last executing test programs: 11.950085001s ago: executing program 2 (id=7916): r0 = gettid() timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) fcntl$lock(0xffffffffffffffff, 0x0, &(0x7f0000000040)={0x0, 0x0, 0x60d3, 0x8}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(0x0, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r1 = signalfd(0xffffffffffffffff, &(0x7f0000000140), 0x8) r2 = syz_io_uring_setup(0x38a9, &(0x7f0000000300)={0x0, 0xffffffff, 0x10100, 0x0, 0xfffffffe}, &(0x7f0000000200)=0x0, &(0x7f0000000140)=0x0) syz_io_uring_submit(r3, r4, &(0x7f00000001c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x3, r1}) io_uring_enter(r2, 0x44fd, 0x3, 0x1, 0x0, 0x0) r5 = openat$audio(0xffffffffffffff9c, &(0x7f0000000140), 0x40000000040201, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(r5, &(0x7f0000000500)={0xa00, 0x18, 0xfa00, {0x100000000000000, 0x0}}, 0xfc36) 10.828018821s ago: executing program 2 (id=7922): setsockopt$inet6_tcp_TCP_REPAIR_QUEUE(0xffffffffffffffff, 0x6, 0x14, 0x0, 0x0) socket$inet6(0xa, 0x2, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) openat$sndseq(0xffffffffffffff9c, 0x0, 0x40c03) r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f00000000c0), 0x88a01, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f0000000240), 0x2, 0x40102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2f) shutdown(0xffffffffffffffff, 0x0) ioctl$SNDCTL_DSP_SETFRAGMENT(r0, 0xc004500a, &(0x7f0000000080)=0x74000000) write$dsp(r0, &(0x7f0000002000)='`', 0x88020) 7.735194017s ago: executing program 2 (id=7938): timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004}, 0x0) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x19) mbind(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x2, &(0x7f0000000000)=0x9, 0x8, 0x2) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x15) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) mlock(&(0x7f0000c00000/0x400000)=nil, 0x400000) madvise(&(0x7f0000000000/0x600000)=nil, 0x600000, 0x3) r2 = socket(0x10, 0x3, 0x0) write(r2, 0x0, 0x0) socket(0x10, 0x3, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_SIOCGIFINDEX(r3, 0x8933, 0x0) recvmmsg(r2, 0x0, 0x0, 0x10122, 0x0) ioctl$SNDRV_SEQ_IOCTL_CREATE_QUEUE(0xffffffffffffffff, 0xc08c5332, 0x0) 6.672727575s ago: executing program 3 (id=7943): creat(0x0, 0xd8) sendmsg$NL80211_CMD_GET_SURVEY(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000003c0)={&(0x7f0000000300)=ANY=[@ANYBLOB="1c000000", @ANYBLOB="a9"], 0x1c}}, 0x4004050) r0 = syz_open_dev$usbfs(&(0x7f0000000100), 0x76, 0x101301) ioctl$USBDEVFS_CLEAR_HALT(r0, 0xc0105502, &(0x7f0000000300)={0x1, 0x1}) 5.968910535s ago: executing program 1 (id=7946): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000100)={&(0x7f00000004c0)=@newlink={0x3c, 0x10, 0x40d, 0x70bd28, 0x0, {0x0, 0x0, 0x0, 0x0, 0x0, 0x2000}, [@IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @geneve={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_GENEVE_UDP_ZERO_CSUM6_TX={0x5}]}}}]}, 0x3c}}, 0x20000804) 5.863732708s ago: executing program 1 (id=7947): syz_usb_connect(0x2, 0x68, &(0x7f0000000600)=ANY=[@ANYBLOB="12010000a1121710950b2a17f4f70102030109022400010000000009"], 0x0) r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000180)=0x100000001, 0x4) connect$inet6(r0, &(0x7f0000000300)={0xa, 0x3, 0x8, @loopback, 0xfffffffe}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f0000000540), 0x3c) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f00000000c0)=@gcm_256={{0x304}, "41328ac33100", "e8582491a0c4050000000000f6542a9b6800000000000000003967d2daa45b4e", "61241765", "89b06aff130000fd"}, 0x38) sendmsg$inet(r0, &(0x7f0000000140)={0x0, 0x0, 0x0, 0x0, &(0x7f0000000600)=[@ip_tos_int={{0x14, 0x11a, 0x1, 0x8}}], 0x74}, 0x0) 5.723401986s ago: executing program 3 (id=7949): capset(&(0x7f0000000080)={0x20071026}, &(0x7f0000000040)={0x200000, 0x200003, 0x5, 0x0, 0xff, 0x8000}) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) openat$adsp1(0xffffffffffffff9c, 0x0, 0x2102, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = syz_usb_connect$hid(0x0, 0x36, 0x0, 0x0) syz_usb_control_io$hid(r2, &(0x7f0000001540)={0x24, 0x0, 0x0, 0x0, 0x0}, 0x0) syz_open_dev$hiddev(0x0, 0x0, 0x8000) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x3, &(0x7f0000000040)={0xffffffffffffffff}, 0x2, 0x1}}, 0x20) write$RDMA_USER_CM_CMD_QUERY_ROUTE(0xffffffffffffffff, &(0x7f0000000100)={0x5, 0x10, 0xfa00, {&(0x7f00000003c0), r3}}, 0x18) syz_usb_connect(0x1, 0x2d, 0x0, 0x0) r4 = socket$inet_udp(0x2, 0x2, 0x0) setsockopt$inet_udp_int(r4, 0x11, 0x1, &(0x7f0000000000)=0x2, 0x4) write$RDMA_USER_CM_CMD_BIND(0xffffffffffffffff, 0x0, 0x0) writev(r4, &(0x7f0000000300), 0x0) r5 = socket$inet_udp(0x2, 0x2, 0x0) bind$inet(r5, &(0x7f00000001c0)={0x2, 0x1, @local}, 0x10) connect$inet(r5, &(0x7f0000000280)={0x2, 0x4e20, @multicast2}, 0x10) setsockopt$inet_IP_XFRM_POLICY(r5, 0x0, 0x11, &(0x7f00000002c0)={{{@in6=@mcast1, @in=@initdev={0xac, 0x1e, 0xfe, 0x0}, 0x0, 0x0, 0x2, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0xee01}, {0x10000, 0x0, 0x0, 0x0, 0xfffffffffffffffc, 0x0, 0x0, 0xfffffffffffffffd}, {0x0, 0x8, 0x0, 0x8}, 0x0, 0x0, 0x1, 0x0, 0x1}, {{@in=@remote, 0x2, 0x6c}, 0x0, @in=@multicast1, 0x10, 0x5, 0x0, 0xb7}}, 0xe8) sendmmsg(r5, &(0x7f0000007fc0), 0x800001d, 0x0) 3.470914592s ago: executing program 1 (id=7958): r0 = syz_io_uring_setup(0xbd9, &(0x7f0000000640)={0x0, 0xe826, 0x800, 0x1, 0x3c3}, &(0x7f0000000dc0)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r1, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) r3 = socket$l2tp(0x2, 0x2, 0x73) preadv(0xffffffffffffffff, &(0x7f0000000240), 0x0, 0x0, 0x0) syz_io_uring_submit(r1, r2, &(0x7f0000000200)=@IORING_OP_SENDMSG={0x9, 0x0, 0x0, r3, 0x0, &(0x7f0000000980)={&(0x7f0000000100)=@llc={0x1a, 0x2, 0x81, 0x80, 0x6, 0x9, @random}, 0x80, 0x0}, 0x0, 0x405c}) io_uring_enter(r0, 0x847ba, 0x0, 0xe, 0x0, 0x0) 3.392978929s ago: executing program 0 (id=7959): r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000001ec0)=ANY=[@ANYBLOB="340000003e0007012bbd700000000000010100080400fc800c00018008000600", @ANYRES32=0x0, @ANYBLOB="080002"], 0x34}, 0x1, 0x0, 0x0, 0xc000}, 0x4040) r1 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f00000001c0)='memory.events\x00', 0x275a, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0x3261e) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x2000001, 0x12, r1, 0x0) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x8010) 3.092707759s ago: executing program 1 (id=7960): move_pages(0x0, 0x20a0, &(0x7f0000000040), &(0x7f0000001180), &(0x7f0000000000), 0x0) recvmsg$unix(0xffffffffffffffff, 0x0, 0x1) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000000)={&(0x7f00000000c0)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x0, 0x0, 0x2}}, 0x0, 0x1a, 0x0, 0x8, 0x2}, 0x28) r0 = socket$inet(0x2, 0x3, 0x2) setsockopt$inet_mreqsrc(r0, 0x0, 0x27, &(0x7f0000000280)={@multicast2, @local, @remote}, 0xc) setsockopt$inet_msfilter(r0, 0x0, 0x29, &(0x7f00000000c0)=ANY=[@ANYBLOB="e0000002ac1414aa0000000003"], 0x1c) syz_emit_ethernet(0x36, &(0x7f0000001800)={@link_local, @local, @void, {@ipv4={0x800, @icmp={{0x5, 0x4, 0x0, 0x0, 0x28, 0x64, 0x0, 0x4, 0x2, 0x0, @empty, @multicast2}, @timestamp_reply={0x11, 0x0, 0x0, 0xe000, 0x2, 0x10001}}}}}, 0x0) 2.980167566s ago: executing program 2 (id=7962): openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000140), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socket$packet(0x11, 0x3, 0x300) prlimit64(0x0, 0xe, 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r0 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x143102) writev(r0, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000200)={0xffffffffffffffff, 0x0, 0x3, 0x0, &(0x7f00000002c0)='\\ S', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5}, 0x50) r1 = syz_io_uring_setup(0x54d, &(0x7f0000000040)={0x0, 0x735a, 0x100, 0x805, 0x350}, &(0x7f0000000100)=0x0, &(0x7f00000001c0)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000180)=0xfffffffc, 0x0, 0x4) setsockopt$SO_ATTACH_FILTER(0xffffffffffffffff, 0x1, 0x1a, &(0x7f0000000400)={0x1, &(0x7f0000000200)=[{0x2e, 0x0, 0x0, 0x5}]}, 0x10) mprotect(&(0x7f0000000000/0x800000)=nil, 0x800000, 0x5) syz_io_uring_submit(r2, r3, &(0x7f0000000200)=@IORING_OP_WRITE={0x17, 0x1, 0x2007, @fd, 0xffffffffffffff7f, 0x0, 0x0, 0x4, 0x1}) io_uring_enter(r1, 0x47bc, 0x0, 0x0, 0x0, 0x0) 2.916878218s ago: executing program 0 (id=7963): sendmsg$kcm(0xffffffffffffffff, &(0x7f00000016c0)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000040)="d80000001e0081054e81f782db4cb9040a1d080006007c095dd2", 0x1a}], 0x1}, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b19, &(0x7f0000000040)={'wlan1\x00', @random="010000000800"}) 2.609394633s ago: executing program 0 (id=7965): r0 = openat$binderfs(0xffffffffffffff9c, &(0x7f00000000c0)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r0, 0x4018620d, &(0x7f0000000100)) r1 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000140)='./binderfs/binder0\x00', 0x0, 0x0) ioctl$BINDER_WRITE_READ(r1, 0xc0306201, &(0x7f0000000080)={0x8, 0x0, &(0x7f0000000400)=[@increfs], 0x0, 0x0, 0x0}) r2 = dup3(r1, r0, 0x0) r3 = openat$binderfs(0xffffffffffffff9c, &(0x7f0000000040)='./binderfs/binder0\x00', 0x0, 0x0) mmap$binder(&(0x7f0000ffd000/0x3000)=nil, 0x3000, 0x1, 0x11, r3, 0x0) ioctl$BINDER_SET_CONTEXT_MGR_EXT(r3, 0x4018620d, &(0x7f0000004a80)={0x73622a85, 0x100, 0x1}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000004c0)={0x8, 0x0, &(0x7f0000000000)=[@acquire], 0x0, 0x0, 0x0}) ioctl$BINDER_WRITE_READ(r2, 0xc0306201, &(0x7f00000001c0)={0x8, 0x0, &(0x7f00000002c0)=[@decrefs={0x40046307, 0x1}], 0x0, 0x0, 0x0}) 2.560414022s ago: executing program 2 (id=7966): syz_usb_connect(0x0, 0x36, &(0x7f0000000000)=ANY=[@ANYBLOB="120120004106cd40cd060f011bd50000000109022400010000800009040bf50233776100090507df"], 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x4000300) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r0, 0x0, 0x0) quotactl$Q_QUOTAON(0xffffffff80000202, 0x0, 0x0, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) ioctl(r1, 0x8b27, &(0x7f0000000040)) r2 = syz_open_procfs(0x0, 0x0) getsockopt$kcm_KCM_RECV_DISABLE(r2, 0x119, 0x1, 0x0, 0x0) 2.559607267s ago: executing program 1 (id=7967): mkdir(&(0x7f0000000300)='./bus\x00', 0x0) lsetxattr$system_posix_acl(&(0x7f00000003c0)='./bus\x00', &(0x7f0000000540)='system.posix_acl_access\x00', &(0x7f0000000600)={{}, {}, [], {0x4, 0x1}, [], {0x10, 0x6}}, 0x24, 0x0) getxattr(&(0x7f0000000140)='./bus\x00', &(0x7f00000001c0)=@known='system.posix_acl_access\x00', 0x0, 0x0) 2.374079335s ago: executing program 0 (id=7969): sendmsg$nl_route(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000007540)=@newlink={0x40, 0x10, 0x1, 0x70bd29, 0x25dfdbff, {0x0, 0x0, 0x0, 0x0, 0x2b24d, 0x75a00}, [@IFLA_IFNAME={0x14, 0x3, 'vlan0\x00'}, @IFLA_VFINFO_LIST={0xc, 0x16, 0x0, 0x1, [{0x8, 0x1, 0x0, 0x1, [@IFLA_VF_VLAN_LIST={0x4}]}]}]}, 0x40}, 0x1, 0x0, 0x0, 0x400c1}, 0x0) 2.308821118s ago: executing program 1 (id=7970): r0 = syz_usb_connect(0x0, 0x24, &(0x7f00000000c0)=ANY=[@ANYBLOB="1201000034709d405f0530c6acb60102030109021200fd000000000904"], 0x0) syz_usb_control_io$sierra_net(r0, 0x0, &(0x7f0000000200)={0x1c, &(0x7f0000000100)={0x0, 0x6, 0x1, '7'}, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, &(0x7f0000000540)={0x2c, &(0x7f0000000240)={0x40, 0x14}, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$cdc_ecm(r0, 0x0, &(0x7f0000000300)={0x1c, &(0x7f0000000180)={0x60, 0x7}, 0x0, 0x0}) syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000000a80)={0x44, &(0x7f0000000840)={0x0, 0xe}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$printer(r0, 0x0, &(0x7f0000000680)={0x34, &(0x7f0000000340)={0x0, 0x3}, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, &(0x7f0000000b00)={0x84, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000a40)={0x40, 0x21, 0x1, 0x5}}) syz_usb_control_io$uac3(r0, 0x0, &(0x7f0000001300)={0x44, &(0x7f00000010c0)={0x20, 0x8}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) 2.277025042s ago: executing program 0 (id=7972): sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, 0x0, 0x4044004) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r2 = openat$sysctl(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/vm/drop_caches\x00', 0x1, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) writev(r2, &(0x7f00000000c0)=[{&(0x7f0000000140)='2', 0x1}], 0x1) 1.293792663s ago: executing program 3 (id=7977): sendmmsg$inet6(0xffffffffffffffff, &(0x7f0000000740)=[{{0x0, 0x0, 0x0, 0x0, &(0x7f0000000b40)=ANY=[@ANYBLOB="14000000000000002900000000000014000000000000002900000034000000fdffffff00000000180000000000000029000000040000000400000000000000d80000000000000029000000360000005e1700000000000000010000010001080000000000000000072800"], 0x188}}], 0x1, 0x810) bind$alg(0xffffffffffffffff, &(0x7f0000000380)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-cast5-avx\x00'}, 0x58) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000000)={0x0, 0xd4}}, 0x0) r0 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg(r0, &(0x7f0000000740)={0x0, 0x0, &(0x7f0000000300)=[{0x0}], 0x1, 0x0, 0x10}, 0x40000) r1 = socket$alg(0x26, 0x5, 0x0) bind$alg(r1, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'cbc-camellia-asm\x00'}, 0x58) setsockopt$ALG_SET_KEY(r1, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r2 = accept4(r1, 0x0, 0x0, 0x800) sendmmsg$alg(r2, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000)=[{&(0x7f0000000080)="f78d9ca38fff48f3be52163448412ba8", 0xfffffe3f}, {&(0x7f0000000140)="ebe3a0e9796cfd1647e299f4e376fdba128280b372219d205e81f4a7f71c1926aae1efd7e0054a863f3d5cfe6cb55b5bb9fa6935849e6098ed884e7cb51726b360fbb37b4fe035bbb095873048"}, {&(0x7f00000003c0)="e8700e444d50a969ff67347cff6127e6ef12ee3819271482a4975a52c1ab9b8b4db3945d1032005eabe97b4dc33a47d3a158da988456d30026b433186f53cdcdb93a4722bf306a10470d50f5cb1ece9ead3459bab1cf1538cd0b157653c5e892962c80f158c443e9c6ad7d2a8103ef2f4b93766b9a21501f94c1568b13756b66f74f46cf801704d2da8b96c34070b233af0afcc436712e58ed25e721193af05a045ad3fdc928f02f3dbad19d3e66eebda2e63f3f46ef4511cee26d7b48241847bf9e343ef4674c45e2a085060f11"}], 0x1, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r2, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x7ffff000}, {&(0x7f0000000200)=""/83, 0x20000253}], 0x2}, 0x0) r3 = syz_genetlink_get_family_id$nl80211(&(0x7f0000000080), 0xffffffffffffffff) ioctl$sock_SIOCGIFINDEX_80211(r0, 0x8933, &(0x7f00000013c0)={'wlan1\x00', 0x0}) sendmsg$NL80211_CMD_FRAME(r0, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[@ANYBLOB="f4060000", @ANYRES16=r3, @ANYBLOB="01000000000000e14f003b00000008000300", @ANYRES32=r4, @ANYBLOB="d50633008000009effffffffffff080211000001"], 0x6f4}}, 0x0) 1.100150493s ago: executing program 3 (id=7978): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) r0 = open(&(0x7f0000000000)='.\x00', 0x0, 0xa) chdir(&(0x7f0000000140)='./file0\x00') unlinkat(r0, &(0x7f0000000280)='./file0\x00', 0x200) r1 = open(&(0x7f0000000140)='.\x00', 0x8000, 0x112) getdents(r1, 0x0, 0x0) 972.955483ms ago: executing program 3 (id=7979): add_key(&(0x7f0000000000)='id_legacy\x00', 0x0, 0x0, 0x0, 0xfffffffffffffffe) r0 = socket$inet6_sctp(0xa, 0x5, 0x84) setsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX(r0, 0x84, 0x6e, &(0x7f0000000140)=[@in={0x2, 0x4e24, @rand_addr=0x64010100}], 0x10) r1 = socket$inet_sctp(0x2, 0x1, 0x84) getsockopt$inet_sctp_SCTP_MAX_BURST(r1, 0x84, 0x14, &(0x7f0000000000)=@assoc_value={0x0}, &(0x7f0000000040)=0x8) setsockopt$inet_sctp6_SCTP_STREAM_SCHEDULER_VALUE(r0, 0x84, 0x7c, &(0x7f0000000080)={r2, 0x9, 0x7fff}, 0x8) 737.89211ms ago: executing program 4 (id=7980): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r0) r1 = socket$nl_netfilter(0x10, 0x3, 0xc) close(r1) r2 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r2, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000580)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a28000000000a030000000000000000000a00000708000240000000020900010073797a31000000002c000000030a0101000000dd000000000a0000070900010073797a31000000000900030073597a320000000014000000110001"], 0x7c}, 0x1, 0x0, 0x0, 0x4000}, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000017c0)={0x1, 0xe, &(0x7f0000000200)=ANY=[@ANYBLOB="b700000081000000bfa30000000000000703"], 0x0}, 0x94) sendmsg$NFT_BATCH(r2, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f0000000480)=ANY=[@ANYBLOB="140000001000010000000000006000000500000a3c000000090a010400000000000000000a0000040900010073797a310000000008000540000000020900020073797a310000000008000a40fffffffc4c0000000c0a010100000000000000000a0000060900020073797a31000000000900010073797a310000000020000380100000800c00018006000100d10300000c000080080003400000000214000000110001"], 0xb0}, 0x1, 0x0, 0x0, 0x14}, 0x40) sendmsg$NFT_BATCH(r0, &(0x7f0000009b40)={0x0, 0x0, &(0x7f0000009b00)={&(0x7f00000001c0)=ANY=[@ANYBLOB="140000001000010000000000000000000500000a480000001e0a010100000000000000000a0000060900020073797a31000000000900010073797a31000000001c000380180000800c000180060001"], 0x70}, 0x1, 0x0, 0x0, 0x4451099e661a63b1}, 0x0) 607.055818ms ago: executing program 4 (id=7981): close_range(0xffffffffffffffff, 0xffffffffffffffff, 0x2) r0 = fsopen(&(0x7f00000000c0)='cgroup2\x00', 0x0) fsconfig$FSCONFIG_SET_BINARY(r0, 0x6, 0x0, 0x0, 0x0) r1 = fsmount(r0, 0x0, 0x0) sendmsg$nl_generic(r1, 0x0, 0x6fb04e09566da74f) 504.41255ms ago: executing program 4 (id=7982): r0 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r0, 0x0, 0x0) 454.921215ms ago: executing program 4 (id=7983): r0 = openat$vcsu(0xffffffffffffff9c, &(0x7f0000000080), 0x4c842, 0x0) ioctl$SNDRV_CTL_IOCTL_RAWMIDI_PREFER_SUBDEVICE(r0, 0x40045542, &(0x7f00000001c0)=0x1) unshare(0x6020400) r1 = syz_open_dev$sndctrl(&(0x7f0000000040), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r1, 0xc0045516, &(0x7f0000000000)=0xffb) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, 0x0) r2 = epoll_create1(0x80000) epoll_ctl$EPOLL_CTL_ADD(r2, 0x1, r1, &(0x7f0000000300)) ioctl$SNDRV_CTL_IOCTL_ELEM_WRITE(r1, 0xc4c85513, &(0x7f0000000c80)={{0x3, 0x1, 0x1, 0x3557, 'syz1\x00', 0x5}, 0x1, [0x2, 0x84, 0x1c00000000000000, 0x7fffffffffffffff, 0x3, 0x3896, 0x5, 0x3, 0x8, 0xffffffff, 0xfffffffffffffff7, 0x9, 0x7ff, 0x80, 0x2fc2f8ae, 0x1, 0x101, 0xa70, 0x7fffffffffffffff, 0xa1, 0xfffffffffffffff8, 0x40, 0x2, 0x7, 0x10, 0x9, 0x8, 0x2, 0x6, 0x6, 0x6, 0x5, 0x2, 0x101, 0xffff, 0x144be44d, 0xc3b, 0x400000000003, 0x800000, 0x12, 0x2, 0x8, 0xbb9, 0x2, 0x8, 0x9, 0xb1e, 0x8, 0xf, 0x651, 0x8, 0x8000, 0xc, 0xffffffffffffffff, 0x4, 0x0, 0x400, 0x1, 0x5, 0x80000000, 0x5, 0x81, 0x5, 0x1, 0x6, 0xb, 0x4, 0x5af0512f, 0x8001, 0x5, 0xfffd, 0x8, 0x1, 0x100000001, 0x81, 0x3, 0x1, 0x800, 0xf5, 0x7, 0x1, 0x401, 0xf, 0x4, 0x2c, 0x5, 0x8, 0x2, 0x3, 0x5, 0x80000000, 0xed, 0x9, 0x7, 0x3, 0x7, 0x500000000000000, 0x100, 0xfffffffffffffffb, 0xd05, 0xf, 0xf95, 0x4, 0x4, 0x8, 0x61, 0x1, 0xe, 0x8, 0x1, 0x2, 0x0, 0x400000000, 0x13ff, 0xa, 0xd3, 0x80, 0x6, 0x1000, 0x401, 0xe51b, 0x9, 0x7, 0x3, 0x9, 0x5, 0x9, 0x1ff]}) ioctl$DRM_IOCTL_MODE_CURSOR2(0xffffffffffffffff, 0xc02464bb, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000400)={'syz0\x00', {0x3, 0xb, 0x6, 0xff}, 0x3a, [0x8000, 0xc95a, 0xf, 0x8, 0x80, 0x0, 0x3, 0x10007e, 0x20000006, 0x53, 0x6, 0x10000, 0x80005, 0x2, 0xffff2d34, 0xffffff01, 0x6, 0x3, 0xfffffffc, 0x5, 0x4, 0x2, 0x7, 0x3c5b, 0x80000001, 0x26, 0xd, 0x1, 0x6, 0x7, 0xe661, 0x4, 0x7, 0x7, 0x8, 0x4c74, 0x80000000, 0x0, 0x3, 0xe, 0x8, 0x800080ee, 0xa, 0x17, 0x1, 0x9, 0x200, 0x3e, 0x8c, 0x6, 0xca9, 0x0, 0x5, 0x4, 0x8, 0x400, 0x80, 0x1, 0x5, 0x6, 0x6, 0x5, 0x1, 0x40], [0x10000007, 0x9, 0x80000130, 0x8004, 0x5, 0xfffffff3, 0x2, 0xc8, 0xf9, 0xe, 0x7, 0x6c7, 0x9, 0xfffffffc, 0x3, 0x0, 0x0, 0x5, 0x42f, 0xe, 0x312, 0x78, 0x1, 0x0, 0x4, 0x7, 0x7fff, 0x6, 0x4400, 0x401, 0x6, 0x1, 0xff, 0x5, 0x1000005, 0x5f31, 0xd, 0x101, 0x1, 0x4, 0xffff80f1, 0x1, 0x6, 0x8, 0x9, 0x6, 0x47, 0x8020, 0x1, 0xfe000000, 0xffff, 0xfffffe01, 0x4, 0x9, 0x3, 0x3, 0x9, 0x1, 0x3, 0x3, 0xbc45, 0x48c93694, 0x43, 0x9], [0x7, 0xa, 0x4, 0x5, 0xfffffffe, 0x100, 0x8d2, 0x9, 0x5, 0x7fff, 0x0, 0x5, 0xf, 0x4, 0x6, 0x5, 0x5, 0x8, 0x5, 0x1, 0x86, 0x3, 0x303c, 0x3e7, 0xb, 0x5, 0x2, 0x2, 0x3, 0x20000008, 0x2, 0x6d03, 0x6, 0xd, 0x800003, 0x200, 0x400080, 0x3, 0x4, 0x2950bfaf, 0x2, 0xa2, 0x7, 0xa9, 0x5, 0x6, 0xac8, 0xc2, 0x2, 0x3, 0x7ff, 0x12b, 0x4, 0x1, 0x1000000a, 0x0, 0x5, 0x21c, 0x120000, 0x3, 0x2006, 0x80a2ed, 0x4, 0x24], [0x9, 0x40bb33, 0x80000000, 0xb, 0x5, 0x93a, 0x6, 0x1000006, 0x0, 0xb9, 0xce7, 0x1ff, 0x2, 0x57, 0x4, 0x3, 0x101, 0x10000, 0x4, 0x7fff, 0x10000, 0x7f, 0x2, 0x5, 0x1, 0x2, 0x14c, 0x60a7, 0x6, 0x96, 0xffffffff, 0x80000001, 0x7, 0x4, 0xc8, 0x1, 0xfffff000, 0x4010080, 0x3, 0x7e, 0x100, 0x1000, 0x7, 0xaf, 0x8, 0x6, 0x226, 0x5, 0x5, 0x1, 0x30b1d69b, 0xa1f, 0xf40, 0x7, 0x1, 0x6c1b, 0x0, 0x4, 0x928, 0xb1e, 0xc7, 0x200, 0xffff2441, 0xfff]}, 0x45c) ppoll(&(0x7f00000000c0)=[{}, {}], 0x20000000000000dc, 0x0, 0x0, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600722, 0x66) openat$binfmt(0xffffffffffffff9c, 0x0, 0x41, 0x1ff) 427.146542ms ago: executing program 2 (id=7984): openat$tun(0xffffffffffffff9c, 0x0, 0x0, 0x0) syz_open_dev$midi(&(0x7f0000000000), 0x2, 0x800) socket$inet6_sctp(0xa, 0x5, 0x84) socket$inet6_sctp(0xa, 0x1, 0x84) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff}) connect$unix(r0, &(0x7f0000000580)=@abs, 0x6e) r1 = socket$key(0xf, 0x3, 0x2) sendmsg$key(r1, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000080)={0x2, 0x13, 0x0, 0x0, 0x2}, 0x10}}, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0xbc3d, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f00000000c0)={0x0, 0x18, 0xfa00, {0x4, 0x0, 0x2, 0x6}}, 0x20) r2 = openat$rdma_cm(0xffffffffffffff9c, &(0x7f0000000540), 0x2, 0x0) r3 = syz_open_dev$sndctrl(&(0x7f0000001ac0), 0x1, 0x0) r4 = socket$nl_xfrm(0x10, 0x3, 0x6) r5 = socket$igmp(0x2, 0x3, 0x2) ioctl$sock_SIOCGIFINDEX(r5, 0x8933, &(0x7f0000000180)={'netdevsim0\x00'}) sendmsg$nl_xfrm(r4, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={0x0, 0x15c}, 0x1, 0x0, 0x0, 0x880}, 0x2014) ioctl$SNDRV_CTL_IOCTL_ELEM_UNLOCK(r3, 0xc4c85513, &(0x7f0000000000)={0x2, 0x4, 0x1, 0x0, 'syz1\x00', 0x109a7}) write$RDMA_USER_CM_CMD_CREATE_ID(r2, &(0x7f0000000100)={0x0, 0x18, 0xfa00, {0x1, &(0x7f0000000040)={0xffffffffffffffff}, 0x111}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_IP(r2, &(0x7f0000000180)={0x3, 0x40, 0xfa02, {{0x6000000, 0x4000, 0xffffffff, @empty}, {0xa, 0x0, 0x3, @private1={0xfc, 0x1, '\x00', 0x1}, 0x800083}, r6}}, 0x48) sendmsg$IPCTNL_MSG_EXP_GET(0xffffffffffffffff, 0x0, 0x10) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000240)={'netdevsim0\x00', &(0x7f0000000140)=@ethtool_flash={0x33, 0x8, './file0\x00'}}) 264.518547ms ago: executing program 4 (id=7985): socket$inet(0x2, 0x3, 0x4) socket(0x10, 0x3, 0x0) socket$nl_generic(0x10, 0x3, 0x10) r0 = open(&(0x7f0000000180)='./bus\x00', 0x14927e, 0x0) lsetxattr$security_ima(&(0x7f00000002c0)='./bus\x00', &(0x7f0000000180), &(0x7f00000001c0)=ANY=[@ANYRES16=r0], 0xa, 0x0) mmap(&(0x7f0000000000/0x3000)=nil, 0x3000, 0x5, 0x12, r0, 0x0) 80.214943ms ago: executing program 0 (id=7986): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) bind$inet6(r0, &(0x7f00000000c0)={0xa, 0x4e22, 0x1, @ipv4={'\x00', '\xff\xff', @dev={0xac, 0x14, 0x14, 0xd}}, 0x7}, 0x1c) r1 = gettid() ioctl$int_in(r0, 0x5452, &(0x7f0000000040)=0x2) fcntl$setownex(r0, 0xf, &(0x7f0000000000)={0x2, r1}) connect$inet6(r0, &(0x7f0000000080)={0xa, 0x4e22, 0x7, @ipv4={'\x00', '\xff\xff', @empty}, 0xfff}, 0x1c) sendmmsg$inet6(r0, &(0x7f0000000d40)=[{{0x0, 0x0, &(0x7f0000000140)=[{&(0x7f0000000280)="02", 0x1}], 0x1}}, {{0x0, 0x0, &(0x7f0000000680)=[{&(0x7f0000000480)="de38ec8773b844d66608c9e1", 0xc}], 0x1}}], 0x2, 0x404c851) 61.242382ms ago: executing program 4 (id=7987): inotify_init1(0x0) socket$inet6_sctp(0xa, 0x1, 0x84) socket$inet(0x2, 0x2, 0x0) openat$binderfs(0xffffffffffffff9c, &(0x7f0000000380)='./binderfs/binder0\x00', 0x0, 0x0) openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) socket$caif_stream(0x25, 0x1, 0x0) pselect6(0x40, &(0x7f0000000240)={0x8, 0x0, 0x1ff, 0x7d, 0x0, 0x8000, 0x4, 0x9}, 0x0, 0x0, 0x0, 0x0) 0s ago: executing program 3 (id=7988): syz_open_dev$tty1(0xc, 0x4, 0x1) prlimit64(0x0, 0xe, &(0x7f0000000000)={0x8, 0x8b}, 0x0) socket$inet_smc(0x2b, 0x1, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) syz_genetlink_get_family_id$ethtool(0x0, 0xffffffffffffffff) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0xffff, 0x0, 0x1, 0x0, 0xfffffe0000000001, 0xfa0d, 0xffffffff}, 0x0) socket$inet_sctp(0x2, 0x1, 0x84) gettid() r2 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r2, 0x0, 0x0) sendmsg$netlink(0xffffffffffffffff, 0x0, 0x0) r3 = syz_open_dev$vim2m(&(0x7f00000002c0), 0x7, 0x2) ioctl$VIDIOC_CROPCAP(r3, 0xc02c563a, &(0x7f00000000c0)={0xa, {0x4, 0x3, 0x1, 0x401}, {0x0, 0x2, 0x4, 0x1000}, {0xa47, 0x5}}) r4 = syz_open_procfs(0x0, &(0x7f0000000140)='net/ip6_flowlabel\x00') pread64(r4, &(0x7f0000001600)=""/4103, 0x1007, 0x97) r5 = add_key$keyring(&(0x7f0000000400), &(0x7f0000000040)={'syz', 0x0}, 0x0, 0x0, 0xfffffffffffffffb) keyctl$KEYCTL_RESTRICT_KEYRING(0x1d, r5, 0x0, 0x0) kernel console output (not intermixed with test programs): [T13767] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1576.984032][T13767] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1577.327751][T13767] usb 1-1: GET_CAPABILITIES returned 0 [ 1577.415652][T13767] usbtmc 1-1:16.0: can't read capabilities [ 1577.935864][T13930] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1578.011451][T13930] cp210x 2-1:0.0: querying part number failed [ 1578.135329][T13930] usb 2-1: cp210x converter now attached to ttyUSB0 [ 1578.205197][T13930] usb 2-1: USB disconnect, device number 59 [ 1578.257156][T13930] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1578.329351][T13930] cp210x 2-1:0.0: device disconnected [ 1578.414873][T29923] netlink: 84 bytes leftover after parsing attributes in process `syz.1.7334'. [ 1578.440813][T29923] kAFS: unable to lookup cell 'ÿ' [ 1578.757559][T13767] usb 3-1: new full-speed USB device number 27 using dummy_hcd [ 1578.956550][T13767] usb 3-1: New USB device found, idVendor=174f, idProduct=6a31, bcdDevice=26.3f [ 1578.966540][T13767] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1578.975750][T13767] usb 3-1: Product: syz [ 1578.980165][T13767] usb 3-1: Manufacturer: syz [ 1579.092944][T13767] usb 3-1: SerialNumber: syz [ 1579.105609][T13767] usb 3-1: config 0 descriptor?? [ 1579.137085][T13767] gspca_main: stk1135-2.14.0 probing 174f:6a31 [ 1579.914777][T29931] hsr_slave_0: left promiscuous mode [ 1580.004607][T29931] hsr_slave_1: left promiscuous mode [ 1580.079267][T13781] usb 1-1: USB disconnect, device number 40 [ 1580.392680][T13767] gspca_stk1135: reg_w 0x0 err -110 [ 1580.399336][T13767] gspca_stk1135: serial bus timeout: status=0x00 [ 1580.741616][T13767] gspca_stk1135: Sensor write failed [ 1580.756855][T13767] gspca_stk1135: serial bus timeout: status=0x00 [ 1580.825913][T13767] gspca_stk1135: Sensor write failed [ 1580.853696][T29939] sctp: [Deprecated]: syz.4.7339 (pid 29939) Use of int in maxseg socket option. [ 1580.853696][T29939] Use struct sctp_assoc_value instead [ 1580.924552][T13767] gspca_stk1135: serial bus timeout: status=0x00 [ 1580.962511][T13767] gspca_stk1135: Sensor read failed [ 1580.974369][ T12] wlan0: Trigger new scan to find an IBSS to join [ 1580.985435][T13767] gspca_stk1135: serial bus timeout: status=0x00 [ 1580.999139][T13767] gspca_stk1135: Sensor read failed [ 1581.051019][T13767] gspca_stk1135: Detected sensor type unknown (0x0) [ 1581.065903][T13767] gspca_stk1135: serial bus timeout: status=0x00 [ 1581.083503][T29942] netlink: 'syz.0.7340': attribute type 12 has an invalid length. [ 1581.091590][T29942] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7340'. [ 1581.157930][T13767] gspca_stk1135: Sensor read failed [ 1581.179413][T13767] gspca_stk1135: serial bus timeout: status=0x00 [ 1581.196045][T13767] gspca_stk1135: Sensor read failed [ 1581.206814][T13767] gspca_stk1135: serial bus timeout: status=0x00 [ 1581.267996][T13767] gspca_stk1135: Sensor write failed [ 1581.284154][T13767] gspca_stk1135: serial bus timeout: status=0x00 [ 1581.308987][T13767] gspca_stk1135: Sensor write failed [ 1581.341027][T13767] stk1135 3-1:0.0: probe with driver stk1135 failed with error -110 [ 1582.084114][T13930] usb 3-1: USB disconnect, device number 27 [ 1582.272405][T13767] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 1582.422440][T29966] bridge_slave_0: entered promiscuous mode [ 1582.672633][T13767] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1582.700615][T13767] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1582.915751][T13767] usb 2-1: config 0 descriptor?? [ 1582.947595][T13767] cp210x 2-1:0.0: cp210x converter detected [ 1584.025011][T29972] veth5: entered promiscuous mode [ 1584.412847][T13930] usb 4-1: new high-speed USB device number 30 using dummy_hcd [ 1584.592385][T13930] usb 4-1: Using ep0 maxpacket: 8 [ 1584.610362][T13930] usb 4-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1584.620683][T13930] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1584.641191][T29986] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1584.676670][T13930] usb 4-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1584.730322][T13930] usb 4-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1584.835168][T13767] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1584.884537][ T12] wlan0: Trigger new scan to find an IBSS to join [ 1584.904105][T13767] cp210x 2-1:0.0: querying part number failed [ 1584.980845][T13767] usb 2-1: cp210x converter now attached to ttyUSB0 [ 1585.030379][T13767] usb 2-1: USB disconnect, device number 60 [ 1585.076507][T13767] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1585.110738][T13767] cp210x 2-1:0.0: device disconnected [ 1585.277208][T13930] usb 4-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1585.404616][T13930] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1585.512715][T13767] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 1585.645927][ T5825] usb 3-1: new high-speed USB device number 28 using dummy_hcd [ 1585.671599][T13930] usb 4-1: GET_CAPABILITIES returned 0 [ 1585.681846][T13930] usbtmc 4-1:16.0: can't read capabilities [ 1585.744264][T13767] usb 2-1: config 1 interface 0 has no altsetting 0 [ 1585.759430][T13767] usb 2-1: string descriptor 0 read error: -22 [ 1585.766051][T13767] usb 2-1: New USB device found, idVendor=056e, idProduct=011c, bcdDevice= 0.40 [ 1585.803614][T13767] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1585.812407][ T5825] usb 3-1: Using ep0 maxpacket: 32 [ 1585.821274][ T5825] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xFF, changing to 0x8F [ 1585.846087][ T5825] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has an invalid bInterval 255, changing to 11 [ 1585.858203][ T5825] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8F has invalid maxpacket 59391, setting to 1024 [ 1585.916413][ T5825] usb 3-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 1585.930958][ T5825] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1585.939705][T10634] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1585.958755][ T5825] usb 3-1: config 0 descriptor?? [ 1585.988550][T29992] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 1586.036940][ T5825] hub 3-1:0.0: USB hub found [ 1586.204300][ T5825] hub 3-1:0.0: 2 ports detected [ 1586.315928][T29990] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1586.326122][T29990] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1586.344146][T13767] hid_parser_main: 222 callbacks suppressed [ 1586.344170][T13767] elecom 0003:056E:011C.0033: unknown main item tag 0x0 [ 1586.364053][T13767] elecom 0003:056E:011C.0033: unknown main item tag 0x0 [ 1586.377657][T13767] elecom 0003:056E:011C.0033: unknown main item tag 0x0 [ 1586.389337][T13767] elecom 0003:056E:011C.0033: unknown main item tag 0x0 [ 1586.409864][T13767] elecom 0003:056E:011C.0033: unknown main item tag 0x0 [ 1586.424690][T13767] elecom 0003:056E:011C.0033: unknown main item tag 0x0 [ 1586.437805][T13767] elecom 0003:056E:011C.0033: unknown main item tag 0x0 [ 1586.451825][T13767] elecom 0003:056E:011C.0033: unknown main item tag 0x0 [ 1586.457918][T29996] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7355'. [ 1586.468445][T13767] elecom 0003:056E:011C.0033: unknown main item tag 0x0 [ 1586.469800][T29996] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7355'. [ 1586.533730][T13767] elecom 0003:056E:011C.0033: unknown main item tag 0x0 [ 1586.638981][T13767] elecom 0003:056E:011C.0033: hidraw0: USB HID v0.04 Device [HID 056e:011c] on usb-dummy_hcd.1-1/input0 [ 1586.975161][T13767] usb 4-1: USB disconnect, device number 30 [ 1587.246207][T30010] netlink: 'syz.3.7358': attribute type 12 has an invalid length. [ 1587.254369][T30010] netlink: 132 bytes leftover after parsing attributes in process `syz.3.7358'. [ 1587.906494][ T5825] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 1587.906828][T19538] usb 3-1: USB disconnect, device number 28 [ 1587.963184][T13767] usb 2-1: USB disconnect, device number 61 [ 1588.387181][T30026] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1588.397017][T30026] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1588.679792][T30031] netlink: 'syz.1.7364': attribute type 4 has an invalid length. [ 1589.202712][T25819] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 1589.368654][T30038] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7366'. [ 1589.392417][T30038] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7366'. [ 1589.633025][T25819] usb 2-1: Using ep0 maxpacket: 16 [ 1589.653021][T25819] usb 2-1: config 0 has no interfaces? [ 1589.687742][T25819] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1589.706343][T30044] netlink: 28 bytes leftover after parsing attributes in process `syz.3.7367'. [ 1589.722816][T30044] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7367'. [ 1589.753798][T25819] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1589.762597][T30045] kAFS: unable to lookup cell 'ÿ' [ 1589.787332][T25819] usb 2-1: Manufacturer: syz [ 1589.820182][T25819] usb 2-1: config 0 descriptor?? [ 1590.262902][T30048] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7368'. [ 1590.441995][T30048] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7368'. [ 1591.754105][T13767] usb 2-1: USB disconnect, device number 62 [ 1592.112398][T10634] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1592.165799][T30068] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7373'. [ 1592.230721][T30068] FAULT_INJECTION: forcing a failure. [ 1592.230721][T30068] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1592.322694][T30068] CPU: 1 UID: 0 PID: 30068 Comm: syz.4.7373 Tainted: G L syzkaller #0 PREEMPT(full) [ 1592.322730][T30068] Tainted: [L]=SOFTLOCKUP [ 1592.322737][T30068] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1592.322749][T30068] Call Trace: [ 1592.322758][T30068] [ 1592.322766][T30068] dump_stack_lvl+0xe8/0x150 [ 1592.322800][T30068] should_fail_ex+0x412/0x560 [ 1592.322833][T30068] _copy_to_user+0x31/0xb0 [ 1592.322858][T30068] simple_read_from_buffer+0xe1/0x170 [ 1592.322891][T30068] proc_fail_nth_read+0x1bb/0x230 [ 1592.322923][T30068] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1592.322965][T30068] ? rw_verify_area+0x2a6/0x4d0 [ 1592.322985][T30068] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1592.323013][T30068] vfs_read+0x20c/0xa70 [ 1592.323032][T30068] ? fdget_pos+0x246/0x320 [ 1592.323065][T30068] ? __pfx___mutex_lock+0x10/0x10 [ 1592.323088][T30068] ? __pfx_vfs_read+0x10/0x10 [ 1592.323111][T30068] ? __fget_files+0x2a/0x420 [ 1592.323143][T30068] ? __fget_files+0x3a0/0x420 [ 1592.323169][T30068] ? __fget_files+0x2a/0x420 [ 1592.323204][T30068] ksys_read+0x150/0x270 [ 1592.323227][T30068] ? __pfx_ksys_read+0x10/0x10 [ 1592.323260][T30068] do_syscall_64+0x14d/0xf80 [ 1592.323280][T30068] ? trace_irq_disable+0x3b/0x150 [ 1592.323307][T30068] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1592.323326][T30068] ? clear_bhb_loop+0x40/0x90 [ 1592.323362][T30068] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1592.323382][T30068] RIP: 0033:0x7f3313f5cfce [ 1592.323401][T30068] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1592.323418][T30068] RSP: 002b:00007f3314eaafe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1592.323440][T30068] RAX: ffffffffffffffda RBX: 00007f3314eab6c0 RCX: 00007f3313f5cfce [ 1592.323453][T30068] RDX: 000000000000000f RSI: 00007f3314eab0a0 RDI: 0000000000000004 [ 1592.323465][T30068] RBP: 00007f3314eab090 R08: 0000000000000000 R09: 0000000000000000 [ 1592.323477][T30068] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1592.323488][T30068] R13: 00007f3314216038 R14: 00007f3314215fa0 R15: 00007f331433fa48 [ 1592.323520][T30068] [ 1592.958536][T30078] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1594.724929][T30107] FAULT_INJECTION: forcing a failure. [ 1594.724929][T30107] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1594.740260][T30107] CPU: 1 UID: 0 PID: 30107 Comm: syz.3.7383 Tainted: G L syzkaller #0 PREEMPT(full) [ 1594.740281][T30107] Tainted: [L]=SOFTLOCKUP [ 1594.740286][T30107] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1594.740293][T30107] Call Trace: [ 1594.740299][T30107] [ 1594.740305][T30107] dump_stack_lvl+0xe8/0x150 [ 1594.740327][T30107] should_fail_ex+0x412/0x560 [ 1594.740346][T30107] _copy_to_user+0x31/0xb0 [ 1594.740360][T30107] simple_read_from_buffer+0xe1/0x170 [ 1594.740379][T30107] proc_fail_nth_read+0x1bb/0x230 [ 1594.740397][T30107] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1594.740414][T30107] ? rw_verify_area+0x2a6/0x4d0 [ 1594.740427][T30107] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1594.740443][T30107] vfs_read+0x20c/0xa70 [ 1594.740454][T30107] ? fdget_pos+0x246/0x320 [ 1594.740472][T30107] ? __pfx___mutex_lock+0x10/0x10 [ 1594.740486][T30107] ? __pfx_vfs_read+0x10/0x10 [ 1594.740499][T30107] ? __fget_files+0x2a/0x420 [ 1594.740517][T30107] ? __fget_files+0x3a0/0x420 [ 1594.740532][T30107] ? __fget_files+0x2a/0x420 [ 1594.740551][T30107] ksys_read+0x150/0x270 [ 1594.740565][T30107] ? __pfx_ksys_read+0x10/0x10 [ 1594.740583][T30107] do_syscall_64+0x14d/0xf80 [ 1594.740595][T30107] ? trace_irq_disable+0x3b/0x150 [ 1594.740610][T30107] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1594.740622][T30107] ? clear_bhb_loop+0x40/0x90 [ 1594.740636][T30107] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1594.740647][T30107] RIP: 0033:0x7f70f9b5cfce [ 1594.740659][T30107] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1594.740668][T30107] RSP: 002b:00007f70fa995fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1594.740682][T30107] RAX: ffffffffffffffda RBX: 00007f70fa9966c0 RCX: 00007f70f9b5cfce [ 1594.740691][T30107] RDX: 000000000000000f RSI: 00007f70fa9960a0 RDI: 000000000000000a [ 1594.740698][T30107] RBP: 00007f70fa996090 R08: 0000000000000000 R09: 0000000000000000 [ 1594.740705][T30107] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1594.740712][T30107] R13: 00007f70f9e16038 R14: 00007f70f9e15fa0 R15: 00007f70f9f3fa48 [ 1594.740729][T30107] [ 1595.418696][T30115] netlink: 28 bytes leftover after parsing attributes in process `syz.1.7385'. [ 1595.432460][T30115] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7385'. [ 1595.473772][T30115] kAFS: unable to lookup cell 'ÿ' [ 1595.588897][T30121] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1595.769436][T30121] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1596.286299][T30119] netlink: 32 bytes leftover after parsing attributes in process `syz.4.7388'. [ 1596.324243][T30119] fuse: Unknown parameter 'user_id00000000000000000000' [ 1597.372438][ T5825] usb 4-1: new high-speed USB device number 31 using dummy_hcd [ 1597.628268][ T5825] usb 4-1: New USB device found, idVendor=0cf3, idProduct=9374, bcdDevice=bc.3b [ 1597.643929][ T5825] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1597.674389][ T5825] usb 4-1: config 0 descriptor?? [ 1598.492389][T19538] usb 1-1: new high-speed USB device number 41 using dummy_hcd [ 1598.910357][ T5825] ath6kl: Failed to submit usb control message: -110 [ 1598.919573][ T5825] ath6kl: unable to send the bmi data to the device: -110 [ 1598.933014][ T5825] ath6kl: Unable to send get target info: -110 [ 1599.143935][T19538] usb 1-1: Using ep0 maxpacket: 32 [ 1599.161295][T19538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1599.176928][T19538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1599.187442][ T5825] ath6kl: Failed to init ath6kl core: -110 [ 1599.205104][T19538] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1599.214067][ T5825] ath6kl_usb 4-1:0.0: probe with driver ath6kl_usb failed with error -110 [ 1599.276308][T19538] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1599.306056][T19538] usb 1-1: config 0 descriptor?? [ 1599.336977][T19538] hub 1-1:0.0: USB hub found [ 1599.565336][T19538] hub 1-1:0.0: 1 port detected [ 1599.590533][T13767] usb 4-1: USB disconnect, device number 31 [ 1599.712361][ T5825] usb 2-1: new high-speed USB device number 63 using dummy_hcd [ 1599.892412][ T5825] usb 2-1: Using ep0 maxpacket: 16 [ 1599.899336][ T5825] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1599.911988][ T5825] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1599.925371][ T5825] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1599.952923][ T5825] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1600.002628][ T5825] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1600.238923][T30163] netdevsim netdevsim4: Direct firmware load for / [ 1600.238923][T30163] failed with error -2 [ 1600.253390][T30163] netdevsim netdevsim4: Falling back to sysfs fallback for: / [ 1600.253390][T30163] [ 1600.309325][ T5825] usb 2-1: config 0 descriptor?? [ 1600.388367][T13767] hub 1-1:0.0: activate --> -90 [ 1600.978159][T13767] usb 1-1-port1: cannot disable (err = -71) [ 1600.988061][T13767] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 1601.005594][T13767] usb 1-1: USB disconnect, device number 41 [ 1601.011842][T10634] usb 1-1: Failed to suspend device, error -19 [ 1601.350698][ T5825] usbhid 2-1:0.0: can't add hid device: -71 [ 1601.362556][ T5825] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1601.402244][ T5825] usb 2-1: USB disconnect, device number 63 [ 1601.451716][T30174] batman_adv: batadv0: Adding interface: dummy0 [ 1601.470599][T30174] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1601.557085][T30174] batman_adv: batadv0: Interface activated: dummy0 [ 1601.882442][ T5825] usb 2-1: new full-speed USB device number 64 using dummy_hcd [ 1602.067497][T30192] netlink: 28 bytes leftover after parsing attributes in process `syz.2.7402'. [ 1602.076809][T30192] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7402'. [ 1602.138222][ T5825] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1602.148675][ T5825] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 1602.204884][ T5825] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1602.232544][ T5825] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 190, setting to 64 [ 1602.261962][ T5825] usb 2-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 1602.280500][T30192] kAFS: unable to lookup cell 'ÿ' [ 1602.284415][ T5825] usb 2-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 1602.296568][ T5825] usb 2-1: Product: syz [ 1602.306151][ T5825] usb 2-1: Manufacturer: syz [ 1602.314322][ T5825] usb 2-1: SerialNumber: syz [ 1602.331196][ T5825] usb 2-1: config 0 descriptor?? [ 1602.338287][T30179] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1602.442389][ T5825] rc_core: IR keymap rc-imon-rsc not found [ 1602.448412][ T5825] Registered IR keymap rc-empty [ 1602.454934][ T5825] rc rc0: iMON Station as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 1602.593055][ T5825] input: iMON Station as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input141 [ 1602.699935][T30206] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7401'. [ 1602.796587][T30206] fuse: Unknown parameter 'user_id00000000000000000000' [ 1602.889774][ T5825] usb 2-1: USB disconnect, device number 64 [ 1603.675249][T30212] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1604.458300][T30219] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1604.479884][T30219] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1605.427746][T30227] usb usb1: usbfs: process 30227 (syz.1.7413) did not claim interface 0 before use [ 1605.812581][T19538] usb 1-1: new high-speed USB device number 42 using dummy_hcd [ 1605.972419][T19538] usb 1-1: Using ep0 maxpacket: 16 [ 1605.982580][T13930] usb 2-1: new full-speed USB device number 65 using dummy_hcd [ 1605.984637][T19538] usb 1-1: config 9 has an invalid descriptor of length 86, skipping remainder of the config [ 1606.003351][T19538] usb 1-1: config 9 has 0 interfaces, different from the descriptor's value: 1 [ 1606.013559][T19538] usb 1-1: New USB device found, idVendor=046f, idProduct=c295, bcdDevice= 0.00 [ 1606.024838][T19538] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1606.185864][T13930] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1606.287865][T13930] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 1606.290390][T30229] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1606.302685][T13930] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1606.310281][T30229] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1606.321322][T13930] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 190, setting to 64 [ 1606.565330][T13930] usb 2-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 1606.577550][T13930] usb 2-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 1606.586339][T13930] usb 2-1: Product: syz [ 1606.590984][T13930] usb 2-1: Manufacturer: syz [ 1606.596848][T13930] usb 2-1: SerialNumber: syz [ 1606.605265][T19538] usb 1-1: string descriptor 0 read error: -71 [ 1606.614294][T19538] usb 1-1: USB disconnect, device number 42 [ 1606.627410][T13930] usb 2-1: config 0 descriptor?? [ 1606.634254][T30235] raw-gadget.2 gadget.1: fail, usb_ep_enable returned -22 [ 1606.777432][T13930] rc_core: IR keymap rc-imon-rsc not found [ 1606.787144][T13930] Registered IR keymap rc-empty [ 1606.955099][T10619] wlan0: Trigger new scan to find an IBSS to join [ 1606.984695][T13930] rc rc0: iMON Station as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 1607.034764][T13930] input: iMON Station as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input142 [ 1607.293363][T30235] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7416'. [ 1607.386675][T30248] fuse: Bad value for 'fd' [ 1607.453991][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1607.460578][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1607.597056][T19538] usb 2-1: USB disconnect, device number 65 [ 1608.122421][T30277] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7426'. [ 1608.228311][T30279] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1608.264866][T30279] bond1: (slave bond2): Enslaving as an active interface with an up link [ 1608.307671][T30277] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7426'. [ 1608.332404][T13930] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 1608.368958][T30277] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1608.492485][T13930] usb 2-1: Using ep0 maxpacket: 16 [ 1608.507636][T13930] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1608.519446][T13930] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1608.532967][T13930] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1608.569135][T13930] usb 2-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1608.596483][T13930] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1608.620188][T13930] usb 2-1: config 0 descriptor?? [ 1608.877428][T13930] usbhid 2-1:0.0: can't add hid device: -71 [ 1608.893773][T13930] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 1608.922940][T13930] usb 2-1: USB disconnect, device number 66 [ 1609.000667][T30292] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1609.012260][T30292] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1609.752947][T13781] usb 2-1: new high-speed USB device number 67 using dummy_hcd [ 1609.766824][T30305] syzkaller0: entered promiscuous mode [ 1609.773020][T30305] syzkaller0: entered allmulticast mode [ 1609.849688][T30307] netlink: 212368 bytes leftover after parsing attributes in process `syz.2.7433'. [ 1609.906521][T13781] usb 2-1: New USB device found, idVendor=9710, idProduct=7730, bcdDevice=96.33 [ 1609.924951][T13781] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1609.928540][T10619] wlan0: Trigger new scan to find an IBSS to join [ 1609.941947][T30309] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1609.959059][T13781] usb 2-1: config 0 descriptor?? [ 1609.969872][T30309] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1610.128347][T30313] FAULT_INJECTION: forcing a failure. [ 1610.128347][T30313] name failslab, interval 1, probability 0, space 0, times 0 [ 1610.155501][T30311] netlink: 32 bytes leftover after parsing attributes in process `syz.4.7435'. [ 1610.172387][T30313] CPU: 1 UID: 0 PID: 30313 Comm: syz.0.7436 Tainted: G L syzkaller #0 PREEMPT(full) [ 1610.172420][T30313] Tainted: [L]=SOFTLOCKUP [ 1610.172428][T30313] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1610.172438][T30313] Call Trace: [ 1610.172447][T30313] [ 1610.172455][T30313] dump_stack_lvl+0xe8/0x150 [ 1610.172490][T30313] should_fail_ex+0x412/0x560 [ 1610.172522][T30313] should_failslab+0xa8/0x100 [ 1610.172549][T30313] __kmalloc_noprof+0xe8/0x760 [ 1610.172571][T30313] ? tipc_nl_compat_doit+0x1c8/0x650 [ 1610.172599][T30313] tipc_nl_compat_doit+0x1c8/0x650 [ 1610.172625][T30313] ? __pfx_tipc_nl_compat_doit+0x10/0x10 [ 1610.172652][T30313] ? apparmor_capable+0x126/0x170 [ 1610.172672][T30313] ? bpf_lsm_capable+0x9/0x20 [ 1610.172694][T30313] ? security_capable+0x7e/0x2c0 [ 1610.172721][T30313] tipc_nl_compat_recv+0x8d3/0xcf0 [ 1610.172740][T30313] ? kasan_quarantine_put+0xbb/0x1f0 [ 1610.172758][T30313] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 1610.172788][T30313] ? __mutex_trylock_common+0x158/0x260 [ 1610.172814][T30313] ? __pfx___mutex_trylock_common+0x10/0x10 [ 1610.172838][T30313] ? __pfx___tipc_nl_bearer_enable+0x10/0x10 [ 1610.172854][T30313] ? __pfx_tipc_nl_compat_bearer_enable+0x10/0x10 [ 1610.172889][T30313] genl_family_rcv_msg_doit+0x22a/0x330 [ 1610.172913][T30313] ? __pfx_genl_family_rcv_msg_doit+0x10/0x10 [ 1610.172950][T30313] genl_rcv_msg+0x61c/0x7a0 [ 1610.172976][T30313] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1610.172992][T30313] ? __pfx_tipc_nl_compat_recv+0x10/0x10 [ 1610.173012][T30313] ? __lock_acquire+0x6b5/0x2cf0 [ 1610.173042][T30313] netlink_rcv_skb+0x232/0x4b0 [ 1610.173064][T30313] ? __pfx_genl_rcv_msg+0x10/0x10 [ 1610.173081][T30313] ? __pfx_netlink_rcv_skb+0x10/0x10 [ 1610.173126][T30313] ? down_read+0x272/0x2e0 [ 1610.173143][T30313] ? genl_rcv+0xd/0x40 [ 1610.173160][T30313] genl_rcv+0x28/0x40 [ 1610.173176][T30313] netlink_unicast+0x80f/0x9b0 [ 1610.173206][T30313] ? __pfx_netlink_unicast+0x10/0x10 [ 1610.173228][T30313] ? netlink_sendmsg+0x650/0xb40 [ 1610.173252][T30313] ? skb_put+0x11b/0x210 [ 1610.173271][T30313] netlink_sendmsg+0x813/0xb40 [ 1610.173299][T30313] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1610.173324][T30313] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1610.173345][T30313] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1610.173364][T30313] ____sys_sendmsg+0x972/0x9f0 [ 1610.173394][T30313] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1610.173418][T30313] ? import_iovec+0x73/0xa0 [ 1610.173438][T30313] ___sys_sendmsg+0x2a5/0x360 [ 1610.173459][T30313] ? __pfx____sys_sendmsg+0x10/0x10 [ 1610.173506][T30313] ? __fget_files+0x2a/0x420 [ 1610.173529][T30313] ? __fget_files+0x3a0/0x420 [ 1610.173559][T30313] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1610.173578][T30313] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1610.173603][T30313] ? __pfx_ksys_write+0x10/0x10 [ 1610.173629][T30313] do_syscall_64+0x14d/0xf80 [ 1610.173644][T30313] ? trace_irq_disable+0x3b/0x150 [ 1610.173668][T30313] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1610.173684][T30313] ? clear_bhb_loop+0x40/0x90 [ 1610.173703][T30313] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1610.173718][T30313] RIP: 0033:0x7f90c4d9c799 [ 1610.173734][T30313] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1610.173746][T30313] RSP: 002b:00007f90c2ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1610.173772][T30313] RAX: ffffffffffffffda RBX: 00007f90c5015fa0 RCX: 00007f90c4d9c799 [ 1610.173782][T30313] RDX: 0000000000000000 RSI: 00002000000002c0 RDI: 0000000000000006 [ 1610.173792][T30313] RBP: 00007f90c2ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1610.173803][T30313] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1610.173815][T30313] R13: 00007f90c5016038 R14: 00007f90c5015fa0 R15: 00007f90c513fa48 [ 1610.173843][T30313] [ 1611.379257][T30329] netlink: 12 bytes leftover after parsing attributes in process `syz.3.7439'. [ 1611.397837][T10634] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1611.587997][T30333] FAULT_INJECTION: forcing a failure. [ 1611.587997][T30333] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1611.706204][T30333] CPU: 0 UID: 0 PID: 30333 Comm: syz.3.7439 Tainted: G L syzkaller #0 PREEMPT(full) [ 1611.706233][T30333] Tainted: [L]=SOFTLOCKUP [ 1611.706238][T30333] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1611.706246][T30333] Call Trace: [ 1611.706252][T30333] [ 1611.706258][T30333] dump_stack_lvl+0xe8/0x150 [ 1611.706280][T30333] should_fail_ex+0x412/0x560 [ 1611.706299][T30333] _copy_from_iter+0x1d3/0x1670 [ 1611.706322][T30333] ? rcu_is_watching+0x15/0xb0 [ 1611.706341][T30333] ? __pfx__copy_from_iter+0x10/0x10 [ 1611.706384][T30333] ? netlink_sendmsg+0x650/0xb40 [ 1611.706410][T30333] ? skb_put+0x11b/0x210 [ 1611.706432][T30333] netlink_sendmsg+0x6c0/0xb40 [ 1611.706464][T30333] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1611.706482][T30333] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1611.706499][T30333] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 1611.706514][T30333] ____sys_sendmsg+0x972/0x9f0 [ 1611.706533][T30333] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1611.706551][T30333] ? import_iovec+0x73/0xa0 [ 1611.706565][T30333] ___sys_sendmsg+0x2a5/0x360 [ 1611.706581][T30333] ? __pfx____sys_sendmsg+0x10/0x10 [ 1611.706612][T30333] ? __fget_files+0x2a/0x420 [ 1611.706627][T30333] ? __fget_files+0x3a0/0x420 [ 1611.706649][T30333] __x64_sys_sendmsg+0x1bd/0x2a0 [ 1611.706663][T30333] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 1611.706681][T30333] ? __pfx_ksys_write+0x10/0x10 [ 1611.706699][T30333] do_syscall_64+0x14d/0xf80 [ 1611.706712][T30333] ? trace_irq_disable+0x3b/0x150 [ 1611.706727][T30333] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1611.706739][T30333] ? clear_bhb_loop+0x40/0x90 [ 1611.706753][T30333] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1611.706765][T30333] RIP: 0033:0x7f70f9b9c799 [ 1611.706782][T30333] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1611.706808][T30333] RSP: 002b:00007f70f7df6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1611.706829][T30333] RAX: ffffffffffffffda RBX: 00007f70f9e16180 RCX: 00007f70f9b9c799 [ 1611.706843][T30333] RDX: 0000000000000000 RSI: 0000200000000000 RDI: 0000000000000005 [ 1611.706855][T30333] RBP: 00007f70f7df6090 R08: 0000000000000000 R09: 0000000000000000 [ 1611.706867][T30333] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1611.706879][T30333] R13: 00007f70f9e16218 R14: 00007f70f9e16180 R15: 00007f70f9f3fa48 [ 1611.706912][T30333] [ 1612.254570][T30336] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1612.279703][T30331] bond1 (unregistering): Released all slaves [ 1612.363926][T30329] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1612.695586][T13781] usb 2-1: Cannot read MAC address [ 1612.735634][T13781] MOSCHIP usb-ethernet driver 2-1:0.0: probe with driver MOSCHIP usb-ethernet driver failed with error -71 [ 1612.801494][T13781] usb 2-1: USB disconnect, device number 67 [ 1612.953822][T13930] usb 4-1: new high-speed USB device number 32 using dummy_hcd [ 1613.133802][T25819] usb 1-1: new high-speed USB device number 43 using dummy_hcd [ 1613.148855][T13930] usb 4-1: Using ep0 maxpacket: 16 [ 1613.169601][T13930] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1613.188846][T13930] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1613.236872][T13930] usb 4-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 9 [ 1613.280148][T13930] usb 4-1: New USB device found, idVendor=045e, idProduct=07da, bcdDevice= 0.00 [ 1613.309119][T13930] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1613.318102][T25819] usb 1-1: Using ep0 maxpacket: 32 [ 1613.340098][T25819] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1613.360887][T13930] usb 4-1: config 0 descriptor?? [ 1613.366744][T25819] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1613.412196][T25819] usb 1-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1613.422896][T25819] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1613.453924][T25819] usb 1-1: config 0 descriptor?? [ 1613.476805][T25819] hub 1-1:0.0: USB hub found [ 1613.671774][T25819] hub 1-1:0.0: 1 port detected [ 1613.700910][T13930] usbhid 4-1:0.0: can't add hid device: -71 [ 1613.717347][T13930] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 1613.739952][T13930] usb 4-1: USB disconnect, device number 32 [ 1614.022501][T30364] netlink: 12 bytes leftover after parsing attributes in process `syz.4.7448'. [ 1614.045758][T30364] fuse: Bad value for 'fd' [ 1614.070439][T30364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1614.122536][T30364] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1614.176669][T30364] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1614.188535][T30364] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1614.318307][T25819] hub 1-1:0.0: activate --> -90 [ 1614.612113][T30374] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1614.663821][T30374] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1614.814138][T13930] usb 3-1: new full-speed USB device number 29 using dummy_hcd [ 1614.873572][T30374] bond0: (slave bond_slave_0): Releasing backup interface [ 1614.914282][T30374] bond0: (slave bond_slave_1): Releasing backup interface [ 1614.953813][T30374] team0: Port device team_slave_0 removed [ 1614.985345][T30374] team0: Port device team_slave_1 removed [ 1614.997980][T30374] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 1615.008555][T13930] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1615.023866][T13930] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 1615.038897][T30374] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1615.055455][T13930] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1615.078177][T13930] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 190, setting to 64 [ 1615.094245][T30374] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 1615.110968][T30374] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1615.143723][T30374] bond1: (slave bond2): Releasing backup interface [ 1615.191878][T13930] usb 3-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 1615.210828][ T5825] hub 1-1:0.0: hub_ext_port_status failed (err = -71) [ 1615.218835][ T5825] usb 1-1: USB disconnect, device number 43 [ 1615.219131][T10619] usb 1-1: Failed to suspend device, error -19 [ 1615.232229][T13930] usb 3-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 1615.273289][T13930] usb 3-1: Product: syz [ 1615.277572][T13930] usb 3-1: Manufacturer: syz [ 1615.282894][T13930] usb 3-1: SerialNumber: syz [ 1615.298358][T13930] usb 3-1: config 0 descriptor?? [ 1615.304848][T30371] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1615.492616][T13930] rc_core: IR keymap rc-imon-rsc not found [ 1615.502076][T13930] Registered IR keymap rc-empty [ 1615.509410][T13930] rc rc0: iMON Station as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 1615.526657][T13930] input: iMON Station as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input143 [ 1615.841037][T30393] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7450'. [ 1615.908387][T30393] fuse: Bad value for 'fd' [ 1616.040530][T13930] usb 3-1: USB disconnect, device number 29 [ 1616.822359][T13930] usb 4-1: new high-speed USB device number 33 using dummy_hcd [ 1617.044477][T13930] usb 4-1: New USB device found, idVendor=04fc, idProduct=504a, bcdDevice=43.02 [ 1617.062404][T13930] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1617.080686][T13930] usb 4-1: Product: syz [ 1617.111527][T13930] usb 4-1: Manufacturer: syz [ 1617.125814][T13930] usb 4-1: SerialNumber: syz [ 1617.144914][T13930] usb 4-1: config 0 descriptor?? [ 1617.180369][T13930] gspca_main: sunplus-2.14.0 probing 04fc:504a [ 1617.961287][T30421] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1617.973694][T30421] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1618.094671][T30424] mac80211_hwsim hwsim31 wlan0: left promiscuous mode [ 1618.115743][T30424] bridge_slave_0: entered promiscuous mode [ 1618.383104][T25861] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1618.435404][T30429] netlink: 'syz.0.7461': attribute type 12 has an invalid length. [ 1618.444493][T30429] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7461'. [ 1619.569150][T13930] usb 4-1: USB disconnect, device number 33 [ 1620.275254][T30447] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1620.583775][T13930] usb 2-1: new full-speed USB device number 68 using dummy_hcd [ 1620.912211][T13930] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1620.922901][T13930] usb 2-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 1620.934713][T13930] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1620.951772][T13930] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 190, setting to 64 [ 1620.972443][ T12] wlan0: Trigger new scan to find an IBSS to join [ 1621.012036][T13930] usb 2-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 1621.118575][T13930] usb 2-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 1621.137535][T13930] usb 2-1: Product: syz [ 1621.141782][T13930] usb 2-1: Manufacturer: syz [ 1621.162751][T13930] usb 2-1: SerialNumber: syz [ 1621.295839][T13930] usb 2-1: config 0 descriptor?? [ 1621.315009][T30445] raw-gadget.0 gadget.1: fail, usb_ep_enable returned -22 [ 1621.549553][T13930] rc_core: IR keymap rc-imon-rsc not found [ 1621.613872][T13930] Registered IR keymap rc-empty [ 1621.635497][T13930] rc rc0: iMON Station as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0 [ 1621.721846][T13930] input: iMON Station as /devices/platform/dummy_hcd.1/usb2/2-1/2-1:0.0/rc/rc0/input144 [ 1621.871201][T30471] macvtap2: entered promiscuous mode [ 1621.903112][T30445] netlink: 32 bytes leftover after parsing attributes in process `syz.1.7467'. [ 1621.934805][T30471] macvtap2: entered allmulticast mode [ 1621.952785][T30445] fuse: Unknown parameter '0x0000000000000006' [ 1622.161046][T19538] usb 2-1: USB disconnect, device number 68 [ 1622.564718][ T30] kauditd_printk_skb: 40 callbacks suppressed [ 1622.564738][ T30] audit: type=1326 audit(1773571314.185:1685): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30480 comm="syz.1.7476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f0b9c799 code=0x7ffc0000 [ 1622.789071][ T30] audit: type=1326 audit(1773571314.185:1686): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30480 comm="syz.1.7476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=290 compat=0 ip=0x7f24f0b9c799 code=0x7ffc0000 [ 1622.790574][T30486] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7476'. [ 1622.832449][T19538] usb 1-1: new high-speed USB device number 44 using dummy_hcd [ 1622.912384][ T30] audit: type=1326 audit(1773571314.185:1687): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30480 comm="syz.1.7476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f0b9c799 code=0x7ffc0000 [ 1622.969342][T30486] bridge1: trying to set multicast startup query interval below minimum, setting to 100 (1000ms) [ 1622.998181][ T30] audit: type=1326 audit(1773571314.185:1688): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30480 comm="syz.1.7476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=16 compat=0 ip=0x7f24f0b9c799 code=0x7ffc0000 [ 1623.042435][T19538] usb 1-1: Using ep0 maxpacket: 32 [ 1623.062461][T19538] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1623.092713][T30486] bridge1: entered allmulticast mode [ 1623.168637][T19538] usb 1-1: no configurations [ 1623.199831][T19538] usb 1-1: can't read configurations, error -22 [ 1623.266289][ T30] audit: type=1326 audit(1773571314.895:1689): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30480 comm="syz.1.7476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f0b9c799 code=0x7ffc0000 [ 1623.432384][T13930] usb 2-1: new high-speed USB device number 69 using dummy_hcd [ 1623.454091][ T30] audit: type=1326 audit(1773571314.895:1690): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30480 comm="syz.1.7476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f0b9c799 code=0x7ffc0000 [ 1623.556503][T30492] FAULT_INJECTION: forcing a failure. [ 1623.556503][T30492] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1623.582322][T30492] CPU: 1 UID: 0 PID: 30492 Comm: syz.2.7478 Tainted: G L syzkaller #0 PREEMPT(full) [ 1623.582358][T30492] Tainted: [L]=SOFTLOCKUP [ 1623.582365][T30492] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1623.582375][T30492] Call Trace: [ 1623.582386][T30492] [ 1623.582396][T30492] dump_stack_lvl+0xe8/0x150 [ 1623.582427][T30492] should_fail_ex+0x412/0x560 [ 1623.582457][T30492] _copy_from_user+0x2d/0xb0 [ 1623.582477][T30492] kstrtouint_from_user+0xd6/0x180 [ 1623.582506][T30492] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 1623.582544][T30492] proc_fail_nth_write+0x8e/0x210 [ 1623.582567][T30492] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1623.582595][T30492] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 1623.582624][T30492] vfs_write+0x29a/0xb90 [ 1623.582667][T30492] ? __pfx_vfs_write+0x10/0x10 [ 1623.582691][T30492] ? __fget_files+0x2a/0x420 [ 1623.582723][T30492] ? __fget_files+0x3a0/0x420 [ 1623.582750][T30492] ? __fget_files+0x2a/0x420 [ 1623.582787][T30492] ksys_write+0x150/0x270 [ 1623.582812][T30492] ? __pfx_ksys_write+0x10/0x10 [ 1623.582846][T30492] do_syscall_64+0x14d/0xf80 [ 1623.582868][T30492] ? trace_irq_disable+0x3b/0x150 [ 1623.582894][T30492] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1623.582914][T30492] ? clear_bhb_loop+0x40/0x90 [ 1623.582939][T30492] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1623.582959][T30492] RIP: 0033:0x7f06f4f5cfce [ 1623.582978][T30492] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1623.582995][T30492] RSP: 002b:00007f06f5f18fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1623.583017][T30492] RAX: ffffffffffffffda RBX: 00007f06f5f196c0 RCX: 00007f06f4f5cfce [ 1623.583031][T30492] RDX: 0000000000000001 RSI: 00007f06f5f190a0 RDI: 0000000000000004 [ 1623.583043][T30492] RBP: 00007f06f5f19090 R08: 0000000000000000 R09: 0000000000000000 [ 1623.583055][T30492] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1623.583066][T30492] R13: 00007f06f5216038 R14: 00007f06f5215fa0 R15: 00007f06f533fa48 [ 1623.583099][T30492] [ 1623.894508][T13930] usb 2-1: config 220 has an invalid descriptor of length 1, skipping remainder of the config [ 1623.905429][T13930] usb 2-1: config 220 has 1 interface, different from the descriptor's value: 3 [ 1623.914565][T13930] usb 2-1: config 220 interface 0 has no altsetting 0 [ 1623.924580][T13930] usb 2-1: New USB device found, idVendor=8086, idProduct=0b07, bcdDevice=6c.b9 [ 1623.943659][T13930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1623.951744][T13930] usb 2-1: Product: syz [ 1623.956156][T13930] usb 2-1: Manufacturer: syz [ 1623.960776][T13930] usb 2-1: SerialNumber: syz [ 1624.002039][T30501] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7480'. [ 1624.093270][T10622] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1624.273066][ T30] audit: type=1326 audit(1773571315.895:1691): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30480 comm="syz.1.7476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7f24f0b9c799 code=0x7ffc0000 [ 1624.303657][T19538] usb 1-1: new high-speed USB device number 45 using dummy_hcd [ 1624.422537][ T30] audit: type=1326 audit(1773571315.895:1692): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30480 comm="syz.1.7476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f0b9c799 code=0x7ffc0000 [ 1624.502446][T19538] usb 1-1: device descriptor read/64, error -71 [ 1624.530521][ T30] audit: type=1326 audit(1773571315.895:1693): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30480 comm="syz.1.7476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f24f0b9c799 code=0x7ffc0000 [ 1624.602875][T13930] usb 2-1: USB disconnect, device number 69 [ 1624.613428][T19538] usb usb1-port1: attempt power cycle [ 1624.800316][ T30] audit: type=1326 audit(1773571315.905:1694): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=unconfined pid=30480 comm="syz.1.7476" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f24f0b9c799 code=0x7ffc0000 [ 1624.966381][T30506] netlink: 12 bytes leftover after parsing attributes in process `syz.2.7481'. [ 1625.014024][T30506] vlan2: entered promiscuous mode [ 1625.019182][T30506] team0: entered promiscuous mode [ 1625.116170][T30508] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1625.135831][T30508] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1625.162543][T19538] usb 1-1: new high-speed USB device number 46 using dummy_hcd [ 1625.207469][T19538] usb 1-1: device descriptor read/8, error -71 [ 1625.463352][T19538] usb 1-1: new high-speed USB device number 47 using dummy_hcd [ 1625.503204][T19538] usb 1-1: device descriptor read/8, error -71 [ 1625.628994][T19538] usb usb1-port1: unable to enumerate USB device [ 1625.765866][T13781] usb 3-1: new full-speed USB device number 30 using dummy_hcd [ 1625.923540][T10622] wlan0: Trigger new scan to find an IBSS to join [ 1626.219308][T13781] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1626.253220][T13781] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 1626.266467][T13781] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1626.300090][T13781] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 190, setting to 64 [ 1626.324853][T13781] usb 3-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 1626.335443][T30527] kvm: user requested TSC rate below hardware speed [ 1626.349572][T13781] usb 3-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 1626.383879][T13781] usb 3-1: Product: syz [ 1626.388262][T13781] usb 3-1: Manufacturer: syz [ 1626.393396][T13781] usb 3-1: SerialNumber: syz [ 1626.401068][T30527] kvm: vcpu 0: requested 128 ns lapic timer period limited to 200000 ns [ 1626.403883][T13781] usb 3-1: config 0 descriptor?? [ 1626.409700][T30527] kvm: vcpu 0: requested lapic timer restore with starting count register 0x390=1812281087 (231971979136 ns) > initial count (200000 ns). Using initial count to start timer. [ 1626.523773][T30514] raw-gadget.3 gadget.2: fail, usb_ep_enable returned -22 [ 1626.632344][T13781] rc_core: IR keymap rc-imon-rsc not found [ 1626.639015][T13781] Registered IR keymap rc-empty [ 1626.664123][T13781] rc rc0: iMON Station as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 1626.696227][T13781] input: iMON Station as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input145 [ 1626.955226][T10622] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1627.103229][T30514] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7486'. [ 1627.155856][T30535] fuse: Unknown parameter '0x0000000000000006' [ 1627.256396][T13781] usb 3-1: USB disconnect, device number 30 [ 1627.773436][T30550] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1627.883023][T30552] netlink: 'syz.2.7498': attribute type 21 has an invalid length. [ 1627.986515][T30552] netlink: 'syz.2.7498': attribute type 6 has an invalid length. [ 1627.989872][T30554] netlink: 76 bytes leftover after parsing attributes in process `syz.1.7499'. [ 1628.393454][T30552] netlink: 132 bytes leftover after parsing attributes in process `syz.2.7498'. [ 1628.452525][T30558] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7497'. [ 1628.513960][T30560] netlink: 'syz.1.7500': attribute type 1 has an invalid length. [ 1628.723557][T30563] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1628.737276][T30563] bond5: (slave bond6): making interface the new active one [ 1628.758060][T30563] bond5: (slave bond6): Enslaving as an active interface with an up link [ 1628.829079][T30574] bridge3: trying to set multicast query interval below minimum, setting to 100 (1000ms) [ 1629.527473][T19538] usb 4-1: new high-speed USB device number 34 using dummy_hcd [ 1629.799243][T19538] usb 4-1: Using ep0 maxpacket: 16 [ 1629.811754][T19538] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1629.823922][T19538] usb 4-1: config 0 interface 0 altsetting 9 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1629.852365][T19538] usb 4-1: config 0 interface 0 has no altsetting 0 [ 1629.859177][T19538] usb 4-1: New USB device found, idVendor=046d, idProduct=c117, bcdDevice= 0.00 [ 1629.873257][T19538] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1629.895471][T19538] usb 4-1: config 0 descriptor?? [ 1629.922481][T13779] usb 2-1: new high-speed USB device number 70 using dummy_hcd [ 1630.093470][T30589] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1630.127698][T13779] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1630.138237][T13779] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1630.152654][T30589] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1630.171866][T13779] usb 2-1: config 0 descriptor?? [ 1630.179864][T13779] cp210x 2-1:0.0: cp210x converter detected [ 1630.557910][T30598] netlink: 76 bytes leftover after parsing attributes in process `syz.0.7510'. [ 1630.582705][T13779] cp210x 2-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 1630.612684][T13779] usb 2-1: cp210x converter now attached to ttyUSB0 [ 1630.622474][T13781] usb 3-1: new full-speed USB device number 31 using dummy_hcd [ 1630.784407][T13781] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1630.795400][T13781] usb 3-1: config 0 interface 0 altsetting 0 has an endpoint descriptor with address 0xE2, changing to 0x82 [ 1630.809763][T13781] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has an invalid bInterval 0, changing to 10 [ 1630.821335][T13781] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x82 has invalid maxpacket 190, setting to 64 [ 1630.837128][T13781] usb 3-1: New USB device found, idVendor=04e8, idProduct=ff30, bcdDevice=a6.d1 [ 1630.846637][T13781] usb 3-1: New USB device strings: Mfr=1, Product=34, SerialNumber=3 [ 1630.854869][T13781] usb 3-1: Product: syz [ 1630.860239][T13779] usb 2-1: USB disconnect, device number 70 [ 1630.870446][T13781] usb 3-1: Manufacturer: syz [ 1630.884852][T13781] usb 3-1: SerialNumber: syz [ 1630.890020][T13779] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1630.901878][T13781] usb 3-1: config 0 descriptor?? [ 1630.925407][T30594] raw-gadget.4 gadget.2: fail, usb_ep_enable returned -22 [ 1630.962788][T13779] cp210x 2-1:0.0: device disconnected [ 1631.002379][T26949] usb 1-1: new full-speed USB device number 48 using dummy_hcd [ 1631.038166][T30605] netlink: 16 bytes leftover after parsing attributes in process `syz.4.7512'. [ 1631.048777][T13781] rc_core: IR keymap rc-imon-rsc not found [ 1631.056186][T13781] Registered IR keymap rc-empty [ 1631.063086][T13781] rc rc0: iMON Station as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0 [ 1631.072580][T30605] netlink: 52 bytes leftover after parsing attributes in process `syz.4.7512'. [ 1631.087158][T13781] input: iMON Station as /devices/platform/dummy_hcd.2/usb3/3-1/3-1:0.0/rc/rc0/input146 [ 1631.178539][T26949] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1631.189865][T26949] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1631.198661][T26949] usb 1-1: Product: syz [ 1631.203401][T26949] usb 1-1: Manufacturer: syz [ 1631.208211][T26949] usb 1-1: SerialNumber: syz [ 1631.236842][T26949] usb 1-1: config 0 descriptor?? [ 1631.357196][T30609] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7508'. [ 1631.409570][T30611] fuse: Unknown parameter '0x0000000000000006' [ 1631.460251][T26949] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1631.630739][T13930] usb 3-1: USB disconnect, device number 31 [ 1631.788264][T13779] usb 4-1: USB disconnect, device number 34 [ 1632.757826][T26949] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1632.783501][T26949] usb 1-1: USB disconnect, device number 48 [ 1633.475679][T30644] netlink: 76 bytes leftover after parsing attributes in process `syz.3.7521'. [ 1633.919505][T13781] usb 1-1: new high-speed USB device number 49 using dummy_hcd [ 1634.109540][T13781] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1634.146009][T13781] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1634.228838][T13781] usb 1-1: config 0 descriptor?? [ 1634.273140][T13781] cp210x 1-1:0.0: cp210x converter detected [ 1636.438785][T30680] sg_write: data in/out 435164/162 bytes for SCSI command 0x0-- guessing data in; [ 1636.438785][T30680] program syz.1.7529 not setting count and/or reply_len properly [ 1636.521274][T30680] FAULT_INJECTION: forcing a failure. [ 1636.521274][T30680] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1636.647860][T13781] cp210x 1-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 1636.698031][T13781] cp210x 1-1:0.0: querying part number failed [ 1636.716216][T30684] netlink: 32 bytes leftover after parsing attributes in process `syz.2.7530'. [ 1636.716481][T30680] CPU: 1 UID: 0 PID: 30680 Comm: syz.1.7529 Tainted: G L syzkaller #0 PREEMPT(full) [ 1636.716508][T30680] Tainted: [L]=SOFTLOCKUP [ 1636.716515][T30680] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1636.716526][T30680] Call Trace: [ 1636.716533][T30680] [ 1636.716549][T30680] dump_stack_lvl+0xe8/0x150 [ 1636.716580][T30680] should_fail_ex+0x412/0x560 [ 1636.716610][T30680] _copy_from_iter+0x1d3/0x1670 [ 1636.716636][T30680] ? pfn_valid+0x125/0x4c0 [ 1636.716662][T30680] ? pfn_valid+0x125/0x4c0 [ 1636.716687][T30680] ? __pfx__copy_from_iter+0x10/0x10 [ 1636.716709][T30680] ? bvec_try_merge_page+0x1d4/0x280 [ 1636.716738][T30680] ? bio_add_page+0x39c/0x9a0 [ 1636.716761][T30680] ? page_copy_sane+0x4e/0x270 [ 1636.716787][T30680] copy_page_from_iter+0xdd/0x170 [ 1636.716816][T30680] blk_rq_map_user_iov+0xa12/0x1810 [ 1636.716853][T30680] ? __pfx_blk_rq_map_user_iov+0x10/0x10 [ 1636.716871][T30680] ? ksys_write+0x150/0x270 [ 1636.716903][T30680] ? import_ubuf+0xfb/0x1d0 [ 1636.716923][T30680] blk_rq_map_user_io+0x2ae/0x440 [ 1636.716948][T30680] ? __pfx_blk_rq_map_user_io+0x10/0x10 [ 1636.716976][T30680] ? sg_common_write+0xba7/0x13e0 [ 1636.717003][T30680] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1636.717029][T30680] ? __pfx___mutex_unlock_slowpath+0x10/0x10 [ 1636.717050][T30680] ? sg_build_indirect+0x5fa/0x850 [ 1636.717083][T30680] sg_common_write+0xcff/0x13e0 [ 1636.717121][T30680] ? __pfx_sg_common_write+0x10/0x10 [ 1636.717145][T30680] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1636.717170][T30680] ? ___ratelimit+0x58c/0x8d0 [ 1636.717193][T30680] sg_write+0xaf2/0xf00 [ 1636.717221][T30680] ? __pfx_sg_write+0x10/0x10 [ 1636.717245][T30680] ? __pfx_aa_file_perm+0x10/0x10 [ 1636.717296][T30680] ? bpf_lsm_file_permission+0x9/0x20 [ 1636.717316][T30680] ? security_file_permission+0x75/0x260 [ 1636.717337][T30680] ? rw_verify_area+0x255/0x4d0 [ 1636.717354][T30680] ? __pfx_sg_write+0x10/0x10 [ 1636.717376][T30680] vfs_write+0x29a/0xb90 [ 1636.717401][T30680] ? __pfx_vfs_write+0x10/0x10 [ 1636.717420][T30680] ? __fget_files+0x2a/0x420 [ 1636.717447][T30680] ? __fget_files+0x2a/0x420 [ 1636.717474][T30680] ? __fget_files+0x3a0/0x420 [ 1636.717496][T30680] ? __fget_files+0x2a/0x420 [ 1636.717527][T30680] ksys_write+0x150/0x270 [ 1636.717555][T30680] ? __pfx_ksys_write+0x10/0x10 [ 1636.717583][T30680] do_syscall_64+0x14d/0xf80 [ 1636.717601][T30680] ? trace_irq_disable+0x3b/0x150 [ 1636.717624][T30680] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1636.717641][T30680] ? clear_bhb_loop+0x40/0x90 [ 1636.717662][T30680] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1636.717679][T30680] RIP: 0033:0x7f24f0b9c799 [ 1636.717696][T30680] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1636.717710][T30680] RSP: 002b:00007f24eedf6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 1636.717730][T30680] RAX: ffffffffffffffda RBX: 00007f24f0e15fa0 RCX: 00007f24f0b9c799 [ 1636.717742][T30680] RDX: 00000000000000cc RSI: 0000200000000440 RDI: 0000000000000004 [ 1636.717753][T30680] RBP: 00007f24eedf6090 R08: 0000000000000000 R09: 0000000000000000 [ 1636.717764][T30680] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000002 [ 1636.717774][T30680] R13: 00007f24f0e16038 R14: 00007f24f0e15fa0 R15: 00007f24f0f3fa48 [ 1636.717802][T30680] [ 1636.825241][T30689] netlink: 76 bytes leftover after parsing attributes in process `syz.1.7533'. [ 1636.934547][T13781] usb 1-1: cp210x converter now attached to ttyUSB0 [ 1636.935425][T30684] netlink: 48 bytes leftover after parsing attributes in process `syz.2.7530'. [ 1637.088367][T30684] netlink: 48 bytes leftover after parsing attributes in process `syz.2.7530'. [ 1637.118163][T13781] usb 1-1: USB disconnect, device number 49 [ 1637.181137][T13781] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1637.227394][T13781] cp210x 1-1:0.0: device disconnected [ 1637.329366][T30693] bond5: option active_slave: mode dependency failed, not supported in mode balance-rr(0) [ 1637.344406][T30693] bond5 (unregistering): Released all slaves [ 1637.555126][T30702] syzkaller1: entered promiscuous mode [ 1637.560744][T30702] syzkaller1: entered allmulticast mode [ 1637.786898][T30709] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1638.112393][T13930] usb 3-1: new full-speed USB device number 32 using dummy_hcd [ 1638.289671][T30718] fuse: Unknown parameter '0x0000000000000007' [ 1638.634638][T13930] usb 3-1: config index 0 descriptor too short (expected 28277, got 36) [ 1638.668893][T13930] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1638.851549][T13930] usb 3-1: config 0 has no interfaces? [ 1638.905070][T13930] usb 3-1: New USB device found, idVendor=056a, idProduct=0063, bcdDevice= 0.00 [ 1639.189613][T13930] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1639.218051][T13930] usb 3-1: config 0 descriptor?? [ 1640.329035][T30730] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1640.542507][T13781] usb 1-1: new high-speed USB device number 50 using dummy_hcd [ 1640.750325][T13779] usb 3-1: USB disconnect, device number 32 [ 1640.883853][T13781] usb 1-1: Using ep0 maxpacket: 32 [ 1640.893159][T13781] usb 1-1: unable to get BOS descriptor or descriptor too short [ 1640.901334][T30734] netlink: 76 bytes leftover after parsing attributes in process `syz.2.7545'. [ 1641.033376][T13781] usb 1-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1641.056382][T13781] usb 1-1: New USB device found, idVendor=04b8, idProduct=0602, bcdDevice= 0.40 [ 1641.066691][T13781] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1641.114741][T13781] usb 1-1: Product: syz [ 1641.165450][T13781] usb 1-1: Manufacturer: syz [ 1641.202387][T13781] usb 1-1: SerialNumber: syz [ 1641.428950][T30726] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1641.443350][T30726] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1641.913748][T13781] usb 1-1: USB disconnect, device number 50 [ 1642.769554][T30762] netlink: 'syz.0.7552': attribute type 12 has an invalid length. [ 1642.777643][T30762] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7552'. [ 1643.309794][T30768] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1643.322433][T13781] usb 1-1: new full-speed USB device number 51 using dummy_hcd [ 1643.362811][T30768] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1643.671841][T13781] usb 1-1: config 1 has an invalid descriptor of length 86, skipping remainder of the config [ 1643.703422][T13781] usb 1-1: config 1 interface 0 altsetting 219 has 0 endpoint descriptors, different from the interface descriptor's value: 2 [ 1643.738941][T13781] usb 1-1: config 1 interface 0 has no altsetting 0 [ 1643.770376][T13781] usb 1-1: New USB device found, idVendor=046d, idProduct=c295, bcdDevice= 0.40 [ 1643.792535][T13781] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1643.821672][T13781] usb 1-1: Product: й [ 1643.830039][T13781] usb 1-1: Manufacturer: ጠ[ 1643.986612][T25861] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1644.122393][T13781] usb 1-1: SerialNumber: Б [ 1644.242761][T30779] netlink: 76 bytes leftover after parsing attributes in process `syz.2.7558'. [ 1644.450385][T30764] macvtap2: entered promiscuous mode [ 1644.484485][T30764] macvtap2: entered allmulticast mode [ 1644.701565][T13781] usbhid 1-1:1.0: couldn't find an input interrupt endpoint [ 1644.724785][T13781] usb 1-1: USB disconnect, device number 51 [ 1645.165191][T30794] netlink: 'syz.1.7563': attribute type 12 has an invalid length. [ 1645.189950][T30794] netlink: 132 bytes leftover after parsing attributes in process `syz.1.7563'. [ 1646.549001][T30805] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7566'. [ 1647.265618][T30819] netlink: 4 bytes leftover after parsing attributes in process `syz.2.7571'. [ 1648.727691][T30849] netlink: 'syz.4.7579': attribute type 29 has an invalid length. [ 1648.884132][T19538] usb 1-1: new full-speed USB device number 52 using dummy_hcd [ 1649.105101][T19538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 1649.115144][T19538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1649.128308][T19538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 1649.139597][T19538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1649.151554][T19538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xD has invalid wMaxPacketSize 0 [ 1649.161748][T19538] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0xA has invalid wMaxPacketSize 0 [ 1649.178071][T19538] usb 1-1: New USB device found, idVendor=0451, idProduct=5152, bcdDevice=c0.b9 [ 1649.218254][T19538] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1649.238795][T19538] usb 1-1: Product: syz [ 1649.244697][T19538] usb 1-1: Manufacturer: syz [ 1649.261631][T19538] usb 1-1: SerialNumber: syz [ 1649.280224][T19538] usb 1-1: config 0 descriptor?? [ 1649.291793][T19538] ti_usb_3410_5052 1-1:0.0: TI USB 5052 2 port adapter converter detected [ 1649.301774][T19538] ti_usb_3410_5052 1-1:0.0: missing endpoints [ 1649.407507][T30857] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1649.417930][T30857] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1649.521520][T30857] vlan2: entered promiscuous mode [ 1649.571511][T30857] bridge0: entered promiscuous mode [ 1649.613069][T30860] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7583'. [ 1649.743345][T19538] usb 1-1: USB disconnect, device number 52 [ 1650.322974][ T12] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1650.479053][T30866] netlink: 27 bytes leftover after parsing attributes in process `syz.2.7585'. [ 1651.512454][ T5825] usb 2-1: new high-speed USB device number 71 using dummy_hcd [ 1651.702802][ T5825] usb 2-1: Using ep0 maxpacket: 32 [ 1651.704310][T30890] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7594'. [ 1651.724540][ T5825] usb 2-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 1651.750861][ T5825] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1651.769795][ T5825] usb 2-1: config 0 descriptor?? [ 1651.797644][ T5825] as10x_usb: device has been detected [ 1651.806913][ T5825] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 1651.836657][ T5825] usb 2-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 1651.857498][ T5825] as10x_usb: error during firmware upload part1 [ 1651.867510][ T5825] Registered device nBox DVB-T Dongle [ 1651.994213][ T5825] usb 2-1: USB disconnect, device number 71 [ 1652.013076][T13781] usb 3-1: new low-speed USB device number 33 using dummy_hcd [ 1652.033471][ T5825] Unregistered device nBox DVB-T Dongle [ 1652.034618][ T5825] as10x_usb: device has been disconnected [ 1652.172403][T13781] usb 3-1: Invalid ep0 maxpacket: 16 [ 1652.202369][T19538] usb 1-1: new high-speed USB device number 53 using dummy_hcd [ 1652.302440][T13781] usb 3-1: new low-speed USB device number 34 using dummy_hcd [ 1652.355870][T19538] usb 1-1: New USB device found, idVendor=0424, idProduct=7850, bcdDevice= 0.00 [ 1652.365285][T19538] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1652.373395][T19538] usb 1-1: Product: syz [ 1652.378104][T19538] usb 1-1: Manufacturer: syz [ 1652.382818][T19538] usb 1-1: SerialNumber: syz [ 1652.452679][T13781] usb 3-1: Invalid ep0 maxpacket: 16 [ 1652.458372][T13781] usb usb3-port1: attempt power cycle [ 1653.011641][T13781] usb 3-1: new low-speed USB device number 35 using dummy_hcd [ 1653.029641][T19538] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000098. ret = -EPIPE [ 1653.092599][T10619] wlan0: Selected IBSS BSSID 50:50:50:50:50:50 based on configured SSID [ 1653.125153][T13781] usb 3-1: Invalid ep0 maxpacket: 16 [ 1653.134165][T19538] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to sync IRQ enable register: -EPIPE [ 1653.163723][T30912] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1653.180416][T30912] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1653.203282][T30912] netlink: 10 bytes leftover after parsing attributes in process `syz.4.7600'. [ 1653.272442][T13781] usb 3-1: new low-speed USB device number 36 using dummy_hcd [ 1653.293203][T13781] usb 3-1: Invalid ep0 maxpacket: 16 [ 1653.299181][T13781] usb usb3-port1: unable to enumerate USB device [ 1653.597612][T30901] syzkaller0: entered promiscuous mode [ 1653.604950][T30901] syzkaller0: entered allmulticast mode [ 1654.860577][T19538] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Failed to read register index 0x00000010. ret = -EPROTO [ 1654.880290][T19538] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Registers INIT FAILED.... [ 1655.102084][T19538] lan78xx 1-1:1.0 (unnamed net_device) (uninitialized): Bind routine FAILED [ 1655.208708][T19538] lan78xx 1-1:1.0: probe with driver lan78xx failed with error -71 [ 1655.336403][T19538] usb 1-1: USB disconnect, device number 53 [ 1655.712431][T19538] usb 1-1: new high-speed USB device number 54 using dummy_hcd [ 1655.878622][T19538] usb 1-1: config 0 has an invalid interface number: 20 but max is 0 [ 1655.887566][T19538] usb 1-1: config 0 has no interface number 0 [ 1655.894106][T19538] usb 1-1: config 0 interface 20 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1655.925538][T19538] usb 1-1: config 0 interface 20 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1655.971700][T19538] usb 1-1: config 0 interface 20 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1655.989344][T19538] usb 1-1: New USB device found, idVendor=28bd, idProduct=0935, bcdDevice= 0.00 [ 1656.001904][T19538] usb 1-1: New USB device strings: Mfr=51, Product=0, SerialNumber=0 [ 1656.012012][T19538] usb 1-1: Manufacturer: syz [ 1656.026603][T19538] usb 1-1: config 0 descriptor?? [ 1656.082753][T10632] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1656.107570][T13781] hid_parser_main: 4007 callbacks suppressed [ 1656.107594][T13781] hid-generic 0000:0000:0000.0034: unknown main item tag 0x0 [ 1656.124722][T30955] sctp: [Deprecated]: syz.4.7612 (pid 30955) Use of struct sctp_assoc_value in delayed_ack socket option. [ 1656.124722][T30955] Use struct sctp_sack_info instead [ 1656.125643][T13781] hid-generic 0000:0000:0000.0034: hidraw0: HID v0.00 Device [syz1] on syz0 [ 1656.212706][ T5825] usb 2-1: new high-speed USB device number 72 using dummy_hcd [ 1656.234609][T30955] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1656.244694][T30955] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1656.275034][T19538] usbhid 1-1:0.20: can't add hid device: -71 [ 1656.283162][T19538] usbhid 1-1:0.20: probe with driver usbhid failed with error -71 [ 1656.305824][T19538] usb 1-1: USB disconnect, device number 54 [ 1656.362406][ T5825] usb 2-1: device descriptor read/64, error -71 [ 1656.527822][T30966] netlink: 28 bytes leftover after parsing attributes in process `syz.4.7612'. [ 1656.642541][ T5825] usb 2-1: new high-speed USB device number 73 using dummy_hcd [ 1656.784424][ T5825] usb 2-1: device descriptor read/64, error -71 [ 1656.982739][ T5825] usb usb2-port1: attempt power cycle [ 1657.335885][T30983] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7615'. [ 1657.345363][T30983] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7615'. [ 1657.369344][T30983] netlink: 8 bytes leftover after parsing attributes in process `syz.3.7615'. [ 1657.378491][T30983] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7615'. [ 1657.391320][T10632] netdevsim netdevsim3 netdevsim0: set [0, 0] type 1 family 0 port 8472 - 0 [ 1657.401392][T10632] netdevsim netdevsim3 netdevsim1: set [0, 0] type 1 family 0 port 8472 - 0 [ 1657.455846][T10632] netdevsim netdevsim3 netdevsim2: set [0, 0] type 1 family 0 port 8472 - 0 [ 1657.522947][ T5825] usb 2-1: new high-speed USB device number 74 using dummy_hcd [ 1657.555626][ T5825] usb 2-1: device descriptor read/8, error -71 [ 1657.566561][T10632] netdevsim netdevsim3 netdevsim3: set [0, 0] type 1 family 0 port 8472 - 0 [ 1657.772576][T30990] fuse: Unknown parameter '0x0000000000000006' [ 1657.805620][T30989] netlink: 56 bytes leftover after parsing attributes in process `syz.2.7620'. [ 1657.873368][T30990] fuse: Bad value for 'fd' [ 1657.880229][ T5825] usb 2-1: new high-speed USB device number 75 using dummy_hcd [ 1657.957967][ T5825] usb 2-1: device descriptor read/8, error -71 [ 1657.975554][T30991] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7619'. [ 1658.072795][ T5825] usb usb2-port1: unable to enumerate USB device [ 1658.197390][T30991] fuse: Bad value for 'fd' [ 1658.869058][T31003] netlink: 4 bytes leftover after parsing attributes in process `syz.0.7623'. [ 1659.892353][T26949] usb 3-1: new high-speed USB device number 37 using dummy_hcd [ 1660.064580][T26949] usb 3-1: Using ep0 maxpacket: 8 [ 1660.177108][T26949] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1660.234187][T26949] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1660.247839][T26949] usb 3-1: Product: syz [ 1660.256042][T26949] usb 3-1: Manufacturer: syz [ 1660.266276][T26949] usb 3-1: SerialNumber: syz [ 1660.409813][T26949] usb 3-1: config 0 descriptor?? [ 1660.986694][T26949] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1661.112407][T13781] usb 4-1: new full-speed USB device number 35 using dummy_hcd [ 1661.270773][T13781] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1661.294320][T13781] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 1661.342432][T13781] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1661.382716][T13781] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1661.415784][T31034] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1661.425531][T31034] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1661.444408][T13781] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1661.462951][T31039] FAULT_INJECTION: forcing a failure. [ 1661.462951][T31039] name fail_page_alloc, interval 1, probability 0, space 0, times 0 [ 1661.513868][T31039] CPU: 1 UID: 0 PID: 31039 Comm: syz.1.7632 Tainted: G L syzkaller #0 PREEMPT(full) [ 1661.513900][T31039] Tainted: [L]=SOFTLOCKUP [ 1661.513908][T31039] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1661.513920][T31039] Call Trace: [ 1661.513929][T31039] [ 1661.513937][T31039] dump_stack_lvl+0xe8/0x150 [ 1661.513990][T31039] should_fail_ex+0x412/0x560 [ 1661.514024][T31039] prepare_alloc_pages+0x22a/0x650 [ 1661.514058][T31039] __alloc_frozen_pages_noprof+0x12f/0x380 [ 1661.514087][T31039] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 1661.514115][T31039] ? __pfx_policy_nodemask+0x10/0x10 [ 1661.514142][T31039] ? __lock_acquire+0x6b5/0x2cf0 [ 1661.514172][T31039] alloc_pages_mpol+0x232/0x4a0 [ 1661.514202][T31039] vma_alloc_folio_noprof+0xea/0x210 [ 1661.514232][T31039] ? __pfx_vma_alloc_folio_noprof+0x10/0x10 [ 1661.514268][T31039] do_wp_page+0x1204/0x5a00 [ 1661.514318][T31039] ? __pfx_do_wp_page+0x10/0x10 [ 1661.514344][T31039] ? do_raw_spin_lock+0x12b/0x2f0 [ 1661.514369][T31039] ? __pfx_do_raw_spin_lock+0x10/0x10 [ 1661.514401][T31039] handle_mm_fault+0x1520/0x3310 [ 1661.514444][T31039] ? handle_mm_fault+0xee/0x3310 [ 1661.514481][T31039] ? __pfx_handle_mm_fault+0x10/0x10 [ 1661.514539][T31039] ? lock_mm_and_find_vma+0xa7/0x340 [ 1661.514563][T31039] do_user_addr_fault+0x75b/0x1340 [ 1661.514607][T31039] exc_page_fault+0x6a/0xc0 [ 1661.514630][T31039] asm_exc_page_fault+0x26/0x30 [ 1661.514649][T31039] RIP: 0010:rep_movs_alternative+0x4a/0x90 [ 1661.514675][T31039] Code: cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 00 48 8b 06 48 89 07 48 83 c6 08 48 83 c7 08 83 e9 08 74 db 83 f9 08 73 e8 eb c5 a4 c3 cc cc cc cc 48 8b 06 48 89 07 48 8d 47 08 48 83 e0 f8 48 [ 1661.514693][T31039] RSP: 0018:ffffc9000f5ef638 EFLAGS: 00050202 [ 1661.514711][T31039] RAX: ffffffff84ac6501 RBX: ffff88807aa86000 RCX: 0000000000000e5c [ 1661.514726][T31039] RDX: 0000000000000000 RSI: ffff88807aa86000 RDI: 0000200000002500 [ 1661.514739][T31039] RBP: ffffc9000f5ef7b0 R08: ffff88807aa86e5b R09: 1ffff1100f550dcb [ 1661.514751][T31039] R10: dffffc0000000000 R11: ffffed100f550dcc R12: dffffc0000000000 [ 1661.514763][T31039] R13: 0000000000000000 R14: 00007ffffffff000 R15: 0000000000000e5c [ 1661.514785][T31039] ? _copy_to_iter+0x3b1/0x17d0 [ 1661.514821][T31039] _copy_to_iter+0x493/0x17d0 [ 1661.514865][T31039] ? __pfx__copy_to_iter+0x10/0x10 [ 1661.514893][T31039] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 1661.514919][T31039] ? lockdep_hardirqs_on+0x7a/0x110 [ 1661.514937][T31039] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 1661.514964][T31039] ? __skb_try_recv_datagram+0x3d4/0x4d0 [ 1661.514995][T31039] __skb_datagram_iter+0xf8/0x980 [ 1661.515020][T31039] ? __pfx_simple_copy_to_iter+0x10/0x10 [ 1661.515052][T31039] skb_copy_datagram_iter+0xb5/0x270 [ 1661.515081][T31039] netlink_recvmsg+0x2c3/0xa50 [ 1661.515120][T31039] ? __pfx_netlink_recvmsg+0x10/0x10 [ 1661.515146][T31039] ? is_bpf_text_address+0x26/0x2b0 [ 1661.515174][T31039] ? aa_sock_msg_perm+0xf1/0x1b0 [ 1661.515202][T31039] ? bpf_lsm_socket_recvmsg+0x9/0x20 [ 1661.515223][T31039] ? security_socket_recvmsg+0x7e/0x2c0 [ 1661.515242][T31039] ? __pfx_netlink_recvmsg+0x10/0x10 [ 1661.515268][T31039] sock_recvmsg+0x172/0x1b0 [ 1661.515298][T31039] ____sys_recvmsg+0x1e6/0x4a0 [ 1661.515330][T31039] ? __pfx_____sys_recvmsg+0x10/0x10 [ 1661.515368][T31039] ? import_iovec+0x73/0xa0 [ 1661.515394][T31039] ___sys_recvmsg+0x215/0x590 [ 1661.515415][T31039] ? get_pid_task+0x20/0x1f0 [ 1661.515439][T31039] ? __pfx____sys_recvmsg+0x10/0x10 [ 1661.515487][T31039] ? __fget_files+0x3a0/0x420 [ 1661.515537][T31039] __x64_sys_recvmsg+0x1ba/0x2a0 [ 1661.515562][T31039] ? __pfx___x64_sys_recvmsg+0x10/0x10 [ 1661.515593][T31039] ? __pfx_ksys_write+0x10/0x10 [ 1661.515628][T31039] do_syscall_64+0x14d/0xf80 [ 1661.515648][T31039] ? trace_irq_disable+0x3b/0x150 [ 1661.515673][T31039] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1661.515693][T31039] ? clear_bhb_loop+0x40/0x90 [ 1661.515717][T31039] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1661.515736][T31039] RIP: 0033:0x7f24f0b9c799 [ 1661.515754][T31039] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1661.515770][T31039] RSP: 002b:00007f24eedf6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002f [ 1661.515789][T31039] RAX: ffffffffffffffda RBX: 00007f24f0e15fa0 RCX: 00007f24f0b9c799 [ 1661.515803][T31039] RDX: 0000000000000000 RSI: 0000200000000080 RDI: 0000000000000003 [ 1661.515814][T31039] RBP: 00007f24eedf6090 R08: 0000000000000000 R09: 0000000000000000 [ 1661.515824][T31039] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1661.515835][T31039] R13: 00007f24f0e16038 R14: 00007f24f0e15fa0 R15: 00007f24f0f3fa48 [ 1661.515867][T31039] [ 1662.063500][T26949] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1662.192363][T13779] usb 3-1: USB disconnect, device number 37 [ 1662.773840][T31055] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1663.835743][T13781] usb 4-1: USB disconnect, device number 35 [ 1664.372376][T13781] usb 3-1: new full-speed USB device number 38 using dummy_hcd [ 1664.642818][T13930] usb 4-1: new high-speed USB device number 36 using dummy_hcd [ 1664.840521][T13781] usb 3-1: config 0 has an invalid interface number: 52 but max is 0 [ 1664.842356][T13930] usb 4-1: Using ep0 maxpacket: 32 [ 1664.848918][T13781] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1664.888894][T13781] usb 3-1: config 0 has no interface number 0 [ 1664.914310][T13781] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has an invalid bInterval 0, changing to 10 [ 1664.932733][T13930] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1664.943667][T13781] usb 3-1: config 0 interface 52 altsetting 1 endpoint 0x8A has invalid wMaxPacketSize 0 [ 1664.943702][T13781] usb 3-1: config 0 interface 52 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1664.943729][T13781] usb 3-1: config 0 interface 52 has no altsetting 0 [ 1664.945310][T13781] usb 3-1: New USB device found, idVendor=06cb, idProduct=0003, bcdDevice=e8.00 [ 1665.068114][T13930] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1665.068154][T13781] usb 3-1: New USB device strings: Mfr=22, Product=0, SerialNumber=0 [ 1665.096986][T13781] usb 3-1: Manufacturer: syz [ 1665.152568][T13930] usb 4-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1665.182072][T13930] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1665.219347][T13930] usb 4-1: config 0 descriptor?? [ 1665.243792][T13930] hub 4-1:0.0: USB hub found [ 1665.303141][T13781] usb 3-1: config 0 descriptor?? [ 1665.522789][T31063] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1665.533791][T31063] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1665.547735][T13781] synaptics_usb 3-1:0.52: synusb_open - usb_submit_urb failed, error: -90 [ 1665.560621][T13781] synaptics_usb 3-1:0.52: probe with driver synaptics_usb failed with error -5 [ 1665.636321][T13930] hub 4-1:0.0: 1 port detected [ 1665.959095][T31086] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7639'. [ 1665.992906][T13781] usb 3-1: USB disconnect, device number 38 [ 1666.209493][T31097] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7651'. [ 1666.273271][T13930] hub 4-1:0.0: activate --> -90 [ 1666.312181][T31099] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1666.333341][T31099] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1666.508657][T31103] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1666.898338][T26949] usb 4-1: USB disconnect, device number 36 [ 1667.408815][T31113] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7655'. [ 1667.787575][T31119] netlink: 4 bytes leftover after parsing attributes in process `syz.3.7657'. [ 1668.021373][T31132] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1668.129827][T31136] netlink: 68 bytes leftover after parsing attributes in process `syz.3.7663'. [ 1668.239583][T31136] tipc: Failed to remove unknown binding: 66,1,1/0:1225790825/1225790827 [ 1668.892171][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1668.898575][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1669.160484][T31146] netlink: 20 bytes leftover after parsing attributes in process `syz.3.7665'. [ 1669.513656][T31156] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1669.562943][T31156] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1670.312431][T26949] usb 1-1: new high-speed USB device number 55 using dummy_hcd [ 1670.558188][T26949] usb 1-1: Using ep0 maxpacket: 16 [ 1670.591386][T26949] usb 1-1: config 0 has no interfaces? [ 1670.645681][T26949] usb 1-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1670.666360][T26949] usb 1-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1670.762145][T26949] usb 1-1: Manufacturer: syz [ 1670.771065][T26949] usb 1-1: config 0 descriptor?? [ 1671.124072][T31161] netlink: 52 bytes leftover after parsing attributes in process `syz.0.7668'. [ 1672.242376][T13930] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 1672.442621][T13930] usb 2-1: Using ep0 maxpacket: 16 [ 1672.464916][T13930] usb 2-1: config 0 has no interfaces? [ 1672.483700][T13930] usb 2-1: New USB device found, idVendor=13b1, idProduct=0042, bcdDevice=7b.55 [ 1672.510549][T13930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1672.530399][T13930] usb 2-1: Product: syz [ 1672.542471][T13930] usb 2-1: Manufacturer: syz [ 1672.582618][T13930] usb 2-1: SerialNumber: syz [ 1672.597627][T13930] usb 2-1: config 0 descriptor?? [ 1672.936404][T13930] usb 1-1: USB disconnect, device number 55 [ 1673.116734][T31195] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1673.261459][T31182] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7675'. [ 1673.629964][T31182] bond0: entered allmulticast mode [ 1673.635676][T31182] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1673.892361][T13930] usb 4-1: new full-speed USB device number 37 using dummy_hcd [ 1673.980283][T31211] netlink: 'syz.2.7680': attribute type 10 has an invalid length. [ 1674.038690][T13767] usb 2-1: USB disconnect, device number 76 [ 1674.096727][T13930] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1674.109561][T13930] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 1674.139628][T31211] bond0: (slave netdevsim0): Enslaving as an active interface with an up link [ 1674.162159][T13930] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1674.192324][T13930] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1674.266010][T31202] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1674.294584][T31202] raw-gadget.0 gadget.3: fail, usb_ep_enable returned -22 [ 1674.355349][T13930] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1674.764030][ T12] bond0 (unregistering): Released all slaves [ 1675.036393][T31225] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1675.283215][T10619] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1675.462362][T13767] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 1675.673524][T13767] usb 2-1: Using ep0 maxpacket: 16 [ 1675.689137][T13767] usb 2-1: config 0 has no interfaces? [ 1675.702883][T13767] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1675.712431][T13767] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1675.861353][T13767] usb 2-1: Manufacturer: syz [ 1675.875347][T13767] usb 2-1: config 0 descriptor?? [ 1676.303642][T13930] usb 4-1: USB disconnect, device number 37 [ 1677.674307][T31260] binder: BINDER_SET_CONTEXT_MGR already set [ 1677.680649][T31260] binder: 31258:31260 ioctl 4018620d 200000004a80 returned -16 [ 1677.875340][T13767] usb 2-1: USB disconnect, device number 77 [ 1678.380088][T31274] sg_write: data in/out 262109/64 bytes for SCSI command 0x69-- guessing data in; [ 1678.380088][T31274] program syz.2.7694 not setting count and/or reply_len properly [ 1679.152043][T31286] netlink: 'syz.2.7696': attribute type 12 has an invalid length. [ 1679.402441][T31286] netlink: 132 bytes leftover after parsing attributes in process `syz.2.7696'. [ 1679.930996][T31298] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7698'. [ 1679.942403][T31298] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7698'. [ 1680.021813][T31298] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7698'. [ 1680.454874][T31302] netlink: 304 bytes leftover after parsing attributes in process `syz.3.7700'. [ 1681.594697][T31312] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1681.752689][T31312] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1682.344547][T10622] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1683.104879][ T5825] usb 4-1: new high-speed USB device number 38 using dummy_hcd [ 1683.274206][ T5825] usb 4-1: config 0 has an invalid interface number: 64 but max is 0 [ 1683.282671][ T5825] usb 4-1: config 0 has an invalid descriptor of length 48, skipping remainder of the config [ 1683.305882][ T5825] usb 4-1: config 0 has no interface number 0 [ 1683.340790][ T5825] usb 4-1: New USB device found, idVendor=046d, idProduct=0823, bcdDevice=39.48 [ 1683.376391][ T5825] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1683.401250][ T5825] usb 4-1: Product: syz [ 1683.428327][ T5825] usb 4-1: Manufacturer: syz [ 1683.441920][ T5825] usb 4-1: SerialNumber: syz [ 1683.473473][ T5825] usb 4-1: config 0 descriptor?? [ 1683.824063][ T5825] uvcvideo 4-1:0.64: probe with driver uvcvideo failed with error -22 [ 1684.096213][T31327] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1684.124569][T31327] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1684.145785][T13779] usb 4-1: USB disconnect, device number 38 [ 1684.399000][T31334] netlink: 'syz.1.7708': attribute type 12 has an invalid length. [ 1684.424664][T31334] netlink: 132 bytes leftover after parsing attributes in process `syz.1.7708'. [ 1684.603341][T31338] FAULT_INJECTION: forcing a failure. [ 1684.603341][T31338] name failslab, interval 1, probability 0, space 0, times 0 [ 1684.637069][T31338] CPU: 0 UID: 0 PID: 31338 Comm: syz.0.7709 Tainted: G L syzkaller #0 PREEMPT(full) [ 1684.637103][T31338] Tainted: [L]=SOFTLOCKUP [ 1684.637111][T31338] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1684.637122][T31338] Call Trace: [ 1684.637131][T31338] [ 1684.637141][T31338] dump_stack_lvl+0xe8/0x150 [ 1684.637175][T31338] should_fail_ex+0x412/0x560 [ 1684.637209][T31338] should_failslab+0xa8/0x100 [ 1684.637237][T31338] __kmalloc_cache_noprof+0x88/0x660 [ 1684.637258][T31338] ? netdev_genl_netdevice_event+0xa3/0x3e0 [ 1684.637281][T31338] ? netdevice_event+0x3cb/0x8f0 [ 1684.637340][T31338] netdevice_event+0x3cb/0x8f0 [ 1684.637371][T31338] ? __up_read+0x291/0x6b0 [ 1684.637390][T31338] ? __pfx_netdevice_event+0x10/0x10 [ 1684.637415][T31338] ? __pfx_del_netdev_ips+0x10/0x10 [ 1684.637439][T31338] ? __pfx_pass_all_filter+0x10/0x10 [ 1684.637485][T31338] notifier_call_chain+0x1be/0x400 [ 1684.637523][T31338] unregister_netdevice_many_notify+0x186a/0x2370 [ 1684.637565][T31338] ? __pfx_unregister_netdevice_many_notify+0x10/0x10 [ 1684.637600][T31338] ? lockdep_hardirqs_on+0x7a/0x110 [ 1684.637633][T31338] unregister_netdevice_queue+0x31f/0x360 [ 1684.637658][T31338] ? kernfs_put+0x44e/0x470 [ 1684.637685][T31338] ? __pfx_unregister_netdevice_queue+0x10/0x10 [ 1684.637708][T31338] ? sysfs_remove_group+0x236/0x2e0 [ 1684.637740][T31338] ? br_dev_delete+0xe2/0x110 [ 1684.637767][T31338] br_del_bridge+0xb6/0xf0 [ 1684.637792][T31338] br_ioctl_stub+0x746/0xd60 [ 1684.637823][T31338] ? do_vfs_ioctl+0x1166/0x1530 [ 1684.637846][T31338] ? __pfx_br_ioctl_stub+0x10/0x10 [ 1684.637873][T31338] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 1684.637900][T31338] ? sock_ioctl+0x4fa/0x7f0 [ 1684.637934][T31338] ? __mutex_unlock_slowpath+0x1bd/0x7d0 [ 1684.637974][T31338] ? __pfx_br_ioctl_stub+0x10/0x10 [ 1684.637999][T31338] sock_ioctl+0x523/0x7f0 [ 1684.638026][T31338] ? __pfx_sock_ioctl+0x10/0x10 [ 1684.638052][T31338] ? __fget_files+0x2a/0x420 [ 1684.638077][T31338] ? __fget_files+0x3a0/0x420 [ 1684.638103][T31338] ? __fget_files+0x2a/0x420 [ 1684.638131][T31338] ? bpf_lsm_file_ioctl+0x9/0x20 [ 1684.638154][T31338] ? __pfx_sock_ioctl+0x10/0x10 [ 1684.638178][T31338] __se_sys_ioctl+0xfc/0x170 [ 1684.638200][T31338] do_syscall_64+0x14d/0xf80 [ 1684.638220][T31338] ? trace_irq_disable+0x3b/0x150 [ 1684.638242][T31338] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1684.638261][T31338] ? clear_bhb_loop+0x40/0x90 [ 1684.638282][T31338] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1684.638299][T31338] RIP: 0033:0x7f90c4d9c799 [ 1684.638327][T31338] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1684.638343][T31338] RSP: 002b:00007f90c2ff6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1684.638365][T31338] RAX: ffffffffffffffda RBX: 00007f90c5015fa0 RCX: 00007f90c4d9c799 [ 1684.638378][T31338] RDX: 0000200000000040 RSI: 00000000000089a1 RDI: 0000000000000004 [ 1684.638391][T31338] RBP: 00007f90c2ff6090 R08: 0000000000000000 R09: 0000000000000000 [ 1684.638404][T31338] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1684.638416][T31338] R13: 00007f90c5016038 R14: 00007f90c5015fa0 R15: 00007f90c513fa48 [ 1684.638449][T31338] [ 1685.537624][T31346] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1685.709267][T31347] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1685.990073][T31358] netlink: 36 bytes leftover after parsing attributes in process `syz.2.7715'. [ 1686.791055][T31374] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7718'. [ 1686.800782][T31374] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7718'. [ 1686.811844][T31374] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7718'. [ 1686.821418][T31374] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7718'. [ 1687.744692][T31380] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1687.766270][T31380] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1688.058363][T31388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7723'. [ 1688.067448][T31388] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7723'. [ 1688.078422][T31388] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7723'. [ 1688.087542][T31388] netlink: 20 bytes leftover after parsing attributes in process `syz.0.7723'. [ 1688.232490][T10634] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1689.952505][T31414] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1690.365591][T31419] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1690.882680][T13930] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 1691.052369][T13930] usb 2-1: Using ep0 maxpacket: 32 [ 1691.060200][T13930] usb 2-1: unable to get BOS descriptor or descriptor too short [ 1691.070991][T13930] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 1691.189735][T13930] usb 2-1: New USB device found, idVendor=04b8, idProduct=0602, bcdDevice= 0.40 [ 1691.200173][T13930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1691.352145][T13930] usb 2-1: Product: syz [ 1691.372033][T13930] usb 2-1: Manufacturer: syz [ 1691.381477][T13930] usb 2-1: SerialNumber: syz [ 1691.673395][T31435] binder_alloc: 31433: pid 31433 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1691.687258][T31427] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1691.753554][T31427] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1691.757988][T31435] binder_alloc: 31433: pid 31433 spamming oneway? 2 buffers allocated for a total size of 5120 [ 1691.944751][T13930] usb 2-1: USB disconnect, device number 78 [ 1691.969142][T31439] __nla_validate_parse: 1 callbacks suppressed [ 1691.969162][T31439] netlink: 36 bytes leftover after parsing attributes in process `syz.0.7739'. [ 1692.720506][T31455] syzkaller0: entered promiscuous mode [ 1692.726270][T31455] syzkaller0: entered allmulticast mode [ 1693.729302][T13779] usb 3-1: new high-speed USB device number 39 using dummy_hcd [ 1693.887384][T13779] usb 3-1: Using ep0 maxpacket: 32 [ 1693.906243][T13779] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1693.919031][T13779] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1694.006311][T13779] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1694.024517][T13779] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1694.057539][T13779] usb 3-1: config 0 descriptor?? [ 1694.201402][T13779] hub 3-1:0.0: USB hub found [ 1694.839456][T13779] hub 3-1:0.0: 1 port detected [ 1695.445474][T13779] hub 3-1:0.0: activate --> -90 [ 1696.067125][T13779] usb 3-1-port1: cannot disable (err = -71) [ 1696.073615][T13767] usb 3-1: USB disconnect, device number 39 [ 1696.079589][T13779] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 1696.905132][T13767] usb 3-1: new high-speed USB device number 40 using dummy_hcd [ 1697.090558][T13767] usb 3-1: New USB device found, idVendor=0cf3, idProduct=9271, bcdDevice= 1.08 [ 1697.100214][T13767] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1697.108506][T13767] usb 3-1: Product: syz [ 1697.112858][T13767] usb 3-1: Manufacturer: syz [ 1697.117448][T13767] usb 3-1: SerialNumber: syz [ 1697.169724][T13767] usb 3-1: ath9k_htc: Firmware ath9k_htc/htc_9271-1.4.0.fw requested [ 1697.190949][T13779] usb 3-1: ath9k_htc: Transferred FW: ath9k_htc/htc_9271-1.4.0.fw, size: 51008 [ 1697.421217][T31475] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1697.441275][T31475] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1697.466848][T13930] usb 3-1: USB disconnect, device number 40 [ 1697.974590][T31488] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1698.198971][T31494] netlink: 36 bytes leftover after parsing attributes in process `syz.1.7754'. [ 1698.242450][T13779] ath9k_htc 3-1:1.0: ath9k_htc: Target is unresponsive [ 1698.261027][T31495] netlink: 64 bytes leftover after parsing attributes in process `syz.4.7755'. [ 1698.307298][T13779] ath9k_htc: Failed to initialize the device [ 1698.339216][T13930] usb 3-1: ath9k_htc: USB layer deinitialized [ 1698.400414][T31497] block device autoloading is deprecated and will be removed. [ 1699.960442][T31512] binder_alloc: 31510: pid 31510 spamming oneway? 1 buffers allocated for a total size of 4096 [ 1700.002571][T31512] binder_alloc: 31510: pid 31510 spamming oneway? 2 buffers allocated for a total size of 5120 [ 1700.056108][T31517] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7758'. [ 1700.087983][T31517] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7758'. [ 1700.233620][T31517] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7758'. [ 1700.244437][T31517] netlink: 20 bytes leftover after parsing attributes in process `syz.1.7758'. [ 1701.310582][T31542] netlink: 28 bytes leftover after parsing attributes in process `syz.0.7766'. [ 1701.323214][T31542] netlink: 12 bytes leftover after parsing attributes in process `syz.0.7766'. [ 1702.127070][T31548] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1702.144681][T31548] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1702.722449][T13779] usb 2-1: new high-speed USB device number 79 using dummy_hcd [ 1702.908301][T13779] usb 2-1: Using ep0 maxpacket: 16 [ 1702.931888][T13779] usb 2-1: config 0 has no interfaces? [ 1703.177983][T13779] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1703.198520][T13779] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1703.215772][T13779] usb 2-1: Manufacturer: syz [ 1703.247796][T13779] usb 2-1: config 0 descriptor?? [ 1703.268120][T31565] netlink: 16 bytes leftover after parsing attributes in process `syz.3.7772'. [ 1703.297243][T31549] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1703.475880][T31572] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1704.400232][T31553] netlink: 52 bytes leftover after parsing attributes in process `syz.1.7769'. [ 1705.480679][T13781] usb 2-1: USB disconnect, device number 79 [ 1705.802501][T13781] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 1705.877897][T31597] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7779'. [ 1705.942874][T31597] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7779'. [ 1705.982429][T13781] usb 2-1: Using ep0 maxpacket: 16 [ 1705.993260][T31597] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7779'. [ 1706.009729][T31597] netlink: 20 bytes leftover after parsing attributes in process `syz.4.7779'. [ 1706.127642][T13781] usb 2-1: config 0 has an invalid interface number: 223 but max is 0 [ 1706.242272][T13781] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1706.317383][T13781] usb 2-1: config 0 has no interface number 0 [ 1706.337415][T13781] usb 2-1: config 0 interface 223 altsetting 1 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 1706.381126][T13781] usb 2-1: config 0 interface 223 altsetting 1 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1706.425159][T13781] usb 2-1: config 0 interface 223 altsetting 1 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1706.510199][T13781] usb 2-1: config 0 interface 223 has no altsetting 0 [ 1706.744666][T31607] netlink: 16 bytes leftover after parsing attributes in process `syz.2.7784'. [ 1706.774397][T13781] usb 2-1: New USB device found, idVendor=06cb, idProduct=0006, bcdDevice=9a.eb [ 1706.952541][T13781] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1706.960599][T13781] usb 2-1: Product: syz [ 1706.971286][T13781] usb 2-1: Manufacturer: syz [ 1707.019875][T13781] usb 2-1: SerialNumber: syz [ 1707.058625][T13781] usb 2-1: config 0 descriptor?? [ 1707.282385][T10619] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1707.309445][T13781] usb 2-1: Can not set alternate setting to 1, error: -71 [ 1707.319400][T13781] synaptics_usb 2-1:0.223: probe with driver synaptics_usb failed with error -71 [ 1707.362028][T13781] usb 2-1: USB disconnect, device number 80 [ 1707.412359][T13767] usb 4-1: new full-speed USB device number 39 using dummy_hcd [ 1707.583843][T13767] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 10 [ 1707.611817][T13767] usb 4-1: config 27 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 127, setting to 64 [ 1707.624840][T13767] usb 4-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1707.638258][T13767] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1707.650568][T31615] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1707.658186][T31615] raw-gadget.2 gadget.3: fail, usb_ep_enable returned -22 [ 1707.678605][T13767] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1708.096647][T31626] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1708.162871][ T5825] usb 1-1: new high-speed USB device number 56 using dummy_hcd [ 1708.485542][ T5825] usb 1-1: Using ep0 maxpacket: 32 [ 1708.540981][ T5825] usb 1-1: New USB device found, idVendor=0b89, idProduct=0007, bcdDevice=ef.64 [ 1708.551489][ T5825] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1708.641665][ T5825] usb 1-1: config 0 descriptor?? [ 1708.685120][ T5825] as10x_usb: device has been detected [ 1708.692711][ T5825] dvbdev: DVB: registering new adapter (nBox DVB-T Dongle) [ 1708.725420][ T5825] usb 1-1: DVB: registering adapter 1 frontend 0 (nBox DVB-T Dongle)... [ 1708.844676][ T5825] as10x_usb: error during firmware upload part1 [ 1708.857169][ T5825] Registered device nBox DVB-T Dongle [ 1708.891443][ T5825] usb 1-1: USB disconnect, device number 56 [ 1709.077270][ T5825] Unregistered device nBox DVB-T Dongle [ 1709.093175][ T5825] as10x_usb: device has been disconnected [ 1709.223381][T31638] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1710.095013][ T5825] usb 4-1: USB disconnect, device number 39 [ 1710.812344][ T5825] usb 3-1: new high-speed USB device number 41 using dummy_hcd [ 1710.975930][ T5825] usb 3-1: Using ep0 maxpacket: 16 [ 1711.027224][ T5825] usb 3-1: config 0 has no interfaces? [ 1711.037451][ T5825] usb 3-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1711.056408][ T5825] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1711.087359][ T5825] usb 3-1: Manufacturer: syz [ 1711.130013][ T5825] usb 3-1: config 0 descriptor?? [ 1711.528468][T31648] netlink: 52 bytes leftover after parsing attributes in process `syz.2.7796'. [ 1712.610434][T31682] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1713.070813][T10619] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1713.567263][T13767] usb 3-1: USB disconnect, device number 41 [ 1713.684161][T31690] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7808'. [ 1713.693675][T31690] netlink: 'syz.1.7808': attribute type 1 has an invalid length. [ 1714.326077][T10632] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1714.812338][T13781] usb 4-1: new high-speed USB device number 40 using dummy_hcd [ 1714.982678][T13781] usb 4-1: Using ep0 maxpacket: 16 [ 1714.990870][T13781] usb 4-1: config 0 has no interfaces? [ 1715.006631][T31728] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7817'. [ 1715.019566][T13781] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1715.020307][T31728] binder: 31727:31728 ioctl 4018620d 0 returned -22 [ 1715.060756][T13781] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1715.139012][T13781] usb 4-1: Manufacturer: syz [ 1715.201176][T13781] usb 4-1: config 0 descriptor?? [ 1716.422148][T31749] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1717.921665][T13779] usb 4-1: USB disconnect, device number 40 [ 1717.994784][T31767] openvswitch: netlink: Flow actions may not be safe on all matching packets. [ 1718.896455][T31778] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7829'. [ 1718.922333][ T5825] usb 4-1: new high-speed USB device number 41 using dummy_hcd [ 1718.960843][T31780] binder: 31777:31780 ioctl 4018620d 0 returned -22 [ 1719.102431][ T5825] usb 4-1: Using ep0 maxpacket: 16 [ 1719.167523][ T5825] usb 4-1: config 0 has no interfaces? [ 1719.180767][ T5825] usb 4-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1719.294658][ T5825] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1719.309355][ T5825] usb 4-1: Manufacturer: syz [ 1719.358540][ T5825] usb 4-1: config 0 descriptor?? [ 1719.907917][ T5825] usb 1-1: new high-speed USB device number 57 using dummy_hcd [ 1720.085914][ T78] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1720.102476][ T5825] usb 1-1: Using ep0 maxpacket: 8 [ 1720.121754][ T5825] usb 1-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1720.138365][ T5825] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1720.199422][ T5825] usb 1-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1720.222500][ T5825] usb 1-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1720.392054][ T5825] usb 1-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1720.427365][ T5825] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1720.739357][ T5825] usb 1-1: GET_CAPABILITIES returned 0 [ 1720.817714][ T5825] usbtmc 1-1:16.0: can't read capabilities [ 1720.966796][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1720.975940][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1720.986644][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1720.995738][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1721.032579][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1721.041748][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1721.187096][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1721.196304][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1721.205363][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1721.215102][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1721.224286][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1721.233694][ C0] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1721.298429][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1721.307546][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1721.316755][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -71 [ 1721.325850][ C1] usbtmc 1-1:16.0: usbtmc_read_bulk_cb - nonzero read bulk status received: -2 [ 1722.072350][T13781] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 1722.312685][T13781] usb 2-1: Using ep0 maxpacket: 16 [ 1722.340555][T13781] usb 2-1: config 0 has no interfaces? [ 1722.508476][T13781] usb 2-1: New USB device found, idVendor=2040, idProduct=b138, bcdDevice= 1.42 [ 1722.535853][T13781] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 1722.549181][T13781] usb 2-1: Manufacturer: syz [ 1722.563599][T13781] usb 2-1: config 0 descriptor?? [ 1722.995289][ T5825] usb 4-1: USB disconnect, device number 41 [ 1723.106140][T13930] usb 1-1: USB disconnect, device number 57 [ 1723.289533][T31829] binder: 31827:31829 ioctl 4018620d 0 returned -22 [ 1723.316262][T31828] netlink: 132 bytes leftover after parsing attributes in process `syz.0.7840'. [ 1723.762357][T31834] x_tables: ip_tables: rpfilter match: used from hooks OUTPUT, but only valid from PREROUTING [ 1724.138182][T31840] vim2m vim2m.0: vidioc_s_fmt queue busy [ 1725.006462][ T5825] usb 2-1: USB disconnect, device number 81 [ 1725.051427][T31846] input: syz0 as /devices/virtual/input/input148 [ 1727.133798][T31877] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.7855'. [ 1727.192738][T31880] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.7855'. [ 1727.222965][T31882] netlink: 16402 bytes leftover after parsing attributes in process `syz.3.7855'. [ 1727.258269][T31886] batman_adv: batadv0: Adding interface: dummy0 [ 1727.281147][T31886] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1727.332355][T31886] batman_adv: batadv0: Not using interface dummy0 (retrying later): interface not active [ 1727.426465][T31893] mac80211_hwsim: wmediumd released netlink socket, switching to perfect channel medium [ 1727.755519][T31897] iommufd_mock iommufd_mock0: Adding to iommu group 0 [ 1728.095707][T31904] syzkaller1: tun_chr_ioctl cmd 1074025677 [ 1728.101955][T31904] syzkaller1: Refused to change device type [ 1728.352618][T31912] bridge0: port 1(syz_tun) entered blocking state [ 1728.377338][T31912] bridge0: port 1(syz_tun) entered disabled state [ 1728.387584][T31912] syz_tun: entered allmulticast mode [ 1728.396627][T31912] syz_tun: entered promiscuous mode [ 1728.653875][T31920] binder: BINDER_SET_CONTEXT_MGR already set [ 1728.660011][T31920] binder: 31919:31920 ioctl 4018620d 200000000040 returned -16 [ 1728.697795][T31920] binder: 31919:31920 ioctl c0306201 2000000003c0 returned -14 [ 1729.550258][T31948] netlink: 24 bytes leftover after parsing attributes in process `syz.3.7883'. [ 1729.787781][T13779] usb 3-1: new high-speed USB device number 42 using dummy_hcd [ 1730.078218][T13779] usb 3-1: Using ep0 maxpacket: 8 [ 1730.099943][T13779] usb 3-1: config 0 has an invalid interface number: 55 but max is 0 [ 1730.120184][T13779] usb 3-1: config 0 has no interface number 0 [ 1730.132116][T13779] usb 3-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1730.153952][T13779] usb 3-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1730.189185][T13779] usb 3-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1730.221023][T13779] usb 3-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1730.252340][T13779] usb 3-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1730.359312][ T1299] ieee802154 phy0 wpan0: encryption failed: -22 [ 1730.386132][ T1299] ieee802154 phy1 wpan1: encryption failed: -22 [ 1730.408532][T13779] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1730.465868][T31963] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7888'. [ 1730.500300][T13779] usb 3-1: config 0 descriptor?? [ 1730.548719][T13779] ldusb 3-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1730.824024][ T5825] usb 2-1: new full-speed USB device number 82 using dummy_hcd [ 1731.037704][ T5825] usb 2-1: config 0 has an invalid interface number: 35 but max is 0 [ 1731.081238][ T5825] usb 2-1: config 0 has no interface number 0 [ 1731.097499][ T5825] usb 2-1: config 0 interface 35 altsetting 0 endpoint 0xE has an invalid bInterval 0, changing to 10 [ 1731.138175][ T5825] usb 2-1: config 0 interface 35 altsetting 0 endpoint 0xE has invalid wMaxPacketSize 0 [ 1731.178663][ T5825] usb 2-1: New USB device found, idVendor=07d0, idProduct=4101, bcdDevice=ec.5c [ 1731.227249][ T5825] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1731.245960][ T5825] usb 2-1: Product: syz [ 1731.266430][ T5825] usb 2-1: Manufacturer: syz [ 1731.278187][ T5825] usb 2-1: SerialNumber: syz [ 1731.325603][ T5825] usb 2-1: config 0 descriptor?? [ 1731.356202][ T5825] cypress_m8 2-1:0.35: Nokia CA-42 V2 Adapter converter detected [ 1731.375957][T31976] batman_adv: batadv0: Adding interface: dummy0 [ 1731.398860][T31976] batman_adv: batadv0: The MTU of interface dummy0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1731.453487][T31976] batman_adv: batadv0: Interface activated: dummy0 [ 1731.539350][T31976] batadv0: mtu less than device minimum [ 1731.558721][ T5825] usb 2-1: Nokia CA-42 V2 Adapter converter now attached to ttyUSB0 [ 1731.575540][T31976] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1731.587680][T31976] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1731.599669][T31976] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1731.611556][T31976] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1731.623274][T31976] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1731.634894][T31976] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1731.646606][T31976] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1731.658623][T31976] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1731.670303][T31976] batman_adv: batadv0: Forced to purge local tt entries to fit new maximum fragment MTU (-320) [ 1732.528440][ T5825] usb 3-1: USB disconnect, device number 42 [ 1732.558866][ T5825] ldusb 3-1:0.55: LD USB Device #0 now disconnected [ 1732.712343][T13930] usb 1-1: new high-speed USB device number 58 using dummy_hcd [ 1732.750311][T32002] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1732.798603][T32002] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1732.855520][T32004] batadv_slave_0: entered promiscuous mode [ 1732.862578][T13930] usb 1-1: Using ep0 maxpacket: 8 [ 1732.878243][T13930] usb 1-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2e.04 [ 1732.893472][T13930] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1732.910600][T13930] usb 1-1: Product: syz [ 1732.916567][T13930] usb 1-1: Manufacturer: syz [ 1732.921335][T13930] usb 1-1: SerialNumber: syz [ 1732.929956][T13930] usb 1-1: config 0 descriptor?? [ 1733.157842][T13930] usb 1-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1733.259067][ T5825] usb 2-1: USB disconnect, device number 82 [ 1733.290205][ T5825] nokiaca42v2 ttyUSB0: Nokia CA-42 V2 Adapter converter now disconnected from ttyUSB0 [ 1733.315142][ T5825] cypress_m8 2-1:0.35: device disconnected [ 1733.562635][T32015] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7907'. [ 1733.573083][T13930] dvb_usb_rtl28xxu 1-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1733.611047][T13930] usb 1-1: USB disconnect, device number 58 [ 1733.615117][T32016] netlink: 8 bytes leftover after parsing attributes in process `syz.1.7907'. [ 1733.661176][T32018] netlink: 8 bytes leftover after parsing attributes in process `syz.2.7909'. [ 1733.874428][T32027] sg_read: process 1187 (syz.4.7913) changed security contexts after opening file descriptor, this is not allowed. [ 1734.552782][T13781] usb 1-1: new high-speed USB device number 59 using dummy_hcd [ 1734.776724][T13781] usb 1-1: Using ep0 maxpacket: 32 [ 1734.786829][T13781] usb 1-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 132, changing to 7 [ 1734.820611][T13781] usb 1-1: New USB device found, idVendor=0582, idProduct=0003, bcdDevice= 0.40 [ 1734.830290][T13781] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1734.840518][T13781] usb 1-1: Product: syz [ 1734.845081][T13781] usb 1-1: Manufacturer: syz [ 1734.850067][T13781] usb 1-1: SerialNumber: syz [ 1734.893262][T32045] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7921'. [ 1734.970248][T32045] netlink: 12 bytes leftover after parsing attributes in process `syz.1.7921'. [ 1735.101638][T13781] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1735.142652][T13781] snd-usb-audio 1-1:1.0: probe with driver snd-usb-audio failed with error -2 [ 1735.191287][T13781] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1735.219096][T13781] snd-usb-audio 1-1:1.1: probe with driver snd-usb-audio failed with error -2 [ 1735.289250][T13781] usb 1-1: Quirk or no altset; falling back to MIDI 1.0 [ 1735.555494][T13781] snd-usb-audio 1-1:1.2: probe with driver snd-usb-audio failed with error -2 [ 1735.571090][T13781] usb 1-1: USB disconnect, device number 59 [ 1735.647444][T15298] udevd[15298]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.2/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1737.342758][T13781] usb 4-1: new high-speed USB device number 42 using dummy_hcd [ 1737.383886][T32077] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7932'. [ 1737.412315][T32077] netlink: 4 bytes leftover after parsing attributes in process `syz.4.7932'. [ 1737.431217][T32077] netlink: 'syz.4.7932': attribute type 18 has an invalid length. [ 1737.489981][T32077] netlink: 'syz.4.7932': attribute type 18 has an invalid length. [ 1737.502607][T13781] usb 4-1: Using ep0 maxpacket: 32 [ 1737.518677][T13781] usb 4-1: config 9 has an invalid interface number: 221 but max is 1 [ 1737.535350][T13781] usb 4-1: config 9 has an invalid interface number: 221 but max is 1 [ 1737.544459][T13781] usb 4-1: config 9 has 1 interface, different from the descriptor's value: 2 [ 1737.553726][T13781] usb 4-1: config 9 has no interface number 0 [ 1737.559876][T13781] usb 4-1: config 9 interface 221 altsetting 64 endpoint 0xA has invalid wMaxPacketSize 0 [ 1737.597704][T32084] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7935'. [ 1737.869633][T13781] usb 4-1: config 9 interface 221 has no altsetting 0 [ 1737.880818][T13781] usb 4-1: New USB device found, idVendor=0582, idProduct=74ce, bcdDevice=ba.38 [ 1737.890257][T13781] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1737.898702][T13781] usb 4-1: Product: syz [ 1737.903244][T13781] usb 4-1: Manufacturer: syz [ 1737.923005][T13781] usb 4-1: SerialNumber: syz [ 1738.645525][T13781] usb 4-1: USB disconnect, device number 42 [ 1738.702468][T15361] udevd[15361]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:9.221/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1739.357216][T32109] usb usb8: usbfs: process 32109 (syz.3.7943) did not claim interface 0 before use [ 1740.221730][T32122] dvb_demux: dvb_demux_feed_del: feed not in list (type=0 state=0 pid=ffff) [ 1740.533152][T13781] usb 2-1: new full-speed USB device number 83 using dummy_hcd [ 1740.927769][T32134] vivid-000: disconnect [ 1740.938936][T32133] vivid-000: reconnect [ 1741.057601][T13781] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1741.068661][T13781] usb 2-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1741.092029][T13781] usb 2-1: New USB device found, idVendor=0b95, idProduct=172a, bcdDevice=f7.f4 [ 1741.101351][T13781] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1741.672746][T13781] usb 2-1: Product: syz [ 1741.677087][T13781] usb 2-1: Manufacturer: syz [ 1741.681712][T13781] usb 2-1: SerialNumber: syz [ 1741.691811][T13781] usb 2-1: config 0 descriptor?? [ 1741.910763][T13930] usb 2-1: USB disconnect, device number 83 [ 1742.774171][T32151] netlink: 8 bytes leftover after parsing attributes in process `syz.0.7959'. [ 1742.916681][T32151] : entered promiscuous mode [ 1743.713251][T15565] Bluetooth: hci3: ACL packet for unknown connection handle 201 [ 1743.752520][T25819] usb 3-1: new high-speed USB device number 43 using dummy_hcd [ 1743.934323][T13930] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 1744.368212][T25819] usb 3-1: config 0 has an invalid interface number: 11 but max is 0 [ 1744.389911][T25819] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1744.408656][T25819] usb 3-1: config 0 has no interface number 0 [ 1744.416817][T25819] usb 3-1: config 0 interface 11 altsetting 245 endpoint 0x7 has an invalid bInterval 0, changing to 7 [ 1744.430626][T25819] usb 3-1: config 0 interface 11 altsetting 245 endpoint 0x7 has invalid wMaxPacketSize 0 [ 1744.443030][T25819] usb 3-1: config 0 interface 11 altsetting 245 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1744.461458][T25819] usb 3-1: config 0 interface 11 has no altsetting 0 [ 1744.501301][T32190] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1744.542897][T32190] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1744.554915][T13930] usb 2-1: config 0 has too many interfaces: 253, using maximum allowed: 32 [ 1744.565229][T13930] usb 2-1: config 0 has 1 interface, different from the descriptor's value: 253 [ 1744.574678][T25819] usb 3-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 1744.615869][T13930] usb 2-1: New USB device found, idVendor=055f, idProduct=c630, bcdDevice=b6.ac [ 1744.625809][T13930] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1744.638810][T25819] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1744.657280][T13930] usb 2-1: Product: syz [ 1744.675439][T25819] usb 3-1: config 0 descriptor?? [ 1744.682350][T13930] usb 2-1: Manufacturer: syz [ 1744.687051][T13930] usb 2-1: SerialNumber: syz [ 1744.706505][T25819] keyspan 3-1:0.11: Keyspan 2 port adapter converter detected [ 1744.717356][T13930] usb 2-1: config 0 descriptor?? [ 1744.729091][T13930] gspca_main: sunplus-2.14.0 probing 055f:c630 [ 1744.740249][T25819] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 87 [ 1744.757525][T25819] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 81 [ 1744.772716][T25819] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 82 [ 1744.802680][T25819] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 1 [ 1744.822773][T25819] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 2 [ 1744.830715][T25819] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 85 [ 1744.860103][T25819] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 5 [ 1744.912897][T25819] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB0 [ 1744.954892][T25819] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 83 [ 1744.969642][T25819] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 84 [ 1744.978786][T25819] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 3 [ 1744.987083][T25819] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 4 [ 1744.995350][T25819] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 86 [ 1745.003673][T25819] keyspan 3-1:0.11: found no endpoint descriptor for endpoint 6 [ 1745.018699][T25819] usb 3-1: Keyspan 2 port adapter converter now attached to ttyUSB1 [ 1745.038448][T25819] usb 3-1: USB disconnect, device number 43 [ 1745.098957][T25819] keyspan_2 ttyUSB0: Keyspan 2 port adapter converter now disconnected from ttyUSB0 [ 1745.142951][T25819] keyspan_2 ttyUSB1: Keyspan 2 port adapter converter now disconnected from ttyUSB1 [ 1745.167976][T25819] keyspan 3-1:0.11: device disconnected [ 1745.283797][T32199] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7980'. [ 1745.293276][T32199] netlink: 8 bytes leftover after parsing attributes in process `syz.4.7980'. [ 1745.657469][T32186] syz.0.7972 (32186): drop_caches: 2 [ 1745.708443][T32207] netdevsim netdevsim2: Direct firmware load for ./file0 failed with error -2 [ 1745.719841][T32207] netdevsim netdevsim2: Falling back to sysfs fallback for: ./file0 [ 1745.966767][T32212] [ 1745.969154][T32212] ===================================================== [ 1745.976104][T32212] WARNING: SOFTIRQ-safe -> SOFTIRQ-unsafe lock order detected [ 1745.983666][T32212] syzkaller #0 Tainted: G L [ 1745.989651][T32212] ----------------------------------------------------- [ 1745.996582][T32212] syz.0.7986/32212 [HC0[0]:SC0[0]:HE0:SE1] is trying to acquire: [ 1746.004309][T32212] ffffffff8e40c058 (tasklist_lock){.+.+}-{3:3}, at: send_sigio+0x101/0x370 [ 1746.013194][T32212] [ 1746.013194][T32212] and this task is already holding: [ 1746.020612][T32212] ffff88804197baa0 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x38/0x370 [ 1746.029252][T32212] which would create a new lock dependency: [ 1746.035185][T32212] (&f_owner->lock){....}-{3:3} -> (tasklist_lock){.+.+}-{3:3} [ 1746.042786][T32212] [ 1746.042786][T32212] but this new dependency connects a SOFTIRQ-irq-safe lock: [ 1746.052241][T32212] (&dev->event_lock#2){..-.}-{3:3} [ 1746.052279][T32212] [ 1746.052279][T32212] ... which became SOFTIRQ-irq-safe at: [ 1746.065167][T32212] lock_acquire+0xf0/0x2e0 [ 1746.069771][T32212] _raw_spin_lock_irqsave+0x40/0x60 [ 1746.075237][T32212] input_event+0x76/0xe0 [ 1746.079785][T32212] xpad360_process_packet+0xda/0xdd0 [ 1746.085202][T32212] xpad_irq_in+0x14e/0x25e0 [ 1746.089978][T32212] __usb_hcd_giveback_urb+0x376/0x540 [ 1746.095458][T32212] dummy_timer+0xbbd/0x45d0 [ 1746.100067][T32212] __hrtimer_run_queues+0x53a/0xcc0 [ 1746.105446][T32212] hrtimer_run_softirq+0x182/0x5a0 [ 1746.110671][T32212] handle_softirqs+0x22a/0x870 [ 1746.115614][T32212] __irq_exit_rcu+0x5f/0x150 [ 1746.120550][T32212] irq_exit_rcu+0x9/0x30 [ 1746.124974][T32212] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1746.130693][T32212] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1746.136765][T32212] finish_task_switch+0x245/0x920 [ 1746.141964][T32212] __schedule+0x15e5/0x52d0 [ 1746.146641][T32212] schedule+0x164/0x360 [ 1746.150949][T32212] do_nanosleep+0x1c2/0x620 [ 1746.156065][T32212] hrtimer_nanosleep+0x188/0x390 [ 1746.161095][T32212] __se_sys_clock_nanosleep+0x35b/0x3b0 [ 1746.166740][T32212] do_syscall_64+0x14d/0xf80 [ 1746.171420][T32212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1746.177398][T32212] [ 1746.177398][T32212] to a SOFTIRQ-irq-unsafe lock: [ 1746.184409][T32212] (tasklist_lock){.+.+}-{3:3} [ 1746.184435][T32212] [ 1746.184435][T32212] ... which became SOFTIRQ-irq-unsafe at: [ 1746.197061][T32212] ... [ 1746.197067][T32212] lock_acquire+0xf0/0x2e0 [ 1746.204147][T32212] _raw_read_lock+0x36/0x50 [ 1746.208734][T32212] __do_wait+0xde/0x740 [ 1746.213067][T32212] do_wait+0x1e7/0x540 [ 1746.217253][T32212] kernel_wait+0xd6/0x1c0 [ 1746.221687][T32212] call_usermodehelper_exec_work+0xbe/0x230 [ 1746.227668][T32212] process_scheduled_works+0xb6e/0x18c0 [ 1746.233302][T32212] worker_thread+0xa53/0xfc0 [ 1746.237988][T32212] kthread+0x388/0x470 [ 1746.242141][T32212] ret_from_fork+0x51e/0xb90 [ 1746.246828][T32212] ret_from_fork_asm+0x1a/0x30 [ 1746.251685][T32212] [ 1746.251685][T32212] other info that might help us debug this: [ 1746.251685][T32212] [ 1746.261906][T32212] Chain exists of: [ 1746.261906][T32212] &dev->event_lock#2 --> &f_owner->lock --> tasklist_lock [ 1746.261906][T32212] [ 1746.275133][T32212] Possible interrupt unsafe locking scenario: [ 1746.275133][T32212] [ 1746.283452][T32212] CPU0 CPU1 [ 1746.288921][T32212] ---- ---- [ 1746.294283][T32212] lock(tasklist_lock); [ 1746.298525][T32212] local_irq_disable(); [ 1746.305277][T32212] lock(&dev->event_lock#2); [ 1746.312478][T32212] lock(&f_owner->lock); [ 1746.319322][T32212] [ 1746.322775][T32212] lock(&dev->event_lock#2); [ 1746.327625][T32212] [ 1746.327625][T32212] *** DEADLOCK *** [ 1746.327625][T32212] [ 1746.335898][T32212] 5 locks held by syz.0.7986/32212: [ 1746.341103][T32212] #0: ffff8880863a0fa0 (sk_lock-AF_INET6){+.+.}-{0:0}, at: inet_stream_connect+0x51/0xa0 [ 1746.351048][T32212] #1: ffffffff8e75e460 (rcu_read_lock){....}-{1:3}, at: sk_wake_async+0x86/0x280 [ 1746.360297][T32212] #2: ffffffff8e75e460 (rcu_read_lock){....}-{1:3}, at: kill_fasync+0x53/0x4d0 [ 1746.369391][T32212] #3: ffff888026ec5600 (&new->fa_lock){....}-{3:3}, at: kill_fasync+0x199/0x4d0 [ 1746.378720][T32212] #4: ffff88804197baa0 (&f_owner->lock){....}-{3:3}, at: send_sigio+0x38/0x370 [ 1746.387789][T32212] [ 1746.387789][T32212] the dependencies between SOFTIRQ-irq-safe lock and the holding lock: [ 1746.398287][T32212] -> (&dev->event_lock#2){..-.}-{3:3} { [ 1746.404117][T32212] IN-SOFTIRQ-W at: [ 1746.408354][T32212] lock_acquire+0xf0/0x2e0 [ 1746.414943][T32212] _raw_spin_lock_irqsave+0x40/0x60 [ 1746.422499][T32212] input_event+0x76/0xe0 [ 1746.428919][T32212] xpad360_process_packet+0xda/0xdd0 [ 1746.436983][T32212] xpad_irq_in+0x14e/0x25e0 [ 1746.443661][T32212] __usb_hcd_giveback_urb+0x376/0x540 [ 1746.451211][T32212] dummy_timer+0xbbd/0x45d0 [ 1746.457888][T32212] __hrtimer_run_queues+0x53a/0xcc0 [ 1746.465269][T32212] hrtimer_run_softirq+0x182/0x5a0 [ 1746.472566][T32212] handle_softirqs+0x22a/0x870 [ 1746.479719][T32212] __irq_exit_rcu+0x5f/0x150 [ 1746.486515][T32212] irq_exit_rcu+0x9/0x30 [ 1746.492949][T32212] sysvec_apic_timer_interrupt+0xa6/0xc0 [ 1746.500775][T32212] asm_sysvec_apic_timer_interrupt+0x1a/0x20 [ 1746.509027][T32212] finish_task_switch+0x245/0x920 [ 1746.516232][T32212] __schedule+0x15e5/0x52d0 [ 1746.522914][T32212] schedule+0x164/0x360 [ 1746.529247][T32212] do_nanosleep+0x1c2/0x620 [ 1746.536035][T32212] hrtimer_nanosleep+0x188/0x390 [ 1746.543166][T32212] __se_sys_clock_nanosleep+0x35b/0x3b0 [ 1746.550892][T32212] do_syscall_64+0x14d/0xf80 [ 1746.557653][T32212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1746.565718][T32212] INITIAL USE at: [ 1746.570144][T32212] lock_acquire+0xf0/0x2e0 [ 1746.576642][T32212] _raw_spin_lock_irqsave+0x40/0x60 [ 1746.584129][T32212] input_inject_event+0xa5/0x340 [ 1746.591151][T32212] kbd_led_trigger_activate+0xbc/0x100 [ 1746.598705][T32212] led_trigger_set+0x535/0x960 [ 1746.605673][T32212] led_trigger_set_default+0x260/0x2a0 [ 1746.613316][T32212] led_classdev_register_ext+0x787/0x9c0 [ 1746.621134][T32212] input_leds_connect+0x517/0x790 [ 1746.628253][T32212] input_register_device+0xd00/0x1160 [ 1746.635802][T32212] atkbd_connect+0x731/0xa50 [ 1746.642495][T32212] serio_driver_probe+0x82/0xd0 [ 1746.649430][T32212] really_probe+0x267/0xaf0 [ 1746.656275][T32212] __driver_probe_device+0x18c/0x320 [ 1746.663825][T32212] driver_probe_device+0x4f/0x240 [ 1746.671025][T32212] __driver_attach+0x349/0x640 [ 1746.677901][T32212] bus_for_each_dev+0x23b/0x2c0 [ 1746.684836][T32212] serio_handle_event+0x20a/0xdd0 [ 1746.691972][T32212] process_scheduled_works+0xb6e/0x18c0 [ 1746.699606][T32212] worker_thread+0xa53/0xfc0 [ 1746.706284][T32212] kthread+0x388/0x470 [ 1746.712433][T32212] ret_from_fork+0x51e/0xb90 [ 1746.719116][T32212] ret_from_fork_asm+0x1a/0x30 [ 1746.725967][T32212] } [ 1746.728731][T32212] ... key at: [] input_allocate_device.__key.7+0x0/0x20 [ 1746.738145][T32212] -> (&client->buffer_lock){....}-{3:3} { [ 1746.744056][T32212] INITIAL USE at: [ 1746.748120][T32212] lock_acquire+0xf0/0x2e0 [ 1746.754457][T32212] _raw_spin_lock+0x2e/0x40 [ 1746.760874][T32212] evdev_handle_get_val+0x70/0x9f0 [ 1746.767979][T32212] evdev_ioctl_handler+0x127b/0x1fe0 [ 1746.775174][T32212] __se_sys_ioctl+0xfc/0x170 [ 1746.781672][T32212] do_syscall_64+0x14d/0xf80 [ 1746.788179][T32212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1746.796068][T32212] } [ 1746.798737][T32212] ... key at: [] evdev_open.__key.27+0x0/0x20 [ 1746.807078][T32212] ... acquired at: [ 1746.811051][T32212] _raw_spin_lock+0x2e/0x40 [ 1746.815733][T32212] evdev_handle_get_val+0x70/0x9f0 [ 1746.821014][T32212] evdev_ioctl_handler+0x127b/0x1fe0 [ 1746.826467][T32212] __se_sys_ioctl+0xfc/0x170 [ 1746.831323][T32212] do_syscall_64+0x14d/0xf80 [ 1746.836093][T32212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1746.842157][T32212] [ 1746.844494][T32212] -> (&new->fa_lock){....}-{3:3} { [ 1746.849806][T32212] INITIAL USE at: [ 1746.853787][T32212] lock_acquire+0xf0/0x2e0 [ 1746.859942][T32212] _raw_write_lock_irq+0x3d/0x50 [ 1746.866702][T32212] fasync_remove_entry+0xf1/0x1c0 [ 1746.873464][T32212] lease_modify+0x4f7/0x6c0 [ 1746.879708][T32212] locks_remove_file+0x5f0/0xf70 [ 1746.886379][T32212] __fput+0x3ae/0xa70 [ 1746.892109][T32212] task_work_run+0x1d9/0x270 [ 1746.898432][T32212] exit_to_user_mode_loop+0xed/0x480 [ 1746.905456][T32212] do_syscall_64+0x32d/0xf80 [ 1746.911784][T32212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1746.919500][T32212] INITIAL READ USE at: [ 1746.923919][T32212] lock_acquire+0xf0/0x2e0 [ 1746.930510][T32212] _raw_read_lock_irqsave+0x48/0x60 [ 1746.937961][T32212] kill_fasync+0x199/0x4d0 [ 1746.944547][T32212] lease_break_callback+0x26/0x30 [ 1746.951744][T32212] __break_lease+0x81c/0x1e80 [ 1746.958599][T32212] do_dentry_open+0x1010/0x14e0 [ 1746.965629][T32212] vfs_open+0x3b/0x340 [ 1746.971871][T32212] path_openat+0x2e08/0x3860 [ 1746.978634][T32212] do_file_open+0x23e/0x4a0 [ 1746.985315][T32212] do_sys_openat2+0x113/0x200 [ 1746.992163][T32212] __x64_sys_openat+0x138/0x170 [ 1746.999196][T32212] do_syscall_64+0x14d/0xf80 [ 1747.005957][T32212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1747.014027][T32212] } [ 1747.016698][T32212] ... key at: [] fasync_insert_entry.__key+0x0/0x20 [ 1747.025476][T32212] ... acquired at: [ 1747.029381][T32212] _raw_read_lock_irqsave+0x48/0x60 [ 1747.034760][T32212] kill_fasync+0x199/0x4d0 [ 1747.039360][T32212] evdev_pass_values+0x627/0xbd0 [ 1747.044480][T32212] evdev_events+0x1e6/0x340 [ 1747.049271][T32212] input_pass_values+0x288/0x890 [ 1747.054418][T32212] input_event_dispose+0x330/0x6b0 [ 1747.059857][T32212] input_inject_event+0x1dd/0x340 [ 1747.065111][T32212] evdev_write+0x325/0x4c0 [ 1747.069795][T32212] vfs_write+0x29a/0xb90 [ 1747.074209][T32212] ksys_write+0x150/0x270 [ 1747.078722][T32212] do_syscall_64+0x14d/0xf80 [ 1747.083496][T32212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1747.089736][T32212] [ 1747.092059][T32212] -> (&f_owner->lock){....}-{3:3} { [ 1747.097275][T32212] INITIAL USE at: [ 1747.101211][T32212] lock_acquire+0xf0/0x2e0 [ 1747.107308][T32212] _raw_write_lock_irq+0x3d/0x50 [ 1747.113926][T32212] __f_setown+0x67/0x370 [ 1747.119736][T32212] do_fcntl+0x171c/0x1a20 [ 1747.125737][T32212] __se_sys_fcntl+0xc8/0x150 [ 1747.131894][T32212] do_syscall_64+0x14d/0xf80 [ 1747.138045][T32212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1747.145591][T32212] INITIAL READ USE at: [ 1747.149924][T32212] lock_acquire+0xf0/0x2e0 [ 1747.156405][T32212] _raw_read_lock_irqsave+0x48/0x60 [ 1747.163682][T32212] send_sigurg+0x55/0x420 [ 1747.170012][T32212] sk_send_sigurg+0x6c/0x2e0 [ 1747.176605][T32212] tcp_check_urg+0x200/0x760 [ 1747.183205][T32212] tcp_urg+0x15d/0x410 [ 1747.189278][T32212] tcp_rcv_established+0xf3a/0x2740 [ 1747.196470][T32212] tcp_v4_do_rcv+0xa90/0x1430 [ 1747.203233][T32212] __release_sock+0x265/0x3a0 [ 1747.209908][T32212] release_sock+0x5f/0x1f0 [ 1747.216322][T32212] tcp_sendmsg+0x39/0x50 [ 1747.222562][T32212] __sys_sendto+0x5de/0x710 [ 1747.229058][T32212] __x64_sys_sendto+0xde/0x100 [ 1747.235830][T32212] do_syscall_64+0x14d/0xf80 [ 1747.242438][T32212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1747.250429][T32212] } [ 1747.252931][T32212] ... key at: [] file_f_owner_allocate.__key+0x0/0x20 [ 1747.261785][T32212] ... acquired at: [ 1747.265586][T32212] _raw_read_lock_irqsave+0x48/0x60 [ 1747.271054][T32212] send_sigio+0x38/0x370 [ 1747.275474][T32212] kill_fasync+0x24d/0x4d0 [ 1747.280067][T32212] lease_break_callback+0x26/0x30 [ 1747.285266][T32212] __break_lease+0x81c/0x1e80 [ 1747.290120][T32212] do_dentry_open+0x1010/0x14e0 [ 1747.295156][T32212] vfs_open+0x3b/0x340 [ 1747.299431][T32212] path_openat+0x2e08/0x3860 [ 1747.304223][T32212] do_file_open+0x23e/0x4a0 [ 1747.308907][T32212] do_sys_openat2+0x113/0x200 [ 1747.313773][T32212] __x64_sys_openat+0x138/0x170 [ 1747.318811][T32212] do_syscall_64+0x14d/0xf80 [ 1747.323582][T32212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1747.329652][T32212] [ 1747.331977][T32212] [ 1747.331977][T32212] the dependencies between the lock to be acquired [ 1747.331985][T32212] and SOFTIRQ-irq-unsafe lock: [ 1747.345769][T32212] -> (tasklist_lock){.+.+}-{3:3} { [ 1747.350897][T32212] HARDIRQ-ON-R at: [ 1747.354875][T32212] lock_acquire+0xf0/0x2e0 [ 1747.360957][T32212] _raw_read_lock+0x36/0x50 [ 1747.367215][T32212] __do_wait+0xde/0x740 [ 1747.373147][T32212] do_wait+0x1e7/0x540 [ 1747.378882][T32212] kernel_wait+0xd6/0x1c0 [ 1747.384889][T32212] call_usermodehelper_exec_work+0xbe/0x230 [ 1747.392462][T32212] process_scheduled_works+0xb6e/0x18c0 [ 1747.399674][T32212] worker_thread+0xa53/0xfc0 [ 1747.406008][T32212] kthread+0x388/0x470 [ 1747.411724][T32212] ret_from_fork+0x51e/0xb90 [ 1747.417966][T32212] ret_from_fork_asm+0x1a/0x30 [ 1747.424470][T32212] SOFTIRQ-ON-R at: [ 1747.428461][T32212] lock_acquire+0xf0/0x2e0 [ 1747.434538][T32212] _raw_read_lock+0x36/0x50 [ 1747.440752][T32212] __do_wait+0xde/0x740 [ 1747.446563][T32212] do_wait+0x1e7/0x540 [ 1747.452459][T32212] kernel_wait+0xd6/0x1c0 [ 1747.458439][T32212] call_usermodehelper_exec_work+0xbe/0x230 [ 1747.465999][T32212] process_scheduled_works+0xb6e/0x18c0 [ 1747.473308][T32212] worker_thread+0xa53/0xfc0 [ 1747.479570][T32212] kthread+0x388/0x470 [ 1747.485301][T32212] ret_from_fork+0x51e/0xb90 [ 1747.491576][T32212] ret_from_fork_asm+0x1a/0x30 [ 1747.498112][T32212] INITIAL USE at: [ 1747.502096][T32212] lock_acquire+0xf0/0x2e0 [ 1747.508169][T32212] _raw_write_lock_irq+0x3d/0x50 [ 1747.514678][T32212] copy_process+0x247a/0x3cf0 [ 1747.521013][T32212] kernel_clone+0x248/0x8e0 [ 1747.527169][T32212] user_mode_thread+0x110/0x180 [ 1747.533711][T32212] rest_init+0x23/0x300 [ 1747.539517][T32212] start_kernel+0x385/0x3d0 [ 1747.545673][T32212] x86_64_start_reservations+0x24/0x30 [ 1747.552710][T32212] x86_64_start_kernel+0x143/0x1c0 [ 1747.559408][T32212] common_startup_64+0x13e/0x147 [ 1747.565914][T32212] INITIAL READ USE at: [ 1747.570249][T32212] lock_acquire+0xf0/0x2e0 [ 1747.576674][T32212] _raw_read_lock+0x36/0x50 [ 1747.583202][T32212] __do_wait+0xde/0x740 [ 1747.589570][T32212] do_wait+0x1e7/0x540 [ 1747.595675][T32212] kernel_wait+0xd6/0x1c0 [ 1747.602023][T32212] call_usermodehelper_exec_work+0xbe/0x230 [ 1747.609928][T32212] process_scheduled_works+0xb6e/0x18c0 [ 1747.617507][T32212] worker_thread+0xa53/0xfc0 [ 1747.624377][T32212] kthread+0x388/0x470 [ 1747.630445][T32212] ret_from_fork+0x51e/0xb90 [ 1747.637033][T32212] ret_from_fork_asm+0x1a/0x30 [ 1747.643890][T32212] } [ 1747.646405][T32212] ... key at: [] tasklist_lock+0x18/0x40 [ 1747.654202][T32212] ... acquired at: [ 1747.658002][T32212] _raw_read_lock+0x36/0x50 [ 1747.662703][T32212] send_sigio+0x101/0x370 [ 1747.667277][T32212] kill_fasync+0x24d/0x4d0 [ 1747.671888][T32212] sock_wake_async+0x137/0x160 [ 1747.676925][T32212] sk_wake_async+0x189/0x280 [ 1747.681699][T32212] tcp_rcv_state_process+0x1e6a/0x4810 [ 1747.687338][T32212] tcp_v4_do_rcv+0x6bb/0x1430 [ 1747.692194][T32212] __release_sock+0x265/0x3a0 [ 1747.697052][T32212] release_sock+0x5f/0x1f0 [ 1747.701645][T32212] __inet_stream_connect+0x85d/0xdd0 [ 1747.707100][T32212] inet_stream_connect+0x66/0xa0 [ 1747.712210][T32212] __sys_connect+0x312/0x450 [ 1747.717235][T32212] __x64_sys_connect+0x7a/0x90 [ 1747.722177][T32212] do_syscall_64+0x14d/0xf80 [ 1747.726946][T32212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1747.733015][T32212] [ 1747.735348][T32212] [ 1747.735348][T32212] stack backtrace: [ 1747.741236][T32212] CPU: 1 UID: 0 PID: 32212 Comm: syz.0.7986 Tainted: G L syzkaller #0 PREEMPT(full) [ 1747.741258][T32212] Tainted: [L]=SOFTLOCKUP [ 1747.741264][T32212] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1747.741274][T32212] Call Trace: [ 1747.741284][T32212] [ 1747.741291][T32212] dump_stack_lvl+0xe8/0x150 [ 1747.741312][T32212] __lock_acquire+0x2a94/0x2cf0 [ 1747.741339][T32212] lock_acquire+0xf0/0x2e0 [ 1747.741355][T32212] ? send_sigio+0x101/0x370 [ 1747.741371][T32212] ? lock_acquire+0xf0/0x2e0 [ 1747.741390][T32212] _raw_read_lock+0x36/0x50 [ 1747.741403][T32212] ? send_sigio+0x101/0x370 [ 1747.741418][T32212] send_sigio+0x101/0x370 [ 1747.741433][T32212] kill_fasync+0x24d/0x4d0 [ 1747.741447][T32212] ? kill_fasync+0x53/0x4d0 [ 1747.741463][T32212] sock_wake_async+0x137/0x160 [ 1747.741483][T32212] ? sk_wake_async+0x86/0x280 [ 1747.741499][T32212] sk_wake_async+0x189/0x280 [ 1747.741514][T32212] tcp_rcv_state_process+0x1e6a/0x4810 [ 1747.741535][T32212] ? __pfx_tcp_rcv_state_process+0x10/0x10 [ 1747.741559][T32212] ? aa_label_sk_perm+0x532/0x6e0 [ 1747.741580][T32212] ? do_raw_spin_lock+0x12b/0x2f0 [ 1747.741596][T32212] tcp_v4_do_rcv+0x6bb/0x1430 [ 1747.741616][T32212] ? __local_bh_enable_ip+0xd0/0x130 [ 1747.741634][T32212] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 1747.741653][T32212] ? __pfx_tcp_v4_do_rcv+0x10/0x10 [ 1747.741670][T32212] __release_sock+0x265/0x3a0 [ 1747.741690][T32212] release_sock+0x5f/0x1f0 [ 1747.741711][T32212] __inet_stream_connect+0x85d/0xdd0 [ 1747.741730][T32212] ? __pfx___inet_stream_connect+0x10/0x10 [ 1747.741746][T32212] ? __pfx_woken_wake_function+0x10/0x10 [ 1747.741763][T32212] ? inet_stream_connect+0x51/0xa0 [ 1747.741779][T32212] ? __local_bh_enable_ip+0xd0/0x130 [ 1747.741797][T32212] inet_stream_connect+0x66/0xa0 [ 1747.741814][T32212] __sys_connect+0x312/0x450 [ 1747.741828][T32212] ? __pfx___sys_connect+0x10/0x10 [ 1747.741844][T32212] ? rcu_is_watching+0x15/0xb0 [ 1747.741866][T32212] __x64_sys_connect+0x7a/0x90 [ 1747.741879][T32212] do_syscall_64+0x14d/0xf80 [ 1747.741895][T32212] ? trace_irq_disable+0x3b/0x150 [ 1747.741916][T32212] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1747.741931][T32212] ? clear_bhb_loop+0x40/0x90 [ 1747.741947][T32212] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1747.741962][T32212] RIP: 0033:0x7f90c4d9c799 [ 1747.741978][T32212] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1747.741990][T32212] RSP: 002b:00007f90c2ff6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002a [ 1747.742009][T32212] RAX: ffffffffffffffda RBX: 00007f90c5015fa0 RCX: 00007f90c4d9c799 [ 1747.742019][T32212] RDX: 000000000000001c RSI: 0000200000000080 RDI: 0000000000000003 [ 1747.742030][T32212] RBP: 00007f90c4e32c99 R08: 0000000000000000 R09: 0000000000000000 [ 1747.742039][T32212] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 1747.742048][T32212] R13: 00007f90c5016038 R14: 00007f90c5015fa0 R15: 00007f90c513fa48 [ 1747.742064][T32212] [ 1748.086320][T13930] gspca_sunplus: reg_r err -110 [ 1748.091357][T13930] sunplus 2-1:0.0: probe with driver sunplus failed with error -110 [ 1748.104207][T13930] usb 2-1: USB disconnect, device number 84