last executing test programs: 30m22.027457456s ago: executing program 2 (id=5579): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0xc, &(0x7f0000000100)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff0000}]}) setpgid(0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newlink={0x44, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x40002}, [@IFLA_AF_SPEC={0x10, 0x1a, 0x0, 0x1, [@AF_INET6={0xc, 0xa, 0x0, 0x1, [@IFLA_INET6_ADDR_GEN_MODE={0x5, 0x8, 0x10}]}]}, @IFLA_ALT_IFNAME={0x14, 0x35, 'wg1\x00'}]}, 0x44}}, 0x0) r1 = socket(0x18, 0x0, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x2, @empty, 'geneve1\x00'}}, 0x1e) munlockall() sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x5700, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x74, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x38}}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xfb}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x39}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_virt_wifi\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr=' \x01\x00'}]}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x95f}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x800}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e23}]}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xabd}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}]}]}, 0x104}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) 30m21.759108295s ago: executing program 2 (id=5580): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x1) ioctl$KVM_SET_MSRS(r2, 0x4008ae89, &(0x7f0000000080)=ANY=[@ANYBLOB="01000000000000008a"]) 30m21.46157562s ago: executing program 2 (id=5583): r0 = syz_open_dev$loop(&(0x7f0000000440), 0x81, 0x2a82) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000400)='cpuset.effective_cpus\x00', 0x275a, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f00000005c0)={r1, 0x800, {0x2a00, 0x80010000, 0x0, 0x5, 0x0, 0x0, 0x0, 0x20, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd6447a4b4e00d9683dda1af1ea09de2b7fb0a0100000000000000000300", "2809e8dbe108598927875397bab22d0000b420a9c81f40f05f819e01177d3d458dac00000000000000000000003b00000000000000000200", "90be8b1c5512406c7f00", [0x4, 0x40000000000000]}}) r2 = syz_open_dev$loop(&(0x7f00000001c0), 0x5, 0x88000) ioctl$LOOP_CONFIGURE(r2, 0x4c0a, &(0x7f0000000280)={r0, 0x0, {0x2a12, 0x80010000, 0x0, 0x0, 0x4, 0x0, 0x0, 0x3, 0x1c, "fee8a2ab78fc179fd1f8a0e91ddaaca7bd64c6a4b4e00d9683dda1af1ea80000000000000000000013deff0000000000000000000000000000000800", "2809e8dbe108038948224ad54afac11d875397bdb22d0000b420a1a93c7540f4767f9e01177d3dd40600000061ac00", "90be8b1c55f96400", [0x800]}}) 30m20.894210764s ago: executing program 2 (id=5587): r0 = open(&(0x7f0000000280)='.\x00', 0x0, 0x0) fcntl$notify(r0, 0x402, 0x8000003d) r1 = socket(0x18, 0x0, 0x0) connect$pppoe(r1, &(0x7f0000000080)={0x18, 0x0, {0x2, @empty, 'geneve1\x00'}}, 0x1e) r2 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) r3 = syz_io_uring_setup(0x231, &(0x7f0000000080)={0x0, 0xd811, 0x10100, 0x0, 0x2}, &(0x7f0000000000)=0x0, &(0x7f0000000100)=0x0) syz_io_uring_submit(r4, r5, &(0x7f00000009c0)=@IORING_OP_WRITE={0x17, 0x0, 0x0, @fd_index=0x3, 0xffffffffffffffff, 0x0}) io_uring_enter(r3, 0x7a98, 0x4, 0x41, 0x0, 0x0) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x0, &(0x7f0000000100)={{'fd', 0x3d, r2}, 0x2c, {'rootmode', 0x3d, 0x4000}}, 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000000)='./file0\x00', 0x0, 0x100000, 0x0) unshare(0x26020480) syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000000)='./file0\x00', 0x80000, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0) open_tree(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x89901) open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000300)='./file0\x00', 0x0) sendmsg$IPVS_CMD_FLUSH(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000000c0)={0x8302, 0x0, 0x200, 0x70bd2b, 0x25dfdbfc, {}, [@IPVS_CMD_ATTR_SERVICE={0x14, 0x1, 0x0, 0x1, [@IPVS_SVC_ATTR_AF={0x6, 0x1, 0x2}, @IPVS_SVC_ATTR_PE_NAME={0x8}]}, @IPVS_CMD_ATTR_TIMEOUT_TCP={0x8, 0x4, 0x4}, @IPVS_CMD_ATTR_TIMEOUT_UDP={0x8, 0x6, 0x5}, @IPVS_CMD_ATTR_DAEMON={0x74, 0x3, 0x0, 0x1, [@IPVS_DAEMON_ATTR_SYNC_MAXLEN={0x6, 0x4, 0x7}, @IPVS_DAEMON_ATTR_STATE={0x8, 0x1, 0x1}, @IPVS_DAEMON_ATTR_MCAST_GROUP={0x8, 0x5, @dev={0xac, 0x14, 0x14, 0x38}}, @IPVS_DAEMON_ATTR_MCAST_TTL={0x5, 0x8, 0xfb}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @dev={0xfe, 0x80, '\x00', 0x39}}, @IPVS_DAEMON_ATTR_MCAST_IFN={0x14, 0x2, 'veth0_virt_wifi\x00'}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @initdev={0xfe, 0x88, '\x00', 0x0, 0x0}}, @IPVS_DAEMON_ATTR_MCAST_GROUP6={0x14, 0x6, @rand_addr=' \x01\x00'}]}, @IPVS_CMD_ATTR_DEST={0x34, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x95f}, @IPVS_DEST_ATTR_TUN_TYPE={0x5, 0xd, 0x1}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e24}, @IPVS_DEST_ATTR_PERSIST_CONNS={0x8, 0x9, 0x2}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x800}, @IPVS_DEST_ATTR_TUN_PORT={0x6, 0xe, 0x4e23}]}, @IPVS_CMD_ATTR_DEST={0x24, 0x2, 0x0, 0x1, [@IPVS_DEST_ATTR_U_THRESH={0x8, 0x5, 0xabd}, @IPVS_DEST_ATTR_L_THRESH={0x8, 0x6, 0x6}, @IPVS_DEST_ATTR_PORT={0x6, 0x2, 0x4e20}, @IPVS_DEST_ATTR_ACTIVE_CONNS={0x8, 0x7, 0x100}]}]}, 0x104}, 0x1, 0x0, 0x0, 0x4000000}, 0x8000) 30m19.58071059s ago: executing program 2 (id=5591): ioctl$KVM_SET_REGS(0xffffffffffffffff, 0x4090ae82, &(0x7f0000000200)={[0x0, 0x8, 0xfffffffffffffffd, 0x0, 0x10000, 0xfffffffffffffffd, 0x4002004c4, 0x1000, 0x0, 0x0, 0x10, 0x0, 0x3, 0x1], 0xeeee8000, 0x2011c0}) writev(0xffffffffffffffff, &(0x7f00000000c0)=[{&(0x7f00000001c0)="4bc761ae284f4c70b92facfb821760b721119771ab348b977c97d2b818a16877ef8e7042c71254b483c77df962368cc653772a93704b92e8967ede660322f0c33ea2fe5612be32ab18589185797c9e7fc28661671e191f016f86a7d09ce6804f13", 0x61}], 0x1) r0 = syz_open_dev$loop(&(0x7f0000000100), 0x80000006, 0x48002) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000180)='hugetlb.1GB.rsvd.usage_in_bytes\x00', 0x275a, 0x0) write$binfmt_misc(r1, &(0x7f0000000040), 0xe09) ioctl$LOOP_CONFIGURE(r0, 0x4c0a, &(0x7f0000000400)={r1, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x20000000, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 30m19.110015533s ago: executing program 2 (id=5593): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0x1d, r1, 0x0, 0x0) io_setup(0x0, 0x0) syz_io_uring_setup(0x5c2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0x3d9}, &(0x7f0000000240)=0x0, &(0x7f0000000340)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_emit_ethernet(0x219, &(0x7f0000000480)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd6000000001e33aff00000000000000000000000040210e2c45e4a5c700000000ff02000000000000000000000000000187009078fc00000000000000410000000000000000000038c2689f036b879d3ec8e5828f9e9ee2c640e89cf72223237dc800bb3b03f59c66f78aaa4b61d0836252526d17a84bc8c4cb0539beb9673170f145cae0f218813d04b2c1238f2e109d52153b954db922764dc773f7671b65accc3e2d57180deaeb2ebeec4db69270c643bc0b00411e7209b7fbcd4deae1d990b6b8fa09bbb6c7be2bfa631652d60f0ac9af0c96f091d469077bb0474e6af552d65b738a7368791b5e25f8db00bfd96c66edd80cce1b8bfee8a43267b1a3af2d7eb3301acfa4ef45348bebd2281d38a74811538a792766d75057da15f53d1c9525fbe1f0c34d4d2a00c180390a0016bd058f9c12eeaebc2abdcbe950634655191c3257f31482321e25c263868f9bddb0fe008399f2f9aabcf1d5a95e6349220e1b81"], 0x0) ioctl$SNDCTL_SEQ_GETTIME(0xffffffffffffffff, 0x80045113, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYBLOB=',rootmode=0000000000', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0]) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x64, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x1f}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x64}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000000906010200000000000a0000000000000900020073797a31000000000500010007000000180007800c00018008000140ffffffff080009"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 30m17.306525375s ago: executing program 32 (id=5593): socket$nl_route(0x10, 0x3, 0x0) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) shutdown(r0, 0x0) r1 = add_key$keyring(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x2}, 0x0, 0x0, 0xfffffffffffffffe) keyctl$read(0x1d, r1, 0x0, 0x0) io_setup(0x0, 0x0) syz_io_uring_setup(0x5c2, &(0x7f00000002c0)={0x0, 0x0, 0x0, 0x3, 0x3d9}, &(0x7f0000000240)=0x0, &(0x7f0000000340)) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffff8, 0x0, 0x4) syz_emit_ethernet(0x219, &(0x7f0000000480)=ANY=[@ANYBLOB="bbbbbbbbbbbbaaaaaaaaaabb86dd6000000001e33aff00000000000000000000000040210e2c45e4a5c700000000ff02000000000000000000000000000187009078fc00000000000000410000000000000000000038c2689f036b879d3ec8e5828f9e9ee2c640e89cf72223237dc800bb3b03f59c66f78aaa4b61d0836252526d17a84bc8c4cb0539beb9673170f145cae0f218813d04b2c1238f2e109d52153b954db922764dc773f7671b65accc3e2d57180deaeb2ebeec4db69270c643bc0b00411e7209b7fbcd4deae1d990b6b8fa09bbb6c7be2bfa631652d60f0ac9af0c96f091d469077bb0474e6af552d65b738a7368791b5e25f8db00bfd96c66edd80cce1b8bfee8a43267b1a3af2d7eb3301acfa4ef45348bebd2281d38a74811538a792766d75057da15f53d1c9525fbe1f0c34d4d2a00c180390a0016bd058f9c12eeaebc2abdcbe950634655191c3257f31482321e25c263868f9bddb0fe008399f2f9aabcf1d5a95e6349220e1b81"], 0x0) ioctl$SNDCTL_SEQ_GETTIME(0xffffffffffffffff, 0x80045113, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', 0x0, 0x0, &(0x7f0000002140)=ANY=[@ANYBLOB, @ANYRESHEX, @ANYBLOB=',rootmode=0000000000', @ANYRESDEC=0x0, @ANYBLOB, @ANYRESDEC=0x0]) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r3, &(0x7f0000000000)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000d40)={0x64, 0x2, 0x6, 0x5, 0x0, 0x0, {}, [@IPSET_ATTR_TYPENAME={0x12, 0x3, 'bitmap:ip,mac\x00'}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz1\x00'}, @IPSET_ATTR_DATA={0x18, 0x7, 0x0, 0x1, [@IPSET_ATTR_CIDR={0x5, 0x3, 0x1f}, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @broadcast}}]}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0x2}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}]}, 0x64}}, 0x0) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000240)={&(0x7f0000000080)=ANY=[@ANYBLOB="400000000906010200000000000a0000000000000900020073797a31000000000500010007000000180007800c00018008000140ffffffff080009"], 0x40}, 0x1, 0x0, 0x0, 0x10000047}, 0x4000084) 6.401653488s ago: executing program 3 (id=14162): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000003c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$netlink(0x10, 0x3, 0x4) bind$netlink(r3, &(0x7f0000514ff4)={0x10, 0x0, 0x4, 0x2ffffffff}, 0x2e) r4 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(0xffffffffffffffff, 0x0, 0x0) close_range(r4, 0xffffffffffffffff, 0x0) 4.808005581s ago: executing program 3 (id=14166): r0 = socket$nl_route(0x10, 0x3, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000100)=@base={0x13, 0x10, 0x2}, 0x48) r1 = socket(0x1, 0x803, 0x0) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f00000002c0)=0x14) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x3c, 0x10, 0x403, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x88a8ffad}, [@IFLA_LINKINFO={0x14, 0x12, 0x0, 0x1, @macsec={{0xb}, {0x4}}}, @IFLA_LINK={0x8, 0x5, r2}]}, 0x3c}}, 0x8000) 4.806769112s ago: executing program 5 (id=14176): ioctl$sock_SIOCETHTOOL(0xffffffffffffffff, 0x8946, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x40001e0, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r3 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000001c40)={0x8, 0x3, &(0x7f0000001300)=ANY=[@ANYBLOB="1800000000000000000000000000000095"], &(0x7f0000001200)='syzkaller\x00'}, 0x80) r4 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r4, 0x6, 0x0, 0x0, 0x0) r5 = fsmount(r4, 0x0, 0x0) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000003c0)={r3, r5}, 0x10) bpf$ITER_CREATE(0x22, 0x0, 0x0) 4.702185521s ago: executing program 3 (id=14167): syz_emit_ethernet(0x138, &(0x7f0000000000)=ANY=[@ANYBLOB="ff02"], 0x0) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x1) r0 = socket(0x2, 0x1, 0x0) close(r0) socket(0x2, 0x2, 0x0) connect$unix(r0, &(0x7f0000000000), 0x2) 4.605533151s ago: executing program 3 (id=14169): syz_extract_tcp_res(0x0, 0xd7, 0x2) sendmsg$NFULNL_MSG_CONFIG(0xffffffffffffffff, &(0x7f0000000340)={&(0x7f00000000c0)={0x10, 0x0, 0x0, 0x800}, 0xc, &(0x7f00000001c0)={&(0x7f0000000100)={0x14, 0x1, 0x4, 0x101, 0x0, 0x0, {0x1, 0x0, 0x5}}, 0x14}, 0x1, 0x0, 0x0, 0x4040000}, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) sched_setscheduler(0x0, 0x2, &(0x7f0000000200)=0x7) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(0xffffffffffffffff, 0xc4c85513, &(0x7f0000000d80)={{0x1, 0x1, 0x0, 0x4, 'syz1\x00', 0x6}, 0x1, [0x9, 0x5, 0x1ff, 0x4, 0x1, 0x85, 0x2, 0x5, 0x6, 0x4, 0x9, 0x10000, 0xb, 0x33, 0x4, 0xb221, 0xfff, 0x0, 0xb8a1, 0x6, 0xced, 0x3, 0x1000, 0x7, 0xc, 0x101, 0x1, 0x40, 0x6, 0x9, 0x100000001, 0x5, 0x0, 0x8, 0x5, 0x9, 0x8001, 0x4, 0x0, 0x9, 0xffffffffffffff80, 0x7f, 0x3, 0x200, 0x9, 0x5, 0x82c2, 0x7, 0x4, 0x100, 0x4, 0xa, 0x7, 0x2, 0x10000, 0x9, 0x0, 0x0, 0x1, 0x10, 0x4, 0x3, 0x9, 0x80000000, 0x8, 0x7, 0x1ff, 0xffffffffffffff01, 0x9, 0x3399, 0x7, 0x87, 0x8, 0x12d2, 0x10, 0x2, 0x8, 0x2, 0xa1, 0x3f800000000000, 0x1, 0x0, 0x4, 0x3, 0x3, 0x8000, 0x8000000000000000, 0x6, 0xfffffffffffffffd, 0x8, 0x5, 0xa, 0x0, 0xfffffffffffff1c3, 0x0, 0x3, 0x5, 0x7ff, 0xa24, 0x80000001, 0x7, 0xbf6, 0xc000000000, 0x6, 0x80, 0x7ff, 0x101, 0x9, 0x400, 0x7f, 0x5, 0x2, 0x0, 0x100, 0x3, 0x8, 0x2e, 0x10, 0x1400000000400000, 0x5, 0x1, 0x1, 0x8000000000000001, 0x1, 0x3, 0x7f, 0x6, 0x800]}) r0 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000013c0)={0x18, 0x3, &(0x7f0000000080)=@framed, &(0x7f0000000000)='syzkaller\x00'}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f00000000c0)={&(0x7f0000000040)='contention_end\x00', r0}, 0x10) r1 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r1, 0x40046f41, &(0x7f0000000440)=0x1f) 4.471775105s ago: executing program 3 (id=14172): r0 = syz_usb_connect(0x0, 0x24, &(0x7f0000000980)=ANY=[@ANYBLOB="120100009080e140fc044a500243010203010902120001000000000904"], 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000b80)={0x84, &(0x7f0000000180)={0x40, 0xe, 0x1, "01"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000003c0)={0x34, &(0x7f00000001c0)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f00000014c0)={0x34, &(0x7f00000006c0)=ANY=[@ANYBLOB="2006010000009e"], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f00000007c0)={0x1c, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000380)={0x34, &(0x7f00000001c0)={0x0, 0x5}, 0x0, 0x0, 0x0, 0x0, 0x0}) 3.377926866s ago: executing program 5 (id=14181): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e20}, 0x6e) openat$qat_adf_ctl(0xffffffffffffff9c, &(0x7f0000000000), 0x48400, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r2 = getpid() sched_setaffinity(0x0, 0x0, 0x0) sched_setscheduler(r2, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r3, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r4, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r3, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) prctl$PR_SET_THP_DISABLE(0x41, 0x3) prctl$PR_SET_THP_DISABLE(0x41, 0x3) read$FUSE(0xffffffffffffffff, &(0x7f000000c400)={0x2020, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x2020) write$FUSE_INIT(0xffffffffffffffff, &(0x7f0000000100)={0x50, 0x0, r5, {0x7, 0x1f, 0xffffffff, 0x240009, 0x1, 0x8001, 0x0, 0x0, 0x0, 0x0, 0x20, 0x7}}, 0x50) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) getpriority(0x0, r6) 3.255045205s ago: executing program 4 (id=14182): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs={0x0, 0x0, 0x4e21}, 0x6e) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000200)={'rose0\x00', 0x112}) r2 = bpf$BPF_BTF_LOAD(0x12, &(0x7f00000003c0)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0xc, 0xc, 0x2, [@struct]}}, 0x0, 0x26}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x1a, 0x3, &(0x7f0000000040)=@framed={{}, [], {0x95, 0x0, 0x0, 0xec00}}, &(0x7f0000000080)='GPL\x00', 0x5, 0x1f6, &(0x7f00000002c0)=""/168, 0x0, 0x0, '\x00', 0x0, @tracing, r2, 0x8, 0x0, 0x0, 0x10, &(0x7f0000000200), 0x92f5e}, 0x6d) 2.106961411s ago: executing program 0 (id=14190): creat(0x0, 0x100) ioctl$DRM_IOCTL_MODE_CREATE_DUMB(0xffffffffffffffff, 0xc02064b2, 0x0) syz_usb_connect(0x0, 0x2d, 0x0, 0x0) openat$mice(0xffffffffffffff9c, 0x0, 0x80082) openat$fuse(0xffffffffffffff9c, 0x0, 0x2, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000080)=0x3) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x1, 0x0, 0x0, 0x0}, 0x90) r1 = openat$ppp(0xffffffffffffff9c, &(0x7f0000000040), 0x1a01, 0x0) ioctl$PPPIOCNEWUNIT(0xffffffffffffffff, 0xc004743e, 0x0) ioctl$EVIOCGPROP(r1, 0x40047438, &(0x7f0000000180)=""/246) ioctl$F2FS_IOC_MOVE_RANGE(r1, 0xc020f509, 0x0) 2.02104709s ago: executing program 4 (id=14191): r0 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r0, 0x8933, &(0x7f00000000c0)={'vcan0\x00', 0x0}) bind$can_j1939(r0, &(0x7f0000000340)={0x1d, r1, 0x0, {0x2, 0x0, 0x6}, 0xfe}, 0x18) sendmsg$can_j1939(r0, &(0x7f0000000380)={&(0x7f0000000200)={0x1d, 0x0, 0x0, {0x2, 0x0, 0x3}, 0xff}, 0x18, &(0x7f0000000300)={0x0}, 0x1, 0x0, 0x0, 0x8082}, 0x4) 1.947683708s ago: executing program 4 (id=14192): bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000180)=ANY=[], 0x50) setsockopt$IP_VS_SO_SET_DELDEST(0xffffffffffffffff, 0x0, 0x488, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000240)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) connect$unix(0xffffffffffffffff, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(0xffffffffffffffff, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) r1 = openat$procfs(0xffffffffffffff9c, &(0x7f0000000040)='/proc/crypto\x00', 0x0, 0x0) r2 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r2, &(0x7f0000000180)={0x2, 0x0, @dev={0xac, 0x14, 0x14, 0x41}}, 0x10) connect$inet(r2, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) sendfile(r2, r1, 0x0, 0x20000023893) 1.753989897s ago: executing program 3 (id=14193): bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000080)={&(0x7f0000000000)='sched_switch\x00'}, 0x10) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = dup(0xffffffffffffffff) setsockopt$ARPT_SO_SET_REPLACE(r0, 0x0, 0x60, &(0x7f0000000500)={'filter\x00', 0x7, 0x4, 0x3f0, 0x0, 0x220, 0x220, 0x308, 0x308, 0x308, 0x4, &(0x7f00000003c0), {[{{@arp={@dev={0xac, 0x14, 0x14, 0x37}, @loopback, 0xff, 0xffffffff, 0x0, 0xb, {@mac=@broadcast, {[0xff, 0xff, 0xff, 0xff, 0xff, 0xff]}}, {@mac=@multicast, {[0xff, 0x0, 0xff, 0xff, 0xff]}}, 0xb64, 0x8, 0x0, 0x2, 0x9, 0x2, 'gretap0\x00', 'virt_wifi0\x00', {0xff}, {0xff}, 0x0, 0x18}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@empty, @mac=@local, @private=0xa010102, @broadcast, 0x8, 0x1}}}, {{@arp={@multicast1, @local, 0xffffffff, 0xff000000, 0xa, 0xc, {@empty, {[0xff, 0xff, 0xff, 0x0, 0x0, 0xff]}}, {@empty, {[0x0, 0xff, 0x0, 0xff, 0xff]}}, 0x81, 0x8, 0x81, 0xfffa, 0xa24a, 0x0, 'macvlan0\x00', 'veth0_to_batadv\x00', {0xff}, {0xff}, 0x0, 0x50}, 0xc0, 0x110}, @mangle={0x50, 'mangle\x00', 0x0, {@mac=@remote, @mac=@local, @broadcast, @multicast2, 0x1, 0x1}}}, {{@uncond, 0xc0, 0xe8}, @unspec=@CLASSIFY={0x28, 'CLASSIFY\x00', 0x0, {0x8001}}}], {{'\x00', 0xc0, 0xe8}, {0x28}}}}, 0x440) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) fsopen(&(0x7f0000000400)='cramfs\x00', 0x0) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, 0x0, 0x0) r4 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCL_SETSEL(r4, 0x541c, 0x0) ioctl$TCSETS2(r4, 0x402c542b, &(0x7f0000000040)={0x7f1, 0x84, 0xefcc, 0x10b, 0x5, "f06fca79266e82a74b6c5e443a04683cc267a0", 0x6, 0xc}) ioctl$TIOCL_PASTESEL(r4, 0x541c, &(0x7f0000000100)) 1.435931807s ago: executing program 0 (id=14194): setsockopt$inet6_IPV6_ADDRFORM(0xffffffffffffffff, 0x29, 0x1e, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000040), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='cpuacct.usage_percpu_user\x00', 0x275a, 0x0) write$binfmt_script(r2, &(0x7f0000000000), 0x208e24b) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x1000003, 0x28011, r2, 0x0) preadv(r2, &(0x7f00000015c0)=[{&(0x7f0000000080)=""/124, 0xffffff23}], 0x1, 0x0, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r3 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r3, &(0x7f0000000000/0x18000)=nil, &(0x7f0000000140)=[@text64={0x40, 0x0}], 0x1, 0x44, 0x0, 0x0) ioctl$KVM_SET_FPU(r2, 0x41a0ae8d, &(0x7f0000000240)={'\x00', 0x0, 0x0, 0x99, 0x0, 0x0, 0x10000, 0x4000, '\x00', 0xc94}) ioctl$KVM_RUN(r3, 0xae80, 0x0) 1.217592452s ago: executing program 1 (id=14195): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 1.027177894s ago: executing program 1 (id=14196): unshare(0x400) r0 = syz_open_dev$sndctrl(&(0x7f0000001440), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_PCM_PREFER_SUBDEVICE(r0, 0x40045532, &(0x7f0000000100)) 1.006574285s ago: executing program 0 (id=14197): fspick(0xffffffffffffff9c, 0x0, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$inet_udp(0x2, 0x2, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000300)=@base={0x1b, 0x0, 0x0, 0x8000}, 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r2, @ANYBLOB="0000000000000000b702000001000000850000008600000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x90) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000bc0)={0x0, r3}, 0x18) bind$inet(r1, &(0x7f00000001c0)={0x2, 0x0, @local}, 0x16) connect$inet(r1, &(0x7f0000000480)={0x2, 0x0, @multicast2}, 0x10) openat$cgroup_ro(0xffffffffffffff9c, 0x0, 0x275a, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000340)={'syz_tun\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000180)=@getchain={0x24, 0x11, 0x1, 0x2000000, 0x0, {0x0, 0x0, 0x0, r4, {}, {0x0, 0xfff3}, {0xfff3}}}, 0x24}}, 0x0) 980.034403ms ago: executing program 5 (id=14198): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f0000000000), 0x651, 0x0) close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) select(0x40, &(0x7f0000000000)={0x9, 0x7, 0xffff, 0x0, 0x0, 0x1000}, 0x0, 0x0, 0x0) 866.672057ms ago: executing program 4 (id=14199): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000240)={0x0, 0xc, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x11, 0x8, &(0x7f00000009c0)=ANY=[@ANYBLOB="620af8ffa1dc0021bfa100000000000007010000f8ffffffb702000007000000bd120000000000008500000010000000b70000000000000095000000000000003faf4f2aa3d9b18ed812a2e2c49e8020a6f4e0e4a9446c7670568982b4e020f698393aa0f3881f9c24561f1b2607995daa56f151905ea23c22624c9f87f9793f3bbb546040677b0c5077da80fb982c1e9400e693146cea484a415b76966118b64b751a0f241b072e90080008002d75593a286cecc93e64c227c95aa0b784625704f07372c29184ff7f4a7c0000070000006056feb4cc664c0af9360a1f7a5e6b607130c89f18c0c1089d8b8588d72ec29c48b45e0000000000000401d01aa27ae8b09e00e79ab20b0b8ed8fb7a68000000000000000000006fa03c6468978089b302d7ff6023cdcedb5e0125ebbcebdde510cb2364149215108337719acd97cfa107d40224edc5465a932b77a74e802a0dc6bf25d8a242bc6099ad2300000480006ef6c1ff0900ff0000000010c63a949e8b7955394ffaff03000000000000ab87b1bfeda7be586602d985430cea080000000000000026abfb0767192361448279b05d96a703a660581eecdbf5bcd3de227a167ca17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9b081d6a08000000ea2b1a52496dfcaf99431412fd134a996382a1a04d5bb924cfe5f3185418d605ffff9c4d2ec7c32f2095e63c80af740b5b7632d5933a1c1fa5605bd7603f2ba2a790d62d6faec2fed44da4928b30142ba1fde5c5d50b83bae616b5054d1e7c13b1355d6f4a8245ffa4997da9c77af4c0cb97fca585ec6bf58351d578be00d952aab9c71764b0a8a7583c90b3433b809bdb9fbd48bc877505ebf6c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223d8d9e86c5ea06d108d8f80a0eb4fa39f6b5c02e6d6d90756ff578f57000000009700cf0b4b8bc229413300000000000000000003000000000000000000000000001000000000559711e6e8fcffffffffffffffb2d02edc3e01dd271c896249ed85b980680b09000000000f0000169cdcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffffd897ef3b7cda42f93d53046da21b40216e14ba2d6af8656b01e17addaedab25b30002abbba7fa725f38400be7c1f001b2cd3170400000085be9e48dccf1f9f3282830689da6b53b263339863297771d74732d400003341bf4a00fc9fec2271ff01589646efd1cf870cd7bb2366fde4a594290c405ff870ce5dfd3467decb05cfd9fcb32c8ed1dbd9d30a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce970275d13b78249788f11f761038b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe760e717a04becff0f719197724f4fce1093b62d7e8c7123d890cec55bf404e4e1f74b7eed82571be54c72d978cf906df08f11f1c4042e36acd37d7f9e109f2c06f815312e0cfe222a06f56dd022c074eb8a322fb0bf47c0a8d154b405c37feaf3dd95f6ef2acd1fe582786105c70600000000000000b7561301bb997316dbf17866fb84d4173731efe895ff2e1c5560926e90109b598502d3e959efc71f665c542c9062ece84c99a061887a20639b41c8c12ee86c50804042b3eac1f871b136345cf67ca3fb"], &(0x7f0000000100)='GPL\x00'}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000200)={&(0x7f0000000340)='kfree\x00', r0}, 0x10) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r2, 0x8933, &(0x7f0000000180)={'vxcan0\x00', 0x0}) r4 = socket$can_raw(0x1d, 0x3, 0x1) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000300)={'vxcan1\x00', 0x0}) bind$can_raw(r4, &(0x7f0000000000)={0x1d, r5}, 0x10) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f00000000c0)=@getchain={0x24, 0x11, 0x839, 0x70bd25, 0x0, {0x0, 0x0, 0x0, r3, {0xb, 0x6}, {0xffff, 0xfff9}, {0x1}}}, 0x24}}, 0x4) 820.635419ms ago: executing program 1 (id=14200): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_ADD(r0, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)={0x38, 0x9, 0x6, 0x201, 0x0, 0x0, {0x2, 0x0, 0xffff}, [@IPSET_ATTR_LINENO={0x8, 0x9, 0x1, 0x0, 0x39}, @IPSET_ATTR_PROTOCOL={0x5}, @IPSET_ATTR_ADT={0x14, 0x8, 0x0, 0x1, [{0x10, 0x7, 0x0, 0x1, @IPSET_ATTR_IP={0xc, 0x1, 0x0, 0x1, @IPSET_ATTR_IPADDR_IPV4={0x8, 0x1, 0x1, 0x0, @multicast2}}}]}]}, 0x38}, 0x1, 0x0, 0x0, 0x10000082}, 0x4000080) 803.440213ms ago: executing program 5 (id=14201): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'batadv0\x00', 0x0}) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000000000)=ANY=[@ANYBLOB="90000000100003058285d2f1e2e4f74d00000700", @ANYRES32=0x0, @ANYBLOB="996e06004d4c0700540012800800010068737200480002800500030008000000050003000500000005000300fd00000008000200", @ANYRES32=r3, @ANYRES32=r2], 0x90}, 0x1, 0x0, 0x0, 0x26041004}, 0x80) 653.270331ms ago: executing program 1 (id=14202): r0 = socket$netlink(0x10, 0x3, 0x14) sendmsg$RDMA_NLDEV_CMD_NEWLINK(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000004c0)=ANY=[@ANYBLOB="38000000031401002dbd7000000000000900020073797a320000000008000100727865001400"], 0x38}, 0x1, 0x0, 0x0, 0x844}, 0x0) 561.800874ms ago: executing program 5 (id=14203): socket$packet(0x11, 0x2, 0x300) syz_emit_ethernet(0x0, 0x0, 0x0) 539.65816ms ago: executing program 0 (id=14204): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000700)={0x18, 0xf, &(0x7f0000000080)=ANY=[@ANYBLOB="18"], 0x0, 0xafd8, 0x0, 0x0, 0x41100, 0x1, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x7}, 0x94) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) r0 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r0, 0x84, 0xc, 0x0, &(0x7f0000000080)) 497.994116ms ago: executing program 4 (id=14205): socket$nl_generic(0x10, 0x3, 0x10) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000000)='./binderfs/binder0\x00', 0x802, 0x0) r0 = openat$sysfs(0xffffffffffffff9c, &(0x7f0000000040)='/sys/power/wakeup_count', 0x66643, 0x103) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) openat$fuse(0xffffffffffffff9c, &(0x7f0000000080), 0x2, 0x0) ioctl$KVM_CREATE_IRQCHIP(r2, 0xae60) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_kvm_setup_cpu$x86(r0, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000440)=[@text64={0x40, &(0x7f0000000100)="66baa000ecc744240011000000c7442402b16e0000ff2c2443f466baf80cb8f2c96789ef66bafc0cd3ed0f072e0f01c2c4e1fd11548f880f23d00f21f835000000010f23f8c46289900cabb9f9080000b8c93c0000ba000000000f30c4816857a601000000", 0x65}], 0x1, 0x0, 0x0, 0x0) pipe2(&(0x7f0000000040), 0x800) pipe2(&(0x7f0000000080), 0x0) ioctl$KVM_RUN(r3, 0xae80, 0x0) 476.370383ms ago: executing program 1 (id=14206): r0 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f0000002800), 0x2, 0x0) ioctl$VHOST_SET_OWNER(r0, 0xaf01, 0x0) ioctl$VHOST_SET_MEM_TABLE(r0, 0x4008af03, &(0x7f0000000480)) ioctl$VHOST_SET_VRING_ADDR(r0, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f0000001740)=""/192, 0x0}) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mremap(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x3000, 0x7, &(0x7f00005a5000/0x3000)=nil) ioctl$VHOST_VSOCK_SET_RUNNING(r0, 0x4004af61, &(0x7f00000000c0)=0x1) 376.444568ms ago: executing program 0 (id=14207): r0 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000040)={'sit0\x00'}) sendmsg$nl_route(r0, &(0x7f0000000080)={0xffffffffffffffff, 0x0, &(0x7f00000001c0)={0x0}}, 0x0) 363.635142ms ago: executing program 5 (id=14208): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000540)={0x0, 0x4, 0x0, 0x0}, 0x94) socket$inet6_udp(0xa, 0x2, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f00000007c0)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r1 = memfd_create(&(0x7f00000008c0)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x0) ftruncate(r1, 0x80079a0) mmap(&(0x7f0000200000/0x400000)=nil, 0x400000, 0xb, 0x2012, r1, 0x0) 264.795399ms ago: executing program 4 (id=14209): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) setsockopt$IP6T_SO_SET_REPLACE(0xffffffffffffffff, 0x29, 0x40, 0x0, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000000)='./file1\x00', 0x401c2, 0x0) ftruncate(r1, 0x8800000) socketpair$nbd(0x1, 0x1, 0x0, &(0x7f00000000c0)={0xffffffffffffffff, 0xffffffffffffffff}) recvmmsg(r3, &(0x7f00000034c0)=[{{0x0, 0x0, &(0x7f0000001e40)=[{&(0x7f0000000b80)=""/4096, 0x20001b80}, {&(0x7f0000001b80)=""/112, 0x70}], 0x2, 0x0, 0xa0028cb4}}], 0x40000000000013c, 0x700, 0x0) sendfile(r2, r1, 0x0, 0x578410eb) 226.970825ms ago: executing program 1 (id=14210): r0 = socket(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000000)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000300)=@newqdisc={0x34, 0x24, 0xd0f, 0x70bd25, 0x0, {0x60, 0x0, 0x0, r2, {}, {0x9, 0xa}, {0x0, 0x15}}, [@qdisc_kind_options=@q_codel={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x20000040}, 0x4000) 0s ago: executing program 0 (id=14211): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) gettid() timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r2, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x0, 0x2}, 0x10) r3 = socket$tipc(0x1e, 0x2, 0x0) setsockopt$TIPC_GROUP_JOIN(r3, 0x10f, 0x87, &(0x7f0000000180)={0x42, 0x1}, 0x10) sendmsg$tipc(r3, &(0x7f0000000540)={&(0x7f00000001c0)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x0, 0x4}}, 0x10, 0x0}, 0x10) kernel console output (not intermixed with test programs): 0x0-- guessing data in; [ 2824.744340][T18744] program syz.1.13267 not setting count and/or reply_len properly [ 2824.765388][T14221] usb 5-1: new full-speed USB device number 49 using dummy_hcd [ 2824.816460][T14221] usb 5-1: device descriptor read/8, error -71 [ 2824.854391][T18737] xt_NFQUEUE: number of queues (65532) out of range (got 66665) [ 2825.202687][T18695] [U]  [ 2825.233399][T19832] usb 4-1: USB disconnect, device number 14 [ 2825.245556][T14221] usb 5-1: new full-speed USB device number 50 using dummy_hcd [ 2825.296151][T14221] usb 5-1: device descriptor read/8, error -71 [ 2825.436570][T14221] usb usb5-port1: unable to enumerate USB device [ 2825.628508][T18760] netlink: 36 bytes leftover after parsing attributes in process `syz.0.13275'. [ 2825.862060][T18763] netlink: 200 bytes leftover after parsing attributes in process `syz.5.13276'. [ 2826.148203][T18771] netlink: 8 bytes leftover after parsing attributes in process `syz.0.13279'. [ 2826.437423][T18777] trusted_key: encrypted_key: keyword 'upd' not recognized [ 2826.701635][T19832] usb 2-1: USB disconnect, device number 89 [ 2827.095408][T19832] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 2827.286436][T19832] usb 2-1: Using ep0 maxpacket: 8 [ 2827.293444][T19832] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 2827.302911][T19832] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 2827.312339][T19832] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 2827.325422][T19832] usb 2-1: config 250 has no interface number 0 [ 2827.336938][T18791] netlink: 'syz.0.13288': attribute type 1 has an invalid length. [ 2827.343995][T19832] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 2827.346244][T18791] netlink: 200 bytes leftover after parsing attributes in process `syz.0.13288'. [ 2827.358096][T18796] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13289'. [ 2827.378319][T19832] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 2827.390699][T19832] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid maxpacket 65535, setting to 1024 [ 2827.422796][T19832] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 1024 [ 2827.453712][T19832] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 2827.508264][T19832] usb 2-1: config 250 interface 228 has no altsetting 0 [ 2827.533191][T19832] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 2827.554139][T19832] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 2827.573329][T19832] usb 2-1: Product: syz [ 2827.578036][T19832] usb 2-1: SerialNumber: syz [ 2827.620037][T19832] hub 2-1:250.228: bad descriptor, ignoring hub [ 2827.636340][T19832] hub 2-1:250.228: probe with driver hub failed with error -5 [ 2827.838514][T19832] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 90 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 2827.916366][T19832] usb 2-1: USB disconnect, device number 90 [ 2827.976212][T19832] usblp0: removed [ 2828.008678][T18811] FAULT_INJECTION: forcing a failure. [ 2828.008678][T18811] name failslab, interval 1, probability 0, space 0, times 0 [ 2828.076506][T18811] CPU: 0 UID: 0 PID: 18811 Comm: syz.0.13294 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 2828.076535][T18811] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2828.076548][T18811] Call Trace: [ 2828.076556][T18811] [ 2828.076565][T18811] dump_stack_lvl+0x189/0x250 [ 2828.076594][T18811] ? __pfx____ratelimit+0x10/0x10 [ 2828.076625][T18811] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2828.076649][T18811] ? __pfx__printk+0x10/0x10 [ 2828.076678][T18811] ? __pfx___might_resched+0x10/0x10 [ 2828.076700][T18811] ? fs_reclaim_acquire+0x7d/0x100 [ 2828.076733][T18811] should_fail_ex+0x414/0x560 [ 2828.076766][T18811] should_failslab+0xa8/0x100 [ 2828.076793][T18811] __kmalloc_noprof+0xcb/0x4f0 [ 2828.076815][T18811] ? fib6_info_alloc+0x30/0xf0 [ 2828.076842][T18811] fib6_info_alloc+0x30/0xf0 [ 2828.076866][T18811] ip6_route_info_create+0x142/0x860 [ 2828.076898][T18811] ip6_route_add+0x49/0x1b0 [ 2828.076925][T18811] inet6_rtm_newroute+0x1cf/0x18c0 [ 2828.076952][T18811] ? nlmon_xmit+0xb0/0x100 [ 2828.076971][T18811] ? kmem_cache_free+0x18f/0x400 [ 2828.076997][T18811] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 2828.077023][T18811] ? __local_bh_enable_ip+0x12d/0x1c0 [ 2828.077046][T18811] ? lockdep_hardirqs_on+0x9c/0x150 [ 2828.077076][T18811] ? __local_bh_enable_ip+0x12d/0x1c0 [ 2828.077098][T18811] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 2828.077125][T18811] ? __dev_queue_xmit+0x27e/0x3a70 [ 2828.077197][T18811] ? __pfx_inet6_rtm_newroute+0x10/0x10 [ 2828.077219][T18811] rtnetlink_rcv_msg+0x7cf/0xb70 [ 2828.077245][T18811] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 2828.077265][T18811] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2828.077285][T18811] ? ref_tracker_free+0x63a/0x7d0 [ 2828.077312][T18811] ? __copy_skb_header+0xa7/0x550 [ 2828.077340][T18811] ? __pfx_ref_tracker_free+0x10/0x10 [ 2828.077380][T18811] netlink_rcv_skb+0x208/0x470 [ 2828.077406][T18811] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2828.077430][T18811] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2828.077466][T18811] ? netlink_deliver_tap+0x2e/0x1b0 [ 2828.077488][T18811] ? netlink_deliver_tap+0x2e/0x1b0 [ 2828.077517][T18811] netlink_unicast+0x75b/0x8d0 [ 2828.077549][T18811] netlink_sendmsg+0x805/0xb30 [ 2828.077583][T18811] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2828.077610][T18811] ? __import_iovec+0x5d4/0x7f0 [ 2828.077631][T18811] ? aa_sock_msg_perm+0x94/0x160 [ 2828.077659][T18811] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2828.077689][T18811] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2828.077714][T18811] __sock_sendmsg+0x21c/0x270 [ 2828.077745][T18811] ____sys_sendmsg+0x52d/0x830 [ 2828.077770][T18811] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2828.077806][T18811] ___sys_sendmsg+0x21f/0x2a0 [ 2828.077832][T18811] ? __pfx____sys_sendmsg+0x10/0x10 [ 2828.077885][T18811] ? __fget_files+0x2a/0x420 [ 2828.077908][T18811] ? __fget_files+0x3a0/0x420 [ 2828.077940][T18811] __sys_sendmmsg+0x28e/0x430 [ 2828.077967][T18811] ? __pfx___sys_sendmmsg+0x10/0x10 [ 2828.077997][T18811] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 2828.078030][T18811] ? ksys_write+0x22a/0x250 [ 2828.078060][T18811] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 2828.078086][T18811] __do_fast_syscall_32+0xb6/0x2b0 [ 2828.078105][T18811] ? lockdep_hardirqs_on+0x9c/0x150 [ 2828.078137][T18811] do_fast_syscall_32+0x34/0x80 [ 2828.078156][T18811] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2828.078187][T18811] RIP: 0023:0xf70fe539 [ 2828.078203][T18811] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2828.078219][T18811] RSP: 002b:00000000f50ee55c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 2828.078240][T18811] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0 [ 2828.078253][T18811] RDX: 000000000000009f RSI: 0000000000000000 RDI: 0000000000000000 [ 2828.078265][T18811] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2828.078276][T18811] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2828.078287][T18811] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2828.078311][T18811] [ 2828.966915][T18822] loop6: detected capacity change from 0 to 7 [ 2828.974386][T18822] Dev loop6: unable to read RDB block 7 [ 2828.994273][T18822] loop6: unable to read partition table [ 2829.022278][T18828] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13298'. [ 2829.041757][T18822] loop6: partition table beyond EOD, truncated [ 2829.189596][T14190] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 2829.335831][T18822] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2829.452120][T14190] usb 2-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2829.483110][T14190] usb 2-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 1024 [ 2829.556077][T14190] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2829.567758][T14190] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2829.594787][T14190] usb 2-1: Product: syz [ 2829.609525][T14190] usb 2-1: Manufacturer: syz [ 2829.626074][T14190] usb 2-1: SerialNumber: syz [ 2829.652166][T14190] cdc_mbim 2-1:1.0: skipping garbage [ 2829.778392][T18834] netlink: 200 bytes leftover after parsing attributes in process `syz.5.13302'. [ 2829.856320][T18825] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2830.499072][T18825] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 2830.520058][T14190] cdc_mbim 2-1:1.0: setting tx_max = 184 [ 2830.538561][T14190] cdc_mbim 2-1:1.0: cdc-wdm0: USB WDM device [ 2830.593273][T14190] wwan wwan0: port wwan0mbim0 attached [ 2830.623680][T14190] cdc_mbim 2-1:1.0 wwan0: register 'cdc_mbim' at usb-dummy_hcd.1-1, CDC MBIM, 82:07:ad:27:30:15 [ 2830.733268][ C1] wdm_int_callback: 966 callbacks suppressed [ 2830.733293][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 2830.746015][ C1] wdm_int_callback: 966 callbacks suppressed [ 2830.746034][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 2830.758470][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 2830.765187][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 2830.771792][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 2830.778518][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 2830.785184][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 2830.791907][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 2830.801091][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 2830.807850][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 2830.814542][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 2830.821266][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 2830.827944][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 2830.834670][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 2830.841162][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 2830.847905][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 2830.854334][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 2830.861044][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 2830.867434][ C1] cdc_mbim 2-1:1.0: nonzero urb status received: -71 [ 2830.874146][ C1] cdc_mbim 2-1:1.0: wdm_int_callback - 0 bytes [ 2830.996832][T18825] binfmt_misc: register: failed to install interpreter file ./file0 [ 2831.211964][T14190] usb 2-1: USB disconnect, device number 91 [ 2831.218905][T14190] cdc_mbim 2-1:1.0 wwan0: unregister 'cdc_mbim' usb-dummy_hcd.1-1, CDC MBIM [ 2831.363051][T18866] loop6: detected capacity change from 0 to 7 [ 2831.378624][T14190] wwan wwan0: port wwan0mbim0 disconnected [ 2831.453243][T18866] Dev loop6: unable to read RDB block 7 [ 2831.462320][T18866] loop6: unable to read partition table [ 2831.469708][T18866] loop6: partition table beyond EOD, truncated [ 2831.500682][T18866] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2831.868929][T18874] loop6: detected capacity change from 0 to 7 [ 2831.901234][T18874] Dev loop6: unable to read RDB block 7 [ 2831.911482][T18874] loop6: unable to read partition table [ 2831.931816][T18874] loop6: partition table beyond EOD, truncated [ 2831.945442][T18874] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2832.453063][T18886] netlink: 'syz.3.13316': attribute type 1 has an invalid length. [ 2832.462697][T18886] netlink: 200 bytes leftover after parsing attributes in process `syz.3.13316'. [ 2832.717521][T18895] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13318'. [ 2833.602026][T18899] delete_channel: no stack [ 2833.965216][ T6815] usb 4-1: new high-speed USB device number 15 using dummy_hcd [ 2834.095312][ T6815] usb 4-1: device descriptor read/64, error -71 [ 2834.337002][ T6815] usb 4-1: new high-speed USB device number 16 using dummy_hcd [ 2834.506936][ T6815] usb 4-1: device descriptor read/64, error -71 [ 2834.532437][T18942] netdevsim netdevsim1 netdevsim0: entered promiscuous mode [ 2834.676496][ T6815] usb usb4-port1: attempt power cycle [ 2834.999820][T18948] netlink: 'syz.1.13328': attribute type 1 has an invalid length. [ 2835.009076][T18948] netlink: 200 bytes leftover after parsing attributes in process `syz.1.13328'. [ 2835.057248][ T6815] usb 4-1: new high-speed USB device number 17 using dummy_hcd [ 2835.100674][ T6815] usb 4-1: device descriptor read/8, error -71 [ 2835.495276][ T6815] usb 4-1: new high-speed USB device number 18 using dummy_hcd [ 2835.737328][T18957] trusted_key: encrypted_key: keyword 'upd' not recognized [ 2835.841461][ T6815] usb 4-1: device descriptor read/8, error -71 [ 2835.893524][T18964] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13331'. [ 2836.042032][ T6815] usb usb4-port1: unable to enumerate USB device [ 2836.311723][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 2836.318318][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 2837.065618][T18979] trusted_key: encrypted_key: keyword 'upd' not recognized [ 2837.175599][T14222] usb 5-1: new high-speed USB device number 51 using dummy_hcd [ 2837.397536][T14222] usb 5-1: Using ep0 maxpacket: 8 [ 2837.412018][T14222] usb 5-1: config index 0 descriptor too short (expected 5924, got 36) [ 2837.423907][T14222] usb 5-1: config 250 has an invalid interface number: 228 but max is -1 [ 2837.433325][T14222] usb 5-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 2837.444723][T14222] usb 5-1: config 250 has no interface number 0 [ 2837.452134][T14222] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 2837.466444][T14222] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 2837.478444][T14222] usb 5-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid maxpacket 65535, setting to 1024 [ 2837.492835][T14222] usb 5-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 1024 [ 2837.508034][T18982] xt_CT: You must specify a L4 protocol and not use inversions on it [ 2837.534489][T14222] usb 5-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 2837.569338][T14222] usb 5-1: config 250 interface 228 has no altsetting 0 [ 2837.660857][T14222] usb 5-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 2837.672332][T14222] usb 5-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 2837.683817][T14222] usb 5-1: Product: syz [ 2837.688566][T14222] usb 5-1: SerialNumber: syz [ 2837.714408][T14222] hub 5-1:250.228: bad descriptor, ignoring hub [ 2837.724543][T14222] hub 5-1:250.228: probe with driver hub failed with error -5 [ 2837.861259][T18984] netlink: 'syz.0.13339': attribute type 1 has an invalid length. [ 2837.872714][T18984] netlink: 200 bytes leftover after parsing attributes in process `syz.0.13339'. [ 2837.931347][T14222] usblp 5-1:250.228: usblp0: USB Bidirectional printer dev 51 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 2837.984682][T14222] usb 5-1: USB disconnect, device number 51 [ 2838.041815][T14222] usblp0: removed [ 2838.095799][T18988] netlink: 20 bytes leftover after parsing attributes in process `syz.1.13341'. [ 2838.140006][T18988] FAULT_INJECTION: forcing a failure. [ 2838.140006][T18988] name failslab, interval 1, probability 0, space 0, times 0 [ 2838.157381][T18990] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 2838.164927][T18988] CPU: 0 UID: 0 PID: 18988 Comm: syz.1.13341 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 2838.164953][T18988] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2838.164966][T18988] Call Trace: [ 2838.164975][T18988] [ 2838.164985][T18988] dump_stack_lvl+0x189/0x250 [ 2838.165013][T18988] ? __pfx____ratelimit+0x10/0x10 [ 2838.165043][T18988] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2838.165067][T18988] ? __pfx__printk+0x10/0x10 [ 2838.165109][T18988] ? __pfx___might_resched+0x10/0x10 [ 2838.165129][T18988] ? fs_reclaim_acquire+0x7d/0x100 [ 2838.165161][T18988] should_fail_ex+0x414/0x560 [ 2838.165194][T18988] should_failslab+0xa8/0x100 [ 2838.165221][T18988] kmem_cache_alloc_node_noprof+0x76/0x3c0 [ 2838.165246][T18988] ? __alloc_skb+0x112/0x2d0 [ 2838.165273][T18988] __alloc_skb+0x112/0x2d0 [ 2838.165299][T18988] netlink_ack+0x146/0xa50 [ 2838.165320][T18988] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2838.165340][T18988] ? ref_tracker_free+0x63a/0x7d0 [ 2838.165367][T18988] ? __copy_skb_header+0xa7/0x550 [ 2838.165395][T18988] ? __pfx_ref_tracker_free+0x10/0x10 [ 2838.165434][T18988] netlink_rcv_skb+0x28c/0x470 [ 2838.165459][T18988] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2838.165482][T18988] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2838.165518][T18988] ? netlink_deliver_tap+0x2e/0x1b0 [ 2838.165540][T18988] ? netlink_deliver_tap+0x2e/0x1b0 [ 2838.165569][T18988] netlink_unicast+0x75b/0x8d0 [ 2838.165602][T18988] netlink_sendmsg+0x805/0xb30 [ 2838.165635][T18988] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2838.165662][T18988] ? __import_iovec+0x5d4/0x7f0 [ 2838.165683][T18988] ? aa_sock_msg_perm+0x94/0x160 [ 2838.165715][T18988] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2838.165744][T18988] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2838.165770][T18988] __sock_sendmsg+0x21c/0x270 [ 2838.165804][T18988] ____sys_sendmsg+0x52d/0x830 [ 2838.165835][T18988] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2838.165877][T18988] ___sys_sendmsg+0x21f/0x2a0 [ 2838.165905][T18988] ? __pfx____sys_sendmsg+0x10/0x10 [ 2838.165966][T18988] ? __fget_files+0x2a/0x420 [ 2838.165991][T18988] ? __fget_files+0x3a0/0x420 [ 2838.166028][T18988] __sys_sendmmsg+0x28e/0x430 [ 2838.166080][T18988] ? __pfx___sys_sendmmsg+0x10/0x10 [ 2838.166119][T18988] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 2838.166157][T18988] ? ksys_write+0x22a/0x250 [ 2838.166190][T18988] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 2838.166221][T18988] __do_fast_syscall_32+0xb6/0x2b0 [ 2838.166242][T18988] ? lockdep_hardirqs_on+0x9c/0x150 [ 2838.166275][T18988] do_fast_syscall_32+0x34/0x80 [ 2838.166295][T18988] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2838.166319][T18988] RIP: 0023:0xf7fd8539 [ 2838.166337][T18988] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2838.166355][T18988] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 2838.166378][T18988] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0 [ 2838.166392][T18988] RDX: 000000000000009f RSI: 0000000000000000 RDI: 0000000000000000 [ 2838.166405][T18988] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2838.166417][T18988] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2838.166430][T18988] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2838.166458][T18988] [ 2838.745061][T18994] random: crng reseeded on system resumption [ 2838.968222][T19001] netlink: 8 bytes leftover after parsing attributes in process `syz.5.13345'. [ 2839.605633][T14222] usb 5-1: new high-speed USB device number 52 using dummy_hcd [ 2839.779074][T14222] usb 5-1: unable to get BOS descriptor or descriptor too short [ 2839.789586][T14222] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x82 has invalid maxpacket 1024 [ 2839.805285][T14222] usb 5-1: config 1 interface 0 altsetting 3 bulk endpoint 0x3 has invalid maxpacket 64 [ 2839.860602][T14222] usb 5-1: config 1 interface 0 altsetting 3 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2839.947498][T14222] usb 5-1: config 1 interface 0 has no altsetting 0 [ 2840.033569][T14222] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2840.061308][T14222] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2840.071181][T14222] usb 5-1: Product: syz [ 2840.076625][T14222] usb 5-1: Manufacturer: syz [ 2840.081983][T14222] usb 5-1: SerialNumber: syz [ 2840.122322][T19007] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 2840.137747][T19007] raw-gadget.0 gadget.4: fail, usb_ep_enable returned -22 [ 2840.165437][ T6417] usb 6-1: new high-speed USB device number 66 using dummy_hcd [ 2840.282473][T19021] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13351'. [ 2840.334751][ T6417] usb 6-1: config 0 has no interfaces? [ 2840.347605][ T6417] usb 6-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 2840.368994][ T6417] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2840.377221][ T6417] usb 6-1: Product: syz [ 2840.395541][ T6417] usb 6-1: Manufacturer: syz [ 2840.405231][ T6417] usb 6-1: SerialNumber: syz [ 2840.424110][ T6417] usb 6-1: config 0 descriptor?? [ 2840.467649][T14222] cdc_ether 5-1:1.0: probe with driver cdc_ether failed with error -71 [ 2840.494748][T14222] usb 5-1: USB disconnect, device number 52 [ 2840.693177][T19018] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2840.703350][T19018] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2841.402318][T19025] loop6: detected capacity change from 0 to 7 [ 2841.426600][T19025] Dev loop6: unable to read RDB block 7 [ 2841.442559][T19025] loop6: AHDI p3 p4 [ 2841.451248][T19025] loop6: partition table partially beyond EOD, truncated [ 2841.478850][T19025] loop6: p3 start 1869967406 is beyond EOD, truncated [ 2841.480974][T19027] netdevsim netdevsim4 netdevsim0: entered promiscuous mode [ 2841.815445][T19029] netlink: 'syz.3.13350': attribute type 1 has an invalid length. [ 2841.843673][T19029] netlink: 200 bytes leftover after parsing attributes in process `syz.3.13350'. [ 2841.995248][ T6815] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 2842.108799][T14221] usb 5-1: new high-speed USB device number 53 using dummy_hcd [ 2842.141471][T19036] netlink: 36 bytes leftover after parsing attributes in process `syz.3.13357'. [ 2842.154942][ T6815] usb 2-1: Using ep0 maxpacket: 8 [ 2842.170745][ T6815] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 2842.179402][ T6815] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 2842.200570][ T6815] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 2842.222723][ T6815] usb 2-1: config 250 has no interface number 0 [ 2842.233144][ T6815] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 2842.255306][ T6815] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 2842.282818][T14221] usb 5-1: config 0 has an invalid interface number: 9 but max is 0 [ 2842.293483][ T6815] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid maxpacket 65535, setting to 1024 [ 2842.305639][T14221] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2842.321976][ T6815] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 1024 [ 2842.323314][T14221] usb 5-1: config 0 has no interface number 0 [ 2842.333651][ T6815] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 2842.353115][ T6815] usb 2-1: config 250 interface 228 has no altsetting 0 [ 2842.364219][ T6815] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 2842.375310][ T6815] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 2842.384960][ T6815] usb 2-1: Product: syz [ 2842.394619][ T6815] usb 2-1: SerialNumber: syz [ 2842.399882][T14221] usb 5-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=45.e8 [ 2842.413238][T14221] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2842.420543][ T6815] hub 2-1:250.228: bad descriptor, ignoring hub [ 2842.436242][ T6815] hub 2-1:250.228: probe with driver hub failed with error -5 [ 2842.440804][T14221] usb 5-1: config 0 descriptor?? [ 2842.462378][T19039] netlink: 8 bytes leftover after parsing attributes in process `syz.3.13358'. [ 2842.484775][T14221] rndis_host 5-1:0.9: More than one union descriptor, skipping ... [ 2842.500139][T14221] usb 5-1: bad CDC descriptors [ 2842.507427][T14221] cdc_acm 5-1:0.9: More than one union descriptor, skipping ... [ 2842.623651][ T6815] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 92 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 2842.679060][ T6815] usb 2-1: USB disconnect, device number 92 [ 2842.748772][ T6815] usblp0: removed [ 2843.623345][T19018] [U]  [ 2843.712138][ T6417] usb 6-1: USB disconnect, device number 66 [ 2844.227992][T19067] netlink: 'syz.3.13368': attribute type 1 has an invalid length. [ 2844.238070][T19072] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13366'. [ 2844.245983][T19067] netlink: 200 bytes leftover after parsing attributes in process `syz.3.13368'. [ 2844.645378][ T6417] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 2844.845292][ T6417] usb 2-1: Using ep0 maxpacket: 8 [ 2844.860981][ T6417] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 2844.873366][ T6417] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 2844.883294][ T6417] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 2845.178766][ T6417] usb 2-1: config 250 has no interface number 0 [ 2845.199488][ T6417] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 2845.223739][ T6417] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 2845.254677][ T6417] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid maxpacket 65535, setting to 1024 [ 2845.285848][ T6417] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 1024 [ 2845.302968][ T6417] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 2845.317421][ T6417] usb 2-1: config 250 interface 228 has no altsetting 0 [ 2845.343607][ T6417] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 2845.354982][ T6417] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 2845.363552][ T6417] usb 2-1: Product: syz [ 2845.368079][ T6417] usb 2-1: SerialNumber: syz [ 2845.393438][ T6417] hub 2-1:250.228: bad descriptor, ignoring hub [ 2845.432044][ T6417] hub 2-1:250.228: probe with driver hub failed with error -5 [ 2845.491332][T19832] usb 5-1: USB disconnect, device number 53 [ 2845.605862][ T6417] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 93 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 2845.671405][ T6417] usb 2-1: USB disconnect, device number 93 [ 2845.701775][T19820] usb 4-1: new high-speed USB device number 19 using dummy_hcd [ 2845.794178][ T6417] usblp0: removed [ 2845.877001][T19820] usb 4-1: New USB device found, idVendor=5543, idProduct=0047, bcdDevice= 0.00 [ 2845.891643][T19820] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2845.929161][T19820] usb 4-1: config 0 descriptor?? [ 2846.155205][T19832] usb 5-1: new full-speed USB device number 54 using dummy_hcd [ 2846.337833][T19832] usb 5-1: not running at top speed; connect to a high speed hub [ 2846.359315][T19832] usb 5-1: config 255 has an invalid interface number: 214 but max is 3 [ 2846.374236][T19832] usb 5-1: config 255 has an invalid interface number: 44 but max is 3 [ 2846.393361][T19832] usb 5-1: config 255 has an invalid interface association descriptor of length 7, skipping [ 2846.416578][T19832] usb 5-1: config 255 has an invalid interface number: 208 but max is 3 [ 2846.440859][T19832] usb 5-1: config 255 contains an unexpected descriptor of type 0x1, skipping [ 2846.461988][T19832] usb 5-1: config 255 has an invalid interface number: 87 but max is 3 [ 2846.504476][T19832] usb 5-1: config 255 has no interface number 0 [ 2846.523578][T19832] usb 5-1: config 255 has no interface number 1 [ 2846.538989][T19832] usb 5-1: config 255 has no interface number 2 [ 2846.561825][T19832] usb 5-1: config 255 has no interface number 3 [ 2846.580987][T19832] usb 5-1: config 255 interface 214 altsetting 129 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 2846.615165][T19832] usb 5-1: config 255 interface 214 altsetting 129 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 2846.661125][T19820] usb 4-1: string descriptor 0 read error: -71 [ 2846.771996][T19820] uclogic 0003:5543:0047.0052: failed retrieving string descriptor #200: -71 [ 2846.791171][T19820] uclogic 0003:5543:0047.0052: failed retrieving pen parameters: -71 [ 2846.805385][T19820] uclogic 0003:5543:0047.0052: failed probing pen v2 parameters: -71 [ 2846.823881][T19820] uclogic 0003:5543:0047.0052: failed probing parameters: -71 [ 2846.844249][T19820] uclogic 0003:5543:0047.0052: probe with driver uclogic failed with error -71 [ 2846.881097][T19820] usb 4-1: USB disconnect, device number 19 [ 2847.159187][T19832] usb 5-1: config 255 interface 214 altsetting 129 endpoint 0x8B has invalid maxpacket 59914, setting to 64 [ 2847.222867][T19832] usb 5-1: config 255 interface 214 altsetting 129 endpoint 0x2 has invalid maxpacket 1024, setting to 64 [ 2847.310428][T19832] usb 5-1: config 255 interface 214 altsetting 129 endpoint 0xF has invalid maxpacket 512, setting to 64 [ 2847.402933][T19832] usb 5-1: config 255 interface 214 altsetting 129 endpoint 0x3 has invalid maxpacket 1024, setting to 64 [ 2847.443375][T19832] usb 5-1: config 255 interface 214 altsetting 129 has 7 endpoint descriptors, different from the interface descriptor's value: 6 [ 2847.462293][T19832] usb 5-1: config 255 interface 44 altsetting 9 endpoint 0x8C has an invalid bInterval 0, changing to 10 [ 2847.489188][T19832] usb 5-1: config 255 interface 44 altsetting 9 endpoint 0x5 has invalid maxpacket 1024, setting to 64 [ 2847.502558][T19832] usb 5-1: config 255 interface 44 altsetting 9 has a duplicate endpoint with address 0x7, skipping [ 2847.516297][T19832] usb 5-1: config 255 interface 44 altsetting 9 has a duplicate endpoint with address 0x1, skipping [ 2847.531254][T19832] usb 5-1: config 255 interface 44 altsetting 9 has a duplicate endpoint with address 0x5, skipping [ 2847.545079][T19832] usb 5-1: config 255 interface 44 altsetting 9 has a duplicate endpoint with address 0xF, skipping [ 2847.562349][T19832] usb 5-1: config 255 interface 44 altsetting 9 has a duplicate endpoint with address 0x6, skipping [ 2847.579385][T19832] usb 5-1: config 255 interface 44 altsetting 9 has an invalid descriptor for endpoint zero, skipping [ 2847.593838][T19832] usb 5-1: config 255 interface 44 altsetting 9 has a duplicate endpoint with address 0x5, skipping [ 2847.607540][T19832] usb 5-1: config 255 interface 44 altsetting 9 endpoint 0x8 has invalid maxpacket 1024, setting to 64 [ 2847.729520][T19832] usb 5-1: config 255 interface 208 altsetting 9 has a duplicate endpoint with address 0x7, skipping [ 2847.893517][T19110] netlink: 200 bytes leftover after parsing attributes in process `syz.5.13382'. [ 2847.960528][T19832] usb 5-1: config 255 interface 208 altsetting 9 has a duplicate endpoint with address 0xB, skipping [ 2848.009631][T19116] xt_CT: You must specify a L4 protocol and not use inversions on it [ 2848.028321][T19832] usb 5-1: config 255 interface 208 altsetting 9 has a duplicate endpoint with address 0x1, skipping [ 2848.082922][T19832] usb 5-1: config 255 interface 208 altsetting 9 has a duplicate endpoint with address 0x2, skipping [ 2848.172626][T19832] usb 5-1: config 255 interface 208 altsetting 9 has a duplicate endpoint with address 0x5, skipping [ 2848.193359][T19832] usb 5-1: config 255 interface 208 altsetting 9 endpoint 0x4 has invalid maxpacket 1024, setting to 64 [ 2848.282852][T19832] usb 5-1: config 255 interface 208 altsetting 9 has a duplicate endpoint with address 0x5, skipping [ 2848.301723][T19832] usb 5-1: config 255 interface 87 altsetting 203 has a duplicate endpoint with address 0x3, skipping [ 2848.325041][T19832] usb 5-1: config 255 interface 87 altsetting 203 has a duplicate endpoint with address 0x2, skipping [ 2848.368332][T19832] usb 5-1: config 255 interface 87 altsetting 203 has a duplicate endpoint with address 0x3, skipping [ 2848.379629][T19832] usb 5-1: config 255 interface 87 altsetting 203 has a duplicate endpoint with address 0x6, skipping [ 2848.390886][T19832] usb 5-1: config 255 interface 214 has no altsetting 0 [ 2848.397922][T19832] usb 5-1: config 255 interface 44 has no altsetting 0 [ 2848.405066][T19832] usb 5-1: config 255 interface 208 has no altsetting 0 [ 2848.415193][T19832] usb 5-1: config 255 interface 87 has no altsetting 0 [ 2848.425938][T19832] usb 5-1: New USB device found, idVendor=1110, idProduct=9022, bcdDevice=90.db [ 2848.435011][T19832] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2848.443162][T19832] usb 5-1: Product: ê¿»í„襬èƒä’ä §ë€ì·†å£ç³“áï’«á‡îœ’賖䴋郀䃕鈲셙祃쾲᭟㜿↌⯾ê¡á•‘庯⓿祩㋠㷜䠵瘢܅뻿袾ﴈ頇䌋믂뾔佖錴᩹쳽èŠè…¶ç¥²ã†‘鳯剥예櫟곔◳놱졂 [ 2848.463389][T19832] usb 5-1: Manufacturer: 痻轨ⲟ৖⋽䦾‹㉽牙땂㿼ڸâžä䪭匎㔹熷鿔賣쨷億⹌鰫筱턳鼽ïºä¬’ݭጅá¶é¹ªî¸Œê„†êžµí‘蕴蚩賃괯혳â†é•è¬­æ‚‚ê¡Šã—’ä£ç ¾â¯œë²‘å™â¤±æ¯«ë¸­í—­ê£±è©¦â›§ê´ï­€îƒ– [ 2848.485396][T19832] usb 5-1: SerialNumber: ↱䒾졪ּ㧄㇢ꪌ䔞å£æƒˆâ†—褓裞䯬砿둹é¬ëª„í½ï‡©æ„弆㓘å²ã¸´ìˆ…ఠ왉奌à½æ’˜ç±…йヵ䙚좂霖鿂訋෱ä€ä‡§ï‰ä–‡ê°€î¡€ä¼·ê°ê«‡äµµå²ç··á¾½ì’ƒí›‡æ‡ˆî³é¤žì†¢å‘ªá¯‹êŸÓŽç”‰î£Žî…¯ä½©ç¥«î¢â„±å©¤á‚—î¿¿`纤銴驞≈⧖鎭è¾Ó¼ãœ¶î—‘âºå©å«›ï‘„㮥꩚ì é“ƒ [ 2848.505324][T19820] usb 6-1: new high-speed USB device number 67 using dummy_hcd [ 2848.526913][T19094] raw-gadget.2 gadget.4: fail, usb_ep_enable returned -22 [ 2848.665388][T19820] usb 6-1: device descriptor read/64, error -71 [ 2848.749832][T19832] usb 5-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9022) Rev (0X90DB): Eagle II [ 2848.905468][T19820] usb 6-1: new high-speed USB device number 68 using dummy_hcd [ 2849.045920][T19820] usb 6-1: device descriptor read/64, error -71 [ 2849.175647][T19820] usb usb6-port1: attempt power cycle [ 2849.363729][T19134] netlink: 'syz.4.13388': attribute type 1 has an invalid length. [ 2849.374841][T19134] netlink: 200 bytes leftover after parsing attributes in process `syz.4.13388'. [ 2849.525588][T19820] usb 6-1: new high-speed USB device number 69 using dummy_hcd [ 2849.559640][T19832] usb 5-1: [ueagle-atm] pre-firmware device, uploading firmware [ 2849.589721][T19832] usb 5-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw [ 2849.598319][ T6815] usb 5-1: Direct firmware load for ueagle-atm/eagleII.fw failed with error -2 [ 2849.606520][T19820] usb 6-1: device descriptor read/8, error -71 [ 2849.627435][T19145] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 2849.643541][ T6815] usb 5-1: Falling back to sysfs fallback for: ueagle-atm/eagleII.fw [ 2849.708683][T19832] usb 5-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9022) Rev (0X90DB): Eagle II [ 2849.729028][T19148] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 2849.758383][T19832] usb 5-1: [ueagle-atm] pre-firmware device, uploading firmware [ 2849.768844][T19832] usb 5-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw [ 2849.864288][T19832] usb 5-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9022) Rev (0X90DB): Eagle II [ 2849.909336][T19832] usb 5-1: [ueagle-atm] pre-firmware device, uploading firmware [ 2849.940056][T19832] usb 5-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw [ 2849.953251][T19832] rndis_host 5-1:255.87: More than one union descriptor, skipping ... [ 2849.962325][T19832] usb 5-1: bad CDC descriptors [ 2850.042663][T19820] usb 6-1: new high-speed USB device number 70 using dummy_hcd [ 2850.109238][T19832] usb 5-1: [ueagle-atm] ADSL device founded vid (0X1110) pid (0X9022) Rev (0X90DB): Eagle II [ 2850.162350][T19832] usb 5-1: [ueagle-atm] pre-firmware device, uploading firmware [ 2850.176228][T19832] usb 5-1: [ueagle-atm] loading firmware ueagle-atm/eagleII.fw [ 2850.190498][T19820] usb 6-1: device descriptor read/8, error -71 [ 2850.199583][T19832] usb 5-1: USB disconnect, device number 54 [ 2850.356970][T19155] netlink: 36 bytes leftover after parsing attributes in process `syz.1.13393'. [ 2850.445588][T19820] usb usb6-port1: unable to enumerate USB device [ 2851.527235][T19175] gtp0: entered allmulticast mode [ 2851.650021][T19179] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13403'. [ 2851.991964][T19185] netlink: 'syz.0.13405': attribute type 1 has an invalid length. [ 2852.463913][T19192] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 2852.745067][T19820] usb 6-1: new high-speed USB device number 71 using dummy_hcd [ 2852.885742][T19832] usb 4-1: new high-speed USB device number 20 using dummy_hcd [ 2852.925528][T19820] usb 6-1: Using ep0 maxpacket: 8 [ 2852.944061][T19820] usb 6-1: config index 0 descriptor too short (expected 5924, got 36) [ 2852.976702][T19820] usb 6-1: config 250 has an invalid interface number: 228 but max is -1 [ 2853.031751][T19820] usb 6-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 2853.042488][T19820] usb 6-1: config 250 has no interface number 0 [ 2853.045440][T19832] usb 4-1: Using ep0 maxpacket: 8 [ 2853.064239][T19820] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 2853.073086][T19832] usb 4-1: config index 0 descriptor too short (expected 5924, got 36) [ 2853.091603][T19832] usb 4-1: config 250 has an invalid interface number: 228 but max is -1 [ 2853.120271][T19832] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 2853.139359][T19832] usb 4-1: config 250 has no interface number 0 [ 2853.152082][T19832] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 2853.169636][T19820] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 2853.348540][T19832] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 2853.364066][T19820] usb 6-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid maxpacket 65535, setting to 1024 [ 2853.369508][T19832] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid maxpacket 65535, setting to 1024 [ 2853.406604][T19820] usb 6-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 1024 [ 2853.415354][T19832] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 1024 [ 2853.451031][T19820] usb 6-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 2853.465718][T19832] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 2853.500570][T19832] usb 4-1: config 250 interface 228 has no altsetting 0 [ 2853.521438][T19832] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 2853.533097][T19832] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 2853.550263][T19832] usb 4-1: Product: syz [ 2853.573495][T19820] usb 6-1: config 250 interface 228 has no altsetting 0 [ 2853.588169][T19820] usb 6-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 2853.601296][T19820] usb 6-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 2853.622352][T19832] usb 4-1: SerialNumber: syz [ 2853.632807][T19820] usb 6-1: Product: syz [ 2853.647600][T19820] usb 6-1: SerialNumber: syz [ 2853.671125][T19820] hub 6-1:250.228: bad descriptor, ignoring hub [ 2853.690565][T19832] hub 4-1:250.228: bad descriptor, ignoring hub [ 2853.720280][T19832] hub 4-1:250.228: probe with driver hub failed with error -5 [ 2853.729296][T19820] hub 6-1:250.228: probe with driver hub failed with error -5 [ 2853.843408][T19212] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 2853.931501][T19820] usblp 6-1:250.228: usblp0: USB Bidirectional printer dev 71 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 2853.943964][T19832] usblp 4-1:250.228: usblp1: USB Bidirectional printer dev 20 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 2854.108559][T19196] FAULT_INJECTION: forcing a failure. [ 2854.108559][T19196] name failslab, interval 1, probability 0, space 0, times 0 [ 2854.130020][T19196] CPU: 0 UID: 0 PID: 19196 Comm: syz.3.13409 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 2854.130059][T19196] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2854.130072][T19196] Call Trace: [ 2854.130081][T19196] [ 2854.130091][T19196] dump_stack_lvl+0x189/0x250 [ 2854.130120][T19196] ? __pfx____ratelimit+0x10/0x10 [ 2854.130151][T19196] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2854.130175][T19196] ? __pfx__printk+0x10/0x10 [ 2854.130208][T19196] ? __pfx___might_resched+0x10/0x10 [ 2854.130230][T19196] ? fs_reclaim_acquire+0x7d/0x100 [ 2854.130263][T19196] should_fail_ex+0x414/0x560 [ 2854.130297][T19196] should_failslab+0xa8/0x100 [ 2854.130324][T19196] kmem_cache_alloc_noprof+0x73/0x3c0 [ 2854.130347][T19196] ? getname_flags+0xb8/0x540 [ 2854.130373][T19196] ? __pfx_vfs_write+0x10/0x10 [ 2854.130398][T19196] getname_flags+0xb8/0x540 [ 2854.130430][T19196] do_sys_openat2+0xbc/0x1c0 [ 2854.130462][T19196] ? __pfx_do_sys_openat2+0x10/0x10 [ 2854.130496][T19196] ? ksys_write+0x22a/0x250 [ 2854.130524][T19196] __ia32_compat_sys_openat+0x131/0x160 [ 2854.130548][T19196] __do_fast_syscall_32+0xb6/0x2b0 [ 2854.130568][T19196] ? lockdep_hardirqs_on+0x9c/0x150 [ 2854.130602][T19196] do_fast_syscall_32+0x34/0x80 [ 2854.130622][T19196] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2854.130646][T19196] RIP: 0023:0xf7f77539 [ 2854.130664][T19196] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2854.130681][T19196] RSP: 002b:00000000f5096100 EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 2854.130705][T19196] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f5096150 [ 2854.130720][T19196] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f7403ff4 [ 2854.130732][T19196] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 2854.130745][T19196] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2854.130757][T19196] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2854.130784][T19196] [ 2854.555472][ C1] usblp0: nonzero read bulk status received: -71 [ 2854.555902][T19820] usb 4-1: USB disconnect, device number 20 [ 2854.585831][T14222] usb 6-1: USB disconnect, device number 71 [ 2854.594153][T14222] usblp0: removed [ 2854.600374][T19820] usblp1: removed [ 2854.823472][T19219] netlink: 20 bytes leftover after parsing attributes in process `syz.1.13415'. [ 2854.833448][T19219] FAULT_INJECTION: forcing a failure. [ 2854.833448][T19219] name failslab, interval 1, probability 0, space 0, times 0 [ 2854.846246][T19219] CPU: 1 UID: 0 PID: 19219 Comm: syz.1.13415 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 2854.846272][T19219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2854.846285][T19219] Call Trace: [ 2854.846294][T19219] [ 2854.846302][T19219] dump_stack_lvl+0x189/0x250 [ 2854.846331][T19219] ? __pfx____ratelimit+0x10/0x10 [ 2854.846361][T19219] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2854.846385][T19219] ? __pfx__printk+0x10/0x10 [ 2854.846426][T19219] should_fail_ex+0x414/0x560 [ 2854.846460][T19219] should_failslab+0xa8/0x100 [ 2854.846489][T19219] kmem_cache_alloc_noprof+0x73/0x3c0 [ 2854.846513][T19219] ? skb_clone+0x212/0x3a0 [ 2854.846545][T19219] skb_clone+0x212/0x3a0 [ 2854.846574][T19219] __netlink_deliver_tap+0x404/0x850 [ 2854.846607][T19219] ? netlink_deliver_tap+0x2e/0x1b0 [ 2854.846630][T19219] netlink_deliver_tap+0x19c/0x1b0 [ 2854.846653][T19219] netlink_sendskb+0x68/0x140 [ 2854.846675][T19219] netlink_rcv_skb+0x28c/0x470 [ 2854.846700][T19219] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2854.846734][T19219] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2854.846770][T19219] ? netlink_deliver_tap+0x2e/0x1b0 [ 2854.846792][T19219] ? netlink_deliver_tap+0x2e/0x1b0 [ 2854.846822][T19219] netlink_unicast+0x75b/0x8d0 [ 2854.846853][T19219] netlink_sendmsg+0x805/0xb30 [ 2854.846887][T19219] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2854.846913][T19219] ? __import_iovec+0x5d4/0x7f0 [ 2854.846934][T19219] ? aa_sock_msg_perm+0x94/0x160 [ 2854.846963][T19219] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2854.846992][T19219] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2854.847017][T19219] __sock_sendmsg+0x21c/0x270 [ 2854.847051][T19219] ____sys_sendmsg+0x52d/0x830 [ 2854.847082][T19219] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2854.847124][T19219] ___sys_sendmsg+0x21f/0x2a0 [ 2854.847152][T19219] ? __pfx____sys_sendmsg+0x10/0x10 [ 2854.847214][T19219] ? __fget_files+0x2a/0x420 [ 2854.847239][T19219] ? __fget_files+0x3a0/0x420 [ 2854.847275][T19219] __sys_sendmmsg+0x28e/0x430 [ 2854.847306][T19219] ? __pfx___sys_sendmmsg+0x10/0x10 [ 2854.847341][T19219] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 2854.847379][T19219] ? ksys_write+0x22a/0x250 [ 2854.847413][T19219] __ia32_compat_sys_sendmmsg+0xa2/0xc0 [ 2854.847444][T19219] __do_fast_syscall_32+0xb6/0x2b0 [ 2854.847465][T19219] ? lockdep_hardirqs_on+0x9c/0x150 [ 2854.847496][T19219] do_fast_syscall_32+0x34/0x80 [ 2854.847516][T19219] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2854.847540][T19219] RIP: 0023:0xf7fd8539 [ 2854.847557][T19219] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2854.847576][T19219] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000159 [ 2854.847598][T19219] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 00000000800002c0 [ 2854.847612][T19219] RDX: 000000000000009f RSI: 0000000000000000 RDI: 0000000000000000 [ 2854.847625][T19219] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2854.847637][T19219] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2854.847649][T19219] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2854.847679][T19219] [ 2855.161264][ C1] vkms_vblank_simulate: vblank timer overrun [ 2855.286222][T19223] netlink: 'syz.1.13417': attribute type 1 has an invalid length. [ 2855.700405][T19246] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 2857.127105][T19263] loop6: detected capacity change from 0 to 7 [ 2857.145667][T19263] Dev loop6: unable to read RDB block 7 [ 2857.151322][T19263] loop6: unable to read partition table [ 2857.181612][T19263] loop6: partition table beyond EOD, truncated [ 2857.191565][T19263] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2857.245322][T19832] usb 5-1: new high-speed USB device number 55 using dummy_hcd [ 2857.402318][T19267] netlink: 'syz.1.13429': attribute type 1 has an invalid length. [ 2857.420485][T19272] loop6: detected capacity change from 0 to 7 [ 2857.429626][T13021] Dev loop6: unable to read RDB block 7 [ 2857.447150][T19832] usb 5-1: too many endpoints for config 0 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 2857.466446][T19832] usb 5-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 255 [ 2857.478880][T19267] netlink: 'syz.1.13429': attribute type 32 has an invalid length. [ 2857.484735][T19832] usb 5-1: New USB device found, idVendor=044f, idProduct=b320, bcdDevice= 0.00 [ 2857.497211][T19832] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2857.507230][T13021] loop6: AHDI p3 p4 [ 2857.511193][T13021] loop6: partition table partially beyond EOD, truncated [ 2857.519438][T19832] usb 5-1: config 0 descriptor?? [ 2857.528696][T13021] loop6: p3 start 1869967406 is beyond EOD, truncated [ 2857.540700][T19272] Dev loop6: unable to read RDB block 7 [ 2857.547465][T19272] loop6: AHDI p3 p4 [ 2857.567240][T19272] loop6: partition table partially beyond EOD, truncated [ 2857.620720][T19275] loop4: detected capacity change from 0 to 7 [ 2857.640415][T19275] Dev loop4: unable to read RDB block 7 [ 2857.647262][T19272] loop6: p3 start 1869967406 is beyond EOD, truncated [ 2857.699008][T19275] loop4: unable to read partition table [ 2857.719991][T19275] loop4: partition table beyond EOD, truncated [ 2857.745293][T19275] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2857.888610][T19280] netlink: 36 bytes leftover after parsing attributes in process `syz.0.13433'. [ 2858.055540][T19283] netlink: 44 bytes leftover after parsing attributes in process `syz.1.13432'. [ 2858.125693][T19832] thrustmaster 0003:044F:B320.0053: hidraw0: USB HID v0.00 Device [HID 044f:b320] on usb-dummy_hcd.4-1/input0 [ 2858.169445][T19832] thrustmaster 0003:044F:B320.0053: no inputs found [ 2858.210660][T19832] usb 5-1: USB disconnect, device number 55 [ 2858.726181][T19820] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 2858.860018][T19286] fido_id[19286]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 2858.886563][T19820] usb 2-1: device descriptor read/64, error -71 [ 2859.128761][T19296] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 2859.169630][T19820] usb 2-1: new high-speed USB device number 95 using dummy_hcd [ 2859.375314][T19820] usb 2-1: device descriptor read/64, error -71 [ 2859.485814][T19820] usb usb2-port1: attempt power cycle [ 2859.835336][T19820] usb 2-1: new high-speed USB device number 96 using dummy_hcd [ 2859.878585][T19820] usb 2-1: device descriptor read/8, error -71 [ 2859.928942][T19832] usb 5-1: new full-speed USB device number 56 using dummy_hcd [ 2860.205307][T19820] usb 2-1: new high-speed USB device number 97 using dummy_hcd [ 2860.259059][T19820] usb 2-1: device descriptor read/8, error -71 [ 2860.382921][T19820] usb usb2-port1: unable to enumerate USB device [ 2860.420275][T19832] usb 5-1: config 0 has an invalid interface number: 30 but max is 0 [ 2860.432894][T19832] usb 5-1: config 0 has no interface number 0 [ 2860.448994][T19832] usb 5-1: New USB device found, idVendor=0572, idProduct=d811, bcdDevice=94.e2 [ 2860.565552][T19832] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2860.787930][T19832] usb 5-1: config 0 descriptor?? [ 2860.854448][T19832] dvb-usb: found a 'Mygica D689 DMB-TH' in warm state. [ 2860.969888][T19832] usb 5-1: setting power ON [ 2860.977661][T19832] dvb-usb: bulk message failed: -22 (2/0) [ 2861.125471][T19832] dvb-usb: bulk message failed: -22 (1/0) [ 2861.189056][T19313] netlink: 'syz.0.13442': attribute type 1 has an invalid length. [ 2861.266177][T19832] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 2861.296585][T19313] netlink: 'syz.0.13442': attribute type 32 has an invalid length. [ 2861.311848][T19832] dvb-usb: Mygica D689 DMB-TH error while loading driver (-19) [ 2861.333676][T19832] dvb_usb_cxusb 5-1:0.30: probe with driver dvb_usb_cxusb failed with error -22 [ 2861.383964][T19324] vcan0: tx drop: invalid da for name 0x0000000000000001 [ 2861.597570][T14222] usb 4-1: new high-speed USB device number 21 using dummy_hcd [ 2861.787316][T14222] usb 4-1: Using ep0 maxpacket: 8 [ 2861.836287][T14222] usb 4-1: config index 0 descriptor too short (expected 5924, got 36) [ 2861.844924][T14222] usb 4-1: config 250 has an invalid interface number: 228 but max is -1 [ 2861.862221][T19341] fuse: Bad value for 'fd' [ 2861.916468][T14222] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 2861.953246][T14222] usb 4-1: config 250 has no interface number 0 [ 2861.962841][T14222] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 2861.978385][T14222] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 2861.990304][T14222] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid maxpacket 65535, setting to 1024 [ 2862.029051][T14222] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 1024 [ 2862.044309][T14222] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 2862.067438][T14222] usb 4-1: config 250 interface 228 has no altsetting 0 [ 2862.080317][T14222] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 2862.148644][T19349] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 2862.228584][T14222] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 2862.452572][T14222] usb 4-1: Product: syz [ 2862.520498][T19208] usb 5-1: USB disconnect, device number 56 [ 2862.549445][T14222] usb 4-1: SerialNumber: syz [ 2862.688034][T19355] netlink: 32 bytes leftover after parsing attributes in process `syz.4.13455'. [ 2862.714748][T14222] hub 4-1:250.228: bad descriptor, ignoring hub [ 2862.725175][T14222] hub 4-1:250.228: probe with driver hub failed with error -5 [ 2862.927408][T14222] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 21 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 2863.085386][T19820] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 2863.113140][T19323] FAULT_INJECTION: forcing a failure. [ 2863.113140][T19323] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2863.127059][T19323] CPU: 0 UID: 0 PID: 19323 Comm: syz.3.13445 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 2863.127085][T19323] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2863.127097][T19323] Call Trace: [ 2863.127106][T19323] [ 2863.127114][T19323] dump_stack_lvl+0x189/0x250 [ 2863.127143][T19323] ? __pfx____ratelimit+0x10/0x10 [ 2863.127175][T19323] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2863.127199][T19323] ? __pfx__printk+0x10/0x10 [ 2863.127239][T19323] should_fail_ex+0x414/0x560 [ 2863.127272][T19323] strncpy_from_user+0x36/0x290 [ 2863.127303][T19323] getname_flags+0xf3/0x540 [ 2863.127343][T19323] do_sys_openat2+0xbc/0x1c0 [ 2863.127376][T19323] ? __pfx_do_sys_openat2+0x10/0x10 [ 2863.127410][T19323] ? ksys_write+0x22a/0x250 [ 2863.127440][T19323] __ia32_compat_sys_openat+0x131/0x160 [ 2863.127485][T19323] __do_fast_syscall_32+0xb6/0x2b0 [ 2863.127506][T19323] ? lockdep_hardirqs_on+0x9c/0x150 [ 2863.127539][T19323] do_fast_syscall_32+0x34/0x80 [ 2863.127559][T19323] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2863.127581][T19323] RIP: 0023:0xf7f77539 [ 2863.127596][T19323] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2863.127612][T19323] RSP: 002b:00000000f5096100 EFLAGS: 00000206 ORIG_RAX: 0000000000000127 [ 2863.127632][T19323] RAX: ffffffffffffffda RBX: 00000000ffffff9c RCX: 00000000f5096150 [ 2863.127645][T19323] RDX: 0000000000000002 RSI: 0000000000000000 RDI: 00000000f7403ff4 [ 2863.127656][T19323] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 2863.127665][T19323] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2863.127672][T19323] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2863.127687][T19323] [ 2863.318488][T14222] usb 4-1: USB disconnect, device number 21 [ 2863.326660][T14222] usblp0: removed [ 2863.435280][T19820] usb 5-1: device descriptor read/64, error -71 [ 2863.682285][T19362] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2863.690906][T19820] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 2863.729708][T19362] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2863.783914][T19367] loop6: detected capacity change from 0 to 7 [ 2863.799623][T13021] Dev loop6: unable to read RDB block 7 [ 2863.806731][T13021] loop6: unable to read partition table [ 2863.812668][T13021] loop6: partition table beyond EOD, truncated [ 2863.824904][T19367] Dev loop6: unable to read RDB block 7 [ 2863.835237][T19820] usb 5-1: device descriptor read/64, error -71 [ 2863.842318][T19367] loop6: unable to read partition table [ 2863.853298][T19367] loop6: partition table beyond EOD, truncated [ 2863.861054][T19367] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2863.945580][T19820] usb usb5-port1: attempt power cycle [ 2864.011710][T19375] loop6: detected capacity change from 0 to 7 [ 2864.030952][T19375] Dev loop6: unable to read RDB block 7 [ 2864.045476][T19375] loop6: AHDI p3 p4 [ 2864.055601][T19375] loop6: partition table partially beyond EOD, truncated [ 2864.066132][T19375] loop6: p3 start 1869967406 is beyond EOD, truncated [ 2864.120710][T19379] netlink: 4 bytes leftover after parsing attributes in process `syz.1.13465'. [ 2864.186547][T19381] netlink: 'syz.5.13466': attribute type 64 has an invalid length. [ 2864.316994][T19820] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 2864.359753][T19820] usb 5-1: device descriptor read/8, error -71 [ 2864.508710][T19393] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 2864.715245][T19820] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 2864.725365][T14205] usb 4-1: new high-speed USB device number 22 using dummy_hcd [ 2864.735857][T19820] usb 5-1: device descriptor read/8, error -71 [ 2864.846209][T19820] usb usb5-port1: unable to enumerate USB device [ 2864.875275][T14205] usb 4-1: Using ep0 maxpacket: 32 [ 2864.882184][T14205] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 2864.893873][T14205] usb 4-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 2864.917239][T14205] usb 4-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 2864.960958][T14205] usb 4-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 2864.970982][T14205] usb 4-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 2864.990818][T14205] usb 4-1: Product: syz [ 2865.000578][T14205] usb 4-1: Manufacturer: syz [ 2865.012209][T14205] usb 4-1: SerialNumber: syz [ 2865.041067][T14205] input: appletouch as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/input/input169 [ 2865.286306][T14205] usb 4-1: USB disconnect, device number 22 [ 2865.303832][T14205] appletouch 4-1:1.0: input: appletouch disconnected [ 2866.022084][T19411] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 2867.586261][T19428] netlink: 'syz.5.13479': attribute type 11 has an invalid length. [ 2867.607341][T19432] sctp: [Deprecated]: syz.1.13480 (pid 19432) Use of struct sctp_assoc_value in delayed_ack socket option. [ 2867.607341][T19432] Use struct sctp_sack_info instead [ 2867.707109][T19435] netlink: 20 bytes leftover after parsing attributes in process `syz.3.13481'. [ 2867.733942][T19435] FAULT_INJECTION: forcing a failure. [ 2867.733942][T19435] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2867.781754][T19435] CPU: 1 UID: 0 PID: 19435 Comm: syz.3.13481 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 2867.781782][T19435] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2867.781795][T19435] Call Trace: [ 2867.781803][T19435] [ 2867.781812][T19435] dump_stack_lvl+0x189/0x250 [ 2867.781842][T19435] ? __pfx____ratelimit+0x10/0x10 [ 2867.781873][T19435] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2867.781901][T19435] ? __pfx__printk+0x10/0x10 [ 2867.781939][T19435] should_fail_ex+0x414/0x560 [ 2867.781978][T19435] _copy_to_user+0x31/0xb0 [ 2867.782005][T19435] simple_read_from_buffer+0xe1/0x170 [ 2867.782036][T19435] proc_fail_nth_read+0x1df/0x250 [ 2867.782068][T19435] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2867.782100][T19435] ? rw_verify_area+0x258/0x650 [ 2867.782121][T19435] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 2867.782151][T19435] vfs_read+0x200/0x980 [ 2867.782178][T19435] ? __pfx___mutex_lock+0x10/0x10 [ 2867.782199][T19435] ? __pfx_vfs_read+0x10/0x10 [ 2867.782223][T19435] ? __fget_files+0x2a/0x420 [ 2867.782254][T19435] ? __fget_files+0x3a0/0x420 [ 2867.782278][T19435] ? __fget_files+0x2a/0x420 [ 2867.782313][T19435] ksys_read+0x145/0x250 [ 2867.782338][T19435] ? __pfx_ksys_read+0x10/0x10 [ 2867.782363][T19435] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2867.782395][T19435] ? lockdep_hardirqs_on+0x9c/0x150 [ 2867.782427][T19435] __do_fast_syscall_32+0xb6/0x2b0 [ 2867.782448][T19435] ? lockdep_hardirqs_on+0x9c/0x150 [ 2867.782481][T19435] do_fast_syscall_32+0x34/0x80 [ 2867.782501][T19435] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2867.782524][T19435] RIP: 0023:0xf7f77539 [ 2867.782541][T19435] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2867.782559][T19435] RSP: 002b:00000000f5096590 EFLAGS: 00000206 ORIG_RAX: 0000000000000003 [ 2867.782581][T19435] RAX: ffffffffffffffda RBX: 0000000000000005 RCX: 00000000f5096620 [ 2867.782596][T19435] RDX: 000000000000000f RSI: 00000000f7403ff4 RDI: 0000000000000000 [ 2867.782608][T19435] RBP: 0000000000000002 R08: 0000000000000000 R09: 0000000000000000 [ 2867.782620][T19435] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2867.782632][T19435] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2867.782662][T19435] [ 2868.203342][T19442] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 2869.959205][ T6813] bond0 (unregistering): Released all slaves [ 2870.124199][T19463] netlink: 'syz.0.13490': attribute type 3 has an invalid length. [ 2870.153418][T19463] netlink: 'syz.0.13490': attribute type 1 has an invalid length. [ 2870.161991][T19463] netlink: 'syz.0.13490': attribute type 1 has an invalid length. [ 2870.395582][ T6813] bond1 (unregistering): Released all slaves [ 2870.425743][T19462] netdevsim netdevsim1 netdevsim0: entered allmulticast mode [ 2870.454178][T19462] net_ratelimit: 9 callbacks suppressed [ 2870.454198][T19462] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 2870.555739][T19469] loop4: detected capacity change from 0 to 7 [ 2870.564099][T19469] Dev loop4: unable to read RDB block 7 [ 2870.576756][T19469] loop4: unable to read partition table [ 2870.582866][T19469] loop4: partition table beyond EOD, truncated [ 2870.595014][T19469] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2870.615214][ T6813] tipc: Left network mode [ 2870.947778][T19480] trusted_key: encrypted_key: keyword 'upw' not recognized [ 2871.095435][ T6813] veth1_vlan: left promiscuous mode [ 2871.101051][ T6813] veth0_vlan: left promiscuous mode [ 2872.007135][T14221] usb 2-1: new high-speed USB device number 98 using dummy_hcd [ 2872.096781][T19496] loop6: detected capacity change from 0 to 7 [ 2872.097768][T19498] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13501'. [ 2872.108719][T19496] Dev loop6: unable to read RDB block 7 [ 2872.122815][T19496] loop6: AHDI p3 p4 [ 2872.127342][T19496] loop6: partition table partially beyond EOD, truncated [ 2872.136760][T19496] loop6: p3 start 1869967406 is beyond EOD, truncated [ 2872.217229][T14221] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 2872.254989][T14221] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 2872.308565][T14221] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2872.324745][T14221] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2872.334067][T14221] usb 2-1: Product: syz [ 2872.338950][T14221] usb 2-1: Manufacturer: syz [ 2872.347790][T14221] usb 2-1: SerialNumber: syz [ 2872.402534][T19502] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13503'. [ 2872.476192][T19504] loop6: detected capacity change from 0 to 7 [ 2872.489446][T13400] Dev loop6: unable to read RDB block 7 [ 2872.496154][T13400] loop6: unable to read partition table [ 2872.504387][T13400] loop6: partition table beyond EOD, truncated [ 2872.518827][T19504] Dev loop6: unable to read RDB block 7 [ 2872.526509][T19504] loop6: unable to read partition table [ 2872.532650][T19504] loop6: partition table beyond EOD, truncated [ 2872.539786][T19504] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2872.585247][T19820] usb 6-1: new high-speed USB device number 72 using dummy_hcd [ 2872.752099][T19492] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2872.761232][T19492] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2872.780026][T19820] usb 6-1: Using ep0 maxpacket: 8 [ 2872.785912][T14221] cdc_ether 2-1:1.0: probe with driver cdc_ether failed with error -22 [ 2872.805206][T19820] usb 6-1: New USB device found, idVendor=2770, idProduct=9120, bcdDevice=6c.77 [ 2872.829601][T14221] usb 2-1: USB disconnect, device number 98 [ 2872.841992][T19820] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2872.853232][T19820] usb 6-1: Product: syz [ 2872.855642][T19512] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 2872.867348][T19832] usb 4-1: new full-speed USB device number 23 using dummy_hcd [ 2872.871127][T19820] usb 6-1: Manufacturer: syz [ 2872.944711][T19820] usb 6-1: SerialNumber: syz [ 2872.962510][T19820] usb 6-1: config 0 descriptor?? [ 2872.971080][T19820] gspca_main: sq905-2.14.0 probing 2770:9120 [ 2873.060496][T19832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 2873.088071][T19832] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2873.104174][T19832] usb 4-1: New USB device found, idVendor=04f2, idProduct=0418, bcdDevice= 0.00 [ 2873.130332][T19832] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2873.177510][T19832] usb 4-1: config 0 descriptor?? [ 2873.398068][T14221] usb 2-1: new high-speed USB device number 99 using dummy_hcd [ 2873.712258][T14221] usb 2-1: Using ep0 maxpacket: 8 [ 2873.747068][T19832] chicony 0003:04F2:0418.0054: reserved main item tag 0xe [ 2873.777571][T19832] chicony 0003:04F2:0418.0054: hidraw0: USB HID v0.01 Device [HID 04f2:0418] on usb-dummy_hcd.3-1/input0 [ 2873.779147][T14221] usb 2-1: config index 0 descriptor too short (expected 301, got 72) [ 2873.807460][T14221] usb 2-1: config 16 has an invalid descriptor of length 0, skipping remainder of the config [ 2873.822573][T14221] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 2873.842585][T14221] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 2873.867674][T14221] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 2873.889470][T19518] loop6: detected capacity change from 0 to 7 [ 2873.900684][T19518] Dev loop6: unable to read RDB block 7 [ 2873.910665][T14221] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2873.927638][T19518] loop6: unable to read partition table [ 2873.933613][T19518] loop6: partition table beyond EOD, truncated [ 2873.955887][T14221] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1e, bcdDevice=61.23 [ 2873.968142][T19518] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2874.020500][T14221] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2874.061716][T19820] gspca_sq905: bulk read fail (-22) len 0/4 [ 2874.068040][T19820] sq905 6-1:0.0: probe with driver sq905 failed with error -5 [ 2874.295046][T19820] usb 6-1: USB disconnect, device number 72 [ 2874.378138][T14221] usb 2-1: usb_control_msg returned -71 [ 2874.389955][T14221] usbtmc 2-1:16.0: can't read capabilities [ 2874.447928][T14221] usb 2-1: USB disconnect, device number 99 [ 2875.127552][T19538] netlink: 20 bytes leftover after parsing attributes in process `syz.1.13513'. [ 2875.309900][T19820] usb 4-1: USB disconnect, device number 23 [ 2875.482434][T19543] xt_CT: You must specify a L4 protocol and not use inversions on it [ 2875.842511][T19535] netlink: 'syz.5.13512': attribute type 2 has an invalid length. [ 2875.945352][ T6813] IPVS: stop unused estimator thread 0... [ 2876.171081][T19560] trusted_key: encrypted_key: keyword 'new' not allowed when called from .update method [ 2876.316647][T19563] loop6: detected capacity change from 0 to 7 [ 2876.341013][T19563] Dev loop6: unable to read RDB block 7 [ 2876.348379][T19563] loop6: unable to read partition table [ 2876.354515][T19563] loop6: partition table beyond EOD, truncated [ 2876.379525][T19563] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2876.693300][T19567] loop4: detected capacity change from 0 to 7 [ 2876.751124][T13400] Dev loop4: unable to read RDB block 7 [ 2876.762702][T13400] loop4: unable to read partition table [ 2876.772864][T13400] loop4: partition table beyond EOD, truncated [ 2876.789222][T19567] Dev loop4: unable to read RDB block 7 [ 2876.800982][T19567] loop4: unable to read partition table [ 2876.830123][T19567] loop4: partition table beyond EOD, truncated [ 2876.844286][T19567] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2877.128809][ T6417] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 2877.305583][ T6417] usb 5-1: Using ep0 maxpacket: 32 [ 2877.340819][ T6417] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 102, changing to 10 [ 2877.765350][ T6417] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has invalid maxpacket 24624, setting to 1024 [ 2877.805818][ T6417] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 2877.883710][ T6417] usb 5-1: New USB device found, idVendor=05ac, idProduct=020f, bcdDevice= 0.22 [ 2877.909487][ T6417] usb 5-1: New USB device strings: Mfr=1, Product=130, SerialNumber=131 [ 2877.917972][ T6417] usb 5-1: Product: syz [ 2877.922154][ T6417] usb 5-1: Manufacturer: syz [ 2877.931282][ T6417] usb 5-1: SerialNumber: syz [ 2878.018904][ T6417] input: appletouch as /devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/input/input170 [ 2878.588897][T14222] usb 5-1: USB disconnect, device number 61 [ 2878.702961][T14222] appletouch 5-1:1.0: input: appletouch disconnected [ 2878.856139][T19601] loop6: detected capacity change from 0 to 7 [ 2878.863350][T19601] Dev loop6: unable to read RDB block 7 [ 2878.988086][T19601] loop6: unable to read partition table [ 2878.994153][T19601] loop6: partition table beyond EOD, truncated [ 2879.000565][T19601] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2880.223789][T19616] tipc: Failed to remove unknown binding: 66,1,1/0:1028907038/1028907040 [ 2880.274650][T19618] loop6: detected capacity change from 0 to 7 [ 2880.302561][T19618] Dev loop6: unable to read RDB block 7 [ 2880.324067][T19618] loop6: unable to read partition table [ 2880.353107][T19618] loop6: partition table beyond EOD, truncated [ 2880.394978][T19618] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2880.718309][T19628] loop6: detected capacity change from 0 to 7 [ 2880.732812][T13021] Dev loop6: unable to read RDB block 7 [ 2880.753854][T13021] loop6: AHDI p3 p4 [ 2880.761606][T13021] loop6: partition table partially beyond EOD, truncated [ 2880.867771][T13021] loop6: p3 start 1869967406 is beyond EOD, truncated [ 2880.901621][T19628] Dev loop6: unable to read RDB block 7 [ 2880.911306][T19628] loop6: AHDI p3 p4 [ 2880.915736][T19628] loop6: partition table partially beyond EOD, truncated [ 2880.923616][T19628] loop6: p3 start 1869967406 is beyond EOD, truncated [ 2881.290435][T19634] ip6_tunnel: non-ECT from fe80:0000:0000:0000:0000:0000:0000:00aa with DS=0xee [ 2881.301172][T19638] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2881.330659][T19638] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2881.474720][T19641] input: syz1 as /devices/virtual/input/input171 [ 2881.505952][T19208] usb 6-1: new high-speed USB device number 73 using dummy_hcd [ 2882.100113][T19652] netlink: 'syz.0.13548': attribute type 1 has an invalid length. [ 2882.739744][T19666] netlink: 'syz.0.13561': attribute type 1 has an invalid length. [ 2884.314235][T19695] loop4: detected capacity change from 0 to 7 [ 2884.327760][T19695] Dev loop4: unable to read RDB block 7 [ 2884.342692][T19695] loop4: unable to read partition table [ 2884.350832][T19695] loop4: partition table beyond EOD, truncated [ 2884.363514][T19695] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2884.392557][ T5219] Dev loop4: unable to read RDB block 7 [ 2884.402538][ T5219] loop4: unable to read partition table [ 2884.414616][ T5219] loop4: partition table beyond EOD, truncated [ 2884.458117][T19698] FAULT_INJECTION: forcing a failure. [ 2884.458117][T19698] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2884.481787][T19698] CPU: 0 UID: 0 PID: 19698 Comm: syz.1.13560 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 2884.481814][T19698] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2884.481826][T19698] Call Trace: [ 2884.481833][T19698] [ 2884.481842][T19698] dump_stack_lvl+0x189/0x250 [ 2884.481871][T19698] ? __pfx____ratelimit+0x10/0x10 [ 2884.481901][T19698] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2884.481924][T19698] ? __pfx__printk+0x10/0x10 [ 2884.481947][T19698] ? __might_fault+0xb0/0x130 [ 2884.481980][T19698] should_fail_ex+0x414/0x560 [ 2884.482010][T19698] _copy_from_iter+0x1db/0x16f0 [ 2884.482035][T19698] ? rcu_is_watching+0x15/0xb0 [ 2884.482059][T19698] ? kmem_cache_alloc_node_noprof+0x217/0x3c0 [ 2884.482090][T19698] ? __pfx__copy_from_iter+0x10/0x10 [ 2884.482109][T19698] ? __build_skb_around+0x257/0x3e0 [ 2884.482133][T19698] ? netlink_sendmsg+0x642/0xb30 [ 2884.482154][T19698] ? skb_put+0x11b/0x210 [ 2884.482178][T19698] netlink_sendmsg+0x6b2/0xb30 [ 2884.482208][T19698] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2884.482231][T19698] ? __import_iovec+0x5d4/0x7f0 [ 2884.482249][T19698] ? aa_sock_msg_perm+0x94/0x160 [ 2884.482278][T19698] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2884.482304][T19698] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2884.482348][T19698] __sock_sendmsg+0x21c/0x270 [ 2884.482379][T19698] ____sys_sendmsg+0x505/0x830 [ 2884.482404][T19698] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2884.482441][T19698] ___sys_sendmsg+0x21f/0x2a0 [ 2884.482467][T19698] ? __pfx____sys_sendmsg+0x10/0x10 [ 2884.482525][T19698] ? __fget_files+0x2a/0x420 [ 2884.482548][T19698] ? __fget_files+0x3a0/0x420 [ 2884.482589][T19698] __sys_sendmsg+0x164/0x220 [ 2884.482615][T19698] ? __pfx___sys_sendmsg+0x10/0x10 [ 2884.482653][T19698] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2884.482685][T19698] ? lockdep_hardirqs_on+0x9c/0x150 [ 2884.482715][T19698] __do_fast_syscall_32+0xb6/0x2b0 [ 2884.482733][T19698] ? lockdep_hardirqs_on+0x9c/0x150 [ 2884.482760][T19698] do_fast_syscall_32+0x34/0x80 [ 2884.482778][T19698] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2884.482800][T19698] RIP: 0023:0xf7fd8539 [ 2884.482817][T19698] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2884.482833][T19698] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2884.482854][T19698] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000 [ 2884.482868][T19698] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2884.482880][T19698] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2884.482890][T19698] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2884.482900][T19698] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2884.482927][T19698] [ 2884.875280][T14221] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 2884.925684][T19704] netlink: 'syz.1.13563': attribute type 1 has an invalid length. [ 2885.025476][T14221] usb 5-1: device descriptor read/64, error -71 [ 2885.296294][T14221] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 2885.373526][T19716] loop6: detected capacity change from 0 to 7 [ 2885.435221][T14221] usb 5-1: device descriptor read/64, error -71 [ 2885.445484][T19716] Dev loop6: unable to read RDB block 7 [ 2885.478352][T19716] loop6: unable to read partition table [ 2885.502007][T19716] loop6: partition table beyond EOD, truncated [ 2885.530874][T19716] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2885.542519][T19719] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13568'. [ 2885.552004][T14221] usb usb5-port1: attempt power cycle [ 2885.788808][T19721] netlink: 4 bytes leftover after parsing attributes in process `syz.5.13570'. [ 2886.076425][T14221] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 2886.105979][T14221] usb 5-1: device descriptor read/8, error -71 [ 2886.304074][T19732] loop6: detected capacity change from 0 to 7 [ 2886.369585][T13021] Dev loop6: unable to read RDB block 7 [ 2886.376586][T13021] loop6: unable to read partition table [ 2886.388373][T13021] loop6: partition table beyond EOD, truncated [ 2886.405661][T14221] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 2886.445549][T19732] Dev loop6: unable to read RDB block 7 [ 2886.453547][T19732] loop6: unable to read partition table [ 2886.460937][T19732] loop6: partition table beyond EOD, truncated [ 2886.469253][T14221] usb 5-1: device descriptor read/8, error -71 [ 2886.495527][T19732] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2886.586075][T14221] usb usb5-port1: unable to enumerate USB device [ 2886.687848][T14222] usb 6-1: new high-speed USB device number 74 using dummy_hcd [ 2886.710483][T19737] syzkaller1: entered promiscuous mode [ 2886.925654][T14222] usb 6-1: Using ep0 maxpacket: 16 [ 2886.943850][T19737] syzkaller1: entered allmulticast mode [ 2886.956571][T14222] usb 6-1: New USB device found, idVendor=2137, idProduct=0001, bcdDevice=2a.35 [ 2886.985275][T14222] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2886.998755][T19739] netlink: 'syz.3.13575': attribute type 1 has an invalid length. [ 2887.033964][T14222] usb 6-1: Product: syz [ 2887.040904][T14222] usb 6-1: Manufacturer: syz [ 2887.058063][T14222] usb 6-1: SerialNumber: syz [ 2887.088048][T14222] usb 6-1: config 0 descriptor?? [ 2887.141546][T14222] as10x_usb: device has been detected [ 2887.148341][T14222] dvbdev: DVB: registering new adapter (Sky IT Digital Key (green led)) [ 2887.191719][T14222] usb 6-1: DVB: registering adapter 1 frontend 0 (Sky IT Digital Key (green led))... [ 2887.229145][T14222] as10x_usb: error during firmware upload part1 [ 2887.271612][T14222] Registered device Sky IT Digital Key (green led) [ 2887.344828][T19730] random: crng reseeded on system resumption [ 2888.360705][T19760] netlink: 20 bytes leftover after parsing attributes in process `syz.4.13580'. [ 2888.404926][T19755] netlink: 12 bytes leftover after parsing attributes in process `syz.0.13578'. [ 2888.637435][T19772] netlink: 40 bytes leftover after parsing attributes in process `syz.1.13583'. [ 2888.659616][T19772] netlink: 40 bytes leftover after parsing attributes in process `syz.1.13583'. [ 2888.670094][T19208] usb 4-1: new high-speed USB device number 24 using dummy_hcd [ 2888.875649][T19208] usb 4-1: config 0 has an invalid interface number: 9 but max is 0 [ 2888.884602][T19208] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2888.896917][T19208] usb 4-1: config 0 has no interface number 0 [ 2888.903378][T19208] usb 4-1: New USB device found, idVendor=0421, idProduct=0302, bcdDevice=45.e8 [ 2888.914440][T19208] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2888.933332][T19208] usb 4-1: config 0 descriptor?? [ 2888.942404][T19208] rndis_host 4-1:0.9: More than one union descriptor, skipping ... [ 2888.954099][T19208] usb 4-1: bad CDC descriptors [ 2888.960684][T19208] cdc_acm 4-1:0.9: More than one union descriptor, skipping ... [ 2889.719223][T19820] usb 6-1: USB disconnect, device number 74 [ 2889.789371][T19820] Unregistered device Sky IT Digital Key (green led) [ 2889.792640][T19777] tipc: Failed to remove unknown binding: 66,1,1/0:3499952912/3499952914 [ 2889.808647][T19820] as10x_usb: device has been disconnected [ 2890.262629][T19780] tipc: Failed to remove unknown binding: 66,1,1/0:578603918/578603920 [ 2890.288270][T19780] FAULT_INJECTION: forcing a failure. [ 2890.288270][T19780] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 2890.306226][T19780] CPU: 1 UID: 0 PID: 19780 Comm: syz.1.13586 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 2890.306244][T19780] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2890.306251][T19780] Call Trace: [ 2890.306256][T19780] [ 2890.306262][T19780] dump_stack_lvl+0x189/0x250 [ 2890.306279][T19780] ? __pfx____ratelimit+0x10/0x10 [ 2890.306296][T19780] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2890.306309][T19780] ? __pfx__printk+0x10/0x10 [ 2890.306323][T19780] ? __might_fault+0xb0/0x130 [ 2890.306341][T19780] should_fail_ex+0x414/0x560 [ 2890.306359][T19780] _copy_from_user+0x2d/0xb0 [ 2890.306373][T19780] get_compat_msghdr+0xad/0x4a0 [ 2890.306390][T19780] ? __pfx_get_compat_msghdr+0x10/0x10 [ 2890.306410][T19780] ___sys_sendmsg+0x193/0x2a0 [ 2890.306426][T19780] ? __pfx____sys_sendmsg+0x10/0x10 [ 2890.306457][T19780] ? __fget_files+0x2a/0x420 [ 2890.306470][T19780] ? __fget_files+0x3a0/0x420 [ 2890.306489][T19780] __sys_sendmsg+0x164/0x220 [ 2890.306503][T19780] ? __pfx___sys_sendmsg+0x10/0x10 [ 2890.306523][T19780] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2890.306541][T19780] ? lockdep_hardirqs_on+0x9c/0x150 [ 2890.306557][T19780] __do_fast_syscall_32+0xb6/0x2b0 [ 2890.306568][T19780] ? lockdep_hardirqs_on+0x9c/0x150 [ 2890.306585][T19780] do_fast_syscall_32+0x34/0x80 [ 2890.306595][T19780] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2890.306608][T19780] RIP: 0023:0xf7fd8539 [ 2890.306618][T19780] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2890.306628][T19780] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2890.306641][T19780] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 00000000800003c0 [ 2890.306649][T19780] RDX: 0000000000008820 RSI: 0000000000000000 RDI: 0000000000000000 [ 2890.306655][T19780] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2890.306661][T19780] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2890.306668][T19780] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2890.306682][T19780] [ 2890.563629][T14205] usb 4-1: USB disconnect, device number 24 [ 2890.614675][T19776] tipc: Failed to remove unknown binding: 66,1,1/0:3499952912/3499952914 [ 2890.623308][T19776] tipc: Failed to remove unknown binding: 66,1,1/0:3499952912/3499952914 [ 2890.651225][T19782] netlink: 'syz.4.13587': attribute type 1 has an invalid length. [ 2890.666363][T19782] netlink: 200 bytes leftover after parsing attributes in process `syz.4.13587'. [ 2890.855465][T14221] usb 2-1: new high-speed USB device number 100 using dummy_hcd [ 2890.969964][T19793] loop4: detected capacity change from 0 to 7 [ 2891.015633][T19793] Dev loop4: unable to read RDB block 7 [ 2891.021273][T19793] loop4: unable to read partition table [ 2891.028488][T14221] usb 2-1: Using ep0 maxpacket: 8 [ 2891.037953][T14221] usb 2-1: config index 0 descriptor too short (expected 5924, got 36) [ 2891.055525][T19793] loop4: partition table beyond EOD, truncated [ 2891.058841][T14221] usb 2-1: config 250 has an invalid interface number: 228 but max is -1 [ 2891.070318][T19793] loop_reread_partitions: partition scan of loop4 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2891.168404][T14221] usb 2-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 2891.209334][T14221] usb 2-1: config 250 has no interface number 0 [ 2891.239494][T14221] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 2891.267606][T14221] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 2891.283008][T14221] usb 2-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid maxpacket 65535, setting to 1024 [ 2891.297229][T19798] FAULT_INJECTION: forcing a failure. [ 2891.297229][T19798] name failslab, interval 1, probability 0, space 0, times 0 [ 2891.315385][T14221] usb 2-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 1024 [ 2891.326764][T19798] CPU: 0 UID: 0 PID: 19798 Comm: syz.3.13594 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 2891.326806][T19798] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2891.326819][T19798] Call Trace: [ 2891.326828][T19798] [ 2891.326835][T19798] dump_stack_lvl+0x189/0x250 [ 2891.326861][T19798] ? __pfx____ratelimit+0x10/0x10 [ 2891.326887][T19798] ? __pfx_dump_stack_lvl+0x10/0x10 [ 2891.326907][T19798] ? __pfx__printk+0x10/0x10 [ 2891.326935][T19798] ? ref_tracker_alloc+0x318/0x460 [ 2891.326963][T19798] should_fail_ex+0x414/0x560 [ 2891.326991][T19798] should_failslab+0xa8/0x100 [ 2891.327014][T19798] kmem_cache_alloc_noprof+0x73/0x3c0 [ 2891.327033][T19798] ? skb_clone+0x212/0x3a0 [ 2891.327060][T19798] skb_clone+0x212/0x3a0 [ 2891.327086][T19798] __netlink_deliver_tap+0x404/0x850 [ 2891.327118][T19798] ? netlink_deliver_tap+0x2e/0x1b0 [ 2891.327139][T19798] netlink_deliver_tap+0x19c/0x1b0 [ 2891.327160][T19798] netlink_unicast+0x72f/0x8d0 [ 2891.327187][T19798] netlink_sendmsg+0x805/0xb30 [ 2891.327215][T19798] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2891.327238][T19798] ? __import_iovec+0x5d4/0x7f0 [ 2891.327256][T19798] ? aa_sock_msg_perm+0x94/0x160 [ 2891.327282][T19798] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2891.327307][T19798] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2891.327328][T19798] __sock_sendmsg+0x21c/0x270 [ 2891.327357][T19798] ____sys_sendmsg+0x505/0x830 [ 2891.327383][T19798] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2891.327419][T19798] ___sys_sendmsg+0x21f/0x2a0 [ 2891.327442][T19798] ? __pfx____sys_sendmsg+0x10/0x10 [ 2891.327494][T19798] ? __fget_files+0x2a/0x420 [ 2891.327516][T19798] ? __fget_files+0x3a0/0x420 [ 2891.327546][T19798] __sys_sendmsg+0x164/0x220 [ 2891.327570][T19798] ? __pfx___sys_sendmsg+0x10/0x10 [ 2891.327604][T19798] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2891.327632][T19798] ? lockdep_hardirqs_on+0x9c/0x150 [ 2891.327659][T19798] __do_fast_syscall_32+0xb6/0x2b0 [ 2891.327676][T19798] ? lockdep_hardirqs_on+0x9c/0x150 [ 2891.327704][T19798] do_fast_syscall_32+0x34/0x80 [ 2891.327721][T19798] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2891.327742][T19798] RIP: 0023:0xf7f77539 [ 2891.327756][T19798] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2891.327771][T19798] RSP: 002b:00000000f509655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2891.327799][T19798] RAX: ffffffffffffffda RBX: 0000000000000004 RCX: 0000000080000000 [ 2891.327812][T19798] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2891.327822][T19798] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2891.327832][T19798] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2891.327843][T19798] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2891.327867][T19798] [ 2891.328524][T14221] usb 2-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 2891.677713][T14221] usb 2-1: config 250 interface 228 has no altsetting 0 [ 2891.688307][T14221] usb 2-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 2891.697961][T14221] usb 2-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 2891.706819][T14221] usb 2-1: Product: syz [ 2891.711920][T14221] usb 2-1: SerialNumber: syz [ 2891.739550][T14221] hub 2-1:250.228: bad descriptor, ignoring hub [ 2891.746063][T14221] hub 2-1:250.228: probe with driver hub failed with error -5 [ 2891.935461][T14221] usblp 2-1:250.228: usblp0: USB Bidirectional printer dev 100 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 2892.269034][T19208] usb 2-1: USB disconnect, device number 100 [ 2892.646065][T19208] usblp0: removed [ 2893.177555][T19825] loop6: detected capacity change from 0 to 7 [ 2893.185039][T19825] Dev loop6: unable to read RDB block 7 [ 2893.191101][T19825] loop6: unable to read partition table [ 2893.198949][T19825] loop6: partition table beyond EOD, truncated [ 2893.217534][T19825] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2895.532322][T19846] loop6: detected capacity change from 0 to 7 [ 2895.550769][T13021] Dev loop6: unable to read RDB block 7 [ 2895.557345][T13021] loop6: unable to read partition table [ 2895.586687][T13021] loop6: partition table beyond EOD, truncated [ 2895.597348][T19846] Dev loop6: unable to read RDB block 7 [ 2895.619411][T19846] loop6: unable to read partition table [ 2895.628073][T19846] loop6: partition table beyond EOD, truncated [ 2895.634431][T19846] loop_reread_partitions: partition scan of loop6 (þ被xü—ŸÑà– ) failed (rc=-5) [ 2895.755380][T19832] usb 4-1: new high-speed USB device number 25 using dummy_hcd [ 2895.781682][T19851] netlink: 16 bytes leftover after parsing attributes in process `syz.0.13608'. [ 2895.896048][T19832] usb 4-1: device descriptor read/64, error -71 [ 2895.967383][T14205] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 2896.126775][T14205] usb 5-1: config 0 interface 0 altsetting 251 endpoint 0x9 has invalid wMaxPacketSize 0 [ 2896.138748][T19832] usb 4-1: new high-speed USB device number 26 using dummy_hcd [ 2896.146580][T14205] usb 5-1: config 0 interface 0 has no altsetting 0 [ 2896.158244][T14205] usb 5-1: New USB device found, idVendor=045e, idProduct=0283, bcdDevice=99.0b [ 2896.167534][T14205] usb 5-1: New USB device strings: Mfr=1, Product=228, SerialNumber=2 [ 2896.175303][T19820] usb 2-1: new high-speed USB device number 101 using dummy_hcd [ 2896.175912][T14205] usb 5-1: Product: syz [ 2896.189585][T14205] usb 5-1: Manufacturer: syz [ 2896.194205][T14205] usb 5-1: SerialNumber: syz [ 2896.201131][T14205] usb 5-1: config 0 descriptor?? [ 2896.214130][T14205] usb 5-1: selecting invalid altsetting 0 [ 2896.275865][T19832] usb 4-1: device descriptor read/64, error -71 [ 2896.328014][T19820] usb 2-1: Using ep0 maxpacket: 8 [ 2896.341106][T19820] usb 2-1: config 0 has an invalid interface number: 216 but max is 0 [ 2896.349490][T19820] usb 2-1: config 0 has no interface number 0 [ 2896.356051][T19820] usb 2-1: config 0 interface 216 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2896.367004][T19820] usb 2-1: config 0 interface 216 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2896.378151][T19820] usb 2-1: config 0 interface 216 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 2896.386216][T19832] usb usb4-port1: attempt power cycle [ 2896.392593][T19820] usb 2-1: New USB device found, idVendor=03f0, idProduct=0307, bcdDevice= 0.01 [ 2896.403809][T19820] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2896.413906][T19820] usb 2-1: Product: syz [ 2896.418322][T19820] usb 2-1: Manufacturer: syz [ 2896.423168][T19820] usb 2-1: SerialNumber: syz [ 2896.430954][T19820] usb 2-1: config 0 descriptor?? [ 2896.442178][T19849] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 2896.452015][T19820] ums-usbat 2-1:0.216: USB Mass Storage device detected [ 2896.459782][T19849] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 2896.482294][T19849] netlink: 'syz.4.13607': attribute type 6 has an invalid length. [ 2896.567487][T14205] usb 5-1: USB disconnect, device number 66 [ 2896.735376][T19832] usb 4-1: new high-speed USB device number 27 using dummy_hcd [ 2896.771441][T19832] usb 4-1: device descriptor read/8, error -71 [ 2897.034866][T19832] usb 4-1: new high-speed USB device number 28 using dummy_hcd [ 2897.073697][T19871] netlink: 'syz.4.13614': attribute type 1 has an invalid length. [ 2897.082508][T19832] usb 4-1: device descriptor read/8, error -71 [ 2897.083373][T19871] netlink: 200 bytes leftover after parsing attributes in process `syz.4.13614'. [ 2897.195642][T19832] usb usb4-port1: unable to enumerate USB device [ 2897.267930][T19876] netlink: 212364 bytes leftover after parsing attributes in process `syz.4.13615'. [ 2897.277826][T19876] openvswitch: netlink: Message has 5 unknown bytes. [ 2897.289808][T19876] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13615'. [ 2897.369480][T19876] netlink: 'syz.4.13615': attribute type 3 has an invalid length. [ 2897.691101][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 2897.697576][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 2899.081790][T19898] netlink: 40 bytes leftover after parsing attributes in process `syz.3.13619'. [ 2899.272263][T19903] netlink: 40 bytes leftover after parsing attributes in process `syz.3.13619'. [ 2899.514850][T19832] usb 2-1: USB disconnect, device number 101 [ 2899.522464][T19904] loop6: detected capacity change from 0 to 7 [ 2899.557979][T19904] Dev loop6: unable to read RDB block 7 [ 2899.663794][T19904] loop6: AHDI p3 p4 [ 2899.705332][T19904] loop6: partition table partially beyond EOD, truncated [ 2899.815324][T19904] loop6: p3 start 1869967406 is beyond EOD, truncated [ 2900.480235][T19927] netlink: 'syz.4.13633': attribute type 1 has an invalid length. [ 2904.548361][ T30] kauditd_printk_skb: 63 callbacks suppressed [ 2904.548379][ T30] audit: type=1326 audit(1751930807.769:2873): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20006 comm="syz.4.13659" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 2904.581382][ T30] audit: type=1326 audit(1751930807.769:2874): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20006 comm="syz.4.13659" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 2904.607829][ T30] audit: type=1326 audit(1751930807.779:2875): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20006 comm="syz.4.13659" exe="/root/syz-executor" sig=0 arch=40000003 syscall=259 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 2904.630000][ C1] vkms_vblank_simulate: vblank timer overrun [ 2904.644765][ T30] audit: type=1326 audit(1751930807.779:2876): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20006 comm="syz.4.13659" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 2904.689973][ T30] audit: type=1326 audit(1751930807.779:2877): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20006 comm="syz.4.13659" exe="/root/syz-executor" sig=0 arch=40000003 syscall=260 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 2904.712156][ C1] vkms_vblank_simulate: vblank timer overrun [ 2904.722802][ T30] audit: type=1326 audit(1751930807.779:2878): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20006 comm="syz.4.13659" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ee558 code=0x7ffc0000 [ 2904.745014][ C1] vkms_vblank_simulate: vblank timer overrun [ 2904.784633][ T30] audit: type=1326 audit(1751930807.779:2879): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20006 comm="syz.4.13659" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ee558 code=0x7ffc0000 [ 2904.859158][ T30] audit: type=1326 audit(1751930807.779:2880): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20006 comm="syz.4.13659" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ee558 code=0x7ffc0000 [ 2904.932811][ T30] audit: type=1326 audit(1751930807.779:2881): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20006 comm="syz.4.13659" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ee558 code=0x7ffc0000 [ 2905.160274][ T30] audit: type=1326 audit(1751930807.779:2882): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20006 comm="syz.4.13659" exe="/root/syz-executor" sig=0 arch=40000003 syscall=119 compat=1 ip=0xf70ee558 code=0x7ffc0000 [ 2905.182460][ C1] vkms_vblank_simulate: vblank timer overrun [ 2905.205613][T19820] usb 2-1: new high-speed USB device number 102 using dummy_hcd [ 2905.406306][T19820] usb 2-1: New USB device found, idVendor=0c45, idProduct=628f, bcdDevice=1f.44 [ 2905.438832][T19820] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2905.470225][T19820] usb 2-1: config 0 descriptor?? [ 2905.490543][T19820] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628f [ 2906.006902][T19820] gspca_sn9c20x: Write register 1000 failed -110 [ 2906.020675][T19820] gspca_sn9c20x: Device initialization failed [ 2906.094885][T19820] gspca_sn9c20x 2-1:0.0: probe with driver gspca_sn9c20x failed with error -110 [ 2906.186709][T19820] usb 2-1: USB disconnect, device number 102 [ 2908.432676][T19832] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 2908.596162][T19832] usb 5-1: Using ep0 maxpacket: 32 [ 2908.603911][T19832] usb 5-1: config 0 interface 0 has no altsetting 0 [ 2908.623428][T19832] usb 5-1: New USB device found, idVendor=046d, idProduct=c623, bcdDevice= 0.00 [ 2908.665935][T19832] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2909.140246][T19832] usb 5-1: config 0 descriptor?? [ 2909.769381][T19832] logitech 0003:046D:C623.0055: hidraw0: USB HID v0.07 Device [HID 046d:c623] on usb-dummy_hcd.4-1/input0 [ 2909.855052][T19832] usb 5-1: USB disconnect, device number 67 [ 2910.313204][T20096] fido_id[20096]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.4/usb5/report_descriptor': No such file or directory [ 2911.915225][T14177] usb 6-1: new high-speed USB device number 75 using dummy_hcd [ 2912.087737][T14177] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2912.109645][T14177] usb 6-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 2912.129232][T14177] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2912.164511][T14177] usb 6-1: config 0 descriptor?? [ 2912.214062][T14177] pwc: Askey VC010 type 2 USB webcam detected. [ 2912.631591][T14177] pwc: recv_control_msg error -32 req 02 val 2b00 [ 2912.646515][T14177] pwc: recv_control_msg error -32 req 02 val 2700 [ 2912.666377][T14177] pwc: recv_control_msg error -32 req 02 val 2c00 [ 2912.878457][T14177] pwc: recv_control_msg error -71 req 04 val 1300 [ 2912.895538][T14177] pwc: recv_control_msg error -71 req 04 val 1400 [ 2912.902455][T14177] pwc: recv_control_msg error -71 req 02 val 2000 [ 2912.913628][T14177] pwc: recv_control_msg error -71 req 02 val 2100 [ 2912.935659][T14177] pwc: recv_control_msg error -71 req 04 val 1500 [ 2912.952910][T14177] pwc: recv_control_msg error -71 req 02 val 2500 [ 2912.967569][T14177] pwc: recv_control_msg error -71 req 02 val 2400 [ 2912.984836][T14177] pwc: recv_control_msg error -71 req 02 val 2600 [ 2913.017106][T14177] pwc: recv_control_msg error -71 req 02 val 2900 [ 2913.027353][T14177] pwc: recv_control_msg error -71 req 02 val 2800 [ 2913.050369][ T6815] usb 5-1: [UEAGLE-ATM] firmware is not available [ 2913.056970][T14212] usb 5-1: [UEAGLE-ATM] firmware is not available [ 2913.063557][T14193] usb 5-1: [UEAGLE-ATM] firmware is not available [ 2913.070253][T14190] usb 5-1: [UEAGLE-ATM] firmware is not available [ 2913.080421][T14177] pwc: recv_control_msg error -71 req 04 val 1100 [ 2913.089756][T14177] pwc: recv_control_msg error -71 req 04 val 1200 [ 2913.115304][T14177] pwc: Registered as video103. [ 2913.145404][T14177] input: PWC snapshot button as /devices/platform/dummy_hcd.5/usb6/6-1/input/input173 [ 2913.191124][T14177] usb 6-1: USB disconnect, device number 75 [ 2913.282040][T13400] udevd[13400]: setting owner of /dev/input/event4 to uid=0, gid=104 failed: No such file or directory [ 2916.239582][T20206] IPVS: length: 8 != 276440 [ 2916.751559][T20217] netlink: 4 bytes leftover after parsing attributes in process `syz.3.13712'. [ 2916.999324][T14190] IPVS: starting estimator thread 0... [ 2917.095202][T20225] IPVS: using max 32 ests per chain, 76800 per kthread [ 2917.501702][T22913] Bluetooth: hci5: ACL packet for unknown connection handle 201 [ 2917.965647][T20245] netlink: 72 bytes leftover after parsing attributes in process `syz.3.13723'. [ 2919.371519][T20271] netlink: 8 bytes leftover after parsing attributes in process `syz.4.13720'. [ 2921.058951][T20287] binder: 20286:20287 ioctl 4018620d 0 returned -22 [ 2921.087950][T20287] binder: 20286:20287 ioctl c0306201 0 returned -14 [ 2921.711890][T20302] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13739'. [ 2921.731056][T20302] gtp0: entered promiscuous mode [ 2921.740432][T20302] gtp0: entered allmulticast mode [ 2921.775456][T14190] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 2921.937191][T14190] usb 5-1: New USB device found, idVendor=0c45, idProduct=628f, bcdDevice=1f.44 [ 2921.956761][T14190] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2921.982377][T14190] usb 5-1: config 0 descriptor?? [ 2922.006264][T14190] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628f [ 2922.115334][T14222] usb 2-1: new high-speed USB device number 103 using dummy_hcd [ 2922.267360][T14222] usb 2-1: Using ep0 maxpacket: 32 [ 2922.273504][T14222] usb 2-1: no configurations [ 2922.279254][T14222] usb 2-1: can't read configurations, error -22 [ 2922.312536][T14190] gspca_sn9c20x: Write register 1000 failed -71 [ 2922.320758][T14190] gspca_sn9c20x: Device initialization failed [ 2922.332234][T14190] gspca_sn9c20x 5-1:0.0: probe with driver gspca_sn9c20x failed with error -71 [ 2922.349057][T14190] usb 5-1: USB disconnect, device number 68 [ 2922.416364][T14222] usb 2-1: new high-speed USB device number 104 using dummy_hcd [ 2922.595222][T14222] usb 2-1: Using ep0 maxpacket: 32 [ 2922.601450][T14222] usb 2-1: no configurations [ 2922.606166][T14222] usb 2-1: can't read configurations, error -22 [ 2922.612842][T14222] usb usb2-port1: attempt power cycle [ 2922.985527][T14222] usb 2-1: new high-speed USB device number 105 using dummy_hcd [ 2923.028030][T14222] usb 2-1: Using ep0 maxpacket: 32 [ 2923.033751][T14222] usb 2-1: no configurations [ 2923.038707][T14222] usb 2-1: can't read configurations, error -22 [ 2923.176005][T14222] usb 2-1: new high-speed USB device number 106 using dummy_hcd [ 2923.275887][T14222] usb 2-1: Using ep0 maxpacket: 32 [ 2923.281806][T14222] usb 2-1: no configurations [ 2923.287803][T14222] usb 2-1: can't read configurations, error -22 [ 2923.294639][T14222] usb usb2-port1: unable to enumerate USB device [ 2925.191035][T20350] block device autoloading is deprecated and will be removed. [ 2925.276585][T20350] syz.4.13753: attempt to access beyond end of device [ 2925.276585][T20350] md0: rw=2048, sector=0, nr_sectors = 8 limit=0 [ 2926.837693][T20372] netlink: 'syz.4.13765': attribute type 20 has an invalid length. [ 2929.019765][T20415] kvm: pic: single mode not supported [ 2929.023092][T20415] kvm: pic: single mode not supported [ 2929.029221][T20415] kvm: pic: level sensitive irq not supported [ 2929.168850][T20415] kvm: pic: single mode not supported [ 2929.174998][T20415] kvm: pic: level sensitive irq not supported [ 2929.381475][T20415] kvm: pic: single mode not supported [ 2929.387728][T20415] kvm: pic: level sensitive irq not supported [ 2929.406600][T20415] kvm: pic: single mode not supported [ 2929.443592][T20415] kvm: pic: single mode not supported [ 2929.460386][T20415] kvm: pic: single mode not supported [ 2929.501125][T20415] kvm: pic: single mode not supported [ 2929.525028][T20415] kvm: pic: single mode not supported [ 2929.536354][T20415] kvm: pic: single mode not supported [ 2929.541839][T20415] kvm: pic: level sensitive irq not supported [ 2929.591695][T20415] kvm: pic: level sensitive irq not supported [ 2929.603627][T20415] kvm: pic: level sensitive irq not supported [ 2929.630537][T20415] kvm: pic: level sensitive irq not supported [ 2929.659014][T20415] kvm: pic: level sensitive irq not supported [ 2929.695782][T20415] kvm: pic: level sensitive irq not supported [ 2929.716102][T20415] kvm: pic: level sensitive irq not supported [ 2930.205375][T20435] netdevsim netdevsim4: Direct firmware load for ./file0 failed with error -2 [ 2930.285814][T20435] netdevsim netdevsim4: Falling back to sysfs fallback for: ./file0 [ 2930.733385][T20444] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13789'. [ 2930.768273][T20444] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13789'. [ 2930.859136][T20444] batadv0: entered promiscuous mode [ 2930.869129][T20444] batadv0: left promiscuous mode [ 2932.374416][T20460] netlink: 12 bytes leftover after parsing attributes in process `syz.4.13796'. [ 2932.774375][ T30] kauditd_printk_skb: 1733 callbacks suppressed [ 2932.774394][ T30] audit: type=1326 audit(1751930835.989:4616): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20470 comm="syz.4.13800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 2932.855686][ T30] audit: type=1326 audit(1751930836.049:4617): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20470 comm="syz.4.13800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 2932.925233][ T30] audit: type=1326 audit(1751930836.059:4618): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20470 comm="syz.4.13800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=386 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 2933.025325][ T30] audit: type=1326 audit(1751930836.059:4619): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20470 comm="syz.4.13800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 2933.102631][ T30] audit: type=1326 audit(1751930836.059:4620): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20470 comm="syz.4.13800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=370 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 2933.219744][ T30] audit: type=1326 audit(1751930836.059:4621): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20470 comm="syz.4.13800" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70ee539 code=0x7ffc0000 [ 2933.241994][ C1] vkms_vblank_simulate: vblank timer overrun [ 2934.240886][T20498] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13811'. [ 2934.254743][T20498] netlink: 4 bytes leftover after parsing attributes in process `syz.0.13811'. [ 2934.269253][T20498] netlink: 104 bytes leftover after parsing attributes in process `syz.0.13811'. [ 2934.291751][T20498] netlink: 104 bytes leftover after parsing attributes in process `syz.0.13811'. [ 2936.329204][T20531] netlink: 4768 bytes leftover after parsing attributes in process `syz.4.13820'. [ 2937.043164][T20548] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13826'. [ 2937.075265][T20548] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13826'. [ 2937.119866][T20548] batadv0: entered promiscuous mode [ 2937.143179][T20548] batadv0: left promiscuous mode [ 2937.203946][T20554] netdevsim netdevsim5: Direct firmware load for ./file0 failed with error -2 [ 2937.220014][T20554] netdevsim netdevsim5: Falling back to sysfs fallback for: ./file0 [ 2939.462581][T20588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13841'. [ 2939.506195][T20588] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13841'. [ 2939.541798][T20588] batadv0: entered promiscuous mode [ 2939.586662][T20588] erspan0: entered promiscuous mode [ 2940.909399][T20630] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13855'. [ 2940.952483][T20630] netlink: 28 bytes leftover after parsing attributes in process `syz.1.13855'. [ 2941.355349][T14190] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 2941.509480][T14190] usb 5-1: New USB device found, idVendor=0c45, idProduct=628f, bcdDevice=1f.44 [ 2941.519814][T20645] netlink: 8 bytes leftover after parsing attributes in process `syz.1.13860'. [ 2941.535581][T14190] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2941.546956][T20645] gtp1: entered promiscuous mode [ 2941.551967][T20645] gtp1: entered allmulticast mode [ 2941.560764][T14190] usb 5-1: config 0 descriptor?? [ 2941.572213][T14190] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628f [ 2941.822684][T14190] gspca_sn9c20x: Write register 1000 failed -71 [ 2941.833831][T14190] gspca_sn9c20x: Device initialization failed [ 2941.844108][T14190] gspca_sn9c20x 5-1:0.0: probe with driver gspca_sn9c20x failed with error -71 [ 2941.856233][T14177] usb 6-1: new high-speed USB device number 76 using dummy_hcd [ 2941.871198][T14190] usb 5-1: USB disconnect, device number 69 [ 2942.025407][T14177] usb 6-1: Using ep0 maxpacket: 8 [ 2942.034261][T14177] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2942.063413][T14177] usb 6-1: config 0 has no interfaces? [ 2942.093544][T14177] usb 6-1: New USB device found, idVendor=0c45, idProduct=613e, bcdDevice=c4.6d [ 2942.110133][T14177] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2942.149771][T14177] usb 6-1: Product: syz [ 2942.154719][T14177] usb 6-1: Manufacturer: syz [ 2942.160221][T14177] usb 6-1: SerialNumber: syz [ 2942.176342][T14177] usb 6-1: config 0 descriptor?? [ 2942.902346][T20668] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13871'. [ 2942.916715][T20668] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13871'. [ 2943.815265][ T6417] usb 4-1: new high-speed USB device number 29 using dummy_hcd [ 2943.975447][ T6417] usb 4-1: Using ep0 maxpacket: 32 [ 2943.986583][ T6417] usb 4-1: config 0 interface 0 altsetting 0 bulk endpoint 0x85 has invalid maxpacket 1024 [ 2944.003811][ T6417] usb 4-1: New USB device found, idVendor=12d8, idProduct=0001, bcdDevice=de.79 [ 2944.013684][ T6417] usb 4-1: New USB device strings: Mfr=1, Product=236, SerialNumber=2 [ 2944.022440][ T6417] usb 4-1: Product: syz [ 2944.027205][ T6417] usb 4-1: Manufacturer: syz [ 2944.031870][ T6417] usb 4-1: SerialNumber: syz [ 2944.039944][ T6417] usb 4-1: config 0 descriptor?? [ 2944.046422][T20678] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 2944.056749][ T6417] hub 4-1:0.0: bad descriptor, ignoring hub [ 2944.062714][ T6417] hub 4-1:0.0: probe with driver hub failed with error -5 [ 2944.331627][T20687] netlink: 4768 bytes leftover after parsing attributes in process `syz.0.13878'. [ 2944.551566][T14190] usb 6-1: USB disconnect, device number 76 [ 2944.809135][T20678] usb 4-1: reset high-speed USB device number 29 using dummy_hcd [ 2944.833213][T20678] usb 4-1: device reset changed ep0 maxpacket size! [ 2944.860251][ T6417] usb 4-1: USB disconnect, device number 29 [ 2945.015288][ T6417] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 2945.500952][ T6417] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x82 has invalid maxpacket 32 [ 2945.510901][ T6417] usb 4-1: config 1 interface 1 altsetting 1 bulk endpoint 0x3 has invalid maxpacket 8 [ 2945.526313][ T6417] usb 4-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 2945.535781][ T6417] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2945.545491][ T6417] usb 4-1: Product: syz [ 2945.553131][ T6417] usb 4-1: Manufacturer: syz [ 2945.564389][ T6417] usb 4-1: SerialNumber: syz [ 2945.787682][ T6417] cdc_ncm 4-1:1.0: bind() failure [ 2945.815872][ T6417] cdc_ncm 4-1:1.1: CDC Union missing and no IAD found [ 2945.822744][ T6417] cdc_ncm 4-1:1.1: bind() failure [ 2945.855905][ T6417] usb 4-1: USB disconnect, device number 30 [ 2946.625941][T20716] netlink: 24 bytes leftover after parsing attributes in process `syz.3.13886'. [ 2947.119743][T20735] netlink: 24 bytes leftover after parsing attributes in process `syz.1.13899'. [ 2947.146692][T20736] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13892'. [ 2947.163199][T20736] netlink: 28 bytes leftover after parsing attributes in process `syz.4.13892'. [ 2947.247267][T20737] rtc_cmos 00:00: Alarms can be up to one day in the future [ 2947.427864][T20744] pic_ioport_write: 10 callbacks suppressed [ 2947.427888][T20744] kvm: pic: single mode not supported [ 2947.441298][T20744] kvm: pic: single mode not supported [ 2947.446905][T20744] pic_ioport_write: 9 callbacks suppressed [ 2947.446923][T20744] kvm: pic: level sensitive irq not supported [ 2947.500803][T14177] rtc_cmos 00:00: Alarms can be up to one day in the future [ 2947.521337][T14177] rtc_cmos 00:00: Alarms can be up to one day in the future [ 2947.536340][T14177] rtc_cmos 00:00: Alarms can be up to one day in the future [ 2947.545815][T14177] rtc_cmos 00:00: Alarms can be up to one day in the future [ 2947.553291][T14177] rtc rtc0: __rtc_set_alarm: err=-22 [ 2948.814775][T20773] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13906'. [ 2948.848155][T20773] netlink: 28 bytes leftover after parsing attributes in process `syz.3.13906'. [ 2948.945789][T20780] netlink: 24 bytes leftover after parsing attributes in process `syz.5.13905'. [ 2952.440099][T20821] netlink: 12 bytes leftover after parsing attributes in process `syz.5.13922'. [ 2952.669156][T20834] netlink: 24 bytes leftover after parsing attributes in process `syz.4.13921'. [ 2953.042415][T20841] netlink: 16 bytes leftover after parsing attributes in process `syz.5.13924'. [ 2953.077447][T20841] netlink: 16 bytes leftover after parsing attributes in process `syz.5.13924'. [ 2957.926106][T14222] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 2958.087436][T14222] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9375, bcdDevice=1a.9e [ 2958.105329][T14222] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2958.141033][T14222] usb 4-1: config 0 descriptor?? [ 2958.383023][T20914] netlink: 'syz.3.13955': attribute type 10 has an invalid length. [ 2958.413204][T20914] bond0: (slave wlan1): Opening slave failed [ 2958.445853][T14222] ath6kl: Failed to submit usb control message: -71 [ 2958.474034][T14222] ath6kl: unable to send the bmi data to the device: -71 [ 2958.500889][T14222] ath6kl: Unable to send get target info: -71 [ 2958.517815][T14222] ath6kl: Failed to init ath6kl core: -71 [ 2958.530836][T14222] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -71 [ 2958.584223][T14222] usb 4-1: USB disconnect, device number 31 [ 2959.132465][ T1301] ieee802154 phy0 wpan0: encryption failed: -22 [ 2959.139110][ T1301] ieee802154 phy1 wpan1: encryption failed: -22 [ 2959.830003][T14193] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 2960.072857][T14193] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 2960.109812][T14193] usb 4-1: config 0 has no interfaces? [ 2960.152822][T20948] syz.0.13966 (20948): drop_caches: 2 [ 2960.168831][T14193] usb 4-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 2960.218192][T14193] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2960.286394][T14193] usb 4-1: config 0 descriptor?? [ 2962.667063][T14193] usb 4-1: USB disconnect, device number 32 [ 2963.001208][T20993] RDS: rds_bind could not find a transport for fc02::1, load rds_tcp or rds_rdma? [ 2963.034372][T20992] syz.3.13982 (20992): drop_caches: 2 [ 2963.049463][T20992] syz.3.13982 (20992): drop_caches: 2 [ 2964.139990][T21016] binder: 21015:21016 unknown command 0 [ 2964.155325][T21016] binder: 21015:21016 ioctl c0306201 80000b80 returned -22 [ 2964.389156][T21018] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=680 (1360 ns) > initial count (1048 ns). Using initial count to start timer. [ 2964.849329][T21025] syz.3.13994 (21025): drop_caches: 2 [ 2964.877760][T21025] syz.3.13994 (21025): drop_caches: 2 [ 2965.976659][T21059] syz.4.14006 (21059): drop_caches: 2 [ 2965.987794][T21059] syz.4.14006 (21059): drop_caches: 2 [ 2967.374817][T21086] netlink: 24 bytes leftover after parsing attributes in process `syz.0.14018'. [ 2967.580479][T21091] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14020'. [ 2968.695203][T14190] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 2968.865423][T14190] usb 5-1: Using ep0 maxpacket: 8 [ 2968.889627][T14190] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 2968.925395][T14190] usb 5-1: New USB device found, idVendor=1604, idProduct=8001, bcdDevice=37.a3 [ 2968.955007][T14190] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2968.988780][T14190] usb 5-1: Product: syz [ 2968.992997][T14190] usb 5-1: Manufacturer: syz [ 2969.008971][T14190] usb 5-1: SerialNumber: syz [ 2969.036516][T14190] usb 5-1: config 0 descriptor?? [ 2970.123959][T14190] usb 6-1: new high-speed USB device number 77 using dummy_hcd [ 2970.208320][ T6417] usb 5-1: USB disconnect, device number 70 [ 2970.321910][T14190] usb 6-1: config 0 has no interfaces? [ 2970.334779][T14190] usb 6-1: New USB device found, idVendor=18b4, idProduct=fffb, bcdDevice=dc.7b [ 2970.353477][T14190] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2970.382473][T14190] usb 6-1: Product: syz [ 2970.405900][T14190] usb 6-1: Manufacturer: syz [ 2970.420778][T14190] usb 6-1: SerialNumber: syz [ 2970.433733][T14190] usb 6-1: config 0 descriptor?? [ 2970.970158][T21133] macvtap0: left allmulticast mode [ 2970.991037][ T6417] usb 6-1: USB disconnect, device number 77 [ 2972.206461][T14193] usb 6-1: new high-speed USB device number 78 using dummy_hcd [ 2972.386718][T14193] usb 6-1: New USB device found, idVendor=0c45, idProduct=628f, bcdDevice=1f.44 [ 2972.412609][T14193] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2972.446221][T14193] usb 6-1: config 0 descriptor?? [ 2972.468475][T14193] gspca_main: gspca_sn9c20x-2.14.0 probing 0c45:628f [ 2972.704951][T14193] gspca_sn9c20x: Write register 1000 failed -71 [ 2972.735233][T14193] gspca_sn9c20x: Device initialization failed [ 2972.741735][T14193] gspca_sn9c20x 6-1:0.0: probe with driver gspca_sn9c20x failed with error -71 [ 2972.798036][T14193] usb 6-1: USB disconnect, device number 78 [ 2975.231291][T21228] macsec1: entered promiscuous mode [ 2975.237842][T21228] veth1_to_batadv: entered promiscuous mode [ 2977.762046][ T30] audit: type=1326 audit(1751930880.979:4622): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21273 comm="syz.0.14086" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 2977.875464][ T30] audit: type=1326 audit(1751930880.999:4623): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21273 comm="syz.0.14086" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 2977.947161][ T30] audit: type=1326 audit(1751930881.019:4624): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21273 comm="syz.0.14086" exe="/root/syz-executor" sig=0 arch=40000003 syscall=81 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 2978.015619][ T30] audit: type=1326 audit(1751930881.019:4625): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21273 comm="syz.0.14086" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 2978.037810][ C1] vkms_vblank_simulate: vblank timer overrun [ 2978.124450][ T30] audit: type=1326 audit(1751930881.019:4626): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=21273 comm="syz.0.14086" exe="/root/syz-executor" sig=0 arch=40000003 syscall=240 compat=1 ip=0xf70fe539 code=0x7ffc0000 [ 2978.435229][T14177] usb 5-1: new full-speed USB device number 71 using dummy_hcd [ 2978.627275][T14177] usb 5-1: New USB device found, idVendor=13d8, idProduct=0020, bcdDevice=f7.31 [ 2978.661212][T14177] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2978.707761][T14177] usb 5-1: config 0 descriptor?? [ 2978.749769][T14177] usb 5-1: selecting invalid altsetting 3 [ 2978.765481][T14177] comedi comedi5: could not set alternate setting 3 in high speed [ 2978.773386][T14177] usbduxsigma 5-1:0.0: driver 'usbduxsigma' failed to auto-configure device. [ 2978.812180][T14177] usbduxsigma 5-1:0.0: probe with driver usbduxsigma failed with error -22 [ 2978.919443][T14222] usb 5-1: USB disconnect, device number 71 [ 2982.275237][T14177] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 2982.507687][T14177] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 2982.525932][T14177] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 2982.540481][T14177] usb 4-1: New USB device found, idVendor=256c, idProduct=006d, bcdDevice= 0.00 [ 2982.551030][T14177] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2982.563207][T14177] usb 4-1: config 0 descriptor?? [ 2983.185375][T14177] usb 4-1: string descriptor 0 read error: -22 [ 2983.397779][T14177] input: HID 256c:006d as /devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/0003:256C:006D.0056/input/input175 [ 2983.457702][T21359] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14114'. [ 2983.499955][T21359] ip6gretap0: entered promiscuous mode [ 2983.513464][T14177] uclogic 0003:256C:006D.0056: input,hidraw0: USB HID v0.00 Device [HID 256c:006d] on usb-dummy_hcd.3-1/input0 [ 2983.545522][T21359] macvtap1: entered promiscuous mode [ 2983.585346][T21359] macvtap1: entered allmulticast mode [ 2983.623677][T21359] ip6gretap0: entered allmulticast mode [ 2983.635533][T14177] usb 4-1: USB disconnect, device number 33 [ 2983.664660][T21361] ip6gretap0: left allmulticast mode [ 2983.691177][T21361] ip6gretap0: left promiscuous mode [ 2983.756089][T21362] fido_id[21362]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.3/usb4/report_descriptor': No such file or directory [ 2984.280931][T21375] macsec2: entered promiscuous mode [ 2984.293167][T21375] team0: entered promiscuous mode [ 2984.309477][T21375] team_slave_0: entered promiscuous mode [ 2984.322001][T21375] team_slave_1: entered promiscuous mode [ 2984.331437][T21375] macsec2: entered allmulticast mode [ 2985.580677][T21397] A link change request failed with some changes committed already. Interface bridge_slave_1 may have been left with an inconsistent configuration, please check. [ 2985.904591][T21403] netlink: 72 bytes leftover after parsing attributes in process `syz.5.14129'. [ 2986.630855][T21417] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14133'. [ 2987.685252][T22913] Bluetooth: hci5: command 0x0c1a tx timeout [ 2988.137762][T21437] vhci_hcd vhci_hcd.0: pdev(4) rhport(0) sockfd(5) [ 2988.144347][T21437] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 2988.153857][T21437] vhci_hcd vhci_hcd.0: Device attached [ 2988.171449][T21437] netdevsim netdevsim4: Direct firmware load for nel/fscaps failed with error -2 [ 2988.180953][T21437] netdevsim netdevsim4: Falling back to sysfs fallback for: nel/fscaps [ 2988.283061][T21435] syz.1.14139 (21435): drop_caches: 2 [ 2988.333574][T21438] vhci_hcd: connection closed [ 2988.377995][T21435] syz.1.14139 (21435): drop_caches: 2 [ 2988.427517][ T6813] vhci_hcd: stop threads [ 2988.433273][ T6813] vhci_hcd: release socket [ 2988.498462][ T6813] vhci_hcd: disconnect device [ 2988.555238][T14222] usb 41-1: new low-speed USB device number 31 using vhci_hcd [ 2988.562852][T14222] usb 41-1: enqueue for inactive port 0 [ 2988.668992][T14222] vhci_hcd: vhci_device speed not set [ 2990.941230][T21478] team_slave_0: entered promiscuous mode [ 2990.947537][T21478] team_slave_1: entered promiscuous mode [ 2990.973975][T21478] macsec3: entered promiscuous mode [ 2990.988671][T21478] team0: entered promiscuous mode [ 2991.002639][T21478] macsec3: entered allmulticast mode [ 2991.018905][T21478] team0: entered allmulticast mode [ 2991.034246][T21478] team_slave_0: entered allmulticast mode [ 2991.049342][T21478] team_slave_1: entered allmulticast mode [ 2991.385272][T14177] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 2991.555240][T14177] usb 5-1: Using ep0 maxpacket: 8 [ 2991.575914][T14177] usb 5-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 2991.597488][T14177] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 2991.625238][T14177] usb 5-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 2991.656255][T14177] usb 5-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 2991.674599][T14177] usb 5-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 2991.708420][T14177] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 2991.935792][T14177] usb 5-1: usb_control_msg returned -71 [ 2991.957872][T14177] usbtmc 5-1:16.0: can't read capabilities [ 2992.002396][T14177] usb 5-1: USB disconnect, device number 72 [ 2993.341607][T21512] kvm: pic: single mode not supported [ 2993.341944][T21512] kvm: pic: single mode not supported [ 2994.711084][T21539] netlink: 44 bytes leftover after parsing attributes in process `syz.4.14173'. [ 2994.729400][T21536] netlink: 44 bytes leftover after parsing attributes in process `syz.4.14173'. [ 2994.738580][T14222] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 2994.900653][T14222] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 2994.935221][T14222] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 2994.943804][T14222] usb 4-1: Product: syz [ 2994.975050][T14222] usb 4-1: Manufacturer: syz [ 2994.980946][T14222] usb 4-1: SerialNumber: syz [ 2995.006530][T14222] usb 4-1: config 0 descriptor?? [ 2995.039317][T14222] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 2995.619506][T21555] kvm: pic: single mode not supported [ 2995.619820][T21555] kvm: pic: single mode not supported [ 2995.972175][T21566] netlink: 4 bytes leftover after parsing attributes in process `syz.1.14184'. [ 2996.468981][T14222] gspca_sunplus: reg_w_riv err -71 [ 2996.496542][T14222] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 2996.530011][T14222] usb 4-1: USB disconnect, device number 34 [ 2997.969016][T21603] netlink: 4 bytes leftover after parsing attributes in process `syz.0.14197'. [ 2998.136420][T21609] netlink: 4 bytes leftover after parsing attributes in process `syz.4.14199'. [ 2998.177301][T21612] netlink: 28 bytes leftover after parsing attributes in process `syz.5.14201'. [ 2998.208769][T21612] netlink: 16 bytes leftover after parsing attributes in process `syz.5.14201'. [ 2998.889523][T21633] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000035: 0000 [#1] SMP KASAN PTI [ 2998.901551][T21633] KASAN: null-ptr-deref in range [0x00000000000001a8-0x00000000000001af] [ 2998.909961][T21633] CPU: 1 UID: 0 PID: 21633 Comm: syz.1.14210 Not tainted 6.16.0-rc5-syzkaller #0 PREEMPT(full) [ 2998.920418][T21633] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 05/07/2025 [ 2998.930482][T21633] RIP: 0010:htb_qlen_notify+0x31/0xc0 [ 2998.935871][T21633] Code: 41 56 41 55 41 54 53 49 89 f6 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 4d 4b 3e f8 49 8d 9e a8 01 00 00 49 89 dd 49 c1 ed 03 <43> 0f b6 44 25 00 84 c0 75 4d 8b 2b 31 ff 89 ee e8 6a 4f 3e f8 85 [ 2998.955485][T21633] RSP: 0018:ffffc9000dc270b0 EFLAGS: 00010206 [ 2998.961561][T21633] RAX: ffffffff8981dab3 RBX: 00000000000001a8 RCX: 0000000000080000 [ 2998.969533][T21633] RDX: ffffc9000ea1c000 RSI: 000000000000032e RDI: 000000000000032f [ 2998.977520][T21633] RBP: dffffc0000000000 R08: ffff88801c799e00 R09: 0000000000000002 [ 2998.985504][T21633] R10: 00000000ffffffff R11: ffffffff8981da90 R12: dffffc0000000000 [ 2998.993481][T21633] R13: 0000000000000035 R14: 0000000000000000 R15: ffff88807c9f8000 [ 2999.001451][T21633] FS: 0000000000000000(0000) GS:ffff888125d1d000(0063) knlGS:00000000f50f6b40 [ 2999.010385][T21633] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 2999.016972][T21633] CR2: 0000000080000240 CR3: 000000007794c000 CR4: 00000000003526f0 [ 2999.024945][T21633] Call Trace: [ 2999.028224][T21633] [ 2999.031152][T21633] qdisc_tree_reduce_backlog+0x29c/0x480 [ 2999.036801][T21633] ? qdisc_tree_reduce_backlog+0x3c/0x480 [ 2999.042539][T21633] codel_change+0x859/0xae0 [ 2999.047045][T21633] ? is_dynamic_key+0xd6/0x1c0 [ 2999.051803][T21633] ? qdisc_alloc+0x789/0xaa0 [ 2999.056394][T21633] ? qdisc_create+0x12c/0xea0 [ 2999.061074][T21633] ? rtnetlink_rcv_msg+0x779/0xb70 [ 2999.066185][T21633] ? netlink_rcv_skb+0x208/0x470 [ 2999.071139][T21633] ? netlink_unicast+0x75b/0x8d0 [ 2999.076168][T21633] ? netlink_sendmsg+0x805/0xb30 [ 2999.081109][T21633] ? __sock_sendmsg+0x21c/0x270 [ 2999.085969][T21633] ? ____sys_sendmsg+0x505/0x830 [ 2999.090909][T21633] ? ___sys_sendmsg+0x21f/0x2a0 [ 2999.095762][T21633] ? __sys_sendmsg+0x164/0x220 [ 2999.100530][T21633] ? __pfx_codel_change+0x10/0x10 [ 2999.105559][T21633] codel_init+0x1f7/0x3e0 [ 2999.109893][T21633] ? __pfx_codel_init+0x10/0x10 [ 2999.114743][T21633] qdisc_create+0x7ac/0xea0 [ 2999.119249][T21633] tc_modify_qdisc+0x1426/0x2010 [ 2999.124189][T21633] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 2999.129483][T21633] ? __pfx_tc_modify_qdisc+0x10/0x10 [ 2999.134764][T21633] rtnetlink_rcv_msg+0x779/0xb70 [ 2999.139706][T21633] ? rtnetlink_rcv_msg+0x1ab/0xb70 [ 2999.144813][T21633] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2999.150289][T21633] ? ref_tracker_free+0x63a/0x7d0 [ 2999.155321][T21633] ? __copy_skb_header+0xa7/0x550 [ 2999.160350][T21633] ? __pfx_ref_tracker_free+0x10/0x10 [ 2999.165740][T21633] netlink_rcv_skb+0x208/0x470 [ 2999.170505][T21633] ? __pfx_rtnetlink_rcv_msg+0x10/0x10 [ 2999.175976][T21633] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 2999.181267][T21633] ? netlink_deliver_tap+0x2e/0x1b0 [ 2999.186462][T21633] ? netlink_deliver_tap+0x2e/0x1b0 [ 2999.191659][T21633] netlink_unicast+0x75b/0x8d0 [ 2999.196428][T21633] netlink_sendmsg+0x805/0xb30 [ 2999.201207][T21633] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2999.206496][T21633] ? __import_iovec+0x5d4/0x7f0 [ 2999.211346][T21633] ? aa_sock_msg_perm+0x94/0x160 [ 2999.216357][T21633] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 2999.221680][T21633] ? __pfx_netlink_sendmsg+0x10/0x10 [ 2999.226989][T21633] __sock_sendmsg+0x21c/0x270 [ 2999.231679][T21633] ____sys_sendmsg+0x505/0x830 [ 2999.236450][T21633] ? __pfx_____sys_sendmsg+0x10/0x10 [ 2999.241737][T21633] ? __pfx_futex_wake_mark+0x10/0x10 [ 2999.247035][T21633] ___sys_sendmsg+0x21f/0x2a0 [ 2999.251712][T21633] ? __pfx____sys_sendmsg+0x10/0x10 [ 2999.256923][T21633] ? __fget_files+0x2a/0x420 [ 2999.261518][T21633] ? __fget_files+0x3a0/0x420 [ 2999.266198][T21633] __sys_sendmsg+0x164/0x220 [ 2999.270791][T21633] ? __pfx___sys_sendmsg+0x10/0x10 [ 2999.275909][T21633] ? rcu_is_watching+0x15/0xb0 [ 2999.280672][T21633] ? syscall_enter_from_user_mode_prepare+0x7f/0xe0 [ 2999.287267][T21633] ? lockdep_hardirqs_on+0x9c/0x150 [ 2999.292496][T21633] __do_fast_syscall_32+0xb6/0x2b0 [ 2999.297605][T21633] ? lockdep_hardirqs_on+0x9c/0x150 [ 2999.302807][T21633] do_fast_syscall_32+0x34/0x80 [ 2999.307652][T21633] entry_SYSENTER_compat_after_hwframe+0x84/0x8e [ 2999.313981][T21633] RIP: 0023:0xf7fd8539 [ 2999.318046][T21633] Code: 03 74 b4 01 10 07 03 74 b0 01 10 08 03 74 d8 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 51 52 55 89 e5 0f 34 cd 80 <5d> 5a 59 c3 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 [ 2999.337650][T21633] RSP: 002b:00000000f50f655c EFLAGS: 00000206 ORIG_RAX: 0000000000000172 [ 2999.346064][T21633] RAX: ffffffffffffffda RBX: 0000000000000003 RCX: 0000000080000280 [ 2999.354029][T21633] RDX: 0000000000004000 RSI: 0000000000000000 RDI: 0000000000000000 [ 2999.361995][T21633] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 2999.369966][T21633] R10: 0000000000000000 R11: 0000000000000206 R12: 0000000000000000 [ 2999.377942][T21633] R13: 0000000000000000 R14: 0000000000000000 R15: 0000000000000000 [ 2999.385914][T21633] [ 2999.388935][T21633] Modules linked in: [ 2999.392919][ C1] vkms_vblank_simulate: vblank timer overrun [ 2999.398989][T21633] ---[ end trace 0000000000000000 ]--- [ 2999.404481][T21633] RIP: 0010:htb_qlen_notify+0x31/0xc0 [ 2999.409920][T21633] Code: 41 56 41 55 41 54 53 49 89 f6 49 89 ff 49 bc 00 00 00 00 00 fc ff df e8 4d 4b 3e f8 49 8d 9e a8 01 00 00 49 89 dd 49 c1 ed 03 <43> 0f b6 44 25 00 84 c0 75 4d 8b 2b 31 ff 89 ee e8 6a 4f 3e f8 85 [ 2999.429606][T21633] RSP: 0018:ffffc9000dc270b0 EFLAGS: 00010206 [ 2999.435754][T21633] RAX: ffffffff8981dab3 RBX: 00000000000001a8 RCX: 0000000000080000 [ 2999.443745][T21633] RDX: ffffc9000ea1c000 RSI: 000000000000032e RDI: 000000000000032f [ 2999.451797][T21633] RBP: dffffc0000000000 R08: ffff88801c799e00 R09: 0000000000000002 [ 2999.459848][T21633] R10: 00000000ffffffff R11: ffffffff8981da90 R12: dffffc0000000000 [ 2999.467885][T21633] R13: 0000000000000035 R14: 0000000000000000 R15: ffff88807c9f8000 [ 2999.475936][T21633] FS: 0000000000000000(0000) GS:ffff888125d1d000(0063) knlGS:00000000f50f6b40 [ 2999.484897][T21633] CS: 0010 DS: 002b ES: 002b CR0: 0000000080050033 [ 2999.491519][T21633] CR2: 0000000080000240 CR3: 000000007794c000 CR4: 00000000003526f0 [ 2999.499552][T21633] Kernel panic - not syncing: Fatal exception in interrupt [ 2999.507009][T21633] Kernel Offset: disabled [ 2999.511326][T21633] Rebooting in 86400 seconds..