last executing test programs: 6m52.154380506s ago: executing program 1 (id=2039): sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x20004840}, 0x28000) sendmsg$NFNL_MSG_ACCT_NEW(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x34}, 0x1, 0x0, 0x0, 0x8000}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={0x0, 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000d00)={0x0, 0x0, &(0x7f0000000ac0)={&(0x7f0000000800)=ANY=[@ANYBLOB="68000000140001000000000000000000ff010000000000000000000000000001fe8000"/64, @ANYRES32=0x0, @ANYRES32=0xee00, @ANYBLOB="00000000000000000c00080008000800000000ffff"], 0x68}}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000100)={0x0, 0x0, &(0x7f0000009b00)={0x0}, 0x1, 0x0, 0x0, 0x4000850}, 0x4048010) r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000000), 0x40241, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000200)={'syzkaller1\x00', 0xc201}) r1 = socket$kcm(0x2, 0xa, 0x2) ioctl$SIOCSIFHWADDR(r1, 0x8914, &(0x7f0000000180)={'syzkaller1\x00', @link_local}) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-aesni\x00'}, 0x58) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x14, 0x37, 0xa01, 0x0, 0x0, {0x80}}, 0x14}}, 0x8054) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000240)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a010100000000000000000a000007"], 0x7c}, 0x1, 0x0, 0x0, 0x20004001}, 0x4000018) sendmsg$IPCTNL_MSG_CT_GET_CTRZERO(0xffffffffffffffff, &(0x7f0000000900)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000440)={0x38, 0x3, 0x1, 0x101, 0x0, 0x0, {0xa}, [@CTA_FILTER={0x14, 0x19, 0x0, 0x1, [@CTA_FILTER_ORIG_FLAGS={0x8, 0x1, 0x8}, @CTA_FILTER_REPLY_FLAGS={0x8, 0x2, 0xf5}]}, @CTA_TUPLE_ORIG={0x10, 0x1, 0x0, 0x1, [@CTA_TUPLE_PROTO={0xc, 0x2, 0x0, 0x1, {0x5, 0x1, 0x6}}]}]}, 0x38}}, 0x0) r3 = accept4(r2, 0x0, 0x0, 0x800) sendmmsg$alg(r3, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r3, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) write$tun(r0, &(0x7f0000000280)={@val={0x6f01, 0x800}, @val={0x1, 0x0, 0x27, 0x0, 0x27}, @mpls={[], @ipv4=@tcp={{0x5, 0x4, 0x0, 0x0, 0x3c, 0x0, 0x0, 0x0, 0x84, 0x0, @empty=0x3fffff20, @local}, {{0x0, 0x0, 0x41424344, 0x41424344, 0x0, 0x5, 0xa, 0x0, 0x700, 0x0, 0x18, {[@window={0x9, 0x3}, @timestamp={0x5, 0xa, 0xffffff07}, @generic={0x0, 0x5, "d58838"}]}}}}}}, 0x4a) 6m51.690459403s ago: executing program 1 (id=2044): syz_emit_ethernet(0x6e, &(0x7f0000000040)={@link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x1}, @remote, @void, {@ipv6={0x86dd, @icmpv6={0x0, 0x6, "f53a04", 0x38, 0x3a, 0x0, @remote, @mcast2, {[], @param_prob={0x2, 0x0, 0x0, 0x500, {0x0, 0x6, "508359", 0x0, 0x2, 0x0, @private1, @mcast1, [@hopopts]}}}}}}}, 0x0) syz_usb_connect(0x2, 0x2d, &(0x7f0000000100)=ANY=[@ANYBLOB="12010000fdc01a40f30c74933bbc0000000109021b0001000000000904000001a7a00f000905", @ANYBLOB="a31a33"], 0x0) 6m49.959336986s ago: executing program 1 (id=2049): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000300)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sendmsg(r1, &(0x7f0000000180)={0x0, 0x0, 0x0}, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) ioctl$TIOCMGET(r2, 0x541e, &(0x7f0000000040)) ioctl$SNDRV_SEQ_IOCTL_SET_PORT_INFO(0xffffffffffffffff, 0xc0a85320, 0x0) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, &(0x7f0000000080)={0x40000014}) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x8417f, 0x0) socket$inet(0x2, 0x2, 0x0) rt_sigqueueinfo(0x0, 0xe, &(0x7f00000004c0)={0x22, 0x6, 0x7}) r3 = socket(0x10, 0x80002, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r5, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r6 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r6, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x48, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0x25dfdbfd, {0x0, 0x0, 0x0, r7, {0x0, 0xfff1}, {0xffff, 0xffff}, {0x0, 0xf}}, [@qdisc_kind_options=@q_htb={{0x8}, {0x1c, 0x2, [@TCA_HTB_INIT={0x18, 0x2, {0x3, 0x8, 0x10000}}]}}]}, 0x48}}, 0x0) sendmsg$nl_route_sched(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000180)=@newtfilter={0x4c, 0x2c, 0xd27, 0x70bd24, 0x25dfdbff, {0x0, 0x0, 0x0, r7, {0xb, 0x9}, {}, {0xfff2, 0x2}}, [@filter_kind_options=@f_bpf={{0x8}, {0x20, 0x2, [@TCA_BPF_OPS={{0x6, 0x4, 0x1}, {0xc, 0x5, [{0x6, 0xd, 0x5, 0x4}]}}, @TCA_BPF_FLAGS_GEN={0x8, 0x9, 0x1}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x8848}, 0x20004804) open(&(0x7f00000001c0)='./cgroup\x00', 0x0, 0x157) sendmmsg$alg(r3, &(0x7f00000000c0), 0x492492492492627, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000c80)={'lo\x00'}) 6m46.606661359s ago: executing program 1 (id=2060): socket$nl_netfilter(0x10, 0x3, 0xc) socket$inet6_sctp(0xa, 0x5, 0x84) r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$NL80211_CMD_START_AP(r0, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000002c0)=ANY=[@ANYBLOB='L\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="05000000040000000f000000080003000000", @ANYRES32=0x0, @ANYBLOB="30000e0080000000ffffff8e89007f962c07335d10c9ffffff080211000000080211000000000000004f4cca4d3caa182525000000000000640001"], 0x4c}}, 0x0) r2 = socket$tipc(0x1e, 0x2, 0x0) ioctl$SIOCGETLINKNAME(r2, 0x89e0, &(0x7f00000003c0)={0x3, 0x1}) r3 = socket(0x2, 0x80805, 0x0) r4 = openat$fuse(0xffffffffffffff9c, &(0x7f00000000c0), 0x2, 0x0) r5 = syz_mount_image$fuse(&(0x7f0000000040), &(0x7f0000000240)='./file0\x00', 0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r4, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYRES16=r1, @ANYRES32=r1], 0x0, 0x0, 0x0) mount$fuse(0x0, &(0x7f0000000280)='./file0\x00', 0x0, 0x100000, 0x0) r6 = open_tree(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x89901) move_mount(r6, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000500)='./file0\x00', 0x0) r7 = open_tree(0xffffffffffffff9c, &(0x7f0000000640)='\x00', 0x89901) r8 = openat$fuse(0xffffffffffffff9c, &(0x7f0000000440), 0x2, 0x0) mount$fuse(0x0, &(0x7f00000020c0)='./file0\x00', &(0x7f0000000800), 0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB='fd=', @ANYRESHEX=r8, @ANYBLOB=',rootmode=00000000000000000040000,user_id=', @ANYRESDEC=0x0, @ANYBLOB=',group_id=', @ANYRESDEC=0x0]) move_mount(r7, &(0x7f0000000140)='.\x00', 0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x0) r9 = open_tree(r5, 0x0, 0x0) umount2(&(0x7f0000000140)='./file0\x00', 0x15) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r3, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x10, &(0x7f0000000540)=[@in={0x2, 0x4e23, @dev={0xac, 0x14, 0x14, 0x13}}]}, &(0x7f0000000180)=0x10) r10 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r9, &(0x7f000000c2c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000340)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x20000000) r11 = socket$key(0xf, 0x3, 0x2) setsockopt$sock_timeval(r11, 0x1, 0x4a, &(0x7f0000abaff9)={0x77359400}, 0x10) sendmsg$NFT_BATCH(r10, &(0x7f0000000000)={0x0, 0x7, &(0x7f0000000040)={&(0x7f0000000440)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a6c000000060a0b04000000000000000002000000400004803c0001800b00010065787468647200002c0002800800034000000000080001400000000d0500020007000000080006400000000208000440000000172500010073797a30000000000900020073797a3200000000140000001100010000000000000000000000000aa1b6e50529e7ce0fc0b6c692365b9b61a56505b3ba457fa7935922a6b658787d5c5e593f"], 0x94}}, 0x0) getsockopt$inet_sctp_SCTP_MAX_BURST(r3, 0x84, 0x14, &(0x7f0000000000)=@assoc_value, &(0x7f0000001080)=0x8) r12 = syz_open_procfs(0x0, &(0x7f00000000c0)='task\x00') fchdir(r12) syz_emit_ethernet(0x2a, &(0x7f0000000040)=ANY=[@ANYBLOB="0180c2000003bbbbbbbbbbbb0806000608100604"], 0x0) openat$dir(0xffffffffffffff9c, &(0x7f0000000040)='.\x00', 0x0, 0x48) 6m46.217585834s ago: executing program 1 (id=2062): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = socket$packet(0x11, 0x2, 0x300) syz_open_dev$media(&(0x7f00000003c0), 0x7ff, 0x40000) setsockopt$packet_int(r0, 0x107, 0xa, &(0x7f0000000080)=0x2, 0x4) setsockopt$packet_rx_ring(r0, 0x107, 0x5, &(0x7f0000000140)=@req3={0x1000, 0x3a, 0x1000, 0x3a, 0x7ff, 0xf83, 0x3}, 0x1c) r1 = socket$nl_sock_diag(0x10, 0x3, 0x4) sendmsg$SOCK_DIAG_BY_FAMILY(r1, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000080)={0x24, 0x14, 0x51b, 0x70bd28, 0x25dfdbff, {0x11}, [@INET_DIAG_REQ_BYTECODE={0xd, 0x1, "95d875db896271d922"}]}, 0x24}, 0x1, 0x0, 0x0, 0x2400a051}, 0x44000) 6m43.809356262s ago: executing program 1 (id=2069): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x40d82, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0) fcntl$setlease(r2, 0x400, 0x1) r3 = socket$can_bcm(0x1d, 0x2, 0x2) r4 = socket$inet(0xa, 0x801, 0x84) connect$inet(r4, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r4, 0xfffffffd) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000040)) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r5}, 0x10) sendmsg$can_bcm(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x1, 0x400, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @can={{0x4, 0x0, 0x1}, 0x2, 0x3, 0x0, 0x0, "7b442856bfec870b"}}, 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0x0) sendmsg$can_bcm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1, 0x202, 0x19, {0x77359400}, {}, {}, 0x1, @can={{0x0, 0x1, 0x1, 0x1}, 0x4, 0x1, 0x0, 0x0, "4c86b8b1f25c1517"}}, 0x48}}, 0x40000) openat$nullb(0xffffffffffffff9c, &(0x7f00000002c0), 0x20a000, 0x0) syz_io_uring_setup(0xb, 0x0, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r6, r7, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) syz_genetlink_get_family_id$batadv(0x0, r2) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@ipv6_newrule={0x2c, 0x20, 0x1, 0x70bd27, 0x25dfdbfb, {0xa, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x7, 0x6}, [@FIB_RULE_POLICY=@FRA_FWMARK={0x8, 0xa, 0xff}, @FIB_RULE_POLICY=@FRA_SUPPRESS_IFGROUP={0x8, 0xd, 0x10}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24048860}, 0x0) sendmsg$nl_route(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0) r9 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000480)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9d}}]}}, 0x0) syz_usb_ep_write$ath9k_ep2(r9, 0x83, 0x10, &(0x7f0000000500)=@ready={0x0, 0x0, 0x8, "72918f72", {0x1, 0x1, 0x1000, 0x2, 0x5}}) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) 6m43.331195688s ago: executing program 32 (id=2069): openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000000), 0x40d82, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000380)=@abs={0x0, 0x0, 0x4e23}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) r2 = openat(0xffffffffffffff9c, &(0x7f00000000c0)='./file1\x00', 0x8042, 0x0) fcntl$setlease(r2, 0x400, 0x1) r3 = socket$can_bcm(0x1d, 0x2, 0x2) r4 = socket$inet(0xa, 0x801, 0x84) connect$inet(r4, &(0x7f0000004cc0)={0x2, 0x0, @remote={0xac, 0x14, 0xffffffffffffffff}}, 0x10) listen(r4, 0xfffffffd) ioctl$sock_inet_sctp_SIOCINQ(0xffffffffffffffff, 0x541b, &(0x7f0000000040)) ioctl$ifreq_SIOCGIFINDEX_vcan(r3, 0x8933, &(0x7f0000000100)={'vcan0\x00', 0x0}) connect$can_bcm(r3, &(0x7f00000000c0)={0x1d, r5}, 0x10) sendmsg$can_bcm(r3, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000340)={&(0x7f0000000180)={0x1, 0x400, 0x0, {0x0, 0x2710}, {0x0, 0x2710}, {}, 0x1, @can={{0x4, 0x0, 0x1}, 0x2, 0x3, 0x0, 0x0, "7b442856bfec870b"}}, 0x48}, 0x1, 0x0, 0x0, 0x4004040}, 0x0) sendmsg$can_bcm(r3, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)={0x1, 0x202, 0x19, {0x77359400}, {}, {}, 0x1, @can={{0x0, 0x1, 0x1, 0x1}, 0x4, 0x1, 0x0, 0x0, "4c86b8b1f25c1517"}}, 0x48}}, 0x40000) openat$nullb(0xffffffffffffff9c, &(0x7f00000002c0), 0x20a000, 0x0) syz_io_uring_setup(0xb, 0x0, &(0x7f0000000040)=0x0, &(0x7f00000000c0)=0x0) syz_io_uring_submit(r6, r7, 0x0) ioctl$UFFDIO_REGISTER(0xffffffffffffffff, 0xc020aa00, &(0x7f0000000000)={{&(0x7f00000e2000/0xc00000)=nil, 0xc00000}, 0x1}) syz_genetlink_get_family_id$batadv(0x0, r2) r8 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r8, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@ipv6_newrule={0x2c, 0x20, 0x1, 0x70bd27, 0x25dfdbfb, {0xa, 0x0, 0x0, 0x40, 0x0, 0x0, 0x0, 0x7, 0x6}, [@FIB_RULE_POLICY=@FRA_FWMARK={0x8, 0xa, 0xff}, @FIB_RULE_POLICY=@FRA_SUPPRESS_IFGROUP={0x8, 0xd, 0x10}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24048860}, 0x0) sendmsg$nl_route(r8, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00!'], 0x5c}}, 0x0) r9 = syz_usb_connect_ath9k(0x3, 0x5a, &(0x7f0000000480)={{0x12, 0x1, 0x200, 0xff, 0xff, 0xff, 0x40, 0xcf3, 0x9271, 0x108, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x9d}}]}}, 0x0) syz_usb_ep_write$ath9k_ep2(r9, 0x83, 0x10, &(0x7f0000000500)=@ready={0x0, 0x0, 0x8, "72918f72", {0x1, 0x1, 0x1000, 0x2, 0x5}}) setsockopt$inet6_IPV6_XFRM_POLICY(0xffffffffffffffff, 0x29, 0x23, 0x0, 0x0) 1m39.883698556s ago: executing program 4 (id=3294): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000180), 0x2, 0x0) r1 = socket(0x10, 0x3, 0x0) clock_nanosleep(0xa, 0x0, 0x0, 0x0) sendmsg$nl_generic(r1, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000000)={0x28, 0x2e, 0xa01, 0x0, 0x0, {0x1f}, [@typed={0xc, 0x0, 0x0, 0x0, @u64=0x1}, @typed={0x8, 0xb, 0x0, 0x0, @ipv4}]}, 0x28}}, 0x8000) r2 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r3 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x2, 0x0) ioctl$UI_ABS_SETUP(r3, 0x401c5504, &(0x7f0000000340)={0x400000100002f}) write$uinput_user_dev(r3, &(0x7f0000000380)={'syz0\x00', {0xff, 0x6, 0x7fff, 0x8d5}, 0x24, [0x10000, 0xeba, 0x7, 0xe6a, 0x8, 0x1, 0x5, 0x7ff, 0x54, 0x7fffdfff, 0x2, 0xc, 0x8, 0x9, 0x9, 0xfffffff7, 0x7, 0x40000, 0xa, 0x23, 0x2, 0x0, 0x3ff, 0xfffffff3, 0x1, 0xda6, 0x3, 0xa7, 0xeb36, 0x2, 0x9, 0x76c9, 0x200, 0x1, 0x1, 0x1, 0x5, 0x9, 0xf, 0xb, 0x10, 0x80000000, 0x9, 0xb50, 0x4, 0x800, 0x3, 0x2, 0x7, 0xfffffffe, 0x5, 0x8, 0x24, 0x7fff, 0x8, 0x3, 0x200, 0x80, 0x0, 0x7f, 0x964e, 0x2d5, 0x149, 0x1], [0x4b1a3e4b, 0xfffffff9, 0x4, 0x3, 0x8e, 0x7, 0x13e, 0x9, 0x4, 0x2, 0x0, 0x3, 0x6, 0x8001, 0x9, 0x8, 0x2, 0x5, 0x40, 0x7ff, 0x7ff, 0x7, 0x7, 0xc00, 0x89, 0x7ff, 0x0, 0x1, 0xfffffff7, 0x9, 0x9, 0x4d28, 0x10000, 0x8, 0x1, 0x6, 0x0, 0x4, 0x4c, 0x9, 0x8, 0x5, 0xe66, 0x9, 0x2, 0x81, 0x4b, 0x80, 0x6, 0xb, 0x4, 0x8, 0x1, 0x8d1, 0x8fd, 0xfffffffa, 0xe0, 0x8e, 0x10001, 0x4, 0x401, 0xade, 0x3, 0x9], [0x2, 0x7, 0x6, 0x9, 0x8000, 0x1, 0x9, 0x7, 0x8, 0x6, 0x0, 0x400, 0x1000, 0x9, 0x6e, 0x8001, 0x7, 0x3, 0x3, 0x5, 0x3, 0xc9, 0x2, 0x3, 0x0, 0x2, 0x2, 0xc, 0x5, 0xb0f, 0x1e, 0x2, 0x800, 0x8, 0x9, 0x3, 0x243f, 0xfffffff7, 0x4, 0xe, 0x6, 0x6, 0x2e7, 0x7ff, 0x1ff, 0x6, 0x87ff, 0x2, 0x7fffffff, 0xffffffff, 0x4, 0xffff, 0xd5d, 0xa0c787d, 0xffffff4e, 0x9, 0x4, 0x40, 0x3, 0x0, 0x7, 0x9, 0x1, 0x3], [0x10000010, 0x7, 0x9, 0x5, 0xa5e, 0xfe, 0xff, 0x3, 0x80000000, 0x0, 0xe, 0x2, 0x4, 0x7, 0x7, 0x0, 0xfffffffd, 0xfffffff8, 0xc, 0x4, 0x3, 0x103, 0x6, 0xcc, 0x6, 0x4000400, 0xffffffff, 0xfffffffb, 0x40, 0x80000000, 0x4, 0x7, 0xf45, 0x40, 0x9, 0x0, 0x9, 0x1, 0x0, 0x7, 0x8ac1, 0x3, 0x4, 0x80000002, 0x80000002, 0xff, 0x6, 0x3, 0xfffff801, 0xffffffff, 0x37d, 0xfffffff8, 0xd, 0x7, 0xd, 0x9, 0x6eaf, 0x0, 0x401, 0x5e02, 0x2, 0x3, 0x5, 0x400]}, 0x45c) ioctl$UI_SET_EVBIT(r3, 0x40045564, 0x3) ioctl$UI_DEV_CREATE(r3, 0x5501) r4 = socket(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000240)={'lo\x00', 0x0}) sendmsg$nl_route_sched(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000780)={&(0x7f0000000040)=@newqdisc={0x3c, 0x24, 0xd0f, 0x0, 0x0, {0x60, 0x0, 0x0, r5, {}, {0xffff, 0xffff}}, [@qdisc_kind_options=@q_cake={{0x9}, {0xc, 0x2, [@TCA_CAKE_OVERHEAD={0x8, 0x6, 0xf7}]}}]}, 0x3c}}, 0x0) r6 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r7 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$TIOCSWINSZ(r7, 0x5414, 0x0) socket$nl_netfilter(0x10, 0x3, 0xc) syz_usb_connect(0x0, 0x24, 0x0, 0x0) r8 = syz_open_dev$dri(&(0x7f0000000140), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_ADDFB2(r8, 0xc06864b8, &(0x7f0000000580)={0x0, 0xc1, 0x7f, 0x20203443, 0x0, [0x2], [0x800], [0x0, 0x0, 0x0, 0x3], [0x0, 0x0, 0x80000]}) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f00000002c0)={0x3, 0x2, 0x3000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000340)=[@text32={0x20, 0x0}], 0x1, 0x15, &(0x7f00000000c0)=[@cr4={0x1, 0x100070}], 0x1) syz_kvm_setup_cpu$x86(r2, r6, &(0x7f0000fe8000/0x18000)=nil, &(0x7f0000000200)=[@text64={0x40, 0x0}], 0x1, 0x4, 0x0, 0x0) r9 = syz_open_dev$radio(0x0, 0xffffffffffffffff, 0x2) ioctl$VIDIOC_S_EXT_CTRLS(r9, 0xc0205649, 0x0) ioctl$KVM_RUN(r6, 0xae80, 0x0) 1m37.230904306s ago: executing program 4 (id=3308): r0 = openat$vmci(0xffffffffffffff9c, &(0x7f0000000240), 0x2, 0x0) ioctl$IOCTL_VMCI_VERSION2(r0, 0x7a7, &(0x7f0000000100)=0x80000) ioctl$IOCTL_VMCI_INIT_CONTEXT(r0, 0x7a0, &(0x7f0000000140)={@local}) ioctl$IOCTL_VMCI_DATAGRAM_SEND(r0, 0x7ab, &(0x7f0000000040)={&(0x7f0000000280)={{@host}, {@local, 0x6}, 0x400, "787c2ce2fba15d4e9f8e96bc11e2ca247a20c3e26661b174fe1825253be9e8480cb4f3524914f59ba189c1429727ef39b4164f93bb821987b3b7f73495bc8e745304668e0e46798c7f5917ea8428d41cab5627336f04000300000000008e9c1c86a394feb64fb06f77dadbcb20fc62741432b7dca37007d68e98fe46135d6a1c5ed42102f58daa5211319db84aa9abac734be47c908dc3ffa3aa7b61ec16d3d1209fc618f6c4532ea582628502ac46d167db6d53d8f3184df68414e6b6ec0109664c570e155654e03d58dadd0e5a7bab42bbb4a9afdefc115eb1609e7b50dbd94b94ba09000000000000001c9e4a41d3e16af21d6c897a1121bc14de16e78d6d7f2ae79db44e302539fd926e0b91e0fc589e2fa19b218d0508b5ce3ad40d03936693ca5aa41ddc07cf492874569ab037e0530e38245b98131ae0c9afd871df5f51331938764f5a7dd96890edd467b2fbc335ed081729b5ea722a98b34d0dac6de995de4ee263c81b2567b3f87e0897857edd5d7e97d61fc67076eab4846010d4828cc879f95cddb69ff6438f2a109285c46d8224c36069d30c3c9cf4a6800ae224111136bd9c1e06c4bfc4685d7bb6a72345772b3ce9bf105490743dc4b700f24ce6b250b95e6c383fe44967a55d140baf0ec339e3815b29a2246cb5c953048c43266485bbd9d0caecf00e9501a4433b54930cba54e06607ada2f5d818e4804294fcf53058e58e0d33d4aa6dc943811056908fe9116e65cdddac1d2fb24d1eacee389af38b7e5a7056d0de50c6b49fb38388cf28c2d6dd3dbbab84ffbef4b0c02a77f018e8a9749a557909e6aa96185d268dad7744b094d8c6134b89efe26674d65f908f9c3a8c201f661fc26efe0eff248d3a473fe32a5b3643bfad8f186c2af3fbaa1d38560c1244c79a0e48893eefb792af281650f34f6c2d9a6c622aba234b63586713cb66179a0897d98ee5228569c32c1a682807c8db7eb197ccbbd6549db86a6a9aebbf5dc14060f22e2b07d6166f43c25ae0c88be7a4dc38e7ed08972a355b0e5d6fc43b8e5594fa6b36a36a44bb94b75eaff11dc17105f54beda54da2a1ea1acfab354745057dd2e7725f2c8450b19fdf37e19f6ce43449e9191f5a5beb4a1bc176f6130052e83acefd8ff18d592bb75f15f86c9113e4bd67ad420c33ae706cdc10060277b83ef30a50d4ac19c9a791b309377aa20a4743bbb799abc3ba58071b628c9ba8103bbfe389939e55296ec9b4f8d3a03aff30ce9aa0dd6e5158a672be8f3da8349ed4ad82f6ca67ee29e8b234840cf7846e604e5b8135abd94d71fe0a79180e75d4e193ea8df466c087b660fe984943751a9f6df8545699701d478c2b3daa949155770e74835bcd972de27afd20b02ce0e504c15b0237437200"}, 0x418, 0x7fffffff}) 1m36.781352068s ago: executing program 4 (id=3312): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r1, 0x0, 0xffffffffffffffff, 0x0, 0xf3a, 0x0) r2 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r2, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r3 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r3, 0x10f, 0x87, &(0x7f00000008c0), 0x43) write$cgroup_subtree(r3, &(0x7f0000000040)=ANY=[], 0x101d0) sendmsg$kcm(r3, &(0x7f00000001c0)={&(0x7f00000000c0)=@tipc=@name={0x1e, 0x2, 0x3, {{0x41}, 0x5}}, 0x80, 0x0, 0x0, &(0x7f0000000900)=ANY=[], 0x1458}, 0x48800) r4 = socket$kcm(0x1e, 0x4, 0x0) setsockopt$sock_attach_bpf(r4, 0x10f, 0x87, &(0x7f00000008c0), 0x43) r5 = landlock_create_ruleset(&(0x7f0000000040)={0x2, 0x3, 0x3}, 0x18, 0x0) landlock_restrict_self(r5, 0x9) write(r0, 0x0, 0x0) recvmsg$kcm(0xffffffffffffffff, 0x0, 0x42) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f000000c2c0)={0x0, 0x0, 0x0}, 0x0) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0xffffffffffffffba, &(0x7f0000000080)=[{&(0x7f0000000500)="e03f030041000b05d25a806c8c6394f90324fc60100000000a000200053582c137153e3704020180fc5409000c00b17d10cc40a888a8b96688a882000596aafb02faf23884372d474d8235b094550aff7f", 0x33fe0}], 0x1}, 0x8000) mmap(&(0x7f00009fd000/0x600000)=nil, 0x600000, 0x100000d, 0x6031, 0xffffffffffffffff, 0x0) r6 = socket$alg(0x26, 0x5, 0x0) sendmsg$NL80211_CMD_TESTMODE(0xffffffffffffffff, &(0x7f0000002a40)={0x0, 0x0, &(0x7f0000002a00)={&(0x7f0000000700)=ANY=[@ANYBLOB="fc220000", @ANYRES16=0x0, @ANYBLOB="00012abd32725f747770e3fddbdf252d0b00", @ANYRES32, @ANYBLOB="ef00450029f55ab0af2d4125e23c35fef7cf20ed7538a073f8c6422e2fa3ef9f29f11263d4133bb7a425d3200bfa2fd24998c2906c17b7a998ec3d2ebe59526827f717acd666814a66a1311bf51ebe11b1ee98af46568a583b4ed384a5dd4e99a4812db4810b89133ec1016e923525c77aab07306604feae58018e5d43073d1701895bba4c6981ce0b1e9c08292ba91605ea05e20ae86c3fa0a42463606c12739a985173a663c799445b760f400343c639865a4c4eb7abf8f81bef2eddfe2422adcbdc28a36e27f4912f2a18178e86846ba6600d1fbbe27d756c5338a7369513222aad109f2795bbc60e60f7ed253f006b00450004a43718a3d2938e0ee78068702f69aa4b8ba3c0d9ede93e74405239140f3d5e06033fdddfb209bee3290df8e23b062c5863315846c7fef8312ce716310c5876917fb714dbbacd3c540bf813fa4d118b6a848c431634933db4247ece7adc688a4e3c4114ade382008f0045004a5dbcc4deade6130e0b22c516d32ddb2039383d430b23abf54f2782865d1e7fb52041a2a0f076455eecab7002341d8a8c576ff464f340605c516b86ad972d0f479a37f2a922d42e688c253238dc02c7bf802eb657302872ade2e417ea2720b2987ce71500f7729f85ce5b5ba29dd4ea781523b837642b6efca6fd2b7e215e3580d26d19e6d6341d9011fd0004104500a15346ca894336a301c8c416c7149c60fd8d0db957ad1ddb37b576d4a33ebea1aa75b05aa1f6461b340e3a6a43584d6c86846d76cff9fec0a708569f721c9188ad69b099121388350127e328960c29d21be774907ea98346781f5a0087d8353c9dc19c2cd7240b527deab91d1fb00366055de5ffeb6f56d3c5beab0344003f78c0965d38d67429413daf116440c53f3ff54c74f4e731f7cc00495754d0f6e0102137f94c39ddb4731d46fed8292b353663bdf13fca95727c526f2a975e85c5be8df0c24ae471a7b30d6974ccdd5e307b418bb7c996f22ae13f170ade65d228e2fe80e6c359f800fdc8d69972a4272fa5c47fa4864282c87726d1a742840b63178abada58867a5880f07e10b89d79b2aae0041bdf0ee4ba45e3050b8a504d6ee8afb53905b2729c4cb835d998826e1ae645189da4ecd1205f33c394bfd6e9b85a8b4166ebec3b4d3768dd9d6ac19dc9a228d4ff6b5f2073802226664753a96d3b3a1f8baca8227b16d48607da69f7079ee6e94c40edb112f590f12a0b5733c041c50c6125dcca215f91a9e8b8fc273b46a418f98e901d3b283a6edbf87b71d297b686cb2b09c2ecc40954555067cb43f29b8bbb868f4f1148b0d16b7ca6a4089dc1b2fa32537878f4f157bd5bb6e9d0227a52ce7031f77fb2d5d27f47f9b87e69b37ecec3ed42e77909c29e67fce5884824a020d7399e56eda838d8ce902eb38714b9e397c7a2df1ae2ac7f3e6f9352fd4f7d64fc2cb5e3e4a623b6edbb643832d9965c4b0781929c2afaf033ab02e5ead0c4b6307752f76ba813d8776d6de7300afd4f01d05bcec65d5e41b61d0c698bc8a4283d1f09cb5e34ace07dccf8d76af66e9e88af96c37549e63d2d5bf0096ac847d9e359c6fdb3cb4b5baa192798b2149744ee3733cc4603cb5c6d64a4a046c53383301edb8bc867e8485ad48eafe9af54b20ca219523d4f1d977205a443ed7e2a164ad58c0864e46355dd289d07e0b338b893aa9ba18f326aef8a2caa0a0efba6b1e5a2aa4b3eb39c5a015cf56291b8d88aa5e45a39bd61e737bf0c39f874b52872b5f4e40fe7c361166e5dddf5a97f1ded5ab4ee117434a71102fac665174505f8ad2d391e31890d44dec43451e0ee12c8486ed368f04e1af0944bebe079be9060f23d3263d1b434d85505d4e5e46ab6870f28784fc04141867c9e9d12abafae83928499d2f49804a0c5c28023f446a2fdaeb8788abcdd45657ef77fa2b76f114dad6d69dba77a55718d7bcad8b820024c8c55f612b6e9a5e4de19340eddcab23b30bf58920009988a33571cff2b882c1e6f6b6b12f3a6055309f79d30d8bdaec0122c15997564b564eb1b73e07e0d0ad7bf6c50a2ddebeb3ebed4303bedcaff78a544bc9032815c7546beedebd01b5ccb8eb0c30adde79b545729983b07aab2671bc32082742c3ce0b331dfd0aefa81547b78e0a8183b19b17e3aa1cf90353aa37caac636c2469f23b8a6026426c93f384c25a52e0f884769fbc89557cc33bd82f940ee853ec3ce61e94dca5594f78c544d3525ac6c93529cd53a8e1c09848b8dc1ad7f65f8f91a1017ab5224276592464b3463b3b5a118431058157e7371aa9f29649b5d30e0943220e22fb17b4ecb5d552fff0606a16a881d9061b5a97cd632c4de4d61bac9c11d514b006419db1ab30c8b8d1ff05e4b4ea83fc0a8c7d0b0693e7937ca47a087831f02ce0826465c3770a8f08ae35ba2e2c0dc24dda9c5e7ed308569046e28479658e66de250840eeeafd9110293fedecad9eb5e34b1039e8cea693c8c72c52ff629e5d881eb5c5cbe0934155ed191c4afe55775cc4fd811cc290881458d7c90f6da1b418282c8eece4e184b55682c352a5063b1115fcd7b25dbf771e3e1ace348c5f02a2610a4bd6267537aabe625fb8e6e22453e0bbc6a424831440c70cdaac1fab32f389b2772e642b0bff49a9f0b1d0add1069692d5e40738452943dc2e5f60744aaf66c853af30dfccd8cab4ad0287d0bc2a86f0caebe9b8892d1ba3b7ac08ef175451f6004e55b3c2e0da3fc503dbbef5eac14c75fac38a55d82b7f4ff11112863b4ee69ce5e21b703f4a88c05057a9ea5867838940aa4d984970538cd305e8bb4ddfeab117343269820ed140d25af8cf54bad02c03fad086c110c2c891121f6ea8abcdd220ef8567b2f32771939edc715b13f9a1d6feb1fce8ac286f6b0ca5838f3da59b0d0387aaa5f3078ba4fcb0a572f4c824193120aa87ed7c4a27ce83d4f812cbc9909d69e014ecb7d013a715d2c32d0c20cd82587d5eed82305aebf4df3f3398c10e5ba28da5d47897f29fb9b82c06dd6cbef9008e6813a3ac3c3c30c413732a966ab6619b2621d842be0be9d9c772929083333fb820b4f7aacba75486057a0fc60fcf4c034fe650cd84ffb1c0e7fcaabedc693dba22707be0c67e90e138612a70eaae09c591223cf380f6a26a7d7269808f7c3bc1433d43cbe25e8a95020d44396ea39a4e08b3870c0ebc0bf405e5ad4ddd65290"], 0x22fc}, 0x1, 0x0, 0x0, 0xb9f3911cb1df809}, 0x8000) r7 = accept4(r6, 0x0, 0x0, 0x800) sendmmsg$alg(r7, &(0x7f0000000640)=[{0x0, 0x0, &(0x7f0000000380)=[{&(0x7f0000000140)="b57523cb1a2c90d8acad2e2d98dfc9ea7a5843c3b63b683ced2b3266175599b779617e66e6b3e15c042be90635a2d36160bbf9a2edcacc0bbe015b84150a1928de94397894ff36aa430fc2a0814ba634308d6d0837250dfd1eca5383f9d151449743b1a0c4ffc51242a229c5d6d06f147a61d797ea7ffeda95b76f5623", 0x7d}, {&(0x7f00000001c0)="66f7", 0x4}, {&(0x7f0000000300)='l3', 0x7fffef80}], 0x3}], 0x1, 0x0) 1m32.373132809s ago: executing program 4 (id=3323): sendmsg$nl_xfrm(0xffffffffffffffff, 0x0, 0x0) r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000001f40)={&(0x7f00000004c0)=ANY=[@ANYBLOB="fc000000190001002dbd70000000000064010100000000000000000000000000fc01000000000000000000000000000000000000000000000a0000"], 0xfc}}, 0x0) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000000)={0x40000000, 0x0, &(0x7f0000000040)={&(0x7f0000000240)=ANY=[@ANYBLOB="0207000902"], 0x10}}, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) connect$inet6(r2, &(0x7f0000000140)={0xa, 0x4e22, 0x23, @empty, 0x23}, 0x1c) 1m29.984032954s ago: executing program 4 (id=3335): r0 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file1\x00', 0x42, 0x1ff) r1 = socket$inet_tcp(0x2, 0x1, 0x0) sendfile(r1, r0, 0x0, 0x7ffff006) ioctl$SCSI_IOCTL_GET_PCI(r0, 0x5387, 0x0) syz_open_dev$vim2m(&(0x7f0000000180), 0x3fc, 0x2) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0x257, &(0x7f0000001880)=ANY=[@ANYRESHEX=r1], &(0x7f00000001c0)='GPL\x00', 0xf, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, @fallback=0x20, 0xffffffffffffffff, 0x8, &(0x7f0000000000)={0x9, 0xfffffffd}, 0x8, 0x10, &(0x7f0000000000)={0xffffffff}, 0xfffffffffffffdaf, 0x0, r0}, 0x94) r2 = signalfd4(0xffffffffffffffff, &(0x7f0000000140)={[0xffeffffffffffffa]}, 0x8, 0x0) r3 = syz_open_dev$dri(&(0x7f00000002c0), 0x1, 0x2100) ioctl$DRM_IOCTL_SET_CLIENT_CAP(r3, 0x4010640d, &(0x7f0000000000)={0x3, 0x2}) ioctl$DRM_IOCTL_MODE_GETPLANERESOURCES(r3, 0xc01064b5, &(0x7f0000000300)={&(0x7f00000001c0)=[0x0], 0x1}) ioctl$DRM_IOCTL_MODE_GETPLANE(r3, 0xc02064b6, &(0x7f00000003c0)={r4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) ioctl$DRM_IOCTL_MODE_SETPLANE(r3, 0xc03064b7, &(0x7f0000000200)={r4, r5, r6, 0x80000003, 0xa2a, 0xfffffffc, 0x0, 0x200, 0x7, 0xe, 0x2000000, 0x31e}) socket$nl_generic(0x10, 0x3, 0x10) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000001c0)={0xffffffffffffffff}) r8 = fsopen(&(0x7f0000000240)='ramfs\x00', 0x0) unshare(0x8040480) fsconfig$FSCONFIG_CMD_CREATE(r8, 0x6, 0x0, 0x0, 0x0) r9 = fsmount(r8, 0x0, 0x0) bpf$MAP_CREATE_TAIL_CALL(0x0, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_RING_FDS(r2, 0x15, &(0x7f0000000b80)=[{0x7, 0x1, 0x0, &(0x7f00000006c0)=[{&(0x7f0000000400)=""/255, 0xff}, {&(0x7f00000018c0)=""/4096, 0x1000}, {&(0x7f0000000080)=""/165, 0xa5}, {&(0x7f0000000500)=""/137, 0x89}, {&(0x7f0000000340)=""/96, 0x60}, {&(0x7f00000005c0)=""/80, 0x50}, {&(0x7f0000000640)=""/78, 0x4e}], &(0x7f0000000280)=[0x1, 0x8001]}, {0x6, 0x0, 0x0, &(0x7f0000000ac0)=[{&(0x7f0000000740)=""/64, 0x40}, {&(0x7f0000000780)=""/176, 0xb0}, {&(0x7f0000000840)=""/190, 0xbe}, {&(0x7f0000000900)=""/92, 0x5c}, {&(0x7f0000000980)=""/58, 0x3a}, {&(0x7f00000009c0)=""/176, 0xb0}], &(0x7f0000000b40)=[0x6, 0x3]}], 0x2) epoll_wait(r9, 0x0, 0x0, 0x2) syz_usb_connect$uac1(0x3, 0x0, 0x0, 0x0) syz_emit_vhci(&(0x7f0000000000)=ANY=[@ANYBLOB="04050400c900", @ANYRES32=r7], 0x7) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000bc0)={'wg1\x00', 0x0}) bpf$MAP_CREATE(0x0, &(0x7f0000000c00)=@base={0x11, 0xb680, 0x3, 0xa9ea, 0x3c8, r2, 0x68, '\x00', r10, r9, 0x3, 0x1}, 0x50) syz_usb_connect(0x3, 0x24, &(0x7f0000000a80)={{0x12, 0x1, 0x301, 0xa2, 0xa7, 0x8d, 0x8, 0x48d, 0x9306, 0x83a, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x12, 0x1, 0x6, 0x62, 0xa0, 0xf7, "", [{{0x9, 0x4, 0x34, 0x2, 0x0, 0x5b, 0xb, 0xaa, 0x9}}]}}]}}, &(0x7f0000001180)={0x0, 0x0, 0x0, 0x0}) 1m26.061702471s ago: executing program 4 (id=3348): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x498, &(0x7f0000000240)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f00000003c0)='./bus\x00', &(0x7f0000000540)='system.posix_acl_access\x00', &(0x7f00000000c0)={{}, {}, [{}], {0x4, 0x1}, [], {0x10, 0x6}}, 0x2c, 0x0) getxattr(&(0x7f0000000140)='./bus\x00', &(0x7f00000001c0)=@known='system.posix_acl_access\x00', &(0x7f0000000400)=""/254, 0x145) bind$alg(r5, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) r7 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_FREE_MR(r7, 0x114, 0x3, &(0x7f0000000340)={{0x0, 0x8503}, 0x51}, 0x10) sendmsg$NFT_BATCH(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000ff31ffffffffffdf00000a14000000020a01"], 0x3c}, 0x1, 0x0, 0x0, 0x4008004}, 0x4000000) r8 = accept4(r5, 0x0, 0x0, 0x800) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r8, 0xffffffffffffffff, &(0x7f00000006c0)=""/210, 0xd2, 0x2, 0x1}) io_uring_enter(r2, 0x627, 0x4c1, 0xb, 0x0, 0x0) 1m10.657302126s ago: executing program 33 (id=3348): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = syz_io_uring_setup(0x498, &(0x7f0000000240)={0x0, 0x79af, 0x3180, 0x8000, 0x40024e}, &(0x7f0000000340)=0x0, &(0x7f0000000040)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r3, 0x4, &(0x7f0000000000)=0xffb, 0x0, 0x4) r5 = socket$alg(0x26, 0x5, 0x0) mkdir(&(0x7f0000000300)='./bus\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f00000003c0)='./bus\x00', &(0x7f0000000540)='system.posix_acl_access\x00', &(0x7f00000000c0)={{}, {}, [{}], {0x4, 0x1}, [], {0x10, 0x6}}, 0x2c, 0x0) getxattr(&(0x7f0000000140)='./bus\x00', &(0x7f00000001c0)=@known='system.posix_acl_access\x00', &(0x7f0000000400)=""/254, 0x145) bind$alg(r5, &(0x7f00000004c0)={0x26, 'rng\x00', 0x0, 0x0, 'drbg_nopr_sha384\x00'}, 0x58) setsockopt$ALG_SET_KEY(r5, 0x117, 0x1, 0x0, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f00000003c0)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014000000110001"], 0x7c}}, 0x0) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000000b00010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) r7 = socket$rds(0x15, 0x5, 0x0) setsockopt$RDS_FREE_MR(r7, 0x114, 0x3, &(0x7f0000000340)={{0x0, 0x8503}, 0x51}, 0x10) sendmsg$NFT_BATCH(r6, &(0x7f0000000340)={0x0, 0x0, &(0x7f0000000300)={&(0x7f0000000140)=ANY=[@ANYBLOB="140000001000010000ff31ffffffffffdf00000a14000000020a01"], 0x3c}, 0x1, 0x0, 0x0, 0x4008004}, 0x4000000) r8 = accept4(r5, 0x0, 0x0, 0x800) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_READ=@pass_buffer={0x16, 0x40, 0x6000, @fd=r8, 0xffffffffffffffff, &(0x7f00000006c0)=""/210, 0xd2, 0x2, 0x1}) io_uring_enter(r2, 0x627, 0x4c1, 0xb, 0x0, 0x0) 8.645638699s ago: executing program 6 (id=3556): r0 = socket$inet_icmp_raw(0x2, 0x3, 0x1) setsockopt$SO_BINDTODEVICE(r0, 0x1, 0x19, &(0x7f0000000000)='vlan1\x00', 0x10) socket$inet_icmp_raw(0x2, 0x3, 0x1) syz_emit_ethernet(0x46, &(0x7f0000000100)={@random="99fb5e31c591", @multicast, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x38, 0x0, 0x0, 0x9, 0x1, 0x0, @initdev={0xac, 0x1e, 0x1, 0x0}, @local}, @time_exceeded={0x3, 0x4, 0x0, 0x12, 0xd, 0x3f18, {0x5, 0x2, 0x0, 0x0, 0x0, 0x65, 0x0, 0x0, 0x1, 0x0, @broadcast, @loopback}, "00186371ae9b1c03"}}}}}, 0x0) 8.323863706s ago: executing program 6 (id=3558): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="1800000000000000000000000000000085000000750000001801000020646c2500000000002020207b1af8ff00000000bfa100000000000007010000f8ffffffb702000008000000b7030000000000008500"], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_extract_tcp_res$synack(0x0, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xe, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) listen(0xffffffffffffffff, 0x0) times(0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x5, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) syz_io_uring_setup(0x5c2, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r3 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r3, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x4e23, @empty}, {0x2, 0xfffe, @dev={0xac, 0x14, 0x14, 0x20}}, {0x2, 0x4e23, @rand_addr=0x64010102}, 0x107, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000}) r4 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000000)='net/netlink\x00') sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000000)=@ipv4_newrule={0x24, 0x21, 0x801, 0xfffffffc, 0xfffffffc, {0x2, 0x20}, [@FRA_DST={0x8, 0x1, @local}]}, 0x24}, 0x1, 0x0, 0x0, 0x40}, 0x0) preadv(r4, &(0x7f0000000600)=[{&(0x7f0000000280)=""/215, 0xd7}], 0x1, 0x1006c, 0x0) socket$nl_route(0x10, 0x3, 0x0) 8.093379325s ago: executing program 5 (id=3560): unshare(0x66020000) r0 = gettid() r1 = bpf$MAP_CREATE(0x0, &(0x7f00000003c0)=@base={0xa, 0x3, 0x2, 0x3, 0x0, 0xffffffffffffffff, 0x3}, 0x50) r2 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=ANY=[@ANYBLOB="1b00000000000000000000000080"], 0x50) r3 = bpf$PROG_LOAD(0x5, &(0x7f0000001400)={0x11, 0x15, &(0x7f0000000180)=@framed={{0x18, 0x0, 0x0, 0x0, 0x2}, [@ringbuf_output={{0x18, 0x1, 0x1, 0x0, r2}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x7}, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x4, 0x0, 0x0, 0x1}}, @ringbuf_output={{0x18, 0x1, 0x1, 0x0, r1}, {0x7, 0x0, 0xb, 0x8, 0x0, 0x0, 0x1000009}, {}, {}, {}, {}, {}, {0x85, 0x0, 0x0, 0x3}}]}, &(0x7f0000000440)='GPL\x00', 0x0, 0x0, 0x0, 0x61800, 0x0, '\x00', 0x0, @fallback=0x29, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$PROG_BIND_MAP(0xa, &(0x7f00000004c0)={r3, r2}, 0xc) syz_open_procfs(r0, &(0x7f0000000000)='net/dev_mcast\x00') r4 = syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120100009f187620ef170372362e010203010902240001000010000904bc00029e8833000905020200020200000905820220"], 0x0) syz_usb_control_io$rtl8150(r4, 0x0, 0x0) syz_usb_control_io$rtl8150(r4, 0x0, &(0x7f0000000040)={0x2c, &(0x7f0000000080)=ANY=[@ANYBLOB="200302"], 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$uac1(r4, 0x0, &(0x7f0000002640)={0x44, &(0x7f00000000c0)=ANY=[@ANYBLOB="080e02"], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r4, 0x0, &(0x7f0000000000)={0x34, &(0x7f0000000140)=ANY=[@ANYBLOB="001602"], 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r4, 0x0, &(0x7f0000000980)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f00000006c0)={0x40, 0x9, 0x1, 0x2}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$lan78xx(r4, 0x0, 0x0) syz_usb_control_io$cdc_ecm(r4, 0x0, 0x0) syz_usb_control_io(r4, 0x0, 0x0) 6.280913859s ago: executing program 3 (id=3565): r0 = socket(0x10, 0x803, 0x0) sendmsg$IPVS_CMD_SET_INFO(r0, &(0x7f0000000b00)={0x0, 0x0, &(0x7f0000000ac0)={0x0, 0x14}}, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x2) syz_genetlink_get_family_id$mptcp(&(0x7f00000000c0), r2) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) ioctl$FS_IOC_GET_ENCRYPTION_POLICY_EX(r2, 0xc0096616, &(0x7f00000001c0)={0x5, [0x0, 0x0, 0x0, 0x0, 0x0]}) sendmsg$nl_route(r1, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000040)=ANY=[@ANYBLOB="3c0000001000010400eeffff11ffffffff000000", @ANYRES32=r3, @ANYBLOB="01000000010000001c0012000c000100627269646765"], 0x3c}}, 0x0) getsockname$packet(r0, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) r5 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r5, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000480)=ANY=[@ANYBLOB="3c0000001000030400"/20, @ANYRES32=0x0, @ANYBLOB="a4280400000000001400350076657468305f746f5f626f6e6400000008000a00", @ANYRES32=r4], 0x3c}, 0x1, 0x0, 0x0, 0x4008800}, 0x8000) 6.071334491s ago: executing program 3 (id=3567): socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8949, &(0x7f00000002c0)={'vlan0\x00', @broadcast}) 5.964946953s ago: executing program 6 (id=3569): socket$nl_route(0x10, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() r1 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x1, 0x4}, 0x4) setsockopt$packet_fanout(r1, 0x107, 0x12, &(0x7f0000000000)={0x0, 0x2}, 0x4) sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = openat$sysfs(0xffffffffffffff9c, 0x0, 0x301880, 0x20d) write$tun(r4, &(0x7f0000000000)={@val={0x0, 0x886c}, @void, @eth={@random="000000f400", @dev={'\xaa\xaa\xaa\xaa\xaa', 0x18}, @val={@void, {0x8100, 0x0, 0x1, 0x2}}, {@llc_tr={0x11, {@llc={0xaa, 0xe, "d8"}}}}}}, 0x19) sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000002c0)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000300)=ANY=[@ANYBLOB='\\\x00\x00\x00'], 0x5c}}, 0x0) gettid() r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000380), r5) sendmsg$NL80211_CMD_REMAIN_ON_CHANNEL(r5, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000580)={&(0x7f00000000c0)={0x1c, r6, 0x9c3fa077fa966179, 0x0, 0x0, {{0x7e}, {@val={0x8}, @void}}}, 0x1c}}, 0x4000054) 5.736530269s ago: executing program 3 (id=3573): bpf$MAP_CREATE(0x0, &(0x7f0000003e40)=ANY=[@ANYBLOB="15000000080000003c"], 0x50) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000c80)={0x3, 0x3, &(0x7f0000000bc0)=@framed={{0x18, 0x0, 0x0, 0x0, 0x13}}, &(0x7f0000000580)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls=0x2e, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000003c0)={r0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xe00}, 0x50) 5.572320361s ago: executing program 3 (id=3575): sendmsg$nl_route(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000100)={0x0}}, 0x4) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000600)=@base={0x9, 0xc, 0x42, 0x40}, 0x50) bpf$MAP_UPDATE_BATCH(0x1a, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000000c0), &(0x7f0000000080), 0x200, r0}, 0x38) bpf$MAP_LOOKUP_BATCH(0x1b, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0), 0x0, 0x3, r0}, 0x38) 5.431458444s ago: executing program 3 (id=3576): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) ioctl$SNDRV_TIMER_IOCTL_GINFO(0xffffffffffffffff, 0xc0f85403, &(0x7f00000000c0)={{0x1, 0x2, 0x4, 0x3, 0x8000}, 0x1ff, 0x10, 'id0\x00', 'timer1\x00', 0x0, 0x1, 0x5, 0x8000, 0x4}) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x6770c000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r3 = socket$inet_tcp(0x2, 0x1, 0x0) setsockopt$IPT_SO_SET_REPLACE(r3, 0x4000000000000, 0x40, &(0x7f0000000480)=@raw={'raw\x00', 0x4001, 0x3, 0x3e8, 0x250, 0x700001b, 0x148, 0x0, 0x148, 0x350, 0x206, 0x240, 0x350, 0x240, 0x7fffffe, 0x0, {[{{@ip={@local, @rand_addr, 0x0, 0x0, 'tunl0\x00', 'macvlan1\x00', {0xff}, {}, 0xff84}, 0x1ea, 0x1e8, 0x250, 0x0, {0x390, 0x8f00}, [@common=@inet=@hashlimit2={{0x150}, {'pim6reg1\x00', {0x5, 0x1ff, 0x1, 0x1, 0x1, 0x100, 0x1, 0x8, 0x20}, {0x8}}}, @common=@inet=@socket2={{0x28}}]}, @unspec=@CT2={0x68, 'CT\x00', 0x2, {0x0, 0x0, 0x0, 0x0, '\x00', 'syz0\x00'}}}, {{@uncond, 0x0, 0xd8, 0x100, 0x0, {}, [@common=@unspec=@physdev={{0x68}, {'veth0\x00', {0xff}, 'vxcan1\x00', {0xff}, 0x9}}]}, @common=@unspec=@NFQUEUE3={0x28}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x448) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000000040)={0x1, &(0x7f0000000000)=[{0x6, 0x0, 0x0, 0x7fff7ffc}]}) socket$nl_generic(0x10, 0x3, 0x10) socket$inet_udp(0x2, 0x2, 0x0) bind$inet(0xffffffffffffffff, &(0x7f0000000080)={0x2, 0x6e20, @broadcast}, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000500), 0xffffffffffffffff) socket$xdp(0x2c, 0x3, 0x0) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000000)=@base={0x16, 0x0, 0x4, 0xffff, 0x0, 0x1}, 0x48) r5 = bpf$MAP_CREATE(0x0, &(0x7f0000000240)=@base={0xc, 0x4, 0x4, 0x7, 0x0, r4}, 0x50) bpf$BPF_GET_MAP_INFO(0x3, &(0x7f0000000400)={r5, 0x58, &(0x7f00000000c0)}, 0x10) 4.825204629s ago: executing program 5 (id=3577): seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x8, &(0x7f0000000000)={0x1, &(0x7f0000000040)=[{0x6, 0x5, 0x4, 0x7ffc0001}]}) io_uring_setup(0x56ab, &(0x7f0000000040)={0x0, 0x36d, 0xc000, 0xc, 0xa0002f5}) ioctl$KVM_SET_USER_MEMORY_REGION(0xffffffffffffffff, 0x4020ae46, &(0x7f0000000400)={0x0, 0x0, 0x0, 0x20002000, &(0x7f0000000000/0x2000)=nil}) write$binfmt_elf32(0xffffffffffffffff, &(0x7f0000000000)=ANY=[@ANYBLOB="7f454c4604070001040000000000040002000600030000000903000038000104ce"], 0x58) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x7f, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x5, 0x0, 0x2, 0xffffffffffffffff], 0x0, 0x200}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000380)={[0x101, 0xaec4, 0x6, 0x4004, 0x2, 0x4, 0xefffffffffffffff, 0x0, 0x0, 0x2000000, 0x20000, 0x1c, 0x0, 0x5, 0x1], 0x0, 0x41981}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 4.296301697s ago: executing program 5 (id=3579): setsockopt$MRT6_TABLE(0xffffffffffffffff, 0x29, 0xcf, &(0x7f0000000000)=0x2, 0x4) connect$tipc(0xffffffffffffffff, &(0x7f0000000040)=@name={0x1e, 0x2, 0x2, {{0x1, 0x3}}}, 0x10) openat(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x143800, 0x0) fsopen(&(0x7f0000000100)='configfs\x00', 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, 0x0, 0x0) sendmmsg$unix(r1, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) futex(&(0x7f0000001580), 0x9, 0x0, &(0x7f00000015c0)={0x0, 0x989680}, 0x0, 0x1) 4.14342141s ago: executing program 6 (id=3581): r0 = socket(0x10, 0x3, 0x0) r1 = socket(0x400000000010, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'batadv_slave_0\x00', 0x0}) sendmsg$nl_route_sched(r1, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000000c0)=@newqdisc={0x38, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffd, {0x0, 0x0, 0x0, r2, {0x0, 0x1}, {0xffff, 0xffff}, {0xffe0, 0x9}}, [@qdisc_kind_options=@q_multiq={{0xb}, {0x8}}]}, 0x38}}, 0x0) sendmsg$nl_route_sched(r1, &(0x7f0000000200)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000a40)=@newtfilter={0x3c, 0x2c, 0xf3f, 0x30bd29, 0x25dfdbfd, {0x0, 0x0, 0x0, r2, {0xb, 0xfff3}, {}, {0x7, 0xffff}}, [@filter_kind_options=@f_flow={{0x9}, {0xc, 0x2, [@TCA_FLOW_BASECLASS={0x8, 0x3, {0x0, 0xffff}}]}}]}, 0x3c}, 0x1, 0x0, 0x0, 0x20041090}, 0xd0) sendmsg$nl_route(r0, &(0x7f0000000200)={0x0, 0x0, 0x0}, 0x8000) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$ethtool(&(0x7f0000000a40), 0xffffffffffffffff) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) connect$pppl2tp(0xffffffffffffffff, &(0x7f0000000080)=@pppol2tpv3in6={0x18, 0x1, {0x0, 0xffffffffffffffff, 0x1, 0x0, 0x0, 0x0, {0xa, 0x0, 0x6, @private0}}}, 0x3a) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f0000000000)=@pppol2tpv3={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @remote}, 0x1, 0x1}}, 0x2e) ioctl$PPPIOCGL2TPSTATS(r3, 0x80487436, &(0x7f00000017c0)) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r4 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r4, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r5, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r6, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r5, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) r7 = userfaultfd(0x80001) ioctl$UFFDIO_API(r7, 0xc018aa3f, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f00000001c0), 0x40041, 0x0) socketpair(0x1, 0x1, 0x0, &(0x7f0000000000)={0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r8, 0x8b0f, &(0x7f0000000380)={'veth0_to_bond\x00', @remote}) syz_open_procfs(0x0, &(0x7f00000000c0)='fd/3\x00') 3.502783023s ago: executing program 0 (id=3584): r0 = socket$nl_xfrm(0x10, 0x3, 0x6) sendmsg$nl_xfrm(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000600)=ANY=[@ANYBLOB="34010000170001000000000000000000640101020000000000000000000000000000000097581e58e0000002000000000000000000000000fc020000000000000000000000000000fe8000000000000000000000000000aa0000004000"/104, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB="e00000020000000000000000000000000a01010000000000000000000000000000000000020100030a00002000000000", @ANYRES32, @ANYRES32=0x0, @ANYBLOB="00000000000000000000000000000000000000000000000000000000000000000000000000000000b10f00000000000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000000000004000000b86b6e000000000000000000feffffff0000000000000000000000000c0008"], 0x134}}, 0x4000) 2.960818887s ago: executing program 3 (id=3586): listen(0xffffffffffffffff, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000240)={0x8, 0x248}, 0x0) mknodat$loop(0xffffffffffffff9c, &(0x7f0000000080)='./file0\x00', 0x1000, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xffffe000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000004c0)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x3fffffffffffeda, 0x2, 0x0) connect$inet(0xffffffffffffffff, &(0x7f0000001bc0)={0x2, 0x4e23, @loopback}, 0x10) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000640), 0xffffffffffffffff) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.cpu/syz0\x00', 0x1ff) r4 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) r5 = openat$cgroup_int(r4, &(0x7f0000000040)='cgroup.clone_children\x00', 0x2, 0x0) sendfile(r5, r5, 0x0, 0x100000000) sendmsg$TIPC_NL_KEY_FLUSH(r3, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x5}, 0x4000004) 2.932165127s ago: executing program 0 (id=3587): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000280)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000180)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeee, 0x8031, 0xffffffffffffffff, 0x4000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) mmap$xdp(&(0x7f0000ffd000/0x1000)=nil, 0x1000, 0x100000c, 0x11, 0xffffffffffffffff, 0x100000000) inotify_init() bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0x0, 0x0, &(0x7f0000000300)='GPL\x00', 0xfff, 0x0, 0x0, 0x0, 0x2, '\x00', 0x0, @fallback=0x2, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) openat$procfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) socket$inet_udplite(0x2, 0x2, 0x88) r3 = socket$packet(0x11, 0x3, 0x300) setsockopt$packet_fanout(r3, 0x107, 0x12, &(0x7f0000000000)={0x0, 0xb007}, 0x4) r4 = socket$packet(0x11, 0x3, 0x300) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, &(0x7f0000000040)={'lo\x00'}) bpf$PROG_LOAD(0x5, &(0x7f00002a0fb8)={0x7, 0x4, &(0x7f0000000440)=ANY=[@ANYRES32, @ANYBLOB="0000000000000000050000003e79cf41f7cd000000009500000000"], &(0x7f0000000140)='GPL\x00', 0x2, 0x95, &(0x7f0000000180)=""/149, 0x0, 0x0, '\x00', 0x0, @fallback=0x27}, 0x94) sendto$packet(r4, 0x0, 0x0, 0x0, 0x0, 0x0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4044064}, 0x40000) r5 = socket$xdp(0x2c, 0x3, 0x0) sendmmsg$sock(r5, &(0x7f0000001fc0)=[{{0x0, 0x0, &(0x7f0000001bc0)=[{0x0}, {0x0}], 0x2}}, {{&(0x7f00000003c0)=@rxrpc=@in6={0x21, 0x2, 0x2, 0x1c, {0xa, 0x4e20, 0x6, @local, 0xa3a}}, 0x80, &(0x7f00000000c0)=[{0x0}], 0x1, &(0x7f00000004c0)=[@mark={{0x14, 0x1, 0x24, 0x4}}, @timestamping={{0x14, 0x1, 0x25, 0x1}}, @txtime={{0x18, 0x1, 0x3d, 0x9}}, @timestamping={{0x14, 0x1, 0x25, 0x5}}, @txtime={{0x18, 0x1, 0x3d, 0xb}}, @mark={{0x14, 0x1, 0x24, 0xffffffff}}, @mark={{0x14, 0x1, 0x24, 0x9a0}}], 0xa8}}], 0x2, 0x4040) 2.519962933s ago: executing program 2 (id=3589): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000000), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000840)={0x10004, 0x2, 0x3000, 0x2000, &(0x7f0000ffb000/0x2000)=nil}) madvise(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x15) 2.325076554s ago: executing program 6 (id=3590): r0 = socket$inet6_icmp_raw(0xa, 0x3, 0x3a) sendto$inet6(r0, &(0x7f0000000400)="2ae0e710", 0x4, 0x20004800, &(0x7f0000000300)={0xa, 0x0, 0x4, @empty}, 0x1c) recvmmsg(r0, &(0x7f0000000d80), 0x4000000000001e9, 0x10162, 0x0) 2.240409138s ago: executing program 5 (id=3591): r0 = openat$ttyS3(0xffffffffffffff9c, &(0x7f0000000000), 0x40940, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000140)=0xf) readv(r0, &(0x7f0000000600)=[{&(0x7f00000001c0)=""/132, 0x84}], 0x1) 2.169058365s ago: executing program 6 (id=3592): r0 = syz_usb_connect(0x3, 0x36, &(0x7f0000001340)=ANY=[@ANYBLOB="1201000014da2108ab12a390eb1e000000010902240001b30000040904410017ff5d810009050f1f01040000000905830300b3"], 0x0) syz_usb_connect$printer(0x0, 0x2d, &(0x7f00000000c0)=ANY=[@ANYBLOB="0d01"], 0x0) syz_usb_ep_write$ath9k_ep2(r0, 0x83, 0x8, &(0x7f00000000c0)=ANY=[]) sendmsg$ETHTOOL_MSG_DEBUG_SET(0xffffffffffffffff, 0x0, 0x8090) 2.019122919s ago: executing program 5 (id=3593): sendmsg$IPCTNL_MSG_CT_NEW(0xffffffffffffffff, &(0x7f0000000080)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0xc0}}, 0x200000b0) sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f00000003c0)=ANY=[@ANYBLOB="a00000001000370400000000000000", @ANYBLOB="830405"], 0xa0}}, 0x0) r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x28100, 0x0) setsockopt$inet_mreqn(0xffffffffffffffff, 0x0, 0x0, &(0x7f0000000000)={@multicast1, @local}, 0xc) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) ioctl$KVM_NMI(r2, 0xae9a) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f0000000440)={[0x0, 0x100000000, 0x0, 0x4000081, 0x100000, 0x0, 0x2004c8, 0x8000000, 0x0, 0x0, 0x7, 0x0, 0x7, 0x0, 0x2, 0xffffffffffffffff]}) ioctl$KVM_RUN(r2, 0xae80, 0x0) ioctl$KVM_SET_REGS(r2, 0x4090ae82, &(0x7f00000002c0)={[0x4, 0x5, 0x6, 0x7fff, 0x2, 0x4, 0xefffffffffffffff, 0x400000, 0x0, 0x2000000, 0x0, 0x1d, 0x0, 0xffffffffffffffff, 0xfffffffffffffff8], 0x0, 0x302000}) ioctl$KVM_RUN(r2, 0xae80, 0x0) 1.815999604s ago: executing program 2 (id=3594): r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000100)={0x19, 0x3, &(0x7f00000003c0)=ANY=[@ANYBLOB="1800000001000000000000000000000095"], &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x9, '\x00', 0x0, @cgroup_sockopt=0x16, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = fsopen(&(0x7f0000000000)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_CMD_CREATE(r1, 0x6, 0x0, 0x0, 0x0) r2 = fsmount(r1, 0x0, 0x80) bpf$BPF_LINK_CREATE(0x1c, &(0x7f00000000c0)={r0, r2, 0x16, 0x0, @void}, 0x10) r3 = socket$can_raw(0x1d, 0x3, 0x1) setsockopt$CAN_RAW_RECV_OWN_MSGS(r3, 0x65, 0x4, &(0x7f00000003c0)=0x1, 0x4) 1.756301008s ago: executing program 5 (id=3595): bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x7, 0xc, &(0x7f0000000440)=ANY=[], 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0xf, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0}, 0x94) syz_extract_tcp_res$synack(0x0, 0x1, 0x0) bpf$PROG_LOAD(0x5, &(0x7f0000000300)={0xe, 0x0, &(0x7f0000000440)=ANY=[], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x12, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x9, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000380)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) bind$inet6(0xffffffffffffffff, 0x0, 0x0) pipe(&(0x7f0000000280)={0xffffffffffffffff, 0xffffffffffffffff}) write(r4, &(0x7f0000000340), 0x11000) io_setup(0x3fc, &(0x7f0000000500)=0x0) io_submit(r5, 0x1, &(0x7f0000000040)=[0x0]) r6 = syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') write$binfmt_elf64(r6, &(0x7f0000000540)=ANY=[@ANYBLOB="7f454c46160c0eb6adbab83e000000000200060000000000d3000000000000004000000000000000ce010000000000002cf6ffff0600380001000b0009001000030000000100000400000000000000000e000000000000000180000000000000020000000000000009000000000000000100000000000000"], 0x78) vmsplice(r3, &(0x7f0000000000)=[{&(0x7f0000000500), 0x3528a9c0}], 0x1, 0x0) listen(0xffffffffffffffff, 0x0) times(0x0) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000380)={0x5, 0xb, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x10, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) syz_io_uring_setup(0x5c2, 0x0, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz0\x00', 0x1ff) r7 = socket$inet_udp(0x2, 0x2, 0x0) ioctl$sock_inet_SIOCADDRT(r7, 0x890b, &(0x7f0000000380)={0x0, {0x2, 0x4e23, @empty}, {0x2, 0xfffe, @dev={0xac, 0x14, 0x14, 0x20}}, {0x2, 0x4e23, @rand_addr=0x64010102}, 0x107, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2000000000}) syz_open_procfs(r0, &(0x7f0000000240)='clear_refs\x00') 1.736694079s ago: executing program 2 (id=3596): r0 = syz_open_dev$evdev(&(0x7f000001fa80), 0x20000000, 0x0) ioctl$EVIOCSCLOCKID(r0, 0x40084504, &(0x7f00000000c0)) 1.518748475s ago: executing program 2 (id=3597): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) sendto$inet(0xffffffffffffffff, &(0x7f00000002c0)="01a4acc7cf28ab9f6c7fc745c30bfc", 0xf, 0x0, 0x0, 0x0) ioctl$KVM_SET_GUEST_DEBUG_x86(0xffffffffffffffff, 0x4048ae9b, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0xb, @ipv4={'\x00', '\xff\xff', @remote}, 0xffff89f5}, 0x1c) connect$inet6(r0, &(0x7f0000000000)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @remote}}, 0x1c) syz_emit_ethernet(0x42, &(0x7f0000000280)={@local, @empty, @void, {@ipv4={0x800, @tcp={{0x5, 0x4, 0x2, 0x3, 0x34, 0x64, 0x0, 0x7, 0x6, 0x0, @remote, @remote}, {{0x4e22, 0x4e22, 0x41424344, 0x41424344, 0x0, 0x0, 0x8, 0x10, 0x6071, 0x0, 0xe7, {[@generic={0x8, 0xa, "09df168a00000000"}]}}}}}}}, 0x0) 1.309603265s ago: executing program 2 (id=3598): r0 = openat$snapshot(0xffffffffffffff9c, &(0x7f0000000040), 0x200, 0x0) ioctl$SNAPSHOT_CREATE_IMAGE(r0, 0x40043311, 0x0) 990.033866ms ago: executing program 0 (id=3599): timer_create(0x0, &(0x7f0000000000)={0x0, 0x21, 0x2, @thr={0x0, 0x0}}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x5}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f00000000c0)={0x1, &(0x7f0000000040)=[{0x6, 0x0, 0x0, 0x7fffffff}]}) 765.95566ms ago: executing program 0 (id=3600): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) ioctl$KDFONTOP_GET(r0, 0x4b72, &(0x7f00000005c0)={0x1, 0x1, 0x7, 0x1f, 0xb1, 0x0}) 552.943437ms ago: executing program 0 (id=3601): r0 = syz_open_dev$loop(&(0x7f0000000000), 0x4, 0x4002) ioctl$BLKSECTGET(r0, 0x1267, 0x0) 472.917654ms ago: executing program 0 (id=3602): r0 = socket$inet6(0xa, 0x2, 0x0) close(0x3) r1 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r1, &(0x7f0000000a40)={0x2, 0x4e20, @loopback}, 0x10) setsockopt$inet6_udp_int(r0, 0x11, 0x68, &(0x7f0000000080)=0xa40, 0x4) recvfrom(r1, 0x0, 0x0, 0x3, 0x0, 0x0) r2 = socket$inet6(0xa, 0x800000000000002, 0x0) setsockopt$inet6_udp_int(r2, 0x11, 0x67, &(0x7f0000000180)=0x40, 0x4) connect$inet6(r2, &(0x7f0000000000)={0xa, 0x4e20, 0x0, @ipv4={'\x00', '\xff\xff', @loopback}}, 0x1c) write(r2, &(0x7f0000001500)="89ba41c97928dec7cec15a160d3dba2553b519a795020072aed129d4b5247c983455b3d757e8b2333a64d9abf416fd83f942661c47bcdf71f7d07ba20d03474a4a", 0x41) ioctl$sock_ipv4_tunnel_SIOCADDTUNNEL(r1, 0x89f1, 0x0) syz_usb_connect(0x5, 0x36, 0x0, 0x0) 0s ago: executing program 2 (id=3603): openat(0xffffffffffffff9c, &(0x7f0000000080)='./file1\x00', 0x129242, 0x0) bpf$MAP_CREATE(0x0, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$cgroup_pid(0xffffffffffffffff, 0x0, 0x0) lsetxattr$security_capability(&(0x7f0000000080)='./file1\x00', &(0x7f00000000c0), &(0x7f0000000240)=@v3={0x3000000, [{0xdb, 0x200b}, {0x1ff}]}, 0x18, 0x0) kernel console output (not intermixed with test programs): 058674][ T24] spca1528 1-1:0.1: probe with driver spca1528 failed with error -71 [ 1353.068826][ T5825] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 1353.080570][ T24] usb 1-1: USB disconnect, device number 110 [ 1353.486762][ T5825] usb 3-1: USB disconnect, device number 113 [ 1353.549296][T15071] udevd[15071]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1353.884318][T18549] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1354.398330][T18559] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3089'. [ 1354.417653][T18559] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3089'. [ 1354.455001][T18560] netlink: 'syz.2.3089': attribute type 10 has an invalid length. [ 1354.500161][T18560] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 1354.520783][T18560] team0: Failed to send options change via netlink (err -105) [ 1354.542677][T18560] team0: Port device netdevsim0 added [ 1354.549632][T17852] team0: Failed to send port change of device netdevsim0 via netlink (err -105) [ 1354.720563][T18565] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3091'. [ 1354.767546][T18565] veth15: entered promiscuous mode [ 1354.995552][T18578] syzkaller0: entered promiscuous mode [ 1355.001525][T18578] syzkaller0: entered allmulticast mode [ 1355.326006][ T29] audit: type=1326 audit(1773793072.919:537): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18586 comm="syz.4.3099" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f736b19c799 code=0x0 [ 1355.448219][ T982] usb 3-1: new high-speed USB device number 114 using dummy_hcd [ 1355.610351][ T982] usb 3-1: Using ep0 maxpacket: 16 [ 1355.617942][ T982] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1355.628998][ T982] usb 3-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1355.645399][ T982] usb 3-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1355.656421][ T982] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1355.664814][ T982] usb 3-1: Product: syz [ 1355.669913][ T982] usb 3-1: Manufacturer: syz [ 1355.674557][ T982] usb 3-1: SerialNumber: syz [ 1355.793222][T18599] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3103'. [ 1355.824920][T18599] veth13: entered promiscuous mode [ 1355.924578][ T982] usb 3-1: 0:2 : does not exist [ 1355.952647][ T982] usb 3-1: 5:0: failed to get current value for ch 0 (-22) [ 1356.041730][ T982] usb 3-1: USB disconnect, device number 114 [ 1356.315158][ T5825] usb 6-1: new high-speed USB device number 44 using dummy_hcd [ 1356.353568][T15071] udevd[15071]: error opening ATTR{/sys/devices/platform/dummy_hcd.2/usb3/3-1/3-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1356.488186][ T5825] usb 6-1: Using ep0 maxpacket: 16 [ 1356.497755][ T5825] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 1356.509390][ T5825] usb 6-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 2047, setting to 1024 [ 1356.561985][ T5825] usb 6-1: string descriptor 0 read error: -22 [ 1356.678352][ T5825] usb 6-1: New USB device found, idVendor=041e, idProduct=3020, bcdDevice= 0.40 [ 1356.688863][ T5825] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1357.193110][ T5825] usb 6-1: USB disconnect, device number 44 [ 1359.437485][T18638] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3114'. [ 1359.581933][T18638] veth11: entered promiscuous mode [ 1359.602492][T18647] syzkaller0: entered promiscuous mode [ 1359.608854][T18647] syzkaller0: entered allmulticast mode [ 1359.682605][T18651] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1359.938157][ T5825] usb 5-1: new full-speed USB device number 100 using dummy_hcd [ 1360.182690][ T5825] usb 5-1: not running at top speed; connect to a high speed hub [ 1360.200618][ T5825] usb 5-1: config 1 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 1360.217994][ T5825] usb 5-1: New USB device found, idVendor=0582, idProduct=004d, bcdDevice= 0.40 [ 1360.234669][ T5825] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1360.251171][ T5825] usb 5-1: Product: syz [ 1360.260884][ T5825] usb 5-1: Manufacturer: Ѝ [ 1360.269912][ T5825] usb 5-1: SerialNumber: syz [ 1360.764108][T18650] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1360.866286][ T29] audit: type=1326 audit(1773793078.459:538): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18667 comm="syz.2.3124" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff8fa79c799 code=0x0 [ 1360.919287][T18650] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1361.004934][ T5825] usb 5-1: Quirk or no altset; falling back to MIDI 1.0 [ 1361.157865][ T5825] snd-usb-audio 5-1:1.0: probe with driver snd-usb-audio failed with error -2 [ 1361.195433][ T5825] usb 5-1: USB disconnect, device number 100 [ 1361.232523][T15071] udevd[15071]: error opening ATTR{/sys/devices/platform/dummy_hcd.4/usb5/5-1/5-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1361.301482][T18678] FAULT_INJECTION: forcing a failure. [ 1361.301482][T18678] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1361.352540][T18678] CPU: 0 UID: 0 PID: 18678 Comm: syz.3.3128 Tainted: G L syzkaller #0 PREEMPT(full) [ 1361.352573][T18678] Tainted: [L]=SOFTLOCKUP [ 1361.352582][T18678] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1361.352595][T18678] Call Trace: [ 1361.352603][T18678] [ 1361.352613][T18678] dump_stack_lvl+0xe8/0x150 [ 1361.352649][T18678] should_fail_ex+0x412/0x560 [ 1361.352683][T18678] _copy_from_iter+0x1d3/0x1670 [ 1361.352721][T18678] ? rcu_is_watching+0x15/0xb0 [ 1361.352756][T18678] ? __pfx__copy_from_iter+0x10/0x10 [ 1361.352796][T18678] ? netlink_sendmsg+0x650/0xb40 [ 1361.352827][T18678] ? skb_put+0x11b/0x210 [ 1361.352853][T18678] netlink_sendmsg+0x6c0/0xb40 [ 1361.352894][T18678] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1361.352930][T18678] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1361.352961][T18678] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1361.352988][T18678] ____sys_sendmsg+0x972/0x9f0 [ 1361.353022][T18678] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1361.353054][T18678] ? import_iovec+0x73/0xa0 [ 1361.353081][T18678] ___sys_sendmsg+0x2a5/0x360 [ 1361.353110][T18678] ? __pfx____sys_sendmsg+0x10/0x10 [ 1361.353177][T18678] ? __fget_files+0x2a/0x420 [ 1361.353209][T18678] ? __fget_files+0x3a0/0x420 [ 1361.353248][T18678] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1361.353276][T18678] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1361.353309][T18678] ? __pfx_ksys_write+0x10/0x10 [ 1361.353343][T18678] do_syscall_64+0x14d/0xf80 [ 1361.353366][T18678] ? trace_irq_disable+0x3b/0x150 [ 1361.353397][T18678] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1361.353419][T18678] ? clear_bhb_loop+0x40/0x90 [ 1361.353445][T18678] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1361.353466][T18678] RIP: 0033:0x7f2dc3d9c799 [ 1361.353486][T18678] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1361.353504][T18678] RSP: 002b:00007f2dc4cfb028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1361.353526][T18678] RAX: ffffffffffffffda RBX: 00007f2dc4015fa0 RCX: 00007f2dc3d9c799 [ 1361.353541][T18678] RDX: 0000000000000000 RSI: 00002000000000c0 RDI: 0000000000000003 [ 1361.353554][T18678] RBP: 00007f2dc4cfb090 R08: 0000000000000000 R09: 0000000000000000 [ 1361.353567][T18678] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1361.353580][T18678] R13: 00007f2dc4016038 R14: 00007f2dc4015fa0 R15: 00007f2dc413fa48 [ 1361.353612][T18678] [ 1361.653259][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1361.659726][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1361.754293][T18683] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3130'. [ 1361.864066][T18683] veth17: entered promiscuous mode [ 1362.107331][ T5825] usb 6-1: new full-speed USB device number 45 using dummy_hcd [ 1362.199209][T18700] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3137'. [ 1362.423178][ T5825] usb 6-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1362.432383][ T5825] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1362.495400][ T5825] usb 6-1: Product: syz [ 1362.499899][ T5825] usb 6-1: Manufacturer: syz [ 1362.504621][ T5825] usb 6-1: SerialNumber: syz [ 1362.514955][ T5825] usb 6-1: config 0 descriptor?? [ 1362.848271][ T5825] usb 6-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1363.095662][T18705] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1363.104629][T18705] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1363.257911][ T5825] dvb_usb_rtl28xxu 6-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1363.400275][ T5825] usb 6-1: USB disconnect, device number 45 [ 1363.978150][ T29] audit: type=1326 audit(1773793081.569:539): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18711 comm="syz.5.3140" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f892079c799 code=0x0 [ 1364.368181][ T982] usb 4-1: new full-speed USB device number 120 using dummy_hcd [ 1364.525500][ T982] usb 4-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1364.535513][ T982] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1364.553353][ T982] usb 4-1: Product: syz [ 1364.569393][ T982] usb 4-1: Manufacturer: syz [ 1364.585608][ T982] usb 4-1: SerialNumber: syz [ 1364.607818][ T982] usb 4-1: config 0 descriptor?? [ 1364.869044][ T982] usb 4-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1364.942178][T18725] netlink: 64 bytes leftover after parsing attributes in process `syz.0.3144'. [ 1365.102143][T18718] syzkaller0: entered promiscuous mode [ 1365.108240][T18718] syzkaller0: entered allmulticast mode [ 1365.226901][T18727] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1365.235984][T18727] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1365.980636][ T982] dvb_usb_rtl28xxu 4-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1366.022160][T18733] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3147'. [ 1366.038646][ T982] usb 4-1: USB disconnect, device number 120 [ 1366.067640][T18733] veth19: entered promiscuous mode [ 1366.423405][T18741] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1368.132245][ T1145] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1369.237314][T18768] fuse: Bad value for 'fd' [ 1369.338199][ T29] audit: type=1326 audit(1773793086.919:540): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=18769 comm="syz.0.3161" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbb4039c799 code=0x0 [ 1369.443761][T18775] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3159'. [ 1369.498419][T18775] veth15: entered promiscuous mode [ 1369.566228][T18781] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3163'. [ 1369.580721][T18772] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3160'. [ 1369.586861][T18781] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3163'. [ 1369.740892][T18785] netlink: 'syz.5.3165': attribute type 10 has an invalid length. [ 1369.779158][T18785] team0: Failed to send options change via netlink (err -105) [ 1369.788745][T18785] team0: Port device dummy0 added [ 1369.851835][T18785] netlink: 'syz.5.3165': attribute type 10 has an invalid length. [ 1369.862206][T18785] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 1369.909073][T18785] team0: Failed to send options change via netlink (err -105) [ 1369.928798][T18785] team0: Failed to send port change of device dummy0 via netlink (err -105) [ 1369.951527][T18785] team0: Port device dummy0 removed [ 1369.979936][T18785] bond0: (slave dummy0): Enslaving as an active interface with an up link [ 1370.760725][T18798] fuse: Invalid rootmode [ 1370.911450][T18803] FAULT_INJECTION: forcing a failure. [ 1370.911450][T18803] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1370.990415][T18803] CPU: 0 UID: 0 PID: 18803 Comm: syz.5.3171 Tainted: G L syzkaller #0 PREEMPT(full) [ 1370.990441][T18803] Tainted: [L]=SOFTLOCKUP [ 1370.990448][T18803] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1370.990457][T18803] Call Trace: [ 1370.990477][T18803] [ 1370.990485][T18803] dump_stack_lvl+0xe8/0x150 [ 1370.990512][T18803] should_fail_ex+0x412/0x560 [ 1370.990538][T18803] _copy_from_iter+0x1d3/0x1670 [ 1370.990564][T18803] ? rcu_is_watching+0x15/0xb0 [ 1370.990590][T18803] ? __pfx__copy_from_iter+0x10/0x10 [ 1370.990618][T18803] ? __alloc_skb+0x4e5/0x7d0 [ 1370.990631][T18803] ? skb_put+0x11b/0x210 [ 1370.990648][T18803] pfkey_sendmsg+0x265/0x1120 [ 1370.990747][T18803] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 1370.990769][T18803] ? aa_sk_perm+0x6d5/0x900 [ 1370.990797][T18803] ? __pfx_aa_sk_perm+0x10/0x10 [ 1370.990816][T18803] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 1370.990843][T18803] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1370.990866][T18803] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1370.990886][T18803] ____sys_sendmsg+0x972/0x9f0 [ 1370.990909][T18803] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1370.990933][T18803] ? import_iovec+0x73/0xa0 [ 1370.990951][T18803] ___sys_sendmsg+0x2a5/0x360 [ 1370.990972][T18803] ? __pfx____sys_sendmsg+0x10/0x10 [ 1370.991012][T18803] ? __fget_files+0x2a/0x420 [ 1370.991034][T18803] ? __fget_files+0x3a0/0x420 [ 1370.991063][T18803] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1370.991082][T18803] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1370.991105][T18803] ? __pfx_ksys_write+0x10/0x10 [ 1370.991130][T18803] do_syscall_64+0x14d/0xf80 [ 1370.991147][T18803] ? trace_irq_disable+0x3b/0x150 [ 1370.991168][T18803] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1370.991187][T18803] ? clear_bhb_loop+0x40/0x90 [ 1370.991206][T18803] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1370.991221][T18803] RIP: 0033:0x7f892079c799 [ 1370.991236][T18803] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1370.991249][T18803] RSP: 002b:00007f891e9f6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1370.991266][T18803] RAX: ffffffffffffffda RBX: 00007f8920a15fa0 RCX: 00007f892079c799 [ 1370.991284][T18803] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 1370.991293][T18803] RBP: 00007f891e9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1370.991302][T18803] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1370.991311][T18803] R13: 00007f8920a16038 R14: 00007f8920a15fa0 R15: 00007f8920b3fa48 [ 1370.991360][T18803] [ 1371.571069][T18806] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3173'. [ 1371.650937][T18812] QAT: Device 8 not found [ 1371.673531][T18806] veth21: entered promiscuous mode [ 1371.719121][T18816] netlink: 8 bytes leftover after parsing attributes in process `syz.5.3175'. [ 1371.735446][T18816] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3175'. [ 1371.873966][T18820] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.3176'. [ 1372.158355][ T5911] usb 3-1: new high-speed USB device number 115 using dummy_hcd [ 1372.527832][T18830] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1372.590555][ T5911] usb 3-1: too many endpoints for config 0 interface 0 altsetting 0: 253, using maximum allowed: 30 [ 1372.976459][ T5911] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1372.998328][ T5911] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1373.011779][ T5911] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 253 [ 1373.079619][ T5911] usb 3-1: New USB device found, idVendor=05ac, idProduct=8243, bcdDevice=8b.40 [ 1373.105833][ T5911] usb 3-1: New USB device strings: Mfr=11, Product=0, SerialNumber=0 [ 1373.162096][ T5911] usb 3-1: Manufacturer: syz [ 1373.359482][ T5911] usb 3-1: config 0 descriptor?? [ 1373.396488][T18843] syzkaller0: entered promiscuous mode [ 1373.405845][T18843] syzkaller0: entered allmulticast mode [ 1373.475796][T18839] fuse: Invalid rootmode [ 1374.009505][T18818] syzkaller0: entered promiscuous mode [ 1374.015147][T18818] syzkaller0: entered allmulticast mode [ 1374.092055][ T5911] usbhid 3-1:0.0: can't add hid device: -71 [ 1374.105658][ T5911] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1374.117292][ T5911] usb 3-1: USB disconnect, device number 115 [ 1374.258218][ T42] usb 1-1: new high-speed USB device number 111 using dummy_hcd [ 1374.342206][T18855] netlink: 8 bytes leftover after parsing attributes in process `syz.4.3187'. [ 1374.351318][T18855] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3187'. [ 1374.371548][T18855] netlink: 'syz.4.3187': attribute type 10 has an invalid length. [ 1374.399744][T18855] team0: Port device netdevsim0 added [ 1374.472642][ T42] usb 1-1: config 9 has an invalid interface number: 164 but max is 1 [ 1374.481028][ T42] usb 1-1: config 9 has an invalid interface number: 82 but max is 1 [ 1374.491928][ T42] usb 1-1: config 9 has an invalid descriptor of length 0, skipping remainder of the config [ 1374.510629][ T42] usb 1-1: config 9 has no interface number 0 [ 1374.522001][ T42] usb 1-1: config 9 has no interface number 1 [ 1374.535356][ T42] usb 1-1: config 9 interface 164 altsetting 1 endpoint 0xB has invalid maxpacket 1024, setting to 64 [ 1374.555627][ T42] usb 1-1: config 9 interface 164 altsetting 1 has a duplicate endpoint with address 0xB, skipping [ 1374.578326][ T42] usb 1-1: config 9 interface 164 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 1374.597723][ T42] usb 1-1: config 9 interface 164 altsetting 1 endpoint 0x5 has invalid maxpacket 1648, setting to 64 [ 1374.637078][ T42] usb 1-1: config 9 interface 164 altsetting 1 has an invalid descriptor for endpoint zero, skipping [ 1374.658871][ T42] usb 1-1: config 9 interface 164 altsetting 1 endpoint 0xA has invalid maxpacket 1023, setting to 64 [ 1374.680346][ T42] usb 1-1: config 9 interface 164 altsetting 1 has a duplicate endpoint with address 0xA, skipping [ 1374.703776][ T42] usb 1-1: config 9 interface 164 altsetting 1 has 7 endpoint descriptors, different from the interface descriptor's value: 15 [ 1374.774144][ T42] usb 1-1: config 9 interface 82 altsetting 4 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1374.794375][ T42] usb 1-1: config 9 interface 82 altsetting 4 has 1 endpoint descriptor, different from the interface descriptor's value: 6 [ 1374.826969][ T42] usb 1-1: config 9 interface 164 has no altsetting 0 [ 1374.889004][ T42] usb 1-1: config 9 interface 82 has no altsetting 0 [ 1374.921273][ T42] usb 1-1: New USB device found, idVendor=0499, idProduct=1017, bcdDevice=56.9b [ 1374.934837][ T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1374.946534][T18860] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1374.959853][ T42] usb 1-1: Product: syz [ 1374.964083][ T42] usb 1-1: Manufacturer: syz [ 1374.969177][ T42] usb 1-1: SerialNumber: syz [ 1374.977578][T18860] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1374.996584][T18850] raw-gadget.1 gadget.0: fail, usb_ep_enable returned -22 [ 1375.188622][T15535] usb 3-1: new high-speed USB device number 116 using dummy_hcd [ 1375.354415][T15535] usb 3-1: Using ep0 maxpacket: 32 [ 1375.385508][T15535] usb 3-1: config 0 has an invalid interface number: 85 but max is 0 [ 1375.400381][T15535] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1375.417397][T15535] usb 3-1: config 0 has no interface number 0 [ 1375.439095][T15535] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x8 has invalid maxpacket 512, setting to 64 [ 1375.455262][T15535] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1375.467876][T15535] usb 3-1: config 0 interface 85 altsetting 7 endpoint 0x82 has invalid wMaxPacketSize 0 [ 1375.480730][T15535] usb 3-1: config 0 interface 85 altsetting 7 has 6 endpoint descriptors, different from the interface descriptor's value: 7 [ 1375.494465][T15535] usb 3-1: config 0 interface 85 has no altsetting 0 [ 1375.508161][T15535] usb 3-1: New USB device found, idVendor=05ac, idProduct=0219, bcdDevice=f0.72 [ 1375.520193][T15535] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1375.529432][T15535] usb 3-1: Product: syz [ 1375.533835][T15535] usb 3-1: Manufacturer: syz [ 1375.539008][T15535] usb 3-1: SerialNumber: syz [ 1375.547305][T15535] usb 3-1: config 0 descriptor?? [ 1375.569010][ T5825] usb 6-1: new high-speed USB device number 46 using dummy_hcd [ 1375.719905][ T5825] usb 6-1: device descriptor read/64, error -71 [ 1375.764192][T15535] appletouch 3-1:0.85: Failed to read mode from device. [ 1375.773400][T15535] appletouch 3-1:0.85: probe with driver appletouch failed with error -5 [ 1375.811022][T15535] usb 3-1: USB disconnect, device number 116 [ 1375.968168][ T5825] usb 6-1: new high-speed USB device number 47 using dummy_hcd [ 1376.108562][ T5825] usb 6-1: device descriptor read/64, error -71 [ 1376.218704][ T5825] usb usb6-port1: attempt power cycle [ 1376.329862][T18881] __nla_validate_parse: 1 callbacks suppressed [ 1376.329883][T18881] netlink: 8 bytes leftover after parsing attributes in process `syz.2.3196'. [ 1376.346747][T18881] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3196'. [ 1376.467401][T18883] fuse: Invalid rootmode [ 1376.558250][ T5825] usb 6-1: new high-speed USB device number 48 using dummy_hcd [ 1376.599155][ T5825] usb 6-1: device descriptor read/8, error -71 [ 1377.424843][ T42] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1377.462679][ T42] snd-usb-audio 1-1:9.164: probe with driver snd-usb-audio failed with error -2 [ 1377.478134][ T5825] usb 6-1: new high-speed USB device number 49 using dummy_hcd [ 1377.512418][ T42] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1377.532589][ T5825] usb 6-1: device descriptor read/8, error -71 [ 1377.563895][T18898] netlink: 'syz.3.3203': attribute type 1 has an invalid length. [ 1377.651505][ T5825] usb usb6-port1: unable to enumerate USB device [ 1377.744026][ T42] usb 1-1: USB disconnect, device number 111 [ 1377.912054][T18906] warning: `syz.0.3204' uses wireless extensions which will stop working for Wi-Fi 7 hardware; use nl80211 [ 1379.079987][T18918] fuse: Unknown parameter '00000000000000000000' [ 1379.416648][T18926] FAULT_INJECTION: forcing a failure. [ 1379.416648][T18926] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1379.466902][T18926] CPU: 0 UID: 0 PID: 18926 Comm: syz.5.3213 Tainted: G L syzkaller #0 PREEMPT(full) [ 1379.466934][T18926] Tainted: [L]=SOFTLOCKUP [ 1379.466941][T18926] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1379.466955][T18926] Call Trace: [ 1379.466964][T18926] [ 1379.466973][T18926] dump_stack_lvl+0xe8/0x150 [ 1379.467009][T18926] should_fail_ex+0x412/0x560 [ 1379.467043][T18926] _copy_from_user+0x2d/0xb0 [ 1379.467067][T18926] keyctl_pkey_params_get_2+0x11f/0x4c0 [ 1379.467093][T18926] ? __pfx_keyctl_pkey_params_get_2+0x10/0x10 [ 1379.467126][T18926] ? get_pid_task+0x20/0x1f0 [ 1379.467158][T18926] keyctl_pkey_e_d_s+0xd1/0x340 [ 1379.467181][T18926] ? __pfx_keyctl_pkey_e_d_s+0x10/0x10 [ 1379.467214][T18926] __se_sys_keyctl+0x494/0x9e0 [ 1379.467243][T18926] ? __pfx___se_sys_keyctl+0x10/0x10 [ 1379.467274][T18926] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1379.467301][T18926] ? __fget_files+0x3a0/0x420 [ 1379.467335][T18926] ? fput+0xa0/0xd0 [ 1379.467365][T18926] ? ksys_write+0x242/0x270 [ 1379.467390][T18926] ? __pfx_ksys_write+0x10/0x10 [ 1379.467416][T18926] ? __x64_sys_keyctl+0x20/0xc0 [ 1379.467444][T18926] do_syscall_64+0x14d/0xf80 [ 1379.467465][T18926] ? trace_irq_disable+0x3b/0x150 [ 1379.467494][T18926] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1379.467515][T18926] ? clear_bhb_loop+0x40/0x90 [ 1379.467540][T18926] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1379.467562][T18926] RIP: 0033:0x7f892079c799 [ 1379.467581][T18926] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1379.467599][T18926] RSP: 002b:00007f891e9f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000000fa [ 1379.467621][T18926] RAX: ffffffffffffffda RBX: 00007f8920a15fa0 RCX: 00007f892079c799 [ 1379.467638][T18926] RDX: 0000200000005b00 RSI: 0000200000005ac0 RDI: 000000000000001b [ 1379.467655][T18926] RBP: 00007f891e9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1379.467664][T18926] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1379.467673][T18926] R13: 00007f8920a16038 R14: 00007f8920a15fa0 R15: 00007f8920b3fa48 [ 1379.467696][T18926] [ 1379.770329][T18928] input: syz1 as /devices/virtual/input/input16 [ 1379.812619][ T5840] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 1379.928020][T18928] netlink: 'syz.3.3212': attribute type 21 has an invalid length. [ 1379.947715][T18935] random: crng reseeded on system resumption [ 1379.973652][T18928] IPv6: NLM_F_CREATE should be specified when creating new route [ 1380.220908][T18942] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3219'. [ 1380.230454][T18942] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3219'. [ 1380.398399][ T5825] usb 1-1: new high-speed USB device number 112 using dummy_hcd [ 1380.488190][T15535] usb 4-1: new high-speed USB device number 121 using dummy_hcd [ 1380.527659][T18956] FAULT_INJECTION: forcing a failure. [ 1380.527659][T18956] name failslab, interval 1, probability 0, space 0, times 0 [ 1380.548288][T18956] CPU: 0 UID: 0 PID: 18956 Comm: syz.5.3221 Tainted: G L syzkaller #0 PREEMPT(full) [ 1380.548322][T18956] Tainted: [L]=SOFTLOCKUP [ 1380.548331][T18956] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1380.548344][T18956] Call Trace: [ 1380.548353][T18956] [ 1380.548363][T18956] dump_stack_lvl+0xe8/0x150 [ 1380.548398][T18956] should_fail_ex+0x412/0x560 [ 1380.548434][T18956] should_failslab+0xa8/0x100 [ 1380.548461][T18956] ? mas_dup_build+0x141/0x1250 [ 1380.548486][T18956] kmem_cache_alloc_noprof+0x87/0x650 [ 1380.548527][T18956] mas_dup_build+0x141/0x1250 [ 1380.548552][T18956] ? __lock_acquire+0x6b5/0x2cf0 [ 1380.548600][T18956] __mt_dup+0x197/0x2c0 [ 1380.548622][T18956] ? __pfx___mt_dup+0x10/0x10 [ 1380.548655][T18956] ? get_mm_exe_file+0x1c/0x170 [ 1380.548691][T18956] ? get_mm_exe_file+0x1c/0x170 [ 1380.548715][T18956] ? get_mm_exe_file+0x1c/0x170 [ 1380.548749][T18956] dup_mmap+0x418/0x1d90 [ 1380.548776][T18956] ? pcpu_memcg_post_alloc_hook+0x77/0x580 [ 1380.548808][T18956] ? __lock_acquire+0x6b5/0x2cf0 [ 1380.548839][T18956] ? __pfx_dup_mmap+0x10/0x10 [ 1380.548873][T18956] ? lockdep_hardirqs_on+0x7a/0x110 [ 1380.548919][T18956] copy_mm+0x13b/0x4a0 [ 1380.548950][T18956] copy_process+0x18b6/0x3cd0 [ 1380.548988][T18956] ? copy_process+0x921/0x3cd0 [ 1380.549030][T18956] ? __pfx_copy_process+0x10/0x10 [ 1380.549060][T18956] ? get_pid_task+0x20/0x1f0 [ 1380.549079][T18956] ? get_pid_task+0x20/0x1f0 [ 1380.549107][T18956] kernel_clone+0x248/0x8e0 [ 1380.549142][T18956] ? __pfx_kernel_clone+0x10/0x10 [ 1380.549182][T18956] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1380.549214][T18956] __x64_sys_clone+0x1b6/0x230 [ 1380.549249][T18956] ? __pfx___x64_sys_clone+0x10/0x10 [ 1380.549326][T18956] ? __pfx_ksys_write+0x10/0x10 [ 1380.549363][T18956] do_syscall_64+0x14d/0xf80 [ 1380.549386][T18956] ? trace_irq_disable+0x3b/0x150 [ 1380.549416][T18956] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1380.549436][T18956] ? clear_bhb_loop+0x40/0x90 [ 1380.549462][T18956] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1380.549482][T18956] RIP: 0033:0x7f892079c799 [ 1380.549510][T18956] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1380.549529][T18956] RSP: 002b:00007f891e9d4fd8 EFLAGS: 00000202 ORIG_RAX: 0000000000000038 [ 1380.549551][T18956] RAX: ffffffffffffffda RBX: 00007f8920a16090 RCX: 00007f892079c799 [ 1380.549566][T18956] RDX: 0000000000000000 RSI: 0000000000000000 RDI: 0000000001144280 [ 1380.549578][T18956] RBP: 00007f891e9d5090 R08: 0000000000000000 R09: 0000000000000000 [ 1380.549589][T18956] R10: 0000000000000000 R11: 0000000000000202 R12: 0000000000000002 [ 1380.549600][T18956] R13: 00007f8920a16128 R14: 00007f8920a16090 R15: 00007f8920b3fa48 [ 1380.549633][T18956] [ 1380.832127][ T5825] usb 1-1: Using ep0 maxpacket: 16 [ 1380.840559][ T5825] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 1380.851842][ T5825] usb 1-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 2047, setting to 1024 [ 1380.882786][ T5825] usb 1-1: string descriptor 0 read error: -22 [ 1380.898236][ T5825] usb 1-1: New USB device found, idVendor=041e, idProduct=3020, bcdDevice= 0.40 [ 1380.918615][ T5825] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1380.930863][T15535] usb 4-1: Using ep0 maxpacket: 32 [ 1380.939354][T15535] usb 4-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1380.950301][T15535] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 0, changing to 7 [ 1380.961181][T15535] usb 4-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1380.970936][T15535] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1380.982413][T15535] usb 4-1: config 1 interface 1 has no altsetting 0 [ 1380.992495][T15535] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1381.001917][T15535] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1381.010226][T15535] usb 4-1: Product: syz [ 1381.014435][T15535] usb 4-1: Manufacturer: syz [ 1381.019148][T15535] usb 4-1: SerialNumber: syz [ 1381.258202][T18944] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1381.278743][T18944] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1381.367094][T15535] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 1381.418495][T15535] usb 4-1: 2:1 : no or invalid class specific endpoint descriptor [ 1381.622667][T15535] usb 4-1: USB disconnect, device number 121 [ 1381.836511][ T5825] usb 1-1: USB disconnect, device number 112 [ 1382.361990][T15535] usb 4-1: new high-speed USB device number 122 using dummy_hcd [ 1382.559207][T15535] usb 4-1: Using ep0 maxpacket: 8 [ 1382.567347][T15535] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1382.584402][T15535] usb 4-1: New USB device found, idVendor=041e, idProduct=3000, bcdDevice= 0.40 [ 1382.594061][T15535] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1382.602460][T15535] usb 4-1: Product: syz [ 1382.607018][T15535] usb 4-1: Manufacturer: syz [ 1382.613057][T15535] usb 4-1: SerialNumber: syz [ 1382.925441][T15535] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1382.940938][T15535] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 1382.961885][T15535] usb 4-1: unit 3 not found! [ 1383.165370][T18986] syzkaller1: entered promiscuous mode [ 1383.181836][T18986] syzkaller1: entered allmulticast mode [ 1383.217407][T15535] usb 4-1: USB disconnect, device number 122 [ 1383.309674][T15065] udevd[15065]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1383.488248][ T42] usb 3-1: new high-speed USB device number 117 using dummy_hcd [ 1383.659343][T18995] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1383.670084][ T42] usb 3-1: Using ep0 maxpacket: 16 [ 1383.682096][ T42] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 1383.698290][T18995] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1383.714480][ T42] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 2047, setting to 1024 [ 1383.760783][ T42] usb 3-1: string descriptor 0 read error: -22 [ 1383.767157][ T42] usb 3-1: New USB device found, idVendor=041e, idProduct=3020, bcdDevice= 0.40 [ 1383.800831][ T42] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1383.894607][T18997] netlink: 12 bytes leftover after parsing attributes in process `syz.4.3233'. [ 1383.918172][ T5825] usb 4-1: new high-speed USB device number 123 using dummy_hcd [ 1383.949575][T18997] veth13: entered promiscuous mode [ 1384.346898][ T42] usb 3-1: USB disconnect, device number 117 [ 1385.020635][T19018] FAULT_INJECTION: forcing a failure. [ 1385.020635][T19018] name failslab, interval 1, probability 0, space 0, times 0 [ 1385.399383][T19018] CPU: 1 UID: 0 PID: 19018 Comm: syz.3.3243 Tainted: G L syzkaller #0 PREEMPT(full) [ 1385.399417][T19018] Tainted: [L]=SOFTLOCKUP [ 1385.399426][T19018] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1385.399439][T19018] Call Trace: [ 1385.399448][T19018] [ 1385.399457][T19018] dump_stack_lvl+0xe8/0x150 [ 1385.399491][T19018] should_fail_ex+0x412/0x560 [ 1385.399528][T19018] ? __d_alloc+0x37/0x6f0 [ 1385.399550][T19018] should_failslab+0xa8/0x100 [ 1385.399578][T19018] kmem_cache_alloc_lru_noprof+0x87/0x640 [ 1385.399610][T19018] __d_alloc+0x37/0x6f0 [ 1385.399630][T19018] ? __asan_memcpy+0x40/0x70 [ 1385.399649][T19018] ? errseq_sample+0x40/0x70 [ 1385.399675][T19018] d_alloc_pseudo+0x21/0xc0 [ 1385.399697][T19018] alloc_file_pseudo+0xdd/0x240 [ 1385.399731][T19018] ? __pfx_alloc_file_pseudo+0x10/0x10 [ 1385.399759][T19018] ? pidfs_register_pid+0x16/0x1b0 [ 1385.399791][T19018] ? pidfs_register_pid+0x7c/0x1b0 [ 1385.399825][T19018] sock_alloc_file+0xb8/0x2e0 [ 1385.399858][T19018] __sys_socketpair+0x386/0x560 [ 1385.399896][T19018] __x64_sys_socketpair+0x9b/0xb0 [ 1385.399929][T19018] do_syscall_64+0x14d/0xf80 [ 1385.399951][T19018] ? trace_irq_disable+0x3b/0x150 [ 1385.399981][T19018] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1385.400003][T19018] ? clear_bhb_loop+0x40/0x90 [ 1385.400029][T19018] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1385.400050][T19018] RIP: 0033:0x7f2dc3d9c799 [ 1385.400069][T19018] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1385.400087][T19018] RSP: 002b:00007f2dc4cfb028 EFLAGS: 00000246 ORIG_RAX: 0000000000000035 [ 1385.400116][T19018] RAX: ffffffffffffffda RBX: 00007f2dc4015fa0 RCX: 00007f2dc3d9c799 [ 1385.400132][T19018] RDX: 0000000000000000 RSI: 0000000000000005 RDI: 0000000000000001 [ 1385.400144][T19018] RBP: 00007f2dc4cfb090 R08: 0000000000000000 R09: 0000000000000000 [ 1385.400157][T19018] R10: 0000200000000040 R11: 0000000000000246 R12: 0000000000000002 [ 1385.400170][T19018] R13: 00007f2dc4016038 R14: 00007f2dc4015fa0 R15: 00007f2dc413fa48 [ 1385.400203][T19018] [ 1385.619688][ T29] audit: type=1800 audit(1773793102.659:541): pid=19020 uid=0 auid=4294967295 ses=4294967295 subj=unconfined op=collect_data cause=failed(directio) comm="syz.2.3244" name="bus" dev="tmpfs" ino=3366 res=0 errno=0 [ 1386.401727][T19032] netlink: 16 bytes leftover after parsing attributes in process `syz.2.3246'. [ 1386.416270][T19032] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1386.876264][T19038] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3249'. [ 1386.939250][T19038] veth13: entered promiscuous mode [ 1386.998191][ T5911] usb 6-1: new full-speed USB device number 50 using dummy_hcd [ 1387.369013][ T5911] usb 6-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1387.381994][ T5911] usb 6-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1387.391293][ T5911] usb 6-1: New USB device found, idVendor=0457, idProduct=07da, bcdDevice= 0.00 [ 1387.410198][ T5911] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1387.431700][ T5911] usb 6-1: config 0 descriptor?? [ 1388.193262][ T42] usb 6-1: USB disconnect, device number 50 [ 1388.757679][T19062] syzkaller0: entered promiscuous mode [ 1388.766932][T19062] syzkaller0: entered allmulticast mode [ 1390.206878][T19081] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3260'. [ 1390.252243][T19081] veth17: entered promiscuous mode [ 1390.443825][T16134] bond0: (slave bond_slave_0): interface is now down [ 1390.454923][T19087] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1390.466760][T16134] bond0: (slave bond_slave_1): interface is now down [ 1390.511131][T16134] bond0: now running without any active interface! [ 1390.943217][ T5840] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 1391.198163][ T5911] usb 4-1: new high-speed USB device number 124 using dummy_hcd [ 1391.298188][ T42] usb 5-1: new high-speed USB device number 101 using dummy_hcd [ 1391.476060][ T5911] usb 4-1: Using ep0 maxpacket: 32 [ 1391.493972][ T5911] usb 4-1: config 0 has no interfaces? [ 1391.500110][ T5911] usb 4-1: New USB device found, idVendor=0e41, idProduct=5051, bcdDevice=d5.e8 [ 1391.509819][T19111] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3269'. [ 1391.519118][ T5911] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1391.593051][ T5911] usb 4-1: config 0 descriptor?? [ 1391.640866][ T42] usb 5-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1391.652089][T19113] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3269'. [ 1392.470787][ T42] usb 5-1: New USB device found, idVendor=1c40, idProduct=0534, bcdDevice=6d.cc [ 1392.488274][ T42] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1392.515883][ T42] usb 5-1: Product: syz [ 1392.524395][ T42] usb 5-1: Manufacturer: syz [ 1392.533973][ T42] usb 5-1: SerialNumber: syz [ 1392.542312][T19120] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3272'. [ 1392.553956][ T42] usb 5-1: config 0 descriptor?? [ 1392.648704][T19120] veth15: entered promiscuous mode [ 1392.968409][ T5911] usb 5-1: USB disconnect, device number 101 [ 1392.970443][T19130] netlink: 'syz.3.3274': attribute type 10 has an invalid length. [ 1393.256382][ T5840] Bluetooth: hci3: unexpected event 0x2f length: 509 > 260 [ 1394.122330][T19157] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3283'. [ 1394.257337][T19157] veth19: entered promiscuous mode [ 1394.797121][T19170] netlink: 'syz.4.3286': attribute type 2 has an invalid length. [ 1394.808217][ T5911] usb 3-1: new high-speed USB device number 118 using dummy_hcd [ 1394.856773][ T42] usb 6-1: new high-speed USB device number 51 using dummy_hcd [ 1394.892941][T19174] netlink: 68 bytes leftover after parsing attributes in process `syz.0.3290'. [ 1394.979912][ T5911] usb 3-1: device descriptor read/64, error -71 [ 1395.008236][ T42] usb 6-1: Using ep0 maxpacket: 16 [ 1395.019809][ T42] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1395.039201][ T42] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1395.049617][ T42] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1395.077071][ T42] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1395.112049][ T42] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1395.135489][ T42] usb 6-1: config 0 descriptor?? [ 1395.218260][ T5911] usb 3-1: new high-speed USB device number 119 using dummy_hcd [ 1395.235103][T19182] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1395.245476][T19182] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1395.368317][ T5911] usb 3-1: device descriptor read/64, error -71 [ 1395.400383][T19194] netlink: 4 bytes leftover after parsing attributes in process `syz.4.3294'. [ 1395.435069][T19194] input: syz0 as /devices/virtual/input/input19 [ 1395.478683][ T5911] usb usb3-port1: attempt power cycle [ 1395.581088][ T42] microsoft 0003:045E:07DA.000E: ignoring exceeding usage max [ 1395.603840][ T42] microsoft 0003:045E:07DA.000E: hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.5-1/input0 [ 1395.616570][ T42] microsoft 0003:045E:07DA.000E: no inputs found [ 1395.626228][ T42] microsoft 0003:045E:07DA.000E: could not initialize ff, continuing anyway [ 1395.828181][ T5911] usb 3-1: new high-speed USB device number 120 using dummy_hcd [ 1395.890052][ T5911] usb 3-1: device descriptor read/8, error -71 [ 1395.990458][ T42] usb 6-1: USB disconnect, device number 51 [ 1396.066515][T19218] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3295'. [ 1396.126123][T19221] netlink: 8 bytes leftover after parsing attributes in process `syz.0.3296'. [ 1396.158235][ T5911] usb 3-1: new high-speed USB device number 121 using dummy_hcd [ 1396.170582][T19218] veth21: entered promiscuous mode [ 1396.191351][ T5911] usb 3-1: device descriptor read/8, error -71 [ 1396.301536][T19227] loop8: detected capacity change from 0 to 7 [ 1396.312393][T19227] Dev loop8: unable to read RDB block 7 [ 1396.319201][T19227] loop8: unable to read partition table [ 1396.333003][ T5911] usb usb3-port1: unable to enumerate USB device [ 1396.339930][T19227] loop8: partition table beyond EOD, truncated [ 1396.365240][T19227] loop_reread_partitions: partition scan of loop8 (被x^> ) failed (rc=-5) [ 1397.678345][T19248] binder: 19247:19248 ioctl 40045402 200000000000 returned -22 [ 1397.725365][ T29] audit: type=1326 audit(1773793115.319:542): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19250 comm="syz.2.3304" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7ff8fa79c799 code=0x0 [ 1397.868776][T19255] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3306'. [ 1397.948148][ T5911] usb 1-1: new high-speed USB device number 113 using dummy_hcd [ 1398.076681][T19262] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3307'. [ 1398.103876][T19262] veth23: entered promiscuous mode [ 1398.118218][ T5911] usb 1-1: Using ep0 maxpacket: 16 [ 1398.137163][ T5911] usb 1-1: New USB device found, idVendor=054c, idProduct=0038, bcdDevice=16.f5 [ 1398.165301][ T5911] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1398.197065][ T5911] usb 1-1: Product: syz [ 1398.201579][ T5911] usb 1-1: Manufacturer: syz [ 1398.206238][ T5911] usb 1-1: SerialNumber: syz [ 1398.246971][T19269] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1398.262725][ T5911] usb 1-1: config 0 descriptor?? [ 1398.268608][T19269] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1398.289511][ T5911] visor 1-1:0.0: Sony Clie 3.5 converter detected [ 1399.189613][ T5911] usb 1-1: Sony Clie 3.5 converter now attached to ttyUSB0 [ 1399.432530][T19300] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1399.441557][T19300] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1400.048296][T16134] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1400.808819][ T42] usb 1-1: USB disconnect, device number 113 [ 1400.820293][ T42] clie_3.5 ttyUSB0: Sony Clie 3.5 converter now disconnected from ttyUSB0 [ 1400.924087][T19308] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3315'. [ 1400.993859][ T42] visor 1-1:0.0: device disconnected [ 1402.187722][T19317] netlink: 64 bytes leftover after parsing attributes in process `syz.5.3318'. [ 1402.331839][T19322] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3320'. [ 1402.784907][T19322] veth23: entered promiscuous mode [ 1402.934287][T19331] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3322'. [ 1403.311520][T19337] netlink: 68 bytes leftover after parsing attributes in process `syz.4.3323'. [ 1404.258978][ T42] usb 1-1: new high-speed USB device number 114 using dummy_hcd [ 1404.488463][ T42] usb 1-1: Using ep0 maxpacket: 16 [ 1404.509927][ T42] usb 1-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xF3, changing to 0x83 [ 1404.617085][ T42] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1404.717659][ T42] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1404.734686][ T42] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1404.743090][ T42] usb 1-1: Product: syz [ 1404.747328][ T42] usb 1-1: Manufacturer: syz [ 1404.752018][ T42] usb 1-1: SerialNumber: syz [ 1404.766306][ T42] usb 1-1: config 0 descriptor?? [ 1404.787264][ T42] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1404.798931][ T42] em28xx 1-1:0.0: Audio interface 0 found (Vendor Class) [ 1405.274523][ T42] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 1405.410656][ T42] em28xx 1-1:0.0: Config register raw data: 0x23 [ 1405.417118][ T42] em28xx 1-1:0.0: I2S Audio (1 sample rate(s)) [ 1405.424922][ T42] em28xx 1-1:0.0: No AC97 audio processor [ 1405.635639][ T42] usb 1-1: USB disconnect, device number 114 [ 1406.070330][T19396] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3336'. [ 1406.230893][T19400] netlink: 68 bytes leftover after parsing attributes in process `syz.5.3338'. [ 1406.336919][T19402] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3339'. [ 1406.948632][ T42] usb 5-1: new high-speed USB device number 102 using dummy_hcd [ 1407.182614][T19408] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3341'. [ 1407.429869][ T42] usb 5-1: Using ep0 maxpacket: 8 [ 1407.692820][ T42] usb 5-1: unable to get BOS descriptor or descriptor too short [ 1407.744543][ T42] usb 5-1: config 6 has an invalid interface number: 52 but max is 0 [ 1407.832306][ T42] usb 5-1: config 6 has no interface number 0 [ 1407.918222][ T42] usb 5-1: config 6 interface 52 has no altsetting 0 [ 1407.978627][ T42] usb 5-1: New USB device found, idVendor=048d, idProduct=9306, bcdDevice= 8.3a [ 1407.994067][ T42] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1408.018125][ T42] usb 5-1: Product: syz [ 1408.022348][ T42] usb 5-1: Manufacturer: syz [ 1408.039636][ T42] usb 5-1: SerialNumber: syz [ 1408.055650][T15535] usb 6-1: new high-speed USB device number 52 using dummy_hcd [ 1408.288303][T15535] usb 6-1: Using ep0 maxpacket: 16 [ 1408.296436][T15535] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1408.316733][T15535] usb 6-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1408.347365][T15535] usb 6-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1408.380647][T15535] usb 6-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1408.404832][T15535] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1408.448444][T15535] usb 6-1: config 0 descriptor?? [ 1408.748574][ T5825] usb 1-1: new high-speed USB device number 115 using dummy_hcd [ 1408.920011][ T5825] usb 1-1: Using ep0 maxpacket: 16 [ 1408.951667][ T5825] usb 1-1: New USB device found, idVendor=041e, idProduct=4018, bcdDevice=ed.b4 [ 1408.969723][ T42] usb 5-1: USB disconnect, device number 102 [ 1408.978097][ T5825] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1408.997458][ T5825] usb 1-1: Product: syz [ 1409.008298][ T5825] usb 1-1: Manufacturer: syz [ 1409.012973][ T5825] usb 1-1: SerialNumber: syz [ 1409.110662][ T5825] usb 1-1: config 0 descriptor?? [ 1409.135768][ T5825] gspca_main: spca508-2.14.0 probing 041e:4018 [ 1409.343520][T15535] usbhid 6-1:0.0: can't add hid device: -71 [ 1409.352097][T15535] usbhid 6-1:0.0: probe with driver usbhid failed with error -71 [ 1409.364832][T15535] usb 6-1: USB disconnect, device number 52 [ 1409.369448][ T5825] gspca_spca508: reg_read err -32 [ 1409.382815][ T5825] gspca_spca508: reg_read err -32 [ 1409.393792][ T5825] gspca_spca508: reg_read err -32 [ 1409.723126][T19418] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1409.787692][T19418] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1409.825830][ T5825] gspca_spca508: reg_read err -71 [ 1409.832303][ T5825] gspca_spca508: reg write: error -71 [ 1409.872407][ T5825] spca508 1-1:0.0: probe with driver spca508 failed with error -71 [ 1409.887743][ T5825] usb 1-1: USB disconnect, device number 115 [ 1410.713873][T19443] FAULT_INJECTION: forcing a failure. [ 1410.713873][T19443] name failslab, interval 1, probability 0, space 0, times 0 [ 1410.745979][T19443] CPU: 0 UID: 0 PID: 19443 Comm: syz.0.3353 Tainted: G L syzkaller #0 PREEMPT(full) [ 1410.746014][T19443] Tainted: [L]=SOFTLOCKUP [ 1410.746022][T19443] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1410.746036][T19443] Call Trace: [ 1410.746045][T19443] [ 1410.746054][T19443] dump_stack_lvl+0xe8/0x150 [ 1410.746092][T19443] should_fail_ex+0x412/0x560 [ 1410.746130][T19443] should_failslab+0xa8/0x100 [ 1410.746161][T19443] __kmalloc_cache_noprof+0x88/0x660 [ 1410.746187][T19443] ? sctp_transport_new+0x7e/0x620 [ 1410.746290][T19443] sctp_transport_new+0x7e/0x620 [ 1410.746320][T19443] sctp_assoc_add_peer+0x259/0x13b0 [ 1410.746356][T19443] sctp_sendmsg+0x2329/0x2c10 [ 1410.746394][T19443] ? __pfx_sctp_sendmsg+0x10/0x10 [ 1410.746431][T19443] ? __pfx_aa_sk_perm+0x10/0x10 [ 1410.746465][T19443] ? sock_rps_record_flow+0x19/0x400 [ 1410.746496][T19443] ? inet_sendmsg+0x2f4/0x370 [ 1410.746519][T19443] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1410.746548][T19443] ____sys_sendmsg+0x80a/0x9f0 [ 1410.746584][T19443] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1410.746618][T19443] ? import_iovec+0x73/0xa0 [ 1410.746644][T19443] ___sys_sendmsg+0x2a5/0x360 [ 1410.746674][T19443] ? __pfx____sys_sendmsg+0x10/0x10 [ 1410.746735][T19443] ? __fget_files+0x2a/0x420 [ 1410.746766][T19443] ? __fget_files+0x3a0/0x420 [ 1410.746807][T19443] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1410.746835][T19443] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1410.746868][T19443] ? __pfx_ksys_write+0x10/0x10 [ 1410.746905][T19443] do_syscall_64+0x14d/0xf80 [ 1410.746939][T19443] ? trace_irq_disable+0x3b/0x150 [ 1410.746968][T19443] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1410.746990][T19443] ? clear_bhb_loop+0x40/0x90 [ 1410.747016][T19443] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1410.747038][T19443] RIP: 0033:0x7fbb4039c799 [ 1410.747059][T19443] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1410.747077][T19443] RSP: 002b:00007fbb41230028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1410.747100][T19443] RAX: ffffffffffffffda RBX: 00007fbb40615fa0 RCX: 00007fbb4039c799 [ 1410.747116][T19443] RDX: 0000000024000052 RSI: 0000200000000440 RDI: 0000000000000003 [ 1410.747129][T19443] RBP: 00007fbb41230090 R08: 0000000000000000 R09: 0000000000000000 [ 1410.747142][T19443] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1410.747154][T19443] R13: 00007fbb40616038 R14: 00007fbb40615fa0 R15: 00007fbb4073fa48 [ 1410.747187][T19443] [ 1411.164863][T19436] mmap: syz.5.3351 (19436) uses deprecated remap_file_pages() syscall. See Documentation/mm/remap_file_pages.rst. [ 1411.251722][T19446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1411.285882][T19446] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1411.337781][T19446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1411.347347][T19446] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1411.364025][T19446] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1411.375852][T19446] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1411.512369][T19455] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3354'. [ 1412.031621][ T5840] Bluetooth: hci1: unexpected event 0x2f length: 509 > 260 [ 1412.484106][T19466] vxcan1: entered promiscuous mode [ 1412.809211][ T5934] usb 6-1: new high-speed USB device number 53 using dummy_hcd [ 1413.273428][ T5934] usb 6-1: Using ep0 maxpacket: 16 [ 1413.308093][ T5934] usb 6-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1413.318541][ T5934] usb 6-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1413.352716][ T5934] usb 6-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1413.362020][ T5934] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1413.378174][ T5934] usb 6-1: Product: syz [ 1413.388128][ T5934] usb 6-1: Manufacturer: syz [ 1413.398134][ T5934] usb 6-1: SerialNumber: syz [ 1413.664411][T19466] netlink: 'syz.5.3362': attribute type 3 has an invalid length. [ 1413.716825][T19469] bridge0: entered promiscuous mode [ 1413.762964][ T5934] usb 6-1: 0:2 : does not exist [ 1413.788413][ T5934] usb 6-1: unit 9 not found! [ 1413.817377][ T5934] usb 6-1: 4:0: cannot get min/max values for control 3 (id 4) [ 1413.851258][ T5934] usb 6-1: 4:0: cannot get min/max values for control 9 (id 4) [ 1413.918823][ T5934] usb 6-1: USB disconnect, device number 53 [ 1413.950773][T19492] netlink: 8 bytes leftover after parsing attributes in process `syz.3.3370'. [ 1413.987201][T19492] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3370'. [ 1414.057989][T19496] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3369'. [ 1414.074920][T19496] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1414.670334][T19509] netlink: 'syz.3.3373': attribute type 18 has an invalid length. [ 1414.749283][T19509] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3373'. [ 1414.769416][T16134] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1414.769602][T19509] netlink: 'syz.3.3373': attribute type 18 has an invalid length. [ 1414.779307][T16134] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1414.792336][T19509] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3373'. [ 1414.839988][T16134] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1414.874671][T16134] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1415.285428][T19514] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3374'. [ 1416.132495][T19522] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1416.195057][T19525] netlink: 52 bytes leftover after parsing attributes in process `syz.0.3378'. [ 1416.611758][T19533] netlink: 'syz.0.3381': attribute type 15 has an invalid length. [ 1416.642404][ T29] audit: type=1326 audit(1773793134.239:543): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19534 comm="syz.5.3382" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f892079c799 code=0x0 [ 1418.048242][ T5934] usb 3-1: new high-speed USB device number 122 using dummy_hcd [ 1418.218420][ T5934] usb 3-1: Using ep0 maxpacket: 16 [ 1418.289400][ T5934] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 64, changing to 7 [ 1418.300631][ T5934] usb 3-1: config 1 interface 1 altsetting 1 endpoint 0x1 has invalid maxpacket 2047, setting to 1024 [ 1418.343061][ T5934] usb 3-1: New USB device found, idVendor=041e, idProduct=3020, bcdDevice= 0.40 [ 1418.385923][ T5934] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1418.422211][ T5934] usb 3-1: Product: syz [ 1418.432386][ T5934] usb 3-1: Manufacturer: syz [ 1418.442547][ T5934] usb 3-1: SerialNumber: syz [ 1419.272755][ T5934] usb 3-1: USB disconnect, device number 122 [ 1419.546197][T19564] syzkaller0: entered promiscuous mode [ 1419.553377][T19564] syzkaller0: entered allmulticast mode [ 1419.563139][T19565] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3388'. [ 1419.573577][T19565] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3388'. [ 1419.586100][T19565] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1420.106917][T19574] netlink: 12 bytes leftover after parsing attributes in process `syz.0.3389'. [ 1423.007881][T19626] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3410'. [ 1423.020879][T19626] netlink: 16 bytes leftover after parsing attributes in process `syz.3.3410'. [ 1423.041027][T19625] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3409'. [ 1423.055976][T19626] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1423.093459][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1423.100028][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1423.359728][ T42] usb 6-1: new high-speed USB device number 54 using dummy_hcd [ 1423.412807][ T5825] usb 1-1: new full-speed USB device number 116 using dummy_hcd [ 1423.614196][ T42] usb 6-1: unable to get BOS descriptor or descriptor too short [ 1423.669277][ T42] usb 6-1: config 1 interface 0 altsetting 0 bulk endpoint 0xD has invalid maxpacket 32 [ 1423.688550][ T5825] usb 1-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 1423.718232][ T5825] usb 1-1: config 1 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1423.729585][ T42] usb 6-1: config 1 interface 0 altsetting 0 endpoint 0x7 has invalid maxpacket 1023, setting to 64 [ 1423.740865][ T5825] usb 1-1: config 1 interface 0 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 255 [ 1423.758886][ T5825] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1423.769209][ T5825] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1423.783354][ T5825] usb 1-1: SerialNumber: syz [ 1423.790269][ T42] usb 6-1: New USB device found, idVendor=0ccd, idProduct=0014, bcdDevice= 0.40 [ 1423.799578][ T42] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1423.807582][ T42] usb 6-1: Product: 뼟蚲㒦녡愵嵋趗㕓쯃䇾媌搎臡䥈獡ᓜ孞㝵륞퍮坹煄 [ 1423.850033][T19627] raw-gadget.1 gadget.5: fail, usb_ep_enable returned -22 [ 1424.058543][ T5825] cdc_acm 1-1:1.0: ttyACM0: USB ACM device [ 1424.100761][ T5825] usb 1-1: USB disconnect, device number 116 [ 1424.110930][ T42] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1424.119200][ T42] usb 6-1: MIDIStreaming interface descriptor not found [ 1424.328568][ T42] usb 6-1: USB disconnect, device number 54 [ 1424.414720][T15135] udevd[15135]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1424.458216][ T5934] usb 3-1: new high-speed USB device number 123 using dummy_hcd [ 1424.638133][ T5934] usb 3-1: Using ep0 maxpacket: 16 [ 1424.670094][ T5934] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1424.698171][ T5934] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1424.707990][ T5934] usb 3-1: New USB device found, idVendor=1fd2, idProduct=6007, bcdDevice= 0.00 [ 1424.768593][ T5934] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1424.789209][ T5934] usb 3-1: config 0 descriptor?? [ 1424.848835][T19637] sctp: [Deprecated]: syz.5.3415 (pid 19637) Use of int in max_burst socket option deprecated. [ 1424.848835][T19637] Use struct sctp_assoc_value instead [ 1424.918776][T19642] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 1424.937278][T19642] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 1424.949207][T19642] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 1424.957565][T19642] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 1424.965847][T19642] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 1425.229925][ T5934] hid-multitouch 0003:1FD2:6007.000F: reserved main item tag 0xe [ 1425.245351][ T5934] hid-multitouch 0003:1FD2:6007.000F: unknown main item tag 0x0 [ 1425.278358][ T5934] hid-multitouch 0003:1FD2:6007.000F: unknown main item tag 0x0 [ 1425.294251][ T5934] hid-multitouch 0003:1FD2:6007.000F: hidraw0: USB HID v0.00 Device [HID 1fd2:6007] on usb-dummy_hcd.2-1/input0 [ 1425.659418][ T5934] usb 3-1: USB disconnect, device number 123 [ 1425.765573][T19643] chnl_net:caif_netlink_parms(): no params data found [ 1426.135873][T19655] fido_id[19655]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.2/usb3/report_descriptor': No such file or directory [ 1426.250530][T19660] netlink: 212336 bytes leftover after parsing attributes in process `syz.5.3419'. [ 1426.444694][T19643] bridge0: port 1(bridge_slave_0) entered blocking state [ 1426.475203][T19643] bridge0: port 1(bridge_slave_0) entered disabled state [ 1426.501162][T19643] bridge_slave_0: entered allmulticast mode [ 1426.539012][T19643] bridge_slave_0: entered promiscuous mode [ 1426.573185][T19643] bridge0: port 2(bridge_slave_1) entered blocking state [ 1426.609087][T19643] bridge0: port 2(bridge_slave_1) entered disabled state [ 1426.662169][T19643] bridge_slave_1: entered allmulticast mode [ 1426.682473][T19643] bridge_slave_1: entered promiscuous mode [ 1426.799857][T19643] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1426.838933][T19643] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1426.910180][T19643] team0: Port device team_slave_0 added [ 1426.923599][T19643] team0: Port device team_slave_1 added [ 1426.977234][T19671] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3422'. [ 1427.054110][ T5840] Bluetooth: hci5: command tx timeout [ 1427.071013][T19643] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1427.107217][T19643] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1427.240707][T19643] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1427.263785][T19643] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1427.271313][T19643] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1427.298308][T19643] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1427.428717][T19676] netlink: 4 bytes leftover after parsing attributes in process `syz.0.3423'. [ 1427.439659][T19676] netlink: 16 bytes leftover after parsing attributes in process `syz.0.3423'. [ 1427.452165][T19676] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1428.608151][ T5934] usb 1-1: new high-speed USB device number 117 using dummy_hcd [ 1428.621386][T19685] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1428.630395][T19685] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1428.774397][ T5934] usb 1-1: Using ep0 maxpacket: 16 [ 1428.790684][T19643] hsr_slave_0: entered promiscuous mode [ 1428.816601][T19643] hsr_slave_1: entered promiscuous mode [ 1428.828913][T19643] debugfs: 'hsr0' already exists in 'hsr' [ 1428.834902][T19643] Cannot create hsr debugfs directory [ 1428.839757][ T5934] usb 1-1: New USB device found, idVendor=054c, idProduct=002e, bcdDevice= 5.00 [ 1428.853068][ T5934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1428.861309][ T5934] usb 1-1: Product: syz [ 1428.865594][ T5934] usb 1-1: Manufacturer: syz [ 1428.875421][ T5934] usb 1-1: SerialNumber: syz [ 1428.883720][ T5934] usb 1-1: config 0 descriptor?? [ 1428.898167][ T42] usb 3-1: new full-speed USB device number 124 using dummy_hcd [ 1429.059827][ T42] usb 3-1: config 0 has an invalid interface number: 1 but max is 0 [ 1429.069402][ T42] usb 3-1: config 0 has no interface number 0 [ 1429.078262][ T42] usb 3-1: config 0 interface 1 altsetting 128 endpoint 0x81 has an invalid bInterval 0, changing to 10 [ 1429.089841][ T5840] Bluetooth: hci5: command tx timeout [ 1429.100205][T19679] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1429.108210][ T42] usb 3-1: config 0 interface 1 altsetting 128 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1429.130457][ T42] usb 3-1: config 0 interface 1 altsetting 128 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1429.143807][ T42] usb 3-1: config 0 interface 1 has no altsetting 0 [ 1429.146632][T19679] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1429.150733][ T42] usb 3-1: New USB device found, idVendor=145f, idProduct=0212, bcdDevice= 0.00 [ 1429.167773][ T42] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1429.181445][ T42] usb 3-1: config 0 descriptor?? [ 1429.194291][ T5934] usb-storage 1-1:0.0: USB Mass Storage device detected [ 1429.231412][ T5934] usb-storage 1-1:0.0: Quirks match for vid 054c pid 002e: 1 [ 1429.244695][ T5934] usb-storage 1-1:0.0: This device (054c,002e,0500 S 04 P 5c) has an unneeded SubClass entry in unusual_devs.h (kernel syzkaller) [ 1429.244695][ T5934] Please send a copy of this message to and [ 1429.330622][ T5934] usb 1-1: USB disconnect, device number 117 [ 1429.484756][T19643] netdevsim netdevsim6 netdevsim0: renamed from eth0 [ 1429.501021][T19643] netdevsim netdevsim6 netdevsim1: renamed from eth1 [ 1429.515300][T19643] netdevsim netdevsim6 netdevsim2: renamed from eth2 [ 1429.530767][T19643] netdevsim netdevsim6 netdevsim3: renamed from eth3 [ 1429.651000][T19643] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1429.680668][T19643] 8021q: adding VLAN 0 to HW filter on device team0 [ 1429.696145][T17854] bridge0: port 1(bridge_slave_0) entered blocking state [ 1429.703396][T17854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1429.749878][T17852] bridge0: port 2(bridge_slave_1) entered blocking state [ 1429.757144][T17852] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1429.931976][T19643] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1429.959221][T19708] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1430.008560][ T42] uclogic 0003:145F:0212.0010: pen parameters not found [ 1430.015653][ T42] uclogic 0003:145F:0212.0010: interface is invalid, ignoring [ 1430.057988][T19643] veth0_vlan: entered promiscuous mode [ 1430.111706][T19643] veth1_vlan: entered promiscuous mode [ 1430.146110][T19643] veth0_macvtap: entered promiscuous mode [ 1430.157742][T19643] veth1_macvtap: entered promiscuous mode [ 1430.217838][T15535] usb 3-1: USB disconnect, device number 124 [ 1430.234109][T19643] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1430.295798][T19643] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1430.322872][ T33] netdevsim netdevsim6 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1430.345300][ T33] netdevsim netdevsim6 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1430.376206][ T33] netdevsim netdevsim6 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1430.385538][ T33] netdevsim netdevsim6 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1430.530493][T19710] netlink: 182 bytes leftover after parsing attributes in process `syz.3.3431'. [ 1430.567853][ T84] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1430.580593][T19710] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1430.592891][ T84] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1430.613674][T19710] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1430.623450][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1430.632380][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1431.016224][T19725] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3433'. [ 1431.029836][T19725] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1431.232436][ T5840] Bluetooth: hci5: command tx timeout [ 1431.343543][T19642] Bluetooth: hci6: unexpected cc 0x0c03 length: 249 > 1 [ 1431.357804][T19642] Bluetooth: hci6: unexpected cc 0x1003 length: 249 > 9 [ 1431.372995][T19642] Bluetooth: hci6: unexpected cc 0x1001 length: 249 > 9 [ 1431.382636][T19642] Bluetooth: hci6: unexpected cc 0x0c23 length: 249 > 4 [ 1431.390573][T19642] Bluetooth: hci6: unexpected cc 0x0c38 length: 249 > 2 [ 1431.911949][T19729] chnl_net:caif_netlink_parms(): no params data found [ 1432.050157][ T49] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1432.209035][T19729] bridge0: port 1(bridge_slave_0) entered blocking state [ 1432.220112][T19729] bridge0: port 1(bridge_slave_0) entered disabled state [ 1432.231372][T19729] bridge_slave_0: entered allmulticast mode [ 1432.239709][T19729] bridge_slave_0: entered promiscuous mode [ 1432.253374][T19729] bridge0: port 2(bridge_slave_1) entered blocking state [ 1432.268523][T19729] bridge0: port 2(bridge_slave_1) entered disabled state [ 1432.276096][T19729] bridge_slave_1: entered allmulticast mode [ 1432.293360][T19729] bridge_slave_1: entered promiscuous mode [ 1432.464584][T19729] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1432.521036][T19729] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1432.623380][T19729] team0: Port device team_slave_0 added [ 1432.645241][T19729] team0: Port device team_slave_1 added [ 1432.723567][T19729] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1432.731865][T19729] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1432.776056][T19729] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1432.825291][T19729] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1432.856222][T19729] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1432.906841][T19729] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1433.247824][T12616] syz_tun (unregistering): left allmulticast mode [ 1433.255184][ T5840] Bluetooth: hci5: command tx timeout [ 1433.327477][T19729] hsr_slave_0: entered promiscuous mode [ 1433.340480][T19729] hsr_slave_1: entered promiscuous mode [ 1433.346849][T19729] debugfs: 'hsr0' already exists in 'hsr' [ 1433.355702][T19729] Cannot create hsr debugfs directory [ 1433.488386][ T5840] Bluetooth: hci6: command tx timeout [ 1433.534535][T17852] netdevsim netdevsim2 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1433.654220][T17852] netdevsim netdevsim2 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1434.006413][T17852] netdevsim netdevsim2 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1434.083150][T17852] team0: Port device netdevsim0 removed [ 1434.092393][T17852] netdevsim netdevsim2 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1434.263319][T17852] bridge_slave_1: left allmulticast mode [ 1434.271859][T17852] bridge_slave_1: left promiscuous mode [ 1434.277622][T17852] bridge0: port 2(bridge_slave_1) entered disabled state [ 1434.302592][T17852] bridge_slave_0: left allmulticast mode [ 1434.314181][T17852] bridge_slave_0: left promiscuous mode [ 1434.320792][T17852] bridge0: port 1(bridge_slave_0) entered disabled state [ 1434.509091][T17852] bond2 (unregistering): (slave bridge1): Releasing backup interface [ 1434.517294][T17852] bridge1 (unregistering): left promiscuous mode [ 1434.665871][T17852] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1434.678675][T17852] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1434.690237][T17852] bond0 (unregistering): Released all slaves [ 1434.704354][T17852] bond1 (unregistering): (slave lo): Releasing backup interface [ 1434.712895][T17852] bond1 (unregistering): (slave lo): last VLAN challenged slave left bond - VLAN blocking is removed [ 1434.725488][T17852] bond1 (unregistering): Released all slaves [ 1434.741068][T17852] bond2 (unregistering): Released all slaves [ 1435.146282][T17852] hsr_slave_0: left promiscuous mode [ 1435.152549][T17852] hsr_slave_1: left promiscuous mode [ 1435.160579][T17852] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1435.172269][T17852] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1435.181601][T17852] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1435.189257][T17852] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1435.200959][T17852] veth1_macvtap: left promiscuous mode [ 1435.206505][T17852] veth0_macvtap: left promiscuous mode [ 1435.212447][T17852] veth1_vlan: left promiscuous mode [ 1435.217895][T17852] veth0_vlan: left promiscuous mode [ 1435.568738][ T5840] Bluetooth: hci6: command tx timeout [ 1435.594793][T17852] team0 (unregistering): Port device team_slave_1 removed [ 1435.624662][T17852] team0 (unregistering): Port device team_slave_0 removed [ 1435.822067][T19729] netdevsim netdevsim2 netdevsim0: renamed from eth0 [ 1435.841275][T19729] netdevsim netdevsim2 netdevsim1: renamed from eth1 [ 1435.875605][T19729] netdevsim netdevsim2 netdevsim2: renamed from eth2 [ 1435.897161][T19729] netdevsim netdevsim2 netdevsim3: renamed from eth3 [ 1436.060963][T19729] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1436.100793][T19729] 8021q: adding VLAN 0 to HW filter on device team0 [ 1436.130985][T17854] bridge0: port 1(bridge_slave_0) entered blocking state [ 1436.138385][T17854] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1436.162749][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 1436.170298][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1436.275212][T19729] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1436.333987][T17852] netdevsim netdevsim4 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1436.439833][T17852] netdevsim netdevsim4 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1436.473391][T19729] veth0_vlan: entered promiscuous mode [ 1436.486500][T19729] veth1_vlan: entered promiscuous mode [ 1436.521460][T17852] netdevsim netdevsim4 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1436.588655][T17852] team0: Port device netdevsim0 removed [ 1436.595424][T17852] netdevsim netdevsim4 netdevsim0 (unregistering): left allmulticast mode [ 1436.607100][T17852] netdevsim netdevsim4 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1436.638900][T19729] veth0_macvtap: entered promiscuous mode [ 1436.648552][T19729] veth1_macvtap: entered promiscuous mode [ 1436.675394][T19729] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1436.694257][T19729] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1436.709965][T17854] netdevsim netdevsim2 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1436.730994][T17854] netdevsim netdevsim2 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1436.746995][T17854] netdevsim netdevsim2 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1436.758614][T17854] netdevsim netdevsim2 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1436.878615][T17852] bridge_slave_1: left allmulticast mode [ 1436.884322][T17852] bridge_slave_1: left promiscuous mode [ 1436.898932][T17852] bridge0: port 2(bridge_slave_1) entered disabled state [ 1436.911130][T17852] bridge_slave_0: left allmulticast mode [ 1436.916800][T17852] bridge_slave_0: left promiscuous mode [ 1436.929597][T17852] bridge0: port 1(bridge_slave_0) entered disabled state [ 1437.161595][T17852] bond2 (unregistering): (slave geneve2): Releasing active interface [ 1437.308982][T17852] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1437.331548][T17852] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1437.343958][T17852] bond0 (unregistering): Released all slaves [ 1437.357401][T17852] bond1 (unregistering): Released all slaves [ 1437.377251][T17852] bond2 (unregistering): Released all slaves [ 1437.400563][T17852] bond3 (unregistering): Released all slaves [ 1437.463226][ T84] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1437.509683][ T84] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1437.606038][T17852] tipc: Left network mode [ 1437.611923][T16134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1437.621728][T16134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1437.648820][ T5840] Bluetooth: hci6: command tx timeout [ 1437.885650][T19799] netlink: 12 bytes leftover after parsing attributes in process `syz.2.3434'. [ 1438.045840][T17852] hsr_slave_0: left promiscuous mode [ 1438.056848][T17852] hsr_slave_1: left promiscuous mode [ 1438.069689][T17852] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1438.077456][T17852] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1438.087146][T17852] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1438.185008][T17852] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1438.211196][T17852] veth1_macvtap: left promiscuous mode [ 1438.222745][T17852] veth0_macvtap: left promiscuous mode [ 1438.231494][T17852] veth1_vlan: left promiscuous mode [ 1438.246076][T17852] veth0_vlan: left promiscuous mode [ 1439.238647][T17852] team0 (unregistering): Port device team_slave_1 removed [ 1439.254056][T17852] team0 (unregistering): Port device team_slave_0 removed [ 1439.728412][ T5840] Bluetooth: hci6: command tx timeout [ 1452.808136][ T29] audit: type=1326 audit(1773793170.399:544): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19912 comm="syz.5.3441" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f892079c799 code=0x0 [ 1453.067037][T19642] Bluetooth: hci0: unexpected cc 0x0c03 length: 249 > 1 [ 1453.082334][T19642] Bluetooth: hci0: unexpected cc 0x1003 length: 249 > 9 [ 1453.093628][T19642] Bluetooth: hci0: unexpected cc 0x1001 length: 249 > 9 [ 1453.131461][T19642] Bluetooth: hci0: unexpected cc 0x0c23 length: 249 > 4 [ 1453.148418][T19642] Bluetooth: hci0: unexpected cc 0x0c38 length: 249 > 2 [ 1454.136538][ T42] usb 6-1: new full-speed USB device number 55 using dummy_hcd [ 1454.381873][ T42] usb 6-1: not running at top speed; connect to a high speed hub [ 1454.442346][T12587] syz_tun (unregistering): left allmulticast mode [ 1454.453498][ T42] usb 6-1: New USB device found, idVendor=0582, idProduct=004d, bcdDevice= 0.40 [ 1454.474914][ T42] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1454.503908][ T42] usb 6-1: Product: syz [ 1454.781970][ T42] usb 6-1: Manufacturer: Ѝ [ 1454.788230][T19943] netlink: 8 bytes leftover after parsing attributes in process `syz.6.3447'. [ 1454.799263][ T42] usb 6-1: SerialNumber: syz [ 1454.987351][T17852] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1455.082074][T19928] chnl_net:caif_netlink_parms(): no params data found [ 1455.091708][ T42] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1455.173197][ T42] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -2 [ 1455.260283][T17852] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1455.271019][T19642] Bluetooth: hci0: command tx timeout [ 1455.271860][ T42] usb 6-1: USB disconnect, device number 55 [ 1455.316294][T19935] udevd[19935]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1455.392001][T19642] Bluetooth: hci5: unexpected event 0x2f length: 509 > 260 [ 1455.573887][T19949] fuse: Bad value for 'fd' [ 1455.595663][T17852] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1455.694526][T19954] FAULT_INJECTION: forcing a failure. [ 1455.694526][T19954] name failslab, interval 1, probability 0, space 0, times 0 [ 1455.740299][T19954] CPU: 1 UID: 0 PID: 19954 Comm: syz.5.3450 Tainted: G L syzkaller #0 PREEMPT(full) [ 1455.740325][T19954] Tainted: [L]=SOFTLOCKUP [ 1455.740331][T19954] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1455.740340][T19954] Call Trace: [ 1455.740347][T19954] [ 1455.740354][T19954] dump_stack_lvl+0xe8/0x150 [ 1455.740381][T19954] should_fail_ex+0x412/0x560 [ 1455.740407][T19954] should_failslab+0xa8/0x100 [ 1455.740428][T19954] __kmalloc_noprof+0xe8/0x760 [ 1455.740444][T19954] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 1455.740473][T19954] tomoyo_realpath_from_path+0xe3/0x5d0 [ 1455.740502][T19954] ? tomoyo_path_number_perm+0x219/0x630 [ 1455.740521][T19954] tomoyo_path_number_perm+0x246/0x630 [ 1455.740543][T19954] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1455.740564][T19954] ? __lock_acquire+0x6b5/0x2cf0 [ 1455.740591][T19954] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1455.740624][T19954] ? __fget_files+0x2a/0x420 [ 1455.740648][T19954] ? __fget_files+0x2a/0x420 [ 1455.740668][T19954] ? __fget_files+0x3a0/0x420 [ 1455.740688][T19954] ? __fget_files+0x2a/0x420 [ 1455.740723][T19954] security_file_ioctl+0xc3/0x2a0 [ 1455.740744][T19954] __se_sys_ioctl+0x47/0x170 [ 1455.740764][T19954] do_syscall_64+0x14d/0xf80 [ 1455.740779][T19954] ? trace_irq_disable+0x3b/0x150 [ 1455.740801][T19954] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1455.740817][T19954] ? clear_bhb_loop+0x40/0x90 [ 1455.740835][T19954] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1455.740850][T19954] RIP: 0033:0x7f892079c799 [ 1455.740866][T19954] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1455.740879][T19954] RSP: 002b:00007f891e9f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1455.740895][T19954] RAX: ffffffffffffffda RBX: 00007f8920a15fa0 RCX: 00007f892079c799 [ 1455.740907][T19954] RDX: 0000200000000380 RSI: 00000000c100565c RDI: 0000000000000003 [ 1455.740916][T19954] RBP: 00007f891e9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1455.740947][T19954] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1455.740956][T19954] R13: 00007f8920a16038 R14: 00007f8920a15fa0 R15: 00007f8920b3fa48 [ 1455.740980][T19954] [ 1455.740988][T19954] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1455.973574][T19928] bridge0: port 1(bridge_slave_0) entered blocking state [ 1455.998379][T19928] bridge0: port 1(bridge_slave_0) entered disabled state [ 1456.010181][T19928] bridge_slave_0: entered allmulticast mode [ 1456.018946][T19928] bridge_slave_0: entered promiscuous mode [ 1456.169212][T17852] team0: Port device netdevsim0 removed [ 1456.187037][T17852] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 1456.238703][T19928] bridge0: port 2(bridge_slave_1) entered blocking state [ 1456.262689][T19928] bridge0: port 2(bridge_slave_1) entered disabled state [ 1456.282306][T19928] bridge_slave_1: entered allmulticast mode [ 1456.298147][T19928] bridge_slave_1: entered promiscuous mode [ 1456.370387][T19928] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1456.394687][T19928] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1456.452830][ T29] audit: type=1326 audit(1773793174.049:545): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=19971 comm="syz.6.3455" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd3d759c799 code=0x0 [ 1456.533454][T19928] team0: Port device team_slave_0 added [ 1456.596602][T19928] team0: Port device team_slave_1 added [ 1456.705338][T19928] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1456.714766][T19928] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1456.744609][T19928] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1456.953324][T19988] netlink: 64 bytes leftover after parsing attributes in process `syz.2.3458'. [ 1457.000458][T19928] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1457.034503][T19928] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1457.115939][T19928] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1457.158824][T19989] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3457'. [ 1457.188252][T19989] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1457.294927][T19994] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1457.357446][T19642] Bluetooth: hci0: command tx timeout [ 1457.369988][T19994] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1457.622607][T17852] bridge_slave_1: left allmulticast mode [ 1457.628538][T17852] bridge_slave_1: left promiscuous mode [ 1457.634300][T17852] bridge0: port 2(bridge_slave_1) entered disabled state [ 1457.695197][T17852] bridge_slave_0: left allmulticast mode [ 1457.705061][T17852] bridge_slave_0: left promiscuous mode [ 1457.712474][T17852] bridge0: port 1(bridge_slave_0) entered disabled state [ 1458.090109][T20005] fuse: Bad value for 'fd' [ 1459.275955][T20025] FAULT_INJECTION: forcing a failure. [ 1459.275955][T20025] name failslab, interval 1, probability 0, space 0, times 0 [ 1459.318277][T20025] CPU: 1 UID: 0 PID: 20025 Comm: syz.5.3466 Tainted: G L syzkaller #0 PREEMPT(full) [ 1459.318310][T20025] Tainted: [L]=SOFTLOCKUP [ 1459.318319][T20025] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1459.318332][T20025] Call Trace: [ 1459.318342][T20025] [ 1459.318351][T20025] dump_stack_lvl+0xe8/0x150 [ 1459.318387][T20025] should_fail_ex+0x412/0x560 [ 1459.318433][T20025] should_failslab+0xa8/0x100 [ 1459.318463][T20025] __kmalloc_noprof+0xe8/0x760 [ 1459.318487][T20025] ? tomoyo_encode+0x28b/0x550 [ 1459.318525][T20025] tomoyo_encode+0x28b/0x550 [ 1459.318563][T20025] tomoyo_realpath_from_path+0x58d/0x5d0 [ 1459.318607][T20025] ? tomoyo_path_number_perm+0x219/0x630 [ 1459.318635][T20025] tomoyo_path_number_perm+0x246/0x630 [ 1459.318665][T20025] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1459.318696][T20025] ? __lock_acquire+0x6b5/0x2cf0 [ 1459.318735][T20025] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1459.318782][T20025] ? __fget_files+0x2a/0x420 [ 1459.318816][T20025] ? __fget_files+0x2a/0x420 [ 1459.318846][T20025] ? __fget_files+0x3a0/0x420 [ 1459.318875][T20025] ? __fget_files+0x2a/0x420 [ 1459.318909][T20025] security_file_ioctl+0xc3/0x2a0 [ 1459.318938][T20025] __se_sys_ioctl+0x47/0x170 [ 1459.318966][T20025] do_syscall_64+0x14d/0xf80 [ 1459.318988][T20025] ? trace_irq_disable+0x3b/0x150 [ 1459.319019][T20025] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1459.319041][T20025] ? clear_bhb_loop+0x40/0x90 [ 1459.319067][T20025] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1459.319089][T20025] RIP: 0033:0x7f892079c799 [ 1459.319109][T20025] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1459.319127][T20025] RSP: 002b:00007f891e9f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1459.319149][T20025] RAX: ffffffffffffffda RBX: 00007f8920a15fa0 RCX: 00007f892079c799 [ 1459.319164][T20025] RDX: 00002000000002c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 1459.319178][T20025] RBP: 00007f891e9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1459.319192][T20025] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1459.319204][T20025] R13: 00007f8920a16038 R14: 00007f8920a15fa0 R15: 00007f8920b3fa48 [ 1459.319237][T20025] [ 1459.319260][T20025] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1459.553477][T19642] Bluetooth: hci0: command tx timeout [ 1459.684673][T20029] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3465'. [ 1460.118301][T17852] bond3 (unregistering): (slave erspan1): Releasing backup interface [ 1460.130373][T20037] netlink: 4 bytes leftover after parsing attributes in process `syz.2.3465'. [ 1460.137981][T17852] erspan1 (unregistering): left promiscuous mode [ 1460.703424][T17852] bond1 (unregistering): (slave geneve2): Releasing active interface [ 1460.738147][ T24] usb 3-1: new high-speed USB device number 125 using dummy_hcd [ 1460.965935][ T24] usb 3-1: Using ep0 maxpacket: 16 [ 1461.019689][ T24] usb 3-1: config 0 has no interfaces? [ 1461.108589][ T24] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1461.117718][ T24] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1461.129440][ T24] usb 3-1: Manufacturer: syz [ 1461.146269][ T24] usb 3-1: config 0 descriptor?? [ 1461.411201][T17852] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1461.576680][T19642] Bluetooth: hci0: command tx timeout [ 1461.595781][T17852] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1461.647729][T17852] bond0 (unregistering): Released all slaves [ 1461.686909][T17852] bond1 (unregistering): Released all slaves [ 1461.819786][T17852] bond2 (unregistering): Released all slaves [ 1461.905331][T17852] bond3 (unregistering): Released all slaves [ 1461.917699][ T29] audit: type=1326 audit(1773793179.509:546): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20045 comm="syz.6.3469" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fd3d759c799 code=0x0 [ 1461.967498][T19928] hsr_slave_0: entered promiscuous mode [ 1461.982392][T19928] hsr_slave_1: entered promiscuous mode [ 1462.001275][T19928] debugfs: 'hsr0' already exists in 'hsr' [ 1462.009289][T19928] Cannot create hsr debugfs directory [ 1462.220771][ T982] usb 6-1: new full-speed USB device number 56 using dummy_hcd [ 1462.289729][T20056] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3471'. [ 1462.320826][T20056] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1462.421908][ T982] usb 6-1: not running at top speed; connect to a high speed hub [ 1462.436183][ T982] usb 6-1: New USB device found, idVendor=0582, idProduct=004d, bcdDevice= 0.40 [ 1462.445861][ T982] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1462.457026][ T982] usb 6-1: Product: syz [ 1462.471097][ T982] usb 6-1: Manufacturer: Ѝ [ 1462.475742][ T982] usb 6-1: SerialNumber: syz [ 1462.752753][ T982] usb 6-1: Quirk or no altset; falling back to MIDI 1.0 [ 1462.930990][ T982] snd-usb-audio 6-1:1.0: probe with driver snd-usb-audio failed with error -2 [ 1462.959790][ T982] usb 6-1: USB disconnect, device number 56 [ 1462.967546][T19935] udevd[19935]: error opening ATTR{/sys/devices/platform/dummy_hcd.5/usb6/6-1/6-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1463.071639][T17852] hsr_slave_0: left promiscuous mode [ 1463.188197][T17852] hsr_slave_1: left promiscuous mode [ 1463.199131][T17852] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1463.219069][T17852] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1463.250082][T17852] veth1_vlan: left promiscuous mode [ 1463.255574][T17852] veth0_vlan: left promiscuous mode [ 1463.534362][T20071] netlink: 4 bytes leftover after parsing attributes in process `syz.6.3472'. [ 1463.573074][T20071] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1463.926945][T20079] FAULT_INJECTION: forcing a failure. [ 1463.926945][T20079] name failslab, interval 1, probability 0, space 0, times 0 [ 1464.019583][T20079] CPU: 0 UID: 0 PID: 20079 Comm: syz.3.3475 Tainted: G L syzkaller #0 PREEMPT(full) [ 1464.019617][T20079] Tainted: [L]=SOFTLOCKUP [ 1464.019626][T20079] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1464.019638][T20079] Call Trace: [ 1464.019647][T20079] [ 1464.019657][T20079] dump_stack_lvl+0xe8/0x150 [ 1464.019692][T20079] should_fail_ex+0x412/0x560 [ 1464.019728][T20079] should_failslab+0xa8/0x100 [ 1464.019757][T20079] __kmalloc_noprof+0xe8/0x760 [ 1464.019782][T20079] ? pfkey_add+0xf78/0x2df0 [ 1464.019816][T20079] pfkey_add+0xf78/0x2df0 [ 1464.019862][T20079] ? __pfx_pfkey_add+0x10/0x10 [ 1464.019886][T20079] ? pfkey_broadcast+0x3c2/0x3e0 [ 1464.019924][T20079] pfkey_sendmsg+0xc56/0x1120 [ 1464.019974][T20079] ? __pfx_pfkey_sendmsg+0x10/0x10 [ 1464.020034][T20079] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1464.020068][T20079] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1464.020095][T20079] ____sys_sendmsg+0x972/0x9f0 [ 1464.020129][T20079] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1464.020163][T20079] ? import_iovec+0x73/0xa0 [ 1464.020189][T20079] ___sys_sendmsg+0x2a5/0x360 [ 1464.020219][T20079] ? __pfx____sys_sendmsg+0x10/0x10 [ 1464.020279][T20079] ? __fget_files+0x2a/0x420 [ 1464.020309][T20079] ? __fget_files+0x3a0/0x420 [ 1464.020350][T20079] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1464.020377][T20079] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1464.020412][T20079] ? __pfx_ksys_write+0x10/0x10 [ 1464.020448][T20079] do_syscall_64+0x14d/0xf80 [ 1464.020471][T20079] ? trace_irq_disable+0x3b/0x150 [ 1464.020500][T20079] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1464.020522][T20079] ? clear_bhb_loop+0x40/0x90 [ 1464.020548][T20079] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1464.020569][T20079] RIP: 0033:0x7f2dc3d9c799 [ 1464.020590][T20079] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1464.020608][T20079] RSP: 002b:00007f2dc4cfb028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1464.020630][T20079] RAX: ffffffffffffffda RBX: 00007f2dc4015fa0 RCX: 00007f2dc3d9c799 [ 1464.020645][T20079] RDX: 0000000000000000 RSI: 0000200000000040 RDI: 0000000000000003 [ 1464.020659][T20079] RBP: 00007f2dc4cfb090 R08: 0000000000000000 R09: 0000000000000000 [ 1464.020672][T20079] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1464.020684][T20079] R13: 00007f2dc4016038 R14: 00007f2dc4015fa0 R15: 00007f2dc413fa48 [ 1464.020717][T20079] [ 1464.292368][T15137] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1464.478652][T20081] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1464.487457][T20081] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1464.633724][T17852] team0 (unregistering): Port device team_slave_1 removed [ 1464.673311][T17852] team0 (unregistering): Port device team_slave_0 removed [ 1466.128614][T20109] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3480'. [ 1466.150705][ T29] audit: type=1326 audit(1773793183.749:547): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20110 comm="syz.3.3481" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2dc3d9c799 code=0x0 [ 1466.383676][ T5934] usb 3-1: USB disconnect, device number 125 [ 1466.525361][T20109] veth17: entered promiscuous mode [ 1466.828169][ T5934] usb 3-1: new high-speed USB device number 126 using dummy_hcd [ 1466.969519][T20133] QAT: Device 8 not found [ 1466.974103][T20133] FAULT_INJECTION: forcing a failure. [ 1466.974103][T20133] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1466.995856][T19928] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1467.003290][ T5934] usb 3-1: Using ep0 maxpacket: 32 [ 1467.007761][T20133] CPU: 1 UID: 0 PID: 20133 Comm: syz.5.3484 Tainted: G L syzkaller #0 PREEMPT(full) [ 1467.007855][T20133] Tainted: [L]=SOFTLOCKUP [ 1467.007876][T20133] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1467.007909][T20133] Call Trace: [ 1467.007932][T20133] [ 1467.007961][T20133] dump_stack_lvl+0xe8/0x150 [ 1467.008048][T20133] should_fail_ex+0x412/0x560 [ 1467.008140][T20133] _copy_to_user+0x31/0xb0 [ 1467.008211][T20133] simple_read_from_buffer+0xe1/0x170 [ 1467.008310][T20133] proc_fail_nth_read+0x1bb/0x230 [ 1467.008405][T20133] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1467.008460][T20133] ? rw_verify_area+0x2a6/0x4d0 [ 1467.008482][T20133] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1467.008511][T20133] vfs_read+0x20c/0xa70 [ 1467.008531][T20133] ? fdget_pos+0x246/0x320 [ 1467.008565][T20133] ? __pfx___mutex_lock+0x10/0x10 [ 1467.008591][T20133] ? __pfx_vfs_read+0x10/0x10 [ 1467.008615][T20133] ? __fget_files+0x2a/0x420 [ 1467.008651][T20133] ? __fget_files+0x3a0/0x420 [ 1467.008678][T20133] ? __fget_files+0x2a/0x420 [ 1467.008718][T20133] ksys_read+0x150/0x270 [ 1467.008743][T20133] ? __pfx_ksys_read+0x10/0x10 [ 1467.008777][T20133] do_syscall_64+0x14d/0xf80 [ 1467.008798][T20133] ? trace_irq_disable+0x3b/0x150 [ 1467.008828][T20133] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1467.008849][T20133] ? clear_bhb_loop+0x40/0x90 [ 1467.008874][T20133] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1467.008936][T20133] RIP: 0033:0x7f892075cfce [ 1467.009003][T20133] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1467.009033][T20133] RSP: 002b:00007f891e9f5fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1467.009103][T20133] RAX: ffffffffffffffda RBX: 00007f891e9f66c0 RCX: 00007f892075cfce [ 1467.009144][T20133] RDX: 000000000000000f RSI: 00007f891e9f60a0 RDI: 0000000000000004 [ 1467.009176][T20133] RBP: 00007f891e9f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1467.009215][T20133] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1467.009249][T20133] R13: 00007f8920a16038 R14: 00007f8920a15fa0 R15: 00007f8920b3fa48 [ 1467.009333][T20133] [ 1467.233664][T19928] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1467.261247][T20131] tipc: Started in network mode [ 1467.266364][T20131] tipc: Node identity 06e6aa4872e6, cluster identity 4711 [ 1467.298761][T20131] tipc: Enabled bearer , priority 0 [ 1467.316681][T20135] syzkaller0: entered promiscuous mode [ 1467.328232][T20135] syzkaller0: entered allmulticast mode [ 1467.332431][ T5934] usb 3-1: config index 0 descriptor too short (expected 164, got 36) [ 1467.342443][ T5934] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1467.353663][ T5934] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1467.364601][ T5934] usb 3-1: New USB device found, idVendor=046d, idProduct=c29c, bcdDevice= 0.00 [ 1467.376150][ T5934] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1467.399635][ T5934] usb 3-1: config 0 descriptor?? [ 1467.436884][T19928] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1467.446258][T20143] netlink: 4 bytes leftover after parsing attributes in process `syz.5.3486'. [ 1467.461012][T20143] xt_CT: You must specify a L4 protocol and not use inversions on it [ 1467.498684][T19928] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1467.549858][T20137] tipc: Resetting bearer [ 1467.660013][ T5934] usbhid 3-1:0.0: can't add hid device: -71 [ 1467.666824][ T5934] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 1467.691332][ T5934] usb 3-1: USB disconnect, device number 126 [ 1467.715656][T20137] tipc: Disabling bearer [ 1467.998790][T20164] netlink: 'syz.2.3491': attribute type 16 has an invalid length. [ 1468.052693][T20164] netdevsim netdevsim2 netdevsim0: entered promiscuous mode [ 1468.089740][T20164] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 1468.152612][T19928] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1468.272302][T20170] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3492'. [ 1468.294982][T19928] 8021q: adding VLAN 0 to HW filter on device team0 [ 1468.350827][ T1145] bridge0: port 1(bridge_slave_0) entered blocking state [ 1468.357986][ T1145] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1468.447961][T20170] veth3: entered promiscuous mode [ 1468.504159][ T1145] bridge0: port 2(bridge_slave_1) entered blocking state [ 1468.511407][ T1145] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1468.887582][T19928] hsr0: Slave B (hsr_slave_1) is not up; please bring it up to get a fully working HSR network [ 1468.950483][ T42] usb 7-1: new high-speed USB device number 2 using dummy_hcd [ 1469.128246][ T42] usb 7-1: Using ep0 maxpacket: 8 [ 1469.154057][ T42] usb 7-1: unable to get BOS descriptor or descriptor too short [ 1469.163450][ T42] usb 7-1: config 1 interface 1 altsetting 1 endpoint 0x1 has an invalid bInterval 223, changing to 7 [ 1469.206938][ T42] usb 7-1: New USB device found, idVendor=0e41, idProduct=4156, bcdDevice= 0.40 [ 1469.227155][ T42] usb 7-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1469.258215][ T42] usb 7-1: Product: syz [ 1469.268150][ T42] usb 7-1: Manufacturer: syz [ 1469.275436][ T42] usb 7-1: SerialNumber: syz [ 1469.318560][T19928] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1469.544788][T19928] veth0_vlan: entered promiscuous mode [ 1469.596001][T19928] veth1_vlan: entered promiscuous mode [ 1469.606733][ T42] usb 7-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 1469.634022][ T42] usb 7-1: 2:1 : invalid UAC_FORMAT_TYPE desc [ 1469.654614][ T42] usb 7-1: 2:1 : invalid channels 0 [ 1469.720475][T19928] veth0_macvtap: entered promiscuous mode [ 1469.773591][T19928] veth1_macvtap: entered promiscuous mode [ 1469.873983][ T42] usb 7-1: USB disconnect, device number 2 [ 1469.923847][T19928] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1470.024758][T19935] udevd[19935]: error opening ATTR{/sys/devices/platform/dummy_hcd.6/usb7/7-1/7-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1470.105059][T19928] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1470.175749][T15137] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1470.218809][T15137] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1470.418233][T16134] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1470.427903][ T1145] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1470.657924][T15137] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1470.690611][T15137] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1470.782266][T20230] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3502'. [ 1470.822261][T20231] netlink: 12 bytes leftover after parsing attributes in process `syz.6.3504'. [ 1470.934581][T20231] veth5: entered promiscuous mode [ 1471.042539][T16134] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1471.084460][T16134] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1471.858190][ T5934] usb 1-1: new full-speed USB device number 118 using dummy_hcd [ 1471.866026][ T982] usb 7-1: new high-speed USB device number 3 using dummy_hcd [ 1472.032566][ T982] usb 7-1: Using ep0 maxpacket: 16 [ 1472.040891][ T5934] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1472.051910][ T982] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1472.066016][ T5934] usb 1-1: not running at top speed; connect to a high speed hub [ 1472.083075][ T982] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1472.102447][ T982] usb 7-1: New USB device found, idVendor=1b96, idProduct=0008, bcdDevice= 0.00 [ 1472.114303][ T5934] usb 1-1: config 1 interface 0 altsetting 8 endpoint 0x82 has invalid maxpacket 1024, setting to 64 [ 1472.133342][ T5934] usb 1-1: config 1 interface 0 has no altsetting 0 [ 1472.140403][ T982] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1472.154567][ T5934] usb 1-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1472.166550][ T5934] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1472.185448][ T982] usb 7-1: config 0 descriptor?? [ 1472.193816][ T5934] usb 1-1: Product: ࠇ [ 1472.203624][ T5934] usb 1-1: Manufacturer: 䥵嵐핍㎃ꓡ䅷棕氳瞬ﷵ﷕廖戉긣솞蟀䤨ꦠﶵ類竅荾⢸ᱳ寐씻㣽ﶘ遙쐺퀦鐣爺鐟炿际䬗櫣Ⱉ﯍⼟국湆蒺ᱨ⤣紣ᷬ䋕뿭䰳鼘㕊㫫婅앒惍험勈秚쁈눥軩⎩婬ዐ䃩꿤︳ﲫ뉀৐㑓쏜ľ㪝糥潣ᜭ䔰ᤁ﷈ɸ贜抵哴傦࢖퐫딷湆ɀᠠꚣ彐旿䘧榈䪑䙦퀧ˈ붒틣傁챐ᧄ [ 1472.332850][ T5934] usb 1-1: SerialNumber: syz [ 1472.368347][T20244] raw-gadget.2 gadget.0: fail, usb_ep_enable returned -22 [ 1472.406746][T20247] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1472.417744][T20247] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1472.586612][T20244] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1472.604554][T20244] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1472.661898][T20244] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1472.796328][T20244] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1472.880237][T20269] FAULT_INJECTION: forcing a failure. [ 1472.880237][T20269] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1472.925521][ T5934] cdc_ether 1-1:1.0: probe with driver cdc_ether failed with error -71 [ 1472.947956][T20269] CPU: 1 UID: 0 PID: 20269 Comm: syz.5.3509 Tainted: G L syzkaller #0 PREEMPT(full) [ 1472.947994][T20269] Tainted: [L]=SOFTLOCKUP [ 1472.948003][T20269] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1472.948015][T20269] Call Trace: [ 1472.948024][T20269] [ 1472.948034][T20269] dump_stack_lvl+0xe8/0x150 [ 1472.948068][T20269] should_fail_ex+0x412/0x560 [ 1472.948103][T20269] strncpy_from_user+0x36/0x2b0 [ 1472.948136][T20269] do_getname+0x77/0x250 [ 1472.948167][T20269] __x64_sys_execveat+0xad/0xf0 [ 1472.948192][T20269] do_syscall_64+0x14d/0xf80 [ 1472.948214][T20269] ? trace_irq_disable+0x3b/0x150 [ 1472.948245][T20269] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1472.948267][T20269] ? clear_bhb_loop+0x40/0x90 [ 1472.948293][T20269] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1472.948315][T20269] RIP: 0033:0x7f892079c799 [ 1472.948335][T20269] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1472.948352][T20269] RSP: 002b:00007f891e9f6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000142 [ 1472.948374][T20269] RAX: ffffffffffffffda RBX: 00007f8920a15fa0 RCX: 00007f892079c799 [ 1472.948390][T20269] RDX: 0000000000000000 RSI: 0000200000000140 RDI: ffffffffffffff9c [ 1472.948404][T20269] RBP: 00007f891e9f6090 R08: 0000000000001000 R09: 0000000000000000 [ 1472.948417][T20269] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1472.948429][T20269] R13: 00007f8920a16038 R14: 00007f8920a15fa0 R15: 00007f8920b3fa48 [ 1472.948461][T20269] [ 1473.167823][ T5934] usb 1-1: USB disconnect, device number 118 [ 1473.338458][ T24] usb 4-1: USB disconnect, device number 124 [ 1473.734751][ T5840] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1473.744779][ T5840] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1473.757037][ T5840] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1473.767439][ T5840] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1473.776632][ T5840] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1473.929059][T19642] Bluetooth: hci2: unexpected event 0x2f length: 509 > 260 [ 1474.737340][T20279] chnl_net:caif_netlink_parms(): no params data found [ 1474.770729][T20300] netlink: 12 bytes leftover after parsing attributes in process `syz.5.3514'. [ 1474.934094][T20300] veth19: entered promiscuous mode [ 1474.954959][ T982] usbhid 7-1:0.0: can't add hid device: -71 [ 1474.976493][ T982] usbhid 7-1:0.0: probe with driver usbhid failed with error -71 [ 1475.020505][ T982] usb 7-1: USB disconnect, device number 3 [ 1475.085978][T20312] kvm: pic: non byte write [ 1475.227421][ T5825] usb 1-1: new high-speed USB device number 119 using dummy_hcd [ 1475.282112][T16134] netdevsim netdevsim3 netdevsim3 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1475.418228][ T5825] usb 1-1: Using ep0 maxpacket: 16 [ 1475.425860][ T5825] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1475.436495][ T5825] usb 1-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 1475.449772][ T5825] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1475.460004][ T5825] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1475.468171][ T5825] usb 1-1: Product: syz [ 1475.472486][ T5825] usb 1-1: Manufacturer: syz [ 1475.477154][ T5825] usb 1-1: SerialNumber: syz [ 1475.532306][T16134] netdevsim netdevsim3 netdevsim2 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1475.825279][T16134] netdevsim netdevsim3 netdevsim1 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1475.873803][T20279] bridge0: port 1(bridge_slave_0) entered blocking state [ 1475.885693][T20279] bridge0: port 1(bridge_slave_0) entered disabled state [ 1475.894413][T19642] Bluetooth: hci3: command tx timeout [ 1475.910683][T20279] bridge_slave_0: entered allmulticast mode [ 1475.927247][T20279] bridge_slave_0: entered promiscuous mode [ 1475.961780][T20279] bridge0: port 2(bridge_slave_1) entered blocking state [ 1475.969458][T20279] bridge0: port 2(bridge_slave_1) entered disabled state [ 1475.977846][T20279] bridge_slave_1: entered allmulticast mode [ 1475.987210][T20279] bridge_slave_1: entered promiscuous mode [ 1476.055892][T16134] team0: Port device netdevsim0 removed [ 1476.072464][T16134] netdevsim netdevsim3 netdevsim0 (unregistering): unset [0, 0] type 1 family 0 port 8472 - 0 [ 1476.156902][T20279] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1476.172142][T20279] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1476.224630][ T5825] usb 1-1: 0:2 : does not exist [ 1476.236228][ T5825] usb 1-1: 5:0: failed to get current value for ch 0 (-22) [ 1476.304643][T20279] team0: Port device team_slave_0 added [ 1476.322974][T20279] team0: Port device team_slave_1 added [ 1476.334317][ T5825] usb 1-1: USB disconnect, device number 119 [ 1476.338578][ T982] usb 7-1: new high-speed USB device number 4 using dummy_hcd [ 1476.376462][T20340] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 1476.423809][T20249] udevd[20249]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1476.499329][ T982] usb 7-1: Using ep0 maxpacket: 16 [ 1476.514250][ T982] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1476.527208][ T982] usb 7-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1476.554322][ T982] usb 7-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1476.606628][ T982] usb 7-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1476.630986][T20279] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1476.648810][ T982] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1476.658099][T20279] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1476.687451][ T982] usb 7-1: config 0 descriptor?? [ 1476.687677][T20279] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1476.694206][T16134] bridge_slave_1: left allmulticast mode [ 1476.694230][T16134] bridge_slave_1: left promiscuous mode [ 1476.694444][T16134] bridge0: port 2(bridge_slave_1) entered disabled state [ 1476.707583][T16134] bridge_slave_0: left allmulticast mode [ 1476.707636][T16134] bridge_slave_0: left promiscuous mode [ 1476.707880][T16134] bridge0: port 1(bridge_slave_0) entered disabled state [ 1477.033304][T16134] dvmrp0 (unregistering): left allmulticast mode [ 1477.070447][T16134] bond1 (unregistering): (slave geneve2): Releasing active interface [ 1477.104146][ T982] microsoft 0003:045E:07DA.0011: unknown main item tag 0x0 [ 1477.137914][ T982] input: HID 045e:07da as /devices/platform/dummy_hcd.6/usb7/7-1/7-1:0.0/0003:045E:07DA.0011/input/input21 [ 1477.258860][ T982] microsoft 0003:045E:07DA.0011: input,hidraw0: USB HID v0.00 Device [HID 045e:07da] on usb-dummy_hcd.6-1/input0 [ 1477.387808][T16134] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1477.406516][T16134] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1477.415586][ T5825] usb 3-1: new full-speed USB device number 127 using dummy_hcd [ 1477.435424][T16134] bond0 (unregistering): Released all slaves [ 1477.447009][T16134] bond1 (unregistering): Released all slaves [ 1477.465045][T20279] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1477.472399][T20279] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1477.503576][T20279] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1477.565310][ T982] usb 7-1: USB disconnect, device number 4 [ 1477.576751][T16134] tipc: Left network mode [ 1477.643375][ T5825] usb 3-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1477.669719][ T5825] usb 3-1: too many endpoints for config 1 interface 0 altsetting 0: 255, using maximum allowed: 30 [ 1477.684234][ T5825] usb 3-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 255 [ 1477.699224][ T5825] usb 3-1: New USB device found, idVendor=0525, idProduct=a4a1, bcdDevice= 0.40 [ 1477.709100][ T5825] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=1 [ 1477.741918][T20279] hsr_slave_0: entered promiscuous mode [ 1477.748349][ T5825] usb 3-1: SerialNumber: syz [ 1477.755271][T20279] hsr_slave_1: entered promiscuous mode [ 1477.798315][ T5825] cdc_acm 3-1:1.0: skipping garbage [ 1477.805606][T20279] debugfs: 'hsr0' already exists in 'hsr' [ 1477.816561][ T5825] cdc_acm 3-1:1.0: skipping garbage [ 1477.821995][T20279] Cannot create hsr debugfs directory [ 1477.970961][T19642] Bluetooth: hci3: command tx timeout [ 1477.997303][ T42] usb 3-1: USB disconnect, device number 127 [ 1478.058682][T20360] netlink: 272 bytes leftover after parsing attributes in process `syz.5.3530'. [ 1478.300975][T16134] hsr_slave_0: left promiscuous mode [ 1478.314880][T16134] hsr_slave_1: left promiscuous mode [ 1478.331340][T16134] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1478.349876][T16134] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1479.331447][T16134] team0 (unregistering): Port device team_slave_1 removed [ 1479.391162][T16134] team0 (unregistering): Port device team_slave_0 removed [ 1480.051949][T19642] Bluetooth: hci3: command tx timeout [ 1481.282266][T20279] netdevsim netdevsim3 netdevsim0: renamed from eth0 [ 1481.334165][T20279] netdevsim netdevsim3 netdevsim1: renamed from eth1 [ 1481.361054][T20279] netdevsim netdevsim3 netdevsim2: renamed from eth2 [ 1481.403437][T20279] netdevsim netdevsim3 netdevsim3: renamed from eth3 [ 1481.613542][T20422] syzkaller0: entered promiscuous mode [ 1481.619364][T20422] syzkaller0: entered allmulticast mode [ 1482.128441][T19642] Bluetooth: hci3: command tx timeout [ 1482.334132][T20447] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1972918731 (3945837462 ns) > initial count (67897860 ns). Using initial count to start timer. [ 1484.430975][T20457] random: crng reseeded on system resumption [ 1484.533799][ T1302] ieee802154 phy0 wpan0: encryption failed: -22 [ 1484.540296][ T1302] ieee802154 phy1 wpan1: encryption failed: -22 [ 1486.324586][T20279] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1486.392373][T20279] 8021q: adding VLAN 0 to HW filter on device team0 [ 1486.432085][ T49] bridge0: port 1(bridge_slave_0) entered blocking state [ 1486.439329][ T49] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1486.480279][ T49] bridge0: port 2(bridge_slave_1) entered blocking state [ 1486.487470][ T49] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1486.800294][T20279] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1486.959487][T20279] veth0_vlan: entered promiscuous mode [ 1486.993472][T20279] veth1_vlan: entered promiscuous mode [ 1487.084268][T20279] veth0_macvtap: entered promiscuous mode [ 1487.135335][T20279] veth1_macvtap: entered promiscuous mode [ 1487.237326][T20279] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1487.296490][T20279] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1487.352745][ T49] netdevsim netdevsim3 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1487.379880][ T49] netdevsim netdevsim3 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1487.468404][ T49] netdevsim netdevsim3 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1487.492781][ T49] netdevsim netdevsim3 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1487.629968][ T982] usb 6-1: new high-speed USB device number 57 using dummy_hcd [ 1487.818851][ T982] usb 6-1: Using ep0 maxpacket: 32 [ 1487.845508][ T982] usb 6-1: config 0 has an invalid interface number: 188 but max is 0 [ 1487.884817][ T982] usb 6-1: config 0 has no interface number 0 [ 1487.893709][ T49] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1487.908277][ T982] usb 6-1: config 0 interface 188 altsetting 0 bulk endpoint 0x82 has invalid maxpacket 32 [ 1487.929370][ T982] usb 6-1: New USB device found, idVendor=17ef, idProduct=7203, bcdDevice=2e.36 [ 1487.940276][ T982] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1487.957550][ T982] usb 6-1: Product: syz [ 1487.958800][ T49] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1487.968164][ T982] usb 6-1: Manufacturer: syz [ 1487.973720][ T982] usb 6-1: SerialNumber: syz [ 1488.001806][ T982] usb 6-1: config 0 descriptor?? [ 1488.008676][T20502] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1488.081385][ T49] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1488.108708][ T49] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1488.242593][T20497] raw-gadget.0 gadget.5: fail, usb_ep_enable returned -22 [ 1488.431843][T20519] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3510'. [ 1488.451518][T20519] netlink: 4 bytes leftover after parsing attributes in process `syz.3.3510'. [ 1488.889210][ T982] asix 6-1:0.188 (unnamed net_device) (uninitialized): invalid hw address, using random [ 1489.084901][T20532] netlink: 12 bytes leftover after parsing attributes in process `syz.3.3565'. [ 1489.108867][ T982] asix 6-1:0.188 (unnamed net_device) (uninitialized): Failed to read reg index 0x0000: -32 [ 1489.163068][ T982] asix 6-1:0.188 (unnamed net_device) (uninitialized): Error reading PHY_ID register: ffffffe0 [ 1489.209345][ T982] asix 6-1:0.188: probe with driver asix failed with error -32 [ 1489.311298][T20537] netlink: 'syz.0.3568': attribute type 2 has an invalid length. [ 1489.336994][T20537] netlink: 'syz.0.3568': attribute type 8 has an invalid length. [ 1490.048366][ T5934] usb 1-1: new high-speed USB device number 120 using dummy_hcd [ 1490.221254][ T5934] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1490.247391][ T5934] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1490.285344][ T5934] usb 1-1: New USB device found, idVendor=28de, idProduct=1102, bcdDevice= 0.00 [ 1490.336622][ T982] usb 6-1: USB disconnect, device number 57 [ 1490.397433][ T5934] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1490.461920][ T5934] usb 1-1: config 0 descriptor?? [ 1490.469778][ T29] audit: type=1326 audit(1773793208.049:548): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.5.3577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f892079c799 code=0x7ffc0000 [ 1490.582116][ T29] audit: type=1326 audit(1773793208.089:549): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.5.3577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f892079c799 code=0x7ffc0000 [ 1490.715741][ T29] audit: type=1326 audit(1773793208.099:550): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.5.3577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=425 compat=0 ip=0x7f892079c799 code=0x7ffc0000 [ 1490.841078][ T29] audit: type=1326 audit(1773793208.099:551): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.5.3577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f892079c799 code=0x7ffc0000 [ 1490.892913][ T29] audit: type=1326 audit(1773793208.099:552): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.5.3577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f892079c799 code=0x7ffc0000 [ 1490.917950][ T29] audit: type=1326 audit(1773793208.099:553): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.5.3577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f892079c799 code=0x7ffc0000 [ 1490.944333][ T29] audit: type=1326 audit(1773793208.099:554): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.5.3577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f892079c799 code=0x7ffc0000 [ 1490.967508][ T29] audit: type=1326 audit(1773793208.099:555): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.5.3577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f892079c799 code=0x7ffc0000 [ 1491.017850][ T5934] hid-steam 0003:28DE:1102.0012: item fetching failed at offset 1/5 [ 1491.039019][ T5934] hid-steam 0003:28DE:1102.0012: steam_probe:parse of hid interface failed [ 1491.054624][ T5934] hid-steam 0003:28DE:1102.0012: probe with driver hid-steam failed with error -22 [ 1491.101342][T20581] No such timeout policy "syz0" [ 1491.107848][ T29] audit: type=1326 audit(1773793208.109:556): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.5.3577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=1 compat=0 ip=0x7f892079c799 code=0x7ffc0000 [ 1491.149482][ T42] usb 1-1: USB disconnect, device number 120 [ 1491.219901][ T29] audit: type=1326 audit(1773793208.109:557): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=20572 comm="syz.5.3577" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f892079c799 code=0x7ffc0000 [ 1493.388150][ T5934] usb 7-1: new high-speed USB device number 5 using dummy_hcd [ 1493.608138][ T5934] usb 7-1: Using ep0 maxpacket: 8 [ 1493.633941][ T5934] usb 7-1: config 179 has an invalid interface number: 65 but max is 0 [ 1493.660824][ T5934] usb 7-1: config 179 has no interface number 0 [ 1493.675717][ T5934] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has an invalid bInterval 0, changing to 7 [ 1493.727439][ T5934] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0xF has invalid maxpacket 1025, setting to 1024 [ 1493.749414][ T5934] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has an invalid bInterval 0, changing to 7 [ 1493.765178][ T5934] usb 7-1: config 179 interface 65 altsetting 0 endpoint 0x83 has invalid maxpacket 41728, setting to 1024 [ 1493.795006][ T5934] usb 7-1: config 179 interface 65 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 23 [ 1493.828145][ T5934] usb 7-1: New USB device found, idVendor=12ab, idProduct=90a3, bcdDevice=1e.eb [ 1493.868358][ T5934] usb 7-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1493.903824][T20619] raw-gadget.0 gadget.6: fail, usb_ep_enable returned -22 [ 1494.832711][T20634] Bluetooth: hci2: Opcode 0x0c1a failed: -4 [ 1494.841636][T20634] Bluetooth: hci2: Opcode 0x0406 failed: -4 [ 1494.881795][T20634] Bluetooth: hci5: Opcode 0x0c1a failed: -4 [ 1494.887858][T20634] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1494.959186][T20634] Bluetooth: hci5: Opcode 0x0406 failed: -4 [ 1494.970839][T20634] Bluetooth: hci6: Opcode 0x0c1a failed: -4 [ 1494.976925][T20634] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1495.042864][T20634] Bluetooth: hci6: Opcode 0x0406 failed: -4 [ 1495.056540][T20634] Bluetooth: hci0: Opcode 0x0c1a failed: -4 [ 1495.065425][T20634] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1495.080883][T20634] Bluetooth: hci0: Opcode 0x0406 failed: -4 [ 1495.094591][T20634] Bluetooth: hci3: Opcode 0x0c1a failed: -4 [ 1495.103420][T20634] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1495.119287][T20634] Bluetooth: hci3: Opcode 0x0406 failed: -4 [ 1495.136973][T20619] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1495.148722][T20619] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1495.422297][ T42] usb 7-1: USB disconnect, device number 5 [ 1495.422325][ C0] xpad 7-1:179.65: xpad_irq_in - usb_submit_urb failed with result -19 [ 1495.436606][ C0] xpad 7-1:179.65: xpad_irq_out - usb_submit_urb failed with result -19 [ 1495.445796][ C0] ================================================================== [ 1495.453968][ C0] BUG: KASAN: slab-use-after-free in do_raw_spin_lock+0x28b/0x2f0 [ 1495.461880][ C0] Read of size 4 at addr ffff88807f4ae85c by task udevd/5195 [ 1495.469294][ C0] [ 1495.471712][ C0] CPU: 0 UID: 0 PID: 5195 Comm: udevd Tainted: G L syzkaller #0 PREEMPT(full) [ 1495.471755][ C0] Tainted: [L]=SOFTLOCKUP [ 1495.471763][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1495.471776][ C0] Call Trace: [ 1495.471786][ C0] [ 1495.471795][ C0] dump_stack_lvl+0xe8/0x150 [ 1495.471829][ C0] print_report+0xba/0x230 [ 1495.471868][ C0] ? do_raw_spin_lock+0x28b/0x2f0 [ 1495.471890][ C0] kasan_report+0x117/0x150 [ 1495.471917][ C0] ? do_raw_spin_lock+0x28b/0x2f0 [ 1495.471942][ C0] do_raw_spin_lock+0x28b/0x2f0 [ 1495.471963][ C0] ? lock_acquire+0xf0/0x2e0 [ 1495.471988][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1495.472014][ C0] _raw_spin_lock_irqsave+0x4c/0x60 [ 1495.472048][ C0] __wake_up_common_lock+0x2f/0x1f0 [ 1495.472077][ C0] __usb_hcd_giveback_urb+0x3b0/0x540 [ 1495.472203][ C0] dummy_timer+0xbbd/0x45d0 [ 1495.472307][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 1495.472346][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1495.472373][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 1495.472402][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1495.472433][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 1495.472460][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 1495.472487][ C0] __hrtimer_run_queues+0x53a/0xcc0 [ 1495.472526][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1495.472554][ C0] ? ktime_get_update_offsets_now+0x3b2/0x3d0 [ 1495.472584][ C0] hrtimer_run_softirq+0x182/0x5a0 [ 1495.472618][ C0] handle_softirqs+0x22a/0x870 [ 1495.472648][ C0] ? __irq_exit_rcu+0x5f/0x150 [ 1495.472678][ C0] __irq_exit_rcu+0x5f/0x150 [ 1495.472704][ C0] irq_exit_rcu+0x9/0x30 [ 1495.472729][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1495.472752][ C0] [ 1495.472760][ C0] [ 1495.472769][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1495.472793][ C0] RIP: 0010:kasan_byte_accessible+0x1b/0x30 [ 1495.472822][ C0] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df 0f b6 04 07 3c 08 0f 92 c0 90 6a 81 09 cc 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 1495.472842][ C0] RSP: 0018:ffffc90002fd77e0 EFLAGS: 00000293 [ 1495.472863][ C0] RAX: 0000000000000001 RBX: ffffffff81767eb2 RCX: 0000000080000001 [ 1495.472879][ C0] RDX: 0000000000000000 RSI: ffffffff81767eb2 RDI: 1ffffffff1cebca4 [ 1495.472895][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1495.472909][ C0] R10: ffffc90002fd79f8 R11: fffff520005faf41 R12: 0000000000000002 [ 1495.472924][ C0] R13: ffffffff8e75e520 R14: ffffffff8e75e520 R15: 0000000000000000 [ 1495.472941][ C0] ? unwind_next_frame+0xc2/0x23c0 [ 1495.472975][ C0] ? unwind_next_frame+0xc2/0x23c0 [ 1495.473007][ C0] __kasan_check_byte+0x12/0x40 [ 1495.473031][ C0] ? arch_stack_walk+0xe3/0x150 [ 1495.473061][ C0] lock_acquire+0x79/0x2e0 [ 1495.473088][ C0] ? unwind_next_frame+0xa5/0x23c0 [ 1495.473117][ C0] ? arch_stack_walk+0xe3/0x150 [ 1495.473146][ C0] ? unwind_next_frame+0xa5/0x23c0 [ 1495.473176][ C0] unwind_next_frame+0xc2/0x23c0 [ 1495.473204][ C0] ? unwind_next_frame+0xa5/0x23c0 [ 1495.473237][ C0] ? unwind_next_frame+0xa5/0x23c0 [ 1495.473266][ C0] ? __unwind_start+0xf7/0x760 [ 1495.473305][ C0] __unwind_start+0x5b8/0x760 [ 1495.473337][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1495.473360][ C0] arch_stack_walk+0xe3/0x150 [ 1495.473392][ C0] ? arch_stack_walk+0xe3/0x150 [ 1495.473423][ C0] stack_trace_save+0xa9/0x100 [ 1495.473444][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1495.473471][ C0] kasan_save_track+0x3e/0x80 [ 1495.473520][ C0] kasan_save_free_info+0x46/0x50 [ 1495.473549][ C0] __kasan_slab_free+0x5c/0x80 [ 1495.473573][ C0] kmem_cache_free+0x187/0x630 [ 1495.473595][ C0] ? fd_install+0x94/0x3d0 [ 1495.473622][ C0] ? do_sys_openat2+0x14c/0x200 [ 1495.473653][ C0] do_sys_openat2+0x14c/0x200 [ 1495.473685][ C0] ? __pfx_do_sys_openat2+0x10/0x10 [ 1495.473716][ C0] ? __irq_exit_rcu+0x5f/0x150 [ 1495.473742][ C0] ? lockdep_softirqs_on+0x11d/0x180 [ 1495.473770][ C0] __x64_sys_openat+0x138/0x170 [ 1495.473803][ C0] do_syscall_64+0x14d/0xf80 [ 1495.473826][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1495.473848][ C0] ? clear_bhb_loop+0x40/0x90 [ 1495.473872][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1495.473893][ C0] RIP: 0033:0x7fd8baea7407 [ 1495.473913][ C0] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 1495.473931][ C0] RSP: 002b:00007ffef9554110 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1495.473953][ C0] RAX: ffffffffffffffda RBX: 00007fd8bb698880 RCX: 00007fd8baea7407 [ 1495.473969][ C0] RDX: 0000000000080000 RSI: 00007ffef9554290 RDI: ffffffffffffff9c [ 1495.473985][ C0] RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000 [ 1495.473998][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 00005561023da7f5 [ 1495.474012][ C0] R13: 00005561023da7f5 R14: 0000000000000001 R15: 0000000000000000 [ 1495.474035][ C0] [ 1495.474043][ C0] [ 1495.966632][ C0] Allocated by task 5934: [ 1495.970981][ C0] kasan_save_track+0x3e/0x80 [ 1495.975679][ C0] __kasan_kmalloc+0x93/0xb0 [ 1495.980283][ C0] __kmalloc_cache_noprof+0x31c/0x660 [ 1495.985671][ C0] xpad_probe+0x428/0x1fc0 [ 1495.990178][ C0] usb_probe_interface+0x668/0xc90 [ 1495.995370][ C0] really_probe+0x267/0xaf0 [ 1495.999958][ C0] __driver_probe_device+0x18c/0x320 [ 1496.005260][ C0] driver_probe_device+0x4f/0x240 [ 1496.010325][ C0] __device_attach_driver+0x279/0x430 [ 1496.015713][ C0] bus_for_each_drv+0x258/0x2f0 [ 1496.020599][ C0] __device_attach+0x2c5/0x450 [ 1496.025379][ C0] device_initial_probe+0xa1/0xd0 [ 1496.030420][ C0] bus_probe_device+0x12a/0x220 [ 1496.035299][ C0] device_add+0x7b6/0xb70 [ 1496.039798][ C0] usb_set_configuration+0x1a87/0x2110 [ 1496.045303][ C0] usb_generic_driver_probe+0x8d/0x150 [ 1496.050863][ C0] usb_probe_device+0x1c4/0x3b0 [ 1496.055786][ C0] really_probe+0x267/0xaf0 [ 1496.060321][ C0] __driver_probe_device+0x18c/0x320 [ 1496.065627][ C0] driver_probe_device+0x4f/0x240 [ 1496.070679][ C0] __device_attach_driver+0x279/0x430 [ 1496.076079][ C0] bus_for_each_drv+0x258/0x2f0 [ 1496.080949][ C0] __device_attach+0x2c5/0x450 [ 1496.085734][ C0] device_initial_probe+0xa1/0xd0 [ 1496.090775][ C0] bus_probe_device+0x12a/0x220 [ 1496.095641][ C0] device_add+0x7b6/0xb70 [ 1496.099986][ C0] usb_new_device+0xa08/0x16f0 [ 1496.104764][ C0] hub_event+0x2a1c/0x4f30 [ 1496.109207][ C0] process_scheduled_works+0xb6e/0x18c0 [ 1496.114777][ C0] worker_thread+0xa53/0xfc0 [ 1496.119413][ C0] kthread+0x388/0x470 [ 1496.123500][ C0] ret_from_fork+0x51e/0xb90 [ 1496.128126][ C0] ret_from_fork_asm+0x1a/0x30 [ 1496.132927][ C0] [ 1496.135273][ C0] Freed by task 42: [ 1496.139095][ C0] kasan_save_track+0x3e/0x80 [ 1496.143828][ C0] kasan_save_free_info+0x46/0x50 [ 1496.148888][ C0] __kasan_slab_free+0x5c/0x80 [ 1496.153777][ C0] kfree+0x1c1/0x630 [ 1496.157697][ C0] xpad_disconnect+0x350/0x480 [ 1496.162480][ C0] usb_unbind_interface+0x26e/0x910 [ 1496.167702][ C0] device_release_driver_internal+0x4d9/0x860 [ 1496.173790][ C0] bus_remove_device+0x34d/0x440 [ 1496.178743][ C0] device_del+0x527/0x8f0 [ 1496.183095][ C0] usb_disable_device+0x3d4/0x8d0 [ 1496.188140][ C0] usb_disconnect+0x32f/0x990 [ 1496.192839][ C0] hub_event+0x1cc9/0x4f30 [ 1496.197272][ C0] process_scheduled_works+0xb6e/0x18c0 [ 1496.202837][ C0] worker_thread+0xa53/0xfc0 [ 1496.207448][ C0] kthread+0x388/0x470 [ 1496.211530][ C0] ret_from_fork+0x51e/0xb90 [ 1496.216142][ C0] ret_from_fork_asm+0x1a/0x30 [ 1496.220930][ C0] [ 1496.223267][ C0] The buggy address belongs to the object at ffff88807f4ae800 [ 1496.223267][ C0] which belongs to the cache kmalloc-1k of size 1024 [ 1496.237415][ C0] The buggy address is located 92 bytes inside of [ 1496.237415][ C0] freed 1024-byte region [ffff88807f4ae800, ffff88807f4aec00) [ 1496.251227][ C0] [ 1496.253568][ C0] The buggy address belongs to the physical page: [ 1496.260007][ C0] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x7f4a8 [ 1496.268783][ C0] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 1496.277297][ C0] flags: 0xfff00000000040(head|node=0|zone=1|lastcpupid=0x7ff) [ 1496.284861][ C0] page_type: f5(slab) [ 1496.288861][ C0] raw: 00fff00000000040 ffff88813fea5dc0 dead000000000100 dead000000000122 [ 1496.297470][ C0] raw: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 1496.306064][ C0] head: 00fff00000000040 ffff88813fea5dc0 dead000000000100 dead000000000122 [ 1496.314750][ C0] head: 0000000000000000 0000000800100010 00000000f5000000 0000000000000000 [ 1496.323435][ C0] head: 00fff00000000003 ffffea0001fd2a01 00000000ffffffff 00000000ffffffff [ 1496.332118][ C0] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 1496.340796][ C0] page dumped because: kasan: bad access detected [ 1496.347228][ C0] page_owner tracks the page as allocated [ 1496.352949][ C0] page last allocated via order 3, migratetype Unmovable, gfp_mask 0xd2820(GFP_ATOMIC|__GFP_NOWARN|__GFP_NORETRY|__GFP_COMP|__GFP_NOMEMALLOC), pid 1145, tgid 1145 (kworker/u8:8), ts 1438699159050, free_ts 1438642989321 [ 1496.374066][ C0] post_alloc_hook+0x231/0x280 [ 1496.378878][ C0] get_page_from_freelist+0x24dc/0x2580 [ 1496.384441][ C0] __alloc_frozen_pages_noprof+0x18d/0x380 [ 1496.390266][ C0] allocate_slab+0x77/0x660 [ 1496.394790][ C0] refill_objects+0x331/0x3c0 [ 1496.399482][ C0] __pcs_replace_empty_main+0x2e6/0x730 [ 1496.405137][ C0] __kmalloc_noprof+0x474/0x760 [ 1496.410015][ C0] ieee802_11_parse_elems_full+0x159/0x2ab0 [ 1496.416023][ C0] ieee80211_inform_bss+0x161/0x1160 [ 1496.421372][ C0] cfg80211_inform_single_bss_data+0xd08/0x1b70 [ 1496.427657][ C0] cfg80211_inform_bss_data+0x266/0x3c40 [ 1496.433495][ C0] cfg80211_inform_bss_frame_data+0x3c7/0x760 [ 1496.439579][ C0] ieee80211_bss_info_update+0x794/0xa40 [ 1496.445231][ C0] ieee80211_ibss_rx_queued_mgmt+0x1901/0x2cd0 [ 1496.451456][ C0] ieee80211_iface_work+0x84e/0x1340 [ 1496.456768][ C0] cfg80211_wiphy_work+0x2ab/0x4a0 [ 1496.461946][ C0] page last free pid 17852 tgid 17852 stack trace: [ 1496.468483][ C0] __free_frozen_pages+0xc2b/0xdb0 [ 1496.473610][ C0] __slab_free+0x263/0x2b0 [ 1496.478059][ C0] qlist_free_all+0x97/0x100 [ 1496.482686][ C0] kasan_quarantine_reduce+0x148/0x160 [ 1496.488172][ C0] __kasan_slab_alloc+0x22/0x80 [ 1496.493047][ C0] __kmalloc_cache_noprof+0x2ba/0x660 [ 1496.498536][ C0] igmp6_group_dropped+0x740/0x1140 [ 1496.503883][ C0] __ipv6_dev_mc_dec+0x2a8/0x330 [ 1496.508846][ C0] __ipv6_ifa_notify+0x77c/0xc60 [ 1496.513860][ C0] addrconf_ifdown+0xea6/0x1a40 [ 1496.518731][ C0] addrconf_notify+0x1bc/0x1050 [ 1496.523627][ C0] notifier_call_chain+0x1be/0x400 [ 1496.528771][ C0] netif_close_many+0x2ae/0x420 [ 1496.533689][ C0] unregister_netdevice_many_notify+0xb47/0x2370 [ 1496.540070][ C0] default_device_exit_batch+0x981/0xa00 [ 1496.545725][ C0] ops_undo_list+0x52b/0x940 [ 1496.550326][ C0] [ 1496.552662][ C0] Memory state around the buggy address: [ 1496.558302][ C0] ffff88807f4ae700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1496.566387][ C0] ffff88807f4ae780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 1496.574545][ C0] >ffff88807f4ae800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1496.582616][ C0] ^ [ 1496.589566][ C0] ffff88807f4ae880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1496.597637][ C0] ffff88807f4ae900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 1496.605992][ C0] ================================================================== [ 1496.614099][ C0] Kernel panic - not syncing: KASAN: panic_on_warn set ... [ 1496.621340][ C0] CPU: 0 UID: 0 PID: 5195 Comm: udevd Tainted: G L syzkaller #0 PREEMPT(full) [ 1496.631787][ C0] Tainted: [L]=SOFTLOCKUP [ 1496.636144][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1496.646238][ C0] Call Trace: [ 1496.649543][ C0] [ 1496.652406][ C0] vpanic+0x56c/0xa60 [ 1496.656433][ C0] ? __pfx_vpanic+0x10/0x10 [ 1496.660978][ C0] panic+0xc5/0xd0 [ 1496.664724][ C0] ? __pfx_panic+0x10/0x10 [ 1496.669169][ C0] ? do_raw_spin_lock+0x28b/0x2f0 [ 1496.674212][ C0] ? do_raw_spin_lock+0x28b/0x2f0 [ 1496.679255][ C0] ? do_raw_spin_lock+0x28b/0x2f0 [ 1496.684298][ C0] check_panic_on_warn+0x89/0xb0 [ 1496.689252][ C0] ? do_raw_spin_lock+0x28b/0x2f0 [ 1496.694311][ C0] end_report+0x73/0x180 [ 1496.698584][ C0] ? do_raw_spin_lock+0x28b/0x2f0 [ 1496.703629][ C0] kasan_report+0x128/0x150 [ 1496.708153][ C0] ? do_raw_spin_lock+0x28b/0x2f0 [ 1496.713212][ C0] do_raw_spin_lock+0x28b/0x2f0 [ 1496.718084][ C0] ? lock_acquire+0xf0/0x2e0 [ 1496.722707][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1496.728101][ C0] _raw_spin_lock_irqsave+0x4c/0x60 [ 1496.733342][ C0] __wake_up_common_lock+0x2f/0x1f0 [ 1496.738581][ C0] __usb_hcd_giveback_urb+0x3b0/0x540 [ 1496.743996][ C0] dummy_timer+0xbbd/0x45d0 [ 1496.748544][ C0] ? __lock_acquire+0x6b5/0x2cf0 [ 1496.753521][ C0] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1496.759005][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 1496.763993][ C0] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1496.769836][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 1496.774802][ C0] ? __pfx_dummy_timer+0x10/0x10 [ 1496.779760][ C0] __hrtimer_run_queues+0x53a/0xcc0 [ 1496.784990][ C0] ? __pfx___hrtimer_run_queues+0x10/0x10 [ 1496.790734][ C0] ? ktime_get_update_offsets_now+0x3b2/0x3d0 [ 1496.796828][ C0] hrtimer_run_softirq+0x182/0x5a0 [ 1496.801987][ C0] handle_softirqs+0x22a/0x870 [ 1496.806806][ C0] ? __irq_exit_rcu+0x5f/0x150 [ 1496.811613][ C0] __irq_exit_rcu+0x5f/0x150 [ 1496.816250][ C0] irq_exit_rcu+0x9/0x30 [ 1496.820614][ C0] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1496.826289][ C0] [ 1496.829250][ C0] [ 1496.832229][ C0] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1496.838246][ C0] RIP: 0010:kasan_byte_accessible+0x1b/0x30 [ 1496.844174][ C0] Code: 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 0f 1f 40 d6 48 c1 ef 03 48 b8 00 00 00 00 00 fc ff df 0f b6 04 07 3c 08 0f 92 c0 90 6a 81 09 cc 66 66 66 66 66 66 2e 0f 1f 84 00 00 00 00 00 90 [ 1496.863806][ C0] RSP: 0018:ffffc90002fd77e0 EFLAGS: 00000293 [ 1496.869897][ C0] RAX: 0000000000000001 RBX: ffffffff81767eb2 RCX: 0000000080000001 [ 1496.877890][ C0] RDX: 0000000000000000 RSI: ffffffff81767eb2 RDI: 1ffffffff1cebca4 [ 1496.885877][ C0] RBP: 0000000000000000 R08: 0000000000000000 R09: 0000000000000000 [ 1496.893946][ C0] R10: ffffc90002fd79f8 R11: fffff520005faf41 R12: 0000000000000002 [ 1496.901960][ C0] R13: ffffffff8e75e520 R14: ffffffff8e75e520 R15: 0000000000000000 [ 1496.909954][ C0] ? unwind_next_frame+0xc2/0x23c0 [ 1496.915099][ C0] ? unwind_next_frame+0xc2/0x23c0 [ 1496.920241][ C0] __kasan_check_byte+0x12/0x40 [ 1496.925111][ C0] ? arch_stack_walk+0xe3/0x150 [ 1496.929983][ C0] lock_acquire+0x79/0x2e0 [ 1496.934420][ C0] ? unwind_next_frame+0xa5/0x23c0 [ 1496.939557][ C0] ? arch_stack_walk+0xe3/0x150 [ 1496.944433][ C0] ? unwind_next_frame+0xa5/0x23c0 [ 1496.949568][ C0] unwind_next_frame+0xc2/0x23c0 [ 1496.954531][ C0] ? unwind_next_frame+0xa5/0x23c0 [ 1496.959668][ C0] ? unwind_next_frame+0xa5/0x23c0 [ 1496.964808][ C0] ? __unwind_start+0xf7/0x760 [ 1496.969700][ C0] __unwind_start+0x5b8/0x760 [ 1496.974430][ C0] ? __pfx_stack_trace_consume_entry+0x10/0x10 [ 1496.980634][ C0] arch_stack_walk+0xe3/0x150 [ 1496.985340][ C0] ? arch_stack_walk+0xe3/0x150 [ 1496.990211][ C0] stack_trace_save+0xa9/0x100 [ 1496.994988][ C0] ? __pfx_stack_trace_save+0x10/0x10 [ 1497.000377][ C0] kasan_save_track+0x3e/0x80 [ 1497.005090][ C0] kasan_save_free_info+0x46/0x50 [ 1497.010137][ C0] __kasan_slab_free+0x5c/0x80 [ 1497.014930][ C0] kmem_cache_free+0x187/0x630 [ 1497.019709][ C0] ? fd_install+0x94/0x3d0 [ 1497.024151][ C0] ? do_sys_openat2+0x14c/0x200 [ 1497.029021][ C0] do_sys_openat2+0x14c/0x200 [ 1497.033724][ C0] ? __pfx_do_sys_openat2+0x10/0x10 [ 1497.039122][ C0] ? __irq_exit_rcu+0x5f/0x150 [ 1497.043905][ C0] ? lockdep_softirqs_on+0x11d/0x180 [ 1497.049213][ C0] __x64_sys_openat+0x138/0x170 [ 1497.054087][ C0] do_syscall_64+0x14d/0xf80 [ 1497.058688][ C0] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1497.064771][ C0] ? clear_bhb_loop+0x40/0x90 [ 1497.069493][ C0] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1497.075406][ C0] RIP: 0033:0x7fd8baea7407 [ 1497.079865][ C0] Code: 48 89 fa 4c 89 df e8 38 aa 00 00 8b 93 08 03 00 00 59 5e 48 83 f8 fc 74 1a 5b c3 0f 1f 84 00 00 00 00 00 48 8b 44 24 10 0f 05 <5b> c3 0f 1f 80 00 00 00 00 83 e2 39 83 fa 08 75 de e8 23 ff ff ff [ 1497.099490][ C0] RSP: 002b:00007ffef9554110 EFLAGS: 00000202 ORIG_RAX: 0000000000000101 [ 1497.107931][ C0] RAX: ffffffffffffffda RBX: 00007fd8bb698880 RCX: 00007fd8baea7407 [ 1497.115914][ C0] RDX: 0000000000080000 RSI: 00007ffef9554290 RDI: ffffffffffffff9c [ 1497.123904][ C0] RBP: 0000000000000008 R08: 0000000000000000 R09: 0000000000000000 [ 1497.131892][ C0] R10: 0000000000000000 R11: 0000000000000202 R12: 00005561023da7f5 [ 1497.139877][ C0] R13: 00005561023da7f5 R14: 0000000000000001 R15: 0000000000000000 [ 1497.147868][ C0] [ 1497.151504][ C0] Kernel Offset: disabled [ 1497.155920][ C0] Rebooting in 86400 seconds..