last executing test programs: 2m3.334692037s ago: executing program 0 (id=1928): socketpair$unix(0x1, 0x1, 0x0, &(0x7f0000000040)={0xffffffffffffffff, 0xffffffffffffffff}) r1 = memfd_create(&(0x7f0000000300)='+\x8b\x8a\x16\x11O\xdd\xdfk(F\x99\xdf\x92\xd5>oJ\x02u\x9b\xafa\xac\x06\x9c&\xf5\xe3j\xfa\tcqM\xb8R\x86\xd9\xd2.\x9f\x12\xed\x10\f\xbd\x1a|\x8a\xbb\xda\xcfY\x9cgU@\xf2M\xc0\xb5\xdf\x9a\x8d\xdb,n\xae\x0eT\x80\x8c\xfd\xd7\xb0\x94\x82t\x96\rKx\xc5\x9b\x8c\x87\x96\x8bc\xbc\xee\xcc\x9f\xe3F\x99V4\x8e;M\xa9\x823\xe3\xb3mG\x8f\xdb\xed\x1b\x05\xec\xfc\xd1\xb5\xfd\xec@\xdeU\xdd\xa4\xc1\xe4L)\x8e\xe5\x91\x8e\xd4\x89\xef\x95T\x05G\xac\xbd\xc1: )Jh\xc7\xf1?\x95\xd70\xb6\x0e\x7f\x84r\x0e\xbf\xc5\xf6\xd4\xdd\t\x14\x18\xf7\xefi\x93\x03\xd2\xf2\bK\"\xd2\xb5\xaa\xb8\xc8\xe0\xac\x99\xe8su\xcd\xc3\xea$-s\x9d\xc7E\x12\xd7\xdd\x96!\x16Tu\xe3\xf0\x84#R\xd9\xe3~Wj\xb0r\x87\'\xea\a\xcfOeK\x9daW\xf4\x87@\x9c\xf3\xf1K\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x91\xe6\xdb\xc2\xa5h\'\xdfIn\x97\x0263~\xeb\xbe(i\n\xc2k4\x7f\x12\xa9e`SOs\x8c\xb4\xe7FeQ\xc6$\x92j_U\xfa\b\xea\xb0bYkW\xc0\x05\aC{\xcc\x03T\x17\xb2\xfa\x1b\x9fe\xf4\x10\x1a\xad\x92\xce\x88\x1b\xbc\xe14\x19\xaa\xd3\r\xf4\xa2\xc3\x9e=\xa0 \xe6j\xe5\x85\xf8\x97\x03\x15\x920\xdcrI\xfc\x92A\xf3{\x8e\xe24>d\xbb\xa71\xad\x9a\xfb\xe6\x13\x87\x93\\\xe5W-\xfc\xfd\xb8O\xb9j\xb8\xf2\x9d\x00\x00\x00\x00', 0x3) r2 = syz_usb_connect$uac1(0x2, 0x9d, &(0x7f0000000080)={{0x12, 0x1, 0x6cef77e9f707044d, 0x0, 0x0, 0x0, 0x40, 0x1d6b, 0x101, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x8b, 0x3, 0x1, 0x8, 0x0, 0x1, "", {{{0x9, 0x4, 0x0, 0x0, 0x0, 0x1, 0x1, 0x0, 0x0, {{0xa, 0x24, 0x1, 0x8001, 0x1e}, [@processing_unit={0x8, 0x24, 0x7, 0x5, 0x5, 0x2, "b9"}, @input_terminal={0xc, 0x24, 0x2, 0x4, 0x200, 0x6, 0x7, 0x3, 0x5, 0x3}]}}, {}, {0x9, 0x4, 0x1, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_ii_discrete={0xe, 0x24, 0x2, 0x2, 0xf, 0xffc0, 0x2, "ee7a7f3994"}]}, {{0x9, 0x5, 0x1, 0x9, 0x3ff, 0x8, 0x2c, 0x54, {0x7, 0x25, 0x1, 0x8, 0x7, 0x5}}}}, {}, {0x9, 0x4, 0x2, 0x1, 0x1, 0x1, 0x2, 0x0, 0x0, {[@format_type_i_ext={0x9, 0x24, 0x2, 0x1, 0x48, 0x81, 0x3, 0x4, 0xe7}]}, {{0x9, 0x5, 0x82, 0x9, 0x20, 0x3, 0x7, 0x1, {0x7, 0x25, 0x1, 0x4, 0x4, 0xdd1}}}}}}}}]}}, &(0x7f0000000640)={0xa, &(0x7f0000000140)={0xa, 0x6, 0xe60641879b071dcd, 0x80, 0x3, 0x3, 0x40, 0x8}, 0xc, &(0x7f0000000180)={0x5, 0xf, 0xc, 0x1, [@ext_cap={0x7, 0x10, 0x2, 0x0, 0x7, 0x9, 0x6}]}, 0x9, [{0x4, &(0x7f00000001c0)=@lang_id={0x4, 0x3, 0x843}}, {0x4, &(0x7f0000000200)=@lang_id={0x4, 0x3, 0x100c}}, {0x4, &(0x7f0000000240)=@lang_id={0x4, 0x3, 0x410}}, {0x4, &(0x7f0000000280)=@lang_id={0x4, 0x3, 0x140d}}, {0x4, &(0x7f00000002c0)=@lang_id={0x4, 0x3, 0x409}}, {0x4, &(0x7f0000000480)=@lang_id={0x4, 0x3, 0x401}}, {0x4, &(0x7f00000004c0)=@lang_id={0x4, 0x3, 0x44b}}, {0x68, &(0x7f0000000500)=@string={0x68, 0x3, "417a7b604a8273cedc9c69b287bb507b5d46a86d5955c9dac406d89416b314a73329dbd44d7e473ba6a3bd6c3b97517a21639962db8bb6bfd4fa6b994d98d19d33392a435db34e9fadf622cbade7a30e34df985ea3c1262e76ee84b0a45b0ec2bc52b8c57351"}}, {0x4, &(0x7f0000000580)=@lang_id={0x4, 0x3, 0x100c}}]}) syz_usb_disconnect(r2) bpf$MAP_CREATE(0x0, &(0x7f0000000700)=ANY=[@ANYBLOB="0f000000040000000400"], 0x50) r3 = syz_open_dev$dri(&(0x7f00000000c0), 0x1ff, 0x0) ioctl$DRM_IOCTL_MODE_REVOKE_LEASE(r3, 0xc00464c9, &(0x7f0000000000)) mq_open(&(0x7f00005a1ffb)='eth0\x00', 0x42, 0x0, 0x0) write$binfmt_elf64(r1, &(0x7f0000000140)=ANY=[], 0x78) sendfile(r0, r1, &(0x7f0000000880), 0x4) fcntl$addseals(r1, 0x409, 0x8) 1m59.608910349s ago: executing program 0 (id=1936): r0 = openat$uhid(0xffffffffffffff9c, &(0x7f0000000400), 0x2, 0x0) write$UHID_CREATE2(r0, &(0x7f00000007c0)=ANY=[@ANYBLOB="0b00000073797a31000000dfff000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000400000000000000000000000000000073797a30000037b35f0a000089b4c45a10000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000073797a3100000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001"], 0x119) ioctl$KVM_CREATE_VM(0xffffffffffffffff, 0xae01, 0x0) timer_create(0x0, &(0x7f00000000c0)={0x0, 0x21, 0x2}, &(0x7f0000000300)=0x0) fcntl$lock(0xffffffffffffffff, 0x6, &(0x7f0000000040)={0x0, 0x0, 0x47f2, 0x1}) mprotect(&(0x7f0000000000/0xf000)=nil, 0xf000, 0x1) timer_settime(r1, 0x1, &(0x7f0000000040)={{}, {0x0, 0x989680}}, 0x0) mmap(&(0x7f0000000000/0x200000)=nil, 0x200000, 0x300000b, 0x204031, 0xffffffffffffffff, 0xec776000) r2 = syz_open_dev$hidraw(&(0x7f00000004c0), 0x0, 0x14a042) read$hidraw(r2, 0x0, 0x0) r3 = openat$6lowpan_control(0xffffffffffffff9c, &(0x7f0000000000), 0x2, 0x0) write$6lowpan_control(r3, &(0x7f0000000040)='disconnect aa:aa:aa:aa:aa:10 2', 0x1e) mkdirat(0xffffffffffffff9c, &(0x7f0000000000)='./file0\x00', 0x140) pipe2$9p(&(0x7f00000001c0)={0xffffffffffffffff, 0xffffffffffffffff}, 0x0) mount$9p_fd(0x0, &(0x7f00000000c0)='./file0\x00', &(0x7f0000004500), 0x0, &(0x7f00000002c0)={'trans=fd,', {'rfdno', 0x3d, r4}, 0x2c, {'wfdno', 0x3d, r5}, 0x2c, {[{@dfltuid}]}}) bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f0000000340)=ANY=[@ANYBLOB="0200000004000000080000000100000080"], 0x50) bpf$BPF_MAP_CONST_STR_FREEZE(0x16, &(0x7f0000000800)={0xffffffffffffffff, 0xffffffffffffffff}, 0x4) r7 = bpf$PROG_LOAD(0x5, &(0x7f00000004c0)={0x16, 0x10, &(0x7f0000000100)=ANY=[@ANYBLOB="18000000000000000000000000000000b7080000000000007b8af8ff00000000b7080000ffff0b867b8af0ff00000000bfa100000000000007010000f8ffffffbfa400000000000007040000f0ffffffb70200000000000018230000", @ANYRES32=r6, @ANYBLOB="0000000000000000b70500000800000085000000a500000095"], &(0x7f00000006c0)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @flow_dissector, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x6}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000640)={r7, 0x0, 0xe, 0x0, &(0x7f0000000740)="40f0538ef047b21fb60068305500", 0x0, 0xf00, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) 1m56.496522109s ago: executing program 0 (id=1942): socket$netlink(0x10, 0x3, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) r2 = openat$ttyS3(0xffffffffffffff9c, 0x0, 0x402, 0x0) ioctl$KDSKBMETA(r2, 0x4b63, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0xfffffe0000000001, 0xfa11, 0xffffffff}, 0x0) unshare(0x8000000) r3 = syz_io_uring_setup(0xf00, &(0x7f0000000080)={0x0, 0x0, 0xc00, 0x0, 0x0, 0x0, 0x0}, &(0x7f0000000100)=0x0, &(0x7f0000000140)=0x0, &(0x7f0000000180)=0x0) unshare(0x20000000) syz_io_uring_submit(r4, r5, r6, &(0x7f0000000200)=@IORING_OP_REMOVE_BUFFERS={0x1f, 0x2, 0x0, 0x81, 0x0, 0x0, 0x0, 0x0, 0x0, {0x2}}) io_uring_enter(r3, 0x2000, 0xeed, 0x1, 0x0, 0x0) semget$private(0x0, 0x4000, 0x0) setsockopt$inet6_MCAST_LEAVE_GROUP(0xffffffffffffffff, 0x29, 0x2d, &(0x7f00000001c0)={0x4, {{0xa, 0x4e20, 0x6, @loopback}}}, 0x88) socket$nl_generic(0x10, 0x3, 0x10) r7 = socket$netlink(0x10, 0x3, 0x15) writev(r7, 0x0, 0x0) open$dir(0x0, 0x1, 0x19d) r8 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r8, 0x4020565a, &(0x7f0000000100)={0x3, 0x980900}) r9 = syz_open_dev$video4linux(&(0x7f0000000080), 0x0, 0x0) r10 = socket$netlink(0x10, 0x3, 0x0) sendmsg$nl_generic(r10, 0x0, 0x0) ioctl$VIDIOC_SUBSCRIBE_EVENT(r9, 0x4020565a, &(0x7f0000000280)={0x3, 0x980900, 0x2eae0342ca72d7e8}) socket$nl_generic(0x10, 0x3, 0x10) syz_genetlink_get_family_id$tipc2(&(0x7f0000000140), r7) ioctl$VIDIOC_QUERYMENU(r9, 0xc008561c, &(0x7f00000001c0)={0x980900, 0xfffffff2, @value=0x9}) 1m51.500399161s ago: executing program 0 (id=1950): write$RDMA_USER_CM_CMD_CREATE_ID(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0x18, 0xfa00, {0x0, &(0x7f0000000000)={0xffffffffffffffff}, 0x106, 0xa}}, 0x20) write$RDMA_USER_CM_CMD_RESOLVE_ADDR(0xffffffffffffffff, &(0x7f0000000280)={0x15, 0x110, 0xfa00, {r0, 0x0, 0x0, 0x30, 0x0, @in6={0x1b, 0x0, 0x7, @empty, 0x3aa7}, @ib={0x1b, 0xffff, 0x0, {}, 0x0, 0xfffffffffffffffc, 0x6}}}, 0x118) 1m51.176306181s ago: executing program 0 (id=1953): syz_emit_vhci(0x0, 0x4f) syz_genetlink_get_family_id$ethtool(&(0x7f0000000040), 0xffffffffffffffff) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) mkdirat(0xffffffffffffff9c, &(0x7f0000000180)='./file0\x00', 0x104) bpf$BPF_LINK_CREATE(0x1c, 0x0, 0x0) connect$unix(r0, &(0x7f000057eff8)=@abs, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) sched_setattr(0x0, &(0x7f0000000280)={0x38, 0x5, 0x8, 0x8001, 0x0, 0x9, 0x0, 0x0, 0xfa11, 0x1}, 0x0) socket$inet6_tcp(0xa, 0x1, 0x0) r2 = syz_open_dev$vim2m(&(0x7f0000000040), 0x0, 0x2) ioctl$vim2m_VIDIOC_REQBUFS(r2, 0xc0145608, &(0x7f00000000c0)={0x4, 0x2, 0x1}) ioctl$vim2m_VIDIOC_STREAMOFF(r2, 0x40045612, &(0x7f00000012c0)=0x2) userfaultfd(0x80001) mremap(&(0x7f00007ff000/0x4000)=nil, 0x4000, 0x4000, 0x7, &(0x7f0000580000/0x4000)=nil) 1m44.384573329s ago: executing program 0 (id=1966): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket(0x840000000002, 0x3, 0xfa) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) getsockname$inet(r2, 0x0, &(0x7f0000002280)) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) mkdir(0x0, 0x22) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0), 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRES8=r0], 0x50) unshare(0x62040200) syz_usb_connect(0x0, 0x4a, 0x0, 0x0) 1m29.062684543s ago: executing program 32 (id=1966): prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) socketpair$unix(0x1, 0x3, 0x0, &(0x7f0000000080)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r0, &(0x7f000057eff8)=@file={0x0, './file0\x00'}, 0x6e) sendmmsg$unix(r1, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r0, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r2 = socket(0x840000000002, 0x3, 0xfa) sendmsg$nl_route(0xffffffffffffffff, 0x0, 0x0) getsockname$inet(r2, 0x0, &(0x7f0000002280)) sched_setattr(0x0, &(0x7f0000000040)={0x38, 0x5, 0x9, 0x6, 0x0, 0xb49, 0x9, 0x8, 0x2, 0x3}, 0x0) mkdir(0x0, 0x22) getsockopt$sock_cred(r0, 0x1, 0x11, &(0x7f00000001c0), 0x0) bpf$MAP_CREATE(0x0, &(0x7f0000000400)=ANY=[@ANYRES8=r0], 0x50) unshare(0x62040200) syz_usb_connect(0x0, 0x4a, 0x0, 0x0) 7.966903177s ago: executing program 3 (id=2232): prlimit64(0x0, 0xe, 0x0, 0x0) prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x2, &(0x7f0000000080)=0x8) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) r0 = getpid() r1 = socket$nl_generic(0x10, 0x3, 0x10) getsockopt$SO_TIMESTAMPING(r1, 0x1, 0x4c, 0x0, &(0x7f0000000080)=0x21) io_uring_register$IORING_REGISTER_RESTRICTIONS(0xffffffffffffffff, 0xb, 0x0, 0x0) io_uring_register$IORING_REGISTER_IOWQ_AFF(0xffffffffffffffff, 0x25, &(0x7f0000000080), 0x0) sched_setscheduler(r0, 0x1, &(0x7f0000000100)=0x5) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000001480)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r2, &(0x7f0000000000)=@abs={0x0, 0x0, 0x4e22}, 0x6e) sendmmsg$unix(r3, &(0x7f00000bd000), 0x318, 0x0) recvmmsg(r2, &(0x7f00000000c0), 0x10106, 0x2, 0x0) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = bpf$MAP_CREATE_CONST_STR(0x0, &(0x7f00000003c0)=ANY=[@ANYBLOB="0200000000000000000000000000000000002cdcc26e10190ebde6fb4bd1ec00461a41315cb7e53f406484dde60bdab9b9f4bbf9cc979b20541eb16c03b6772a31b42f7b1d7a1611e9bb5e3a10948613b6ad6d4d9421d92d89c7538c611208c300"/108, @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32=0x0, @ANYBLOB='\x00'/28], 0x48) ioctl$ifreq_SIOCGIFINDEX_wireguard(r1, 0x8933, &(0x7f0000000240)={'wg2\x00', 0x0}) r7 = syz_open_procfs(0x0, &(0x7f00000003c0)='net/mcfilter6\x00') r8 = socket(0x10, 0x3, 0x0) r9 = accept4$unix(r3, &(0x7f0000000480), &(0x7f0000000500)=0x6e, 0x800) ioctl$BTRFS_IOC_SUBVOL_SETFLAGS(r9, 0x4008941a, &(0x7f0000000540)=0x2) setsockopt$netlink_NETLINK_TX_RING(r8, 0x10e, 0xc, &(0x7f0000000440)={0x2, 0xfffffffc, 0x6}, 0x10) sendmsg$nl_generic(r8, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000003a40)=ANY=[@ANYBLOB="641700001200010a000000000000000080"], 0x1764}, 0x1, 0x0, 0x0, 0x10}, 0x0) preadv(r7, &(0x7f00000000c0)=[{&(0x7f0000000600)=""/128, 0x80}], 0x1, 0x113, 0x2) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f0000000300)={0x1b, 0x0, 0x0, 0x2, 0x0, r5, 0xa, '\x00', r6, r7, 0x5, 0x0, 0x3}, 0x50) bpf$MAP_CREATE_RINGBUF(0x0, &(0x7f00000007c0)=ANY=[@ANYBLOB="1b00000000000000000000000000040000000000", @ANYRES32=0x0, @ANYBLOB='\x00'/20, @ANYRES32=0x0, @ANYRES32, @ANYBLOB="00004ad91845982261d700000000000000edffffff00000000e59f6f"], 0x48) syz_genetlink_get_family_id$fou(&(0x7f0000000200), r4) 7.861139682s ago: executing program 5 (id=2233): r0 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_GET_BYINDEX(r0, &(0x7f00000004c0)={0x0, 0x0, &(0x7f0000000480)={&(0x7f0000000280)=ANY=[@ANYBLOB="240000000f060101000000000000000001000000050001000700000006000b"], 0x24}}, 0x8814) sendmsg$nl_generic(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, &(0x7f0000000180)={&(0x7f0000000080)={0x1c, 0x2a, 0x107, 0x2, 0x25dfdbff, {0x3, 0x7c}, [@nested={0x8, 0x1, 0x0, 0x1, [@typed={0x4, 0x10}]}]}, 0x1c}, 0x1, 0x0, 0x0, 0xc044}, 0xc050) 6.597058744s ago: executing program 3 (id=2235): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11000000040000000400000005"], 0x50) r1 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000300)='syzkaller\x00', 0x0, 0x0, 0x0, 0x41000, 0x0, '\x00', 0x0, @fallback=0x32, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r1, 0x5, 0xe, 0x0, &(0x7f0000000040)="34868893ac1aa87b3776ed8b1a00", 0x0, 0x0, 0x2a0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) setsockopt$WPAN_SECURITY(0xffffffffffffffff, 0x0, 0x1, &(0x7f0000000080)=0x1, 0x4) 6.500011135s ago: executing program 5 (id=2237): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) ioctl$FBIOBLANK(r0, 0x4611, 0x7ffffffe) syz_init_net_socket$ax25(0x3, 0x2, 0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1) mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, &(0x7f00000000c0)=0x3a1, 0x4, 0x0) mlock2(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000002580)={'ip_vti0\x00', &(0x7f0000002500)={'syztnl0\x00', 0x0, 0x40, 0x80, 0x8, 0x4, {{0x5, 0x4, 0x1, 0x9, 0x14, 0x68, 0x0, 0x6, 0x29, 0x0, @local, @multicast1}}}}) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000841}, 0x20040040) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f00000004c0)={'ip_vti0\x00', &(0x7f0000000400)={'gretap0\x00', r4, 0x8000, 0x7840, 0x4, 0x9, {{0x20, 0x4, 0x3, 0x2d, 0x80, 0x66, 0x0, 0x0, 0x2f, 0x0, @rand_addr=0x64010100, @private=0xa010102, {[@end, @ssrr={0x89, 0x7, 0xd6, [@loopback]}, @rr={0x7, 0x1b, 0xf2, [@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @remote, @loopback, @broadcast, @rand_addr=0x64010100]}, @noop, @timestamp_addr={0x44, 0x24, 0xc9, 0x1, 0x0, [{@empty, 0x2}, {@broadcast, 0x101}, {@multicast2, 0xb99c}, {@multicast1, 0x1}]}, @generic={0x83, 0xb, "d9b45bfb624bc7e8f5"}, @ra={0x94, 0x4}, @ssrr={0x89, 0x13, 0x5b, [@rand_addr=0x64010102, @remote, @dev={0xac, 0x14, 0x14, 0x2a}, @multicast1]}]}}}}}) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x68, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @private2}]}]}, @IFLA_MASTER={0x8, 0xa, r7}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6}]}}}, @IFLA_PROMISCUITY={0x8, 0x1e, 0x1}]}, 0x68}, 0x1, 0x0, 0x0, 0x840}, 0x0) 6.449301259s ago: executing program 3 (id=2238): r0 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=@base={0x10, 0x4, 0x8, 0x5}, 0x48) bpf$MAP_GET_NEXT_KEY(0x4, &(0x7f0000000400)={r0, &(0x7f0000000300), 0x0}, 0x20) r1 = bpf$PROG_LOAD(0x5, &(0x7f0000000080)={0x3, 0x8, &(0x7f00000026c0)=ANY=[@ANYBLOB="620af8ff0c200021bfa100000000000007010000f8ffffffb702000003000000bd1200000000000085000000d0000000b70000000000000095000000000000003fba6a7d36d9b18ed812a2e2c49e8020a6f4e0e4a9446ca2b5f1cc1a100a9af698393aa0f3881f9c24aa56f15199fad0093c59d66b5ece9f36c70d0f010c5077da80fb982c1e9400c603146cea484a415b76966118b64f751a0f241b072e90080008002d75593a280000c93e64c227c95aa0b784625704f07a72c2918451ebdcf4cef7f9606056fe5c34665c0af9360a1f7a5e6b607130c89f18c0c1089d8b85880000c29c48b45ef4adf634be763288d01aa27ae8b09e13e79ab20b0b8ed8fb7a68af2ad0000000000000006f803c6468082089b302d7bff8f06f7f918d65eae391cb41336023cdcedb5e0125ebbccbddcf10cb2364149215108355ee570f8078be5cab389cd65e7133719acd97cfa107d40224edc5465a932b77e74e712a0d42bc6099ad23000000803a90bce6dc3a13871765df961c2ed3b1006ef6c1ff0900000000000010c63a949e8b7955394ffa82b8e942c89112f40cab87b1586602d985430cea0162ab3fcf4591c926abfb076719237c8d0e60b0eea24492a660583eecdbf5bcd3de3a83209da17a0faf60fd6ad9b97aa5fa68480366c9c6fd6fa5043aa3926b81e3b59c9f081d6a08000000ea2b1a52496dfcaf99431412fd13f4cec49669e443dcb924cfe5f3185418d60532be9c4d2ec7c32f2095e63c8cdc28f74d043ef8dba2f23b01a9ae44cf945b7632f32030916f89c6dad7603f2ba2a790d62d6faec2fed44da4928b30142bdda5e6c5d50b83bae616b5054d1e7c13b1355d6f4a8245eaa4997da9c77af40000000000000005f58351d599e9b61e8caab9c70764b0a8a7583c90b3433b809bdb9fbd48bc873495cbff8a41326eea31ae4e0f75057df3c9d13330ca006bce1a84521f14518c9b476fccbd6c712016219848624b87cec2dbe98223a0eb4fa39f6b5c02e6d6d90756ff57902a8f57010000009700ce0b4b8bc22941330000000000000000000300000000000000000000000010008bc0d955f2a83366b99711e6e8861c46495ba585a4b2d02edc3e28dd279a896249ed85b9806f0b6c4a000000002b43dcacc413b48dafb7a2c8cb482bac0ac502d9ba96ffffff7f00000000df73be83bb7d5ad883ef07000000000000006da21b40216e14ba2d6af8656bfff17addaedab25b30002abbba7fa725f38400be7c1f001b2cd317902f19e385be9e48dccff72943327d830689da6b53ffffffff631c7771429d1200000033ed846197fcff5e1c7c3d1d6e3a52872baef9753fffffffffffffe09fec2271fe010cd7bb2366fde4a59429738fcc917a57f94f6c453cea623cc5ee0c2a5ff870ce5dfd3467decb05cfd9fcd41df54cdbd9d10a64c108285e71b5565b1768ee58969c41595229df17bcad70fb4021428ce978275d5bc8955778567bc79e13b78249788f11f708008b75d4fe32b561d46ea3abe0fa4d30dc94ef241875f3b4b6ab7929a57affe7d7fa29822aea68a660e717a04becff0f719107000000000000002d7e927123d8ecbbc55bf404571be54c72d978cf2804107f0238abccd32368e57040906df0042e19000000000000002c06f815312e086dd022c074eb8a322fb0bf47c0a8d154b405a07feaf3dd95f6ef44cd1fe582786105c7df8be4877084d4173731efe895efc71f665c4d75cf2458e35d2c9062ece84c99e061887a20639b41c8c12ee86c50804042b3eac1f879b136345cf67ca3fb2b5e518a75f9e7d7101d5e186c489b3a06fb99e0aa7f23a054de2f4d92d6bd72ee2c9fdc75aaaf1e3e483b4ad055e4af403269b4a39ce40293947d9a631bcbf3583784acbda216550d7aec6b79e30cbd128f54c2d3335457ac0eaaa99bf0bdc14ae358c3b377327ac9ecc34f24c9ae153ec60ac0694da85bff9f5f4df9b3fdf242b985bf16b99c9cc0ad1857036f1a985f369191ae954febb3df464bfe0f773ee9afe72f32a2befb89d3777399f5874c553a2ebe9061fe86e669642e09c0e5a3bb6d163118e4cbe024fd452277c3887d6116c6cc9d8046c216c1f8a9778cb26e22a2a998de5eaeadea10d3cfb41b92ecbb422a40da8daccf080842a486721737390cbf3a74cb2003efb9a101b51ab63e9600040000b8a8c9ae3d14f93100c2e0893862eef552fcde2981f48c482bde6e4a4304e50c349f4f9ecee27defd83871c5191e10096e7e60fc3541a2c905a1a95e9571bf38aebd15172f94e3245c582909e2a3bce109b6000000000000000000d6d5210d7560eb92d6a97a27602b81f7636df1535bef1497f90100000000000000abf9010000007740890200d627e87306703be8672dc84eeadba6a41891c170d1ab57075228a9f46ed9bd1f08fb8191bbab2dc51de3a61f0868afc4294859323e7a45319f18101288a0268893373750d10a3fc22dd704e4214de5946912d6c98cd1a9fbe1e7ef8c08acaf30235b920500d2eca55f74a23641f61f2d5b308cf0d031b0c7f0ced69b93e9960ff5f74562adae283d9756237badf4e7965bbe2777e808fcba821aa8e8c5c39609ff85000000000000c1fee30a3f7a85d1b29e58c77685efc0ceb1c8e5729c66018d169fc03aa188546b3ad2a182068e1e3a0e2505bc7f41019645466a31c72ad53bc19faa5401120000793ac48c1b539c75ab40743b00020000a1f68df75cf43f8ecc8d3726602111b40e761fd210a1920382f14d12ca3c3431ee97471c781d0d1280fb00818654a53b6df4b2c97cc1c98d85fda8f80fe908b65550b4412331d73062197655b7f0469250a5989cef0e10773920ed3ccee42d2c3eb80159da5c002511e6eb93842054cfce2ac306cb6e472db3fd67a49b6855a694a8d359add43907003223a47a7fae4f3748d5a432825bc40a03aaef1c8488d86dc211dd2a3ba71e0f45492ef1f8b65ccb3dcd251a61b152d02c29ca0a3328fa7753a5cddea1acaae55ae8263fb284b7a6ab2a8826c1b948207c498cf4824ab1ea3225a53072423b907c6682f8999e0311da5b8378bc841e1787e3a8128dda381a26cb2b365702ff8a27831375b2ddaa2f56e21169f7ca4fd9655ccd4a584acd244e965a0afedaff7c415ff682a4044b3381cc2df28278c9a6824c52048a7cfabda294925cc0956bffa8e950ff5e49f41ae600d830207bf728cd9807933c3c16d80bbea611a18becc2dc38ca0a6f5740f340b76edcd100fcffff007231dcef58c7b88b5aeedaf9626cb51ce1737c10ab37d4f98a934b0f900e0eb639878a1200629f5503cf679154d27681d7a3744cbcd42af59407c9c8e39c5271868917954e604352ba26171d004f1cb2976fab3fa19c7d3ef9678bff79f5155524f061378f94fb453786c3a6f78b10d383b49e31d1568bd43ee34ce6e6be235aa6207285665c2fba773671da41959f51610963b48930658e2d6125a26085001345b0473240b7e5e91811312c43663e76f711c6529ecdec75c7ea1cf0f8f8fff40247d59bbde2ebb8659197e0f37a71be1b12a182ed7de3acba28561a04b807f7a4647e2ea6d8fb92541d07c3d5e4ba077d3cad9f8ba1919592014c00c8eccb2ca5d48ba7b1c3fb185a4bb79700cf51f818b0c701c8de47d12281a67bdaf4b0c50bee9e8f5936250df2e15c1172e7ea6619f7db330700d1e9e42a035e6fd532f61fbfed9c4a7124a1e38eee50a6bbcd1d4e3f68c3f27dd9a70f1a7c6046237ddfb0b26e197322226367d998010458cd4df10af249ce717f6f45e5176e0ddae3054d7289d4e13ab0912703ee39ce264572b89194fdf7acecc35cf8309d4b680a08eed367dad855fce210f1a7c7222dd360eafb4bef7d58bf83362930af6e3f3f851abdc0003bdf9401b533019e90feb069189100007a82df8d9b5f44ebf9355e7b1b01c9470608d4f306d21004730396a4d6c6d46e1ffac97aa93c36123532a36186575266be4981c847160079421d0137801e553069f8d025c40f287378810defc7f2ed4e15f6af17b21153394f8bcfa6a23a77c8d61c9bbc127a57b8d631f36558d9093dee08bc53d97a8003363421738650a22c8fd87b13026799caf58e59951b125e7f161ca34e2c0dd65a23d01a3cb191e743de07247c7f993cf01166fa2ac1ba02f60550e63a7f50422e478c6b5d87f9bd0567a279a9d85a380db25c43bd0529ad783b9d64aaac1b793afb44b7126e17d2b7c0d6be650de7eeef3f3605af344015d03c3e7819145cb9fe1978c98bf9cf10773db59505ae33708c728844c872dfd2cb0b29008000000000000005ca18cb72f0944d0e4fea0a0abd0285bdaf1b000000c089d640c2facb0d1e6243873ac4b1e1068c45c715b68effb7d58d1f9e726dbf6bd910ca4ce0e075658ede42192cf393a50dcc197b03402fed75083628e5dd38213d353b9049e71f037064b05e73ec00c710f1ffc5737d397d555d1cf8859cc030ea8dc3c6a5b3b6fa1c81707479db1833d593a271253aa11efd936b74784f2fc286814848e92d8ee541bc179813297a0a4cc3c8f80c28701185bea091f32475e859479b734727afc110e1abcff460172fd1b42e3c0e2a4bf94a060069000010000087c7572a1e7596f89e5c3d5e70640c90815f77b7b13d0000000085a1e1e84900000000000000000000000000b422fc160a458ee5a91a2471e6e56fdabec6c73ce8983fc68f0b7cdcdde632e6f54a07620e8aa116ce9e84fc3cd5e8288a333dcebb233da9186796995ba69487d8f77d2f8800f02d690fc70a08b231cad1bdcf3740a95d4dd1cfe0f417f275493cf33b19ffff93dfdaf7eb00b8ad87cdf7c21bab5af8e2bac54ee5597e6508c1158124a538c36f9bb11fea7d8b8c7e954b1bc7811654a6636b33f271d0923e9ecd1b724b8feffadfc23c07000000f0785fb722f346d6a5dffe1884d4d0cd8f00000092c85ed44db68ab800001f00000000406e6ed9b219ad07125381087298e75965d1cc5932ddf9e66351b9332a34bee3e3d562c914c629933f0b8724cf680889ade72558d191d9890c69a718f9018586c5131c8dc8e0379bafda1a0fd2997ff115215ce23dca8db7236c1554cdaaadcce2f31834c1bd1908d8e1b361034db56be76acb7654a195bc3e98df3a5dffd5b0783883ef7da3433110e37f7c7cb7f3800de7f99abf910d6949e062747a9c87dcfcc716d6a9c0ec53b9cffe3cfd1df69a76f373d7f997edb9b80bdea1a99c2a6fbb25e035deadaadd7917ebfedd6304a19491769476208684e343f86b4d55a7dbbb07283cb1e35a138d24ebc5b4f8e35a82d3a7f84cb1e02a5a92b53567088be0b1ca023ccd518c0e0715b1c8760801a419ebd2e26440ff7493019bdb655cc88d72d6d7b6bca5a2e19b63ec52fce43d8c53a8031e64026e0d36b6401064c49a729f11ab377f7132c5232bb80195dd5d43d29646a9378eea0761b7ed9d2172e33ed87c7413c843b180cc00000000006bedf2ed716ca43a941119b96d82b26d9061de240d85ec2cfa462bd52104489bb7a7548d7cc53627031e909c69cb824233975a1ea645de63522407c3a240a37e946f30ebf075ea97846a0a8d2286f3f446b1b99ab83a12ddf8a1c06294eadc3eb3e339591afd5c00000000000000000000000000000000000000000000000000579dad8347a3d16976bb7483840b32db0158fb6c809349333325a7866ca5d3133e33ef1a183cefdb65a79fa71800988c8445029e024822dbcfcab49c3a0aec9bd43e6e14078b260700d849a2aa14c9b593f6dcb1de334c065ecfd65031606e55949c185bcda9fde4f9b46a76b8a24bbcd31b22373eb0473248150cd179405ee1af1183b0c0ce3483dc1d9bf732b0751b78fb211d6706b55960c6431afbc02b3c7e08086573939290bb9e590a3875f02a828b07f1dc7df9c8e5da22dfb9dacbf5529e4e994128d835f85465173ea7bbcc519a0c9798ce8b1b07567e3e07169c8c3e4da8bf725c050000000000000000000000000000000000000000004775abdf0c62728eb55a9e2849a1ce05bed60dfe4cc9fa43f9684297c02382c0a35829be7a86305792a9d2e80ca9e8fc50f31f6e0fa810303da03d8b74b42c1ebaf16bb343256405a3a07229a54de09a97b269cd29e8b2f0b0d46c51a6a93eec37f4bc6e29a8e19120ae050ab682662e9b2cc3263a4aba62b63ca9123a53c0f4bf3c4463b8144c89bf058a0af0ae9fc2b7cdfc4817703e267cddc193637d7fd97646090da37093657643daae3840c7f5c10f93524f7ae4791ec6e9d9722e5f670ccb358e051a"], &(0x7f0000000100)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @sched_cls, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x5a}, 0x48) bpf$BPF_PROG_DETACH(0x1c, &(0x7f0000000140)=ANY=[@ANYRES32=r1, @ANYRES32=r1, @ANYBLOB='/\x00'/12, @ANYRES32, @ANYBLOB="020000"], 0x20) 6.255081755s ago: executing program 1 (id=2239): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r1) getsockname$packet(r1, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r2, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r0, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c000000130005002cbd70000000000000000000", @ANYRES32=r2, @ANYBLOB="12030000000000000a00010085"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x42) 6.064064453s ago: executing program 3 (id=2240): r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = openat$tun(0xffffffffffffff9c, &(0x7f0000000100), 0xc1842, 0x0) r2 = bpf$MAP_CREATE(0x0, &(0x7f00000002c0)=ANY=[@ANYBLOB="11000000040000000400000005"], 0x50) syz_usb_connect(0x0, 0x36, &(0x7f0000000540)=ANY=[@ANYBLOB="120141014813442024040075ee69010203010902"], 0x0) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r3 = socket$can_bcm(0x1d, 0x2, 0x2) connect$can_bcm(r3, &(0x7f00000000c0), 0x10) sendmsg$can_bcm(r3, &(0x7f0000000480)={0x0, 0x0, &(0x7f0000000400)={&(0x7f0000000380)={0x5, 0x0, 0x8, {}, {}, {0x0, 0x1, 0x1}, 0x1, @can={{0x2, 0x0, 0x1, 0x1}, 0x8, 0x2, 0x0, 0x0, "d501ff9222645f49"}}, 0x48}, 0x1, 0x0, 0x0, 0x24000000}, 0x20000000) sendmsg$NL80211_CMD_FRAME(0xffffffffffffffff, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000140)=ANY=[@ANYRES16=r3], 0x448}}, 0x0) r4 = socket$packet(0x11, 0x2, 0x300) setsockopt$sock_linger(r4, 0x1, 0x3d, &(0x7f00000000c0)={0x0, 0x2}, 0x8) sendmmsg$sock(r4, &(0x7f0000002c00)=[{{&(0x7f0000000500)=@hci={0x1f, 0x300, 0x1}, 0x80, 0x0}}], 0x1, 0x8845) sendmsg$can_bcm(r3, &(0x7f0000000300)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000340)=ANY=[@ANYBLOB="050000000808"], 0x80}}, 0x0) sendmmsg$inet(r3, &(0x7f0000001b00)=[{{0x0, 0x0, &(0x7f00000001c0)=[{&(0x7f0000000080)="050000007402b8f4191db62b", 0xc}, {&(0x7f0000000440)="9f336d70bf41f19e47e98b4015e3b0384d86a1ceb4e530554ebc8154bf392bcf9ce0b09f879bd7aaf9d086e3", 0x2c}], 0x2}}, {{0x0, 0x0, &(0x7f0000000100), 0x2}}], 0x40000000000003a, 0x0) ioctl$TUNSETIFF(r1, 0x400454ca, &(0x7f0000000080)={'syzkaller0\x00', 0xca58c30f81b6079f}) ioctl$TUNSETVNETLE(r1, 0x400454dc, &(0x7f0000000040)) r5 = bpf$BPF_PROG_RAW_TRACEPOINT_LOAD(0x5, &(0x7f00000006c0)={0x3, 0xc, &(0x7f0000000140)=@framed={{0x18, 0x2, 0x0, 0x0, 0x1ff}, [@call={0x85, 0x0, 0x0, 0x7a}, @printk={@u, {}, {}, {}, {}, {0x7, 0x0, 0xb, 0x3, 0x0, 0x0, 0xcd}, {0x85, 0x0, 0x0, 0x7b}}]}, &(0x7f0000000680)='syzkaller\x00', 0x4, 0x0, 0x0, 0x41100, 0x0, '\x00', 0x0, 0x0, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0xfffffff8}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f00000002c0)={r5, 0x0, 0xe, 0x0, &(0x7f0000000500)="0000000000000000000051229dc9", 0x0, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) set_mempolicy(0x4005, &(0x7f0000000080)=0x4, 0x8) r6 = syz_io_uring_setup(0x45, &(0x7f0000000300)={0x0, 0x0, 0x40, 0x2, 0x1b}, &(0x7f0000000100), &(0x7f00000000c0), &(0x7f0000000000)) io_uring_register$IORING_REGISTER_PBUF_RING(r6, 0x22, &(0x7f0000000380)={&(0x7f0000003000)={[{0x0, 0x0, 0x103}]}, 0x1}, 0x1) write$uinput_user_dev(0xffffffffffffffff, &(0x7f0000001b40)={'syz0\x00', {}, 0x0, [0x80000000, 0x3, 0x4000401, 0x8, 0xfffffffd, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0x0, 0x0, 0x2, 0x0, 0x0, 0x3, 0x0, 0xffffffff, 0x4, 0x0, 0x0, 0x0, 0x0, 0xf5b1, 0xffffffff, 0x10000000, 0x99, 0x20000000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0xfffffffe, 0x0, 0x8, 0x800000, 0x0, 0x0, 0x4, 0x0, 0x4, 0x0, 0x0, 0x0, 0x2, 0xffffffff, 0xfffffffe, 0x0, 0x0, 0x1, 0x0, 0x10], [0x3, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0xedc0, 0x0, 0x5ee, 0x9, 0x0, 0xe, 0x0, 0x0, 0x0, 0x0, 0xa0000000, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x9, 0xffff8800, 0x0, 0xfffffff8, 0x2, 0x0, 0x2000079, 0x400, 0x0, 0x0, 0x10000, 0x40000, 0x0, 0xc0800000, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x81, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0xfffffffa, 0xfffff986], [0x0, 0x7f, 0x0, 0x0, 0x3, 0x0, 0x0, 0x0, 0x1, 0x0, 0x0, 0x0, 0x80000001, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x2, 0x0, 0x2, 0xffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4000, 0x6, 0x0, 0x0, 0x0, 0x0, 0x200000, 0x80000000, 0x2, 0x7fff, 0x0, 0x0, 0x0, 0x3, 0x0, 0xf, 0x0, 0x0, 0x0, 0xfffffffd, 0x0, 0x0, 0xfffffffc, 0x4], [0x2, 0x0, 0x6, 0x0, 0xfffffffe, 0x0, 0xfffffffe, 0x4, 0xfffffffc, 0x0, 0x0, 0x3, 0xfffffffc, 0x4, 0x800, 0x0, 0x1, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2, 0x0, 0x0, 0x0, 0x0, 0x0, 0x4, 0x0, 0x0, 0x0, 0xfffffffc, 0x0, 0x0, 0x10, 0x5, 0xfffffffd, 0x0, 0x0, 0x0, 0x8001, 0x80, 0x0, 0x0, 0x0, 0x0, 0x6, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8000000, 0x4, 0x0, 0x0, 0x0, 0xffffe]}, 0x45c) ioctl$UI_SET_EVBIT(0xffffffffffffffff, 0x40045564, 0x5) ioctl$UI_SET_SWBIT(0xffffffffffffffff, 0x4004556d, 0x3) ioctl$UI_DEV_CREATE(0xffffffffffffffff, 0x5501) sendmsg$nl_route(r0, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000940)={&(0x7f0000000780)=ANY=[@ANYBLOB="640000001000030400"/20, @ANYRESDEC, @ANYBLOB="e5fda988000000002800128009000100766c616e00000000184e02800c000200060000001f000000060001000000000008000500", @ANYRES32=r5, @ANYRESDEC, @ANYRES32, @ANYRESDEC=r2], 0x64}, 0x1, 0x0, 0x0, 0x8811}, 0x0) 6.015465s ago: executing program 1 (id=2241): socket$nl_route(0x10, 0x3, 0x0) socket$tipc(0x1e, 0x5, 0x0) socket$kcm(0x29, 0x0, 0x0) openat(0xffffffffffffff9c, &(0x7f0000000380)='./cgroup.cpu/cgroup.procs\x00', 0x0, 0x0) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) prctl$PR_SCHED_CORE(0x3e, 0x1, 0x0, 0x2, 0x0) r0 = syz_init_net_socket$802154_raw(0x24, 0x3, 0x0) connect$unix(r0, &(0x7f00000000c0)=@abs={0x0, 0x0, 0x4e22}, 0x6e) prlimit64(0x0, 0xe, &(0x7f0000000380)={0x8, 0x100008b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000000)=0x7) r1 = syz_open_dev$sndmidi(&(0x7f0000000040), 0x2, 0x4a102) writev(r1, &(0x7f0000000840)=[{&(0x7f00000002c0)="94", 0xf000}, {0x0}], 0x2) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000002c0)={0xffffffffffffffff, 0xffffffffffffffff}) splice(r2, 0x0, 0xffffffffffffffff, 0x0, 0x38f9, 0x0) r3 = socket$inet6_mptcp(0xa, 0x1, 0x106) bind$inet6(r3, &(0x7f0000000040)={0xa, 0x4e22, 0x0, @empty, 0x7}, 0x1c) listen(r3, 0xfffffffc) r4 = socket$nl_generic(0x10, 0x3, 0x10) r5 = syz_genetlink_get_family_id$mptcp(&(0x7f0000000040), r4) sendmsg$MPTCP_PM_CMD_DEL_ADDR(r4, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000100)={&(0x7f0000000240)={0x28, r5, 0x7, 0x60, 0x0, {}, [@MPTCP_PM_ATTR_ADDR={0x14, 0x1, 0x0, 0x1, [@MPTCP_PM_ADDR_ATTR_FAMILY={0x6, 0x1, 0x2}, @MPTCP_PM_ADDR_ATTR_ADDR4={0x8, 0x3, @local}]}]}, 0x28}}, 0x4040) socketpair$unix(0x1, 0x1, 0x0, &(0x7f00000004c0)) r6 = openat$kvm(0xffffffffffffff9c, 0x0, 0x2003, 0x0) ioctl$KVM_CREATE_VM(r6, 0xae01, 0x0) prctl$PR_SET_SYSCALL_USER_DISPATCH_ON(0x3b, 0x1, 0x3, 0x2, &(0x7f0000006680)) r7 = shmget$private(0x0, 0x3000, 0x10, &(0x7f0000ffa000/0x3000)=nil) shmat(r7, &(0x7f0000001000/0x3000)=nil, 0xc000) msync(&(0x7f0000003000/0x3000)=nil, 0x3000, 0x4) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0x2, 0x8031, 0xffffffffffffffff, 0xa6426000) syz_open_procfs(0x0, &(0x7f0000000040)='smaps\x00') madvise(&(0x7f0000000000/0xc00000)=nil, 0xc00000, 0x19) 5.178521009s ago: executing program 4 (id=2243): r0 = socket(0x10, 0x803, 0x0) sendmsg$SMC_PNETID_GET(r0, &(0x7f0000000300)={0x0, 0x0, &(0x7f00000001c0)={0x0, 0x14}}, 0x0) getsockname$packet(r0, &(0x7f0000000180)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000080)=0x14) sendmsg$nl_route(r0, &(0x7f0000000380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000200)=ANY=[@ANYBLOB="7c00000010003704030000000300000000000000", @ANYRES32=r1, @ANYBLOB="0b1b0500000000005c0012800b00010069703667726500004c00028008000100", @ANYRES32=r1, @ANYBLOB="14000600fe8000000000000000000000000000bb14000700fe"], 0x7c}, 0x1, 0x0, 0x0, 0x48800}, 0x4000010) r2 = socket$nl_route(0x10, 0x3, 0x0) r3 = socket(0x10, 0x803, 0x0) syz_genetlink_get_family_id$nl80211(&(0x7f00000001c0), r3) getsockname$packet(r3, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r3, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000380)=ANY=[@ANYBLOB="3c0000001000850600"/20, @ANYRES32=r4, @ANYBLOB="01000000000000001c0012000c000100626f6e64000000000c0002000800010006"], 0x3c}}, 0x0) sendmsg$nl_route(r2, &(0x7f0000000c80)={0x0, 0x0, &(0x7f0000000c40)={&(0x7f00000000c0)=ANY=[@ANYBLOB="2c000000130005002cbd70000000000000000000", @ANYRES32=r4, @ANYBLOB="12030000000000000a00010085"], 0x2c}, 0x1, 0x0, 0x0, 0x40000}, 0x42) 3.216192226s ago: executing program 1 (id=2244): syz_usb_connect$hid(0x7568bc8db271f000, 0x36, &(0x7f0000000040)={{0x12, 0x1, 0x310, 0x0, 0x0, 0x0, 0x8, 0x4d8, 0xdd, 0x40, 0x1, 0x2, 0x3, 0x1, [{{0x9, 0x2, 0x24, 0x1, 0x1, 0x1, 0x60, 0x3, "", [{{0x9, 0x4, 0x0, 0x6, 0x1, 0x3, 0x1, 0x0, 0x42, {0x9, 0x21, 0xe, 0x40, 0x1, {0x22, 0x13d}}, {{{0x9, 0x5, 0x81, 0x3, 0x3ff, 0xc8, 0x8d, 0xff}}}}}]}}]}}, &(0x7f0000000700)={0x0, 0x0, 0x0, 0x0, 0x4, [{0x2, &(0x7f0000000200)=@string={0x2}}, {0x0, 0x0}, {0x2, &(0x7f0000000280)=@string={0x2}}, {0x31, 0x0}]}) 2.874458122s ago: executing program 4 (id=2245): r0 = socket$inet(0x2, 0x802, 0x1) connect$inet(r0, &(0x7f0000000540)={0x2, 0x0, @local}, 0x10) write(r0, &(0x7f0000000080)="08008edf773c8000", 0xfd) recvmmsg(r0, &(0x7f0000000200)=[{{0x0, 0x25, 0x0, 0x0, 0x0, 0x22}}], 0x3f, 0x0, 0x0) 2.641620624s ago: executing program 4 (id=2248): r0 = socket$nl_generic(0x10, 0x3, 0x10) mmap(&(0x7f0000001000/0xc00000)=nil, 0xc00000, 0x0, 0x3032, 0xffffffffffffffff, 0x0) r1 = socket$nl_generic(0x10, 0x3, 0x10) r2 = syz_genetlink_get_family_id$tipc2(&(0x7f0000000400), r1) r3 = socket$unix(0x1, 0x2, 0x0) bind$unix(r3, &(0x7f0000000280)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) r4 = socket$unix(0x1, 0x2, 0x0) r5 = socket$nl_generic(0x10, 0x3, 0x10) r6 = syz_genetlink_get_family_id$tipc(&(0x7f0000000040), 0xffffffffffffffff) r7 = socket$inet_tcp(0x2, 0x1, 0x0) ioctl$sock_SIOCETHTOOL(r7, 0x8946, &(0x7f0000000040)={'veth1\x00', &(0x7f0000000140)=@ethtool_sfeatures={0x20}}) sendmsg$TIPC_CMD_GET_NETID(r5, &(0x7f0000000100)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f0000000080)={0x1c, r6, 0x1, 0x70bd2a, 0x25dfdbfd}, 0x1c}, 0x1, 0x0, 0x0, 0x4000000}, 0x44080) r8 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$NFT_BATCH(r8, &(0x7f0000003dc0)={0x0, 0x0, &(0x7f0000003d80)={&(0x7f0000001180)={{0x14, 0x10, 0x1, 0x0, 0x0, {0x2}}, [@NFT_MSG_NEWTABLE={0x20, 0x0, 0xa, 0x101, 0x0, 0x0, {0x3, 0x0, 0x4}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz1\x00'}]}, @NFT_MSG_DELTABLE={0x20, 0x2, 0xa, 0x301, 0x0, 0x0, {0x0, 0x0, 0x8}, [@NFTA_TABLE_NAME={0x9, 0x1, 'syz0\x00'}]}], {0x14, 0x11, 0x1, 0x0, 0x0, {0x3}}}, 0x68}, 0x1, 0x0, 0x0, 0x4}, 0x4000094) connect$unix(r4, &(0x7f0000000180)=@file={0x1, '\xe9\x1fq\x89Y\x1e\x923aK\x00'}, 0x6e) sendmmsg(r4, &(0x7f0000002dc0), 0x307017fdb7a66cb, 0x0) readv(r4, &(0x7f00000000c0)=[{&(0x7f0000000080)=""/4, 0x4}], 0x1) close(r3) sendmsg$TIPC_NL_MEDIA_SET(r1, &(0x7f0000000440)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000100)={0x2c, r2, 0x1, 0x703d28, 0x25dfdbff, {}, [@TIPC_NLA_MEDIA={0x18, 0x5, 0x0, 0x1, [@TIPC_NLA_MEDIA_PROP={0xc, 0x2, 0x0, 0x1, [@TIPC_NLA_PROP_MTU={0x8, 0x4, 0xf843}]}, @TIPC_NLA_MEDIA_NAME={0x8, 0x1, 'udp\x00'}]}]}, 0x2c}, 0x1, 0x0, 0x0, 0x24000040}, 0x40440c4) sendmsg$nl_generic(r0, &(0x7f0000000180)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000400)=ANY=[@ANYBLOB="180000002500010324bd5f02ffdbdf2501"], 0x18}, 0x1, 0x0, 0x0, 0x4008}, 0x0) recvmsg(r0, &(0x7f0000000540)={0x0, 0x0, &(0x7f0000000200)=[{&(0x7f0000000580)=""/4081, 0xff1}], 0x1}, 0x2040) socket$netlink(0x10, 0x3, 0x8) 2.318131186s ago: executing program 5 (id=2250): r0 = socket(0x400000000010, 0x3, 0x0) r1 = socket$unix(0x1, 0x5, 0x0) r2 = socket$inet6_mptcp(0xa, 0x1, 0x106) setsockopt$inet6_int(r2, 0x29, 0x10, 0x0, 0x0) ioctl$sock_SIOCGIFINDEX(r1, 0x8933, &(0x7f0000000100)={'syzkaller0\x00', 0x0}) sendmsg$nl_route_sched(r0, &(0x7f0000000000)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000001300)=@newtfilter={0x2c, 0x2c, 0xd27, 0x70bd1f, 0x25dfdbfc, {0x0, 0x0, 0x0, r3, {0x9, 0xa}, {}, {0xfff2, 0x2}}, [@TCA_RATE={0x6, 0x5, {0x3, 0x8}}]}, 0x2c}, 0x1, 0x0, 0x0, 0x8848}, 0x80) 2.006576215s ago: executing program 2 (id=2251): r0 = openat$ptmx(0xffffffffffffff9c, &(0x7f0000000080), 0x60081, 0x0) ioctl$TIOCSETD(r0, 0x5423, &(0x7f0000000000)=0x15) ioctl$TCSETS(r0, 0x404c4701, &(0x7f0000000040)={0xffffffff, 0x4, 0x10000001, 0x400000, 0x9, "2eccecfd000000000000bd00000000040100"}) 1.940766051s ago: executing program 5 (id=2252): socket$packet(0x11, 0x3, 0x300) r0 = bpf$MAP_CREATE(0x0, &(0x7f0000000040)=ANY=[], 0x48) bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x11, 0xc, &(0x7f0000000440)=ANY=[@ANYBLOB="180000000000000000000000000001", @ANYRES32=r0, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bfa200000000000007020000f8ffffffb703000008000000b704000000000000850000000100000095"], 0x0, 0x0, 0x0, 0x0, 0x40f00, 0x0, '\x00', 0x0, @fallback=0x22, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) r1 = socket$packet(0x11, 0x2, 0x300) r2 = bpf$PROG_LOAD(0x5, &(0x7f0000000880)={0x1, 0xc, &(0x7f0000000440)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @fallback=0x10, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) setsockopt$sock_attach_bpf(r1, 0x1, 0x32, &(0x7f0000000180)=r2, 0x4) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000480)={0x6, 0x3, &(0x7f00000000c0)=ANY=[@ANYBLOB="1800000002000000000000000000082295"], &(0x7f0000000040)='syzkaller\x00'}, 0x90) bpf$BPF_PROG_TEST_RUN(0xa, 0x0, 0x0) bpf$MAP_UPDATE_ELEM_TAIL_CALL(0x2, &(0x7f0000000540)={{r0}, &(0x7f00000003c0), &(0x7f0000000400)=r2}, 0x20) socket$packet(0x11, 0xa, 0x300) bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000140)={0x6, 0x3, &(0x7f0000000680)=ANY=[@ANYBLOB="1800000002000000000000000000000095"], 0x0, 0x2}, 0x94) r3 = bpf$PROG_LOAD_XDP(0x5, &(0x7f0000000200)={0x6, 0x3, &(0x7f0000000680)=ANY=[], &(0x7f00000002c0)='syzkaller\x00', 0x7, 0x0, 0x0, 0x40f00, 0x5, '\x00', 0x0, 0x25, 0xffffffffffffffff, 0x8, 0x0, 0x0, 0x10, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x200}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r3, 0x5, 0xb68, 0x0, &(0x7f0000000000)='%', 0x0, 0xd01, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x48) r4 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$NL80211_CMD_FRAME(r4, &(0x7f0000001380)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000dc0)=ANY=[], 0x6f4}}, 0x0) openat$cgroup_ro(0xffffffffffffffff, 0x0, 0x275a, 0x0) 1.903064998s ago: executing program 1 (id=2253): r0 = openat$dsp1(0xffffffffffffff9c, &(0x7f0000000000), 0x20080, 0x0) ioctl$SNDCTL_DSP_CHANNELS(0xffffffffffffffff, 0xc0045006, &(0x7f0000000180)=0x6f) write$dsp(0xffffffffffffffff, &(0x7f00000012c0)="a5", 0x1) ioctl$SNDCTL_DSP_CHANNELS(r0, 0xc0045006, &(0x7f0000000140)=0x4) dup2(r0, r0) r1 = openat$cuse(0xffffffffffffff9c, &(0x7f0000000280), 0x2, 0x0) read$FUSE(r1, &(0x7f0000003340)={0x2020}, 0xfffffffffffffe73) socket$kcm(0xa, 0x5, 0x0) r2 = openat$mice(0xffffffffffffff9c, &(0x7f0000000040), 0x480800) syz_open_dev$admmidi(&(0x7f0000000140), 0x20, 0x181000) openat$sequencer2(0xffffffffffffff9c, &(0x7f0000000080), 0x80383, 0x0) syz_open_procfs(0x0, &(0x7f0000000000)='fd/3\x00') openat$sequencer(0xffffffffffffff9c, &(0x7f0000000040), 0xe042, 0x0) r3 = socket$nl_generic(0x10, 0x3, 0x10) sendmsg$nl_generic(r3, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000180)={&(0x7f00000001c0)=ANY=[@ANYBLOB="340000003e000701feffffff0000000003"], 0x34}, 0x1, 0x0, 0x0, 0x4000895}, 0xc000) sendmsg$nl_generic(r3, &(0x7f0000000240)={&(0x7f0000000100)={0x10, 0x0, 0x0, 0x10}, 0xc, &(0x7f0000000200)={&(0x7f00000001c0)={0x14, 0x12, 0x200, 0x70bd2a, 0x25dfdbfd, {0x19}}, 0x14}, 0x1, 0x0, 0x0, 0x20000000}, 0x20000000) getsockopt$PNPIPE_IFINDEX(r2, 0x113, 0x2, &(0x7f0000000080), &(0x7f00000000c0)=0x4) 1.784860221s ago: executing program 2 (id=2254): r0 = socket$xdp(0x2c, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(0xffffffffffffffff, 0x8933, &(0x7f0000000300)={'netdevsim0\x00', 0x0}) bind$xdp(r0, &(0x7f0000000100)={0x2c, 0x0, r1}, 0x10) 1.580048702s ago: executing program 2 (id=2255): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, 0x0, 0x0) 1.579686944s ago: executing program 4 (id=2256): mkdirat(0xffffffffffffff9c, &(0x7f0000000040)='./file0\x00', 0x1c0) mkdirat(0xffffffffffffff9c, &(0x7f0000000080)='./bus\x00', 0x180) r0 = socket$nl_route(0x10, 0x3, 0x0) ioctl$sock_SIOCGIFINDEX(r0, 0x8933, &(0x7f0000000300)={'bridge0\x00', 0x0}) sendmsg$nl_route(r0, &(0x7f0000000240)={0x0, 0x0, &(0x7f0000000280)={&(0x7f0000004e00)=ANY=[@ANYBLOB="38000000500001002abd70000200001c06906d0007007402", @ANYRES32=r1, @ANYBLOB="20000100", @ANYRES32=r1, @ANYBLOB="00010200e000000200000000000000000000000086dd0000"], 0x38}, 0x1, 0x0, 0x0, 0x5}, 0x40080c0) ioctl$F2FS_IOC_GET_COMPRESS_BLOCKS(r0, 0x8008f511, &(0x7f0000000000)) mount$overlay(0x0, &(0x7f0000000100)='./file0\x00', &(0x7f0000000040), 0x8, &(0x7f0000000200)={[{@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, '.'}}, {@upperdir={'upperdir', 0x3d, './file0'}}]}) umount2(&(0x7f0000000340)='./file0\x00', 0x1) mkdir(&(0x7f0000000200)='./file1\x00', 0x0) mount$overlay(0x0, &(0x7f00000000c0)='./bus\x00', &(0x7f0000000080), 0x0, &(0x7f00000003c0)={[{@upperdir={'upperdir', 0x3d, './file1'}}, {@workdir={'workdir', 0x3d, './bus'}}, {@lowerdir={'lowerdir', 0x3d, './file0'}}]}) r2 = socket(0xa, 0x3, 0x87) ioctl$sock_SIOCGIFINDEX(r2, 0x8933, &(0x7f0000000080)={'ipvlan0\x00', 0x0}) ioctl$sock_inet6_SIOCSIFADDR(r2, 0x8916, &(0x7f0000000180)={@dev={0xfe, 0x80, '\x00', 0x36}, 0x78, r3}) recvmmsg$unix(0xffffffffffffffff, &(0x7f0000004bc0)=[{{&(0x7f0000000140)=@abs, 0x6e, &(0x7f00000002c0)=[{&(0x7f00000001c0)=""/52, 0x34}], 0x1, &(0x7f0000000380)=[@cred={{0x1c}}, @cred={{0x1c}}], 0x40}}, {{0x0, 0x0, &(0x7f00000005c0)=[{&(0x7f0000000400)=""/3, 0x3}, {&(0x7f0000000440)=""/2, 0x2}, {&(0x7f0000000480)=""/3, 0x3}, {&(0x7f00000004c0)=""/121, 0x79}, {&(0x7f0000000540)=""/108, 0x6c}], 0x5, &(0x7f0000000640)=[@cred={{0x1c}}, @rights={{0x18, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x78}}, {{&(0x7f00000006c0)=@abs, 0x6e, &(0x7f0000000840)=[{&(0x7f0000000740)=""/65, 0x41}, {&(0x7f00000007c0)=""/115, 0x73}], 0x2, &(0x7f0000000880)=[@cred={{0x1c}}], 0x20}}, {{0x0, 0x0, &(0x7f0000001d00)=[{&(0x7f00000008c0)=""/59, 0x3b}, {&(0x7f0000000900)=""/35, 0x23}, {&(0x7f0000000940)=""/180, 0xb4}, {&(0x7f0000000a00)=""/248, 0xf8}, {&(0x7f0000000b00)=""/159, 0x9f}, {&(0x7f0000000bc0)=""/232, 0xe8}, {&(0x7f0000000cc0)=""/16, 0x10}, {&(0x7f0000000d00)=""/4096, 0x1000}], 0x8}}, {{&(0x7f0000001d80), 0x6e, &(0x7f0000003f80)=[{&(0x7f0000001e00)=""/191, 0xbf}, {&(0x7f0000001ec0)=""/4096, 0x1000}, {&(0x7f0000002ec0)=""/97, 0x61}, {&(0x7f0000002f40)=""/4096, 0x1000}, {&(0x7f0000003f40)=""/49, 0x31}], 0x5, &(0x7f0000004000)=[@cred={{0x1c}}], 0x20}}, {{&(0x7f0000004040), 0x6e, &(0x7f0000004480)=[{&(0x7f00000040c0)=""/149, 0x95}, {&(0x7f0000004180)=""/95, 0x5f}, {&(0x7f0000004200)=""/118, 0x76}, {&(0x7f0000004280)=""/132, 0x84}, {&(0x7f0000004340)=""/168, 0xa8}, {&(0x7f0000004400)=""/117, 0x75}], 0x6, &(0x7f0000004500)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}, @cred={{0x1c}}], 0x68}}, {{0x0, 0x0, &(0x7f0000004880)=[{&(0x7f0000004580)=""/227, 0xe3}, {&(0x7f0000004680)=""/84, 0x54}, {&(0x7f0000004700)=""/158, 0x9e}, {&(0x7f00000047c0)=""/138, 0x8a}], 0x4, &(0x7f00000048c0)=[@cred={{0x1c}}, @rights={{0x2c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x1c, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @rights={{0x24, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}, @cred={{0x1c}}], 0xb8}}, {{0x0, 0x0, &(0x7f0000004b40)=[{&(0x7f0000004980)=""/182, 0xb6}, {&(0x7f0000004a40)=""/231, 0xe7}], 0x2, &(0x7f0000004b80)=[@rights={{0x28, 0x1, 0x1, [0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff, 0xffffffffffffffff]}}], 0x28}}], 0x8, 0x1, &(0x7f0000004dc0)={0x0, 0x3938700}) 1.482283411s ago: executing program 1 (id=2257): socket$inet6(0xa, 0x5, 0x0) r0 = socket$nl_route(0x10, 0x3, 0x0) r1 = socket$nl_route(0x10, 0x3, 0x0) r2 = socket(0x10, 0x803, 0x0) sendmsg$nl_route(r2, &(0x7f00000006c0)={0x0, 0x0, &(0x7f0000000680)={0x0, 0x18}}, 0x0) getsockname$packet(r2, &(0x7f0000000100)={0x11, 0x0, 0x0, 0x1, 0x0, 0x6, @broadcast}, &(0x7f0000000200)=0x14) sendmsg$nl_route(r1, &(0x7f0000000140)={0x0, 0x0, &(0x7f0000000000)={&(0x7f00000002c0)=ANY=[@ANYBLOB="5000000010008105e9c51c000000000000000000", @ANYRES32=r3, @ANYBLOB="01000000000000002800128009000100766c616e000000001800028006000100000000000c0002000c0000000d000000080005", @ANYRES64=r1], 0x50}, 0x1, 0x0, 0x0, 0x80}, 0x20000000) sendmsg$nl_route(r0, &(0x7f00000000c0)={0x0, 0x0, &(0x7f0000000040)={&(0x7f0000000080)=@newlink={0x2c, 0x10, 0x1, 0x1, 0x25dfdbff, {0x0, 0x0, 0x0, r3, 0x10b85, 0x49800}, [@IFLA_ADDRESS={0xa, 0x1, @local}]}, 0x2c}, 0x1, 0x0, 0x0, 0x4000090}, 0x0) 1.411934457s ago: executing program 2 (id=2258): sendmsg$NLBL_UNLABEL_C_STATICADD(0xffffffffffffffff, &(0x7f0000000200)={0x0, 0xfffffed2, &(0x7f0000000100)={&(0x7f0000000040)={0x3c, 0x0, 0x201, 0x0, 0x0, {0x3, 0x0, 0x26}, [@NLBL_UNLABEL_A_IPV6MASK={0x14, 0x3, @initdev={0xfe, 0x88, '\x00', 0x1, 0x0}}, @NLBL_UNLABEL_A_IPV6ADDR={0x14, 0x7, @ipv4={'\x00', '\xff\xff', @loopback}}]}, 0x3c}, 0x8, 0x3000000000002, 0x0, 0x4000}, 0x0) sendmsg$nl_xfrm(0xffffffffffffffff, &(0x7f0000000040)={0x0, 0x0, 0x0}, 0x844) r0 = syz_init_net_socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_genetlink_get_family_id$nl802154(&(0x7f0000000180), 0xffffffffffffffff) mkdir(&(0x7f0000000400)='./file0\x00', 0x0) r2 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000100), 0x0, 0x0) r3 = ioctl$KVM_CREATE_VM(r2, 0xae01, 0x0) ioctl$KVM_SET_USER_MEMORY_REGION(r3, 0x4020ae46, &(0x7f0000000400)={0x1fd, 0x1, 0x0, 0x2000, &(0x7f0000b07000/0x2000)=nil}) r4 = ioctl$KVM_CREATE_VCPU(r3, 0xae41, 0x1) r5 = syz_open_dev$dvb_demux(&(0x7f0000001e00), 0x0, 0x2000) ioctl$DVB_DEMUX_DMX_SET_FILTER(r5, 0x403c6f2b, &(0x7f0000001e40)={0x4, {"0dbad96fff01000008ff002084000100", "3dfab043e15fad27a639f105b5e9f977", "a7c9f5eca6b0311d85df0000ff4a70f3"}, 0x4000c, 0x5}) ioctl$DVB_DEMUX_DMX_SET_BUFFER_SIZE(r5, 0x6f2d, 0x5) ioctl$KVM_GET_VCPU_EVENTS(r4, 0x4048aecb, &(0x7f0000000000)) ioctl$sock_SIOCGIFINDEX_802154(r0, 0x8933, &(0x7f00000001c0)={'wpan0\x00', 0x0}) sendmsg$NL802154_CMD_NEW_SEC_KEY(r0, &(0x7f00000003c0)={0x0, 0x0, &(0x7f00000002c0)={&(0x7f0000000000)=ANY=[@ANYBLOB='|\x00\x00\x00', @ANYRES16=r1, @ANYBLOB="3f9d00000000000000001700000008000300", @ANYRES32=r6, @ANYBLOB="60003080050002000000000014000400403a050c5bae9c544ef2b6d713459a7a1c000180050002000000000008000400050000000800010002000000240003"], 0x7c}, 0x1, 0x0, 0x0, 0x4004}, 0x0) 1.218514193s ago: executing program 5 (id=2259): r0 = syz_create_resource$binfmt(&(0x7f0000001400)='./file0\x00') r1 = socket$rds(0x15, 0x5, 0x0) r2 = syz_open_dev$sndctrl(&(0x7f0000000100), 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_SUBSCRIBE_EVENTS(r2, 0xc0045516, &(0x7f00000000c0)=0x81) readv(r2, 0x0, 0x0) ioctl$SNDRV_CTL_IOCTL_ELEM_ADD(r2, 0xc1105517, &(0x7f0000000140)={{0xbffffffd, 0x1, 0xffffffff, 0xfffffff8, 'syz1\x00', 0x20}, 0x2, 0x2, 0x5, 0x0, 0x0, 0x4ff, 'syz0\x00', 0x0}) ioctl$sock_proto_private(r1, 0x89e0, 0x0) r3 = openat$binfmt(0xffffffffffffff9c, r0, 0x42, 0x1ff) r4 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0x2, 0x4, &(0x7f0000000200)=ANY=[], &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x100, 0x70, '\x00', 0x0, @fallback=0x30, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) truncate(&(0x7f0000000180)='./file0\x00', 0x8fff5) bpf$BPF_LINK_CREATE_XDP(0x1c, &(0x7f00000012c0)={r4, 0x0, 0x30, 0x0, @val=@uprobe_multi={&(0x7f0000000140)='./file0\x00', &(0x7f0000000280)=[0x8000], 0x0, 0x0, 0x1, 0x1}}, 0x40) mmap(&(0x7f00001f8000/0x4000)=nil, 0x4000, 0x0, 0x12012, r3, 0x0) 1.151355767s ago: executing program 5 (id=2260): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x8b}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000080)=0x7) getpid() r0 = openat$fb0(0xffffffffffffff9c, &(0x7f0000000040), 0x22902, 0x0) ioctl$FBIOBLANK(r0, 0x4611, 0x7ffffffe) syz_init_net_socket$ax25(0x3, 0x2, 0x7) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x2) mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f06ebbeee, 0x8031, 0xffffffffffffffff, 0x3000) socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000100)={0xffffffffffffffff, 0xffffffffffffffff}) connect$unix(r1, &(0x7f000057eff8)=@file={0x0, './file1\x00'}, 0x6e) sendmmsg$unix(r2, &(0x7f0000000000), 0x651, 0x0) recvmmsg(r1, &(0x7f00000000c0), 0x10106, 0x2, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f0000000240)=0x6) capset(&(0x7f0000000040)={0x20071026}, &(0x7f0000000080)={0x6, 0x6, 0x2, 0x87, 0xffffffff, 0x40}) madvise(&(0x7f0000ffb000/0x4000)=nil, 0x4000, 0x1) mbind(&(0x7f0000ffe000/0x2000)=nil, 0x2000, 0x1, &(0x7f00000000c0)=0x3a1, 0x4, 0x0) mlock2(&(0x7f0000fff000/0x1000)=nil, 0x1000, 0x0) r3 = socket(0x10, 0x3, 0x0) ioctl$sock_ipv4_tunnel_SIOCDELTUNNEL(r3, 0x89f2, &(0x7f0000002580)={'ip_vti0\x00', &(0x7f0000002500)={'syztnl0\x00', 0x0, 0x40, 0x80, 0x8, 0x4, {{0x5, 0x4, 0x1, 0x9, 0x14, 0x68, 0x0, 0x6, 0x29, 0x0, @local, @multicast1}}}}) r5 = socket$nl_route(0x10, 0x3, 0x0) r6 = socket$nl_route(0x10, 0x3, 0x0) sendmsg$nl_route(r6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)={0x0}, 0x1, 0x0, 0x0, 0x4000841}, 0x20040040) socket$nl_generic(0x10, 0x3, 0x10) ioctl$sock_ipv4_tunnel_SIOCGETTUNNEL(r3, 0x89f0, &(0x7f00000004c0)={'ip_vti0\x00', &(0x7f0000000400)={'gretap0\x00', r4, 0x8000, 0x7840, 0x4, 0x9, {{0x20, 0x4, 0x3, 0x2d, 0x80, 0x66, 0x0, 0x0, 0x2f, 0x0, @rand_addr=0x64010100, @private=0xa010102, {[@end, @ssrr={0x89, 0x7, 0xd6, [@loopback]}, @rr={0x7, 0x1b, 0xf2, [@initdev={0xac, 0x1e, 0x1, 0x0}, @broadcast, @remote, @loopback, @broadcast, @rand_addr=0x64010100]}, @noop, @timestamp_addr={0x44, 0x24, 0xc9, 0x1, 0x0, [{@empty, 0x2}, {@broadcast, 0x101}, {@multicast2, 0xb99c}, {@multicast1, 0x1}]}, @generic={0x83, 0xb, "d9b45bfb624bc7e8f5"}, @ra={0x94, 0x4}, @ssrr={0x89, 0x13, 0x5b, [@rand_addr=0x64010102, @remote, @dev={0xac, 0x14, 0x14, 0x2a}, @multicast1]}]}}}}}) sendmsg$nl_route(r5, &(0x7f0000000080)={0x0, 0x0, &(0x7f0000000140)={&(0x7f0000000300)=@newlink={0x68, 0x10, 0x401, 0x0, 0x0, {0x0, 0x0, 0x0, 0x0, 0x585d}, [@IFLA_AF_SPEC={0x1c, 0x1a, 0x0, 0x1, [@AF_INET6={0x18, 0xa, 0x0, 0x1, [@IFLA_INET6_TOKEN={0x14, 0x7, @private2}]}]}, @IFLA_MASTER={0x8, 0xa, r7}, @IFLA_LINKINFO={0x1c, 0x12, 0x0, 0x1, @ipvlan={{0xb}, {0xc, 0x2, 0x0, 0x1, [@IFLA_IPVLAN_FLAGS={0x6}]}}}, @IFLA_PROMISCUITY={0x8, 0x1e, 0x1}]}, 0x68}, 0x1, 0x0, 0x0, 0x840}, 0x0) 1.024258342s ago: executing program 3 (id=2261): r0 = syz_init_net_socket$bt_l2cap(0x1f, 0x5, 0x0) bind$bt_l2cap(r0, &(0x7f0000000000)={0x1f, 0x6, @any, 0x0, 0x1}, 0xe) mmap(&(0x7f0000001000/0x2000)=nil, 0x2000, 0x2000009, 0x32, 0xffffffffffffffff, 0x0) r1 = openat$kvm(0xffffffffffffff9c, &(0x7f0000000200), 0x88840, 0x0) r2 = ioctl$KVM_CREATE_VM(r1, 0xae01, 0x0) splice(r1, &(0x7f0000000040), 0xffffffffffffffff, &(0x7f0000000100)=0x5, 0x1000, 0x2) ioctl$KVM_SET_USER_MEMORY_REGION(r2, 0x4020ae46, &(0x7f0000000540)={0x0, 0x0, 0x0, 0x2000, &(0x7f0000000000/0x2000)=nil}) syz_kvm_setup_cpu$x86(r2, 0xffffffffffffffff, &(0x7f0000fe7000/0x18000)=nil, &(0x7f00000002c0)=[@text16={0x10, &(0x7f0000000080)="360f7883b81e2626660fc7350ff4650666b95c0300000f32f4656df30f09e3650f01efeff8000f0d35", 0x29}], 0x1, 0x2, 0x0, 0x0) r3 = ioctl$KVM_CREATE_VCPU(r2, 0xae41, 0x1) r4 = socket$nl_netfilter(0x10, 0x3, 0xc) sendmsg$IPSET_CMD_CREATE(r4, &(0x7f0000000180)={0x0, 0x0, &(0x7f00000000c0)={&(0x7f00000001c0)=ANY=[@ANYBLOB="6000000002066bebcb0300df19158a43186401020000000000000000000000000900020073797a32000000000500010007000000050005000a00000014000780080013400000000008001240fffffffa05000400000000001100030068617368"], 0x60}, 0x1, 0x0, 0x0, 0x10}, 0x8800) syz_kvm_setup_cpu$x86(r3, r3, &(0x7f0000fce000/0x18000)=nil, &(0x7f00000000c0)=[@text16={0x10, 0x0}], 0x1, 0x3, 0x0, 0x0) ioctl$KVM_SET_NESTED_STATE(r3, 0x4080aebf, &(0x7f0000003680)=@vmx={0x3, 0x0, 0x2080, {0x0, 0xffff1000}, {"000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000090000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000100", "00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000008bc584c800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001f6f38740000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000005000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000800000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000fbffffffffffffff00000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001a4900"}}) ioctl$KVM_RUN(r3, 0xae80, 0x0) syz_emit_ethernet(0x101, &(0x7f0000000140)={@multicast, @empty, @val={@void, {0x8100, 0x3, 0x1, 0x4}}, {@llc_tr={0x11, {@llc={0x7e, 0x8e, "9a62", "8a0f5441f5e4535c3847c031437038016e4953a08cfbc66249c7b6f13e216ec3c58309f218d52f70bc4da47333ca87a71417c850325979ec5b4046720782bdbd91d0eab4436d9e58e0177e627d49c7ff69ab5c88da8d8f33829158125f35565434204dd7838c631e54f5fa0d9dc0302c31e1881826340dfd38113567def3a5a5a89c4f6f0db0853d5a8becc6ed6471a16ba57a9ef7c8a93216dd7d192766dc87437c088e636fc6b29d515be8a4a78c046d0af43e8fb7709a6c01cce7dddd8876bcf9ab9c53495d28e3e6c96d79b38d8176077d655e440de13dd977ecd73f38ea680591525850cabdcc33ee"}}}}}, 0x0) 1.024021252s ago: executing program 4 (id=2262): r0 = socket$tipc(0x1e, 0x5, 0x0) sendmsg$tipc(r0, &(0x7f00000000c0)={&(0x7f0000000140)=@nameseq={0x1e, 0x1, 0x0, {0x42, 0x4, 0x4}}, 0x10, 0x0, 0x0, 0x0, 0x0, 0x804}, 0x4) 1.022905826s ago: executing program 1 (id=2263): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, r1, 0x215eb000) pipe(&(0x7f0000000740)) r2 = socket(0x14, 0x2, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x61d0, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x9, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r2, &(0x7f00000003c0)={0x0, 0xfffffffffffffe69, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x20040024}, 0x8040) sendmsg$NFT_BATCH(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYRES32=r0], 0xa4}, 0x1, 0x0, 0x0, 0x48005}, 0x801) 616.232585ms ago: executing program 2 (id=2264): r0 = socket$inet6_tcp(0xa, 0x1, 0x0) setsockopt$inet6_tcp_int(r0, 0x6, 0x13, &(0x7f0000000040)=0x100000001, 0x76dc) connect$inet6(r0, &(0x7f0000000100)={0xa, 0x0, 0x7, @ipv4={'\x00', '\xff\xff', @local}, 0x1}, 0x1c) setsockopt$inet6_IPV6_RTHDRDSTOPTS(r0, 0x29, 0x37, 0x0, 0x0) setsockopt$inet6_tcp_TCP_ULP(r0, 0x6, 0x1f, &(0x7f00000002c0), 0x4) setsockopt$inet6_tcp_TLS_TX(r0, 0x11a, 0x1, &(0x7f0000000080)=@gcm_128={{0x303}, "b7a41f2300", "d21b0e8a0e000000000000000600", "1d1cbe23", "ecba06893bcdc493"}, 0x28) (fail_nth: 2) 353.166961ms ago: executing program 2 (id=2265): r0 = socket$nl_generic(0x10, 0x3, 0x10) r1 = syz_init_net_socket$bt_hci(0x1f, 0x3, 0x5) close(0x4) syz_open_procfs$namespace(0x0, &(0x7f0000000040)='ns/cgroup\x00') mmap(&(0x7f0000000000/0xb36000)=nil, 0xb36000, 0xb635773f07ebbeef, 0x8031, r1, 0x215eb000) pipe(&(0x7f0000000740)) r2 = socket(0x14, 0x2, 0x4) ioctl$sock_SIOCGIFINDEX(r2, 0x61d0, 0x0) bind$packet(0xffffffffffffffff, &(0x7f0000000080)={0x11, 0x9, 0x0, 0x1, 0x0, 0x6, @multicast}, 0x14) sendmsg$IPCTNL_MSG_TIMEOUT_DEFAULT_GET(r2, &(0x7f00000003c0)={0x0, 0xfffffffffffffe69, &(0x7f00000000c0)={&(0x7f0000000080)=ANY=[@ANYRES32=r2], 0x1c}, 0x1, 0x0, 0x0, 0x20040024}, 0x8040) sendmsg$NFT_BATCH(r2, &(0x7f0000000280)={0x0, 0x0, &(0x7f0000000000)={&(0x7f0000000240)=ANY=[@ANYRES32=r0], 0xa4}, 0x1, 0x0, 0x0, 0x48005}, 0x801) 272.955762ms ago: executing program 4 (id=2266): prlimit64(0x0, 0xe, &(0x7f0000000140)={0x8, 0x88}, 0x0) sched_setscheduler(0x0, 0x1, &(0x7f0000000300)=0x7) r0 = getpid() sched_setscheduler(r0, 0x2, &(0x7f0000000000)=0x6) syz_clone(0x8000, 0x0, 0xfffffffffffffe7e, 0x0, 0x0, 0x0) sched_setaffinity(0x0, 0x8, &(0x7f00000002c0)=0x400000bce) r1 = syz_open_dev$MSR(&(0x7f00000001c0), 0x0, 0x0) read$msr(r1, &(0x7f0000019680)=""/102392, 0x18ff8) r2 = socket$alg(0x26, 0x5, 0x0) bind$alg(r2, &(0x7f0000000600)={0x26, 'skcipher\x00', 0x0, 0x0, 'ecb(blowfish)\x00'}, 0x58) r3 = accept4(r2, 0x0, 0x0, 0x0) setsockopt$ALG_SET_KEY(r2, 0x117, 0x1, &(0x7f0000000140)="1fe1bc7f", 0x4) sendmmsg$unix(r3, &(0x7f0000003dc0)=[{{&(0x7f0000000000)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}, {{&(0x7f0000000280)=@file={0x0, './file0\x00'}, 0x6e, 0x0}}], 0x299, 0x0) fanotify_init(0x81, 0x40000) socketpair$unix(0x1, 0x1, 0x0, 0x0) openat$tcp_mem(0xffffffffffffff9c, &(0x7f0000000040)='/proc/sys/net/ipv4/tcp_wmem\x00', 0x8, 0x0) 0s ago: executing program 3 (id=2267): socketpair$unix(0x1, 0x2, 0x0, &(0x7f0000000200)) r0 = bpf$PROG_LOAD(0x5, &(0x7f0000000040)={0xa, 0x5, &(0x7f0000000500)=@framed={{0x18, 0x2, 0x0, 0x0, 0xfffffff9}, [@call={0x85, 0x0, 0x0, 0x27}, @call={0x85, 0x0, 0x0, 0x50}]}, &(0x7f0000000000)='GPL\x00', 0x0, 0x0, 0x0, 0x41000, 0x20, '\x00', 0x0, @fallback=0x17, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x10, 0x4}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000600)={r0, 0x0, 0xe, 0x0, &(0x7f0000000900)="e02742e8680d85ff9782762f86dd", 0x0, 0x9, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x50) r1 = openat$sw_sync(0xffffffffffffff9c, &(0x7f0000000080), 0x0, 0x0) ioctl$SW_SYNC_IOC_CREATE_FENCE(r1, 0xc0285700, &(0x7f0000000100)={0x1, "5660359c3245d1c42317afad7d48ed51000000000000000100", 0xffffffffffffffff}) ioctl$SG_SET_COMMAND_Q(0xffffffffffffffff, 0x2271, &(0x7f00000000c0)=0x1) bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[@ANYBLOB="10000000040000000800000005"], 0x48) r3 = bpf$MAP_CREATE(0x0, &(0x7f00000009c0)=ANY=[], 0x48) r4 = bpf$PROG_LOAD(0x5, &(0x7f00000000c0)={0x6, 0xc, &(0x7f00000001c0)=ANY=[@ANYBLOB="1800000000000000000000000000000018110000", @ANYRES32=r3, @ANYBLOB="0000000000000000b7080000000000007b8af8ff00000000bc82000000000000a6020000f8ffffffb703000008000000b703000000000000850000003300000095"], &(0x7f0000000240)='syzkaller\x00', 0x0, 0x0, 0x0, 0x0, 0x0, '\x00', 0x0, @xdp, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000300)={r4, 0x18000000000002a0, 0xe, 0x0, &(0x7f00000002c0)="b9ff03076804268c989e14f088a8", 0x0, 0x80500, 0x60000500, 0x0, 0x0, 0x0, 0x0}, 0x50) r5 = socket$inet6_sctp(0xa, 0x5, 0x84) getsockopt$inet_sctp6_SCTP_SOCKOPT_CONNECTX3(r5, 0x84, 0x6f, &(0x7f0000000000)={0x0, 0x38, &(0x7f0000000280)=[@in6={0xa, 0x4e21, 0x7ff, @private2, 0xeb2}, @in6={0xa, 0x4e21, 0x9, @loopback, 0x7ab}]}, &(0x7f0000000180)=0x10) r6 = socket$netlink(0x10, 0x3, 0x4) writev(r6, &(0x7f0000000080)=[{&(0x7f0000000340)="480000001400190d09034beafd0d36020a841a000000230f00000000a2bc5603ca00000f7f89004e00200000000101ff00c00e03000200000000000000000300005839c900910000", 0x48}], 0x1) ioctl$SYNC_IOC_MERGE(r2, 0xc0303e03, 0x0) writev(r2, &(0x7f0000000040)=[{0x0}, {0x0}, {&(0x7f0000001480)}], 0x3) r7 = syz_open_dev$sg(&(0x7f0000000200), 0x0, 0x8002) bpf$BPF_PROG_TEST_RUN(0xa, &(0x7f0000000280)={0xffffffffffffffff, 0x2000300, 0x1, 0x0, &(0x7f0000000000)='c', 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x2}, 0x50) ioctl$SCSI_IOCTL_GET_PCI(r7, 0x5393, &(0x7f0000000000)) syz_emit_vhci(&(0x7f0000000140)=ANY=[@ANYBLOB="04b590171dc38e8ac5f9ef4ab0c801810900"/27], 0x6) r8 = syz_open_procfs$namespace(0x0, &(0x7f0000001380)='ns/cgroup\x00') open_by_handle_at(r8, &(0x7f00000003c0)=ANY=[@ANYBLOB="20000000f10002000600000000000000000002"], 0x0) io_uring_register$IORING_REGISTER_FILES_UPDATE2(0xffffffffffffffff, 0x2, &(0x7f0000002d40)={0x0, 0x0, 0x0, 0x0}, 0x20) bpf$PROG_LOAD(0x5, &(0x7f0000000180)={0x12, 0x4, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x8, '\x00', 0x0, @cgroup_sock_addr=0x8, 0xffffffffffffffff, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0, 0x0}, 0x94) io_uring_register$IORING_REGISTER_FILES_UPDATE(0xffffffffffffffff, 0x6, &(0x7f00000001c0)={0x0, 0x0, &(0x7f0000000180)=[0xffffffffffffffff]}, 0x20) ioctl$SNDRV_TIMER_IOCTL_CREATE(0xffffffffffffffff, 0xc02054a5, &(0x7f0000000400)={0x4, r2, 'id1\x00'}) kernel console output (not intermixed with test programs): 07][T11957] RDX: 000000000000006f RSI: 0000000000000084 RDI: 0000000000000008 [ 710.311722][T11957] RBP: 00007f2ecf314090 R08: 0000200000000100 R09: 0000000000000000 [ 710.311737][T11957] R10: 00002000000000c0 R11: 0000000000000246 R12: 0000000000000001 [ 710.311751][T11957] R13: 00007f2ed1376218 R14: 00007f2ed1376180 R15: 00007fff167316d8 [ 710.311788][T11957] [ 711.270897][T11962] netlink: 116 bytes leftover after parsing attributes in process `syz.4.1837'. [ 711.487510][ T5947] usb 2-1: new high-speed USB device number 76 using dummy_hcd [ 711.526506][T11970] netlink: 14220 bytes leftover after parsing attributes in process `syz.0.1839'. [ 711.526532][T11970] openvswitch: netlink: Flow set message rejected, Key attribute missing. [ 711.659955][T11973] rdma_rxe: rxe_newlink: failed to add lo [ 712.494536][ T5947] usb 2-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 712.494567][ T5947] usb 2-1: config 0 has no interfaces? [ 712.494599][ T5947] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 712.494625][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 712.547580][ T5947] usb 2-1: config 0 descriptor?? [ 712.578832][ T5947] usb 3-1: USB disconnect, device number 72 [ 712.856976][ T5880] usb 5-1: new high-speed USB device number 76 using dummy_hcd [ 712.887353][T11987] FAULT_INJECTION: forcing a failure. [ 712.887353][T11987] name failslab, interval 1, probability 0, space 0, times 0 [ 712.887381][T11987] CPU: 1 UID: 0 PID: 11987 Comm: syz.2.1848 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 712.887399][T11987] Tainted: [L]=SOFTLOCKUP [ 712.887404][T11987] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 712.887412][T11987] Call Trace: [ 712.887418][T11987] [ 712.887425][T11987] dump_stack_lvl+0xe8/0x150 [ 712.887463][T11987] should_fail_ex+0x46b/0x600 [ 712.887499][T11987] should_failslab+0xa8/0x100 [ 712.887525][T11987] __kmalloc_noprof+0xdf/0x7b0 [ 712.887544][T11987] ? kfree+0x4d/0x6c0 [ 712.887570][T11987] ? tomoyo_realpath_from_path+0xe3/0x5d0 [ 712.887602][T11987] tomoyo_realpath_from_path+0xe3/0x5d0 [ 712.887640][T11987] ? tomoyo_path_number_perm+0x219/0x630 [ 712.887664][T11987] tomoyo_path_number_perm+0x246/0x630 [ 712.887680][T11987] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 712.887696][T11987] ? __lock_acquire+0x6b5/0x2cf0 [ 712.887728][T11987] ? __fget_files+0x2a/0x420 [ 712.887746][T11987] ? __fget_files+0x2a/0x420 [ 712.887761][T11987] ? __fget_files+0x3a6/0x420 [ 712.887776][T11987] ? __fget_files+0x2a/0x420 [ 712.887794][T11987] security_file_ioctl+0xc3/0x2a0 [ 712.887810][T11987] __se_sys_ioctl+0x47/0x170 [ 712.887824][T11987] do_syscall_64+0x14d/0xf80 [ 712.887839][T11987] ? trace_irq_disable+0x3b/0x150 [ 712.887855][T11987] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.887867][T11987] ? clear_bhb_loop+0x40/0x90 [ 712.887883][T11987] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 712.887895][T11987] RIP: 0033:0x7f08af2bc819 [ 712.887908][T11987] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 712.887920][T11987] RSP: 002b:00007f08ad516028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 712.887935][T11987] RAX: ffffffffffffffda RBX: 00007f08af535fa0 RCX: 00007f08af2bc819 [ 712.887944][T11987] RDX: 0000000000000000 RSI: 000000000000ae80 RDI: 0000000000000008 [ 712.887952][T11987] RBP: 00007f08ad516090 R08: 0000000000000000 R09: 0000000000000000 [ 712.887960][T11987] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 712.887967][T11987] R13: 00007f08af536038 R14: 00007f08af535fa0 R15: 00007ffd8e8378e8 [ 712.887987][T11987] [ 712.891158][T11987] ERROR: Out of memory at tomoyo_realpath_from_path. [ 713.011925][ T5880] usb 5-1: Using ep0 maxpacket: 16 [ 713.014059][ T5880] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 713.014088][ T5880] usb 5-1: config 0 interface 0 altsetting 16 endpoint 0x81 has invalid wMaxPacketSize 0 [ 713.014110][ T5880] usb 5-1: config 0 interface 0 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 28 [ 713.014136][ T5880] usb 5-1: config 0 interface 0 has no altsetting 0 [ 713.014168][ T5880] usb 5-1: New USB device found, idVendor=056a, idProduct=0331, bcdDevice= 0.00 [ 713.014189][ T5880] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 713.019930][ T5880] usb 5-1: config 0 descriptor?? [ 713.240275][T11993] binder: 11963:11993 ioctl c0306201 200000000480 returned -14 [ 713.384203][ T37] audit: type=1326 audit(1775888693.365:242): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=11994 comm="syz.0.1849" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f9732bfc819 code=0x0 [ 713.449507][T11980] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 713.451370][T11980] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 713.476371][ T5880] hid (null): report_id 4157396277 is invalid [ 713.476389][ T5880] hid (null): invalid report_count 45924 [ 713.695184][ T5880] usb 5-1: USB disconnect, device number 76 [ 713.814628][T12006] netlink: 120 bytes leftover after parsing attributes in process `syz.3.1854'. [ 714.010772][T12011] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1855'. [ 714.187942][T12013] syz2: rxe_newlink: already configured on lo [ 714.856393][ T5880] usb 2-1: USB disconnect, device number 76 [ 715.521719][T12026] kvm: requested 1676 ns i8254 timer period limited to 200000 ns [ 715.584415][T12031] syzkaller1: entered promiscuous mode [ 715.584472][T12031] syzkaller1: entered allmulticast mode [ 715.678801][T12026] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 715.681450][T12026] kvm: requested 13409 ns i8254 timer period limited to 200000 ns [ 715.686405][T12026] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 715.686475][T12026] kvm: requested 41904 ns i8254 timer period limited to 200000 ns [ 715.697272][T12026] kvm: requested 838 ns i8254 timer period limited to 200000 ns [ 715.697987][T12026] kvm: requested 2514 ns i8254 timer period limited to 200000 ns [ 715.698241][T12026] kvm: requested 3352 ns i8254 timer period limited to 200000 ns [ 715.698448][T12026] kvm: requested 100571 ns i8254 timer period limited to 200000 ns [ 715.699525][T12026] kvm: requested 53638 ns i8254 timer period limited to 200000 ns [ 717.363885][T12043] FAULT_INJECTION: forcing a failure. [ 717.363885][T12043] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 717.363925][T12043] CPU: 0 UID: 0 PID: 12043 Comm: syz.3.1866 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 717.363957][T12043] Tainted: [L]=SOFTLOCKUP [ 717.363966][T12043] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 717.363979][T12043] Call Trace: [ 717.363988][T12043] [ 717.363998][T12043] dump_stack_lvl+0xe8/0x150 [ 717.364059][T12043] should_fail_ex+0x46b/0x600 [ 717.364095][T12043] _copy_from_iter+0x1d3/0x1670 [ 717.364126][T12043] ? __pfx___alloc_frozen_pages_noprof+0x10/0x10 [ 717.364157][T12043] ? __pfx_policy_nodemask+0x10/0x10 [ 717.364184][T12043] ? __pfx__copy_from_iter+0x10/0x10 [ 717.364221][T12043] ? set_page_refcounted+0xa0/0x1e0 [ 717.364246][T12043] ? page_copy_sane+0x4e/0x270 [ 717.364278][T12043] copy_page_from_iter+0xdd/0x170 [ 717.364315][T12043] tun_get_user+0x1d4b/0x3de0 [ 717.364335][T12043] ? tun_get_user+0x6ff/0x3de0 [ 717.364388][T12043] ? __pfx_tun_get_user+0x10/0x10 [ 717.364449][T12043] ? ref_tracker_alloc+0x332/0x4a0 [ 717.364483][T12043] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 717.364529][T12043] ? tun_get+0x1c/0x2f0 [ 717.364557][T12043] ? tun_get+0x1c/0x2f0 [ 717.364578][T12043] ? tun_get+0x1c/0x2f0 [ 717.364613][T12043] tun_chr_write_iter+0x119/0x200 [ 717.364639][T12043] vfs_write+0x629/0xba0 [ 717.364683][T12043] ? __pfx_vfs_write+0x10/0x10 [ 717.364727][T12043] ? __fget_files+0x2a/0x420 [ 717.364767][T12043] ksys_write+0x156/0x270 [ 717.364804][T12043] ? __pfx_ksys_write+0x10/0x10 [ 717.364851][T12043] do_syscall_64+0x14d/0xf80 [ 717.364876][T12043] ? trace_irq_disable+0x3b/0x150 [ 717.364902][T12043] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.364926][T12043] ? clear_bhb_loop+0x40/0x90 [ 717.364954][T12043] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 717.364977][T12043] RIP: 0033:0x7fbf15e2d04e [ 717.364997][T12043] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 717.365017][T12043] RSP: 002b:00007fbf1407bfb8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 717.365043][T12043] RAX: ffffffffffffffda RBX: 00007fbf1407c6c0 RCX: 00007fbf15e2d04e [ 717.365061][T12043] RDX: 000000000000001a RSI: 0000200000000340 RDI: 00000000000000c8 [ 717.365075][T12043] RBP: 00007fbf1407c090 R08: 0000000000000000 R09: 0000000000000000 [ 717.365090][T12043] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 717.365103][T12043] R13: 00007fbf160e6218 R14: 00007fbf160e6180 R15: 00007fff41d8f918 [ 717.365137][T12043] [ 717.764894][T12045] netlink: 120 bytes leftover after parsing attributes in process `syz.4.1868'. [ 717.800541][T12047] netlink: 28 bytes leftover after parsing attributes in process `syz.0.1869'. [ 718.139432][T12050] rdma_rxe: rxe_newlink: failed to add lo [ 719.177099][ T5880] usb 3-1: new high-speed USB device number 73 using dummy_hcd [ 719.863267][ T5880] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 719.863503][ T5880] usb 3-1: config 0 has no interfaces? [ 719.864346][ T5880] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 719.864565][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 720.029700][ T5880] usb 3-1: config 0 descriptor?? [ 720.177842][ T37] audit: type=1326 audit(1775888700.165:243): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12058 comm="syz.4.1872" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ed10fc819 code=0x0 [ 720.692351][T12073] binder: 12049:12073 ioctl c0306201 200000000480 returned -14 [ 721.761366][ T5952] usb 3-1: USB disconnect, device number 73 [ 721.883895][T12083] FAULT_INJECTION: forcing a failure. [ 721.883895][T12083] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 721.883936][T12083] CPU: 1 UID: 0 PID: 12083 Comm: syz.2.1876 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 721.883967][T12083] Tainted: [L]=SOFTLOCKUP [ 721.883976][T12083] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 721.883989][T12083] Call Trace: [ 721.883998][T12083] [ 721.884008][T12083] dump_stack_lvl+0xe8/0x150 [ 721.884072][T12083] should_fail_ex+0x46b/0x600 [ 721.884110][T12083] _copy_from_iter+0x1d3/0x1670 [ 721.884142][T12083] ? __lock_acquire+0x6b5/0x2cf0 [ 721.884176][T12083] ? __pfx__copy_from_iter+0x10/0x10 [ 721.884211][T12083] ? kstrtouint+0x6e/0xe0 [ 721.884246][T12083] ? iov_iter_advance+0x8b/0x1c0 [ 721.884282][T12083] vhost_chr_write_iter+0x2aa/0xae0 [ 721.884307][T12083] ? __lock_acquire+0x6b5/0x2cf0 [ 721.884335][T12083] ? __pfx_vhost_chr_write_iter+0x10/0x10 [ 721.884377][T12083] vfs_write+0x629/0xba0 [ 721.884429][T12083] ? __pfx_vfs_write+0x10/0x10 [ 721.884475][T12083] ? __fget_files+0x2a/0x420 [ 721.884515][T12083] ksys_write+0x156/0x270 [ 721.884552][T12083] ? __pfx_ksys_write+0x10/0x10 [ 721.884599][T12083] do_syscall_64+0x14d/0xf80 [ 721.884624][T12083] ? trace_irq_disable+0x3b/0x150 [ 721.884666][T12083] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.884689][T12083] ? clear_bhb_loop+0x40/0x90 [ 721.884718][T12083] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 721.884741][T12083] RIP: 0033:0x7f08af2bc819 [ 721.884763][T12083] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 721.884791][T12083] RSP: 002b:00007f08ad516028 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 721.884817][T12083] RAX: ffffffffffffffda RBX: 00007f08af535fa0 RCX: 00007f08af2bc819 [ 721.884833][T12083] RDX: 0000000000000048 RSI: 00002000000003c0 RDI: 0000000000000003 [ 721.884848][T12083] RBP: 00007f08ad516090 R08: 0000000000000000 R09: 0000000000000000 [ 721.884862][T12083] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 721.884876][T12083] R13: 00007f08af536038 R14: 00007f08af535fa0 R15: 00007ffd8e8378e8 [ 721.884921][T12083] [ 722.060921][T12087] netlink: 40 bytes leftover after parsing attributes in process `syz.4.1878'. [ 722.320210][T12091] FAULT_INJECTION: forcing a failure. [ 722.320210][T12091] name failslab, interval 1, probability 0, space 0, times 0 [ 722.320250][T12091] CPU: 0 UID: 0 PID: 12091 Comm: syz.3.1879 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 722.320282][T12091] Tainted: [L]=SOFTLOCKUP [ 722.320291][T12091] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 722.320305][T12091] Call Trace: [ 722.320313][T12091] [ 722.320323][T12091] dump_stack_lvl+0xe8/0x150 [ 722.320362][T12091] should_fail_ex+0x46b/0x600 [ 722.320408][T12091] should_failslab+0xa8/0x100 [ 722.320434][T12091] __kmalloc_noprof+0xdf/0x7b0 [ 722.320455][T12091] ? tomoyo_encode+0x28b/0x550 [ 722.320488][T12091] tomoyo_encode+0x28b/0x550 [ 722.320523][T12091] tomoyo_realpath_from_path+0x58d/0x5d0 [ 722.320564][T12091] ? tomoyo_path_number_perm+0x219/0x630 [ 722.320589][T12091] tomoyo_path_number_perm+0x246/0x630 [ 722.320615][T12091] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 722.320640][T12091] ? __lock_acquire+0x6b5/0x2cf0 [ 722.320699][T12091] ? __fget_files+0x2a/0x420 [ 722.320731][T12091] ? __fget_files+0x2a/0x420 [ 722.320758][T12091] ? __fget_files+0x3a6/0x420 [ 722.320783][T12091] ? __fget_files+0x2a/0x420 [ 722.320816][T12091] security_file_ioctl+0xc3/0x2a0 [ 722.320841][T12091] __se_sys_ioctl+0x47/0x170 [ 722.320869][T12091] do_syscall_64+0x14d/0xf80 [ 722.320894][T12091] ? trace_irq_disable+0x3b/0x150 [ 722.320921][T12091] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 722.320944][T12091] ? clear_bhb_loop+0x40/0x90 [ 722.320974][T12091] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 722.320996][T12091] RIP: 0033:0x7fbf15e6c819 [ 722.321018][T12091] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 722.321037][T12091] RSP: 002b:00007fbf140be028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 722.321061][T12091] RAX: ffffffffffffffda RBX: 00007fbf160e5fa0 RCX: 00007fbf15e6c819 [ 722.321078][T12091] RDX: 0000200000000480 RSI: 00000000c0045516 RDI: 0000000000000003 [ 722.321094][T12091] RBP: 00007fbf140be090 R08: 0000000000000000 R09: 0000000000000000 [ 722.321107][T12091] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 722.321121][T12091] R13: 00007fbf160e6038 R14: 00007fbf160e5fa0 R15: 00007fff41d8f918 [ 722.321155][T12091] [ 722.321178][T12091] ERROR: Out of memory at tomoyo_realpath_from_path. [ 722.677260][ T9] usb 3-1: new high-speed USB device number 74 using dummy_hcd [ 723.607062][T12103] netlink: 4 bytes leftover after parsing attributes in process `syz.0.1883'. [ 726.180095][ T5947] usb 5-1: new high-speed USB device number 77 using dummy_hcd [ 726.387136][ T9] usb 3-1: device not accepting address 74, error -71 [ 726.634722][ T37] audit: type=1326 audit(1775888706.615:244): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12106 comm="syz.4.1888" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ed10fc819 code=0x0 [ 727.477808][T12116] netlink: 40 bytes leftover after parsing attributes in process `syz.1.1892'. [ 728.891761][T12145] netlink: 36 bytes leftover after parsing attributes in process `syz.4.1899'. [ 728.967021][ T5802] usb 3-1: new high-speed USB device number 76 using dummy_hcd [ 729.120884][ T5802] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 729.120922][ T5802] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 729.153286][ T5802] usb 3-1: config 0 descriptor?? [ 729.169449][ T5802] cp210x 3-1:0.0: cp210x converter detected [ 729.197009][ T5952] usb 5-1: new high-speed USB device number 78 using dummy_hcd [ 729.357252][ T5947] usb 4-1: new high-speed USB device number 83 using dummy_hcd [ 729.509799][ T5947] usb 4-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 729.509830][ T5947] usb 4-1: config 0 has 0 interfaces, different from the descriptor's value: 1 [ 729.509871][ T5947] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 729.509898][ T5947] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 729.701452][ T5947] usb 4-1: config 0 descriptor?? [ 730.066977][ T5952] usb 5-1: Using ep0 maxpacket: 32 [ 730.072439][ T5952] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 730.072463][ T5952] usb 5-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 730.103571][ T5952] usb 5-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 730.103656][ T5952] usb 5-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 730.103678][ T5952] usb 5-1: Product: syz [ 730.103692][ T5952] usb 5-1: Manufacturer: syz [ 730.201705][ T5952] hub 5-1:4.0: USB hub found [ 730.238710][ T5802] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 730.238734][ T5802] cp210x 3-1:0.0: querying part number failed [ 730.355553][T12155] binder: 12126:12155 ioctl c0306201 200000000480 returned -14 [ 730.403453][ T5802] usb 3-1: cp210x converter now attached to ttyUSB0 [ 730.438366][ T5802] usb 3-1: USB disconnect, device number 76 [ 730.508418][ T5802] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 730.515147][ T5802] cp210x 3-1:0.0: device disconnected [ 730.620125][ T5952] hub 5-1:4.0: config failed, can't read hub descriptor (err -22) [ 730.670624][ T5952] usb 5-1: USB disconnect, device number 78 [ 731.060963][ T37] audit: type=1326 audit(1775888711.045:245): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12163 comm="syz.2.1904" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f08af2bc819 code=0x0 [ 731.147066][ T5947] usb 1-1: new full-speed USB device number 70 using dummy_hcd [ 731.299812][ T5947] usb 1-1: not running at top speed; connect to a high speed hub [ 731.302972][ T5947] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 731.302991][ T5947] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 731.303004][ T5947] usb 1-1: Product: А [ 731.303013][ T5947] usb 1-1: Manufacturer: ဌ [ 731.303022][ T5947] usb 1-1: SerialNumber: ᐍ [ 731.509531][ T5802] usb 4-1: USB disconnect, device number 83 [ 731.537839][T12170] netlink: 64 bytes leftover after parsing attributes in process `syz.1.1907'. [ 731.583054][ T5947] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 731.583534][ T5947] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 731.724851][ T5947] usb 1-1: USB disconnect, device number 70 [ 732.269713][ T6039] udevd[6039]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 732.347025][T11694] usb 2-1: new high-speed USB device number 77 using dummy_hcd [ 732.499539][T11694] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 732.499577][T11694] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 732.506758][T11694] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 732.507389][T11694] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 732.507413][T11694] usb 2-1: Manufacturer: syz [ 732.516371][T11694] usb 2-1: config 0 descriptor?? [ 732.737035][ T5802] usb 3-1: new high-speed USB device number 77 using dummy_hcd [ 732.744911][T12175] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 732.749527][T12175] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 732.757878][T12175] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1909'. [ 732.889822][ T5802] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 732.889859][ T5802] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 732.928675][ T5802] usb 3-1: config 0 descriptor?? [ 732.933641][ T5802] cp210x 3-1:0.0: cp210x converter detected [ 733.366579][ T5802] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 733.366603][ T5802] cp210x 3-1:0.0: querying part number failed [ 733.392404][ T5802] usb 3-1: cp210x converter now attached to ttyUSB0 [ 733.396395][ T5802] usb 3-1: USB disconnect, device number 77 [ 733.417670][ T5802] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 733.418514][ T5802] cp210x 3-1:0.0: device disconnected [ 733.469097][T12203] netlink: 'syz.0.1918': attribute type 1 has an invalid length. [ 733.469132][T12203] netlink: 24 bytes leftover after parsing attributes in process `syz.0.1918'. [ 734.001224][ T5947] hid_parser_main: 45 callbacks suppressed [ 734.001253][ T5947] hid-generic 0000:0000:0000.003B: unknown main item tag 0x0 [ 734.242781][T11694] usbhid 2-1:0.0: can't add hid device: -71 [ 734.242916][T11694] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 734.276932][T11694] usb 2-1: USB disconnect, device number 77 [ 734.338424][ T5947] hid-generic 0000:0000:0000.003B: hidraw0: HID v0.00 Device [syz1] on syz0 [ 735.867260][ T9] usb 4-1: new high-speed USB device number 84 using dummy_hcd [ 736.004858][T12221] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1925'. [ 736.049843][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 736.049881][ T9] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 736.059513][ T9] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 736.059542][ T9] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 736.059562][ T9] usb 4-1: Manufacturer: syz [ 736.075431][ T9] usb 4-1: config 0 descriptor?? [ 736.257017][ T5953] usb 2-1: new high-speed USB device number 78 using dummy_hcd [ 736.319406][T12218] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 736.324267][T12218] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 736.347822][T12218] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1921'. [ 736.416911][ T5953] usb 2-1: Using ep0 maxpacket: 32 [ 736.419901][ T5953] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 736.419937][ T5953] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 736.423758][ T5953] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 736.423790][ T5953] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 736.423814][ T5953] usb 2-1: Product: syz [ 736.423830][ T5953] usb 2-1: Manufacturer: syz [ 736.509795][ T5953] hub 2-1:4.0: USB hub found [ 736.979586][ T5953] hub 2-1:4.0: config failed, can't read hub descriptor (err -22) [ 737.038029][ T5953] usb 2-1: USB disconnect, device number 78 [ 737.371114][ T9] usbhid 4-1:0.0: can't add hid device: -71 [ 737.371253][ T9] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 737.397192][ T9] usb 4-1: USB disconnect, device number 84 [ 737.637078][ T5953] usb 1-1: new full-speed USB device number 71 using dummy_hcd [ 737.791913][ T5953] usb 1-1: not running at top speed; connect to a high speed hub [ 737.795666][ T5953] usb 1-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 737.795686][ T5953] usb 1-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 737.795699][ T5953] usb 1-1: Product: А [ 737.795707][ T5953] usb 1-1: Manufacturer: ဌ [ 737.795716][ T5953] usb 1-1: SerialNumber: ᐍ [ 738.103032][ T5953] usb 1-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 738.104551][ T5953] usb 1-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 738.106373][T12239] netlink: 116 bytes leftover after parsing attributes in process `syz.3.1931'. [ 738.247036][T11694] usb 2-1: new full-speed USB device number 79 using dummy_hcd [ 738.557127][T12246] syz2: rxe_newlink: already configured on lo [ 739.435670][ T5953] usb 1-1: USB disconnect, device number 71 [ 739.531695][T11694] usb 2-1: not running at top speed; connect to a high speed hub [ 739.536355][T11694] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 739.536391][T11694] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 739.536414][T11694] usb 2-1: Product: А [ 739.536430][T11694] usb 2-1: Manufacturer: ဌ [ 739.536445][T11694] usb 2-1: SerialNumber: ᐍ [ 739.667149][ T9] usb 5-1: new high-speed USB device number 79 using dummy_hcd [ 739.695341][ T6039] udevd[6039]: error opening ATTR{/sys/devices/platform/dummy_hcd.0/usb1/1-1/1-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 739.837568][T11694] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 739.841294][T11694] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 741.346158][T11694] usb 2-1: USB disconnect, device number 79 [ 741.408675][T12258] fuse: Bad value for 'fd' [ 742.281830][ T9] usb 5-1: unable to read config index 0 descriptor/start: -71 [ 742.281878][ T9] usb 5-1: can't read configurations, error -71 [ 742.379303][ T5953] hid-generic 0000:0000:0000.003C: unknown main item tag 0x0 [ 742.455890][ T5953] hid-generic 0000:0000:0000.003C: hidraw0: HID v0.00 Device [syz1] on syz0 [ 742.786579][ T6039] udevd[6039]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 742.814803][T12273] netlink: 36 bytes leftover after parsing attributes in process `syz.1.1939'. [ 744.367315][T11694] usb 2-1: new high-speed USB device number 80 using dummy_hcd [ 744.649323][T12275] fido_id[12275]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 744.768180][T11694] usb 2-1: Using ep0 maxpacket: 32 [ 744.770969][T11694] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 744.771001][T11694] usb 2-1: config 4 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 744.773005][T11694] usb 2-1: New USB device found, idVendor=046d, idProduct=c314, bcdDevice= 0.40 [ 744.773026][T11694] usb 2-1: New USB device strings: Mfr=255, Product=255, SerialNumber=0 [ 744.773039][T11694] usb 2-1: Product: syz [ 744.773048][T11694] usb 2-1: Manufacturer: syz [ 744.780263][T11694] hub 2-1:4.0: USB hub found [ 744.938098][ T9] usb 5-1: new high-speed USB device number 81 using dummy_hcd [ 745.092161][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 745.092199][ T9] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 745.096632][ T9] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 745.096652][ T9] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 745.096702][ T9] usb 5-1: Manufacturer: syz [ 745.151422][ T9] usb 5-1: config 0 descriptor?? [ 745.328231][T11694] hub 2-1:4.0: config failed, can't read hub descriptor (err -22) [ 745.396378][T12283] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 745.409270][T11694] usb 2-1: USB disconnect, device number 80 [ 745.428575][T12283] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 745.429474][T12283] netlink: 68 bytes leftover after parsing attributes in process `syz.4.1941'. [ 746.530813][T12291] FAULT_INJECTION: forcing a failure. [ 746.530813][T12291] name failslab, interval 1, probability 0, space 0, times 0 [ 746.530841][T12291] CPU: 1 UID: 0 PID: 12291 Comm: syz.1.1943 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 746.530859][T12291] Tainted: [L]=SOFTLOCKUP [ 746.530864][T12291] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 746.530871][T12291] Call Trace: [ 746.530876][T12291] [ 746.530882][T12291] dump_stack_lvl+0xe8/0x150 [ 746.530906][T12291] should_fail_ex+0x46b/0x600 [ 746.530927][T12291] should_failslab+0xa8/0x100 [ 746.530942][T12291] __kvmalloc_node_noprof+0x170/0x8e0 [ 746.530957][T12291] ? traverse+0xde/0x580 [ 746.530974][T12291] traverse+0xde/0x580 [ 746.530985][T12291] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 746.531002][T12291] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 746.531017][T12291] ? seq_read_iter+0xb8/0xe20 [ 746.531032][T12291] seq_read_iter+0xd09/0xe20 [ 746.531044][T12291] ? arch_stack_walk+0xfb/0x150 [ 746.531062][T12291] ? __asan_memset+0x22/0x50 [ 746.531081][T12291] seq_read+0x36a/0x490 [ 746.531101][T12291] ? kstrtoull+0x12f/0x1d0 [ 746.531121][T12291] ? __pfx_seq_read+0x10/0x10 [ 746.531137][T12291] ? __import_iovec+0x40e/0x7e0 [ 746.531155][T12291] ? __pfx_seq_read+0x10/0x10 [ 746.531166][T12291] proc_reg_read+0x1f6/0x2f0 [ 746.531185][T12291] vfs_readv+0x597/0x850 [ 746.531202][T12291] ? __pfx_proc_reg_read+0x10/0x10 [ 746.531221][T12291] ? __pfx_vfs_readv+0x10/0x10 [ 746.531244][T12291] ? __fget_files+0x2a/0x420 [ 746.531262][T12291] ? __fget_files+0x3a6/0x420 [ 746.531277][T12291] ? __fget_files+0x2a/0x420 [ 746.531298][T12291] __x64_sys_preadv+0x1a2/0x2b0 [ 746.531313][T12291] ? __pfx___x64_sys_preadv+0x10/0x10 [ 746.531333][T12291] do_syscall_64+0x14d/0xf80 [ 746.531350][T12291] ? trace_irq_disable+0x3b/0x150 [ 746.531365][T12291] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.531378][T12291] ? clear_bhb_loop+0x40/0x90 [ 746.531393][T12291] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 746.531405][T12291] RIP: 0033:0x7f640588c819 [ 746.531418][T12291] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 746.531429][T12291] RSP: 002b:00007f6403ae6028 EFLAGS: 00000246 ORIG_RAX: 0000000000000127 [ 746.531444][T12291] RAX: ffffffffffffffda RBX: 00007f6405b05fa0 RCX: 00007f640588c819 [ 746.531453][T12291] RDX: 0000000000000002 RSI: 0000200000000580 RDI: 0000000000000009 [ 746.531462][T12291] RBP: 00007f6403ae6090 R08: 0000000000000008 R09: 0000000000000000 [ 746.531470][T12291] R10: 0000000000000003 R11: 0000000000000246 R12: 0000000000000001 [ 746.531477][T12291] R13: 00007f6405b06038 R14: 00007f6405b05fa0 R15: 00007ffd33420858 [ 746.531496][T12291] [ 746.983507][ T9] usbhid 5-1:0.0: can't add hid device: -71 [ 746.983634][ T9] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 746.986379][ T9] usb 5-1: USB disconnect, device number 81 [ 748.331672][ T37] audit: type=1326 audit(1775888728.315:246): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12297 comm="syz.3.1946" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x0 [ 748.687355][T11694] usb 5-1: new high-speed USB device number 82 using dummy_hcd [ 748.830862][T12303] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1949'. [ 748.853864][T11694] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 748.853885][T11694] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 748.878075][T11694] usb 5-1: config 0 descriptor?? [ 748.883726][T11694] cp210x 5-1:0.0: cp210x converter detected [ 749.160273][T11694] cp210x 5-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 749.160308][T11694] cp210x 5-1:0.0: querying part number failed [ 749.208890][T11694] usb 5-1: cp210x converter now attached to ttyUSB0 [ 749.224178][T11694] usb 5-1: USB disconnect, device number 82 [ 749.258601][T11694] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 749.259457][T11694] cp210x 5-1:0.0: device disconnected [ 750.292465][T12317] FAULT_INJECTION: forcing a failure. [ 750.292465][T12317] name failslab, interval 1, probability 0, space 0, times 0 [ 750.292509][T12317] CPU: 1 UID: 0 PID: 12317 Comm: syz.2.1954 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 750.292541][T12317] Tainted: [L]=SOFTLOCKUP [ 750.292550][T12317] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 750.292563][T12317] Call Trace: [ 750.292573][T12317] [ 750.292583][T12317] dump_stack_lvl+0xe8/0x150 [ 750.292622][T12317] should_fail_ex+0x46b/0x600 [ 750.292661][T12317] should_failslab+0xa8/0x100 [ 750.292688][T12317] __kmalloc_noprof+0xdf/0x7b0 [ 750.292710][T12317] ? tomoyo_encode+0x28b/0x550 [ 750.292746][T12317] tomoyo_encode+0x28b/0x550 [ 750.292781][T12317] tomoyo_realpath_from_path+0x58d/0x5d0 [ 750.292823][T12317] ? tomoyo_path_number_perm+0x219/0x630 [ 750.292849][T12317] tomoyo_path_number_perm+0x246/0x630 [ 750.292876][T12317] ? __pfx_tomoyo_path_number_perm+0x10/0x10 [ 750.292904][T12317] ? __lock_acquire+0x6b5/0x2cf0 [ 750.292966][T12317] ? __fget_files+0x2a/0x420 [ 750.293000][T12317] ? __fget_files+0x2a/0x420 [ 750.293025][T12317] ? __fget_files+0x3a6/0x420 [ 750.293046][T12317] ? __fget_files+0x2a/0x420 [ 750.293077][T12317] security_file_ioctl+0xc3/0x2a0 [ 750.293106][T12317] __se_sys_ioctl+0x47/0x170 [ 750.293132][T12317] do_syscall_64+0x14d/0xf80 [ 750.293158][T12317] ? trace_irq_disable+0x3b/0x150 [ 750.293186][T12317] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.293210][T12317] ? clear_bhb_loop+0x40/0x90 [ 750.293238][T12317] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 750.293261][T12317] RIP: 0033:0x7f08af2bc819 [ 750.293300][T12317] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 750.293320][T12317] RSP: 002b:00007f08ad516028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 750.293345][T12317] RAX: ffffffffffffffda RBX: 00007f08af535fa0 RCX: 00007f08af2bc819 [ 750.293362][T12317] RDX: 00002000000006c0 RSI: 00000000c0185500 RDI: 0000000000000003 [ 750.293378][T12317] RBP: 00007f08ad516090 R08: 0000000000000000 R09: 0000000000000000 [ 750.293393][T12317] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 750.293407][T12317] R13: 00007f08af536038 R14: 00007f08af535fa0 R15: 00007ffd8e8378e8 [ 750.293444][T12317] [ 750.293466][T12317] ERROR: Out of memory at tomoyo_realpath_from_path. [ 750.293492][T12317] usb usb1: usbfs: process 12317 (syz.2.1954) did not claim interface 0 before use [ 751.818031][ T5953] usb 2-1: new high-speed USB device number 81 using dummy_hcd [ 752.273042][ T5953] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 752.273083][ T5953] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 752.274613][ T5953] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 752.274644][ T5953] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 752.274666][ T5953] usb 2-1: Manufacturer: syz [ 753.240944][ T5953] usb 2-1: config 0 descriptor?? [ 754.062336][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 754.062420][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 754.146879][T12331] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 754.151412][T12331] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 754.154996][T12331] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1958'. [ 754.779749][ T37] audit: type=1326 audit(1775888734.765:247): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12348 comm="syz.3.1961" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x0 [ 755.012913][T12352] netlink: 28 bytes leftover after parsing attributes in process `syz.2.1962'. [ 755.531463][ T5953] usbhid 2-1:0.0: can't add hid device: -71 [ 755.531601][ T5953] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 755.565246][ T5953] usb 2-1: USB disconnect, device number 81 [ 755.856981][ T9] usb 3-1: new high-speed USB device number 78 using dummy_hcd [ 756.007235][ T9] usb 3-1: Using ep0 maxpacket: 32 [ 756.008937][ T9] usb 3-1: config 0 has no interfaces? [ 756.011488][ T9] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 756.011506][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 756.011519][ T9] usb 3-1: Product: syz [ 756.011528][ T9] usb 3-1: Manufacturer: syz [ 756.011537][ T9] usb 3-1: SerialNumber: syz [ 756.072010][ T9] usb 3-1: config 0 descriptor?? [ 756.424067][T12362] lo speed is unknown, defaulting to 1000 [ 756.437046][ T5953] usb 2-1: new high-speed USB device number 82 using dummy_hcd [ 756.475763][T12364] input: syz0 as /devices/virtual/input/input11 [ 756.609718][ T5953] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 756.609755][ T5953] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 756.634275][ T5953] usb 2-1: config 0 descriptor?? [ 756.662795][T12366] netlink: 68 bytes leftover after parsing attributes in process `syz.2.1963'. [ 756.713290][ T5953] cp210x 2-1:0.0: cp210x converter detected [ 758.061027][ T5953] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 758.061060][ T5953] cp210x 2-1:0.0: querying part number failed [ 758.125541][ T5953] usb 2-1: cp210x converter now attached to ttyUSB0 [ 758.211332][ T5953] usb 2-1: USB disconnect, device number 82 [ 758.263623][ T37] audit: type=1326 audit(1775888738.245:248): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12376 comm="syz.3.1967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 758.319324][T12377] netlink: 52 bytes leftover after parsing attributes in process `syz.3.1967'. [ 758.323382][ T37] audit: type=1326 audit(1775888738.305:249): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12376 comm="syz.3.1967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 758.323423][ T37] audit: type=1326 audit(1775888738.305:250): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12376 comm="syz.3.1967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=201 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 758.323449][ T37] audit: type=1326 audit(1775888738.305:251): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12376 comm="syz.3.1967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 758.323475][ T37] audit: type=1326 audit(1775888738.305:252): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12376 comm="syz.3.1967" exe="/root/syz-executor" sig=0 arch=c000003e syscall=307 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 758.863831][T12379] netlink: 20 bytes leftover after parsing attributes in process `syz.4.1968'. [ 759.021818][ T5953] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 759.022723][ T5953] cp210x 2-1:0.0: device disconnected [ 761.422253][ T5809] Bluetooth: hci1: command 0x0406 tx timeout [ 762.116322][ T5952] Bluetooth: hci1: Opcode 0x0c1a failed: -110 [ 762.116353][ T5952] Bluetooth: hci1: Error when powering off device on rfkill (-110) [ 762.170083][T10678] usb 3-1: USB disconnect, device number 78 [ 762.345970][T12402] netlink: 12 bytes leftover after parsing attributes in process `syz.3.1972'. [ 762.594199][T12408] netlink: 28 bytes leftover after parsing attributes in process `syz.4.1973'. [ 762.640297][ T37] audit: type=1326 audit(1775888742.625:253): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12410 comm="syz.1.1974" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f640588c819 code=0x0 [ 762.959544][T12424] netlink: 8 bytes leftover after parsing attributes in process `syz.4.1977'. [ 762.967272][T11694] usb 4-1: new high-speed USB device number 85 using dummy_hcd [ 763.017011][ T9] usb 3-1: new high-speed USB device number 79 using dummy_hcd [ 763.118799][T11694] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 763.118823][T11694] usb 4-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 763.119769][T11694] usb 4-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 763.119787][T11694] usb 4-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 763.119799][T11694] usb 4-1: Manufacturer: syz [ 763.136262][T11694] usb 4-1: config 0 descriptor?? [ 763.170140][ T9] usb 3-1: config 0 has an invalid interface number: 235 but max is 0 [ 763.170171][ T9] usb 3-1: config 0 has an invalid descriptor of length 0, skipping remainder of the config [ 763.170190][ T9] usb 3-1: config 0 has no interface number 0 [ 763.170294][ T9] usb 3-1: config 0 interface 235 altsetting 16 bulk endpoint 0x2 has invalid maxpacket 64 [ 763.170327][ T9] usb 3-1: config 0 interface 235 altsetting 16 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 763.170353][ T9] usb 3-1: config 0 interface 235 has no altsetting 0 [ 763.176303][ T9] usb 3-1: New USB device found, idVendor=06cd, idProduct=0112, bcdDevice=3e.18 [ 763.176403][ T9] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 763.176427][ T9] usb 3-1: Product: syz [ 763.176442][ T9] usb 3-1: Manufacturer: syz [ 763.176458][ T9] usb 3-1: SerialNumber: syz [ 763.365766][T12417] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 763.373836][T12417] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 763.375255][T12417] netlink: 68 bytes leftover after parsing attributes in process `syz.3.1975'. [ 763.526685][ T9] usb 3-1: config 0 descriptor?? [ 763.538950][T12419] raw-gadget.1 gadget.2: fail, usb_ep_enable returned -22 [ 763.712363][ T9] keyspan 3-1:0.235: Keyspan 1 port adapter converter detected [ 763.713098][ T9] keyspan 3-1:0.235: found no endpoint descriptor for endpoint 87 [ 763.713187][ T9] keyspan 3-1:0.235: found no endpoint descriptor for endpoint 7 [ 763.791098][ T9] keyspan 3-1:0.235: found no endpoint descriptor for endpoint 81 [ 763.791202][ T9] keyspan 3-1:0.235: found no endpoint descriptor for endpoint 1 [ 763.792303][ T9] keyspan 3-1:0.235: found no endpoint descriptor for endpoint 85 [ 763.792369][ T9] keyspan 3-1:0.235: found no endpoint descriptor for endpoint 5 [ 763.854829][ T9] usb 3-1: Keyspan 1 port adapter converter now attached to ttyUSB0 [ 764.127113][ T5809] Bluetooth: hci2: command 0x0406 tx timeout [ 764.149462][ T5952] Bluetooth: hci2: Opcode 0x0c1a failed: -110 [ 764.149494][ T5952] Bluetooth: hci2: Error when powering off device on rfkill (-110) [ 764.209183][ T9] usb 2-1: new high-speed USB device number 83 using dummy_hcd [ 764.360427][ T9] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 764.360449][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 764.379945][ T9] usb 2-1: config 0 descriptor?? [ 764.456533][ T9] cp210x 2-1:0.0: cp210x converter detected [ 764.537984][T12362] lo speed is unknown, defaulting to 1000 [ 764.651306][T11694] usbhid 4-1:0.0: can't add hid device: -71 [ 764.651503][T11694] usbhid 4-1:0.0: probe with driver usbhid failed with error -71 [ 764.719782][T11694] usb 4-1: USB disconnect, device number 85 [ 764.763454][ T9] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 764.763487][ T9] cp210x 2-1:0.0: querying part number failed [ 764.869160][ T9] usb 2-1: cp210x converter now attached to ttyUSB1 [ 764.906584][ T9] usb 2-1: USB disconnect, device number 83 [ 764.947162][ T9] cp210x ttyUSB1: cp210x converter now disconnected from ttyUSB1 [ 764.959306][ T9] cp210x 2-1:0.0: device disconnected [ 766.206941][ T5809] Bluetooth: hci3: command 0x0406 tx timeout [ 766.207120][ T5952] Bluetooth: hci3: Opcode 0x0c1a failed: -110 [ 766.207140][ T5952] Bluetooth: hci3: Error when powering off device on rfkill (-110) [ 766.654433][ T5802] usb 3-1: USB disconnect, device number 79 [ 766.709110][ T5802] keyspan_1 ttyUSB0: Keyspan 1 port adapter converter now disconnected from ttyUSB0 [ 766.710143][ T5802] keyspan 3-1:0.235: device disconnected [ 767.767632][ T5802] usb 3-1: new high-speed USB device number 80 using dummy_hcd [ 768.296977][ T5809] Bluetooth: hci4: command 0x0406 tx timeout [ 768.317069][ T5952] Bluetooth: hci4: Opcode 0x0c1a failed: -110 [ 768.317095][ T5952] Bluetooth: hci4: Error when powering off device on rfkill (-110) [ 768.519644][ T5802] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 768.519686][ T5802] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 768.522019][T12461] program syz.3.1984 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 768.599872][ T5802] usb 3-1: config 0 descriptor?? [ 768.602499][ T5802] cp210x 3-1:0.0: cp210x converter detected [ 768.803810][ T5802] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -32 [ 768.803832][ T5802] cp210x 3-1:0.0: querying part number failed [ 768.858439][T12469] binder: 12453:12469 ioctl c0306201 200000000480 returned -14 [ 768.887443][ T5802] usb 3-1: cp210x converter now attached to ttyUSB0 [ 768.890923][T12468] FAULT_INJECTION: forcing a failure. [ 768.890923][T12468] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 768.890964][T12468] CPU: 0 UID: 0 PID: 12468 Comm: syz.1.1985 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 768.890995][T12468] Tainted: [L]=SOFTLOCKUP [ 768.891003][T12468] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 768.891016][T12468] Call Trace: [ 768.891026][T12468] [ 768.891035][T12468] dump_stack_lvl+0xe8/0x150 [ 768.891092][T12468] should_fail_ex+0x46b/0x600 [ 768.891129][T12468] _copy_from_user+0x2d/0xb0 [ 768.891154][T12468] kstrtouint_from_user+0xd6/0x180 [ 768.891189][T12468] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 768.891227][T12468] ? __lock_acquire+0x6b5/0x2cf0 [ 768.891262][T12468] proc_fail_nth_write+0x8e/0x210 [ 768.891290][T12468] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 768.891325][T12468] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 768.891355][T12468] vfs_write+0x2a3/0xba0 [ 768.891400][T12468] ? __pfx_vfs_write+0x10/0x10 [ 768.891437][T12468] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 768.891465][T12468] ? lockdep_hardirqs_on+0x7a/0x110 [ 768.891492][T12468] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 768.891518][T12468] ? mutex_lock_nested+0x152/0x1d0 [ 768.891549][T12468] ? fdget_pos+0x252/0x320 [ 768.891590][T12468] ksys_write+0x156/0x270 [ 768.891628][T12468] ? __pfx_ksys_write+0x10/0x10 [ 768.891677][T12468] do_syscall_64+0x14d/0xf80 [ 768.891701][T12468] ? trace_irq_disable+0x3b/0x150 [ 768.891728][T12468] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 768.891749][T12468] ? clear_bhb_loop+0x40/0x90 [ 768.891778][T12468] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 768.891800][T12468] RIP: 0033:0x7f640584d04e [ 768.891822][T12468] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 768.891841][T12468] RSP: 002b:00007f6403aa3fe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 768.891865][T12468] RAX: ffffffffffffffda RBX: 00007f6403aa46c0 RCX: 00007f640584d04e [ 768.891881][T12468] RDX: 0000000000000001 RSI: 00007f6403aa40a0 RDI: 0000000000000006 [ 768.891895][T12468] RBP: 00007f6403aa4090 R08: 0000000000000000 R09: 0000000000000000 [ 768.891908][T12468] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 768.891922][T12468] R13: 00007f6405b06218 R14: 00007f6405b06180 R15: 00007ffd33420858 [ 768.891958][T12468] [ 768.893235][ T5802] usb 3-1: USB disconnect, device number 80 [ 769.326345][ T5802] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 769.335387][ T5802] cp210x 3-1:0.0: device disconnected [ 769.586995][ T9] usb 5-1: new high-speed USB device number 83 using dummy_hcd [ 769.633879][T12483] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1988'. [ 769.737032][ T9] usb 5-1: Using ep0 maxpacket: 32 [ 769.742323][ T9] usb 5-1: config 0 has an invalid interface number: 67 but max is 0 [ 769.742355][ T9] usb 5-1: config 0 has no interface number 0 [ 769.745861][ T9] usb 5-1: New USB device found, idVendor=0424, idProduct=9901, bcdDevice=c2.57 [ 769.745890][ T9] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 769.745902][ T9] usb 5-1: Product: syz [ 769.745911][ T9] usb 5-1: Manufacturer: syz [ 769.745920][ T9] usb 5-1: SerialNumber: syz [ 769.773213][ T9] usb 5-1: config 0 descriptor?? [ 769.797122][ T6152] usb 4-1: new full-speed USB device number 86 using dummy_hcd [ 769.822109][ T37] audit: type=1326 audit(1775888749.805:254): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12485 comm="syz.2.1989" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f08af2bc819 code=0x0 [ 769.950726][ T6152] usb 4-1: not running at top speed; connect to a high speed hub [ 769.972120][ T6152] usb 4-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 769.972214][ T6152] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 769.972236][ T6152] usb 4-1: Product: А [ 769.972251][ T6152] usb 4-1: Manufacturer: ဌ [ 769.972267][ T6152] usb 4-1: SerialNumber: ᐍ [ 770.238766][ T9] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000030: -32 [ 770.238797][ T9] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Error reading E2P_CMD [ 770.257607][ T6152] usb 4-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 770.258111][ T6152] usb 4-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 770.470049][ T6152] usb 4-1: USB disconnect, device number 86 [ 770.599044][ T9] smsc95xx 5-1:0.67 (unnamed net_device) (uninitialized): Failed to read reg index 0x00000014: -71 [ 770.599389][ T9] smsc95xx 5-1:0.67: probe with driver smsc95xx failed with error -71 [ 770.615892][ T9] usb 5-1: USB disconnect, device number 83 [ 770.686992][ T5802] usb 2-1: new high-speed USB device number 84 using dummy_hcd [ 770.751635][ T6039] udevd[6039]: error opening ATTR{/sys/devices/platform/dummy_hcd.3/usb4/4-1/4-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 770.910047][ T5802] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 770.910086][ T5802] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 770.911971][ T5802] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 770.911999][ T5802] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 770.912020][ T5802] usb 2-1: Manufacturer: syz [ 770.962053][ T5802] usb 2-1: config 0 descriptor?? [ 771.213108][T12496] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 771.226430][T12496] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 771.246516][T12496] netlink: 68 bytes leftover after parsing attributes in process `syz.1.1990'. [ 772.930501][ T5802] usbhid 2-1:0.0: can't add hid device: -71 [ 772.930632][ T5802] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 772.941310][ T5802] usb 2-1: USB disconnect, device number 84 [ 773.540314][T12523] netlink: 104 bytes leftover after parsing attributes in process `syz.4.1994'. [ 775.450970][T12532] netlink: 8 bytes leftover after parsing attributes in process `syz.2.1999'. [ 775.558180][T12535] openvswitch: netlink: Tunnel attr 9 has unexpected len 8 expected 2 [ 775.583799][ T37] audit: type=1326 audit(1775888755.555:255): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12534 comm="syz.2.2001" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f08af2bc819 code=0x0 [ 775.677666][ T9] usb 4-1: new high-speed USB device number 87 using dummy_hcd [ 775.839921][ T9] usb 4-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 775.839956][ T9] usb 4-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 775.861578][ T9] usb 4-1: config 0 descriptor?? [ 775.875464][ T9] cp210x 4-1:0.0: cp210x converter detected [ 775.957058][ T5802] usb 2-1: new full-speed USB device number 85 using dummy_hcd [ 776.069193][ T9] cp210x 4-1:0.0: failed to get vendor val 0x370b size 1: -32 [ 776.069378][ T9] cp210x 4-1:0.0: querying part number failed [ 776.088690][ T9] usb 4-1: cp210x converter now attached to ttyUSB0 [ 776.120226][T12530] binder: 12526:12530 ioctl c0306201 200000000480 returned -14 [ 776.121921][ T5802] usb 2-1: not running at top speed; connect to a high speed hub [ 776.125776][ T5802] usb 2-1: New USB device found, idVendor=1d6b, idProduct=0101, bcdDevice= 0.40 [ 776.125811][ T5802] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 776.125827][ T5802] usb 2-1: Product: А [ 776.125836][ T5802] usb 2-1: Manufacturer: ဌ [ 776.125845][ T5802] usb 2-1: SerialNumber: ᐍ [ 776.218718][ T9] usb 4-1: USB disconnect, device number 87 [ 776.378579][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 776.379546][ T9] cp210x 4-1:0.0: device disconnected [ 776.471033][ T5803] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 776.494779][ T5803] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 776.496358][ T5803] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 776.524742][ T5803] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 776.531488][ T5803] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 776.710853][ T5880] hid-generic 0000:0000:0000.003D: unknown main item tag 0x0 [ 776.750838][ T5809] Bluetooth: hci5: unexpected cc 0x0c03 length: 249 > 1 [ 776.752474][ T5809] Bluetooth: hci5: unexpected cc 0x1003 length: 249 > 9 [ 776.754547][ T5809] Bluetooth: hci5: unexpected cc 0x1001 length: 249 > 9 [ 776.819162][ T5809] Bluetooth: hci5: unexpected cc 0x0c23 length: 249 > 4 [ 776.825110][ T5809] Bluetooth: hci5: unexpected cc 0x0c38 length: 249 > 2 [ 777.237805][ T5880] hid-generic 0000:0000:0000.003D: hidraw0: HID v0.00 Device [syz1] on syz0 [ 777.312672][T12557] 9p: Bad value for 'rfdno' [ 779.063437][T12518] lo speed is unknown, defaulting to 1000 [ 779.092191][ T5803] Bluetooth: hci5: command tx timeout [ 779.393279][ T5802] usb 2-1: 1:1 : UAC_AS_GENERAL descriptor not found [ 779.393745][ T5802] usb 2-1: 2:1 : UAC_AS_GENERAL descriptor not found [ 780.822373][ T3962] Bluetooth: hci6: Frame reassembly failed (-84) [ 780.907367][ T6152] usb 5-1: new high-speed USB device number 84 using dummy_hcd [ 780.909784][ T9] usb 4-1: new low-speed USB device number 88 using dummy_hcd [ 780.973003][T12565] fido_id[12565]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 781.116191][ T6152] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 781.116215][ T6152] usb 5-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 781.120227][ T6152] usb 5-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 781.120257][ T6152] usb 5-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 781.120285][ T6152] usb 5-1: Manufacturer: syz [ 781.168795][ T5809] Bluetooth: hci5: command tx timeout [ 781.409835][ T6152] usb 5-1: config 0 descriptor?? [ 781.451948][ T5802] usb 2-1: USB disconnect, device number 85 [ 781.602284][T12585] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2010'. [ 781.720006][T12572] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 781.736588][T12572] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 781.755264][T12572] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2006'. [ 781.894143][ T5808] udevd[5808]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 782.847087][ T5809] Bluetooth: hci6: command 0x1003 tx timeout [ 782.847663][ T5803] Bluetooth: hci6: Opcode 0x1003 failed: -110 [ 783.088647][ T6152] usbhid 5-1:0.0: can't add hid device: -71 [ 783.088783][ T6152] usbhid 5-1:0.0: probe with driver usbhid failed with error -71 [ 783.209849][ T37] audit: type=1326 audit(1775888763.195:256): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12599 comm="syz.3.2014" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x0 [ 783.213736][ T6152] usb 5-1: USB disconnect, device number 84 [ 783.256924][ T5803] Bluetooth: hci5: command tx timeout [ 783.286955][ T5880] usb 3-1: new high-speed USB device number 81 using dummy_hcd [ 783.485488][ T5880] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 783.485512][ T5880] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 783.609927][ T5880] usb 3-1: config 0 descriptor?? [ 783.615660][ T5880] cp210x 3-1:0.0: cp210x converter detected [ 783.813538][ T5880] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -32 [ 783.813560][ T5880] cp210x 3-1:0.0: querying part number failed [ 783.868036][T12610] binder: 12597:12610 ioctl c0306201 200000000480 returned -14 [ 783.870927][ T37] audit: type=1326 audit(1775888763.855:257): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12608 comm="syz.4.2015" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ed10fc819 code=0x0 [ 783.914402][ T5880] usb 3-1: cp210x converter now attached to ttyUSB0 [ 783.941245][ T5880] usb 3-1: USB disconnect, device number 81 [ 783.959677][ T5880] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 783.960167][ T5880] cp210x 3-1:0.0: device disconnected [ 784.312814][T12616] FAULT_INJECTION: forcing a failure. [ 784.312814][T12616] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 784.312857][T12616] CPU: 1 UID: 0 PID: 12616 Comm: syz.3.2017 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 784.312888][T12616] Tainted: [L]=SOFTLOCKUP [ 784.312896][T12616] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 784.312910][T12616] Call Trace: [ 784.312926][T12616] [ 784.312936][T12616] dump_stack_lvl+0xe8/0x150 [ 784.312977][T12616] should_fail_ex+0x46b/0x600 [ 784.313024][T12616] _copy_from_user+0x2d/0xb0 [ 784.313049][T12616] kstrtouint_from_user+0xd6/0x180 [ 784.313084][T12616] ? __pfx_kstrtouint_from_user+0x10/0x10 [ 784.313121][T12616] ? __lock_acquire+0x6b5/0x2cf0 [ 784.313156][T12616] proc_fail_nth_write+0x8e/0x210 [ 784.313185][T12616] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 784.313221][T12616] ? __pfx_proc_fail_nth_write+0x10/0x10 [ 784.313250][T12616] vfs_write+0x2a3/0xba0 [ 784.313296][T12616] ? __pfx_vfs_write+0x10/0x10 [ 784.313333][T12616] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 784.313361][T12616] ? lockdep_hardirqs_on+0x7a/0x110 [ 784.313387][T12616] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 784.313413][T12616] ? mutex_lock_nested+0x152/0x1d0 [ 784.313443][T12616] ? fdget_pos+0x252/0x320 [ 784.313482][T12616] ksys_write+0x156/0x270 [ 784.313519][T12616] ? __pfx_ksys_write+0x10/0x10 [ 784.313567][T12616] do_syscall_64+0x14d/0xf80 [ 784.313592][T12616] ? trace_irq_disable+0x3b/0x150 [ 784.313619][T12616] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.313642][T12616] ? clear_bhb_loop+0x40/0x90 [ 784.313670][T12616] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 784.313693][T12616] RIP: 0033:0x7fbf15e2d04e [ 784.313715][T12616] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 784.313735][T12616] RSP: 002b:00007fbf140bdfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000001 [ 784.313758][T12616] RAX: ffffffffffffffda RBX: 00007fbf140be6c0 RCX: 00007fbf15e2d04e [ 784.313775][T12616] RDX: 0000000000000001 RSI: 00007fbf140be0a0 RDI: 0000000000000004 [ 784.313790][T12616] RBP: 00007fbf140be090 R08: 0000000000000000 R09: 0000000000000000 [ 784.313804][T12616] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 784.313818][T12616] R13: 00007fbf160e6038 R14: 00007fbf160e5fa0 R15: 00007fff41d8f918 [ 784.313855][T12616] [ 784.896871][T12518] lo speed is unknown, defaulting to 1000 [ 786.025760][ T5803] Bluetooth: hci5: command tx timeout [ 786.143169][T12626] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2020'. [ 786.911806][T12639] netlink: 100 bytes leftover after parsing attributes in process `syz.4.2026'. [ 787.126909][ T6152] usb 2-1: new full-speed USB device number 86 using dummy_hcd [ 787.288810][T12642] rdma_rxe: rxe_newlink: failed to add lo [ 788.330573][ T6152] usb 2-1: unable to get BOS descriptor or descriptor too short [ 788.331032][ T6152] usb 2-1: not running at top speed; connect to a high speed hub [ 788.333885][ T6152] usb 2-1: config 1 has an invalid descriptor of length 0, skipping remainder of the config [ 788.333904][ T6152] usb 2-1: config 1 has 1 interface, different from the descriptor's value: 3 [ 788.378287][ T6152] usb 2-1: New USB device found, idVendor=0763, idProduct=2030, bcdDevice= 0.40 [ 788.378310][ T6152] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.378322][ T6152] usb 2-1: Product: syz [ 788.378331][ T6152] usb 2-1: Manufacturer: syz [ 788.378340][ T6152] usb 2-1: SerialNumber: syz [ 788.678055][ T37] audit: type=1326 audit(1775888768.645:258): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12651 comm="syz.2.2030" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f08af2bc819 code=0x0 [ 788.727043][ T5952] usb 4-1: new full-speed USB device number 89 using dummy_hcd [ 788.740486][T12654] netlink: 44 bytes leftover after parsing attributes in process `syz.1.2025'. [ 788.942855][ T5952] usb 4-1: New USB device found, idVendor=0403, idProduct=bca4, bcdDevice=d7.23 [ 788.942878][ T5952] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 788.942890][ T5952] usb 4-1: Product: syz [ 788.942899][ T5952] usb 4-1: Manufacturer: syz [ 788.942908][ T5952] usb 4-1: SerialNumber: syz [ 788.990235][ T5952] usb 4-1: config 0 descriptor?? [ 789.102339][T12518] chnl_net:caif_netlink_parms(): no params data found [ 789.289531][ T9] usb 4-1: USB disconnect, device number 89 [ 789.493922][ T6152] usb 2-1: USB disconnect, device number 86 [ 789.572462][ T6039] udevd[6039]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 791.129331][T12663] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2032'. [ 794.072202][ T6152] usb 3-1: new high-speed USB device number 82 using dummy_hcd [ 794.226939][ T6152] usb 3-1: Using ep0 maxpacket: 16 [ 794.232081][ T6152] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 794.232117][ T6152] usb 3-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 10 [ 794.232159][ T6152] usb 3-1: New USB device found, idVendor=0c70, idProduct=f003, bcdDevice= 0.00 [ 794.232182][ T6152] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 794.246688][ T6152] usb 3-1: config 0 descriptor?? [ 794.710191][ T6152] aquacomputer_d5next 0003:0C70:F003.003E: unknown main item tag 0x0 [ 794.710231][ T6152] aquacomputer_d5next 0003:0C70:F003.003E: unknown main item tag 0x0 [ 794.710260][ T6152] aquacomputer_d5next 0003:0C70:F003.003E: unknown main item tag 0x0 [ 794.710289][ T6152] aquacomputer_d5next 0003:0C70:F003.003E: unknown main item tag 0x0 [ 794.710318][ T6152] aquacomputer_d5next 0003:0C70:F003.003E: unknown main item tag 0x0 [ 794.710347][ T6152] aquacomputer_d5next 0003:0C70:F003.003E: unknown main item tag 0x0 [ 794.710376][ T6152] aquacomputer_d5next 0003:0C70:F003.003E: unknown main item tag 0x0 [ 794.710405][ T6152] aquacomputer_d5next 0003:0C70:F003.003E: unknown main item tag 0x1 [ 794.710434][ T6152] aquacomputer_d5next 0003:0C70:F003.003E: unknown main item tag 0x0 [ 794.710462][ T6152] aquacomputer_d5next 0003:0C70:F003.003E: item fetching failed at offset 14/41 [ 794.711265][ T6152] aquacomputer_d5next 0003:0C70:F003.003E: probe with driver aquacomputer_d5next failed with error -22 [ 794.819577][ T4498] netdevsim netdevsim0 netdevsim3 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 794.883206][ T5952] usb 3-1: USB disconnect, device number 82 [ 794.921428][T12518] bridge0: port 1(bridge_slave_0) entered blocking state [ 794.921664][T12518] bridge0: port 1(bridge_slave_0) entered disabled state [ 794.922111][T12518] bridge_slave_0: entered allmulticast mode [ 794.951519][T12518] bridge_slave_0: entered promiscuous mode [ 794.969639][T12518] bridge0: port 2(bridge_slave_1) entered blocking state [ 794.981599][T12518] bridge0: port 2(bridge_slave_1) entered disabled state [ 794.981829][T12518] bridge_slave_1: entered allmulticast mode [ 794.984481][T12518] bridge_slave_1: entered promiscuous mode [ 795.031748][T12692] input: syz0 as /devices/virtual/input/input12 [ 795.064215][T12692] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2039'. [ 795.237339][ T6152] usb 5-1: new high-speed USB device number 85 using dummy_hcd [ 795.389637][ T6152] usb 5-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 795.389673][ T6152] usb 5-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 795.399951][ T6152] usb 5-1: config 0 descriptor?? [ 795.410373][ T6152] cp210x 5-1:0.0: cp210x converter detected [ 795.556433][T12525] hid-generic 0000:0000:0000.003F: unknown main item tag 0x0 [ 795.583826][T12525] hid-generic 0000:0000:0000.003F: hidraw0: HID v0.00 Device [syz1] on syz0 [ 795.714254][ T4498] netdevsim netdevsim0 netdevsim2 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 795.746728][ T6152] cp210x 5-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 795.749192][ T6152] cp210x 5-1:0.0: querying part number failed [ 795.786433][ T6152] usb 5-1: cp210x converter now attached to ttyUSB0 [ 795.794882][ T6152] usb 5-1: USB disconnect, device number 85 [ 795.868012][ T6152] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 795.868887][ T6152] cp210x 5-1:0.0: device disconnected [ 796.799451][T12518] bond0: (slave bond_slave_0): Enslaving as an active interface with an up link [ 797.225710][T12704] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2042'. [ 797.576520][T12706] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2043'. [ 799.319444][T12518] bond0: (slave bond_slave_1): Enslaving as an active interface with an up link [ 799.884505][ T4498] netdevsim netdevsim0 netdevsim1 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 800.001347][T12518] team0: Port device team_slave_0 added [ 800.054708][T12518] team0: Port device team_slave_1 added [ 801.586220][ T4498] netdevsim netdevsim0 netdevsim0 (unregistering): unset [1, 0] type 2 family 0 port 6081 - 0 [ 801.668300][T12518] batman_adv: batadv0: Adding interface: batadv_slave_0 [ 801.668324][T12518] batman_adv: batadv0: The MTU of interface batadv_slave_0 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 801.668351][T12518] batman_adv: batadv0: Not using interface batadv_slave_0 (retrying later): interface not active [ 801.673373][T12716] lo speed is unknown, defaulting to 1000 [ 801.842986][T12518] batman_adv: batadv0: Adding interface: batadv_slave_1 [ 801.843009][T12518] batman_adv: batadv0: The MTU of interface batadv_slave_1 is too small (1500) to handle the transport of batman-adv packets. Packets going over this interface will be fragmented on layer2 which could impact the performance. Setting the MTU to 1532 would solve the problem. [ 801.843040][T12518] batman_adv: batadv0: Not using interface batadv_slave_1 (retrying later): interface not active [ 802.076888][T12525] usb 3-1: new high-speed USB device number 83 using dummy_hcd [ 802.078393][T12518] hsr_slave_0: entered promiscuous mode [ 802.079925][T12518] hsr_slave_1: entered promiscuous mode [ 802.080993][T12518] debugfs: 'hsr0' already exists in 'hsr' [ 802.081026][T12518] Cannot create hsr debugfs directory [ 802.249205][T12525] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 802.249237][T12525] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 802.254474][T12525] usb 3-1: config 0 descriptor?? [ 802.318827][T12525] cp210x 3-1:0.0: cp210x converter detected [ 802.465446][T12525] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -121 [ 802.465480][T12525] cp210x 3-1:0.0: querying part number failed [ 802.497793][T12525] usb 3-1: cp210x converter now attached to ttyUSB0 [ 802.656987][T10678] usb 4-1: new high-speed USB device number 90 using dummy_hcd [ 802.733968][T12747] binder: 12744:12747 ioctl c0306201 200000000480 returned -14 [ 802.806881][T10678] usb 4-1: Using ep0 maxpacket: 32 [ 802.809503][T10678] usb 4-1: config 0 has no interfaces? [ 802.812603][T10678] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 802.812636][T10678] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 802.812658][T10678] usb 4-1: Product: syz [ 802.812675][T10678] usb 4-1: Manufacturer: syz [ 802.812690][T10678] usb 4-1: SerialNumber: syz [ 802.825100][T12716] lo speed is unknown, defaulting to 1000 [ 802.903114][T10678] usb 4-1: config 0 descriptor?? [ 803.039622][ T4498] bridge_slave_1: left allmulticast mode [ 803.039725][ T4498] bridge_slave_1: left promiscuous mode [ 803.062754][ T4498] bridge0: port 2(bridge_slave_1) entered disabled state [ 803.111313][T12751] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2053'. [ 803.158966][ T4498] bridge_slave_0: left allmulticast mode [ 803.159010][ T4498] bridge_slave_0: left promiscuous mode [ 803.159436][ T4498] bridge0: port 1(bridge_slave_0) entered disabled state [ 803.387743][T12754] input: syz0 as /devices/virtual/input/input13 [ 803.966918][ T5803] Bluetooth: hci5: command 0x0c1a tx timeout [ 803.972213][ T5880] Bluetooth: hci5: Opcode 0x0c1a failed: -110 [ 803.972250][ T5880] Bluetooth: hci5: Error when powering off device on rfkill (-110) [ 804.007317][ T5947] usb 2-1: new high-speed USB device number 87 using dummy_hcd [ 804.157176][ T5947] usb 2-1: Using ep0 maxpacket: 16 [ 804.159820][ T5947] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 804.159855][ T5947] usb 2-1: config 0 interface 0 altsetting 0 has 1 endpoint descriptor, different from the interface descriptor's value: 10 [ 804.159902][ T5947] usb 2-1: New USB device found, idVendor=0c70, idProduct=f003, bcdDevice= 0.00 [ 804.159928][ T5947] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 804.171743][ T5947] usb 2-1: config 0 descriptor?? [ 804.643515][ T5947] aquacomputer_d5next 0003:0C70:F003.0040: unknown main item tag 0x0 [ 804.643557][ T5947] aquacomputer_d5next 0003:0C70:F003.0040: unknown main item tag 0x0 [ 804.643586][ T5947] aquacomputer_d5next 0003:0C70:F003.0040: unknown main item tag 0x0 [ 804.643615][ T5947] aquacomputer_d5next 0003:0C70:F003.0040: unknown main item tag 0x0 [ 804.643644][ T5947] aquacomputer_d5next 0003:0C70:F003.0040: unknown main item tag 0x0 [ 804.643673][ T5947] aquacomputer_d5next 0003:0C70:F003.0040: unknown main item tag 0x0 [ 804.643701][ T5947] aquacomputer_d5next 0003:0C70:F003.0040: unknown main item tag 0x0 [ 804.643730][ T5947] aquacomputer_d5next 0003:0C70:F003.0040: unknown main item tag 0x1 [ 804.643758][ T5947] aquacomputer_d5next 0003:0C70:F003.0040: unknown main item tag 0x0 [ 804.643786][ T5947] aquacomputer_d5next 0003:0C70:F003.0040: item fetching failed at offset 14/41 [ 804.646013][ T5947] aquacomputer_d5next 0003:0C70:F003.0040: probe with driver aquacomputer_d5next failed with error -22 [ 804.768833][ T5947] usb 3-1: USB disconnect, device number 83 [ 804.807825][ T5947] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 804.818456][ T5947] cp210x 3-1:0.0: device disconnected [ 804.846299][ T9] usb 2-1: USB disconnect, device number 87 [ 805.297037][ T5947] usb 3-1: new high-speed USB device number 84 using dummy_hcd [ 805.449068][ T5947] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 805.449106][ T5947] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 805.450362][ T5947] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 805.450390][ T5947] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 805.450412][ T5947] usb 3-1: Manufacturer: syz [ 806.303460][ T5947] usb 3-1: config 0 descriptor?? [ 806.805162][T12762] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 806.812863][T12762] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 806.813712][T12762] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2057'. [ 806.923796][ T4498] bond0 (unregistering): (slave bond_slave_0): Releasing backup interface [ 807.065142][ T4498] bond0 (unregistering): (slave bond_slave_1): Releasing backup interface [ 807.152490][ T4498] bond0 (unregistering): Released all slaves [ 807.278314][ T5947] usbhid 3-1:0.0: can't add hid device: -71 [ 807.278456][ T5947] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 807.333792][ T5947] usb 3-1: USB disconnect, device number 84 [ 807.668941][ T5947] usb 4-1: USB disconnect, device number 90 [ 807.905658][T12772] openvswitch: netlink: Message has 16 unknown bytes. [ 808.391134][T12780] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2063'. [ 808.532875][T12770] netlink: 4 bytes leftover after parsing attributes in process `syz.1.2059'. [ 809.031743][ T37] audit: type=1326 audit(1775888789.015:259): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12787 comm="syz.2.2064" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f08af2bc819 code=0x0 [ 810.776048][T12816] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2070'. [ 810.797107][ T5802] usb 3-1: new high-speed USB device number 85 using dummy_hcd [ 810.815514][T12818] FAULT_INJECTION: forcing a failure. [ 810.815514][T12818] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 810.815555][T12818] CPU: 1 UID: 0 PID: 12818 Comm: syz.3.2071 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 810.815586][T12818] Tainted: [L]=SOFTLOCKUP [ 810.815594][T12818] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 810.815608][T12818] Call Trace: [ 810.815617][T12818] [ 810.815626][T12818] dump_stack_lvl+0xe8/0x150 [ 810.815667][T12818] should_fail_ex+0x46b/0x600 [ 810.815703][T12818] _copy_from_user+0x2d/0xb0 [ 810.815727][T12818] __copy_msghdr+0x3c5/0x5b0 [ 810.815760][T12818] ___sys_sendmsg+0x213/0x360 [ 810.815794][T12818] ? __pfx____sys_sendmsg+0x10/0x10 [ 810.815871][T12818] ? __fget_files+0x2a/0x420 [ 810.815900][T12818] ? __fget_files+0x3a6/0x420 [ 810.815946][T12818] __x64_sys_sendmsg+0x1c3/0x2a0 [ 810.815977][T12818] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 810.816015][T12818] ? __pfx_ksys_write+0x10/0x10 [ 810.816062][T12818] do_syscall_64+0x14d/0xf80 [ 810.816088][T12818] ? trace_irq_disable+0x3b/0x150 [ 810.816116][T12818] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 810.816139][T12818] ? clear_bhb_loop+0x40/0x90 [ 810.816166][T12818] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 810.816189][T12818] RIP: 0033:0x7fbf15e6c819 [ 810.816211][T12818] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 810.816231][T12818] RSP: 002b:00007fbf140be028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 810.816256][T12818] RAX: ffffffffffffffda RBX: 00007fbf160e5fa0 RCX: 00007fbf15e6c819 [ 810.816272][T12818] RDX: 0000000024000052 RSI: 00002000000001c0 RDI: 0000000000000003 [ 810.816288][T12818] RBP: 00007fbf140be090 R08: 0000000000000000 R09: 0000000000000000 [ 810.816302][T12818] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 810.816316][T12818] R13: 00007fbf160e6038 R14: 00007fbf160e5fa0 R15: 00007fff41d8f918 [ 810.816351][T12818] [ 810.960543][ T5802] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 810.960578][ T5802] usb 3-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 810.961874][ T5802] usb 3-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 810.961898][ T5802] usb 3-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 810.961924][ T5802] usb 3-1: Manufacturer: syz [ 810.971796][ T5802] usb 3-1: config 0 descriptor?? [ 811.114697][T12825] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2073'. [ 811.218800][T12518] netdevsim netdevsim5 netdevsim0: renamed from eth0 [ 811.234685][T12813] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 811.236024][T12813] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 811.238484][T12813] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2069'. [ 811.324425][T12518] netdevsim netdevsim5 netdevsim1: renamed from eth1 [ 812.657356][T12518] netdevsim netdevsim5 netdevsim2: renamed from eth2 [ 812.949400][ T5802] usbhid 3-1:0.0: can't add hid device: -71 [ 812.949646][ T5802] usbhid 3-1:0.0: probe with driver usbhid failed with error -71 [ 812.979436][ T37] audit: type=1326 audit(1775888792.965:260): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12835 comm="syz.3.2077" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x0 [ 813.015195][ T5802] usb 3-1: USB disconnect, device number 85 [ 813.113993][T12518] netdevsim netdevsim5 netdevsim3: renamed from eth3 [ 813.657400][ T9] usb 2-1: new high-speed USB device number 88 using dummy_hcd [ 813.711830][T12518] 8021q: adding VLAN 0 to HW filter on device bond0 [ 813.756915][ T5947] usb 5-1: new high-speed USB device number 86 using dummy_hcd [ 813.816897][ T9] usb 2-1: Using ep0 maxpacket: 16 [ 813.819926][ T9] usb 2-1: unable to get BOS descriptor or descriptor too short [ 813.821513][ T9] usb 2-1: config 1 has an invalid descriptor of length 103, skipping remainder of the config [ 813.821570][ T9] usb 2-1: config 1 interface 0 altsetting 0 has 0 endpoint descriptors, different from the interface descriptor's value: 1 [ 813.824858][ T9] usb 2-1: New USB device found, idVendor=0582, idProduct=0014, bcdDevice= 0.40 [ 813.824887][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=32 [ 813.824909][ T9] usb 2-1: Product: syz [ 813.824924][ T9] usb 2-1: Manufacturer: syz [ 813.824938][ T9] usb 2-1: SerialNumber: syz [ 813.851140][T12518] 8021q: adding VLAN 0 to HW filter on device team0 [ 813.936963][ T5947] usb 5-1: Using ep0 maxpacket: 32 [ 813.955605][ T5947] usb 5-1: config 0 has no interfaces? [ 813.973875][ T5947] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 813.973973][ T5947] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 813.973997][ T5947] usb 5-1: Product: syz [ 813.974013][ T5947] usb 5-1: Manufacturer: syz [ 813.974028][ T5947] usb 5-1: SerialNumber: syz [ 814.055327][ T5947] usb 5-1: config 0 descriptor?? [ 814.131919][T12845] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 814.133252][T12845] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 814.174781][ T9] usb 2-1: Quirk or no altset; falling back to MIDI 1.0 [ 814.260905][ T4498] hsr_slave_0: left promiscuous mode [ 814.306852][ T4498] hsr_slave_1: left promiscuous mode [ 814.311911][ T4498] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 814.312039][ T4498] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 814.369735][ T4498] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 814.369758][ T4498] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 814.479768][ T9] snd-usb-audio 2-1:1.0: probe with driver snd-usb-audio failed with error -2 [ 814.482792][ T9] usb 2-1: USB disconnect, device number 88 [ 814.601330][ T6039] udevd[6039]: error opening ATTR{/sys/devices/platform/dummy_hcd.1/usb2/2-1/2-1:1.0/sound/card3/controlC3/../uevent} for writing: No such file or directory [ 814.865213][ T4498] veth1_macvtap: left promiscuous mode [ 814.902581][ T4498] veth0_macvtap: left promiscuous mode [ 814.902815][ T4498] veth1_vlan: left promiscuous mode [ 814.903046][ T4498] veth0_vlan: left promiscuous mode [ 814.930433][T12873] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2079'. [ 815.189786][T12866] input: syz0 as /devices/virtual/input/input14 [ 816.677726][ T4498] team0 (unregistering): Port device team_slave_1 removed [ 816.709973][T12879] netlink: 28 bytes leftover after parsing attributes in process `syz.2.2084'. [ 816.739113][ T4498] team0 (unregistering): Port device team_slave_0 removed [ 816.956377][ T13] smc: removing ib device syz1 [ 817.049196][ T5802] lo speed is unknown, defaulting to 1000 [ 817.049227][ T5802] syz1: Port: 1 Link DOWN [ 817.061323][ T5973] bridge0: port 1(bridge_slave_0) entered blocking state [ 817.076619][ T5973] bridge0: port 1(bridge_slave_0) entered forwarding state [ 817.166392][ T773] bridge0: port 2(bridge_slave_1) entered blocking state [ 817.166486][ T773] bridge0: port 2(bridge_slave_1) entered forwarding state [ 817.521961][ T9] usb 5-1: USB disconnect, device number 86 [ 817.968675][ T5952] usb 2-1: new high-speed USB device number 89 using dummy_hcd [ 818.161542][ T5952] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 818.161591][ T5952] usb 2-1: config 0 interface 0 altsetting 0 endpoint 0x81 has invalid wMaxPacketSize 0 [ 818.165734][ T5952] usb 2-1: New USB device found, idVendor=1e7d, idProduct=2cf6, bcdDevice= 0.00 [ 818.165767][ T5952] usb 2-1: New USB device strings: Mfr=4, Product=0, SerialNumber=0 [ 818.165790][ T5952] usb 2-1: Manufacturer: syz [ 818.374627][ T5952] usb 2-1: config 0 descriptor?? [ 818.460569][ T37] audit: type=1326 audit(1775888798.445:261): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=12894 comm="syz.4.2090" exe="/root/syz-executor" sig=31 arch=c000003e syscall=202 compat=0 ip=0x7f2ed10fc819 code=0x0 [ 818.611286][T12889] UDC core: USB Raw Gadget: couldn't find an available UDC or it's busy [ 818.612337][T12889] misc raw-gadget: fail, usb_gadget_register_driver returned -16 [ 818.614070][T12889] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2089'. [ 818.981047][T12901] program syz.3.2091 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 819.181709][ T1320] ieee802154 phy0 wpan0: encryption failed: -22 [ 819.181779][ T1320] ieee802154 phy1 wpan1: encryption failed: -22 [ 820.441944][T12518] 8021q: adding VLAN 0 to HW filter on device batadv0 [ 820.943380][ T5952] usbhid 2-1:0.0: can't add hid device: -71 [ 820.943525][ T5952] usbhid 2-1:0.0: probe with driver usbhid failed with error -71 [ 821.027430][T12929] netlink: 20 bytes leftover after parsing attributes in process `syz.4.2098'. [ 821.111679][ T5952] usb 2-1: USB disconnect, device number 89 [ 821.457304][T12939] netlink: 8 bytes leftover after parsing attributes in process `syz.2.2100'. [ 821.744192][ T5952] usb 5-1: new high-speed USB device number 87 using dummy_hcd [ 821.930130][ T5952] usb 5-1: Using ep0 maxpacket: 32 [ 821.945455][ T5952] usb 5-1: config 0 has no interfaces? [ 821.972572][ T5952] usb 5-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 821.972594][ T5952] usb 5-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 821.972606][ T5952] usb 5-1: Product: syz [ 821.972616][ T5952] usb 5-1: Manufacturer: syz [ 821.972625][ T5952] usb 5-1: SerialNumber: syz [ 822.073517][ T5952] usb 5-1: config 0 descriptor?? [ 822.123601][T12950] program syz.1.2103 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 822.422425][T12518] veth0_vlan: entered promiscuous mode [ 822.483331][ T5952] usb 3-1: new high-speed USB device number 86 using dummy_hcd [ 822.507142][T12518] veth1_vlan: entered promiscuous mode [ 822.598179][T12940] netlink: 68 bytes leftover after parsing attributes in process `syz.4.2099'. [ 822.632924][ T5952] usb 3-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 822.632958][ T5952] usb 3-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 822.655939][ T9] hid-generic 0000:0000:0000.0041: unknown main item tag 0x0 [ 822.766648][T12518] veth0_macvtap: entered promiscuous mode [ 822.855157][T12518] veth1_macvtap: entered promiscuous mode [ 822.898700][ T9] hid-generic 0000:0000:0000.0041: hidraw0: HID v0.00 Device [syz1] on syz0 [ 823.019803][ T5952] usb 3-1: config 0 descriptor?? [ 823.053771][ T5952] cp210x 3-1:0.0: cp210x converter detected [ 823.132460][T12518] batman_adv: batadv0: Interface activated: batadv_slave_0 [ 823.304838][T12518] batman_adv: batadv0: Interface activated: batadv_slave_1 [ 823.464841][ T7804] netdevsim netdevsim5 netdevsim0: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.470993][ T7804] netdevsim netdevsim5 netdevsim1: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.473108][ T7804] netdevsim netdevsim5 netdevsim2: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.482360][ T7804] netdevsim netdevsim5 netdevsim3: set [1, 0] type 2 family 0 port 6081 - 0 [ 823.535331][T12961] fido_id[12961]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 824.666920][ T9] usb 5-1: USB disconnect, device number 87 [ 825.113281][T12980] FAULT_INJECTION: forcing a failure. [ 825.113281][T12980] name failslab, interval 1, probability 0, space 0, times 0 [ 825.113339][T12980] CPU: 0 UID: 0 PID: 12980 Comm: syz.1.2108 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 825.113371][T12980] Tainted: [L]=SOFTLOCKUP [ 825.113379][T12980] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 825.113393][T12980] Call Trace: [ 825.113401][T12980] [ 825.113411][T12980] dump_stack_lvl+0xe8/0x150 [ 825.113450][T12980] should_fail_ex+0x46b/0x600 [ 825.113486][T12980] ? __pfx_sock_alloc_inode+0x10/0x10 [ 825.113518][T12980] should_failslab+0xa8/0x100 [ 825.113542][T12980] ? __pfx_sock_alloc_inode+0x10/0x10 [ 825.113569][T12980] kmem_cache_alloc_lru_noprof+0x8b/0x680 [ 825.113604][T12980] ? sock_alloc_inode+0x28/0xc0 [ 825.113639][T12980] ? __pfx_sock_alloc_inode+0x10/0x10 [ 825.113668][T12980] sock_alloc_inode+0x28/0xc0 [ 825.113698][T12980] alloc_inode+0x6a/0x1b0 [ 825.113726][T12980] __sock_create+0x12d/0x9d0 [ 825.113768][T12980] __sys_socket+0xd6/0x1b0 [ 825.113807][T12980] __x64_sys_socket+0x7a/0x90 [ 825.113841][T12980] do_syscall_64+0x14d/0xf80 [ 825.113867][T12980] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.113889][T12980] ? clear_bhb_loop+0x40/0x90 [ 825.113917][T12980] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 825.113939][T12980] RIP: 0033:0x7f640588c819 [ 825.113961][T12980] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 825.113979][T12980] RSP: 002b:00007f6403aa4028 EFLAGS: 00000246 ORIG_RAX: 0000000000000029 [ 825.114005][T12980] RAX: ffffffffffffffda RBX: 00007f6405b06180 RCX: 00007f640588c819 [ 825.114021][T12980] RDX: 0000000000000073 RSI: 0000000000000002 RDI: 000000000000000a [ 825.114034][T12980] RBP: 00007f6403aa4090 R08: 0000000000000000 R09: 0000000000000000 [ 825.114047][T12980] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 825.114060][T12980] R13: 00007f6405b06218 R14: 00007f6405b06180 R15: 00007ffd33420858 [ 825.114095][T12980] [ 825.114125][T12980] socket: no more sockets [ 825.258715][T12982] netlink: 104 bytes leftover after parsing attributes in process `syz.3.2109'. [ 825.403556][ T5952] cp210x 3-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 825.403667][ T5952] cp210x 3-1:0.0: querying part number failed [ 825.598818][ T5952] usb 3-1: cp210x converter now attached to ttyUSB0 [ 825.697353][ T5952] usb 3-1: USB disconnect, device number 86 [ 825.843584][ T5952] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 825.855711][ T5952] cp210x 3-1:0.0: device disconnected [ 826.191662][ T1130] wlan0: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 826.191687][ T1130] wlan0: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 826.405349][T13002] program syz.3.2114 is using a deprecated SCSI ioctl, please convert it to SG_IO [ 826.457727][ T7804] wlan1: Created IBSS using preconfigured BSSID 50:50:50:50:50:50 [ 826.457751][ T7804] wlan1: Creating new IBSS network, BSSID 50:50:50:50:50:50 [ 826.555078][ T5880] hid-generic 0000:0000:0000.0042: unknown main item tag 0x0 [ 826.596659][ T5880] hid-generic 0000:0000:0000.0042: hidraw0: HID v0.00 Device [syz1] on syz0 [ 827.036937][ T9] usb 2-1: new high-speed USB device number 90 using dummy_hcd [ 827.189817][ T9] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 827.189854][ T9] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 827.208906][ T9] usb 2-1: config 0 descriptor?? [ 827.238928][ T9] cp210x 2-1:0.0: cp210x converter detected [ 827.304533][T13016] fido_id[13016]: Failed to open report descriptor at '/sys/devices/virtual/misc/uhid/report_descriptor': No such file or directory [ 827.586951][ T5947] usb 3-1: new high-speed USB device number 87 using dummy_hcd [ 827.736971][ T5947] usb 3-1: Using ep0 maxpacket: 32 [ 827.794571][ T5947] usb 3-1: config 0 has no interfaces? [ 827.835599][ T5947] usb 3-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 827.835635][ T5947] usb 3-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 827.835657][ T5947] usb 3-1: Product: syz [ 827.835772][ T5947] usb 3-1: Manufacturer: syz [ 827.835790][ T5947] usb 3-1: SerialNumber: syz [ 827.884722][ T5947] usb 3-1: config 0 descriptor?? [ 828.261767][T13041] FAULT_INJECTION: forcing a failure. [ 828.261767][T13041] name failslab, interval 1, probability 0, space 0, times 0 [ 828.261809][T13041] CPU: 0 UID: 0 PID: 13041 Comm: syz.5.2125 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 828.261840][T13041] Tainted: [L]=SOFTLOCKUP [ 828.261848][T13041] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 828.261867][T13041] Call Trace: [ 828.261876][T13041] [ 828.261887][T13041] dump_stack_lvl+0xe8/0x150 [ 828.261935][T13041] should_fail_ex+0x46b/0x600 [ 828.261972][T13041] should_failslab+0xa8/0x100 [ 828.261999][T13041] kmem_cache_alloc_noprof+0x87/0x680 [ 828.262033][T13041] ? dst_alloc+0x105/0x170 [ 828.262067][T13041] dst_alloc+0x105/0x170 [ 828.262093][T13041] ? ip_check_mc_rcu+0x4d8/0x690 [ 828.262128][T13041] ip_route_output_key_hash_rcu+0x14d0/0x25d0 [ 828.262174][T13041] ? ip_route_output_key_hash+0xd8/0x2a0 [ 828.262211][T13041] ip_route_output_key_hash+0x18d/0x2a0 [ 828.262249][T13041] ? __pfx_ip_route_output_key_hash+0x10/0x10 [ 828.262303][T13041] ip_route_output_flow+0x2a/0x150 [ 828.262334][T13041] ? security_sk_classify_flow+0x6d/0x150 [ 828.262362][T13041] udp_sendmsg+0x154a/0x22f0 [ 828.262405][T13041] ? __pfx_ip_generic_getfrag+0x10/0x10 [ 828.262443][T13041] ? __pfx_udp_sendmsg+0x10/0x10 [ 828.262475][T13041] ? __pfx_handle_mm_fault+0x10/0x10 [ 828.262508][T13041] ? smack_socket_sendmsg+0x1a9/0x590 [ 828.262557][T13041] ? do_user_addr_fault+0xbad/0x1340 [ 828.262592][T13041] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 828.262628][T13041] ? sock_rps_record_flow+0x19/0x400 [ 828.262654][T13041] ? inet_sendmsg+0x29c/0x370 [ 828.262674][T13041] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 828.262714][T13041] ____sys_sendmsg+0x7da/0x9c0 [ 828.262749][T13041] ? __pfx_____sys_sendmsg+0x10/0x10 [ 828.262784][T13041] ? import_iovec+0x73/0xa0 [ 828.262812][T13041] ___sys_sendmsg+0x2a5/0x360 [ 828.262845][T13041] ? __pfx____sys_sendmsg+0x10/0x10 [ 828.262888][T13041] ? kstrtouint+0x6e/0xe0 [ 828.262953][T13041] ? __fget_files+0x2a/0x420 [ 828.262982][T13041] ? __fget_files+0x3a6/0x420 [ 828.263021][T13041] __sys_sendmmsg+0x282/0x4e0 [ 828.263056][T13041] ? __pfx___sys_sendmmsg+0x10/0x10 [ 828.263093][T13041] ? __pfx_rt_mutex_slowunlock+0x10/0x10 [ 828.263143][T13041] ? ksys_write+0x248/0x270 [ 828.263178][T13041] ? __pfx_ksys_write+0x10/0x10 [ 828.263220][T13041] __x64_sys_sendmmsg+0xa0/0xc0 [ 828.263250][T13041] do_syscall_64+0x14d/0xf80 [ 828.263276][T13041] ? trace_irq_disable+0x3b/0x150 [ 828.263303][T13041] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 828.263326][T13041] ? clear_bhb_loop+0x40/0x90 [ 828.263355][T13041] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 828.263379][T13041] RIP: 0033:0x7f00ad69c819 [ 828.263400][T13041] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 828.263421][T13041] RSP: 002b:00007f00ab8ee028 EFLAGS: 00000246 ORIG_RAX: 0000000000000133 [ 828.263446][T13041] RAX: ffffffffffffffda RBX: 00007f00ad915fa0 RCX: 00007f00ad69c819 [ 828.263463][T13041] RDX: 000000000800001d RSI: 0000200000007fc0 RDI: 0000000000000003 [ 828.263478][T13041] RBP: 00007f00ab8ee090 R08: 0000000000000000 R09: 0000000000000000 [ 828.263493][T13041] R10: 000000000f000000 R11: 0000000000000246 R12: 0000000000000001 [ 828.263507][T13041] R13: 00007f00ad916038 R14: 00007f00ad915fa0 R15: 00007ffdb5c3fd58 [ 828.263544][T13041] [ 828.282684][ T5947] IPVS: starting estimator thread 0... [ 828.457898][T13042] IPVS: using max 7 ests per chain, 16800 per kthread [ 828.822971][T13046] netlink: 68 bytes leftover after parsing attributes in process `syz.2.2121'. [ 830.298391][ T9] cp210x 2-1:0.0: failed to get vendor val 0x370b size 1: -71 [ 830.298414][ T9] cp210x 2-1:0.0: querying part number failed [ 830.353297][ T9] usb 2-1: cp210x converter now attached to ttyUSB0 [ 830.432623][ T9] usb 2-1: USB disconnect, device number 90 [ 830.447902][ T9] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 830.448445][ T9] cp210x 2-1:0.0: device disconnected [ 830.482279][ T5880] usb 3-1: USB disconnect, device number 87 [ 830.671834][ T5952] hid-generic 0000:0000:0000.0043: unknown main item tag 0x0 [ 830.688326][ T5952] hid-generic 0000:0000:0000.0043: hidraw0: HID v0.00 Device [syz1] on syz0 [ 831.337646][ T5880] usb 2-1: new high-speed USB device number 91 using dummy_hcd [ 831.496913][ T5880] usb 2-1: Using ep0 maxpacket: 8 [ 831.510579][ T5880] usb 2-1: config 0 interface 0 altsetting 192 endpoint 0x81 has an invalid bInterval 0, changing to 7 [ 831.510619][ T5880] usb 2-1: config 0 interface 0 altsetting 192 has 1 endpoint descriptor, different from the interface descriptor's value: 2 [ 831.510649][ T5880] usb 2-1: config 0 interface 0 has no altsetting 0 [ 831.510688][ T5880] usb 2-1: New USB device found, idVendor=1b1c, idProduct=1c23, bcdDevice= 0.00 [ 831.510713][ T5880] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 831.573141][ T5880] usb 2-1: config 0 descriptor?? [ 831.665764][ T37] audit: type=1326 audit(1775888811.655:262): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13085 comm="syz.4.2140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ed10fc819 code=0x7ffc0000 [ 831.667163][ T37] audit: type=1326 audit(1775888811.655:263): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13085 comm="syz.4.2140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ed10fc819 code=0x7ffc0000 [ 831.669150][ T37] audit: type=1326 audit(1775888811.655:264): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13085 comm="syz.4.2140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ed10fc819 code=0x7ffc0000 [ 831.680281][ T37] audit: type=1326 audit(1775888811.665:265): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13085 comm="syz.4.2140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=53 compat=0 ip=0x7f2ed10fc819 code=0x7ffc0000 [ 831.680604][ T37] audit: type=1326 audit(1775888811.665:266): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13085 comm="syz.4.2140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ed10fc819 code=0x7ffc0000 [ 831.680657][ T37] audit: type=1326 audit(1775888811.665:267): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13085 comm="syz.4.2140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ed10fc819 code=0x7ffc0000 [ 831.684922][ T37] audit: type=1326 audit(1775888811.665:268): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13085 comm="syz.4.2140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ed10fc819 code=0x7ffc0000 [ 831.685412][ T37] audit: type=1326 audit(1775888811.665:269): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13085 comm="syz.4.2140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ed10fc819 code=0x7ffc0000 [ 831.685574][ T37] audit: type=1326 audit(1775888811.665:270): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13085 comm="syz.4.2140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=302 compat=0 ip=0x7f2ed10fc819 code=0x7ffc0000 [ 831.685633][ T37] audit: type=1326 audit(1775888811.665:271): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13085 comm="syz.4.2140" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7f2ed10fc819 code=0x7ffc0000 [ 831.992279][ T5880] corsair-psu 0003:1B1C:1C23.0044: unknown main item tag 0x0 [ 831.992386][ T5880] corsair-psu 0003:1B1C:1C23.0044: unknown main item tag 0x0 [ 831.992415][ T5880] corsair-psu 0003:1B1C:1C23.0044: unknown main item tag 0x0 [ 831.992441][ T5880] corsair-psu 0003:1B1C:1C23.0044: unknown main item tag 0x0 [ 831.992468][ T5880] corsair-psu 0003:1B1C:1C23.0044: unknown main item tag 0x0 [ 831.992494][ T5880] corsair-psu 0003:1B1C:1C23.0044: unknown main item tag 0x0 [ 831.992520][ T5880] corsair-psu 0003:1B1C:1C23.0044: unknown main item tag 0x0 [ 831.992547][ T5880] corsair-psu 0003:1B1C:1C23.0044: unknown main item tag 0x0 [ 831.992574][ T5880] corsair-psu 0003:1B1C:1C23.0044: unknown main item tag 0x0 [ 831.992725][ T5880] corsair-psu 0003:1B1C:1C23.0044: unbalanced collection at end of report description [ 831.993704][ T5880] corsair-psu 0003:1B1C:1C23.0044: probe with driver corsair-psu failed with error -22 [ 832.632757][T13103] FAULT_INJECTION: forcing a failure. [ 832.632757][T13103] name failslab, interval 1, probability 0, space 0, times 0 [ 832.632784][T13103] CPU: 0 UID: 0 PID: 13103 Comm: syz.2.2144 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 832.632803][T13103] Tainted: [L]=SOFTLOCKUP [ 832.632813][T13103] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 832.632821][T13103] Call Trace: [ 832.632826][T13103] [ 832.632832][T13103] dump_stack_lvl+0xe8/0x150 [ 832.632859][T13103] should_fail_ex+0x46b/0x600 [ 832.632879][T13103] should_failslab+0xa8/0x100 [ 832.632895][T13103] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 832.632914][T13103] ? __alloc_skb+0x1d0/0x7d0 [ 832.632926][T13103] ? lockdep_hardirqs_on+0x7a/0x110 [ 832.632944][T13103] __alloc_skb+0x1d0/0x7d0 [ 832.632960][T13103] netlink_sendmsg+0x5d4/0xb40 [ 832.632985][T13103] ? __pfx_netlink_sendmsg+0x10/0x10 [ 832.633004][T13103] ? unwind_get_return_address+0x4d/0x90 [ 832.633020][T13103] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 832.633041][T13103] ____sys_sendmsg+0x94c/0x9c0 [ 832.633060][T13103] ? __pfx_____sys_sendmsg+0x10/0x10 [ 832.633079][T13103] ? import_iovec+0x73/0xa0 [ 832.633093][T13103] ___sys_sendmsg+0x2a5/0x360 [ 832.633120][T13103] ? __pfx____sys_sendmsg+0x10/0x10 [ 832.633155][T13103] ? __fget_files+0x2a/0x420 [ 832.633170][T13103] ? __fget_files+0x3a6/0x420 [ 832.633192][T13103] __x64_sys_sendmsg+0x1c3/0x2a0 [ 832.633209][T13103] ? __pfx___x64_sys_sendmsg+0x10/0x10 [ 832.633229][T13103] ? __pfx_ksys_write+0x10/0x10 [ 832.633256][T13103] do_syscall_64+0x14d/0xf80 [ 832.633278][T13103] ? trace_irq_disable+0x3b/0x150 [ 832.633303][T13103] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.633325][T13103] ? clear_bhb_loop+0x40/0x90 [ 832.633353][T13103] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 832.633374][T13103] RIP: 0033:0x7f08af2bc819 [ 832.633394][T13103] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 832.633412][T13103] RSP: 002b:00007f08ad4f5028 EFLAGS: 00000246 ORIG_RAX: 000000000000002e [ 832.633436][T13103] RAX: ffffffffffffffda RBX: 00007f08af536090 RCX: 00007f08af2bc819 [ 832.633447][T13103] RDX: 0000000004040000 RSI: 0000200000000040 RDI: 0000000000000003 [ 832.633455][T13103] RBP: 00007f08ad4f5090 R08: 0000000000000000 R09: 0000000000000000 [ 832.633463][T13103] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 832.633471][T13103] R13: 00007f08af536128 R14: 00007f08af536090 R15: 00007ffd8e8378e8 [ 832.633490][T13103] [ 834.054546][ T9] usb 2-1: USB disconnect, device number 91 [ 834.393892][T13086] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 834.527745][ T9] usb 2-1: new high-speed USB device number 92 using dummy_hcd [ 834.622046][T13121] FAULT_INJECTION: forcing a failure. [ 834.622046][T13121] name failslab, interval 1, probability 0, space 0, times 0 [ 834.622087][T13121] CPU: 1 UID: 0 PID: 13121 Comm: syz.4.2148 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 834.622118][T13121] Tainted: [L]=SOFTLOCKUP [ 834.622126][T13121] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 834.622140][T13121] Call Trace: [ 834.622149][T13121] [ 834.622158][T13121] dump_stack_lvl+0xe8/0x150 [ 834.622204][T13121] should_fail_ex+0x46b/0x600 [ 834.622239][T13121] should_failslab+0xa8/0x100 [ 834.622264][T13121] __kmalloc_noprof+0xdf/0x7b0 [ 834.622284][T13121] ? bpf_test_init+0x9f/0x150 [ 834.622314][T13121] ? kstrtouint+0x6e/0xe0 [ 834.622346][T13121] bpf_test_init+0x9f/0x150 [ 834.622381][T13121] bpf_prog_test_run_xdp+0x529/0x1160 [ 834.622427][T13121] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 834.622464][T13121] ? __fget_files+0x2a/0x420 [ 834.622498][T13121] ? __pfx_bpf_prog_test_run_xdp+0x10/0x10 [ 834.622530][T13121] bpf_prog_test_run+0x2cd/0x340 [ 834.622565][T13121] __sys_bpf+0x643/0x950 [ 834.622596][T13121] ? __pfx___sys_bpf+0x10/0x10 [ 834.622621][T13121] ? rt_mutex_slowunlock+0x1cb/0x300 [ 834.622672][T13121] ? ksys_write+0x248/0x270 [ 834.622706][T13121] ? __pfx_ksys_write+0x10/0x10 [ 834.622745][T13121] __x64_sys_bpf+0x7c/0x90 [ 834.622771][T13121] do_syscall_64+0x14d/0xf80 [ 834.622793][T13121] ? trace_irq_disable+0x3b/0x150 [ 834.622820][T13121] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.622843][T13121] ? clear_bhb_loop+0x40/0x90 [ 834.622871][T13121] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 834.622893][T13121] RIP: 0033:0x7f2ed10fc819 [ 834.622914][T13121] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 834.622932][T13121] RSP: 002b:00007f2ecf356028 EFLAGS: 00000246 ORIG_RAX: 0000000000000141 [ 834.622956][T13121] RAX: ffffffffffffffda RBX: 00007f2ed1375fa0 RCX: 00007f2ed10fc819 [ 834.622972][T13121] RDX: 0000000000000050 RSI: 0000200000000b80 RDI: 000000000000000a [ 834.622987][T13121] RBP: 00007f2ecf356090 R08: 0000000000000000 R09: 0000000000000000 [ 834.623002][T13121] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 834.623015][T13121] R13: 00007f2ed1376038 R14: 00007f2ed1375fa0 R15: 00007fff167316d8 [ 834.623050][T13121] [ 834.693052][ T9] usb 2-1: Using ep0 maxpacket: 32 [ 834.717711][ T9] usb 2-1: config 0 has no interfaces? [ 834.722050][ T9] usb 2-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 834.722079][ T9] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 834.722098][ T9] usb 2-1: Product: syz [ 834.722112][ T9] usb 2-1: Manufacturer: syz [ 834.722126][ T9] usb 2-1: SerialNumber: syz [ 834.790977][ T9] usb 2-1: config 0 descriptor?? [ 835.104769][T13135] netlink: 68 bytes leftover after parsing attributes in process `syz.1.2146'. [ 835.795709][T13145] netdevsim netdevsim5 netdevsim0: entered allmulticast mode [ 835.796301][T13145] A link change request failed with some changes committed already. Interface netdevsim0 may have been left with an inconsistent configuration, please check. [ 835.876906][ T5952] usb 5-1: new high-speed USB device number 88 using dummy_hcd [ 836.016887][ T5952] usb 5-1: device descriptor read/64, error -71 [ 836.276882][ T5952] usb 5-1: new high-speed USB device number 89 using dummy_hcd [ 836.416894][ T5952] usb 5-1: device descriptor read/64, error -71 [ 836.534594][ T5952] usb usb5-port1: attempt power cycle [ 836.877046][ T5952] usb 5-1: new high-speed USB device number 90 using dummy_hcd [ 836.897875][ T5952] usb 5-1: device descriptor read/8, error -71 [ 837.156927][ T5952] usb 5-1: new high-speed USB device number 91 using dummy_hcd [ 837.181216][ T5952] usb 5-1: device descriptor read/8, error -71 [ 837.287673][ T5952] usb usb5-port1: unable to enumerate USB device [ 837.371999][ T9] usb 2-1: USB disconnect, device number 92 [ 837.511332][T13178] netlink: 120 bytes leftover after parsing attributes in process `syz.3.2168'. [ 837.988410][T13189] syz2: rxe_newlink: already configured on lo [ 839.193117][T13196] Bluetooth: hci3: Opcode 0x0401 failed: -22 [ 839.283457][T13196] netlink: 'syz.3.2170': attribute type 29 has an invalid length. [ 839.283484][T13196] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2170'. [ 839.796931][ T5880] usb 6-1: new high-speed USB device number 2 using dummy_hcd [ 840.020839][ T5880] usb 6-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 840.020875][ T5880] usb 6-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 840.099186][ T5880] usb 6-1: config 0 descriptor?? [ 840.109392][ T5880] cp210x 6-1:0.0: cp210x converter detected [ 840.305997][ T5880] usb 6-1: cp210x converter now attached to ttyUSB0 [ 840.580165][T13220] binder: 13188:13220 ioctl c0306201 200000000480 returned -14 [ 840.682934][T13225] i2c i2c-0: dtv_property_process_set: SET cmd 0x00000000 undefined [ 840.824559][T13233] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2178'. [ 840.824585][T13233] netlink: 4 bytes leftover after parsing attributes in process `syz.3.2178'. [ 840.883764][T13236] syz.3.2178 (13236): attempted to duplicate a private mapping with mremap. This is not supported. [ 840.883803][T13236] FAULT_INJECTION: forcing a failure. [ 840.883803][T13236] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 840.883859][T13236] CPU: 0 UID: 0 PID: 13236 Comm: syz.3.2178 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 840.883890][T13236] Tainted: [L]=SOFTLOCKUP [ 840.883898][T13236] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 840.883912][T13236] Call Trace: [ 840.883921][T13236] [ 840.883931][T13236] dump_stack_lvl+0xe8/0x150 [ 840.883971][T13236] should_fail_ex+0x46b/0x600 [ 840.884006][T13236] _copy_to_user+0x31/0xb0 [ 840.884032][T13236] simple_read_from_buffer+0xe1/0x170 [ 840.884068][T13236] proc_fail_nth_read+0x1be/0x230 [ 840.884110][T13236] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 840.884143][T13236] ? rw_verify_area+0x2ac/0x4e0 [ 840.884175][T13236] ? __pfx_proc_fail_nth_read+0x10/0x10 [ 840.884202][T13236] vfs_read+0x212/0xa80 [ 840.884244][T13236] ? __pfx_vfs_read+0x10/0x10 [ 840.884280][T13236] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 840.884312][T13236] ? lockdep_hardirqs_on+0x7a/0x110 [ 840.884339][T13236] ? _raw_spin_unlock_irqrestore+0x4c/0x80 [ 840.884366][T13236] ? mutex_lock_nested+0x152/0x1d0 [ 840.884398][T13236] ? fdget_pos+0x252/0x320 [ 840.884437][T13236] ksys_read+0x156/0x270 [ 840.884472][T13236] ? __pfx_ksys_read+0x10/0x10 [ 840.884519][T13236] do_syscall_64+0x14d/0xf80 [ 840.884543][T13236] ? trace_irq_disable+0x3b/0x150 [ 840.884568][T13236] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 840.884592][T13236] ? clear_bhb_loop+0x40/0x90 [ 840.884620][T13236] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 840.884643][T13236] RIP: 0033:0x7fbf15e2d04e [ 840.884664][T13236] Code: 08 0f 85 a5 a8 ff ff 49 89 fb 48 89 f0 48 89 d7 48 89 ce 4c 89 c2 4d 89 ca 4c 8b 44 24 08 4c 8b 4c 24 10 4c 89 5c 24 08 0f 05 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 80 00 00 00 00 48 83 ec 08 [ 840.884683][T13236] RSP: 002b:00007fbf1409cfe8 EFLAGS: 00000246 ORIG_RAX: 0000000000000000 [ 840.884708][T13236] RAX: ffffffffffffffda RBX: 00007fbf1409d6c0 RCX: 00007fbf15e2d04e [ 840.884724][T13236] RDX: 000000000000000f RSI: 00007fbf1409d0a0 RDI: 0000000000000008 [ 840.884739][T13236] RBP: 00007fbf1409d090 R08: 0000000000000000 R09: 0000000000000000 [ 840.884752][T13236] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 840.884766][T13236] R13: 00007fbf160e6128 R14: 00007fbf160e6090 R15: 00007fff41d8f918 [ 840.884803][T13236] [ 841.690645][ T6152] usb 6-1: USB disconnect, device number 2 [ 841.703707][ T6152] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 841.704643][ T6152] cp210x 6-1:0.0: device disconnected [ 842.448140][ T37] kauditd_printk_skb: 34 callbacks suppressed [ 842.448162][ T37] audit: type=1326 audit(1775888822.435:306): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13247 comm="syz.3.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 842.450832][ T37] audit: type=1326 audit(1775888822.435:307): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13247 comm="syz.3.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 842.450960][ T37] audit: type=1326 audit(1775888822.435:308): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13247 comm="syz.3.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 842.486381][ T37] audit: type=1326 audit(1775888822.455:309): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13247 comm="syz.3.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=41 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 842.486434][ T37] audit: type=1326 audit(1775888822.465:310): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13247 comm="syz.3.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 842.486477][ T37] audit: type=1326 audit(1775888822.465:311): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13247 comm="syz.3.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 842.486517][ T37] audit: type=1326 audit(1775888822.465:312): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13247 comm="syz.3.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 842.486559][ T37] audit: type=1326 audit(1775888822.465:313): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13247 comm="syz.3.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=54 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 842.486599][ T37] audit: type=1326 audit(1775888822.465:314): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13247 comm="syz.3.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 842.486639][ T37] audit: type=1326 audit(1775888822.465:315): auid=4294967295 uid=0 gid=0 ses=4294967295 subj=_ pid=13247 comm="syz.3.2184" exe="/root/syz-executor" sig=0 arch=c000003e syscall=202 compat=0 ip=0x7fbf15e6c819 code=0x7ffc0000 [ 842.577080][T12525] usb 6-1: new high-speed USB device number 3 using dummy_hcd [ 842.749427][T12525] usb 6-1: Using ep0 maxpacket: 32 [ 842.754615][T12525] usb 6-1: config 0 has no interfaces? [ 842.758492][T12525] usb 6-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 842.758522][T12525] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 842.758541][T12525] usb 6-1: Product: syz [ 842.758555][T12525] usb 6-1: Manufacturer: syz [ 842.758568][T12525] usb 6-1: SerialNumber: syz [ 842.837077][T12525] usb 6-1: config 0 descriptor?? [ 843.161001][T13266] netlink: 68 bytes leftover after parsing attributes in process `syz.5.2182'. [ 843.936935][ T6152] usb 2-1: new high-speed USB device number 93 using dummy_hcd [ 844.099294][ T6152] usb 2-1: New USB device found, idVendor=0bed, idProduct=1100, bcdDevice=ec.c3 [ 844.099329][ T6152] usb 2-1: New USB device strings: Mfr=0, Product=0, SerialNumber=0 [ 844.127791][ T6152] usb 2-1: config 0 descriptor?? [ 844.131720][ T6152] cp210x 2-1:0.0: cp210x converter detected [ 844.357566][ T6152] usb 2-1: cp210x converter now attached to ttyUSB0 [ 844.606069][T13302] binder: 13279:13302 ioctl c0306201 200000000480 returned -14 [ 845.539814][ T6152] usb 6-1: USB disconnect, device number 3 [ 846.594734][T12525] usb 2-1: USB disconnect, device number 93 [ 846.636597][T12525] cp210x ttyUSB0: cp210x converter now disconnected from ttyUSB0 [ 846.649060][T12525] cp210x 2-1:0.0: device disconnected [ 846.997828][T13338] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2200'. [ 847.162834][T13298] nci: __nci_request: wait_for_completion_interruptible_timeout failed -512 [ 847.166450][T13326] nbd: couldn't find a device at index 1048580 [ 847.530930][T13351] FAULT_INJECTION: forcing a failure. [ 847.530930][T13351] name failslab, interval 1, probability 0, space 0, times 0 [ 847.530971][T13351] CPU: 0 UID: 0 PID: 13351 Comm: syz.1.2204 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 847.531009][T13351] Tainted: [L]=SOFTLOCKUP [ 847.531018][T13351] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 847.531032][T13351] Call Trace: [ 847.531041][T13351] [ 847.531051][T13351] dump_stack_lvl+0xe8/0x150 [ 847.531088][T13351] should_fail_ex+0x46b/0x600 [ 847.531125][T13351] should_failslab+0xa8/0x100 [ 847.531152][T13351] kmem_cache_alloc_node_noprof+0x8f/0x6e0 [ 847.531185][T13351] ? __alloc_skb+0x1d0/0x7d0 [ 847.531206][T13351] ? lockdep_hardirqs_on+0x7a/0x110 [ 847.531237][T13351] __alloc_skb+0x1d0/0x7d0 [ 847.531264][T13351] alloc_skb_with_frags+0xca/0x890 [ 847.531297][T13351] ? __lock_acquire+0x6b5/0x2cf0 [ 847.531325][T13351] sock_alloc_send_pskb+0x884/0x9a0 [ 847.531362][T13351] ? __pfx_ref_tracker_alloc+0x10/0x10 [ 847.531403][T13351] ? __pfx_sock_alloc_send_pskb+0x10/0x10 [ 847.531436][T13351] ? dev_get_by_index+0x22/0x2e0 [ 847.531465][T13351] ? dev_get_by_index+0x22/0x2e0 [ 847.531500][T13351] packet_sendmsg+0x33e5/0x50f0 [ 847.531540][T13351] ? __lock_acquire+0x6b5/0x2cf0 [ 847.531570][T13351] ? __lock_acquire+0x6b5/0x2cf0 [ 847.531599][T13351] ? smack_socket_sendmsg+0x1f8/0x590 [ 847.531628][T13351] ? __pfx_smack_socket_sendmsg+0x10/0x10 [ 847.531655][T13351] ? get_pid_task+0x20/0x1f0 [ 847.531682][T13351] ? __pfx_packet_sendmsg+0x10/0x10 [ 847.531714][T13351] ? tomoyo_socket_sendmsg_permission+0x1e0/0x300 [ 847.531757][T13351] ? bpf_lsm_socket_sendmsg+0x9/0x20 [ 847.531790][T13351] ? __pfx_packet_sendmsg+0x10/0x10 [ 847.531907][T13351] __sys_sendto+0x67f/0x710 [ 847.531938][T13351] ? __pfx___sys_sendto+0x10/0x10 [ 847.531994][T13351] ? rcu_is_watching+0x15/0xb0 [ 847.532026][T13351] __x64_sys_sendto+0xde/0x100 [ 847.532053][T13351] do_syscall_64+0x14d/0xf80 [ 847.532075][T13351] ? trace_irq_disable+0x3b/0x150 [ 847.532098][T13351] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.532120][T13351] ? clear_bhb_loop+0x40/0x90 [ 847.532147][T13351] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 847.532168][T13351] RIP: 0033:0x7f640588c819 [ 847.532189][T13351] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 847.532209][T13351] RSP: 002b:00007f6403ae6028 EFLAGS: 00000246 ORIG_RAX: 000000000000002c [ 847.532234][T13351] RAX: ffffffffffffffda RBX: 00007f6405b05fa0 RCX: 00007f640588c819 [ 847.532252][T13351] RDX: 000000000000002a RSI: 0000200000000100 RDI: 0000000000000003 [ 847.532267][T13351] RBP: 00007f6403ae6090 R08: 0000200000000200 R09: 0000000000000014 [ 847.532283][T13351] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000001 [ 847.532297][T13351] R13: 00007f6405b06038 R14: 00007f6405b05fa0 R15: 00007ffd33420858 [ 847.532332][T13351] [ 847.924497][T13359] netlink: 8 bytes leftover after parsing attributes in process `syz.4.2206'. [ 849.287441][T13386] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2216'. [ 850.452105][T13397] netlink: 8 bytes leftover after parsing attributes in process `syz.3.2219'. [ 851.651673][T13412] netlink: 'syz.4.2225': attribute type 4 has an invalid length. [ 851.697275][T12525] usb 6-1: new high-speed USB device number 4 using dummy_hcd [ 851.782161][T13415] netlink: 12 bytes leftover after parsing attributes in process `syz.1.2226'. [ 851.834812][T13416] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2226'. [ 851.834851][T13416] netlink: 8 bytes leftover after parsing attributes in process `syz.1.2226'. [ 851.834862][T13416] netlink: 20 bytes leftover after parsing attributes in process `syz.1.2226'. [ 851.857218][T12525] usb 6-1: Using ep0 maxpacket: 8 [ 851.860887][T12525] usb 6-1: unable to get BOS descriptor or descriptor too short [ 851.874891][T12525] usb 6-1: config 1 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 200, changing to 11 [ 851.874931][T12525] usb 6-1: config 1 interface 0 has no altsetting 0 [ 851.894145][T12525] usb 6-1: language id specifier not provided by device, defaulting to English [ 851.930994][T12525] usb 6-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.40 [ 851.931030][T12525] usb 6-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 852.178109][T13416] veth3: entered allmulticast mode [ 852.209974][T13416] bond1: (slave veth3): Enslaving as an active interface with an up link [ 852.213408][T12525] usbhid 6-1:1.0: can't add hid device: -71 [ 852.213550][T12525] usbhid 6-1:1.0: probe with driver usbhid failed with error -71 [ 852.243250][T12525] usb 6-1: USB disconnect, device number 4 [ 852.347919][T13417] bond1 (unregistering): (slave veth3): Releasing backup interface [ 852.372988][T13423] gfs2: not a GFS2 filesystem [ 852.438549][T13417] bond1 (unregistering): Released all slaves [ 852.547944][T13427] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2229'. [ 852.547979][T13427] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2229'. [ 852.579657][T13427] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2229'. [ 852.579683][T13427] netlink: 28 bytes leftover after parsing attributes in process `syz.3.2229'. [ 854.039150][T13434] netlink: 28 bytes leftover after parsing attributes in process `syz.4.2231'. [ 854.487003][T13449] netlink: 'syz.1.2239': attribute type 1 has an invalid length. [ 854.544598][T13449] 8021q: adding VLAN 0 to HW filter on device bond1 [ 854.746025][T13461] bridge_slave_0: left allmulticast mode [ 854.746060][T13461] bridge_slave_0: left promiscuous mode [ 854.746340][T13461] bridge0: port 1(bridge_slave_0) entered disabled state [ 854.947125][ T5880] usb 4-1: new high-speed USB device number 91 using dummy_hcd [ 855.000890][ T37] kauditd_printk_skb: 142 callbacks suppressed [ 855.000935][ T37] audit: type=1800 audit(1775888834.965:458): pid=13463 uid=0 auid=4294967295 ses=4294967295 subj=_ op=collect_data cause=failed comm="syz.1.2241" name="SYSV00000000" dev="tmpfs" ino=0 res=0 errno=0 [ 855.104288][T13461] bridge_slave_1: left allmulticast mode [ 855.104320][T13461] bridge_slave_1: left promiscuous mode [ 855.104573][T13461] bridge0: port 2(bridge_slave_1) entered disabled state [ 855.196847][ T5880] usb 4-1: Using ep0 maxpacket: 32 [ 855.231082][ T5880] usb 4-1: config 0 has no interfaces? [ 855.972629][ T5880] usb 4-1: New USB device found, idVendor=0424, idProduct=7500, bcdDevice=69.ee [ 855.972666][ T5880] usb 4-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 855.972688][ T5880] usb 4-1: Product: syz [ 855.972703][ T5880] usb 4-1: Manufacturer: syz [ 855.972718][ T5880] usb 4-1: SerialNumber: syz [ 856.425566][T13466] netlink: 24 bytes leftover after parsing attributes in process `syz.4.2243'. [ 856.603608][T13468] netlink: 'syz.4.2243': attribute type 1 has an invalid length. [ 857.319772][ T5880] usb 4-1: config 0 descriptor?? [ 857.408272][T13461] bond0: (slave bond_slave_0): Releasing backup interface [ 857.478448][T13461] bond0: (slave bond_slave_1): Releasing backup interface [ 857.572813][T13461] team0: Port device team_slave_0 removed [ 857.603635][T13461] team0: Port device team_slave_1 removed [ 857.605361][T13461] batman_adv: batadv0: Interface deactivated: batadv_slave_0 [ 857.605391][T13461] batman_adv: batadv0: Removing interface: batadv_slave_0 [ 857.641475][T13461] batman_adv: batadv0: Interface deactivated: batadv_slave_1 [ 857.641507][T13461] batman_adv: batadv0: Removing interface: batadv_slave_1 [ 857.664442][T13461] A link change request failed with some changes committed already. Interface hsr_slave_0 may have been left with an inconsistent configuration, please check. [ 857.664588][T13464] team0: No ports can be present during mode change [ 857.699549][ T5880] usb 2-1: new high-speed USB device number 94 using dummy_hcd [ 857.700494][T13466] ip6gre1: entered promiscuous mode [ 857.700521][T13466] ip6gre1: entered allmulticast mode [ 857.845086][T13457] netlink: 68 bytes leftover after parsing attributes in process `syz.3.2240'. [ 857.856925][ T5880] usb 2-1: Using ep0 maxpacket: 8 [ 857.860145][ T5880] usb 2-1: unable to get BOS descriptor or descriptor too short [ 857.861718][ T5880] usb 2-1: config 1 interface 0 altsetting 6 endpoint 0x81 has an invalid bInterval 200, changing to 11 [ 857.861753][ T5880] usb 2-1: config 1 interface 0 has no altsetting 0 [ 857.866878][ T5880] usb 2-1: language id specifier not provided by device, defaulting to English [ 857.880654][ T5880] usb 2-1: New USB device found, idVendor=04d8, idProduct=00dd, bcdDevice= 0.40 [ 857.880684][ T5880] usb 2-1: New USB device strings: Mfr=1, Product=2, SerialNumber=3 [ 858.174715][ T5880] usbhid 2-1:1.0: can't add hid device: -71 [ 858.174870][ T5880] usbhid 2-1:1.0: probe with driver usbhid failed with error -71 [ 858.185573][ T5880] usb 2-1: USB disconnect, device number 94 [ 858.207880][T13483] nbd: couldn't find a device at index 1048580 [ 858.328500][T13486] netlink: 4 bytes leftover after parsing attributes in process `syz.4.2248'. [ 858.447948][ T13] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 858.448232][ T13] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 858.477265][T10678] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 858.647160][T10678] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 858.877411][T13500] netlink: 28 bytes leftover after parsing attributes in process `syz.1.2253'. [ 859.057741][T10678] ip6_tunnel: ip6gre1 xmit: Local address not yet configured! [ 859.261053][T13508] overlayfs: workdir is in-use as upperdir/workdir of another mount, mount with '-o index=off' to override exclusive upperdir protection. [ 859.308483][ T5947] usb 4-1: USB disconnect, device number 91 [ 860.025986][T13526] netlink: 76 bytes leftover after parsing attributes in process `syz.3.2261'. [ 860.173525][T13530] FAULT_INJECTION: forcing a failure. [ 860.173525][T13530] name fail_usercopy, interval 1, probability 0, space 0, times 0 [ 860.173566][T13530] CPU: 1 UID: 0 PID: 13530 Comm: syz.2.2264 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 860.173598][T13530] Tainted: [L]=SOFTLOCKUP [ 860.173607][T13530] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 860.173620][T13530] Call Trace: [ 860.173629][T13530] [ 860.173640][T13530] dump_stack_lvl+0xe8/0x150 [ 860.173677][T13530] should_fail_ex+0x46b/0x600 [ 860.173715][T13530] _copy_from_user+0x2d/0xb0 [ 860.173739][T13530] copy_from_sockptr_offset+0x66/0xa0 [ 860.173769][T13530] tls_setsockopt+0xd2c/0x15c0 [ 860.173808][T13530] ? __pfx_tls_setsockopt+0x10/0x10 [ 860.173846][T13530] ? __fget_files+0x2a/0x420 [ 860.173880][T13530] ? sock_common_setsockopt+0x36/0xc0 [ 860.173912][T13530] ? __pfx_sock_common_setsockopt+0x10/0x10 [ 860.173948][T13530] do_sock_setsockopt+0x17c/0x1b0 [ 860.173980][T13530] __x64_sys_setsockopt+0x143/0x1b0 [ 860.174013][T13530] do_syscall_64+0x14d/0xf80 [ 860.174039][T13530] ? trace_irq_disable+0x3b/0x150 [ 860.174066][T13530] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 860.174089][T13530] ? clear_bhb_loop+0x40/0x90 [ 860.174117][T13530] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 860.174138][T13530] RIP: 0033:0x7f08af2bc819 [ 860.174168][T13530] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 860.174186][T13530] RSP: 002b:00007f08ad516028 EFLAGS: 00000246 ORIG_RAX: 0000000000000036 [ 860.174210][T13530] RAX: ffffffffffffffda RBX: 00007f08af535fa0 RCX: 00007f08af2bc819 [ 860.174226][T13530] RDX: 0000000000000001 RSI: 000000000000011a RDI: 0000000000000003 [ 860.174240][T13530] RBP: 00007f08ad516090 R08: 0000000000000028 R09: 0000000000000000 [ 860.174255][T13530] R10: 0000200000000080 R11: 0000000000000246 R12: 0000000000000001 [ 860.174270][T13530] R13: 00007f08af536038 R14: 00007f08af535fa0 R15: 00007ffd8e8378e8 [ 860.174307][T13530] [ 862.101600][T13536] ------------[ cut here ]------------ [ 862.101618][T13536] ODEBUG: init active (active state 0) object: ffff888030c490f8 object type: timer_list hint: lec_arp_check_expire+0x0/0xc80 [ 862.101678][T13536] WARNING: lib/debugobjects.c:632 at __debug_object_init+0x2d3/0x470, CPU#1: syz.2.2265/13536 [ 862.101720][T13536] Modules linked in: [ 862.101745][T13536] CPU: 1 UID: 0 PID: 13536 Comm: syz.2.2265 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 862.101776][T13536] Tainted: [L]=SOFTLOCKUP [ 862.101785][T13536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 862.101800][T13536] RIP: 0010:__debug_object_init+0x32f/0x470 [ 862.101830][T13536] Code: 3c 28 00 74 08 4c 89 ef e8 5e 00 82 fd 4d 8b 4d 00 4c 89 f7 48 c7 c6 40 82 a6 8b 4c 89 fa 8b 4c 24 08 4c 8b 44 24 10 ff 34 24 <67> 48 0f b9 3a 48 83 c4 08 4c 8b 7c 24 18 ff 05 f9 e4 c1 0a 41 83 [ 862.101850][T13536] RSP: 0018:ffffc90003b1f8f8 EFLAGS: 00010246 [ 862.101870][T13536] RAX: 1ffffffff169eb24 RBX: ffff888030c490f8 RCX: 0000000000000000 [ 862.101888][T13536] RDX: ffffffff8ba68640 RSI: ffffffff8ba68240 RDI: ffffffff8f74b0d0 [ 862.101906][T13536] RBP: dffffc0000000000 R08: ffff888030c490f8 R09: ffffffff8b4f6c60 [ 862.101924][T13536] R10: dffffc0000000000 R11: ffffffff81b0b800 R12: 0000000000000003 [ 862.101941][T13536] R13: ffffffff8b4f5920 R14: ffffffff8f74b0d0 R15: ffffffff8ba68640 [ 862.101959][T13536] FS: 00007f08ad5166c0(0000) GS:ffff888126432000(0000) knlGS:0000000000000000 [ 862.101979][T13536] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 862.101995][T13536] CR2: 0000001b2ed19ff8 CR3: 0000000035948000 CR4: 00000000003526f0 [ 862.102017][T13536] Call Trace: [ 862.102027][T13536] [ 862.102037][T13536] ? __pfx_lec_arp_check_expire+0x10/0x10 [ 862.102073][T13536] ? __pfx_lec_arp_check_expire+0x10/0x10 [ 862.102123][T13536] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 862.102163][T13536] timer_init_key+0x41/0x2f0 [ 862.102202][T13536] lane_ioctl+0x135b/0x1fc0 [ 862.102246][T13536] ? __pfx_clip_ioctl+0x10/0x10 [ 862.102297][T13536] ? br2684_ioctl+0x110/0x6b0 [ 862.102335][T13536] ? __pfx_lane_ioctl+0x10/0x10 [ 862.102368][T13536] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 862.102397][T13536] ? lockdep_hardirqs_on+0x7a/0x110 [ 862.102428][T13536] ? atmtcp_ioctl+0x1ce/0xdf0 [ 862.102450][T13536] ? do_vcc_ioctl+0x2fa/0x9d0 [ 862.102479][T13536] do_vcc_ioctl+0x36d/0x9d0 [ 862.102508][T13536] svc_ioctl+0x1f6/0x7d0 [ 862.102546][T13536] ? kasan_quarantine_put+0xbb/0x1f0 [ 862.102580][T13536] ? __pfx_svc_ioctl+0x10/0x10 [ 862.102624][T13536] ? tomoyo_path_number_perm+0x219/0x630 [ 862.102653][T13536] ? tomoyo_path_number_perm+0x219/0x630 [ 862.102690][T13536] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 862.102724][T13536] sock_do_ioctl+0x101/0x320 [ 862.102762][T13536] ? __pfx_sock_do_ioctl+0x10/0x10 [ 862.102792][T13536] ? do_futex+0x333/0x420 [ 862.102819][T13536] ? __asan_memset+0x22/0x50 [ 862.102850][T13536] ? smack_file_ioctl+0x263/0x360 [ 862.102896][T13536] sock_ioctl+0x5c9/0x7f0 [ 862.102932][T13536] ? __pfx_sock_ioctl+0x10/0x10 [ 862.102965][T13536] ? __fget_files+0x2a/0x420 [ 862.102995][T13536] ? __fget_files+0x3a6/0x420 [ 862.103025][T13536] ? __fget_files+0x2a/0x420 [ 862.103060][T13536] ? bpf_lsm_file_ioctl+0x9/0x20 [ 862.103093][T13536] ? __pfx_sock_ioctl+0x10/0x10 [ 862.103125][T13536] __se_sys_ioctl+0xff/0x170 [ 862.103153][T13536] do_syscall_64+0x14d/0xf80 [ 862.103180][T13536] ? trace_irq_disable+0x3b/0x150 [ 862.103208][T13536] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 862.103233][T13536] ? clear_bhb_loop+0x40/0x90 [ 862.103263][T13536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 862.103287][T13536] RIP: 0033:0x7f08af2bc819 [ 862.103308][T13536] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 862.103329][T13536] RSP: 002b:00007f08ad516028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 862.103353][T13536] RAX: ffffffffffffffda RBX: 00007f08af535fa0 RCX: 00007f08af2bc819 [ 862.103371][T13536] RDX: 0000000000000000 RSI: 00000000000061d0 RDI: 0000000000000006 [ 862.103386][T13536] RBP: 00007f08af352c91 R08: 0000000000000000 R09: 0000000000000000 [ 862.103402][T13536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 862.103416][T13536] R13: 00007f08af536038 R14: 00007f08af535fa0 R15: 00007ffd8e8378e8 [ 862.103456][T13536] [ 862.103469][T13536] Kernel panic - not syncing: kernel: panic_on_warn set ... [ 862.103490][T13536] CPU: 1 UID: 0 PID: 13536 Comm: syz.2.2265 Tainted: G L syzkaller #0 PREEMPT_{RT,(full)} [ 862.103521][T13536] Tainted: [L]=SOFTLOCKUP [ 862.103530][T13536] Hardware name: Google Google Compute Engine/Google Compute Engine, BIOS Google 03/18/2026 [ 862.103545][T13536] Call Trace: [ 862.103555][T13536] [ 862.103564][T13536] vpanic+0x56c/0xa60 [ 862.103602][T13536] ? __pfx__printk+0x10/0x10 [ 862.103628][T13536] ? __pfx_vpanic+0x10/0x10 [ 862.103661][T13536] ? is_bpf_text_address+0x292/0x2b0 [ 862.103695][T13536] ? is_bpf_text_address+0x26/0x2b0 [ 862.103739][T13536] panic+0xc5/0xd0 [ 862.103773][T13536] ? __pfx_panic+0x10/0x10 [ 862.103847][T13536] __warn+0x315/0x4f0 [ 862.103881][T13536] ? __debug_object_init+0x2d3/0x470 [ 862.103913][T13536] ? __debug_object_init+0x2d3/0x470 [ 862.103945][T13536] __report_bug+0x29a/0x540 [ 862.103979][T13536] ? __debug_object_init+0x2d3/0x470 [ 862.104010][T13536] ? __pfx___report_bug+0x10/0x10 [ 862.104048][T13536] ? __lock_acquire+0x6b5/0x2cf0 [ 862.104090][T13536] report_bug_entry+0x19a/0x290 [ 862.104118][T13536] ? __debug_object_init+0x32f/0x470 [ 862.104146][T13536] ? __debug_object_init+0x334/0x470 [ 862.104176][T13536] handle_bug+0xce/0x200 [ 862.104209][T13536] exc_invalid_op+0x1a/0x50 [ 862.104241][T13536] asm_exc_invalid_op+0x1a/0x20 [ 862.104265][T13536] RIP: 0010:__debug_object_init+0x32f/0x470 [ 862.104295][T13536] Code: 3c 28 00 74 08 4c 89 ef e8 5e 00 82 fd 4d 8b 4d 00 4c 89 f7 48 c7 c6 40 82 a6 8b 4c 89 fa 8b 4c 24 08 4c 8b 44 24 10 ff 34 24 <67> 48 0f b9 3a 48 83 c4 08 4c 8b 7c 24 18 ff 05 f9 e4 c1 0a 41 83 [ 862.104316][T13536] RSP: 0018:ffffc90003b1f8f8 EFLAGS: 00010246 [ 862.104336][T13536] RAX: 1ffffffff169eb24 RBX: ffff888030c490f8 RCX: 0000000000000000 [ 862.104353][T13536] RDX: ffffffff8ba68640 RSI: ffffffff8ba68240 RDI: ffffffff8f74b0d0 [ 862.104371][T13536] RBP: dffffc0000000000 R08: ffff888030c490f8 R09: ffffffff8b4f6c60 [ 862.104389][T13536] R10: dffffc0000000000 R11: ffffffff81b0b800 R12: 0000000000000003 [ 862.104406][T13536] R13: ffffffff8b4f5920 R14: ffffffff8f74b0d0 R15: ffffffff8ba68640 [ 862.104431][T13536] ? __pfx_timer_debug_hint+0x10/0x10 [ 862.104467][T13536] ? __pfx_lec_arp_check_expire+0x10/0x10 [ 862.104503][T13536] ? __pfx_lec_arp_check_expire+0x10/0x10 [ 862.104542][T13536] ? __pfx_delayed_work_timer_fn+0x10/0x10 [ 862.104581][T13536] timer_init_key+0x41/0x2f0 [ 862.104619][T13536] lane_ioctl+0x135b/0x1fc0 [ 862.104662][T13536] ? __pfx_clip_ioctl+0x10/0x10 [ 862.104692][T13536] ? br2684_ioctl+0x110/0x6b0 [ 862.104729][T13536] ? __pfx_lane_ioctl+0x10/0x10 [ 862.104761][T13536] ? _raw_spin_unlock_irqrestore+0x30/0x80 [ 862.104789][T13536] ? lockdep_hardirqs_on+0x7a/0x110 [ 862.104821][T13536] ? atmtcp_ioctl+0x1ce/0xdf0 [ 862.104841][T13536] ? do_vcc_ioctl+0x2fa/0x9d0 [ 862.104868][T13536] do_vcc_ioctl+0x36d/0x9d0 [ 862.104897][T13536] svc_ioctl+0x1f6/0x7d0 [ 862.104934][T13536] ? kasan_quarantine_put+0xbb/0x1f0 [ 862.104969][T13536] ? __pfx_svc_ioctl+0x10/0x10 [ 862.105013][T13536] ? tomoyo_path_number_perm+0x219/0x630 [ 862.105040][T13536] ? tomoyo_path_number_perm+0x219/0x630 [ 862.105085][T13536] ? __pfx_do_vfs_ioctl+0x10/0x10 [ 862.105118][T13536] sock_do_ioctl+0x101/0x320 [ 862.105156][T13536] ? __pfx_sock_do_ioctl+0x10/0x10 [ 862.105186][T13536] ? do_futex+0x333/0x420 [ 862.105214][T13536] ? __asan_memset+0x22/0x50 [ 862.105247][T13536] ? smack_file_ioctl+0x263/0x360 [ 862.105291][T13536] sock_ioctl+0x5c9/0x7f0 [ 862.105327][T13536] ? __pfx_sock_ioctl+0x10/0x10 [ 862.105360][T13536] ? __fget_files+0x2a/0x420 [ 862.105390][T13536] ? __fget_files+0x3a6/0x420 [ 862.105420][T13536] ? __fget_files+0x2a/0x420 [ 862.105455][T13536] ? bpf_lsm_file_ioctl+0x9/0x20 [ 862.105481][T13536] ? __pfx_sock_ioctl+0x10/0x10 [ 862.105513][T13536] __se_sys_ioctl+0xff/0x170 [ 862.105540][T13536] do_syscall_64+0x14d/0xf80 [ 862.105567][T13536] ? trace_irq_disable+0x3b/0x150 [ 862.105595][T13536] ? entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 862.105619][T13536] ? clear_bhb_loop+0x40/0x90 [ 862.105649][T13536] entry_SYSCALL_64_after_hwframe+0x77/0x7f [ 862.105674][T13536] RIP: 0033:0x7f08af2bc819 [ 862.105693][T13536] Code: ff c3 66 2e 0f 1f 84 00 00 00 00 00 0f 1f 44 00 00 48 89 f8 48 89 f7 48 89 d6 48 89 ca 4d 89 c2 4d 89 c8 4c 8b 4c 24 08 0f 05 <48> 3d 01 f0 ff ff 73 01 c3 48 c7 c1 e8 ff ff ff f7 d8 64 89 01 48 [ 862.105713][T13536] RSP: 002b:00007f08ad516028 EFLAGS: 00000246 ORIG_RAX: 0000000000000010 [ 862.105735][T13536] RAX: ffffffffffffffda RBX: 00007f08af535fa0 RCX: 00007f08af2bc819 [ 862.105753][T13536] RDX: 0000000000000000 RSI: 00000000000061d0 RDI: 0000000000000006 [ 862.105768][T13536] RBP: 00007f08af352c91 R08: 0000000000000000 R09: 0000000000000000 [ 862.105783][T13536] R10: 0000000000000000 R11: 0000000000000246 R12: 0000000000000000 [ 862.105798][T13536] R13: 00007f08af536038 R14: 00007f08af535fa0 R15: 00007ffd8e8378e8 [ 862.105835][T13536] [ 862.106283][T13536] Kernel Offset: disabled