last executing test programs: 3.829270312s ago: executing program 1 (id=1985): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_CREATE_ACCESS(r0, 0x3ba0, &(0x7f0000000340)={0x48, 0x5, r1, 0x0, 0xffffffffffffffff, 0x1}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x7, r2, 0x0, 0x10000, 0x0, 0x8, 0x1ab980, 0x1000000}) 3.039170898s ago: executing program 2 (id=1994): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_CAP_X86_GUEST_MODE(r1, 0x4068aea3, 0x0) ioctl$KVM_CAP_SPLIT_IRQCHIP(r1, 0x4068aea3, &(0x7f0000000080)) ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_GSI_ROUTING(r1, 0x4008ae6a, &(0x7f0000000200)=ANY=[@ANYBLOB="0100000000000000b50b000004000000000000000000000002"]) 2.996622391s ago: executing program 1 (id=1995): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x243, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000000c0)="8689d46205a34100bf2bbe11a5ce7839edaf02afe39ef7ffffff9c4f8cf31440006769ebdf12cfacae8e8c03f5db079da7d9", 0x32, 0x40000, 0x0, 0x0) sendmsg$IPCTNL_MSG_TIMEOUT_DELETE(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x10}, 0x80) ioctl$KVM_CREATE_IRQCHIP(r1, 0xae60) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000200)={0x0, 0x1, 0xf000, 0x2000, &(0x7f0000f9a000/0x2000)=nil}) r3 = dup(r2) ioctl$KVM_SET_VCPU_EVENTS(r3, 0x4400ae8f, &(0x7f0000000000)=@x86={0x7f, 0x4, 0x19, 0x0, 0x9, 0x0, 0x8b, 0xc, 0x4, 0xd, 0x3, 0x34, 0x0, 0x100, 0x19a, 0x4, 0x67, 0x59, 0x4c, '\x00', 0x5, 0x1341}) ioctl$KVM_SET_VAPIC_ADDR(r3, 0x4008ae93, &(0x7f00000002c0)=0x10000) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.74298701s ago: executing program 2 (id=1997): r0 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000100), 0x2, 0x0) writev(r0, &(0x7f00000000c0)=[{&(0x7f0000000080), 0xfffffebe}], 0x1) 2.557736067s ago: executing program 1 (id=1999): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0x25dfdbfd, {0x0, 0x0, 0x0, r3, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x1, 0xf}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x5, 0x7}, {}, {0xa, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x30, 0x1}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 2.557606473s ago: executing program 2 (id=2000): prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x6, &(0x7f0000006680)) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2000003, 0x4008032, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) quotactl$Q_GETFMT(0xffffffff80000400, 0x0, 0x0, 0x0) 2.411879838s ago: executing program 0 (id=2002): write$6lowpan_enable(0xffffffffffffffff, &(0x7f0000000000)='0', 0xfffffd2c) setsockopt$inet_int(0xffffffffffffffff, 0x0, 0xf, 0x0, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f00000004c0), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_PIT(r1, 0x8048ae66, &(0x7f0000000040)={[{0xc, 0x3, 0x4, 0xc, 0x7, 0x2, 0x0, 0x3, 0xfe, 0x5, 0x5, 0x80, 0x5}, {0x6, 0x9, 0x3, 0xd, 0xb5, 0x40, 0x2, 0xc, 0xfe, 0x41, 0x6, 0x18, 0xa}, {0x9, 0x8, 0x3, 0xc, 0x2, 0x78, 0x3, 0x9, 0x2, 0x5, 0x8, 0x54, 0x18bf}], 0xd9}) ioctl$KVM_RUN(r2, 0xae80, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, 0xffffffffffffffff, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000140)=[@text32={0x20, &(0x7f0000000500)="b8010000000f01c10f22a10f20e035800000000f22e066ba610066b80a0066ef66b832000f00d0b8010000000f01c166ba4300b0beee0f793c1e2e643e2e3e650f79288fc878c15b0e3f", 0x4a}], 0x1, 0x21, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 2.298361604s ago: executing program 1 (id=2003): r0 = syz_usb_connect$hid(0x3, 0x36, &(0x7f0000000400)=ANY=[@ANYBLOB="1201000000000040c50f80b000000000000109022400010000000009040000010300000009210000000122030009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io(r0, &(0x7f0000000740)={0x2c, &(0x7f0000000000)={0x40, 0x2, 0x4, {0x4, 0x0, "34d0"}}, 0x0, 0x0, 0x0, 0x0}, 0x0) 2.16589493s ago: executing program 4 (id=2004): pipe(&(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) fanotify_init(0x200, 0x0) writev(r0, &(0x7f00000003c0)=[{&(0x7f0000000140)="ad02ce8f6769", 0x6}], 0x1) 2.04752478s ago: executing program 4 (id=2006): r0 = socket$inet6(0xa, 0x2, 0x0) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000140)={0x0, {{0xa, 0x0, 0x0, @mcast1}}}, 0x88) setsockopt$inet6_MCAST_JOIN_GROUP(r0, 0x29, 0x2a, &(0x7f0000000040)={0x7, {{0xa, 0x4e24, 0x2, @mcast1, 0x1}}}, 0x88) bind$inet6(r0, &(0x7f0000000000)={0xa, 0xe22, 0x0, @empty}, 0x7d) syz_emit_ethernet(0x42, &(0x7f0000000380)={@link_local, @broadcast, @void, {@ipv6={0x86dd, @udp={0x0, 0x6, "010700", 0xc, 0x11, 0x0, @private1, @mcast2, {[], {0x0, 0xe22, 0xc, 0x0, @gue={{0x1, 0x0, 0x0, 0x0, 0x0, @void}}}}}}}}, 0x0) sendto$inet6(0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0) 2.001877075s ago: executing program 0 (id=2007): r0 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000080)={'wlan1\x00', 0x0}) r2 = syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r0) sendmsg$NL80211_CMD_JOIN_IBSS(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000580)={&(0x7f0000000740)={0x34, r2, 0x101, 0x0, 0x0, {{}, {@val={0x8, 0x3, r1}, @void}}, [@NL80211_ATTR_PRIVACY={0x4}, @NL80211_ATTR_SSID={0x5, 0x34, @random="c6"}, @chandef_params=[@NL80211_ATTR_WIPHY_FREQ={0x8}], @NL80211_ATTR_KEYS={0x4}]}, 0x34}, 0x1, 0x0, 0x0, 0x4010}, 0x0) 1.885022868s ago: executing program 4 (id=2008): r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000b00)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0x7, &(0x7f0000000540)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b702000003000000850000008600000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x30, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) 1.80180412s ago: executing program 0 (id=2009): r0 = socket$inet6_udp(0xa, 0x2, 0x0) setsockopt$inet6_udp_int(r0, 0x11, 0xb, &(0x7f0000000600)=0x21, 0x4) 1.663917205s ago: executing program 4 (id=2011): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000000)={0xffffffffffffffff, 0xffffffffffffffff}) sendmmsg$unix(r0, &(0x7f00000bd000), 0x492492492492846, 0x0) 1.606698911s ago: executing program 0 (id=2012): r0 = syz_open_dev$loop(&(0x7f0000000100), 0x2, 0x0) ioctl$LOOP_CONFIGURE(r0, 0x1268, &(0x7f00000002c0)={0xffffffffffffffff, 0x0, {0x2a00, 0x80010000, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x1c, "fee8a2ab78fc979fd1e00d96072000001ea89de2b7fb0000e60080b8785d96000100", "2809e8dbe108598948224ad54afac11d875397bdb22d0000b420a1a93c5240f45f819e01177d3d458dd4992861ac00", "90be8b1c551265406c7f306003d8a0f4bd00"}}) 1.477635963s ago: executing program 2 (id=2013): prlimit64(0x0, 0xe, 0x0, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) close(r0) socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r0, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty}, 0x1c) listen(r0, 0x9) r1 = socket$inet_mptcp(0x2, 0x1, 0x106) connect$inet(r1, &(0x7f0000000000)={0x2, 0x4e22, @local}, 0x10) sendto$inet(r1, &(0x7f0000000040)="a6", 0xffffff4c, 0x0, 0x0, 0x0) r2 = socket$nl_generic(0x10, 0x3, 0x10) r3 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000740), r2) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r2, &(0x7f0000000a80)={0x0, 0x0, &(0x7f0000000a40)={&(0x7f0000000980)=ANY=[@ANYBLOB="84000000", @ANYRES16=r3, @ANYBLOB="010000020c00fbdbdf25010000000800020000000000050005000000000008000300010000004800018005000200200000000600010002000000080006000a000000080003"], 0x84}}, 0x0) r4 = ioctl$LOOP_CTL_ADD(0xffffffffffffffff, 0x4c80, 0xb) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, 0x0, 0x0) setuid(0xee01) setgroups(0x0, 0x0) getgroups(0x0, 0x0) setregid(0x0, 0x0) msgctl$MSG_STAT(0x0, 0xb, &(0x7f0000000000)=""/51) ioctl$LOOP_CTL_REMOVE(0xffffffffffffffff, 0x4c81, r4) clock_adjtime(0xffffffd3, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000040)=0x1) setrlimit(0xb, &(0x7f0000000080)={0x0, 0x7}) 1.450180756s ago: executing program 0 (id=2015): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x5, 0x7}, {}, {0xa, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x30, 0x1}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 1.20367723s ago: executing program 0 (id=2017): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)={{0x12, 0x1, 0x0, 0xcf, 0x8b, 0xed, 0x20, 0xfd9, 0x25, 0x2940, 0x0, 0x0, 0x0, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x0, 0x0, 0x0, 0x0, [{{0x9, 0x4, 0x0, 0x0, 0x0, 0xca, 0xfb, 0x1a}}]}}]}}, 0x0) r1 = syz_open_dev$sg(&(0x7f0000000000), 0x0, 0x0) ioctl$SG_IO(r1, 0x2285, &(0x7f00000005c0)={0x53, 0xfffffffe, 0x6, 0x0, @scatter={0x18, 0xcc, &(0x7f00000006c0)=[{&(0x7f0000000380)=""/204, 0xcc}, {0x0}]}, &(0x7f0000000240)="008d7acda0b2", 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r0, 0x0, &(0x7f0000000440)={0x24, &(0x7f0000000000)={0x20, 0x16, 0x1, "ce"}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, 0x0) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000080), 0x80341) modify_ldt$write(0x1, &(0x7f00000000c0), 0x10) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) ioctl$int_in(r2, 0x5452, &(0x7f0000000c40)=0xe) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(0xffffffffffffffff, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000500)=[@in={0x2, 0x0, @private=0xa010102}]}, 0x0) r3 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x20, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r3], 0x0, 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x9, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe8c, @void, @value}, 0x94) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x18, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, @void, @value}, 0x94) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000f40)={0x0, r4}, 0x18) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000000)={'veth1_to_bridge\x00', 0x0}) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000001140)={&(0x7f0000000140)=ANY=[@ANYBLOB="440000001000030500"/20, @ANYRES32=0x0, @ANYBLOB="0000000000000000140012800c0001006d61637674617000", @ANYRES32=r7, @ANYBLOB="080003"], 0x44}}, 0x0) r8 = syz_open_dev$evdev(&(0x7f0000000000), 0x3, 0x822b01) write$char_usb(r8, &(0x7f0000000040)="e2", 0x918) prctl$PR_SET_SECCOMP(0x16, 0x2, &(0x7f0000000180)={0x1, &(0x7f0000000040)=[{0x200000000006, 0x0, 0x0, 0x7ffc0002}]}) io_setup(0x5, &(0x7f0000000740)=0x0) io_pgetevents(r9, 0x1, 0x1, &(0x7f0000000000)=[{}], &(0x7f0000000040)={0x0, 0x3938700}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x14, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$printer(0xffffffffffffffff, &(0x7f0000000140)={0x14, &(0x7f0000000280)={0x0, 0x30, 0x8a, {0x8a, 0x23, "d6c73ba393a5408cd62efbbd99bdc0ee122a546208be920f50573583629fd2e4d18034ff1ad46c37b087f11e373cbe59b6a66b50a365cfb369fd76632afb3c0a71e990b88189911109090c501e434a2204595877dbeb74617e3031b02d765a7cd8b5d80943b1881b93e330edf7e808568999a3d85e3c536e5ba5be55e36dc985995a60a0da8f645a"}}, &(0x7f0000000100)={0x0, 0x3, 0x4, @lang_id={0x4, 0x3, 0x448}}}, 0x0) 817.821344ms ago: executing program 3 (id=2021): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r0, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000044c0)={&(0x7f0000000180)={0x64, 0x2, 0x6, 0x801, 0x0, 0x0, {0x0, 0x0, 0xfffc}, [@IPSET_ATTR_DATA={0x14, 0x7, 0x0, 0x1, [@IPSET_ATTR_CADT_FLAGS={0x8, 0x11, 0x1, 0x0, 0x100}, @IPSET_ATTR_BUCKETSIZE={0x5, 0x15, 0x5}]}, @IPSET_ATTR_PROTOCOL={0x5, 0x1, 0x6}, @IPSET_ATTR_FAMILY={0x5, 0x5, 0xa}, @IPSET_ATTR_REVISION={0x5}, @IPSET_ATTR_TYPENAME={0x15, 0x3, 'hash:ip,port,net\x00'}, @IPSET_ATTR_SETNAME={0x9, 0x2, 'syz2\x00'}]}, 0x64}, 0x1, 0x0, 0x0, 0x21}, 0x0) 798.335267ms ago: executing program 3 (id=2022): r0 = socket$inet6_udp(0xa, 0x2, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f0000000380)={'wlan1\x00', 0x0}) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000000), r1) sendmsg$NL80211_CMD_DEL_KEY(r1, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000700)={0x28, r3, 0x1, 0x70bd2d, 0x25dfdbfe, {{}, {@val={0x8, 0x3, r2}, @void}}, [@NL80211_ATTR_KEY={0xc, 0x50, 0x0, 0x1, [@NL80211_KEY_TYPE={0x8, 0x7, 0x700}]}]}, 0x28}, 0x1, 0x0, 0x0, 0x4480}, 0x4800) 732.324349ms ago: executing program 3 (id=2023): add_key$user(&(0x7f0000000000), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xffffffffffffffff) add_key$keyring(&(0x7f0000000540), &(0x7f0000000180)={'syz', 0x2}, 0x0, 0x0, 0xffffffffffffffff) creat(0x0, 0xe5) bpf$PROG_LOAD(0x5, 0x0, 0x0) getpid() r0 = bpf$MAP_CREATE(0x0, 0x0, 0x48) bpf$PROG_LOAD_XDP(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000440)=ANY=[@ANYRES32=r0], 0x0, 0x0, 0x0, 0x0, 0x0, 0xf, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, 0x0, 0x0) bpf$BPF_LINK_CREATE_XDP(0x1c, 0x0, 0x0) bpf$MAP_CREATE(0x0, &(0x7f00000008c0)=ANY=[@ANYBLOB="1e000000000000000400"], 0x48) socket$inet_smc(0x2b, 0x1, 0x0) fchdir(0xffffffffffffffff) bpf$BPF_RAW_TRACEPOINT_OPEN(0x11, &(0x7f0000000540)={&(0x7f0000000080)='sched_switch\x00'}, 0x10) r1 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000440)=@newqdisc={0x54, 0x10, 0x1, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, {0xffe0}, {0xf}, {0xe, 0xd}}, [@TCA_RATE={0x6, 0x5, {0x9, 0x1}}, @TCA_STAB={0x28, 0x8, 0x0, 0x1, [{{0x1c, 0x1a, {0x0, 0x0, 0x491, 0x0, 0x0, 0x0, 0x8, 0x2}}, {0x8, 0x1b, [0x0, 0x0]}}]}]}, 0x54}, 0x1, 0x0, 0x0, 0x80}, 0x4000c00) 639.180264ms ago: executing program 4 (id=2024): sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, 0x0, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) munmap(&(0x7f0000001000/0x4000)=nil, 0x4000) r0 = fsopen(&(0x7f0000000340)='cgroup2\x00', 0x1) fsconfig$FSCONFIG_CMD_CREATE(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x84) fchdir(r1) r2 = openat$dir(0xffffffffffffff9c, &(0x7f0000000000)='.\x00', 0x20000, 0x0) getdents64(r2, &(0x7f0000000f80)=""/4096, 0x1000) 489.814509ms ago: executing program 4 (id=2025): bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000180)={0x18, 0x5, 0x0, &(0x7f0000000080)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, 0x2, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x0, @void, @value}, 0x94) r0 = open(&(0x7f00000005c0)='./bus\x00', 0x64842, 0x0) pwritev2(r0, &(0x7f0000000240)=[{&(0x7f0000000000)="85", 0x76200}], 0x1, 0x7c00, 0x0, 0x3) r1 = openat$sysfs(0xffffffffffffff9c, &(0x7f00000002c0)='/sys/power/resume', 0x143a82, 0x0) r2 = dup(r1) r3 = open(&(0x7f0000000040)='./bus\x00', 0x40542, 0x100) sendfile(r2, r3, 0x0, 0x8000fffffffe) 484.854772ms ago: executing program 3 (id=2026): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r0, 0x29, 0x8, &(0x7f0000000040)=0xf2b, 0x4) getsockopt$inet6_buf(r0, 0x29, 0x6, 0xfffffffffffffffd, &(0x7f0000000080)) 422.638022ms ago: executing program 2 (id=2027): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000003c0)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000480)=@newtfilter={0x44, 0x2c, 0xd27, 0x70bd28, 0x8000, {0x0, 0x0, 0x0, r3, {0x5, 0x7}, {}, {0xa, 0x2}}, [@filter_kind_options=@f_flower={{0xb}, {0x14, 0x2, [@TCA_FLOWER_KEY_ENC_OPTS={0x10, 0x54, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPTS_ERSPAN={0xc, 0x3, 0x0, 0x1, [@TCA_FLOWER_KEY_ENC_OPT_ERSPAN_VER={0x5, 0x30, 0x1}]}]}]}}]}, 0x44}, 0x1, 0x0, 0x0, 0x22044028}, 0x0) 321.83929ms ago: executing program 1 (id=2028): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket(0x400000000010, 0x3, 0x0) r2 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f00000005c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2d, 0xffffffff, {0x0, 0x0, 0x0, r3, {0x0, 0xb}, {0xffff, 0xffff}, {0x1, 0xffff}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8, 0x2, {0x28}}}]}, 0x38}}, 0x0) r4 = socket(0x400000000010, 0x3, 0x0) r5 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000900)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x34, 0x2c, 0xd27, 0x70bd28, 0x0, {0x0, 0x0, 0x0, r6, {0xf000, 0xffff}, {}, {0x7}}, [@filter_kind_options=@f_route={{0xa}, {0x4}}]}, 0x34}, 0x1, 0x0, 0x0, 0x80}, 0x20000800) close(r0) 286.513185ms ago: executing program 3 (id=2029): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$IOMMU_IOAS_ALLOC(r0, 0x3b81, &(0x7f0000000040)={0xc, 0x0, 0x0}) ioctl$IOMMU_IOAS_MAP$PAGES(r0, 0x3b85, &(0x7f00000000c0)={0x28, 0x7, r1, 0x0, &(0x7f0000800000/0x800000)=nil, 0x800000}) ioctl$IOMMU_TEST_OP_ACCESS_PAGES$syz(r0, 0x3ba0, &(0x7f00000001c0)={0x48, 0x7, 0xffffffffffffffff, 0x0, 0x10000, 0x0, 0x8, 0x1ab980, 0x1000000}) 161.098577ms ago: executing program 2 (id=2030): ioprio_set$pid(0x2, 0x0, 0x0) sendfile(0xffffffffffffffff, 0xffffffffffffffff, 0x0, 0x80000000) syz_usbip_server_init(0x1) 5.84067ms ago: executing program 1 (id=2031): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f0000000180)=ANY=[@ANYBLOB="1a01000000000040de28421100000000000109022400010000000009040000010300000009210000000122050009058103"], 0x0) syz_usb_control_io$hid(r0, 0x0, 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000580)={0x24, 0x0, 0x0, &(0x7f00000005c0)=ANY=[@ANYBLOB="002205000000b3"], 0x0}, 0x0) 0s ago: executing program 3 (id=2032): r0 = syz_open_dev$video(&(0x7f0000000000), 0x75, 0x0) r1 = openat$nullb(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) mmap(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x4000001, 0x13, r1, 0x0) ioctl$VIDIOC_ENUM_FRAMEINTERVALS(r0, 0xc034564b, &(0x7f0000000040)={0x40, 0x32315659, 0x780, 0x438, 0x3, @stepwise={{0x6, 0xf7}, {0x3, 0x10001}, {0xdbc6, 0xe34}}}) kernel console output (not intermixed with test programs): 369.882746][T12827] ksys_write+0x18f/0x2b0 [ 369.882767][T12827] ? __pfx_ksys_write+0x10/0x10 [ 369.882787][T12827] ? arch_syscall_is_vdso_sigreturn+0x125/0x1a0 [ 369.882816][T12827] ? syscall_user_dispatch+0x4e/0x90 [ 369.882839][T12827] do_syscall_64+0xf3/0x230 [ 369.882865][T12827] ? clear_bhb_loop+0x35/0x90 [ 369.882895][T12827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 369.882920][T12827] RIP: 0033:0x7f7edff8bc1f [ 369.882937][T12827] Code: 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 f9 92 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 b8 01 00 00 00 0f 05 <48> 3d 00 f0 ff ff 77 31 44 89 c7 48 89 44 24 08 e8 4c 93 02 00 48 [ 369.882954][T12827] RSP: 002b:00007f7ee0e0f000 EFLAGS: 00000293 ORIG_RAX: 0000000000000001 [ 369.882975][T12827] RAX: ffffffffffffffda RBX: 00007f7ee01a5fa0 RCX: 00007f7edff8bc1f [ 369.882989][T12827] RDX: 0000000000000036 RSI: 00002000000006c0 RDI: 00000000000000c8 [ 369.883002][T12827] RBP: 00007f7ee0e0f090 R08: 0000000000000000 R09: 0000000000000000 [ 369.883015][T12827] R10: 0000000000000036 R11: 0000000000000293 R12: 0000000000000001 [ 369.883026][T12827] R13: 0000000000000000 R14: 00007f7ee01a5fa0 R15: 00007f7ee02cfa28 [ 369.883051][T12827] [ 370.213034][ T5889] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 370.255801][ T5889] usb 2-1: device descriptor read/8, error -71 [ 370.373046][ T5889] usb usb2-port1: unable to enumerate USB device [ 370.418725][T12838] FAULT_INJECTION: forcing a failure. [ 370.418725][T12838] name failslab, interval 1, probability 0, space 0, times 0 [ 370.431443][T12838] CPU: 0 UID: 0 PID: 12838 Comm: syz.0.1517 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 370.431470][T12838] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 370.431484][T12838] Call Trace: [ 370.431492][T12838] [ 370.431502][T12838] dump_stack_lvl+0x241/0x360 [ 370.431543][T12838] ? __pfx_dump_stack_lvl+0x10/0x10 [ 370.431566][T12838] ? __pfx__printk+0x10/0x10 [ 370.431607][T12838] ? __pfx_lock_acquire+0x10/0x10 [ 370.431650][T12838] should_fail_ex+0x40a/0x550 [ 370.431680][T12838] should_failslab+0xac/0x100 [ 370.431706][T12838] ? skb_clone+0x20c/0x390 [ 370.431723][T12838] kmem_cache_alloc_noprof+0x70/0x380 [ 370.431752][T12838] skb_clone+0x20c/0x390 [ 370.431772][T12838] packet_rcv+0x633/0x14b0 [ 370.431806][T12838] ? __pfx_packet_rcv+0x10/0x10 [ 370.431833][T12838] dev_queue_xmit_nit+0x6b4/0xca0 [ 370.431860][T12838] ? dev_queue_xmit_nit+0x2b/0xca0 [ 370.431894][T12838] dev_hard_start_xmit+0x15f/0x7d0 [ 370.431923][T12838] ? __pfx_validate_xmit_skb+0x10/0x10 [ 370.431963][T12838] __dev_queue_xmit+0x1b73/0x3f50 [ 370.431992][T12838] ? kasan_save_track+0x51/0x80 [ 370.432018][T12838] ? ____sys_sendmsg+0x524/0x860 [ 370.432051][T12838] ? __dev_queue_xmit+0x2f4/0x3f50 [ 370.432085][T12838] ? __pfx___dev_queue_xmit+0x10/0x10 [ 370.432138][T12838] ? __copy_skb_header+0xa7/0x5a0 [ 370.432169][T12838] ? __asan_memcpy+0x40/0x70 [ 370.432207][T12838] ? skb_clone+0x240/0x390 [ 370.432229][T12838] __netlink_deliver_tap+0x561/0x7f0 [ 370.432260][T12838] ? netlink_deliver_tap+0x2e/0x1b0 [ 370.432279][T12838] netlink_deliver_tap+0x19d/0x1b0 [ 370.432299][T12838] netlink_unicast+0x7c4/0x990 [ 370.432337][T12838] ? __pfx_netlink_unicast+0x10/0x10 [ 370.432363][T12838] ? __virt_addr_valid+0x45f/0x530 [ 370.432395][T12838] ? __phys_addr_symbol+0x2f/0x70 [ 370.432423][T12838] ? __check_object_size+0x475/0x720 [ 370.432454][T12838] netlink_sendmsg+0x8b3/0xca0 [ 370.432486][T12838] ? __pfx_netlink_sendmsg+0x10/0x10 [ 370.432512][T12838] ? aa_sock_msg_perm+0x91/0x160 [ 370.432543][T12838] ? __pfx_netlink_sendmsg+0x10/0x10 [ 370.432562][T12838] __sock_sendmsg+0x221/0x270 [ 370.432588][T12838] ____sys_sendmsg+0x524/0x860 [ 370.432625][T12838] ? __pfx_____sys_sendmsg+0x10/0x10 [ 370.432653][T12838] ? __fget_files+0x2a/0x420 [ 370.432684][T12838] ? __fget_files+0x2a/0x420 [ 370.432721][T12838] __sys_sendmsg+0x269/0x350 [ 370.432756][T12838] ? __pfx___sys_sendmsg+0x10/0x10 [ 370.432792][T12839] netlink: 28 bytes leftover after parsing attributes in process `syz.3.1518'. [ 370.432797][T12838] ? do_sys_openat2+0x155/0x1c0 [ 370.432847][T12838] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 370.432880][T12838] ? do_syscall_64+0x100/0x230 [ 370.432913][T12838] ? do_syscall_64+0xb6/0x230 [ 370.432945][T12838] do_syscall_64+0xf3/0x230 [ 370.432973][T12838] ? clear_bhb_loop+0x35/0x90 [ 370.433005][T12838] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.433033][T12838] RIP: 0033:0x7f7edff8d169 [ 370.433053][T12838] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.433070][T12838] RSP: 002b:00007f7ee0e0f038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 370.433094][T12838] RAX: ffffffffffffffda RBX: 00007f7ee01a5fa0 RCX: 00007f7edff8d169 [ 370.433116][T12838] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000008 [ 370.433130][T12838] RBP: 00007f7ee0e0f090 R08: 0000000000000000 R09: 0000000000000000 [ 370.433143][T12838] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 370.433156][T12838] R13: 0000000000000000 R14: 00007f7ee01a5fa0 R15: 00007f7ee02cfa28 [ 370.433187][T12838] [ 370.790191][T12839] netlink: 32 bytes leftover after parsing attributes in process `syz.3.1518'. [ 370.941113][T12843] FAULT_INJECTION: forcing a failure. [ 370.941113][T12843] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 370.960960][T12843] CPU: 0 UID: 0 PID: 12843 Comm: syz.4.1519 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 370.960990][T12843] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 370.961004][T12843] Call Trace: [ 370.961012][T12843] [ 370.961022][T12843] dump_stack_lvl+0x241/0x360 [ 370.961053][T12843] ? __pfx_dump_stack_lvl+0x10/0x10 [ 370.961076][T12843] ? __pfx__printk+0x10/0x10 [ 370.961112][T12843] ? __pfx_lock_release+0x10/0x10 [ 370.961153][T12843] should_fail_ex+0x40a/0x550 [ 370.961187][T12843] _copy_from_iter+0x1df/0x1c40 [ 370.961221][T12843] ? __virt_addr_valid+0x183/0x530 [ 370.961255][T12843] ? __pfx_lock_release+0x10/0x10 [ 370.961296][T12843] ? __pfx__copy_from_iter+0x10/0x10 [ 370.961331][T12843] ? __virt_addr_valid+0x183/0x530 [ 370.961364][T12843] ? __virt_addr_valid+0x183/0x530 [ 370.961395][T12843] ? __virt_addr_valid+0x45f/0x530 [ 370.961430][T12843] ? __check_object_size+0x475/0x720 [ 370.961463][T12843] qrtr_tun_write_iter+0xed/0x180 [ 370.961501][T12843] vfs_write+0xacf/0xd10 [ 370.961527][T12843] ? __pfx_qrtr_tun_write_iter+0x10/0x10 [ 370.961562][T12843] ? __pfx_vfs_write+0x10/0x10 [ 370.961582][T12843] ? do_sys_openat2+0x155/0x1c0 [ 370.961616][T12843] ? __fget_files+0x2a/0x420 [ 370.961649][T12843] ? __fget_files+0x2a/0x420 [ 370.961688][T12843] ksys_write+0x18f/0x2b0 [ 370.961713][T12843] ? __pfx_ksys_write+0x10/0x10 [ 370.961735][T12843] ? do_syscall_64+0x100/0x230 [ 370.961765][T12843] ? do_syscall_64+0xb6/0x230 [ 370.961796][T12843] do_syscall_64+0xf3/0x230 [ 370.961823][T12843] ? clear_bhb_loop+0x35/0x90 [ 370.961856][T12843] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 370.961885][T12843] RIP: 0033:0x7f8d0358d169 [ 370.961918][T12843] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 370.961937][T12843] RSP: 002b:00007f8d0437c038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 370.961960][T12843] RAX: ffffffffffffffda RBX: 00007f8d037a5fa0 RCX: 00007f8d0358d169 [ 370.961976][T12843] RDX: 00000000000000c8 RSI: 0000200000000000 RDI: 0000000000000007 [ 370.961990][T12843] RBP: 00007f8d0437c090 R08: 0000000000000000 R09: 0000000000000000 [ 370.962004][T12843] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 370.962017][T12843] R13: 0000000000000000 R14: 00007f8d037a5fa0 R15: 00007f8d038cfa28 [ 370.962048][T12843] [ 370.963696][T12843] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 371.265276][ T5890] usb 4-1: new high-speed USB device number 77 using dummy_hcd [ 371.418716][ T5890] usb 4-1: New USB device found, idVendor=055f, idProduct=c420, bcdDevice=6a.33 [ 371.424493][ T5891] ums-usbat 3-1:0.230: probe with driver ums-usbat failed with error -5 [ 371.429226][ T5890] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.457685][ T5890] usb 4-1: config 0 descriptor?? [ 371.473785][ T5891] usb 3-1: USB disconnect, device number 55 [ 371.482609][ T5890] gspca_main: sunplus-2.14.0 probing 055f:c420 [ 371.635481][ T47] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 371.677328][T12845] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 371.694481][T12845] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 371.706221][ T5890] gspca_sunplus: reg_w_riv err -71 [ 371.725073][ T5890] sunplus 4-1:0.0: probe with driver sunplus failed with error -71 [ 371.754636][ T5890] usb 4-1: USB disconnect, device number 77 [ 371.788580][ T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 371.820672][ T47] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 371.831598][ T47] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 371.873185][ T47] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 371.889694][ T47] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 371.910026][ T47] usb 2-1: config 0 descriptor?? [ 372.039103][ T5889] usb 5-1: new high-speed USB device number 60 using dummy_hcd [ 372.124489][T12872] netlink: 4 bytes leftover after parsing attributes in process `syz.2.1530'. [ 372.217692][ T5889] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 372.253125][ T5889] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 372.273633][ T5889] usb 5-1: New USB device found, idVendor=08b7, idProduct=0000, bcdDevice= 0.00 [ 372.292305][ T5889] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=3 [ 372.317517][ T5889] usb 5-1: SerialNumber: syz [ 372.339591][ T47] plantronics 0003:047F:FFFF.0023: unknown main item tag 0xd [ 372.347238][ T47] plantronics 0003:047F:FFFF.0023: unknown main item tag 0x0 [ 372.354672][ T47] plantronics 0003:047F:FFFF.0023: unknown main item tag 0x0 [ 372.381587][T12876] set match dimension is over the limit! [ 372.538188][ T47] plantronics 0003:047F:FFFF.0023: No inputs registered, leaving [ 372.578723][ T47] plantronics 0003:047F:FFFF.0023: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 372.861011][ T874] usb 1-1: new high-speed USB device number 52 using dummy_hcd [ 373.015377][ T5891] usb 3-1: new high-speed USB device number 56 using dummy_hcd [ 373.025541][ T874] usb 1-1: Using ep0 maxpacket: 16 [ 373.039508][ T874] usb 1-1: config 0 has an invalid interface number: 41 but max is 0 [ 373.050976][ T874] usb 1-1: config 0 has no interface number 0 [ 373.061260][ T874] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x4 has invalid maxpacket 16 [ 373.081357][ T874] usb 1-1: config 0 interface 41 altsetting 2 bulk endpoint 0x82 has invalid maxpacket 64 [ 373.095015][ T874] usb 1-1: config 0 interface 41 has no altsetting 0 [ 373.105603][ T5914] usb 4-1: new high-speed USB device number 78 using dummy_hcd [ 373.124497][ T874] usb 1-1: New USB device found, idVendor=0fe6, idProduct=9700, bcdDevice=d1.9a [ 373.140070][ T874] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.149920][ T874] usb 1-1: Product: syz [ 373.154169][ T874] usb 1-1: Manufacturer: syz [ 373.164787][ T874] usb 1-1: SerialNumber: syz [ 373.179581][ T5891] usb 3-1: config 0 has an invalid interface number: 217 but max is 0 [ 373.196221][ T5891] usb 3-1: config 0 has no interface number 0 [ 373.204644][ T874] usb 1-1: config 0 descriptor?? [ 373.205246][ T5891] usb 3-1: New USB device found, idVendor=2304, idProduct=023e, bcdDevice=d7.69 [ 373.220096][T12880] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 373.228527][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 373.237415][ T5891] usb 3-1: Product: syz [ 373.241890][ T5891] usb 3-1: Manufacturer: syz [ 373.246989][T12880] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 373.246996][ T5891] usb 3-1: SerialNumber: syz [ 373.261211][ T5891] usb 3-1: config 0 descriptor?? [ 373.272174][ T5891] hub 3-1:0.217: bad descriptor, ignoring hub [ 373.280915][ T5914] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 373.293371][ T5891] hub 3-1:0.217: probe with driver hub failed with error -5 [ 373.301271][ T5914] usb 4-1: config 27 interface 0 altsetting 0 bulk endpoint 0xB has invalid maxpacket 47 [ 373.316056][ T5914] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 373.351726][ T5914] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 373.381449][T12886] raw-gadget.4 gadget.3: fail, usb_ep_enable returned -22 [ 373.398810][ T5914] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 373.472270][ T5891] dvb-usb: found a 'Pinnacle PCTV Hybrid Stick Solo' in warm state. [ 373.518702][ T5891] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 373.539588][ T5891] dvbdev: DVB: registering new adapter (Pinnacle PCTV Hybrid Stick Solo) [ 373.550305][ T5891] usb 3-1: media controller created [ 373.582153][ T5891] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 373.882510][ T5891] DVB: Unable to find symbol dib7000p_attach() [ 373.902647][ T5891] dvb-usb: no frontend was attached by 'Pinnacle PCTV Hybrid Stick Solo' [ 374.055282][ T5891] rc_core: IR keymap rc-dib0700-rc5 not found [ 374.070966][ T874] dm9601 1-1:0.41: probe with driver dm9601 failed with error -71 [ 374.093240][ T874] sr9700 1-1:0.41: probe with driver sr9700 failed with error -71 [ 374.128931][ T874] usb 1-1: USB disconnect, device number 52 [ 374.150805][ T5891] Registered IR keymap rc-empty [ 374.188357][ T5891] dvb-usb: could not initialize remote control. [ 374.244783][ T5891] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully initialized and connected. [ 374.269012][T12893] input: syz0 as /devices/virtual/input/input40 [ 374.483628][ T874] usb 3-1: USB disconnect, device number 56 [ 374.483688][ T5914] usb 2-1: USB disconnect, device number 64 [ 374.903735][ T874] dvb-usb: Pinnacle PCTV Hybrid Stick Solo successfully deinitialized and disconnected. [ 375.180834][ T5889] usb 5-1: 0:2 : does not exist [ 375.186065][ T5889] usb 5-1: unit 5: unexpected type 0x0b [ 375.207437][ T5889] usb 5-1: USB disconnect, device number 60 [ 375.446376][ T5918] udevd[5918]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card4/controlC4/../uevent} for writing: No such file or directory [ 375.644613][T12906] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1542'. [ 376.590540][ T47] usb 4-1: USB disconnect, device number 78 [ 376.967604][T12946] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1552'. [ 376.981989][T12946] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1552'. [ 377.108424][T12950] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1555'. [ 377.125816][ T47] usb 4-1: new high-speed USB device number 79 using dummy_hcd [ 377.338525][ T47] usb 4-1: Using ep0 maxpacket: 16 [ 377.365958][ T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 377.394763][ T47] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 377.411827][ T47] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 377.516354][ T47] usb 4-1: New USB device found, idVendor=056a, idProduct=0325, bcdDevice= 0.00 [ 377.544646][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 377.576805][ T47] usb 4-1: config 0 descriptor?? [ 377.693769][T12958] bridge0: port 3(vlan2) entered blocking state [ 377.797737][T12958] bridge0: port 3(vlan2) entered disabled state [ 377.808903][ T47] usbhid 4-1:0.0: can't add hid device: -71 [ 377.816926][ T47] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 377.843569][T12958] vlan2: entered allmulticast mode [ 377.882337][ T47] usb 4-1: USB disconnect, device number 79 [ 377.888780][T12958] bridge0: entered allmulticast mode [ 377.933947][T12958] vlan2: left allmulticast mode [ 377.961078][T12958] bridge0: left allmulticast mode [ 377.985387][ T874] usb 3-1: new high-speed USB device number 57 using dummy_hcd [ 378.145277][ T874] usb 3-1: Using ep0 maxpacket: 32 [ 378.175200][ T5890] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 378.219729][ T874] usb 3-1: New USB device found, idVendor=05a9, idProduct=1550, bcdDevice=e4.bb [ 378.228974][ T874] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 378.241814][ T874] usb 3-1: Product: syz [ 378.246247][ T874] usb 3-1: Manufacturer: syz [ 378.250947][ T874] usb 3-1: SerialNumber: syz [ 378.386082][ T874] usb 3-1: config 0 descriptor?? [ 378.415630][ T5890] usb 1-1: Using ep0 maxpacket: 16 [ 378.424642][ T5890] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 378.438923][ T874] gspca_main: ov534_9-2.14.0 probing 05a9:1550 [ 378.476614][ T5890] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 378.489400][T12966] sg_write: process 848 (syz.4.1561) changed security contexts after opening file descriptor, this is not allowed. [ 378.532388][ T5890] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 378.544791][T12970] FAULT_INJECTION: forcing a failure. [ 378.544791][T12970] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 378.573645][T12970] CPU: 0 UID: 0 PID: 12970 Comm: syz.1.1563 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 378.573677][T12970] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 378.573691][T12970] Call Trace: [ 378.573699][T12970] [ 378.573708][T12970] dump_stack_lvl+0x241/0x360 [ 378.573739][T12970] ? __pfx_dump_stack_lvl+0x10/0x10 [ 378.573764][T12970] ? __pfx__printk+0x10/0x10 [ 378.573799][T12970] ? __pfx_lock_release+0x10/0x10 [ 378.573838][T12970] should_fail_ex+0x40a/0x550 [ 378.573870][T12970] _copy_from_iter+0x1df/0x1c40 [ 378.573901][T12970] ? __virt_addr_valid+0x183/0x530 [ 378.573936][T12970] ? __pfx_lock_release+0x10/0x10 [ 378.573972][T12970] ? __alloc_skb+0x28f/0x440 [ 378.574002][T12970] ? __pfx__copy_from_iter+0x10/0x10 [ 378.574027][T12970] ? __virt_addr_valid+0x183/0x530 [ 378.574053][T12970] ? __virt_addr_valid+0x183/0x530 [ 378.574085][T12970] ? __virt_addr_valid+0x45f/0x530 [ 378.574117][T12970] ? __phys_addr_symbol+0x2f/0x70 [ 378.574147][T12970] ? __check_object_size+0x475/0x720 [ 378.574181][T12970] netlink_sendmsg+0x721/0xca0 [ 378.574209][T12970] ? __pfx_netlink_sendmsg+0x10/0x10 [ 378.574236][T12970] ? aa_sock_msg_perm+0x91/0x160 [ 378.574270][T12970] ? __pfx_netlink_sendmsg+0x10/0x10 [ 378.574289][T12970] __sock_sendmsg+0x221/0x270 [ 378.574316][T12970] ____sys_sendmsg+0x524/0x860 [ 378.574357][T12970] ? __pfx_____sys_sendmsg+0x10/0x10 [ 378.574386][T12970] ? __fget_files+0x2a/0x420 [ 378.574417][T12970] ? __fget_files+0x2a/0x420 [ 378.574449][T12970] __sys_sendmsg+0x269/0x350 [ 378.574480][T12970] ? __pfx___sys_sendmsg+0x10/0x10 [ 378.574507][T12970] ? do_sys_openat2+0x155/0x1c0 [ 378.574558][T12970] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 378.574597][T12970] ? do_syscall_64+0x100/0x230 [ 378.574622][T12970] ? do_syscall_64+0xb6/0x230 [ 378.574640][T12970] do_syscall_64+0xf3/0x230 [ 378.574657][T12970] ? clear_bhb_loop+0x35/0x90 [ 378.574685][T12970] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 378.574710][T12970] RIP: 0033:0x7f7f6738d169 [ 378.574726][T12970] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 378.574741][T12970] RSP: 002b:00007f7f68215038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 378.574760][T12970] RAX: ffffffffffffffda RBX: 00007f7f675a5fa0 RCX: 00007f7f6738d169 [ 378.574772][T12970] RDX: 0000000000000000 RSI: 0000200000000480 RDI: 0000000000000003 [ 378.574781][T12970] RBP: 00007f7f68215090 R08: 0000000000000000 R09: 0000000000000000 [ 378.574789][T12970] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 378.574797][T12970] R13: 0000000000000000 R14: 00007f7f675a5fa0 R15: 00007f7f676cfa28 [ 378.574814][T12970] [ 378.866334][T12968] nft_compat: unsupported protocol 0 [ 378.893418][ T5890] usb 1-1: New USB device found, idVendor=1e7d, idProduct=2e22, bcdDevice= 0.00 [ 379.123507][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 379.134756][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 379.181522][ T5890] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 379.202241][ T5890] usb 1-1: config 0 descriptor?? [ 379.350202][T12961] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 379.399026][T12961] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 379.735417][ T874] gspca_ov534_9: reg_w failed -110 [ 379.830680][ T5890] usbhid 1-1:0.0: can't add hid device: -71 [ 379.837169][ T5890] usbhid 1-1:0.0: probe with driver usbhid failed with error -71 [ 379.871082][ T5890] usb 1-1: USB disconnect, device number 53 [ 380.025420][ T874] gspca_ov534_9: Unknown sensor 0000 [ 380.025509][ T874] ov534_9 3-1:0.0: probe with driver ov534_9 failed with error -22 [ 380.319229][T12990] QAT: Invalid ioctl 1075883590 [ 380.324726][T12990] QAT: Invalid ioctl 1075883590 [ 380.329988][T12990] QAT: Invalid ioctl 1075883590 [ 380.334949][T12990] QAT: Invalid ioctl 1075883590 [ 380.341330][T12990] QAT: Invalid ioctl 1075883590 [ 380.346579][T12990] QAT: Invalid ioctl 1075883590 [ 380.351566][T12990] QAT: Invalid ioctl 1075883590 [ 380.356725][T12990] QAT: Invalid ioctl 1075883590 [ 380.361826][T12990] QAT: Invalid ioctl 1075883590 [ 380.372164][T12990] QAT: Invalid ioctl 1075883590 [ 380.614446][ T5893] usb 3-1: USB disconnect, device number 57 [ 380.805661][ T5891] usb 1-1: new full-speed USB device number 54 using dummy_hcd [ 381.005634][ T5889] usb 2-1: new high-speed USB device number 65 using dummy_hcd [ 381.017004][ T5891] usb 1-1: unable to get BOS descriptor or descriptor too short [ 381.050358][ T5891] usb 1-1: not running at top speed; connect to a high speed hub [ 381.081854][ T5891] usb 1-1: config 19 has an invalid interface number: 15 but max is 0 [ 381.095094][ T5891] usb 1-1: config 19 has no interface number 0 [ 381.101535][ T5891] usb 1-1: config 19 interface 15 altsetting 3 endpoint 0x7 has an invalid bInterval 0, changing to 4 [ 381.121505][ T5891] usb 1-1: config 19 interface 15 altsetting 3 endpoint 0x7 has invalid wMaxPacketSize 0 [ 381.133479][ T5891] usb 1-1: config 19 interface 15 altsetting 3 endpoint 0x3 has invalid wMaxPacketSize 0 [ 381.151072][ T5891] usb 1-1: config 19 interface 15 has no altsetting 0 [ 381.176455][ T5891] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a4, bcdDevice=c9.e6 [ 381.958448][ T5889] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 381.975561][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 381.985380][ T5889] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 381.995278][ T5891] usb 1-1: Product: syz [ 381.999600][ T5891] usb 1-1: Manufacturer: syz [ 382.004248][ T5891] usb 1-1: SerialNumber: syz [ 382.009083][ T5889] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 21 [ 382.035241][ T5889] usb 2-1: New USB device found, idVendor=047f, idProduct=ffff, bcdDevice= 0.00 [ 382.044397][ T5889] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 382.056087][ T5889] usb 2-1: config 0 descriptor?? [ 382.239377][ T5891] usbtest 1-1:19.15: couldn't get endpoints, -22 [ 382.247276][ T5891] usbtest 1-1:19.15: probe with driver usbtest failed with error -22 [ 382.260578][ T5891] usb 1-1: USB disconnect, device number 54 [ 382.473153][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.482696][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.565211][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.580760][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.628539][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.636353][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.655548][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.705397][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.720969][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.741318][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.759419][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.775224][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.797777][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.842872][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.873057][ T5889] plantronics 0003:047F:FFFF.0024: unknown main item tag 0x0 [ 382.899763][ T5889] plantronics 0003:047F:FFFF.0024: No inputs registered, leaving [ 382.926439][ T5889] plantronics 0003:047F:FFFF.0024: hiddev0,hidraw0: USB HID v0.40 Device [HID 047f:ffff] on usb-dummy_hcd.1-1/input0 [ 383.089231][T13031] FAULT_INJECTION: forcing a failure. [ 383.089231][T13031] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 383.130289][T13031] CPU: 0 UID: 0 PID: 13031 Comm: syz.1.1578 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 383.130319][T13031] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 383.130334][T13031] Call Trace: [ 383.130342][T13031] [ 383.130351][T13031] dump_stack_lvl+0x241/0x360 [ 383.130407][T13031] ? __pfx_dump_stack_lvl+0x10/0x10 [ 383.130430][T13031] ? __pfx__printk+0x10/0x10 [ 383.130471][T13031] ? snprintf+0xda/0x120 [ 383.130497][T13031] should_fail_ex+0x40a/0x550 [ 383.130530][T13031] _copy_to_user+0x31/0xb0 [ 383.130557][T13031] simple_read_from_buffer+0xdc/0x170 [ 383.130590][T13031] proc_fail_nth_read+0x1e9/0x250 [ 383.130626][T13031] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 383.130662][T13031] ? rw_verify_area+0x243/0x630 [ 383.130684][T13031] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 383.130718][T13031] vfs_read+0x1f8/0xb40 [ 383.130742][T13031] ? fdget_pos+0x247/0x310 [ 383.130774][T13031] ? __pfx___mutex_lock+0x10/0x10 [ 383.130812][T13031] ? __pfx_vfs_read+0x10/0x10 [ 383.130838][T13031] ? __fget_files+0x2a/0x420 [ 383.130870][T13031] ? __fget_files+0x39d/0x420 [ 383.130898][T13031] ? __fget_files+0x2a/0x420 [ 383.130939][T13031] ksys_read+0x18f/0x2b0 [ 383.130963][T13031] ? __pfx_ksys_read+0x10/0x10 [ 383.130987][T13031] ? do_syscall_64+0x100/0x230 [ 383.131019][T13031] ? do_syscall_64+0xb6/0x230 [ 383.131052][T13031] do_syscall_64+0xf3/0x230 [ 383.131081][T13031] ? clear_bhb_loop+0x35/0x90 [ 383.131115][T13031] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 383.131145][T13031] RIP: 0033:0x7f7f6738bb7c [ 383.131165][T13031] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 383.131184][T13031] RSP: 002b:00007f7f681f4030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 383.131208][T13031] RAX: ffffffffffffffda RBX: 00007f7f675a6080 RCX: 00007f7f6738bb7c [ 383.131225][T13031] RDX: 000000000000000f RSI: 00007f7f681f40a0 RDI: 0000000000000005 [ 383.131238][T13031] RBP: 00007f7f681f4090 R08: 0000000000000000 R09: 0000000000000000 [ 383.131252][T13031] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 383.131269][T13031] R13: 0000000000000000 R14: 00007f7f675a6080 R15: 00007f7f676cfa28 [ 383.131301][T13031] [ 383.454908][ T5889] usb 2-1: USB disconnect, device number 65 [ 386.231891][T13064] netlink: 8 bytes leftover after parsing attributes in process `syz.0.1598'. [ 387.331087][T13065] netdevsim netdevsim0 netdevsim0: entered promiscuous mode [ 387.405456][T13065] netdevsim netdevsim0 netdevsim0: entered allmulticast mode [ 387.451618][T13065] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 387.927060][T13077] x_tables: duplicate underflow at hook 3 [ 388.101965][T13082] netlink: 56 bytes leftover after parsing attributes in process `syz.0.1602'. [ 389.145384][ T5893] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 389.286653][ T5889] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 389.295432][ T5893] usb 1-1: Using ep0 maxpacket: 16 [ 389.308412][ T5893] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 389.318398][ T5893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 389.332028][ T5893] usb 1-1: Product: syz [ 389.343832][ T5893] usb 1-1: Manufacturer: syz [ 389.389355][ T5893] usb 1-1: SerialNumber: syz [ 389.411731][ T5893] usb 1-1: config 0 descriptor?? [ 389.421133][ T5893] visor 1-1:0.0: Sony Clie 3.5 converter detected [ 389.546230][ T5889] usb 5-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 389.574253][ T5889] usb 5-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 389.603708][ T5889] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 389.614359][ T5889] usb 5-1: SerialNumber: syz [ 389.643129][ T5889] usb 5-1: bad CDC descriptors [ 389.651595][ T5893] usb 1-1: clie_3_5_startup: get config number failed: -71 [ 389.659130][ T874] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 389.709379][ T5893] visor 1-1:0.0: probe with driver visor failed with error -71 [ 389.749747][ T5893] usb 1-1: USB disconnect, device number 55 [ 389.826274][ T874] usb 2-1: device descriptor read/64, error -71 [ 390.065319][ T874] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 390.149197][ T5893] usb 5-1: USB disconnect, device number 61 [ 390.215292][ T874] usb 2-1: device descriptor read/64, error -71 [ 390.375825][ T874] usb usb2-port1: attempt power cycle [ 390.735529][ T874] usb 2-1: new high-speed USB device number 68 using dummy_hcd [ 390.769318][ T874] usb 2-1: device descriptor read/8, error -71 [ 391.005292][ T5889] usb 4-1: new high-speed USB device number 80 using dummy_hcd [ 391.025287][ T874] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 391.076040][ T874] usb 2-1: device descriptor read/8, error -71 [ 391.175340][ T5889] usb 4-1: Using ep0 maxpacket: 8 [ 391.186132][ T5889] usb 4-1: New USB device found, idVendor=10d2, idProduct=2865, bcdDevice=a4.c9 [ 391.196747][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 391.220025][ T874] usb usb2-port1: unable to enumerate USB device [ 391.227823][ T5889] usb 4-1: config 0 descriptor?? [ 391.240817][ T5889] usblcd 4-1:0.0: USBLCD model not supported. [ 391.454745][T13113] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 391.475682][T13113] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 391.575515][ T47] usb 4-1: USB disconnect, device number 80 [ 392.508328][T13128] netlink: 4 bytes leftover after parsing attributes in process `syz.3.1616'. [ 393.555335][ T874] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 393.725352][ T874] usb 2-1: Using ep0 maxpacket: 16 [ 393.815248][ T5889] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 393.965693][ T874] usb 2-1: config 3 has an invalid interface number: 156 but max is 0 [ 393.996947][ T5889] usb 1-1: config 48 has an invalid descriptor of length 0, skipping remainder of the config [ 394.015353][ T874] usb 2-1: config 3 has no interface number 0 [ 394.021615][ T874] usb 2-1: config 3 interface 156 has no altsetting 0 [ 394.053698][ T5889] usb 1-1: config 48 interface 0 altsetting 98 bulk endpoint 0x4 has invalid maxpacket 1024 [ 394.064537][ T5889] usb 1-1: config 48 interface 0 altsetting 98 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 394.083458][ T5889] usb 1-1: config 48 interface 0 has no altsetting 0 [ 394.093328][ T5889] usb 1-1: New USB device found, idVendor=1784, idProduct=0006, bcdDevice=bb.2f [ 394.103015][ T874] usb 2-1: New USB device found, idVendor=05e3, idProduct=0502, bcdDevice=f1.d8 [ 394.103616][ T5889] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.140288][ T874] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 394.145394][ T5889] usb 1-1: Product: syz [ 394.175161][ T5889] usb 1-1: Manufacturer: syz [ 394.178994][ T874] usb 2-1: Product: syz [ 394.179791][ T5889] usb 1-1: SerialNumber: syz [ 394.183943][ T874] usb 2-1: Manufacturer: syz [ 394.183965][ T874] usb 2-1: SerialNumber: syz [ 394.317508][T13146] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 394.433279][T13155] openvswitch: netlink: Key 6 has unexpected len 291 expected 2 [ 394.575895][ T5889] usb 1-1: USB disconnect, device number 56 [ 394.896617][ T5891] usb 3-1: new high-speed USB device number 58 using dummy_hcd [ 395.088696][ T5891] usb 3-1: config index 0 descriptor too short (expected 12336, got 77) [ 395.117638][ T5891] usb 3-1: config 48 has too many interfaces: 48, using maximum allowed: 32 [ 395.189133][ T5891] usb 3-1: config 48 has an invalid descriptor of length 0, skipping remainder of the config [ 395.280886][ T5891] usb 3-1: config 48 has 0 interfaces, different from the descriptor's value: 48 [ 395.327989][ T5891] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 395.351463][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 395.377244][ T5891] usb 3-1: Product: syz [ 395.582709][ T5891] usb 3-1: Manufacturer: syz [ 395.608608][ T5891] usb 3-1: SerialNumber: syz [ 396.025681][T13158] Option ' ' to dns_resolver key: bad/missing value [ 396.379362][ T874] gl620a 2-1:3.156: probe with driver gl620a failed with error -22 [ 396.432733][ T874] usb 2-1: USB disconnect, device number 70 [ 397.225389][ T874] usb 4-1: new high-speed USB device number 81 using dummy_hcd [ 397.249613][T13203] use of bytesused == 0 is deprecated and will be removed in the future, [ 397.264214][T13203] use the actual size instead. [ 397.406040][ T874] usb 4-1: device descriptor read/64, error -71 [ 397.735285][ T874] usb 4-1: new high-speed USB device number 82 using dummy_hcd [ 397.895356][ T874] usb 4-1: device descriptor read/64, error -71 [ 398.014478][ T874] usb usb4-port1: attempt power cycle [ 398.034550][ T5891] usb 3-1: USB disconnect, device number 58 [ 398.381403][ T874] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 398.416896][ T30] kauditd_printk_skb: 9 callbacks suppressed [ 398.416916][ T30] audit: type=1326 audit(1742896822.101:2219): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13223 comm="syz.4.1649" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d0358d169 code=0x0 [ 398.458393][ T874] usb 4-1: device descriptor read/8, error -71 [ 398.695338][ T874] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 398.716345][ T874] usb 4-1: device descriptor read/8, error -71 [ 398.825390][ T874] usb usb4-port1: unable to enumerate USB device [ 398.915351][ T47] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 399.067882][ T47] usb 1-1: Using ep0 maxpacket: 8 [ 399.083106][ T47] usb 1-1: unable to get BOS descriptor or descriptor too short [ 399.103875][ T47] usb 1-1: config 9 has an invalid interface number: 121 but max is 1 [ 399.113714][ T47] usb 1-1: config 9 has an invalid interface number: 93 but max is 1 [ 399.130210][ T47] usb 1-1: config 9 has no interface number 0 [ 399.142508][ T47] usb 1-1: config 9 has no interface number 1 [ 399.154307][ T47] usb 1-1: config 9 interface 121 has no altsetting 0 [ 399.170648][ T47] usb 1-1: config 9 interface 93 has no altsetting 0 [ 399.192229][ T47] usb 1-1: New USB device found, idVendor=0499, idProduct=1018, bcdDevice=35.13 [ 399.219058][ T47] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 399.245052][ T47] usb 1-1: Product: syz [ 399.254173][ T47] usb 1-1: Manufacturer: syz [ 399.276519][ T47] usb 1-1: SerialNumber: syz [ 399.574147][ T47] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 399.592311][ T47] snd-usb-audio 1-1:9.121: probe with driver snd-usb-audio failed with error -2 [ 399.623770][ T47] usb 1-1: Found UVC 0.00 device syz (0499:1018) [ 399.636412][ T47] usb 1-1: No valid video chain found. [ 399.669773][ T47] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 399.714262][ T47] snd-usb-audio 1-1:9.93: probe with driver snd-usb-audio failed with error -2 [ 399.740296][ T47] usb 1-1: USB disconnect, device number 57 [ 399.818620][T13242] input: syz0 as /devices/virtual/input/input41 [ 399.916657][ T5918] udevd[5918]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:9.93/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 400.303134][T13257] FAULT_INJECTION: forcing a failure. [ 400.303134][T13257] name failslab, interval 1, probability 0, space 0, times 0 [ 400.332273][T13257] CPU: 1 UID: 0 PID: 13257 Comm: syz.4.1660 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 400.332305][T13257] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 400.332320][T13257] Call Trace: [ 400.332328][T13257] [ 400.332338][T13257] dump_stack_lvl+0x241/0x360 [ 400.332377][T13257] ? __pfx_dump_stack_lvl+0x10/0x10 [ 400.332400][T13257] ? __pfx__printk+0x10/0x10 [ 400.332447][T13257] should_fail_ex+0x40a/0x550 [ 400.332480][T13257] should_failslab+0xac/0x100 [ 400.332522][T13257] __kmalloc_cache_noprof+0x70/0x390 [ 400.332550][T13257] ? sctp_add_bind_addr+0x89/0x3a0 [ 400.332583][T13257] sctp_add_bind_addr+0x89/0x3a0 [ 400.332615][T13257] sctp_copy_local_addr_list+0x311/0x500 [ 400.332647][T13257] ? sctp_copy_local_addr_list+0xab/0x500 [ 400.332675][T13257] ? __pfx_sctp_copy_local_addr_list+0x10/0x10 [ 400.332707][T13257] ? sctp_v6_is_any+0x60/0x70 [ 400.332738][T13257] ? sctp_copy_one_addr+0x94/0x360 [ 400.332770][T13257] sctp_bind_addr_copy+0xad/0x3b0 [ 400.332798][T13257] ? sctp_assoc_set_bind_addr_from_ep+0x75/0x190 [ 400.332838][T13257] sctp_connect_new_asoc+0x2f3/0x6c0 [ 400.332861][T13257] ? __pfx_sctp_connect_new_asoc+0x10/0x10 [ 400.332887][T13257] ? sctp_get_af_specific+0x2a/0x80 [ 400.332929][T13257] ? sctp_endpoint_lookup_assoc+0xc9/0x250 [ 400.332967][T13257] __sctp_connect+0x66d/0xe30 [ 400.332997][T13257] ? __local_bh_enable_ip+0x168/0x200 [ 400.333021][T13257] ? __pfx___sctp_connect+0x10/0x10 [ 400.333039][T13257] ? sctp_inet_connect+0xa7/0x1f0 [ 400.333068][T13257] ? __pfx___local_bh_enable_ip+0x10/0x10 [ 400.333091][T13257] ? do_raw_spin_unlock+0x13c/0x8b0 [ 400.333128][T13257] sctp_inet_connect+0x149/0x1f0 [ 400.333160][T13257] __sys_connect+0x288/0x2d0 [ 400.333189][T13257] ? __fget_files+0x2a/0x420 [ 400.333217][T13257] ? __pfx___sys_connect+0x10/0x10 [ 400.333258][T13257] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 400.333295][T13257] ? do_syscall_64+0x100/0x230 [ 400.333328][T13257] __x64_sys_connect+0x7a/0x90 [ 400.333364][T13257] do_syscall_64+0xf3/0x230 [ 400.333392][T13257] ? clear_bhb_loop+0x35/0x90 [ 400.333425][T13257] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 400.333453][T13257] RIP: 0033:0x7f8d0358d169 [ 400.333472][T13257] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 400.333491][T13257] RSP: 002b:00007f8d0437c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 400.333514][T13257] RAX: ffffffffffffffda RBX: 00007f8d037a5fa0 RCX: 00007f8d0358d169 [ 400.333531][T13257] RDX: 0000000000000010 RSI: 0000200000000340 RDI: 0000000000000003 [ 400.333545][T13257] RBP: 00007f8d0437c090 R08: 0000000000000000 R09: 0000000000000000 [ 400.333558][T13257] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 400.333570][T13257] R13: 0000000000000000 R14: 00007f8d037a5fa0 R15: 00007f8d038cfa28 [ 400.333601][T13257] [ 400.338631][T13258] netlink: 'syz.0.1661': attribute type 11 has an invalid length. [ 400.837227][T13266] netlink: 'syz.0.1666': attribute type 1 has an invalid length. [ 400.915243][ T9] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 400.936742][T13266] 8021q: adding VLAN 0 to HW filter on device bond2 [ 401.005062][T13270] input: syz0 as /devices/virtual/input/input42 [ 401.016252][T13268] 8021q: adding VLAN 0 to HW filter on device bond2 [ 401.023529][T13268] bond2: (slave vxcan1): The slave device specified does not support setting the MAC address [ 401.038280][T13268] bond2: (slave vxcan1): Error -95 calling set_mac_address [ 401.065361][ T9] usb 4-1: Using ep0 maxpacket: 8 [ 401.076847][ T9] usb 4-1: config 162 has an invalid interface number: 84 but max is 2 [ 401.099385][ T9] usb 4-1: config 162 has an invalid descriptor of length 90, skipping remainder of the config [ 401.125316][ T9] usb 4-1: config 162 has 1 interface, different from the descriptor's value: 3 [ 401.155355][ T9] usb 4-1: config 162 has no interface number 0 [ 401.161734][ T9] usb 4-1: config 162 interface 84 altsetting 2 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 401.196940][ T9] usb 4-1: config 162 interface 84 has no altsetting 0 [ 401.216825][ T9] usb 4-1: New USB device found, idVendor=0e8d, idProduct=763f, bcdDevice=9b.23 [ 401.226080][ T9] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.250123][ T9] usb 4-1: Product: syz [ 401.254341][ T9] usb 4-1: Manufacturer: syz [ 401.275261][ T9] usb 4-1: SerialNumber: syz [ 401.345382][ T47] usb 2-1: new full-speed USB device number 71 using dummy_hcd [ 401.511165][ T47] usb 2-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 401.541115][ T47] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 401.571713][ T47] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 401.592143][ T47] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 401.608798][ T47] usb 2-1: Product: syz [ 401.613306][ T47] usb 2-1: Manufacturer: syz [ 401.622528][ T47] usb 2-1: SerialNumber: syz [ 401.627615][ T5890] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 401.775643][ T9] usb 4-1: USB disconnect, device number 85 [ 401.795361][ T5890] usb 1-1: Using ep0 maxpacket: 8 [ 401.828325][ T5890] usb 1-1: config 0 has no interfaces? [ 401.885823][ T5890] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 401.905301][ T5890] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 401.925501][ T5890] usb 1-1: SerialNumber: syz [ 401.956606][ T5890] usb 1-1: config 0 descriptor?? [ 402.048646][T13287] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1673'. [ 402.175040][ T874] usb 1-1: USB disconnect, device number 58 [ 402.305623][ T9] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 402.405537][T13292] usb usb8: usbfs: process 13292 (syz.2.1675) did not claim interface 7 before use [ 402.498447][ T9] usb 5-1: Using ep0 maxpacket: 16 [ 402.510670][ T9] usb 5-1: unable to get BOS descriptor or descriptor too short [ 402.526543][ T9] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 166, changing to 11 [ 402.534563][ T47] usb 2-1: skipping empty audio interface (v1) [ 402.556330][ T9] usb 5-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 402.564307][ T47] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -22 [ 402.592221][ T9] usb 5-1: New USB device found, idVendor=0eef, idProduct=0001, bcdDevice= 0.40 [ 402.600857][ T47] usb 2-1: USB disconnect, device number 71 [ 402.605162][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 402.638397][ T9] usb 5-1: Product: syz [ 402.645150][ T9] usb 5-1: Manufacturer: syz [ 402.650088][ T9] usb 5-1: SerialNumber: syz [ 402.715398][ T5891] usb 3-1: new full-speed USB device number 59 using dummy_hcd [ 402.745434][ T5889] usb 4-1: new low-speed USB device number 86 using dummy_hcd [ 402.782120][ T5918] udevd[5918]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 402.886254][ T5889] usb 4-1: device descriptor read/64, error -71 [ 402.901072][ T5891] usb 3-1: config 0 has an invalid interface number: 207 but max is 0 [ 402.917690][ T5891] usb 3-1: config 0 contains an unexpected descriptor of type 0x1, skipping [ 402.927434][ T9] usbhid 5-1:1.0: can't add hid device: -71 [ 402.933471][ T9] usbhid 5-1:1.0: probe with driver usbhid failed with error -71 [ 402.951867][ T5891] usb 3-1: config 0 has an invalid descriptor of length 128, skipping remainder of the config [ 402.968559][ T9] usb 5-1: USB disconnect, device number 62 [ 402.974957][ T5891] usb 3-1: config 0 has no interface number 0 [ 402.986863][ T5891] usb 3-1: New USB device found, idVendor=12d1, idProduct=f856, bcdDevice=46.dd [ 403.006641][ T5891] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.014740][ T5891] usb 3-1: Product: syz [ 403.026280][ T5891] usb 3-1: Manufacturer: syz [ 403.031069][ T5891] usb 3-1: SerialNumber: syz [ 403.046266][ T5891] usb 3-1: config 0 descriptor?? [ 403.056572][ T5891] qmi_wwan 3-1:0.207: skipping garbage [ 403.062718][ T5891] qmi_wwan 3-1:0.207: bogus CDC Union: master=13, slave=36 [ 403.070523][ T5891] qmi_wwan 3-1:0.207: probe with driver qmi_wwan failed with error -22 [ 403.156509][ T5889] usb 4-1: new low-speed USB device number 87 using dummy_hcd [ 403.184912][T13304] input: syz0 as /devices/virtual/input/input43 [ 403.286291][ T9] usb 3-1: USB disconnect, device number 59 [ 403.307012][ T5889] usb 4-1: device descriptor read/64, error -71 [ 403.415660][ T5889] usb usb4-port1: attempt power cycle [ 403.595334][ T5890] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 403.669898][T13314] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1684'. [ 403.705738][T13314] pimreg3: entered allmulticast mode [ 403.747397][ T5890] usb 2-1: config 1 contains an unexpected descriptor of type 0x2, skipping [ 403.758299][ T5890] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 403.765365][ T5889] usb 4-1: new low-speed USB device number 88 using dummy_hcd [ 403.769436][ T5890] usb 2-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 403.785978][ T5890] usb 2-1: config 1 has no interface number 1 [ 403.792157][ T5890] usb 2-1: config 1 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 0 [ 403.805733][ T5890] usb 2-1: config 1 interface 2 altsetting 1 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 403.821849][ T5890] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 403.845671][ T5889] usb 4-1: device descriptor read/8, error -71 [ 403.861085][ T5890] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 403.884590][ T5890] usb 2-1: Product: syz [ 403.894154][ T5890] usb 2-1: Manufacturer: syz [ 403.920760][ T5890] usb 2-1: SerialNumber: syz [ 403.995696][T13319] Cannot find del_set index 0 as target [ 404.086457][ T5889] usb 4-1: new low-speed USB device number 89 using dummy_hcd [ 404.128814][ T5889] usb 4-1: device descriptor read/8, error -71 [ 404.225475][ T5891] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 404.235565][ T5889] usb usb4-port1: unable to enumerate USB device [ 404.278938][ T5890] usb 2-1: No MIDI 2.0 at altset 1, falling back to MIDI 1.0 [ 404.291781][ T5890] usb 2-1: MIDIStreaming interface descriptor not found [ 404.333347][ T5890] usb 2-1: USB disconnect, device number 72 [ 404.405338][ T874] usb 3-1: new high-speed USB device number 60 using dummy_hcd [ 404.405470][ T5891] usb 5-1: Using ep0 maxpacket: 8 [ 404.432370][ T5891] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 404.443641][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 404.451852][ T5891] usb 5-1: Product: syz [ 404.456236][ T5891] usb 5-1: Manufacturer: syz [ 404.460851][ T5891] usb 5-1: SerialNumber: syz [ 404.473660][ T5891] usb 5-1: config 0 descriptor?? [ 404.545216][ T874] usb 3-1: device descriptor read/64, error -71 [ 404.577837][ T5851] udevd[5851]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 404.683866][ T5891] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 404.785260][ T874] usb 3-1: new high-speed USB device number 61 using dummy_hcd [ 404.915266][ T874] usb 3-1: device descriptor read/64, error -71 [ 405.026132][ T874] usb usb3-port1: attempt power cycle [ 405.365215][ T874] usb 3-1: new high-speed USB device number 62 using dummy_hcd [ 405.386234][ T874] usb 3-1: device descriptor read/8, error -71 [ 405.395421][ T5893] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 405.560928][ T5893] usb 1-1: Using ep0 maxpacket: 16 [ 405.568958][ T5893] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 405.579780][ T5893] usb 1-1: config 0 has no interfaces? [ 405.585459][ T5893] usb 1-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 405.594559][ T5893] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 405.604738][ T5893] usb 1-1: config 0 descriptor?? [ 405.625280][ T874] usb 3-1: new high-speed USB device number 63 using dummy_hcd [ 405.646242][ T874] usb 3-1: device descriptor read/8, error -71 [ 405.755732][ T874] usb usb3-port1: unable to enumerate USB device [ 405.822822][T13334] netlink: 12 bytes leftover after parsing attributes in process `syz.0.1691'. [ 405.887568][T13334] vlan2: entered promiscuous mode [ 405.892743][T13334] batadv0: entered promiscuous mode [ 405.911562][T13334] batadv0: left promiscuous mode [ 405.929393][T13317] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 405.950977][T13317] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 406.081702][ T5893] usb 1-1: string descriptor 0 read error: -71 [ 406.108098][ T5893] usb 1-1: USB disconnect, device number 59 [ 406.115767][T13337] macvlan0: entered allmulticast mode [ 406.121212][T13337] veth1_vlan: entered allmulticast mode [ 406.969421][T13354] FAULT_INJECTION: forcing a failure. [ 406.969421][T13354] name failslab, interval 1, probability 0, space 0, times 0 [ 406.982630][T13354] CPU: 0 UID: 0 PID: 13354 Comm: syz.1.1698 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 406.982663][T13354] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 406.982677][T13354] Call Trace: [ 406.982686][T13354] [ 406.982695][T13354] dump_stack_lvl+0x241/0x360 [ 406.982726][T13354] ? __pfx_dump_stack_lvl+0x10/0x10 [ 406.982749][T13354] ? __pfx__printk+0x10/0x10 [ 406.982785][T13354] ? __kvmalloc_node_noprof+0x130/0x580 [ 406.982817][T13354] ? __pfx___might_resched+0x10/0x10 [ 406.982844][T13354] ? lockdep_init_map_type+0xa1/0x910 [ 406.982879][T13354] should_fail_ex+0x40a/0x550 [ 406.982912][T13354] should_failslab+0xac/0x100 [ 406.982942][T13354] __kvmalloc_node_noprof+0x158/0x580 [ 406.982973][T13354] ? rhashtable_init_noprof+0x534/0xa60 [ 406.983005][T13354] rhashtable_init_noprof+0x534/0xa60 [ 406.983025][T13354] rhltable_init_noprof+0x1c/0x60 [ 406.983041][T13354] nf_tables_newtable+0x7e8/0x1e10 [ 406.983060][T13354] ? nfnl_pernet+0x23/0x240 [ 406.983083][T13354] ? __pfx_nf_tables_newtable+0x10/0x10 [ 406.983106][T13354] ? __nla_parse+0x40/0x60 [ 406.983131][T13354] nfnetlink_rcv+0x14e3/0x2ab0 [ 406.983172][T13354] ? __pfx_nfnetlink_rcv+0x10/0x10 [ 406.983224][T13354] ? netlink_deliver_tap+0x2e/0x1b0 [ 406.983238][T13354] ? skb_clone+0x240/0x390 [ 406.983253][T13354] ? __pfx_lock_release+0x10/0x10 [ 406.983285][T13354] ? netlink_deliver_tap+0x2e/0x1b0 [ 406.983302][T13354] netlink_unicast+0x7f6/0x990 [ 406.983330][T13354] ? __pfx_netlink_unicast+0x10/0x10 [ 406.983351][T13354] ? __virt_addr_valid+0x45f/0x530 [ 406.983376][T13354] ? __phys_addr_symbol+0x2f/0x70 [ 406.983399][T13354] ? __check_object_size+0x475/0x720 [ 406.983422][T13354] netlink_sendmsg+0x8b3/0xca0 [ 406.983445][T13354] ? __pfx_netlink_sendmsg+0x10/0x10 [ 406.983464][T13354] ? aa_sock_msg_perm+0x91/0x160 [ 406.983500][T13354] ? __pfx_netlink_sendmsg+0x10/0x10 [ 406.983513][T13354] __sock_sendmsg+0x221/0x270 [ 406.983532][T13354] ____sys_sendmsg+0x524/0x860 [ 406.983559][T13354] ? __pfx_____sys_sendmsg+0x10/0x10 [ 406.983580][T13354] ? __fget_files+0x2a/0x420 [ 406.983613][T13354] ? __fget_files+0x2a/0x420 [ 406.983637][T13354] __sys_sendmsg+0x269/0x350 [ 406.983661][T13354] ? __pfx___sys_sendmsg+0x10/0x10 [ 406.983689][T13354] ? do_sys_openat2+0x155/0x1c0 [ 406.983724][T13354] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 406.983746][T13354] ? do_syscall_64+0x100/0x230 [ 406.983768][T13354] ? do_syscall_64+0xb6/0x230 [ 406.983788][T13354] do_syscall_64+0xf3/0x230 [ 406.983806][T13354] ? clear_bhb_loop+0x35/0x90 [ 406.983827][T13354] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 406.983846][T13354] RIP: 0033:0x7f7f6738d169 [ 406.983859][T13354] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 406.983870][T13354] RSP: 002b:00007f7f68215038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 406.983886][T13354] RAX: ffffffffffffffda RBX: 00007f7f675a5fa0 RCX: 00007f7f6738d169 [ 406.983896][T13354] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 406.983905][T13354] RBP: 00007f7f68215090 R08: 0000000000000000 R09: 0000000000000000 [ 406.983925][T13354] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 406.983932][T13354] R13: 0000000000000000 R14: 00007f7f675a5fa0 R15: 00007f7f676cfa28 [ 406.983950][T13354] [ 407.005407][ T5893] usb 4-1: new full-speed USB device number 90 using dummy_hcd [ 407.373191][T13358] input: syz0 as /devices/virtual/input/input44 [ 407.377235][ T5891] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 407.411478][ T5891] usb 5-1: USB disconnect, device number 63 [ 407.496974][ T5893] usb 4-1: config 2 has an invalid interface number: 211 but max is 0 [ 407.528423][ T5893] usb 4-1: config 2 has no interface number 0 [ 407.534593][ T5893] usb 4-1: config 2 interface 211 altsetting 0 endpoint 0x4 has invalid maxpacket 512, setting to 64 [ 407.595231][ T5893] usb 4-1: config 2 interface 211 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 4 [ 407.650636][ T5893] usb 4-1: New USB device found, idVendor=2040, idProduct=8268, bcdDevice=27.95 [ 407.664487][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 407.692528][ T5893] usb 4-1: Product: syz [ 407.705635][ T5893] usb 4-1: Manufacturer: syz [ 407.714427][T13365] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1702'. [ 407.726953][ T5893] usb 4-1: SerialNumber: syz [ 407.732856][T13365] netlink: 12 bytes leftover after parsing attributes in process `syz.2.1702'. [ 407.744707][T13348] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 407.756340][ T5893] em28xx 4-1:2.211: New device syz syz @ 12 Mbps (2040:8268, interface 211, class 211) [ 407.768607][T13370] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1702'. [ 407.777721][ T5893] em28xx 4-1:2.211: Device initialization failed. [ 407.784178][ T5893] em28xx 4-1:2.211: Device must be connected to a high-speed USB 2.0 port. [ 407.797909][T13370] veth4: entered promiscuous mode [ 407.802993][T13370] veth4: entered allmulticast mode [ 407.858520][T13370] veth5: entered promiscuous mode [ 408.054285][T13377] openvswitch: netlink: Unexpected mask (mask=20040, allowed=10048) [ 408.255897][ T5890] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 408.413385][T13391] input: syz0 as /devices/virtual/input/input45 [ 408.435504][ T5890] usb 5-1: Using ep0 maxpacket: 16 [ 408.452371][ T5890] usb 5-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 408.478584][ T5890] usb 5-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 408.505292][ T5890] usb 5-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 408.535851][ T5890] usb 5-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 408.544981][ T5890] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.573603][ T5890] usb 5-1: Product: syz [ 408.584073][ T5890] usb 5-1: Manufacturer: и [ 408.593944][ T5890] usb 5-1: SerialNumber: syz [ 408.655242][ T5891] usb 2-1: new full-speed USB device number 73 using dummy_hcd [ 408.821920][ T5890] usb 5-1: 0:2 : does not exist [ 408.849071][ T5891] usb 2-1: config 163 has an invalid descriptor of length 214, skipping remainder of the config [ 408.849359][ T5890] usb 5-1: USB disconnect, device number 64 [ 408.868736][ T5891] usb 2-1: config 163 has 0 interfaces, different from the descriptor's value: 1 [ 408.902973][ T5891] usb 2-1: New USB device found, idVendor=067b, idProduct=aaa8, bcdDevice=b6.d1 [ 408.927188][ T5891] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 408.961898][ T5891] usb 2-1: Product: syz [ 409.008420][ T5891] usb 2-1: Manufacturer: syz [ 409.035585][ T5891] usb 2-1: SerialNumber: syz [ 409.051980][ T5893] usb 4-1: USB disconnect, device number 90 [ 409.163939][ T5918] udevd[5918]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 409.172825][T13408] netlink: 'syz.0.1718': attribute type 11 has an invalid length. [ 409.257476][ T5891] usb 2-1: USB disconnect, device number 73 [ 409.509518][T13415] FAULT_INJECTION: forcing a failure. [ 409.509518][T13415] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 409.541143][T13415] CPU: 0 UID: 0 PID: 13415 Comm: syz.4.1721 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 409.541174][T13415] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 409.541189][T13415] Call Trace: [ 409.541198][T13415] [ 409.541208][T13415] dump_stack_lvl+0x241/0x360 [ 409.541240][T13415] ? __pfx_dump_stack_lvl+0x10/0x10 [ 409.541264][T13415] ? __pfx__printk+0x10/0x10 [ 409.541304][T13415] ? snprintf+0xda/0x120 [ 409.541330][T13415] should_fail_ex+0x40a/0x550 [ 409.541363][T13415] _copy_to_user+0x31/0xb0 [ 409.541390][T13415] simple_read_from_buffer+0xdc/0x170 [ 409.541423][T13415] proc_fail_nth_read+0x1e9/0x250 [ 409.541460][T13415] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 409.541495][T13415] ? rw_verify_area+0x243/0x630 [ 409.541516][T13415] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 409.541551][T13415] vfs_read+0x1f8/0xb40 [ 409.541574][T13415] ? fdget_pos+0x247/0x310 [ 409.541606][T13415] ? __pfx___mutex_lock+0x10/0x10 [ 409.541636][T13415] ? __pfx_vfs_read+0x10/0x10 [ 409.541661][T13415] ? __fget_files+0x2a/0x420 [ 409.541693][T13415] ? __fget_files+0x39d/0x420 [ 409.541722][T13415] ? __fget_files+0x2a/0x420 [ 409.541762][T13415] ksys_read+0x18f/0x2b0 [ 409.541794][T13415] ? __pfx_ksys_read+0x10/0x10 [ 409.541817][T13415] ? do_syscall_64+0x100/0x230 [ 409.541850][T13415] ? do_syscall_64+0xb6/0x230 [ 409.541882][T13415] do_syscall_64+0xf3/0x230 [ 409.541911][T13415] ? clear_bhb_loop+0x35/0x90 [ 409.541945][T13415] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 409.541974][T13415] RIP: 0033:0x7f8d0358bb7c [ 409.541994][T13415] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 409.542013][T13415] RSP: 002b:00007f8d0437c030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 409.542037][T13415] RAX: ffffffffffffffda RBX: 00007f8d037a5fa0 RCX: 00007f8d0358bb7c [ 409.542054][T13415] RDX: 000000000000000f RSI: 00007f8d0437c0a0 RDI: 0000000000000005 [ 409.542068][T13415] RBP: 00007f8d0437c090 R08: 0000000000000000 R09: 0000000000000000 [ 409.542082][T13415] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 409.542096][T13415] R13: 0000000000000000 R14: 00007f8d037a5fa0 R15: 00007f8d038cfa28 [ 409.542128][T13415] [ 410.055666][ T5893] usb 3-1: new high-speed USB device number 64 using dummy_hcd [ 410.172447][T13428] 8021q: adding VLAN 0 to HW filter on device batadv1 [ 410.201347][T13428] team0: Port device batadv1 added [ 410.215286][ T5893] usb 3-1: Using ep0 maxpacket: 8 [ 410.225919][ T5893] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 410.255950][ T47] usb 4-1: new low-speed USB device number 91 using dummy_hcd [ 410.265830][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has an invalid bInterval 255, changing to 11 [ 410.281191][ T5893] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x1 has invalid maxpacket 59391, setting to 1024 [ 410.298086][ T5893] usb 3-1: New USB device found, idVendor=084e, idProduct=1001, bcdDevice=ed.ae [ 410.309271][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 410.320793][ T5893] usb 3-1: Product: syz [ 410.325001][ T5893] usb 3-1: Manufacturer: syz [ 410.330448][ T5893] usb 3-1: SerialNumber: syz [ 410.345925][ T5893] usb 3-1: config 0 descriptor?? [ 410.354211][T13418] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 410.439698][ T47] usb 4-1: config 0 has no interfaces? [ 410.445763][ T47] usb 4-1: New USB device found, idVendor=046d, idProduct=c52f, bcdDevice= 0.00 [ 410.454861][ T47] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 410.571289][ T47] usb 4-1: config 0 descriptor?? [ 410.641313][ T5893] usb 3-1: USB disconnect, device number 64 [ 410.855699][T13441] IPVS: sh: UDP 224.0.0.2:0 - no destination available [ 410.863053][ T5889] IPVS: starting estimator thread 0... [ 410.995248][T13445] IPVS: using max 23 ests per chain, 55200 per kthread [ 411.129399][ T47] usb 4-1: USB disconnect, device number 91 [ 411.935540][ T5893] usb 2-1: new full-speed USB device number 74 using dummy_hcd [ 411.975286][ T47] usb 3-1: new high-speed USB device number 65 using dummy_hcd [ 412.087215][ T5893] usb 2-1: config index 0 descriptor too short (expected 31, got 27) [ 412.125326][ T5893] usb 2-1: config 1 interface 0 has no altsetting 0 [ 412.135258][ T47] usb 3-1: Using ep0 maxpacket: 32 [ 412.141922][ T5893] usb 2-1: New USB device found, idVendor=0525, idProduct=a4a8, bcdDevice= b.72 [ 412.152097][ T47] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 412.162564][ T5893] usb 2-1: New USB device strings: Mfr=28, Product=37, SerialNumber=3 [ 412.181299][ T5893] usb 2-1: Product: syz [ 412.186850][ T47] usb 3-1: New USB device found, idVendor=22b8, idProduct=6027, bcdDevice=c2.80 [ 412.196137][ T47] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 412.220593][ T5893] usb 2-1: Manufacturer: syz [ 412.234141][ T5893] usb 2-1: SerialNumber: syz [ 412.239277][ T47] usb 3-1: Product: syz [ 412.254193][ T47] usb 3-1: Manufacturer: syz [ 412.268903][ T47] usb 3-1: SerialNumber: syz [ 412.287333][ T47] usb 3-1: config 0 descriptor?? [ 412.310059][ T47] usb 3-1: bad CDC descriptors [ 412.324361][ T47] usb 3-1: unsupported MDLM descriptors [ 412.518775][ T47] usb 3-1: USB disconnect, device number 65 [ 412.875929][ T5893] usblp 2-1:1.0: usblp0: USB Unidirectional printer dev 74 if 0 alt 253 proto 1 vid 0x0525 pid 0xA4A8 [ 413.179481][ C1] usblp0: nonzero write bulk status received: -71 [ 413.180529][ T9] usb 2-1: USB disconnect, device number 74 [ 413.225622][ T5891] usb 1-1: new full-speed USB device number 60 using dummy_hcd [ 413.380489][T13457] usblp0: removed [ 413.415500][ T5889] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 413.427488][ T5891] usb 1-1: not running at top speed; connect to a high speed hub [ 413.446713][ T5891] usb 1-1: config 95 has an invalid interface number: 1 but max is 0 [ 413.469954][ T5891] usb 1-1: config 95 has no interface number 0 [ 413.482430][ T5891] usb 1-1: config 95 interface 1 has no altsetting 0 [ 413.496971][ T5891] usb 1-1: New USB device found, idVendor=0763, idProduct=2031, bcdDevice=ad.3f [ 413.512879][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.521229][ T5891] usb 1-1: Product: syz [ 413.530848][ T5891] usb 1-1: Manufacturer: syz [ 413.536364][ T5891] usb 1-1: SerialNumber: syz [ 413.592986][ T5889] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 413.608996][ T5889] usb 4-1: New USB device found, idVendor=046d, idProduct=c222, bcdDevice= 0.00 [ 413.618751][ T10] usb 3-1: new full-speed USB device number 66 using dummy_hcd [ 413.649188][ T5889] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 413.671148][ T5889] usb 4-1: config 0 descriptor?? [ 413.762247][T13471] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 413.772590][T13471] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 413.812166][ T10] usb 3-1: New USB device found, idVendor=0547, idProduct=0201, bcdDevice=11.64 [ 413.821706][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 413.830656][ T10] usb 3-1: Product: syz [ 413.835056][ T10] usb 3-1: Manufacturer: syz [ 413.840748][ T10] usb 3-1: SerialNumber: syz [ 413.843223][T13485] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 413.864138][ T10] usb 3-1: config 0 descriptor?? [ 413.865344][T13485] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 413.876896][ T10] dvb-usb: found a 'Nebula Electronics uDigiTV DVB-T USB2.0)' in warm state. [ 413.921670][ T10] dvb-usb: This USB2.0 device cannot be run on a USB1.1 port. (it lacks a hardware PID filter) [ 413.972347][T13479] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 413.996460][T13479] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 414.015973][ T10] dvb-usb: Nebula Electronics uDigiTV DVB-T USB2.0) error while loading driver (-19) [ 414.212351][ T5893] usb 3-1: USB disconnect, device number 66 [ 414.226836][ T5891] usb 1-1: USB disconnect, device number 60 [ 414.344014][ T5889] usbhid 4-1:0.0: can't add hid device: -71 [ 414.352834][ T5889] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 414.383959][ T5889] usb 4-1: USB disconnect, device number 92 [ 414.747287][ T10] usb 2-1: new full-speed USB device number 75 using dummy_hcd [ 414.816042][ T5891] usb 1-1: new high-speed USB device number 61 using dummy_hcd [ 414.978508][T13509] netlink: 'syz.4.1756': attribute type 2 has an invalid length. [ 415.002184][ T10] usb 2-1: config 0 has an invalid interface number: 29 but max is 0 [ 415.010615][ T10] usb 2-1: config 0 has no interface number 0 [ 415.021946][ T10] usb 2-1: config 0 interface 29 has no altsetting 0 [ 415.057418][ T10] usb 2-1: New USB device found, idVendor=0c72, idProduct=0014, bcdDevice=39.ac [ 415.075360][ T10] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 415.092753][ T10] usb 2-1: Product: syz [ 415.094861][ T30] audit: type=1326 audit(1742896838.771:2220): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13508 comm="syz.4.1756" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f8d0358d169 code=0x0 [ 415.099312][ T5891] usb 1-1: Using ep0 maxpacket: 8 [ 415.124205][ T10] usb 2-1: Manufacturer: syz [ 415.140802][ T10] usb 2-1: SerialNumber: syz [ 415.157828][ T10] usb 2-1: config 0 descriptor?? [ 415.181331][T13511] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1757'. [ 415.189558][ T5891] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 415.219850][ T5891] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xBE, changing to 0x8E [ 415.289506][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has an invalid bInterval 0, changing to 7 [ 415.385560][ T5891] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x8E has invalid wMaxPacketSize 0 [ 415.504318][ T5891] usb 1-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 3 [ 415.600317][ T5891] usb 1-1: New USB device found, idVendor=10c5, idProduct=819a, bcdDevice=e4.46 [ 415.632544][ T5891] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=35 [ 415.696936][ T5891] usb 1-1: Product: syz [ 415.711326][ T5891] usb 1-1: Manufacturer: syz [ 415.721986][ T5891] usb 1-1: SerialNumber: syz [ 415.778993][ T5891] usb 1-1: config 0 descriptor?? [ 415.998465][ T5891] radio-si470x 1-1:0.0: DeviceID=0x0000 ChipID=0x0000 [ 416.008425][ T5891] radio-si470x 1-1:0.0: This driver is known to work with firmware version 12, but the device has firmware version 0. [ 416.095878][ T5889] usb 3-1: new high-speed USB device number 67 using dummy_hcd [ 416.198005][ T5891] radio-si470x 1-1:0.0: software version 43, hardware version 153 [ 416.218688][ T5891] radio-si470x 1-1:0.0: If you have some trouble using this driver, please report to V4L ML at linux-media@vger.kernel.org [ 416.245283][ T5889] usb 3-1: Using ep0 maxpacket: 32 [ 416.252687][ T5889] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 416.264449][ T5889] usb 3-1: config 0 has no interfaces? [ 416.270567][ T5889] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 416.280172][ T5889] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 416.297967][ T5889] usb 3-1: config 0 descriptor?? [ 416.406894][ T5891] radio-si470x 1-1:0.0: submitting int urb failed (-90) [ 416.607908][T13501] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 416.624417][T13501] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 416.818766][T13530] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 416.818986][T13530] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 416.962537][ T5891] radio-si470x 1-1:0.0: si470x_set_report: usb_control_msg returned -110 [ 417.109370][T13533] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 417.109636][ T5891] radio-si470x 1-1:0.0: probe with driver radio-si470x failed with error -22 [ 417.120007][T13533] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 417.291766][ T5918] udevd[5918]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:95.1/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 417.341048][T13517] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 417.350546][ T5891] usb 1-1: USB disconnect, device number 61 [ 417.376763][T13517] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 417.965513][ T5891] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 418.125374][ T5891] usb 5-1: Using ep0 maxpacket: 8 [ 418.151581][ T5891] usb 5-1: New USB device found, idVendor=046d, idProduct=0896, bcdDevice=3a.11 [ 418.174812][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 418.200251][ T5891] usb 5-1: Product: syz [ 418.204905][ T5891] usb 5-1: Manufacturer: syz [ 418.221528][ T5891] usb 5-1: SerialNumber: syz [ 418.222401][T13544] netlink: 'syz.0.1768': attribute type 9 has an invalid length. [ 418.242770][ T5891] usb 5-1: config 0 descriptor?? [ 418.265900][ T5891] gspca_main: vc032x-2.14.0 probing 046d:0896 [ 418.340732][T13546] FAULT_INJECTION: forcing a failure. [ 418.340732][T13546] name failslab, interval 1, probability 0, space 0, times 0 [ 418.356257][T13546] CPU: 1 UID: 0 PID: 13546 Comm: syz.0.1769 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 418.356285][T13546] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 418.356299][T13546] Call Trace: [ 418.356307][T13546] [ 418.356315][T13546] dump_stack_lvl+0x241/0x360 [ 418.356343][T13546] ? __pfx_dump_stack_lvl+0x10/0x10 [ 418.356364][T13546] ? __pfx__printk+0x10/0x10 [ 418.356397][T13546] ? fs_reclaim_acquire+0x93/0x130 [ 418.356417][T13546] ? __pfx___might_resched+0x10/0x10 [ 418.356447][T13546] should_fail_ex+0x40a/0x550 [ 418.356476][T13546] should_failslab+0xac/0x100 [ 418.356503][T13546] __kmalloc_noprof+0xdd/0x4c0 [ 418.356528][T13546] ? tomoyo_encode+0x26f/0x540 [ 418.356561][T13546] tomoyo_encode+0x26f/0x540 [ 418.356594][T13546] tomoyo_realpath_from_path+0x59e/0x5e0 [ 418.356632][T13546] tomoyo_path_number_perm+0x239/0x770 [ 418.356655][T13546] ? __lock_acquire+0x1397/0x2100 [ 418.356686][T13546] ? tomoyo_path_number_perm+0x209/0x770 [ 418.356711][T13546] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 418.356772][T13546] ? __fget_files+0x2a/0x420 [ 418.356830][T13546] ? __fget_files+0x2a/0x420 [ 418.356865][T13546] security_file_ioctl+0xc6/0x2a0 [ 418.356890][T13546] __se_sys_ioctl+0x46/0x160 [ 418.356916][T13546] do_syscall_64+0xf3/0x230 [ 418.356944][T13546] ? clear_bhb_loop+0x35/0x90 [ 418.356977][T13546] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 418.357006][T13546] RIP: 0033:0x7f7edff8d169 [ 418.357026][T13546] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 418.357044][T13546] RSP: 002b:00007f7ee0e0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 418.357067][T13546] RAX: ffffffffffffffda RBX: 00007f7ee01a5fa0 RCX: 00007f7edff8d169 [ 418.357083][T13546] RDX: 0000000000000000 RSI: 0000000000008933 RDI: 0000000000000003 [ 418.357096][T13546] RBP: 00007f7ee0e0f090 R08: 0000000000000000 R09: 0000000000000000 [ 418.357110][T13546] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 418.357122][T13546] R13: 0000000000000000 R14: 00007f7ee01a5fa0 R15: 00007f7ee02cfa28 [ 418.357153][T13546] [ 418.357178][T13546] ERROR: Out of memory at tomoyo_realpath_from_path. [ 418.709471][ T10] peak_usb 2-1:0.29 can0: unable to request usb[type=0 value=1] err=-71 [ 418.726756][ T30] audit: type=1326 audit(1742896842.401:2221): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13547 comm=2321202E2F66696C65300A exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff897b8d169 code=0x0 [ 418.727562][ T10] peak_usb 2-1:0.29: unable to read PCAN-USB X6 firmware info (err -71) [ 418.822329][ T5891] gspca_vc032x: reg_w err -71 [ 418.845642][ T5891] vc032x 5-1:0.0: probe with driver vc032x failed with error -71 [ 418.881694][ T5891] usb 5-1: USB disconnect, device number 65 [ 418.915482][ T10] peak_usb 2-1:0.29: probe with driver peak_usb failed with error -71 [ 418.941366][ T9] usb 3-1: USB disconnect, device number 67 [ 418.989381][ T10] usb 2-1: USB disconnect, device number 75 [ 419.085549][ T5893] usb 1-1: new high-speed USB device number 62 using dummy_hcd [ 419.236870][ T5893] usb 1-1: Using ep0 maxpacket: 8 [ 419.244668][ T5893] usb 1-1: config 1 contains an unexpected descriptor of type 0x1, skipping [ 419.253973][ T5893] usb 1-1: config 1 has an invalid descriptor of length 1, skipping remainder of the config [ 419.275112][ T5893] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 419.277455][T13562] netlink: 'syz.2.1776': attribute type 1 has an invalid length. [ 419.293719][ T5893] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 419.303572][ T5893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 419.372028][ T5893] usb 1-1: Product: syz [ 419.385298][ T5893] usb 1-1: Manufacturer: syz [ 419.395138][ T5893] usb 1-1: SerialNumber: syz [ 419.621453][ T5893] usb 1-1: 0:2 : does not exist [ 419.654981][ T5893] usb 1-1: USB disconnect, device number 62 [ 419.888472][ T5918] udevd[5918]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 420.155337][ T5893] usb 4-1: new high-speed USB device number 93 using dummy_hcd [ 420.326821][ T5893] usb 4-1: Using ep0 maxpacket: 32 [ 420.439283][ T5893] usb 4-1: config 1 has an invalid interface number: 44 but max is 1 [ 420.447680][ T5893] usb 4-1: config 1 has an invalid interface number: 44 but max is 1 [ 420.458133][ T5893] usb 4-1: config 1 has 1 interface, different from the descriptor's value: 2 [ 420.467294][ T5893] usb 4-1: config 1 has no interface number 0 [ 420.473614][ T5893] usb 4-1: config 1 interface 44 has no altsetting 0 [ 420.485242][ T5893] usb 4-1: config 1 interface 44 has no altsetting 1 [ 420.494050][ T5893] usb 4-1: New USB device found, idVendor=132b, idProduct=000b, bcdDevice= 0.01 [ 420.503654][ T5893] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 420.511972][ T5893] usb 4-1: Product: syz [ 420.516515][ T5893] usb 4-1: Manufacturer: syz [ 420.527222][T13582] IPVS: set_ctl: invalid protocol: 60 0.0.0.0:20000 [ 420.531945][ T5893] usb 4-1: SerialNumber: syz [ 421.045318][ T9] usb 1-1: new low-speed USB device number 63 using dummy_hcd [ 421.237023][ T9] usb 1-1: config index 0 descriptor too short (expected 6427, got 27) [ 421.262472][ T9] usb 1-1: config 0 has an invalid interface number: 21 but max is 0 [ 421.286915][ T9] usb 1-1: config 0 has no interface number 0 [ 421.295492][ T5890] usb 3-1: new high-speed USB device number 68 using dummy_hcd [ 421.321240][ T9] usb 1-1: config 0 interface 21 altsetting 0 has an endpoint descriptor with address 0x31, changing to 0x1 [ 421.349731][ T9] usb 1-1: config 0 interface 21 altsetting 0 endpoint 0x1 has invalid maxpacket 13364, setting to 8 [ 421.368154][ T9] usb 1-1: New USB device found, idVendor=06cd, idProduct=0202, bcdDevice=92.d4 [ 421.383197][ T9] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 421.426275][ T9] usb 1-1: config 0 descriptor?? [ 421.476874][ T5890] usb 3-1: config 0 has no interfaces? [ 421.485367][ T5890] usb 3-1: New USB device found, idVendor=091e, idProduct=0003, bcdDevice=d7.3b [ 421.528071][ T5890] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 421.564501][ T5890] usb 3-1: Product: syz [ 421.584706][ T5890] usb 3-1: Manufacturer: syz [ 421.596550][ T5890] usb 3-1: SerialNumber: syz [ 421.618412][ T5890] usb 3-1: config 0 descriptor?? [ 421.863496][ T5890] usb 3-1: USB disconnect, device number 68 [ 422.482256][T13611] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 422.507644][T13611] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 422.798039][ T5893] usb-storage 4-1:1.44: USB Mass Storage device detected [ 422.894786][ T5893] usb 4-1: USB disconnect, device number 93 [ 423.148175][T13630] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1795'. [ 423.175230][ T5891] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 423.345720][ T5891] usb 5-1: Using ep0 maxpacket: 32 [ 423.358278][ T5891] usb 5-1: config 0 has an invalid interface number: 151 but max is 0 [ 423.366944][ T5891] usb 5-1: config 0 has no interface number 0 [ 423.385278][ T5891] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x85 has an invalid bInterval 0, changing to 7 [ 423.423196][ T5891] usb 5-1: config 0 interface 151 altsetting 0 endpoint 0x85 has invalid wMaxPacketSize 0 [ 423.451362][ T5891] usb 5-1: New USB device found, idVendor=0499, idProduct=6bb7, bcdDevice=68.2f [ 423.465329][ T5891] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 423.474554][ T5891] usb 5-1: Product: syz [ 423.479498][ T5891] usb 5-1: Manufacturer: syz [ 423.484307][ T5891] usb 5-1: SerialNumber: syz [ 423.507932][ T5891] usb 5-1: config 0 descriptor?? [ 423.789919][ T5893] usb 1-1: USB disconnect, device number 63 [ 424.527310][ T5891] usb 5-1: USB disconnect, device number 66 [ 424.728782][ T5918] udevd[5918]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:0.151/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 424.891357][ T30] audit: type=1326 audit(1742896848.561:2222): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13655 comm="syz.4.1803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d0358d169 code=0x7ffc0000 [ 425.012964][ T30] audit: type=1326 audit(1742896848.561:2223): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13655 comm="syz.4.1803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d0358d169 code=0x7ffc0000 [ 425.123973][ T30] audit: type=1326 audit(1742896848.561:2224): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13655 comm="syz.4.1803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=300 compat=0 ip=0x7f8d0358d169 code=0x7ffc0000 [ 425.225460][T13662] netlink: 8 bytes leftover after parsing attributes in process `syz.1.1806'. [ 425.226921][ T30] audit: type=1326 audit(1742896848.561:2225): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13655 comm="syz.4.1803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d0358d169 code=0x7ffc0000 [ 425.276779][T13661] xt_hashlimit: overflow, try lower: 1113/0 [ 425.303988][T13662] netlink: 4 bytes leftover after parsing attributes in process `syz.1.1806'. [ 425.343731][T13662] netlink: 'syz.1.1806': attribute type 7 has an invalid length. [ 425.405149][ T30] audit: type=1326 audit(1742896848.561:2226): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13655 comm="syz.4.1803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=299 compat=0 ip=0x7f8d0358d169 code=0x7ffc0000 [ 425.435515][T13663] netlink: 276 bytes leftover after parsing attributes in process `syz.1.1806'. [ 425.549340][ T30] audit: type=1326 audit(1742896848.561:2227): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13655 comm="syz.4.1803" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f8d0358d169 code=0x7ffc0000 [ 428.343775][T13711] FAULT_INJECTION: forcing a failure. [ 428.343775][T13711] name failslab, interval 1, probability 0, space 0, times 0 [ 428.397177][T13711] CPU: 0 UID: 0 PID: 13711 Comm: syz.3.1823 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 428.397210][T13711] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 428.397224][T13711] Call Trace: [ 428.397232][T13711] [ 428.397242][T13711] dump_stack_lvl+0x241/0x360 [ 428.397272][T13711] ? __pfx_dump_stack_lvl+0x10/0x10 [ 428.397295][T13711] ? __pfx__printk+0x10/0x10 [ 428.397330][T13711] ? fs_reclaim_acquire+0x93/0x130 [ 428.397353][T13711] ? __pfx___might_resched+0x10/0x10 [ 428.397384][T13711] should_fail_ex+0x40a/0x550 [ 428.397416][T13711] should_failslab+0xac/0x100 [ 428.397446][T13711] __kmalloc_noprof+0xdd/0x4c0 [ 428.397472][T13711] ? tomoyo_encode+0x26f/0x540 [ 428.397506][T13711] tomoyo_encode+0x26f/0x540 [ 428.397541][T13711] tomoyo_realpath_from_path+0x59e/0x5e0 [ 428.397584][T13711] tomoyo_path_number_perm+0x239/0x770 [ 428.397610][T13711] ? rcu_read_lock_any_held+0xb7/0x160 [ 428.397637][T13711] ? __pfx_rcu_read_lock_any_held+0x10/0x10 [ 428.397662][T13711] ? tomoyo_path_number_perm+0x209/0x770 [ 428.397703][T13711] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 428.397731][T13711] ? sb_end_write+0xe9/0x1c0 [ 428.397772][T13711] ? vfs_write+0x7fa/0xd10 [ 428.397822][T13711] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 428.397854][T13711] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 428.397887][T13711] security_file_ioctl+0xc6/0x2a0 [ 428.397910][T13711] __se_sys_ioctl+0x46/0x160 [ 428.397935][T13711] do_syscall_64+0xf3/0x230 [ 428.397961][T13711] ? clear_bhb_loop+0x35/0x90 [ 428.397991][T13711] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 428.398017][T13711] RIP: 0033:0x7ff897b8d169 [ 428.398053][T13711] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 428.398071][T13711] RSP: 002b:00007ff89899e038 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 428.398093][T13711] RAX: ffffffffffffffda RBX: 00007ff897da5fa0 RCX: 00007ff897b8d169 [ 428.398110][T13711] RDX: 0000200000000940 RSI: 00000000c0205647 RDI: 0000000000000009 [ 428.398123][T13711] RBP: 00007ff89899e090 R08: 0000000000000000 R09: 0000000000000000 [ 428.398136][T13711] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 428.398148][T13711] R13: 0000000000000000 R14: 00007ff897da5fa0 R15: 00007ff897ecfa28 [ 428.398183][T13711] [ 428.398202][T13711] ERROR: Out of memory at tomoyo_realpath_from_path. [ 428.966714][T13723] netlink: 'syz.0.1826': attribute type 1 has an invalid length. [ 429.163341][T13725] veth0: entered promiscuous mode [ 429.763349][T13737] IPVS: set_ctl: invalid protocol: 60 0.0.0.0:20000 [ 429.962629][T13725] veth0: left promiscuous mode [ 431.495310][ T5893] usb 3-1: new high-speed USB device number 69 using dummy_hcd [ 431.725207][ T5893] usb 3-1: Using ep0 maxpacket: 16 [ 431.743202][ T5893] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 431.760551][ T5893] usb 3-1: config 0 has no interface number 0 [ 431.785806][ T5893] usb 3-1: New USB device found, idVendor=04fc, idProduct=1528, bcdDevice=6d.5d [ 431.808119][ T5893] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 431.828203][ T5893] usb 3-1: Product: syz [ 431.840403][ T5893] usb 3-1: Manufacturer: syz [ 431.856929][ T5893] usb 3-1: SerialNumber: syz [ 431.876945][ T5893] usb 3-1: config 0 descriptor?? [ 431.898645][ T5893] gspca_main: spca1528-2.14.0 probing 04fc:1528 [ 432.085574][T13765] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1839'. [ 432.113586][T13765] netlink: 28 bytes leftover after parsing attributes in process `syz.1.1839'. [ 432.176969][T13765] bridge0: entered promiscuous mode [ 432.192728][T13765] bridge0: left promiscuous mode [ 432.326287][ T5890] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 432.525273][ T5890] usb 5-1: Using ep0 maxpacket: 16 [ 432.549925][ T5890] usb 5-1: config 0 interface 0 has no altsetting 0 [ 432.564509][ T5890] usb 5-1: New USB device found, idVendor=0458, idProduct=5013, bcdDevice= 0.00 [ 432.574959][ T5890] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 432.646472][ T5890] usb 5-1: config 0 descriptor?? [ 432.901488][T13758] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 432.935544][T13758] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 432.979003][ T5893] gspca_spca1528: reg_w err -71 [ 432.986235][ T5893] spca1528 3-1:0.1: probe with driver spca1528 failed with error -71 [ 432.999501][T13766] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1838'. [ 433.032804][ T5893] usb 3-1: USB disconnect, device number 69 [ 433.465304][ T5891] usb 4-1: new high-speed USB device number 94 using dummy_hcd [ 433.665333][ T5891] usb 4-1: Using ep0 maxpacket: 8 [ 433.685182][ T5891] usb 4-1: config index 0 descriptor too short (expected 5924, got 36) [ 433.693509][ T5891] usb 4-1: config 250 has an invalid interface number: 228 but max is -1 [ 433.740002][ T5891] usb 4-1: config 250 has 1 interface, different from the descriptor's value: 0 [ 433.776154][ T5891] usb 4-1: config 250 has no interface number 0 [ 433.793252][ T5891] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x1 has invalid maxpacket 65280, setting to 1024 [ 433.835182][ T5891] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x1 has invalid maxpacket 1024 [ 433.853935][ T5891] usb 4-1: config 250 interface 228 altsetting 255 endpoint 0x82 has invalid wMaxPacketSize 0 [ 433.936824][ T5891] usb 4-1: config 250 interface 228 altsetting 255 bulk endpoint 0x82 has invalid maxpacket 0 [ 434.002821][ T5891] usb 4-1: config 250 interface 228 altsetting 255 has 2 endpoint descriptors, different from the interface descriptor's value: 17 [ 434.048724][ T5891] usb 4-1: config 250 interface 228 has no altsetting 0 [ 434.069629][ T5891] usb 4-1: New USB device found, idVendor=0525, idProduct=d292, bcdDevice= 0.07 [ 434.390902][ T5891] usb 4-1: New USB device strings: Mfr=0, Product=106, SerialNumber=59 [ 434.413768][ T5891] usb 4-1: Product: syz [ 434.433971][ T5891] usb 4-1: SerialNumber: syz [ 434.522874][ T5890] usbhid 5-1:0.0: can't add hid device: -71 [ 434.530803][ T5891] hub 4-1:250.228: bad descriptor, ignoring hub [ 434.539771][ T5890] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 434.542321][ T5891] hub 4-1:250.228: probe with driver hub failed with error -5 [ 434.618354][ T5890] usb 5-1: USB disconnect, device number 67 [ 434.750899][ T5891] usblp 4-1:250.228: usblp0: USB Bidirectional printer dev 94 if 228 alt 255 proto 3 vid 0x0525 pid 0xD292 [ 435.280521][T13812] fuse: Bad value for 'user_id' [ 435.300256][T13812] fuse: Bad value for 'user_id' [ 435.503206][T13787] usb 4-1: reset high-speed USB device number 94 using dummy_hcd [ 435.614932][T13819] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1856'. [ 436.241062][T13827] FAULT_INJECTION: forcing a failure. [ 436.241062][T13827] name failslab, interval 1, probability 0, space 0, times 0 [ 436.254651][T13827] CPU: 1 UID: 0 PID: 13827 Comm: syz.1.1858 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 436.254674][T13827] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 436.254685][T13827] Call Trace: [ 436.254691][T13827] [ 436.254698][T13827] dump_stack_lvl+0x241/0x360 [ 436.254721][T13827] ? __pfx_dump_stack_lvl+0x10/0x10 [ 436.254738][T13827] ? __pfx__printk+0x10/0x10 [ 436.254763][T13827] ? kmem_cache_alloc_node_noprof+0x4f/0x380 [ 436.254786][T13827] ? __pfx___might_resched+0x10/0x10 [ 436.254809][T13827] should_fail_ex+0x40a/0x550 [ 436.254832][T13827] should_failslab+0xac/0x100 [ 436.254853][T13827] kmem_cache_alloc_node_noprof+0x77/0x380 [ 436.254874][T13827] ? __alloc_skb+0x1c3/0x440 [ 436.254898][T13827] __alloc_skb+0x1c3/0x440 [ 436.254921][T13827] ? __pfx___alloc_skb+0x10/0x10 [ 436.254944][T13827] ? netlink_autobind+0xd6/0x2f0 [ 436.254959][T13827] ? netlink_autobind+0x2b0/0x2f0 [ 436.254978][T13827] netlink_sendmsg+0x623/0xca0 [ 436.255001][T13827] ? __pfx_netlink_sendmsg+0x10/0x10 [ 436.255020][T13827] ? aa_sock_msg_perm+0x91/0x160 [ 436.255043][T13827] ? __pfx_netlink_sendmsg+0x10/0x10 [ 436.255067][T13827] __sock_sendmsg+0x221/0x270 [ 436.255094][T13827] sock_write_iter+0x2d7/0x3f0 [ 436.255119][T13827] ? __pfx_sock_write_iter+0x10/0x10 [ 436.255161][T13827] do_iter_readv_writev+0x71a/0x9d0 [ 436.255190][T13827] ? __pfx_do_iter_readv_writev+0x10/0x10 [ 436.255219][T13827] ? bpf_lsm_file_permission+0x9/0x10 [ 436.255256][T13827] ? rw_verify_area+0x243/0x630 [ 436.255284][T13827] vfs_writev+0x38b/0xbc0 [ 436.255316][T13827] ? __pfx_vfs_writev+0x10/0x10 [ 436.255345][T13827] ? do_sys_openat2+0x155/0x1c0 [ 436.255367][T13827] ? __fget_files+0x2a/0x420 [ 436.255390][T13827] ? __fget_files+0x39d/0x420 [ 436.255410][T13827] ? __fget_files+0x2a/0x420 [ 436.255437][T13827] do_writev+0x1b6/0x360 [ 436.255461][T13827] ? __pfx_do_writev+0x10/0x10 [ 436.255483][T13827] ? do_syscall_64+0x100/0x230 [ 436.255507][T13827] ? do_syscall_64+0xb6/0x230 [ 436.255529][T13827] do_syscall_64+0xf3/0x230 [ 436.255549][T13827] ? clear_bhb_loop+0x35/0x90 [ 436.255573][T13827] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 436.255594][T13827] RIP: 0033:0x7f7f6738d169 [ 436.255608][T13827] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 436.255622][T13827] RSP: 002b:00007f7f68215038 EFLAGS: 00000246 ORIG_RAX: 0000000000000014 [ 436.255639][T13827] RAX: ffffffffffffffda RBX: 00007f7f675a5fa0 RCX: 00007f7f6738d169 [ 436.255651][T13827] RDX: 0000000000000001 RSI: 0000200000001200 RDI: 0000000000000004 [ 436.255661][T13827] RBP: 00007f7f68215090 R08: 0000000000000000 R09: 0000000000000000 [ 436.255671][T13827] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 436.255680][T13827] R13: 0000000000000000 R14: 00007f7f675a5fa0 R15: 00007f7f676cfa28 [ 436.255701][T13827] [ 436.585782][ T5890] usb 4-1: USB disconnect, device number 94 [ 436.856885][ T5890] usblp0: removed [ 437.385420][ T5890] usb 4-1: new high-speed USB device number 95 using dummy_hcd [ 437.606002][ T5890] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 437.616892][ T5890] usb 4-1: config 220 has an invalid descriptor of length 0, skipping remainder of the config [ 437.637481][ T5890] usb 4-1: config 220 has no interface number 2 [ 437.643939][ T5890] usb 4-1: config 220 interface 1 altsetting 5 endpoint 0x2 has invalid wMaxPacketSize 0 [ 437.662476][T13842] netlink: 76 bytes leftover after parsing attributes in process `syz.4.1864'. [ 437.686834][ T5890] usb 4-1: config 220 interface 1 altsetting 5 bulk endpoint 0x3 has invalid maxpacket 8 [ 437.704140][ T5890] usb 4-1: config 220 interface 1 altsetting 5 has 2 endpoint descriptors, different from the interface descriptor's value: 12 [ 437.790681][ T5890] usb 4-1: config 220 interface 0 has no altsetting 0 [ 437.806507][ T5890] usb 4-1: config 220 interface 76 has no altsetting 0 [ 437.827135][ T5890] usb 4-1: config 220 interface 1 has no altsetting 0 [ 437.856922][ T5890] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 437.896582][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 437.931990][ T5890] usb 4-1: Product: syz [ 437.955423][ T5890] usb 4-1: Manufacturer: syz [ 437.965480][T13846] FAULT_INJECTION: forcing a failure. [ 437.965480][T13846] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 438.005300][T13846] CPU: 0 UID: 0 PID: 13846 Comm: syz.0.1865 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 438.005331][T13846] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 438.005343][T13846] Call Trace: [ 438.005352][T13846] [ 438.005362][T13846] dump_stack_lvl+0x241/0x360 [ 438.005392][T13846] ? __pfx_dump_stack_lvl+0x10/0x10 [ 438.005415][T13846] ? __pfx__printk+0x10/0x10 [ 438.005468][T13846] ? __pfx_lock_release+0x10/0x10 [ 438.005509][T13846] should_fail_ex+0x40a/0x550 [ 438.005542][T13846] _copy_from_user+0x2d/0xb0 [ 438.005564][T13846] sk_setsockopt+0x2ad/0x3330 [ 438.005600][T13846] ? __lock_acquire+0x1397/0x2100 [ 438.005632][T13846] ? __pfx_sk_setsockopt+0x10/0x10 [ 438.005668][T13846] ? aa_sk_perm+0x96d/0xab0 [ 438.005702][T13846] ? __pfx_aa_sk_perm+0x10/0x10 [ 438.005729][T13846] ? __pfx_lock_acquire+0x10/0x10 [ 438.005757][T13846] ? aa_sock_opt_perm+0x79/0x120 [ 438.005791][T13846] do_sock_setsockopt+0x2fb/0x720 [ 438.005829][T13846] ? __pfx_do_sock_setsockopt+0x10/0x10 [ 438.005865][T13846] ? __fget_files+0x39d/0x420 [ 438.005894][T13846] ? __fget_files+0x2a/0x420 [ 438.005931][T13846] __x64_sys_setsockopt+0x1ee/0x280 [ 438.005970][T13846] do_syscall_64+0xf3/0x230 [ 438.005999][T13846] ? clear_bhb_loop+0x35/0x90 [ 438.006033][T13846] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.006062][T13846] RIP: 0033:0x7f7edff8d169 [ 438.006081][T13846] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 438.006097][T13846] RSP: 002b:00007f7ee0dee038 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 438.006128][T13846] RAX: ffffffffffffffda RBX: 00007f7ee01a6080 RCX: 00007f7edff8d169 [ 438.006145][T13846] RDX: 000000000000001a RSI: 0000000000000001 RDI: 0000000000000005 [ 438.006158][T13846] RBP: 00007f7ee0dee090 R08: 0000000000000010 R09: 0000000000000000 [ 438.006184][T13846] R10: 0000200000000140 R11: 0000000000000246 R12: 0000000000000001 [ 438.006198][T13846] R13: 0000000000000000 R14: 00007f7ee01a6080 R15: 00007f7ee02cfa28 [ 438.006227][T13846] [ 438.009804][ T5890] usb 4-1: SerialNumber: syz [ 438.546538][T13852] FAULT_INJECTION: forcing a failure. [ 438.546538][T13852] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 438.592604][T13852] CPU: 1 UID: 0 PID: 13852 Comm: syz.4.1868 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 438.592639][T13852] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 438.592652][T13852] Call Trace: [ 438.592661][T13852] [ 438.592671][T13852] dump_stack_lvl+0x241/0x360 [ 438.592701][T13852] ? __pfx_dump_stack_lvl+0x10/0x10 [ 438.592725][T13852] ? __pfx__printk+0x10/0x10 [ 438.592761][T13852] ? __pfx_lock_release+0x10/0x10 [ 438.592813][T13852] should_fail_ex+0x40a/0x550 [ 438.592845][T13852] _copy_from_iter+0x1df/0x1c40 [ 438.592878][T13852] ? __virt_addr_valid+0x183/0x530 [ 438.592911][T13852] ? __pfx_lock_release+0x10/0x10 [ 438.592947][T13852] ? __alloc_skb+0x28f/0x440 [ 438.592976][T13852] ? __pfx__copy_from_iter+0x10/0x10 [ 438.593010][T13852] ? __virt_addr_valid+0x183/0x530 [ 438.593041][T13852] ? __virt_addr_valid+0x183/0x530 [ 438.593071][T13852] ? __virt_addr_valid+0x45f/0x530 [ 438.593110][T13852] ? __phys_addr_symbol+0x2f/0x70 [ 438.593140][T13852] ? __check_object_size+0x475/0x720 [ 438.593171][T13852] netlink_sendmsg+0x721/0xca0 [ 438.593203][T13852] ? __pfx_netlink_sendmsg+0x10/0x10 [ 438.593230][T13852] ? aa_sock_msg_perm+0x91/0x160 [ 438.593262][T13852] ? __pfx_netlink_sendmsg+0x10/0x10 [ 438.593282][T13852] __sock_sendmsg+0x221/0x270 [ 438.593310][T13852] ____sys_sendmsg+0x524/0x860 [ 438.593349][T13852] ? __pfx_____sys_sendmsg+0x10/0x10 [ 438.593378][T13852] ? __fget_files+0x2a/0x420 [ 438.593410][T13852] ? __fget_files+0x2a/0x420 [ 438.593448][T13852] __sys_sendmsg+0x269/0x350 [ 438.593484][T13852] ? __pfx___sys_sendmsg+0x10/0x10 [ 438.593527][T13852] ? do_sys_openat2+0x155/0x1c0 [ 438.593581][T13852] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 438.593614][T13852] ? do_syscall_64+0x100/0x230 [ 438.593646][T13852] ? do_syscall_64+0xb6/0x230 [ 438.593675][T13852] do_syscall_64+0xf3/0x230 [ 438.593703][T13852] ? clear_bhb_loop+0x35/0x90 [ 438.593736][T13852] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 438.593764][T13852] RIP: 0033:0x7f8d0358d169 [ 438.593783][T13852] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 438.593800][T13852] RSP: 002b:00007f8d0437c038 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 438.593823][T13852] RAX: ffffffffffffffda RBX: 00007f8d037a5fa0 RCX: 00007f8d0358d169 [ 438.593839][T13852] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000003 [ 438.593853][T13852] RBP: 00007f8d0437c090 R08: 0000000000000000 R09: 0000000000000000 [ 438.593866][T13852] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 438.593879][T13852] R13: 0000000000000000 R14: 00007f8d037a5fa0 R15: 00007f8d038cfa28 [ 438.593908][T13852] [ 439.224215][ T5890] usb 4-1: selecting invalid altsetting 0 [ 439.290779][T13854] vlan2: entered promiscuous mode [ 439.291456][ T5890] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 439.303083][T13854] bond0: entered promiscuous mode [ 439.330216][T13854] bond_slave_0: entered promiscuous mode [ 439.336655][ T5890] usb 4-1: No valid video chain found. [ 439.362488][T13854] bond_slave_1: entered promiscuous mode [ 439.379855][ T5890] usb 4-1: selecting invalid altsetting 0 [ 439.399318][ T5890] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 439.441718][ T5890] usb 4-1: USB disconnect, device number 95 [ 439.454936][T13857] netlink: 'syz.4.1870': attribute type 1 has an invalid length. [ 439.473948][T13854] bond0: left promiscuous mode [ 439.479430][T13854] bond_slave_0: left promiscuous mode [ 439.492045][T13854] bond_slave_1: left promiscuous mode [ 439.539211][T13857] 8021q: adding VLAN 0 to HW filter on device bond1 [ 439.605225][ T9] usb 1-1: new high-speed USB device number 64 using dummy_hcd [ 439.765227][ T9] usb 1-1: Using ep0 maxpacket: 32 [ 439.816485][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has an invalid bInterval 128, changing to 11 [ 439.855248][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x9 has invalid wMaxPacketSize 0 [ 439.864974][ T9] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xB7, changing to 0x87 [ 439.946177][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x87 has an invalid bInterval 79, changing to 10 [ 439.999155][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x87 has invalid maxpacket 34258, setting to 1024 [ 440.056040][ T9] usb 1-1: New USB device found, idVendor=0e6f, idProduct=582c, bcdDevice=31.68 [ 440.070333][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 440.092001][ T9] usb 1-1: Product: syz [ 440.103488][ T9] usb 1-1: Manufacturer: syz [ 440.122619][ T9] usb 1-1: SerialNumber: syz [ 440.149839][ T9] usb 1-1: config 0 descriptor?? [ 440.176027][T13855] raw-gadget.0 gadget.0: fail, usb_ep_enable returned -22 [ 440.178336][ T1300] ieee802154 phy0 wpan0: encryption failed: -22 [ 440.189471][ T9] input: Generic X-Box pad as /devices/platform/dummy_hcd.0/usb1/1-1/1-1:0.0/input/input48 [ 440.190699][ T5193] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 440.199810][ T1300] ieee802154 phy1 wpan1: encryption failed: -22 [ 440.239713][ T30] audit: type=1326 audit(1742896863.921:2228): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13872 comm="syz.3.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff897b8d169 code=0x7ffc0000 [ 440.294475][ T5193] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 440.327137][ T30] audit: type=1326 audit(1742896863.921:2229): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13872 comm="syz.3.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff897b8d169 code=0x7ffc0000 [ 440.429117][ T5193] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 440.473099][ T30] audit: type=1326 audit(1742896863.941:2230): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13872 comm="syz.3.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff897b8d169 code=0x7ffc0000 [ 440.525932][ T5193] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 440.587376][ T30] audit: type=1326 audit(1742896863.941:2231): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13872 comm="syz.3.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff897b8d169 code=0x7ffc0000 [ 440.629858][ T6108] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 440.689726][ T5193] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 440.699850][ T30] audit: type=1326 audit(1742896863.951:2232): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13872 comm="syz.3.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff897b8d169 code=0x7ffc0000 [ 440.802982][ T30] audit: type=1326 audit(1742896863.951:2233): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13872 comm="syz.3.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff897b8d169 code=0x7ffc0000 [ 440.840625][T13854] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 440.861658][T13877] kvm: vcpu 1024: requested lapic timer restore with starting count register 0x390=2088510865 (4177021730 ns) > initial count (3768473540 ns). Using initial count to start timer. [ 440.880145][ T30] audit: type=1326 audit(1742896863.951:2234): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13872 comm="syz.3.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff897b8d169 code=0x7ffc0000 [ 440.905586][ T30] audit: type=1326 audit(1742896863.951:2235): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13872 comm="syz.3.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=321 compat=0 ip=0x7ff897b8d169 code=0x7ffc0000 [ 440.929806][ T30] audit: type=1326 audit(1742896863.951:2236): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13872 comm="syz.3.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff897b8d169 code=0x7ffc0000 [ 440.955723][ T30] audit: type=1326 audit(1742896863.951:2237): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=13872 comm="syz.3.1876" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7ff897b8d169 code=0x7ffc0000 [ 440.962980][ T5193] xpad 1-1:0.0: xpad_try_sending_next_out_packet - usb_submit_urb failed with result -90 [ 441.002899][ T5890] usb 1-1: USB disconnect, device number 64 [ 441.002931][ C0] xpad 1-1:0.0: xpad_irq_in - usb_submit_urb failed with result -19 [ 442.184953][T13895] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1884'. [ 442.207581][T13895] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1884'. [ 442.615192][ T5890] usb 4-1: new high-speed USB device number 96 using dummy_hcd [ 442.829035][ T5890] usb 4-1: config 220 has an invalid interface number: 76 but max is 2 [ 442.871457][ T5890] usb 4-1: config 220 contains an unexpected descriptor of type 0x2, skipping [ 442.891957][ T5890] usb 4-1: config 220 has an invalid descriptor of length 9, skipping remainder of the config [ 442.936297][ T5890] usb 4-1: config 220 has no interface number 2 [ 442.942653][ T5890] usb 4-1: config 220 interface 1 altsetting 5 has 1 endpoint descriptor, different from the interface descriptor's value: 12 [ 442.975902][ T5890] usb 4-1: config 220 interface 0 has no altsetting 0 [ 442.985728][ T5890] usb 4-1: config 220 interface 76 has no altsetting 0 [ 442.993062][ T5890] usb 4-1: config 220 interface 1 has no altsetting 0 [ 443.038794][ T5890] usb 4-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 443.066385][ T5890] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 443.084682][ T5890] usb 4-1: Product: syz [ 443.095045][ T5890] usb 4-1: Manufacturer: syz [ 443.104906][ T5890] usb 4-1: SerialNumber: syz [ 443.335923][ T5890] usb 4-1: selecting invalid altsetting 0 [ 443.352497][ T5890] usb 4-1: Found UVC 7.01 device syz (8086:0b07) [ 443.373486][ T5890] usb 4-1: No valid video chain found. [ 443.395930][ T5890] usb 4-1: selecting invalid altsetting 0 [ 443.401853][ T5890] usbtest 4-1:220.1: probe with driver usbtest failed with error -22 [ 443.427233][ T5890] usb 4-1: USB disconnect, device number 96 [ 443.659576][T13923] netlink: 12 bytes leftover after parsing attributes in process `syz.4.1893'. [ 443.727020][T13920] bridge_slave_1: left allmulticast mode [ 443.732920][T13920] bridge_slave_1: left promiscuous mode [ 443.741340][T13920] bridge0: port 2(bridge_slave_1) entered disabled state [ 443.826497][T13928] netlink: 'syz.4.1895': attribute type 4 has an invalid length. [ 443.885043][T13928] netlink: 'syz.4.1895': attribute type 4 has an invalid length. [ 444.150051][T13930] netlink: 148 bytes leftover after parsing attributes in process `syz.3.1896'. [ 444.277039][T13930] netlink: 56 bytes leftover after parsing attributes in process `syz.3.1896'. [ 445.125344][ T10] usb 3-1: new high-speed USB device number 70 using dummy_hcd [ 445.327786][ T10] usb 3-1: config 2 has an invalid interface number: 83 but max is 0 [ 445.345218][ T10] usb 3-1: config 2 has an invalid interface number: 5 but max is 0 [ 445.363475][ T10] usb 3-1: config 2 has 2 interfaces, different from the descriptor's value: 1 [ 445.394304][ T10] usb 3-1: config 2 has no interface number 0 [ 445.414425][ T10] usb 3-1: config 2 has no interface number 1 [ 445.452641][ T10] usb 3-1: too many endpoints for config 2 interface 5 altsetting 6: 249, using maximum allowed: 30 [ 445.480431][ T10] usb 3-1: config 2 interface 5 altsetting 6 has 0 endpoint descriptors, different from the interface descriptor's value: 249 [ 445.559008][ T10] usb 3-1: config 2 interface 5 has no altsetting 0 [ 445.585443][ T10] usb 3-1: New USB device found, idVendor=045e, idProduct=00c2, bcdDevice=e1.35 [ 445.657981][ T10] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 445.909153][T13941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 445.953641][T13941] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 446.417346][T13959] FAULT_INJECTION: forcing a failure. [ 446.417346][T13959] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 446.431714][T13959] CPU: 1 UID: 0 PID: 13959 Comm: syz.1.1906 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 446.431744][T13959] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 446.431759][T13959] Call Trace: [ 446.431768][T13959] [ 446.431776][T13959] dump_stack_lvl+0x241/0x360 [ 446.431806][T13959] ? __pfx_dump_stack_lvl+0x10/0x10 [ 446.431829][T13959] ? __pfx__printk+0x10/0x10 [ 446.431867][T13959] ? snprintf+0xda/0x120 [ 446.431892][T13959] should_fail_ex+0x40a/0x550 [ 446.431922][T13959] _copy_to_user+0x31/0xb0 [ 446.431947][T13959] simple_read_from_buffer+0xdc/0x170 [ 446.431978][T13959] proc_fail_nth_read+0x1e9/0x250 [ 446.432013][T13959] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 446.432049][T13959] ? rw_verify_area+0x243/0x630 [ 446.432070][T13959] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 446.432103][T13959] vfs_read+0x1f8/0xb40 [ 446.432125][T13959] ? fdget_pos+0x247/0x310 [ 446.432157][T13959] ? __pfx___mutex_lock+0x10/0x10 [ 446.432186][T13959] ? __pfx_vfs_read+0x10/0x10 [ 446.432210][T13959] ? __fget_files+0x2a/0x420 [ 446.432241][T13959] ? __fget_files+0x39d/0x420 [ 446.432270][T13959] ? __fget_files+0x2a/0x420 [ 446.432322][T13959] ksys_read+0x18f/0x2b0 [ 446.432346][T13959] ? __pfx_ksys_read+0x10/0x10 [ 446.432369][T13959] ? do_syscall_64+0x100/0x230 [ 446.432401][T13959] ? do_syscall_64+0xb6/0x230 [ 446.432430][T13959] do_syscall_64+0xf3/0x230 [ 446.432475][T13959] ? clear_bhb_loop+0x35/0x90 [ 446.432508][T13959] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 446.432536][T13959] RIP: 0033:0x7f7f6738bb7c [ 446.432556][T13959] Code: ec 28 48 89 54 24 18 48 89 74 24 10 89 7c 24 08 e8 99 93 02 00 48 8b 54 24 18 48 8b 74 24 10 41 89 c0 8b 7c 24 08 31 c0 0f 05 <48> 3d 00 f0 ff ff 77 34 44 89 c7 48 89 44 24 08 e8 ef 93 02 00 48 [ 446.432574][T13959] RSP: 002b:00007f7f68215030 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 446.432597][T13959] RAX: ffffffffffffffda RBX: 00007f7f675a5fa0 RCX: 00007f7f6738bb7c [ 446.432613][T13959] RDX: 000000000000000f RSI: 00007f7f682150a0 RDI: 000000000000000d [ 446.432626][T13959] RBP: 00007f7f68215090 R08: 0000000000000000 R09: 0000000000000000 [ 446.432639][T13959] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 446.432652][T13959] R13: 0000000000000000 R14: 00007f7f675a5fa0 R15: 00007f7f676cfa28 [ 446.432700][T13959] [ 446.963857][T13962] bridge0: port 2(netdevsim2) entered blocking state [ 446.982238][T13962] bridge0: port 2(netdevsim2) entered disabled state [ 446.992396][T13962] netdevsim netdevsim4 netdevsim2: entered allmulticast mode [ 447.012729][T13962] netdevsim netdevsim4 netdevsim2: entered promiscuous mode [ 447.041057][T13962] bridge0: port 2(netdevsim2) entered blocking state [ 447.047983][T13962] bridge0: port 2(netdevsim2) entered forwarding state [ 447.146859][T13964] veth0: entered allmulticast mode [ 447.171378][T13961] veth0: left allmulticast mode [ 447.500644][T13968] netlink: 148 bytes leftover after parsing attributes in process `syz.1.1910'. [ 447.511808][T13968] netlink: 56 bytes leftover after parsing attributes in process `syz.1.1910'. [ 447.585500][T13941] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 447.675540][T13941] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 447.859397][ T10] usb 3-1: string descriptor 0 read error: -71 [ 447.922910][ T10] usb 3-1: USB disconnect, device number 70 [ 448.103293][T13978] netlink: 'syz.4.1914': attribute type 4 has an invalid length. [ 448.155206][ T5891] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 448.159745][T13978] netlink: 'syz.4.1914': attribute type 4 has an invalid length. [ 448.325300][ T5891] usb 2-1: Using ep0 maxpacket: 16 [ 448.346602][ T5891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 448.397588][ T5891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 448.447692][ T5891] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 448.491895][ T5891] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 448.535816][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 448.584523][T13984] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1917'. [ 448.603977][ T5891] usb 2-1: config 0 descriptor?? [ 448.613369][T13984] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1917'. [ 448.946662][ T10] usb 3-1: new high-speed USB device number 71 using dummy_hcd [ 449.043518][T13974] xt_CT: You must specify a L4 protocol and not use inversions on it [ 449.137642][ T10] usb 3-1: Using ep0 maxpacket: 8 [ 449.154422][ T10] usb 3-1: config 127 has an invalid interface number: 171 but max is 1 [ 449.235309][ T10] usb 3-1: config 127 has no interface number 1 [ 449.241789][ T10] usb 3-1: config 127 interface 171 has no altsetting 0 [ 449.290972][ T10] usb 3-1: config 127 interface 0 has no altsetting 0 [ 449.306403][ T10] usb 3-1: New USB device found, idVendor=04e2, idProduct=1414, bcdDevice=c5.b9 [ 449.317129][ T10] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 449.333299][ T10] usb 3-1: Product: syz [ 449.343391][ T10] usb 3-1: Manufacturer: syz [ 449.358418][ T10] usb 3-1: SerialNumber: syz [ 449.587026][ T10] xr_serial 3-1:127.171: xr_serial converter detected [ 449.611557][ T10] xr_serial ttyUSB0: Failed to set reg 0x1a: -71 [ 449.645621][ T10] xr_serial ttyUSB0: probe with driver xr_serial failed with error -71 [ 449.694730][ T10] usb 3-1: USB disconnect, device number 71 [ 449.731837][ T10] xr_serial 3-1:127.171: device disconnected [ 449.751413][T13999] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1920'. [ 450.108584][T14002] netlink: 4 bytes leftover after parsing attributes in process `syz.4.1921'. [ 450.269166][T14007] FAULT_INJECTION: forcing a failure. [ 450.269166][T14007] name failslab, interval 1, probability 0, space 0, times 0 [ 450.422515][T14007] CPU: 1 UID: 0 PID: 14007 Comm: syz.3.1923 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 450.422548][T14007] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 450.422562][T14007] Call Trace: [ 450.422588][T14007] [ 450.422598][T14007] dump_stack_lvl+0x241/0x360 [ 450.422629][T14007] ? __pfx_dump_stack_lvl+0x10/0x10 [ 450.422652][T14007] ? __pfx__printk+0x10/0x10 [ 450.422687][T14007] ? __kvmalloc_node_noprof+0x130/0x580 [ 450.422718][T14007] ? __pfx___might_resched+0x10/0x10 [ 450.422755][T14007] should_fail_ex+0x40a/0x550 [ 450.422788][T14007] should_failslab+0xac/0x100 [ 450.422818][T14007] __kvmalloc_node_noprof+0x158/0x580 [ 450.422849][T14007] ? keyctl_update_key+0x60/0x140 [ 450.422872][T14007] ? sb_end_write+0xe9/0x1c0 [ 450.422906][T14007] keyctl_update_key+0x60/0x140 [ 450.422930][T14007] __se_sys_keyctl+0x569/0x910 [ 450.422959][T14007] ? __pfx___se_sys_keyctl+0x10/0x10 [ 450.422982][T14007] ? do_sys_openat2+0x155/0x1c0 [ 450.423016][T14007] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 450.423044][T14007] ? __fget_files+0x2a/0x420 [ 450.423086][T14007] ? __fget_files+0x2a/0x420 [ 450.423125][T14007] ? lockdep_hardirqs_on_prepare+0x43d/0x780 [ 450.423160][T14007] ? __pfx_lockdep_hardirqs_on_prepare+0x10/0x10 [ 450.423194][T14007] ? do_syscall_64+0x100/0x230 [ 450.423226][T14007] ? __x64_sys_keyctl+0x20/0xc0 [ 450.423253][T14007] do_syscall_64+0xf3/0x230 [ 450.423282][T14007] ? clear_bhb_loop+0x35/0x90 [ 450.423316][T14007] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 450.423346][T14007] RIP: 0033:0x7ff897b8d169 [ 450.423365][T14007] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 450.423383][T14007] RSP: 002b:00007ff89899e038 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 450.423407][T14007] RAX: ffffffffffffffda RBX: 00007ff897da5fa0 RCX: 00007ff897b8d169 [ 450.423424][T14007] RDX: 0000200000000340 RSI: 000000000d9c070f RDI: 0000000000000002 [ 450.423439][T14007] RBP: 00007ff89899e090 R08: 0000000000000000 R09: 0000000000000000 [ 450.423453][T14007] R10: 0000000000000004 R11: 0000000000000246 R12: 0000000000000001 [ 450.423467][T14007] R13: 0000000000000000 R14: 00007ff897da5fa0 R15: 00007ff897ecfa28 [ 450.423498][T14007] [ 451.049816][T14013] netlink: 148 bytes leftover after parsing attributes in process `syz.2.1924'. [ 451.072775][T14013] netlink: 56 bytes leftover after parsing attributes in process `syz.2.1924'. [ 451.137252][T14002] team0 (unregistering): Port device team_slave_0 removed [ 451.193164][T14002] team0 (unregistering): Port device team_slave_1 removed [ 451.229185][ T5891] usbhid 2-1:0.0: can't add hid device: -71 [ 451.267413][T14002] team0 (unregistering): Port device batadv1 removed [ 451.283327][ T5891] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 451.319246][ T5891] usb 2-1: USB disconnect, device number 76 [ 451.450201][T14009] (unnamed net_device) (uninitialized): option packets_per_slave: invalid value (262145) [ 451.466487][T14009] (unnamed net_device) (uninitialized): option packets_per_slave: allowed values 0 - 65535 [ 452.165254][ T5891] usb 3-1: new high-speed USB device number 72 using dummy_hcd [ 452.355323][ T5891] usb 3-1: Using ep0 maxpacket: 8 [ 452.409612][ T5891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 452.445423][ T5891] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 452.455558][ T5891] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 452.492812][T14043] netlink: 16402 bytes leftover after parsing attributes in process `syz.4.1937'. [ 452.502467][ T5891] usb 3-1: New USB device found, idVendor=056a, idProduct=00b5, bcdDevice= 0.00 [ 452.545520][ T5891] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 452.567789][ T5891] usb 3-1: config 0 descriptor?? [ 452.575711][ T5893] usb 1-1: new high-speed USB device number 65 using dummy_hcd [ 452.766564][ T5893] usb 1-1: Using ep0 maxpacket: 16 [ 452.791055][ T5893] usb 1-1: config 0 has an invalid interface number: 105 but max is 0 [ 452.803100][ T5893] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 452.821982][ T5891] usbhid 3-1:0.0: can't add hid device: -71 [ 452.837989][ T5891] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 452.850174][ T5891] usb 3-1: USB disconnect, device number 72 [ 452.859996][ T5893] usb 1-1: config 0 has no interface number 0 [ 452.894769][ T5893] usb 1-1: New USB device found, idVendor=046c, idProduct=14e8, bcdDevice= b.28 [ 452.915352][ T5893] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 452.923413][ T5893] usb 1-1: Product: syz [ 452.941172][ T5893] usb 1-1: Manufacturer: syz [ 452.954519][ T5893] usb 1-1: SerialNumber: syz [ 452.991495][ T5893] usb 1-1: config 0 descriptor?? [ 453.013290][ T5893] usb 1-1: Found UVC 0.00 device syz (046c:14e8) [ 453.040554][ T5893] usb 1-1: No valid video chain found. [ 453.218928][ T874] usb 1-1: USB disconnect, device number 65 [ 454.185411][ T5893] usb 1-1: new high-speed USB device number 66 using dummy_hcd [ 454.217216][ T874] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 454.373116][ T5893] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 454.394882][ T874] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 454.397797][T14103] loop6: detected capacity change from 0 to 4599 [ 454.416826][ T5893] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 454.426981][ T874] usb 5-1: New USB device found, idVendor=0471, idProduct=0304, bcdDevice=e4.df [ 454.445398][ T5893] usb 1-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 454.445432][ T5893] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.446535][ T874] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 454.449705][ T5893] usb 1-1: config 0 descriptor?? [ 454.463254][ T874] usb 5-1: config 0 descriptor?? [ 454.467348][ T874] pwc: Askey VC010 type 2 USB webcam detected. [ 454.639358][T14107] netlink: 'syz.2.1967': attribute type 1 has an invalid length. [ 454.871688][ T5893] hid-led 0003:0FC5:B080.0025: item fetching failed at offset 0/3 [ 454.882730][T14111] pim6reg1: entered promiscuous mode [ 454.888979][T14111] pim6reg1: entered allmulticast mode [ 454.899547][ T5893] hid-led 0003:0FC5:B080.0025: probe with driver hid-led failed with error -22 [ 454.929756][ T874] pwc: recv_control_msg error -32 req 02 val 2b00 [ 454.960579][ T874] pwc: recv_control_msg error -32 req 02 val 2700 [ 454.984502][ T874] pwc: recv_control_msg error -32 req 02 val 2c00 [ 455.006239][ T874] pwc: recv_control_msg error -32 req 04 val 1000 [ 455.016139][ T874] pwc: recv_control_msg error -32 req 04 val 1300 [ 455.033126][ T874] pwc: recv_control_msg error -32 req 04 val 1400 [ 455.072609][ T5893] usb 1-1: USB disconnect, device number 66 [ 455.245418][ T874] pwc: recv_control_msg error -71 req 02 val 2100 [ 455.262755][ T874] pwc: recv_control_msg error -71 req 04 val 1500 [ 455.289052][ T874] pwc: recv_control_msg error -71 req 02 val 2500 [ 455.297816][ T874] pwc: recv_control_msg error -71 req 02 val 2400 [ 455.304706][ T874] pwc: recv_control_msg error -71 req 02 val 2600 [ 455.312274][ T874] pwc: recv_control_msg error -71 req 02 val 2900 [ 455.320156][ T874] pwc: recv_control_msg error -71 req 02 val 2800 [ 455.327703][ T874] pwc: recv_control_msg error -71 req 04 val 1100 [ 455.334733][ T874] pwc: recv_control_msg error -71 req 04 val 1200 [ 455.361795][ T874] pwc: Registered as video103. [ 455.377357][ T874] input: PWC snapshot button as /devices/platform/dummy_hcd.4/usb5/5-1/input/input49 [ 455.446642][ T874] usb 5-1: USB disconnect, device number 68 [ 457.086694][T14161] kvm: kvm [14159]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x186) = 0x4000 [ 457.119348][T14161] kvm: kvm [14159]: vcpu0, guest rIP: 0x1be Unhandled WRMSR(0x187) = 0x4000 [ 458.066727][T14193] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1490366250 (5961465000 ns) > initial count (3639574344 ns). Using initial count to start timer. [ 458.115432][ T5891] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 458.296072][ T5891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 458.325344][ T5891] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 458.351298][ T5891] usb 2-1: New USB device found, idVendor=0fc5, idProduct=b080, bcdDevice= 0.00 [ 458.375759][ T5891] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 458.403967][ T5891] usb 2-1: config 0 descriptor?? [ 458.767485][T14214] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2013'. [ 458.777137][T14214] netlink: 16 bytes leftover after parsing attributes in process `syz.2.2013'. [ 458.790014][T14214] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2013'. [ 458.800395][T14214] netlink: 36 bytes leftover after parsing attributes in process `syz.2.2013'. [ 458.858943][ T5891] hid-led 0003:0FC5:B080.0026: unknown main item tag 0x0 [ 459.053515][ T5891] hid-led 0003:0FC5:B080.0026: probe with driver hid-led failed with error -71 [ 459.075521][ T5891] usb 2-1: USB disconnect, device number 77 [ 459.135835][ T874] usb 1-1: new high-speed USB device number 67 using dummy_hcd [ 459.295448][ T874] usb 1-1: Using ep0 maxpacket: 32 [ 459.308485][ T874] usb 1-1: New USB device found, idVendor=0fd9, idProduct=0025, bcdDevice=29.40 [ 459.327973][ T874] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 459.350151][ T874] usb 1-1: config 0 descriptor?? [ 459.376015][T14231] netlink: 'syz.3.2023': attribute type 13 has an invalid length. [ 459.427922][T14231] veth1_vlan: left allmulticast mode [ 459.605249][ T874] dvb-usb: found a 'Elgato EyeTV Sat' in warm state. [ 459.627716][ T874] dvb-usb: will pass the complete MPEG2 transport stream to the software demuxer. [ 459.660151][ T874] dvbdev: DVB: registering new adapter (Elgato EyeTV Sat) [ 459.695759][ T874] usb 1-1: media controller created [ 459.764011][ T874] dvbdev: dvb_create_media_entity: media entity 'dvb-demux' registered. [ 459.961315][T14249] vhci_hcd vhci_hcd.0: pdev(2) rhport(0) sockfd(3) [ 459.967984][T14249] vhci_hcd vhci_hcd.0: devid(0) speed(1) speed_str(low-speed) [ 459.978646][T14249] vhci_hcd vhci_hcd.0: Device attached [ 459.987637][T14250] vhci_hcd: connection closed [ 459.988188][ T1099] vhci_hcd: stop threads [ 459.998955][ T1099] vhci_hcd: release socket [ 460.003442][ T1099] vhci_hcd: disconnect device [ 460.032058][T14219] netlink: 8 bytes leftover after parsing attributes in process `syz.0.2017'. [ 460.045188][T14219] netlink: 4 bytes leftover after parsing attributes in process `syz.0.2017'. [ 460.080810][T14219] [ 460.083268][T14219] ===================================================== [ 460.090209][T14219] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 460.097702][T14219] 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 Not tainted [ 460.104490][T14219] ----------------------------------------------------- [ 460.111534][T14219] syz.0.2017/14219 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 460.119370][T14219] ffff8880536a7168 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4f0 [ 460.121799][T14235] PM: Image not found (code -6) [ 460.128102][T14219] [ 460.128102][T14219] and this task is already holding: [ 460.128114][T14219] ffff88802a45d230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xc5/0x350 [ 460.128183][T14219] which would create a new lock dependency: [ 460.128191][T14219] (&dev->event_lock#2){..-.}-{3:3} -> (&new->fa_lock){....}-{3:3} [ 460.163923][T14219] [ 460.163923][T14219] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 460.173428][T14219] (&dev->event_lock#2){..-.}-{3:3} [ 460.173477][T14219] [ 460.173477][T14219] ... which became SOFTIRQ-irq-safe at: [ 460.186603][T14219] lock_acquire+0x1ed/0x550 [ 460.191242][T14219] _raw_spin_lock_irqsave+0xd5/0x120 [ 460.191941][T14235] PM: Image not found (code -6) [ 460.196635][T14219] input_event+0x86/0xe0 [ 460.196665][T14219] hidinput_hid_event+0x132d/0x1ca0 [ 460.196686][T14219] hid_process_event+0x439/0x590 [ 460.196717][T14219] hid_report_raw_event+0xf1f/0x17b0 [ 460.196743][T14219] hid_input_report+0x416/0x500 [ 460.196770][T14219] hid_irq_in+0x4a0/0x6d0 [ 460.231076][T14219] __usb_hcd_giveback_urb+0x42c/0x6e0 [ 460.236576][T14219] dummy_timer+0x849/0x4640 [ 460.241199][T14219] __hrtimer_run_queues+0x59b/0xd30 [ 460.246526][T14219] hrtimer_run_softirq+0x19a/0x2c0 [ 460.251763][T14219] handle_softirqs+0x2d4/0x9b0 [ 460.256643][T14219] __irq_exit_rcu+0xf7/0x220 [ 460.261348][T14219] irq_exit_rcu+0x9/0x30 [ 460.265719][T14219] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 460.271494][T14219] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 460.272300][T14235] PM: Image not found (code -6) [ 460.277581][T14219] vcpu_run+0x6be9/0x8ae0 [ 460.277608][T14219] kvm_arch_vcpu_ioctl_run+0xa68/0x1940 [ 460.277629][T14219] kvm_vcpu_ioctl+0x996/0x1020 [ 460.277648][T14219] __se_sys_ioctl+0xf1/0x160 [ 460.277669][T14219] do_syscall_64+0xf3/0x230 [ 460.306699][T14219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.312725][T14219] [ 460.312725][T14219] to a SOFTIRQ-irq-unsafe lock: [ 460.315175][ T10] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 460.319742][T14219] (tasklist_lock){.+.+}-{3:3} [ 460.327329][T14219] [ 460.327329][T14219] ... which became SOFTIRQ-irq-unsafe at: [ 460.340022][T14219] ... [ 460.340037][T14219] lock_acquire+0x1ed/0x550 [ 460.347261][T14219] _raw_read_lock+0x36/0x50 [ 460.351884][T14219] __do_wait+0x12d/0x850 [ 460.356245][T14219] do_wait+0x1e9/0x550 [ 460.360414][T14219] kernel_wait+0xe9/0x240 [ 460.364841][T14219] call_usermodehelper_exec_work+0xbd/0x230 [ 460.370833][T14219] process_scheduled_works+0xabe/0x18e0 [ 460.376483][T14219] worker_thread+0x870/0xd30 [ 460.381170][T14219] kthread+0x7a9/0x920 [ 460.385338][T14219] ret_from_fork+0x4b/0x80 [ 460.389853][T14219] ret_from_fork_asm+0x1a/0x30 [ 460.394716][T14219] [ 460.394716][T14219] other info that might help us debug this: [ 460.394716][T14219] [ 460.404945][T14219] Chain exists of: [ 460.404945][T14219] &dev->event_lock#2 --> &new->fa_lock --> tasklist_lock [ 460.404945][T14219] [ 460.417922][T14219] Possible interrupt unsafe locking scenario: [ 460.417922][T14219] [ 460.426245][T14219] CPU0 CPU1 [ 460.431621][T14219] ---- ---- [ 460.436983][T14219] lock(tasklist_lock); [ 460.441234][T14219] local_irq_disable(); [ 460.447988][T14219] lock(&dev->event_lock#2); [ 460.455227][T14219] lock(&new->fa_lock); [ 460.461997][T14219] [ 460.465465][T14219] lock(&dev->event_lock#2); [ 460.470336][T14219] [ 460.470336][T14219] *** DEADLOCK *** [ 460.470336][T14219] [ 460.478486][T14219] 6 locks held by syz.0.2017/14219: [ 460.483686][T14219] #0: ffff88802a45f118 (&evdev->mutex){+.+.}-{4:4}, at: evdev_write+0x25e/0x790 [ 460.492845][T14219] #1: ffff88802a45d230 (&dev->event_lock#2){..-.}-{3:3}, at: input_inject_event+0xc5/0x350 [ 460.502971][T14219] #2: ffffffff8eb39420 (rcu_read_lock){....}-{1:3}, at: input_inject_event+0xd6/0x350 [ 460.512655][T14219] #3: ffffffff8eb39420 (rcu_read_lock){....}-{1:3}, at: input_pass_values+0x8e/0x890 [ 460.522257][T14219] #4: ffffffff8eb39420 (rcu_read_lock){....}-{1:3}, at: mousedev_notify_readers+0x2a/0xc80 [ 460.532373][T14219] #5: ffffffff8eb39420 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x54/0x4f0 [ 460.541441][T14219] [ 460.541441][T14219] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 460.551850][T14219] -> (&dev->event_lock#2){..-.}-{3:3} { [ 460.557445][T14219] IN-SOFTIRQ-W at: [ 460.561446][T14219] lock_acquire+0x1ed/0x550 [ 460.567614][T14219] _raw_spin_lock_irqsave+0xd5/0x120 [ 460.574552][T14219] input_event+0x86/0xe0 [ 460.580469][T14219] hidinput_hid_event+0x132d/0x1ca0 [ 460.587324][T14219] hid_process_event+0x439/0x590 [ 460.593924][T14219] hid_report_raw_event+0xf1f/0x17b0 [ 460.600868][T14219] hid_input_report+0x416/0x500 [ 460.607391][T14219] hid_irq_in+0x4a0/0x6d0 [ 460.613384][T14219] __usb_hcd_giveback_urb+0x42c/0x6e0 [ 460.620409][T14219] dummy_timer+0x849/0x4640 [ 460.626588][T14219] __hrtimer_run_queues+0x59b/0xd30 [ 460.633436][T14219] hrtimer_run_softirq+0x19a/0x2c0 [ 460.640220][T14219] handle_softirqs+0x2d4/0x9b0 [ 460.646662][T14219] __irq_exit_rcu+0xf7/0x220 [ 460.652917][T14219] irq_exit_rcu+0x9/0x30 [ 460.658824][T14219] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 460.666130][T14219] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 460.673869][T14219] vcpu_run+0x6be9/0x8ae0 [ 460.679874][T14219] kvm_arch_vcpu_ioctl_run+0xa68/0x1940 [ 460.687172][T14219] kvm_vcpu_ioctl+0x996/0x1020 [ 460.693619][T14219] __se_sys_ioctl+0xf1/0x160 [ 460.699966][T14219] do_syscall_64+0xf3/0x230 [ 460.706144][T14219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 460.713823][T14219] INITIAL USE at: [ 460.717741][T14219] lock_acquire+0x1ed/0x550 [ 460.723833][T14219] _raw_spin_lock_irqsave+0xd5/0x120 [ 460.730713][T14219] input_inject_event+0xc5/0x350 [ 460.737242][T14219] kbd_led_trigger_activate+0xb8/0x100 [ 460.744281][T14219] led_trigger_set+0x582/0x9c0 [ 460.750628][T14219] led_trigger_set_default+0x229/0x260 [ 460.757671][T14219] led_classdev_register_ext+0x776/0x980 [ 460.764888][T14219] input_leds_connect+0x489/0x630 [ 460.771509][T14219] input_register_device+0xce2/0x10c0 [ 460.778557][T14219] atkbd_connect+0x762/0xa20 [ 460.784742][T14219] serio_driver_probe+0x7f/0xa0 [ 460.791204][T14219] really_probe+0x2b9/0xad0 [ 460.797379][T14219] __driver_probe_device+0x1a2/0x390 [ 460.804250][T14219] driver_probe_device+0x50/0x430 [ 460.811028][T14219] __driver_attach+0x45f/0x710 [ 460.817370][T14219] bus_for_each_dev+0x239/0x2b0 [ 460.823803][T14219] serio_handle_event+0x1c7/0x920 [ 460.830407][T14219] process_scheduled_works+0xabe/0x18e0 [ 460.837529][T14219] worker_thread+0x870/0xd30 [ 460.843774][T14219] kthread+0x7a9/0x920 [ 460.849410][T14219] ret_from_fork+0x4b/0x80 [ 460.855392][T14219] ret_from_fork_asm+0x1a/0x30 [ 460.861730][T14219] } [ 460.864245][T14219] ... key at: [] input_allocate_device.__key.5+0x0/0x20 [ 460.873264][T14219] [ 460.873264][T14219] the dependencies between the lock to be acquired [ 460.873275][T14219] and SOFTIRQ-irq-unsafe lock: [ 460.886784][T14219] -> (tasklist_lock){.+.+}-{3:3} { [ 460.892097][T14219] HARDIRQ-ON-R at: [ 460.896252][T14219] lock_acquire+0x1ed/0x550 [ 460.902760][T14219] _raw_read_lock+0x36/0x50 [ 460.909265][T14219] __do_wait+0x12d/0x850 [ 460.915513][T14219] do_wait+0x1e9/0x550 [ 460.921587][T14219] kernel_wait+0xe9/0x240 [ 460.927948][T14219] call_usermodehelper_exec_work+0xbd/0x230 [ 460.935840][T14219] process_scheduled_works+0xabe/0x18e0 [ 460.943383][T14219] worker_thread+0x870/0xd30 [ 460.949974][T14219] kthread+0x7a9/0x920 [ 460.956050][T14219] ret_from_fork+0x4b/0x80 [ 460.962486][T14219] ret_from_fork_asm+0x1a/0x30 [ 460.969285][T14219] SOFTIRQ-ON-R at: [ 460.973446][T14219] lock_acquire+0x1ed/0x550 [ 460.979961][T14219] _raw_read_lock+0x36/0x50 [ 460.986469][T14219] __do_wait+0x12d/0x850 [ 460.992721][T14219] do_wait+0x1e9/0x550 [ 460.998799][T14219] kernel_wait+0xe9/0x240 [ 461.005137][T14219] call_usermodehelper_exec_work+0xbd/0x230 [ 461.013043][T14219] process_scheduled_works+0xabe/0x18e0 [ 461.020591][T14219] worker_thread+0x870/0xd30 [ 461.027187][T14219] kthread+0x7a9/0x920 [ 461.033264][T14219] ret_from_fork+0x4b/0x80 [ 461.039784][T14219] ret_from_fork_asm+0x1a/0x30 [ 461.046549][T14219] INITIAL USE at: [ 461.050621][T14219] lock_acquire+0x1ed/0x550 [ 461.057047][T14219] _raw_write_lock_irq+0xd3/0x120 [ 461.063985][T14219] copy_process+0x220e/0x3cf0 [ 461.070575][T14219] kernel_clone+0x226/0x8e0 [ 461.076995][T14219] user_mode_thread+0x144/0x1c0 [ 461.083757][T14219] rest_init+0x23/0x300 [ 461.089857][T14219] start_kernel+0x484/0x510 [ 461.096284][T14219] x86_64_start_reservations+0x2a/0x30 [ 461.103672][T14219] x86_64_start_kernel+0x66/0x70 [ 461.110539][T14219] common_startup_64+0x13e/0x147 [ 461.117402][T14219] INITIAL READ USE at: [ 461.121911][T14219] lock_acquire+0x1ed/0x550 [ 461.128779][T14219] _raw_read_lock+0x36/0x50 [ 461.135630][T14219] __do_wait+0x12d/0x850 [ 461.142227][T14219] do_wait+0x1e9/0x550 [ 461.148649][T14219] kernel_wait+0xe9/0x240 [ 461.155352][T14219] call_usermodehelper_exec_work+0xbd/0x230 [ 461.163607][T14219] process_scheduled_works+0xabe/0x18e0 [ 461.171501][T14219] worker_thread+0x870/0xd30 [ 461.178445][T14219] kthread+0x7a9/0x920 [ 461.184870][T14219] ret_from_fork+0x4b/0x80 [ 461.191641][T14219] ret_from_fork_asm+0x1a/0x30 [ 461.198757][T14219] } [ 461.201426][T14219] ... key at: [] tasklist_lock+0x18/0x40 [ 461.209326][T14219] ... acquired at: [ 461.213300][T14219] lock_acquire+0x1ed/0x550 [ 461.217989][T14219] _raw_read_lock+0x36/0x50 [ 461.222670][T14219] send_sigurg+0x141/0x430 [ 461.227271][T14219] sk_send_sigurg+0x6e/0x2f0 [ 461.232051][T14219] queue_oob+0x4ae/0x650 [ 461.236476][T14219] unix_stream_sendmsg+0xcab/0xf40 [ 461.241771][T14219] __sock_sendmsg+0x221/0x270 [ 461.246623][T14219] ____sys_sendmsg+0x524/0x860 [ 461.251570][T14219] __sys_sendmmsg+0x36a/0x720 [ 461.256434][T14219] __x64_sys_sendmmsg+0xa0/0xb0 [ 461.261463][T14219] do_syscall_64+0xf3/0x230 [ 461.266167][T14219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.272241][T14219] [ 461.274583][T14219] -> (&f_owner->lock){....}-{3:3} { [ 461.279910][T14219] INITIAL USE at: [ 461.283898][T14219] lock_acquire+0x1ed/0x550 [ 461.290166][T14219] _raw_write_lock_irq+0xd3/0x120 [ 461.296945][T14219] __f_setown+0x68/0x380 [ 461.302939][T14219] f_setown+0x23d/0x300 [ 461.308845][T14219] do_fcntl+0x115/0x1ae0 [ 461.314826][T14219] __se_sys_fcntl+0xd2/0x1e0 [ 461.321162][T14219] do_syscall_64+0xf3/0x230 [ 461.327496][T14219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.335150][T14219] INITIAL READ USE at: [ 461.339559][T14219] lock_acquire+0x1ed/0x550 [ 461.346244][T14219] _raw_read_lock_irqsave+0xdd/0x130 [ 461.353703][T14219] send_sigio+0x37/0x390 [ 461.360143][T14219] kill_fasync+0x253/0x4f0 [ 461.366726][T14219] fsnotify_insert_event+0x378/0x430 [ 461.374276][T14219] inotify_handle_inode_event+0x3f6/0x5f0 [ 461.382175][T14219] inotify_ignored_and_remove_idr+0x29/0x70 [ 461.390254][T14219] fsnotify_destroy_marks+0x1c2/0x420 [ 461.397837][T14219] dentry_unlink_inode+0x2e0/0x430 [ 461.405125][T14219] vfs_rmdir+0x25f/0x510 [ 461.411546][T14219] do_rmdir+0x379/0x550 [ 461.417887][T14219] __x64_sys_rmdir+0x47/0x50 [ 461.424667][T14219] do_syscall_64+0xf3/0x230 [ 461.431356][T14219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.439427][T14219] } [ 461.442011][T14219] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 461.450949][T14219] ... acquired at: [ 461.454837][T14219] lock_acquire+0x1ed/0x550 [ 461.459520][T14219] _raw_read_lock_irqsave+0xdd/0x130 [ 461.464978][T14219] send_sigio+0x37/0x390 [ 461.469402][T14219] kill_fasync+0x253/0x4f0 [ 461.473989][T14219] fsnotify_insert_event+0x378/0x430 [ 461.479453][T14219] inotify_handle_inode_event+0x3f6/0x5f0 [ 461.485353][T14219] inotify_ignored_and_remove_idr+0x29/0x70 [ 461.491432][T14219] fsnotify_destroy_marks+0x1c2/0x420 [ 461.496986][T14219] dentry_unlink_inode+0x2e0/0x430 [ 461.502267][T14219] vfs_rmdir+0x25f/0x510 [ 461.506682][T14219] do_rmdir+0x379/0x550 [ 461.511012][T14219] __x64_sys_rmdir+0x47/0x50 [ 461.515776][T14219] do_syscall_64+0xf3/0x230 [ 461.520487][T14219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.526565][T14219] [ 461.528883][T14219] -> (&new->fa_lock){....}-{3:3} { [ 461.534016][T14219] INITIAL USE at: [ 461.537923][T14219] lock_acquire+0x1ed/0x550 [ 461.544008][T14219] _raw_write_lock_irq+0xd3/0x120 [ 461.550607][T14219] fasync_remove_entry+0xec/0x1b0 [ 461.557208][T14219] fsnotify_fasync+0x4b/0x70 [ 461.563376][T14219] __fput+0x81e/0x9f0 [ 461.568932][T14219] task_work_run+0x24f/0x310 [ 461.575089][T14219] syscall_exit_to_user_mode+0x13f/0x340 [ 461.582294][T14219] do_syscall_64+0x100/0x230 [ 461.588457][T14219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.595929][T14219] INITIAL READ USE at: [ 461.600264][T14219] lock_acquire+0x1ed/0x550 [ 461.606785][T14219] _raw_read_lock_irqsave+0xdd/0x130 [ 461.614084][T14219] kill_fasync+0x199/0x4f0 [ 461.620510][T14219] fsnotify_insert_event+0x378/0x430 [ 461.627802][T14219] inotify_handle_inode_event+0x3f6/0x5f0 [ 461.635525][T14219] inotify_ignored_and_remove_idr+0x29/0x70 [ 461.643416][T14219] fsnotify_destroy_marks+0x1c2/0x420 [ 461.650788][T14219] dentry_unlink_inode+0x2e0/0x430 [ 461.657903][T14219] vfs_rmdir+0x25f/0x510 [ 461.664163][T14219] do_rmdir+0x379/0x550 [ 461.670339][T14219] __x64_sys_rmdir+0x47/0x50 [ 461.676947][T14219] do_syscall_64+0xf3/0x230 [ 461.683481][T14219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.691378][T14219] } [ 461.693878][T14219] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 461.702560][T14219] ... acquired at: [ 461.706367][T14219] lock_acquire+0x1ed/0x550 [ 461.711053][T14219] _raw_read_lock_irqsave+0xdd/0x130 [ 461.716511][T14219] kill_fasync+0x199/0x4f0 [ 461.721096][T14219] mousedev_notify_readers+0x719/0xc80 [ 461.726739][T14219] mousedev_event+0x5d9/0x1390 [ 461.731704][T14219] input_handle_events_default+0x107/0x1c0 [ 461.737715][T14219] input_pass_values+0x268/0x890 [ 461.742839][T14219] input_event_dispose+0x30f/0x600 [ 461.748129][T14219] input_handle_event+0xa71/0xbe0 [ 461.753329][T14219] input_inject_event+0x21e/0x350 [ 461.758538][T14219] evdev_write+0x5fd/0x790 [ 461.763132][T14219] vfs_write+0x29f/0xd10 [ 461.767552][T14219] ksys_write+0x18f/0x2b0 [ 461.772053][T14219] do_syscall_64+0xf3/0x230 [ 461.776736][T14219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.782822][T14219] [ 461.785145][T14219] [ 461.785145][T14219] stack backtrace: [ 461.791031][T14219] CPU: 1 UID: 0 PID: 14219 Comm: syz.0.2017 Not tainted 6.14.0-syzkaller-00685-g3ba7dfb8da62 #0 [ 461.791053][T14219] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2025 [ 461.791065][T14219] Call Trace: [ 461.791072][T14219] [ 461.791080][T14219] dump_stack_lvl+0x241/0x360 [ 461.791103][T14219] ? __pfx_dump_stack_lvl+0x10/0x10 [ 461.791121][T14219] ? __pfx__printk+0x10/0x10 [ 461.791150][T14219] ? print_shortest_lock_dependencies+0xf2/0x160 [ 461.791177][T14219] validate_chain+0x4ebd/0x5920 [ 461.791205][T14219] ? __pfx_validate_chain+0x10/0x10 [ 461.791227][T14219] ? __pfx_validate_chain+0x10/0x10 [ 461.791248][T14219] ? register_lock_class+0x102/0x980 [ 461.791274][T14219] ? __pfx_register_lock_class+0x10/0x10 [ 461.791306][T14219] ? mark_lock+0x9a/0x360 [ 461.791323][T14219] __lock_acquire+0x1397/0x2100 [ 461.791360][T14219] lock_acquire+0x1ed/0x550 [ 461.791385][T14219] ? kill_fasync+0x199/0x4f0 [ 461.791404][T14219] ? __pfx_lock_acquire+0x10/0x10 [ 461.791433][T14219] ? __pfx_lock_acquire+0x10/0x10 [ 461.791460][T14219] _raw_read_lock_irqsave+0xdd/0x130 [ 461.791480][T14219] ? kill_fasync+0x199/0x4f0 [ 461.791496][T14219] ? __pfx__raw_read_lock_irqsave+0x10/0x10 [ 461.791520][T14219] kill_fasync+0x199/0x4f0 [ 461.791536][T14219] ? kill_fasync+0x54/0x4f0 [ 461.791553][T14219] mousedev_notify_readers+0x719/0xc80 [ 461.791593][T14219] ? mousedev_notify_readers+0x2a/0xc80 [ 461.791632][T14219] mousedev_event+0x5d9/0x1390 [ 461.791654][T14219] ? __pfx_mousedev_event+0x10/0x10 [ 461.791676][T14219] input_handle_events_default+0x107/0x1c0 [ 461.791696][T14219] input_pass_values+0x268/0x890 [ 461.791719][T14219] ? input_pass_values+0x8e/0x890 [ 461.791744][T14219] input_event_dispose+0x30f/0x600 [ 461.791766][T14219] input_handle_event+0xa71/0xbe0 [ 461.791786][T14219] ? _raw_spin_lock_irqsave+0xe1/0x120 [ 461.791803][T14219] ? __pfx_input_handle_event+0x10/0x10 [ 461.791823][T14219] ? _copy_from_user+0x95/0xb0 [ 461.791844][T14219] input_inject_event+0x21e/0x350 [ 461.791863][T14219] ? input_inject_event+0xd6/0x350 [ 461.791884][T14219] evdev_write+0x5fd/0x790 [ 461.791901][T14219] ? __pfx_evdev_write+0x10/0x10 [ 461.791916][T14219] ? bpf_lsm_file_permission+0x9/0x10 [ 461.791938][T14219] ? rw_verify_area+0x243/0x630 [ 461.791952][T14219] ? __pfx_evdev_write+0x10/0x10 [ 461.791967][T14219] vfs_write+0x29f/0xd10 [ 461.791985][T14219] ? __pfx_vfs_write+0x10/0x10 [ 461.792001][T14219] ? __fget_files+0x2a/0x420 [ 461.792023][T14219] ? __fget_files+0x39d/0x420 [ 461.792044][T14219] ? __fget_files+0x2a/0x420 [ 461.792068][T14219] ksys_write+0x18f/0x2b0 [ 461.792084][T14219] ? __pfx_ksys_write+0x10/0x10 [ 461.792102][T14219] ? do_syscall_64+0x100/0x230 [ 461.792123][T14219] ? do_syscall_64+0xb6/0x230 [ 461.792145][T14219] do_syscall_64+0xf3/0x230 [ 461.792165][T14219] ? clear_bhb_loop+0x35/0x90 [ 461.792188][T14219] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 461.792210][T14219] RIP: 0033:0x7f7edff8d169 [ 461.792225][T14219] Code: ff ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 40 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 a8 ff ff ff f7 d8 64 89 01 48 [ 461.792239][T14219] RSP: 002b:00007f7ee0e0f038 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 461.792257][T14219] RAX: ffffffffffffffda RBX: 00007f7ee01a5fa0 RCX: 00007f7edff8d169 [ 461.792269][T14219] RDX: 0000000000000918 RSI: 0000200000000040 RDI: 0000000000000008 [ 461.792280][T14219] RBP: 00007f7ee000e2a0 R08: 0000000000000000 R09: 0000000000000000 [ 461.792290][T14219] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 461.792300][T14219] R13: 0000000000000000 R14: 00007f7ee01a5fa0 R15: 00007f7ee02cfa28 [ 461.792316][T14219] [ 462.180646][T14235] PM: Image not found (code -6) [ 462.346479][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 462.359470][ T10] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 462.369930][ T10] usb 2-1: New USB device found, idVendor=28de, idProduct=1142, bcdDevice= 0.00 [ 462.382527][ T10] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 462.392785][ T10] usb 2-1: config 0 descriptor?? [ 462.806861][ T10] hid-steam 0003:28DE:1142.0027: : USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 462.845357][ T874] stb0899_attach: Driver disabled by Kconfig [ 462.851478][ T874] az6027: no front-end attached [ 462.851478][ T874] [ 462.859055][ T874] az6027: usb out operation failed. (-71) [ 462.864781][ T874] dvb-usb: no frontend was attached by 'Elgato EyeTV Sat' [ 462.872945][ T874] input: IR-receiver inside an USB DVB receiver as /devices/platform/dummy_hcd.0/usb1/1-1/input/input50 [ 462.875612][ T10] hid-steam 0003:28DE:1142.0027: Steam wireless receiver connected [ 462.895408][ T874] dvb-usb: schedule remote query interval to 400 msecs. [ 462.897289][ T10] hid-steam 0003:28DE:1142.0028: hidraw0: USB HID v0.00 Device [HID 28de:1142] on usb-dummy_hcd.1-1/input0 [ 462.902358][ T874] dvb-usb: Elgato EyeTV Sat successfully initialized and connected. [ 462.930359][ T874] usb 1-1: USB disconnect, device number 67 [ 462.974920][ T874] dvb-usb: Elgato EyeTV Sat successfully deinitialized and disconnected. [ 463.008835][ T10] usb 2-1: USB disconnect, device number 78 [ 463.019933][ T10] hid-steam 0003:28DE:1142.0027: Steam wireless receiver disconnected