last executing test programs: 23.548686139s ago: executing program 0 (id=5491): r0 = openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) ioctl$TUNSETIFF(r0, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) r1 = socket$unix(0x1, 0x1, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) r3 = socket(0x10, 0x3, 0x0) sendmsg$nl_route_sched(r3, &(0x7f0000000200)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000300)=@newqdisc={0x88, 0x24, 0xf0b, 0x70bd26, 0x0, {0x0, 0x0, 0x0, r2, {0x0, 0xffff}, {0xffff, 0xffff}, {0x0, 0xfff1}}, [@qdisc_kind_options=@q_mqprio={{0xb}, {0x58, 0x2, {{0x1, [], 0x0, [0x1, 0x2, 0xfffe, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x5c4, 0x8000, 0x0, 0x0, 0x3dc], [0x0, 0x4, 0x0, 0x5, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x1000]}}}}]}, 0x88}}, 0x20000000) r4 = socket$unix(0x1, 0x5, 0x0) ioctl$sock_SIOCGIFINDEX(r4, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r3, &(0x7f00000012c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000280)=@newqdisc={0x4c, 0x24, 0x4ee4e6a52ff56541, 0x70bd2a, 0xfffffffb, {0x0, 0x0, 0x0, r5, {0x0, 0xd}, {0xffff, 0xffff}, {0x0, 0xfff3}}, [@qdisc_kind_options=@q_taprio={{0xb}, {0x1c, 0x2, [@TCA_TAPRIO_ATTR_SCHED_BASE_TIME={0x6c, 0x3, 0xffffffffffffff43}, @TCA_TAPRIO_ATTR_SCHED_CYCLE_TIME_EXTENSION={0xc, 0x9, 0xfffffffffff7fffe}]}}]}, 0x4c}, 0x1, 0x0, 0x0, 0x40001}, 0x0) 21.934769943s ago: executing program 0 (id=5498): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x7, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x6) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f00000001c0)=@abs={0x0, 0x0, 0x4e21}, 0x6e) sendmmsg$unix(r2, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r3 = socket$kcm(0x10, 0x2, 0x0) sendmsg$kcm(r3, &(0x7f0000000600)={0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000000)="2e00000010008188e6b62aa73f72cc9f0ba1f848140000005e140602000000000e000a000f000000028000001294", 0x2e}], 0x1}, 0x0) sendmsg$inet(r3, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000001640)=[{&(0x7f0000000340)}], 0x1, 0x0, 0x0, 0x1f000801}, 0x4040844) recvmmsg(0xffffffffffffffff, 0x0, 0x0, 0x2, 0x0) syz_emit_vhci(&(0x7f0000000440)=ANY=[@ANYBLOB="040e0c010320"], 0xf) syz_open_dev$vim2m(&(0x7f0000000040), 0xa, 0x2) memfd_create(&(0x7f0000000000)='\x103q}2\x9a\xce\xaf\x03\xdfy[\xd9\xffR8\xf4\x1c\bi\xe4^\xd5\xfd\xa9\r\xac7A\x94\xa0\x00\x00\x00\x90+\xd6\x05\r\x84\x87\x1c\b\xdb\xe2\x00\x00A\x90m\xb6&\xd0\x9d\x00\x00\xc5\xb8,\f\xd4s\xb2\x99/\xc0\x9a\xf2O\xdb\x00\x00\x00\x00\x00\x00\r\x1b\xd3\xff<\x83z\x80\x8fQ|\xf5d\x10\x10\xd7\x01M\x7fML\x18\'\x1a<\xfee7{l\x16}\xa0I\x7f\xb5)l\xbb\x02\xfa\xb7\xb6\xa0]\xda8\xe0~\x1c \x91\t\x8b\xbd\x1f\xb3834d1i\x9b\x94\xa6\\\x0e\xe2\xfa\xe5!\xd3\xcf\xfc\xce\xba\xe2\x9f\x05xgL5\x14Y+\xb3\x1axi)<\xf7\x98\xc1\xba\xf4|\xe7|\xc4\xd7\x03\x00\x00\x00\x04D\x15E^7%8\x94y\x98\xf0l\xa0\'Q%\xd4\xda\xee\x81}\xcc\xfd\xa2\xe3M~x\x96\xe3]\xd70\xa2\x17\xca\xde\x1b\xaa\xe0l\xfc\x85\x8fc\x1c{|e\x8bs\xb0\x85E\xce;p)\xf8\xa6\xaa&QC4V\x81\x04\xcf\xd2\x81\xdc\xdf\xd7<\x9f\x93\x8bX\xd4\xea\xb2\xff\b\x92\xc7\x00\xef\xff\x00\x93\x1f\x92\xa7dcY\x9c\x9e9O-\xfcF\xbb\xbd{:IR\xea\xd8$\xe2\xa0\xc2\x8b\x1a\xead\xb8\xe1:6\x15M\x1d\xdak\x8c\x909\xd8\xb3\x02\xe0\x04\x9c\xc2\x06|\xf0\x0f\xa6Y&r\x9b\xc7\x1d\xe7jDf\x87@\x8fg\x15RJwe\xe2\xdcunu\xff`\xa40\xce\xffB%\xe4k\xff\x8d\x06\x0e\x89\xd9DC\x9fF\x9c[M=\xe0^\xa8\xed)\xe8Z\xe8\x99&\x87\x04\xa4\t\xaa\xd8\xd6\xd5pG\xcb\xc4\x8b\xf7\xb8#\xcb\xd8|\xa5\xa6S\x8b\x8cv\xb7)\x02k\xf3L\x03\xbb\xfa\xe1\\\xf1\x8cUj\xd5\xa5\x88GL\xe7_\xfd\x17C=G\x0f\xe9u\x1d\xfeg\xfex\xcd\xaa\xad\x906\xd0sy\xc6T\x93\xae\xd5r\xc8G\xc5\xfdS\xff\x04:`\x1e\xe3;l\xcd&\xd4\xf4\x8eum\x04\x00~\xfa\x05\xd7\xe7X\xc7/\xae5\x93wwT\x13\xbd,\xd6\x16\x84\xcd\xd1\xd8\xe1P_\xbf0\xd8\x8d%Yh\xb5\xb4\"\xf5\x93\xdeh\xce\xa5\xe8\xc8\xec\x88\x89\xf07{\x95\xc9\xd0\xee\xe1\x1d\x80\xcc]-\xc2\xa1\x02ELhI\xd9\xf5\xcfk\x8a&i\xc1\xff9T\x8e\xe2rY\xa3\xd2H9\xfe\x0e\x1e\xac\x0f\xc3\xbd{\xd9\xcc\xbe\xa9\x93\xe0\xa4W\x1cn>\xc1\xf1\x9e\"\x93\x19\x19\x1a\xcc\x7fy\xd2~\x05\x99\xe6\x00o\xca\xe0\xc6\xd4\xf5\xa0\xc8P\xd6;\xf3\xc6~E\xacI\xd4\xe9\xa1|>\x91.K\x81\xa9+\xcf\xff\xcb\xfa\x0f\xe7n\x83H\x12\xac\x80\x16\xf8\x87Q\x97Az\n`\xb6\xe13A\xec\x8d(\\D\xec\xa6\t1\xa0h\xfc\x1f\xdd1@-4\xb4:\xf8\xd5wP \x84m\xe2\xd9\xfcb\xa0\xc3\xc9\xe7W\x86\xd7$\xa4ml\xee\x97[\xb7\xfa', 0x2) r4 = openat$vhost_vsock(0xffffffffffffff9c, &(0x7f00000007c0), 0x2, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_BASE(r4, 0x4008af12, &(0x7f0000000080)={0x1, 0x7f}) ioctl$VHOST_SET_LOG_FD(r4, 0x4004af07, &(0x7f0000000240)) ioctl$VHOST_SET_VRING_KICK(r4, 0x4008af20, 0x0) ioctl$VHOST_SET_VRING_CALL(r4, 0x4008af21, &(0x7f0000000780)={0x1}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000140)={0x0, 0x0, 0x0, &(0x7f0000000180)=""/53, 0x0}) ioctl$VHOST_SET_VRING_ADDR(r4, 0x4028af11, &(0x7f0000000280)={0x1, 0x1, &(0x7f0000000380)=""/247, &(0x7f00000000c0)=""/87, &(0x7f0000000800)=""/90}) r5 = socket(0x10, 0x80002, 0x0) getsockopt(r5, 0x1, 0x2f, &(0x7f0000000540)=""/67, &(0x7f0000000480)=0x43) 19.792006313s ago: executing program 0 (id=5500): pipe(0x0) write(0xffffffffffffffff, 0x0, 0x0) unshare(0x20000400) socket$nl_netfilter(0x10, 0x3, 0xc) r0 = socket$pppl2tp(0x18, 0x1, 0x1) r1 = socket$inet6_udp(0xa, 0x2, 0x0) connect$pppl2tp(r0, &(0x7f0000000000)=@pppol2tp={0x18, 0x1, {0x0, r1, {0x2, 0x4e24, @broadcast}, 0x2, 0x0, 0x3}}, 0x26) r2 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r2, &(0x7f0000000040)=@pppol2tpv3={0x18, 0x1, {0x3, r0, {0x2, 0x4e21, @broadcast}, 0x2, 0x9800, 0xfffffffd}}, 0x2e) r3 = socket$pppl2tp(0x18, 0x1, 0x1) connect$pppl2tp(r3, &(0x7f00000000c0)=@pppol2tp={0x18, 0x1, {0x0, 0xffffffffffffffff, {0x2, 0x0, @initdev={0xac, 0x1e, 0x0, 0x0}}, 0x2, 0x3}}, 0x26) r4 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x1, 0x0) ioctl$PPPIOCATTCHAN(r4, 0x40047438, &(0x7f0000000500)=0x2) ioctl$PPPIOCBRIDGECHAN(r4, 0x40047435, &(0x7f0000000200)=0x1) r5 = openat$ppp(0xffffffffffffff9c, &(0x7f00000000c0), 0x88001, 0x0) ioctl$PPPIOCATTCHAN(r5, 0x40047438, &(0x7f0000000500)=0x2) ioctl$PPPIOCBRIDGECHAN(r5, 0x40047435, &(0x7f0000000200)=0x1) 19.716976961s ago: executing program 0 (id=5501): socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x6, 0x8, 0x8001, 0x0, 0x9, 0x4, 0xfffffe0000000001, 0xfa14, 0xffffffff}, 0x0) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$IPCTNL_MSG_EXP_NEW(0xffffffffffffffff, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="c8000000000201040000000000000000"], 0xc8}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000007c0)={&(0x7f0000000000)=ANY=[@ANYBLOB="30000000180009007ebd7000000000001c"], 0x30}}, 0x0) openat$iommufd(0xffffffffffffff9c, 0x0, 0x0, 0x0) r3 = openat$fb0(0xffffffffffffff9c, &(0x7f00000001c0), 0x101800, 0x0) ioctl$FBIOBLANK(r3, 0x4611, 0x3) socket$inet6_tcp(0xa, 0x1, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$ethtool(&(0x7f0000000100), 0xffffffffffffffff) r6 = socket$nl_generic(0x10, 0x3, 0x10) r7 = syz_genetlink_get_family_id$mptcp(&(0x7f00000002c0), 0xffffffffffffffff) sendmsg$MPTCP_PM_CMD_ADD_ADDR(r6, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000440)={&(0x7f0000000200)={0x28, r7, 0x1, 0xff1f0000, 0x0, {0x7}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_ID={0x5, 0x2, 0x1}, @MPTCP_PM_ADDR_ATTR_FLAGS={0x8, 0x6, 0x1f}]}]}, 0x28}}, 0x0) sendmsg$MPTCP_PM_CMD_ADD_ADDR(0xffffffffffffffff, &(0x7f0000000400)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000000)={0x18, r7, 0x100, 0x70bd29, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x4040082}, 0x0) sendmsg$ETHTOOL_MSG_STRSET_GET(r4, &(0x7f0000000500)={0x0, 0x0, &(0x7f00000004c0)={&(0x7f00000003c0)={0x18, r5, 0xef5ebf77ce25880d, 0x70bd2d, 0x25dfdbfd, {}, [@ETHTOOL_A_STRSET_HEADER={0x4}]}, 0x18}, 0x1, 0x0, 0x0, 0x8c0}, 0x10) 17.747113313s ago: executing program 0 (id=5507): r0 = syz_open_dev$tty1(0xc, 0x4, 0x1) socket$nl_generic(0x10, 0x3, 0x10) ioctl$TIOCMSET(r0, 0x5418, &(0x7f0000000080)=0x2000800) r1 = socket$inet6_sctp(0xa, 0x1, 0x84) setsockopt(r1, 0x84, 0x2, 0x0, 0x0) r2 = syz_open_procfs(0xffffffffffffffff, &(0x7f0000000080)='clear_refs\x00') write$binfmt_format(r2, &(0x7f0000000300)='1\x00', 0x2) mbind(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x0, 0x0, 0x0, 0x2) r3 = openat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x80000, 0xf8) socket$inet6(0xa, 0x5, 0xfffffff7) syz_open_dev$dri(&(0x7f0000000180), 0x1, 0x0) ioctl$DRM_IOCTL_MODE_CURSOR(r3, 0xc01c64a3, &(0x7f00000000c0)={0x2, 0x0, 0x3a3, 0x2, 0xc, 0xffffffc0, 0xffffffff}) ioctl$TIOCL_PASTESEL(0xffffffffffffffff, 0x541c, &(0x7f0000000000)) 15.933849162s ago: executing program 0 (id=5510): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$binfmt_format(0xffffff9c, 0x0, 0x2, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r2 = io_uring_setup(0x3454, &(0x7f00000003c0)={0x0, 0x0, 0x40, 0x0, 0xa7}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) mmap(&(0x7f0000a82000/0x3000)=nil, 0x3000, 0x300000a, 0xa3b749903f41249d, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) write$binfmt_format(r1, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) io_uring_enter(0xffffffffffffffff, 0x100000, 0x2, 0xf, &(0x7f0000000000), 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, r3) socket$netlink(0x10, 0x3, 0x14) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x800) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x38400, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = syz_open_dev$ndb(&(0x7f0000000740), 0x0, 0x2000) ioctl$NBD_SET_TIMEOUT(r4, 0xab09, 0xfffffffffffffffe) socket$netlink(0x10, 0x3, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0x80585414, &(0x7f0000000280)) 12.388841266s ago: executing program 2 (id=5520): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$binfmt_format(0xffffff9c, 0x0, 0x2, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r2 = io_uring_setup(0x3454, &(0x7f00000003c0)={0x0, 0x0, 0x40, 0x0, 0xa7}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) mmap(&(0x7f0000a82000/0x3000)=nil, 0x3000, 0x300000a, 0xa3b749903f41249d, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) write$binfmt_format(r1, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) io_uring_setup(0xbbc, &(0x7f0000000280)={0x0, 0x0, 0x2, 0x0, 0x345}) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, r3) socket$netlink(0x10, 0x3, 0x14) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x800) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) syz_open_dev$ndb(&(0x7f0000000740), 0x0, 0x2000) socket$netlink(0x10, 0x3, 0x0) 9.708424856s ago: executing program 2 (id=5529): r0 = syz_usb_connect$hid(0x0, 0x36, &(0x7f00000003c0)=ANY=[@ANYBLOB="12010000090024206d041cc340000000000109022400010000a00009040000010301010009210008000122010009058103"], 0x0) syz_usb_control_io$hid(r0, &(0x7f0000000240)={0x24, &(0x7f0000000100)=ANY=[@ANYBLOB="00000c000000eaff01"], 0x0, 0x0, 0x0}, 0x0) unshare(0x200) openat$nullb(0xffffffffffffff9c, &(0x7f0000000080), 0x4000000004002, 0x0) bpf$PROG_LOAD(0x5, 0x0, 0x0) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000300)=ANY=[], &(0x7f0000000240)='GPL\x00', 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x33, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f0000000400)={0x18, 0x3, &(0x7f0000000540)=ANY=[], 0x0, 0xc, 0xb9, &(0x7f0000000140)=""/185, 0x40f00, 0x2b, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x37}, 0x94) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x6) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x8fb90000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$inet_mptcp(0x2, 0x1, 0x106) bind$inet(r4, &(0x7f0000000080)={0x2, 0x4e24, @multicast2}, 0x10) connect$inet(r4, &(0x7f00000009c0)={0x2, 0x4e24, @loopback}, 0x10) futex_waitv(&(0x7f0000001d40)=[{0xc43d, 0x0, 0x2}], 0x1, 0x0, &(0x7f0000002600), 0x2) r5 = socket(0x10, 0x3, 0x4) sendmsg$nl_route_sched(r5, &(0x7f0000000140)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000500)=@newqdisc={0x68, 0x14, 0x70b, 0x7fffffff, 0x0, {0x2, 0x0, 0x0, 0x0, {0x4, 0xb}, {0x4, 0xc}, {0x4, 0x2}}, [@TCA_STAB={0x44, 0x8, 0x0, 0x1, [{{0x1c, 0x1, {0x10, 0xfc, 0x200, 0x80000e, 0x0, 0x1000, 0x7e}}, {0x4}}, {{0x1c, 0x1, {0x9, 0x5, 0x8, 0x11, 0x1, 0xa, 0x6}}, {0x4}}]}]}, 0x68}, 0x1, 0x0, 0x0, 0x800}, 0x0) r6 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r6, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000200)={&(0x7f0000000380)=ANY=[@ANYBLOB="140000001000010000000000000000000000000a28000000000a0101000000005e1affd5020000000900010073797a300000000008000240000000032c000000030a01030000e6ff00000000020000000900010073797a30000000000900030073797a320000000014", @ANYRES64=r5], 0x7c}, 0x1, 0x0, 0x0, 0x10}, 0x4000011) sendmsg$NFT_BATCH(r6, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000080)={&(0x7f0000000680)=ANY=[@ANYBLOB="14000000100001000000000000b890c1a000000a80000000160a01030000000000000000020000000900020073797a30000000000900010073797a30000000005400038008000240000000000800014000000000400003801400010076657468315f746f5f6272696467650014000100776732000000000000000000000000001400010076657468305f746f5f7465616d00000014000000110001"], 0xa8}}, 0x0) sendmsg$NFT_MSG_GETFLOWTABLE(r6, &(0x7f0000000240)={0x0, 0x0, &(0x7f00000001c0)={&(0x7f0000000280)={0x20, 0x17, 0xa, 0x201, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFTA_FLOWTABLE_TABLE={0x9, 0x1, 'syz1\x00'}]}, 0x20}, 0x1, 0x0, 0x0, 0x1}, 0x90) syz_usb_control_io(r0, 0x0, &(0x7f0000000180)={0x84, 0x0, 0x0, 0x0, 0x0, &(0x7f0000000280)=ANY=[@ANYBLOB=' '], 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io(r0, 0x0, 0x0) syz_usb_control_io(r0, 0x0, &(0x7f0000000300)={0x84, 0x0, 0x0, 0x0, &(0x7f0000000000)={0x20, 0x0, 0x4, {0x1}}, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}) syz_usb_control_io$hid(r0, 0x0, 0x0) 9.588471798s ago: executing program 4 (id=5530): socket$packet(0x11, 0x2, 0x300) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000a00)=""/102400, 0x19000) fsopen(0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x89f1, &(0x7f0000010640)={'tunl0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x2f, 0xb6, 0xc, 0x0, 0xf8, 0x0, 0xfb, 0xfe, 0x0, 0x4, 0x0, 0x0, 0x0, 0xff, 0xff, 0x45, [0x0, 0x89fc]}}) r3 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r3, 0x0, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000040)={0x1d, r5, 0x0, {0x0, 0xf1, 0x4}, 0xfe}, 0x18) connect$can_j1939(r4, &(0x7f0000000640)={0x1d, r5}, 0x18) r6 = socket$inet_sctp(0x2, 0x5, 0x84) openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x218202, 0x0) setsockopt$inet_group_source_req(r6, 0x0, 0x2e, &(0x7f0000000000)={0x6, {{0x2, 0x4e21, @empty=0xe0009eff}}, {{0x2, 0x4e23, @multicast2}}}, 0x108) socket$inet_sctp(0x2, 0x1, 0x84) pread64(0xffffffffffffffff, &(0x7f00000000c0)=""/144, 0x90, 0x5e) 7.753842252s ago: executing program 3 (id=5534): r0 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r1 = ioctl$KVM_CREATE_VM(r0, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r1, 0x4020ae46, &(0x7f00000001c0)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x121000) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) r2 = ioctl$KVM_CREATE_VCPU(r1, 0xae41, 0x0) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000016000/0x18000)=nil, &(0x7f0000000040)=[@text64={0x40, 0x0}], 0x1, 0x0, &(0x7f0000000180)=[@cr4={0x1, 0x40002}], 0x1) syz_kvm_setup_cpu$x86(0xffffffffffffffff, r2, &(0x7f0000008000/0x18000)=nil, 0x0, 0x0, 0x0, 0x0, 0x0) ioctl$KVM_RUN(r2, 0xae80, 0x0) 7.668259417s ago: executing program 1 (id=5536): openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000380)={0x1, 0x0, [{0x4, 0x0, 0x0}]}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f00000006c0)=""/192, &(0x7f0000000140)=""/92, 0x80e3001}) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) setitimer(0x1, 0x0, 0x0) getitimer(0x1, 0x0) bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000002c0)={0x18, 0x1, &(0x7f0000000100)=ANY=[@ANYBLOB="10d04908c5dc30eea4020c1378535f00ff030000000000"], 0x0, 0x1, 0xe3, &(0x7f0000000440)=""/227, 0x40f00, 0x20, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, &(0x7f0000000080)={0x809, 0x4}, 0x8, 0x10, 0x0, 0x0, 0x0, 0x0, 0x1, &(0x7f0000000540)=[0xffffffffffffffff, 0x1, 0x1, 0x1, 0xffffffffffffffff], &(0x7f0000000180)=[{0x1, 0x3, 0x5, 0x3}], 0x10, 0x18d}, 0x94) preadv(0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x6) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40186f40, &(0x7f0000000440)=0x1f) openat$cgroup_ro(r4, &(0x7f00000001c0)='blkio.bfq.empty_time\x00', 0x275a, 0x0) syz_usb_connect$uac1(0x4, 0xa8, &(0x7f0000000600)=ANY=[@ANYBLOB="12013103000000006b1d01014000010203010902960003010390350904000000010100000a242b3c4e59d202bfdf01000040000201020724080601008009240305070306040f0c240202020407020d00d707052404010a0b24080675390904010000010200000904010101010200000905010900000000000725010000000009040200000902000009040201010102000009058209000000060007250100000000"], 0x0) 7.497393244s ago: executing program 4 (id=5537): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$binfmt_format(0xffffff9c, 0x0, 0x2, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r2 = io_uring_setup(0x3454, &(0x7f00000003c0)={0x0, 0x0, 0x40, 0x0, 0xa7}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) mmap(&(0x7f0000a82000/0x3000)=nil, 0x3000, 0x300000a, 0xa3b749903f41249d, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) write$binfmt_format(r1, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) io_uring_enter(0xffffffffffffffff, 0x100000, 0x2, 0xf, &(0x7f0000000000), 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, r3) socket$netlink(0x10, 0x3, 0x14) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x800) ioctl$TUNSETIFF(0xffffffffffffffff, 0x400454ca, &(0x7f0000000040)={'syzkaller0\x00', 0x7101}) syz_open_dev$ndb(&(0x7f0000000740), 0x0, 0x2000) socket$netlink(0x10, 0x3, 0x0) 6.506830451s ago: executing program 3 (id=5538): openat$sndseq(0xffffffffffffff9c, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0xa, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) r0 = getpid() sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) sched_setscheduler(r0, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0xf0667000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f0000000180)=@abs, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) ioctl$VHOST_SET_OWNER(0xffffffffffffffff, 0xaf01, 0x0) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000300)={0x1, 0x0, 0x0, &(0x7f0000001600)=""/78, 0x0}) ioctl$VHOST_SET_MEM_TABLE(0xffffffffffffffff, 0x4008af03, &(0x7f0000000380)={0x1, 0x0, [{0x4, 0x0, 0x0}]}) ioctl$VHOST_SET_VRING_ADDR(0xffffffffffffffff, 0x4028af11, &(0x7f0000000280)={0x0, 0x0, 0x0, &(0x7f00000006c0)=""/192, &(0x7f0000000140)=""/92, 0x80e3001}) ioctl$VHOST_VSOCK_SET_RUNNING(0xffffffffffffffff, 0x4004af61, &(0x7f00000000c0)=0x1) openat$binderfs(0xffffffffffffff9c, 0x0, 0x0, 0x0) ioctl$BINDER_WRITE_READ(0xffffffffffffffff, 0xc0306201, 0x0) ioctl$VHOST_VSOCK_SET_GUEST_CID(0xffffffffffffffff, 0x4008af60, &(0x7f0000000040)={@my=0x1}) r3 = socket$vsock_stream(0x28, 0x1, 0x0) connect$vsock_stream(r3, &(0x7f0000000200)={0x28, 0x0, 0x0, @my=0x1}, 0x10) setitimer(0x1, 0x0, 0x0) getitimer(0x1, 0x0) preadv(0xffffffffffffffff, 0x0, 0x0, 0x10000, 0x6) sendmsg$ETHTOOL_MSG_LINKINFO_SET(0xffffffffffffffff, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000380)=ANY=[@ANYBLOB="00042dbd7000fd30ef789a1bab89bbeb31646c37d59f669087fd09700d7b69fe10a681e2f9083e4724464a1a020b9a63725a9b63fd72d226376ca8ce31a82730"], 0x14}, 0x1, 0x0, 0x0, 0x2000}, 0x4001) r4 = openat$ubi_ctrl(0xffffffffffffff9c, &(0x7f0000000000), 0x8400, 0x0) ioctl$FS_IOC_SETFLAGS(r4, 0x40186f40, &(0x7f0000000440)=0x1f) 5.74349132s ago: executing program 2 (id=5539): socket$inet6_sctp(0xa, 0x1, 0x84) connect$unix(0xffffffffffffffff, &(0x7f00000027c0)=@file={0x0, './file0\x00'}, 0x6e) socket$inet6_udp(0xa, 0x2, 0x0) socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000240)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8b07, &(0x7f0000000080)={'virt_wifi0\x00', @dev={'\xaa\xaa\xaa\xaa\xaa', 0x20}}) syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) syz_open_dev$I2C(0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x1) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) connect$bt_l2cap(0xffffffffffffffff, &(0x7f0000000040)={0x1f, 0x0, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0xb}, 0xe) close(0x3) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000680)=@bpf_ext={0x1c, 0x0, &(0x7f00000000c0), &(0x7f0000000280)='syzkaller\x00', 0x10001, 0xd8, &(0x7f00000004c0)=""/216, 0x41000, 0xc, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x2fc68, 0xffffffffffffffff, 0x4, 0x0, &(0x7f0000000600)=[{0x4, 0x5, 0x2, 0x8}, {0x1, 0x4, 0x10, 0xf}, {0x0, 0x3, 0x1, 0x7}, {0x0, 0x5, 0xf, 0x2}], 0x10, 0xf}, 0x94) r2 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r2, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000003c0)=ANY=[@ANYBLOB="44000000190001090000000000000000021800000000fd010000000008000100ac141400100016800c0001000000000000000fff080005000a01010206001500060000000fe339164f0b594f409ac86d6f5a08ce4af36884550425f3d08a7244bb38b962b9184c7e2589bf20c255e560a002d6d0669507b7a649c8718803fba69eea760a819d3b52ef65b1e2d8ff550dbf60cf9f101dead21a15b08b38b926cf7c0ce19ba24dc2f6e0f5"], 0x44}, 0x1, 0x0, 0x0, 0x20000000}, 0x0) r3 = syz_open_procfs(0x0, &(0x7f0000001380)) getdents(r3, &(0x7f0000002000)=""/4096, 0x1000) 5.333618603s ago: executing program 3 (id=5540): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000200)=0x5) r0 = openat$sequencer(0xffffffffffffff9c, &(0x7f0000000300), 0x80200, 0x0) openat$kvm(0xffffffffffffff9c, &(0x7f0000000c80), 0x40, 0x0) syz_genetlink_get_family_id$ethtool(&(0x7f0000000080), 0xffffffffffffffff) sendmsg$ETHTOOL_MSG_PAUSE_SET(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, 0x0}, 0x0) r1 = syz_open_dev$sndmidi(&(0x7f00000004c0), 0x2, 0x141102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) r2 = socket$inet6_sctp(0xa, 0x5, 0x84) r3 = syz_io_uring_setup(0x487, &(0x7f00000000c0)={0x0, 0x9010, 0x800, 0x0, 0x165, 0x0, r0}, &(0x7f0000000000)=0x0, &(0x7f0000000280)=0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup.net/syz0\x00', 0x1ff) r6 = openat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000), 0x200002, 0x0) mkdirat$cgroup(r6, &(0x7f0000000dc0)='syz0\x00', 0x1ff) r7 = openat$cgroup_freezer_state(r6, &(0x7f00000002c0), 0x2, 0x0) write$cgroup_freezer_state(r7, &(0x7f00000000c0)='FROZEN\x00', 0x7) sendfile(r7, r7, 0x0, 0x8000002) io_uring_register$IORING_REGISTER_PBUF_RING(r3, 0x16, &(0x7f0000000140)={&(0x7f0000001000)={[{0x0, 0x5, 0x3, 0x700}]}, 0x1, 0x1}, 0x1) syz_memcpy_off$IO_URING_METADATA_GENERIC(r4, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r4, r5, &(0x7f00000002c0)=@IORING_OP_RECV=@use_registered_buffer={0x1b, 0x20, 0x0, r2, 0x0, 0x0, 0x0, 0x60, 0x1, {0x1}}) io_uring_enter(r3, 0x3517, 0x173d, 0x42, 0x0, 0x0) io_uring_register$IORING_UNREGISTER_RING_FDS(r3, 0x15, &(0x7f0000000c00)=[{0x2, 0x0, 0x0, &(0x7f0000000240)=[{&(0x7f0000000480)=""/33, 0xfffffffffffffdbf}, {&(0x7f0000000180)=""/68, 0x44}], &(0x7f0000000340)=[0x2, 0x7ff, 0x3, 0xdf65, 0x100000001, 0x76, 0x8001, 0x7fff]}, {0x8, 0x1, 0x0, &(0x7f00000007c0)=[{&(0x7f0000002000)=""/4096, 0x1000}, {&(0x7f00000003c0)=""/184, 0xb8}, {&(0x7f0000000cc0)=""/6, 0x10}, {&(0x7f0000000500)=""/255, 0xff}, {&(0x7f0000000600)=""/59, 0x3b}, {&(0x7f0000000640)=""/81, 0x51}, {&(0x7f0000003000)=""/4096, 0x1000}, {&(0x7f00000006c0)=""/210, 0xd2}], &(0x7f0000000880)=[0xffffffffffffffff, 0x6, 0x9, 0x1ff, 0x100000000]}, {0x6, 0x0, 0x0, &(0x7f0000000b40)=[{&(0x7f0000000040)=""/35, 0x23}, {&(0x7f0000000900)=""/240, 0xf0}, {&(0x7f0000004000)=""/4096, 0xffffffffffffffbc}, {&(0x7f0000000a00)=""/49, 0x31}, {&(0x7f0000000a40)=""/118, 0x76}, {&(0x7f0000000ac0)=""/119, 0x77}], &(0x7f0000000bc0)=[0x1]}], 0x3) 5.233109381s ago: executing program 4 (id=5541): socket$nl_route(0x10, 0x3, 0x0) r0 = openat$udambuf(0xffffffffffffff9c, &(0x7f00000000c0), 0x2) r1 = memfd_create(&(0x7f0000000700)='y\x105\xfb\xf7u\x83%\x1f\xe09@:r\xc2\xb9x0\x90P\x03\x00\x00\x00\x00\x00\x00\x00\xfe,\x1c\xf1\xdd\xcf]\xac\xbc\t\xbb\xfc\xa4j\x9f\xceX\x8f5=\xaa\xd5\xe9n\xab s\xa5\x00\x8d\tV\t\x91\x18\x06O\xb0=D\xda\xb6F\x1a\xc82\x8b\xc0l\xd0\x89d\xe6\xb7\xd8\x97\xb8\xde\xa3\x89\xc2%/u\x17\xdaM\x8d\x01Lh\x1e^\x9ej\x1c\xc5\xf0\xf6\x92\x05\x9aH\x00\'\xd4\x94d_\v\xfc\xad\x0f\xa8\xc5\xad\x00\xc2\x12\xff\xff\xff\xff\xff\xff\x00\x00\x00\x00\nj\x8c\xef\x90\xc0Z\xfa\x1a\xb3\xf0wVq\xe9d\xf8N\x80\xd1g\xd8e\xc8\x16\xad1\x02\xab\xce3\xb2\xb0\xd1\x11\xf0\xc3Gj+kV$\x80\x8aJ$\x81\xc0\x16\xf5\x9cz\x10\x97\xdb\x12H\xee/\xe3sY\x02D;L~\xd0\xb44\x01*\xfb\xa4 \xb2b\x90H$\xb2\xad\xbf\x8aM\xb6\x81\x81^\x02\xa0\xa7t\xfbHb\xa5=\xdd+$\xc06J\xb4\xf0\xab\x85Xz\x9f\xb2D$\xbe\xd9\x7f-\r\x9aj9r\n_\x11\xd4\x19\xb0\xa0G\xb7\x94\xf7\xfd~\xe9\xb6G\xbfE\xbb\x15\x15\xa6\xca2\xd0\xd3\x8c\xf7nO\xf9\xa8\xfd\x8a\xd2\xb2\xab\xff\xe4\xb0;\xd9\xa8\f\x03R\xbd%\x9fF\xee\x05\x06.3(QF?\f\x05\xa4uY\xee\xab\x8a\xeb~\xed\xcb0\xb7\xe7\xe6?8g\x8aN\xda\x8f\x9d\xde\x1eNaS\x8fLk\xf1\x965N\x18\x8c\xb9=5\x991\xae\x89N\x13\xd1\xf7\xf0\x13\xb2\xaeS\xa1\x97\x18j\xea\x9f\xde\xb6\xd4\xdc\xe6*\x9c\xfdV\x82\x05', 0x2) ftruncate(r1, 0xffff) fcntl$addseals(r1, 0x409, 0x3) close(0x3) r2 = ioctl$UDMABUF_CREATE(r0, 0x40187542, &(0x7f0000000000)={r1, 0x5, 0x0, 0x2000}) syz_open_procfs(0x0, &(0x7f0000000000)='fdinfo/3\x00') write(r2, &(0x7f0000000380)="1c0403005ef69877e3df3f44730b2881ebbd692c714885eff84b0bed89b0975c2cd36d810d78829050752b5879c1198453c98d5c493f40a35731bbfa8e621a48598102000000446063869064317a1f527ed6389b69389b4f91704faf1ea621178530154e2d389d7ecc7d9a62bbdbe3228b000000000000f51b32faf5b586958befa5a33c1dc22a00f7af1d453edee207ab5ecedd576b55eb71185024789756eb8e37b822abb5b16f62b7ec69b0ab36366c6f3f3900003303086ddc4730b85700004b1889917ebbf85b2f955b47710500d07e77b2ee20cfdb62bc1302f3158118d3c71ceefcdf12b4bb2cb4470177b8b6808a869feb12444fad6ebd3284dbdca3c26081ad6a880d66b5a4eed789cb5dfb485410c6efc6bedd484eee21f6a43032e3fa03022b47f9bd2a8e4b4dd8338d89315b9371cebf62e5dccd11ca", 0x13c) syz_emit_ethernet(0x212, &(0x7f0000000f40)=ANY=[@ANYBLOB="aaaaaaaaaaaa00000000000086dd684a5a6c01dc210100000000000000000000ffff00000000fe8000000000000000000000000000aa0f0a000000000000042557691d56a121b709af7134b29c4e0d01f2bfc45d1f9ce75e15f4ff37914c853f38f69605c50502000301080000000000000000040119010200000502000cc9100000000000000000000000000000010000000000003207000000000000040100010493ca286a01020000000100810216b705020007010800000000000000000502000ac96f028000000000000000000000000000bb3b14000200000000ff010000000000000000000000000001fc010000000000000000000080000002fc020000000000000000000000000001fe8000000000000000000000000000aafc010000000000000000000000000000fe8000000000000000000000000000aafe880000000000000400000000000001fc020009000000000000000000000001fc000000000000000000000000000000fc0000000000000000000000000000014e244e2104d19069623a3e456c8a22b2ba30df6b8b66ceba26a54d70c79a8132cd3c54dfaeb8cf38f2437f0391e40f06f79deb001237ff82b223cbb1868cbcd39ea01468a9a3896f225a3c4b0e75a31a6a683f0607a4ce31f52d6291506df80f6fcdc88f92643f111aa2e5a78817bd020b7cd37e370a9101d2cf2cc83c7b6a394e1236661201b196abe5352e00"], 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000001cc0)={0x0, 0x1c, &(0x7f0000001c80)={&(0x7f00000008c0)=ANY=[@ANYBLOB="140000001000010000000000000000000a00000a00000000090a000000000000007c580832aa7c4e24a9598a9c0000000700000600000c4000000d3400000000180a01020000000040000000020000080000054000000000000000010000020073797a3100000000000003800000038000000100626f6e645f736c6176655f300000000000000140000001000000024000010001000003800000020073797a3000000000000007400000000100000740000000010000038000000380000001006d616376746170300000000000000000000001006261746164765f736c6176655f3000000000010077673100000000000000000000000000f7fd010070696d7265673000000000000000000000000100726f7365300000000000000000000000000001007465616d5f736c6176655f3100000000000001006e6574706369300000000000000000006cbbd30000010069703665727370616e3000000000000000000100697036677265300000000000000000000000010073797a6b616c6c65723100000000000000000740000000020000020073797a30000000000000020073797a31000000006dffffff119016396a8863830f14b90a9d55c931faf49e7475dd003ee790df9b4476c01c792ffcaec557ced748e5786fd36eb0d5e22b7fec4086432e01424a529e7622fe83cb5288c2b1963ff342453005b5eb73e8b02594025da7435b5b3fa527c93f8ff527d89537fe81f71c33d0a27a69e9f5ffd85c9fdb05cd44c8a13b1d103ceeb9a23563bc1fc20b22573f93078b15029377f4107e7654e6798ce8d078ec81f7634f0de22b5cee33278aa07aeedf4d64913997131a9b942fc16030b195fa7432e14a9fa9b2f76f4438e8c31d04b50263fdd149c37cefc7b17d73d22d"], 0x28}, 0x1, 0x0, 0x0, 0x8880}, 0x1) socket$nl_route(0x10, 0x3, 0x0) r3 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_FLUSH(r3, 0x0, 0x40) connect$netlink(r3, &(0x7f000000a6c0)=@proc={0x10, 0x0, 0x25dfdbff, 0x200}, 0xc) getpeername$netlink(r3, 0x0, 0x0) gettid() ioctl$sock_SIOCSPGRP(r3, 0x8902, 0x0) syz_genetlink_get_family_id$nl80211(0x0, 0xffffffffffffffff) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$MAP_CREATE(0x100000000000000, &(0x7f0000000440)=ANY=[@ANYBLOB], 0x48) r6 = socket$inet6(0xa, 0x80002, 0x0) bpf$MAP_UPDATE_ELEM(0x2, &(0x7f0000000340)={r5, 0x0, &(0x7f0000001840)=@udp6=r6}, 0x20) sendmsg$NL80211_CMD_ABORT_SCAN(r4, 0x0, 0x10) r7 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) shutdown(r7, 0x0) setsockopt$bt_rfcomm_RFCOMM_LM(r7, 0x12, 0x3, &(0x7f0000000140)=0x37, 0x4) connect$bt_rfcomm(r7, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa) ioctl$XFS_IOC_ATTRMULTI_BY_HANDLE(0xffffffffffffffff, 0x4048587b, &(0x7f0000000240)={{0xffffffffffffffff, &(0x7f0000000000)='wrr\x00', 0x0, &(0x7f0000000080)={@_ha_fsid={[0x2, 0x732]}, {0x7fff, 0x6, 0xfffffffb, 0x1}}, 0xfffffffb, &(0x7f00000000c0), &(0x7f0000000100)=0x1}, 0x1, &(0x7f0000000200)=[{0x1, 0x88, 0x0, &(0x7f0000000180), 0x0, 0x38}]}) 5.196316839s ago: executing program 2 (id=5542): bind$netrom(0xffffffffffffffff, 0x0, 0x0) r0 = socket$inet6(0xa, 0x80803, 0x87) setsockopt$inet6_IPV6_XFRM_POLICY(r0, 0x29, 0x23, &(0x7f00000004c0)={{{@in=@empty, @in6=@loopback, 0x0, 0x0, 0x0, 0x0, 0xa, 0x547b31180522e14c}, {}, {}, 0x0, 0x0, 0x1}, {{@in=@broadcast}, 0x0, @in6=@private1}}, 0xe4) connect$inet6(r0, &(0x7f00000000c0), 0x1c) mprotect(&(0x7f00002d5000/0x3000)=nil, 0x3000, 0x100000b) r1 = semget$private(0x0, 0x6, 0x0) semtimedop(r1, &(0x7f00000003c0)=[{0x2, 0x4, 0x1800}], 0x1, 0x0) bpf$BPF_BTF_LOAD(0x12, &(0x7f0000000280)={&(0x7f0000000000)={{0xeb9f, 0x1, 0x0, 0x18, 0x0, 0x30, 0x30, 0x2, [@struct={0x0, 0x1, 0x0, 0x4, 0x0, 0x8, [{0x0, 0x2, 0x20}]}, @volatile={0x0, 0x0, 0x0, 0x9, 0x3}, @restrict={0x0, 0x0, 0x0, 0x4}]}}, 0x0, 0x4a}, 0x20) semop(r1, &(0x7f00000000c0)=[{0x4}, {0x2}], 0x2) semop(r1, &(0x7f0000001240)=[{}, {0x2, 0x0, 0x2000}], 0x2) semctl$SETALL(r1, 0x0, 0x11, &(0x7f0000000000)) r2 = syz_init_net_socket$bt_rfcomm(0x1f, 0x1, 0x3) connect$bt_rfcomm(r2, &(0x7f0000005dc0)={0x1f, @fixed={'\xaa\xaa\xaa\xaa\xaa', 0x10}, 0x15}, 0xa) 4.965280319s ago: executing program 4 (id=5543): r0 = openat$iommufd(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) r1 = add_key$keyring(&(0x7f00000000c0), &(0x7f0000000000)={'syz', 0x3}, 0x0, 0x0, 0xffffffffffffffff) request_key(&(0x7f0000000340)='keyring\x00', &(0x7f0000000380)={'syz', 0x3}, 0x0, r1) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000180)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x4000}, 0x0) sendmsg$NFT_BATCH(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x8890}, 0x24000000) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) epoll_ctl$EPOLL_CTL_ADD(0xffffffffffffffff, 0x1, 0xffffffffffffffff, 0x0) syz_open_dev$sg(&(0x7f00000060c0), 0x0, 0x8002) openat$kvm(0xffffffffffffff9c, 0x0, 0x0, 0x0) r2 = socket$caif_stream(0x25, 0x1, 0x0) readv(r2, &(0x7f00000014c0)=[{&(0x7f00000002c0)=""/234, 0xea}], 0x1) ioctl$KVM_CREATE_VCPU(0xffffffffffffffff, 0xae41, 0x2) bpf$BPF_PROG_WITH_BTFID_LOAD(0x5, &(0x7f0000000280)=@bpf_lsm={0x6, 0x3, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x40}, 0x94) r3 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x3, 0x4, &(0x7f0000000000)=@framed={{}, [@call={0x85, 0x0, 0x0, 0x61}]}, &(0x7f0000000200)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000240)={r3, 0x0, 0x14, 0xe40, &(0x7f00000002c0)='\x00\x00\x00\x00\x00\x00\x00\x00', &(0x7f0000000300)=""/8, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x4c) syz_open_dev$evdev(0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) r4 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r4, &(0x7f0000001a40)=""/102392, 0x18ff8) mmap(&(0x7f0000000000/0xfbe000)=nil, 0xfbe000, 0x2, 0x31, 0xffffffffffffffff, 0x0) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x0, 0x32, 0xffffffffffffffff, 0x8528c000) r5 = socket(0x40000000015, 0x5, 0x0) setsockopt$sock_int(r5, 0x1, 0x23, &(0x7f0000000000)=0x2, 0x4) ioctl$IOMMU_IOAS_COPY(r0, 0x3b83, &(0x7f0000000040)={0x28, 0x5, 0x0, 0x0, 0xffffffffffffffff, 0xa625, 0x3fff}) 4.574269688s ago: executing program 1 (id=5544): r0 = socket$alg(0x26, 0x5, 0x0) bind$alg(r0, &(0x7f00000004c0)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb-twofish-avx\x00'}, 0x58) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) pipe2$9p(&(0x7f00000002c0), 0x800) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) r1 = getpid() sched_setscheduler(r1, 0x2, &(0x7f0000000200)=0x5) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeef, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r3, &(0x7f0000000000), 0x400000000000041, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000000a00)={'syz1\x00', {0x9, 0x7, 0x5, 0x5}, 0x3f, [0x9, 0x2, 0x18, 0x2, 0x2, 0x400, 0x6, 0x0, 0x8, 0x0, 0x6, 0x1, 0xfffffffb, 0x39, 0x747d5e13, 0x800, 0xfffffb9a, 0xfffffffe, 0x0, 0xfffffffb, 0x2004, 0x3, 0x0, 0xf250, 0x80, 0x4800, 0x300000, 0x7, 0xe, 0x4623f, 0x0, 0x10001, 0x1ff, 0x8000, 0x0, 0x3, 0xc, 0x3, 0xba55, 0x8da8, 0x2, 0x200, 0x2, 0x5, 0xe, 0x4, 0x2, 0x6f, 0x8, 0x9, 0x1, 0x199d, 0x8, 0x2, 0x9, 0xffffffff, 0x4, 0x6, 0x1000, 0x5, 0x3d, 0x8, 0xa, 0x5], [0x7, 0x1e, 0x3, 0x8000, 0xfffffffd, 0x3, 0x0, 0x25, 0x7, 0xfffffffc, 0x8, 0x7fff, 0x72c, 0x1c32, 0x3, 0x5, 0x10000, 0x400, 0x7ffd, 0x3, 0x3, 0x297, 0x5, 0x0, 0x981, 0x4, 0x0, 0x3ff, 0x0, 0xfffffffe, 0x8, 0x1000001, 0x10, 0xfffffff9, 0xfffffffd, 0x7, 0x1, 0xffffffff, 0x6, 0x2000008, 0x800, 0xffff, 0x6, 0x96, 0xfffffff9, 0x2, 0x0, 0x2, 0x401, 0xc, 0x3, 0x379, 0x9, 0xe, 0x5, 0x7, 0x6, 0x2, 0x1, 0x1, 0x8, 0x7, 0x200, 0x3], [0x401, 0x8000c584, 0xffff, 0xcd3, 0x7, 0x1f, 0x404, 0x4, 0x4008, 0xc, 0x7, 0x9, 0x1e88, 0x5, 0x80000001, 0x8, 0x3f92, 0x1000, 0x0, 0x10, 0x1, 0xfffffff9, 0x0, 0x1000, 0x80040101, 0x5, 0x4, 0x5, 0x200003, 0x1, 0x5, 0x80, 0x9, 0x8001, 0x10000, 0x0, 0x3, 0x400004, 0x3, 0x6d7e, 0x3, 0x8, 0x3, 0xbf23, 0x6, 0x9, 0x956, 0x0, 0x3ff, 0xe, 0x6, 0x100fffd, 0x2005, 0x9, 0x4, 0xea, 0x9, 0x20000005, 0x3, 0x80, 0x0, 0x7d, 0x401, 0x5], [0x108e, 0xffff, 0x3, 0x3, 0x88, 0x2, 0x4000000, 0x4, 0x50, 0x2, 0x763, 0xb, 0x402, 0x1, 0x5, 0x1000, 0x7f, 0x5, 0x3fa6, 0x4, 0x0, 0x5, 0x3, 0x0, 0xe47, 0x4, 0x3, 0x4, 0x200, 0x2851, 0x3b, 0x20000001, 0x5, 0x5, 0xa80a, 0x65f413f9, 0x4, 0x20008, 0x8a5, 0x86, 0x44, 0x409, 0x6, 0x4, 0x4, 0xe, 0x4, 0xffffffff, 0x7fff, 0xffff8a33, 0xfffffff8, 0x401, 0x3, 0x200, 0x7, 0x4edf, 0xfffffffd, 0xa, 0xe, 0x101, 0xf, 0xf, 0x136, 0x6]}, 0x45c) setsockopt$ALG_SET_KEY(r0, 0x117, 0x1, &(0x7f0000000280)="ad56b6c5820fae9d6dcd3292ea54c7beef915d564c90c200", 0x18) r4 = accept4(r0, 0x0, 0x0, 0x800) sendmmsg$alg(r4, &(0x7f0000000040)=[{0x0, 0x0, &(0x7f0000000000), 0x0, &(0x7f0000000380)=[@op={0x18, 0x117, 0x3, 0x1}], 0x18}], 0x1, 0x40800) recvmsg(r4, &(0x7f00000005c0)={0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f00000000c0)=""/81, 0x51}, {&(0x7f0000000200)=""/83, 0x53}], 0x2}, 0x40000022) 3.95261797s ago: executing program 2 (id=5545): io_uring_setup(0x403f, &(0x7f00000003c0)={0x0, 0x9358, 0x0, 0x3, 0x211}) ioctl$BTRFS_IOC_GET_DEV_STATS(0xffffffffffffffff, 0xc4089434, 0x0) openat$procfs(0xffffffffffffff9c, &(0x7f0000000180)='/proc/mdstat\x00', 0x0, 0x0) openat$ptmx(0xffffffffffffff9c, &(0x7f00000000c0), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) r0 = gettid() prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3ff, 0x8, &(0x7f0000006680)) keyctl$update(0x2, 0x0, 0x0, 0x0) kexec_load(0x8, 0x0, 0x0, 0x160000) timer_create(0x0, &(0x7f0000533fa0)={0x0, 0x21, 0x800000000004, @tid=r0}, &(0x7f0000bbdffc)) timer_settime(0x0, 0x0, &(0x7f0000000280)={{0x0, 0x989680}, {0x0, 0x989680}}, 0x0) r1 = syz_io_uring_setup(0x497, &(0x7f00000000c0)={0x0, 0x900f, 0x100, 0x4, 0x162}, &(0x7f0000000400)=0x0, &(0x7f0000000280)=0x0) syz_memcpy_off$IO_URING_METADATA_GENERIC(r2, 0x4, &(0x7f0000000080)=0xfffffffc, 0x0, 0x4) syz_io_uring_submit(r2, r3, &(0x7f0000000040)=@IORING_OP_TEE={0x21, 0x1, 0x0, @fd, 0x0, 0x0, 0x0, 0x8, 0x1}) io_uring_enter(r1, 0x3517, 0x173d, 0x42, 0x0, 0x0) 3.938285865s ago: executing program 3 (id=5546): r0 = accept$inet(0xffffffffffffffff, &(0x7f0000000640)={0x2, 0x0, @initdev}, &(0x7f0000000680)=0x10) setsockopt$IPT_SO_SET_REPLACE(r0, 0x0, 0x40, &(0x7f00000006c0)=@nat={'nat\x00', 0x670, 0x5, 0x408, 0x210, 0x210, 0xffffffff, 0x168, 0x168, 0x370, 0x370, 0xffffffff, 0x370, 0x370, 0x5, 0x0, {[{{@ip={@rand_addr=0x64010100, @local, 0xff0000ff, 0xffffff00, 'veth1_to_bridge\x00', 'veth0_macvtap\x00', {}, {0xff}, 0x16}, 0x0, 0x130, 0x168, 0x48, {}, [@common=@unspec=@string={{0xc0}, {0x7, 0xc, 'kmp\x00', "4801d3e4c6b2bfd892aa7400051624fa86999b13d39b99407a9b7abe75a728baa18da576811985de44110b8602025e1298ea55f1c5087ab16f67b18ca90ac68f0b3d6a068f727f7d23fa5fad26a59a5da2651212bdf9d29248ae63e2349b2470915eea2c39ade5129ff26b6fe772493180cfda2cdd49412e9469d85abdb467ba", 0x76, 0x2, {0x1}}}]}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0xae, {0xf, @remote, @initdev={0xac, 0x1e, 0x0, 0x0}, @port=0x4e22, @port=0x4e24}}}}, {{@uncond, 0x0, 0x70, 0xa8}, @MASQUERADE={0x38, 'MASQUERADE\x00', 0x0, {0x1, {0x5, @dev={0xac, 0x14, 0x14, 0x2a}, @rand_addr=0x64010102, @gre_key=0x10, @icmp_id=0x67}}}}, {{@ip={@multicast2, @initdev={0xac, 0x1e, 0x1, 0x0}, 0xff, 0x0, 'virt_wifi0\x00', 'veth1_to_bridge\x00', {}, {}, 0x0, 0x0, 0x4e}, 0x0, 0x70, 0xb8}, @unspec=@SNAT1={0x48, 'SNAT\x00', 0x1, {0x0, @ipv4=@rand_addr=0x64010102, @ipv4=@private=0xa010101, @icmp_id=0x68, @icmp_id=0x64}}}, {{@ip={@loopback, @remote, 0xff, 0x0, 'ip6erspan0\x00', 'ip_vti0\x00', {}, {0xff}, 0x6, 0x1, 0x5}, 0x0, 0x70, 0xa8}, @DNAT0={0x38, 'DNAT\x00', 0x0, {0x1, {0x10, @local, @multicast2, @port=0x4e22, @gre_key=0x5}}}}], {{'\x00', 0x0, 0x70, 0x98}, {0x28}}}}, 0x468) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000480), 0x48241, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f00000000c0)={'syzkaller1\x00', 0x6bf1c2d5adba8c32}) r2 = socket$kcm(0x2, 0x0, 0x2) ioctl$SIOCSIFHWADDR(r2, 0x8914, &(0x7f0000000040)={'syzkaller1\x00', @broadcast}) r3 = socket(0x10, 0x3, 0x0) setsockopt$netlink_NETLINK_TX_RING(r3, 0x10e, 0xc, &(0x7f0000000080)={0x6, 0xff}, 0x10) write(r3, &(0x7f0000000000)="1c0000001a005f0214f9f407000904001f000000ff02000200000000", 0x1c) getsockopt$PNPIPE_IFINDEX(0xffffffffffffffff, 0x113, 0x2, &(0x7f00000004c0)=0x0, &(0x7f0000000500)=0x4) ioctl$sock_ipv6_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f00000005c0)={'syztnl1\x00', &(0x7f0000000540)={'syztnl0\x00', r4, 0x4, 0xc, 0x3, 0xe7ab, 0x2, @private1={0xfc, 0x1, '\x00', 0x1}, @private0, 0x1, 0x40, 0x0, 0x2}}) setsockopt$inet6_tcp_TCP_REPAIR_WINDOW(r3, 0x6, 0x1d, &(0x7f0000000600)={0x0, 0x0, 0x5, 0x8000, 0x7}, 0x14) write$tun(r1, &(0x7f0000000100)=ANY=[@ANYBLOB="00000000ffffffffffffaaaaaaaaaabb08004500010700000000002f9078ac1e0001e0000001000086dd00f39078a102000034cb6dcdd2bc08508f3e2edd0d265b8bc0497d01ee697d19758303462c8c7aea2c"], 0x119) 3.871481577s ago: executing program 4 (id=5547): socket$packet(0x11, 0x2, 0x300) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000a00)=""/102400, 0x19000) fsopen(0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x89f1, &(0x7f0000010640)={'tunl0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x2f, 0xb6, 0xc, 0x0, 0xf8, 0x0, 0xfb, 0xfe, 0x0, 0x4, 0x0, 0x0, 0x0, 0xff, 0xff, 0x45, [0x0, 0x89fc]}}) r3 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r3, 0x0, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000040)={0x1d, r5, 0x0, {0x0, 0xf1, 0x4}, 0xfe}, 0x18) connect$can_j1939(r4, &(0x7f0000000640)={0x1d, r5}, 0x18) r6 = syz_open_procfs(0x0, &(0x7f0000000180)='net/mcfilter\x00') openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x218202, 0x0) setsockopt$inet_group_source_req(0xffffffffffffffff, 0x0, 0x2e, &(0x7f0000000000)={0x6, {{0x2, 0x4e21, @empty=0xe0009eff}}, {{0x2, 0x4e23, @multicast2}}}, 0x108) pread64(r6, &(0x7f00000000c0)=""/144, 0x90, 0x5e) 3.110032042s ago: executing program 1 (id=5548): r0 = socket$inet_udplite(0x2, 0x2, 0x88) sendmsg$kcm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f00000000c0)=[{&(0x7f0000000000)="d8000000100081044e81f782db44b904021d080c48000000e8fe55a1180015000600142603600e12090021", 0x2b}], 0x1}, 0x4840) r1 = socket$kcm(0x10, 0x2, 0x0) write$cgroup_subtree(r1, &(0x7f0000000000)=ANY=[], 0xfe33) openat$adsp1(0xffffffffffffff9c, &(0x7f0000000300), 0x0, 0x0) syz_open_dev$dri(&(0x7f0000000280), 0x2, 0x202000) setsockopt$XDP_UMEM_COMPLETION_RING(0xffffffffffffffff, 0x11b, 0x6, &(0x7f0000000340)=0x4020, 0x4) ioctl$FS_IOC_GETFSMAP(0xffffffffffffffff, 0xc0c0583b, &(0x7f0000000580)=ANY=[@ANYBLOB]) socket$inet_tcp(0x2, 0x1, 0x0) r2 = socket(0x1e, 0x4, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x7) r3 = getpid() sched_setscheduler(r3, 0x2, &(0x7f0000000200)=0x7) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbee2, 0x8031, 0xffffffffffffffff, 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r4, &(0x7f000057eff8)=@file={0x0, './file2\x00'}, 0x6e) sendmmsg$unix(r5, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r4, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x6) setsockopt$packet_tx_ring(r2, 0x10f, 0x87, &(0x7f0000000040)=@req={0x3fc, 0x0, 0x0, 0xffffffff}, 0x10) r6 = socket(0x1e, 0x4, 0x0) r7 = socket$nl_generic(0x10, 0x3, 0x10) r8 = syz_genetlink_get_family_id$tipc(&(0x7f00000000c0), 0xffffffffffffffff) sendmsg$TIPC_CMD_SET_NODE_ADDR(r7, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000100)={0x24, r8, 0x201, 0x400000, 0x25dfdbfc, {{}, {}, {0x8, 0x11, 0x4004}}}, 0x24}}, 0x40) setsockopt$packet_tx_ring(r6, 0x10f, 0x87, &(0x7f0000000440)=@req={0x3fc}, 0x10) sendmmsg(r2, &(0x7f0000003240), 0x4000000000000e4, 0x9000000) ioctl$sock_inet_SIOCSARP(r0, 0x8955, &(0x7f0000000a80)={{0x2, 0x0, @empty}, {0x0, @random="150bcd9001f3"}, 0x4a, {}, 'lo\x00'}) 2.814939825s ago: executing program 3 (id=5549): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x443, 0x1fe) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_int(r2, 0x29, 0x46, 0x0, 0x0) r3 = openat(0xffffffffffffff9c, &(0x7f0000000100)='./file1\x00', 0x42, 0x18e) close(r3) close(r1) socket(0xa, 0x3, 0x3a) r4 = openat$cgroup_ro(0xffffffffffffff9c, &(0x7f0000000040)='memory.current\x00', 0x275a, 0x0) lseek(r4, 0x7fffffffffffffff, 0x0) bpf$MAP_CREATE_RINGBUF(0x0, 0x0, 0x48) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r5 = getpid() sched_setscheduler(r5, 0x2, &(0x7f0000000200)=0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x0) r6 = syz_clone(0x600, 0x0, 0x33, 0x0, 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, r6, 0x0, 0x0) sched_setaffinity(0x0, 0x1, &(0x7f00000002c0)=0x400000bce) r7 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r7, &(0x7f0000032680)=""/102400, 0x19000) r8 = openat$sndtimer(0xffffffffffffff9c, &(0x7f0000000000), 0x0) ioctl$SNDRV_TIMER_IOCTL_SELECT(r8, 0x40345410, &(0x7f00000083c0)={{0x1}}) ioctl$SNDRV_TIMER_IOCTL_PARAMS(r8, 0x40505412, 0x0) writev(r4, &(0x7f0000000440)=[{&(0x7f0000000080)='z', 0x1}], 0x1) setsockopt$MRT6_ADD_MFC_PROXY(r1, 0x29, 0xd2, &(0x7f0000000600)={{0xa, 0x0, 0x8, @local, 0xc}, {0xa, 0x4e24, 0x2, @empty}, 0x1, {[0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xffffffff]}}, 0x5c) sendmsg$nl_route(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)=ANY=[@ANYBLOB="4c0000001000010400"/20, @ANYRES32=0x0, @ANYBLOB="21000000000000002c00128009000100626f6e64000000001c00028005002100010400080500010004"], 0x4c}, 0x1, 0x0, 0x0, 0x4000}, 0x40) 2.811909677s ago: executing program 2 (id=5550): r0 = syz_usb_connect(0x0, 0x3f, &(0x7f00000002c0)=ANY=[@ANYBLOB="12010000d0918108ac051582588f0000000109022d00010000000009040000030b05000009058d67c0002a0000090505020000", @ANYRESOCT], 0x0) syz_usb_control_io(r0, &(0x7f0000000280)={0x2c, &(0x7f0000000ec0)=ANY=[@ANYBLOB="0010ae000000ae0fc71381fa7efc3aa33fb28ccbdd0f61abe9bccbe9556dd52949e4ca689f3b7bde8bd136f2fbf4e9cf9101e86e13c9ad3f8b8f1b45f195966b1161bcac0c8473461c7b26bee6e45e7ba11b86b4f66c9c923fda2a64eaccce2a4f14561a8c1af1bb2b70c0bda7d9213d79aafb33feb86e393970a800004f85a3cc1986fdf353a53743842be987b91211a75f56b090cb5a96151bf6bf2a7e5e9500000000000000000000000000000000000000001725b5e9429331f39c12fb24eb933f26bd973185261784cfe5938a98918cda32c2ea312cda458fd988f9bed57f7cffa611682eceef9e167cd1a155a6e3cf299b42977722b15e69766404dfad613c0eaa6b74862383ce2f4a45027746d131ec082412ad1d7463862e22725826e4da451f331a4363fe1a02370eccb45b19bb26746cdfa7446a628f98cdfaa81a25be64c0a89e0566c519a5e321823bf0b7a747fddbfaa5f0ff12b674f37deb591b02e3c6641aa3184a1ff3c76fd5a885bb4e811c2986dcdb910182fe54095144a485c04ea055d50ce93d53dc3b5efcf3d1306a7b40878c86d9f0efa6eb471c07669267e278ce45182ab9a6e4298359fcc79c2fa20e4fe6903f38b7e0cf93fabd9bf10642bb845e9add12bf45067664b74d3a9df2e41e34ee3347c7c80840fd66e8f4c9dbd251df5ab08a9fcede0649b952aadda285a7caf16b2d5adc8d76cd4183977977933179ea3763ec52ca12e8e0644bd2ab251f0242738ff42d4b614e64f979773214383d1b297a20972b9742410f1874647c4911ae082b060c6867558b1fd9fd77dc1aed7a64f6b2dacf2e1752999cb0c12c32d107aa7af5bb6c9f65889b5d3c8680ee5c2c9383e860957c5c7447a58cee42c2c8006f0a4a48895e949cd63cd7fa70ce1d342f8833e782a3b09568fc160ddb52163e3c01235f9cfaab3a96afc45ee2b6f1e2f9"], &(0x7f0000000100)={0x0, 0x3, 0xc1, @string={0xc1, 0x3, "1266718404f915a55a470938f5f92a41ec98ae6742faa6464dc253007910d58f5679349526c915099602a44d04cbeede4cefc1a7c13160ab9c7f53caa15df0c364d2fc67d0cedc63fe59b17fa6cfa9af699105b149abc80521af7dd07fd2794dc3bddc9b78da29f3f8ad37a112b3dce8dbccd25fb70eb0731d48795c1c69bc0fdb2bde069e319ba8694216bf09a5c6d3e23559fd3a9c6023fc040aa24eea4008cbec3bfd74cbfb6e855e9f70d93d59b16c4769cf1f624f7e9f49280a5f4bc1"}}, &(0x7f0000000340)={0x0, 0xf, 0x5, {0x5, 0xf, 0x5}}, &(0x7f0000000200)={0x20, 0x29, 0xf, {0xf, 0x29, 0x6, 0x4, 0x5, 0x1, "2929a3f3", "9eff0e8d"}}, &(0x7f0000000240)={0x20, 0x2a, 0xc, {0xc, 0x2a, 0xf, 0x4, 0xd, 0x7, 0x6, 0x8, 0xffff}}}, &(0x7f0000000900)={0x84, &(0x7f00000004c0)={0x40, 0x1, 0x76, "f0670ed9f016d3b1268bfdc94875116561e412620a035a32f14e6daf6d02e24fb554e554bcc91ac6edce8d70480bb7858a17ebdcda9c2ac14443156a939c3440789c15332ac877738464b23b2b1940d354577948430cbac2e4c694bdc3d0cf1cc1d8fe24bfd7f326352852047d8fa5e787586058cf61"}, &(0x7f0000000540)={0x0, 0xa, 0x1, 0xd}, &(0x7f0000000580)={0x0, 0x8, 0x1, 0x7d}, &(0x7f00000005c0)={0x20, 0x0, 0x4, {0x1, 0x2}}, &(0x7f0000000600)={0x20, 0x0, 0x4, {0x140, 0x80}}, &(0x7f0000000640)={0x40, 0x7, 0x2, 0x5}, &(0x7f0000000680)={0x40, 0x9, 0x1, 0x5}, &(0x7f00000006c0)={0x40, 0xb, 0x2, "d331"}, &(0x7f0000000700)={0x40, 0xf, 0x2, 0x7d}, &(0x7f0000000380)={0x40, 0x13, 0x6, @random}, &(0x7f0000000780)={0x40, 0x17, 0x6, @link_local={0x1, 0x80, 0xc2, 0x0, 0x0, 0x3}}, &(0x7f00000007c0)={0x40, 0x19, 0x2, "ce44"}, &(0x7f0000000800)={0x40, 0x1a, 0x2, 0x4}, &(0x7f0000000840)={0x40, 0x1c, 0x1, 0x9}, &(0x7f0000000880)={0x40, 0x1e, 0x1, 0x7}, &(0x7f00000008c0)={0x40, 0x21, 0x1, 0x7}}) 1.129848123s ago: executing program 3 (id=5551): socket$packet(0x11, 0x2, 0x300) r0 = socket$nl_netfilter(0x10, 0x3, 0xc) bpf$PROG_LOAD(0x5, &(0x7f0000000740)={0x1, 0x0, 0x0, 0x0, 0x61, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x38}, 0x94) setsockopt$sock_attach_bpf(r0, 0x1, 0x32, 0x0, 0x0) syz_usb_connect(0x0, 0x3f, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x20008b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000640)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000580)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000000a00)=""/102400, 0x19000) fsopen(0x0, 0x0) r2 = socket$inet6_tcp(0xa, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r2, 0x89f1, &(0x7f0000010640)={'tunl0\x00', &(0x7f00000001c0)=@ethtool_cmd={0x2f, 0xb6, 0xc, 0x0, 0xf8, 0x0, 0xfb, 0xfe, 0x0, 0x4, 0x0, 0x0, 0x0, 0xff, 0xff, 0x45, [0x0, 0x89fc]}}) r3 = openat$userio(0xffffffffffffff9c, &(0x7f0000000080), 0x22242, 0x0) write$USERIO_CMD_SET_PORT_TYPE(r3, 0x0, 0x0) r4 = socket$can_j1939(0x1d, 0x2, 0x7) ioctl$ifreq_SIOCGIFINDEX_vcan(r4, 0x8933, &(0x7f0000000000)={'vcan0\x00', 0x0}) bind$can_j1939(r4, &(0x7f0000000040)={0x1d, r5, 0x0, {0x0, 0xf1, 0x4}, 0xfe}, 0x18) r6 = syz_open_procfs(0x0, &(0x7f0000000180)='net/mcfilter\x00') r7 = socket$inet_sctp(0x2, 0x5, 0x84) openat$zero(0xffffffffffffff9c, &(0x7f0000000200), 0x218202, 0x0) setsockopt$inet_group_source_req(r7, 0x0, 0x2e, &(0x7f0000000000)={0x6, {{0x2, 0x4e21, @empty=0xe0009eff}}, {{0x2, 0x4e23, @multicast2}}}, 0x108) socket$inet_sctp(0x2, 0x1, 0x84) pread64(r6, &(0x7f00000000c0)=""/144, 0x90, 0x5e) 1.127301755s ago: executing program 1 (id=5552): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$binfmt_format(0xffffff9c, 0x0, 0x2, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r2 = io_uring_setup(0x3454, &(0x7f00000003c0)={0x0, 0x0, 0x40, 0x0, 0xa7}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) mmap(&(0x7f0000a82000/0x3000)=nil, 0x3000, 0x300000a, 0xa3b749903f41249d, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) write$binfmt_format(r1, 0x0, 0x0) r3 = io_uring_setup(0xbbc, &(0x7f0000000280)={0x0, 0x0, 0x2, 0x0, 0x345}) io_uring_enter(r3, 0x100000, 0x2, 0xf, &(0x7f0000000000), 0x18) r4 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, r4) socket$netlink(0x10, 0x3, 0x14) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x800) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x38400, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r5 = syz_open_dev$ndb(&(0x7f0000000740), 0x0, 0x2000) ioctl$NBD_SET_TIMEOUT(r5, 0xab09, 0xfffffffffffffffe) socket$netlink(0x10, 0x3, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0x80585414, &(0x7f0000000280)) 191.692386ms ago: executing program 32 (id=5510): prlimit64(0x0, 0xe, &(0x7f0000000200)={0x8, 0x8a}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000180)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x1, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000019680)=""/102392, 0x18ff8) r1 = openat$binfmt_format(0xffffff9c, 0x0, 0x2, 0x0) madvise(&(0x7f0000a93000/0x4000)=nil, 0x4000, 0x80000000e) mremap(&(0x7f0000a96000/0x1000)=nil, 0x1000, 0x400000, 0x3, &(0x7f0000000000/0x400000)=nil) r2 = io_uring_setup(0x3454, &(0x7f00000003c0)={0x0, 0x0, 0x40, 0x0, 0xa7}) io_uring_register$IORING_REGISTER_BUFFERS(r2, 0x0, &(0x7f00000002c0)=[{&(0x7f0000001700)=""/4095, 0x440000}], 0x100000000000011a) migrate_pages(0x0, 0x3, &(0x7f0000000040)=0x7f, &(0x7f0000000300)=0xa) mmap(&(0x7f0000a82000/0x3000)=nil, 0x3000, 0x300000a, 0xa3b749903f41249d, 0xffffffffffffffff, 0x0) madvise(&(0x7f0000000000/0x600000)=nil, 0x600003, 0x15) write$binfmt_format(r1, 0x0, 0x0) mkdirat$cgroup_root(0xffffffffffffff9c, &(0x7f0000000000)='./cgroup/syz1\x00', 0x1ff) io_uring_enter(0xffffffffffffffff, 0x100000, 0x2, 0xf, &(0x7f0000000000), 0x18) r3 = socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$batadv(0x0, r3) socket$netlink(0x10, 0x3, 0x14) sendmsg$IPSET_CMD_FLUSH(0xffffffffffffffff, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000300)=ANY=[], 0x1c}, 0x1, 0x0, 0x0, 0x40040}, 0x800) openat$comedi(0xffffffffffffff9c, &(0x7f0000000080)='/dev/comedi3\x00', 0x38400, 0x0) openat$tun(0xffffffffffffff9c, &(0x7f0000000240), 0x0, 0x0) r4 = syz_open_dev$ndb(&(0x7f0000000740), 0x0, 0x2000) ioctl$NBD_SET_TIMEOUT(r4, 0xab09, 0xfffffffffffffffe) socket$netlink(0x10, 0x3, 0x0) ioctl$SNDRV_TIMER_IOCTL_STATUS32(0xffffffffffffffff, 0x80585414, &(0x7f0000000280)) 183.813158ms ago: executing program 1 (id=5554): syz_open_procfs(0xffffffffffffffff, &(0x7f0000000040)='net/vlan/vlan0\x00') socketpair$nbd(0x1, 0x1, 0x0, &(0x7f0000000200)={0xffffffffffffffff, 0xffffffffffffffff}) ioctl$SIOCSIFHWADDR(r0, 0x8923, &(0x7f0000000000)={'vlan0\x00', @local}) syz_open_procfs(0x0, &(0x7f00000001c0)='fd/3\x00') socketpair$unix(0x1, 0x5, 0x0, &(0x7f0000000080)) mkdir(&(0x7f0000000000)='./bus\x00', 0x0) syz_open_dev$sndpcmp(&(0x7f00000001c0), 0x0, 0xa2c65) r1 = seccomp$SECCOMP_SET_MODE_FILTER_LISTENER(0x1, 0x0, &(0x7f0000002180)={0x1, &(0x7f0000000380)=[{0x6, 0x1, 0x0, 0x7fffffff}]}) close_range(r1, 0xffffffffffffffff, 0x0) 179.868618ms ago: executing program 4 (id=5555): socket$inet(0x2, 0x4000000000000001, 0x0) socket(0x2b, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000000)=0x3) sched_setaffinity(0x0, 0x8, &(0x7f0000000280)=0x2) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_init_net_socket$rose(0xb, 0x5, 0x0) getsockopt$rose(r0, 0x104, 0x4, 0x0, 0x0) r1 = syz_open_dev$MSR(&(0x7f0000000100), 0x0, 0x0) read$msr(r1, &(0x7f0000001a40)=""/102392, 0x18ff8) socket$nl_generic(0x10, 0x3, 0x10) setsockopt$TIPC_GROUP_LEAVE(0xffffffffffffffff, 0x10f, 0x88) writev(0xffffffffffffffff, &(0x7f0000000400), 0x0) r2 = openat$rfkill(0xffffffffffffff9c, &(0x7f0000000040), 0x801, 0x0) write$rfkill(r2, &(0x7f0000000340)={0x6, 0x0, 0x3, 0x0, 0x1}, 0x8) semget$private(0x0, 0x3, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x80000100008b}, 0x0) syz_open_dev$dri(&(0x7f0000000080), 0x0, 0x0) 0s ago: executing program 1 (id=5556): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x5, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000100)=0x2) sched_setaffinity(0x0, 0x8, &(0x7f0000000200)=0x400000bce) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r0, &(0x7f0000002000)=""/102400, 0x19000) socket(0xa, 0x1, 0x0) sendmsg$kcm(0xffffffffffffffff, 0x0, 0x48000) socket(0x10, 0x2, 0x2) r1 = openat$uinput(0xffffffffffffff9c, &(0x7f0000000040), 0x802, 0x0) socket$pppl2tp(0x18, 0x1, 0x1) ioctl$UI_SET_EVBIT(r1, 0x40045564, 0x3) r2 = accept4(0xffffffffffffffff, 0x0, 0x0, 0x80800) setsockopt$sock_int(r2, 0x1, 0x20, &(0x7f0000000940)=0x1000008, 0x4) r3 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r3, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r3, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_tcp_TCP_ULP(r3, 0x6, 0x1f, &(0x7f00000002c0), 0x4) r4 = bpf$MAP_CREATE(0x0, &(0x7f0000000640)=ANY=[@ANYBLOB="12000000060000000800000004"], 0x50) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000140)={{r4}, &(0x7f0000000780), &(0x7f0000000740)=r3}, 0x20) recvfrom$inet_nvme(r2, 0x0, 0x0, 0x40000001, 0x0, 0x0) ioctl$UI_SET_ABSBIT(r1, 0x40045567, 0x6) r5 = socket(0x40000000015, 0x5, 0x0) connect$inet(r5, &(0x7f0000000040)={0x2, 0x4e20, @loopback}, 0x10) kernel console output (not intermixed with test programs): rotocol=0 nlmsg_type=13 sclass=netlink_route_socket pid=24649 comm=syz.0.4874 [ 1672.232200][T24638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4873'. [ 1672.266024][T24638] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4873'. [ 1672.378268][T14182] usb 5-1: new full-speed USB device number 56 using dummy_hcd [ 1672.493662][T24663] netlink: 72 bytes leftover after parsing attributes in process `syz.2.4877'. [ 1673.452894][T16197] Bluetooth: hci2: Opcode 0x0c03 failed: -110 [ 1673.756989][T14182] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1673.779909][ T977] usb 2-1: USB disconnect, device number 57 [ 1673.807980][T14182] usb 5-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00 [ 1673.853322][T14182] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1673.877506][T14182] usb 5-1: config 0 descriptor?? [ 1673.890249][T14182] usbhid 5-1:0.0: couldn't find an input interrupt endpoint [ 1673.924361][T24674] netlink: 'syz.3.4879': attribute type 1 has an invalid length. [ 1674.092395][T14182] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 1674.262309][T14182] usb 3-1: Using ep0 maxpacket: 8 [ 1674.628181][T14182] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 1674.655749][ T24] usb 5-1: USB disconnect, device number 56 [ 1674.675139][T14182] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1674.737156][T14182] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1674.792704][T14182] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 1674.865619][T14182] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1674.901440][T14182] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1674.910504][T14182] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1675.064970][T14182] usb 3-1: config 0 descriptor?? [ 1675.077212][T24669] raw-gadget.0 gadget.2: fail, usb_ep_enable returned -22 [ 1675.347848][T24669] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4878'. [ 1675.387165][T24669] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4878'. [ 1675.833953][T24669] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1675.951761][T24669] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1675.993947][T24699] netlink: 28 bytes leftover after parsing attributes in process `syz.1.4887'. [ 1675.994339][ T977] usb 3-1: USB disconnect, device number 85 [ 1676.084176][T16197] Bluetooth: hci2: Opcode 0x0c03 failed: -19 [ 1676.321222][T24708] netlink: 8 bytes leftover after parsing attributes in process `syz.4.4888'. [ 1676.794529][T24704] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 1676.806803][T24704] ALSA: mixer_oss: invalid index 1374389 [ 1676.815508][ T30] audit: type=1400 audit(2000000637.315:2804): avc: denied { call } for pid=24702 comm="syz.4.4888" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=binder permissive=1 [ 1676.864515][T24706] netlink: 72 bytes leftover after parsing attributes in process `syz.0.4886'. [ 1677.330958][T24715] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4889'. [ 1678.233165][T24717] netlink: 'syz.1.4890': attribute type 1 has an invalid length. [ 1679.096777][T24731] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4892'. [ 1680.385264][T24731] workqueue: Failed to create a rescuer kthread for wq "bond2": -EINTR [ 1680.699512][T24745] can0: slcan on ttyS3. [ 1681.282055][T24749] netlink: zone id is out of range [ 1681.340957][T24745] can0 (unregistered): slcan off ttyS3. [ 1681.626479][T24755] netlink: 28 bytes leftover after parsing attributes in process `syz.3.4900'. [ 1681.691422][T24755] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 1681.691438][T24755] ALSA: mixer_oss: invalid index 1374389 [ 1682.734882][ T30] audit: type=1800 audit(2000000643.808:2805): pid=24768 uid=0 auid=4294967295 ses=4294967295 subj=root:sysadm_r:sysadm_t op=collect_data cause=failed(directio) comm="syz.4.4904" name="bus" dev="overlay" ino=2160 res=0 errno=0 [ 1682.788324][T24768] Invalid ELF header magic: != ELF [ 1683.165658][ T30] audit: type=1400 audit(2000000643.868:2806): avc: denied { module_load } for pid=24767 comm="syz.4.4904" path="/400/file0/bus" dev="overlay" ino=2160 scontext=root:sysadm_r:sysadm_t tcontext=root:object_r:user_tmpfs_t tclass=system permissive=1 [ 1684.839505][T24784] netlink: 4 bytes leftover after parsing attributes in process `syz.2.4897'. [ 1686.285979][T24792] can0: slcan on ttyS3. [ 1686.487916][T24792] can0 (unregistered): slcan off ttyS3. [ 1686.514560][T24793] can0: slcan on ttyS3. [ 1686.857031][T24796] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4912'. [ 1687.074781][T24787] can0 (unregistered): slcan off ttyS3. [ 1687.463775][T24803] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 1688.140894][T24801] netlink: 8 bytes leftover after parsing attributes in process `syz.2.4913'. [ 1688.177545][T24801] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1688.560861][T24803] ALSA: mixer_oss: invalid index 1374389 [ 1688.897126][T24811] netlink: zone id is out of range [ 1689.338623][T24820] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1689.800854][T24833] kvm: emulating exchange as write [ 1690.329383][T24833] kvm_intel: set kvm_intel.dump_invalid_vmcs=1 to dump internal KVM state. [ 1690.379245][T24841] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4921'. [ 1690.708718][T24841] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1690.739370][T17343] usb 5-1: new high-speed USB device number 57 using dummy_hcd [ 1690.935664][T17343] usb 5-1: Using ep0 maxpacket: 8 [ 1690.945840][T17343] usb 5-1: no configurations [ 1690.950461][T17343] usb 5-1: can't read configurations, error -22 [ 1691.034189][T24850] netlink: 'syz.2.4915': attribute type 33 has an invalid length. [ 1691.059814][T24850] netlink: 164 bytes leftover after parsing attributes in process `syz.2.4915'. [ 1691.237629][T17343] usb 5-1: new high-speed USB device number 58 using dummy_hcd [ 1692.027928][T17343] usb 5-1: Using ep0 maxpacket: 8 [ 1692.037494][T17343] usb 5-1: no configurations [ 1692.065613][T17343] usb 5-1: can't read configurations, error -22 [ 1692.076508][T17343] usb usb5-port1: attempt power cycle [ 1692.237344][ T24] usb 4-1: new full-speed USB device number 83 using dummy_hcd [ 1692.375775][T24871] can0: slcan on ttyS3. [ 1692.895078][T17343] usb 5-1: new high-speed USB device number 59 using dummy_hcd [ 1693.021514][T24871] can0 (unregistered): slcan off ttyS3. [ 1693.124577][T17343] usb 5-1: device not accepting address 59, error -71 [ 1694.767608][T24890] netlink: 24 bytes leftover after parsing attributes in process `syz.2.4930'. [ 1695.056233][ T24] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1695.082993][ T24] usb 4-1: unable to read config index 0 descriptor/start: -71 [ 1695.088422][T24893] comedi comedi1: pcl711: I/O port conflict (0x2002f00,16) [ 1695.124628][T24895] netlink: 'syz.0.4933': attribute type 1 has an invalid length. [ 1695.143402][ T24] usb 4-1: can't read configurations, error -71 [ 1695.188067][T24895] netlink: 2108 bytes leftover after parsing attributes in process `syz.0.4933'. [ 1695.479678][T21838] block nbd0: Possible stuck request ffff888027f00000: control (read@0,1024B). Runtime 120 seconds [ 1695.493321][T21838] block nbd0: Possible stuck request ffff888027f00200: control (read@1024,1024B). Runtime 120 seconds [ 1695.507163][T21838] block nbd0: Possible stuck request ffff888027f00400: control (read@2048,1024B). Runtime 120 seconds [ 1695.522544][T21838] block nbd0: Possible stuck request ffff888027f00600: control (read@3072,1024B). Runtime 120 seconds [ 1697.025870][T24913] netlink: 28 bytes leftover after parsing attributes in process `syz.4.4938'. [ 1697.053477][T24913] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 1697.062903][T24913] ALSA: mixer_oss: invalid index 1374389 [ 1697.616046][T24915] netlink: 8 bytes leftover after parsing attributes in process `syz.0.4939'. [ 1697.634747][T24915] 8021q: adding VLAN 0 to HW filter on device bond7 [ 1698.028100][T24924] can0: slcan on ttyS3. [ 1698.551352][T24924] can0 (unregistered): slcan off ttyS3. [ 1698.561526][T24925] can0: slcan on ttyS3. [ 1699.591806][T24919] can0 (unregistered): slcan off ttyS3. [ 1701.840306][T24933] netlink: 8 bytes leftover after parsing attributes in process `syz.3.4943'. [ 1701.880378][T24933] 8021q: adding VLAN 0 to HW filter on device bond2 [ 1703.403693][T24965] netlink: 72 bytes leftover after parsing attributes in process `syz.4.4951'. [ 1703.582205][T24969] FAULT_INJECTION: forcing a failure. [ 1703.582205][T24969] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1703.599155][T24969] CPU: 1 UID: 0 PID: 24969 Comm: syz.3.4952 Tainted: G L syzkaller #0 PREEMPT(full) [ 1703.599185][T24969] Tainted: [L]=SOFTLOCKUP [ 1703.599191][T24969] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1703.599201][T24969] Call Trace: [ 1703.599207][T24969] [ 1703.599214][T24969] dump_stack_lvl+0x100/0x190 [ 1703.599244][T24969] should_fail_ex.cold+0x5/0xa [ 1703.599265][T24969] _copy_to_user+0x32/0xd0 [ 1703.599285][T24969] simple_read_from_buffer+0xcb/0x170 [ 1703.599313][T24969] proc_fail_nth_read+0x1af/0x230 [ 1703.599338][T24969] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1703.599361][T24969] ? rw_verify_area+0xce/0x6d0 [ 1703.599383][T24969] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1703.599407][T24969] vfs_read+0x1e4/0xb30 [ 1703.599435][T24969] ? __pfx_vfs_read+0x10/0x10 [ 1703.599458][T24969] ? __fget_files+0x215/0x3d0 [ 1703.599481][T24969] ? __fget_files+0x21f/0x3d0 [ 1703.599506][T24969] ksys_read+0x12a/0x250 [ 1703.599531][T24969] ? __pfx_ksys_read+0x10/0x10 [ 1703.599562][T24969] do_syscall_64+0x106/0xf80 [ 1703.599585][T24969] ? clear_bhb_loop+0x40/0x90 [ 1703.599608][T24969] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1703.599626][T24969] RIP: 0033:0x7fc39b75cfce [ 1703.599643][T24969] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1703.599658][T24969] RSP: 002b:00007fc39c5b2fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1703.599675][T24969] RAX: ffffffffffffffda RBX: 00007fc39c5b36c0 RCX: 00007fc39b75cfce [ 1703.599687][T24969] RDX: 000000000000000f RSI: 00007fc39c5b30a0 RDI: 0000000000000006 [ 1703.599697][T24969] RBP: 00007fc39c5b3090 R08: 0000000000000000 R09: 0000000000000000 [ 1703.599706][T24969] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1703.599716][T24969] R13: 00007fc39ba16038 R14: 00007fc39ba15fa0 R15: 00007ffd4f969b68 [ 1703.599742][T24969] [ 1704.161892][T24974] netlink: 'syz.3.4953': attribute type 33 has an invalid length. [ 1704.818650][T24974] netlink: 164 bytes leftover after parsing attributes in process `syz.3.4953'. [ 1706.968753][T24993] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1707.322096][ T30] audit: type=1400 audit(2000000668.400:2807): avc: denied { append } for pid=24997 comm="syz.1.4961" name="mice" dev="devtmpfs" ino=916 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 1708.114828][ T24] usb 2-1: new high-speed USB device number 58 using dummy_hcd [ 1708.274947][ T24] usb 2-1: Using ep0 maxpacket: 8 [ 1708.294877][T24210] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 1708.303474][ T24] usb 2-1: config 16 interface 0 altsetting 0 endpoint 0x5 has invalid maxpacket 56832, setting to 1024 [ 1708.324286][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 1024 [ 1708.347309][ T24] usb 2-1: config 16 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 32 [ 1708.365983][ T24] usb 2-1: config 16 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1708.408734][ T24] usb 2-1: New USB device found, idVendor=ee8d, idProduct=db1a, bcdDevice=61.23 [ 1708.427301][ T24] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1708.474701][T24210] usb 3-1: Using ep0 maxpacket: 32 [ 1708.484869][T24210] usb 3-1: config 0 has an invalid interface number: 51 but max is 0 [ 1708.493098][T24210] usb 3-1: config 0 has no interface number 0 [ 1708.616577][T24210] usb 3-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1708.636683][T24210] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1708.654934][ T24] usb 2-1: usb_control_msg returned -32 [ 1708.664383][T24210] usb 3-1: Product: syz [ 1708.668561][T24210] usb 3-1: Manufacturer: syz [ 1708.673159][T24210] usb 3-1: SerialNumber: syz [ 1708.687613][ T24] usbtmc 2-1:16.0: can't read capabilities [ 1708.708346][T24210] usb 3-1: config 0 descriptor?? [ 1708.738419][T24210] quatech2 3-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1708.937690][T24210] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1708.971844][T24210] usb 3-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1709.008591][T25019] FAULT_INJECTION: forcing a failure. [ 1709.008591][T25019] name failslab, interval 1, probability 0, space 0, times 0 [ 1709.026284][T25019] CPU: 0 UID: 0 PID: 25019 Comm: syz.1.4965 Tainted: G L syzkaller #0 PREEMPT(full) [ 1709.026314][T25019] Tainted: [L]=SOFTLOCKUP [ 1709.026321][T25019] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1709.026331][T25019] Call Trace: [ 1709.026338][T25019] [ 1709.026346][T25019] dump_stack_lvl+0x100/0x190 [ 1709.026381][T25019] should_fail_ex.cold+0x5/0xa [ 1709.026405][T25019] ? tomoyo_encode2+0xfb/0x3c0 [ 1709.026429][T25019] should_failslab+0xc2/0x120 [ 1709.026447][T25019] __kmalloc_noprof+0xe0/0x850 [ 1709.026470][T25019] ? d_absolute_path+0x136/0x1b0 [ 1709.026501][T25019] tomoyo_encode2+0xfb/0x3c0 [ 1709.026530][T25019] tomoyo_encode+0x29/0x50 [ 1709.026553][T25019] tomoyo_realpath_from_path+0x18c/0x690 [ 1709.026584][T25019] tomoyo_path_number_perm+0x23c/0x580 [ 1709.026604][T25019] ? tomoyo_path_number_perm+0x22e/0x580 [ 1709.026627][T25019] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1709.026676][T25019] ? find_held_lock+0x2b/0x80 [ 1709.026700][T25019] ? __fget_files+0x215/0x3d0 [ 1709.026718][T25019] ? hook_file_ioctl_common+0x146/0x410 [ 1709.026751][T25019] ? __fget_files+0x21f/0x3d0 [ 1709.026774][T25019] security_file_ioctl+0xd3/0x230 [ 1709.026800][T25019] __x64_sys_ioctl+0xb7/0x210 [ 1709.026828][T25019] do_syscall_64+0x106/0xf80 [ 1709.026850][T25019] ? clear_bhb_loop+0x40/0x90 [ 1709.026872][T25019] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1709.026890][T25019] RIP: 0033:0x7f82f3f9c799 [ 1709.026906][T25019] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1709.026924][T25019] RSP: 002b:00007f82f21d5028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1709.026948][T25019] RAX: ffffffffffffffda RBX: 00007f82f4216090 RCX: 00007f82f3f9c799 [ 1709.026960][T25019] RDX: 0000200000000040 RSI: 00000000c0145b0d RDI: 0000000000000004 [ 1709.026971][T25019] RBP: 00007f82f21d5090 R08: 0000000000000000 R09: 0000000000000000 [ 1709.026981][T25019] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1709.026991][T25019] R13: 00007f82f4216128 R14: 00007f82f4216090 R15: 00007ffc0f836558 [ 1709.027016][T25019] [ 1709.027037][T25019] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1711.054653][T24210] usb 2-1: USB disconnect, device number 58 [ 1711.132179][ C1] usb 3-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1711.143611][ T24] usb 3-1: USB disconnect, device number 86 [ 1711.187126][ T24] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1711.187830][T25029] syzkaller0: entered promiscuous mode [ 1711.209890][T25029] syzkaller0: entered allmulticast mode [ 1711.276028][ T24] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1711.351046][T25034] netlink: 'syz.2.4970': attribute type 33 has an invalid length. [ 1711.385011][ T24] quatech2 3-1:0.51: device disconnected [ 1711.561416][T25034] netlink: 164 bytes leftover after parsing attributes in process `syz.2.4970'. [ 1711.661584][T25036] netlink: 'syz.3.4968': attribute type 1 has an invalid length. [ 1711.672075][T25036] netlink: 224 bytes leftover after parsing attributes in process `syz.3.4968'. [ 1715.473516][T25058] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4975'. [ 1715.486335][T25058] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=2 sclass=netlink_route_socket pid=25058 comm=syz.1.4975 [ 1715.846380][T25066] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4976'. [ 1716.432784][T25066] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 1716.650474][T25069] netlink: 'syz.2.4977': attribute type 33 has an invalid length. [ 1716.926982][T17343] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 1716.972780][T25069] netlink: 164 bytes leftover after parsing attributes in process `syz.2.4977'. [ 1717.082550][T17343] usb 4-1: Using ep0 maxpacket: 32 [ 1717.093722][T17343] usb 4-1: config 13 has an invalid interface number: 69 but max is 1 [ 1717.161958][T17343] usb 4-1: config 13 has an invalid interface number: 95 but max is 1 [ 1717.186146][T17343] usb 4-1: config 13 has no interface number 0 [ 1717.372450][T17343] usb 4-1: config 13 has no interface number 1 [ 1717.508584][T17343] usb 4-1: config 13 interface 69 altsetting 5 has an invalid descriptor for endpoint zero, skipping [ 1717.607263][T17343] usb 4-1: config 13 interface 69 altsetting 5 endpoint 0x1 has invalid wMaxPacketSize 0 [ 1717.657382][T17343] usb 4-1: config 13 interface 69 altsetting 5 endpoint 0xC has invalid maxpacket 1023, setting to 64 [ 1717.752107][T17343] usb 4-1: config 13 interface 69 altsetting 5 has an endpoint descriptor with address 0x9A, changing to 0x8A [ 1717.773755][T17343] usb 4-1: config 13 interface 69 altsetting 5 endpoint 0x8A has invalid maxpacket 1024, setting to 64 [ 1717.814487][T17343] usb 4-1: config 13 interface 95 altsetting 16 endpoint 0x4 has invalid maxpacket 1024, setting to 64 [ 1717.865997][ T24] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 1717.888412][T17343] usb 4-1: config 13 interface 95 altsetting 16 endpoint 0x6 has invalid maxpacket 1023, setting to 64 [ 1717.914402][T17343] usb 4-1: config 13 interface 95 altsetting 16 endpoint 0xF has invalid maxpacket 1024, setting to 64 [ 1717.942745][T17343] usb 4-1: config 13 interface 95 altsetting 16 has an invalid descriptor for endpoint zero, skipping [ 1717.970112][T24210] usb 5-1: new high-speed USB device number 61 using dummy_hcd [ 1717.975473][T17343] usb 4-1: config 13 interface 95 altsetting 16 has an invalid descriptor for endpoint zero, skipping [ 1718.012516][T17343] usb 4-1: config 13 interface 69 has no altsetting 0 [ 1718.033765][T17343] usb 4-1: config 13 interface 95 has no altsetting 0 [ 1718.045572][T17343] usb 4-1: New USB device found, idVendor=0403, idProduct=d9af, bcdDevice=60.7b [ 1718.058103][T17343] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1718.061675][ T24] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1718.068560][T17343] usb 4-1: Product: ဉ [ 1718.085655][T17343] usb 4-1: Manufacturer: ј [ 1718.091084][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1718.101380][ T24] usb 3-1: config 0 descriptor?? [ 1718.103693][ T24] cp210x 3-1:0.0: cp210x converter detected [ 1718.117546][T17343] usb 4-1: SerialNumber: ц [ 1718.133775][T24210] usb 5-1: config index 0 descriptor too short (expected 8192, got 36) [ 1718.142765][T24210] usb 5-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1718.169795][T24210] usb 5-1: config 0 has no interfaces? [ 1718.175430][T24210] usb 5-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice=bb.9d [ 1718.186415][T24210] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1718.206349][T24210] usb 5-1: config 0 descriptor?? [ 1718.269725][ T793] usb 2-1: new high-speed USB device number 59 using dummy_hcd [ 1718.304971][T25077] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1718.315230][T25077] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1718.325868][ T24] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 1718.333965][ T24] cp210x 3-1:0.0: querying part number failed [ 1718.337481][T17343] ftdi_sio 4-1:13.69: FTDI USB Serial Device converter detected [ 1718.343407][ T24] usb 3-1: cp210x converter now attached to ttyUSB0 [ 1718.382586][T17343] ftdi_sio ttyUSB1: unknown device type: 0x607b [ 1718.402208][T17343] ftdi_sio 4-1:13.95: FTDI USB Serial Device converter detected [ 1718.413561][T17343] ftdi_sio ttyUSB2: unknown device type: 0x607b [ 1718.426539][T17343] usb 4-1: USB disconnect, device number 85 [ 1718.443846][T17343] ftdi_sio 4-1:13.69: device disconnected [ 1718.464722][T17343] ftdi_sio 4-1:13.95: device disconnected [ 1718.559968][ T793] usb 2-1: Using ep0 maxpacket: 32 [ 1718.602530][ T793] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 1718.615831][ T793] usb 2-1: config 0 has no interface number 0 [ 1718.627568][ T793] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1718.637212][ T793] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1718.645846][ T793] usb 2-1: Product: syz [ 1718.651644][ T793] usb 2-1: Manufacturer: syz [ 1718.656314][ T793] usb 2-1: SerialNumber: syz [ 1718.750915][ T793] usb 2-1: config 0 descriptor?? [ 1718.770202][ T793] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1719.000919][ T793] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1719.169909][ T793] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB2 [ 1722.018360][T24210] usb 5-1: string descriptor 0 read error: -71 [ 1722.024592][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1722.025851][ T977] usb 3-1: USB disconnect, device number 87 [ 1722.034080][T24210] usb 5-1: USB disconnect, device number 61 [ 1722.062828][T17343] usb 2-1: USB disconnect, device number 59 [ 1722.132928][T17343] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1722.214449][ T977] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1722.409447][ T977] cp210x 3-1:0.0: device disconnected [ 1722.429851][T17343] quatech-serial ttyUSB2: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB2 [ 1722.451542][T17343] quatech2 2-1:0.51: device disconnected [ 1724.149490][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1724.155888][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1724.623243][T25135] IPVS: set_ctl: invalid protocol: 44 255.255.255.255:20004 [ 1725.094735][T25142] netlink: 8 bytes leftover after parsing attributes in process `syz.1.4993'. [ 1725.637553][T25152] openvswitch: netlink: IPv4 tunnel dst address is zero [ 1725.759303][T25142] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1726.491795][T25168] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5006'. [ 1726.803539][T25168] workqueue: Failed to create a rescuer kthread for wq "bond7": -EINTR [ 1727.173568][T21838] block nbd0: Possible stuck request ffff888027f00000: control (read@0,1024B). Runtime 150 seconds [ 1727.207444][T21838] block nbd0: Possible stuck request ffff888027f00200: control (read@1024,1024B). Runtime 150 seconds [ 1727.220681][T21838] block nbd0: Possible stuck request ffff888027f00400: control (read@2048,1024B). Runtime 150 seconds [ 1727.233210][T21838] block nbd0: Possible stuck request ffff888027f00600: control (read@3072,1024B). Runtime 150 seconds [ 1727.615239][T25179] can0: slcan on ttyS3. [ 1728.123178][T25179] can0 (unregistered): slcan off ttyS3. [ 1728.141312][T25180] can0: slcan on ttyS3. [ 1728.322091][T25188] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1728.346976][T25176] can0 (unregistered): slcan off ttyS3. [ 1728.449059][T25190] tipc: Started in network mode [ 1728.483566][T25190] tipc: Node identity 4, cluster identity 4711 [ 1728.736998][T25190] tipc: Node number set to 4 [ 1728.907886][T25201] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5014'. [ 1728.925793][T25204] netlink: 32 bytes leftover after parsing attributes in process `syz.3.5014'. [ 1730.259442][T25229] netlink: 'syz.2.5018': attribute type 1 has an invalid length. [ 1730.785299][T17343] usb 5-1: new high-speed USB device number 62 using dummy_hcd [ 1731.035839][T25243] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5021'. [ 1731.054307][T25243] 8021q: adding VLAN 0 to HW filter on device bond8 [ 1731.111816][T17343] usb 5-1: Using ep0 maxpacket: 32 [ 1731.137813][T17343] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 1731.155401][T17343] usb 5-1: config 0 has no interface number 0 [ 1731.166240][T17343] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1731.178516][T17343] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1731.199647][T17343] usb 5-1: Product: syz [ 1731.238983][T17343] usb 5-1: Manufacturer: syz [ 1731.250132][T17343] usb 5-1: SerialNumber: syz [ 1731.269900][T17343] usb 5-1: config 0 descriptor?? [ 1731.286190][T17343] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1731.487439][T17343] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1731.540283][T17343] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1731.590054][T25252] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5023'. [ 1731.708172][T25255] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 1731.731780][T25255] ALSA: mixer_oss: invalid index 1374389 [ 1733.420755][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1733.421090][ T793] usb 5-1: USB disconnect, device number 62 [ 1733.673592][ T793] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1733.703420][T25273] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5030'. [ 1733.715887][ T793] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1733.738668][T25273] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5030'. [ 1733.764565][ T793] quatech2 5-1:0.51: device disconnected [ 1734.017455][T17343] usb 2-1: new high-speed USB device number 60 using dummy_hcd [ 1734.267954][T17343] usb 2-1: Using ep0 maxpacket: 8 [ 1734.738629][T25279] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5032'. [ 1734.771048][T25279] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1734.883935][T25287] FAULT_INJECTION: forcing a failure. [ 1734.883935][T25287] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1734.897757][T25287] CPU: 1 UID: 0 PID: 25287 Comm: syz.2.5035 Tainted: G L syzkaller #0 PREEMPT(full) [ 1734.897787][T25287] Tainted: [L]=SOFTLOCKUP [ 1734.897792][T25287] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1734.897803][T25287] Call Trace: [ 1734.897808][T25287] [ 1734.897816][T25287] dump_stack_lvl+0x100/0x190 [ 1734.897846][T25287] should_fail_ex.cold+0x5/0xa [ 1734.897867][T25287] _copy_from_iter+0x1f4/0x1690 [ 1734.897888][T25287] ? __asan_memset+0x23/0x50 [ 1734.897910][T25287] ? __pfx__copy_from_iter+0x10/0x10 [ 1734.897925][T25287] ? __pfx___alloc_skb+0x10/0x10 [ 1734.897955][T25287] netlink_sendmsg+0x808/0xda0 [ 1734.897988][T25287] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1734.898010][T25287] ? PageHuge+0x170/0x180 [ 1734.898041][T25287] ____sys_sendmsg+0x9e1/0xb70 [ 1734.898064][T25287] ? __pfx_netlink_sendmsg+0x10/0x10 [ 1734.898088][T25287] ? __pfx_____sys_sendmsg+0x10/0x10 [ 1734.898124][T25287] ___sys_sendmsg+0x190/0x1e0 [ 1734.898153][T25287] ? __pfx____sys_sendmsg+0x10/0x10 [ 1734.898207][T25287] __sys_sendmsg+0x170/0x220 [ 1734.898229][T25287] ? __pfx___sys_sendmsg+0x10/0x10 [ 1734.898266][T25287] do_syscall_64+0x106/0xf80 [ 1734.898288][T25287] ? clear_bhb_loop+0x40/0x90 [ 1734.898310][T25287] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1734.898329][T25287] RIP: 0033:0x7efce959c799 [ 1734.898344][T25287] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1734.898360][T25287] RSP: 002b:00007efcea50a028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 1734.898378][T25287] RAX: ffffffffffffffda RBX: 00007efce9815fa0 RCX: 00007efce959c799 [ 1734.898390][T25287] RDX: 0000000020040040 RSI: 00002000000004c0 RDI: 0000000000000003 [ 1734.898400][T25287] RBP: 00007efcea50a090 R08: 0000000000000000 R09: 0000000000000000 [ 1734.898409][T25287] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1734.898417][T25287] R13: 00007efce9816038 R14: 00007efce9815fa0 R15: 00007fff708f57a8 [ 1734.898438][T25287] [ 1734.948495][T17343] usb 2-1: config 0 has an invalid interface number: 55 but max is 0 [ 1735.191885][T25291] netlink: 'syz.3.5033': attribute type 1 has an invalid length. [ 1735.279300][T25295] netlink: 'syz.0.5038': attribute type 33 has an invalid length. [ 1735.292803][T25295] netlink: 164 bytes leftover after parsing attributes in process `syz.0.5038'. [ 1735.453304][T17343] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1735.466092][T17343] usb 2-1: config 0 has no interface number 0 [ 1735.474598][T17343] usb 2-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1735.506089][T17343] usb 2-1: config 0 interface 55 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1735.534657][T17343] usb 2-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1735.569711][T17343] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1735.600224][T17343] usb 2-1: config 0 descriptor?? [ 1735.616455][T17343] ldusb 2-1:0.55: Interrupt in endpoint not found [ 1736.757342][T17343] usb 2-1: USB disconnect, device number 60 [ 1736.930735][ T793] usb 5-1: new high-speed USB device number 63 using dummy_hcd [ 1737.111155][ T793] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1737.122603][ T793] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1737.160692][ T793] usb 5-1: config 0 descriptor?? [ 1737.173697][ T793] cp210x 5-1:0.0: cp210x converter detected [ 1737.403496][T25308] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1737.442741][T25308] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1737.460299][T24210] usb 2-1: new high-speed USB device number 61 using dummy_hcd [ 1737.545758][ T793] cp210x 5-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 1737.568527][ T793] cp210x 5-1:0.0: querying part number failed [ 1737.614938][T25321] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1737.628411][ T793] usb 5-1: cp210x converter now attached to ttyUSB0 [ 1737.657697][T24210] usb 2-1: Using ep0 maxpacket: 32 [ 1737.697717][T24210] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 1737.740560][T24210] usb 2-1: config 0 has no interface number 0 [ 1737.760787][T24210] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1737.772369][T24210] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1737.781260][T24210] usb 2-1: Product: syz [ 1737.785568][T24210] usb 2-1: Manufacturer: syz [ 1737.792628][T24210] usb 2-1: SerialNumber: syz [ 1737.831716][T24210] usb 2-1: config 0 descriptor?? [ 1737.859741][T24210] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1738.247932][T25327] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5047'. [ 1738.466692][T25327] 8021q: adding VLAN 0 to HW filter on device bond3 [ 1738.528260][ T793] usb 3-1: new high-speed USB device number 88 using dummy_hcd [ 1738.602813][T24210] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1738.620552][T25331] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5049'. [ 1738.646968][T24210] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB2 [ 1738.699855][ T793] usb 3-1: Using ep0 maxpacket: 8 [ 1738.725603][ T793] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1738.755686][ T793] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1738.765290][T25331] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 1738.806764][ T793] usb 3-1: Product: syz [ 1738.811876][T25331] ALSA: mixer_oss: invalid index 1374389 [ 1738.820261][ T793] usb 3-1: Manufacturer: syz [ 1738.827667][ T793] usb 3-1: SerialNumber: syz [ 1738.837107][T24210] usb 5-1: USB disconnect, device number 63 [ 1738.891991][ T793] usb 3-1: config 0 descriptor?? [ 1738.912831][T24210] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1738.945902][T24210] cp210x 5-1:0.0: device disconnected [ 1739.146395][ T793] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1740.315176][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1740.315983][T17343] usb 2-1: USB disconnect, device number 61 [ 1740.726442][T17343] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1740.774766][T17343] quatech-serial ttyUSB2: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB2 [ 1740.830458][T17343] quatech2 2-1:0.51: device disconnected [ 1741.912943][T25364] netlink: 'syz.0.5058': attribute type 33 has an invalid length. [ 1742.206420][T25368] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5059'. [ 1742.472499][T25368] 8021q: adding VLAN 0 to HW filter on device bond7 [ 1742.569543][T25364] netlink: 164 bytes leftover after parsing attributes in process `syz.0.5058'. [ 1742.624889][ T793] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1742.637787][ T793] usb 3-1: USB disconnect, device number 88 [ 1742.953439][T24210] usb 2-1: new high-speed USB device number 62 using dummy_hcd [ 1743.190929][ T30] audit: type=1400 audit(2000000704.298:2808): avc: denied { mounton } for pid=25379 comm="syz.2.5063" path="/" dev="sysfs" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:sysfs_t tclass=dir permissive=1 [ 1743.213474][T24210] usb 2-1: Using ep0 maxpacket: 8 [ 1743.223587][T24210] usb 2-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1743.233501][T24210] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1743.242675][T24210] usb 2-1: Product: syz [ 1743.250441][T24210] usb 2-1: Manufacturer: syz [ 1743.255151][T24210] usb 2-1: SerialNumber: syz [ 1743.267034][T24210] usb 2-1: config 0 descriptor?? [ 1744.412916][T24210] dvb_usb_rtl28xxu 2-1:0.0: chip type detection failed -110 [ 1744.432097][T24210] dvb_usb_rtl28xxu 2-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -110 [ 1744.769046][T25397] netlink: 388 bytes leftover after parsing attributes in process `syz.2.5067'. [ 1745.571481][T25404] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1746.738178][T25410] syzkaller0: entered promiscuous mode [ 1746.968750][T25410] syzkaller0: entered allmulticast mode [ 1746.984566][T17343] usb 2-1: USB disconnect, device number 62 [ 1747.075920][ T30] audit: type=1400 audit(2000000708.160:2809): avc: denied { ioctl } for pid=25415 comm="syz.0.5074" path="socket:[104308]" dev="sockfs" ino=104308 ioctlcmd=0x8982 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=rxrpc_socket permissive=1 [ 1748.813194][T25447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5080'. [ 1748.829696][T25447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5080'. [ 1748.848971][T25447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5080'. [ 1748.919992][T25447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5080'. [ 1748.937280][T25447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5080'. [ 1748.952128][T25447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5080'. [ 1748.968746][T25447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5080'. [ 1748.989429][T25447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5080'. [ 1749.006657][T25447] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5080'. [ 1749.366695][T25457] CIFS: VFS: Malformed UNC in devname [ 1749.565588][T25459] FAULT_INJECTION: forcing a failure. [ 1749.565588][T25459] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 1750.263758][T25459] CPU: 1 UID: 0 PID: 25459 Comm: syz.2.5085 Tainted: G L syzkaller #0 PREEMPT(full) [ 1750.263790][T25459] Tainted: [L]=SOFTLOCKUP [ 1750.263796][T25459] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1750.263807][T25459] Call Trace: [ 1750.263813][T25459] [ 1750.263820][T25459] dump_stack_lvl+0x100/0x190 [ 1750.263853][T25459] should_fail_ex.cold+0x5/0xa [ 1750.263876][T25459] _copy_to_user+0x32/0xd0 [ 1750.263896][T25459] simple_read_from_buffer+0xcb/0x170 [ 1750.263926][T25459] proc_fail_nth_read+0x1af/0x230 [ 1750.263952][T25459] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1750.263977][T25459] ? rw_verify_area+0xce/0x6d0 [ 1750.264001][T25459] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 1750.264024][T25459] vfs_read+0x1e4/0xb30 [ 1750.264053][T25459] ? __pfx_vfs_read+0x10/0x10 [ 1750.264078][T25459] ? __fget_files+0x215/0x3d0 [ 1750.264102][T25459] ? __fget_files+0x21f/0x3d0 [ 1750.264127][T25459] ksys_read+0x12a/0x250 [ 1750.264152][T25459] ? __pfx_ksys_read+0x10/0x10 [ 1750.264185][T25459] do_syscall_64+0x106/0xf80 [ 1750.264206][T25459] ? clear_bhb_loop+0x40/0x90 [ 1750.264227][T25459] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1750.264244][T25459] RIP: 0033:0x7efce955cfce [ 1750.264264][T25459] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 1750.264280][T25459] RSP: 002b:00007efcea509fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 1750.264297][T25459] RAX: ffffffffffffffda RBX: 00007efcea50a6c0 RCX: 00007efce955cfce [ 1750.264309][T25459] RDX: 000000000000000f RSI: 00007efcea50a0a0 RDI: 0000000000000003 [ 1750.264319][T25459] RBP: 00007efcea50a090 R08: 0000000000000000 R09: 0000000000000000 [ 1750.264329][T25459] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1750.264339][T25459] R13: 00007efce9816038 R14: 00007efce9815fa0 R15: 00007fff708f57a8 [ 1750.264364][T25459] [ 1750.763097][T25465] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 1750.990664][T25464] __nla_validate_parse: 42 callbacks suppressed [ 1750.990684][T25464] netlink: 388 bytes leftover after parsing attributes in process `syz.1.5086'. [ 1751.145528][T17343] usb 5-1: new high-speed USB device number 64 using dummy_hcd [ 1751.445365][T17343] usb 5-1: Using ep0 maxpacket: 32 [ 1751.452327][T17343] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 1751.466769][T17343] usb 5-1: config 0 has no interface number 0 [ 1751.478026][T17343] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1751.489041][T17343] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1751.544940][T25469] bond4: Removing last ns target with arp_interval on [ 1752.510013][T17343] usb 5-1: Product: syz [ 1752.516181][T17343] usb 5-1: Manufacturer: syz [ 1752.520760][T17343] usb 5-1: SerialNumber: syz [ 1752.538231][T17343] usb 5-1: config 0 descriptor?? [ 1752.878781][T17343] usb 5-1: can't set config #0, error -71 [ 1752.915597][T17343] usb 5-1: USB disconnect, device number 64 [ 1753.353356][T25499] CIFS: VFS: Malformed UNC in devname [ 1754.037595][T25510] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5096'. [ 1754.049661][T25510] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5096'. [ 1754.063302][T25510] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5096'. [ 1754.074414][T25510] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5096'. [ 1754.085362][T25510] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5096'. [ 1754.096065][T25510] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5096'. [ 1754.106780][T25510] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5096'. [ 1754.117933][T25510] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5096'. [ 1754.129294][T25510] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5096'. [ 1756.074218][T25520] __nla_validate_parse: 41 callbacks suppressed [ 1756.074231][T25520] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5101'. [ 1756.103991][T25520] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1756.452242][T24210] usb 2-1: new full-speed USB device number 63 using dummy_hcd [ 1757.412574][T21838] block nbd0: Possible stuck request ffff888027f00000: control (read@0,1024B). Runtime 180 seconds [ 1757.426509][T21838] block nbd0: Possible stuck request ffff888027f00200: control (read@1024,1024B). Runtime 180 seconds [ 1757.426540][T24210] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1757.441509][T21838] block nbd0: Possible stuck request ffff888027f00400: control (read@2048,1024B). Runtime 180 seconds [ 1757.462256][T21838] block nbd0: Possible stuck request ffff888027f00600: control (read@3072,1024B). Runtime 180 seconds [ 1757.477977][T25537] CIFS: VFS: Malformed UNC in devname [ 1757.702938][T24210] usb 2-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00 [ 1757.714561][T24210] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1757.727225][T24210] usb 2-1: config 0 descriptor?? [ 1757.737078][T24210] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1757.872071][T17343] usb 3-1: new high-speed USB device number 89 using dummy_hcd [ 1757.955792][T25527] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1757.973797][T25527] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1758.022204][T25527] netlink: 52 bytes leftover after parsing attributes in process `syz.1.5103'. [ 1758.038638][T17343] usb 3-1: Using ep0 maxpacket: 8 [ 1758.066026][T17343] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 1758.155127][T25550] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1758.166360][T25550] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1758.443761][T17343] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1758.468289][T24210] usb 2-1: USB disconnect, device number 63 [ 1758.478517][T17343] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1758.516806][T17343] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8B has invalid maxpacket 12592, setting to 1024 [ 1758.554754][T17343] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x8B has invalid maxpacket 1024 [ 1758.591786][T17343] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1758.693459][T17343] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1758.736229][T17343] usb 3-1: config 0 descriptor?? [ 1758.748576][T25539] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 1759.280496][T24210] usb 3-1: USB disconnect, device number 89 [ 1759.286484][T16197] Bluetooth: hci2: Opcode 0x0c03 failed: -19 [ 1759.411994][T25560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5112'. [ 1759.422835][T25560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5112'. [ 1759.433674][T25560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5112'. [ 1759.444459][T25560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5112'. [ 1759.455264][T25560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5112'. [ 1759.466768][T25560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5112'. [ 1759.477224][T25560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5112'. [ 1759.487660][T25560] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5112'. [ 1759.603799][ T30] audit: type=1400 audit(2000000720.716:2810): avc: denied { ioctl } for pid=25562 comm="syz.3.5114" path="/dev/input/mice" dev="devtmpfs" ino=916 ioctlcmd=0xae41 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:mouse_device_t tclass=chr_file permissive=1 [ 1761.191830][T25573] __nla_validate_parse: 44 callbacks suppressed [ 1761.191842][T25573] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5115'. [ 1761.240905][T25573] 8021q: adding VLAN 0 to HW filter on device bond4 [ 1762.444571][T25599] netdevsim netdevsim1 netdevsim1: entered allmulticast mode [ 1762.530967][ T30] audit: type=1400 audit(2000000723.558:2811): avc: denied { setattr } for pid=25575 comm="syz.1.5117" name="vcsa" dev="devtmpfs" ino=16 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:tty_device_t tclass=chr_file permissive=1 [ 1762.628597][T25597] overlayfs: failed to resolve './file0': -2 [ 1762.830514][T25604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5124'. [ 1762.841502][T25604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5124'. [ 1762.852452][T25604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5124'. [ 1762.863295][T25604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5124'. [ 1762.873795][T25604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5124'. [ 1762.884948][T25604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5124'. [ 1762.895880][T25604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5124'. [ 1762.908477][T25604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5124'. [ 1762.919391][T25604] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5124'. [ 1762.976074][T25606] pimreg3: entered allmulticast mode [ 1763.617619][T25618] nfs: Unknown parameter 'losk' [ 1764.980455][T25624] "syz.4.5131" (25624) uses obsolete ecb(arc4) skcipher [ 1765.954528][T25643] workqueue: Failed to create a rescuer kthread for wq "bond5": -EINTR [ 1766.637619][T25649] __nla_validate_parse: 44 callbacks suppressed [ 1766.637658][T25649] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5140'. [ 1766.823132][T25649] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5140'. [ 1766.840308][T25649] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5140'. [ 1766.863578][T25649] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5140'. [ 1766.882457][T25649] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5140'. [ 1767.186196][T25647] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5140'. [ 1769.410017][T25676] netlink: 32 bytes leftover after parsing attributes in process `syz.0.5147'. [ 1769.858390][T25690] netlink: 68 bytes leftover after parsing attributes in process `syz.4.5138'. [ 1770.454286][T25698] netlink: zone id is out of range [ 1771.527973][T25706] netlink: 24 bytes leftover after parsing attributes in process `syz.4.5154'. [ 1771.827293][T25707] nfs: Unknown parameter 'ÿÿÿÿ' [ 1772.405217][T25723] openvswitch: netlink: IP tunnel dst address not specified [ 1773.226417][T25730] netlink: 28 bytes leftover after parsing attributes in process `syz.2.5161'. [ 1773.280968][T25730] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 1773.298191][T25730] ALSA: mixer_oss: invalid index 1374389 [ 1773.685149][T25739] netlink: zone id is out of range [ 1774.941366][T24210] usb 2-1: new high-speed USB device number 64 using dummy_hcd [ 1775.421113][T24210] usb 2-1: Using ep0 maxpacket: 32 [ 1775.428580][T24210] usb 2-1: config 0 has an invalid interface number: 51 but max is 0 [ 1775.451086][T24210] usb 2-1: config 0 has no interface number 0 [ 1775.569133][T24210] usb 2-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1775.579033][T24210] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1775.592557][T24210] usb 2-1: Product: syz [ 1775.596732][T24210] usb 2-1: Manufacturer: syz [ 1775.602287][T24210] usb 2-1: SerialNumber: syz [ 1775.630049][T24210] usb 2-1: config 0 descriptor?? [ 1776.193218][T24210] quatech2 2-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1776.418396][T24210] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1776.622444][T24210] usb 2-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1776.688052][T25773] nfs: Unknown parameter 'losk' [ 1777.047458][ T30] audit: type=1400 audit(2000000738.165:2812): avc: denied { write } for pid=25763 comm="syz.4.5172" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=xdp_socket permissive=1 [ 1777.235364][T25765] : entered promiscuous mode [ 1778.496297][T25757] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5170'. [ 1778.798686][ C1] hrtimer: interrupt took 28253 ns [ 1779.705640][T25757] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1779.803038][ C1] usb 2-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1779.805475][T17343] usb 2-1: USB disconnect, device number 64 [ 1779.845836][T17343] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1779.874238][T17343] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1779.891543][T17343] quatech2 2-1:0.51: device disconnected [ 1779.977244][T25789] netlink: 4 bytes leftover after parsing attributes in process `syz.1.5178'. [ 1781.613150][T25810] netlink: 36 bytes leftover after parsing attributes in process `syz.1.5185'. [ 1781.636874][T25810] input: syz0 as /devices/virtual/input/input69 [ 1782.490215][T25818] nfs: Unknown parameter 'losk' [ 1784.543378][T25836] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5194'. [ 1784.572561][T25836] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1784.670694][T25839] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5192'. [ 1784.942878][T25847] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5196'. [ 1785.565772][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1785.844132][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1786.079058][T25839] 8021q: adding VLAN 0 to HW filter on device bond5 [ 1786.325635][T25862] nfs: Unknown parameter 'losk' [ 1786.875640][T25847] 8021q: adding VLAN 0 to HW filter on device team1 [ 1787.010862][T25862] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5198'. [ 1787.027170][T25852] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5197'. [ 1787.210762][T25852] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5197'. [ 1787.259808][T25852] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5197'. [ 1787.452621][T25852] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5197'. [ 1787.491515][T21838] block nbd0: Possible stuck request ffff888027f00000: control (read@0,1024B). Runtime 210 seconds [ 1787.512877][T21838] block nbd0: Possible stuck request ffff888027f00200: control (read@1024,1024B). Runtime 210 seconds [ 1787.531168][T21838] block nbd0: Possible stuck request ffff888027f00400: control (read@2048,1024B). Runtime 210 seconds [ 1787.552586][T21838] block nbd0: Possible stuck request ffff888027f00600: control (read@3072,1024B). Runtime 210 seconds [ 1787.573215][T25852] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5197'. [ 1788.042673][T25871] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5200'. [ 1788.850817][T25871] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 1790.022431][T24133] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1790.056646][T24133] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1790.071392][T24133] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1790.185422][T24133] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1790.211685][T24133] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1790.284575][T25891] nfs: Unknown parameter 'losk' [ 1790.802304][T16197] Bluetooth: hci2: unexpected cc 0x0c03 length: 249 > 1 [ 1790.829912][T16197] Bluetooth: hci2: unexpected cc 0x1003 length: 249 > 9 [ 1790.840394][T16197] Bluetooth: hci2: unexpected cc 0x1001 length: 249 > 9 [ 1790.852958][T16197] Bluetooth: hci2: unexpected cc 0x0c23 length: 249 > 4 [ 1790.866394][T16197] Bluetooth: hci2: unexpected cc 0x0c38 length: 249 > 2 [ 1791.093658][T25895] ubi31: attaching mtd0 [ 1791.105091][T25895] ubi31: scanning is finished [ 1791.109822][T25895] ubi31: empty MTD device detected [ 1791.620157][T25895] ubi31: attached mtd0 (name "mtdram test device", size 0 MiB) [ 1791.628246][T25895] ubi31: PEB size: 4096 bytes (4 KiB), LEB size: 3968 bytes [ 1791.635965][T25895] ubi31: min./max. I/O unit sizes: 1/64, sub-page size 1 [ 1791.644128][T25895] ubi31: VID header offset: 64 (aligned 64), data offset: 128 [ 1791.651625][T25895] ubi31: good PEBs: 32, bad PEBs: 0, corrupted PEBs: 0 [ 1791.658886][T25895] ubi31: user volume: 0, internal volumes: 1, max. volumes count: 23 [ 1791.667333][T25895] ubi31: max/mean erase counter: 0/0, WL threshold: 4096, image sequence number: 2124830539 [ 1791.677823][T25895] ubi31: available PEBs: 28, total reserved PEBs: 4, PEBs reserved for bad PEB handling: 0 [ 1791.689885][T25897] ubi31: background thread "ubi_bgt31d" started, PID 25897 [ 1791.929936][ T30] audit: type=1400 audit(2000000753.053:2813): avc: denied { read write } for pid=16966 comm="syz-executor" name="loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1792.654194][ T30] audit: type=1400 audit(2000000753.053:2814): avc: denied { open } for pid=16966 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1792.681272][ T30] audit: type=1400 audit(2000000753.053:2815): avc: denied { ioctl } for pid=16966 comm="syz-executor" path="/dev/loop2" dev="devtmpfs" ino=649 ioctlcmd=0x4c01 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fixed_disk_device_t tclass=blk_file permissive=1 [ 1792.719369][ T30] audit: type=1400 audit(2000000753.323:2816): avc: denied { name_bind } for pid=25899 comm="syz.2.5210" src=2 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:reserved_port_t tclass=tcp_socket permissive=1 [ 1792.992906][T24133] Bluetooth: hci2: command tx timeout [ 1793.079495][T25886] chnl_net:caif_netlink_parms(): no params data found [ 1793.206939][T25886] bridge0: port 1(bridge_slave_0) entered blocking state [ 1793.219207][T25886] bridge0: port 1(bridge_slave_0) entered disabled state [ 1793.259406][T25886] bridge_slave_0: entered allmulticast mode [ 1793.290465][T25912] FAULT_INJECTION: forcing a failure. [ 1793.290465][T25912] name failslab, interval 1, probability 0, space 0, times 0 [ 1793.292943][T25886] bridge_slave_0: entered promiscuous mode [ 1793.338503][T25912] CPU: 0 UID: 0 PID: 25912 Comm: syz.1.5212 Tainted: G L syzkaller #0 PREEMPT(full) [ 1793.338533][T25912] Tainted: [L]=SOFTLOCKUP [ 1793.338540][T25912] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1793.338551][T25912] Call Trace: [ 1793.338557][T25912] [ 1793.338564][T25912] dump_stack_lvl+0x100/0x190 [ 1793.338599][T25912] should_fail_ex.cold+0x5/0xa [ 1793.338622][T25912] ? create_ruleset+0x21/0x140 [ 1793.338647][T25912] should_failslab+0xc2/0x120 [ 1793.338666][T25912] __kmalloc_noprof+0xe0/0x850 [ 1793.338696][T25912] create_ruleset+0x21/0x140 [ 1793.338720][T25912] landlock_merge_ruleset+0xbb/0x830 [ 1793.338746][T25912] ? prepare_creds+0x5ee/0x950 [ 1793.338770][T25912] __do_sys_landlock_restrict_self+0x2a6/0x9e0 [ 1793.338801][T25912] do_syscall_64+0x106/0xf80 [ 1793.338822][T25912] ? clear_bhb_loop+0x40/0x90 [ 1793.338844][T25912] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1793.338862][T25912] RIP: 0033:0x7f82f3f9c799 [ 1793.338886][T25912] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1793.338903][T25912] RSP: 002b:00007f82f21f6028 EFLAGS: 00000246 ORIG_RAX: 00000000000001be [ 1793.338920][T25912] RAX: ffffffffffffffda RBX: 00007f82f4215fa0 RCX: 00007f82f3f9c799 [ 1793.338932][T25912] RDX: 0000000000000000 RSI: 000000000000000e RDI: 0000000000000003 [ 1793.338942][T25912] RBP: 00007f82f21f6090 R08: 0000000000000000 R09: 0000000000000000 [ 1793.338952][T25912] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1793.338962][T25912] R13: 00007f82f4216038 R14: 00007f82f4215fa0 R15: 00007ffc0f836558 [ 1793.338987][T25912] [ 1793.564098][T25911] netlink: 'syz.2.5211': attribute type 33 has an invalid length. [ 1793.573912][T25911] __nla_validate_parse: 45 callbacks suppressed [ 1793.573925][T25911] netlink: 164 bytes leftover after parsing attributes in process `syz.2.5211'. [ 1793.913595][T25886] bridge0: port 2(bridge_slave_1) entered blocking state [ 1793.943444][T25886] bridge0: port 2(bridge_slave_1) entered disabled state [ 1793.950677][T25886] bridge_slave_1: entered allmulticast mode [ 1794.015574][T25886] bridge_slave_1: entered promiscuous mode [ 1794.204961][T25886] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1794.346460][T25886] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1794.371740][T24210] usb 3-1: new high-speed USB device number 90 using dummy_hcd [ 1794.456669][T25925] nfs: Unknown parameter 'losk' [ 1794.751662][T25925] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5216'. [ 1794.783796][ T30] audit: type=1400 audit(2000000755.604:2817): avc: denied { prog_load } for pid=25922 comm="syz.4.5216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1795.082952][T24133] Bluetooth: hci2: command tx timeout [ 1795.115970][ T30] audit: type=1400 audit(2000000755.604:2818): avc: denied { bpf } for pid=25922 comm="syz.4.5216" capability=39 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 1795.193018][ T30] audit: type=1400 audit(2000000755.604:2819): avc: denied { perfmon } for pid=25922 comm="syz.4.5216" capability=38 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=capability2 permissive=1 [ 1795.214274][ T30] audit: type=1400 audit(2000000755.694:2820): avc: denied { map_create } for pid=25922 comm="syz.4.5216" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1795.236615][T24210] usb 3-1: New USB device found, idVendor=2c42, idProduct=1709, bcdDevice=ca.b7 [ 1795.247035][T24210] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1795.260197][T24210] usb 3-1: Product: syz [ 1795.265324][T24210] usb 3-1: Manufacturer: syz [ 1795.274087][T25886] team0: Port device team_slave_0 added [ 1795.294347][T24210] usb 3-1: SerialNumber: syz [ 1795.323166][T25886] team0: Port device team_slave_1 added [ 1795.335249][ T30] audit: type=1400 audit(2000000756.454:2821): avc: denied { map_read map_write } for pid=25920 comm="syz.1.5217" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1795.388127][T24210] usb 3-1: config 0 descriptor?? [ 1795.565495][T25886] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1795.598061][T25886] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1795.685453][T25886] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1795.847904][T25886] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1795.886842][T25886] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1795.983375][T25886] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1796.083667][T25919] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5214'. [ 1796.383742][T25919] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1796.444017][T25919] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1796.866761][T25944] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5221'. [ 1797.118216][T25919] netlink: 12 bytes leftover after parsing attributes in process `syz.2.5214'. [ 1797.123641][T25886] hsr_slave_0: entered promiscuous mode [ 1797.143490][T25886] hsr_slave_1: entered promiscuous mode [ 1797.157065][T25886] debugfs: 'hsr0' already exists in 'hsr' [ 1797.157713][T24133] Bluetooth: hci2: command tx timeout [ 1797.177073][ T30] audit: type=1400 audit(2000000758.305:2822): avc: denied { setopt } for pid=25943 comm="syz.1.5222" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 1797.322366][T25886] Cannot create hsr debugfs directory [ 1797.433969][T25944] 8021q: adding VLAN 0 to HW filter on device bond6 [ 1797.537305][T24210] usb 3-1: f81604_read: reg: 200f failed: -EPROTO [ 1797.596338][T24210] usb 3-1: USB disconnect, device number 90 [ 1797.785250][ T5474] usb 3-1: f81604_read: reg: 100f failed: -ENODEV [ 1797.797982][ T5474] usb 3-1: f81604_read: reg: 200f failed: -ENODEV [ 1798.069787][T24210] usb 3-1: f81604_read: reg: 100f failed: -ENODEV [ 1798.257879][ T5474] usb 3-1: f81604_read: reg: 200f failed: -ENODEV [ 1798.382629][ T5474] usb 3-1: f81604_read: reg: 200f failed: -ENODEV [ 1798.400953][ T5474] usb 3-1: f81604_read: reg: 200f failed: -ENODEV [ 1799.130781][T25968] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1799.231250][T24133] Bluetooth: hci2: command tx timeout [ 1799.290780][ T30] audit: type=1400 audit(2000000760.426:2823): avc: denied { prog_run } for pid=25964 comm="syz.3.5226" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=bpf permissive=1 [ 1799.755147][T24210] usb 3-1: f81604_read: reg: 200f failed: -ENODEV [ 1799.774667][T25983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5232'. [ 1799.788073][T25983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5232'. [ 1799.811187][T25990] FAULT_INJECTION: forcing a failure. [ 1799.811187][T25990] name failslab, interval 1, probability 0, space 0, times 0 [ 1799.825919][T25990] CPU: 0 UID: 0 PID: 25990 Comm: syz.2.5234 Tainted: G L syzkaller #0 PREEMPT(full) [ 1799.825947][T25990] Tainted: [L]=SOFTLOCKUP [ 1799.825953][T25990] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 1799.825960][T25990] Call Trace: [ 1799.825964][T25990] [ 1799.825969][T25990] dump_stack_lvl+0x100/0x190 [ 1799.825991][T25990] should_fail_ex.cold+0x5/0xa [ 1799.826006][T25990] ? tomoyo_encode2+0xfb/0x3c0 [ 1799.826022][T25990] should_failslab+0xc2/0x120 [ 1799.826033][T25990] __kmalloc_noprof+0xe0/0x850 [ 1799.826049][T25990] ? d_absolute_path+0x136/0x1b0 [ 1799.826068][T25990] tomoyo_encode2+0xfb/0x3c0 [ 1799.826087][T25990] tomoyo_encode+0x29/0x50 [ 1799.826103][T25990] tomoyo_realpath_from_path+0x18c/0x690 [ 1799.826123][T25990] tomoyo_path_number_perm+0x23c/0x580 [ 1799.826137][T25990] ? tomoyo_path_number_perm+0x22e/0x580 [ 1799.826152][T25990] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 1799.826181][T25990] ? find_held_lock+0x2b/0x80 [ 1799.826195][T25990] ? __fget_files+0x215/0x3d0 [ 1799.826206][T25990] ? hook_file_ioctl_common+0x146/0x410 [ 1799.826228][T25990] ? __fget_files+0x21f/0x3d0 [ 1799.826242][T25990] security_file_ioctl+0xd3/0x230 [ 1799.826258][T25990] __x64_sys_ioctl+0xb7/0x210 [ 1799.826276][T25990] do_syscall_64+0x106/0xf80 [ 1799.826291][T25990] ? clear_bhb_loop+0x40/0x90 [ 1799.826305][T25990] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 1799.826317][T25990] RIP: 0033:0x7efce959c799 [ 1799.826327][T25990] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 1799.826338][T25990] RSP: 002b:00007efcea50a028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 1799.826351][T25990] RAX: ffffffffffffffda RBX: 00007efce9815fa0 RCX: 00007efce959c799 [ 1799.826358][T25990] RDX: 00002000000001c0 RSI: 00000000c0306201 RDI: 0000000000000003 [ 1799.826365][T25990] RBP: 00007efcea50a090 R08: 0000000000000000 R09: 0000000000000000 [ 1799.826371][T25990] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 1799.826378][T25990] R13: 00007efce9816038 R14: 00007efce9815fa0 R15: 00007fff708f57a8 [ 1799.826394][T25990] [ 1799.826659][T25983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5232'. [ 1799.827039][T25990] ERROR: Out of memory at tomoyo_realpath_from_path. [ 1800.103977][T25983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5232'. [ 1800.116097][T25983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5232'. [ 1800.141731][T25983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5232'. [ 1800.160309][T25983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5232'. [ 1800.180290][T25983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5232'. [ 1800.216823][T25983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5232'. [ 1800.277467][T25983] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5232'. [ 1800.525615][T26002] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 1800.661990][T26002] ALSA: mixer_oss: invalid index 1374389 [ 1800.959304][T25534] bridge_slave_1: left allmulticast mode [ 1800.993404][T25534] bridge_slave_1: left promiscuous mode [ 1801.028661][T25534] bridge0: port 2(bridge_slave_1) entered disabled state [ 1801.085302][T25534] bridge_slave_0: left allmulticast mode [ 1801.122240][T25534] bridge_slave_0: left promiscuous mode [ 1801.160685][T25534] bridge0: port 1(bridge_slave_0) entered disabled state [ 1802.259950][ T30] audit: type=1400 audit(2000000763.398:2824): avc: denied { create } for pid=26038 comm="syz.2.5245" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1802.504313][T25534] bond5 (unregistering): (slave ip6gretap1): Releasing active interface [ 1803.174984][T25534] bond1 (unregistering): (slave erspan1): Releasing active interface [ 1803.268507][T26058] netlink: 'syz.4.5248': attribute type 33 has an invalid length. [ 1803.379451][T25534] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 1803.399686][T25534] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 1803.418867][T25534] bond0 (unregistering): Released all slaves [ 1803.428518][T25534] bond1 (unregistering): Released all slaves [ 1803.441151][T25534] bond2 (unregistering): Released all slaves [ 1803.465826][T25534] bond3 (unregistering): (slave veth3): Releasing active interface [ 1803.481553][T25534] bond3 (unregistering): Released all slaves [ 1803.498082][T25534] bond4 (unregistering): Released all slaves [ 1803.510088][T25534] bond5 (unregistering): Released all slaves [ 1803.522275][T25534] bond6 (unregistering): Released all slaves [ 1803.533333][T25534] bond7 (unregistering): Released all slaves [ 1803.553855][T25534] bond8 (unregistering): Released all slaves [ 1803.661507][T25534] : left promiscuous mode [ 1803.771891][T25534] tipc: Left network mode [ 1803.800925][T25534] IPVS: stopping backup sync thread 18168 ... [ 1804.067926][ T793] usb 3-1: new high-speed USB device number 91 using dummy_hcd [ 1804.151266][T25534] hsr_slave_0: left promiscuous mode [ 1804.159271][ T30] audit: type=1400 audit(2000000765.219:2825): avc: denied { read } for pid=26070 comm="syz.1.5251" name="fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1804.217677][T25534] hsr_slave_1: left promiscuous mode [ 1804.228723][T25534] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 1804.237673][ T793] usb 3-1: Using ep0 maxpacket: 32 [ 1804.251774][ T793] usb 3-1: unable to get BOS descriptor or descriptor too short [ 1804.271653][ T30] audit: type=1400 audit(2000000765.219:2826): avc: denied { open } for pid=26070 comm="syz.1.5251" path="/dev/fb0" dev="devtmpfs" ino=629 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1804.311946][T25534] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 1804.327347][ T793] usb 3-1: config 4 has an invalid interface number: 17 but max is 0 [ 1804.347965][ T793] usb 3-1: config 4 has no interface number 0 [ 1804.354061][ T793] usb 3-1: config 4 interface 17 has no altsetting 0 [ 1804.489194][ T30] audit: type=1400 audit(2000000765.219:2827): avc: denied { ioctl } for pid=26070 comm="syz.1.5251" path="/dev/fb0" dev="devtmpfs" ino=629 ioctlcmd=0x4611 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:framebuf_device_t tclass=chr_file permissive=1 [ 1804.525663][ T793] usb 3-1: New USB device found, idVendor=0c45, idProduct=8008, bcdDevice=7d.2a [ 1804.537823][ T793] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1804.571089][ T793] usb 3-1: Product: syz [ 1804.627271][T26086] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 1805.120147][ T793] usb 3-1: Manufacturer: syz [ 1805.127225][T25534] batadv1 (unregistering): left allmulticast mode [ 1805.136700][ T793] usb 3-1: SerialNumber: syz [ 1805.150296][T25534] team0 (unregistering): Port device batadv1 removed [ 1805.491466][ T793] gspca_main: sn9c2028-2.14.0 probing 0c45:8008 [ 1805.523457][ T793] gspca_sn9c2028: read1 error -71 [ 1805.541156][ T793] gspca_sn9c2028: read1 error -71 [ 1805.571092][ T793] gspca_sn9c2028: read1 error -71 [ 1805.588150][ T793] sn9c2028 3-1:4.17: probe with driver sn9c2028 failed with error -71 [ 1805.604438][T25534] team_slave_1 (unregistering): left allmulticast mode [ 1805.624357][ T793] usb 3-1: USB disconnect, device number 91 [ 1805.658680][T25534] team0 (unregistering): Port device team_slave_1 removed [ 1805.720847][T25534] team_slave_0 (unregistering): left allmulticast mode [ 1805.738124][T25534] team0 (unregistering): Port device team_slave_0 removed [ 1805.971303][T25534] dummy0 (unregistering): left allmulticast mode [ 1806.091527][T25534] team0 (unregistering): Port device dummy0 removed [ 1806.533003][T26107] can0: slcan on ttyS3. [ 1806.698447][ T30] audit: type=1400 audit(2000000767.830:2828): avc: denied { connect } for pid=26102 comm="syz.2.5257" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1807.094365][T25886] netdevsim netdevsim0 netdevsim0: renamed from eth0 [ 1807.131893][T25886] netdevsim netdevsim0 netdevsim1: renamed from eth1 [ 1807.148952][T25886] netdevsim netdevsim0 netdevsim2: renamed from eth2 [ 1807.220084][T25886] netdevsim netdevsim0 netdevsim3: renamed from eth3 [ 1807.228047][T26107] can0 (unregistered): slcan off ttyS3. [ 1808.516471][T26111] __nla_validate_parse: 97 callbacks suppressed [ 1808.516489][T26111] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5258'. [ 1808.533212][T26111] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5258'. [ 1808.543688][T26111] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5258'. [ 1808.555545][T26111] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5258'. [ 1808.565950][T26111] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5258'. [ 1808.576368][T26111] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5258'. [ 1808.586838][T26111] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5258'. [ 1808.597308][T26111] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5258'. [ 1808.607721][T26111] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5258'. [ 1808.617739][T26111] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5258'. [ 1808.889250][T25886] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1809.035634][T25886] 8021q: adding VLAN 0 to HW filter on device team0 [ 1809.630339][T20159] bridge0: port 1(bridge_slave_0) entered blocking state [ 1809.637470][T20159] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1810.656753][T26153] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 1810.718852][T23754] bridge0: port 2(bridge_slave_1) entered blocking state [ 1810.734266][T23754] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1810.869026][T25534] IPVS: stop unused estimator thread 0... [ 1812.084344][ T977] usb 4-1: new full-speed USB device number 86 using dummy_hcd [ 1812.215210][T25886] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1812.266684][ T977] usb 4-1: unable to get BOS descriptor or descriptor too short [ 1812.277416][ T977] usb 4-1: not running at top speed; connect to a high speed hub [ 1812.314130][ T977] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1812.349998][ T977] usb 4-1: config 0 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 5 [ 1812.525135][T25886] veth0_vlan: entered promiscuous mode [ 1812.604576][ T977] usb 4-1: New USB device found, idVendor=0763, idProduct=1002, bcdDevice=5f.84 [ 1812.615745][ T977] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1812.634066][ T977] usb 4-1: Product: syz [ 1812.653827][ T977] usb 4-1: Manufacturer: syz [ 1812.660176][T25886] veth1_vlan: entered promiscuous mode [ 1812.673535][ T977] usb 4-1: SerialNumber: syz [ 1812.797199][ T977] usb 4-1: config 0 descriptor?? [ 1812.827031][ T977] usb 4-1: Quirk or no altset; falling back to MIDI 1.0 [ 1812.839955][T25886] veth0_macvtap: entered promiscuous mode [ 1812.868033][T25886] veth1_macvtap: entered promiscuous mode [ 1812.935467][T25886] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1813.145318][T25886] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1813.150439][ T977] snd-usb-audio 4-1:0.0: probe with driver snd-usb-audio failed with error -2 [ 1813.197103][T20159] netdevsim netdevsim0 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1813.214939][T23754] netdevsim netdevsim0 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1813.216864][ T977] usb 4-1: USB disconnect, device number 86 [ 1813.229042][T23754] netdevsim netdevsim0 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1813.268651][T18014] udevd[18014]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:0.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 1813.288494][T23754] netdevsim netdevsim0 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1813.966693][T25534] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1813.999116][T25534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1814.570197][T26197] can0: slcan on ttyS3. [ 1814.669463][T25534] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1814.678024][T26198] can0 (unregistered): slcan off ttyS3. [ 1814.695640][T25534] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1814.706603][T26199] can0: slcan on ttyS3. [ 1814.803237][T26200] can0 (unregistered): slcan off ttyS3. [ 1816.259080][T26207] __nla_validate_parse: 94 callbacks suppressed [ 1816.259121][T26207] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5278'. [ 1816.646915][T26207] workqueue: Failed to create a rescuer kthread for wq "bond8": -EINTR [ 1817.046598][T26217] ubi: mtd0 is already attached to ubi31 [ 1817.314397][ T977] usb 1-1: new high-speed USB device number 33 using dummy_hcd [ 1817.447678][ T30] audit: type=1400 audit(2000000778.585:2829): avc: denied { setopt } for pid=26222 comm="syz.3.5282" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 1817.551880][T21838] block nbd0: Possible stuck request ffff888027f00000: control (read@0,1024B). Runtime 240 seconds [ 1817.564975][T21838] block nbd0: Possible stuck request ffff888027f00200: control (read@1024,1024B). Runtime 240 seconds [ 1817.578565][T21838] block nbd0: Possible stuck request ffff888027f00400: control (read@2048,1024B). Runtime 240 seconds [ 1817.601669][T21838] block nbd0: Possible stuck request ffff888027f00600: control (read@3072,1024B). Runtime 240 seconds [ 1817.747851][ T977] usb 1-1: config 0 has no interfaces? [ 1817.754950][ T977] usb 1-1: New USB device found, idVendor=06cd, idProduct=010f, bcdDevice=d5.1b [ 1817.768795][ T977] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1817.844245][ T977] usb 1-1: config 0 descriptor?? [ 1818.296188][T26215] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1818.312731][T26235] netlink: 4 bytes leftover after parsing attributes in process `syz.3.5284'. [ 1818.339339][T26215] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1818.450087][ T793] usb 1-1: USB disconnect, device number 33 [ 1818.632494][T26242] netlink: zone id is out of range [ 1818.728771][T26243] can0: slcan on ttyS3. [ 1819.212730][T26233] netlink: 124 bytes leftover after parsing attributes in process `syz.4.5283'. [ 1819.310927][T26243] can0 (unregistered): slcan off ttyS3. [ 1819.316883][T26244] can0: slcan on ttyS3. [ 1819.560889][T26238] can0 (unregistered): slcan off ttyS3. [ 1819.917570][ T30] audit: type=1400 audit(2000000781.057:2830): avc: denied { getopt } for pid=26257 comm="syz.3.5288" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netrom_socket permissive=1 [ 1820.400862][T26270] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5291'. [ 1820.930563][T26270] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1822.885493][T26288] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5294'. [ 1822.944452][T26288] 8021q: adding VLAN 0 to HW filter on device bond8 [ 1823.196065][T26296] netlink: 28 bytes leftover after parsing attributes in process `syz.4.5296'. [ 1823.261074][T26300] misc userio: Invalid payload size [ 1823.665257][T26296] ALSA: mixer_oss: invalid OSS volume 'PHlâ6žžqÓ†ØÈÌONEOUT' [ 1823.741714][T26296] ALSA: mixer_oss: invalid index 1374389 [ 1823.826938][T26307] can0: slcan on ttyS3. [ 1824.334530][T26307] can0 (unregistered): slcan off ttyS3. [ 1824.343977][T26308] can0: slcan on ttyS3. [ 1824.430394][T26302] can0 (unregistered): slcan off ttyS3. [ 1824.607911][T26314] CIFS: VFS: Malformed UNC in devname [ 1824.877936][T25111] usb 2-1: new full-speed USB device number 65 using dummy_hcd [ 1825.052237][T25111] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1825.067676][T17343] usb 5-1: new high-speed USB device number 65 using dummy_hcd [ 1825.100193][T25111] usb 2-1: New USB device found, idVendor=0c70, idProduct=f011, bcdDevice= 0.00 [ 1825.373966][T26327] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5302'. [ 1825.882287][T26327] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1826.294744][T25111] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1826.330868][T25111] usb 2-1: config 0 descriptor?? [ 1826.337821][T17343] usb 5-1: Using ep0 maxpacket: 32 [ 1826.560626][T17343] usb 5-1: config 0 has an invalid interface number: 51 but max is 0 [ 1826.640789][T17343] usb 5-1: config 0 has no interface number 0 [ 1826.649746][T25111] usbhid 2-1:0.0: couldn't find an input interrupt endpoint [ 1826.661475][T17343] usb 5-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1826.710699][T17343] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1826.758571][T17343] usb 5-1: Product: syz [ 1826.766200][T17343] usb 5-1: Manufacturer: syz [ 1826.779443][T17343] usb 5-1: SerialNumber: syz [ 1826.809759][T26335] netlink: 'syz.3.5305': attribute type 33 has an invalid length. [ 1826.818160][T17343] usb 5-1: config 0 descriptor?? [ 1826.840980][T17343] quatech2 5-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1826.879395][T26335] netlink: 164 bytes leftover after parsing attributes in process `syz.3.5305'. [ 1826.905652][T26316] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1826.950961][T26316] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1827.267943][T26316] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5300'. [ 1827.363407][T26316] vlan2: entered allmulticast mode [ 1827.363706][T17343] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1827.413444][T17343] usb 5-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1827.492033][T26341] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 1827.509888][T26341] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 1827.822634][ C0] usb 5-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1827.826113][ T793] usb 5-1: USB disconnect, device number 65 [ 1828.072559][ T793] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1828.098985][ T793] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1828.129595][ T24] usb 2-1: USB disconnect, device number 65 [ 1828.148840][ T793] quatech2 5-1:0.51: device disconnected [ 1828.567302][T26346] CIFS: VFS: Malformed UNC in devname [ 1828.754749][ T793] usb 5-1: new high-speed USB device number 66 using dummy_hcd [ 1829.044985][T26355] netlink: 260 bytes leftover after parsing attributes in process `syz.1.5309'. [ 1829.082661][ T30] audit: type=1400 audit(2000000790.191:2831): avc: denied { getopt } for pid=26347 comm="syz.1.5309" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=x25_socket permissive=1 [ 1829.124261][ T793] usb 5-1: Using ep0 maxpacket: 8 [ 1829.480796][ T793] usb 5-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1829.620282][ T793] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1829.674549][ T793] usb 5-1: Product: syz [ 1829.678788][ T793] usb 5-1: Manufacturer: syz [ 1829.684525][ T793] usb 5-1: SerialNumber: syz [ 1829.704297][ T793] usb 5-1: config 0 descriptor?? [ 1829.743531][T26359] can0: slcan on ttyS3. [ 1830.208599][ T793] usb 5-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1830.236903][T26359] can0 (unregistered): slcan off ttyS3. [ 1830.311105][T26357] orangefs_devreq_write_iter: total:0: must be at least:8240: [ 1830.671885][T26365] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5312'. [ 1831.121033][T26365] workqueue: Failed to create a rescuer kthread for wq "bond9": -EINTR [ 1831.537851][ T793] dvb_usb_rtl28xxu 5-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1831.615068][ T30] audit: type=1326 audit(2000000792.742:2832): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26353 comm="syz.3.5311" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fc39b79c799 code=0x0 [ 1832.093330][ T793] usb 3-1: new full-speed USB device number 92 using dummy_hcd [ 1832.244550][ T793] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 1832.261980][ T793] usb 3-1: can't read configurations, error -61 [ 1832.402576][ T793] usb 3-1: new full-speed USB device number 93 using dummy_hcd [ 1832.604102][ T793] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 1832.624358][ T793] usb 3-1: can't read configurations, error -61 [ 1832.643307][ T793] usb usb3-port1: attempt power cycle [ 1832.854055][T25111] usb 5-1: USB disconnect, device number 66 [ 1833.182517][ T793] usb 3-1: new full-speed USB device number 94 using dummy_hcd [ 1833.466837][T26387] SELinux: unrecognized netlink message: protocol=0 nlmsg_type=1540 sclass=netlink_route_socket pid=26387 comm=syz.4.5317 [ 1833.492803][ T793] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 1833.503494][ T793] usb 3-1: can't read configurations, error -61 [ 1833.712001][ T793] usb 3-1: new full-speed USB device number 95 using dummy_hcd [ 1833.750992][ T793] usb 3-1: unable to read config index 0 descriptor/start: -61 [ 1833.766043][ T793] usb 3-1: can't read configurations, error -61 [ 1833.829502][ T793] usb usb3-port1: unable to enumerate USB device [ 1835.073969][T26402] netlink: 12 bytes leftover after parsing attributes in process `syz.4.5319'. [ 1836.507301][T26413] slcan: can't register candev [ 1836.861599][T26430] openvswitch: netlink: IP tunnel dst address not specified [ 1836.890474][ T793] usb 3-1: new high-speed USB device number 96 using dummy_hcd [ 1837.411301][T25111] usb 2-1: new high-speed USB device number 66 using dummy_hcd [ 1837.541749][ T793] usb 3-1: Using ep0 maxpacket: 8 [ 1837.578756][T25111] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1837.616683][ T793] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1837.656298][ T793] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1837.665141][T25111] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1837.665170][T25111] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 5 [ 1837.665210][T25111] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2d50, bcdDevice= 0.00 [ 1837.665231][T25111] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1837.711084][ T793] usb 3-1: Product: syz [ 1837.775020][ T793] usb 3-1: Manufacturer: syz [ 1837.780681][ T793] usb 3-1: SerialNumber: syz [ 1837.848225][T25111] usb 2-1: config 0 descriptor?? [ 1837.904055][ T793] usb 3-1: config 0 descriptor?? [ 1838.118813][T18589] Bluetooth: (null): Invalid header checksum [ 1838.130208][ T793] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1838.142017][T18589] Bluetooth: (null): Invalid header checksum [ 1838.762898][T25111] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0 [ 1838.774907][T23754] Bluetooth: (null): Invalid header checksum [ 1838.787322][T25111] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0 [ 1839.163559][ T793] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -32 [ 1839.340571][T23754] Bluetooth: (null): Invalid header checksum [ 1839.346871][T25111] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0 [ 1839.370297][T23754] Bluetooth: (null): Invalid header checksum [ 1839.380910][T25111] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0 [ 1839.392866][T23754] Bluetooth: (null): Invalid header checksum [ 1839.414944][T25111] kovaplus 0003:1E7D:2D50.0009: unknown main item tag 0x0 [ 1839.464423][T25111] kovaplus 0003:1E7D:2D50.0009: hidraw0: USB HID v0.00 Device [HID 1e7d:2d50] on usb-dummy_hcd.1-1/input0 [ 1839.597473][T25111] usb 2-1: USB disconnect, device number 66 [ 1839.725556][ T30] audit: type=1400 audit(2000000800.876:2833): avc: denied { create } for pid=26446 comm="syz.1.5333" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=key_socket permissive=1 [ 1839.765057][T26442] fido_id[26442]: Failed to open report descriptor at '/sys/devices/platform/dummy_hcd.1/usb2/report_descriptor': No such file or directory [ 1840.415255][ T793] usb 3-1: USB disconnect, device number 96 [ 1840.510499][T26465] netlink: 'syz.0.5337': attribute type 1 has an invalid length. [ 1840.533278][T26465] netlink: 5220 bytes leftover after parsing attributes in process `syz.0.5337'. [ 1840.656859][T26465] nbd: illegal input index 1638444 [ 1841.067896][T26471] Cannot find del_set index 2 as target [ 1841.109615][T26471] netlink: 260 bytes leftover after parsing attributes in process `syz.0.5337'. [ 1841.691738][T24133] Bluetooth: hci2: command tx timeout [ 1842.281281][T26484] netlink: zone id is out of range [ 1842.390169][T17343] usb 5-1: new high-speed USB device number 67 using dummy_hcd [ 1842.485037][ T30] audit: type=1400 audit(2000000802.621:2834): avc: denied { getopt } for pid=26488 comm="syz.0.5345" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=netlink_generic_socket permissive=1 [ 1842.568793][T17343] usb 5-1: no configurations [ 1842.573487][T17343] usb 5-1: can't read configurations, error -22 [ 1843.321899][T17343] usb 5-1: new high-speed USB device number 68 using dummy_hcd [ 1843.573634][T26502] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5346'. [ 1843.774537][T26502] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 1843.858973][T17343] usb 5-1: no configurations [ 1843.878525][T17343] usb 5-1: can't read configurations, error -22 [ 1843.885427][T17343] usb usb5-port1: attempt power cycle [ 1844.735652][T17343] usb 5-1: new high-speed USB device number 69 using dummy_hcd [ 1844.747428][T26486] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5341'. [ 1844.769162][T17343] usb 5-1: no configurations [ 1844.773785][T17343] usb 5-1: can't read configurations, error -22 [ 1844.977449][T17343] usb 5-1: new high-speed USB device number 70 using dummy_hcd [ 1844.992066][T26521] netlink: 16 bytes leftover after parsing attributes in process `syz.0.5354'. [ 1845.334089][T26518] netlink: 156 bytes leftover after parsing attributes in process `syz.2.5352'. [ 1845.633013][T26486] 8021q: adding VLAN 0 to HW filter on device bond7 [ 1845.778014][T17343] usb 5-1: device descriptor read/8, error -71 [ 1845.950998][T26526] netlink: zone id is out of range [ 1845.988198][T17343] usb usb5-port1: unable to enumerate USB device [ 1846.978744][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1847.000471][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1847.611155][T21838] block nbd0: Possible stuck request ffff888027f00000: control (read@0,1024B). Runtime 270 seconds [ 1847.626108][T21838] block nbd0: Possible stuck request ffff888027f00200: control (read@1024,1024B). Runtime 270 seconds [ 1847.639489][T21838] block nbd0: Possible stuck request ffff888027f00400: control (read@2048,1024B). Runtime 270 seconds [ 1847.677195][T21838] block nbd0: Possible stuck request ffff888027f00600: control (read@3072,1024B). Runtime 270 seconds [ 1850.904070][ T793] usb 3-1: new high-speed USB device number 97 using dummy_hcd [ 1850.971905][T26573] ubi: mtd0 is already attached to ubi31 [ 1851.093367][ T30] audit: type=1400 audit(2000000811.246:2835): avc: denied { allowed } for pid=26574 comm="syz.1.5370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 1851.121163][ T793] usb 3-1: no configurations [ 1851.126391][ T793] usb 3-1: can't read configurations, error -22 [ 1851.324575][ T793] usb 3-1: new high-speed USB device number 98 using dummy_hcd [ 1851.333587][ T30] audit: type=1400 audit(2000000811.376:2836): avc: denied { sqpoll } for pid=26574 comm="syz.1.5370" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=io_uring permissive=1 [ 1851.638920][ T30] audit: type=1400 audit(2000000811.796:2837): avc: denied { getopt } for pid=26587 comm="syz.1.5373" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=mctp_socket permissive=1 [ 1852.182853][ T793] usb 3-1: no configurations [ 1852.187584][ T793] usb 3-1: can't read configurations, error -22 [ 1852.242570][ T793] usb usb3-port1: attempt power cycle [ 1852.602480][ T793] usb 3-1: new high-speed USB device number 99 using dummy_hcd [ 1852.673989][ T793] usb 3-1: no configurations [ 1853.044324][ T793] usb 3-1: can't read configurations, error -22 [ 1853.624151][T11585] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 1854.028350][T11585] usb 4-1: Using ep0 maxpacket: 8 [ 1854.058301][T11585] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 1854.086937][T26611] openvswitch: netlink: IP tunnel dst address not specified [ 1854.497723][T11585] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1854.533171][T11585] usb 4-1: config 0 has no interface number 0 [ 1854.548060][T11585] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1854.609626][T11585] usb 4-1: config 0 interface 55 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1854.674632][T11585] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1854.698807][T11585] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1854.699897][T26613] netlink: 4 bytes leftover after parsing attributes in process `syz.0.5381'. [ 1854.744621][T11585] usb 4-1: config 0 descriptor?? [ 1854.763942][T11585] ldusb 4-1:0.55: Interrupt in endpoint not found [ 1854.877859][T26616] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5384'. [ 1854.911329][ T30] audit: type=1326 audit(2000000815.058:2838): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1854.983390][ T30] audit: type=1326 audit(2000000815.058:2839): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1855.835156][ T30] audit: type=1326 audit(2000000815.058:2840): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=186 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1855.873505][T11585] usb 4-1: USB disconnect, device number 87 [ 1855.945421][ T30] audit: type=1326 audit(2000000815.058:2841): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1856.042558][ T30] audit: type=1326 audit(2000000815.058:2842): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1856.063889][T26629] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1856.132418][ T30] audit: type=1326 audit(2000000815.058:2843): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=129 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1856.188312][ T30] audit: type=1326 audit(2000000815.058:2844): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1856.391746][ T30] audit: type=1326 audit(2000000815.058:2845): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1856.420587][T24210] usb 5-1: new high-speed USB device number 71 using dummy_hcd [ 1856.643154][T24210] usb 5-1: no configurations [ 1856.928619][ T30] audit: type=1326 audit(2000000815.058:2846): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=257 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1856.959020][T24210] usb 5-1: can't read configurations, error -22 [ 1857.026679][ T30] audit: type=1326 audit(2000000815.058:2847): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1857.154794][T24210] usb 5-1: new high-speed USB device number 72 using dummy_hcd [ 1857.191211][ T30] audit: type=1326 audit(2000000815.058:2848): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1857.302093][ T30] audit: type=1326 audit(2000000815.058:2849): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1857.331512][T24210] usb 5-1: no configurations [ 1857.336913][T24210] usb 5-1: can't read configurations, error -22 [ 1857.380427][T24210] usb usb5-port1: attempt power cycle [ 1857.388730][T26641] ªªªªªª: renamed from vlan0 (while UP) [ 1857.417968][T26647] netlink: 20 bytes leftover after parsing attributes in process `syz.3.5391'. [ 1857.486435][ T30] audit: type=1326 audit(2000000815.058:2850): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1857.532469][ T30] audit: type=1326 audit(2000000815.058:2851): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1857.591877][ T30] audit: type=1326 audit(2000000815.058:2852): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=root:sysadm_r:sysadm_t pid=26615 comm="syz.1.5384" exe="/root/syz-executor" sig=0 arch=c000003e syscall=42 compat=0 ip=0x7f82f3f9c799 code=0x7ffc0000 [ 1857.769852][T24210] usb 5-1: new high-speed USB device number 73 using dummy_hcd [ 1857.850072][T26657] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5396'. [ 1859.410214][T17343] usb 3-1: new high-speed USB device number 101 using dummy_hcd [ 1859.435256][T24210] usb 5-1: device descriptor read/8, error -71 [ 1860.074468][T17343] usb 3-1: Using ep0 maxpacket: 8 [ 1860.114912][T17343] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1860.520348][T17343] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1860.534270][T17343] usb 3-1: Product: syz [ 1860.540713][T17343] usb 3-1: Manufacturer: syz [ 1860.546406][T17343] usb 3-1: SerialNumber: syz [ 1860.576039][T17343] usb 3-1: config 0 descriptor?? [ 1860.816794][T17343] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1861.132307][T26688] netlink: 28 bytes leftover after parsing attributes in process `syz.3.5406'. [ 1861.891619][T26691] netlink: 8 bytes leftover after parsing attributes in process `syz.0.5407'. [ 1862.193597][T26691] 8021q: adding VLAN 0 to HW filter on device bond1 [ 1863.370014][T17343] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1863.384477][T17343] usb 3-1: USB disconnect, device number 101 [ 1863.504689][T26703] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5411'. [ 1866.322575][T26737] misc userio: Invalid payload size [ 1868.574748][T26753] can0: slcan on ttyS3. [ 1868.590755][ T29] usb 1-1: new high-speed USB device number 34 using dummy_hcd [ 1868.997323][T26752] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1869.075944][T26753] can0 (unregistered): slcan off ttyS3. [ 1869.088215][T26754] can0: slcan on ttyS3. [ 1869.224596][ T29] usb 1-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1869.242129][ T29] usb 1-1: config 0 has no interfaces? [ 1869.248223][ T29] usb 1-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1869.267111][T26748] can0 (unregistered): slcan off ttyS3. [ 1869.275148][ T29] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1869.367895][ T29] usb 1-1: config 0 descriptor?? [ 1869.589986][T17343] usb 3-1: new high-speed USB device number 102 using dummy_hcd [ 1870.734358][T17343] usb 3-1: Using ep0 maxpacket: 8 [ 1871.041367][T17343] usb 3-1: New USB device found, idVendor=0ccd, idProduct=00b3, bcdDevice=2d.ea [ 1871.051757][T17343] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1871.061587][T17343] usb 3-1: Product: syz [ 1871.075713][T17343] usb 3-1: Manufacturer: syz [ 1871.099166][T17343] usb 3-1: SerialNumber: syz [ 1871.117097][T17343] usb 3-1: config 0 descriptor?? [ 1871.244310][T26786] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5430'. [ 1871.856783][T26786] 8021q: adding VLAN 0 to HW filter on device bond9 [ 1871.944527][T17343] usb 3-1: dvb_usb_v2: found a 'TerraTec NOXON DAB Stick' in warm state [ 1872.860717][T24210] usb 1-1: USB disconnect, device number 34 [ 1873.339201][T17343] dvb_usb_rtl28xxu 3-1:0.0: probe with driver dvb_usb_rtl28xxu failed with error -71 [ 1873.427497][T17343] usb 3-1: USB disconnect, device number 102 [ 1873.547888][T26823] netlink: 44 bytes leftover after parsing attributes in process `syz.0.5435'. [ 1875.109026][T26838] sch_tbf: burst 19872 is lower than device lo mtu (65550) ! [ 1875.352817][T17343] usb 4-1: new high-speed USB device number 88 using dummy_hcd [ 1875.514326][T17343] usb 4-1: Using ep0 maxpacket: 8 [ 1875.543611][T17343] usb 4-1: config 0 has an invalid interface number: 55 but max is 0 [ 1875.553749][T17343] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1875.701714][T26851] ubi: mtd0 is already attached to ubi31 [ 1876.213501][T17343] usb 4-1: config 0 has no interface number 0 [ 1876.219693][T17343] usb 4-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1876.432152][T17343] usb 4-1: config 0 interface 55 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 1877.607918][T17343] usb 4-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1877.629006][T17343] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1877.672484][T21838] block nbd0: Possible stuck request ffff888027f00000: control (read@0,1024B). Runtime 300 seconds [ 1877.685901][T21838] block nbd0: Possible stuck request ffff888027f00200: control (read@1024,1024B). Runtime 300 seconds [ 1877.701175][T21838] block nbd0: Possible stuck request ffff888027f00400: control (read@2048,1024B). Runtime 300 seconds [ 1877.713927][T21838] block nbd0: Possible stuck request ffff888027f00600: control (read@3072,1024B). Runtime 300 seconds [ 1877.802401][T17343] usb 4-1: config 0 descriptor?? [ 1877.811592][T17343] usb 4-1: can't set config #0, error -71 [ 1877.822912][T17343] usb 4-1: USB disconnect, device number 88 [ 1879.140956][T17343] usb 4-1: new high-speed USB device number 89 using dummy_hcd [ 1879.670765][T17343] usb 4-1: Using ep0 maxpacket: 32 [ 1879.677413][T17343] usb 4-1: config 0 has an invalid interface number: 51 but max is 0 [ 1879.774781][T26882] nfs: Unknown parameter 'losk' [ 1879.791924][T17343] usb 4-1: config 0 has no interface number 0 [ 1879.884348][T17343] usb 4-1: New USB device found, idVendor=061d, idProduct=c150, bcdDevice=ce.6f [ 1880.026630][T17343] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1880.152873][T17343] usb 4-1: Product: syz [ 1880.160396][T17343] usb 4-1: Manufacturer: syz [ 1880.165407][T17343] usb 4-1: SerialNumber: syz [ 1880.461056][T17343] usb 4-1: config 0 descriptor?? [ 1880.502881][T17343] quatech2 4-1:0.51: Quatech 2nd gen USB to Serial Driver converter detected [ 1880.527596][T24210] usb 1-1: new high-speed USB device number 35 using dummy_hcd [ 1880.718625][T24210] usb 1-1: Using ep0 maxpacket: 8 [ 1880.740137][T24210] usb 1-1: config 0 has an invalid interface number: 55 but max is 0 [ 1880.753059][T24210] usb 1-1: config 0 has no interface number 0 [ 1880.761649][T24210] usb 1-1: config 0 interface 55 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1880.774450][T24210] usb 1-1: config 0 interface 55 altsetting 0 has an endpoint descriptor with address 0xAB, changing to 0x8B [ 1880.794100][T24210] usb 1-1: config 0 interface 55 altsetting 0 endpoint 0x8B has an invalid bInterval 0, changing to 7 [ 1880.807279][T24210] usb 1-1: config 0 interface 55 altsetting 0 has 3 endpoint descriptors, different from the interface descriptor's value: 2 [ 1880.822617][T24210] usb 1-1: New USB device found, idVendor=0f11, idProduct=1080, bcdDevice=fc.6a [ 1880.826751][T17343] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB0 [ 1880.838365][T24210] usb 1-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1880.852905][T17343] usb 4-1: Quatech 2nd gen USB to Serial Driver converter now attached to ttyUSB1 [ 1880.858846][T24210] usb 1-1: config 0 descriptor?? [ 1880.924551][T24210] ldusb 1-1:0.55: LD USB Device #0 now attached to major 180 minor 0 [ 1881.199383][T24210] usb 1-1: USB disconnect, device number 35 [ 1881.205366][ C1] ldusb 1-1:0.55: usb_submit_urb failed (-19) [ 1881.243848][T26884] ldusb 1-1:0.55: Couldn't submit interrupt_out_urb -19 [ 1881.279879][T26899] sg_write: data in/out 1952804363/120 bytes for SCSI command 0x0-- guessing data in; [ 1881.279879][T26899] program syz.2.5454 not setting count and/or reply_len properly [ 1881.283436][ T29] usb 4-1: USB disconnect, device number 89 [ 1881.299463][ C0] usb 4-1: qt2_read_bulk_callback - non-zero urb status: -71 [ 1881.333049][T24210] ldusb 1-1:0.55: LD USB Device #0 now disconnected [ 1881.373788][ T29] quatech-serial ttyUSB0: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB0 [ 1881.449540][ T29] quatech-serial ttyUSB1: Quatech 2nd gen USB to Serial Driver converter now disconnected from ttyUSB1 [ 1881.472948][ T29] quatech2 4-1:0.51: device disconnected [ 1882.260001][ T9] usb 1-1: new high-speed USB device number 36 using dummy_hcd [ 1883.010351][T26918] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5460'. [ 1883.038192][T26918] 8021q: adding VLAN 0 to HW filter on device bond10 [ 1883.118831][ T9] usb 1-1: Using ep0 maxpacket: 16 [ 1883.125721][ T9] usb 1-1: config 0 interface 0 altsetting 0 endpoint 0x84 has invalid wMaxPacketSize 0 [ 1883.140318][ T9] usb 1-1: New USB device found, idVendor=2040, idProduct=0264, bcdDevice=4e.d1 [ 1883.273497][ T9] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1883.308260][ T9] usb 1-1: Product: syz [ 1883.326464][ T9] usb 1-1: Manufacturer: syz [ 1883.331085][ T9] usb 1-1: SerialNumber: syz [ 1883.378818][ T9] usb 1-1: config 0 descriptor?? [ 1883.390289][ T9] em28xx 1-1:0.0: New device syz syz @ 480 Mbps (2040:0264, interface 0, class 0) [ 1883.438813][ T9] em28xx 1-1:0.0: DVB interface 0 found: bulk [ 1883.509407][ T29] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 1884.232371][T26929] netlink: 8 bytes leftover after parsing attributes in process `syz.4.5464'. [ 1884.514367][T26929] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 1884.869533][ T29] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1884.906241][ T29] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1884.927417][ T29] usb 4-1: config 0 descriptor?? [ 1884.928180][ T9] em28xx 1-1:0.0: unknown em28xx chip ID (0) [ 1884.934255][ T29] cp210x 4-1:0.0: cp210x converter detected [ 1885.031605][ T9] em28xx 1-1:0.0: reading from i2c device at 0xa0 failed (error=-5) [ 1885.057680][ T9] em28xx 1-1:0.0: board has no eeprom [ 1885.128622][ T9] em28xx 1-1:0.0: Identified as PCTV tripleStick (292e) (card=94) [ 1885.139281][ T9] em28xx 1-1:0.0: dvb set to bulk mode. [ 1885.145152][T17343] em28xx 1-1:0.0: Binding DVB extension [ 1885.214415][ T9] usb 1-1: USB disconnect, device number 36 [ 1885.253298][ T9] em28xx 1-1:0.0: Disconnecting em28xx [ 1885.301151][T17343] em28xx 1-1:0.0: Registering input extension [ 1885.486431][ T29] cp210x 4-1:0.0: failed to get vendor val 0x0010 size 3: -32 [ 1885.646611][ T29] usb 4-1: cp210x converter now attached to ttyUSB0 [ 1885.794520][ T9] em28xx 1-1:0.0: Closing input extension [ 1885.808139][ T29] usb 4-1: USB disconnect, device number 90 [ 1885.854222][ T29] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 1885.877540][ T9] em28xx 1-1:0.0: Freeing device [ 1885.901751][ T29] cp210x 4-1:0.0: device disconnected [ 1886.651434][T26955] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5471'. [ 1886.907286][T26955] 8021q: adding VLAN 0 to HW filter on device bond8 [ 1887.403023][T26966] x_tables: ip6_tables: TPROXY target: used from hooks FORWARD, but only usable from PREROUTING [ 1887.418464][T26966] netlink: 388 bytes leftover after parsing attributes in process `syz.4.5465'. [ 1890.078669][T26970] netlink: 8 bytes leftover after parsing attributes in process `syz.2.5476'. [ 1890.232570][T26970] workqueue: Failed to create a rescuer kthread for wq "bond6": -EINTR [ 1891.014997][T26989] netlink: 20 bytes leftover after parsing attributes in process `syz.1.5478'. [ 1891.210675][ T30] kauditd_printk_skb: 21 callbacks suppressed [ 1891.210693][ T30] audit: type=1400 audit(2000000851.336:2874): avc: denied { write } for pid=26984 comm="syz.0.5480" path="socket:[112620]" dev="sockfs" ino=112620 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 1891.241364][ T29] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 1891.465427][ T29] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 1891.478706][ T29] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 1891.540707][ T29] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 1891.579096][ T29] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1891.625507][ T29] usb 4-1: config 0 descriptor?? [ 1893.998072][ T9] usb 4-1: USB disconnect, device number 91 [ 1894.209905][T27013] misc userio: Invalid payload size [ 1894.491474][ T30] audit: type=1400 audit(2000000854.637:2875): avc: denied { ioctl } for pid=27007 comm="syz.2.5486" path="socket:[113704]" dev="sockfs" ino=113704 ioctlcmd=0x8914 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=qipcrtr_socket permissive=1 [ 1894.799968][T27021] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5487'. [ 1895.095151][T27021] workqueue: Failed to create a rescuer kthread for wq "bond9": -EINTR [ 1896.027797][T27029] netlink: 24 bytes leftover after parsing attributes in process `syz.0.5491'. [ 1896.445059][T27037] openvswitch: netlink: IP tunnel dst address not specified [ 1897.760028][T27050] netlink: 'syz.0.5498': attribute type 10 has an invalid length. [ 1899.344414][T27055] openvswitch: netlink: IP tunnel dst address not specified [ 1899.644320][T27050] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1899.652486][T27050] bond0: (slave batadv0): Enslaving as an active interface with an up link [ 1900.245285][T27072] netlink: 20 bytes leftover after parsing attributes in process `syz.0.5501'. [ 1903.225010][T27963] misc userio: Invalid payload size [ 1904.074413][T27975] ubi: mtd0 is already attached to ubi31 [ 1904.844483][T27980] tmpfs: Bad value for 'nr_blocks' [ 1905.267346][T27987] openvswitch: netlink: IP tunnel dst address not specified [ 1905.751095][T27991] misc userio: Invalid payload size [ 1907.704244][ T29] usb 4-1: new high-speed USB device number 92 using dummy_hcd [ 1907.736612][T21838] block nbd0: Possible stuck request ffff888027f00000: control (read@0,1024B). Runtime 330 seconds [ 1907.751846][T21838] block nbd0: Possible stuck request ffff888027f00200: control (read@1024,1024B). Runtime 330 seconds [ 1907.765920][T21838] block nbd0: Possible stuck request ffff888027f00400: control (read@2048,1024B). Runtime 330 seconds [ 1907.778872][T21838] block nbd0: Possible stuck request ffff888027f00600: control (read@3072,1024B). Runtime 330 seconds [ 1907.924668][ T29] usb 4-1: Using ep0 maxpacket: 16 [ 1907.957258][ T29] usb 4-1: config 1 has 2 interfaces, different from the descriptor's value: 3 [ 1907.976770][ T29] usb 4-1: config 1 has no interface number 1 [ 1907.982897][ T29] usb 4-1: config 1 interface 0 altsetting 0 has an invalid descriptor for endpoint zero, skipping [ 1908.073149][ T29] usb 4-1: config 1 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 0 [ 1908.222959][ T29] usb 4-1: config 1 interface 2 altsetting 1 endpoint 0x82 has an invalid bInterval 0, changing to 7 [ 1908.330615][T28015] can0: slcan on ttyS3. [ 1908.786560][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1908.792976][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1908.799559][T20158] wlan0: Trigger new scan to find an IBSS to join [ 1908.856724][T28015] can0 (unregistered): slcan off ttyS3. [ 1908.867723][T28016] can0: slcan on ttyS3. [ 1908.881876][ T29] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 1908.898816][ T29] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 1908.949921][ T29] usb 4-1: Product: syz [ 1908.954892][ T29] usb 4-1: Manufacturer: syz [ 1908.959601][ T29] usb 4-1: SerialNumber: syz [ 1908.985708][T28011] can0 (unregistered): slcan off ttyS3. [ 1909.284267][ T30] audit: type=1400 audit(2000000869.475:2876): avc: denied { connect } for pid=28005 comm="syz.3.5521" scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=tipc_socket permissive=1 [ 1909.330401][ T29] usb 4-1: failed to enable PITCH for EP 0x82 [ 1909.342915][ T29] usb 4-1: 2:1: cannot set freq 11994917 to ep 0x82 [ 1909.505594][T28027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5527'. [ 1909.515384][T28027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5527'. [ 1909.524889][T28027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5527'. [ 1909.534384][T28027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5527'. [ 1909.543238][T28027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5527'. [ 1909.552136][T28027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5527'. [ 1909.561394][T28027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5527'. [ 1909.570660][T28027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5527'. [ 1909.580007][T28027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5527'. [ 1909.589264][T28027] netlink: 8 bytes leftover after parsing attributes in process `syz.1.5527'. [ 1909.656119][ T29] usb 4-1: USB disconnect, device number 92 [ 1909.978675][T28037] misc userio: Invalid payload size [ 1910.083714][ T24] usb 3-1: new high-speed USB device number 103 using dummy_hcd [ 1910.284660][ T24] usb 3-1: Using ep0 maxpacket: 32 [ 1910.291260][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 1910.303679][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 1910.315013][ T24] usb 3-1: New USB device found, idVendor=046d, idProduct=c31c, bcdDevice= 0.40 [ 1910.325121][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1910.356067][ T24] usb 3-1: config 0 descriptor?? [ 1910.364257][ T24] hub 3-1:0.0: USB hub found [ 1910.602610][ T24] hub 3-1:0.0: 1 port detected [ 1911.961306][ T24] hub 3-1:0.0: activate --> -90 [ 1913.281860][T28070] ubi: mtd0 is already attached to ubi31 [ 1913.712331][ T24] hub 3-1:0.0: hub_ext_port_status failed (err = -71) [ 1913.757067][ T24] usb 3-1: USB disconnect, device number 103 [ 1913.760027][T18573] usb 3-1: Failed to suspend device, error -71 [ 1913.814007][T20159] wlan0: Trigger new scan to find an IBSS to join [ 1914.447871][T28080] Freezing with imperfect legacy cgroup freezer. See cgroup.freeze of cgroup v2 [ 1915.322691][ T30] audit: type=1400 audit(2000000875.108:2877): avc: denied { read } for pid=28084 comm="syz.4.5543" path="socket:[114250]" dev="sockfs" ino=114250 scontext=root:sysadm_r:sysadm_t tcontext=root:sysadm_r:sysadm_t tclass=caif_socket permissive=1 [ 1915.468362][T25534] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1916.153470][T28102] misc userio: Invalid payload size [ 1916.581256][T28107] netlink: 'syz.1.5548': attribute type 33 has an invalid length. [ 1916.603365][T28107] __nla_validate_parse: 94 callbacks suppressed [ 1916.603385][T28107] netlink: 164 bytes leftover after parsing attributes in process `syz.1.5548'. [ 1917.064188][T28112] tipc: Cannot configure node identity twice [ 1917.780743][T28109] netlink: 8 bytes leftover after parsing attributes in process `syz.3.5549'. [ 1917.934287][T28109] workqueue: Failed to create a rescuer kthread for wq "bond9": -EINTR [ 1918.489476][ T24] usb 3-1: new high-speed USB device number 104 using dummy_hcd [ 1919.317842][ T24] usb 3-1: Using ep0 maxpacket: 8 [ 1919.347335][ T24] usb 3-1: config 0 has an invalid descriptor of length 55, skipping remainder of the config [ 1919.364395][T28124] ªªªªªª: renamed from vlan0 (while UP) [ 1919.369240][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x8D has an invalid bInterval 42, changing to 9 [ 1919.398978][ T24] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x5 has invalid wMaxPacketSize 0 [ 1919.431822][ T24] usb 3-1: config 0 interface 0 altsetting 0 bulk endpoint 0x5 has invalid maxpacket 0 [ 1919.459827][ T24] usb 3-1: config 0 interface 0 altsetting 0 has 2 endpoint descriptors, different from the interface descriptor's value: 3 [ 1919.493219][ T24] usb 3-1: New USB device found, idVendor=05ac, idProduct=8215, bcdDevice=8f.58 [ 1919.534345][T16197] Bluetooth: hci3: unexpected cc 0x0c03 length: 249 > 1 [ 1919.636905][T16197] Bluetooth: hci3: unexpected cc 0x1003 length: 249 > 9 [ 1919.766522][ T24] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 1919.766616][T16197] Bluetooth: hci3: unexpected cc 0x1001 length: 249 > 9 [ 1919.804710][T16197] Bluetooth: hci3: unexpected cc 0x0c23 length: 249 > 4 [ 1919.854343][T16197] Bluetooth: hci3: unexpected cc 0x0c38 length: 249 > 2 [ 1919.869899][ T24] usb 3-1: config 0 descriptor?? [ 1919.948864][ T24] usb 3-1: can't set config #0, error -71 [ 1919.980901][ T24] usb 3-1: USB disconnect, device number 104 [ 1921.972185][T24133] Bluetooth: hci3: command tx timeout [ 1922.229360][T28148] nfs: Unknown parameter 'losk' [ 1922.411886][T28127] chnl_net:caif_netlink_parms(): no params data found [ 1923.543270][T28163] misc userio: Invalid payload size [ 1923.922438][T28127] bridge0: port 1(bridge_slave_0) entered blocking state [ 1923.940452][T28127] bridge0: port 1(bridge_slave_0) entered disabled state [ 1923.957044][T28127] bridge_slave_0: entered allmulticast mode [ 1923.968341][T28127] bridge_slave_0: entered promiscuous mode [ 1923.987153][T28127] bridge0: port 2(bridge_slave_1) entered blocking state [ 1923.994293][T28127] bridge0: port 2(bridge_slave_1) entered disabled state [ 1924.019230][T28127] bridge_slave_1: entered allmulticast mode [ 1924.028200][T28127] bridge_slave_1: entered promiscuous mode [ 1924.048291][T24133] Bluetooth: hci3: command tx timeout [ 1924.071988][T28127] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 1924.543298][T28127] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 1924.595361][T28127] team0: Port device team_slave_0 added [ 1924.610276][T28127] team0: Port device team_slave_1 added [ 1924.630783][T28127] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 1924.638093][T28127] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1924.665313][T28127] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 1924.678433][T28127] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 1924.685388][T28127] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 1924.712041][T28127] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 1924.789977][T28127] hsr_slave_0: entered promiscuous mode [ 1924.807557][T28127] hsr_slave_1: entered promiscuous mode [ 1924.814642][T28127] debugfs: 'hsr0' already exists in 'hsr' [ 1924.820947][T28127] Cannot create hsr debugfs directory [ 1924.983197][T28127] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 1924.993446][T28127] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 1925.004189][T28127] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 1925.014613][T28127] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 1925.069887][T28127] 8021q: adding VLAN 0 to HW filter on device bond0 [ 1925.088965][T28127] 8021q: adding VLAN 0 to HW filter on device team0 [ 1925.101657][T18573] bridge0: port 1(bridge_slave_0) entered blocking state [ 1925.108822][T18573] bridge0: port 1(bridge_slave_0) entered forwarding state [ 1925.121061][T20158] bridge0: port 2(bridge_slave_1) entered blocking state [ 1925.128150][T20158] bridge0: port 2(bridge_slave_1) entered forwarding state [ 1925.265017][T28127] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 1925.422912][T28127] veth0_vlan: entered promiscuous mode [ 1925.432479][T28127] veth1_vlan: entered promiscuous mode [ 1925.453484][T28127] veth0_macvtap: entered promiscuous mode [ 1925.461913][T28127] veth1_macvtap: entered promiscuous mode [ 1925.476891][T28127] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 1925.491272][T28127] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 1925.503306][ T69] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 1925.514199][ T69] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 1925.529508][ T69] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 1925.540061][ T69] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 1925.603265][T18573] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1925.619492][T18573] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1925.644362][T10832] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 1925.654470][T10832] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 1925.674752][ T30] audit: type=1400 audit(2000000885.863:2878): avc: denied { mounton } for pid=28127 comm="syz-executor" path="/sys/fs/fuse/connections" dev="fusectl" ino=1 scontext=root:sysadm_r:sysadm_t tcontext=system_u:object_r:fusefs_t tclass=dir permissive=1 [ 1926.191167][T28194] netlink: 8 bytes leftover after parsing attributes in process `syz.5.5553'. [ 1926.569104][T28194] workqueue: Failed to create a rescuer kthread for wq "bond1": -EINTR [ 1926.838691][T24133] Bluetooth: hci3: command tx timeout [ 1928.926462][T24133] Bluetooth: hci3: command tx timeout [ 1930.144922][ T5179] udevd[5179]: worker [18195] /devices/virtual/block/nbd0 timeout; kill it [ 1930.156296][ T5179] udevd[5179]: seq 25613 '/devices/virtual/block/nbd0' killed [ 1937.801720][T25024] block nbd0: Possible stuck request ffff888027f00000: control (read@0,1024B). Runtime 360 seconds [ 1937.813657][T25024] block nbd0: Possible stuck request ffff888027f00200: control (read@1024,1024B). Runtime 360 seconds [ 1937.826162][T25024] block nbd0: Possible stuck request ffff888027f00400: control (read@2048,1024B). Runtime 360 seconds [ 1937.841886][T25024] block nbd0: Possible stuck request ffff888027f00600: control (read@3072,1024B). Runtime 360 seconds [ 1949.315609][T10832] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1967.866478][T25024] block nbd0: Possible stuck request ffff888027f00000: control (read@0,1024B). Runtime 390 seconds [ 1967.878470][T25024] block nbd0: Possible stuck request ffff888027f00200: control (read@1024,1024B). Runtime 390 seconds [ 1967.891280][T25024] block nbd0: Possible stuck request ffff888027f00400: control (read@2048,1024B). Runtime 390 seconds [ 1967.905735][T25024] block nbd0: Possible stuck request ffff888027f00600: control (read@3072,1024B). Runtime 390 seconds [ 1969.786065][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 1969.792385][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 1981.299851][T18579] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 1997.950979][T25024] block nbd0: Possible stuck request ffff888027f00000: control (read@0,1024B). Runtime 420 seconds [ 1997.963347][T25024] block nbd0: Possible stuck request ffff888027f00200: control (read@1024,1024B). Runtime 420 seconds [ 1997.976148][T25024] block nbd0: Possible stuck request ffff888027f00400: control (read@2048,1024B). Runtime 420 seconds [ 1997.988721][T25024] block nbd0: Possible stuck request ffff888027f00600: control (read@3072,1024B). Runtime 420 seconds [ 2013.283450][T23752] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2027.996197][T25024] block nbd0: Possible stuck request ffff888027f00000: control (read@0,1024B). Runtime 450 seconds [ 2028.008674][T25024] block nbd0: Possible stuck request ffff888027f00200: control (read@1024,1024B). Runtime 450 seconds [ 2028.021648][T25024] block nbd0: Possible stuck request ffff888027f00400: control (read@2048,1024B). Runtime 450 seconds [ 2028.036381][T25024] block nbd0: Possible stuck request ffff888027f00600: control (read@3072,1024B). Runtime 450 seconds [ 2031.196301][ T1298] ieee802154 phy0 wpan0: encryption failed: -22 [ 2031.203361][ T1298] ieee802154 phy1 wpan1: encryption failed: -22 [ 2043.507327][T16197] Bluetooth: hci3: command 0x0406 tx timeout [ 2045.267513][T20158] wlan0: No active IBSS STAs - trying to scan for other IBSS networks with same SSID (merge) [ 2058.072164][T25024] block nbd0: Possible stuck request ffff888027f00000: control (read@0,1024B). Runtime 480 seconds [ 2058.084500][T25024] block nbd0: Possible stuck request ffff888027f00200: control (read@1024,1024B). Runtime 480 seconds [ 2058.097321][T25024] block nbd0: Possible stuck request ffff888027f00400: control (read@2048,1024B). Runtime 480 seconds [ 2058.111214][T25024] block nbd0: Possible stuck request ffff888027f00600: control (read@3072,1024B). Runtime 480 seconds [ 2067.019217][ T31] INFO: task syz.0.5510:27968 blocked for more than 143 seconds. [ 2067.028913][ T31] Tainted: G L syzkaller #0 [ 2067.037052][ T31] "echo 0 > /proc/sys/kernel/hung_task_timeout_secs" disables this message. [ 2067.047082][ T31] task:syz.0.5510 state:D stack:24712 pid:27968 tgid:27967 ppid:25886 task_flags:0x400140 flags:0x00080002 [ 2067.061051][ T31] Call Trace: [ 2067.064347][ T31] [ 2067.068748][ T31] __schedule+0xfee/0x6120 [ 2067.073176][ T31] ? __lock_acquire+0x4a5/0x2630 [ 2067.078644][ T31] ? __pfx___schedule+0x10/0x10 [ 2067.083481][ T31] ? find_held_lock+0x2b/0x80 [ 2067.088706][ T31] ? schedule+0x2bf/0x390 [ 2067.093037][ T31] schedule+0xdd/0x390 [ 2067.097692][ T31] schedule_preempt_disabled+0x13/0x30 [ 2067.103426][ T31] __mutex_lock+0xc9a/0x1b90 [ 2067.108454][ T31] ? bdev_open+0x41a/0xe40 [ 2067.112876][ T31] ? find_held_lock+0x2b/0x80 [ 2067.117644][ T31] ? find_inode_fast+0x5e3/0x910 [ 2067.122584][ T31] ? __pfx___mutex_lock+0x10/0x10 [ 2067.127701][ T31] ? find_inode_fast+0x1fa/0x910 [ 2067.132795][ T31] ? bdev_open+0x41a/0xe40 [ 2067.138065][ T31] bdev_open+0x41a/0xe40 [ 2067.142322][ T31] ? iput+0x3a/0x40 [ 2067.146942][ T31] blkdev_open+0x34e/0x4f0 [ 2067.151379][ T31] do_dentry_open+0x6d8/0x1660 [ 2067.156698][ T31] ? __pfx_blkdev_open+0x10/0x10 [ 2067.161635][ T31] vfs_open+0x82/0x3f0 [ 2067.166583][ T31] path_openat+0x208c/0x31a0 [ 2067.171180][ T31] ? __pfx_path_openat+0x10/0x10 [ 2067.177495][ T31] do_file_open+0x20e/0x430 [ 2067.182013][ T31] ? __pfx_do_file_open+0x10/0x10 [ 2067.187650][ T31] ? alloc_fd+0x476/0x790 [ 2067.191986][ T31] ? do_getname+0x191/0x390 [ 2067.197114][ T31] do_sys_openat2+0x10d/0x1e0 [ 2067.201847][ T31] ? __pfx_do_sys_openat2+0x10/0x10 [ 2067.207895][ T31] ? __sys_sendmsg+0x18f/0x220 [ 2067.212668][ T31] __x64_sys_openat+0x12d/0x210 [ 2067.217985][ T31] ? __pfx___x64_sys_openat+0x10/0x10 [ 2067.223345][ T31] do_syscall_64+0x106/0xf80 [ 2067.228428][ T31] ? clear_bhb_loop+0x40/0x90 [ 2067.233215][ T31] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 2067.239613][ T31] RIP: 0033:0x7fbd8775cfce [ 2067.244005][ T31] RSP: 002b:00007fbd886e5b28 EFLAGS: 00000246 ORIG_RAX: 0000000000000101 [ 2067.252914][ T31] RAX: ffffffffffffffda RBX: 00007fbd886e66c0 RCX: 00007fbd8775cfce [ 2067.261749][ T31] RDX: 0000000000002000 RSI: 00007fbd886e5c00 RDI: ffffffffffffff9c [ 2067.270143][ T31] RBP: 00007fbd886e5c00 R08: 0000000000000000 R09: 0000000000000000 [ 2067.278575][ T31] R10: 0000000000000000 R11: 0000000000000246 R12: cccccccccccccccd [ 2067.287169][ T31] R13: 00007fbd87a16038 R14: 00007fbd87a15fa0 R15: 00007ffecd3639b8 [ 2067.295811][ T31] [ 2067.298875][ T31] [ 2067.298875][ T31] Showing all locks held in the system: [ 2067.307710][ T31] 1 lock held by khungtaskd/31: [ 2067.312560][ T31] #0: ffffffff8e7e76a0 (rcu_read_lock){....}-{1:3}, at: debug_show_all_locks+0x3d/0x184 [ 2067.322953][ T31] 2 locks held by getty/5562: [ 2067.328090][ T31] #0: ffff8880340580a0 (&tty->ldisc_sem){++++}-{0:0}, at: tty_ldisc_ref_wait+0x24/0x80 [ 2067.338478][ T31] #1: ffffc9000332b2f0 (&ldata->atomic_read_lock){+.+.}-{4:4}, at: n_tty_read+0x419/0x1500 [ 2067.349102][ T31] 1 lock held by udevd/18195: [ 2067.354991][ T31] #0: ffff888027ed3358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40 [ 2067.365298][ T31] 1 lock held by syz.0.5510/27968: [ 2067.370498][ T31] #0: ffff888027ed3358 (&disk->open_mutex){+.+.}-{4:4}, at: bdev_open+0x41a/0xe40 [ 2067.380313][ T31] [ 2067.382629][ T31] ============================================= [ 2067.382629][ T31] [ 2067.391553][ T31] NMI backtrace for cpu 1 [ 2067.391565][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 2067.391580][ T31] Tainted: [L]=SOFTLOCKUP [ 2067.391584][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2067.391591][ T31] Call Trace: [ 2067.391595][ T31] [ 2067.391599][ T31] dump_stack_lvl+0x100/0x190 [ 2067.391622][ T31] nmi_cpu_backtrace.cold+0x12d/0x151 [ 2067.391635][ T31] ? __pfx_nmi_raise_cpu_backtrace+0x10/0x10 [ 2067.391654][ T31] nmi_trigger_cpumask_backtrace+0x1d7/0x230 [ 2067.391681][ T31] sys_info+0x141/0x190 [ 2067.391697][ T31] watchdog+0xd25/0x1050 [ 2067.391717][ T31] ? __pfx_watchdog+0x10/0x10 [ 2067.391732][ T31] ? __kthread_parkme+0x18c/0x230 [ 2067.391750][ T31] ? kthread+0x13a/0x450 [ 2067.391760][ T31] ? __pfx_watchdog+0x10/0x10 [ 2067.391773][ T31] kthread+0x370/0x450 [ 2067.391783][ T31] ? __pfx_kthread+0x10/0x10 [ 2067.391795][ T31] ret_from_fork+0x754/0xd80 [ 2067.391807][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 2067.391819][ T31] ? __switch_to+0x7b4/0x1120 [ 2067.391833][ T31] ? __pfx_kthread+0x10/0x10 [ 2067.391844][ T31] ret_from_fork_asm+0x1a/0x30 [ 2067.391864][ T31] [ 2067.391868][ T31] Sending NMI from CPU 1 to CPUs 0: [ 2067.523632][ C0] NMI backtrace for cpu 0 [ 2067.523649][ C0] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G L syzkaller #0 PREEMPT(full) [ 2067.523668][ C0] Tainted: [L]=SOFTLOCKUP [ 2067.523673][ C0] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2067.523681][ C0] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 2067.523702][ C0] Code: 78 82 02 c3 cc cc cc cc 0f 1f 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa 66 90 0f 00 2d a3 61 1b 00 fb f4 fc 35 03 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 2067.523715][ C0] RSP: 0018:ffffffff8e407e00 EFLAGS: 00000246 [ 2067.523727][ C0] RAX: 0000000005bcebc5 RBX: ffffffff8e4975c0 RCX: ffffffff8b902c75 [ 2067.523736][ C0] RDX: 0000000000000000 RSI: ffffffff8de77143 RDI: ffffffff8c1b0a20 [ 2067.523745][ C0] RBP: 0000000000000000 R08: 0000000000000001 R09: ffffed1017086795 [ 2067.523753][ C0] R10: ffff8880b8433cab R11: 0000000000000000 R12: fffffbfff1c92eb8 [ 2067.523761][ C0] R13: 0000000000000000 R14: ffffffff90d99410 R15: 0000000000000000 [ 2067.523770][ C0] FS: 0000000000000000(0000) GS:ffff888124342000(0000) knlGS:0000000000000000 [ 2067.523784][ C0] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 2067.523793][ C0] CR2: 0000556d59ed0660 CR3: 000000000e598000 CR4: 00000000003526f0 [ 2067.523802][ C0] Call Trace: [ 2067.523807][ C0] [ 2067.523812][ C0] default_idle+0x9/0x10 [ 2067.523829][ C0] default_idle_call+0x6c/0xb0 [ 2067.523847][ C0] do_idle+0x43a/0x550 [ 2067.523865][ C0] ? __pfx_do_idle+0x10/0x10 [ 2067.523883][ C0] cpu_startup_entry+0x4f/0x60 [ 2067.523900][ C0] rest_init+0x251/0x260 [ 2067.523918][ C0] ? __pfx_x86_late_time_init+0x10/0x10 [ 2067.523935][ C0] start_kernel+0x47f/0x480 [ 2067.523948][ C0] x86_64_start_reservations+0x24/0x30 [ 2067.523962][ C0] x86_64_start_kernel+0x12b/0x130 [ 2067.523975][ C0] common_startup_64+0x13e/0x148 [ 2067.523997][ C0] [ 2067.524689][ T31] Kernel panic - not syncing: hung_task: blocked tasks [ 2067.524704][ T31] CPU: 1 UID: 0 PID: 31 Comm: khungtaskd Tainted: G L syzkaller #0 PREEMPT(full) [ 2067.524725][ T31] Tainted: [L]=SOFTLOCKUP [ 2067.524731][ T31] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 02/12/2026 [ 2067.524741][ T31] Call Trace: [ 2067.524747][ T31] [ 2067.524753][ T31] dump_stack_lvl+0x100/0x190 [ 2067.524781][ T31] vpanic+0x552/0x970 [ 2067.524798][ T31] ? __pfx_vpanic+0x10/0x10 [ 2067.524815][ T31] ? rcu_is_watching+0x12/0xc0 [ 2067.524838][ T31] panic+0xd1/0xe0 [ 2067.524852][ T31] ? __pfx_panic+0x10/0x10 [ 2067.524871][ T31] ? nmi_trigger_cpumask_backtrace+0x1b5/0x230 [ 2067.524896][ T31] ? nmi_trigger_cpumask_backtrace+0x1f6/0x230 [ 2067.524921][ T31] ? nmi_trigger_cpumask_backtrace+0x200/0x230 [ 2067.524945][ T31] ? watchdog.cold+0x198/0x1ca [ 2067.524966][ T31] ? watchdog+0xd35/0x1050 [ 2067.524989][ T31] watchdog.cold+0x1a9/0x1ca [ 2067.525013][ T31] ? __pfx_watchdog+0x10/0x10 [ 2067.525035][ T31] ? __kthread_parkme+0x18c/0x230 [ 2067.525060][ T31] ? kthread+0x13a/0x450 [ 2067.525075][ T31] ? __pfx_watchdog+0x10/0x10 [ 2067.525094][ T31] kthread+0x370/0x450 [ 2067.525108][ T31] ? __pfx_kthread+0x10/0x10 [ 2067.525125][ T31] ret_from_fork+0x754/0xd80 [ 2067.525142][ T31] ? __pfx_ret_from_fork+0x10/0x10 [ 2067.525163][ T31] ? __switch_to+0x7b4/0x1120 [ 2067.525183][ T31] ? __pfx_kthread+0x10/0x10 [ 2067.525200][ T31] ret_from_fork_asm+0x1a/0x30 [ 2067.525230][ T31] [ 2067.857829][ T31] Kernel Offset: disabled [ 2067.862128][ T31] Rebooting in 86400 seconds..