/0x160 [ 569.620501][T11663] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 569.620529][T11663] ? __pfx_netlink_sendmsg+0x10/0x10 [ 569.620558][T11663] __sock_sendmsg+0x21c/0x270 [ 569.620596][T11663] ____sys_sendmsg+0x505/0x830 [ 569.620630][T11663] ? __pfx_____sys_sendmsg+0x10/0x10 [ 569.620676][T11663] ___sys_sendmsg+0x21f/0x2a0 [ 569.620708][T11663] ? __pfx____sys_sendmsg+0x10/0x10 [ 569.620776][T11663] ? __fget_files+0x2a/0x420 [ 569.620799][T11663] ? __fget_files+0x3a0/0x420 [ 569.620831][T11663] __sys_sendmsg+0x164/0x220 [ 569.620862][T11663] ? __pfx___sys_sendmsg+0x10/0x10 [ 569.620905][T11663] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 569.620939][T11663] ? lockdep_hardirqs_on+0x9c/0x150 [ 569.620974][T11663] __do_fast_syscall_32+0xb6/0x2b0 [ 569.620996][T11663] ? lockdep_hardirqs_on+0x9c/0x150 [ 569.621032][T11663] do_fast_syscall_32+0x34/0x80 [ 569.621052][T11663] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 569.621079][T11663] RIP: 0023:0xf7fc1539 [ 569.621098][T11663] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 569.621118][T11663] RSP: 002b:00000000f50e655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 569.621141][T11663] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000080 [ 569.621157][T11663] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 569.621170][T11663] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 569.621183][T11663] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 569.621203][T11663] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 569.621234][T11663] [ 569.621909][ T5840] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 570.454136][ T5840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 570.525697][ T5914] usb 1-1: USB disconnect, device number 75 [ 570.547180][ T5840] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 570.576735][ T5840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 570.598888][ T5840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 570.628431][ T5840] usb 5-1: config 168 descriptor has 1 excess byte, ignoring [ 570.680962][ T5840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 570.838827][ T5840] usb 5-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 570.936912][ T5840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 570.970866][ T5840] usb 5-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 570.987710][ T5840] usb 5-1: string descriptor 0 read error: -22 [ 571.059814][ T5840] usb 5-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 571.079923][ T5840] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.149392][ T5840] adutux 5-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 571.281579][T11681] IPVS: ip_vs_add_dest(): lower threshold is higher than upper threshold [ 571.329303][ T5929] usb 1-1: new high-speed USB device number 76 using dummy_hcd [ 571.500109][ T5929] usb 1-1: Using ep0 maxpacket: 16 [ 571.507089][ T5929] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 571.520146][ T5929] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 571.540250][ T5929] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 571.556198][ T5929] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 571.565767][ T5929] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 571.576956][ T5929] usb 1-1: Product: syz [ 571.585063][ T5929] usb 1-1: Manufacturer: syz [ 571.619615][ T5929] usb 1-1: SerialNumber: syz [ 571.934438][ T5840] usb 5-1: USB disconnect, device number 89 [ 572.082106][ T5929] usb 1-1: 2:1 : format type 0 is detected, processed as PCM [ 572.609159][ T5914] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 572.759318][ T5914] usb 2-1: Using ep0 maxpacket: 8 [ 572.773813][ T5929] usb 1-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 572.799217][ T5914] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 572.819281][ T5914] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 572.836580][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 572.848136][ T5914] usb 2-1: Product: syz [ 572.852689][ T5929] usb 1-1: USB disconnect, device number 76 [ 572.865924][ T5914] usb 2-1: Manufacturer: syz [ 572.893082][ T5914] usb 2-1: SerialNumber: syz [ 572.906191][ T5914] usb 2-1: config 0 descriptor?? [ 572.920446][T11695] netlink: 'syz.3.1266': attribute type 21 has an invalid length. [ 572.946089][ T5914] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 572.977886][ T5914] usb 2-1: setting power ON [ 573.005735][ T5914] dvb-usb: bulk message failed: -22 (2/0) [ 573.047690][ T5914] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 573.096799][ T5914] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 573.115293][ T5914] usb 2-1: media controller created [ 573.138759][T11689] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1264'. [ 573.207757][ T5914] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 573.611123][ T5914] usb 2-1: selecting invalid altsetting 6 [ 573.618110][ T5914] usb 2-1: digital interface selection failed (-22) [ 573.624945][ T5914] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 573.766967][ T5914] usb 2-1: setting power OFF [ 573.798428][ T5914] dvb-usb: bulk message failed: -22 (2/0) [ 573.828447][ T5914] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 573.844409][ T5914] (NULL device *): no alternate interface [ 574.068674][ T5914] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 574.217948][ T5914] usb 2-1: USB disconnect, device number 81 [ 575.849237][ T5840] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 576.029108][ T5840] usb 3-1: Using ep0 maxpacket: 8 [ 576.043520][ T5840] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 576.103288][ T5840] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 576.124821][ T5840] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 576.237529][ T5840] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 576.359187][ T5840] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 576.388051][ T5840] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 576.427626][ T5840] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 576.448507][ T5840] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 576.489507][ T5840] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 576.512071][ T5840] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 576.543057][ T5840] usb 3-1: config 168 descriptor has 1 excess byte, ignoring [ 576.634153][ T5840] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 576.712203][ T5840] usb 3-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 576.758035][ T5840] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 576.770506][ T10] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 576.808866][ T5840] usb 3-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 576.845921][ T5840] usb 3-1: string descriptor 0 read error: -22 [ 576.859457][ T5840] usb 3-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 576.868599][ T5840] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 576.929369][ T10] usb 5-1: Using ep0 maxpacket: 8 [ 576.943927][ T10] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 576.960183][ T5914] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 576.969956][ T5840] adutux 3-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 576.994256][ T10] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 577.025103][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 577.050184][ T10] usb 5-1: Product: syz [ 577.059600][ T10] usb 5-1: Manufacturer: syz [ 577.065753][ T10] usb 5-1: SerialNumber: syz [ 577.082135][ T10] usb 5-1: config 0 descriptor?? [ 577.102769][ T10] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 577.111275][ T10] usb 5-1: setting power ON [ 577.120353][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 577.134607][ T10] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 577.144908][ T10] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 577.154794][ T5914] usb 2-1: Using ep0 maxpacket: 8 [ 577.162184][ T5914] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 577.163252][ T10] usb 5-1: media controller created [ 577.199440][ T5914] usb 2-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 577.208577][ T5914] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 577.243586][ T10] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 577.278774][ T5840] usb 3-1: USB disconnect, device number 68 [ 577.307551][T11746] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1279'. [ 577.329206][ T5914] usb 2-1: Product: syz [ 577.333468][ T5914] usb 2-1: Manufacturer: syz [ 577.338115][ T5914] usb 2-1: SerialNumber: syz [ 577.350554][T11746] dvb-usb: bulk message failed: -22 (3/0) [ 577.367232][T11746] dvb-usb: bulk message failed: -22 (5/0) [ 577.396273][ T5914] usb 2-1: config 0 descriptor?? [ 577.398356][ T10] usb 5-1: selecting invalid altsetting 6 [ 577.425922][ T5914] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 577.431066][ T10] usb 5-1: digital interface selection failed (-22) [ 577.451636][ T5914] usb 2-1: setting power ON [ 577.456219][ T5914] dvb-usb: bulk message failed: -22 (2/0) [ 577.468715][ T10] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 577.485533][ T5914] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 577.495444][ T10] usb 5-1: setting power OFF [ 577.508561][ T10] dvb-usb: bulk message failed: -22 (2/0) [ 577.514875][ T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 577.531199][ T5914] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 577.535788][ T10] (NULL device *): no alternate interface [ 577.548207][ T5914] usb 2-1: media controller created [ 577.605037][ T5914] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 577.628631][T11748] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1280'. [ 577.672810][T11748] dvb-usb: bulk message failed: -22 (5/0) [ 577.693978][ T5914] usb 2-1: selecting invalid altsetting 6 [ 577.708948][ T5914] usb 2-1: digital interface selection failed (-22) [ 577.718468][ T5914] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 577.739633][ T5914] usb 2-1: setting power OFF [ 577.744406][ T5914] dvb-usb: bulk message failed: -22 (2/0) [ 577.756967][ T5914] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 577.768601][ T5914] (NULL device *): no alternate interface [ 577.841675][ T5914] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 577.915652][T11763] macvlan2: entered promiscuous mode [ 577.923740][T11763] bridge0: entered promiscuous mode [ 578.567725][ T10] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 578.591374][ T5914] usb 2-1: USB disconnect, device number 82 [ 578.666183][ T10] usb 5-1: USB disconnect, device number 90 [ 579.171313][ T10] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 579.449828][ T10] usb 5-1: Using ep0 maxpacket: 32 [ 579.470016][ T10] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 579.529115][ T10] usb 5-1: config 0 has no interface number 0 [ 579.559704][ T10] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 579.600105][ T10] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 579.633342][ T10] usb 5-1: Product: syz [ 579.659522][ T10] usb 5-1: Manufacturer: syz [ 579.664204][ T10] usb 5-1: SerialNumber: syz [ 579.724839][ T10] usb 5-1: config 0 descriptor?? [ 579.764599][ T10] smsc95xx v2.0.0 [ 580.085986][ T5837] Bluetooth: hci1: command 0x0c1a tx timeout [ 580.396530][T11773] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 580.435245][T11773] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 581.088536][T11773] loop4: detected capacity change from 0 to 7 [ 581.132702][T11773] Dev loop4: unable to read RDB block 7 [ 581.183739][ T10] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 581.185049][T11773] loop4: unable to read partition table [ 581.227912][T11773] loop4: partition table beyond EOD, truncated [ 581.234572][ T10] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 581.240374][T11804] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(9) [ 581.250259][T11804] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 581.260610][T11773] loop_reread_partitions: partition scan of loop4 (3Ÿ ¾‚³˜) failed (rc=-5) [ 581.366997][T11804] vhci_hcd vhci_hcd.0: Device attached [ 581.502219][ T10] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -32 [ 581.529511][ T10] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -32 [ 581.573002][ T10] usb 5-1: USB disconnect, device number 91 [ 581.611547][ T5914] usb 37-1: new low-speed USB device number 2 using vhci_hcd [ 581.650599][ T5932] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 581.800192][T11813] FAULT_INJECTION: forcing a failure. [ 581.800192][T11813] name failslab, interval 1, probability 0, space 0, times 0 [ 581.839112][ T5932] usb 3-1: Using ep0 maxpacket: 32 [ 581.844543][T11813] CPU: 0 UID: 0 PID: 11813 Comm: syz.0.1299 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 581.844582][T11813] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 581.844599][T11813] Call Trace: [ 581.844611][T11813] [ 581.844623][T11813] dump_stack_lvl+0x189/0x250 [ 581.844670][T11813] ? __pfx____ratelimit+0x10/0x10 [ 581.844708][T11813] ? __pfx_dump_stack_lvl+0x10/0x10 [ 581.844747][T11813] ? __pfx__printk+0x10/0x10 [ 581.844782][T11813] ? __pfx___might_resched+0x10/0x10 [ 581.844818][T11813] ? fs_reclaim_acquire+0x7d/0x100 [ 581.844850][T11813] should_fail_ex+0x414/0x560 [ 581.844885][T11813] should_failslab+0xa8/0x100 [ 581.844915][T11813] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 581.844944][T11813] ? __alloc_skb+0x112/0x2d0 [ 581.844989][T11813] __alloc_skb+0x112/0x2d0 [ 581.845024][T11813] netlink_ack+0x146/0xa50 [ 581.845051][T11813] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 581.845076][T11813] ? ref_tracker_free+0x63a/0x7d0 [ 581.845109][T11813] ? __copy_skb_header+0xa7/0x550 [ 581.845154][T11813] ? __pfx_ref_tracker_free+0x10/0x10 [ 581.845187][T11813] ? __skb_clone+0x63/0x7a0 [ 581.845244][T11813] netlink_rcv_skb+0x28c/0x470 [ 581.845276][T11813] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 581.845304][T11813] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 581.845347][T11813] ? netlink_deliver_tap+0x2e/0x1b0 [ 581.845378][T11813] ? netlink_deliver_tap+0x2e/0x1b0 [ 581.845414][T11813] netlink_unicast+0x758/0x8d0 [ 581.845452][T11813] netlink_sendmsg+0x805/0xb30 [ 581.845493][T11813] ? __pfx_netlink_sendmsg+0x10/0x10 [ 581.845527][T11813] ? __import_iovec+0x5d4/0x7f0 [ 581.845551][T11813] ? aa_sock_msg_perm+0x94/0x160 [ 581.845586][T11813] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 581.845618][T11813] ? __pfx_netlink_sendmsg+0x10/0x10 [ 581.845651][T11813] __sock_sendmsg+0x21c/0x270 [ 581.845693][T11813] ____sys_sendmsg+0x505/0x830 [ 581.845733][T11813] ? __pfx_____sys_sendmsg+0x10/0x10 [ 581.845783][T11813] ___sys_sendmsg+0x21f/0x2a0 [ 581.845818][T11813] ? __pfx____sys_sendmsg+0x10/0x10 [ 581.845892][T11813] ? __fget_files+0x2a/0x420 [ 581.845919][T11813] ? __fget_files+0x3a0/0x420 [ 581.845966][T11813] __sys_sendmsg+0x164/0x220 [ 581.846001][T11813] ? __pfx___sys_sendmsg+0x10/0x10 [ 581.846051][T11813] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 581.846091][T11813] ? lockdep_hardirqs_on+0x9c/0x150 [ 581.846130][T11813] __do_fast_syscall_32+0xb6/0x2b0 [ 581.846156][T11813] ? lockdep_hardirqs_on+0x9c/0x150 [ 581.846198][T11813] do_fast_syscall_32+0x34/0x80 [ 581.846222][T11813] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 581.846252][T11813] RIP: 0023:0xf70ce539 [ 581.846272][T11813] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 581.846296][T11813] RSP: 002b:00000000f50be55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 581.846323][T11813] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800001c0 [ 581.846341][T11813] RDX: 0000000000040850 RSI: 0000000000000000 RDI: 0000000000000000 [ 581.846357][T11813] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 581.846373][T11813] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 581.846389][T11813] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 581.846424][T11813] [ 582.236748][ T5932] usb 3-1: New USB device found, idVendor=04b4, idProduct=861f, bcdDevice=f9.d6 [ 582.246257][ T5932] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 582.256896][ T5932] usb 3-1: config 0 descriptor?? [ 582.268941][ T5932] usb 3-1: dvb_usb_v2: found a 'Anysee' in warm state [ 582.281231][ T5932] usb 3-1: dvb_usb_v2: usb_bulk_msg() failed=-22 [ 582.289418][ T5932] dvb_usb_anysee 3-1:0.0: probe with driver dvb_usb_anysee failed with error -22 [ 582.597478][T11804] bridge0: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 582.680337][ T5914] usb 37-1: device descriptor read/64, error -71 [ 582.689449][T11804] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1296'. [ 582.716024][ T5932] usb 3-1: USB disconnect, device number 69 [ 582.740287][ T5929] usb 5-1: new high-speed USB device number 92 using dummy_hcd [ 582.773212][T11805] vhci_hcd: connection reset by peer [ 582.796708][ T1152] vhci_hcd: stop threads [ 582.818363][ T1152] vhci_hcd: release socket [ 582.835224][ T1152] vhci_hcd: disconnect device [ 582.879458][ T5914] vhci_hcd: vhci_device speed not set [ 582.909505][ T5929] usb 5-1: Using ep0 maxpacket: 8 [ 582.927423][ T5929] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 582.932309][T11829] FAULT_INJECTION: forcing a failure. [ 582.932309][T11829] name failslab, interval 1, probability 0, space 0, times 0 [ 582.950467][ T5929] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 582.956153][T11829] CPU: 1 UID: 0 PID: 11829 Comm: syz.0.1305 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 582.956191][T11829] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 582.956209][T11829] Call Trace: [ 582.956221][T11829] [ 582.956232][T11829] dump_stack_lvl+0x189/0x250 [ 582.956279][T11829] ? __pfx____ratelimit+0x10/0x10 [ 582.956317][T11829] ? __pfx_dump_stack_lvl+0x10/0x10 [ 582.956356][T11829] ? __pfx__printk+0x10/0x10 [ 582.956391][T11829] ? __pfx___might_resched+0x10/0x10 [ 582.956429][T11829] ? fs_reclaim_acquire+0x7d/0x100 [ 582.956468][T11829] should_fail_ex+0x414/0x560 [ 582.956511][T11829] should_failslab+0xa8/0x100 [ 582.956542][T11829] __kmalloc_cache_noprof+0x70/0x3d0 [ 582.956567][T11829] ? genl_start+0x1c9/0x6c0 [ 582.956609][T11829] genl_start+0x1c9/0x6c0 [ 582.956644][T11829] ? netlink_lookup+0x30/0x200 [ 582.956680][T11829] __netlink_dump_start+0x469/0x7e0 [ 582.956719][T11829] genl_family_rcv_msg_dumpit+0x1e7/0x2c0 [ 582.956763][T11829] ? __pfx_genl_family_rcv_msg_dumpit+0x10/0x10 [ 582.956809][T11829] ? rcu_is_watching+0x15/0xb0 [ 582.956845][T11829] ? __pfx_genl_start+0x10/0x10 [ 582.956878][T11829] ? __pfx_genl_dumpit+0x10/0x10 [ 582.956912][T11829] ? __pfx_genl_done+0x10/0x10 [ 582.956952][T11829] ? bpf_lsm_capable+0x9/0x20 [ 582.956976][T11829] ? security_capable+0x7e/0x2e0 [ 582.957016][T11829] genl_rcv_msg+0x5da/0x790 [ 582.957062][T11829] ? __pfx_genl_rcv_msg+0x10/0x10 [ 582.957103][T11829] ? ref_tracker_free+0x63a/0x7d0 [ 582.957134][T11829] ? __pfx_batadv_tt_local_dump+0x10/0x10 [ 582.957170][T11829] ? __pfx_ref_tracker_free+0x10/0x10 [ 582.957216][T11829] netlink_rcv_skb+0x205/0x470 [ 582.957246][T11829] ? __pfx_genl_rcv_msg+0x10/0x10 [ 582.957286][T11829] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 582.957336][T11829] ? down_read+0x1ad/0x2e0 [ 582.957367][T11829] genl_rcv+0x28/0x40 [ 582.957399][T11829] netlink_unicast+0x758/0x8d0 [ 582.957440][T11829] netlink_sendmsg+0x805/0xb30 [ 582.957482][T11829] ? __pfx_netlink_sendmsg+0x10/0x10 [ 582.957517][T11829] ? __import_iovec+0x5d4/0x7f0 [ 582.957540][T11829] ? aa_sock_msg_perm+0x94/0x160 [ 582.957577][T11829] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 582.957609][T11829] ? __pfx_netlink_sendmsg+0x10/0x10 [ 582.957641][T11829] __sock_sendmsg+0x21c/0x270 [ 582.957686][T11829] ____sys_sendmsg+0x505/0x830 [ 582.957727][T11829] ? __pfx_____sys_sendmsg+0x10/0x10 [ 582.957779][T11829] ___sys_sendmsg+0x21f/0x2a0 [ 582.957814][T11829] ? __pfx____sys_sendmsg+0x10/0x10 [ 582.957891][T11829] ? __fget_files+0x2a/0x420 [ 582.957918][T11829] ? __fget_files+0x3a0/0x420 [ 582.957960][T11829] __sys_sendmsg+0x164/0x220 [ 582.957995][T11829] ? __pfx___sys_sendmsg+0x10/0x10 [ 582.958045][T11829] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 582.958086][T11829] ? lockdep_hardirqs_on+0x9c/0x150 [ 582.958132][T11829] __do_fast_syscall_32+0xb6/0x2b0 [ 582.958157][T11829] ? lockdep_hardirqs_on+0x9c/0x150 [ 582.958199][T11829] do_fast_syscall_32+0x34/0x80 [ 582.958223][T11829] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 582.958253][T11829] RIP: 0023:0xf70ce539 [ 582.958273][T11829] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 582.958296][T11829] RSP: 002b:00000000f50be55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 582.958323][T11829] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 582.958341][T11829] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 582.958355][T11829] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 582.958371][T11829] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 582.958387][T11829] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 582.958423][T11829] [ 583.039441][ T5836] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 583.068926][ T5929] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 583.349161][ T5836] usb 2-1: Using ep0 maxpacket: 8 [ 583.366576][ T5929] usb 5-1: Product: syz [ 583.394673][ T5836] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 583.447070][ T5836] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 583.468166][ T5836] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 583.531114][ T5929] usb 5-1: Manufacturer: syz [ 583.537385][ T5929] usb 5-1: SerialNumber: syz [ 583.538178][ T5836] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 583.558870][ T5929] usb 5-1: config 0 descriptor?? [ 583.604219][ T5929] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 583.612531][ T5836] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 583.630647][ T5929] usb 5-1: setting power ON [ 583.635699][ T5929] dvb-usb: bulk message failed: -22 (2/0) [ 583.654233][ T5929] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 583.685473][ T5836] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 583.700758][ T5836] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 583.714659][ T5929] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 583.743942][ T5836] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 583.755965][ T5836] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 583.783549][ T5836] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 583.795225][ T5929] usb 5-1: media controller created [ 583.831446][T11819] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1301'. [ 583.843789][T11819] dvb-usb: bulk message failed: -22 (3/0) [ 583.850118][T11819] dvb-usb: bulk message failed: -22 (5/0) [ 583.905651][ T5929] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 583.944541][ T5929] usb 5-1: selecting invalid altsetting 6 [ 583.944569][ T5929] usb 5-1: digital interface selection failed (-22) [ 583.944581][ T5929] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 583.945183][T11840] IPVS: nq: UDP 224.0.0.2:0 - no destination available [ 583.952404][ T5929] usb 5-1: setting power OFF [ 584.026933][ T5836] usb 2-1: config 168 descriptor has 1 excess byte, ignoring [ 584.057280][ T5836] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x3 has an invalid bInterval 255, changing to 11 [ 584.116993][ T5929] dvb-usb: bulk message failed: -22 (2/0) [ 584.117021][ T5929] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 584.117038][ T5929] (NULL device *): no alternate interface [ 584.263086][ T5836] usb 2-1: config 168 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 584.263129][ T5836] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 0, changing to 7 [ 584.263160][ T5836] usb 2-1: config 168 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 584.271987][ T5836] usb 2-1: string descriptor 0 read error: -22 [ 584.272092][ T5836] usb 2-1: New USB device found, idVendor=0a07, idProduct=0064, bcdDevice=40.6e [ 584.272111][ T5836] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 584.336277][ T5836] adutux 2-1:168.0: ADU100 now attached to /dev/usb/adutux0 [ 584.761958][ T5840] usb 2-1: USB disconnect, device number 83 [ 585.383089][T11855] FAULT_INJECTION: forcing a failure. [ 585.383089][T11855] name failslab, interval 1, probability 0, space 0, times 0 [ 585.400652][T11855] CPU: 0 UID: 0 PID: 11855 Comm: syz.3.1311 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 585.400686][T11855] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 585.400701][T11855] Call Trace: [ 585.400710][T11855] [ 585.400720][T11855] dump_stack_lvl+0x189/0x250 [ 585.400760][T11855] ? __pfx____ratelimit+0x10/0x10 [ 585.400796][T11855] ? __pfx_dump_stack_lvl+0x10/0x10 [ 585.400830][T11855] ? __pfx__printk+0x10/0x10 [ 585.400858][T11855] ? __pfx___might_resched+0x10/0x10 [ 585.400893][T11855] ? fs_reclaim_acquire+0x7d/0x100 [ 585.400932][T11855] should_fail_ex+0x414/0x560 [ 585.400968][T11855] should_failslab+0xa8/0x100 [ 585.400995][T11855] __kmalloc_noprof+0xcb/0x4f0 [ 585.401016][T11855] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 585.401049][T11855] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 585.401091][T11855] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 585.401135][T11855] genl_family_rcv_msg_doit+0xb8/0x300 [ 585.401177][T11855] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 585.401213][T11855] ? rcu_is_watching+0x15/0xb0 [ 585.401252][T11855] ? apparmor_capable+0x137/0x1b0 [ 585.401285][T11855] ? bpf_lsm_capable+0x9/0x20 [ 585.401311][T11855] ? security_capable+0x7e/0x2e0 [ 585.401348][T11855] genl_rcv_msg+0x60e/0x790 [ 585.401389][T11855] ? __pfx_genl_rcv_msg+0x10/0x10 [ 585.401419][T11855] ? ref_tracker_free+0x63a/0x7d0 [ 585.401448][T11855] ? __pfx_nl80211_pre_doit+0x10/0x10 [ 585.401479][T11855] ? __pfx_nl80211_new_key+0x10/0x10 [ 585.401510][T11855] ? __pfx_nl80211_post_doit+0x10/0x10 [ 585.401543][T11855] ? __pfx_ref_tracker_free+0x10/0x10 [ 585.401585][T11855] netlink_rcv_skb+0x205/0x470 [ 585.401613][T11855] ? __pfx_genl_rcv_msg+0x10/0x10 [ 585.401647][T11855] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 585.401701][T11855] ? down_read+0x1ad/0x2e0 [ 585.401733][T11855] genl_rcv+0x28/0x40 [ 585.401764][T11855] netlink_unicast+0x758/0x8d0 [ 585.401799][T11855] netlink_sendmsg+0x805/0xb30 [ 585.401838][T11855] ? __pfx_netlink_sendmsg+0x10/0x10 [ 585.401869][T11855] ? __import_iovec+0x5d4/0x7f0 [ 585.401888][T11855] ? aa_sock_msg_perm+0x94/0x160 [ 585.401919][T11855] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 585.401955][T11855] ? __pfx_netlink_sendmsg+0x10/0x10 [ 585.401984][T11855] __sock_sendmsg+0x21c/0x270 [ 585.402022][T11855] ____sys_sendmsg+0x505/0x830 [ 585.402057][T11855] ? __pfx_____sys_sendmsg+0x10/0x10 [ 585.402120][T11855] ___sys_sendmsg+0x21f/0x2a0 [ 585.402158][T11855] ? __pfx____sys_sendmsg+0x10/0x10 [ 585.402236][T11855] ? __fget_files+0x2a/0x420 [ 585.402261][T11855] ? __fget_files+0x3a0/0x420 [ 585.402298][T11855] __sys_sendmsg+0x164/0x220 [ 585.402330][T11855] ? __pfx___sys_sendmsg+0x10/0x10 [ 585.402372][T11855] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 585.402408][T11855] ? lockdep_hardirqs_on+0x9c/0x150 [ 585.402443][T11855] __do_fast_syscall_32+0xb6/0x2b0 [ 585.402465][T11855] ? lockdep_hardirqs_on+0x9c/0x150 [ 585.402502][T11855] do_fast_syscall_32+0x34/0x80 [ 585.402525][T11855] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 585.402552][T11855] RIP: 0023:0xf7f17539 [ 585.402572][T11855] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 585.402591][T11855] RSP: 002b:00000000f503655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 585.402615][T11855] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800006c0 [ 585.402631][T11855] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 585.402644][T11855] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 585.402657][T11855] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 585.402671][T11855] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 585.402704][T11855] [ 585.835216][ T5929] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 585.868508][ T5929] usb 5-1: USB disconnect, device number 92 [ 585.895741][ T5985] udevd[5985]: setting mode of /dev/bus/usb/005/092 to 020664 failed: No such file or directory [ 586.050739][ T5985] udevd[5985]: setting owner of /dev/bus/usb/005/092 to uid=0, gid=0 failed: No such file or directory [ 586.314163][T11878] FAULT_INJECTION: forcing a failure. [ 586.314163][T11878] name failslab, interval 1, probability 0, space 0, times 0 [ 586.327129][T11878] CPU: 1 UID: 0 PID: 11878 Comm: syz.2.1316 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 586.327151][T11878] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 586.327162][T11878] Call Trace: [ 586.327168][T11878] [ 586.327175][T11878] dump_stack_lvl+0x189/0x250 [ 586.327206][T11878] ? __pfx____ratelimit+0x10/0x10 [ 586.327231][T11878] ? __pfx_dump_stack_lvl+0x10/0x10 [ 586.327256][T11878] ? __pfx__printk+0x10/0x10 [ 586.327275][T11878] ? __pfx___might_resched+0x10/0x10 [ 586.327301][T11878] ? fs_reclaim_acquire+0x7d/0x100 [ 586.327324][T11878] should_fail_ex+0x414/0x560 [ 586.327348][T11878] should_failslab+0xa8/0x100 [ 586.327367][T11878] __kmalloc_node_track_caller_noprof+0xcc/0x4e0 [ 586.327384][T11878] ? __kernfs_new_node+0x9c/0x7e0 [ 586.327403][T11878] ? is_bpf_text_address+0x292/0x2b0 [ 586.327431][T11878] kstrdup+0x42/0x100 [ 586.327452][T11878] __kernfs_new_node+0x9c/0x7e0 [ 586.327471][T11878] ? __lock_acquire+0xab9/0xd20 [ 586.327499][T11878] ? __pfx___kernfs_new_node+0x10/0x10 [ 586.327520][T11878] ? kernfs_root+0x1c/0x230 [ 586.327543][T11878] ? kernfs_root+0x1c/0x230 [ 586.327561][T11878] ? kernfs_root+0x1c/0x230 [ 586.327578][T11878] ? kernfs_root+0x1c/0x230 [ 586.327599][T11878] kernfs_new_node+0x102/0x210 [ 586.327623][T11878] kernfs_create_dir_ns+0x44/0x130 [ 586.327646][T11878] sysfs_create_dir_ns+0x123/0x280 [ 586.327667][T11878] ? __pfx_sysfs_create_dir_ns+0x10/0x10 [ 586.327687][T11878] ? do_raw_spin_unlock+0x122/0x240 [ 586.327709][T11878] kobject_add_internal+0x59f/0xb40 [ 586.327732][T11878] kobject_add+0x155/0x220 [ 586.327751][T11878] ? __pfx_kobject_add+0x10/0x10 [ 586.327771][T11878] ? get_device_parent+0x366/0x3a0 [ 586.327791][T11878] device_add+0x408/0xb50 [ 586.327811][T11878] input_register_device+0x9ca/0x10b0 [ 586.327842][T11878] uinput_create_device+0x422/0x670 [ 586.327872][T11878] uinput_ioctl_handler+0x3f0/0x1570 [ 586.327897][T11878] ? __pfx_uinput_ioctl_handler+0x10/0x10 [ 586.327928][T11878] ? vfs_write+0x8d8/0xa90 [ 586.327952][T11878] __ia32_compat_sys_ioctl+0x540/0x840 [ 586.327979][T11878] ? __pfx___ia32_compat_sys_ioctl+0x10/0x10 [ 586.328003][T11878] ? count_memcg_event_mm+0x21/0x260 [ 586.328036][T11878] ? ksys_write+0x1e1/0x250 [ 586.328056][T11878] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 586.328081][T11878] ? lockdep_hardirqs_on+0x9c/0x150 [ 586.328107][T11878] __do_fast_syscall_32+0xb6/0x2b0 [ 586.328123][T11878] ? lockdep_hardirqs_on+0x9c/0x150 [ 586.328149][T11878] do_fast_syscall_32+0x34/0x80 [ 586.328164][T11878] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 586.328183][T11878] RIP: 0023:0xf7fc1539 [ 586.328197][T11878] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 586.328211][T11878] RSP: 002b:00000000f50c555c EFLAGS: 00000206 ORIG_RAX: 0000000000000036 [ 586.328227][T11878] RAX: ffffffffffffffda RBX: 000000000000000a RCX: 0000000000005501 [ 586.328238][T11878] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 586.328247][T11878] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 586.328256][T11878] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 586.328265][T11878] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 586.328286][T11878] [ 586.328296][T11878] kobject: kobject_add_internal failed for input25 (error: -12 parent: input) [ 587.285954][T11895] xt_NFQUEUE: number of total queues is 0 [ 588.211244][T11912] FAULT_INJECTION: forcing a failure. [ 588.211244][T11912] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 588.312181][T11912] CPU: 1 UID: 0 PID: 11912 Comm: syz.3.1324 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 588.312214][T11912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 588.312228][T11912] Call Trace: [ 588.312237][T11912] [ 588.312247][T11912] dump_stack_lvl+0x189/0x250 [ 588.312287][T11912] ? __pfx____ratelimit+0x10/0x10 [ 588.312321][T11912] ? __pfx_dump_stack_lvl+0x10/0x10 [ 588.312355][T11912] ? __pfx__printk+0x10/0x10 [ 588.312380][T11912] ? __might_fault+0xb0/0x130 [ 588.312414][T11912] should_fail_ex+0x414/0x560 [ 588.312458][T11912] _copy_from_user+0x2d/0xb0 [ 588.312498][T11912] csum_and_copy_from_iter_full+0x1e1/0x1eb0 [ 588.312550][T11912] ? __pfx_csum_and_copy_from_iter_full+0x10/0x10 [ 588.312594][T11912] ? trace_kmem_cache_alloc+0x1f/0xc0 [ 588.312637][T11912] ip_generic_getfrag+0x12f/0x2b0 [ 588.312687][T11912] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 588.312725][T11912] ? skb_put+0x11b/0x210 [ 588.312759][T11912] __ip_append_data+0x3b3d/0x40f0 [ 588.312816][T11912] ? __pfx_raw_getfrag+0x10/0x10 [ 588.312881][T11912] ? __pfx___ip_append_data+0x10/0x10 [ 588.312914][T11912] ? ipv4_mtu+0x4b2/0x5c0 [ 588.312949][T11912] ? ipv4_mtu+0x23/0x5c0 [ 588.312988][T11912] ? __pfx_ipv4_mtu+0x10/0x10 [ 588.313034][T11912] ? ip_setup_cork+0x577/0x9a0 [ 588.313065][T11912] ? lockdep_hardirqs_on+0x9c/0x150 [ 588.313113][T11912] ip_append_data+0x10e/0x190 [ 588.313161][T11912] ? __pfx_raw_getfrag+0x10/0x10 [ 588.313212][T11912] raw_sendmsg+0x13d7/0x18b0 [ 588.313277][T11912] ? __pfx_raw_sendmsg+0x10/0x10 [ 588.313342][T11912] ? aa_sk_perm+0x81e/0x950 [ 588.313390][T11912] ? __pfx_aa_sk_perm+0x10/0x10 [ 588.313420][T11912] ? tomoyo_socket_sendmsg_permission+0x216/0x300 [ 588.313479][T11912] ? sock_rps_record_flow+0x19/0x410 [ 588.313517][T11912] ? inet_sendmsg+0x2f4/0x370 [ 588.313537][T11912] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 588.313579][T11912] __sock_sendmsg+0x19c/0x270 [ 588.313631][T11912] __sys_sendto+0x3bd/0x520 [ 588.313672][T11912] ? __pfx___sys_sendto+0x10/0x10 [ 588.313708][T11912] ? __mutex_unlock_slowpath+0x1cd/0x700 [ 588.313753][T11912] ? __fget_files+0x3a0/0x420 [ 588.313796][T11912] ? ksys_write+0x22a/0x250 [ 588.313835][T11912] __ia32_sys_sendto+0xdd/0x100 [ 588.313867][T11912] __do_fast_syscall_32+0xb6/0x2b0 [ 588.313895][T11912] ? lockdep_hardirqs_on+0x9c/0x150 [ 588.313942][T11912] do_fast_syscall_32+0x34/0x80 [ 588.313969][T11912] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 588.314002][T11912] RIP: 0023:0xf7f17539 [ 588.314026][T11912] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 588.314053][T11912] RSP: 002b:00000000f503655c EFLAGS: 00000206 ORIG_RAX: 0000000000000171 [ 588.314081][T11912] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800023c0 [ 588.314097][T11912] RDX: 0000000000000020 RSI: 0000000000000000 RDI: 0000000080002400 [ 588.314117][T11912] RBP: 0000000000000010 R08: 0000000000000000 R09: 0000000000000000 [ 588.314137][T11912] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 588.314155][T11912] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 588.314199][T11912] [ 588.633990][ C1] vkms_vblank_simulate: vblank timer overrun [ 589.261420][ T5929] usb 4-1: new high-speed USB device number 74 using dummy_hcd [ 589.360048][T11923] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1328'. [ 589.369987][T11925] netlink: 16 bytes leftover after parsing attributes in process `syz.1.1328'. [ 589.419430][ T5929] usb 4-1: Using ep0 maxpacket: 16 [ 589.428631][ T5929] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 589.445164][ T5929] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 589.456540][ T5929] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 589.473202][ T5929] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 589.483678][ T5929] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.492055][ T5929] usb 4-1: Product: syz [ 589.496841][ T5929] usb 4-1: Manufacturer: syz [ 589.501893][ T5929] usb 4-1: SerialNumber: syz [ 589.619123][ T5836] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 589.779317][ T5836] usb 2-1: Using ep0 maxpacket: 8 [ 589.787920][ T5836] usb 2-1: config 1 has an invalid descriptor of length 144, skipping remainder of the config [ 589.799333][ T5836] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 589.808327][ T5836] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 589.829679][ T5836] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 589.844091][ T5836] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 589.854369][ T5836] usb 2-1: Product: syz [ 589.858725][ T5836] usb 2-1: Manufacturer: syz [ 589.864247][ T5836] usb 2-1: SerialNumber: syz [ 589.922656][ T5929] usb 4-1: 2:1 : format type 0 is detected, processed as PCM [ 590.021335][T11927] FAULT_INJECTION: forcing a failure. [ 590.021335][T11927] name failslab, interval 1, probability 0, space 0, times 0 [ 590.034442][T11927] CPU: 0 UID: 0 PID: 11927 Comm: syz.0.1329 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 590.034467][T11927] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 590.034478][T11927] Call Trace: [ 590.034486][T11927] [ 590.034494][T11927] dump_stack_lvl+0x189/0x250 [ 590.034536][T11927] ? __pfx____ratelimit+0x10/0x10 [ 590.034569][T11927] ? __pfx_dump_stack_lvl+0x10/0x10 [ 590.034601][T11927] ? __pfx__printk+0x10/0x10 [ 590.034621][T11927] ? __pfx___might_resched+0x10/0x10 [ 590.034646][T11927] ? fs_reclaim_acquire+0x7d/0x100 [ 590.034678][T11927] should_fail_ex+0x414/0x560 [ 590.034712][T11927] should_failslab+0xa8/0x100 [ 590.034737][T11927] __kmalloc_noprof+0xcb/0x4f0 [ 590.034755][T11927] ? genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 590.034786][T11927] genl_family_rcv_msg_attrs_parse+0xa3/0x2a0 [ 590.034822][T11927] genl_family_rcv_msg_doit+0xb8/0x300 [ 590.034864][T11927] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 590.034902][T11927] ? rcu_is_watching+0x15/0xb0 [ 590.034940][T11927] ? apparmor_capable+0x137/0x1b0 [ 590.034963][T11927] ? bpf_lsm_capable+0x9/0x20 [ 590.034981][T11927] ? security_capable+0x7e/0x2e0 [ 590.035018][T11927] genl_rcv_msg+0x60e/0x790 [ 590.035060][T11927] ? __pfx_genl_rcv_msg+0x10/0x10 [ 590.035089][T11927] ? ref_tracker_free+0x63a/0x7d0 [ 590.035116][T11927] ? __pfx_l2tp_nl_cmd_session_modify+0x10/0x10 [ 590.035138][T11927] ? __pfx_ref_tracker_free+0x10/0x10 [ 590.035187][T11927] netlink_rcv_skb+0x205/0x470 [ 590.035214][T11927] ? __pfx_genl_rcv_msg+0x10/0x10 [ 590.035246][T11927] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 590.035278][T11927] ? down_read+0x1ad/0x2e0 [ 590.035297][T11927] genl_rcv+0x28/0x40 [ 590.035327][T11927] netlink_unicast+0x758/0x8d0 [ 590.035363][T11927] netlink_sendmsg+0x805/0xb30 [ 590.035399][T11927] ? __pfx_netlink_sendmsg+0x10/0x10 [ 590.035422][T11927] ? __import_iovec+0x5d4/0x7f0 [ 590.035436][T11927] ? aa_sock_msg_perm+0x94/0x160 [ 590.035462][T11927] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 590.035491][T11927] ? __pfx_netlink_sendmsg+0x10/0x10 [ 590.035518][T11927] __sock_sendmsg+0x21c/0x270 [ 590.035554][T11927] ____sys_sendmsg+0x505/0x830 [ 590.035580][T11927] ? __pfx_____sys_sendmsg+0x10/0x10 [ 590.035617][T11927] ___sys_sendmsg+0x21f/0x2a0 [ 590.035650][T11927] ? __pfx____sys_sendmsg+0x10/0x10 [ 590.035711][T11927] ? __fget_files+0x2a/0x420 [ 590.035729][T11927] ? __fget_files+0x3a0/0x420 [ 590.035755][T11927] __sys_sendmsg+0x164/0x220 [ 590.035786][T11927] ? __pfx___sys_sendmsg+0x10/0x10 [ 590.035831][T11927] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 590.035863][T11927] ? lockdep_hardirqs_on+0x9c/0x150 [ 590.035888][T11927] __do_fast_syscall_32+0xb6/0x2b0 [ 590.035905][T11927] ? lockdep_hardirqs_on+0x9c/0x150 [ 590.035942][T11927] do_fast_syscall_32+0x34/0x80 [ 590.035965][T11927] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 590.035993][T11927] RIP: 0023:0xf70ce539 [ 590.036013][T11927] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 590.036032][T11927] RSP: 002b:00000000f50be55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 590.036055][T11927] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000040 [ 590.036069][T11927] RDX: 0000000000008040 RSI: 0000000000000000 RDI: 0000000000000000 [ 590.036081][T11927] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 590.036094][T11927] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 590.036108][T11927] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 590.036140][T11927] [ 590.083490][ T5836] cdc_ncm 2-1:1.0: skipping garbage [ 590.347200][ C1] vkms_vblank_simulate: vblank timer overrun [ 590.473599][ T5836] cdc_ncm 2-1:1.0: skipping garbage [ 590.478929][ T5836] cdc_ncm 2-1:1.0: skipping garbage [ 590.484265][ T5836] cdc_ncm 2-1:1.0: CDC Union missing and no IAD found [ 590.588519][ T5836] cdc_ncm 2-1:1.0: bind() failure [ 590.598324][T11929] netlink: 'syz.0.1330': attribute type 2 has an invalid length. [ 590.648467][ T5836] usb 2-1: USB disconnect, device number 84 [ 590.847417][T11937] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1333'. [ 590.883729][ T5929] usb 4-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 590.985888][ T5929] usb 4-1: USB disconnect, device number 74 [ 591.074296][ T5957] udevd[5957]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 591.100454][ T5935] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 591.292909][ T5935] usb 3-1: Using ep0 maxpacket: 16 [ 591.302835][ T5935] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 591.343393][ T5935] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 591.358074][ T5935] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 592.488369][ T5935] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 592.548940][ T5935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 592.609721][ T5935] usb 3-1: Product: syz [ 592.632514][ T5935] usb 3-1: Manufacturer: syz [ 592.668183][ T5935] usb 3-1: SerialNumber: syz [ 593.180535][ T5935] usb 3-1: 2:1 : format type 0 is detected, processed as PCM [ 594.141000][ T5935] usb 3-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 594.297328][ T5935] usb 3-1: USB disconnect, device number 70 [ 594.323680][T11973] batadv0: entered promiscuous mode [ 594.988461][T11990] netlink: 'syz.0.1345': attribute type 10 has an invalid length. [ 595.068103][T11990] netlink: 40 bytes leftover after parsing attributes in process `syz.0.1345'. [ 595.158116][T11990] A link change request failed with some changes committed already. Interface virt_wifi0 may have been left with an inconsistent configuration, please check. [ 595.972685][T12011] FAULT_INJECTION: forcing a failure. [ 595.972685][T12011] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 596.029327][T12011] CPU: 0 UID: 0 PID: 12011 Comm: syz.2.1352 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 596.029362][T12011] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 596.029389][T12011] Call Trace: [ 596.029398][T12011] [ 596.029408][T12011] dump_stack_lvl+0x189/0x250 [ 596.029449][T12011] ? __pfx____ratelimit+0x10/0x10 [ 596.029482][T12011] ? __pfx_dump_stack_lvl+0x10/0x10 [ 596.029517][T12011] ? __pfx__printk+0x10/0x10 [ 596.029544][T12011] ? __might_fault+0xb0/0x130 [ 596.029572][T12011] should_fail_ex+0x414/0x560 [ 596.029605][T12011] _copy_from_user+0x2d/0xb0 [ 596.029629][T12011] move_addr_to_kernel+0x7e/0x160 [ 596.029669][T12011] get_compat_msghdr+0x3bd/0x4a0 [ 596.029705][T12011] ? __pfx_get_compat_msghdr+0x10/0x10 [ 596.029754][T12011] ___sys_sendmsg+0x193/0x2a0 [ 596.029786][T12011] ? __pfx____sys_sendmsg+0x10/0x10 [ 596.029851][T12011] ? __fget_files+0x2a/0x420 [ 596.029875][T12011] ? __fget_files+0x3a0/0x420 [ 596.029923][T12011] __sys_sendmsg+0x164/0x220 [ 596.029954][T12011] ? __pfx___sys_sendmsg+0x10/0x10 [ 596.029997][T12011] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 596.030033][T12011] ? lockdep_hardirqs_on+0x9c/0x150 [ 596.030068][T12011] __do_fast_syscall_32+0xb6/0x2b0 [ 596.030090][T12011] ? lockdep_hardirqs_on+0x9c/0x150 [ 596.030127][T12011] do_fast_syscall_32+0x34/0x80 [ 596.030149][T12011] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 596.030175][T12011] RIP: 0023:0xf7fc1539 [ 596.030195][T12011] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 596.030214][T12011] RSP: 002b:00000000f50e655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 596.030238][T12011] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000200 [ 596.030253][T12011] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 596.030267][T12011] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 596.030280][T12011] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 596.030292][T12011] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 596.030322][T12011] [ 596.538312][T12002] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1350'. [ 597.050130][ T5935] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 597.200622][ T5840] usb 5-1: new high-speed USB device number 93 using dummy_hcd [ 597.239609][ T5935] usb 3-1: Using ep0 maxpacket: 16 [ 597.248281][ T5935] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 597.289466][ T5935] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 597.306623][ T5935] usb 3-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 597.331538][ T5935] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 597.344797][ T5935] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 597.353630][ T5935] usb 3-1: Product: syz [ 597.357933][ T5935] usb 3-1: Manufacturer: syz [ 597.408896][ T5840] usb 5-1: config 0 has no interfaces? [ 597.417206][ T5935] usb 3-1: SerialNumber: syz [ 597.437170][ T5840] usb 5-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 597.510728][ T5840] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 597.626333][ T5840] usb 5-1: Product: syz [ 597.678852][ T5840] usb 5-1: Manufacturer: syz [ 597.720097][ T5840] usb 5-1: SerialNumber: syz [ 597.744673][ T5840] usb 5-1: config 0 descriptor?? [ 597.868103][ T5935] usb 3-1: 2:1 : format type 0 is detected, processed as PCM [ 598.864007][ T5935] usb 3-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 599.061577][ T5935] usb 3-1: USB disconnect, device number 71 [ 599.245036][ T8985] usb 5-1: USB disconnect, device number 93 [ 599.539222][ T5836] usb 1-1: new low-speed USB device number 77 using dummy_hcd [ 599.730842][ T5836] usb 1-1: config 0 has no interfaces? [ 599.765124][ T5836] usb 1-1: New USB device found, idVendor=19b5, idProduct=0021, bcdDevice=98.c7 [ 599.782359][T12065] FAULT_INJECTION: forcing a failure. [ 599.782359][T12065] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 599.796853][ T5836] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 599.828001][T12065] CPU: 0 UID: 0 PID: 12065 Comm: syz.4.1369 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 599.828034][T12065] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 599.828048][T12065] Call Trace: [ 599.828058][T12065] [ 599.828067][T12065] dump_stack_lvl+0x189/0x250 [ 599.828108][T12065] ? __pfx____ratelimit+0x10/0x10 [ 599.828142][T12065] ? __pfx_dump_stack_lvl+0x10/0x10 [ 599.828177][T12065] ? __pfx__printk+0x10/0x10 [ 599.828202][T12065] ? __might_fault+0xb0/0x130 [ 599.828236][T12065] should_fail_ex+0x414/0x560 [ 599.828271][T12065] _copy_from_user+0x2d/0xb0 [ 599.828295][T12065] get_compat_msghdr+0xad/0x4a0 [ 599.828331][T12065] ? __pfx_get_compat_msghdr+0x10/0x10 [ 599.828374][T12065] ___sys_sendmsg+0x193/0x2a0 [ 599.828407][T12065] ? __pfx____sys_sendmsg+0x10/0x10 [ 599.828475][T12065] ? __fget_files+0x2a/0x420 [ 599.828499][T12065] ? __fget_files+0x3a0/0x420 [ 599.828535][T12065] __sys_sendmsg+0x164/0x220 [ 599.828566][T12065] ? __pfx___sys_sendmsg+0x10/0x10 [ 599.828611][T12065] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 599.828656][T12065] ? lockdep_hardirqs_on+0x9c/0x150 [ 599.828692][T12065] __do_fast_syscall_32+0xb6/0x2b0 [ 599.828714][T12065] ? lockdep_hardirqs_on+0x9c/0x150 [ 599.828752][T12065] do_fast_syscall_32+0x34/0x80 [ 599.828773][T12065] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 599.828801][T12065] RIP: 0023:0xf70be539 [ 599.828819][T12065] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 599.828839][T12065] RSP: 002b:00000000f50ae55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 599.828863][T12065] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800006c0 [ 599.828879][T12065] RDX: 000000000404c0e0 RSI: 0000000000000000 RDI: 0000000000000000 [ 599.828893][T12065] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 599.828907][T12065] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 599.828921][T12065] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 599.828952][T12065] [ 600.076292][ T5836] usb 1-1: config 0 descriptor?? [ 600.398526][ T5836] usb 1-1: USB disconnect, device number 77 [ 601.497649][T12096] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 601.616067][T12097] vlan2: entered allmulticast mode [ 601.634240][T12097] mac80211_hwsim hwsim4 wlan0: entered allmulticast mode [ 601.662360][T12102] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1380'. [ 601.809179][ T5929] usb 1-1: new high-speed USB device number 78 using dummy_hcd [ 601.979224][ T5929] usb 1-1: Using ep0 maxpacket: 16 [ 601.993900][ T5929] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 602.029476][ T5929] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 602.057576][ T5929] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 602.096980][ T5929] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 602.185832][ T5929] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 602.274613][ T5929] usb 1-1: Product: syz [ 602.292983][ T5929] usb 1-1: Manufacturer: syz [ 602.306682][ T5929] usb 1-1: SerialNumber: syz [ 602.785795][ T5929] usb 1-1: 2:1 : format type 0 is detected, processed as PCM [ 603.013577][T12116] netlink: 256 bytes leftover after parsing attributes in process `syz.3.1384'. [ 603.200491][T12120] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1385'. [ 603.614764][ T5929] usb 1-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 603.679459][ T5929] usb 1-1: USB disconnect, device number 78 [ 604.219446][ T5929] usb 4-1: new high-speed USB device number 75 using dummy_hcd [ 604.359422][ T5840] usb 5-1: new high-speed USB device number 94 using dummy_hcd [ 604.449129][ T5929] usb 4-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 604.494621][ T5929] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 604.519677][ T5929] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 604.556132][ T5929] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 604.572199][ T5840] usb 5-1: Using ep0 maxpacket: 32 [ 604.589602][ T5840] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 604.618685][ T5840] usb 5-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 604.646680][ T5929] usb 4-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 604.656501][ T5840] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 604.725396][ T5840] usb 5-1: Product: syz [ 604.730174][ T5929] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 604.753734][ T5840] usb 5-1: Manufacturer: syz [ 604.804025][ T5840] usb 5-1: SerialNumber: syz [ 604.815342][ T5929] usb 4-1: config 0 descriptor?? [ 604.844252][ T5840] usb 5-1: config 0 descriptor?? [ 604.851615][T12143] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 604.887972][ T5840] usb 5-1: bad CDC descriptors [ 604.949190][ T5840] usb 5-1: unsupported MDLM descriptors [ 605.009311][ T5836] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 605.172129][ T5836] usb 3-1: Using ep0 maxpacket: 16 [ 605.240050][T12161] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 605.295485][T12161] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 605.304153][ T5929] plantronics 0003:047F:FFFF.0016: No inputs registered, leaving [ 605.490191][ T5929] plantronics 0003:047F:FFFF.0016: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.3-1/input0 [ 605.637762][ T5839] Bluetooth: hci4: command 0x0c1a tx timeout [ 605.813903][ T5929] usb 5-1: USB disconnect, device number 94 [ 606.679606][ T5929] usb 4-1: reset high-speed USB device number 75 using dummy_hcd [ 606.963827][ T5929] usb 4-1: device descriptor read/64, error -32 [ 607.388954][T12172] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1396'. [ 607.524231][ T5929] usb 4-1: reset high-speed USB device number 75 using dummy_hcd [ 607.699549][ T5929] usb 4-1: device descriptor read/64, error -32 [ 607.809266][ T5914] usb 1-1: new high-speed USB device number 79 using dummy_hcd [ 607.930847][ T5839] Bluetooth: hci4: Ignoring HCI_Connection_Complete for existing connection [ 607.959202][ T5914] usb 1-1: device descriptor read/64, error -71 [ 607.993204][T12183] syzkaller1: entered promiscuous mode [ 608.018174][T12183] syzkaller1: entered allmulticast mode [ 608.029795][T12169] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1395'. [ 608.249295][ T5914] usb 1-1: new high-speed USB device number 80 using dummy_hcd [ 608.438314][ T5836] usb 3-1: unable to get BOS descriptor or descriptor too short [ 608.459163][ T5914] usb 1-1: device descriptor read/64, error -71 [ 608.465500][ T5932] usb 5-1: new high-speed USB device number 95 using dummy_hcd [ 608.565970][ T5836] usb 3-1: unable to read config index 0 descriptor/start: -71 [ 608.580759][ T10] usb 4-1: USB disconnect, device number 75 [ 608.748473][ T5914] usb usb1-port1: attempt power cycle [ 608.822829][ T5836] usb 3-1: can't read configurations, error -71 [ 608.849191][ T5932] usb 5-1: Using ep0 maxpacket: 8 [ 608.875794][ T5932] usb 5-1: config 0 has 1 interface, different from the descriptor's value: 3 [ 608.925380][ T5932] usb 5-1: New USB device found, idVendor=1660, idProduct=0932, bcdDevice=80.ea [ 609.012978][ T5932] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 609.155342][ T5932] usb 5-1: Product: syz [ 609.376221][ T5914] usb 1-1: new high-speed USB device number 81 using dummy_hcd [ 609.420837][ T5932] usb 5-1: Manufacturer: syz [ 609.437155][ T5932] usb 5-1: SerialNumber: syz [ 609.444136][ T5914] usb 1-1: device descriptor read/8, error -71 [ 609.470362][ T5932] usb 5-1: config 0 descriptor?? [ 609.493413][ T5932] dvb-usb: found a 'Medion MD95700 (MDUSBTV-HYBRID)' in warm state. [ 609.501807][ T5932] usb 5-1: setting power ON [ 609.515170][ T5932] dvb-usb: bulk message failed: -22 (2/0) [ 609.539792][ T5932] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 609.565696][ T5932] dvbdev: DVB: registering new adapter (Medion MD95700 (MDUSBTV-HYBRID)) [ 609.590047][ T5932] usb 5-1: media controller created [ 609.672318][ T5932] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 609.708894][T12187] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1401'. [ 609.718941][ T5914] usb 1-1: new high-speed USB device number 82 using dummy_hcd [ 609.729120][ T5931] usb 2-1: new high-speed USB device number 86 using dummy_hcd [ 609.769870][ T5914] usb 1-1: device descriptor read/8, error -71 [ 609.776952][T12187] dvb-usb: bulk message failed: -22 (3/0) [ 609.786121][T12187] dvb-usb: bulk message failed: -22 (5/0) [ 609.800833][ T5932] usb 5-1: selecting invalid altsetting 6 [ 609.808760][ T5932] usb 5-1: digital interface selection failed (-22) [ 609.868318][ T5932] dvb-usb: no frontend was attached by 'Medion MD95700 (MDUSBTV-HYBRID)' [ 609.877970][ T5932] usb 5-1: setting power OFF [ 609.877989][ T5932] dvb-usb: bulk message failed: -22 (2/0) [ 609.878002][ T5932] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully initialized and connected. [ 609.878013][ T5932] (NULL device *): no alternate interface [ 609.901117][ T5914] usb usb1-port1: unable to enumerate USB device [ 609.933568][ T5931] usb 2-1: Using ep0 maxpacket: 16 [ 609.948187][ T5931] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 609.948232][ T5931] usb 2-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 609.948275][ T5931] usb 2-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 609.951513][ T5931] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 609.951551][ T5931] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 609.951577][ T5931] usb 2-1: Product: syz [ 609.951597][ T5931] usb 2-1: Manufacturer: syz [ 609.951618][ T5931] usb 2-1: SerialNumber: syz [ 610.463765][ T5931] usb 2-1: 2:1 : format type 0 is detected, processed as PCM [ 611.699301][ T5932] dvb-usb: Medion MD95700 (MDUSBTV-HYBRID) successfully deinitialized and disconnected. [ 611.750709][ T5932] usb 5-1: USB disconnect, device number 95 [ 611.872813][T12214] netlink: 256 bytes leftover after parsing attributes in process `syz.4.1408'. [ 612.447425][T12218] FAULT_INJECTION: forcing a failure. [ 612.447425][T12218] name failslab, interval 1, probability 0, space 0, times 0 [ 612.585717][T12218] CPU: 1 UID: 0 PID: 12218 Comm: syz.4.1409 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 612.585751][T12218] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 612.585766][T12218] Call Trace: [ 612.585775][T12218] [ 612.585786][T12218] dump_stack_lvl+0x189/0x250 [ 612.585830][T12218] ? __pfx____ratelimit+0x10/0x10 [ 612.585864][T12218] ? __pfx_dump_stack_lvl+0x10/0x10 [ 612.585899][T12218] ? __pfx__printk+0x10/0x10 [ 612.585930][T12218] ? __pfx___might_resched+0x10/0x10 [ 612.585963][T12218] ? fs_reclaim_acquire+0x7d/0x100 [ 612.585996][T12218] should_fail_ex+0x414/0x560 [ 612.586030][T12218] should_failslab+0xa8/0x100 [ 612.586056][T12218] kmem_cache_alloc_noprof+0x73/0x3c0 [ 612.586091][T12218] ? skb_clone+0x212/0x3a0 [ 612.586127][T12218] skb_clone+0x212/0x3a0 [ 612.586155][T12218] ? nfnetlink_rcv+0x486/0x2520 [ 612.586191][T12218] nfnetlink_rcv+0x4b4/0x2520 [ 612.586247][T12218] ? __dev_queue_xmit+0x1cd7/0x3a70 [ 612.586284][T12218] ? kmem_cache_alloc_noprof+0x1c1/0x3c0 [ 612.586323][T12218] ? __dev_queue_xmit+0x27e/0x3a70 [ 612.586355][T12218] ? do_fast_syscall_32+0x34/0x80 [ 612.586387][T12218] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 612.586439][T12218] ? ref_tracker_free+0x63a/0x7d0 [ 612.586468][T12218] ? __copy_skb_header+0xa7/0x550 [ 612.586499][T12218] ? __pfx_ref_tracker_free+0x10/0x10 [ 612.586535][T12218] ? __skb_clone+0x63/0x7a0 [ 612.586569][T12218] ? __skb_clone+0x483/0x7a0 [ 612.586606][T12218] ? skb_clone+0x246/0x3a0 [ 612.586639][T12218] ? __netlink_deliver_tap+0x807/0x850 [ 612.586666][T12218] ? netlink_deliver_tap+0x2e/0x1b0 [ 612.586699][T12218] ? netlink_deliver_tap+0x2e/0x1b0 [ 612.586725][T12218] ? netlink_deliver_tap+0x2e/0x1b0 [ 612.586757][T12218] netlink_unicast+0x758/0x8d0 [ 612.586793][T12218] netlink_sendmsg+0x805/0xb30 [ 612.586831][T12218] ? __pfx_netlink_sendmsg+0x10/0x10 [ 612.586861][T12218] ? __import_iovec+0x5d4/0x7f0 [ 612.586881][T12218] ? aa_sock_msg_perm+0x94/0x160 [ 612.586913][T12218] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 612.586943][T12218] ? __pfx_netlink_sendmsg+0x10/0x10 [ 612.586971][T12218] __sock_sendmsg+0x21c/0x270 [ 612.587009][T12218] ____sys_sendmsg+0x505/0x830 [ 612.587045][T12218] ? __pfx_____sys_sendmsg+0x10/0x10 [ 612.587091][T12218] ___sys_sendmsg+0x21f/0x2a0 [ 612.587123][T12218] ? __pfx____sys_sendmsg+0x10/0x10 [ 612.587191][T12218] ? __fget_files+0x2a/0x420 [ 612.587215][T12218] ? __fget_files+0x3a0/0x420 [ 612.587252][T12218] __sys_sendmsg+0x164/0x220 [ 612.587284][T12218] ? __pfx___sys_sendmsg+0x10/0x10 [ 612.587321][T12218] ? rcu_is_watching+0x15/0xb0 [ 612.587360][T12218] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 612.587395][T12218] ? lockdep_hardirqs_on+0x9c/0x150 [ 612.587431][T12218] __do_fast_syscall_32+0xb6/0x2b0 [ 612.587453][T12218] ? lockdep_hardirqs_on+0x9c/0x150 [ 612.587501][T12218] do_fast_syscall_32+0x34/0x80 [ 612.587527][T12218] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 612.587554][T12218] RIP: 0023:0xf70be539 [ 612.587573][T12218] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 612.587591][T12218] RSP: 002b:00000000f50ae55c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 612.587613][T12218] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0 [ 612.587628][T12218] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000000000000 [ 612.587641][T12218] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 612.587654][T12218] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 612.587667][T12218] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 612.587697][T12218] [ 612.948748][ C1] vkms_vblank_simulate: vblank timer overrun [ 613.510362][ T5931] usb 2-1: 2:1: cannot set freq 9338507 to ep 0x82 [ 613.689117][ T5931] usb 2-1: USB disconnect, device number 86 [ 613.874355][ T5957] udevd[5957]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 614.111598][T12226] IPVS: set_ctl: invalid protocol: 59 172.20.20.38:20001 [ 614.154398][T12226] netlink: 92 bytes leftover after parsing attributes in process `syz.0.1412'. [ 614.466437][T12231] sg_write: data in/out 64380/1 bytes for SCSI command 0x1c-- guessing data in; [ 614.466437][T12231] program syz.4.1415 not setting count and/or reply_len properly [ 614.829335][ T5914] usb 5-1: new high-speed USB device number 96 using dummy_hcd [ 614.979284][ T5914] usb 5-1: device descriptor read/64, error -71 [ 615.176621][ T5929] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 615.269609][ T5914] usb 5-1: new high-speed USB device number 97 using dummy_hcd [ 615.349122][ T5929] usb 2-1: Using ep0 maxpacket: 16 [ 615.365173][ T5929] usb 2-1: config 0 has an invalid interface number: 251 but max is 0 [ 615.382431][ T5929] usb 2-1: config 0 has no interface number 0 [ 615.392120][ T5929] usb 2-1: config 0 interface 251 altsetting 0 bulk endpoint 0x4 has invalid maxpacket 16 [ 615.569511][ T5914] usb 5-1: device descriptor read/64, error -71 [ 615.610505][ T5929] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 615.679070][ T5929] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 615.681072][ T5914] usb usb5-port1: attempt power cycle [ 615.710576][ T5929] usb 2-1: Product: syz [ 615.714837][ T5929] usb 2-1: Manufacturer: syz [ 615.739071][ T5929] usb 2-1: SerialNumber: syz [ 615.777830][ T5929] usb 2-1: config 0 descriptor?? [ 615.783598][T12243] raw-gadget.1 gadget.1: fail, usb_ep_enable returned -22 [ 615.794188][ T5929] asix 2-1:0.251: probe with driver asix failed with error -22 [ 616.109186][ T5914] usb 5-1: new high-speed USB device number 98 using dummy_hcd [ 616.280967][ T5914] usb 5-1: device descriptor read/8, error -71 [ 616.649639][ T5914] usb 5-1: new high-speed USB device number 99 using dummy_hcd [ 616.692629][ T5914] usb 5-1: device descriptor read/8, error -71 [ 616.870525][ T5914] usb usb5-port1: unable to enumerate USB device [ 617.311048][T12274] vxcan0: tx drop: invalid sa for name 0x0000000002000000 [ 617.722970][T12280] netlink: 16 bytes leftover after parsing attributes in process `syz.4.1431'. [ 617.960410][ T5840] usb 2-1: USB disconnect, device number 87 [ 621.520077][T12319] sit0: entered promiscuous mode [ 621.532866][T12319] netlink: 'syz.0.1441': attribute type 1 has an invalid length. [ 621.541100][T12319] netlink: 1 bytes leftover after parsing attributes in process `syz.0.1441'. [ 622.423555][T12319] batman_adv: batadv0: Interface deactivated: virt_wifi0 [ 622.589387][ T5840] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 622.782601][ T5840] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 622.798222][ T5840] usb 2-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 622.825277][ T5840] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 622.857948][ T5840] usb 2-1: config 0 descriptor?? [ 622.943572][ T5840] pwc: Askey VC010 type 2 USB webcam detected. [ 623.294969][ T5840] pwc: recv_control_msg error -32 req 02 val 2b00 [ 623.310214][ T5840] pwc: recv_control_msg error -32 req 02 val 2700 [ 623.328673][ T5840] pwc: recv_control_msg error -32 req 02 val 2c00 [ 623.347753][ T5840] pwc: recv_control_msg error -32 req 04 val 1000 [ 623.363257][ T5840] pwc: recv_control_msg error -32 req 04 val 1300 [ 623.376342][ T5840] pwc: recv_control_msg error -32 req 04 val 1400 [ 623.589539][ T5840] pwc: recv_control_msg error -32 req 02 val 2100 [ 623.598951][ T5840] pwc: recv_control_msg error -32 req 04 val 1500 [ 623.609546][ T5840] pwc: recv_control_msg error -32 req 02 val 2500 [ 623.650705][T12350] netlink: 8 bytes leftover after parsing attributes in process `syz.3.1449'. [ 623.669600][T12350] netlink: 20 bytes leftover after parsing attributes in process `syz.3.1449'. [ 623.818547][ T5840] pwc: recv_control_msg error -71 req 02 val 2600 [ 623.832121][ T5840] pwc: recv_control_msg error -71 req 02 val 2900 [ 623.842176][ T5840] pwc: recv_control_msg error -71 req 02 val 2800 [ 623.852515][ T5840] pwc: recv_control_msg error -71 req 04 val 1100 [ 623.867767][ T5840] pwc: recv_control_msg error -71 req 04 val 1200 [ 623.925282][ T5840] pwc: Registered as video103. [ 623.965053][ T5840] input: PWC snapshot button as /devices/platform/dummy_hcd.1/usb2/2-1/input/input28 [ 624.047099][ T5840] usb 2-1: USB disconnect, device number 88 [ 624.758786][T12382] loop6: detected capacity change from 0 to 63 [ 625.124499][T12389] syzkaller0: entered promiscuous mode [ 625.140237][T12389] syzkaller0: entered allmulticast mode [ 626.028177][T12420] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1464'. [ 626.286717][T12429] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1468'. [ 626.307931][T12429] netlink: 12 bytes leftover after parsing attributes in process `syz.1.1468'. [ 626.757747][ T5837] Bluetooth: hci4: ACL packet for unknown connection handle 201 [ 628.912304][T12475] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1479'. [ 629.003892][ T30] audit: type=1326 audit(1749986106.093:2007): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12479 comm="syz.4.1481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 629.101215][ T30] audit: type=1326 audit(1749986106.093:2008): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12479 comm="syz.4.1481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 629.158090][T12475] bridge_slave_1 (unregistering): left allmulticast mode [ 629.158548][ T30] audit: type=1326 audit(1749986106.133:2009): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12479 comm="syz.4.1481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=42 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 629.168089][T12475] bridge_slave_1 (unregistering): left promiscuous mode [ 629.199860][T12475] bridge0: port 2(bridge_slave_1) entered disabled state [ 629.221374][ T30] audit: type=1326 audit(1749986106.133:2010): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12479 comm="syz.4.1481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 629.277562][ T30] audit: type=1326 audit(1749986106.133:2011): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12479 comm="syz.4.1481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 629.403039][ T30] audit: type=1326 audit(1749986106.133:2012): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12479 comm="syz.4.1481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=357 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 629.545158][ T30] audit: type=1326 audit(1749986106.133:2013): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12479 comm="syz.4.1481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 629.607514][ T1306] ieee802154 phy0 wpan0: encryption failed: -22 [ 629.626771][ T1306] ieee802154 phy1 wpan1: encryption failed: -22 [ 629.669060][ T30] audit: type=1326 audit(1749986106.133:2014): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12479 comm="syz.4.1481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 629.707067][ T30] audit: type=1326 audit(1749986106.143:2015): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12479 comm="syz.4.1481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 629.745480][T12498] netlink: 'syz.1.1484': attribute type 3 has an invalid length. [ 629.756168][ T30] audit: type=1326 audit(1749986106.143:2016): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12479 comm="syz.4.1481" exe="/root/syz-executor" sig=0 arch=40000003 syscall=295 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 629.777668][T12498] netlink: 100 bytes leftover after parsing attributes in process `syz.1.1484'. [ 630.342578][ T5914] usb 1-1: new high-speed USB device number 83 using dummy_hcd [ 630.509446][ T5931] usb 4-1: new high-speed USB device number 76 using dummy_hcd [ 630.547991][ T5914] usb 1-1: New USB device found, idVendor=046d, idProduct=0870, bcdDevice=61.47 [ 630.569705][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.590826][ T5914] usb 1-1: config 0 descriptor?? [ 630.618492][ T5914] gspca_main: STV06xx-2.14.0 probing 046d:0870 [ 630.709217][ T5931] usb 4-1: Using ep0 maxpacket: 32 [ 630.726642][ T5931] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 630.758194][ T5931] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 630.788133][ T5931] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 630.831743][ T5931] usb 4-1: New USB device found, idVendor=0458, idProduct=5011, bcdDevice= 0.00 [ 630.889099][ T5931] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 630.914702][ T5931] usb 4-1: config 0 descriptor?? [ 630.979640][ T5837] Bluetooth: hci3: ISO packet for unknown connection handle 0 [ 631.369337][ T5932] usb 5-1: new high-speed USB device number 100 using dummy_hcd [ 631.422593][ T5931] input: HID 0458:5011 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5011.0017/input/input29 [ 631.459616][ T10] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 631.547319][ T5931] input: HID 0458:5011 as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:0458:5011.0017/input/input30 [ 631.559142][ T5932] usb 5-1: Using ep0 maxpacket: 16 [ 631.607095][ T5932] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 631.638568][ T5932] usb 5-1: New USB device found, idVendor=0458, idProduct=5016, bcdDevice= 0.00 [ 631.654242][ T10] usb 3-1: Using ep0 maxpacket: 16 [ 631.679611][ T5932] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 631.687788][ T10] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 631.717571][ T10] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 631.722109][ T5932] usb 5-1: config 0 descriptor?? [ 631.798968][ T10] usb 3-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 631.800742][ T5931] kye 0003:0458:5011.0017: input,hiddev0,hidraw0: USB HID v0.00 Mouse [HID 0458:5011] on usb-dummy_hcd.3-1/input0 [ 631.825158][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 631.867658][ T10] usb 3-1: Product: syz [ 631.890795][ T10] usb 3-1: Manufacturer: syz [ 631.914318][ T10] usb 3-1: SerialNumber: syz [ 631.946645][ T10] usb 3-1: config 0 descriptor?? [ 631.973339][ T10] em28xx 3-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 632.007643][ T10] em28xx 3-1:0.0: Audio interface 0 found (Vendor Class) [ 632.044160][ T5914] gspca_stv06xx: HDCS-1020 sensor detected [ 632.090710][ T5931] usb 4-1: USB disconnect, device number 76 [ 632.176973][ T5932] kye 0003:0458:5016.0018: control desc unexpectedly large [ 632.210929][ T5932] input: HID 0458:5016 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5016.0018/input/input31 [ 632.386483][ T5932] input: HID 0458:5016 as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.0/0003:0458:5016.0018/input/input32 [ 632.491289][ T5932] kye 0003:0458:5016.0018: input,hiddev0,hidraw0: USB HID v0.09 Device [HID 0458:5016] on usb-dummy_hcd.4-1/input0 [ 632.510593][ T5914] STV06xx 1-1:0.0: probe with driver STV06xx failed with error -71 [ 632.559463][ T5914] usb 1-1: USB disconnect, device number 83 [ 632.591471][ T10] em28xx 3-1:0.0: unknown em28xx chip ID (0) [ 632.610096][ T10] em28xx 3-1:0.0: Config register raw data: 0xfffffffb [ 632.801708][T12563] kvm: apic: phys broadcast and lowest prio [ 632.826377][ T5840] usb 5-1: USB disconnect, device number 100 [ 633.247252][ T10] em28xx 3-1:0.0: Unknown AC97 audio processor detected! [ 633.261886][ T10] em28xx 3-1:0.0: couldn't setup AC97 register 2 [ 633.298300][T12575] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1507'. [ 633.299818][ T10] em28xx 3-1:0.0: couldn't setup AC97 register 4 [ 633.320375][ T10] em28xx 3-1:0.0: couldn't setup AC97 register 6 [ 633.333881][T12574] netlink: 44 bytes leftover after parsing attributes in process `syz.1.1507'. [ 633.935710][ T10] em28xx 3-1:0.0: couldn't setup AC97 register 56 [ 633.980811][ T10] usb 3-1: USB disconnect, device number 74 [ 634.085570][ T30] kauditd_printk_skb: 15 callbacks suppressed [ 634.085590][ T30] audit: type=1326 audit(1749986111.173:2032): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12596 comm="syz.4.1519" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 634.149198][ T5935] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 634.151787][ T30] audit: type=1326 audit(1749986111.173:2033): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12596 comm="syz.4.1519" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 634.184823][ T30] audit: type=1326 audit(1749986111.213:2034): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12596 comm="syz.4.1519" exe="/root/syz-executor" sig=0 arch=40000003 syscall=359 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 634.224147][ T30] audit: type=1326 audit(1749986111.213:2035): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12596 comm="syz.4.1519" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 634.299823][ T30] audit: type=1326 audit(1749986111.213:2036): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12596 comm="syz.4.1519" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 634.326737][ T30] audit: type=1326 audit(1749986111.223:2037): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12596 comm="syz.4.1519" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 634.350100][ T5935] usb 2-1: Using ep0 maxpacket: 8 [ 634.367007][ T5935] usb 2-1: New USB device found, idVendor=1557, idProduct=7720, bcdDevice=b7.eb [ 634.376785][ T5935] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 634.387220][ T30] audit: type=1326 audit(1749986111.223:2038): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=12596 comm="syz.4.1519" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70be539 code=0x7ffc0000 [ 634.412303][ T5935] usb 2-1: config 0 descriptor?? [ 634.638414][ T5935] asix 2-1:0.0 (unnamed net_device) (uninitialized): invalid hw address, using random [ 634.725555][T12617] sctp: [Deprecated]: syz.2.1527 (pid 12617) Use of struct sctp_assoc_value in delayed_ack socket option. [ 634.725555][T12617] Use struct sctp_sack_info instead [ 635.215192][T12629] syz.3.1524 calls setitimer() with new_value NULL pointer. Misfeature support will be removed [ 635.349332][ T5931] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 635.568584][ T5931] usb 5-1: Using ep0 maxpacket: 8 [ 635.578886][ T5931] usb 5-1: too many configurations: 109, using maximum allowed: 8 [ 635.617669][ T5931] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 635.636161][ T5931] usb 5-1: can't read configurations, error -61 [ 635.846221][ T5931] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 635.970406][T12648] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1540'. [ 636.029715][ T5931] usb 5-1: Using ep0 maxpacket: 8 [ 636.037703][ T5931] usb 5-1: too many configurations: 109, using maximum allowed: 8 [ 636.048190][ T5931] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 636.069262][ T5931] usb 5-1: can't read configurations, error -61 [ 636.083469][ T5931] usb usb5-port1: attempt power cycle [ 636.109203][ T10] usb 3-1: new high-speed USB device number 75 using dummy_hcd [ 636.279325][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 636.293198][ T10] usb 3-1: config 0 has an invalid interface number: 150 but max is 0 [ 636.308750][ T10] usb 3-1: config 0 has an invalid interface number: 112 but max is 0 [ 636.317453][ T10] usb 3-1: config 0 has an invalid interface number: 3 but max is 0 [ 636.327385][ T10] usb 3-1: config 0 has 3 interfaces, different from the descriptor's value: 1 [ 636.337204][ T10] usb 3-1: config 0 has no interface number 0 [ 636.346159][ T10] usb 3-1: config 0 has no interface number 1 [ 636.359456][ T10] usb 3-1: config 0 has no interface number 2 [ 636.365762][ T10] usb 3-1: config 0 interface 150 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 636.384388][ T10] usb 3-1: too many endpoints for config 0 interface 112 altsetting 233: 104, using maximum allowed: 30 [ 636.396432][ T10] usb 3-1: config 0 interface 112 altsetting 233 has 1 endpoint descriptor, different from the interface descriptor's value: 104 [ 636.411557][ T10] usb 3-1: config 0 interface 150 has no altsetting 0 [ 636.418399][ T10] usb 3-1: config 0 interface 112 has no altsetting 0 [ 636.425755][ T10] usb 3-1: New USB device found, idVendor=1395, idProduct=0300, bcdDevice=81.75 [ 636.435944][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.449274][ T5931] usb 5-1: new high-speed USB device number 103 using dummy_hcd [ 636.471680][ T10] usb 3-1: config 0 descriptor?? [ 636.480248][ T5931] usb 5-1: Using ep0 maxpacket: 8 [ 636.489703][ T5931] usb 5-1: too many configurations: 109, using maximum allowed: 8 [ 636.501691][ T5931] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 636.513430][ T5931] usb 5-1: can't read configurations, error -61 [ 636.520478][ T5914] usb 1-1: new full-speed USB device number 84 using dummy_hcd [ 636.661813][ T5931] usb 5-1: new high-speed USB device number 104 using dummy_hcd [ 636.671072][ T5935] asix 2-1:0.0 (unnamed net_device) (uninitialized): Failed to write reg index 0x0000: -71 [ 636.684211][ T5935] asix 2-1:0.0: probe with driver asix failed with error -71 [ 636.700367][ T5931] usb 5-1: Using ep0 maxpacket: 8 [ 636.707280][ T5914] usb 1-1: config 0 has an invalid interface number: 1 but max is 0 [ 636.725896][ T5931] usb 5-1: too many configurations: 109, using maximum allowed: 8 [ 636.733496][ T5935] usb 2-1: USB disconnect, device number 89 [ 636.738553][ T5914] usb 1-1: config 0 has no interface number 0 [ 636.768516][ T5931] usb 5-1: unable to read config index 0 descriptor/start: -61 [ 636.786765][ T10] usb 3-1: string descriptor 0 read error: -71 [ 636.792991][ T5914] usb 1-1: New USB device found, idVendor=0b48, idProduct=1005, bcdDevice=8c.1e [ 636.811468][ T5931] usb 5-1: can't read configurations, error -61 [ 636.823148][ T5914] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 636.842579][ T5931] usb usb5-port1: unable to enumerate USB device [ 636.843144][ T10] usb 3-1: USB disconnect, device number 75 [ 636.862990][ T5914] usb 1-1: config 0 descriptor?? [ 636.893313][ T5914] usb 1-1: selecting invalid altsetting 1 [ 636.901537][ T5914] dvb_ttusb_budget: ttusb_init_controller: error [ 636.907933][ T5914] dvbdev: DVB: registering new adapter (Technotrend/Hauppauge Nova-USB) [ 636.944790][T12666] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1548'. [ 637.014878][ T5914] DVB: Unable to find symbol cx22700_attach() [ 637.058731][ T5914] DVB: Unable to find symbol tda10046_attach() [ 637.066044][ T5914] dvb_ttusb_budget: no frontend driver found for device [0b48:1005] [ 637.091738][ T5914] usb 1-1: USB disconnect, device number 84 [ 637.437411][T12677] netlink: 'syz.1.1553': attribute type 2 has an invalid length. [ 637.532289][T12681] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1554'. [ 637.782526][T12689] netlink: 664 bytes leftover after parsing attributes in process `syz.0.1558'. [ 638.027897][ T1163] ------------[ cut here ]------------ [ 638.030294][T12699] netlink: 'syz.3.1564': attribute type 10 has an invalid length. [ 638.033720][ T1163] RTNL: assertion failed at ./include/net/netdev_lock.h (72) [ 638.145191][ T1163] WARNING: CPU: 1 PID: 1163 at ./include/net/netdev_lock.h:72 __linkwatch_sync_dev+0x303/0x350 [ 638.155823][ T1163] Modules linked in: [ 638.160271][ T1163] CPU: 1 UID: 0 PID: 1163 Comm: kworker/u8:7 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 638.172616][ T1163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 638.182803][ T1163] Workqueue: bond0 bond_mii_monitor [ 638.188072][ T1163] RIP: 0010:__linkwatch_sync_dev+0x303/0x350 [ 638.194194][ T1163] Code: 7c fe ff ff e8 4e bc 69 f8 c6 05 f5 6d 34 06 01 90 48 c7 c7 80 b8 92 8c 48 c7 c6 7a 97 9c 8d ba 48 00 00 00 e8 ee 66 2d f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff [ 638.214044][ T1163] RSP: 0018:ffffc90003c6f670 EFLAGS: 00010246 [ 638.220451][ T1163] RAX: 679e7087d098ab00 RBX: ffff88807ce84000 RCX: ffff888027149e00 [ 638.228525][ T1163] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 638.236621][ T1163] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 [ 638.244825][ T1163] R10: dffffc0000000000 R11: fffffbfff1bfa9e4 R12: 1ffff1100f9d085d [ 638.252941][ T1163] R13: dffffc0000000000 R14: ffffffff8c1c4608 R15: 0000000000000000 [ 638.261020][ T1163] FS: 0000000000000000(0000) GS:ffff888125d51000(0000) knlGS:0000000000000000 [ 638.270366][ T1163] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 638.277003][ T1163] CR2: 0000000080000080 CR3: 0000000033516000 CR4: 00000000003526f0 [ 638.285163][ T1163] DR0: 0000000000000000 DR1: 0000000000000000 DR2: 0000000000000000 [ 638.293238][ T1163] DR3: 0000000000000000 DR6: 00000000fffe0ff0 DR7: 0000000000000400 [ 638.301379][ T1163] Call Trace: [ 638.304704][ T1163] [ 638.307680][ T1163] ? ethtool_op_get_link+0xd/0x70 [ 638.312839][ T1163] ethtool_op_get_link+0x15/0x70 [ 638.317830][ T1163] bond_check_dev_link+0x444/0x6c0 [ 638.323054][ T1163] ? __pfx_bond_check_dev_link+0x10/0x10 [ 638.328755][ T1163] ? netdev_lower_get_next_private_rcu+0x9f/0x100 [ 638.335348][ T1163] bond_mii_monitor+0x428/0x2e00 [ 638.340407][ T1163] ? bond_mii_monitor+0x153/0x2e00 [ 638.345606][ T1163] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 638.351465][ T1163] ? __pfx_bond_mii_monitor+0x10/0x10 [ 638.356897][ T1163] ? irqentry_exit+0x74/0x90 [ 638.361580][ T1163] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.366850][ T1163] ? process_scheduled_works+0x9ef/0x17b0 [ 638.372704][ T1163] ? lock_acquire+0x175/0x360 [ 638.377448][ T1163] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.382837][ T1163] ? process_scheduled_works+0x9ef/0x17b0 [ 638.388617][ T1163] ? process_scheduled_works+0x9ef/0x17b0 [ 638.394542][ T1163] process_scheduled_works+0xae1/0x17b0 [ 638.400398][ T1163] ? __pfx_process_scheduled_works+0x10/0x10 [ 638.406459][ T1163] worker_thread+0x8a0/0xda0 [ 638.411218][ T1163] kthread+0x70e/0x8a0 [ 638.415347][ T1163] ? __pfx_worker_thread+0x10/0x10 [ 638.420581][ T1163] ? __pfx_kthread+0x10/0x10 [ 638.425233][ T1163] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.430533][ T1163] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.435788][ T1163] ? __pfx_kthread+0x10/0x10 [ 638.440456][ T1163] ret_from_fork+0x3fc/0x770 [ 638.445104][ T1163] ? __pfx_ret_from_fork+0x10/0x10 [ 638.450355][ T1163] ? __switch_to_asm+0x39/0x70 [ 638.455699][ T1163] ? __switch_to_asm+0x33/0x70 [ 638.460555][ T1163] ? __pfx_kthread+0x10/0x10 [ 638.465196][ T1163] ret_from_fork_asm+0x1a/0x30 [ 638.470093][ T1163] [ 638.473151][ T1163] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 638.480465][ T1163] CPU: 1 UID: 0 PID: 1163 Comm: kworker/u8:7 Not tainted 6.16.0-rc1-syzkaller-00236-g8c6bc74c7f89 #0 PREEMPT(full) [ 638.492660][ T1163] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 638.502744][ T1163] Workqueue: bond0 bond_mii_monitor [ 638.508003][ T1163] Call Trace: [ 638.511327][ T1163] [ 638.514302][ T1163] dump_stack_lvl+0x99/0x250 [ 638.519053][ T1163] ? __asan_memcpy+0x40/0x70 [ 638.523706][ T1163] ? __pfx_dump_stack_lvl+0x10/0x10 [ 638.528967][ T1163] ? __pfx__printk+0x10/0x10 [ 638.533614][ T1163] panic+0x2db/0x790 [ 638.537564][ T1163] ? __pfx_panic+0x10/0x10 [ 638.542048][ T1163] ? ret_from_fork_asm+0x1a/0x30 [ 638.547068][ T1163] __warn+0x31b/0x4b0 [ 638.551107][ T1163] ? __linkwatch_sync_dev+0x303/0x350 [ 638.556541][ T1163] ? __linkwatch_sync_dev+0x303/0x350 [ 638.561967][ T1163] report_bug+0x2be/0x4f0 [ 638.566349][ T1163] ? __linkwatch_sync_dev+0x303/0x350 [ 638.571762][ T1163] ? __linkwatch_sync_dev+0x303/0x350 [ 638.577168][ T1163] ? __linkwatch_sync_dev+0x305/0x350 [ 638.582575][ T1163] handle_bug+0x84/0x160 [ 638.586849][ T1163] exc_invalid_op+0x1a/0x50 [ 638.591374][ T1163] asm_exc_invalid_op+0x1a/0x20 [ 638.596251][ T1163] RIP: 0010:__linkwatch_sync_dev+0x303/0x350 [ 638.602254][ T1163] Code: 7c fe ff ff e8 4e bc 69 f8 c6 05 f5 6d 34 06 01 90 48 c7 c7 80 b8 92 8c 48 c7 c6 7a 97 9c 8d ba 48 00 00 00 e8 ee 66 2d f8 90 <0f> 0b 90 90 e9 4d fe ff ff 44 89 f1 80 e1 07 38 c1 0f 8c 22 fd ff [ 638.621889][ T1163] RSP: 0018:ffffc90003c6f670 EFLAGS: 00010246 [ 638.627982][ T1163] RAX: 679e7087d098ab00 RBX: ffff88807ce84000 RCX: ffff888027149e00 [ 638.635998][ T1163] RDX: 0000000000000000 RSI: 0000000000000001 RDI: 0000000000000002 [ 638.644014][ T1163] RBP: 0000000000000000 R08: 0000000000000003 R09: 0000000000000004 [ 638.652105][ T1163] R10: dffffc0000000000 R11: fffffbfff1bfa9e4 R12: 1ffff1100f9d085d [ 638.660112][ T1163] R13: dffffc0000000000 R14: ffffffff8c1c4608 R15: 0000000000000000 [ 638.668138][ T1163] ? ethtool_op_get_link+0xd/0x70 [ 638.673204][ T1163] ethtool_op_get_link+0x15/0x70 [ 638.678346][ T1163] bond_check_dev_link+0x444/0x6c0 [ 638.683578][ T1163] ? __pfx_bond_check_dev_link+0x10/0x10 [ 638.689269][ T1163] ? netdev_lower_get_next_private_rcu+0x9f/0x100 [ 638.695710][ T1163] bond_mii_monitor+0x428/0x2e00 [ 638.700682][ T1163] ? bond_mii_monitor+0x153/0x2e00 [ 638.705824][ T1163] ? __pfx_preempt_schedule_irq+0x10/0x10 [ 638.711590][ T1163] ? __pfx_bond_mii_monitor+0x10/0x10 [ 638.717074][ T1163] ? irqentry_exit+0x74/0x90 [ 638.721776][ T1163] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.727002][ T1163] ? process_scheduled_works+0x9ef/0x17b0 [ 638.732783][ T1163] ? lock_acquire+0x175/0x360 [ 638.737581][ T1163] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.742824][ T1163] ? process_scheduled_works+0x9ef/0x17b0 [ 638.748654][ T1163] ? process_scheduled_works+0x9ef/0x17b0 [ 638.754412][ T1163] process_scheduled_works+0xae1/0x17b0 [ 638.760022][ T1163] ? __pfx_process_scheduled_works+0x10/0x10 [ 638.766161][ T1163] worker_thread+0x8a0/0xda0 [ 638.770792][ T1163] kthread+0x70e/0x8a0 [ 638.774891][ T1163] ? __pfx_worker_thread+0x10/0x10 [ 638.780032][ T1163] ? __pfx_kthread+0x10/0x10 [ 638.784644][ T1163] ? _raw_spin_unlock_irq+0x23/0x50 [ 638.789868][ T1163] ? lockdep_hardirqs_on+0x9c/0x150 [ 638.795095][ T1163] ? __pfx_kthread+0x10/0x10 [ 638.799709][ T1163] ret_from_fork+0x3fc/0x770 [ 638.804367][ T1163] ? __pfx_ret_from_fork+0x10/0x10 [ 638.809511][ T1163] ? __switch_to_asm+0x39/0x70 [ 638.814300][ T1163] ? __switch_to_asm+0x33/0x70 [ 638.819090][ T1163] ? __pfx_kthread+0x10/0x10 [ 638.823729][ T1163] ret_from_fork_asm+0x1a/0x30 [ 638.828522][ T1163] [ 638.831931][ T1163] Kernel Offset: disabled [ 638.836312][ T1163] Rebooting in 86400 seconds..